489 files changed, 254549 insertions, 0 deletions

diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/APICast.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/APICast.h
new file mode 100644
index 000000000..b6d15320a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/APICast.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef APICast_h
+#define APICast_h
+
+#include "JSAPIValueWrapper.h"
+#include "JSValue.h"
+#include <wtf/Platform.h>
+#include <wtf/UnusedParam.h>
+
+namespace JSC {
+    class ExecState;
+    class PropertyNameArray;
+    class JSGlobalData;
+    class JSObject;
+    class JSValue;
+}
+
+typedef const struct OpaqueJSContextGroup* JSContextGroupRef;
+typedef const struct OpaqueJSContext* JSContextRef;
+typedef struct OpaqueJSContext* JSGlobalContextRef;
+typedef struct OpaqueJSPropertyNameAccumulator* JSPropertyNameAccumulatorRef;
+typedef const struct OpaqueJSValue* JSValueRef;
+typedef struct OpaqueJSValue* JSObjectRef;
+
+/* Opaque typing convenience methods */
+
+inline JSC::ExecState* toJS(JSContextRef c)
+{
+    return reinterpret_cast<JSC::ExecState*>(const_cast<OpaqueJSContext*>(c));
+}
+
+inline JSC::ExecState* toJS(JSGlobalContextRef c)
+{
+    return reinterpret_cast<JSC::ExecState*>(c);
+}
+
+inline JSC::JSValue toJS(JSC::ExecState*, JSValueRef v)
+{
+#if USE(JSVALUE32_64)
+    JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(const_cast<OpaqueJSValue*>(v));
+    if (!jsCell)
+        return JSC::JSValue();
+    if (jsCell->isAPIValueWrapper())
+        return static_cast<JSC::JSAPIValueWrapper*>(jsCell)->value();
+    return jsCell;
+#else
+    return JSC::JSValue::decode(reinterpret_cast<JSC::EncodedJSValue>(const_cast<OpaqueJSValue*>(v)));
+#endif
+}
+
+inline JSC::JSObject* toJS(JSObjectRef o)
+{
+    return reinterpret_cast<JSC::JSObject*>(o);
+}
+
+inline JSC::PropertyNameArray* toJS(JSPropertyNameAccumulatorRef a)
+{
+    return reinterpret_cast<JSC::PropertyNameArray*>(a);
+}
+
+inline JSC::JSGlobalData* toJS(JSContextGroupRef g)
+{
+    return reinterpret_cast<JSC::JSGlobalData*>(const_cast<OpaqueJSContextGroup*>(g));
+}
+
+inline JSValueRef toRef(JSC::ExecState* exec, JSC::JSValue v)
+{
+#if USE(JSVALUE32_64)
+    if (!v)
+        return 0;
+    if (!v.isCell())
+        return reinterpret_cast<JSValueRef>(asCell(JSC::jsAPIValueWrapper(exec, v)));
+    return reinterpret_cast<JSValueRef>(asCell(v));
+#else
+    UNUSED_PARAM(exec);
+    return reinterpret_cast<JSValueRef>(JSC::JSValue::encode(v));
+#endif
+}
+
+inline JSObjectRef toRef(JSC::JSObject* o)
+{
+    return reinterpret_cast<JSObjectRef>(o);
+}
+
+inline JSObjectRef toRef(const JSC::JSObject* o)
+{
+    return reinterpret_cast<JSObjectRef>(const_cast<JSC::JSObject*>(o));
+}
+
+inline JSContextRef toRef(JSC::ExecState* e)
+{
+    return reinterpret_cast<JSContextRef>(e);
+}
+
+inline JSGlobalContextRef toGlobalRef(JSC::ExecState* e)
+{
+    return reinterpret_cast<JSGlobalContextRef>(e);
+}
+
+inline JSPropertyNameAccumulatorRef toRef(JSC::PropertyNameArray* l)
+{
+    return reinterpret_cast<JSPropertyNameAccumulatorRef>(l);
+}
+
+inline JSContextGroupRef toRef(JSC::JSGlobalData* g)
+{
+    return reinterpret_cast<JSContextGroupRef>(g);
+}
+
+#endif // APICast_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.cpp
new file mode 100644
index 000000000..4a32d35bf
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.cpp
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSBase.h"
+#include "JSBasePrivate.h"
+
+#include "APICast.h"
+#include "Completion.h"
+#include "OpaqueJSString.h"
+#include "SourceCode.h"
+#include <interpreter/CallFrame.h>
+#include <runtime/InitializeThreading.h>
+#include <runtime/Completion.h>
+#include <runtime/JSGlobalObject.h>
+#include <runtime/JSLock.h>
+#include <runtime/JSObject.h>
+
+using namespace JSC;
+
+JSValueRef JSEvaluateScript(JSContextRef ctx, JSStringRef script, JSObjectRef thisObject, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsThisObject = toJS(thisObject);
+
+    // evaluate sets "this" to the global object if it is NULL
+    JSGlobalObject* globalObject = exec->dynamicGlobalObject();
+    SourceCode source = makeSource(script->ustring(), sourceURL->ustring(), startingLineNumber);
+    Completion completion = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), source, jsThisObject);
+
+    if (completion.complType() == Throw) {
+        if (exception)
+            *exception = toRef(exec, completion.value());
+        return 0;
+    }
+
+    if (completion.value())
+        return toRef(exec, completion.value());
+    
+    // happens, for example, when the only statement is an empty (';') statement
+    return toRef(exec, jsUndefined());
+}
+
+bool JSCheckScriptSyntax(JSContextRef ctx, JSStringRef script, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    SourceCode source = makeSource(script->ustring(), sourceURL->ustring(), startingLineNumber);
+    Completion completion = checkSyntax(exec->dynamicGlobalObject()->globalExec(), source);
+    if (completion.complType() == Throw) {
+        if (exception)
+            *exception = toRef(exec, completion.value());
+        return false;
+    }
+    
+    return true;
+}
+
+void JSGarbageCollect(JSContextRef ctx)
+{
+    // We used to recommend passing NULL as an argument here, which caused the only heap to be collected.
+    // As there is no longer a shared heap, the previously recommended usage became a no-op (but the GC
+    // will happen when the context group is destroyed).
+    // Because the function argument was originally ignored, some clients may pass their released context here,
+    // in which case there is a risk of crashing if another thread performs GC on the same heap in between.
+    if (!ctx)
+        return;
+
+    ExecState* exec = toJS(ctx);
+    JSGlobalData& globalData = exec->globalData();
+
+    JSLock lock(globalData.isSharedInstance ? LockForReal : SilenceAssertionsOnly);
+
+    if (!globalData.heap.isBusy())
+        globalData.heap.collect();
+
+    // FIXME: Perhaps we should trigger a second mark and sweep
+    // once the garbage collector is done if this is called when
+    // the collector is busy.
+}
+
+void JSReportExtraMemoryCost(JSContextRef ctx, size_t size)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    exec->globalData().heap.reportExtraMemoryCost(size);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.h
new file mode 100644
index 000000000..0a0dcdaea
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBase.h
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSBase_h
+#define JSBase_h
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+/* JavaScript engine interface */
+
+/*! @typedef JSContextGroupRef A group that associates JavaScript contexts with one another. Contexts in the same group may share and exchange JavaScript objects. */
+typedef const struct OpaqueJSContextGroup* JSContextGroupRef;
+
+/*! @typedef JSContextRef A JavaScript execution context. Holds the global object and other execution state. */
+typedef const struct OpaqueJSContext* JSContextRef;
+
+/*! @typedef JSGlobalContextRef A global JavaScript execution context. A JSGlobalContext is a JSContext. */
+typedef struct OpaqueJSContext* JSGlobalContextRef;
+
+/*! @typedef JSStringRef A UTF16 character buffer. The fundamental string representation in JavaScript. */
+typedef struct OpaqueJSString* JSStringRef;
+
+/*! @typedef JSClassRef A JavaScript class. Used with JSObjectMake to construct objects with custom behavior. */
+typedef struct OpaqueJSClass* JSClassRef;
+
+/*! @typedef JSPropertyNameArrayRef An array of JavaScript property names. */
+typedef struct OpaqueJSPropertyNameArray* JSPropertyNameArrayRef;
+
+/*! @typedef JSPropertyNameAccumulatorRef An ordered set used to collect the names of a JavaScript object's properties. */
+typedef struct OpaqueJSPropertyNameAccumulator* JSPropertyNameAccumulatorRef;
+
+
+/* JavaScript data types */
+
+/*! @typedef JSValueRef A JavaScript value. The base type for all JavaScript values, and polymorphic functions on them. */
+typedef const struct OpaqueJSValue* JSValueRef;
+
+/*! @typedef JSObjectRef A JavaScript object. A JSObject is a JSValue. */
+typedef struct OpaqueJSValue* JSObjectRef;
+
+/* JavaScript symbol exports */
+
+#if !defined(JS_EXPORT)
+#if defined(BUILDING_WX__)
+    #define JS_EXPORT
+#elif defined(__GNUC__) && !defined(__CC_ARM) && !defined(__ARMCC__)
+    #define JS_EXPORT __attribute__((visibility("default")))
+#elif defined(_WIN32_WCE)
+    #if defined(JS_BUILDING_JS)
+        #define JS_EXPORT __declspec(dllexport)
+    #elif defined(JS_IMPORT_JS)
+        #define JS_EXPORT __declspec(dllimport)
+    #else
+        #define JS_EXPORT
+    #endif
+#elif defined(WIN32) || defined(_WIN32)
+    /*
+     * TODO: Export symbols with JS_EXPORT when using MSVC.
+     * See http://bugs.webkit.org/show_bug.cgi?id=16227
+     */
+    #if defined(BUILDING_JavaScriptCore) || defined(BUILDING_WTF)
+    #define JS_EXPORT __declspec(dllexport)
+    #else
+    #define JS_EXPORT __declspec(dllimport)
+    #endif
+#else
+    #define JS_EXPORT
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Script Evaluation */
+
+/*!
+@function JSEvaluateScript
+@abstract Evaluates a string of JavaScript.
+@param ctx The execution context to use.
+@param script A JSString containing the script to evaluate.
+@param thisObject The object to use as "this," or NULL to use the global object as "this."
+@param sourceURL A JSString containing a URL for the script's source file. This is only used when reporting exceptions. Pass NULL if you do not care to include source file information in exceptions.
+@param startingLineNumber An integer value specifying the script's starting line number in the file located at sourceURL. This is only used when reporting exceptions.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result The JSValue that results from evaluating script, or NULL if an exception is thrown.
+*/
+JS_EXPORT JSValueRef JSEvaluateScript(JSContextRef ctx, JSStringRef script, JSObjectRef thisObject, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception);
+
+/*!
+@function JSCheckScriptSyntax
+@abstract Checks for syntax errors in a string of JavaScript.
+@param ctx The execution context to use.
+@param script A JSString containing the script to check for syntax errors.
+@param sourceURL A JSString containing a URL for the script's source file. This is only used when reporting exceptions. Pass NULL if you do not care to include source file information in exceptions.
+@param startingLineNumber An integer value specifying the script's starting line number in the file located at sourceURL. This is only used when reporting exceptions.
+@param exception A pointer to a JSValueRef in which to store a syntax error exception, if any. Pass NULL if you do not care to store a syntax error exception.
+@result true if the script is syntactically correct, otherwise false.
+*/
+JS_EXPORT bool JSCheckScriptSyntax(JSContextRef ctx, JSStringRef script, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception);
+
+/*!
+@function JSGarbageCollect
+@abstract Performs a JavaScript garbage collection. 
+@param ctx The execution context to use.
+@discussion JavaScript values that are on the machine stack, in a register, 
+ protected by JSValueProtect, set as the global object of an execution context, 
+ or reachable from any such value will not be collected.
+
+ During JavaScript execution, you are not required to call this function; the 
+ JavaScript engine will garbage collect as needed. JavaScript values created
+ within a context group are automatically destroyed when the last reference
+ to the context group is released.
+*/
+JS_EXPORT void JSGarbageCollect(JSContextRef ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSBase_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBasePrivate.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBasePrivate.h
new file mode 100644
index 000000000..befa31643
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSBasePrivate.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2008 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSBasePrivate_h
+#define JSBasePrivate_h
+
+#include <JavaScriptCore/JSBase.h>
+#include <JavaScriptCore/WebKitAvailability.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+@function
+@abstract Reports an object's non-GC memory payload to the garbage collector.
+@param ctx The execution context to use.
+@param size The payload's size, in bytes.
+@discussion Use this function to notify the garbage collector that a GC object
+owns a large non-GC memory region. Calling this function will encourage the
+garbage collector to collect soon, hoping to reclaim that large non-GC memory
+region.
+*/
+JS_EXPORT void JSReportExtraMemoryCost(JSContextRef ctx, size_t size) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSBasePrivate_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.cpp
new file mode 100644
index 000000000..64c83cb04
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.cpp
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSCallbackConstructor.h"
+
+#include "APICast.h"
+#include <runtime/JSGlobalObject.h>
+#include <runtime/JSLock.h>
+#include <runtime/ObjectPrototype.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+const ClassInfo JSCallbackConstructor::info = { "CallbackConstructor", 0, 0, 0 };
+
+JSCallbackConstructor::JSCallbackConstructor(PassRefPtr<Structure> structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
+    : JSObject(structure)
+    , m_class(jsClass)
+    , m_callback(callback)
+{
+    if (m_class)
+        JSClassRetain(jsClass);
+}
+
+JSCallbackConstructor::~JSCallbackConstructor()
+{
+    if (m_class)
+        JSClassRelease(m_class);
+}
+
+static JSObject* constructJSCallback(ExecState* exec, JSObject* constructor, const ArgList& args)
+{
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef constructorRef = toRef(constructor);
+
+    JSObjectCallAsConstructorCallback callback = static_cast<JSCallbackConstructor*>(constructor)->callback();
+    if (callback) {
+        int argumentCount = static_cast<int>(args.size());
+        Vector<JSValueRef, 16> arguments(argumentCount);
+        for (int i = 0; i < argumentCount; i++)
+            arguments[i] = toRef(exec, args.at(i));
+
+        JSValueRef exception = 0;
+        JSObjectRef result;
+        {
+            JSLock::DropAllLocks dropAllLocks(exec);
+            result = callback(ctx, constructorRef, argumentCount, arguments.data(), &exception);
+        }
+        if (exception)
+            exec->setException(toJS(exec, exception));
+        return toJS(result);
+    }
+    
+    return toJS(JSObjectMake(ctx, static_cast<JSCallbackConstructor*>(constructor)->classRef(), 0));
+}
+
+ConstructType JSCallbackConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructJSCallback;
+    return ConstructTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.h
new file mode 100644
index 000000000..0497aa28b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackConstructor.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSCallbackConstructor_h
+#define JSCallbackConstructor_h
+
+#include "JSObjectRef.h"
+#include <runtime/JSObject.h>
+
+namespace JSC {
+
+class JSCallbackConstructor : public JSObject {
+public:
+    JSCallbackConstructor(PassRefPtr<Structure>, JSClassRef, JSObjectCallAsConstructorCallback);
+    virtual ~JSCallbackConstructor();
+    JSClassRef classRef() const { return m_class; }
+    JSObjectCallAsConstructorCallback callback() const { return m_callback; }
+    static const ClassInfo info;
+    
+    static PassRefPtr<Structure> createStructure(JSValue proto) 
+    { 
+        return Structure::create(proto, TypeInfo(ObjectType, ImplementsHasInstance | HasStandardGetOwnPropertySlot | HasDefaultMark | HasDefaultGetPropertyNames)); 
+    }
+
+private:
+    virtual ConstructType getConstructData(ConstructData&);
+    virtual const ClassInfo* classInfo() const { return &info; }
+
+    JSClassRef m_class;
+    JSObjectCallAsConstructorCallback m_callback;
+};
+
+} // namespace JSC
+
+#endif // JSCallbackConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.cpp
new file mode 100644
index 000000000..b7dd76858
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include <wtf/Platform.h>
+#include "JSCallbackFunction.h"
+
+#include "APICast.h"
+#include "CodeBlock.h"
+#include "JSFunction.h"
+#include "FunctionPrototype.h"
+#include <runtime/JSGlobalObject.h>
+#include <runtime/JSLock.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackFunction);
+
+const ClassInfo JSCallbackFunction::info = { "CallbackFunction", &InternalFunction::info, 0, 0 };
+
+JSCallbackFunction::JSCallbackFunction(ExecState* exec, JSObjectCallAsFunctionCallback callback, const Identifier& name)
+    : InternalFunction(&exec->globalData(), exec->lexicalGlobalObject()->callbackFunctionStructure(), name)
+    , m_callback(callback)
+{
+}
+
+JSValue JSCallbackFunction::call(ExecState* exec, JSObject* functionObject, JSValue thisValue, const ArgList& args)
+{
+    JSContextRef execRef = toRef(exec);
+    JSObjectRef functionRef = toRef(functionObject);
+    JSObjectRef thisObjRef = toRef(thisValue.toThisObject(exec));
+
+    int argumentCount = static_cast<int>(args.size());
+    Vector<JSValueRef, 16> arguments(argumentCount);
+    for (int i = 0; i < argumentCount; i++)
+        arguments[i] = toRef(exec, args.at(i));
+
+    JSValueRef exception = 0;
+    JSValueRef result;
+    {
+        JSLock::DropAllLocks dropAllLocks(exec);
+        result = static_cast<JSCallbackFunction*>(functionObject)->m_callback(execRef, functionRef, thisObjRef, argumentCount, arguments.data(), &exception);
+    }
+    if (exception)
+        exec->setException(toJS(exec, exception));
+
+    return toJS(exec, result);
+}
+
+CallType JSCallbackFunction::getCallData(CallData& callData)
+{
+    callData.native.function = call;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.h
new file mode 100644
index 000000000..3a17fa2de
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackFunction.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSCallbackFunction_h
+#define JSCallbackFunction_h
+
+#include "InternalFunction.h"
+#include "JSObjectRef.h"
+
+namespace JSC {
+
+class JSCallbackFunction : public InternalFunction {
+public:
+    JSCallbackFunction(ExecState*, JSObjectCallAsFunctionCallback, const Identifier& name);
+
+    static const ClassInfo info;
+    
+    // InternalFunction mish-mashes constructor and function behavior -- we should 
+    // refactor the code so this override isn't necessary
+    static PassRefPtr<Structure> createStructure(JSValue proto) 
+    { 
+        return Structure::create(proto, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark)); 
+    }
+
+private:
+    virtual CallType getCallData(CallData&);
+    virtual const ClassInfo* classInfo() const { return &info; }
+
+    static JSValue JSC_HOST_CALL call(ExecState*, JSObject*, JSValue, const ArgList&);
+
+    JSObjectCallAsFunctionCallback m_callback;
+};
+
+} // namespace JSC
+
+#endif // JSCallbackFunction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.cpp
new file mode 100644
index 000000000..2fde0f8ee
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.cpp
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSCallbackObject.h"
+
+#include "Collector.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSObject>);
+ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject<JSGlobalObject>);
+
+// Define the two types of JSCallbackObjects we support.
+template <> const ClassInfo JSCallbackObject<JSObject>::info = { "CallbackObject", 0, 0, 0 };
+template <> const ClassInfo JSCallbackObject<JSGlobalObject>::info = { "CallbackGlobalObject", 0, 0, 0 };
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.h
new file mode 100644
index 000000000..e767cb511
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObject.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSCallbackObject_h
+#define JSCallbackObject_h
+
+#include "JSObjectRef.h"
+#include "JSValueRef.h"
+#include "JSObject.h"
+
+namespace JSC {
+
+template <class Base>
+class JSCallbackObject : public Base {
+public:
+    JSCallbackObject(ExecState*, PassRefPtr<Structure>, JSClassRef, void* data);
+    JSCallbackObject(JSClassRef);
+    virtual ~JSCallbackObject();
+
+    void setPrivate(void* data);
+    void* getPrivate();
+
+    static const ClassInfo info;
+
+    JSClassRef classRef() const { return m_callbackObjectData->jsClass; }
+    bool inherits(JSClassRef) const;
+
+    static PassRefPtr<Structure> createStructure(JSValue proto) 
+    { 
+        return Structure::create(proto, TypeInfo(ObjectType, ImplementsHasInstance | OverridesHasInstance)); 
+    }
+
+private:
+    virtual UString className() const;
+
+    virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+    virtual bool getOwnPropertySlot(ExecState*, unsigned, PropertySlot&);
+    
+    virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
+
+    virtual bool deleteProperty(ExecState*, const Identifier&, bool checkDontDelete = true);
+    virtual bool deleteProperty(ExecState*, unsigned, bool checkDontDelete = true);
+
+    virtual bool hasInstance(ExecState* exec, JSValue value, JSValue proto);
+
+    virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+
+    virtual double toNumber(ExecState*) const;
+    virtual UString toString(ExecState*) const;
+
+    virtual ConstructType getConstructData(ConstructData&);
+    virtual CallType getCallData(CallData&);
+    virtual const ClassInfo* classInfo() const { return &info; }
+
+    void init(ExecState*);
+ 
+    static JSCallbackObject* asCallbackObject(JSValue);
+ 
+    static JSValue JSC_HOST_CALL call(ExecState*, JSObject* functionObject, JSValue thisValue, const ArgList&);
+    static JSObject* construct(ExecState*, JSObject* constructor, const ArgList&);
+   
+    static JSValue staticValueGetter(ExecState*, const Identifier&, const PropertySlot&);
+    static JSValue staticFunctionGetter(ExecState*, const Identifier&, const PropertySlot&);
+    static JSValue callbackGetter(ExecState*, const Identifier&, const PropertySlot&);
+
+    struct JSCallbackObjectData {
+        JSCallbackObjectData(void* privateData, JSClassRef jsClass)
+            : privateData(privateData)
+            , jsClass(jsClass)
+        {
+            JSClassRetain(jsClass);
+        }
+        
+        ~JSCallbackObjectData()
+        {
+            JSClassRelease(jsClass);
+        }
+        
+        void* privateData;
+        JSClassRef jsClass;
+    };
+    
+    OwnPtr<JSCallbackObjectData> m_callbackObjectData;
+};
+
+} // namespace JSC
+
+// include the actual template class implementation
+#include "JSCallbackObjectFunctions.h"
+
+#endif // JSCallbackObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObjectFunctions.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObjectFunctions.h
new file mode 100644
index 000000000..c84c191b8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSCallbackObjectFunctions.h
@@ -0,0 +1,573 @@
+/*
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "APICast.h"
+#include "Error.h"
+#include "JSCallbackFunction.h"
+#include "JSClassRef.h"
+#include "JSGlobalObject.h"
+#include "JSLock.h"
+#include "JSObjectRef.h"
+#include "JSString.h"
+#include "JSStringRef.h"
+#include "OpaqueJSString.h"
+#include "PropertyNameArray.h"
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+template <class Base>
+inline JSCallbackObject<Base>* JSCallbackObject<Base>::asCallbackObject(JSValue value)
+{
+    ASSERT(asObject(value)->inherits(&info));
+    return static_cast<JSCallbackObject*>(asObject(value));
+}
+
+template <class Base>
+JSCallbackObject<Base>::JSCallbackObject(ExecState* exec, PassRefPtr<Structure> structure, JSClassRef jsClass, void* data)
+    : Base(structure)
+    , m_callbackObjectData(new JSCallbackObjectData(data, jsClass))
+{
+    init(exec);
+}
+
+// Global object constructor.
+// FIXME: Move this into a separate JSGlobalCallbackObject class derived from this one.
+template <class Base>
+JSCallbackObject<Base>::JSCallbackObject(JSClassRef jsClass)
+    : Base()
+    , m_callbackObjectData(new JSCallbackObjectData(0, jsClass))
+{
+    ASSERT(Base::isGlobalObject());
+    init(static_cast<JSGlobalObject*>(this)->globalExec());
+}
+
+template <class Base>
+void JSCallbackObject<Base>::init(ExecState* exec)
+{
+    ASSERT(exec);
+    
+    Vector<JSObjectInitializeCallback, 16> initRoutines;
+    JSClassRef jsClass = classRef();
+    do {
+        if (JSObjectInitializeCallback initialize = jsClass->initialize)
+            initRoutines.append(initialize);
+    } while ((jsClass = jsClass->parentClass));
+    
+    // initialize from base to derived
+    for (int i = static_cast<int>(initRoutines.size()) - 1; i >= 0; i--) {
+        JSLock::DropAllLocks dropAllLocks(exec);
+        JSObjectInitializeCallback initialize = initRoutines[i];
+        initialize(toRef(exec), toRef(this));
+    }
+}
+
+template <class Base>
+JSCallbackObject<Base>::~JSCallbackObject()
+{
+    JSObjectRef thisRef = toRef(this);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (JSObjectFinalizeCallback finalize = jsClass->finalize)
+            finalize(thisRef);
+}
+
+template <class Base>
+UString JSCallbackObject<Base>::className() const
+{
+    UString thisClassName = classRef()->className();
+    if (!thisClassName.isEmpty())
+        return thisClassName;
+    
+    return Base::className();
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    RefPtr<OpaqueJSString> propertyNameRef;
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        // optional optimization to bypass getProperty in cases when we only need to know if the property exists
+        if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) {
+            if (!propertyNameRef)
+                propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+            JSLock::DropAllLocks dropAllLocks(exec);
+            if (hasProperty(ctx, thisRef, propertyNameRef.get())) {
+                slot.setCustom(this, callbackGetter);
+                return true;
+            }
+        } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
+            if (!propertyNameRef)
+                propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+            JSValueRef exception = 0;
+            JSValueRef value;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception);
+            }
+            exec->setException(toJS(exec, exception));
+            if (value) {
+                slot.setValue(toJS(exec, value));
+                return true;
+            }
+            if (exception) {
+                slot.setValue(jsUndefined());
+                return true;
+            }
+        }
+        
+        if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+            if (staticValues->contains(propertyName.ustring().rep())) {
+                slot.setCustom(this, staticValueGetter);
+                return true;
+            }
+        }
+        
+        if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+            if (staticFunctions->contains(propertyName.ustring().rep())) {
+                slot.setCustom(this, staticFunctionGetter);
+                return true;
+            }
+        }
+    }
+    
+    return Base::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    return getOwnPropertySlot(exec, Identifier::from(exec, propertyName), slot);
+}
+
+template <class Base>
+void JSCallbackObject<Base>::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    RefPtr<OpaqueJSString> propertyNameRef;
+    JSValueRef valueRef = toRef(exec, value);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) {
+            if (!propertyNameRef)
+                propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+            JSValueRef exception = 0;
+            bool result;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
+            }
+            exec->setException(toJS(exec, exception));
+            if (result || exception)
+                return;
+        }
+        
+        if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+            if (StaticValueEntry* entry = staticValues->get(propertyName.ustring().rep())) {
+                if (entry->attributes & kJSPropertyAttributeReadOnly)
+                    return;
+                if (JSObjectSetPropertyCallback setProperty = entry->setProperty) {
+                    if (!propertyNameRef)
+                        propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+                    JSValueRef exception = 0;
+                    bool result;
+                    {
+                        JSLock::DropAllLocks dropAllLocks(exec);
+                        result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception);
+                    }
+                    exec->setException(toJS(exec, exception));
+                    if (result || exception)
+                        return;
+                } else
+                    throwError(exec, ReferenceError, "Attempt to set a property that is not settable.");
+            }
+        }
+        
+        if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+            if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
+                if (entry->attributes & kJSPropertyAttributeReadOnly)
+                    return;
+                JSCallbackObject<Base>::putDirect(propertyName, value); // put as override property
+                return;
+            }
+        }
+    }
+    
+    return Base::put(exec, propertyName, value, slot);
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    RefPtr<OpaqueJSString> propertyNameRef;
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) {
+            if (!propertyNameRef)
+                propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+            JSValueRef exception = 0;
+            bool result;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception);
+            }
+            exec->setException(toJS(exec, exception));
+            if (result || exception)
+                return true;
+        }
+        
+        if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+            if (StaticValueEntry* entry = staticValues->get(propertyName.ustring().rep())) {
+                if (entry->attributes & kJSPropertyAttributeDontDelete)
+                    return false;
+                return true;
+            }
+        }
+        
+        if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+            if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
+                if (entry->attributes & kJSPropertyAttributeDontDelete)
+                    return false;
+                return true;
+            }
+        }
+    }
+    
+    return Base::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::deleteProperty(ExecState* exec, unsigned propertyName, bool checkDontDelete)
+{
+    return deleteProperty(exec, Identifier::from(exec, propertyName), checkDontDelete);
+}
+
+template <class Base>
+ConstructType JSCallbackObject<Base>::getConstructData(ConstructData& constructData)
+{
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (jsClass->callAsConstructor) {
+            constructData.native.function = construct;
+            return ConstructTypeHost;
+        }
+    }
+    return ConstructTypeNone;
+}
+
+template <class Base>
+JSObject* JSCallbackObject<Base>::construct(ExecState* exec, JSObject* constructor, const ArgList& args)
+{
+    JSContextRef execRef = toRef(exec);
+    JSObjectRef constructorRef = toRef(constructor);
+    
+    for (JSClassRef jsClass = static_cast<JSCallbackObject<Base>*>(constructor)->classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectCallAsConstructorCallback callAsConstructor = jsClass->callAsConstructor) {
+            int argumentCount = static_cast<int>(args.size());
+            Vector<JSValueRef, 16> arguments(argumentCount);
+            for (int i = 0; i < argumentCount; i++)
+                arguments[i] = toRef(exec, args.at(i));
+            JSValueRef exception = 0;
+            JSObject* result;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                result = toJS(callAsConstructor(execRef, constructorRef, argumentCount, arguments.data(), &exception));
+            }
+            exec->setException(toJS(exec, exception));
+            return result;
+        }
+    }
+    
+    ASSERT_NOT_REACHED(); // getConstructData should prevent us from reaching here
+    return 0;
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::hasInstance(ExecState* exec, JSValue value, JSValue)
+{
+    JSContextRef execRef = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectHasInstanceCallback hasInstance = jsClass->hasInstance) {
+            JSValueRef valueRef = toRef(exec, value);
+            JSValueRef exception = 0;
+            bool result;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                result = hasInstance(execRef, thisRef, valueRef, &exception);
+            }
+            exec->setException(toJS(exec, exception));
+            return result;
+        }
+    }
+    return false;
+}
+
+template <class Base>
+CallType JSCallbackObject<Base>::getCallData(CallData& callData)
+{
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (jsClass->callAsFunction) {
+            callData.native.function = call;
+            return CallTypeHost;
+        }
+    }
+    return CallTypeNone;
+}
+
+template <class Base>
+JSValue JSCallbackObject<Base>::call(ExecState* exec, JSObject* functionObject, JSValue thisValue, const ArgList& args)
+{
+    JSContextRef execRef = toRef(exec);
+    JSObjectRef functionRef = toRef(functionObject);
+    JSObjectRef thisObjRef = toRef(thisValue.toThisObject(exec));
+    
+    for (JSClassRef jsClass = static_cast<JSCallbackObject<Base>*>(functionObject)->classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectCallAsFunctionCallback callAsFunction = jsClass->callAsFunction) {
+            int argumentCount = static_cast<int>(args.size());
+            Vector<JSValueRef, 16> arguments(argumentCount);
+            for (int i = 0; i < argumentCount; i++)
+                arguments[i] = toRef(exec, args.at(i));
+            JSValueRef exception = 0;
+            JSValue result;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                result = toJS(exec, callAsFunction(execRef, functionRef, thisObjRef, argumentCount, arguments.data(), &exception));
+            }
+            exec->setException(toJS(exec, exception));
+            return result;
+        }
+    }
+    
+    ASSERT_NOT_REACHED(); // getCallData should prevent us from reaching here
+    return JSValue();
+}
+
+template <class Base>
+void JSCallbackObject<Base>::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    JSContextRef execRef = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (JSObjectGetPropertyNamesCallback getPropertyNames = jsClass->getPropertyNames) {
+            JSLock::DropAllLocks dropAllLocks(exec);
+            getPropertyNames(execRef, thisRef, toRef(&propertyNames));
+        }
+        
+        if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) {
+            typedef OpaqueJSClassStaticValuesTable::const_iterator iterator;
+            iterator end = staticValues->end();
+            for (iterator it = staticValues->begin(); it != end; ++it) {
+                UString::Rep* name = it->first.get();
+                StaticValueEntry* entry = it->second;
+                if (entry->getProperty && !(entry->attributes & kJSPropertyAttributeDontEnum))
+                    propertyNames.add(Identifier(exec, name));
+            }
+        }
+        
+        if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+            typedef OpaqueJSClassStaticFunctionsTable::const_iterator iterator;
+            iterator end = staticFunctions->end();
+            for (iterator it = staticFunctions->begin(); it != end; ++it) {
+                UString::Rep* name = it->first.get();
+                StaticFunctionEntry* entry = it->second;
+                if (!(entry->attributes & kJSPropertyAttributeDontEnum))
+                    propertyNames.add(Identifier(exec, name));
+            }
+        }
+    }
+    
+    Base::getOwnPropertyNames(exec, propertyNames, includeNonEnumerable);
+}
+
+template <class Base>
+double JSCallbackObject<Base>::toNumber(ExecState* exec) const
+{
+    // We need this check to guard against the case where this object is rhs of
+    // a binary expression where lhs threw an exception in its conversion to
+    // primitive
+    if (exec->hadException())
+        return NaN;
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
+            JSValueRef exception = 0;
+            JSValueRef value;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                value = convertToType(ctx, thisRef, kJSTypeNumber, &exception);
+            }
+            if (exception) {
+                exec->setException(toJS(exec, exception));
+                return 0;
+            }
+
+            double dValue;
+            return toJS(exec, value).getNumber(dValue) ? dValue : NaN;
+        }
+            
+    return Base::toNumber(exec);
+}
+
+template <class Base>
+UString JSCallbackObject<Base>::toString(ExecState* exec) const
+{
+    JSContextRef ctx = toRef(exec);
+    JSObjectRef thisRef = toRef(this);
+    
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (JSObjectConvertToTypeCallback convertToType = jsClass->convertToType) {
+            JSValueRef exception = 0;
+            JSValueRef value;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                value = convertToType(ctx, thisRef, kJSTypeString, &exception);
+            }
+            if (exception) {
+                exec->setException(toJS(exec, exception));
+                return "";
+            }
+            return toJS(exec, value).getString();
+        }
+            
+    return Base::toString(exec);
+}
+
+template <class Base>
+void JSCallbackObject<Base>::setPrivate(void* data)
+{
+    m_callbackObjectData->privateData = data;
+}
+
+template <class Base>
+void* JSCallbackObject<Base>::getPrivate()
+{
+    return m_callbackObjectData->privateData;
+}
+
+template <class Base>
+bool JSCallbackObject<Base>::inherits(JSClassRef c) const
+{
+    for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (jsClass == c)
+            return true;
+    
+    return false;
+}
+
+template <class Base>
+JSValue JSCallbackObject<Base>::staticValueGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot& slot)
+{
+    JSCallbackObject* thisObj = asCallbackObject(slot.slotBase());
+    
+    JSObjectRef thisRef = toRef(thisObj);
+    RefPtr<OpaqueJSString> propertyNameRef;
+    
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec))
+            if (StaticValueEntry* entry = staticValues->get(propertyName.ustring().rep()))
+                if (JSObjectGetPropertyCallback getProperty = entry->getProperty) {
+                    if (!propertyNameRef)
+                        propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+                    JSValueRef exception = 0;
+                    JSValueRef value;
+                    {
+                        JSLock::DropAllLocks dropAllLocks(exec);
+                        value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
+                    }
+                    exec->setException(toJS(exec, exception));
+                    if (value)
+                        return toJS(exec, value);
+                    if (exception)
+                        return jsUndefined();
+                }
+                    
+    return throwError(exec, ReferenceError, "Static value property defined with NULL getProperty callback.");
+}
+
+template <class Base>
+JSValue JSCallbackObject<Base>::staticFunctionGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot& slot)
+{
+    JSCallbackObject* thisObj = asCallbackObject(slot.slotBase());
+    
+    // Check for cached or override property.
+    PropertySlot slot2(thisObj);
+    if (thisObj->Base::getOwnPropertySlot(exec, propertyName, slot2))
+        return slot2.getValue(exec, propertyName);
+    
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) {
+        if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) {
+            if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.ustring().rep())) {
+                if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) {
+                    JSObject* o = new (exec) JSCallbackFunction(exec, callAsFunction, propertyName);
+                    thisObj->putDirect(propertyName, o, entry->attributes);
+                    return o;
+                }
+            }
+        }
+    }
+    
+    return throwError(exec, ReferenceError, "Static function property defined with NULL callAsFunction callback.");
+}
+
+template <class Base>
+JSValue JSCallbackObject<Base>::callbackGetter(ExecState* exec, const Identifier& propertyName, const PropertySlot& slot)
+{
+    JSCallbackObject* thisObj = asCallbackObject(slot.slotBase());
+    
+    JSObjectRef thisRef = toRef(thisObj);
+    RefPtr<OpaqueJSString> propertyNameRef;
+    
+    for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass)
+        if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) {
+            if (!propertyNameRef)
+                propertyNameRef = OpaqueJSString::create(propertyName.ustring());
+            JSValueRef exception = 0;
+            JSValueRef value;
+            {
+                JSLock::DropAllLocks dropAllLocks(exec);
+                value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception);
+            }
+            exec->setException(toJS(exec, exception));
+            if (value)
+                return toJS(exec, value);
+            if (exception)
+                return jsUndefined();
+        }
+            
+    return throwError(exec, ReferenceError, "hasProperty callback returned true for a property that doesn't exist.");
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.cpp
new file mode 100644
index 000000000..afde7ce1a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.cpp
@@ -0,0 +1,244 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSClassRef.h"
+
+#include "APICast.h"
+#include "JSCallbackObject.h"
+#include "JSObjectRef.h"
+#include <runtime/InitializeThreading.h>
+#include <runtime/JSGlobalObject.h>
+#include <runtime/ObjectPrototype.h>
+#include <runtime/Identifier.h>
+
+using namespace JSC;
+
+const JSClassDefinition kJSClassDefinitionEmpty = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+
+OpaqueJSClass::OpaqueJSClass(const JSClassDefinition* definition, OpaqueJSClass* protoClass) 
+    : parentClass(definition->parentClass)
+    , prototypeClass(0)
+    , initialize(definition->initialize)
+    , finalize(definition->finalize)
+    , hasProperty(definition->hasProperty)
+    , getProperty(definition->getProperty)
+    , setProperty(definition->setProperty)
+    , deleteProperty(definition->deleteProperty)
+    , getPropertyNames(definition->getPropertyNames)
+    , callAsFunction(definition->callAsFunction)
+    , callAsConstructor(definition->callAsConstructor)
+    , hasInstance(definition->hasInstance)
+    , convertToType(definition->convertToType)
+    , m_className(UString::Rep::createFromUTF8(definition->className))
+    , m_staticValues(0)
+    , m_staticFunctions(0)
+{
+    initializeThreading();
+
+    if (const JSStaticValue* staticValue = definition->staticValues) {
+        m_staticValues = new OpaqueJSClassStaticValuesTable();
+        while (staticValue->name) {
+            m_staticValues->add(UString::Rep::createFromUTF8(staticValue->name),
+                              new StaticValueEntry(staticValue->getProperty, staticValue->setProperty, staticValue->attributes));
+            ++staticValue;
+        }
+    }
+
+    if (const JSStaticFunction* staticFunction = definition->staticFunctions) {
+        m_staticFunctions = new OpaqueJSClassStaticFunctionsTable();
+        while (staticFunction->name) {
+            m_staticFunctions->add(UString::Rep::createFromUTF8(staticFunction->name),
+                                 new StaticFunctionEntry(staticFunction->callAsFunction, staticFunction->attributes));
+            ++staticFunction;
+        }
+    }
+        
+    if (protoClass)
+        prototypeClass = JSClassRetain(protoClass);
+}
+
+OpaqueJSClass::~OpaqueJSClass()
+{
+    ASSERT(!m_className.rep()->identifierTable());
+
+    if (m_staticValues) {
+        OpaqueJSClassStaticValuesTable::const_iterator end = m_staticValues->end();
+        for (OpaqueJSClassStaticValuesTable::const_iterator it = m_staticValues->begin(); it != end; ++it) {
+            ASSERT(!it->first->identifierTable());
+            delete it->second;
+        }
+        delete m_staticValues;
+    }
+
+    if (m_staticFunctions) {
+        OpaqueJSClassStaticFunctionsTable::const_iterator end = m_staticFunctions->end();
+        for (OpaqueJSClassStaticFunctionsTable::const_iterator it = m_staticFunctions->begin(); it != end; ++it) {
+            ASSERT(!it->first->identifierTable());
+            delete it->second;
+        }
+        delete m_staticFunctions;
+    }
+    
+    if (prototypeClass)
+        JSClassRelease(prototypeClass);
+}
+
+PassRefPtr<OpaqueJSClass> OpaqueJSClass::createNoAutomaticPrototype(const JSClassDefinition* definition)
+{
+    return adoptRef(new OpaqueJSClass(definition, 0));
+}
+
+static void clearReferenceToPrototype(JSObjectRef prototype)
+{
+    OpaqueJSClassContextData* jsClassData = static_cast<OpaqueJSClassContextData*>(JSObjectGetPrivate(prototype));
+    ASSERT(jsClassData);
+    jsClassData->cachedPrototype = 0;
+}
+
+PassRefPtr<OpaqueJSClass> OpaqueJSClass::create(const JSClassDefinition* definition)
+{
+    if (const JSStaticFunction* staticFunctions = definition->staticFunctions) {
+        // copy functions into a prototype class
+        JSClassDefinition protoDefinition = kJSClassDefinitionEmpty;
+        protoDefinition.staticFunctions = staticFunctions;
+        protoDefinition.finalize = clearReferenceToPrototype;
+        
+        // We are supposed to use JSClassRetain/Release but since we know that we currently have
+        // the only reference to this class object we cheat and use a RefPtr instead.
+        RefPtr<OpaqueJSClass> protoClass = adoptRef(new OpaqueJSClass(&protoDefinition, 0));
+
+        // remove functions from the original class
+        JSClassDefinition objectDefinition = *definition;
+        objectDefinition.staticFunctions = 0;
+
+        return adoptRef(new OpaqueJSClass(&objectDefinition, protoClass.get()));
+    }
+
+    return adoptRef(new OpaqueJSClass(definition, 0));
+}
+
+OpaqueJSClassContextData::OpaqueJSClassContextData(OpaqueJSClass* jsClass)
+    : m_class(jsClass)
+    , cachedPrototype(0)
+{
+    if (jsClass->m_staticValues) {
+        staticValues = new OpaqueJSClassStaticValuesTable;
+        OpaqueJSClassStaticValuesTable::const_iterator end = jsClass->m_staticValues->end();
+        for (OpaqueJSClassStaticValuesTable::const_iterator it = jsClass->m_staticValues->begin(); it != end; ++it) {
+            ASSERT(!it->first->identifierTable());
+            staticValues->add(UString::Rep::createCopying(it->first->data(), it->first->size()),
+                              new StaticValueEntry(it->second->getProperty, it->second->setProperty, it->second->attributes));
+        }
+            
+    } else
+        staticValues = 0;
+        
+
+    if (jsClass->m_staticFunctions) {
+        staticFunctions = new OpaqueJSClassStaticFunctionsTable;
+        OpaqueJSClassStaticFunctionsTable::const_iterator end = jsClass->m_staticFunctions->end();
+        for (OpaqueJSClassStaticFunctionsTable::const_iterator it = jsClass->m_staticFunctions->begin(); it != end; ++it) {
+            ASSERT(!it->first->identifierTable());
+            staticFunctions->add(UString::Rep::createCopying(it->first->data(), it->first->size()),
+                              new StaticFunctionEntry(it->second->callAsFunction, it->second->attributes));
+        }
+            
+    } else
+        staticFunctions = 0;
+}
+
+OpaqueJSClassContextData::~OpaqueJSClassContextData()
+{
+    if (staticValues) {
+        deleteAllValues(*staticValues);
+        delete staticValues;
+    }
+
+    if (staticFunctions) {
+        deleteAllValues(*staticFunctions);
+        delete staticFunctions;
+    }
+}
+
+OpaqueJSClassContextData& OpaqueJSClass::contextData(ExecState* exec)
+{
+    OpaqueJSClassContextData*& contextData = exec->globalData().opaqueJSClassData.add(this, 0).first->second;
+    if (!contextData)
+        contextData = new OpaqueJSClassContextData(this);
+    return *contextData;
+}
+
+UString OpaqueJSClass::className()
+{
+    // Make a deep copy, so that the caller has no chance to put the original into IdentifierTable.
+    return UString(m_className.data(), m_className.size());
+}
+
+OpaqueJSClassStaticValuesTable* OpaqueJSClass::staticValues(JSC::ExecState* exec)
+{
+    OpaqueJSClassContextData& jsClassData = contextData(exec);
+    return jsClassData.staticValues;
+}
+
+OpaqueJSClassStaticFunctionsTable* OpaqueJSClass::staticFunctions(JSC::ExecState* exec)
+{
+    OpaqueJSClassContextData& jsClassData = contextData(exec);
+    return jsClassData.staticFunctions;
+}
+
+/*!
+// Doc here in case we make this public. (Hopefully we won't.)
+@function
+ @abstract Returns the prototype that will be used when constructing an object with a given class.
+ @param ctx The execution context to use.
+ @param jsClass A JSClass whose prototype you want to get.
+ @result The JSObject prototype that was automatically generated for jsClass, or NULL if no prototype was automatically generated. This is the prototype that will be used when constructing an object using jsClass.
+*/
+JSObject* OpaqueJSClass::prototype(ExecState* exec)
+{
+    /* Class (C++) and prototype (JS) inheritance are parallel, so:
+     *     (C++)      |        (JS)
+     *   ParentClass  |   ParentClassPrototype
+     *       ^        |          ^
+     *       |        |          |
+     *  DerivedClass  |  DerivedClassPrototype
+     */
+    
+    if (!prototypeClass)
+        return 0;
+
+    OpaqueJSClassContextData& jsClassData = contextData(exec);
+
+    if (!jsClassData.cachedPrototype) {
+        // Recursive, but should be good enough for our purposes
+        jsClassData.cachedPrototype = new (exec) JSCallbackObject<JSObject>(exec, exec->lexicalGlobalObject()->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction
+        if (parentClass) {
+            if (JSObject* prototype = parentClass->prototype(exec))
+                jsClassData.cachedPrototype->setPrototype(prototype);
+        }
+    }
+    return jsClassData.cachedPrototype;
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.h
new file mode 100644
index 000000000..c4777ddfd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSClassRef.h
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSClassRef_h
+#define JSClassRef_h
+
+#include "JSObjectRef.h"
+
+#include <runtime/JSObject.h>
+#include <runtime/Protect.h>
+#include <runtime/UString.h>
+#include <wtf/HashMap.h>
+#include <wtf/RefCounted.h>
+
+struct StaticValueEntry : FastAllocBase {
+    StaticValueEntry(JSObjectGetPropertyCallback _getProperty, JSObjectSetPropertyCallback _setProperty, JSPropertyAttributes _attributes)
+        : getProperty(_getProperty), setProperty(_setProperty), attributes(_attributes)
+    {
+    }
+    
+    JSObjectGetPropertyCallback getProperty;
+    JSObjectSetPropertyCallback setProperty;
+    JSPropertyAttributes attributes;
+};
+
+struct StaticFunctionEntry : FastAllocBase {
+    StaticFunctionEntry(JSObjectCallAsFunctionCallback _callAsFunction, JSPropertyAttributes _attributes)
+        : callAsFunction(_callAsFunction), attributes(_attributes)
+    {
+    }
+
+    JSObjectCallAsFunctionCallback callAsFunction;
+    JSPropertyAttributes attributes;
+};
+
+typedef HashMap<RefPtr<JSC::UString::Rep>, StaticValueEntry*> OpaqueJSClassStaticValuesTable;
+typedef HashMap<RefPtr<JSC::UString::Rep>, StaticFunctionEntry*> OpaqueJSClassStaticFunctionsTable;
+
+struct OpaqueJSClass;
+
+// An OpaqueJSClass (JSClass) is created without a context, so it can be used with any context, even across context groups.
+// This structure holds data members that vary across context groups.
+struct OpaqueJSClassContextData : Noncopyable {
+    OpaqueJSClassContextData(OpaqueJSClass*);
+    ~OpaqueJSClassContextData();
+
+    // It is necessary to keep OpaqueJSClass alive because of the following rare scenario:
+    // 1. A class is created and used, so its context data is stored in JSGlobalData hash map.
+    // 2. The class is released, and when all JS objects that use it are collected, OpaqueJSClass
+    // is deleted (that's the part prevented by this RefPtr).
+    // 3. Another class is created at the same address.
+    // 4. When it is used, the old context data is found in JSGlobalData and used.
+    RefPtr<OpaqueJSClass> m_class;
+
+    OpaqueJSClassStaticValuesTable* staticValues;
+    OpaqueJSClassStaticFunctionsTable* staticFunctions;
+    JSC::JSObject* cachedPrototype;
+};
+
+struct OpaqueJSClass : public ThreadSafeShared<OpaqueJSClass> {
+    static PassRefPtr<OpaqueJSClass> create(const JSClassDefinition*);
+    static PassRefPtr<OpaqueJSClass> createNoAutomaticPrototype(const JSClassDefinition*);
+    ~OpaqueJSClass();
+    
+    JSC::UString className();
+    OpaqueJSClassStaticValuesTable* staticValues(JSC::ExecState*);
+    OpaqueJSClassStaticFunctionsTable* staticFunctions(JSC::ExecState*);
+    JSC::JSObject* prototype(JSC::ExecState*);
+
+    OpaqueJSClass* parentClass;
+    OpaqueJSClass* prototypeClass;
+    
+    JSObjectInitializeCallback initialize;
+    JSObjectFinalizeCallback finalize;
+    JSObjectHasPropertyCallback hasProperty;
+    JSObjectGetPropertyCallback getProperty;
+    JSObjectSetPropertyCallback setProperty;
+    JSObjectDeletePropertyCallback deleteProperty;
+    JSObjectGetPropertyNamesCallback getPropertyNames;
+    JSObjectCallAsFunctionCallback callAsFunction;
+    JSObjectCallAsConstructorCallback callAsConstructor;
+    JSObjectHasInstanceCallback hasInstance;
+    JSObjectConvertToTypeCallback convertToType;
+
+private:
+    friend struct OpaqueJSClassContextData;
+
+    OpaqueJSClass();
+    OpaqueJSClass(const OpaqueJSClass&);
+    OpaqueJSClass(const JSClassDefinition*, OpaqueJSClass* protoClass);
+
+    OpaqueJSClassContextData& contextData(JSC::ExecState*);
+
+    // UStrings in these data members should not be put into any IdentifierTable.
+    JSC::UString m_className;
+    OpaqueJSClassStaticValuesTable* m_staticValues;
+    OpaqueJSClassStaticFunctionsTable* m_staticFunctions;
+};
+
+#endif // JSClassRef_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.cpp
new file mode 100644
index 000000000..c358a8426
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.cpp
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSContextRef.h"
+
+#include "APICast.h"
+#include "InitializeThreading.h"
+#include "JSCallbackObject.h"
+#include "JSClassRef.h"
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include <wtf/Platform.h>
+
+#if PLATFORM(DARWIN)
+#include <mach-o/dyld.h>
+
+static const int32_t webkitFirstVersionWithConcurrentGlobalContexts = 0x2100500; // 528.5.0
+#endif
+
+using namespace JSC;
+
+JSContextGroupRef JSContextGroupCreate()
+{
+    initializeThreading();
+    return toRef(JSGlobalData::create().releaseRef());
+}
+
+JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group)
+{
+    toJS(group)->ref();
+    return group;
+}
+
+void JSContextGroupRelease(JSContextGroupRef group)
+{
+    toJS(group)->deref();
+}
+
+JSGlobalContextRef JSGlobalContextCreate(JSClassRef globalObjectClass)
+{
+    initializeThreading();
+#if PLATFORM(DARWIN)
+    // When running on Tiger or Leopard, or if the application was linked before JSGlobalContextCreate was changed
+    // to use a unique JSGlobalData, we use a shared one for compatibility.
+#if !defined(BUILDING_ON_TIGER) && !defined(BUILDING_ON_LEOPARD)
+    if (NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitFirstVersionWithConcurrentGlobalContexts) {
+#else
+    {
+#endif
+        JSLock lock(LockForReal);
+        return JSGlobalContextCreateInGroup(toRef(&JSGlobalData::sharedInstance()), globalObjectClass);
+    }
+#endif // PLATFORM(DARWIN)
+
+    return JSGlobalContextCreateInGroup(0, globalObjectClass);
+}
+
+JSGlobalContextRef JSGlobalContextCreateInGroup(JSContextGroupRef group, JSClassRef globalObjectClass)
+{
+    initializeThreading();
+
+    JSLock lock(LockForReal);
+
+    RefPtr<JSGlobalData> globalData = group ? PassRefPtr<JSGlobalData>(toJS(group)) : JSGlobalData::create();
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    globalData->makeUsableFromMultipleThreads();
+#endif
+
+    if (!globalObjectClass) {
+        JSGlobalObject* globalObject = new (globalData.get()) JSGlobalObject;
+        return JSGlobalContextRetain(toGlobalRef(globalObject->globalExec()));
+    }
+
+    JSGlobalObject* globalObject = new (globalData.get()) JSCallbackObject<JSGlobalObject>(globalObjectClass);
+    ExecState* exec = globalObject->globalExec();
+    JSValue prototype = globalObjectClass->prototype(exec);
+    if (!prototype)
+        prototype = jsNull();
+    globalObject->resetPrototype(prototype);
+    return JSGlobalContextRetain(toGlobalRef(exec));
+}
+
+JSGlobalContextRef JSGlobalContextRetain(JSGlobalContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    JSLock lock(exec);
+
+    JSGlobalData& globalData = exec->globalData();
+
+    globalData.heap.registerThread();
+
+    gcProtect(exec->dynamicGlobalObject());
+    globalData.ref();
+    return ctx;
+}
+
+void JSGlobalContextRelease(JSGlobalContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    JSLock lock(exec);
+
+    gcUnprotect(exec->dynamicGlobalObject());
+
+    JSGlobalData& globalData = exec->globalData();
+    if (globalData.refCount() == 2) { // One reference is held by JSGlobalObject, another added by JSGlobalContextRetain().
+        // The last reference was released, this is our last chance to collect.
+        ASSERT(!globalData.heap.protectedObjectCount());
+        ASSERT(!globalData.heap.isBusy());
+        globalData.heap.destroy();
+    } else
+        globalData.heap.collect();
+
+    globalData.deref();
+}
+
+JSObjectRef JSContextGetGlobalObject(JSContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    // It is necessary to call toThisObject to get the wrapper object when used with WebCore.
+    return toRef(exec->lexicalGlobalObject()->toThisObject(exec));
+}
+
+JSContextGroupRef JSContextGetGroup(JSContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    return toRef(&exec->globalData());
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.h
new file mode 100644
index 000000000..c5c8a71e6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSContextRef.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSContextRef_h
+#define JSContextRef_h
+
+#include <JavaScriptCore/JSObjectRef.h>
+#include <JavaScriptCore/JSValueRef.h>
+#include <JavaScriptCore/WebKitAvailability.h>
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+@function
+@abstract Creates a JavaScript context group.
+@discussion A JSContextGroup associates JavaScript contexts with one another.
+ Contexts in the same group may share and exchange JavaScript objects. Sharing and/or exchanging
+ JavaScript objects between contexts in different groups will produce undefined behavior.
+ When objects from the same context group are used in multiple threads, explicit
+ synchronization is required.
+@result The created JSContextGroup.
+*/
+JS_EXPORT JSContextGroupRef JSContextGroupCreate() AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+@function
+@abstract Retains a JavaScript context group.
+@param group The JSContextGroup to retain.
+@result A JSContextGroup that is the same as group.
+*/
+JS_EXPORT JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+@function
+@abstract Releases a JavaScript context group.
+@param group The JSContextGroup to release.
+*/
+JS_EXPORT void JSContextGroupRelease(JSContextGroupRef group) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+@function
+@abstract Creates a global JavaScript execution context.
+@discussion JSGlobalContextCreate allocates a global object and populates it with all the
+ built-in JavaScript objects, such as Object, Function, String, and Array.
+
+ In WebKit version 4.0 and later, the context is created in a unique context group.
+ Therefore, scripts may execute in it concurrently with scripts executing in other contexts.
+ However, you may not use values created in the context in other contexts.
+@param globalObjectClass The class to use when creating the global object. Pass 
+ NULL to use the default object class.
+@result A JSGlobalContext with a global object of class globalObjectClass.
+*/
+JS_EXPORT JSGlobalContextRef JSGlobalContextCreate(JSClassRef globalObjectClass) AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER;
+
+/*!
+@function
+@abstract Creates a global JavaScript execution context in the context group provided.
+@discussion JSGlobalContextCreateInGroup allocates a global object and populates it with
+ all the built-in JavaScript objects, such as Object, Function, String, and Array.
+@param globalObjectClass The class to use when creating the global object. Pass
+ NULL to use the default object class.
+@param group The context group to use. The created global context retains the group.
+ Pass NULL to create a unique group for the context.
+@result A JSGlobalContext with a global object of class globalObjectClass and a context
+ group equal to group.
+*/
+JS_EXPORT JSGlobalContextRef JSGlobalContextCreateInGroup(JSContextGroupRef group, JSClassRef globalObjectClass) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+@function
+@abstract Retains a global JavaScript execution context.
+@param ctx The JSGlobalContext to retain.
+@result A JSGlobalContext that is the same as ctx.
+*/
+JS_EXPORT JSGlobalContextRef JSGlobalContextRetain(JSGlobalContextRef ctx);
+
+/*!
+@function
+@abstract Releases a global JavaScript execution context.
+@param ctx The JSGlobalContext to release.
+*/
+JS_EXPORT void JSGlobalContextRelease(JSGlobalContextRef ctx);
+
+/*!
+@function
+@abstract Gets the global object of a JavaScript execution context.
+@param ctx The JSContext whose global object you want to get.
+@result ctx's global object.
+*/
+JS_EXPORT JSObjectRef JSContextGetGlobalObject(JSContextRef ctx);
+
+/*!
+@function
+@abstract Gets the context group to which a JavaScript execution context belongs.
+@param ctx The JSContext whose group you want to get.
+@result ctx's group.
+*/
+JS_EXPORT JSContextGroupRef JSContextGetGroup(JSContextRef ctx) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSContextRef_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.cpp
new file mode 100644
index 000000000..06ef578a8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.cpp
@@ -0,0 +1,518 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Kelvin W Sherlock (ksherlock@gmail.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSObjectRef.h"
+
+#include "APICast.h"
+#include "CodeBlock.h"
+#include "DateConstructor.h"
+#include "ErrorConstructor.h"
+#include "FunctionConstructor.h"
+#include "Identifier.h"
+#include "InitializeThreading.h"
+#include "JSArray.h"
+#include "JSCallbackConstructor.h"
+#include "JSCallbackFunction.h"
+#include "JSCallbackObject.h"
+#include "JSClassRef.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include "JSRetainPtr.h"
+#include "JSString.h"
+#include "JSValueRef.h"
+#include "ObjectPrototype.h"
+#include "PropertyNameArray.h"
+#include "RegExpConstructor.h"
+#include <wtf/Platform.h>
+
+using namespace JSC;
+
+JSClassRef JSClassCreate(const JSClassDefinition* definition)
+{
+    initializeThreading();
+    RefPtr<OpaqueJSClass> jsClass = (definition->attributes & kJSClassAttributeNoAutomaticPrototype)
+        ? OpaqueJSClass::createNoAutomaticPrototype(definition)
+        : OpaqueJSClass::create(definition);
+    
+    return jsClass.release().releaseRef();
+}
+
+JSClassRef JSClassRetain(JSClassRef jsClass)
+{
+    jsClass->ref();
+    return jsClass;
+}
+
+void JSClassRelease(JSClassRef jsClass)
+{
+    jsClass->deref();
+}
+
+JSObjectRef JSObjectMake(JSContextRef ctx, JSClassRef jsClass, void* data)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    if (!jsClass)
+        return toRef(new (exec) JSObject(exec->lexicalGlobalObject()->emptyObjectStructure())); // slightly more efficient
+
+    JSCallbackObject<JSObject>* object = new (exec) JSCallbackObject<JSObject>(exec, exec->lexicalGlobalObject()->callbackObjectStructure(), jsClass, data);
+    if (JSObject* prototype = jsClass->prototype(exec))
+        object->setPrototype(prototype);
+
+    return toRef(object);
+}
+
+JSObjectRef JSObjectMakeFunctionWithCallback(JSContextRef ctx, JSStringRef name, JSObjectCallAsFunctionCallback callAsFunction)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    Identifier nameID = name ? name->identifier(&exec->globalData()) : Identifier(exec, "anonymous");
+    
+    return toRef(new (exec) JSCallbackFunction(exec, callAsFunction, nameID));
+}
+
+JSObjectRef JSObjectMakeConstructor(JSContextRef ctx, JSClassRef jsClass, JSObjectCallAsConstructorCallback callAsConstructor)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsPrototype = jsClass ? jsClass->prototype(exec) : 0;
+    if (!jsPrototype)
+        jsPrototype = exec->lexicalGlobalObject()->objectPrototype();
+
+    JSCallbackConstructor* constructor = new (exec) JSCallbackConstructor(exec->lexicalGlobalObject()->callbackConstructorStructure(), jsClass, callAsConstructor);
+    constructor->putDirect(exec->propertyNames().prototype, jsPrototype, DontEnum | DontDelete | ReadOnly);
+    return toRef(constructor);
+}
+
+JSObjectRef JSObjectMakeFunction(JSContextRef ctx, JSStringRef name, unsigned parameterCount, const JSStringRef parameterNames[], JSStringRef body, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    Identifier nameID = name ? name->identifier(&exec->globalData()) : Identifier(exec, "anonymous");
+    
+    MarkedArgumentBuffer args;
+    for (unsigned i = 0; i < parameterCount; i++)
+        args.append(jsString(exec, parameterNames[i]->ustring()));
+    args.append(jsString(exec, body->ustring()));
+
+    JSObject* result = constructFunction(exec, args, nameID, sourceURL->ustring(), startingLineNumber);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+    return toRef(result);
+}
+
+JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[],  JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* result;
+    if (argumentCount) {
+        MarkedArgumentBuffer argList;
+        for (size_t i = 0; i < argumentCount; ++i)
+            argList.append(toJS(exec, arguments[i]));
+
+        result = constructArray(exec, argList);
+    } else
+        result = constructEmptyArray(exec);
+
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+
+    return toRef(result);
+}
+
+JSObjectRef JSObjectMakeDate(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[],  JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    MarkedArgumentBuffer argList;
+    for (size_t i = 0; i < argumentCount; ++i)
+        argList.append(toJS(exec, arguments[i]));
+
+    JSObject* result = constructDate(exec, argList);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+
+    return toRef(result);
+}
+
+JSObjectRef JSObjectMakeError(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[],  JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    MarkedArgumentBuffer argList;
+    for (size_t i = 0; i < argumentCount; ++i)
+        argList.append(toJS(exec, arguments[i]));
+
+    JSObject* result = constructError(exec, argList);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+
+    return toRef(result);
+}
+
+JSObjectRef JSObjectMakeRegExp(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[],  JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    MarkedArgumentBuffer argList;
+    for (size_t i = 0; i < argumentCount; ++i)
+        argList.append(toJS(exec, arguments[i]));
+
+    JSObject* result = constructRegExp(exec, argList);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+    
+    return toRef(result);
+}
+
+JSValueRef JSObjectGetPrototype(JSContextRef ctx, JSObjectRef object)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    return toRef(exec, jsObject->prototype());
+}
+
+void JSObjectSetPrototype(JSContextRef ctx, JSObjectRef object, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    JSValue jsValue = toJS(exec, value);
+
+    jsObject->setPrototype(jsValue.isObject() ? jsValue : jsNull());
+}
+
+bool JSObjectHasProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    
+    return jsObject->hasProperty(exec, propertyName->identifier(&exec->globalData()));
+}
+
+JSValueRef JSObjectGetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+
+    JSValue jsValue = jsObject->get(exec, propertyName->identifier(&exec->globalData()));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+    return toRef(exec, jsValue);
+}
+
+void JSObjectSetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value, JSPropertyAttributes attributes, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    Identifier name(propertyName->identifier(&exec->globalData()));
+    JSValue jsValue = toJS(exec, value);
+
+    if (attributes && !jsObject->hasProperty(exec, name))
+        jsObject->putWithAttributes(exec, name, jsValue, attributes);
+    else {
+        PutPropertySlot slot;
+        jsObject->put(exec, name, jsValue, slot);
+    }
+
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+}
+
+JSValueRef JSObjectGetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+
+    JSValue jsValue = jsObject->get(exec, propertyIndex);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+    return toRef(exec, jsValue);
+}
+
+
+void JSObjectSetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef value, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    JSValue jsValue = toJS(exec, value);
+    
+    jsObject->put(exec, propertyIndex, jsValue);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+}
+
+bool JSObjectDeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+
+    bool result = jsObject->deleteProperty(exec, propertyName->identifier(&exec->globalData()));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+    return result;
+}
+
+void* JSObjectGetPrivate(JSObjectRef object)
+{
+    JSObject* jsObject = toJS(object);
+    
+    if (jsObject->inherits(&JSCallbackObject<JSGlobalObject>::info))
+        return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
+    else if (jsObject->inherits(&JSCallbackObject<JSObject>::info))
+        return static_cast<JSCallbackObject<JSObject>*>(jsObject)->getPrivate();
+    
+    return 0;
+}
+
+bool JSObjectSetPrivate(JSObjectRef object, void* data)
+{
+    JSObject* jsObject = toJS(object);
+    
+    if (jsObject->inherits(&JSCallbackObject<JSGlobalObject>::info)) {
+        static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
+        return true;
+    } else if (jsObject->inherits(&JSCallbackObject<JSObject>::info)) {
+        static_cast<JSCallbackObject<JSObject>*>(jsObject)->setPrivate(data);
+        return true;
+    }
+        
+    return false;
+}
+
+bool JSObjectIsFunction(JSContextRef, JSObjectRef object)
+{
+    CallData callData;
+    return toJS(object)->getCallData(callData) != CallTypeNone;
+}
+
+JSValueRef JSObjectCallAsFunction(JSContextRef ctx, JSObjectRef object, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+    JSObject* jsThisObject = toJS(thisObject);
+
+    if (!jsThisObject)
+        jsThisObject = exec->globalThisValue();
+
+    MarkedArgumentBuffer argList;
+    for (size_t i = 0; i < argumentCount; i++)
+        argList.append(toJS(exec, arguments[i]));
+
+    CallData callData;
+    CallType callType = jsObject->getCallData(callData);
+    if (callType == CallTypeNone)
+        return 0;
+
+    JSValueRef result = toRef(exec, call(exec, jsObject, callType, callData, jsThisObject, argList));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+    return result;
+}
+
+bool JSObjectIsConstructor(JSContextRef, JSObjectRef object)
+{
+    JSObject* jsObject = toJS(object);
+    ConstructData constructData;
+    return jsObject->getConstructData(constructData) != ConstructTypeNone;
+}
+
+JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSObject* jsObject = toJS(object);
+
+    ConstructData constructData;
+    ConstructType constructType = jsObject->getConstructData(constructData);
+    if (constructType == ConstructTypeNone)
+        return 0;
+
+    MarkedArgumentBuffer argList;
+    for (size_t i = 0; i < argumentCount; i++)
+        argList.append(toJS(exec, arguments[i]));
+    JSObjectRef result = toRef(construct(exec, jsObject, constructType, constructData, argList));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        result = 0;
+    }
+    return result;
+}
+
+struct OpaqueJSPropertyNameArray : FastAllocBase {
+    OpaqueJSPropertyNameArray(JSGlobalData* globalData)
+        : refCount(0)
+        , globalData(globalData)
+    {
+    }
+    
+    unsigned refCount;
+    JSGlobalData* globalData;
+    Vector<JSRetainPtr<JSStringRef> > array;
+};
+
+JSPropertyNameArrayRef JSObjectCopyPropertyNames(JSContextRef ctx, JSObjectRef object)
+{
+    JSObject* jsObject = toJS(object);
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSGlobalData* globalData = &exec->globalData();
+
+    JSPropertyNameArrayRef propertyNames = new OpaqueJSPropertyNameArray(globalData);
+    PropertyNameArray array(globalData);
+    jsObject->getPropertyNames(exec, array);
+
+    size_t size = array.size();
+    propertyNames->array.reserveInitialCapacity(size);
+    for (size_t i = 0; i < size; ++i)
+        propertyNames->array.append(JSRetainPtr<JSStringRef>(Adopt, OpaqueJSString::create(array[i].ustring()).releaseRef()));
+    
+    return JSPropertyNameArrayRetain(propertyNames);
+}
+
+JSPropertyNameArrayRef JSPropertyNameArrayRetain(JSPropertyNameArrayRef array)
+{
+    ++array->refCount;
+    return array;
+}
+
+void JSPropertyNameArrayRelease(JSPropertyNameArrayRef array)
+{
+    if (--array->refCount == 0) {
+        JSLock lock(array->globalData->isSharedInstance ? LockForReal : SilenceAssertionsOnly);
+        delete array;
+    }
+}
+
+size_t JSPropertyNameArrayGetCount(JSPropertyNameArrayRef array)
+{
+    return array->array.size();
+}
+
+JSStringRef JSPropertyNameArrayGetNameAtIndex(JSPropertyNameArrayRef array, size_t index)
+{
+    return array->array[static_cast<unsigned>(index)].get();
+}
+
+void JSPropertyNameAccumulatorAddName(JSPropertyNameAccumulatorRef array, JSStringRef propertyName)
+{
+    PropertyNameArray* propertyNames = toJS(array);
+
+    propertyNames->globalData()->heap.registerThread();
+    JSLock lock(propertyNames->globalData()->isSharedInstance ? LockForReal : SilenceAssertionsOnly);
+
+    propertyNames->add(propertyName->identifier(propertyNames->globalData()));
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.h
new file mode 100644
index 000000000..3e8b0eb62
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSObjectRef.h
@@ -0,0 +1,694 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Kelvin W Sherlock (ksherlock@gmail.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSObjectRef_h
+#define JSObjectRef_h
+
+#include <JavaScriptCore/JSBase.h>
+#include <JavaScriptCore/JSValueRef.h>
+#include <JavaScriptCore/WebKitAvailability.h>
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+#include <stddef.h> /* for size_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+@enum JSPropertyAttribute
+@constant kJSPropertyAttributeNone         Specifies that a property has no special attributes.
+@constant kJSPropertyAttributeReadOnly     Specifies that a property is read-only.
+@constant kJSPropertyAttributeDontEnum     Specifies that a property should not be enumerated by JSPropertyEnumerators and JavaScript for...in loops.
+@constant kJSPropertyAttributeDontDelete   Specifies that the delete operation should fail on a property.
+*/
+enum { 
+    kJSPropertyAttributeNone         = 0,
+    kJSPropertyAttributeReadOnly     = 1 << 1,
+    kJSPropertyAttributeDontEnum     = 1 << 2,
+    kJSPropertyAttributeDontDelete   = 1 << 3
+};
+
+/*! 
+@typedef JSPropertyAttributes
+@abstract A set of JSPropertyAttributes. Combine multiple attributes by logically ORing them together.
+*/
+typedef unsigned JSPropertyAttributes;
+
+/*!
+@enum JSClassAttribute
+@constant kJSClassAttributeNone Specifies that a class has no special attributes.
+@constant kJSClassAttributeNoAutomaticPrototype Specifies that a class should not automatically generate a shared prototype for its instance objects. Use kJSClassAttributeNoAutomaticPrototype in combination with JSObjectSetPrototype to manage prototypes manually.
+*/
+enum { 
+    kJSClassAttributeNone = 0,
+    kJSClassAttributeNoAutomaticPrototype = 1 << 1
+};
+
+/*! 
+@typedef JSClassAttributes
+@abstract A set of JSClassAttributes. Combine multiple attributes by logically ORing them together.
+*/
+typedef unsigned JSClassAttributes;
+
+/*! 
+@typedef JSObjectInitializeCallback
+@abstract The callback invoked when an object is first created.
+@param ctx The execution context to use.
+@param object The JSObject being created.
+@discussion If you named your function Initialize, you would declare it like this:
+
+void Initialize(JSContextRef ctx, JSObjectRef object);
+
+Unlike the other object callbacks, the initialize callback is called on the least
+derived class (the parent class) first, and the most derived class last.
+*/
+typedef void
+(*JSObjectInitializeCallback) (JSContextRef ctx, JSObjectRef object);
+
+/*! 
+@typedef JSObjectFinalizeCallback
+@abstract The callback invoked when an object is finalized (prepared for garbage collection). An object may be finalized on any thread.
+@param object The JSObject being finalized.
+@discussion If you named your function Finalize, you would declare it like this:
+
+void Finalize(JSObjectRef object);
+
+The finalize callback is called on the most derived class first, and the least 
+derived class (the parent class) last.
+
+You must not call any function that may cause a garbage collection or an allocation
+of a garbage collected object from within a JSObjectFinalizeCallback. This includes
+all functions that have a JSContextRef parameter.
+*/
+typedef void            
+(*JSObjectFinalizeCallback) (JSObjectRef object);
+
+/*! 
+@typedef JSObjectHasPropertyCallback
+@abstract The callback invoked when determining whether an object has a property.
+@param ctx The execution context to use.
+@param object The JSObject to search for the property.
+@param propertyName A JSString containing the name of the property look up.
+@result true if object has the property, otherwise false.
+@discussion If you named your function HasProperty, you would declare it like this:
+
+bool HasProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName);
+
+If this function returns false, the hasProperty request forwards to object's statically declared properties, then its parent class chain (which includes the default object class), then its prototype chain.
+
+This callback enables optimization in cases where only a property's existence needs to be known, not its value, and computing its value would be expensive.
+
+If this callback is NULL, the getProperty callback will be used to service hasProperty requests.
+*/
+typedef bool
+(*JSObjectHasPropertyCallback) (JSContextRef ctx, JSObjectRef object, JSStringRef propertyName);
+
+/*! 
+@typedef JSObjectGetPropertyCallback
+@abstract The callback invoked when getting a property's value.
+@param ctx The execution context to use.
+@param object The JSObject to search for the property.
+@param propertyName A JSString containing the name of the property to get.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result The property's value if object has the property, otherwise NULL.
+@discussion If you named your function GetProperty, you would declare it like this:
+
+JSValueRef GetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+If this function returns NULL, the get request forwards to object's statically declared properties, then its parent class chain (which includes the default object class), then its prototype chain.
+*/
+typedef JSValueRef
+(*JSObjectGetPropertyCallback) (JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+/*! 
+@typedef JSObjectSetPropertyCallback
+@abstract The callback invoked when setting a property's value.
+@param ctx The execution context to use.
+@param object The JSObject on which to set the property's value.
+@param propertyName A JSString containing the name of the property to set.
+@param value A JSValue to use as the property's value.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result true if the property was set, otherwise false.
+@discussion If you named your function SetProperty, you would declare it like this:
+
+bool SetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value, JSValueRef* exception);
+
+If this function returns false, the set request forwards to object's statically declared properties, then its parent class chain (which includes the default object class).
+*/
+typedef bool
+(*JSObjectSetPropertyCallback) (JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value, JSValueRef* exception);
+
+/*! 
+@typedef JSObjectDeletePropertyCallback
+@abstract The callback invoked when deleting a property.
+@param ctx The execution context to use.
+@param object The JSObject in which to delete the property.
+@param propertyName A JSString containing the name of the property to delete.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result true if propertyName was successfully deleted, otherwise false.
+@discussion If you named your function DeleteProperty, you would declare it like this:
+
+bool DeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+If this function returns false, the delete request forwards to object's statically declared properties, then its parent class chain (which includes the default object class).
+*/
+typedef bool
+(*JSObjectDeletePropertyCallback) (JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+/*! 
+@typedef JSObjectGetPropertyNamesCallback
+@abstract The callback invoked when collecting the names of an object's properties.
+@param ctx The execution context to use.
+@param object The JSObject whose property names are being collected.
+@param accumulator A JavaScript property name accumulator in which to accumulate the names of object's properties.
+@discussion If you named your function GetPropertyNames, you would declare it like this:
+
+void GetPropertyNames(JSContextRef ctx, JSObjectRef object, JSPropertyNameAccumulatorRef propertyNames);
+
+Property name accumulators are used by JSObjectCopyPropertyNames and JavaScript for...in loops. 
+
+Use JSPropertyNameAccumulatorAddName to add property names to accumulator. A class's getPropertyNames callback only needs to provide the names of properties that the class vends through a custom getProperty or setProperty callback. Other properties, including statically declared properties, properties vended by other classes, and properties belonging to object's prototype, are added independently.
+*/
+typedef void
+(*JSObjectGetPropertyNamesCallback) (JSContextRef ctx, JSObjectRef object, JSPropertyNameAccumulatorRef propertyNames);
+
+/*! 
+@typedef JSObjectCallAsFunctionCallback
+@abstract The callback invoked when an object is called as a function.
+@param ctx The execution context to use.
+@param function A JSObject that is the function being called.
+@param thisObject A JSObject that is the 'this' variable in the function's scope.
+@param argumentCount An integer count of the number of arguments in arguments.
+@param arguments A JSValue array of the  arguments passed to the function.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result A JSValue that is the function's return value.
+@discussion If you named your function CallAsFunction, you would declare it like this:
+
+JSValueRef CallAsFunction(JSContextRef ctx, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+If your callback were invoked by the JavaScript expression 'myObject.myFunction()', function would be set to myFunction, and thisObject would be set to myObject.
+
+If this callback is NULL, calling your object as a function will throw an exception.
+*/
+typedef JSValueRef 
+(*JSObjectCallAsFunctionCallback) (JSContextRef ctx, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+/*! 
+@typedef JSObjectCallAsConstructorCallback
+@abstract The callback invoked when an object is used as a constructor in a 'new' expression.
+@param ctx The execution context to use.
+@param constructor A JSObject that is the constructor being called.
+@param argumentCount An integer count of the number of arguments in arguments.
+@param arguments A JSValue array of the  arguments passed to the function.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result A JSObject that is the constructor's return value.
+@discussion If you named your function CallAsConstructor, you would declare it like this:
+
+JSObjectRef CallAsConstructor(JSContextRef ctx, JSObjectRef constructor, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+If your callback were invoked by the JavaScript expression 'new myConstructor()', constructor would be set to myConstructor.
+
+If this callback is NULL, using your object as a constructor in a 'new' expression will throw an exception.
+*/
+typedef JSObjectRef 
+(*JSObjectCallAsConstructorCallback) (JSContextRef ctx, JSObjectRef constructor, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+/*! 
+@typedef JSObjectHasInstanceCallback
+@abstract hasInstance The callback invoked when an object is used as the target of an 'instanceof' expression.
+@param ctx The execution context to use.
+@param constructor The JSObject that is the target of the 'instanceof' expression.
+@param possibleInstance The JSValue being tested to determine if it is an instance of constructor.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result true if possibleInstance is an instance of constructor, otherwise false.
+@discussion If you named your function HasInstance, you would declare it like this:
+
+bool HasInstance(JSContextRef ctx, JSObjectRef constructor, JSValueRef possibleInstance, JSValueRef* exception);
+
+If your callback were invoked by the JavaScript expression 'someValue instanceof myObject', constructor would be set to myObject and possibleInstance would be set to someValue.
+
+If this callback is NULL, 'instanceof' expressions that target your object will return false.
+
+Standard JavaScript practice calls for objects that implement the callAsConstructor callback to implement the hasInstance callback as well.
+*/
+typedef bool 
+(*JSObjectHasInstanceCallback)  (JSContextRef ctx, JSObjectRef constructor, JSValueRef possibleInstance, JSValueRef* exception);
+
+/*! 
+@typedef JSObjectConvertToTypeCallback
+@abstract The callback invoked when converting an object to a particular JavaScript type.
+@param ctx The execution context to use.
+@param object The JSObject to convert.
+@param type A JSType specifying the JavaScript type to convert to.
+@param exception A pointer to a JSValueRef in which to return an exception, if any.
+@result The objects's converted value, or NULL if the object was not converted.
+@discussion If you named your function ConvertToType, you would declare it like this:
+
+JSValueRef ConvertToType(JSContextRef ctx, JSObjectRef object, JSType type, JSValueRef* exception);
+
+If this function returns false, the conversion request forwards to object's parent class chain (which includes the default object class).
+
+This function is only invoked when converting an object to number or string. An object converted to boolean is 'true.' An object converted to object is itself.
+*/
+typedef JSValueRef
+(*JSObjectConvertToTypeCallback) (JSContextRef ctx, JSObjectRef object, JSType type, JSValueRef* exception);
+
+/*! 
+@struct JSStaticValue
+@abstract This structure describes a statically declared value property.
+@field name A null-terminated UTF8 string containing the property's name.
+@field getProperty A JSObjectGetPropertyCallback to invoke when getting the property's value.
+@field setProperty A JSObjectSetPropertyCallback to invoke when setting the property's value. May be NULL if the ReadOnly attribute is set.
+@field attributes A logically ORed set of JSPropertyAttributes to give to the property.
+*/
+typedef struct {
+    const char* const name;
+    JSObjectGetPropertyCallback getProperty;
+    JSObjectSetPropertyCallback setProperty;
+    JSPropertyAttributes attributes;
+} JSStaticValue;
+
+/*! 
+@struct JSStaticFunction
+@abstract This structure describes a statically declared function property.
+@field name A null-terminated UTF8 string containing the property's name.
+@field callAsFunction A JSObjectCallAsFunctionCallback to invoke when the property is called as a function.
+@field attributes A logically ORed set of JSPropertyAttributes to give to the property.
+*/
+typedef struct {
+    const char* const name;
+    JSObjectCallAsFunctionCallback callAsFunction;
+    JSPropertyAttributes attributes;
+} JSStaticFunction;
+
+/*!
+@struct JSClassDefinition
+@abstract This structure contains properties and callbacks that define a type of object. All fields other than the version field are optional. Any pointer may be NULL.
+@field version The version number of this structure. The current version is 0.
+@field attributes A logically ORed set of JSClassAttributes to give to the class.
+@field className A null-terminated UTF8 string containing the class's name.
+@field parentClass A JSClass to set as the class's parent class. Pass NULL use the default object class.
+@field staticValues A JSStaticValue array containing the class's statically declared value properties. Pass NULL to specify no statically declared value properties. The array must be terminated by a JSStaticValue whose name field is NULL.
+@field staticFunctions A JSStaticFunction array containing the class's statically declared function properties. Pass NULL to specify no statically declared function properties. The array must be terminated by a JSStaticFunction whose name field is NULL.
+@field initialize The callback invoked when an object is first created. Use this callback to initialize the object.
+@field finalize The callback invoked when an object is finalized (prepared for garbage collection). Use this callback to release resources allocated for the object, and perform other cleanup.
+@field hasProperty The callback invoked when determining whether an object has a property. If this field is NULL, getProperty is called instead. The hasProperty callback enables optimization in cases where only a property's existence needs to be known, not its value, and computing its value is expensive. 
+@field getProperty The callback invoked when getting a property's value.
+@field setProperty The callback invoked when setting a property's value.
+@field deleteProperty The callback invoked when deleting a property.
+@field getPropertyNames The callback invoked when collecting the names of an object's properties.
+@field callAsFunction The callback invoked when an object is called as a function.
+@field hasInstance The callback invoked when an object is used as the target of an 'instanceof' expression.
+@field callAsConstructor The callback invoked when an object is used as a constructor in a 'new' expression.
+@field convertToType The callback invoked when converting an object to a particular JavaScript type.
+@discussion The staticValues and staticFunctions arrays are the simplest and most efficient means for vending custom properties. Statically declared properties autmatically service requests like getProperty, setProperty, and getPropertyNames. Property access callbacks are required only to implement unusual properties, like array indexes, whose names are not known at compile-time.
+
+If you named your getter function "GetX" and your setter function "SetX", you would declare a JSStaticValue array containing "X" like this:
+
+JSStaticValue StaticValueArray[] = {
+    { "X", GetX, SetX, kJSPropertyAttributeNone },
+    { 0, 0, 0, 0 }
+};
+
+Standard JavaScript practice calls for storing function objects in prototypes, so they can be shared. The default JSClass created by JSClassCreate follows this idiom, instantiating objects with a shared, automatically generating prototype containing the class's function objects. The kJSClassAttributeNoAutomaticPrototype attribute specifies that a JSClass should not automatically generate such a prototype. The resulting JSClass instantiates objects with the default object prototype, and gives each instance object its own copy of the class's function objects.
+
+A NULL callback specifies that the default object callback should substitute, except in the case of hasProperty, where it specifies that getProperty should substitute.
+*/
+typedef struct {
+    int                                 version; /* current (and only) version is 0 */
+    JSClassAttributes                   attributes;
+
+    const char*                         className;
+    JSClassRef                          parentClass;
+        
+    const JSStaticValue*                staticValues;
+    const JSStaticFunction*             staticFunctions;
+    
+    JSObjectInitializeCallback          initialize;
+    JSObjectFinalizeCallback            finalize;
+    JSObjectHasPropertyCallback         hasProperty;
+    JSObjectGetPropertyCallback         getProperty;
+    JSObjectSetPropertyCallback         setProperty;
+    JSObjectDeletePropertyCallback      deleteProperty;
+    JSObjectGetPropertyNamesCallback    getPropertyNames;
+    JSObjectCallAsFunctionCallback      callAsFunction;
+    JSObjectCallAsConstructorCallback   callAsConstructor;
+    JSObjectHasInstanceCallback         hasInstance;
+    JSObjectConvertToTypeCallback       convertToType;
+} JSClassDefinition;
+
+/*! 
+@const kJSClassDefinitionEmpty 
+@abstract A JSClassDefinition structure of the current version, filled with NULL pointers and having no attributes.
+@discussion Use this constant as a convenience when creating class definitions. For example, to create a class definition with only a finalize method:
+
+JSClassDefinition definition = kJSClassDefinitionEmpty;
+definition.finalize = Finalize;
+*/
+JS_EXPORT extern const JSClassDefinition kJSClassDefinitionEmpty;
+
+/*!
+@function
+@abstract Creates a JavaScript class suitable for use with JSObjectMake.
+@param definition A JSClassDefinition that defines the class.
+@result A JSClass with the given definition. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSClassRef JSClassCreate(const JSClassDefinition* definition);
+
+/*!
+@function
+@abstract Retains a JavaScript class.
+@param jsClass The JSClass to retain.
+@result A JSClass that is the same as jsClass.
+*/
+JS_EXPORT JSClassRef JSClassRetain(JSClassRef jsClass);
+
+/*!
+@function
+@abstract Releases a JavaScript class.
+@param jsClass The JSClass to release.
+*/
+JS_EXPORT void JSClassRelease(JSClassRef jsClass);
+
+/*!
+@function
+@abstract Creates a JavaScript object.
+@param ctx The execution context to use.
+@param jsClass The JSClass to assign to the object. Pass NULL to use the default object class.
+@param data A void* to set as the object's private data. Pass NULL to specify no private data.
+@result A JSObject with the given class and private data.
+@discussion The default object class does not allocate storage for private data, so you must provide a non-NULL jsClass to JSObjectMake if you want your object to be able to store private data.
+
+data is set on the created object before the intialize methods in its class chain are called. This enables the initialize methods to retrieve and manipulate data through JSObjectGetPrivate.
+*/
+JS_EXPORT JSObjectRef JSObjectMake(JSContextRef ctx, JSClassRef jsClass, void* data);
+
+/*!
+@function
+@abstract Convenience method for creating a JavaScript function with a given callback as its implementation.
+@param ctx The execution context to use.
+@param name A JSString containing the function's name. This will be used when converting the function to string. Pass NULL to create an anonymous function.
+@param callAsFunction The JSObjectCallAsFunctionCallback to invoke when the function is called.
+@result A JSObject that is a function. The object's prototype will be the default function prototype.
+*/
+JS_EXPORT JSObjectRef JSObjectMakeFunctionWithCallback(JSContextRef ctx, JSStringRef name, JSObjectCallAsFunctionCallback callAsFunction);
+
+/*!
+@function
+@abstract Convenience method for creating a JavaScript constructor.
+@param ctx The execution context to use.
+@param jsClass A JSClass that is the class your constructor will assign to the objects its constructs. jsClass will be used to set the constructor's .prototype property, and to evaluate 'instanceof' expressions. Pass NULL to use the default object class.
+@param callAsConstructor A JSObjectCallAsConstructorCallback to invoke when your constructor is used in a 'new' expression. Pass NULL to use the default object constructor.
+@result A JSObject that is a constructor. The object's prototype will be the default object prototype.
+@discussion The default object constructor takes no arguments and constructs an object of class jsClass with no private data.
+*/
+JS_EXPORT JSObjectRef JSObjectMakeConstructor(JSContextRef ctx, JSClassRef jsClass, JSObjectCallAsConstructorCallback callAsConstructor);
+
+/*!
+ @function
+ @abstract Creates a JavaScript Array object.
+ @param ctx The execution context to use.
+ @param argumentCount An integer count of the number of arguments in arguments.
+ @param arguments A JSValue array of data to populate the Array with. Pass NULL if argumentCount is 0.
+ @param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+ @result A JSObject that is an Array.
+ @discussion The behavior of this function does not exactly match the behavior of the built-in Array constructor. Specifically, if one argument 
+ is supplied, this function returns an array with one element.
+ */
+JS_EXPORT JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+ @function
+ @abstract Creates a JavaScript Date object, as if by invoking the built-in Date constructor.
+ @param ctx The execution context to use.
+ @param argumentCount An integer count of the number of arguments in arguments.
+ @param arguments A JSValue array of arguments to pass to the Date Constructor. Pass NULL if argumentCount is 0.
+ @param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+ @result A JSObject that is a Date.
+ */
+JS_EXPORT JSObjectRef JSObjectMakeDate(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+ @function
+ @abstract Creates a JavaScript Error object, as if by invoking the built-in Error constructor.
+ @param ctx The execution context to use.
+ @param argumentCount An integer count of the number of arguments in arguments.
+ @param arguments A JSValue array of arguments to pass to the Error Constructor. Pass NULL if argumentCount is 0.
+ @param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+ @result A JSObject that is a Error.
+ */
+JS_EXPORT JSObjectRef JSObjectMakeError(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+ @function
+ @abstract Creates a JavaScript RegExp object, as if by invoking the built-in RegExp constructor.
+ @param ctx The execution context to use.
+ @param argumentCount An integer count of the number of arguments in arguments.
+ @param arguments A JSValue array of arguments to pass to the RegExp Constructor. Pass NULL if argumentCount is 0.
+ @param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+ @result A JSObject that is a RegExp.
+ */
+JS_EXPORT JSObjectRef JSObjectMakeRegExp(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) AVAILABLE_IN_WEBKIT_VERSION_4_0;
+
+/*!
+@function
+@abstract Creates a function with a given script as its body.
+@param ctx The execution context to use.
+@param name A JSString containing the function's name. This will be used when converting the function to string. Pass NULL to create an anonymous function.
+@param parameterCount An integer count of the number of parameter names in parameterNames.
+@param parameterNames A JSString array containing the names of the function's parameters. Pass NULL if parameterCount is 0.
+@param body A JSString containing the script to use as the function's body.
+@param sourceURL A JSString containing a URL for the script's source file. This is only used when reporting exceptions. Pass NULL if you do not care to include source file information in exceptions.
+@param startingLineNumber An integer value specifying the script's starting line number in the file located at sourceURL. This is only used when reporting exceptions.
+@param exception A pointer to a JSValueRef in which to store a syntax error exception, if any. Pass NULL if you do not care to store a syntax error exception.
+@result A JSObject that is a function, or NULL if either body or parameterNames contains a syntax error. The object's prototype will be the default function prototype.
+@discussion Use this method when you want to execute a script repeatedly, to avoid the cost of re-parsing the script before each execution.
+*/
+JS_EXPORT JSObjectRef JSObjectMakeFunction(JSContextRef ctx, JSStringRef name, unsigned parameterCount, const JSStringRef parameterNames[], JSStringRef body, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception);
+
+/*!
+@function
+@abstract Gets an object's prototype.
+@param ctx  The execution context to use.
+@param object A JSObject whose prototype you want to get.
+@result A JSValue that is the object's prototype.
+*/
+JS_EXPORT JSValueRef JSObjectGetPrototype(JSContextRef ctx, JSObjectRef object);
+
+/*!
+@function
+@abstract Sets an object's prototype.
+@param ctx  The execution context to use.
+@param object The JSObject whose prototype you want to set.
+@param value A JSValue to set as the object's prototype.
+*/
+JS_EXPORT void JSObjectSetPrototype(JSContextRef ctx, JSObjectRef object, JSValueRef value);
+
+/*!
+@function
+@abstract Tests whether an object has a given property.
+@param object The JSObject to test.
+@param propertyName A JSString containing the property's name.
+@result true if the object has a property whose name matches propertyName, otherwise false.
+*/
+JS_EXPORT bool JSObjectHasProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName);
+
+/*!
+@function
+@abstract Gets a property from an object.
+@param ctx The execution context to use.
+@param object The JSObject whose property you want to get.
+@param propertyName A JSString containing the property's name.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result The property's value if object has the property, otherwise the undefined value.
+*/
+JS_EXPORT JSValueRef JSObjectGetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+/*!
+@function
+@abstract Sets a property on an object.
+@param ctx The execution context to use.
+@param object The JSObject whose property you want to set.
+@param propertyName A JSString containing the property's name.
+@param value A JSValue to use as the property's value.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@param attributes A logically ORed set of JSPropertyAttributes to give to the property.
+*/
+JS_EXPORT void JSObjectSetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value, JSPropertyAttributes attributes, JSValueRef* exception);
+
+/*!
+@function
+@abstract Deletes a property from an object.
+@param ctx The execution context to use.
+@param object The JSObject whose property you want to delete.
+@param propertyName A JSString containing the property's name.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result true if the delete operation succeeds, otherwise false (for example, if the property has the kJSPropertyAttributeDontDelete attribute set).
+*/
+JS_EXPORT bool JSObjectDeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception);
+
+/*!
+@function
+@abstract Gets a property from an object by numeric index.
+@param ctx The execution context to use.
+@param object The JSObject whose property you want to get.
+@param propertyIndex An integer value that is the property's name.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result The property's value if object has the property, otherwise the undefined value.
+@discussion Calling JSObjectGetPropertyAtIndex is equivalent to calling JSObjectGetProperty with a string containing propertyIndex, but JSObjectGetPropertyAtIndex provides optimized access to numeric properties.
+*/
+JS_EXPORT JSValueRef JSObjectGetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef* exception);
+
+/*!
+@function
+@abstract Sets a property on an object by numeric index.
+@param ctx The execution context to use.
+@param object The JSObject whose property you want to set.
+@param propertyIndex The property's name as a number.
+@param value A JSValue to use as the property's value.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@discussion Calling JSObjectSetPropertyAtIndex is equivalent to calling JSObjectSetProperty with a string containing propertyIndex, but JSObjectSetPropertyAtIndex provides optimized access to numeric properties.
+*/
+JS_EXPORT void JSObjectSetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef value, JSValueRef* exception);
+
+/*!
+@function
+@abstract Gets an object's private data.
+@param object A JSObject whose private data you want to get.
+@result A void* that is the object's private data, if the object has private data, otherwise NULL.
+*/
+JS_EXPORT void* JSObjectGetPrivate(JSObjectRef object);
+
+/*!
+@function
+@abstract Sets a pointer to private data on an object.
+@param object The JSObject whose private data you want to set.
+@param data A void* to set as the object's private data.
+@result true if object can store private data, otherwise false.
+@discussion The default object class does not allocate storage for private data. Only objects created with a non-NULL JSClass can store private data.
+*/
+JS_EXPORT bool JSObjectSetPrivate(JSObjectRef object, void* data);
+
+/*!
+@function
+@abstract Tests whether an object can be called as a function.
+@param ctx  The execution context to use.
+@param object The JSObject to test.
+@result true if the object can be called as a function, otherwise false.
+*/
+JS_EXPORT bool JSObjectIsFunction(JSContextRef ctx, JSObjectRef object);
+
+/*!
+@function
+@abstract Calls an object as a function.
+@param ctx The execution context to use.
+@param object The JSObject to call as a function.
+@param thisObject The object to use as "this," or NULL to use the global object as "this."
+@param argumentCount An integer count of the number of arguments in arguments.
+@param arguments A JSValue array of arguments to pass to the function. Pass NULL if argumentCount is 0.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result The JSValue that results from calling object as a function, or NULL if an exception is thrown or object is not a function.
+*/
+JS_EXPORT JSValueRef JSObjectCallAsFunction(JSContextRef ctx, JSObjectRef object, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+/*!
+@function
+@abstract Tests whether an object can be called as a constructor.
+@param ctx  The execution context to use.
+@param object The JSObject to test.
+@result true if the object can be called as a constructor, otherwise false.
+*/
+JS_EXPORT bool JSObjectIsConstructor(JSContextRef ctx, JSObjectRef object);
+
+/*!
+@function
+@abstract Calls an object as a constructor.
+@param ctx The execution context to use.
+@param object The JSObject to call as a constructor.
+@param argumentCount An integer count of the number of arguments in arguments.
+@param arguments A JSValue array of arguments to pass to the constructor. Pass NULL if argumentCount is 0.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result The JSObject that results from calling object as a constructor, or NULL if an exception is thrown or object is not a constructor.
+*/
+JS_EXPORT JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
+
+/*!
+@function
+@abstract Gets the names of an object's enumerable properties.
+@param ctx The execution context to use.
+@param object The object whose property names you want to get.
+@result A JSPropertyNameArray containing the names object's enumerable properties. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSPropertyNameArrayRef JSObjectCopyPropertyNames(JSContextRef ctx, JSObjectRef object);
+
+/*!
+@function
+@abstract Retains a JavaScript property name array.
+@param array The JSPropertyNameArray to retain.
+@result A JSPropertyNameArray that is the same as array.
+*/
+JS_EXPORT JSPropertyNameArrayRef JSPropertyNameArrayRetain(JSPropertyNameArrayRef array);
+
+/*!
+@function
+@abstract Releases a JavaScript property name array.
+@param array The JSPropetyNameArray to release.
+*/
+JS_EXPORT void JSPropertyNameArrayRelease(JSPropertyNameArrayRef array);
+
+/*!
+@function
+@abstract Gets a count of the number of items in a JavaScript property name array.
+@param array The array from which to retrieve the count.
+@result An integer count of the number of names in array.
+*/
+JS_EXPORT size_t JSPropertyNameArrayGetCount(JSPropertyNameArrayRef array);
+
+/*!
+@function
+@abstract Gets a property name at a given index in a JavaScript property name array.
+@param array The array from which to retrieve the property name.
+@param index The index of the property name to retrieve.
+@result A JSStringRef containing the property name.
+*/
+JS_EXPORT JSStringRef JSPropertyNameArrayGetNameAtIndex(JSPropertyNameArrayRef array, size_t index);
+
+/*!
+@function
+@abstract Adds a property name to a JavaScript property name accumulator.
+@param accumulator The accumulator object to which to add the property name.
+@param propertyName The property name to add.
+*/
+JS_EXPORT void JSPropertyNameAccumulatorAddName(JSPropertyNameAccumulatorRef accumulator, JSStringRef propertyName);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSObjectRef_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.cpp
new file mode 100644
index 000000000..ea277f059
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSProfilerPrivate.h"
+
+#include "APICast.h"
+#include "OpaqueJSString.h"
+#include "Profiler.h"
+
+using namespace JSC;
+
+void JSStartProfiling(JSContextRef ctx, JSStringRef title)
+{
+    Profiler::profiler()->startProfiling(toJS(ctx), title->ustring());
+}
+
+void JSEndProfiling(JSContextRef ctx, JSStringRef title)
+{
+    ExecState* exec = toJS(ctx);
+    Profiler* profiler = Profiler::profiler();
+    profiler->stopProfiling(exec, title->ustring());
+}
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.h
new file mode 100644
index 000000000..b3fe533a3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSProfilerPrivate.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2008 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSProfiler_h
+#define JSProfiler_h
+
+#include <JavaScriptCore/JSBase.h>
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+@function JSStartProfiling
+@abstract Enables the profler.
+@param ctx The execution context to use.
+@param title The title of the profile.
+@result The profiler is turned on.
+*/
+JS_EXPORT void JSStartProfiling(JSContextRef ctx, JSStringRef title);
+
+/*!
+@function JSEndProfiling
+@abstract Disables the profler.
+@param ctx The execution context to use.
+@param title The title of the profile.
+@result The profiler is turned off. If there is no name, the most recently started
+        profile is stopped. If the name does not match any profile then no profile
+        is stopped.
+*/
+JS_EXPORT void JSEndProfiling(JSContextRef ctx, JSStringRef title);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSProfiler_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSRetainPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSRetainPtr.h
new file mode 100644
index 000000000..69c6de19c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSRetainPtr.h
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2005, 2006, 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSRetainPtr_h
+#define JSRetainPtr_h
+
+#include <JavaScriptCore/JSStringRef.h>
+#include <algorithm>
+
+inline void JSRetain(JSStringRef string) { JSStringRetain(string); }
+inline void JSRelease(JSStringRef string) { JSStringRelease(string); }
+
+enum AdoptTag { Adopt };
+
+template <typename T> class JSRetainPtr {
+public:
+    JSRetainPtr() : m_ptr(0) {}
+    JSRetainPtr(T ptr) : m_ptr(ptr) { if (ptr) JSRetain(ptr); }
+
+    JSRetainPtr(AdoptTag, T ptr) : m_ptr(ptr) { }
+    
+    JSRetainPtr(const JSRetainPtr& o) : m_ptr(o.m_ptr) { if (T ptr = m_ptr) JSRetain(ptr); }
+
+    ~JSRetainPtr() { if (T ptr = m_ptr) JSRelease(ptr); }
+    
+    template <typename U> JSRetainPtr(const JSRetainPtr<U>& o) : m_ptr(o.get()) { if (T ptr = m_ptr) JSRetain(ptr); }
+    
+    T get() const { return m_ptr; }
+    
+    T releaseRef() { T tmp = m_ptr; m_ptr = 0; return tmp; }
+    
+    T operator->() const { return m_ptr; }
+    
+    bool operator!() const { return !m_ptr; }
+
+    // This conversion operator allows implicit conversion to bool but not to other integer types.
+    typedef T JSRetainPtr::*UnspecifiedBoolType;
+    operator UnspecifiedBoolType() const { return m_ptr ? &JSRetainPtr::m_ptr : 0; }
+    
+    JSRetainPtr& operator=(const JSRetainPtr&);
+    template <typename U> JSRetainPtr& operator=(const JSRetainPtr<U>&);
+    JSRetainPtr& operator=(T);
+    template <typename U> JSRetainPtr& operator=(U*);
+
+    void adopt(T);
+    
+    void swap(JSRetainPtr&);
+
+private:
+    T m_ptr;
+};
+
+template <typename T> inline JSRetainPtr<T>& JSRetainPtr<T>::operator=(const JSRetainPtr<T>& o)
+{
+    T optr = o.get();
+    if (optr)
+        JSRetain(optr);
+    T ptr = m_ptr;
+    m_ptr = optr;
+    if (ptr)
+        JSRelease(ptr);
+    return *this;
+}
+
+template <typename T> template <typename U> inline JSRetainPtr<T>& JSRetainPtr<T>::operator=(const JSRetainPtr<U>& o)
+{
+    T optr = o.get();
+    if (optr)
+        JSRetain(optr);
+    T ptr = m_ptr;
+    m_ptr = optr;
+    if (ptr)
+        JSRelease(ptr);
+    return *this;
+}
+
+template <typename T> inline JSRetainPtr<T>& JSRetainPtr<T>::operator=(T optr)
+{
+    if (optr)
+        JSRetain(optr);
+    T ptr = m_ptr;
+    m_ptr = optr;
+    if (ptr)
+        JSRelease(ptr);
+    return *this;
+}
+
+template <typename T> inline void JSRetainPtr<T>::adopt(T optr)
+{
+    T ptr = m_ptr;
+    m_ptr = optr;
+    if (ptr)
+        JSRelease(ptr);
+}
+
+template <typename T> template <typename U> inline JSRetainPtr<T>& JSRetainPtr<T>::operator=(U* optr)
+{
+    if (optr)
+        JSRetain(optr);
+    T ptr = m_ptr;
+    m_ptr = optr;
+    if (ptr)
+        JSRelease(ptr);
+    return *this;
+}
+
+template <class T> inline void JSRetainPtr<T>::swap(JSRetainPtr<T>& o)
+{
+    std::swap(m_ptr, o.m_ptr);
+}
+
+template <class T> inline void swap(JSRetainPtr<T>& a, JSRetainPtr<T>& b)
+{
+    a.swap(b);
+}
+
+template <typename T, typename U> inline bool operator==(const JSRetainPtr<T>& a, const JSRetainPtr<U>& b)
+{ 
+    return a.get() == b.get(); 
+}
+
+template <typename T, typename U> inline bool operator==(const JSRetainPtr<T>& a, U* b)
+{ 
+    return a.get() == b; 
+}
+
+template <typename T, typename U> inline bool operator==(T* a, const JSRetainPtr<U>& b) 
+{
+    return a == b.get(); 
+}
+
+template <typename T, typename U> inline bool operator!=(const JSRetainPtr<T>& a, const JSRetainPtr<U>& b)
+{ 
+    return a.get() != b.get(); 
+}
+
+template <typename T, typename U> inline bool operator!=(const JSRetainPtr<T>& a, U* b)
+{
+    return a.get() != b; 
+}
+
+template <typename T, typename U> inline bool operator!=(T* a, const JSRetainPtr<U>& b)
+{ 
+    return a != b.get(); 
+}
+
+
+#endif // JSRetainPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.cpp
new file mode 100644
index 000000000..8e236e458
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.cpp
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSStringRef.h"
+
+#include "InitializeThreading.h"
+#include "OpaqueJSString.h"
+#include <wtf/unicode/UTF8.h>
+
+using namespace JSC;
+using namespace WTF::Unicode;
+
+JSStringRef JSStringCreateWithCharacters(const JSChar* chars, size_t numChars)
+{
+    initializeThreading();
+    return OpaqueJSString::create(chars, numChars).releaseRef();
+}
+
+JSStringRef JSStringCreateWithUTF8CString(const char* string)
+{
+    initializeThreading();
+    if (string) {
+        size_t length = strlen(string);
+        Vector<UChar, 1024> buffer(length);
+        UChar* p = buffer.data();
+        if (conversionOK == convertUTF8ToUTF16(&string, string + length, &p, p + length))
+            return OpaqueJSString::create(buffer.data(), p - buffer.data()).releaseRef();
+    }
+
+    // Null string.
+    return OpaqueJSString::create().releaseRef();
+}
+
+JSStringRef JSStringRetain(JSStringRef string)
+{
+    string->ref();
+    return string;
+}
+
+void JSStringRelease(JSStringRef string)
+{
+    string->deref();
+}
+
+size_t JSStringGetLength(JSStringRef string)
+{
+    return string->length();
+}
+
+const JSChar* JSStringGetCharactersPtr(JSStringRef string)
+{
+    return string->characters();
+}
+
+size_t JSStringGetMaximumUTF8CStringSize(JSStringRef string)
+{
+    // Any UTF8 character > 3 bytes encodes as a UTF16 surrogate pair.
+    return string->length() * 3 + 1; // + 1 for terminating '\0'
+}
+
+size_t JSStringGetUTF8CString(JSStringRef string, char* buffer, size_t bufferSize)
+{
+    if (!bufferSize)
+        return 0;
+
+    char* p = buffer;
+    const UChar* d = string->characters();
+    ConversionResult result = convertUTF16ToUTF8(&d, d + string->length(), &p, p + bufferSize - 1, true);
+    *p++ = '\0';
+    if (result != conversionOK && result != targetExhausted)
+        return 0;
+
+    return p - buffer;
+}
+
+bool JSStringIsEqual(JSStringRef a, JSStringRef b)
+{
+    unsigned len = a->length();
+    return len == b->length() && 0 == memcmp(a->characters(), b->characters(), len * sizeof(UChar));
+}
+
+bool JSStringIsEqualToUTF8CString(JSStringRef a, const char* b)
+{
+    JSStringRef bBuf = JSStringCreateWithUTF8CString(b);
+    bool result = JSStringIsEqual(a, bBuf);
+    JSStringRelease(bBuf);
+    
+    return result;
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.h
new file mode 100644
index 000000000..41d897852
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRef.h
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSStringRef_h
+#define JSStringRef_h
+
+#include <JavaScriptCore/JSValueRef.h>
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+#include <stddef.h> /* for size_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if (!defined(WIN32) && !defined(_WIN32) && !defined(__WINSCW__))
+/*!
+@typedef JSChar
+@abstract A Unicode character.
+*/
+    typedef unsigned short JSChar;
+#else
+    typedef wchar_t JSChar;
+#endif
+
+/*!
+@function
+@abstract         Creates a JavaScript string from a buffer of Unicode characters.
+@param chars      The buffer of Unicode characters to copy into the new JSString.
+@param numChars   The number of characters to copy from the buffer pointed to by chars.
+@result           A JSString containing chars. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSStringRef JSStringCreateWithCharacters(const JSChar* chars, size_t numChars);
+/*!
+@function
+@abstract         Creates a JavaScript string from a null-terminated UTF8 string.
+@param string     The null-terminated UTF8 string to copy into the new JSString.
+@result           A JSString containing string. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSStringRef JSStringCreateWithUTF8CString(const char* string);
+
+/*!
+@function
+@abstract         Retains a JavaScript string.
+@param string     The JSString to retain.
+@result           A JSString that is the same as string.
+*/
+JS_EXPORT JSStringRef JSStringRetain(JSStringRef string);
+/*!
+@function
+@abstract         Releases a JavaScript string.
+@param string     The JSString to release.
+*/
+JS_EXPORT void JSStringRelease(JSStringRef string);
+
+/*!
+@function
+@abstract         Returns the number of Unicode characters in a JavaScript string.
+@param string     The JSString whose length (in Unicode characters) you want to know.
+@result           The number of Unicode characters stored in string.
+*/
+JS_EXPORT size_t JSStringGetLength(JSStringRef string);
+/*!
+@function
+@abstract         Returns a pointer to the Unicode character buffer that 
+ serves as the backing store for a JavaScript string.
+@param string     The JSString whose backing store you want to access.
+@result           A pointer to the Unicode character buffer that serves as string's 
+ backing store, which will be deallocated when string is deallocated.
+*/
+JS_EXPORT const JSChar* JSStringGetCharactersPtr(JSStringRef string);
+
+/*!
+@function
+@abstract Returns the maximum number of bytes a JavaScript string will 
+ take up if converted into a null-terminated UTF8 string.
+@param string The JSString whose maximum converted size (in bytes) you 
+ want to know.
+@result The maximum number of bytes that could be required to convert string into a 
+ null-terminated UTF8 string. The number of bytes that the conversion actually ends 
+ up requiring could be less than this, but never more.
+*/
+JS_EXPORT size_t JSStringGetMaximumUTF8CStringSize(JSStringRef string);
+/*!
+@function
+@abstract Converts a JavaScript string into a null-terminated UTF8 string, 
+ and copies the result into an external byte buffer.
+@param string The source JSString.
+@param buffer The destination byte buffer into which to copy a null-terminated 
+ UTF8 representation of string. On return, buffer contains a UTF8 string 
+ representation of string. If bufferSize is too small, buffer will contain only 
+ partial results. If buffer is not at least bufferSize bytes in size, 
+ behavior is undefined. 
+@param bufferSize The size of the external buffer in bytes.
+@result The number of bytes written into buffer (including the null-terminator byte).
+*/
+JS_EXPORT size_t JSStringGetUTF8CString(JSStringRef string, char* buffer, size_t bufferSize);
+
+/*!
+@function
+@abstract     Tests whether two JavaScript strings match.
+@param a      The first JSString to test.
+@param b      The second JSString to test.
+@result       true if the two strings match, otherwise false.
+*/
+JS_EXPORT bool JSStringIsEqual(JSStringRef a, JSStringRef b);
+/*!
+@function
+@abstract     Tests whether a JavaScript string matches a null-terminated UTF8 string.
+@param a      The JSString to test.
+@param b      The null-terminated UTF8 string to test.
+@result       true if the two strings match, otherwise false.
+*/
+JS_EXPORT bool JSStringIsEqualToUTF8CString(JSStringRef a, const char* b);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSStringRef_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.cpp
new file mode 100644
index 000000000..a7d3e9923
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.cpp
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSStringRefBSTR.h"
+
+#include "JSStringRef.h"
+
+JSStringRef JSStringCreateWithBSTR(BSTR string)
+{
+    return JSStringCreateWithCharacters(string ? string : L"", string ? SysStringLen(string) : 0);
+}
+
+BSTR JSStringCopyBSTR(const JSStringRef string)
+{
+    return SysAllocStringLen(JSStringGetCharactersPtr(string), JSStringGetLength(string));
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.h
new file mode 100644
index 000000000..59f19b763
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefBSTR.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSStringRefBSTR_h
+#define JSStringRefBSTR_h
+
+#include "JSBase.h"
+
+#include <windows.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* COM convenience methods */
+
+/*!
+@function
+@abstract         Creates a JavaScript string from a BSTR.
+@param string     The BSTR to copy into the new JSString.
+@result           A JSString containing string. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSStringRef JSStringCreateWithBSTR(const BSTR string);
+
+/*!
+@function
+@abstract         Creates a BSTR from a JavaScript string.
+@param string     The JSString to copy into the new BSTR.
+@result           A BSTR containing string. Ownership follows the Create Rule.
+*/
+JS_EXPORT BSTR JSStringCopyBSTR(const JSStringRef string);
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSStringRefBSTR_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.cpp
new file mode 100644
index 000000000..d1f6fe330
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.cpp
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSStringRefCF.h"
+
+#include "APICast.h"
+#include "InitializeThreading.h"
+#include "JSStringRef.h"
+#include "OpaqueJSString.h"
+#include <runtime/UString.h>
+#include <runtime/JSValue.h>
+#include <wtf/OwnArrayPtr.h>
+
+JSStringRef JSStringCreateWithCFString(CFStringRef string)
+{
+    JSC::initializeThreading();
+
+    // We cannot use CFIndex here since CFStringGetLength can return values larger than
+    // it can hold.  (<rdar://problem/6806478>)
+    size_t length = CFStringGetLength(string);
+    if (length) {
+        OwnArrayPtr<UniChar> buffer(new UniChar[length]);
+        CFStringGetCharacters(string, CFRangeMake(0, length), buffer.get());
+        COMPILE_ASSERT(sizeof(UniChar) == sizeof(UChar), unichar_and_uchar_must_be_same_size);
+        return OpaqueJSString::create(reinterpret_cast<UChar*>(buffer.get()), length).releaseRef();
+    } else {
+        return OpaqueJSString::create(0, 0).releaseRef();
+    }
+}
+
+CFStringRef JSStringCopyCFString(CFAllocatorRef alloc, JSStringRef string)
+{
+    return CFStringCreateWithCharacters(alloc, reinterpret_cast<const UniChar*>(string->characters()), string->length());
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.h
new file mode 100644
index 000000000..a42476561
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSStringRefCF.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSStringRefCF_h
+#define JSStringRefCF_h
+
+#include "JSBase.h"
+#include <CoreFoundation/CoreFoundation.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* CFString convenience methods */
+
+/*!
+@function
+@abstract         Creates a JavaScript string from a CFString.
+@discussion       This function is optimized to take advantage of cases when 
+ CFStringGetCharactersPtr returns a valid pointer.
+@param string     The CFString to copy into the new JSString.
+@result           A JSString containing string. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSStringRef JSStringCreateWithCFString(CFStringRef string);
+/*!
+@function
+@abstract         Creates a CFString from a JavaScript string.
+@param alloc      The alloc parameter to pass to CFStringCreate.
+@param string     The JSString to copy into the new CFString.
+@result           A CFString containing string. Ownership follows the Create Rule.
+*/
+JS_EXPORT CFStringRef JSStringCopyCFString(CFAllocatorRef alloc, JSStringRef string);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSStringRefCF_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.cpp
new file mode 100644
index 000000000..2207181bd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.cpp
@@ -0,0 +1,322 @@
+/*
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSValueRef.h"
+
+#include <wtf/Platform.h>
+#include "APICast.h"
+#include "JSCallbackObject.h"
+
+#include <runtime/JSGlobalObject.h>
+#include <runtime/JSString.h>
+#include <runtime/Operations.h>
+#include <runtime/Protect.h>
+#include <runtime/UString.h>
+#include <runtime/JSValue.h>
+
+#include <wtf/Assertions.h>
+
+#include <algorithm> // for std::min
+
+JSType JSValueGetType(JSContextRef ctx, JSValueRef value)
+{
+    JSC::ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSC::JSLock lock(exec);
+
+    JSC::JSValue jsValue = toJS(exec, value);
+
+    if (jsValue.isUndefined())
+        return kJSTypeUndefined;
+    if (jsValue.isNull())
+        return kJSTypeNull;
+    if (jsValue.isBoolean())
+        return kJSTypeBoolean;
+    if (jsValue.isNumber())
+        return kJSTypeNumber;
+    if (jsValue.isString())
+        return kJSTypeString;
+    ASSERT(jsValue.isObject());
+    return kJSTypeObject;
+}
+
+using namespace JSC; // placed here to avoid conflict between JSC::JSType and JSType, above.
+
+bool JSValueIsUndefined(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isUndefined();
+}
+
+bool JSValueIsNull(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isNull();
+}
+
+bool JSValueIsBoolean(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isBoolean();
+}
+
+bool JSValueIsNumber(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isNumber();
+}
+
+bool JSValueIsString(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isString();
+}
+
+bool JSValueIsObject(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.isObject();
+}
+
+bool JSValueIsObjectOfClass(JSContextRef ctx, JSValueRef value, JSClassRef jsClass)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    
+    if (JSObject* o = jsValue.getObject()) {
+        if (o->inherits(&JSCallbackObject<JSGlobalObject>::info))
+            return static_cast<JSCallbackObject<JSGlobalObject>*>(o)->inherits(jsClass);
+        else if (o->inherits(&JSCallbackObject<JSObject>::info))
+            return static_cast<JSCallbackObject<JSObject>*>(o)->inherits(jsClass);
+    }
+    return false;
+}
+
+bool JSValueIsEqual(JSContextRef ctx, JSValueRef a, JSValueRef b, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsA = toJS(exec, a);
+    JSValue jsB = toJS(exec, b);
+
+    bool result = JSValue::equal(exec, jsA, jsB); // false if an exception is thrown
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+    return result;
+}
+
+bool JSValueIsStrictEqual(JSContextRef ctx, JSValueRef a, JSValueRef b)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsA = toJS(exec, a);
+    JSValue jsB = toJS(exec, b);
+
+    return JSValue::strictEqual(jsA, jsB);
+}
+
+bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObjectRef constructor, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+
+    JSObject* jsConstructor = toJS(constructor);
+    if (!jsConstructor->structure()->typeInfo().implementsHasInstance())
+        return false;
+    bool result = jsConstructor->hasInstance(exec, jsValue, jsConstructor->get(exec, exec->propertyNames().prototype)); // false if an exception is thrown
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+    }
+    return result;
+}
+
+JSValueRef JSValueMakeUndefined(JSContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    return toRef(exec, jsUndefined());
+}
+
+JSValueRef JSValueMakeNull(JSContextRef ctx)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    return toRef(exec, jsNull());
+}
+
+JSValueRef JSValueMakeBoolean(JSContextRef ctx, bool value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    return toRef(exec, jsBoolean(value));
+}
+
+JSValueRef JSValueMakeNumber(JSContextRef ctx, double value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    return toRef(exec, jsNumber(exec, value));
+}
+
+JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    return toRef(exec, jsString(exec, string->ustring()));
+}
+
+bool JSValueToBoolean(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    return jsValue.toBoolean(exec);
+}
+
+double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+
+    double number = jsValue.toNumber(exec);
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        number = NaN;
+    }
+    return number;
+}
+
+JSStringRef JSValueToStringCopy(JSContextRef ctx, JSValueRef value, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    
+    RefPtr<OpaqueJSString> stringRef(OpaqueJSString::create(jsValue.toString(exec)));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        stringRef.clear();
+    }
+    return stringRef.release().releaseRef();
+}
+
+JSObjectRef JSValueToObject(JSContextRef ctx, JSValueRef value, JSValueRef* exception)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    
+    JSObjectRef objectRef = toRef(jsValue.toObject(exec));
+    if (exec->hadException()) {
+        if (exception)
+            *exception = toRef(exec, exec->exception());
+        exec->clearException();
+        objectRef = 0;
+    }
+    return objectRef;
+}    
+
+void JSValueProtect(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    gcProtect(jsValue);
+}
+
+void JSValueUnprotect(JSContextRef ctx, JSValueRef value)
+{
+    ExecState* exec = toJS(ctx);
+    exec->globalData().heap.registerThread();
+    JSLock lock(exec);
+
+    JSValue jsValue = toJS(exec, value);
+    gcUnprotect(jsValue);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.h
new file mode 100644
index 000000000..7a7bf93a1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JSValueRef.h
@@ -0,0 +1,278 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSValueRef_h
+#define JSValueRef_h
+
+#include <JavaScriptCore/JSBase.h>
+
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+/*!
+@enum JSType
+@abstract     A constant identifying the type of a JSValue.
+@constant     kJSTypeUndefined  The unique undefined value.
+@constant     kJSTypeNull       The unique null value.
+@constant     kJSTypeBoolean    A primitive boolean value, one of true or false.
+@constant     kJSTypeNumber     A primitive number value.
+@constant     kJSTypeString     A primitive string value.
+@constant     kJSTypeObject     An object value (meaning that this JSValueRef is a JSObjectRef).
+*/
+typedef enum {
+    kJSTypeUndefined,
+    kJSTypeNull,
+    kJSTypeBoolean,
+    kJSTypeNumber,
+    kJSTypeString,
+    kJSTypeObject
+} JSType;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*!
+@function
+@abstract       Returns a JavaScript value's type.
+@param ctx  The execution context to use.
+@param value    The JSValue whose type you want to obtain.
+@result         A value of type JSType that identifies value's type.
+*/
+JS_EXPORT JSType JSValueGetType(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the undefined type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the undefined type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsUndefined(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the null type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the null type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsNull(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the boolean type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the boolean type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsBoolean(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the number type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the number type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsNumber(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the string type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the string type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsString(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Tests whether a JavaScript value's type is the object type.
+@param ctx  The execution context to use.
+@param value    The JSValue to test.
+@result         true if value's type is the object type, otherwise false.
+*/
+JS_EXPORT bool JSValueIsObject(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract Tests whether a JavaScript value is an object with a given class in its class chain.
+@param ctx The execution context to use.
+@param value The JSValue to test.
+@param jsClass The JSClass to test against.
+@result true if value is an object and has jsClass in its class chain, otherwise false.
+*/
+JS_EXPORT bool JSValueIsObjectOfClass(JSContextRef ctx, JSValueRef value, JSClassRef jsClass);
+
+/* Comparing values */
+
+/*!
+@function
+@abstract Tests whether two JavaScript values are equal, as compared by the JS == operator.
+@param ctx The execution context to use.
+@param a The first value to test.
+@param b The second value to test.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result true if the two values are equal, false if they are not equal or an exception is thrown.
+*/
+JS_EXPORT bool JSValueIsEqual(JSContextRef ctx, JSValueRef a, JSValueRef b, JSValueRef* exception);
+
+/*!
+@function
+@abstract       Tests whether two JavaScript values are strict equal, as compared by the JS === operator.
+@param ctx  The execution context to use.
+@param a        The first value to test.
+@param b        The second value to test.
+@result         true if the two values are strict equal, otherwise false.
+*/
+JS_EXPORT bool JSValueIsStrictEqual(JSContextRef ctx, JSValueRef a, JSValueRef b);
+
+/*!
+@function
+@abstract Tests whether a JavaScript value is an object constructed by a given constructor, as compared by the JS instanceof operator.
+@param ctx The execution context to use.
+@param value The JSValue to test.
+@param constructor The constructor to test against.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result true if value is an object constructed by constructor, as compared by the JS instanceof operator, otherwise false.
+*/
+JS_EXPORT bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObjectRef constructor, JSValueRef* exception);
+
+/* Creating values */
+
+/*!
+@function
+@abstract       Creates a JavaScript value of the undefined type.
+@param ctx  The execution context to use.
+@result         The unique undefined value.
+*/
+JS_EXPORT JSValueRef JSValueMakeUndefined(JSContextRef ctx);
+
+/*!
+@function
+@abstract       Creates a JavaScript value of the null type.
+@param ctx  The execution context to use.
+@result         The unique null value.
+*/
+JS_EXPORT JSValueRef JSValueMakeNull(JSContextRef ctx);
+
+/*!
+@function
+@abstract       Creates a JavaScript value of the boolean type.
+@param ctx  The execution context to use.
+@param boolean  The bool to assign to the newly created JSValue.
+@result         A JSValue of the boolean type, representing the value of boolean.
+*/
+JS_EXPORT JSValueRef JSValueMakeBoolean(JSContextRef ctx, bool boolean);
+
+/*!
+@function
+@abstract       Creates a JavaScript value of the number type.
+@param ctx  The execution context to use.
+@param number   The double to assign to the newly created JSValue.
+@result         A JSValue of the number type, representing the value of number.
+*/
+JS_EXPORT JSValueRef JSValueMakeNumber(JSContextRef ctx, double number);
+
+/*!
+@function
+@abstract       Creates a JavaScript value of the string type.
+@param ctx  The execution context to use.
+@param string   The JSString to assign to the newly created JSValue. The
+ newly created JSValue retains string, and releases it upon garbage collection.
+@result         A JSValue of the string type, representing the value of string.
+*/
+JS_EXPORT JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string);
+
+/* Converting to primitive values */
+
+/*!
+@function
+@abstract       Converts a JavaScript value to boolean and returns the resulting boolean.
+@param ctx  The execution context to use.
+@param value    The JSValue to convert.
+@result         The boolean result of conversion.
+*/
+JS_EXPORT bool JSValueToBoolean(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Converts a JavaScript value to number and returns the resulting number.
+@param ctx  The execution context to use.
+@param value    The JSValue to convert.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result         The numeric result of conversion, or NaN if an exception is thrown.
+*/
+JS_EXPORT double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception);
+
+/*!
+@function
+@abstract       Converts a JavaScript value to string and copies the result into a JavaScript string.
+@param ctx  The execution context to use.
+@param value    The JSValue to convert.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result         A JSString with the result of conversion, or NULL if an exception is thrown. Ownership follows the Create Rule.
+*/
+JS_EXPORT JSStringRef JSValueToStringCopy(JSContextRef ctx, JSValueRef value, JSValueRef* exception);
+
+/*!
+@function
+@abstract Converts a JavaScript value to object and returns the resulting object.
+@param ctx  The execution context to use.
+@param value    The JSValue to convert.
+@param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception.
+@result         The JSObject result of conversion, or NULL if an exception is thrown.
+*/
+JS_EXPORT JSObjectRef JSValueToObject(JSContextRef ctx, JSValueRef value, JSValueRef* exception);
+
+/* Garbage collection */
+/*!
+@function
+@abstract Protects a JavaScript value from garbage collection.
+@param ctx The execution context to use.
+@param value The JSValue to protect.
+@discussion Use this method when you want to store a JSValue in a global or on the heap, where the garbage collector will not be able to discover your reference to it.
+ 
+A value may be protected multiple times and must be unprotected an equal number of times before becoming eligible for garbage collection.
+*/
+JS_EXPORT void JSValueProtect(JSContextRef ctx, JSValueRef value);
+
+/*!
+@function
+@abstract       Unprotects a JavaScript value from garbage collection.
+@param ctx      The execution context to use.
+@param value    The JSValue to unprotect.
+@discussion     A value may be protected multiple times and must be unprotected an 
+ equal number of times before becoming eligible for garbage collection.
+*/
+JS_EXPORT void JSValueUnprotect(JSContextRef ctx, JSValueRef value);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* JSValueRef_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScript.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScript.h
new file mode 100644
index 000000000..f8d92d8f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScript.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2006 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Alp Toker <alp@atoker.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JavaScript_h
+#define JavaScript_h
+
+#include <JavaScriptCore/JSBase.h>
+#include <JavaScriptCore/JSContextRef.h>
+#include <JavaScriptCore/JSStringRef.h>
+#include <JavaScriptCore/JSObjectRef.h>
+#include <JavaScriptCore/JSValueRef.h>
+
+#endif /* JavaScript_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScriptCore.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScriptCore.h
new file mode 100644
index 000000000..87d601851
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/JavaScriptCore.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JavaScriptCore_h
+#define JavaScriptCore_h
+
+#include <JavaScriptCore/JavaScript.h>
+#include <JavaScriptCore/JSStringRefCF.h>
+
+#endif /* JavaScriptCore_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.cpp
new file mode 100644
index 000000000..7c7b1af69
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "OpaqueJSString.h"
+
+#include <interpreter/CallFrame.h>
+#include <runtime/JSGlobalObject.h>
+#include <runtime/Identifier.h>
+
+using namespace JSC;
+
+PassRefPtr<OpaqueJSString> OpaqueJSString::create(const UString& ustring)
+{
+    if (!ustring.isNull())
+        return adoptRef(new OpaqueJSString(ustring.data(), ustring.size()));
+    return 0;
+}
+
+UString OpaqueJSString::ustring() const
+{
+    if (this && m_characters)
+        return UString(m_characters, m_length, true);
+    return UString::null();
+}
+
+Identifier OpaqueJSString::identifier(JSGlobalData* globalData) const
+{
+    if (!this || !m_characters)
+        return Identifier(globalData, static_cast<const char*>(0));
+
+    return Identifier(globalData, m_characters, m_length);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.h
new file mode 100644
index 000000000..473c81506
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/OpaqueJSString.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef OpaqueJSString_h
+#define OpaqueJSString_h
+
+#include <runtime/UString.h>
+
+namespace JSC {
+    class Identifier;
+    class JSGlobalData;
+}
+
+struct OpaqueJSString : public ThreadSafeShared<OpaqueJSString> {
+
+    static PassRefPtr<OpaqueJSString> create() // null
+    {
+        return adoptRef(new OpaqueJSString);
+    }
+
+    static PassRefPtr<OpaqueJSString> create(const UChar* characters, unsigned length)
+    {
+        return adoptRef(new OpaqueJSString(characters, length));
+    }
+
+    static PassRefPtr<OpaqueJSString> create(const JSC::UString&);
+
+    UChar* characters() { return this ? m_characters : 0; }
+    unsigned length() { return this ? m_length : 0; }
+
+    JSC::UString ustring() const;
+    JSC::Identifier identifier(JSC::JSGlobalData*) const;
+
+private:
+    friend class WTF::ThreadSafeShared<OpaqueJSString>;
+
+    OpaqueJSString()
+        : m_characters(0)
+        , m_length(0)
+    {
+    }
+
+    OpaqueJSString(const UChar* characters, unsigned length)
+        : m_length(length)
+    {
+        m_characters = new UChar[length];
+        memcpy(m_characters, characters, length * sizeof(UChar));
+    }
+
+    ~OpaqueJSString()
+    {
+        delete[] m_characters;
+    }
+
+    UChar* m_characters;
+    unsigned m_length;
+};
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/API/WebKitAvailability.h b/src/3rdparty/javascriptcore/JavaScriptCore/API/WebKitAvailability.h
new file mode 100644
index 000000000..840252831
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/API/WebKitAvailability.h
@@ -0,0 +1,764 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __WebKitAvailability__
+#define __WebKitAvailability__
+
+/* The structure of this header is based on AvailabilityMacros.h.  The major difference is that the availability
+   macros are defined in terms of WebKit version numbers rather than Mac OS X system version numbers, as WebKit
+   releases span multiple versions of Mac OS X.
+*/
+
+#define WEBKIT_VERSION_1_0    0x0100
+#define WEBKIT_VERSION_1_1    0x0110
+#define WEBKIT_VERSION_1_2    0x0120
+#define WEBKIT_VERSION_1_3    0x0130
+#define WEBKIT_VERSION_2_0    0x0200
+#define WEBKIT_VERSION_3_0    0x0300
+#define WEBKIT_VERSION_3_1    0x0310
+#define WEBKIT_VERSION_4_0    0x0400
+#define WEBKIT_VERSION_LATEST 0x9999
+
+#ifdef __APPLE__
+#import <AvailabilityMacros.h>
+#else
+/*
+ * For non-Mac platforms, require the newest version.
+ */
+#define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_LATEST
+/*
+ * only certain compilers support __attribute__((deprecated))
+ */
+#if defined(__GNUC__) && ((__GNUC__ >= 4) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1)))
+    #define DEPRECATED_ATTRIBUTE __attribute__((deprecated))
+#else
+    #define DEPRECATED_ATTRIBUTE
+#endif
+#endif
+
+/* The versions of GCC that shipped with Xcode prior to 3.0 (GCC build number < 5400) did not support attributes on methods.
+   If we are building with one of these versions, we need to omit the attribute.  We achieve this by wrapping the annotation
+   in WEBKIT_OBJC_METHOD_ANNOTATION, which will remove the annotation when an old version of GCC is in use and will otherwise
+   expand to the annotation. The same is needed for protocol methods.
+*/
+#if defined(__APPLE_CC__) && __APPLE_CC__ < 5400
+    #define WEBKIT_OBJC_METHOD_ANNOTATION(ANNOTATION)
+#else
+    #define WEBKIT_OBJC_METHOD_ANNOTATION(ANNOTATION) ANNOTATION
+#endif
+
+
+/* If minimum WebKit version is not specified, assume the version that shipped with the target Mac OS X version */
+#ifndef WEBKIT_VERSION_MIN_REQUIRED
+    #if !defined(MAC_OS_X_VERSION_10_2) || MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_2
+        #error WebKit was not available prior to Mac OS X 10.2
+    #elif !defined(MAC_OS_X_VERSION_10_3) || MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_3
+        /* WebKit 1.0 is the only version available on Mac OS X 10.2. */
+        #define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_1_0
+    #elif !defined(MAC_OS_X_VERSION_10_4) || MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_4
+        /* WebKit 1.1 is the version that shipped on Mac OS X 10.3. */
+        #define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_1_1
+    #elif !defined(MAC_OS_X_VERSION_10_5) || MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_5
+        /* WebKit 2.0 is the version that shipped on Mac OS X 10.4. */
+        #define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_2_0
+    #elif !defined(MAC_OS_X_VERSION_10_6) || MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_6
+        /* WebKit 3.0 is the version that shipped on Mac OS X 10.5. */
+        #define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_3_0
+    #else
+        #define WEBKIT_VERSION_MIN_REQUIRED WEBKIT_VERSION_LATEST
+    #endif
+#endif
+
+
+/* If maximum WebKit version is not specified, assume largerof(latest, minimum) */
+#ifndef WEBKIT_VERSION_MAX_ALLOWED
+    #if WEBKIT_VERSION_MIN_REQUIRED > WEBKIT_VERSION_LATEST
+        #define WEBKIT_VERSION_MAX_ALLOWED WEBKIT_VERSION_MIN_REQUIRED
+    #else
+        #define WEBKIT_VERSION_MAX_ALLOWED WEBKIT_VERSION_LATEST
+    #endif
+#endif
+
+
+/* Sanity check the configured values */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_MIN_REQUIRED
+    #error WEBKIT_VERSION_MAX_ALLOWED must be >= WEBKIT_VERSION_MIN_REQUIRED
+#endif
+#if WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_1_0
+    #error WEBKIT_VERSION_MIN_REQUIRED must be >= WEBKIT_VERSION_1_0
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+ * 
+ * Used on functions introduced in WebKit 1.0
+ */
+#define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on functions introduced in WebKit 1.0,
+ * and deprecated in WebKit 1.0
+ */
+#define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_1_0_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 1.0 
+ */
+#define DEPRECATED_IN_WEBKIT_VERSION_1_0_AND_LATER     DEPRECATED_ATTRIBUTE
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 1.1
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_1_1
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_1_1
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * and deprecated in WebKit 1.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_1
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_1
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 1.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_1
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_1    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_1_1_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 1.1 
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_1
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_1_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 1.2 
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_1_2
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_1_2
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * and deprecated in WebKit 1.2
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_2
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 1.2
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_2
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 1.2
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_2
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_2    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_1_2_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 1.2
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_2
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_2_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 1.3 
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 1.3, 
+ * and deprecated in WebKit 1.3
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 1.3
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 1.3
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * but later deprecated in WebKit 1.3
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_3
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_1_3    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_1_3_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 1.3 
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_1_3
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_3_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 2.0 
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 2.0, 
+ * and deprecated in WebKit 2.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 2.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 2.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * but later deprecated in WebKit 2.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0
+ * 
+ * Used on declarations introduced in WebKit 1.3, 
+ * but later deprecated in WebKit 2.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_2_0    AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_2_0_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 2.0 
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_2_0
+    #define DEPRECATED_IN_WEBKIT_VERSION_2_0_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 3.0 
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 3.0, 
+ * and deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * but later deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0
+ * 
+ * Used on declarations introduced in WebKit 1.3, 
+ * but later deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0
+ * 
+ * Used on declarations introduced in WebKit 2.0, 
+ * but later deprecated in WebKit 3.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_0    AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_3_0_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 3.0 
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_0
+    #define DEPRECATED_IN_WEBKIT_VERSION_3_0_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_3_0_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER
+ * 
+ * Used on declarations introduced in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 3.1, 
+ * and deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED    AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 1.3, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 2.0, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1
+ * 
+ * Used on declarations introduced in WebKit 3.0, 
+ * but later deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_3_1    AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_3_1_AND_LATER
+ * 
+ * Used on types deprecated in WebKit 3.1
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_3_1
+    #define DEPRECATED_IN_WEBKIT_VERSION_3_1_AND_LATER    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_3_1_AND_LATER
+#endif
+
+
+
+
+
+
+/*
+ * AVAILABLE_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MAX_ALLOWED < WEBKIT_VERSION_LATEST
+    #define AVAILABLE_IN_WEBKIT_VERSION_4_0     UNAVAILABLE_ATTRIBUTE
+#elif WEBKIT_VERSION_MIN_REQUIRED < WEBKIT_VERSION_LATEST
+    #define AVAILABLE_IN_WEBKIT_VERSION_4_0     WEAK_IMPORT_ATTRIBUTE
+#else
+    #define AVAILABLE_IN_WEBKIT_VERSION_4_0
+#endif
+
+/*
+ * AVAILABLE_IN_WEBKIT_VERSION_4_0_BUT_DEPRECATED
+ * 
+ * Used on declarations introduced in WebKit 4.0, 
+ * and deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_IN_WEBKIT_VERSION_4_0_BUT_DEPRECATED    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_IN_WEBKIT_VERSION_4_0_BUT_DEPRECATED    AVAILABLE_IN_WEBKIT_VERSION_4_0
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 1.0, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_1_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 1.1, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_1_1_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 1.2, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_1_2_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 1.3, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 2.0, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_2_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 3.0, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_3_0_AND_LATER
+#endif
+
+/*
+ * AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on declarations introduced in WebKit 3.1, 
+ * but later deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER_BUT_DEPRECATED_IN_WEBKIT_VERSION_4_0    AVAILABLE_WEBKIT_VERSION_3_1_AND_LATER
+#endif
+
+/*
+ * DEPRECATED_IN_WEBKIT_VERSION_4_0
+ * 
+ * Used on types deprecated in WebKit 4.0
+ */
+#if WEBKIT_VERSION_MIN_REQUIRED >= WEBKIT_VERSION_LATEST
+    #define DEPRECATED_IN_WEBKIT_VERSION_4_0    DEPRECATED_ATTRIBUTE
+#else
+    #define DEPRECATED_IN_WEBKIT_VERSION_4_0
+#endif
+
+
+#endif /* __WebKitAvailability__ */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/AUTHORS b/src/3rdparty/javascriptcore/JavaScriptCore/AUTHORS
new file mode 100644
index 000000000..e50da8c56
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/AUTHORS
@@ -0,0 +1,2 @@
+Harri Porten (porten@kde.org)
+Peter Kelly (pmk@post.com)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/COPYING.LIB b/src/3rdparty/javascriptcore/JavaScriptCore/COPYING.LIB
new file mode 100644
index 000000000..87c4a33dd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/COPYING.LIB
@@ -0,0 +1,488 @@
+
+
+NOTE! The LGPL below is copyrighted by the Free Software Foundation, but 
+the instance of code that it refers to (the kde libraries) are copyrighted 
+by the authors who actually wrote it.
+				   
+---------------------------------------------------------------------------
+		  GNU LIBRARY GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1991 Free Software Foundation, Inc.
+                    51 Franklin Street, Fifth Floor
+                    Boston, MA 02110-1301, USA.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the library GPL.  It is
+ numbered 2 because it goes with version 2 of the ordinary GPL.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Library General Public License, applies to some
+specially designated Free Software Foundation software, and to any
+other libraries whose authors decide to use it.  You can use it for
+your libraries, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if
+you distribute copies of the library, or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link a program with the library, you must provide
+complete object files to the recipients so that they can relink them
+with the library, after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  Our method of protecting your rights has two steps: (1) copyright
+the library, and (2) offer you this license which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  Also, for each distributor's protection, we want to make certain
+that everyone understands that there is no warranty for this free
+library.  If the library is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original
+version, so that any problems introduced by others will not reflect on
+the original authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that companies distributing free
+software will individually obtain patent licenses, thus in effect
+transforming the program into proprietary software.  To prevent this,
+we have made it clear that any patent must be licensed for everyone's
+free use or not licensed at all.
+
+  Most GNU software, including some libraries, is covered by the ordinary
+GNU General Public License, which was designed for utility programs.  This
+license, the GNU Library General Public License, applies to certain
+designated libraries.  This license is quite different from the ordinary
+one; be sure to read it in full, and don't assume that anything in it is
+the same as in the ordinary license.
+
+  The reason we have a separate public license for some libraries is that
+they blur the distinction we usually make between modifying or adding to a
+program and simply using it.  Linking a program with a library, without
+changing the library, is in some sense simply using the library, and is
+analogous to running a utility program or application program.  However, in
+a textual and legal sense, the linked executable is a combined work, a
+derivative of the original library, and the ordinary General Public License
+treats it as such.
+
+  Because of this blurred distinction, using the ordinary General
+Public License for libraries did not effectively promote software
+sharing, because most developers did not use the libraries.  We
+concluded that weaker conditions might promote sharing better.
+
+  However, unrestricted linking of non-free programs would deprive the
+users of those programs of all benefit from the free status of the
+libraries themselves.  This Library General Public License is intended to
+permit developers of non-free programs to use free libraries, while
+preserving your freedom as a user of such programs to change the free
+libraries that are incorporated in them.  (We have not seen how to achieve
+this as regards changes in header files, but we have achieved it as regards
+changes in the actual functions of the Library.)  The hope is that this
+will lead to faster development of free libraries.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, while the latter only
+works together with the library.
+
+  Note that it is possible for a library to be covered by the ordinary
+General Public License rather than by this special one.
+
+		  GNU LIBRARY GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library which
+contains a notice placed by the copyright holder or other authorized
+party saying it may be distributed under the terms of this Library
+General Public License (also called "this License").  Each licensee is
+addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also compile or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    c) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    d) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the source code distributed need not include anything that is normally
+distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Library General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+           How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.  It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
new file mode 100644
index 000000000..5fa56a740
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
@@ -0,0 +1,10568 @@
+2009-10-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Removed the concept of a "fast access cutoff" in arrays, because it
+        punished some patterns of array access too much, and made things too
+        complex for inlining in some cases.
+        
+        1.3% speedup on SunSpider.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        (JSC::): Check m_vectorLength instead of m_fastAccessCutoff when
+        getting / putting from / to an array. Inline putting past the end of
+        the array.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        (JSC::JSArray::getOwnPropertySlot):
+        (JSC::JSArray::getOwnPropertyDescriptor):
+        (JSC::JSArray::put):
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::deleteProperty):
+        (JSC::JSArray::getOwnPropertyNames):
+        (JSC::JSArray::increaseVectorLength):
+        (JSC::JSArray::setLength):
+        (JSC::JSArray::pop):
+        (JSC::JSArray::push):
+        (JSC::JSArray::sort):
+        (JSC::JSArray::fillArgList):
+        (JSC::JSArray::copyToRegisters):
+        (JSC::JSArray::compactForSorting):
+        (JSC::JSArray::checkConsistency):
+        * runtime/JSArray.h:
+        (JSC::JSArray::canGetIndex):
+        (JSC::JSArray::canSetIndex):
+        (JSC::JSArray::setIndex):
+        (JSC::JSArray::markChildrenDirect): Removed m_fastAccessCutoff, and
+        replaced with checks for JSValue() to detect reads and writes from / to
+        uninitialized parts of the array.
+
+2009-10-02  Jonni Rainisto  <jonni.rainisto@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Math.random() gives too low values on Win32 when _CRT_RAND_S is not defined
+        https://bugs.webkit.org/show_bug.cgi?id=29956
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber): Added PLATFORM(WIN_OS) to handle 15bit rand()
+
+2009-10-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Take one branch instead of two to test for JSValue().
+        
+        1.1% SunSpider speedup.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_create_arguments):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val): Test for the empty value tag, instead
+        of testing for the cell tag with a 0 payload.
+
+        * runtime/JSValue.cpp:
+        (JSC::JSValue::description): Added support for dumping the new empty value,
+        and deleted values, in debug builds.
+
+        * runtime/JSValue.h:
+        (JSC::JSValue::JSValue()): Construct JSValue() with the empty value tag.
+
+        (JSC::JSValue::JSValue(JSCell*)): Convert null pointer to the empty value
+        tag, to avoid having two different c++ versions of null / empty.
+
+        (JSC::JSValue::operator bool): Test for the empty value tag, instead
+        of testing for the cell tag with a 0 payload.
+
+2009-10-01  Zoltan Horvath  <zoltan@webkit.org>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Allow custom memory allocation control for the whole JavaScriptCore
+        https://bugs.webkit.org/show_bug.cgi?id=27029
+
+        Since in JavaScriptCore almost every class which has been instantiated by operator new is
+        inherited from FastAllocBase (bug #20422), we disable customizing global operator new for the Qt-port
+        when USE_SYSTEM_MALLOC=0.
+
+        Add #include <unistd.h> to FastMalloc.cpp because it's used by TCMalloc_PageHeap::scavengerThread().
+        (It's needed for the functionality of TCmalloc.)
+
+        Add TCSystemAlloc.cpp to JavaScriptCore.pri if USE_SYSTEM_MALLOC is disabled.
+
+        * JavaScriptCore.pri:
+        * wtf/FastMalloc.cpp:
+        (WTF::sleep):
+        * wtf/FastMalloc.h:
+
+2009-09-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Devirtualise array toString conversion
+
+        Tweak the implementation of Array.prototype.toString to have a fast path
+        when acting on a true JSArray.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+
+2009-09-30  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Geoffrey Garen.
+
+        Buildfix for platforms using JSVALUE32.
+        https://bugs.webkit.org/show_bug.cgi?id=29915
+
+        After http://trac.webkit.org/changeset/48905 the build broke in JSVALUE32 case.
+        Also removed unreachable code.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+         - Declaration of "OperandTypes types" moved before first use.
+         - Typos fixed: dst modified to result, regT2 added.
+         - Unreachable code removed.
+        (JSC::JIT::emitSlow_op_add):
+         - Missing declaration of "OperandTypes types" added.
+
+2009-09-30  Janne Koskinen  <janne.p.koskinen@digia.com> 
+
+        Reviewed by Simon Hausmann.
+
+        Fix CRASH() macro for Symbian build.
+
+        * wtf/Assertions.h: Added missing }
+
+2009-09-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Standardized an optimization for adding non-numbers.
+        
+        SunSpider says maybe a tiny speedup.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+
+2009-09-29  Janne Koskinen  <janne.p.koskinen@digia.com>
+
+        Reviewed by David Kilzer.
+
+        [Qt] Assert messages prints visible in Symbian
+        https://bugs.webkit.org/show_bug.cgi?id=29808
+
+        Asserts use vprintf to print the messages to stderr.
+        In Symbian Open C it is not possible to see stderr so
+        I routed the messages to stdout instead.
+
+        * wtf/Assertions.cpp:
+
+2009-09-29  Janne Koskinen  <janne.p.koskinen@digia.com>
+
+        Reviewed by Darin Adler.
+
+        [Qt] Symbian CRASH macro implementation
+
+        Added Symbian specific crash macro that
+        stops to crash line if JIT debugging is used.
+        Additional differentiation of access violation
+        (KERN-EXEC 3) and CRASH panic.
+
+        * wtf/Assertions.h:
+
+2009-09-28  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/7195704> JavaScriptCore fails to mark registers when built for x86_64 using LLVM GCC.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::markCurrentThreadConservatively): Force jmp_buf to use the appropriate alignment for a pointer
+        to ensure that we correctly interpret the contents of registers during marking.
+
+2009-09-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Inlined a few math operations.
+        
+        ~1% SunSpider speedup.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub): Don't take a stub call when operating on
+        a constant int and a double.
+
+2009-09-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Hard dependency on SSE2 instruction set with JIT
+        https://bugs.webkit.org/show_bug.cgi?id=29779
+
+        Add floating point support checks to op_jfalse and op_jtrue, and
+        fix the logic for the slow case of op_add
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_add):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-09-28  Yaar Schnitman  <yaar@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Chromium port - recognize we are being built independently
+        of chromium and look for dependencies under webkit/chromium rather
+        than chromium/src.
+
+        https://bugs.webkit.org/show_bug.cgi?id=29722
+
+        * JavaScriptCore.gyp/JavaScriptCore.gyp:
+
+2009-09-28  Jakub Wieczorek  <faw217@gmail.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Implement XSLT support with QtXmlPatterns.
+        https://bugs.webkit.org/show_bug.cgi?id=28303
+
+        * wtf/Platform.h: Add a WTF_USE_QXMLQUERY #define.
+
+2009-09-28  Yongjun Zhang  <yongjun.zhang@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28054
+       
+        Use derefInNotNull() to work around winscw compiler forward declaration bug
+        regarding templated classes. 
+
+        The compiler bug is reported at 
+        https://xdabug001.ext.nokia.com/bugzilla/show_bug.cgi?id=9812.
+        
+        The change should be reverted when the above bug is fixed in winscw compiler. 
+
+        Add parenthesis around (RefPtr::*UnspecifiedBoolType) to make winscw compiler
+        work with the default UnSpecifiedBoolType() operator, which removes the winscw hack.
+
+        * wtf/RefPtr.h:
+        (WTF::RefPtr::~RefPtr):
+        (WTF::RefPtr::clear):
+        (WTF::RefPtr::operator UnspecifiedBoolType):
+
+2009-09-28  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        Remove __clear_cache which is an internal function of GCC
+        https://bugs.webkit.org/show_bug.cgi?id=28886
+
+        Although __clear_cache is exported from GCC, this is an internal
+        function. GCC makes no promises about it.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+
+2009-09-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix an absolute path to somewhere in Oliver's machine to a relative path
+        for derived JSONObject.lut.h.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-09-28  Joerg Bornemann  <joerg.bornemann@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Add ARM version detection for Windows CE.
+
+        * wtf/Platform.h:
+
+2009-09-26  Yongjun Zhang  <yongjun.zhang@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Add MarkStackSymbian.cpp to build JavascriptCore for Symbian.
+
+        Re-use Windows shrinkAllocation implementation because Symbian doesn't
+        support releasing part of memory region.
+        
+        Use fastMalloc and fastFree to implement allocateStack and releaseStack
+        for Symbian port.
+
+        * JavaScriptCore.pri:
+        * runtime/MarkStack.h:
+        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
+        * runtime/MarkStackSymbian.cpp: Added.
+        (JSC::MarkStack::initializePagesize):
+        (JSC::MarkStack::allocateStack):
+        (JSC::MarkStack::releaseStack):
+
+2009-09-25  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix unaligned data access in YARR_JIT on ARMv5 and below.
+        https://bugs.webkit.org/show_bug.cgi?id=29695
+
+        On ARMv5 and below all data access should be naturally aligned.
+        In the YARR_JIT there is a case when character pairs are
+        loaded from the input string, but this data access is not
+        naturally aligned. This fix introduces load32WithUnalignedHalfWords
+        and branch32WithUnalignedHalfWords functions which contain
+        naturally aligned memory loads - half word loads - on ARMv5 and below.
+
+        * assembler/MacroAssemblerARM.cpp:
+        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
+        (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::load32WithUnalignedHalfWords):
+        (JSC::MacroAssemblerARMv7::branch32):
+        (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::load32WithUnalignedHalfWords):
+        (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
+        * wtf/Platform.h:
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterPair):
+
+2009-09-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Division is needlessly slow in 64-bit
+        https://bugs.webkit.org/show_bug.cgi?id=29723
+
+        Add codegen for op_div on x86-64
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emitSlow_op_div):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::isOperandConstantImmediateDouble):
+        (JSC::JIT::addressFor):
+        (JSC::JIT::emitLoadDouble):
+        (JSC::JIT::emitLoadInt32ToDouble):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmediateNumber):
+
+2009-09-24  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by Adam Barth.
+
+        Replace platform-dependent code with WTF::currentTime()
+        https://bugs.webkit.org/show_bug.cgi?id=29148
+
+        * jsc.cpp:
+        (StopWatch::start):
+        (StopWatch::stop):
+        (StopWatch::getElapsedMS):
+        * runtime/TimeoutChecker.cpp:
+        (JSC::getCPUTime):
+
+2009-09-24  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix FastMalloc to build with assertions enabled.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_Central_FreeList::ReleaseToSpans):
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::IsHeld):
+
+2009-09-24  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <rdar://problem/7215058> FastMalloc scavenging thread should be named
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::scavengerThread): Set the thread name.
+        * wtf/Platform.h: Move the knowledge of whether pthread_setname_np exists to here as HAVE(PTHREAD_SETNAME_NP).
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::setThreadNameInternal): Use HAVE(PTHREAD_SETNAME_NP).
+
+2009-09-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Suggested by Darin Adler.
+
+        Removed some unnecessary parameter names.
+
+        * wtf/HashCountedSet.h:
+
+2009-09-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Code sampling builds are broken.
+        https://bugs.webkit.org/show_bug.cgi?id=29662
+
+        Fix build.
+
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * bytecode/SamplingTool.cpp:
+        (JSC::ScriptSampleRecord::sample):
+        (JSC::SamplingTool::doRun):
+        (JSC::SamplingTool::notifyOfScope):
+        (JSC::compareScriptSampleRecords):
+        (JSC::SamplingTool::dump):
+        * bytecode/SamplingTool.h:
+        (JSC::ScriptSampleRecord::ScriptSampleRecord):
+        (JSC::ScriptSampleRecord::~ScriptSampleRecord):
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::makeFunction):
+        * debugger/Debugger.cpp:
+        (JSC::evaluateInGlobalCallFrame):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        * runtime/Completion.cpp:
+        (JSC::checkSyntax):
+        (JSC::evaluate):
+        * runtime/Executable.cpp:
+        (JSC::FunctionExecutable::fromGlobalCode):
+        * runtime/Executable.h:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::EvalExecutable::create):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        (JSC::FunctionExecutable::create):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+
+2009-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        * wtf/Forward.h: Added PassOwnPtr.
+
+2009-09-22  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Unreviewed build fix for Windows CE < 5
+
+        Define WINCEBASIC to disable the IsDebuggerPresent() code in
+        wtf/Assertions.cpp.
+
+        * JavaScriptCore.pri:
+
+2009-10-02  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Rubber-stamped by Simon Hausmann.
+
+        Fix the Qt on Mac OS X build.
+
+        * wtf/FastMalloc.cpp:
+
+2009-10-02  Jørgen Lind  <jorgen.lind@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Allow enabling and disabling of the JIT through a qmake variable.
+
+        Qt's configure may set this variable through .qmake.cache if a
+        commandline option is given and/or the compile test for hwcap.h
+        failed/succeeded.
+
+        * JavaScriptCore.pri:
+
+2009-09-23  Geoffrey Garen  <ggaren@apple.com>
+
+        A piece of my last patch that I forgot.
+
+        * wtf/HashCountedSet.h:
+        (WTF::::clear): Added HashCountedSet::clear.
+
+2009-09-24  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Reduce heap size on Symbian from 64MB to 8MB.
+
+        This is not a perfect fix, it requires more fine tuning.
+        But this makes it possible again to debug in the emulator,
+        which is more important in order to be able to fix other
+        run-time issues.
+
+        * runtime/Collector.h:
+
+2009-09-30  Janne Koskinen  <janne.p.koskinen@digia.com> 
+
+        Reviewed by Simon Hausmann.
+
+        Avoid __clear_cache built-in function if DISABLE_BUILTIN_CLEAR_CACHE define is set
+        https://bugs.webkit.org/show_bug.cgi?id=28886
+
+        There are some GCC packages (for example GCC-2006q3 from CodeSourcery)
+        which contain __clear_cache built-in function only for C while the C++
+        version of __clear_cache is missing on ARM architectures.
+
+        Fixed a small bug in the inline assembly of cacheFlush function on
+        ARM_TRADITIONAL.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+
+2009-09-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        REGRESSION (r48582): Crash in StructureStubInfo::initPutByIdTransition when reloading trac.webkit.org
+        https://bugs.webkit.org/show_bug.cgi?id=29599
+
+        It is unsafe to attempt to cache new property transitions on
+        dictionaries of any type.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCachePutByID):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+
+2009-09-21  Oliver Hunt  <oliver@apple.com>
+
+        RS=Maciej Stachowiak.
+
+        Re-land SNES fix with corrected assertion.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::DEFINE_STUB_FUNCTION):
+        * runtime/BatchedTransitionOptimizer.h:
+        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::removeDirect):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::getEnumerablePropertyNames):
+        (JSC::Structure::despecifyDictionaryFunction):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::removePropertyTransition):
+        (JSC::Structure::toDictionaryTransition):
+        (JSC::Structure::toCacheableDictionaryTransition):
+        (JSC::Structure::toUncacheableDictionaryTransition):
+        (JSC::Structure::fromDictionaryTransition):
+        (JSC::Structure::removePropertyWithoutTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::isDictionary):
+        (JSC::Structure::isUncacheableDictionary):
+        (JSC::Structure::):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::isCacheable):
+
+2009-09-21  Adam Roben  <aroben@apple.com>
+
+        Revert r48573, as it caused many assertion failures
+
+        * interpreter/Interpreter.cpp:
+        * jit/JITStubs.cpp:
+        * runtime/BatchedTransitionOptimizer.h:
+        * runtime/JSObject.cpp:
+        * runtime/Structure.cpp:
+        * runtime/Structure.h:
+        * runtime/StructureChain.cpp:
+
+2009-09-21  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Unreviewed make dist build fix. Missing files.
+
+        * GNUmakefile.am:
+
+2009-09-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam 'Cabin Boy' Weinig.
+
+        Fix stack alignment with ARM THUMB2 JIT.
+        https://bugs.webkit.org/show_bug.cgi?id=29526
+        
+        Stack is currently being decremented by 0x3c, bump this to 0x40 to make this a
+        multiple of 16 bytes.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+        * jit/JITStubs.h:
+
+2009-09-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        SNES is too slow
+        https://bugs.webkit.org/show_bug.cgi?id=29534
+
+        The problem was that the emulator used multiple classes with
+        more properties than our dictionary cutoff allowed, this resulted
+        in more or less all critical logic inside the emulator requiring
+        uncached property access.
+
+        Rather than simply bumping the dictionary cutoff, this patch
+        recognises that there are two ways to create a "dictionary"
+        structure.  Either by adding a large number of properties, or
+        by removing a property.  In the case of adding properties we
+        know all the existing properties will maintain their existing
+        offsets, so we could cache access to those properties, if we
+        know they won't be removed.
+
+        To make this possible, this patch adds the logic required to
+        distinguish a dictionary created by addition from one created
+        by removal.  With this logic in place we can now cache access
+        to objects with large numbers of properties.
+
+        SNES performance improved by more than 6x.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::DEFINE_STUB_FUNCTION):
+        * runtime/BatchedTransitionOptimizer.h:
+        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::removeDirect):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::getEnumerablePropertyNames):
+        (JSC::Structure::despecifyDictionaryFunction):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::removePropertyTransition):
+        (JSC::Structure::toDictionaryTransition):
+        (JSC::Structure::toCacheableDictionaryTransition):
+        (JSC::Structure::toUncacheableDictionaryTransition):
+        (JSC::Structure::fromDictionaryTransition):
+        (JSC::Structure::removePropertyWithoutTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::isDictionary):
+        (JSC::Structure::isUncacheableDictionary):
+        (JSC::Structure::):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::isCacheable):
+
+2009-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Implement ES5 Object.create function
+        https://bugs.webkit.org/show_bug.cgi?id=29524
+
+        Implement Object.create.  Very simple patch, effectively Object.defineProperties
+        only creating the target object itself.
+
+        * runtime/CommonIdentifiers.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::objectConstructorCreate):
+
+2009-09-19  Dan Bernstein  <mitz@apple.com>
+
+        Fix clean debug builds.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-19  Joerg Bornemann  <joerg.bornemann@nokia.com>
+
+        Reviewed by George Staikos.
+
+        QtWebKit Windows CE compile fix
+
+        https://bugs.webkit.org/show_bug.cgi?id=29379
+
+        There is no _aligned_alloc or _aligned_free on Windows CE.
+        We just use the Windows code that was there before and use VirtualAlloc.
+        But that also means that the BLOCK_SIZE must be 64K as this function
+        allocates on 64K boundaries.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::allocateBlock):
+        (JSC::Heap::freeBlock):
+        * runtime/Collector.h:
+
+2009-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Implement ES5 Object.defineProperties function
+        https://bugs.webkit.org/show_bug.cgi?id=29522
+
+        Implement Object.defineProperties.  Fairly simple patch, simply makes use of
+        existing functionality used for defineProperty.
+
+        * runtime/CommonIdentifiers.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::defineProperties):
+        (JSC::objectConstructorDefineProperties):
+
+2009-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Windows build fix part2
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        Windows build fix part 1.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Implement ES5 Object.defineProperty function
+        https://bugs.webkit.org/show_bug.cgi?id=29503
+
+        Implement Object.defineProperty.  This requires adding the API to
+        ObjectConstructor, along with a helper function that implements the
+        ES5 internal [[ToPropertyDescriptor]] function.  It then adds
+        JSObject::defineOwnProperty that implements the appropriate ES5 semantics.
+        Currently defineOwnProperty uses a delete followed by a put to redefine
+        attributes of a property, clearly this is less efficient than it could be
+        but we can improve this if it needs to be possible in future.
+
+        * JavaScriptCore.exp:
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::defineGetter):
+        (JSC::DebuggerActivation::defineSetter):
+        * debugger/DebuggerActivation.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+          Update defineGetter/Setter calls
+        * runtime/CommonIdentifiers.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::getOwnPropertySlot):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::defineGetter):
+        (JSC::JSGlobalObject::defineSetter):
+        * runtime/JSGlobalObject.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::putDescriptor):
+        (JSC::JSObject::defineOwnProperty):
+        * runtime/JSObject.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::objectConstructorGetOwnPropertyDescriptor):
+        (JSC::toPropertyDescriptor):
+        (JSC::objectConstructorDefineProperty):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        * runtime/PropertyDescriptor.cpp:
+        (JSC::PropertyDescriptor::writable):
+        (JSC::PropertyDescriptor::enumerable):
+        (JSC::PropertyDescriptor::configurable):
+        (JSC::PropertyDescriptor::isDataDescriptor):
+        (JSC::PropertyDescriptor::isGenericDescriptor):
+        (JSC::PropertyDescriptor::isAccessorDescriptor):
+        (JSC::PropertyDescriptor::getter):
+        (JSC::PropertyDescriptor::setter):
+        (JSC::PropertyDescriptor::setDescriptor):
+        (JSC::PropertyDescriptor::setAccessorDescriptor):
+        (JSC::PropertyDescriptor::setWritable):
+        (JSC::PropertyDescriptor::setEnumerable):
+        (JSC::PropertyDescriptor::setConfigurable):
+        (JSC::PropertyDescriptor::setSetter):
+        (JSC::PropertyDescriptor::setGetter):
+        (JSC::PropertyDescriptor::equalTo):
+        (JSC::PropertyDescriptor::attributesEqual):
+        (JSC::PropertyDescriptor::attributesWithOverride):
+        * runtime/PropertyDescriptor.h:
+        (JSC::PropertyDescriptor::PropertyDescriptor):
+        (JSC::PropertyDescriptor::value):
+        (JSC::PropertyDescriptor::setValue):
+        (JSC::PropertyDescriptor::isEmpty):
+        (JSC::PropertyDescriptor::writablePresent):
+        (JSC::PropertyDescriptor::enumerablePresent):
+        (JSC::PropertyDescriptor::configurablePresent):
+        (JSC::PropertyDescriptor::setterPresent):
+        (JSC::PropertyDescriptor::getterPresent):
+        (JSC::PropertyDescriptor::operator==):
+        (JSC::PropertyDescriptor::):
+
+2009-09-18  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Build fix to enable ARM_THUMB2 on Linux
+        https://bugs.webkit.org/show_bug.cgi?id=
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+        * jit/JITStubs.cpp:
+        * wtf/Platform.h:
+
+2009-09-18  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Defines two pseudo-platforms for ARM and Thumb-2 instruction set.
+        https://bugs.webkit.org/show_bug.cgi?id=29122
+
+        Introduces WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2
+        macros on ARM platforms. The PLATFORM(ARM_THUMB2) should be used
+        when Thumb-2 instruction set is the required target. The
+        PLATFORM(ARM_TRADITIONAL) is for generic ARM instruction set. In
+        case where the code is common the PLATFORM(ARM) have to be used.
+
+        * assembler/ARMAssembler.cpp:
+        * assembler/ARMAssembler.h:
+        * assembler/ARMv7Assembler.h:
+        * assembler/MacroAssembler.h:
+        * assembler/MacroAssemblerARM.cpp:
+        * assembler/MacroAssemblerARM.h:
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
+        * jit/ExecutableAllocator.h:
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::beginUninterruptedSequence):
+        (JSC::JIT::preserveReturnAddressAfterCall):
+        (JSC::JIT::restoreReturnAddressBeforeReturn):
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * jit/JITOpcodes.cpp:
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+        * jit/JITStubs.h:
+        * wtf/Platform.h:
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateEnter):
+
+2009-09-18  Joerg Bornemann  <joerg.bornemann@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix the Qt/Windows CE build.
+
+        * JavaScriptCore.pri: Build the ce_time.cpp functions from
+        within Qt externally.
+        * wtf/DateMath.cpp: Removed unnecessary Qt #ifdef, for the
+        Qt build these functions are no external, too.
+
+2009-09-17  Janne Koskinen  <janne.p.koskinen@digia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Symbian/WINSCW build fox.
+
+        Repeat Q_OS_WIN wchar_t hack for WINSCW, similar to
+        revision 24774.
+
+        WINSCW defines wchar_t, thus UChar has to be wchar_t
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+
+2009-09-17  Janne Koskinen  <janne.p.koskinen@digia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Symbian/WINSCW build fix.
+
+        https://bugs.webkit.org/show_bug.cgi?id=29186
+
+        WINSCW Template specialisation name in declaration must the be the same as in implementation.
+
+        * runtime/LiteralParser.h:
+
+2009-09-15  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27060
+
+        Symbian compiler for emulator target (WINSCW) fails with
+        "illegal operand" for m_attributesInPrevious in structure.ccp
+        (when calling make_pair functions).
+        This error is apparently due to the compiler not properly
+        resolving the unsigned type of the declared bitfield.
+
+        Initial patch explicitly casted m_attributesInPrevious
+        to unsigned, but since bitfield optimization is not critical for
+        the emulator target, this conditional change in header file
+        appears to be least intrusive.
+
+        * runtime/Structure.h:
+
+2009-09-16  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Fix GCC warnings on ARM_THUMB2 platform
+
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMThumbImmediate::countLeadingZerosPartial):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::branchTruncateDoubleToInt32):
+        (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
+
+2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
+
+        Add ENABLE(INSPECTOR)
+        https://bugs.webkit.org/show_bug.cgi?id=29260
+
+        Reviewed by David Kilzer.
+
+        * wtf/Platform.h:
+
+2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
+
+        Add ENABLE(CONTEXT_MENUS)
+        https://bugs.webkit.org/show_bug.cgi?id=29225
+
+        Reviewed by David Kilzer.
+
+        * wtf/Platform.h:
+
+2009-09-16  Benjamin C Meyer  <benjamin.meyer@torchmobile.com>
+
+        Reviewed by Eric Seidel.
+
+        The webkit stdint and stdbool headers exists because
+        the compiler MSVC doesn't include them.  The check
+        should not check for PLATFORM(WIN_OS) but for MSVC.
+
+        * os-win32/stdbool.h:
+        * os-win32/stdint.h:
+
+2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
+
+        Add ENABLE(DRAG_SUPPORT)
+        https://bugs.webkit.org/show_bug.cgi?id=29233
+
+        Reviewed by David Kilzer.
+
+        * wtf/Platform.h:
+
+2009-09-16  Kevin Ollivier  <kevino@theolliviers.com>
+
+        waf build fix after flag was moved to correct place.
+
+        * wscript:
+
+2009-09-16  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Build fix for 64-bit Qt on Mac OS X
+
+        * wtf/Platform.h: Use JSVALUE64 on DARWIN, not only on MAC
+
+2009-09-16  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Fix wtf/ThreadSpecific.h under Qt to free thread local objects.
+        https://bugs.webkit.org/show_bug.cgi?id=29295
+
+        This is an important fix when JavaScript workers are in use, since
+        unfreed ThreadGlobalDatas leak a big amount of memory (50-100k each).
+        QThreadStorage calls the destructor of a given object, which is the
+        ThreadSpecific::Data. Unlike pthread, Qt is object oriented, and does
+        not support the calling of a static utility function when the thread
+        is about to close. In this patch we call the ThreadSpecific::destroy()
+        utility function from the destructor of ThreadSpecific::Data. Moreover,
+        since Qt resets all thread local values to 0 before the calling of the
+        appropriate destructors, we set back the pointer to its original value.
+        This is necessary because the get() method of the ThreadSpecific
+        object may be called during the exuction of the destructor.
+
+        * wtf/ThreadSpecific.h:
+        (WTF::ThreadSpecific::Data::~Data):
+        (WTF::::~ThreadSpecific):
+        (WTF::::set):
+        (WTF::::destroy):
+
+2009-09-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Allow anonymous storage inside JSObject
+        https://bugs.webkit.org/show_bug.cgi?id=29168
+
+        Add the concept of anonymous slots to Structures so that it is
+        possible to store references to values that need marking in the
+        standard JSObject storage buffer.  This allows us to reduce the
+        malloc overhead of some objects (by allowing them to store JS
+        values in the inline storage of the object) and reduce the 
+        dependence of custom mark functions (if all an objects children
+        are in the standard object property storage there's no need to
+        mark them manually).
+
+        * JavaScriptCore.exp:
+        * runtime/JSObject.h:
+        (JSC::JSObject::putAnonymousValue):
+        (JSC::JSObject::getAnonymousValue):
+        (JSC::JSObject::addAnonymousSlots):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::createStructure):
+        (JSC::JSWrapperObject::JSWrapperObject):
+        (JSC::JSWrapperObject::setInternalValue):
+        * runtime/PropertyMapHashTable.h:
+        * runtime/Structure.cpp:
+        (JSC::Structure::~Structure):
+        (JSC::Structure::materializePropertyMap):
+        (JSC::Structure::addAnonymousSlotsTransition):
+        (JSC::Structure::copyPropertyTable):
+        (JSC::Structure::put):
+        (JSC::Structure::rehashPropertyMapHashTable):
+        * runtime/Structure.h:
+        (JSC::Structure::propertyStorageSize):
+        (JSC::StructureTransitionTable::reifySingleTransition):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTable::TransitionTable::addSlotTransition):
+        (JSC::StructureTransitionTable::TransitionTable::removeSlotTransition):
+        (JSC::StructureTransitionTable::TransitionTable::getSlotTransition):
+        (JSC::StructureTransitionTable::getAnonymousSlotTransition):
+        (JSC::StructureTransitionTable::addAnonymousSlotTransition):
+        (JSC::StructureTransitionTable::removeAnonymousSlotTransition):
+
+2009-09-15  Alex Milowski  <alex@milowski.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Added the ENABLE_MATHML define to the features
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-09-15 Csaba Osztrogonac <oszi@inf.u-szeged.hu>
+
+        Reviewed by Tor Arne Vestbø.
+
+        [Qt] Build fix for windows.
+
+        After http://trac.webkit.org/changeset/47795 the MinGW build broke,
+        because MinGW has __mingw_aligned_malloc instead of _aligned_malloc.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::allocateBlock): MinGW case added.
+        (JSC::Heap::freeBlock): MinGW case added.
+
+2009-09-15  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Tor Arne Vestbø.
+
+        [Qt] Build fix for Windows/MinGW
+
+        https://bugs.webkit.org/show_bug.cgi?id=29268
+
+        * wtf/Platform.h: JSVALUE32_64 temporarily disabled on PLATFORM(WIN_OS) with COMPILER(MINGW)
+
+2009-09-14  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Detect VFP at runtime in generic ARM port on Linux platform.
+        https://bugs.webkit.org/show_bug.cgi?id=29076
+
+        * JavaScriptCore.pri:
+        * assembler/MacroAssemblerARM.cpp: Added.
+        (JSC::isVFPPresent):
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::supportsFloatingPoint):
+
+2009-09-14  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Tor Arne Vestbø.
+
+        [Qt] Build fix for windows build.
+
+        * JavaScriptCore.pri: Correct a logic error.
+        * pcre/dftables: Add missing paranthesis for tmpdir function.
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Build fix for windows exports (again).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Build fix for windows exports.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Correct fix for non-allinonefile builds
+
+        * runtime/ObjectConstructor.cpp:
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix non-allinonefile builds
+
+        * runtime/ObjectConstructor.cpp:
+
+2009-09-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        [ES5] Implement Object.keys
+        https://bugs.webkit.org/show_bug.cgi?id=29170
+
+        This patch basically requires two separate steps, the first is to split getPropertyNames
+        into two functions -- getOwnPropertyNames and getPropertyNames, basically making them behave
+        in the same way as getOwnPropertySlot and getPropertySlot.  In essence getOwnPropertyNames
+        produces the list of properties on an object excluding its prototype chain and getPropertyNames
+        just iterates the the object and its prototype chain calling getOwnPropertyNames at each level.
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::getOwnPropertyNames):
+        * JavaScriptCore.exp:
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::getOwnPropertyNames):
+        * debugger/DebuggerActivation.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::getOwnPropertyNames):
+        * runtime/JSArray.h:
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::getOwnPropertyNames):
+        * runtime/JSByteArray.h:
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::getOwnPropertyNames):
+        * runtime/JSNotAnObject.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::getOwnPropertyNames):
+        * runtime/JSObject.h:
+        * runtime/JSVariableObject.cpp:
+        (JSC::JSVariableObject::getOwnPropertyNames):
+        * runtime/JSVariableObject.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::objectConstructorKeys):
+        * runtime/RegExpMatchesArray.h:
+        (JSC::RegExpMatchesArray::getOwnPropertyNames):
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::getOwnPropertyNames):
+        * runtime/StringObject.h:
+        * runtime/Structure.cpp:
+        (JSC::Structure::getOwnEnumerablePropertyNames):
+        (JSC::Structure::getEnumerablePropertyNames):
+        * runtime/Structure.h:
+
+2009-09-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        getPropertyNames caching is invalid when the prototype chain contains objects with custom getPropertyNames
+        https://bugs.webkit.org/show_bug.cgi?id=29214
+
+        Add a flag to TypeInfo to indicate whether a type overrides getPropertyNames.
+        This flag is used to make sure that caching of the property name data is safe.
+
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * debugger/DebuggerActivation.h:
+        (JSC::DebuggerActivation::createStructure):
+        * runtime/BooleanObject.h:
+        (JSC::BooleanObject::createStructure):
+        * runtime/DatePrototype.h:
+        (JSC::DatePrototype::createStructure):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/JSONObject.h:
+        (JSC::JSONObject::createStructure):
+        * runtime/JSObject.h:
+        (JSC::JSObject::createStructure):
+        * runtime/JSTypeInfo.h:
+        (JSC::TypeInfo::hasDefaultGetPropertyNames):
+        * runtime/JSVariableObject.h:
+        (JSC::JSVariableObject::createStructure):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::createStructure):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.h:
+        (JSC::NumberObject::createStructure):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::isCacheable):
+
+2009-09-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        https://bugs.webkit.org/show_bug.cgi?id=29207
+        Add checks for using WebCore JS context on secondary threads
+
+        * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        Added a new mainThreadOnly flag that WebCore would set.
+
+        * runtime/Collector.cpp: (JSC::Heap::registerThread): JSC API methods always call this,
+        so this is a good place to check that the API isn't used form a wrong thread.
+
+2009-09-11  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Compiling JavaScriptCore on sparc 64 with gcc fails.
+
+        ThreadSafeShared uses the atomic __gnu_cxx::__exchange_and_add with an int,
+        however on sparc 64 the _Atomic_word argument is typedefed to long (8 bytes).
+
+        The patch disables WTF_USE_LOCKFREE_THREADSAFESHARED in ThreadSafeShared to use
+        a mutex instead when compiling for sparc 64 with gcc.
+
+        https://bugs.webkit.org/show_bug.cgi?id=29175
+
+        * wtf/Platform.h:
+        __sparc64__ is not defined on all OS.
+        Uses instead: __sparc__ && __arch64__ || __sparcv9
+        * wtf/Threading.h:
+
+2009-09-11  Prasanth Ullattil  <prasanth.ullattil@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix compile error on Windows7(64Bit) with latest SDK.
+
+        Added the missing include file.
+
+        * runtime/UString.cpp:
+
+2009-09-11  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Simon Hausmann.
+
+        Qt/Windows CE compile fix, include the executable allocator and
+        markstack implementation in the windows build.
+
+        * JavaScriptCore.pri:
+
+2009-09-08  John Abd-El-Malek  <jam@chromium.org>
+
+        Reviewed by Dimitri Glazkov.
+
+        Remove unneeded define for ActiveX.
+        https://bugs.webkit.org/show_bug.cgi?id=29054
+
+        * wtf/Platform.h:
+
+2009-09-10  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Update JavaScriptCore and WebKit's FeatureDefines.xcconfig so that they are in sync with WebCore as they need to be.
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-09-10  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Export WTF::tryFastMalloc used in WebSocketChannel.
+        https://bugs.webkit.org/show_bug.cgi?id=28038
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Make StructureTransitionTable use an enum for the PtrAndFlags member
+        used for the single transition slot optimisation.
+
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTable::StructureTransitionTable):
+        (JSC::StructureTransitionTable::usingSingleTransitionSlot):
+        (JSC::StructureTransitionTable::):
+
+2009-09-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Refactor StructureTransitionTable and Structure to unify handling of the single slot optimization
+        https://bugs.webkit.org/show_bug.cgi?id=29141
+
+        Make StructureTransitionTable encapsulate the single transition slot optimization.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::~Structure):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::addPropertyWithoutTransition):
+        (JSC::Structure::removePropertyWithoutTransition):
+        (JSC::Structure::hasTransition):
+        * runtime/Structure.h:
+        (JSC::StructureTransitionTable::contains):
+        (JSC::StructureTransitionTable::get):
+        (JSC::StructureTransitionTable::hasTransition):
+        (JSC::StructureTransitionTable::reifySingleTransition):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTable::StructureTransitionTable):
+        (JSC::StructureTransitionTable::~StructureTransitionTable):
+        (JSC::StructureTransitionTable::remove):
+        (JSC::StructureTransitionTable::add):
+        (JSC::StructureTransitionTable::table):
+        (JSC::StructureTransitionTable::singleTransition):
+        (JSC::StructureTransitionTable::usingSingleTransitionSlot):
+        (JSC::StructureTransitionTable::setSingleTransition):
+        (JSC::StructureTransitionTable::setTransitionTable):
+        (JSC::StructureTransitionTable::):
+        * wtf/PtrAndFlags.h:
+        (WTF::PtrAndFlags::PtrAndFlags):
+
+2009-09-10  Zoltan Horvath  <zoltan@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Implement fastDeleteSkippingDestructor for FastAllocBase and fastDeleteAllValues for HashSet
+        https://bugs.webkit.org/show_bug.cgi?id=25930
+
+        FastAllocBase has been extended with fastDeleteSkippingDestructor function which
+        releases memory without destructor call. fastDeleteAllValues has been implemented 
+        similar as deleteAllValues but it uses fastDelete function to release memory.
+
+        * wtf/FastAllocBase.h:
+        (WTF::fastDeleteSkippingDestructor):
+        * wtf/HashSet.h:
+        (WTF::fastDeleteAllValues):
+
+2009-09-10  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        ARM compiler does not understand GCC visibility attribute
+        https://bugs.webkit.org/show_bug.cgi?id=29079
+
+        * API/JSBase.h: Make the test more specific to hit only
+        the GCC compiler
+
+2009-09-10  Adam Barth  <abarth@webkit.org>
+
+        Unreviewed revert of the previous change.  It broke the tests.
+
+        * wtf/dtoa.cpp:
+        (WTF::dtoa):
+
+2009-09-10  Ben Laurie  <benl@google.com>
+
+        Reviewed by Adam Barth.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=26836>
+
+        If dtoa was given a small buffer and the number was either infinite or
+        NaN, then the buffer would be overflowed.
+
+        * wtf/dtoa.cpp:
+
+2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Change reinterpret_cast to static_cast in r48212.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+
+2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Remove WTF_PLATFORM_FORCE_PACK as it is no longer used
+        https://bugs.webkit.org/show_bug.cgi?id=29066
+
+        * wtf/Platform.h:
+
+2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Ariya Hidayat.
+
+        Implement flushing the instruction cache for Symbian
+        https://bugs.webkit.org/show_bug.cgi?id=29075
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush): Call IMB_Range to flush
+        the instruction cache on Symbian
+
+2009-09-09  Kent Hansen  <khansen@trolltech.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=29024
+        Make JavaScriptCore compile on platforms with case-insensitive file systems and typeinfo.h in STL
+
+        These platforms include Microsoft Visual Studio 2003, and Symbian with Metrowerks compiler.
+
+        * JavaScriptCore.gypi:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSTypeInfo.h: Copied from JavaScriptCore/runtime/TypeInfo.h.
+        * runtime/Structure.h:
+        * runtime/TypeInfo.h: Removed.
+
+2009-09-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        JSON.stringify(Date) loses the milliseconds information
+        https://bugs.webkit.org/show_bug.cgi?id=29063
+
+        Make sure we include milliseconds in the output of toISOString.
+
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToISOString):
+
+2009-09-08  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix, generate derived sources earlier in order to make sure
+        they're found by the build system when generating the list of sources to build.
+
+        * wscript:
+
+2009-09-08  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Build fix when USE(LOCKFREE_THREADSAFESHARED) is not defined
+        https://bugs.webkit.org/show_bug.cgi?id=29011
+
+        * wtf/Threading.h: Use LOCKFREE_THREADSAFESHARED guard for 
+        atomicIncrement and atomicDecrement
+
+2009-09-07  Zoltan Horvath  <zoltan@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control in Yarr's RegexInterpreter
+        https://bugs.webkit.org/show_bug.cgi?id=29025
+
+        Inherits RegexInterpreter classes from FastAllocBase (bug #20422), which has
+        been instantiated by 'new':
+
+        class ByteDisjunction
+        -> instantiated in JavaScriptCore/yarr/RegexInterpreter.cpp:1462
+
+        struct BytecodePattern
+        -> instantiated in JavaScriptCore/yarr/RegexInterpreter.cpp:1279
+
+        * yarr/RegexInterpreter.h:
+
+2009-09-07  Drew Wilson  <atwilson@google.com>
+
+        Reverting r48121 to fix Windows build errors.
+
+        * JavaScriptCore.exp:
+
+2009-09-07  Drew Wilson  <atwilson@google.com>
+
+        Reviewed by David Levin.
+
+        Enable SHARED_WORKERS by default
+        https://bugs.webkit.org/show_bug.cgi?id=28959
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-09-07  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Export WTF::tryFastMalloc used in WebSocketChannel.
+        https://bugs.webkit.org/show_bug.cgi?id=28038
+
+        * JavaScriptCore.exp:
+
+2009-09-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix windows export files
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-09-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        [[ToString]] conversion should use the actual toString function for String objects.
+
+        Remove incorrect specialisations of toString conversions on StringObject.
+
+        * JavaScriptCore.exp:
+        * runtime/StringObject.cpp:
+        * runtime/StringObject.h:
+
+2009-09-04  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Add new export.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Add new export.
+
+2009-09-04  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove unneeded export.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Remove unneeded export.
+
+2009-09-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        DateInstance object collected on ARM JIT (JSValue: WTF_USE_JSVALUE32)
+        https://bugs.webkit.org/show_bug.cgi?id=28909
+
+        Part two.
+
+        Make some improvements to garbage collection code:
+
+            1) Create a runtime assertion that catches any classes that
+               override markChildren but have the HasDefaultMark bit set.
+            2) Remove checks of the mark bit outside the MarkStack::append
+               function; they are redundant.
+            3) Improve the efficiency of the asObject and asArray functions
+               when called on JSCell* to avoid a round trip to JSValue.
+            4) Make more callers use the checked asCell and asObject
+               casting functions rather than unchecked casts.
+            5) Removed the JSCell::marked function and other GC-related
+               functions because these operations are no longer things that
+               code other than the core GC code needs to do directly. Fixed
+               callers that were calling them.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::markConservatively): Removed unneeded call to MarkStack::drain.
+        (JSC::Heap::markProtectedObjects): Removed unneeded check of the mark
+        bit and call to MarkStack::drain.
+        (JSC::Heap::collect): Removed unneeded checks of the mark bit and also
+        changed call to SmallStrings::mark to call markChildren instead to match
+        the rest of the objects.
+        (JSC::typeName): Removed unneeded cast to JSObject*.
+
+        * runtime/JSArray.h:
+        (JSC::asArray): Added an overload for JSCell* and changed the JSValue
+        version to call it. Removed some unneeded casts.
+        (JSC::JSArray::markChildrenDirect): Marked this function inline. It's in
+        a header, and if not marked inline this could lead to linking problems.
+        (JSC::MarkStack::markChildren): Added. This helper function is used by
+        the drain function to avoid repating code. Also added the code here to
+        check fro default mark violations in debug code. If a markChildren
+        function adds something to the mark stack, but the type info claimed
+        hasDefaultMark was true, then we will get an assertion now. Also fixed
+        the assertion about the mark bit to use the Heap function directly
+        because we don't have a JSCell::marked function any more.
+        (JSC::MarkStack::drain): Changed a local variable from "v" to "value",
+        and from "currentCell" to "cell". Changed to call markChildren in two
+        places instead of repeating a chain of if statements twice. Changed
+        code that reads and writes the mark bit to use Heap::isCellMarked and
+        Heap::markCell so we can eliminate the JSCell::marked and
+        JSCell::markCellDirect functions.
+
+        * runtime/JSCell.h: Removed JSCell's markCellDirect and marked member
+        functions. Added a comment explaining that asCell should be deprecated
+        in favor of the JSValue asCell member function.
+        (JSC::MarkStack::append): Added the assertion that catches callers
+        that have set the HasDefaultMark bit incorrectly. Changed
+        code that reads and writes the mark bit to use Heap::isCellMarked and
+        Heap::markCell so we can eliminate the JSCell::marked and
+        JSCell::markCellDirect functions. Moved the overload of
+        MarkStack::append for JSValue here so it can call through to the cell
+        version. The old version had a copy of all the code instead, but that
+        repeated the conversion from JSValue to JSCell* and the check for
+        whether a value is a cell multiple times.
+        (JSC::Structure::markAggregate): Moved this function here to avoid
+        dependencies for Structure.h, since this calls MarkStack::append.
+
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::markChildren): Added code to clear
+        m_isCheckingForDefaultMarkViolation so the marking done by JSObject
+        doesn't trigger the assertion.
+
+        * runtime/JSValue.h: Moved some stray includes that were outside the
+        header guard inside it. Not sure how that happened! Removed the
+        GC-related member functions markChildren, hasChildren, marked, and
+        markDirect.
+
+        * runtime/JSWrapperObject.h: Made markChildren private.
+        (JSC::JSWrapperObject::createStructure): Added. Fixes a bug where the
+        HasDefaultMark bit was set.
+
+        * runtime/MarkStack.h: Added m_isCheckingForDefaultMarkViolation and
+        initialized it to false. Moved the append function body from here to
+        JSCell.h. Added a declaration of a private markChildren function used
+        inside the drain function.
+
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStrings::markChildren): Changed the name and style of this
+        function to match other functions. This allows us to share the normal
+        mark stack code path.
+
+        * runtime/SmallStrings.h: Changed the name and interface of mark to
+        the more-normal markChildren style.
+
+        * runtime/Structure.h: Moved the body of markAggregate into the
+        JSCell.h to avoid a circular dependency with JSCell.h.
+
+2009-09-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        DateInstance object collected on ARM JIT (JSValue: WTF_USE_JSVALUE32)
+        https://bugs.webkit.org/show_bug.cgi?id=28909
+
+        Part one.
+
+        Make some improvements to garbage collection code:
+
+            1) Fix the two classes that had the default mark bit set but
+               should not.
+            2) Remove checks of the mark bit outside the MarkStack::append
+               function; they are redundant.
+            3) Make more callers use the checked asCell and asObject
+               casting functions rather than unchecked casts.
+            4) Removed some GC-related functions because these operations are
+               no longer things that code other than the core GC code needs
+               to do directly. Fixed callers that were calling them.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::markAggregate): Removed unneeded check of the mark
+        bit before calling MarkStack::append.
+
+        * interpreter/Register.h: Removed unneeded marked and markChildren
+        functions.
+
+        * jit/JITStubs.cpp:
+        (op_eq): Removed unneeded assertions, instead using checked casting
+        functions such as asObject.
+
+        * runtime/ArgList.h: Added now-needed forward declaration of MarkStack.
+
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::markChildren): Remmoved unneeded check of the mark bit.
+
+        * runtime/GlobalEvalFunction.h:
+        (JSC::GlobalEvalFunction::createStructure): Added. Fixes a bug where the
+        HasDefaultMark bit was set.
+
+        * runtime/JSCell.cpp:
+        (JSC::JSCell::getObject): Use asObject to avoid a direct static_cast.
+
+        * runtime/JSObject.h:
+        (JSC::asObject): Added an overload for JSCell* and changed the JSValue
+        version to call it.
+        (JSC::JSValue::get): Use asObject to avoid a direct static_cast.
+
+        * runtime/JSWrapperObject.h: Made markChildren private.
+        (JSC::JSWrapperObject::createStructure): Added. Fixes a bug where the
+        HasDefaultMark bit was set. Later we may want to optimize this for
+        wrapper types that never have cells in their internal values, but there
+        is no measured performance regression in SunSpider or V8 doing this
+        all the time.
+
+        * runtime/MarkStack.cpp: Tweaked formatting.
+
+2009-09-04  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Switch USE_ defines over to the compiler so that they can be
+        checked by files not including config.h (like WebCorePrefix.h).
+
+        * wtf/Platform.h:
+
+2009-09-03  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by David Levin.
+
+        Remove unnecessary dependency on unistd.h
+        https://bugs.webkit.org/show_bug.cgi?id=28962
+
+        * runtime/Completion.cpp:
+
+2009-09-03  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Add strnstr for Linux and Windows in StringExtras.h
+        https://bugs.webkit.org/show_bug.cgi?id=28901
+
+        * wtf/StringExtras.h:
+        (strnstr):
+
+2009-09-03  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's HashEntry class
+        https://bugs.webkit.org/show_bug.cgi?id=27830
+
+        Inherits HashEntry class from FastAllocBase because it has been
+        instantiated by 'new' JavaScriptCore/runtime/Lookup.cpp:32.
+
+        * runtime/Lookup.h:
+
+2009-09-02  Gavin Barraclough  <barraclough@apple.com>
+
+        Should crash if JIT code buffer allocation fails.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28926
+        <rdar://problem/7031922>
+
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+        * jit/ExecutableAllocatorWin.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+
+2009-09-02  Kevin Ollivier  <kevino@theolliviers.com>
+
+        waf build fixes for Windows/MSVC.
+
+        * wscript:
+
+2009-09-02  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Build fix for building on Windows.
+
+        * wtf/ThreadingPthreads.cpp:
+
+2009-09-02  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        Use fastMalloc when neither MMAP nor VIRTUALALLOC are enabled
+        
+        RegisterFile constructor currently throws #error when both
+        MMAP and VIRTUALALLOC conditions fail.
+        On any platform that does not provide these features
+        (for instance, Symbian),
+        the fallback should be regular malloc (or fastMalloc).
+        It is functionally equivalent in this case, even though it may
+        have certain drawbacks such as lack of dynamic pre-allocation.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::~RegisterFile):
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+
+2009-08-31  Robert Agoston  <Agoston.Robert@stud.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Fixed typo.
+        https://bugs.webkit.org/show_bug.cgi?id=28691
+
+        * parser/Parser.h:
+        (JSC::Parser::parse):
+
+2009-08-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        JSON Stringifier does not follow ES5 spec for handling of Number, String and Boolean objects
+        https://bugs.webkit.org/show_bug.cgi?id=28797
+
+        Fixed unwrapBoxedPrimitive to do the right thing, which necessitated a couple of new exception
+        checks, and corrected the logic in gap to correctly convert Number and String objects.
+
+        * runtime/JSONObject.cpp:
+        (JSC::unwrapBoxedPrimitive):
+        (JSC::gap):
+        (JSC::Stringifier::Stringifier):
+        (JSC::Stringifier::appendStringifiedValue):
+
+2009-08-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Adam Roben.
+
+        JSON.stringify replacer array does not accept values that are not string primitives.
+        https://bugs.webkit.org/show_bug.cgi?id=28788
+
+        Update the JSON stringifier to initialise its replacer array according to the most
+        recent version of the spec.
+
+        * runtime/Identifier.h:
+        (JSC::Identifier::from):
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::Stringifier):
+
+2009-08-27  Alexey Proskuryakov  <ap@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28753
+        <rdar://problem/7173448> Excessive number of threads (and a crash)
+
+        * wtf/Threading.h: (WTF::atomicIncrement): Changed atomicIncrement to match decrement
+        and return the new value. Also added using directives for these functions, to match
+        te rest of WTF.
+
+2009-08-27  Brent Fulgham  <bfulgham@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Link the testapi against CFLite when building the WinCairo port.
+
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add new Release_CFLite
+          target.  Update all targets to inherit from either the
+          JavaScriptCF.vsprops (Apple target) or the JavaScriptCFLite.vsprops
+          file (WinCairo target).
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Remove
+          input file CoreFoundation.lib. This is provided by either the
+          JavaScriptCF.vsprops or JavaScriptCFLite.vsprops file.
+
+2009-08-27  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Geoff Garen.
+        
+        Fix Windows-specific crash due to missing memory clearing call.
+        
+        * runtime/Collector.cpp:
+        (JSC::Heap::allocateBlock):
+
+2009-08-27  Brent Fulgham  <bfulgham@webkit.org>
+
+        Build fix: JavaScriptCore_debug.def missing some exports.  Apple
+        Windows build does not use this file, so it was not noticed previously.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-27  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        x86-64 GTK broken due to code offsets changing, pointers sometimes packed into immediates.
+        https://bugs.webkit.org/show_bug.cgi?id=28317
+
+        Missed one, fix part II.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::move):
+        * assembler/X86Assembler.h:
+        (JSC::CAN_SIGN_EXTEND_8_32):
+
+2009-08-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Adam Roben.
+
+        JSON.stringify replacer array does not accept values that are not string primitives.
+        https://bugs.webkit.org/show_bug.cgi?id=28788
+
+        Update the JSON stringifier to initialise its replacer array according to the most
+        recent version of the spec.
+
+        * runtime/Identifier.h:
+        (JSC::Identifier::from):
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::Stringifier):
+
+2009-08-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        JSON parser accepts trailing comma in array literals
+        https://bugs.webkit.org/show_bug.cgi?id=28779
+
+        Update parser to correctly fail if there's a trailing comma.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::parse):
+
+2009-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        'this' in JSON.parse reviver is the global object
+        https://bugs.webkit.org/show_bug.cgi?id=28752
+
+        This is a technically simple change, we merely update the code for calling
+        the reviver function to pass the correct this object.  Doing so however
+        exposes the holder to arbitrary mutation by the reviver function so it is
+        necessary for us to now guard all property accesses against the possibility
+        of failure.
+
+        * runtime/JSArray.h:
+          JSON needs to delete a property from the array, so we friend its 
+          Walker class so that we can make a non-virtual call to the arrays
+          delete and getOwnPropertySlot methods.
+        * runtime/JSONObject.cpp:
+        (JSC::Walker::callReviver):
+          We need to pass the correct this object
+        (JSC::Walker::walk):
+          Update calls to callReviver, and update property logic logic
+          to correctly handle the holder being mutated by the reviver
+          function.
+
+2009-08-26  Alice Liu  <alice.liu@apple.com>
+
+        Windows build fix: added some exported symbols
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix: Removed some exported symbols that no longer exist.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Olliejver Hunt.
+
+        x86-64 GTK broken due to code offsets changing, pointers sometimes packed into immediates.
+        https://bugs.webkit.org/show_bug.cgi?id=28317
+
+        We rely on a slightly OS X specific behaviour, that x86-64 applications have a 4Gb zero page,
+        so pointers are never representable as a 32-bit integer, and always have to be represented by
+        a separate immediate load instruction, rather than within the immediate field of an arithmetic
+        or memory operation.
+
+        We explicitly check for a couple of cases where a value might be representable in 32-bit, but
+        these probably never kick in on Mac OS, and only kick in to hose GTK.  Deleting these does not
+        show a performance degradation on SunSpider.  Remove.
+
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::storePtr):
+        (JSC::MacroAssemblerX86_64::branchPtr):
+
+2009-08-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        A bit of Collector refatoring.
+        
+        SunSpider says no change. v8 says 1.003x faster (1.02x faster on splay).
+
+        * JavaScriptCore.exp:
+
+        * runtime/JSCell.cpp:
+        (JSC::JSCell::toPrimitive):
+        (JSC::JSCell::getPrimitiveNumber):
+        (JSC::JSCell::toBoolean):
+        (JSC::JSCell::toNumber):
+        (JSC::JSCell::toString):
+        (JSC::JSCell::toObject): Removed pure virtual functions from
+        JSCell, so the collector can construct one. This allowed
+        me to remove a bunch of ASSERT_NOT_REACHED throughout the
+        code, too.
+
+        * runtime/JSCell.h:
+        (JSC::JSCell::JSCell): ditto
+        (JSC::Heap::heap): Inlined this function because it's trivial.
+
+        * JavaScriptCore.exp:
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::destroy):
+        (JSC::Heap::allocateBlock):
+        (JSC::Heap::freeBlock):
+        (JSC::Heap::freeBlocks): Renamed freeHeap to freeBlocks, since
+        it doesn't actually free the Heap object.
+        (JSC::Heap::heapAllocate):
+        (JSC::Heap::sweep):
+        * runtime/Collector.h: Refactored block allocation and destruction
+        into helper functions.
+        
+        * runtime/GetterSetter.cpp:
+        * runtime/JSAPIValueWrapper.cpp:
+        * runtime/JSPropertyNameIterator.cpp: Removed dummy implementations
+        of pure virtual functions. (See above.)
+
+=== End re-roll-in of r47738:47740 with Windows crash fixed ===
+
+2009-08-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: start out with a 32-bit value to avoid a shortening warning.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::sweep):
+
+2009-08-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Substantially reduced VM thrash in the GC heap.
+        
+        1.08x faster on v8 (1.60x faster on v8-splay).
+        
+        1.40x faster on bench-alloc-nonretained.
+        
+        1.90x faster on bench-alloc-retained.
+        
+        SunSpider says no change.
+        
+        * runtime/Collector.cpp:
+        (JSC::Heap::heapAllocate): Fixed a long-standing bug: update a few local
+        variables unconditionally after calling collect(), since they may be used
+        even if we don't "goto scan". (In the bug I saw, usedBlocks got out of
+        sync with heap.usedBlocks).
+        (JSC::Heap::sweep): Keep enough free heap space to accomodate 
+        the number of objects we'll allocate before the next GC, plus 25%, for
+        good measure.
+        * runtime/Collector.h: Bumped the block size to 256k. This seems to give
+        the best cache performance, and it prevents us from initiating lots of
+        VM traffic to recover very small chunks of memory.
+
+=== Begin re-roll-in of r47738:47740 with Windows crash fixed ===
+
+2009-08-25  Drew Wilson  <atwilson@google.com>
+
+        Reviewed by David Levin.
+
+        postMessage() spec now supports sending arrays of ports
+        https://bugs.webkit.org/show_bug.cgi?id=26902
+
+        Added OwnPtr to VectorTraits so we can store OwnPtrs in Vectors.
+
+        * wtf/VectorTraits.h:
+
+2009-08-26  Xan Lopez  <xlopez@igalia.com>
+
+        Rubber-stamped by Gustavo Noronha.
+
+        Remove duplicated files from file list.
+
+        * GNUmakefile.am:
+
+2009-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        More export fixes.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Hopefully fix all the exports from JSC on windows
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fixes).
+
+        Forgot I added files to JavaScriptCore. 
+
+        * GNUmakefile.am:
+        * JavaScriptCore.gypi:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCoreSources.bkl:
+
+2009-08-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        [ES5] Implement getOwnPropertyDescriptor
+        https://bugs.webkit.org/show_bug.cgi?id=28724
+
+        Implement the core runtime support for getOwnPropertyDescriptor.
+        This adds a virtual getOwnPropertyDescriptor method to every class
+        that implements getOwnPropertySlot that shadows the behaviour of
+        getOwnPropertySlot.  The alternative would be to make getOwnPropertySlot
+        (or PropertySlots in general) provide property attribute information,
+        but quick testing showed this to be a regression.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::getOwnPropertyDescriptor):
+        * runtime/Arguments.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
+        * runtime/ArrayPrototype.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::getOwnPropertyDescriptor):
+        * runtime/DatePrototype.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::getOwnPropertyDescriptor):
+        * runtime/JSArray.h:
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::getOwnPropertyDescriptor):
+        * runtime/JSByteArray.h:
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::getOwnPropertyDescriptor):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
+        * runtime/JSNotAnObject.h:
+        * runtime/JSONObject.cpp:
+        (JSC::JSONObject::getOwnPropertySlot):
+        (JSC::JSONObject::getOwnPropertyDescriptor):
+        * runtime/JSONObject.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::getOwnPropertyDescriptor):
+        (JSC::JSObject::getPropertyDescriptor):
+        * runtime/JSObject.h:
+        * runtime/JSString.cpp:
+        (JSC::JSString::getStringPropertyDescriptor):
+        (JSC::JSString::getOwnPropertyDescriptor):
+        * runtime/JSString.h:
+        * runtime/JSVariableObject.cpp:
+        (JSC::JSVariableObject::symbolTableGet):
+        * runtime/JSVariableObject.h:
+        * runtime/Lookup.h:
+        (JSC::getStaticPropertyDescriptor):
+        (JSC::getStaticFunctionDescriptor):
+        (JSC::getStaticValueDescriptor):
+          Add property descriptor equivalents of the lookup
+          table access functions
+
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::getOwnPropertySlot):
+        (JSC::MathObject::getOwnPropertyDescriptor):
+        * runtime/MathObject.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::NumberConstructor::getOwnPropertyDescriptor):
+        * runtime/NumberConstructor.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::objectConstructorGetOwnPropertyDescriptor):
+        * runtime/PropertyDescriptor.cpp: Added.
+        (JSC::PropertyDescriptor::writable):
+        (JSC::PropertyDescriptor::enumerable):
+        (JSC::PropertyDescriptor::configurable):
+        (JSC::PropertyDescriptor::hasAccessors):
+        (JSC::PropertyDescriptor::setUndefined):
+        (JSC::PropertyDescriptor::getter):
+        (JSC::PropertyDescriptor::setter):
+        (JSC::PropertyDescriptor::setDescriptor):
+        (JSC::PropertyDescriptor::setAccessorDescriptor):
+        * runtime/PropertyDescriptor.h: Added.
+        (JSC::PropertyDescriptor::PropertyDescriptor):
+        (JSC::PropertyDescriptor::attributes):
+        (JSC::PropertyDescriptor::isValid):
+        (JSC::PropertyDescriptor::value):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
+        * runtime/RegExpConstructor.h:
+        * runtime/RegExpMatchesArray.h:
+        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::getOwnPropertyDescriptor):
+        * runtime/RegExpObject.h:
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::getOwnPropertyDescriptor):
+        * runtime/StringObject.h:
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::getOwnPropertyDescriptor):
+        * runtime/StringPrototype.h:
+
+2009-08-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        How many copies of the parameters do you need?
+        https://bugs.webkit.org/show_bug.cgi?id=28701
+
+        The function parameters in JSC get copied a lot - and unnecessarily so.
+
+        Originally this happened due to duplicating FunctionBodyNodes on recompilation,
+        though the problem has been exacerbated by copying the parameters from the
+        original function body onto the executable, then back onto the real body that
+        will be generated (this happens on every function).  And this is all made worse
+        since the data structures in question are a little ugly - C style arrays of C++
+        objects containing ref counts, so they need a full copy-construct (rather than
+        a simple memcpy).
+
+        This can all be greatly simplified by just punting the parameters off into
+        their own ref-counted object, and forgoing all the copying.
+
+        ~no performance change, possible slight progression.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::makeFunction):
+        * parser/Nodes.cpp:
+        (JSC::FunctionParameters::FunctionParameters):
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::finishParsing):
+        * parser/Nodes.h:
+        (JSC::FunctionBodyNode::parameters):
+        (JSC::FunctionBodyNode::parameterCount):
+        * runtime/Executable.cpp:
+        (JSC::FunctionExecutable::~FunctionExecutable):
+        (JSC::FunctionExecutable::compile):
+        (JSC::FunctionExecutable::reparseExceptionInfo):
+        (JSC::FunctionExecutable::fromGlobalCode):
+        (JSC::FunctionExecutable::paramString):
+        * runtime/Executable.h:
+        (JSC::FunctionExecutable::FunctionExecutable):
+        (JSC::FunctionExecutable::parameterCount):
+
+2009-08-25  Brent Fulgham  <bfulgham@webkit.org>
+
+        Reviewed by NOBODY (Buildfix).
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Add Debug_CFLite target
+          that inherits from the debug_wincairo property sheet and therefore
+          links to the proper debug library.
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add Debug_CFLite target
+          that inherits from the debug_wincairo property sheet and therefore
+          links to the proper debug library.
+
+2009-08-25  Chris Marrin  <cmarrin@apple.com>
+
+        Reviewed by Simon Fraser.
+
+        Export tryFastMalloc for Canvas3D work
+        https://bugs.webkit.org/show_bug.cgi?id=28018
+
+        * JavaScriptCore.exp:
+
+2009-08-25  David Levin  <levin@chromium.org>
+
+        Reviewed by Adam Roben.
+
+        PLATFORM(CFNETWORK) should be USE(CFNETWORK).
+        https://bugs.webkit.org/show_bug.cgi?id=28713
+
+        * wtf/Platform.h: Added a #define to catch this issue in the
+        future. The define would generate an error on gcc without the
+        space in the expansion, but Visual C++ needs the space to cause an error.
+
+2009-08-24  Brent Fulgham  <bfulgham@webkit.org>
+
+        Reviewed by Steve Falkenburg.
+
+        Revise CFLite Debug build to emit DLL's with _debug label.
+        https://bugs.webkit.org/show_bug.cgi?id=28695.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Modify
+          Cairo debug build to inherit from new debug_cairo property sheet.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops:
+          Modify to look for debug CFLite when in debug build.
+
+2009-08-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Adler & Darin Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28691
+        Do not retain ScopeNodes outside of parsing
+        
+        There is now no need for these to exist outside of parsing - their use in the runtime is replaced by Executable types.
+
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::makeFunction):
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions):
+        (JSC::evaluateInGlobalCallFrame):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::ScopeNodeData):
+        (JSC::ProgramNode::create):
+        (JSC::EvalNode::create):
+        (JSC::FunctionBodyNode::create):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::adoptData):
+        (JSC::FunctionBodyNode::parameterCount):
+        * parser/Parser.cpp:
+        * parser/Parser.h:
+        (JSC::Parser::arena):
+        (JSC::Parser::Parser):
+        (JSC::Parser::parse):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::isNumericCompareFunction):
+        (JSC::arrayProtoFuncSort):
+        * runtime/Completion.cpp:
+        (JSC::checkSyntax):
+        (JSC::evaluate):
+        * runtime/Executable.cpp:
+        (JSC::FunctionExecutable::~FunctionExecutable):
+        (JSC::EvalExecutable::compile):
+        (JSC::ProgramExecutable::checkSyntax):
+        (JSC::ProgramExecutable::compile):
+        (JSC::FunctionExecutable::compile):
+        (JSC::EvalExecutable::generateJITCode):
+        (JSC::ProgramExecutable::generateJITCode):
+        (JSC::FunctionExecutable::generateJITCode):
+        (JSC::FunctionExecutable::reparseExceptionInfo):
+        (JSC::EvalExecutable::reparseExceptionInfo):
+        (JSC::FunctionExecutable::recompile):
+        (JSC::FunctionExecutable::fromGlobalCode):
+        (JSC::FunctionExecutable::copyParameters):
+        (JSC::FunctionExecutable::paramString):
+        * runtime/Executable.h:
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::ScriptExecutable::sourceID):
+        (JSC::ScriptExecutable::sourceURL):
+        (JSC::ScriptExecutable::lineNo):
+        (JSC::ScriptExecutable::lastLine):
+        (JSC::ScriptExecutable::usesEval):
+        (JSC::ScriptExecutable::usesArguments):
+        (JSC::ScriptExecutable::needsActivation):
+        (JSC::ScriptExecutable::recordParse):
+        (JSC::EvalExecutable::bytecode):
+        (JSC::EvalExecutable::jitCode):
+        (JSC::ProgramExecutable::bytecode):
+        (JSC::ProgramExecutable::reparseExceptionInfo):
+        (JSC::ProgramExecutable::jitCode):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        (JSC::FunctionExecutable::make):
+        (JSC::FunctionExecutable::bytecode):
+        (JSC::FunctionExecutable::isGenerated):
+        (JSC::FunctionExecutable::name):
+        (JSC::FunctionExecutable::parameterCount):
+        (JSC::FunctionExecutable::jitCode):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::numericCompareFunction):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+
+2009-08-24  Darin Adler  <darin@apple.com>
+
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::put): Landed revised version I had tested but forgot
+        to land. Leave out the branch, since we don't need one.
+
+2009-08-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Array index miss case creates a string every time
+        https://bugs.webkit.org/show_bug.cgi?id=28664
+
+        SunSpider test results I saw:
+
+            0.5% faster overall
+            1% faster on crypto-aes
+            20% faster on crypto-md5
+            13% faster on crypto-sha1
+
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype): Initialize m_hasNoPropertiesWithUInt32Names
+        to true.
+        (JSC::ObjectPrototype::put): Clearly m_hasNoPropertiesWithUInt32Names if the new
+        property has a name that is the string form of a UInt32.
+        (JSC::ObjectPrototype::getOwnPropertySlot): Don't call JSObject::getOwnPropertySlot
+        if m_hasNoPropertiesWithUInt32Names is true, and it is highly likely to be true.
+
+        * runtime/ObjectPrototype.h: Added declarations for the above.
+
+2009-08-24  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Unreviewed. Fix a typo in my distcheck build fix.
+
+        * GNUmakefile.am:
+
+2009-08-23  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Unreviewed build fix for make distcheck.
+
+        * GNUmakefile.am: Added files required for the build.
+
+2009-08-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        REGRESSION(r47639-r47660): Webkit crashes on launch on PowerPC
+        https://bugs.webkit.org/show_bug.cgi?id=28655
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction): Initialize properly with a VPtrHackExecutable.
+        * wtf/Platform.h:
+
+2009-08-22  Darin Adler  <darin@apple.com>
+
+        Fix storage leak from syntax tree arena allocation patch.
+
+        * parser/Nodes.h: CommaNode needs to inherit from ParserArenaDeletable
+        because it has a vector.
+
+2009-08-21  Darin Adler  <darin@apple.com>
+
+        Fix Qt build.
+
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::ScopeNodeData): Made non-inline again.
+        This is used outside Nodes.cpp so can't be inline unless
+        it is in the header.
+
+2009-08-21  Darin Adler  <darin@apple.com>
+
+        Two loose ends from the last commit.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Made ParserArena.h
+        and create_hash_table project-internal instead of "private".
+        * runtime/Executable.h: Removed accidentally-added constructor.
+
+2009-08-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Syntax tree nodes should use arena allocation
+        https://bugs.webkit.org/show_bug.cgi?id=25674
+
+        Use an actual arena now. 0.6% speedup on SunSpider.
+
+        New and improved with 100% less leaking of the universe.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        Removed all exports involving the class FunctionBodyNode, which no
+        longer needs to be used outside JavaScriptCore.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Made Nodes.h and
+        Executable.h project-internal instead of "private".
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): Updated since VarStack
+        contains const Identifier* now.
+
+        * parser/Grammar.y: Made identifiers from the lexer be const
+        Identifier* and updated since VarStack contains const Identifier* now.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::setCode): Pass in ParserArena, used for identifiers.
+        (JSC::Lexer::makeIdentifier): Changed return type to const Identifier*
+        and changed to call ParserArena.
+        (JSC::Lexer::clear): Removed the code to manage m_identifiers and
+        added code to set m_arena to 0.
+        * parser/Lexer.h: Updated for changes above.
+
+        * parser/NodeConstructors.h:
+        (JSC::ParserArenaFreeable::operator new): Added. Calls allocateFreeable
+        on the arena.
+        (JSC::ParserArenaDeletable::operator new): Changed to call the
+        allocateDeletable function on the arena instead of deleteWithArena.
+        (JSC::PropertyNode::PropertyNode): Added new constructor that makes
+        numeric identifiers. Some day we might want to optimize this for
+        integers so it doesn't create a string for each one.
+        (JSC::ContinueNode::ContinueNode): Initialize m_ident to nullIdentifier
+        since it's now a const Identifier& so it can't be left uninitialized.
+        (JSC::BreakNode::BreakNode): Ditto.
+        (JSC::CaseClauseNode::CaseClauseNode): Updated to use SourceElements*
+        to keep track of the statements rather than a separate statement vector.
+        (JSC::BlockNode::BlockNode): Ditto.
+        (JSC::ForInNode::ForInNode): Initialize m_ident to nullIdentifier.
+
+        * parser/Nodes.cpp: Moved the comment explaining emitBytecode in here.
+        It seemed strangely out of place in the header.
+        (JSC::ThrowableExpressionData::emitThrowError): Added an overload for
+        UString as well as Identifier.
+        (JSC::SourceElements::singleStatement): Added.
+        (JSC::SourceElements::lastStatement): Added.
+        (JSC::RegExpNode::emitBytecode): Changed the throwError code to use
+        the substitution mechanism instead of doing a string append.
+        (JSC::SourceElements::emitBytecode): Added. Replaces the old
+        statementListEmitCode function, since we now keep the SourceElements
+        objects around.
+        (JSC::BlockNode::lastStatement): Added.
+        (JSC::BlockNode::emitBytecode): Changed to use emitBytecode instead of
+        statementListEmitCode.
+        (JSC::CaseClauseNode::emitBytecode): Added.
+        (JSC::CaseBlockNode::emitBytecodeForBlock): Changed to use emitBytecode
+        instead of statementListEmitCode.
+        (JSC::ScopeNodeData::ScopeNodeData): Changed to store the
+        SourceElements* instead of using releaseContentsIntoVector.
+        (JSC::ScopeNode::emitStatementsBytecode): Added.
+        (JSC::ScopeNode::singleStatement): Added.
+        (JSC::ProgramNode::emitBytecode): Call emitStatementsBytecode instead
+        of statementListEmitCode.
+        (JSC::EvalNode::emitBytecode): Ditto.
+        (JSC::FunctionBodyNode::emitBytecode): Call emitStatementsBytecode
+        insetad of statementListEmitCode and check for the return node using
+        the new functions.
+
+        * parser/Nodes.h: Changed VarStack to store const Identifier* instead
+        of Identifier and rely on the arena to control lifetime. Added a new
+        ParserArenaFreeable class. Made ParserArenaDeletable inherit from
+        FastAllocBase instead of having its own operator new. Base the Node
+        class on ParserArenaFreeable. Changed the various Node classes
+        to use const Identifier& instead of Identifier to avoid the need to
+        call their destructors and allow them to function as "freeable" in the
+        arena. Removed extraneous JSC_FAST_CALL on definitions of inline functions.
+        Changed ElementNode, PropertyNode, ArgumentsNode, ParameterNode,
+        CaseClauseNode, ClauseListNode, and CaseBlockNode to use ParserArenaFreeable
+        as a base class since they do not descend from Node. Eliminated the
+        StatementVector type and instead have various classes use SourceElements*
+        instead of StatementVector. This prevents those classes from having to
+        use ParserArenaDeletable to make sure the vector destructor is called.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::parse): Pass the arena to the lexer.
+
+        * parser/Parser.h: Added an include of ParserArena.h, which is no longer
+        included by Nodes.h.
+        (JSC::Parser::parseFunctionFromGlobalCode): Changed to use the
+        singleStatement function, since there is no longer any children function.
+        Removed some unneeded use of RefPtr.
+
+        * parser/ParserArena.cpp:
+        (JSC::ParserArena::ParserArena): Added. Initializes the new members,
+        m_freeableMemory, m_freeablePoolEnd, and m_identifiers.
+        (JSC::ParserArena::freeablePool): Added. Computes the pool pointer,
+        since we store only the current pointer and the end of pool pointer.
+        (JSC::ParserArena::deallocateObjects): Added. Contains the common
+        memory-deallocation logic used by both the destructor and the
+        reset function.
+        (JSC::ParserArena::~ParserArena): Changed to call deallocateObjects.
+        (JSC::ParserArena::reset): Ditto. Also added code to zero out the
+        new structures, and switched to use clear() instead of shrink(0) since
+        we don't really reuse arenas.
+        (JSC::ParserArena::makeNumericIdentifier): Added.
+        (JSC::ParserArena::allocateFreeablePool): Added. Used when the pool
+        is empty.
+        (JSC::ParserArena::isEmpty): Added. No longer inline, which is fine
+        since this is used only for assertions at the moment.
+        (JSC::ParserArena::derefWithArena): Make non-inline.
+
+        * parser/ParserArena.h: Added an actual arena of "freeable" objects,
+        ones that don't need destructors to be called. Also added a separate
+        IdentifierArena object, a segmented vector of identifiers that used
+        to be in the Lexer.
+
+        * runtime/Executable.h: Moved the definition of the
+        FunctionExecutable::make function here. It can't go in JSFunction.h
+        since that header has to be used outside JavaScriptCore and so can't
+        include this, which includes Nodes.h. The function could be moved
+        elswhere if we don't want to include JSFunction.h in this header, but
+        for now this seems to be the best place.
+
+        * runtime/JSFunction.h: Removed the include of Executable.h and
+        definition of the FunctionExecutable::make function.
+
+        * wtf/FastMalloc.cpp: Fixed an incorrect comment.
+
+2009-08-21  Mark Rowe  <mrowe@apple.com>
+
+        Fix the non-JIT build.
+
+        * runtime/Executable.cpp:
+        * runtime/Executable.h:
+
+2009-08-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Speculative QuickTime build fix.
+
+        * runtime/JSArray.cpp:
+
+2009-08-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Speculative QT build fix.
+
+        * runtime/StringPrototype.cpp:
+
+2009-08-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Restructure Executable types so that host functions do not hold a FunctionExecutable.
+        https://bugs.webkit.org/show_bug.cgi?id=28621
+
+        All JSFunction objects have a pointer to an Executable*.  This is currently always a
+        FunctionExecutable, however this has a couple of drawbacks.  Host functions do not
+        store a range of information that the FunctionExecutable provides (source, name,
+        CodeBlock & information presently held on the FunctionBodyNode). 
+
+        [ * nearly all... see below! ]
+
+        Instead, make JSFunctions hold a pointer to an ExecutableBase, move fields specific
+        to JS sourced executable types (source, node) into a new subclass (ScriptExecutable),
+        and create a new NativeExecutable type.  We now provide a new method in JSFunction
+        to access & downcast to FunctionExecutable, but in doing so we can make an early
+        check (with an ASSERT) to ensure that the Executable read from a function will only
+        be treated as a FunctionExecutable (and thus the JS sepcific fields will only be
+        accessed) if the JSFunction is not a host function.
+
+        There is one JSFunction that currently does not have an Executable, which is the
+        object created to allow us to read out the vtable pointer.  By making this change
+        we can also add a new Executable type fror this object (VPtrHackExecutable).
+        Since this means that really all JSFunctions have an Executable we no longer have
+        to null-check m_executable before us it - particularly in isHostFunction().
+
+        This patch removes CacheableEvalExecutable, since all subclasses of ExecutableBase
+        can now be ref-counted - since both JSFunction holds (and ref-counts) an ExecutableBase
+        that might be a FunctionExecutable or a NativeExecutable.  This does now mean that all
+        ProgramExecutables and EvalExecutables (unnecessarily) provide an interface to be
+        ref-counted, however this seems less-bad than host functions unnecessarily providing
+        interface to access non-host specific information.
+
+        The class hierarcy has changed from this:
+        
+        - ExecutableBase
+            - ProgramExecutable
+            - EvalExecutable
+                - CacheableEvalExecutable (also RefCounted by multiple-inheritance)
+            - FunctionExecutable (also RefCounted by multiple-inheritance, 'special' FunctionExecutable also used for host functions)
+
+        To this:
+        
+        - RefCounted
+            - ExecutableBase
+                - NativeExecutable
+                - VPtrHackExecutable
+                - ScriptExecutable
+                    - ProgramExecutable
+                    - EvalExecutable
+                    - FunctionExecutable
+
+        This patch speeds up sunspidey by a couple of ms (presumably due to the changes to isHostFunction()).
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::ownerExecutable):
+        (JSC::GlobalCodeBlock::GlobalCodeBlock):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions):
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::CachedCall):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * profiler/Profiler.cpp:
+        (JSC::createCallIdentifierFromFunctionImp):
+        * runtime/Arguments.h:
+        (JSC::Arguments::getArgumentsData):
+        (JSC::Arguments::Arguments):
+        * runtime/Executable.cpp:
+        (JSC::NativeExecutable::~NativeExecutable):
+        (JSC::VPtrHackExecutable::~VPtrHackExecutable):
+        * runtime/Executable.h:
+        (JSC::ExecutableBase::ExecutableBase):
+        (JSC::ExecutableBase::~ExecutableBase):
+        (JSC::ExecutableBase::isHostFunction):
+        (JSC::NativeExecutable::NativeExecutable):
+        (JSC::VPtrHackExecutable::VPtrHackExecutable):
+        (JSC::ScriptExecutable::ScriptExecutable):
+        (JSC::ScriptExecutable::source):
+        (JSC::ScriptExecutable::sourceID):
+        (JSC::ScriptExecutable::sourceURL):
+        (JSC::ScriptExecutable::lineNo):
+        (JSC::ScriptExecutable::lastLine):
+        (JSC::ScriptExecutable::usesEval):
+        (JSC::ScriptExecutable::usesArguments):
+        (JSC::ScriptExecutable::needsActivation):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::EvalExecutable::create):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::~JSFunction):
+        (JSC::JSFunction::markChildren):
+        (JSC::JSFunction::getCallData):
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getConstructData):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::executable):
+        (JSC::JSFunction::jsExecutable):
+        (JSC::JSFunction::isHostFunction):
+
+2009-08-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Browser hangs on opening Web Inspector.
+        https://bugs.webkit.org/show_bug.cgi?id=28438
+
+        Code generation needs to be able to walk the entire scopechain in some
+        cases, however the symbol table used by activations was a member of the
+        codeblock.  Following recompilation this may no longer exist, leading
+        to a crash or hang on lookup.
+
+        We fix this by introducing a refcounted SymbolTable subclass, SharedSymbolTable,
+        for the CodeBlocks used by function code.  This allows activations to
+        maintain ownership of a copy of the symbol table even after recompilation so
+        they can continue to work.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::symbolTable):
+        (JSC::CodeBlock::sharedSymbolTable):
+        (JSC::GlobalCodeBlock::GlobalCodeBlock):
+        (JSC::FunctionCodeBlock::FunctionCodeBlock):
+        (JSC::FunctionCodeBlock::~FunctionCodeBlock):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::retrieveArguments):
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::generateBytecode):
+        (JSC::FunctionExecutable::generateBytecode):
+        (JSC::FunctionExecutable::reparseExceptionInfo):
+        (JSC::EvalExecutable::reparseExceptionInfo):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+        (JSC::JSActivation::JSActivationData::~JSActivationData):
+        * runtime/SymbolTable.h:
+
+2009-08-20  Xan Lopez  <xlopez@igalia.com>
+
+        Add new file to GTK+ build.
+
+        * GNUmakefile.am:
+
+2009-08-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Added a number => string cache.
+        
+        1.07x faster on v8 (1.7x faster on v8-splay).
+        1.004x faster on SunSpider.
+
+        * runtime/JSCell.h: Moved JSValue::toString to JSString.h.
+        * runtime/JSGlobalData.h: Holds the cache.
+        * runtime/JSNumberCell.cpp:
+        (JSC::JSNumberCell::toString):
+        (JSC::JSNumberCell::toThisString): Removed -0 special case.
+        UString handles this now, since too many clients were
+        special-casing it.
+
+        * runtime/JSString.h:
+        (JSC::JSValue::toString): Use the cache when converting
+        an int or double to string.
+
+        * runtime/Operations.h:
+        (JSC::concatenateStrings): Call toString to take advantage
+        of the cache.
+
+        * runtime/SmallStrings.h:
+        (JSC::NumericStrings::add):
+        (JSC::NumericStrings::lookup): The cache.
+
+        * runtime/UString.cpp:
+        (JSC::UString::from): Added -0 special case mentioned above.
+        Removed appendNumeric because it's mutually exclusive with the
+        cache.
+
+2009-08-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        REGRESSION: fast/profiler/call.html is crashing occasionally
+        https://bugs.webkit.org/show_bug.cgi?id=28476
+
+        Using the codeblock for information about how many parameters and
+        locals a function has is unsafe in certain circumstances.  The
+        basic scenario is all function code being cleared in response to
+        the debugger or profiler being enabled, and then an activation is
+        marked before its associated function is re-executed.
+
+        To deal with this scenario we store the variable count of a function
+        directly in the FunctionExecutable, and then use that information.
+
+        * runtime/Arguments.h:
+        (JSC::Arguments::getArgumentsData):
+        * runtime/Executable.cpp:
+        (JSC::FunctionExecutable::generateBytecode):
+        * runtime/Executable.h:
+        (JSC::FunctionExecutable::FunctionExecutable):
+        (JSC::FunctionExecutable::variableCount):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::markChildren):
+
+2009-08-20  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Numbering of arguments to emitGetJITStubArg/emitPutJITStubArg incorrect
+        <bug lost in the great bug disasteroony of 08/20/09!>
+
+        The argumentNumber argument to emitGetJITStubArg/emitPutJITStubArg should match
+        the argument number used within the stub functions in JITStubs.cpp, but it doesn't.
+
+        Firstly, all the numbers changed when we added a void* 'reserved' as the first slot
+        (rather than leaving argument 0 unused), and secondly in 32_64 builds the index to
+        peek/poke needs to be multiplies by 2 (since the argument to peek/poke is a number
+        of machine words, and on 32_64 build the argument slots to stub functions are two
+        words wide).
+
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArg):
+        (JSC::JIT::emitPutJITStubArgConstant):
+        (JSC::JIT::emitGetJITStubArg):
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+
+2009-08-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        REGRESSION: significant slowdown on Celtic Kane "AJAX declaration" subtest
+        https://bugs.webkit.org/show_bug.cgi?id=28332
+
+        Follow up style fixes that were missed in review.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::hasTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::get):
+        (JSC::StructureTransitionTable::contains):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTable::add):
+
+2009-08-20  Oliver Hunt  <oliver@apple.com>
+
+        Add new exports to windows jsc build
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        REGRESSION: significant slowdown on Celtic Kane "AJAX declaration" subtest
+        https://bugs.webkit.org/show_bug.cgi?id=28332
+
+        The method check optimisation made transitions aware of the value being
+        assigned when a transition was assigning a function.  This had the side
+        effect of making every assignment of a function expression result in a
+        new transition, and thus a new Structure.  The net result of this is that
+        the common JS idiom of
+
+            function MyObject() {
+                this.myFunction = function(...){...};
+            }
+            new MyObject();
+
+        Will produce a unique structure on every iteration, meaning that all
+        caching is defeated and there is a significant amount of structure churn.
+
+        The fix is to return the transition to its original form where it is
+        keyed off a property name + attributes tuple, but have each transition
+        support an optional transition on a specific value.
+
+        * JavaScriptCore.exp:
+        * runtime/JSObject.h:
+        (JSC::JSObject::putDirectInternal):
+        * runtime/Structure.cpp:
+        (JSC::Structure::~Structure):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::hasTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::transitionedFor):
+        (JSC::Structure::hasTransition):
+        (JSC::Structure::):
+        (JSC::StructureTransitionTable::contains):
+        (JSC::StructureTransitionTable::get):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTableHashTraits::emptyValue):
+        (JSC::StructureTransitionTable::hasTransition):
+        (JSC::StructureTransitionTable::remove):
+        (JSC::StructureTransitionTable::add):
+
+2009-08-20  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove FunctionCodeBlock.
+        https://bugs.webkit.org/show_bug.cgi?id=28502
+
+        These only exist to allow JIT code to dereference properties off the
+        CodeBlock for any callee, regardless of whether it is a host function.
+
+        Instead just use the FunctionExecutable.  Copy the m_parameters field
+        from the CodeBlock into the Executable, and use this to distinguish
+        between host functions, functions that have been bytecompiled, and
+        functions that have not.
+
+        m_parameters is moved to ExecutableBase rather than FunctionExecutable
+        so that (as a separate change) we can move make a separate class of
+        executable for host code, which is not devived from FunctionExecutable
+        (host code does not feature any of the properties that normal executable
+        do and will provide, such as source, attributes, and a parsed name).
+
+        1% win on v8 tests, 0.5% on sunspider.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::handlerForBytecodeOffset):
+        (JSC::CodeBlock::lineNumberForBytecodeOffset):
+        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
+        (JSC::CodeBlock::functionRegisterForBytecodeOffset):
+        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
+        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
+        * bytecode/CodeBlock.h:
+        (JSC::):
+        (JSC::CodeBlock::source):
+        (JSC::CodeBlock::sourceOffset):
+        (JSC::CodeBlock::evalCodeCache):
+        (JSC::CodeBlock::createRareDataIfNecessary):
+        
+            remove NativeCodeBlocks and the NativeCode code type.
+        
+        * jit/JIT.cpp:
+        (JSC::JIT::linkCall):
+
+            Revert to previous behaviour (as currently still commented!) that Hhost functions have a null codeblock.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+
+            Bring the 32_64 & non-32_64 JITs into line with each other, callee in regT0.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+
+            Rewrite call trampolines to not use the CodeBlock.
+
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+
+            Make call_JSFunction & call_arityCheck return the callee, don't expect to be passed the CodeBlock.
+
+        * runtime/Executable.cpp:
+        (JSC::FunctionExecutable::generateBytecode):
+        (JSC::FunctionExecutable::recompile):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/Executable.h:
+        (JSC::ExecutableBase::):
+        (JSC::ExecutableBase::ExecutableBase):
+        (JSC::FunctionExecutable::isHostFunction):
+
+            Add m_numParameters.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+
+            Only call generatedBytecode() on JSFunctions non-host FunctionExecutables.
+
+2009-08-20  Yongjun Zhang  <yongjun.zhang@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28054
+       
+        Use a helper function to work around winscw compiler forward declaration bug
+        regarding templated classes.
+
+        Add parenthesis around (PassRefPtr::*UnspecifiedBoolType) to make winscw compiler
+        work with the default UnSpecifiedBoolType() operator, which removes the winscw
+        specific bool cast hack.
+
+        * wtf/PassRefPtr.h:
+        (WTF::derefIfNotNull):
+        (WTF::PassRefPtr::~PassRefPtr):
+
+2009-08-19  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Change namespace ARM to ARMRegisters
+        X86 to X86Registers to avoid conflict with macros
+        https://bugs.webkit.org/show_bug.cgi?id=28428
+
+        * assembler/ARMAssembler.cpp:
+        * assembler/ARMAssembler.h:
+        * assembler/ARMv7Assembler.h:
+        * assembler/MacroAssemblerARM.h:
+        * assembler/MacroAssemblerARMv7.h:
+        * assembler/MacroAssemblerX86Common.h:
+        * assembler/MacroAssemblerX86_64.h:
+        * assembler/X86Assembler.h:
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        * jit/JITInlineMethods.h:
+        * jit/JITOpcodes.cpp:
+        * wrec/WRECGenerator.cpp:
+        * wrec/WRECGenerator.h:
+        * yarr/RegexJIT.cpp:
+
+2009-08-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Devirtualise marking
+        https://bugs.webkit.org/show_bug.cgi?id=28294
+
+        We actually need to mark the value in a number object if we're using the
+        32bit number representation.
+
+        * runtime/NumberObject.h:
+        (JSC::NumberObject::createStructure):
+
+2009-08-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+         We probably shouldn't be keeping the AST for eval nodes around forevar.
+        https://bugs.webkit.org/show_bug.cgi?id=28469
+
+        EvalNodes don't destroyData() (delete their parser data) since they need to hold onto
+        their varStack.  Copy a list of variable onto EvalCodeBlock, and this can go away.
+
+        * bytecode/CodeBlock.h:
+        (JSC::EvalCodeBlock::variable):
+        (JSC::EvalCodeBlock::numVariables):
+        (JSC::EvalCodeBlock::adoptVariables):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        * parser/Nodes.h:
+        * runtime/Executable.cpp:
+        (JSC::EvalExecutable::generateBytecode):
+        * runtime/Executable.h:
+
+2009-08-19  Jungshik Shin  <jshin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        http://bugs.webkit.org/show_bug.cgi?id=28441
+
+        Fix a build issue with ICU 4.2 or later on Windows with Visual C++. 
+        Instead of defining all isXXX and toupper/tolower as 
+          WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h,
+        #define them to be different by prepending 'WTF_...ASCIIType_h' with
+        the originial names like 'toupper_WTF_...ASCIIType_h'. 
+
+        * wtf/DisallowCType.h:
+
+2009-08-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Assigning a function to an object should always use the existing transition, even if the transition is not specialized
+        https://bugs.webkit.org/show_bug.cgi?id=28442
+
+        Check for an unspecialized transition as an alternative to always failing if specialisation does not match.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+
+2009-08-18  Dirk Schulze  <krit@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Added additional getter to ByteArray with an unsigned char as return.
+        ByteArray can take unsigned char directly now.
+
+        * wtf/ByteArray.h:
+        (WTF::ByteArray::set):
+        (WTF::ByteArray::get):
+
+2009-08-18  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28415
+        Set svn:eol-style CRLF on all .sln and .vcproj files that don't already
+        have it.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+        
+2009-08-18  Xan Lopez  <xlopez@igalia.com>
+
+        Try to fix the GTK+ build.
+
+        * GNUmakefile.am:
+
+2009-08-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        No, silly runtime, AST nodes are not for you.
+
+        We still use AST nodes (ScopeNodes, particularly FunctionBodyNodes) within
+        the runtime, which means that these nodes must be persisted outside of the
+        arena, contain both parser & runtime data, etc.  This is all a bit of a mess.
+
+        Move functionality into a new FunctionExecutable class.
+
+        * API/JSCallbackFunction.cpp:
+        * API/JSObjectRef.cpp:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::markAggregate):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::lineNumberForBytecodeOffset):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getBytecodeIndex):
+        (JSC::CodeBlock::discardBytecode):
+        (JSC::CodeBlock::instructionCount):
+        (JSC::CodeBlock::getJITCode):
+        (JSC::CodeBlock::executablePool):
+        (JSC::CodeBlock::ownerExecutable):
+        (JSC::CodeBlock::extractExceptionInfo):
+        (JSC::CodeBlock::addFunctionDecl):
+        (JSC::CodeBlock::functionDecl):
+        (JSC::CodeBlock::numberOfFunctionDecls):
+        (JSC::CodeBlock::addFunctionExpr):
+        (JSC::CodeBlock::functionExpr):
+        (JSC::GlobalCodeBlock::GlobalCodeBlock):
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+        (JSC::FunctionCodeBlock::FunctionCodeBlock):
+        (JSC::NativeCodeBlock::NativeCodeBlock):
+        * bytecode/EvalCodeCache.h:
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::doRun):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        * bytecompiler/BytecodeGenerator.h:
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions):
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::CachedCall):
+        * interpreter/CallFrameClosure.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        (JSC::Interpreter::debug):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveLastCaller):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::JIT::compile):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::emit_op_new_func):
+        (JSC::JIT::emit_op_new_func_exp):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::):
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::reparseDataIfNecessary):
+        * parser/Nodes.h:
+        (JSC::EvalNode::partialDestroyData):
+        * parser/Parser.h:
+        * profiler/ProfileGenerator.cpp:
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::createCallIdentifier):
+        (JSC::createCallIdentifierFromFunctionImp):
+        * runtime/Arguments.h:
+        (JSC::Arguments::getArgumentsData):
+        (JSC::Arguments::Arguments):
+        (JSC::JSActivation::copyRegisters):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::isNumericCompareFunction):
+        * runtime/CallData.h:
+        (JSC::):
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect):
+        * runtime/ConstructData.h:
+        (JSC::):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createUndefinedVariableError):
+        (JSC::createInvalidParamError):
+        (JSC::createNotAConstructorError):
+        (JSC::createNotAFunctionError):
+        (JSC::createNotAnObjectError):
+        * runtime/Executable.cpp: Added.
+        (JSC::EvalExecutable::generateBytecode):
+        (JSC::ProgramExecutable::generateBytecode):
+        (JSC::FunctionExecutable::generateBytecode):
+        (JSC::EvalExecutable::generateJITCode):
+        (JSC::ProgramExecutable::generateJITCode):
+        (JSC::FunctionExecutable::generateJITCode):
+        (JSC::FunctionExecutable::isHostFunction):
+        (JSC::FunctionExecutable::markAggregate):
+        (JSC::FunctionExecutable::reparseExceptionInfo):
+        (JSC::EvalExecutable::reparseExceptionInfo):
+        (JSC::FunctionExecutable::recompile):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        * runtime/Executable.h:
+        (JSC::ExecutableBase::~ExecutableBase):
+        (JSC::ExecutableBase::ExecutableBase):
+        (JSC::ExecutableBase::source):
+        (JSC::ExecutableBase::sourceID):
+        (JSC::ExecutableBase::lastLine):
+        (JSC::ExecutableBase::usesEval):
+        (JSC::ExecutableBase::usesArguments):
+        (JSC::ExecutableBase::needsActivation):
+        (JSC::ExecutableBase::astNode):
+        (JSC::ExecutableBase::generatedJITCode):
+        (JSC::ExecutableBase::getExecutablePool):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::EvalExecutable::bytecode):
+        (JSC::EvalExecutable::varStack):
+        (JSC::EvalExecutable::evalNode):
+        (JSC::EvalExecutable::jitCode):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        (JSC::ProgramExecutable::reparseExceptionInfo):
+        (JSC::ProgramExecutable::bytecode):
+        (JSC::ProgramExecutable::programNode):
+        (JSC::ProgramExecutable::jitCode):
+        (JSC::FunctionExecutable::FunctionExecutable):
+        (JSC::FunctionExecutable::name):
+        (JSC::FunctionExecutable::bytecode):
+        (JSC::FunctionExecutable::generatedBytecode):
+        (JSC::FunctionExecutable::usesEval):
+        (JSC::FunctionExecutable::usesArguments):
+        (JSC::FunctionExecutable::parameterCount):
+        (JSC::FunctionExecutable::paramString):
+        (JSC::FunctionExecutable::isGenerated):
+        (JSC::FunctionExecutable::body):
+        (JSC::FunctionExecutable::jitCode):
+        (JSC::FunctionExecutable::createNativeThunk):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        (JSC::JSActivation::markChildren):
+        (JSC::JSActivation::isDynamicScope):
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::isHostFunction):
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::~JSFunction):
+        (JSC::JSFunction::markChildren):
+        (JSC::JSFunction::getCallData):
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getConstructData):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::executable):
+        (JSC::FunctionExecutable::make):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::numericCompareFunction):
+        * runtime/JSGlobalData.h:
+
+2009-08-17  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix 300,000+ leaks seen during the regression tests.
+
+        EvalCodeCache::get was heap-allocating an EvalExecutable instance without adopting the initial reference.
+        While fixing this we noticed that EvalExecutable was a RefCounted type that was sometimes stack allocated.
+        To make this cleaner and to prevent clients from attempting to ref a stack-allocated instance, we move the
+        refcounting down to a new CacheableEvalExecutable class that derives from EvalExecutable. EvalCodeCache::get
+        now uses CacheableEvalExecutable::create and avoids the leak.
+
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        * runtime/Executable.h:
+        (JSC::CacheableEvalExecutable::create):
+        (JSC::CacheableEvalExecutable::CacheableEvalExecutable):
+
+2009-08-17  Oliver Hunt  <oliver@apple.com>
+
+        RS=Mark Rowe.
+
+        REGRESSION (r47292): Prototype.js is broken by ES5 Arguments changes
+        https://bugs.webkit.org/show_bug.cgi?id=28341
+        <rdar://problem/7145615>
+
+        Reverting r47292.  Alas Prototype.js breaks with Arguments inheriting
+        from Array as ES5 attempted.  Prototype.js defines $A in terms of a 
+        function it places on (among other global objects) the Array prototype,
+        thus breaking $A for arrays.
+
+        * runtime/Arguments.h:
+        (JSC::Arguments::Arguments):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/ObjectPrototype.h:
+        * tests/mozilla/ecma_3/Function/arguments-001.js:
+
+2009-08-17  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Steve Falkenburg.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27323
+        Only add Cygwin to the path when it isn't already there.  This avoids
+        causing problems for people who purposefully have non-Cygwin versions of
+        executables like svn in front of the Cygwin ones in their paths.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
+
+2009-08-17  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Mark Rowe.
+
+        Fix build with FAST_MALLOC_MATCH_VALIDATION enabled.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMalloc):
+        (WTF::fastCalloc):
+        (WTF::fastRealloc):
+
+2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix crash on ./ecma_2/RegExp/exec-002.js.
+        https://bugs.webkit.org/show_bug.cgi?id=28353
+
+        Change the order of freeParenthesesDisjunctionContext and
+        popParenthesesDisjunctionContext on all call sites as the pop
+        method is accessing backTrack->lastContext which is the context
+        that is about to be freed.
+
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
+        (JSC::Yarr::Interpreter::backtrackParentheses):
+
+2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28352
+
+        Fix coding style violations. Use m_ for C++ class members. Remove
+        trailing whitespace on empty lines.
+
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::tryConsumeCharacter):
+        (JSC::Yarr::Interpreter::tryConsumeBackReference):
+        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
+        (JSC::Yarr::Interpreter::backtrackParentheses):
+        (JSC::Yarr::ByteCompiler::ByteCompiler):
+        (JSC::Yarr::ByteCompiler::compile):
+        (JSC::Yarr::ByteCompiler::checkInput):
+        (JSC::Yarr::ByteCompiler::assertionBOL):
+        (JSC::Yarr::ByteCompiler::assertionEOL):
+        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
+        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+        (JSC::Yarr::ByteCompiler::atomCharacterClass):
+        (JSC::Yarr::ByteCompiler::atomBackReference):
+        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
+        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
+        (JSC::Yarr::ByteCompiler::popParenthesesStack):
+        (JSC::Yarr::ByteCompiler::closeAlternative):
+        (JSC::Yarr::ByteCompiler::closeBodyAlternative):
+        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
+        (JSC::Yarr::ByteCompiler::regexBegin):
+        (JSC::Yarr::ByteCompiler::alterantiveBodyDisjunction):
+        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
+        (JSC::Yarr::ByteCompiler::emitDisjunction):
+
+2009-08-15  Mark Rowe  <mrowe@apple.com>
+
+        Fix the build with JIT disabled.
+
+        * runtime/Arguments.h: Only compile the jitCode method when the JIT is enabled.
+        * runtime/Executable.h: Include PrototypeFunction.h so the compiler knows what
+        NativeFunctionWrapper is when the JIT is disabled.
+
+2009-08-15  Adam Bergkvist  <adam.bergkvist@ericsson.com>
+
+        Reviewed by Sam Weinig.
+
+        Added ENABLE_EVENTSOURCE flag.
+        https://bugs.webkit.org/show_bug.cgi?id=14997
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-08-14  Gavin Barraclough  <barraclough@apple.com>
+
+        * parser/Parser.h:
+        (JSC::EvalExecutable::parse):
+        (JSC::ProgramExecutable::parse):
+        * runtime/Executable.h:
+
+2009-08-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove AST nodes from use within the Runtime (outside of parsing), stage 1
+        https://bugs.webkit.org/show_bug.cgi?id=28330
+
+        Remove the EvalNode and ProgramNode from use in the runtime.  They still exist
+        after this patch, but are hidden behind EvalExecutable and FunctionExecutable,
+        and are also still reachable behind CodeBlock::m_ownerNode.
+
+        The next step will be to beat back FunctionBodyNode in the same fashion.
+        Then remove the usage via CodeBlock, then only construct these nodes only on
+        demand during bytecode generation.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.h:
+        (JSC::GlobalCodeBlock::GlobalCodeBlock):
+        (JSC::GlobalCodeBlock::~GlobalCodeBlock):
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+        (JSC::FunctionCodeBlock::FunctionCodeBlock):
+        (JSC::NativeCodeBlock::NativeCodeBlock):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * debugger/Debugger.cpp:
+        (JSC::evaluateInGlobalCallFrame):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::execute):
+        * interpreter/Interpreter.h:
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::createNativeThunk):
+        (JSC::FunctionBodyNode::generateBytecode):
+        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
+        * parser/Parser.h:
+        (JSC::Parser::parse):
+        (JSC::Parser::reparse):
+        (JSC::Parser::parseFunctionFromGlobalCode):
+        (JSC::::parse):
+        * runtime/Completion.cpp:
+        (JSC::checkSyntax):
+        (JSC::evaluate):
+        * runtime/Error.cpp:
+        (JSC::throwError):
+        * runtime/Error.h:
+        * runtime/Executable.h: Added.
+        (JSC::TemplateExecutable::TemplateExecutable):
+        (JSC::TemplateExecutable::markAggregate):
+        (JSC::TemplateExecutable::sourceURL):
+        (JSC::TemplateExecutable::lineNo):
+        (JSC::TemplateExecutable::bytecode):
+        (JSC::TemplateExecutable::jitCode):
+        (JSC::EvalExecutable::EvalExecutable):
+        (JSC::ProgramExecutable::ProgramExecutable):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/FunctionConstructor.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::numericCompareFunction):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::~JSGlobalObject):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::codeBlocks):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+
+2009-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Rename the confusing isObject(<class>) to inherits(<class>).
+        It still works on non-objects, returning false.
+
+        * runtime/ArrayConstructor.cpp:
+        (JSC::arrayConstructorIsArray): Removed unneeded isObject call
+        and updated remaining isObject call to new name, inherits.
+
+        * runtime/JSCell.h: Renamed isObject(<class>) to inherits(<class>)
+        but more importantly, made it non-virtual (it was already inline)
+        so it is now as fast as JSObject::inherits was.
+
+        * runtime/JSObject.h: Removed inherits function since the one
+        in the base class is fine as-is. Also made various JSCell functions
+        that should not be called on JSObject uncallable by making them
+        both private and not implemented.
+        (JSC::JSCell::inherits): Updated name.
+        (JSC::JSValue::inherits): Ditto.
+
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::unwindCallFrame):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncConcat):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString):
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToString):
+        (JSC::dateProtoFuncToUTCString):
+        (JSC::dateProtoFuncToISOString):
+        (JSC::dateProtoFuncToDateString):
+        (JSC::dateProtoFuncToTimeString):
+        (JSC::dateProtoFuncToLocaleString):
+        (JSC::dateProtoFuncToLocaleDateString):
+        (JSC::dateProtoFuncToLocaleTimeString):
+        (JSC::dateProtoFuncGetTime):
+        (JSC::dateProtoFuncGetFullYear):
+        (JSC::dateProtoFuncGetUTCFullYear):
+        (JSC::dateProtoFuncToGMTString):
+        (JSC::dateProtoFuncGetMonth):
+        (JSC::dateProtoFuncGetUTCMonth):
+        (JSC::dateProtoFuncGetDate):
+        (JSC::dateProtoFuncGetUTCDate):
+        (JSC::dateProtoFuncGetDay):
+        (JSC::dateProtoFuncGetUTCDay):
+        (JSC::dateProtoFuncGetHours):
+        (JSC::dateProtoFuncGetUTCHours):
+        (JSC::dateProtoFuncGetMinutes):
+        (JSC::dateProtoFuncGetUTCMinutes):
+        (JSC::dateProtoFuncGetSeconds):
+        (JSC::dateProtoFuncGetUTCSeconds):
+        (JSC::dateProtoFuncGetMilliSeconds):
+        (JSC::dateProtoFuncGetUTCMilliseconds):
+        (JSC::dateProtoFuncGetTimezoneOffset):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::setNewValueFromTimeArgs):
+        (JSC::setNewValueFromDateArgs):
+        (JSC::dateProtoFuncSetYear):
+        (JSC::dateProtoFuncGetYear):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSValue.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest):
+        (JSC::regExpProtoFuncExec):
+        (JSC::regExpProtoFuncCompile):
+        (JSC::regExpProtoFuncToString):
+        * runtime/ScopeChain.cpp:
+        (JSC::ScopeChain::localDepth):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncToString):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSplit):
+        Updated to new name, inherits, from old name, isObject.
+
+2009-07-31  Harald Fernengel  <harald.fernengel@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Adding QNX as a platform. Currently only tested with Qt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27885
+
+        * JavaScriptCore/runtime/Collector.cpp: Added retrieving of stack base
+          since QNX doesn't have the pthread _nt functions
+        * JavaScriptCore/wtf/Platform.h: Added WTF_PLATFORM_QNX and corresponding
+          defines
+        * WebCore/bridge/npapi.h: Build fix for missing typedefs on QNX
+
+2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        Currently generic ARM and ARMv7 platforms work only with JSVALUE32
+        https://bugs.webkit.org/show_bug.cgi?id=28300
+
+        * wtf/Platform.h:
+
+2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        Enable JIT on ARM for QT by default
+        https://bugs.webkit.org/show_bug.cgi?id=28259
+
+        * wtf/Platform.h:
+
+2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        Enable YARR_JIT on ARM for QT by default
+        https://bugs.webkit.org/show_bug.cgi?id=28259
+
+        * wtf/Platform.h:
+
+2009-08-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        [ES5] Arguments object should inherit from Array
+        https://bugs.webkit.org/show_bug.cgi?id=28298
+
+        Make the Arguments object conform to the behaviour specified in ES5.
+        The simple portion of this is to make Arguments use Array.prototype
+        as its prototype rather than Object.prototype.
+
+        The spec then requires us to set instance.constructor to the pristine
+        Object constructor, and instance.toString and instance.toLocaleString
+        to the pristine versions from Object.prototype.  To do this we now 
+        make the ObjectPrototype constructor return its toString and
+        toLocaleString functions (similar to the call and apply functions
+        from FunctionPrototype).
+
+        Oddly enough this reports itself as a slight win, but given the code
+        isn't hit in the tests that claim to have improved I put this down to
+        code motion.
+
+        * runtime/Arguments.h:
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::initializeStandardProperties):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        (JSC::JSGlobalObject::objectConstructor):
+        (JSC::JSGlobalObject::objectToStringFunction):
+        (JSC::JSGlobalObject::objectToLocaleStringFunction):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/ObjectPrototype.h:
+        * tests/mozilla/ecma_3/Function/arguments-001.js:
+          Update test to new es5 behaviour
+
+2009-08-14  Oliver Hunt  <oliver@apple.com>
+
+        Remove MarkStack::drain from the JSC exports file
+
+        MarkStack::drain is now marked inline, the including it in the exports file
+        produces an ld warning
+
+        * JavaScriptCore.exp:
+
+2009-08-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Remove accidentally left in debugging statement.
+
+        * runtime/JSArray.h:
+        (JSC::MarkStack::drain):
+
+2009-08-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        [ES5] Implement Array.isArray
+        https://bugs.webkit.org/show_bug.cgi?id=28296
+
+        Add support for Array.isArray to the Array constructor
+
+        * runtime/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        (JSC::arrayConstructorIsArray):
+        * runtime/ArrayConstructor.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/JSArray.h:
+        (JSC::MarkStack::drain):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+
+2009-08-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        Attempt to fix windows build
+
+        * runtime/Collector.cpp:
+
+2009-08-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Devirtualise marking
+        https://bugs.webkit.org/show_bug.cgi?id=28294
+
+        Add a bit to TypeInfo to indicate that an object uses the standard
+        JSObject::markChildren method.  This allows us to devirtualise marking
+        of most objects (though a branch is still needed).  We also add a branch
+        to identify arrays thus devirtualising marking in that case as well.
+
+        In order to make the best use of this devirtualisation I've also reworked
+        the MarkStack::drain() logic to make the iteration more efficient.
+
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructure):
+        * JavaScriptCore.exp:
+        * runtime/BooleanObject.h:
+        (JSC::BooleanObject::createStructure):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/InternalFunction.h:
+        (JSC::InternalFunction::createStructure):
+        * runtime/JSAPIValueWrapper.h:
+        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::markChildren):
+        * runtime/JSArray.h:
+        (JSC::JSArray::markChildrenDirect):
+        (JSC::MarkStack::drain):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::createStructure):
+        * runtime/JSCell.h:
+        (JSC::MarkStack::append):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructure):
+        * runtime/JSONObject.h:
+        (JSC::JSONObject::createStructure):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::markChildren):
+        * runtime/JSObject.h:
+        (JSC::JSObject::markChildrenDirect):
+        (JSC::JSObject::createStructure):
+        * runtime/JSString.h:
+        (JSC::JSString::createStructure):
+        * runtime/JSType.h:
+        (JSC::):
+        * runtime/MarkStack.h:
+        (JSC::MarkStack::MarkStack):
+        (JSC::MarkStack::MarkSet::MarkSet):
+        (JSC::MarkStack::MarkStackArray::last):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.h:
+        (JSC::NumberObject::createStructure):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+        * runtime/TypeInfo.h:
+        (JSC::TypeInfo::hasDefaultMark):
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Some small bits of housekeeping.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Make Parser.h
+        project instead of private. Remove JSONObject.lut.h.
+
+        * assembler/ARMAssembler.h: Remove unneeded WTF prefix.
+        * assembler/AssemblerBufferWithConstantPool.h: Ditto.
+        * bytecompiler/BytecodeGenerator.h: Ditto.
+
+        * wtf/SegmentedVector.h: Add a "using" statement as we do
+        with the other WTF headers.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Fix Tiger build.
+
+        * parser/Grammar.y: Use a template function so we can compile
+        setStatementLocation even if it comes before YYLTYPE is defined.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        Too much use of void* in Grammar.y
+        https://bugs.webkit.org/show_bug.cgi?id=28287
+
+        * parser/Grammar.y: Changed all the helper functions to
+        take a JSGlobalData* instead of a void*. A couple formatting
+        tweaks that I missed when breaking this into pieces.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
+
+        * parser/Grammar.y: Reduced and sorted includes. Tweaked comment
+        format. Marked a few more functions inline.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
+
+        * parser/Grammar.y: Pass the number to the PropertyNode instead of
+        first turning it into an Identifier.
+
+        * parser/NodeConstructors.h:
+        (JSC::PropertyNode::PropertyNode): Add an overload that takes a double
+        so the code to convert to a string can be here instead of Grammar.y.
+        * parser/Nodes.h: Ditto.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
+
+        * parser/Grammar.y: Eliminate the DBG macro.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
+
+        * parser/Grammar.y: Eliminate the SET_EXCEPTION_LOCATION macro.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by George Staikos.
+
+        George asked me to break the patch from
+        https://bugs.webkit.org/show_bug.cgi?id=28287
+        into smaller pieces and land it in stages.
+
+        * parser/Grammar.y: Eliminate the LEXER macro.
+
+2009-08-13  Mark Rowe  <mrowe@apple.com>
+
+        Try some more to fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export a new symbol.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Ditto.
+
+2009-08-13  Mark Rowe  <mrowe@apple.com>
+
+        Try and fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export a new symbol.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Ditto.
+
+2009-08-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by David Levin.
+
+        JavaScriptCore tweaks to get ready for the parser arena
+        https://bugs.webkit.org/show_bug.cgi?id=28243
+
+        Eliminate dependencies on Nodes.h outside JavaScriptCore,
+        and cut down on them inside JavaScriptCore.
+
+        Change regular expression parsing to use identifiers as
+        with other strings we parse.
+
+        Fix a couple things that are needed to use const Identifier
+        more, which will be part of the parser arena work.
+
+        * JavaScriptCore.exp: Resorted and updated.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Changed
+        CollectorHeapIterator.h to be project-internal.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitPushNewScope): Added const.
+        * bytecompiler/BytecodeGenerator.h: Ditto.
+
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions): Moved this function
+        here from WebCore. Here is better since it uses so many internals.
+        Removed unimportant optimization for the no listener case.
+        * debugger/Debugger.h: Ditto. Also removed unneeded include
+        and tweaked formatting and comments.
+
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::functionName): Call asFunction instead
+        of doing the unchecked static_cast.
+        (JSC::DebuggerCallFrame::calculatedFunctionName): Ditto.
+
+        * jit/JITStubs.cpp:
+        (JSC::op_call_JSFunction): Call isHostFunction on the body rather
+        than on the JSFunction.
+        (JSC::vm_lazyLinkCall): Ditto.
+        (JSC::op_construct_JSConstruct): Ditto.
+
+        * parser/Grammar.y: Changed callers to use new scanRegExp with
+        out arguments instead of relying on state in the Lexer. And
+        callers that just want to skip a regular expression to use
+        skipRegExp.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::scanRegExp): Changed to use out arguments, and to
+        add a prefix argument so we can add in the "=" character as needed.
+        Also rewrote to streamline the logic a bit inspired by suggestions
+        by David Levin.
+        (JSC::Lexer::skipRegExp): Added. Version of the function above that
+        does not actually put the regular expression into a string.
+        (JSC::Lexer::clear): Removed code to clear m_pattern and m_flags.
+        * parser/Lexer.h: Changed scanRegExp to have out arguments. Added
+        skipRegExp. Eliminated pattern, flags, m_pattern, and m_flags.
+
+        * parser/NodeConstructors.h:
+        (JSC::RegExpNode::RegExpNode): Changed to take const Identifier&.
+        * parser/Nodes.cpp:
+        (JSC::RegExpNode::emitBytecode): Changed since m_pattern and
+        m_flags are now Identifier instead of UString.
+        (JSC::FunctionBodyNode::make): Moved this function here instead
+        of putting it in the JSFunction.h header.
+        * parser/Nodes.h: Changed RegExpNode to use Identifier.
+
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::createCallIdentifier): Changed to use isHostFunction
+        on the body instead of on the JSFunction object.
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString): Ditto.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::isHostFunction): Moved here from header.
+        (JSC::JSFunction::isHostFunctionNonInline): Added.
+        (JSC::JSFunction::JSFunction): Removed unneeded initialization of
+        m_body to 0.
+        (JSC::JSFunction::setBody): Moved here from header.
+
+        * runtime/JSFunction.h: Removed unneeded includes. Moved private
+        constructor down to the private section. Made virtual functions
+        private. Removed unneeded overload of setBody and moved the body
+        of the function into the .cpp file. Changed assertions to use
+        the non-inline version of isHostFunction.
+
+        * runtime/PropertySlot.cpp:
+        (JSC::PropertySlot::functionGetter): Use asFunction instead
+        of doing the unchecked static_cast.
+
+        * wtf/SegmentedVector.h:
+        (WTF::SegmentedVector::isEmpty): Added.
+
+2009-08-13  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Darin Adler.
+
+        Use the version of operator new that takes a JSGlobalData when allocating FuncDeclNode and FuncExprNode
+        from within the grammar to prevent these nodes from being leaked.
+
+        * parser/Grammar.y:
+
+2009-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Ariya Hidayat.
+
+        Remove the special-case for Qt wrt JSVALUE_32 introduced in
+        r46709. It must've been a dependency issue on the bot, as
+        after a manual build all the tests pass on amd64 and ia32.
+
+        * wtf/Platform.h:
+
+2009-08-12  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Add optimize call and property access support for ARM JIT.
+        https://bugs.webkit.org/show_bug.cgi?id=24986
+
+        For tightly coupled sequences the BEGIN_UNINTERRUPTED_SEQUENCE and
+        END_UNINTERRUPTED_SEQUENCE macros have been introduced which ensure
+        space for instructions and constants of the named sequence. This
+        method is vital for those architecture which are using constant pool.
+
+        The 'latePatch' method - which was linked to JmpSrc - is replaced with
+        a port specific solution (each calls are marked to place their address
+        on the constant pool).
+
+        * assembler/ARMAssembler.cpp:
+        (JSC::ARMAssembler::linkBranch):
+        (JSC::ARMAssembler::executableCopy): Add extra align for constant pool.
+        * assembler/ARMAssembler.h:
+        (JSC::ARMAssembler::JmpSrc::JmpSrc):
+        (JSC::ARMAssembler::sizeOfConstantPool):
+        (JSC::ARMAssembler::jmp):
+        (JSC::ARMAssembler::linkCall):
+        * assembler/ARMv7Assembler.h:
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/AssemblerBufferWithConstantPool.h:
+        (JSC::AssemblerBufferWithConstantPool::flushIfNoSpaceFor): Fix the
+        computation of the remaining space.
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::branch32):
+        (JSC::MacroAssemblerARM::nearCall):
+        (JSC::MacroAssemblerARM::call):
+        (JSC::MacroAssemblerARM::branchPtrWithPatch):
+        (JSC::MacroAssemblerARM::ensureSpace):
+        (JSC::MacroAssemblerARM::sizeOfConstantPool):
+        (JSC::MacroAssemblerARM::prepareCall):
+        * assembler/X86Assembler.h:
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::beginUninterruptedSequence):
+        (JSC::JIT::endUninterruptedSequence):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::emit_op_put_by_id):
+
+2009-08-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Dave Kilzer.
+
+        Disable WTF_USE_JSVALUE32_64 on iPhone for now (support not yet added for ARMv7).
+
+        * wtf/Platform.h:
+
+2009-08-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachoviak.
+
+        Ooops - moved code that had been accidentally added to op_new_func instead of
+        op_new_func_exp, to where it shoulds be.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * wtf/Platform.h:
+
+2009-08-12  Ada Chan  <adachan@apple.com>
+
+        Added workaround for the limitation that VirtualFree with MEM_RELEASE
+        can only accept the base address returned by VirtualAlloc when the region
+        was reserved and it can only free the entire region, and not a part of it.
+
+        Reviewed by Oliver Hunt.
+
+        * runtime/MarkStack.h:
+        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
+        * runtime/MarkStackWin.cpp:
+        (JSC::MarkStack::releaseStack):
+
+2009-08-12  Balazs Kelemen  <kelemen.balazs.3@stud.u-szeged.hu>
+
+        Reviewed by Ariya Hidayat.
+
+        Build fix: use std::numeric_limits<long long>::min() instead of LLONG_MIN
+        since LLONG_MIN is not defined in standard c++.
+
+        * runtime/UString.cpp:
+        (JSC::UString::from):
+
+2009-08-12  Benjamin Otte  <otte@gnome.org>
+
+        Reviewed by Jan Alonzo.
+
+        Buildfix for Gtk platforms debug builds.
+
+        * GNUmakefile.am: Choose MarkStackPosix.cpp or MarkStackWin.cpp
+        depending on platform.
+
+2009-08-12  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Prospective build fix for Mac and 32-bit Windows.
+
+        * runtime/UString.cpp: Include wtf/StringExtras.h for snprintf.
+        (JSC::UString::from): Use %lld instead of %I64d for snprintf
+        on non-windows platforms.
+
+2009-08-12  Prasanth Ullattil  <prasanth.ullattil@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix compile error on 64Bit Windows, when UString::from
+        is called with an intptr_t.
+
+        Added new UString::From overload with long long parameter.
+
+        Thanks to Holger for the long long idea.
+
+        * runtime/UString.cpp:
+        (JSC::UString::from):
+        * runtime/UString.h:
+
+2009-08-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Minor style fixes.
+
+        * runtime/UString.h:
+        (JSC::UString::Rep::createEmptyBuffer):
+        * wtf/FastMalloc.h:
+        (WTF::TryMallocReturnValue::getValue):
+
+2009-08-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Make it harder to misuse try* allocation routines
+        https://bugs.webkit.org/show_bug.cgi?id=27469
+
+        Jump through a few hoops to make it much harder to accidentally
+        miss null-checking of values returned by the try-* allocation
+        routines.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::increaseVectorLength):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncLink):
+        * runtime/UString.cpp:
+        (JSC::allocChars):
+        (JSC::reallocChars):
+        (JSC::expandCapacity):
+        (JSC::UString::Rep::reserveCapacity):
+        (JSC::UString::expandPreCapacity):
+        (JSC::createRep):
+        (JSC::concatenate):
+        (JSC::UString::spliceSubstringsWithSeparators):
+        (JSC::UString::replaceRange):
+        (JSC::UString::append):
+        (JSC::UString::operator=):
+        * runtime/UString.h:
+        (JSC::UString::Rep::createEmptyBuffer):
+        * wtf/FastMalloc.cpp:
+        (WTF::tryFastZeroedMalloc):
+        (WTF::tryFastMalloc):
+        (WTF::tryFastCalloc):
+        (WTF::tryFastRealloc):
+        (WTF::TCMallocStats::tryFastMalloc):
+        (WTF::TCMallocStats::tryFastCalloc):
+        (WTF::TCMallocStats::tryFastRealloc):
+        * wtf/FastMalloc.h:
+        (WTF::TryMallocReturnValue::TryMallocReturnValue):
+        (WTF::TryMallocReturnValue::~TryMallocReturnValue):
+        (WTF::TryMallocReturnValue::operator PossiblyNull<T>):
+        (WTF::TryMallocReturnValue::getValue):
+        * wtf/Platform.h:
+        * wtf/PossiblyNull.h: Added.
+        (WTF::PossiblyNull::PossiblyNull):
+        (WTF::PossiblyNull::~PossiblyNull):
+        (WTF::::getValue):
+
+2009-08-11  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY (build fix part deux).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-11  Gavin Barraclough  <barraclough@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-11  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Restrict use of FuncDeclNode & FuncExprNode to the parser.
+        https://bugs.webkit.org/show_bug.cgi?id=28209
+
+        These objects were also being referenced from the CodeBlock.  By changing this
+        to just retain pointers to FunctionBodyNodes these classes can be restricted to
+        use during parsing.
+
+        No performance impact (or sub-percent progression).
+
+        * JavaScriptCore.exp:
+            Update symbols.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::mark):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::addFunction):
+        (JSC::CodeBlock::function):
+            Unify m_functions & m_functionExpressions into a single Vector<RefPtr<FuncExprNode> >.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::addConstant):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        * bytecompiler/BytecodeGenerator.h:
+            FunctionStacks now contain FunctionBodyNodes not FuncDeclNodes.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::privateExecute):
+            Update to reflect chnages in CodeBlock.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_new_func_exp):
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::):
+            Update to reflect chnages in CodeBlock.
+
+        * parser/Grammar.y:
+            FunctionStacks now contain FunctionBodyNodes not FuncDeclNodes.
+
+        * parser/NodeConstructors.h:
+        (JSC::FuncExprNode::FuncExprNode):
+        (JSC::FuncDeclNode::FuncDeclNode):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::mark):
+        (JSC::FunctionBodyNode::finishParsing):
+        * parser/Nodes.h:
+        (JSC::FunctionBodyNode::ident):
+            Move m_ident & make methods from FuncDeclNode & FuncExprNode to FunctionBodyNode.
+
+        * runtime/JSFunction.h:
+        (JSC::FunctionBodyNode::make):
+            Make this method inline (was FuncDeclNode::makeFunction).
+
+2009-08-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Native JSON.stringify does not omit functions
+        https://bugs.webkit.org/show_bug.cgi?id=28117
+
+        Objects that are callable should be treated as undefined when
+        serialising to JSON.
+
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::appendStringifiedValue):
+
+2009-08-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        REGRESSION: Hang/crash in BytecodeGenerator::constRegisterFor loading simple page
+        https://bugs.webkit.org/show_bug.cgi?id=28169
+
+        Handle the case where someone has attempted to shadow a property
+        on the global object with a constant.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::constRegisterFor):
+        * parser/Nodes.cpp:
+        (JSC::ConstDeclNode::emitCodeSingle):
+
+2009-08-11  John Gregg  <johnnyg@google.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Desktop Notifications API
+        https://bugs.webkit.org/show_bug.cgi?id=25463
+
+        Adds ENABLE_NOTIFICATION flag.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * wtf/Platform.h:
+
+2009-08-11  Maxime Simon  <simon.maxime@gmail.com>
+
+        Reviewed by Eric Seidel.
+
+        Modifications on JavaScriptCore to allow Haiku port.
+        https://bugs.webkit.org/show_bug.cgi?id=28121
+
+        * runtime/Collector.cpp: Haiku doesn't have sys/mman.h, using OS.h instead.
+        (JSC::currentThreadStackBase): Haiku uses its own threading system.
+        * wtf/Platform.h: Defining all Haiku platform values.
+        * wtf/haiku/MainThreadHaiku.cpp: Adding a missing header (NotImplemented.h).
+
+2009-08-11  Jessie Berlin  <jberlin@apple.com>
+
+        Reviewed by Adam Roben.
+
+        Fix windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-11  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Buildfix for Qt-win platforms.
+
+        * JavaScriptCore.pri: Choose MarkStackPosix.cpp or MarkStackWin.cpp depend on platform.
+
+2009-08-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (And another build fix).
+
+        Add new exports for MSVC
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-08-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (yet another build fix).
+
+        Remove obsolete entries from MSVC exports file
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-10  Oliver Hunt  <oliver@apple.com>
+
+        Add includes needed for non-allinonefile builds
+
+        * runtime/GetterSetter.h:
+        * runtime/ScopeChain.h:
+
+2009-08-10  Oliver Hunt  <oliver@apple.com>
+
+        Fix export file for last build fix
+
+        * JavaScriptCore.exp:
+
+2009-08-10  Oliver Hunt  <oliver@apple.com>
+
+        Hoist page size initialization into platform specific code.
+
+        * jit/ExecutableAllocatorPosix.cpp:
+        * jit/ExecutableAllocatorWin.cpp:
+        * runtime/MarkStack.h:
+        (JSC::MarkStack::pageSize):
+        * runtime/MarkStackPosix.cpp:
+        (JSC::MarkStack::initializePagesize):
+        * runtime/MarkStackWin.cpp:
+        (JSC::MarkStack::initializePagesize):
+
+2009-08-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Stack overflow crash in JavaScript garbage collector mark pass
+        https://bugs.webkit.org/show_bug.cgi?id=12216
+
+        Make the GC mark phase iterative by using an explicit mark stack.
+        To do this marking any single object is performed in multiple stages
+          * The object is appended to the MarkStack, this sets the marked
+            bit for the object using the new markDirect() function, and then
+            returns
+          * When the MarkStack is drain()ed the object is popped off the stack
+            and markChildren(MarkStack&) is called on the object to collect 
+            all of its children.  drain() then repeats until the stack is empty.
+
+        Additionally I renamed a number of methods from 'mark' to 'markAggregate'
+        in order to make it more clear that marking of those object was not
+        going to result in an actual recursive mark.
+
+        * GNUmakefile.am
+        * JavaScriptCore.exp:
+        * JavaScriptCore.gypi:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::markAggregate):
+        * bytecode/CodeBlock.h:
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::markAggregate):
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::markChildren):
+        * debugger/DebuggerActivation.h:
+        * interpreter/Register.h:
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::markGlobals):
+        (JSC::RegisterFile::markCallFrames):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::markAggregate):
+        (JSC::EvalNode::markAggregate):
+        (JSC::FunctionBodyNode::markAggregate):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::markAggregate):
+        * runtime/ArgList.cpp:
+        (JSC::MarkedArgumentBuffer::markLists):
+        * runtime/ArgList.h:
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::markChildren):
+        * runtime/Arguments.h:
+        * runtime/Collector.cpp:
+        (JSC::Heap::markConservatively):
+        (JSC::Heap::markCurrentThreadConservativelyInternal):
+        (JSC::Heap::markCurrentThreadConservatively):
+        (JSC::Heap::markOtherThreadConservatively):
+        (JSC::Heap::markStackObjectsConservatively):
+        (JSC::Heap::markProtectedObjects):
+        (JSC::Heap::collect):
+        * runtime/Collector.h:
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::markChildren):
+        * runtime/GetterSetter.h:
+        (JSC::GetterSetter::GetterSetter):
+        (JSC::GetterSetter::createStructure):
+        * runtime/GlobalEvalFunction.cpp:
+        (JSC::GlobalEvalFunction::markChildren):
+        * runtime/GlobalEvalFunction.h:
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::markChildren):
+        * runtime/JSActivation.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::markChildren):
+        * runtime/JSArray.h:
+        * runtime/JSCell.h:
+        (JSC::JSCell::markCellDirect):
+        (JSC::JSCell::markChildren):
+        (JSC::JSValue::markDirect):
+        (JSC::JSValue::markChildren):
+        (JSC::JSValue::hasChildren):
+        (JSC::MarkStack::append):
+        (JSC::MarkStack::drain):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::markChildren):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::JSGlobalObject::markChildren):
+        * runtime/JSGlobalObject.h:
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::markChildren):
+        * runtime/JSNotAnObject.h:
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::markAggregate):
+        (JSC::JSONObject::markStringifiers):
+        * runtime/JSONObject.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::markChildren):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        * runtime/JSObject.h:
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::markChildren):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::createStructure):
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        * runtime/JSStaticScopeObject.cpp:
+        (JSC::JSStaticScopeObject::markChildren):
+        * runtime/JSStaticScopeObject.h:
+        * runtime/JSType.h:
+        (JSC::):
+        * runtime/JSValue.h:
+        * runtime/JSWrapperObject.cpp:
+        (JSC::JSWrapperObject::markChildren):
+        * runtime/JSWrapperObject.h:
+        * runtime/MarkStack.cpp: Added.
+        (JSC::MarkStack::compact):
+        * runtime/MarkStack.h: Added.
+        (JSC::):
+        (JSC::MarkStack::MarkStack):
+        (JSC::MarkStack::append):
+        (JSC::MarkStack::appendValues):
+        (JSC::MarkStack::~MarkStack):
+        (JSC::MarkStack::MarkSet::MarkSet):
+        (JSC::MarkStack::pageSize):
+        
+        MarkStackArray is a non-shrinking, mmap-based vector type
+        used for storing objects to be marked.
+        (JSC::MarkStack::MarkStackArray::MarkStackArray):
+        (JSC::MarkStack::MarkStackArray::~MarkStackArray):
+        (JSC::MarkStack::MarkStackArray::expand):
+        (JSC::MarkStack::MarkStackArray::append):
+        (JSC::MarkStack::MarkStackArray::removeLast):
+        (JSC::MarkStack::MarkStackArray::isEmpty):
+        (JSC::MarkStack::MarkStackArray::size):
+        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
+        * runtime/MarkStackPosix.cpp: Added.
+        (JSC::MarkStack::allocateStack):
+        (JSC::MarkStack::releaseStack):
+        * runtime/MarkStackWin.cpp: Added.
+        (JSC::MarkStack::allocateStack):
+        (JSC::MarkStack::releaseStack):
+
+        * runtime/ScopeChain.h:
+        * runtime/ScopeChainMark.h:
+        (JSC::ScopeChain::markAggregate):
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStrings::mark):
+        * runtime/Structure.h:
+        (JSC::Structure::markAggregate):
+
+2009-08-10  Mark Rowe  <mrowe@apple.com>
+        
+        Reviewed by Darin Adler.
+
+        Fix hundreds of "pointer being freed was not allocated" errors seen on the build bot.
+
+        * wtf/FastMalloc.h: Implement nothrow variants of the delete and delete[] operators since
+        we implement the nothrow variants of new and new[].  The nothrow variant of delete is called
+        explicitly in the implementation of std::sort which was resulting in FastMalloc-allocated
+        memory being passed to the system allocator to free.
+
+2009-08-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        [Gtk] Unreviewed build fix. Move JSAPIValueWrapper.cpp/.h in the debug
+        section. This file is already part of AllInOneFile in Release builds.
+
+        * GNUmakefile.am:
+
+2009-08-10  Darin Adler  <darin@apple.com>
+
+        * wtf/FastMalloc.h: Fix build.
+
+2009-08-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        FastMalloc.h has cross-platform code but marked as WinCE-only
+        https://bugs.webkit.org/show_bug.cgi?id=28160
+
+        1) The support for nothrow was inside #if PLATFORM(WINCE) even though it is
+           not platform-specific.
+        2) The code tried to override operator delete nothrow, which does not exist.
+        3) The code in the header checks the value of USE_SYSTEM_MALLOC, but the code
+           in FastMalloc.cpp checks only if the macro is defined.
+
+        * wtf/FastMalloc.h: See above.
+        * wtf/FastMalloc.cpp: Ditto.
+
+2009-08-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Fix an annoying indentation issue.
+
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+
+2009-08-10  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed build fix.
+
+        Add new files to makefile.
+
+        * GNUmakefile.am:
+
+2009-08-10  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Fix compilation with the interpreter instead of the JIT by including
+        PrototypeFunction.h as forward-declared through NativeFunctionWrapper.h.
+
+        * runtime/ObjectConstructor.cpp:
+
+2009-08-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by George Staikos.
+
+        JSON.stringify replacer returning undefined does not omit object properties
+        https://bugs.webkit.org/show_bug.cgi?id=28118
+
+        Correct behaviour of stringify when using a replacer function that returns
+        undefined.  This is a simple change to move the undefined value check to
+        after the replacer function is called.  This means that the replacer function
+        is now called for properties with the value undefined, however i've confirmed
+        that this behaviour is correct.
+        
+        In addition I've made the cyclic object exception have a more useful error
+        message.
+
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::appendStringifiedValue):
+
+2009-08-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Eric Seidel and Sam Weinig.
+
+        [ES5] Implement Object.getPrototypeOf
+        https://bugs.webkit.org/show_bug.cgi?id=28114
+
+        Implement getPrototypeOf
+
+        * runtime/CommonIdentifiers.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::objectConsGetPrototypeOf):
+        * runtime/ObjectConstructor.h:
+
+2009-08-07  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Eric Seidel.
+
+        Allow custom memory allocation control for Noncopyable class
+        https://bugs.webkit.org/show_bug.cgi?id=27879
+
+        Several classes which are inherited from Noncopyable are instantiated by
+        operator new, so Noncopyable class has been inherited from FastAllocBase.
+
+        * wtf/Noncopyable.h:
+
+2009-08-07  George Staikos <george.staikos@torchmobile.com> 
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27305
+        Implement WinCE-specific unicode layer.
+        Written by George Staikos <george.staikos@torchmobile.com>
+        with bug fixes by Yong Li <yong.li@torchmobile.com>
+        refactored by Joe Mason <joe.mason@torchmobile.com> 
+
+        * wtf/Platform.h:
+        * wtf/unicode/Unicode.h:
+        * wtf/unicode/wince/UnicodeWince.cpp: Added.
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::isPrintableChar):
+        (WTF::Unicode::isSpace):
+        (WTF::Unicode::isLetter):
+        (WTF::Unicode::isUpper):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::toTitleCase):
+        (WTF::Unicode::direction):
+        (WTF::Unicode::category):
+        (WTF::Unicode::decompositionType):
+        (WTF::Unicode::combiningClass):
+        (WTF::Unicode::mirroredChar):
+        (WTF::Unicode::digitValue):
+        * wtf/unicode/wince/UnicodeWince.h: Added.
+        (WTF::Unicode::):
+        (WTF::Unicode::isSeparatorSpace):
+        (WTF::Unicode::isHighSurrogate):
+        (WTF::Unicode::isLowSurrogate):
+        (WTF::Unicode::isArabicChar):
+        (WTF::Unicode::hasLineBreakingPropertyComplexContext):
+        (WTF::Unicode::umemcasecmp):
+        (WTF::Unicode::surrogateToUcs4):
+
+2009-08-07  Yongjun Zhang  <yongjun.zhang@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=28069
+
+        Add inline to help winscw compiler resolve specialized argument in 
+        templated functions.  
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::Lexer::lexString):
+
+2009-08-07  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Eric Seidel.
+
+        Allow custom memory allocation control for RegExpObjectData struct
+        http://bugs.webkit.org/show_bug.cgi?id=26750
+
+        Inherits RegExpObjectData struct from FastAllocBase because
+        it has been instantiated by 'new' in JavaScriptCore/runtime/RegExpObject.cpp:62
+
+        * runtime/RegExpObject.h:
+
+2009-08-06  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Updated patch for bug #27059:
+        Symbian platform always uses little endian encoding,
+        regardless of compiler.
+        We need to make sure that we correctly detect EABI architecture
+        for armv5 targets on Symbian,
+        where __EABI__ is set but not __ARM_EABI__
+
+        * wtf/Platform.h:
+
+2009-08-06  Adam Barth  <abarth@webkit.org>
+
+        Unreviewed revert.
+
+        http://bugs.webkit.org/show_bug.cgi?id=27879
+
+        Revert 46877 because it broke GTK.
+
+        * wtf/Noncopyable.h:
+
+2009-08-06  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Make get_by_id/put_by_id/method_check/call defer optimization using a data flag rather than a code modification.
+        ( https://bugs.webkit.org/show_bug.cgi?id=27635 )
+
+        This improves performance of ENABLE(ASSEMBLER_WX_EXCLUSIVE) builds by 2-2.5%, reducing the overhead to about 2.5%.
+        (No performance impact with ASSEMBLER_WX_EXCLUSIVE disabled).
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::printStructureStubInfo):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * bytecode/CodeBlock.h:
+        (JSC::):
+        (JSC::CallLinkInfo::seenOnce):
+        (JSC::CallLinkInfo::setSeen):
+        (JSC::MethodCallLinkInfo::seenOnce):
+        (JSC::MethodCallLinkInfo::setSeen):
+            - Change a pointer in CallLinkInfo/MethodCallLinkInfo to use a PtrAndFlags, use a flag to track when an op has been executed once.
+
+        * bytecode/StructureStubInfo.cpp:
+        (JSC::StructureStubInfo::deref):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * bytecode/StructureStubInfo.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::StructureStubInfo::initGetByIdSelf):
+        (JSC::StructureStubInfo::initGetByIdProto):
+        (JSC::StructureStubInfo::initGetByIdChain):
+        (JSC::StructureStubInfo::initGetByIdSelfList):
+        (JSC::StructureStubInfo::initGetByIdProtoList):
+        (JSC::StructureStubInfo::initPutByIdTransition):
+        (JSC::StructureStubInfo::initPutByIdReplace):
+        (JSC::StructureStubInfo::seenOnce):
+        (JSC::StructureStubInfo::setSeen):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID, add a flag to track when an op has been executed once.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitGetById):
+        (JSC::BytecodeGenerator::emitPutById):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::unlinkCall):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSlowCase):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
+            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
+
+        * jit/JITStubs.h:
+        (JSC::JITThunks::ctiStringLengthTrampoline):
+        (JSC::JITStubs::):
+            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
+
+        * wtf/PtrAndFlags.h:
+        (WTF::PtrAndFlags::PtrAndFlags):
+        (WTF::PtrAndFlags::operator!):
+        (WTF::PtrAndFlags::operator->):
+            - Add ! and -> operators, add constuctor with pointer argument.
+
+2009-08-06  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Adam Barth.
+
+        Allow custom memory allocation control for Noncopyable class
+        https://bugs.webkit.org/show_bug.cgi?id=27879
+
+        Several classes which inherited from Noncopyable are instantiated by
+        operator new, so Noncopyable class has been inherited from FastAllocBase.
+
+        * wtf/Noncopyable.h:
+
+2009-08-06  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Add explicit dependencies for our build verification scripts to ensure that they always run after linking has completed.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-08-06  Mark Rowe  <mrowe@apple.com>
+
+        Bring a little order to our otherwise out of control lives.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-08-06  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's PolymorphicAccessStructureList struct
+        https://bugs.webkit.org/show_bug.cgi?id=27877
+
+        Inherits PolymorphicAccessStructureList struct from FastAllocBase because it has been instantiated by
+        'new' in JavaScriptCore/jit/JITStubs.cpp:1229.
+
+        * bytecode/Instruction.h:
+
+2009-08-05  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's ScopeNodeData struct
+        https://bugs.webkit.org/show_bug.cgi?id=27875
+
+        Inherits ScopeNodeData struct from FastAllocBase because it has been instantiated by
+        'new' in JavaScriptCore/parser/Nodes.cpp:1848.
+
+        * parser/Nodes.h:
+
+2009-08-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Add floating point support for generic ARM port.
+        https://bugs.webkit.org/show_bug.cgi?id=24986
+
+        * assembler/ARMAssembler.cpp:
+        (JSC::ARMAssembler::doubleTransfer):
+        * assembler/ARMAssembler.h:
+        (JSC::ARM::):
+        (JSC::ARMAssembler::):
+        (JSC::ARMAssembler::faddd_r):
+        (JSC::ARMAssembler::fsubd_r):
+        (JSC::ARMAssembler::fmuld_r):
+        (JSC::ARMAssembler::fcmpd_r):
+        (JSC::ARMAssembler::fdtr_u):
+        (JSC::ARMAssembler::fdtr_d):
+        (JSC::ARMAssembler::fmsr_r):
+        (JSC::ARMAssembler::fsitod_r):
+        (JSC::ARMAssembler::fmstat):
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::):
+        (JSC::MacroAssemblerARM::supportsFloatingPoint):
+        (JSC::MacroAssemblerARM::loadDouble):
+        (JSC::MacroAssemblerARM::storeDouble):
+        (JSC::MacroAssemblerARM::addDouble):
+        (JSC::MacroAssemblerARM::subDouble):
+        (JSC::MacroAssemblerARM::mulDouble):
+        (JSC::MacroAssemblerARM::convertInt32ToDouble):
+        (JSC::MacroAssemblerARM::branchDouble):
+        * jit/JIT.h:
+
+2009-08-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Add JIT support for generic ARM port without optimizations.
+        https://bugs.webkit.org/show_bug.cgi?id=24986
+
+        All JIT optimizations are disabled.
+
+        Signed off by Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+        Signed off by Gabor Loki <loki@inf.u-szeged.hu>
+
+        * assembler/ARMAssembler.cpp:
+        (JSC::ARMAssembler::baseIndexTransfer32):
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::Imm32::Imm32):
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::store32):
+        (JSC::MacroAssemblerARM::move):
+        (JSC::MacroAssemblerARM::branch32):
+        (JSC::MacroAssemblerARM::add32):
+        (JSC::MacroAssemblerARM::sub32):
+        (JSC::MacroAssemblerARM::load32):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getBytecodeIndex):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        * jit/JITOpcodes.cpp:
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        (JSC::JITStackFrame::returnAddressSlot):
+        * wtf/Platform.h:
+
+2009-08-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Oiver Hunt.
+
+        Revert r46643 since this breaks the Yarr::Interpreter running the v8 tests.
+        https://bugs.webkit.org/show_bug.cgi?id=27874
+
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::allocDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeDisjunctionContext):
+        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
+
+2009-08-04  Oliver Hunt  <oliver@apple.com>
+
+        PPC64 Build fix
+
+        * wtf/Platform.h:
+
+2009-08-04  Benjamin C Meyer  <benjamin.meyer@torchmobile.com>
+
+        Reviewed by Adam Treat
+
+        Explicitly include limits.h header when using INT_MAX and INT_MIN
+
+        * interpreter/Interpreter.cpp
+
+2009-08-03  Harald Fernengel  <harald.fernengel@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Fix compile error for ambigous call to abs()
+        https://bugs.webkit.org/show_bug.cgi?id=27873
+
+        Fix ambiguity in abs(long int) call by calling labs() instead
+
+        * wtf/DateMath.cpp: replace call to abs() with labs()
+
+2009-08-03  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        [Qt] Consolidate common gcc flags to WebKit.pri
+        https://bugs.webkit.org/show_bug.cgi?id=27934
+
+        * JavaScriptCore.pro:
+
+2009-08-03  Ada Chan  <adachan@apple.com>
+
+        Fixed the Tiger build.
+
+        * wtf/FastMalloc.cpp:
+
+2009-08-03  Ada Chan  <adachan@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Don't use background thread to scavenge memory on Tiger until we figure out why it causes a crash.
+        https://bugs.webkit.org/show_bug.cgi?id=27900
+
+        * wtf/FastMalloc.cpp:
+
+2009-08-03  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by Jan Alonzo.
+
+        Fix build break on Gtk/x86_64.
+        https://bugs.webkit.org/show_bug.cgi?id=27936
+
+        Use JSVALUE64 for X86_64 LINUX, except Qt.
+
+        * wtf/Platform.h:
+
+2009-08-02  Xan Lopez  <xlopez@igalia.com>
+
+        Fix the GTK+ build.
+
+        * wtf/Platform.h:
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Disabled JSVALUE32_64 on Qt builds, since all layout tests mysteriously
+        crash with it enabled.
+
+        * wtf/Platform.h:
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Qt build fix.
+
+        Added JSAPIValueWrapper.cpp to the build.
+
+        * JavaScriptCore.pri:
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix.
+
+        Exported symbols for JSAPIValueWrapper.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        GTK build fix.
+
+        * jit/JITStubs.cpp: #include <stdarg.h>, for a definition of va_start.
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Qt build fix.
+        
+        * runtime/Collector.cpp: #include <limits.h>, for a definition of ULONG_MAX.
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix: Nixed JSImmediate::prototype, JSImmediate::toObject,
+        and JSImmediate::toThisObject, and removed their exported symbols.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * runtime/JSImmediate.cpp:
+        * runtime/JSImmediate.h:
+
+2009-08-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Enabled JSVALUE32_64 by default on all platforms other than x86_64 (which uses JSVALUE64).
+
+        * wtf/Platform.h:
+
+2009-08-02  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Jan Alonzo.
+
+        Script for building the JavaScriptCore library for wx.
+        https://bugs.webkit.org/show_bug.cgi?id=27619
+
+        * wscript: Added.
+
+2009-08-02  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        DateMath depends on strftime and localtime, which need to be imported manually on WinCE
+        https://bugs.webkit.org/show_bug.cgi?id=26558
+
+        * wtf/DateMath.cpp:
+
+2009-08-01  David Kilzer  <ddkilzer@apple.com>
+
+        wtf/Threading.h: added include of Platform.h
+
+        Reviewed by Mark Rowe.
+
+        * wtf/Threading.h: Added #include "Platform.h" since this header
+        uses PLATFORM() and other macros.
+
+2009-08-01  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Roll out r46668 as it was misinformed.  ScopeChain is only used with placement new.
+
+        * runtime/ScopeChain.h:
+
+2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Allow custom memory allocation control for JavaScriptCore's HashMap class
+        http://bugs.webkit.org/show_bug.cgi?id=27871
+
+        Inherits HashMap class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/API/JSClassRef.cpp:148.
+
+        * wtf/RefPtrHashMap.h:
+        (WTF::):
+
+2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Allow custom memory allocation control for JavaScriptCore's ScopeChain class
+        https://bugs.webkit.org/show_bug.cgi?id=27834
+
+        Inherits ScopeChain class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/JSFunction.h:109.
+
+        * runtime/ScopeChain.h:
+
+2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's RegExpConstructorPrivate struct 
+        https://bugs.webkit.org/show_bug.cgi?id=27833
+
+        Inherits RegExpConstructorPrivate class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/RegExpConstructor.cpp:152.
+
+        * runtime/RegExpConstructor.cpp:
+
+2009-07-31  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        Resurrect the old GetTickCount implementation of currentTime, controlled by WTF_USE_QUERY_PERFORMANCE_COUNTER
+        currentSystemTime taken from older WebKit; currentTime written by Yong Li <yong.li@torchmobile.com>; cleanup by Joe Mason <joe.mason@torchmobile.com>
+        https://bugs.webkit.org/show_bug.cgi?id=27848
+
+        * wtf/CurrentTime.cpp:
+        (WTF::currentSystemTime): get current time with GetCurrentFT
+        (WTF::currentTime): track msec elapsed since first currentSystemTime call using GetTickCount
+        * wtf/Platform.h:
+
+2009-07-31  Ada Chan  <adachan@apple.com>
+
+        Fixes the Windows release-PGO build.
+
+        Reviewed by Jon Honeycutt.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Suppresses the warning about unreachable code that we get by adding "return 0" to WTF::TCMalloc_PageHeap::runScavengerThread().
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::runScavengerThread): Fixes the error about the method not returning a value in the release-PGO build.
+
+2009-07-31  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Change malloc to fastMalloc and free to fastFree in Yarr's RegexInterpreter.cpp
+        https://bugs.webkit.org/show_bug.cgi?id=27874
+
+        Use fastMalloc and fastFree instead of malloc and free in RegexInterpreter.cpp's methods.
+
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::allocDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeDisjunctionContext):
+        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
+
+2009-07-30  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Jan Alonzo.
+
+        Fix compiler warning.
+
+        GCC does not like C++-style comments in preprocessor directives.
+
+        * wtf/Platform.h:
+
+2009-07-30  John McCall  <rjmccall@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Optimize the X86_64 trampolines: avoid the need for filler arguments
+        and move the stub-args area closer to the stack pointer.
+
+        * jit/JIT.h: adjust patch offsets because of slight code-size change 
+        * jit/JITCode.h:
+        (JSC::JITCode::execute): don't pass filler args
+        * jit/JITStubs.cpp:
+        (ctiTrampoline): (X86_64): push args onto stack, use args directly
+        (ctiVMThrowTrampoline): (X86_64): adjust %rsp by correct displacement
+        (ctiOpThrowNotCaught): (X86_64): adjust %rsp by correct displacement
+        * jit/JITStubs.h:
+        (JITStackFrame): (X86_64): move args area earlier
+        (ctiTrampoline): remove filler args from prototype
+
+2009-07-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Temporarily revert r46618 since this is b0rking on Linux.
+
+2009-07-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Make get_by_id/put_by_id/method_check/call defer optimization using a data flag rather than a code modification.
+        ( https://bugs.webkit.org/show_bug.cgi?id=27635 )
+
+        This improves performance of ENABLE(ASSEMBLER_WX_EXCLUSIVE) builds by 2-2.5%, reducing the overhead to about 2.5%.
+        (No performance impact with ASSEMBLER_WX_EXCLUSIVE disabled).
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::printStructureStubInfo):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * bytecode/CodeBlock.h:
+        (JSC::):
+        (JSC::CallLinkInfo::seenOnce):
+        (JSC::CallLinkInfo::setSeen):
+        (JSC::MethodCallLinkInfo::seenOnce):
+        (JSC::MethodCallLinkInfo::setSeen):
+            - Change a pointer in CallLinkInfo/MethodCallLinkInfo to use a PtrAndFlags, use a flag to track when an op has been executed once.
+
+        * bytecode/StructureStubInfo.cpp:
+        (JSC::StructureStubInfo::deref):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * bytecode/StructureStubInfo.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::StructureStubInfo::initGetByIdSelf):
+        (JSC::StructureStubInfo::initGetByIdProto):
+        (JSC::StructureStubInfo::initGetByIdChain):
+        (JSC::StructureStubInfo::initGetByIdSelfList):
+        (JSC::StructureStubInfo::initGetByIdProtoList):
+        (JSC::StructureStubInfo::initPutByIdTransition):
+        (JSC::StructureStubInfo::initPutByIdReplace):
+        (JSC::StructureStubInfo::seenOnce):
+        (JSC::StructureStubInfo::setSeen):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID, add a flag to track when an op has been executed once.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitGetById):
+        (JSC::BytecodeGenerator::emitPutById):
+            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::unlinkCall):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSlowCase):
+            - Remove the "don't lazy link" stage of calls.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
+            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
+
+        * jit/JITStubs.h:
+        (JSC::JITThunks::ctiStringLengthTrampoline):
+        (JSC::JITStubs::):
+            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
+
+        * wtf/PtrAndFlags.h:
+        (WTF::PtrAndFlags::PtrAndFlags):
+        (WTF::PtrAndFlags::operator!):
+        (WTF::PtrAndFlags::operator->):
+            - Add ! and -> operators, add constuctor with pointer argument.
+
+2009-07-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fixed failing tests seen on Windows buildbot.
+
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::): Use "int" instead of "bool" to guarantee a 32-bit result,
+        regardless of compiler. gcc on mac uses 32-bit values for bool,
+        but gcc on linux and MSVC on Windows use 8-bit values.
+
+2009-07-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix: added missing symbols on Windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix: removed stale symbols on Windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+=== End merge of nitro-extreme branch 2009-07-30 ===
+
+2009-07-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed a post-review typo in r46066 that caused tons of test failures.
+        
+        SunSpider reports no change.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray): Initialize the full vector capacity, to avoid
+        uninitialized members at the end.
+
+2009-07-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows WebKit build fix: Added some missing exports.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Get the branch working on windows.
+        https://bugs.webkit.org/show_bug.cgi?id=27391
+        
+        SunSpider says 0.3% faster.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Updated
+        MSVC export lists to fix linker errors.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added / removed
+        new / old project files.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Used #pragma pack to tell
+        MSVC that these structures represent actual memory layout, and should not be
+        automatically aligned. Changed the return value load to load a 64bit quantity
+        into the canonical registers.
+
+        * jit/JIT.h: Moved OBJECT_OFFSETOF definition to StdLibExtras.h because
+        it's needed by more than just the JIT, and it supplements a standard library
+        macro (offsetof).
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame): Fixed an incorrectly signed
+        cast to resolve an MSVC warning.
+
+        * jit/JITStubs.h: Used #pragma pack to tell MSVC that these structures
+        represent actual memory layout, and should not be automatically aligned. 
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray): Replaced memset_pattern8 with a for loop, since
+        memset_pattern8 is not portable. (I verified that this version of the loop
+        gives the best performance / generated code in GCC.)
+
+        * runtime/JSObject.h:
+        (JSC::JSObject::JSObject): Removed accidental usage of FIELD_OFFSET --
+        OBJECT_OFFSETOF is our new macro name. (FIELD_OFFSET conflicts with a
+        definition in winnt.h.)
+
+        * runtime/JSValue.cpp: Added some headers needed by non-all-in-one builds.
+        
+        * runtime/JSValue.h:
+        (JSC::JSValue::): Made the tag signed, to match MSVC's signed enum values.
+        (GCC doesn't seem to care one way or the other.)
+
+        * wtf/MainThread.cpp: Moved the StdLibExtras.h #include -- I did this a
+        while ago to resolve a conflict with winnt.h. I can't remember if it's truly
+        still needed, but what the heck.
+
+        * wtf/StdLibExtras.h: Moved OBJECT_OFFSETOF definition here.
+
+2009-07-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig (?).
+        
+        Fixed an assertion seen during the stress test.
+        
+        Don't assume that, if op1 is constant, op2 is not, and vice versa. Sadly,
+        not all constants get folded.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+
+2009-07-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Include op_convert_this in result caching.
+        
+        No change on SunSpider or v8.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_convert_this):
+
+        * jit/JITStubs.cpp:
+        (JSC::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::): Made the op_convert_this JIT stub return an EncodedJSValue, so
+        to maintain the result caching contract that { tag, payload } can be
+        found in { regT1, regT0 }.
+
+2009-07-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented result chaining.
+        
+        1% faster on SunSpider. 4%-5% faster on v8.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::move):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movl_rr): Added an optimization to eliminate
+        no-op mov instructions, to simplify chaining.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        * jit/JIT.h: Added data members and helper functions for recording
+        chained results. We record both a mapping from virtual to machine register
+        and the opcode for which the mapping is valid, to help ensure that the
+        mapping isn't used after the mapped register has been stomped by other
+        instructions.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase): Chain function call results.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadTag):
+        (JSC::JIT::emitLoadPayload):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoad2):
+        (JSC::JIT::isLabeled):
+        (JSC::JIT::map):
+        (JSC::JIT::unmap):
+        (JSC::JIT::isMapped):
+        (JSC::JIT::getMappedPayload):
+        (JSC::JIT::getMappedTag): Use helper functions when loading virtual
+        registers into machine registers, in case the loads can be eliminated
+        by chaining.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov):
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_next_pname):
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_catch): Chain results from these opcodes.
+
+        (JSC::JIT::emit_op_profile_will_call):
+        (JSC::JIT::emit_op_profile_did_call): Load the profiler into regT2 to
+        avoid stomping a chained result.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_get_by_id): Chain results from these opcodes.
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Always use { regT1, regT0 }, to facilitate
+        chaining.
+
+        (JSC::JITStubCall::call): Unmap all mapped registers, since our callee
+        stub might stomp them.
+
+2009-07-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Don't reload values in emitBinaryDoubleOp.
+
+        SunSpider reports a 0.6% progression. 
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-07-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Convert op_div to load op1 and op2 up front.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_div):
+
+2009-07-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Don't emit code in emitBinaryDoubleOp if code is unreachable, observable
+        via an empty (unlinked) jumplist passed in.  This only effects op_jnless
+        and op_jnlesseq at present.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Converted op_mod to put { tag, payload } in { regT1, regT0 }, and
+        tidied up its constant case.
+        
+        SunSpider reports a 0.2% regression, but a micro-benchmark of op_mod
+        shows a 12% speedup, and the SunSpider test that uses op_mod most should
+        benefit a lot from result caching in the end, since it almost always
+        performs (expression) % constant.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-06-30  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Converted some more arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Converted some more arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }, and added a case for subtract constant.
+        
+        SunSpider says no change. v8 says 0.3% slower.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSub32Constant):
+        (JSC::JIT::emitSlow_op_sub):
+
+2009-06-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove more uses of addressFor(), load double constants directly from
+        the constantpool in the CodeBlock, rather than from the register file.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a bug in postfix ops, where we would treat x = x++ and x = x--
+        as a no-op, even if x were not an int, and the ++/-- could have side-effects.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Converted some arithmetic ops to put { tag, payload } in
+        { regT1, regT0 }.
+        
+        SunSpider says 0.7% faster. v8 says no change.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_bitxor):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::isOperandConstantImmediateInt):
+        (JSC::JIT::getOperandConstantImmediateInt):
+
+2009-06-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Start removing cases of addressFor().
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadDouble):
+        (JSC::JIT::emitLoadInt32ToDouble):
+        (JSC::JIT::emitStoreDouble):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolled back in my last patch with regression fixed.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emitSlow_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolled out my last patch because it was a 2% SunSpider regression.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin "Sam Weinig" Barraclough.
+        
+        Standardized the rest of our opcodes to put { tag, payload } in
+        { regT1, regT0 } where possible.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emitSlow_op_resolve_global):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+
+2009-06-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Replace calls to store32(tagFor()) and store32(payloadFor())
+        with emitStoreInt32(), emitStoreBool(), and emitStoreCell().
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emit_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::emit_op_load_varargs):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitStoreInt32):
+        (JSC::JIT::emitStoreCell):
+        (JSC::JIT::emitStoreBool):
+        (JSC::JIT::emitStore):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::call):
+
+2009-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized the rest of the property access instructions to put { tag,
+        payload } in { regT1, regT0 }.
+
+        Small v8 speedup, 0.2% SunSpider slowdown.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoad2):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::patchPutByIdReplace):
+
+2009-06-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Various cleanups.
+        - Use fpRegT* instead of X86::xmm*.
+        - Use a switch statement in emitBinaryDoubleOp instead of a bunch of
+          if/elses.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+
+2009-06-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add inline code dealing with doubles for op_jfalse and op_jtrue.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::):
+        (JSC::MacroAssemblerX86Common::zeroDouble):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-06-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Standardized op_get_by_id to put { tag, payload } in { regT1, regT0 }.
+        
+        SunSpider and v8 report maybe 0.2%-0.4% regressions, but the optimization
+        this enables will win much more than that back.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2009-06-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Standardized op_call to put { tag, payload } in { regT1, regT0 }.
+        
+        SunSpider and v8 report no change.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+
+2009-06-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Handle multiplying by zero a little better by
+        inlining the case that both operands are non-negative
+        into the slowpath.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::branchOr32):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Optimize x++ to ++x inside for loops.
+        
+        Sadly, no measurable speedup, but this should help with result chaining.
+
+        * parser/Nodes.cpp:
+        (JSC::ForNode::emitBytecode):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emitSlow_op_negate):
+        * jit/JITCall.cpp:
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emitSlow_op_construct_verify):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_true):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+
+2009-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig (sort of, maybe).
+        
+        Fixed some ASSERTs in http/tests/security.
+        
+        These ASSERTs were introduced by http://trac.webkit.org/changeset/45057,
+        but the underlying problem was actually older. http://trac.webkit.org/changeset/45057
+        just exposed the problem by enabling optimization in more cases.
+        
+        The ASSERTs fired because we tested PropertySlot::slotBase() for validity,
+        but slotBase() ASSERTs if it's invalid, so we would ASSERT before
+        the test could happen. Solution: Remove the ASSERT. Maybe it was valid
+        once, but it clearly goes against a pattern we've deployed of late.
+        
+        The underlying problem was that WebCore would re-use a PropertySlot in
+        the case of a forwarding access, and the second use would not completely
+        overwrite the first use. Solution: Make sure to overwrite m_offset when
+        setting a value on a PropertySlot. (Other values already get implicitly
+        overwritten during reuse.)
+
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot):
+        (JSC::PropertySlot::setValueSlot):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setRegisterSlot):
+        (JSC::PropertySlot::setUndefined):
+        (JSC::PropertySlot::slotBase):
+        (JSC::PropertySlot::clearOffset):
+
+2009-06-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Enable JIT_OPTIMIZE_METHOD_CALLS on the branch, implementation matches current implemenatation in ToT.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emitSlow_op_method_check):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::compileGetByIdSlowCase):
+
+2009-06-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bit off a tiny bit more of standardizing opcode behavior to help with result
+        caching.
+        
+        SunSpider reports no change, v8 maybe a tiny speedup.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emitSlow_op_to_jsnumber):
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emitSlow_op_convert_this):
+
+2009-06-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bit off a tiny bit more of standardizing opcode behavior to help with result
+        caching -- including removing my old enemy, op_resolve_function, because
+        it was non-standard, and removing it felt better than helping it limp along.
+        
+        SunSpider reports no change, v8 maybe a tiny speedup.
+        
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emitSlow_op_to_primitive):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallResolveNode::emitBytecode):
+
+2009-06-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Bit off a tiny bit of standardizing opcode behavior to help with result
+        caching.
+        
+        0.6% SunSpider speedup. 0.3% v8 speedup.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoad): Accomodate a base register that overlaps with payload
+        by loading tag before payload, to avoid stomping base/payload.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov): Abide by the standard "tag in regT1, payload in
+        regT0" semantics.
+
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var): Ditto. Also, removed some irrelevent
+        loads while I was at it. The global object's "d" pointer never changes
+        after construction.
+
+2009-06-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove 'arguments' field from Register union (again).
+        This time do so without breaking tests (radical, I know).
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::optionalCalleeArguments):
+        (JSC::ExecState::setArgumentCount):
+        (JSC::ExecState::init):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * interpreter/Register.h:
+        (JSC::Register::withInt):
+        (JSC::Register::):
+        (JSC::Register::Register):
+        (JSC::Register::i):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        * runtime/Arguments.h:
+        (JSC::JSActivation::copyRegisters):
+        (JSC::Register::arguments):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+
+2009-06-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed some result register tracking cruft in preparation for a new
+        result tracking mechanism.
+        
+        SunSpider reports no change.
+
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::JmpDst::JmpDst): No need to track jump targets in
+        machine code; we already do this in bytecode.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        (JSC::JIT::emitTimeoutCheck): Make sure to save and restore the result
+        registers, so an opcode with a timeout check can still benefit from result
+        register caching.
+
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases): Removed calls to killLastResultRegister()
+        in preparation for something new.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
+        (JSC::JIT::emitGetFromCallFrameHeader32):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_jsr):
+        (JSC::JIT::emit_op_sret):
+        (JSC::JIT::emit_op_jmp_scopes): ditto
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::getArgument): added a mechanism for reloading an argument
+        you passed to a JIT stub, for use in emitTimeoutCheck.
+
+2009-06-23  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove now-useless inplace variants of binary ops.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emit_op_mul):
+
+2009-06-23  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Move off memory operands to aid in re-enabling result caching.
+
+        - No regression measured.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emitBitAnd32InPlace):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emitBitOr32InPlace):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emitBitXor32InPlace):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitAdd32InPlace):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32Constant):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emitSub32InPlaceLeft):
+        (JSC::JIT::emitSub32InPlaceRight):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitMul32InPlace):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emit_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emit_op_to_jsnumber):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+
+2009-06-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some missing and/or misplaced labels in bytecode generation, so
+        we don't have to work around them in JIT code generation.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpSubroutine):
+        * parser/Nodes.cpp:
+        (JSC::TryNode::emitBytecode):
+
+2009-06-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        For member function calls, emit "this" directly into the "this" slot
+        for the function call, instead of moving it there later. This reduces
+        time spent in op_mov during certain calls, like "a.b.c()".
+        
+        1%-2% speedup on v8, mostly richards and delta-blue.
+
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallDotNode::emitBytecode):
+
+2009-06-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove 'arguments' field from Register union.  Having JSCell derived types in the union is
+        dangerous since it opens the possibility for the field to be written as a raw pointer but
+        then read as a JSValue.  This will lead to statle data being read for the tag, which may
+        be dangerous.  Having removed Arguments* types form Register, all arguments objects must
+        always explicitly be stored in the register file as JSValues.
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::optionalCalleeArguments):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * interpreter/Register.h:
+        (JSC::Register::):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        * runtime/Arguments.h:
+        (JSC::JSActivation::copyRegisters):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+
+2009-06-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add back known this value optimization by abstracting
+        slow case if not JSCell jumps.
+
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::linkSlowCaseIfNotJSCell):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emitSlow_op_instanceof):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+
+2009-06-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some of the regression in crypto-aes.js. (8.5% speedup in
+        crypto-aes.js.)
+        
+        SunSpider reports no change overall.
+        
+        Division was producing double results, which took the slow path through
+        array access code.
+        
+        Strangely, all my attempts at versions of this patch that modified array
+        access code to accept ints encoded as doubles along the fast or slow paths
+        were regressions. So I did this instead.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_div): When dividing an int by an int, go ahead and try
+        to turn the result into an int. Don't just do int division, though, because
+        testing shows it to be slower than SSE double division, and the corner
+        cases are pretty complicated / lengthy on top of that. Also, don't try
+        to canonicalize division of known tiny numerators into ints, since that's a
+        waste of time.
+
+2009-05-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a regression caused by my recent fix for NaN.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp): Actually do the comparison in reverse
+        order, like the ChangeLog said we would, bokay?
+
+2009-05-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig and Oliver Hunt.
+        
+        Fixed two edge cases in %:
+        
+        - Don't do -2147483648 % x as a fast case, since you might do -2147483648 % -1,
+        which will signal a hardware exception due to overflow.
+
+        - In the case of a zero remainder, be sure to store negative zero if the
+        dividend was zero.
+        
+        SunSpider reports no change.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-05-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed a regression when comparing to NaN.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp): For op_jnless and op_jnless_eq, do the
+        comparison in reverse order, and jump if the result is below or 
+        below-or-equal. This ensures that we do jump in the case of NaN.
+
+2009-05-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        SunSpider says no change.
+        
+        Fixed regressions in fast/js/var-declarations-shadowing.html and
+        fast/js/equality.html, caused by recent == and != optimizations.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_eq): Don't treat "compare to string" as always
+        numeric or string comparison. If the second operand is an object, you
+        need to ToPrimitive it, and start all over again. Also, I wrote out each
+        of the possible cases explicitly, to cut down on redundant branching.
+
+2009-05-25  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix bug in fast/js/constant-folding.html where we were not negating
+        -0 properly.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+
+2009-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Refactored new slow case codegen for == and !=.
+        
+        SunSpider reports no change, maybe a tiny speedup.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emitSlow_op_neq): Made a vptr comparison a *Ptr operation,
+        instead of *32, to make it portable to 64bit. Reorganized the string
+        and generic cases to make their control flow a little clearer.
+
+2009-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Optimized == and != for our new value representation -- especially for strings.
+        
+        14% speedup on date-format-tofte.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_eq_strings):
+        (JSC::JITStubs::cti_op_call_eval):
+        * jit/JITStubs.h:
+        (JSC::):
+        * runtime/JSValue.h:
+
+2009-05-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix non-SSE enabled builds.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_add): Don't early return here, we still need to call the JIT stub.
+        (JSC::JIT::emitSlow_op_sub): Ditto.
+
+2009-05-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Here's a thought: let's not take a jit stub call just to multiply by 1,
+        bokay?
+        
+        imul doesn't set the zero flag, so to test for a zero result, we need
+        an explicit instruction. (Luckily, it does set the overflow flag, so
+        we can still use that.)
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32InPlace):
+
+2009-05-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey "Premature Commit" Garen.
+
+        Add back constant integer cases for op_add.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32Constant):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateDouble):
+        (JSC::JIT::isOperandConstantImmediateDouble):
+
+2009-05-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added fast double cases for op_jnless and op_jnlesseq.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::JumpList::jumps): New accesor, used by
+        addSlowCase.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::ucomisd_rm): New method for comparing register to
+        memory.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_div): Modified emitBinaryDoubleOp to accept comparison/jump
+        operations in addition to operations with explicit result registers.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::addSlowCase): Added an "addSlowCase" for JumpLists, so clients
+        can track multiple jumps to the same slow case condition together.
+
+2009-05-21  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Implement op_negate inline fast cases.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::neg32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::negl_m):
+        (JSC::X86Assembler::xorpd_rr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emitSlow_op_negate):
+
+2009-05-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Update the patchOffsetGetByIdSlowCaseCall constant for the
+        case that OPCODE_SAMPLING is enabled.
+
+        * jit/JIT.h:
+
+2009-05-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Added support for inline subtraction of doubles.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlowSub32InPlaceLeft):
+        (JSC::JIT::emitBinaryDoubleOp):
+
+2009-05-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Added support for inline division.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::divsd_rr):
+        (JSC::X86Assembler::divsd_mr):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitBinaryOp):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emitSlow_op_div):
+
+2009-05-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Added support for inline addition of doubles.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32InPlace):
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+
+2009-05-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Factored inline double operations into a helper function, so that we
+        can reuse this code for other math operations.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+
+2009-05-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added support for inline multiplication of doubles.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::cvtsi2sd_mr): New function, useful for loading an
+        int32 into a double register.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul): Filled out these cases for double arithmetic.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::addressFor): New function, useful for addressing a JSValue's
+        full 64bits as a double.
+
+2009-05-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement and enable optimized calls.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Add ENABLE(JIT_OPTIMIZE_CALL) guards
+        around the the optimize call only trampolines (virtualCallPreLink and virtualCallLink).
+        Update the trampolines to account for the new JSValue representation.
+        (JSC::JIT::unlinkCall): Use NULL instead of JSValue noValue. 
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall): Update to account for the new JSValue representation
+        (JSC::JIT::compileOpCallSlowCase): Ditto.
+
+        * jit/JITStubs.h: Remove incorrect !ENABLE(JIT_OPTIMIZE_CALL) guard.
+
+        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_CALL.
+
+2009-05-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement and enable optimized property access.
+
+        * assembler/AbstractMacroAssembler.h: Fix comment.
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines): Remove array length trampoline
+        and implement the string length trampoline.
+        * jit/JIT.h: Add new constants for patch offsets.
+        * jit/JITInlineMethods.h: Remove FIELD_OFFSET which is now in StdLibExtras.h.
+        * jit/JITPropertyAccess.cpp: 
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::compilePutDirectOffset):
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Add version of addArgument that takes
+        two registers for the tag and payload.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::JITStubs): Remove array length trampoline pointer.
+        (JSC::JITStubs::cti_op_get_by_id_self_fail): 
+        * jit/JITStubs.h:
+        * runtime/JSObject.h:
+        (JSC::JSObject::JSObject): Move m_inheritorID below the property storage
+        to align it to a 16 byte boundary.
+        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
+        * wtf/StdLibExtras.h: Move FIELD_OFFSET here.
+
+2009-05-17  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove unneeded ExecState parameter from the number JSValue constructors.
+
+        * runtime/JSValue.h:
+        (JSC::jsNumber):
+        (JSC::jsNaN):
+        (JSC::JSValue::JSValue):
+
+2009-05-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented fast path for op_put_by_val when putting to arrays.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+
+2009-05-15  Geoffrey Garen  <ggaren@apple.com> (Mostly by Sam)
+
+        Reviewed by Sam Weinig.
+        
+        Implemented fast path for op_get_by_val when accessing array.
+
+        * jit/JIT.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a failure in fast/js/math-transforms.html caused by failing to
+        preserve -0 in multiplication.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::jz):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32Constant):
+        (JSC::JIT::emitMul32InPlace): Check both for overflow and for zero when
+        doing multiplication. Use a slow case to get these right.
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a bug in the varargs calling convention.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs): Move the argument count into regT1,
+        since that's where ctiVirtualCall expects it to be.
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fixed a small bug in instanceof's looping code.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof): NULL means the object has no prototype,
+        so only loop when *not* equal to NULL.
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a small bug in instanceof's result writing code.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof): Make sure to fill out the payload bits
+        in all cases.
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Removed an invalid assertion in cti_op_urshift which
+        depended on a fast path for op_urshift which has
+        never existed.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_urshift):
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed loop_if_true, which had the same reversed test that jtrue had.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_true):
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        In op_neq, we apparently want to check that one value
+        does *not* equal another.  Go figure.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_neq):
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        The slow case of op_mod should call op_mod's jit stub,
+        not op_mul.  That would be dumb.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_mod):
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed problems when using 'arguments' due to a half-initialized register.
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::setCalleeArguments):
+        (JSC::ExecState::init): Require a full JSValue when setting up the 
+        'arguments' virtual register, since this register is accessible from JIT
+        code and bytecode, and needs to be a true JSValue.
+
+        * interpreter/CallFrameClosure.h:
+        (JSC::CallFrameClosure::resetCallFrame): ditto
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute): ditto
+
+        * interpreter/Register.h: Removed the constructor that allowed assignment
+        of a JSArguments* to a register. That is not safe. See above.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_create_arguments):
+        (JSC::JITStubs::cti_op_create_arguments_no_params): ditto
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        We really want to go to the slow case in op_jfalse and
+        op_jtrue if the value is *not* boolean. 
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jtrue):
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Flipped the condition when emitting a an op_loop_if_less or op_loop_if_lesseq
+        if the first operand is a constant.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Added missing return in op_jnless and op_jnlesseq. 
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+
+2009-05-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Load constants into the the register file as a temporary measure to
+        aid bring up.  This allows us to use to treat constants like any
+        other virtual register.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emit_op_enter_with_activation):
+
+2009-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_strict_eq. Original patch by Snowy, by way of Sam and Gavin.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8): Added set8, since it's slightly
+        faster than set32, and the new value representation usually doesn't
+        need set32.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadTag):
+        (JSC::JIT::emitLoadPayload): Added helper functions for dealing with
+        constants. Eventually, we should write special cases for all constants,
+        but these are helpful in the short term.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlow_op_stricteq):
+        (JSC::JIT::emitSlow_op_nstricteq): teh opcodez.
+
+        * runtime/JSValue.h:
+        (JSC::JSValue::):
+        (JSC::JSValue::isDouble): Added a LowestTag for clarity.
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed some bugs in host function calls.
+        
+        testapi now passes!
+
+        * jit/JIT.cpp: Changed some registers around to avoid overwriting edx:eax,
+        which is how JSValues are now returned. Also changed the code that
+        passes thisValue to pass the full 64bits of the value. Also added
+        an #error compiler directive to other platform builds, since the JSValue
+        return signature probably won't return in edx:eax on those platforms,
+        and we'll have to investigate a solution.
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed parameters from functions that are intended never to use their
+        parameters.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Ported op_instance_of from TOT. It's basically the same, but some register
+        stuff changed to memory stuff.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitStore): Changed to use helper functions.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emitSlow_op_instanceof): Ported from TOT.
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        Added a comment to explain an exception-handling subtelty that we found
+        hard to remember when reviewing my last patch.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_catch):
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented try/catch.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw): Updated to use JITStackFrame abstraction.
+        (JSC::JIT::emit_op_catch): Filled out.
+
+2009-05-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_loop_if_true, op_jfalse, op_jtrue, op_jeq_null and op_jneq_null
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_instanceof): Moved from below to be next to its
+        fast brother.
+
+        (JSC::JIT::emit_op_loop_if_true): Similar to the old version
+        in that it tries to do the integer case first and reduce the
+        number of jumps you might need to take.
+        (JSC::JIT::emitSlow_op_loop_if_true):
+
+        (JSC::JIT::emit_op_jfalse): Very similar to op_loop_if_true, only
+        the inverse and without a timeout check.
+        (JSC::JIT::emitSlow_op_jfalse):
+
+        (JSC::JIT::emit_op_jtrue): Very similar to op_loop_if_true except
+        without the timeout check.
+        (JSC::JIT::emitSlow_op_jtrue):
+
+        (JSC::JIT::emit_op_jeq_null): Very similar to the implementation
+        of op_eq, except it takes jumps instead of copying the condition
+        to a dst.
+        (JSC::JIT::emit_op_jneq_null): Ditto but for op_neq.
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_call_varargs.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::emit_op_call):
+        (JSC::JIT::emit_op_call_eval):
+        (JSC::JIT::emit_op_load_varargs):
+        (JSC::JIT::emit_op_call_varargs):
+        (JSC::JIT::emit_op_construct):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jneq_ptr):
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_call_eval.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITStubCall.h:
+        (JSC::CallEvalJITStub::CallEvalJITStub):
+
+2009-05-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Implemented op_not. (Gavin did most of the work!)
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emitSlow_op_not):
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented op_global_resolve.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq): Added back accidentally removed
+        early returns. 
+
+        (JSC::JIT::emit_op_resolve_global):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_resolve_global): Pretty similar to the old code,
+        but we need two reads and a TimesEight step in order to account for the
+        64bit value size.
+
+        * jit/JITStubs.h:
+        (JSC::): Slightly tweaked this code to specialize for a JSGlobalObject*,
+        to avoid having to pass an irrelevant tag pointer to the stub.
+
+2009-05-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_to_jsnumber.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emitSlow_op_to_jsnumber):
+
+2009-05-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implemented op_convert_this.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emitSlow_op_convert_this):
+
+2009-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Got basic JS function and constructor calls working.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emitSlow_op_call):
+        (JSC::JIT::emitSlow_op_call_eval):
+        (JSC::JIT::emitSlow_op_call_varargs):
+        (JSC::JIT::emitSlow_op_construct):
+        (JSC::JIT::compileOpCall): Filled out these cases, with call_eval #if'd out.
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitLoad): Restored some legacy "*CTIArg*" functions,
+        since I wanted to avoid the complexity of revamping the API here while
+        trying to bring it up. Eventually, we should re-remove all of these functions.
+
+        (JSC::JIT::recordJumpTarget): Removed unnecessary macro cruft. You will
+        not silence me, Sam Weinig! The world will know that you are a crufty,
+        crufty, crufty programmer!!!
+
+        * jit/JITOpcodes.cpp:
+        * jit/JITStubs.cpp:
+        (JSC::):
+        * jit/JITStubs.h: Changed up some offsets in the JITStackFrame class, since
+        and off-by-one error was causing stack misalignment.
+
+2009-05-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_eq_null and op_neq_null.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8):
+        (JSC::MacroAssemblerX86Common::setTest8):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_stricteq):
+        (JSC::JIT::emitSlow_op_stricteq):
+        (JSC::JIT::emit_op_nstricteq):
+        (JSC::JIT::emitSlow_op_nstricteq):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        * jsc.cpp:
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_new_error.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_new_error):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument): Add a version of addArgument
+        that takes a constant JSValue.
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove now unused emitGetVariableObjectRegister and emitPutVariableObjectRegister.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_to_primitive and op_next_pname.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emitSlow_op_to_primitive):
+        (JSC::JIT::emitSlow_op_loop_if_true):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_next_pname):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add op_get_global_var, op_put_global_var, emit_op_get_scoped_var, emit_op_put_scoped_var and
+        op_unexpected_load.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::tagFor):
+        (JSC::JIT::payloadFor):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitStore):
+        (JSC::JIT::emitLoadReturnValue):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_unexpected_load):
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Added overflow handling to op_sub.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlowSub32InPlaceLeft):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove a function call by folding op_get_by_id and op_put_by_id into
+        their respective compile functions.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Make JITStubCall work in 64bit by making the stack index
+        step dependent on the size of void*.
+
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement simple version of property access opcodes
+        which just call a stub functions.
+
+        * jit/JITOpcodes.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_index):
+        (JSC::JIT::emit_op_put_getter):
+        (JSC::JIT::emit_op_put_setter):
+        (JSC::JIT::emit_op_del_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::addArgument):
+        * jsc.cpp:
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added work-around for XCode debugging echo problem.
+
+        * jsc.cpp:
+        (runInteractive):
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added overflow handling to op_add.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlowAdd32InPlace):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add slow cases for op_jnless or emit_op_jnlesseq.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add implementations for op_jnless, emit_op_jnlesseq, op_loop_if_less and op_loop_if_lesseq.
+        No slow cases for op_jnless or emit_op_jnlesseq yet.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emitSlow_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emitSlow_op_loop_if_lesseq):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Turn the RECORD_JUMP_TARGET macro into an inline function.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::recordJumpTarget):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_jsr):
+        (JSC::JIT::emit_op_jmp_scopes):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Add MacroAssemblerX86Common::set8 to fix the build.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::set8):
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added overflow recovery for pre_inc and pre_dec.
+        
+        Turned some short-circuit code into early returns, as is the WebKit style.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_dec):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_jmp, op_loop, op_eq and op_neq.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_loop):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emitSlow_op_neq):
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emit_op_enter_with_activation):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement the slow cases for arithmetic opcodes.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emitSlow_op_bitand):
+        (JSC::JIT::emitSlow_op_bitor):
+        (JSC::JIT::emitSlow_op_bitxor):
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitSlow_op_mod):
+        (JSC::JIT::emit_op_mod):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement op_bitnot.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::not32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::notl_m):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_bitnot):
+
+2009-05-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add arithmetic opcode implementations from the old nitro-extreme branch.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitBitAnd32Constant):
+        (JSC::JIT::emitBitAnd32InPlace):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emitSlow_op_bitor):
+        (JSC::JIT::emitBitOr32Constant):
+        (JSC::JIT::emitBitOr32InPlace):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emitSlow_op_bitxor):
+        (JSC::JIT::emitBitXor32Constant):
+        (JSC::JIT::emitBitXor32InPlace):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emitSlow_op_bitnot):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitAdd32Constant):
+        (JSC::JIT::emitAdd32InPlace):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::emitSlow_op_sub):
+        (JSC::JIT::emitSub32ConstantLeft):
+        (JSC::JIT::emitSub32ConstantRight):
+        (JSC::JIT::emitSub32InPlaceLeft):
+        (JSC::JIT::emitSub32InPlaceRight):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        (JSC::JIT::emitMul32Constant):
+        (JSC::JIT::emitMul32InPlace):
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+        * jit/JITOpcodes.cpp:
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Removed JIT_OPTIMIZE_ARITHMETIC setting, since it was all about 32bit
+        value representations.
+        
+        Added JSAPIValueWrapper to the repository.
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        * runtime/JSAPIValueWrapper.cpp: Added.
+        (JSC::JSAPIValueWrapper::toPrimitive):
+        (JSC::JSAPIValueWrapper::getPrimitiveNumber):
+        (JSC::JSAPIValueWrapper::toBoolean):
+        (JSC::JSAPIValueWrapper::toNumber):
+        (JSC::JSAPIValueWrapper::toString):
+        (JSC::JSAPIValueWrapper::toObject):
+        * runtime/JSAPIValueWrapper.h: Added.
+        (JSC::JSAPIValueWrapper::value):
+        (JSC::JSAPIValueWrapper::isAPIValueWrapper):
+        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
+        (JSC::jsAPIValueWrapper):
+        * wtf/Platform.h:
+
+2009-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Turned on the JIT and got it building and running the most trivial of
+        programs.
+        
+        All configurable optimizations are turned off, and a few opcodes are ad
+        hoc #if'd out.
+        
+        So far, I've only merged op_mov and op_end, but some stub-reliant
+        opcodes work as-is from TOT.
+        
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * bytecode/CodeBlock.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_lshift):
+        (JSC::JIT::emitSlow_op_lshift):
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emit_op_jnless):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emit_op_jnlesseq):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::emit_op_bitand):
+        (JSC::JIT::emitSlow_op_bitand):
+        (JSC::JIT::emit_op_post_inc):
+        (JSC::JIT::emitSlow_op_post_inc):
+        (JSC::JIT::emit_op_post_dec):
+        (JSC::JIT::emitSlow_op_post_dec):
+        (JSC::JIT::emit_op_pre_inc):
+        (JSC::JIT::emitSlow_op_pre_inc):
+        (JSC::JIT::emit_op_pre_dec):
+        (JSC::JIT::emitSlow_op_pre_dec):
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_sub):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emitSlow_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateInt):
+        (JSC::JIT::isOperandConstantImmediateInt):
+        (JSC::JIT::emitInitRegister):
+        (JSC::JIT::addSlowCase):
+        (JSC::JIT::addJump):
+        (JSC::JIT::emitJumpSlowToHot):
+        (JSC::JIT::tagFor):
+        (JSC::JIT::payloadFor):
+        (JSC::JIT::emitLoad):
+        (JSC::JIT::emitLoadReturnValue):
+        (JSC::JIT::emitStore):
+        (JSC::JIT::emitStoreReturnValue):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_mov):
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_jmp):
+        (JSC::JIT::emit_op_loop):
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emit_op_loop_if_lesseq):
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_get_global_var):
+        (JSC::JIT::emit_op_put_global_var):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_tear_off_activation):
+        (JSC::JIT::emit_op_ret):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emit_op_to_primitive):
+        (JSC::JIT::emit_op_loop_if_true):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_not):
+        (JSC::JIT::emit_op_jfalse):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_jneq_ptr):
+        (JSC::JIT::emit_op_unexpected_load):
+        (JSC::JIT::emit_op_eq):
+        (JSC::JIT::emit_op_bitnot):
+        (JSC::JIT::emit_op_jtrue):
+        (JSC::JIT::emit_op_neq):
+        (JSC::JIT::emit_op_bitxor):
+        (JSC::JIT::emit_op_bitor):
+        (JSC::JIT::emit_op_throw):
+        (JSC::JIT::emit_op_next_pname):
+        (JSC::JIT::emit_op_push_scope):
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_push_new_scope):
+        (JSC::JIT::emit_op_catch):
+        (JSC::JIT::emit_op_switch_imm):
+        (JSC::JIT::emit_op_switch_char):
+        (JSC::JIT::emit_op_switch_string):
+        (JSC::JIT::emit_op_new_error):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emit_op_profile_will_call):
+        (JSC::JIT::emit_op_profile_did_call):
+        (JSC::JIT::emitSlow_op_construct_verify):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitSlow_op_loop_if_less):
+        (JSC::JIT::emitSlow_op_loop_if_lesseq):
+        (JSC::JIT::emitSlow_op_put_by_val):
+        (JSC::JIT::emitSlow_op_not):
+        (JSC::JIT::emitSlow_op_instanceof):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emit_op_put_by_index):
+        (JSC::JIT::emit_op_put_getter):
+        (JSC::JIT::emit_op_put_setter):
+        (JSC::JIT::emit_op_del_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+        (JSC::JITStubCall::call):
+        (JSC::JITStubCall::):
+        (JSC::CallEvalJITStub::CallEvalJITStub):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_switch_imm):
+        * jit/JITStubs.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+        * runtime/JSValue.h:
+        (JSC::JSValue::payload):
+        * wtf/Platform.h:
+
+2009-05-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add some new MacroAssembler and assembler functions that will be needed shortly.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::add32):
+        (JSC::MacroAssemblerX86Common::and32):
+        (JSC::MacroAssemblerX86Common::mul32):
+        (JSC::MacroAssemblerX86Common::neg32):
+        (JSC::MacroAssemblerX86Common::or32):
+        (JSC::MacroAssemblerX86Common::sub32):
+        (JSC::MacroAssemblerX86Common::xor32):
+        (JSC::MacroAssemblerX86Common::branchAdd32):
+        (JSC::MacroAssemblerX86Common::branchMul32):
+        (JSC::MacroAssemblerX86Common::branchSub32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::addl_rm):
+        (JSC::X86Assembler::andl_mr):
+        (JSC::X86Assembler::andl_rm):
+        (JSC::X86Assembler::andl_im):
+        (JSC::X86Assembler::negl_r):
+        (JSC::X86Assembler::notl_r):
+        (JSC::X86Assembler::orl_rm):
+        (JSC::X86Assembler::orl_im):
+        (JSC::X86Assembler::subl_rm):
+        (JSC::X86Assembler::xorl_mr):
+        (JSC::X86Assembler::xorl_rm):
+        (JSC::X86Assembler::xorl_im):
+        (JSC::X86Assembler::imull_mr):
+
+2009-05-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Remove the NumberHeap.
+
+        * JavaScriptCore.exp:
+        * runtime/Collector.cpp:
+        (JSC::Heap::Heap):
+        (JSC::Heap::destroy):
+        (JSC::Heap::recordExtraCost):
+        (JSC::Heap::heapAllocate):
+        (JSC::Heap::markConservatively):
+        (JSC::Heap::sweep):
+        (JSC::Heap::collect):
+        (JSC::Heap::objectCount):
+        (JSC::Heap::statistics):
+        (JSC::typeName):
+        (JSC::Heap::isBusy):
+        * runtime/Collector.h:
+        (JSC::Heap::globalData):
+        * runtime/JSCell.h:
+
+2009-05-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Land initial commit of new number representation for 32 bit platforms,
+        with JIT disabled.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::hasInstance):
+        (JSC::::toNumber):
+        (JSC::::toString):
+        * API/tests/testapi.c:
+        (EvilExceptionObject_convertToType):
+        * AllInOneFile.cpp:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::valueToSourceString):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitUnexpectedLoad):
+        (JSC::keyForImmediateSwitch):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::privateExecute):
+        * parser/Nodes.cpp:
+        (JSC::ArrayNode::emitBytecode):
+        (JSC::processClauseList):
+        * runtime/ArgList.h:
+        * runtime/Collector.h:
+        (JSC::sizeof):
+        * runtime/DateMath.cpp:
+        * runtime/ExceptionHelpers.h:
+        * runtime/InitializeThreading.cpp:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSCell.cpp:
+        * runtime/JSCell.h:
+        (JSC::JSCell::isAPIValueWrapper):
+        (JSC::JSValue::isString):
+        (JSC::JSValue::isGetterSetter):
+        (JSC::JSValue::isObject):
+        (JSC::JSValue::getString):
+        (JSC::JSValue::getObject):
+        (JSC::JSValue::getCallData):
+        (JSC::JSValue::getConstructData):
+        (JSC::JSValue::getUInt32):
+        (JSC::JSValue::marked):
+        (JSC::JSValue::toPrimitive):
+        (JSC::JSValue::getPrimitiveNumber):
+        (JSC::JSValue::toBoolean):
+        (JSC::JSValue::toNumber):
+        (JSC::JSValue::toString):
+        (JSC::JSValue::needsThisConversion):
+        (JSC::JSValue::toThisString):
+        (JSC::JSValue::getJSNumber):
+        (JSC::JSValue::toObject):
+        (JSC::JSValue::toThisObject):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.h:
+        (JSC::Structure::prototypeForLookup):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+        * runtime/JSImmediate.h:
+        * runtime/JSNumberCell.cpp: Removed.
+        * runtime/JSNumberCell.h: Removed.
+        * runtime/JSObject.h:
+        (JSC::JSValue::get):
+        (JSC::JSValue::put):
+        * runtime/JSString.h:
+        (JSC::JSValue::toThisJSString):
+        * runtime/JSValue.cpp:
+        (JSC::JSValue::toInteger):
+        (JSC::JSValue::toIntegerPreserveNaN):
+        (JSC::JSValue::toObjectSlowCase):
+        (JSC::JSValue::toThisObjectSlowCase):
+        (JSC::JSValue::synthesizeObject):
+        (JSC::JSValue::synthesizePrototype):
+        (JSC::JSValue::description):
+        (JSC::nonInlineNaN):
+        * runtime/JSValue.h:
+        (JSC::JSValue::):
+        (JSC::EncodedJSValueHashTraits::emptyValue):
+        (JSC::jsNaN):
+        (JSC::operator==):
+        (JSC::operator!=):
+        (JSC::toInt32):
+        (JSC::toUInt32):
+        (JSC::JSValue::encode):
+        (JSC::JSValue::decode):
+        (JSC::JSValue::JSValue):
+        (JSC::JSValue::operator bool):
+        (JSC::JSValue::operator==):
+        (JSC::JSValue::operator!=):
+        (JSC::JSValue::isUndefined):
+        (JSC::JSValue::isNull):
+        (JSC::JSValue::isUndefinedOrNull):
+        (JSC::JSValue::isCell):
+        (JSC::JSValue::isInt32):
+        (JSC::JSValue::isUInt32):
+        (JSC::JSValue::isDouble):
+        (JSC::JSValue::isTrue):
+        (JSC::JSValue::isFalse):
+        (JSC::JSValue::tag):
+        (JSC::JSValue::asInt32):
+        (JSC::JSValue::asUInt32):
+        (JSC::JSValue::asDouble):
+        (JSC::JSValue::asCell):
+        (JSC::JSValue::isNumber):
+        (JSC::JSValue::isBoolean):
+        (JSC::JSValue::getBoolean):
+        (JSC::JSValue::uncheckedGetNumber):
+        (JSC::JSValue::toJSNumber):
+        (JSC::JSValue::getNumber):
+        (JSC::JSValue::toInt32):
+        (JSC::JSValue::toUInt32):
+        * runtime/Operations.h:
+        (JSC::JSValue::equal):
+        (JSC::JSValue::equalSlowCaseInline):
+        (JSC::JSValue::strictEqual):
+        (JSC::JSValue::strictEqualSlowCaseInline):
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAdd):
+        * runtime/PropertySlot.h:
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncIndexOf):
+        * wtf/Platform.h:
+
+=== Start merge of nitro-extreme branch 2009-07-30 ===
+
+2009-07-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by George Staikos.
+
+        Resolve class/struct mixup in forward declarations
+        https://bugs.webkit.org/show_bug.cgi?id=27708
+
+        * API/JSClassRef.h:
+        * bytecode/SamplingTool.h:
+        * interpreter/Interpreter.h:
+        * jit/JIT.h:
+        * profiler/ProfileGenerator.h:
+        * profiler/Profiler.h:
+        * runtime/ClassInfo.h:
+        * runtime/ExceptionHelpers.h:
+        * runtime/JSByteArray.h:
+        * runtime/JSCell.h:
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.h:
+        * runtime/JSObject.h:
+        * runtime/JSString.h:
+
+2009-07-28  Ada Chan  <adachan@apple.com>        
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27236
+        - Implement TCMalloc_SystemRelease and TCMalloc_SystemCommit for Windows.
+        - Use a background thread to periodically scavenge memory to release back to the system.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::init):
+        (WTF::TCMalloc_PageHeap::runScavengerThread):
+        (WTF::TCMalloc_PageHeap::scavenge):
+        (WTF::TCMalloc_PageHeap::shouldContinueScavenging):
+        (WTF::TCMalloc_PageHeap::New):
+        (WTF::TCMalloc_PageHeap::AllocLarge):
+        (WTF::TCMalloc_PageHeap::Delete):
+        (WTF::TCMalloc_PageHeap::GrowHeap):
+        (WTF::sleep):
+        (WTF::TCMalloc_PageHeap::scavengerThread):
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+        (TCMalloc_SystemCommit):
+        * wtf/TCSystemAlloc.h:
+
+2009-07-28  Xan Lopez  <xlopez@igalia.com>
+
+        Add new files, fixes distcheck.
+
+        * GNUmakefile.am:
+
+2009-07-28  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Determining whether to use JIT or interpreter
+        moved from JavaScriptCore.pri to Platform.h
+
+        * JavaScriptCore.pri:
+        * wtf/Platform.h:
+
+2009-07-27  Brian Weinstein  <bweinstein@apple.com>
+
+        Fix of misuse of sort command.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-27  Brian Weinstein  <bweinstein@apple.com>
+
+        Build fix for Windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-27  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Oliver Hunt.
+
+        Fix tyop in JIT, renamed preverveReturnAddressAfterCall -> preserveReturnAddressAfterCall.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::preserveReturnAddressAfterCall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+
+2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
+
+        Gtk build fix.
+
+        * runtime/JSLock.cpp: (JSC::JSLock::JSLock): Fix "no threading" case.
+
+2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
+
+        Release build fix.
+
+        * runtime/JSLock.h: (JSC::JSLock::~JSLock):
+
+2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27735
+        Give a helpful name to JSLock constructor argument
+
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        (JSPropertyNameArrayRelease):
+        (JSPropertyNameAccumulatorAddName):
+        * JavaScriptCore.exp:
+        * jsc.cpp:
+        (functionGC):
+        (cleanupGlobalData):
+        (jscmain):
+        * runtime/Collector.cpp:
+        (JSC::Heap::destroy):
+        * runtime/JSLock.cpp:
+        (JSC::JSLock::JSLock):
+        (JSC::JSLock::lock):
+        (JSC::JSLock::unlock):
+        (JSC::JSLock::DropAllLocks::DropAllLocks):
+        (JSC::JSLock::DropAllLocks::~DropAllLocks):
+        * runtime/JSLock.h:
+        (JSC::):
+        (JSC::JSLock::JSLock):
+        (JSC::JSLock::~JSLock):
+
+2009-07-25  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Eric Seidel.
+
+        Allow custom memory allocation control for OpaqueJSPropertyNameArray struct
+        https://bugs.webkit.org/show_bug.cgi?id=27342
+
+        Inherits OpaqueJSPropertyNameArray struct from FastAllocBase because it has been
+        instantiated by 'new' JavaScriptCore/API/JSObjectRef.cpp:473.
+
+        * API/JSObjectRef.cpp:
+
+2009-07-24  Ada Chan  <adachan@apple.com>
+
+        In preparation for https://bugs.webkit.org/show_bug.cgi?id=27236:
+        Remove TCMALLOC_TRACK_DECOMMITED_SPANS.  We'll always track decommitted spans.
+        We have tested this and show it has little impact on performance.
+
+        Reviewed by Mark Rowe.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::New):
+        (WTF::TCMalloc_PageHeap::AllocLarge):
+        (WTF::propagateDecommittedState):
+        (WTF::mergeDecommittedStates):
+        (WTF::TCMalloc_PageHeap::Delete):
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+
+2009-07-24  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler and Adam Barth.
+
+        Build fix for x86 platforms.
+        https://bugs.webkit.org/show_bug.cgi?id=27602
+
+        * jit/JIT.cpp:
+
+2009-07-23  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix, adding missing header.
+
+        * jit/JIT.cpp:
+
+2009-07-22  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        Add wince specific memory files into wtf/wince
+        https://bugs.webkit.org/show_bug.cgi?id=27550
+
+        * wtf/wince/FastMallocWince.h: Added.
+        * wtf/wince/MemoryManager.cpp: Added.
+        * wtf/wince/MemoryManager.h: Added.
+
+2009-07-23  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix for missing mmap features in Symbian
+        https://bugs.webkit.org/show_bug.cgi?id=24540
+
+        Fix, conditionally for PLATFORM(SYMBIAN), as an alternative 
+        to missing support for the MAP_ANON property flag in mmap. 
+        It utilizes Symbian specific memory allocation features.
+
+        * runtime/Collector.cpp
+
+2009-07-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        With ENABLE(ASSEMBLER_WX_EXCLUSIVE), only change permissions once per repatch event.
+        ( https://bugs.webkit.org/show_bug.cgi?id=27564 )
+
+        Currently we change permissions forwards and backwards for each instruction modified,
+        instead we should only change permissions once per complete repatching event.
+
+        2.5% progression running with ENABLE(ASSEMBLER_WX_EXCLUSIVE) enabled,
+        which recoups 1/3 of the penalty of running with this mode enabled.
+
+        * assembler/ARMAssembler.cpp:
+        (JSC::ARMAssembler::linkBranch):
+            - Replace usage of MakeWritable with cacheFlush.
+        
+        * assembler/ARMAssembler.h:
+        (JSC::ARMAssembler::patchPointerInternal):
+        (JSC::ARMAssembler::repatchLoadPtrToLEA):
+            - Replace usage of MakeWritable with cacheFlush.
+
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::relinkJump):
+        (JSC::ARMv7Assembler::relinkCall):
+        (JSC::ARMv7Assembler::repatchInt32):
+        (JSC::ARMv7Assembler::repatchPointer):
+        (JSC::ARMv7Assembler::repatchLoadPtrToLEA):
+        (JSC::ARMv7Assembler::setInt32):
+            - Replace usage of MakeWritable with cacheFlush.
+
+        * assembler/LinkBuffer.h:
+        (JSC::LinkBuffer::performFinalization):
+            - Make explicit call to cacheFlush.
+
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
+            - Make size always available.
+
+        * assembler/RepatchBuffer.h:
+        (JSC::RepatchBuffer::RepatchBuffer):
+        (JSC::RepatchBuffer::~RepatchBuffer):
+            - Add calls to MakeWritable & makeExecutable.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::relinkJump):
+        (JSC::X86Assembler::relinkCall):
+        (JSC::X86Assembler::repatchInt32):
+        (JSC::X86Assembler::repatchPointer):
+        (JSC::X86Assembler::repatchLoadPtrToLEA):
+            - Remove usage of MakeWritable.
+
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getJITCode):
+            - Provide access to CodeBlock's JITCode.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::makeExecutable):
+        (JSC::ExecutableAllocator::cacheFlush):
+            - Remove MakeWritable, make cacheFlush public.
+
+        * jit/JIT.cpp:
+        (JSC::ctiPatchNearCallByReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+            - Add CodeBlock argument to RepatchBuffer.
+
+        * jit/JIT.h:
+            - Pass CodeBlock argument for use by RepatchBuffer.
+
+        * jit/JITCode.h:
+        (JSC::JITCode::start):
+        (JSC::JITCode::size):
+            - Provide access to code start & size.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchMethodCallProto):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+            - Add CodeBlock argument to RepatchBuffer.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+            - Pass CodeBlock argument for use by RepatchBuffer.
+
+2009-07-21  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Cache not only the structure of the method, but the
+        structure of its prototype as well.
+        https://bugs.webkit.org/show_bug.cgi?id=27077
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::patchMethodCallProto):
+
+2009-07-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Move call linking / repatching down from AbstractMacroAssembler into MacroAssemblerARCH classes.
+        ( https://bugs.webkit.org/show_bug.cgi?id=27527 )
+
+        This allows the implementation to be defined per architecture.  Specifically this addresses the
+        fact that x86-64 MacroAssembler implements far calls as a load to register, followed by a call
+        to register.  Patching the call actually requires the pointer load to be patched, rather than
+        the call to be patched.  This is implementation detail specific to MacroAssemblerX86_64, and as
+        such is best handled there.
+
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::linkCall):
+        (JSC::MacroAssemblerARM::repatchCall):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::linkCall):
+        (JSC::MacroAssemblerARMv7::repatchCall):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::linkCall):
+        (JSC::MacroAssemblerX86::repatchCall):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::linkCall):
+        (JSC::MacroAssemblerX86_64::repatchCall):
+
+2009-07-21  Adam Treat  <adam.treat@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        Every wtf file includes other wtf files with <> style includes
+        except this one.  Fix the exception.
+
+        * wtf/ByteArray.h:
+
+2009-07-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Move LinkBuffer/RepatchBuffer out of AbstractMacroAssembler.
+        ( https://bugs.webkit.org/show_bug.cgi?id=27485 )
+
+        This change is the first step in a process to move code that should be in
+        the architecture-specific MacroAssembler classes up out of Assmbler and
+        AbstractMacroAssembler.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+            - added new files
+        
+        * assembler/ARMAssembler.h:
+        (JSC::ARMAssembler::linkPointer):
+            - rename patchPointer to bring it in line with the current link/repatch naming scheme
+        
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::linkCall):
+        (JSC::ARMv7Assembler::linkPointer):
+        (JSC::ARMv7Assembler::relinkCall):
+        (JSC::ARMv7Assembler::repatchInt32):
+        (JSC::ARMv7Assembler::repatchPointer):
+        (JSC::ARMv7Assembler::setInt32):
+        (JSC::ARMv7Assembler::setPointer):
+            - rename patchPointer to bring it in line with the current link/repatch naming scheme
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::linkJump):
+        (JSC::AbstractMacroAssembler::linkCall):
+        (JSC::AbstractMacroAssembler::linkPointer):
+        (JSC::AbstractMacroAssembler::getLinkerAddress):
+        (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
+        (JSC::AbstractMacroAssembler::repatchJump):
+        (JSC::AbstractMacroAssembler::repatchCall):
+        (JSC::AbstractMacroAssembler::repatchNearCall):
+        (JSC::AbstractMacroAssembler::repatchInt32):
+        (JSC::AbstractMacroAssembler::repatchPointer):
+        (JSC::AbstractMacroAssembler::repatchLoadPtrToLEA):
+            - remove the LinkBuffer/RepatchBuffer classes, but leave a set of (private, friended) methods to interface to the Assembler
+
+        * assembler/LinkBuffer.h: Added.
+        (JSC::LinkBuffer::LinkBuffer):
+        (JSC::LinkBuffer::~LinkBuffer):
+        (JSC::LinkBuffer::link):
+        (JSC::LinkBuffer::patch):
+        (JSC::LinkBuffer::locationOf):
+        (JSC::LinkBuffer::locationOfNearCall):
+        (JSC::LinkBuffer::returnAddressOffset):
+        (JSC::LinkBuffer::finalizeCode):
+        (JSC::LinkBuffer::finalizeCodeAddendum):
+        (JSC::LinkBuffer::code):
+        (JSC::LinkBuffer::performFinalization):
+            - new file containing the LinkBuffer class, previously a member of AbstractMacroAssembler
+
+        * assembler/RepatchBuffer.h: Added.
+        (JSC::RepatchBuffer::RepatchBuffer):
+        (JSC::RepatchBuffer::relink):
+        (JSC::RepatchBuffer::repatch):
+        (JSC::RepatchBuffer::repatchLoadPtrToLEA):
+        (JSC::RepatchBuffer::relinkCallerToTrampoline):
+        (JSC::RepatchBuffer::relinkCallerToFunction):
+        (JSC::RepatchBuffer::relinkNearCallerToTrampoline):
+            - new file containing the RepatchBuffer class, previously a member of AbstractMacroAssembler
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::linkJump):
+        (JSC::X86Assembler::linkCall):
+        (JSC::X86Assembler::linkPointerForCall):
+        (JSC::X86Assembler::linkPointer):
+        (JSC::X86Assembler::relinkJump):
+        (JSC::X86Assembler::relinkCall):
+        (JSC::X86Assembler::repatchInt32):
+        (JSC::X86Assembler::repatchPointer):
+        (JSC::X86Assembler::setPointer):
+        (JSC::X86Assembler::setInt32):
+        (JSC::X86Assembler::setRel32):
+            - rename patchPointer to bring it in line with the current link/repatch naming scheme
+
+        * jit/JIT.cpp:
+        (JSC::ctiPatchNearCallByReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+            - include new headers
+            - remove MacroAssembler:: specification from RepatchBuffer usage
+
+        * jit/JITPropertyAccess.cpp:
+        * yarr/RegexJIT.cpp:
+            - include new headers
+
+2009-07-21  Robert Agoston  <Agoston.Robert@stud.u-szeged.hu>
+
+        Reviewed by David Levin.
+
+        Fixed #undef typo.
+        https://bugs.webkit.org/show_bug.cgi?id=27506
+
+        * bytecode/Opcode.h:
+
+2009-07-21  Adam Roben  <aroben@apple.com>
+
+        Roll out r46153, r46154, and r46155
+
+        These changes were causing build failures and assertion failures on
+        Windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSArray.cpp:
+        * runtime/StringPrototype.cpp:
+        * runtime/UString.cpp:
+        * runtime/UString.h:
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/Platform.h:
+        * wtf/PossiblyNull.h: Removed.
+
+2009-07-21  Roland Steiner  <rolandsteiner@google.com>
+
+        Reviewed by David Levin.
+
+        Add ENABLE_RUBY to list of build options
+        https://bugs.webkit.org/show_bug.cgi?id=27324
+
+        * Configurations/FeatureDefines.xcconfig: Added flag ENABLE_RUBY.
+
+2009-07-20  Oliver Hunt  <oliver@apple.com>
+
+        Build fix attempt #2
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-20  Oliver Hunt  <oliver@apple.com>
+
+        Build fix attempt #1
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Make it harder to misuse try* allocation routines
+        https://bugs.webkit.org/show_bug.cgi?id=27469
+
+        Jump through a few hoops to make it much harder to accidentally
+        miss null-checking of values returned by the try-* allocation
+        routines.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::increaseVectorLength):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncLink):
+        * runtime/UString.cpp:
+        (JSC::allocChars):
+        (JSC::reallocChars):
+        (JSC::expandCapacity):
+        (JSC::UString::Rep::reserveCapacity):
+        (JSC::UString::expandPreCapacity):
+        (JSC::createRep):
+        (JSC::concatenate):
+        (JSC::UString::spliceSubstringsWithSeparators):
+        (JSC::UString::replaceRange):
+        (JSC::UString::append):
+        (JSC::UString::operator=):
+        * runtime/UString.h:
+        (JSC::UString::Rep::createEmptyBuffer):
+        * wtf/FastMalloc.cpp:
+        (WTF::tryFastZeroedMalloc):
+        (WTF::tryFastMalloc):
+        (WTF::tryFastCalloc):
+        (WTF::tryFastRealloc):
+        (WTF::TCMallocStats::tryFastMalloc):
+        (WTF::TCMallocStats::tryFastCalloc):
+        (WTF::TCMallocStats::tryFastRealloc):
+        * wtf/FastMalloc.h:
+        (WTF::TryMallocReturnValue::TryMallocReturnValue):
+        (WTF::TryMallocReturnValue::~TryMallocReturnValue):
+        (WTF::TryMallocReturnValue::operator Maybe<T>):
+        (WTF::TryMallocReturnValue::getValue):
+        * wtf/PossiblyNull.h:
+        (WTF::PossiblyNull::PossiblyNull):
+        (WTF::PossiblyNull::~PossiblyNull):
+        (WTF::PossiblyNull::getValue):
+        * wtf/Platform.h:
+
+2009-07-20  Gavin Barraclough  <barraclough@apple.com>
+
+        RS Oliver Hunt.
+
+        Add ARM assembler files to xcodeproj, for convenience editing.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-07-20  Jessie Berlin  <jberlin@apple.com>
+
+        Reviewed by David Levin.
+
+        Fix an incorrect assertion in Vector::remove.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=27477
+
+        * wtf/Vector.h:
+        (WTF::::remove):
+        Assert that the position at which to start removing elements + the
+        length (the number of elements to remove) is less than or equal to the
+        size of the entire Vector.
+
+2009-07-20  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27468
+        Back out r46060, which caused problems for some Apple developers.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
+
+2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Allow custom memory allocation control in NewThreadContext
+        https://bugs.webkit.org/show_bug.cgi?id=27338
+
+        Inherits NewThreadContext struct from FastAllocBase because it
+        has been instantiated by 'new' JavaScriptCore/wtf/Threading.cpp:76.
+
+        * wtf/Threading.cpp:
+
+2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Allow custom memory allocation control in JavaScriptCore's JSClassRef.h
+        https://bugs.webkit.org/show_bug.cgi?id=27340
+
+        Inherit StaticValueEntry and StaticFunctionEntry struct from FastAllocBase because these
+        have been instantiated by 'new' in JavaScriptCore/API/JSClassRef.cpp:153
+        and in JavaScriptCore/API/JSClassRef.cpp:166.
+
+        * API/JSClassRef.h:
+
+2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control in JavaScriptCore's RegexPattern.h
+        https://bugs.webkit.org/show_bug.cgi?id=27343
+
+        Inherits RegexPattern.h's structs (which have been instantiated by operator new) from FastAllocBase:
+
+        CharacterClass (new call: JavaScriptCore/yarr/RegexCompiler.cpp:144)
+        PatternAlternative (new call: JavaScriptCore/yarr/RegexPattern.h:221) 
+        PatternDisjunction (new call: JavaScriptCore/yarr/RegexCompiler.cpp:446)
+
+        * yarr/RegexPattern.h:
+
+2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's MatchFrame struct
+        https://bugs.webkit.org/show_bug.cgi?id=27344
+
+        Inherits MatchFrame struct from FastAllocBase because it has
+        been instantiated by 'new' JavaScriptCore/pcre/pcre_exec.cpp:359.
+
+        * pcre/pcre_exec.cpp:
+
+2009-07-20  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Holger Freyther.
+
+        Remove some outdated S60 platform specific code
+        https://bugs.webkit.org/show_bug.cgi?id=27423
+
+        * wtf/Platform.h:
+
+2009-07-20  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        Qt build fix with MSVC and MinGW.
+
+        * jsc.pro: Make sure jsc is a console application, and turn off
+        exceptions and stl support to fix the build.
+
+2009-07-20  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Gustavo Noronha.
+
+        Do not use C++-style comments in preprocessor directives.
+
+        GCC does not like this in some configurations, using C-style
+        comments is safer.
+
+        * wtf/Platform.h:
+
+2009-07-17  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Steve Falkenburg.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27323
+        Only add Cygwin to the path when it isn't already there.  This avoids
+        causing problems for people who purposefully have non-Cygwin versions of
+        executables like svn in front of the Cygwin ones in their paths.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
+
+2009-07-17  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Add YARR support for generic ARM platforms (disabled by default).
+        https://bugs.webkit.org/show_bug.cgi?id=24986
+
+        Add generic ARM port for MacroAssembler. It supports the whole
+        MacroAssembler functionality except floating point.
+
+        The class JmpSrc is extended with a flag which enables to patch
+        the jump destination offset during execution. This feature is
+        required for generic ARM port.
+
+        Signed off by Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
+        Signed off by Gabor Loki <loki@inf.u-szeged.hu>
+
+        * JavaScriptCore.pri:
+        * assembler/ARMAssembler.cpp: Added.
+        (JSC::ARMAssembler::getLdrImmAddress):
+        (JSC::ARMAssembler::linkBranch):
+        (JSC::ARMAssembler::patchConstantPoolLoad):
+        (JSC::ARMAssembler::getOp2):
+        (JSC::ARMAssembler::genInt):
+        (JSC::ARMAssembler::getImm):
+        (JSC::ARMAssembler::moveImm):
+        (JSC::ARMAssembler::dataTransfer32):
+        (JSC::ARMAssembler::baseIndexTransfer32):
+        (JSC::ARMAssembler::executableCopy):
+        * assembler/ARMAssembler.h: Added.
+        (JSC::ARM::):
+        (JSC::ARMAssembler::ARMAssembler):
+        (JSC::ARMAssembler::):
+        (JSC::ARMAssembler::JmpSrc::JmpSrc):
+        (JSC::ARMAssembler::JmpSrc::enableLatePatch):
+        (JSC::ARMAssembler::JmpDst::JmpDst):
+        (JSC::ARMAssembler::JmpDst::isUsed):
+        (JSC::ARMAssembler::JmpDst::used):
+        (JSC::ARMAssembler::emitInst):
+        (JSC::ARMAssembler::and_r):
+        (JSC::ARMAssembler::ands_r):
+        (JSC::ARMAssembler::eor_r):
+        (JSC::ARMAssembler::eors_r):
+        (JSC::ARMAssembler::sub_r):
+        (JSC::ARMAssembler::subs_r):
+        (JSC::ARMAssembler::rsb_r):
+        (JSC::ARMAssembler::rsbs_r):
+        (JSC::ARMAssembler::add_r):
+        (JSC::ARMAssembler::adds_r):
+        (JSC::ARMAssembler::adc_r):
+        (JSC::ARMAssembler::adcs_r):
+        (JSC::ARMAssembler::sbc_r):
+        (JSC::ARMAssembler::sbcs_r):
+        (JSC::ARMAssembler::rsc_r):
+        (JSC::ARMAssembler::rscs_r):
+        (JSC::ARMAssembler::tst_r):
+        (JSC::ARMAssembler::teq_r):
+        (JSC::ARMAssembler::cmp_r):
+        (JSC::ARMAssembler::orr_r):
+        (JSC::ARMAssembler::orrs_r):
+        (JSC::ARMAssembler::mov_r):
+        (JSC::ARMAssembler::movs_r):
+        (JSC::ARMAssembler::bic_r):
+        (JSC::ARMAssembler::bics_r):
+        (JSC::ARMAssembler::mvn_r):
+        (JSC::ARMAssembler::mvns_r):
+        (JSC::ARMAssembler::mul_r):
+        (JSC::ARMAssembler::muls_r):
+        (JSC::ARMAssembler::mull_r):
+        (JSC::ARMAssembler::ldr_imm):
+        (JSC::ARMAssembler::ldr_un_imm):
+        (JSC::ARMAssembler::dtr_u):
+        (JSC::ARMAssembler::dtr_ur):
+        (JSC::ARMAssembler::dtr_d):
+        (JSC::ARMAssembler::dtr_dr):
+        (JSC::ARMAssembler::ldrh_r):
+        (JSC::ARMAssembler::ldrh_d):
+        (JSC::ARMAssembler::ldrh_u):
+        (JSC::ARMAssembler::strh_r):
+        (JSC::ARMAssembler::push_r):
+        (JSC::ARMAssembler::pop_r):
+        (JSC::ARMAssembler::poke_r):
+        (JSC::ARMAssembler::peek_r):
+        (JSC::ARMAssembler::clz_r):
+        (JSC::ARMAssembler::bkpt):
+        (JSC::ARMAssembler::lsl):
+        (JSC::ARMAssembler::lsr):
+        (JSC::ARMAssembler::asr):
+        (JSC::ARMAssembler::lsl_r):
+        (JSC::ARMAssembler::lsr_r):
+        (JSC::ARMAssembler::asr_r):
+        (JSC::ARMAssembler::size):
+        (JSC::ARMAssembler::ensureSpace):
+        (JSC::ARMAssembler::label):
+        (JSC::ARMAssembler::align):
+        (JSC::ARMAssembler::jmp):
+        (JSC::ARMAssembler::patchPointerInternal):
+        (JSC::ARMAssembler::patchConstantPoolLoad):
+        (JSC::ARMAssembler::patchPointer):
+        (JSC::ARMAssembler::repatchInt32):
+        (JSC::ARMAssembler::repatchPointer):
+        (JSC::ARMAssembler::repatchLoadPtrToLEA):
+        (JSC::ARMAssembler::linkJump):
+        (JSC::ARMAssembler::relinkJump):
+        (JSC::ARMAssembler::linkCall):
+        (JSC::ARMAssembler::relinkCall):
+        (JSC::ARMAssembler::getRelocatedAddress):
+        (JSC::ARMAssembler::getDifferenceBetweenLabels):
+        (JSC::ARMAssembler::getCallReturnOffset):
+        (JSC::ARMAssembler::getOp2Byte):
+        (JSC::ARMAssembler::placeConstantPoolBarrier):
+        (JSC::ARMAssembler::RM):
+        (JSC::ARMAssembler::RS):
+        (JSC::ARMAssembler::RD):
+        (JSC::ARMAssembler::RN):
+        (JSC::ARMAssembler::getConditionalField):
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::JmpSrc::enableLatePatch):
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::Call::enableLatePatch):
+        (JSC::AbstractMacroAssembler::Jump::enableLatePatch):
+        * assembler/MacroAssembler.h:
+        * assembler/MacroAssemblerARM.h: Added.
+        (JSC::MacroAssemblerARM::):
+        (JSC::MacroAssemblerARM::add32):
+        (JSC::MacroAssemblerARM::and32):
+        (JSC::MacroAssemblerARM::lshift32):
+        (JSC::MacroAssemblerARM::mul32):
+        (JSC::MacroAssemblerARM::not32):
+        (JSC::MacroAssemblerARM::or32):
+        (JSC::MacroAssemblerARM::rshift32):
+        (JSC::MacroAssemblerARM::sub32):
+        (JSC::MacroAssemblerARM::xor32):
+        (JSC::MacroAssemblerARM::load32):
+        (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
+        (JSC::MacroAssemblerARM::loadPtrWithPatchToLEA):
+        (JSC::MacroAssemblerARM::load16):
+        (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
+        (JSC::MacroAssemblerARM::store32):
+        (JSC::MacroAssemblerARM::pop):
+        (JSC::MacroAssemblerARM::push):
+        (JSC::MacroAssemblerARM::move):
+        (JSC::MacroAssemblerARM::swap):
+        (JSC::MacroAssemblerARM::signExtend32ToPtr):
+        (JSC::MacroAssemblerARM::zeroExtend32ToPtr):
+        (JSC::MacroAssemblerARM::branch32):
+        (JSC::MacroAssemblerARM::branch16):
+        (JSC::MacroAssemblerARM::branchTest32):
+        (JSC::MacroAssemblerARM::jump):
+        (JSC::MacroAssemblerARM::branchAdd32):
+        (JSC::MacroAssemblerARM::mull32):
+        (JSC::MacroAssemblerARM::branchMul32):
+        (JSC::MacroAssemblerARM::branchSub32):
+        (JSC::MacroAssemblerARM::breakpoint):
+        (JSC::MacroAssemblerARM::nearCall):
+        (JSC::MacroAssemblerARM::call):
+        (JSC::MacroAssemblerARM::ret):
+        (JSC::MacroAssemblerARM::set32):
+        (JSC::MacroAssemblerARM::setTest32):
+        (JSC::MacroAssemblerARM::tailRecursiveCall):
+        (JSC::MacroAssemblerARM::makeTailRecursiveCall):
+        (JSC::MacroAssemblerARM::moveWithPatch):
+        (JSC::MacroAssemblerARM::branchPtrWithPatch):
+        (JSC::MacroAssemblerARM::storePtrWithPatch):
+        (JSC::MacroAssemblerARM::supportsFloatingPoint):
+        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
+        (JSC::MacroAssemblerARM::loadDouble):
+        (JSC::MacroAssemblerARM::storeDouble):
+        (JSC::MacroAssemblerARM::addDouble):
+        (JSC::MacroAssemblerARM::subDouble):
+        (JSC::MacroAssemblerARM::mulDouble):
+        (JSC::MacroAssemblerARM::convertInt32ToDouble):
+        (JSC::MacroAssemblerARM::branchDouble):
+        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
+        (JSC::MacroAssemblerARM::ARMCondition):
+        (JSC::MacroAssemblerARM::prepareCall):
+        (JSC::MacroAssemblerARM::call32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::JmpSrc::enableLatePatch):
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+        * wtf/Platform.h:
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateEnter):
+        (JSC::Yarr::RegexGenerator::generateReturn):
+
+2009-07-17  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Extend AssemblerBuffer with constant pool handling mechanism.
+        https://bugs.webkit.org/show_bug.cgi?id=24986
+
+        Add a platform independed constant pool framework.
+        This pool can store 32 or 64 bits values which is enough to hold
+        any integer, pointer or double constant.
+
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::putIntUnchecked):
+        (JSC::AssemblerBuffer::putInt64Unchecked):
+        (JSC::AssemblerBuffer::append):
+        (JSC::AssemblerBuffer::grow):
+        * assembler/AssemblerBufferWithConstantPool.h: Added.
+        (JSC::):
+
+2009-07-17  Eric Roman  <eroman@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Build fix for non-Darwin.
+        Add a guard for inclusion of RetainPtr.h which includes CoreFoundation.h
+
+        https://bugs.webkit.org/show_bug.cgi?id=27382
+
+        * wtf/unicode/icu/CollatorICU.cpp:
+
+2009-07-17  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by John Sullivan.
+
+        Get user default collation order via a CFLocale API when available.
+
+        * wtf/unicode/icu/CollatorICU.cpp: (WTF::Collator::userDefault):
+
+2009-07-17  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Fix the include path for the Symbian port
+        https://bugs.webkit.org/show_bug.cgi?id=27358
+
+        * JavaScriptCore.pri:
+
+2009-07-17  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by David Levin.
+
+        Build fix on platforms don't have MMAP.
+        https://bugs.webkit.org/show_bug.cgi?id=27365
+
+        * interpreter/RegisterFile.h: Including stdio.h irrespectively of HAVE(MMAP)
+
+2009-07-16  Fumitoshi Ukai  <ukai@chromium.org>
+
+        Reviewed by David Levin.
+
+        Add --web-sockets flag and ENABLE_WEB_SOCKETS define.
+        https://bugs.webkit.org/show_bug.cgi?id=27206
+        
+        Add ENABLE_WEB_SOCKETS
+
+        * Configurations/FeatureDefines.xcconfig: add ENABLE_WEB_SOCKETS
+
+2009-07-16  Maxime Simon  <simon.maxime@gmail.com>
+
+        Reviewed by Eric Seidel.
+
+        Added Haiku-specific files for JavaScriptCore.
+        https://bugs.webkit.org/show_bug.cgi?id=26620
+
+        * wtf/haiku/MainThreadHaiku.cpp: Added.
+        (WTF::initializeMainThreadPlatform):
+        (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2009-07-16  Gavin Barraclough  <barraclough@apple.com>
+
+        RS by Oliver Hunt.
+
+        Revert r45969, this fix does not appear to be valid.
+        https://bugs.webkit.org/show_bug.cgi?id=27077
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+
+2009-07-16  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Allow custom memory allocation control in ExceptionInfo and RareData struct
+        https://bugs.webkit.org/show_bug.cgi?id=27336
+
+        Inherits ExceptionInfo and RareData struct from FastAllocBase because these
+        have been instantiated by 'new' in JavaScriptCore/bytecode/CodeBlock.cpp:1289 and
+        in JavaScriptCore/bytecode/CodeBlock.h:453.
+
+        Remove unnecessary WTF:: namespace from CodeBlock inheritance.
+ 
+        * bytecode/CodeBlock.h:
+
+2009-07-16  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Geoff Garen.
+
+        Fix FeatureDefines.xcconfig to not be out of sync with the rest of the world.
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-07-16  Yong Li  <yong.li@torchmobile.com>
+
+         Reviewed by George Staikos.
+
+         https://bugs.webkit.org/show_bug.cgi?id=27320
+         _countof is only included in CE6; for CE5 we need to define it ourself
+
+         * wtf/Platform.h:
+
+2009-07-16  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Workers + garbage collector: weird crashes
+        https://bugs.webkit.org/show_bug.cgi?id=27077
+
+        We need to unlink cached method call sites when a function is destroyed.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        * jit/JIT.cpp:
+        (JSC::JIT::unlinkMethodCall):
+        * jit/JIT.h:
+
+2009-07-15  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows Build fix.
+
+        Visual Studio reset our intermediate directory on us.
+        This sets it back.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+
+2009-07-15  Kwang Yul Seo  <skyul@company100.net>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26794
+        Make Yacc-generated parsers to use fastMalloc/fastFree.
+        
+        Define YYMALLOC and YYFREE to fastMalloc and fastFree
+        respectively.
+
+        * parser/Grammar.y:
+
+2009-07-15  Darin Adler  <darin@apple.com>
+
+        Fix a build for a particular Apple configuration.
+
+        * wtf/FastAllocBase.h: Change include to use "" style for
+        including another wtf header. This is the style we use for
+        including other public headers in the same directory.
+
+2009-07-15  George Staikos  <george.staikos@torchmobile.com>
+
+        Reviewed by Adam Treat.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27303
+        Implement createThreadInternal for WinCE.
+        Contains changes by George Staikos <george.staikos@torchmobile.com> and Joe Mason <joe.mason@torchmobile.com>
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::createThreadInternal):
+
+2009-07-15  Joe Mason  <joe.mason@torchmobile.com>
+
+         Reviewed by George Staikos.
+
+         https://bugs.webkit.org/show_bug.cgi?id=27298
+         Platform defines for WINCE.
+         Contains changes by Yong Li <yong.li@torchmobile.com>,
+         George Staikos <george.staikos@torchmobile.com> and Joe Mason <joe.mason@torchmobile.com>
+
+         * wtf/Platform.h:
+
+2009-07-15  Yong Li  <yong.li@torchmobile.com>
+
+         Reviewed by Adam Treat.
+
+         https://bugs.webkit.org/show_bug.cgi?id=27306
+         Use RegisterClass instead of RegisterClassEx on WinCE.
+
+         * wtf/win/MainThreadWin.cpp:
+         (WTF::initializeMainThreadPlatform):
+
+2009-07-15  Yong Li  <yong.li@torchmobile.com>
+
+         Reviewed by George Staikos.
+
+         https://bugs.webkit.org/show_bug.cgi?id=27301
+         Use OutputDebugStringW on WinCE since OutputDebugStringA is not supported
+         Originally written by Yong Li <yong.li@torchmobile.com> and refactored by
+         Joe Mason <joe.mason@torchmobile.com>
+
+         * wtf/Assertions.cpp: vprintf_stderr_common
+
+2009-07-15  Yong Li  <yong.li@torchmobile.com>
+
+         Reviewed by George Staikos.
+
+         https://bugs.webkit.org/show_bug.cgi?id=27020
+         msToGregorianDateTime should set utcOffset to 0 when outputIsUTC is false
+
+         * wtf/DateMath.cpp:
+         (WTF::gregorianDateTimeToMS):
+
+2009-07-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Cleanup - Remove obsolete code from the make system
+        https://bugs.webkit.org/show_bug.cgi?id=27299
+
+        * JavaScriptCore.pro:
+        * jsc.pro:
+
+2009-07-07  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27056
+
+        Alternate bool operator for codewarrior compiler (WINSCW).
+        Compiler (latest b482) reports error for UnspecifiedBoolType construct:
+        "illegal explicit conversion from 'WTF::OwnArrayPtr<JSC::Register>' to 'bool'"
+
+        Same fix as in r38391.
+
+        * JavaScriptCore/wtf/OwnArrayPtr.h:
+
+2009-07-15  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Qualify include path with wtf to fix compilation
+        on Symbian.
+        https://bugs.webkit.org/show_bug.cgi?id=27055
+
+        * interpreter/Interpreter.h:
+
+2009-07-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Dave Kilzer.
+
+        Turn off non-portable date manipulations for SYMBIAN
+        https://bugs.webkit.org/show_bug.cgi?id=27064
+
+        Introduce HAVE(TM_GMTOFF), HAVE(TM_ZONE) and HAVE(TIMEGM) guards 
+        and place the rules for controlling the guards in Platform.h.
+        Turn off these newly introduced guards for SYMBIAN.
+
+        * wtf/DateMath.cpp:
+        (WTF::calculateUTCOffset):
+        * wtf/DateMath.h:
+        (WTF::GregorianDateTime::GregorianDateTime):
+        (WTF::GregorianDateTime::operator tm):
+        * wtf/Platform.h:
+
+2009-07-15  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Undef ASSERT on Symbian, to avoid excessive warnings
+        https://bugs.webkit.org/show_bug.cgi?id=27052
+
+        * wtf/Assertions.h:
+
+2009-07-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Simon Hausmann.
+
+        REGRESSION: fast/js/postfix-syntax.html fails with interpreter
+        https://bugs.webkit.org/show_bug.cgi?id=27294
+
+        When postfix operators operating on locals assign to the same local
+        the order of operations has to be to store the incremented value, then
+        store the unmodified number.  Rather than implementing this subtle
+        semantic in the interpreter I've just made the logic explicit in the
+        bytecode generator, so x=x++ effectively becomes x=ToNumber(x) (for a
+        local var x).
+
+        * parser/Nodes.cpp:
+        (JSC::emitPostIncOrDec):
+
+2009-07-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Simon Hausmann.
+
+        REGRESSION(43559): fast/js/kde/arguments-scope.html fails with interpreter
+        https://bugs.webkit.org/show_bug.cgi?id=27259
+
+        The interpreter was incorrectly basing its need to create the arguments object
+        based on the presence of the callframe's argument reference rather than the local
+        arguments reference.  Based on this it then overrode the local variable reference.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-07-14  Steve Falkenburg  <sfalken@apple.com>
+
+        Reorganize JavaScriptCore headers into:
+        API: include/JavaScriptCore/
+        Private: include/private/JavaScriptCore/
+
+        Reviewed by Darin Adler.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Change JSCell's superclass to NoncopyableCustomAllocated
+        https://bugs.webkit.org/show_bug.cgi?id=27248
+
+        JSCell class customizes operator new, since Noncopyable will be 
+        inherited from FastAllocBase, NoncopyableCustomAllocated has 
+        to be used.
+
+        * runtime/JSCell.h:
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Change all Noncopyable inheriting visibility to public.
+        https://bugs.webkit.org/show_bug.cgi?id=27225
+
+        Change all Noncopyable inheriting visibility to public because
+        it is needed to the custom allocation framework (bug #20422).
+
+        * bytecode/SamplingTool.h:
+        * bytecompiler/RegisterID.h:
+        * interpreter/CachedCall.h:
+        * interpreter/RegisterFile.h:
+        * parser/Lexer.h:
+        * parser/Parser.h:
+        * runtime/ArgList.h:
+        * runtime/BatchedTransitionOptimizer.h:
+        * runtime/Collector.h:
+        * runtime/CommonIdentifiers.h:
+        * runtime/JSCell.h:
+        * runtime/JSGlobalObject.h:
+        * runtime/JSLock.h:
+        * runtime/JSONObject.cpp:
+        * runtime/SmallStrings.cpp:
+        * runtime/SmallStrings.h:
+        * wtf/CrossThreadRefCounted.h:
+        * wtf/GOwnPtr.h:
+        * wtf/Locker.h:
+        * wtf/MessageQueue.h:
+        * wtf/OwnArrayPtr.h:
+        * wtf/OwnFastMallocPtr.h:
+        * wtf/OwnPtr.h:
+        * wtf/RefCounted.h:
+        * wtf/ThreadSpecific.h:
+        * wtf/Threading.h:
+        * wtf/Vector.h:
+        * wtf/unicode/Collator.h:
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Change ParserArenaRefCounted's superclass to RefCountedCustomAllocated
+        https://bugs.webkit.org/show_bug.cgi?id=27249
+
+        ParserArenaDeletable customizes operator new, to avoid double inheritance
+        ParserArenaDeletable's superclass has been changed to RefCountedCustomAllocated.
+
+        * parser/Nodes.h:
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Add RefCountedCustomAllocated to RefCounted.h
+        https://bugs.webkit.org/show_bug.cgi?id=27232
+
+        Some class which are inherited from RefCounted customize
+        operator new, but RefCounted is inherited from Noncopyable
+        which will be inherited from FastAllocBase. To avoid
+        conflicts Noncopyable inheriting was moved down to RefCounted
+        and to avoid double inheritance this class has been added.
+
+        * wtf/RefCounted.h:
+        (WTF::RefCountedCustomAllocated::deref):
+        (WTF::RefCountedCustomAllocated::~RefCountedCustomAllocated):
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Add NoncopyableCustomAllocated to Noncopyable.h.
+        https://bugs.webkit.org/show_bug.cgi?id=27228
+        
+        Some classes which inherited from Noncopyable overrides operator new
+        since Noncopyable'll be inherited from FastAllocBase, Noncopyable.h 
+        needs to be extended with this new class to support the overriding. 
+
+        * wtf/Noncopyable.h:
+        (WTFNoncopyable::NoncopyableCustomAllocated::NoncopyableCustomAllocated):
+        (WTFNoncopyable::NoncopyableCustomAllocated::~NoncopyableCustomAllocated):
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's IdentifierTable class
+        https://bugs.webkit.org/show_bug.cgi?id=27260
+
+        Inherits IdentifierTable class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/Identifier.cpp:70.
+
+        * runtime/Identifier.cpp:
+
+2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Allow custom memory allocation control for JavaScriptCore's Profiler class
+        https://bugs.webkit.org/show_bug.cgi?id=27253
+
+        Inherits Profiler class from FastAllocBase because it has been instantiated by
+        'new' in JavaScriptCore/profiler/Profiler.cpp:56.
+
+        * profiler/Profiler.h:
+
+2009-07-06  George Staikos  <george.staikos@torchmobile.com>
+
+        Reviewed by Adam Treat.
+
+        Authors: George Staikos <george.staikos@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>, Makoto Matsumoto <matumoto@math.keio.ac.jp>, Takuji Nishimura
+
+        https://bugs.webkit.org/show_bug.cgi?id=27030
+        Implement custom RNG for WinCE using Mersenne Twister
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+        * wtf/RandomNumberSeed.h:
+        (WTF::initializeRandomNumberGenerator):
+        * wtf/wince/mt19937ar.c: Added.
+        (init_genrand):
+        (init_by_array):
+        (genrand_int32):
+        (genrand_int31):
+        (genrand_real1):
+        (genrand_real2):
+        (genrand_real3):
+        (genrand_res53):
+
+2009-07-13  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Unreviewed make dist build fix.
+
+        * GNUmakefile.am:
+
+2009-07-13  Drew Wilson  <atwilson@google.com>
+
+        Reviewed by David Levin.
+
+        Add ENABLE(SHARED_WORKERS) flag and define SharedWorker APIs
+        https://bugs.webkit.org/show_bug.cgi?id=26932
+
+        Added ENABLE(SHARED_WORKERS) flag (off by default).
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-07-07  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Maciej Stachoviak.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27058
+
+        Removed superfluous parenthesis around single expression.
+        Compilers on Symbian platform fail to properly parse and compile.
+
+        * JavaScriptCore/wtf/Platform.h:
+
+2009-07-13  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Maciej Stachoviak.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27054
+
+        Renamed Translator to HashTranslator
+
+        Codewarrior compiler (WINSCW) latest b482 cannot resolve typename
+        mismatch between template declaration and definition
+        (HashTranslator / Translator)
+
+        * wtf/HashSet.h:
+
+2009-07-13  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27053
+
+        Ambiguity in LabelScope initialization
+
+        Codewarrior compiler (WINSCW) latest b482 on Symbian cannot resolve
+        type of "0" unambiguously. Set expression explicitly to
+        PassRefPtr<Label>::PassRefPtr()
+
+        * bytecompiler/BytecodeGenerator.cpp
+
+2009-07-11  Simon Fraser  <simon.fraser@apple.com>
+
+        Enable support for accelerated compositing and 3d transforms on Leopard.
+        <https://bugs.webkit.org/show_bug.cgi?id=20166>
+        <rdar://problem/6120614>
+
+        Reviewed by Oliver Hunt.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * wtf/Platform.h:
+
+2009-07-10  Mark Rowe  <mrowe@apple.com>
+
+        Second part of the "make Windows happier" dance.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-10  Mark Rowe  <mrowe@apple.com>
+
+        Try and make the Windows build happy.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-07-10  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        * debugger/Debugger.h: Made this function virtual for use in WebCore's
+        WebInspector.
+
+2009-07-10  Kwang Yul Seo  <skyul@company100.net>
+
+        Reviewed by Darin Adler.
+
+        ParserArenaDeletable should override delete
+        https://bugs.webkit.org/show_bug.cgi?id=26790
+
+        ParserArenaDeletable overrides new, but it does not override delete.
+        ParserArenaDeletable must be freed by fastFree
+        because it is allocated by fastMalloc.
+
+        * parser/NodeConstructors.h:
+        (JSC::ParserArenaDeletable::operator delete):
+        * parser/Nodes.h:
+
+2009-07-10  Adam Roben  <aroben@apple.com>
+
+        Sort all our Xcode projects
+
+        Accomplished using sort-Xcode-project-file.
+
+        Requested by Dave Kilzer.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, build fix.
+
+        Windows build fix for the last change.
+
+        * wtf/dtoa.cpp: Forgot to include Vector.h
+
+2009-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin Adler.
+
+        REGRESSION: crash in edge cases of floating point parsing.
+        https://bugs.webkit.org/show_bug.cgi?id=27110
+        <rdar://problem/7044458>
+        
+        Tests: fast/css/number-parsing-crash.html
+               fast/css/number-parsing-crash.html
+               fast/js/number-parsing-crash.html
+        
+        * wtf/dtoa.cpp:
+        (WTF::BigInt::BigInt): Converted this to more a proper class, using a Vector
+        with inline capacity
+
+        (WTF::lshift): Rearranged logic somewhat nontrivially to deal with the new way of sizing BigInts.
+        Added an assertion to verify that invariants are maintained.
+
+        All other functions are adapted fairly mechanically to the above changes.
+        (WTF::BigInt::clear):
+        (WTF::BigInt::size):
+        (WTF::BigInt::resize):
+        (WTF::BigInt::words):
+        (WTF::BigInt::append):
+        (WTF::multadd):
+        (WTF::s2b):
+        (WTF::i2b):
+        (WTF::mult):
+        (WTF::cmp):
+        (WTF::diff):
+        (WTF::b2d):
+        (WTF::d2b):
+        (WTF::ratio):
+        (WTF::strtod):
+        (WTF::quorem):
+        (WTF::dtoa):
+
+2009-07-09  Drew Wilson  <atwilson@google.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Turned on CHANNEL_MESSAGING by default because the MessageChannel API
+        can now be implemented for Web Workers and is reasonably stable.
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-07-09  Oliver Hunt  <oliver@apple.com>
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-07-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 27016 - Interpreter crashes due to invalid array indexes
+        <https://bugs.webkit.org/show_bug.cgi?id=27016>
+
+        Unsigned vs signed conversions results in incorrect behaviour in
+        64bit interpreter builds.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-07-09  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Darin Fisher.
+
+        [Chromium] Upstream JavaScriptCore.gypi, the project file for Chromium build.
+        https://bugs.webkit.org/show_bug.cgi?id=27135
+
+        * JavaScriptCore.gypi: Added.
+
+2009-07-09  Joe Mason  <joe.mason@torchmobile.com>
+
+        Reviewed by George Staikos.
+        
+        Authors: Yong Li <yong.li@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=27031
+        Add an override for deleteOwnedPtr(HDC) on Windows
+        
+        * wtf/OwnPtrCommon.h:
+        * wtf/OwnPtrWin.cpp:
+        (WTF::deleteOwnedPtr):
+
+2009-07-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Guard singal.h dependency with HAVE(SIGNAL_H) to enable building jsc
+        on SYMBIAN.
+
+        https://bugs.webkit.org/show_bug.cgi?id=27026
+
+        Based on Norbert Leser's work.
+
+        * jsc.cpp:
+        (printUsageStatement):
+        (parseArguments):
+        * wtf/Platform.h:
+
+2009-07-07  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Stop loading constants into the register file.
+
+        Instead, use high register values (highest bit bar the sign bit set) to indicate
+        constants in the instruction stream, and when we encounter such a value load it
+        directly from the CodeBlock.
+
+        Since constants are no longer copied into the register file, this patch renders
+        the 'unexpected constant' mechanism redundant, and removes it.
+
+        2% improvement, thanks to Sam Weinig.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::mark):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::isTemporaryRegisterIndex):
+        (JSC::CodeBlock::constantRegister):
+        (JSC::CodeBlock::isConstantRegisterIndex):
+        (JSC::CodeBlock::getConstant):
+        (JSC::ExecState::r):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::preserveLastVar):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::addConstantValue):
+        (JSC::BytecodeGenerator::emitEqualityOp):
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitResolveBase):
+        (JSC::BytecodeGenerator::emitResolveWithBase):
+        (JSC::BytecodeGenerator::emitNewError):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::emitNode):
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::noCaller):
+        (JSC::ExecState::hasHostCallFrameFlag):
+        (JSC::ExecState::addHostCallFrameFlag):
+        (JSC::ExecState::removeHostCallFrameFlag):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolve):
+        (JSC::Interpreter::resolveSkip):
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::resolveBaseAndProperty):
+        (JSC::Interpreter::resolveBaseAndFunc):
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitLoadDouble):
+        (JSC::JIT::emitLoadInt32ToDouble):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_new_error):
+        (JSC::JIT::emit_op_enter):
+        (JSC::JIT::emit_op_enter_with_activation):
+        * parser/Nodes.cpp:
+        (JSC::DeleteResolveNode::emitBytecode):
+        (JSC::DeleteValueNode::emitBytecode):
+        (JSC::PrefixResolveNode::emitBytecode):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        * wtf/Platform.h:
+
+2009-07-07  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix <https://bugs.webkit.org/show_bug.cgi?id=27025> / <rdar://problem/7033448>.
+        Bug 27025: Crashes and regression test failures related to regexps in 64-bit
+
+        For x86_64 RegexGenerator uses rbx, a callee-save register, as a scratch register but
+        neglects to save and restore it.  The change in handling of the output vector in r45545
+        altered code generation so that the RegExp::match was now storing important data in rbx,
+        which caused crashes and bogus results when it was clobbered.
+
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateEnter): Save rbx.
+        (JSC::Yarr::RegexGenerator::generateReturn): Restore rbx.
+
+2009-07-06  Ada Chan  <adachan@apple.com>
+
+        Reviewed by Darin Adler and Mark Rowe.
+
+        Decommitted spans are added to the list of normal spans rather than 
+        the returned spans in TCMalloc_PageHeap::Delete().
+        https://bugs.webkit.org/show_bug.cgi?id=26998
+        
+        In TCMalloc_PageHeap::Delete(), the deleted span can be decommitted in 
+        the process of merging with neighboring spans that are also decommitted.  
+        The merged span needs to be placed in the list of returned spans (spans 
+        whose memory has been returned to the system).  Right now it's always added 
+        to the list of the normal spans which can theoretically cause thrashing.  
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::Delete):
+
+2009-07-05  Lars Knoll  <lars.knoll@nokia.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26843
+
+        Fix run-time crashes in JavaScriptCore with the Metrowerks compiler on Symbian.
+
+        The Metrowerks compiler on the Symbian platform moves the globally
+        defined Hashtables into read-only memory, despite one of the members
+        being mutable. This causes crashes at run-time due to write access to
+        read-only memory.
+
+        Avoid the use of const with this compiler by introducing the
+        JSC_CONST_HASHTABLE macro.
+
+        Based on idea by Norbert Leser.
+
+        * runtime/Lookup.h: Define JSC_CONST_HASHTABLE as const for !WINSCW.
+        * create_hash_table: Use JSC_CONST_HASHTABLE for hashtables.
+        * runtime/JSGlobalData.cpp: Import various global hashtables via the macro.
+
+2009-07-04  Dan Bernstein  <mitz@apple.com>
+
+        - debug build fix
+
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::getLastParen):
+
+2009-07-03  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by Maciej Stachowiak (and revised slightly)
+
+        RegExp::match to be optimized
+        https://bugs.webkit.org/show_bug.cgi?id=26957
+
+        Allow regexp matching to use Vectors with inline capacity instead of
+        allocating a new ovector buffer every time.
+        
+        ~5% speedup on SunSpider string-unpack-code test, 0.3% on SunSpider overall.
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::match):
+        * runtime/RegExp.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructorPrivate::RegExpConstructorPrivate):
+        (JSC::RegExpConstructorPrivate::lastOvector):
+        (JSC::RegExpConstructorPrivate::tempOvector):
+        (JSC::RegExpConstructorPrivate::changeLastOvector):
+        (JSC::RegExpConstructor::performMatch):
+        (JSC::RegExpMatchesArray::RegExpMatchesArray):
+        (JSC::RegExpMatchesArray::fillArrayInstance):
+        (JSC::RegExpConstructor::getBackref):
+        (JSC::RegExpConstructor::getLastParen):
+        (JSC::RegExpConstructor::getLeftContext):
+        (JSC::RegExpConstructor::getRightContext):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncSplit):
+
+2009-06-30  Kwang Yul Seo  <skyul@company100.net>
+
+        Reviewed by Eric Seidel.
+
+        Override operator new/delete with const std::nothrow_t& as the second
+        argument.
+        https://bugs.webkit.org/show_bug.cgi?id=26792
+
+        On Windows CE, operator new/delete, new[]/delete[] with const
+        std::nothrow_t& must be overrided because some standard template
+        libraries use these operators.
+
+        The problem occurs when memory allocated by new(size_t s, const
+        std::nothrow_t&) is freed by delete(void* p). This causes the umatched
+        malloc/free problem.
+
+        The patch overrides all new, delete, new[] and delete[] to use
+        fastMaloc and fastFree consistently.
+
+        * wtf/FastMalloc.h:
+        (throw):
+
+2009-06-30  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Sam Weinig.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=24986>
+
+        Remove unnecessary references to AssemblerBuffer.
+
+        * interpreter/Interpreter.cpp:
+        * interpreter/Interpreter.h:
+
+2009-06-29  David Levin  <levin@chromium.org>
+
+        Reviewed by Oliver Hunt.
+
+        Still seeing occasional leaks from UString::sharedBuffer code
+        https://bugs.webkit.org/show_bug.cgi?id=26420
+
+        The problem is that the pointer to the memory allocation isn't visible
+        by "leaks" due to the lower bits being used as flags.  The fix is to
+        make the pointer visible in memory (in debug only). The downside of
+        this fix that the memory allocated by sharedBuffer will still look like
+        a leak in non-debug builds when any flags are set.
+
+        * wtf/PtrAndFlags.h:
+        (WTF::PtrAndFlags::set):
+
+2009-06-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Remove more unused scons support.
+
+        * SConstruct: Removed.
+
+2009-06-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/7016214> JSON.parse fails to parse valid JSON with most Unicode characters
+        <https://bugs.webkit.org/show_bug.cgi?id=26802>
+
+        In the original JSON.parse patch unicode was handled correctly, however in some last
+        minute "clean up" I oversimplified isSafeStringCharacter.  This patch corrects this bug.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::isSafeStringCharacter):
+        (JSC::LiteralParser::Lexer::lexString):
+
+2009-06-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        <rdar://problem/7009684> REGRESSION(r45039): Crashes inside JSEvent::put on PowerPC (26746)
+        <https://bugs.webkit.org/show_bug.cgi?id=26746>
+
+        Fix for r45039 incorrectly uncached a get_by_id by converting it to put_by_id.  Clearly this
+        is less than correct.  This patch corrects that error.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCacheGetByID):
+
+2009-06-26  Eric Seidel  <eric@webkit.org>
+
+        No review, only rolling out r45259.
+
+        Roll out r45259 after crash appeared on the bots:
+        plugins/undefined-property-crash.html
+        ASSERTION FAILED: s <= HeapConstants<heapType>::cellSize
+        (leopard-intel-debug-tests/build/JavaScriptCore/runtime/Collector.cpp:278
+        void* JSC::Heap::heapAllocate(size_t) [with JSC::HeapType heapType = PrimaryHeap])
+
+        * runtime/DateInstance.cpp:
+        * runtime/Identifier.cpp:
+        * runtime/Lookup.h:
+        * runtime/RegExpConstructor.cpp:
+        * runtime/RegExpObject.h:
+        * runtime/ScopeChain.h:
+        * runtime/UString.h:
+
+2009-06-26  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Add support for QDataStream operators to Vector.
+
+        * wtf/Vector.h:
+        (WTF::operator<<):
+        (WTF::operator>>):
+
+2009-06-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Make the opcode sampler work once again.
+
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdSelfList):
+        (JSC::JIT::compileGetByIdProtoList):
+        (JSC::JIT::compileGetByIdChainList):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdTransition):
+        (JSC::JIT::compileCTIMachineTrampolines):
+        (JSC::JIT::compilePatchGetArrayLength):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::call):
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+
+        Extend FastAllocBase.h with 'using WTF::FastAllocBase' to avoid
+        unnecessary WTF:: usings.
+        Remove existing unnecessary WTF:: usings.
+
+        * interpreter/Interpreter.h:
+        * profiler/CallIdentifier.h:
+        * runtime/ScopeChain.h:
+        * wtf/FastAllocBase.h:
+
+2009-06-24  David Levin  <levin@chromium.org>
+
+        Fix all builds.
+
+        * bytecode/CodeBlock.h:
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Register.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=26677
+
+        Inherits CodeBlock class from FastAllocBase because it
+        has been instantiated by 'new' in JavaScriptCore/bytecode/CodeBlock.h:217.
+
+        * bytecode/CodeBlock.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=26676
+
+        Inherits BytecodeGenerator class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/parser/Nodes.cpp:1892.
+
+        * bytecompiler/BytecodeGenerator.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=26675
+
+        Inherits Register class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/JSVariableObject.h:149.
+
+        * interpreter/Register.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=26674
+
+        Inherits HashMap class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/Structure.cpp:458.
+
+        * wtf/HashMap.h:
+
+2009-06-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/6940519> REGRESSION (Safari 4 Public Beta - TOT): google.com/adplanner shows blank page instead of site details in "basic research'
+
+        The problem was caused by the page returned with a function using a
+        var declaration list containing around ~3000 variables.  The solution
+        to this is to flatten the comma expression representation and make
+        codegen comma expressions and initializer lists iterative rather than
+        recursive.
+
+        * parser/Grammar.y:
+        * parser/NodeConstructors.h:
+        (JSC::CommaNode::CommaNode):
+        * parser/Nodes.cpp:
+        (JSC::CommaNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::isCommaNode):
+        (JSC::CommaNode::isCommaNode):
+        (JSC::CommaNode::append):
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26645
+
+        Inherits ScopeChainNode class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/ScopeChain.h:95.
+
+        * wtf/RefPtr.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26648
+
+        Inherits Deque class from FastAllocBase because it has been
+        instantiated by 'new' with DEFINE_STATIC_LOCAL macro in 
+        JavaScriptCore/wtf/MainThread.cpp:62.
+
+        * wtf/Deque.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26644
+
+        Inherits RefPtr class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/StructureChain.cpp:41.
+
+        * wtf/RefPtr.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Inherits HashSet class from FastAllocBase, because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/Collector.h:116.
+
+        * wtf/HashSet.h:
+
+2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Inherits Vector class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/Structure.cpp:633.
+
+        * wtf/Vector.h:
+
+2009-06-24  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Maciej Stachoviak.
+
+        The BytecodeGenerator objects were instantiated on stack, which takes up ~38kB per instance
+        (each instance includes copy of JSC::CodeBlock with large SymbolTable, etc.).
+        Specifically, since there is nested invocation (e.g., GlobalCode --> FunctionCode),
+        the stack overflows immediately on Symbian hardware (max. 80 kB).
+        Proposed change allocates generator objects on heap.
+        Performance impact (if any) should be negligible and change is proposed as general fix,
+        rather than ifdef'd for SYMBIAN.
+
+        * parser/Nodes.cpp:
+        (JSC::ProgramNode::generateBytecode):
+        (JSC::EvalNode::generateBytecode):
+        (JSC::EvalNode::bytecodeForExceptionInfoReparse):
+        (JSC::FunctionBodyNode::generateBytecode):
+        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
+
+2009-06-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6992806> REGRESSION: Enumeration can skip new properties in cases of prototypes that have more than 64 (26593)
+        <https://bugs.webkit.org/show_bug.cgi?id=26593>
+
+        Do not attempt to cache structure chains if they contain a dictionary at any level.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        * runtime/Structure.cpp:
+        (JSC::Structure::getEnumerablePropertyNames):
+        (JSC::Structure::addPropertyTransition):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::isCacheable):
+        * runtime/StructureChain.h:
+
+2009-06-23  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26654
+        Add the proper export define for the JavaScriptCore API when building for WINCE.
+
+        * API/JSBase.h:
+
+2009-06-23  Joe Mason  <joe.mason@torchmobile.com>
+
+        Reviewed by Adam Treat.
+
+        Authors: Yong Li <yong.li@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=26611
+        Implement currentThreadStackBase on WINCE by adding a global,
+        g_stackBase, which must be set to the address of a local variable
+        by the caller before calling any WebKit function that invokes JSC.
+
+        * runtime/Collector.cpp:
+        (JSC::isPageWritable):
+        (JSC::getStackBase):
+          Starts at the top of the stack and returns the entire range of
+          consecutive writable pages as an estimate of the actual stack.
+          This will be much bigger than the actual stack range, so some
+          dead objects can't be collected, but it guarantees live objects
+          aren't collected prematurely.
+
+        (JSC::currentThreadStackBase):
+          On WinCE, returns g_stackBase if set or call getStackBase as a
+          fallback if not.
+
+2009-06-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix stupid performance problem in the LiteralParser
+
+        The LiteralParser was making a new UString in order to use
+        toDouble, however UString's toDouble allows a much wider range
+        of numberic strings than the LiteralParser accepts, and requires
+        an additional heap allocation or two for the construciton of the
+        UString.  To rectify this we just call WTF::dtoa directly using
+        a stack allocated buffer to hold the validated numeric literal.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::Lexer::lexNumber):
+        (JSC::LiteralParser::parse):
+        * runtime/LiteralParser.h:
+
+2009-06-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 26640: JSON.stringify needs to special case Boolean objects
+        <https://bugs.webkit.org/show_bug.cgi?id=26640>
+
+        Add special case handling of the Boolean object so we match current
+        ES5 errata.
+
+        * runtime/JSONObject.cpp:
+        (JSC::unwrapBoxedPrimitive): renamed from unwrapNumberOrString
+        (JSC::gap):
+        (JSC::Stringifier::appendStringifiedValue):
+
+2009-06-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 26591: Support revivers in JSON.parse
+        <https://bugs.webkit.org/show_bug.cgi?id=26591>
+
+        Add reviver support to JSON.parse.  This completes the JSON object.
+
+        * runtime/JSONObject.cpp:
+        (JSC::Walker::Walker):
+        (JSC::Walker::callReviver):
+        (JSC::Walker::walk):
+        (JSC::JSONProtoFuncParse):
+
+2009-06-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 26592: Support standard toJSON functions
+        <https://bugs.webkit.org/show_bug.cgi?id=26592>
+
+        Add support for the standard Date.toJSON function.
+
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToJSON):
+
+2009-06-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 26594: JSC needs to support Date.toISOString
+        <https://bugs.webkit.org/show_bug.cgi?id=26594>
+
+        Add support for Date.toISOString.
+
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToISOString):
+
+2009-06-21  Oliver Hunt  <oliver@apple.com>
+
+        Remove dead code.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::parse):
+
+2009-06-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler and Cameron Zwarich.
+
+        Bug 26587: Support JSON.parse
+        <https://bugs.webkit.org/show_bug.cgi?id=26587>
+
+        Extend the LiteralParser to support the full strict JSON
+        grammar, fix a few places where the grammar was incorrectly
+        lenient.   Doesn't yet support the JSON.parse reviver function
+        but that does not block the JSON.parse functionality itself.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * runtime/JSONObject.cpp:
+        (JSC::JSONProtoFuncParse):
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::Lexer::lex):
+        (JSC::isSafeStringCharacter):
+        (JSC::LiteralParser::Lexer::lexString):
+        (JSC::LiteralParser::parse):
+        * runtime/LiteralParser.h:
+        (JSC::LiteralParser::LiteralParser):
+        (JSC::LiteralParser::tryJSONParse):
+        (JSC::LiteralParser::):
+        (JSC::LiteralParser::Lexer::Lexer):
+
+2009-06-21  David Levin  <levin@chromium.org>
+
+        Reviewed by NOBODY (speculative build fix for windows).
+
+        Simply removed some whitespace form this file to make windows build wtf and
+        hopefully copy the new MessageQueque.h so that WebCore picks it up.
+
+        * wtf/Assertions.cpp:
+
+2009-06-21  Drew Wilson  <atwilson@google.com>
+
+        Reviewed by David Levin.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=25043>
+        Added support for multi-threaded MessagePorts.
+
+        * wtf/MessageQueue.h:
+        (WTF::::appendAndCheckEmpty):
+            Added API to test whether the queue was empty before adding an element.
+  
+2009-06-20  David D. Kilzer  <ddkilzer@webkit.org>
+
+        Fix namespace comment in SegmentedVector.h
+
+        * wtf/SegmentedVector.h: Updated namespace comment to reflect
+        new namespace after r44897.
+
+2009-06-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Bug 24986: ARM JIT port
+        <https://bugs.webkit.org/show_bug.cgi?id=24986>
+
+        Reviewed by Oliver Hunt.
+
+        An Iterator added for SegmentedVector. Currently
+        only the pre ++ operator is supported.
+
+        * wtf/SegmentedVector.h:
+        (WTF::SegmentedVectorIterator::~SegmentedVectorIterator):
+        (WTF::SegmentedVectorIterator::operator*):
+        (WTF::SegmentedVectorIterator::operator->):
+        (WTF::SegmentedVectorIterator::operator++):
+        (WTF::SegmentedVectorIterator::operator==):
+        (WTF::SegmentedVectorIterator::operator!=):
+        (WTF::SegmentedVectorIterator::operator=):
+        (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
+        (WTF::SegmentedVector::alloc):
+        (WTF::SegmentedVector::begin):
+        (WTF::SegmentedVector::end):
+
+2009-06-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
+
+        Bug 24986: ARM JIT port
+        <https://bugs.webkit.org/show_bug.cgi?id=24986>
+
+        Reviewed by Oliver Hunt.
+
+        Move SegmentedVector to /wtf subdirectory
+        and change "namespace JSC" to "namespace WTF"
+
+        Additional build file updates by David Kilzer.
+
+        * GNUmakefile.am: Updated path to SegmentedVector.h.
+        * JavaScriptCore.order: Updated SegmentedVector namespace from
+        JSC to WTF in mangled C++ method name.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Removed reference to bytecompiler\SegmentedVector.h.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added reference to
+        wtf\SegmentedVector.h.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Moved
+        SegmentedVector.h definition from bytecompiler subdirectory to
+        wtf subdirectory.
+        * bytecompiler/BytecodeGenerator.h: Updated #include path to
+        SegmentedVector.h and prepended WTF:: namespace to its use.
+        * parser/Lexer.h: Ditto.
+        * wtf/SegmentedVector.h: Renamed from JavaScriptCore/bytecompiler/SegmentedVector.h.
+        (WTF::SegmentedVector::SegmentedVector):
+        (WTF::SegmentedVector::~SegmentedVector):
+        (WTF::SegmentedVector::size):
+        (WTF::SegmentedVector::at):
+        (WTF::SegmentedVector::operator[]):
+        (WTF::SegmentedVector::last):
+        (WTF::SegmentedVector::append):
+        (WTF::SegmentedVector::removeLast):
+        (WTF::SegmentedVector::grow):
+        (WTF::SegmentedVector::clear):
+        (WTF::SegmentedVector::deleteAllSegments):
+        (WTF::SegmentedVector::segmentExistsFor):
+        (WTF::SegmentedVector::segmentFor):
+        (WTF::SegmentedVector::subscriptFor):
+        (WTF::SegmentedVector::ensureSegmentsFor):
+        (WTF::SegmentedVector::ensureSegment):
+
+2009-06-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY (build fix take 2 - rename FIELD_OFFSET to something that doesn't conflict with winnt.h).
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::emitGetVariableObjectRegister):
+        (JSC::JIT::emitPutVariableObjectRegister):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::checkStructure):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_instanceof):
+        (JSC::JIT::emit_op_get_scoped_var):
+        (JSC::JIT::emit_op_put_scoped_var):
+        (JSC::JIT::emit_op_construct_verify):
+        (JSC::JIT::emit_op_resolve_global):
+        (JSC::JIT::emit_op_jeq_null):
+        (JSC::JIT::emit_op_jneq_null):
+        (JSC::JIT::emit_op_to_jsnumber):
+        (JSC::JIT::emit_op_catch):
+        (JSC::JIT::emit_op_eq_null):
+        (JSC::JIT::emit_op_neq_null):
+        (JSC::JIT::emit_op_convert_this):
+        (JSC::JIT::emit_op_profile_will_call):
+        (JSC::JIT::emit_op_profile_did_call):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emit_op_put_by_val):
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::compilePutDirectOffset):
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+
+2009-06-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY (Windows build fix).
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+
+2009-06-19  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Gavin Barraclough.
+
+        Reorganize ARM architecture specific macros.
+        Use PLATFORM_ARM_ARCH(7) instead of PLATFORM(ARM_V7).
+
+        Bug 24986: ARM JIT port
+        <https://bugs.webkit.org/show_bug.cgi?id=24986>
+
+        * assembler/ARMv7Assembler.h:
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::Imm32::Imm32):
+        * assembler/MacroAssembler.h:
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::cacheFlush):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * jit/JITStubs.cpp:
+        * jit/JITStubs.h:
+        * wtf/Platform.h:
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateEnter):
+        (JSC::Yarr::RegexGenerator::generateReturn):
+
+2009-06-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix armv7 JIT build issues.
+
+        Unfortunate the arm compiler does not like the use of offsetof on JITStackFrame (since it now contains non POD types),
+        and the FIELD_OFFSET macro does not appear constantish enough for it to be happy with its use in COMPILE_ASSERT macros.
+
+        * Replace offsetofs with FIELD_OFFSETs (safe on C++ objects).
+        * Move COMPILE_ASSERTs defending layout of JITStackFrame structure on armv7 into JITThunks constructor.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_catch):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+
+2009-06-19  Adam Treat  <adam.treat@torchmobile.com>
+
+        Blind attempt at build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-19  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Inherits CallIdentifier struct from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/profiler/CallIdentifier.h:86.
+
+        * wtf/HashCountedSet.h:
+
+2009-06-19  Adam Treat  <adam.treat@torchmobile.com>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26540
+        Modify the test shell to add a new function 'checkSyntax' that will
+        only parse the source instead of executing it. In this way we can test
+        pure parsing performance against some of the larger scripts in the wild.
+
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        (functionCheckSyntax):
+
+2009-06-19  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+        
+        Inherits HashCountedSet class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/Collector.cpp:1095.
+
+        * wtf/HashCountedSet.h:
+
+2009-06-19  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26558
+        Declare these symbols extern for WINCE as they are provided by libce.
+
+        * runtime/DateConstructor.cpp:
+        * runtime/DatePrototype.cpp:
+        (JSC::formatLocaleDate):
+
+2009-06-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        <rdar://problem/6988973> ScopeChain leak in interpreter builds
+
+        Move the Scopechain destruction code in JSFunction outside of the ENABLE(JIT)
+        path.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+        * wtf/Platform.h:
+
+2009-06-19  Yong Li  <yong.li@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26543
+        Windows CE uses 'GetLastError' instead of 'errno.'
+
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        (JSC::RegisterFile::grow):
+
+2009-06-19  David Levin  <levin@chromium.org>
+
+        Reviewed by NOBODY (Windows build fix).
+
+        Add export for Windows corresponding to OSX export done in r44844.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin "Viceroy of Venezuela" Barraclough.
+
+        Bug 26532: Native functions do not correctly unlink from optimised callsites when they're collected
+        <https://bugs.webkit.org/show_bug.cgi?id=26532> <rdar://problem/6625385>
+
+        We need to make sure that each native function instance correctly unlinks any references to it
+        when it is collected.  Allowing this to happen required a few changes:
+            * Every native function needs a codeblock to track the link information
+            * To have this codeblock, every function now also needs its own functionbodynode
+              so we no longer get to have a single shared instance.
+            * Identifying a host function is now done by looking for CodeBlock::codeType() == NativeCode
+
+        * JavaScriptCore.exp:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+           Constructor for NativeCode CodeBlock
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::handlerForBytecodeOffset):
+        (JSC::CodeBlock::lineNumberForBytecodeOffset):
+        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
+        (JSC::CodeBlock::functionRegisterForBytecodeOffset):
+        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
+        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
+        (JSC::CodeBlock::setJITCode):
+           Add assertions to ensure we don't try and use NativeCode CodeBlocks as
+           a normal codeblock.
+
+        * bytecode/CodeBlock.h:
+        (JSC::):
+        (JSC::CodeBlock::source):
+        (JSC::CodeBlock::sourceOffset):
+        (JSC::CodeBlock::evalCodeCache):
+        (JSC::CodeBlock::createRareDataIfNecessary):
+          More assertions.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::linkCall):
+          Update logic to allow native function caching
+
+        * jit/JITStubs.cpp:
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::createNativeThunk):
+        (JSC::FunctionBodyNode::isHostFunction):
+        * parser/Nodes.h:
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::~JSFunction):
+        (JSC::JSFunction::mark):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData):
+        * runtime/JSGlobalData.h:
+
+2009-06-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY (Windows build fix).
+
+        * wtf/DateMath.cpp:
+        (WTF::calculateUTCOffset):
+
+2009-06-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Timezone calculation incorrect in Venezuela.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26531
+        <rdar://problem/6646169> Time is incorrectly reported to JavaScript in both Safari 3 and Firefox 3
+
+        The problem is that we're calculating the timezone relative to 01/01/2000,
+        but the VET timezone changed from -4 hours to -4:30 hours on 12/09/2007.
+        According to the spec, section 15.9.1.9 states "the time since the beginning
+        of the year", presumably meaning the *current* year.  Change the calculation
+        to be based on whatever the current year is, rather than a canned date.
+
+        No performance impact.
+
+        * wtf/DateMath.cpp:
+        (WTF::calculateUTCOffset):
+
+2009-06-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Mark Rowe (originally reviewed by Sam Weinig).
+
+        (Reintroducing patch added in r44492, and reverted in r44796.)
+
+        Change the implementation of op_throw so the stub function always modifies its
+        return address - if it doesn't find a 'catch' it will switch to a trampoline
+        to force a return from JIT execution.  This saves memory, by avoiding the need
+        for a unique return for every op_throw.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw):
+            JITStubs::cti_op_throw now always changes its return address,
+            remove return code generated after the stub call (this is now
+            handled by ctiOpThrowNotCaught).
+        * jit/JITStubs.cpp:
+        (JSC::):
+            Add ctiOpThrowNotCaught definitions.
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+            Change cti_op_throw to always change its return address.
+        * jit/JITStubs.h:
+            Add ctiOpThrowNotCaught declaration.
+
+2009-06-18  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6940880> REGRESSION: Breakpoints don't break in 64-bit
+
+        - Exposed functions now needed by WebCore.
+
+        * JavaScriptCore.exp:
+
+2009-06-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 26429: Make JSON.stringify non-recursive so it can handle objects
+        of arbitrary complexity
+        https://bugs.webkit.org/show_bug.cgi?id=26429
+
+        For marking I decided not to use gcProtect, because this is inside the engine
+        so it's easy enough to just do marking. And that darned gcProtect does locking!
+        Oliver tried to convince me to used MarkedArgumentBuffer, but the constructor
+        for that class says "FIXME: Remove all clients of this API, then remove this API."
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect): Add a call to JSONObject::markStringifiers.
+
+        * runtime/CommonIdentifiers.cpp:
+        (JSC::CommonIdentifiers::CommonIdentifiers): Added emptyIdentifier.
+        * runtime/CommonIdentifiers.h: Ditto.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Initialize firstStringifierToMark to 0.
+        * runtime/JSGlobalData.h: Added firstStringifierToMark.
+
+        * runtime/JSONObject.cpp: Cut down the includes to the needed ones only.
+        (JSC::unwrapNumberOrString): Added. Helper for unwrapping number and string
+        objects to get their number and string values.
+        (JSC::ReplacerPropertyName::ReplacerPropertyName): Added. The class is used
+        to wrap an identifier or integer so we don't have to do any work unless we
+        actually call a replacer.
+        (JSC::ReplacerPropertyName::value): Added.
+        (JSC::gap): Added. Helper function for the Stringifier constructor.
+        (JSC::PropertyNameForFunctionCall::PropertyNameForFunctionCall): Added.
+        The class is used to wrap an identifier or integer so we don't have to
+        allocate a number or string until we actually call toJSON or a replacer.
+        (JSC::PropertyNameForFunctionCall::asJSValue): Added.
+        (JSC::Stringifier::Stringifier): Updated and moved out of the class
+        definition. Added code to hook this into a singly linked list for marking.
+        (JSC::Stringifier::~Stringifier): Remove from the singly linked list.
+        (JSC::Stringifier::mark): Mark all the objects in the holder stacks.
+        (JSC::Stringifier::stringify): Updated.
+        (JSC::Stringifier::appendQuotedString): Tweaked and streamlined a bit.
+        (JSC::Stringifier::toJSON): Renamed from toJSONValue.
+        (JSC::Stringifier::appendStringifiedValue): Renamed from stringify.
+        Added code to use the m_holderStack to do non-recursive stringify of
+        objects and arrays. This code also uses the timeout checker since in
+        pathological cases it could be slow even without calling into the
+        JavaScript virtual machine.
+        (JSC::Stringifier::willIndent): Added.
+        (JSC::Stringifier::indent): Added.
+        (JSC::Stringifier::unindent): Added.
+        (JSC::Stringifier::startNewLine): Added.
+        (JSC::Stringifier::Holder::Holder): Added.
+        (JSC::Stringifier::Holder::appendNextProperty): Added. This is the
+        function that handles the format of arrays and objects.
+        (JSC::JSONObject::getOwnPropertySlot): Moved this down to the bottom
+        of the file so the JSONObject class is not interleaved with the
+        Stringifier class.
+        (JSC::JSONObject::markStringifiers): Added. Calls mark.
+        (JSC::JSONProtoFuncStringify): Streamlined the code here. The code
+        to compute the gap string is now a separate function.
+
+        * runtime/JSONObject.h: Made everything private. Added markStringifiers.
+
+2009-06-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6974140> REGRESSION(r43849): Crash in cti_op_call_NotJSFunction when getting directions on maps.google.com
+
+        Roll out r43849 as it appears that we cannot rely on the address of
+        an objects property storage being constant even if the structure is
+        unchanged.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2009-06-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Mark Rowe.
+
+        Fully revert r44492 & r44748 while we fix a bug they cause on internal builds <rdar://problem/6955963>.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+
+2009-06-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6947426> sunspider math-cordic.js exhibits different intermediate results running 32-bit vs. 64-bit
+
+        On 64-bit, NaN-encoded values must be detagged before they can be used in rshift.
+
+        No performance impact.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_rshift):
+
+2009-06-17  Adam Treat  <adam.treat@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23155
+        Move WIN_CE -> WINCE as previously discussed with Qt WINCE folks.
+
+        * jsc.cpp:
+        (main):
+
+2009-06-17  George Staikos  <george.staikos@torchmobile.com>
+
+        Reviewed by Adam Treat.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23155
+        Move WIN_CE -> WINCE as previously discussed with Qt WINCE folks.
+
+        * config.h:
+        * jsc.cpp:
+        * wtf/Assertions.cpp:
+        * wtf/Assertions.h:
+        * wtf/CurrentTime.cpp:
+        (WTF::lowResUTCTime):
+        * wtf/DateMath.cpp:
+        (WTF::getLocalTime):
+        * wtf/MathExtras.h:
+        * wtf/Platform.h:
+        * wtf/StringExtras.h:
+        * wtf/Threading.h:
+        * wtf/win/MainThreadWin.cpp:
+
+2009-06-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6974175> ASSERT in JITStubs.cpp at appsaccess.apple.com
+
+        Remove PropertySlot::putValue - PropertySlots should only be used for getting,
+        not putting.  Rename JSGlobalObject::getOwnPropertySlot to hasOwnPropertyForWrite,
+        which is what it really was being used to ask, and remove some other getOwnPropertySlot
+        & getOwnPropertySlotForWrite methods, which were unused and likely to lead to confusion.
+
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
+        * runtime/JSObject.h:
+        * runtime/JSStaticScopeObject.cpp:
+        * runtime/JSStaticScopeObject.h:
+        * runtime/PropertySlot.h:
+
+2009-06-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver hunt.
+
+        Temporarily partially disable r44492, since this is causing some problems on internal builds.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+
+2009-06-16  Sam Weinig  <sam@webkit.org>
+
+        Fix windows build.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+
+2009-06-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Initialize m_bytecodeIndex to -1 in JIT, and correctly initialize
+        it for each type of stub using the return address to find the correct
+        offset.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdSelfList):
+        (JSC::JIT::compileGetByIdProtoList):
+        (JSC::JIT::compileGetByIdChainList):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdTransition):
+        (JSC::JIT::compileCTIMachineTrampolines):
+        (JSC::JIT::compilePatchGetArrayLength):
+        * jit/JITStubCall.h:
+        (JSC::JITStubCall::call):
+
+== Rolled over to ChangeLog-2009-06-16 ==
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2002-12-03 b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2002-12-03
new file mode 100644
index 000000000..bd6377729
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2002-12-03
@@ -0,0 +1,2271 @@
+2002-12-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Darin Adler
+
+	- fixed Deployment build.
+	
+        * kjs/dtoa.cpp: Work around warnings.
+
+2002-12-03  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3114790 - Gamespot reviews pages badly mis-rendering
+	because floating point numbers format wide
+
+	Reviewed by: David Hyatt
+	
+	* kjs/dtoa.cpp: Imported float <--> string conversion routines
+	from David M. Gay. I changed this to fix warnings and avoid
+	colliding with names of standard library functions.
+        * kjs/dtoa.h: Added a header I made up for dtoa.cpp
+        * kjs/ustring.cpp:
+        (UString::from): Use new double to string routine (kjs_strtod).
+        (UString::toDouble): Use new string to double routine (kjs_dtoa).
+        * JavaScriptCore.pbproj/project.pbxproj: Added new files
+
+2002-11-27  John Sullivan  <sullivan@apple.com>
+
+        * kjs/collector.cpp:
+	removed puts("COLLECT") leftover debugging spam that was
+	buggin' gramps
+
+=== Alexander-34 ===
+
+2002-11-26  Maciej Stachowiak  <mjs@apple.com>
+
+	Change ActivationImp to be allocated via the garbage collector
+	again instead of on the stack. This fixes the following four
+	regressions but sadly it causes a 6% performance hit. It's
+	probably possibly to reduce the hit a bit by being smarter about
+	inlining and the way the marking list variant is implemented, but
+	I'll look into that later.
+
+	- fixed 3111500 - REGRESSION: crash in "KJS::ScopeChain::mark()" on www.posci.com
+	- fixed 3111145 - REGRESSION: reproducible crash in KJS hashtable lookup at time.com
+	- fixed 3110897 - REGRESSION: javascript crasher on http://bmwgallery.tripod.com/
+	- fixed 3109987 - REGRESSION: Reproducible crash in KJS ObjectImp at live365.com
+	
+	Also:
+	
+	- improved DEBUG_COLLECTOR mode a bit by never giving memory back
+	to the system.
+	
+        * kjs/collector.cpp:
+        * kjs/context.h:
+        * kjs/function.cpp:
+        (ActivationImp::ActivationImp):
+        (ActivationImp::mark):
+        (ActivationImp::createArgumentsObject):
+        * kjs/function.h:
+        * kjs/internal.cpp:
+        (ContextImp::ContextImp):
+        (ContextImp::mark):
+        * kjs/list.cpp:
+        * kjs/list.h:
+        * kjs/value.cpp:
+        (Value::Value):
+
+2002-11-26  Darin Adler  <darin@apple.com>
+
+        * kjs/property_map.cpp:
+	(PropertyMap::save): Look at the attributes the same way in the single hash entry
+	case as in the actual hash table case. Change the rule for which attributes to save
+	to "attributes that don't have the ReadOnly, DontEnum, or Function bit set".
+        Also fix bug where saving an empty property map would leave the count set to the old value.
+
+2002-11-26  Richard Williamson   <rjw@apple.com>
+
+        Remove debugging code.  Could be cause of performance regresssion.
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate):
+
+        Restire attributes correctly.
+        * kjs/property_map.cpp:
+
+2002-11-25  Richard Williamson   <rjw@apple.com>
+
+        Use delete[] (not delete) operator to delete array.
+        
+        * kjs/property_map.cpp:
+
+2002-11-25  Richard Williamson   <rjw@apple.com>
+
+        Added debugging info.  Fixed property map save function.
+        
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate):
+        * kjs/property_map.cpp:
+
+2002-11-25  Richard Williamson   <rjw@apple.com>
+
+        Changes for back/forward.  Currently disabled.
+
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+
+2002-11-25  Darin Adler  <darin@apple.com>
+
+        * kjs/property_map.cpp: Rearrange code a little bit and tweak indentation.
+	This might provide a tiny speedup because we don't look at the single entry
+	any more in cases where the _table pointer is non-0.
+
+2002-11-24  Darin Adler  <darin@apple.com>
+
+	- changed ScopeChain to not ref each item in the chain, and use
+        marking instead; gains 1% on JavaScript iBench
+
+        * kjs/context.h: Return chain by reference.
+        * kjs/internal.cpp: (ContextImp::mark): Mark the scope chain.
+        * kjs/interpreter.cpp: (Context::scopeChain): Return chain by reference.
+        * kjs/interpreter.h: Make some Context methods inline.
+        * kjs/nodes.cpp:
+        (ThisNode::evaluate): Get at ContextImp directly.
+        (ResolveNode::evaluateReference): Ditto.
+        (VarDeclNode::evaluate): Ditto.
+        (VarDeclNode::processVarDecls): Ditto.
+        (FuncDeclNode::processFuncDecl): Pass ScopeChain directly to avoid copying.
+        (FuncExprNode::evaluate): Ditto.
+        * kjs/object.cpp: Make scope and setScope inline.
+        * kjs/object.h: Make scope return a chain by reference. Make scope and
+	setScope both be inline. Use a normal ScopeChain instead of NoRefScopeChain
+	since they are now one and the same.
+        * kjs/scope_chain.cpp: Remove all the code to ref and deref objects.
+	Merge NoRefScopeChain in with ScopeChain since they both work this way now.
+        * kjs/scope_chain.h: Remove NoRefScopeChain and simplify the ref counts.
+	Make more functions inline.
+
+2002-11-24  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3098356 - Hard hang on movie search at www.movietickets.com
+	
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): When doing a regexp replacement that
+	results in an empty match, always move on to the next character
+	after doing the replacement. The previous code would hit an
+	infinite loop if an initial empty match was replaced with the
+	empty string.
+
+2002-11-24  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3095446 - Crash on AppleScript page due to very long argument list
+	
+        * kjs/grammar.y: Don't try to construct the argument list in the
+	right order, since that blows out the parser stack.
+	* kjs/nodes.cpp:
+        (ArgumentsNode::ArgumentsNode): Instead reverse the argument list
+	here.
+        * kjs/nodes.h: Make ArgumentsNode a friend of ArgumentListNode.
+        * kjs/grammar.cpp: Updated from grammar.y.
+
+2002-11-23  Maciej Stachowiak  <mjs@apple.com>
+
+	- completed Darin's mostly-fix for 3037795 - Resource use
+	increases when accessing very high index value in array
+
+	The two missing pieces were handling sparse properties when
+	shrinking the array, and when sorting. Thse are now both taken
+	care of.
+	
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::put):
+        (ArrayInstanceImp::deleteProperty):
+        (ArrayInstanceImp::resizeStorage):
+        (ArrayInstanceImp::setLength):
+        (ArrayInstanceImp::sort):
+        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
+        * kjs/identifier.h:
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+        * kjs/reference_list.cpp:
+        (ReferenceList::append):
+        (ReferenceList::length):
+        * kjs/reference_list.h:
+        * kjs/ustring.cpp:
+        (UString::toUInt32):
+        * kjs/ustring.h:
+
+2002-11-23  Maciej Stachowiak  <mjs@apple.com>
+
+	Numerous collector changes for a net gain of 3% on JS ibench:
+
+	- Replaced per-block bitmap with free list.
+	- Increased number of empty blocks kept around to 2.
+	- Doubled block size.
+	- When scanning heap in collector, skip scanning the rest of a
+	block as soon as we see as many live cells as the the number of
+	used cells it had originally.
+
+	Also the following collector changes unrelated to performance:
+
+	- Made constants `const int' instead of `static const int'.
+	- Miscellaneous code cleanup.
+		
+        * kjs/collector.cpp:
+
+	- Added debugging mode enabled by defining DEBUG_GC which asserts
+	when a destroyed ValueImp
+
+        * kjs/internal.cpp:
+        (ContextImp::mark):
+        * kjs/value.cpp:
+        (Value::Value):
+        * kjs/value.h:
+	* kjs/config.h:
+	
+2002-11-22  Darin Adler  <darin@apple.com>
+
+	- replaced List class with a vector rather than a linked list, changed it
+	to use a pool of instances instead of all the nodes allocated off of the
+	heap; gives 10% gain on iBench
+
+        * kjs/list.h: Complete rewrite.
+        * kjs/list.cpp: Ditto.
+
+        * kjs/array_object.cpp: (compareWithCompareFunctionForQSort): Go back to
+	doing a clear and two appends here. Fast with the new list implementation.
+
+        * kjs/collector.h: Remove _COLLECTOR hack and just make rootObjectClasses
+	return a const void *.
+        * kjs/collector.cpp: Remove _COLLECTOR hack, and various other minor tweaks.
+
+2002-11-22  Darin Adler  <darin@apple.com>
+
+	- prepare to reimplement KJS::List; move to its own file, add statistics
+
+        * kjs/function_object.cpp: (FunctionProtoFuncImp::call): Use new copyTail()
+	function rather than copy() and removeFirst().
+
+        * kjs/identifier.cpp: Add statistics, off by default.
+        * kjs/property_map.cpp: Add statistics, off by default.
+
+        * kjs/list.cpp: Added. Moved code here. To be rewritten.
+        * kjs/list.h: Added. Moved interface here. To be rewritten.
+
+        * kjs/types.cpp: Removed.
+        * kjs/types.h: Now just an empty header that includes other headers.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Add new files, rearrange.
+
+2002-11-22  Maciej Stachowiak  <mjs@apple.com>
+
+	- reduce cell size to 56 bytes from 64, now that nearly all
+	objects fit in that size. .5% speed gain and probably some
+	footprint gain.
+	
+        * kjs/collector.cpp: Change CELL_SIZE from 64 to 56.
+
+2002-11-22  Darin Adler  <darin@apple.com>
+
+	- change ScopeChain to be a singly linked list shares tails, gives 11% gain on iBench
+
+        * kjs/context.h:
+        (ContextImp::pushScope): Make inline, use push instead of prepend, and pass imp pointer.
+        (ContextImp::popScope): Make inline, use pop instead of removeFirst.
+        * kjs/function.cpp: (DeclaredFunctionImp::DeclaredFunctionImp): No need to copy.
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): Use push instead of
+	prepend, and pass imp pointer.
+        * kjs/internal.cpp: (ContextImp::ContextImp): Use clear, push instead of prepend,
+	and pass imp pointers.
+        * kjs/nodes.cpp: (ResolveNode::evaluateReference): Use isEmpty, pop, and top instead
+	of ScopeChainIterator.
+        * kjs/object.h: Change _scope to be a NoRefScopeChain.
+        * kjs/object.cpp: No need to initialize _scope any more, since it's not a NoRefScopeChain.
+
+        * kjs/scope_chain.h: Rewrite, different implementation and interface.
+        * kjs/scope_chain.cpp: More of the same.
+
+2002-11-22  Maciej Stachowiak  <mjs@apple.com>
+
+	- a simple change for .4% gain on ibench - instead of unmarking
+	all objects at the start of collection, instead unmark as part of
+	the sweep phase
+	
+        * kjs/collector.cpp:
+        (Collector::collect): Remove separate unmarking pass and instead
+	unmark the objects that don't get collected during the sweep
+	phase.
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+	- stop garbage collecting the ActivationImp objects, gets 3% on iBench
+	- pave the way to separate the argument lists from scope chains
+
+        * kjs/context.h: Added. Moved ContextImp here so it can use things defined
+	in function.h
+
+        * kjs/scope_chain.h: Added. Starting as a copy of List, to be improved.
+        * kjs/scope_chain.cpp: Added. Starting as a copy of List, to be improved.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Rearranged things, added context.h.
+
+        * kjs/function.cpp:
+        (FunctionImp::call): Pass InterpreterImp, not ExecState, to ContextImp.
+        (DeclaredFunctionImp::DeclaredFunctionImp): List -> ScopeChain.
+        (ActivationImp::createArgumentsObject): ArgumentList -> List.
+        (GlobalFuncImp::call): Pass InterpreterImp, not an ExecState, to ContextImp.
+        * kjs/function.h: List -> ScopeChain.
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): List -> ScopeChain.
+        * kjs/internal.cpp:
+        (ContextImp::ContextImp): Set the context in the interpreter.
+        (ContextImp::~ContextImp): Set the context in the interpreter to the caller.
+        (ContextImp::mark): Mark all the activation objects.
+        (InterpreterImp::InterpreterImp): Initialize context to 0.
+        (InterpreterImp::mark): Mark the top context.
+        (InterpreterImp::evaluate): Pass InterpreterImp to ContextImp.
+        * kjs/internal.h: Move ContextImp to its own header. Add setContext to InterpreterImp.
+        * kjs/interpreter.cpp: (Context::scopeChain): List -> ScopeChain.
+        * kjs/interpreter.h: List -> ScopeChain.
+        * kjs/nodes.cpp:
+        (ResolveNode::evaluateReference): List -> ScopeChain.
+        (FuncDeclNode::processFuncDecl): List -> ScopeChain.
+        (FuncExprNode::evaluate): List -> ScopeChain.
+        * kjs/object.cpp: List -> ScopeChain.
+        * kjs/object.h: List -> ScopeChain.
+
+        * kjs/types.h: Remove needsMarking features from List.
+        * kjs/types.cpp: Ditto.
+
+2002-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+	- reduced the size of PropertyMap by storing sizes and such in the
+	dynamically allocated part of the object to reduce the size of
+	ObjectImp - .5% speed improvement on JS iBench.
+	
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+
+2002-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+        * Makefile.am: Pass symroots for this tree to pbxbuild.
+
+=== Alexander-33 ===
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+        * kjs/property_map.cpp: More assertions.
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+        * kjs/property_map.cpp: Turn that consistency check back off.
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+	- someone somewhere must be defining a macro named check, causing a compile failure in WebCore
+
+	Rename check() to checkConsistency().
+
+        * kjs/property_map.h: Rename.
+        * kjs/property_map.cpp: Yes, rename.
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+	- add self-check to property map in hopes of finding the cnet.com bug
+
+        * kjs/property_map.h: Add check() function.
+        * kjs/property_map.cpp: Add the checking, controlled by DO_CONSISTENCY_CHECK.
+
+	 - fixed UChar interface so it's not so slow in debug builds
+
+        * kjs/ustring.h: Nothing in UChar needs to be private.
+
+        * kjs/function.cpp: (GlobalFuncImp::call):
+        * kjs/function_object.cpp: (FunctionObjectImp::construct):
+        * kjs/identifier.cpp:
+        * kjs/lexer.cpp: (Lexer::setCode), (Lexer::shift):
+        * kjs/lookup.cpp: (keysMatch):
+        * kjs/ustring.cpp: (UString::Rep::computeHash), (KJS::compare):
+	Use the "uc" field instead of the "unicode()" inline function.
+
+2002-11-21  Darin Adler  <darin@apple.com>
+
+	- fixed a null-dereference I ran into while trying to reproduce bug 3107351
+
+        * kjs/function.h: Change ActivationImp constructor to take context parameter.
+        * kjs/function.cpp: (ActivationImp::ActivationImp): Take context parameter,
+	not execution state parameter.
+
+        * kjs/internal.cpp: (ContextImp::ContextImp): Initialize activation object
+	from context, not execution state, because the new context is not yet in the
+	execution state.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- added a feature for Richard to use in his back/forward cache
+
+        * kjs/object.h: Added save/restoreProperties.
+        * kjs/property_map.h: Here too.
+        * kjs/property_map.cpp: Here too.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- created argument list objects only on demand for a 7.5% speedup
+
+        * kjs/function.h: Change ActivationImp around.
+        * kjs/function.cpp:
+        (FunctionImp::call): Pass a pointer to the arguments list to avoid ref/unref.
+        (FunctionImp::get): Get the function pointer from the context directly,
+	not the activation object.
+        (ArgumentsImp::ArgumentsImp): Add an overload that takes no arguments.
+        (ActivationImp::ActivationImp): Store a context pointer and an arguments object pointer.
+        (ActivationImp::get): Special case for arguments, create it and return it.
+        (ActivationImp::put): Special case for arguments, can't be set.
+        (ActivationImp::hasProperty): Special case for arguments, return true.
+        (ActivationImp::deleteProperty): Special case for arguments, refuse to delete.
+        (ActivationImp::mark): Mark the arguments object.
+        (ActivationImp::createArgumentsObject): Do the work of actually creating it.
+        (GlobalFuncImp::call): Use stack-based objects for the ContextImp and ExecState.
+
+        * kjs/internal.h: Keep function and arguments pointer in the context.
+        * kjs/internal.cpp:
+        (ContextImp::ContextImp): Don't pass in the func and args when making an ActivationImp.
+        (InterpreterImp::evaluate): Use stack-based objects here.
+
+        * kjs/types.h: Add ArgumentList as a synonym for List, soon to be separate.
+
+2002-11-20  Maciej Stachowiak  <mjs@apple.com>
+
+	Reduced the size of ValueImp by 8 bytes for a .5% speedup.
+	
+        * kjs/value.h: Removed destructed flag. Made refcount and flag 16
+	bits each.
+        * kjs/value.cpp:
+        (ValueImp::~ValueImp): Don't set destructed flag.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+        * kjs/types.cpp: Keep ref count for the whole lists of nodes.
+	Doesn't speed things up much, less than 1%.
+
+2002-11-20  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/collector.cpp:
+        (Collector::allocate): Clear the flags on newly allocated objects.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- oops, checked in big regression instead of 5% speedup
+
+        * kjs/function.cpp: (ActivationImp::ActivationImp): Make a marking
+	list, not a refing list.
+
+	- a cut at the sparse array implementation
+
+        * kjs/array_instance.h: Keep storageLength separate from length.
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp): Start with storageLength == length.
+        (ArrayInstanceImp::get): Check against storage length.
+        (ArrayInstanceImp::put): Ditto.
+        (ArrayInstanceImp::hasProperty): Ditto.
+        (ArrayInstanceImp::deleteProperty): Ditto.
+        (ArrayInstanceImp::setLength): Only enlarge storage length up to a cutoff.
+        (ArrayInstanceImp::mark): Use storageLength.
+        (ArrayInstanceImp::pushUndefinedObjectsToEnd): Added FIXME.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- decrease ref/deref -- 5% speedup in iBench
+
+        * JavaScriptCore.pbproj/project.pbxproj: Added array_instance.h
+        * kjs/array_instance.h: Added so it can be shared by function.h.
+
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        * kjs/bool_object.h:
+        * kjs/collector.cpp:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/math_object.cpp:
+        * kjs/nodes.cpp:
+        * kjs/number_object.cpp:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        * kjs/property_map.cpp:
+        * kjs/reference.cpp:
+        * kjs/reference.h:
+        * kjs/regexp_object.cpp:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+        * kjs/value.cpp:
+        * kjs/value.h:
+	Switched lots of interfaces so they don't require ref/deref.
+
+2002-11-20  Maciej Stachowiak  <mjs@apple.com>
+
+	Fixed the two most obvious problems with the new GC for another 6%
+	improvement.
+	
+        * kjs/collector.cpp:
+        (Collector::allocate): Don't bother doing the bit tests on a bitmap word if
+	all it's bits are on.
+        (Collector::collect): Track memoryFull boolean.
+        * kjs/collector.h: Inlined outOfMemory since it was showing up on profiles.
+
+2002-11-20  Maciej Stachowiak  <mjs@apple.com>
+
+	Rewrote garbage collector to make blocks of actual memory instead
+	of blocks of pointers. 7% improvement on JavaScript
+	iBench. There's still lots of room to tune the new GC, this is
+	just my first cut.
+	
+        * kjs/collector.cpp:
+        (Collector::allocate):
+        (Collector::collect):
+        (Collector::size):
+        (Collector::outOfMemory):
+        (Collector::finalCheck):
+        (Collector::numGCNotAllowedObjects):
+        (Collector::numReferencedObjects):
+        (Collector::liveObjectClasses):
+        * kjs/collector.h:
+        * kjs/function.cpp:
+        (ActivationImp::ActivationImp):
+        * kjs/function.h:
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- on the road to killing ActivationImp
+
+        * kjs/function.h: Add get/put to FunctionImp. Remove argumentsObject() from
+	ActivationImp. Add function() to ActivationImp.
+        * kjs/function.cpp:
+        (FunctionImp::FunctionImp): No arguments property.
+        (FunctionImp::call): No need to set up the arguments property.
+        (FunctionImp::parameterString): Remove ** strangeness.
+        (FunctionImp::processParameters): Ditto.
+        (FunctionImp::get): Added, handles arguments and length properties.
+        (FunctionImp::put): Ditto.
+        (FunctionImp::hasProperty): Ditto.
+        (FunctionImp::deleteProperty): Ditto.
+        (ActivationImp::ActivationImp): Store a function pointer so we can find it
+	in the context.
+
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): No need to set up
+	arguments property.
+        * kjs/nodes.cpp: (FuncExprNode::evaluate): No need to set up length property.
+
+        * kjs/internal.h: Return ObjectImp * for activation object.
+
+        * kjs/interpreter.h: Remove stray declaration of ExecStateImp.
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- add a couple of list operations to avoid clearing lists so much during sorting; gives 1.5% iBench
+
+        * kjs/types.h: Added replaceFirst/replaceLast.
+        * kjs/types.cpp: (List::replaceFirst), (List::replaceLast): Added.
+
+        * kjs/array_object.cpp: (compareWithCompareFunctionForQSort): Use replaceFirst/replaceLast.
+
+        * kjs/property_map.cpp: Put in an ifdef so I can re-add/remove the single entry to see if
+	it has outlived its usefulness. (It hasn't yet.)
+
+2002-11-20  Darin Adler  <darin@apple.com>
+
+	- atomic identifiers; gives another 6.5% in the iBench suite
+
+        * kjs/identifier.h: Did the real thing.
+        * kjs/identifier.cpp: Ditto.
+
+        * kjs/property_map.h: _tableSizeHashMask -> _tableSizeMask
+        * kjs/property_map.cpp: The above, plus take advantage of comparing
+	by pointer instead of by comparing bytes.
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- a few more globals for often-used property names
+	- conversion to Identifier from UString must now be explicit
+
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/function_object.cpp:
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        * kjs/lexer.cpp:
+        * kjs/nodes.cpp:
+        * kjs/number_object.cpp:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/string_object.cpp:
+        * kjs/testkjs.cpp:
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- another step towards atomic identifiers; storing hash in the string rep. gives about
+	a 1.5% speedup in the JavaScript iBench
+
+        * kjs/ustring.h: Add a hash field to UString::Rep.
+        * kjs/ustring.cpp:
+        (UString::Rep::create): Set hash to uninitialized value.
+        (UString::Rep::destroy): Do the deleting in her, and call Identifier if needed.
+        (UString::Rep::computeHash): Added.
+        (UString::append): Set hash to 0 when modifying the string in place.
+        (UString::operator=): Ditto.
+
+        * kjs/property_map.cpp: Use the hash from UString.
+
+        * kjs/identifier.h: Added aboutToDestroyUStringRep.
+        * kjs/identifier.cpp: (Identifier::aboutToDestroyUStringRep): Added.
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- next step towards atomic identifiers; Identifier is no longer derived from UString
+
+        * kjs/identifier.h: Remove base class and add _ustring member.
+        * kjs/identifier.cpp: Add null and an == that works with const char *.
+        * kjs/property_map.cpp: Get rep through _ustring.
+
+        * kjs/function.cpp: (FunctionImp::parameterString): Call ustring().
+        * kjs/function_object.cpp: (FunctionProtoFuncImp::call): Ditto.
+        * kjs/nodes.cpp:
+        (PropertyNode::evaluate): Ditto.
+        (VarDeclNode::evaluate): Ditto.
+        (ForInNode::execute): Ditto.
+        * kjs/nodes2string.cpp: (SourceStream::operator<<): Add overload for Identifier.
+        * kjs/reference.cpp: (Reference::getValue): Call ustring().
+        * kjs/regexp_object.cpp: (RegExpObjectImp::get): Call ustring().
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- fixed memory trasher
+
+        * kjs/ustring.cpp: (UString::from): Fix "end of buffer" computation.
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- a first step towards atomic identifiers in JavaScript
+
+	Most places that work with identifiers now use Identifier
+	instead of UString.
+
+        * kjs/identifier.cpp: Added.
+        * kjs/identifier.h: Added.
+        * JavaScriptCore.pbproj/project.pbxproj: Added files.
+
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/completion.cpp:
+        * kjs/completion.h:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/grammar.cpp:
+        * kjs/grammar.cpp.h:
+        * kjs/grammar.h:
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/lexer.cpp:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/number_object.cpp:
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+        * kjs/reference.cpp:
+        * kjs/reference.h:
+        * kjs/regexp_object.cpp:
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- fix hash function and key comparison for the other kind of hash table; yields 3%
+
+        * kjs/lookup.cpp:
+        (keysMatch): Added.
+        (Lookup::findEntry): Don't allocate and convert to ASCII just to search.
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- another hash table fix; yields a 2% improvement on iBench JavaScript
+
+        * kjs/property_map.cpp: A few more places where we use & instead of %.
+
+	- some List changes that don't affect speed yet
+
+        * kjs/types.cpp:
+        (List::prependList): Tighten up a tiny bit.
+        (List::copy): Use prependList.
+        * kjs/types.h: Remove appendList and globalClear.
+
+        * kjs/interpreter.cpp: (Interpreter::finalCheck): Remove List::globalClear().
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- fixed 3105026 -- REGRESSION: DHTML menus are broken all over the place
+
+        * kjs/types.cpp: (List::prepend): Fix backwards links in new node.
+
+2002-11-19  Darin Adler  <darin@apple.com>
+
+	- a fix that gives another 1.5% on the iBench JavaScript test
+
+        * kjs/ustring.cpp: (UString::from): Stop using sprintf to format integers.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+	- reduced the creation of Value objects and hoisted the property map
+        into Object for another gain of about 6%
+
+        * JavaScriptCore.pbproj/project.pbxproj: Made property_map.h public.
+        * kjs/array_object.cpp:
+        (compareWithCompareFunctionForQSort): Don't wrap the ValueImp * in a Value
+	just to add it to a list.
+        (ArrayProtoFuncImp::call): Pass the globalObject directly so we don't have
+	to ref/deref.
+        * kjs/function.cpp:
+        (FunctionImp::call): Use a reference for the global object to avoid ref/deref.
+        (GlobalFuncImp::call): Ditto.
+        * kjs/internal.cpp:
+        (BooleanImp::toObject): Put the object directly into the list, don't create a Value.
+        (StringImp::toObject): Ditto.
+        (NumberImp::toObject): Ditto.
+        (InterpreterImp::evaluate): Use a reference for the global object.
+        * kjs/internal.h: Return a reference for the global object.
+        * kjs/interpreter.cpp: (Interpreter::globalObject): Ditto.
+        * kjs/interpreter.h: Ditto.
+        * kjs/object.cpp: Use _prop directly in the object, not a separate pointer.
+        * kjs/object.h: Ditto.
+        * kjs/types.cpp: Added List methods that work directly with ValueImp.
+        (List::append): Added a ValueImp version.
+        (List::prepend): Ditto.
+        (List::appendList): Work directly with the ValueImp's.
+        (List::prependList): Ditto.
+        (List::copy): Use appendList.
+        (List::empty): Use a shared global List.
+        * kjs/types.h: Update for above changes.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+        * kjs/property_map.cpp: Oops, copyright goes to Apple, not me.
+        * kjs/property_map.h: Ditto.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+	- property and string improvements giving a 7% or so improvement in JavaScript iBench
+
+        * kjs/property_map.h: Rewrite to use a hash table.
+        * kjs/property_map.cpp: Ditto.
+
+        * kjs/string_object.h:
+        * kjs/string_object.cpp:
+        (StringInstanceImp::StringInstanceImp): Construct a string with the right value
+	instead of putting the string in later.
+        (StringInstanceImp::get): Get the length from the string, not a separate property.
+        (StringInstanceImp::put): Ignore attempts to set length, since we don't put it in
+	the property map.
+        (StringInstanceImp::hasProperty): Return true for length.
+        (StringInstanceImp::deleteProperty): Return false for length.
+        (StringObjectImp::construct): Call new StringInstanceImp constructor. Don't try
+	to set a length property.
+
+        * kjs/ustring.h: Make the rep deref know how to deallocate the rep.
+        * kjs/ustring.cpp:
+        (UString::release): Move the real work to the rep's deref, since the hash table
+	now uses the rep directly.
+
+        * kjs/object.h: Remove unused field.
+
+2002-11-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Change List to completely avoid going through the GC
+	allocator. 3.6% performance improvement on JavaScript iBench.
+	
+        * kjs/internal.cpp:
+        (InterpreterImp::mark): Don't mark the empty list.
+
+	For all the methods below I basically lifted the ListImp version
+	up to the List method with minor tweaks.
+	
+        * kjs/types.cpp:
+        (ListIterator::ListIterator):
+        (List::List):
+        (List::operator=):
+        (List::~List):
+        (List::mark):
+        (List::append):
+        (List::prepend):
+        (List::appendList):
+        (List::prependList):
+        (List::removeFirst):
+        (List::removeLast):
+        (List::remove):
+        (List::clear):
+        (List::clearInternal):
+        (List::copy):
+        (List::begin):
+        (List::end):
+        (List::isEmpty):
+        (List::size):
+        (List::at):
+        (List::operator[]):
+        (List::empty):
+        (List::erase):
+        (List::refAll):
+        (List::derefAll):
+        (List::swap):
+        (List::globalClear):
+        * kjs/types.h:
+
+2002-11-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Fixed a horrible leak introduced with my last change that
+	somehow did not show up on my machine.
+
+        * kjs/types.cpp:
+        (List::List): Mark ListImp as GC allowed.
+
+2002-11-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Another step towards the List conversion: stop inheriting from Value.
+	
+        * kjs/types.cpp:
+        (ListIterator::ListIterator):
+        (List::List):
+        (List::operator=):
+        (List::~List):
+        (List::mark):
+        (List::append):
+        (List::prepend):
+        (List::appendList):
+        (List::prependList):
+        (List::removeFirst):
+        (List::removeLast):
+        (List::remove):
+        (List::clear):
+        (List::copy):
+        (List::begin):
+        (List::end):
+        (List::isEmpty):
+        (List::size):
+        (List::at):
+        (List::operator[]):
+        * kjs/types.h:
+
+2002-11-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Partway to removing Value from List. Created a marking List
+	variant, used it in place of ListImp.
+	
+        * kjs/internal.h: Removed List stuff.
+        * kjs/internal.cpp:
+        (InterpreterImp::mark): Call appropriate List method to do marking of
+	empty ListImp.
+        * kjs/object.h:
+        * kjs/object.cpp: Use marking List instead of ListImp *.
+        * kjs/types.h:
+        * kjs/types.cpp:
+        (List::List): New boolean needsMarking parameter. 
+        (List::operator=): Perform trickery related to needsMarking.
+        (List::~List): Likewise.
+        (List::mark): Mark the ListImp.
+        (List::markEmptyList):
+	(ListImp::*): Moved here fron internal.cpp, they will be
+	integrated into the relevant List methods soon.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+	- another string constant discovered that can be optimized
+
+        * kjs/object.h: Add a property name constant for "__proto__".
+        * kjs/object.cpp: Define it.
+	(ObjectImp::get): Use it.
+	(ObjectImp::hasProperty): Use it.
+
+	- prepare to turn PropertyMap into a hash table
+
+        * kjs/object.cpp:
+	(ObjectImp::mark): Use the new PropertyMap::mark().
+	(ObjectImp::put): Use the new overload of PropertyMap::get().
+	(ObjectImp::deleteProperty): Use the new overload of PropertyMap::get().
+	(ObjectImp::propList): Use PropertyMap::addEnumerablesToReferenceList().
+
+        * kjs/property_map.h: Remove PropertyMapNode and make all node-related methods private.
+	Add mark(), a new overload of get() that returns attributes, a clear() that takes no attributes,
+	and addEnumerablesToReferenceList().
+        * kjs/property_map.cpp:
+	(PropertyMap::get): Added new overload.
+	(PropertyMap::clear): Added new overload.
+	(PropertyMap::mark): Added.
+	(PropertyMap::addEnumerablesToReferenceList): Added.
+
+        * kjs/ustring.h: Added a hash function.
+        * kjs/ustring.cpp: (KJS::hash): Added.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+	- simplified the ExecState class, which was showing up in profiles
+        
+        Sped up JavaScript iBench by 6%.
+
+        * kjs/interpreter.h: Removed the level of indirection, and made it all inline.
+        * kjs/interpreter.cpp: Removed ExecState implementation from here altogether.
+
+	- fixed an oversight in my sort speedup
+
+        * kjs/array_object.h: Add pushUndefinedObjectsToEnd.
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::sort): Call pushUndefinedObjectsToEnd.
+        (ArrayInstanceImp::pushUndefinedObjectsToEnd): Added.
+	Pushes all undefined to the end of the array.
+
+2002-11-18  Darin Adler  <darin@apple.com>
+
+	- fix worst speed problems on the sort page of the iBench JavaScript test
+
+	Sped up JavaScript iBench by 70%, the sort page by 88%.
+
+        * kjs/array_object.h: Add array-specific sort functions.
+        * kjs/array_object.cpp:
+        (compareByStringForQSort): Added.
+        (ArrayInstanceImp::sort): Added.
+        (compareWithCompareFunctionForQSort): Added.
+        (ArrayProtoFuncImp::call): Use ArrayInstanceImp::sort if the object being
+	sorted is actually an array.
+
+        * kjs/object.h: Add argumentsPropertyName.
+        * kjs/object.cpp: Add argumentsPropertyName.
+        * kjs/function.cpp:
+        (FunctionImp::FunctionImp): Use argumentsPropertyName to avoid making a UString.
+        (FunctionImp::call): Ditto.
+        (ActivationImp::ActivationImp): Ditto.
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): Ditto.
+
+        * kjs/ustring.h: Added compare function for -1/0/+1 comparison.
+        * kjs/ustring.cpp: (KJS::compare): Added.
+
+2002-11-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Change ArgumentListNode operations to be iterative instead of
+	recursive. This probably fixes 3095446 (Crash in
+	KJS::ArgumentListNode::ref()) but I can't reproduce it myself so
+	I'm not 100% sure. I think the original bug was a stack overflow
+	and this change would remove that possibility.
+	
+        * kjs/nodes.cpp:
+        (ArgumentListNode::ref): Make iterative.
+        (ArgumentListNode::deref): Make iterative.
+        (ArgumentListNode::evaluateList): Make iterative.
+
+=== Alexander-32 ===
+
+2002-11-14  Darin Adler  <darin@apple.com>
+
+	- fixed 3101243 -- excite passes date that can't be parsed, results in bogus date at top right corner
+
+        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Handle errors from strtol
+	by checking errno. Check the "string in a haystack" to be sure it's a multiple
+	of 3. Add case that allows year to be after time.
+
+2002-11-14  Darin Adler  <darin@apple.com>
+
+	- fixed 3101191 -- REGRESSION: Hang loading excite.com
+
+        * kjs/date_object.cpp:
+        (mktimeUsingCF): Pick an arbitrary cutoff of 3000, and return -1 if the
+	year passed in is that big so we don't infinite loop. Also validate the
+	rest of the date with CFGregorianDateIsValid. 
+        (DateProtoFuncImp::call): Handle a -1 result from mktime.
+        (DateObjectImp::construct): Check for NaN before calling mktime, and also
+	handle a -1 result from mktime.
+        (DateObjectFuncImp::call): Check for NaN before calling mktime, and also
+	handle a -1 result from mktime.
+
+2002-11-13  Darin Adler  <darin@apple.com>
+
+	- fixed 3099930 -- dates/times without time zones are parsed as UTC by kjs,
+	local time by other browsers
+
+        * kjs/date_object.cpp:
+        (DateProtoFuncImp::call): Handle the NaN case better, like Mozilla and OmniWeb.
+        (DateObjectFuncImp::call): Return NaN rather than Undefined() for bad dates.
+        (KJS::parseDate): Return NaN rather than Undefined() or 0 for bad dates.
+        (KJS::KRFCDate_parseDate): Return -1 rather than 0 for bad dates.
+	Assume local time if no time zone is passed. Don't return 1 if we parse 0.
+
+2002-11-13  Darin Adler  <darin@apple.com>
+
+        - fixed 3073230 -- JavaScript time calls do I/O by lstat()ing /etc/localtime
+
+        * kjs/date_object.cpp:
+        (formatDate): Added.
+        (formatTime): Added.
+        (formatLocaleDate): Added.
+        (formatLocaleTime): Added.
+        (DateProtoFuncImp::call): Changed to use the above functions instead of
+	using strftime.
+
+2002-11-08  Darin Adler  <darin@apple.com>
+
+        * kjs/date_object.cpp:
+        (ctimeUsingCF): Added.
+        (timeUsingCF): Added.
+
+2002-11-07  Darin Adler  <darin@apple.com>
+
+        * kjs/date_object.cpp: (mktimeUsingCF): Fix storage leak.
+
+2002-11-07  Maciej Stachowiak  <mjs@apple.com>
+
+	- partial fix to 3073230 - JavaScript time calls do I/O by
+	lastat()ing /etc/localtime
+	
+        * kjs/date_object.cpp:
+        (mktimeUsingCF): Implementation of mktime using CF.
+
+=== Alexander-31 ===
+
+2002-11-01  Darin Adler  <darin@apple.com>
+
+        * kjs/object.cpp: Make the same change Maciej just did, but to the
+	other constructor right next to the one he changed.
+
+2002-10-31  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3082660 - REGRESSION: one ListImp leaks opening/closing nearly empty web page
+	
+        * kjs/object.cpp: Set gc allowed on freshly created ListImp, since
+	there is no List wrapper for it.
+
+2002-10-31  Darin Adler  <darin@apple.com>
+
+        * kjs/grammar.y: Fix the APPLE_CHANGES thing here too.
+        * kjs/grammar.cpp: Regenerated this file.
+
+=== Alexander-30 ===
+
+2002-10-30  Darin Adler  <darin@apple.com>
+
+	- fixed 3073230 -- Alex is doing file I/O when executing JavaScript by asking for localtime
+
+	I fixed this by using Core Foundation time functions instead.
+
+        * kjs/date_object.cpp:
+        (tmUsingCF): Function that uses Core Foundation to get the time and then puts it into
+	a tm struct.
+        (gmtimeUsingCF): Function used instead of gmtime (used a macro to make the substitution).
+        (localtimeUsingCF): Function used instead of localtime (used a macro to make the substitution).
+
+2002-10-26  Darin Adler  <darin@apple.com>
+
+	- changed to use #if APPLE_CHANGES and #if !APPLE_CHANGES consistently
+
+	We no longer do #ifdef APPLE_CHANGES or #ifndef APPLE_CHANGES.
+
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/grammar.cpp:
+        * kjs/internal.cpp:
+        * kjs/ustring.h:
+
+2002-10-25  Darin Adler  <darin@apple.com>
+
+	- fixed 3038011 -- drop-down menu hierarchy broken at yahoo new acct page
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::call):
+	Fix bug calling concat on an empty array. The old code tried to
+	optimize in a way that would prevent appending any arrays until
+	at least one element was in the destination array. So if you were
+	concatenating a non-empty array into an empty array, you got an empty array.
+
+=== Alexander-29 ===
+
+=== Alexander-28 ===
+
+2002-10-10  Darin Adler  <darin@apple.com>
+
+	- fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
+
+	The problem is that "xxx".indexOf("", 1) needs to return 1, but we
+	were returning 0.
+
+        * kjs/ustring.cpp:
+        (UString::find): Return pos, not 0, when the search string is empty.
+        (UString::rfind): Make sure that pos is not past the end of the string,
+	taking into account the search string; fixes a potential read off the end
+	of the buffer. Also return pos, not 0, when the search string is empty.
+
+=== Alexander-27 ===
+
+2002-10-07  Darin Adler  <darin@apple.com>
+
+	Fixed absurdly high memory usage when looking at pages that use a lot of JavaScript.
+
+        * kjs/collector.cpp:
+        (Collector::allocate): Implement a new policy of doing a garbage collect every 1000
+	allocations. The old policy was both complicated and misguided.
+        (Collector::collect): Zero out the "number of allocations since last collect".
+
+2002-10-06  Darin Adler  <darin@apple.com>
+
+	I noticed some broken lists at mapblast.com and tracked it down to this.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::put): Don't truncate the list; only extend the length if
+	it's not already long enough.
+        (ArrayProtoFuncImp::call): Fix some ifdef'd code so it compiles if you turn
+	the ifdefs on.
+
+2002-10-04  Darin Adler  <darin@apple.com>
+
+        Fixed problems parsing numbers that are larger than a long with parseInt.
+
+        * kjs/config.h: Define HAVE_FUNC_STRTOLL.
+        * kjs/function.cpp: (GlobalFuncImp::call):
+	Change parseInt to use strtoll if available.
+
+=== Alexander-26 ===
+
+2002-09-27  Darin Adler  <darin@apple.com>
+
+	- fixed 3033969 -- repro crash (infinite recursion in JavaScript)
+	clicking on "screens" option at fsv.sf.net
+
+        * kjs/object.h: Change recursion limit to 100 levels rather than 1000.
+
+=== Alexander-25 ===
+
+2002-09-26  Darin Adler  <darin@apple.com>
+
+	Fix the infinity problem Dave worked around. We didn't have the
+	configuration flags set right to make infinity work. Setting those
+	properly made everything work without changes to min and max.
+
+        * kjs/config.h: Define HAVE_FUNC_ISINF, HAVE_STRING_H, and
+	also WORDS_BIGENDIAN (if on ppc).
+
+        * kjs/math_object.cpp: (MathFuncImp::call): Roll out min and max
+	changes from yesterday.
+
+2002-09-25  David Hyatt  <hyatt@apple.com>
+
+	Fix the impls of min/max to not use +inf/-inf when you have
+	arguments.  Technically there's still a bug here for the no
+	argument case, probably caused by a screwup when +inf/-inf are
+	converted to doubles.
+	
+        * kjs/math_object.cpp:
+        (MathFuncImp::call):
+
+2002-09-25  Darin Adler  <darin@apple.com>
+
+	- fixed 3057964 -- JS problem performing MD5 script embedded in yahoo login page
+
+        * kjs/simple_number.h: Fix incorrect check for sign bit that was munging numbers
+	in the range 0x10000000 to 0x1FFFFFFF.
+
+=== Alexander-24 ===
+
+=== Alexander-22 ===
+
+2002-09-05  Maciej Stachowiak  <mjs@apple.com>
+
+	First baby step towards moving List away from garbage collection.
+	
+        * kjs/types.h: Add needsMarking boolean and make List inherit from
+	Value privately instead of publicly.
+
+2002-08-30  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Allowed the new Project Builder to put in
+	encodings for each file.
+
+=== Alexander-21 ===
+
+=== Alexander-20 ===
+
+2002-08-20  Darin Adler  <darin@apple.com>
+
+	Three small changes to things that showed up in the sample.
+
+	5% speed increase on cvs-js-performance test.
+	
+        * kjs/simple_number.h: Check if double is an integer with d == (double)(int)d
+	instead of remainder(d, 1) == 0, saving a function call each time.
+
+        * kjs/ustring.cpp:
+        (UString::find): Compare the first character before calling memcmp for the rest.
+        (UString::rfind): Ditto.
+        (KJS::operator==): Don't do a strlen before starting to compare the characters.
+
+2002-08-20  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/object.cpp: Don't reference other ValueImps in the
+	destructor, they may have already been destroyed, and will have
+	GC_ALLOWED set already in any case.
+
+2002-08-19  Maciej Stachowiak  <mjs@apple.com>
+
+	Fixed the bug that made sony.com menus come out wrong and made
+	aa.com crash (Radar 3027762).
+	
+	Mode most methods inline.
+	
+        * kjs/completion.cpp:
+        * kjs/completion.h:
+
+2002-08-19  Maciej Stachowiak  <mjs@apple.com>
+
+	Maintain stack of old "arguments" property values for functions
+	implicitly on the system stack instead of explicitly in the
+	FunctionImp. This eliminates only a trivial number of GC
+	allocations (less than 200) but eliminates one of the two cases
+	where a ListImp * is stored directly, paving the way to separate
+	List from Value.
+	
+        * kjs/function.h: Remove argStack, pushArgs and popArgs.
+        * kjs/function.cpp:
+        (FunctionImp::FunctionImp): Don't initalize argStack.
+        (FunctionImp::~FunctionImp): Remove comment about argStack.
+        (FunctionImp::mark): Don't mark the argStack.
+        (FunctionImp::call): Save old "arguments" property in a Value,
+	where it will be GC-protected, rather than keeping a list, and
+	restore the old value when done executing.
+
+2002-08-18  Darin Adler  <darin@apple.com>
+
+        * kjs/internal.cpp: (KJS::printInfo): Remove one more CompletionType
+	that Maciej missed.
+
+2002-08-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Remove stray references to CompletionType and CompletionImp.
+	
+        * kjs/completion.h:
+        * kjs/object.cpp:
+        * kjs/value.h:
+
+2002-08-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Separated Completion from Value and made it a pure stack
+	object. This removed another 160,000 of the remaining 580,000
+	garbage collected object allocations.
+
+	6% speed increase on cvs-js-performance test.
+	
+        * kjs/completion.cpp: Added. New implementation that doesn't
+	require a ValueImp *.
+        (Completion::Completion):
+        (Completion::complType):
+        (Completion::value):
+        (Completion::target):
+        (Completion::isValueCompletion):
+        * kjs/completion.h: Added.
+        * kjs/function.cpp:
+	(GlobalFuncImp::call): Removed some (apparently mistaken) uses of
+	Completion as a Value.
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/types.cpp: Removed Completion stuff.
+        * kjs/types.h: Removed Completion stuff.
+        * JavaScriptCore.pbproj/project.pbxproj: Added new header.
+
+2002-08-16  Darin Adler  <darin@apple.com>
+
+	Fix the Development build.
+
+        * kjs/object.cpp: Take out a use of ReferenceType.
+
+        * kjs/ustring.h: Added a bit more inlining.
+        * kjs/ustring.cpp: Moved the function out of here.
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+	Final step of the Reference change. Completely separate Reference
+	from Value, and eliminate ReferenceImp.
+
+	18% speedup on cvs-js-performance test.
+
+        * kjs/internal.cpp, kjs/internal.h: Remove ReferenceImp.
+        * kjs/nodes.cpp:
+        (Node::evaluateReference): Use Reference::makeValueReference(),
+	not ConstReference.
+        * kjs/reference.cpp:
+        (Reference::Reference): New implementation, handles both regular
+	and value references.
+        (Reference::makeValueReference): Incorporate functionality of ConstReference
+	into this class.
+        (Reference::getBase): New implementation (incorporates error vase
+	for value references).
+	(Reference::getPropertyName): New implementation (incorporates error case
+	for value references).
+        (Reference::putValue): New implementation (incorporates error case
+	for value references).
+        (Reference::deleteValue): New implementation (incorporates error case
+	for value references).
+        (Reference::getValue): New implementation (incorporates special case
+	for value references).
+        (Reference::isMutable): New implementation.
+	* kjs/reference.h: New implementation that merges ReferenceImp
+	into the stack object.
+        * kjs/value.h, kjs/value.cpp: Removed all reference-related method.
+
+2002-08-16  Darin Adler  <darin@apple.com>
+
+	- fixed 3026184 -- Hang going to http://aa.com/ while executing JavaScript
+
+        * kjs/simple_number.h: (SimpleNumber::value): Fixed conversion to a negative
+	number. The technique of using division was no good. Instead, or in the sign
+	bits as needed.
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/reference_list.h: Must include headers with "", not
+	<>. D'oh!
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Install reference.h and
+	reference_list.h so WebCore compiles (duh).
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/nodes.cpp:
+        (Node::evaluateReference):
+        * kjs/reference.cpp:
+        (Reference::Reference):
+        (Reference::makeValueReference):
+        (Reference::getBase):
+        (Reference::getPropertyName):
+        (Reference::getValue):
+        (Reference::putValue):
+        (Reference::deleteValue):
+        (Reference::isMutable):
+        * kjs/reference.h:
+        * kjs/reference_list.h:
+        * kjs/value.cpp:
+        (ValueImp::dispatchToUInt32):
+        * kjs/value.h:
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+	Next step: reimplement ReferenceList from scratch, and store it as
+	an actual Reference object, so ReferenceList no longer depends on
+	Reference being a Value or having a ReferenceImp. A resizing
+	vector might be even better the way this is used.
+
+	Also moved Reference to its own header and implementation file in
+	preparation for reimplementing it.
+	
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/nodes.cpp:
+        (ForInNode::execute):
+        * kjs/reference.cpp: Added.
+        (Reference::Reference):
+        (Reference::dynamicCast):
+        (ConstReference::ConstReference):
+        * kjs/reference.h: Added.
+        * kjs/reference_list.cpp: Added.
+        (ReferenceList::ReferenceList):
+        (ReferenceList::operator=):
+        (ReferenceList::swap):
+        (ReferenceList::append):
+        (ReferenceList::~ReferenceList):
+        (ReferenceList::begin):
+        (ReferenceList::end):
+        (ReferenceListIterator::ReferenceListIterator):
+        (ReferenceListIterator::operator!=):
+        (ReferenceListIterator::operator->):
+        (ReferenceListIterator::operator++):
+        * kjs/reference_list.h:
+        * kjs/types.cpp:
+        * kjs/types.h:
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+	Fix Development build - some NDEBUG code had to be changed for the
+	Value/Reference split.
+	
+        * kjs/internal.cpp:
+        (KJS::printInfo):
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate):
+
+2002-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/reference_list.h: Added file I forgot to check in last time.
+
+2002-08-15  Maciej Stachowiak  <mjs@apple.com>
+
+	Phase 1 of optimization to stop allocating references through the
+	collector. This step clearly splits evaluating to a reference and
+	evaluating to a value, and moves all of the reference-specific
+	operations from Value to Reference. A special ConstReference class
+	helps out for the one case where you need special reference
+	operations if the result is a reference, and not otherwise.
+
+	Also, Reference now inherits privately from Value, and there is a
+	new ReferenceList class that inherits privately from List, so the
+	uses of Reference and Value are now completely orthogonal. This
+	means that as the next step, their implementations can be
+	completely disentangled.
+	
+	This step has no actual performance impact.
+	
+        * kjs/collector.cpp:
+        (Collector::collect):
+        * kjs/nodes.cpp:
+        (Node::evaluateReference):
+        (ResolveNode::evaluate):
+        (ResolveNode::evaluateReference):
+        (ElementNode::evaluate):
+        (PropertyValueNode::evaluate):
+        (AccessorNode1::evaluate):
+        (AccessorNode1::evaluateReference):
+        (AccessorNode2::evaluate):
+        (AccessorNode2::evaluateReference):
+        (ArgumentListNode::evaluateList):
+        (NewExprNode::evaluate):
+        (FunctionCallNode::evaluate):
+        (PostfixNode::evaluate):
+        (DeleteNode::evaluate):
+        (VoidNode::evaluate):
+        (TypeOfNode::evaluate):
+        (PrefixNode::evaluate):
+        (UnaryPlusNode::evaluate):
+        (NegateNode::evaluate):
+        (BitwiseNotNode::evaluate):
+        (LogicalNotNode::evaluate):
+        (MultNode::evaluate):
+        (AddNode::evaluate):
+        (ShiftNode::evaluate):
+        (RelationalNode::evaluate):
+        (EqualNode::evaluate):
+        (BitOperNode::evaluate):
+        (BinaryLogicalNode::evaluate):
+        (ConditionalNode::evaluate):
+        (AssignNode::evaluate):
+        (CommaNode::evaluate):
+        (VarDeclNode::evaluate):
+        (ExprStatementNode::execute):
+        (IfNode::execute):
+        (DoWhileNode::execute):
+        (WhileNode::execute):
+        (ForNode::execute):
+        (ForInNode::execute):
+        (ReturnNode::execute):
+        (WithNode::execute):
+        (CaseClauseNode::evaluate):
+        (SwitchNode::execute):
+        (ThrowNode::execute):
+        * kjs/nodes.h:
+        * kjs/types.cpp:
+        (ConstReference::ConstReference):
+        * kjs/types.h:
+        * kjs/value.h:
+
+2002-08-15  Darin Adler  <darin@apple.com>
+
+	Tweaks and small bug fixes to Maciej's excellent new fixnum optimization.
+	Also updated or removed comments that call it "fixnum" instead of "simple number".
+
+        * kjs/simple_number.h: Change constant names so they don't SHOUT the way macro
+	names do. Added constants for shift, min, and max. Fixed off-by-1 error that
+	prevented us from using the extreme values on either end. Base the range of
+	numbers on a fixed 32 bits constant rather than the size of a long, because
+	code elsewhere depends on positive numbers fitting into both "unsigned" and
+	"UInt32" while assuming it doesn't need to check; we can easily change this
+	later. Used int types rather than long for essentially the same reason.
+	Fixed the value-extraction function so it will work for negative numbers even
+        if the shift is logical, not arithmetic, by using division instead.
+	Renamed functions to be quite terse since they are inside a class.
+
+        * kjs/value.h:
+        * kjs/value.cpp:
+        (ValueImp::dispatchToObject): Call NumberImp::toObject in a "non-virtual"
+	way rather than repeating the code here.
+        (ValueImp::dispatchToUInt32): Handle the negative number case correctly.
+        (ValueImp::dispatchGetBase): Call ValueImp::getBase in a "non-virtual"
+	way rather than repeating the code here.
+        (ValueImp::dispatchGetPropertyName): Call ValueImp::getPropertyName in a
+	"non-virtual" way rather than repeating the code here.
+        (ValueImp::dispatchPutValue): Call ValueImp::putValue in a "non-virtual"
+	way rather than repeating the code here.
+        (ValueImp::dispatchDeleteValue): Call ValueImp::deleteValue in a "non-virtual"
+	way rather than repeating the code here.
+        (Number::Number): Fixed a bug where the double-based constructor was casting
+	to long, so wouldn't do the "remainder" check.
+
+=== Alexander-19 ===
+
+=== Alexander-18 ===
+
+2002-08-15  Maciej Stachowiak  <mjs@apple.com>
+
+	Phase 2 of fixnum optimization. Store any integral number that
+	will fit in two bits less than a long inside the ValueImp *
+	itself, thus avoiding the need to deal with the garbage collector
+	at all for these types. Such numbers comprised .5 million of the
+	1.7 million ValueImps created during the cvs-js-performance test,
+	so traffic through the garbage collector should be
+
+	20% improvement on cvs-js-performance. This may also show up on
+	cvs-base, but I did not compare and I am too lazy to make clean in
+	WebCore yet again. 
+
+	This also significantly reduces memory footprint on
+	JavaScript-heavy pages. Size after going through
+	cvs-js-performance suite is now 22MB to 17.5MB.
+	
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/simple_number.h: Added. Some inline static methods for handling
+	simple numbers that are stored in the pointer.
+        * kjs/ustring.h:
+        * kjs/ustring.cpp:
+        (UString::from): Added new overload for long.
+        * kjs/value.cpp:
+        (ValueImp::marked): Add special case for simple numbers.
+        (ValueImp::setGcAllowed): Likewise.
+	(ValueImp::toInteger): Call dispatch version of
+	toUInt32(unsigned&), not the real method.
+        (ValueImp::toInt32): Likewise.
+        (ValueImp::toUInt32): Likewise.
+        (ValueImp::toUInt16): Likewise.
+        (ValueImp::dispatchType): Add special case for simple numbers.
+        (ValueImp::dispatchToPrimitive): Likewise.
+        (ValueImp::dispatchToBoolean): Likewise.
+        (ValueImp::dispatchToNumber): Likewise.
+        (ValueImp::dispatchToString): Likewise.
+        (ValueImp::dispatchToObject): Likewise.
+        (ValueImp::dispatchToUInt32): Likewise.
+        (ValueImp::dispatchGetBase): Likewise.
+        (ValueImp::dispatchGetPropertyName): Likewise.
+        (ValueImp::dispatchPutValue): Likewise.
+        (ValueImp::dispatchDeleteValue): Likewise.
+        (Number::Number): Create a simple number instead of a full-blown
+	ValueImp when possible.
+        (Number::value): Likewise.
+        * kjs/value.h:
+
+2002-08-15  Maciej Stachowiak  <mjs@apple.com>
+
+	Phase one of the "fixnum" optimization (storing small enough
+	integers in the pointer). This just paves the way for the change
+	by making all the virtual functions of ValueImp private and adding
+	non-virtual dispatchers which can call the virtual function or
+	handle fixnums specially.
+
+	Also, I marked every place that should need a special case with a
+	FIXNUM comment.
+	
+        * kjs/bool_object.cpp:
+        (BooleanObjectImp::construct): Call dispatch method not the real method.
+        * kjs/internal.h: Make toUInt32 private to make sure no one calls it directly
+	on a NumberImp*.
+        * kjs/nodes.cpp:
+        (ForInNode::execute): Call dispatch method not the real method.
+        * kjs/object.cpp:
+	(ObjectImp::propList): Call dispatch method not the real method.
+        * kjs/object.h:
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): Call dispatch method not the real method.
+        (StringObjectImp::construct): Call dispatch method not the real method.
+        * kjs/value.h:
+        * kjs/value.cpp:
+        (ValueImp::marked): Put a comment about required FIXNUM change.
+        (ValueImp::setGcAllowed): Likewise.
+        (ValueImp::dispatchType): Just call the virtual method for now.
+        (ValueImp::dispatchToPrimitive): Likewise.
+        (ValueImp::dispatchToBoolean): Likewise.
+        (ValueImp::dispatchToNumber): Likewise.
+        (ValueImp::dispatchToString): Likewise.
+        (ValueImp::dispatchToObject): Likewise.
+        (ValueImp::dispatchToUInt32): Likewise.
+        (ValueImp::dispatchGetBase): Likewise.
+        (ValueImp::dispatchGetPropertyName): Likewise.
+        (ValueImp::dispatchGetValue): Likewise.
+        (ValueImp::dispatchPutValue): Likewise.
+        (ValueImp::dispatchDeleteValue): Likewise.
+
+2002-08-14  Darin Adler  <darin@apple.com>
+
+	Another pass of tweaks, including one bug fix.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp): Use malloc, not new.
+        (ArrayInstanceImp::get): Use a local variable so we don't rely on the optimizer
+	to avoid indexing twice.
+        (ArrayInstanceImp::hasProperty): Use a local variable, and also check against
+	UndefinedImp::staticUndefined rather than doing type() != UndefinedType.
+
+2002-08-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Simplified array handling by using NULL to represent empty cells
+	instead of the Undefined object, so we can use calloc, realloc and
+	memset instead of loops. Inspired by a suggestion of Darin's.
+
+	* kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp):
+        (ArrayInstanceImp::~ArrayInstanceImp):
+        (ArrayInstanceImp::get):
+        (ArrayInstanceImp::hasProperty):
+        (ArrayInstanceImp::deleteProperty):
+        (ArrayInstanceImp::setLength):
+        (ArrayInstanceImp::mark):
+
+2002-08-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Fix major JavaScript memory leak. run-plt says cvs-base improved
+	by 2% and cvs-js-performance improved by 7%. However, this was
+	within the possible noise level in each case.
+        
+	The fix was to store ValueImp *'s in the array instead of Value
+	objects, since the Value wrapper will keep a ref and make the
+	object immortal.
+
+	* kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp):
+        (ArrayInstanceImp::get):
+        (ArrayInstanceImp::put):
+        (ArrayInstanceImp::hasProperty):
+        (ArrayInstanceImp::deleteProperty):
+        (ArrayInstanceImp::setLength):
+        (ArrayInstanceImp::mark):
+        * kjs/array_object.h:
+
+2002-08-13  Maciej Stachowiak  <mjs@apple.com>
+
+	Add the ability to determine the classes of live JavaScript
+	objects, to help with leak fixing.
+
+        * kjs/collector.h, kjs/collector.cpp:
+        (Collector::liveObjectClasses):
+
+2002-08-13  Maciej Stachowiak  <mjs@apple.com>
+
+	Small speed improvement. 3% faster on cvs-js-performance, no
+	measurable change on cvs-static-urls.
+	
+        * kjs/collector.cpp:
+        (Collector::collect): Combine 3 loops over all objects into one,
+	to reduce flat time and improve locality of reference.
+
+2002-08-12  Darin Adler  <darin@apple.com>
+
+	Speed improvements. 19% faster on cvs-js-performance, 1% on cvs-static-urls.
+
+	Use global string objects for length and other common property names rather
+	than constantly making and destroying them. Use integer versions of get() and
+	other related calls rather than always making a string.
+
+	Also get rid of many unneeded constructors, destructors, copy constructors, and
+	assignment operators. And make some functions non-virtual.
+
+        * kjs/internal.h:
+        * kjs/internal.cpp:
+        (NumberImp::toUInt32): Implement.
+        (ReferenceImp::ReferenceImp): Special case for numeric property names.
+        (ReferenceImp::getPropertyName): Moved guts here from ValueImp. Handle numeric case.
+        (ReferenceImp::getValue): Moved guts here from ValueImp. Handle numeric case.
+        (ReferenceImp::putValue): Moved guts here from ValueImp. Handle numeric case.
+        (ReferenceImp::deleteValue): Added. Handle numeric case.
+
+        * kjs/array_object.h:
+        * kjs/array_object.cpp: All-new array implementation that stores the elements
+	in a C++ array rather than in a property map.
+        (ArrayInstanceImp::ArrayInstanceImp): Allocate the C++ array.
+        (ArrayInstanceImp::~ArrayInstanceImp): Delete the C++ array.
+        (ArrayInstanceImp::get): Implement both the old version and the new overload that
+	takes an unsigned index for speed.
+        (ArrayInstanceImp::put): Implement both the old version and the new overload that
+	takes an unsigned index for speed.
+        (ArrayInstanceImp::hasProperty): Implement both the old version and the new overload that
+	takes an unsigned index for speed.
+        (ArrayInstanceImp::deleteProperty): Implement both the old version and the new overload that
+	takes an unsigned index for speed.
+        (ArrayInstanceImp::setLength): Added. Used by the above to resize the array.
+        (ArrayInstanceImp::mark): Mark the elements of the array too.
+        (ArrayPrototypeImp::ArrayPrototypeImp): Pass the length to the array instance constructor.
+
+        * kjs/bool_object.cpp:
+        * kjs/date_object.cpp:
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/function_object.cpp:
+        * kjs/math_object.cpp:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/number_object.cpp:
+        * kjs/object_object.cpp:
+        * kjs/regexp_object.cpp:
+        * kjs/string_object.cpp:
+
+        * kjs/nodes2string.cpp: (SourceStream::operator<<): Add a special case for char now that
+	you can't create a UString from a char implicitly.
+
+        * kjs/object.h:
+        * kjs/object.cpp:
+        (ObjectImp::get): Call through to the string version if the numeric version is not implemented.
+        (ObjectImp::put): Call through to the string version if the numeric version is not implemented.
+        (ObjectImp::hasProperty): Call through to the string version if the numeric version is not implemented.
+        (ObjectImp::deleteProperty): Call through to the string version if the numeric version is not implemented.
+
+        * kjs/types.h:
+        * kjs/types.cpp:
+        (Reference::Reference): Added constructors for the numeric property name case.
+
+        * kjs/ustring.h: Made the constructor that turns a character into a string be explicit so we
+	don't get numbers that turn themselves into strings.
+        * kjs/ustring.cpp:
+        (UString::UString): Detect the empty string case, and use a shared empty string.
+        (UString::find): Add an overload for single character finds.
+        (UString::rfind): Add an overload for single character finds.
+        (KJS::operator==): Fix bug where it would call strlen(0) if the first string was not null.
+	Also handle non-ASCII characters consistently with the rest of the code by casting to unsigned char
+	just in case.
+
+        * kjs/value.h: Make ValueImp and all subclasses non-copyable and non-assignable.
+        * kjs/value.cpp:
+        (ValueImp::toUInt32): New interface, mainly useful so we can detect array indices and not turn
+	them into strings and back.
+        (ValueImp::toInteger): Use the new toUInt32. Probably can use more improvement.
+        (ValueImp::toInt32): Use the new toUInt32. Probably can use more improvement.
+        (ValueImp::toUInt16): Use the new toUInt32. Probably can use more improvement.
+        (ValueImp::getBase): Remove handling of the Reference case. That's in ReferenceImp now.
+        (ValueImp::getPropertyName): Remove handling of the Reference case. That's in ReferenceImp now.
+        (ValueImp::getValue): Remove handling of the Reference case. That's in ReferenceImp now.
+        (ValueImp::putValue): Remove handling of the Reference case. That's in ReferenceImp now.
+        (ValueImp::deleteValue): Added. Used so we can do delete the same way we do put.
+
+=== Alexander-17 ===
+
+2002-08-09  Darin Adler  <darin@apple.com>
+
+	Some string speedups. Makes sony.com cached 11% faster on Development, but
+        the improvement for Deployment should be greater.
+
+        * kjs/ustring.h: Made it possible for UChar objects to be uninitialized, which
+	gives a speed boost. Inlined CString's +=, UString's destructor, +=, and +.
+        * kjs/ustring.cpp:
+        (UString::UString): Optimize const char * version, which showed up
+	heavily in performance analysis. Added new two-UString version, which
+	makes the + operator fast. 
+        (UString::ascii): Remove thread safety changes. Change static buffer to remember
+	its size, and to always be at least 4096 bytes long; that way we never have to
+	reallocate unless it's for a long string. Also make code to extract the characters
+	significantly faster by getting rid of two pointer dereferences per character.
+        (UString::is8Bit): Avoid one pointer dereference per character.
+        (UString::toDouble): Use ascii() instead of cstring() to avoid copying the string.
+
+        * kjs/collector.cpp: Remove unneeded APPLE_CHANGES.
+        * kjs/regexp.cpp: Remove ifdefs around some APPLE_CHANGES that we
+	want to keep, because they just fix warnings.
+        * kjs/value.h: Remove obsolete APPLE_CHANGES comment.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Project Builder decided
+	to move a line around in the file.
+
+2002-08-09  Maciej Stachowiak  <mjs@apple.com>
+
+	Fix my last change to actually call the versions of the lock functions
+	that are recursive and initialize as needed.
+	
+        * kjs/internal.cpp:
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::clear):
+        (InterpreterImp::evaluate):
+
+2002-08-09  Maciej Stachowiak  <mjs@apple.com>
+
+        - fixed 2948835 - JavaScriptCore locking is too fine grained, makes it too slow
+
+	* kjs/collector.cpp:
+        (Collector::allocate):
+        (Collector::collect):
+        (Collector::finalCheck):
+        (Collector::numInterpreters):
+        (Collector::numGCNotAllowedObjects):
+        (Collector::numReferencedObjects):
+        * kjs/collector.h:
+        * kjs/internal.cpp:
+        (initializeInterpreterLock):
+        (lockInterpreter):
+        (unlockInterpreter):
+        (Parser::parse):
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::clear):
+        (InterpreterImp::evaluate):
+        * kjs/value.cpp:
+        (ValueImp::ValueImp):
+        (ValueImp::setGcAllowed):
+
+=== milestone 0.5 ===
+
+=== Alexander-16 ===
+
+2002-08-05  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3007072 - need to be able to build fat
+	
+        * JavaScriptCore.pbproj/project.pbxproj: Fixed DeploymentFat build.
+
+=== Alexander-15 ===
+
+2002-07-25  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Add DeploymentFat build style.
+
+=== Alexander-14 ===
+
+2002-07-21  Darin Adler  <darin@apple.com>
+
+        * kjs/*: Roll KDE 3.0.2 changes in. Also switch to not using APPLE_CHANGES
+	for some of the changes that we definitely want to contribute upstream.
+
+2002-07-21  Maciej Stachowiak  <mjs@apple.com>
+
+        * Makefile.am: Remove products from symroots on `make clean'.
+
+=== Alexander-13 ===
+
+2002-07-13  Darin Adler  <darin@apple.com>
+
+        * Makefile.am: Don't use embed.am any more.
+        * JavaScriptCore.pbproj/project.pbxproj: Use embed-into-alex instead
+	of make embed.
+
+2002-07-12  Darin Adler  <darin@apple.com>
+
+        * kjs/ustring.h: Since <sys/types.h> includes ushort and uint now, had
+	to change the includes here to be compatible with that.
+
+2002-07-11  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: To make the build of
+	WebCore work without using -I to peek at JavaScriptCore sources,
+	made all the Public sources Private so they are all in one directory.
+	Also, made lookup.h be Private.
+
+=== Alexander-11 ===
+
+=== Alexander-10 ===
+
+2002-06-25  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Re-add -Wmissing-format-attribute.
+
+=== Alexander-9 ===
+
+2002-06-19  Kenneth Kocienda  <kocienda@apple.com>
+
+        I just played alchemical voodoo games with the linker to 
+        make all our frameworks and Alexander prebound.
+
+	* JavaScriptCore.pbproj/project.pbxproj
+
+2002-06-15  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Removed explicit PFE_FILE_C_DIALECTS now that
+	Project Builder handles this automatically. Removed explicit USE_GCC3 since that's implicit
+	now. Also, since this project is all C++, only use WARNING_CFLAGS with flags that are appropriate
+	for C++; don't bother breaking out C vs. C++.
+
+	* kjs/collector.cpp: Now that the system warning is fixed, use PTHREAD_MUTEX_INITIALIZER and
+	PTHREAD_COND_INITIALIZER.
+	* kjs/internal.cpp: Use PTHREAD_MUTEX_INITIALIZER.
+	* kjs/ustring.cpp: Use PTHREAD_ONCE_INIT.
+
+2002-06-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Made Development build mode mean what Unoptimized used to mean. Removed Unoptimized build mode. 
+        Added a Mixed build mode which does what Deployment used to. All this to fix:
+        
+        Radar 2955367 - Change default build style to "Unoptimized"
+        
+	* JavaScriptCore.pbproj/project.pbxproj:
+
+2002-06-12  Darin Adler  <darin@apple.com>
+
+	* kjs/nodes.cpp: (Node::finalCheck): A bit of APPLE_CHANGES so we
+	can compile with KJS_DEBUG_MEM defined if we want to.
+
+2002-06-10  Darin Adler  <darin@apple.com>
+
+	Merged in changes from KDE 3.0.1.
+
+	* kjs/collector.cpp:
+	* kjs/date_object.cpp:
+	* kjs/function.cpp:
+	* kjs/internal.cpp:
+	* kjs/lookup.h:
+	* kjs/object.cpp:
+	* kjs/operations.cpp:
+	* kjs/regexp.cpp:
+	* kjs/regexp_object.cpp:
+	* kjs/regexp_object.h:
+	* kjs/string_object.cpp:
+	* kjs/testkjs.cpp:
+	* kjs/ustring.cpp:
+	* kjs/value.cpp:
+	* kjs/value.h:
+	Do the merge, and add APPLE_CHANGES as needed to make things compile.
+
+	* kjs/date_object.lut.h: Re-generated.
+
+2002-06-07  Darin Adler  <darin@apple.com>
+
+	* Makefile.am: Use new shared "embed.am" file so we don't need four copies of
+	the embedding rules for WebFoundation, JavaScriptCore, WebCore, and WebKit.
+
+2002-06-07  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Don't use any warning flags for C that won't work
+	for C++, because PFE uses the C warning flags on a C++ compile.
+
+=== Alexander-8 ===
+
+2002-06-06  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Update warning flags for compatibility
+	with new C++.
+
+2002-06-05  Darin Adler  <darin@apple.com>
+
+	Fix problem seen as build failure on Jersey.
+
+	* Makefile.am: JavaScriptCore-stamp needs to be a dependency, not a
+	source file, because it doesn't have a corresponding object file.
+	Making it a dependency causes things to compile in the right order.
+
+2002-06-04  Darin Adler  <darin@apple.com>
+
+	Improve the speed of the JavaScript string append operation by growing
+	the capacity so we don't need to reallocate the string every time.
+
+	Also fix script execution so it doesn't use recursion to advance from
+	one statement to the next, using iteration instead.
+
+	* Makefile.am: Stop using BUILT_SOURCES to build JavaScriptCore-stamp,
+	because this causes the Project Builder project to build *before* the
+	subdir. Intead, use an all-am rule in a way more similar to all our
+	other directories.
+
+	* kjs/grammar.y: Link the SourceElementsNode in the opposite direction,
+	so we can walk the list and execute each element instead of using
+	recursion to reverse the list.
+	* kjs/grammar.cpp: Check in new generated file.
+
+	* kjs/nodes.cpp:
+	(SourceElementsNode::execute):
+	(SourceElementsNode::processFuncDecl):
+	(SourceElementsNode::processVarDecls):
+	Use loops instead of recursion.
+
+	* kjs/ustring.h: Don't initialize all UChar objects to 0. This was
+	wasting a *huge* amount of time.
+	* kjs/ustring.cpp:
+	(UString::Rep::create): Add a "capacity" along with the length.
+	(UString::append): Include 50% extra capacity when appending.
+	(UString::operator=): Reuse the buffer if possible rather than
+	always creating a new one.
+
+2002-06-02  Darin Adler  <darin@apple.com>
+
+	* COPYING.LIB: Fix line endings. It was using CRs.
+
+2002-05-31  Darin Adler  <darin@apple.com>
+
+	* Makefile.am:
+	* kjs/Makefile.am:
+	Slight improvements to rules that touch stamp files.
+
+2002-05-28  Maciej Stachowiak  <mjs@apple.com>
+
+	* THANKS: Demangled.
+
+=== Alexander-7 ===
+
+2002-05-24  Maciej Stachowiak  <mjs@apple.com>
+
+	Added license and acknowledgements.
+
+	* AUTHORS: Added.
+	* COPYING.LIB: Added.
+	* THANKS: Added.
+
+=== 0.3 ===
+
+=== Alexander-6 ===
+
+=== Alexander-5 ===
+
+=== Alexander-4 ===
+
+=== JavaScriptCore-5 ===
+
+2002-05-21  Maciej Stachowiak  <mjs@apple.com>
+
+	Reviewed by: Richard Williamson
+
+	Fixed Radar 2928775 - Sherlock crashes sitting in stocks channel
+
+	* kjs/internal.cpp:
+	(InterpreterImp::InterpreterImp): Set the interp pointer earlier,
+	in case garbage collection takes place while creating the global
+	values.
+
+2002-05-15  Darin Adler  <darin@apple.com>
+
+	Reviewed by: Maciej Stachowiak
+	
+	* Makefile.am:
+	Use all-am and clean-am instead of all and clean because it's better and
+	to make "make check" at the top level work right.
+
+2002-05-13  Darin Adler  <darin@apple.com>
+
+	Reviewed by: Maciej Stachowiak
+
+	* kjs/value.h: Fix comment typos.
+
+=== JavaScriptCore-4 ===
+
+2002-05-10  Maciej Stachowiak  <mjs@apple.com>
+
+	Reviewed by: Ken Kocienda and Darin Adler
+
+	Fixed the following bug:
+
+	Radar 2890573 - JavaScriptCore needs to be thread-safe
+
+	Actually this is only a weak form of thread-safety - you can safely
+	use different interpreters from different threads at the same
+	time. If you try to use a single interpreter object from multiple
+	threads, you need to provide your own locking.
+
+	* kjs/collector.h, kjs/collector.cpp:
+	(Collector::lock, Collector::unlock): Trivial implementation of a
+	recursive mutex.
+	(Collector::allocate): Lock around the body of this function.
+	(Collector::collect): Likewise.
+	(Collector::finalCheck): Likewise.
+	(Collector::numInterpreters): Likewise.
+	(Collector::numGCNotAllowedObjects): Likewise.
+	(Collector::numReferencedObjects): Likewise.
+	* kjs/internal.cpp:
+	(Parser::parse): use a mutex to lock around the whole parse, since
+	it uses a bunch of global state.
+	(InterpreterImp::InterpreterImp): Grab the Collector lock here,
+	both the mutually exclude calls to the body of this function, and
+	to protect the s_hook static member which the collector pokes at.
+	(InterpreterImp::clear): Likewise.
+	* kjs/ustring.cpp:
+	(statBufferKeyCleanup, statBufferKeyInit, UString::ascii): Convert
+	use of static variable
+	* kjs/value.cpp:
+	(ValueImp::ValueImp, ValueImp::mark, ValueImp::marked,
+	ValueImp::setGcAllowed): Grab the GC lock around any flag changes.
+
+=== Alexander-3 ===
+
+2002-05-08  Darin Adler  <darin@apple.com>
+
+	* kjs/collector.h:
+	* kjs/collector.cpp:
+	(Collector::numInterpreters):
+	(Collector::numGCNotAllowedObjects):
+	(Collector::numReferencedObjects):
+	Add three new functions so we can see a bit more about leaking JavaScriptCore.
+
+2002-05-06  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCorePrefix.h: Added.
+	* JavaScriptCore.pbproj/project.pbxproj: Use PFE precompiling.
+	Also switch from xNDEBUG to NDEBUG.
+
+=== Alexander 0.3c2 (v1) ===
+
+2002-04-18  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Oops. Take out -Wstrict-prototypes, put back
+	-Wmissing-prototypes.
+
+2002-04-18  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Take out -Wmissing-prototypes
+	because system headers are triggering it when we don't have
+	precompiled headers on.
+
+2002-04-18  Darin Adler  <darin@apple.com>
+
+	Reviewed by Maciej
+
+	* JavaScriptCore.pbproj/project.pbxproj: Turn on gcc3 and the same set of warnings
+	as in the rest of Labyrinth (see top level ChangeLog for details).
+
+2002-04-17  Maciej Stachowiak  <mjs@apple.com>
+
+	Reviewed by: Darin Adler  <darin@apple.com>
+
+	* kjs/testkjs.cpp: Don't include <iostream.h> to avoid gcc3
+	warning.
+
+2002-04-15  Darin Adler  <darin@apple.com>
+
+	Reviwed by: Maciej Stachowiak  <mjs@apple.com>
+
+	* kjs/internal.cpp:
+	* kjs/property_map.cpp:
+	* kjs/ustring.h:
+	Removed some unneeded <config.h> includes so we are more similar
+	to the real KDE sources.
+
+2002-04-15  Darin Adler  <darin@apple.com>
+
+	Reviwed by: Maciej Stachowiak  <mjs@apple.com>
+
+	Merged changes from KDE 3.0 final and did some build fixes.
+
+	* JavaScriptCore.pbproj/project.pbxproj: Added nodes2string.cpp.
+
+	* kjs/grammar.*: Regenerated.
+	* kjs/*.lut.h: Regenerated.
+
+2002-04-08  Darin Adler  <darin@apple.com>
+
+	Reviwed by: Maciej Stachowiak  <mjs@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Re-added -Wno-format-y2k.
+
+2002-04-04  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Add an Unoptimized build
+	style: exactly like Development except without the -O.
+
+2002-04-03  Darin Adler  <darin@apple.com>
+
+	* kjs/Makefile.am: Gratuitous cleanup.
+
+2002-04-02  Darin Adler  <darin@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Update flags as I did for
+	WebFoundation.
+
+2002-04-02  Maciej Stachowiak  <mjs@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Pass -Wno-format-y2k so
+	the project builds with gcc3.
+	
+	* kjs/nodes.cpp: Avoid including an obsolete header to avoid
+	warning with gcc3.
+
+2002-04-02  Darin Adler  <darin@apple.com>
+
+	* kjs/property_map.cpp: (PropertyMap::~PropertyMap): Deallocate the
+        map by calling clear so we don't leak the entire map.
+
+2002-04-02  Darin Adler  <darin@apple.com>
+
+	* kjs/internal.cpp: (InterpreterImp::globalClear): Add code to
+        deallocate and null out emptyList, because once the last interpreter
+        is destroyed there's nothing to keep it from being garbage collected.
+
+2002-04-01  Darin Adler  <darin@apple.com>
+
+        Got rid of KWQDef.h because it's dangerous to have two files with
+        the same name and different contents.
+
+	* JavaScriptCore.pbproj/project.pbxproj:
+	* kjs/KWQDef.h: Removed.
+	* kjs/ustring.h: Defines unsigned int types inline now.
+
+2002-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+	Fixed Radar 2891272 (JavaScript crashes loading quicktime.com and
+	apple.com)
+
+	* kjs/object.cpp: (ObjectImp::~ObjectImp): Don't call setGCAlloc
+	on object internals pointed to, because they may have already been
+	collected by the time this object is collected, and in that case
+	we would corrupt the malloc arena.
+
+	* Makefile.am: Make the stamp file depend on all the sources and
+	headers so the framework gets rebuilt properly.
+
+	* JavaScriptCore.pbproj/project.pbxproj: Some random numbers moved
+	around. No idea what I really changed.
+
+2002-03-30  Darin Adler  <darin@apple.com>
+
+	* kjs/grammar.y: Took out Id tag so we won't constantly need to
+        update grammar.cpp.
+	* kjs/grammar.cpp: Regenerated without Id tag.
+
+	* .cvsignore: Ignore some additional autogenerated files.
+	* kjs/.cvsignore: Ignore some additional autogenerated files.
+
+2002-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+	* JavaScriptCore.pbproj/project.pbxproj: Install some of the
+	headers.
+
+2002-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+	Converted JavaScriptCore to build with Project Builder, in
+	preparation for B&I submission.
+
+	* English.lproj/InfoPlist.strings: Added.
+	* JavaScriptCore.pbproj/.cvsignore: Added.
+	* JavaScriptCore.pbproj/project.pbxproj: Added.
+	
+	* .cvsignore: Update the set of ignored things.
+
+	* Makefile.am: Hand off to PB for the main build, but still handle
+	the generated files and the test program.
+
+	* kjs/Makefile.am: Don't build anything except the generated
+	source files.
+
+	* kjs/KWQDef.h, kjs/config.h: Added minimal versions of these
+	files to get kjs to build.
+
+	Check in all the genrated files, since Project Builder isn't up to
+	the task of handling built sources:
+	
+	* kjs/array_object.lut.h: Added.
+	* kjs/date_object.lut.h: Added.
+	* kjs/grammar.cpp: Added.
+	* kjs/grammar.cpp.h: Added.
+	* kjs/grammar.h: Added.
+	* kjs/lexer.lut.h: Added.
+	* kjs/math_object.lut.h: Added.
+	* kjs/number_object.lut.h: Added.
+	* kjs/string_object.lut.h: Added.
+
+	* kjs/.cvsignore: Update set of ignored things.
+
+2002-03-28  Maciej Stachowiak  <mjs@apple.com>
+
+	* kjs/kjs-test.chk: Update output for new test results.
+
+2002-03-26  Maciej Stachowiak  <mjs@apple.com>
+
+	Set up kjs to build by itself into libJavaScriptCore.dylib.
+	
+	* .cvsignore: Added.
+	* Makefile.am: Added.
+	* dummy.cpp: Added.
+	* kjs/.cvsignore: Added.
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2003-10-25 b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2003-10-25
new file mode 100644
index 000000000..7127d3278
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2003-10-25
@@ -0,0 +1,1483 @@
+=== Safari-111 ===
+
+2003-10-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Fix broken build.
+
+        * kjs/simple_number.h:
+
+2003-10-22  Maciej Stachowiak  <mjs@apple.com>
+
+	Merged 64-bit compilation fixes, and fixes for handling negative 0
+	from upstream kjs.
+	
+        * kjs/internal.cpp:
+        * kjs/simple_number.h:
+        (KJS::SimpleNumber): fixed constants; added negZero constant. 
+        (KJS::SimpleNumber::is): adjusted to use long and not int.
+        (KJS::SimpleNumber::value): ditto.
+	(KJS::SimpleNumber::fits): ditto; also don't allow -0 to fit, so
+	we don't lose the distinction between -0 and +0.
+        (KJS::SimpleNumber::make): adjusted to use long.
+
+2003-10-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed 3367015 -- interdependent variable declarations in for loop don't work (they go backwards)
+
+        * kjs/nodes.h: (KJS::ForNode::ForNode): Add a new overload of the constructor for when the
+        first parameter is a variable declaration list. Call reverseList as we do in other constructors
+        that take lists that are built backwards.
+        * kjs/nodes.cpp: (ForNode::reverseList): Added. New helper function.
+
+=== Safari-110 ===
+
+=== Safari-109 ===
+
+2003-10-06  Darin Adler  <darin@apple.com>
+
+        * kjs/create_hash_table: Remove stray semicolon.
+
+        * kjs/array_object.lut.h:
+        * kjs/date_object.lut.h:
+        * kjs/lexer.lut.h:
+        * kjs/math_object.lut.h:
+        * kjs/number_object.lut.h:
+        * kjs/string_object.lut.h:
+        Regenerated.
+
+=== Safari-108 ===
+
+2003-10-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed 3441656 -- constructor bad for objs created w/ function as prototype (www.moock.org/asdg/codedepot)
+
+        * kjs/nodes.cpp: (FuncDeclNode::processFuncDecl): Set up the constructor as
+        as specified in the JavaScript spec. We were already doing this right in the
+        other place we make functions.
+
+2003-09-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        Rolled in Harri Porten's change to accept non-breaking space in JavaScript.
+
+        * kjs/lexer.cpp: (Lexer::isWhiteSpace): Accept 00A0 as "whitespace".
+
+2003-09-25  Maciej Stachowiak  <mjs@apple.com>
+
+	Roll out build system change since it did not actually work. :-(
+	
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+
+2003-09-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Don't hack install name. Instead
+	of embedding into Safari, embed into WebKit as sub-umbrella.
+        * Makefile.am: Don't forget to rebuild if the user removes
+	JavaScript.framework from symroots manually.
+
+=== Safari-107 ===
+
+2003-09-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed 3421107 -- some dates that other browsers can parse can't be parsed by KJS's Date.parse()
+
+        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Added code to be more strict about month names,
+        to allow a time zone after date even if the date omits the time, and to understand AM and PM.
+
+2003-09-22  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Rename Mixed build style to OptimizedWithSymbols.
+
+2003-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        * kjs/config.h: Added HAVE_SYS_PARAM_H, since KJS does look for this header, and we do
+        indeed have it. Just something I noticed in passing while cleaning up configure.in.
+
+2003-09-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed 3419380 -- JavaScript Date.getTimezoneOffset is off by one hour (during daylight savings)
+
+        * kjs/date_object.cpp: (DateProtoFuncImp::call): The daylight savings correction
+        in here was incorrect. Perhaps I should have corrected it for the non-BSD case too,
+        but I'm not sure the issue is the same.
+
+2003-09-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/date_object.cpp: Removed our CF-based implementations of gmtime, localtime,
+        mktime, timegm, and time, since they no longer have the slow "hit the filesystem
+        every time" behavior.
+
+=== Safari-100 ===
+
+=== Safari-99 ===
+
+=== Safari-98 ===
+
+=== Safari-97 ===
+
+=== Safari-96 ===
+
+2003-08-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John
+
+	- fixed rdar://problem/3397316 - sherlock crash: KJS::Collector::allocate(unsigned long)
+	
+	* kjs/internal.cpp:
+        (InterpreterImp::InterpreterImp): Hold the lock a bit longer, so
+	the call to initGlobalObject is covered.
+
+=== Safari-95 ===
+
+2003-08-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fixed 3098350 -- opt. params to date methods are ignored (can't set end date in Exchange/Outlook web cal.)
+
+        * kjs/date_object.cpp: (DateProtoFuncImp::call): Added code to handle the optional parameters.
+        Strangely, the table of functions already had the right number of parameters listed, but the
+        code to look at the parameter values was missing.
+
+=== Safari-94 ===
+
+2003-08-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3247528 -- encodeURI missing from JavaScriptCore (needed by Crystal Reports)
+        - fixed 3381297 -- escape method does not escape the null character
+        - fixed 3381299 -- escape method produces incorrect escape sequences ala WinIE, rather than correct ala Gecko
+        - fixed 3381303 -- unescape method treats escape sequences as Latin-1 ala WinIE rather than as UTF-8 ala Gecko
+        - fixed 3381304 -- unescape method garbles strings with bad escape sequences in them
+
+        * kjs/function.h: Added constants for decodeURI, decodeURIComponent, encodeURI, and
+        encodeURIComponent.
+        * kjs/function.cpp:
+        (encode): Added. New helper function for escape, encodeURI, and encodeURIComponent.
+        (decode): Added. New helper function for unescape, decodeURI, and decodeURIComponent.
+        (GlobalFuncImp::call): Added decodeURI, decodeURIComponent, encodeURI, and encodeURIComponent 
+        implementations. Changed escape and unescape to use new helper functions, which fixes
+        the four problems above.
+
+        * kjs/internal.cpp: (InterpreterImp::initGlobalObject): Add decodeURI, decodeURIComponent,
+        encodeURI, and encodeURIComponent to the global object.
+
+        * kjs/ustring.h: Added a length to the CString class so it can hold strings with null
+        characters in them, not just null-terminated strings. This allows a null character from
+        a UString to survive the process of UTF-16 to UTF-8 decoding. Added overloads to
+        UString::append, UString::UTF8String, UTF8SequenceLength, decodeUTF8Sequence,
+        convertUTF16OffsetsToUTF8Offsets, and convertUTF8OffsetsToUTF16Offsets.
+        
+        * kjs/ustring.cpp:
+        (CString::CString): Set up the length properly in all the constructors. Also add a new
+        constructor that takes a length.
+        (CString::append): Use and set the length properly.
+        (CString::operator=): Use and set the length properly.
+        (operator==): Use and the length and memcmp instead of strcmp.
+        (UString::append): Added new overloads for const char * and for a single string to make
+        it more efficient to build up a UString from pieces. The old way, a UString was created
+        and destroyed each time you appended.
+        (UTF8SequenceLength): New. Helper for decoding UTF-8.
+        (decodeUTF8Sequence): New. Helper for decoding UTF-8.
+        (UString::UTF8String): New. Decodes from UTF-16 to UTF-8. Same as the function that
+        was in regexp.cpp, except has proper handling for UTF-16 surrogates.
+        (compareStringOffsets): Moved from regexp.cpp.
+        (createSortedOffsetsArray): Moved from regexp.cpp.
+        (convertUTF16OffsetsToUTF8Offsets): New. Converts UTF-16 offsets to UTF-8 offsets, given
+        a UTF-8 string. Same as the function that was in regexp.cpp, except has proper handling
+        for UTF-16 surrogates.
+        (convertUTF8OffsetsToUTF16Offsets): New. Converts UTF-8 offsets to UTF-16 offsets, given
+        a UTF-8 string. Same as the function that was in regexp.cpp, except has proper handling
+        for UTF-16 surrogates.
+
+        - fixed 3381296 -- regular expression matches with UTF-16 surrogates will treat sequences as two characters
+
+        * kjs/regexp.cpp:
+        (RegExp::RegExp): Use the new UString::UTF8String function instead a function in this file.
+        (RegExp::match): Use the new convertUTF16OffsetsToUTF8Offsets (and the corresponding
+        reverse) instead of convertCharacterOffsetsToUTF8ByteOffsets in this file.
+
+=== Safari-93 ===
+
+2003-08-14  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by John. 
+
+        * JavaScriptCore.pbproj/project.pbxproj: deleted JavaScriptCore.order from the project.
+
+2003-08-14  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by John. 
+
+        * JavaScriptCore.order: Removed.  We now link to the order file at /AppleInternal/OrderFiles.
+        * JavaScriptCore.pbproj/project.pbxproj: change sectorder flag to point to /AppleInternal/OrderFiles/JavaScriptCore.order
+
+=== JavaScriptCore-92.1 ===
+
+2003-08-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - fixed 3365527 -- subscripting JavaScript strings does not work (leads to hang at www.newmagna.com.au)
+
+        The JavaScript specification says nothing about this, but other browsers seem to give
+        read-only access to the characters in a string as if the string was an array of characters.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::get): Update to use a public toArrayIndex function instead of our own getArrayIndex
+        function, so we can share with string.
+        (ArrayInstanceImp::put): Ditto.
+        (ArrayInstanceImp::hasProperty): Ditto.
+        (ArrayInstanceImp::setLength): Ditto.
+
+        * kjs/ustring.h: Add toArrayIndex.
+        * kjs/ustring.cpp: (UString::toArrayIndex): Added. Implements the rule from array.
+        * kjs/identifier.h: Add a forwarding function so we can use toArrayIndex.
+
+        * kjs/string_object.cpp:
+        (StringInstanceImp::get): Return a single character string if the property name is an array index.
+        (StringInstanceImp::hasProperty): Return true for property names that are suitable array indices.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Let Xcode be Xcode.
+
+=== Safari-92 ===
+
+2003-08-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- fixed 3366975 - repro hang in KJS::Value::Value entering text at eil.com
+	
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): When doing a match against a regexp
+	with the global flag set, make sure to return null rather than an
+	empty array when there is no match. This is what other browsers do.
+
+2003-08-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        * kjs/list.cpp:
+	(List::copyTail): Test for loop termination with < instead of !=,
+	since i starts at 1 but size could be 0. Do the same for the other
+	loop for consistency's sake.
+	
+2003-08-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+	- fixed 3222621 - Cryptic "anonymous function hack" messages in console (10.2.4)
+	
+        * kjs/lexer.cpp:
+        (Lexer::lex): Remove useless debug spew.
+
+=== Safari-91 ===
+
+2003-07-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed problem where some JavaScriptCore symbols had no namespace or prefix
+
+        * kjs/grammar.y: Added a define for yylloc to make it use the kjs prefix.
+        This is the same thing done for the rest of the symbols automatically by yacc,
+        but for some reason it's not done for yyloc. Also make automatic() function static.
+        * kjs/grammar.cpp: Regenerated.
+        * kjs/lexer.cpp: Use kjsyylloc instead of yyloc.
+
+        * pcre/pcre.h: Add defines to prepend kjs prefixes for all the PCRE functions.
+
+2003-07-30  Darin Adler  <darin@apple.com>
+
+        * Makefile.am: Include the subdirectory with the PCRE code in it.
+
+2003-07-30  John Sullivan  <sullivan@apple.com>
+
+	- JavaScriptCore part of fix for 3284525 -- AutoFill fills in 
+	only e-mail address field of New Account form on Apple Store Japan
+
+        Reviewed by Darin
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+	Mark pcre.h as a Private header
+
+2003-07-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Richard.
+
+	- fixed 3240814 - LEAK: 120 byte leak in JavaScript parser in Sherlock Movies channel
+	
+        * kjs/internal.cpp:
+        (Parser::parse): ref() and deref() the program node, to make sure to clean up properly,
+	before deleting it.
+        (InterpreterImp::checkSyntax): Likewise.
+
+=== Safari-90 ===
+
+2003-07-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+	Remove -seg_addr_table_filename to fix build.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+2003-07-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+	- fixed 3330344 - Please change allowable client to "JavaScriptGlue" from "JSGlue"
+
+        * JavaScriptCore.pbproj/project.pbxproj: Changed allowable client
+	to "JavaScriptGlue"
+
+2003-07-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - do some improvements Maciej suggested while reviewing the array index change
+
+        * kjs/array_object.cpp:
+        (getArrayIndex): Return a flag to say whether the index was value separately, to avoid
+        in-band signalling.
+        (ArrayInstanceImp::get): Update for new getArrayIndex parameters.
+        (ArrayInstanceImp::put): Ditto.
+        (ArrayInstanceImp::hasProperty): Ditto.
+        (ArrayInstanceImp::setLength): Ditto.
+        
+        * kjs/ustring.cpp: (UString::toStrictUInt32): Check for overflow in a way that avoids doing
+        a divide every time through the loop. But note that it adds an extra branch to the loop.
+        I wonder which is worse.
+
+2003-07-12  Darin Adler  <darin@apple.com>
+
+        Fixed broken build.
+
+        * kjs/identifier.h: Add toULong back. It's still used in WebCore (and maybe in JavaScriptGlue,
+        for all I know).
+
+2003-07-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers
+
+        JavaScriptCore did not implement the proper rule for what an array index is.
+
+        * kjs/array_object.cpp:
+        (getArrayIndex): Added. Implements the rule from the specification, which also provides a handy
+        "not an array index" value of 2^32-1.
+        (ArrayInstanceImp::get): Use getArrayIndex.
+        (ArrayInstanceImp::put): Ditto.
+        (ArrayInstanceImp::hasProperty): Ditto.
+        (ArrayInstanceImp::setLength): Ditto.
+
+        * kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding
+        functions that forward to UString.
+
+        * kjs/ustring.h: Added toStringUInt32.
+        * kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer,
+        and rejects any string that does not exactly match the way the integer would be formatted on output.
+        This is the rule documented in the ECMA language standard.
+
+=== Safari-89 ===
+
+2003-07-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- fixed 3302021 - v74 and v85 hang with http://e-www.motorola.com/
+
+	The crux of this was saving and restoring the prototype objects
+	for all the standard types when saving and restoring for the page
+	cache.
+	
+        * kjs/internal.cpp:
+        (InterpreterImp::saveBuiltins):
+        (InterpreterImp::restoreBuiltins):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (Interpreter::saveBuiltins):
+        (Interpreter::restoreBuiltins):
+        (SavedBuiltins::SavedBuiltins):
+        (SavedBuiltins::~SavedBuiltins):
+        * kjs/interpreter.h:
+        * kjs/property_map.cpp:
+
+2003-07-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+	- fixed 3295916 - b/c JavaScriptCore and WebCore are installing in wrong location, private headers are public
+
+        * WebCore.pbproj/project.pbxproj: Install in WebKit.framework/Versions/A/Frameworks.
+
+=== Safari-88 ===
+
+2003-07-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3096961 - JavaScriptCore should link only to what it uses, shouldn't drag in Cocoa.framework
+
+        * JavaScriptCore.pbproj/project.pbxproj: Don't link Cocoa.framework;
+	just pull in CoreFoundation and CoreServices.
+        * kjs/date_object.cpp: Include CoreServices.h instead of Carbon.h
+	(the stuff we want is in CarbonCore).
+
+2003-06-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - improved the property map sorting technique so that the indices
+          are separate for each property map, and also preserve the ordering
+          when property maps are saved and restored
+
+        * kjs/property_map.cpp:
+        (PropertyMap::put): Don't bother setting the index for _singleEntry, since there's
+        no need to sort a single entry. Use the per-table lastIndexUsed instead of a global.
+        (PropertyMap::expand): Don't use the index (uninitialized now) out of a _singleEntry
+        when putting it in a newly-created map; just use 0. Compute a value for the new map's
+        lastIndexUsed as we walk through the elements we are adding to it (using the same old
+        indices from the old map).
+
+=== Safari-85.1 ===
+
+=== Safari-85 ===
+
+2003-06-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+	- fixed 3178438 -- return elements in order of addition in for..in loop (other browsers seem to)
+	- fixed 3292067 -- REGRESSION (64-65): albertsons.com "Shop A to Z" menus are not sorted alphabetically
+
+        * kjs/property_map.h: Add index field to hash table entry and index parameter to insert function.
+        * kjs/property_map.cpp:
+        (PropertyMap::put): Set an index for new map entries to an ever-increasing number based on a global.
+        (PropertyMap::insert): Take an index parameter.
+        (PropertyMap::expand): Preserve the indices as we rehash the table.
+        (comparePropertyMapEntryIndices): Added. Compares two property map entries by index.
+        (PropertyMap::addEnumerablesToReferenceList): Sort the proprty map entries by index before adding
+        them to the reference list.
+
+=== Safari-84 ===
+
+2003-06-10  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by john.
+
+        * JavaScriptCore.order: new order file for 1.0
+
+=== Safari-83 ===
+
+2003-06-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+	- fixed 3224031 -- can't search at rakuten.co.jp b/c of extra characters inserted by regexp replace (8-bit char)
+
+        Use PCRE UTF-8 regular expressions instead of just chopping off high bytes.
+
+        * kjs/regexp.h: Redo field names, remove some unused stuff.
+        * kjs/regexp.cpp:
+        (convertToUTF8): Added.
+        (compareStringOffsets): Added.
+        (createSortedOffsetsArray): Added.
+        (convertCharacterOffsetsToUTF8ByteOffsets): Added.
+        (convertUTF8ByteOffsetsToCharacterOffsets): Added.
+        (RegExp::RegExp): Set the PCRE_UTF8 flag, and convert the UString to UTF-8 instead of
+        using ascii() on it.
+        (RegExp::~RegExp): Remove unneeded if statement (pcre_free is 0-tolerant as free is).
+        (RegExp::match): Convert the UString to UTF-8 and convert the character offsets to and
+        from UTF-8 byte offsets. Also do fixes for the "no offset vector" case so we get the
+        correct position and matched string.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Add a PCRE header that was missing before.
+
+=== Safari-82 ===
+
+=== Safari-81 ===
+
+2003-05-21  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by john 
+	- fixed 3234553: Safari and its frameworks should link using order files
+
+        * JavaScriptCore.order: Added.
+        * JavaScriptCore.pbproj/project.pbxproj: set SECTORDER_FLAGS = -sectorder __TEXT __text JavaScriptCore.order
+
+=== Safari-80 ===
+
+2003-05-19  Maciej Stachowiak  <mjs@apple.com>
+
+	- fixed 3261096 - Make WebKit an umbrella framework
+	
+        * JavaScriptCore.pbproj/project.pbxproj: In a B&I build, compile as a
+	sub-umbrella of WebKit.
+
+2003-05-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3254063 - REGRESSION: hang in KJS PropertyMap with many items in iDisk pictures folder
+
+        * kjs/property_map.cpp:
+	(PropertyMap::expand): Fixed to maintain key count properly - otherwise the hashtable
+	could get completely full, resulting in disaster.
+	(PropertyMap::checkConsistency): Fixed compilation. Fixed to know about deleted
+	sentinel. Fixed to search with double-hashing instead of linear probing.
+	
+=== Safari-79 ===
+
+2003-05-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Chris.
+
+	- fixed 3259673 - REGRESSION: marvel.com thinks I don't have the flash plugin any more
+
+        * kjs/nodes.cpp:
+        (ContinueNode::execute): Return a Continue completion, not a Break
+	completion, in the normal non-exception case.
+
+2003-05-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- fixed 3254484 - Add a way to print JavaScript exceptions to the console via the debug menu
+	- improved JavaScript error message format
+	
+        * kjs/error_object.cpp:
+        (ErrorProtoFuncImp::call): Include line number in toString output.
+        * kjs/internal.cpp:
+        (Parser::parse): Remove redundant fprintf.
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate): Log if the flag is on. Include filename in log output.
+        (Interpreter::shouldPrintExceptions): Check the global flag.
+        (Interpreter::setShouldPrintExceptions): Set the global flag.
+        * kjs/interpreter.h:
+        * kjs/nodes.cpp:
+        (Node::throwError): Add variants that include value and expression or label in format.
+        (NewExprNode::evaluate): Improve error message.
+        (FunctionCallNode::evaluate): Improve error message.
+        (RelationalNode::evaluate): Improve error message.
+        (ContinueNode::execute): Improve error message.
+        (BreakNode::execute): Improve error message.
+        (LabelNode::execute): Improve error message.
+        * kjs/nodes.h:
+
+=== Safari-78 ===
+
+2003-05-07  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by darin.
+	
+	- modify the Mixed build style to build optimized with symbols
+        
+	* JavaScriptCore.pbproj/project.pbxproj:  removed OPTIMIZATION_CFLAGS
+
+2003-05-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Don.
+
+	- fixed 3239961 - www.phiffer.com doesn't work; uses "var top; top = n;"
+	
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate): Check if the property exists with
+	getDirect() instead of hasProperty().
+
+=== Safari-77 ===
+
+2003-04-29  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+	- fixed 2959353 -- eliminate globally initialized objects from JavaScriptCore
+
+        * JavaScriptCore.pbproj/project.pbxproj: Added fpconst.cpp.
+        * kjs/fpconst.cpp: Added. Defines KJS::NaN and KJS::Inf in a way that does not require a
+        framework init routine.
+
+        * kjs/identifier.h: Use a new KJS_IDENTIFIER_EACH_GLOBAL macro so we can do things to
+        the entire set of identifiers easily. Also added an init function that sets up these globals
+        in a way that does not require a framework init routine.
+        * kjs/identifier.cpp: (Identifier::init): Initialize the property ane globals in a way that
+        does not require a framework init routine.
+
+        * kjs/internal.cpp: (InterpreterImp::initGlobalObject): Call Identifier::init.
+        
+        * kjs/ustring.h: Remove UChar::null and UString::null, and add UString::null(). We can't have
+        a global object of a class that has a constructor if we want to avoid framework init routines,
+        and luckily very little code relies on these.
+        * kjs/ustring.cpp:
+        (UCharReference::ref): Use our own global specific to this function rather than returning
+        UChar::null when past the end of the string. This is dangerous because if the caller modifies
+        it, that affects what all subsequent callers will see.
+        (UString::Rep::create): Added assertions.
+        (UString::UString): Got rid of code here that used to set up UString::null.
+        (UString::null): Added. Returns a global null string, and can be used in some of the places
+        where we used to use the UString::null global.
+        (UString::operator[]): Fixed case where this used to return UChar::null to return '\0' instead.
+
+        * kjs/regexp.cpp: (RegExp::match): Change uses of UString::null to UString::null().
+
+2003-04-25  Darin Adler  <darin@apple.com>
+
+	- fixed 3241344 -- REGRESSION: top of page missing on wired.com and cnn.com
+
+        Caused by the ResolveNode speedup. Roll it out until I can figure out why.
+
+        * kjs/nodes.cpp: (ResolveNode::evaluate): Go back to using evaluateReference.
+
+2003-04-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - a couple improvements that give a 6.6% speedup on iBench JavaScript
+
+        * kjs/nodes.cpp: (ResolveNode::evaluate): Don't use evaluateReference.
+        
+        * kjs/object.cpp: (ObjectImp::get): Do the prototype work with the ValueImp, not a wrapper.
+        Contributes a tiny bit to the speedup, but cleaner anyway.
+        (ObjectImp::hasProperty): Same thing here.
+
+2003-04-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - move from linear probing to double hashing, gives an 0.7% speedup in iBench JavaScript
+
+        * kjs/property_map.h: Remove the hash function.
+        * kjs/property_map.cpp: Added statistics for rehashes and removes.
+        Moved from linear probing to double hashing, using the hash modulo
+        (table size minus one) plus one for the probing distance.
+
+        * kjs/ustring.h: Use unsigned instead of int for hash function result.
+
+=== Safari-75 ===
+
+2003-04-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+	Improved List pool for 3% speed improvement on cvs-js-ibench
+
+        * kjs/list.cpp: Replaced the roving cursor with a free list and
+	raised the high water mark to 384.
+
+2003-04-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Don.
+
+	- JavaScriptCore part of fix for 3158769 - JavaScript triggers not as async as they used to be
+
+	Added a way to get the current interpreter lock count, so Sherlock
+	can unlock the interpreter inside JS method implementations that
+	spend a long time waiting for I/O, allowing more efficient
+	multi-threaded operation.
+
+        * kjs/internal.cpp:
+        (lockInterpreter):
+        (unlockInterpreter):
+        (InterpreterImp::lock):
+        (InterpreterImp::lockCount):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (Interpreter::lockCount):
+        * kjs/interpreter.h:
+
+=== Safari-73 ===
+
+=== Safari-72 ===
+
+=== Safari-71 ===
+
+2003-03-31  Darin Adler  <darin@apple.com>
+
+        * English.lproj/InfoPlist.strings: Changed "1.0 Beta" to "1.0 Beta 2".
+        * JavaScriptCore.pbproj/project.pbxproj: Changed "1.0 Beta" to "1.0 Beta 2".
+
+=== Safari-69 ===
+
+2003-03-24  Trey Matteson  <trey@apple.com>
+
+	Pass -seg_addr_table_filename <FILENAME> to ld.  This makes our frameworks in
+	SYMROOT actually work for symbol resolution because they will have the correct
+	prebinding address.  It also fixes obscure B&I problems with prebinding
+	reported by Matt Reda.
+
+	Note the reason all this is tricky for our projects is that we have a different
+	install location for Jaguar and Panther.  The purpose of this arg is to declare
+	at link time our eventual location, which allows the prebinding address to be
+	found in /AppleInternal/Developer/seg_addr_table.  We use a funky back-tick
+	expression within OTHER_LDFLAGS to get a conditional value depending on the
+	build train we are in.
+
+	This can all go away once we only build on Panther and don't embed the
+	frameworks inside the Safari.app wrapper.
+
+ 	In addition I fixed the OTHER_LDFLAGS settings in our build styles to be
+	additive instead of overriding, so we have the args we used for B&I in force
+	when building outside of B&I.
+
+	Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+=== Safari-68 ===
+
+2003-03-16  Trey Matteson  <trey@apple.com>
+
+	3198135 - need to fix our projects so SYMROOT is not stripped
+
+	Tweaked stripping options:  B&I build does not COPY_PHASE_STRIP.
+	Deployment build still does.
+	We strip manually as part of the install that we do ourselves.
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+=== Safari-67 ===
+
+=== Safari-66 ===
+
+2003-03-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3193099 -- date parsing can't handle the time zone format that date formatting produces
+
+        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Allow a "GMT" prefix before the time zone offset.
+
+=== Safari-65 ===
+
+2003-03-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - got rid of some framework initialization (working on bug 2959353)
+
+        * kjs/identifier.h: Turn Identifier:null into Identifier:null().
+        * kjs/identifier.cpp: Removed Identifier:null and added Identifier:null().
+
+        * kjs/internal.cpp: Made NaN_Bytes and Inf_Bytes const.
+
+        * kjs/completion.h: Use Identifier:null() instead of Identifier:null.
+        * kjs/function.h: Ditto.
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): Ditto.
+        * kjs/nodes.cpp: (FuncExprNode::evaluate): Use Identifier:null() instead of Identifier:null.
+
+2003-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Trey.
+
+	- fixed 3158833 - ebay prefs page is so slow, it seems like a hang.
+
+	92% speed improvement on ebay prefs page.
+	1% speed improvement on js-ibench and js-performance plt suites.
+	
+	There were a couple of problems with the identifier hash table that
+	I fixed:
+	
+        * kjs/identifier.cpp:
+	(void Identifier::remove): Adjust the shrink threshold to avoid
+	constantly growing and shrinking.
+        * kjs/ustring.cpp:
+        (UString::Rep::computeHash): Use a better hash function that
+	avoids collisions for obvious data sets.
+
+=== Safari-64 ===
+
+=== Safari-63 ===
+
+2003-02-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- fixed 3156705 - REGRESSION: javascript menus improperly placed at umich.edu store
+
+        * kjs/nodes.cpp:
+        (StatListNode::execute): If the first statement's completion is
+	not normal, return immediately.
+
+2003-02-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3142355 -- nil-deref in CFTimeZoneCopyAbbreviation
+
+        The real problem wasn't with the current time zone, but with the UTC time zone.
+        The poor sod had a broken /usr/share/zoneinfo directory, with a 0-byte-long UTC file.
+
+        * kjs/date_object.cpp: (UTCTimeZone): Use CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0.0)
+        to get the universal time zone instead of getting it by name.
+
+=== Safari-62 ===
+
+2003-02-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Trey and Ken.
+
+        - fixed 3142355 -- nil-deref in CFTimeZoneCopyAbbreviation
+
+        Although I can't reproduce this bug, it seems that it's caused by CFTimeZoneCopyDefault returning NULL.
+        I'm almost certain that the UTC time zone will be created successfully in this case, so I'll just use that.
+
+        * kjs/date_object.cpp:
+        (UTCTimeZone): Added. Gets the UTC time zone (once in a global).
+        (CopyLocalTimeZone): Added. Gets the local time zone, but falls back to UTC.
+        (gmtimeUsingCF): Use UTCTimeZone.
+        (localtimeUsingCF): Use CopyLocalTimeZone.
+        (mktimeUsingCF): Use CopyLocalTimeZone.
+        (timegmUsingCF): Use UTCTimeZone.
+
+2003-02-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed 3145442 -- toString(16) is not working, causing non-ASCII characters in mac.com homepage to be munged
+
+        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Add handling for toString with a radix other than
+        10 passed as an argument.
+
+2003-02-11  Trey Matteson  <trey@apple.com>
+
+	Set -seg1addr in our build styles, but not for the B&I build.
+	This makes our SYMROOTS from B&I usable to determine symbols from crash
+	logs from the field.
+	Also nuked DeploymentFat build style.
+
+        Reviewed by Ken.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+2003-02-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Updated to build the framework
+	standalone instead of embedded when doing a B&I build for Panther.
+
+=== Safari-55 ===
+
+2003-01-29  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        * kjs/scope_chain.cpp: Rolled out the fix to bug 3137084.
+        It caused a massive storage leak, and probably didn't even fix the bug.
+
+2003-01-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3157318 -- hang at time zone page after clicking on map at www.time.gov
+
+        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Allow a comma after the day.
+        Given how this code is structured, it allows commas in unwanted contexts too, but
+        that's almost certainly harmless.
+
+2003-01-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
+        if first item in list is chosen
+        
+        The bug was caused by having array values in the property map past the storageLength cutoff
+        in an array object; those values would not be seen when you do a get.
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
+        of the length. The old rule would sometimes make the storage very big if you added two elements
+        in a row that both had large, but consecutive indexes. This eliminates any cases where we
+        make sparse entries in the property map below the sparse array cutoff.
+        (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
+        the caller specifically requests it.
+        (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
+        We will actually enlarge the storage when putting elements in.
+
+2003-01-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/Makefile.am: Add dependencies so the .lut.h files get rebuilt if the script changes.
+
+=== Safari-54 ===
+
+2003-01-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+	- fixed 3137084 -- Many non-reproducible crashers in ContextImp::mark / ScopeChain::mark
+
+        * kjs/scope_chain.cpp: (ScopeChain::push): Add assertion.
+        (ScopeChain::release): Fix while loop so that it decrements refCount of the first node in
+        the chain too.
+
+2003-01-21  Darin Adler  <darin@apple.com>
+
+        - correct our copyrights to 2003; copyright is based on year of publication, not year worked on
+
+2003-01-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- made minor tweaks to work better with Mozilla's JavaScript tests.
+
+        * kjs/testkjs.cpp:
+        (VersionFunctionImp::call): Implemented 
+        (main): Ignore files named -f (hack to match -f <filename syntax
+	that moz JavaScript tests expect). Also use return code 3 instead
+	of 1 for uncaught exception.
+
+2003-01-16  Darin Adler  <darin@apple.com>
+
+        * kjs/number_object.cpp: (NumberObjectImp::construct):
+	Fix build, remove stray space.
+
+2003-01-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+	- rolled in a change from the KJS folks
+
+        * kjs/number_object.h: Use ObjectImp *, not Object, for the proto.
+        * kjs/number_object.cpp:
+        (NumberInstanceImp::NumberInstanceImp): Use ObjectImp *, not Object, for the proto.
+        (NumberPrototypeImp::NumberPrototypeImp): Pass ObjectImp.
+        (NumberObjectImp::construct): Use ObjectImp.
+
+=== Safari-52 ===
+
+2003-01-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+	- rolled in a change from the KJS folks
+
+	Fixes a bug where the date functions would not accept non-strings.
+	And provides a bit of a speedup.
+
+        * kjs/date_object.h: Change parameter type for parseDate.
+        * kjs/date_object.cpp:
+        (DateObjectFuncImp::call): Always call toString, don't check the type.
+        (KJS::parseDate): Take a UString parameter, not a String parameter.
+
+2003-01-13  Darin Adler  <darin@apple.com>
+
+        * kjs/ustring.h: Fix spelling of occurrence.
+
+2003-01-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+	- turned more recursion into iteration, and fixed some backwards stuff
+
+        * kjs/grammar.y: Use the normal idiom for CaseClauses and FormalParameterList
+	rather than using append().
+        * kjs/grammar.cpp: Regenerated.
+
+        * kjs/nodes.h: Change ClauseListNode and ParameterNode to use the normal idiom,
+	and got rid of append methods. Also added friend declarations and calls to reverseList().
+        * kjs/nodes.cpp:
+        (StatListNode::ref): Iteration, not recursion.
+        (StatListNode::deref): Iteration, not recursion.
+        (StatListNode::execute): Iteration, not recursion.
+        (StatListNode::processVarDecls): Iteration, not recursion.
+        (CaseClauseNode::reverseList): Added.
+        (ClauseListNode::ref): Iteration, not recursion.
+        (ClauseListNode::deref): Iteration, not recursion.
+        (ClauseListNode::processVarDecls): Iteration, not recursion.
+        (CaseBlockNode::reverseLists): Added.
+        (ParameterNode::ref): Iteration, not recursion.
+        (ParameterNode::deref): Iteration, not recursion.
+        (FuncDeclNode::reverseParameterList): Added.
+        (FuncExprNode::reverseParameterList): Added.
+        (SourceElementsNode::ref): Iteration, not recursion.
+        (SourceElementsNode::deref): Iteration, not recursion.
+        (SourceElementsNode::execute): Use variable name of n to match other functions.
+        (SourceElementsNode::processFuncDecl): Ditto.
+        (SourceElementsNode::processVarDecls): Ditto.
+
+        * kjs/nodes2string.cpp:
+        (SourceStream::operator<<): Used a switch statement for a bit of added clarity.
+        (ElementNode::streamTo): Iteration, not recursion.
+        (PropertyValueNode::streamTo): Iteration, not recursion.
+        (ArgumentListNode::streamTo): Iteration, not recursion.
+        (StatListNode::streamTo): Iteration, not recursion, and fixed order.
+        (VarDeclListNode::streamTo): Iteration, not recursion.
+        (ClauseListNode::streamTo): Used for statement to match other functions.
+        (CaseBlockNode::streamTo): Used for statement to match other functions.
+        (ParameterNode::streamTo): Iteration, not recursion.
+        (SourceElementsNode::streamTo): Iteration, not recursion, and fixed order that has been
+	backwards since I changed how this works in nodes.cpp.
+
+2003-01-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+	- changes inspired by things I noticed reviewing diffs vs. KDE when preparing the tarball
+
+        * kjs/function.cpp: (GlobalFuncImp::call): Use strtol when strtoll is
+	not available. Do #ifndef NDEBUG, not #if !NDEBUG.
+        * kjs/function.h: Do #ifndef NDEBUG, not #if !NDEBUG.
+        * kjs/internal.cpp:
+        (InterpreterImp::initGlobalObject): Do #ifndef NDEBUG, not #if !NDEBUG.
+        (KJS::printInfo): Remove case for ListType and remove default case that just
+	ends up suppressing the "missing case" warning and does no good.
+        * kjs/interpreter.cpp: (Interpreter::evaluate): Do #ifndef NDEBUG, not #if !NDEBUG.
+        * kjs/nodes.cpp:
+        (Node::finalCheck): Fix accidentally-deleted code in an ifdef we never compile.
+        (FunctionCallNode::evaluate): Remove bogus XXX comment. Maciej put this comment in,
+        and together we determined it's not needed.
+        (TypeOfNode::evaluate): Ditto.
+        * kjs/object.cpp: Remove assert that refers to ListType.
+        * kjs/value.h: Remove ListType.
+
+2003-01-09  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Add the year 2003, remove CFBundleIconFile,
+	bump marketing version to 0.8.1 and version to 52u to keep up with the branch,
+	remove CFHumanReadableCopyright, remove NSPrincipalClass.
+
+        * English.lproj/InfoPlist.strings: Updated to match above changes.
+
+2003-01-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by no one cause I'm just changing copyright strings.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Added non-Apple copyrights to
+	copyright strings.
+        * English.lproj/InfoPlist.strings: Likewise.
+
+2003-01-05  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Fix "Apple Compupter" typo.
+	Remove unneeded CFBundleLongVersionString we don't use anywhere else.
+
+2003-01-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+	- fixed 3138213 -- browser hangs trying to open Apple travel site
+
+        * kjs/date_object.cpp: (timetUsingCF): Check for very-negative year numbers too.
+
+=== Alexander-48 ===
+
+=== Alexander-47 ===
+
+2002-12-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Don and Maciej.
+
+	- follow-on to my fix for 3134693 that fixes one more case of recursion and simplifies further
+
+        * kjs/grammar.y: Remove SourceElementNode and just use a StatementNode instead.
+	Reverse SourceElements rule so the recursive rule comes first as in the original
+	KJS code (avoids actual parser recursion).
+
+        * kjs/grammar.cpp: Regenerated.
+        * kjs/grammar.cpp.h: Regenerated.
+        * kjs/grammar.h: Regenerated.
+
+        * kjs/nodes.h: Make processFuncDecl a virtual function in StatementNode so that we can
+	use a StatementNode instead of a SourceElementNode. Add a call to reverseList in BlockNode
+	to correct the order of the linked list in SourceElementsNode, to replace the technique
+	where we reversed it in the parser. Remove SourceElementNode class, and make the element in
+	SourceElementsNode be a StatementNode instead.
+        * kjs/nodes.cpp: Remove SourceElementNode code.
+        (StatementNode::processFuncDecl): Added empty function.
+        (BlockNode::reverseList): Added. Used to make the SourceElements list ordered correctly.
+        * kjs/nodes2string.cpp: Remove SourceElementNode code.
+
+=== Alexander-46 ===
+
+2002-12-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Gramps and Ken.
+	Checked in by Ken.
+
+	- fixed 3134693 -- carsdirect.com crash on used car search, due to large JavaScript array
+
+	The parser was using recursion to handle many types of lists.
+	This meant that we crashed out of stack space when any of the lists were extra big.
+	I applied the same sort of fix we had already applied a while back for argument lists for
+	all the other types of lists, including the list of ElementNode that was the reason for
+	the crash reported here.
+
+        * kjs/grammar.y: Removed ElisionNode altogether and just use a count.
+	Use specific node types for PropertyNameAndValueList and PropertyName.
+
+        * kjs/grammar.cpp: Regenerated.
+        * kjs/grammar.cpp.h: Regenerated.
+        * kjs/grammar.h: Regenerated.
+
+        * kjs/nodes.h: Elide "ElisionNode", changing objects to keep elision counts instead.
+	Make the ObjectLiteralNode list field be PropertyValueNode, not just Node.
+	Make PropertyValueNode fields have specific types. Add new reverse list functions, calls
+	to those functions in the constructors, and friend declarations as needed so the class
+	that holds the head of a list can reverse the list during parsing.
+        * kjs/nodes.cpp:
+        (ElementNode::ref): Use iteration instead of recursion. Also elide "elision".
+        (ElementNode::deref): Ditto.
+        (ElementNode::evaluate): Use iteration instead of recursion, taking advantage of
+	the fact that the linked list is reversed. Also use the elision count rather than
+	an elision list.
+        (ArrayNode::reverseElementList): Reverse the list so we can iterate normally.
+        (ArrayNode::ref): Elide "elision".
+        (ArrayNode::deref): Ditto.
+        (ArrayNode::evaluate): Use elision count instead of elision list.
+        (ObjectLiteralNode::reverseList): Reverse the list so we can iterate normally.
+        (PropertyValueNode::ref): Use iteration instead of recursion.
+        (PropertyValueNode::deref): Use iteration instead of recursion.
+        (PropertyValueNode::evaluate): Use iteration instead of recursion, taking advantage
+	of the fact that the linked list is reversed.
+        (ArgumentListNode::ref): Change code to match the other similar cases we had to revise.
+        (ArgumentListNode::deref): Ditto.
+        (ArgumentListNode::evaluateList): Ditto.
+        (ArgumentsNode::reverseList): Ditto.
+        (VarDeclListNode::ref): Use iteration instead of recursion.
+        (VarDeclListNode::deref): Ditto.
+        (VarDeclListNode::evaluate): Use iteration instead of recursion, taking advantage
+	of the fact that the linked list is reversed.
+        (VarDeclListNode::processVarDecls): Ditto.
+        (VarStatementNode::reverseList): Reverse the list so we can iterate normally.
+        (FunctionBodyNode::FunctionBodyNode): Use BlockNode as the base class, removing
+	most of the FunctionBodyNode class.
+
+        * kjs/nodes2string.cpp:
+        (ElementNode::streamTo): Update for using a count for elision, and reverse linking.
+        (ArrayNode::streamTo): Update for using a count for elision.
+        (PropertyValueNode::streamTo): Update for reverse linking.
+        (ArgumentListNode::streamTo): Update for reverse linking. This has been wrong for
+	a while, since we added the reverse a long time ago.
+        (VarDeclListNode::streamTo): Update for reverse linking.
+        (ParameterNode::streamTo): Update for reverse linking.
+
+=== Alexander-45 ===
+
+2002-12-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Don and John.
+
+	- fixed 3134449 -- Date.UTC returns NaN (invalid date)
+
+	Did more testing of the date functions and made them behave like the other browsers.
+	There were three problems:
+
+            1) We did a validity check that other browsers don't do (hence the NaN).
+            2) We treated passed-in dates as local time even in Date.UTC (hence a wrong result
+               once I fixed the NaN).
+            3) The results of ToUTCString (and ToGMTString) weren't formatted quite the same
+	       as other browsers.
+
+	Also found a couple of silly but unrelated coding mistakes.
+
+        * kjs/date_object.cpp:
+        (timetUsingCF): Added. Has the guts of mktimeUsingCF, but without the CFGregorianDateIsValid
+        check. Other browsers accept invalid dates. Also takes a time zone parameter.
+        (mktimeUsingCF): Calls timetUsingCF with the current time zone.
+        (timegmUsingCF): Calls timetUsingCF with the UTC time zone.
+        (formatDate): Remove the includeComma flag.
+        (formatDateUTCVariant): Added. For use instead of formatDate with the includeComma flag.
+	Puts the day before the month name.
+        (DateProtoFuncImp::call): Use the new formatDateUTCVariant for ToGMTString and ToUTCString.
+	Without this change the date didn't match other browsers.
+        (DateObjectImp::DateObjectImp): Use UTCPropertyName. Somehow I declared this and didn't use
+	it before.
+        (DateObjectImp::construct): Pass -1 for is_dst literally instead of using invalidDate.
+	Changing this to invalidDate was just a mistake (although no real difference in compiled
+	code since invalidDate is just -1).
+        (DateObjectFuncImp::call): Call timegm for the UTC case instead of mktime.
+
+=== Alexander-44 ===
+
+=== Alexander-43 ===
+
+2002-12-20  Trey Matteson  <trey@apple.com>
+
+	We now build with symbols the B&I.  Deployment builds are without symbols,
+	so it is easy to generate a non-huge app as a one-off.
+
+        Reviewed by Darin
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+=== Alexander-42 ===
+
+=== Alexander-41 ===
+
+=== Alexander-40 ===
+
+2002-12-18  Maciej Stachowiak  <mjs@apple.com>
+
+	Reviewed by John.
+
+	- fixed 3131171 - Change Alex versions to satisfy both marketing and B&I requirements
+	
+        * English.lproj/InfoPlist.strings:
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+2002-12-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Trey.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Removed signature.
+
+=== Alexander-39 ===
+
+=== Alexander-38 ===
+
+2002-12-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Don and Maciej.
+
+	- fixed 3129115 -- need Apple copyright added to open source documents
+
+	* tons of files: Added our copyright to files we modified, and updated all to standard format.
+
+	- other changes
+
+        * JavaScriptCore.pbproj/project.pbxproj: Set MACOSX_DEPLOYMENT_TARGET to 10.2.
+	Also removed completion.cpp.
+        * kjs/completion.cpp: Removed.
+        * kjs/completion.h: Made the Completion constructor inline.
+
+        * kjs/grammar.y: Removed an obsolete "pretend ifdef". No need to put these in APPLE_CHANGES now.
+
+=== Alexander-37 ===
+
+=== JavaScriptCore-37u2 ===
+
+2002-12-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Bump version to 37u2.
+
+2002-12-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Make dtoa.h visible as an SPI so I can
+	use it inside QString.
+
+2002-12-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+	- further corrections to number printing.
+
+        * kjs/ustring.cpp:
+        (UString::from): Make number printing match the ECMA standard
+	algorithm.
+
+2002-12-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave.
+
+	- fix toString() conversion for numbers less than 1. Negative
+	exponents are still wrong though (things like 1E-34).
+ 
+        * kjs/ustring.cpp:
+	(UString::from): Don't print empty string for numbers less than 1,
+	and remember to add extra 0s after the decimal for negative
+	decimal positions.
+	
+=== Alexander-37u1 ===
+
+=== Alexander-36 ===
+
+2002-12-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+	- fixed 3056449 - can't select state at tucows.com
+
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+	(ArrayInstanceImp::propList): Add numeric proprties that are in
+	special storage.
+        * kjs/array_object.h:
+        * kjs/object.h: Make propList a virtual method.
+
+2002-12-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Don.
+
+	- Add kjsprint global function in Development build for ease of	debugging.
+	- Print uncaught JavaScript exceptions to the console in Development.
+	- Improve wording of exception error messages.
+	
+        * kjs/function.cpp:
+        (GlobalFuncImp::call):
+        * kjs/function.h:
+        * kjs/internal.cpp:
+        (InterpreterImp::initGlobalObject):
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate):
+        * kjs/nodes.cpp:
+        (NewExprNode::evaluate):
+        (FunctionCallNode::evaluate):
+        (RelationalNode::evaluate):
+
+2002-12-10  John Sullivan  <sullivan@apple.com>
+
+	Fixed more "Alexander"s that were lurking in places I forgot 
+	to look before.
+
+        Reviewed by Darin
+
+        * Makefile.am:
+	"rm -rf $(SYMROOTS)/Safari.app/Frameworks/JavaScriptCore.framework"
+
+2002-12-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Bump versions to 0.8 and 35u.
+	* English.lproj/InfoPlist.strings: In here too.
+
+2002-12-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3059637 - all articles missing at excite.com sports page
+	- fixed 3065903 - most of content missing at excite.com news page
+
+	These bugs both came up because a JavaScript function has a var
+	declaration that collides with a function parameter name.
+	
+        * kjs/nodes.cpp:
+        (VarDeclNode::processVarDecls): Don't set the property to
+	undefined if a property with that name is already set on the
+	global object. Otherwise we may clobber function parameters with
+	undefined even before hitting a possible var initializer.
+
+2002-12-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Darin Adler
+
+	- made framework embedding work correctly with buildit
+
+        * JavaScriptCore.pbproj/project.pbxproj: Give framework a relative
+	install path, don't install it the normal way, and copy it
+	manually to /AppleInternal/Library/Frameworks if installing.
+
+=== Alexander-35 ===
+
+2002-12-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Richard Williamson
+
+	Added explicit lock/unlock methods so Sherlock can grab the
+	interpreter lock as needed.
+	
+	- partially addressed 3084320 - JavaScriptCore crash
+	
+        * kjs/internal.cpp:
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::lock):
+        (InterpreterImp::unlock):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (Interpreter::lock):
+        (Interpreter::unlock):
+        * kjs/interpreter.h:
+
+2002-12-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Darin Adler
+
+	Set things up so JavaScriptCore builds in PCRE and uses it for
+	regular expressions. This fixes many form validation bugs:
+
+	- fixed 3103197 - javascript at fidelity.com rejects valid input
+	- fixed 2942552 - form validation at weather.com fails
+	- fixed 3079752 - js always reports textarea is empty
+	- fixed 3079719 - covad.com "check availalbility" fails
+	
+        * Makefile.am: Add pcre subdir.
+        * kjs/config.h: define HAVE_PCREPOSIX to true.
+	* kjs/regexp.h: Don't include pcreposix.h since nothing from there
+	is used.
+	* pcre/.cvsignore: Added.
+        * pcre/ChangeLog: Removed.
+        * pcre/INSTALL: Removed.
+        * pcre/Makefile.am: Added.
+        * pcre/Makefile.in: Removed.
+        * pcre/NEWS: Removed.
+        * pcre/NON-UNIX-USE: Removed.
+        * pcre/README: Removed.
+        * pcre/chartables.c: Added.
+        * pcre/config.guess: Removed.
+        * pcre/config.in: Removed.
+        * pcre/config.sub: Removed.
+        * pcre/configure: Removed.
+        * pcre/configure.in: Removed.
+        * pcre/dll.mk: Removed.
+        * pcre/doc/Tech.Notes: Removed.
+        * pcre/doc/pcre.3: Removed.
+        * pcre/doc/pcre.html: Removed.
+        * pcre/doc/pcre.txt: Removed.
+        * pcre/doc/pcregrep.1: Removed.
+        * pcre/doc/pcregrep.html: Removed.
+        * pcre/doc/pcregrep.txt: Removed.
+        * pcre/doc/pcreposix.3: Removed.
+        * pcre/doc/pcreposix.html: Removed.
+        * pcre/doc/pcreposix.txt: Removed.
+        * pcre/doc/pcretest.1: Removed.
+        * pcre/doc/pcretest.html: Removed.
+        * pcre/doc/pcretest.txt: Removed.
+        * pcre/doc/perltest.txt: Removed.
+        * pcre/install-sh: Removed.
+        * pcre/ltmain.sh: Removed.
+        * pcre/pcre-config.h: Added.
+        * pcre/pcre-config.in: Removed.
+        * pcre/internal.h: Include pcre-config.h instead of config.h
+        * pcre/pcre.c:
+        (ord2utf8): Fix warnings.
+        (pcre_compile): Fix warnings.
+        * pcre/pcre.def: Removed.
+        * pcre/pcre.h: Added.
+        * pcre/pcre.in: Removed.
+        * JavaScriptCore.pbproj/project.pbxproj: Added pcre files to build.
+        * JavaScriptCorePrefix.h: Guard c++ headers with #ifdef __cplusplus.
+
+2002-12-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Richard Williamson
+
+        * pcre/doc/*: Added.
+        * pcre/testdata/*: Added.
+
+2002-12-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by: Darin Adler
+
+	- imported PCRE 3.9 into the tree; this isn't actually compiled or
+	used yet.
+
+        * pcre/*: Added.
+
+== Rolled over to ChangeLog-2002-12-03 ==
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2007-10-14 b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2007-10-14
new file mode 100644
index 000000000..693f966e1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2007-10-14
@@ -0,0 +1,26221 @@
+=== Start merge of feature-branch 2007-10-12 ===
+
+2007-10-11  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Eric Seidel.
+        
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=15076
+        "deg2rad has multiple definitions"
+        
+        Define deg2rad, rad2deg, deg2grad, grad2deg, rad2grad, grad2rad
+        These are used through WebKit.
+        
+        Change based on original patch by Rob Buis.
+
+        * wtf/MathExtras.h:
+        (deg2rad):
+        (rad2deg):
+        (deg2grad):
+        (grad2deg):
+        (rad2grad):
+        (grad2rad):
+
+2007-10-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+        
+        - fix assertion failures on quit.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Dynamically alocate function-scope static
+        UStrings to avoid the static destructor getting called later.
+        * kjs/lookup.h: Dynamically alocate function-scope static
+        Identifiers to avoid the static destructor getting called later.
+
+2007-10-07  Ed Schouten  <ed@fxq.nl>
+
+        Reviewed and landed by Alexey Proskuryakov.
+
+        Add PLATFORM(FREEBSD), so we can fix the build on FreeBSD-like
+        systems by including <pthread_np.h>. Also fix some (disabled)
+        regcomp()/regexec() code; it seems some variable names have
+        changed.
+
+        * kjs/config.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        * wtf/Platform.h:
+
+2007-10-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10370
+        RegExp fails to match non-ASCII characters against [\S\s]
+
+        Test: fast/js/regexp-negative-special-characters.html
+
+        * pcre/pcre_compile.c:
+        (compile_branch): Adjust opcode and bitmap as necessary to include (or exclude)
+        character codes >255. Fix suggested by Philip Hazel.
+
+        * pcre/pcre_exec.c:
+        (match): Merged fix for PCRE bug 580 (\S\S vs. \S{2}).
+
+        * tests/mozilla/expected.html: One test was fixed.
+        * pcre/MERGING: Added information about this fix.
+
+2007-10-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - skip extra hash lookup and avoid converting char* to UString for 19% speedup on CK JS array test 
+        http://bugs.webkit.org/show_bug.cgi?id=15350
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Implement the two mentioned optimizations.
+
+2007-10-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - Efficiently handle regexp property identifiers for 19% speedup on Celtic Kane regexp test
+        http://bugs.webkit.org/show_bug.cgi?id=15337
+
+        * kjs/CommonIdentifiers.h:
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFunc::callAsFunction):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::construct):
+
+2007-10-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - Cache global prorotypes more efficiently for 10% speedup on CK AJAX benchmark
+        http://bugs.webkit.org/show_bug.cgi?id=15335
+
+        * kjs/lookup.h:
+
+2007-10-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark.
+
+        Enable Experimental SVG features by default when building from Xcode
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2007-09-29  Rob Buis  <buis@kde.org>
+
+        Reviewed by Adam.
+
+        http://bugs.webkit.org/show_bug.cgi?id=13472
+        Misparsing date in javascript leads to year value of -1
+        http://bugs.webkit.org/show_bug.cgi?id=14176
+        Some date values not handled consistently with IE/Firefox
+
+        Allow an optional comma between month and year, and year and time.
+
+        * kjs/date_object.cpp:
+        (KJS::parseDate):
+
+2007-07-11  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Mark.
+
+        Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
+        Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.
+
+        * kjs/create_hash_table:
+
+2007-06-25  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Maciej.
+        
+        Use intHash to hash floats and doubles too.
+
+        * ChangeLog:
+        * wtf/HashFunctions.h:
+        (WTF::FloatHash::hash):
+        (WTF::FloatHash::equal):
+        (WTF::):
+        * wtf/HashTraits.h:
+        (WTF::FloatHashTraits::emptyValue):
+        (WTF::FloatHashTraits::deletedValue):
+        (WTF::):
+
+=== End merge of feature-branch 2007-10-12 ===
+
+2007-10-11  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        Fix for <rdar://problem/5488678>.  Disable debugging symbols in production builds for 10.4
+        PowerPC to prevent a huge STABS section from being generated.
+
+        * Configurations/Base.xcconfig:
+
+2007-10-08  George Staikos  <staikos@kde.org>
+
+        Reviewed by Adam Roben.
+
+        Fix Qt build on Win32.
+
+        * kjs/testkjs.cpp:
+        (main):
+
+2007-10-10  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Lars.
+
+        Fix compilation using gcc 4.3. Header files have been reorganized and as a result some extra
+        includes are needed for INT_MAX, std::auto_ptr and the like.
+
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/lexer.cpp:
+        * kjs/scope_chain.cpp:
+        * kjs/ustring.cpp:
+        * wtf/Vector.h:
+
+2007-10-09  Lars Knoll  <lars@trolltech.com>
+
+        Reviewed by Simon.
+
+        fix the invokation of slots with return types. Add a JSLock around the conversion from QVariant to JSValue.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+        * bindings/qt/qt_runtime.cpp:
+        (KJS::Bindings::convertValueToQVariant):
+        (KJS::Bindings::convertQVariantToValue):
+
+2007-10-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added JSObject::removeDirect, to support the fix for 
+        <rdar://problem/5522487> REGRESSION: With JavaScript disabled, any 
+        page load causes a crash in PropertyMap::put
+
+        * kjs/object.cpp:
+        (KJS::JSObject::removeDirect):
+        * kjs/object.h:
+
+2007-10-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver.
+
+        Switch to default level of debugging symbols to resolve <rdar://problem/5488678>.
+        The "full" level appears to offer no observable benefits even though the documentation
+        suggests it be used for dead code stripping.  This should also decrease link times.
+
+        * Configurations/Base.xcconfig:
+
+2007-10-03  Lars Knoll  <lars@trolltech.com>
+
+        Reviewed by Rob.
+
+        Fix a stupid bug in Unicode::toUpper/toLower.
+        Fixes all three test failures in the JavaScriptCore test
+        suite.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+
+2007-10-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        - add support for GDI objects to OwnPtr; I plan to use this
+          to fix some GDI handle leaks
+
+        * kjs/grammar.y: Change parser to avoid macros that conflict
+        with macros defined in Windows system headers: THIS, DELETE,
+        VOID, IN, and CONST. This is needed because OwnPtr.h will now
+        include <windows.h>.
+        * kjs/keywords.table: Ditto.
+
+        * wtf/OwnPtr.h: For PLATFORM(WIN), add support so that OwnPtr can be
+        a GDI handle, and it will call DeleteObject. Also change to use the
+        RemovePointer technique used by RetainPtr, so you can say OwnPtr<HBITMAP>
+        rather than having to pass in the type pointed to by HBITMAP.
+
+        * wtf/OwnPtrWin.cpp: Added.
+        (WebCore::deleteOwnedPtr): Put this in a separate file so that we
+        don't have to include <windows.h> in OwnPtr.h.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added OwnPtrWin.cpp.
+
+2007-09-29  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark.
+
+        -Fix http://bugs.webkit.org/show_bug.cgi?id=13226.
+        Remove Bakefiles from svn.
+
+        * JavaScriptCoreSources.bkl: Removed.
+        * jscore.bkl: Removed.
+
+2007-09-27  Kevin Decker  <kdecker@apple.com>
+
+        Rubber stamped by John Sullivan.
+
+        <rdar://problem/5493093>
+        
+        * JavaScriptCore.order: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj: We're changing from using an order file built by
+         another team to using one we actually check into our project repository. Linker settings for
+         Symbol Ordering Flags have been updated accordingly.
+
+2007-09-26  Adam Roben  <aroben@apple.com>
+
+        Make testkjs delay-load WebKit.dll so WebKitInitializer can work its magic
+
+        Rubberstamped by Anders.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-09-25  Adam Roben  <aroben@apple.com>
+
+        Make testkjs delay-load its dependencies
+
+        This lets WebKitInitializer re-route the dependencies to be loaded out
+        of the Safari installation directory.
+
+        Rubberstamped by Sam.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-09-25  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Adam.
+
+        - Fix http://bugs.webkit.org/show_bug.cgi?id=14885
+          LGPL'ed files contain incorrect FSF address
+
+        * COPYING.LIB:
+        * bindings/testbindings.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/DateMath.cpp:
+        * kjs/PropertyNameArray.cpp:
+        * kjs/PropertyNameArray.h:
+        * kjs/config.h:
+
+2007-09-25  Sam Weinig  <sam@webkit.org>
+
+        Fix location for build products for Debug_Internal.
+
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-09-25  Adam Roben  <aroben@apple.com>
+
+        Make testkjs use WebKitInitializer
+
+        Reviewed by Sam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WebKitInitializer and
+        make testkjs depend on it.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Link against
+        WebKitInitializer.lib.
+        * kjs/testkjs.cpp:
+        (main): Call initializeWebKit.
+
+2007-09-24  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        - Continued to update project files to not use Edit and Continue for Debug Information since it doesn't work and breaks some functionality.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2007-09-21  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        - Updated project files to not use Edit and Continue for Debug Information since it doesn't work and breaks some functionality.
+
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-09-20  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Rubber stamped by Adam.
+
+        Renamed files from *Gdk to *Gtk (see #14732) using the
+        work of Juan A. Suarez Romero as a base.
+
+        GDK -> GTK 
+
+        * JavaScriptCore.pri:
+        * kjs/testkjs.pro:
+        * pcre/dftables.pro:
+        * wtf/Platform.h: PLATFORM(GDK) to PLATFORM(GTK)
+
+2007-09-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Antti Koivisto.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15250
+        <rdar://problem/5496942> REGRESSION: Reproducible crash in Safari when evaluating script in Drosera console (15250)
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction): Null-check thisObj before passing it to interpreterForGlobalObject.
+
+2007-09-19  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Rubber stamped by Adam.
+
+        Make the guard/#if use the same name (ENABLE_FTPDIR) as the #define. This follows
+        the ENABLE_ICONDATABASE example from a couple of lines above.
+
+        * wtf/Platform.h:
+
+2007-09-19  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/5487107> NULL dereference crash in FastMallocZone::enumerate when running leaks against Safari
+
+        Storing remote pointers to their local equivalents in mapped memory was leading to the local pointer being
+        interpreted as a remote pointer.  This caused a crash when using the result of mapping this invalid remote pointer.
+        The fix is to follow the pattern used elsewhere in FastMallocZone by always doing the mapping after reading and
+        never storing the mapped pointer.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::FastMallocZone::enumerate):
+
+2007-09-15  Darin Adler  <darin@apple.com>
+
+        - fix Mac build
+
+        * JavaScriptCore.exp: Export WTFLogVerbose.
+
+2007-09-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        - Copy JSRetainPtr to include folder.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-09-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Try to fix GDK build.
+
+        * wtf/MathExtras.h:
+        (wtf_random_init):
+
+2007-09-12  Geoff Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/5429064> 141885 Safari JavaScript: Math.random() slightly less randomly distributed than on Safari / Mac
+
+        Math.random was skewed slightly upward because it assumed that RAND_MAX was outside the range of
+        values that rand() might return. This problem was particularly pronounced on Windows because
+        the range of values returned by rand() on Windows is 2^16 smaller than the range of values
+        return by rand() on Mac.
+        
+        Fixed by accounting for RAND_MAX return values. Also, switched Windows over to rand_s, which has
+        a range that's equal to rand()'s range on Mac.
+        
+        * kjs/config.h:
+
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction): Use the new new thing.
+
+        * wtf/MathExtras.h: Platform abstraction for random numbers, to cover over differences on Windows.
+        (wtf_random_init):
+        (wtf_random):
+
+2007-09-13  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Maciej.
+        
+        Small addition to previous path to cover
+        http://bugs.webkit.org/show_bug.cgi?id=11399
+        window.eval runs in the global scope of the calling window
+        
+        Switch variable scope as well.
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+
+2007-09-12  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Geoff, Maciej.
+        
+        Fix <rdar://problem/5445058>
+        REGRESSION: Unable to upload picture to eBay auction due to domain security check
+        
+        eBay uses window.eval() between windows. In Firefox window.eval() switches execution
+        and security context to the target window, something WebKit did not do. With WebKit
+        security tightening in r24781, this broke picture uploads.
+        
+        Fix by making WebKit switch context in window.eval().
+        
+        * kjs/Context.cpp:
+        (KJS::Context::Context):
+        (KJS::Context::~Context):
+        * kjs/context.h:
+        Save and restore interpreter context independently from calling context.
+        
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        If eval is called for global object different than current one, switch execution context
+        to that object and push it to scope.
+
+2007-09-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        <rdar://problem/5478717> JSStringCreateWithCFString leaks when passed a zero length CFStringRef
+
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString): Special case the zero length string and remove the
+        UTF16 optimized path since it will always leak due to the fact that we won't be 
+        able to free the backing store that the CFStringRef provides.
+
+2007-09-10  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/5456224> CrashTracer: [USER] 2 crashes in Toast Titanium at com.apple.CoreServices.CarbonCore: CSMemDisposePtr + 37
+
+        Removed the implementation of these malloc zone functions. We do not have the ability to 
+        check if a pointer is valid or not, so we can't correctly implement them. The system free 
+        does not fail if you pass in a bad pointer.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::FastMallocZone::size):
+        (WTF::FastMallocZone::zoneMalloc):
+        (WTF::FastMallocZone::zoneCalloc):
+        (WTF::FastMallocZone::zoneFree):
+        (WTF::FastMallocZone::zoneRealloc):
+
+2007-09-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Steve Falkenburg.
+
+        - fix crash seen on Windows release builds
+
+        * wtf/FastMalloc.cpp: Change pthread_getspecific optimization to be done only
+        on the DARWIN platform. Also correct a couple reinterpret_cast that should be
+        static_cast instead.
+
+2007-09-06  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Maciej.
+
+        - Moved JSRetainPtr to the API.
+
+        * API/JSRetainPtr.h: Copied from kjs/JSRetainPtr.h.
+        (JSRetain):
+        (JSRelease):
+        (JSRetainPtr::JSRetainPtr):
+        (JSRetainPtr::~JSRetainPtr):
+        (JSRetainPtr::get):
+        (JSRetainPtr::releaseRef):
+        (JSRetainPtr::operator->):
+        (JSRetainPtr::operator!):
+        (JSRetainPtr::operator UnspecifiedBoolType):
+        (::operator):
+        (::adopt):
+        (::swap):
+        (swap):
+        (operator==):
+        (operator!=):
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSRetainPtr.h: Removed.
+
+2007-09-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Remove single-threaded optimization for FastMalloc. 
+        
+        It does not appear to help anywhere but Mac OS X on PPC, due to
+        pthread_getspecific being slow there. On Intel, removing the
+        optimization results in a ~1.5% PLT speedup, a ~1-5% JS iBench
+        speedup, and a ~1.5% HTML iBench speedup. On PPC this change is a
+        speedup on some benchmarks, a slight hit on others.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread):
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_ThreadCache::GetCache):
+        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (WTF::do_malloc):
+        * wtf/FastMallocInternal.h: Removed.
+
+2007-09-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam, Sam, Darin.
+
+        - Created a JSRetainPtr specifically for JSStringRefs so they can be automatically refed and derefed.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSRetainPtr.h: Copied from wtf/RetainPtr.h.
+        (KJS::JSRetain):
+        (KJS::JSRelease):
+        (KJS::):
+        (KJS::JSRetainPtr::JSRetainPtr):
+        (KJS::JSRetainPtr::~JSRetainPtr):
+        (KJS::JSRetainPtr::get):
+        (KJS::JSRetainPtr::releaseRef):
+        (KJS::JSRetainPtr::operator->):
+        (KJS::JSRetainPtr::operator UnspecifiedBoolType):
+        (KJS::::operator):
+        (KJS::::adopt):
+        (KJS::::swap):
+        (KJS::swap):
+        (KJS::operator==):
+        (KJS::operator!=):
+
+2007-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Unreviewed Qt build fix.
+
+        * wtf/unicode/qt4/UnicodeQt4.h: Fix the constness of the src argument to toUpper to prevent build failures.
+
+2007-09-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Back out accidentally committed change.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread):
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocSetIsMultiThreaded):
+        (WTF::TCMalloc_ThreadCache::GetCache):
+        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (WTF::do_malloc):
+        * wtf/FastMallocInternal.h: Added.
+
+2007-09-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Added Vector::appendRange(), which appends to a vector based on a given start and end iterator
+        - Added keys() and values() functions to HashMap iterators, which give keys-only and values-only iterators
+        
+        Together, these allow easy copying of a set, or the keys or values of a map, into a Vector. Examples:
+        
+        HashMap<int, int> map;
+        HashSet<int> set;
+        Vector<int> vec;
+        // ...
+        vec.appendRange(set.begin(), set.end());
+        vec.appendRange(map.begin().keys(), map.end().keys());
+        vec.appendRange(map.begin().values(), map.end().values());
+
+        This also allows for a slightly nicer syntax when iterating a map. Instead of saying 
+        (*it)->first, you can say *it.values(). Similarly for keys. Example:
+        
+        HashMap<int, int>::const_iterator end = map.end();
+        for (HashMap<int, int>::const_iterator it = map.begin(); it != end; ++it)
+        printf(" [%d => %d]", *it.keys(), *it.values());
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/HashIterators.h: Added.
+        (WTF::):
+        (WTF::HashTableConstKeysIterator::HashTableConstKeysIterator):
+        (WTF::HashTableConstKeysIterator::get):
+        (WTF::HashTableConstKeysIterator::operator*):
+        (WTF::HashTableConstKeysIterator::operator->):
+        (WTF::HashTableConstKeysIterator::operator++):
+        (WTF::HashTableConstValuesIterator::HashTableConstValuesIterator):
+        (WTF::HashTableConstValuesIterator::get):
+        (WTF::HashTableConstValuesIterator::operator*):
+        (WTF::HashTableConstValuesIterator::operator->):
+        (WTF::HashTableConstValuesIterator::operator++):
+        (WTF::HashTableKeysIterator::HashTableKeysIterator):
+        (WTF::HashTableKeysIterator::get):
+        (WTF::HashTableKeysIterator::operator*):
+        (WTF::HashTableKeysIterator::operator->):
+        (WTF::HashTableKeysIterator::operator++):
+        (WTF::HashTableKeysIterator::operator HashTableConstKeysIterator<HashTableType, KeyType, MappedType>):
+        (WTF::HashTableValuesIterator::HashTableValuesIterator):
+        (WTF::HashTableValuesIterator::get):
+        (WTF::HashTableValuesIterator::operator*):
+        (WTF::HashTableValuesIterator::operator->):
+        (WTF::HashTableValuesIterator::operator++):
+        (WTF::HashTableValuesIterator::operator HashTableConstValuesIterator<HashTableType, KeyType, MappedType>):
+        (WTF::operator==):
+        (WTF::operator!=):
+        * wtf/HashTable.h:
+        * wtf/Vector.h:
+        (WTF::::appendRange):
+
+2007-09-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Remove single-threaded optimization for FastMalloc. 
+        
+        It does not appear to help anywhere but Mac OS X on PPC, due to
+        pthread_getspecific being slow there. On Intel, removing the
+        optimization results in a 1% PLT speedup, a 2% JS iBench speedup,
+        and no measurable effect on HTML iBench (maybe a slight speedup).
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread):
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_ThreadCache::GetCache):
+        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (WTF::do_malloc):
+        * wtf/FastMallocInternal.h: Removed.
+
+2007-09-03  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        <rdar://problem/5452164> Production build with in symbols directory has no debug info
+
+        Enable debug symbol generation on all build configurations.  Production builds are stripped
+        of symbols by Xcode during deployment post-processing.
+
+        * Configurations/Base.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-08-30  Riku Voipio  <riku.voipio@iki.fi>
+
+        Reviewed by Dave Kilzer.
+
+        Better ARM defines.
+
+        * kjs/ustring.h: Update comments to reflect the change and update test
+        to fit changes to Platform.h.
+        * wtf/Platform.h: Forced packing is only needed on oldabi ARM.
+        Set middle-endian floats only for little-endian oldabi ARM.
+        Set big-endian define for big-endian ARM.
+
+2007-08-29  Ryan Leavengood <leavengood@gmail.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15043
+        - posix_memalign takes a void** as its first parameter. My port makes use of this function call.
+
+        * kjs/collector.cpp:
+        (KJS::allocateBlock):
+
+2007-08-26  Darin Adler  <darin@apple.com>
+
+        - quick follow on to that last check-in
+
+        * API/JSCallbackObject.cpp: (KJS::JSCallbackObject::JSCallbackObject):
+        Need to initialize m_class to 0.
+
+2007-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/4949002> JSGlobalContextCreate can cause crashes because it passes a NULL JSContextRef to the globalObjectClass's initialize callback
+
+        JSCallbackObject now tracks whether it was constructed with a null ExecState.  This will happen when the object is being used as the global object,
+        as the Interpreter needs to be created after the global object.  In this situation the initialization is deferred until after the Interpreter's
+        ExecState is available to be passed down to the initialize callbacks.
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::init): Track whether we successfully initialized.
+        (KJS::JSCallbackObject::initializeIfNeeded): Attempt to initialize with the new ExecState.
+        * API/JSCallbackObject.h:
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Initialize the JSCallbackObject with the Interpreter's ExecState.
+        * API/testapi.c:
+        (testInitializeOfGlobalObjectClassHasNonNullContext):
+        (main): Verify that the context passed to the initialize callback is non-null.
+
+2007-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/5438496> JSGlobalContextCreate crashes when passed a custom class
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Specify jsNull() as the prototype and let Interpreter's constructor fix it up to point at builtinObjectPrototype().
+        * API/testapi.c:
+        (main): Use an instance of a custom class as the global object to ensure the code path is exercised in the test.
+
+2007-08-26  Mike Hommey  <glandium@debian.org>
+
+        Reviewed by Mark Rowe and David Kilzer.
+
+        Fix build failure on arm.
+
+        * wtf/Platform.h: Also test if __arm__ is defined.
+
+2007-08-25  Peter Kasting <pkasting@google.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Part 3 of http://bugs.webkit.org/show_bug.cgi?id=14967
+        Bug 14967: Reduce wtf::Vector::operator[]() overloads
+
+        * wtf/Vector.h:
+        (WTF::Vector::operator[]): Only provide versions of operator[] that takes a size_t argument.
+
+2007-08-25  Peter Kasting <pkasting@google.com>
+
+        Reviewed by Sam Weinig.
+
+        Part 2 of http://bugs.webkit.org/show_bug.cgi?id=14967.
+        Eliminate all remaining implicit conversions of wtf::Vector<T> to T*.  Where code was
+        previously checking that the Vector's data pointer was non-NULL, check !Vector::isEmpty()
+        instead.
+
+        * wtf/Vector.h:
+        (WTF::Vector::data):
+
+2007-08-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff and Adam.
+
+        - Changing stack depth to 500 (from 100 on mac and win) to help out some apps specifically gmail.  <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045)
+
+        * kjs/object.cpp:
+
+2007-08-15  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Darin.
+        
+        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
+        conversions of wtf::Vector<T> to T* by explicitly calling .data()
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::callAsFunction):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::invokeMethod):
+        (KJS::Bindings::CInstance::invokeDefaultMethod):
+        * kjs/number_object.cpp:
+        (integer_part_noexp):
+        (char_sequence):
+        * kjs/ustring.cpp:
+        (KJS::UString::UTF8String):
+
+2007-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - fix <rdar://problem/5410570> Global initializer introduced by use of std::numeric_limits in r24919
+
+        * kjs/ustring.cpp:
+        (KJS::overflowIndicator): Turned into a function.
+        (KJS::maxUChars): Ditto.
+        (KJS::allocChars): Use the functions.
+        (KJS::reallocChars): Ditto.
+        (KJS::UString::expandedSize): Ditto.
+
+2007-08-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=14931
+          <rdar://problem/5403816> JavaScript regular expression non-participating capturing parentheses
+          fail in 3 different ways
+
+        Test: fast/js/regexp-non-capturing-groups.html
+
+        * kjs/string_object.cpp:
+        (KJS::replace): Add missing code to handle undefined backreferences; before we'd get the empty string
+        instead of a JavaScript "undefined" value.
+        (KJS::StringProtoFunc::callAsFunction): Implemented backreference support for split.
+        * pcre/pcre_exec.c: (match): Made backreferences to undefined groups match the empty string instead
+        of always failing. Only in JAVASCRIPT mode.
+
+        * tests/mozilla/expected.html: Add a new expected test success, since this fixed one test result.
+
+2007-08-10  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5394449> Stop using some Carbon UI APIs for 64 bit
+
+        Disable the NPAPI for 64-bit on Mac OS X.
+
+        * Configurations/JavaScriptCore.xcconfig: Use the 64-bit export file.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Create a 64-bit export file
+        that filters out the NPN fnctions.
+        * bindings/NP_jsobject.cpp: #ifdef out this for 64-bit on Mac OS X
+        * bindings/NP_jsobject.h: Ditto.
+        * bindings/c/c_class.cpp: Ditto.
+        * bindings/c/c_class.h: Ditto.
+        * bindings/c/c_instance.cpp: Ditto.
+        * bindings/c/c_instance.h: Ditto.
+        * bindings/c/c_runtime.cpp: Ditto.
+        * bindings/c/c_runtime.h: Ditto.
+        * bindings/c/c_utility.cpp: Ditto.
+        * bindings/c/c_utility.h: Ditto.
+        * bindings/npapi.h: Ditto.
+        * bindings/npruntime.cpp: Ditto.
+        * bindings/npruntime.h: Ditto.
+        * bindings/npruntime_impl.h: Ditto.
+        * bindings/npruntime_priv.h: Ditto.
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+         don't creat an NPObject on Mac OS X in 64-bit.
+
+2007-08-09  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Antti.
+
+        <rdar://problem/5400709> Versioning in debug and release builds should include minor and tiny version before +
+
+        * Configurations/Version.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add a shell script phase to make to dependency between
+        Version.xcconfig and Info.plist explicit to Xcode.
+
+2007-08-08  George Staikos  <staikos@kde.org>
+
+        Make it compile with Qt again.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toUpper):
+
+2007-08-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=14897
+        Decompilation of double negation fails and produces invalid or incorrect code
+
+        Test: fast/js/function-decompilation-operators.html
+
+        * kjs/nodes2string.cpp:
+        (UnaryPlusNode::streamTo): Put space after unary operator.  Matches Firefox.
+        (NegateNode::streamTo): Diito.
+        (MultNode::streamTo): Put spaces around binary operator.  Matches Firefox.
+        (AddNode::streamTo): Ditto.
+
+2007-08-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adele.
+
+        - fix <rdar://problem/5383104> REGRESSION: XHR.responseText is null instead of empty string
+          in http/tests/xmlhttprequest/zero-length-response.html
+
+        The new code to handle out of memory conditions was turning a "" into a null string.
+
+        * kjs/ustring.h: Removed UCharReference, which has long been obsolete and unused.
+        Removed copyForWriting, which was only used for the upper/lowercasing code and for
+        UCharReference.
+        * kjs/ustring.cpp:
+        (KJS::allocChars): Removed special case that made this fail (return 0) when passed 0.
+        Instead assert that we're not passed 0. Also added an overflow check for two reasons:
+        1) for sizes that aren't checked this prevents us from allocating a buffer that's too
+        small, and 2) for sizes where we overflowed in the expandedSize function and returned
+        overflowIndicator, it guarantees we fail.
+        (KJS::reallocChars): Ditto.
+        (KJS::UString::expandedSize): Return a large number, overflowIndicator, rather than 0
+        for cases where we overflow.
+        (KJS::UString::spliceSubstringsWithSeparators): Added a special case for empty string so
+        we don't call allocChars with a length of 0.
+        (KJS::UString::operator=): Added special characters for both 0 and empty string so we
+        match the behavior of the constructor. This avoids calling allocChars with a length of 0
+        and making a null string rather than an empty string in that case, and also matches the
+        pattern used in the rest of the functions.
+        (KJS::UString::operator[]): Made the return value const so code that tries to use the
+        operator to modify the string will fail.
+
+        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction): Rewrote uppercasing and
+        lowercasing functions so they don't need copyForWriting any more -- it wasn't really doing
+        any good for optimization purposes. Instead use a Vector and releaseBuffer.
+
+        * wtf/unicode/icu/UnicodeIcu.h: Eliminate one of the versions of toLower/toUpper -- we now
+        only need the version where both a source and destination buffer is passed in, not the one
+        that works in place.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+2007-08-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=14891
+        Decompilation of try block immediately following "else" fails
+
+        Test: fast/js/toString-try-else.html
+
+        * kjs/nodes2string.cpp:
+        (TryNode::streamTo): Add newline before "try".
+
+2007-08-07  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/5388774> REGRESSION: Hang occurs after clicking "Attach a file " link in a new .Mac message
+
+        Attempting to acquire the JSLock inside CollectorHeap::forceLock can lead to a deadlock if the thread currently
+        holding the lock is waiting on the thread that is forking.  It is not considered safe to use system frameworks
+        after a fork without first execing[*] so it is not particularly important to ensure that the collector and
+        fastMalloc allocators are unlocked in the child process.  If the child process wishes to use JavaScriptCore it
+        should exec after forking like it would to use any other system framework.
+        [*]: <http://lists.apple.com/archives/Cocoa-dev/2005/Jan/msg00676.html>
+
+        * kjs/CollectorHeapIntrospector.cpp: Remove forceLock and forceUnlock implementations.
+        * kjs/CollectorHeapIntrospector.h: Stub out forceLock and forceUnlock methods.
+        * wtf/FastMalloc.cpp: Ditto.
+
+2007-08-06  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Geoff.
+
+        * kjs/ustring.h: Added an assertion which would have helped us find the
+        previous bug more easily.
+
+2007-08-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - fix <rdar://problem/5387589> 9A514: Quartz Composer crash on launch in KJS::jsString
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript): Turn NULL for sourceURL into UString::null(), just as JSObjectMakeFunction already does.
+        (JSCheckScriptSyntax): Ditto.
+
+2007-08-06  Matt Lilek  <pewtermoose@gmail.com>
+
+        Not reviewed, build fix.
+
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction):
+
+2007-08-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix <rdar://problem/5371862> crash in Dashcode due to Quartz Composer JavaScript garbage collector reentrancy
+
+        * API/JSBase.cpp: (JSGarbageCollect): Don't call collector() if isBusy() returns true.
+
+        * kjs/collector.h: Added isBusy(), removed the unused return value from collect()
+        * kjs/collector.cpp: Added an "operation in progress" flag to the allocator.
+        (KJS::Collector::allocate): Call abort() if an operation is already in progress. Set the new flag instead
+        of using the debug-only GCLock.
+        (KJS::Collector::collect): Ditto.
+        (KJS::Collector::isBusy): Added.
+
+2007-08-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin and Adam.
+        
+        <rdar://problem/5368990> REGRESSION: newsgator.com sign-on 6x slower than Safari 3 beta due to GC changes (14808)
+
+        * kjs/string_object.cpp:
+        (KJS::replace): if the string didn't change (very common in some cases) reuse the original string value.
+        (KJS::StringProtoFunc::callAsFunction): Pass in the StringImp* when replacing, not just the UString.
+        * kjs/string_object.h:
+        (KJS::StringInstance::internalValue): covariant override to return StringImp for convenience
+
+2007-08-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/5385145> r24843 introduces a crash on calling fork() (14878)
+        http://bugs.webkit.org/show_bug.cgi?id=14878
+
+        Provide no-op functions for all members of the malloc_zone_t and malloc_introspection_t structures that we
+        register to avoid crashes in system code that assumes they will be non-null.
+
+        * kjs/CollectorHeapIntrospector.cpp:
+        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector):
+        (KJS::CollectorHeapIntrospector::forceLock): Grab the lock.
+        (KJS::CollectorHeapIntrospector::forceUnlock): Release the lock.
+        * kjs/CollectorHeapIntrospector.h:
+        (KJS::CollectorHeapIntrospector::goodSize):
+        (KJS::CollectorHeapIntrospector::check):
+        (KJS::CollectorHeapIntrospector::print):
+        (KJS::CollectorHeapIntrospector::log):
+        (KJS::CollectorHeapIntrospector::statistics):
+        (KJS::CollectorHeapIntrospector::size):
+        (KJS::CollectorHeapIntrospector::zoneMalloc):
+        (KJS::CollectorHeapIntrospector::zoneCalloc):
+        (KJS::CollectorHeapIntrospector::zoneFree):
+        * wtf/FastMalloc.cpp:
+        (WTF::FastMallocZone::goodSize):
+        (WTF::FastMallocZone::check):
+        (WTF::FastMallocZone::print):
+        (WTF::FastMallocZone::log):
+        (WTF::FastMallocZone::forceLock): Grab the TCMalloc locks.
+        (WTF::FastMallocZone::forceUnlock): Release the TCMalloc locks.
+        (WTF::FastMallocZone::FastMallocZone):
+
+2007-08-04  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Anders.
+
+        * pcre/pcre_compile.c: Remove non-ASCII character from a comment.
+
+2007-08-02  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        <rdar://problem/4212199> 'leaks' reports false leaks in WebKit (because the WTF allocator uses mmap?)
+
+        Implement malloc zone introspection routines to allow leaks, heap, and friends to request information
+        about specific memory regions that were allocated by FastMalloc or the JavaScriptCore collector.
+
+        This requires tool-side support before the regions will be displayed.  The addition of that support is
+        tracked by <rdar://problems/5353057&5353060>.
+
+        * JavaScriptCore.exp: Export the two variables that are used by leaks to introspect the allocators.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+        * kjs/CollectorHeapIntrospector.cpp: Added.
+        (KJS::):
+        (KJS::CollectorHeapIntrospector::init): 
+        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector): Create and register our zone with the system.
+        (KJS::CollectorHeapIntrospector::enumerate): Iterate over the CollectorBlocks that are in use and report them to the caller as being used.
+        * kjs/CollectorHeapIntrospector.h: Added.
+        (KJS::CollectorHeapIntrospector::size): Return zero to indicate the specified pointer does not belong to this zone.
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread): Register the CollectorHeapIntrospector with the system when the first thread is registered with the collector.
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::GetDescriptorEnsureSafe):
+        (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Enumerate the objects on the free list.
+        (WTF::TCMalloc_ThreadCache::enumerateFreeObjects): Ditto.
+        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
+        (WTF::TCMalloc_ThreadCache::InitModule): Register the FastMallocZone with the system when initializing TCMalloc.
+        (WTF::FreeObjectFinder::FreeObjectFinder):
+        (WTF::FreeObjectFinder::visit): Add an object to the free list.
+        (WTF::FreeObjectFinder::isFreeObject):
+        (WTF::FreeObjectFinder::freeObjectCount):
+        (WTF::FreeObjectFinder::findFreeObjects): Find the free objects within a thread cache or free list.
+        (WTF::PageMapFreeObjectFinder::PageMapFreeObjectFinder): Find the free objects within a TC_PageMap.
+        (WTF::PageMapFreeObjectFinder::visit): Called once per allocated span.  Record whether the span or any subobjects are free.
+        (WTF::PageMapMemoryUsageRecorder::PageMapMemoryUsageRecorder):
+        (WTF::PageMapMemoryUsageRecorder::visit): Called once per allocated span.  Report the range of memory as being allocated, and the span or
+        its subobjects as being used if they do not appear on the free list.
+        (WTF::FastMallocZone::enumerate): Map the key remote TCMalloc data structures into our address space.  We then locate all free memory ranges
+        before reporting the other ranges as being in use.
+        (WTF::FastMallocZone::size): Determine whether the given pointer originates from within our allocation zone.  If so,
+        we return its allocation size.
+        (WTF::FastMallocZone::zoneMalloc):
+        (WTF::FastMallocZone::zoneCalloc):
+        (WTF::FastMallocZone::zoneFree):
+        (WTF::FastMallocZone::zoneRealloc):
+        (WTF::):
+        (WTF::FastMallocZone::FastMallocZone): Create and register our zone with the system.
+        (WTF::FastMallocZone::init):
+        * wtf/MallocZoneSupport.h: Added.
+        (WTF::RemoteMemoryReader::RemoteMemoryReader): A helper class to ease the process of mapping memory in a different process into
+        our local address space
+        (WTF::RemoteMemoryReader::operator()):
+        * wtf/TCPageMap.h:
+        (TCMalloc_PageMap2::visit): Walk over the heap and visit each allocated span.
+        (TCMalloc_PageMap3::visit): Ditto.
+
+2007-08-02  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::expandedSize):  Use std::numeric_limits<size_t>::max() rather than the non-portable SIZE_T_MAX.
+
+2007-08-02  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/5352887> "Out of memory" error during repeated JS string concatenation leaks hundreds of MBs of RAM
+
+        A call to fastRealloc was failing which lead to UString::expandCapacity leaking the buffer it was trying to reallocate.
+        It also resulted in the underlying UString::rep having both a null baseString and buf field, which meant that attempting
+        to access the contents of the string after the failed memory reallocation would crash.
+
+        A third issue is that expandedSize size was calculating the new length in a way that led to an integer overflow occurring.
+        Attempting to allocate a string more than 190,000,000 characters long would fail a the integer overflow would lead to a
+        memory allocation of around 3.6GB being attempted rather than the expected 390MB.  Sizes that would lead to an overflow
+        are now  returned as zero and callers are updated to treat this as though the memory allocation has failed.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Check whether the append failed and raise an "Out of memory" exception if it did.
+        * kjs/ustring.cpp:
+        (KJS::allocChars): Wrapper around fastMalloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
+        (KJS::reallocChars): Wrapper around fastRealloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
+        (KJS::UString::expandedSize): Split the size calculation in two and guard against overflow during each step.
+        (KJS::UString::expandCapacity): Don't leak r->buf if reallocation fails.  Instead free the memory and use the null representation.
+        (KJS::UString::expandPreCapacity): If fastMalloc fails then use the null representation rather than crashing in memcpy.
+        (KJS::UString::UString): If calls to expandCapacity, expandPreCapacity or fastMalloc fail then use the null representation rather than crashing in memcpy.
+        (KJS::UString::append): Ditto.
+        (KJS::UString::operator=): Ditto.
+        * kjs/ustring.h: Change return type of expandedSize from int to size_t.
+
+2007-08-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin McCullough.
+
+        - fix <rdar://problem/5375186> pointers to pieces of class definition passed to JSClassCreate should all be const
+
+        * API/JSObjectRef.h: Added const.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass): Added const.
+        (OpaqueJSClass::create): Added const.
+        * API/JSObjectRef.cpp:
+        (JSClassCreate): Added const.
+
+2007-08-01  Steve Falkenburg  <sfalken@apple.com>
+
+        Build mod: Fix sln to match configs in vcproj.
+        
+        Reviewed by Adam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+
+2007-07-30  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars.
+
+        Removed the __BUILDING_QT ifdef in JSStringRef.h and changed UChar for the Qt build to use wchar_t on Windows.
+
+        * API/JSStringRef.h:
+        * wtf/unicode/qt4/UnicodeQt4.h:
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Always define JSChar to be unsigned short for the Qt builds, to ensure compatibility with UChar.
+
+        * API/JSStringRef.h:
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Fix compilation with Qt on Windows with MingW: Implemented currentThreadStackBase() for this platform.
+
+        * kjs/collector.cpp:
+        (KJS::currentThreadStackBase):
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Fix compilation with Qt on Windows with MingW: The MingW headers do not provide a prototype for a reentrant version of localtime. But since we don't use multiple threads for the Qt build we can use the plain localtime() function.
+
+        * kjs/DateMath.cpp:
+        (KJS::getDSTOffsetSimple):
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Use $(MOVE) instead of mv to eliminated the shell dependency and replaced the long shell line to call bison and modify the css grammar file with a few lines of portable perl code.
+
+        * JavaScriptCore.pri:
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Implemented currentTime() in the interpreter by using QDateTime, so that we don't need timeGetTime() on Windows and therefore also don't need to link against Winmm.dll.
+
+        * kjs/interpreter.cpp:
+        (KJS::getCurrentTime):
+        * kjs/testkjs.cpp:
+        (StopWatch::start):
+        (StopWatch::stop):
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Replace the use of snprintf with QByteArray to compile under msvc 2005 express.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::stringValue):
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Don't use pthread.h unless thread support is enabled.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::registerAsMainThread):
+        (KJS::onMainThread):
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Removed TCSystemMalloc from the Qt build, it's not necessary it seems.
+
+        * JavaScriptCore.pri:
+
+2007-07-27  Simon Hausmann  <hausmann@kde.org>
+
+        Done with and reviewed by Lars and Zack.
+
+        Added os-win32 to the include search path for the Qt windows build in order to provide the fake stdint.h header file.
+
+        * JavaScriptCore.pri:
+
+2007-07-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+
+        - follow-up to previous change
+        
+        * kjs/ustring.cpp:
+        (KJS::UString::operator=): Make sure to reset the length when
+        replacing the buffer contents for a single-owned string.
+
+2007-07-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - JavaScriptCore part of fix for <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
+        
+        Also, as a side effect of optimizations included in this patch:
+        - 7% speedup on JavaScript iBench
+        - 4% speedup on "Celtic Kane" JS benchmark
+        
+        The basic idea is explained in a big comment in collector.cpp. When unusually 
+        large objecs are allocated, we push the next GC closer on the assumption that
+        most objects are short-lived.
+        
+        I also did the following two optimizations in the course of tuning
+        this not to be a performance regression:
+
+        1) Change UString::Rep to hold a self-pointer as the baseString in
+        the unshared case, instead of a null pointer; this removes a
+        number of null checks in hot code because many places already
+        wanted to use the rep itself or the baseString as appropriate.
+        
+        2) Avoid creating duplicate StringImpls when creating a
+        StringInstance (the object wrapper for a JS string) or calling
+        their methods. Since a temporary wrapper object is made every time
+        a string method is called, this resulted in two useless extra
+        StringImpls being allocated for no reason whenever a String method
+        was invoked on a string value. Now we bypass those.
+        
+        * kjs/collector.cpp:
+        (KJS::):
+        (KJS::Collector::recordExtraCost): Basics of the extra cost mechanism.
+        (KJS::Collector::allocate): ditto
+        (KJS::Collector::collect): ditto
+        * kjs/collector.h:
+        (KJS::Collector::reportExtraMemoryCost): ditto
+        * kjs/array_object.cpp:
+        (ArrayInstance::ArrayInstance): record extra cost
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject): don't create a whole new StringImpl just
+        to be the internal value of a StringInstance! StringImpls are immutable
+        so there's no point tot his.
+        * kjs/internal.h:
+        (KJS::StringImp::StringImp): report extra cost
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::StringInstance): new version that takes a StringImp
+        (KJS::StringProtoFunc::callAsFunction): don't create a whole new StringImpl
+        just to convert self to string! we already have one in the internal value
+        * kjs/string_object.h: report extra cost        
+        * kjs/ustring.cpp: All changes to handle baseString being self instead of null in the 
+        unshared case.
+        (KJS::):
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        (KJS::UString::usedCapacity):
+        (KJS::UString::usedPreCapacity):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::expandPreCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        (KJS::UString::copyForWriting):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::baseIsSelf): new method, now that baseString is
+        self instead of null in the unshared case we can't just null check.
+        (KJS::UString::Rep::data): adjusted as mentioned above
+        (KJS::UString::cost): new method to compute the cost for a UString, for
+        use by StringImpl.
+
+        * kjs/value.cpp:
+        (KJS::jsString): style fixups.
+        (KJS::jsOwnedString): new method, use this for strings allocated from UStrings
+        held by the parse tree. Tracking their cost as part of string cost is pointless,
+        because garbage collecting them will not actually free the relevant string buffer.
+        * kjs/value.h: prototyped jsOwnedString.
+        * kjs/nodes.cpp:
+        (StringNode::evaluate): use jsOwnedString as appropriate
+        (RegExpNode::evaluate): ditto
+        (PropertyNameNode::evaluate): ditto
+        (ForInNode::execute): ditto
+        
+        * JavaScriptCore.exp: Exported some new symbols.
+
+2007-07-23  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/5121461> REGRESSION: Unable to load JigZone puzzle
+        
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::createNative):
+        
+        Call RootObject::gcProtect on the global object, thereby putting it in the
+        "protect count" set which is used for checking if a native handle is valid.
+        
+2007-07-23  Darin Adler  <darin@apple.com>
+
+        * pcre/pcre_compile.c: Roll back a tiny accidental change in the unused !JAVASCRIPT
+        side of an #ifdef. This has no effect when using PCRE in JAVASCRIPT mode as we do,
+        but seems worth rolling back.
+
+2007-07-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix remaining problems with Window shadowing
+
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate): Tweak the special case a little.
+
+2007-07-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix Window shadowing regressions caused by the previous commit.
+
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate): Handle the case of global scope specially.
+
+2007-07-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        -fixed <rdar://problem/5353293> REGRESSION (r24287): 1% i-Bench JS slowdown from JavaScript compatibility fix (14719)
+        http://bugs.webkit.org/show_bug.cgi?id=14719
+        
+        My fix for this actually resulted in JS iBench being 1% faster than before the regression
+        and the Celtic Kane benchmark being 5% faster than before the regression.
+        
+        * kjs/nodes.cpp:
+        (VarDeclNode::handleSlowCase): factored out the slow code path to be out of line.
+        (VarDeclNode::evaluate): I did a couple of things:
+        (1) Don't check if the variable is already declared by looking for the property in
+        the variable object, that code path was dead code.
+        (2) Special-case the common case where the top of the scope and the variable object
+        are the same; in that case the variable must always be in the variable object.
+        (3) Don't return a jsString() of the variable name, nothing uses the return value
+        from this node types evaluate method.
+        * kjs/nodes.h:
+
+2007-07-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin Decker.
+
+        - fix <rdar://problem/5126394> REGRESSION: Crash after clicking back button in test application (13250)
+          http://bugs.webkit.org/show_bug.cgi?id=13250
+
+        * bindings/objc/objc_utility.mm: (KJS::Bindings::convertObjcValueToValue):
+        If the object returns 0 for _imp, convert that to "undefined", since callers
+        can't cope with a JSValue of 0.
+
+2007-07-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=10880 | <rdar://problem/5335694>
+        REGRESSION: JavaScript menu doesn't appear on pricepoint.com (14595)
+        
+        Though the ECMA spec says auto-semicolon insertion should not occur
+        without a newline or '}', Firefox treats do-while specially, and the
+        library used by pricepoint.com requires that special treatment.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/grammar.y:
+
+2007-07-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix <rdar://problem/5345440> PCRE computes wrong length for expressions with quantifiers
+          on named recursion or subexpressions
+
+        It's challenging to implement proper preflighting for compiling these advanced features.
+        But we don't want them in the JavaScript engine anyway.
+
+        Turned off the following features of PCRE (some of these are simply parsed and not implemented):
+
+            \C \E \G \L \N \P \Q \U \X \Z
+            \e \l \p \u \z
+            [::] [..] [==]
+            (?#) (?<=) (?<!) (?>)
+            (?C) (?P) (?R)
+            (?0) (and 1-9)
+            (?imsxUX)
+
+        Added the following:
+
+            \u \v
+
+        Because of \v, the js1_2/regexp/special_characters.js test now passes.
+
+        To be conservative, I left some features that JavaScript doesn't want, such as
+        \012 and \x{2013}, in place. We can revisit these later; they're not directly-enough
+        related to avoiding the incorrect preflighting.
+
+        I also didn't try to remove unused opcodes and remove code from the execution engine.
+        That could save code size and speed things up a bit, but it would require more changes.
+
+        * kjs/regexp.h:
+        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the sanitizePattern workaround for
+        lack of \u support, since the PCRE code now has \u support.
+
+        * pcre/pcre-config.h: Set JAVASCRIPT to 1.
+        * pcre/pcre_internal.h: Added ESC_v.
+
+        * pcre/pcre_compile.c: Added a different escape table for when JAVASCRIPT is set that
+        omits all the escapes we don't want interpreted and includes '\v'.
+        (check_escape): Put !JAVASCRIPT around the code for '\l', '\L', '\N', '\u', and '\U',
+        and added code to handle '\u2013' inside JAVASCRIPT.
+        (compile_branch): Put !JAVASCRIPT if around all the code implementing the features we
+        don't want.
+        (pcre_compile2): Ditto.
+
+        * tests/mozilla/expected.html: Updated since js1_2/regexp/special_characters.js now
+        passes.
+
+2007-07-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - fix <rdar://problem/5345432> PCRE computes length wrong for expressions such as "[**]"
+
+        Test: fast/js/regexp-charclass-crash.html
+
+        * pcre/pcre_compile.c: (pcre_compile2): Fix the preflight code that calls
+        check_posix_syntax to match the actual regular expression compilation code;
+        before it was missing the check of the first character.
+
+2007-07-19  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark.
+
+        Define __BUILDING_GDK when building for Gdk to fix building testkjs on OSX.
+
+        * JavaScriptCore.pri:
+
+2007-07-18  Simon Hausmann  <hausmann@kde.org>
+
+        * Fix the Qt build, call dftables from the right directory.
+
+        Reviewed by Adam Treat.
+
+        * pcre/pcre.pri:
+
+2007-07-18  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        Don't call gcc directly when building the dftables tool but use a separate .pro file for the Qt build.
+
+        * pcre/dftables.pro: Added.
+        * pcre/pcre.pri:
+
+2007-07-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin, Maciej, and Adam.
+
+        Fixes <http://bugs.webkit.org/show_bug.cgi?id=9697>,
+              the failure of ecma/GlobalObject/15.1.2.2-2.js,
+              the failure of ecma/LexicalConventions/7.7.3-1.js,
+              and most of the failures of tests in ecma/TypeConversion/9.3.1-3.js.
+
+        Bug 9697: parseInt results may be inaccurate for numbers greater than 2^53
+
+        This patch also fixes similar issues in the lexer and UString::toDouble().
+
+        * kjs/function.cpp:
+        (KJS::parseIntOverflow):
+        (KJS::parseInt):
+        * kjs/function.h:
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex):
+        * kjs/ustring.cpp:
+        (KJS::UString::toDouble):
+        * tests/mozilla/expected.html:
+
+2007-07-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver.
+
+        Turn off -Wshorten-64-to-32 warning for 64-bit builds.
+
+        * Configurations/Base.xcconfig:
+
+2007-07-14  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Sam Weinig
+
+        Initial check-in for <rdar://problem/3154486> - Supporting FTP directory listings in the browser
+
+        * wtf/Platform.h: Add ENABLE_FTPDIR feature to handle building on platforms that don't have the
+          proper network-layer support
+
+2007-07-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Fixes http://bugs.webkit.org/show_bug.cgi?id=13517,
+              http://bugs.webkit.org/show_bug.cgi?id=14237, and
+              the failure of test js1_5/Scope/regress-185485.js
+
+        Bug 13517: DOM Exception 8 in finance.aol.com sub-page
+        Bug 14237: Javascript "var" statement interprets initialization in the topmost function scope
+
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate):
+        * tests/mozilla/expected.html:
+
+2007-07-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Mitz.
+
+        http://bugs.webkit.org/show_bug.cgi?id=14596
+        Fix JSC compilation with KJS_VERBOSE.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::passInParameters):
+
+2007-07-11  George Staikos  <staikos@kde.org>
+
+        Make it compile.
+
+        * ForwardingHeaders: Added.
+        * ForwardingHeaders/JavaScriptCore: Added.
+        * ForwardingHeaders/JavaScriptCore/APICast.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSBase.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSContextRef.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSLock.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSObjectRef.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSStringRef.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSStringRefCF.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JSValueRef.h: Added.
+        * ForwardingHeaders/JavaScriptCore/JavaScriptCore.h: Added.
+
+2007-07-11  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Darin.
+
+        As of http://bugs.webkit.org/show_bug.cgi?id=14527 move the
+        WebCore/ForwardingHeader/JavaScriptCore to JavaScriptCore
+
+        * ForwardingHeaders: Added.
+        * ForwardingHeaders/JavaScriptCore: Copied from WebCore/ForwardingHeaders/JavaScriptCore.
+
+2007-07-11  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Mark.
+
+        Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
+        Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.
+
+        * kjs/create_hash_table:
+
+2007-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
+        
+        * JavaScriptCore.exp: Added needed export.
+
+2007-07-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Antti.
+
+        - <rdar://problem/5311093> JavaScriptCore fails to build with strict-aliasing warnings
+        
+        * Configurations/Base.xcconfig: Re-enable -Wstrict-aliasing
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJNIEnv): Type-pun via a union instead of a pointer cast.
+        * wtf/HashMap.h:
+        (WTF::): Instead of doing type-punned assignments via pointer cast, do one of three things:
+        (1) assign directly w/o cast if storage type matches real type; (2) assign using cast
+        via union if type does not need reffing; (3) copy with memcpy and ref/deref manually if type
+        needs reffing. This is ok peref-wise because memcpy of a constant length gets optomized.
+        HashTraits are now expected to make ref()/deref() take the storage type, not the true type.
+        * wtf/HashSet.h:
+        (WTF::): Same basic idea.
+        * wtf/HashTable.h:
+        (WTF::): Added Assigner template for use by HashMap/HashSet. Change RefCounter to call ref()
+        and deref() via storage type, avoiding the need to
+        type-pun.
+        (WTF::RefCounter::ref): ditto
+        (WTF::RefCounter::deref): ditto
+        * wtf/HashTraits.h:
+        (WTF::): Change ref() and deref() for RefPtr HashTraits to take the storage type; cast
+        via union to pointer type.
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::init): Changed from constructor to init function so this can go in a union.
+        (WTF::): redefine pageheap macro in terms of getPageHeap().
+        (WTF::getPageHeap): new inline function, helper for pageheap macro. This hides the cast in a union.
+        (WTF::TCMalloc_ThreadCache::InitModule): Call init() instead of using placement new to initialize page
+        heap.
+        * wtf/TCPageMap.h:
+        (TCMalloc_PageMap1::init): Changed from constructor to init function.
+        (TCMalloc_PageMap2::init): ditto
+        (TCMalloc_PageMap3::init): ditto
+
+
+2007-07-06  George Staikos  <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        Switch USE(ICONDATABASE) to ENABLE(ICONDATABASE)
+
+        * wtf/Platform.h:
+
+2007-07-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Eleventh round of fixes for implicit 64-32 bit conversion errors.
+        <rdar://problem/5292262>
+
+        - Fixes a real bug where where we were setting long long and unsigned long long
+          values to a long field.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+
+2007-07-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Brady Eidson.
+
+        Tenth round of fixes for implicit 64-32 bit conversion errors.
+        <rdar://problem/5292262>
+
+        - Add explicit casts.
+
+        * kjs/dtoa.cpp:
+        (Bigint::):
+
+2007-07-02  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Kevin McCullough.
+
+        Fourth round of fixes for implicit 64-32 bit conversion errors.
+        <rdar://problem/5292262>
+
+        Add custom piDouble and piFloat constants to use instead of M_PI.
+
+        * kjs/math_object.cpp:
+        (MathObjectImp::getValueProperty):
+        * wtf/MathExtras.h:
+        (wtf_atan2):
+
+2007-06-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Second pass at fixing implicit 64-32 bit conversion errors.
+        <rdar://problem/5292262>
+
+        - Add a toFloat() method to JSValue for float conversion.
+
+        * JavaScriptCore.exp:
+        * kjs/value.cpp:
+        (KJS::JSValue::toFloat):
+        * kjs/value.h:
+
+2007-06-27  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - <rdar://problem/5271937> REGRESSION: Apparent WebKit JavaScript memory smasher when submitting comment to iWeb site (crashes in kjs_pcre_compile2)
+        - Correctly evaluate the return value of _pcre_ucp_findchar.
+
+        * pcre/pcre_compile.c:
+        (compile_branch):
+        * pcre/pcre_exec.c:
+        (match):
+
+2007-06-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        First pass at fixing implicit 64-32 bit conversion errors.
+        <rdar://problem/5292262>
+
+        - Add 'f' suffix where necessary.
+
+        * kjs/testkjs.cpp:
+        (StopWatch::getElapsedMS):
+
+2007-06-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/5296627> JSGarbageCollect headerdoc suggests that 
+        using JavaScriptCore requires leaking memory
+
+        * API/JSBase.h: Changed documentation to explain that you can pass NULL
+        to JSGarbageCollect.
+
+2007-06-26  Adam Treat  <adam@staikos.net>
+
+        Reviewed by Adam Roben.
+
+        Make the SQLite icon database optional.
+
+        * wtf/Platform.h:
+
+2007-06-15  George Staikos  <staikos@kde.org>
+
+        More missing files for Qt.
+
+        * JavaScriptCore.pri:
+        * kjs/testkjs.pro:
+
+2007-06-15  George Staikos  <staikos@kde.org>
+
+        Another Qt build fix.
+
+        * JavaScriptCore.pri:
+        * kjs/testkjs.pro:
+
+2007-06-15  George Staikos  <staikos@kde.org>
+
+        Fixing Qt build.
+
+        * JavaScriptCore.pri:
+
+2007-06-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Mitz.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=14244
+        Bug 14244: Data corruption when using a replace() callback function with data containing "$"
+
+        * kjs/string_object.cpp:
+        (KJS::replace):  When 'replacement' is a function, do not replace $n placeholders in its return value.
+        This matches the behaviour described in ECMA 262 3rd Ed section 15.5.4.1, and as implemented in Firefox.
+
+2007-06-14  Anders Carlsson  <andersca@apple.com>
+
+        Fix Windows build.
+        
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::canPut):
+
+2007-06-14  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5103077> 
+        Crash at _NPN_ReleaseObject when quitting page at http://eshop.macsales.com/shop/ModBook
+        
+        <rdar://problem/5183692>
+        http://bugs.webkit.org/show_bug.cgi?id=13547
+        REGRESSION: Crash in _NPN_ReleaseObject when closing Safari on nba.com (13547)
+        
+        <rdar://problem/5261499>
+        CrashTracer: [USER] 75 crashes in Safari at com.apple.JavaScriptCore: KJS::Bindings::CInstance::~CInstance + 40
+        
+        Have the root object track all live instances of RuntimeObjectImp. When invalidating 
+        the root object, also invalidate all live runtime objects by zeroing out their instance ivar.
+        This prevents instances from outliving their plug-ins which lead to crashes.
+        
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant):
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::convertValueToJObject):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertValueToJValue):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::callAsFunction):
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::RuntimeArray):
+        * bindings/runtime_array.h:
+        (KJS::RuntimeArray::getConcreteArray):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::callAsFunction):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::~RuntimeObjectImp):
+        (RuntimeObjectImp::invalidate):
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::getOwnPropertySlot):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::defaultValue):
+        (RuntimeObjectImp::implementsCall):
+        (RuntimeObjectImp::callAsFunction):
+        (RuntimeObjectImp::getPropertyNames):
+        (RuntimeObjectImp::throwInvalidAccessError):
+        * bindings/runtime_object.h:
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::RootObject::invalidate):
+        (KJS::Bindings::RootObject::addRuntimeObject):
+        (KJS::Bindings::RootObject::removeRuntimeObject):
+        * bindings/runtime_root.h:
+
+2007-06-14  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Mitz.
+
+        <rdar://problem/5244948>
+        Safari keeps on complaining about slow script playing NBC TV video (14133)
+
+        http://bugs.webkit.org/show_bug.cgi?id=14133
+        Runaway JavaScript timer fires when spinning around in Google Maps street view
+
+        Make sure to start and stop the timeout checker around calls to JS.
+        
+        * bindings/NP_jsobject.cpp:
+        (_NPN_InvokeDefault):
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::call):
+        (JavaJSObject::eval):
+
+2007-06-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=14132
+          array sort with > 10000 elements sets elements > 10000 undefined
+
+        Test: fast/js/sort-large-array.html
+
+        * kjs/array_instance.h: Replaced pushUndefinedObjectsToEnd with
+        compactForSorting, and removed ExecState parameters.
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::sort): Changed to call compactForSorting.
+        (ArrayInstance::compactForSorting): Do the get and delete of the
+        properties directly on the property map instead of using public
+        calls from JSObject. The public calls would just read the undefined
+        values from the compacted sort results array!
+
+2007-06-13  George Staikos  <staikos@kde.org>
+
+        Reviewed by Lars.
+
+        Fix Mac OS X build after last checkin.
+
+        * wtf/FastMalloc.h:
+
+2007-06-14  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by Maciej.
+
+        Disable FastMalloc for the Qt build and make sure we
+        don't reimplement the global new/delete operators
+        when using the system malloc.
+
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/Platform.h:
+
+2007-06-13  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Make sure that bindings instances get correct root objects.
+        
+        * JavaScriptCore.exp:
+        * bindings/NP_jsobject.cpp:
+        (listFromVariantArgs):
+        (_NPN_InvokeDefault):
+        (_NPN_Invoke):
+        (_NPN_SetProperty):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::invokeMethod):
+        (KJS::Bindings::CInstance::invokeDefaultMethod):
+        * bindings/c/c_runtime.cpp:
+        (KJS::Bindings::CField::valueFromInstance):
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertNPVariantToValue):
+        * bindings/c/c_utility.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcArray::valueAt):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.h:
+
+2007-06-13  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Lars.
+
+        * kjs/testkjs.pro: WebKitQt is now called QtWebKit.
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Another build fix.
+        
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Move the notion of field type to the JNI runtime since that's the only 
+        one that was actually using it.
+        
+        * bindings/c/c_runtime.h:
+        (KJS::Bindings::CField::CField):
+        * bindings/jni/jni_runtime.h:
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        * bindings/qt/qt_runtime.h:
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Build fix.
+        
+        * bindings/qt/qt_class.cpp:
+        (KJS::Bindings::QtClass::methodsNamed):
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Oliver.
+        
+        Get rid of the MethodList class and use a good ol' Vector instead.
+
+        * bindings/c/c_class.cpp:
+        (KJS::Bindings::CClass::methodsNamed):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::invokeMethod):
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::JavaClass):
+        (JavaClass::~JavaClass):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::callAsFunction):
+        * bindings/runtime.cpp:
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::lengthGetter):
+        (RuntimeMethod::callAsFunction):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::getOwnPropertySlot):
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Make RuntimeMethod's method list a pointer so that the object size doesn't
+        grow beyond 32 bytes when we later will replace MethodList with a Vector.
+        
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::RuntimeMethod):
+        (RuntimeMethod::lengthGetter):
+        (RuntimeMethod::callAsFunction):
+        * bindings/runtime_method.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Get rid of the Parameter class.
+        
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::signature):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaParameter::JavaParameter):
+        (KJS::Bindings::JavaParameter::~JavaParameter):
+        (KJS::Bindings::JavaParameter::type):
+        (KJS::Bindings::JavaMethod::parameterAt):
+        (KJS::Bindings::JavaMethod::numParameters):
+        * bindings/runtime.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Build fix.
+        
+        * bindings/qt/qt_class.h:
+
+2007-06-12  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.
+
+        * bindings/objc/objc_runtime.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Get rid of Constructor and its only subclass JavaConstructor.
+        
+        * bindings/c/c_class.h:
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::JavaClass):
+        (JavaClass::~JavaClass):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_runtime.cpp:
+        * bindings/jni/jni_runtime.h:
+        * bindings/objc/objc_class.h:
+        * bindings/runtime.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Use RetainPtr throughout the bindings code.
+        
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::ObjcClass):
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fieldNamed):
+        * bindings/objc/objc_instance.h:
+        (KJS::Bindings::ObjcInstance::getObject):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::ObjcInstance):
+        (ObjcInstance::~ObjcInstance):
+        (ObjcInstance::implementsCall):
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::defaultValue):
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcMethod::setJavaScriptName):
+        (KJS::Bindings::ObjcMethod::javaScriptName):
+        (KJS::Bindings::ObjcArray::getObjcArray):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::name):
+        (ObjcArray::ObjcArray):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+        (ObjcArray::getLength):
+        * wtf/RetainPtr.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Maciej.
+
+        Have JSCell inherit from Noncopyable.
+        
+        * bindings/objc/objc_runtime.h:
+        * bindings/runtime_object.h:
+        * kjs/value.h:
+
+2007-06-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin and Maciej.
+
+        More cleanup. Use our Noncopyable WTF class, add a root object member
+        to the Array class.
+        
+        * bindings/c/c_class.h:
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::JavaArray):
+        * bindings/jni/jni_runtime.h:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcArray::ObjcArray):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Array::Array):
+        (KJS::Bindings::Array::~Array):
+        * bindings/runtime.h:
+        * bindings/runtime_object.h:
+        * bindings/runtime_root.h:
+
+2007-06-08  Zack Rusin  <zrusin@trolltech.com>
+
+        Fix the Qt build
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::QtInstance):
+        * bindings/qt/qt_instance.h:
+
+2007-06-07  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Get rid of Instance::setRootObject and pass the root object to the instance constructor instead.
+        
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::CInstance):
+        * bindings/c/c_instance.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::convertJObjectToValue):
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::ObjcInstance):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::Instance):
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        * bindings/runtime.h:
+
+2007-06-07  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        Don't use a JavaInstance to store the field when all we want to do is to keep the field
+        from being garbage collected. Instead, use a JObjectWrapper.
+        
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::JavaField):
+        (JavaField::dispatchValueFromInstance):
+        (JavaField::dispatchSetValueToInstance):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaField::JavaField):
+        (KJS::Bindings::JavaField::operator=):
+
+2007-05-30  Alp Toker  <alp.toker@collabora.co.uk>
+
+        Reviewed by Brady.
+
+        Enable logging in the Gdk port.
+        http://bugs.webkit.org/show_bug.cgi?id=13936
+
+        * wtf/Assertions.cpp:
+        * wtf/Assertions.h: Add WTFLogVerbose which also logs
+        the file, line number and function.
+
+2007-05-30  Mark Rowe  <mrowe@apple.com>
+
+        Mac build fix.  Update #include.
+
+        * API/JSCallbackFunction.h:
+
+2007-05-30  Luciano Montanaro  <mikelima@cirulla.net>
+
+        Reviewed by Maciej.
+
+        - cross-port Harri Porten's commits 636099 and 636108 from KJS: 
+        "publish a class anyway public already" and "class is being used from
+        outside for quite some time" in preparation for further syncronizations
+
+        * kjs/context.h:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/function.h:
+        (KJS::):
+        (KJS::InternalFunctionImp::classInfo):
+        (KJS::InternalFunctionImp::functionName):
+        * kjs/function_object.h:
+        * kjs/internal.h:
+        * kjs/lookup.h:
+        (KJS::getStaticPropertySlot):
+        (KJS::getStaticFunctionSlot):
+        (KJS::getStaticValueSlot):
+        * kjs/object_object.h:
+
+2007-05-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Cleanup function and fix to match comparison API.
+
+        * kjs/string_object.cpp:
+        (KJS::substituteBackreferences):
+        (KJS::localeCompare):
+
+2007-05-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Slight clarification to an exception message.
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::put):
+
+2007-05-27  Holger Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark Rowe.
+
+        * wtf/Platform.h: Move Gdk up to allow building WebKit/Gdk on Darwin
+
+2007-05-27  Darin Adler  <darin@apple.com>
+
+        - fix a couple ifdefs that said WIN instead of WIN_OS
+
+        * kjs/collector.cpp:
+        (KJS::allocateBlock): WIN -> WIN_OS
+        (KJS::freeBlock): Ditto.
+
+2007-05-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Patch for http://bugs.webkit.org/show_bug.cgi?id=13854
+        Port of commit 667785 from kjs
+
+        - special case calling String.localeCompare() with no parameters to return 0.
+
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction):
+
+2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by Darin.
+
+        - Fix for http://bugs.webkit.org/show_bug.cgi?id=13456
+        REGRESSION: setTimeout "arguments" object gets shadowed by a local variable
+
+        - Add a explicit check for arguments. Previously check was done with getDirect,
+        but since the arguments is created on-demand in ActivationImp, it doesn't
+        show up in the test. 'arguments' should always be in the VarDeclNode's
+        evaluation scope.
+
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate): Additional check if the var decl identifier is 'arguments'
+
+2007-05-25  George Staikos  <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        - Use COMPILER(GCC), not PLATFORM(GCC) - as Platform.h defines
+
+        * wtf/FastMalloc.h:
+
+2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=13623 (Decompilation of function
+          doesn't compile with "++(x,y)")
+        - Create the error node based on the actual node, not the node inside
+          parenthesis
+        - Fix applies to postfix, prefix and typeof operators
+        - Produces run-time ReferenceError like other non-lvalue assignments etc.
+
+        * kjs/grammar.y: Create {Prefix,Postfix}ErrorNode based on the actual node,
+        not the based on the node returned by "nodeInsideAllParens()". Same for
+        TypeOfValueNode.
+
+2007-05-25  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        Fix crash in Qt JavaScript bindings when the arguments used on the Qt side are not
+        registered with QMetaType.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+        * bindings/qt/qt_runtime.cpp:
+
+2007-05-24  Luciano Montanaro  <mikelima@cirulla.net>
+
+        Reviewed by Darin
+
+        Patch for http://bugs.webkit.org/show_bug.cgi?id=13855
+        Port patch 666176 to JavaScriptCore
+
+        - Renamed JSValue::downcast() to JSValue::asCell() which makes the
+        function meaning cleaner. It's modeled after Harri Porten change in 
+        KDE trunk.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::protect):
+        (KJS::Collector::unprotect):
+        (KJS::Collector::collectOnMainThreadOnly):
+        * kjs/object.h:
+        (KJS::JSValue::isObject):
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction):
+        * kjs/value.h:
+        (KJS::JSValue::asCell):
+        (KJS::JSValue::isNumber):
+        (KJS::JSValue::isString):
+        (KJS::JSValue::isObject):
+        (KJS::JSValue::getNumber):
+        (KJS::JSValue::getString):
+        (KJS::JSValue::getObject):
+        (KJS::JSValue::getUInt32):
+        (KJS::JSValue::mark):
+        (KJS::JSValue::marked):
+        (KJS::JSValue::type):
+        (KJS::JSValue::toPrimitive):
+        (KJS::JSValue::toBoolean):
+        (KJS::JSValue::toNumber):
+        (KJS::JSValue::toString):
+        (KJS::JSValue::toObject):
+
+2007-05-18  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark Rowe.
+
+        * kjs/testkjs.pro: Make the Gdk port link to icu
+
+2007-05-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adele Peterson.
+        
+        It helps if you swap the right variable.
+
+        * wtf/HashSet.h:
+        (WTF::::operator):
+
+2007-05-15  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by Zack
+
+        Extend the QObject JavaScript bindings to work for slots with
+        arguments.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+
+2007-05-14  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by Darin.
+
+        - Fixes http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler
+          omits trailing comma in array literal)
+
+         * kjs/nodes2string.cpp:
+         (ArrayNode::streamTo): print extra ',' in case there was elision
+         commas (check opt member var) and array elements present
+         in the array expression
+
+2007-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Added HashMap::swap and HashSet::swap. WebCore now uses HashSet::swap.
+        I figured while I was in the neighborhood I might as well add HashMap::swap,
+        too.
+
+        * wtf/HashMap.h:
+        (WTF::::operator):
+        (WTF::::swap):
+        * wtf/HashSet.h:
+        (WTF::::operator):
+        (WTF::::swap):
+
+2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by Darin.
+
+        - Fix for bug http://bugs.webkit.org/show_bug.cgi?id=13620
+          Bogus decompilation of "for (var j = 1 in [])"
+        - ForInNode toString()'ed to syntax error if there was var decl
+          and initializer
+        - ForNode toStringed()'ed lost 'var ' if it was present
+
+        * kjs/nodes2string.cpp:
+        (VarDeclListNode::streamTo): Print "var " here
+        (VarStatementNode::streamTo): Don't print "var " here
+        (ForNode::streamTo): Remove TODO comment, VarDeclListNode will
+        stream the "var "
+        (ForInNode::streamTo): ForIn initializer is printed by VarDeclNode
+
+2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by Darin.
+
+        - Fixes http://bugs.webkit.org/show_bug.cgi?id=10878
+          (Incorrect decompilation for "4..x")
+        - Group numbers in dotted expressions in toString() output, so we
+          avoid the 4.x constructs  when the original input is 4..x.
+          4..x means the same as 4. .x or (4).x or Number(4).x
+
+        * kjs/nodes2string.cpp:
+        (KJS::SourceStream::):
+        Add boolean flag to indicate that if next item is a number, it should be grouped.
+        Add new formatting enum which turns on the boolean flag.
+        (KJS::SourceStream::SourceStream): Added. Initialize the flag.
+        (SourceStream::operator<<): Added. New overloaded operator with double value as parameter.
+        (NumberNode::streamTo): Use the double operator
+        (ArrayNode::streamTo):
+        (DotAccessorNode::streamTo):
+        (FunctionCallDotNode::streamTo):
+        (FunctionCallParenDotNode::streamTo):
+        (PostfixDotNode::streamTo):
+        (DeleteDotNode::streamTo):
+        (PrefixDotNode::streamTo):
+        (AssignDotNode::streamTo): Use the new formatting enum to turn on the grouping flag.
+
+2007-05-10  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by Zack
+
+        Fix our last three test failures in the JavaScript
+        tests.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+
+2007-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed #includes of JSStringRefCF.h and use of CF datatypes. I think I 
+        misunderstood this issue before.
+
+        * API/JavaScriptCore.h: #include JSStringRefCF.h. Platforms that don't
+        want this behavior can just #include individual headers, instead of the
+        umbrella framework header. But we definitely want Mac OS X clients to
+        get the #include of JSStringRefCF.h "for free."
+        * API/minidom.c: Don't #include JSStringRefCF.h. (Don't need to #include
+        JavaScriptCore.h, either.)
+        * API/testapi.c: Don't #include JSStringRefCF.h. Do use CF datatypes
+        regardless of whether __APPLE__ is defined. Platforms that don't support
+        CF just shouldn't compile this file.
+        (main):
+
+2007-05-09  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+        
+        http://bugs.webkit.org/show_bug.cgi?id=6985
+        Cyclic __proto__ values cause WebKit to hang
+
+        * kjs/object.cpp:
+        (KJS::JSObject::put): do a cycle check before setting __proto__
+
+2007-05-08  Kimmo Kinnunen  <kimmok@iki.fi>
+
+        Reviewed by darin.  Landed by eseidel.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=10880 (Do..while loop gains 
+        a semicolon each time it is toStringed)
+        Grammar in Ecma-66262, 12.6: "do Statement while ( Expression );"
+        EmptyStatement was created after every do..while(expr) which
+        had semicolon at the end.
+
+        * kjs/grammar.y: Require semicolon at the end of do..while
+
+2007-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix -- this time for sure.
+        
+        APICast.h, being private, ends up in a different folder than JSValueRef.h,
+        so we can't include one from the other using "". Instead, just forward
+        declare the relevant data types.
+
+        * API/APICast.h:
+
+2007-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: export APICast.h for WebCore and WebKit.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-05-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adele.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12821
+          <rdar://problem/5007921> Number.toExponential doesn't work for negative numbers
+
+        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
+        Added a call to fabs before calling log10.
+
+2007-05-03  Holger Freyther <freyther@kde.org>
+
+        Reviewed by Zack, landed by Simon.
+        This is bugzilla bug 13499.
+
+        * JavaScriptCore.pri: Place Qt into the qt-port scope
+        * bindings/testbindings.pro: Place Qt into the qt-port scope
+        * kjs/testkjs.pro: Place Qt into the qt-port scope
+        * pcre/pcre.pri: Place Qt into the qt-port scope
+
+2007-05-02  David Harrison  <harrison@apple.com>
+
+        Reviewed by Antti.
+
+        <rdar://problem/5174862> Crash resulting from DeprecatedString::insert()
+
+        Added insertion support for more than one value.
+        
+        * wtf/Vector.h:
+        (WTF::::insert):
+        Added support for inserting multiple values.
+        
+        (WTF::::prepend):
+        New. Insert at the start of vectors. Convenient for vectors used as strings.
+
+2007-05-01  Jungshik Shin  <jungshik.shin@gmail.com>
+
+        Reviewed by Alexey.
+
+        - get rid of non-ASCII lteral characters : suppress compiler warnings
+        http://bugs.webkit.org/show_bug.cgi?id=13551
+         
+        * kjs/testkjs.cpp:
+        * pcre/pcre_compile.c:
+
+2007-04-28  Jungshik Shin  <jungshik.shin@gmail.com>
+
+        Reviewed by Sam Weinig.
+
+        - Replace copyright sign in Latin-1 (0xA9) with '(C)'
+        http://bugs.webkit.org/show_bug.cgi?id=13531
+
+        * bindings/npruntime.h:
+    
+2007-04-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix <rdar://problem/5154144> Hamachi test fails: assertion failure in ListHashSet
+
+        Test: fast/forms/add-remove-form-elements-stress-test.html
+
+        * wtf/ListHashSet.h:
+        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator): Initialize
+        m_isDoneWithInitialFreeList to false.
+        (WTF::ListHashSetNodeAllocator::allocate): Added assertions based on a debug-only
+        m_isAllocated flag that make sure we don't allocate a block that's already allocated.
+        These assertions helped pinpoint the bug. Set m_isDoneWithInitialFreeList when we
+        allocate the last block of the initial free list. Once we're done with the initial
+        free list, turn off the rule that says that the next node in the pool after the last
+        node in the free list is also free. This rule works because any free nodes are added
+        to the head of the free list, so a node that hasn't been allocated even once is always
+        at the tail of the free list and all the nodes after it also haven't been allocated
+        even once. But it doesn't work any longer once the entire pool has been used at least
+        once, because there's nothing special about the last node on the free list any more.
+        (WTF::ListHashSetNodeAllocator::deallocate): Set the node's m_isAllocated to false.
+        (WTF::ListHashSetNodeAllocator::pastPool): Added. Used above.
+        (WTF::ListHashSetNodeAllocator::inPool): Changed to use the pastPool function.
+        (WTF::ListHashSetNode::ListHashSetNode): Initialize m_isAllocated to true.
+        (WTF::ListHashSetNode::operator new): Removed variable name for unused size
+        parameter.
+        (WTF::ListHashSetNode::destroy): Changed to call the destructor rather than
+        delete -- this gets rid of the need to define an operator delete.
+
+2007-04-27  Christopher Brichford  <chrisb@adobe.com>
+
+        Reviewed by Timothy Hatcher.
+
+        Fix for: Bug 13211: Move JavaScriptCore mac project files for apollo port
+        http://bugs.webkit.org/show_bug.cgi?id=13211
+
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Debug.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Release.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcodeproj/project.pbxproj: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Removed.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Removed.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Removed.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Removed.
+
+2007-04-27  Holger Freyther <freyther@kde.org>
+
+        Reviewed by Maciej.
+
+        Remove unmaintained CMake build system.
+
+        * CMakeLists.txt: Removed.
+        * pcre/CMakeLists.txt: Removed.
+
+2007-04-27  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Improve dependencies in Xcode project
+        by marking dftables as a dependency of Generate Derived Sources rather than of
+        JavaScriptCore itself.
+
+2007-04-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix -- added #includes that we used to get implicitly through
+        JSStringRef.h.
+
+        * API/JSNode.c:
+        * API/JSNodeList.c:
+        * API/minidom.c:
+        * API/testapi.c:
+
+2007-04-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak, Adam Roben.
+        
+        Fixed 
+        <rdar://problem/4885130> Remove #include of JSStringRefCF.h from JSStringRef.h
+        <rdar://problem/4885123> JavaScriptCore is not cross-platform -- JSStringRef.h references CF datatypes
+
+        * API/JSStringRef.h: Removed #include -- no clients need it anymore.
+
+2007-04-25  David Kilzer  <ddkilzer@apple.com>
+
+        Reviewed by Maciej.
+
+        Add assertions for debug builds.
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::lock): Assert the return value of pthread_mutex_lock() in debug builds.
+        (KJS::JSLock::unlock): Assert the return value of pthread_mutex_unlock() in debug builds.
+
+2007-04-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - fix build problems
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable warning that
+        gives often downright incorrect results based on guessing what will happen in 64-bit.
+
+2007-04-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - tweak the allocator for a small speedup -- Shark showed this was a win, but I can't
+          measure an improvement right now, but it's also clear these changes do no harm
+
+        * wtf/FastMalloc.cpp:
+        (WTF::LgFloor): Use ALWAYS_INLINE here; in testing I did a while back this was necessary
+        to get this single-instruction function to be inlined.
+        (WTF::SizeClass): Use ALWAYS_INLINE here too for the same reason. Also change the special
+        case for a size of 0 to work without a branch for a bit of extra speed.
+        (WTF::ByteSizeForClass): Use ALWAYS_INLINE here too for the same reason.
+
+2007-04-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - use custom calling convention for everything in nodes.cpp on intel gcc for 1.5% speed boost
+
+        Nearly all functions in nodes.cpp were marked up to use the
+        regparm(3) calling convention under GCC for x86, since this is
+        faster and they are all guaranteed to be called only internally to
+        kjs.
+        
+        The only exception is destructors, since delete doesn't know how to use a custom calling convention.
+        
+        * kjs/nodes.cpp:
+        (dotExprDoesNotAllowCallsString):
+        * kjs/nodes.h:
+        (KJS::Node::):
+        (KJS::StatementNode::):
+        (KJS::NullNode::):
+        (KJS::BooleanNode::):
+        (KJS::NumberNode::):
+        (KJS::StringNode::):
+        (KJS::RegExpNode::):
+        (KJS::ThisNode::):
+        (KJS::ResolveNode::):
+        (KJS::GroupNode::):
+        (KJS::ElementNode::):
+        (KJS::ArrayNode::):
+        (KJS::PropertyNameNode::):
+        (KJS::PropertyNode::):
+        (KJS::PropertyListNode::):
+        (KJS::ObjectLiteralNode::):
+        (KJS::BracketAccessorNode::):
+        (KJS::DotAccessorNode::):
+        (KJS::ArgumentListNode::):
+        (KJS::ArgumentsNode::):
+        (KJS::NewExprNode::):
+        (KJS::FunctionCallValueNode::):
+        (KJS::FunctionCallResolveNode::):
+        (KJS::FunctionCallBracketNode::):
+        (KJS::FunctionCallParenBracketNode::):
+        (KJS::FunctionCallDotNode::):
+        (KJS::FunctionCallParenDotNode::):
+        (KJS::PostfixResolveNode::):
+        (KJS::PostfixBracketNode::):
+        (KJS::PostfixDotNode::):
+        (KJS::PostfixErrorNode::):
+        (KJS::DeleteResolveNode::):
+        (KJS::DeleteBracketNode::):
+        (KJS::DeleteDotNode::):
+        (KJS::DeleteValueNode::):
+        (KJS::VoidNode::):
+        (KJS::TypeOfResolveNode::):
+        (KJS::TypeOfValueNode::):
+        (KJS::PrefixResolveNode::):
+        (KJS::PrefixBracketNode::):
+        (KJS::PrefixDotNode::):
+        (KJS::PrefixErrorNode::):
+        (KJS::UnaryPlusNode::):
+        (KJS::NegateNode::):
+        (KJS::BitwiseNotNode::):
+        (KJS::LogicalNotNode::):
+        (KJS::MultNode::):
+        (KJS::AddNode::):
+        (KJS::ShiftNode::):
+        (KJS::RelationalNode::):
+        (KJS::EqualNode::):
+        (KJS::BitOperNode::):
+        (KJS::BinaryLogicalNode::):
+        (KJS::ConditionalNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::AssignBracketNode::):
+        (KJS::AssignDotNode::):
+        (KJS::AssignErrorNode::):
+        (KJS::CommaNode::):
+        (KJS::AssignExprNode::):
+        (KJS::VarDeclListNode::):
+        (KJS::VarStatementNode::):
+        (KJS::EmptyStatementNode::):
+        (KJS::ExprStatementNode::):
+        (KJS::IfNode::):
+        (KJS::DoWhileNode::):
+        (KJS::WhileNode::):
+        (KJS::ForNode::):
+        (KJS::ContinueNode::):
+        (KJS::BreakNode::):
+        (KJS::ReturnNode::):
+        (KJS::WithNode::):
+        (KJS::LabelNode::):
+        (KJS::ThrowNode::):
+        (KJS::TryNode::):
+        (KJS::ParameterNode::):
+        (KJS::Parameter::):
+        (KJS::FunctionBodyNode::):
+        (KJS::FuncExprNode::):
+        (KJS::FuncDeclNode::):
+        (KJS::SourceElementsNode::):
+        (KJS::CaseClauseNode::):
+        (KJS::ClauseListNode::):
+        (KJS::SwitchNode::):
+
+2007-04-24  Oliver Hunt  <oliver@apple.com>
+
+        GTK Build fix, ::findEntry->KJS::findEntry
+
+        * kjs/lookup.cpp:
+        (KJS::Lookup::findEntry):
+        (KJS::Lookup::find):
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - compile most of JavaScriptCore as one file for 4% JS iBench speed improvement 
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add AllInOneFile.cpp, and remove files it includes
+        from the build.
+        * kjs/AllInOneFile.cpp: Added.
+        * kjs/dtoa.cpp: Renamed CONST to CONST_ to avoid conflict.
+        (Bigint::):
+        (Bigint::nrv_alloc):
+        * kjs/lookup.cpp: Use "namspace KJS { ... }" instead of "using namespace KJS;" 
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Build fix, not reviewed.
+
+        * kjs/collector.h: Fix struct/class mismatch.
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - raise ALLOCATIONS_PER_COLLECTION to 4000, for 3.7% iBench speed improvement
+         
+        Now that the cell size is smaller and the block size is bigger, we can fit 4000 objects in
+        the two spare cells the collector is willing to keep around, so collect a bit less often.
+        
+        * kjs/collector.cpp:
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin and Geoff.
+        
+        - move mark and collectOnMainThreadOnly bits into separate bitmaps
+        
+        This saves 4 bytes per cell, allowing shrink of cell size to 32,
+        which leads to a .8% speed improvement on iBench.
+        
+        This is only feasible because of all the previous changes on the branch.
+
+        * kjs/collector.cpp:
+        (KJS::allocateBlock): Adjust for some renames of constants. 
+        (KJS::Collector::markStackObjectsConservatively): Now that cells are 32 bytes (64 
+        bytes on 64-bit) the cell alignment check can be made much more strict, and also
+        obsoletes the need for a % sizeof(CollectorCell) check. Also, we can mask off the low
+        bits of the pointer to have a potential block pointer to look for.
+        (KJS::Collector::collectOnMainThreadOnly): Use bitmap.
+        (KJS::Collector::markMainThreadOnlyObjects): Use bitmap.
+        (KJS::Collector::collect): When sweeping, use bitmaps directly to find mark bits.
+        * kjs/collector.h:
+        (KJS::): Move needed constants and type declarations here.
+        (KJS::CollectorBitmap::get): Bit twiddling to get a bitmap value.
+        (KJS::CollectorBitmap::set): Bit twiddling to set a bitmap bit to true.
+        (KJS::CollectorBitmap::clear): Bit twiddling to set a bitmap bit to false.
+        (KJS::CollectorBitmap::clearAll): Clear whole bitmap at one go.
+        (KJS::Collector::cellBlock): New operation, compute the block pointer for
+        a cell by masking off low bits.
+        (KJS::Collector::cellOffset): New operation, compute the cell offset for a
+        cell by masking off high bits and dividing (actually a shift).
+        (KJS::Collector::isCellMarked): Check mark bit in bitmap
+        (KJS::Collector::markCell): Set mark bit in bitmap.
+        * kjs/value.h:
+        (KJS::JSCell::JSCell): No more bits.
+        (KJS::JSCell::marked): Let collector handle it.
+        (KJS::JSCell::mark): Let collector handle it.
+
+2007-04-23  Anders Carlsson  <andersca@apple.com>
+
+        Build fix.
+        
+        * kjs/regexp_object.h:
+        RegExpObjectImpPrivate is a struct, not a class.
+        
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - shrink FunctionImp / DeclaredFunctionImp by 4 bytes, by moving parameter list to function body
+        
+        I reconciled this with a similar change in KDE kjs by Maks Orlovich <maksim@kde.org>.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::passInParameters):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::getParameterName):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (FunctionProtoFunc::callAsFunction):
+        (FunctionObjectImp::construct):
+        * kjs/nodes.cpp:
+        (FunctionBodyNode::addParam):
+        (FunctionBodyNode::paramString):
+        (FuncDeclNode::addParams):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::addParams):
+        (FuncExprNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::Parameter::Parameter):
+        (KJS::FunctionBodyNode::numParams):
+        (KJS::FunctionBodyNode::paramName):
+        (KJS::FunctionBodyNode::parameters):
+        (KJS::FuncExprNode::FuncExprNode):
+        (KJS::FuncDeclNode::FuncDeclNode):
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable 64-bit warnings because
+        they handle size_t badly.
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+ 
+        Reviewed by Darin.
+
+        - shrink RegexpObjectImp by 4 bytes
+        
+        Somewhat inexplicably, this seems to be a .33% speedup on JS iBench.
+        
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate):
+        (RegExpObjectImp::RegExpObjectImp):
+        (RegExpObjectImp::performMatch):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::getBackref):
+        (RegExpObjectImp::getLastMatch):
+        (RegExpObjectImp::getLastParen):
+        (RegExpObjectImp::getLeftContext):
+        (RegExpObjectImp::getRightContext):
+        (RegExpObjectImp::getValueProperty):
+        (RegExpObjectImp::putValueProperty):
+        * kjs/regexp_object.h:
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - change to 1-bit bitfields instead of 8-bit, this turns out to lead to a .51% speedup on JS iBench
+        
+        The 1-bit bitfields are actually faster than just plain bools, at least on Intel (go figure).
+
+        * kjs/property_map.h:
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+       
+        - shrink ArrayInstance objects by 4 bytes
+        http://bugs.webkit.org/show_bug.cgi?id=13386
+        
+        I did this by storing the capacity before the beginning of the storage array. It turns out
+        it is rarely needed and is by definition 0 when the storage array is null.
+ 
+        * kjs/array_instance.h:
+        (KJS::ArrayInstance::capacity): Get it from the secret stash
+        * kjs/array_object.cpp:
+        (allocateStorage): New function to encapsulate allocating the storage with extra space ahead
+        for the capacity.
+        (reallocateStorage): ditto for realloc
+        (ArrayInstance::ArrayInstance):
+        (ArrayInstance::~ArrayInstance):
+        (ArrayInstance::resizeStorage):
+
+2007-04-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix <rdar://problem/4840688> REGRESSION (r10588, r10621): JavaScript won't parse
+          modifications of non-references (breaks 300themovie.warnerbros.com, fedex.com)
+
+        Despite the ECMAScript specification's claim that you can treat these as syntax
+        errors, doing so creates some website incompatibilities. So this patch turns them back
+        into evaluation errors instead.
+
+        Test: fast/js/modify-non-references.html
+
+        * kjs/grammar.y: Change makeAssignNode, makePrefixNode, and makePostfixNode so that they
+        never fail to parse. Update rules that use them. Fix a little bit of indenting. Use
+        new PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.
+
+        * kjs/nodes.h: Added an overload of throwError that takes a char* argument.
+        Replaced setExceptionDetailsIfNeeded and debugExceptionIfNeeded with handleException,
+        which does both. Added PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.
+
+        * kjs/nodes.cpp: Changed exception macros to use handleException; simpler and smaller
+        code size than the two functions that we used before.
+        (Node::throwError): Added the overload mentioned above.
+        (Node::handleException): Added. Contains the code from both setExceptionDetailsIfNeeded
+        and debugExceptionIfNeeded.
+        (PostfixErrorNode::evaluate): Added. Throws an exception.
+        (PrefixErrorNode::evaluate): Ditto.
+        (AssignErrorNode::evaluate): Ditto.
+        (ThrowNode::execute): Call handleException instead of debugExceptionIfNeeded; this
+        effectively adds a call to setExceptionDetailsIfNeeded, which may help with getting
+        the correct file and line number for these exceptions.
+
+        * kjs/nodes2string.cpp:
+        (PostfixErrorNode::streamTo): Added.
+        (PrefixErrorNode::streamTo): Added.
+        (AssignErrorNode::streamTo): Added.
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fix test failures / crashes on PPC
+
+        * kjs/property_map.h: Make the bool fields explicitly 8-bit bitfields, since bool is a full
+        word there otherwise :-(
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fix more test case failures
+
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::RuntimeArray): inherit from JSObject instead of ArrayInstance; it turns
+        out that this class only needs the prototype and classInfo from ArrayInstance, not the
+        actual class itself, and it was too big otherwise.
+        (RuntimeArray::getOwnPropertySlot):
+        * bindings/runtime_array.h:
+
+2007-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fix some test failures
+
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::RuntimeMethod): inherit from InternalFunctionImp instead of FunctionImpl,
+        otherwise this is too big
+        (RuntimeMethod::getOwnPropertySlot):
+        * bindings/runtime_method.h:
+
+2007-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - discard the arguments List for an ActivationImp when the corresponding Context is destroyed (1.7% speedup)
+        http://bugs.webkit.org/show_bug.cgi?id=13385
+
+        Based an idea by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>. His patch to do 
+        this also had many other List changes and I found this much simpler subset of the changes
+        was actually a hair faster.
+        
+        This optimization is valid because the arguments list is only kept around to
+        lazily make the arguments object. If it's not made by the time the function
+        exits, it never will be, since any function that captures the continuation will
+        have its own local arguments variable in scope.
+        
+        Besides the 1.7% speed improvement, it shrinks List by 4 bytes
+        (which in turn shrinks ActivationImp by 4 bytes).
+        
+        * kjs/Context.cpp:
+        (KJS::Context::~Context): Clear the activation's arguments list.
+        * kjs/function.cpp:
+        (KJS::ActivationImp::ActivationImp): Adjusted for list changes.
+        (KJS::ActivationImp::mark): No need to mark, lists are always protected (this doesn't
+        cause a ref-cycle for reasons stated above).
+        (KJS::ActivationImp::createArgumentsObject): Clear arguments list.
+        * kjs/function.h:
+        * kjs/list.cpp:
+        (KJS::List::List): No more needsMarking boolean
+        (KJS::List::operator=): ditto
+        * kjs/list.h:
+        (KJS::List::List): ditto
+        (KJS::List::reset): ditto
+        (KJS::List::deref): ditto
+
+2007-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - shrink PropertyMap by 8 bytes and therefore shrink CELL_SIZE to 40 (for 32-bit; 
+        similar shrinkage for 64-bit)
+        http://bugs.webkit.org/show_bug.cgi?id=13384
+
+        Inspired by similar changes by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>
+        done in the kjs-tweaks branch of KDE's kjs. However, this version is somewhat 
+        cleaner style-wise and avoids some of the negative speed impact (at least on gcc/x86) 
+        of his version.
+        
+        This is nearly a wash performance-wise, maybe a slight slowdown, but worth doing
+        to eventually reach cell size 32.
+        
+        * kjs/collector.cpp:
+        (KJS::):
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap):
+        (KJS::PropertyMap::clear):
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::expand):
+        (KJS::PropertyMap::rehash):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::mark):
+        (KJS::PropertyMap::containsGettersOrSetters):
+        (KJS::PropertyMap::getEnumerablePropertyNames):
+        (KJS::PropertyMap::getSparseArrayPropertyNames):
+        (KJS::PropertyMap::save):
+        (KJS::PropertyMap::checkConsistency):
+        * kjs/property_map.h:
+        (KJS::PropertyMap::hasGetterSetterProperties):
+        (KJS::PropertyMap::setHasGetterSetterProperties):
+        (KJS::PropertyMap::):
+        (KJS::PropertyMap::PropertyMap):
+
+2007-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - change blocks to 64k in size, and use various platform-specific calls to allocate at 64k-aligned addresses
+        http://bugs.webkit.org/show_bug.cgi?id=13383
+        
+        * kjs/collector.cpp:
+        (KJS::allocateBlock): New function to allocate 64k of 64k-aligned memory
+        (KJS::freeBlock): Corresponding free
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+
+2007-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin and Geoff.
+        
+        - remove the concept of oversize objects, now that there aren't any (for now
+        only enforced with an assert).
+        http://bugs.webkit.org/show_bug.cgi?id=13382
+
+        This change is a .66% speedup on JS iBench for 32-bit platforms, probably much more
+        for 64-bit since it finally gives a reasonable cell size, but I did not test that.
+        
+        * kjs/collector.cpp:
+        (KJS::): Use different cell size for 32-bit and 64-bit, now that there is no
+        oversize allocation.
+        (KJS::Collector::allocate): Remove oversize allocator.
+        (KJS::Collector::markStackObjectsConservatively): Don't check oversize objects.
+        (KJS::Collector::markMainThreadOnlyObjects): Ditto.
+        (KJS::Collector::collect): Ditto.
+
+2007-04-21  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Adam.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=13428
+          REGRESSION (r20973-r20976): Failing ecma/Array/15.4.4.5-3.js
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=13429
+          REGRESSION (r20973-r20976): Crashing in fast/dom/plugin-attributes-enumeration.html
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::sort): Free the old storage, not the new one.
+
+2007-04-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, build fix.
+
+        - fix build problem with last change - -O3 complains more about uninitialized variables
+        
+        * pcre/pcre_compile.c:
+        (compile_branch):
+        (pcre_compile2):
+
+2007-04-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - <rdar://problem/5149915> use mergesort when possible, since it leads to fewer compares (2% JS iBench speedup)
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::sort): Use mergesort(3) on platforms that have it, since it tends
+        to do fewer compares than qsort; but avoid it very on large arrays since it uses extra
+        memory. Also added comments identifying possibly even better sorting algorithms
+        for sort by string value and sort by compare function.
+        * kjs/config.h:
+
+2007-04-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - bump optimization flags up to -O3 for 1% JS iBench speed improvement 
+
+        * Configurations/Base.xcconfig:
+
+2007-04-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix bogus optimisation in the generic pthread code path.
+
+        * kjs/collector.cpp:
+        (KJS::currentThreadStackBase):
+
+2007-04-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Anders.
+
+        Improve FreeBSD compatibility, as suggested by Alexander Botero-Lowry.
+
+        * kjs/collector.cpp:
+        (KJS::currentThreadStackBase): FreeBSD requires that pthread_attr_t's are
+        initialized via pthread_attr_init before being used in any context.
+
+2007-04-19  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=13401
+        Bug 13401: Reproducible crash calling myArray.sort(compareFn) from within
+        a sort comparison function
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::sort): Save/restore the static variables around calls to qsort
+        to ensure nested calls to ArrayInstance::sort behave correctly.
+
+2007-04-12  Deneb Meketa  <dmeketa@adobe.com>
+
+        Reviewed by Darin Adler.
+
+        http://bugs.webkit.org/show_bug.cgi?id=13029
+        rdar://problem/4994849
+        Bug 13029: Permit NPAPI plug-ins to see HTTP response headers.
+        This doesn't actually change JavaScriptCore, but that's where npapi.h is.
+
+        * bindings/npapi.h:
+        Add headers member to NPStream struct.  Also increase NP_VERSION_MINOR to 18.
+        Increasing to >= 17 allows plug-ins to safely detect whether to look for
+        NPStream::headers.  Increasing from 17 to 18 reflects presence of NPObject
+        enumeration, which was added in a prior patch, and which has been agreed to
+        constitute version 18 by the plugin-futures list.  Also add other missing
+        bits of npapi.h to catch up from 14 to 18.  This includes features that are
+        not implemented in WebKit, but those are safely stubbed.
+
+2007-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        Fixed last check-in to print in release builds, too.
+
+        * kjs/collector.cpp:
+        (KJS::getPlatformThreadRegisters):
+
+2007-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John Sullivan, Darin Adler.
+        
+        Fixed <rdar://problem/5121899> JavaScript garbage collection leads to 
+        later crash under Rosetta (should abort or leak instead?)
+        
+        Log an error message and crash if the kernel reports failure during GC.
+        We decided to do this instead of just leaking because we don't want people
+        to get the mistaken impression that running in Rosetta is a supported
+        configurtion.
+        
+        The CRASH macro will also hook into CrashReporter, which will tell us if 
+        many (any?) users run into this issue.
+
+        * kjs/collector.cpp:
+        (KJS::getPlatformThreadRegisters):
+
+2007-04-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by darin.
+
+        Coverity fix. Coverity says:
+        "Event var_deref_model: Variable "sourceRanges" tracked as NULL was passed to a
+        function that dereferences it"
+
+        * kjs/string_object.cpp:
+        (KJS::replace):
+
+2007-04-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber stamped by Adele Peterson.
+
+        * kjs/ExecState.h: Removed obsolete forward/friend declaration of 
+        RuntimeMethodImp.
+
+2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by darin.
+
+        Coverity fix. Coverity says:
+        "Event check_after_deref: Pointer "dateString" dereferenced before NULL check"
+
+        * kjs/date_object.cpp:
+        (KJS::parseDate):
+
+2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by darin.
+
+        Coverity fix. Coverity says:
+        "Event check_after_deref: Pointer "re" dereferenced before NULL check"
+
+        * pcre/pcre_study.c:
+        (pcre_study):
+
+2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by darin.
+
+        Coverity fixes. Coverity says:
+        "Event leaked_storage: Returned without freeing storage "buffer""
+        and:
+        "Event leaked_storage: Returned without freeing storage "script""
+
+        * kjs/testkjs.cpp:
+        (doIt):
+        (createStringWithContentsOfFile):
+
+2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by darin.
+
+        Coverity fix: in single-threaded case currentThreadIsMainThread is always true
+        so the code in if (!currentThreadIsMainThread) cannot possibly be reached
+        and Coverity complains about dead code.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+
+=== Safari-5522.6 ===
+
+2007-04-03  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        - Testing a post-commit hook.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-04-03  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5107534>
+        http://bugs.webkit.org/show_bug.cgi?id=13265
+        REGRESSION: Crash in KJS::Bindings::convertValueToNPVariant
+        
+        * bindings/NP_jsobject.cpp:
+        (_NPN_InvokeDefault):
+        Return false if the object isn't a function. Set the return value to undefined by default
+        (to match Firefox).
+        
+2007-03-30  Anders Carlsson <andersca@apple.com>
+
+        Build fix.
+        
+        * bindings/NP_jsobject.cpp:
+        (_NPN_Enumerate):
+
+2007-03-30  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Implement _NPN_Enumerate support.
+        
+        * JavaScriptCore.exp:
+        * bindings/NP_jsobject.cpp:
+        (_NPN_Enumerate):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::getPropertyNames):
+        * bindings/c/c_instance.h:
+        * bindings/npapi.h:
+        * bindings/npruntime.h:
+        * bindings/npruntime_impl.h:
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::getPropertyNames):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::getPropertyNames):
+        * bindings/runtime_object.h:
+        (KJS::RuntimeObjectImp::getInternalInstance):
+
+2007-03-28  Jeff Walden  <jwalden+code@mit.edu>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=12963
+        Fix some inconsistencies in the Mozilla JS Array extras implementations
+        with respect to the Mozilla implementation:
+
+          - holes in arrays should be skipped, not treated as undefined,
+            by all such methods
+          - an element with value undefined is not a hole
+          - Array.prototype.forEach should return undefined
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::getOwnPropertySlot):
+        (ArrayProtoFunc::callAsFunction):
+
+2007-03-27  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_InvokeDefault):
+        Call JSObject:call for native JavaScript objects.
+
+2007-03-26  David Carson  <dacarson@gmail.com>
+
+        Reviewed by Darin, landed by Anders.
+
+        Fix for: REGRESSION (r19559): Java applet crash
+        http://bugs.webkit.org/show_bug.cgi?id=13142
+        <rdar://problem/5080340>
+
+        The previous fix http://bugs.webkit.org/show_bug.cgi?id=12636 
+        introduced new JNIType to enum in jni_utility.h This is a 
+        problem on the Mac as it seems that the JNIType enum is also
+        used in the JVM, it is used to specify the return type in
+        jni_objc.mm
+        Corrected the fix by moving type to the end, and changing
+        jni_objc.mm to convert the new type to an old compatible
+        type.
+
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        * bindings/jni/jni_utility.h:
+
+2007-03-26  Christopher Brichford  <chrisb@adobe.com>
+
+        Reviewed/landed by Adam.
+
+        Bug 13198: Move build settings from project file to xcconfig file for apollo
+        port JSCore
+        http://bugs.webkit.org/show_bug.cgi?id=13198
+
+        - Moving build settings from xcode project file to xcconfig files.
+
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig:
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig:
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-03-26  Brady Eidson  <beidson@apple.com>
+
+        Rubberstamped by Anders and Maciej aand Geoff (oh my!)
+        
+        Since CFTypeRef is really void*, a RetainPtr couldn't be used. 
+        RefType was "void", which doesn't actually exist as a type.
+        Since RefType only existed for operator*(), and since that operator
+        doesn't make any sense for RetainPtr, I removed them!
+
+        * kjs/nodes.cpp: Touch this to force a rebuild and (hopefully) help the
+          compiler with dependencies
+        * wtf/RetainPtr.h: Nuke RefType and operator*()
+
+2007-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Touched a file to (hopefully) help the compiler with RetainPtr dependencies.
+
+        * kjs/nodes.cpp:
+        (Node::deref):
+
+2007-03-24  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Adam
+
+        Whoops, RetainPtr should be in the WTF namespace
+
+        * wtf/RetainPtr.h:
+
+2007-03-24  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Adam
+        
+        <rdar://problem/5086210> - Move RetainPtr to WTF
+
+        * wtf/RetainPtr.h: Added
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add it to the project file
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto
+
+
+2007-03-23  Christopher Brichford  <chrisb@adobe.com>
+
+        Reviewed/landed by Adam.
+
+        Bug 13175: Make apollo mac project files for JavaScriptCore actually
+        build something
+        http://bugs.webkit.org/show_bug.cgi?id=13175
+
+        - Changing apollo mac project files for JavaScriptCore such that they actually build
+        JavaScriptCore source code.
+
+        * JavaScriptCore.apolloproj/ForwardingSources/grammar.cpp: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-03-24  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Darin.
+
+        * Configurations/JavaScriptCore.xcconfig: Remove unnecessary INFOPLIST_PREPROCESS.
+
+2007-03-22  Christopher Brichford  <chrisb@adobe.com>
+
+        Reviewed/landed by Adam.
+
+        Bug 13164: Initial version of mac JavaScriptCore project files for
+        apollo port 
+        http://bugs.webkit.org/show_bug.cgi?id=13164
+
+        - Adding mac project files for apollo port of JavaScriptCore. Currently project
+        just builds dftables.
+
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Added.
+        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Added.
+
+2007-03-21  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5076599> JavaScriptCore has a weak export (vtable for KJS::JSCell)
+
+        * JavaScriptCore.exp: Remove __ZTVN3KJS6JSCellE.
+
+2007-03-21  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Geoff.
+
+        * API/JSStringRef.cpp: (JSStringIsEqual): Added JSLock.
+
+2007-03-21  Zack Rusin  <zrusin@trolltech.com>
+
+        Fix the compile when USE(MULTIPLE_THREADS) isn't
+        defined
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::currentThreadIsHoldingLock):
+
+2007-03-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and Adam.
+        
+        - make USE(MULTIPLE_THREADS) support more portable
+        http://bugs.webkit.org/show_bug.cgi?id=13069
+        
+        - fixed a threadsafety bug discovered by testing this
+        
+        - enhanced threadsafety assertions in collector
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::~JSCallbackObject): This destructor can't
+        DropAllLocks around the finalize callback, because it gets called
+        from garbage collection and we can't let other threads collect!
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::currentThreadIsHoldingLock): Added new function
+        to allow stronger assertions than just that the lock is held
+        by some thread (you can now assert that the current thread is
+        holding it, given the new JSLock design).
+        * kjs/JSLock.h:
+        * kjs/collector.cpp: Refactored for portability plus added some
+        stronger assertions.
+        (KJS::Collector::allocate):
+        (KJS::currentThreadStackBase):
+        (KJS::Collector::registerAsMainThread):
+        (KJS::onMainThread):
+        (KJS::PlatformThread::PlatformThread):
+        (KJS::getCurrentPlatformThread):
+        (KJS::Collector::Thread::Thread):
+        (KJS::destroyRegisteredThread):
+        (KJS::Collector::registerThread):
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::suspendThread):
+        (KJS::resumeThread):
+        (KJS::getPlatformThreadRegisters):
+        (KJS::otherThreadStackPointer):
+        (KJS::otherThreadStackBase):
+        (KJS::Collector::markOtherThreadConservatively):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::protect):
+        (KJS::Collector::unprotect):
+        (KJS::Collector::collectOnMainThreadOnly):
+        (KJS::Collector::markMainThreadOnlyObjects):
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocSetIsMultiThreaded):
+        * wtf/FastMallocInternal.h:
+        * wtf/Platform.h:
+
+2007-03-19  Darin Adler  <darin@apple.com>
+
+        * kjs/value.h: Roll ~JSValue change out. It was causing problems. I'll do it right later.
+
+2007-03-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John Sullivan.
+
+        Fixed <rdar://problem/5073380> REGRESSION: Crash occurs at WTF::fastFree() 
+        when reloading liveconnect page (applet)
+        
+        Best to use free when you use malloc, especially when malloc and delete
+        use completely different libraries.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::~JavaMethod):
+
+2007-03-19  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Maciej.
+
+        Really set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html)
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-03-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - Changed list size threshold to 5 based on testing.
+
+        I was testing the i-Bench JavaScript with the list statistics
+        dumping on, and discovered that there were many 5-element lists.
+        The fast case for lists was for 4 elements and fewer. By changing
+        the threshold to 5 elements we get a measurable speedup. I believe
+        this will help real web pages too, not just the benchmark.
+
+        * kjs/list.cpp: Change constant from 4 to 5.
+
+2007-03-19  Darin Adler  <darin@apple.com>
+
+        * kjs/value.h: Oops, fix build.
+
+2007-03-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - remove ~JSValue; tiny low-risk performance boost
+
+        * kjs/value.h: Remove unneeded empty virtual destructor from JSValue.
+        The only class derived from JSValue is JSCell and it already has a
+        virtual destructor. Declaring an empty constructor in JSValue had one
+        good effect: it marked the destructor private, making it a compile
+        time error to try to destroy a JSValue; but that's not a likely
+        mistake for someone to make. It had two bad effects: (1) it caused gcc,
+        at least, to generate code to fix up the virtual table pointer to
+        point to the JSValue version of the virtual table inside the destructor
+        of all classes derived from JSValue directly or indirectly; (2) it
+        caused JSValue to be a polymorphic class so required a virtual table for
+        it. It's cleaner to not have either of those.
+
+2007-03-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - avoid static construction (and global variable access) in a smarter, more portable way,
+        to later enable MUTLI_THREAD mode to work on other platforms and compilers.
+        
+        * kjs/CommonIdentifiers.cpp: Added. New class to hold all the shared identifiers.
+        (KJS::CommonIdentifiers::CommonIdentifiers):
+        (KJS::CommonIdentifiers::shared):
+        * kjs/CommonIdentifiers.h: Added.
+
+        * kjs/ExecState.h:
+        (KJS::ExecState::propertyNames): Hand the CommonIdentifiers instance here for easy access.
+        (KJS::ExecState::ExecState):
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor):
+        * CMakeLists.txt:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::getOwnPropertySlot):
+        (RuntimeArray::put):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::getOwnPropertySlot):
+        * kjs/array_object.cpp:
+        (ArrayInstance::getOwnPropertySlot):
+        (ArrayInstance::put):
+        (ArrayInstance::deleteProperty):
+        (ArrayProtoFunc::ArrayProtoFunc):
+        (ArrayProtoFunc::callAsFunction):
+        (ArrayObjectImp::ArrayObjectImp):
+        * kjs/bool_object.cpp:
+        (BooleanPrototype::BooleanPrototype):
+        (BooleanProtoFunc::BooleanProtoFunc):
+        (BooleanProtoFunc::callAsFunction):
+        (BooleanObjectImp::BooleanObjectImp):
+        * kjs/completion.h:
+        (KJS::Completion::Completion):
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::DateProtoFunc):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        * kjs/error_object.cpp:
+        (ErrorPrototype::ErrorPrototype):
+        (ErrorProtoFunc::ErrorProtoFunc):
+        (ErrorProtoFunc::callAsFunction):
+        (ErrorObjectImp::ErrorObjectImp):
+        (ErrorObjectImp::construct):
+        (NativeErrorPrototype::NativeErrorPrototype):
+        (NativeErrorImp::NativeErrorImp):
+        (NativeErrorImp::construct):
+        (NativeErrorImp::callAsFunction):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getOwnPropertySlot):
+        (KJS::FunctionImp::put):
+        (KJS::FunctionImp::deleteProperty):
+        (KJS::FunctionImp::getParameterName):
+        (KJS::DeclaredFunctionImp::construct):
+        (KJS::IndexToNameMap::unMap):
+        (KJS::Arguments::Arguments):
+        (KJS::ActivationImp::getOwnPropertySlot):
+        (KJS::ActivationImp::deleteProperty):
+        (KJS::GlobalFuncImp::GlobalFuncImp):
+        * kjs/function_object.cpp:
+        (FunctionPrototype::FunctionPrototype):
+        (FunctionProtoFunc::FunctionProtoFunc):
+        (FunctionProtoFunc::callAsFunction):
+        (FunctionObjectImp::FunctionObjectImp):
+        (FunctionObjectImp::construct):
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::initGlobalObject):
+        * kjs/interpreter.h:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        (MathFuncImp::MathFuncImp):
+        * kjs/nodes.cpp:
+        (ArrayNode::evaluate):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberPrototype::NumberPrototype):
+        (NumberProtoFunc::NumberProtoFunc):
+        (NumberObjectImp::NumberObjectImp):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        (KJS::JSObject::defaultValue):
+        (KJS::JSObject::hasInstance):
+        * kjs/object.h:
+        (KJS::JSObject::getOwnPropertySlot):
+        * kjs/object_object.cpp:
+        (ObjectPrototype::ObjectPrototype):
+        (ObjectProtoFunc::ObjectProtoFunc):
+        (ObjectObjectImp::ObjectObjectImp):
+        * kjs/regexp_object.cpp:
+        (RegExpPrototype::RegExpPrototype):
+        (RegExpProtoFunc::RegExpProtoFunc):
+        (RegExpObjectImp::RegExpObjectImp):
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::getOwnPropertySlot):
+        (KJS::StringInstance::put):
+        (KJS::StringInstance::deleteProperty):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::StringProtoFunc::StringProtoFunc):
+        (KJS::StringProtoFunc::callAsFunction):
+        (KJS::StringObjectImp::StringObjectImp):
+        (KJS::StringObjectFuncImp::StringObjectFuncImp):
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::TestFunctionImp):
+
+2007-03-18  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Mark Rowe
+        
+        Set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html) 
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-03-19  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Brady.
+
+        Update references to bugzilla.opendarwin.org with bugs.webkit.org.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        * kjs/grammar.y:
+        * kjs/keywords.table:
+        * kjs/lexer.cpp:
+        (KJS::Lexer::shift):
+
+2007-03-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Exposed some extra toUInt32 functionality, as part of the fix for
+        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
+        (Style Change Through JavaScript Blanks Content)
+
+        * JavaScriptCore.exp:
+        * kjs/identifier.h:
+        (KJS::Identifier::toUInt32):
+
+2007-03-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Removed duplicate export name.
+        
+        * JavaScriptCore.exp:
+
+2007-03-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/5064964> Repro ASSERT failure in JS Bindings when 
+        closing window @ lowtrades.bptrade.com
+        
+        Unfortunately, the bindings depend on UString and Identifier as string 
+        representations. So, they need to acquire the JSLock when doing something
+        that will ref/deref their strings.
+
+        Layout tests, the original site, and Java, Flash, and Quicktime on the 
+        web work. No leaks reported. No automated test for this because testing 
+        the Java bindings, like math, is hard.
+        
+        * bindings/runtime.h: Made Noncopyable, just to be sure.
+        
+        * bindings/c/c_class.cpp: 
+        (KJS::Bindings::CClass::~CClass): Acquire the JSLock and explicitly clear the keys
+        in our hashtable, since they're UString::Reps, and ref/deref aren't thread-safe.
+        (KJS::Bindings::CClass::methodsNamed): Also acquire the JSLock when adding
+        keys to the table, since the table ref's them.
+        (KJS::Bindings::CClass::fieldNamed): ditto.
+
+        * bindings/c/c_utility.cpp: Removed dead function.
+        (KJS::Bindings::convertValueToNPVariant): Acquire the JSLock because doing
+        it recursively is pretty cheap, and it's just too confusing to tell whether
+        all our callers do it for us.
+        (KJS::Bindings::convertNPVariantToValue): ditto
+        * bindings/c/c_utility.h:
+
+        * bindings/jni/jni_class.cpp: Same deal as c_class.cpp.
+        (JavaClass::JavaClass):
+        (JavaClass::~JavaClass):
+
+        * bindings/jni/jni_instance.cpp: Same deal as c_utility.cpp.
+        (JavaInstance::stringValue):
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::convertValueToJObject):
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::~JavaMethod): Moved from header, for clarity.
+        (appendClassName): Made this static, so the set of callers is known, and
+        we can assert that we hold the JSLock. Also changed it to take a UString
+        reference, which makes the calling code simpler.
+        (JavaMethod::signature): Store the ASCII value we care about instead of
+        a UString, since UString is so much more hassle. Hold the JSLock while
+        building up the temporary UString.
+
+        * bindings/jni/jni_runtime.h: Nixed dead code in JavaMethod.
+        (KJS::Bindings::JavaString::JavaString): Hold a UString::Rep instead of
+        a UString, so we can acquire the JSLock and explicitly release it.
+        (KJS::Bindings::JavaString::_commonInit):
+        (KJS::Bindings::JavaString::~JavaString):
+        (KJS::Bindings::JavaString::UTF8String):
+        (KJS::Bindings::JavaString::uchars):
+        (KJS::Bindings::JavaString::length):
+        (KJS::Bindings::JavaString::ustring):
+
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertArrayInstanceToJavaArray): Made this static, so 
+        the set of callers is known, and we can assert that we hold the JSLock. 
+        (KJS::Bindings::convertValueToJValue): Acquire the JSLock because doing
+        it recursively is pretty cheap, and it's just too confusing to tell whether
+        all our callers do it for us.
+
+        * bindings/objc/objc_runtime.h: Nixed some dead code.
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertNSStringToString): Same drill as above.
+
+2007-03-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        http://bugs.webkit.org/show_bug.cgi?id=13105
+        REGRESSION: an exception raised when calculating base value of a dot expression is not returned
+
+        Test: fast/js/dot-node-base-exception.html
+
+        * kjs/nodes.cpp:
+        (FunctionCallDotNode::evaluate): Added the necessary KJS_CHECKEXCEPTIONVALUE.
+
+2007-03-18  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-03-17  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Made Version.xcconfig smarter when building for different configurations.
+        Now uses the 522+ OpenSource version for Debug and Release, while using the
+        full 522.4 version for Production builds. The system prefix is also computed
+        based on the current system, so 4522.4 on Tiger and 5522.4 on Leopard.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * Configurations/Version.xcconfig:
+
+2007-03-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed.
+        
+        - build fix
+
+        * wtf/TCSystemAlloc.cpp:
+
+2007-03-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and Steve.
+        
+        - fix some portability issues with TCMalloc.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * kjs/config.h:
+        * wtf/FastMalloc.cpp:
+        (WTF::SizeClass):
+        (WTF::InitSizeClasses):
+        (WTF::TCMalloc_PageHeap::Split):
+        (WTF::TCMalloc_PageHeap::RegisterSizeClass):
+        (WTF::TCMalloc_Central_FreeList::length):
+        (WTF::TCMalloc_ThreadCache::InitTSD):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        * wtf/TCSpinLock.h:
+        * wtf/TCSystemAlloc.cpp:
+        (TryVirtualAlloc):
+        (TCMalloc_SystemAlloc):
+
+2007-03-15  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by John.
+
+        * Factored out most of our common build settings into .xcconfig files. Anything that was common in
+          each build configuration was factored out into the shared .xcconfig file.
+        * Adds a Version.xcconfig file to define the current framework version, to be used in other places.
+        * Use the new $(BUNDLE_VERSION) (defined in Version.xcconfig) in the preprocessed Info.plist.
+        * Use the versions defined in Version.xcconfig to set $(DYLIB_CURRENT_VERSION).
+
+        * Configurations/Base.xcconfig: Added.
+        * Configurations/DebugRelease.xcconfig: Added.
+        * Configurations/JavaScriptCore.xcconfig: Added.
+        * Configurations/Version.xcconfig: Added.
+        * Info.plist:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-03-16  Shrikant Gangoda  <shrikant.gangoda@celunite.com>
+
+        Gdk build fix.
+
+        * kjs/DateMath.cpp:  gettimeofday comes from <sys/time.h> on Linux.
+
+2007-03-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by .
+
+        - Fixed one more build breakage
+
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+
+2007-03-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by .
+
+        - Fixed a build breakage.
+
+        * kjs/DateMath.cpp:
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::DateObjectImp::construct):
+
+2007-03-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        - rdar://problem/5045720
+        - DST changes in US affect JavaScript date calculations (12975)
+        This fix was to ensure we properly test for the new changes to DST in the US.
+        Also this fixes when we apply DST, now we correctly map most past years to current
+        DST rules.  We still have a small issue with years before 1900 or after 2100.
+        rdar://problem/5055038
+
+        * kjs/DateMath.cpp: Fix DST to match spec better.
+        (KJS::getCurrentUTCTime):
+        (KJS::mimimumYearForDST):
+        (KJS::maximumYearForDST):
+        (KJS::equivalentYearForDST):
+        (KJS::getDSTOffset):
+        * kjs/DateMath.h: Consolodated common funtionality.
+        * kjs/date_object.cpp: Consolodated common functionality.
+        (KJS::formatLocaleDate):
+        (KJS::DateObjectImp::construct):
+        * tests/mozilla/ecma/jsref.js: Added functions for finding the correct days when DST starts and ends.
+        * tests/mozilla/ecma/shell.js: Added back in the old DST functions for ease of merging with mozilla if needed.
+        * tests/mozilla/ecma_2/jsref.js: Added functions for finding the correct days when DST starts and ends.
+        * tests/mozilla/ecma_3/Date/shell.js: Added functions for finding the correct days when DST starts and ends.
+        * tests/mozilla/expected.html: Updated to show all date tests passing.
+
+=== Safari-5522.4 ===
+
+2007-03-13  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by .
+
+        - Adding expected failures until the are truly fixed. 
+        - rdar://problem/5060302
+
+        * tests/mozilla/expected.html:
+
+2007-03-12  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by .
+
+        - Actually update tests for new DST rules.
+
+        * tests/mozilla/ecma/Date/15.9.3.1-1.js:
+        * tests/mozilla/ecma/Date/15.9.3.1-2.js:
+        * tests/mozilla/ecma/Date/15.9.3.1-3.js:
+        * tests/mozilla/ecma/Date/15.9.3.1-4.js:
+        * tests/mozilla/ecma/Date/15.9.3.1-5.js:
+        * tests/mozilla/ecma/Date/15.9.3.2-1.js:
+        * tests/mozilla/ecma/Date/15.9.3.2-2.js:
+        * tests/mozilla/ecma/Date/15.9.3.2-3.js:
+        * tests/mozilla/ecma/Date/15.9.3.2-4.js:
+        * tests/mozilla/ecma/Date/15.9.3.2-5.js:
+        * tests/mozilla/ecma/Date/15.9.3.8-1.js:
+        * tests/mozilla/ecma/Date/15.9.3.8-2.js:
+        * tests/mozilla/ecma/Date/15.9.3.8-3.js:
+        * tests/mozilla/ecma/Date/15.9.3.8-4.js:
+        * tests/mozilla/ecma/Date/15.9.3.8-5.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-1.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-10.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-11.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-12.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-13.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-2.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-3.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-4.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-5.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-6.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-7.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-8.js:
+        * tests/mozilla/ecma/Date/15.9.5.10-9.js:
+        * tests/mozilla/ecma/jsref.js:
+        * tests/mozilla/ecma_2/jsref.js:
+        * tests/mozilla/ecma_3/Date/shell.js:
+
+2007-03-12  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by .
+
+        - Update tests for new DST rules.
+
+        * tests/mozilla/ecma/shell.js:
+
+2007-03-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed <rdar://problem/4681051> Installer crashes in KJS::Collector::
+        markOtherThreadConservatively(KJS::Collector::Thread*) trying to install 
+        iLife 06 using Rosetta on an Intel Machine
+        
+        The problem was that our thread-specific data destructor would modify the
+        list of active JavaScript threads without holding the JSLock, corrupting
+        the list. Corruption was especially likely if one JavaScript thread exited 
+        while another was starting up.
+
+        * JavaScriptCore.exp:
+        * kjs/JSLock.cpp: Don't conflate locking the JSLock with registering a
+        thread, since the thread-specific data destructor needs to lock
+        without registering a thread. Instead, treat thread registration as a
+        part of the convenience of the JSLock object, and whittle down JSLock::lock()
+        to just the bits that actually do the locking.
+        (KJS::JSLock::lock):
+        (KJS::JSLock::registerThread):
+        * kjs/JSLock.h: Updated comments to mention the new behavior above, and
+        other recent changes.
+        (KJS::JSLock::JSLock):
+        * kjs/collector.cpp:
+        (KJS::destroyRegisteredThread): Lock here.
+        (KJS::Collector::registerThread): To match, assert that we're locked here.
+
+2007-03-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fixed <rdar://problem/4587763> PAC file: lock inversion between QT and 
+        JSCore causes a hang @ www.panoramas.dk
+        
+        With a PAC file, run-webkit-tests --threaded passes, the reported site
+        works, and all the Quicktime/JavaScript and Flash/JavaScript examples
+        I found through Google work, too.
+        
+        Any time JavaScript causes arbitrary non-JavaScript code to execute, it 
+        risks deadlock, because that code may block, trying to acquire a lock 
+        owned by a thread that is waiting to execute JavaScript. In this case,
+        the thread was a networking thread that was waiting to interpret a PAC file.
+        
+        Because non-JavaScript code may execute in response to, well, anything,
+        a perfect solution to this problem is impossible. I've implemented an
+        optimistic solution, instead: JavaScript will drop its lock whenever it
+        makes a direct call to non-JavaScript code through a bridging/plug-in API,
+        but will blissfully ignore the indirect ways it may cause non-JavaScript 
+        code to run (resizing a window, for example). 
+        
+        Unfortunately, this solution introduces significant locking overhead in 
+        the bridging APIs. I don't see a way around that.
+
+        This patch includes some distinct bug fixes I saw along the way:
+        
+        * bindings/objc/objc_instance.mm: Fixed a bug where a nested begin() call
+        would leak its autorelease pool, because it would NULL out _pool without
+        draining it.
+
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::methodGetter): Don't copy an Identifier to ASCII only
+        to turn around and make an Identifier from the ASCII. In an earlier 
+        version of this patch, the copy caused an assertion failure. Now it's 
+        just unnecessary work.
+        (RuntimeObjectImp::getOwnPropertySlot): ditto
+
+        * bindings/objc/objc_instance.h: Removed overrides of setVAlueOfField and
+        getValueOfField, because they did exactly what the base class versions did.
+        Removed overrides of Noncopyable declarations for the same reason.
+
+        * bindings/runtime.h: Inherit from Noncopyable instead of rolling our own.
+        * bindings/c/c_instance.h: ditto
+
+        And the actual patch:
+        
+        * API/JSCallbackConstructor.cpp: Drop all locks when calling out to C.
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp: ditto
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp: ditto
+        (KJS::JSCallbackObject::init):
+        (KJS::JSCallbackObject::~JSCallbackObject):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::hasInstance):
+        (KJS::JSCallbackObject::callAsFunction):
+        (KJS::JSCallbackObject::getPropertyNames):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        
+        * bindings/c/c_instance.cpp: Drop all locks when calling out to C.
+        (KJS::Bindings::CInstance::invokeMethod):
+        (KJS::Bindings::CInstance::invokeDefaultMethod):
+        * bindings/c/c_runtime.cpp: Drop all locks when calling out to C.
+        (KJS::Bindings::CField::valueFromInstance):
+        (KJS::Bindings::CField::setValueToInstance):
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall): Drop all locks when calling out to Java.
+
+        * bindings/objc/objc_instance.mm: The changes here are to accomodate the
+        fact that C++ unwinding of DropAllLocks goes crazy when you put it inside
+        a @try block. I moved all JavaScript stuff outside of the @try blocks, and 
+        then prefixed the whole blocks with DropAllLocks objects. This required some
+        supporting changes in other functions, which now acquire the JSLock for
+        themselves, intead of relying on their callers to do so.
+        (ObjcInstance::end):
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::setValueOfUndefinedField):
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.mm: Same as above, except I didn't want to
+        change throwError to acquire the JSLock for itself.
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        * bindings/objc/objc_utility.mm: Supporting changes mentioned above.
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+
+        * kjs/JSLock.cpp: 
+        (1) Fixed DropAllLocks to behave as advertised, and drop the JSLock only 
+        if the current thread actually acquired it in the first place. This is 
+        important because WebKit needs to ensure that the JSLock has been 
+        dropped before it makes a plug-in call, even though it doesn't know if 
+        the current thread actually acquired the JSLock. (We don't want WebKit
+        to accidentally drop a lock belonging to *another thread*.)
+        (2) Used the new per-thread code written for (1) to make recursive calls
+        to JSLock very cheap. JSLock now knows to call pthread_mutext_lock/ 
+        pthread_mutext_unlock only at nesting level 0.
+        (KJS::createDidLockJSMutex):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::DropAllLocks::DropAllLocks):
+        (KJS::DropAllLocks::~DropAllLocks):
+        (KJS::JSLock::lockCount):
+        * kjs/JSLock.h: Don't duplicate Noncopyable.
+        (KJS::JSLock::~JSLock):
+
+        * wtf/Assertions.h: Blind attempt at helping the Windows build.
+
+2007-03-08  Darin Fisher  <darin@chromium.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=13018
+        Bug 13018: allow embedders to override the definition of CRASH.
+
+        * wtf/Assertions.h: make it possible to override CRASH.
+
+2007-03-07  Huan Ren  <huanr@chromium.org>
+
+        Reviewed by Maciej.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=12535
+        Bug 12535: Stack-optimizing compilers can trick GC into freeing in-use objects
+
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject): Copy val onto the stack so it is not subject to garbage collection.
+
+2007-03-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix for non-multiple-thread folks.
+        
+        Use a shared global in the non-multiple-thread case.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::isForbidden):
+        (WTF::fastMallocForbid):
+        (WTF::fastMallocAllow):
+
+2007-03-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed ASSERT failure I just introduced.
+        
+        Made the fastMalloc isForbidden flag per thread. (Oops!) We expect that
+        other threads will malloc while we're marking -- we just want to prevent
+        our own marking from malloc'ing.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::initializeIsForbiddenKey):
+        (WTF::isForbidden):
+        (WTF::fastMallocForbid):
+        (WTF::fastMallocAllow):
+        (WTF::fastMalloc):
+        (WTF::fastCalloc):
+        (WTF::fastFree):
+        (WTF::fastRealloc):
+        (WTF::do_malloc):
+
+2007-03-07  Shrikant Gangoda  <shrikant.gangoda@celunite.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=12997
+
+        Wrap pthread-specific assertion in #if USE(MULTIPLE_THREADS).
+
+        * kjs/collector.cpp:
+        (KJS::Collector::markMainThreadOnlyObjects):
+
+2007-03-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/4576242> | http://bugs.webkit.org/show_bug.cgi?id=12586
+        PAC file: malloc deadlock sometimes causes a hang @ www.apple.com/pro/profiles/ (12586)
+        
+        This is a modified version of r14752 on the branch.
+        
+        These changes just add debugging functionality. They ASSERT that we don't 
+        malloc during the mark phase of a garbage collection, which can cause a
+        deadlock.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocForbid):
+        (WTF::fastMallocAllow):
+        (WTF::fastMalloc):
+        (WTF::fastCalloc):
+        (WTF::fastFree):
+        (WTF::fastRealloc):
+        (WTF::do_malloc):
+        * wtf/FastMalloc.h:
+
+2007-03-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed all known crashers exposed by run-webkit-tests --threaded. This covers:
+
+        <rdar://problem/4565394> | http://bugs.webkit.org/show_bug.cgi?id=12585 
+            PAC file: after closing a window that contains macworld.com, new window 
+            crashes (KJS::PropertyMap::mark()) (12585)
+        <rdar://problem/4571215> | http://bugs.webkit.org/show_bug.cgi?id=9211
+            PAC file: Crash occurs when clicking on the navigation tabs at http://www.businessweek.com/ (9211)
+        <rdar://problem/4557926> 
+            PAC file: Crash occurs when attempting to view image in slideshow mode 
+            at http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute (KJS::
+            ExecState*) + 312) if you use a PAC file
+
+        (1) Added some missing JSLocks, along with related ASSERTs.
+        
+        (2) Fully implemented support for objects that can only be garbage collected
+        on the main thread. So far, only WebCore uses this. We can add it to API
+        later if we learn that it's needed. 
+        
+        The implementation uses a "main thread only" flag inside each object. When 
+        collecting on a secondary thread, the Collector does an extra pass through 
+        the heap to mark all flagged objects before sweeping. This solution makes
+        the common case -- flag lots of objects, but never collect on a secondary 
+        thread -- very fast, even though the uncommon case of garbage collecting
+        on a secondary thread isn't as fast as it could be. I left some notes 
+        about how to speed it up, if we ever care.
+        
+        For posterity, here are some things I learned about GC while investigating:
+        
+        * Each collect must either mark or delete every heap object. "Zombie" 
+        objects, which are neither marked nor deleted, raise these issues:
+
+            * On the next pass, the conservative marking algorithm might mark a 
+            zombie, causing it to mark freed objects.
+
+            * The client might try to use a zombie, which would seem live because 
+            its finalizer had not yet run.
+
+        * A collect on the main thread is free to delete any object. Presumably, 
+        objects allocated on secondary threads have thread-safe finalizers.
+
+        * A collect on a secondary thread must not delete thread-unsafe objects.
+
+        * The mark function must be thread-safe.
+        
+        Line by line comments:
+
+        * API/JSObjectRef.h: Added comment specifying that the finalize callback 
+        may run on any thread.
+
+        * JavaScriptCore.exp: Nothing to see here.
+
+        * bindings/npruntime.cpp:
+        (_NPN_GetStringIdentifier): Added JSLock.
+
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::~ObjcInstance): Use an autorelease pool. The other callers 
+        to CFRelease needed one, too, but they were dead code, so I removed them 
+        instead. (This fixes a leak seen while running run-webkit-tests --threaded,
+        although I don't think it's specifically a threading issue.) 
+        
+        * kjs/collector.cpp:
+        (KJS::Collector::collectOnMainThreadOnly): New function. Tells the collector
+        to collect a value only if it's collecting on the main thread.
+        (KJS::Collector::markMainThreadOnlyObjects): New function. Scans the heap
+        for "main thread only" objects and marks them.
+
+        * kjs/date_object.cpp: 
+        (KJS::DateObjectImp::DateObjectImp): To make the new ASSERTs happy, allocate 
+        our globals on the heap, avoiding a seemingly unsafe destructor call at 
+        program exit time.
+        * kjs/function_object.cpp:
+        (FunctionPrototype::FunctionPrototype): ditto
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::mark): Removed boolean parameter, which was an incomplete
+        and arguably hackish way to implement markMainThreadOnlyObjects() inside WebCore.
+        * kjs/interpreter.h:
+
+        * kjs/identifier.cpp:
+        (KJS::identifierTable): Added some ASSERTs to check for thread safety 
+        problems.
+
+        * kjs/list.cpp: Added some ASSERTs to check for thread safety problems.
+        (KJS::allocateListImp):
+        (KJS::List::release):
+        (KJS::List::append):
+        (KJS::List::empty): Make the new ASSERTs happy.
+
+        * kjs/object.h:
+        (KJS::JSObject::JSObject): "m_destructorIsThreadSafe" => "m_collectOnMainThreadOnly".
+        I removed the constructor parameter because m_collectOnMainThreadOnly,
+        like m_marked, is a Collector bit, so only the Collector should set or get it.
+
+        * kjs/object_object.cpp:
+        (ObjectPrototype::ObjectPrototype): Make the ASSERTs happy.
+        * kjs/regexp_object.cpp:
+        (RegExpPrototype::RegExpPrototype): ditto
+
+        * kjs/ustring.cpp: Added some ASSERTs to check for thread safety problems.
+        (KJS::UCharReference::ref): 
+        (KJS::UString::Rep::createCopying):
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        (KJS::UString::null): Make the new ASSERTs happy.
+        * kjs/ustring.h:
+        (KJS::UString::Rep::ref): Added some ASSERTs to check for thread safety problems.
+        (KJS::UString::Rep::deref):
+
+        * kjs/value.h:
+        (KJS::JSCell::JSCell):
+
+2007-03-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        2% speedup on super accurate JS iBench.
+
+        (KJS::Collector::collect): Removed anti-optimization to call
+        pthread_is_threaded_np() before calling pthread_main_np(). Almost all 
+        apps have more than one thread, so the extra call is actually worse.
+        Interestingly, even the single-threaded testkjs shows a speed gain
+        from removing the pthread_is_threaded_np() short-circuit. Not sure why.
+
+2007-03-04  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Nikolas Zimmermann.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12950
+          Assertions.cpp should not #define macros that are already defined
+
+        * wtf/Assertions.cpp: Don't #define WINVER and _WIN32_WINNT if they
+        are already defined.
+
+2007-03-02  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Anders.
+        
+        Add unsigned int hash traits (matches existing unsigned long version)
+
+        * wtf/HashTraits.h:
+        (WTF::):
+
+2007-03-02  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Kevin M.
+
+        Try to fix the Qt build.
+
+        * kjs/DateMath.cpp:
+        (KJS::msToGregorianDateTime): Removed unnecessary "struct" keyword.
+        * kjs/DateMath.h: Moved forward declarations to the top of the file
+        before they are used.
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate): Changed to take a const GregorianDateTime&
+        since GregorianDateTime is Noncopyable.
+
+2007-03-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin McCullough.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12867
+          REGRESSION: BenchJS test 7 (dates) is 220% slower than in Safari 2.0.4
+
+        * kjs/DateMath.h: Marked GregorianDateTime as noncopyable, since it has a non-trivial
+        destructor and not the correspoding copy constructor or assignment operator.
+        Changed the GregorianDateTime constructor to use member initialization syntax.
+        Fixed the destructor to use the array delete operator, since timeZone is an array.
+
+        * kjs/DateMath.cpp:
+        (KJS::daysInYear): Changed to call isLeapYear so the rule is not repeated twice.
+        (KJS::getUTCOffset): Added caching on PLATFORM(DARWIN), since we can rely on the
+        notify_check function and "com.apple.system.timezone" to let us know when the
+        offset has changed.
+
+2007-02-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Follow-up to fixing http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
+        JS objects not collected after closing window @ ebay.com/maps.google.com
+        
+        Changed Interpreter cache of global constructors and prototypes from
+        ProtectedPtrs to bare, marked pointers. ProtectedPtrs are inefficient,
+        and they increase the risk of reference cycles. Also, Darin said something
+        about ProtectedPtrs giving him warts.
+        
+        Also changed data members to precise types from generic JSObject*'s.
+        
+        Layout tests and JS tests pass.
+
+        * kjs/SavedBuiltins.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::~Interpreter):
+        (KJS::Interpreter::initGlobalObject): Moved Identifier::init() call to
+        constructor, for clarity.
+        (KJS::Interpreter::mark):
+        * kjs/interpreter.h:
+
+2007-02-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
+        JS objects not collected after closing window @ ebay.com/maps.google.com
+
+        Don't GC in the Interpreter destructor. For that to work, the Interpreter
+        would have to NULL out all of its ProtectedPtrs before calling collect(). But 
+        we've decided that we don't want things to work that way, anyway. We want the
+        client to be in charge of manual GC so that it can optimize cases when
+        it will be destroying many interpreters at once
+        (e.g., http://bugs.webkit.org/show_bug.cgi?id=12900).
+        
+        Also removed Interpreter::collect() because it was redundant with 
+        Collector::collect().
+
+        * JavaScriptCore.exp:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::~Interpreter):
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+
+2007-02-26  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Adam Roben.
+
+        Rename *_SUPPORT defines to ENABLE_*.
+
+        * jscore.bkl:
+
+2007-02-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Lars.
+        
+        - <rdar://problem/5021698> Disable experimental SVG features (12883)
+
+        * wtf/Platform.h: Add ENABLE() macro similar to HAVE() and USE(), to
+        allow nicer handling of optional WebKit features.
+
+2007-02-22  George Staikos  <staikos@kde.org>
+
+        Reviewed by Lars.
+
+        Add return values
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+
+2007-02-22  Oscar Cwajbaum  <public@oscarc.net>
+
+        Reviewed by Maciej.
+
+        Fix ARM-specific alignment problem in FastMalloc
+        http://bugs.webkit.org/show_bug.cgi?id=12841
+
+        * wtf/FastMalloc.cpp:
+        Modify how pageheap_memory is declared to ensure proper alignment
+        on architectures such as ARM
+
+2007-02-20  Zack Rusin  <zrusin@trolltech.com>
+
+        Reviewed by Lars
+
+        Make sure that non-void methods always return something.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::foldCase):
+
+2007-02-18  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Adam Roben.
+
+        Fix cases where MSVC-specific code was identified as Win32 platform
+        code. (as it should be compiled for e.g. wx port when using MSVC too)
+        
+        * wtf/Assertions.h: 
+        * wtf/MathExtras.h:
+        * wtf/StringExtras.h:
+        changed PLATFORM(WIN) sections to COMPILER(MSVC) as necessary
+
+2007-02-17  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Adam Roben.
+
+        Fix crashes on ARM due to different struct packing. Based on a patch
+        by Mike Emmel.
+        * kjs/ustring.cpp: compile-time assert to make sure sizeof(UChar) == 2
+        * kjs/ustring.h: pack UChar struct to ensure that sizeof(UChar) == 2
+        * wtf/Assertions.h: add COMPILE_ASSERT macro for compile-time assertions
+
+2007-02-16  George Staikos  <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        Fix uninitialized variable
+
+        * bindings/testbindings.cpp:
+        (myAllocate):
+
+2007-02-16  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Mitz.
+
+        http://bugs.webkit.org/show_bug.cgi?id=12788
+        REGRESSION: Going back one page in history has a noticeable delay
+        
+        Um...if all elements in two vectors are equal, then I guess we could say that
+        the two vectors are equal too.
+        
+        * wtf/Vector.h:
+        (WTF::):
+
+2007-02-14  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        Add new canCompareWithMemcmp vector trait and use it to determine whether
+        operator== can use memcmp.
+        
+        * wtf/Vector.h:
+        (WTF::):
+        (WTF::VectorTypeOperations::compare):
+        (WTF::operator==):
+        * wtf/VectorTraits.h:
+        (WTF::):
+
+2007-02-13  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Darin
+        
+        Tweaked vector a bit
+
+        * wtf/Vector.h:
+        (WTF::operator==):
+
+2007-02-13  Matt Perry  <mpcomplete@chromium.org>
+
+        Reviewed by Darin.
+
+        - fix for http://bugs.webkit.org/show_bug.cgi?id=12750
+          Vector operator== was not defined correctly. It returned void,
+          did not accept const Vectors, and used an int instead of size_t. 
+
+        * wtf/Vector.h: fixed comparison operators
+        (WTF::operator==):
+        (WTF::operator!=):
+
+2007-02-10  David Carson  <dacarson@gmail.com>
+
+        Reviewed by Maciej.
+
+        - fix for http://bugs.webkit.org/show_bug.cgi?id=12636
+        Corrected the generation of method signatures when the parameter
+        is an Array. 
+        Added support for converting a Javascript array to a Java array.
+
+        * bindings/jni/jni_utility.h: added new type for array, array_type
+        * bindings/jni/jni_runtime.cpp: add support for new array type
+        (JavaField::valueFromInstance):
+        (JavaField::setValueToInstance):
+        (JavaMethod::JavaMethod):
+        (JavaMethod::signature):
+        * bindings/jni/jni_utility.cpp: add support for new array type
+        (KJS::Bindings::callJNIMethod):
+        (KJS::Bindings::callJNIStaticMethod):
+        (KJS::Bindings::callJNIMethodIDA):
+        (KJS::Bindings::JNITypeFromClassName):
+        (KJS::Bindings::signatureFromPrimitiveType):
+        (KJS::Bindings::JNITypeFromPrimitiveType):
+        (KJS::Bindings::getJNIField):
+        (KJS::Bindings::convertArrayInstanceToJavaArray): new method
+        converts the Javascript array to the requested Java array.
+        (KJS::Bindings::convertValueToJValue):
+
+2007-02-08  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/4930614>
+        Safari complains about "Slow Script" if GMail is left open and machine is busy
+        
+        <rdar://problem/4649516>
+        Turn off slow script dialog or crank up time that makes it come up
+        
+        <rdar://problem/4963589>
+        Slow script warning is displayed after closing of PROMPT or PRINT dialog
+        
+        Re-do the way script timeouts are handled. No longer use a unix timer that sends signals. Instead, add a 
+        tick count and increment it in loop bodies. If the tick count reaches a threshold, do a timeout check. If the total time executing
+        is higher than the timeout value, (possibly) interrupt the script. The timeout checker also adjusts the threshold dynamically
+        to prevent doing the timeout check too often.
+         
+        * JavaScriptCore.exp:
+        Remove pause and resume calls.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Add winmm.lib.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::~Interpreter):
+        (KJS::Interpreter::startTimeoutCheck):
+        (KJS::Interpreter::stopTimeoutCheck):
+        (KJS::Interpreter::resetTimeoutCheck):
+        (KJS::getCurrentTime):
+        (KJS::Interpreter::checkTimeout):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::timedOut):
+        * kjs/nodes.cpp:
+        (DoWhileNode::execute):
+        (WhileNode::execute):
+        (ForNode::execute):
+
+2007-02-07  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Reenable testkjs.
+
+2007-02-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - another build fix; this time for sure
+
+        * pcre/pcre_exec.c: (match):
+        The compiler caught an incorrect use of the othercase variable across
+        a call to RMATCH in character repeat processing. Local variables can
+        change in the crazy NO_RECURSE mode that we use, so we instead need
+        the value in othercase to be in one of the special stack frame variables.
+        Added a new stack frame variable for this purpose named repeat_othercase.
+        Also noted a similar error in the non-UTF-16 side of the #ifdef, but
+        didn't try to fix that one. Also removed a SUPPORT_UCP #ifdef from the
+        PCRE_UTF16 side; that code doesn't work without the Unicde properties
+        table, and we don't try to use it that way.
+
+2007-02-06  Steve Falkenburg  <sfalken@apple.com>
+
+        Disable testkjs in sln until we figure out mysterious compiler warning.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+
+2007-02-06  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix by ggaren
+
+        * pcre/pcre_exec.c:
+        (match):
+
+2007-02-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix <rdar://problem/4979089> PCRE should avoid setjmp/longjmp even when compiler
+          is not GCC
+
+        Added a new code path that's slower and way uglier but doesn't rely on GCC's
+        computed gotos.
+
+        * pcre/pcre_exec.c: Added a numeric parameter to the RMATCH function. It must be
+        different at every RMATCH call site. Changed the non-GCC NO_RECURSE version of
+        the macro to use a label incorporating the number. Changed the RRETURN macro to
+        use a goto instead of longjmp.
+        (match): Added a different number at each callsite, using a perl script for the
+        first-time task. Going forward it should be easy to maintain by hand. Added a
+        switch statement at the bottom of the function. We'll get compile time errors
+        if we have anything in the switch statement that's never used in an RMATCH,
+        but errors in the other direction are silent except at runtime.
+
+2007-02-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fix <rdar://problem/4687840> 9A241: JavaScript RegExp 25-30x slower than on 10.4.7
+
+        I used Shark to figure out what to do. The test case is now 15% faster than with
+        stock Safari. Some other regular expression cases might still be a few % slower
+        than before, but the >10x slowdown is now completely gone.
+
+        1) Fix slowness caused by setjmp/longjmp by using computed goto instead.
+
+        Use GCC extensions - locally declared labels, labels as values, and computed goto -
+        instead of using setjmp/longjmp to implemement non-recursive version of the regular
+        expression system. We could probably make this even faster if we reduced the use
+        of malloc a bit too.
+
+        2) Fix slowness caused by allocating heapframe objects by allocating the first
+           16 of them from the stack.
+
+        3) Speed up use of malloc and free in PCRE by making it use fastMalloc and fastFree.
+
+        4) Speed up the test case by adding a special case to a UString function.
+
+        5) Made a small improvement to the innermost hottest loop of match by hoisting
+           the conversion from int to pcre_uchar out of the loop.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Compile FastMallocPCRE.cpp, and don't
+        compile pcre_globals.c.
+
+        * wtf/FastMallocPCRE.cpp: Added. A copy of pcre_globals.c that uses FastMalloc.h.
+        This is better than code that sets the PCRE allocation globals because by doing it
+        this way there's guaranteed to be no problem with order of initialization.
+
+        * kjs/ustring.cpp: (KJS::UString::spliceSubstringsWithSeparators): Add a fast
+        special case when this is called for only one subrange and no seaprators. This
+        was happening a lot in the test case and it seems quite reasonable to optimize this.
+
+        * pcre/pcre_exec.c: Create a copy of the RMATCH and RRETURN macros that use goto
+        instead of setjmp/longjmp. Change code that calls pcre_stack_malloc to first use
+        storage on the stack inside the match function.
+        (match): Move initialization of utf8 up a couple lines to avoid "possibly used
+        uninitialized" warning. Use a local variable so we compare with pcre_uchar instead
+        of with int inside the inner "find a character" loop.
+
+2007-02-03  George Staikos  <staikos@kde.org>
+
+        Reviewed by Alexey.
+
+        -1 is not a valid point.  We can't handle anything > 0xffff anyway.
+        Fixes crash on cases like eval("x");
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::category):
+
+2007-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - fix copying and assigning a ListHashSet
+
+        No test because the code path with bugs I am fixing is not used yet.
+
+        * wtf/ListHashSet.h: Tweaked ListHashSetNodeAllocator a little bit for clarity.
+        Changed m_allocator to be an OwnPtr instead of doing an explicit delete.
+        Fixed bug in copy constructor where we'd have an uninitialized m_allocator.
+        Fixed bug in assignment operator where it would swap only the hash table, and
+        not the head, tail, and allocator pointers.
+
+2007-02-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Use WTFLog instead of fprintf for logging KJS::Node leaks.
+
+        * kjs/nodes.cpp:
+        (NodeCounter::~NodeCounter): Changed count to unsigned, updated
+        to match style guidelines.
+
+2007-02-02  Maciej Stachowiak  <mjs@apple.com>
+
+        - not reviewed, build fix
+
+        * wtf/ListHashSet.h:
+        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator): ummm, use union correctly
+
+2007-02-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - use a custom allocator for ListHashSet, to fix ~1% perf regression using it for form control
+
+        * wtf/ListHashSet.h:
+        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator):
+        (WTF::ListHashSetNodeAllocator::allocate):
+        (WTF::ListHashSetNodeAllocator::deallocate):
+        (WTF::ListHashSetNode::operator new):
+        (WTF::ListHashSetNode::operator delete):
+        (WTF::ListHashSetNode::destroy):
+        (WTF::ListHashSetTranslator::translate):
+        (WTF::::ListHashSet):
+        (WTF::::~ListHashSet):
+        (WTF::::add):
+        (WTF::::unlinkAndDelete):
+        (WTF::::deleteAllNodes):
+
+2007-01-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adam.
+        
+        - fix sporadic crash
+
+        * wtf/ListHashSet.h:
+        (WTF::::remove): remove before deleting
+
+2007-01-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark with help from Lars.
+        
+        - added new ListHashSet class, which combines a hashtable and a linked list to provide a set
+        that keeps elements in inserted order
+        
+        This is to assist in fixing the following:
+        <rdar://problem/4751164> REGRESSION: Safari places text on incorrect button when returning to a page via back [10541]
+        http://bugs.webkit.org/show_bug.cgi?id=10541
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/HashTable.h:
+        (WTF::HashTable::find):
+        (WTF::HashTable::contains):
+        (WTF::::find):
+        (WTF::::contains):
+        * wtf/ListHashSet.h: Added.
+        (WTF::ListHashSetNode::ListHashSetNode):
+        (WTF::ListHashSetNodeHashFunctions::hash):
+        (WTF::ListHashSetNodeHashFunctions::equal):
+        (WTF::ListHashSetIterator::ListHashSetIterator):
+        (WTF::ListHashSetIterator::get):
+        (WTF::ListHashSetIterator::operator*):
+        (WTF::ListHashSetIterator::operator->):
+        (WTF::ListHashSetIterator::operator++):
+        (WTF::ListHashSetIterator::operator--):
+        (WTF::ListHashSetIterator::operator==):
+        (WTF::ListHashSetIterator::operator!=):
+        (WTF::ListHashSetIterator::operator const_iterator):
+        (WTF::ListHashSetIterator::node):
+        (WTF::ListHashSetConstIterator::ListHashSetConstIterator):
+        (WTF::ListHashSetConstIterator::get):
+        (WTF::ListHashSetConstIterator::operator*):
+        (WTF::ListHashSetConstIterator::operator->):
+        (WTF::ListHashSetConstIterator::operator++):
+        (WTF::ListHashSetConstIterator::operator--):
+        (WTF::ListHashSetConstIterator::operator==):
+        (WTF::ListHashSetConstIterator::operator!=):
+        (WTF::ListHashSetConstIterator::node):
+        (WTF::ListHashSetTranslator::hash):
+        (WTF::ListHashSetTranslator::equal):
+        (WTF::ListHashSetTranslator::translate):
+        (WTF::::ListHashSet):
+        (WTF::::operator):
+        (WTF::::~ListHashSet):
+        (WTF::::size):
+        (WTF::::capacity):
+        (WTF::::isEmpty):
+        (WTF::::begin):
+        (WTF::::end):
+        (WTF::::find):
+        (WTF::::contains):
+        (WTF::::add):
+        (WTF::::remove):
+        (WTF::::clear):
+        (WTF::::unlinkAndDelete):
+        (WTF::::appendNode):
+        (WTF::::deleteAllNodes):
+        (WTF::::makeIterator):
+        (WTF::::makeConstIterator):
+        (WTF::deleteAllValues):
+
+2007-01-30  Darin Adler  <darin@apple.com>
+
+        * kjs/DateMath.cpp: Fix license header to reflect LGPL as the first license
+        mentioned. We still mention the option of using under MPL or GPL since some
+        of this code came from the Mozilla project with those license terms.
+
+2007-01-30  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        Turned JavaScriptCore from a separate library into an includable
+        project, to combine it all into libWebKitQt.
+
+        * JavaScriptCore.pri: Added.
+        * JavaScriptCore.pro: Removed.
+        * kjs/testkjs.pro:
+
+2007-01-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fixed <rdar://problem/4485644> REGRESSION: JavaScriptCore has init routines
+        
+        The TCMalloc module now initializes, if needed, inside GetCache() and 
+        fastMallocSetIsMultiThreaded(). We leverage the same synchronization 
+        technique used for enabling / disabling the single-threaded optimization 
+        to synchronize initialization of the library without requiring a lock 
+        for every malloc.
+        
+        1,251 runs of tcmalloc_unittest, 2 runs of a custom, massively multi-threaded 
+        tcmalloc_unittest, and my custom version of the PLT show no regressions.
+        Super-accurate JS iBench reports a .24% regression, which is right at the
+        limit of its error range, so I'm declaring victory.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocSetIsMultiThreaded): Initialize, if needed. (InitModule()
+        checks the "if needed" part.)
+        (WTF::TCMalloc_ThreadCache::GetCache): Restored original TCMalloc code
+        inside #ifdef, for posterity. Added new initialization logic.
+        (WTF::TCMalloc_ThreadCache::InitModule): Call InitTSD(), since we don't
+        have a static initializer to call it for us, now. This means that fastMalloc
+        is not usable as a general libc allocator, but it never was, and if it were
+        the general libc allocator, we wouldn't be here in the first place, so whatever.
+        (WTF::TCMalloc_ThreadCache::InitTSD): Don't try to take the pageheap_lock, 
+        since InitModule already has it.
+
+2007-01-29  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Geoff and Oliver.
+
+        - rdar://problem/4955561
+        - missusing JavaScript shouldn't crash webkit.  Now it doesn't, in this case.
+
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::callAsFunction):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::callAsFunction):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::callAsFunction):
+
+2007-01-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        First step in fixing <rdar://problem/4485644> REGRESSION: JavaScriptCore 
+        has init routines
+        
+        Don't rely on a static initializer to store the main thread's ID (which
+        we would use to detect allocations on secondary threads). Instead, require 
+        the caller to notify fastMalloc if it might allocate on a secondary thread.
+        
+        Also fixed what seemed like a race condition in do_malloc.
+        
+        tcmalloc_unittest and my custom versions of JS iBench and PLT show no
+        regressions.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocSetIsMultiThreaded): 
+        (1) Renamed from "fastMallocRegisterThread", which was a misleading name because 
+        not all threads need to register with fastMalloc -- only secondary threads 
+        need to, and only for the purpose of disabling its single-threaded optimization. 
+
+        (2) Use the pageheap_lock instead of a custom one, since we need to synchronize
+        with the read of isMultiThreaded inside CreateCacheIfNecessary. This is a new
+        requirement, now that we can't guarantee that the first call to CreateCacheIfNecessary
+        will occur on the main thread at init time, before any other threads have been created.
+
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (WTF::do_malloc): Reverted WTF change only to call GetCache() if size <= kMaxSize.
+        The WTF code would read phinited without holding the pageheap_lock, which
+        seemed like a race condition. Regardless, calling GetCache reduces the number 
+        of code paths to module initialization, which will help in writing the 
+        final fix for this bug.
+
+2007-01-28  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=9815
+          JavaScript TypeError loading Dean Edwards' JS compressor/obfuscator
+
+        Creating a function using 'new Function()' was not setting its prototype with the
+        same flags as 'function() { }'.
+
+        Test: fast/js/function-prototype.html
+
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct): Change flags from DontEnum|DontDelete|ReadOnly to
+        Internal|DontDelete to match FuncDeclNode::processFuncDecl() and
+        FuncExprNode::evaluate() in kjs/nodes.cpp.
+
+2007-01-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Added some missing JSLocks, which might fix <rdar://problem/4889707>.
+
+        We need to lock whenever we might allocate memory because our FastMalloc
+        implementation requires clients to register their threads, which we do
+        through JSLock. 
+        
+        We also need to lock whenever modifying ref-counts because they're not 
+        thread-safe.
+
+        * API/JSObjectRef.cpp:
+        (JSClassCreate): Allocates memory
+        (JSClassRetain): Modifies a ref-count
+        (JSClassRelease): Modifies a ref-count
+        (JSPropertyNameArrayRetain): Modifies a ref-count
+        (JSPropertyNameArrayRelease): Modifies a ref-count
+        * API/JSStringRef.cpp:
+        (JSStringRetain): Modifies a ref-count
+        * API/JSValueRef.cpp:
+        (JSValueIsInstanceOfConstructor): Might allocate memory if an exception
+        is thrown.
+
+2007-01-27  Lars Knoll <lars@trolltech.com>
+
+        Fix the Qt build.
+
+        * bindings/qt/qt_instance.h:
+
+2007-01-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/4608404> WebScriptObject's _rootObject lack 
+        of ownership policy causes crashes (e.g., in Dashcode)
+        
+        The old model for RootObject ownership was either to (1) leak them or (2) assign
+        them to a single owner -- the WebCore::Frame -- which would destroy them 
+        when it believed that all of its plug-ins had unloaded.
+        
+        This model was broken because of (1) and also because plug-ins are not the only 
+        RootObject clients. All Bindings clients are RootObjects clients, including 
+        applications, which outlive any particular WebCore::Frame.
+        
+        The new model for RootObject ownership is to reference-count them, with a
+        throw-back to the old model: The WebCore::Frame tracks the RootObjects
+        it creates, and invalidates them when it believes that all of its plug-ins 
+        have unloaded.
+        
+        We maintain this throw-back to avoid plug-in leaks, particularly from Java.
+        Java is completely broken when it comes to releasing JavaScript objects. 
+        Comments in our code allege that Java does not always call finalize when 
+        collecting objects. Moreoever, my own testing reveals that, when Java does 
+        notify JavaScript of a finalize, the data it provides is totally bogus.
+        
+        This setup is far from ideal, but I don't think we can do better without
+        completely rewriting the bindings code, and possibly part of the Java
+        plug-in / VM.
+        
+        Layout tests pass. No additional leaks reported. WebCore/manual-tests/*liveconnect*
+        and a few LiveConnect demos on the web also run without a hitch.
+        
+        const RootObject* => RootObject*, since we need to ref/deref
+        
+        * bindings/NP_jsobject.cpp:
+        (jsDeallocate): deref our RootObjects. Also unprotect or JSObject, instead
+        of just relying on the RootObject to do it for us when it's invalidated.
+        (_isSafeScript): Check RootObject validity.
+        (_NPN_CreateScriptObject): ditto
+        (_NPN_Invoke): ditto
+        (_NPN_Evaluate): ditto
+        (_NPN_GetProperty): ditto
+        (_NPN_SetProperty): ditto
+        (_NPN_RemoveProperty): ditto
+        (_NPN_HasProperty): ditto
+        (_NPN_HasMethod): ditto
+        (_NPN_SetException): ditto
+
+        * bindings/runtime_root.cpp: 
+        Revived bit-rotted LIAR LIAR LIAR comment.
+        
+        LOOK: Added support for invalidating RootObjects without deleting them, 
+        which is the main goal of this patch. 
+
+        Moved protect counting into the RootObject class, to emphasize that 
+        the RootObject protects the JSObject, and unprotects it upon being invalidated.
+            addNativeReference => RootObject::gcProtect
+            removeNativeReference => RootObject::gcUnprotect
+            ProtectCountSet::contains => RootObject::gcIsProtected
+            
+        I know we'll all be sad to see the word "native" go.
+        
+        * bindings/runtime_root.h: Added ref-counting support to RootObject, with
+        all the standard accoutrements.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant): If we can't find a valid RootObject,
+        return void instead of just leaking.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance): Don't take a RootObject in our constructor;
+        be like other Instances and require the caller to call setRootObject. This
+        reduces the number of ownership code paths.
+        (JavaInstance::invokeMethod): Check RootObject for validity.
+        * bindings/jni/jni_instance.h: Removed private no-arg constructor. Having
+        an arg constructor accomplishes the same thing.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::invoke): No need to call findProtectCountSet, because finalize()
+        checks for RootObject validity.
+        (JavaJSObject::JavaJSObject): check RootObject for validity
+        (JavaJSObject::call): ditto
+        (JavaJSObject::eval): ditto
+        (JavaJSObject::getMember): ditto
+        (JavaJSObject::setMember): ditto
+        (JavaJSObject::removeMember): ditto
+        (JavaJSObject::getSlot): ditto
+        (JavaJSObject::setSlot): ditto
+        (JavaJSObject::toString): ditto
+        (JavaJSObject::finalize): ditto
+        (JavaJSObject::createNative): No need to tell the RootObject to protect 
+        the global object, since the RootObject already owns the interpreter.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::JavaArray): Removed copy construcutor becaue it was unused.
+        Dead code is dangerous code.
+
+        * bindings/objc/objc_runtime.mm: Added WebUndefined protocol. Previous use
+        of WebScriptObject was bogus, because WebUndefined is not a subclass of
+        WebScriptObject.
+        (convertValueToObjcObject): If we can't find a valid RootObject,
+        return nil instead of just leaking.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue): If we can't find a valid RootObject,
+        return nil instead of just leaking.
+
+2007-01-27  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Maciej.
+        
+        Fix for Repeated string concatenation results in OOM crash
+        http://bugs.webkit.org/show_bug.cgi?id=11131
+
+        * kjs/operations.cpp:
+        (KJS::add): Throw exception if string addition result is null
+        * kjs/ustring.cpp:
+        (KJS::UString::UString): Don't call memcpy when malloc failed
+
+2007-01-25  Jan Kraemer  <camel@gmx.de>
+
+        Reviewed by Maciej
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=12382
+
+        Fix crash on architectures with 32 bit ints and
+        64 bit longs (For example Linux on AMD64)
+
+        * kjs/dtoa.cpp: #define Long int as suggested in comment
+
+2007-01-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed up #include order for style. No review necessary.
+
+        * API/JSStringRef.cpp:
+
+2007-01-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Copy JSStringRefCF, in case anybody wants to use it. (I just added
+        it recently.)
+
+2007-01-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, trivial property change.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: remove svn:mime-type
+        property which made this binary.
+
+2007-01-25  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin.
+
+        * Info.plist: Update copyright string.
+
+2007-01-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Changed to /usr/sbin/sysctl
+        so we don't rely on people's paths.
+
+2007-01-23  Alice Liu  <alice.liu@apple.com>
+
+        release build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Copy APICasts.h
+
+2007-01-23  Geoffrey Garen  <ggaren@apple.com>
+
+        build fix
+
+        * API/JSStringRef.h:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-01-24  Mark Rowe  <mrowe@apple.com>
+
+        Build fix for DumpRenderTree.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Make JSStringRefCF.h public so it's copied into built framework.
+
+2007-01-23  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Copy APICasts.h
+
+2007-01-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/4885131> Move CFString function declarations from 
+        JSStringRef.h to JSStringRefCF.h
+        
+        Also removed remaining API FIXMEs and changed them into Radars.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass): Added Radar numbers for UTF8 conversion.
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Replaced FIXME for NULL JSContextRef with Radar number.
+
+        * API/JSObjectRef.h: Removed FIXME, which is unprofessional in a public header.
+
+        * API/JSStringRef.cpp: Moved CF related implementations to JSStringRefCF.cpp.
+        (JSStringCreateWithUTF8CString): Replaced FIXME with Radar number.
+        * API/JSStringRef.h: Moved CF related declarations to JSStringRefCF.h. Added
+        #include of JSStringRefCF.h as a stopgap until clients start #including
+        it as needed by themselves.
+
+        * API/JSStringRefCF.cpp: Added.
+        (JSStringCreateWithCFString):
+        (JSStringCopyCFString): Replaced JSChar cast with UniChar cast, which is 
+        more appropriate for a CF call.
+        * API/JSStringRefCF.h: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-01-18  Sanjay Madhav  <sanjay12@gmail.com>
+
+        Reviewed by Darin.
+
+        Add JavaScriptCore define to help with tracing of when objects are marked.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::mark):
+
+2007-01-18  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        * JavaScriptCore.pro: Remove generated files on make clean.
+        * pcre/pcre.pri:
+
+2007-01-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=12268
+        Give object prototypes their own names
+
+        * kjs/lookup.h: Append "Prototype" to ClassName in KJS_IMPLEMENT_PROTOTYPE.
+
+2007-01-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Added re-entrency checking to GC allocation and collection. It is an error
+        to allocate or collect from within a collection. We've had at least one 
+        case of each bug in the past.
+        
+        Added a comment to the API header, explaining that API clients must not
+        make this mistake, either.
+        
+        Layout tests and JS tests pass.
+
+        * API/JSObjectRef.h:
+        * kjs/collector.cpp:
+        (KJS::GCLock::GCLock):
+        (KJS::GCLock::~GCLock):
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+
+2007-01-14  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Mitz.
+
+        Minor fixes to JavaScript pretty-printing.
+
+        * JavaScriptCore.exp:
+        * kjs/Parser.cpp:
+        (KJS::Parser::prettyPrint): Return line number and error message if parsing fails.
+        * kjs/Parser.h:
+        * kjs/nodes2string.cpp:
+        (ElementNode::streamTo): Include comma delimiters in array literals.
+        (PropertyNameNode::streamTo): Quote property names in object literals to handle the case when the property name is not a valid identifier.
+        * kjs/testkjs.cpp:
+        (doIt): Print any errors encountered while pretty-printing.
+
+2007-01-12  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        * wtf/HashTraits.h:
+        Add hash traits for unsigned long and unsigned long long.
+
+2007-01-12  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Brady Eidson.
+        
+        Rolling back in r18786 with leaks fixed, and these renames slightly reworked:
+
+        Because they can return 0:
+        rootObjectForImp => findRootObject (overloaded for JSObject* and Interpreter*)
+        rootObjectForInterpreter => findRootObject (ditto)
+        findReferenceSet => findProtectCountSet
+
+2007-01-11  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Brady Eidson.
+        
+        Rolling out r18786 because it caused leaks.
+
+2007-01-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Even more cleanup in preparation for fixing <rdar://problem/4608404> 
+        WebScriptObject's _executionContext lack of ownership policy causes 
+        crashes (e.g., in Dashcode)
+        
+        Layout tests pass.
+        
+        Renames:
+            ReferencesSet | ProtectCounts => ProtectCountSet (because it's a typename for a set of GC protect counts)
+            ReferencesByRootMap => RootObjectMap (because RootObjectToProtectCountSetMap would have been confusing)
+            pv => protectedValues
+            rootObjectForImp => getRootObject (overloaded for JSObject* and Interpreter*)
+            rootObjectForInterpreter => getRootObject (ditto)
+            findReferenceSet => getProtectCountSet
+            imp => jsObject
+        
+        (KJS::Bindings::getRootObjectMap): Changed to take advantage of built-in
+        facility for initializing static variables.
+
+        (KJS::Bindings::getProtectCountSet):
+        (KJS::Bindings::destroyProtectCountSet): Added. Helps encapsulate the fact
+        that getting a ProtectCountSet entails adding a RootObject to a hash table,
+        and destroying one entails the reverse.
+
+        (KJS::Bindings::getRootObject): Removed spurious NULL check.
+        
+        (KJS::Bindings::findReferenceSet): Renamed. Changed to use getRootObject()
+        instead of iterating on its own.
+
+        (KJS::Bindings::addNativeReference): Changed to use an early return instead
+        of indenting the whole function.
+        (KJS::Bindings::removeNativeReference): Ditto.
+
+2007-01-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Even more cleanup in preparation for fixing <rdar://problem/4608404> 
+        WebScriptObject's _executionContext lack of ownership policy causes 
+        crashes (e.g., in Dashcode)
+        
+        Layout tests pass.
+        
+        Renames:
+            findRootObjectForNativeHandleFunction => createRootObject
+            FindRootObjectForNativeHandleFunctionPtr => CreateRootObjectFunction
+            
+        Also removed unnecessary use of "Bindings::" prefix.
+
+        * JavaScriptCore.exp:
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::createNative):
+        (JavaJSObject::convertValueToJObject):
+        (JavaJSObject::convertJObjectToValue):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::RootObject::setCreateRootObject):
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::createRootObject):
+
+2007-01-11  George Staikos  <staikos@kde.org>
+
+        Reviewed by Maciej
+
+        Appears to be Mac specific right now.
+
+        * kjs/config.h:
+
+2007-01-10  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by Zack
+
+        Use the new functionality in Qt 4.3, to make
+        the methods closer compliant with the Unicode
+        spec.
+
+        Keep the old code so that it still compiles against
+        Qt 4.2.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::toTitleCase):
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::isFormatChar):
+        (WTF::Unicode::isPrintableChar):
+        (WTF::Unicode::isSeparatorSpace):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::isUpper):
+        (WTF::Unicode::digitValue):
+        (WTF::Unicode::mirroredChar):
+        (WTF::Unicode::combiningClass):
+        (WTF::Unicode::decompositionType):
+        (WTF::Unicode::umemcasecmp):
+        (WTF::Unicode::direction):
+        (WTF::Unicode::category):
+
+2007-01-09  Darin Adler  <darin@apple.com>
+
+        - update 2007 Apple copyright for the new company name
+
+        * kjs/DateMath.cpp:
+
+2007-01-09  Darin Adler  <darin@apple.com>
+
+        - fix build
+
+        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
+        Actually compile it this time.
+
+2007-01-09  Darin Adler  <darin@apple.com>
+
+        - fix build
+
+        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
+        Change types.
+
+2007-01-09  Darin Adler  <darin@apple.com>
+
+        - fix build on platforms where Unicode::UChar is != uint16_t
+
+        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
+        Change types.
+
+2007-01-09  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Darin.
+
+        - changes for http://bugs.webkit.org/show_bug.cgi?id=11078
+          Forms Don't Submit (ASP Pages)
+
+        * JavaScriptCore.exp:
+        * kjs/value.cpp:
+        (KJS::JSValue::toInt32): Folded toInt32Inline into this method, which was its
+        only caller.
+        (KJS::JSValue::toUInt32): Added a variant that reports if the conversion has
+        succeeded.
+        * kjs/value.h:
+
+2007-01-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12174
+          improve Unicode use (less WTF::Unicode:: prefix, centralized character names)
+
+        * wtf/unicode/icu/UnicodeIcu.h: Change parameter and return types
+        to UChar32 and UChar. Removed unneeded type casts and added some
+        const to functions that lacked it. Removed WTF::Unicode::memcmp.
+        (WTF::Unicode::umemcasecmp): Renamed from strcasecmp since this
+        doesn't work on 0-terminated strings as the str functions do.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+        - got rid of namespace prefixes from most uses of WTF::Unicode
+
+        * kjs/function.cpp:
+        (KJS::isStrWhiteSpace):
+        (KJS::escapeStringForPrettyPrinting):
+        * kjs/lexer.cpp:
+        (KJS::Lexer::isWhiteSpace):
+        (KJS::Lexer::isIdentStart):
+        (KJS::Lexer::isIdentPart):
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction):
+
+2007-01-07  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=11917
+          setlocale() can return null
+
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction): Removed dead code.
+
+2007-01-07  David Carson  <dacarson@gmail.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12100
+          JNI bindings should be available to non-Mac platforms that have JNI
+
+        Change JNI so that it is not wrapped in the PLATFORM(MAC) ifdef, enabling
+        other platforms who have JNI to use it.
+
+        * bindings/jni/jni_instance.h:  
+          Removed unnecessary include of <CoreFoundation/CoreFoundation.h>
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::setJavaVM):
+        * bindings/jni/jni_utility.h:
+          Added new method for clients to set the JavaVM
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+          Changed code to utilize new #if HAVE(JNI)
+        * kjs/config.h:
+          Added new #define for JNI, ie HAVE_JNI
+
+2007-01-07  David Carson  <dacarson@gmail.com>
+
+        Reviewed by Darin.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=11431
+        ARM platform has some byte alignment issues
+
+        Fix for NaN being 4 bytes and it must start on a byte boundary
+        for ARM architectures.
+
+        * kjs/fpconst.cpp:
+        (KJS::):
+
+2007-01-04  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Kevin McCullough.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12070
+          REGRESSION: KJS::getUTCOffset() caches UTC offset but ignores time zone changes
+
+        * kjs/DateMath.cpp:
+        (KJS::getUTCOffset): Don't cache UTC offset.
+
+2007-01-02  Darin Adler  <darin@apple.com>
+
+        - minor tweak (hope this doesn't re-break Windows)
+
+        * pcre/pcre_compile.c: Removed use of const pcre_uchar const * -- Mitz probably
+        meant const pcre_uchar *const, but I think we can do without the explicit const here.
+
+        * pcre/pcre_internal.h: Re-enabled warning C4114.
+
+2007-01-02  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by NOBODY (Windows build fix).
+
+        The MSVC compiler requires variables to be declared at the top of the enclosing block in C source.
+
+        Disable this warning to prevent MSVC from complaining about the 'const pcre_uchar const *' type:
+        warning C4114: same type qualifier used more than once
+
+        * pcre/pcre_compile.c:
+        (pcre_compile2): Moved variable declarations to top of their respective enclosing blocks.
+        * pcre/pcre_internal.h: Added pragma to disable compiler warning.
+
+2007-01-01  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=11849
+          REGRESSION (r18182): Google Calendar is broken (a regular expression containing a null character is not parsed correctly)
+
+        Modified pcre_compile() (and the functions that it calls) to work with patterns
+        containing null characters.
+
+        Covered by JavaScriptCore tests ecma_3/RegExp/octal-002.js and ecma_3/RegExp/regress-85721.js
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Changed to not null-terminate the pattern string and instead
+        pass its length to pcre_compile.
+        * pcre/pcre.h:
+        * pcre/pcre_compile.c:
+        (check_escape):
+        (get_ucp):
+        (is_counted_repeat):
+        (check_posix_syntax):
+        (compile_branch):
+        (compile_regex):
+        (pcre_compile): Added a parameter specifying the length of the pattern, which
+        is no longer required to be null-terminated and may contain null characters. 
+        (pcre_compile2):
+        * pcre/pcre_internal.h:
+        * tests/mozilla/expected.html: Updated for the two tests that this patch
+        fixes. Also updated failing results for ecma_3/RegExp/regress-100199.js
+        which were not updated after bug 6257 was fixed.
+
+2007-01-01  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=12057
+          REGRESSION: JavaScript Date Is One Day In The Future in GMT time zone
+
+        Because Mac OS X returns geographically and historically accurate time zone information,
+        converting Jan 02, 1970 12:00:00 AM to local time then subtracting 24 hours did not work
+        in GMT (London - England) since it was in BST (+0100) all year in 1970[1].  Instead, the
+        UTC offset is calculated by converting Jan 01, 2000 12:00:00 AM to local time then
+        subtracting that from the same date in UTC.
+
+        [1] http://en.wikipedia.org/wiki/British_Summer_Time
+
+        * kjs/DateMath.cpp:
+        (KJS::getUTCOffset): Updated UTC offset calculation.
+        (KJS::getDSTOffset): Improved comment.
+
+2006-12-31  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Geoff.
+
+        Update embedded pcre library from version 6.2 to 6.4.  Changes from pcre 6.2 to 6.3
+        did not include any files in JavaScriptCore/pcre.
+
+        All changes include renaming EXPORT to PCRE_EXPORT, renaming of ucp_findchar() to
+        _pcre_ucp_findchar(), or comment changes.  Additional changes noted below.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Updated source file list.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Renamed pcre_printint.c to pcre_printint.src
+        and changed it from a source file to a header file.
+        * JavaScriptCoreSources.bkl: Updated source file list.
+        * pcre/CMakeLists.txt: Updated source file list.
+        * pcre/pcre-config.h:
+        * pcre/pcre.h: Updated version.
+        * pcre/pcre.pri: Updated source file list.
+        * pcre/pcre_compile.c: Include pcre_printint.src #if DEBUG.
+        (pcre_compile2):
+        * pcre/pcre_config.c:
+        * pcre/pcre_exec.c:
+        (match):
+        * pcre/pcre_fullinfo.c:
+        * pcre/pcre_info.c:
+        * pcre/pcre_internal.h: Added header guard.  Removed export of _pcre_printint().
+        * pcre/pcre_ord2utf8.c:
+        * pcre/pcre_printint.c: Renamed to pcre_printint.src.
+        * pcre/pcre_printint.src: Added.  Renamed _pcre_printint() to pcre_printint().
+        * pcre/pcre_refcount.c:
+        * pcre/pcre_study.c:
+        * pcre/pcre_tables.c:
+        * pcre/pcre_try_flipped.c:
+        * pcre/pcre_ucp_findchar.c: Added contents of ucp_findchar.c.
+        * pcre/pcre_version.c:
+        * pcre/pcre_xclass.c:
+        (_pcre_xclass):
+        * pcre/ucp.h: Removed export of ucp_findchar().
+        * pcre/ucp_findchar.c: Removed.  Contents moved to pcre_ucp_findchar.c.
+
+2006-12-29  David Kilzer  <ddkilzer@webkit.org>
+
+        Reviewed by Geoff.
+
+        Update embedded pcre library from version 6.1 to 6.2.  From the pcre ChangeLog:
+
+        3. Added "b" to the 2nd argument of fopen() in dftables.c, for non-Unix-like
+           operating environments where this matters.
+
+        5. Named capturing subpatterns were not being correctly counted when a pattern
+           was compiled. This caused two problems: (a) If there were more than 100
+           such subpatterns, the calculation of the memory needed for the whole
+           compiled pattern went wrong, leading to an overflow error. (b) Numerical
+           back references of the form \12, where the number was greater than 9, were
+           not recognized as back references, even though there were sufficient
+           previous subpatterns.
+
+        * pcre/dftables.c: Item 3.
+        (main):
+        * pcre/pcre.h: Updated version.
+        * pcre/pcre_compile.c: Item 5.
+        (read_repeat_counts):
+        (pcre_compile2):
+
+2006-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Brian Dash... err... Mark Rowe.
+
+        More cleanup in preparation for fixing <rdar://problem/4608404> 
+        WebScriptObject's _executionContext lack of ownership policy causes 
+        crashes (e.g., in Dashcode)
+        
+        The key change here is to RootObject::RootObject().
+        
+        * JavaScriptCore.exp:
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant): Changed to use new constructor.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::createNative): Changed to use new constructor. Replaced
+        large 'if' followed by default condition with "if !" and explicit default
+        condition.
+
+        * bindings/objc/objc_runtime.mm:
+        (convertValueToObjcObject): Changed to use new constructor.
+
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::RootObject::destroy): "removeAllNativeReferences" => "destroy"
+        because this function actually destroys the RootObject.
+
+        * bindings/runtime_root.h: Changed Interpreter* to RefPtr<Interpreter>
+        to prevent a RootObject from holding a stale Interperter*.
+        
+        (KJS::Bindings::RootObject::RootObject): Changed constructor to take an 
+        Interpreter*, since it's pointless to create a RootObject without one.
+        Removed setRootObjectImp() and rootObjectImp() because they were just
+        a confusing way of setting and getting the Interpreter's global object.
+
+        (KJS::Bindings::RootObject::nativeHandle): "_nativeHandle" => "m_nativeHandle"
+        (KJS::Bindings::RootObject::interpreter): "_interpreter" => "m_interpreter"
+
+2006-12-28  George Staikos  <staikos@kde.org>
+
+        Reviewed by Olliej.
+
+        * bindings/qt/qt_instance.cpp: build
+        (KJS::Bindings::QtInstance::QtInstance):
+
+2006-12-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        More cleanup. Layout tests pass.
+        
+        Use a helper function to initialize and access WebUndefined and WebScriptObject.
+
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (KJS::Bindings::webScriptObjectClass):
+        (KJS::Bindings::webUndefinedClass):
+        (convertValueToObjcObject):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+
+2006-12-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Brady Eidson.
+        
+        Some cleanup in preparation for fixing <rdar://problem/4608404> 
+        WebScriptObject's _executionContext lack of ownership policy causes 
+        crashes (e.g., in Dashcode)
+        
+        I'm just trying to make heads or tails of this baffling code.
+        
+        Renamed "root" | "execContext" | "executionContext" => "rootObject", because
+        that's the object's (admittedly vague) type name.
+        
+        * bindings/runtime.cpp: Removed createLanguageInstanceForValue
+        because I'll give you a dollar if you can explain to me what it actually did.
+        
+        * bindings/runtime_root.cpp: Put everything in the KJS::Bindings namespace,
+        removing the KJS::Bindings prefix from individual functions and datatypes.
+        This matches the header and eliminates a lot of syntax cruft.
+        
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant): Replaced use of createLanguageInstanceForValue
+        with call to _NPN_CreateScriptObject because that's what createLanguageInstanceForValue
+        actually did (but don't ask me for that dollar now; that's cheating.)
+
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue): Removed. Its only purpose was 
+        to call a single function for WebKit, which WebKit can do on its own.
+
+        * kjs/interpreter.h: Removed rtti() because it was unused, and this class
+        is scheduled for demolition anyway.
+        
+        * kjs/interpreter.cpp: Removed createLanguageInstanceForValue because it had
+        nothing to do with the Interpreter, and nothing makes Chuck Norris more mad
+        than a function whose sole purpose is to call another function of the same
+        name. (Really, I asked him.)
+
+2006-12-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        Some cleanup in preparation for fixing <rdar://problem/4740328> Safari 
+        crash on quit in _NPN_ReleaseObject from KJS::Bindings::CInstance::~CInstance
+
+        * bindings/c/c_instance.cpp:
+        * bindings/c/c_instance.h: Removed unused copy constructor and assignment
+        operator. They made tracking data flow more difficult. Unused code is also 
+        dangerous because it can succumb to bit rot with the stealth of a Ninja.
+        
+        Replaced #include with forward declaration to reduce header dependency.
+        
+        * bindings/npruntime.cpp: Sorted #includes.
+        (_NPN_GetStringIdentifier): Replaced assert with ASSERT.
+        (_NPN_GetStringIdentifiers): ditto
+        (_NPN_ReleaseVariantValue): ditto
+        (_NPN_CreateObject): ditto
+        (_NPN_RetainObject): ditto
+        (_NPN_ReleaseObject): ditto
+        (_NPN_DeallocateObject): ditto
+
+2006-12-20  Anders Carlsson  <acarlsson@apple.com>
+
+        * kjs/string_object.cpp:
+        (localeCompare):
+        Another speculative Win32 fix.
+
+2006-12-20  Anders Carlsson  <acarlsson@apple.com>
+
+        * kjs/string_object.cpp:
+        (localeCompare):
+        Speculative Win32 fix.
+
+2006-12-20  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4235733>
+        <http://bugs.webkit.org/?show_bug.cgi?id=10193>
+        support String.localeCompare.
+        
+        Implement localeCompare.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/string_object.cpp:
+        (localeCompare):
+        (StringProtoFunc::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringProtoFunc::):
+
+2006-12-20  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: use GCC 4.0 for all the other test targets
+
+2006-12-20  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/4871613> JavaScriptCore-421.31's dftables target needs to override default compiler and use gcc-4.0
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-12-20  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by David Hyatt
+
+        Added support to bind QObject's to 
+        JavaScript.
+
+        * JavaScriptCore.pro:
+        * bindings/qt/qt_class.cpp: Added.
+        (KJS::Bindings::QtClass::QtClass):
+        (KJS::Bindings::QtClass::~QtClass):
+        (KJS::Bindings::QtClass::classForObject):
+        (KJS::Bindings::QtClass::name):
+        (KJS::Bindings::QtClass::methodsNamed):
+        (KJS::Bindings::QtClass::fieldNamed):
+        * bindings/qt/qt_class.h: Added.
+        (KJS::Bindings::QtClass::constructorAt):
+        (KJS::Bindings::QtClass::numConstructors):
+        * bindings/qt/qt_instance.cpp: Added.
+        (KJS::Bindings::QtInstance::QtInstance):
+        (KJS::Bindings::QtInstance::~QtInstance):
+        (KJS::Bindings::QtInstance::operator=):
+        (KJS::Bindings::QtInstance::getClass):
+        (KJS::Bindings::QtInstance::begin):
+        (KJS::Bindings::QtInstance::end):
+        (KJS::Bindings::QtInstance::implementsCall):
+        (KJS::Bindings::QtInstance::invokeMethod):
+        (KJS::Bindings::QtInstance::invokeDefaultMethod):
+        (KJS::Bindings::QtInstance::defaultValue):
+        (KJS::Bindings::QtInstance::stringValue):
+        (KJS::Bindings::QtInstance::numberValue):
+        (KJS::Bindings::QtInstance::booleanValue):
+        (KJS::Bindings::QtInstance::valueOf):
+        * bindings/qt/qt_instance.h: Added.
+        (KJS::Bindings::QtInstance::getObject):
+        * bindings/qt/qt_runtime.cpp: Added.
+        (KJS::Bindings::convertValueToQVariant):
+        (KJS::Bindings::convertQVariantToValue):
+        (KJS::Bindings::QtField::name):
+        (KJS::Bindings::QtField::valueFromInstance):
+        (KJS::Bindings::QtField::setValueToInstance):
+        * bindings/qt/qt_runtime.h: Added.
+        (KJS::Bindings::QtField::QtField):
+        (KJS::Bindings::QtField::type):
+        (KJS::Bindings::QtMethod::QtMethod):
+        (KJS::Bindings::QtMethod::name):
+        (KJS::Bindings::QtMethod::numParameters):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::):
+        * bindings/testbindings.pro: Added.
+        * bindings/testqtbindings.cpp: Added.
+        (MyObject::MyObject):
+        (MyObject::setTestString):
+        (MyObject::setTestInt):
+        (MyObject::testString):
+        (MyObject::testInt):
+        (MyObject::foo):
+        (Global::className):
+        (main):
+
+2006-12-19  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        Add -p option to testkjs which pretty prints the files instead of executing them.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/Parser.cpp:
+        (KJS::Parser::prettyPrint):
+        * kjs/Parser.h:
+        * kjs/testkjs.cpp:
+        (doIt):
+
+2006-12-19  Brady Eidson  <beidson@apple.com>
+
+        Rubberstamped by Lou
+        
+        Removed unneccessary "else"
+
+        * wtf/Assertions.cpp:
+
+2006-12-19  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4891774> Local WebCore/WebBrowser builds fail in 9A328 due to warning about ObjC-2.0 language features
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-12-17  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        * kjs/testkjs.pro: Oops, make it also build on machines other than
+        mine :)
+
+2006-12-17  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Rob Buis.
+
+        * kjs/testkjs.pro: Added .pro file to build testkjs.
+
+2006-12-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Rob.
+
+        A deleted object was accessed to prepare RegExp construction error messages.
+
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::construct): Wrap the RegExp into an OwnPtr.
+
+2006-12-16  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Alexey.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=11814
+          REGRESSION(r18098): Find does not work with capital letters
+
+        Test: editing/execCommand/findString-3.html
+
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::foldCase): Changed to not return an error if the result fits
+        in the buffer without a null terminator.
+
+2006-12-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - added equality and inequality operations for HashMap and Vector, useful for comparing more complex types
+
+        * wtf/HashMap.h:
+        (WTF::operator==):
+        (WTF::operator!=):
+        * wtf/Vector.h:
+        (WTF::operator==):
+        (WTF::operator!=):
+
+2006-12-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff. Based on a patch by Maks Orlovich.
+
+        http://bugs.webkit.org/show_bug.cgi?id=6257
+        Throw errors on invalid expressions (KJS merge)
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        (KJS::RegExp::~RegExp):
+        (KJS::RegExp::match):
+        * kjs/regexp.h:
+        (KJS::RegExp::flags):
+        (KJS::RegExp::isValid):
+        (KJS::RegExp::errorMessage):
+        (KJS::RegExp::subPatterns):
+        Remember and report RegExp construction failures. Renamed data members not to start with underscores.
+
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::construct): Raise an exception if RegExp construction fails.
+        (RegExpObjectImp::callAsFunction): Removed an obsolete comment.
+
+        * tests/mozilla/ecma_3/RegExp/regress-119909.js: Reduced the number of nested parentheses to 
+        a value supported by PCRE.
+
+2006-12-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=9673
+        Add support for window.atob() and window.btoa()
+
+        * JavaScriptCore.exp: Export UString::is8Bit().
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added StringExtras.h as 
+        a private header.
+
+2006-12-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Brady.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Let Xcode update this
+        (I think Hyatt is using an old Xcode).
+
+2006-12-11  David Hyatt  <hyatt@apple.com>
+
+        Fix the failing layout test.  Just remove Unicode::isSpace and
+        revert StringImpl to do the same thing it was doing before.
+
+        Reviewed by darin
+
+        * wtf/unicode/icu/UnicodeIcu.h:
+        * wtf/unicode/qt4/UnicodeQt4.h:
+
+2006-12-09  George Staikos  <staikos@kde.org>
+
+        Reviewed by Zack.
+
+        Fix bison again on qmake build.
+
+        * JavaScriptCore.pro:
+
+2006-12-09  Lars Knoll <lars@trolltech.com>
+
+        Reviewed by Zack
+
+        Make it possible to build WebKit with qmake.
+
+        * JavaScriptCore.pro: Added.
+        * kjs/kjs.pro: Removed.
+        * pcre/pcre.pri: Added.
+
+2006-12-09  Zack Rusin  <zack@kde.org>
+
+        Fixing the compilation with platform kde after the icu changes.
+
+        * CMakeLists.txt:
+
+2006-12-09  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Darin.
+
+        Some updates in reaction to r18098.
+
+        * wtf/unicode/icu/UnicodeIcu.h: Use !! to convert UBool to bool in all
+        cases.
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::isSpace):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::isUpper):
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2006-12-09  George Staikos  <staikos@kde.org>
+
+        Patch by Lars Knoll, comment out ICU dependency on Qt platform (unused code).
+
+        Reviewed by Darin.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+
+2006-12-08  David Hyatt  <hyatt@apple.com>
+
+        Land the new ICU abstraction layer.  Patch by Lars.
+
+        Reviewed by me
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/Platform.h:
+        * wtf/unicode/UnicodeCategory.h: Removed.
+        * wtf/unicode/UnicodeDecomposition.h: Removed.
+        * wtf/unicode/UnicodeDirection.h: Removed.
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::):
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::toTitleCase):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::isSpace):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::mirroredChar):
+        (WTF::Unicode::category):
+        (WTF::Unicode::direction):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::isUpper):
+        (WTF::Unicode::digitValue):
+        (WTF::Unicode::combiningClass):
+        (WTF::Unicode::decompositionType):
+        (WTF::Unicode::strcasecmp):
+        (WTF::Unicode::memset):
+        * wtf/unicode/qt4/UnicodeQt4.cpp: Removed.
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::):
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::toTitleCase):
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::isPrintableChar):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::isUpper):
+        (WTF::Unicode::digitValue):
+        (WTF::Unicode::combiningClass):
+        (WTF::Unicode::decompositionType):
+        (WTF::Unicode::strcasecmp):
+        (WTF::Unicode::memset):
+        (WTF::Unicode::direction):
+        (WTF::Unicode::category):
+
+=== Safari-521.32 ===
+
+2006-12-08  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Anders.
+
+        This is a mo' better fix for ensuring we don't use macro definitions
+        of min/max.
+
+        * kjs/config.h:
+        * wtf/Vector.h:
+
+2006-12-07  Kevin Fyure  <digdog@macports.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11545
+        Disable the testcases do not follow the ECMA-262v3 specification.
+        
+        * tests/mozilla/expected.html: Update Results.
+        * tests/mozilla/js1_2/String/concat.js:
+        4 tests disabled. The result of concat Array object is not followinig
+        ECMA 15.5.4.6
+        * tests/mozilla/js1_2/function/Number.js:
+        1 test disabled. The result of Array object to Number object conversion 
+        is not following ECMA 9.3. And the test was duplicated in 
+        ecma/TypeConversion/9.3-1.js
+        * tests/mozilla/js1_2/function/String.js:
+        2 tests disabled. The result of Object/Array object to String object 
+        conversion is not following ECMA 15.5.1.1 and ECMA 9.8
+
+2006-11-30  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Oliver.
+        
+        Move WTF from JavaScriptCore project into a new WTF project.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTF.vcproj to sln
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Remove WTF source files
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Add dependency on WTF.lib
+
+2006-11-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Fixed up garbage collection at window close time.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::~Interpreter): Garbage collect here, since
+        destroying the interpreter frees the global object and 
+        therefore creates a lot of garbage.
+
+2006-11-20  W. Andy Carrel  <wac@google.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11501
+        REGRESSION: \u no longer escapes metacharacters in RegExps
+        http://bugs.webkit.org/show_bug.cgi?id=11502
+        Serializing RegExps doesn't preserve Unicode escapes
+
+        * kjs/lexer.cpp:
+        (Lexer::Lexer):
+        (Lexer::setCode):
+        (Lexer::shift):
+        (Lexer::scanRegExp):
+        Push \u parsing back down into the RegExp object rather than in the
+        parser. This backs out r17354 in favor of a new fix that better 
+        matches the behavior of other browsers.
+
+        * kjs/lexer.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        (KJS::sanitizePattern):
+        (KJS::isHexDigit):
+        (KJS::convertHex):
+        (KJS::convertUnicode):
+        * kjs/regexp.h:
+        Translate \u escaped unicode characters for the benefit of pcre.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::append):
+        Fix failure to increment length on the first UChar appended to a 
+        UString that was copy-on-write.
+
+        * tests/mozilla/ecma_2/RegExp/properties-001.js:
+        Adjust tests back to the uniform standards.
+
+2006-11-20  Samuel Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=11647
+        Fix Win32 build
+
+        * kjs/config.h: define NOMINMAX instead of min/max
+        as themselves.
+        * wtf/Vector.h: put back hack to ensure that min/max
+        are not defined as macros.
+
+2006-11-19  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Zack.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11649
+        Fix CMake Qt-only build without KDE CMake files
+
+        * CMakeLists.txt:
+        * pcre/CMakeLists.txt:
+
+2006-11-17  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Adam.
+
+        Make sure that we always use std::min and std::max instead of macros.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kjs/config.h:
+        * wtf/Vector.h:
+
+=== Safari-521.31 ===
+
+2006-11-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Added project-wide setting to disable Microsoft's made-up deprecation 
+        warnings related to std:: functions. (Doesn't have any affect yet,
+        since we currently disable all deprecation warnings.)
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-11-12  Mark Rowe  <bdash@webkit.org>
+
+        Reviewed by Mitz.
+
+        Clean up of JavaScriptCore bakefiles.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2006-11-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11508
+        Undisable some warnings for JSImmediate.h
+
+        Fix suggested by Don Gibson.
+
+        * kjs/JSImmediate.h:
+        Re-enable all MSVC warnings, move the remaining runtime checks
+        to compile-time.
+
+2006-11-10  Zalan Bujtas  <zalan.bujtas@nokia.com>
+
+        Reviewed by Maciej.
+
+        Added s60/symbian platform defines.
+        http://bugs.webkit.org/show_bug.cgi?id=11540
+
+        * wtf/Platform.h:
+
+=== Safari-521.30 ===
+
+2006-11-08  Ada Chan  <adachan@apple.com>
+
+        Reviewed by darin.
+        
+        Added a method to delete all the keys in a HashMap.
+
+        * wtf/HashMap.h:
+        (WTF::deleteAllPairFirsts):
+        (WTF::deleteAllKeys):
+
+2006-11-07  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        Initialize cachedPrototype to 0.
+
+2006-11-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Maciej.
+
+        Remove warning about garbage after #else. #else clause applies for all
+        non-mac platforms, not only win.
+
+        * kjs/date_object.cpp:
+
+2006-11-06  Mark Rowe  <bdash@webkit.org>
+
+        Reviewed by the wonderful Mitz Pettel.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11524
+        Bug 11524: REGRESSION(r9842): Array.prototype.join should use ToString operator rather than calling toString on each element
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Use ToString operator on each element rather than calling their toString method.
+
+2006-11-03  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix build
+
+        * kjs/JSImmediate.h:
+
+2006-11-03  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11504
+        Fix warnings on non 32 bit platforms
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::NanAsBits):
+        (KJS::JSImmediate::oneAsBits):
+        Rewrite in a way that moves runtime checks to compile-time.
+
+        (KJS::):
+        (KJS::JSImmediate::fromDouble):
+        (KJS::JSImmediate::toDouble):
+
+2006-11-02  George Staikos <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        * collector.cpp:
+        Remove a deprecated pthreads call.
+
+2006-11-02  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Maciej, landed by Anders.
+
+        * CMakeLists.txt:
+        Make KDE support optional.
+
+2006-11-01  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Brady.
+
+        - Fixes many JavaScriptCore tests in other timezones.  The root problem is that on mac localtime() returns historically accurate information for DST, but the JavaScript spec explicitly states to not take into account historical information but rather to interpolate from valid years.
+
+        * kjs/DateMath.cpp:
+        (KJS::equivalentYearForDST):
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+
+2006-10-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=11477
+        REGRESSION: GMail crashes in KJS::FunctionImp::callerGetter
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter): Removed unnecessary braces.
+        (KJS::FunctionImp::callerGetter): More logical NULL checking.
+
+2006-10-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Adding definition for PLATFORM(CI)
+
+        * wtf/Platform.h:
+
+2006-10-31  Vladimir Olexa  <vladimir.olexa@gmail.com>
+
+        Reviewed by Geoff.
+
+        http://bugs.webkit.org/show_bug.cgi?id=4166
+        Function object does not support caller property
+
+        Test: fast/js/caller-property.html
+
+        * kjs/function.cpp: 
+        (KJS::FunctionImp::callerGetter): added
+        (KJS::FunctionImp::getOwnPropertySlot): added if statement to handle callerGetter()
+        * kjs/function.h: added callerGetter() declaration
+        * kjs/identifier.h: added caller property macro
+        * tests/mozilla/expected.html: 
+
+2006-10-30  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam.
+
+        - Fix some timezone issues and JavaScriptCore date tests.  Addresses bugzilla 4930.
+
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::GregorianDateTime): Here's the fix, to add parenthesis for order of precedence.
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction): 
+        (KJS::DateObjectImp::construct): memset not needed as GregorianDateTime initializes itself.
+
+2006-10-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        * kjs/SavedBuiltins.h: Added needed include.
+        * wtf/OwnPtr.h: (WTF::OwnPtr::set): Fixed mistake in assertion.
+
+2006-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - renamed PassRefPtr::release to releaseRef to make it clearer that
+          it's the counterpart of adoptRef, and to make it harder to confuse
+          it with the safer-to-use RefPtr::release
+
+        * kjs/identifier.cpp:
+        (KJS::CStringTranslator::translate):
+        (KJS::UCharBufferTranslator::translate):
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create):
+        * wtf/PassRefPtr.h:
+        (WTF::PassRefPtr::PassRefPtr):
+        (WTF::PassRefPtr::~PassRefPtr):
+        (WTF::PassRefPtr::get):
+        (WTF::PassRefPtr::releaseRef):
+        (WTF::PassRefPtr::operator->):
+        (WTF::PassRefPtr::operator=):
+        (WTF::adoptRef):
+        (WTF::static_pointer_cast):
+        (WTF::const_pointer_cast):
+        * wtf/RefPtr.h:
+        (WTF::RefPtr::RefPtr):
+        (WTF::RefPtr::operator=):
+
+2006-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Steve.
+
+        * kjs/grammar.y: Add definitions of YYMALLOC and YYFREE to fix
+        a warning some people see (not sure why others don't see it).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Touch
+        this file to force it to re-build grammar.cpp.
+
+2006-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - made changes so the code compiles with the highest warning level
+          under MSVC (disabling some warnings, making some code fixes)
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::init):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::callAsFunction):
+        * API/JSObjectRef.cpp:
+        (JSPropertyNameArrayGetNameAtIndex):
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters):
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+        (KJS::Bindings::coerceValueToNPVariantStringType):
+        (KJS::Bindings::convertValueToNPVariant):
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::GregorianDateTime):
+        * kjs/ExecState.h:
+        (KJS::ExecState::hadException):
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::fromDouble):
+        (KJS::JSImmediate::toDouble):
+        (KJS::JSImmediate::NanAsBits):
+        (KJS::JSImmediate::oneAsBits):
+        * kjs/Parser.h:
+        * kjs/PropertyNameArray.h:
+        (KJS::PropertyNameArray::size):
+        * kjs/array_object.cpp:
+        (ArrayObjectImp::callAsFunction):
+        * kjs/bool_object.cpp:
+        (BooleanObjectImp::callAsFunction):
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::Collector::collect):
+        * kjs/completion.h:
+        (KJS::Completion::isValueCompletion):
+        * kjs/date_object.cpp:
+        (KJS::findMonth):
+        * kjs/debugger.cpp:
+        (Debugger::sourceParsed):
+        (Debugger::sourceUnused):
+        (Debugger::exception):
+        (Debugger::atStatement):
+        (Debugger::callEvent):
+        (Debugger::returnEvent):
+        * kjs/dtoa.cpp:
+        * kjs/error_object.cpp:
+        (ErrorObjectImp::callAsFunction):
+        (NativeErrorImp::callAsFunction):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::processVarDecls):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionPrototype::callAsFunction):
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        (KJS::CStringTranslator::translate):
+        (KJS::Identifier::add):
+        * kjs/internal.h:
+        * kjs/lexer.cpp:
+        (Lexer::lex):
+        (Lexer::isIdentStart):
+        (Lexer::isIdentPart):
+        (isDecimalDigit):
+        (Lexer::isHexDigit):
+        (Lexer::isOctalDigit):
+        (Lexer::matchPunctuator):
+        (Lexer::singleEscape):
+        (Lexer::convertOctal):
+        (Lexer::convertHex):
+        (Lexer::convertUnicode):
+        (Lexer::record8):
+        * kjs/lexer.h:
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction):
+        * kjs/number_object.cpp:
+        (integer_part_noexp):
+        (intPow10):
+        (NumberProtoFunc::callAsFunction):
+        (NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::deleteProperty):
+        (KJS::JSObject::callAsFunction):
+        (KJS::JSObject::toBoolean):
+        (KJS::JSObject::toObject):
+        * kjs/object.h:
+        (KJS::JSObject::getPropertySlot):
+        * kjs/property_map.cpp:
+        (KJS::isValid):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::containsGettersOrSetters):
+        * kjs/property_map.h:
+        (KJS::PropertyMap::hasGetterSetterProperties):
+        * kjs/property_slot.h:
+        * kjs/string_object.cpp:
+        (StringInstance::getPropertyNames):
+        (StringObjectImp::callAsFunction):
+        (StringObjectFuncImp::callAsFunction):
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::computeHash):
+        (KJS::UString::UString):
+        (KJS::UString::from):
+        (KJS::UString::append):
+        (KJS::UString::ascii):
+        (KJS::UString::operator=):
+        (KJS::UString::find):
+        (KJS::UString::rfind):
+        * kjs/ustring.h:
+        (KJS::UChar::high):
+        (KJS::UChar::low):
+        (KJS::UCharReference::low):
+        (KJS::UCharReference::high):
+        * kjs/value.cpp:
+        (KJS::JSValue::toUInt16):
+        * kjs/value.h:
+        * pcre/pcre_compile.c:
+        (get_othercase_range):
+        * pcre/pcre_exec.c:
+        (match):
+        * pcre/pcre_internal.h:
+        * wtf/HashFunctions.h:
+        (WTF::intHash):
+        (WTF::PtrHash::hash):
+        * wtf/MathExtras.h:
+        (isnan):
+        (lround):
+        (lroundf):
+        * wtf/StringExtras.h:
+        (strncasecmp):
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::isPrintableChar):
+
+2006-10-26  W. Andy Carrel  <wac@google.com>
+
+        Reviewed by Maciej.
+
+        - Fix http://bugs.webkit.org/show_bug.cgi?id=7445 /
+          <rdar://problem/4614195> (and 7253 / <rdar://4694011>) by changing
+          inline regexps so that they can have \u escaped Unicode sequences and
+          still work properly.
+
+        * kjs/lexer.cpp:
+        (Lexer::Lexer): 
+        (Lexer::setCode):
+        (Lexer::shift): Looking ahead one additional character for the benefit
+        of scanRegExp
+        (Lexer::scanRegExp): Change code to support unicode escapes in inline 
+        regexps.
+        * kjs/lexer.h: Extra lookahead added.
+
+=== Safari-521.29 ===
+
+2006-10-26  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Darin.
+
+        Fix build with older gcc 3.3.4.
+
+        * kjs/DateMath.cpp: Remove inline prefix.
+        (KJS::equivalentYearForDST):
+
+2006-10-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fix iteration of properties of string objects (found because of a warning
+          emitted by the MSVC compiler)
+
+        * kjs/string_object.cpp: (StringInstance::getPropertyNames): Change code that
+        wants to format a number as a string to use UString::from. Before it was using
+        the UString constructor that makes a string from a character!
+
+        * kjs/ustring.h:
+        * kjs/ustring.cpp: Remove the dangerous and not all that helpful UString(char)
+        constructor.
+
+        * kjs/grammar.y: Change code to not depend on the UString(char) constructor.
+        This is potentially more efficient anyway because we could overload the + operator
+        some day to handle char* directly instead of creating a UString.
+
+        * kjs/nodes2string.cpp: (SourceStream::operator<<): Change code to not depend on
+        the UString(char) constructor.
+
+2006-10-25  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Steve (rubber stamp).
+
+        - Link against your local build of JavaScriptCore.lib first, this fixes some errors on release builds of testkjs.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2006-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Lou.
+        
+        Removed duplicate symbol declaration.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/grammar.y:
+
+2006-10-24  Steve Falkenburg  <sfalken@apple.com>
+
+        Build config change
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2006-10-24  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Brady.
+
+        - Fixes a date formatting issue on win.  Specifically strftime cannot handle some ranges of time so we shift time call strftime and then manipulate the returned string, if needed.
+
+        * kjs/date_object.cpp:
+        (KJS::):
+        (KJS::formatLocaleDate):
+        (KJS::DateProtoFunc::callAsFunction):
+
+2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by 
+
+       - Build fix
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/grammar.y:
+
+2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Maciej.
+
+        - Makes the toTM function an operator.  Was going to piggy back on a patch but the patch needs more work.
+
+        * kjs/DateMath.cpp:
+        (KJS::equivalentYearForDST):
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::operator tm):
+        * kjs/date_object.cpp:
+        (KJS::formatTime):
+        (KJS::DateProtoFunc::callAsFunction):
+
+2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Maciej.
+
+       - Fixes two regressions on win.  Both are stack overflows. For one the number of recursions is capped at 100, and for the other, nested parenthesis pairs are not evaluated (since they would evaluate to whatever is in them anyway).
+
+        * kjs/grammar.y:
+        * kjs/object.cpp:
+
+2006-10-21  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Adam.
+        
+        Add minimal compatibility with MSVCRT leak checker
+
+        * wtf/FastMalloc.h:
+
+2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Geof.
+
+        - Sets the lowercase range correctly in the test and consolidates a variable to make the test more readable.
+
+       * tests/mozilla/ecma/String/15.5.4.11-2.js:
+
+2006-10-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=11377
+          swap(Vector, Vector) should be O(1) instead of O(n)
+
+        * wtf/Vector.h:
+        (WTF::VectorBuffer::swap): Added.
+        (WTF::Vector::swap): Added.
+        (WTF::swap): Added overload that takes two Vector objects.
+
+2006-10-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=11376
+          build scripts should invoke make with "-j" option for multiple processors
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Pass -j `sysctl -n hw.ncpu` to make.
+
+2006-10-19  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Geof.
+
+        Changed test to make us pass Georgian case changing for Unicode 4.0 and 5.0.  This incorporates changes from the 1.4 revision of the same mozilla test.
+        On Tiger we are still using Unicode 4.0 but on win and Leopard we are using Unicode 5.0, so this test currently allows for either answer.
+
+        * tests/mozilla/ecma/String/15.5.4.11-2.js:
+
+2006-10-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - remove vestiges of KXMLCore name (former name of WTF).
+
+        * wtf/Assertions.h:
+        * wtf/FastMalloc.h:
+        (operator new):
+        (operator delete):
+        (operator new[]):
+        (operator delete[]):
+        * wtf/FastMallocInternal.h:
+        * wtf/Forward.h:
+        * wtf/GetPtr.h:
+        * wtf/HashCountedSet.h:
+        * wtf/HashFunctions.h:
+        * wtf/HashMap.h:
+        * wtf/HashSet.h:
+        * wtf/HashTable.h:
+        * wtf/HashTraits.h:
+        * wtf/ListRefPtr.h:
+        * wtf/MathExtras.h:
+        * wtf/Noncopyable.h:
+        * wtf/OwnArrayPtr.h:
+        * wtf/OwnPtr.h:
+        * wtf/PassRefPtr.h:
+        * wtf/Platform.h:
+        * wtf/RefPtr.h:
+        * wtf/StringExtras.h:
+        (snprintf):
+        * wtf/UnusedParam.h:
+        * wtf/Vector.h:
+        * wtf/VectorTraits.h:
+
+2006-10-17  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Maciej.
+        
+        Adjust include paths
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-10-17  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Darin.
+
+        Fixed a date issue where the UTC offset was not set in win.
+
+        * kjs/DateMath.cpp:
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+        (KJS::msToGregorianDateTime):
+        * kjs/DateMath.h:
+        (KJS::):
+        (KJS::GregorianDateTime::GregorianDateTime):
+
+2006-10-17  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Brady.
+
+        Fixes a JavaScriptCore math issue on win.
+
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction):
+        * wtf/MathExtras.h:
+        (wtf_atan2):
+
+2006-10-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geof.
+
+        Removed unecessary global specifiers.
+
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction):
+
+2006-10-16  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by John.
+
+        Fixes a compile order issue for testkjs on win.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2006-10-15  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Anders.
+
+        Remove junk (as gcc calls it) after #else clause.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::do_free):
+
+2006-10-14  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Maciej.
+
+        Define KXMLCORE_USE_CURL for platforms that wish to use CURL as
+        networking, and set it for GDK build
+
+        * wtf/Platform.h:
+
+2006-10-13  Brett Wilson  <brettw@google.com>
+
+        Reviewed by Kevin McCullough.
+
+        Fixes http://bugs.webkit.org/show_bug.cgi?id=11283
+        Fixes Qt/Linux and Windows build
+
+        * kjs/DateMath.cpp:
+        * kjs/DateMath.h:
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction):
+
+2006-10-13  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam, Geoff, Darin.
+
+       Fixed displaying the UTC offset and time zone string, as well as renamed the GregorianDateTime structure and clean up. 
+
+        * ChangeLog:
+        * kjs/DateMath.cpp:
+        (KJS::getUTCOffset):
+        (KJS::getDSTOffsetSimple):
+        (KJS::gregorianDateTimeToMS):
+        (KJS::msToGregorianDateTime):
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::GregorianDateTime):
+        (KJS::GregorianDateTime::~GregorianDateTime):
+        (KJS::GregorianDateTime::toTM):
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+        (KJS::formatDate):
+        (KJS::formatDateUTCVariant):
+        (KJS::formatTime):
+        (KJS::fillStructuresUsingTimeArgs):
+        (KJS::fillStructuresUsingDateArgs):
+        (KJS::DateInstance::getTime):
+        (KJS::DateInstance::getUTCTime):
+        (KJS::DateProtoFunc::callAsFunction):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::parseDate):
+        * kjs/date_object.h:
+
+2006-10-13  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam.
+
+        Gets JavaScripCore tests running on windows.
+
+        * Scripts/run-javascriptcore-tests:
+        * Scripts/webkitdirs.pm:
+
+2006-10-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        Removed JSObjectMakeWithPrototype, clarified some comments. We really
+        don't want people to manage their own prototypes, so we don't want an
+        extra function in the API devoted to just that. People can still manage
+        their own prototypes if they really want by using JSObjectSetPrototype.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::createNoAutomaticPrototype):
+        (OpaqueJSClass::create):
+        * API/JSClassRef.h:
+        * API/JSObjectRef.cpp:
+        (JSClassCreate):
+        (JSObjectMake):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (main):
+        * JavaScriptCore.exp:
+
+2006-10-12  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam.
+
+        Build breakage fix
+
+        * kjs/DateMath.cpp:
+        (KJS::msToTM):
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+
+2006-10-11  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Geoff.
+
+        Added our own tm struct to have a consistent set of fields, which lets us display the DST offset and timezone strings correctly.  Also there is some code cleanup.
+
+        * kjs/DateMath.cpp:
+        (KJS::timeToMS):
+        (KJS::getUTCOffset):
+        (KJS::getDSTOffsetSimple):
+        (KJS::dateToMS):
+        (KJS::msToTM):
+        (KJS::tmToKJStm):
+        (KJS::KJStmToTm):
+        * kjs/DateMath.h:
+        * kjs/date_object.cpp: 
+        (KJS::gmtoffset): 
+        (KJS::formatTime): 
+        (KJS::DateProtoFunc::callAsFunction): 
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::parseDate):
+        * kjs/date_object.h:
+
+2006-10-09  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Geoff.
+
+        Improve gdk build compiler flags (show warning, no rtti and exceptions).
+
+        * jscore.bkl:
+
+2006-10-06  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Brady.
+
+        DST and TimeZones were wrong in some cases, specifically on some of the dates where DST changes.
+
+        * kjs/DateMath.cpp:
+        (KJS::equivalentYearForDST):
+        (KJS::getUTCOffset):
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+        (KJS::dateToMseconds):
+        (KJS::msToTM):
+        * kjs/DateMath.h:
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+
+2006-10-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin McCullough.
+
+        * wtf/Assertions.cpp: Fix build when _DEBUG is not defined.
+
+2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam.
+
+        - Removed an unnecessary assert that was stopping many pages.  tm_gmtoff was not set for UTC time in mozilla but is always set for us.
+
+        * kjs/DateMath.cpp:
+        (KJS::getUTCOffset):
+        (KJS::msToTM):
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+        (KJS::formatTime):
+
+2006-10-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Darin and me, reviewed by Maciej.
+
+        Fixed <rdar://problem/4518397> REGRESSION(?): Oft-seen but unrepro crash 
+              in JavaScript garbage collection (KJS::Collector::collect())
+               <rdar://problem/4752492> Crash in KJS::collect
+              
+        The issue here was allocating one garbage-collected object in the midst 
+        of allocating a second garbage-collected object. In such a case, the
+        zeroIfFree word lies.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+
+2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adam.
+
+        - Layout test fix
+
+        * kjs/DateMath.cpp:
+        (KJS::dateToDayInYear): accept and correctly handle negative months
+
+2006-10-05  Kevin McCullough  <KMcCullough@apple.com>
+
+       build fix
+
+        * kjs/DateMath.cpp:
+        (KJS::dateToDayInYear):
+
+2006-10-05  Mark Rowe  <bdash@webkit.org>
+
+        Reviewed by maculloch.
+
+        Gdk build fix.
+
+        * JavaScriptCoreSources.bkl: Add DateMath.cpp to file list.
+
+2006-10-05  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by aroben
+
+        - build fix
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-10-04  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Mitz.
+
+        Fix Qt/Linux build by adding DateMath.cpp to compilation.
+
+        * CMakeLists.txt: Also replace tabs with spaces.
+
+2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by DethBakin.
+
+        - Apparently the build bot uses an older version of XCode which warns about conversions and the newest version does not.  I hope this fixes the build but I cann't be sure on my system.
+
+        * kjs/DateMath.cpp:
+        (KJS::msToYear):
+        (KJS::dayInYear):
+        (KJS::dateToDayInYear):
+
+2006-10-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        * wtf/Assertions.cpp: Changed assertion formatting to omit the "======"
+        lines so you can see more assertions in less space. Also improved format
+        of file/line information so it works with more development environments.
+
+2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Tim H.
+
+        - The build machine is more sensitive about automatic conversions.  These fixes exp
+licitly cast or change the input and return types of functions to avoid conversions.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/DateMath.cpp:
+        (KJS::):
+        (KJS::msToDays):
+        (KJS::msToYear):
+        (KJS::dayInYear):
+        (KJS::monthToDayInYear):
+        (KJS::dateToDayInYear):
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+        (KJS::dateToMseconds):
+        (KJS::msToTM):
+
+2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by GGaren
+
+        - This is a big makeover for our Date implemenetation.  This solves many platform specific issues, specifically dates before 1970, and simplifies some ugly code.  The purpose of this was to get us to pass many of the JavaScriptCore tests on windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/DateMath.cpp: Added.
+        (KJS::):
+        (KJS::daysInYear):
+        (KJS::daysFrom1970ToYear):
+        (KJS::msFrom1970ToYear):
+        (KJS::msToDays):
+        (KJS::msToYear):
+        (KJS::isLeapYear):
+        (KJS::isInLeapYear):
+        (KJS::dayInYear):
+        (KJS::msToMilliseconds):
+        (KJS::msToWeekDay):
+        (KJS::msToSeconds):
+        (KJS::msToMinutes):
+        (KJS::msToHours):
+        (KJS::msToMonth):
+        (KJS::msToDayInMonth):
+        (KJS::monthToDayInYear):
+        (KJS::timeToMseconds):
+        (KJS::dateToDayInYear):
+        (KJS::equivalentYearForDST):
+        (KJS::getUTCOffset):
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+        (KJS::localTimeToUTC):
+        (KJS::UTCToLocalTime):
+        (KJS::dateToMseconds):
+        (KJS::msToTM):
+        (KJS::isDST):
+        * kjs/DateMath.h: Added.
+        (KJS::):
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+        (KJS::formatTime):
+        (KJS::DateInstance::getTime):
+        (KJS::DateInstance::getUTCTime):
+        (KJS::DateProtoFunc::callAsFunction):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::parseDate):
+        * kjs/testkjs.cpp:
+        * os-win32/stdint.h:
+
+2006-10-02  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed/landed by Adam.
+
+        Build testkjs on Qt/Linux.
+
+        * CMakeLists.txt:
+
+2006-10-02  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by eseidel.  Landed by eseidel.
+
+        Fix win32 build, which has no inttypes.h
+
+        * wtf/Assertions.h:
+
+2006-10-02  Nikolas Zimmermann <zimmermann@kde.org>
+
+        Reviewed by eseidel & mjs.  Landed by eseidel.
+
+        Fix Qt/Linux build with older gcc 3.3.4.
+        http://bugs.webkit.org/show_bug.cgi?id=11116
+ 
+        * kjs/lookup.h: Move cacheGlobalObject into KJS namespace.
+        (KJS::cacheGlobalObject): Also remove GCC_ROOT_NS_HACK.
+        * wtf/Assertions.h: Include inttypes.h for uintptr_t.
+
+2006-09-28  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Maciej.
+        
+        Use $(ConfigSuffix) set via vsprops files to add _debug
+        to end of debug filenames.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/debug.vsprops: Added.
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+        * JavaScriptCore.vcproj/release.vsprops: Added.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2006-09-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Alice.
+
+        - support for change that should fix <rdar://problem/4733044>
+          REGRESSION: XML iBench shows 10% perf. regression (copying
+          strings while decoding)
+
+        * wtf/Vector.h: Changed VectorBuffer so that the general case
+        contains an instance of the 0 case, since deriving from it
+        was violating the Liskov Substitution Principle.
+        (WTF::VectorBuffer::releaseBuffer): Added. Releases the buffer so it can
+        be adopted by another data structure that uses the FastMalloc.h allocator.
+        Returns 0 if the internal buffer was being used.
+        (WTF::Vector::releaseBuffer): Added. Releases the buffer as above or creates
+        a new one in the case where the internal buffer was being used.
+
+2006-09-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - change garbage collection to happen at increments proportional to number of live objects, not always
+        every 1000 allocations
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+
+2006-09-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mitz.
+
+        - fixed REGRESSION (r16606): javascriptCore Crash on website load
+        
+        Plus style fixes.
+        
+            - fixed some possible off-by-one bugs
+            - use indexing, not iterators, for Vectors
+            - store Vector by pointer instead of by value to avoid blowing out FunctionImp size
+        
+        * kjs/function.cpp:
+        (KJS::FunctionImp::addParameter):
+        (KJS::FunctionImp::parameterString):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::getParameterName):
+        * kjs/function.h:
+
+2006-09-27  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Maciej.
+        
+        More build tweaks
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/dstroot-to-sdk.cmd: Removed.
+
+2006-09-27  John Sullivan  <sullivan@apple.com>
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getParameterName):
+        removed assertion that displeased gcc 4.0.1 (build 5420):
+        ASSERT(static_cast<size_t>(index) == index);
+
+2006-09-27  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by GGaren.
+
+        Cleanup of previous fix which was to address Radar: 4752492
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::addParameter):
+        (KJS::FunctionImp::parameterString):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::getParameterName):
+        * kjs/function.h:
+
+2006-09-27  Kevin McCullough  <KMcCullough@apple.com>
+
+        Reviewed by Adele.
+
+        Fixes a GC stack overflow crash.
+        The change is to move from a linked list implementation of Parameters to a Vector.
+        The problem with the linked list is that each one creates it's own stack frame when being destroyed and in extreme cases this caused the stack to overflow. 
+
+        * kjs/function.cpp:
+        (KJS::Parameter::Parameter):
+        (KJS::FunctionImp::addParameter):
+        (KJS::FunctionImp::parameterString):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::getParameterName):
+        * kjs/function.h:
+
+2006-09-27  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix last path fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-09-27  Steve Falkenburg  <sfalken@apple.com>
+
+        Set path before build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-09-27  Sean Gies  <seangies@apple.com>
+
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Debug config should link to debug runtime.
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Debug config should link to debug runtime.
+
+2006-09-27  Don Melton  <gramps@apple.com>
+
+        Reviewed by Adam Roben.
+
+        Changed line ending from DOS to UNIX format so it doesn't die running
+        on my machine. ;)
+
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+
+2006-09-23  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10183
+        REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal
+        (Fanfiction.net author pages not listing stories)
+
+        Rolled out the fix for bug 4139.
+
+        * kjs/lexer.cpp:
+        (Lexer::setCode):
+        (Lexer::shift):
+        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
+        * tests/mozilla/expected.html:
+
+2006-09-22  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Alice.
+
+        * wtf/Vector.h: Add an append that takes a pointer and length.
+        Generalize the existing Vector append to work on vectors with
+        any value for inlineCapacity. Change the append algorithm so
+        it doesn't check capacity each time through the loop.
+
+2006-09-22  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix release build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-09-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Updated to include the right path.
+        * wtf/FastMalloc.h: #include Platform.h, since we use Platform macros.
+
+=== Safari-521.27 ===
+
+2006-09-20  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        * wtf/MathExtras.h:
+        Get rid of lrint.
+
+2006-09-20  Sean Gies  <seangies@apple.com>
+
+        Reviewed by Steve Falkenburg.
+
+        * wtf/Assertions.cpp: Debug messages should go into debugger console.
+
+2006-09-20  David Hyatt  <hyatt@apple.com>
+
+        Add an implementation of lrint for Win32.
+
+        Reviewed by anders
+
+        * wtf/MathExtras.h:
+        (lrint):
+
+2006-09-15  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Adam.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10864
+        Bug 10864: Linux\GDK build fixes
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2006-09-15  Adam Roben  <aroben@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+
+2006-09-15  Anders Carlsson  <acarlsson@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Fix the release build.
+
+2006-09-15  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Steve.
+
+        Add JavaScriptCore API to the build.
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackObject.cpp:
+        * API/JSClassRef.cpp:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSStringRef.cpp:
+        * API/JSValueRef.cpp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * os-win32/stdbool.h: Added.
+
+2006-09-12  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Ada.
+        
+        Build tweaks (doing JavaScriptCore now since it doesn't have
+        dependencies).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+        * JavaScriptCore.vcproj/JavaScriptCore/dstroot-to-sdk.cmd: Added.
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2006-09-11  Brady Eidson  <beidson@apple.com>
+
+        Build fix - I think Tim's last checkin wasn't tested on Tiger, possibly.  I simply
+        commented out the undefined constants until he can have a chance to make the right call
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::objcValueTypeForType): Commented out undefined symbols
+
+2006-09-11  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Tim O. and Darin.
+
+        Add support for more method signatures affecting ObjC methods called from JavaScript:
+        - Added unsigned types and long long.
+        - Allow methods that use const, oneway, bycopy and byref type modifiers.
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        * bindings/objc/objc_utility.h:
+        (KJS::Bindings::):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        (KJS::Bindings::objcValueTypeForType):
+
+2006-09-05  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Tim O.
+
+        <rdar://problem/4715840> SEL is not char*
+
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::methodsNamed): use sel_getName instead of a char* cast.
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::callAsFunction): ditto
+
+2006-09-03  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Tim H.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10693
+        Convert JavaScript arrays to AppleScript lists
+
+        * JavaScriptCore.exp: Export ArrayInstance::info and ArrayInstance::getItem().
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstance::getItem): Added a method to access array items from C++.
+
+2006-09-02  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed by Tim H.
+
+        Bug 10454: Unix bakefile fixes
+        http://bugs.webkit.org/show_bug.cgi?id=10454
+
+        * JavaScriptCoreSources.bkl:
+
+2006-09-01  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by hyatt.  Landed by eseidel.
+
+        Fix build on Linux.
+
+        * pcre/CMakeLists.txt: Add wtf/ include.
+
+2006-09-01  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed and landed by ap.
+
+        Fix build on Linux (C89 without gcc extensions enabled).
+
+        * pcre/pcre_internal.h: Use C style comments.
+        * wtf/Assertions.h: Use C style comments.
+        * wtf/Platform.h: Use C style comments.
+
+2006-09-01  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+
+2006-08-31  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+        
+        Add new portability functions to MathExtras.h and add StringExtras.h which is for
+        string portability functions.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * bindings/c/c_instance.cpp:
+        * kjs/date_object.cpp:
+        * wtf/MathExtras.h:
+        (copysign):
+        (isfinite):
+        * wtf/StringExtras.h: Added.
+        (snprintf):
+        (strncasecmp):
+
+2006-08-31  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Tim H.
+        
+        Fix Windows build.
+        
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+        * pcre/pcre_internal.h:
+
+2006-08-31  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Geoff.
+
+        Band-aid fix for PCRE to compile for ppc64 and x86_64 now that
+        we use -Wshorten-64-to-32. Adds an INT_CAST macro that ASSERTs
+        the value <= INT_MAX.
+
+        I filed <rdar://problem/4712064> to track the need to verify
+        PCRE's 64-bit compliance.
+
+        * pcre/pcre_compile.c:
+        (complete_callout):
+        (compile_branch):
+        (compile_regex):
+        (pcre_compile2):
+        * pcre/pcre_exec.c:
+        (match):
+        (pcre_exec):
+        * pcre/pcre_get.c:
+        (pcre_get_substring_list):
+        * pcre/pcre_internal.h:
+        * pcre/pcre_tables.c:
+        * pcre/pcre_try_flipped.c:
+        (_pcre_try_flipped):
+
+2006-08-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        - add WTF::getPtr, a function template that makes it possible to write
+          generic code that gets a raw pointer out of any of our pointer types
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/GetPtr.h: Added.
+        * wtf/ListRefPtr.h: (WTF::getPtr): Added.
+        * wtf/OwnArrayPtr.h: (WTF::getPtr): Added.
+        * wtf/OwnPtr.h: (WTF::getPtr): Added.
+        * wtf/PassRefPtr.h: (WTF::getPtr): Added.
+        * wtf/RefPtr.h: (WTF::getPtr): Added.
+
+2006-08-29  waylonis  <waylonis@google.com>
+
+        Reviewed, tweaked by ggaren.
+
+        - Added storage and accessor functions for ExecState as a fix for
+          http://bugs.webkit.org/show_bug.cgi?id=10114
+        
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        * kjs/context.h:
+        (KJS::Context::setExecState):
+        (KJS::Context::execState):
+
+2006-08-30  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Tim H.
+
+        Commit KDE related tweaks, to be able to
+        differentiate between a Qt-only or a KDE build.
+
+        * CMakeLists.txt: Install wtf-unity library.
+        * wtf/Platform.h: Add define for the KDE platform.
+
+2006-08-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/list.h: Use explicit in constructor (as appropriate).
+
+2006-08-24  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed, tweaked and landed by ap
+
+        http://bugs.webkit.org/show_bug.cgi?id=10467
+        WebKit should have Qt platform support (Part II)
+
+        * CMakeLists.txt: Adjust to Anders' build fixes.
+        * wtf/Platform.h: Fix define for the Qt platform (we don't use/need Cairo.)
+
+2006-08-23  David Hyatt  <hyatt@apple.com>
+
+        Fix Platform.h to include #defines for graphics features.
+
+        Reviewed by darin
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * wtf/Platform.h:
+
+2006-08-23  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        Make the bindings compile without CoreFoundation.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * bindings/c/c_instance.cpp:
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+        * bindings/npapi.h:
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        (KJS::Bindings::Instance::createLanguageInstanceForValue):
+        * bindings/runtime_root.cpp:
+        * bindings/runtime_root.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::createLanguageInstanceForValue):
+        * kjs/interpreter.h:
+
+2006-08-22  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        Move the npruntime code over to using HashMap and the runtime_root code over to using 
+        HashMap and HashCountedSet.
+        
+        * bindings/NP_jsobject.cpp:
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::identifierFromNPIdentifier):
+        * bindings/c/c_utility.h:
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::invoke):
+        * bindings/npruntime.cpp:
+        (getStringIdentifierMap):
+        (getIntIdentifierMap):
+        (_NPN_GetStringIdentifier):
+        (_NPN_GetIntIdentifier):
+        * bindings/runtime_root.cpp:
+        (getReferencesByRootMap):
+        (getReferencesSet):
+        (KJS::Bindings::findReferenceSet):
+        (KJS::Bindings::rootForImp):
+        (KJS::Bindings::rootForInterpreter):
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        (RootObject::removeAllNativeReferences):
+        * bindings/runtime_root.h:
+
+2006-08-22  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+        
+        Switch over the NPAPI and Java bindings to using HashMaps instead of dictionaries.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/c/c_class.cpp:
+        (KJS::Bindings::CClass::CClass):
+        (KJS::Bindings::CClass::~CClass):
+        (KJS::Bindings::CClass::classForIsA):
+        (KJS::Bindings::CClass::methodsNamed):
+        (KJS::Bindings::CClass::fieldNamed):
+        * bindings/c/c_class.h:
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::JavaClass):
+        (JavaClass::~JavaClass):
+        (JavaClass::methodsNamed):
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::deleteMethod):
+        (KJS::Bindings::deleteField):
+        (KJS::Bindings::):
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fieldNamed):
+        * bindings/runtime.cpp:
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::getOwnPropertySlot):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+
+2006-08-21  Vladimir Olexa  <vladimir.olexa@gmail.com>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=6252
+        JavaScript 1.6 Array.lastIndexOf
+
+        Test: fast/js/array-lastIndexOf.html
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Added a LastIndexOf case.
+        * kjs/array_object.h:
+        (KJS::ArrayProtoFunc::): Added LastIndexOf to enum.
+        * tests/mozilla/expected.html: Two more tests now pass.
+
+2006-08-20  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Maciej. Landed by rwlbuis.
+
+        Fixes parts of: http://bugs.webkit.org/show_bug.cgi?id=10463
+        WebKit should have Qt platform support
+
+        Removing obsolete QConstString/QString constructors in kjs code.
+
+        * kjs/identifier.h:
+        * kjs/ustring.h:
+
+2006-08-17  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Maciej. Landed by rwlbuis.
+
+        Fixes: http://bugs.webkit.org/show_bug.cgi?id=10463
+        WTF Changes needed for Qt platform code.
+
+        * wtf/Platform.h:
+        * wtf/unicode/UnicodeDecomposition.h: Added.
+        (WTF::Unicode::):
+        * wtf/unicode/UnicodeDirection.h: Added.
+        (WTF::Unicode::):
+        * wtf/unicode/qt4/UnicodeQt4.cpp: Added.
+        (WTF::Unicode::direction):
+        (WTF::Unicode::category):
+        (WTF::Unicode::decomposition):
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::isPrintableChar):
+        (WTF::Unicode::isSpace):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::mirroredChar):
+        (WTF::Unicode::compare):
+
+2006-08-17  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Eric. Landed by rwlbuis.
+
+        Fixes: http://bugs.webkit.org/show_bug.cgi?id=10464
+        Offer a cmake build system for Qt platform.
+
+        * CMakeLists.txt: Added.
+        * pcre/CMakeLists.txt: Added.
+
+2006-08-17  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Maciej.
+
+        * bindings/npapi.h:
+        Fix ifdef.
+
+2006-08-15  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by mjs.
+        
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * wtf/Assertions.h:
+
+2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Tim H.
+
+        Build fix:  DWARF and -gfull are incompatible with symbol separation.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Tim H.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10394
+        Bug 10394: WebKit Release and Production configurations should enable dead code stripping
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Tim H.
+
+        http://bugs.webkit.org/show_bug.cgi?id=10384
+        Bug 10384: Switch to DWARF for Release configuration
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-08-13  Maks Orlovich  <maksim@kde.org>
+
+        Reviewed (and tweaked a little) by Maciej.
+        
+        - shrank the size of JSObject by 8 bytes and made the corresponding reduction to the cell size, resulting
+        in a 1.2% speed improvement on JS iBench (and probably overall memory savings).
+
+        This was done by removing _scope and _internalValue data members
+        from JSObject and moving them only to the subclasses that actually
+        make use of them.
+        
+        * kjs/object.cpp: 
+        (KJS::JSObject::mark): No need to mark scope or internal value here.
+        * kjs/object.h:
+        (KJS::JSObject::JSObject): Don't initialize them.
+        * kjs/JSWrapperObject.cpp: Added. New base class for object types that
+        wrap primitive values (Number, String, Boolean, Date).
+        (KJS::JSWrapperObject::mark): 
+        * kjs/JSWrapperObject.h: Added.
+        (KJS::JSWrapperObject::JSWrapperObject):
+        (KJS::JSWrapperObject::internalValue):
+        (KJS::JSWrapperObject::setInternalValue):
+        * kjs/array_object.cpp:
+        (ArrayPrototype::ArrayPrototype): Don't set useless internal value.
+        * kjs/bool_object.cpp:
+        (BooleanInstance::BooleanInstance): Inherit from JSWrapperObject.
+        (BooleanProtoFunc::callAsFunction): Fixed to account for fact that not all
+        JSObjects have an internal value.
+        (BooleanObjectImp::construct): ditto.
+        * kjs/bool_object.h:
+        * kjs/collector.cpp: Lowered cell size to 48.
+        (KJS::Collector::allocate): meaningless whitespace change
+        * kjs/date_object.cpp:
+        (KJS::DateInstance::DateInstance): Inherit from JSWrapperObject.
+        (KJS::DateProtoFunc::callAsFunction): adjusted for move of internalValue
+        (KJS::DateObjectImp::construct): ditto
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        (ErrorPrototype::ErrorPrototype): don't set internal value
+        * kjs/function.cpp: move _scope and related handling here
+        (KJS::FunctionImp::mark): mark scope
+        * kjs/function.h:
+        (KJS::FunctionImp::scope): moved here from JSObject
+        (KJS::FunctionImp::setScope): ditto
+        * kjs/number_object.cpp:
+        (NumberInstance::NumberInstance): inherit from JSWrapperObject
+        (NumberProtoFunc::callAsFunction): adjusted
+        (NumberObjectImp::construct): adjusted
+        * kjs/number_object.h: shring RegExp-related objects a little
+        * kjs/regexp_object.cpp:
+        (RegExpPrototype::RegExpPrototype): Adjust for size tweaks
+        (RegExpObjectImp::RegExpObjectImp): ditto
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (StringInstance::StringInstance): inherit from JSWrapperObject
+        (StringProtoFunc::callAsFunction): adjusted
+        * kjs/string_object.h:
+        * JavaScriptCore.exp: Exported new methods as needed.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files to build.
+
+2006-08-04  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Geoff's rubber stamp
+
+        Fix a build break on Intel hardware causes by adapting stricter
+        compiler warnings (-Wshorten-64-to-32)
+
+        * API/testapi.c:
+        (assertEqualsAsNumber): manually cast some doubles to floats
+        (main): ditto
+
+2006-08-04  Sam Weinig  <sam.weinig@gmail.com>
+
+        Reviewed by Darin.
+
+        - patch for http://bugs.webkit.org/show_bug.cgi?id=10192
+          Make WebCore (and friends) compile with -Wshorten-64-to-32
+
+          * Adds -Wshorten-64-to-32 flag to Xcode project.
+          * Adds explicit casts where OK.
+
+        * API/JSNodeList.c:
+        (JSNodeList_item):
+        (JSNodeList_getProperty):
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-08-04  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Anders.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Convert
+        spaces to tabs
+
+2006-08-03  Sam Weinig  <sam.weinig@gmail.com>
+
+        Reviewed by Darin.
+
+        - patch for http://bugs.webkit.org/show_bug.cgi?id=10176
+          Make WebCore compile with -Wundef
+
+          * Adds -Wundef flag to Xcode project
+          * Converts #ifs to #ifdef and #ifndefs where needed.
+          * Added #define YYMAXDEPTH 10000 in kjs/grammar.y
+            to fix a warning from within Bison.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::getSlot):
+        (JavaJSObject::setSlot):
+        * bindings/npapi.h:
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fieldNamed):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcMethod::getMethodSignature):
+        (ObjcField::name):
+        (ObjcField::type):
+        * kjs/grammar.y:
+        * kjs/identifier.h:
+
+2006-08-03  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by John Sullivan.
+
+       * wtf/HashSet.h:
+        (WTF::::operator):
+        Return *this in operator=
+
+2006-08-03  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Anders.
+
+        - Fixed Windows build
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * wtf/MathExtras.h: Implement inline versions of these functions
+        (nextafter):
+        (nextafterf):
+
+2006-08-02  Adam Roben  <aroben@apple.com>
+
+        Reviewed by Darin.
+
+        - Fixed build
+
+        * kjs/date_object.cpp:
+        (KJS::formatTime):
+
+2006-07-29  Darin Adler  <darin@apple.com>
+
+        - Removed tabs from these source files that still had them.
+          We don't use them; that way source files look fine in editors
+          that have tabs set to 8 spaces or to 4 spaces.
+        - Removed allow-tabs Subversion property from the files too.
+
+        * bindings/NP_jsobject.cpp:
+        * bindings/c/c_utility.cpp:
+        * bindings/jni/jni_runtime.cpp:
+        * bindings/jni/jni_utility.cpp:
+        * bindings/objc/objc_utility.mm:
+        * bindings/runtime.cpp:
+        * bindings/runtime_method.cpp:
+        * bindings/testbindings.cpp:
+        * bindings/testbindings.mm:
+        * kjs/date_object.cpp:
+        * kjs/function.cpp:
+        * kjs/list.cpp:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/string_object.cpp:
+        * kjs/ustring.cpp:
+
+2006-07-29  Darin Adler  <darin@apple.com>
+
+        * tests/mozilla/expected.html: Update test results now that regress-185165.js
+        is succeeding. I suspect Anders fix for bug 4620655 is the reason.
+
+2006-07-29  Sam Weinig  <sam.weinig@gmail.com>
+
+        Reviewed by Darin.
+
+        - patch for http://bugs.webkit.org/show_bug.cgi?id=10080
+          Adopt pedantic changes from the Unity project to improve 
+          cross-compiler compatibility
+
+          Changes include:
+          * Removing trailing semicolon from namespace braces.
+          * Removing trailing comma from last enum declaration.
+          * Updating to match style guidelines.
+          * Adding missing newline to the end of the file.
+          * Turning on gcc warning for missing newline at the end of a source file
+            (GCC_WARN_ABOUT_MISSING_NEWLINE in Xcode, -Wnewline in gcc).
+          * Alphabetical sorting of Xcode source list files. 
+          * Replace use of non-portable variable-size array with Vector.
+          * Use C-style comments instead of C++ comments in files that might
+            be included by either C or C++ files.
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::callAsFunction):
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCorePrefix.h:
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        (JavaInstance::valueOf):
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaParameter::JavaParameter):
+        (JavaArray::JavaArray):
+        * bindings/jni/jni_runtime.h:
+        * bindings/jni/jni_utility.h:
+        * bindings/objc/objc_instance.h:
+        * bindings/runtime_array.h:
+        * kjs/collector.h:
+        * kjs/config.h:
+        * kjs/ustring.cpp:
+        * wtf/Platform.h:
+
+2006-07-29  Mike Emmel  <mike.emmel@gmail.com>
+
+        Reviewed by Darin.
+
+        - fixes for Linux build
+
+        * JavaScriptCoreSources.bkl: Added new files to build, kjs/PropertyNameArray.cpp
+        and kjs/testkjs.cpp, and removed old files.
+
+2006-07-24  Dan Waylonis  <waylonis@google.com>
+
+        Reviewed and tweaked a bit by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=9902
+          jsNull and NSNull not properly converted between JS and ObjC
+
+        * bindings/objc/objc_utility.mm: (KJS::Bindings::convertObjcValueToValue):
+        Added case for converting NSNull to jsNull.
+
+2006-07-24  Rob Buis  <buis@kde.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=4258
+        Date().toString() only includes GMT offset, not timezone string
+
+        Use the info in tm_zone to append timezone abbreviation
+        to Date().toString().
+
+        * kjs/date_object.cpp:
+        (KJS::formatTime):
+
+2006-07-24  Rob Buis  <buis@kde.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=5257
+        setYear() does not match FireFox/IE behavior
+
+        Make sure the right values end up in tm_year.
+
+        * kjs/date_object.cpp:
+        (KJS::formatTime):
+
+2006-07-23  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Maciej.
+
+        Bug 9686: [Drosera] Need the ability to break into Drosera on Javascript exceptions
+        http://bugs.webkit.org/show_bug.cgi?id=9686
+
+        JavaScriptCore portion of the fix.
+
+        * JavaScriptCore.exp: Update symbol for change in argument type.
+        * kjs/debugger.cpp:
+        (Debugger::detach): Clear map of recent exceptions.
+        (Debugger::hasHandledException): Track the most recent exception
+        thrown by an interpreter.
+        (Debugger::exception): Change exception argument to a JSValue.
+        * kjs/debugger.h:
+        * kjs/nodes.cpp:
+        (Node::debugExceptionIfNeeded): Notify the debugger of an exception
+        if it hasn't seen it before.
+        (ThrowNode::execute): Notify the debugger that an exception is being thrown.
+        * kjs/nodes.h:
+
+    2006-07-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Eric Albert, reviewed by Darin and me.
+        
+        - Fixed <rdar://problem/4645931> JavaScriptCore stack-scanning code 
+        crashes (Collector::markStackObjectsConservatively)
+        
+        * bindings/jni/jni_jsobject.cpp: On 64bit systems, jint is a long, not an
+        int.
+        (JavaJSObject::getSlot):
+        (JavaJSObject::setSlot):
+        * kjs/collector.cpp:
+        (KJS::Collector::markCurrentThreadConservatively): Use a pointer instead of
+        an int as 'dummy,' because on LP64 systems, an int is not pointer-aligned,
+        and we want to scan the stack for pointers.
+        * JavaScriptCore.xcodeproj/project.pbxproj: After a tense cease-fire, the 
+        XCode war has started up again!
+
+=== Safari-521.20 ===
+
+2006-07-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4507265> REGRESSION: overlays don't work on HousingMaps.com (Google Maps-based site)
+
+        - Added support for strings that masquerade as undefined. Currently used
+        by WebCore to implement undetectable style.filter.
+        
+        The name is a little long, but it's only used in one line of code, so I
+        thought clarity should win over brevity.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/object.h:
+        * kjs/string_object.h:
+        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
+        (KJS::StringInstanceThatMasqueradesAsUndefined::masqueradeAsUndefined):
+        (KJS::StringInstanceThatMasqueradesAsUndefined::toBoolean):
+
+=== Safari-521.19 ===
+
+2006-07-20  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix the build
+
+        * kjs/function.cpp:
+        (KJS::escapeStringForPrettyPrinting):
+
+2006-07-19  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4620655> REGRESSION(10.4.7-10.5): preview button for a blogger.com post doesn't work
+        
+        * kjs/nodes2string.cpp:
+        (StringNode::streamTo):
+        Return the escaped string.
+        
+        (RegExpNode::streamTo):
+        Use the correct syntax.
+        
+        * kjs/function.cpp:
+        (KJS::escapeStringForPrettyPrinting):
+        * kjs/function.h:
+        Add escape function which escapes a string for pretty-printing so it can be parsed again.
+        
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::isPrintableChar):
+        New function.
+
+2006-07-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adele Peterson.
+        
+        <rdar://problem/4589530> REGRESSION: null character in JS string causes parse error (works in Tiger and in other browsers)
+
+        * kjs/lexer.cpp:
+        (Lexer::shift):
+        (Lexer::lex):
+        (Lexer::record16):
+        (Lexer::scanRegExp):
+        * kjs/lexer.h:
+
+2006-07-18  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        Removed a misleading comment; we recently added support for the NPNVPluginElementNPObject
+        variable.
+
+        * bindings/npapi.h:
+
+=== Safari-521.18 ===
+
+2006-07-18  Timothy Hatcher  <timothy@apple.com>
+
+        Made the following headers public:
+
+        * JavaScriptCore.h
+        * JSBase.h
+        * JSContextRef.h
+        * JSObjectRef.h
+        * JSStringRef.h
+        * JSValueRef.h
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Added automatic prototype creation for classes.
+        
+        A class stores a weak reference to a prototype, which is cleared when
+        the prototype is garbage collected, to avoid a reference cycle.
+        
+        We now have an attributes field in JSClassDefinition, that currently is
+        used only to override automatic prototype creation when you want to manage your
+        own prototypes, but can be extended in the future for other nefarious purposes.
+        
+        Similarly, we have JSObjectMake and JSObjectMakeWithPrototype, the latter
+        allowing you to manage your own prototypes.
+        
+        JSObjectMakeConstructor is more interesting now, able to make a constructor
+        on your behalf if you just give it a class.
+        
+        - Removed bogus old code from minidom.js.
+        
+        - Tweaked the headerdocs.
+        
+        - Added more GC testing, which caught some leaks, and tested more funny 
+        edge cases in lookup, which caught a lookup bug. Removed some testing 
+        we used to do with MyObject because it was redundant with the new, cool 
+        stuff.
+        
+        While fixing the lookup bug I retracted this change:
+        
+            "If a static setProperty callback returns 'false', to indicate that the
+            property was not set, we no longer forward the set request up the class
+            chain, because that's almost certainly not what the programmer expected."
+
+        Returning false when setting a static property is a little silly, but you can see
+        it being useful when shadowing a base class's static properties, and, regardless
+        of usefullness, this is the defined behavior of the setProperty callback.
+        
+        - Plus a little ASCII art, for the kids.
+
+2006-07-17  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/4634874> WebScriptObject and WebUndefined are no longer defined by WebKit
+
+        Moves WebScriptObject and WebUndefined up to WebCore.
+        This change does create an upwards-dependancy on WebScriptObject existing
+        in the loaded process, but this code path in JavaScriptCore does not get used
+        unless it is through WebKit/WebCore. Moving all of the binding code out of
+        JavaScriptCore might make sense in the future.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/objc/WebScriptObject.h: Replaced.
+        * bindings/objc/WebScriptObject.mm: Removed.
+        * bindings/objc/WebScriptObjectPrivate.h: Removed.
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::~ObjcInstance):
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (convertValueToObjcObject):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        (KJS::Bindings::createObjcInstanceForValue):
+
+2006-07-17  Darin Adler  <darin@apple.com>
+
+        * API/JSBase.h: Fix comment formatting where things used to be lined up but
+        are now ragged. Got rid of spaces that attempted to line things up.
+        * API/JSObjectRef.h: Ditto. Also add missing periods for a couple of comments.
+
+2006-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Removed the exception parameter from the initialize callback and, by extension,
+        JSObjectMake. We have never had a need for exceptions when iniitializing,
+        so the parameter seemed likely to "get in the way." 
+        
+        Also, an exception in JavaScript is thrown in response to input -- 
+        "invalid URL", "index not a number", etc., so it's the job of the 
+        constructor function, not the initialize method, to throw.
+        
+        If initialize *really* wants to throw, it can communicate the throw to
+        the constructor through the constructed object's private data (e.g., set
+        it to NULL, signaling to the consntructor that initialization failed.)
+        
+        - Added JSObjectMakeWithData, which enables a constructor to set private
+        data on an object *before* it has been initialized. That way, the initialize
+        methods can properly operate on the data. 
+
+        * API/JSNode.c: Moved ref into the initialize method, for better encapsulation,
+        now that it's possible.
+        * API/JSNodeList.c: ditto
+        * API/minidom.c:
+        (main): Do more aggressive garbage collection to test ref/deref and 
+        initialize/finalize.
+        * API/minidom.js: store childNodes in a temporary so it doesn't get re-created
+        like a thousand times. This makes debugging ref/deref easier
+
+2006-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Changed the initialize callback to run from least derived class (parent
+        class) to most derived class. This enables C++ style initialization,
+        and derived class overriding of member data.
+        
+        - Added excpetion propopgation to JSObjectMake, to support initialize
+        exceptions, and generally round out our policy of making function
+        signatures as long as possible.
+
+        * API/JSCallbackObject.h: Use ExecState instead of ContextRef, cuz we're
+        in C++ land now.
+
+2006-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Changed JSObjectMakeConstructor to JSObjectMakeConstructorWithCallback,
+        to match JSObjectMakeFunctionWithCallback.
+        
+        - Added prototype parameter, so the generated constructor
+        automatically works with hasInstance / instanceof
+        
+        - Moved hasInstance implementation from InternalFunctionImp to JSObject
+        so that subclasses can inherit it without inheriting function-related baggage.
+        More refactoring here would be good, but this seems like a good short-term
+        solution.
+
+        (KJS::JSCallbackFunction::implementsHasInstance): override and return false,
+        because callback functions aren't constructors.
+
+2006-07-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - add a JSContextRef parameter to all JSValueRef, JSObjectRef, and JSContextRef operations;
+        except JSObject{Get,Set}PrivateData which can be assumed to be simple pure accessors.
+        
+        Also renamed the parameter "context" to "ctx" because it makes the code read better with this pervasive
+        but usually uninteresting parameter.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        (JSGarbageCollect):
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::JSCallbackObject):
+        (KJS::JSCallbackObject::init):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate):
+        (JSGlobalContextRetain):
+        (JSGlobalContextRelease):
+        (JSContextGetGlobalObject):
+        * API/JSContextRef.h:
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNodePrototype_removeChild):
+        (JSNodePrototype_replaceChild):
+        (JSNode_getNodeType):
+        (JSNode_getFirstChild):
+        (JSNode_prototype):
+        * API/JSNodeList.c:
+        (JSNodeListPrototype_item):
+        (JSNodeList_length):
+        (JSNodeList_getProperty):
+        (JSNodeList_prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        (JSObjectGetPrototype):
+        (JSObjectSetPrototype):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectIsFunction):
+        (JSObjectCallAsFunction):
+        (JSObjectIsConstructor):
+        (JSObjectCallAsConstructor):
+        (JSObjectCopyPropertyNames):
+        * API/JSObjectRef.h:
+        * API/JSStringRef.cpp:
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeUndefined):
+        (JSValueMakeNull):
+        (JSValueMakeBoolean):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * API/JSValueRef.h:
+        * API/minidom.c:
+        (print):
+        * API/testapi.c:
+        (MyObject_getProperty):
+        (MyObject_deleteProperty):
+        (MyObject_callAsFunction):
+        (MyObject_callAsConstructor):
+        (MyObject_convertToType):
+        (print_callAsFunction):
+        (main):
+
+2006-07-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Approved by Maciej, RS by Beth.
+        
+        JSObjectMakeFunction -> JSObjectMakeFunctionWithCallback
+        JSObjectMakeFunctionWithBody -> JSObjectMakeFunction
+        
+        because the latter is more common, and more fundamental, than the former.
+
+        * API/APICast.h:
+        (toJS):
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::getPropertyNames):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        (OpaqueJSClass::~OpaqueJSClass):
+        * API/JSClassRef.h:
+        * API/JSObjectRef.cpp:
+        (JSClassCreate):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeFunction):
+        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
+        (JSObjectCopyPropertyNames):
+        * API/JSObjectRef.h:
+        * API/minidom.c:
+        (main):
+        * API/testapi.c:
+        (main):
+        * ChangeLog:
+        * JavaScriptCore.exp:
+
+2006-07-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Laughed at by Beth.
+        
+        Replace __JS with OpaqueJS because the former, while used by CF, is
+        a prefix that's triply-reserved by the compiler. (_* is reserved in global 
+        names, _[A-Z] is reserved in all names, and __ is reserved in all names 
+        in C++.)
+        
+        Opaque is an alternative used by other Mac OS X framewokrs.
+
+        * API/APICast.h:
+        (toJS):
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::getPropertyNames):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        (OpaqueJSClass::~OpaqueJSClass):
+        * API/JSClassRef.h:
+        * API/JSObjectRef.cpp:
+        (JSClassCreate):
+        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
+        (JSObjectCopyPropertyNames):
+
+2006-07-16  Darin Adler  <darin@apple.com>
+
+        - try to fix Windows build
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Added some recently added files, removed some recently removed.
+
+2006-07-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Change getProperty* to return undefined, rather than NULL, for missing
+        properties, since that's what the spec says. Also added exception out
+        parameters to the *Index functions, because they can call through to the
+        regular functions, which can throw for custom objects.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectGetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (main):
+
+2006-07-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Properly document and handle NULL callbacks for static properties. We
+        throw an exception in any case other than a ReadOnly property with a NULL
+        setProperty callback, because a NULL callback almost certainly indicates 
+        a programming error. Also throw an exception if hasProperty returns true
+        for a property that getProperty can't get.
+        
+        - If a static setProperty callback returns 'false', to indicate that the
+        property was not set, we no longer forward the set request up the class
+        chain, because that's almost certainly not what the programmer expected.
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSObjectRef.h:
+        * API/minidom.js:
+        * API/testapi.c:
+        (MyObject_hasProperty):
+        * API/testapi.js:
+
+2006-07-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Added names to functions.
+        
+        - Removed GetPrivate/SetPrivate from callbackFunctions and callbackConstructors.
+        The private data idiom is that a JS object stores its native implementation
+        as private data. For functions and constructors, the native implementation is nothing
+        more than the callback they already store, so supporting private data, too,
+        confuses the idiom. If you *really* want, you can still create a custom 
+        function with private data.
+
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::JSCallbackFunction):
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectMakeFunctionWithBody):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        * API/JSObjectRef.h:
+        * API/minidom.c:
+        (main):
+        * API/testapi.c:
+        (main):
+
+2006-07-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - switch property lists to be vector+set of Identifiers instead of list of References
+        
+        This has the following benefits:
+        
+        - no duplicates in property lists
+        - simplifies API calls
+        - probably more efficient, since linked list is gone
+        - entirely removed Reference, ReferenceList and ProtectedReference types from the API
+
+        * kjs/PropertyNameArray.cpp: Added.
+        (KJS::PropertyNameArray::add): Check set, if not already there, add to
+        vector.
+        * kjs/PropertyNameArray.h: Added.
+        (KJS::PropertyNameArray::PropertyNameArray): Newly added type, combines
+        a set and a vector to make a unique but ordered list of identifiers.
+        (KJS::PropertyNameArray::begin): ditto
+        (KJS::PropertyNameArray::end): ditto
+        (KJS::PropertyNameArray::size): ditto
+        (KJS::PropertyNameArray::operator[]): ditto
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstance::getPropertyNames): renamed from getPropertyList, updated
+        for PropertyNameArray
+        (ArrayInstance::setLength): updated for PropertyNameArray
+        (ArrayInstance::pushUndefinedObjectsToEnd): ditto
+        * kjs/nodes.cpp:
+        (ForInNode::execute): updated for PropertyNameArray
+        * kjs/nodes.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::getPropertyNames): renamed from getPropertyList, updated
+        for PropertyNameArray
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getEnumerablePropertyNames): updated for PropertyNameArray
+        (KJS::PropertyMap::getSparseArrayPropertyNames): ditto
+        * kjs/property_map.h:
+        * kjs/protected_reference.h: Removed.
+        * kjs/reference.cpp: Removed.
+        * kjs/reference.h: Removed.
+        * kjs/reference_list.cpp: Removed.
+        * kjs/reference_list.h: Removed.
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::print): Use PropertyNamesArray instead of ReferenceList.
+        * kjs/string_object.cpp:
+        (StringInstance::getPropertyNames): Updated for new approach.
+        * kjs/string_object.h:
+        * kjs/ustring.h:
+        * API/APICast.h:
+        (toJS): Added overload for PropertyNameAccumulatorRef / PropertyNameArray*
+        (toRef): ditto
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getPropertyNames): Fixed for new API.
+        * API/JSCallbackObject.h:
+        * API/JSObjectRef.cpp:
+        (__JSPropertyNameArray::__JSPropertyNameArray): Type used for a publicly vended
+        JSPropertyNameArrayRef.
+        (JSObjectCopyPropertyNames): New API call - renamed / refactored from 
+        JSObjectCreatePropertyList
+        (JSPropertyNameArrayRetain): new retain call for JSPropertyNameArray.
+        (JSPropertyNameArrayRelease): new release call for - " -.
+        (JSPropertyNameArrayGetCount): Instead of having to use a stateful enumerator you
+        can now get the count and items in any order.
+        (JSPropertyNameArrayGetNameAtIndex): See above.
+        (JSPropertyNameAccumulatorAddName): What you add properties to is now an opaque 
+        accumulator object.
+        * API/JSObjectRef.h: Prototyped new functions, removed old ones
+        * JavaScriptCore.exp: Updated exported symbols.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files, removed old.
+        * API/testapi.c:
+        (MyObject_getPropertyNames): Renamed / fixed callback to fit new paradigm.
+        (main): Updated for new API.
+
+2006-07-15  Darin Adler  <darin@apple.com>
+
+        - oops, missed a few more arrays that had to be const
+
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild): Added const.
+        (JSNodePrototype_removeChild): Ditto.
+        (JSNodePrototype_replaceChild): Ditto.
+        (JSNode_construct): Ditto.
+        * API/JSNodeList.c:
+        (JSNodeListPrototype_item): Ditto.
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunctionWithBody): Ditto.
+        (JSObjectCallAsFunction): Ditto.
+        (JSObjectCallAsConstructor): Ditto.
+        * API/minidom.c:
+        (print): Ditto.
+        * API/testapi.c:
+        (MyObject_callAsFunction): Ditto.
+        (MyObject_callAsConstructor): Ditto.
+        (print_callAsFunction): Ditto.
+        (myConstructor_callAsConstructor): Ditto.
+
+2006-07-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * API/JSNode.h: Made an array parameter const.
+        * API/JSObjectRef.h: Made array parameters const. Fixed a comment.
+
+2006-07-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - JSObjectMakeFunctionWithBody includes a function name and named parameters now.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunctionWithBody):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (assertEqualsAsUTF8String): More informative failure reporting.
+        (main): Test more function cases.
+
+2006-07-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        - Moved the arguments passed to JSClassCreate into a single structure,
+        called JSClassDefinition. This will enable easier structure 
+        migration/versioning in the future, if necessary.
+        
+        - Added support for class names.
+        
+        - kJSClassDefinitionNull replaces kJSObjectCallbacksNone.
+        
+        - JSClass is becoming a fairly complex struct, so I migrated all of its
+        implementation other than reference counting to the sruct.
+        
+        - Also moved JSClass* functions in the API to JSObjectRef.cpp, since they're
+        declared in JSObjectRef.h
+        
+        - Also added some more informative explanation to the class structure doc.
+        
+2006-07-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=8395
+          <rdar://problem/4613467>
+          REGRESSION: RegEx seems broken for hex escaped non breaking space
+
+        Test: fast/js/regexp-extended-characters-more.html
+
+        * pcre/pcre_exec.c:
+        (match): Got rid of utf16Length local variable to guarantee there's no
+        extra stack usage in recursive calls. Fixed two places in the PCRE_UTF16
+        code that were using the length variable, which is the UTF-8 length of
+        a character in the pattern, to move in the UTF-16 subject string. Instead
+        they hardcode lengths of 1 and 2 since the code already handles BMP
+        characters and surrogate pairs separately. Also fixed some DPRINTF so
+        I could compile with DEBUG on.
+        (pcre_exec): Changed a place that was checking for multibyte characters
+        in the subject string to use ISMIDCHAR. Instead it was using hardcoded
+        logic that was right for UTF-8 but wrong for UTF-16.
+
+        * pcre/pcre_compile.c: (pcre_compile2): Fixed a DPRINTF so I could compile
+        with DEBUG on.
+
+2006-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Maciej.
+        
+        Global replace in the API of argc/argv with argumentCount/arguments.
+
+2006-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Finalized exception handling in the API.
+        
+        setProperty can throw because it throws for built-in arrays. getProperty
+        and deleteProperty can throw because setProperty can throw and we want
+        to be consistent, and also because they seem like "actions." callAsFunction,
+        callAsConstructor, and hasInstance can throw, because they caan throw for
+        all built-ins.
+        
+        toBoolean can't throw because it's defined that way in the spec.
+        
+        - Documented that toBoolean and toObject can't be overridden by custom 
+        objects because they're defined that way in the spec.
+
+=== Safari-521.17 ===
+
+2006-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Implemented ref-counting of JSContexts by splitting into two datatypes:
+        JSGlobalContext, which you can create/retain/release, and JSContext, which
+        you can't.
+        
+        Internally, you retain a JSGlobalContext/ExecState by retaining its
+        interpreter, which, in the case of a global ExecState, owns it.
+        
+        - Also made ~Interpreter() protected to catch places where Interpreter
+        is manually deleted. (Can't make it private because some crazy fool
+        decided it would be a good idea to subclass Interpreter in other frameworks.
+        I pity da fool.)
+
+        * API/APICast.h: 
+        (toJS): Added cast for new JSGlobalContext
+        * API/JSStringRef.h: Changed vague "you must" language to more specific
+        (but, ultimately, equally vague) "behavior is undefined if you don't" 
+        language.
+        (KJS::Interpreter::Interpreter): Factored more common initialization into
+        init()
+        * kjs/interpreter.h:
+        (KJS::Interpreter::ref): new
+        (KJS::Interpreter::deref): new
+        (KJS::Interpreter::refCount): new
+        * kjs/testkjs.cpp: 
+        (doIt): Ref-count the interpreter.
+
+2006-07-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - removed bool return value from JSObjectSetProperty, since it is inefficient and
+        also doesn't work quite right
+        - added JSObjectGetPropertyAtIndex and JSObjectSetPropertyAtIndex
+
+        * API/JSObjectRef.cpp:
+        (JSObjectSetProperty): Removed return value and canPut stuff.
+        (JSObjectGetPropertyAtIndex): Added.
+        (JSObjectSetPropertyAtIndex): Added.
+        * API/JSObjectRef.h: Prototyped and documented new functions.
+
+2006-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth.
+        
+        Moved JSCheckScriptSyntax, JSEvaluateScript, and JSGarbageCollect into
+        JSBase.h/.cpp. They don't belong in the value-specific or context-specific 
+        files because they're not part of the value or context implementations.
+
+        * API/JSBase.h:
+        * API/JSContextRef.cpp:
+        (JSContextGetGlobalObject):
+        * API/JSContextRef.h:
+        * API/JSValueRef.cpp:
+        (JSValueUnprotect):
+        * API/JSValueRef.h:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-13  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Maciej.
+
+        Moved JavaScriptCore to be a public framework.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-13  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed by Geoffrey.
+
+        http://bugs.webkit.org/show_bug.cgi?id=9742
+        Bug 9742: REGRESSION: WebKit hangs when loading <http://www.vtbook.com>
+
+        * kjs/value.h:
+        (KJS::JSValue::getUInt32): Only types tagged as numeric can be converted to UInt32.
+
+2006-07-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Pleasing to Maciej.
+        
+        - Renamed JSEvaluate -> JSEvaluateScript, JSCheckSyntax -> JSCheckScriptSyntax
+        - Added exception out parameters to JSValueTo* and JSValueIsEqual because
+        they can throw
+        - Removed JSObjectGetDescription because it's useless and vague, and 
+        JSValueToString/JSValueIsObjectOfClass do a better job, anyway
+        - Clarified comments about "IsFunction/Constructor" to indicate that they
+        are true of all functions/constructors, not just those created by JSObjectMake*
+
+2006-07-12  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Beth.
+        
+        Finished previously approved JSInternalString -> JSString conversion 
+        by renaming the files.
+
+        * API/JSCallbackObject.cpp:
+        * API/JSInternalStringRef.cpp: Removed.
+        * API/JSInternalStringRef.h: Removed.
+        * API/JSStringRef.cpp: Added.
+        * API/JSStringRef.h: Added.
+        * API/JavaScriptCore.h:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Removed context and exception parameters from JSObjectGetPropertyEnumerator,
+        removing the spurious use of ExecState inside JavaScriptCore that made
+        us think this was necessary in the first place.
+
+        (StringInstance::getPropertyList): Use getString instead of toString because
+        we know we're dealing with a string -- we put it there in the first place.
+        While we're at it, store the string's size instead of retrieving it each time 
+        through the loop, to avoid the unnecessary killing of puppies.
+        * kjs/string_object.h:
+
+2006-07-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - add handling of hasInstance callback for API objects
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::implementsHasInstance): Check if callback is present.
+        (KJS::JSCallbackObject::hasInstance): Invoke appropriate callback.
+        * API/JSCallbackObject.h:
+        * API/JSClassRef.cpp:
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (MyObject_hasInstance): Test case; should match what construct would do.
+        * API/testapi.js:
+
+2006-07-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Implemented a vast number of renames and comment clarifications 
+        suggested during API review.
+        
+        JSInternalString -> JSString
+        JS*Make -> JSValueMake*, JSObjectMake*
+        JSTypeCode -> JSType
+        JSValueIsInstanceOf -> JSValueIsInstanceOfConstructor (reads strangely well in client code)
+        JSGC*Protect -> JSValue*Protect
+        JS*Callback -> JSObject*Callback
+        JSGetPropertyListCallback -> JSObjectAddPropertiesToListCallback
+        JSPropertyEnumeratorGetNext -> JSPropertyEnumeratorGetNextName
+        JSString* -> 
+            JSStringCreateWithUTF8CString, JSStringGetUTF8CString,
+            JSStringGetMaximumUTF8CStringSize JSStringIsEqualToUTF8CString, 
+            JSStringCreateWithCFString, JSStringCopyCFString, JSStringCreateWithCharacters.
+        
+        - Changed functions taking a JSValue out arg and returning a bool indicating
+        whether it was set to simply return a JSValue or NULL.
+        
+        - Removed JSStringGetCharacters because it's more documentation than code,
+        and it's just a glorified memcpy built on existing API functionality.
+        
+        - Moved standard library includes into the headers that actually require them.
+        
+        - Standardized use of the phrase "Create Rule."
+        
+        - Removed JSLock from make functions that don't allocate.
+        
+        - Added exception handling to JSValueToBoolean, since we now allow
+        callback objects to throw exceptions upon converting to boolean.
+        
+        - Renamed JSGCCollect to JSGarbageCollect.
+
+2006-07-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+        
+        - Changed public header includes to the <JavaScriptCore/ style.
+        - Changed instances of 'buffer' to 'string' since we decided on
+        JSInternalString instead of JSStringBuffer.
+
+        * API/JSContextRef.h:
+        * API/JSInternalStringRef.cpp:
+        (JSStringMake):
+        (JSInternalStringRetain):
+        (JSInternalStringRelease):
+        (JSValueCopyStringValue):
+        (JSInternalStringGetLength):
+        (JSInternalStringGetCharactersPtr):
+        (JSInternalStringGetCharacters):
+        (JSInternalStringGetMaxLengthUTF8):
+        (JSInternalStringGetCharactersUTF8):
+        (CFStringCreateWithJSInternalString):
+        * API/JSInternalStringRef.h:
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNode_getNodeType):
+        * API/JSObjectRef.cpp:
+        (JSObjectCallAsConstructor):
+        * API/JSValueRef.h:
+        * API/JavaScriptCore.h:
+        * API/minidom.c:
+        (main):
+        (print):
+        * API/testapi.c:
+        (MyObject_getPropertyList):
+        (myConstructor_callAsConstructor):
+        (main): I noticed that we were prematurely releasing some string buffers,
+        so I moved their release calls to the end of main(). I got rid of 'Buf' in *Buf
+        (sometimes changing to 'IString', when necessary to differentiate a variable) 
+        to match the buffer->string change.
+
+=== Safari-521.16 ===
+
+2006-07-10  Darin Adler  <darin@apple.com>
+
+        * kjs/value.cpp: (KJS::JSValue::toInt32Inline): Added inline keyword one more place.
+        Just in case.
+
+2006-07-10  Darin Adler  <darin@apple.com>
+
+        - fix the release build
+
+        * kjs/value.h:
+        * kjs/value.cpp:
+        (KJS::JSValue::toInt32Inline): Move the code here to an inline.
+        (KJS::JSValue::toInt32): Call the inline from both overloaded toInt32 functions.
+
+2006-07-10  David Kilzer  <ddkilzer@kilzer.net>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=9179
+          Implement select.options.add() method
+
+        * JavaScriptCore.exp: Added overloaded KJS::JSValue::toInt32() method.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Altered attributes metadata for
+        kjs/value.h to make it available as a forwarded header.
+        * kjs/lookup.h:
+        (KJS::lookupPut): Extracted a lookupPut() method from the existing lookupPut() method.
+        The new method returns a boolean value if no entry is found in the lookup table.
+        * kjs/value.cpp:
+        (KJS::JSValue::toInt32): Overloaded toInt32() method with boolean "Ok" argument.
+        * kjs/value.h: Ditto.
+
+2006-07-10  Geoffrey Garen  <ggaren@apple.com>
+
+        No review necessary. Removed bogus file I accidentally checked in before.
+
+        * API/JSInternalSringRef.h: Removed.
+
+2006-07-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+        
+        Added exception out parameter to API object callbacks, removed semi-bogus
+        JSContext(.*)Exception functions.
+        
+        To make these calls syntactically simple, I added an exceptionSlot()
+        method to the ExecState class, which provides a JSValue** slot in which to 
+        store a JSValue* exception.
+
+        * API/APICast.h:
+        (toRef):
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::init):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::callAsFunction):
+        (KJS::JSCallbackObject::getPropertyList):
+        (KJS::JSCallbackObject::toBoolean):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSContextRef.cpp:
+        (JSCheckSyntax):
+        * API/JSContextRef.h:
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNodePrototype_removeChild):
+        (JSNodePrototype_replaceChild):
+        (JSNode_getNodeType):
+        (JSNode_getChildNodes):
+        (JSNode_getFirstChild):
+        (JSNode_construct):
+        * API/JSNode.h:
+        * API/JSNodeList.c:
+        (JSNodeListPrototype_item):
+        (JSNodeList_length):
+        (JSNodeList_getProperty):
+        * API/JSObjectRef.h:
+        * API/minidom.c:
+        (print):
+        * API/testapi.c:
+        (MyObject_initialize):
+        (MyObject_hasProperty):
+        (MyObject_getProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_getPropertyList):
+        (MyObject_callAsFunction):
+        (MyObject_callAsConstructor):
+        (MyObject_convertToType):
+        (print_callAsFunction):
+        (myConstructor_callAsConstructor):
+        (main):
+        * JavaScriptCore.exp:
+        * kjs/ExecState.h:
+        (KJS::ExecState::exceptionHandle):
+
+2006-07-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        Improved type safety by implementing opaque JSValue/JSObject typing through 
+        abuse of 'const', not void*. Also fixed an alarming number of bugs
+        exposed by this new type safety.
+        
+        I made one design change in JavaScriptCore, which is that the JSObject
+        constructor should take a JSValue* as its prototype argument, not a JSObject*,
+        since we allow the prototype to be any JSValue*, including jsNull(), for
+        example.
+        
+        * API/APICast.h:
+        (toJS):
+        * API/JSBase.h:
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::JSCallbackObject):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::callAsFunction):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        * API/JSCallbackObject.h:
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNodePrototype_removeChild):
+        (JSNodePrototype_replaceChild):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSFunctionMakeWithBody):
+        (JSObjectGetProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (main):
+        * ChangeLog:
+        * kjs/object.h:
+        (KJS::JSObject::JSObject):
+
+2006-07-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Approved by Maciej, Darin.
+        
+        Renamed JSStringBufferRef to JSInternalStringRef. "Internal string" means the 
+        JavaScript engine's internal string representation, which is the most 
+        low-level and efficient representation to use when interfacing with JavaScript.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        (JSCheckSyntax):
+        * API/JSContextRef.h:
+        * API/JSInternalStringRef.cpp: Added.
+        (JSStringMake):
+        (JSInternalStringCreate):
+        (JSInternalStringCreateUTF8):
+        (JSInternalStringRetain):
+        (JSInternalStringRelease):
+        (JSValueCopyStringValue):
+        (JSInternalStringGetLength):
+        (JSInternalStringGetCharactersPtr):
+        (JSInternalStringGetCharacters):
+        (JSInternalStringGetMaxLengthUTF8):
+        (JSInternalStringGetCharactersUTF8):
+        (JSInternalStringIsEqual):
+        (JSInternalStringIsEqualUTF8):
+        (JSInternalStringCreateCF):
+        (CFStringCreateWithJSInternalString):
+        * API/JSInternalStringRef.h: Added.
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNode_getNodeType):
+        (JSNode_getChildNodes):
+        (JSNode_getFirstChild):
+        * API/JSNodeList.c:
+        (JSNodeList_length):
+        (JSNodeList_getProperty):
+        * API/JSObjectRef.cpp:
+        (JSFunctionMakeWithBody):
+        (JSObjectGetDescription):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        (JSPropertyEnumeratorGetNext):
+        (JSPropertyListAdd):
+        * API/JSObjectRef.h:
+        * API/JSStringBufferRef.cpp: Removed.
+        * API/JSStringBufferRef.h: Removed.
+        * API/JSValueRef.h:
+        * API/JavaScriptCore.h:
+        * API/minidom.c:
+        (main):
+        (print):
+        * API/testapi.c:
+        (assertEqualsAsUTF8String):
+        (assertEqualsAsCharactersPtr):
+        (assertEqualsAsCharacters):
+        (MyObject_hasProperty):
+        (MyObject_getProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_getPropertyList):
+        (print_callAsFunction):
+        (myConstructor_callAsConstructor):
+        (main):
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-08  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Maciej.
+
+        Added an OpenGL drawing model to the Netscape Plug-in API.
+
+        * bindings/npapi.h:
+
+2006-07-08  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Maciej.
+
+        Moved KJS_GetCreatedJavaVMs to jni_utility.cpp.
+        Switched KJS_GetCreatedJavaVMs over to use dlopen and dlsym
+        now that NSAddImage, NSLookupSymbolInImage and NSAddressOfSymbol
+        are deprecated in Leopard.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::KJS_GetCreatedJavaVMs):
+        * bindings/softlinking.c: Removed.
+        * bindings/softlinking.h: Removed.
+
+2006-07-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders.
+        
+        - Make JSObjectGetProperty return a JSValue or NULL, like JSEvaluate does.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectGetProperty):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (main):
+
+2006-07-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Style change -- no review necessary.
+        
+        Use 0 instead of NULL in API .cpp files, to match our style guidelines.
+
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        * API/JSObjectRef.cpp:
+        (JSFunctionMakeWithBody):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSValueRef.cpp:
+        (JSValueToObject):
+
+2006-07-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by TimO.
+
+        - Added ability to pass NULL for thisObject when calling JSObjectCallAsFunction,
+        to match JSEvaluate.
+        
+        * API/JSObjectRef.cpp:
+        (JSObjectCallAsFunction):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (main):
+
+=== Safari-521.15 ===
+
+2006-07-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Standardized which functions take a JSContext as an argument. The rule is:
+        if you might execute JavaScript, you take a JSContext, otherwise you don't.
+        
+        The FIXME in JSObjectRef.h requires refactoring some parts of Interpreter,
+        but not API changes, so I'm putting it off until later.
+
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::JSCallbackObject):
+        (KJS::JSCallbackObject::init):
+        * API/JSCallbackObject.h:
+        * API/JSContextRef.cpp:
+        (JSContextCreate):
+        * API/JSContextRef.h:
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSPropertyEnumeratorGetNext):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (MyObject_initialize):
+        (main):
+        * JavaScriptCore.exp:
+        * kjs/array_object.cpp:
+        (ArrayInstance::setLength):
+        (ArrayInstance::pushUndefinedObjectsToEnd):
+        * kjs/nodes.cpp:
+        (ForInNode::execute):
+        * kjs/reference.cpp:
+        (KJS::Reference::getPropertyName):
+        (KJS::Reference::getValue):
+        * kjs/reference.h:
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::print):
+
+2006-07-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        More API action.
+        
+        - Headerdoc finished
+
+        Semantic Changes:
+        - Added a JSContextRef argument to many functions, because you need a 
+        JSContextRef for doing virtually anything. I expect to add this argument
+        to even more functions in a future patch.
+        
+        - Removed the globalObjectPrototype argument to JSContextCreate because
+        you can't create an object until you have a context, so it's impossible
+        to pass a prototype object to JSContextCreate. That's OK because (1) there's
+        no reason to give the global object a prototype and (2) if you really want
+        to, you can just use a separate call to JSObjectSetPrototype.
+        
+        - Removed the JSClassRef argument to JSClassCreate because it was unnecessary,
+        and you need to be able to make the global object's class before you've
+        created a JSContext.
+        
+        - Added an optional exception parameter to JSFunctionMakeWithBody because anything
+        less would be uncivilized.
+        
+        - Made the return value parameter to JSObjectGetProperty optional to match
+        all other return value parameters in the API.
+        
+        - Made JSObjectSetPrivate/JSObjectGetPrivate work on JSCallbackFunctions
+        and JSCallbackConstructors. You could use an abstract base class or strategic
+        placement of m_privateData in the class structure to implement this, but 
+        the former seemed like overkill, and the latter seemed too dangerous.
+        
+        - Fixed a bug where JSPropertyEnumeratorGetNext would skip the first property.
+
+        Cosmetic Changes:
+        - Reversed the logic of the JSChar #ifdef to avoid confusing headerdoc
+        
+        - Removed function names from @function declarations because headeroc
+        can parse them automatically, and I wanted to rule out manual mismatch.
+
+        - Changed Error::create to take a const UString& instead of a UString*
+        because it was looking at me funny.
+        
+        - Renamed JSStringBufferCreateWithCFString to JSStringBufferCreateCF
+        because the latter is more concise and it matches JSStringBufferCreateUTF8.
+        
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::getPropertyList):
+        (KJS::JSCallbackObject::toBoolean):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        * API/JSClassRef.cpp:
+        (JSClassCreate):
+        * API/JSContextRef.cpp:
+        (JSContextCreate):
+        (JSContextSetException):
+        * API/JSContextRef.h:
+        * API/JSNode.c:
+        (JSNodePrototype_class):
+        (JSNode_class):
+        * API/JSNodeList.c:
+        (JSNodeListPrototype_class):
+        (JSNodeList_class):
+        * API/JSObjectRef.cpp:
+        (JSObjectGetProperty):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        (JSPropertyEnumeratorGetNext):
+        * API/JSObjectRef.h:
+        * API/JSStringBufferRef.cpp:
+        (JSStringBufferCreateCF):
+        * API/JSStringBufferRef.h:
+        * API/JSValueRef.cpp:
+        (JSValueIsInstanceOf):
+        * API/JSValueRef.h:
+        * API/minidom.c:
+        (main):
+        * API/minidom.js:
+        * API/testapi.c:
+        (MyObject_hasProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_getPropertyList):
+        (MyObject_convertToType):
+        (MyObject_class):
+        (main):
+        * JavaScriptCore.exp:
+
+2006-07-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+        
+        - Fixed a few crashes resulting from NULL parameters to JSClassCreate.
+
+        * API/JSClassRef.cpp:
+        (JSClassCreate):
+        (JSClassRelease):
+        * API/testapi.c: Added test for NULL parameters.
+        (main):
+
+2006-07-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John, mocked by Darin.
+        
+        - Changed JSEvaluate to take a JSObjectRef instead of a JSValueRef as
+        "this," since "this" must be an object.
+
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        * API/JSContextRef.h:
+
+2006-07-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+        
+        - More headerdoc
+
+        * API/JSBase.h:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-05  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Beth.
+        
+        Renamed JSCharBufferRef, which was universally unpopular, to JSStringBufferRef,
+        which, hopefully, will be less unpopular.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSBase.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSCharBufferRef.cpp: Removed.
+        * API/JSCharBufferRef.h: Removed.
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        (JSCheckSyntax):
+        * API/JSContextRef.h:
+        * API/JSNode.c:
+        (JSNodePrototype_appendChild):
+        (JSNode_getNodeType):
+        (JSNode_getChildNodes):
+        (JSNode_getFirstChild):
+        * API/JSNodeList.c:
+        (JSNodeList_length):
+        (JSNodeList_getProperty):
+        * API/JSObjectRef.cpp:
+        (JSFunctionMakeWithBody):
+        (JSObjectGetDescription):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        (JSPropertyEnumeratorGetNext):
+        (JSPropertyListAdd):
+        * API/JSObjectRef.h:
+        * API/JSStringBufferRef.cpp: Added.
+        (JSStringMake):
+        (JSStringBufferCreate):
+        (JSStringBufferCreateUTF8):
+        (JSStringBufferRetain):
+        (JSStringBufferRelease):
+        (JSValueCopyStringValue):
+        (JSStringBufferGetLength):
+        (JSStringBufferGetCharactersPtr):
+        (JSStringBufferGetCharacters):
+        (JSStringBufferGetMaxLengthUTF8):
+        (JSStringBufferGetCharactersUTF8):
+        (JSStringBufferIsEqual):
+        (JSStringBufferIsEqualUTF8):
+        (JSStringBufferCreateWithCFString):
+        (CFStringCreateWithJSStringBuffer):
+        * API/JSStringBufferRef.h: Added.
+        * API/JSValueRef.h:
+        * API/JavaScriptCore.h:
+        * API/minidom.c:
+        (main):
+        (print):
+        * API/testapi.c:
+        (assertEqualsAsUTF8String):
+        (assertEqualsAsCharactersPtr):
+        (assertEqualsAsCharacters):
+        (MyObject_hasProperty):
+        (MyObject_getProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_getPropertyList):
+        (print_callAsFunction):
+        (myConstructor_callAsConstructor):
+        (main):
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-05  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Beth.
+        
+        Moved some code around for more logical file separation.
+
+        * API/JSBase.h:
+        * API/JSContextRef.h:
+        * API/JSObjectRef.cpp:
+        * API/JSValueRef.cpp:
+        (JSValueToObject):
+        * API/JSValueRef.h:
+
+2006-07-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        Implemented JSFunctionMakeWithBody, which parses a script as a function body
+        in the global scope, and returns the resulting anonymous function.
+        
+        I also removed private data from JSCallbackFunction. It never worked,
+        since JSCallbackFunction doesn't inherit from JSCallbackObject.
+
+        * API/JSCallbackConstructor.cpp: Removed.
+        * API/JSCallbackConstructor.h: Removed.
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::JSCallbackFunction):
+        (KJS::JSCallbackFunction::implementsConstruct):
+        (KJS::JSCallbackFunction::construct):
+        (KJS::JSCallbackFunction::implementsCall):
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.cpp:
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        * API/JSObjectRef.cpp:
+        (JSFunctionMake):
+        (JSFunctionMakeWithCallbacks):
+        * API/JSObjectRef.h:
+        * API/JSValueRef.h:
+        * API/minidom.c:
+        (main):
+        * API/testapi.c:
+        (main):
+        * JavaScriptCore.exp: Programmatically added all symbols exported by
+        API object files, and sorted results
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-07-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        - Return syntax error in JSCheckSyntax through a JSValueRef* exception
+        argument
+        
+        * API/JSBase.h:
+        * API/JSContextRef.cpp:
+        (JSCheckSyntax):
+        * API/testapi.c:
+        (main):
+        * JavaScriptCore.exp:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        * kjs/interpreter.h:
+
+2006-07-04  Darin Adler  <darin@apple.com>
+
+        - fixed build
+
+        * wtf/MathExtras.h: Oops. Added missing #endif.
+
+2006-07-04  Bjoern Graf  <bjoern.graf@gmail.com>
+
+        Reviewed by Maciej.
+        Tweaked a bit by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=9678
+          work around MSVCRT's fmod function returning NaN for fmod(x, infinity) instead of x
+
+        * wtf/MathExtras.h: Added include of <float.h>.
+        (isinf): Fix to return false for NAN.
+        (wtf_fmod): Added. An inline that works around the bug.
+
+        * kjs/nodes.cpp:
+        * kjs/number_object.cpp:
+        * kjs/operations.cpp:
+        * kjs/value.cpp:
+        Added includes of MathExtras.h to all files using fmod.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Let Xcode 2.3 have its way with
+        the project.
+
+2006-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+        
+        - Refined value conversions in the API:
+            - failed toNumber returns NaN
+            - failed toObject returns NULL
+            - failed toString returns empty string
+        
+        - Refined excpetion handling in the API:
+            - failed value conversions do not throw exceptions
+            - uncaught exceptions in JSEvaluate, JSObjectCallAsFunction, and 
+              JSObjectCallAsConstructor are returned through a JSValueRef* exception
+              argument
+            - removed JSContextHasException, because JSContextGetException does
+              the same job
+            
+        * API/JSBase.h:
+        * API/JSCharBufferRef.cpp:
+        (JSValueCopyStringValue):
+        * API/JSContextRef.cpp:
+        (JSEvaluate):
+        * API/JSContextRef.h:
+        * API/JSNodeList.c: Added test code demonstrating how you would use
+        toNumber, and why you probably don't need toUInt32, etc.
+        (JSNodeListPrototype_item):
+        (JSNodeList_getProperty):
+        * API/JSObjectRef.cpp:
+        (JSValueToObject):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSObjectRef.h:
+        * API/JSValueRef.cpp:
+        (JSValueToNumber):
+        * API/JSValueRef.h:
+        * API/minidom.c:
+        (main):
+        * API/testapi.c:
+        (main): Added tests for new rules, and call to JSGCProtect to fix Intel 
+        crash
+        * JavaScriptCore.exp:
+
+2006-07-03  Darin Adler  <darin@apple.com>
+
+        - Rolled out HashMap implementation of NPRuntime, at least temporarily.
+
+        Fixes hang in the bindings section of layout tests seen on the
+        buildbot.
+
+        This code was using HashMap<const char*, PrivateIdentifier*>.
+        But that hashes based on pointer identity, not string value.
+        The default hash for any pointer type is to hash based on the pointer.
+        And WTF doesn't currently have a string hash for char*.
+        We'll need to fix that before re-landing this patch.
+
+        (Formatting was also incorrect -- extra spaces in parentheses.)
+
+        * bindings/npruntime.cpp: Rolled out last change.
+
+2006-07-02  Justin Haygood  <jhaygood@spsu.edu>
+
+        Reviewed, tweaked, landed by ggaren.
+
+        - Port NPRuntime from CFDictionary to HashMap.
+
+        * bindings/npruntime.cpp:
+        (getStringIdentifierDictionary):
+        (getIntIdentifierDictionary):
+        (_NPN_GetStringIdentifier):
+        (_NPN_GetIntIdentifier):
+        * bindings/npruntime.h:
+
+2006-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adele.
+        
+        - Fixed <rdar://problem/4611197> REGRESSION: Liveconnect with Java test 
+        fails at http://www-sor.inria.fr/~dedieu/notes/liveconnect/simple_example.html
+
+        * JavaScriptCore.exp: Export symbols used by liveconnect
+
+2006-06-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Phase 2 in the JS API.
+        
+        - Added support for specifying static tables of values -- this should
+        obviate the need for using complicated callbacks for most lookups.
+        
+        -  API objects are now created with classes (JSClassRef) -- in order to support
+        static values, and in order to prevent API objects from storing their
+        data inline, and thus falling into the oversized (read: slow and prone to
+        giving Maciej the frowny face) heap.
+        
+        - Added two specialized JSObject subclasses -- JSCallbackFunction and JSCallbackConstructor -- 
+        to allow JSFunctionMake and JSConstructorMake to continue to work with
+        the new class model. Another solution to this problem would be to create
+        a custom class object for each function and constructor you make. This
+        solution is more code but also more efficient.
+        
+        - Substantially beefed up the minidom example to demonstrate and test a
+        lot of these techniques. Its output is still pretty haphazard, though.
+        
+        - Gave the <kjs/ preface to some includes -- I'm told this matters to
+        building on some versions of Linux.
+        
+        - Implemented JSValueIsInstanceOf and JSValueIsObjectOfClass
+        
+        - Removed GetDescription callback. Something in the class datastructure
+        should take care of this.
+
+        * API/JSBase.h:
+        * API/JSCallbackConstructor.cpp: Added.
+        (KJS::):
+        (KJS::JSCallbackConstructor::JSCallbackConstructor):
+        (KJS::JSCallbackConstructor::implementsConstruct):
+        (KJS::JSCallbackConstructor::construct):
+        (KJS::JSCallbackConstructor::setPrivate):
+        (KJS::JSCallbackConstructor::getPrivate):
+        * API/JSCallbackConstructor.h: Added.
+        (KJS::JSCallbackConstructor::classInfo):
+        * API/JSCallbackFunction.cpp: Added.
+        (KJS::):
+        (KJS::JSCallbackFunction::JSCallbackFunction):
+        (KJS::JSCallbackFunction::implementsCall):
+        (KJS::JSCallbackFunction::callAsFunction):
+        (KJS::JSCallbackFunction::setPrivate):
+        (KJS::JSCallbackFunction::getPrivate):
+        * API/JSCallbackFunction.h: Added.
+        (KJS::JSCallbackFunction::classInfo):
+        * API/JSCallbackObject.cpp:
+        (KJS::):
+        (KJS::JSCallbackObject::JSCallbackObject):
+        (KJS::JSCallbackObject::init):
+        (KJS::JSCallbackObject::~JSCallbackObject):
+        (KJS::JSCallbackObject::className):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::implementsConstruct):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::implementsCall):
+        (KJS::JSCallbackObject::callAsFunction):
+        (KJS::JSCallbackObject::getPropertyList):
+        (KJS::JSCallbackObject::toBoolean):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        (KJS::JSCallbackObject::inherits):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSCallbackObject.h:
+        * API/JSCharBufferRef.cpp:
+        * API/JSClassRef.cpp: Added.
+        (JSClassCreate):
+        (JSClassRetain):
+        (JSClassRelease):
+        * API/JSClassRef.h: Added.
+        (StaticValueEntry::StaticValueEntry):
+        (StaticFunctionEntry::StaticFunctionEntry):
+        (__JSClass::__JSClass):
+        * API/JSContextRef.cpp:
+        (JSContextCreate):
+        (JSEvaluate):
+        * API/JSContextRef.h:
+        * API/JSNode.c: Added.
+        (JSNodePrototype_appendChild):
+        (JSNodePrototype_removeChild):
+        (JSNodePrototype_replaceChild):
+        (JSNodePrototype_class):
+        (JSNode_getNodeType):
+        (JSNode_getChildNodes):
+        (JSNode_getFirstChild):
+        (JSNode_finalize):
+        (JSNode_class):
+        (JSNode_prototype):
+        (JSNode_new):
+        (JSNode_construct):
+        * API/JSNode.h: Added.
+        * API/JSNodeList.c: Added.
+        (JSNodeListPrototype_item):
+        (JSNodeListPrototype_class):
+        (JSNodeList_length):
+        (JSNodeList_getProperty):
+        (JSNodeList_finalize):
+        (JSNodeList_class):
+        (JSNodeList_prototype):
+        (JSNodeList_new):
+        * API/JSNodeList.h: Added.
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSFunctionMake):
+        (JSConstructorMake):
+        (__JSPropertyEnumerator::__JSPropertyEnumerator):
+        (JSObjectCreatePropertyEnumerator):
+        (JSPropertyEnumeratorGetNext):
+        (JSPropertyEnumeratorRetain):
+        (JSPropertyEnumeratorRelease):
+        * API/JSObjectRef.h:
+        (__JSObjectCallbacks::):
+        * API/JSValueRef.cpp:
+        (JSValueIsObjectOfClass):
+        (JSValueIsInstanceOf):
+        * API/JSValueRef.h:
+        * API/Node.c: Added.
+        (Node_new):
+        (Node_appendChild):
+        (Node_removeChild):
+        (Node_replaceChild):
+        (Node_ref):
+        (Node_deref):
+        * API/Node.h: Added.
+        * API/NodeList.c: Added.
+        (NodeList_new):
+        (NodeList_length):
+        (NodeList_item):
+        (NodeList_ref):
+        (NodeList_deref):
+        * API/NodeList.h: Added.
+        * API/minidom.c:
+        (main):
+        (print):
+        (createStringWithContentsOfFile):
+        * API/minidom.js:
+        * API/testapi.c:
+        (assertEqualsAsCharacters):
+        (MyObject_getProperty):
+        (MyObject_class):
+        (myConstructor_callAsConstructor):
+        (main):
+        * API/testapi.js:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-26  Kevin Ollivier  <kevino@theolliviers.com>
+        
+        Reviewed and tweaked by Darin.
+
+        - Compile fixes for wx port / gcc 4.0.2
+
+        * kjs/array_object.cpp:
+        Added missing headers. 
+
+        * kjs/ExecState.h:
+        gcc needs class prototypes before defining those classes as friend classes
+
+2006-06-30  Mike Emmel  <mike.emmel@gmail.com>
+
+        Reviewed by Darin.
+
+        Compilation fixes for Linux/Gdk.
+
+        * JavaScriptCore/kjs/interpreter.cpp: added include of signal.h
+        * JavaScriptCore/kjs/ExecState.h: added missing class declaration 
+        * JavaScriptCore/kjs/ExecState.cpp: case wrong on include of context.h 
+        * JavaScriptCore/JavaScriptCoreSources.bkl: added Context.cpp and ExecState.cpp
+
+=== Safari-521.14 ===
+
+2006-06-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - add headerdoc comments to some of the new JS API headers
+
+        * API/JSBase.h:
+        * API/JSValueRef.h:
+
+2006-06-28  Timothy Hatcher  <timothy@apple.com>
+
+        Prefer the Stabs debugging symbols format until DWARF bugs are fixed.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-27  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Tim O.
+
+        <rdar://problem/4448350> Deprecated ObjC language API used in JavaScriptCore, WebCore, WebKit and WebBrowser
+
+        Switch to the new ObjC 2 API, ifdefed the old code around OBJC_API_VERSION so it still works on Tiger.
+        Removed the use of the old stringWithCString, switched to the new Tiger version that accepts an encoding.
+        Lots of code style cleanup.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::~ObjcClass):
+        (KJS::Bindings::_createClassesByIsAIfNecessary):
+        (KJS::Bindings::ObjcClass::classForIsA):
+        (KJS::Bindings::ObjcClass::name):
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fieldNamed):
+        (KJS::Bindings::ObjcClass::fallbackObject):
+        * bindings/objc/objc_header.h:
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::ObjcInstance):
+        (ObjcInstance::~ObjcInstance):
+        (ObjcInstance::operator=):
+        (ObjcInstance::begin):
+        (ObjcInstance::end):
+        (ObjcInstance::getClass):
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::setValueOfField):
+        (ObjcInstance::supportsSetValueOfUndefinedField):
+        (ObjcInstance::setValueOfUndefinedField):
+        (ObjcInstance::getValueOfField):
+        (ObjcInstance::getValueOfUndefinedField):
+        (ObjcInstance::defaultValue):
+        (ObjcInstance::stringValue):
+        (ObjcInstance::numberValue):
+        (ObjcInstance::booleanValue):
+        (ObjcInstance::valueOf):
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcMethod::ObjcMethod):
+        (ObjcMethod::name):
+        (ObjcMethod::getMethodSignature):
+        (ObjcMethod::setJavaScriptName):
+        (ObjcField::name):
+        (ObjcField::type):
+        (ObjcField::valueFromInstance):
+        (convertValueToObjcObject):
+        (ObjcField::setValueToInstance):
+        (ObjcArray::operator=):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        (ObjcFallbackObjectImp::callAsFunction):
+        (ObjcFallbackObjectImp::defaultValue):
+
+2006-06-28  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        http://bugs.webkit.org/show_bug.cgi?id=8636
+        REGRESSION: JavaScript access to Java applet causes hang (_webViewURL not implemented)
+
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        Just pass nil as the calling URL. This will cause the Java plugin to use the URL of the page
+        containing the applet (which is what we used to do).
+
+2006-06-27  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4406785> Add an export file to TOT JavaScriptCore like the Safari-2-0-branch
+
+        * JavaScriptCore.exp: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adele.
+        
+        - Added JSConstructorMake to match JSFunctionMake, along with test code.
+        
+        [ I checked in the ChangeLog before without the actual files. ]
+
+        * API/JSObjectRef.cpp:
+        (JSConstructorMake):
+        * API/JSObjectRef.h:
+        * API/testapi.c:
+        (myConstructor_callAsConstructor):
+        (main):
+        * API/testapi.js:
+        * ChangeLog:
+        * JavaScriptCore.xcodeproj/project.pbxproj: Moved testapi.c to the testapi
+        target -- this was an oversight in my earlier check-in.
+
+2006-06-25  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        Bug 9574: Drosera should show inline scripts within the original HTML
+        http://bugs.webkit.org/show_bug.cgi?id=9574
+
+        Pass the starting line number and error message to the debugger.
+
+        * kjs/debugger.cpp:
+        (Debugger::sourceParsed):
+        * kjs/debugger.h:
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2006-06-24  Alexey Proskuryakov  <ap@nypop.com>
+
+        Rubber-stamped by Eric.
+
+        Add a -h (do not follow symlinks) option to ln in derived sources build script (without it,
+        a symlink was created inside the source directory on second build).
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-24  David Kilzer  <ddkilzer@kilzer.net>
+
+        Reviewed by Timothy.
+
+        * Info.plist: Fixed copyright to include 2003-2006.
+
+2006-06-24  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=9418
+        WebKit will not build when Space exists in path
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Enclose search paths in quotes; create symlinks to 
+        avoid passing paths with spaces to make.
+
+2006-06-23  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        Adding more operator[] overloads for long and short types.
+
+        * wtf/Vector.h:
+        (WTF::Vector::operator[]):
+
+=== JavaScriptCore-521.13 ===
+
+2006-06-22  Alexey Proskuryakov  <ap@nypop.com>
+
+        Build fix.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=9539
+        Another case error preventing build
+
+        * API/JSObjectRef.cpp: Changed "identifier.h" to "Identifier.h"
+        
+2006-06-22  David Kilzer  <ddkilzer@kilzer.net>
+
+        Build fix.
+
+        http://bugs.webkit.org/show_bug.cgi?id=9539
+        Another case error preventing build
+
+        * API/APICast.h: Changed "UString.h" to "ustring.h".
+
+2006-06-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed release build, fixed accidental infinite recursion due to
+        last minute global replace gone awry.
+        
+        * API/APICast.h:
+        (toRef):
+        * API/testapi.c:
+        (assertEqualsAsBoolean):
+        (assertEqualsAsNumber):
+        (assertEqualsAsUTF8String):
+        (assertEqualsAsCharactersPtr):
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders.
+        
+        - First cut at C API to JavaScript. Includes a unit test, 'testapi.c', 
+        and the outline of a test app, 'minidom.c'.
+        
+        Includes one change to JSC internals: Rename propList to getPropertyList and have it
+        take its target property list by reference so that subclasses can
+        add properties to the list before calling through to their superclasses.
+        
+        Also, I just ran prepare-ChangeLog in about 10 seconds, and I would like
+        to give a shout-out to that.
+        
+        * API/APICast.h: Added.
+        (toJS):
+        (toRef):
+        * API/JSBase.h: Added.
+        * API/JSCallbackObject.cpp: Added.
+        (KJS::):
+        (KJS::JSCallbackObject::JSCallbackObject):
+        (KJS::JSCallbackObject::~JSCallbackObject):
+        (KJS::JSCallbackObject::className):
+        (KJS::JSCallbackObject::getOwnPropertySlot):
+        (KJS::JSCallbackObject::put):
+        (KJS::JSCallbackObject::deleteProperty):
+        (KJS::JSCallbackObject::implementsConstruct):
+        (KJS::JSCallbackObject::construct):
+        (KJS::JSCallbackObject::implementsCall):
+        (KJS::JSCallbackObject::callAsFunction):
+        (KJS::JSCallbackObject::getPropertyList):
+        (KJS::JSCallbackObject::toBoolean):
+        (KJS::JSCallbackObject::toNumber):
+        (KJS::JSCallbackObject::toString):
+        (KJS::JSCallbackObject::setPrivate):
+        (KJS::JSCallbackObject::getPrivate):
+        (KJS::JSCallbackObject::cachedValueGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * API/JSCallbackObject.h: Added.
+        (KJS::JSCallbackObject::classInfo):
+        * API/JSCharBufferRef.cpp: Added.
+        (JSStringMake):
+        (JSCharBufferCreate):
+        (JSCharBufferCreateUTF8):
+        (JSCharBufferRetain):
+        (JSCharBufferRelease):
+        (JSValueCopyStringValue):
+        (JSCharBufferGetLength):
+        (JSCharBufferGetCharactersPtr):
+        (JSCharBufferGetCharacters):
+        (JSCharBufferGetMaxLengthUTF8):
+        (JSCharBufferGetCharactersUTF8):
+        (JSCharBufferIsEqual):
+        (JSCharBufferIsEqualUTF8):
+        (JSCharBufferCreateWithCFString):
+        (CFStringCreateWithJSCharBuffer):
+        * API/JSCharBufferRef.h: Added.
+        * API/JSContextRef.cpp: Added.
+        (JSContextCreate):
+        (JSContextDestroy):
+        (JSContextGetGlobalObject):
+        (JSEvaluate):
+        (JSCheckSyntax):
+        (JSContextHasException):
+        (JSContextGetException):
+        (JSContextClearException):
+        (JSContextSetException):
+        * API/JSContextRef.h: Added.
+        * API/JSObjectRef.cpp: Added.
+        (JSValueToObject):
+        (JSObjectMake):
+        (JSFunctionMake):
+        (JSObjectGetDescription):
+        (JSObjectGetPrototype):
+        (JSObjectSetPrototype):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        (JSObjectIsFunction):
+        (JSObjectCallAsFunction):
+        (JSObjectIsConstructor):
+        (JSObjectCallAsConstructor):
+        (__JSPropertyListEnumerator::__JSPropertyListEnumerator):
+        (JSObjectCreatePropertyEnumerator):
+        (JSPropertyEnumeratorGetNext):
+        (JSPropertyEnumeratorRetain):
+        (JSPropertyEnumeratorRelease):
+        (JSPropertyListAdd):
+        * API/JSObjectRef.h: Added.
+        * API/JSValueRef.cpp: Added.
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSUndefinedMake):
+        (JSNullMake):
+        (JSBooleanMake):
+        (JSNumberMake):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSGCProtect):
+        (JSGCUnprotect):
+        (JSGCCollect):
+        * API/JSValueRef.h: Added.
+        * API/JavaScriptCore.h: Added.
+        * API/minidom.c: Added.
+        (main):
+        * API/minidom.html: Added.
+        * API/minidom.js: Added.
+        * API/testapi.c: Added.
+        (assertEqualsAsBoolean):
+        (assertEqualsAsNumber):
+        (assertEqualsAsUTF8String):
+        (assertEqualsAsCharactersPtr):
+        (assertEqualsAsCharacters):
+        (MyObject_initialize):
+        (MyObject_copyDescription):
+        (MyObject_hasProperty):
+        (MyObject_getProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_getPropertyList):
+        (MyObject_callAsFunction):
+        (MyObject_callAsConstructor):
+        (MyObject_convertToType):
+        (MyObject_finalize):
+        (print_callAsFunction):
+        (main):
+        (createStringWithContentsOfFile):
+        * API/testapi.js: Added.
+        * ChangeLog:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/npruntime_impl.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstance::getPropertyList):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+        * kjs/nodes.cpp:
+        (ForInNode::execute):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        (KJS::JSObject::canPut):
+        (KJS::JSObject::deleteProperty):
+        (KJS::JSObject::propertyIsEnumerable):
+        (KJS::JSObject::getPropertyAttributes):
+        (KJS::JSObject::getPropertyList):
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::get):
+        * kjs/property_map.h:
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::print):
+        * kjs/string_object.cpp:
+        (StringInstance::getPropertyList):
+        * kjs/string_object.h:
+        * kjs/ustring.h:
+        (KJS::UString::Rep::ref):
+
+2006-06-20  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Geoff.
+
+        Make sure we clear the exception before returning so
+        that future calls will not fail because of an earlier
+        exception state. Assert on entry that the WebScriptObject
+        is working with an ExecState that dose not have an exception. 
+        Document that evaluateWebScript and callWebScriptMethod return
+        WebUndefined when an exception is thrown.
+
+        * bindings/objc/WebScriptObject.h:
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject removeWebScriptKey:]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
+
+2006-06-19  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by John.
+
+        * kjs/interpreter.cpp:
+        (KJS::TimeoutChecker::pauseTimeoutCheck):
+        (KJS::TimeoutChecker::resumeTimeoutCheck):
+        Fix argument order in setitimer calls.
+
+2006-06-18  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/interpreter.cpp:
+        (KJS::TimeoutChecker::pauseTimeoutCheck):
+        Do nothing if the timeout check hasn't been started.
+        
+        (KJS::TimeoutChecker::resumeTimeoutCheck):
+        Do nothing if the timeout check hasn't been started.
+        Use the right signal handler when unblocking.
+        
+        (KJS::Interpreter::handleTimeout):
+        pause/resume the timeout check around the call to
+        shouldInterruptScript().
+        
+2006-06-16  Ben Goodger <beng@google.com>
+        
+        Reviewed by Maciej
+
+        http://bugs.webkit.org/show_bug.cgi?id=9491
+        Windows build breaks in interpreter.cpp 
+
+        * kjs/interpreter.cpp
+        (KJS::TimeoutChecker::pauseTimeoutCheck):
+        (KJS::TimeoutChecker::resumeTimeoutCheck):
+        Make sure to only assert equality with s_executingInterpreter when it 
+        is being used (i.e. when HAVE(SYS_TIME_H) == true)
+
+2006-06-17  David Kilzer  <ddkilzer@kilzer.net>
+
+        Reviewed by darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=9477
+        REGRESSION: fast/dom/replaceChild.html crashes on WebKit ToT in debug build
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): Refetch the debugger after executing the function
+        in case the WebFrame it was running in has since been destroyed.
+
+2006-06-17  David Kilzer  <ddkilzer@kilzer.net>
+
+        Reviewed by ggaren.
+
+        http://bugs.webkit.org/show_bug.cgi?id=9476
+        REGRESSION: Reproducible crash after closing window after viewing
+        css2.1/t0803-c5501-imrgn-t-00-b-ag.html
+
+        * kjs/debugger.cpp:
+        (Debugger::detach): Call setDebugger(0) for all interpreters removed from
+        the 'attached to a debugger' list.
+
+2006-06-17  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Maciej and Geoff.
+
+        http://bugs.webkit.org/show_bug.cgi?id=7080
+        Provide some way to stop a JavaScript infinite loop
+        
+        * kjs/completion.h:
+        (KJS::):
+        Add Interrupted completion type.
+        
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::GlobalFuncImp::callAsFunction):
+        Only set the exception on the new ExecState if the current one has had one.
+        
+        * kjs/interpreter.cpp:
+        (KJS::TimeoutChecker::startTimeoutCheck):
+        (KJS::TimeoutChecker::stopTimeoutCheck):
+        (KJS::TimeoutChecker::alarmHandler):
+        (KJS::TimeoutChecker::pauseTimeoutCheck):
+        (KJS::TimeoutChecker::resumeTimeoutCheck):
+        New TimeoutChecker class which handles setting Interpreter::m_timedOut flag after a given
+        period of time. This currently only works on Unix platforms where setitimer and signals are used.
+        
+        (KJS::Interpreter::Interpreter):
+        Initialize new member variables.
+        
+        (KJS::Interpreter::~Interpreter):
+        Destroy the timeout checker.
+        
+        (KJS::Interpreter::startTimeoutCheck):
+        (KJS::Interpreter::stopTimeoutCheck):
+        (KJS::Interpreter::pauseTimeoutCheck):
+        (KJS::Interpreter::resumeTimeoutCheck):
+        Call the timeout checker.
+        
+        (KJS::Interpreter::handleTimeout):
+        Called on timeout. Resets the m_timedOut flag and calls shouldInterruptScript.
+        
+        * kjs/interpreter.h:
+        (KJS::Interpreter::setTimeoutTime):
+        New function for setting the timeout time.
+        
+        (KJS::Interpreter::shouldInterruptScript):
+        New function. The idea is that this should be overridden by subclasses in order to for example
+        pop up a dialog asking the user if the script should be interrupted.
+        
+        (KJS::Interpreter::checkTimeout):
+        New function which checks the m_timedOut flag and calls handleTimeout if it's set.
+        
+        * kjs/nodes.cpp:
+        (DoWhileNode::execute):
+        (WhileNode::execute):
+        (ForNode::execute):
+        Call Interpreter::checkTimeout after each iteration of the loop.
+
+2006-06-15  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Geoff and Darin.
+        
+        Prefer the DWARF debugging symbols format for use in Xcode 2.3.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-06-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth.
+        
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=9438
+        Someone broke ToT: cannot build
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/runtime_root.h: Changed "Interpreter.h" to "interpreter.h"
+
+2006-06-12  Geoffrey Garen  <ggaren@apple.com>
+
+        build fix
+        
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject throwException:]): Restore assignment I accidentally
+        deleted in previous commit
+
+2006-06-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by TimO, Maciej.
+        
+        - Merged InterpreterImp code into Interpreter, which implements
+        all interpreter functionality now. This is part of my continuing quest
+        to create an external notion of JS "execution context" that is unified and simple --
+        something to replace the mix of Context, ContextImp, ExecState, Interpreter,
+        InterpreterImp, and JSRun.
+        
+        All tests pass. Leaks test has not regressed from its baseline ~207 leaks
+        with ~3460 leaked nodes.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject throwException:]):
+        * bindings/runtime_root.cpp:
+        * bindings/runtime_root.h:
+        * kjs/Context.cpp:
+        (KJS::Context::Context):
+        * kjs/ExecState.cpp: Added.
+        (KJS::ExecState::lexicalInterpreter):
+        * kjs/ExecState.h: Added.
+        (KJS::ExecState::dynamicInterpreter):
+        * kjs/SavedBuiltins.h: Added.
+        * kjs/bool_object.cpp:
+        (BooleanPrototype::BooleanPrototype):
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        (KJS::Collector::numInterpreters):
+        * kjs/context.h:
+        * kjs/debugger.cpp:
+        (Debugger::attach):
+        (Debugger::detach):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (KJS::interpreterMap):
+        (KJS::Interpreter::Interpreter):
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::~Interpreter):
+        (KJS::Interpreter::globalObject):
+        (KJS::Interpreter::initGlobalObject):
+        (KJS::Interpreter::globalExec):
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+        (KJS::Interpreter::builtinObject):
+        (KJS::Interpreter::builtinFunction):
+        (KJS::Interpreter::builtinArray):
+        (KJS::Interpreter::builtinBoolean):
+        (KJS::Interpreter::builtinString):
+        (KJS::Interpreter::builtinNumber):
+        (KJS::Interpreter::builtinDate):
+        (KJS::Interpreter::builtinRegExp):
+        (KJS::Interpreter::builtinError):
+        (KJS::Interpreter::builtinObjectPrototype):
+        (KJS::Interpreter::builtinFunctionPrototype):
+        (KJS::Interpreter::builtinArrayPrototype):
+        (KJS::Interpreter::builtinBooleanPrototype):
+        (KJS::Interpreter::builtinStringPrototype):
+        (KJS::Interpreter::builtinNumberPrototype):
+        (KJS::Interpreter::builtinDatePrototype):
+        (KJS::Interpreter::builtinRegExpPrototype):
+        (KJS::Interpreter::builtinErrorPrototype):
+        (KJS::Interpreter::builtinEvalError):
+        (KJS::Interpreter::builtinRangeError):
+        (KJS::Interpreter::builtinReferenceError):
+        (KJS::Interpreter::builtinSyntaxError):
+        (KJS::Interpreter::builtinTypeError):
+        (KJS::Interpreter::builtinURIError):
+        (KJS::Interpreter::builtinEvalErrorPrototype):
+        (KJS::Interpreter::builtinRangeErrorPrototype):
+        (KJS::Interpreter::builtinReferenceErrorPrototype):
+        (KJS::Interpreter::builtinSyntaxErrorPrototype):
+        (KJS::Interpreter::builtinTypeErrorPrototype):
+        (KJS::Interpreter::builtinURIErrorPrototype):
+        (KJS::Interpreter::mark):
+        (KJS::Interpreter::interpreterWithGlobalObject):
+        (KJS::Interpreter::saveBuiltins):
+        (KJS::Interpreter::restoreBuiltins):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::setCompatMode):
+        (KJS::Interpreter::compatMode):
+        (KJS::Interpreter::firstInterpreter):
+        (KJS::Interpreter::nextInterpreter):
+        (KJS::Interpreter::prevInterpreter):
+        (KJS::Interpreter::debugger):
+        (KJS::Interpreter::setDebugger):
+        (KJS::Interpreter::setContext):
+        (KJS::Interpreter::context):
+        * kjs/nodes.cpp:
+        (StatementNode::hitStatement):
+        (RegExpNode::evaluate):
+        * kjs/protect.h:
+
+2006-06-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - Have *.lut.h files #include lookup.h to eliminate surprising header
+        include order dependency.
+
+        * DerivedSources.make:
+        * kjs/array_object.cpp:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        (KJS::DateProtoFunc::):
+        * kjs/lexer.cpp:
+        * kjs/math_object.cpp:
+        * kjs/number_object.cpp:
+        * kjs/regexp_object.cpp:
+        * kjs/string_object.cpp:
+
+2006-06-10  Geoffrey Garen  <ggaren@apple.com>
+
+        - http://bugs.webkit.org/show_bug.cgi?id=8515
+        Linux porting compile bug
+        
+        Fix by Mike Emmel, Reviewed by Darin.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+        * wtf/Platform.h:
+
+2006-06-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix -- I think :).
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/context.h:
+
+2006-06-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric (yay!).
+        
+        - Removed Context wrapper for ContextImp, renamed ContextImp to Context,
+        split Context into its own file -- Context.cpp -- renamed _var to m_var,
+        change ' *' to '* '.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/Context.cpp: Added.
+        (KJS::Context::Context):
+        (KJS::Context::~Context):
+        (KJS::Context::mark):
+        * kjs/context.h:
+        (KJS::Context::scopeChain):
+        (KJS::Context::variableObject):
+        (KJS::Context::setVariableObject):
+        (KJS::Context::thisValue):
+        (KJS::Context::callingContext):
+        (KJS::Context::activationObject):
+        (KJS::Context::currentBody):
+        (KJS::Context::function):
+        (KJS::Context::arguments):
+        (KJS::Context::pushScope):
+        (KJS::Context::seenLabels):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::evaluate):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::setContext):
+        (KJS::InterpreterImp::context):
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        (KJS::ExecState::context):
+        (KJS::ExecState::ExecState):
+        * kjs/nodes.cpp:
+        (currentSourceId):
+        (currentSourceURL):
+        (ThisNode::evaluate):
+        (ResolveNode::evaluate):
+        (FunctionCallResolveNode::evaluate):
+        (PostfixResolveNode::evaluate):
+        (DeleteResolveNode::evaluate):
+        (TypeOfResolveNode::evaluate):
+        (PrefixResolveNode::evaluate):
+        (AssignResolveNode::evaluate):
+        (VarDeclNode::evaluate):
+        (VarDeclNode::processVarDecls):
+        (DoWhileNode::execute):
+        (WhileNode::execute):
+        (ForNode::execute):
+        (ForInNode::execute):
+        (ContinueNode::execute):
+        (BreakNode::execute):
+        (ReturnNode::execute):
+        (WithNode::execute):
+        (SwitchNode::execute):
+        (LabelNode::execute):
+        (TryNode::execute):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+
+2006-06-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Removed API directory I prematurely/accidentally added.
+
+        * API: Removed.
+
+2006-06-05  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Reviewed and landed by Geoff.
+
+        - fix a regression in ecma_3/String/regress-104375.js
+
+        * kjs/string_object.cpp:
+        (substituteBackreferences): If a 2-digit back reference is out of range,
+        parse it as a 1-digit reference (followed by the other digit). This matches
+        Firefox's behavior.
+
+2006-06-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed By Maciej.
+        Darin already reviewed this change on the branch. See <rdar://problem/4317701>.
+        
+        - Fixed <rdar://problem/4291345> PCRE overflow in Safari JavaScriptCore
+
+        No test case because there's no behavior change.
+        
+        * pcre/pcre_compile.c:
+        (read_repeat_counts): Check for integer overflow / out of bounds
+
+2006-06-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by aliu.
+
+        - Changed CString length from int to size_t. We sould probably do this
+        for UString, too. (Darin, if you're reading this: Maciej said so.)
+        
+        * kjs/function.cpp:
+        (KJS::encode):
+        * kjs/ustring.cpp:
+        (KJS::CString::CString):
+        (KJS::operator==):
+        * kjs/ustring.h:
+        (KJS::CString::size):
+
+2006-06-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+        
+        - http://bugs.webkit.org/show_bug.cgi?id=9304
+        Minor cleanup in JavaScriptCore
+
+        * kjs/value.h: Removed redundant declarations
+
+2006-06-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - changed deleteAllValues so it can work on "const" collections
+          Deleting the values affects the values, not the pointers in the
+          collection, so it's legitimate to do it to a const collection,
+          and a case of that actually came up in the XPath code.
+
+        * wtf/HashMap.h:
+        (WTF::deleteAllPairSeconds): Use const iterators.
+        (WTF::deleteAllValues): Take const HashMap reference as a parameter.
+        * wtf/HashSet.h:
+        (WTF::deleteAllValues): Take const HashSet reference as a parameter,
+        and use const iterators.
+        * wtf/Vector.h:
+        (WTF::deleteAllValues): Take const Vector reference as a parameter.
+
+        - added more functions that are present in <math.h> on some platforms,
+          but not on others; moved here from various files in WebCore
+
+        * wtf/MathExtras.h:
+        (isinf): Added.
+        (isnan): Added.
+        (lround): Added.
+        (lroundf): Tweaked.
+        (round): Added.
+        (roundf): Tweaked.
+        (signbit): Added.
+
+2006-06-02  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Reviewed by ggaren.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=9234
+          Implement $&, $' and $` replacement codes in String.prototype.replace
+
+        Test: fast/js/string-replace-3.html
+
+        * kjs/string_object.cpp:
+        (substituteBackreferences): Added support for $& (matched substring),
+        $` (everything preceding matched substring), $' (everything following
+        matched substring) and 2-digit back references, and cleaned up a little.
+
+2006-06-02 Adele Peterson  <adele@apple.com>
+
+        Reviewed by Darin.
+
+        Set incremental linking to no. This seems to fix a build problem I was seeing
+        where dftables couldn't find a dll. 
+
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+
+2006-05-26  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fixes/tweaks
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+=== JavaScriptCore-521.11 ===
+
+2006-05-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+        
+        - JSC half of fix for <rdar://problem/4557926> TOT REGRESSSION: Crash
+        occurs when attempting to view image in slideshow mode at
+        http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute
+        (KJS::ExecState*) + 312)
+
+        On alternate threads, DOMObjects remain in the
+        ScriptInterpreter's cache because they're not collected. So, they
+        need an opportunity to mark their children.
+        
+        I'm not particularly happy with this solution because it fails to
+        resolve many outstanding issues with the DOM object cache. Since none
+        of those issues is a crasher or a serious compatibility concern,
+        and since the behavior of other browsers is not much to go on in this
+        case, I've filed <rdar://problem/4561439> about that, and I'm moving on 
+        with my life.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::mark):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::mark):
+        * kjs/interpreter.h:
+
+=== JavaScriptCore-521.10 ===
+
+2006-05-22  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Eric, Kevin and Geoff.
+
+        Merge open source build fixes. <rdar://problem/4555500>
+
+        * kjs/collector.cpp: look at the rsp register in x86_64 
+        (KJS::Collector::markOtherThreadConservatively):
+        * wtf/Platform.h: add x86_64 to the platform list
+
+2006-05-19  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Geoff.
+
+        http://bugs.webkit.org/show_bug.cgi?id=8993
+        Support function declaration in case statements
+        
+        * kjs/grammar.y: Get rid of StatementList and use SourceElements instead.
+        
+        * kjs/nodes.cpp:
+        (CaseClauseNode::evalStatements):
+        (CaseClauseNode::processVarDecls):
+        (CaseClauseNode::processFuncDecl):
+        (ClauseListNode::processFuncDecl):
+        (CaseBlockNode::processFuncDecl):
+        (SwitchNode::processFuncDecl):
+        * kjs/nodes.h:
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::ClauseListNode::ClauseListNode):
+        (KJS::ClauseListNode::getClause):
+        (KJS::ClauseListNode::getNext):
+        (KJS::ClauseListNode::releaseNext):
+        (KJS::SwitchNode::SwitchNode):
+        Add processFuncDecl for the relevant nodes.        
+
+        * kjs/nodes2string.cpp:
+        (CaseClauseNode::streamTo):
+        next got renamed to source.
+
+2006-05-17  George Staikos <staikos@kde.org>
+
+        Reviewed by Maciej, Alexey, and Eric.
+
+        * pcre/pcre_compile.c:
+        * pcre/pcre_get.c:
+        * pcre/pcre_exec.c:
+        * wtf/UnusedParam.h:
+        Use /**/ in .c files to compile with non-C99 and non-GCC compilers.
+
+        * kjs/testkjs.cpp:
+        Change include to <wtf/HashTraits.h> from "HashTraits.h" to avoid -I
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        Use correct parentheses and correct mask for utf-32 support.
+
+2006-05-17  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=8870
+        Crash typing in Yahoo auto-complete widget.
+
+        Test: fast/js/regexp-stack-overflow.html
+
+        * pcre/pcre-config.h: Define NO_RECURSE.
+
+2006-05-16  George Staikos <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        Fix some warnings and strict compilation errors.
+
+        * kjs/nodes.cpp: 
+        * kjs/value.cpp: 
+
+2006-05-15  Alexey Proskuryakov  <ap@nypop.com>
+
+        * make-generated-sources.sh: Changed to be executable and removed
+        text in the file generated by "svn diff".
+
+2006-05-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        - Fixed <rdar://problem/4534904> please do not treat "debugger" as
+        a reserved word while parsing JavaScript (and other ECMA reserved
+        words) 
+
+        AKA 
+
+        http://bugs.webkit.org/show_bug.cgi?id=6179 
+        We treat "char" as a reserved word in JavaScript and firefox/IE do
+        not
+
+        (1) I unreserved most of the spec's "future reserved words" because 
+        they're not reserved in IE or FF. (Most, but not all, because IE
+        somewhat randomly *does* reserve a few of them.)
+        (2) I made 'debugger' a legitimate statement that acts like an empty
+        statement because FF and IE support it.
+        
+        * kjs/grammar.y:
+        * kjs/keywords.table:
+
+2006-05-15  Tim Omernick  <timo@apple.com>
+
+        Reviewed by John Sullivan.
+
+        Part of <rdar://problem/4466508> Add 64-bit support to the Netscape Plugin API
+
+        Added to the Netscape Plugin API the concept of "plugin drawing models".  The drawing model
+        determines the kind of graphics context created by the browser for the plugin, as well as 
+        the Mac types of various Netscape Plugin API data structures.
+
+        There is a drawing model to represent the old QuickDraw-based API.  It is used by default
+        if QuickDraw is available on the system, unless the plugin specifies another drawing model.
+
+        The big change is the addition of the CoreGraphics drawing model.  A plugin may request this
+        drawing model to obtain access to a CGContextRef for drawing, instead of a QuickDraw CGrafPtr.
+
+        * bindings/npapi.h:
+        Define NP_NO_QUICKDRAW when compiling 64-bit; there is no 64-bit QuickDraw.
+        Added NPNVpluginDrawingModel, NPNVsupportsQuickDrawBool, and NPNVsupportsCoreGraphicsBool
+        variables.
+        Added NPDrawingModel enumeration.  Currently the only drawing models are QuickDraw and
+        CoreGraphics.
+        NPRegion's type now depends on the drawing model specified by the plugin.
+        NP_Port is now only defined when QuickDraw is available.
+        Added NP_CGContext, which is the type of the NPWindow's "window" member in CoreGraphics mode.
+
+2006-05-13  Kevin M. Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Darin, landed by ap.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=8528
+          Bakefiles (and generated Makefiles) for wx and gdk ports
+
+        * make-generated-sources.sh: 
+        Added script to configure environment to run DerivedSources.make
+        
+        * JavaScriptCoreSources.bkl:
+        Added JavaScriptCore sources list for Bakefile.
+        
+        * jscore.bkl:
+        Bakefile used to generate JavaScriptCore project files 
+        (currently only used by wx and gdk ports)
+
+2006-05-09  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix Windows build.
+        Minor fixes to WTF headers.
+        
+        Reviewed by kevin.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Fix include dirs, paths to files. 
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Fix include dirs.
+        * wtf/Assertions.h: include Platform.h to get definition for COMPILER()
+        * wtf/Vector.h: include FastMalloc.h for definition of fastMalloc, fastFree
+
+2006-05-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Anders.
+        
+        - renamed kxmlcore to wtf
+        
+        kxmlcore --> wtf
+        KXMLCore --> WTF
+        KXC --> WTF
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/c/c_instance.cpp:
+        * bindings/objc/WebScriptObject.mm:
+        * kjs/JSImmediate.h:
+        * kjs/Parser.cpp:
+        * kjs/Parser.h:
+        * kjs/array_object.cpp:
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread):
+        * kjs/collector.h:
+        * kjs/config.h:
+        * kjs/function.cpp:
+        (KJS::isStrWhiteSpace):
+        * kjs/function.h:
+        * kjs/identifier.cpp:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/lexer.cpp:
+        (Lexer::shift):
+        (Lexer::isWhiteSpace):
+        (Lexer::isIdentStart):
+        (Lexer::isIdentPart):
+        * kjs/lookup.cpp:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/number_object.cpp:
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+        * kjs/string_object.cpp:
+        (StringProtoFunc::callAsFunction):
+        * kjs/testkjs.cpp:
+        (testIsInteger):
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        * kxmlcore: Removed.
+        * kxmlcore/AlwaysInline.h: Removed.
+        * kxmlcore/Assertions.cpp: Removed.
+        * kxmlcore/Assertions.h: Removed.
+        * kxmlcore/FastMalloc.cpp: Removed.
+        * kxmlcore/FastMalloc.h: Removed.
+        * kxmlcore/FastMallocInternal.h: Removed.
+        * kxmlcore/Forward.h: Removed.
+        * kxmlcore/HashCountedSet.h: Removed.
+        * kxmlcore/HashFunctions.h: Removed.
+        * kxmlcore/HashMap.h: Removed.
+        * kxmlcore/HashSet.h: Removed.
+        * kxmlcore/HashTable.cpp: Removed.
+        * kxmlcore/HashTable.h: Removed.
+        * kxmlcore/HashTraits.h: Removed.
+        * kxmlcore/ListRefPtr.h: Removed.
+        * kxmlcore/Noncopyable.h: Removed.
+        * kxmlcore/OwnArrayPtr.h: Removed.
+        * kxmlcore/OwnPtr.h: Removed.
+        * kxmlcore/PassRefPtr.h: Removed.
+        * kxmlcore/Platform.h: Removed.
+        * kxmlcore/RefPtr.h: Removed.
+        * kxmlcore/TCPageMap.h: Removed.
+        * kxmlcore/TCSpinLock.h: Removed.
+        * kxmlcore/TCSystemAlloc.cpp: Removed.
+        * kxmlcore/TCSystemAlloc.h: Removed.
+        * kxmlcore/UnusedParam.h: Removed.
+        * kxmlcore/Vector.h: Removed.
+        * kxmlcore/VectorTraits.h: Removed.
+        * kxmlcore/unicode: Removed.
+        * kxmlcore/unicode/Unicode.h: Removed.
+        * kxmlcore/unicode/UnicodeCategory.h: Removed.
+        * kxmlcore/unicode/icu: Removed.
+        * kxmlcore/unicode/icu/UnicodeIcu.h: Removed.
+        * kxmlcore/unicode/posix: Removed.
+        * kxmlcore/unicode/qt3: Removed.
+        * kxmlcore/unicode/qt4: Removed.
+        * kxmlcore/unicode/qt4/UnicodeQt4.h: Removed.
+        * pcre/pcre_get.c:
+        * wtf: Added.
+        * wtf/Assertions.cpp:
+        * wtf/Assertions.h:
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_ThreadCache::Scavenge):
+        (WTF::do_malloc):
+        (WTF::do_free):
+        (WTF::TCMallocGuard::TCMallocGuard):
+        (WTF::malloc):
+        (WTF::free):
+        (WTF::calloc):
+        (WTF::cfree):
+        (WTF::realloc):
+        * wtf/FastMalloc.h:
+        * wtf/FastMallocInternal.h:
+        * wtf/Forward.h:
+        * wtf/HashCountedSet.h:
+        * wtf/HashFunctions.h:
+        * wtf/HashMap.h:
+        * wtf/HashSet.h:
+        * wtf/HashTable.cpp:
+        * wtf/HashTable.h:
+        * wtf/HashTraits.h:
+        * wtf/ListRefPtr.h:
+        * wtf/Noncopyable.h:
+        * wtf/OwnArrayPtr.h:
+        * wtf/OwnPtr.h:
+        * wtf/PassRefPtr.h:
+        * wtf/RefPtr.h:
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemAlloc):
+        * wtf/Vector.h:
+        * wtf/VectorTraits.h:
+        * wtf/unicode/UnicodeCategory.h:
+        * wtf/unicode/icu/UnicodeIcu.h:
+
+2006-05-08  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Tim O.
+
+        * bindings/npapi.h: do not define #pragma options align=mac68k if we are 64-bit
+
+2006-05-07  Darin Adler  <darin@apple.com>
+
+        Reviewed and landed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=8765
+        Random crashes on TOT since the form state change
+        
+        I haven't figured out how to construct a test for this, but this does seem to fix the
+        problem; Mitz mentioned that a double-destroy was occurring in these functions.
+        
+        * kxmlcore/HashMap.h: (KXMLCore::HashMap::remove): Use RefCounter::deref instead of calling
+        ~ValueType, because ~ValueType often results in a double-destroy, since the HashTable also
+        destroys the element based on the storage type. The RefCounter template correctly does work
+        only in cases where ValueType and ValueStorageType differ and this class is what's used
+        elsewhere for the same purpose; I somehow missed this case when optimizing HashMap.
+        * kxmlcore/HashSet.h: (KXMLCore::HashSet::remove): Ditto.
+        
+2006-05-05  Darin Adler  <darin@apple.com>
+
+        - http://bugs.webkit.org/show_bug.cgi?id=8722
+          IE compatibility fix in date parsing
+
+        * kjs/date_object.cpp: (KJS::parseDate): Merged change that George Staikos provided
+        from KDE 3.4.3 branch that allows day values of 0 and values that are > 1000.
+
+2006-05-04  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=8734
+        Would like a Vector::append that takes another Vector
+        
+        * kxmlcore/Vector.h:
+        (KXMLCore::::append):
+        New function that takes another array.
+
+2006-05-02  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by eric.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: set NDEBUG for release build
+        * kxmlcore/FastMalloc.cpp: Prevent USE_SYSTEM_MALLOC from being defined twice
+
+2006-05-02  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        * kxmlcore/HashMap.h:
+        (KXMLCore::::operator):
+        Return *this
+
+2006-05-01  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        <rdar://problem/4476875> Support printing for embedded Netscape plugins
+
+        * bindings/npapi.h:
+        Fixed struct alignment problem in our npapi.h.  Structs must be 68k-aligned on both pre-Mac OS X
+        and Mac OS X systems, as this is what plugins expect.
+
+2006-05-01  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Maciej.
+        
+        <rdar://problem/4308243> 8F36 Regression: crash in malloc_consolidate if you use a .PAC file
+
+        The original fix missed the oversized cell case. Added a test for "currentThreadIsMainThread || 
+        imp->m_destructorIsThreadSafe" where we collect oversized cells.
+
+        We don't have a way to test PAC files yet, so there's no test attached.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect): test the thread when we collect oversized cells
+
+2006-05-01  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Adele.
+
+        <rdar://problem/4526114> REGRESSION (two days ago): LOG() just prints @ for NSObject substitutions
+
+        * kxmlcore/Assertions.cpp:
+        Changed sense of strstr("%@") check.  I already made the same fix to the WebBrowser assertions.
+
+2006-04-28  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by kdecker
+        
+        Actually apply the change that was reviewed insted of checking it in with an #if 0 (oops).
+
+        * kjs/testkjs.cpp:
+        (main): Suppress C runtime alerts
+
+2006-04-28  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by kdecker
+
+        Suppress error reporting dialog that blocks Javascript tests from completing.
+        
+        Real error is due to an overflow in the date/time handling functions that needs
+        to be addressed, but this will prevent the hang running the Javascript tests
+        on the build bot (along with the related changes).
+        
+        * kjs/testkjs.cpp:
+        (main): Suppress C runtime alerts
+
+2006-04-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej
+
+        - Minor fixups I discovered while working on the autogenerator.
+        
+        * kjs/lookup.cpp:
+        (findEntry): ASSERT that size is not 0, because otherwise we'll % by 0,
+        compute a garbage address, and possibly crash.
+        * kjs/lookup.h:
+        (cacheGlobalObject): Don't enumerate cached objects -- ideally, they
+        would be hidden entirely.
+
+2006-04-21  Kevin M. Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=8507
+          Compilation fixes for building on gcc 4.0.2, and without precomp headers
+
+        * kjs/operations.h:
+        * kxmlcore/Assertions.cpp:
+        * kxmlcore/FastMalloc.cpp:
+        Added necessary headers to resolve compilation issues when not using
+        precompiled headers.
+        
+        * kjs/value.h: Declare the JSCell class before friend declaration  
+        to resolve compilation issues with gcc 4.0.2.
+        
+        * kxmlcore/Platform.h: Set Unicode support to use ICU on platforms
+        other than KDE (previously only defined for Win and Mac OS)
+                
+2006-04-18  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        Fix "new Function()" to correctly use lexical scoping.
+        Add ScopeChain::print() function for debugging.
+        <rdar://problem/4067864> REGRESSION (125-407): JavaScript failure on PeopleSoft REN Server
+
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::print):
+        * kjs/scope_chain.h:
+
+2006-04-14  James G. Speth  <speth@end.com>
+
+        Reviewed by Timothy.
+
+        Bug 8389: support for Cocoa bindings - binding an NSTreeController to the WebView's DOM
+        http://bugs.webkit.org/show_bug.cgi?id=8389
+
+        Adds a category to WebScriptObject with array accessors for KVC/KVO.
+
+        If super valueForKey: fails it will call valueForUndefinedKey:, which is
+        important because it causes the right behavior to happen with bindings using
+        the "Raises for Not Applicable Keys" flag and the "Not Applicable Placeholder"
+
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject count]):
+        (-[WebScriptObject objectAtIndex:]):
+        (-[WebUndefined description]): return "undefined"
+
+2006-04-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::initGlobalObject): Add the built-in object
+        prototype to the end of the global object's prototype chain instead of
+        just blowing away its existing prototype. We need to do this because
+        the window object has a meaningful prototype now.
+
+2006-04-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - fix testkjs to not show false-positive KJS::Node leaks in debug builds
+
+        * kjs/testkjs.cpp:
+        (doIt):
+        (kjsmain):
+
+2006-04-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        Minor code cleanup -- passes all the JS tests.
+
+        * kjs/object_object.cpp:
+        (ObjectObjectImp::construct):
+        (ObjectObjectImp::callAsFunction):
+
+2006-04-11  Darin Adler  <darin@apple.com>
+
+        - another attempt to fix Windows build -- Vector in Forward.h was not working
+
+        * kxmlcore/Forward.h: Remove Vector.
+        * kxmlcore/Vector.h: Add back default arguments, remove include of
+        Forward.h.
+
+2006-04-11  Darin Adler  <darin@apple.com>
+
+        - try to fix Windows build -- HashForward.h was not working
+
+        * kxmlcore/HashForward.h: Removed.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Remove HashForward.h.
+        * kjs/collector.h: Remove use of HashForward.h.
+        * kxmlcore/HashCountedSet.h: Remove include of HashForward.h, restore
+        default arguments.
+        * kxmlcore/HashMap.h: Ditto.
+        * kxmlcore/HashSet.h: Ditto.
+
+2006-04-11  David Harrison  <harrison@apple.com>
+
+        Reviewed by Darin.
+
+        - fixed clean build, broken by Darin's check-in
+
+        * kjs/date_object.cpp: Add needed include of lookup.h.
+        * kjs/regexp_object.cpp: Move include of .lut.h file below other includes.
+
+2006-04-10  Darin Adler  <darin@apple.com>
+
+        Rubber-stamped by John Sullivan.
+
+        - switched from a shell script to a makefile for generated files
+        - removed lots of unneeded includes
+        - added new Forward.h and HashForward.h headers that allow compiling with
+          fewer unneeded templates
+
+        * DerivedSources.make: Added.
+        * generate-derived-sources: Removed.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files, changed to use
+        DerivedSources.make.
+
+        * kxmlcore/Forward.h: Added.
+        * kxmlcore/HashForward.h: Added.
+
+        * kxmlcore/HashCountedSet.h: Include HashForward for default args.
+        * kxmlcore/HashMap.h: Ditto.
+        * kxmlcore/HashSet.h: Ditto.
+
+        * kjs/object.h:
+        * kjs/object.cpp:
+        Moved KJS_MAX_STACK into the .cpp file.
+
+        * bindings/NP_jsobject.cpp:
+        * bindings/c/c_instance.h:
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_runtime.h:
+        * bindings/jni/jni_utility.h:
+        * bindings/objc/WebScriptObject.mm:
+        * bindings/objc/WebScriptObjectPrivate.h:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        * bindings/objc/objc_runtime.mm:
+        * bindings/objc/objc_utility.mm:
+        * bindings/runtime.h:
+        * bindings/runtime_array.cpp:
+        * bindings/runtime_array.h:
+        * bindings/runtime_method.cpp:
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        * bindings/runtime_root.h:
+        * kjs/JSImmediate.cpp:
+        * kjs/Parser.h:
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        * kjs/bool_object.h:
+        * kjs/collector.h:
+        * kjs/context.h:
+        * kjs/debugger.cpp:
+        * kjs/error_object.h:
+        * kjs/function_object.h:
+        * kjs/internal.h:
+        * kjs/lexer.cpp:
+        * kjs/math_object.cpp:
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/number_object.cpp:
+        * kjs/number_object.h:
+        * kjs/object_object.cpp:
+        * kjs/operations.cpp:
+        * kjs/protected_reference.h:
+        * kjs/reference.h:
+        * kjs/reference_list.h:
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+        * kjs/testkjs.cpp:
+        * kjs/value.cpp:
+        * kjs/value.h:
+        * kxmlcore/HashTable.h:
+        * kxmlcore/ListRefPtr.h:
+        * kxmlcore/TCPageMap.h:
+        * kxmlcore/Vector.h:
+        Removed unneeded header includes.
+
+2006-04-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by eric.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=8284
+        prevent unnecessary entries in the "nodes with extra refs" hash table
+
+        This patch switches manually RefPtr exchange with use of
+        RefPtr::release to ensure that a node's ref count never tops 1
+        (in the normal case).
+
+        * kjs/nodes.cpp:
+        (BlockNode::BlockNode):
+        (CaseBlockNode::CaseBlockNode):
+        * kjs/nodes.h:
+        (KJS::ArrayNode::ArrayNode):
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        (KJS::ArgumentsNode::ArgumentsNode):
+        (KJS::VarStatementNode::VarStatementNode):
+        (KJS::ForNode::ForNode):
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::FuncExprNode::FuncExprNode):
+        (KJS::FuncDeclNode::FuncDeclNode):
+
+2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        One more attempt - use reinterpret_cast, rather than static_cast.
+
+2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        An attempt to fix Win32 build - ICU uses wchar_t on Windows, so we need a type cast.
+
+        * kxmlcore/unicode/icu/UnicodeIcu.h:
+        (KXMLCore::Unicode::toLower):
+        (KXMLCore::Unicode::toUpper):
+
+2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=8264
+        toLowerCase and toUpperCase don't honor special mappings
+
+        Test: fast/js/string-capitalization.html
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added KXMLCore::Unicode headers to the project.
+        * icu/unicode/putil.h: Added (copied from WebCore).
+        * icu/unicode/uiter.h: Ditto.
+        * icu/unicode/ustring.h: Ditto.
+        * kjs/string_object.cpp:
+        (StringProtoFunc::callAsFunction): Use the new KXMLCore::Unicode::toUpper() and toLower().
+        * kjs/ustring.cpp: Removed unused (and evil) UChar::toLower() and toUpper().
+        * kjs/ustring.h: Ditto.
+
+        * kxmlcore/unicode/Unicode.h: Corrected capitalization of the word Unicode.
+        * kxmlcore/unicode/UnicodeCategory.h: Renamed include guard macro to match file name.
+
+        * kxmlcore/unicode/icu/UnicodeIcu.h:
+        (KXMLCore::Unicode::toLower): Work on strings, not individual characters. Use ICU root locale.
+        (KXMLCore::Unicode::toUpper): Ditto.
+        (KXMLCore::Unicode::isFormatChar): Use int32_t, which can hold a complete code point.
+        (KXMLCore::Unicode::isSeparatorSpace): Ditto.
+        (KXMLCore::Unicode::category): Ditto.
+        * kxmlcore/unicode/qt4/UnicodeQt4.h:
+        (KXMLCore::Unicode::toLower): Work on strings, not individual characters.
+        (KXMLCore::Unicode::toUpper): Ditto.
+        (KXMLCore::Unicode::isFormatChar): Use int32_t, which can hold a complete code point.
+        (KXMLCore::Unicode::isSeparatorSpace): Ditto.
+        (KXMLCore::Unicode::category): Ditto.
+
+        * tests/mozilla/ecma/String/15.5.4.12-1.js: Corrected expected results.
+        * tests/mozilla/ecma/String/15.5.4.12-5.js: Corrected expected results.
+
+2006-04-05  Darin Adler  <darin@apple.com>
+
+        - attempt to fix Windows build
+
+        * kxmlcore/HashMap.h: (KXMLCore::HashMap::remove): Use (*it). instead of it->.
+        * kxmlcore/HashSet.h: (KXMLCore::HashSet::remove): Ditto.
+
+2006-04-05  Darin Adler  <darin@apple.com>
+
+        - attempt to fix Windows build
+
+        * os-win32/stdint.h: Add int8_t, uint8_t, int64_t.
+
+2006-04-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix memory leak introduced by the previous change
+
+        * kxmlcore/HashTable.h: Specialize NeedsRef so that it correctly returns true when
+        the value in question is a pair where one of the pair needs a ref and the other
+        of the pair does not.
+
+2006-04-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - JavaScriptCore part of fix for http://bugs.webkit.org/show_bug.cgi?id=8049
+          StringImpl hash traits deleted value creates an init routine for WebCore
+          <rdar://problem/4442248> REGRESSION: WebCore has init routines (8049)
+
+        Change HashMap and HashSet implementation so they fold various types together.
+        This allows us to implement maps and sets that use RefPtr<WebCore::StringImpl>
+        and WebCore::String in terms of the underlying raw pointer type, and hence use
+        -1 for the deleted value.
+
+        * kxmlcore/HashTraits.h: Added a new type to HashTraits, StorageTraits, which is a
+        type to be used when storing a value that has the same layout as the type itself.
+        This is used only for non-key cases. In the case of keys, the hash function must also
+        be considered. Moved emptyValue out of GenericHashTraitsBase into GenericHashTraits.
+        Added a new bool to HashTraits, needsRef, which indicates whether the type needs
+        explicit reference counting. If the type itself has needsRef true, but the storage
+        type has needsRef false, then the HashSet or HashMap has to handle the reference
+        counting explicitly. Added hash trait specializations for all signed integer values
+        that give -1 as the deleted value. Gave all integers StorageTraits of the canonical
+        integer type of the same size so int and long will share code. Gave all pointers and
+        RefPtrs StorageTraits of the appropriately sized integer type. Removed redundant
+        TraitType and emptyValue definitions in the pointer specialization for HashTraits.
+        Added PairBaseHashTraits, which doesn't try to set up needsDestruction and deletedValue.
+        Useful for types where we don't want to force the existence of deletedValue, such as
+        the type of a pair in a HashMap which is not the actual storage type. Removed an
+        unneeded parameter from the DeletedValueAssigner template. Added HashKeyStorageTraits
+        template, which determines what type can be used to store a given hash key type with
+        a given hash function, and specialized it for pointers and RefPtr so that pointer
+        hash tables share an underlying HashTable that uses IntHash.
+
+        * kxmlcore/HashTable.h: Added HashTableConstIteratorAdapter, HashTableIteratorAdapter,
+        NeedsRef, RefCountManagerBase, RefCountManager, HashTableRefCountManagerBase, and
+        HashTableRefCountManager. All are used by both HashSet and HashMap to handle hash
+        tables where the type stored is not the same as the real value type.
+        
+        * kxmlcore/HashFunctions.h: Added a new struct named IntTypes that finds an
+        integer type given a sizeof value. Renamed pointerHash to intHash and made it
+        use overloading and take integer parameters. Added an IntHash struct which is
+        a hash function that works for integers. Changed PtrHash to call IntHash with
+        an appropriately sized integer. Made IntHash the default hash function for
+        many integer types. Made PtrHash the default hash function for RefPtr as well
+        as for raw pointers.
+
+        * kxmlcore/HashSet.h: Changed implementation to use a separate "storage type"
+        derived from the new traits. The HashTable will use the storage type and all
+        necessary translation and ref/deref is done at the HashSet level. Also reorganized
+        the file so that the HashSet is at the top and has no inline implementation inside
+        it so it's easy to read the interface to HashSet.
+
+        * kxmlcore/HashMap.h: Changed implementation to use a separate "storage type"
+        derived from the new traits. The HashTable will use the storage type and all
+        necessary translation and ref/deref is done at the HashMap level. Also reorganized
+        the file so that the HashMap is at the top and has no inline implementation inside
+        it so it's easy to read the interface to HashMap.
+
+        * kxmlcore/HashMapPtrSpec.h: Removed. Superceded by optimizations in HashMap itself.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Remove HashMapPtrSpec.h, resort files,
+        and also remove some unnecessary build settings from the aggregate target that
+        generates derived sources.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
+
+2006-04-04  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        The Debug and Release frameworks are now built with install paths relative to the build products directory.
+        This removes the need for other projects to build with -framework WebCore and -framework JavaScriptCore. 
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-04-04  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        Fix win32 build.
+        Disable ASSERT redefinition warnings for now.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+        * kxmlcore/Assertions.h:
+
+2006-04-04  Bjrn Graf  <bjoern.graf@gmail.com>
+
+        Reviewed by ggaren & darin.  Landed by eseidel.
+
+        Integrate CURL version of gettimeofday
+        http://bugs.webkit.org/show_bug.cgi?id=7399
+        Disable crash report dialogs for testkjs.exe in Release mode
+        http://bugs.webkit.org/show_bug.cgi?id=8113
+
+        * kjs/testkjs.cpp:
+        (StopWatch::start):
+        (StopWatch::stop):
+        (StopWatch::getElapsedMS):
+        (main):
+        (kjsmain):
+
+2006-04-04  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        * kjs/number_object.cpp:
+        (NumberProtoFunc::callAsFunction): remove trunc() to fix win32.
+
+2006-03-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fixed "toPrecision sometimes messes up the last digit on intel Macs"
+        http://bugs.webkit.org/show_bug.cgi?id=7748
+
+        * kjs/number_object.cpp:
+        (intPow10): Compute integer powers of 10 using exponentiation by squaring.
+        (NumberProtoFunc::callAsFunction): Use intPow10(n) in place of all pow(10.0, n),
+        plus a bit of refactoring.
+
+2006-04-03  Darin Adler  <darin@apple.com>
+
+        - tweak config.h and Platform.h to try to get buildbot working
+          (making some small changes at the same time)
+
+        * kjs/config.h: Removed now-unneeded HAVE_ICU.
+        * kxmlcore/Platform.h: Tweak how platform gets set up. Move all the
+        USE stuff to the end.
+
+2006-04-03  George Staikos   <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        Fix Win32 build breakage from previous commit, remove unused forward.
+
+2006-04-03  George Staikos   <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        Implement a unicode abstraction layer to make JavaScriptCore much more
+        easily ported to other platforms without having to take in libicu.  Also
+        makes the unicode related code easier to understand.
+
+2006-04-03  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Adele.
+
+        Fixes <rdar://problem/4498338> JavaScriptCore fails to compile for ppc64
+        Other 64 bit build fixes.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::markOtherThreadConservatively): test for __DARWIN_UNIX03 and use __r1
+        * kjs/dtoa.cpp:
+        (Bigint::): cast PRIVATE_mem to unsigned to prevent warning
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJavaVM): cast jniError to long to prevent format warning
+        (KJS::Bindings::getJNIEnv): cast jniError to long to prevent format warning
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::addNativeReference): cast CFDictionaryGetValue to unsigned long to prevent warning
+        (KJS::Bindings::removeNativeReference): cast CFDictionaryGetValue to unsigned long to prevent warning
+
+2006-03-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - <rdar://problem/4395622> API: WebScriptObject.h incorrectly reports that -isSelectorExcludedFromWebScript returns NO by default
+
+        * bindings/objc/WebScriptObject.h: Fixed comment.
+
+2006-03-31  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        A bit more code cleanup.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant):
+        * bindings/objc/objc_runtime.mm:
+        (convertValueToObjcObject):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/interpreter.cpp:
+        (KJS::ExecState::lexicalInterpreter):
+        * kjs/interpreter.h:
+        * kjs/operations.cpp:
+        (KJS::equal):
+
+2006-03-30  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by anders.
+
+        Small code-style update.
+
+        * kjs/operations.cpp:
+        (KJS::isNaN):
+        (KJS::isInf):
+        (KJS::isPosInf):
+        (KJS::isNegInf):
+        (KJS::equal):
+        (KJS::strictEqual):
+        (KJS::relation):
+        (KJS::maxInt):
+        (KJS::minInt):
+        (KJS::add):
+        (KJS::mult):
+
+2006-03-31  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        Make sure the GetterSetterImp objects are marked as well.
+        
+        * kjs/internal.cpp:
+        (KJS::GetterSetterImp::mark):
+        Call JSCell::mark().
+
+2006-03-30  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        * kjs/nodes.h: Some various small style fixes.
+
+2006-03-30  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        Clean-up style issues in node.h, remove redundant initializations.
+
+        * kjs/nodes.h:
+        (KJS::StatementNode::evaluate):
+        (KJS::ArrayNode::ArrayNode):
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        (KJS::ArgumentsNode::ArgumentsNode):
+        (KJS::NewExprNode::NewExprNode):
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::FuncDeclNode::FuncDeclNode):
+
+2006-03-30  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/4212626> REGRESSION: LIVECONNECT: JavaScript type for Java Strings is function,
+        not object
+
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::implementsCall):
+        New method.  Returns false by default.  Concrete subclasses can override this return true when
+        the bound object may be called as a function.
+        (KJS::Bindings::Instance::invokeDefaultMethod):
+        Since bound objects are no longer treated as functions by default, we can return jsUndefined()
+        here instead of in concrete subclasses that decide not to implement the default method
+        functionality.
+
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::implementsCall):
+        Don't assume that the bound object is a function; instead, let the object instance decide whether
+        it is callable.
+
+        * bindings/c/c_instance.h:
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::implementsCall):
+        The object is callable if its class has an invokeDefault function.
+
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::implementsCall):
+        The object is callable if the ObjC instance responds to -invokeDefaultMethodWithArguments:.
+
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_instance.cpp:
+        Moved bogus invokeDefaultMethod() to superclass.
+
+2006-03-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - JavaScriptCore side of fix for <rdar://problem/4308243> 8F36 
+        Regression: crash in malloc_consolidate if you use a .PAC file
+
+        The crash was a result of threaded deallocation of thread-unsafe
+        objects. Pure JS objects are thread-safe because all JS execution
+        is synchronized through JSLock. However, JS objects that wrap WebCore 
+        objects are thread-unsafe because JS and WebCore execution are not 
+        synchronized.  That unsafety comes into play when the collector 
+        deallocates a JS object that wraps a WebCore object, thus causing the 
+        WebCore object to be deallocated.
+
+        The solution here is to have each JSCell know whether it is safe to
+        collect on a non-main thread, and to avoid collecting unsafe cells
+        when on a non-main thread.
+
+        We don't have a way to test PAC files yet, so there's no test
+        attached to this patch.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        (1) Added the test "currentThreadIsMainThread || 
+        imp->m_destructorIsThreadSafe". 
+
+        * kjs/protect.h:
+        (KJS::gcProtectNullTolerant):
+        (KJS::gcUnprotectNullTolerant):
+        * kjs/value.h:
+        (KJS::JSCell::JSCell): The bools here must be bitfields, otherwise
+        m_destructorIsThreadSafe becomes another whole word, ruining the
+        collector optimizations we've made based on the size of a JSObject.
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::currentThreadIsMainThread):
+        (KXMLCore::fastMallocRegisterThread):
+        * kxmlcore/FastMalloc.h:
+
+2006-03-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - change some code that resulted in init routines on Mac OS X -- if the framework has
+          init routines it will use memory and slow down applications that link with WebKit
+          even in cases where those applications don't use WebKit
+
+        * kjs/date_object.cpp: Changed constants that were derived by multiplying other constants
+        to use immediate numbers instead. Apparently, double constant expressions of the type we
+        had here are evaluated at load time.
+
+        * kjs/list.cpp: Can't use OwnArrayPtr in ListImp because of the global instances of
+        ListImp, so go back to using a plain old pointer.
+        (KJS::List::List): Set overflow to 0 when initializing ListImp.
+        (KJS::List::release): Replace a clear call with a delete and explicit set to 0.
+        (KJS::List::append): Use raw pointers, and do a delete [] instead of finessing it with
+        a swap of OwnArrayPtr.
+        (KJS::List::copyFrom): Remove now-unneeded get().
+        (KJS::List::copyTail): Ditto.
+
+        * kjs/ustring.cpp: Changed UString::Rep::empty initializer a bit so that it doesn't get
+        a static initializer routine. Had to get rid of one level of constant to get the compiler
+        to understand it could initialize without any code.
+
+        - added a build step that checks for init routines
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Deleted now-unused custom build rule that
+        was replaced by the generate-derived-sources script a while back. Added a custom build
+        phase that invokes the check-for-global-initializers script.
+
+2006-03-28  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Eric.
+
+        fixes <rdar://problem/4458539> Unable to include Security(public) and WebKit(private) headers
+
+        * bindings/npapi.h: added #defines after the #ifndefs
+
+2006-03-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - fixed <rdar://problem/4489745> REGRESSION: Safari crashes at to display http://www.lgphilips-lcd.com/
+
+        * kjs/nodes.cpp:
+        (Node::deref): take into account the case where the extra refcount table was never created
+
+2006-03-23  David Carson <dacarson@gmail.com>
+
+        Reviewed by Darin.
+        
+        - JSObject in LiveConnect not working.
+        http://bugs.webkit.org/show_bug.cgi?id=7917
+
+        * bindings/jni_jsobject.cpp:
+        (JavaJSObject::convertJObjectToValue): Was trying to retrieve the native pointer from the wrong base
+        class, and the GetFieldID was using the wrong signature.
+
+2006-03-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix buildbot
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Change target name to JavaScriptCore (it was "include"!?).
+        Also add -Y 3 option for linker.
+
+2006-03-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7726
+          REGRESSION: orbitz calendar fails (JavaScript function serialization/parsing)
+
+        * kjs/object.h: Take function name, as well as source URL and line number, when
+        using the special overloaded construct for making functions.
+        * kjs/object.cpp: (KJS::JSObject::construct): Ditto.
+        * kjs/function_object.h: Ditto.
+        * kjs/function_object.cpp: (FunctionObjectImp::construct): Pass a name when
+        constructing the function rather than null. Use "anonymous" when making a
+        function using the default function constructor.
+
+        * kjs/nodes2string.cpp: (FuncDeclNode::streamTo): Put a line break just before
+        a function declaration.
+
+        - unrelated fix
+
+        * kxmlcore/HashMapPtrSpec.h: Add missing needed friend declaration.
+
+2006-03-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7805
+          LEAK: method name leaks in KJS::Bindings::CInstance::invokeMethod
+
+        * bindings/c/c_utility.h: Remove NPN_UTF16FromString declaration (not implemented).
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant): Use DOUBLE_TO_NPVARIANT,
+        BOOLEAN_TO_NPVARIANT, VOID_TO_NPVARIANT, NULL_TO_NPVARIANT, and
+        OBJECT_TO_NPVARIANT. In the case of OBJECT, call _NPN_RetainObject in
+        one case and remove a _NPN_ReleaseObject in another because this
+        should return a retained value.
+        (KJS::Bindings::convertNPVariantToValue): Use NPVARIANT_TO_BOOLEAN,
+        NPVARIANT_TO_INT32, and NPVARIANT_TO_DOUBLE.
+
+        * bindings/c/c_runtime.h: Removed implementations of CMethod::name and
+        CField::name that called _NPN_UTF8FromIdentifier and hence leaked.
+        * bindings/c/c_runtime.cpp:
+        (KJS::Bindings::CMethod::name): Added. Returns the string from inside the
+        method object.
+        (KJS::Bindings::CField::name): Added. Returns the string from inside the
+        field object.
+        (KJS::Bindings::CField::valueFromInstance): Added call to _NPN_ReleaseVariantValue
+        on the result of getProperty after using it to fix a storage leak.
+        (KJS::Bindings::CField::setValueToInstance): Added call to _NPN_ReleaseVariantValue
+        after pasing a value to setProperty now that the conversion function does a retain.
+
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::invokeMethod): Changed to use Vector for a local
+        stack buffer. Removed special case for NPVARIANT_IS_VOID because the
+        convertNPVariantToValue function handles that properly.
+        (KJS::Bindings::CInstance::invokeDefaultMethod): Ditto.
+
+        * bindings/NP_jsobject.h: Formatting changes only.
+        * bindings/NP_jsobject.cpp:
+        (jsDeallocate): Changed parameter type so we don't need a function cast.
+        (_NPN_InvokeDefault): Use VOID_TO_NPVARIANT.
+        (_NPN_Invoke): Use NULL_TO_NPVARIANT and VOID_TO_NPVARIANT.
+        (_NPN_Evaluate): Use VOID_TO_NPVARIANT.
+        (_NPN_GetProperty): Use NULL_TO_NPVARIANT and VOID_TO_NPVARIANT.
+
+        * bindings/c/c_class.cpp: Formatting changes only.
+        * bindings/c/c_class.h: Formatting changes only.
+
+        * bindings/npruntime_priv.h: Removed obsolete and now-unused functions:
+        NPN_VariantIsVoid, NPN_VariantIsNull, NPN_VariantIsUndefined,
+        NPN_VariantIsBool, NPN_VariantIsInt32, NPN_VariantIsDouble,
+        NPN_VariantIsString, NPN_VariantIsObject, NPN_VariantToBool,
+        NPN_VariantToInt32, NPN_VariantToDouble, NPN_VariantToString,
+        NPN_VariantToStringCopy, NPN_VariantToObject, NPN_InitializeVariantAsVoid,
+        NPN_InitializeVariantAsNull, NPN_InitializeVariantAsUndefined,
+        NPN_InitializeVariantWithBool, NPN_InitializeVariantWithInt32,
+        NPN_InitializeVariantWithDouble, NPN_InitializeVariantWithString,
+        NPN_InitializeVariantWithObject, and NPN_InitializeVariantWithVariant.
+        * bindings/npruntime.cpp:
+        (getIntIdentifierDictionary): Don't bother creating custom callbacks for the
+        integer dictionary since the default behavior is fine for integers.
+
+2006-03-23  Mark Rowe  <opendarwin.org@bdash.net.nz>
+
+        Reviewed and landed by Maciej.
+
+        - WebKit no longer builds with bison 2.1
+        http://bugs.webkit.org/show_bug.cgi?id=7923
+
+        * generate-derived-sources:  Handle generated header named either grammar.cpp.h
+        or grammar.hpp.
+
+2006-03-22  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix the build
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-03-21  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/generate-derived-sources: Set executable property.
+
+2006-03-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        Ensure that generated source dependencies are handled properly, as follows:
+        
+        - Made an external script that generates the sources into a
+          DerivedSources dir in the build products directory.
+        - Added a new build target that builds all the generated sources
+          if needed. Sadly it has to be a target, not a phase for Xcode to notice changes.
+        - Added the DerivedSources dir in question to the include path.
+        - Added the new DerivedSources dir and its contents to the project as build-relative.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/generate-derived-sources: Added. Based on the windows version - maybe someday they
+        can share more.
+
+2006-03-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fixed "charAt layout test fails on intel macs; some NaNs are printed as -NaN"
+        http://bugs.webkit.org/show_bug.cgi?id=7745
+
+        * kjs/ustring.cpp:
+        (KJS::UString::from): Use "NaN" for all NaN values, regardless of sign.
+
+2006-03-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - tweaks to my change to redo KJS::Node refcounting
+
+        * kjs/nodes.cpp:
+        (Node::ref):
+        (Node::deref):
+        (Node::refcount):
+        (Node::clearNewNodes):
+        * kjs/nodes.h:
+
+2006-03-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed Vector so that you can pass a reference to something in the vector
+          to the append or insert functions
+
+        * kxmlcore/Vector.h:
+        (KXMLCore::Vector::expandCapacity): Added new overloads that take a pointer to adjust
+        and return the adjusted value of the pointer.
+        (KXMLCore::Vector::append): Pass a pointer when expanding the vector, and use it when
+        adding the new element. Makes the case where the element moves when the vector
+        is expanded work.
+        (KXMLCore::Vector::insert): Ditto.
+
+2006-03-15  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by adele.
+
+        Build fix.
+
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction): use size() not "len()"
+
+2006-03-15  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Fix CString copy constructor, fixes Date.parse("") on Win32.
+
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction):
+        * kjs/ustring.cpp:
+        (KJS::CString::CString):
+        (KJS::CString::operator=):
+
+2006-03-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - KJS::Node and KJS::StatementNode are bigger than they need to be
+        http://bugs.webkit.org/show_bug.cgi?id=7775
+
+        The memory usage of Node was reduced by 2 machine words per node:
+
+        - sourceURL was removed and only kept on FunctionBodyNode. The
+        source URL can only be distinct per function or top-level program node, 
+        and you always have one.
+        
+        - refcount was removed and kept in a separate hashtable when
+        greater than 1. newNodes set represents floating nodes with
+        refcount of 0. This helps because almost all nodes have a refcount of 1
+        for almost all of their lifetime.
+        
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::RuntimeMethod): Pass null body, added FIXME.
+        * kjs/Parser.cpp:
+        (KJS::clearNewNodes): New nodes are tracked in nodes.cpp now, but still clear
+        them at the appropriate time.
+        * kjs/context.h:
+        (KJS::ContextImp::currentBody): added; used to retrieve source URL and sid
+        for current code.
+        (KJS::ContextImp::pushIteration): moved here from LabelStack
+        (KJS::ContextImp::popIteration): ditto
+        (KJS::ContextImp::inIteration): ditto
+        (KJS::ContextImp::pushSwitch): ditto
+        (KJS::ContextImp::popSwitch): ditto
+        (KJS::ContextImp::inSwitch): ditto
+        * kjs/function.cpp:
+        (KJS::FunctionImp::FunctionImp): Add FunctionBodyNode* parameter.
+        (KJS::FunctionImp::callAsFunction): Pass body to ContextImp.
+        (KJS::FunctionImp::argumentsGetter): _context renamed to m_context.
+        (KJS::DeclaredFunctionImp::DeclaredFunctionImp): Pass body to superclass
+        constructor.
+        (KJS::GlobalFuncImp::callAsFunction): Pass progNode as body for ContextImp in
+        eval.
+        * kjs/function.h: Move body field from DeclaredFunctionImp to
+        FunctionImp.
+        * kjs/grammar.y: Change DBG; statements no longer have a sourceid.
+        * kjs/internal.cpp:
+        (KJS::ContextImp::ContextImp): Initialize new m_currentBody, m_iterationDepth
+        and m_switchDepth data members. New FunctionBodyNode* parameter - the
+        function body provides source URL and SourceId.
+        (KJS::InterpreterImp::mark): Use exception() function, not _exception directly.
+        (KJS::InterpreterImp::evaluate): Pass progNode to ContextImp constructor
+        to use as the body.
+        * kjs/internal.h:
+        (KJS::LabelStack::LabelStack): Remove iteration depth and switch depth;
+        statement label stacks don't need these and it bloats their size. Put them
+        in the ContextImp instead.
+        * kjs/interpreter.cpp:
+        (KJS::ExecState::lexicalInterpreter): Renamed _context to m_context.
+        * kjs/interpreter.h:
+        (KJS::ExecState::dynamicInterpreter): Renamed _context to m_context.
+        (KJS::ExecState::context): ditto
+        (KJS::ExecState::setException): Renamed _exception to m_exception
+        (KJS::ExecState::clearException): ditto
+        (KJS::ExecState::exception): ditto
+        (KJS::ExecState::hadException): ditto
+        (KJS::ExecState::ExecState): ditto both above renames
+        * kjs/nodes.cpp:
+        (Node::Node): Removed initialization of line, source URL and refcount. Add to
+        local newNodes set instead of involving parser.
+        (Node::ref): Instead of managing refcount directly, story refcount over 1 in a
+        HashCountedSet, and keep a separate HashSet of "floating" nodes with refcount
+        0.
+        (Node::deref): ditto
+        (Node::refcount): ditto
+        (Node::clearNewNodes): Destroy anything left in the new nodes set.
+        (currentSourceId): Inline helper to get sourceId from function body via context.
+        (currentSourceURL): ditto for sourceURL.
+        (Node::createErrorCompletion): use new helper
+        (Node::throwError): ditto
+        (Node::setExceptionDetailsIfNeeded): ditto
+        (StatementNode::StatementNode): remove initialization of l0 and sid, rename
+        l1 to m_lastLine.
+        (StatementNode::setLoc): Set own m_lastLine and Node's m_line.
+        (StatementNode::hitStatement): Get sid, first line, last line in the proper new ways.
+        (StatListNode::StatListNode): updated for setLoc changes
+        (BlockNode::BlockNode): ditto
+        (DoWhileNode::execute): excpect iteraton counts on ContextImp, not LabelStack
+        (WhileNode::execute): ditto
+        (ForNode::execute): ditto
+        (ForInNode::execute): ditto
+        (ContinueNode::execute): excpect inIteration on ContextImp, not LabelStack
+        (BreakNode::execute): excpect inIteration and inSwitch on ContextImp, not LabelStack
+        (SwitchNode::execute): expect switch counts on ContextImp, not LabelStack
+        (FunctionBodyNode::FunctionBodyNode): update for new setLoc
+        (FunctionBodyNode::processFuncDecl): reindent
+        (SourceElementsNode::SourceElementsNode): update for new setLoc
+        * kjs/nodes.h:
+        (KJS::Node::lineNo): Renamed _line to m_line
+        (KJS::StatementNode::firstLine): Use lineNo()
+        (KJS::StatementNode::lastLine): Renamed l1 to m_lastLine
+        (KJS::FunctionBodyNode::sourceId): added
+        (KJS::FunctionBodyNode::sourceURL): added
+        * kjs/testkjs.cpp:
+
+2006-03-14  Geoffrey Garen  <ggaren@apple.com>
+
+        - Fixed <rdar://problem/4478239> string sort puts "closed" before 
+        "close"
+
+        Reviewed by Eric.
+
+        * kjs/ustring.cpp:
+        (KJS::compare): Inverted a < in order to treat the longer string as > 
+        the shorter string.
+
+2006-03-12  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7708
+        REGRESSION: Flash callback to JavaScript function not working.
+
+        Test: plugins/invoke.html
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16): Return a correct string length.
+
+2006-03-08  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by darin.
+
+        Partially fix JS on win32 by fixing hash table generation.
+
+        * kjs/create_hash_table: limit << results to 32 bits.
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+
+2006-03-07  Darin Adler  <darin@apple.com>
+
+        * kxmlcore/Vector.h: Quick fix to try to get Windows compiling again.
+
+2006-03-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7655
+          unwanted output while running layout tests
+
+        * kjs/lexer.cpp: (Lexer::lex): Turn off the "yylex: ERROR" message.
+        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the code to log errors from PCRE
+        to standard output. I think we should arrange for the error text to be in JavaScript
+        exceptions instead at some point.
+        * kxmlcore/Vector.h: Add a check for overflow so that we'll abort if we pass a
+        too-large size rather than allocating a buffer smaller than requested.
+
+2006-03-06  David Carson <dacarson@gmail.com>
+
+        Reviewed by Darin, landed by ap.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=7582
+        c_utility.cpp contains CFString OS X platform-dependent code; should use ICU
+
+        Tested with test case from:
+        http://bugs.webkit.org/show_bug.cgi?id=5163
+
+        * bindings/c_utility.cpp
+        (convertUTF8ToUTF16): Changed to using Unicode converter from ICU, and manual Latin-1 conversion.
+        * icu/unicode/ucnv.h: Copied from WebCore.
+        * icu/unicode/ucnv_err.h: Ditto.
+        * icu/unicode/uenum.h: Ditto.
+
+2006-03-05  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Updated.
+
+2006-03-06  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Fix suggested by Alexey Proskuryakov <ap@nypop.com>, reviewed by Maciej and Hyatt.
+        
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7601
+          REGRESSION (r13089): Reproducible crash dereferencing a deallocated element on google image search
+
+        * kxmlcore/Platform.h: Corrected the define to enable USE(MULTIPLE_THREADS) on Mac OS X.
+
+2006-03-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=7616
+          get all references to KJS::Node out of internal.h
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Updated for file changes.
+
+        * kjs/Parser.cpp: Added.
+        * kjs/Parser.h: Added.
+
+        * kjs/internal.cpp: Removed the Parser class.
+        * kjs/internal.h: Ditto. Also removed unnecessary declarations of classes
+        not used in this header.
+
+        * kjs/nodes.h: Added an include of "Parser.h".
+        * kjs/function.h: Added a declaration of FunctionBodyNode.
+
+2006-03-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej.
+
+        - JSC support for the fix for <rdar://problem/4467143> JavaScript 
+        enumeration of HTML element properties skips DOM node properties
+
+        * kjs/lookup.h: 
+        (1) Added the KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE macro. The 
+        class definiton macro needs to know about the prototype's prototype so 
+        that the class constructor properly sets it. 
+        (2) Removed the KJS_IMPLEMENT_PROTOTYPE_WITH_PARENT macro. The class
+        implementation macro does not need to know about the prototype's
+        prototype, since getOwnPropertySlot should only look in the current 
+        object's property map, and not its prototype's.
+
+2006-03-05  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Eric, landed by ap.
+        
+        - Remove unused breakpoint bool from StatementNodes. No test provided as
+        there is no functionality change.
+
+        * kjs/nodes.cpp:
+        (StatementNode::StatementNode):
+        * kjs/nodes.h:
+
+2006-03-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - Fixed <rdar://problem/4465598> REGRESSION (TOT): Crash occurs at 
+        http://maps.google.com/?output=html ( KJS::Identifier::add(KJS::UString::Rep*)
+
+        This regression was caused by my fix for 4448098. I failed to account for the
+        deleted entry sentinel in the mehtod that saves the contents of a property map to 
+        the back/forward cache.
+
+        Manual test in WebCore/manual-tests/property-map-save-crash.html
+
+        * kjs/property_map.cpp:
+        (KJS::deletedSentinel): Use 1 instead of -1 to facilitate an easy bit mask
+        (KJS::isValid): New function: checks if a key is null or the deleted sentinel
+        (KJS::PropertyMap::~PropertyMap): Fixed up the branch logic here for readability
+        and a slight performance win
+        (KJS::PropertyMap::clear):
+        (KJS::PropertyMap::rehash):
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
+        (KJS::PropertyMap::save): Check keys with isValid()
+
+2006-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        - now fix mac build again
+
+        * kjs/identifier.cpp:
+
+2006-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Anders and Eric.
+
+        - add fpconst.cpp to win32 build, it is now needed
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kjs/fpconst.cpp:
+
+2006-03-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - fix windows build, broken by my last patch
+
+        * kjs/JSImmediate.cpp:
+        * kjs/identifier.cpp:
+        * kxmlcore/FastMalloc.cpp:
+        * kxmlcore/Platform.h:
+
+2006-03-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Set up new prototype macros and avoid using #if without defined() in JSC
+        
+        Added new PLATFORM macros and related, to make sure #if's all check if relevant macros
+        are defined, and to separate core OS-level dependencies from operating environment
+        dependencies so you can, e.g., build KDE on Mac or Windows.
+
+        * kxmlcore/Platform.h: Added.
+
+        - deploy them everywhere in JavaScriptCore
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertValueToJValue):
+        * bindings/objc/WebScriptObject.mm:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::end):
+        * bindings/softlinking.h:
+        * bindings/testbindings.mm:
+        (main):
+        * kjs/JSLock.cpp:
+        * kjs/collector.cpp:
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::Collector::markOtherThreadConservatively):
+        (KJS::Collector::markStackObjectsConservatively):
+        * kjs/config.h:
+        * kjs/date_object.cpp:
+        (gmtoffset):
+        (KJS::formatTime):
+        (KJS::DateProtoFunc::callAsFunction):
+        (KJS::DateObjectImp::construct):
+        (KJS::makeTime):
+        * kjs/dtoa.cpp:
+        * kjs/fpconst.cpp:
+        (KJS::sizeof):
+        (KJS::):
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        * kjs/internal.cpp:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+        (KJS::Interpreter::createLanguageInstanceForValue):
+        * kjs/interpreter.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/operations.cpp:
+        (KJS::isNaN):
+        (KJS::isInf):
+        (KJS::isPosInf):
+        (KJS::isNegInf):
+        * kjs/operations.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        (KJS::RegExp::~RegExp):
+        (KJS::RegExp::match):
+        * kjs/regexp.h:
+        * kjs/testkjs.cpp:
+        (StopWatch::start):
+        (StopWatch::stop):
+        (StopWatch::getElapsedMS):
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        * kxmlcore/AlwaysInline.h:
+        * kxmlcore/Assertions.cpp:
+        * kxmlcore/Assertions.h:
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::):
+        * kxmlcore/FastMalloc.h:
+        * kxmlcore/FastMallocInternal.h:
+        * kxmlcore/HashTable.h:
+        * kxmlcore/TCPageMap.h:
+        * kxmlcore/TCSpinLock.h:
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        (TCMalloc_SlowLock):
+        * kxmlcore/TCSystemAlloc.cpp:
+        (TCMalloc_SystemAlloc):
+        * os-win32/stdint.h:
+
+2006-02-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - Fixed <rdar://problem/4448098> Switch PropertyMap deleted entry 
+        placeholder to -1 from UString::Rep::null
+
+        This turned out to be only a small speedup (.12%). That's within the 
+        margin of error for super accurate JS iBench, but Shark confirms the 
+        same, so I think it's worth landing.
+
+        FYI, I also confirmed that the single entry optimization in 
+        PropertyMap is a 3.2% speedup.
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap):
+        (KJS::PropertyMap::clear):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::rehash):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
+        (KJS::PropertyMap::checkConsistency):
+        * kjs/property_map.h:
+        (KJS::PropertyMap::deletedSentinel):
+
+2006-02-27  Eric Seidel  <eseidel@apple.com>
+
+        Rubber-stamped by darin.
+
+        Remove fpconst.cpp, unused on win32 and the cause of linker warnings.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2006-02-27  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Fix Assertions.cpp to compile on win32.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kxmlcore/Assertions.cpp:
+
+2006-02-27  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Made Assertions.cpp platform independent.
+        Moved mac-specific logging logic up into WebCore.
+        http://bugs.webkit.org/show_bug.cgi?id=7503
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kxmlcore/Assertions.cpp: Added.
+        * kxmlcore/Assertions.h:
+        * kxmlcore/Assertions.mm: Removed.
+
+2006-02-27  Darin Adler  <darin@apple.com>
+
+        - fixed Mac Debug build, there was an unused parameter
+
+        * kxmlcore/FastMalloc.cpp: (KXMLCore::fastMallocRegisterThread):
+        Remove parameter name.
+
+        * kjs/debugger.h: Fixed comment.
+
+2006-02-27  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by darin.
+
+        * kxmlcore/Vector.h:
+        (KXMLCore::deleteAllValues): fix unused variable warning
+
+2006-02-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Turn off -Wno-unused-param for JavaScriptCore and get rid of unused params
+        http://bugs.webkit.org/show_bug.cgi?id=7384
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (jsAllocate):
+        (_NPN_InvokeDefault):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        * bindings/c/c_class.h:
+        (KJS::Bindings::CClass::constructorAt):
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertNPVariantToValue):
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::methodsNamed):
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeDefaultMethod):
+        * bindings/jni/jni_jsobject.cpp:
+        * bindings/jni/jni_objc.mm:
+        (-[NSObject KJS::Bindings::]):
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebUndefined allocWithZone:]):
+        (-[WebUndefined initWithCoder:]):
+        (-[WebUndefined encodeWithCoder:]):
+        (-[WebUndefined copyWithZone:]):
+        * bindings/objc/objc_class.h:
+        (KJS::Bindings::ObjcClass::constructorAt):
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fallbackObject):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::getOwnPropertySlot):
+        (ObjcFallbackObjectImp::put):
+        (ObjcFallbackObjectImp::canPut):
+        (ObjcFallbackObjectImp::deleteProperty):
+        (ObjcFallbackObjectImp::toBoolean):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createLanguageInstanceForValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::setValueOfUndefinedField):
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::lengthGetter):
+        (RuntimeArray::indexGetter):
+        (RuntimeArray::put):
+        (RuntimeArray::deleteProperty):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::lengthGetter):
+        (RuntimeMethod::execute):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::deleteProperty):
+        (RuntimeObjectImp::defaultValue):
+        (RuntimeObjectImp::callAsFunction):
+        * bindings/runtime_root.cpp:
+        (performJavaScriptAccess):
+        * kjs/array_object.cpp:
+        (ArrayInstance::lengthGetter):
+        (ArrayInstance::getOwnPropertySlot):
+        (ArrayPrototype::ArrayPrototype):
+        (ArrayPrototype::getOwnPropertySlot):
+        * kjs/bool_object.cpp:
+        (BooleanObjectImp::BooleanObjectImp):
+        * kjs/date_object.cpp:
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        * kjs/error_object.cpp:
+        (ErrorObjectImp::ErrorObjectImp):
+        (NativeErrorPrototype::NativeErrorPrototype):
+        (NativeErrorImp::NativeErrorImp):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::Arguments::mappedIndexGetter):
+        (KJS::ActivationImp::argumentsGetter):
+        (KJS::ActivationImp::put):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::FunctionObjectImp):
+        * kjs/internal.cpp:
+        (KJS::GetterSetterImp::toPrimitive):
+        (KJS::GetterSetterImp::toBoolean):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::isGlobalObject):
+        (KJS::Interpreter::interpreterForGlobalObject):
+        (KJS::Interpreter::isSafeScript):
+        * kjs/lexer.cpp:
+        (Lexer::makeIdentifier):
+        (Lexer::makeUString):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        * kjs/nodes.cpp:
+        (StatementNode::processFuncDecl):
+        (PropertyNode::evaluate):
+        (PropertyNameNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberObjectImp::NumberObjectImp):
+        (NumberObjectImp::getOwnPropertySlot):
+        * kjs/object.cpp:
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::JSObject::hasInstance):
+        (KJS::JSObject::propertyIsEnumerable):
+        * kjs/object_object.cpp:
+        (ObjectObjectImp::ObjectObjectImp):
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::undefinedGetter):
+        (KJS::PropertySlot::functionGetter):
+        * kjs/reference.cpp:
+        (KJS::Reference::getPropertyName):
+        * kjs/reference_list.cpp:
+        (ReferenceListIterator::operator++):
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::RegExpObjectImp):
+        (RegExpObjectImp::getValueProperty):
+        (RegExpObjectImp::putValueProperty):
+        * kjs/string_object.cpp:
+        (StringInstance::lengthGetter):
+        (StringInstance::indexGetter):
+        (StringPrototype::StringPrototype):
+        * kxmlcore/Assertions.mm:
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::TCMalloc_PageHeap::CheckList):
+        * kxmlcore/HashTable.h:
+        (KXMLCore::HashTableConstIterator::checkValidity):
+        (KXMLCore::IdentityHashTranslator::translate):
+        * pcre/pcre_get.c:
+        (pcre_get_stringnumber):
+
+2006-02-23  Darin Adler  <darin@apple.com>
+
+        - try to fix buildbot failure
+
+        * bindings/c/c_utility.cpp: Touch this file, which seems to not have been
+        recompiled after additional inlining was introduced (Xcode bug?).
+
+2006-02-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin, Maciej.
+
+        - Inline some functions suggested by Shark. 2.9% speedup on super
+        accurate JS iBench.
+
+        http://bugs.webkit.org/show_bug.cgi?id=7411
+        <rdar://problem/4448116>
+
+        * kjs/nodes.h:
+        (KJS::ArgumentsNode::evaluateList):
+        * kjs/object.cpp:
+        * kjs/object.h:
+        (KJS::ScopeChain::release):
+        (KJS::JSObject::toPrimitive):
+        * kjs/scope_chain.cpp:
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        (KJS::UString::toArrayIndex):
+        * kjs/value.cpp:
+        * kjs/value.h:
+        (KJS::JSValue::toObject):
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::Push):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::Pop):
+
+2006-02-21  Eric Seidel  <eseidel@apple.com>
+
+        Added *.user to ignore list.
+
+2006-02-21  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        Add grammarWrapper.cpp to work around visual studio bug plaguing buildbot.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Added.
+
+2006-02-21  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by ggaren.
+
+        * kjs/testkjs.cpp: #if out timeval code on win32
+
+2006-02-21  Michael Emmel  <mike.emmel@gmail.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7397
+          TCPageMap.h would not compile for me because string.h was missing
+
+        * kxmlcore/TCPageMap.h: Added <string.h> include.
+
+2006-02-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=7404
+          remove a bunch of extra implementsCall overrides
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Sorted files.
+
+        * kjs/internal.h: Made InternalFunctionImp::callAsFunction pure virtual so that
+        we'll get a compile error if some derived class neglects to implement it.
+
+        * kjs/function.cpp: (KJS::FunctionImp::FunctionImp): Remove unneeded initialization
+        of param, which is an OwnPtr so it gets initialized by default.
+
+        * bindings/runtime_method.cpp:
+        * bindings/runtime_method.h:
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        * kjs/bool_object.h:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/function_object.h:
+        * kjs/math_object.cpp:
+        * kjs/math_object.h:
+        * kjs/number_object.cpp:
+        * kjs/number_object.h:
+        * kjs/object_object.cpp:
+        * kjs/object_object.h:
+        * kjs/regexp_object.cpp:
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+        Removed many rendundant implementations of implementsCall from subclasses of
+        InternalFunctionImp.
+
+2006-02-21  Darin Adler  <darin@apple.com>
+
+        - fixed build
+
+        * kjs/internal.cpp: (KJS::InternalFunctionImp::implementsCall):
+        Oops, fixed name.
+
+2006-02-21  Darin Adler  <darin@apple.com>
+
+        Change suggested by Mitz.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=7402
+          REGRESSION: Methods do not execute
+
+        * kjs/internal.h: Add implementsHasCall to InternalFunctionImp.
+        * kjs/internal.cpp: (KJS::InternalFunctionImp::implementsHasCall):
+        Return true. All the classes derived from InternalFunctionImp need
+        to return true from this -- later we can remove all the extra
+        implementations too.
+
+2006-02-21  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix build breakage caused by last-minute change to my patch
+
+        * kjs/lookup.h:
+
+2006-02-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and Darin.
+        
+        Patch from Maks Orlovich, based on work by David Faure, hand-applied and 
+        significantly reworked by me.
+        
+        - Patch: give internal function names (KJS merge)
+        http://bugs.webkit.org/show_bug.cgi?id=6279
+
+        * tests/mozilla/expected.html: Updated for newly fixed test.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::ArrayProtoFunc):
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        (BooleanPrototype::BooleanPrototype):
+        (BooleanProtoFunc::BooleanProtoFunc):
+        * kjs/bool_object.h:
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::DateProtoFunc):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        * kjs/error_object.cpp:
+        (ErrorPrototype::ErrorPrototype):
+        (ErrorProtoFunc::ErrorProtoFunc):
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::FunctionImp):
+        (KJS::GlobalFuncImp::GlobalFuncImp):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (FunctionPrototype::FunctionPrototype):
+        (FunctionProtoFunc::FunctionProtoFunc):
+        (FunctionProtoFunc::callAsFunction):
+        * kjs/function_object.h:
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::initGlobalObject):
+        (KJS::InternalFunctionImp::InternalFunctionImp):
+        * kjs/internal.h:
+        (KJS::InternalFunctionImp::functionName):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::HashEntryFunction::HashEntryFunction):
+        (KJS::HashEntryFunction::implementsCall):
+        (KJS::HashEntryFunction::toBoolean):
+        (KJS::HashEntryFunction::implementsHasInstance):
+        (KJS::HashEntryFunction::hasInstance):
+        * kjs/math_object.cpp:
+        (MathFuncImp::MathFuncImp):
+        * kjs/math_object.h:
+        * kjs/number_object.cpp:
+        (NumberPrototype::NumberPrototype):
+        (NumberProtoFunc::NumberProtoFunc):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::putDirectFunction):
+        (KJS::Error::create):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (ObjectPrototype::ObjectPrototype):
+        (ObjectProtoFunc::ObjectProtoFunc):
+        * kjs/object_object.h:
+        * kjs/regexp_object.cpp:
+        (RegExpPrototype::RegExpPrototype):
+        (RegExpProtoFunc::RegExpProtoFunc):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (StringProtoFunc::StringProtoFunc):
+        (StringObjectImp::StringObjectImp):
+        (StringObjectFuncImp::StringObjectFuncImp):
+        * kjs/string_object.h:
+        
+2006-02-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin, with help from Eric, Maciej.
+
+        - More changes to support super-accurate JS iBench. Doesn't work on 
+        Windows. (Doesn't break Windows, either.) I've filed 
+        [http://bugs.webkit.org/show_bug.cgi?id=7399] about that. 
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate): Print line numbers with exception output
+        * kjs/testkjs.cpp: Changed " *" to "* " because Eric says that's the 
+        way we roll with .cpp files.
+        (StopWatch::StopWatch): New class. Provides microsecond-accurate 
+        timings.
+        (StopWatch::~StopWatch):
+        (StopWatch::start):
+        (StopWatch::stop):
+        (StopWatch::getElapsedMS):
+        (TestFunctionImp::callAsFunction): Added missing return statement. 
+        Fixed up "run" to use refactored helper functions. Removed bogus 
+        return statement from "quit" case. Made "print" output to stdout 
+        instead of stderr because that makes more sense, and PERL handles 
+        stdout better.
+        (main): Factored out KXMLCore unit tests. Removed custom exception 
+        printing code because the interpreter prints exceptions for you. Added 
+        a "delete" call for the GlobalImp we allocate.
+        (testIsInteger): New function, result of refacotring.
+        (createStringWithContentsOfFile): New function, result of refactoring. 
+        Renamed "code" to "buffer" to match factored-out-ness.
+
+2006-02-20  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by hyatt.
+
+        Fix "Copy ICU DLLs..." phase.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+
+2006-02-19  Darin Adler  <darin@apple.com>
+
+        - renamed ERROR to LOG_ERROR to fix build
+          presumably Maciej had this change and forgot to land it
+
+        * kjs/collector.cpp: Removed now-unneeded #undef ERROR.
+        * kxmlcore/Assertions.h: Renamed ERROR to LOG_ERROR.
+        * kxmlcore/FastMalloc.cpp: Changed MESSAGE macro to use LOG_ERROR.
+
+2006-02-18  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Test: fast/js/toString-exception.html
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=7343
+          REGRESSION: fast/js/toString-overrides.html fails when run multiple times
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Remove the object from the visited elements set before
+        returning an error.
+
+2006-02-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=7345
+          add insert and remove to KXMLCore::Vector
+
+        * kxmlcore/Vector.h: Added "moveOverlapping", which is used in both
+        insert and remove to slide elements within the vector. Also added
+        "insert" and "remove" functions.
+
+2006-02-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+
+        - Fixed <rdar://problem/4448534> TOT REGRESSION: crash in KJS::
+        Bindings::Instance::deref when leaving page @ gigaom.com
+
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::~CInstance): Since we cache the class object
+        globally, we shouldn't delete it, so don't.
+
+2006-02-16  Timothy Hatcher  <timothy@apple.com>
+
+        Added -Wno-deprecated-declarations to all the ObjC binding files to prevent deprecation
+        warnings. Using <rdar://problem/4448350> to track this.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/objc/objc_jsobject.h: Removed empty file.
+        * bindings/objc/objc_jsobject.mm: Removed empty file.
+
+2006-02-16  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/4428609> Flash Player 8.0.22 can crash Safari (and WebKit apps) with
+        javascript disabled (7015)
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_CreateNoScriptObject):
+        Returns an NPObject which is not bound to a JavaScript object.  This kind of NPObject
+        can be given to a plugin as the "window script object" when JavaScript is disabled.
+        The object has a custom NPClass, NPNoScriptObjectClass, which has no defined methods.
+        Because of this, none of the NPN_* functions called by the plugin on this "no script
+        object" will cause entry into JavaScript code.
+        (_NPN_InvokeDefault):
+        Make sure the NPVariant is filled before returning from this function.  This never
+        mattered before because we never reached this case, having only created NPObjects of
+        the class NPScriptObjectClass.
+        (_NPN_Invoke):
+        ditto
+        (_NPN_Evaluate):
+        ditto
+        (_NPN_GetProperty):
+        ditto
+
+        * bindings/NP_jsobject.h:
+        Declared _NPN_CreateNoScriptObject().
+
+2006-02-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by me, change by Peter Kuemmel.
+
+        * kjs/operations.cpp: (KJS::isNegInf): Fix Windows code, which was
+        checking for positive infinity (rolling in fix from KDE side).
+
+2006-02-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej, Eric.
+
+        - JavaScriptCore half of fix for <rdar://problem/4176077> CrashTracer: 6569
+        crashes in DashboardClient at com.apple.JavaScriptCore:
+        KJS::Bindings::ObjcFallbackObjectImp::type()
+
+        WebCore and JavaScriptCore weren't sharing Instance objects very
+        nicely. I made them use RefPtrs, and sent them to bed without dessert.
+
+        * bindings/jni/jni_instance.cpp: Made _instance a RefPtr
+        (JavaInstance::~JavaInstance):
+        (JObjectWrapper::JObjectWrapper):
+        * bindings/jni/jni_instance.h:
+        (KJS::Bindings::JObjectWrapper::ref):
+        (KJS::Bindings::JObjectWrapper::deref):
+        * bindings/jni/jni_runtime.cpp: Made _array a RefPtr
+        (JavaArray::~JavaArray):
+        (JavaArray::JavaArray):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaArray::operator=):
+        * bindings/objc/objc_runtime.h:
+        - Prohibited copying because that would muss the ref count.
+        - Prohibited construction without instance because an instance wrapper
+        without an instance is almost certainly a bug.
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::Instance):
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        (KJS::Bindings::Instance::createRuntimeObject):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::ref):
+        (KJS::Bindings::Instance::deref):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::getOwnPropertySlot):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        * bindings/runtime_object.h: 
+        - Removed ownsInstance data member because RefPtr takes care of 
+        instance lifetime now. 
+        - Prohibited copying because that would muss the ref count.
+        - Prohibited construction without instance because an instance wrapper
+        without an instance is almost certainly a bug.
+        (KJS::RuntimeObjectImp::getInternalInstance):
+
+2006-02-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+
+        - Applied the 4330457 change to CClass and ObjcClass as well.
+
+        Once plugins work in DumpRenderTree, running run-webkit-tests --leaks
+        will catch this. 
+
+        This change isn't as critical because CClass and ObjcClass objects get 
+        cached globally and never deleted, but it's good practice, in case we 
+        ever do decide to delete CClass and ObjcClass objects.
+
+        This change requires prohibiting copying, because we don't do any 
+        intelligent ref-counting -- when a Class is destroyed, it destroys its 
+        methods and fields unconditionally. (Java classes already prohibited
+        copying.)
+
+        * bindings/c/c_class.cpp:
+        - Merged _commonInit and _commonDelete into constructor and destructor.
+        (CClass::CClass):
+        (CClass::~CClass):
+        (CClass::methodsNamed): Added delete callbacks
+        (CClass::fieldNamed): Added delete callbacks
+        * bindings/c/c_class.h: Prohibited copying
+        * bindings/c/c_instance.cpp: 
+        (KJS::Bindings::CInstance::getClass): Changed to use the preferred 
+        class factory method, to take advantage of the global cache.
+
+        [ Repeated changes applied to CClass for ObjcClass: ]
+
+        * bindings/objc/objc_class.h: 
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::ObjcClass):
+        (KJS::Bindings::ObjcClass::~ObjcClass):
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        (KJS::Bindings::ObjcClass::fieldNamed):
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcMethod::ObjcMethod): Initialized uninitialized
+        variable to prevent bad CFRelease.
+        (KJS::Bindings::ObjcMethod::~ObjcMethod): Removed erroneous ';' from
+        if statement to prevent bad CFRelease.
+        * bindings/objc/objc_runtime.cpp: Changed to use the preferred
+        ObjectStructPtr, for clarity.
+
+2006-02-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+
+        - Fixed <rdar://problem/4330457> CrashTracer: [REGRESSION] 3763 crashes
+        in Safari at com.apple.JavaScriptCore: KJS::Bindings::JavaInstance::
+        getClass const + 56
+
+        Once plugins work in DumpRenderTree, running run-webkit-tests --leaks
+        will catch this. 
+
+        This was a memory leak in the bindings code. The leak was so extreme
+        that it would cause Safari or the JVM to abort from lack of memory.
+        Upon construction, Class objects create field and method objects, 
+        storing them in CFDictionaries. The bug was that upon destruction, the 
+        class objects released the dictionaries but didn't destroy the stored 
+        objects.
+
+        The fix is to supply CFDictionary callbacks for destroying the values
+        added to the dictionary. 
+        
+        * bindings/jni/jni_class.cpp: 
+        (JavaClass::JavaClass): Added delete callbacks
+        * bindings/runtime.cpp: Added definitions for delete callbacks
+        (KJS::Bindings::deleteMethodList):
+        (KJS::Bindings::deleteMethod):
+        (KJS::Bindings::deleteField):
+        * bindings/runtime.h: Added declarations for delete callbacks
+
+2006-02-14  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Justin.
+
+        Fixed <rdar://problem/4415050> STD: WebCore build steps use echo -n, which will change
+        behavior due to POSIX version of sh
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: removed the use of echo -n, replaced with printf ""
+
+2006-02-13   Dave Hyatt <hyatt@apple.com>
+
+        Fix Win32 bustage in JavaScriptCore.
+
+        Reviewed by darin
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Add JSImmediate to the Win32 project.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::fromDouble):
+        (KJS::JSImmediate::toDouble):
+        (KJS::JSImmediate::NanAsBits):
+        (KJS::JSImmediate::oneAsBits):
+        Win32 needs explicit returns after abort() for non-void functions.
+
+        * kjs/testkjs.cpp:
+        (run):
+        Win32 catches a bug in testkjs!  The "return 2" should actually
+        have been a return false.
+
+        * kjs/value.h:
+        The extern decls of NaN and Inf need to be const.
+
+=== JavaScriptCore-521.7 ===
+
+2006-02-13  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        Replaced the old NS_DURING exception blocking with @try/@catch.
+
+        * JavaScriptCorePrefix.h: undef try and catch to workaround a C++ conflict
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::setValueOfUndefinedField):
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+
+2006-02-13  Darin Adler  <darin@apple.com>
+
+        - fix a couple problems building on Windows, based on requests
+          from Krzysztof Kowalczyk <kkowalczyk@gmail.com>
+
+        * kjs/JSImmediate.h: Change code using non-standard u_int32/64_t types
+        to the standard uint32/64_t. Also removed curious "isIEEE()" function
+        that checked the sizes of some types (and type sizes alone don't tell you if
+        the floating point conforms to the IEEE-standard). Added missing include
+        of <stdint.h>.
+
+        * kjs/property_slot.h: Added missing include of <assert.h>.
+
+2006-02-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by darin.
+
+        Cleaned up testkjs, added new "run" functionality to allow scripting 
+        tests from within JS. ("run" is a part of my new super-accurate
+        JS iBench.)
+
+        No regressions in run-javascriptcore-tests.
+
+        * kjs/testkjs.cpp:
+        (GlobalImp::className):
+        (TestFunctionImp::):
+        (TestFunctionImp::callAsFunction):
+        (main):
+        (run):
+
+2006-02-11  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - improve fix for http://bugs.webkit.org/show_bug.cgi?id=5163
+        RealPlayer.GetTitle() Crashes Safari/Dashboard
+
+        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16):
+        Use kCFStringEncodingISOLatin1 rather than kCFStringEncodingWindowsLatin1, 
+        because the latter encoding has holes, and conversion can still fail.
+
+2006-02-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - Inlined RefPtr assignment operators. .7% performance win on 
+        super-accurate JS iBench.
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::::operator):
+
+2006-02-10  Geoffrey Garen  <ggaren@apple.com>
+
+        No review needed, just a build fix. This time for sure.
+
+        * kjs/JSType.h:
+
+2006-02-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by eric.
+        
+        - Fixed build. As it goes without saying, I will not mention that I
+        blame Kevin.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+
+2006-02-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+
+        - Fixed <rdar://problem/4343730> Should switch ConstantValues (null, 
+        undefined, true, false) from JS objects to immediate values similar to
+        SimpleNumber
+
+        2.0% performance gain on my new super-accurate version of JS iBench.
+        (I promise to land a version of it soon.)
+
+        The gist of the change:
+        (1) The SimpleNumber class (simple_number.h) is now the JSImmediate
+        class (JSImmediate.h/.cpp), and it handles not only numbers but also 
+        null, undefined, true, and false. 
+        (2) JSImmediate provides convenience methods for the bit masking
+        necessary to encode and decode immediate values.
+        (3) ConstantValues, BooleanImp, NullImp, and UndefinedImp are gone.
+        (4) JSCell no longer implements functions like getBoolean, because
+        only a JSImmediate can be a boolean.
+        (5) JSImmediate no longer uses ALWAYS_INLINE because there's no need,
+        and ALWAYS_INLINE is a non-portable option of last resort.
+        (6) Type is now JSType, and it resides in its own file, JSType.h.
+        Since I was there, I did some header include sorting as part of this
+        change.
+
+        The rest pretty much explains itself.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Removed simple_number.h,
+        added JSImmediate.h/.cpp.
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::defaultValue):
+        * bindings/c/c_instance.h:
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::defaultValue):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::convertValueToJObject):
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
+        Standardized calls to use getXXX instead of hand-rolling JSValue 
+        functionality.
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::getValueOfUndefinedField):
+        (ObjcInstance::defaultValue):
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::type):
+        (ObjcFallbackObjectImp::defaultValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::defaultValue):
+        * bindings/runtime_object.h:
+        * kjs/JSImmediate.h: Added.
+        (KJS::JSImmediate::isImmediate):
+        (KJS::JSImmediate::isNumber):
+        (KJS::JSImmediate::isBoolean):
+        (KJS::JSImmediate::isUndefinedOrNull):
+        (KJS::JSImmediate::fromDouble):
+        (KJS::JSImmediate::toDouble):
+        (KJS::JSImmediate::toBoolean):
+        (KJS::JSImmediate::trueImmediate):
+        (KJS::JSImmediate::falseImmediate):
+        (KJS::JSImmediate::NaNImmediate):
+        (KJS::JSImmediate::undefinedImmediate):
+        (KJS::JSImmediate::nullImmediate):
+        (KJS::JSImmediate::tag):
+        (KJS::JSImmediate::unTag):
+        (KJS::JSImmediate::getTag):
+        (KJS::JSImmediate::):
+        (KJS::JSImmediate::isIEEE):
+        (KJS::JSImmediate::is32bit):
+        (KJS::JSImmediate::is64bit):
+        (KJS::JSImmediate::NanAsBits):
+        (KJS::JSImmediate::zeroAsBits):
+        (KJS::JSImmediate::oneAsBits):
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::lock): Removed hack-o-rama to initialize ConstantValues.
+        * kjs/JSType.h: Added.
+        * kjs/collector.cpp:
+        (KJS::Collector::protect):
+        (KJS::Collector::unprotect):
+        (KJS::Collector::collect):
+        * kjs/internal.cpp:
+        (KJS::StringImp::toPrimitive):
+        (KJS::NumberImp::toPrimitive):
+        (KJS::NumberImp::toBoolean):
+        (KJS::GetterSetterImp::toPrimitive):
+        * kjs/internal.h:
+        (KJS::StringImp::type):
+        (KJS::NumberImp::type):
+        * kjs/object.cpp:
+        (KJS::JSObject::type):
+        (KJS::tryGetAndCallProperty): Replaced "Are you one of the six things
+        I'm looking for?" test with "Are you not the one thing I'm not looking
+        for" test.
+        (KJS::JSObject::defaultValue):
+        (KJS::JSObject::toPrimitive):
+        * kjs/object.h:
+        (KJS::GetterSetterImp::type):
+        (KJS::JSValue::isObject):
+        * kjs/operations.cpp:
+        (KJS::equal):
+        (KJS::strictEqual):
+        (KJS::add):
+        * kjs/reference.cpp:
+        (KJS::Reference::deleteValue):
+        * kjs/simple_number.h: Removed.
+        * kjs/string_object.cpp:
+        (StringInstance::getOwnPropertySlot): fixed indentation
+        * kjs/value.cpp:
+        (KJS::JSValue::toObject):
+        (KJS::jsNumberCell): New function to quarantine a PIC branch -- allows
+        us to inline jsNumber without adding PIC branches to callers.
+        * kjs/value.h:
+        (KJS::jsUndefined):
+        (KJS::jsNull):
+        (KJS::jsNaN):
+        (KJS::jsBoolean):
+        (KJS::jsNumber):
+        (KJS::JSValue::downcast):
+        (KJS::JSValue::isUndefinedOrNull):
+        (KJS::JSValue::isBoolean):
+        (KJS::JSValue::isNumber):
+        (KJS::JSValue::isString):
+        (KJS::JSValue::isObject):
+        (KJS::JSValue::getBoolean):
+        (KJS::JSValue::getNumber):
+        (KJS::JSValue::getString):
+        (KJS::JSValue::getObject):
+        (KJS::JSValue::getUInt32):
+        (KJS::JSValue::mark): Replaced !JSImmediate::is() test with assertion,
+        resulting in a slight performance gain. Callers should always check
+        !marked() before calling mark(), so it's impossible to call mark on
+        a JSImmediate.
+        (KJS::JSValue::marked):
+        (KJS::JSValue::type):
+        (KJS::JSValue::toPrimitive):
+        (KJS::JSValue::toBoolean):
+        (KJS::JSValue::toNumber):
+        (KJS::JSValue::toString):
+
+2006-02-06  Eric Seidel  <eseidel@apple.com>
+
+        Add svn:ignore properties for visual studio internals.
+
+2006-02-06  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - Refactor DateInstance to provide direct access to data. Several WIN32 modifications.
+        http://bugs.webkit.org/show_bug.cgi?id=7107
+
+        - No tests added - only changed functionality on WIN32, which should be covered by 
+        existing tests.
+
+        * kjs/date_object.cpp:
+        (gmtoffset): On WIN32, use the recommended global (_timezone rather than timezone).
+        Updated comments. 
+        (KJS::timeZoneOffset): Removed, was basically the same as the above.
+        (KJS::formatTime): Pass an UTC flag - UTC/local cannot be correctly selected on
+        Windows based on struct tm itself.
+        (KJS::DateInstance::getTime): Added.
+        (KJS::DateInstance::getUTCTime): Added.
+        (KJS::millisecondsToTM): Factored out from DateProtoFunc::callAsFunction().
+        (KJS::DateObjectImp::callAsFunction): Use the new parameter to formatTime().
+        (KJS::DateProtoFunc::callAsFunction): Updated for the other changes. The code for
+        GetTimezoneOffset was incorrect on WIN32 - _daylight global has nothing to do
+        with daylight savings time being in effect.
+
+        * kjs/date_object.h: Added prototypes for new functions.
+
+2006-02-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - fixed ~1100 KJS::Node leaked on layout tests
+        http://bugs.webkit.org/show_bug.cgi?id=7097
+
+        * kjs/internal.cpp:
+        (KJS::Parser::noteNodeCycle):
+        (KJS::Parser::removeNodeCycle):
+        (KJS::clearNewNodes):
+        * kjs/internal.h:
+        * kjs/nodes.cpp:
+        (ElementNode::breakCycle):
+        (PropertyListNode::breakCycle):
+        (ArgumentListNode::breakCycle):
+        (StatListNode::StatListNode):
+        (StatListNode::breakCycle):
+        (VarDeclListNode::breakCycle):
+        (BlockNode::BlockNode):
+        (ClauseListNode::breakCycle):
+        (CaseBlockNode::CaseBlockNode):
+        (ParameterNode::breakCycle):
+        (SourceElementsNode::SourceElementsNode):
+        (SourceElementsNode::breakCycle):
+        * kjs/nodes.h:
+        (KJS::Node::breakCycle):
+        (KJS::ElementNode::ElementNode):
+        (KJS::ArrayNode::ArrayNode):
+        (KJS::PropertyListNode::PropertyListNode):
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        (KJS::ArgumentListNode::ArgumentListNode):
+        (KJS::ArgumentsNode::ArgumentsNode):
+        (KJS::VarDeclListNode::VarDeclListNode):
+        (KJS::VarStatementNode::VarStatementNode):
+        (KJS::ForNode::ForNode):
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::ClauseListNode::ClauseListNode):
+        (KJS::ParameterNode::ParameterNode):
+        (KJS::FuncExprNode::FuncExprNode):
+        (KJS::FuncDeclNode::FuncDeclNode):
+
+2006-02-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Hyatt.
+        
+        - fix default traits for classes to make sure default constructors get called
+
+        * kxmlcore/VectorTraits.h:
+        (KXMLCore::):
+
+2006-02-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5210
+          REGRESSION: for/in loop with var changes global variable instead of making local
+
+        Test: fast/js/for-in-var-scope.html
+
+        * kjs/nodes.cpp:
+        (valueForReadModifyAssignment): Use ALWAYS_INLINE macro.
+        (ForInNode::execute): Break out of the scope chain loop once we find and set the
+        loop variable. We don't want to set multiple loop variables.
+        (ForInNode::processVarDecls): Process the declaration of the loop variable.
+
+        - other cleanup
+
+        * kjs/object.cpp: (KJS::tryGetAndCallProperty): Use ALWAYS_INLINE macro.
+        * kxmlcore/FastMalloc.cpp: Change to use ALWAYS_INLINE macro from AlwaysInline.h
+        instead of defining it here a second time.
+
+2006-02-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Hyatt.
+        
+        - change JavaScript collector statistics calls to use HashCountedSet instead
+        of CFSet; other misc cleanup
+        http://bugs.webkit.org/show_bug.cgi?id=7072
+        
+        * kjs/collector.cpp:
+        (KJS::Collector::numProtectedObjects): renamed from numReferencedObjects
+        (KJS::typeName):
+        (KJS::Collector::rootObjectTypeCounts): renamed from rootObjectClasses,
+        use HashSet
+        * kjs/collector.h:
+        (KJS::Collector::isOutOfMemory): Renamed from outOfMemory.
+        * kjs/nodes.cpp:
+
+2006-02-03  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Justin.
+
+        Renamed configuration names to Debug, Release and Production.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-02-02  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/lookup.h: Fix compile, merged from KDE.
+
+2006-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=7005
+          add Noncopyable, OwnPtr, OwnArrayPtr to KXMLCore
+
+        * kxmlcore/Noncopyable.h: Added.
+        * kxmlcore/OwnArrayPtr.h: Added.
+        * kxmlcore/OwnPtr.h: Added.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files.
+
+        * kjs/function.h:
+        * kjs/function.cpp: Use OwnPtr for Parameter pointers.
+
+        * kjs/internal.h: Use Noncopyable for LabelStack.
+
+        * kjs/list.cpp: Use OwnArrayPtr for overflow.
+
+        * kjs/property_map.h:
+        * kjs/property_map.cpp: Use OwnArrayPtr for SavedProperties.
+        Use Vector for some stack buffers.
+
+        * kjs/regexp_object.h:
+        * kjs/regexp_object.cpp: Use OwnArrayPtr for lastOvector.
+
+2006-01-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - fixed leak of hundreds of thousands of JS parser nodes on the layout tests, and added an exit counter
+        that would catch them
+
+        * kjs/nodes.cpp:
+        (NodeCounter::~NodeCounter): Added debug-only node counter.
+        (Node::Node):
+        (Node::~Node):
+        * kxmlcore/VectorTraits.h: Simple classes like RefPtr do in fact need destruction.
+
+2006-01-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - added deleteAllValues for HashSet as well as HashMap
+        - fixed conversion from const_iterator to iterator, which I broke a while back
+
+        * kxmlcore/HashMap.h: Updated copyright date.
+        * kxmlcore/HashSet.h: (KXMLCore::deleteAllValues): Added.
+        * kxmlcore/HashTable.h: (KXMLCore::HashTableIterator::operator const_iterator): Added.
+
+2006-01-31  Tim Omernick  <timo@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+        Fixed an invalid assertion that UTF8Chars is not NULL.  It is valid for it to be NULL as long as
+        UTF8Length is 0.
+        This fixes an assertion failure on TOT at <http://www.musicindiaonline.com/p/x/tJO0OOBME9.As1NMvHdW/>,
+        where JavaScript is getting a NULL string back from some call on the Real Player plugin.
+
+2006-01-30  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=6907
+        REGRESSION: United.com menus messed up due to document.all/MSIE sniff
+        
+        * kjs/nodes.cpp:
+        (typeStringForValue):
+        Return "undefined" if the given object should masquerade as undefined.
+        
+        * kjs/object.h:
+        (KJS::JSObject::masqueradeAsUndefined):
+        Rename from isEqualToNull.
+        
+        * kjs/operations.cpp:
+        (KJS::equal):
+        Update for name change.
+
+2006-01-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - properly define Vector assignment operator; the private version was accidentally left
+        in, and the template version is not enough to replace the default
+
+        * kxmlcore/Vector.h:
+        (KXMLCore::Vector::operator=):
+
+2006-01-29  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by darin.
+
+        Fix the build by applying a GCC-specific namespace hack.
+
+        * kjs/lookup.h:
+
+2006-01-29  Eric Seidel <eseidel@apple.com>
+
+        Reviewed by hyatt.
+
+        Fix build on Win32.
+
+        * kjs/lookup.h: fixed ::cacheGlobalObject
+        * kxmlcore/Vector.h:
+        (KXMLCore::Vector::operator[]): use unsigned long
+
+2006-01-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        * kxmlcore/Vector.h:
+        (KXMLCore::Vector::operator[]): Add unsigned overload
+
+2006-01-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=6895
+          include exception names in JavaScript form of DOM exception
+
+        * khtml/ecma/kjs_binding.cpp: (KJS::setDOMException): Include the name of the
+        exception in the error message.
+
+2006-01-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - miscellaneous Vector improvements
+
+        * kxmlcore/Vector.h:
+        (KXMLCore::Vector::at): Add range-checking asserts.
+        (KXMLCore::Vector::first): Added as a convenience.
+        (KXMLCore::Vector::last): Convenience for stack-style use.
+        (KXMLCore::Vector::removeLast): ditto
+
+2006-01-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6870
+          REGRESSION: JavaScript Date constructor won't accept another Date object
+
+        Test: fast/js/date-constructor.html
+
+        * kjs/date_object.cpp: (KJS::DateObjectImp::construct):
+        Added a special case for constructing one date from another (to avoid losing
+        milliseconds, which are not in the text form, to match Firefox), and changed
+        the base code to convert to primitive before checking for string to match
+        the standard. Also corrected a couple silly things in the "construct from
+        current time" code path (removed a floor that does no good, and changed
+        the constant used to convert microseconds to milliseconds to be a 1000
+        rather than "msPerSecond").
+
+2006-01-28  Darin Adler  <darin@apple.com>
+
+        * kjs/create_hash_table: Added missing license.
+
+2006-01-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave Hyatt.
+        
+        - added a Vector class
+        http://bugs.webkit.org/show_bug.cgi?id=6894
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/internal.cpp:
+        (KJS::Parser::saveNewNode): Apply Vector.
+        (KJS::clearNewNodes): ditto
+        * kjs/number_object.cpp:
+        (integer_part_noexp): ditto
+        (char_sequence): ditto
+        * kjs/ustring.cpp:
+        (KJS::UString::UTF8String): ditto
+        * kxmlcore/HashMap.h:
+        (KXMLCore::deleteAllValues): Tweaked this to only apply to HashMap,
+        other versions are useful for other containers.
+        * kxmlcore/Vector.h: Added. Implemented a Vector class, which should
+        be usable for all Array/QVector style purposes, and also as a stack buffer
+        with oversize handling. Also some helper classes to make vector operations
+        as efficient as possible for POD types and for simple non-PODs like RefPtr.
+        (KXMLCore::):
+        (KXMLCore::VectorTypeOperations::destruct):
+        (KXMLCore::VectorTypeOperations::initialize):
+        (KXMLCore::VectorTypeOperations::move):
+        (KXMLCore::VectorTypeOperations::uninitializedCopy):
+        (KXMLCore::VectorTypeOperations::uninitializedFill):
+        (KXMLCore::VectorBuffer::VectorBuffer):
+        (KXMLCore::VectorBuffer::~VectorBuffer):
+        (KXMLCore::VectorBuffer::deallocateBuffer):
+        (KXMLCore::VectorBuffer::inlineBuffer):
+        (KXMLCore::Vector::Vector):
+        (KXMLCore::Vector::~Vector):
+        (KXMLCore::Vector::size):
+        (KXMLCore::Vector::capacity):
+        (KXMLCore::Vector::isEmpty):
+        (KXMLCore::Vector::at):
+        (KXMLCore::Vector::operator[]):
+        (KXMLCore::Vector::data):
+        (KXMLCore::Vector::operator T*):
+        (KXMLCore::Vector::operator const T*):
+        (KXMLCore::Vector::begin):
+        (KXMLCore::Vector::end):
+        (KXMLCore::Vector::clear):
+        (KXMLCore::Vector::fill):
+        (KXMLCore::Vector::operator=):
+        (KXMLCore::::Vector):
+        (KXMLCore::::operator):
+        (KXMLCore::::fill):
+        (KXMLCore::::expandCapacity):
+        (KXMLCore::::resize):
+        (KXMLCore::::reserveCapacity):
+        (KXMLCore::::append):
+        (KXMLCore::deleteAllValues):
+        * kxmlcore/VectorTraits.h: Added.
+        (KXMLCore::VectorTraits): Traits to enable making Vector efficient for
+        simple types.
+
+2006-01-28  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5163
+        RealPlayer.GetTitle() Crashes Safari/Dashboard
+
+        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16):
+        Fallback to kCFStringEncodingWindowsLatin1 if the passed buffer is not valid UTF-8, preventing crashes.
+
+2006-01-25  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Darin.
+
+        * kxmlcore/HashFunctions.h: Merge build fix from KDE.
+
+2006-01-25  Darin Adler  <darin@apple.com>
+
+        - removed an unused source file
+
+        * kjs/pointer_hash.h: Removed.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed reference to pointer_hash.h.
+
+2006-01-23  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6737
+        KJS_DEFINE_PROTOTYPE should work outside of the KJS namespace
+        
+        * kjs/lookup.h:
+        Prefix all KJS types with KJS:: in KJS_DEFINE_PROTOTYPE.
+        
+        (cacheGlobalObject):
+        Move this out of the KJS namespace.
+
+2006-01-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - renamed PointerHash to PtrHash
+        - made PtrHash the default hash function for int and pointer types that aren't further specialized
+        - added an AtomicStringImpl class to make it easier and more typesafe to identity hash atomic strings
+        - did appropriate consequent cleanup (very few places now need to declare a hash function)
+        http://bugs.webkit.org/show_bug.cgi?id=6752
+        
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): no need to mention PointerHash
+        * kjs/collector.cpp: ditto
+        * kjs/identifier.cpp:
+        (KXMLCore::): declare DefaultHash the new way
+        * kjs/internal.cpp: no need to mention PointerHash
+        * kjs/ustring.h:
+        * kxmlcore/HashCountedSet.h: change how we get the default hash to make it
+        easier to specialize on PtrHash
+        * kxmlcore/HashFunctions.h:
+        (KXMLCore::): renamed PointerHash to PtrHash; changed DefaultHash so that it has
+        a Hash typedef rather than being a hash function class itself; declared DefaultHash
+        for int and partializy specialized for pointer types
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::PtrHashIteratorAdapter::PtrHashIteratorAdapter): Slight tweaks for new
+        way of handling pointer hash
+        (KXMLCore::PtrHashConstIteratorAdapter::PtrHashConstIteratorAdapter): ditto
+        (KXMLCore::): ditto
+        * kxmlcore/HashMap.h: ditto
+        * kxmlcore/HashSet.h: ditto
+
+2006-01-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Tim Omernick.
+        
+        - use classes instead of free functions for extractors, this better matches how other
+        things work and should avoid the need for hacky workarounds on other compilers
+        http://bugs.webkit.org/show_bug.cgi?id=6748
+
+        * kjs/array_object.cpp:
+        * kjs/identifier.cpp:
+        * kjs/internal.cpp:
+        * kxmlcore/HashMap.h:
+        (KXMLCore::PairFirstExtractor::extract):
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::):
+        * kxmlcore/HashSet.h:
+        (KXMLCore::IdentityExtractor::extract):
+        * kxmlcore/HashTable.h:
+        (KXMLCore::addIterator):
+        (KXMLCore::removeIterator):
+        (KXMLCore::HashTable::add):
+        (KXMLCore::HashTable::isEmptyBucket):
+        (KXMLCore::HashTable::isDeletedBucket):
+        (KXMLCore::HashTable::HashTable):
+        (KXMLCore::HashTable::lookup):
+        (KXMLCore::HashTable::add):
+        (KXMLCore::HashTable::reinsert):
+        (KXMLCore::HashTable::find):
+        (KXMLCore::HashTable::contains):
+        (KXMLCore::HashTable::remove):
+        (KXMLCore::HashTable::allocateTable):
+        (KXMLCore::HashTable::deallocateTable):
+        (KXMLCore::HashTable::expand):
+        (KXMLCore::HashTable::rehash):
+        (KXMLCore::HashTable::clear):
+        (KXMLCore::HashTable::swap):
+        (KXMLCore::HashTable::operator):
+        (KXMLCore::HashTable::checkTableConsistency):
+        (KXMLCore::HashTable::checkTableConsistencyExceptSize):
+        (KXMLCore::HashTable::invalidateIterators):
+
+2006-01-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Tim Hatcher.
+        
+        - renamed inert() operation on HashSet, HashCountedSet and HashTable to add()
+        for consistency with HashMap
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction):
+        * kjs/collector.cpp:
+        (KJS::Collector::protect):
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add):
+        * kxmlcore/HashCountedSet.h:
+        (KXMLCore::::add):
+        * kxmlcore/HashMap.h:
+        (KXMLCore::::inlineAdd):
+        * kxmlcore/HashSet.h:
+        (KXMLCore::::add):
+        * kxmlcore/HashTable.h:
+        (KXMLCore::HashTable::add):
+        (KXMLCore::::add):
+        (KXMLCore::::HashTable):
+
+2006-01-23  Justin Garcia  <justin.garcia@apple.com>
+
+        Reviewed by thatcher
+        
+        Turned on -O2 for B&I build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-01-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Tim Hatcher.
+        
+        - it's "Franklin Street", not "Franklin Steet"
+
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        * kjs/bool_object.h:
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/completion.h:
+        * kjs/context.h:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/debugger.cpp:
+        * kjs/debugger.h:
+        * kjs/dtoa.h:
+        * kjs/error_object.cpp:
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/function_object.h:
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/lexer.cpp:
+        * kjs/lexer.h:
+        * kjs/list.cpp:
+        * kjs/list.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        * kjs/number_object.cpp:
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        * kjs/object_object.h:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+        * kjs/property_slot.cpp:
+        * kjs/property_slot.h:
+        * kjs/reference.cpp:
+        * kjs/reference.h:
+        * kjs/reference_list.cpp:
+        * kjs/reference_list.h:
+        * kjs/regexp.cpp:
+        * kjs/regexp.h:
+        * kjs/regexp_object.cpp:
+        * kjs/regexp_object.h:
+        * kjs/scope_chain.cpp:
+        * kjs/scope_chain.h:
+        * kjs/simple_number.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+        * kjs/testkjs.cpp:
+        * kjs/types.h:
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        * kjs/value.h:
+        * kxmlcore/AlwaysInline.h:
+        * kxmlcore/ListRefPtr.h:
+        * kxmlcore/PassRefPtr.h:
+        * kxmlcore/RefPtr.h:
+
+2006-01-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - change needed for fix to http://bugs.webkit.org/show_bug.cgi?id=6617
+          REGRESSION: Crash in cloneChildNodes when clicking element
+
+        * kxmlcore/PassRefPtr.h: Fix assignment operator from RefPtr of a different
+        type by calling get() instead of going directly at m_ptr.
+        * kxmlcore/RefPtr.h: Ditto.
+
+        - other changes
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Xcode decided to change this file.
+        It's just a resorted list of keys in a dictionary.
+
+        * kjs/fpconst.cpp: Wrap this file in #if __APPLE__ since the alternate version
+        in internal.cpp is in #if !__APPLE__. This file is to give us the "no init
+        routine" property we want to have on OS X.
+
+2006-01-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - Set up Page class and invert Frame / WebCoreFrameBridge ownership
+        http://bugs.webkit.org/show_bug.cgi?id=6577
+
+        * kjs/interpreter.h: make globalExec virtual so ScriptInterpreter can 
+        override it
+
+2006-01-23  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej and Darin.
+
+        * kxmlcore/Assertions.h: This file only works with __APPLE__ right now
+        * kjs/interpreter.cpp: ditto
+        * kjs/simple_number.h: Add assert.h and remove from config.h
+        * kjs/array_object.cpp: Use relative paths for kxmlcore includes
+        * kjs/testkjs.cpp: Use relative paths for kxmlcore includes
+
+2006-01-23  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/config.h: unbreak preprocessor change
+
+2006-01-23  George Staikos <staikos@opensource.apple.com>
+
+        Approved by Maciej and Darin.
+
+        * kjs/:
+        * kxmlcore/:
+             Update FSF address in license to make merging easier
+
+2006-01-22  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/collector.cpp: merge major speedup from KDE on Linux
+                             patch by Maks Orlovich, bug #6145
+                             Also unify cpu detection
+        * kjs/config.h: define simpler CPU macros
+
+2006-01-22  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/collector.cpp: merge FreeBSD compile fix from KDE
+                             -> requires build magic for use
+
+2006-01-21  George Staikos <staikos@opensource.apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/nodes2string.cpp
+        * kjs/operations.h
+        * kjs/debugger.h
+          Fix pedantic compile with some gcc versions (Merge from KDE)
+
+        * kjs/create_hash_table:
+          Fix build with Perl 5.8.0 (Merge from KDE)
+
+2006-01-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Hyatt.
+
+        - hash table fixes needed for my WebCore changes
+
+        * kxmlcore/HashTable.h: (KXMLCore::HashTableConstIterator::operator=):
+        Added a missing return statement.
+
+        * kxmlcore/HashTraits.h: Fix traits so they work properly for classes where you
+        can't instantiate with a 0 by using traits rather than ? : to select the default
+        emtpy value of hash table keys.
+
+        - small cleanup of "runtime" code left over from recent JavaScript crash fix
+
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::RootObject): No explicit initialization of _imp needed
+        since it's now a ProtectedPtr.
+        (KJS::Bindings::RootObject::setRootObjectImp): Remove old code that relied on the
+        fact that _imp was 0 and replaced with use of ProtectedPtr.
+        (KJS::Bindings::RootObject::rootObjectImp): Updated since _imp is a ProtectedPtr.
+
+2006-01-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=6611
+          add assertions to check correct use of hash table iterators
+
+        * kxmlcore/HashTable.h:
+        (KXMLCore::addIterator): Added. Helper function that adds an iterator to the list
+        maintained by the specified hash table.
+        (KXMLCore::removeIterator): Added. Helper function that removes an iterator from
+        the list maintained by the hash table it's in.
+        (KXMLCore::HashTableConstIterator::HashTableConstIterator): Added a HashTable
+        parameter, ignored when not debugging. Call addIterator.
+        (KXMLCore::HashTableConstIterator::~HashTableConstIterator):
+        (KXMLCore::HashTableConstIterator::operator=): Call removeIterator.
+        (KXMLCore::HashTableConstIterator::operator*): Call checkValidity.
+        (KXMLCore::HashTableConstIterator::operator->): Ditto.
+        (KXMLCore::HashTableConstIterator::operator++): Ditto.
+        (KXMLCore::HashTableConstIterator::operator==): Ditto.
+        (KXMLCore::HashTableConstIterator::operator!=): Ditto.
+        (KXMLCore::HashTableConstIterator::checkValidity): Checks that the hash table
+        pointer is not 0 and if there are two iterators that both point at the same table.
+        (KXMLCore::HashTableIterator::HashTableIterator): Changed to use the const iterator
+        as an implementation detail, to avoid having two separate iterator implementations.
+        (KXMLCore::HashTableIterator::operator*): Ditto.
+        (KXMLCore::HashTableIterator::operator->): Ditto.
+        (KXMLCore::HashTableIterator::operator++): Ditto.
+        (KXMLCore::HashTableIterator::operator==): Ditto.
+        (KXMLCore::HashTableIterator::operator!=): Ditto.
+        (KXMLCore::HashTable::HashTable): Initialize pointer to head of iterators list.
+        (KXMLCore::HashTable::~HashTable): Added call to invalidateIterators.
+        (KXMLCore::HashTable::makeIterator): Pass this pointer.
+        (KXMLCore::HashTable::makeConstIterator): Ditto.
+        (KXMLCore::HashTable::insert): Call invalidateIterators, since this is a public
+        entry point that modifies the hash table.
+        (KXMLCore::HashTable::remove): Ditto.
+        (KXMLCore::HashTable::clear): Ditto.
+        (KXMLCore::HashTable::swap): Ditto.
+        (KXMLCore::HashTable::invalidateIterators): Added. Walks the iterators list and
+        clears out the table, next, and previous pointers in all of them, and then clears
+        the head so we have an empty list.
+        (KXMLCore::addIterator): Added. Adds the iterator the the linked list in the
+        passed-in table, and points the iterator at the table.
+        (KXMLCore::removeIterator): Added. Removes the iterator from the linked list in
+        the passed-in table.
+
+        * kxmlcore/HashTraits.h: A bit of tweaking and formatting.
+
+2006-01-17  Justin Garcia  <justin.garcia@apple.com>
+
+        Reviewed by eric
+        
+        Deployment builds now use -O2
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2006-01-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6610
+          change RefPtr so that it works when deref ends up deleting the RefPtr
+
+        * kxmlcore/PassRefPtr.h: Always set m_ptr before calling deref.
+        * kxmlcore/RefPtr.h: Ditto.
+
+2006-01-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by darin.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=6322
+        DateProtoFuncImp::callAsFunction can crash due to lack of type checking
+
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFunc::callAsFunction): Type check calls to all methods. 
+        This matches section 15.9.5 in the spec.
+
+2006-01-16  Tim Omernick  <timo@apple.com>
+
+        Reviewed by John Sullivan.
+
+        JavaScriptCore part of <rdar://problem/4211707> NPAPI ref count behavior differs with Mozilla
+
+        * bindings/npruntime.cpp:
+        (_NPN_ReleaseObject):
+        Refactored part of this function out into _NPN_DeallocateObject.
+        (_NPN_DeallocateObject):
+        Forcibly deallocates the passed object, even if its refcount is
+        greater than zero.
+        
+        * bindings/npruntime_impl.h:
+        Declared _NPN_DeallocateObject().
+
+2006-01-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix problem with ++, ==, and != on const iterators in
+          HashMaps that are using the pointer specialization
+
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::PointerHashConstIteratorAdapter::operator++): Change type to const_iterator.
+        (KXMLCore::PointerHashConstIteratorAdapter::operator==): Ditto.
+        (KXMLCore::PointerHashConstIteratorAdapter::operator!=): Ditto.
+
+2006-01-15  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Anders.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6561
+        run-javascriptcore-tests doesn't work
+
+        * JavaScriptCore/tests/mozilla/Getopt/Mixed.pm: 
+        Changed revision number to 1.8 (broken by svn migration).
+
+2006-01-14  David Kilzer  <ddkilzer@kilzer.net>
+
+        Reviewed and landed by Anders.
+
+        * kjs/create_hash_table: Fixed comment typo.
+
+2006-01-13  Maks Orlovich   <maksim@kde.org>
+
+        Mostly merging work by Peter Kelly. Reviewed by Maciej, landed by ap.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6261
+        Misc. array object fixes from KJS
+
+        * kjs/array_object.cpp: Don't treat 2^32-1 as a real array index property.
+        (ArrayInstance::getOwnPropertySlot): Ditto.
+        (ArrayInstance::deleteProperty): Ditto.
+        (ArrayInstance::put): Ditto.
+        (ArrayInstance::propList): Added a FIXME comment.
+        (ArrayInstance::put): Throw exception on trying to set invalid array length.
+        (ArrayProtoFunc::callAsFunction): Do not use a separator argument when doing toString/toLocalString.
+        * kjs/array_object.h: Added MAX_ARRAY_INDEX.
+
+2006-01-13  Darin Adler  <darin@apple.com>
+
+        - Replaced tabs with spaces in source files that had less than 10 lines with tabs.
+        - Set allow-tabs Subversion property in source files that have more than 10 lines with tabs.
+
+2006-01-13  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Eric.
+
+        * kjs/create_hash_table:
+        Use correct size variables.
+
+2006-01-13  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        * kjs/create_hash_table:
+        Don't create an empty entry array, instead add a entry with all fields
+        set to null and set the hash table size to 1.
+        
+        * kjs/lookup.cpp:
+        (findEntry):
+        Remove the hash table size check
+
+2006-01-12  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6494
+        Crash when assigning a new function to a DOMParser object
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Move lookup.cpp before lookup.h
+        
+        * kjs/lookup.cpp:
+        (findEntry):
+        If the hash table is empty, return 0 early.
+
+2006-01-12  George Staikos <staikos@kde.org>
+
+        Reviewed by Darin.
+
+        * kjs/interpreter.cpp:
+        * kjs/testkjs.cpp:
+        * kjs/interpreter.h:
+        Add helper to interpreter to call the collector in order to facilitate
+        visibility rules in KDE.
+
+2006-01-12  George Staikos <staikos@kde.org>
+
+        Reviewed by Maciej.
+
+        * kjs/kjs.pro: Updates to build the whole thing on Linux at least.
+
+        * kxmlcore/HashTable.h: Add missing assert.h
+
+2006-01-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6505
+          retire APPLE_CHANGES from JavaScriptCore
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Removed both
+        APPLE_CHANGES and HAVE_CONFIG_H from all targets.
+
+        * README: Removed. This had obsolete information in it
+        and it wasn't clear what to replace it with.
+
+        * kjs/collector.h: Removed an APPLE_CHANGES if around something
+        that's not really platform-specific (although it does use a
+        platform-specific API at the moment).
+        * kjs/collector.cpp: Removed a mistaken comment.
+
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        * kjs/object.h:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/ustring.h:
+        Use __APPLE__ instead of APPLE_CHANGES for code that should be
+        used only on Mac OS X.
+
+        * kjs/interpreter.cpp: Removed APPLE_CHANGES ifdef around the include
+        of the runtime.h header. Even though that header isn't needed at the
+        moment on platforms other than Mac OS X, the conditional stuff should
+        be in the header itself, not in this one client.
+
+        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Removed some
+        code inside APPLE_CHANGES. I'm pretty sure this code isn't needed on
+        any platform where pow is implemented corrrectly according to the IEEE
+        standard. If it is needed on some, we can add it back with an appropriate
+        #if for the platforms where it is needed.
+
+2006-01-12  Justin Haygood  <justin@xiondigital.net>
+
+        Reviewed, tweaked, and landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6416
+          lexer.cpp, grammar.y protect include of config.h with "HAVE_CONFIG_H"
+
+        * kjs/dtoa.cpp: Removed HAVE_CONFIG_H, changed config.h to use
+        quotes instead of angle brackets. Moved dtoa.h include to the top.
+        Changed system header includes to use angle brackets instead of quotes.
+        * kjs/grammar.y: Removed HAVE_CONFIG_H, changed config.h to use
+        quotes instead of angle brackets.
+        * kjs/lexer.cpp: Removed HAVE_CONFIG_H, changed config.h to use
+        quotes instead of angle brackets. Moved lexer.h include to the top.
+        * kjs/ustring.cpp: Removed HAVE_CONFIG_H, changed config.h to use
+        quotes instead of angle brackets. Moved ustring.h include to the top.
+
+2006-01-12  George Staikos <staikos@kde.org>
+
+        Reviewed by Maciej
+
+        - Import initial QMake file.  Doesn't fully work yet.
+
+2006-01-11  Ricci Adams  <ricciadams@apple.com>
+
+        Reviewed by Maciej and Darin, landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5939
+          final comma in javascript object prevents parsing
+
+        * kjs/grammar.y: Added rule to allow trailing comma in
+        object construction.
+
+2006-01-11  Ricci Adams  <ricciadams@apple.com>
+
+        Reviewed by Geoff, landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5308
+          Number.toFixed doesn't include leading 0
+
+        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
+        Fixed a "<" that should have been a "<=".
+
+2006-01-11  Ricci Adams  <ricciadams@apple.com>
+
+        Reviewed by Geoff, landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5307
+          Number.toFixed doesn't round 0.5 up
+
+        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
+        Fixed a ">" that should have been a ">=".
+
+2006-01-11  Justin Haygood  <justin@xiondigital.net>
+
+        Reviewed and landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6486
+          JavaScriptCore should use system malloc on Windows
+
+        * kjs/config.h: Add USE_SYSTEM_MALLOC to the Win32 section.
+
+2006-01-10  Darin Adler  <darin@apple.com>
+
+        * Makefile: Took out unneeded "export" line.
+        * <many-files>: Changed a lot of flags (cleared bogus executable bits, set
+          MIME types, other small corrections).
+
+2006-01-09  Darin Adler  <darin@apple.com>
+
+        * Makefile.am: Removed.
+
+2006-01-07  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+        
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6373
+        REGRESSION: JavaScript hang when comparing large array to null
+        
+        * kjs/object.h:
+        (KJS::JSObject::isEqualToNull):
+        Add new function which returns true if an object should be treated as null when
+        doing comparisons.
+        
+        * kjs/operations.cpp:
+        (KJS::equal):
+        Use isEqualToNull.
+
+2006-01-07  Alexey Proskuryakov  <ap@nypop.com>
+
+        Reviewed by Maciej.
+
+        - Fix WebCore development build
+        http://bugs.webkit.org/show_bug.cgi?id=6408
+
+        * kxmlcore/Assertions.h: Use __VA_ARGS__ in variadic macros.
+
+2006-01-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - miscellaneous changes for 4% speedup on the JavaScript iBench
+        http://bugs.webkit.org/show_bug.cgi?id=6396
+        
+        Changes mostly thanks to Maks Orlovich, tweaked a little by me.
+
+        * kjs/create_hash_table: Use the same hash as the one used by Identifier.
+        * kjs/function.cpp:
+        (KJS::FunctionImp::processParameters): Use the new List::copyFrom
+        (KJS::ActivationImp::ActivationImp): track variable while iterating
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject): create StringInstance directly
+        * kjs/list.cpp:
+        (KJS::List::copy): implement in terms of copyFrom
+        (KJS::List::copyFrom): more efficient way to copy in another list
+        * kjs/list.h:
+        * kjs/lookup.cpp:
+        (keysMatch): updated to work with identifier hash
+        (findEntry): ditto
+        (Lookup::findEntry): ditto
+        (Lookup::find): ditto
+        * kjs/lookup.h:
+
+2006-01-06  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix development build failure from the previous checkin
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::put): Use prototype() accessor in assert.
+
+2006-01-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - fix remaining performance regression from Getter/Setter change
+        http://bugs.webkit.org/show_bug.cgi?id=6249
+
+        - Activation objects should not have __proto__ property
+        http://bugs.webkit.org/show_bug.cgi?id=6395
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot): Implement directly, thus
+        skipping getter/setter handling and __proto__ handling, as well
+        as inlining needed superclass stuff.
+        (KJS::ActivationImp::put): Implement directly, skipping getter/setter,
+        __proto__, and do canPut directly in PropertyMap::put since there's no
+        static property table either.
+        * kjs/function.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::put): Allow optionally inlining canPut check.
+        * kjs/property_map.h:
+
+2006-01-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by kimmo.t.kinnunen@nokia.com, reviewed by darin, tweaked by me.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=4921
+        \u escape sequences in JavaScript identifiers
+
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/lexer.cpp:
+        (Lexer::shift):
+        (Lexer::lex):
+        (Lexer::isWhiteSpace):
+        (Lexer::isLineTerminator):
+        (Lexer::isIdentStart):
+        (Lexer::isIdentPart):
+        (isDecimalDigit):
+        (Lexer::scanRegExp):
+        * kjs/lexer.h:
+        (KJS::Lexer::):
+
+        * tests/mozilla/expected.html: Updated test results.
+
+2005-12-30  Maciej Stachowiak  <mjs@apple.com>
+
+        No review, just test result update.
+
+        * tests/mozilla/expected.html: Updated for newly passing test from recent fixes.
+
+2005-12-30  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        - Fix http://bugs.webkit.org/show_bug.cgi?id=6298
+        Getter setter test is failing
+                
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        Rework the getter setter part. We now walk the prototype chain, checking for
+        getter/setter properties and only take the slow path if any are found. 
+
+2005-12-30  Maks Orlovich <maksim@kde.org>
+
+        Reviewed and committed by Maciej.
+
+        - Handle negative, FP numbers with non-10 radix in toString
+        http://bugs.webkit.org/show_bug.cgi?id=6259
+
+        (Merged from KJS, original work by Harri Porten)
+        
+        * kjs/number_object.cpp:
+        (NumberProtoFunc::callAsFunction): rewrote Number.toString(radix) to work with  
+        negative numbers, floating point and very large numbers.
+
+2005-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Maks Orlovich, reviewed and landed by me.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=6267
+        Fix Number.prototype.toFixed/toExponential(undefined)
+
+        * kjs/number_object.cpp:
+        (NumberProtoFunc::callAsFunction):
+
+2005-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Maks Orlovich, Reviewed and landed by me.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=6266
+        Minor object naming updates (to match Mozilla, KJS)
+
+        * kjs/number_object.cpp:
+        * kjs/regexp_object.cpp:
+
+2005-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Maks Orlovich, reviewed by mjs.
+
+        This has 2 very minor fixes, covered by KJS testsuite:    
+        1. Enumerates string indices in property list (with the same bug as array    
+           object has in corresponding code). This is a mozilla emulation thing. 
+        2. Permits properties with integer names in prototypes to be found    
+
+        * kjs/string_object.cpp:
+        (StringInstance::getOwnPropertySlot):
+        (StringInstanceImp::propList):
+        * kjs/string_object.h:
+
+2005-12-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+
+        - Fixed <rdar://problem/4364705> run-javascriptcore-tests crashes in 
+        KJS::BlockNode::deref 
+        AKA 
+        http://bugs.webkit.org/show_bug.cgi?id=6233
+        Reproducible stack-overflow crash in ~RefPtr<T> due to RefPtr<T> use in 
+        linked lists
+
+        This patch does four things: 
+        (1) Standardizes all our linked list nodes to use "next" as their next 
+        pointers. 
+        (2) Creates the ListRefPtr<T> class, a subclass of RefPtr<T> specialized
+        to iteratively deref "next" pointers.
+        (3) Standardizes our linked list nodes to use ListRefPtr<T> and 
+        implement the releaseNext() function used by ~ListRefPtr<T>().
+        (4) Adds to RefPtr<T> the release() method used by releaseNext().
+
+        - Modified existing mozilla test to ensure it would make deployment 
+        builds crash as well.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/nodes.cpp:
+        (ElementNode::evaluate):
+        (PropertyListNode::evaluate):
+        (ArgumentListNode::evaluateList):
+        (StatListNode::StatListNode):
+        (StatListNode::execute):
+        (StatListNode::processVarDecls):
+        (VarDeclListNode::evaluate):
+        (VarDeclListNode::processVarDecls):
+        (VarStatementNode::execute):
+        (VarStatementNode::processVarDecls):
+        (BlockNode::BlockNode):
+        (CaseClauseNode::evalStatements):
+        (CaseClauseNode::processVarDecls):
+        (ClauseListNode::processVarDecls):
+        (CaseBlockNode::CaseBlockNode):
+        (CaseBlockNode::evalBlock):
+        (SourceElementsNode::SourceElementsNode):
+        (SourceElementsNode::execute):
+        (SourceElementsNode::processFuncDecl):
+        (SourceElementsNode::processVarDecls):
+        * kjs/nodes.h:
+        (KJS::ElementNode::ElementNode):
+        (KJS::ElementNode::releaseNext):
+        (KJS::ArrayNode::ArrayNode):
+        (KJS::PropertyListNode::PropertyListNode):
+        (KJS::PropertyListNode::releaseNext):
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        (KJS::ArgumentListNode::ArgumentListNode):
+        (KJS::ArgumentListNode::releaseNext):
+        (KJS::ArgumentsNode::ArgumentsNode):
+        (KJS::StatListNode::releaseNext):
+        (KJS::VarDeclListNode::VarDeclListNode):
+        (KJS::VarDeclListNode::releaseNext):
+        (KJS::VarStatementNode::VarStatementNode):
+        (KJS::ForNode::ForNode):
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::ClauseListNode::ClauseListNode):
+        (KJS::ClauseListNode::getClause):
+        (KJS::ClauseListNode::getNext):
+        (KJS::ClauseListNode::releaseNext):
+        (KJS::ParameterNode::ParameterNode):
+        (KJS::ParameterNode::releaseNext):
+        (KJS::SourceElementsNode::releaseNext):
+        * kjs/nodes2string.cpp:
+        (ElementNode::streamTo):
+        (PropertyListNode::streamTo):
+        (ArgumentListNode::streamTo):
+        (StatListNode::streamTo):
+        (VarDeclListNode::streamTo):
+        (VarStatementNode::streamTo):
+        (CaseClauseNode::streamTo):
+        (ClauseListNode::streamTo):
+        (CaseBlockNode::streamTo):
+        (SourceElementsNode::streamTo):
+        * kxmlcore/ListRefPtr.h: Added.
+        (KXMLCore::ListRefPtr::ListRefPtr):
+        (KXMLCore::ListRefPtr::~ListRefPtr):
+        (KXMLCore::ListRefPtr::operator=):
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::release):
+
+2005-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=4026
+        Math.random() not seeded.
+
+        Added call to sranddev() -- it executes the first time a process
+        calls Math.random().
+
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction):
+
+2005-12-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by darin.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=6265
+        Name change regression: Java doesn't know what JavaJSObject is
+
+        Changed strings passed to Java back to original "JSObject".
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JavaJSObject::convertValueToJObject):
+        (JavaJSObject::convertJObjectToValue):
+
+2005-12-28  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        - The JSC part of http://bugs.webkit.org/show_bug.cgi?id=6268
+        Add undetectable document.all
+        
+        * kjs/operations.cpp:
+        (KJS::equal):
+        When comparing an object with null or undefined, call toPrimitive with 
+        NullType as the preferred type.
+
+2005-12-27  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction):
+        Implement filter and map. Also, make the existing
+        array iteration functions not invoke the callback for
+        non-existing properties, just as Mozilla does now.
+        
+        * kjs/array_object.h:
+        (KJS::ArrayProtoFunc::):
+        Add filter and map.
+        
+        * tests/mozilla/expected.html:
+        Update, two 1.6 tests now pass.
+
+2005-12-27  Maciej Stachowiak  <mjs@apple.com>
+
+        - updated test results for new JS 1.6 tests
+
+        * tests/mozilla/expected.html:
+
+2005-12-27  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        Add Mozilla JS 1.6 tests.
+        
+        * tests/mozilla/js1_6/Array/browser.js: Added.
+        * tests/mozilla/js1_6/Array/regress-290592.js: Added.
+        * tests/mozilla/js1_6/Array/regress-304828.js: Added.
+        * tests/mozilla/js1_6/Array/regress-305002.js: Added.
+        * tests/mozilla/js1_6/Array/regress-310425-01.js: Added.
+        * tests/mozilla/js1_6/Array/regress-310425-02.js: Added.
+        * tests/mozilla/js1_6/Array/regress-320887.js: Added.
+        * tests/mozilla/js1_6/Array/shell.js: Added.
+        * tests/mozilla/js1_6/README: Added.
+        * tests/mozilla/js1_6/Regress/browser.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-301574.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-309242.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-311157-01.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-311157-02.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-314887.js: Added.
+        * tests/mozilla/js1_6/Regress/regress-320172.js: Added.
+        * tests/mozilla/js1_6/Regress/shell.js: Added.
+        * tests/mozilla/js1_6/String/browser.js: Added.
+        * tests/mozilla/js1_6/String/regress-306591.js: Added.
+        * tests/mozilla/js1_6/String/shell.js: Added.
+        * tests/mozilla/js1_6/browser.js: Added.
+        * tests/mozilla/js1_6/shell.js: Added.
+        * tests/mozilla/js1_6/template.js: Added.
+
+2005-12-27  Maks Orlovich <maksim@kde.org>
+
+        Reviewed and landed by Maciej.
+
+        - fixed 6234: Can delete array index property incorrectly.
+        http://bugs.webkit.org/show_bug.cgi?id=6234
+
+        * kjs/array_object.cpp:
+        (ArrayInstance::deleteProperty): use toArrayIndex instead of toUInt32 when
+        looking for array properties.
+
+2005-12-27  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Maciej.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::defineSetter):
+        Remove duplicate call to putDirect.
+
+2005-12-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin and Geoff.
+
+        Changes by me and Anders.
+
+        - mostly fixed REGRESSION: 5-10% performance regression on JS iBench from getter/setter change
+        http://bugs.webkit.org/show_bug.cgi?id=6083
+
+        - also fixed some warnings reported by -Winline
+        
+        * JavaScriptCorePrefix.h: Move new and delete definitions higher so there
+        aren't conflicts with use in standard C++ headers
+        * kjs/object.cpp:
+        (KJS::throwSetterError): Moved this piece of put into a seprate function
+        to avoid the PIC branch.
+        (KJS::JSObject::put): Use hasGetterSetterProperties to avoid expensive stuff
+        when not needed. Also use GetterSetter properties attribute.
+        (KJS::JSObject::deleteProperty): Recompute whether any properties are getter/setter
+        properties any more, if this one was one.
+        (KJS::JSObject::defineGetter): Let the PropertyMap know that it has getter/setter
+        properties now (and use the new attribute).
+        (KJS::JSObject::defineSetter): Ditto.
+        (KJS::JSObject::fillGetterPropertySlot): Out-of-line helper for getOwnPropertySlot,
+        to avoid global variable access in the hot code path.
+        * kjs/object.h:
+        (KJS::): Added GetterSetter attribute.
+        (KJS::JSCell::isObject): Moved lower to be after inline methods it uses.
+        (KJS::JSValue::isObject): ditto
+        (KJS::JSObject::getOwnPropertySlot): try to avoid impact of getters and setters
+        as much as possible in the case where they are not being used
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::containsGettersOrSetters): New method to help with this
+        * kjs/property_map.h:
+        (KJS::PropertyMap::hasGetterSetterProperties): Ditto
+        (KJS::PropertyMap::setHasGetterSetterProperties): Ditto
+        (KJS::PropertyMap::PropertyMap): Added a crazy hack to store the
+        global "has getter/setter properties" flag in the property map
+        single entry, to avoid making objects any bigger.
+        * kjs/value.h: Moved some things to object.h to make -Winline happier
+
+2005-12-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric and Dave Hyatt.
+
+        - make even const PassRefPtrs give transfer of ownership semantics
+        http://bugs.webkit.org/show_bug.cgi?id=6238
+        
+        This is a somewhat cheesy change. Having to use PassRefPtr_Ref creates ambiguities
+        in assignment and copy construction. And this makes life way easier and removes
+        the need for pass(). It is not really correct, but we pretty much never need a real
+        const PassRefPtr, and this takes care of things for PassRefPtr temporaries.
+        
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add): No more need for pass()
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): No more need for pass()
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create): Use adoptRef
+        (KJS::UString::UString): No more need for pass
+        (KJS::UString::append): No more need for pass
+        (KJS::UString::substr): No more need for pass
+        * kxmlcore/PassRefPtr.h: made m_ptr mutable (ugh)
+        (KXMLCore::PassRefPtr::PassRefPtr): Take a const PassRefPtr reference
+        (KXMLCore::PassRefPtr::release): Made this a const method (ugh)
+        (KXMLCore::PassRefPtr::operator=): clean up appropriately
+        (KXMLCore::adoptRef): Added this to use instead of PassRefPtr<T>::adopt, I think
+        it makes the behavior more clear and it is less verbose.
+        (KXMLCore::static_pointer_cast): use adoptRef
+        (KXMLCore::const_pointer_cast): use adoptRef
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::RefPtr): take const PassRefPtr&
+        (KXMLCore::PassRefPtr::operator=): take const PassRefPtr&
+
+2005-12-25  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Unbreak HashTableConstIterator++ by returning const_iterator
+
+        * kxmlcore/HashTable.h:
+        (KXMLCore::HashTableConstIterator::operator++): use const_iterator
+
+2005-12-25  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Un-break HashTable copy constructor.
+
+        * kxmlcore/HashTable.h:
+        (KXMLCore::::HashTable): use const_iterator instead
+
+2005-12-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - fixed "HashMap does not work with const pointer keys or values"
+        http://bugs.webkit.org/show_bug.cgi?id=6222
+        
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::HashMap): In all methods, explicitly cast all pointers
+        to void * before passing to internal implementation. Use C-style
+        casts instead of new-style casts, because the real solution would
+        require a combo of reinterpret_cast anc const_cast.
+
+
+2005-12-23  Maciej Stachowiak  <mjs@apple.com>
+
+        - this time for sure
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::::swap):
+
+2005-12-22  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix build problem from last commit.
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::::swap):
+
+2005-12-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - Make HashMap/HashSet support non-POD types
+        http://bugs.webkit.org/show_bug.cgi?id=5332
+
+        The changes for support are relatively simple, but I also made extensive changes to
+        avoid copying, so that there isn't refcount thrash when you put RefPtrs into a HashMap.
+
+        * kxmlcore/HashTable.h:
+        (KXMLCore::swap): specialize swap for pairs, to swap elements individually,
+        so that excess copies can be avoided.
+        (KXMLCore::Mover::move): Template function to either copy or swap, used
+        when transferring elements from old table to new.
+        (KXMLCore::IdentityHashTranslator::hash): The old "converting lookup" templates
+        that took two or three function parameters now take a class parameter, this is
+        the class used to do a normal lookup.
+        (KXMLCore::IdentityHashTranslator::equal): Ditto.
+        (KXMLCore::IdentityHashTranslator::translate): Ditto. Translate now takes a reference
+        to write into instead of returning a value to avoid redundant copies.
+        (KXMLCore::HashTable::~HashTable): Use deallocateTable instead of freeing directly.
+        (KXMLCore::HashTable::insert): Based on HashTranslator now instead of separate
+        functions. Added a FIXME about a remaining rare excess copy.
+        (KXMLCore::HashTable::isEmptyBucket): Use KeyTraits directly instead of unwrapping
+        the key from Traits, to avoid creating and destroying pair, which copies.
+        (KXMLCore::HashTable::isDeletedBucket): ditto
+        (KXMLCore::HashTable::lookup): Use HashTranslator now instead of separate functions.
+        (KXMLCore::HashTable::initializeBucket): Renamed from emptyBucket. Use placement new to
+        work right for non-POD types.
+        (KXMLCore::HashTable::deleteBucket): Use assignDeleted to avoid excess copies.
+        (KXMLCore::HashTable::reinsert): use Mover template to copy or swap as appropriate
+        (KXMLCore::HashTable::allocateTable): Initialize every bucket if calloc won't do.
+        (KXMLCore::HashTable::deallocateTable): Destruct every bucket if needed.
+        (KXMLCore::HashTable::rehash): Avoid copy before reinserting, so that swap can do its magic.
+        (KXMLCore::HashTable::clear): use deallocateTable instead of freeing directly.
+        (KXMLCore::HashTable::HashTable): be more dumb when copying to ensure that non-POD types
+        work right
+        * kxmlcore/HashFunctions.h:
+        (KXMLCore::PointerHash): Specialize PointerHash for RefPtr
+        * kxmlcore/HashMap.h:
+        (KXMLCore::extractFirst): Return a reference not a full object to avoid
+        copies.
+        (KXMLCore::HashMapTranslator::hash): Use a special translator for insertion
+        to defer making the pair as long as possible, thus avoiding needless copies.
+        (KXMLCore::HashMapTranslator::equal): ditto
+        (KXMLCore::HashMapTranslator::translate): ditto
+        (KXMLCore::::inlineAdd): Shared by set and add to insert using HashMapTranslator
+        (KXMLCore::::set): Use inlineAdd
+        (KXMLCore::::add): Use inlineAdd
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::): Pass KeyTraits along
+        * kxmlcore/HashSet.h:
+        (KXMLCore::identityExtract): Return a reference not a full object to avoid copies.
+        (KXMLCore::HashSetTranslatorAdapter::hash): Redo adapter stuff to work with
+        the new HashTranslator approach.
+        (KXMLCore::HashSetTranslatorAdapter::equal): ditto
+        (KXMLCore::HashSetTranslatorAdapter::translate): ditto
+        (KXMLCore::::insert): ditto
+        * kxmlcore/HashTraits.h:
+        (KXMLCore::GenericHashTraits): This is intended be used as a base class for
+        customized traits: sensible defaults.
+        (KXMLCore::): Use it a bunch
+        (KXMLCore::assignDeleted): template function to allow pairs to be assigned the
+        deleted value w/o excess copies.
+        (KXMLCore::PairHashTraits::emptyValue): Updated
+        (KXMLCore::PairHashTraits::deletedValue): Updated
+        (KXMLCore::PairHashTraits::assignDeletedValue): part of assignDeleted hack
+        (KXMLCore::DeletedValueAssigner::assignDeletedValue): Use template magic
+        to either use use deletedValue or assignDeletedValue for the cases where we care.
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::swap): Added swap method.
+        (KXMLCore::swap): Added swap free function.
+        * kjs/identifier.cpp:
+        (KJS::CStringTranslator::hash): Use new HashTranslator class approach to
+        alternate type based insertion.
+        (KJS::CStringTranslator::equal): ditto
+        (KJS::CStringTranslator::translate): ditto
+        (KJS::Identifier::add): ditto
+        (KJS::UCharBufferTranslator::hash): ditto
+        (KJS::UCharBufferTranslator::equal): ditto
+        (KJS::UCharBufferTranslator::translate): ditto
+
+        - irrelevant change:
+        
+        * kjs/array_object.cpp:
+        (ArrayProtoFunc::callAsFunction): Removed a stray space.
+
+2005-12-22  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Eric and Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6196
+        Would like to be able to define prototypes in headers
+        
+        * kjs/lookup.h:
+        Move ClassName from KJS_DECLARE_PROTOTYPE to KJS_IMPLEMENT_PROTOTYPE.
+        Also, namespace all macros by prefixing them with KJS_. 
+
+2005-12-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=6191
+          RefPtr/PassRefPtr have a leak issue, operator== issues
+
+        * kxmlcore/PassRefPtr.h:
+        (KXMLCore::PassRefPtr::PassRefPtr): Remove non-template constructor that takes RefPtr
+        since the constructor template that takes RefPtr should be sufficient. Add a constructor
+        template that takes PassRefPtr&.
+        (KXMLCore::PassRefPtr::adopt): Use PassRefPtr_Ref to avoid setting pointer first to
+        0 and then to the pointer.
+        (KXMLCore::PassRefPtr::operator=): Added template versions that take PassRefPtr& and
+        RefPtr parameters.
+        (KXMLCore::PassRefPtr::operator PassRefPtr<U>): Changed to fix leak -- old version
+        would release and then ref.
+        (KXMLCore::operator==): Make templates have two parameters so you can mix types.
+        Also remove unneeded const in raw pointer versions.
+        (KXMLCore::operator!=): Ditto.
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::RefPtr): Add constructor template that takes PassRefPtr.
+        (KXMLCore::RefPtr::operator=): Add assignment operator templates that take
+        RefPtr and PassRefPtr.
+        (KXMLCore::operator==): Make templates have two parameters so you can mix types.
+        Also remove unneeded const in raw pointer versions.
+        (KXMLCore::operator!=): Ditto.
+
+2005-12-21  Timothy Hatcher  <timothy@apple.com>
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+          Set tab width to 8, indent width to 4 and uses tabs to false per file.
+
+2005-12-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        Removed evil hack for determining if a type is an integer, replaced
+        with template metaprogramming.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Set tab size to 2 for
+        testkjs.cpp
+        * kjs/testkjs.cpp:
+        (main): Inserted asserts to test IsInteger. FIXME: Move these to
+        KXMLCore unit tests directory when we create one.
+        * kxmlcore/HashTraits.h:
+        (KXMLCore::): Added IsInteger class for querying types.
+
+2005-12-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - made ALWAYS_INLINE declare things inline as well as __attribute__((always_inline))
+        http://bugs.webkit.org/show_bug.cgi?id=6159
+
+        * kxmlcore/AlwaysInline.h:
+
+2005-12-19  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - fixed a leak in the assignment operator from PassRefPtr to RefPtr
+        http://bugs.webkit.org/show_bug.cgi?id=6158
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::operator=):
+
+        - fix problem with PassRefPtr that darin spotted - it lacked a copy constructor
+        and therefore was using the default one, which can lead to excess derefs
+
+        I fixed this by adding a copy constructor from non-const
+        reference, and by adding a template pass() function that you have
+        to use when raw pointer or RefPtr are passed where PassRefPtr is
+        expected.
+
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add): Changed to have PassRefPtr return type and
+        pass() the results.
+        * kjs/identifier.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): Use pass()
+        where required.
+        * kjs/ustring.cpp:
+        (KJS::UString::UString): Use pass() as needed.
+        (KJS::UString::append): ditto
+        (KJS::UString::substr): ditto
+        * kjs/ustring.h:
+        (KJS::UString::UString): Use initializer instead of assignment
+        * kxmlcore/PassRefPtr.h:
+        (KXMLCore::PassRefPtr::PassRefPtr): Added copy constructor
+        (KXMLCore::pass): new template function to make it convenient to pass
+        a PassRefPtr
+
+2005-12-19  Geoffrey Garen  <ggaren@apple.com>
+  
+        Reviewed by Maciej.
+
+        Fixed <rdar://problem/4370397> Missing return statement in
+        JSMethodNameToObjcMethodName.
+
+        JSMethodNameToObjcMethodName had a check for a name being too long, but
+        the check was missing a return statement.
+
+        A lot of this code was confusing and some of it was wrong, so I fixed
+        it up, added some asserts to catch this type of bug in the future, 
+        changed some comments, and renamed some variables.
+
+        The two advantages of the new algorithm are (1) It makes writing past
+        the end of the buffer virtually impossible because the test on the main
+        loop is "while (not past end of buffer)" and (2) It's twice as fast
+        because it doesn't call strlen. (There's no need to call strlen when
+        we're walking the string ourselves.) 
+        
+        methodsNamed also supports arbitrary-length method names now. Just in 
+        case the AppKit folks start getting REALLY verbose...
+
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::methodsNamed):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::JSMethodNameToObjcMethodName):
+
+2005-12-19  Darin Adler  <darin@apple.com>
+
+        Originally done by both George Staikos and Alexey Proskuryakov.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5706
+          Sharedptr dependency can be removed
+
+        Our coding guidelines say "use 0 instead of NULL" and both RefPtr and
+        PassRefPtr were using NULL, which required including a header that
+        defines NULL.
+
+        * kxmlcore/PassRefPtr.h:
+        (KXMLCore::PassRefPtr::PassRefPtr): Use 0 instead of NULL.
+        (KXMLCore::PassRefPtr::operator!): Use ! instead of == NULL.
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::RefPtr): Use 0 instead of NULL.
+        (KXMLCore::RefPtr::operator!): Use ! instead of == NULL.
+        Also did some reformatting.
+
+2005-12-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen and Eric Seidel.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=4923
+          stop using <ostream> in WebCore, eliminating the <cmath> troubles it causes
+
+        * kjs/simple_number.h: Removed many unnecessary includes, including
+        the <cmath> one to work around GCC library header bugs. We may have to
+        add some includes elsewhere for platforms other than OS X, since our
+        prefix header takes care of some things.
+
+        * kxmlcore/AlwaysInline.h: Added. Now clients that don't include
+        simple_number.h can still get the ALWAYS_INLINE macro.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added AlwaysInline.h.
+
+        * bindings/NP_jsobject.h: Removed a lot of unnecessary includes
+        and removed C-specific stuff from this C++-only header.
+        * bindings/jni/jni_jsobject.h: Removed a lot of unnecessary includes
+        and did some reformatting.
+        * bindings/objc/objc_runtime.h:  Removed an unnecessary include.
+        * bindings/runtime.h: Removed some unneeded includes. Reformatted.
+        * bindings/runtime.cpp: Updated to compile with header changes,
+        including a lot of reformatting.
+        * bindings/runtime_object.h: Removed an unnecessary include.
+
+2005-12-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and Adele
+
+        - replaced custom Identifier hashtable with HashSet
+
+        * kjs/identifier.cpp:
+        (KXMLCore::):
+        (KJS::identifierTable):
+        (KJS::Identifier::equal):
+        (KJS::hash):
+        (KJS::equal):
+        (KJS::convert):
+        (KJS::Identifier::add):
+        (KJS::Identifier::remove):
+        * kjs/identifier.h:
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::initGlobalObject):
+
+2005-12-18  Justin Haygood  <justin@xiondigital.net>
+
+        Reviewed, tweaked, and landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5227
+          Array indexOf() extension for JavaScript 1.5 Core
+
+        * kjs/array_object.h:
+        * kjs/array_object.cpp: (ArrayProtoFunc::callAsFunction): Added implementation of indexOf.
+
+2005-12-18  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin and Geoffrey.
+
+        - fix for <http://bugs.webkit.org/show_bug.cgi?id=4000>
+        Object.prototype is missing isPrototypeOf
+        
+        * kjs/object_object.cpp:
+        (ObjectPrototype::ObjectPrototype):
+        Add isPrototypeOf to object prototype.
+        
+        (ObjectProtoFunc::callAsFunction):
+        Implement isPrototypeOf
+        
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFunc::):
+        Add id for isPrototypeOf.
+
+2005-12-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=6119
+        split() function ignores case insensitive modifier.
+
+        Glossary:
+        RegExpImp: The C++ object you get when JavaScript executes
+                   "new RegExp()".
+        RegExp:    A C++ wrapper object that performs regular expression
+                   matching on behalf of a RegExpImp.
+
+        Instead of unnecessarily constructing a RegExp which (wrongly) lacks
+        any modifiers, String.split() now uses the RegExp built in to the 
+        RegExpImp passed to it, which has the right modifiers already.
+
+        I also cleaned up other bits of the string code to standardized how
+        we handle RegExpImp arguments.
+
+        * ChangeLog:
+        * kjs/string_object.cpp:
+        (replace):
+        (StringProtoFunc::callAsFunction):
+
+2005-12-16  David Hyatt  <hyatt@apple.com>
+
+        Remove unused RefPtr constructors that can create an ambiguity in ustring on some platforms.
+        
+        Reviewed by mjs
+
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::RefPtr):
+
+2005-12-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=5688
+          speed up JavaScript parsing by not creating a UString just to parse
+
+        * kjs/internal.h:
+        * kjs/internal.cpp: (KJS::InterpreterImp::evaluate): Change to take a character pointer
+        and length rather than a UString.
+
+        * kjs/interpreter.h:
+        * kjs/interpreter.cpp: (Interpreter::evaluate): Ditto.
+
+        * kjs/protect.h: Remove uneeded "convert to bool" operator since we already have a
+        "convert to raw pointer" operator in this class.
+
+=== Safari-521~5 ===
+
+2005-12-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Updated test results to match Anders's last fix.
+
+        * tests/mozilla/expected.html:
+
+2005-12-13  Anders Carlsson  <andersca@mac.com>
+
+        * ChangeLog: Add titles for my bugzilla bugs.
+
+2005-12-13  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=6041>
+        Support property getters and setters.
+        
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::lengthGetter):
+        (RuntimeArray::indexGetter):
+        * bindings/runtime_array.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::lengthGetter):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstance::lengthGetter):
+        (getProperty):
+        Update for changes to PropertySlot::getValue and
+        PropertySlot::GetValueFunc.
+        
+        * kjs/collector.cpp:
+        (KJS::className):
+        Handle GetterSetterType.
+        
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::Arguments::mappedIndexGetter):
+        (KJS::ActivationImp::argumentsGetter):
+        * kjs/function.h:
+        Update for changes to PropertySlot::getValue and
+        PropertySlot::GetValueFunc.
+        
+        * kjs/grammar.y:
+        Rework grammar parts for get set declarations directly
+        in the object literal.
+        
+        * kjs/internal.cpp:
+        (KJS::GetterSetterImp::mark):
+        (KJS::GetterSetterImp::toPrimitive):
+        (KJS::GetterSetterImp::toBoolean):
+        (KJS::GetterSetterImp::toNumber):
+        (KJS::GetterSetterImp::toString):
+        (KJS::GetterSetterImp::toObject):
+        Add type conversion functions. These aren't meant to be called.
+        
+        (KJS::printInfo):
+        Handle GetterSetterType.
+        
+        * kjs/lookup.h:        
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        Update for changes to PropertySlot::GetValueFunc.
+        
+        * kjs/nodes.cpp:
+        Refactor they way properties nodes are implemented.
+        We now have a PropertyListNode which is a list of PropertyNodes.
+        Each PropertyNode has a name (which is a PropertyNameNode) and an associated
+        value node. PropertyNodes can be of different types. The Constant type is the
+        old constant declaration and the Getter and Setter types are for property getters
+        and setters.
+        (ResolveNode::evaluate):
+        Update for changes to PropertySlot::getValue.
+        
+        (PropertyListNode::evaluate):
+        Go through all property nodes and set them on the newly created object. If the
+        property nodes are of type Getter or Setter, define getters and setters. Otherwise,
+        just add the properties like before.
+        
+        (PropertyNode::evaluate):
+        This should never be called directly.
+        
+        (PropertyNameNode::evaluate):
+        Rename from PropertyNode::evaluate.
+        
+        (FunctionCallResolveNode::evaluate):
+        (FunctionCallBracketNode::evaluate):
+        (FunctionCallDotNode::evaluate):
+        (PostfixResolveNode::evaluate):
+        (PostfixBracketNode::evaluate):
+        (PostfixDotNode::evaluate):
+        (TypeOfResolveNode::evaluate):
+        (PrefixResolveNode::evaluate):
+        (PrefixBracketNode::evaluate):
+        (PrefixDotNode::evaluate):
+        (AssignResolveNode::evaluate):
+        (AssignDotNode::evaluate):
+        (AssignBracketNode::evaluate):
+        Update for changes to PropertySlot::getValue.
+        
+        * kjs/nodes.h:
+        (KJS::PropertyNameNode::PropertyNameNode):
+        Rename from PropertyNode.
+        
+        (KJS::PropertyNode::):
+        (KJS::PropertyNode::PropertyNode):
+        New class, representing a single property.
+        
+        (KJS::PropertyListNode::PropertyListNode):
+        Rename from PropertyValueNode.
+        
+        (KJS::FuncExprNode::FuncExprNode):
+        Put ParameterNode parameter last, and make it optional.
+        
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        Use a PropertyListNode here now.
+        
+        * kjs/nodes2string.cpp:
+        (PropertyListNode::streamTo):
+        Iterate through all property nodes.
+        
+        (PropertyNode::streamTo):
+        Print out the name and value. Doesn't handle getters and setters currently.
+        
+        (PropertyNameNode::streamTo):
+        Rename from PropertyNode::streamTo.
+        
+        * kjs/object.cpp:
+        (KJS::JSObject::get):
+        Update for changes to PropertySlot::getValue.
+        
+        (KJS::JSObject::put):
+        If the property already exists and has a Setter, invoke
+        the setter function instead of setting the property directly.
+        
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        New functions for defining property getters and setters on the object.
+        
+        * kjs/object.h:
+        (KJS::GetterSetterImp::type):
+        (KJS::GetterSetterImp::GetterSetterImp):
+        (KJS::GetterSetterImp::getGetter):
+        (KJS::GetterSetterImp::setGetter):
+        (KJS::GetterSetterImp::getSetter):
+        (KJS::GetterSetterImp::setSetter):
+        New class for properties which have getters and setters defined.
+        This class is only used internally and should never be seen from the outside.
+        
+        (KJS::JSObject::getOwnPropertySlot):
+         If the property is a getter, call setGetterSlot on the property slot.
+         
+        * kjs/object_object.cpp:
+        (ObjectPrototype::ObjectPrototype):
+        Add __defineGetter__, __defineSetter, __lookupGetter__, __lookupSetter__
+        to prototype.
+        
+        (ObjectProtoFunc::callAsFunction):
+        Implement handlers for new functions.
+        
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFunc::):
+        Add ids for new functions.
+        
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::undefinedGetter):
+        Update for changes to PropertySlot::GetValueFunc.
+        
+        (KJS::PropertySlot::functionGetter):
+        Call the function getter object and return its value.
+        
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::getValue):
+        Add a new argument which is the original object that
+        getPropertySlot was called on.
+        
+        (KJS::PropertySlot::setGetterSlot):
+        (KJS::PropertySlot::):
+        New function which sets a getter slot. When getValue is called on a 
+        getter slot, the getter function object is invoked.
+        
+        * kjs/string_object.cpp:
+        (StringInstance::lengthGetter):
+        (StringInstance::indexGetter):
+        * kjs/string_object.h:
+        Update for changes to PropertySlot::GetValueFunc.
+        
+        * kjs/value.h:
+        (KJS::):
+        Add GetterSetterType and make GetterSetterImp a friend class of JSCell.
+
+2005-12-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - added a new HashCountedSet class for the common pattern of mapping items to counts that can change
+        
+        * kxmlcore/HashCountedSet.h: Added.
+        (KXMLCore::HashCountedSet::*): Implemented, on top of HashMap.
+        * kxmlcore/HashMap.h:
+        (KXMLCore::HashMap::add): New method - does not replace existing value if key already present
+        but otherwise like set().
+        (KXMLCore::HashMap::set): Improved comments.
+        * kxmlcore/HashMapPtrSpec.h:
+        (KXMLCore::HashMap::add): Added to specializations too.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add new  file.
+        * kxmlcore/HashFunctions.h: Added include of stdint.h
+        
+        - replaced the custom hashtable for values protected from GC with HashCountedSet
+
+        * kjs/collector.cpp:
+        (KJS::Collector::protect): Moved code here from ProtectedValues::increaseProtectCount
+        since the code is so simple now.
+        (KJS::Collector::unprotect): Ditto for ProtectedValues::decreaseProtectCount.
+        (KJS::Collector::markProtectedObjects): Updated for new way of doing things, now
+        simpler and safer.
+        (KJS::Collector::numReferencedObjects): ditto
+        (KJS::Collector::rootObjectClasses): ditto
+        * kjs/collector.h: Added protect and unprotect static methods
+        * kjs/protect.h:
+        (KJS::gcProtect): Updated for removal of ProtectedValues class
+        (KJS::gcUnprotect): likewise
+        * kjs/protected_values.cpp: Removed.
+        * kjs/protected_values.h: Removed.
+
+2005-12-10  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Maciej.
+
+        - did long-promised KJS renaming:
+        
+            ValueImp -> JSValue
+            ObjectImp -> JSObject
+            AllocatedValueImp -> JSCell
+        
+        A renaming to get a class out of the way
+        
+            KJS::Bindings::JSObject -> JavaJSObject
+ 
+        and some other "imp-reduction" renaming
+        
+            *InstanceImp -> *Instance
+            *ProtoFuncImp -> *ProtoFunc
+            *PrototypeImp -> *Prototype
+            ArgumentsImp -> Arguments
+            RuntimeArrayImp -> RuntimeArray
+            RuntimeMethodImp -> RuntimeMethod
+
+        * most files and functions
+
+2005-12-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - eliminated the old Undefined(), Null(), Boolean(), Number(), and String()
+
+        Code now uses jsUndefined(), jsNull(), jsBoolean(), jsNumber(), and jsString().
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_Evaluate):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::invokeMethod):
+        (KJS::Bindings::CInstance::invokeDefaultMethod):
+        * bindings/c/c_runtime.cpp:
+        (CField::valueFromInstance):
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertNPVariantToValue):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        (JavaInstance::invokeDefaultMethod):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::eval):
+        (JSObject::convertJObjectToValue):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::convertJObjectToArray):
+        (JavaField::valueFromInstance):
+        (JavaArray::valueAt):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcFallbackObjectImp::callAsFunction):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertNSStringToString):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Class::fallbackObject):
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::valueOf):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::lengthGetter):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::lengthGetter):
+        (RuntimeMethodImp::callAsFunction):
+        (RuntimeMethodImp::execute):
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::lengthGetter):
+        (CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
+        (ArrayPrototypeImp::ArrayPrototypeImp):
+        (ArrayProtoFuncImp::ArrayProtoFuncImp):
+        (ArrayProtoFuncImp::callAsFunction):
+        (ArrayObjectImp::ArrayObjectImp):
+        * kjs/bool_object.cpp:
+        (BooleanPrototypeImp::BooleanPrototypeImp):
+        (BooleanProtoFuncImp::callAsFunction):
+        (BooleanObjectImp::BooleanObjectImp):
+        (BooleanObjectImp::callAsFunction):
+        * kjs/error_object.cpp:
+        (ErrorPrototypeImp::ErrorPrototypeImp):
+        (ErrorProtoFuncImp::ErrorProtoFuncImp):
+        (ErrorProtoFuncImp::callAsFunction):
+        (ErrorObjectImp::ErrorObjectImp):
+        (NativeErrorImp::NativeErrorImp):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::DeclaredFunctionImp::execute):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionPrototypeImp::FunctionPrototypeImp):
+        (FunctionPrototypeImp::callAsFunction):
+        (FunctionProtoFuncImp::callAsFunction):
+        (FunctionObjectImp::FunctionObjectImp):
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::initGlobalObject):
+        * kjs/interpreter.h:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        (MathObjectImp::getValueProperty):
+        (MathFuncImp::callAsFunction):
+        * kjs/nodes.cpp:
+        (Node::setExceptionDetailsIfNeeded):
+        (NullNode::evaluate):
+        (PropertyNode::evaluate):
+        (FunctionCallBracketNode::evaluate):
+        (FunctionCallDotNode::evaluate):
+        (PostfixBracketNode::evaluate):
+        (PostfixDotNode::evaluate):
+        (VoidNode::evaluate):
+        (PrefixBracketNode::evaluate):
+        (PrefixDotNode::evaluate):
+        (ShiftNode::evaluate):
+        (valueForReadModifyAssignment):
+        (AssignDotNode::evaluate):
+        (AssignBracketNode::evaluate):
+        (VarDeclNode::evaluate):
+        (VarDeclNode::processVarDecls):
+        (VarDeclListNode::evaluate):
+        (ReturnNode::execute):
+        (CaseClauseNode::evalStatements):
+        (ParameterNode::evaluate):
+        (FuncDeclNode::processFuncDecl):
+        * kjs/nodes.h:
+        (KJS::StatementNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberPrototypeImp::NumberPrototypeImp):
+        (NumberProtoFuncImp::callAsFunction):
+        (NumberObjectImp::NumberObjectImp):
+        (NumberObjectImp::getValueProperty):
+        (NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::get):
+        (KJS::Error::create):
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::callAsFunction):
+        (ObjectObjectImp::ObjectObjectImp):
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::undefinedGetter):
+        * kjs/regexp_object.cpp:
+        (RegExpPrototypeImp::RegExpPrototypeImp):
+        (RegExpProtoFuncImp::callAsFunction):
+        (RegExpObjectImp::RegExpObjectImp):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::getBackref):
+        (RegExpObjectImp::getLastMatch):
+        (RegExpObjectImp::getLastParen):
+        (RegExpObjectImp::getLeftContext):
+        (RegExpObjectImp::getRightContext):
+        (RegExpObjectImp::getValueProperty):
+        (RegExpObjectImp::construct):
+        * kjs/string_object.cpp:
+        (StringInstanceImp::StringInstanceImp):
+        (StringPrototypeImp::StringPrototypeImp):
+        (replace):
+        (StringProtoFuncImp::callAsFunction):
+        (StringObjectImp::StringObjectImp):
+        (StringObjectImp::callAsFunction):
+        (StringObjectFuncImp::StringObjectFuncImp):
+        (StringObjectFuncImp::callAsFunction):
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+        (VersionFunctionImp::callAsFunction):
+        * kjs/value.h:
+
+2005-12-10  Oliver Hunt  <ojh16@student.canterbury.ac.nz>
+
+        Reviewed by Maciej, landed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=3539
+          Array join and toString methods do not support circular references
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::callAsFunction):
+        Added set of visited objects -- don't recurse if item is already in the set.
+
+2005-12-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - fix major memory leak and resultant slowdown on JavaScript iBench from
+        my PassRefPtr changes
+        
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create): I forgot to change one of the two overloads to create
+        with a refcount of 0 instead of 1 (the smart pointer then bumps it. But instead of
+        changing it, I changed both to start with a refcounter of 1 and use PassRefPtr::adopt
+        to adopt the initial refcount, this may be a hair more efficient.
+
+        - made the assignment operators for smart pointers inline because Shark said so
+        
+        * kxmlcore/PassRefPtr.h:
+        (KXMLCore::::operator=):
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::::operator=):
+
+2005-12-06  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        - fix build when using gcc 4
+                
+        * kjs/ustring.h:
+        Make Rep public.
+
+        * kxmlcore/PassRefPtr.h:
+        (KXMLCore::::operator):
+        Fix a typo.
+
+2005-12-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - add PassRefPtr, a smart pointer class that works in conjunction
+        with RefPtr but has transfer-of-ownership semantics
+        - apply RefPtr and PassRefPtr to UString
+        - cleaned up UString a little so that it doesn't need to have so many friend classes
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add):
+        * kjs/identifier.h:
+        (KJS::Identifier::Identifier):
+        (KJS::Identifier::equal):
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::remove):
+        * kjs/ustring.cpp:
+        (KJS::UCharReference::operator=):
+        (KJS::UCharReference::ref):
+        (KJS::UString::Rep::createCopying):
+        (KJS::UString::Rep::create):
+        (KJS::UString::usedCapacity):
+        (KJS::UString::usedPreCapacity):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::expandPreCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::spliceSubstringsWithSeparators):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        (KJS::UString::toStrictUInt32):
+        (KJS::UString::substr):
+        (KJS::UString::copyForWriting):
+        (KJS::operator==):
+        * kjs/ustring.h:
+        (KJS::UString::UString):
+        (KJS::UString::~UString):
+        (KJS::UString::data):
+        (KJS::UString::isNull):
+        (KJS::UString::isEmpty):
+        (KJS::UString::size):
+        (KJS::UString::rep):
+        * kxmlcore/RefPtr.h:
+        (KXMLCore::RefPtr::RefPtr):
+        (KXMLCore::RefPtr::operator*):
+        (KXMLCore::::operator):
+        (KXMLCore::operator==):
+        (KXMLCore::operator!=):
+        (KXMLCore::static_pointer_cast):
+        (KXMLCore::const_pointer_cast):
+
+2005-12-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Update test results to match Anders's last checkin.
+
+        * tests/mozilla/expected.html:
+
+2005-12-04  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Geoffrey.
+
+        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=3999>
+        Object.prototype is missing propertyIsEnumerable
+        
+        * kjs/object.cpp:
+        (KJS::ObjectImp::canPut):
+        Refactor to use getPropertyAttributes.
+
+        (KJS::ObjectImp::propertyIsEnumerable):
+        New function which checks if a property is enumerable.
+
+        (KJS::ObjectImp::getPropertyAttributes):
+        * kjs/object.h:
+        Add getPropertyAttributes and propertyIsEnumerable.
+
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::callAsFunction):
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFuncImp::):
+        Add propertyIsEnumerable to the Object prototype.
+
+2005-12-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        - removed deprecated reset, isNull and nonNull methods
+
+        * kxmlcore/RefPtr.h:
+
+2005-12-01  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=3382>
+        nodes2strings.cpp fails to print left expression of ForInNode when 'var' is not used
+        
+        Patch by Mark Rowe.
+
+        * kjs/nodes2string.cpp:
+        (ForInNode::streamTo):
+        Add lexpr if there's no varDecl.
+
+2005-12-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Eric.
+
+        - renamed SharedPtr to RefPtr via script
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::Parser::parse):
+        (KJS::InterpreterImp::checkSyntax):
+        (KJS::InterpreterImp::evaluate):
+        * kjs/internal.h:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        (KJS::SourceStream::operator<<):
+        * kjs/protect.h:
+        * kxmlcore/RefPtr.h: Added.
+        (KXMLCore::RefPtr::RefPtr):
+        (KXMLCore::RefPtr::~RefPtr):
+        (KXMLCore::RefPtr::isNull):
+        (KXMLCore::RefPtr::notNull):
+        (KXMLCore::RefPtr::reset):
+        (KXMLCore::RefPtr::get):
+        (KXMLCore::RefPtr::operator*):
+        (KXMLCore::RefPtr::operator->):
+        (KXMLCore::RefPtr::operator!):
+        (KXMLCore::RefPtr::operator UnspecifiedBoolType):
+        (KXMLCore::::operator):
+        (KXMLCore::operator==):
+        (KXMLCore::operator!=):
+        (KXMLCore::static_pointer_cast):
+        (KXMLCore::const_pointer_cast):
+        * kxmlcore/SharedPtr.h: Removed.
+
+2005-11-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        - change idiom used for implicit bool conversion of smart pointers, because the old one gives weird error messages sometimes
+
+        * kjs/protect.h:
+        (KJS::ProtectedPtr::operator UnspecifiedBoolType):
+        * kxmlcore/SharedPtr.h:
+        (KXMLCore::SharedPtr::operator UnspecifiedBoolType):
+
+2005-11-29  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Reviewed by ggaren.  Committed by eseidel.
+
+        Date conversion to local time gets the DST flag wrong sometimes
+        http://bugs.webkit.org/show_bug.cgi?id=5514
+
+        * kjs/date_object.cpp:
+        (KJS::isTime_tSigned):
+        (KJS::DateProtoFuncImp::callAsFunction):
+
+2005-11-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Eric.
+
+        - renamed InterpreterLock to JSLock
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        (_NPN_SetException):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::call):
+        (JSObject::eval):
+        (JSObject::getMember):
+        (JSObject::setMember):
+        (JSObject::removeMember):
+        (JSObject::getSlot):
+        (JSObject::setSlot):
+        (JSObject::toString):
+        (JSObject::convertJObjectToValue):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject removeWebScriptKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
+        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
+        * bindings/runtime.cpp:
+        (Instance::createRuntimeObject):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        (RootObject::removeAllNativeReferences):
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::~RootObject):
+        (KJS::Bindings::RootObject::setRootObjectImp):
+        * bindings/testbindings.cpp:
+        (main):
+        * bindings/testbindings.mm:
+        (main):
+        * kjs/JSLock.cpp:
+        (KJS::initializeJSLock):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::lockCount):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+        (KJS::JSLock::DropAllLocks::~DropAllLocks):
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::~JSLock):
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::InterpreterImp):
+        (KJS::InterpreterImp::clear):
+        (KJS::InterpreterImp::checkSyntax):
+        (KJS::InterpreterImp::evaluate):
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate):
+        * kjs/protect.h:
+        (KJS::::ProtectedPtr):
+        (KJS::::~ProtectedPtr):
+        (KJS::::operator):
+        * kjs/protected_reference.h:
+        (KJS::ProtectedReference::ProtectedReference):
+        (KJS::ProtectedReference::~ProtectedReference):
+        (KJS::ProtectedReference::operator=):
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::getProtectCount):
+        (KJS::ProtectedValues::increaseProtectCount):
+        (KJS::ProtectedValues::decreaseProtectCount):
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+        (main):
+
+2005-11-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by eseidel.  Committed by eseidel.
+
+        Inline ScopeChain functions for speed.
+        http://bugs.webkit.org/show_bug.cgi?id=5687
+
+        * kjs/object.h:
+        (KJS::ScopeChain::mark):
+        * kjs/scope_chain.cpp:
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::ref):
+        (KJS::ScopeChain::operator=):
+        (KJS::ScopeChain::bottom):
+        (KJS::ScopeChain::push):
+        (KJS::ScopeChain::pop):
+
+2005-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/4139620> Seed: WebKit: hang when sending XMLHttpRequest if automatic proxy config is used
+
+        Also factored locking code completely into a separate class, and
+        added a convenient packaged way to temporarily drop locks.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSLock.cpp: Added.
+        (KJS::initializeInterpreterLock):
+        (KJS::InterpreterLock::lock):
+        (KJS::InterpreterLock::unlock):
+        (KJS::InterpreterLock::lockCount):
+        (KJS::InterpreterLock::DropAllLocks::DropAllLocks):
+        (KJS::InterpreterLock::DropAllLocks::~DropAllLocks):
+        * kjs/JSLock.h: Added.
+        (KJS::InterpreterLock::InterpreterLock):
+        (KJS::InterpreterLock::~InterpreterLock):
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/protect.h:
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+
+2005-11-21  Eric Seidel  <eseidel@apple.com>
+
+        Rubber-stamped by hyatt.
+        
+        Removed JavaScriptCore+SVG target.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2005-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+        
+        - Fixed <rdar://problem/4342216> Installer crash in 
+          KJS::ValueImp::marked() when garbage collector runs inside call to 
+          ConstantValues::init()
+          
+        I took responsibility for initializing and marking ConstantValues away 
+        from InterpreterImp, since it's possible to reference such a value 
+        before any interpreter has been created and after the last interpreter 
+        has been destroyed.
+
+        InterpreterImp::lock now initializes ConstantValues. It's a good
+        place for the initialization because you have to call it before
+        creating any objects. Since ::lock can be called more than once,
+        I added a check in ConstantValues::init to ensure that it executes 
+        only once.
+
+        Collector:collect is now responsible for marking ConstantValues.
+
+        We no longer clear the ConstantValues since we can't guarantee that no 
+        one has a reference to them.
+
+        FIXME: This is hackery. The long-term plan is to make ConstantValues
+        use immediate values that require no initialization.
+
+        * ChangeLog:
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::InterpreterImp):
+        (KJS::InterpreterImp::lock):
+        (KJS::InterpreterImp::clear):
+        (KJS::InterpreterImp::mark):
+        * kjs/internal.h:
+        * kjs/value.cpp:
+        (KJS::ConstantValues::initIfNeeded):
+        * kjs/value.h:
+
+2005-11-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        This patch fixes some naughty naughty code -- 5 crashes and 2 
+        may-go-haywire-in-the-futures.
+        
+        One such crash is <rdar://problem/4247330> 8C46 Crash with with 
+        incomplete parameter list to webScript object function.
+        
+        I replaced early returns from within NS_DURINGs with calls to
+        NS_VALUERETURN because the doc says, "You cannot use goto or 
+        return to exit an exception handling domain -- errors will result."
+        
+        I replaced hard-coded analyses of -[NSMethodSignature 
+        methodReturnType] with more abstracted alternatives, since
+        the documentation says "This encoding is implementation-specific, 
+        so applications should use it with caution," and then emits an
+        evil cackle.
+        
+        I removed the early return in the case where a JavaScript caller
+        supplies an insufficient number of arguments, because the right
+        thing to do in such a case is to use JavaScript's defined behavior
+        of supplying "undefined" for any missing arguments.
+        
+        I also changed ObjcInstance::invokeMethod so that it no longer
+        deletes the method passed to it. It doesn't create the method,
+        so it shouldn't delete it. A friend of mine named
+        KERNEL_PROTECTION_FAILURE agrees with me on this point.
+        
+        Finally, I changed an assert(true) to assert(false) because
+        all the other asserts were making fun of it.
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+
+2005-11-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5571
+          REGRESSION (412.5-TOT): duplicated words/sentences at 
+          shakespeer.sourceforge.net
+
+        Our UTF16-modified PCRE didn't work with extended character classes
+        (classes involving characters > 255) because it used the GETCHARINC
+        macro to read through them. In UTF16 mode, GETCHARINC expects UTF16 
+        input, but PCRE encodes character classes in UTF8 regardless of the
+        input mode of the subject string.
+
+        The fix is to explicitly define GETUTF8CHARINC, and to use it,
+        rather than GETCHARINC, when reading extended character classes. 
+        
+        In UTF8 mode, we simply define GETCHARINC to be GETUTF8CHARINC.
+
+        * pcre/pcre_internal.h:
+        * pcre/pcre_xclass.c:
+        (_pcre_xclass):
+
+2005-11-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Mitz Pettel, reviewed by Maciej.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5357
+          REGRESSION: Scriptable plugin hides properties of OBJECT element
+
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::fallbackObject):
+
+2005-11-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5409
+        slice() testcase doesn't pass
+
+        Modified String.slice to deal with funky values.
+        Updated test results. We now pass <js1_2/String/slice.js>.
+
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::callAsFunction):
+        * tests/mozilla/expected.html:
+
+2005-11-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        * kxmlcore/HashSet.h: Fixed case of "hashfunctions.h" -- needs to be "HashFunctions.h".
+
+2005-11-03  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin and Vicki.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+          Change to use $(SYSTEM_LIBRARY_DIR) consistently and place
+          $(NEXT_ROOT) in a few spots to make build-root work.
+
+2005-11-03  Geoffrey Garen  <ggaren@apple.com>
+
+        - Updated JavaScriptCore test results to reflect recent fixes.
+
+        * tests/mozilla/expected.html:
+
+2005-11-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by darin.
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5602
+          REGRESSION: RegExp("[^\\s$]+", "g") returns extra matches
+
+        We now update lastIndex relative to the start of the last match,
+        rather than the start of the last search. We used to assume that
+        the two were equal, but that is not the case when a pattern
+        matches at a character after the first in the string.
+
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFuncImp::callAsFunction):
+
+2005-10-24  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Darin Adler. Code changes by Alexey Proskuryakov.
+        
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4931
+        Unicode format characters (Cf) should be removed from JavaScript source
+
+        * kjs/lexer.cpp:
+        include <unicode/uchar.h>
+        (Lexer::Lexer):
+        use KJS::UChar instead of UChar to avoid ambiguity caused by new include
+        (Lexer::setCode):
+        ditto; also, use shift(4) to skip first 4 chars to take advantage of new
+        logic there.
+        (Lexer::shift):
+        skip chars of type U_FORMAT_CHAR
+        (Lexer::convertUnicode):
+        use KJS::UChar instead of UChar to avoid ambiguity caused by new include
+        (Lexer::record16):
+        ditto
+        (Lexer::makeIdentifier):
+        ditto
+        (Lexer::makeUString):
+        ditto
+        
+        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
+        updated to skip soft hyphens
+
+2005-10-24  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Darin Adler. Code changes by George Staikos/Geoff Garen.
+        
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4142
+        Date object does not always adjust daylight savings correctly
+
+        * kjs/date_object.cpp:
+        (KJS::makeTime):
+        Fix the case where a time change crosses the daylight savings start/end dates.
+
+2005-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff. Code changes by Darin.
+
+        - some micro-optimizations to FastMalloc to reduce math and branches.
+
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::TCMalloc_Central_FreeList::Populate):
+        (KXMLCore::fastMallocRegisterThread):
+        (KXMLCore::TCMalloc_ThreadCache::GetCache):
+        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
+
+2005-10-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reverted fix for this bug, because it was part of a time range that caused a performance
+        regression:
+        
+        <rdar://problem/4260481> Remove Reference type from JavaScriptCore
+
+2005-10-15  Darin Adler  <darin@apple.com>
+
+        * kxmlcore/HashTable.cpp: Fixed build failure (said hashtable.h instead of HashTable.h).
+
+2005-10-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Style changes recommended by Darin.
+        
+        Changed to camelCase, changed ValueImp* to ValueImp *.
+
+        * kjs/simple_number.h:
+        (KJS::SimpleNumber::make):
+        (KJS::SimpleNumber::value):
+
+2005-10-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Added regexp_object.lut.h build phase from JavaScriptCore
+        to JavaScriptCore+SVG.
+
+        Reviewed by mitz.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2005-10-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed build bustage from last checkin (stray characters
+        in the project file).
+
+        Reviewed by mitz.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2005-10-11  Geoffrey Garen  <ggaren@apple.com>
+
+        New JavaScriptCore test results to reflect the last change.
+
+        * tests/mozilla/expected.html:
+
+2005-10-10  Geoffrey Garen  <ggaren@apple.com>
+
+        - Implemented caching of match state inside the global RegExp object
+          (lastParen, leftContext, rightContext, lastMatch, input).
+
+          exec(), test(), match(), search(), and replace() now dipatch regular
+          expression matching through the RegExp object's performMatch function, 
+          to facilitate caching. This replaces registerRegexp and 
+          setSubPatterns.
+        
+        - Implemented the special '$' aliases (e.g. RegExp.input aliases to 
+          RegExp.$_).
+
+        - Moved support for backreferences into the new static hash table
+          used for other special RegExp properties. Truncated backreferences
+          at $9 to match IE, FF, and the "What's New in Netscape 1.2?" doc.
+          (String.replace still supports double-digit backreferences.)
+
+        - Tweaked RegExp.prototype.exec to handle ginormous values in lastIndex.
+
+        Fixes 11 -- count em, 11 -- JavaScriptCore tests.
+
+        * fast/js/regexp-caching-expected.txt: Added.
+        * fast/js/regexp-caching.html: Added.
+
+        Reviewed by mjs.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added regexp_object.lut.h
+        * kjs/create_hash_table: Tweaked to allow for more exotic characters.
+                                 We now rely on the compiler to catch illegal
+                                 identifiers.
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFuncImp::callAsFunction):
+        (RegExpObjectImp::RegExpObjectImp):
+        (RegExpObjectImp::performMatch):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::backrefGetter):
+        (RegExpObjectImp::getLastMatch):
+        (RegExpObjectImp::getLastParen):
+        (RegExpObjectImp::getLeftContext):
+        (RegExpObjectImp::getRightContext):
+        (RegExpObjectImp::getOwnPropertySlot):
+        (RegExpObjectImp::getValueProperty):
+        (RegExpObjectImp::put):
+        (RegExpObjectImp::putValueProperty):
+        * kjs/regexp_object.h:
+        (KJS::RegExpObjectImp::):
+        * kjs/string_object.cpp:
+        (substituteBackreferences):
+        (replace):
+        (StringProtoFuncImp::callAsFunction):
+
+2005-10-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej; some changes done after review.
+
+        - fixed <rdar://problem/4092064> hanging loading page; rte.ie (works in IE and Firefox)
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=5280
+          Date.setMonth fails with negative values
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=5154
+          JSC should switch to _r variants of unix time/date functions
+        - fixed a few possible overflow cases
+
+        Retested all tests to be sure nothing broke; added layout test for bug 5280.
+
+        * kjs/config.h: Removed TIME_WITH_SYS_TIME define. Also set HAVE_SYS_TIMEB_H
+        for the __APPLE__ case (the latter is accurate but irrelevant).
+
+        * kjs/date_object.h: Reformatted. Removed unnecessary include of "function_object.h".
+        Moved declarations of helper classes and functions into the cpp file.
+
+        * kjs/date_object.cpp: Removed code at top to define macros to use CoreFoundation instead of
+        POSIX date functions.
+        (KJS::styleFromArgString): Tweaked to return early instead of using a variable.
+        (KJS::formatLocaleDate): Tweaked to check for undefined rather than checking argument count.
+        (KJS::formatDate): Made parameter const.
+        (KJS::formatDateUTCVariant): Ditto.
+        (KJS::formatTime): Ditto.
+        (KJS::DateProtoFuncImp::callAsFunction): Use gmtime_r and localtime_r instead of gmtime and
+        localtime.
+        (KJS::DateObjectImp::callAsFunction): Use localtime_r instead of localtime.
+        (KJS::ymdhmsToSeconds): Renamed from ymdhms_to_seconds. Changed computation to avoid possible
+        overflow if year is an extremely large or small number.
+        (KJS::makeTime): Removed code to move large month numbers from tm_mon to tm_year; this was
+        to accomodate CFGregorianDate, which is no longer used (and didn't handle negative values).
+        (KJS::parseDate): Renamed from KRFCDate_parseDate; changed to return a value in milliseconds
+        rather than in seconds. Reformatted the code. Changed to use UTF8String() instead of ascii(),
+        since ascii() is not thread safe. Changed some variables back from int to long to avoid
+        trouble if the result of strtol does not fit in an int (64-bit issue only).
+
+2005-10-08  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Reviewed by Geoff.
+        Tweaked and landed by Darin.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=5266
+          Support parenthesized comments in Date.parse()
+
+        * kjs/date_object.cpp:
+        (KJS::skipSpacesAndComments): Take a pointer, and advance it past spaces,
+        and also past anything enclosed in parentheses.
+        (KJS::KRFCDate_parseDate): Use skipSpacesAndComments wherever we formerly had
+        code to skip spaces.
+
+2005-10-08  Justin Haygood  <justin@xiondigital.net>
+
+        Reviewed, tweaked, and landed by Darin.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=5189
+          pcre_exec.c fails to compile using MSVC
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=5190
+          KJS config.h adjustment for Win32
+        
+        * kjs/config.h: Make sure HAVE_MMAP and HAVE_SBRK are off for Win32.
+        Turn HAVE_ERRNO_H on for Mac OS X. Sort defines so they are easy to compare
+        with each other. Remove #undef of DEBUG_COLLECTOR.
+        * pcre/pcre_exec.c: (match): Work around strange MSVC complaint by splitting
+        the definition of a local variable into a separate declaration and
+        initialization.
+
+2005-10-05  Geoffrey Garen  <ggaren@apple.com>
+ 
+        - Darin and I rewrote our implementation of the SimpleNumber class
+          to store number bit patterns in their floating point formats.
+ 
+        My tweaks reviewed by Darin.
+        
+        ~1% speedup on JS iBench.
+        
+        * kjs/internal.h: removed obsolete jsNumber declarations.
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction): changed KJS::isNaN to isNaN
+        * kjs/nodes.cpp:
+        (PostfixResolveNode::evaluate): removed obsolete knownToBeInteger
+        (PostfixBracketNode::evaluate): ditto
+        (PostfixDotNode::evaluate): ditto
+        (PrefixResolveNode::evaluate): ditto
+        (PrefixBracketNode::evaluate): ditto
+        (PrefixDotNode::evaluate): ditto
+        (NegateNode::evaluate): ditto
+        (valueForReadModifyAssignment): ditto
+        * kjs/number_object.cpp: removed obsolete comment
+        * kjs/operations.cpp:
+        (KJS::equal): removed unnecessary isNaN checks
+        (KJS::strictEqual): ditto
+        (KJS::add): removed obsolete knownToBeInteger
+        (KJS::mult): ditto
+        * kjs/operations.h: removed include of "value.h" to prevent circular reference
+        * kjs/simple_number.h: removed unnecessary #includes
+        (KJS::SimpleNumber::make): see above
+        (KJS::SimpleNumber::is): ditto
+        (KJS::SimpleNumber::value): ditto
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::callAsFunction): changed KJS::isNaN to isNaN
+        * kjs/ustring.cpp: removed unnecessary isNaN check
+        (KJS::UString::toUInt32): ditto
+        * kjs/value.cpp:
+        (KJS::jsNumber): removed obsolete jsNumber definitions
+        (KJS::ConstantValues::init): NaN is no longer a ConstantValue
+        (KJS::ConstantValues::clear): ditto
+        (KJS::ConstantValues::mark): ditto
+        * kjs/value.h: removed obsolete knownToBeInteger
+        (KJS::jsNaN): now returns a SimpleNumber
+        (KJS::ValueImp::getUInt32): changed to account for NaN being a SimpleNumber
+        (KJS::ValueImp::toBoolean): ditto
+        (KJS::ValueImp::toString): changed to account for +/- 0.0
+        (KJS::jsZero): changed to reflect that SimpleNumber::make takes a double
+        (KJS::jsOne): ditto
+        (KJS::jsTwo): ditto
+        (KJS::Number): removed obsolete non-double constructor declarations
+
+2005-10-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - fixed <rdar://problem/4260481> Remove Reference type from JavaScriptCore
+
+        Also fixed some bugs with for..in enumeration while I was at it. object
+        properties now come before prototype properties and duplicates
+        between object and prototype are listed only once.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/IdentifierSequencedSet.cpp: Added.
+        (KJS::IdentifierSequencedSet::IdentifierSequencedSet):
+        (KJS::IdentifierSequencedSet::deallocateVector):
+        (KJS::IdentifierSequencedSet::~IdentifierSequencedSet):
+        (KJS::IdentifierSequencedSet::insert):
+        * kjs/IdentifierSequencedSet.h: Added.
+        (KJS::IdentifierSequencedSetIterator::IdentifierSequencedSetIterator):
+        (KJS::IdentifierSequencedSetIterator::operator*):
+        (KJS::IdentifierSequencedSetIterator::operator->):
+        (KJS::IdentifierSequencedSetIterator::operator++):
+        (KJS::IdentifierSequencedSetIterator::operator==):
+        (KJS::IdentifierSequencedSetIterator::operator!=):
+        (KJS::IdentifierSequencedSet::begin):
+        (KJS::IdentifierSequencedSet::end):
+        (KJS::IdentifierSequencedSet::size):
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::getPropertyNames):
+        (ArrayInstanceImp::setLength):
+        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
+        * kjs/nodes.cpp:
+        (ForInNode::execute):
+        * kjs/nodes.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::getPropertyNames):
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getEnumerablePropertyNames):
+        (KJS::PropertyMap::getSparseArrayPropertyNames):
+        * kjs/property_map.h:
+        * kjs/protect.h:
+        * kjs/protected_reference.h: Removed.
+        * kjs/reference.cpp: Removed.
+        * kjs/reference.h: Removed.
+        * kjs/reference_list.cpp: Removed.
+        * kjs/reference_list.h: Removed.
+        * kjs/ustring.h:
+        (KJS::UString::impl):
+        * kxmlcore/HashSet.h:
+
+2005-10-04  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        Code cleanup, which resulted in a small win on iBench.
+
+        * kjs/object.cpp:
+        (KJS::tryGetAndCallProperty): new static inline
+        (KJS::ObjectImp::defaultValue): code cleanup
+
+2005-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from George Staikos <staikos@kde.org>, reviewed and tweaked a bit by me.
+
+        - more Linux build fixes
+        
+        * kjs/operations.cpp:
+        * kxmlcore/FastMalloc.h:
+        * kxmlcore/TCSystemAlloc.cpp:
+        (TCMalloc_SystemAlloc):
+
+2005-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from George Staikos <staikos@kde.org>, reviewed and tweaked a bit by me.
+
+        http://bugs.webkit.org/show_bug.cgi?id=5174
+        Add support for compiling on Linux (likely to help for other POSIX systems too)
+
+        * kjs/collector.cpp:
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::Collector::markOtherThreadConservatively):
+        * kjs/config.h:
+        * kjs/date_object.cpp:
+        (KJS::formatDate):
+        (KJS::formatDateUTCVariant):
+        (KJS::formatTime):
+        (KJS::timeZoneOffset):
+        (KJS::DateProtoFuncImp::callAsFunction):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::makeTime):
+        * kjs/identifier.cpp:
+        * kjs/internal.cpp:
+        (KJS::initializeInterpreterLock):
+        (KJS::lockInterpreter):
+        (KJS::unlockInterpreter):
+        (KJS::UndefinedImp::toPrimitive):
+        (KJS::UndefinedImp::toBoolean):
+        (KJS::UndefinedImp::toNumber):
+        (KJS::UndefinedImp::toString):
+        (KJS::NullImp::toPrimitive):
+        (KJS::NullImp::toBoolean):
+        (KJS::NullImp::toNumber):
+        (KJS::NullImp::toString):
+        (KJS::BooleanImp::toPrimitive):
+        (KJS::BooleanImp::toBoolean):
+        (KJS::BooleanImp::toNumber):
+        (KJS::BooleanImp::toString):
+        (KJS::StringImp::toPrimitive):
+        (KJS::StringImp::toBoolean):
+        (KJS::StringImp::toNumber):
+        (KJS::StringImp::toString):
+        * kjs/internal.h:
+        * kjs/protected_values.cpp:
+
+2005-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix Development build after last checkin
+
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::fastMallocRegisterThread):
+
+2005-10-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4283967> REGRESSION: 3% regression on PLT from new FastMalloc
+        http://bugs.webkit.org/show_bug.cgi?id=5243
+        
+        A number of optimizations to the new threadsafe malloc that make it actually as fast
+        as dlmalloc (I measured wrong before) and as memory-efficient as the system malloc.
+
+        - use fastMalloc for everything - it now gets applied to all new/delete allocations
+        via a private inline operator new that is now included into every file via config.h.
+
+        - tweaked some of the numeric parameters for size classes and amount of wasted memory
+        allowed per allocation - this saves on memory use and consequently improves speed.
+
+        - so long as the allocator is not being used on background threads, get the per-thread
+        cache from a global variable instead of from pthread_getspecific, since the latter is slow.
+
+        - inline more functions, and force the ones GCC refuses to inline with 
+        attribute(always_inline), nearly all of these have one call site so inlining them has 
+        to be a win.
+
+        - use some tricks to calculate allocation size more efficiently and fewer times for small
+        allocations, to avoid hitting the huge size table array.
+
+        - avoid hitting the per-thread cache on code paths that don't need it.
+
+        - implement inline assembly version of spinlock for PowerPC (was already done for x86)
+
+        * bindings/NP_jsobject.cpp:
+        * bindings/c/c_class.cpp:
+        * bindings/c/c_instance.cpp:
+        * bindings/c/c_runtime.cpp:
+        * bindings/c/c_utility.cpp:
+        * bindings/jni/jni_class.cpp:
+        * bindings/jni/jni_instance.cpp:
+        * bindings/jni/jni_jsobject.cpp:
+        * bindings/jni/jni_objc.mm:
+        * bindings/jni/jni_runtime.cpp:
+        * bindings/jni/jni_utility.cpp:
+        * bindings/npruntime.cpp:
+        * bindings/objc/WebScriptObject.mm:
+        * bindings/objc/objc_class.mm:
+        * bindings/objc/objc_instance.mm:
+        * bindings/objc/objc_runtime.mm:
+        * bindings/objc/objc_utility.mm:
+        * bindings/runtime.cpp:
+        * bindings/runtime_array.cpp:
+        * bindings/runtime_method.cpp:
+        * bindings/runtime_object.cpp:
+        * bindings/runtime_root.cpp:
+        * bindings/testbindings.cpp:
+        * bindings/testbindings.mm:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp):
+        (ArrayInstanceImp::~ArrayInstanceImp):
+        (ArrayInstanceImp::resizeStorage):
+        * kjs/bool_object.cpp:
+        * kjs/collector.cpp:
+        (KJS::Collector::registerThread):
+        * kjs/config.h:
+        * kjs/debugger.cpp:
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/function_object.cpp:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::rehash):
+        * kjs/internal.cpp:
+        (KJS::Parser::saveNewNode):
+        (KJS::clearNewNodes):
+        * kjs/interpreter.cpp:
+        * kjs/lexer.cpp:
+        (Lexer::doneParsing):
+        (Lexer::makeIdentifier):
+        (Lexer::makeUString):
+        * kjs/list.cpp:
+        * kjs/math_object.cpp:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        * kjs/number_object.cpp:
+        (integer_part_noexp):
+        (char_sequence):
+        * kjs/object.cpp:
+        * kjs/object_object.cpp:
+        * kjs/property_map.cpp:
+        * kjs/property_slot.cpp:
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::rehash):
+        * kjs/reference.cpp:
+        * kjs/reference_list.cpp:
+        * kjs/regexp.cpp:
+        * kjs/regexp_object.cpp:
+        * kjs/scope_chain.cpp:
+        * kjs/scope_chain.h:
+        * kjs/string_object.cpp:
+        * kjs/testkjs.cpp:
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        * kxmlcore/Assertions.mm:
+        * kxmlcore/FastMalloc.cpp:
+        (KXMLCore::InitSizeClasses):
+        (KXMLCore::DLL_IsEmpty):
+        (KXMLCore::DLL_Prepend):
+        (KXMLCore::TCMalloc_Central_FreeList::Insert):
+        (KXMLCore::TCMalloc_Central_FreeList::Remove):
+        (KXMLCore::TCMalloc_Central_FreeList::Populate):
+        (KXMLCore::TCMalloc_ThreadCache::Allocate):
+        (KXMLCore::TCMalloc_ThreadCache::FetchFromCentralCache):
+        (KXMLCore::fastMallocRegisterThread):
+        (KXMLCore::TCMalloc_ThreadCache::GetCache):
+        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (KXMLCore::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (KXMLCore::do_malloc):
+        (KXMLCore::do_free):
+        (KXMLCore::realloc):
+        * kxmlcore/FastMalloc.h:
+        (operator new):
+        (operator delete):
+        (operator new[]):
+        (operator delete[]):
+        * kxmlcore/HashTable.cpp:
+        * kxmlcore/TCSpinLock.h:
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        (TCMalloc_SlowLock):
+        * kxmlcore/TCSystemAlloc.cpp:
+
+2005-09-30  Geoffrey Garen  <ggaren@apple.com>
+
+        - Second cut at fixing <rdar://problem/4275206> Denver Regression: Seed: 
+          Past Editions of Opinions display "NAN/Undefined" for www.washingtonpost.com
+                
+        Reviewed by john.
+
+        * kjs/date_object.cpp:
+        (KJS::KRFCDate_parseDate): Intead of creating a timezone when one isn't specified,
+        just rely on the fallback logic, which will do it for you. Also, return invalidDate
+        if the date includes trailing garbage. (Somewhat accidentally, the timezone logic
+        used to catch trailing garbage.)
+
+        Added test case to fast/js/date-parse-test.html.
+
+2005-09-29  Eric Seidel  <eseidel@apple.com>
+        Fix from Mitz Pettel <opendarwin.org@mitzpettel.com>
+
+        Reviewed by darin.
+
+        Fix JSC memory smasher in TOT.
+        http://bugs.webkit.org/show_bug.cgi?id=5176
+
+        * pcre/pcre_exec.c:
+        (match):
+
+2005-09-29  Eric Seidel  <eseidel@apple.com>
+        Fix from Mitz Pettel <opendarwin.org@mitzpettel.com>
+
+        Reviewed by mjs.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Build fix for JSC+SVG after 5161.
+        http://bugs.webkit.org/show_bug.cgi?id=5179
+
+2005-09-28  Geoffrey Garen  <ggaren@apple.com>
+
+        - Fixed <rdar://problem/4275206> Denver Regression: Seed: Past Editions of Opinions display 
+          "NAN/Undefined" for www.washingtonpost.com
+          
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (KJS::KRFCDate_parseDate): If the timezone isn't specified, rather than returning
+        invalidDate, substitute the local timezone. This matches the behavior of FF/IE.
+
+2005-09-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from George Staikos, reviewed by me.
+
+        - fixed some compile issues on Linux
+        
+        * kjs/property_slot.h:
+        * kjs/simple_number.h:
+
+2005-09-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - move HashMap/HashSet code down to JavaScriptCore
+        http://bugs.webkit.org/show_bug.cgi?id=5161
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/internal.cpp:
+        (KJS::interpreterMap): Function that fetches the interpreter map on demand. 
+        (KJS::InterpreterImp::InterpreterImp): Replace use of InterpreterMap
+        class with an appropriate HashMap.
+        (KJS::InterpreterImp::clear): ditto
+        (KJS::InterpreterImp::interpreterWithGlobalObject): ditto
+        * kjs/interpreter_map.cpp: Removed.
+        * kjs/interpreter_map.h: Removed.
+
+        The HashMap/HashSet code (copied and slightly tweaked from WebCore)
+        
+        * kxmlcore/HashFunctions.h: Added.
+        (KXMLCore::4):
+        (KXMLCore::8):
+        (KXMLCore::):
+        (KXMLCore::PointerHash::hash):
+        (KXMLCore::PointerHash::equal):
+        * kxmlcore/HashMap.h: Added.
+        (KXMLCore::extractFirst):
+        (KXMLCore::HashMap::HashMap):
+        (KXMLCore::::size):
+        (KXMLCore::::capacity):
+        (KXMLCore::::isEmpty):
+        (KXMLCore::::begin):
+        (KXMLCore::::end):
+        (KXMLCore::::find):
+        (KXMLCore::::contains):
+        (KXMLCore::::set):
+        (KXMLCore::::get):
+        (KXMLCore::::remove):
+        (KXMLCore::::clear):
+        (KXMLCore::deleteAllValues):
+        * kxmlcore/HashMapPtrSpec.h: Added.
+        (KXMLCore::PointerHashIteratorAdapter::PointerHashIteratorAdapter):
+        (KXMLCore::PointerHashIteratorAdapter::operator*):
+        (KXMLCore::PointerHashIteratorAdapter::operator->):
+        (KXMLCore::PointerHashIteratorAdapter::operator++):
+        (KXMLCore::PointerHashIteratorAdapter::operator==):
+        (KXMLCore::PointerHashIteratorAdapter::operator!=):
+        (KXMLCore::PointerHashConstIteratorAdapter::PointerHashConstIteratorAdapter):
+        (KXMLCore::PointerHashConstIteratorAdapter::operator*):
+        (KXMLCore::PointerHashConstIteratorAdapter::operator->):
+        (KXMLCore::PointerHashConstIteratorAdapter::operator++):
+        (KXMLCore::PointerHashConstIteratorAdapter::operator==):
+        (KXMLCore::PointerHashConstIteratorAdapter::operator!=):
+        (KXMLCore::):
+        * kxmlcore/HashSet.h: Added.
+        (KXMLCore::identityExtract):
+        (KXMLCore::convertAdapter):
+        (KXMLCore::HashSet::HashSet):
+        (KXMLCore::::size):
+        (KXMLCore::::capacity):
+        (KXMLCore::::isEmpty):
+        (KXMLCore::::begin):
+        (KXMLCore::::end):
+        (KXMLCore::::find):
+        (KXMLCore::::contains):
+        (KXMLCore::::insert):
+        (KXMLCore::::remove):
+        (KXMLCore::::clear):
+        * kxmlcore/HashTable.cpp: Added.
+        (KXMLCore::HashTableStats::~HashTableStats):
+        (KXMLCore::HashTableStats::recordCollisionAtCount):
+        * kxmlcore/HashTable.h: Added.
+        (KXMLCore::HashTableIterator::skipEmptyBuckets):
+        (KXMLCore::HashTableIterator::HashTableIterator):
+        (KXMLCore::HashTableIterator::operator*):
+        (KXMLCore::HashTableIterator::operator->):
+        (KXMLCore::HashTableIterator::operator++):
+        (KXMLCore::HashTableIterator::operator==):
+        (KXMLCore::HashTableIterator::operator!=):
+        (KXMLCore::HashTableConstIterator::HashTableConstIterator):
+        (KXMLCore::HashTableConstIterator::operator*):
+        (KXMLCore::HashTableConstIterator::operator->):
+        (KXMLCore::HashTableConstIterator::skipEmptyBuckets):
+        (KXMLCore::HashTableConstIterator::operator++):
+        (KXMLCore::HashTableConstIterator::operator==):
+        (KXMLCore::HashTableConstIterator::operator!=):
+        (KXMLCore::HashTable::HashTable):
+        (KXMLCore::HashTable::~HashTable):
+        (KXMLCore::HashTable::begin):
+        (KXMLCore::HashTable::end):
+        (KXMLCore::HashTable::size):
+        (KXMLCore::HashTable::capacity):
+        (KXMLCore::HashTable::insert):
+        (KXMLCore::HashTable::isEmptyBucket):
+        (KXMLCore::HashTable::isDeletedBucket):
+        (KXMLCore::HashTable::isEmptyOrDeletedBucket):
+        (KXMLCore::HashTable::hash):
+        (KXMLCore::HashTable::equal):
+        (KXMLCore::HashTable::identityConvert):
+        (KXMLCore::HashTable::extractKey):
+        (KXMLCore::HashTable::lookup):
+        (KXMLCore::HashTable::shouldExpand):
+        (KXMLCore::HashTable::mustRehashInPlace):
+        (KXMLCore::HashTable::shouldShrink):
+        (KXMLCore::HashTable::shrink):
+        (KXMLCore::HashTable::clearBucket):
+        (KXMLCore::HashTable::deleteBucket):
+        (KXMLCore::HashTable::makeLookupResult):
+        (KXMLCore::HashTable::makeIterator):
+        (KXMLCore::HashTable::makeConstIterator):
+        (KXMLCore::::lookup):
+        (KXMLCore::::insert):
+        (KXMLCore::::reinsert):
+        (KXMLCore::::find):
+        (KXMLCore::::contains):
+        (KXMLCore::::remove):
+        (KXMLCore::::allocateTable):
+        (KXMLCore::::expand):
+        (KXMLCore::::rehash):
+        (KXMLCore::::clear):
+        (KXMLCore::::HashTable):
+        (KXMLCore::::swap):
+        (KXMLCore::::operator):
+        (KXMLCore::::checkTableConsistency):
+        (KXMLCore::::checkTableConsistencyExceptSize):
+        * kxmlcore/HashTraits.h: Added.
+        (KXMLCore::HashTraits::emptyValue):
+        (KXMLCore::):
+        (KXMLCore::PairHashTraits::emptyValue):
+        (KXMLCore::PairHashTraits::deletedValue):
+
+2005-09-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - update grammar to fix conflicts; fixes one of our test cases
+          because it resolves the relationship between function expressions
+          and declarations in the way required by the ECMA specification
+
+        * kjs/grammar.y: Added lots of new grammar rules so we have no conflicts.
+        A new set of rules for "no bracket or function at start of expression" and
+        another set of rules for "no in anywhere in expression". Also simplified the
+        handling of try to use only a single node and used operator precedence to
+        get rid of the conflict in handling of if and else. Also used a macro to
+        streamline the handling of automatic semicolons and changed parenthesis
+        handling to use a virtual function.
+
+        * kjs/nodes.h: Added nodeInsideAllParens, removed unused abortStatement.
+        (KJS::TryNode::TryNode): Updated to hold catch and finally blocks directly instead
+        of using a special node for each.
+        * kjs/nodes.cpp:
+        (Node::createErrorCompletion): Added. Used instead of throwError when creating errors
+        that should not be in a completion rather than an ExecState.
+        (Node::throwUndefinedVariableError): Added. Sets source location unlike the call it
+        replaces.
+        (Node::nodeInsideAllParens): Added.
+        (GroupNode::nodeInsideAllParens): Added.
+        (StatListNode::execute): Removed code to move exceptions into completion objects;
+        that's now done solely by the KJS_CHECKEXCEPTION macro.
+        (TryNode::execute): Include execution of catch and finally here rather than using
+        separate nodes.
+        (FuncDeclNode::execute): Moved here, no longer inline.
+        * kjs/nodes2string.cpp:
+        (TryNode::streamTo): Updated for change.
+        (FuncDeclNode::streamTo): Ditto.
+        (FuncExprNode::streamTo): Ditto.
+
+        * kjs/kjs-test: Removed. Was part of "make check".
+        * kjs/kjs-test.chk: Ditto.
+        * kjs/test.js: Ditto.
+
+        * tests/mozilla/expected.html: Updated because one more test succeeds.
+
+2005-09-27  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Maciej.
+
+        Changed ints to size_t where appropriate.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::collect):
+        (KJS::Collector::size):
+        (KJS::Collector::numInterpreters):
+        (KJS::Collector::numGCNotAllowedObjects):
+        (KJS::Collector::numReferencedObjects):
+        * kjs/collector.h:
+
+2005-09-27  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by kevin.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: fix after malloc changes.
+
+2005-09-27  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        * kjs/nodes.cpp:
+        (FuncExprNode::evaluate): Now sets .constructor properly.
+        Test cases added to WebCore/layout-tests.
+        http://bugs.webkit.org/show_bug.cgi?id=3537
+
+2005-09-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - replace dlmalloc with tcmalloc
+        http://bugs.webkit.org/show_bug.cgi?id=5145
+
+        I also moved SharedPtr and the assertion code from WebCore into a
+        new kxmlcore directory.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+        * kjs/config.h:
+        * kjs/fast_malloc.cpp: Removed.
+        * kjs/fast_malloc.h: Removed.
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add):
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap):
+        (KJS::PropertyMap::rehash):
+        * kjs/scope_chain.h:
+        * kjs/shared_ptr.h: Removed.
+        * kjs/string_object.cpp:
+        (StringObjectFuncImp::callAsFunction):
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::createCopying):
+        (KJS::UString::Rep::destroy):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::expandPreCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::spliceSubstringsWithSeparators):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        (KJS::UString::detach):
+        * kjs/ustring.h:
+        * kxmlcore/Assertions.h: Added.
+        * kxmlcore/Assertions.mm: Added.
+        * kxmlcore/FastMalloc.cpp: Added.
+        (KXMLCore::LgFloor):
+        (KXMLCore::SizeClass):
+        (KXMLCore::ByteSizeForClass):
+        (KXMLCore::InitSizeClasses):
+        (KXMLCore::MetaDataAlloc):
+        (KXMLCore::PageHeapAllocator::Init):
+        (KXMLCore::PageHeapAllocator::New):
+        (KXMLCore::PageHeapAllocator::Delete):
+        (KXMLCore::PageHeapAllocator::inuse):
+        (KXMLCore::pages):
+        (KXMLCore::AllocationSize):
+        (KXMLCore::Event):
+        (KXMLCore::NewSpan):
+        (KXMLCore::DeleteSpan):
+        (KXMLCore::DLL_Init):
+        (KXMLCore::DLL_Remove):
+        (KXMLCore::DLL_IsEmpty):
+        (KXMLCore::DLL_Length):
+        (KXMLCore::DLL_Print):
+        (KXMLCore::DLL_Prepend):
+        (KXMLCore::DLL_InsertOrdered):
+        (KXMLCore::):
+        (KXMLCore::TCMalloc_PageHeap::GetDescriptor):
+        (KXMLCore::TCMalloc_PageHeap::SystemBytes):
+        (KXMLCore::TCMalloc_PageHeap::FreeBytes):
+        (KXMLCore::TCMalloc_PageHeap::RecordSpan):
+        (KXMLCore::TCMalloc_PageHeap::TCMalloc_PageHeap):
+        (KXMLCore::TCMalloc_PageHeap::New):
+        (KXMLCore::TCMalloc_PageHeap::Split):
+        (KXMLCore::TCMalloc_PageHeap::Carve):
+        (KXMLCore::TCMalloc_PageHeap::Delete):
+        (KXMLCore::TCMalloc_PageHeap::RegisterSizeClass):
+        (KXMLCore::TCMalloc_PageHeap::Dump):
+        (KXMLCore::TCMalloc_PageHeap::GrowHeap):
+        (KXMLCore::TCMalloc_PageHeap::Check):
+        (KXMLCore::TCMalloc_PageHeap::CheckList):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::Init):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::length):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::empty):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::lowwatermark):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::clear_lowwatermark):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::Push):
+        (KXMLCore::TCMalloc_ThreadCache_FreeList::Pop):
+        (KXMLCore::TCMalloc_ThreadCache::freelist_length):
+        (KXMLCore::TCMalloc_ThreadCache::Size):
+        (KXMLCore::TCMalloc_Central_FreeList::length):
+        (KXMLCore::TCMalloc_Central_FreeList::Init):
+        (KXMLCore::TCMalloc_Central_FreeList::Insert):
+        (KXMLCore::TCMalloc_Central_FreeList::Remove):
+        (KXMLCore::TCMalloc_Central_FreeList::Populate):
+        (KXMLCore::TCMalloc_ThreadCache::SampleAllocation):
+        (KXMLCore::TCMalloc_ThreadCache::Init):
+        (KXMLCore::TCMalloc_ThreadCache::Cleanup):
+        (KXMLCore::TCMalloc_ThreadCache::Allocate):
+        (KXMLCore::TCMalloc_ThreadCache::Deallocate):
+        (KXMLCore::TCMalloc_ThreadCache::FetchFromCentralCache):
+        (KXMLCore::TCMalloc_ThreadCache::ReleaseToCentralCache):
+        (KXMLCore::TCMalloc_ThreadCache::Scavenge):
+        (KXMLCore::TCMalloc_ThreadCache::GetCache):
+        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (KXMLCore::TCMalloc_ThreadCache::PickNextSample):
+        (KXMLCore::TCMalloc_ThreadCache::InitModule):
+        (KXMLCore::TCMalloc_ThreadCache::InitTSD):
+        (KXMLCore::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (KXMLCore::TCMalloc_ThreadCache::DeleteCache):
+        (KXMLCore::TCMalloc_ThreadCache::RecomputeThreadCacheSize):
+        (KXMLCore::TCMalloc_ThreadCache::Print):
+        (KXMLCore::ExtractStats):
+        (KXMLCore::DumpStats):
+        (KXMLCore::PrintStats):
+        (KXMLCore::DumpStackTraces):
+        (KXMLCore::TCMallocImplementation::GetStats):
+        (KXMLCore::TCMallocImplementation::ReadStackTraces):
+        (KXMLCore::TCMallocImplementation::GetNumericProperty):
+        (KXMLCore::TCMallocImplementation::SetNumericProperty):
+        (KXMLCore::DoSampledAllocation):
+        (KXMLCore::do_malloc):
+        (KXMLCore::do_free):
+        (KXMLCore::do_memalign):
+        (KXMLCore::TCMallocGuard::TCMallocGuard):
+        (KXMLCore::TCMallocGuard::~TCMallocGuard):
+        (KXMLCore::malloc):
+        (KXMLCore::free):
+        (KXMLCore::calloc):
+        (KXMLCore::cfree):
+        (KXMLCore::realloc):
+        (KXMLCore::memalign):
+        (KXMLCore::posix_memalign):
+        (KXMLCore::valloc):
+        (KXMLCore::pvalloc):
+        (KXMLCore::malloc_stats):
+        (KXMLCore::mallopt):
+        (KXMLCore::mallinfo):
+        * kxmlcore/FastMalloc.h: Added.
+        (KXMLCore::FastAllocated::operator new):
+        (KXMLCore::FastAllocated::operator delete):
+        (KXMLCore::FastAllocated::operator new[]):
+        (KXMLCore::FastAllocated::operator delete[]):
+        * kxmlcore/SharedPtr.h: Added.
+        (KXMLCore::SharedPtr::SharedPtr):
+        (KXMLCore::SharedPtr::~SharedPtr):
+        (KXMLCore::SharedPtr::isNull):
+        (KXMLCore::SharedPtr::notNull):
+        (KXMLCore::SharedPtr::reset):
+        (KXMLCore::SharedPtr::get):
+        (KXMLCore::SharedPtr::operator*):
+        (KXMLCore::SharedPtr::operator->):
+        (KXMLCore::SharedPtr::operator!):
+        (KXMLCore::SharedPtr::operator bool):
+        (KXMLCore::::operator):
+        (KXMLCore::operator==):
+        (KXMLCore::operator!=):
+        (KXMLCore::static_pointer_cast):
+        (KXMLCore::const_pointer_cast):
+        * kxmlcore/TCPageMap.h: Added.
+        (TCMalloc_PageMap1::TCMalloc_PageMap1):
+        (TCMalloc_PageMap1::Ensure):
+        (TCMalloc_PageMap1::get):
+        (TCMalloc_PageMap1::set):
+        (TCMalloc_PageMap2::TCMalloc_PageMap2):
+        (TCMalloc_PageMap2::get):
+        (TCMalloc_PageMap2::set):
+        (TCMalloc_PageMap2::Ensure):
+        (TCMalloc_PageMap3::NewNode):
+        (TCMalloc_PageMap3::TCMalloc_PageMap3):
+        (TCMalloc_PageMap3::get):
+        (TCMalloc_PageMap3::set):
+        (TCMalloc_PageMap3::Ensure):
+        * kxmlcore/TCSpinLock.h: Added.
+        (TCMalloc_SpinLock::Init):
+        (TCMalloc_SpinLock::Finalize):
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        (TCMalloc_SlowLock):
+        (TCMalloc_SpinLockHolder::TCMalloc_SpinLockHolder):
+        (TCMalloc_SpinLockHolder::~TCMalloc_SpinLockHolder):
+        * kxmlcore/TCSystemAlloc.cpp: Added.
+        (TrySbrk):
+        (TryMmap):
+        (TryDevMem):
+        (TCMalloc_SystemAlloc):
+        * kxmlcore/TCSystemAlloc.h: Added.
+
+2005-09-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4260479> Finish deploying PropertySlot in the interpreter
+        http://bugs.webkit.org/show_bug.cgi?id=5112
+        
+        Convert postfix, prefix, delete, prefix, and for..in expressions to use
+        PropertySlot-based lookup instead of evaluateReference.
+
+        3% speedup on JS iBench.
+
+        Fixed two of the JS tests:
+        * tests/mozilla/expected.html:
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (PostfixResolveNode::evaluate):
+        (PostfixBracketNode::evaluate):
+        (PostfixDotNode::evaluate):
+        (DeleteResolveNode::evaluate):
+        (DeleteBracketNode::evaluate):
+        (DeleteDotNode::evaluate):
+        (DeleteValueNode::evaluate):
+        (typeStringForValue):
+        (TypeOfResolveNode::evaluate):
+        (TypeOfValueNode::evaluate):
+        (PrefixResolveNode::evaluate):
+        (PrefixBracketNode::evaluate):
+        (PrefixDotNode::evaluate):
+        (ForInNode::execute):
+        * kjs/nodes.h:
+        (KJS::PostfixResolveNode::PostfixResolveNode):
+        (KJS::PostfixBracketNode::PostfixBracketNode):
+        (KJS::PostfixDotNode::PostfixDotNode):
+        (KJS::DeleteResolveNode::DeleteResolveNode):
+        (KJS::DeleteBracketNode::DeleteBracketNode):
+        (KJS::DeleteDotNode::DeleteDotNode):
+        (KJS::DeleteValueNode::DeleteValueNode):
+        (KJS::TypeOfResolveNode::TypeOfResolveNode):
+        (KJS::TypeOfValueNode::TypeOfValueNode):
+        (KJS::PrefixResolveNode::PrefixResolveNode):
+        (KJS::PrefixBracketNode::PrefixBracketNode):
+        (KJS::PrefixDotNode::PrefixDotNode):
+        * kjs/nodes2string.cpp:
+        (PostfixResolveNode::streamTo):
+        (PostfixBracketNode::streamTo):
+        (PostfixDotNode::streamTo):
+        (DeleteResolveNode::streamTo):
+        (DeleteBracketNode::streamTo):
+        (DeleteDotNode::streamTo):
+        (DeleteValueNode::streamTo):
+        (TypeOfValueNode::streamTo):
+        (TypeOfResolveNode::streamTo):
+        (PrefixResolveNode::streamTo):
+        (PrefixBracketNode::streamTo):
+        (PrefixDotNode::streamTo):
+        * kjs/reference.cpp:
+        (KJS::Reference::Reference):
+        (KJS::Reference::getPropertyName):
+        (KJS::Reference::getValue):
+        (KJS::Reference::deleteValue):
+        * kjs/reference.h:
+
+2005-09-23  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed and landed by Darin.
+
+        - a Windows-specific file
+
+        * os-win32/stdint.h: Added. We plan to remove dependency on the <stdint.h> types,
+        and if we do so, we will remove this file.
+
+2005-09-22  Geoffrey Garen  <ggaren@apple.com>
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5053
+        Need to restore int/long changes to simple_number.h
+        
+        Reviewed by darin and mjs.
+
+        * kjs/simple_number.h: changed enums to indenpendent constants to clarify types
+        (KJS::isNegativeZero): changed to static function - no reason to export
+        (KJS::SimpleNumber::rightShiftSignExtended): new function for clarity
+        (KJS::SimpleNumber::make): specified cast as reinterpret_cast
+        (KJS::SimpleNumber::is): changed to use uintptr_t for portability
+        (KJS::SimpleNumber::value): changed to use uintptr_t and rightShiftSignExtended
+        (KJS::SimpleNumber::fits): inverted tests - probably only a performance win for double
+        (KJS::SimpleNumber::integerFits): ditto
+
+2005-09-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and partly by Darin.
+
+        - fixed http://bugs.webkit.org/post_bug.cgi
+        (Reduce conflicts in JavaScriptCore grammar)
+
+        This change gets us down from over 200 shift/reduce and 45 reduce/reduce to
+        9 shift/reduce and 45 reduce/reduce.
+
+        * kjs/grammar.y:
+        * kjs/grammar_types.h: Removed.
+        * kjs/lexer.cpp:
+        * kjs/nodes.h:
+        (KJS::Node::isGroupNode):
+        (KJS::Node::isLocation):
+        (KJS::Node::isResolveNode):
+        (KJS::Node::isBracketAccessorNode):
+        (KJS::Node::isDotAccessorNode):
+        (KJS::ResolveNode::isLocation):
+        (KJS::ResolveNode::isResolveNode):
+        (KJS::ResolveNode::identifier):
+        (KJS::GroupNode::isGroupNode):
+        (KJS::GroupNode::leafNode):
+        (KJS::BracketAccessorNode::isLocation):
+        (KJS::BracketAccessorNode::isBracketAccessorNode):
+        (KJS::BracketAccessorNode::base):
+        (KJS::BracketAccessorNode::subscript):
+        (KJS::DotAccessorNode::isLocation):
+        (KJS::DotAccessorNode::isDotAccessorNode):
+        (KJS::DotAccessorNode::base):
+        (KJS::DotAccessorNode::identifier):
+        (KJS::FuncExprNode::FuncExprNode):
+        (KJS::FuncExprNode::identifier):
+        (KJS::FuncDeclNode::FuncDeclNode):
+        (KJS::FuncDeclNode::execute):
+
+2005-09-20  Geoffrey Garen  <ggaren@apple.com>
+
+        - Oops. The 4263434 change was only appropriate on the branch. Rolling out.
+        
+        Reviewed by eric.
+        
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::mark):
+
+2005-09-20  Geoffrey Garen  <ggaren@apple.com>
+
+        - More changes needed to fix <rdar://problem/4214783> 8F29 REGRESSION(Denver/Chardonnay):
+          kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in
+          the installer)
+          
+        Added InterpreterLocks in some places in the bindings we missed before.
+        
+        Reviewed by john.
+
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        (RootObject::removeAllNativeReferences):
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::~RootObject):
+        (KJS::Bindings::RootObject::setRootObjectImp):
+
+2005-09-20  Geoffrey Garen  <ggaren@apple.com>
+
+        - Fixed <rdar://problem/4263434> <rdar://problem/4263434> Denver 8F29 Regression:
+          KJS::InterpreterImp::mark() crash
+          
+        Fix by mjs, review by me.
+
+        * kjs/internal.cpp:
+        (KJS::InterpreterImp::mark): Added a null check on globExec in case a
+        garbage collection occurs inside InterpreterImp::globalInit (called
+        from InterpreterImp::InterpreterImp), at which point globExec has not yet been initialized.
+
+2005-09-20  Geoffrey Garen  <ggaren@apple.com>
+
+        - Rolled in fix for http://bugs.webkit.org/show_bug.cgi?id=4892
+          Date constructor has problems with months larger than 11
+
+        Test cases added:
+
+        * layout-tests/fast/js/date-big-constructor-expected.txt: Added.
+        * layout-tests/fast/js/date-big-constructor.html: Added.
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (KJS::fillStructuresUsingDateArgs):
+        (KJS::makeTime):
+
+2005-09-19  Geoffrey Garen  <ggaren@apple.com>
+
+        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5028
+          9 layout tests fail following the change from long to int
+          
+        - Rolled out changes to simple_number.h, and added fits(long long) 
+          and SimpleNumber::fits(unsigned long long) to the old system.
+        
+        Reviewed by mjs.
+
+        * kjs/simple_number.h:
+        (KJS::SimpleNumber::):
+        (KJS::SimpleNumber::value):
+        (KJS::SimpleNumber::fits):
+        (KJS::SimpleNumber::integerFits):
+        (KJS::SimpleNumber::make):
+
+2005-09-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        - fixed <rdar://problem/4214783> REGRESSION: kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in the installer)
+
+        Make sure to lock using the InterpreterLock class in all places that need it
+        (including anything that uses the collector, the parser, the protect count hash table,
+        and anything that allocates via fast_malloc).
+
+        Also added assertions to ensure that the locking rules are followed for the relevant
+        resources.
+
+        * Makefile.am:
+        * bindings/NP_jsobject.cpp:
+        (identifierFromNPIdentifier):
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        (_NPN_SetException):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::call):
+        (JSObject::eval):
+        (JSObject::getMember):
+        (JSObject::setMember):
+        (JSObject::removeMember):
+        (JSObject::getSlot):
+        (JSObject::setSlot):
+        (JSObject::toString):
+        (JSObject::convertJObjectToValue):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject removeWebScriptKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        * bindings/runtime.cpp:
+        (Instance::createRuntimeObject):
+        * bindings/runtime_root.h:
+        * bindings/testbindings.cpp:
+        (main):
+        * bindings/testbindings.mm:
+        (main):
+        * kjs/fast_malloc.cpp:
+        (KJS::kjs_fast_malloc):
+        (KJS::kjs_fast_calloc):
+        (KJS::kjs_fast_free):
+        (KJS::kjs_fast_realloc):
+        * kjs/fast_malloc.h:
+        * kjs/identifier.h:
+        * kjs/internal.cpp:
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::clear):
+        (InterpreterImp::mark):
+        (InterpreterImp::checkSyntax):
+        (InterpreterImp::evaluate):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::globalObject):
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate):
+        * kjs/interpreter.h:
+        (KJS::InterpreterLock::InterpreterLock):
+        (KJS::InterpreterLock::~InterpreterLock):
+        * kjs/nodes.h:
+        * kjs/protect.h:
+        (KJS::ProtectedValue::ProtectedValue):
+        (KJS::ProtectedValue::~ProtectedValue):
+        (KJS::ProtectedValue::operator=):
+        (KJS::ProtectedObject::ProtectedObject):
+        (KJS::ProtectedObject::~ProtectedObject):
+        (KJS::ProtectedObject::operator=):
+        (KJS::ProtectedReference::ProtectedReference):
+        (KJS::ProtectedReference::~ProtectedReference):
+        (KJS::ProtectedReference::operator=):
+        * kjs/protected_object.h:
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::getProtectCount):
+        (KJS::ProtectedValues::increaseProtectCount):
+        (KJS::ProtectedValues::decreaseProtectCount):
+        * kjs/string_object.cpp:
+        (StringObjectImp::StringObjectImp):
+        * kjs/testkjs.cpp:
+        (main):
+
+2005-09-16  Adele Peterson  <adele@apple.com>
+
+        Change by Darin, reviewed by me and Maciej.
+
+        Fixes http://bugs.webkit.org/show_bug.cgi?id=4547
+        use int instead of long for 32-bit (to prepare for LP64 compiling)
+
+        * bindings/c/c_class.h:
+        (KJS::Bindings::CClass::constructorAt):
+        (KJS::Bindings::CClass::numConstructors):
+        * bindings/c/c_runtime.h:
+        (KJS::Bindings::CMethod::numParameters):
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::JavaClass):
+        * bindings/jni/jni_class.h:
+        (KJS::Bindings::JavaClass::constructorAt):
+        (KJS::Bindings::JavaClass::numConstructors):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::convertJObjectToValue):
+        (JSObject::listFromJArray):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::JavaMethod):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaConstructor::_commonCopy):
+        (KJS::Bindings::JavaConstructor::parameterAt):
+        (KJS::Bindings::JavaConstructor::numParameters):
+        (KJS::Bindings::JavaMethod::_commonCopy):
+        (KJS::Bindings::JavaMethod::parameterAt):
+        (KJS::Bindings::JavaMethod::numParameters):
+        * bindings/npapi.h:
+        * bindings/objc/WebScriptObject.mm:
+        (listFromNSArray):
+        * bindings/objc/objc_class.h:
+        (KJS::Bindings::ObjcClass::constructorAt):
+        (KJS::Bindings::ObjcClass::numConstructors):
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcMethod::numParameters):
+        * bindings/runtime.h:
+        * kjs/identifier.h:
+        * kjs/internal.h:
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::setCustomIndex):
+        (KJS::PropertySlot::index):
+        (KJS::PropertySlot::):
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::backrefGetter):
+        (RegExpObjectImp::getOwnPropertySlot):
+        * kjs/simple_number.h:
+        (KJS::SimpleNumber::):
+        (KJS::SimpleNumber::value):
+        (KJS::SimpleNumber::fits):
+        (KJS::SimpleNumber::integerFits):
+        (KJS::SimpleNumber::make):
+        * kjs/string_object.cpp:
+        (substituteBackreferences):
+        * kjs/ustring.cpp:
+        (KJS::UString::from):
+        (KJS::UString::toUInt32):
+        (KJS::UString::find):
+        (KJS::UString::rfind):
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        (KJS::jsNumber):
+        * kjs/value.h:
+
+2005-09-11  Eric Seidel  <eseidel@apple.com>
+
+        No review requested, build fix affects only SVG.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Fixed JSC+SVG
+        Fixed JavaScriptCore+SVG after PCRE 6.1 merger.
+        http://bugs.webkit.org/show_bug.cgi?id=4932
+
+2005-09-10  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed and landed by Darin.
+
+        * Makefile.vc: Added.
+        * README-Win32.txt: Added.
+
+2005-09-10  Darin Adler  <darin@apple.com>
+
+        - fixed compilation for WebCore (another try)
+
+        * kjs/simple_number.h: Added more "using" lines.
+
+2005-09-10  Darin Adler  <darin@apple.com>
+
+        - fixed compilation for WebCore
+
+        * kjs/simple_number.h: Have to include <cmath> here to work around a bug in the GCC
+        standard C++ library headers.
+
+2005-09-10  Darin Adler  <darin@apple.com>
+
+        Windows changes by Krzysztof Kowalczyk <kkowalczyk@gmail.com>.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4870
+          win portability: fix IS_NEGATIVE_ZERO macro in simple_number.h
+
+        * kjs/simple_number.h:
+        (KJS::isNegativeZero): Added. Inline function. Has a case for Windows that
+        uses _fpclass and a case for other platforms that uses signbit.
+        (KJS::SimpleNumber::fits): Use inline isNegativeZero instead of macro IS_NEGATIVE_ZERO.
+
+        * kjs/internal.cpp: Remove definition of now-unneeded negZero global.
+
+        * kjs/value.cpp: Touched the file because Xcode didn't know it needed to
+        recompile it.
+
+        - improved test engine
+
+        * tests/mozilla/jsDriver.pl: Sort tests in numeric order instead of using
+        a plain-ASCII sort; now test 33 will be after test 5 in any given set of
+        numbered tests.
+
+2005-09-08  Darin Adler  <darin@apple.com>
+
+        - fixed overloaded versions of throwError so that they substitute *all* 
+          expected parameters into the message string -- some versions used to
+          skip parameters, resulting in "%s" being printed in the error message.
+        
+        Reviewed by Geoff.
+
+        * kjs/nodes.h: Updated declarations to use "const &" and not to name parameters
+        * kjs/nodes.cpp: (Node::throwError): Updated to match above and add one missing
+        call to substitute.
+
+2005-09-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - updated to PCRE 6.1
+
+        The original PCRE 6.1 sources are checked into the tree with the tag
+        "pcre-6-1" for reference. What we're checking in right now is the original
+        plus our changes to make it support UTF-16 and at least one other tweak
+        (vertical tab considered whitespace). Our work to get our changes was
+        done on "pcre-6-1-branch", with an anchor at "pcre-6-1-anchor" so you can
+        see the evolution of the UTF-16 changes.
+        
+        Note also that there was one small change made here that's not on the branch
+        in pcre_compile.c.
+
+        * Info.plist: Updated the part of the copyright message that's about PCRE.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new PCRE source files,
+        removed obsolete ones.
+
+        * pcre/AUTHORS: Updated to PCRE 6.1. Includes credits for Apple's UTF-16
+        changes, but not the credits for Google's C++ wrapper, since we don't include that.
+        * pcre/COPYING: Updated to PCRE 6.1.
+        * pcre/LICENCE: Ditto.
+        * pcre/dftables.c: Ditto.
+        * pcre/pcre-config.h: Ditto.
+        * pcre/pcre.h: Ditto.
+
+        * pcre/pcre_compile.c: Added for PCRE 6.1.
+        * pcre/pcre_config.c: Ditto.
+        * pcre/pcre_exec.c: Ditto.
+        * pcre/pcre_fullinfo.c: Ditto.
+        * pcre/pcre_get.c: Ditto.
+        * pcre/pcre_globals.c: Ditto.
+        * pcre/pcre_info.c: Ditto.
+        * pcre/pcre_internal.h: Ditto.
+        * pcre/pcre_maketables.c: Ditto.
+        * pcre/pcre_ord2utf8.c: Ditto.
+        * pcre/pcre_printint.c: Ditto.
+        * pcre/pcre_refcount.c: Ditto.
+        * pcre/pcre_study.c: Ditto.
+        * pcre/pcre_tables.c: Ditto.
+        * pcre/pcre_try_flipped.c: Ditto.
+        * pcre/pcre_ucp_findchar.c: Ditto.
+        * pcre/pcre_version.c: Ditto.
+        * pcre/pcre_xclass.c: Ditto.
+        * pcre/ucp.h: Ditto.
+        * pcre/ucp_findchar.c: Ditto.
+        * pcre/ucpinternal.h: Ditto.
+        * pcre/ucptable.c: Ditto.
+
+        * pcre/get.c: Removed.
+        * pcre/internal.h: Removed.
+        * pcre/maketables.c: Removed.
+        * pcre/pcre.c: Removed.
+        * pcre/study.c: Removed.
+
+2005-09-07  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=4781
+        Date.setMonth fails with big values due to overflow
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (timetUsingCF): for consistency, changed return statement to invalidDate instead of LONG_MAX
+        (KJS::fillStructuresUsingTimeArgs): modified for readability
+        (KJS::fillStructuresUsingDateArgs): new function analogous to fillStructuresUsingTimeArgs
+        (KJS::DateProtoFuncImp::callAsFunction): modified to use fillStructuresUsingDateArgs
+        (KJS::DateObjectImp::construct): moved variable declaration to proper scope
+        (KJS::DateObjectFuncImp::callAsFunction): moved variable declaration to proper scope
+
+2005-09-07  Geoffrey Garen  <ggaren@apple.com>
+        -updated expected test results to reflect fix for 
+        http://bugs.webkit.org/show_bug.cgi?id=4698
+        kjs does not allow named functions in function expressions
+ 
+        * tests/mozilla/expected.html:
+
+2005-09-04  Darin Adler  <darin@apple.com>
+
+        * kjs/identifier.cpp: Fix comment, add missing include.
+        (Follow-on to changes from yesterday.)
+
+2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed, tweaked and landed by Darin.
+
+        - another try at some of the Windows compilation fixes
+          should fix these bugs: 4546, 4831, 4834, 4643, 4830, 4832, 4833, 4835
+
+        * kjs/collector.cpp: Add missing <setjmp.h> include.
+        * kjs/date_object.cpp: Fix broken copysign macro.
+        * kjs/dtoa.cpp: Move macro definitions down after all header includes.
+        * kjs/fast_malloc.cpp: Add missing <assert.h> and <stddef.h> includes.
+        * kjs/function.cpp: Remove broken isxdigit definition.
+        * kjs/grammar.y: Add a missing semicolon (and remove an excess one).
+        * kjs/identifier.cpp: Turn off AVOID_STATIC_CONSTRUCTORS because the placement new syntax
+        doesn't seem to work in Visual C++ (I'm surprised to hear that, by the way).
+        * kjs/value.h: Made ValueImp's destructor virtual because otherwise pointers to ValueImp
+        on the stack aren't right for garbage collection on Windows (don't think it works that
+        way with gcc's virtual table scheme, but it's a harmless change).
+
+2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
+
+        Reviewed, tweaked and landed by Darin.
+
+        - some Windows compilation fixes, hoping to fix the problems reported in these bugs:
+          4627, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4639, 4640, 4641, 4644, 4645
+
+        * kjs/collector.cpp: Include <windows.h> on WIN32. Put thread-related code inside
+        KJS_MULTIPLE_THREADS #if directives.
+        (KJS::Collector::markCurrentThreadConservatively): Use NT_TIB to find the stack base on Win32.
+
+        * kjs/config.h: Define HAVE_SYS_TIMEB_H for Win32.
+
+        * kjs/date_object.cpp: Add include of <limits.h>. Add definitions of strncasecmp, isfinite, and
+        copysign for Win32.
+        (KJS::KRFCDate_parseDate): Move "errno = 0" line down closer to the first call to strol -- I believe
+        that on Win32 there's some other call before that setting errno.
+
+        * kjs/date_object.h: Remove unneeded include of <sys/time.h>.
+
+        * kjs/dtoa.cpp: Add an undef of strtod, needed on Win32.
+
+        * kjs/fast_malloc.cpp: Put #if !WIN32 around some customization that's not appropriate on Win32.
+        (KJS::region_list_append): Add a missing cast so this Win32-specific function compiles in C++.
+        (KJS::sbrk): Change parameter type to match the declaration.
+
+        * kjs/function.cpp: (isxdigit): Define a locale-independent isxdigit on Win32.
+
+        * kjs/function.h: Remove unneeded friend class Function for FunctionImp.
+
+        * kjs/identifier.cpp: Took out the APPLE_CHANGES from around the AVOID_STATIC_CONSTRUCTORS
+        define. We ultimately intend to phase out APPLE_CHANGES entirely. Also fix the
+        non-AVOID_STATIC_CONSTRUCTORS code path.
+
+        * kjs/internal.cpp: Remove uneeded include of <strings.h>, which was confused with <string.h>!
+        Add a Win32 implementation of copysign. Put the threads code inside KJS_MULTIPLE_THREADS.
+
+        * kjs/internal.h: Define a KJS_MULTIPLE_THREADS macro on non-Win32 only. Later we can make this
+        specific to Mac OS X if we like.
+
+        * kjs/interpreter_map.cpp: Add missing include of <stdlib.h>.
+
+        * kjs/list.cpp:
+        (KJS::ListImp::markValues): Use std::min instead of MIN.
+        (KJS::List::copy): Ditto.
+        (KJS::List::copyTail): Ditto.
+
+        * kjs/math_object.cpp: (signbit): Add a Win32 implementation of signbit.
+
+        * kjs/nodes.cpp: (Node::finalCheck): Use unsigned instead of uint.
+        Put the use of always_inline inside __GNUC__.
+
+        * kjs/number_object.cpp: (NumberProtoFuncImp::callAsFunction): Use "10.0" instead of "10"
+        inside all the calls to pow to avoid ambiguity caused by overloading of pow on Win32, seen
+        when passing an int rather than a double or float.
+
+        * kjs/operations.cpp:
+        (KJS::isInf): Add Win32 implementation.
+        (KJS::isPosInf): Add Win32 implementation.
+        (KJS::isNegInf): Add Win32 implementation.
+
+        * kjs/regexp.cpp: Use unsigned instead of uint.
+        * kjs/regexp.h: Ditto.
+        * kjs/regexp_object.cpp: Ditto.
+        * kjs/regexp_object.h: Ditto.
+
+2005-09-02  Beth Dakin  <bdakin@apple.com>
+
+        Fix for <rdar://problem/4235531> Denver Regression: Safari crash in KWQStringData::makeUnicode
+        The other half of the fix is in WebCore.
+
+        Fix written by Maciej and Darin.
+        Reviewed by me/Maciej
+
+        As Maciej said in Radar: These problems was caused by a conflict between some of our custom 
+        allocators, causing them to return null. Symptom is typically a null pointer dereference in 
+        a place where it might be expected an allocation has just occurred.
+
+        * kjs/fast_malloc.cpp: Added #define for MORECORE_CONTIGUOUS, MORECORE_CANNOT_TRIM, 
+                               and MALLOC_FAILURE_ACTION.
+
+2005-08-31  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in fix for http://bugs.webkit.org/show_bug.cgi?id=4698
+        kjs does not allow named functions in function expressions
+        
+        Fix by Arthur Langereis.
+        
+        Reviewed by darin.
+        
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (FuncExprNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::FuncExprNode::FuncExprNode):
+
+        Test cases added:
+
+        * layout-tests/fast/js/named-function-expression-expected.txt: Added.
+        * layout-tests/fast/js/named-function-expression.html: Added.
+        
+2005-08-31  Justin Haygood  <justin@xiondigital.net>
+
+        Reviewed, tweaked, and landed by Darin.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4085
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4087
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4096
+          Some fixes for compiling on windows.
+
+        * kjs/config.h: Added a WIN32 case in here, with suitable defines.
+        (To be tweaked as necessary.)
+        * kjs/function.cpp: Took out APPLE_CHANGES around use of ICU.
+        * kjs/operations.cpp: Removed some bogus code that always set HAVE_FLOAT_H.
+
+2005-08-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4758
+          unify SharedPtr in WebCore and JavaScriptCore
+
+        * kjs/shared_ptr.h: Updated namespace to KXMLCore instead of kxhmlcore.
+        Made a few small improvements to use local variables a bit more and added
+        an "operator int" to reduce the chance that we'll convert a SharedPtr to
+        an int by accident. Also made the == operators normal functions rather than
+        friend functions, added a couple of comemnts.
+
+        * kjs/function.h: Updated for namespace change.
+        * kjs/function.cpp: Ditto.
+        * kjs/function_object.cpp: Ditto.
+        * kjs/internal.h: Ditto.
+        * kjs/internal.cpp: Ditto.
+        * kjs/nodes.h: Ditto.
+        * kjs/nodes2string.cpp: Ditto.
+
+2005-08-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/4224911> many many leaks in kjsyyparse with malformed Javascript        
+
+        Record all nodes that are created during parsing, and delete any
+        that are left floating with a refcount of 0.
+        
+        * kjs/internal.cpp:
+        (KJS::Parser::saveNewNode):
+        (KJS::clearNewNodes):
+        (KJS::Parser::parse):
+        * kjs/internal.h:
+        * kjs/nodes.cpp:
+        (Node::Node):
+        * kjs/nodes.h:
+        (KJS::Node::refcount):
+
+2005-08-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - fixed <rdar://problem/4232452> many many leaks in kjsyyparse on some well-formed JavaScript (can repro on sony.com, webkit tests)
+        
+        Fixed by changing the refcounting scheme for nodes. Instead of each node implementing a custom ref and
+        deref for all its children (and being responsible for deleting them), nodes use a smart pointer to
+        hold their children, and smart pointers are used outside the node tree as well. This change mostly
+        removes code.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/function.cpp:
+        (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        (KJS::Parser::parse):
+        (KJS::Parser::accept):
+        (KJS::InterpreterImp::checkSyntax):
+        (KJS::InterpreterImp::evaluate):
+        * kjs/internal.h:
+        * kjs/nodes.cpp:
+        (Node::Node):
+        (Node::~Node):
+        (ElementNode::evaluate):
+        (PropertyValueNode::evaluate):
+        (ArgumentListNode::evaluateList):
+        (NewExprNode::evaluate):
+        (FunctionCallValueNode::evaluate):
+        (FunctionCallBracketNode::evaluate):
+        (FunctionCallDotNode::evaluate):
+        (RelationalNode::evaluate):
+        (StatListNode::execute):
+        (StatListNode::processVarDecls):
+        (VarDeclListNode::evaluate):
+        (VarDeclListNode::processVarDecls):
+        (ForInNode::ForInNode):
+        (ClauseListNode::processVarDecls):
+        (CaseBlockNode::evalBlock):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+        (SourceElementsNode::execute):
+        (SourceElementsNode::processFuncDecl):
+        (SourceElementsNode::processVarDecls):
+        * kjs/nodes.h:
+        (KJS::Node::ref):
+        (KJS::Node::deref):
+        (KJS::NumberNode::NumberNode):
+        (KJS::GroupNode::GroupNode):
+        (KJS::ElementNode::ElementNode):
+        (KJS::ArrayNode::ArrayNode):
+        (KJS::PropertyValueNode::PropertyValueNode):
+        (KJS::ObjectLiteralNode::ObjectLiteralNode):
+        (KJS::BracketAccessorNode::BracketAccessorNode):
+        (KJS::DotAccessorNode::DotAccessorNode):
+        (KJS::ArgumentListNode::ArgumentListNode):
+        (KJS::ArgumentsNode::ArgumentsNode):
+        (KJS::NewExprNode::NewExprNode):
+        (KJS::FunctionCallValueNode::FunctionCallValueNode):
+        (KJS::FunctionCallResolveNode::FunctionCallResolveNode):
+        (KJS::FunctionCallBracketNode::FunctionCallBracketNode):
+        (KJS::FunctionCallDotNode::FunctionCallDotNode):
+        (KJS::PostfixNode::PostfixNode):
+        (KJS::DeleteNode::DeleteNode):
+        (KJS::VoidNode::VoidNode):
+        (KJS::TypeOfNode::TypeOfNode):
+        (KJS::PrefixNode::PrefixNode):
+        (KJS::UnaryPlusNode::UnaryPlusNode):
+        (KJS::NegateNode::NegateNode):
+        (KJS::BitwiseNotNode::BitwiseNotNode):
+        (KJS::LogicalNotNode::LogicalNotNode):
+        (KJS::MultNode::MultNode):
+        (KJS::AddNode::AddNode):
+        (KJS::ShiftNode::ShiftNode):
+        (KJS::RelationalNode::RelationalNode):
+        (KJS::EqualNode::EqualNode):
+        (KJS::BitOperNode::BitOperNode):
+        (KJS::BinaryLogicalNode::BinaryLogicalNode):
+        (KJS::ConditionalNode::ConditionalNode):
+        (KJS::AssignResolveNode::AssignResolveNode):
+        (KJS::AssignBracketNode::AssignBracketNode):
+        (KJS::AssignDotNode::AssignDotNode):
+        (KJS::CommaNode::CommaNode):
+        (KJS::AssignExprNode::AssignExprNode):
+        (KJS::VarDeclListNode::VarDeclListNode):
+        (KJS::VarStatementNode::VarStatementNode):
+        (KJS::ExprStatementNode::ExprStatementNode):
+        (KJS::IfNode::IfNode):
+        (KJS::DoWhileNode::DoWhileNode):
+        (KJS::WhileNode::WhileNode):
+        (KJS::ForNode::ForNode):
+        (KJS::ReturnNode::ReturnNode):
+        (KJS::WithNode::WithNode):
+        (KJS::CaseClauseNode::CaseClauseNode):
+        (KJS::ClauseListNode::ClauseListNode):
+        (KJS::ClauseListNode::clause):
+        (KJS::ClauseListNode::next):
+        (KJS::SwitchNode::SwitchNode):
+        (KJS::LabelNode::LabelNode):
+        (KJS::ThrowNode::ThrowNode):
+        (KJS::CatchNode::CatchNode):
+        (KJS::FinallyNode::FinallyNode):
+        (KJS::TryNode::TryNode):
+        (KJS::ParameterNode::ParameterNode):
+        (KJS::ParameterNode::nextParam):
+        (KJS::FuncDeclNode::FuncDeclNode):
+        (KJS::FuncExprNode::FuncExprNode):
+        * kjs/nodes2string.cpp:
+        (KJS::SourceStream::operator<<):
+        (ElementNode::streamTo):
+        (PropertyValueNode::streamTo):
+        (ArgumentListNode::streamTo):
+        (StatListNode::streamTo):
+        (VarDeclListNode::streamTo):
+        (CaseBlockNode::streamTo):
+        (ParameterNode::streamTo):
+        (SourceElementsNode::streamTo):
+        * kjs/shared_ptr.h: Added.
+        (kxmlcore::SharedPtr::SharedPtr):
+        (kxmlcore::SharedPtr::~SharedPtr):
+        (kxmlcore::SharedPtr::isNull):
+        (kxmlcore::SharedPtr::notNull):
+        (kxmlcore::SharedPtr::reset):
+        (kxmlcore::SharedPtr::get):
+        (kxmlcore::SharedPtr::operator*):
+        (kxmlcore::SharedPtr::operator->):
+        (kxmlcore::SharedPtr::operator!):
+        (kxmlcore::SharedPtr::operator bool):
+        (kxmlcore::SharedPtr::operator==):
+        (kxmlcore::::operator):
+        (kxmlcore::operator!=):
+        (kxmlcore::static_pointer_cast):
+        (kxmlcore::const_pointer_cast):
+
+2005-08-26  Geoff Garen  <ggaren@apple.com>
+
+        Reviewed by John.
+        Landed by Darin.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4664
+          TOT Crash from backwards null check in WebScriptObject.mm
+
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
+        Remove bogus !.
+
+2005-08-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - rename KJS::UString::string() to KJS::UString::domString()
+        - rename KJS::Identifier::string() to KJS::Identifier::domString()
+
+        * kjs/identifier.h: Renamed.
+        * kjs/ustring.h: Ditto.
+
+2005-08-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4435
+          speed up JavaScript by tweaking the Identifier class
+
+        * kjs/identifier.h: Add a new global nullIdentifier and make Identifier::null a function
+        that returns it.
+        * kjs/identifier.cpp: (KJS::Identifier::init): Initialize a global for the null identifier
+        as well as all the other globals for special identifiers.
+
+        * kjs/ustring.h: (KJS::UString::UString): Make this empty constructor inline.
+        * kjs/ustring.cpp: Remove the old non-inline version.
+
+2005-08-19  Mitz Pettel  <opendarwin.org@mitzpettel.com>
+
+        Reviewed by Maciej.
+        Revised and landed by Darin.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4474
+          REGRESSION: Crash when using in-place operator on uninitialized array element
+
+        * kjs/nodes.cpp:
+        (AssignResolveNode::evaluate): Remove unneeded "isSet" assertion.
+        (AssignBracketNode::evaluate): Replace code that tested "isSet" with code that
+        tests the return value of getPropertySlot.
+
+        * kjs/property_slot.h: Removed unneeded "isSet" function. Property slots are
+        either uninitialized or set. There's no "initialized and not set" state.
+
+2005-08-18  Adele Peterson  <adele@apple.com>
+
+        Checked "Inline Functions Hidden" box
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2005-08-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fixed crash in one of the JavaScript tests (introduced by my throwError change)
+
+        * kjs/nodes.cpp: (Node::setExceptionDetailsIfNeeded): Check if the exception is an
+        object before setting the file and line number properties on it. Something to think
+        about in the future -- do we really want to do this on any object that's thrown?
+        How about limiting it to error objects that were created by the JavaScript engine?
+
+        - changed kjs_fast_malloc so we don't have two conflicting versions of the same function
+
+        * kjs/fast_malloc.h: Took out all the ifdefs from this header.
+        * kjs/fast_malloc.cpp: Added non-NDEBUG versions of the functions that just call
+        the system malloc, and put the NDEBUG versions in an #else.
+
+2005-08-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - clean up exported symbols that are not in a "KJS" namespace
+
+        * bindings/NP_jsobject.cpp: (identiferFromNPIdentifier): Marked this function static
+        so it no longer has external linkage.
+        * bindings/c/c_utility.h: Put all this stuff inside the KJS namespace.
+        * bindings/c/c_utility.cpp: Also marked some globals static so they don't have external
+        linkage; not as important given the namespace.
+        * bindings/npruntime.cpp: Marked functions static so they no longer have internal linkage.
+        Also removed unused _NPN_SetExceptionWithUTF8 function (not in header, had C++ linkage!).
+
+        * bindings/jni/jni_utility.cpp: (KJS::Bindings::getJavaVM): Call KJS_GetCreatedJavaVMs
+        using the soft linking header, instead of calling the JNI call. This allows processes
+        to link both JavaScriptCore and JavaVM without a symbol conflict.
+        * bindings/softlinking.c:
+        (loadFramework): Marked this function static so it no longer has external linkage.
+        (getFunctionPointer): Ditto.
+        (KJS_GetCreatedJavaVMs): Renamed this so it has a KJS prefix.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added softlinking.h.
+        * bindings/softlinking.h: Added.
+
+        * kjs/nodes2string.cpp: (streamAssignmentOperatorTo): Marked this function static so it
+        no longer has external linkage.
+
+2005-08-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4437
+          clean up error creation with new throwError function
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_SetException):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::dispatchValueFromInstance):
+        (JavaField::dispatchSetValueToInstance):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:executionContext:]):
+        (-[WebScriptObject _initWithObjectImp:originExecutionContext:executionContext:]):
+        (+[WebScriptObject throwException:]):
+        (-[WebScriptObject setException:]):
+        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
+        * bindings/objc/objc_class.h:
+        (KJS::Bindings::ObjcClass::~ObjcClass):
+        (KJS::Bindings::ObjcClass::ObjcClass):
+        (KJS::Bindings::ObjcClass::operator=):
+        (KJS::Bindings::ObjcClass::constructorAt):
+        (KJS::Bindings::ObjcClass::numConstructors):
+        * bindings/objc/objc_header.h:
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcField::~ObjcField):
+        (KJS::Bindings::ObjcField::ObjcField):
+        (KJS::Bindings::ObjcField::operator=):
+        (KJS::Bindings::ObjcMethod::ObjcMethod):
+        (KJS::Bindings::ObjcMethod::~ObjcMethod):
+        (KJS::Bindings::ObjcMethod::operator=):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::JSMethodNameToObjCMethodName):
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertNSStringToString):
+        (KJS::Bindings::convertObjcValueToValue):
+        (KJS::Bindings::objcValueTypeForType):
+        (KJS::Bindings::createObjcInstanceForValue):
+        (KJS::Bindings::throwError):
+        * bindings/runtime.h:
+        (KJS::Bindings::Parameter::~Parameter):
+        (KJS::Bindings::Method::~Method):
+        (KJS::Bindings::Instance::Instance):
+        (KJS::Bindings::Instance::begin):
+        (KJS::Bindings::Instance::end):
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
+        (KJS::Bindings::Instance::setValueOfUndefinedField):
+        (KJS::Bindings::Instance::valueOf):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::put):
+        * bindings/runtime_object.h:
+        (KJS::RuntimeObjectImp::setInternalInstance):
+        (KJS::RuntimeObjectImp::getInternalInstance):
+        * kjs/array_object.cpp:
+        (getProperty):
+        (ArrayProtoFuncImp::callAsFunction):
+        (ArrayObjectImp::construct):
+        * kjs/bool_object.cpp:
+        (BooleanProtoFuncImp::callAsFunction):
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFuncImp::callAsFunction):
+        * kjs/function.cpp:
+        (KJS::decode):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionProtoFuncImp::callAsFunction):
+        (FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::UndefinedImp::toObject):
+        (KJS::NullImp::toObject):
+        (KJS::InterpreterImp::evaluate):
+        (KJS::InternalFunctionImp::hasInstance):
+        * kjs/nodes.cpp:
+        (Node::throwError):
+        (substitute):
+        (Node::setExceptionDetailsIfNeeded):
+        (undefinedVariableError):
+        (ProgramNode::ProgramNode):
+        * kjs/number_object.cpp:
+        (NumberProtoFuncImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::call):
+        (KJS::ObjectImp::defaultValue):
+        (KJS::Error::create):
+        (KJS::throwError):
+        * kjs/object.h:
+        (KJS::ObjectImp::clearProperties):
+        (KJS::ObjectImp::getPropertySlot):
+        (KJS::ObjectImp::getOwnPropertySlot):
+        * kjs/object_object.cpp:
+        (ObjectProtoFuncImp::callAsFunction):
+        * kjs/reference.cpp:
+        (KJS::Reference::getBase):
+        (KJS::Reference::getValue):
+        (KJS::Reference::putValue):
+        (KJS::Reference::deleteValue):
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFuncImp::callAsFunction):
+        (RegExpObjectImp::construct):
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::callAsFunction):
+
+2005-08-15  Anders Carlsson  <andersca@mac.com>
+
+        Reviewed by Darin.
+
+        * tests/mozilla/ecma_3/Date/15.9.5.5.js:
+        Remove the code which tests that Date.toLocaleString should be parsable
+        by Date.parse. That is not true according to the spec.
+
+2005-08-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/collector.cpp: (KJS::Collector::allocate): Use a local instead of a global in one
+        more place; slight speedup.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed crash observed on one of the Apple-only layout tests
+
+        * kjs/property_map.cpp: (KJS::PropertyMap::mark): Change code to understand that deleted
+        entries have a value of NULL, so the deleted sentinel count doesn't need to be included
+        in the count of things to mark since we're ignoring the keys.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4421
+          speed up JavaScript by inlining some label stack functions
+
+        * kjs/internal.h: Removed the copy constructor and assignment operator for LabelStack.
+        They were unused, and the implementations had bugs; I removed them rather than fixing them.
+        Also removed the clear function, since that was only needed to help the assignment operator
+        share code with the destructor, and was not efficient enough for the destructor.
+        (KJS::LabelStack::~LabelStack): Made this inline. Also used an efficient implementation
+        that's nice and fast when the stack is empty, better than the old clear() function which
+        used to keep updating and refetching "tos" each time through the loop.
+        (KJS::LabelStack::pop): Made this inline.
+
+        * kjs/internal.cpp: Deleted the now-inline functions and the obsolete functions. Also
+        deleted a commented-out line of code.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4419
+          speed up JavaScript by improving KJS::List
+
+        my measurements show an improvement of 1% on iBench JavaScript
+
+        * kjs/list.cpp: Rearrange list to make the values and free list share the same storage,
+        which saves 4 bytes per list. Also remove the pointers used only on the heap from the
+        lists that are in the pool, which saves 8 bytes per list. Moving the free list pointer
+        closer to the start of the list object also speeds up access to the free list. New
+        "HeapListImp" struct is used only for the lists on the heap.
+        (KJS::List::markProtectedLists): Shadowed global variable in local and updated for the
+        new terminology ("heap" instead of "outside pool").
+        (KJS::allocateListImp): Updated for new terminology.
+        (KJS::List::release): Moved the code from deallocateListImp in here -- it wasn't being
+        inlined and didn't need to be in a separate function.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4417
+          speed up JavaScript with some small changes to the property map code
+
+        my measurements show an improvement of 2% on iBench JavaScript
+
+        * kjs/property_map.h: (KJS::PropertyMap::PropertyMap): Made the default constructor inline.
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap): Changed loop to exit early once we know we've processed
+        all the hash table entries, based on the count.
+        (KJS::PropertyMap::mark): Ditto.
+
+        * kjs/object.h: Made an arbitrary change here to force recompiling so we pick up changes to
+        property_map.h. Works around what seems to be an Xcode header dependency bug.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4416
+          speed up JavaScript with some improvements to the garbage collector
+
+        my measurements show an improvement of 2% on iBench JavaScript
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate): Use local variables to shadow globals instead of repeatedly
+        going at global variables. Tighten up loop implementations to make the common case fast.
+        (KJS::Collector::markStackObjectsConservatively): Use local variables to shadow globals.
+        Used a goto to eliminate a boolean since it was showing up in the profile.
+        (KJS::Collector::markProtectedObjects): Iterate through the table using pointer rather
+        than an index since the profile showed that generating better code.
+        (KJS::Collector::collect): Added a special case for blocks where all cells are used,
+        Use local variables to shadow globals. Eliminated a boolean by computing it another
+        way (checking to see if the number of live objects changed). Also used local variables
+        to shadow fields in the current cell when sweeping.
+        (KJS::Collector::numReferencedObjects): Use AllocatedValueImp instead of ValueImp
+        in one place -- means we get faster versions of various functions that don't worry
+        about SimpleNumber.
+        (KJS::className): Ditto.
+        (KJS::Collector::rootObjectClasses): Ditto.
+
+2005-08-14  Darin Adler  <darin@apple.com>
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4344
+          REGRESSION: JavaScript crash when going back from viewing a thread (NULL protoype)
+
+        * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set proto in a more
+        straightforward way. The old code set the proto to 0 and then to the correct value.
+        This showed up as a "false positive" when searching for places that set prototype
+        to NULL/0 so I fixed it.
+
+        * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Change to
+        not pass an explicit "0" to the base class (InternalFunctionImp) constructor.
+
+        * kjs/internal.h: Added a default constructor for InternalFunctionImp.
+        * kjs/internal.cpp: (KJS::InternalFunctionImp::InternalFunctionImp): Added the
+        default constructor (empty body, just calls base class's default constructor).
+
+        * kjs/object.h:
+        (KJS::ObjectImp::ObjectImp): Add an assertion to catch NULL prototypes earlier
+        in Development builds.
+        (KJS::ObjectImp::setPrototype): Ditto.
+
+2005-08-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - two simple speed improvements for a 3% speed gain
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj: turn on -fstrict-aliasing
+
+        * kjs/scope_chain.h:
+        (KJS::ScopeChainIterator::ScopeChainIterator): Add a scope chain iterator
+        so you can walk a scope chain without having to make a copy that you then mutate.
+        (KJS::ScopeChainIterator::operator*): standard iterator operation
+        (KJS::ScopeChainIterator::operator->): ditto
+        (KJS::ScopeChainIterator::operator++): ditto
+        (KJS::ScopeChainIterator::operator==): ditto
+        (KJS::ScopeChainIterator::operator!=): ditto
+        (KJS::ScopeChain::begin): Iterator for the top of the scope chain
+        (KJS::ScopeChain::end): Iterator for one past the bottom (i.e. null)
+        * kjs/nodes.cpp:
+        (ResolveNode::evaluate): Use scope chain iterator instead of copying
+        a scope chain and then modifying the copy
+        (ResolveNode::evaluateReference): ditto
+        (FunctionCallResolveNode::evaluate): ditto
+        (AssignResolveNode::evaluate): ditto
+
+2005-08-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Anders Carlsson, reviewed by me.
+
+        * kjs/nodes.h: Fix build breakage.
+
+2005-08-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by hyatt.
+
+        - refactor function calls, 3% speedup on JS iBench.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (Node::throwError): Added new useful variants.
+        (FunctionCallValueNode::evaluate): New node to handle calls on expressions
+        that are strictly values, not references.
+        (FunctionCallValueNode::ref):  ditto
+        (FunctionCallValueNode::deref): ditto
+        (FunctionCallResolveNode::evaluate): New node to handle calls on identifier
+        expressions, so that they are looked up in the scope chain.
+        (FunctionCallResolveNode::ref): ditto
+        (FunctionCallResolveNode::deref): ditto
+        (FunctionCallBracketNode::evaluate): New node to handle calls on bracket
+        dereferences, so that the expression before brackets is used as the this
+        object.
+        (FunctionCallBracketNode::ref): ditto
+        (FunctionCallBracketNode::deref): ditto
+        (FunctionCallDotNode::evaluate): New node to handle calls on dot
+        dereferences, so that the expression before the dot is used as the this
+        object.
+        (FunctionCallDotNode::ref): ditto
+        (FunctionCallDotNode::deref): ditto
+        (dotExprNotAnObjectString): helper function to avoid global variable access.
+        (dotExprDoesNotAllowCallsString): ditto
+        * kjs/nodes.h: Declared new classes.
+        * kjs/nodes2string.cpp:
+        (FunctionCallValueNode::streamTo): Added - serializes the appropriate function call
+        (FunctionCallResolveNode::streamTo): ditto
+        (FunctionCallBracketNode::streamTo): ditto
+        (FunctionCallParenBracketNode::streamTo): ditto
+        (FunctionCallDotNode::streamTo): ditto
+        (FunctionCallParenDotNode::streamTo): ditto
+        * kjs/object.h:
+        (KJS::ObjectImp::isActivation): Change how activation objects are
+        detected in the scope chain, a virtual function is cheaper than the
+        old inheritance test.
+        * kjs/function.h:
+        (KJS::ActivationImp::isActivation): Ditto.
+
+2005-08-11  Maciej Stachowiak  <mjs@apple.com>
+
+        - added missing file from earlier checkin
+
+        * kjs/grammar_types.h: Added.
+        (KJS::makeNodePair):
+        (KJS::makeNodeWithIdent):
+
+2005-08-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/date_object.cpp:
+        (timetUsingCF): Fix one of the date tests my making the CF version of mktime
+        have the same quirk about the DST field as the real mktime.
+        * tests/mozilla/expected.html: Updated for newly fixed test.
+
+2005-08-11  Maciej Stachowiak  <mjs@apple.com>
+
+        - updated for one of the tests that Darin incidentally fixed.
+
+        * tests/mozilla/expected.html:
+
+2005-08-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        Refactor assignment grammar to avoid Reference type, and to later
+        be able to take advantage of writeable PropertySlots, when those
+        are added. I also fixed a minor bug, turning a function to a
+        string lost parentheses, I made sure they are printed at least
+        where semantically significant.
+        
+        Test cases: see WebCore
+        
+        * kjs/grammar.y: Change grammar so that assignment expressions are parsed
+        directly to nodes that know how to set the kind of location being assigned, instead
+        of having a generic assign node that counts on evaluateReference.
+        * kjs/lexer.cpp: Include grammar_types.h.
+        * kjs/nodes.cpp:
+        (BracketAccessorNode): Renamed from AccessorNode1 for clarity.
+        (DotAccessorNode): Renamed from AccessorNode2 for clarity.
+        (combineForAssignment): Inline function for doing the proper kind of
+        operation for various update assignments like += or *=.
+        (AssignResolveNode): Node that handles assignment to a bare identifier.
+        (AssignDotNode): Node that handles assignments of the form EXPR . IDENT = EXPR
+        (AssignBracketNode): EXPR [ IDENT ] = EXPR
+        * kjs/nodes.h: Updated for declarations/renames of new classes.
+        * kjs/nodes2string.cpp:
+        (GroupNode::streamTo): Fixed to print parens around the expression.
+        (BracketAccessorNode::streamTo): Renamed.
+        (DotAccessorNode::streamTo): Renamed.
+        (AssignResolveNode::streamTo): Added.
+        (AssignBracketNode::streamTo): Added.
+        (AssignDotNode::streamTo): Added.
+        (streamAssignmentOperatorTo): helper function for the above
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::isSet): Made this const.
+
+2005-08-10  Adele Peterson  <adele@apple.com>
+
+        Bumping version to 420+
+
+        * Info.plist:
+
+2005-08-10  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed <rdar://problem/4151132> REGRESSION: Some applet liveconnect calls 
+        throws privilege exception.
+        
+        Reviewed by richard and mjs.
+
+        -I removed the global static JavaClass cache, since it violated Java
+        security to cache classes between websites and applets.
+        
+        * bindings/jni/jni_class.cpp: 
+            -removed global static cache dictionary
+            -instance constructor and destructor now do the work that used to 
+            be done by static factory methods
+            -removed obsolete functions
+        (JavaClass::JavaClass):
+        (JavaClass::~JavaClass):
+        * bindings/jni/jni_class.h:
+            -removed obsolete function declarations
+            -made copying private since it's unused and it's also not clear
+            excatly how copying would work with Java security
+            -made default construction private since it's meaningless
+        * bindings/jni/jni_instance.cpp:
+            -removed obsolete functions
+        (JavaInstance::~JavaInstance):
+        (JavaInstance::getClass):
+        * bindings/jni/jni_instance.h:
+           -made copying private since it's unused and it's also not clear
+            excatly how copying would work with Java security
+            -made default construction private since it's meaningless
+
+2005-08-08  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed crash caused by fix for http://bugs.webkit.org/show_bug.cgi?id=4313
+        
+        - exceptionDescription now gets explicitly initialized to NULL in all
+        the places listed below -- our wrapper classes used to take care of this 
+        automagically
+        
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::dispatchValueFromInstance):
+        (JavaField::dispatchSetValueToInstance):
+
+2005-08-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4325
+          Mozilla Date tests have an unnecessary loop that runs 1970 times before each test
+
+        * tests/mozilla/ecma/shell.js: Added TIME_YEAR_0 constant.
+
+        * tests/mozilla/ecma/Date/15.9.5.10-1.js: Removed the loop and changed code to use the constant.
+        * tests/mozilla/ecma/Date/15.9.5.10-10.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-11.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-12.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-13.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-3.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-4.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.10-9.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.11-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-1.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-3.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-4.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.12-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.13-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.13-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.14.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.15.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.16.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.17.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.18.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.19.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.20.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-1.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-3.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-4.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.21-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-1.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-2.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-3.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-4.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.22-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-4.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.23-9.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.5.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.6.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.7.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.8.js: Ditto.
+        * tests/mozilla/ecma/Date/15.9.5.9.js: Ditto.
+
+2005-08-08  Darin Adler  <darin@apple.com>
+
+        - forgot to delete an obsolete file
+
+        * kjs/object_wrapper.h: Deleted.
+
+2005-08-07  Darin Adler  <darin@apple.com>
+
+        - fixed two problems compiling with gcc 4.0
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::callAsFunction): Initialized a
+        variable to quiet an erroneous warning.
+        * kjs/date_object.cpp: (KJS::makeTime): Removed extraneous KJS:: prefix.
+
+2005-08-07  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Maciej.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4313
+          eliminate KJS::Value and KJS::Object smart pointer wrappers (for simplicity and speed)
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Removed object_wrapper.h.
+
+        Global replaces and other wonderful stuff.
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_HasMethod):
+        (_NPN_SetException):
+        * bindings/c/c_instance.cpp:
+        (KJS::Bindings::CInstance::CInstance):
+        (KJS::Bindings::CInstance::invokeMethod):
+        (KJS::Bindings::CInstance::invokeDefaultMethod):
+        (KJS::Bindings::CInstance::defaultValue):
+        (KJS::Bindings::CInstance::stringValue):
+        (KJS::Bindings::CInstance::numberValue):
+        (KJS::Bindings::CInstance::booleanValue):
+        (KJS::Bindings::CInstance::valueOf):
+        * bindings/c/c_instance.h:
+        * bindings/c/c_runtime.cpp:
+        (CField::valueFromInstance):
+        (CField::setValueToInstance):
+        * bindings/c/c_runtime.h:
+        * bindings/c/c_utility.cpp:
+        (convertNPStringToUTF16):
+        (convertUTF8ToUTF16):
+        (coerceValueToNPVariantStringType):
+        (convertValueToNPVariant):
+        (convertNPVariantToValue):
+        * bindings/c/c_utility.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::stringValue):
+        (JavaInstance::numberValue):
+        (JavaInstance::booleanValue):
+        (JavaInstance::invokeMethod):
+        (JavaInstance::invokeDefaultMethod):
+        (JavaInstance::defaultValue):
+        (JavaInstance::valueOf):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::invoke):
+        (JSObject::call):
+        (JSObject::eval):
+        (JSObject::getMember):
+        (JSObject::getSlot):
+        (JSObject::toString):
+        (JSObject::convertValueToJObject):
+        (JSObject::convertJObjectToValue):
+        (JSObject::listFromJArray):
+        * bindings/jni/jni_jsobject.h:
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::convertJObjectToArray):
+        (JavaField::dispatchValueFromInstance):
+        (JavaField::valueFromInstance):
+        (JavaField::dispatchSetValueToInstance):
+        (JavaField::setValueToInstance):
+        (JavaArray::setValueAt):
+        (JavaArray::valueAt):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaString::ustring):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJavaVM):
+        (KJS::Bindings::getJNIEnv):
+        (KJS::Bindings::getMethodID):
+        (KJS::Bindings::callJNIVoidMethod):
+        (KJS::Bindings::callJNIObjectMethod):
+        (KJS::Bindings::callJNIBooleanMethod):
+        (KJS::Bindings::callJNIStaticBooleanMethod):
+        (KJS::Bindings::callJNIByteMethod):
+        (KJS::Bindings::callJNICharMethod):
+        (KJS::Bindings::callJNIShortMethod):
+        (KJS::Bindings::callJNIIntMethod):
+        (KJS::Bindings::callJNILongMethod):
+        (KJS::Bindings::callJNIFloatMethod):
+        (KJS::Bindings::callJNIDoubleMethod):
+        (KJS::Bindings::callJNIVoidMethodA):
+        (KJS::Bindings::callJNIObjectMethodA):
+        (KJS::Bindings::callJNIByteMethodA):
+        (KJS::Bindings::callJNICharMethodA):
+        (KJS::Bindings::callJNIShortMethodA):
+        (KJS::Bindings::callJNIIntMethodA):
+        (KJS::Bindings::callJNILongMethodA):
+        (KJS::Bindings::callJNIFloatMethodA):
+        (KJS::Bindings::callJNIDoubleMethodA):
+        (KJS::Bindings::callJNIBooleanMethodA):
+        (KJS::Bindings::callJNIVoidMethodIDA):
+        (KJS::Bindings::callJNIObjectMethodIDA):
+        (KJS::Bindings::callJNIByteMethodIDA):
+        (KJS::Bindings::callJNICharMethodIDA):
+        (KJS::Bindings::callJNIShortMethodIDA):
+        (KJS::Bindings::callJNIIntMethodIDA):
+        (KJS::Bindings::callJNILongMethodIDA):
+        (KJS::Bindings::callJNIFloatMethodIDA):
+        (KJS::Bindings::callJNIDoubleMethodIDA):
+        (KJS::Bindings::callJNIBooleanMethodIDA):
+        (KJS::Bindings::getCharactersFromJString):
+        (KJS::Bindings::releaseCharactersForJString):
+        (KJS::Bindings::getCharactersFromJStringInEnv):
+        (KJS::Bindings::releaseCharactersForJStringInEnv):
+        (KJS::Bindings::getUCharactersFromJStringInEnv):
+        (KJS::Bindings::releaseUCharactersForJStringInEnv):
+        (KJS::Bindings::JNITypeFromClassName):
+        (KJS::Bindings::signatureFromPrimitiveType):
+        (KJS::Bindings::JNITypeFromPrimitiveType):
+        (KJS::Bindings::getJNIField):
+        (KJS::Bindings::convertValueToJValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/objc/WebScriptObject.mm:
+        (_didExecute):
+        (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
+        (-[WebScriptObject _initWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
+        (-[WebScriptObject _imp]):
+        (-[WebScriptObject _executionContext]):
+        (-[WebScriptObject _setExecutionContext:]):
+        (-[WebScriptObject _originExecutionContext]):
+        (-[WebScriptObject _setOriginExecutionContext:]):
+        (+[WebScriptObject throwException:]):
+        (listFromNSArray):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject removeWebScriptKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        (-[WebScriptObject setException:]):
+        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:Bindings::]):
+        * bindings/objc/WebScriptObjectPrivate.h:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        (KJS::Bindings::ObjcClass::fallbackObject):
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::invokeDefaultMethod):
+        (ObjcInstance::setValueOfField):
+        (ObjcInstance::setValueOfUndefinedField):
+        (ObjcInstance::getValueOfField):
+        (ObjcInstance::getValueOfUndefinedField):
+        (ObjcInstance::defaultValue):
+        (ObjcInstance::stringValue):
+        (ObjcInstance::numberValue):
+        (ObjcInstance::booleanValue):
+        (ObjcInstance::valueOf):
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (convertValueToObjcObject):
+        (ObjcField::setValueToInstance):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+        (ObjcFallbackObjectImp::put):
+        (ObjcFallbackObjectImp::callAsFunction):
+        (ObjcFallbackObjectImp::defaultValue):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (Bindings::JSMethodNameToObjCMethodName):
+        (Bindings::convertValueToObjcValue):
+        (Bindings::convertNSStringToString):
+        (Bindings::convertObjcValueToValue):
+        (Bindings::objcValueTypeForType):
+        (Bindings::createObjcInstanceForValue):
+        * bindings/runtime.cpp:
+        (Instance::getValueOfField):
+        (Instance::setValueOfField):
+        (Instance::createRuntimeObject):
+        (Instance::createLanguageInstanceForValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Constructor::~Constructor):
+        (KJS::Bindings::Field::~Field):
+        (KJS::Bindings::MethodList::MethodList):
+        (KJS::Bindings::Class::fallbackObject):
+        (KJS::Bindings::Class::~Class):
+        (KJS::Bindings::Instance::Instance):
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
+        (KJS::Bindings::Instance::setValueOfUndefinedField):
+        (KJS::Bindings::Instance::valueOf):
+        (KJS::Bindings::Instance::setExecutionContext):
+        (KJS::Bindings::Instance::~Instance):
+        (KJS::Bindings::Array::~Array):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::RuntimeArrayImp):
+        (RuntimeArrayImp::lengthGetter):
+        (RuntimeArrayImp::indexGetter):
+        (RuntimeArrayImp::put):
+        * bindings/runtime_array.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::lengthGetter):
+        (RuntimeMethodImp::callAsFunction):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::getOwnPropertySlot):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::defaultValue):
+        (RuntimeObjectImp::callAsFunction):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp):
+        (ArrayInstanceImp::lengthGetter):
+        (ArrayInstanceImp::getOwnPropertySlot):
+        (ArrayInstanceImp::put):
+        (ArrayInstanceImp::propList):
+        (ArrayInstanceImp::setLength):
+        (compareByStringForQSort):
+        (compareWithCompareFunctionForQSort):
+        (ArrayInstanceImp::sort):
+        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
+        (ArrayPrototypeImp::ArrayPrototypeImp):
+        (ArrayProtoFuncImp::ArrayProtoFuncImp):
+        (ArrayProtoFuncImp::callAsFunction):
+        (ArrayObjectImp::ArrayObjectImp):
+        (ArrayObjectImp::construct):
+        (ArrayObjectImp::callAsFunction):
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        (BooleanPrototypeImp::BooleanPrototypeImp):
+        (BooleanProtoFuncImp::BooleanProtoFuncImp):
+        (BooleanProtoFuncImp::callAsFunction):
+        (BooleanObjectImp::BooleanObjectImp):
+        (BooleanObjectImp::construct):
+        (BooleanObjectImp::callAsFunction):
+        * kjs/bool_object.h:
+        * kjs/collector.cpp:
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::collect):
+        (KJS::className):
+        * kjs/completion.h:
+        (KJS::Completion::Completion):
+        (KJS::Completion::value):
+        (KJS::Completion::isValueCompletion):
+        * kjs/context.h:
+        (KJS::ContextImp::variableObject):
+        (KJS::ContextImp::setVariableObject):
+        (KJS::ContextImp::thisValue):
+        (KJS::ContextImp::activationObject):
+        (KJS::ContextImp::pushScope):
+        * kjs/date_object.cpp:
+        (formatLocaleDate):
+        (KJS::timeFromArgs):
+        (KJS::DatePrototypeImp::DatePrototypeImp):
+        (KJS::DateProtoFuncImp::DateProtoFuncImp):
+        (KJS::DateProtoFuncImp::callAsFunction):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::parseDate):
+        (KJS::KRFCDate_parseDate):
+        (KJS::timeClip):
+        * kjs/date_object.h:
+        * kjs/debugger.cpp:
+        (Debugger::exception):
+        (Debugger::callEvent):
+        (Debugger::returnEvent):
+        * kjs/debugger.h:
+        * kjs/error_object.cpp:
+        (ErrorPrototypeImp::ErrorPrototypeImp):
+        (ErrorProtoFuncImp::ErrorProtoFuncImp):
+        (ErrorProtoFuncImp::callAsFunction):
+        (ErrorObjectImp::ErrorObjectImp):
+        (ErrorObjectImp::construct):
+        (ErrorObjectImp::callAsFunction):
+        (NativeErrorPrototypeImp::NativeErrorPrototypeImp):
+        (NativeErrorImp::NativeErrorImp):
+        (NativeErrorImp::construct):
+        (NativeErrorImp::callAsFunction):
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::FunctionImp):
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::processParameters):
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::put):
+        (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
+        (KJS::DeclaredFunctionImp::construct):
+        (KJS::ArgumentsImp::ArgumentsImp):
+        (KJS::ArgumentsImp::mappedIndexGetter):
+        (KJS::ArgumentsImp::put):
+        (KJS::ActivationImp::argumentsGetter):
+        (KJS::GlobalFuncImp::GlobalFuncImp):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (FunctionPrototypeImp::FunctionPrototypeImp):
+        (FunctionPrototypeImp::callAsFunction):
+        (FunctionProtoFuncImp::FunctionProtoFuncImp):
+        (FunctionProtoFuncImp::callAsFunction):
+        (FunctionObjectImp::FunctionObjectImp):
+        (FunctionObjectImp::construct):
+        (FunctionObjectImp::callAsFunction):
+        * kjs/function_object.h:
+        * kjs/internal.cpp:
+        (KJS::UndefinedImp::toPrimitive):
+        (KJS::UndefinedImp::toObject):
+        (KJS::NullImp::toPrimitive):
+        (KJS::NullImp::toObject):
+        (KJS::BooleanImp::toPrimitive):
+        (KJS::BooleanImp::toObject):
+        (KJS::StringImp::toPrimitive):
+        (KJS::StringImp::toObject):
+        (KJS::NumberImp::toPrimitive):
+        (KJS::NumberImp::toObject):
+        (KJS::NumberImp::getUInt32):
+        (KJS::LabelStack::push):
+        (KJS::ContextImp::ContextImp):
+        (KJS::InterpreterImp::globalInit):
+        (KJS::InterpreterImp::globalClear):
+        (KJS::InterpreterImp::InterpreterImp):
+        (KJS::InterpreterImp::initGlobalObject):
+        (KJS::InterpreterImp::clear):
+        (KJS::InterpreterImp::mark):
+        (KJS::InterpreterImp::evaluate):
+        (KJS::InternalFunctionImp::hasInstance):
+        (KJS::roundValue):
+        (KJS::printInfo):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::builtinObject):
+        (KJS::InterpreterImp::builtinFunction):
+        (KJS::InterpreterImp::builtinArray):
+        (KJS::InterpreterImp::builtinBoolean):
+        (KJS::InterpreterImp::builtinString):
+        (KJS::InterpreterImp::builtinNumber):
+        (KJS::InterpreterImp::builtinDate):
+        (KJS::InterpreterImp::builtinRegExp):
+        (KJS::InterpreterImp::builtinError):
+        (KJS::InterpreterImp::builtinObjectPrototype):
+        (KJS::InterpreterImp::builtinFunctionPrototype):
+        (KJS::InterpreterImp::builtinArrayPrototype):
+        (KJS::InterpreterImp::builtinBooleanPrototype):
+        (KJS::InterpreterImp::builtinStringPrototype):
+        (KJS::InterpreterImp::builtinNumberPrototype):
+        (KJS::InterpreterImp::builtinDatePrototype):
+        (KJS::InterpreterImp::builtinRegExpPrototype):
+        (KJS::InterpreterImp::builtinErrorPrototype):
+        (KJS::InterpreterImp::builtinEvalError):
+        (KJS::InterpreterImp::builtinRangeError):
+        (KJS::InterpreterImp::builtinReferenceError):
+        (KJS::InterpreterImp::builtinSyntaxError):
+        (KJS::InterpreterImp::builtinTypeError):
+        (KJS::InterpreterImp::builtinURIError):
+        (KJS::InterpreterImp::builtinEvalErrorPrototype):
+        (KJS::InterpreterImp::builtinRangeErrorPrototype):
+        (KJS::InterpreterImp::builtinReferenceErrorPrototype):
+        (KJS::InterpreterImp::builtinSyntaxErrorPrototype):
+        (KJS::InterpreterImp::builtinTypeErrorPrototype):
+        (KJS::InterpreterImp::builtinURIErrorPrototype):
+        * kjs/interpreter.cpp:
+        (Context::variableObject):
+        (Context::thisValue):
+        (Interpreter::Interpreter):
+        (Interpreter::globalObject):
+        (Interpreter::evaluate):
+        (Interpreter::builtinObject):
+        (Interpreter::builtinFunction):
+        (Interpreter::builtinArray):
+        (Interpreter::builtinBoolean):
+        (Interpreter::builtinString):
+        (Interpreter::builtinNumber):
+        (Interpreter::builtinDate):
+        (Interpreter::builtinRegExp):
+        (Interpreter::builtinError):
+        (Interpreter::builtinObjectPrototype):
+        (Interpreter::builtinFunctionPrototype):
+        (Interpreter::builtinArrayPrototype):
+        (Interpreter::builtinBooleanPrototype):
+        (Interpreter::builtinStringPrototype):
+        (Interpreter::builtinNumberPrototype):
+        (Interpreter::builtinDatePrototype):
+        (Interpreter::builtinRegExpPrototype):
+        (Interpreter::builtinErrorPrototype):
+        (Interpreter::builtinEvalError):
+        (Interpreter::builtinRangeError):
+        (Interpreter::builtinReferenceError):
+        (Interpreter::builtinSyntaxError):
+        (Interpreter::builtinTypeError):
+        (Interpreter::builtinURIError):
+        (Interpreter::builtinEvalErrorPrototype):
+        (Interpreter::builtinRangeErrorPrototype):
+        (Interpreter::builtinReferenceErrorPrototype):
+        (Interpreter::builtinSyntaxErrorPrototype):
+        (Interpreter::builtinTypeErrorPrototype):
+        (Interpreter::builtinURIErrorPrototype):
+        (Interpreter::createLanguageInstanceForValue):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::isGlobalObject):
+        (KJS::ExecState::setException):
+        (KJS::ExecState::clearException):
+        (KJS::ExecState::exception):
+        (KJS::ExecState::hadException):
+        (KJS::ExecState::ExecState):
+        * kjs/list.cpp:
+        (KJS::List::at):
+        * kjs/list.h:
+        (KJS::List::operator[]):
+        (KJS::ListIterator::operator->):
+        (KJS::ListIterator::operator*):
+        (KJS::ListIterator::operator++):
+        (KJS::ListIterator::operator--):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        (KJS::lookupPut):
+        (KJS::cacheGlobalObject):
+        * kjs/math_object.cpp:
+        (MathObjectImp::getValueProperty):
+        (MathFuncImp::MathFuncImp):
+        (MathFuncImp::callAsFunction):
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        (Node::evaluateReference):
+        (Node::throwError):
+        (Node::setExceptionDetailsIfNeeded):
+        (NullNode::evaluate):
+        (BooleanNode::evaluate):
+        (NumberNode::evaluate):
+        (StringNode::evaluate):
+        (RegExpNode::evaluate):
+        (ThisNode::evaluate):
+        (ResolveNode::evaluate):
+        (ResolveNode::evaluateReference):
+        (GroupNode::evaluate):
+        (ElementNode::evaluate):
+        (ArrayNode::evaluate):
+        (ObjectLiteralNode::evaluate):
+        (PropertyValueNode::evaluate):
+        (PropertyNode::evaluate):
+        (AccessorNode1::evaluate):
+        (AccessorNode1::evaluateReference):
+        (AccessorNode2::evaluate):
+        (AccessorNode2::evaluateReference):
+        (ArgumentListNode::evaluate):
+        (ArgumentListNode::evaluateList):
+        (ArgumentsNode::evaluate):
+        (NewExprNode::evaluate):
+        (FunctionCallNode::evaluate):
+        (PostfixNode::evaluate):
+        (DeleteNode::evaluate):
+        (VoidNode::evaluate):
+        (TypeOfNode::evaluate):
+        (PrefixNode::evaluate):
+        (UnaryPlusNode::evaluate):
+        (NegateNode::evaluate):
+        (BitwiseNotNode::evaluate):
+        (LogicalNotNode::evaluate):
+        (MultNode::evaluate):
+        (AddNode::evaluate):
+        (ShiftNode::evaluate):
+        (RelationalNode::evaluate):
+        (EqualNode::evaluate):
+        (BitOperNode::evaluate):
+        (BinaryLogicalNode::evaluate):
+        (ConditionalNode::evaluate):
+        (AssignNode::evaluate):
+        (CommaNode::evaluate):
+        (StatListNode::execute):
+        (AssignExprNode::evaluate):
+        (VarDeclNode::evaluate):
+        (VarDeclNode::processVarDecls):
+        (VarDeclListNode::evaluate):
+        (ExprStatementNode::execute):
+        (IfNode::execute):
+        (DoWhileNode::execute):
+        (WhileNode::execute):
+        (ForNode::execute):
+        (ForInNode::execute):
+        (ContinueNode::execute):
+        (BreakNode::execute):
+        (ReturnNode::execute):
+        (WithNode::execute):
+        (CaseClauseNode::evaluate):
+        (ClauseListNode::evaluate):
+        (CaseBlockNode::evaluate):
+        (CaseBlockNode::evalBlock):
+        (SwitchNode::execute):
+        (ThrowNode::execute):
+        (CatchNode::execute):
+        (TryNode::execute):
+        (ParameterNode::evaluate):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+        (SourceElementsNode::execute):
+        * kjs/nodes.h:
+        (KJS::StatementNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberPrototypeImp::NumberPrototypeImp):
+        (NumberProtoFuncImp::NumberProtoFuncImp):
+        (NumberProtoFuncImp::callAsFunction):
+        (NumberObjectImp::NumberObjectImp):
+        (NumberObjectImp::getValueProperty):
+        (NumberObjectImp::construct):
+        (NumberObjectImp::callAsFunction):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::call):
+        (KJS::ObjectImp::mark):
+        (KJS::ObjectImp::classInfo):
+        (KJS::ObjectImp::get):
+        (KJS::ObjectImp::getProperty):
+        (KJS::ObjectImp::getPropertySlot):
+        (KJS::ObjectImp::put):
+        (KJS::ObjectImp::hasOwnProperty):
+        (KJS::ObjectImp::defaultValue):
+        (KJS::ObjectImp::findPropertyHashEntry):
+        (KJS::ObjectImp::construct):
+        (KJS::ObjectImp::callAsFunction):
+        (KJS::ObjectImp::hasInstance):
+        (KJS::ObjectImp::propList):
+        (KJS::ObjectImp::toPrimitive):
+        (KJS::ObjectImp::toNumber):
+        (KJS::ObjectImp::toString):
+        (KJS::ObjectImp::toObject):
+        (KJS::ObjectImp::putDirect):
+        (KJS::Error::create):
+        (KJS::error):
+        * kjs/object.h:
+        (KJS::):
+        (KJS::ObjectImp::getPropertySlot):
+        (KJS::AllocatedValueImp::isObject):
+        (KJS::ObjectImp::ObjectImp):
+        (KJS::ObjectImp::internalValue):
+        (KJS::ObjectImp::setInternalValue):
+        (KJS::ObjectImp::prototype):
+        (KJS::ObjectImp::setPrototype):
+        (KJS::ObjectImp::inherits):
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::ObjectProtoFuncImp):
+        (ObjectProtoFuncImp::callAsFunction):
+        (ObjectObjectImp::ObjectObjectImp):
+        (ObjectObjectImp::construct):
+        (ObjectObjectImp::callAsFunction):
+        * kjs/object_object.h:
+        * kjs/operations.cpp:
+        (KJS::equal):
+        (KJS::strictEqual):
+        (KJS::relation):
+        (KJS::add):
+        (KJS::mult):
+        * kjs/operations.h:
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::mark):
+        (KJS::PropertyMap::addEnumerablesToReferenceList):
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
+        (KJS::PropertyMap::save):
+        (KJS::PropertyMap::restore):
+        * kjs/property_map.h:
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::undefinedGetter):
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::getValue):
+        * kjs/protect.h:
+        (KJS::gcUnprotectNullTolerant):
+        (KJS::ProtectedValue::ProtectedValue):
+        (KJS::ProtectedValue::~ProtectedValue):
+        (KJS::ProtectedValue::operator=):
+        (KJS::ProtectedValue::operator ValueImp *):
+        (KJS::ProtectedValue::operator->):
+        * kjs/protected_object.h:
+        (KJS::ProtectedObject::ProtectedObject):
+        (KJS::ProtectedObject::operator=):
+        (KJS::ProtectedObject::operator ValueImp *):
+        (KJS::ProtectedObject::operator ObjectImp *):
+        (KJS::ProtectedObject::operator->):
+        (KJS::ProtectedReference::ProtectedReference):
+        (KJS::ProtectedReference::~ProtectedReference):
+        (KJS::ProtectedReference::operator=):
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::getProtectCount):
+        (KJS::ProtectedValues::increaseProtectCount):
+        (KJS::ProtectedValues::insert):
+        (KJS::ProtectedValues::decreaseProtectCount):
+        * kjs/protected_values.h:
+        * kjs/reference.cpp:
+        (KJS::Reference::Reference):
+        (KJS::Reference::makeValueReference):
+        (KJS::Reference::getBase):
+        (KJS::Reference::getValue):
+        (KJS::Reference::putValue):
+        (KJS::Reference::deleteValue):
+        * kjs/reference.h:
+        (KJS::Reference::baseIfMutable):
+        * kjs/regexp_object.cpp:
+        (RegExpPrototypeImp::RegExpPrototypeImp):
+        (RegExpProtoFuncImp::RegExpProtoFuncImp):
+        (RegExpProtoFuncImp::callAsFunction):
+        (RegExpObjectImp::RegExpObjectImp):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::backrefGetter):
+        (RegExpObjectImp::construct):
+        (RegExpObjectImp::callAsFunction):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (StringInstanceImp::lengthGetter):
+        (StringInstanceImp::indexGetter):
+        (StringInstanceImp::getOwnPropertySlot):
+        (StringInstanceImp::put):
+        (StringPrototypeImp::StringPrototypeImp):
+        (StringProtoFuncImp::StringProtoFuncImp):
+        (regExpIsGlobal):
+        (replace):
+        (StringProtoFuncImp::callAsFunction):
+        (StringObjectImp::StringObjectImp):
+        (StringObjectImp::construct):
+        (StringObjectImp::callAsFunction):
+        (StringObjectFuncImp::StringObjectFuncImp):
+        (StringObjectFuncImp::callAsFunction):
+        * kjs/string_object.h:
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+        (VersionFunctionImp::callAsFunction):
+        (main):
+        * kjs/value.cpp:
+        (KJS::AllocatedValueImp::operator new):
+        (KJS::AllocatedValueImp::getUInt32):
+        (KJS::ValueImp::toInteger):
+        (KJS::ValueImp::toInt32):
+        (KJS::ValueImp::toUInt32):
+        (KJS::ValueImp::toUInt16):
+        (KJS::ValueImp::toObject):
+        (KJS::AllocatedValueImp::getBoolean):
+        (KJS::AllocatedValueImp::getNumber):
+        (KJS::AllocatedValueImp::getString):
+        (KJS::AllocatedValueImp::getObject):
+        (KJS::jsString):
+        (KJS::jsNumber):
+        (KJS::ConstantValues::init):
+        (KJS::ConstantValues::clear):
+        (KJS::ConstantValues::mark):
+        * kjs/value.h:
+        (KJS::):
+        (KJS::jsUndefined):
+        (KJS::jsNull):
+        (KJS::jsBoolean):
+        (KJS::jsNaN):
+        (KJS::ValueImp::ValueImp):
+        (KJS::ValueImp::~ValueImp):
+        (KJS::AllocatedValueImp::AllocatedValueImp):
+        (KJS::AllocatedValueImp::~AllocatedValueImp):
+        (KJS::AllocatedValueImp::isBoolean):
+        (KJS::AllocatedValueImp::isNumber):
+        (KJS::AllocatedValueImp::isString):
+        (KJS::AllocatedValueImp::isObject):
+        (KJS::AllocatedValueImp::marked):
+        (KJS::AllocatedValueImp::mark):
+        (KJS::ValueImp::downcast):
+        (KJS::ValueImp::isUndefined):
+        (KJS::ValueImp::isNull):
+        (KJS::ValueImp::isUndefinedOrNull):
+        (KJS::ValueImp::isBoolean):
+        (KJS::ValueImp::isNumber):
+        (KJS::ValueImp::isString):
+        (KJS::ValueImp::isObject):
+        (KJS::ValueImp::getBoolean):
+        (KJS::ValueImp::getNumber):
+        (KJS::ValueImp::getString):
+        (KJS::ValueImp::getObject):
+        (KJS::ValueImp::getUInt32):
+        (KJS::ValueImp::mark):
+        (KJS::ValueImp::marked):
+        (KJS::ValueImp::type):
+        (KJS::ValueImp::toPrimitive):
+        (KJS::ValueImp::toBoolean):
+        (KJS::ValueImp::toNumber):
+        (KJS::ValueImp::toString):
+        (KJS::jsZero):
+        (KJS::jsOne):
+        (KJS::jsTwo):
+        (KJS::Undefined):
+        (KJS::Null):
+        (KJS::Boolean):
+        (KJS::Number):
+        (KJS::String):
+
+2005-08-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        Change over to the new PropertySlot mechanism for property
+        lookup. This allows the elimination of hasOwnProperty
+        methods. Also did some of the performance tuning enabled by this
+        (but not yet all the possible improvements for function calls,
+        assignment, ++, and so forth). And also much code cleanup.
+
+        Net result is about a 2% speedup on the JS iBench.
+        
+        Also redid Geoff's fix for the chrashing applet by avoiding a NULL
+        prototype in the bindings code and using the default of Null()
+        instead.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        (ObjcFallbackObjectImp::getOwnPropertySlot):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::lengthGetter):
+        (RuntimeArrayImp::indexGetter):
+        (RuntimeArrayImp::getOwnPropertySlot):
+        * bindings/runtime_array.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::lengthGetter):
+        (RuntimeMethodImp::getOwnPropertySlot):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::getOwnPropertySlot):
+        * bindings/runtime_object.h:
+        * bindings/runtime_root.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::lengthGetter):
+        (ArrayInstanceImp::getOwnPropertySlot):
+        (ArrayPrototypeImp::getOwnPropertySlot):
+        * kjs/array_object.h:
+        * kjs/date_object.cpp:
+        (DatePrototypeImp::getOwnPropertySlot):
+        * kjs/date_object.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::getOwnPropertySlot):
+        (KJS::FunctionImp::put):
+        (KJS::FunctionImp::deleteProperty):
+        (KJS::ArgumentsImp::mappedIndexGetter):
+        (KJS::ArgumentsImp::getOwnPropertySlot):
+        (KJS::ActivationImp::argumentsGetter):
+        (KJS::ActivationImp::getArgumentsGetter):
+        (KJS::ActivationImp::getOwnPropertySlot):
+        (KJS::ActivationImp::deleteProperty):
+        * kjs/function.h:
+        * kjs/internal.cpp:
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::initGlobalObject):
+        (InterpreterImp::~InterpreterImp):
+        (InterpreterImp::evaluate):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::globalExec):
+        * kjs/interpreter.cpp:
+        (Interpreter::Interpreter):
+        (Interpreter::createLanguageInstanceForValue):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::argumentsIdentifier):
+        (KJS::Interpreter::specialPrototypeIdentifier):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        (KJS::getStaticPropertySlot):
+        (KJS::getStaticFunctionSlot):
+        (KJS::getStaticValueSlot):
+        * kjs/math_object.cpp:
+        (MathObjectImp::getOwnPropertySlot):
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        (ResolveNode::evaluate):
+        (ResolveNode::evaluateReference):
+        (AccessorNode1::evaluate):
+        (AccessorNode2::evaluate):
+        * kjs/number_object.cpp:
+        (NumberObjectImp::getOwnPropertySlot):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::get):
+        (KJS::ObjectImp::getProperty):
+        (KJS::ObjectImp::getPropertySlot):
+        (KJS::ObjectImp::getOwnPropertySlot):
+        (KJS::ObjectImp::put):
+        (KJS::ObjectImp::hasProperty):
+        (KJS::ObjectImp::hasOwnProperty):
+        * kjs/object.h:
+        (KJS::ObjectImp::getDirectLocation):
+        (KJS::ObjectImp::getPropertySlot):
+        (KJS::ObjectImp::getOwnPropertySlot):
+        * kjs/object_wrapper.h: Added.
+        (KJS::):
+        (KJS::Object::Object):
+        (KJS::Object::operator ObjectImp *):
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getLocation):
+        * kjs/property_map.h:
+        * kjs/property_slot.cpp: Added.
+        (KJS::PropertySlot::undefinedGetter):
+        * kjs/property_slot.h: Added.
+        (KJS::PropertySlot::isSet):
+        (KJS::PropertySlot::getValue):
+        (KJS::PropertySlot::setValueSlot):
+        (KJS::PropertySlot::setStaticEntry):
+        (KJS::PropertySlot::setCustom):
+        (KJS::PropertySlot::setCustomIndex):
+        (KJS::PropertySlot::setUndefined):
+        (KJS::PropertySlot::slotBase):
+        (KJS::PropertySlot::staticEntry):
+        (KJS::PropertySlot::index):
+        (KJS::PropertySlot::):
+        * kjs/protect.h:
+        * kjs/protected_object.h: Added.
+        (KJS::ProtectedObject::ProtectedObject):
+        (KJS::ProtectedObject::~ProtectedObject):
+        (KJS::ProtectedObject::operator=):
+        (KJS::ProtectedReference::ProtectedReference):
+        (KJS::ProtectedReference::~ProtectedReference):
+        (KJS::ProtectedReference::operator=):
+        * kjs/reference.h:
+        * kjs/reference_list.cpp:
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::backrefGetter):
+        (RegExpObjectImp::getOwnPropertySlot):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (StringInstanceImp::lengthGetter):
+        (StringInstanceImp::indexGetter):
+        (StringInstanceImp::getOwnPropertySlot):
+        (StringPrototypeImp::getOwnPropertySlot):
+        * kjs/string_object.h:
+
+2005-08-05  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Unchecked 'statics are thread safe' option.
+
+2005-08-05  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed <rdar://problem/4207220> REGRESSION (DENVER): Crash occurs 
+        after clicking on Hangman applet
+
+        Reviewed by darin.
+
+        * kjs/object.cpp:
+        (KJS::ObjectImp::hasProperty): added check for null prototype.
+
+        FIXME: The long-term plan is to make runtime objects use JS Null()
+        instead of null pointers, which will allow us to eliminate null
+        checks, improving performance.
+
+2005-08-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Fix by darin, reviewed by me.
+        
+        - rolled in fix for: <rdar://problem/4161606> JavaScript regular 
+        expressions with certain ranges of Unicode characters cause a crash
+
+        Test cases added:
+
+        * layout-tests/fast/js/regexp-big-unicode-ranges-expected.txt: Added.
+        * layout-tests/fast/js/regexp-big-unicode-ranges.html: Added.
+
+        * pcre/pcre.c:
+        (compile_branch): added checks for characters > 255
+
+2005-08-04  Maciej Stachowiak  <mjs@apple.com>
+
+        - updated expected test results now that we no longer exlude the
+        date tests (apparently this was overlooked)
+
+        * tests/mozilla/expected.html:
+
+2005-07-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - remove uses of Mac-OS-X-specific MAX macro
+        - remove one of the many excess "APPLE_CHANGES" ifdefs
+
+        * kjs/collector.cpp: (KJS::Collector::allocate): Use std::max instead of MAX.
+        * kjs/property_map.cpp: (KJS::PropertyMap::rehash): Ditto.
+        * kjs/ustring.cpp:
+        (KJS::UChar::toLower): Take out non-ICU code path.
+        (KJS::UChar::toUpper): Ditto.
+        (KJS::UString::spliceSubstringsWithSeparators): Use std::max instead of MAX.
+
+2005-07-27  Geoffrey Garen  <ggaren@apple.com>
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4147
+        Array.toString() and toLocaleString() improvements from KDE KJS
+        (rolled in KDE changes)
+
+        Test cases added:
+
+        * layout-tests/fast/js/toString-overrides-expected.txt: Added.
+        * layout-tests/fast/js/toString-overrides.html: Added.
+        
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+
+2005-07-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Changes by Michael Kahl, reviewed by me.
+
+        - fixed <rdar://problem/4194278> Need better debugging support in JavaScriptCore
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/debugger.cpp:
+        (KJS::AttachedInterpreter::AttachedInterpreter):
+        (KJS::AttachedInterpreter::~AttachedInterpreter):
+        (Debugger::~Debugger):
+        (Debugger::attach):
+        (Debugger::detach):
+        (Debugger::sourceParsed):
+        * kjs/debugger.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::call):
+        (KJS::GlobalFuncImp::call):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        (Parser::parse):
+        (InterpreterImp::evaluate):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::setDebugger):
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        (KJS::Interpreter::imp):
+        * kjs/nodes.cpp:
+
+2005-07-27  Geoffrey Garen  <ggaren@apple.com>
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3381
+        Date.prototype.setDate() incorrect for values >=128
+        
+        - Test cases added:
+
+        * layout-tests/fast/js/date-big-setdate-expected.txt: Added.
+        * layout-tests/fast/js/date-big-setdate.html: Added.
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (DateProtoFuncImp::call):
+
+2005-07-27  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in patch by Carsten Guenther <cguenther@gmail.com>
+        for http://bugs.webkit.org/show_bug.cgi?id=3759
+        Date object enhancements
+        
+        Test cases added:
+
+        * layout-tests/fast/js/date-preserve-milliseconds-expected.txt: Added.
+        * layout-tests/fast/js/date-preserve-milliseconds.html: Added.
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (timeFromArgs):
+        (DateProtoFuncImp::call):
+        (DateObjectImp::construct):
+        (DateObjectFuncImp::call):
+        (KJS::makeTime):
+        * kjs/date_object.h:
+        * tests/mozilla/expected.html:
+
+2005-07-26  Justin Garcia  <justin.garcia@apple.com>
+
+        Added a forward declaration to fix gcc4 build error
+
+        * kjs/function.h:
+
+2005-07-25  Geoffrey Garen  <ggaren@apple.com>
+        - fixed mistake in my last checkin -- the expected results included
+        results from a patch that hasn't landed yet.
+        
+        * tests/mozilla/expected.html:
+
+2005-07-25  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix mistake in last change that leads to assertion failure in the Development build
+
+        * kjs/lookup.h:
+        (KJS::lookupGetOwnValue):
+
+2005-07-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=4124
+        (change JavaScript property access to avoid double lookup)
+
+        - 10% speedup on JavaScript iBench
+        - 5% speedup on 24fun BenchJS benchmark
+
+        Changed all get methods to getOwnProperty - they are no longer
+        responsible for prototype lookup, and determine if the property
+        was found as a side efect. 
+
+        get() is now a nonvirtual ObjectImp method which calls the virtual
+        getOwnProperty and walks the prototype chain. A few selected
+        methods were inlined.
+
+        Changed ResolveNode::evaluate plus some other places to use
+        getProperty which does get() and hasProperty() in one lookup.
+
+        Also miscellaneous code cleanup.
+        
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        (ObjcFallbackObjectImp::getOwnProperty):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::RuntimeArrayImp):
+        (RuntimeArrayImp::getOwnProperty):
+        * bindings/runtime_array.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::getOwnProperty):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::getOwnProperty):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::getOwnProperty):
+        (ArrayPrototypeImp::getOwnProperty):
+        (ArrayProtoFuncImp::call):
+        * kjs/array_object.h:
+        * kjs/date_object.cpp:
+        (DatePrototypeImp::getOwnProperty):
+        * kjs/date_object.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getOwnProperty):
+        (KJS::ArgumentsImp::getOwnProperty):
+        (KJS::ActivationImp::getOwnProperty):
+        * kjs/function.h:
+        * kjs/lookup.h:
+        (KJS::lookupGetOwnProperty):
+        (KJS::lookupGetOwnFunction):
+        (KJS::lookupGetOwnValue):
+        * kjs/math_object.cpp:
+        (MathObjectImp::getOwnProperty):
+        (MathObjectImp::getValueProperty):
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        (ResolveNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberObjectImp::getOwnProperty):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::get):
+        (KJS::ObjectImp::getOwnProperty):
+        (KJS::ObjectImp::getProperty):
+        * kjs/object.h:
+        (KJS::ObjectImp::getProperty):
+        (KJS::ObjectImp::getOwnProperty):
+        * kjs/object_object.cpp:
+        (ObjectProtoFuncImp::call):
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::getOwnProperty):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (StringInstanceImp::getOwnProperty):
+        (StringPrototypeImp::getOwnProperty):
+        * kjs/string_object.h:
+
+2005-07-25  Geoffrey Garen  <ggaren@apple.com>
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3971
+        JS test suite depends on JS 1.2 behavior
+        
+        Reviewed by darin.
+
+        * tests/mozilla/js1_2/Array/tostring_1.js: now tests only for JS 1.5 behavior
+        * tests/mozilla/js1_2/Array/tostring_2.js: ditto
+        * tests/mozilla/expected.html:
+
+2005-07-24  Justin Garcia  <justin.garcia@apple.com>
+
+        Reviewed by kevin.
+
+        Fixes make clean problem introduced in xcode2.1 transition
+
+        * Makefile.am:
+
+2005-07-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp: DatePrototypeImp now identifies itself as a
+        child class of DateInstanceImp -- this enables calls to Date.ValueOf().
+        
+        fixes: ecma/Date/15.9.5.js (once we enable the date tests).
+
+2005-07-22  Geoffrey Garen  <ggaren@apple.com>
+
+        
+        Reviewed by darin.
+
+        * tests/mozilla/jsDriver.pl: now takes the path to testkjs as a command-line argument
+        * tests/mozilla/run-mozilla-tests: Removed.
+
+2005-07-21  Geoffrey Garen  <ggaren@apple.com>
+
+        * JavaScriptCore.xcodeproj/.cvsignore: Added.
+
+2005-07-21  Geoffrey Garen  <ggaren@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Removed.
+        * JavaScriptCore.xcodeproj/ggaren.pbxuser: Added.
+        * JavaScriptCore.xcodeproj/ggaren.perspective: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added.
+        * Makefile.am:
+
+2005-07-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Trey Matteson <trey@usa.net>, reviewed by me.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3956
+        some of WebKit builds with symbols, some doesn't
+        
+        * JavaScriptCore.pbproj/project.pbxproj: Generate symbols even for
+        Deployment.
+
+2005-07-19  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=3991
+        JSC doesn't implement Array.prototype.toLocaleString()
+
+        -test failure: ecma_3/Array/15.4.4.3-1.js
+
+        Reviewed by mjs.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call): now searches for toString and
+        toLocaleString overrides in the array's elements
+
+        * tests/mozilla/expected.html: failures are under 100! woohoo!
+
+2005-07-19  Darin Adler  <darin@apple.com>
+
+        - fixed the build
+
+        * kjs/lookup.h: (KJS::lookupPut): Remove bogus const; was preventing WebCore from
+        compiling (not sure why this didn't affect my other build machine).
+
+        - one other tiny tweak (so sue me)
+
+        * bindings/runtime_root.cpp: Remove unneeded declaration.
+
+2005-07-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - eliminated try wrappers for get/put/call since we don't use C++ exceptions any more
+
+        * kjs/lookup.h: Changed tryCall in IMPLEMENT_PROTOFUNC here to call. It doesn't make
+        sense for this macro to use the name tryCall anyway, since that's specific to how
+        WebCore used this, so this is good anyway. On the other hand, it might be a problem
+        for KDOM or KSVG, in which case we'll need another macro for them, since JavaScriptCore
+        should presumably not have the C++ exception support.
+
+2005-07-18  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=4008
+        Error objects report incorrect length
+        
+        Reviewed by darin.
+
+        * kjs/error_object.cpp: Error objects now include a length property
+        (ErrorObjectImp::ErrorObjectImp):
+
+        * tests/mozilla/expected.html: updated expected results to reflect fix
+        * tests/mozilla/js1_5/Exceptions/regress-123002.js: test now expects 
+        ecma compliant results
+
+2005-07-15  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in KDE fixes for http://bugs.webkit.org/show_bug.cgi?id=3601
+        Error instance type info
+        
+        Reviewed by mjs.
+
+        * kjs/error_object.cpp:
+        - Created ErrorInstanceImp class for Error() objects. 
+        - Changed parent object for Native Errors to "Function" (matches
+        ECMA spec).
+        (ErrorInstanceImp::ErrorInstanceImp):
+        (ErrorProtoFuncImp::call):
+        (ErrorObjectImp::construct):
+        (NativeErrorImp::construct):
+
+        * kjs/error_object.h:
+        (KJS::ErrorInstanceImp::classInfo):
+        * kjs/object.h: made comment more informative about ClassInfo
+
+        * tests/mozilla/expected.html:
+
+2005-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        - fixed: JS test suite expects an out of memory error
+        that our memory efficiency avoids
+        
+        Reviewed by mjs.
+
+        * tests/mozilla/js1_5/Array/regress-157652.js:
+        test now expects normal execution
+        
+        * tests/mozilla/expected.html:
+
+2005-07-14  Geoffrey Garen  <ggaren@apple.com>
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=4006
+        testkjs doesn't implement gc()
+        
+        - test failure:
+        ecma_3/Function/regress-104584.js
+        
+        Reviewed by mjs.
+
+        * kjs/interpreter.cpp:
+        (Interpreter::finalCheck): removed misleading while && comment
+
+        * kjs/testkjs.cpp: added "gc" function to global object
+        (TestFunctionImp::):
+        (TestFunctionImp::call):
+        (main):
+
+        * tests/mozilla/expected.html:
+
+2005-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in patches for http://bugs.webkit.org/show_bug.cgi?id=3945
+        [PATCH] Safe merges of comments and other trivialities from KDE's kjs
+        
+        -patch by Martijn Klingens <klingens@kde.org>
+        
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        * kjs/bool_object.h:
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/completion.h:
+        * kjs/context.h:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/debugger.cpp:
+        * kjs/debugger.h:
+        * kjs/dtoa.h:
+        * kjs/error_object.cpp:
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        * kjs/function_object.h:
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        * kjs/internal.cpp:
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/interpreter_map.cpp:
+        * kjs/interpreter_map.h:
+        * kjs/lexer.cpp:
+        * kjs/lexer.h:
+        * kjs/list.cpp:
+        * kjs/list.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        * kjs/math_object.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        * kjs/number_object.cpp:
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        * kjs/object_object.h:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+        * kjs/reference.cpp:
+        * kjs/reference.h:
+        * kjs/reference_list.cpp:
+        * kjs/reference_list.h:
+        * kjs/regexp.cpp:
+        * kjs/regexp.h:
+        * kjs/regexp_object.cpp:
+        * kjs/regexp_object.h:
+        * kjs/scope_chain.cpp:
+        * kjs/scope_chain.h:
+        * kjs/simple_number.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+        * kjs/testkjs.cpp:
+        * kjs/types.h:
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        * kjs/value.h:
+
+2005-07-14  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=3970
+        throw statements fail inside eval statements
+        
+        Reviewed by mjs.
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::call):
+        Big change since I fixed the tabbing. The important part is:
+        if (c.complType() == Throw)
+          exec->setException(c.value());
+
+        * kjs/nodes.cpp:
+        (ThrowNode::execute): removed duplicate KJS_CHECKEXCEPTION
+        (TryNode::execute): 
+        try now clears the exception state before the finally block executes,
+        and checks the state after the block executes, so that exceptions in
+        finally code get caught.
+
+        * tests/mozilla/expected.html:
+
+2005-07-14  Geoffrey Garen  <ggaren@apple.com>
+        
+        -landed fix for http://bugs.webkit.org/show_bug.cgi?id=3412
+        Object.prototype is missing toLocaleString
+
+        - patch by Mark Rowe (bdash) <opendarwin.org@bdash.net.nz>
+        
+        -layout test info in webcore changelog
+
+        Reviewed by mjs.
+
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::call):
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFuncImp::):
+
+2005-07-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by mjs.
+
+        * kjs/function.cpp:
+        (KJS::IndexToNameMap::operator[]): fixed infinite recursion
+        bug in last checkin
+
+2005-07-12  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=3881
+        arguments object should share values with function parameters
+
+        Reviewed by mjs.
+
+        ArgumentsImp now uses a simple hash lookup to share values
+        with the activation object.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getParameterName):
+        (KJS::IndexToNameMap::IndexToNameMap):
+        (KJS::IndexToNameMap::~IndexToNameMap):
+        (KJS::IndexToNameMap::isMapped):
+        (KJS::IndexToNameMap::unMap):
+        (KJS::IndexToNameMap::operator[]):
+        (KJS::ArgumentsImp::ArgumentsImp):
+        (KJS::ArgumentsImp::mark):
+        (KJS::ArgumentsImp::get):
+        (KJS::ArgumentsImp::put):
+        (KJS::ArgumentsImp::deleteProperty):
+        (KJS::ArgumentsImp::hasOwnProperty):
+        (KJS::ActivationImp::createArgumentsObject):
+        * kjs/function.h:
+        * tests/mozilla/expected.html: updated results
+
+2005-07-09  Maciej Stachowiak  <mjs@apple.com>
+
+        - backing out my earlier collector change, it causes a performance regression in TOT
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+
+2005-07-08  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs/hyatt (only in concept).
+
+        * JavaScriptCore.pbproj/project.pbxproj: Added JavaScriptCore+SVG
+        Turns on RTTI support for JavaScriptCore.framework when
+        building the JavaScriptCore+SVG target.  This is needed as
+        kdom (part of WebCore+SVG) requires RTTI for the time being.
+
+2005-07-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by hyatt.
+
+        - When there are many live objects, GC less often, to try to make
+        GC cost proportional to garbage, not proportional to total memory used.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+
+2005-07-08  Vicki Murley  <vicki@apple.com>
+
+        Fix from Carsten Guenther, reviewed by Maciej
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3644 (Error string representation)
+
+        Switch from "-" to ":" in error strings.
+
+        * kjs/error_object.cpp:
+        (ErrorProtoFuncImp::call):
+        * tests/mozilla/expected.html:
+
+2005-07-08  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in patch for http://bugs.webkit.org/show_bug.cgi?id=3878
+        arguments object should be an object not an array
+
+        Reviewed by mjs.
+
+        * kjs/function.cpp:
+        (KJS::ArgumentsImp::ArgumentsImp): now manually handles initialization
+        we used to get for free by inheriting from ArrayInstanceImp
+        * kjs/function.h: ArgumentsImp now inherits from ObjectImp
+        * tests/mozilla/expected.html: updated expected test results
+
+2005-07-07  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by mjs.
+
+        * kjs/grammar.y: removed #define YYMAXDEPTH 0 for bison 2.0
+        http://bugs.webkit.org/show_bug.cgi?id=3882
+
+2005-07-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Original patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
+        Fixes to patch by me, reviewed by John Sullivan.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3293
+
+        Test cases added:
+        * tests/mozilla/expected.html: Two tests newly pass.
+
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::hasOwnProperty):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::hasOwnProperty):
+        * bindings/runtime_array.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::hasOwnProperty):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::hasOwnProperty):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::hasOwnProperty):
+        (KJS::ActivationImp::hasOwnProperty):
+        * kjs/function.h:
+        * kjs/lookup.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::hasProperty):
+        (KJS::ObjectImp::hasOwnProperty):
+        * kjs/object.h:
+        (KJS::Object::hasOwnProperty):
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::call):
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFuncImp::):
+        * kjs/string_object.cpp:
+        (StringInstanceImp::hasOwnProperty):
+        * kjs/string_object.h:
+
+2005-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        -landed patch by Eric Seidel <macdome@opendarwin.org>
+        
+        -for http://bugs.webkit.org/show_bug.cgi?id=3657
+        GroundWork:  Moving some functions from khtml->jsc following kjs TOT
+        
+        - no layout test necessary yet - only groundwork
+
+        Reviewed by darin.
+
+        * kjs/lookup.h:
+        (KJS::cacheGlobalObject):
+
+2005-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        -landed patch by Carsten Guenther <cguenther@gmail.com>
+
+        -fixes http://bugs.webkit.org/show_bug.cgi?id=3477
+        some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
+
+        -relevant tests:
+               mozilla/ecma_3/Date/15.9.5.5.js 
+               layout-tests/fast/js/date-parse-test.html
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (formatLocaleDate):
+        (day):
+        (dayFromYear):
+        (daysInYear):
+        (timeFromYear):
+        (yearFromTime):
+        (weekDay):
+        (timeZoneOffset):
+        (DateProtoFuncImp::call):
+        (DateObjectImp::construct):
+        (KJS::parseDate):
+        (ymdhms_to_seconds):
+        (KJS::makeTime):
+        (findMonth):
+        (KJS::KRFCDate_parseDate):
+        * kjs/date_object.h:
+        * tests/mozilla/expected.html: updated expected results to reflect fix
+
+2005-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed <rdar://problem/4168186> JavaScript fails to throw exceptions 
+        for invalid return statements
+        
+        relevant tests:
+            ecma/Statements/12.9-1-n.js
+            ecma_2/Exceptions/lexical-052.js
+            ecma_2/Exceptions/statement-009.js
+
+        Reviewed by sullivan.
+
+        * kjs/nodes.cpp:
+        (ReturnNode::execute): now throws exception if return is not inside
+        a function.
+
+        * tests/mozilla/expected.html: updated to reflect fix
+
+2005-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by sullivan.
+
+        * tests/mozilla/expected.html: Updated test results for last fix.
+
+2005-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        -fixed <rdar://problem/4168161> JavaScript fails to throw an exception 
+        for invalid function calls
+        
+        Reviewed by sullivan.
+
+        Relevant mozilla test: ecma_3/Exceptions/regress-95101.js 
+
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate): evaluate now checks for an exception
+        after resolving a function name (in case the function is undefined)
+
+2005-07-01  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by darin.
+
+        * kjs/interpreter.h:
+        (KJS::Context::curStmtFirstLine): stub for compatibility with KDE
+        * kjs/value.h:
+        (KJS::Value::isValid): compatibility with KDE
+        http://bugs.webkit.org/show_bug.cgi?id=3687
+
+2005-07-01  Eric Seidel  <eseidel@apple.com>
+
+        Reviewed by darin.
+
+        * kjs/create_hash_table: rolled in changes from KDE, including
+        -n <namespace> support from KDOM and support for newer comments
+        http://bugs.webkit.org/show_bug.cgi?id=3771
+
+2005-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        -rolled in KDE fix to <rdar://problem/4167660> JavaScript fails to 
+        throw exceptions for invalid break/continue statements
+
+        No layout tests because it's already covered by the Mozilla suite
+
+        Reviewed by mjs.
+
+        * kjs/internal.h: LabelStack now tracks where you are relative to
+        switch and iteration (loop) statements
+        
+        (KJS::LabelStack::LabelStack):
+        (KJS::LabelStack::pushIteration):
+        (KJS::LabelStack::popIteration):
+        (KJS::LabelStack::inIteration):
+        (KJS::LabelStack::pushSwitch):
+        (KJS::LabelStack::popSwitch):
+        (KJS::LabelStack::inSwitch):
+
+        * kjs/nodes.cpp: 
+        These files were updated to use the new LabelStack:
+        (DoWhileNode::execute): 
+        (WhileNode::execute):
+        (ForNode::execute):
+        (ForInNode::execute):
+        (SwitchNode::execute):
+        
+        These files were updated to throw exceptions for invalid
+        break/continue statements:
+        (BreakNode::execute): 
+        (ContinueNode::execute):
+
+        * tests/mozilla/expected.html: Updated expected results to reflect fix
+
+2005-06-30  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by rjw.
+
+        fixed: <rdar://problem/4166838> failed assertion in`Interpreter::lockCount() > 0
+
+        no layout test added; this is in the bindings code.
+
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]): make sure to lock and unlock the interpreter around allocations. 
+
+2005-06-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch by Francisco Tolmasky <tolmasky@gmail.com>
+
+        - fixes http://bugs.webkit.org/show_bug.cgi?id=3667
+        Core JavaScript 1.5 Reference:Objects:Array:forEach
+
+        See WebCore Changelog for layout tests added.
+
+        Reviewed by darin.
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+        * kjs/array_object.h:
+        (KJS::ArrayProtoFuncImp::):
+
+2005-06-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch contributed by Oliver Hunt <ojh16@student.canterbury.ac.nz>
+
+        -fixed http://bugs.webkit.org/show_bug.cgi?id=3743
+        Incorrect error message given for certain calls
+
+        See WebCore Changelog for layout test added.
+
+        Reviewed by mjs.
+
+        * kjs/object.cpp:
+        (KJS::ObjectImp::defaultValue):
+
+2005-06-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolling out date patch from 6-28-05 because it breaks 
+        fast/js/date-parse-test
+
+        * kjs/date_object.cpp:
+        (formatLocaleDate):
+        (DateProtoFuncImp::call):
+        (DateObjectImp::construct):
+        (KJS::parseDate):
+        (ymdhms_to_seconds):
+        (isSpaceOrTab):
+        (KJS::KRFCDate_parseDate):
+        * kjs/date_object.h:
+        * tests/mozilla/expected.html:
+
+2005-06-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin.
+
+        -fixes http://bugs.webkit.org/show_bug.cgi?id=3750
+        build fails with KJS_VERBOSE set
+
+        * kjs/nodes.cpp: changed debug print statement to use UString
+        (VarDeclNode::evaluate):
+        * kjs/reference.cpp: ditto
+        (KJS::Reference::putValue):
+
+2005-06-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Patch contributed by Carsten Guenther <cguenther@gmail.com>.
+
+        -fixes http://bugs.webkit.org/show_bug.cgi?id=3477
+        some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
+
+        Reviewed by darin.
+
+        * kjs/date_object.cpp:
+        (formatLocaleDate):
+        (day):
+        (dayFromYear):
+        (daysInYear):
+        (timeFromYear):
+        (yearFromTime):
+        (weekDay):
+        (timeZoneOffset):
+        (DateProtoFuncImp::call):
+        (DateObjectImp::construct):
+        (KJS::parseDate):
+        (ymdhms_to_seconds):
+        (KJS::makeTime):
+        (findMonth):
+        (KJS::KRFCDate_parseDate):
+        * kjs/date_object.h:
+        * tests/mozilla/expected.html: updated expected test results to reflect fix
+
+2005-06-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - replace hash functions  with better ones
+
+        * JavaScriptCore.pbproj/project.pbxproj: Add new file to build.
+        * kjs/interpreter_map.cpp:
+        (KJS::InterpreterMap::computeHash): Use shared pointer hash.
+        * kjs/pointer_hash.h: Added.
+        (KJS::pointerHash): Pointer hash based on 32-bit mix and 64-bit mix hashes.
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::computeHash): Use shared pointer hash.
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::computeHash): Use SuperFastHash algorithm.
+
+2005-06-22  Darin Adler  <darin@apple.com>
+
+        Change by Anders Carlsson.
+        Reviewed by me.
+
+        - fixed <http://bugs.webkit.org/show_bug.cgi?id=3294>
+          String.prototype.replace() fails with function as second param
+
+        * kjs/string_object.cpp: (replace): Added code to handle functions.
+
+        * tests/mozilla/expected.html: Updated since ecma_3/RegExp/regress-209067.js is fixed now.
+
+        * tests/mozilla/run-mozilla-tests: Fix a minor coding style issue that leads to a warning each
+        time we run the tests.
+
+2005-06-21  Adele Peterson  <adele@apple.com>
+
+        rolling out fix for http://bugs.webkit.org/show_bug.cgi?id=3293, since it caused layout test failures.
+        fast/forms/element-by-name
+        fast/loader/loadInProgress
+
+        * ChangeLog:
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::hasProperty):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::hasProperty):
+        * bindings/runtime_array.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::hasProperty):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::hasProperty):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::hasProperty):
+        (KJS::ActivationImp::hasProperty):
+        * kjs/function.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::hasProperty):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::call):
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFuncImp::):
+        * kjs/string_object.cpp:
+        (StringInstanceImp::hasProperty):
+        * kjs/string_object.h:
+        * tests/mozilla/expected.html:
+
+2005-06-21  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Switched to a build rule rather than a build phase for
+        .y files -- this gets rid of the problem where modifying the .y file would not cause sufficient
+        compilation.
+
+        * kjs/grammar_wrapper.cpp: Removed.
+
+2005-06-21  Adele Peterson  <adele@apple.com>
+
+        Patch from Anders Carlsson <andersca@mac.com>, reviewed by Darin.
+
+        Fixed: <http://bugs.webkit.org/show_bug.cgi?id=3450>
+        <rdar://problem/3881901> String.replace() method not working when regex pattern contains {n, m}
+
+        * pcre/pcre.c: (pcre_compile): Remember the last char length so it can be subtracted correctly if needed.
+
+2005-06-21  Geoffrey Garen  <ggaren@apple.com>
+
+        - fixed <rdar://problem/4155532> 'delete' succeeds on functions
+        - fixed <rdar://problem/4155049> javascript function named as "opener" doesn't get called because of window.opener property
+        
+        Reviewed by cblu.
+
+        * kjs/nodes.cpp:
+        (FuncDeclNode::processFuncDecl): Functions now have DontDelete and Internal attributes set when appropriate.
+
+        Test cases:
+        * tests/mozilla/expected.html: Updated for one new success.
+        - see also test case added in WebCore.
+
+2005-06-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin(first pass) and Hyatt.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3576
+        (roll in support for "const" keyword from KDE tree)
+        - make processVarDecls handle deletability of variables declared
+        in an eval block the same as evaluate would
+        - make eval() call processVarDecls - needed to match mozilla and
+        to make the second change testable
+
+        I started with the KDE implementation of const but I ended up changing it a bit
+        to avoid the use of a global variable. Now instead of the global variable it distinguishes
+        const and var at the grammar level so the appropriate node can know the right kind of
+        declaration.
+
+        Test cases:
+        * tests/mozilla/expected.html: Updated for one new test that is
+        failing - we used to bail on it entirely because it checks for
+        const support before starting.
+        - see also test cases added in WebCore
+
+        * kjs/grammar.y: Add rules for const declarations.
+        * kjs/keywords.table: Add const keyword.
+        * kjs/nodes.cpp:
+        (VarDeclNode::VarDeclNode): Add parameter.
+        (VarDeclNode::evaluate): Add const support.
+        (VarDeclNode::processVarDecls): Add const support.
+        (VarStatementNode::execute): Irrelevant change.
+        (ForInNode::ForInNode): Tell our variable node that it's a variable.
+        * kjs/nodes.h:
+        (KJS::VarDeclNode::): Add declaration of type enum, extra constructor parameter.
+        (KJS::VarStatementNode::VarStatementNode): Irrelevant change.
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::call): Process var decls before evaluating.
+
+2005-06-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3293
+        
+        Test cases added: 
+        * tests/mozilla/expected.html: Updated for two fixed tests.
+        - also added a layout test
+
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::hasOwnProperty):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::hasOwnProperty):
+        * bindings/runtime_array.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::hasOwnProperty):
+        * bindings/runtime_object.h:
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::hasOwnProperty):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::hasOwnProperty):
+        (KJS::ActivationImp::hasOwnProperty):
+        * kjs/function.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::hasProperty):
+        (KJS::ObjectImp::hasOwnProperty):
+        * kjs/object.h:
+        (KJS::Object::hasOwnProperty):
+        * kjs/object_object.cpp:
+        (ObjectPrototypeImp::ObjectPrototypeImp):
+        (ObjectProtoFuncImp::call):
+        * kjs/object_object.h:
+        (KJS::ObjectProtoFuncImp::):
+        * kjs/string_object.cpp:
+        (StringInstanceImp::hasOwnProperty):
+        * kjs/string_object.h:
+
+2005-06-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        * pcre/get.c: (pcre_get_substring): Fix some computations so this works for UTF-16.
+        This is unused in the current JavaScriptCore, but still good to fix.
+
+2005-06-18  Darin Adler  <darin@apple.com>
+
+        Change by Finlay Dobbie.
+        Reviewed by me.
+
+        - fixed <http://bugs.webkit.org/show_bug.cgi?id=3331>
+          10.3.9 Build Failure: NSString may not respond to `+stringWithCString:encoding:'
+
+        * bindings/objc/WebScriptObject.mm: (-[WebScriptObject stringRepresentation]):
+        Undo change we did a while back to work around the gcc 3.3 compiler error.
+        It no longer seems to happen, and the workaround code was 10.4-specific.
+
+2005-06-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed: <rdar://problem/4151759> 'delete' fails on variables declared inside 'eval' statements.
+
+        Reviewed by cblu.
+
+        * kjs/context.h:
+        (KJS::ContextImp::codeType): Added code type accessor for execution context objects.
+        * kjs/internal.cpp:
+        (ContextImp::ContextImp): Reflects change to ContextImp::codeType.
+        * kjs/nodes.cpp:
+        (VarDeclNode::evaluate): Added separate code path for variable declarations inside 'eval' statements.
+        * tests/mozilla/expected.html: Updated expected test results to reflect fix.
+
+2005-06-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Updated expected.html to reflect fix to <rdar://problem/4147745>.
+
+        Reviewed by cblu.
+
+        * tests/mozilla/expected.html:
+
+2005-06-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed: <rdar://problem/4147745> JavaScript discards locally defined "arguments" property
+
+        No layout tests added because this change fixes existing tests:
+        ecma/ExecutionContexts/10.1.6.js
+        ecma_3/Function/regress-94506.js
+        js1_4/Functions/function-001.js
+
+        Reviewed by cblu.
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::get): get now checks for an "arguments" property defined in the local variable object
+        before trying to return the built-in arguments array.
+        
+        * kjs/function.h: ActivationImp::put no longer overrides ObjectImp::put
+
+2005-06-10  Darin Adler  <darin@apple.com>
+
+        Change by Mark Rowe <opendarwin.org@bdash.net.nz>.
+        Reviewed by me.
+
+        - further improvements to exception file/line number fix
+
+        * kjs/nodes.h: Added setExceptionDetailsIfNeeded function.
+        * kjs/nodes.cpp: Updated macros to call the new setExceptionDetailsIfNeeded function.
+        (Node::setExceptionDetailsIfNeeded): Added.
+
+2005-06-09  Darin Adler  <darin@apple.com>
+
+        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
+        Reviewed by me.
+
+        * kjs/nodes.cpp: Get rid of unneeded this->.
+
+2005-06-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
+        Reviewed by me.
+
+        - fixed http://bugs.webkit.org/show_bug.cgi?id=3327
+        (Exception When Setting Style to Invalid Value Lacks Line/File Information)
+
+        * kjs/nodes.cpp: Include source file and line number when making exception in
+        KJS_CHECKEXCEPTIONVALUE.
+
+2005-06-07  Darin Adler  <darin@apple.com>
+
+        Change by Toby Peterson <toby@opendarwin.org>.
+        Reviewed by me.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Allow bison 2.0, which generates the file
+        with a different name.
+
+2005-06-07  Darin Adler  <darin@apple.com>
+
+        Change by Toby Peterson <toby@opendarwin.org>.
+        Reviewed by me.
+
+        * kjs/grammar.y: Remove bogus extra line from grammar.y. Toby got this change from KDE KJS.
+
+2005-06-06  Darin Adler  <darin@apple.com>
+
+        * tests/mozilla/run-mozilla-tests: Wrote a perl version of this so we don't require
+        the "jst" tool to run the tests.
+
+2005-06-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - add libicu headers
+
+        * JavaScriptCore.pbproj/project.pbxproj: Added icu directory to header search path.
+
+        * icu/README: Added.
+        * icu/unicode/platform.h: Added.
+        * icu/unicode/uchar.h: Added.
+        * icu/unicode/uconfig.h: Added.
+        * icu/unicode/umachine.h: Added.
+        * icu/unicode/urename.h: Added.
+        * icu/unicode/utf.h: Added.
+        * icu/unicode/utf16.h: Added.
+        * icu/unicode/utf8.h: Added.
+        * icu/unicode/utf_old.h: Added.
+        * icu/unicode/utypes.h: Added.
+        * icu/unicode/uversion.h: Added.
+
+2005-05-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+        
+        - turned off exceptions and RTTI; seems to cut JavaScriptCore code size by about 22%
+
+        * JavaScriptCore.pbproj/project.pbxproj: Turn off exceptions and RTTI for both
+        the framework and testkjs tool.
+
+2005-05-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - got rid of code that depended on RTTI
+
+        * kjs/collector.cpp:
+        (KJS::className): Added. Gets class name in a KJS way, rather than a C++ RTTI way.
+        (KJS::Collector::rootObjectClasses): Use className instead of typeid names.
+
+2005-05-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix a failure seen in the Mozilla JavaScript tests where a live object was garbage-collected
+          when the only reference to it was in an argList on the stack
+
+        * kjs/list.h: Moved the operator= function into the .cpp file since it's too big to be
+        a good choice to inline.
+        * kjs/list.cpp: (KJS::List::operator=): Moved this formerly-inline function into a separate
+        file and added missing code to update valueRefCount. It's the latter that fixes the bug.
+
+2005-05-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adele.
+
+        - fixed issues preventing us from compiling with newer versions of gcc 4.0
+
+        * kjs/ustring.cpp:
+        (KJS::operator==): Remove redundant and illegal KJS:: prefix on this function's definition.
+        (KJS::operator<): Ditto.
+        (KJS::compare): Ditto.
+
+2005-05-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - turn on conservative GC unconditionally and start on SPI changes to
+          eliminate the now-unneeded smart pointers since we don't ref count any more
+
+        * kjs/value.h: Removed macros to turn conservative GC on and off.
+        Removed ref and deref functions.
+        (KJS::ValueImp::ValueImp): Removed non-conservative-GC code path.
+        (KJS::ValueImp::isUndefined): Added. New SPI to make it easier to deal with ValueImp directly.
+        (KJS::ValueImp::isNull): Ditto.
+        (KJS::ValueImp::isBoolean): Ditto.
+        (KJS::ValueImp::isNumber): Ditto.
+        (KJS::ValueImp::isString): Ditto.
+        (KJS::ValueImp::isObject): Ditto.
+        (KJS::Value::Value): Removed non-conservative-GC code path and made constructor no
+        longer explicit so we can quietly create Value wrappers from ValueImp *; inexpensive with
+        conservative GC and eases the transition.
+        (KJS::Value::operator ValueImp *): Added. Quietly creates ValueImp * from Value.
+        (KJS::ValueImp::marked): Removed non-conservative-GC code path.
+
+        * kjs/value.cpp:
+        (KJS::ValueImp::mark): Removed non-conservative-GC code path.
+        (KJS::ValueImp::isUndefinedOrNull): Added. New SPI to make it easier to deal with ValueImp directly.
+        (KJS::ValueImp::isBoolean): Ditto.
+        (KJS::ValueImp::isNumber): Ditto.
+        (KJS::ValueImp::isString): Ditto.
+        (KJS::ValueImp::asString): Ditto.
+        (KJS::ValueImp::isObject): Ditto.
+        (KJS::undefined): Ditto.
+        (KJS::null): Ditto.
+        (KJS::boolean): Ditto.
+        (KJS::string): Ditto.
+        (KJS::zero): Ditto.
+        (KJS::one): Ditto.
+        (KJS::two): Ditto.
+        (KJS::number): Ditto.
+
+        * kjs/object.h: Made constructor no longer explicit so we can quietly create Object
+        wrappers from ObjectImp *; inexpensive with conservative GC and eases the transition.
+        (KJS::Object::operator ObjectImp *): Added. Quietly creates ObjectImp * from Object.
+        (KJS::ValueImp::isObject): Added. Implementation of new object-related ValueImp function.
+        (KJS::ValueImp::asObject): Ditto.
+
+        * kjs/object.cpp:
+        (KJS::ObjectImp::setInternalValue): Remove non-conservative-GC code path.
+        (KJS::ObjectImp::putDirect): Ditto.
+        (KJS::error): Added. Function in the new SPI style to create an error object.
+
+        * kjs/internal.h: Added the new number-constructing functions as friends of NumberImp.
+        There may be a more elegant way to do this later; what's important now is the new SPI.
+
+        * kjs/collector.h:  Remove non-conservative-GC code path and also take out some
+        unneeded APPLE_CHANGES.
+
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::addNativeReference): Remove non-conservative-GC code path.
+        (KJS::Bindings::removeNativeReference): Ditto.
+        (RootObject::removeAllNativeReferences): Ditto.
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::~RootObject): Ditto.
+        (KJS::Bindings::RootObject::setRootObjectImp): Ditto.
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate): Ditto.
+        (KJS::Collector::collect): Ditto.
+        (KJS::Collector::numGCNotAllowedObjects): Ditto.
+        (KJS::Collector::numReferencedObjects): Ditto.
+        (KJS::Collector::rootObjectClasses): Ditto.
+        * kjs/internal.cpp:
+        (NumberImp::create): Ditto.
+        (InterpreterImp::globalInit): Ditto.
+        (InterpreterImp::globalClear): Ditto.
+        * kjs/list.cpp:
+        (KJS::List::markProtectedLists): Ditto.
+        (KJS::List::clear): Ditto.
+        (KJS::List::append): Ditto.
+        * kjs/list.h:
+        (KJS::List::List): Ditto.
+        (KJS::List::deref): Ditto.
+        (KJS::List::operator=): Ditto.
+        * kjs/protect.h:
+        (KJS::gcProtect): Ditto.
+        (KJS::gcUnprotect): Ditto.
+
+2005-05-09  Chris Blumenberg  <cblu@apple.com>
+
+        Workaround gcc 3.3 internal compiler errors.
+
+        Reviewed by darin.
+
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject stringRepresentation]): call [NSString stringWithCString:encoding] rather than using @""
+
+2005-05-09  Darin Adler  <darin@apple.com>
+
+        * Makefile.am: Don't set up PBXIntermediatesDirectory explicitly;
+        Not needed to make builds work, spews undesirable error messages too.
+
+2005-05-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - make building multiple trees with make work better
+
+        * Makefile.am: Set up Xcode build directory before invoking xcodebuild.
+
+2005-05-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/4086570> Crash in JavaScriptCore with RSS Visualizer
+        
+        * kjs/internal.cpp:
+        (InterpreterImp::mark): mark staticNaN, it is usually protected by the Number
+        prototype but there is a small window where it can get collected.
+
+2005-05-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        - another gcc-4.0-related fix
+
+        * bindings/runtime_root.h: Take off extra namespace prefixes that apparently cause problems
+        compiling with gcc 4.0, although I have not observed the problems.
+
+2005-05-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        - fixed build rules to match other projects
+
+        * JavaScriptCore.pbproj/project.pbxproj: Set deployment target to 10.3 in the build styles.
+        When built without a build style (by Apple B&I) we want to get the target from the
+        environment. But when built with a build style (by Safari engineers and others), we want
+        to use 10.3.
+
+        * Makefile.am: Took out extra parameters that make command-line building different from
+        Xcode building. Now that this is fixed, you should not get a full rebuild if you switch
+        from command line to Xcode or back.
+
+2005-05-04  Maciej Stachowiak  <mjs@apple.com>
+
+        - revert presumably accidental change to mozilla JS test expected results, this
+        was making the tests fail.
+
+        * tests/mozilla/expected.html:
+
+2005-05-03  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/4102644> Crash in LiveConnect below KJS::Bindings::JavaInstance::stringValue() const
+
+        Correctly handle accessing nil objects from a Java object array.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::valueAt):
+
+2005-05-01  Darin Adler  <darin@apple.com>
+
+        - move to Xcode native targets and stop checking in generated files
+
+        * JavaScriptCore.pbproj/project.pbxproj: Updated to use native targets and generate all the generated
+        files, so we don't have to check them in any more.
+        * Info.plist: Added. Native targets use a separate file for this.
+
+        * Makefile.am: Removed pcre and kjs SUBDIRS. Also removed code that deleted the embedded copy of this
+        framework, since we haven't been embedding it for some time.
+
+        * kjs/grammar_wrapper.cpp: Added. Shell used to compile grammar.cpp since we can't add a generated file
+        easily to the list of files to be compiled.
+
+        * kjs/.cvsignore: Removed.
+        * kjs/Makefile.am: Removed.
+        * kjs/array_object.lut.h: Removed.
+        * kjs/date_object.lut.h: Removed.
+        * kjs/grammar.cpp: Removed.
+        * kjs/grammar.cpp.h: Removed.
+        * kjs/grammar.h: Removed.
+        * kjs/lexer.lut.h: Removed.
+        * kjs/math_object.lut.h: Removed.
+        * kjs/number_object.lut.h: Removed.
+        * kjs/string_object.lut.h: Removed.
+        * pcre/.cvsignore: Removed.
+        * pcre/Makefile.am: Removed.
+        * pcre/chartables.c: Removed.
+
+2005-04-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave Harrison.
+
+        - fixed problems preventing us from compiling with gcc 4.0
+
+        * JavaScriptCore.pbproj/project.pbxproj: Removed -Wmissing-prototypes from
+        WARNING_CPLUSPLUSFLAGS since it's now a C-only warning.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::getSlot): Changed some %d to %ld where the parameters where long ints.
+        (JSObject::setSlot): Ditto.
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJavaVM): Ditto.
+        (KJS::Bindings::getJNIEnv): Ditto.
+        * bindings/objc/objc_utility.mm: Fixed include of <JavascriptCore/internal.h> that needed the
+        letter "S" capitalized.
+        * kjs/bool_object.cpp: (BooleanProtoFuncImp::call): Rearranged how this function returns to
+        avoid incorrect gcc 4.0 warning.
+        * kjs/collector.cpp: (KJS::Collector::markStackObjectsConservatively): Changed code to check
+        the alignment of the passed-in pointers to only require pointer-level alignment, not 8-byte alignment.
+        Prevents a crash on garbage collect when compiled with gcc 4.0.
+        * kjs/nodes.cpp:
+        (WhileNode::execute): Added a redundant return after an infinite loop to work around incorrect gcc 4.0 warning.
+        (ForNode::execute): Ditto.
+        (SwitchNode::execute):Rearranged how this function returns to avoid incorrect gcc 4.0 warning.
+        (LabelNode::execute): Ditto.
+        * kjs/string_object.cpp: (replace): Ditto.
+
+2005-04-26  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/4098713> Scripting API is incompatible with Mozilla
+        
+        We were incompatible with Mozilla's implementation of the scripting APIs in
+        two ways:
+
+        Their NPN_SetException has the following signature:
+
+            void NPN_SetException(NPObject *npobj, const NPUTF8 *message);
+
+        ours has:
+
+            void NPN_SetException (NPObject * npobj, const NPString *message);
+
+        Also, they expect the string returned from NPN_UTF8FromIdentifier() to be freed by caller.
+        We do not.
+
+        I changed both behaviors to match Mozilla.
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_SetException):
+        * bindings/npruntime.cpp:
+        (_NPN_UTF8FromIdentifier):
+        (_NPN_IntFromIdentifier):
+        (_NPN_SetExceptionWithUTF8):
+        * bindings/npruntime.h:
+        * bindings/npruntime_impl.h:
+
+2005-04-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Chris.
+
+        <rdar://problem/4092136> reproducible crash in KJS::kjs_fast_realloc loading maps.google.com
+        
+        * kjs/string_object.cpp:
+        (StringObjectFuncImp::call): Allocate adopted ustring buffer properly.
+
+2005-04-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/ustring.cpp: (KJS::UString::UTF8String): Fix off-by-one error in surrogate pair logic.
+
+2005-04-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fixed <rdar://problem/4090046> JavaScript throw statement causes parse error when no semicolon is present
+
+        * kjs/grammar.y: Added an additional rule for throw like the ones we have for all the other semicolon rules.
+        Not sure why we missed this one earlier.
+
+        * kjs/grammar.cpp: Regenerated.
+
+=== JavaScriptCore-412.1 ===
+
+2005-04-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - speedups, total 12% on JavaScript iBench
+
+        I ran the benchmark under Shark and followed its advice a lot, mainly.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate): Take out special case for 0; costing speed but unexercised.
+        Use numLiveObjectsAtLastCollect instead of numAllocationsSinceLastCollect so we don't
+        have to bump it each time we call allocate. Put numLiveObjects into a local variable to
+        cut down on global variable accesses. Make "next" cell pointer be a byte offset rather
+        than a pointer so we don't need a special case for NULL. Allow freeList to point to some
+        bogus item when the entire block is full rather than going out of our way to make it
+        point to NULL.
+        (KJS::Collector::markProtectedObjects): Get table size and pointer into locals outside
+        the loop to avoid re-loading them over and over again.
+        (KJS::Collector::collect): Put numLiveObjects into a local variable to cut down on global
+        variable accesses. Make "next" cell pointer be a byte offset as above. Put numLiveObjects
+        into a local variable to cut down on global variable accesses. Set numLiveObjectsAtLastCollect
+        rather than numAllocationsSinceLastCollect.
+        (KJS::Collector::numReferencedObjects): Get table size and pointer into locals outside
+        the loop to avoid re-loading them over and over again.
+        (KJS::Collector::rootObjectClasses): Ditto.
+
+        * kjs/internal.h: Make Value be a friend of NumberImp so it can construct number objects
+        directly, avoiding the conversion from Number to Value.
+
+        * kjs/internal.cpp: (StringImp::toObject): Don't use Object::dynamicCast, because we know
+        the thing is an object and we don't want to do all the extra work; just cast directly.
+
+        * kjs/list.cpp: (KJS::List::List): Construct valueRefCount in a way that avoids the need for
+        a branch -- in the hot case this just meant avoiding checking a variable we just set to false.
+
+        * kjs/lookup.cpp: (keysMatch): Marked this inline.
+
+        * kjs/nodes.cpp: Disabled KJS_BREAKPOINT, to avoid calling hitStatement all the time.
+        (BooleanNode::evaluate): Make a Value directly, rather than making a Boolean which is converted
+        into a Value.
+        (NumberNode::evaluate): Ditto.
+        (StringNode::evaluate): Ditto.
+        (ArrayNode::evaluate): Ditto.
+        (FunctionCallNode::evaluate): Use new inline baseIfMutable to avoid unnecessary getBase function.
+        Also just use a pointer for func, rather than an Object.
+        (PostfixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
+        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
+        integer and back.
+        (DeleteNode::evaluate): Make a Value directly.
+        (TypeOfNode::evaluate): Use new inline baseIfMutable and make Value directly.
+        (PrefixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
+        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
+        integer and back.
+        (UnaryPlusNode::evaluate): Make a Value directly.
+        (NegateNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
+        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
+        integer and back.
+        (BitwiseNotNode::evaluate): Make a Value directly.
+        (LogicalNotNode::evaluate): Ditto.
+        (ShiftNode::evaluate): Don't convert to a double before making a Value.
+        (RelationalNode::evaluate): Make a Value directly.
+        (EqualNode::evaluate): Ditto.
+        (BitOperNode::evaluate): Ditto.
+        (AssignNode::evaluate): Make a Value directly. Change code so that it passes a "known to be integer"
+        boolean in, often avoiding a conversion from floating point to integer and back.
+        (VarDeclNode::evaluate): Make a Value directly.
+        (ForNode::execute): Remove unused local variable.
+
+        * kjs/operations.h:
+        (KJS::isNaN): Inlined.
+        (KJS::isInf): Ditto.
+        (KJS::isPosInf): Ditto.
+        (KJS::isNegInf): Ditto.
+
+        * kjs/operations.cpp: Change isNaN, isInf, isPosInf, and isNegInf to be inlines.
+        (KJS::equal): Rewrite to avoid creating values and recursing back into the function.
+        (KJS::relation): Rearranged code so that we don't need explicit isNaN checks.
+        (KJS::add): Changed code to make Value directly, and so that it passes a "known to be integer"
+        boolean in, often avoiding a conversion from floating point to integer and back.
+        (KJS::mult): Ditto.
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap): Get size and entries pointer outside loop to avoid
+        re-getting them inside the loop.
+        (KJS::PropertyMap::clear): Ditto. Clear value pointer in addition to key, so we can just
+        look at the value pointer in the mark function.
+        (KJS::PropertyMap::get): Get sizeMask and entries pointer outside loop to avoid
+        re-getting them inside the loop.
+        (KJS::PropertyMap::put): Ditto.
+        (KJS::PropertyMap::insert): Ditto.
+        (KJS::PropertyMap::remove): Ditto.
+        (KJS::PropertyMap::mark): Get size and entries pointer outside loop to avoid
+        re-getting them inside the loop. Don't bother checking key for 0, since we already have
+        to check value for 0. (Also had to change clear() to set value to 0.)
+        (KJS::PropertyMap::addEnumerablesToReferenceList): Get size and entries pointer outside
+        loop to avoid re-getting them inside the loop.
+        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): Ditto.
+        (KJS::PropertyMap::save): Ditto.
+
+        - other changes
+
+        * kjs/protected_values.h: Remove unneeded class name qualifiers.
+
+        * kjs/reference.h:
+        (KJS::Reference::baseIfMutable): New inline function: replaces isMutable().
+        (KJS::Reference::Reference): Inlined.
+        * kjs/reference.cpp:
+        (KJS::Reference::getValue): Rewrite to not use getBase.
+        (KJS::Reference::putValue): Ditto.
+        (KJS::Reference::deleteValue): Dittol
+
+        * kjs/simple_number.h:
+        (KJS::SimpleNumber::integerFits): Added. For use when the parameter is known to be integral.
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Create the number without first converting
+        to double in various cases that involve integers.
+
+        * kjs/ustring.h:
+        (KJS::UString::attach): Inlined.
+        (KJS::UString::release): Inlined.
+        * kjs/ustring.cpp:
+        (KJS::UString::find): Get first character outside the loop instead of re-fetching it each time.
+
+        * kjs/value.cpp:
+        (Value::Value): Added overloads for all the various specific types of values, so you don't have
+        to convert from, say, Number to Value, just to create one.
+        (Number::Number): Added an overload that takes a boolean to indicate the number is already
+        known to be an integer.
+
+        * kjs/value.h: Added more Value constructors, added a version of toNumber that returns
+        a boolean to indicate if the number is known to be an integer (because it was a "simple number").
+        (KJS::ValueImp::marked): Inlined.
+        (KJS::ValueImp::dispatchType): Inlined.
+        (KJS::ValueImp::dispatchToPrimitive): Inlined.
+        (KJS::ValueImp::dispatchToBoolean): Inlined.
+        (KJS::ValueImp::dispatchToNumber): Inlined.
+        (KJS::ValueImp::dispatchToString): Inlined.
+        (KJS::ValueImp::dispatchToUInt32): Inlined.
+
+2005-04-14  Maciej Stachowiak  <mjs@apple.com>
+
+        - make fast_malloc.h a private header, not project
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+2005-04-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Richard.
+
+        <rdar://problem/4089734> JavaScript iBench can be sped up ~10% with custom allocator
+
+        - use custom single-threaded malloc for all non-GC JavaScriptCore
+        allocations, for a 9.1% speedup on JavaScript iBench
+        
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate): Use dlmalloc to allocate the collector blocks.
+        (KJS::Collector::collect): And dlfree to free it.
+        * kjs/fast_malloc.cpp: Added, just the standard dlmalloc here.
+        * kjs/fast_malloc.h: Added. Declarations for the functions. Also added a handy
+        macro to give a class custom operator new/delete
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add): Use dlmalloc/dlfree.
+        * kjs/nodes.h: make nodes KJS_FAST_ALLOCATED.
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::~PropertyMap): Use dlmalloc/dlfree.
+        (KJS::PropertyMap::rehash): ditto
+        * kjs/scope_chain.h:
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::createCopying): New named constructor that copies a passed-in
+        buffer, to hide allocation details from webcore.
+        (KJS::UString::UString): use createCopying when appropriate.
+        (KJS::UString::Rep::destroy): Use dlmalloc/dlfree.
+        (KJS::UString::expandedSize): likewise
+        (KJS::UString::expandCapacity): likewise
+        (KJS::UString::expandPreCapacity): likewise
+        (KJS::UString::spliceSubstringsWithSeparators): likewise
+        (KJS::UString::append): likewise
+        (KJS::UString::operator=): likewise
+        (KJS::UString::detach): likewise
+        * kjs/ustring.h: make UString and UString::Rep KJS_FAST_ALLOCATED.
+
+2005-04-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/4086819> Avoid using protect count hash table so much for 5.6% JS iBench speedup
+
+        - Avoid using protected values hash for the two most common cases
+        - Bump up ListImp high water mark, new testing shows 508 ListImps are
+        created during JS iBench.
+
+        Net result is a 5.6% speedup on JavaScript iBench
+        
+        * kjs/collector.cpp:
+        (KJS::Collector::collect): mark protected lists as appropriate.
+        * kjs/context.h:
+        * kjs/list.cpp:
+        (KJS::ListImp::markValues): Moved implementation from List::markValues
+        (KJS::List::markProtectedLists): Implemented - scan pool and overflow
+        list.
+        (KJS::allocateListImp): link lists outside the pool into a separate
+        doubly linked list to be able to mark protected lists
+        (KJS::deallocateListImp): do the corresponding delinking
+        (KJS::List::derefValues): do nothing in conservative GC mode
+        (KJS::List::refValues): do nothing in conservative GC mode
+        (KJS::List::markValues): call ListImp version
+        (KJS::List::append):
+        * kjs/list.h:
+
+=== Safari-412 ===
+
+=== Safari-411 ===
+
+=== Safari-410 ===
+
+=== Safari-409 ===
+
+=== Safari-408 ===
+
+=== Safari-407 ===
+
+2005-03-16  Jens Alfke  <jens@apple.com>
+
+        Reviewed by Kevin.
+
+        Fix for <rdar://problem/4025212> "REGRESSION (163-164): search not performed correctly; united.com"
+        JavaScript unescape("") was returning a messed-up String object that appeared identical to an empty string, but would in some cases act as 'null' when passed to native functions, in this case the Option() constructor.
+        In the implementation of unescape, the UString holding the result was not initialized to "", so it started out as a null string. If nothing was appended to it, it remained null, resulting in a JavaScript String object with some bad behaviors (namely, converting it to a DOMStringImpl results in a NULL pointer.)
+        Darin says this regression occurred when we replaced our own implementation of unescape() with code from KJS.
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::call):
+
+2005-03-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/4053276> WebScripting protocol in WebKit cannot convert Boolean in Javascript to BOOL in Objective-C
+
+        Added JavaScript boolean to type that can be converted to
+        ObjC scalar parameters.
+
+        Reviewed by Ken Kocienda.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+
+=== Safari-406 ===
+
+=== Safari-405 ===
+
+=== Safari-403 ===
+
+=== Safari-402 ===
+
+=== Safari-401 ===
+
+=== Safari-400 ===
+
+=== Safari-188 ===
+
+2005-02-21  Darin Adler  <darin@apple.com>
+
+        * kjs/date_object.cpp: (timetUsingCF): Fixed indenting.
+
+2005-02-17  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/4003251> Safari crashed at www.icelandair.com in LiveConnect code converting a Java object to a string
+
+        Added nil check.
+
+        Reviewed by John Sullivan.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+
+=== Safari-187 ===
+
+2005-02-11  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3985118> DOM objects not being marshaled on JS->native calls
+
+        Re-factored how 'native' wrappers for JS objects are created.  The interpreter now
+        creates these wrappers.  The WebCore subclass of the interpreter now overrides
+        createLanguageInstanceForValue() and creates a DOM ObjC wrapper for DOM objects.
+
+        Reviewed by Ken.
+
+        * bindings/c/c_utility.cpp:
+        (convertValueToNPVariant):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+        (JavaArray::valueAt):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject _setExecutionContext:KJS::Bindings::]):
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        * bindings/objc/WebScriptObjectPrivate.h:
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+        (KJS::Bindings::createObjcInstanceForValue):
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        (Instance::createRuntimeObject):
+        (Instance::createLanguageInstanceForValue):
+        * bindings/runtime.h:
+        * kjs/interpreter.cpp:
+        (Interpreter::createLanguageInstanceForValue):
+        * kjs/interpreter.h:
+
+=== Safari-186 ===
+
+2005-02-10  Darin Adler  <darin@apple.com>
+
+        "Reviewed" by Richard (he told me the file was obsolete).
+
+        - got rid of an obsolete file
+
+        * bindings/npsap.h: Removed.
+
+=== Safari-185 ===
+
+=== Safari-183 ===
+
+2005-02-03  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3972905> CrashTracer: ...36 crashes at com.apple.WebCore: khtml::CSSStyleSelector::applyDeclarations + 120
+
+        Revert to old (and correct) behavior of returning runtime object
+        when passed as a parameter, rather than it's corresponding DOM
+        object.
+
+        Reviewed by Chris.
+
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+
+=== Safari-182 ===
+
+2005-01-28  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3980389> JavaScript bindings access incorrect runtime object
+
+        Only use special 'back door' property to get the runtime object if thisObj isn't
+        already a runtime object.
+
+        <gratuitous> Cleaned up a couple of strcmp on ClassInfo name.  Used == on
+        ClassInfo pointer instead.
+
+        Reviewed by Chris.
+
+        * bindings/c/c_utility.cpp:
+        (convertValueToNPVariant):
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::call):
+
+=== Safari-181 ===
+
+2005-01-26  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3972522> (179-180) 40% slowdown on iBench JavaScript test
+
+        I added a member variable to ObjectImp.  This changed it's size and consequently
+        hampered the optimizations built into the garbage collector.  Objects no longer
+        fit within the allocators cell size, and thus allocation fell back to a slower
+        allocator.
+
+        As a result of this fix I also dramatically cleaned up how runtime objects are
+        accessed.  The path mostly *removes* code.
+        
+        Reviewed by Chris.
+
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::call):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+        (RuntimeObjectImp::defaultValue):
+        * bindings/runtime_object.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::ObjectImp):
+        * kjs/object.h:
+
+2005-01-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by me, changes by Han Ming Ong.
+
+        - <rdar://problem/3964302> SWB: A few files need to be updated to be compilable under GCC 4.0
+
+        * bindings/objc/WebScriptObjectPrivate.h: Make members public.
+        * kjs/lookup.h: Change "value.h" to "object.h" because we need KJS::Object to compile a template.
+
+2005-01-20  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3964634> undefined property value from binding seems to evaluate to true in an if statement
+
+        The comprehensive fix for this problem requires new API, as described in 3965326.  However,
+        given that we can't add new API at this point, the 'ObjcFallbackObjectImp' will behave
+        like and Undefined object if  invokeUndefinedMethodFromWebScript:withArguments: isn't
+        implemented on the bound object.
+
+        Reviewed by Chris.
+
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::type):
+        (ObjcFallbackObjectImp::implementsCall):
+        (ObjcFallbackObjectImp::toBoolean):
+        * bindings/testbindings.mm:
+        (+[MyFirstInterface isSelectorExcludedFromWebScript:]):
+        (+[MyFirstInterface isKeyExcludedFromWebScript:]):
+
+=== Safari-180 ===
+
+2005-01-19  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3853676> Browser Crash when accessing CCWeb Progress Page - KJS::Bindings::convertValueToJValue
+
+        Fixed the following problems with LiveConnect that are demonstrated by the application
+        described in 3853676.
+
+        1.  If a nil object is passed in an array from Java to JavaScript we will crash.
+        2.  We sometimes will incorrectly attempt to access a generic JavaScript as a Java runtime object wrapper.
+        3.  We will sometimes fail to find the correct static method ID.
+
+        Reviewed by Maciej.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::convertJObjectToValue):
+        (JSObject::listFromJArray):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+        (JavaField::setValueToInstance):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getMethodID):
+        (KJS::Bindings::convertValueToJValue):
+        * bindings/runtime_array.h:
+
+2005-01-18  Richard Williamson   <rjw@apple.com>
+
+        Fixed several issues all arising from analysis of plugin detection code at ifilm.com:
+
+        Fixed <rdar://problem/3958592> can't script plug-ins if plug-in is invoked with <object> element instead of <embed>
+        Fixed <rdar://problem/3958597> <object> elements with IDs do not show up as named properties of the document
+        Fixed <rdar://problem/3960973> DOM objects for plugin elements are not accessible
+        Fixed <rdar://problem/3958601> need an additional class ID in WebCore for the Real plug-in
+
+        We now support accessing scriptable plugin objects that are specified with <applet>, <embed>, or <object>
+        tags.  Also, if any of these elements are named they can be accessed from the document or window objects.
+        Finally, DOM methods are properties will be forwarded appropriately for the plugin's root scriptable object.
+
+        Reviewed by Chris.
+
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::supportsSetValueOfUndefinedField):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+        (RuntimeObjectImp::defaultValue):
+        * bindings/runtime_object.h:
+        (KJS::RuntimeObjectImp::fallbackObject):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::ObjectImp):
+        * kjs/object.h:
+        (KJS::ObjectImp::forwardingScriptMessage):
+        (KJS::ObjectImp::setForwardingScriptMessage):
+
+2005-01-18  Richard Williamson   <rjw@apple.com>
+
+        Back out a change that was incorrectly committed yesterday.
+
+        Reviewed by Chris.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+
+2005-01-17  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3753030> Need to ensure same origin for plugin binding invocations (origin security rules)
+
+        Keep track of originating execution context and target execution
+        context for native JS object wrappers, and perform appropriate
+        security checks.
+
+        Reviewed by David Harrison.
+
+        * bindings/NP_jsobject.cpp:
+        (_isSafeScript):
+        (_NPN_CreateScriptObject):
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        (_NPN_SetException):
+        * bindings/NP_jsobject.h:
+        * bindings/c/c_instance.cpp:
+        (CInstance::CInstance):
+        (CInstance::stringValue):
+        * bindings/c/c_instance.h:
+        * bindings/c/c_utility.cpp:
+        (convertValueToNPVariant):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        (JavaInstance::valueOf):
+        * bindings/jni/jni_instance.h:
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject _initializeWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        (-[WebScriptObject _initWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        (-[WebScriptObject KJS::Bindings::]):
+        (-[WebScriptObject _setOriginExecutionContext:KJS::Bindings::]):
+        (-[WebScriptObject _isSafeScript]):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject removeWebScriptKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        (-[WebScriptObject webScriptValueAtIndex:]):
+        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
+        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
+        * bindings/objc/WebScriptObjectPrivate.h:
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_runtime.mm:
+        (convertValueToObjcObject):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        * bindings/runtime.cpp:
+        (Instance::Instance):
+        (Instance::operator=):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::Instance):
+        (KJS::Bindings::Instance::setExecutionContext):
+        (KJS::Bindings::Instance::executionContext):
+        * bindings/runtime_root.cpp:
+        (RootObject::setInterpreter):
+        * bindings/runtime_root.h:
+        * kjs/interpreter.h:
+        (KJS::Interpreter::isGlobalObject):
+        (KJS::Interpreter::interpreterForGlobalObject):
+        (KJS::Interpreter::isSafeScript):
+
+=== Safari-179 ===
+
+2005-01-13  Vicki Murley <vicki@apple.com>
+
+        Reviewed by Adele.
+
+        - fix <rdar://problem/3946836> Safari about box lists 2004 instead of 2005
+ 
+        * JavaScriptCore.pbproj/project.pbxproj: bump "2004" to "2005"
+
+2005-01-12  Richard Williamson   <rjw@apple.com>
+
+        Avoid additional work on dealloc by adding early out to
+        removeNativeReference().  (This will save time on dealloc
+        for all ObjC DOM objects.)
+
+        Reviewed by Darin.
+
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::removeNativeReference):
+
+2005-01-12  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3923356> REGRESSION: Java/JavaScript security checks working incorrectly
+
+        We were always returning the first "root" object for all runtime
+        objects.  Changed 0 in loop to i, the index.
+
+        Reviewed by David Harrison.
+
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::rootForImp):
+
+2005-01-11  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3887930> Must use new Java plug-in API to get/set fields so exception handling works (fixes many LiveConnect crashes)
+
+        Use the new dispatching API to invoke JNI, rather than calling JNI
+        directly.
+
+        Reviewed by David Harrison.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::dispatchValueFromInstance):
+        (JavaField::valueFromInstance):
+        (JavaField::dispatchSetValueToInstance):
+        (JavaField::setValueToInstance):
+        * bindings/jni/jni_runtime.h:
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertValueToJValue):
+
+=== Safari-178 ===
+
+=== Safari-177 ===
+
+=== Safari-176 ===
+
+2004-12-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Kevin.
+
+        <rdar://problem/3926869> Opening caches window after running PLT causes crash
+        
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::getProtectCount): Don't include simple numbers in
+        the protected value table.
+        (KJS::ProtectedValues::increaseProtectCount): Ditto.
+        (KJS::ProtectedValues::decreaseProtectCount): Ditto.
+
+2004-12-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3920764> Unimplemented String methods toLocaleLowerCase and toLocaleUpperCase
+
+        * kjs/string_object.h: Added toLocaleLowerCase and toLocaleUpperCase.
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Made locale versions be synonmyms for the
+        non-locale-specific versions.
+        * kjs/string_object.lut.h: Regenerated.
+
+2004-12-14  Richard Williamson   <rjw@apple.com>
+
+        Pass URL of plugin view when call into JNI.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+
+2004-12-13  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3827799> repro. crash with IBM Rational ClearCase Web under Safari (Java/LiveConnect-related)
+
+        Add support for calling static Java methods from JavaScript.
+
+        Reviewed by Maciej.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::JavaMethod):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaMethod::isStatic):
+        * bindings/jni/jni_utility.cpp:
+        (callJNIStaticMethod):
+        (KJS::Bindings::callJNIBooleanMethod):
+        (KJS::Bindings::callJNIStaticBooleanMethod):
+        * bindings/jni/jni_utility.h:
+
+2004-12-13  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3887767> LiveConnect doesn't propagate Java exceptions back to JavaScript (prevents security suite from running)
+
+        Reviewed by John.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_objc.mm:
+        (KJS::Bindings::dispatchJNICall):
+        * bindings/jni/jni_runtime.h:
+        * bindings/jni/jni_utility.h:
+
+=== Safari-175 ===
+
+2004-12-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/3908017> REGRESSION (172-173): assertion in ObjectImp::construct trying to create JS error (24hourfitness.com)
+
+        The fix was to implement copy constructor and assignment operator,
+        the ones that worked on the base class did not replace the
+        defaults apparently!
+        
+        * kjs/protect.h:
+        (KJS::ProtectedValue::ProtectedValue):
+        (KJS::ProtectedValue::operator=):
+        (KJS::ProtectedObject::ProtectedObject):
+        (KJS::ProtectedObject::operator=):
+        
+        Also fixed a bug in the GC test mode that compares the results of
+        the old collector and the new collector.
+
+        * kjs/value.cpp:
+        (ValueImp::mark):
+
+=== Safari-173 ===
+
+2004-11-23  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3890385> field and method cache incorrectly capped (c bindings)
+
+        Reviewed by Ken.
+
+        * bindings/c/c_class.cpp:
+        (CClass::_commonInit):
+
+2004-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+        <rdar://problem/3889696> Enable conservative garbage collection for JavaScript
+        
+        * kjs/collector.cpp:
+        (KJS::Collector::Thread::Thread):
+        (KJS::destroyRegisteredThread):
+        (KJS::initializeRegisteredThreadKey):
+        (KJS::Collector::registerThread):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::Collector::markOtherThreadConservatively):
+        * kjs/collector.h:
+        * kjs/internal.cpp:
+        (lockInterpreter):
+        * kjs/value.h:
+
+=== Safari-172 ===
+
+2004-11-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3880561> Default string value of ObjC object in JS should be [obj description].
+
+        Reviewed by Hyatt.
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::stringValue):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertNSStringToString):
+        (KJS::Bindings::convertObjcValueToValue):
+
+=== Safari-171 ===
+
+2004-11-09  Chris Blumenberg  <cblu@apple.com>
+
+        Fixed: <rdar://problem/3872724> soft link against JavaVM to save ~2MB RSHRD
+
+        Reviewed by rjw.
+
+        * ChangeLog:
+        * JavaScriptCore.pbproj/project.pbxproj: don't link against JavaVM
+        * bindings/softlinking.c: Added.
+        (loadFramework): new
+        (getFunctionPointer): new
+        (JNI_GetCreatedJavaVMs): load JavaVM if not already loaded, get _JNI_GetCreatedJavaVMs symbol if we don't already have it, call JNI_GetCreatedJavaVMs
+
+=== Safari-170 ===
+
+2004-11-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed <rdar://problem/3865365> since -[WebScriptObject dealloc] does not call [super dealloc], the build will fail due to a warning
+        - fixed behavior so that [[WebScriptObject alloc] initWithCoder:] doesn't leak WebUndefined instances
+          and incidentally so that [[WebScriptObject alloc] init] returns the single shared instance rather
+          than allocating a new one
+
+        * bindings/objc/WebScriptObject.mm: Removed some stray semicolons.
+        (+[WebUndefined allocWithZone:]): Made this the common bottleneck that returns the single instance
+        of WebUndefined, since it's the single method that normally allocates new instances. Calls super to
+        actually allocate only the very first time it's called.
+        (-[WebUndefined initWithCoder:]): Simplified to just return self (no reason to re-lookup the single
+        shared instance since there can be only one).
+        (-[WebUndefined copyWithZone:]): Ditto.
+        (-[WebUndefined retain]): Ditto.
+        (-[WebUndefined retainCount]): Use UINT_MAX constant here (matches usage in NSObject.m for retain count
+        of class).
+        (-[WebUndefined autorelease]): Simplified to just return self (see above).
+        (-[WebUndefined copy]): No need to override this since it just turns around and calls copyWithZone:.
+        (-[WebUndefined dealloc]): Added an assertion since this method should never be called. Also added
+        a call to [super dealloc] after return; to make the new -Wdealloc-check compiler happy (fixing the
+        bug mentioned above).
+        (+[WebUndefined undefined]): Reimplemented; calls allocWithZone:NULL to get to the shared instance.
+        No need to call init, since that's a no-op for this class.
+
+2004-11-03  David Harrison  <harrison@apple.com>
+
+        Reviewed by Darin.
+        
+        Eliminate the use of a marker file to determine how to build.
+
+        * .cvsignore:
+        * Makefile.am:
+
+2004-11-01  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3861469> Latest Real player crashes Safari on some sites.
+
+        Reviewed by Ken.
+
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        (CInstance::invokeDefaultMethod):
+        Initialize out parameters to void type.
+
+        * bindings/c/c_runtime.cpp:
+        (CField::valueFromInstance):
+        (CField::setValueToInstance):
+        Initialize out parameters to void type.
+        Also added additional checks to protect against classes that 
+        don't implement all functions.
+
+2004-11-01  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3861257> WebUndefined should be returned for undefined values
+
+        Reviewed by John.
+
+        * ChangeLog:
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
+        Added additional conversion Undefined -> WebUndefined.
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+        Added additional conversion WebUndefined -> Undefined.
+
+2004-11-01  Darin Adler  <darin@apple.com>
+
+        - fixed <rdar://problem/3855573> Remove reference to "WebScriptMethods" from WebScriptObject.h comments
+
+        * bindings/objc/WebScriptObject.h: Removed unneeded #ifdef protection for multiple includes (since
+        this is an Objective-C header and we use #import for those). Fixed comments as requested in the bug
+        report to match the contents of the file.
+
+=== Safari-169 ===
+
+=== Safari-168 ===
+
+2004-10-22  Ken Kocienda  <kocienda@apple.com>
+
+        Reviewed by me
+
+        * JavaScriptCore.pbproj/project.pbxproj:  
+        Add GCC_ENABLE_OBJC_GC and GCC_FAST_OBJC_DISPATCH flags.
+
+=== Safari-167 ===
+
+2004-10-13  Richard Williamson   <rjw@apple.com>
+
+        Moved boolean checks prior to NSNumber checks.  booleans are
+        NSNumbers.
+
+        Follow on to <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number.
+
+        Reviewed by John.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+
+2004-10-12  Richard Williamson   <rjw@apple.com>
+
+        Fixed access to DOM object via WebScriptObject API.
+        The execution context for DOM objects wasn't being found.
+        <rdar://problem/3831372> The valueForKey method for @"offsetLeft" on a paragraph element causes a crash.
+
+        Reviewed by Chris.
+
+        * bindings/objc/WebScriptObject.mm:
+        (_didExecute):
+        (-[WebScriptObject KJS::Bindings::]):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        * bindings/objc/WebScriptObjectPrivate.h:
+
+2004-10-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin.
+
+        - fixed <rdar://problem/3804661> REGRESSION: JavaScriptCore framework now has two init routines
+
+        * bindings/NP_jsobject.cpp: Fixed unnecessarily-complex globals set up that was
+        creating an init routine.
+
+        * kjs/ustring.cpp: Changed around the UString::Rep::empty construction to not
+        require a global constructor that creates an init routine.
+
+2004-10-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin.
+
+        - fixed <rdar://problem/3822618> REGRESSION (164-165): expedia.com's popup help doesn't work
+
+        * kjs/reference.cpp: (Reference::putValue): Change so that references not found in any object
+        work with the window object of the page the function is in, not the page of the caller. This
+        is what all other browsers do. This code was hidden before by the "everything is defined on
+        window object" hack in WebCore.
+
+2004-10-07  Richard Williamson   <rjw@apple.com>
+
+        Added simple JavaScript call tracing.  Very useful for
+        debugging complex pages.
+
+        Tracing is only available in development builds and is
+        enabled by:
+
+        (gdb) set traceJavaScript = 1
+
+        or programatically
+
+        setTraceJavaScript(true)
+
+        Function, args, and return values are printed to console.  Very
+        verbose.
+
+        Reviewed by Ken.
+
+        * kjs/function_object.cpp:
+        (FunctionProtoFuncImp::call):
+        * kjs/object.cpp:
+        (KJS::Object::call):
+
+=== Safari-166 ===
+
+2004-10-05  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3819234> NPN_SetException (and throwException:) isn't implemented
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_SetException):
+        * bindings/npruntime.cpp:
+        (_NPN_SetExceptionWithUTF8):
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject throwException:]):
+        * kjs/internal.h:
+        (KJS::InterpreterImp::context):
+
+2004-10-05  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number
+
+        Reviewed by Ken.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+
+2004-10-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - rolled in a fix the KDE folks did for the operations that generate HTML fragments
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Added quote marks to generated HTML.
+
+        - rolled out an old workaround we don't need any more
+
+        * JavaScriptCore.pbproj/project.pbxproj: Remove -Wno-long-double because the <math.h> issue that
+        required it is no longer there.
+
+2004-09-30  Richard Williamson  <rjw@apple.com>
+
+        Fixed <rdar://problem/3821215> NPN hasMethod and hasProperty functions should take NPObjects, not NPClass
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (_NPN_GetProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        * bindings/c/c_class.cpp:
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_class.h:
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::methodsNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/npruntime.h:
+        * bindings/objc/objc_class.h:
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::hasProperty):
+
+2004-09-29  Chris Blumenberg  <cblu@apple.com>
+
+        Prepended underscores to NPN methods so that when the QT plug-in loads these symbols, it uses the non-underscore versions in WebKit. Without this, the QT plug-in was failing to load when launching Safari from the command-line.
+
+        Reviewed by rjw.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (_NPN_CreateScriptObject):
+        (_NPN_InvokeDefault):
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        * bindings/c/c_class.cpp:
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_instance.cpp:
+        (CInstance::CInstance):
+        (CInstance::~CInstance):
+        (CInstance::operator=):
+        (CInstance::invokeMethod):
+        (CInstance::invokeDefaultMethod):
+        * bindings/c/c_runtime.cpp:
+        * bindings/c/c_runtime.h:
+        (KJS::Bindings::CField::name):
+        (KJS::Bindings::CMethod::name):
+        * bindings/npruntime.cpp:
+        (_NPN_GetStringIdentifier):
+        (_NPN_GetStringIdentifiers):
+        (_NPN_GetIntIdentifier):
+        (_NPN_IdentifierIsString):
+        (_NPN_UTF8FromIdentifier):
+        (_NPN_IntFromIdentifier):
+        (NPN_InitializeVariantWithObject):
+        (_NPN_ReleaseVariantValue):
+        (_NPN_CreateObject):
+        (_NPN_RetainObject):
+        (_NPN_ReleaseObject):
+        (_NPN_SetExceptionWithUTF8):
+        (_NPN_SetException):
+
+2004-09-26  Darin Adler  <darin@apple.com>
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Remove strange use of high() and
+        low() to get Unicode value of character, and just use unicode().
+
+2004-09-26  Darin Adler  <darin@apple.com>
+
+        - refine charAt/charCodeAt fix slightly
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Treat undefined the same was as an
+        omitted parameter, as we do everywhere else, and as other browsers do here.
+
+2004-09-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin.
+
+        - fixed <rdar://problem/3816097> REGRESSION: mailblocks, and presumably many other pages, failing because variable not found
+
+        * kjs/internal.cpp: (InterpreterImp::evaluate): Process variable declarations before executing
+        the program. We were doing this properly for functions, but not entire programs.
+
+        - fixed <rdar://problem/3814706> REGRESSION: text fields in mailblocks wizards do not accept keystrokes due to use of charCodeAt()
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Changed the implementation of charAt
+        and charCodeAt to treat a missing parameter as an index of 0, rather than an invalid index.
+
+        * tests/mozilla/expected.html: Update for two tests that now pass with these changes.
+
+=== Safari-165 ===
+
+=== Safari-164 ===
+
+2004-09-14  Richard Williamson   <rjw@apple.com>
+
+        1.  Add class parameter to object allocation function.  This is somewhat redundant, given that
+        the allocation function is in the class function vector, but people wanted to use the same
+        allocation function for different classes.
+        
+        2.  Renamed NPN_Class to NPN_Invoke to match the name in the function vector.
+        
+        3.  Add support for a default function on an object.  This is a feature that ActiveX supports,
+        and will allow JavaScript code to be written that will look exactly the same for both ActiveX
+        plugins and Netscape or WebKit plugins.  There are implementations included for the 'C' and
+        'Objective-C' bindings.
+        
+        There bugs are covered by
+        
+        <rdar://problem/3776343> Support for default functions in the JavaScript bindings
+        <rdar://problem/3779186> NPN_Call needs to be renamed to NPN_Invoke
+        <rdar://problem/3674754> Need to implement latest npruntime.h
+
+        Reviewed by John.
+
+        * bindings/NP_jsobject.cpp:
+        (jsAllocate):
+        (NPN_InvokeDefault):
+        (NPN_Invoke):
+        * bindings/c/c_class.cpp:
+        * bindings/c/c_instance.cpp:
+        (CInstance::CInstance):
+        (CInstance::operator=):
+        (CInstance::invokeMethod):
+        (CInstance::invokeDefaultMethod):
+        * bindings/c/c_instance.h:
+        * bindings/c/c_runtime.cpp:
+        * bindings/c/c_runtime.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeDefaultMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/npruntime.cpp:
+        (NPN_CreateObject):
+        * bindings/npruntime.h:
+        * bindings/objc/WebScriptObject.h:
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::fallbackObject):
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeDefaultMethod):
+        * bindings/objc/objc_runtime.h:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
+        (ObjcFallbackObjectImp::get):
+        (ObjcFallbackObjectImp::put):
+        (ObjcFallbackObjectImp::canPut):
+        (ObjcFallbackObjectImp::implementsCall):
+        (ObjcFallbackObjectImp::call):
+        (ObjcFallbackObjectImp::hasProperty):
+        (ObjcFallbackObjectImp::deleteProperty):
+        (ObjcFallbackObjectImp::defaultValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Class::fallbackObject):
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::setValueOfUndefinedField):
+        (KJS::Bindings::Instance::valueOf):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::implementsCall):
+        (RuntimeObjectImp::call):
+        * bindings/runtime_object.h:
+
+2004-09-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/3794735> Gmail- sending a very long message with Safari is so slow it seems like a hang
+        
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): Replaced implementation of replace()
+        method with function below...
+        (replace): In order to avoid excessive allocation and copying,
+        figure out the ranges of the original string and replacement
+        strings to be assembled, instead of constantly creating new
+        strings at each substitution. The old behavior is basically O(N^2)
+        for a global replace on a pattern that matches many places in the
+        string.
+        (regExpIsGlobal): Helper function for the above.
+        (expandSourceRanges): ditto
+        (pushSourceRange): ditto
+        (expandReplacements): ditto
+        (pushReplacement): ditto
+        * kjs/ustring.cpp:
+        (KJS::UString::spliceSubstringsWithSeparators): New method that
+        pieces together substring ranges of this string together with
+        specified separators, all at one go.
+        * kjs/ustring.h:
+        (KJS::UString::Range::Range): Added new helper class to represent
+        substring choices.
+
+2004-09-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - fixed <rdar://problem/3800315> encode-URI-test layout test is failing
+        
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::call): Make sure to escape null
+        characters. This is a bug in the new code that made part of the
+        test fail.
+
+2004-09-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin and Maciej.
+
+        - new function to support fix for DIG bug in WebCore
+
+        * kjs/scope_chain.h: Added new push function that pushes another entire scope chain.
+        * kjs/scope_chain.cpp: (KJS::ScopeChain::push): Ditto.
+
+2004-09-12  Darin Adler  <darin@apple.com>
+
+        * tests/mozilla/expected.html: Updated test results for 3 more tests that pass with the new version
+        of escape and unescape.
+
+2004-09-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3798209> any non-ASCII characters are garbled in the result of toLocaleString
+
+        * kjs/date_object.cpp:
+        (formatLocaleDate): Replaced two old functions that used LongDateTime with this one new function that
+        uses CFDateFormatter.
+        (DateProtoFuncImp::call): Call the new formatLocaleDate instead of both formatLocaleDate and formatLocaleTime.
+
+2004-09-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Richard.
+
+        <rdar://problem/3493140> REGRESSION (85-100): cedille displays %-escaped in JavaScript message at hotmail.com
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::call): Replace our escape() and unescape() implementations with
+        ones from KDE KJS, which have the proper latin-1 behavior to match Win IE.
+        * kjs/lexer.cpp:
+        (Lexer::isHexDigit): Made static and non-const.
+        * kjs/lexer.h:
+
+=== Safari-163 ===
+
+2004-09-06  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj: Bump MACOSX_DEPLOYMENT_TARGET to 10.3.
+
+=== Safari-162 ===
+
+2004-09-01  Richard Williamson   <rjw@apple.com>
+
+        Add pid to exception messages (to help debug dashboard clients).
+
+        Reviewed by Chris.
+
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate):
+
+=== Safari-161 ===
+
+2004-08-20  Richard Williamson   <rjw@apple.com>
+
+        Implemented new JNI abstraction.  We no longer invoke Java methods
+        directly with JNI, rather we call into the plugin.  This allows the
+        plugin to dispatch the call to the appropriate VM thread.  This
+        change should (will?) fix a whole class of threading related problems with
+        the Java VM.
+
+        Reviewed by Hyatt.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/c/c_instance.h:
+        (KJS::Bindings::CInstance::setExecutionContext):
+        (KJS::Bindings::CInstance::executionContext):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        (JavaInstance::invokeMethod):
+        (JavaInstance::setExecutionContext):
+        (JavaInstance::executionContext):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::convertJObjectToValue):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::JavaField):
+        (JavaArray::convertJObjectToArray):
+        (JavaField::valueFromInstance):
+        (JavaArray::JavaArray):
+        (JavaArray::valueAt):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaArray::operator=):
+        (KJS::Bindings::JavaArray::executionContext):
+        * bindings/jni/jni_utility.h:
+        * bindings/objc/objc_instance.h:
+        (KJS::Bindings::ObjcInstance::setExecutionContext):
+        (KJS::Bindings::ObjcInstance::executionContext):
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        * bindings/runtime.h:
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::nativeHandle):
+
+=== Safari-158 ===
+
+2004-08-19  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by John.
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::put): initialize deletedElementIndex to zero, to make the compiler happy
+
+2004-08-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adele.
+
+        - fixed <rdar://problem/3746676> SAP WebDynpro app hangs inside JavaScript property map hash table code (deleted sentinel problem)
+
+        * kjs/property_map.h: Added some private functions.
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::clear): Set sentinelCount to 0.
+        (KJS::PropertyMap::put): Complete search for the element before choosing to use the deleted-element sentinel.
+        Also keep sentinel count up to date when we destroy a sentinel by overwriting with a new added element.
+        (KJS::PropertyMap::expand): Added. Calls rehash with a size 2x the old size, or 16.
+        (KJS::PropertyMap::rehash): Added. Refactored the rehash code into a separate function.
+        (KJS::PropertyMap::remove): Add one to sentinelCount, and rehash if 1/4 or more of the elements are
+        deleted-element sentinels.
+        (KJS::PropertyMap::checkConsistency): Check the sentinelCount.
+
+2004-08-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Code change by Eric Albert, reviewd by me.
+
+        <rdar://problem/3571960> washingtonpost.com claims I don't have cookies enabled and won't let me read articles
+
+        * kjs/date_object.cpp:
+        (timetUsingCF): Clamp time to LONG_MAX (getting rid of time_t
+        entirely would be even better, but is not required to fix this bug.
+
+=== Safari-157 ===
+
+2004-08-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3581092> cash in KJS::Bindings::JSObject::eval at tcvetantcvetkov.com
+
+        Adds bullet proofing to protect against evaluation of bogus JS in all the flavors of bindings (Java, C, and ObjC).
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (NPN_Evaluate):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::eval):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject evaluateWebScript:]):
+
+2004-08-15  Richard Williamson   <rjw@apple.com>
+
+        More updates to np headers.  Implemented new NPN functions.
+
+        Reviewed by Darin.
+
+        * bindings/NP_jsobject.cpp:
+        (NPN_HasProperty):
+        (NPN_HasMethod):
+        * bindings/npapi.h:
+        * bindings/npruntime.h:
+
+2004-08-13  Darin Adler  <darin@apple.com>
+
+        - fix build so we can compile again
+
+        * bindings/npapi.h: Added. Richard forgot to check this in. The one I'm checking in here
+        is good enough so that we can compile, but it's only a stopgap measure, because I think
+        Richard has a newer one he wants to check in.
+
+2004-08-12  Richard Williamson   <rjw@apple.com>
+
+        Bring npruntime.h and friends closer to compliance with
+        latest spec.
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (jsAllocate):
+        (_NPN_CreateScriptObject):
+        (NPN_Call):
+        (NPN_Evaluate):
+        (NPN_GetProperty):
+        (NPN_SetProperty):
+        (NPN_RemoveProperty):
+        * bindings/NP_jsobject.h:
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        * bindings/c/c_utility.cpp:
+        (convertNPVariantToValue):
+        * bindings/npruntime.cpp:
+        (NPN_IdentifierIsString):
+        (NPN_VariantIsVoid):
+        (NPN_VariantIsNull):
+        (NPN_VariantIsUndefined):
+        (NPN_VariantIsBool):
+        (NPN_VariantIsInt32):
+        (NPN_VariantIsDouble):
+        (NPN_VariantIsString):
+        (NPN_VariantIsObject):
+        (NPN_VariantToBool):
+        (NPN_VariantToString):
+        (NPN_VariantToInt32):
+        (NPN_VariantToDouble):
+        (NPN_VariantToObject):
+        (NPN_InitializeVariantAsVoid):
+        (NPN_InitializeVariantAsNull):
+        (NPN_InitializeVariantAsUndefined):
+        (NPN_InitializeVariantWithBool):
+        (NPN_InitializeVariantWithInt32):
+        (NPN_InitializeVariantWithDouble):
+        (NPN_InitializeVariantWithString):
+        (NPN_InitializeVariantWithStringCopy):
+        (NPN_InitializeVariantWithObject):
+        (NPN_InitializeVariantWithVariant):
+        (NPN_ReleaseVariantValue):
+        (NPN_CreateObject):
+        * bindings/npruntime.h:
+        (_NPString::):
+        (_NPString::_NPVariant::):
+        * bindings/npruntime_priv.h: Added.
+
+2004-08-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adele.
+
+        - fixed 3 problems with parse functions that I just wrote, fixing 3 more Mozilla JavaScript tests
+
+        * kjs/function.cpp:
+        (KJS::parseDigit): Fix typo, 'Z' instead of 'z', that prevented lowercase hex digits from working.
+        (KJS::parseInt): Add octal support. Specification says it's optional, but I guess not.
+        (KJS::parseFloat): Fix check for "0x" in parseFloat to return 0 rather than NaN. Also add code
+        to skip leading "+" or "-".
+
+=== Safari-156 ===
+
+2004-08-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed 43 Mozilla JavaScript tests
+
+        * kjs/date_object.h: Change parseDate and timeClip to take and return doubles.
+        * kjs/date_object.cpp:
+        (DateObjectImp::construct): Change to use a timeClip function that takes and returns a double rather
+        than constructing a number object to pass to it.
+        (DateObjectFuncImp::call): Change to use a parseDate function that returns a double.
+        (KJS::parseDate): Change to return a double instead of creating the Number object here.
+        (KJS::timeClip): Implement this as specified in the language standard.
+
+        * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set the DontDelete, ReadOnly, and DontEnum
+        flags on the prototype property.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::get): Return null rather than undefined for arguments when the function is not
+        currently in scope.
+        (KJS::isStrWhiteSpace): Added. Matches specification for StrWhiteSpace. Could move it to some utility
+        file later.
+        (KJS::parseDigit): Added. Helper function for parseInt.
+        (KJS::parseInt): Added. Integer parser that puts result in a double so we're not limited to what
+        strtoll can handle. Also matches standard more closely.
+        (KJS::parseFloat): Added. Handles "0x" properly and passes flag to make empty string turn into NaN
+        instead of 0.
+        (KJS::GlobalFuncImp::call): Use the new parseInt and parseFloat.
+
+        * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Add a length property.
+
+        * kjs/lexer.h: Added error flag and sawError() function for detecting errors.
+        * kjs/lexer.cpp:
+        (Lexer::setCode): Clear error state.
+        (Lexer::lex): Set error state if the lexer encounters an error
+
+        * kjs/internal.cpp:
+        (NumberImp::toString): Roll in change from KDE version to special case 0 so we handle -0 correctly.
+        (Parser::parse): Use new lexer error method so those errors are treated like parser errors.
+
+        * kjs/math_object.cpp: (MathFuncImp::call): Change min and max to treat -0 as less than +0.
+        Change round to round values between -0.5 and -0 to -0 instead of +0.
+
+        * kjs/nodes.h: Add evaluateReference function to GroupNode.
+        * kjs/nodes.cpp: (GroupNode::evaluateReference): Pass references through groups (parenthesized
+        expressions) properly so that expressions like "delete (x.y)" work. Before, the parentheses
+        would change x.y into a value that can't be deleted as a side effect.
+
+        * kjs/string_object.cpp: Change parameter count for indexOf and lastIndexOf from 2 to 1 to match
+        the specification.
+
+        * kjs/testkjs.cpp: Rolled in changes from KDE to add a "quit" function to the test tool and
+        get rid of the fixed size limit for code.
+
+        * kjs/ustring.cpp: (KJS::UString::substr): Added optimized case for substr(0, length) so it just
+        returns the string without creating a new Rep, since I'm using substr in a place where it will
+        often be passed a 0.
+
+        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed one wrong entry in the Unicode table I added to
+        the other day that was making a couple tests fail.
+        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
+
+        * kjs/string_object.lut.h: Regenerated.
+
+2004-08-11  Darin Adler  <darin@apple.com>
+
+        - fixed a tiny problem with the UTF-16 PCRE check-in
+
+        * pcre/maketables.c: (pcre_maketables): Fix mistake in table-generating code that sometimes caused
+        the ctype_meta flag to get set in items that should not have it.
+
+        * pcre/chartables.c: Regenerated.
+
+2004-08-10  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3674747> Need to implement invokeUndefinedMethodFromWebScript:withArguments:
+
+        The following WebScripting methods are now supported on bound
+        objects:
+
+        - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args;
+        - (void)setValue:(id)value forUndefinedKey:(NSString *)key
+        - (id)valueForUndefinedKey:(NSString *)key
+
+        Reviewed by Chris.
+
+        * bindings/c/c_class.cpp:
+        (CClass::fieldNamed):
+        * bindings/c/c_class.h:
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/objc/objc_class.h:
+        (KJS::Bindings::ObjcClass::isa):
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        (ObjcClass::fieldNamed):
+        (ObjcClass::fallbackObject):
+        * bindings/objc/objc_instance.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::setValueOfField):
+        (ObjcInstance::setValueOfUndefinedField):
+        (ObjcInstance::getValueOfField):
+        (ObjcInstance::getValueOfUndefinedField):
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcField::~ObjcField):
+        (KJS::Bindings::ObjcField::ObjcField):
+        (KJS::Bindings::ObjcField::operator=):
+        (KJS::Bindings::FallbackObjectImp::classInfo):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::ObjcField):
+        (ObjcField::name):
+        (ObjcField::type):
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        (FallbackObjectImp::FallbackObjectImp):
+        (FallbackObjectImp::get):
+        (FallbackObjectImp::put):
+        (FallbackObjectImp::canPut):
+        (FallbackObjectImp::implementsCall):
+        (FallbackObjectImp::call):
+        (FallbackObjectImp::hasProperty):
+        (FallbackObjectImp::deleteProperty):
+        (FallbackObjectImp::defaultValue):
+        * bindings/runtime.h:
+        (KJS::Bindings::Class::fallbackObject):
+        (KJS::Bindings::Instance::getValueOfUndefinedField):
+        (KJS::Bindings::Instance::setValueOfUndefinedField):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+        * bindings/testbindings.mm:
+        (-[MyFirstInterface valueForUndefinedKey:]):
+        (-[MyFirstInterface setValue:forUndefinedKey:]):
+
+2004-08-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - switch PCRE to do UTF-16 directly instead of converting to/from UTF-8 for speed
+
+        * pcre/pcre.h: Added PCRE_UTF16 switch, set to 1. Added pcre_char typedef, which is char
+        or uint16_t depending on the mode, and used appropriate in the 7 public functions
+        that need to use it.
+        * pcre/pcre.c: Add UTF-16 support to all functions.
+        * pcre/study.c: Ditto.
+
+        * pcre/internal.h: Added ichar typedef, which is unsigned char or uint16_t depending on
+        the mode. Changed declarations to use symbolic constants and typedefs so we size
+        things to ichar when needed.
+
+        * pcre/maketables.c: (pcre_maketables): Change code to make tables that are
+        sized to 16-bit characters instead of 8-bit.
+
+        * pcre/get.c:
+        (pcre_copy_substring): Use pcre_char instead of char.
+        (pcre_get_substring_list): Ditto.
+        (pcre_free_substring_list): Ditto.
+        (pcre_get_substring): Ditto.
+        (pcre_free_substring): Ditto.
+
+        * pcre/dftables.c: (main): Used a bit more const, and use ICHAR sizes instead
+        of hard-coding 8-bit table sizes.
+
+        * pcre/chartables.c: Regenerated.
+
+        * kjs/ustring.h: Remove functions that convert UTF-16 to/from UTF-8 offsets.
+        * kjs/ustring.cpp: Change the shared empty string to have a unicode pointer that
+        is not null. The null string still has a null pointer. This prevents us from
+        passing a null through to the regular expression engine (which results in a null
+        error even when the string length is 0).
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Null-terminate the pattern and pass it.
+        (KJS::RegExp::match): Use the 16-bit string directly, no need to convert to UTF-8.
+
+2004-08-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 28 Mozilla JavaScript tests
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Check for undefined rather than
+        checking the number of arguments for the join method.
+
+        * kjs/lexer.cpp: (Lexer::lex): Parse hexadecimal and octal constants in doubles rather
+        than integers, so we aren't limited to 32 bits.
+
+        * kjs/math_object.cpp: (MathFuncImp::call): Get rid of many unneeded special cases in
+        the implementation of the pow operation. Also simplied a case that was handling positive
+        and negative infinity separately.
+
+        * kjs/nodes.cpp: (ShiftNode::evaluate): Keep the result of shifts in a double instead of
+        putting them in a long, so that unsigned shift will work properly.
+
+        * kjs/number_object.cpp: Add the DontDelete and ReadOnly flags to the numeric constants.
+
+        * kjs/operations.cpp:
+        (KJS::isPosInf): Added an implementation inside APPLE_CHANGES that does not depend on the
+        sign of isinf; our isinf function returns +1 even for negative infinity.
+        (KJS::isNegInf): And again.
+        (KJS::relation): Put in a nice simple implementation of comparison inside APPLE_CHANGES.
+        Our floating point already handles the various infinity cases correctly.
+
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFuncImp::call): Add missing return before Null() in Exec method.
+        (RegExpObjectImp::arrayOfMatches): Put undefined rather than an empty string into the
+        array in cases where we did not match.
+        (RegExpObjectImp::construct): Set the DontDelete, ReadOnly, and DontEnum flags for
+        "global", "ignoreCase", "multiline", and "source".
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): For the match method, turn a null
+        string into undefined rather than an empty string. For the slice method, handle an
+        undefined parameter for the limit properly as decribed in the specification, and add
+        the limit to one case that didn't have the limit at all. For the methods that generate
+        HTML strings, use lowercase tags instead of uppercase.
+
+        * kjs/ustring.cpp:
+        (KJS::UChar::toLower): Use u_tolower from the ICU library.
+        (KJS::UChar::toUpper): Use u_toupper from the ICU library.
+        (KJS::UString::append): Fix some math that caused a buffer overflow.
+        (KJS::convertUTF16OffsetsToUTF8Offsets): Ignore negative numbers (-1 is used as a special
+        flag) rather than converting them all to 0.
+        (KJS::convertUTF8OffsetsToUTF16Offsets): Ditto.
+
+        * tests/mozilla/jsDriver.pl: Fixed the relative links to point to our actual test files.
+
+        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed the Unicode table in this test to match
+        the Unicode specification in a few cases where it was wrong before.
+        * tests/mozilla/ecma/String/15.5.4.11-2.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.11-3.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.11-5.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.11-6.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
+        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Link to libicu.
+
+        * kjs/number_object.lut.h: Regenerated.
+
+2004-08-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3753467> REGRESSION (137-138): reproducible buffer overrun in UString manipulation code
+
+        * kjs/ustring.cpp: (KJS::UString::append): Fix incorrect size computation. Without it
+        we get a buffer overflow.
+
+=== Safari-155 ===
+
+2004-08-05  Richard Williamson   <rjw@apple.com>
+
+        Fixed part of 3674747.  The QT guys need this for feature freeze.
+
+        This patch implements support for the
+
+        - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args
+
+        method of objects bound to JavaScript.
+
+        Reviewed by John.
+
+        * ChangeLog:
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        (ObjcClass::fieldNamed):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcMethod::~ObjcMethod):
+        (KJS::Bindings::ObjcMethod::isFallbackMethod):
+        (KJS::Bindings::ObjcMethod::javaScriptName):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcMethod::ObjcMethod):
+        (ObjcMethod::getMethodSignature):
+        (ObjcMethod::setJavaScriptName):
+        * bindings/testbindings.mm:
+
+2004-08-04  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by mjs.
+ 
+        - fix <rdar://problem/3649789> SAP WebGUI has problems loading first page because of parse error        
+
+        * kjs/lexer.cpp:
+        (Lexer::lex): if the current character is a '\' and the next character is a line terminator,
+        go to the next line and continue parsing the string (instead of failing).  This matches 
+        behavior in Mac IE and Mozilla.
+
+2004-08-03  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by Darin.
+
+        Rolled in changes from the latest KJS sources that support additional 
+        Number.prototype functions. 
+
+        Specifically this patch covers the follow parts of the ECMA 3 spec:
+        15.7.4.5, 15.7.4.6, and 15.7.4.7 
+        
+        Fixes:
+        <rdar://problem/3663716> missing Number.toFixed (and toPrecision, toExponential)
+        <rdar://problem/3749492> missing Number.toPrecision prototype implementation
+        <rdar://problem/3749591> missing Number.toExponential prototype implementation
+
+        * kjs/identifier.h: Added toFixed, toPrecision, and toExponential to the
+        list of supported identifiers (a macro).
+        * kjs/number_object.cpp: Implemented support for toFixed(), toPrecision(),
+        and toExponential(). 
+        (NumberPrototypeImp::NumberPrototypeImp):
+        (NumberProtoFuncImp::call):
+        * kjs/number_object.h: Added property names for toFixed, toPrecision,
+        and toExponential. 
+        (KJS::NumberProtoFuncImp::):
+        * tests/mozilla/expected.html: Update results.
+
+2004-08-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - added support for copying RegExp objects so 7 more Mozilla regexp tests pass
+
+        * kjs/regexp_object.cpp: (RegExpObjectImp::construct): Check for case where
+        we are supposed to just copy the regular expression object, and do so.
+        Also tighten up arguments check to handle case where an actual "undefined"
+        is passed rather than just omitting an argument.
+
+        * tests/mozilla/expected.html: Update results.
+
+2004-08-02  Darin Adler  <darin@apple.com>
+
+        * tests/mozilla/.cvsignore: Added.
+        * tests/mozilla/expected.html: Update results.
+
+2004-08-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed RegExp.toString so 3 more Mozilla regexp tests pass
+
+        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call):
+        Append the flags here so more tests paseed.
+
+2004-08-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed a couple things making 5 Mozilla regexp tests pass
+
+        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call): Implement toString
+        for the prototype.
+        (RegExpObjectImp::construct): Fix bug where the string "undefined" would
+        be used as the flags string when no parameter was passed.
+
+        * kjs/regexp_object.h: (KJS::RegExpPrototypeImp::classInfo):
+        Added a class info object for RegExp prototype so it can return
+        a string instead of raising an exception when converting to a string.
+
+        * tests/mozilla/expected.html: Update results.
+
+2004-08-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin.
+
+        - fix crashes in mozilla tests due to mishandling NaN
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Rerranged range checks after
+        calls to toInteger so that NaN will get turned into something that fits in an integer.
+        These were the ones John already fixed, but his fix used isnan and the new fix is
+        more efficient.
+
+        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Rearranged radix range checks
+        after a call to toInteger to handle NaN properly. Also removed separate check
+        for undefined that's not needed.
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): More of the same kinds of changes
+        as in the above two files, but for a lot more functions. Also changed one place with
+        an explicit check for undefined to instead just check isNaN.
+
+        * tests/mozilla/run-mozilla-tests: Changed to invoke jst using $SYMROOTS for people
+        like me who don't keep $SYMROOTS in their $PATH.
+
+=== Safari-154 ===
+
+=== Safari-153 ===
+
+2004-07-26  Kevin Decker  <kdecker@apple.com>
+
+        Changes done by Darin, reviewed by Kevin.
+
+        - changed testkjs to build in Xcode rather than from Makefile
+
+        * .cvsignore: Removed obsolete files from this list.
+        * Makefile.am: Removed code to build testkjs; we do this in Xcode now.
+        Changed to build target "All" rather than default target. This makes us
+        build the testkjs test tool.
+        * dummy.cpp: Removed.
+        * kjs/.cvsignore: Removed obsolete files from this list, including
+        the testkjs tool, which is now built in the symroots directory.
+        * kjs/testkjs.cpp: Added copyright notice that was missing, since we have
+        changed this file. Also this has the nice side effect of causing the tool
+        to be rebuilt in the new location even if there are no other changes in
+        your tree when you check this out.
+        * tests/mozilla/run-mozilla-tests: Invoke perl explicitly so this works
+        without setting the execute bit on jsDriver.pl.
+
+2004-07-22  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by Darin
+        
+        Fixed <rdar://problem/3682340> (error console does not include source urls or line numbers of event exceptions). 
+
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/function_object.h:
+        * kjs/object.cpp:
+        (KJS::ObjectImp::construct):
+        * kjs/object.h:
+        (KJS::Object::construct):
+
+2004-07-21  Darin Adler  <darin@apple.com>
+
+        * bindings/npruntime.h: Fixed typo.
+
+2004-07-19  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Maciej.
+        
+        - bulletproofed array.slice() against NAN arguments. Harri noticed this
+        vulnerability in my patch for 3714644
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+        handle NAN parameters passed to slice() by clamping to 0 and length.
+
+2004-07-19  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3733349.  Prevent Java applet callbacks into JavaScript after applet
+        has been destroyed.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::invoke):
+        (JSObject::JSObject):
+
+2004-07-16  John Sullivan  <sullivan@apple.com>
+
+        Reviewed by Maciej.
+        
+        - fixed <rdar://problem/3714644> REGRESSION (125.8-146): bugzilla submit link 
+        hangs browser with javascript
+
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+        Check for undefined type for args[0] the same way we were already checking
+        for args[1]. In this case, args was zero-length, but we were treating
+        args[0] like an integer anyway. Resulted in some code looping from a NAN
+        value to 4, taking approximately forever.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        version wars
+        
+=== Safari-152 ===
+
+2004-07-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/3711474>: (REGRESSION (125-146): JavaScript 'toString(16)' is broken)
+        <rdar://problem/3644873>: (REGRESSION (125-140u): secondary list doesn't fill in at Southwest.com)
+
+        * kjs/number_object.cpp:
+        (NumberProtoFuncImp::call): Initialize radix from dradix, not from itself!
+
+2004-07-13  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by kocienda.
+
+        - made testkjs and JavaScriptCore a subtarget of 'All'
+        - testkjs now builds in $SYMROOTS
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+=== Safari-151 ===
+
+2004-06-24  Chris Blumenberg  <cblu@apple.com>
+
+        Ignore .mode1 files in JavaScriptCore.pbproj
+
+        Reviewed by kocienda.
+
+        * JavaScriptCore.pbproj/.cvsignore:
+
+2004-06-23  Richard Williamson   <rjw@apple.com>
+
+        Implemented changes for latest npruntime.h.
+        
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (listFromVariantArgs):
+        (identiferFromNPIdentifier):
+        (_NPN_CreateScriptObject):
+        (NPN_Call):
+        (NPN_Evaluate):
+        (NPN_GetProperty):
+        (NPN_SetProperty):
+        (NPN_RemoveProperty):
+        * bindings/NP_jsobject.h:
+        * bindings/c/c_class.cpp:
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        * bindings/c/c_utility.cpp:
+        (convertNPVariantToValue):
+        * bindings/c/c_utility.h:
+        * bindings/npruntime.cpp:
+        (stringIdentifierEqual):
+        (stringIdentifierHash):
+        (getStringIdentifierDictionary):
+        (intIdentifierEqual):
+        (intIdentifierHash):
+        (getIntIdentifierDictionary):
+        (NPN_GetStringIdentifier):
+        (NPN_GetStringIdentifiers):
+        (NPN_GetIntIdentifier):
+        (NPN_IdentifierIsString):
+        (NPN_UTF8FromIdentifier):
+        (NPN_VariantToInt32):
+        (NPN_VariantToDouble):
+        (NPN_SetException):
+        * bindings/npruntime.h:
+        * bindings/objc/WebScriptObject.mm:
+        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::~RuntimeObjectImp):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::rootForInterpreter):
+        * bindings/testbindings.cpp:
+        (initializeIdentifiers):
+        (logMessage):
+        (setDoubleValue):
+        (setIntValue):
+        (setBooleanValue):
+
+=== JavaScriptCore-146.1 ===
+
+2004-06-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3702287> Crash returning nil from bound ObjC
+
+        This turned out to be a show stopper for Dashboard.  Accessing a nil
+        ObjC property from JS caused a crash.  Similar to the problem
+        3696112 fixed below.
+        
+        Reviewed by Trey.
+
+        * bindings/objc/objc_runtime.mm:
+        (KJS::Bindings::ObjcField::valueFromInstance):
+
+=== Safari-146 ===
+
+2004-06-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3696112>: nil from an Objective-C class seems to get wrapped as a JavaScript proxy that will not print.
+
+        This turned out to be a show stopper for Dashboard.  We now
+        return Undefined() when nil is returned from a ObjC method
+        that returns an object type.
+        
+        Reviewed by Maciej.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+
+=== Safari-145 ===
+
+2004-06-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed <rdar://problem/3695875>: Objective-C instances that are exported to JavaScript are too promiscuous
+
+        No longer need to check respondsToSelector: for
+        isSelectorExcludedFromWebScript: and isKeyExcludedFromWebScript:
+        because these now have a default implementation on NSObject.
+
+        Reviewed by Trey.
+
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        (ObjcClass::fieldNamed):
+
+2004-06-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed some things for GC that Patrick missed, or that happened after the branch
+
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject dealloc]): Moved removeNativeReference call here from private object.
+        (-[WebScriptObject finalize]): Added.
+
+        - added some missing nil checks
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::ObjcInstance): Check for nil.
+        (ObjcInstance::~ObjcInstance): Check for nil.
+        (ObjcInstance::operator=): Check for nil.
+
+2004-06-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by me, code changes by Patrick Beard.
+
+        - fixed <rdar://problem/3671507>: (WebKit should adopt GC changes and compile with GC enabled)
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::ObjcInstance): Use CFRetain instead of retain.
+        (ObjcInstance::~ObjcInstance): Use CFRelease instead of release.
+        (ObjcInstance::operator=): More of the same.
+        (ObjcInstance::end): Use [pool drain] if compiling on Tiger.
+
+        * bindings/objc/objc_runtime.mm:
+        (ObjcArray::ObjcArray): Use CFRetain instead of retain.
+        (ObjcArray::~ObjcArray): Use CFRelease instead of release.
+        (ObjcArray::operator=): More of the same.
+
+        * bindings/testbindings.mm: Fixed incorrect license.
+        (main): Use [pool drain] if compiling on Tiger.
+
+=== Safari-144 ===
+
+2004-06-10  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by John.
+
+        * kjs/lexer.cpp: 
+        (Lexer::setCode):
+            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
+        * kjs/lexer.h:
+        (KJS::Lexer::lineNo):
+            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
+
+=== JavaScriptCore-143.2 ===
+
+2004-06-07  Darin Adler  <darin@apple.com>
+
+        - fixed <rdar://problem/3682489>: (JavaScriptGlue no longer compiles because Interpreter::evaluate parameters changed)
+
+        * kjs/interpreter.h: Added an overload to make JavaScriptGlue compile.
+        * kjs/interpreter.cpp: (KJS::Interpreter::evaluate): Implemented the overload.
+
+=== JavaScriptCore-143.1 ===
+
+2004-06-04  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by Darin
+        
+        - fixed <rdar://problem/3680594>
+
+        * kjs/object.cpp:
+        (KJS::Error::create):
+
+=== Safari-143 ===
+
+2004-06-04  Darin Adler  <darin@apple.com>
+
+        * kjs/testkjs.cpp: (main): Fix build breakage by adding URL and line number parameters.
+
+2004-06-04  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by Dave.
+
+        - ObjC bindings do not (yet) pass along sourceurl or line numbers
+        - we don't have a way as of yet to accomidate line numbers and urls for dynamic javascript
+        - changed the wording of an error message
+        - the lexer, parser, and interpreter have been made "sourceURL aware"
+        - stored the url into Error
+         
+        * bindings/NP_jsobject.cpp:
+        (NPN_Evaluate):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::eval):
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject evaluateWebScript:]):
+        * kjs/function.cpp:
+        (GlobalFuncImp::call):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (Parser::parse):
+        (InterpreterImp::checkSyntax):
+        (InterpreterImp::evaluate):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (Interpreter::evaluate):
+        * kjs/interpreter.h:
+        * kjs/lexer.cpp:
+        (Lexer::setCode):
+        * kjs/lexer.h:
+        (KJS::Lexer::sourceURL):
+        * kjs/nodes.cpp:
+        (Node::Node):
+        (Node::throwError):
+        (FunctionCallNode::evaluate):
+        * kjs/nodes.h:
+        * kjs/object.cpp:
+        (KJS::Error::create):
+        * kjs/object.h:
+
+2004-06-04  Richard Williamson   <rjw@apple.com>
+
+        Fixed crash when attempting to access properties on nil
+        object.
+        
+        Reviewed by John.
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::getClass):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        * bindings/testM.js:
+        * bindings/testbindings.mm:
+        (-[MyFirstInterface getString]):
+
+2004-05-27  Kevin Decker  <kdecker@apple.com>
+
+        Reviewed by Ken.
+
+        -revised generated error message content
+        
+        * kjs/error_object.cpp:
+        (ErrorProtoFuncImp::call):
+        * kjs/internal.cpp:
+        (Parser::parse):
+        * kjs/object.cpp:
+        (KJS::Error::create):
+
+=== Safari-142 ===
+
+2004-05-27  Richard Williamson   <rjw@apple.com>
+
+        Renamed WebScriptMethods to WebScripting based on feedback from Nancy.
+
+        Reviewed by Chris.
+
+        * bindings/objc/WebScriptObject.h:
+
+2004-05-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - moved to new symlink technique for embedding frameworks
+
+        * JavaScriptCore.pbproj/project.pbxproj: Get rid of embed-frameworks build step
+        because we don't need it any more.
+
+2004-05-24  Richard Williamson   <rjw@apple.com>
+
+        Changed RuntimeArrayImp to inherit from ArrayInstanceImp and
+        fixed ClassInfo to correctly reflect inheritance.  This is required
+        because of the runtime checks in JSC for arrays, i.e. in
+        the Function objects apply method.
+
+        Reviewed by Ken.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::convertJObjectToArray):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::RuntimeArrayImp):
+        * bindings/runtime_array.h:
+        * bindings/testM.js: Added.
+        * bindings/testbindings.mm:
+        (+[MyFirstInterface webScriptNameForSelector:]):
+        (-[MyFirstInterface logMessages:]):
+        (-[MyFirstInterface logMessage:prefix:]):
+        (-[MyFirstInterface callJSObject::]):
+
+2004-05-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3664260>: (JS needs to listen to timezone change notifications)
+
+        * kjs/date_object.cpp: (CopyLocalTimeZone): As per Chris Kane and Jordan Hubbard, use <notify.h>
+        with a hardcoded string of "com.apple.system.timezone", and do CFTimeZoneResetSystem since
+        CoreFoundation doesn't do this itself. Turns out this affects the default time zone as long as
+        it hasn't been set explicitly.
+
+=== Safari-141 ===
+
+2004-05-20  Richard Williamson   <rjw@apple.com>
+
+        Implemented WebScriptObject/DOM wrapper voodoo.  DOM wrappers
+        can now be referenced like any other WebScriptObject, meaning
+        you can do JS operations on them.
+
+        All added implementation of finalizeForWebScript.
+
+        Reviewed by Ken.
+
+        * bindings/objc/WebScriptObject.h:
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject _initializeWithObjectImp:KJS::root:Bindings::]):
+        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
+        (-[WebScriptObject KJS::]):
+        (-[WebScriptObject dealloc]):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        * bindings/objc/WebScriptObjectPrivate.h:
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::~ObjcInstance):
+
+2004-05-19  Richard Williamson   <rjw@apple.com>
+
+        Removed extraneous tabs that were added (by XCode?).
+
+        * bindings/objc/WebScriptObject.h:
+
+2004-05-19  Darin Adler  <darin@apple.com>
+
+        - fixed headers with licenses mangled by Xcode auto-indenting
+
+        * bindings/jni/jni_jsobject.cpp:
+        * bindings/jni/jni_jsobject.h:
+        * bindings/runtime_array.h:
+        * bindings/runtime_root.cpp:
+        * bindings/runtime_root.h:
+
+2004-05-18  Richard Williamson   <rjw@apple.com>
+
+        Added exception logging.  Also check for exception and
+        set results as appropriate.
+
+        Reviewed by Maciej (partially reviewed).
+
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+
+2004-05-18  Richard Williamson   <rjw@apple.com>
+
+        Finsished implementing support for windowScriptObject.
+        Had to make WebScriptObjectPrivate.h accessible from
+        WebCore.
+
+        Reviewed by Maciej.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/objc/WebScriptObjectPrivate.h:
+
+2004-05-18  Richard Williamson   <rjw@apple.com>
+
+        Use KVC to set/get values instead of directly accessing
+        ivars.
+
+        Reviewed by Maciej.
+
+        * bindings/objc/WebScriptObject.mm:
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (convertValueToObjcObject):
+        (ObjcField::setValueToInstance):
+
+2004-05-17  Richard Williamson   <rjw@apple.com>
+
+        Implemented new API for WebScriptObject.
+
+        Fixed <rdar://problem/3657145>: (objc to javascript method calls do not cause updates.)
+        Fixed <rdar://problem/3654887>: (Update to JSC to refer to new JSObject LiveConnect object)  (w/ help from Vicki)
+
+        Reviewed by Hyatt.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::convertValueToJObject):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJNIField):
+        * bindings/objc/WebScriptObject.mm:
+        (_didExecute):
+        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
+        (-[WebScriptObject KJS::]):
+        (-[WebScriptObject dealloc]):
+        (+[WebScriptObject throwException:]):
+        (listFromNSArray):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject setValue:forKey:]):
+        (-[WebScriptObject valueForKey:]):
+        (-[WebScriptObject stringRepresentation]):
+        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
+        (+[WebUndefined undefined]):
+        (-[WebUndefined initWithCoder:]):
+        (-[WebUndefined encodeWithCoder:]):
+        (-[WebUndefined copyWithZone:]):
+        (-[WebUndefined retain]):
+        (-[WebUndefined release]):
+        (-[WebUndefined retainCount]):
+        (-[WebUndefined autorelease]):
+        (-[WebUndefined dealloc]):
+        (-[WebUndefined copy]):
+        (-[WebUndefined replacementObjectForPortCoder:]):
+        * bindings/objc/WebScriptObjectPrivate.h: Added.
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        (ObjcClass::fieldNamed):
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+        * bindings/objc/objc_jsobject.h:
+        * bindings/objc/objc_jsobject.mm:
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::JSMethodNameToObjCMethodName):
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.cpp:
+        (Instance::setDidExecuteFunction):
+        (Instance::didExecuteFunction):
+        (Instance::setValueOfField):
+        * bindings/runtime.h:
+        * bindings/testbindings.mm:
+        (+[MyFirstInterface webScriptNameForSelector:]):
+        (-[MyFirstInterface callJSObject::]):
+
+2004-05-14  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by mjs.
+ 
+        <rdar://problem/3642427>: framework marketing number should be 2.0 for DoubleBarrel release
+
+        * JavaScriptCore.pbproj/project.pbxproj: change CFBundleShortVersionString to 2.0
+
+=== Safari-140 ===
+
+2004-05-13  Richard Williamson   <rjw@apple.com>
+
+        Fixed indentation.
+
+        Reviewed by Chris.
+
+        * ChangeLog:
+        * bindings/objc/WebScriptObject.h:
+
+2004-05-13  Richard Williamson   <rjw@apple.com>
+
+        Approved API changes.  Currently unimplemented.
+
+        Reviewed by Chris.
+
+        * ChangeLog:
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/objc/WebScriptObject.h: Added.
+        * bindings/objc/WebScriptObject.mm: Added.
+        (+[WebScriptObject throwException:]):
+        (-[WebScriptObject callWebScriptMethod:withArguments:]):
+        (-[WebScriptObject evaluateWebScript:]):
+        (-[WebScriptObject stringRepresentation]):
+        (+[WebUndefined undefined]):
+        (-[WebUndefined initWithCoder:]):
+        (-[WebUndefined encodeWithCoder:]):
+        (-[WebUndefined copyWithZone:]):
+
+2004-05-07  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by darin.
+
+        Turn off GC since it uses ppc only instructions (which breaks 
+        the B&I build).   
+    
+        * kjs/value.h: set USE_CONSERVATIVE_GC to 0
+
+=== Safari-139 ===
+
+2004-05-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - add -funroll-loops=16 compiler option for approx .5% speedup on
+        HTML iBench and .5-1% speedup on JS iBench.
+        
+        * JavaScriptCore.pbproj/project.pbxproj:
+
+2004-04-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        Enable full conservative GC mode in addition to test mode. When
+        conservative GC is enabled, we now get an 11% speed improvement on
+        the iBench. Also fix some spots I missed before.
+
+        Specific noteworth changes:
+        
+        * kjs/collector.cpp:
+        (KJS::Collector::markStackObjectsConservatively): Check possible
+        cell pointers for 8-byte aligment and verify they are not 0.
+
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::increaseProtectCount): Move null-tolerance from here...
+        (KJS::ProtectedValues::decreaseProtectCount): ...and here...
+        * kjs/protect.h:
+        (KJS::gcProtectNullTolerant): ...to here...
+        (KJS::gcUnprotectNullTolerant): ...and here, because not all callers need the null
+        tolerance, and doing the check is expensive.
+
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::computeHash): Replace hash function with a much faster one
+        that is still very good.
+
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        (KJS::ProtectedValue::ProtectedValue):
+        (KJS::ProtectedValue::~ProtectedValue):
+        (KJS::ProtectedValue::operator=):
+        (KJS::ProtectedObject::ProtectedObject):
+        (KJS::ProtectedObject::~ProtectedObject):
+        (KJS::ProtectedObject::operator=):
+        (KJS::ProtectedReference::ProtectedReference):
+        (KJS::ProtectedReference::~ProtectedReference):
+        (KJS::ProtectedReference::operator=):
+        * kjs/protected_values.cpp:
+        (KJS::ProtectedValues::getProtectCount):
+        (KJS::ProtectedValues::increaseProtectCount):
+        (KJS::ProtectedValues::decreaseProtectCount):
+        (KJS::ProtectedValues::computeHash):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        (RootObject::removeAllNativeReferences):
+        * bindings/runtime_root.h:
+        (KJS::Bindings::RootObject::~RootObject):
+        (KJS::Bindings::RootObject::setRootObjectImp):
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        * kjs/internal.cpp:
+        (NumberImp::create):
+        (InterpreterImp::globalInit):
+        (InterpreterImp::globalClear):
+        (InterpreterImp::mark):
+        * kjs/list.cpp:
+        (KJS::List::derefValues):
+        (KJS::List::refValues):
+        (KJS::List::append):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::setInternalValue):
+        (KJS::ObjectImp::putDirect):
+        * kjs/value.cpp:
+        (ValueImp::mark):
+        (ValueImp::marked):
+        * kjs/value.h:
+        (KJS::ValueImp::ValueImp):
+        (KJS::ValueImp::~ValueImp):
+        (KJS::ValueImp::):
+        (KJS::Value::Value):
+        (KJS::Value::~Value):
+        (KJS::Value::operator=):
+
+2004-04-30  Richard Williamson   <rjw@apple.com>
+
+        Asking an NSInvocation for it's return value when return type
+        is void throws an exception.  Added check for void return types
+        to avoid this exception.
+
+        Reviewed by Ken.
+
+        * bindings/objc/objc_instance.mm:
+        (ObjcInstance::invokeMethod):
+
+2004-04-29  Richard Williamson   <rjw@apple.com>
+
+        Fixed several bad problems with the ObjC bindings.  In particular, conversion
+        to/from JavaScriptObject (soon to be WebScriptObject) was completely broken.
+
+        Reviewed by Chris.
+
+        * bindings/objc/objc_jsobject.h:
+        * bindings/objc/objc_jsobject.mm:
+        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
+        (-[JavaScriptObject KJS::]):
+        (+[JavaScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
+        (-[JavaScriptObject call:arguments:]):
+        (-[JavaScriptObject evaluate:]):
+        (-[JavaScriptObject getMember:]):
+        (-[JavaScriptObject getSlot:]):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.h:
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::rootForInterpreter):
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        * bindings/runtime_root.h:
+        * bindings/testbindings.mm:
+        (-[MyFirstInterface logMessage:]):
+        (-[MyFirstInterface setJSObject:]):
+        (-[MyFirstInterface callJSObject::]):
+
+2004-04-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        * kjs/ustring.cpp: (KJS::UString::append): Fix one case that was allocating a buffer
+        that is 2x too big.
+
+2004-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        Implementation of conservative GC, based partly on code from
+        Darin. It's turned off for now, so it shouldn't have any effect on
+        the normal build.
+        
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/collector.cpp:
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::markProtectedObjects):
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        * kjs/protected_values.cpp: Added.
+        (KJS::ProtectedValues::getProtectCount):
+        (KJS::ProtectedValues::increaseProtectCount):
+        (KJS::ProtectedValues::insert):
+        (KJS::ProtectedValues::decreaseProtectCount):
+        (KJS::ProtectedValues::expand):
+        (KJS::ProtectedValues::shrink):
+        (KJS::ProtectedValues::rehash):
+        (KJS::ProtectedValues::computeHash):
+        * kjs/protected_values.h: Added.
+        * kjs/value.cpp:
+        (ValueImp::useConservativeMark):
+        (ValueImp::mark):
+        (ValueImp::marked):
+        * kjs/value.h:
+        (KJS::ValueImp::):
+
+=== Safari-138 ===
+
+2004-04-22  Richard Williamson   <rjw@apple.com>
+
+        Fixed build snafu (re-declaration of NPBool in npruntime.h and
+        npapi.h).
+
+        * bindings/npruntime.h:
+
+2004-04-22  Richard Williamson   <rjw@apple.com>
+
+        Updated plugin binding API to reflect latest revision from
+        working group.
+        
+        Biggest change is the introduction of NPVariant used to represent
+        value types.  NPVariant replaces the use of NPObject for the
+        exchange of values between scripting environment and native code.
+
+        Reviewed by John.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (identiferFromNPIdentifier):
+        (NPN_Call):
+        (NPN_Evaluate):
+        (NPN_GetProperty):
+        (NPN_SetProperty):
+        (NPN_ToString):
+        (NPN_GetPropertyAtIndex):
+        (NPN_SetPropertyAtIndex):
+        * bindings/c/c_class.cpp:
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        (CInstance::defaultValue):
+        * bindings/c/c_runtime.cpp:
+        (CField::valueFromInstance):
+        (CField::setValueToInstance):
+        * bindings/c/c_utility.cpp:
+        (convertNPStringToUTF16):
+        (convertUTF8ToUTF16):
+        (coerceValueToNPVariantStringType):
+        (convertValueToNPVariant):
+        (convertNPVariantToValue):
+        * bindings/c/c_utility.h:
+        * bindings/npruntime.cpp:
+        (NPN_GetIdentifier):
+        (NPN_GetIdentifiers):
+        (NPN_UTF8FromIdentifier):
+        (NPN_VariantIsVoid):
+        (NPN_VariantIsNull):
+        (NPN_VariantIsUndefined):
+        (NPN_VariantIsBool):
+        (NPN_VariantIsInt32):
+        (NPN_VariantIsDouble):
+        (NPN_VariantIsString):
+        (NPN_VariantIsObject):
+        (NPN_VariantToBool):
+        (NPN_VariantToString):
+        (NPN_VariantToInt32):
+        (NPN_VariantToDouble):
+        (NPN_VariantToObject):
+        (NPN_InitializeVariantAsVoid):
+        (NPN_InitializeVariantAsNull):
+        (NPN_InitializeVariantAsUndefined):
+        (NPN_InitializeVariantWithBool):
+        (NPN_InitializeVariantWithInt32):
+        (NPN_InitializeVariantWithDouble):
+        (NPN_InitializeVariantWithString):
+        (NPN_InitializeVariantWithStringCopy):
+        (NPN_InitializeVariantWithObject):
+        (NPN_InitializeVariantWithVariant):
+        (NPN_ReleaseVariantValue):
+        (NPN_CreateObject):
+        (NPN_RetainObject):
+        (NPN_ReleaseObject):
+        (NPN_IsKindOfClass):
+        (NPN_SetExceptionWithUTF8):
+        (NPN_SetException):
+        * bindings/npruntime.h:
+        (_NPString::):
+        (_NPString::_NPVariant::):
+        * bindings/testbindings.cpp:
+        (logMessage):
+        (setDoubleValue):
+        (setIntValue):
+        (setStringValue):
+        (setBooleanValue):
+        (getDoubleValue):
+        (getIntValue):
+        (getStringValue):
+        (getBooleanValue):
+        (myGetProperty):
+        (mySetProperty):
+        (myInvoke):
+        (myAllocate):
+
+2004-04-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3627473>: "REGRESSION (125-137): memory trasher in UString::append, causing many different crashes"
+
+        * kjs/ustring.cpp:
+        (KJS::UString::expandCapacity): Fix sizeof(UChar *) that should be sizeof(UChar).
+        Was resulting in a buffer 2x the needed size.
+        (KJS::UString::expandPreCapacity): Ditto.
+        (KJS::UString::append): Fix malloc that is missing a sizeof(UChar).
+
+2004-04-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        Preliminary change for conservative GC. Create "protected"
+        subclasses to GC-protect objects when on heap, since we will soon
+        remove the built-in refcounting of the normal wrapper classes. Use
+        them where needed.
+        
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/context.h:
+        * kjs/internal.h:
+        (KJS::InterpreterImp::globalObject):
+        * kjs/interpreter.h:
+        * kjs/property_map.cpp:
+        * kjs/reference.h:
+        * kjs/reference_list.cpp:
+
+2004-04-19  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave.
+
+        Optimize prepend using the shared substring optimization. Also,
+        limit the applicability of shared append and shared prepend. If
+        you overdo it, it does more harm than good, because you create a
+        bunch of strings that are disqualified from future shared
+        append/prepend, for not much immediate savings in allocate/copy
+        expense.
+        
+        * kjs/ustring.cpp:
+        (KJS::):
+        (KJS::UString::Rep::create):
+        (KJS::UString::expandedSize):
+        (KJS::UString::usedPreCapacity):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::expandPreCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::data):
+
+2004-04-16  Maciej Stachowiak  <mjs@apple.com>
+        Reviewed by Richard.
+
+        No more need for Completion or Reference to privately inherit from
+        Value, none of the superclass functionality is used.
+
+        * kjs/completion.h:
+        * kjs/reference.h:
+
+=== Safari-137 ===
+
+2004-04-16  Richard Williamson   <rjw@apple.com>
+
+        Added interpreter lock protection around object creation.
+
+        Reviewed by Chris.
+
+        * bindings/runtime.cpp:
+        (Instance::createRuntimeObject):
+
+2004-04-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+        Another JavaScript speed improvement: use the mechanism from
+        string append optimization to make taking a substring fast, again
+        sharing the buffer.
+
+        A further 22% improvement on the 24fun string speed test.
+        
+        * kjs/ustring.cpp:
+        (KJS::):
+        (KJS::UString::Rep::create):
+        (KJS::UString::UString):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        (KJS::UString::substr):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::data):
+
+2004-04-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - fixed <rdar://problem/3600695>: String manipulation in JavaScript 24fun test is very slow (slow)
+        - fixed <rdar://problem/3600691>: Table generation test is really slow
+        - fixed <rdar://problem/3600661>: 24fun date test is really slow
+
+        80% speedup on the string test, lesser speedups on the other two.
+        
+        Two different optimizations here:
+
+        1) Avoid large overhead of scanning strings to see if they are all
+        ASCII before numeric conversion.
+        
+        * kjs/nodes.cpp:
+        (AssignNode::evaluate): Don't convert to integer until we know for
+        sure the operation will need it. Attempting to convert strings to
+        numbers is a waste when they are being appended with +=.
+
+        2) Avoid huge cost of appending strings.
+
+        This is done by allowing multiple strings to share a buffer but
+        actually use different ranges of it. The first time a string is
+        appended to, we start leaving at least 10% extra space in the
+        buffer, so doing N appends to the same string takes O(log N)
+        mallocs instead of O(N).
+        
+        * kjs/identifier.cpp:
+        (KJS::Identifier::equal):
+        (KJS::Identifier::add):
+        * kjs/ustring.cpp:
+        (KJS::):
+        (KJS::UCharReference::operator=):
+        (KJS::UCharReference::ref):
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        (KJS::UString::expandedSize):
+        (KJS::UString::usedCapacity):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::null):
+        (KJS::UString::append):
+        (KJS::UString::operator=):
+        (KJS::UString::toStrictUInt32):
+        (KJS::UString::detach):
+        (KJS::KJS::operator==):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::data):
+        (KJS::UString::Rep::hash):
+
+2004-04-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - fix deployment build by avoiding deployment-only warning.
+
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::bottom):
+
+2004-04-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        Changed things so that newly created objects get a prototype based
+        on the scope chain of the current function, rather than the
+        interpreter that started execution. This fixes the following bugs:
+        
+        <rdar://problem/3368523>: ARCH: wrong prototype used to create new objects (hang on lookup.atomica.com)
+        <rdar://problem/3559173>: ARCH: Cannot scan using a HP Jetdirect product (JS object prototypes bind incorrectly)
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * kjs/array_object.cpp:
+        (CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
+        (ArrayProtoFuncImp::ArrayProtoFuncImp):
+        (ArrayProtoFuncImp::call):
+        (ArrayObjectImp::construct):
+        * kjs/bool_object.cpp:
+        (BooleanObjectImp::construct):
+        * kjs/date_object.cpp:
+        (DateProtoFuncImp::DateProtoFuncImp):
+        (DateProtoFuncImp::call):
+        (DateObjectImp::construct):
+        * kjs/error_object.cpp:
+        (ErrorObjectImp::construct):
+        * kjs/function.cpp:
+        (FunctionImp::FunctionImp):
+        (FunctionImp::call):
+        (DeclaredFunctionImp::construct):
+        (ArgumentsImp::ArgumentsImp):
+        (GlobalFuncImp::call):
+        * kjs/function_object.cpp:
+        (FunctionProtoFuncImp::call):
+        (FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (BooleanImp::toObject):
+        (StringImp::toObject):
+        (NumberImp::toObject):
+        (InterpreterImp::InterpreterImp):
+        (InterpreterImp::clear):
+        (InterpreterImp::interpreterWithGlobalObject):
+        * kjs/internal.h:
+        * kjs/interpreter.cpp:
+        (ExecState::lexicalInterpreter):
+        * kjs/interpreter.h:
+        (KJS::ExecState::dynamicInterpreter):
+        (KJS::ExecState::interpreter):
+        * kjs/math_object.cpp:
+        (MathFuncImp::MathFuncImp):
+        * kjs/nodes.cpp:
+        (StatementNode::hitStatement):
+        (StatementNode::abortStatement):
+        (RegExpNode::evaluate):
+        (ElementNode::evaluate):
+        (ArrayNode::evaluate):
+        (ObjectLiteralNode::evaluate):
+        (PropertyValueNode::evaluate):
+        (FunctionCallNode::evaluate):
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+        * kjs/number_object.cpp:
+        (NumberObjectImp::construct):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::defaultValue):
+        (KJS::Error::create):
+        * kjs/object_object.cpp:
+        (ObjectObjectImp::construct):
+        * kjs/reference.cpp:
+        (Reference::putValue):
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFuncImp::call):
+        (RegExpObjectImp::arrayOfMatches):
+        (RegExpObjectImp::construct):
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::bottom):
+        * kjs/scope_chain.h:
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::StringProtoFuncImp):
+        (StringProtoFuncImp::call):
+        (StringObjectImp::construct):
+
+=== Safari-136 ===
+
+=== Safari-135 ===
+
+2004-03-31  Richard Williamson   <rjw@apple.com>
+
+        Tedious renames based on feedback from plugin-futures list.
+        NP_ functions are renamed with NPN_ prefix.
+        Types prefix renamed from NP_ to NP.
+        NPN_CreateStringWithUTF8 and NPN_SetExceptionWithUTF8 now take a length, optionally -1 if string is null terminated. 
+        
+        No review because this was just a renaming patch.
+
+        * bindings/NP_jsobject.cpp:
+        (listFromNPArray):
+        (jsAllocate):
+        (identiferFromNPIdentifier):
+        (NPN_Call):
+        (NPN_Evaluate):
+        (NPN_GetProperty):
+        (NPN_SetProperty):
+        (NPN_RemoveProperty):
+        (NPN_ToString):
+        (NPN_GetPropertyAtIndex):
+        (NPN_SetPropertyAtIndex):
+        * bindings/NP_jsobject.h:
+        * bindings/c/c_class.cpp:
+        (CClass::_commonInit):
+        (CClass::classForIsA):
+        (CClass::CClass):
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_class.h:
+        * bindings/c/c_instance.cpp:
+        (CInstance::CInstance):
+        (CInstance::~CInstance):
+        (CInstance::operator=):
+        (CInstance::invokeMethod):
+        (CInstance::defaultValue):
+        * bindings/c/c_instance.h:
+        (KJS::Bindings::CInstance::getObject):
+        * bindings/c/c_runtime.cpp:
+        (CField::valueFromInstance):
+        (CField::setValueToInstance):
+        * bindings/c/c_runtime.h:
+        (KJS::Bindings::CField::CField):
+        (KJS::Bindings::CField::name):
+        (KJS::Bindings::CMethod::CMethod):
+        (KJS::Bindings::CMethod::name):
+        * bindings/c/c_utility.cpp:
+        (coerceValueToNPString):
+        (convertValueToNPValueType):
+        (convertNPValueTypeToValue):
+        * bindings/c/c_utility.h:
+        * bindings/npruntime.cpp:
+        (NPN_IdentifierFromUTF8):
+        (NPN_IsValidIdentifier):
+        (NPN_GetIdentifiers):
+        (NPN_UTF8FromIdentifier):
+        (NPN_CreateObject):
+        (NPN_RetainObject):
+        (NPN_ReleaseObject):
+        (NPN_IsKindOfClass):
+        (NPN_SetExceptionWithUTF8):
+        (NPN_SetException):
+        (numberAllocate):
+        (NPN_CreateNumberWithInt):
+        (NPN_CreateNumberWithFloat):
+        (NPN_CreateNumberWithDouble):
+        (NPN_IntFromNumber):
+        (NPN_FloatFromNumber):
+        (NPN_DoubleFromNumber):
+        (stringAllocate):
+        (NPN_CreateStringWithUTF8):
+        (NPN_CreateStringWithUTF16):
+        (NPN_DeallocateUTF8):
+        (NPN_UTF8FromString):
+        (NPN_UTF16FromString):
+        (NPN_StringLength):
+        (booleanAllocate):
+        (NPN_CreateBoolean):
+        (NPN_BoolFromBoolean):
+        (nullAllocate):
+        (NPN_GetNull):
+        (undefinedAllocate):
+        (NPN_GetUndefined):
+        (arrayAllocate):
+        (arrayDeallocate):
+        (NPN_CreateArray):
+        (NPN_CreateArrayV):
+        (NPN_ObjectAtIndex):
+        * bindings/npruntime.h:
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        * bindings/testbindings.cpp:
+        (initializeIdentifiers):
+        (myHasProperty):
+        (myHasMethod):
+        (myGetProperty):
+        (mySetProperty):
+        (logMessage):
+        (setDoubleValue):
+        (setIntValue):
+        (setStringValue):
+        (setBooleanValue):
+        (getDoubleValue):
+        (getIntValue):
+        (getStringValue):
+        (getBooleanValue):
+        (myInvoke):
+        (myAllocate):
+        (myInvalidate):
+        (myDeallocate):
+        (main):
+
+2004-03-31  Richard Williamson   <rjw@apple.com>
+
+        Changed references to NP_runtime.h to npruntime.h
+        
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.h:
+        * bindings/c/c_class.h:
+        * bindings/c/c_instance.h:
+        * bindings/c/c_runtime.h:
+        * bindings/c/c_utility.h:
+        * bindings/npruntime.cpp:
+
+2004-03-31  Richard Williamson   <rjw@apple.com>
+
+        Renamed NP_runtime.h to npruntime.h to match Netscape SDK.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.h:
+        * bindings/npruntime.cpp:
+
+=== Safari-134 ===
+
+2004-03-23  Richard Williamson   <rjw@apple.com>
+
+        Added implementation of KJS::Value <-> NP_Object conversion functions.
+        Augmented test program for 'C' bindings.
+        Added asserts and parameter checking to all public API.        
+
+        Reviewed by Ken.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp:
+        (NP_ToString):
+        * bindings/NP_jsobject.h: Added.
+        * bindings/NP_runtime.cpp:
+        (NP_IdentifierFromUTF8):
+        (NP_IsValidIdentifier):
+        (NP_GetIdentifiers):
+        (NP_CreateObject):
+        (NP_RetainObject):
+        (NP_ReleaseObject):
+        (NP_IsKindOfClass):
+        (NP_SetExceptionWithUTF8):
+        (NP_SetException):
+        (NP_IntFromNumber):
+        (NP_FloatFromNumber):
+        (NP_DoubleFromNumber):
+        (NP_CreateStringWithUTF8):
+        (NP_CreateStringWithUTF16):
+        (NP_DeallocateUTF8):
+        (NP_UTF8FromString):
+        (NP_UTF16FromString):
+        (NP_StringLength):
+        (NP_BoolFromBoolean):
+        * bindings/NP_runtime.h:
+        * bindings/c/c_instance.cpp:
+        (CInstance::invokeMethod):
+        * bindings/c/c_utility.cpp:
+        (coerceValueToNPString):
+        (convertValueToNPValueType):
+        (convertNPValueTypeToValue):
+        * bindings/c/c_utility.h:
+        * bindings/test.js:
+        * bindings/testC.js: Added.
+        * bindings/testbindings.cpp:
+        (logMessage):
+        (setDoubleValue):
+        (setIntValue):
+        (setStringValue):
+        (setBooleanValue):
+        (getDoubleValue):
+        (getIntValue):
+        (getStringValue):
+        (getBooleanValue):
+        (myInterfaceInvoke):
+        (myInterfaceAllocate):
+
+=== Safari-133 ===
+
+2004-03-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed problem with methods like setUTCHour
+
+        * kjs/date_object.cpp: (DateProtoFuncImp::call): Fix conversion back to time_t to use the appropriate
+        GMT vs. local time function based on the utc flag.
+
+2004-03-17  Richard Williamson   <rjw@apple.com>
+
+        Added a context parameter to result callbacks use by JavaScriptObject functions.  This was a change requested by Eric Carlson on the QT plugin team.
+
+        Reviewed by Ken.
+
+        * bindings/NP_jsobject.cpp:
+        (NP_Call):
+        (NP_Evaluate):
+        (NP_GetProperty):
+        (NP_ToString):
+        (NP_GetPropertyAtIndex):
+        * bindings/NP_runtime.h:
+
+2004-03-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3590169.  Regression (crash) caused by the switch to MethodLists.  Crash when attempting to invoke a method from JavaScript to Java that is not implemented.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::methodsNamed):
+
+2004-03-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3570854.  Don't attempt to convert Null to strings.  We
+        were incorrectly converting to "Null".
+
+        Actually fixed by Scott Kovatch.
+
+        Reviewed by Richard.
+
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertValueToJValue):
+
+=== Safari-132 ===
+
+2004-03-11  Richard Williamson   <rjw@apple.com>
+
+        Stitched together the NP stuff to our language independent
+        JavaScript binding stuff.  Very close to being done.
+        
+        Added program to test C bindings (and NP stuff).  Just tests
+        properties.  Will add methods and JavaScript access, etc.
+
+        Updated Makefile.am to account for new bindings/c directory.
+
+        Change NP_UTF8 from "const char *" to "char" to allow for
+        declarations like "const NP_UTF8 *" and "NP_UTF8 *".  Ditto
+        for NP_UTF16.
+
+        Added NP_IsValidIdentifier().
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/NP_jsobject.cpp:
+        (identiferFromNPIdentifier):
+        (NP_Evaluate):
+        * bindings/NP_runtime.cpp:
+        (NP_IdentifierFromUTF8):
+        (NP_IsValidIdentifier):
+        (NP_GetIdentifiers):
+        (NP_UTF8FromIdentifier):
+        (NP_SetExceptionWithUTF8):
+        (NP_SetException):
+        (NP_CreateStringWithUTF8):
+        (NP_CreateStringWithUTF16):
+        (NP_UTF8FromString):
+        (NP_UTF16FromString):
+        * bindings/NP_runtime.h:
+        * bindings/c/c_class.cpp: Added.
+        (CClass::_commonDelete):
+        (CClass::_commonCopy):
+        (CClass::_commonInit):
+        (_createClassesByIsAIfNecessary):
+        (CClass::classForIsA):
+        (CClass::CClass):
+        (CClass::name):
+        (CClass::methodsNamed):
+        (CClass::fieldNamed):
+        * bindings/c/c_class.h: Added.
+        (KJS::Bindings::CClass::~CClass):
+        (KJS::Bindings::CClass::CClass):
+        (KJS::Bindings::CClass::operator=):
+        (KJS::Bindings::CClass::constructorAt):
+        (KJS::Bindings::CClass::numConstructors):
+        * bindings/c/c_instance.cpp: Added.
+        (CInstance::CInstance):
+        (CInstance::~CInstance):
+        (CInstance::operator=):
+        (CInstance::getClass):
+        (CInstance::begin):
+        (CInstance::end):
+        (CInstance::invokeMethod):
+        (CInstance::defaultValue):
+        (CInstance::stringValue):
+        (CInstance::numberValue):
+        (CInstance::booleanValue):
+        (CInstance::valueOf):
+        * bindings/c/c_instance.h: Added.
+        (KJS::Bindings::CInstance::getObject):
+        * bindings/c/c_runtime.cpp: Added.
+        (CField::valueFromInstance):
+        (CField::setValueToInstance):
+        * bindings/c/c_runtime.h: Added.
+        (KJS::Bindings::CField::CField):
+        (KJS::Bindings::CField::name):
+        (KJS::Bindings::CField::type):
+        (KJS::Bindings::CMethod::CMethod):
+        (KJS::Bindings::CMethod::name):
+        (KJS::Bindings::CMethod::numParameters):
+        * bindings/c/c_utility.cpp: Added.
+        (coerceValueToNPValueType):
+        (convertValueToNPValueType):
+        (convertNPValueTypeToValue):
+        * bindings/c/c_utility.h: Added.
+        * bindings/make_testbindings:
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::):
+        * bindings/testbindings.cpp: Added.
+        (initializeIdentifiers):
+        (myInterfaceHasProperty):
+        (myInterfaceHasMethod):
+        (myInterfaceGetProperty):
+        (myInterfaceSetProperty):
+        (myInterfaceInvoke):
+        (myInterfaceAllocate):
+        (myInterfaceInvalidate):
+        (myInterfaceDeallocate):
+        (GlobalImp::className):
+        (readJavaScriptFromFile):
+        (main):
+
+2004-03-10  Richard Williamson   <rjw@apple.com>
+
+        Made changes to support new asychronous approach to calls from
+        plugin to JavaScript
+
+        Reviewed by Chris.
+
+        * bindings/NP_jsobject.cpp:
+        (NP_Call):
+        (NP_Evaluate):
+        (NP_GetProperty):
+        (NP_ToString):
+        (NP_GetPropertyAtIndex):
+        * bindings/NP_runtime.h:
+        * bindings/make_testbindings:
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+
+2004-03-10  Richard Williamson   <rjw@apple.com>
+
+        Updated header to include proposed changes from
+        plugin-futures list.  Calls from plugin to JavaScript
+        are now asynchronous.
+
+        Reviewed by Chris.
+
+        * bindings/NP_runtime.h:
+
+=== Safari-131 ===
+
+2004-03-04  Richard Williamson   <rjw@apple.com>
+
+        Implementation of NP_JavaScriptObject.  This is the 'C' class
+        that wraps a JavaScript object.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_jsobject.cpp: Added.
+        (coerceValueToNPValueType):
+        (convertValueToNPValueType):
+        (convertNPValueTypeToValue):
+        (listFromNPArray):
+        (jsAllocate):
+        (jsDeallocate):
+        (identiferFromNPIdentifier):
+        (NP_Call):
+        (NP_Evaluate):
+        (NP_GetProperty):
+        (NP_SetProperty):
+        (NP_RemoveProperty):
+        (NP_ToString):
+        (NP_GetPropertyAtIndex):
+        (NP_SetPropertyAtIndex):
+        * bindings/NP_runtime.cpp:
+        (NP_ObjectAtIndex):
+        * bindings/NP_runtime.h:
+        * bindings/runtime_object.h:
+
+2004-03-04  Richard Williamson   <rjw@apple.com>
+
+        Added NP_Array implementation.  
+
+        Changed NP_Boolean to just depend on two static instances, no
+        space is required for values.
+
+        Reviewed by Chris.
+
+        * bindings/NP_runtime.cpp:
+        (NP_CreateBoolean):
+        (NP_BoolFromBoolean):
+        (arrayAllocate):
+        (arrayDeallocate):
+        (NP_CreateArray):
+        (NP_CreateArrayV):
+        (NP_ObjectAtIndex):
+        * bindings/NP_runtime.h:
+
+2004-03-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Vicki.
+
+        * English.lproj/InfoPlist.strings: Removed. No need to localize the version and
+        copyright string, and that's all that was in here.
+        * JavaScriptCore.pbproj/project.pbxproj: Removed InfoPlist.strings from build.
+
+2004-03-03  Richard Williamson   <rjw@apple.com>
+
+        More 'C' binding implementation.  Fleshed out all the
+        'primitive' data types.
+
+        Reviewed by Chris.
+
+        * bindings/NP_runtime.cpp:
+        (NP_ReleaseObject):
+        (numberAllocate):
+        (stringAllocate):
+        (stringDeallocate):
+        (NP_CreateStringWithUTF8):
+        (NP_CreateStringWithUTF16):
+        (NP_UTF8FromString):
+        (NP_UTF16FromString):
+        (NP_StringLength):
+        (booleanAllocate):
+        (booleanDeallocate):
+        (NP_CreateBoolean):
+        (NP_BoolFromBoolean):
+        (nullAllocate):
+        (nullDeallocate):
+        (NP_GetNull):
+        (undefinedAllocate):
+        (undefinedDeallocate):
+        (NP_GetUndefined):
+        * bindings/NP_runtime.h:
+
+2004-03-03  Richard Williamson   <rjw@apple.com>
+
+        More 'C' binding implementation.
+
+        Reviewed by Chris.
+
+        * bindings/NP_runtime.cpp:
+        (identifierEqual):
+        (identifierHash):
+        (getIdentifierDictionary):
+        (NP_IdentifierFromUTF8):
+        (NP_UTF8FromIdentifier):
+        (NP_CreateObject):
+        (NP_ReleaseObject):
+        (NP_IsKindOfClass):
+        (numberCreate):
+        (NP_CreateNumberWithInt):
+        (NP_CreateNumberWithFloat):
+        (NP_CreateNumberWithDouble):
+        (NP_IntFromNumber):
+        (NP_FloatFromNumber):
+        (NP_DoubleFromNumber):
+        * bindings/NP_runtime.h:
+
+2004-03-02  Richard Williamson   <rjw@apple.com>
+
+        Removed retain/release from NP_Class.  Classes will not be allowed to implement their
+        own customer retain/release scheme.
+
+        Reviewed by Chris.
+
+        * bindings/NP_runtime.cpp:
+        (NP_RetainObject):
+        (NP_ReleaseObject):
+        * bindings/NP_runtime.h:
+
+2004-03-02  Richard Williamson   <rjw@apple.com>
+
+        C binding API.  Partial implementation.
+
+        Completed ObjectiveC bindings (not based on the C API).  These will re-implemented over the C binding API, but I wanted to get this code in the tree.
+
+        Factored root object reference counting scheme.  It is now useful independent
+        of LiveConnect.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/NP_runtime.cpp: Added.
+        (NP_IdentifierFromUTF8):
+        (NP_GetIdentifiers):
+        (NP_UTF8FromIdentifier):
+        (NP_CreateObject):
+        (NP_RetainObject):
+        (NP_ReleaseObject):
+        (NP_IsKindOfClass):
+        (NP_SetException):
+        (NP_Call):
+        (NP_Evaluate):
+        (NP_GetProperty):
+        (NP_SetProperty):
+        (NP_RemoveProperty):
+        (NP_ToString):
+        (NP_GetPropertyAtIndex):
+        (NP_SetPropertyAtIndex):
+        (NP_CreateNumberWithInt):
+        (NP_CreateNumberWithFloat):
+        (NP_CreateNumberWithDouble):
+        (NP_IntFromNumber):
+        (NP_FloatFromNumber):
+        (NP_DoubleFromNumber):
+        (NP_CreateStringWithUTF8):
+        (NP_CreateStringWithUTF16):
+        (NP_UTF8FromString):
+        (NP_UTF16FromString):
+        (NP_CreateBoolean):
+        (NP_BoolFromBoolean):
+        (NP_GetNull):
+        (NP_GetUndefined):
+        (NP_CreateArray):
+        (NP_CreateArrayV):
+        (NP_ObjectAtIndex):
+        * bindings/NP_runtime.h: Added.
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::invoke):
+        (JSObject::finalize):
+        (JSObject::createNative):
+        (JSObject::convertValueToJObject):
+        * bindings/jni/jni_jsobject.h:
+        * bindings/objc/objc_jsobject.h:
+        * bindings/objc/objc_jsobject.mm:
+        (rootForView):
+        (windowJavaScriptObject):
+        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
+        (-[JavaScriptObject dealloc]):
+        (-[JavaScriptObject _convertValueToObjcValue:KJS::]):
+        (-[JavaScriptObject call:arguments:]):
+        (-[JavaScriptObject evaluate:]):
+        (-[JavaScriptObject getMember:]):
+        (-[JavaScriptObject setMember:value:]):
+        (-[JavaScriptObject removeMember:]):
+        (-[JavaScriptObject toString]):
+        (-[JavaScriptObject getSlot:]):
+        (-[JavaScriptObject setSlot:value:]):
+        * bindings/objc/objc_utility.h:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        * bindings/runtime_root.cpp: Added.
+        (getReferencesByRootDictionary):
+        (getReferencesDictionary):
+        (KJS::Bindings::findReferenceDictionary):
+        (KJS::Bindings::rootForImp):
+        (KJS::Bindings::addNativeReference):
+        (KJS::Bindings::removeNativeReference):
+        (completedJavaScriptAccess):
+        (initializeJavaScriptAccessLock):
+        (lockJavaScriptAccess):
+        (unlockJavaScriptAccess):
+        (RootObject::dispatchToJavaScriptThread):
+        (performJavaScriptAccess):
+        (RootObject::setFindRootObjectForNativeHandleFunction):
+        (RootObject::removeAllNativeReferences):
+        * bindings/runtime_root.h: Added.
+        (KJS::Bindings::RootObject::RootObject):
+        (KJS::Bindings::RootObject::~RootObject):
+        (KJS::Bindings::RootObject::setRootObjectImp):
+        (KJS::Bindings::RootObject::rootObjectImp):
+        (KJS::Bindings::RootObject::setInterpreter):
+        (KJS::Bindings::RootObject::interpreter):
+        (KJS::Bindings::RootObject::findRootObjectForNativeHandleFunction):
+        (KJS::Bindings::RootObject::runLoop):
+        (KJS::Bindings::RootObject::performJavaScriptSource):
+
+=== Safari-130 ===
+
+=== Safari-129 ===
+
+2004-02-18  Richard Williamson   <rjw@apple.com>
+
+        Added NSNumber/Number conversion.
+
+        Removed some unnecessary KJS:: namespace specifiers.
+
+        Reviewed by Ken.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime_array.h:
+
+2004-02-18  Richard Williamson   <rjw@apple.com>
+
+        Added support for export NSArrays.
+
+        Updated valueAt() to take an ExecState so we can throw
+        JS exceptions.
+
+        Implemented excludeSelectorFromJavaScript: in ObjcClass.  This allows
+        ObjectiveC classes to control the visibility of their methods in 
+        JavaScript.
+
+        Reviewed by Ken.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+        (JavaArray::valueAt):
+        * bindings/jni/jni_runtime.h:
+        * bindings/objc/objc_class.mm:
+        (ObjcClass::methodsNamed):
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcArray::getObjcArray):
+        * bindings/objc/objc_runtime.mm:
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        (ObjcArray::ObjcArray):
+        (ObjcArray::~ObjcArray):
+        (ObjcArray::operator=):
+        (ObjcArray::setValueAt):
+        (ObjcArray::valueAt):
+        (ObjcArray::getLength):
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/runtime.cpp:
+        (Instance::getValueOfField):
+        * bindings/runtime.h:
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::get):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+
+2004-02-17  Richard Williamson   <rjw@apple.com>
+
+        Added String <-> NSString conversion.
+        Added tests of String <-> NSString conversion to test program.
+
+        Reviewed by Chris.
+
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        * bindings/test.js:
+        * bindings/testbindings.mm:
+        (-[MyFirstInterface getString]):
+
+2004-02-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Tweak build styles a bit, fixing OptimizedWithSymbols,
+        and removing redundant settings of things that match defaults in other build styles.
+
+2004-02-13  Richard Williamson   <rjw@apple.com>
+
+        Work towards the JavaScript ObjC bindings.  The bindings now work for 
+        simple scalar types.  testbindings.mm is an illustration of how the 
+        bindings work.
+
+        Reviewed by Ken.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::methodsNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaMethod::returnType):
+        * bindings/make_testbindings: Added.
+        * bindings/objc/objc_class.h: Added.
+        (KJS::Bindings::ObjcClass::~ObjcClass):
+        (KJS::Bindings::ObjcClass::ObjcClass):
+        (KJS::Bindings::ObjcClass::operator=):
+        (KJS::Bindings::ObjcClass::constructorAt):
+        (KJS::Bindings::ObjcClass::numConstructors):
+        * bindings/objc/objc_class.mm: Added.
+        (ObjcClass::_commonDelete):
+        (ObjcClass::_commonCopy):
+        (ObjcClass::_commonInit):
+        (_createClassesByIsAIfNecessary):
+        (ObjcClass::classForIsA):
+        (ObjcClass::ObjcClass):
+        (ObjcClass::name):
+        (ObjcClass::methodsNamed):
+        (ObjcClass::fieldNamed):
+        * bindings/objc/objc_header.h: Added.
+        * bindings/objc/objc_instance.h: Added.
+        (KJS::Bindings::ObjcInstance::getObject):
+        * bindings/objc/objc_instance.mm: Added.
+        (ObjcInstance::ObjcInstance):
+        (ObjcInstance::~ObjcInstance):
+        (ObjcInstance::operator=):
+        (ObjcInstance::begin):
+        (ObjcInstance::end):
+        (ObjcInstance::getClass):
+        (ObjcInstance::invokeMethod):
+        (ObjcInstance::defaultValue):
+        (ObjcInstance::stringValue):
+        (ObjcInstance::numberValue):
+        (ObjcInstance::booleanValue):
+        (ObjcInstance::valueOf):
+        * bindings/objc/objc_jsobject.h: Added.
+        * bindings/objc/objc_jsobject.mm: Added.
+        * bindings/objc/objc_runtime.h:
+        (KJS::Bindings::ObjcField::~ObjcField):
+        (KJS::Bindings::ObjcField::ObjcField):
+        (KJS::Bindings::ObjcField::operator=):
+        (KJS::Bindings::ObjcMethod::ObjcMethod):
+        (KJS::Bindings::ObjcMethod::~ObjcMethod):
+        (KJS::Bindings::ObjcMethod::operator=):
+        * bindings/objc/objc_runtime.mm: Added.
+        (ObjcMethod::ObjcMethod):
+        (ObjcMethod::name):
+        (ObjcMethod::numParameters):
+        (ObjcMethod::getMethodSignature):
+        (ObjcField::ObjcField):
+        (ObjcField::name):
+        (ObjcField::type):
+        (ObjcField::valueFromInstance):
+        (ObjcField::setValueToInstance):
+        * bindings/objc/objc_utility.h: Added.
+        (KJS::Bindings::):
+        * bindings/objc/objc_utility.mm: Added.
+        (KJS::Bindings::JSMethodNameToObjCMethodName):
+        (KJS::Bindings::convertValueToObjcValue):
+        (KJS::Bindings::convertObjcValueToValue):
+        (KJS::Bindings::objcValueTypeForType):
+        * bindings/runtime.cpp:
+        (MethodList::MethodList):
+        (MethodList::operator=):
+        (Instance::setValueOfField):
+        (Instance::createBindingForLanguageInstance):
+        (Instance::createRuntimeObject):
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::RuntimeMethodImp):
+        (RuntimeMethodImp::get):
+        (RuntimeMethodImp::call):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::hasProperty):
+        * bindings/test.js: Added.
+        * bindings/testbindings.mm: Added.
+        (-[MySecondInterface init]):
+        (-[MyFirstInterface init]):
+        (-[MyFirstInterface dealloc]):
+        (+[MyFirstInterface JavaScriptNameForSelector:]):
+        (-[MyFirstInterface getInt]):
+        (-[MyFirstInterface setInt:]):
+        (-[MyFirstInterface getMySecondInterface]):
+        (-[MyFirstInterface logMessage:]):
+        (GlobalImp::className):
+        (readJavaScriptFromFile):
+        (main):
+
+=== Safari-128 ===
+
+2004-02-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave.
+
+        - fixed things seen in the profile, for a total speedup of 4% on cvs-base (including changes across all projects)
+
+        * JavaScriptCorePrefix.h: Add a workaround for a bug in our system headers that prevents the <ctype.h>
+        macros from working right in C++ code that uses the <cctype> header.
+
+        * kjs/ustring.cpp:
+        (KJS::inlineUTF8SequenceLengthNonASCII): Added.
+        (KJS::UTF8SequenceLengthNonASCII): Added.
+        (KJS::inlineUTF8SequenceLength): Added.
+        (KJS::UTF8SequenceLength): Calls inlineUTF8SequenceLengthNonASCII now.
+        (KJS::decodeUTF8Sequence): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
+        (KJS::createSortedOffsetsArray): Add special case for 1, 2, and 3 offsets, so we don't do qsort for those.
+        (KJS::convertUTF16OffsetsToUTF8Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
+        (KJS::convertUTF8OffsetsToUTF16Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
+
+        - fixed the test program so it won't hit the interpreter lock assertion
+
+        * kjs/testkjs.cpp: (main): Just lock around the whole thing, since the test is singly threaded.
+
+=== Safari-127 ===
+
+2004-02-06  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3550242 and 3546977.  The first diff prevents an assert from firing.  The second diff prevents a JavaScript exception, caused be an invalid conversion, which has a downstream consequence of preventing a valid conversion.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_jsobject.cpp:
+        (JSObject::toString):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::convertValueToJValue):
+
+2004-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3546613>: array of negative size leads to crash (test page at oscar.the-rileys.net)
+
+        * kjs/array_object.cpp:
+        (ArrayInstanceImp::ArrayInstanceImp): If the length is greater than 10,000, don't allocate an array until
+        we start putting values in. This prevents new Array(2147483647) from causing trouble.
+        (ArrayObjectImp::construct): Check number as described in specification, and raise a range error if the
+        number is out of range. This prevents new Array(-1) from causing trouble.
+
+        - fixed <rdar://problem/3545756>: Math.round screws up on numbers bigger than 2^31 (incorrect results on HP-35 calculator page)
+
+        * kjs/math_object.cpp: (MathFuncImp::call): Change implementation to be much simpler and not involve
+        casting to int. Results now match those in other browsers.
+
+2004-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3519285>: integer operations on large negative numbers yield bad results (discovered with "HTMLCrypt")
+        - fixed other related overflow issues
+
+        * kjs/value.h: Changed return types of toInteger, toInt32, toUInt32, and toUInt16.
+        * kjs/value.cpp:
+        (ValueImp::toInteger): Change to return a double, since this operation, from the ECMA specification,
+        must not restrict values to the range of a particular integer type.
+        (ValueImp::toInt32): Used a sized integer type for the result of this function, and also added
+        proper handling for negative results from fmod.
+        (ValueImp::toUInt32): Ditto.
+        (ValueImp::toUInt16): Ditto.
+        (ValueImp::dispatchToUInt32): Changed result type from unsigned to uint32_t.
+
+        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Use a double instead of an int to handle
+        out-of-integer-range values better in the slice function.
+        * kjs/internal.cpp: (KJS::roundValue): Streamline the function, handling NAN and infinity properly.
+        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Use a double instead of an int to handle
+        out-of-integer-range values better in the toString function.
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Use a double instead of an int to handle
+        out-of-integer-range values better in the charAt, charCodeAt, indexOf, lastIndexOf, slice,
+        and substr functions.
+
+=== Safari-126 ===
+
+2004-01-30  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3542044.  Create KJS::String using UString constructor instead of passing UTF8 string to char* constructor.
+
+        Reviewed by Darin.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::stringValue):
+
+2004-01-26  Darin Adler  <darin@apple.com>
+
+        * Makefile.am: Switch from pbxbuild to xcodebuild.
+
+2004-01-22  Richard Williamson   <rjw@apple.com>
+
+        Added stubs for ObjC language binding to JavaScript.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni/jni_runtime.h:
+        * bindings/objc/objc_runtime.h: Added.
+        (KJS::Bindings::ObjcParameter::ObjcParameter):
+        (KJS::Bindings::ObjcParameter::~ObjcParameter):
+        (KJS::Bindings::ObjcParameter::operator=):
+        (KJS::Bindings::ObjcParameter::type):
+        (KJS::Bindings::ObjcConstructor::ObjcConstructor):
+        (KJS::Bindings::ObjcConstructor::~ObjcConstructor):
+        (KJS::Bindings::ObjcConstructor::_commonCopy):
+        (KJS::Bindings::ObjcConstructor::operator=):
+        (KJS::Bindings::ObjcConstructor::value):
+        (KJS::Bindings::ObjcConstructor::parameterAt):
+        (KJS::Bindings::ObjcConstructor::numParameters):
+        (KJS::Bindings::ObjcField::ObjcField):
+        (KJS::Bindings::ObjcField::~ObjcField):
+        * bindings/runtime.h:
+
+2004-01-22  Richard Williamson   <rjw@apple.com>
+
+        Simplified JavaString by using UString as backing store.  This
+        revealed a bug in CString's assignment operator which I fixed.
+
+        Removed some dead code.
+ 
+        Reviewed by John.
+
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaString::JavaString):
+        (KJS::Bindings::JavaString::_commonInit):
+        (KJS::Bindings::JavaString::UTF8String):
+        (KJS::Bindings::JavaString::uchars):
+        (KJS::Bindings::JavaString::length):
+        (KJS::Bindings::JavaString::ustring):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        * bindings/runtime_object.h:
+        * kjs/ustring.cpp:
+        (KJS::CString::CString):
+        (KJS::CString::operator=):
+
+=== Safari-125 ===
+
+=== Safari-124 ===
+
+2004-01-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3525853.  We weren't handling mapping to overloaded Java
+        methods very well.  Even though this is undefined the other
+        browsers support it.  Also fixed a bug with returning arrays
+        from Java functions.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::_commonInit):
+        (JavaClass::methodsNamed):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaArray::convertJObjectToArray):
+        (JavaField::valueFromInstance):
+        (JavaMethod::signature):
+        (JavaArray::valueAt):
+        * bindings/jni/jni_runtime.h:
+        * bindings/jni_jsobject.cpp:
+        (JSObject::call):
+        (JSObject::convertJObjectToValue):
+        * bindings/runtime.cpp:
+        (MethodList::addMethod):
+        (MethodList::length):
+        (MethodList::methodAt):
+        (MethodList::~MethodList):
+        * bindings/runtime.h:
+        (KJS::Bindings::MethodList::MethodList):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::RuntimeMethodImp):
+        (RuntimeMethodImp::get):
+        (RuntimeMethodImp::call):
+        * bindings/runtime_method.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::hasProperty):
+
+2004-01-16  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3531229.  Another place that needs the  Push/PopLocalFrame
+        protection implemented for 3530401.
+
+        Reviewed by John.
+
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::call):
+
+2004-01-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3530401.  JNI doesn't cleanup local refs created on the
+        main thread.   IMO this is a bad bug in our JMI implementation.
+
+        To work-around the problem I explicitly delete all local refs.
+        Further, I've added Push/PopLocalFrame calls to catch any refs
+        that I may have missed.  This will guarantee that we don't leak
+        any Java references.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::_commonInit):
+        (JavaClass::JavaClass):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::begin):
+        (JavaInstance::end):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaConstructor::JavaConstructor):
+        (JavaMethod::JavaMethod):
+        * bindings/jni_jsobject.cpp:
+        (JSObject::listFromJArray):
+        * bindings/runtime.h:
+        (KJS::Bindings::Instance::begin):
+        (KJS::Bindings::Instance::end):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+        (RuntimeObjectImp::defaultValue):
+
+2004-01-15  Vicki Murley  <vicki@apple.com>
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.pbproj/project.pbxproj: Update copyright date to 2004.
+
+2004-01-14  Richard Williamson   <rjw@apple.com>
+        
+        Fixed 3529466.  With recent changes to Java plugin we must no
+        longer call DeleteLocalRef().  Not a problem, it was an optimization anyway.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_instance.cpp:
+        (JObjectWrapper::JObjectWrapper):
+
+=== Safari-122 ===
+
+2004-01-14  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3529010.
+
+        Finalize may be called on an JSObject after we've already remove all our references.  The assert in this case is firing because we've received a finalize call from Java for an instance that we no longer know about.  The fix is to check in finalize that we're getting a call on an instance that we still care about.
+
+        Reviewed by John.
+
+        * bindings/jni_jsobject.cpp:
+        (addJavaReference):
+        (removeJavaReference):
+        (RootObject::removeAllJavaReferencesForRoot):
+        (JSObject::invoke):
+
+2004-01-13  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3528324. 
+
+        The run loop that is used to execute JavaScript (in practice, always the main run loop) is held in a class variable.  It is set and retained once and should not be released.  Unfortunately is it being released when the 'root' object on a LiveConnect applet is released.  This has the symptom of eventually causing an deallocation of the main run loop!  Usually after about 5 instantiations/destructions of a LiveConnect applet.  The CFRelease of the run loop was removed.
+
+        Reviewed by Hyatt.
+
+        * bindings/jni_jsobject.h:
+        (KJS::Bindings::RootObject::~RootObject):
+
+=== Safari-121 ===
+
+=== Safari-120 ===
+
+2004-01-06  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3521814.  Finalize messages weren't being dispatched!
+
+        Reviewed by John.
+
+        * bindings/jni_jsobject.cpp:
+        (JSObject::invoke):
+
+2004-01-05  Richard Williamson   <rjw@apple.com>
+
+        Added cache of JNI method IDs to minimize allocations.  This mitigates the problem
+        described by 3515579.
+
+        Also cleanup up logging of Java exceptions.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::classForInstance):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        (JavaInstance::getClass):
+        (JavaInstance::invokeMethod):
+        (JObjectWrapper::JObjectWrapper):
+        (JObjectWrapper::~JObjectWrapper):
+        * bindings/jni/jni_instance.h:
+        (KJS::Bindings::JavaInstance::operator=):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::JavaMethod):
+        (JavaMethod::methodID):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaMethod::JavaMethod):
+        * bindings/jni/jni_utility.cpp:
+        (callJNIMethod):
+        (callJNIMethodIDA):
+        (callJNIMethodA):
+        (KJS::Bindings::getMethodID):
+        (KJS::Bindings::callJNIVoidMethodIDA):
+        (KJS::Bindings::callJNIObjectMethodIDA):
+        (KJS::Bindings::callJNIByteMethodIDA):
+        (KJS::Bindings::callJNICharMethodIDA):
+        (KJS::Bindings::callJNIShortMethodIDA):
+        (KJS::Bindings::callJNIIntMethodIDA):
+        (KJS::Bindings::callJNILongMethodIDA):
+        (KJS::Bindings::callJNIFloatMethodIDA):
+        (KJS::Bindings::callJNIDoubleMethodIDA):
+        (KJS::Bindings::callJNIBooleanMethodIDA):
+        (KJS::Bindings::getCharactersFromJStringInEnv):
+        (KJS::Bindings::getUCharactersFromJStringInEnv):
+        (KJS::Bindings::getJNIField):
+        * bindings/jni/jni_utility.h:
+
+l2003-12-23  John Sullivan  <sullivan@apple.com>
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        Xcode version wars, harmless
+
+2003-12-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by John (concept, not code, which is just the old code coming back).
+
+        - fixed 3518092: REGRESSION (100-119): getting NaN instead of HH:MM times
+
+        * kjs/date_object.cpp: Added back our CF-based implementations of gmtime, localtime,
+        mktime, timegm, and time, because mktime, at least, won't handle a year of 0.
+
+2003-12-19  Richard Williamson   <rjw@apple.com>
+
+        Fixed 3515597.  When an error occurs we need
+        to make sure result values are zeroed.
+
+        Cleaned up logs by adding a newline.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJavaVM):
+        (KJS::Bindings::getJNIEnv):
+        (callJNIMethod):
+        (callJNIMethodA):
+        (KJS::Bindings::getJNIField):
+        * bindings/jni_jsobject.cpp:
+        (JSObject::convertValueToJObject):
+
+=== Safari-119 ===
+
+2003-12-17  Richard Williamson   <rjw@apple.com>
+
+        Ensure that all the symbols we export are in the KJS
+        namespace (3512245).
+
+        Also renamed JavaString.characters() to JavaString.UTF8String()
+        for enhanced clarity.
+
+        Added some sanity checking to constructor of JObjectWrapper.
+
+        Reviewed by Dave.
+
+        * ChangeLog:
+        * bindings/jni/jni_class.cpp:
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        (JObjectWrapper::JObjectWrapper):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaParameter::JavaParameter):
+        (JavaField::JavaField):
+        (JavaMethod::JavaMethod):
+        (JavaMethod::signature):
+        * bindings/jni/jni_runtime.h:
+        (KJS::Bindings::JavaString::ascii):
+        (KJS::Bindings::JavaString::UTF8String):
+        (KJS::Bindings::JavaString::JavaString):
+        (KJS::Bindings::JavaString::_commonInit):
+        (KJS::Bindings::JavaString::uchars):
+        (KJS::Bindings::JavaString::length):
+        (KJS::Bindings::JavaString::ustring):
+        (KJS::Bindings::JavaParameter::type):
+        (KJS::Bindings::JavaField::name):
+        (KJS::Bindings::JavaField::type):
+        (KJS::Bindings::JavaMethod::name):
+        (KJS::Bindings::JavaMethod::returnType):
+        * bindings/jni/jni_utility.cpp:
+        (KJS::Bindings::getJavaVM):
+        (KJS::Bindings::getJNIEnv):
+        (KJS::Bindings::callJNIVoidMethod):
+        (KJS::Bindings::callJNIObjectMethod):
+        (KJS::Bindings::callJNIBooleanMethod):
+        (KJS::Bindings::callJNIByteMethod):
+        (KJS::Bindings::callJNICharMethod):
+        (KJS::Bindings::callJNIShortMethod):
+        (KJS::Bindings::callJNIIntMethod):
+        (KJS::Bindings::callJNILongMethod):
+        (KJS::Bindings::callJNIFloatMethod):
+        (KJS::Bindings::callJNIDoubleMethod):
+        (KJS::Bindings::callJNIVoidMethodA):
+        (KJS::Bindings::callJNIObjectMethodA):
+        (KJS::Bindings::callJNIByteMethodA):
+        (KJS::Bindings::callJNICharMethodA):
+        (KJS::Bindings::callJNIShortMethodA):
+        (KJS::Bindings::callJNIIntMethodA):
+        (KJS::Bindings::callJNILongMethodA):
+        (KJS::Bindings::callJNIFloatMethodA):
+        (KJS::Bindings::callJNIDoubleMethodA):
+        (KJS::Bindings::callJNIBooleanMethodA):
+        (KJS::Bindings::getCharactersFromJString):
+        (KJS::Bindings::releaseCharactersForJString):
+        (KJS::Bindings::getCharactersFromJStringInEnv):
+        (KJS::Bindings::releaseCharactersForJStringInEnv):
+        (KJS::Bindings::getUCharactersFromJStringInEnv):
+        (KJS::Bindings::releaseUCharactersForJStringInEnv):
+        (KJS::Bindings::JNITypeFromClassName):
+        (KJS::Bindings::signatureFromPrimitiveType):
+        (KJS::Bindings::JNITypeFromPrimitiveType):
+        (KJS::Bindings::getJNIField):
+        (KJS::Bindings::convertValueToJValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/jni_jsobject.cpp:
+        (KJS::Bindings::JSObject::invoke):
+        (KJS::Bindings::JSObject::JSObject):
+        (KJS::Bindings::JSObject::call):
+        (KJS::Bindings::JSObject::eval):
+        (KJS::Bindings::JSObject::getMember):
+        (KJS::Bindings::JSObject::setMember):
+        (KJS::Bindings::JSObject::removeMember):
+        (KJS::Bindings::JSObject::getSlot):
+        (KJS::Bindings::JSObject::setSlot):
+        (KJS::Bindings::JSObject::toString):
+        (KJS::Bindings::JSObject::finalize):
+        (KJS::Bindings::JSObject::createNative):
+        (KJS::Bindings::JSObject::convertValueToJObject):
+        (KJS::Bindings::JSObject::convertJObjectToValue):
+        (KJS::Bindings::JSObject::listFromJArray):
+        * bindings/jni_jsobject.h:
+        * bindings/runtime.cpp:
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp:
+        * bindings/runtime_method.h:
+
+=== Safari-118 ===
+
+2003-12-16  Richard Williamson   <rjw@apple.com>
+
+        Ack!  More assertions.  Lock ALL entry points into the interpreter!
+        (3511733).
+
+        Reviewed by Ken.
+
+        * bindings/jni_jsobject.cpp:
+        (Bindings::JSObject::call):
+        (Bindings::JSObject::eval):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::setMember):
+        (Bindings::JSObject::removeMember):
+        (Bindings::JSObject::getSlot):
+        (Bindings::JSObject::setSlot):
+        (Bindings::JSObject::convertJObjectToValue):
+
+2003-12-15  Richard Williamson   <rjw@apple.com>
+
+        Fixed a couple of snafus and removed some logging.
+
+        Reviewed by Maciej.
+
+        * bindings/jni_jsobject.cpp:
+        (Bindings::performJavaScriptAccess):
+        (Bindings::completedJavaScriptAccess):
+        (Bindings::dispatchToJavaScriptThread):
+        Removed some annoying JS_LOG clutter.
+
+        (Bindings::RootObject::removeAllJavaReferencesForRoot):
+        Fixed allocation of key buffer that was called after it was needed.
+
+        (Bindings::JSObject::invoke):
+        (Bindings::JSObject::JSObject):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::getSlot):
+        Added additional interpreter locks around getMember and getSlot. 
+        These functions may cause allocation of JS impls.  
+
+2003-12-15  Richard Williamson   <rjw@apple.com>
+
+        args weren't passed to 'call' invocation.  d'oh.
+        lock interpreter when we create instances of JS impls.        
+
+        Reviewed by Maciej.
+
+        * bindings/jni_jsobject.cpp:
+        (Bindings::JSObject::call):
+        (Bindings::JSObject::eval):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::setMember):
+        (Bindings::JSObject::getSlot):
+        (Bindings::JSObject::convertValueToJObject):
+        (Bindings::JSObject::convertJObjectToValue):
+        (Bindings::JSObject::listFromJArray):
+        * bindings/jni_jsobject.h:
+
+2003-12-15  Richard Williamson   <rjw@apple.com>
+
+        Last piece of LiveConnect!  This checkin adds implementation
+        of the Java to JavaScript object conversion functions.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_utility.cpp:
+        * bindings/jni/jni_utility.h:
+        * bindings/jni_jsobject.cpp:
+        (Bindings::JSObject::invoke):
+        (Bindings::JSObject::call):
+        (Bindings::JSObject::eval):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::setMember):
+        (Bindings::JSObject::getSlot):
+        (Bindings::JSObject::setSlot):
+        (Bindings::JSObject::createNative):
+        (Bindings::JSObject::convertValueToJObject):
+        (Bindings::JSObject::convertJObjectToValue):
+        (Bindings::JSObject::listFromJArray):
+        * bindings/jni_jsobject.h:
+        (Bindings::):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::get):
+        (RuntimeMethodImp::codeType):
+        (RuntimeMethodImp::execute):
+
+2003-12-12  Richard Williamson   <rjw@apple.com>
+
+        Added implementation of stubs in JSObject.  All that
+        remains is a couple of simple conversion functions stubs and
+        we're done with LiveConnect.  Also, changed string passing to
+        JS to use uchars instead of chars.  
+
+        Reviewed by Maciej.
+
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaString::JavaString):
+        (Bindings::JavaString::_commonInit):
+        (Bindings::JavaString::_commonCopy):
+        (Bindings::JavaString::_commonDelete):
+        (Bindings::JavaString::~JavaString):
+        (Bindings::JavaString::operator=):
+        (Bindings::JavaString::uchars):
+        (Bindings::JavaString::length):
+        (Bindings::JavaString::ustring):
+        * bindings/jni/jni_utility.cpp:
+        (getUCharactersFromJStringInEnv):
+        (releaseUCharactersForJStringInEnv):
+        (convertValueToJObject):
+        (convertJObjectToValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/jni_jsobject.cpp:
+        (Bindings::JSObject::invoke):
+        (Bindings::JSObject::call):
+        (Bindings::JSObject::eval):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::setMember):
+        (Bindings::JSObject::removeMember):
+        (Bindings::JSObject::getSlot):
+        (Bindings::JSObject::setSlot):
+        * bindings/jni_jsobject.h:
+
+2003-12-12  Richard Williamson   <rjw@apple.com>
+
+        Ensure that all calls from Java into JavaScript are
+        performed on a designated thread (the main thread).
+
+        Reviewed by Ken.
+
+        * bindings/jni_jsobject.cpp:
+        (isJavaScriptThread):
+        (rootForImp):
+        (Bindings::performJavaScriptAccess):
+        (Bindings::completedJavaScriptAccess):
+        (Bindings::initializeJavaScriptAccessLock):
+        (Bindings::lockJavaScriptAccess):
+        (Bindings::unlockJavaScriptAccess):
+        (Bindings::dispatchToJavaScriptThread):
+        (Bindings::RootObject::setFindRootObjectForNativeHandleFunction):
+        (Bindings::RootObject::removeAllJavaReferencesForRoot):
+        (Bindings::JSObject::invoke):
+        (Bindings::JSObject::JSObject):
+        (Bindings::JSObject::call):
+        (Bindings::JSObject::eval):
+        (Bindings::JSObject::getMember):
+        (Bindings::JSObject::setMember):
+        (Bindings::JSObject::removeMember):
+        (Bindings::JSObject::getSlot):
+        (Bindings::JSObject::setSlot):
+        (Bindings::JSObject::toString):
+        (Bindings::JSObject::finalize):
+        (Bindings::JSObject::getWindow):
+        * bindings/jni_jsobject.h:
+        (Bindings::RootObject::~RootObject):
+        (Bindings::RootObject::findRootObjectForNativeHandleFunction):
+        (Bindings::RootObject::runLoop):
+        (Bindings::RootObject::performJavaScriptSource):
+        (Bindings::):
+
+2003-12-11  Richard Williamson   <rjw@apple.com>
+
+        Added support for calling a JavaScript function from
+        Java.  Right now this only works for void func(void)
+        functions, but the conversion of args and return values
+        will come shortly.
+
+        Cleaned up and verified reference counting scheme, and
+        dereferencing of vended JavaScript objects when applet is
+        destroyed (actually when part is destroyed).
+        
+        Removed link hack for testkjs now that the Java folks think
+        they have a solution for the 1.4.2 JavaVM link problem.  Although
+        Greg B. thinks his solution may cause problems for the 1.3.1
+        version of the VM!?!
+
+        Reviewed by Ken.
+
+        * Makefile.am:
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaString::JavaString):
+        * bindings/jni/jni_utility.cpp:
+        (convertValueToJValue):
+        (convertValueToJObject):
+        (listFromJArray):
+        * bindings/jni/jni_utility.h:
+        * bindings/jni_jsobject.cpp:
+        (KJS_setFindRootObjectForNativeHandleFunction):
+        (KJS_findRootObjectForNativeHandleFunction):
+        (getReferencesByRootDictionary):
+        (getReferencesDictionary):
+        (findReferenceDictionary):
+        (rootForImp):
+        (addJavaReference):
+        (removeJavaReference):
+        * bindings/jni_jsobject.h:
+        (Bindings::RootObject::RootObject):
+        (Bindings::RootObject::~RootObject):
+        (Bindings::RootObject::setRootObjectImp):
+        (Bindings::RootObject::rootObjectImp):
+        (Bindings::RootObject::setInterpreter):
+        (Bindings::RootObject::interpreter):
+
+=== Safari-117 ===
+
+2003-12-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed regression in JavaScript tests reported by the KDE guys
+        - fixed 3506345: REGRESSION (115-116): VIP: chordfind.com no longer displays chords
+
+        * kjs/ustring.h: Add tolerateEmptyString parameter to toDouble and toULong.
+        * kjs/ustring.cpp:
+        (KJS::UString::toDouble): Separate the "tolerant" parameter into two separate ones:
+        tolerateTrailingJunk and tolerateEmptyString. Add new overloads; better for code size
+        and binary compatibility than default parameter values.
+        (KJS::UString::toULong): Pass tolerateEmptyString down to toDouble. Add new overload.
+
+        * kjs/string_object.cpp: (StringProtoFuncImp::call): Pass false for the new
+        "tolerate empty string" parameter.
+
+2003-12-10  Richard Williamson   <rjw@apple.com>
+
+        Added code to manage reference counting of JavaScript
+        objects passed to Java.   Also added implementation of
+        KJS_JSCreateNativeJSObject.  This is the function that
+        provides the root object to Java (KJS::Window).
+
+        Reviewed by Hyatt.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni_jsobject.cpp:
+        (KJS_setFindObjectForNativeHandleFunction):
+        (KJS_findObjectForNativeHandleFunction):
+        (getReferencesByOwnerDictionary):
+        (getReferencesDictionary):
+        (findReferenceDictionary):
+        (addJavaReference):
+        (removeJavaReference):
+        (removeAllJavaReferencesForOwner):
+        * bindings/jni_jsobject.h:
+
+2003-12-09  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect stubs that correspond to the native methods
+        on JSObject.  These will be called from the new Java plugin
+        when an instance of JSObject is instantiated and messaged.
+        When these are implemented the Java will be able to originate
+        calls into JavaScript.
+
+        Also a temporary work-around added to Makefile.am to solve
+        a link problem.  The 1.4.2 JavaVM accidentally links against
+        libobjc.  This call a failure linking testkjs.  Mike Hay is
+        working with someone to fix the problem (3505587).
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/jni_jsobject.cpp: Added.
+        (KJS_JSCreateNativeJSObject):
+        (KJS_JSObject_JSFinalize):
+        (KJS_JSObject_JSObjectCall):
+        (KJS_JSObject_JSObjectEval):
+        (KJS_JSObject_JSObjectGetMember):
+        (KJS_JSObject_JSObjectSetMember):
+        (KJS_JSObject_JSObjectRemoveMember):
+        (KJS_JSObject_JSObjectGetSlot):
+        (KJS_JSObject_JSObjectSetSlot):
+        (KJS_JSObject_JSObjectToString):
+        * bindings/jni_jsobject.h: Added.
+
+2003-12-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/3505183>: JavaScriptCore should assert that interpreter is locked in collector
+
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate): Assert that interpreter lock count is not 0.
+        (KJS::Collector::collect): likewise
+
+2003-12-08  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect:  The last piece of the JavaScript side of the
+        LiveConnect implementation.  This change adds support for
+        setting/getting values from Java arrays in JavaScript.
+
+        Reviewed by John.
+
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::JavaField):
+        (convertJObjectToArray):
+        (JavaArray::JavaArray):
+        (JavaArray::~JavaArray):
+        (JavaArray::setValueAt):
+        (JavaArray::valueAt):
+        (JavaArray::getLength):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaArray::operator=):
+        (Bindings::JavaArray::javaArray):
+        * bindings/jni/jni_utility.cpp:
+        (JNITypeFromPrimitiveType):
+        (convertValueToJValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.h:
+        * bindings/runtime_array.cpp:
+        (RuntimeArrayImp::RuntimeArrayImp):
+        (RuntimeArrayImp::~RuntimeArrayImp):
+        (RuntimeArrayImp::get):
+        (RuntimeArrayImp::put):
+        (RuntimeArrayImp::hasProperty):
+        * bindings/runtime_array.h:
+        (KJS::RuntimeArrayImp::getLength):
+        (KJS::RuntimeArrayImp::getConcreteArray):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+
+2003-12-05  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect:  Part 1 of supporting JS bindings to
+        native language arrays.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::JavaField):
+        (convertJObjectToArray):
+        (JavaField::valueFromInstance):
+        (JavaField::setValueToInstance):
+        * bindings/jni/jni_runtime.h:
+        * bindings/runtime.cpp:
+        (Instance::setValueOfField):
+        * bindings/runtime.h:
+        (Bindings::Array::~Array):
+
+2003-12-04  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect:  Moved defaultValue into concrete implementation because
+        more intelligent conversion can be perform with knowledge
+        of the class of the original instance.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::isNumberClass):
+        (JavaClass::isBooleanClass):
+        (JavaClass::isStringClass):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::defaultValue):
+        (JavaInstance::valueOf):
+        * bindings/jni/jni_instance.h:
+        (Bindings::JavaInstance::javaInstance):
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::defaultValue):
+
+2003-12-04  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect:  Added support for setting the value of Java
+        fields.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaParameter::JavaParameter):
+        (JavaField::JavaField):
+        (JavaField::valueFromInstance):
+        (JavaField::setValueToInstance):
+        (JavaMethod::JavaMethod):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaField::getJNIType):
+        * bindings/jni/jni_utility.cpp:
+        (JNITypeFromClassName):
+        (convertValueToJValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.cpp:
+        (Instance::setValueOfField):
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::defaultValue):
+
+2003-12-04  Richard Williamson   <rjw@apple.com>
+
+        Added support for string conversions.
+        Changed various JavaString member variables to be inline.
+        Implemented defaultValue for context relevant type coercion.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::JavaClass):
+        (JavaClass::setClassName):
+        (JavaClass::classForInstance):
+        * bindings/jni/jni_class.h:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::stringValue):
+        (JavaInstance::numberValue):
+        (JavaInstance::booleanValue):
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaParameter::JavaParameter):
+        (JavaField::JavaField):
+        (JavaMethod::JavaMethod):
+        (appendClassName):
+        (JavaMethod::signature):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaString::JavaString):
+        (Bindings::JavaString::~JavaString):
+        (Bindings::JavaString::operator=):
+        (Bindings::JavaString::characters):
+        (Bindings::JavaParameter::JavaParameter):
+        (Bindings::JavaParameter::~JavaParameter):
+        (Bindings::JavaParameter::operator=):
+        (Bindings::JavaParameter::type):
+        (Bindings::JavaField::JavaField):
+        (Bindings::JavaField::~JavaField):
+        (Bindings::JavaField::operator=):
+        (Bindings::JavaField::name):
+        (Bindings::JavaField::type):
+        (Bindings::JavaMethod::JavaMethod):
+        (Bindings::JavaMethod::_commonDelete):
+        (Bindings::JavaMethod::name):
+        (Bindings::JavaMethod::returnType):
+        * bindings/jni/jni_utility.cpp:
+        (convertValueToJValue):
+        * bindings/runtime.h:
+        (Bindings::Instance::valueOf):
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::call):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::defaultValue):
+        * bindings/runtime_object.h:
+        (KJS::RuntimeObjectImp::classInfo):
+
+=== Safari-116 ===
+
+2003-12-03  Richard Williamson   <rjw@apple.com>
+
+        LiveConnect:  Added support for parameter passing to Java and conversion
+        of return values.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaParameter::JavaParameter):
+        (JavaMethod::JavaMethod):
+        (JavaMethod::signature):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaParameter::JavaParameter):
+        (Bindings::JavaParameter::operator=):
+        (Bindings::JavaParameter::getJNIType):
+        * bindings/jni/jni_utility.cpp:
+        (callJNIBooleanMethodA):
+        (convertValueToJValue):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp:
+        (RuntimeMethodImp::call):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+
+2003-12-02  Richard Williamson   <rjw@apple.com>
+
+        Added support for calling simple methods in Java from JavaScript.
+        (void return and no parameters).  Yay, LiveConnect lives.
+
+        Still need write argument and return value conversion code.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::getClass):
+        (JavaInstance::invokeMethod):
+        * bindings/jni/jni_instance.h:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::JavaMethod):
+        (JavaMethod::signature):
+        (JavaMethod::JNIReturnType):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaMethod::_commonDelete):
+        (Bindings::JavaMethod::_commonCopy):
+        (Bindings::JavaMethod::name):
+        * bindings/jni/jni_utility.cpp:
+        (signatureFromPrimitiveType):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.h:
+        * bindings/runtime_method.cpp: Added.
+        (RuntimeMethodImp::RuntimeMethodImp):
+        (RuntimeMethodImp::~RuntimeMethodImp):
+        (RuntimeMethodImp::get):
+        (RuntimeMethodImp::implementsCall):
+        (RuntimeMethodImp::call):
+        (RuntimeMethodImp::codeType):
+        (RuntimeMethodImp::execute):
+        * bindings/runtime_method.h: Added.
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        * bindings/runtime_object.h:
+        * kjs/function.cpp:
+        (FunctionImp::FunctionImp):
+        * kjs/interpreter.h:
+
+2003-12-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed 3493799: JavaScript string.replace expands $ if it's the last character in replacement string
+
+        * kjs/ustring.cpp: (KJS::UString::toDouble): Fix backwards handling of the "tolerant" boolean.
+        This indirectly caused the string.replace bug.
+
+2003-12-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Merged patches from Harri Porten and David Faure to fix:
+
+        <rdar://problem/3497643>: reproducible crash printing self-referential array
+        
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call): Break out of the loop if an exception was thrown.
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate): Move function call depth check from here...
+        * kjs/object.cpp:
+        (KJS::Object::call): ...to here.
+        * kjs/object.h: Un-inline Object::call now that it does more.
+
+2003-12-01  Richard Williamson   <rjw@apple.com>
+
+        Fixed mistake in method signatures used to get boolean and integer fields.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+
+2003-12-01  Richard Williamson   <rjw@apple.com>
+
+Fixed parameter passing to applet.  Child elements are NOT valid in setStyle().  So we now create the widget before needed with createWidgetIfNecessary.  This either happens when doing the first layout, or when JavaScript first references the applet element.
+
+Fixed early delete of the the main applet instance.  When the JS collector cleaned up the last JS object referring to the applet instance we were deleting the java instance.  This caused the applet instance cached on the applet element to be invalid.  The applet instance is the only Java object not to be cleaned up by the JS collector.
+
+Added support for getting at Java object fields.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/jni/jni_instance.cpp:
+        (JObjectWrapper::JObjectWrapper):
+        * bindings/jni/jni_instance.h:
+        (Bindings::JObjectWrapper::~JObjectWrapper):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::valueFromInstance):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::~RuntimeObjectImp):
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::deleteProperty):
+        * bindings/runtime_object.h:
+
+=== Safari-115 ===
+
+2003-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Harri Porten, reviewed by me.
+
+        - fixed 3491712 - String slice with negative arguments does not offset from end of string
+        
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): Handle negative arguments as offsets from end by
+        adding length and clamping to [0,length-1].
+
+2003-11-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Harri Porten, reviewed by me.
+
+        - fixed 3491709 - using Function.apply with a primitive type as the arg list causes crash
+        
+        * kjs/function_object.cpp:
+        (FunctionProtoFuncImp::call): Nest parentheses properly.
+
+2003-11-20  Richard Williamson   <rjw@apple.com>
+
+        More LiveConnect stuff.  Primitive Java fields are now
+        accessible from JavaScript!  Yay!
+
+        Reviewed by Maciej.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::methodNamed):
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_class.h:
+        (Bindings::JavaClass::_commonDelete):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::JavaInstance):
+        (JavaInstance::~JavaInstance):
+        (JavaInstance::getClass):
+        * bindings/jni/jni_instance.h:
+        (Bindings::JavaInstance::javaInstance):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaField::JavaField):
+        (JavaField::valueFromInstance):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaField::JavaField):
+        (Bindings::JavaField::~JavaField):
+        (Bindings::JavaField::operator=):
+        * bindings/jni/jni_utility.cpp:
+        (callJNIMethod):
+        (callJNIMethodA):
+        (callJNIVoidMethod):
+        (callJNIObjectMethod):
+        (callJNIBooleanMethod):
+        (callJNIByteMethod):
+        (callJNICharMethod):
+        (callJNIShortMethod):
+        (callJNIIntMethod):
+        (callJNILongMethod):
+        (callJNIFloatMethod):
+        (callJNIDoubleMethod):
+        (callJNIVoidMethodA):
+        (callJNIObjectMethodA):
+        (callJNIByteMethodA):
+        (callJNICharMethodA):
+        (callJNIShortMethodA):
+        (callJNIIntMethodA):
+        (callJNILongMethodA):
+        (callJNIFloatMethodA):
+        (callJNIDoubleMethodA):
+        (releaseCharactersForJStringInEnv):
+        (primitiveTypeFromClassName):
+        (getJNIField):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        (Instance::getValueOfField):
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::get):
+
+2003-11-20  Richard Williamson   <rjw@apple.com>
+
+        More LiveConnect stuff.
+
+        Reviewed by Chris.
+
+        * bindings/jni/jni_class.cpp:
+        (JavaClass::classForName):
+        (JavaClass::classForInstance):
+        * bindings/jni/jni_instance.cpp:
+        (JavaInstance::getValueOfField):
+        * bindings/jni/jni_instance.h:
+        (Bindings::JObjectWrapper::JObjectWrapper):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaConstructor::~JavaConstructor):
+        (Bindings::JavaConstructor::operator=):
+        (Bindings::JavaMethod::JavaMethod):
+        (Bindings::JavaMethod::_commonDelete):
+        (Bindings::JavaMethod::signature):
+        * bindings/jni/jni_utility.cpp:
+        (getJNIEnv):
+        (attachToJavaVM):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.h:
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::~RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        * bindings/runtime_object.h:
+
+2003-11-19  Richard Williamson   <rjw@apple.com>
+
+        More LiveConnect stuff.
+
+        Reviewed by Ken.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni/jni_class.cpp: Added.
+        (JavaClass::_commonInit):
+        (JavaClass::JavaClass):
+        (_createClassesByNameIfNecessary):
+        (JavaClass::classForName):
+        (JavaClass::classForInstance):
+        (JavaClass::methodNamed):
+        (JavaClass::fieldNamed):
+        * bindings/jni/jni_class.h: Added.
+        (Bindings::JavaClass::_commonDelete):
+        (Bindings::JavaClass::~JavaClass):
+        (Bindings::JavaClass::_commonCopy):
+        (Bindings::JavaClass::JavaClass):
+        (Bindings::JavaClass::operator=):
+        (Bindings::JavaClass::name):
+        (Bindings::JavaClass::constructorAt):
+        (Bindings::JavaClass::numConstructors):
+        * bindings/jni/jni_instance.cpp: Added.
+        (JavaInstance::JavaInstance):
+        (JavaInstance::~JavaInstance):
+        * bindings/jni/jni_instance.h: Added.
+        (Bindings::JObjectWrapper::JObjectWrapper):
+        (Bindings::JObjectWrapper::~JObjectWrapper):
+        (Bindings::JObjectWrapper::ref):
+        (Bindings::JObjectWrapper::deref):
+        (Bindings::JavaInstance::getClass):
+        (Bindings::JavaInstance::operator=):
+        * bindings/jni/jni_runtime.cpp:
+        (JavaMethod::JavaMethod):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaString::JavaString):
+        (Bindings::JavaString::~JavaString):
+        (Bindings::JavaString::operator=):
+        * bindings/jni/jni_utility.cpp:
+        (getJavaVM):
+        (getJNIEnv):
+        (getCharactersFromJString):
+        (releaseCharactersForJString):
+        (getCharactersFromJStringInEnv):
+        (releaseCharactersForJStringInEnv):
+        * bindings/jni/jni_utility.h:
+        * bindings/runtime.cpp:
+        (Instance::createBindingForLanguageInstance):
+        * bindings/runtime.h:
+        (Bindings::Instance::):
+
+2003-11-18  Richard Williamson   <rjw@apple.com>
+
+        More live connect stubs.  We're getting close.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * bindings/jni/jni_runtime.cpp:
+        (JavaClass::JavaClass):
+        (JavaInstance::JavaInstance):
+        (JavaInstance::~JavaInstance):
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaConstructor::value):
+        (Bindings::JavaField::value):
+        (Bindings::JavaMethod::value):
+        (Bindings::JavaClass::_commonDelete):
+        (Bindings::JavaClass::_commonCopy):
+        (Bindings::JavaClass::methodNamed):
+        (Bindings::JavaClass::fieldNamed):
+        (Bindings::JavaInstance::getClass):
+        * bindings/runtime.cpp: Added.
+        * bindings/runtime.h:
+        (Bindings::Instance::~Instance):
+        * bindings/runtime_object.cpp: Added.
+        (RuntimeObjectImp::classInfo):
+        (RuntimeObjectImp::RuntimeObjectImp):
+        (RuntimeObjectImp::get):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::canPut):
+        (RuntimeObjectImp::hasProperty):
+        (RuntimeObjectImp::deleteProperty):
+        (RuntimeObjectImp::defaultValue):
+        (RuntimeObjectImp::_initializeClassInfoFromInstance):
+        * bindings/runtime_object.h: Added.
+        (KJS::RuntimeObjectImp::setInternalInstance):
+        (KJS::RuntimeObjectImp::getInternalInstance):
+        * kjs/object.cpp:
+        (KJS::ObjectImp::get):
+        (KJS::ObjectImp::hasProperty):
+        * kjs/value.h:
+        (KJS::):
+
+2003-11-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Harri, reviewed by me.
+
+        - fixed 3487375 - backwards array slice causes infinite loop
+        
+        * kjs/array_object.cpp:
+        (ArrayProtoFuncImp::call):
+
+2003-11-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Patch from Harri Porten reviewed by me.
+
+        - fixed 3487371 - operator precedence for bitwise or, xor and and is wrong
+
+        * kjs/grammar.y: Correct the precedence.
+
+2003-11-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - fixed 3483829 - JavaScriptCore needs workaround to compile on Merlot
+        
+        * JavaScriptCore.pbproj/project.pbxproj: Add -Wno-long-double to
+        warning flags.
+
+=== Safari-114 ===
+
+2003-11-13  Richard Williamson   <rjw@apple.com>
+
+        Factored common code between copy constructor and assignment operator.
+
+        Reviewed by Chris.
+
+        * ChangeLog:
+        * bindings/jni/jni_runtime.h:
+        (Bindings::JavaConstructor::_commonCopy):
+        (Bindings::JavaConstructor::JavaConstructor):
+        (Bindings::JavaConstructor::operator=):
+        (Bindings::JavaField::type):
+        * bindings/runtime.h:
+
+2003-11-13  Richard Williamson   <rjw@apple.com>
+
+        More LiveConnect stuff.  This checkin adds abstract classes to model
+        language runtimes and a JNI based set of concrete implementations for
+        Java.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/Makefile.am: Removed.
+        * bindings/jni/Makefile.am: Removed.
+        * bindings/jni/jni_runtime.cpp: Added.
+        (JavaField::JavaField):
+        (JavaConstructor::JavaConstructor):
+        (JavaMethod::JavaMethod):
+        (JavaClass::JavaClass):
+        * bindings/jni/jni_runtime.h: Added.
+        (Bindings::JavaString::JavaString):
+        (Bindings::JavaString::~JavaString):
+        (Bindings::JavaString::operator=):
+        (Bindings::JavaString::characters):
+        (Bindings::JavaParameter::JavaParameter):
+        (Bindings::JavaParameter::~JavaParameter):
+        (Bindings::JavaParameter::operator=):
+        (Bindings::JavaParameter::type):
+        (Bindings::JavaConstructor::JavaConstructor):
+        (Bindings::JavaConstructor::~JavaConstructor):
+        (Bindings::JavaConstructor::operator=):
+        (Bindings::JavaConstructor::parameterAt):
+        (Bindings::JavaConstructor::numParameters):
+        (Bindings::JavaField::JavaField):
+        (Bindings::JavaField::~JavaField):
+        (Bindings::JavaField::operator=):
+        (Bindings::JavaField::name):
+        (Bindings::JavaField::type):
+        (Bindings::JavaMethod::JavaMethod):
+        (Bindings::JavaMethod::_commonDelete):
+        (Bindings::JavaMethod::~JavaMethod):
+        (Bindings::JavaMethod::_commonCopy):
+        (Bindings::JavaMethod::operator=):
+        (Bindings::JavaMethod::name):
+        (Bindings::JavaMethod::returnType):
+        (Bindings::JavaMethod::parameterAt):
+        (Bindings::JavaMethod::numParameters):
+        (Bindings::JavaClass::_commonDelete):
+        (Bindings::JavaClass::~JavaClass):
+        (Bindings::JavaClass::_commonCopy):
+        (Bindings::JavaClass::JavaClass):
+        (Bindings::JavaClass::operator=):
+        (Bindings::JavaClass::name):
+        (Bindings::JavaClass::methodAt):
+        (Bindings::JavaClass::numMethods):
+        (Bindings::JavaClass::constructorAt):
+        (Bindings::JavaClass::numConstructors):
+        (Bindings::JavaClass::fieldAt):
+        (Bindings::JavaClass::numFields):
+        * bindings/jni/jni_utility.cpp:
+        (callJNIMethod):
+        (callJNIMethodA):
+        (callJNIObjectMethod):
+        (callJNIByteMethod):
+        (callJNICharMethod):
+        (callJNIShortMethod):
+        (callJNIIntMethod):
+        (callJNILongMethod):
+        (callJNIFloatMethod):
+        (callJNIDoubleMethod):
+        (callJNIVoidMethodA):
+        (callJNIObjectMethodA):
+        (callJNIByteMethodA):
+        (callJNICharMethodA):
+        (callJNIShortMethodA):
+        (callJNIIntMethodA):
+        (callJNILongMethodA):
+        (callJNIFloatMethodA):
+        (callJNIDoubleMethodA):
+        (getCharactersFromJString):
+        (releaseCharactersForJString):
+        * bindings/jni/jni_utility.h:
+        * bindings/objc/Makefile.am: Removed.
+        * bindings/runtime.h: Added.
+        (Bindings::Parameter::~Parameter):
+        (Bindings::Constructor::~Constructor):
+        (Bindings::Field::~Field):
+        (Bindings::Method::~Method):
+        (Bindings::Class::~Class):
+
+2003-11-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John.
+
+        - fixed 3472562 - Null or Undefined variables passed to IN operator cause javascript exceptions
+        
+        * kjs/nodes.cpp:
+        (ForInNode::execute): If the in value is null or undefined, bail
+        out early, since attempting to iterate its properties will throw
+        an exception.
+
+2003-11-12  Darin Adler  <darin@apple.com>
+
+        - fixed the build
+
+        * Makefile.am: Fix the build by removing the bindings directory from SUBDIRS.
+        Later, we can either add this back and add the Makefile.am files to the top
+        level configure.in or leave it out and remove the Makefile.am files.
+
+2003-11-12  Richard Williamson   <rjw@apple.com>
+
+        Added utility functions for calling JNI methods.
+
+        Reviewed by Chris.
+
+        * JavaScriptCore.pbproj/project.pbxproj:
+        * Makefile.am:
+        * bindings/Makefile.am: Added.
+        * bindings/jni/Makefile.am: Added.
+        * bindings/jni/jni_utility.cpp: Added.
+        (attachToJavaVM):
+        (callJNIMethod):
+        (callJNIVoidMethod):
+        (callJNIObjectMethod):
+        (callJNIByteMethod):
+        (callJNICharMethod):
+        (callJNIShortMethod):
+        (callJNIIntMethod):
+        (callJNILongMethod):
+        (callJNIFloatMethod):
+        (callJNIDoubleMethod):
+        * bindings/jni/jni_utility.h: Added.
+        * bindings/objc/Makefile.am: Added.
+
+2003-11-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fixed 3477528 -- array.sort(function) fails if the function returns a non-zero value that rounds to zero
+
+        * kjs/array_object.cpp:
+        (compareByStringForQSort): Added checks for undefined values to match what the specification calls for.
+        (compareWithCompareFunctionForQSort): Added checks for undefined values as above, and also changed the
+        code that looks at the compare function result to look at the number returned without rounding to an integer.
+        (ArrayProtoFuncImp::call): Changed the code that looks at the compare function result to look at the number
+        returned without rounding to an integer.
+
+=== Safari-113 ===
+
+2003-11-03  Vicki Murley <vicki@apple.com>
+
+        Reviewed by kocienda.
+
+        - fixed <rdar://problem/3471096>: non-B&I builds should not use order files, because they cause false "regressions" in perf.
+
+        * JavaScriptCore.pbproj/project.pbxproj: added empty SECTORDER_FLAGS variables to the Development and Deployment build styles
+
+2003-11-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - changed list manipulation to use Harri Porten's idea of a circular
+          linked list that is built from head to tail rather than building the
+          list backwards and reversing the list when done
+
+        * kjs/grammar.y: Handle CatchNode and FinallyNode in a type-safe way.
+        Change many places that passed 0L to pass nothing at all, or to pass 0.
+
+        * kjs/nodes.h:
+        (KJS::ElementNode::ElementNode): Build a circular list instead of a 0-terminated
+        backwards list.
+        (KJS::ArrayNode::ArrayNode): Break the circular list instead of reversing the list.
+        (KJS::PropertyValueNode::PropertyValueNode): Moved before ObjectLiteralNode so the
+        inline code in ObjectLiteralNode works. Build a circular list instead of a 0-terminated
+        backwards list. Made the case for the first node separate so we don't need a nil check.
+        (KJS::ObjectLiteralNode::ObjectLiteralNode): Break the circular list instead of
+        reversing the list.
+        (KJS::ArgumentListNode::ArgumentListNode): Build a circular list instead of a 0-terminated
+        backwards list. Also, made the constructors inline (moved here from .cpp file).
+        (KJS::ArgumentsNode::ArgumentsNode): Break the circular list instead of
+        reversing the list.
+        (KJS::NewExprNode::NewExprNode): Changed a 0L to 0.
+        (KJS::StatListNode::StatListNode): Make this constructor no longer inline (moved into
+        .cpp file). The one in the .cpp file builds a circular list instead of a 0-terminated
+        backwards list.
+        (KJS::VarDeclListNode::VarDeclListNode): Build a circular list instead of a 0-terminated
+        backwards list.
+        (KJS::VarStatementNode::VarStatementNode): Break the circular list instead of reversing
+        the list.
+        (KJS::BlockNode::BlockNode): Make this constructor no longer inline (moved into .cpp file).
+        The one in the .cpp file breaks the list instead of reversing it.
+        (KJS::ForNode::ForNode): Break the circular list instead of reversing the list.
+        (KJS::CaseClauseNode::CaseClauseNode): Break the circular list instead of reversing the
+        list.
+        (KJS::ClauseListNode::ClauseListNode): Build a circular list instead of a 0-terminated
+        backwards list.
+        (KJS::CaseBlockNode::CaseBlockNode): Make this constructor no longer inline (moved into
+        .cpp file). The one in the .cpp file breaks the list instead of reversing it.
+        (KJS::TryNode::TryNode): Changed constructor to take typed parameters for the catch and
+        finally nodes rather than just Node.
+        (KJS::ParameterNode::ParameterNode): Build a circular list instead of a 0-terminated
+        backwards list.
+        (KJS::FuncDeclNode::FuncDeclNode): Break the circular list instead of reversing the
+        list.
+        (KJS::FuncExprNode::FuncExprNode): Break the circular list instead of reversing the
+        list.
+
+        * kjs/nodes.cpp:
+        (StatListNode::StatListNode): Moved this constructor here, no longer inline.
+        Did the "break circular list" thing instead of the "reverse list" thing.
+        Added setLoc calls to match KJS in the KDE tree; since we don't currently
+        use the JavaScript debugging support, it's unclear whether there's any benefit, but
+        later we might be using it and it's good to be as close as possible.
+        (BlockNode::BlockNode): Moved this constructor here, no longer inline.
+        Did the "break circular list" thing instead of the "reverse list" thing.
+        Added setLoc calls.
+        (CaseBlockNode::CaseBlockNode): Moved this constructor here, no longer inline.
+        Did the "break circular list" thing instead of the "reverse list" thing.
+        (SourceElementsNode::SourceElementsNode): Moved this constructor here, no longer inline.
+        Did the "break circular list" thing instead of the "reverse list" thing.
+        Added setLoc calls.
+
+        * kjs/grammar.cpp: Regenerated.
+        * kjs/grammar.cpp.h: Regenerated.
+        * kjs/grammar.h: Regenerated.
+
+=== Safari-112 ===
+
+2003-10-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed 3427069 - browsing mp3.com causes leaks (KJS)
+        
+        * kjs/string_object.cpp:
+        (StringProtoFuncImp::call): Don't do an early return, since that
+        could leak a temporary regexp.
+
+2003-10-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - fixed 3426076 - Leak of JS lexer data visiting http://www.ebay.com
+        
+        * kjs/grammar.cpp:
+        (yyerror): Updated the commented code.
+        * kjs/grammar.y: Don't delete string and identifier tokens when done
+        with them any more, they'll get cleaned up by the lexer now.
+        * kjs/internal.cpp:
+        (Parser::parse): Tell lexer when done parsing.
+        * kjs/lexer.cpp:
+        (Lexer::Lexer): Initialize new data members.
+        (Lexer::lex): Use new methods to make strings and identifiers, and
+        save them.
+        (Lexer::makeIdentifier): Make a new Identifier and save it in an
+        auto-growing array.
+        (Lexer::makeUString): Likewise for UStrings.
+        (Lexer::doneParsing): Clean up arrays of Ifentifiers and UStrings.
+        * kjs/lexer.h:
+
+2003-10-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Ken.
+
+        - fixed 3413962 -  malicious web pages can kill all future JavaScript execution by breaking recursion limit check
+        
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate): If we're going to return early due
+        to breaking the recursion limit, make sure to lower it again, or
+        it will creep up by one each time it's exceeded.
+
+2003-10-26  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCorePrefix.h: Added a C case to the NULL definition since we use C as well
+        as C++ in this project.
+
+2003-10-26  Darin Adler  <darin@apple.com>
+
+        - rolled in some CString changes Harri Porten did on the KDE side
+
+        * kjs/ustring.cpp:
+        (KJS::CString::CString): Use memcpy instead of strcpy for speed. Fix an off by one error
+        in the copy constructor.
+        (KJS::CString::operator=): Use memcpy instead of strcpy for speed.
+
+        * JavaScriptCorePrefix.h: Add a definition of NULL here that takes advantage of the GNU
+        __null feature even if the system C library doesn't.
+
+== Rolled over to ChangeLog-2003-10-25 ==
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2008-08-10 b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2008-08-10
new file mode 100644
index 000000000..0912aecff
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2008-08-10
@@ -0,0 +1,31482 @@
+2008-08-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed (and updated) by Alp Toker.
+
+        https://bugs.webkit.org/show_bug.cgi?id=16620
+        [GTK] Autotools make dist and make check support
+
+        Get make dist working.
+
+        Note that not all possible configurations have been tested yet.
+
+        * GNUmakefile.am:
+
+2008-08-09  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        Added same heap debug checks to more code paths.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::put):
+        (KJS::JSActivation::putWithAttributes):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::putWithAttributes):
+        * kjs/JSObject.h:
+        (KJS::JSObject::putDirect):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTablePut):
+        (KJS::JSVariableObject::symbolTablePutWithAttributes):
+
+2008-08-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Fix some style issues in the sampling tool.
+
+        * VM/SamplingTool.cpp:
+        (KJS::sleepForMicroseconds):
+        (KJS::SamplingTool::dump):
+
+2008-08-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Revision 35651, despite being a rather trivial change, introduced a
+        large regression on the regexp-dna SunSpider test. This regression
+        stemmed from an increase in the size of CodeBlock::dump(). There is
+        no reason for this method (and several related methods) to be compiled
+        in non-debug builds with the sampling tool disabled. This patch
+        conditionally compiles them, reversing the regression on SunSpider.
+
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+
+2008-08-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 20330: JSCore crash loading any filehurricane media page
+        <https://bugs.webkit.org/show_bug.cgi?id=20330>
+
+        Fix a typo in the constant loading patch. Also, add a case for
+        op_unexpected_load to CodeBlock::dump().
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addUnexpectedConstant):
+
+2008-08-08  Matt Lilek  <webkit@mattlilek.com>
+
+        Not reviewed, build fix.
+
+        * JavaScriptCore.exp:
+
+2008-08-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Improve performance of arithmetic operators
+
+        Added a fast (non-virtual) mechanism to determine if a non-immediate JSValue*
+        is a JSNumberCell.  We then use this to allow improved specialisation in many
+        arithmetic operators.  SunSpider reports a 2.5% progression overall, with greater
+        than 10% progressions on a number of arithmetic heavy tests.
+
+        * VM/Machine.cpp:
+        (KJS::fastIsNumber):
+        (KJS::fastToInt32):
+        (KJS::fastToUInt32):
+        (KJS::jsLess):
+        (KJS::jsLessEq):
+        (KJS::jsAdd):
+        (KJS::Machine::privateExecute):
+        * kjs/JSNumberCell.h:
+        (KJS::JSNumberCell::fastToInt32):
+        (KJS::JSNumberCell::fastToUInt32):
+        * kjs/collector.cpp:
+        (KJS::allocateBlock):
+        (KJS::Heap::heapAllocate):
+        * kjs/collector.h:
+        (KJS::Heap::fastIsNumber):
+
+2008-08-06  Adam Roben  <aroben@apple.com>
+
+        Try to fix the Windows build bots
+
+        * API/JSBase.cpp: Touch this to force JSC to rebuild and re-copy the
+        WTF headers.
+
+2008-08-06  Tor Arne Vestbø  <tavestbo@trolltech.com>
+
+        Revert change 35595.
+
+        * wtf/RetainPtr.h:
+
+2008-08-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Fix non-Mac build.
+
+        * wtf/RetainPtr.h: CoreFoundation only for PLATFORM(MAC)
+
+2008-08-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Fix non-Mac build.
+
+        * wtf/RetainPtr.h: CoreFoundation only for PLATFORM(MAC)
+
+2008-08-06  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Darin. Landed by Cameron.
+
+        Bug 20272: typo in JavaScriptCore
+        <https://bugs.webkit.org/show_bug.cgi?id=20272>
+
+        Correct the documentation for op_not. (typo)
+        Fix #undef. (typo)
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-08-06  Cameron Zwarich  <cwzwarich@webkit.org>
+
+        Reviewed by Maciej.
+
+        Bug 20286: Load constants all at once instead of using op_load
+        <https://bugs.webkit.org/show_bug.cgi?id=20286>
+
+        Load constants all at once into temporary registers instead of using
+        individual instances of op_load.
+
+        This is a 2.6% speedup on SunSpider.
+
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        (KJS::CodeBlock::mark):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::newTemporary):
+        (KJS::CodeGenerator::addConstant):
+        (KJS::CodeGenerator::addUnexpectedConstant):
+        (KJS::CodeGenerator::emitLoad):
+        (KJS::CodeGenerator::emitUnexpectedLoad):
+        (KJS::CodeGenerator::emitNewError):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::throwException):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * VM/RegisterID.h:
+        (KJS::RegisterID::RegisterID):
+        (KJS::RegisterID::makeConstant):
+        (KJS::RegisterID::isTemporary):
+        * kjs/NodeInfo.h:
+        * kjs/Parser.cpp:
+        (KJS::Parser::didFinishParsing):
+        * kjs/Parser.h:
+        (KJS::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::NullNode::emitCode):
+        (KJS::BooleanNode::emitCode):
+        (KJS::NumberNode::emitCode):
+        (KJS::StringNode::emitCode):
+        (KJS::ArrayNode::emitCode):
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::DeleteValueNode::emitCode):
+        (KJS::VoidNode::emitCode):
+        (KJS::ConstDeclNode::emitCodeSingle):
+        (KJS::ReturnNode::emitCode):
+        (KJS::ScopeNode::ScopeNode):
+        (KJS::ProgramNode::ProgramNode):
+        (KJS::ProgramNode::create):
+        (KJS::EvalNode::EvalNode):
+        (KJS::EvalNode::create):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::FunctionBodyNode::create):
+        (KJS::FunctionBodyNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::ScopeNode::neededConstants):
+
+2008-08-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron.
+
+        - add fast path for immediates to % operator, as we have for many other math ops
+        
+        This fixes handling for a 0 divisor relative to the last patch. Only an 0.2% speedup on SunSpider but
+        still a 1.4x win on Oliver's prime test.
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-08-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 20293: Crash in JavaScript codegen for eval("const a;")
+        <https://bugs.webkit.org/show_bug.cgi?id=20293>
+
+        Correctly handle constant declarations in eval code with no initializer.
+
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::emitCodeSingle):
+
+2008-08-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Roll out r35555 because of correctness issues.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-08-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - add fast path for immediates to % operator, as we have for many other math ops
+        
+        0.6% speedup on SunSpider. 1.4x speedup on a prime testing torture test that Oliver whipped up.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-07-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 19359: JavaScriptCore behaves differently from FF2/3 and IE when handling context in catch statement
+        <https://bugs.webkit.org/show_bug.cgi?id=19359>
+
+        Make our catch behave like Firefox and IE, we do this by using a StaticScopeObject
+        instead of a generic JSObject for the scope node.  We still don't make use of the
+        fact that we have a static scope inside the catch block, so the internal performance
+        of the catch block is not improved, even though technically it would be possible to
+        do so.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPushNewScope):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::createExceptionScope):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/JSStaticScopeObject.cpp:
+        (KJS::JSStaticScopeObject::toThisObject):
+        (KJS::JSStaticScopeObject::put):
+        * kjs/JSStaticScopeObject.h:
+        * kjs/nodes.cpp:
+        (KJS::TryNode::emitCode):
+
+2008-08-02  Rob Gowin  <robg@gowin.net>
+
+        Reviewed by Eric Seidel.
+
+        Added JavaScriptCore/API/WebKitAvailability to list of files in
+        javascriptcore_h_api.
+
+        * GNUmakefile.am:
+
+2008-08-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Maciej.
+
+        Remove JSGlobalData::DataInstance. It was only needed when we had per-thread JSGlobalData
+        instances.
+
+        * kjs/JSGlobalData.h:
+
+2008-07-31  Kevin Ollivier <kevino@theolliviers.com>
+
+        Second attempt at Windows/wx build fix. Instead of avoiding inclusion of windows.h,
+        use defines, etc. to avoid conflicts in each affected file. Also, change PLATFORM(WIN)
+        to PLATFORM(WIN_OS) so that other ports using Windows headers get the right impls.
+
+        * VM/SamplingTool.cpp:
+        * wtf/Threading.h:
+
+2008-07-31  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        Fix Windows build.
+        
+        * kjs/collector.h:
+        * wtf/FastMalloc.cpp:
+
+2008-07-31  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Simon.
+
+        Bug 20170: [Qt] missing namespace defines in JavaScriptCore.pro
+        <https://bugs.webkit.org/show_bug.cgi?id=20170>
+
+        * JavaScriptCore.pro: Added missing define.
+
+2008-07-31  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Maciej.
+
+        Eliminate JSLock (it was already disabled, removing the stub implementaion and all
+        call sites now).
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        (JSGarbageCollect):
+        * API/JSCallbackConstructor.cpp:
+        (KJS::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::init):
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::construct):
+        (KJS::::hasInstance):
+        (KJS::::call):
+        (KJS::::getPropertyNames):
+        (KJS::::toNumber):
+        (KJS::::toString):
+        (KJS::::staticValueGetter):
+        (KJS::::callbackGetter):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreateInGroup):
+        (JSGlobalContextRetain):
+        (JSGlobalContextRelease):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        (JSObjectCopyPropertyNames):
+        (JSPropertyNameArrayRelease):
+        (JSPropertyNameAccumulatorAddName):
+        * API/JSStringRef.cpp:
+        (JSStringRelease):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * ForwardingHeaders/JavaScriptCore/JSLock.h: Removed.
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.order:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject):
+        (KJS::JSGlobalObject::init):
+        * kjs/JSLock.cpp: Removed.
+        * kjs/JSLock.h: Removed.
+        * kjs/Shell.cpp:
+        (functionGC):
+        (jscmain):
+        * kjs/collector.cpp:
+        (KJS::Heap::~Heap):
+        (KJS::Heap::heapAllocate):
+        (KJS::Heap::setGCProtectNeedsLocking):
+        (KJS::Heap::protect):
+        (KJS::Heap::unprotect):
+        (KJS::Heap::collect):
+        * kjs/identifier.cpp:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+
+2008-07-31  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Fix the Mac project to not display "test/" as part of file name for tests.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-31  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Alexey Proskuryakov.
+        
+        Rename USE(MULTIPLE_THREADS) to ENABLE(JSC_MULTIPLE_THREADS)
+        to better match the use/enable pattern (and better describe
+        the usage of the feature in question.)
+        
+        I also fixed a couple other ENABLE_ macros to be pre-processor
+        definition override-able to match the rest of the ENABLE_ macros
+        since it seems to be our convention that build systems can set
+        ENABLE_ macros in Makefiles.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreadingOnce):
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::~JSGlobalData):
+        * kjs/MathObject.cpp:
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap):
+        (KJS::Heap::~Heap):
+        (KJS::allocateBlock):
+        (KJS::Heap::markStackObjectsConservatively):
+        * kjs/collector.h:
+        * kjs/dtoa.cpp:
+        (KJS::pow5mult):
+        (KJS::rv_alloc):
+        (KJS::freedtoa):
+        (KJS::dtoa):
+        * wtf/FastMalloc.cpp:
+        * wtf/Platform.h:
+        * wtf/RefCountedLeakCounter.cpp:
+
+2008-07-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Mark Rowe.
+        
+        Try to clean up our usage of USE(MULTIPLE_THREADS) vs. USE(PTHREADS) a little.
+        It looks like JSC assumes that if MULTIPLE_THREADS is defined, then pthreads will always be available
+        I'm not sure that's always the case for gtk, certainly not for Windows.  We should eventually go back
+        and fix wtf/Threading.h to cover all these cases some day.
+
+        * kjs/JSLock.cpp:
+        * kjs/collector.h:
+        * wtf/Platform.h:
+
+2008-07-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+        
+        MSVC warns when structs are called classes or vice versa.
+        Make all the source refer to JSGlobalData as a class.
+
+        * kjs/CommonIdentifiers.h:
+        * kjs/JSGlobalData.h:
+        * kjs/Parser.h:
+        * kjs/lexer.h:
+
+2008-07-30  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Add consistency checks to UString to document and enforce its design.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        (KJS::UString::Rep::checkConsistency):
+        (KJS::UString::expandCapacity):
+        (KJS::UString::expandPreCapacity):
+        (KJS::UString::UString):
+        (KJS::UString::spliceSubstringsWithSeparators):
+        (KJS::UString::append):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::checkConsistency):
+
+2008-07-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fixes for Windows and non-AllInOne file build with SamplingTool, plus review fixes.
+
+        * GNUmakefile.am:              Adding SamplingTool.cpp to build.
+        * JavaScriptCore.exp:          Export hooks to init & control SamplingTool.
+        * JavaScriptCore.pri:          Adding SamplingTool.cpp to build.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Adding SamplingTool.cpp to build.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Adding SamplingTool.cpp to build.
+        * JavaScriptCoreSources.bkl:   Adding SamplingTool.cpp to build.
+        * VM/Machine.cpp:              MACHINE_SAMPLING_callingNativeFunction renamed MACHINE_SAMPLING_callingHostFunction
+        * VM/Machine.h:
+        * VM/Opcode.cpp:               SamplingTool moved to SamplingTool.cpp/.h, opcodeNames generated from FOR_EACH_OPCODE_ID.
+        * VM/Opcode.h:
+        * VM/SamplingTool.cpp:         Added .cpp/.h for SamplingTool.
+        * VM/SamplingTool.h:
+        * kjs/Shell.cpp:               Switched SAMPLING_TOOL_ENABLED to ENABLE_SAMPLING_TOOL.
+        * wtf/Platform.h:              Added ENABLE_SAMPLING_TOOL config option.
+        * kjs/nodes.cpp:               Header include to fix non-AllInOne builds.
+
+2008-07-30  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix compilation without multi-threading support.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap):
+
+2008-07-30  Anders Carlsson  <andersca@apple.com>
+        
+        Add WebKitAvailability.h forwarding header.
+        
+        * ForwardingHeaders/JavaScriptCore/WebKitAvailability.h: Added.
+
+2008-07-30  Anders Carlsson  <andersca@apple.com>
+
+        Fix the else.
+        
+        * API/WebKitAvailability.h:
+
+2008-07-30  Anders Carlsson  <andersca@apple.com>
+
+        * API/WebKitAvailability.h:
+        Fix Windows (and other non-Mac builds).
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Add WebKitAvailability.h to the project.
+
+2008-07-30  Anders Carlsson  <andersca@apple.com>
+
+        One step closer towards fixing the Windows build.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        Make sure to copy WebKitAvailability.h
+
+2008-07-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 20209: Atomize constant strings
+        <https://bugs.webkit.org/show_bug.cgi?id=20209>
+
+        Prevents significant performance degradation seen when a script contains multiple
+        identical strings that are used as keys to identify properties on objects.
+
+        No performance change on SunSpider.
+
+        * kjs/nodes.cpp: Atomize constant strings.
+
+2008-07-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        <rdar://problem/6111648> JavaScript exceptions fail if the scope chain includes the global object
+
+        In an attempt to remove the branch I just added to KJS::depth I
+        used the existence of a Variable Object at a point in the scope
+        chain as an indicator of function or global scope activation.
+        However this assumption results in incorrect behaviour if the
+        global object is injected into the scope chain with 'with'.
+
+        * VM/Machine.cpp:
+        (KJS::depth):
+
+2008-07-30  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Don't call JSGarbageCollect() on a released context.
+
+        * API/testapi.c: (main):
+
+2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Implement JSContextGroup APIs to make concurrent execution possible for
+        JavaScriptCore clients.
+
+        This changes the behavior of JSGlobalContextCreate(), so that it now uses a private context
+        group for each context, making JSlock implicit locking unnecessary.
+
+        * API/JSContextRef.h:
+        * API/JSContextRef.cpp:
+        (JSContextGroupCreate):
+        (JSContextGroupRetain):
+        (JSContextGroupRelease):
+        (JSGlobalContextCreate):
+        (JSGlobalContextCreateInGroup):
+        (JSGlobalContextRelease):
+        (JSContextGetGroup):
+        Added new methods. JSGlobalContextCreate() calls JSGlobalContextCreateInGroup() now.
+
+        * API/APICast.h: (toJS): (toRef): Added converters for JSContextGroupRef.
+        * API/JSBase.cpp: (JSGarbageCollect): JSGarbageCollect(0) is now a no-op, and the passed in
+        context is actually used.
+
+        * API/JSBase.h: Aded a typedef for JSContextGroupRef. Updated documentation for
+        JSGarbageCollect().
+
+        * JavaScriptCore.exp: Removed JSGlobalData::sharedInstance().
+
+        * kjs/JSGlobalData.cpp:
+        * kjs/JSGlobalData.h:
+        Removed support for JSGlobalData shared instance. JSGlobalData::isSharedInstance member
+        variable still remains, to be deleted in a followup patch.
+
+        * kjs/JSLock.cpp: (KJS::JSLock::JSLock): Disabled JSLock, to be deleted in a follow-up patch.
+        
+        * kjs/collector.cpp:
+        (KJS::Heap::markOtherThreadConservatively): Removed an assertion that referenced
+        JSGlobalData::sharedInstance.
+
+        * kjs/collector.h: Made Heap destructor public, so that JSContextRelease can use it.
+
+2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Fix a leak of ThreadRegistrar objects.
+
+        As the heap is usually deleted when registered threads still exist, ThreadSpecific doesn't
+        have a chance to clean up per-thread object. Switched to native pthread calls, storing a
+        plain pointer that doesn't require cleanup.
+
+        * kjs/collector.cpp:
+        (KJS::PlatformThread::PlatformThread):
+        (KJS::Heap::Thread::Thread):
+        (KJS::Heap::Heap):
+        (KJS::Heap::~Heap):
+        (KJS::Heap::registerThread):
+        (KJS::Heap::unregisterThread):
+        * kjs/collector.h:
+
+2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20169
+        Memory allocated with fastMalloc is freed with delete
+
+        * VM/JSPropertyNameIterator.cpp:
+        (KJS::JSPropertyNameIterator::invalidate): Free the array properly.
+        (KJS::JSPropertyNameIterator::~JSPropertyNameIterator): Delete the array by calling
+        invalidate().
+
+2008-07-29  Mark Rowe  <mrowe@apple.com>
+
+        Attempt to fix the Qt build.
+
+        * wtf/ThreadingQt.cpp: Add the extra argument to createThread.
+
+2008-07-29  Adam Roben  <aroben@apple.com>
+
+        Change Vector::find to return an index instead of an iterator
+
+        Indices are more natural than iterators when working with Vector.
+
+        Reviewed by John Sullivan.
+
+        * wtf/Vector.h:
+        (WTF::Vector::find): Changed to iterate the Vector manually and return
+        the index of the found item, rather than an iterator. When the item
+        could not be found, we return WTF::notFound.
+
+2008-07-29  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::setThreadName): Move a misplaced assertion to here...
+        (WTF::createThread): ...from here.
+
+2008-07-29  Adam Roben  <aroben@apple.com>
+
+        Add support for setting thread names on Windows
+
+        These thread names make it much easier to identify particular threads
+        in Visual Studio's Threads panel.
+
+        WTF::createThread now takes a const char* representing the thread's
+        name. On Windows, we throw a special exception to set this string as
+        the thread's name. Other platforms do nothing with this name for now.
+
+        Reviewed by Anders Carlsson.
+
+        * JavaScriptCore.exp: Export the new version of createThread that
+        takes 3 arguments (the old one continues to be exported for backward
+        compatibility).
+        * wtf/Threading.h: Add a threadName argument to createThread.
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::createThread):
+        * wtf/ThreadingNone.cpp:
+        (WTF::createThread):
+        Updated for function signature change.
+
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::createThread): Updated for function signature change. We keep
+        around the old 2-argument version of createThread for backward
+        compatibility.
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::setThreadName): Added. This function's implementation came from
+        MSDN.
+        (WTF::initializeThreading): Set the name of the main thread.
+        (WTF::createThread): Call setThreadName. We keep around the old
+        2-argument version of createThread for backward compatibility.
+
+2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Store UString::Rep::isStatic bit in identifierTable pointer instead of reportedCost for
+        slightly nicer code and a 0.5% SunSpider improvement.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::~OpaqueJSClass):
+        (OpaqueJSClassContextData::OpaqueJSClassContextData):
+        * API/JSStringRef.cpp:
+        (JSStringRelease):
+        * kjs/PropertyNameArray.cpp:
+        (KJS::PropertyNameArray::add):
+        * kjs/identifier.cpp:
+        (KJS::IdentifierTable::~IdentifierTable):
+        (KJS::IdentifierTable::add):
+        (KJS::Identifier::addSlowCase):
+        (KJS::Identifier::remove):
+        * kjs/identifier.h:
+        (KJS::Identifier::add):
+        * kjs/ustring.cpp:
+        (KJS::):
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::identifierTable):
+        (KJS::UString::Rep::setIdentifierTable):
+        (KJS::UString::Rep::isStatic):
+        (KJS::UString::Rep::setStatic):
+        (KJS::UString::cost):
+
+2008-07-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Renamed "ConstructTypeNative" => "ConstructTypeHost".
+        
+2008-07-26  Mark Rowe  <mrowe@apple.com>
+
+        Speculative fix for the wx build.
+
+        * JavaScriptCoreSources.bkl:  Add JSStaticScopeObject.cpp to the list of source files.
+
+2008-07-25  Oliver Hunt  <oliver@apple.com>
+
+        RS=Cameron Zwarich.
+
+        Whoops, forgot to save style correction.
+
+        * kjs/JSStaticScopeObject.h:
+
+2008-07-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 19718: Named anonymous functions are slow accessing global variables
+        <https://bugs.webkit.org/show_bug.cgi?id=19718>
+
+        To fix this we switch over to an activation-like scope object for
+        on which we attach the function name property, and add logic to 
+        prevent cross scope assignment to read only properties.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::findScopedProperty):
+        (KJS::CodeGenerator::emitResolve):
+        * VM/CodeGenerator.h:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSStaticScopeObject.cpp: Added.
+        (KJS::JSStaticScopeObject::putWithAttributes):
+        (KJS::JSStaticScopeObject::isDynamicScope):
+        (KJS::JSStaticScopeObject::~JSStaticScopeObject):
+        (KJS::JSStaticScopeObject::getOwnPropertySlot):
+        * kjs/JSStaticScopeObject.h: Added.
+        (KJS::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
+        (KJS::JSStaticScopeObject::JSStaticScopeObject):
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::emitCode):
+        (KJS::PostfixResolveNode::emitCode):
+        (KJS::PrefixResolveNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::FuncExprNode::makeFunction):
+
+2008-07-25  kevino  <kevino@theolliviers.com>
+
+        wx build fix for Win.
+        
+        On wx/Win, including windows.h in Threading.h causes multiply-defined symbol errors
+        for libjpeg and wx, and also wx needs to include windows.h itself first for wx
+        includes to work right. So until we can find a better solution to this problem,
+        on wx, we work around the need to include windows.h here.
+
+        * wtf/Threading.h:
+
+2008-07-25  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add API/ to the
+        include path.
+
+2008-07-25  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the build of jsc on Qt/Windows, make sure os-win32 is in the
+        include search path (added by WebKit.pri).
+
+        * kjs/jsc.pro:
+
+2008-07-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Simon Hausmann.
+
+        Move JavaScriptCore API tests into a subdirectory of their own to avoid header name
+        conflicts and developer confusion.
+
+        * API/JSNode.c: Removed.
+        * API/JSNode.h: Removed.
+        * API/JSNodeList.c: Removed.
+        * API/JSNodeList.h: Removed.
+        * API/Node.c: Removed.
+        * API/Node.h: Removed.
+        * API/NodeList.c: Removed.
+        * API/NodeList.h: Removed.
+        * API/minidom.c: Removed.
+        * API/minidom.html: Removed.
+        * API/minidom.js: Removed.
+        * API/testapi.c: Removed.
+        * API/testapi.js: Removed.
+        * API/tests: Added.
+        * API/tests/JSNode.c: Copied from JavaScriptCore/API/JSNode.c.
+        * API/tests/JSNode.h: Copied from JavaScriptCore/API/JSNode.h.
+        * API/tests/JSNodeList.c: Copied from JavaScriptCore/API/JSNodeList.c.
+        * API/tests/JSNodeList.h: Copied from JavaScriptCore/API/JSNodeList.h.
+        * API/tests/Node.c: Copied from JavaScriptCore/API/Node.c.
+        * API/tests/Node.h: Copied from JavaScriptCore/API/Node.h.
+        * API/tests/NodeList.c: Copied from JavaScriptCore/API/NodeList.c.
+        * API/tests/NodeList.h: Copied from JavaScriptCore/API/NodeList.h.
+        * API/tests/minidom.c: Copied from JavaScriptCore/API/minidom.c.
+        * API/tests/minidom.html: Copied from JavaScriptCore/API/minidom.html.
+        * API/tests/minidom.js: Copied from JavaScriptCore/API/minidom.js.
+        * API/tests/testapi.c: Copied from JavaScriptCore/API/testapi.c.
+        * API/tests/testapi.js: Copied from JavaScriptCore/API/testapi.js.
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-25  Simon Hausmann  <hausmann@webkit.org>
+
+        Prospective WX build fix, add JavaScriptCore/API to the include search
+        path.
+
+        * jscore.bkl:
+
+2008-07-25  Simon Hausmann  <hausmann@webkit.org>
+
+        Rubber-stamped by Lars.
+
+        Fix the build on Windows. operator new for ArgList is implemented using fastMalloc()
+        but operator delete was not implemented. Unfortunately MSVC decides to call/reference
+        the function, so a simple implementation using fastFree() fixes the build.
+
+        * kjs/ArgList.h:
+        (KJS::ArgList::operator delete):
+
+2008-07-25  Simon Hausmann  <hausmann@webkit.org>
+
+        Discussed with and rubber-stamped by Lars.
+
+        Fix the build system for the Qt port.
+
+        Recent JavaScriptCore changes require the addition of JavaScriptCore/API to the
+        include search path. With a build process that combines JavaScriptCore and
+        WebCore in one build process/Makefile the existance of
+        JavaScriptCore/API/Node.h and WebCore/dom/Node.h causes include conflicts.
+
+        This commit solves this by introducing a separate build of JavaScriptCore into
+        a static library.
+
+        As a result of the split-up a race-condition due to broken dependencies of
+        regular source files to header files of generated sources showed up very
+        frequently when doing parallel builds (which the buildbot does). This commit at
+        the same time tries to address the dependency problem by making the
+        addExtraCompiler() function also generate a pseudo extra compiler that
+        represents the header file output, so that qmake is aware of the creation of
+        the header file for dependency calculation.
+
+        At the same time I removed a lot of cruft from the pro files to ease maintenance.
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.pro: Added.
+        * kjs/jsc.pro:
+
+2008-07-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed a strict aliasing violation, which caused hash tables with floating
+        point keys not to find items that were indeed in the tables
+        (intermittently, and only in release builds, of course).
+        
+        SunSpider reports no change.
+        
+        This bug doesn't seem to affect any existing code, but it causes obvious
+        crashes in some new code I'm working on.
+
+        * wtf/HashFunctions.h:
+        (WTF::FloatHash::hash): Use a union when punning between a float / double
+        and an unsigned (bucket of bits). With strict aliasing enabled, unions
+        are the only safe way to do this kind of type punning.
+
+        * wtf/HashTable.h: When rehashing, ASSERT that the item we just added to
+        the table is indeed in the table. In the buggy case described above, this
+        ASSERT fires.
+
+2008-07-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 20142: REGRESSION(r35245): /=/ weirdness
+        <https://bugs.webkit.org/show_bug.cgi?id=20142>
+
+        When adding all the meta data needed for exception error messages
+        I accidentally clobbered the handling of regex beginning with /=.
+
+        * kjs/grammar.y:
+
+2008-07-23  Alp Toker  <alp@nuanti.com>
+
+        Build fix after r35293: Add API/ to the include path.
+
+        * GNUmakefile.am:
+
+2008-07-23  Adam Roben  <aroben@apple.com>
+
+        Windows build fixes
+
+        Build fix after r35293:
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add API/
+        to the include path.
+
+        Build fix after r35305:
+
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * VM/Opcode.cpp:
+        * VM/Opcode.h:
+        Completely compile out all sampler-related code when
+        SAMPLING_TOOL_ENABLED is 0. The sampler code can't be compiled 1) on
+        non-AllInOne configurations due to circular header dependencies, and
+        2) on platforms that don't have a usleep() function, such as Windows.
+
+2008-07-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen and Sam Weinig.
+
+        Improve switch performance.
+
+        Improve switch performance by converting to a hashmap based jump
+        table to avoid the sequence of dispatches that would otherwise be
+        needed.  This results in a 9-19x performance win for string switches
+        based on ad hoc testing, and a 6x improvement for integer switch
+        statements.  SunSpider reports a 1.2% progression.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        (KJS::SimpleJumpTable::offsetForValue):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::beginSwitch):
+        (KJS::prepareJumpTableForImmediateSwitch):
+        (KJS::prepareJumpTableForCharacterSwitch):
+        (KJS::prepareJumpTableForStringSwitch):
+        (KJS::CodeGenerator::endSwitch):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::offsetForStringSwitch):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.cpp:
+        (KJS::):
+        * VM/Opcode.h:
+        * kjs/JSImmediate.h:
+        * kjs/nodes.cpp:
+        (KJS::):
+        (KJS::processClauseList):
+        (KJS::CaseBlockNode::tryOptimisedSwitch):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+        * kjs/nodes.h:
+        (KJS::SwitchInfo::):
+
+2008-07-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Sampling tool to analyze cost of instruction execution and identify hot regions of JS code.
+        Enable Switches by setting SAMPLING_TOOL_ENABLED in Opcode.h.
+
+        * JavaScriptCore.exp: Export symbols for Shell.cpp.
+        * VM/Machine.cpp:     Added sampling hooks.
+        * VM/Machine.h:       Machine contains a pointer to a sampler, when sampling.
+        * VM/Opcode.cpp:      Tool implementation.
+        * VM/Opcode.h:        Tool declaration.
+        * kjs/Shell.cpp:      Initialize the sampler, if enabled.
+        * kjs/nodes.cpp:      Added sampling hooks.
+
+2008-07-23  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Bug 20097: [Qt] 20% Sunspider slow-down
+
+        <https://bugs.webkit.org/show_bug.cgi?id=20097>
+
+        Reviewed by Simon Hausmann.
+
+        * kjs/jsc.pro: Added missing NDEBUG define for release builds.
+
+2008-07-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        JSClassRef is created context-free, but gets infatuated with the first context it sees.
+
+        The implicit API contract is that JSClassRef can be used with any context on any thread.
+        This no longer worked, because UStrings in the class were turned into per-context
+        identifiers, and the cached JSObject prototype was tied to JSGlobalData, too.
+
+        * API/JSClassRef.h: Made a separate struct for context-dependent parts of OpaqueJSClass.
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass): Updated for renames and changed member variable order.
+        (OpaqueJSClass::~OpaqueJSClass): Assert that string members are not identifiers.
+        (clearReferenceToPrototype): Update for the new reference location.
+        (OpaqueJSClassContextData::OpaqueJSClassContextData): Make a deep copy of all strings.
+        (OpaqueJSClass::contextData): Added a function that finds the per-context part of
+        OpaqueJSClass in JSGlobalData, or creates it if not found.
+        (OpaqueJSClass::className): Always make a deep copy. Callers of this function do not have
+        a way to access JSGlobalData, so a per-context copy could not be made.
+        (OpaqueJSClass::staticValues): Updated for new data location.
+        (OpaqueJSClass::staticFunctions): Ditto.
+        (OpaqueJSClass::prototype): Changed to take an internal type for consistency.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::~JSGlobalData):
+        * kjs/JSGlobalData.h:
+        Keep a HashMap to access per-context JSClass data given a pointr to the shared part.
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::className):
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::getPropertyNames):
+        (KJS::::staticValueGetter):
+        (KJS::::staticFunctionGetter):j
+        Use function accessors instead of accessing OpaqueJSClass members directly.
+
+        * API/JSContextRef.cpp: (JSGlobalContextCreate): Updated for the change in
+        OpaqueJSClass::prototype() argument type.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMake): Updated for the change in OpaqueJSClass::prototype() argument type.
+        (JSObjectMakeConstructor): Ditto.
+
+2008-07-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * kjs/ArgList.h: (KJS::ArgList::operator new): removed an extraneous "ArgList::" inside the
+        class definition.
+
+2008-07-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Sam Weinig.
+
+        Next step toward putting doubles in registers: Prepare the Register class
+        and its clients for registers that don't contain JSValue*s.
+        
+        This means a few things:
+        
+        1. Register::jsValue() clients, including ArgList clients, must now supply
+        an ExecState* when accessing an entry in an ArgList, in case the entry
+        will need to create a JSValue* on the fly.
+        
+        2. Register clients that definitely don't want to create a JSValue* on
+        the fly now use different APIs: getJSValue() for clients that know
+        the register contains a JSValue*, and v() for clients who just want a
+        void*.
+        
+        3. I had to change some headers around in order to resolve dependency
+        problems created by using a Register in the ArgList header.
+        
+        SunSpider reports no change.
+        
+2008-07-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Prevent integer overflow when reallocating storage vector for arrays.
+
+        Sunspider reports 1.005x as fast (no change expected).
+
+        * kjs/JSArray.cpp:
+
+2008-07-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <rdar://problem/6091287> Revamp the handling of CFBundleShortVersionString to be fixed at the major component of the version number.
+
+        * Configurations/Version.xcconfig:
+        * Info.plist:
+
+2008-07-21  Adam Roben  <aroben@apple.com>
+
+        Add Vector::find
+
+        This is a convenience wrapper around std::find.
+
+        Reviewed by Anders Carlsson.
+
+        * wtf/Vector.h:
+
+2008-07-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 20104: Exception in tables/mozilla_expected_failures/bugs/bug92868_1.html includes the equals operator in the quoted expression
+        <https://bugs.webkit.org/show_bug.cgi?id=20104>
+
+        To make this correct we make the dot and bracket assign nodes emit the information to indicate
+        the failure range is the dot/bracket accessor.
+
+        * kjs/grammar.y:
+
+2008-07-18  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (KJS::isStrWhiteSpace):
+
+2008-07-18  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * kjs/nodes.h:
+        (KJS::ThrowableExpressionData::ThrowableExpressionData):
+
+2008-07-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 18774: SQUIRRELFISH: print meaningful error messages <https://bugs.webkit.org/show_bug.cgi?id=18774>
+        <rdar://problem/5769353> SQUIRRELFISH: JavaScript error messages are missing informative text
+
+        Add support for decent error messages in JavaScript.  This patch achieves this by providing
+        ensuring the common errors and exceptions have messages that provide the text of expression
+        that trigger the exception.  In addition it attaches a number of properties to the exception
+        object detailing where in the source the expression came from.
+
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::lineNumberForVPC):
+        (KJS::CodeBlock::expressionRangeForVPC): 
+            Function to recover the expression range for an instruction
+            that triggered an exception.
+        * VM/CodeBlock.h:
+        (KJS::ExpressionRangeInfo::):
+        (KJS::CodeBlock::CodeBlock):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall):
+        (KJS::CodeGenerator::emitCallEval):
+            Emit call needed to be modified so to place the expression range info internally,
+            as the CodeGenerator emits the arguments nodes itself, rather than the various call
+            nodes.
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::emitExpressionInfo):
+            Record the expression range info.
+        * VM/ExceptionHelpers.cpp:
+        (KJS::createErrorMessage):
+        (KJS::createInvalidParamError):
+        (KJS::createUndefinedVariableError):
+        (KJS::createNotAConstructorError):
+        (KJS::createNotAFunctionError):
+        (KJS::createNotAnObjectErrorStub):
+        (KJS::createNotAnObjectError):
+            Rewrite all the code for the error messages so that they make use of the newly available
+            information.
+        * VM/ExceptionHelpers.h:
+        * VM/Machine.cpp:
+        (KJS::isNotObject):  Now needs vPC and codeBlock
+        (KJS::Machine::throwException):
+            New logic to handle the NotAnObjectErrorStub and to handle the absurd "no default value" edge case
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::evaluate):
+        * kjs/Error.cpp:
+        (KJS::Error::create):
+        * kjs/Error.h:
+        * kjs/JSGlobalObjectFunctions.cpp:
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+        (KJS::JSImmediate::prototype):
+            My changes to the JSNotAnObject constructor needed to be handled here.
+        * kjs/JSNotAnObject.h:
+        (KJS::JSNotAnObjectErrorStub::JSNotAnObjectErrorStub):
+        (KJS::JSNotAnObjectErrorStub::isNull):
+        (KJS::JSNotAnObjectErrorStub::isNotAnObjectErrorStub):
+            Added a JSNotAnObjectErrorStub class to ease the handling of toObject failure exceptions,
+            and potentially allow even more detailed error messages in future.
+        * kjs/JSObject.h:
+        * kjs/Parser.h:
+        (KJS::Parser::parse):
+        * kjs/SourceRange.h:
+        * kjs/grammar.y:
+            Large amounts of position propagation.
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::shift):
+        (KJS::Lexer::lex):
+            The lexer needed a few changes to be able to correctly track token character positions.
+        * kjs/lexer.h:
+        * kjs/nodes.cpp:
+        (KJS::ThrowableExpressionData::emitThrowError):
+        (KJS::StatementNode::StatementNode):
+        (KJS::ResolveNode::emitCode):
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::NewExprNode::emitCode):
+        (KJS::EvalFunctionCallNode::emitCode):
+        (KJS::FunctionCallValueNode::emitCode):
+        (KJS::FunctionCallResolveNode::emitCode):
+        (KJS::FunctionCallBracketNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+        (KJS::PostfixResolveNode::emitCode):
+        (KJS::PostfixBracketNode::emitCode):
+        (KJS::PostfixDotNode::emitCode):
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::DeleteBracketNode::emitCode):
+        (KJS::DeleteDotNode::emitCode):
+        (KJS::PrefixResolveNode::emitCode):
+        (KJS::PrefixBracketNode::emitCode):
+        (KJS::PrefixDotNode::emitCode):
+        (KJS::ThrowableBinaryOpNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        (KJS::ForInNode::ForInNode):
+        (KJS::ForInNode::emitCode):
+        (KJS::WithNode::emitCode):
+        (KJS::LabelNode::emitCode):
+        (KJS::ThrowNode::emitCode):
+        (KJS::ProgramNode::ProgramNode):
+        (KJS::ProgramNode::create):
+        (KJS::EvalNode::generateCode):
+        (KJS::FunctionBodyNode::create):
+        (KJS::FunctionBodyNode::generateCode):
+        (KJS::ProgramNode::generateCode):
+            All of these methods were handling the position information.  
+            Constructors and create methods were modified to store the information.
+            All the emitCall implementations listed needed to be updated to actually
+            record the position information we have so carefully collected.
+        * kjs/nodes.h:
+        (KJS::ThrowableExpressionData::ThrowableExpressionData):
+        (KJS::ThrowableExpressionData::setExceptionSourceRange):
+        (KJS::ThrowableExpressionData::divot):
+        (KJS::ThrowableExpressionData::startOffset):
+        (KJS::ThrowableExpressionData::endOffset):
+        (KJS::ThrowableSubExpressionData::ThrowableSubExpressionData):
+        (KJS::ThrowableSubExpressionData::setSubexpressionInfo):
+        (KJS::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
+        (KJS::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
+            ThrowableExpressionData is just a uniform mechanism for storing the position
+            information.
+        (KJS::ResolveNode::):
+        (KJS::PrePostResolveNode::):
+        (KJS::ThrowableBinaryOpNode::):
+        (KJS::WithNode::):
+
+2008-07-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Three renames:
+        
+        "CallTypeNative" => "CallTypeHost"
+        "code" => "byteCode"
+        "generatedCode" => "generatedByteCode"
+
+2008-07-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Optimized <= for immediate number cases.
+        
+        SunSpider reports no overall change, but a 10% speedup on access-nsieve.
+
+2008-07-18  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Fix some casts added in a previous build fix to match the style used
+        throughout WebKit.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::initializeCallFrame):
+        * VM/Register.h:
+        (KJS::Register::Register):
+
+2008-07-18  Landry Breuil  <landry@openbsd.org>
+
+        Bug 19975: [OpenBSD] Patches to enable build of WebKit
+
+        <https://bugs.webkit.org/show_bug.cgi?id=19975>
+
+        Reviewed by David Kilzer.
+
+        Support for OpenBSD, mostly threading and libm tweaks.
+
+        * kjs/collector.cpp: #include <pthread.h>
+        (KJS::currentThreadStackBase): use pthread_stackseg_np() to get stack base
+        * kjs/config.h: OpenBSD also provides <pthread_np.h>
+        * wtf/MathExtras.h: #include <sys/types.h> and <machine/ieee.h>
+        (isfinite), (signbit): as long as we don't have those functions provide fallback implementations
+        * wtf/Platform.h: Add support for PLATFORM(OPENBSD) and PLATFORM(SPARC64) macro
+
+2008-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Next step toward putting doubles in registers: Store constant pool
+        entries as registers, not JSValue*s.
+        
+        SunSpider reports no change.
+
+2008-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John Sullivan and Oliver Hunt.
+        
+        A tiny bit of tidying in function call register allocation.
+        
+        This patch saves one register when invoking a function expression and/or
+        a new expression that is stored in a temporary.
+        
+        Since it's just one register, I can't make a testcase for it.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall): No need to ref the function we're calling
+        or its base. We'd like the call frame to overlap with them, if possible.
+        op_call will read the function and its base before writing the call frame,
+        so this is safe.
+
+        * kjs/nodes.cpp:
+        (KJS::NewExprNode::emitCode): No need to ref the function we're new-ing,
+        for the same reasons stated above.
+        
+        (KJS::FunctionCallValueNode::emitCode): ditto
+
+2008-07-17  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+        
+        * kjs/InternalFunction.cpp:
+
+2008-07-17  Sam Weinig  <sam@webkit.org>
+
+        Roll out r35199 as it is causing failures on the PPC build.
+
+2008-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by David Kilzer.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=20067
+        Support function.name (Firefox extension)
+        
+        Pretty straight-forward.
+
+2008-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed <rdar://problem/6081636> Functions calls use more temporary
+        registers than necessary
+        
+        Holding a reference to the last statement result register caused each
+        successive statement to output its result to an even higher register.
+        
+        Happily, statements don't actually need to return a result register
+        at all. I hope to make this clearer in a future cleanup patch,
+        but this change will fix the major bug for now.
+
+        * kjs/nodes.cpp:
+        (KJS::statementListEmitCode):
+
+2008-07-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Merge pre&post dot nodes to simplify the parse tree.
+        Sunspider results show 0.6% progression (no performance change expected).
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-07-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Merge pre&post resolve nodes to simplify the parse tree.
+        Sunspider results show no performance change.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-07-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Merge logical nodes to simplify the parse tree.
+        Sunspider results show 0.6% progression (no performance change expected).
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-07-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix MinGW build (broken in r35198) and simplify getLocalTime().
+
+        * kjs/DateMath.cpp:
+        (KJS::getLocalTime):
+
+2008-07-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Merge pre&post bracket nodes to simplify the parse tree.
+        Sunspider results show no performance change.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-07-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix the 32-bit gcc builds, conversion from "long int" to Register is
+        ambiguous. Explicitly choose the intptr_t constructor.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::initializeCallFrame):
+        * VM/Register.h:
+        (KJS::Register::Register):
+
+2008-07-16  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Geoff Garen.
+
+        Fix JavaScript in 64-bit by using a pointer-sized integer
+        type in the Register union.  Also includes a rename of
+        the intType constant to IntType.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::initializeCallFrame):
+        * VM/Register.h:
+        (KJS::Register::):
+        (KJS::Register::Register):
+
+2008-07-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        First step toward putting doubles in registers: Turned Register into a
+        proper abstraction layer. It is no longer possible to cast a Register
+        to a JSValue*, or a Register& to a JSValue*&, or to access the union
+        inside a Register directly.
+        
+        SunSpider reports no change.
+        
+        In support of this change, I had to make the following mechanical changes
+        in a lot of places:
+        
+        1. Clients now use explicit accessors to read data out of Registers, and
+        implicit copy constructors to write data into registers.
+        
+        So, assignment that used to look like
+        
+            x.u.jsValue = y;
+        
+        now looks like
+        
+            x = y;
+            
+        And access that used to look like
+        
+            x = y.u.jsValue;
+        
+        now looks like
+        
+            x = y.jsValue();
+
+        2. I made generic flow control specific in opcodes that made their flow
+        control generic by treating a Register& as a JSValue*&. This had the
+        added benefit of removing some exception checking branches from immediate
+        number code.
+
+        3. I beefed up PropertySlot to support storing a Register* in a property
+        slot. For now, only JSVariableObject's symbolTableGet and symbolTablePut
+        use this functionality, but I expect more clients to use it in the future.
+        
+        4. I changed ArgList to be a buffer of Registers, not JSValue*'s, and I
+        changed ArgList iterator clients to iterate Registers, not JSValue*'s.
+
+2008-07-16  Ada Chan  <adachan@apple.com>
+
+        Fixed build.
+
+        * kjs/JSGlobalObject.cpp:
+
+2008-07-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam and Geoff.
+
+        <rdar://problem/5958840> Navigating to another page while profiler is
+        attached results in slow JavaScript for all time.
+
+        - The UNLIKELY keeps this from being a sunspider performance regression.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject): Stop the profiler associated
+        with this exec state.
+
+2008-07-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Steve Falkenburg.
+
+        Replace adopting UString constructor in favor of explicit
+        static adopt method.
+
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+        * kjs/StringConstructor.cpp:
+        (KJS::stringFromCharCode):
+        * kjs/StringPrototype.cpp:
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        * kjs/ustring.cpp:
+        (KJS::UString::adopt):
+        * kjs/ustring.h:
+        (KJS::UString::UString):
+        (KJS::UString::~UString):
+
+2008-07-16  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        http://trolltech.com/developer/task-tracker/index_html?method=entry&id=216179
+        Fix potential crash (on Qt for Windows port) when performing JavaScript date
+        conversion.
+
+        * kjs/DateMath.cpp:
+        (KJS::getLocalTime): For the Qt port, prefer to use Windows code, i.e.
+        localtime_s() instead of localtime() since the latter might crash (on Windows)
+        given a non-sensible, e.g. NaN, argument.
+
+2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Anders and Geoff.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20023
+        Failed assertion in PropertyNameArray.cpp
+
+        This is already tested by testapi.
+
+        * API/JSObjectRef.cpp: (JSPropertyNameAccumulatorAddName): Add the string to identifier
+        table to appease PropertyNameArray.
+
+2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Dereference identifiers when deleting a hash table (fixes leaks with private JSGlobalData
+        objects).
+
+        * kjs/JSGlobalData.cpp: (KJS::JSGlobalData::~JSGlobalData):
+        * kjs/lookup.cpp: (KJS::HashTable::deleteTable):
+        * kjs/lookup.h:
+        * kjs/lexer.cpp: (KJS::Lexer::~Lexer)
+        HashTable cannot have a destructor, because check-for-global-initializers complains about
+        having a global constructor then.
+
+2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Check pthread_key_create return value.
+
+        This check was helpful when debugging a crash in run-webkit-tests --threaded that happened
+        because JSGlobalData objects were not deleted, and we were running out of pthread keys soon.
+        It also looks useful for production builds.
+
+        * wtf/ThreadSpecific.h: (WTF::::ThreadSpecific):
+
+2008-07-15  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        Rename pageGroupIdentifier to profileGroup to keep mention of a
+        pageGroup out of JavaScriptCore.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::setProfileGroup):
+        (KJS::JSGlobalObject::profileGroup):
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::create):
+        (KJS::ProfileGenerator::ProfileGenerator):
+        * profiler/ProfileGenerator.h:
+        (KJS::ProfileGenerator::profileGroup):
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        (KJS::dispatchFunctionToProfiles):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+
+2008-07-14  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix https://bugs.webkit.org/show_bug.cgi?id=20037
+        Bug 20037: GCC 4.2 build broken due to strict aliasing violation.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::computeHash): Add a version of computeHash that takes a char* and explicit length.
+        * kjs/ustring.h:
+        * profiler/CallIdentifier.h:
+        (WTF::): Use new version of computeHash that takes a char* and explicit length to avoid unsafe aliasing.
+
+2008-07-14  David Hyatt  <hyatt@apple.com>
+
+        Fix a crashing bug in ListHashSet's -- operator.  Make sure that end() can be -- by special-casing the null
+        position.
+
+        Reviewed by Maciej
+
+        * wtf/ListHashSet.h:
+        (WTF::ListHashSetConstIterator::operator--):
+
+2008-07-14  David Hyatt  <hyatt@apple.com>
+
+        Buidl fix.  Make sure the second insertBefore method returns a value.
+
+        * wtf/ListHashSet.h:
+        (WTF::::insertBefore):
+
+2008-07-14  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added include/pthreads to the
+        include path.
+
+2008-07-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Kevin McCullough.
+
+        Make JSGlobalData refcounted in preparation to adding a way to create contexts that share
+        global data.
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::create):
+        * kjs/JSGlobalData.h:
+        Made contructor private, and added a static create() method. Made the class inherit from
+        RefCounted.
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::globalData):
+        JSGlobalData is now owned by JSGlobalObject (except for the shared one, and the common
+        WebCore one, which are never deleted).
+
+        * kjs/Shell.cpp: (main): Create JSGlobalData with create() method.
+
+2008-07-14  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the single-threaded build.
+
+        * kjs/JSLock.cpp: Removed undeclared registerThread() function.
+        * kjs/collector.cpp:
+        (KJS::Heap::registerThread): Added dummy implementation.
+
+2008-07-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Eliminate per-thread JavaScript global data instance support and make arbitrary
+        global data/global object combinations possible.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap): Store a JSGlobalData pointer instead of multiple pointers to its members.
+        This allows for going from any JS object to its associated global data, currently used in
+        JSGlobalObject constructor to initialize its JSGlobalData pointer.
+        (KJS::Heap::registerThread): Changed thread registration data to be per-heap. Previously,
+        only the shared heap could be used from multiple threads, so it was the only one that needed
+        thread registration, but now this can happen to any heap.
+        (KJS::Heap::unregisterThread): Ditto.
+        (KJS::Heap::markStackObjectsConservatively): Adapt for the above changes.
+        (KJS::Heap::setGCProtectNeedsLocking): Ditto.
+        (KJS::Heap::protect): Ditto.
+        (KJS::Heap::unprotect): Ditto.
+        (KJS::Heap::collect): Ditto.
+        (KJS::Heap::globalObjectCount): Use global object list associated with the current heap,
+        not the late per-thread one.
+        (KJS::Heap::protectedGlobalObjectCount): Ditto.
+
+        * kjs/collector.h:
+        (KJS::Heap::ThreadRegistrar): Added a helper object that unregisters a thread when it is
+        destroyed.
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::JSLock):
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        Don't use JSLock to implicitly register threads. I've added registerThread() calls to most
+        places that use JSLock - we cannot guarantee absolute safety unless we always mark all
+        threads in the process, but these implicit registration calls should cover reasonable usage
+        scenarios, I hope.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript): Explicitly register the current thread.
+        (JSCheckScriptSyntax): Explicitly register the current thread.
+        (JSGarbageCollect): Changed to use the passed in context. Unfortunately, this creates a race
+        condition for clients that pass an already released context to JSGarbageCollect - but it is
+        unlikely to create real life problems.
+        To maintain compatibility, the shared heap is collected if NULL is passed.
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Use a new syntax for JSGlobalObject allocation.
+        (JSGlobalContextRetain): Register the thread.
+        (JSContextGetGlobalObject): Register the thread.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        (JSObjectCopyPropertyNames):
+        (JSPropertyNameAccumulatorAddName):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        Register the thread.
+
+        * API/JSStringRef.cpp: (JSStringRelease): Changed a comment to not mention per-thread contexts.
+
+        * API/JSStringRefCF.cpp: Removed an unnecessary include of JSLock.h.
+
+        * JavaScriptCore.exp: Export JSGlobalData constructor/destructor, now that anyone can have
+        their own instances. Adapt to other changes, too.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Made ThreadSpecific.h private, as it is now
+        included by collector.h and is thus needed in other projects.
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreadingOnce): Don't initialize per-thread
+        global data, as it no longer exists.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::~JSGlobalData):
+        * kjs/JSGlobalData.h:
+        Removed support for per-thread instance. Made constructor and destructor public.
+
+        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::init): Get to now arbitrary  JSGlobalData
+        via the heap.
+        (KJS::JSGlobalObject::operator new): Changed ot take JSGlobalDatra pointer.
+        * kjs/JSGlobalObject.h:
+
+        * kjs/Shell.cpp:
+        (main):
+        (jscmain):
+        Changed to maintain a custom JSGlobalData pointer instead of a per-thread one.
+
+2008-07-13  Ada Chan  <adachan@apple.com>
+
+        Windows build fix: Add wtf/RefCountedLeakCounter to the project.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2008-07-12  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk, Qt and Wx build fix: Add wtf/RefCountedLeakCounter in the
+        build scripts
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCoreSources.bkl:
+
+2008-07-11  Stephanie Lewis  <slewis@apple.com>
+
+        Reviewed by Darin Adler and Oliver Hunt.
+
+        Refactor RefCounting Leak counting code into a common class.
+
+        In order to export the symbols I needed to put the debug defines inside the function names
+        
+        Before we had a separate channel for each Logging each Leak type.  Since the leak channels were only used in one location, and only at quit for simplicity I combined them all into one leak channel.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj: add new class
+        * kjs/nodes.cpp: remove old leak counting code
+        * wtf/RefCountedLeakCounter.cpp: Added. create a common leak counting class
+        * wtf/RefCountedLeakCounter.h: Added.
+
+2008-07-11  David Hyatt  <hyatt@apple.com>
+
+        Add an insertBefore method to ListHashSet to allow for insertions in the middle of the list (rather than just
+        at the end).
+
+        Reviewed by Anders
+
+        * wtf/ListHashSet.h:
+        (WTF::::insertBefore):
+        (WTF::::insertNodeBefore):
+
+2008-07-11  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Move call function to CallData.cpp and construct to ConstructData.cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/CallData.cpp: Copied from kjs/JSValue.cpp.
+        * kjs/ConstructData.cpp: Copied from kjs/JSValue.cpp.
+        * kjs/JSValue.cpp:
+
+2008-07-10  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Define WEBKIT_VERSION_MIN_REQUIRED=WEBKIT_VERSION_LATEST when building WebKit to ensure that no symbols end up with the weak_import attribute.
+
+        * Configurations/Base.xcconfig:
+
+2008-07-10  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix the Tiger build by omitting annotations from methods declared in categories when using old versions of GCC.
+
+        * API/WebKitAvailability.h:
+
+2008-07-10  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        -Minor cleanup. Renamed callTree() to head() and no longer use m_head
+        directly but instead keep it private and access via a method().
+
+        * profiler/HeavyProfile.cpp:
+        (KJS::HeavyProfile::HeavyProfile):
+        (KJS::HeavyProfile::generateHeavyStructure):
+        (KJS::HeavyProfile::addNode):
+        * profiler/Profile.h:
+        (KJS::Profile::head):
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::ProfileGenerator):
+
+2008-07-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Eliminate CollectorHeapIntrospector.
+
+        CollectorHeapIntrospector was added primarily in the hopes to improve leaks tool output,
+        a result that it didn't deliver. Also, it helped by labeling JSC heap regions as reported by
+        vmmap tool, but at the same time, it made them mislabeled as malloc'd ones - the correct
+        way to label mapped regions is to use a VM tag.
+
+        So, it makes more sense to remove it completely than to make it work with multiple heaps.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading):
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/CollectorHeapIntrospector.cpp: Removed.
+        * kjs/CollectorHeapIntrospector.h: Removed.
+
+2008-07-09  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5951532> JSProfiler: Implement heavy (or bottom-up)
+        view (19228)
+        - Implemented the time and call count portionof heavy.  Now all that we
+        need is some UI.
+
+        * profiler/CallIdentifier.h: Removed an unused constructor.
+        * profiler/HeavyProfile.cpp: 
+        (KJS::HeavyProfile::HeavyProfile): Set the initial time of the head
+        node so that percentages work correctly.
+        (KJS::HeavyProfile::mergeProfiles): Sum the times and call count of
+        nodes being merged.
+        * profiler/ProfileNode.cpp: Set the intital values of time and call
+        count when copying ProfileNodes.
+        (KJS::ProfileNode::ProfileNode):
+
+2008-07-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix.
+
+        * GNUmakefile.am: Add HeavyProfile.cpp
+
+2008-07-09  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Don't warn about deprecated functions in production builds.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/DebugRelease.xcconfig:
+
+2008-07-09  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.pri: Fix Qt build by adding HeavyProfile.cpp.
+
+2008-07-09  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx biuld fix. Add HeavyProfile.cpp to build files.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-07-09  Kevin McCullough  <kmccullough@apple.com>
+
+        - Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-07-09  Kevin McCullough  <kmccullough@apple.com>
+
+        - Build fix.
+
+        * profiler/HeavyProfile.cpp:
+        (KJS::HeavyProfile::mergeProfiles):
+
+2008-07-09  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff and Adam.
+
+        <rdar://problem/5951532> JSProfiler: Implement Bottom-Up view (19228)
+        - This is the plumbing for bottom-up, but does not include calculating
+        time, mostly because I'm still undclear about what the end result should
+        look like.
+        - This, obviously, does not include the UI to expose this in the
+        inspector yet.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/CallIdentifier.h:
+        (KJS::CallIdentifier::CallIdentifier):
+        (WTF::): Added HashTraits for CallIdentifiers to be used by a HashMap.
+        * profiler/HeavyProfile.cpp: Added.
+        (KJS::HeavyProfile::HeavyProfile):
+        (KJS::HeavyProfile::generateHeavyStructure):
+        (KJS::HeavyProfile::addNode):
+        (KJS::HeavyProfile::mergeProfiles):
+        (KJS::HeavyProfile::addAncestorsAsChildren):
+        * profiler/HeavyProfile.h: Added.
+        (KJS::HeavyProfile::create):
+        (KJS::HeavyProfile::heavyProfile):
+        (KJS::HeavyProfile::treeProfile):
+        * profiler/Profile.cpp: Removed old commented out includes.
+        * profiler/Profile.h: The m_head is needed by the HeavyProfile so it
+        is now protected as opposed to private.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode): Created a constructor to copy
+        ProfileNodes.
+        (KJS::ProfileNode::findChild): Added a null check to make HeavyProfile
+        children finding easier and avoid a potential crasher.
+        * profiler/ProfileNode.h: Mostly moved things around but also added some
+        functionality needed by HeavyProfile.
+        (KJS::ProfileNode::create):
+        (KJS::ProfileNode::functionName):
+        (KJS::ProfileNode::url):
+        (KJS::ProfileNode::lineNumber):
+        (KJS::ProfileNode::head):
+        (KJS::ProfileNode::setHead):
+        (KJS::ProfileNode::setNextSibling):
+        (KJS::ProfileNode::actualTotalTime):
+        (KJS::ProfileNode::actualSelfTime):
+        * profiler/TreeProfile.cpp: Implemented the ability to get a
+        HeavyProfile.
+        (KJS::TreeProfile::heavyProfile):
+        * profiler/TreeProfile.h:
+
+2008-07-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Added support for checking if an object has custom properties in its
+        property map. WebCore uses this to optimize marking DOM wrappers.
+
+2008-07-08  Simon Hausmann  <hausmann@webkit.org>
+
+        Prospective Gtk/Wx build fixes, add ProfileGenerator.cpp to the build.
+
+        * GNUmakefile.am:
+        * JavaScriptCoreSources.bkl:
+
+2008-07-08  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build, add ProfileGenerator.cpp to the build.
+
+        * JavaScriptCore.pri:
+
+2008-07-07  David Kilzer  <ddkilzer@apple.com>
+
+        releaseFastMallocFreeMemory() should always be defined
+
+        Reviewed by Darin.
+
+        * JavaScriptCore.exp: Changed to export C++ binding for
+        WTF::releaseFastMallocFreeMemory() instead of C binding for
+        releaseFastMallocFreeMemory().
+        * wtf/FastMalloc.cpp: Moved definitions of
+        releaseFastMallocFreeMemory() to be in the WTF namespace
+        regardless whether FORCE_SYSTEM_MALLOC is defined.
+        * wtf/FastMalloc.h: Moved releaseFastMallocFreeMemory() from
+        extern "C" binding to WTF::releaseFastMallocFreeMemory().
+
+2008-07-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoff.
+
+        Bug 19926: URL causes crash within a minute
+        <https://bugs.webkit.org/show_bug.cgi?id=19926>
+
+        Add a check that lastGlobalObject is non-null in Machine::execute()
+        before copying its globals to the current register file.
+
+        In theory, it is possible to make a test case for this, but it will
+        take a while to get it right.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+
+2008-07-07  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Adele.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Fix a typo in a comment.
+
+2008-07-07  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fixes.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+
+2008-07-07  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        When the profiler is running it gathers information and creates a
+        Profile.  After it finishes the Profile can be sorted and have other
+        data refinements run over it.  Both of these were done in the same class
+        before.  Now I split the gathering operations into a new class called
+        ProfileGenerator.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/Profile.cpp: Removed code related to the gather stage of a
+        Profile's creation.  
+        (KJS::Profile::create):
+        (KJS::Profile::Profile):
+        * profiler/Profile.h: Ditto.
+        (KJS::Profile::title):
+        (KJS::Profile::callTree):
+        (KJS::Profile::setHead):
+        * profiler/ProfileGenerator.cpp: Added. This is the class that will
+        handle the stage of creating a Profile.  Once the Profile is finished
+        being created, this class goes away.
+        (KJS::ProfileGenerator::create):
+        (KJS::ProfileGenerator::ProfileGenerator):
+        (KJS::ProfileGenerator::title):
+        (KJS::ProfileGenerator::willExecute):
+        (KJS::ProfileGenerator::didExecute):
+        (KJS::ProfileGenerator::stopProfiling):
+        (KJS::ProfileGenerator::didFinishAllExecution):
+        (KJS::ProfileGenerator::removeProfileStart):
+        (KJS::ProfileGenerator::removeProfileEnd):
+        * profiler/ProfileGenerator.h: Added.
+        (KJS::ProfileGenerator::profile):
+        (KJS::ProfileGenerator::originatingGlobalExec):
+        (KJS::ProfileGenerator::pageGroupIdentifier):
+        (KJS::ProfileGenerator::client):
+        (KJS::ProfileGenerator::stoppedProfiling):
+        * profiler/Profiler.cpp: Now operates with the ProfileGenerator instead
+        of the Profile.
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling):
+        (KJS::Profiler::didFinishAllExecution): It is here that the Profile is
+        handed off to its client and the Profile Generator is no longer needed.
+        (KJS::dispatchFunctionToProfiles):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        * profiler/Profiler.h: Cleaned up the includes and subsequently the
+        forward declarations.  Also use the new ProfileGenerator.
+        (KJS::ProfilerClient::~ProfilerClient):
+        (KJS::Profiler::currentProfiles):
+        * profiler/TreeProfile.cpp: Use Profile's new interface.
+        (KJS::TreeProfile::create):
+        (KJS::TreeProfile::TreeProfile):
+        * profiler/TreeProfile.h:
+
+2008-07-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Third step in broad cleanup effort.
+
+        [ File list elided ]
+
+2008-07-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Second step in broad cleanup effort.
+
+        [ File list elided ]
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        First step in broad cleanup effort.
+
+        [ File list elided ]
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Cameron Zwarich.
+
+        Rename list.h/cpp to ArgList.h/cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.h:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArgList.cpp: Copied from JavaScriptCore/kjs/list.cpp.
+        * kjs/ArgList.h: Copied from JavaScriptCore/kjs/list.h.
+        * kjs/IndexToNameMap.cpp:
+        * kjs/JSGlobalData.cpp:
+        * kjs/JSGlobalData.h:
+        * kjs/JSObject.h:
+        * kjs/collector.cpp:
+        * kjs/list.cpp: Removed.
+        * kjs/list.h: Removed.
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne builds again.
+
+        * kjs/BooleanPrototype.cpp:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/NumberPrototype.cpp:
+        * kjs/ObjectPrototype.cpp:
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Fix build on case-sensitive build systems.
+
+        * kjs/IndexToNameMap.cpp:
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Fix build.
+
+        * kjs/Arguments.cpp:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/DateConstructor.cpp:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/NumberPrototype.cpp:
+        * kjs/ObjectPrototype.cpp:
+        * kjs/RegExpPrototype.cpp:
+        * kjs/StringConstructor.cpp:
+        * kjs/lookup.cpp:
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne build.
+
+        * kjs/JSGlobalObject.cpp:
+
+2008-07-05  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Cameron Zwarich.
+
+        Split Arguments, IndexToNameMap, PrototypeFunction, GlobalEvalFunction and 
+        the functions on the global object out of JSFunction.h/cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/Arguments.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
+        * kjs/Arguments.h: Copied from JavaScriptCore/kjs/JSFunction.h.
+        * kjs/GlobalEvalFunction.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
+        * kjs/GlobalEvalFunction.h: Copied from JavaScriptCore/kjs/JSFunction.h.
+        * kjs/IndexToNameMap.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
+        * kjs/IndexToNameMap.h: Copied from JavaScriptCore/kjs/JSFunction.h.
+        * kjs/JSActivation.cpp:
+        * kjs/JSFunction.cpp:
+        * kjs/JSFunction.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObjectFunctions.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
+        * kjs/JSGlobalObjectFunctions.h: Copied from JavaScriptCore/kjs/JSFunction.h.
+        The functions on the global object should be in JSGlobalObject.cpp, but putting them there
+        was a 0.5% regression.
+
+        * kjs/PrototypeFunction.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
+        * kjs/PrototypeFunction.h: Copied from JavaScriptCore/kjs/JSFunction.h.
+        * kjs/Shell.cpp:
+        * kjs/lexer.cpp:
+        * kjs/ustring.cpp:
+
+2008-07-04  Sam Weinig  <sam@webkit.org>
+
+        Really fix the mac build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-04  Sam Weinig  <sam@webkit.org>
+
+        Fix mac build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-04  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne builds.
+
+        * kjs/Error.cpp:
+        * kjs/GetterSetter.cpp:
+        * kjs/JSImmediate.cpp:
+        * kjs/operations.cpp:
+
+2008-07-04  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Dan Bernstein.
+
+        Split Error and GetterSetter out of JSObject.h.
+
+        * API/JSCallbackObjectFunctions.h:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ClassInfo.h: Copied from JavaScriptCore/kjs/JSObject.h.
+        * kjs/Error.cpp: Copied from JavaScriptCore/kjs/JSObject.cpp.
+        * kjs/Error.h: Copied from JavaScriptCore/kjs/JSObject.h.
+        * kjs/GetterSetter.cpp:
+        * kjs/GetterSetter.h: Copied from JavaScriptCore/kjs/JSObject.h.
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/nodes.h:
+
+2008-07-04  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Wx build, added TreeProfile.cpp to the build.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-07-03  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix output path of recently-added script phase to reference the correct file.
+        This prevents Xcode from running the script phase unnecessarily, which caused
+        the generated header to be recreated and lead to AllInOneFile.cpp rebuilding.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-03  Mark Rowe  <mrowe@apple.com>
+
+        Follow-up to the 64-bit build fix.  Use intptr_t rather than ssize_t as
+        the latter is non-standard and does not exist on Windows.
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::lockCount):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+        * kjs/JSLock.h:
+
+2008-07-02  Mark Rowe  <mrowe@apple.com>
+
+        Fix the 64-bit build.  pthread_getspecific works with pointer-sized values,
+        so use ssize_t rather than int to track the lock count to avoid warnings about
+        truncating the result of pthread_getspecific.
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::lockCount):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+        * kjs/JSLock.h:
+
+2008-07-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed checking for the array get/put fast case from the array code.
+        Callers who want the fast case should call getIndex and/or setIndex
+        instead. (get_by_val and put_by_val already do this.)
+        
+        SunSpider reports no change overall, but a 1.4% speedup on fannkuch and
+        a 3.6% speedup on nsieve.
+
+2008-07-03  Dan Bernstein  <mitz@apple.com>
+
+        - Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added TreeProfile.{h,cpp}.
+
+2008-07-03  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        - Windows build fix
+
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine):
+
+2008-07-03  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix the non-threaded build.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::threadInstanceInternal):
+
+2008-07-03  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build, added TreeProfile to the build.
+
+        * JavaScriptCore.pri:
+
+2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Don't create unnecessary JSGlobalData instances.
+
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::threadInstanceExists):
+        (KJS::JSGlobalData::sharedInstanceExists):
+        (KJS::JSGlobalData::threadInstance):
+        (KJS::JSGlobalData::sharedInstance):
+        (KJS::JSGlobalData::threadInstanceInternal):
+        (KJS::JSGlobalData::sharedInstanceInternal):
+        Added methods to query instance existence.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreadingOnce):
+        Initialize thread instance static in a new way.
+
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * kjs/collector.cpp:
+        (KJS::Heap::collect):
+        Check for instance existence before accessing it.
+
+2008-07-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=19862
+        REGRESSION (r34907): Gmail crashes in JavaScriptCore code while editing drafts
+        
+        I was never able to reproduce this issue, but Cameron could, and he says
+        that this patch fixes it.
+        
+        The crash seems tied to a timer or event handler callback. In such a case,
+        the sole reference to the global object may be in the current call frame,
+        so we can't depend on the global object to mark the call frame area in
+        the register file.
+        
+        The new GC marking rule is: the global object is not responsible for
+        marking the whole register file -- it's just responsible for the globals
+        section it's tied to. The heap is responsible for marking the call frame area.
+
+2008-07-02  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Add the ability to trace JavaScriptCore garabge collections using dtrace.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Generate the dtrace probe header
+        file when building on a new enough version of Mac OS X.
+        * JavaScriptCorePrefix.h: Add our standard Mac OS X version detection macros.
+        * kjs/Tracing.d: Declare three dtrace probes.
+        * kjs/Tracing.h: Include the generated dtrace macros if dtrace is available,
+        otherwise provide versions that do nothing.
+        * kjs/collector.cpp:
+        (KJS::Heap::collect): Fire dtrace probes when starting a collection, after the
+        mark phase has completed, and when the collection is complete.
+        * wtf/Platform.h: Define HAVE_DTRACE when building on a new enough version of Mac OS X.
+
+2008-07-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber stamped by Oliver Hunt.
+        
+        Reduced the max register file size from 8MB to 2MB.
+
+        We still allow about 20,000 levels of recursion.
+
+2008-07-02  Alp Toker  <alp@nuanti.com>
+
+        Build fix for r34960. Add TreeProfile.cpp to build.
+
+        * GNUmakefile.am:
+
+2008-07-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Optimized a[n] get for cases when a is an array or a string. When a is
+        an array, we optimize both get and put. When a is a string, we only
+        optimize get, since you can't put to a string.
+        
+        SunSpider says 3.4% faster.
+
+2008-07-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        -Small cleanup in preparation for implementing Bottom-up.
+
+        * profiler/CallIdentifier.h: Rename debug function to make it clear of
+        its output and intention to be debug only.
+        (KJS::CallIdentifier::operator const char* ): Implement in terms of
+        c_str.
+        (KJS::CallIdentifier::c_str):
+        * profiler/ProfileNode.cpp: Impelment findChild() which will be needed
+        by the bottom-up implementation.
+        (KJS::ProfileNode::findChild):
+        * profiler/ProfileNode.h: Added comments to make the collections of
+        functions more clear.
+        (KJS::ProfileNode::operator==):
+        (KJS::ProfileNode::c_str):
+
+2008-07-02  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 19776: Number.toExponential() is incorrect for numbers between 0.1 and 1
+        <https://bugs.webkit.org/show_bug.cgi?id=19776>
+
+        Perform the sign check for the exponent on the actual exponent value,
+        which is 1 less than the value of decimalPoint, instead of on the value
+        of decimalPoint itself.
+
+        * kjs/NumberPrototype.cpp:
+        (KJS::exponentialPartToString):
+
+2008-07-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5951532> JSProfiler: Implement Bottom-Up view (19228)
+        - Subclass TreeProfile as I prepare for a HeavyProfile to be comming
+        later.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/Profile.cpp: By default we create a TreeProfile.
+        (KJS::Profile::create):
+        * profiler/Profile.h: Changes to the Profile class to make it amenable
+        to be inherited from.
+        (KJS::Profile::~Profile):
+        * profiler/TreeProfile.cpp: Added.
+        (KJS::TreeProfile::create):
+        (KJS::TreeProfile::TreeProfile):
+        (KJS::TreeProfile::heavyProfile):
+        * profiler/TreeProfile.h: Added.
+        (KJS::TreeProfile::treeProfile):
+
+2008-07-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Dan.
+
+        Broke CallIdentifier out into its own file. I did this because it's
+        going to grow a lot soon and I wanted this to be a separate patch.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/CallIdentifier.h: Added.
+        (KJS::CallIdentifier::CallIdentifier):
+        (KJS::CallIdentifier::operator==):
+        (KJS::CallIdentifier::operator!=):
+        (KJS::CallIdentifier::operator const char* ):
+        (KJS::CallIdentifier::toString):
+        * profiler/ProfileNode.h:
+
+2008-07-02  Simon Hausmann  <hausmann@webkit.org>
+
+        Build fix. Implemented missing functions for single-threaded build.
+
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+
+2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Another non-AllInOne build fix.
+
+        * kjs/JSGlobalObject.cpp: Include JSLock.h here, too.
+
+2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Non-AllInOne build fix.
+
+        * kjs/interpreter.cpp: Include JSLock.h.
+
+2008-06-30  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Disable JSLock for per-thread contexts.
+
+        No change on SunSpider.
+
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::sharedInstance):
+        Added isSharedInstance as a better way to tell whether the instance is shared (legacy).
+
+        * kjs/JSLock.cpp:
+        (KJS::createJSLockCount):
+        (KJS::JSLock::lockCount):
+        (KJS::setLockCount):
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::currentThreadIsHoldingLock):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+        (KJS::JSLock::DropAllLocks::~DropAllLocks):
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::~JSLock):
+        Made JSLock and JSLock::DropAllLocks constructors take a parameter to decide whether to
+        actually lock a mutex, or only to increment recursion count. We cannot turn it into no-op
+        if we want to keep existing assertions working.
+        Made recursion count per-thread, now that locks may not lock.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript): Take JSLock after casting JSContextRef to ExecState* (which doesn't need
+        locking in any case), so that a decision whether to actually lock can be made.
+        (JSCheckScriptSyntax): Ditto.
+        (JSGarbageCollect): Only lock while collecting the shared heap, not the per-thread one.
+
+        * API/JSObjectRef.cpp:
+        (JSClassCreate): Don't lock, as there is no reason to.
+        (JSClassRetain): Ditto.
+        (JSClassRelease): Ditto.
+        (JSPropertyNameArrayRetain): Ditto.
+        (JSPropertyNameArrayRelease): Only lock while deleting the array, as that may touch
+        identifier table.
+        (JSPropertyNameAccumulatorAddName): Adding a string also involves an identifier table
+        lookup, and possibly modification.
+
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters):
+        (JSStringCreateWithUTF8CString):
+        (JSStringRetain):
+        (JSStringRelease):
+        (JSStringGetUTF8CString):
+        (JSStringIsEqual):
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+        JSStringRef operations other than releasing do not need locking.
+
+        * VM/Machine.cpp: Don't include unused JSLock.h.
+
+        * kjs/CollectorHeapIntrospector.cpp: (KJS::CollectorHeapIntrospector::statistics):
+        Don't take the lock for real, as heap introspection pauses the process anyway. It seems that
+        the existing code could cause deadlocks.
+
+        * kjs/Shell.cpp:
+        (functionGC):
+        (main):
+        (jscmain):
+        The test tool uses a per-thread context, so no real locking is required.
+
+        * kjs/collector.h:
+        (KJS::Heap::setGCProtectNeedsLocking): Optionally protect m_protectedValues access with a
+        per-heap mutex. This is only needed for WebCore Database code, which violates the "no data
+        migration between threads" by using ProtectedPtr on a background thread.
+        (KJS::Heap::isShared): Keep a shared flag here, as well.
+
+        * kjs/protect.h:
+        (KJS::::ProtectedPtr):
+        (KJS::::~ProtectedPtr):
+        (KJS::::operator):
+        (KJS::operator==):
+        (KJS::operator!=):
+        ProtectedPtr is ony used from WebCore, so it doesn't need to take JSLock. An assertion in
+        Heap::protect/unprotect guards agains possible future unlocked uses of ProtectedPtr in JSC.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap): Initialize m_isShared.
+        (KJS::Heap::~Heap): No need to lock for real during destruction, but must keep assertions
+        in sweep() working.
+        (KJS::destroyRegisteredThread): Registered thread list is only accessed for shared heap,
+        so locking is always needed here.
+        (KJS::Heap::registerThread): Ditto.
+        (KJS::Heap::markStackObjectsConservatively): Use m_isShared instead of comparing to a shared
+        instance for a small speedup.
+        (KJS::Heap::setGCProtectNeedsLocking): Create m_protectedValuesMutex. There is currently no
+        way to undo this - and ideally, Database code will be fixed to lo longer require this quirk.
+        (KJS::Heap::protect): Take m_protectedValuesMutex (if it exists) while accessing
+        m_protectedValues.
+        (KJS::Heap::unprotect): Ditto.
+        (KJS::Heap::markProtectedObjects): Ditto.
+        (KJS::Heap::protectedGlobalObjectCount): Ditto.
+        (KJS::Heap::protectedObjectCount): Ditto.
+        (KJS::Heap::protectedObjectTypeCounts): Ditto.
+
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        Don't include JSLock.h, which is no longer used here. As a result, an explicit include had
+        to be added to many files in JavaScriptGlue, WebCore and WebKit.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        * API/JSCallbackConstructor.cpp:
+        (KJS::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::init):
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::construct):
+        (KJS::::hasInstance):
+        (KJS::::call):
+        (KJS::::getPropertyNames):
+        (KJS::::toNumber):
+        (KJS::::toString):
+        (KJS::::staticValueGetter):
+        (KJS::::callbackGetter):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate):
+        (JSGlobalContextRetain):
+        (JSGlobalContextRelease):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * JavaScriptCore.exp:
+        * kjs/PropertyNameArray.h:
+        (KJS::PropertyNameArray::globalData):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+        Pass a parameter to JSLock/JSLock::DropAllLocks to decide whether the lock needs to be taken.
+
+2008-07-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19834
+        Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82
+
+        Creating a global object with a custom prototype resets it twice (wasteful!).
+        So, addStaticGlobals() was called twice, but JSGlobalObject::reset() didn't reset
+        the register array.        
+
+        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::reset): Call setRegisterArray(0, 0).
+
+        * kjs/JSVariableObject.h: Changed registerArray to OwnArrayPtr. Also, added private copy
+        constructor and operator= to ensure that no one attempts to copy this object (for whatever
+        reason, I couldn't make Noncopyable work).
+
+        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::addStaticGlobals): Allocate registerArray
+        with new[].
+
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::copyRegisterArray): Allocate registerArray with new[].
+        (KJS::JSVariableObject::setRegisterArray): Avoid hitting an assertion in OwnArrayPtr when
+        "changing" the value from 0 to 0.
+
+2008-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed and/or reordered exception checks in array-style a[n] access.
+        
+        SunSpider says 1.4% faster.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): No need to check for exceptions before
+        calling toString, toNumber and/or get. If the call ends up being observable
+        through toString, valueOf, or a getter, we short-circuit it there, instead.
+        In the op_del_by_val case, I removed the incorrect comment without actually
+        removing the code, since I didn't want to tempt the GCC fates!
+
+        * kjs/JSObject.cpp:
+        (KJS::callDefaultValueFunction): Added exception check to prevent
+        toString and valueOf functions from observing execution after an exception
+        has been thrown. This removes some of the burden of exception checking
+        from the machine.
+
+        (KJS::JSObject::defaultValue): Removed redundant exception check here.
+
+        * kjs/PropertySlot.cpp:
+        (KJS::PropertySlot::functionGetter): Added exception check to prevent
+        getter functions from observing execution after an exception has been
+        thrown. This removes some of the burden of exception checking from the
+        machine.
+
+2008-07-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Optimized a[n] get and put for cases where n is an immediate unsigned
+        value.
+        
+        SunSpider says 3.5% faster.
+
+2008-07-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 19844: JavaScript Switch statement modifies "this"
+        <https://bugs.webkit.org/show_bug.cgi?id=19844>
+
+        Use a temporary when generating code for switch clauses to avoid
+        overwriting 'this' or a local variable.
+
+        * kjs/nodes.cpp:
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-07-01  Christian Dywan  <christian@twotoasts.de>
+
+        Gtk+ build fix.
+
+        * kjs/list.cpp: Include "JSCell.h"
+
+2008-07-01  Kevin McCullough  <kmccullough@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-07-01  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        - Mac release build fix
+
+        * JavaScriptCore.exp:
+
+2008-07-01  Sam Weinig  <sam@webkit.org>
+
+        Try and fix mac builds.
+
+        * JavaScriptCore.exp:
+
+2008-07-01  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne builds.
+
+        * kjs/DateMath.cpp:
+
+2008-07-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Split JSCell and JSNumberCell class declarations out of JSValue.h
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/JSPropertyNameIterator.h:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSCell.cpp: Copied from JavaScriptCore/kjs/JSValue.cpp.
+        * kjs/JSCell.h: Copied from JavaScriptCore/kjs/JSValue.h.
+        (KJS::JSValue::getJSNumber):
+        * kjs/JSNumberCell.cpp:
+        * kjs/JSNumberCell.h: Copied from JavaScriptCore/kjs/JSValue.h.
+        * kjs/JSObject.h:
+        * kjs/JSString.cpp:
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        * kjs/JSString.h:
+        (KJS::JSValue::toThisJSString):
+        * kjs/JSValue.cpp:
+        * kjs/JSValue.h:
+
+2008-07-01  Anders Carlsson  <andersca@apple.com>
+
+        Build fixes.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::addStaticGlobals):
+
+2008-07-01  Simon Hausmann  <hausmann@webkit.org>
+
+        Build fix, include OwnPtr.h.
+
+        * kjs/RegExpConstructor.h:
+
+2008-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a global object leak caused by the switch to one register file.
+        
+        Don't unconditionally mark the register file, since that logically
+        makes all global variables GC roots, even when their global object is
+        no longer reachable.
+        
+        Instead, make the global object associated with the register file
+        responsible for marking the register file.
+
+2008-06-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed the "registerBase" abstraction. Since the register file never
+        reallocates, we can keep direct pointers into it, instead of
+        <registerBase, offset> tuples.
+        
+        SunSpider says 0.8% faster.
+        
+2008-06-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (build fix).
+
+        Fix build by adding all (hopefully) the missing includes.
+
+        * kjs/BooleanPrototype.cpp:
+        * kjs/DateConstructor.cpp:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/NativeErrorConstructor.cpp:
+        * kjs/NumberPrototype.cpp:
+        * kjs/ObjectPrototype.cpp:
+        * kjs/RegExpConstructor.cpp:
+        * kjs/StringConstructor.cpp:
+        * kjs/StringPrototype.cpp:
+
+2008-06-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19830: REGRESSION (r34883): Google Reader doesn't show up feed list on sidebar
+        <https://bugs.webkit.org/show_bug.cgi?id=19830>
+
+        Ensure that we do not eliminate a write to a local register when doing
+        peephole optimizations.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        (KJS::CodeGenerator::emitJumpIfFalse):
+
+2008-06-30  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Alder.
+
+        Split InternalFunction into its own header file.
+
+        * API/JSCallbackFunction.h:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/ArrayConstructor.h:
+        * kjs/BooleanConstructor.h:
+        * kjs/DateConstructor.h:
+        * kjs/ErrorConstructor.h:
+        * kjs/FunctionConstructor.h:
+        * kjs/FunctionPrototype.h:
+        * kjs/InternalFunction.h: Copied from kjs/JSFunction.h.
+        * kjs/JSFunction.h:
+        * kjs/NativeErrorConstructor.h:
+        * kjs/NumberConstructor.h:
+        * kjs/ObjectConstructor.h:
+        * kjs/RegExpConstructor.h:
+        * kjs/StringConstructor.h:
+        * profiler/Profiler.cpp:
+
+2008-06-30  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Kevin McCullough.
+
+        Remove empty files Instruction.cpp, LabelID.cpp, Register.cpp and RegisterID.cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Instruction.cpp: Removed.
+        * VM/LabelID.cpp: Removed.
+        * VM/Register.cpp: Removed.
+        * VM/RegisterID.cpp: Removed.
+
+2008-06-30  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped (reluctantly) by Kevin McCullough.
+
+        Rename date_object.h/cpp to DateInstance.h/cpp
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/DateConstructor.cpp:
+        * kjs/DateInstance.cpp: Copied from kjs/date_object.cpp.
+        * kjs/DateInstance.h: Copied from kjs/date_object.h.
+        * kjs/DatePrototype.cpp:
+        * kjs/DatePrototype.h:
+        * kjs/date_object.cpp: Removed.
+        * kjs/date_object.h: Removed.
+
+2008-06-30  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Remove internal.cpp and move its contents to there own .cpp files.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/GetterSetter.cpp: Copied from kjs/internal.cpp.
+        * kjs/InternalFunction.cpp: Copied from kjs/internal.cpp.
+        * kjs/JSNumberCell.cpp: Copied from kjs/internal.cpp.
+        * kjs/JSString.cpp: Copied from kjs/internal.cpp.
+        * kjs/JSString.h:
+        * kjs/LabelStack.cpp: Copied from kjs/internal.cpp.
+        * kjs/NumberConstructor.cpp:
+        * kjs/NumberObject.cpp:
+        (KJS::constructNumber):
+        (KJS::constructNumberFromImmediateNumber):
+        * kjs/internal.cpp: Removed.
+
+2008-06-30  Adam Roben  <aroben@apple.com>
+
+        Fix <rdar://5954749> Assertion failure due to HashTable's use of
+        operator&
+
+        HashTable was passing &value to constructDeletedValue, which in
+        classes like WebCore::COMPtr would cause an assertion. We now pass
+        value by reference instead of by address so that the HashTraits
+        implementations have more flexibility in constructing the deleted
+        value.
+
+        Reviewed by Ada Chan.
+
+        * VM/CodeGenerator.h: Updated for changes to HashTraits.
+        * wtf/HashTable.h:
+        (WTF::::deleteBucket): Changed to pass bucket by reference instead of
+        by address.
+        (WTF::::checkKey): Ditto.
+        * wtf/HashTraits.h:
+        (WTF::): Updated HashTraits for HashTable change.
+
+2008-07-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Make RegisterFile really unmap memory on destruction.
+
+        This fixes run-webkit-tests --threaded, which ran out of address space in a few seconds.
+
+        * VM/RegisterFile.cpp: (KJS::RegisterFile::~RegisterFile): Unmap all the memory, not just
+        1/4 of it.
+
+        * kjs/JSGlobalObject.h: Don't include RegisterFile.h, so that changes to it don't make
+        half of WebCore rebuild.
+
+        * VM/Machine.h: Don't forward declare RegisterFile, as RegisterFile.h is included already.
+
+        * VM/RegisterFile.h: (KJS::RegisterFile::RegisterFile): Assert that the allocation succeeded.
+
+2008-06-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Oliver.
+
+        Correct the documentation for op_put_by_index.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-06-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19821: Merge the instruction pair (less, jfalse)
+        <https://bugs.webkit.org/show_bug.cgi?id=19821>
+        
+        This is a 2.4% win on SunSpider. I needed to add an ALWAYS_INLINE
+        intrinisc to CodeGenerator::rewindBinaryOp() to avoid a massive
+        regression in regexp-dna.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::rewindBinaryOp):
+        (KJS::CodeGenerator::emitJumpIfFalse):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.cpp:
+        (KJS::):
+        * VM/Opcode.h:
+
+2008-06-29  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne builds.
+
+        * kjs/JSObject.cpp:
+        * kjs/JSValue.cpp:
+
+2008-06-29  Sam Weinig  <sam@webkit.org>
+
+        Build fix for Qt.
+
+        * kjs/DateMath.cpp:
+        * kjs/DatePrototype.cpp:
+
+2008-06-29  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Cameron Zwarich.
+
+        Splits ErrorConstructor, ErrorPrototype,  NativeErrorConstructor and
+        NativeErrorPrototype out of error_object.h/cpp and renames it ErrorInstance.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArrayConstructor.cpp:
+        * kjs/ArrayPrototype.cpp:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/DatePrototype.cpp:
+        * kjs/ErrorConstructor.cpp: Copied from kjs/error_object.cpp.
+        * kjs/ErrorConstructor.h: Copied from kjs/error_object.h.
+        * kjs/ErrorInstance.cpp: Copied from kjs/error_object.cpp.
+        * kjs/ErrorInstance.h: Copied from kjs/error_object.h.
+        * kjs/ErrorPrototype.cpp: Copied from kjs/error_object.cpp.
+        * kjs/ErrorPrototype.h: Copied from kjs/error_object.h.
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSObject.cpp:
+        * kjs/JSValue.cpp:
+        * kjs/NativeErrorConstructor.cpp: Copied from kjs/error_object.cpp.
+        * kjs/NativeErrorConstructor.h: Copied from kjs/error_object.h.
+        * kjs/NativeErrorPrototype.cpp: Copied from kjs/error_object.cpp.
+        * kjs/NativeErrorPrototype.h: Copied from kjs/error_object.h.
+        * kjs/NumberPrototype.cpp:
+        * kjs/RegExpConstructor.cpp:
+        * kjs/RegExpObject.cpp:
+        * kjs/RegExpPrototype.cpp:
+        * kjs/StringPrototype.cpp:
+        * kjs/error_object.cpp: Removed.
+        * kjs/error_object.h: Removed.
+        * kjs/internal.cpp:
+
+2008-06-29  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne build.
+
+        * kjs/DateConstructor.cpp:
+        * kjs/DateMath.cpp:
+        * kjs/JSObject.cpp:
+
+2008-06-29  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Splits DateConstructor and DatePrototype out of date_object.h/cpp
+        Moves shared Date code into DateMath.
+
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/DateConstructor.cpp: Copied from kjs/date_object.cpp.
+        * kjs/DateConstructor.h: Copied from kjs/date_object.h.
+        * kjs/DateMath.cpp:
+        (KJS::ymdhmsToSeconds):
+        (KJS::):
+        (KJS::skipSpacesAndComments):
+        (KJS::findMonth):
+        (KJS::parseDate):
+        (KJS::timeClip):
+        (KJS::formatDate):
+        (KJS::formatDateUTCVariant):
+        (KJS::formatTime):
+        * kjs/DateMath.h:
+        (KJS::gmtoffset):
+        * kjs/DatePrototype.cpp: Copied from kjs/date_object.cpp.
+        * kjs/DatePrototype.h: Copied from kjs/date_object.h.
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSObject.cpp:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/internal.cpp:
+
+2008-06-29  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Rubber-stamped by Cameron Zwarich
+
+        Fix Gtk non-AllInOne build
+
+        * GNUmakefile.am: include JSVariableObject.cpp
+        * kjs/RegExpConstructor.cpp: include RegExpObject.h
+        * kjs/RegExpObject.h: forward declare RegExpPrototype
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam and Cameron.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=19805
+          Array.concat turns missing array elements into "undefined"
+
+        Test: fast/js/array-holes.html
+
+        * JavaScriptCore.exp: No longer export JSArray::getItem.
+
+        * kjs/ArrayPrototype.cpp:
+        (KJS::arrayProtoFuncConcat): Changed to use getProperty instead of
+        JSArray::getItem -- need to handle properties from the prototype chain
+        instead of ignoring them.
+
+        * kjs/JSArray.cpp: Removed getItem.
+        * kjs/JSArray.h: Ditto.
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19804
+          optimize access to arrays without "holes"
+
+        SunSpider says 1.8% faster.
+
+        * kjs/JSArray.cpp:
+        (KJS::JSArray::JSArray): Initialize m_fastAccessCutoff when creating
+        arrays. Also updated for new location of m_vectorLength.
+        (KJS::JSArray::getItem): Updated for new location of m_vectorLength.
+        (KJS::JSArray::getSlowCase): Added. Broke out the non-hot parts of
+        getOwnPropertySlot to make the hot part faster.
+        (KJS::JSArray::getOwnPropertySlot): Added a new faster case for
+        indices lower than m_fastAccessCutoff. We can do theese with no
+        additional checks or branches.
+        (KJS::JSArray::put): Added a new faster case for indices lower than
+        m_fastAccessCutoff. We can do theese with no additional checks or
+        branches. Moved the maxArrayIndex handling out of this function.
+        Added code to set m_fastAccessCutoff when the very last hole in
+        an array is filled; this is how the cutoff gets set for most arrays.
+        (KJS::JSArray::putSlowCase): Moved the rest of the put function logic
+        in here, to make the hot part of the put function faster.
+        (KJS::JSArray::deleteProperty): Added code to lower m_fastAccessCutoff
+        when a delete makes a new hole in the array.
+        (KJS::JSArray::getPropertyNames): Updated for new location of
+        m_vectorLength.
+        (KJS::JSArray::increaseVectorLength): Ditto.
+        (KJS::JSArray::setLength): Added code to lower m_fastAccessCutoff
+        when setLength makes the array smaller.
+        (KJS::JSArray::mark): Updated for new location of m_vectorLength.
+        (KJS::JSArray::sort): Ditto. Set m_fastAccessCutoff after moving
+        all the holes to the end of the array.
+        (KJS::JSArray::compactForSorting): Ditto.
+        (KJS::JSArray::checkConsistency): Added consistency checks fro
+        m_fastAccessCutoff and updated for the new location of m_vectorLength.
+
+        * kjs/JSArray.h: Added declarations for slow case functions.
+        Replaced m_vectorLength with m_fastAccessCutoff.
+
+2008-06-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam.
+
+        When executing a native call, check for an exception before writing the
+        return value.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-06-28  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.  Flag headers as private or public as is appropriate.
+        These settings were accidentally removed during some project file cleanup.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Splits RegExpConstructor and RegExpPrototype out of RegExpObject.h/cpp
+
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/RegExpConstructor.cpp: Copied from kjs/RegExpObject.cpp.
+        * kjs/RegExpConstructor.h: Copied from kjs/RegExpObject.h.
+        * kjs/RegExpObject.cpp:
+        * kjs/RegExpObject.h:
+        * kjs/RegExpPrototype.cpp: Copied from kjs/RegExpObject.cpp.
+        * kjs/RegExpPrototype.h: Copied from kjs/RegExpObject.h.
+        * kjs/StringPrototype.cpp:
+        * kjs/internal.cpp:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Fix non-AllInOne builds.
+
+        * kjs/StringConstructor.cpp:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Rename string_object.h/cpp to StringObject.h/cpp and split out StringObjectThatMasqueradesAsUndefined,
+        StringConstructor and StringPrototype.
+
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/StringConstructor.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
+        * kjs/StringConstructor.h: Copied from JavaScriptCore/kjs/string_object.h.
+        * kjs/StringObject.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
+        * kjs/StringObject.h: Copied from JavaScriptCore/kjs/string_object.h.
+        * kjs/StringObjectThatMasqueradesAsUndefined.h: Copied from JavaScriptCore/kjs/string_object.h.
+        * kjs/StringPrototype.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
+        * kjs/StringPrototype.h: Copied from JavaScriptCore/kjs/string_object.h.
+        * kjs/internal.cpp:
+        * kjs/string_object.cpp: Removed.
+        * kjs/string_object.h: Removed.
+
+2008-06-28  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix: JSVariableObject is now part of AllInOne
+
+        * GNUmakefile.am:
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19801
+          add a feature so we can tell what regular expressions are taking time
+
+        * pcre/pcre_compile.cpp:
+        (jsRegExpCompile): Compile in the string if REGEXP_HISTOGRAM is on.
+
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute): Add hook to time execution.
+        (Histogram::~Histogram): Print a sorted list of what took time.
+        (Histogram::add): Accumulate records of what took time.
+        (HistogramTimeLogger::~HistogramTimeLogger): Hook that calls
+        Histogram::add at the right moment and creates the global histogram
+        object.
+
+        * pcre/pcre_internal.h: Define REGEXP_HISTOGRAM.
+
+        * pcre/pcre_tables.cpp: Added missing include of "config.h". Not needed
+        any more, but an omissions an earlier version of this patch detected.
+        * pcre/pcre_ucp_searchfuncs.cpp: Ditto.
+        * pcre/pcre_xclass.cpp: Ditto.
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Try and fix the Windows build again.
+
+        * kjs/RegExpObject.cpp:
+        * kjs/date_object.cpp:
+        * kjs/error_object.cpp:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Remove unused StringConstructorFunction class.
+
+        * kjs/string_object.h:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Fix windows build.
+
+        * kjs/ArrayPrototype.cpp:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/BooleanPrototype.h:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/JSImmediate.cpp:
+        * kjs/JSObject.cpp:
+        * kjs/MathObject.cpp:
+        * kjs/NumberPrototype.cpp:
+        * kjs/NumberPrototype.h:
+        * kjs/ObjectConstructor.cpp:
+        * kjs/RegExpObject.h:
+        * kjs/error_object.h:
+        * kjs/string_object.cpp:
+
+2008-06-28  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Splits FunctionConstructor out of FunctionPrototype.h/cpp
+        Splits NumberConstructor and NumberPrototype out of NumberObject.h/cpp
+        Rename object_object.h/cpp to ObjectPrototype.h/cpp and split out ObjectConstructor.
+
+        * API/JSCallbackConstructor.cpp:
+        * API/JSClassRef.cpp:
+        * API/JSObjectRef.cpp:
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArrayConstructor.cpp:
+        * kjs/ArrayConstructor.h:
+        * kjs/FunctionConstructor.cpp: Copied from JavaScriptCore/kjs/FunctionPrototype.cpp.
+        * kjs/FunctionConstructor.h: Copied from JavaScriptCore/kjs/FunctionPrototype.h.
+        * kjs/FunctionPrototype.cpp:
+        * kjs/FunctionPrototype.h:
+        * kjs/JSFunction.cpp:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSImmediate.cpp:
+        * kjs/MathObject.h:
+        * kjs/NumberConstructor.cpp: Copied from JavaScriptCore/kjs/NumberObject.cpp.
+        * kjs/NumberConstructor.h: Copied from JavaScriptCore/kjs/NumberObject.h.
+        * kjs/NumberObject.cpp:
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.cpp: Copied from JavaScriptCore/kjs/NumberObject.cpp.
+        * kjs/NumberPrototype.h: Copied from JavaScriptCore/kjs/NumberObject.h.
+        * kjs/ObjectConstructor.cpp: Copied from JavaScriptCore/kjs/object_object.cpp.
+        * kjs/ObjectConstructor.h: Copied from JavaScriptCore/kjs/object_object.h.
+        * kjs/ObjectPrototype.cpp: Copied from JavaScriptCore/kjs/object_object.cpp.
+        * kjs/ObjectPrototype.h: Copied from JavaScriptCore/kjs/object_object.h.
+        * kjs/RegExpObject.h:
+        * kjs/Shell.cpp:
+        * kjs/error_object.h:
+        * kjs/internal.cpp:
+        * kjs/nodes.cpp:
+        * kjs/object_object.cpp: Removed.
+        * kjs/object_object.h: Removed.
+        * kjs/string_object.h:
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=19796
+          optimize expressions with ignored results (especially post-increment)
+
+        SunSpider says 0.9% faster.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::tempDestination): Create a new temporary for
+        ignoredResult() too, just as we would for 0.
+        (KJS::CodeGenerator::finalDestination): Use the temporary if the
+        register passed in is ignoredResult() too, just as we would for 0.
+        (KJS::CodeGenerator::destinationForAssignResult): Return 0 if the
+        passed in register is ignoredResult(), just as we would for 0.
+        (KJS::CodeGenerator::moveToDestinationIfNeeded): Return 0 if the
+        register passed in is ignoredResult(). What matters is that we
+        don't want to emit a move. The return value won't be looked at.
+        (KJS::CodeGenerator::emitNode): Allow ignoredResult() and pass it
+        through to the node's emitCode function.
+
+        * VM/RegisterID.h:
+        (KJS::ignoredResult): Added. Special value to indicate the result of
+        a node will be ignored and need not be put in any register.
+
+        * kjs/nodes.cpp:
+        (KJS::NullNode::emitCode): Do nothing if dst == ignoredResult().
+        (KJS::BooleanNode::emitCode): Ditto.
+        (KJS::NumberNode::emitCode): Ditto.
+        (KJS::StringNode::emitCode): Ditto.
+        (KJS::RegExpNode::emitCode): Ditto.
+        (KJS::ThisNode::emitCode): Ditto.
+        (KJS::ResolveNode::emitCode): Do nothing if dst == ignoredResult() and
+        the identifier resolves to a local variable.
+        (KJS::ObjectLiteralNode::emitCode): Do nothing if dst == ignoredResult()
+        and the object is empty.
+        (KJS::PostIncResolveNode::emitCode): If dst == ignoredResult(), then do
+        nothing for the local constant case, and do a pre-increment in all the
+        other cases.
+        (KJS::PostDecResolveNode::emitCode): Ditto.
+        (KJS::PostIncBracketNode::emitCode): Ditto.
+        (KJS::PostDecBracketNode::emitCode): Ditto.
+        (KJS::PostIncDotNode::emitCode): Ditto.
+        (KJS::PostDecDotNode::emitCode): Ditto.
+        (KJS::DeleteValueNode::emitCode): Pass ignoredResult() when evaluating
+        the expression.
+        (KJS::VoidNode::emitCode): Ditto.
+        (KJS::TypeOfResolveNode::emitCode): If dst == ignoredResult(), do nothing
+        if the identifier resolves to a local variable, and don't bother generating
+        a typeof opcode in the other case.
+        (KJS::TypeOfValueNode::emitCode): Ditto.
+        (KJS::PreIncResolveNode::emitCode): Do nothing if dst == ignoredResult() and
+        the identifier resolves to a local constant.
+        (KJS::PreDecResolveNode::emitCode): Ditto.
+        (KJS::AssignResolveNode::emitCode): Turn ignoredResult() into 0 in a couple
+        places, because we need to put the result into a register so we can assign
+        it. At other sites this is taken care of by functions like finalDestination.
+        (KJS::CommaNode::emitCode): Pass ignoredResult() when evaluating the first
+        expression.
+        (KJS::ForNode::emitCode): Pass ignoredResult() when evaluating the first and
+        third expressions.
+        (KJS::ForInNode::emitCode): Pass ignoredResult() when evaluating the first
+        expression.
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19787
+          create most arrays from values in registers rather than with multiple put operations
+
+        SunSpider says 0.8% faster.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump): Added argv and argc parameters to new_array.
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Ditto.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitNewArray): Added.
+        * VM/CodeGenerator.h: Added ElementNode* argument to emitNewArray.
+
+        * kjs/nodes.cpp:
+        (KJS::ArrayNode::emitCode): Pass the ElementNode to emitNewArray so it can be
+        initialized with as many elements as possible. If the array doesn't have any
+        holes in it, that's all that's needed. If there are holes, then emit some separate
+        put operations for the other values in the array and for the length as needed.
+
+        * kjs/nodes.h: Added some accessors to ElementNode so the code generator can
+        iterate through elements and generate code to evaluate them. Now ArrayNode does
+        not need to be a friend. Also took out some unused PlacementNewAdoptType
+        constructors.
+
+2008-06-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        * kjs/nodes.h: Remove obsolete PlacementNewAdopt constructors.
+        We no longer mutate the AST in place.
+
+2008-06-28  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Build fix
+
+        * VM/Machine.cpp: include stdio.h for printf
+
+2008-06-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix platforms that don't use AllInOne.cpp
+
+        * kjs/BooleanConstructor.h:
+        * kjs/BooleanPrototype.h:
+        * kjs/FunctionPrototype.cpp:
+
+2008-06-27  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Splits ArrayConstructor out of ArrayPrototype.h/cpp
+        Splits BooleanConstructor and BooleanPrototype out of BooleanObject.h/cpp
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArrayConstructor.cpp: Copied from kjs/ArrayPrototype.cpp.
+        * kjs/ArrayConstructor.h: Copied from kjs/ArrayPrototype.h.
+        * kjs/ArrayPrototype.cpp:
+        * kjs/ArrayPrototype.h:
+        * kjs/BooleanConstructor.cpp: Copied from kjs/BooleanObject.cpp.
+        * kjs/BooleanConstructor.h: Copied from kjs/BooleanObject.h.
+        * kjs/BooleanObject.cpp:
+        * kjs/BooleanObject.h:
+        * kjs/BooleanPrototype.cpp: Copied from kjs/BooleanObject.cpp.
+        * kjs/BooleanPrototype.h: Copied from kjs/BooleanObject.h.
+        * kjs/CommonIdentifiers.h:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/JSArray.cpp:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSImmediate.cpp:
+        * kjs/Shell.cpp:
+        * kjs/internal.cpp:
+        * kjs/nodes.cpp:
+        * kjs/string_object.cpp:
+
+2008-06-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam.
+
+        Bug 18626: SQUIRRELFISH: support the "slow script" dialog <https://bugs.webkit.org/show_bug.cgi?id=18626>
+        <rdar://problem/5973931> Slow script dialog needs to be reimplemented for squirrelfish
+
+        Adds support for the slow script dialog in squirrelfish.  This requires the addition
+        of three new op codes, op_loop, op_loop_if_true, and op_loop_if_less which have the
+        same behaviour as their simple jump equivalents but have an additional time out check.
+
+        Additional assertions were added to other jump instructions to prevent accidentally
+        creating loops with jump types that do not support time out checks.
+
+        Sunspider does not report a regression, however this appears very sensitive to code
+        layout and hardware, so i would expect up to a 1% regression on other systems.
+
+        Part of this required moving the old timeout logic from JSGlobalObject and into Machine
+        which is the cause of a number of the larger diff blocks.
+
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        (KJS::CodeGenerator::emitJumpScopes):
+        * VM/ExceptionHelpers.cpp:
+        (KJS::InterruptedExecutionError::isWatchdogException):
+        (KJS::createInterruptedExecutionException):
+        * VM/ExceptionHelpers.h:
+        * VM/LabelID.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine):
+        (KJS::Machine::throwException):
+        (KJS::Machine::resetTimeoutCheck):
+        (KJS::getCurrentTime):
+        (KJS::Machine::checkTimeout):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        (KJS::Machine::setTimeoutTime):
+        (KJS::Machine::startTimeoutCheck):
+        (KJS::Machine::stopTimeoutCheck):
+        (KJS::Machine::initTimeout):
+        * VM/Opcode.cpp:
+        (KJS::):
+        * VM/Opcode.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        (KJS::JSGlobalObject::setTimeoutTime):
+        (KJS::JSGlobalObject::startTimeoutCheck):
+        * kjs/JSGlobalObject.h:
+        * kjs/JSObject.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-06-27  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk and Qt build fix: Remove RegisterFileStack from the build
+        scripts.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+
+2008-06-27  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Geoff.
+
+        Build fixes. 
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::RegisterFile):
+        * kjs/JSGlobalObject.cpp:
+        * kjs/collector.cpp:
+
+2008-06-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        One RegisterFile to rule them all!
+        
+        SunSpider reports a 0.2% speedup.
+
+        This patch removes the RegisterFileStack abstraction and replaces it with
+        a single register file that
+        
+        (a) allocates a fixed storage area, including a fixed area for global
+        vars, so that no operation may cause the register file to reallocate
+        
+        and
+
+        (b) swaps between global storage areas when executing code in different 
+        global objects.
+        
+        This patch also changes the layout of the register file so that all call
+        frames, including call frames for global code, get a header. This is
+        required to support re-entrant global code. It also just makes things simpler.
+        
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addGlobalVar): New function. Differs from addVar in
+        that
+        
+        (a) global vars don't contribute to a CodeBlock's numLocals count, since
+        global storage is fixed and allocated at startup
+        
+        and
+        
+        (b) references to global vars get shifted to elide intermediate stack
+        between "r" and the global storage area.
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters): Updated this function to match the new
+        register file layout, and added the ability to dump exact identifiers
+        for the different parts of a call frame.
+        
+        (KJS::Machine::unwindCallFrame): Updated this function to match the new
+        register file layout.
+         
+        (KJS::Machine::execute): Updated this function to initialize a call frame
+        header for global code, and to swap global storage areas when switching
+        to execution in a new global object.
+        
+        (KJS::Machine::privateExecute): Got rid of "safeForReentry" and re-reading
+        of registerBase because the register file is always safe for reentry now,
+        and registerBase never changes.
+        
+        * VM/Machine.h: Moved the call frame header enum from Machine to RegisterFile,
+        to resolve a header dependency problem (a good sign that the enum belonged
+        in RegisterFile all along!)
+
+        * VM/RegisterFile.cpp:
+        * VM/RegisterFile.h: Changed RegisterFile to mmap a fixed size register
+        area. This allows us to avoid re-allocting the register file later on.
+        Instead, we rely on the OS to allocate physical pages to the register
+        file as necessary.
+
+        * VM/RegisterFileStack.cpp: Removed. Tada!
+        * VM/RegisterFileStack.h: Removed. Tada!
+
+        * kjs/DebuggerCallFrame.cpp: Updated this class to match the new
+        register file layout, greatly simplifying it in the process.
+
+        * kjs/JSActivation.h:
+        * kjs/JSActivation.cpp: Moved some of this logic up to JSVariableObject,
+        since the global object now needs to be able to tear off its registers
+        just like the activation object.
+
+        * kjs/JSFunction.cpp: No need to fiddle with the register file anymore.
+
+        * kjs/JSGlobalObject.h:
+        * kjs/JSGlobalObject.cpp: Updated JSGlobalObject to support moving its
+        global storage area into and out of the register file.
+
+        * kjs/PropertySlot.cpp: No need to fiddle with the register file anymore.
+
+        * kjs/collector.cpp: Renamed markStackObjectConservatively to
+        markConservatively, since we don't just mark stack objects this way.
+        
+        Also, added code to mark the machine's register file.
+
+        * kjs/config.h: Moved some platforms #defines from here...
+        * wtf/Platform.h: ...to here, to support mmap/VirtualAlloc detection
+        in RegisterFile.h.
+
+2008-06-26  Mark Rowe  <mrowe@apple.com>
+
+        Speculative fix for the Windows build.
+
+        * kjs/JSImmediate.cpp:
+
+2008-06-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler and Geoff Garen.
+
+        Fix the malloc zone introspection functions so that malloc_zone_statistics does not give
+        bogus output in an application that uses JavaScriptCore.
+
+        * kjs/CollectorHeapIntrospector.cpp:
+        (KJS::CollectorHeapIntrospector::statistics): Return statistics about memory allocated by the collector.
+        * kjs/CollectorHeapIntrospector.h:
+        * wtf/FastMalloc.cpp: Zero out the statistics.  FastMalloc doesn't track this information at present.
+        Returning zero for all values is preferable to returning bogus data.
+
+2008-06-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19721
+          speed up JavaScriptCore by not wrapping strings in objects just
+          to call functions on them
+
+        - optimize UString append and the replace function a bit
+
+        SunSpider says 1.8% faster.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/JSPropertyNameIterator.cpp: Added include of JSString.h, now needed
+        because jsString returns a JSString*.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Removed the toObject call from native
+        function calls. Also removed code to put the this value into a register.
+
+        * kjs/BooleanObject.cpp:
+        (KJS::booleanProtoFuncToString): Rewrite to handle false and true
+        separately.
+
+        * kjs/FunctionPrototype.cpp:
+        (KJS::constructFunction): Use single-character append rather than building
+        a string for each character.
+        * kjs/JSFunction.cpp:
+        (KJS::globalFuncUnescape): Ditto.
+
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::prototype): Added. Gets the appropriate prototype for
+        use with an immediate value. To be used instead of toObject when doing a
+        get on an immediate value.
+        * kjs/JSImmediate.h: Added prototype.
+
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::toString): Tweaked formatting.
+
+        * kjs/JSObject.h:
+        (KJS::JSValue::get): Use prototype instead of toObject to avoid creating
+        an object wrapper just to search for properties. This also saves an
+        unnecessary hash table lookup since the object wrappers themselves don't
+        have any properties.
+
+        * kjs/JSString.h: Added toThisString and toThisJSString.
+
+        * kjs/JSValue.cpp:
+        (KJS::JSCell::toThisString): Added.
+        (KJS::JSCell::toThisJSString): Added.
+        (KJS::JSCell::getJSNumber): Added.
+        (KJS::jsString): Changed return type to JSString*.
+        (KJS::jsOwnedString): Ditto.
+
+        * kjs/JSValue.h:
+        (KJS::JSValue::toThisString): Added.
+        (KJS::JSValue::toThisJSString): Added.
+        (KJS::JSValue::getJSNumber): Added.
+
+        * kjs/NumberObject.cpp:
+        (KJS::NumberObject::getJSNumber): Added.
+        (KJS::integer_part_noexp): Append C string directly rather than first
+        turning it into a UString.
+        (KJS::numberProtoFuncToString): Use getJSNumber to check if the value
+        is a number rather than isObject(&NumberObject::info). This works for
+        immediate numbers, number cells, and NumberObject instances.
+        (KJS::numberProtoFuncToLocaleString): Ditto.
+        (KJS::numberProtoFuncValueOf): Ditto.
+        (KJS::numberProtoFuncToFixed): Ditto.
+        (KJS::numberProtoFuncToExponential): Ditto.
+        (KJS::numberProtoFuncToPrecision): Ditto.
+        * kjs/NumberObject.h: Added getJSNumber.
+
+        * kjs/PropertySlot.cpp: Tweaked comment.
+
+        * kjs/internal.cpp:
+        (KJS::JSString::toThisString): Added.
+        (KJS::JSString::toThisJSString): Added.
+        (KJS::JSString::getOwnPropertySlot): Changed code that searches the
+        prototype chain to start with the string prototype and not create a
+        string object.
+        (KJS::JSNumberCell::toThisString): Added.
+        (KJS::JSNumberCell::getJSNumber): Added.
+
+        * kjs/lookup.cpp:
+        (KJS::staticFunctionGetter): Moved here, because there's no point in
+        having a function that's only used for a function pointer be inline.
+        (KJS::setUpStaticFunctionSlot): New function for getStaticFunctionSlot.
+
+        * kjs/lookup.h:
+        (KJS::staticValueGetter): Don't mark this inline. It doesn't make sense
+        to have a function that's only used for a function pointer be inline.
+        (KJS::getStaticFunctionSlot): Changed to get properties from the parent
+        first before doing any handling of functions. This is the fastest way
+        to return the function once the initial setup is done.
+
+        * kjs/string_object.cpp:
+        (KJS::StringObject::getPropertyNames): Call value() instead of getString(),
+        avoiding an unnecessary virtual function call (the call to the type()
+        function in the implementation of the isString() function).
+        (KJS::StringObject::toString): Added.
+        (KJS::StringObject::toThisString): Added.
+        (KJS::StringObject::toThisJSString): Added.
+        (KJS::substituteBackreferences): Rewrote to use a appending algorithm
+        instead of a the old one that tried to replace in place.
+        (KJS::stringProtoFuncReplace): Merged this function and the replace function.
+        Replaced the hand-rolled dynamic arrays for source ranges and replacements
+        with Vector.
+        (KJS::stringProtoFuncToString): Handle JSString as well as StringObject.
+        Removed the separate valueOf implementation, since it can just share this.
+        (KJS::stringProtoFuncCharAt): Use toThisString, which handles JSString as
+        well as StringObject, and is slightly more efficient than the old code too.
+        (KJS::stringProtoFuncCharCodeAt): Ditto.
+        (KJS::stringProtoFuncConcat): Ditto.
+        (KJS::stringProtoFuncIndexOf): Ditto.
+        (KJS::stringProtoFuncLastIndexOf): Ditto.
+        (KJS::stringProtoFuncMatch): Ditto.
+        (KJS::stringProtoFuncSearch): Ditto.
+        (KJS::stringProtoFuncSlice): Ditto.
+        (KJS::stringProtoFuncSplit): Ditto.
+        (KJS::stringProtoFuncSubstr): Ditto.
+        (KJS::stringProtoFuncSubstring): Ditto.
+        (KJS::stringProtoFuncToLowerCase): Use toThisJSString.
+        (KJS::stringProtoFuncToUpperCase): Ditto.
+        (KJS::stringProtoFuncToLocaleLowerCase): Ditto.
+        (KJS::stringProtoFuncToLocaleUpperCase): Ditto.
+        (KJS::stringProtoFuncLocaleCompare): Ditto.
+        (KJS::stringProtoFuncBig): Use toThisString.
+        (KJS::stringProtoFuncSmall): Ditto.
+        (KJS::stringProtoFuncBlink): Ditto.
+        (KJS::stringProtoFuncBold): Ditto.
+        (KJS::stringProtoFuncFixed): Ditto.
+        (KJS::stringProtoFuncItalics): Ditto.
+        (KJS::stringProtoFuncStrike): Ditto.
+        (KJS::stringProtoFuncSub): Ditto.
+        (KJS::stringProtoFuncSup): Ditto.
+        (KJS::stringProtoFuncFontcolor): Ditto.
+        (KJS::stringProtoFuncFontsize): Ditto.
+        (KJS::stringProtoFuncAnchor): Ditto.
+        (KJS::stringProtoFuncLink): Ditto.
+
+        * kjs/string_object.h: Added toString, toThisString, and toThisJSString.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::append): Added a version that takes a character pointer and
+        size, so we don't have to create a UString just to append to another UString.
+        * kjs/ustring.h:
+
+2008-06-26  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        Make JSGlobalData per-thread.
+
+        No change on SunSpider total.
+
+        * wtf/ThreadSpecific.h: Re-enabled the actual implementation.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject): Re-added a JSLock-related assertion. We'll probably
+        want to preserve these somehow to keep legacy behavior in working condition.
+        (KJS::JSGlobalObject::init): Initialize globalData pointer earlier, so that it is ready
+        when updating JSGlobalObject linked list.
+
+        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::head): Changed head() to be non-static, and
+        to use JSGlobalData associated with the current object.
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreadingOnce): Removed a no longer needed
+        Heap::registerAsMainThread() call.
+
+        * kjs/JSGlobalData.h: Removed a lying lie comment - parserObjectExtraRefCounts is not
+        transient, and while newParserObjects may conceptually be such, there is still some node
+        manipulation going on outside Parser::parse which touches it.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::~JSGlobalData): Delete recently added members.
+        (KJS::JSGlobalData::sharedInstance): Actually use a separate instance.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap):
+        (KJS::Heap::~Heap): Added a destructor, which unconditionally deletes everything.
+        (KJS::Heap::sweep): Removed code related to "collect on main thread only" logic.
+        (KJS::Heap::collect): Ditto.
+        (KJS::Heap::globalObjectCount): Explicitly use per-thread instance of JSGlobalObject linked
+        list now that JSGlobalObject::head() is not static. Curently, WebCoreStatistics methods only
+        work with the main thread currently anyway.
+        (KJS::Heap::protectedGlobalObjectCount): Ditto.
+
+        * kjs/collector.h: Removed code related to "collect on main thread only" logic.
+
+        * JavaScriptCore.exp: Removed Heap::collectOnMainThreadOnly.
+
+2008-06-26  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19767
+        REGRESSION: Crash in sort() when visiting http://www.onnyturf.com/subway/
+
+        * kjs/JSArray.cpp: (KJS::AVLTreeAbstractorForArrayCompare::set_balance_factor):
+        Made changing balance factor from -1 to +1 work correctly.
+
+        * wtf/AVLTree.h: (KJS::AVLTreeDefaultBSet::operator[]): Added an assertion that catches
+        this slightly earlier.
+
+2008-06-25  Timothy Hatcher  <timothy@apple.com>
+
+        Fixes an ASSERT in the profiler when starting multiple profiles
+        with the same name inside the same function/program.
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile): Initialize m_stoppedCallDepth to zero.
+        (KJS::Profile::stopProfiling): Set the current node to the parent,
+        because we are in a call that will not get a didExecute call.
+        (KJS::Profile::removeProfile): Increment m_stoppedCallDepth to
+        account for didExecute not being called for profile.
+        (KJS::Profile::willExecute): Increment m_stoppedCallDepth if stopped.
+        (KJS::Profile::didExecute): Decrement m_stoppedCallDepth if stopped and
+        greater than zero, and return early.
+        * profiler/Profile.h: Added stoppedProfiling().
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::findProfile): Removed.
+        (KJS::Profiler::startProfiling): Don't return early for stopped profiles.
+        (KJS::Profiler::stopProfiling): Skipp stopped profiles.
+        (KJS::Profiler::didFinishAllExecution): Code clean-up.
+        * profiler/Profiler.h: Removed findProfile.
+
+2008-06-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Attempt to fix Windows debug build. The compiler gives a warning when
+        Structured Exception Handling and destructors are used in the same
+        function. Using manual locking and unlocking instead of constructors
+        and destructors should fix the warning.
+
+        * kjs/Shell.cpp:
+        (main):
+
+2008-06-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Forgot to address a review comment about better names for tracked objects, doing it now.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/nodes.cpp:
+        (KJS::ParserRefCounted::ParserRefCounted):
+        (KJS::ParserRefCounted::ref):
+        (KJS::ParserRefCounted::deref):
+        (KJS::ParserRefCounted::hasOneRef):
+        (KJS::ParserRefCounted::deleteNewObjects):
+
+2008-06-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Remove more threadInstance() calls.
+
+        * kjs/JSFunction.cpp:
+        (KJS::JSFunction::getParameterName):
+        (KJS::IndexToNameMap::unMap):
+        (KJS::Arguments::deleteProperty):
+        * kjs/JSFunction.h:
+        Access nullIdentifier without going to thread specific storage.
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+        * kjs/Parser.h:
+        (KJS::ParserRefCountedData::ParserRefCountedData):
+        (KJS::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ParserRefCounted::ParserRefCounted):
+        (KJS::ParserRefCounted::ref):
+        (KJS::ParserRefCounted::deref):
+        (KJS::ParserRefCounted::hasOneRef):
+        (KJS::ParserRefCounted::deleteNewObjects):
+        (KJS::Node::Node):
+        (KJS::StatementNode::StatementNode):
+        (KJS::BreakpointCheckStatement::BreakpointCheckStatement):
+        (KJS::ConstDeclNode::ConstDeclNode):
+        (KJS::BlockNode::BlockNode):
+        (KJS::ForInNode::ForInNode):
+        (KJS::ScopeNode::ScopeNode):
+        (KJS::ProgramNode::ProgramNode):
+        (KJS::ProgramNode::create):
+        (KJS::EvalNode::EvalNode):
+        (KJS::EvalNode::create):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::FunctionBodyNode::create):
+        * kjs/nodes.h:
+        (KJS::ExpressionNode::):
+        (KJS::NullNode::):
+        (KJS::BooleanNode::):
+        (KJS::NumberNode::):
+        (KJS::ImmediateNumberNode::):
+        (KJS::StringNode::):
+        (KJS::RegExpNode::):
+        (KJS::ThisNode::):
+        (KJS::ResolveNode::):
+        (KJS::ElementNode::):
+        (KJS::ArrayNode::):
+        (KJS::PropertyNode::):
+        (KJS::PropertyListNode::):
+        (KJS::ObjectLiteralNode::):
+        (KJS::BracketAccessorNode::):
+        (KJS::DotAccessorNode::):
+        (KJS::ArgumentListNode::):
+        (KJS::ArgumentsNode::):
+        (KJS::NewExprNode::):
+        (KJS::EvalFunctionCallNode::):
+        (KJS::FunctionCallValueNode::):
+        (KJS::FunctionCallResolveNode::):
+        (KJS::FunctionCallBracketNode::):
+        (KJS::FunctionCallDotNode::):
+        (KJS::PrePostResolveNode::):
+        (KJS::PostIncResolveNode::):
+        (KJS::PostDecResolveNode::):
+        (KJS::PostfixBracketNode::):
+        (KJS::PostIncBracketNode::):
+        (KJS::PostDecBracketNode::):
+        (KJS::PostfixDotNode::):
+        (KJS::PostIncDotNode::):
+        (KJS::PostDecDotNode::):
+        (KJS::PostfixErrorNode::):
+        (KJS::DeleteResolveNode::):
+        (KJS::DeleteBracketNode::):
+        (KJS::DeleteDotNode::):
+        (KJS::DeleteValueNode::):
+        (KJS::VoidNode::):
+        (KJS::TypeOfResolveNode::):
+        (KJS::TypeOfValueNode::):
+        (KJS::PreIncResolveNode::):
+        (KJS::PreDecResolveNode::):
+        (KJS::PrefixBracketNode::):
+        (KJS::PreIncBracketNode::):
+        (KJS::PreDecBracketNode::):
+        (KJS::PrefixDotNode::):
+        (KJS::PreIncDotNode::):
+        (KJS::PreDecDotNode::):
+        (KJS::PrefixErrorNode::):
+        (KJS::UnaryOpNode::UnaryOpNode):
+        (KJS::UnaryPlusNode::):
+        (KJS::NegateNode::):
+        (KJS::BitwiseNotNode::):
+        (KJS::LogicalNotNode::):
+        (KJS::BinaryOpNode::BinaryOpNode):
+        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
+        (KJS::MultNode::):
+        (KJS::DivNode::):
+        (KJS::ModNode::):
+        (KJS::AddNode::):
+        (KJS::SubNode::):
+        (KJS::LeftShiftNode::):
+        (KJS::RightShiftNode::):
+        (KJS::UnsignedRightShiftNode::):
+        (KJS::LessNode::):
+        (KJS::GreaterNode::):
+        (KJS::LessEqNode::):
+        (KJS::GreaterEqNode::):
+        (KJS::InstanceOfNode::):
+        (KJS::InNode::):
+        (KJS::EqualNode::):
+        (KJS::NotEqualNode::):
+        (KJS::StrictEqualNode::):
+        (KJS::NotStrictEqualNode::):
+        (KJS::BitAndNode::):
+        (KJS::BitOrNode::):
+        (KJS::BitXOrNode::):
+        (KJS::LogicalAndNode::):
+        (KJS::LogicalOrNode::):
+        (KJS::ConditionalNode::):
+        (KJS::ReadModifyResolveNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::ReadModifyBracketNode::):
+        (KJS::AssignBracketNode::):
+        (KJS::AssignDotNode::):
+        (KJS::ReadModifyDotNode::):
+        (KJS::AssignErrorNode::):
+        (KJS::CommaNode::):
+        (KJS::VarDeclCommaNode::):
+        (KJS::ConstStatementNode::):
+        (KJS::SourceElements::SourceElements):
+        (KJS::EmptyStatementNode::):
+        (KJS::DebuggerStatementNode::):
+        (KJS::ExprStatementNode::):
+        (KJS::VarStatementNode::):
+        (KJS::IfNode::):
+        (KJS::IfElseNode::):
+        (KJS::DoWhileNode::):
+        (KJS::WhileNode::):
+        (KJS::ForNode::):
+        (KJS::ContinueNode::):
+        (KJS::BreakNode::):
+        (KJS::ReturnNode::):
+        (KJS::WithNode::):
+        (KJS::LabelNode::):
+        (KJS::ThrowNode::):
+        (KJS::TryNode::):
+        (KJS::ParameterNode::):
+        (KJS::FuncExprNode::):
+        (KJS::FuncDeclNode::):
+        (KJS::CaseClauseNode::):
+        (KJS::ClauseListNode::):
+        (KJS::CaseBlockNode::):
+        (KJS::SwitchNode::):
+        Changed ParserRefCounted to hold a JSGlobalData pointer, and used it to replace
+        threadInstance calls.
+
+2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Make the JavaScript shell collect the heap from main() instead of
+        jscmain() to suppress leak messages in debug builds.
+
+        * kjs/Shell.cpp:
+        (main):
+        (jscmain):
+
+2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Make the conversion of the pair (less, jtrue) to jless use register
+        reference counting information for safety instead of requiring callers
+        to decide whether it is safe.
+
+        No changes on SunSpider codegen.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-06-24  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/6031594> JSProfiler: Profiler goes into an infinite
+        loop sometimes.
+        <rdar://problem/6031603> JSProfiler: Profiler asserts in debug and
+        give the wrong times in release
+
+        Fixed two issues found by Tim in the same test.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::removeProfileStart): No longer take profile's time from
+        all ancestors, but instead attribute it to its parent.  Also add an
+        Assert to ensure we only delete the child we mean to.
+        (KJS::Profile::removeProfileEnd): Ditto for profileEnd.
+        (KJS::Profile::didExecute): Cleaned up the execution order and correctly
+        attribute all of the parent's time to the new node.
+        * profiler/ProfileNode.cpp: If this node does not have a startTime it
+        should not get a giant total time, but instead be 0.
+        (KJS::ProfileNode::endAndRecordCall):
+        * profiler/ProfileNode.h:
+        (KJS::ProfileNode::removeChild): Should reset the sibling pointers since
+        one of them has been removed.
+
+2008-06-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=19739
+          REGRESSION: fast/js/property-getters-and-setters.html fails
+
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::put): Remove an untested optimization I checked in by accident.
+        The two loops up the prototype chain both need to start from this; instead the
+        second loop was starting where the first loop left off.
+
+2008-06-24  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * kjs/nodes.cpp:
+
+2008-06-24  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Simon.
+
+        For the Qt build on Windows don't depend on the presence of GNU CPP
+        but use MSVC's preprocessor instead.
+        dftables accepts a --preprocessor option which is set in pcre.pri for MSVC platforms.
+
+        * pcre/dftables: Added support for specifying the preprocessor command
+        to use via --preprocessor, similar to
+        WebCore/bindings/scripts/generate-bindings.pl.
+        * pcre/pcre.pri: Pass --preprocessor='cl /e' to dftables, or more
+        generally speaking QMAKE_CC /E for the win32-msvc buildspecs.
+
+2008-06-24  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build, added missing include.
+
+        * kjs/PropertySlot.cpp:
+
+2008-06-24  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Make ParserRefCountedCounter actually perform a leak check.
+
+        * kjs/nodes.cpp:
+        (KJS::ParserRefCountedCounter::~ParserRefCountedCounter): Check for leaks in destructor,
+        not in constructor.
+        (KJS::ParserRefCountedCounter::increment):
+        (KJS::ParserRefCountedCounter::decrement):
+        (KJS::ParserRefCounted::ParserRefCounted):
+        (KJS::ParserRefCounted::~ParserRefCounted):
+        While at it, also made counting thread-safe.
+
+2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19730: REGRESSION (r34497): Text in alerts in "Leisure suit Larry" is not wrapped
+        <https://bugs.webkit.org/show_bug.cgi?id=19730>
+
+        Do not convert the pair (less, jtrue) to jless when jtrue is a jump
+        target. An example of this is when the condition of a while loop is a
+        LogicalOrNode.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitLabel):
+
+2008-06-20  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Adam Roben.
+
+        Fix compile with MinGW.
+
+        * kjs/Shell.cpp:
+        * wtf/Threading.h:
+        (WTF::atomicIncrement):
+        (WTF::atomicDecrement):
+
+2008-06-23  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Prepration for returning memory to the OS on Windows.  Track whether a portion of a span of memory was returned to the OS.
+        If it was, ask that it be recommitted before returning it to the application as an allocated region.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::New):  If the span was decommitted, ask that it be recommitted before returning it.
+        (WTF::TCMalloc_PageHeap::AllocLarge):  Ditto.
+        (WTF::TCMalloc_PageHeap::Carve):  When splitting a span, ensure that the decommitted state propogates to the two new spans.
+        (WTF::TCMalloc_PageHeap::Delete):  When merging a span, ensure that the resulting span is marked as decommitted if any of the
+        spans being merged were marked as decommitted.
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):  Mark as decommitted after releasing the span.
+        (WTF::TCMalloc_Central_FreeList::FetchFromSpans): Add an assertion to catch a decommitted span being returned to the application
+        without first being recommitted.
+        (WTF::TCMalloc_Central_FreeList::Populate): Ditto.
+        * wtf/TCSystemAlloc.cpp: Stub out TCMalloc_SystemCommit.
+        * wtf/TCSystemAlloc.h:
+
+2008-06-23  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove the sample member of Span when NO_TCMALLOC_SAMPLES is defined.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::Delete): Only update Span::sample if NO_TCMALLOC_SAMPLES is not defined.
+        (WTF::TCMallocStats::do_free):  Ditto.
+
+2008-06-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - work toward https://bugs.webkit.org/show_bug.cgi?id=19721
+
+        More preparation toward making functions work on primitive types without
+        creating wrapper objects. No speedup this time, but prepares for a future
+        speedup without slowing things down.
+
+        SunSpider reports no change.
+
+        - Eliminated the implementsCall, callAsFunction and construct virtual
+          functions from JSObject. Instead, the CallData and ConstructData for
+          a native function includes a function pointer that the caller can use
+          directly. Changed all call sites to use CallData and ConstructData.
+
+        - Changed the "this" argument to native functions to be a JSValue rather
+          than a JSObject. This prepares us for passing primitives into these
+          functions. The conversion to an object now must be done inside the
+          function. Critically, if it's a function that can be called on a DOM
+          window object, then we have to be sure to call toThisObject on the
+          argument before we use it for anything even if it's already an object.
+
+        - Eliminated the practice of using constructor objects in the global
+          object to make objects of the various basic types. Since these
+          constructors can't be replaced by script, there's no reason to involve
+          a constructor object at all. Added functions to do the construction
+          directly.
+
+        - Made some more class members private and protected, including virtual
+          function overrides. This can catch code using unnecessarily slow virtual
+          function code paths when the type of an object is known statically. If we
+          later find a new reason use the members outside the class it's easy to
+          make them public again.
+
+        - Moved the declarations of the native implementations for functions out
+          of header files. These can have internal linkage and be declared inside
+          the source file.
+
+        - Changed PrototypeFunction to take function pointers with the right
+          arguments to be put directly into CallData. This eliminates the
+          need to have a separate PrototypeReflexiveFunction, and reveals that the
+          real purpose of that class included something else specific to eval --
+          storage of a cached global object. So renamed PrototypeReflexiveFunction
+          to GlobalEvalFunction.
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::constructJSCallback):
+        (KJS::JSCallbackConstructor::getConstructData):
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::implementsHasInstance):
+        (KJS::JSCallbackFunction::call):
+        (KJS::JSCallbackFunction::getCallData):
+        * API/JSCallbackFunction.h:
+        (KJS::JSCallbackFunction::classInfo):
+        * API/JSCallbackObject.h:
+        (KJS::JSCallbackObject::classRef):
+        (KJS::JSCallbackObject::classInfo):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::getConstructData):
+        (KJS::::construct):
+        (KJS::::getCallData):
+        (KJS::::call):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectIsFunction):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (KJS::jsTypeStringForValue):
+        (KJS::Machine::privateExecute):
+        * kjs/ArrayPrototype.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncReverse):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSort):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayConstructor::ArrayConstructor):
+        (KJS::constructArrayWithSizeQuirk):
+        (KJS::constructWithArrayConstructor):
+        (KJS::ArrayConstructor::getConstructData):
+        (KJS::callArrayConstructor):
+        (KJS::ArrayConstructor::getCallData):
+        * kjs/ArrayPrototype.h:
+        * kjs/BooleanObject.cpp:
+        (KJS::booleanProtoFuncToString):
+        (KJS::booleanProtoFuncValueOf):
+        (KJS::constructBoolean):
+        (KJS::constructWithBooleanConstructor):
+        (KJS::BooleanConstructor::getConstructData):
+        (KJS::callBooleanConstructor):
+        (KJS::BooleanConstructor::getCallData):
+        (KJS::constructBooleanFromImmediateBoolean):
+        * kjs/BooleanObject.h:
+        * kjs/CallData.h:
+        (KJS::):
+        * kjs/ConstructData.h:
+        (KJS::):
+        * kjs/FunctionPrototype.cpp:
+        (KJS::callFunctionPrototype):
+        (KJS::FunctionPrototype::getCallData):
+        (KJS::functionProtoFuncToString):
+        (KJS::functionProtoFuncApply):
+        (KJS::functionProtoFuncCall):
+        (KJS::constructWithFunctionConstructor):
+        (KJS::FunctionConstructor::getConstructData):
+        (KJS::callFunctionConstructor):
+        (KJS::FunctionConstructor::getCallData):
+        (KJS::constructFunction):
+        * kjs/FunctionPrototype.h:
+        * kjs/JSArray.cpp:
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        (KJS::JSArray::sort):
+        (KJS::constructEmptyArray):
+        (KJS::constructArray):
+        * kjs/JSArray.h:
+        (KJS::JSArray::classInfo):
+        * kjs/JSFunction.cpp:
+        (KJS::JSFunction::call):
+        (KJS::globalFuncEval):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncIsNaN):
+        (KJS::globalFuncIsFinite):
+        (KJS::globalFuncDecodeURI):
+        (KJS::globalFuncDecodeURIComponent):
+        (KJS::globalFuncEncodeURI):
+        (KJS::globalFuncEncodeURIComponent):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::globalFuncKJSPrint):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeFunction::getCallData):
+        (KJS::GlobalEvalFunction::GlobalEvalFunction):
+        (KJS::GlobalEvalFunction::mark):
+        * kjs/JSFunction.h:
+        (KJS::InternalFunction::classInfo):
+        (KJS::InternalFunction::functionName):
+        (KJS::JSFunction::classInfo):
+        (KJS::GlobalEvalFunction::cachedGlobalObject):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        (KJS::JSGlobalObject::mark):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObject):
+        (KJS::JSGlobalObject::evalFunction):
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+        * kjs/JSNotAnObject.cpp:
+        * kjs/JSNotAnObject.h:
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::put):
+        (KJS::callDefaultValueFunction):
+        (KJS::JSObject::defaultValue):
+        (KJS::JSObject::lookupGetter):
+        (KJS::JSObject::lookupSetter):
+        (KJS::JSObject::hasInstance):
+        (KJS::JSObject::fillGetterPropertySlot):
+        (KJS::Error::create):
+        (KJS::constructEmptyObject):
+        * kjs/JSObject.h:
+        (KJS::GetterSetter::GetterSetter):
+        (KJS::GetterSetter::getter):
+        (KJS::GetterSetter::setGetter):
+        (KJS::GetterSetter::setter):
+        (KJS::GetterSetter::setSetter):
+        * kjs/JSValue.cpp:
+        (KJS::JSCell::deleteProperty):
+        (KJS::call):
+        (KJS::construct):
+        * kjs/JSValue.h:
+        * kjs/MathObject.cpp:
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/MathObject.h:
+        * kjs/NumberObject.cpp:
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncValueOf):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberConstructor::NumberConstructor):
+        (KJS::constructWithNumberConstructor):
+        (KJS::NumberConstructor::getConstructData):
+        (KJS::callNumberConstructor):
+        (KJS::NumberConstructor::getCallData):
+        (KJS::constructNumber):
+        (KJS::constructNumberFromImmediateNumber):
+        * kjs/NumberObject.h:
+        (KJS::NumberObject::classInfo):
+        (KJS::NumberConstructor::classInfo):
+        * kjs/PropertySlot.cpp:
+        (KJS::PropertySlot::functionGetter):
+        * kjs/RegExpObject.cpp:
+        (KJS::regExpProtoFuncTest):
+        (KJS::regExpProtoFuncExec):
+        (KJS::regExpProtoFuncCompile):
+        (KJS::regExpProtoFuncToString):
+        (KJS::callRegExpObject):
+        (KJS::RegExpObject::getCallData):
+        (KJS::constructRegExp):
+        (KJS::constructWithRegExpConstructor):
+        (KJS::RegExpConstructor::getConstructData):
+        (KJS::callRegExpConstructor):
+        (KJS::RegExpConstructor::getCallData):
+        * kjs/RegExpObject.h:
+        (KJS::RegExpConstructor::classInfo):
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+        (functionPrint):
+        (functionDebug):
+        (functionGC):
+        (functionVersion):
+        (functionRun):
+        (functionLoad):
+        (functionReadline):
+        (functionQuit):
+        * kjs/date_object.cpp:
+        (KJS::gmtoffset):
+        (KJS::formatLocaleDate):
+        (KJS::fillStructuresUsingDateArgs):
+        (KJS::DateInstance::getTime):
+        (KJS::DateInstance::getUTCTime):
+        (KJS::DateConstructor::DateConstructor):
+        (KJS::constructDate):
+        (KJS::DateConstructor::getConstructData):
+        (KJS::callDate):
+        (KJS::DateConstructor::getCallData):
+        (KJS::dateParse):
+        (KJS::dateNow):
+        (KJS::dateUTC):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetMilliSeconds):
+        (KJS::dateProtoFuncSetUTCMilliseconds):
+        (KJS::dateProtoFuncSetSeconds):
+        (KJS::dateProtoFuncSetUTCSeconds):
+        (KJS::dateProtoFuncSetMinutes):
+        (KJS::dateProtoFuncSetUTCMinutes):
+        (KJS::dateProtoFuncSetHours):
+        (KJS::dateProtoFuncSetUTCHours):
+        (KJS::dateProtoFuncSetDate):
+        (KJS::dateProtoFuncSetUTCDate):
+        (KJS::dateProtoFuncSetMonth):
+        (KJS::dateProtoFuncSetUTCMonth):
+        (KJS::dateProtoFuncSetFullYear):
+        (KJS::dateProtoFuncSetUTCFullYear):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/date_object.h:
+        (KJS::DateInstance::internalNumber):
+        (KJS::DateInstance::classInfo):
+        * kjs/error_object.cpp:
+        (KJS::errorProtoFuncToString):
+        (KJS::constructError):
+        (KJS::constructWithErrorConstructor):
+        (KJS::ErrorConstructor::getConstructData):
+        (KJS::callErrorConstructor):
+        (KJS::ErrorConstructor::getCallData):
+        (KJS::NativeErrorConstructor::construct):
+        (KJS::constructWithNativeErrorConstructor):
+        (KJS::NativeErrorConstructor::getConstructData):
+        (KJS::callNativeErrorConstructor):
+        (KJS::NativeErrorConstructor::getCallData):
+        * kjs/error_object.h:
+        (KJS::NativeErrorConstructor::classInfo):
+        * kjs/internal.cpp:
+        (KJS::JSNumberCell::toObject):
+        (KJS::JSNumberCell::toThisObject):
+        (KJS::GetterSetter::mark):
+        (KJS::GetterSetter::toPrimitive):
+        (KJS::GetterSetter::toBoolean):
+        (KJS::GetterSetter::toNumber):
+        (KJS::GetterSetter::toString):
+        (KJS::GetterSetter::toObject):
+        (KJS::InternalFunction::InternalFunction):
+        (KJS::InternalFunction::implementsHasInstance):
+        * kjs/lookup.h:
+        (KJS::HashEntry::):
+        * kjs/nodes.cpp:
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::makeFunction):
+        * kjs/object_object.cpp:
+        (KJS::objectProtoFuncValueOf):
+        (KJS::objectProtoFuncHasOwnProperty):
+        (KJS::objectProtoFuncIsPrototypeOf):
+        (KJS::objectProtoFuncDefineGetter):
+        (KJS::objectProtoFuncDefineSetter):
+        (KJS::objectProtoFuncLookupGetter):
+        (KJS::objectProtoFuncLookupSetter):
+        (KJS::objectProtoFuncPropertyIsEnumerable):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectConstructor::ObjectConstructor):
+        (KJS::constructObject):
+        (KJS::constructWithObjectConstructor):
+        (KJS::ObjectConstructor::getConstructData):
+        (KJS::callObjectConstructor):
+        (KJS::ObjectConstructor::getCallData):
+        * kjs/object_object.h:
+        * kjs/string_object.cpp:
+        (KJS::replace):
+        (KJS::stringProtoFuncToString):
+        (KJS::stringProtoFuncValueOf):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::stringFromCharCode):
+        (KJS::StringConstructor::StringConstructor):
+        (KJS::constructWithStringConstructor):
+        (KJS::StringConstructor::getConstructData):
+        (KJS::callStringConstructor):
+        (KJS::StringConstructor::getCallData):
+        * kjs/string_object.h:
+
+2008-06-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
+        <https://bugs.webkit.org/show_bug.cgi?id=19716>
+
+        When unwinding callframes for exceptions, check whether the callframe
+        was created by a reentrant native call to JavaScript after tearing off
+        the local variables instead of before.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame):
+
+2008-06-23  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Get testapi passing again in a debug build.
+
+        * API/testapi.c:
+        (main): Update the expected output of calling JSValueMakeString on a function object.
+
+2008-06-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Print a blank line when exiting the jsc interactive mode to ensure that the shell
+        prompt will start on a new line.
+
+        * kjs/Shell.cpp:
+        (runInteractive):
+
+2008-06-21  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Tweak the paths of the items in the "tests" group to clean things up a little.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-06-21  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Fix jsc to link against libedit.dylib rather than libedit.2.dylib.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-06-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Copy the JavaScriptCore shell (jsc) into JavaScriptCore.framework so that it will
+        be included in nightly builds.
+        https://bugs.webkit.org/show_bug.cgi?id=19691
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-06-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Mark Rowe.
+
+        Fix the build for non-Mac Darwin platforms by disabling their support
+        for readline in the JavaScript shell.
+
+        * kjs/config.h:
+
+2008-06-20  Timothy Hatcher  <timothy@apple.com>
+
+        Use member function pointers for the Profile::forEach function.
+        Eliminating a few static functions and simplified things a little.
+
+        Reviewed by Alexey Proskuryakov.
+
+        * JavaScriptCore.exp: Change the symbol for forEach.
+        * profiler/Profile.cpp:
+        (KJS::Profile::forEach): Use a member function pointer.
+        * profiler/Profile.h:
+        (KJS::Profile::sortTotalTimeDescending): Pass a function pointer.
+        (KJS::Profile::sortTotalTimeAscending): Ditto.
+        (KJS::Profile::sortSelfTimeDescending): Ditto.
+        (KJS::Profile::sortSelfTimeAscending): Ditto.
+        (KJS::Profile::sortCallsDescending): Ditto.
+        * profiler/ProfileNode.h:
+        (KJS::ProfileNode::sortTotalTimeDescending): No longer static.
+        (KJS::ProfileNode::sortTotalTimeAscending): Ditto.
+        (KJS::ProfileNode::sortSelfTimeDescending): Ditto.
+        (KJS::ProfileNode::sortSelfTimeAscending): Ditto.
+        (KJS::ProfileNode::sortCallsDescending): Ditto.
+
+2008-06-20  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Remove unused destructors.
+
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+
+2008-06-20  Timothy Hatcher  <timothy@apple.com>
+
+        Fixed an ASSERT(m_actualSelfTime <= m_actualTotalTime) when starting
+        and stopping a profile from the Develop menu. Also prevents
+        inserting an incorrect parent node as the new head after profiling
+        is stopped from the Develop menu.
+
+        Reviewed by Dan Bernstein.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::stopProfiling): If the current node is already the head
+        then there is no more need to record future nodes in didExecute.
+        (KJS::Profile::didExecute): Move the code of setupCurrentNodeAsStopped
+        into here since this was the only caller. When setting the total time
+        keep any current total time while adding the self time of the head.
+        (KJS::Profile::setupCurrentNodeAsStopped): Removed.
+        * profiler/Profile.h: Removed setupCurrentNodeAsStopped.
+
+2008-06-20  Kevin Ollivier  <kevino@theolliviers.com>
+
+        !USE(MULTIPLE_THREADS) on Darwin build fix
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading):
+        * kjs/collector.h:
+
+2008-06-20  Kevin McCullough  <kmccullough@apple.com>
+
+        -Leopard Build Fix.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::removeProfileStart):
+        (KJS::Profile::removeProfileEnd):
+
+2008-06-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Just giving credit.
+
+        * ChangeLog:
+
+2008-06-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim and Dan.
+
+        <rdar://problem/6024846> JSProfiler: ASSERT hit in Profiler.
+        - Because InspectorController can call startProfiling() and
+        stopProfiling() we cannot assert that console.profile() and
+        console.profileEnd() will be in the profile tree.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::removeProfileStart):
+        (KJS::Profile::removeProfileEnd):
+
+2008-06-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5958770> JSProfiler: Time incorrectly given to (idle)
+        if profiling is started and finished within the same function. (19230)
+        - Now we profile one more stack frame up from the last frame to allocate
+        the time spent in it, if it exists.
+
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp: We need to let the profiler know when the JS program 
+        has finished since that is what will actually stop the profiler instead
+        of just calling stopProfiling().
+        (KJS::Machine::execute):
+        * profiler/Profile.cpp:
+        (KJS::Profile::create): Moved from Profile.h since it was getting pretty
+        long.
+        (KJS::Profile::Profile): We now have a client, which is a listener who
+        we will return this profile to, once it has actually finished.
+        (KJS::Profile::stopProfiling): Instead of fully stopping the profiler
+        here, we set the flag and keep it profiling in the background.
+        (KJS::Profile::didFinishAllExecution): This is where the profiler
+        actually finishes and creates the (idle) node if one should be made.
+        (KJS::Profile::removeProfileStart): Don't use m_currentNode since it is
+        needed by the profiler as it runs silently in the background.
+        (KJS::Profile::removeProfileEnd): Ditto.
+        (KJS::Profile::willExecute): Don't profile new functions if we have
+        stopped profiling.
+        (KJS::Profile::didExecute): Only record one more return as all the
+        remaining time will be attributed to that function.
+        (KJS::Profile::setupCurrentNodeAsStopped): Sets the current node's time.
+        * profiler/Profile.h: Added functions and variables for the above
+        changes.
+        (KJS::Profile::client):
+        * profiler/ProfileNode.h:
+        (KJS::CallIdentifier::toString): Debug method.
+        * profiler/Profiler.cpp: Added support for the ProfilerClient.
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling): No longer return sthe profile.
+        (KJS::Profiler::didFinishAllExecution): Now returns the profile to the
+        client instead of stopProfiling.
+        * profiler/Profiler.h:
+        (KJS::ProfilerClient::~ProfilerClient): Clients will implement this
+        interface.
+
+2008-06-19  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Surpress compiler warning (int vs unsigned comparison).
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+
+2008-06-19  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Timothy Hatcher.
+
+        Introduce compiler define for MinGW, to have COMPILER(MINGW).
+
+        * wtf/Platform.h:
+
+2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Make Machine per-JSGlobalData.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitOpcode):
+        * VM/Machine.cpp:
+        (KJS::callEval):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::throwException):
+        (KJS::Machine::execute):
+        (KJS::Machine::debug):
+        * VM/Machine.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::evaluate):
+        * kjs/DebuggerCallFrame.h:
+        (KJS::DebuggerCallFrame::DebuggerCallFrame):
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        (KJS::ExecState::machine):
+        * kjs/JSFunction.cpp:
+        (KJS::JSFunction::callAsFunction):
+        (KJS::JSFunction::argumentsGetter):
+        (KJS::JSFunction::callerGetter):
+        (KJS::JSFunction::construct):
+        (KJS::globalFuncEval):
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-06-19  Alp Toker  <alp@nuanti.com>
+
+        GTK+/autotools build fix. JSGlobalObject.cpp in now in
+        AllInOneFile.cpp and shouldn't be built separately.
+
+        * GNUmakefile.am:
+
+2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Get rid of some threadInstance calls.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+        * kjs/Shell.cpp:
+        (jscmain):
+
+2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam.
+
+        Fix an assertion failure at startup.
+
+        * kjs/JSObject.h: (KJS::JSObject::JSObject): Allow jsNull prototype in an assertion (I had
+        it fixed in a wrong copy of the file, so I wasn't getting the failure).
+
+2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap):
+        (KJS::allocateBlock):
+        * kjs/collector.h:
+        No, #if PLATFORM(UNIX) was not right. I've just moved the unsafe initialization back for now,
+        as the platforms that use that code path do not use multiple threads yet.
+
+2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows and Qt build fixes.
+
+        * kjs/collector.h: 
+        * kjs/collector.cpp:
+        (KJS::Heap::Heap):
+        Wrapped m_pagesize in #if PLATFORM(UNIX), which should better match the sequence of #elifs
+        in allocateBlock(). Changed MIN_ARRAY_SIZE to be explicitly size_t, as this type is different
+        on different platforms.
+
+2008-06-17  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Prepare JavaScript heap for being per-thread.
+
+        * kjs/ExecState.h: Shuffle includes, making it possible to include ExecState.h in JSValue.h.
+        (KJS::ExecState::heap): Added an accessor.
+
+        * API/JSBase.cpp: (JSGarbageCollect): Collect both shared and per-thread heaps.
+
+        * API/JSContextRef.cpp: (JSGlobalContextCreate): When allocating JSGlobalObject, indicate
+        that it belongs to a shared heap.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+        Moved JSGlobalObject.cpp to AllInOneFile, as a build fix for inlineAllocate magic.
+
+        * VM/CodeGenerator.h: (KJS::CodeGenerator::globalExec): Added an accessor (working via
+        m_scopeChain).
+
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::mark):
+        * VM/RegisterFileStack.h:
+        (KJS::RegisterFileStack::mark):
+        Made these pseudo-mark functions take Heap*.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading): Initialize heap introspector.
+
+        * kjs/JSGlobalData.h: Added Heap to the structure.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData): Initialize Heap.
+        (KJS::JSGlobalData::sharedInstance): Added a method to access shared global data instance
+        for legacy clients.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject): Changed to work with per-thread head; fixed list
+        maintenance logic.
+        (KJS::JSGlobalObject::init): Changed to work with per-thread head.
+        (KJS::JSGlobalObject::put): Assert that a cross-heap operation is not being attempted.
+        (KJS::JSGlobalObject::reset): Pass ExecState* where now required.
+        (KJS::JSGlobalObject::mark): Pass the current heap to RegisterFileStack::mark.
+        (KJS::JSGlobalObject::operator new): Overload operator new to use per-thread or shared heap.
+        * kjs/JSGlobalObject.h: Removed static s_head member.
+
+        * kjs/PropertyMap.h: (KJS::PropertyMap::PropertyMap): Removed unused SavedProperty.
+
+        * kjs/collector.h: Turned Collector into an actual object with its own data, renamed to Heap.
+        (KJS::Heap::initializeHeapIntrospector): Added.
+        (KJS::Heap::heap): Added a method to determine which heap a JSValue is in, if any.
+        (KJS::Heap::allocate): Made non-static.
+        (KJS::Heap::inlineAllocateNumber): Ditto.
+        (KJS::Heap::markListSet): Ditto.
+        (KJS::Heap::cellBlock): Ditto.
+        (KJS::Heap::cellOffset): Ditto.
+        (KJS::Heap::isCellMarked): Ditto.
+        (KJS::Heap::markCell): Ditto.
+        (KJS::Heap::reportExtraMemoryCost): Ditto.
+        (KJS::CollectorBlock): Added a back-reference to Heap for Heap::heap() method.
+        (KJS::SmallCellCollectorBlock): Ditto.
+
+        * kjs/collector.cpp: Changed MIN_ARRAY_SIZE to a #define to avoid a PIC branch. Removed
+        main thread related machinery.
+        (KJS::Heap::Heap): Initialize the newly added data members.
+        (KJS::allocateBlock): Marked NEVER_INLINE, as this is a rare case that uses a PIC branch.
+        Moved static pagesize to the class to make it safely initialized.
+        (KJS::Heap::heapAllocate): Initialize heap back reference after a new block is allocated.
+        (KJS::Heap::registerThread): Removed introspector initialization, as it is now performed
+        in InitializeThreading.cpp.
+        (KJS::Heap::markOtherThreadConservatively): Assert that the "other thread" case only occurs
+        for legacy clients using a shared heap.
+        (KJS::Heap::markStackObjectsConservatively): Moved fastMallocForbid/Allow down here, since
+        it doesn't need to be forbidden during other GC phases.
+
+        * kjs/JSImmediate.h:
+        (KJS::jsUndefined):
+        (KJS::jsNull):
+        (KJS::jsBoolean):
+        Moved from JSvalue.h, to make these usable in files that cannot include JSValue.h (such
+        as list.h).
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        * JavaScriptCore.exp:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitLoad):
+        * VM/JSPropertyNameIterator.cpp:
+        (KJS::JSPropertyNameIterator::create):
+        (KJS::JSPropertyNameIterator::next):
+        * VM/Machine.cpp:
+        (KJS::jsAddSlowCase):
+        (KJS::jsAdd):
+        (KJS::jsTypeStringForValue):
+        (KJS::scopeChainForCall):
+        (KJS::Machine::throwException):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::retrieveArguments):
+        * kjs/ArrayPrototype.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayConstructor::ArrayConstructor):
+        (KJS::ArrayConstructor::construct):
+        (KJS::ArrayConstructor::callAsFunction):
+        * kjs/BooleanObject.cpp:
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::BooleanConstructor::BooleanConstructor):
+        (KJS::BooleanConstructor::construct):
+        * kjs/FunctionPrototype.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        (KJS::functionProtoFuncToString):
+        (KJS::FunctionConstructor::FunctionConstructor):
+        (KJS::FunctionConstructor::construct):
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject):
+        * kjs/JSArray.cpp:
+        (KJS::JSArray::JSArray):
+        (KJS::JSArray::lengthGetter):
+        * kjs/JSFunction.cpp:
+        (KJS::JSFunction::lengthGetter):
+        (KJS::JSFunction::construct):
+        (KJS::Arguments::Arguments):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::registerThread):
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::put):
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::Error::create):
+        * kjs/JSObject.h:
+        (KJS::JSObject::putDirect):
+        * kjs/JSString.h:
+        (KJS::JSString::JSString):
+        * kjs/JSValue.cpp:
+        (KJS::JSCell::operator new):
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        * kjs/JSValue.h:
+        (KJS::JSNumberCell::operator new):
+        (KJS::jsNumberCell):
+        (KJS::jsNaN):
+        (KJS::jsNumber):
+        (KJS::JSCell::marked):
+        (KJS::JSCell::mark):
+        (KJS::JSValue::toJSNumber):
+        * kjs/MathObject.cpp:
+        (KJS::MathObject::getValueProperty):
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/NumberObject.cpp:
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberConstructor::NumberConstructor):
+        (KJS::NumberConstructor::getValueProperty):
+        (KJS::NumberConstructor::construct):
+        (KJS::NumberConstructor::callAsFunction):
+        * kjs/RegExpObject.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpObject::getValueProperty):
+        (KJS::RegExpConstructor::RegExpConstructor):
+        (KJS::RegExpMatchesArray::fillArrayInstance):
+        (KJS::RegExpConstructor::arrayOfMatches):
+        (KJS::RegExpConstructor::getBackref):
+        (KJS::RegExpConstructor::getLastParen):
+        (KJS::RegExpConstructor::getLeftContext):
+        (KJS::RegExpConstructor::getRightContext):
+        (KJS::RegExpConstructor::getValueProperty):
+        (KJS::RegExpConstructor::construct):
+        * kjs/RegExpObject.h:
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+        (functionGC):
+        (functionRun):
+        (functionReadline):
+        (jscmain):
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::DatePrototype::DatePrototype):
+        (KJS::DateConstructor::DateConstructor):
+        (KJS::DateConstructor::construct):
+        (KJS::DateConstructor::callAsFunction):
+        (KJS::DateFunction::DateFunction):
+        (KJS::DateFunction::callAsFunction):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::errorProtoFuncToString):
+        (KJS::ErrorConstructor::ErrorConstructor):
+        (KJS::ErrorConstructor::construct):
+        (KJS::NativeErrorPrototype::NativeErrorPrototype):
+        (KJS::NativeErrorConstructor::NativeErrorConstructor):
+        (KJS::NativeErrorConstructor::construct):
+        * kjs/identifier.h:
+        * kjs/internal.cpp:
+        (KJS::StringObject::create):
+        (KJS::JSString::lengthGetter):
+        (KJS::JSString::indexGetter):
+        (KJS::JSString::indexNumericPropertyGetter):
+        * kjs/interpreter.cpp:
+        * kjs/list.cpp:
+        (KJS::ArgList::slowAppend):
+        * kjs/list.h:
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::cacheGlobalObject):
+        * kjs/nodes.cpp:
+        (KJS::Node::emitThrowError):
+        (KJS::StringNode::emitCode):
+        (KJS::ArrayNode::emitCode):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::makeFunction):
+        * kjs/nodes.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectConstructor::ObjectConstructor):
+        (KJS::ObjectConstructor::construct):
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        * kjs/string_object.cpp:
+        (KJS::StringObject::StringObject):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::replace):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringConstructor::StringConstructor):
+        (KJS::StringConstructor::construct):
+        (KJS::StringConstructor::callAsFunction):
+        (KJS::StringConstructorFunction::StringConstructorFunction):
+        (KJS::StringConstructorFunction::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+        * kjs/ustring.h:
+        Updated for the above changes.
+
+2008-06-17  Timothy Hatcher  <timothy@apple.com>
+
+        Added a type to DebuggerCallFrame so the under interface can
+        distinguish anonymous functions and program call frames.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19585
+
+        Reviewed by Geoff Garen.
+
+        * JavaScriptCore.exp: Export the DebuggerCallFrame::type symbol.
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::type): Added.
+        * kjs/DebuggerCallFrame.h:
+
+2008-06-17  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Tim H.
+        
+        Remove bogus ASSERT which tripped every time for those who use PAC files.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+
+2008-06-17  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/5951534> JSProfiler: Don't profile console.profile()
+        or console.profileEnd()
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::stopProfiling): Moved the creation of the (idle) node to
+        the Profile (not ProfileNode).  This makes sense since the Profile
+        should be the one to modify the profile tree.  Also each stopProfiling()
+        does not need to check if it's the head node anymore.  Also fixed an
+        oddity where I was using willExecute to create the node.
+        (KJS::Profile::removeProfileStart): Removes the call to console.profile
+        that started this profile.
+        (KJS::Profile::removeProfileEnd): Removes the call to console.profileEnd
+        that ended this profile.
+        * profiler/Profile.h:
+        * profiler/ProfileNode.cpp: Moved the creation of the (idle) node to
+        the Profile object.
+        (KJS::ProfileNode::stopProfiling):
+        * profiler/ProfileNode.h: Added some helper functions and whitespace to
+        facilitate readability and the removal of profile() and profileEnd()
+        from the Profile tree.
+        (KJS::CallIdentifier::operator const char* ):
+        (KJS::ProfileNode::firstChild):
+        (KJS::ProfileNode::lastChild):
+        (KJS::ProfileNode::removeChild):
+        (KJS::ProfileNode::toString):
+
+2008-06-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Rubber stamped by Adam Roben.
+
+        Include JSGlobalObject.h to fix the build.
+
+        * kjs/ScopeChain.cpp:
+
+2008-06-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Reduce code duplication in emitReadModifyAssignment().
+
+        * kjs/nodes.cpp:
+        (KJS::emitReadModifyAssignment):
+
+2008-06-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Sort includes alphabetically.
+
+        * kjs/nodes.cpp:
+
+2008-06-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 19596: LEAK: Gmail leaks SegmentedVector<RegisterID>
+        <https://bugs.webkit.org/show_bug.cgi?id=19596>
+
+        When growing SegmentedVector, we start adding segments at the position
+        of the last segment, overwriting it. The destructor frees allocated
+        segments starting at the segment of index 1, because the segment of
+        index 0 is assumed to be the initial inline segment. This causes a leak
+        of the segment that is referenced by index 0. Modifying grow() so that
+        it starts adding segments at the position after the last segment fixes
+        the leak.
+
+        Since the initial segment is a special case in the lookup code, this
+        bug never manifested itself via incorrect results.
+
+        * VM/SegmentedVector.h:
+        (KJS::SegmentedVector::grow):
+
+2008-06-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey.
+        
+        - removed nearly unused types.h and LocalStorageEntry.h headers
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/ExecState.h:
+        * kjs/LocalStorageEntry.h: Removed.
+        * kjs/RegExpObject.cpp:
+        * kjs/error_object.cpp:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/types.h: Removed.
+
+2008-06-16  Alp Toker  <alp@nuanti.com>
+
+        Rubber-stamped by Geoff.
+
+        Change c++ to c in minidom and testapi emacs mode line comments.
+
+        * API/Node.h:
+        * API/NodeList.c:
+        * API/NodeList.h:
+        * API/testapi.c:
+
+2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Trying to fix Windows build.
+
+        * kjs/PropertyNameArray.h:
+        * kjs/identifier.cpp:
+        Include ExecState.h
+
+2008-06-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Slight cleanup to the SymbolTableEntry class.
+        
+        Renamed isEmpty to isNull, since we usually use "empty" to mean "holds
+        the valid, empty value", and "null" to mean "holds no value".
+        
+        Changed an "== 0" to a "!", to match our style guidelines.
+        
+        Added some ASSERTs to verify the (possibly questionable) assumption that
+        all register indexes will have their high two bits set. Also clarified a
+        comment to make that assumption clear.
+
+2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Initialize functionQueueMutex in a safe manner.
+
+        * wtf/MainThread.cpp:
+        (WTF::functionQueueMutex): Made it an AtomicallyInitializedStatic.
+
+        (WTF::dispatchFunctionsFromMainThread):
+        (WTF::setMainThreadCallbacksPaused):
+        Assert that the current thread is main, meaning that the callbacksPaused static can be
+        accessed.
+
+2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Make Identifier construction use an explicitly passed IdentifierTable.
+
+        No change on SunSpider total.
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::getPropertyNames):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
+        (JSObjectCopyPropertyNames):
+        * JavaScriptCore.exp:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::registerForLocal):
+        (KJS::CodeGenerator::isLocal):
+        (KJS::CodeGenerator::addConstant):
+        (KJS::CodeGenerator::findScopedProperty):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::globalData):
+        (KJS::CodeGenerator::propertyNames):
+        * VM/JSPropertyNameIterator.cpp:
+        (KJS::JSPropertyNameIterator::create):
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException):
+        (KJS::Machine::privateExecute):
+        * kjs/ArrayPrototype.cpp:
+        (KJS::ArrayConstructor::ArrayConstructor):
+        * kjs/BooleanObject.cpp:
+        (KJS::BooleanConstructor::BooleanConstructor):
+        * kjs/FunctionPrototype.cpp:
+        (KJS::FunctionConstructor::FunctionConstructor):
+        (KJS::FunctionConstructor::construct):
+        * kjs/JSArray.cpp:
+        (KJS::JSArray::inlineGetOwnPropertySlot):
+        (KJS::JSArray::put):
+        (KJS::JSArray::deleteProperty):
+        (KJS::JSArray::getPropertyNames):
+        * kjs/JSFunction.cpp:
+        (KJS::Arguments::Arguments):
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::getOwnPropertySlot):
+        (KJS::JSObject::put):
+        (KJS::JSObject::putWithAttributes):
+        (KJS::JSObject::deleteProperty):
+        (KJS::JSObject::findPropertyHashEntry):
+        (KJS::JSObject::getPropertyNames):
+        (KJS::Error::create):
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames):
+        * kjs/NumberObject.cpp:
+        (KJS::NumberConstructor::NumberConstructor):
+        * kjs/PropertyNameArray.cpp:
+        (KJS::PropertyNameArray::add):
+        * kjs/PropertyNameArray.h:
+        (KJS::PropertyNameArray::PropertyNameArray):
+        (KJS::PropertyNameArray::addKnownUnique):
+        * kjs/PropertySlot.h:
+        (KJS::PropertySlot::getValue):
+        * kjs/RegExpObject.cpp:
+        (KJS::RegExpConstructor::RegExpConstructor):
+        * kjs/ScopeChain.cpp:
+        (KJS::ScopeChainNode::print):
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+        * kjs/date_object.cpp:
+        (KJS::DateConstructor::DateConstructor):
+        * kjs/error_object.cpp:
+        (KJS::ErrorConstructor::ErrorConstructor):
+        (KJS::NativeErrorConstructor::NativeErrorConstructor):
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add):
+        (KJS::Identifier::addSlowCase):
+        * kjs/identifier.h:
+        (KJS::Identifier::Identifier):
+        (KJS::Identifier::from):
+        (KJS::Identifier::equal):
+        (KJS::Identifier::add):
+        (KJS::operator==):
+        (KJS::operator!=):
+        * kjs/internal.cpp:
+        (KJS::JSString::getOwnPropertySlot):
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::lex):
+        (KJS::Lexer::makeIdentifier):
+        * kjs/lexer.h:
+        * kjs/lookup.cpp:
+        (KJS::HashTable::createTable):
+        * kjs/lookup.h:
+        (KJS::HashTable::initializeIfNeeded):
+        (KJS::HashTable::entry):
+        (KJS::getStaticPropertySlot):
+        (KJS::getStaticFunctionSlot):
+        (KJS::getStaticValueSlot):
+        (KJS::lookupPut):
+        * kjs/object_object.cpp:
+        (KJS::objectProtoFuncHasOwnProperty):
+        (KJS::objectProtoFuncDefineGetter):
+        (KJS::objectProtoFuncDefineSetter):
+        (KJS::objectProtoFuncLookupGetter):
+        (KJS::objectProtoFuncLookupSetter):
+        (KJS::objectProtoFuncPropertyIsEnumerable):
+        (KJS::ObjectConstructor::ObjectConstructor):
+        * kjs/string_object.cpp:
+        (KJS::StringObject::getOwnPropertySlot):
+        (KJS::StringObject::getPropertyNames):
+        (KJS::StringConstructor::StringConstructor):
+        Just pass ExecState or JSGlobalData everywhere. Identifier construction is now always
+        explicit.
+
+        * kjs/nodes.cpp: (KJS::RegExpNode::emitCode): Here, Identifier was created from a non-literal
+        char*, which was incorrect, as that uses the pointer value as a key.
+
+2008-06-16  Thiago Macieira  <tjmaciei@trolltech.com>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19577
+
+        Fix compilation in C++ environments where C99 headers are not present
+
+        The stdbool.h header is a C99 feature, defining the "_Bool" type as well as the
+        "true" and "false" constants. But it's completely unnecessary in C++ as the
+        language already defines the "bool" type and its two values.
+
+        * API/JSBase.h:
+        * API/JSContextRef.h:
+        * API/JSObjectRef.h:
+        * API/JSStringRef.h:
+        * API/JSValueRef.h:
+
+2008-06-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/6012509> JSProfiler: %s are incorrect if you exclude a
+        top level node like (idle)
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::focus):
+        (KJS::Profile::exclude): Subtract the selfTime from the totalTime of the
+        head since its self time will only be non-zero when one of its children
+        were excluded. Since the head's totalTime is used to calculate %s when
+        its totalTime is the same as the sum of all its visible childrens' times
+        their %s will sum to 100%.
+
+2008-06-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the profiler.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::willExecute):
+
+2008-06-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
+        profiler.
+        - Remove the last of the uses of recursion in the profiler.
+
+        * JavaScriptCore.exp: Export the new function's signature.
+        * profiler/Profile.cpp: 
+        (KJS::calculateVisibleTotalTime): Added a new static method for
+        recalculating the visibleTotalTime of methods after focus has changed
+        which are visible.
+        (KJS::stopProfiling): 
+        (KJS::Profile::focus): Implemented focus without recursion.
+        * profiler/Profile.h: Moved implementation into the definition file.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::traverseNextNodePreOrder): Added an argument for
+        whether or not to process the children nodes, this allows focus to skip
+        sub trees which have been set as not visible.
+        (KJS::ProfileNode::calculateVisibleTotalTime): This function set's a
+        node's total visible time to the sum of its self time and its children's
+        total times.
+        (KJS::ProfileNode::focus): Implemented focus without recursion.
+        * profiler/ProfileNode.h:
+        (KJS::CallIdentifier::operator!= ):
+        (KJS::ProfileNode::setActualTotalTime): Expanded setting the total time
+        so that focus could modify only the visible total time.
+        (KJS::ProfileNode::setVisibleTotalTime):
+
+2008-06-16  Christian Dywan  <christian@twotoasts.de>
+
+        Reviewed by Sam.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19552
+        JavaScriptCore headers use C++ style comments
+
+        Replace all C++ style comments with C style multiline
+        comments and remove all "mode" lines.
+
+        * API/JSBase.h:
+        * API/JSClassRef.h:
+        * API/JSContextRef.h:
+        * API/JSObjectRef.h:
+        * API/JSStringRef.h:
+        * API/JSStringRefBSTR.h:
+        * API/JSStringRefCF.h:
+        * API/JSValueRef.h:
+        * API/JavaScript.h:
+        * API/JavaScriptCore.h:
+
+2008-06-16  Christian Dywan  <christian@twotoasts.de>
+
+        Reviewed by Sam.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19557
+        (JavaScriptCore) minidom uses C++ style comments
+
+        Use only C style comments in minidom sources
+
+        * API/JSNode.c:
+        (JSNode_appendChild):
+        (JSNode_removeChild):
+        * API/JSNode.h:
+        * API/JSNodeList.c:
+        (JSNodeList_getProperty):
+        * API/JSNodeList.h:
+        * API/Node.c:
+        * API/Node.h:
+        * API/NodeList.c:
+        (NodeList_new):
+        (NodeList_item):
+        * API/NodeList.h:
+        * API/minidom.c:
+        (createStringWithContentsOfFile):
+        * wtf/Assertions.h:
+        * wtf/UnusedParam.h:
+
+2008-06-16  Adriaan de Groot  <groot@kde.org>
+
+        Reviewed by Simon.
+
+        Fix compilation on Solaris
+
+        On some systems, munmap takes a char* instead of a void* (contrary to POSIX and
+        Single Unix Specification). Since you can always convert from char* to void*
+        but not vice-versa, do the casting to char*.
+
+        * kjs/collector.cpp:
+        (KJS::allocateBlock):
+        (KJS::freeBlock):
+
+2008-06-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Make a UnaryOpNode class to reduce boilerplate code for UnaryPlusNode,
+        NegateNode, BitwiseNotNode, and LogicalNotNode.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::emitToJSNumber):
+        * kjs/nodes.cpp:
+        (KJS::UnaryOpNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::UnaryOpNode::UnaryOpNode):
+        (KJS::UnaryPlusNode::):
+        (KJS::NegateNode::):
+        (KJS::NegateNode::precedence):
+        (KJS::BitwiseNotNode::):
+        (KJS::BitwiseNotNode::precedence):
+        (KJS::LogicalNotNode::):
+        (KJS::LogicalNotNode::precedence):
+
+2008-06-16  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix
+
+        * GNUmakefile.am:
+
+2008-06-15  Darin Adler  <darin@apple.com>
+
+        - rename KJS::List to KJS::ArgList
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::construct):
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::callAsFunction):
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::construct):
+        (KJS::::callAsFunction):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/ArrayPrototype.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncReverse):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSort):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayConstructor::construct):
+        (KJS::ArrayConstructor::callAsFunction):
+        * kjs/ArrayPrototype.h:
+        * kjs/BooleanObject.cpp:
+        (KJS::booleanProtoFuncToString):
+        (KJS::booleanProtoFuncValueOf):
+        (KJS::BooleanConstructor::construct):
+        (KJS::BooleanConstructor::callAsFunction):
+        * kjs/BooleanObject.h:
+        * kjs/CommonIdentifiers.h:
+        * kjs/ExecState.h:
+        (KJS::ExecState::emptyList):
+        * kjs/FunctionPrototype.cpp:
+        (KJS::FunctionPrototype::callAsFunction):
+        (KJS::functionProtoFuncToString):
+        (KJS::functionProtoFuncApply):
+        (KJS::functionProtoFuncCall):
+        (KJS::FunctionConstructor::construct):
+        (KJS::FunctionConstructor::callAsFunction):
+        * kjs/FunctionPrototype.h:
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject):
+        * kjs/JSArray.cpp:
+        (KJS::JSArray::JSArray):
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        * kjs/JSArray.h:
+        * kjs/JSFunction.cpp:
+        (KJS::JSFunction::callAsFunction):
+        (KJS::JSFunction::construct):
+        (KJS::IndexToNameMap::IndexToNameMap):
+        (KJS::Arguments::Arguments):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::globalFuncEval):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncIsNaN):
+        (KJS::globalFuncIsFinite):
+        (KJS::globalFuncDecodeURI):
+        (KJS::globalFuncDecodeURIComponent):
+        (KJS::globalFuncEncodeURI):
+        (KJS::globalFuncEncodeURIComponent):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::globalFuncKJSPrint):
+        (KJS::PrototypeFunction::callAsFunction):
+        (KJS::PrototypeReflexiveFunction::callAsFunction):
+        * kjs/JSFunction.h:
+        * kjs/JSGlobalData.h:
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+        * kjs/JSNotAnObject.cpp:
+        (KJS::JSNotAnObject::construct):
+        (KJS::JSNotAnObject::callAsFunction):
+        * kjs/JSNotAnObject.h:
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::put):
+        (KJS::JSObject::construct):
+        (KJS::JSObject::callAsFunction):
+        (KJS::Error::create):
+        * kjs/JSObject.h:
+        * kjs/MathObject.cpp:
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/MathObject.h:
+        * kjs/NumberObject.cpp:
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncValueOf):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberConstructor::construct):
+        (KJS::NumberConstructor::callAsFunction):
+        * kjs/NumberObject.h:
+        * kjs/RegExpObject.cpp:
+        (KJS::regExpProtoFuncTest):
+        (KJS::regExpProtoFuncExec):
+        (KJS::regExpProtoFuncCompile):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpObject::match):
+        (KJS::RegExpObject::test):
+        (KJS::RegExpObject::exec):
+        (KJS::RegExpObject::callAsFunction):
+        (KJS::RegExpConstructor::construct):
+        (KJS::RegExpConstructor::callAsFunction):
+        * kjs/RegExpObject.h:
+        * kjs/Shell.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionGC):
+        (functionVersion):
+        (functionRun):
+        (functionLoad):
+        (functionReadline):
+        (functionQuit):
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        (KJS::Collector::markListSet):
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::fillStructuresUsingTimeArgs):
+        (KJS::fillStructuresUsingDateArgs):
+        (KJS::DateConstructor::construct):
+        (KJS::DateConstructor::callAsFunction):
+        (KJS::DateFunction::callAsFunction):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetMilliSeconds):
+        (KJS::dateProtoFuncSetUTCMilliseconds):
+        (KJS::dateProtoFuncSetSeconds):
+        (KJS::dateProtoFuncSetUTCSeconds):
+        (KJS::dateProtoFuncSetMinutes):
+        (KJS::dateProtoFuncSetUTCMinutes):
+        (KJS::dateProtoFuncSetHours):
+        (KJS::dateProtoFuncSetUTCHours):
+        (KJS::dateProtoFuncSetDate):
+        (KJS::dateProtoFuncSetUTCDate):
+        (KJS::dateProtoFuncSetMonth):
+        (KJS::dateProtoFuncSetUTCMonth):
+        (KJS::dateProtoFuncSetFullYear):
+        (KJS::dateProtoFuncSetUTCFullYear):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/date_object.h:
+        * kjs/debugger.h:
+        * kjs/error_object.cpp:
+        (KJS::errorProtoFuncToString):
+        (KJS::ErrorConstructor::construct):
+        (KJS::ErrorConstructor::callAsFunction):
+        (KJS::NativeErrorConstructor::construct):
+        (KJS::NativeErrorConstructor::callAsFunction):
+        * kjs/error_object.h:
+        * kjs/internal.cpp:
+        (KJS::JSNumberCell::toObject):
+        (KJS::JSNumberCell::toThisObject):
+        * kjs/list.cpp:
+        (KJS::ArgList::getSlice):
+        (KJS::ArgList::markLists):
+        (KJS::ArgList::slowAppend):
+        * kjs/list.h:
+        (KJS::ArgList::ArgList):
+        (KJS::ArgList::~ArgList):
+        * kjs/object_object.cpp:
+        (KJS::objectProtoFuncValueOf):
+        (KJS::objectProtoFuncHasOwnProperty):
+        (KJS::objectProtoFuncIsPrototypeOf):
+        (KJS::objectProtoFuncDefineGetter):
+        (KJS::objectProtoFuncDefineSetter):
+        (KJS::objectProtoFuncLookupGetter):
+        (KJS::objectProtoFuncLookupSetter):
+        (KJS::objectProtoFuncPropertyIsEnumerable):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectConstructor::construct):
+        (KJS::ObjectConstructor::callAsFunction):
+        * kjs/object_object.h:
+        * kjs/string_object.cpp:
+        (KJS::replace):
+        (KJS::stringProtoFuncToString):
+        (KJS::stringProtoFuncValueOf):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringConstructor::construct):
+        (KJS::StringConstructor::callAsFunction):
+        (KJS::StringConstructorFunction::callAsFunction):
+        * kjs/string_object.h:
+
+2008-06-15  Darin Adler  <darin@apple.com>
+
+        - new names for more JavaScriptCore files
+
+        * API/JSCallbackFunction.cpp:
+        * API/JSObjectRef.cpp:
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArrayPrototype.cpp: Copied from JavaScriptCore/kjs/array_object.cpp.
+        * kjs/ArrayPrototype.h: Copied from JavaScriptCore/kjs/array_object.h.
+        * kjs/BooleanObject.cpp: Copied from JavaScriptCore/kjs/bool_object.cpp.
+        * kjs/BooleanObject.h: Copied from JavaScriptCore/kjs/bool_object.h.
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h:
+        * kjs/FunctionPrototype.cpp: Copied from JavaScriptCore/kjs/function_object.cpp.
+        * kjs/FunctionPrototype.h: Copied from JavaScriptCore/kjs/function_object.h.
+        * kjs/JSArray.cpp: Copied from JavaScriptCore/kjs/array_instance.cpp.
+        * kjs/JSArray.h: Copied from JavaScriptCore/kjs/array_instance.h.
+        * kjs/JSFunction.cpp:
+        * kjs/JSFunction.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSImmediate.cpp:
+        * kjs/JSObject.h:
+        * kjs/JSString.h:
+        * kjs/JSValue.h:
+        * kjs/JSVariableObject.cpp:
+        * kjs/MathObject.cpp: Copied from JavaScriptCore/kjs/math_object.cpp.
+        * kjs/MathObject.h: Copied from JavaScriptCore/kjs/math_object.h.
+        * kjs/NumberObject.cpp: Copied from JavaScriptCore/kjs/number_object.cpp.
+        * kjs/NumberObject.h: Copied from JavaScriptCore/kjs/number_object.h.
+        * kjs/PropertyMap.cpp: Copied from JavaScriptCore/kjs/property_map.cpp.
+        * kjs/PropertyMap.h: Copied from JavaScriptCore/kjs/property_map.h.
+        * kjs/PropertySlot.cpp: Copied from JavaScriptCore/kjs/property_slot.cpp.
+        * kjs/PropertySlot.h: Copied from JavaScriptCore/kjs/property_slot.h.
+        * kjs/RegExpObject.cpp: Copied from JavaScriptCore/kjs/regexp_object.cpp.
+        * kjs/RegExpObject.h: Copied from JavaScriptCore/kjs/regexp_object.h.
+        * kjs/ScopeChain.cpp: Copied from JavaScriptCore/kjs/scope_chain.cpp.
+        * kjs/ScopeChain.h: Copied from JavaScriptCore/kjs/scope_chain.h.
+        * kjs/ScopeChainMark.h: Copied from JavaScriptCore/kjs/scope_chain_mark.h.
+        * kjs/Shell.cpp:
+        * kjs/array_instance.cpp: Removed.
+        * kjs/array_instance.h: Removed.
+        * kjs/array_object.cpp: Removed.
+        * kjs/array_object.h: Removed.
+        * kjs/bool_object.cpp: Removed.
+        * kjs/bool_object.h: Removed.
+        * kjs/error_object.h:
+        * kjs/function_object.cpp: Removed.
+        * kjs/function_object.h: Removed.
+        * kjs/internal.cpp:
+        * kjs/math_object.cpp: Removed.
+        * kjs/math_object.h: Removed.
+        * kjs/nodes.cpp:
+        * kjs/number_object.cpp: Removed.
+        * kjs/number_object.h: Removed.
+        * kjs/object_object.cpp:
+        * kjs/property_map.cpp: Removed.
+        * kjs/property_map.h: Removed.
+        * kjs/property_slot.cpp: Removed.
+        * kjs/property_slot.h: Removed.
+        * kjs/regexp_object.cpp: Removed.
+        * kjs/regexp_object.h: Removed.
+        * kjs/scope_chain.cpp: Removed.
+        * kjs/scope_chain.h: Removed.
+        * kjs/scope_chain_mark.h: Removed.
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+
+2008-06-15  Darin Adler  <darin@apple.com>
+
+        - new names for a few key JavaScriptCore files
+
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * API/JSClassRef.h:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSStringRef.cpp:
+        * API/JSStringRefCF.cpp:
+        * API/JSValueRef.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CodeBlock.cpp:
+        * VM/CodeGenerator.cpp:
+        * VM/ExceptionHelpers.cpp:
+        * VM/ExceptionHelpers.h:
+        * VM/JSPropertyNameIterator.cpp:
+        * VM/JSPropertyNameIterator.h:
+        * VM/Machine.cpp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/DateMath.cpp:
+        * kjs/DebuggerCallFrame.cpp:
+        * kjs/ExecState.cpp:
+        * kjs/JSActivation.cpp:
+        * kjs/JSFunction.cpp: Copied from JavaScriptCore/kjs/function.cpp.
+        * kjs/JSFunction.h: Copied from JavaScriptCore/kjs/function.h.
+        * kjs/JSImmediate.cpp:
+        * kjs/JSNotAnObject.h:
+        * kjs/JSObject.cpp: Copied from JavaScriptCore/kjs/object.cpp.
+        * kjs/JSObject.h: Copied from JavaScriptCore/kjs/object.h.
+        * kjs/JSString.h: Copied from JavaScriptCore/kjs/internal.h.
+        * kjs/JSValue.cpp: Copied from JavaScriptCore/kjs/value.cpp.
+        * kjs/JSValue.h: Copied from JavaScriptCore/kjs/value.h.
+        * kjs/JSVariableObject.h:
+        * kjs/JSWrapperObject.h:
+        * kjs/Shell.cpp:
+        * kjs/SymbolTable.h:
+        * kjs/array_instance.h:
+        * kjs/collector.cpp:
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        * kjs/function.cpp: Removed.
+        * kjs/function.h: Removed.
+        * kjs/function_object.cpp:
+        * kjs/function_object.h:
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        * kjs/internal.h: Removed.
+        * kjs/lexer.cpp:
+        * kjs/list.h:
+        * kjs/lookup.h:
+        * kjs/nodes.h:
+        * kjs/object.cpp: Removed.
+        * kjs/object.h: Removed.
+        * kjs/object_object.h:
+        * kjs/operations.cpp:
+        * kjs/property_map.cpp:
+        * kjs/property_slot.cpp:
+        * kjs/property_slot.h:
+        * kjs/protect.h:
+        * kjs/regexp_object.cpp:
+        * kjs/scope_chain.cpp:
+        * kjs/string_object.h:
+        * kjs/ustring.cpp:
+        * kjs/value.cpp: Removed.
+        * kjs/value.h: Removed.
+        * profiler/Profile.cpp:
+        * profiler/Profiler.cpp:
+
+2008-06-15  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Sam.
+
+        - cut down on confusing uses of "Object" and "Imp" in
+          JavaScriptCore class names
+
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::JSCallbackFunction):
+        * API/JSCallbackFunction.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/ExecState.h:
+        (KJS::ExecState::regExpTable):
+        (KJS::ExecState::regExpConstructorTable):
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::~JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::objectConstructor):
+        (KJS::JSGlobalObject::functionConstructor):
+        (KJS::JSGlobalObject::arrayConstructor):
+        (KJS::JSGlobalObject::booleanConstructor):
+        (KJS::JSGlobalObject::stringConstructor):
+        (KJS::JSGlobalObject::numberConstructor):
+        (KJS::JSGlobalObject::dateConstructor):
+        (KJS::JSGlobalObject::regExpConstructor):
+        (KJS::JSGlobalObject::errorConstructor):
+        (KJS::JSGlobalObject::evalErrorConstructor):
+        (KJS::JSGlobalObject::rangeErrorConstructor):
+        (KJS::JSGlobalObject::referenceErrorConstructor):
+        (KJS::JSGlobalObject::syntaxErrorConstructor):
+        (KJS::JSGlobalObject::typeErrorConstructor):
+        (KJS::JSGlobalObject::URIErrorConstructor):
+        * kjs/array_object.cpp:
+        (KJS::ArrayConstructor::ArrayConstructor):
+        (KJS::ArrayConstructor::getConstructData):
+        (KJS::ArrayConstructor::construct):
+        (KJS::ArrayConstructor::callAsFunction):
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        (KJS::BooleanObject::BooleanObject):
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::booleanProtoFuncValueOf):
+        (KJS::BooleanConstructor::BooleanConstructor):
+        (KJS::BooleanConstructor::getConstructData):
+        (KJS::BooleanConstructor::construct):
+        (KJS::BooleanConstructor::callAsFunction):
+        * kjs/bool_object.h:
+        * kjs/date_object.cpp:
+        (KJS::DatePrototype::DatePrototype):
+        (KJS::DateConstructor::DateConstructor):
+        (KJS::DateConstructor::getConstructData):
+        (KJS::DateConstructor::construct):
+        (KJS::DateConstructor::callAsFunction):
+        (KJS::DateFunction::DateFunction):
+        (KJS::DateFunction::callAsFunction):
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::ErrorConstructor::ErrorConstructor):
+        (KJS::ErrorConstructor::getConstructData):
+        (KJS::ErrorConstructor::construct):
+        (KJS::ErrorConstructor::callAsFunction):
+        (KJS::NativeErrorConstructor::NativeErrorConstructor):
+        (KJS::NativeErrorConstructor::getConstructData):
+        (KJS::NativeErrorConstructor::construct):
+        (KJS::NativeErrorConstructor::callAsFunction):
+        (KJS::NativeErrorConstructor::mark):
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        (KJS::JSFunction::JSFunction):
+        (KJS::JSFunction::mark):
+        (KJS::JSFunction::getOwnPropertySlot):
+        (KJS::JSFunction::put):
+        (KJS::JSFunction::deleteProperty):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        (KJS::PrototypeReflexiveFunction::mark):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (KJS::functionProtoFuncToString):
+        (KJS::FunctionConstructor::FunctionConstructor):
+        (KJS::FunctionConstructor::getConstructData):
+        (KJS::FunctionConstructor::construct):
+        (KJS::FunctionConstructor::callAsFunction):
+        * kjs/function_object.h:
+        * kjs/internal.cpp:
+        (KJS::StringObject::create):
+        (KJS::JSString::toObject):
+        (KJS::JSString::toThisObject):
+        (KJS::JSString::getOwnPropertySlot):
+        (KJS::InternalFunction::InternalFunction):
+        (KJS::InternalFunction::getCallData):
+        (KJS::InternalFunction::implementsHasInstance):
+        * kjs/math_object.cpp:
+        (KJS::MathObject::MathObject):
+        (KJS::MathObject::getOwnPropertySlot):
+        (KJS::MathObject::getValueProperty):
+        * kjs/math_object.h:
+        * kjs/number_object.cpp:
+        (KJS::NumberObject::NumberObject):
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncValueOf):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberConstructor::NumberConstructor):
+        (KJS::NumberConstructor::getOwnPropertySlot):
+        (KJS::NumberConstructor::getValueProperty):
+        (KJS::NumberConstructor::getConstructData):
+        (KJS::NumberConstructor::construct):
+        (KJS::NumberConstructor::callAsFunction):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::putDirectFunction):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectConstructor::ObjectConstructor):
+        (KJS::ObjectConstructor::getConstructData):
+        (KJS::ObjectConstructor::construct):
+        (KJS::ObjectConstructor::callAsFunction):
+        * kjs/object_object.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        * kjs/regexp_object.cpp:
+        (KJS::regExpProtoFuncTest):
+        (KJS::regExpProtoFuncExec):
+        (KJS::regExpProtoFuncCompile):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpObject::RegExpObject):
+        (KJS::RegExpObject::~RegExpObject):
+        (KJS::RegExpObject::getOwnPropertySlot):
+        (KJS::RegExpObject::getValueProperty):
+        (KJS::RegExpObject::put):
+        (KJS::RegExpObject::putValueProperty):
+        (KJS::RegExpObject::match):
+        (KJS::RegExpObject::test):
+        (KJS::RegExpObject::exec):
+        (KJS::RegExpObject::getCallData):
+        (KJS::RegExpObject::callAsFunction):
+        (KJS::RegExpConstructorPrivate::RegExpConstructorPrivate):
+        (KJS::RegExpConstructor::RegExpConstructor):
+        (KJS::RegExpConstructor::performMatch):
+        (KJS::RegExpMatchesArray::RegExpMatchesArray):
+        (KJS::RegExpMatchesArray::~RegExpMatchesArray):
+        (KJS::RegExpMatchesArray::fillArrayInstance):
+        (KJS::RegExpConstructor::arrayOfMatches):
+        (KJS::RegExpConstructor::getBackref):
+        (KJS::RegExpConstructor::getLastParen):
+        (KJS::RegExpConstructor::getLeftContext):
+        (KJS::RegExpConstructor::getRightContext):
+        (KJS::RegExpConstructor::getOwnPropertySlot):
+        (KJS::RegExpConstructor::getValueProperty):
+        (KJS::RegExpConstructor::put):
+        (KJS::RegExpConstructor::putValueProperty):
+        (KJS::RegExpConstructor::getConstructData):
+        (KJS::RegExpConstructor::construct):
+        (KJS::RegExpConstructor::callAsFunction):
+        (KJS::RegExpConstructor::input):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (KJS::StringObject::StringObject):
+        (KJS::StringObject::getOwnPropertySlot):
+        (KJS::StringObject::put):
+        (KJS::StringObject::deleteProperty):
+        (KJS::StringObject::getPropertyNames):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::StringPrototype::getOwnPropertySlot):
+        (KJS::replace):
+        (KJS::stringProtoFuncToString):
+        (KJS::stringProtoFuncValueOf):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringConstructor::StringConstructor):
+        (KJS::StringConstructor::getConstructData):
+        (KJS::StringConstructor::construct):
+        (KJS::StringConstructor::callAsFunction):
+        (KJS::StringConstructorFunction::StringConstructorFunction):
+        (KJS::StringConstructorFunction::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+        * profiler/Profiler.cpp:
+        (KJS::createCallIdentifier):
+
+2008-06-15  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Sam.
+
+        - use JS prefix and simpler names for basic JavaScriptCore types,
+          to complement JSValue and JSObject
+
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (KJS::jsLess):
+        (KJS::jsLessEq):
+        (KJS::jsAdd):
+        (KJS::callEval):
+        (KJS::Machine::execute):
+        (KJS::Machine::retrieveArguments):
+        (KJS::Machine::retrieveCaller):
+        (KJS::Machine::getCallFrame):
+        (KJS::Machine::getFunctionAndArguments):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::functionName):
+        * kjs/ExecState.h:
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject):
+        * kjs/array_instance.cpp:
+        (KJS::JSArray::checkConsistency):
+        (KJS::JSArray::JSArray):
+        (KJS::JSArray::~JSArray):
+        (KJS::JSArray::getItem):
+        (KJS::JSArray::lengthGetter):
+        (KJS::JSArray::inlineGetOwnPropertySlot):
+        (KJS::JSArray::getOwnPropertySlot):
+        (KJS::JSArray::put):
+        (KJS::JSArray::deleteProperty):
+        (KJS::JSArray::getPropertyNames):
+        (KJS::JSArray::increaseVectorLength):
+        (KJS::JSArray::setLength):
+        (KJS::JSArray::mark):
+        (KJS::JSArray::sort):
+        (KJS::JSArray::compactForSorting):
+        (KJS::JSArray::lazyCreationData):
+        (KJS::JSArray::setLazyCreationData):
+        * kjs/array_instance.h:
+        * kjs/array_object.cpp:
+        (KJS::ArrayPrototype::ArrayPrototype):
+        (KJS::ArrayPrototype::getOwnPropertySlot):
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncSort):
+        (KJS::ArrayObjectImp::construct):
+        * kjs/array_object.h:
+        * kjs/completion.h:
+        * kjs/function.cpp:
+        (KJS::JSFunction::JSFunction):
+        (KJS::JSFunction::mark):
+        (KJS::JSFunction::getCallData):
+        (KJS::JSFunction::callAsFunction):
+        (KJS::JSFunction::argumentsGetter):
+        (KJS::JSFunction::callerGetter):
+        (KJS::JSFunction::lengthGetter):
+        (KJS::JSFunction::getOwnPropertySlot):
+        (KJS::JSFunction::put):
+        (KJS::JSFunction::deleteProperty):
+        (KJS::JSFunction::getParameterName):
+        (KJS::JSFunction::getConstructData):
+        (KJS::JSFunction::construct):
+        (KJS::IndexToNameMap::IndexToNameMap):
+        (KJS::Arguments::Arguments):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (KJS::functionProtoFuncToString):
+        (KJS::functionProtoFuncApply):
+        (KJS::FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::JSString::toPrimitive):
+        (KJS::JSString::getPrimitiveNumber):
+        (KJS::JSString::toBoolean):
+        (KJS::JSString::toNumber):
+        (KJS::JSString::toString):
+        (KJS::StringInstance::create):
+        (KJS::JSString::toObject):
+        (KJS::JSString::toThisObject):
+        (KJS::JSString::lengthGetter):
+        (KJS::JSString::indexGetter):
+        (KJS::JSString::indexNumericPropertyGetter):
+        (KJS::JSString::getOwnPropertySlot):
+        (KJS::JSNumberCell::type):
+        (KJS::JSNumberCell::toPrimitive):
+        (KJS::JSNumberCell::getPrimitiveNumber):
+        (KJS::JSNumberCell::toBoolean):
+        (KJS::JSNumberCell::toNumber):
+        (KJS::JSNumberCell::toString):
+        (KJS::JSNumberCell::toObject):
+        (KJS::JSNumberCell::toThisObject):
+        (KJS::JSNumberCell::getUInt32):
+        (KJS::JSNumberCell::getTruncatedInt32):
+        (KJS::JSNumberCell::getTruncatedUInt32):
+        (KJS::GetterSetter::mark):
+        (KJS::GetterSetter::toPrimitive):
+        (KJS::GetterSetter::getPrimitiveNumber):
+        (KJS::GetterSetter::toBoolean):
+        (KJS::GetterSetter::toNumber):
+        (KJS::GetterSetter::toString):
+        (KJS::GetterSetter::toObject):
+        (KJS::GetterSetter::getOwnPropertySlot):
+        (KJS::GetterSetter::put):
+        (KJS::GetterSetter::toThisObject):
+        * kjs/internal.h:
+        (KJS::JSString::JSString):
+        (KJS::JSString::getStringPropertySlot):
+        * kjs/nodes.cpp:
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::makeFunction):
+        * kjs/nodes.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        (KJS::JSObject::deleteProperty):
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::JSObject::lookupGetter):
+        (KJS::JSObject::lookupSetter):
+        (KJS::JSObject::fillGetterPropertySlot):
+        * kjs/object.h:
+        (KJS::GetterSetter::GetterSetter):
+        * kjs/operations.cpp:
+        (KJS::equal):
+        (KJS::strictEqual):
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::containsGettersOrSetters):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpMatchesArray::getOwnPropertySlot):
+        (KJS::RegExpMatchesArray::put):
+        (KJS::RegExpMatchesArray::deleteProperty):
+        (KJS::RegExpMatchesArray::getPropertyNames):
+        (KJS::RegExpMatchesArray::RegExpMatchesArray):
+        (KJS::RegExpMatchesArray::fillArrayInstance):
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::StringInstance):
+        (KJS::replace):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        * kjs/string_object.h:
+        (KJS::StringInstance::internalValue):
+        * kjs/value.cpp:
+        (KJS::JSCell::getNumber):
+        (KJS::JSCell::getString):
+        (KJS::JSCell::getObject):
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        * kjs/value.h:
+        (KJS::JSNumberCell::JSNumberCell):
+        (KJS::jsNumberCell):
+        (KJS::JSValue::uncheckedGetNumber):
+        * profiler/Profiler.cpp:
+        (KJS::createCallIdentifier):
+        (KJS::createCallIdentifierFromFunctionImp):
+
+2008-06-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey.
+        
+        - add emitUnaryOp, emitNullaryOp and emitUnaryOpNoDst; use them
+        
+        This removes some boilerplate code and also reduces the number of
+        places that will need to be changed to do on-demand emit of
+        loads (and thus support k operands).
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitUnaryOp):
+        (KJS::CodeGenerator::emitNullaryOp):
+        (KJS::CodeGenerator::emitUnaryOpNoDst):
+        (KJS::CodeGenerator::emitPushScope):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::emitNewObject):
+        (KJS::CodeGenerator::emitNewArray):
+        (KJS::CodeGenerator::emitNot):
+        (KJS::CodeGenerator::emitBitNot):
+        (KJS::CodeGenerator::emitToJSNumber):
+        (KJS::CodeGenerator::emitNegate):
+        (KJS::CodeGenerator::emitInstanceOf):
+        (KJS::CodeGenerator::emitTypeOf):
+        (KJS::CodeGenerator::emitIn):
+        (KJS::CodeGenerator::emitReturn):
+        (KJS::CodeGenerator::emitEnd):
+        (KJS::CodeGenerator::emitGetPropertyNames):
+
+2008-06-15  Alp Toker  <alp@nuanti.com>
+
+        Rubber-stamped by Maciej.
+
+        Install 'jsc' application by default.
+
+        * GNUmakefile.am:
+
+2008-06-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - rename testkjs to jsc
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+        * JavaScriptCore.vcproj/jsc: Added.
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Copied from JavaScriptCore.vcproj/testkjs/testkjs.vcproj.
+        * JavaScriptCore.vcproj/testkjs: Removed.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Removed.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jscore.bkl:
+        * kjs/Shell.cpp: Copied from kjs/testkjs.cpp.
+        (main):
+        (printUsageStatement):
+        (jscmain):
+        * kjs/jsc.pro: Copied from kjs/testkjs.pro.
+        * kjs/testkjs.cpp: Removed.
+        * kjs/testkjs.pro: Removed.
+        * tests/mozilla/expected.html:
+        * tests/mozilla/js1_2/Array/tostring_1.js:
+        * tests/mozilla/js1_2/Array/tostring_2.js:
+        * tests/mozilla/jsDriver.pl:
+
+2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Mac build fix.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/nodes.h:
+
+2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Change the spelling of PrecMultiplicitave to PrecMultiplicative.
+
+        * kjs/nodes.h:
+        (KJS::MultNode::precedence):
+        (KJS::DivNode::precedence):
+        (KJS::ModNode::precedence):
+
+2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Remove unused preprocessor macros related to exceptions in the old
+        interpreter.
+
+        * kjs/nodes.cpp:
+
+2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 19484: More instructions needs to use temporary registers
+        <https://bugs.webkit.org/show_bug.cgi?id=19484>
+
+        Fix codegen for all binary operations so that temporaries are used if
+        necessary. This was done by making BinaryOpNode and ReverseBinaryOpNode
+        subclasses of ExpressionNode, and eliminating the custom emitCode()
+        methods for the individual node classes.
+
+        This only adds 3 new instructions to SunSpider code, and there is no
+        difference in SunSpider execution time.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitBitNot):
+        (KJS::CodeGenerator::emitBinaryOp):
+        * VM/CodeGenerator.h:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::BinaryOpNode::emitCode):
+        (KJS::ReverseBinaryOpNode::emitCode):
+        (KJS::emitReadModifyAssignment):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+        * kjs/nodes.h:
+        (KJS::BinaryOpNode::BinaryOpNode):
+        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
+        (KJS::MultNode::):
+        (KJS::DivNode::):
+        (KJS::DivNode::precedence):
+        (KJS::ModNode::):
+        (KJS::ModNode::precedence):
+        (KJS::AddNode::):
+        (KJS::AddNode::precedence):
+        (KJS::SubNode::):
+        (KJS::SubNode::precedence):
+        (KJS::LeftShiftNode::):
+        (KJS::LeftShiftNode::precedence):
+        (KJS::RightShiftNode::):
+        (KJS::RightShiftNode::precedence):
+        (KJS::UnsignedRightShiftNode::):
+        (KJS::UnsignedRightShiftNode::precedence):
+        (KJS::LessNode::):
+        (KJS::LessNode::precedence):
+        (KJS::GreaterNode::):
+        (KJS::GreaterNode::precedence):
+        (KJS::LessEqNode::):
+        (KJS::LessEqNode::precedence):
+        (KJS::GreaterEqNode::):
+        (KJS::GreaterEqNode::precedence):
+        (KJS::InstanceOfNode::):
+        (KJS::InstanceOfNode::precedence):
+        (KJS::InNode::):
+        (KJS::InNode::precedence):
+        (KJS::EqualNode::):
+        (KJS::EqualNode::precedence):
+        (KJS::NotEqualNode::):
+        (KJS::NotEqualNode::precedence):
+        (KJS::StrictEqualNode::):
+        (KJS::StrictEqualNode::precedence):
+        (KJS::NotStrictEqualNode::):
+        (KJS::NotStrictEqualNode::precedence):
+        (KJS::BitAndNode::):
+        (KJS::BitAndNode::precedence):
+        (KJS::BitOrNode::):
+        (KJS::BitOrNode::precedence):
+        (KJS::BitXOrNode::):
+        (KJS::BitXOrNode::precedence):
+        * kjs/nodes2string.cpp:
+        (KJS::LessNode::streamTo):
+        (KJS::GreaterNode::streamTo):
+        (KJS::LessEqNode::streamTo):
+        (KJS::GreaterEqNode::streamTo):
+        (KJS::InstanceOfNode::streamTo):
+        (KJS::InNode::streamTo):
+        (KJS::EqualNode::streamTo):
+        (KJS::NotEqualNode::streamTo):
+        (KJS::StrictEqualNode::streamTo):
+        (KJS::NotStrictEqualNode::streamTo):
+        (KJS::BitAndNode::streamTo):
+        (KJS::BitXOrNode::streamTo):
+        (KJS::BitOrNode::streamTo):
+
+2008-06-14  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Sam.
+
+        - rename a bunch of local symbols within the regular expression code to
+          follow our usual coding style, and do a few other name tweaks
+
+        * pcre/pcre_compile.cpp:
+        (CompileData::CompileData):
+        (checkEscape):
+        (readRepeatCounts):
+        (compileBranch):
+        (compileBracket):
+        (calculateCompiledPatternLength):
+        (returnError):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (MatchStack::MatchStack):
+        (MatchStack::canUseStackBufferForNextFrame):
+        (MatchStack::popCurrentFrame):
+        (match):
+        (tryFirstByteOptimization):
+        (tryRequiredByteOptimization):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Remove redundant uses of get().
+
+        * kjs/nodes.cpp:
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::AddNode::emitCode):
+        (KJS::SubNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+
+2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Make code generation not use a temporary for the left-hand side of an
+        expression if the right-hand side is a local variable.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::isLocal):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::leftHandSideNeedsCopy):
+        (KJS::CodeGenerator::emitNodeForLeftHandSide):
+        * kjs/nodes.cpp:
+        (KJS::ResolveNode::isPure):
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::AddNode::emitCode):
+        (KJS::SubNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::ExpressionNode::):
+        (KJS::BooleanNode::):
+        (KJS::NumberNode::):
+        (KJS::StringNode::):
+
+2008-06-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - more of https://bugs.webkit.org/show_bug.cgi?id=17257
+          start ref counts at 1 instead of 0 for speed
+
+        * kjs/nodes.cpp:
+        (KJS::ParserRefCounted::hasOneRef): Added. Replaces refcount.
+        * kjs/nodes.h: Replaced refcount with hasOneRef.
+
+        * wtf/ListRefPtr.h:
+        (WTF::ListRefPtr::~ListRefPtr): Changed to use hasOneRef instead of
+        refcount, so this class can be used with the RefCounted template.
+
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::hasOneRef): Made const, since there's no reason for
+        it to be non-const.
+
+2008-06-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - initialize local vars as side effect of call instead of in bytecode
+        1.004x speedup on SunSpider.
+
+        This removes just the dispatch overhead for these loads - in the
+        future, dead store elimination might be able to eliminate them
+        entirely.
+        
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator): For function blocks, don't
+        emit loads of undefined for var initialization.
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall): Instead, initialize locals
+        as part of the call.
+
+2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Remove helper functions in the parser that are no longer needed.
+
+        * kjs/grammar.y:
+
+2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19484: More instructions needs to use temporary registers
+        <https://bugs.webkit.org/show_bug.cgi?id=19484>
+
+        Make code generation for AddNode and SubNode use temporaries when
+        necessary.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::AddNode::emitCode):
+        (KJS::SubNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::AddNode::):
+        (KJS::SubNode::):
+
+2008-06-13  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Combine TrueNode and FalseNode to make BooleanNode, and remove the
+        unused class PlaceholderTrueNode.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::BooleanNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::BooleanNode::):
+        (KJS::BooleanNode::precedence):
+        * kjs/nodes2string.cpp:
+        (KJS::BooleanNode::streamTo):
+
+2008-06-13  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Eliminate the use of temporaries to store the left hand side of an
+        expression when the right hand side is a constant. This slightly
+        improves the generated bytecode for a few SunSpider tests, but it is
+        mostly in preparation for fixing
+
+        Bug 19484: More instructions needs to use temporary registers
+        <https://bugs.webkit.org/show_bug.cgi?id=19484>
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::leftHandSideNeedsCopy):
+        (KJS::CodeGenerator::emitNodeForLeftHandSide):
+        * kjs/nodes.cpp:
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::ExpressionNode::):
+        (KJS::FalseNode::):
+        (KJS::TrueNode::):
+        (KJS::NumberNode::):
+        (KJS::StringNode::):
+
+2008-06-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - prettify opcode stats output
+        
+        I changed things to be a bit more aligned, also there is a new
+        section listing most common opcodes and most common sequences that
+        include them.
+
+        * VM/Opcode.cpp:
+        (KJS::OpcodeStats::~OpcodeStats):
+        * VM/Opcode.h:
+
+2008-06-13  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
+        profiler.
+        - Remove recursion from exclude().  This leaves only focus() to fix.
+
+        * JavaScriptCore.exp: Change the signatures of the exported functions.
+        * profiler/Profile.cpp:
+        (KJS::Profile::forEach): I added a traverseNextNodePreOrder() function
+        and so needed to distinguish the other function by labeling it
+        traverseNextNodePostOrder().
+        (KJS::Profile::exclude): All new exclude that iteratively walks the tree
+        * profiler/Profile.h:
+        (KJS::Profile::focus): Add a null check for m_head.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::traverseNextNodePostOrder): Renamed
+        (KJS::ProfileNode::traverseNextNodePreOrder): Walks the tree in pre-
+        order, where the parent is processed before the children.
+        (KJS::ProfileNode::setTreeVisible): Iterate over the sub-tree and set
+        all of the nodes visible value.  This changes another function that used
+        recursion.
+        (KJS::ProfileNode::exclude): Remove recursion from this function.
+        Because we now check for m_visible and we are walking the tree in pre-
+        order we do not need to check if an excluded node is in an excluded
+        sub-tree.
+        * profiler/ProfileNode.h: Added specific selfTime functions to
+        facilitate exclude().
+        (KJS::ProfileNode::setSelfTime):
+        (KJS::ProfileNode::setActualSelfTime):
+        (KJS::ProfileNode::setVisibleSelfTime):
+
+2008-06-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19434
+          speed up SunSpider by avoiding some string boxing
+
+        Speeds up SunSpider by 1.1%.
+
+        Optimized code path for getting built-in properties from strings -- avoid
+        boxing with a string object in that case. We can make further changes to avoid
+        even more boxing, but this change alone is a win.
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::JSCallbackObject::staticValueGetter): Use isObject instead of inherits
+        in asssert, since the type of slotBase() is now JSValue, not JSObject.
+        (KJS::JSCallbackObject::staticFunctionGetter): Ditto.
+        (KJS::JSCallbackObject::callbackGetter): Ditto.
+
+        * kjs/internal.cpp:
+        (KJS::StringImp::getPrimitiveNumber): Updated for change of data member name.
+        (KJS::StringImp::toBoolean): Ditto.
+        (KJS::StringImp::toNumber): Ditto.
+        (KJS::StringImp::toString): Ditto.
+        (KJS::StringInstance::create): Added; avoids a bit of cut and paste code.
+        (KJS::StringImp::toObject): Use StringInstance::create.
+        (KJS::StringImp::toThisObject): Ditto.
+        (KJS::StringImp::lengthGetter): Added. Replaces the getter that used to live in
+        the StringInstance class.
+        (KJS::StringImp::indexGetter): Ditto.
+        (KJS::StringImp::indexNumericPropertyGetter): Ditto.
+        (KJS::StringImp::getOwnPropertySlot): Added. Deals with built in properties of
+        the string class without creating a StringInstance.
+
+        * kjs/internal.h:
+        (KJS::StringImp::getStringPropertySlot): Added. To be used by both the string
+        and string object getOwnPropertySlot function.
+
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter): Updated since slotBase() is now a JSValue rather
+        than a JSObject.
+
+        * kjs/object.h: Removed PropertySlot::slotBase() function, which can now move
+        back into property_slot.h where it belongs since it doesn't have to cast to
+        JSObject*.
+
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::functionGetter): Updated since slot.slotBase() is now a JSValue*
+        instead of JSObject*. setGetterSlot still guarantees the base is a JSObject*.
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::PropertySlot): Changed base to JSValue* intead of JSCell*.
+        (KJS::PropertySlot::setStaticEntry): Ditto.
+        (KJS::PropertySlot::setCustom): Ditto.
+        (KJS::PropertySlot::setCustomIndex): Ditto.
+        (KJS::PropertySlot::setCustomNumeric): Ditto.
+        (KJS::PropertySlot::slotBase): Moved inline here since it no longer involves a
+        downcast to JSObject*.
+        (KJS::PropertySlot::setBase): Changed to JSValue*.
+
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::getOwnPropertySlot): Changed to use getStringPropertySlot
+        instead of coding the properties here. This allows sharing the code with StringImp.
+
+        * kjs/string_object.h: Removed inlineGetOwnPropertySlot, lengthGetter, and indexGetter.
+        Made one of the constructors protected.
+
+        * kjs/value.h: Made getOwnPropertySlot private in the JSCell class -- this is better
+        since it's not the real JSObject getOwnPropertySlot semantic and most callers shouldn't
+        use it.
+
+2008-06-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        Preparation to making JavaScript heap per-thread.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        (KJS::Collector::markListSet):
+        The collector now holds the list of protected lists itself, to be made per-instance.
+
+        * kjs/list.h: Changed to hold a pointer to a mark set this list is in, if any.
+        (KJS::List::List): Explicitly initialize m_size with zero, as m_vector.size() is
+        guaranteed to be such anyway.
+        (KJS::List::append): Changed the fast case to only be executed as long as inline buffer
+        is used, because otherwise, we now do more expensive checks.
+
+        * kjs/list.cpp:
+        (KJS::List::markLists): Renamed from markProtectedListsSlowCase, made it take the list set
+        as a parameter.
+        (KJS::List::slowAppend): If a non-immediate value is appended, the list needs to be added
+        to an appropriate Heap's protected list. For now, a static Collector::markListSet() is
+        used, but the code is layed out in preparation to making the switch to multiple heaps.
+
+        * JavaScriptCore.exp: Updated export list.
+
+2008-06-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 19510: CodeBlock::needsFullScopeChain not always set for global code
+        <https://bugs.webkit.org/show_bug.cgi?id=19510>
+
+        This fixes the symptoms by using CodeGenerator::m_codeType to determine
+        when to use temporaries instead of CodeBlock::needsFullScopeChain, but
+        it does not fix the problem itself.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::leftHandSideNeedsCopy):
+
+2008-06-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 19498: REGRESSION (r34497): crash while loading GMail
+        <https://bugs.webkit.org/show_bug.cgi?id=19498>
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfTrueMayCombine):
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-06-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - a little bit of cleanup and prep for some upcoming optimizations
+
+        * JavaScriptCore.exp: Re-sorted this file (with sort command line tool).
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump): Fixed printf to avoid warnings -- to use %lu we
+        need to make sure the type is unsigned long.
+        * kjs/object.cpp:
+        (KJS::Error::create): Eliminated unused error names array, and also put
+        the strings into the code since there was already a switch statment.
+        This also avoids having to contemplate a hypothetical access past the
+        end of the array.
+        * kjs/object.h: Got rid of errorNames.
+        * kjs/property_slot.cpp: Deleted unused ungettableGetter.
+        * kjs/property_slot.h: Ditto.
+        * wtf/AlwaysInline.h: Added LIKELY alongside UNLIKELY.
+
+2008-06-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 19457: Create fused opcodes for tests and conditional jumps
+        <https://bugs.webkit.org/show_bug.cgi?id=19457>
+
+        Add a new jless instruction, and modify the code generator to emit it
+        instead of the pair (less, jtrue).
+
+        Gives a 3.6% improvement on SunSpider.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::emitOpcode):
+        (KJS::CodeGenerator::retrieveLastBinaryOp):
+        (KJS::CodeGenerator::rewindBinaryOp):
+        (KJS::CodeGenerator::emitJump):
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        (KJS::CodeGenerator::emitJumpIfFalse):
+        (KJS::CodeGenerator::emitMove):
+        (KJS::CodeGenerator::emitNot):
+        (KJS::CodeGenerator::emitEqual):
+        (KJS::CodeGenerator::emitNotEqual):
+        (KJS::CodeGenerator::emitStrictEqual):
+        (KJS::CodeGenerator::emitNotStrictEqual):
+        (KJS::CodeGenerator::emitLess):
+        (KJS::CodeGenerator::emitLessEq):
+        (KJS::CodeGenerator::emitPreInc):
+        (KJS::CodeGenerator::emitPreDec):
+        (KJS::CodeGenerator::emitPostInc):
+        (KJS::CodeGenerator::emitPostDec):
+        (KJS::CodeGenerator::emitToJSNumber):
+        (KJS::CodeGenerator::emitNegate):
+        (KJS::CodeGenerator::emitAdd):
+        (KJS::CodeGenerator::emitMul):
+        (KJS::CodeGenerator::emitDiv):
+        (KJS::CodeGenerator::emitMod):
+        (KJS::CodeGenerator::emitSub):
+        (KJS::CodeGenerator::emitLeftShift):
+        (KJS::CodeGenerator::emitRightShift):
+        (KJS::CodeGenerator::emitUnsignedRightShift):
+        (KJS::CodeGenerator::emitBitAnd):
+        (KJS::CodeGenerator::emitBitXOr):
+        (KJS::CodeGenerator::emitBitOr):
+        (KJS::CodeGenerator::emitBitNot):
+        (KJS::CodeGenerator::emitInstanceOf):
+        (KJS::CodeGenerator::emitTypeOf):
+        (KJS::CodeGenerator::emitIn):
+        (KJS::CodeGenerator::emitLoad):
+        (KJS::CodeGenerator::emitNewObject):
+        (KJS::CodeGenerator::emitNewArray):
+        (KJS::CodeGenerator::emitResolve):
+        (KJS::CodeGenerator::emitGetScopedVar):
+        (KJS::CodeGenerator::emitPutScopedVar):
+        (KJS::CodeGenerator::emitResolveBase):
+        (KJS::CodeGenerator::emitResolveWithBase):
+        (KJS::CodeGenerator::emitResolveFunction):
+        (KJS::CodeGenerator::emitGetById):
+        (KJS::CodeGenerator::emitPutById):
+        (KJS::CodeGenerator::emitPutGetter):
+        (KJS::CodeGenerator::emitPutSetter):
+        (KJS::CodeGenerator::emitDeleteById):
+        (KJS::CodeGenerator::emitGetByVal):
+        (KJS::CodeGenerator::emitPutByVal):
+        (KJS::CodeGenerator::emitDeleteByVal):
+        (KJS::CodeGenerator::emitPutByIndex):
+        (KJS::CodeGenerator::emitNewFunction):
+        (KJS::CodeGenerator::emitNewRegExp):
+        (KJS::CodeGenerator::emitNewFunctionExpression):
+        (KJS::CodeGenerator::emitCall):
+        (KJS::CodeGenerator::emitReturn):
+        (KJS::CodeGenerator::emitEnd):
+        (KJS::CodeGenerator::emitConstruct):
+        (KJS::CodeGenerator::emitPushScope):
+        (KJS::CodeGenerator::emitPopScope):
+        (KJS::CodeGenerator::emitDebugHook):
+        (KJS::CodeGenerator::emitComplexJumpScopes):
+        (KJS::CodeGenerator::emitJumpScopes):
+        (KJS::CodeGenerator::emitNextPropertyName):
+        (KJS::CodeGenerator::emitGetPropertyNames):
+        (KJS::CodeGenerator::emitCatch):
+        (KJS::CodeGenerator::emitThrow):
+        (KJS::CodeGenerator::emitNewError):
+        (KJS::CodeGenerator::emitJumpSubroutine):
+        (KJS::CodeGenerator::emitSubroutineReturn):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.cpp:
+        * VM/Opcode.h:
+
+2008-06-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Alexey.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=19442
+          JavaScript array implementation doesn't maintain m_numValuesInVector when sorting
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::checkConsistency): Added. Empty inline version for when
+        consistency checks are turned off.
+        (KJS::ArrayInstance::ArrayInstance): Check consistency after construction.
+        (KJS::ArrayInstance::~ArrayInstance): Check consistency before destruction.
+        (KJS::ArrayInstance::put): Check consistency before and after.
+        (KJS::ArrayInstance::deleteProperty): Ditto.
+        (KJS::ArrayInstance::setLength): Ditto.
+        (KJS::compareByStringPairForQSort): Use typedef for clarity.
+        (KJS::ArrayInstance::sort): Check consistency before and after. Also broke the loop
+        to set up sorting into two separate passes. Added FIXMEs about various exception
+        safety issues. Added code to set m_numValuesInVector after sorting.
+        (KJS::ArrayInstance::compactForSorting): Ditto.
+
+        * kjs/array_instance.h: Added a definition of an enum for the types of consistency
+        check and a declaration of the consistency checking function.
+
+2008-06-10  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Link against libedit on Mac since HAVE(READLINE) is defined there.
+
+        * jscore.bkl:
+
+2008-06-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=16503
+        match limit takes at least 13% of the time on the SunSpider regexp-dna test
+
+        Make the limit test slightly more efficient. It is not clear how much of a win it is,
+        as the improvement on regexp-dna varies from 2.3% to 0.6% depending on what revision I
+        apply the patch to. Today, the win on regexp-dna was minimal, but the total win was whopping
+        0.5%, due to random code generation changes.
+
+        * pcre/pcre_exec.cpp: (match): Avoid loading a constant on each iteration.
+
+2008-06-09  Alp Toker  <alp@nuanti.com>
+
+        gcc3/autotools build fix. Add explicit -O2 -fno-strict-aliasing to
+        each of the tools since these are no longer set globally.
+
+        * GNUmakefile.am:
+
+2008-06-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam.
+
+        Add an include for readline/history.h to fix the build for Darwin users
+        with the GNU readline library installed. Also, clean up the style of
+        the HAVE(READLINE) check.
+
+        * kjs/testkjs.cpp:
+        (runInteractive):
+
+2008-06-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 17531: Add interactive mode to testkjs
+        <https://bugs.webkit.org/show_bug.cgi?id=17531>
+
+        This is a cleaned up version of Sam's earlier patch to add an
+        interactive mode to testkjs.
+
+        Readline support is only enabled on Darwin platforms for now, but
+        other ports can enable it by defining HAVE_READLINE in kjs/config.h.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/config.h:
+        * kjs/testkjs.cpp:
+        (Options::Options):
+        (runWithScripts):
+        (runInteractive):
+        (printUsageStatement):
+        (parseArguments):
+        (kjsmain):
+
+2008-06-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Bug 19346: REGRESSION: Mootools 1.2 Class inheritance broken in post-SquirrelFish merge
+        <https://bugs.webkit.org/show_bug.cgi?id=19346>
+
+        A check for whether a function's caller is eval code accidentally included
+        the case where the caller's caller is native code. Add a CodeType field to
+        CodeBlock and use this for the eval caller test instead.
+
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::CodeBlock):
+        (KJS::ProgramCodeBlock::ProgramCodeBlock):
+        (KJS::EvalCodeBlock::EvalCodeBlock):
+        * VM/Machine.cpp:
+        (KJS::getCallerFunctionOffset):
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::generateCode):
+        (KJS::ProgramNode::generateCode):
+
+2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Dan Bernstein.
+
+        Bug 17928: testkjs shouldn't require "-f"
+        <https://bugs.webkit.org/show_bug.cgi?id=17928>
+
+        * kjs/testkjs.cpp:
+        (printUsageStatement):
+        (parseArguments):
+
+2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Eric.
+
+        Bug 17548: JavaScriptCore print(a, b) differs from Spidermonkey Behavior
+        <https://bugs.webkit.org/show_bug.cgi?id=17548>
+
+        * kjs/testkjs.cpp:
+        (functionPrint):
+
+2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam.
+
+        Bug 17547: JavaScriptCore print() differs from Spidermonkey Behavior
+        <https://bugs.webkit.org/show_bug.cgi?id=17547>
+
+        * kjs/testkjs.cpp:
+        (functionPrint):
+
+2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
+
+        More build fixes.
+
+        * kjs/JSGlobalData.cpp: Fixed an included file name for case-sensitive file systems, fixed
+        JSGlobalData::threadInstance() for non-multithreaded builds.
+
+2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix - actually adding JSGlobalData.cpp to non-Mac builds!
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCoreSources.bkl:
+
+2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
+
+        Try to fix Gtk/gcc 4.3 build.
+
+        * kjs/JSGlobalData.h: Include ustring.h instead of forward-declaring UString::Rep.
+
+2008-06-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Combine per-thread objects into one, to make it easier to support legacy clients (for
+        which they shouldn't be really per-thread).
+
+        No change on SunSpider total.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added JSGlobalData.{h,cpp}
+
+        * kjs/JSGlobalData.cpp: Added.
+        (KJS::JSGlobalData::JSGlobalData):
+        (KJS::JSGlobalData::~JSGlobalData):
+        (KJS::JSGlobalData::threadInstance):
+        * kjs/JSGlobalData.h: Added.
+        This class encapsulates all data that should be per-thread (or shared between legacy clients).
+        It will also keep a Heap pointer, but right now, Heap (Collector) methods are all static.
+
+        * kjs/identifier.h:
+        (KJS::Identifier::Identifier):
+        Added a constructor explicitly taking JSGlobalData to access IdentifierTable. Actually,
+        all of them should, but this will be a separate patch.
+
+        * kjs/identifier.cpp:
+        (KJS::IdentifierTable::literalTable):
+        (KJS::createIdentifierTable):
+        (KJS::deleteIdentifierTable):
+        (KJS::Identifier::add):
+        (KJS::Identifier::addSlowCase):
+        Combined IdentifierTable and LiteralIdentifierTable into a single class for simplicity.
+
+        * kjs/grammar.y: kjsyyparse now takes JSGlobalData, not just a Lexer.
+
+        * kjs/nodes.cpp:
+        (KJS::Node::Node):
+        (KJS::EvalFunctionCallNode::emitCode):
+        (KJS::ScopeNode::ScopeNode):
+        Changed to access Lexer and Parser via JSGlobalData::threadInstance(). This is also a
+        temporary measure, they will need to use JSGlobalData explicitly.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::callEval):
+        * kjs/CommonIdentifiers.cpp:
+        (KJS::CommonIdentifiers::CommonIdentifiers):
+        * kjs/CommonIdentifiers.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::evaluate):
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        (KJS::ExecState::globalData):
+        (KJS::ExecState::identifierTable):
+        (KJS::ExecState::propertyNames):
+        (KJS::ExecState::emptyList):
+        (KJS::ExecState::lexer):
+        (KJS::ExecState::parser):
+        (KJS::ExecState::arrayTable):
+        (KJS::ExecState::dateTable):
+        (KJS::ExecState::mathTable):
+        (KJS::ExecState::numberTable):
+        (KJS::ExecState::RegExpImpTable):
+        (KJS::ExecState::RegExpObjectImpTable):
+        (KJS::ExecState::stringTable):
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreadingOnce):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        (KJS::JSGlobalObject::head):
+        (KJS::JSGlobalObject::globalData):
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+        * kjs/Parser.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getParameterName):
+        (KJS::IndexToNameMap::unMap):
+        (KJS::globalFuncEval):
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+        * kjs/lexer.cpp:
+        (kjsyylex):
+        * kjs/lexer.h:
+        * kjs/testkjs.cpp:
+        (prettyPrintScript):
+        Updated for the above changes. Most of threadInstance uses here will need to be replaced with
+        explicitly passed pointers to support legacy JSC clients.
+
+        * JavaScriptCore.exp: Removed KJS::parser().
+
+2008-06-06  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 19424: Add support for logging opcode pair counts
+        <https://bugs.webkit.org/show_bug.cgi?id=19424>
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.cpp:
+        (KJS::OpcodeStats::OpcodeStats):
+        (KJS::compareOpcodeIndices):
+        (KJS::compareOpcodePairIndices):
+        (KJS::OpcodeStats::~OpcodeStats):
+        (KJS::OpcodeStats::recordInstruction):
+        (KJS::OpcodeStats::resetLastInstruction):
+        * VM/Opcode.h:
+
+2008-06-06  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
+        profiler.
+        - Change the remaining functions that do not take arguments, from using
+        recursion to using iteration.
+
+        * JavaScriptCore.exp:
+        * profiler/Profile.cpp:
+        (KJS::stopProfiling):
+        (KJS::restoreAll):
+        (KJS::Profile::stopProfiling): Use foreach instead of recursion.
+        (KJS::Profile::restoreAll): Ditto.
+        * profiler/Profile.h:
+        * profiler/ProfileNode.cpp: Remove recursion.
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::restore):
+        * profiler/ProfileNode.h:
+
+2008-06-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey.
+
+        Fix Greater and GreaterEq nodes to emit code for the left
+        and right sub-expressions in the correct order.
+
+        * kjs/nodes.cpp:
+        (KJS::GreaterNode::emitCode):
+        (KJS::GreaterEqNode::emitCode):
+
+2008-06-05  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Alp Toker.
+        
+        Fix whitespaces.
+
+        * kjs/collector.cpp:
+        (KJS::getPlatformThreadRegisters):
+
+2008-06-05  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Darin.
+        
+        Support compiling JavaScriptCore for ARM.
+
+        * kjs/collector.cpp:
+        (KJS::getPlatformThreadRegisters):
+        (KJS::otherThreadStackPointer):
+
+2008-06-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Jon.
+
+        - Name changes.
+
+        * JavaScriptCore.exp:
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile):
+        (KJS::Profile::stopProfiling):
+        (KJS::Profile::didExecute):
+        (KJS::Profile::forEach):
+        (KJS::Profile::debugPrintData):
+        (KJS::Profile::debugPrintDataSampleStyle):
+        * profiler/Profile.h:
+        (KJS::Profile::callTree):
+        (KJS::Profile::totalTime):
+        (KJS::Profile::sortTotalTimeDescending):
+        (KJS::Profile::sortTotalTimeAscending):
+        (KJS::Profile::sortSelfTimeDescending):
+        (KJS::Profile::sortSelfTimeAscending):
+        (KJS::Profile::sortCallsDescending):
+        (KJS::Profile::sortCallsAscending):
+        (KJS::Profile::sortFunctionNameDescending):
+        (KJS::Profile::sortFunctionNameAscending):
+        (KJS::Profile::focus):
+        (KJS::Profile::exclude):
+        (KJS::Profile::restoreAll):
+
+2008-06-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Stephanie Lewis.
+
+        Added the -fno-move-loop-invariants flag to the pcre_exec.cpp build, to
+        tell GCC not to perform loop invariant motion, since GCC's loop
+        invariant motion doesn't do very well with computed goto code.
+        
+        SunSpider reports no change.
+
+2008-06-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Stephanie Lewis.
+        
+        Added the -fno-tree-pre flag to the Machine.cpp build, to tell GCC not
+        to perform Partial Redundancy Elimination (PRE) on trees in Machine.cpp,
+        since GCC's PRE doesn't do very well with computed goto code.
+        
+        SunSpider reports a .7% speedup.
+        
+2008-06-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Stephanie Lewis (or maybe the other way around).
+        
+        Minor change to PCRE to help out certain compilers.
+        
+        SunSpider reports no change, maybe a small speedup.
+
+        * pcre/pcre_exec.cpp:
+        (match): Use instructionPtr++ a little less, to avoid confusing the
+        optimizer.
+
+2008-06-05  Alexey Proskuryakov  <ap@webkit.org>
+
+        Re-landing an independent part of a previously rolled out threading patch.
+
+        * wtf/ThreadSpecific.h: Make sure to initialize POD thread-specific varaibles, too
+        (replaced "new T" with "new T()").
+
+2008-06-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Hyatt.
+        
+        - force inlining of a template function that only has one call site per specialization
+        1.3% speedup on SunSpider
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate): This template function is only
+        called from allocate() and allocateNumber() (once per
+        specialization) and the extra call overhead for GC allocation
+        shows up, so force inlining.
+
+2008-06-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey and Oliver.
+        
+        - remove profiler fetch hack
+        I measure an 0.5% progression from this, others show a wash. It seems not needed any more.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-06-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 19400: subscript operator does not protect base when necessary
+        <https://bugs.webkit.org/show_bug.cgi?id=19400>
+
+        Use a temporary for the base in BracketAccessorNode if the subscript
+        might possibly modify it.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::BracketAccessorNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::BracketAccessorNode::):
+
+2008-06-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Big cleanup of formatting and whitespace.
+
+2008-06-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Add an option to dump statistics on executed instructions.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.cpp:
+        (KJS::OpcodeStats::~OpcodeStats):
+        (KJS::OpcodeStats::recordInstruction):
+        * VM/Opcode.h:
+
+2008-06-04  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
+        profiler.
+        - This patch removes the use of recursion for the sort functions.
+
+        * JavaScriptCore.exp: Change the signatures of the functions being
+        exported.
+        * profiler/Profile.cpp:
+        (KJS::Profile::sort): This generic function will accept any of the
+        static sort functions and apply them to the whole tree.
+        * profiler/Profile.h: All of the sorting functions now call the new
+        sort() function.
+        (KJS::Profile::sortTotalTimeDescending):
+        (KJS::Profile::sortTotalTimeAscending):
+        (KJS::Profile::sortSelfTimeDescending):
+        (KJS::Profile::sortSelfTimeAscending):
+        (KJS::Profile::sortCallsDescending):
+        (KJS::Profile::sortCallsAscending):
+        (KJS::Profile::sortFunctionNameDescending):
+        (KJS::Profile::sortFunctionNameAscending):
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode): m_head used to point to the head node
+        if this was the head node.  It now points to null to make iteration easy
+        (KJS::ProfileNode::willExecute): Now must check if m_head is null, this
+        check used to happend in the constructor.
+        (KJS::ProfileNode::stopProfiling): Again the check is slightly different
+        to determine if this is the head.
+        (KJS::ProfileNode::traverseNextNode): This function returns the next
+        node in post order.
+        (KJS::ProfileNode::sort): This generic function will sort according to
+        the comparator passed in, then reset the children pointers to macth the
+        new order.
+        * profiler/ProfileNode.h: The sorting function were removed from the
+        definition file and instead use the new generic sort() function
+        (KJS::ProfileNode::totalPercent): because the head can now be empty we
+        need to check here too for the head node.
+        (KJS::ProfileNode::selfPercent): Ditto
+        (KJS::ProfileNode::firstChild): This function is necessary for the 
+        iterative algorithm in Profile.cpp.
+        (KJS::ProfileNode::sortTotalTimeDescending):
+        (KJS::ProfileNode::sortTotalTimeAscending):
+        (KJS::ProfileNode::sortSelfTimeDescending):
+        (KJS::ProfileNode::sortSelfTimeAscending):
+        (KJS::ProfileNode::sortCallsDescending):
+        (KJS::ProfileNode::sortCallsAscending):
+        (KJS::ProfileNode::sortFunctionNameDescending):
+        (KJS::ProfileNode::sortFunctionNameAscending):
+        (KJS::ProfileNode::childrenBegin):
+        (KJS::ProfileNode::childrenEnd):
+        (KJS::ProfileNode::totalTimeDescendingComparator):
+        (KJS::ProfileNode::totalTimeAscendingComparator):
+        (KJS::ProfileNode::selfTimeDescendingComparator):
+        (KJS::ProfileNode::selfTimeAscendingComparator):
+        (KJS::ProfileNode::callsDescendingComparator):
+        (KJS::ProfileNode::callsAscendingComparator):
+        (KJS::ProfileNode::functionNameDescendingComparator):
+        (KJS::ProfileNode::functionNameAscendingComparator):
+
+2008-06-04  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Fix JSClassCreate to work with old JSCore API threading model.
+
+        No change on SunSpider.
+
+        * API/JSClassRef.cpp: (OpaqueJSClass::OpaqueJSClass): Since JSClass is constructed without
+        a context, there is no way for it to create Identifiers.
+        Also, added initializeThreading(), just for good measure.
+
+        * API/JSCallbackObjectFunctions.h: (KJS::::getPropertyNames): Make an Identifier out of the
+        string here, because propertyNames.add() needs that.
+
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        (KJS::Identifier::equal):
+        * kjs/ustring.cpp:
+        (KJS::equal):
+        Moved equal() from identifier.h to ustring.h, because it's not really about Identifiers,
+        and to make it possible to use it from StrHash.
+        Include StrHash.h from ustring.h to avoid having the behavior depend on headers that happen
+        to be included.
+
+        * wtf/StrHash.h: Removed.
+        * kjs/ustring.h: Made RefPtr<UString::Rep> use the same default hash as UString::Rep* (it
+        used to default to pointer equality). Moved the whole StrHash header into ustring.h.
+
+        * JavaScriptCore.exp: Export equal() for WebCore use (this StrHash is used in c_class.cpp,
+        jni_class.cpp, and npruntime.cpp).
+
+2008-06-04  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Darin.
+
+        Fix spacing in collector.{h,cpp}.
+
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+
+2008-06-03  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Build fix. The cleanup in r34355 missed a method.
+
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+
+2008-06-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19269
+          speed up SunSpider by eliminating the toObject call for most get/put/delete
+
+        Makes standalone SunSpider 1.025x as fast as before.
+
+        The getOwnPropertySlot virtual function now takes care of the toObject call
+        for get. Similarly, the put function (and later deleteProperty) does the
+        same for those operations. To do this, the virtual functions were moved from
+        the JSObject class to the JSCell class. Also, since the caller no longer knows
+        the identity of the "original object", which is used by JavaScript-function
+        based getters, changed the PropertySlot class so the original object is
+        already stored in the slot when getOwnPropertySlot is called, if the caller
+        intends to call getValue.
+
+        This affected the old interpreter code enough that the easiest thing for me
+        was to just delete it. While I am not certain the mysterious slowdown is not
+        still occurring, the net change is definitely a significant speedup.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/Machine.cpp: Moved the UNLIKELY macro into AlwaysInline.h.
+        (KJS::resolve): Set up the originalObject in the PropertySlot before
+        calling getPropertySlot. Also removed the originalObject argument from
+        getValue.
+        (KJS::resolve_skip): Ditto.
+        (KJS::resolveBaseAndProperty): Ditto.
+        (KJS::resolveBaseAndFunc): Ditto.
+        (KJS::Machine::privateExecute): Removed the toObject calls from the get and
+        put functions where possible, instead calling directly with JSValue and letting
+        the JSValue and JSCell calls handle toObject. Same for toThisObject.
+
+        * kjs/ExecState.h: Removed OldInterpreterExecState.
+
+        * API/JSBase.cpp: Updated includes.
+
+        * kjs/LocalStorageEntry.h: Removed contents. Later we can remove the file too.
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::lengthGetter): Removed originalObject argumet.
+        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Don't pass a base value to
+        setValueSlot. Also use UNLIKELY around the "getting elements past the end of
+        the array" code path; less common than successfully getting an element.
+
+        * kjs/array_object.cpp:
+        (KJS::getProperty): Initialize the PropertySlot with the original object.
+        Don't pass the original object to the get function.
+        (KJS::arrayProtoFuncFilter): Ditto.
+        (KJS::arrayProtoFuncMap): Ditto.
+        (KJS::arrayProtoFuncEvery): Ditto.
+        (KJS::arrayProtoFuncForEach): Ditto.
+        (KJS::arrayProtoFuncSome): Ditto.
+
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct): Removed an obsolete comment.
+
+        * kjs/grammar.y: Eliminated support for some of the node types that were
+        used to optimize executing from the syntax tree.
+
+        * kjs/internal.cpp:
+        (KJS::StringImp::toThisObject): Added. Same as toObject.
+        (KJS::NumberImp::toThisObject): Ditto.
+        (KJS::GetterSetterImp::getOwnPropertySlot): Added. Not reached.
+        (KJS::GetterSetterImp::put): Ditto.
+        (KJS::GetterSetterImp::toThisObject): Ditto.
+
+        * kjs/internal.h: Added toThisObject to NumberImp for speed.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::shift): Changed shift to just do a single character, to unroll
+        the loop and especially to make the one character case faster.
+        (KJS::Lexer::setCode): Call shift multiple times instead of passing a number.
+        (KJS::Lexer::lex): Ditto.
+        (KJS::Lexer::matchPunctuator): Ditto. Also removed unneeded elses after returns.
+        (KJS::Lexer::scanRegExp): Ditto.
+        * kjs/lexer.h: Removed the count argument from shift.
+
+        * kjs/math_object.cpp:
+        (KJS::mathProtoFuncPow): Call jsNaN instead of jsNumber(NaN).
+
+        * kjs/nodes.cpp: Removed some of the things needed only for the pre-SquirrelFish
+        execution model.
+        (KJS::ForNode::emitCode): Handle cases where some expressions are missing by
+        not emitting any code at all. The old way was to emit code for "true", but
+        this is an unnecessary remnant of the old way of doing things.
+
+        * kjs/nodes.h: Removed some of the things needed only for the pre-SquirrelFish
+        execution model.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::fillGetterPropertySlot): Changed to only pass in the getter
+        function. The old code passed in a base, but it was never used when
+        actually getting the property; the toThisObject call was pointless. Also
+        changed to not pass a base for setUndefined.
+
+        * kjs/object.h: Added the new JSCell operations to GetterSetterImp.
+        Never called.
+        (KJS::JSObject::get): Initialize the object in the PropertySlot and don't
+        pass it in getValue.
+        (KJS::JSObject::getOwnPropertySlotForWrite): Removed the base argument
+        in calls to setValueSlot.
+        (KJS::JSObject::getOwnPropertySlot): Ditto.
+        (KJS::JSValue::get): Added. Here because it calls through to JSObject.
+        A version of JSObject::get that also handles the other types of JSValue
+        by creating the appropriate wrapper. Saves the virtual call to toObject.
+        (KJS::JSValue::put): Ditto.
+        (KJS::JSValue::deleteProperty): Ditto.
+
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::undefinedGetter): Removed the originalObject argument.
+        (KJS::PropertySlot::ungettableGetter): Ditto.
+        (KJS::PropertySlot::functionGetter): Ditto. Use the value in the base
+        as the "this" object, which will be set to the original object by the new
+        PropertySlot initialization code. Also call toThisObject. The old code did
+        not do this, but needed to so we can properly handle the activation object
+        like the other similar code paths.
+
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::PropertySlot): Added a constructor that takes a base
+        object. In debug builds, set the base to 0 if you don't pass one.
+        (KJS::PropertySlot::getValue): Don't take or pass the originalObject.
+        (KJS::PropertySlot::setValueSlot): Don't take a base object, and clear the
+        base object in debug builds.
+        (KJS::PropertySlot::setGetterSlot): Ditto.
+        (KJS::PropertySlot::setUndefined): Ditto.
+        (KJS::PropertySlot::setUngettable): Ditto.
+        (KJS::PropertySlot::slotBase): Assert that a base object is present.
+        This will fire if someone actually calls the get function without having
+        passed in a base object and the getter needs it.
+        (KJS::PropertySlot::setBase): Added. Used by the code that implements
+        toObject so it can supply the original object after the fact.
+        (KJS::PropertySlot::clearBase): Added. Clears the base, but is debug-only
+        code because it's an error to fetch the base if you don't have a guarantee
+        it was set.
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::JSCallbackObject::cachedValueGetter):
+        (KJS::JSCallbackObject::staticValueGetter):
+        (KJS::JSCallbackObject::staticFunctionGetter):
+        (KJS::JSCallbackObject::callbackGetter):
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::getOwnPropertySlot):
+        (KJS::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet):
+        * kjs/array_instance.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::callerGetter):
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::Arguments::mappedIndexGetter):
+        * kjs/function.h:
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::lengthGetter):
+        (KJS::StringInstance::indexGetter):
+        (KJS::stringInstanceNumericPropertyGetter):
+        * kjs/string_object.h:
+        Removed originalObject arguments from getters. Don't pass base values to
+        the various PropertySlot functions that no longer take them.
+
+        * kjs/value.cpp:
+        (KJS::JSCell::getOwnPropertySlot): Added. Calls toObject and then sets the slot.
+        This function has to always return true, because the caller can't walk the prototype
+        chain. Because of that, we do a getPropertySlot, not getOwnPropertySlot, which works
+        for the caller. This is private, only called by getOwnPropertySlotInternal.
+        (KJS::JSCell::put): Added. Calls toObject and then put.
+        (KJS::JSCell::toThisObject): Added. Calls toObject.
+
+        * kjs/value.h: Added get, put, and toThisObject to both JSValue
+        and JSCell. These take care of the toObject operation without an additional virtual
+        function call, and so make the common "already an object" case faster.
+
+        * wtf/AlwaysInline.h: Moved the UNLIKELY macro here for now. Maybe we can find a
+        better place later, or rename this header.
+
+2008-06-03  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Tim.
+
+        Bug 12983: Web Inspector break on the debugger keyword
+        <https://bugs.webkit.org/show_bug.cgi?id=12983>
+
+        Added a DebuggerStatementNode to handle codegen, and added a new
+        DidReachBreakPoint debug event (which will hopefully be useful
+        if we ever move breakpoint management into JSC proper).  Also
+        added didReachBreakpoint to Debugger to allow us to actually respond
+        to this event.
+
+        * VM/CodeBlock.cpp:
+        (KJS::debugHookName):
+        * VM/Machine.cpp:
+        (KJS::Machine::debug):
+        * VM/Machine.h:
+        * kjs/debugger.h:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::DebuggerStatementNode::emitCode):
+        (KJS::DebuggerStatementNode::execute):
+        * kjs/nodes.h:
+        (KJS::DebuggerStatementNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::DebuggerStatementNode::streamTo):
+
+2008-06-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - document remaining opcodes.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Document call, call_eval,
+        construct, ret and end opcodes.
+
+2008-06-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Document throw and catch opcodes.
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Removed JSObject::call, since it just called JSObject::callAsFunction.
+
+        SunSpider reports no change.
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        A little cleanup in the CodeGenerator.
+
+        * VM/CodeGenerator.cpp: A few changes here.
+
+        (1) Removed remaining cases of the old hack of putting "this" into the
+        symbol table; replaced with explicit tracking of m_thisRegister.
+
+        (2) Made m_thisRegister behave the same for function, eval, and program
+        code, removing the static programCodeThis() function.
+
+        (3) Added a feature to nix a ScopeNode's declaration stacks when done
+        compiling, to save memory.
+
+        (4) Removed code that copied eval declarations into special vectors: we
+        just use the originals in the ScopeNode now.
+        
+        * VM/CodeGenerator.h: Removed unneded parameters from the CodeGenerator
+        constructor: we just use get that data from the ScopeNode now.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute): When executing an eval node, don't iterate a
+        special copy of its declarations; iterate the originals, instead.
+
+        * kjs/nodes.cpp: Moved responsibility for knowing what AST data to throw
+        away into the CodeGenerator. Nodes no longer call shrinkCapacity on
+        their data directly.
+        
+        * kjs/nodes.h: Changed FunctionStack to ref its contents, so declaration
+        data stays around even after we've thrown away the AST, unless we explicitly
+        throw away the declaration data, too. This is useful for eval code, which
+        needs to reference its declaration data at execution time. (Soon, it will
+        be useful for program code, too, since program code should do the same.)
+
+2008-06-02  Adam Roben  <aroben@apple.com>
+
+        Build fix for non-AllInOne builds
+
+        * kjs/array_object.cpp: Added a missing #include.
+
+2008-06-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Took out accidental confilct lines I checked in.
+
+        * ChangeLog:
+
+2008-06-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
+        profiler
+        Implement Next Sibling pointers as groundwork for removing the recursion
+        limit in the profiler.
+
+        * profiler/ProfileNode.cpp: Also I renamed parentNode and headNode since
+        'node' is redundant.
+        (KJS::ProfileNode::ProfileNode): Initialize the nextSibling.
+        (KJS::ProfileNode::willExecute): If there are already children then the
+        new child needs to be the nextSibling of the last child.
+        (KJS::ProfileNode::didExecute):
+        (KJS::ProfileNode::addChild): Ditto.
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::sortTotalTimeDescending): For all of the sorting
+        algorithms once the children are sorted their nextSibling pointers need
+        to be reset to reflect the new order.
+        (KJS::ProfileNode::sortTotalTimeAscending):
+        (KJS::ProfileNode::sortSelfTimeDescending):
+        (KJS::ProfileNode::sortSelfTimeAscending):
+        (KJS::ProfileNode::sortCallsDescending):
+        (KJS::ProfileNode::sortCallsAscending):
+        (KJS::ProfileNode::sortFunctionNameDescending):
+        (KJS::ProfileNode::sortFunctionNameAscending):
+        (KJS::ProfileNode::resetChildrensSiblings): This new function simply
+        loops over all of the children and sets their nextSibling pointers to
+        the next child in the Vector
+        (KJS::ProfileNode::debugPrintData):
+        * profiler/ProfileNode.h:
+        (KJS::ProfileNode::parent):
+        (KJS::ProfileNode::setParent):
+        (KJS::ProfileNode::nextSibling):
+        (KJS::ProfileNode::setNextSibling):
+        (KJS::ProfileNode::totalPercent):
+        (KJS::ProfileNode::selfPercent):
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Removed the recursion limit from JSObject::call, since the VM does
+        recursion checking now.
+
+        This should allow us to remove JSObject::call entirely, netting a small
+        speedup.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adele Peterson.
+
+        Added a specific affordance for avoiding stack overflow when converting
+        recursive arrays to string, in preparation for removing generic stack
+        overflow checking from JSObject::call.
+        
+        Tested by fast/js/toString-stack-overflow.html.
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Alice Liu.
+        
+        Refactored some hand-rolled code to call ScopeChain::globalObject instead.
+
+2008-06-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed ASSERT due to execution continuing after an exception is thrown
+        during array sort.
+
+        * kjs/array_instance.cpp:
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key): Don't call the
+        custom comparator function if an exception has been thrown. Just return
+        1 for everything, so the sort completes quickly. (The result will be
+        thrown away.)
+
+2008-05-30  Timothy Hatcher  <timothy@apple.com>
+
+        Made the starting line number of scripts be 1-based throughout the engine.
+        This cleans up script line numbers so they are all consistent now and fixes
+        some cases where script execution was shown as off by one line in the debugger.
+
+        No change in SunSpider.
+
+        Reviewed by Oliver Hunt.
+
+        * API/minidom.c:
+        (main): Pass a line number of 1 instead of 0 to parser().parse().
+        * API/testapi.c:
+        (main): Ditto. And removes a FIXME and changed an assertEqualsAsNumber
+        to use 1 instead of 2 for the line number.
+        * VM/Machine.cpp:
+        (KJS::callEval): Pass a line number of 1 instead of 0.
+        (KJS::Machine::debug): Use firstLine for WillExecuteProgram instead of
+        lastLine. Use lastLine for DidExecuteProgram instead of firstLine.
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::evaluate): Pass a line number of 1 instead of
+        0 to parser().parse().
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse): ASSERT startingLineNumber is greatter than 0. Change
+        the startingLineNumber to be 1 if it was less than or equal to 0. This is needed
+        for release builds to maintain compatibility with the JavaScriptCore API.
+        * kjs/function.cpp:
+        (KJS::globalFuncEval): Pass a line number of 1 instead of 0 to parser().parse().
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct): Pass a line number of 1 instead of 0 to construct().
+        * kjs/lexer.cpp:
+        (Lexer::setCode): Made yylineno = startingLineNumber instead of adding 1.
+        * kjs/testkjs.cpp:
+        (functionRun): Pass a line number of 1 instead of 0 to Interpreter::evaluate().
+        (functionLoad): Ditto.
+        (prettyPrintScript): Ditto.
+        (runWithScripts): Ditto.
+        * profiler/Profiler.cpp:
+        (WebCore::createCallIdentifier): Removed a plus 1 of startingLineNumber.
+
+2008-05-30  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19180
+        speed up SunSpider by optimizing immediate number cases
+
+        Also fixed a JavaScriptCore regression seen on PowerPC - we didn't clip left shift
+        parameter to 0...31.
+
+        0.5% improvement on SunSpider overall, although a 8.5 regression on bitops-3bit-bits-in-byte.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::toTruncatedUInt32): Added. Same as getTruncatedInt32, but casts the result
+        to unsigned.
+
+2008-05-30  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19180
+        speed up SunSpider by optimizing immediate number cases
+
+        Also fixed two JavaScriptCore regressions seen on PowerPC - we didn't clip right shift
+        parameter to 0...31.
+
+        1.6% improvement on SunSpider, without significant regressions on any tests.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        Added fast paths for >>, ==, ===, !=, !==. Changed order of memory accesses in many
+        cases, making them less dependent on gcc's ability to properly assign registers. With this,
+        I could move exception checks back into slow code paths, and saw less randomness in general.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::rightShiftImmediateNumbers):
+        Added.
+
+2008-05-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        - fixed <rdar://problem/5972943> REGRESSION(r33979): Flash clips do not play on cnn.com
+        
+        Finally blocks could clobber registers that had to remain live
+        until they returned. This patch takes a conservative approach and
+        makes sure that finally blocks do not reuse any registers that
+        were previously allocated for the function. In the future this
+        could probably be tightened up to be less profligate with the
+        register allocation.
+        
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::highestUsedRegister):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::TryNode::emitCode):
+
+2008-05-29  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * kjs/array_instance.cpp:
+
+2008-05-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19294
+        <rdar://problem/5969062> A crash when iterating over a sparse array backwards.
+
+        * kjs/array_instance.cpp: Turned sparseArrayCutoff into a macro, so that using max() on it
+        doesn't cause a PIC branch.
+        (KJS::ArrayInstance::increaseVectorLength): Added a comment about this function not
+        preserving class invariants.
+        (KJS::ArrayInstance::put): Update m_storage after reallocation. Move values that fit to
+        the vector from the map in all code paths.
+
+2008-05-29  Thiago Macieira  <tjmaciei@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix compilation in Solaris with Sun CC
+
+        Lots of WebKit code uses C99 functions that, strict as it
+        is, the Solaris system doesn't provide in C++. So we must define them
+        for both GCC and the Sun CC.
+
+        * wtf/MathExtras.h:
+
+2008-05-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Anders.
+
+        Fix codegen for assignment being used as a function.
+
+        FunctionCallValueNode::emitCode failed to account for the
+        potential of the function expression to allocate arbitrary
+        registers.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallValueNode::emitCode):
+
+2008-05-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=19183
+        REGRESSION (r33979): Crash in DebuggerCallFrame::functionName when
+        clicking button in returnEvent-crash.html
+
+        Added two new debugger hooks, willExecuteProgram and didExecuteProgram,
+        along with code to generate them, code to invoke them when unwinding
+        due to an exception, and code to dump them.
+        
+        SunSpider reports no change.
+
+        * VM/CodeBlock.cpp:
+        (KJS::debugHookName): I had to mark this function NEVER_INLINE to avoid
+        a .4% performance regression. The mind boggles.
+
+2008-05-28  Adam Roben  <aroben@apple.com>
+
+        Fix JavaScriptCore tests on OS X
+
+        We were quoting the path to testkjs too late, after it had already
+        been combined with spaces and other options.
+
+        * tests/mozilla/jsDriver.pl:
+        (top level): Move path quoting from here...
+        (sub get_kjs_engine_command): ...to here.
+
+2008-05-28  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Oliver.
+
+        <rdar://problem/5968071> "const f" crashes in JavaScriptCore
+        
+        Make sure to null check the initializer.
+        
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::emitCodeSingle):
+
+2008-05-28  Adam Roben  <aroben@apple.com>
+
+        Make run-javascriptcore-tests work with a space in the path to testkjs
+
+        Reviewed by Alexey Proskuryakov.
+
+        * tests/mozilla/jsDriver.pl: Quote the path to the engine so that
+        spaces will be interpreted correctly.
+
+2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Fixed a misguiding comment - my measurement for negative numbers only included cases
+        where both operands were negative, which is not very interesting.
+
+        * VM/Machine.cpp:
+
+2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        Based on a patch by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19180
+        speed up SunSpider by optimizing immediate number cases
+
+        1.4% speedup on SunSpider.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::incImmediateNumber):
+        (KJS::JSImmediate::decImmediateNumber):
+        Added fast paths for ++ and --.
+
+        (KJS::JSImmediate::canDoFastAdditiveOperations): Corrected a comment.
+
+2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19180
+        speed up SunSpider by optimizing immediate number cases
+
+        2% speedup overall, maximum 10% on controlflow-recursive and bitops-3bit-bits-in-byte,
+        but a 4% regression on bitops-bits-in-byte and bitops-bitwise-and.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::canDoFastAdditiveOperations):
+        (KJS::JSImmediate::addImmediateNumbers):
+        (KJS::JSImmediate::subImmediateNumbers):
+        Added fast cases that work with positive values less than 2^30.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Use the above operations. Also updated SunSpider frequencies
+        with my results (looks like tag values have changed, not sure what caused the minor variation
+        in actual frequencies).
+
+2008-05-27  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        Remove code that appended Cygwin's /bin directory to PATH.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
+        Prepend Cygwin's /bin directory to PATH. We prepend instead of append
+        so that Cygwin's utilities will win out over Win32 versions of the
+        same utilities (particularly perl). We do the prepend here instead of
+        in the Makefile because nmake doesn't seem to like prepending to PATH
+        inside the Makefile. This also matches the way WebCoreGenerated works.
+
+2008-05-27  Adam Roben  <aroben@apple.com>
+
+        Roll out r34163
+
+        A better fix is on the way.
+
+        * DerivedSources.make:
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+
+2008-05-27  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * DerivedSources.make: Don't generate the bytecode docs if
+        OMIT_BYTECODE_DOCS is set to 1.
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Set
+        OMIT_BYTECODE_DOCS for production builds.
+
+2008-05-27  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff and Maciej.
+
+        <rdar://problem/5806428> 
+        https://bugs.webkit.org/show_bug.cgi?id=17925
+        Crash in KJS::JSObject::put after setting this.__proto__
+
+        Set slotIsWriteable to false for __proto__, we want setting __proto__ to go through JSObject::put instead.
+        
+        * kjs/object.h:
+        (KJS::JSObject::getOwnPropertySlotForWrite):
+
+2008-05-27  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fixes to catch up with SquirrelFish, etc.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+        * wtf/Platform.h:
+
+2008-05-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19180
+          speed up SunSpider by optimizing immediate number cases
+
+        Add immediate number cases for the &, |, and ^ operators.
+        Makes standalone SunSpider 1.010x faster.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Add areBothImmediateNumbers special cases
+        for the &, |, and ^ operators.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::xorImmediateNumbers): Added.
+        (KJS::JSImmediate::orImmediateNumbers): Added.
+
+2008-05-26  Stephanie Lewis  <slewis@apple.com>
+
+        Windows build fix. 
+
+        * kjs/testkjs.cpp:
+
+2008-05-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders.
+        
+        - make addStaticGlobals protected instead of private so subclasses can use it
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalObject.h:
+
+2008-05-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed <rdar://problem/5960859> After an eval of a non-string or a syntax
+        error, all profile stack frames are incorrect
+        
+        SunSpider reports a .3% speedup, possibly because eval of a string is a
+        little more efficient now.
+
+        * VM/Machine.cpp:
+        (KJS::callEval): Make sure to call didExecute when returning early. I
+        simplified this function to remove one early return, making the job
+        of adding special code to early returns easier.
+
+        (KJS::Machine::execute): Use the new function ExecState when notifying
+        the profiler. (This doesn't change behavior now, but it might prevent
+        subtle errors in the future.)
+
+2008-05-23  Tor Arne Vestbø  <tavestbo@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fixed toLower and toUpper implementations to allow being called
+        with a null result pointer and resultLength, to determine the
+        number of characters needed for the case conversion.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+
+2008-05-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Fixing a typo in the previous commit made as a last minute change.
+
+        * kjs/regexp_object.cpp:
+
+2008-05-24  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Changed regular expression matching result array to be lazily filled, because many callers
+        only care about it being non-null.
+
+        2% improvement on Acid3 test 26.
+
+        * kjs/array_instance.cpp: Added a void* member to ArrayStorage for ArrayInstance subclasses
+        to use.
+        * kjs/array_instance.h:
+        (KJS::ArrayInstance::lazyCreationData):
+        (KJS::ArrayInstance::setLazyCreationData):
+        Added methods to access it from subclasses.
+
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpMatchesArray::RegExpMatchesArray):
+        (KJS::RegExpMatchesArray::getOwnPropertySlot):
+        (KJS::RegExpMatchesArray::put):
+        (KJS::RegExpMatchesArray::deleteProperty):
+        (KJS::RegExpMatchesArray::getPropertyNames):
+        (KJS::RegExpMatchesArray::fillArrayInstanceIfNeeded):
+        (KJS::RegExpMatchesArray::~RegExpMatchesArray):
+        (KJS::RegExpObjectImp::arrayOfMatches):
+        RegExpMatchesArray is a subclass of ArrayInstance that isn't filled until
+        accessed for the first time.
+
+2008-05-24  Alp Toker  <alp@nuanti.com>
+
+        Win32/gcc build fix. Remove MSVC assumption.
+
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SlowLock):
+
+2008-05-24  Oleg Finkelshteyn <olegfink@gmail.com>
+
+        Rubber-stamped, tweaked and landed by Alexey.
+
+        Build fix for gcc 4.3.
+
+        * JavaScriptCore/kjs/testkjs.cpp:
+        * JavaScriptCore/VM/CodeBlock.cpp:
+        Add missing standard includes.
+
+2008-05-23  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        <rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)
+        
+        Change List to store a JSValue*** pointer + an offset instead of a JSValue** pointer to protect against the case where 
+        a register file changes while a list object points to its buffer.
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject):
+        * kjs/list.cpp:
+        (KJS::List::getSlice):
+        * kjs/list.h:
+        (KJS::List::List):
+        (KJS::List::at):
+        (KJS::List::append):
+        (KJS::List::begin):
+        (KJS::List::end):
+        (KJS::List::buffer):
+
+2008-05-23  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5960012> JSProfiler: Stack overflow if recursion is
+        too deep.
+        -Use a simple depth limit to restrict too deep of recursion.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::willExecute):
+        (KJS::Profile::didExecute):
+        * profiler/Profile.h:
+
+2008-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolling back in r34085, with performance resolved.
+        
+        Apparently, passing the eval function to callEval gave GCC a hernia.
+
+        Reviewed by Darin Adler, Kevin McCullough, and Oliver Hunt.
+        
+        Fixed <rdar://problem/5959447> Crashes and incorrect reporting in the
+        JavaScript profiler
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame): Fixed incorrect reporting / a crash
+        when unwinding from inside eval and/or program code: detect the
+        difference, and do the right thing. Also, be sure to notify the profiler
+        *before* deref'ing the scope chain, since the profiler uses the scope chain.
+
+        (KJS::Machine::execute): Fixed incorrect reporting / crash when calling
+        a JS function re-entrently: Machine::execute(FunctionBodyNode*...)
+        should not invoke the didExecute hook, because op_ret already does that.
+        Also, use the new function's ExecState when calling out to the profiler.
+        (Not important now, but could have become a subtle bug later.)
+
+        (KJS::Machine::privateExecute): Fixed a hard to reproduce crash when
+        profiling JS functions: notify the profiler *before* deref'ing the scope
+        chain, since the profiler uses the scope chain.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::call): Removed these hooks, because they are now unnecessary.
+
+        * profiler/Profile.cpp: Added a comment to explain a subtlety that only
+        Kevin and I understood previously. (Now, the whole world can understand!)
+
+        * profiler/Profiler.cpp:
+        (KJS::shouldExcludeFunction): Don't exclude .call and .apply. That was
+        a hack to fix bugs that no longer exist.
+
+        Finally, sped things up a little bit by changing the "Is the profiler
+        running?" check into an ASSERT, since we only call into the profiler
+        when it's running:
+
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+
+2008-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - fixed <rdar://problem/5957662> REGRESSION(r33943-r33980): Can't send email , attach file or save as draft from hotmail.com
+        
+        SunSpider reports no change.
+        
+        This is a reworking of r34073, which I rolled out because it caused
+        lots of crashes.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator): Use removeDirect to nix old
+        properties whose names collide with new functions. (Don't use putWithAttributes
+        because that tries to write to the register file, which hasn't grown to
+        fit this program yet.)
+
+2008-05-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        As allocateNumber is used via jsNumberCell outside of JavaScriptCore,
+        we need to provide a non-inlined version of it to avoid creating a
+        weak external symbol.
+
+        * JavaScriptCore.exp:
+        * kjs/AllInOneFile.cpp:
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::allocateNumber):
+        * kjs/collector.h:
+        (KJS::Collector::allocate):
+        (KJS::Collector::inlineAllocateNumber):
+        * kjs/value.h:
+        (KJS::NumberImp::operator new):
+
+2008-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolled out r34073 because it caused lots of layout test crashes.
+
+2008-05-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Rolled out r34085 because it measured as a 7.6% performance regression.
+
+2008-05-23  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add the
+        profiler directory to the include path.
+
+2008-05-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Anders.
+
+        SQUIRRELFISH: JavaScript error messages are missing informative text
+
+        Partial fix.
+        Tidy up error messages, makes a couple of them provide slightly more info.
+        Inexplicably leads to a 1% SunSpider Progression.
+
+        * VM/ExceptionHelpers.cpp:
+        (KJS::createError):
+        (KJS::createInvalidParamError):
+        (KJS::createNotAConstructorError):
+        (KJS::createNotAFunctionError):
+        * VM/ExceptionHelpers.h:
+        * VM/Machine.cpp:
+        (KJS::isNotObject):
+
+2008-05-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Tim H.
+
+        Fix call stack reported by profiler when entering event handlers.
+
+        JSObject::call was arbitrarily notifying the profiler when it was
+        called, even if it was JS code, which notifies the profile on entry
+        in any case.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+
+2008-05-16  Alp Toker  <alp@nuanti.com>
+
+        Build fix for gcc 3. Default constructor required in ExecState,
+        used by OldInterpreterExecState.
+
+        * kjs/ExecState.h:
+        (KJS::ExecState::ExecState):
+
+2008-05-23  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix <rdar://problem/5954997> global-recursion-on-full-stack.html crashes under guardmalloc.
+
+        Growing the register file with uncheckedGrow from within Machine::execute is not safe as the
+        register file may be too close to its maximum size to grow successfully.  By using grow,
+        checking the result and throwing a stack overflow error we can avoid crashing.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFile.h: Remove the now-unused uncheckedGrow.
+
+2008-05-23  Oliver Hunt  <oliver@apple.com>
+
+        RS=Kevin McCullough
+
+        Remove JAVASCRIPT_PROFILER define
+
+        * VM/Machine.cpp:
+        (KJS::callEval):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * kjs/config.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+
+2008-05-23  Oliver Hunt  <oliver@apple.com>
+
+       <rdar://problem/5951561> Turn on JavaScript Profiler
+
+        Reviewed by Kevin McCullough.
+
+        Flipped the switch on the profiler, rearranged how we
+        signal the the profiler is active so that calls aren't
+        needed in the general case.
+        
+        Also fixed the entry point for Machine::execute(FunctionBodyNode..)
+        to correctly indicate function exit.
+
+        Results in a 0.7-1.0% regression in SunSpider :-(
+
+        * VM/Machine.cpp:
+        (KJS::callEval):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * kjs/config.h:
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::profiler):
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling):
+        * profiler/Profiler.h:
+        (KJS::Profiler::enabledProfilerReference):
+
+2008-05-23  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build by adding profiler/ to the include search path.
+
+        * JavaScriptCore.pri:
+
+2008-05-22  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        Fix a bug in the profiler where time in the current function is given to
+        (idle).
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::didExecute): Set the start time and then call didExecute
+        to calculate the time spent in this function.
+        * profiler/ProfileNode.cpp: Remove confusing calculations that are no
+        longer necessary.
+        (KJS::ProfileNode::insertNode):
+        * profiler/ProfileNode.h: Expose access to the start time to allow the
+        simpler time calculations above.
+        (KJS::ProfileNode::startTime):
+        (KJS::ProfileNode::setStartTime):
+
+2008-05-22  Adam Roben  <aroben@apple.com>
+
+        Show "(Function object)" instead of "(JSInpectorCallbackWrapper
+        object)" in profiles
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/Profiler.cpp:
+        (KJS::createCallIdentifier): Use JSObject::className instead of
+        getting the class name from the ClassInfo directly. JSObject
+        subclasses can override className to provide a custom class name, and
+        it seems like we should honor that.
+
+2008-05-22  Timothy Hatcher  <timothy@apple.com>
+
+        Added Profile::restoreAll and added ProfileNode::restoreAll
+        to the export file.
+
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.exp:
+        * profiler/Profile.h:
+
+2008-05-22  Alp Toker  <alp@nuanti.com>
+
+        GTK+ build fix. Add JavaScriptCore/profiler to include path.
+
+        * GNUmakefile.am:
+
+2008-05-22  Adam Roben  <aroben@apple.com>
+
+        Implement sub-millisecond profiling on Windows
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/ProfileNode.cpp:
+        (KJS::getCount): Added. On Windows, we use QueryPerformanceCounter. On
+        other platforms, we use getCurrentUTCTimeWithMicroseconds.
+        (KJS::ProfileNode::endAndRecordCall): Use getCount instead of
+        getCurrentUTCTimeWithMicroseconds.
+        (KJS::ProfileNode::startTimer): Ditto.
+
+2008-05-22  Adam Roben  <aroben@apple.com>
+
+        Fix a profiler assertion when calling a NodeList as a function
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/Profiler.cpp:
+        (KJS::createCallIdentifier): Don't assert when a non-function object
+        is called as a function. Instead, build up a CallIdentifier using the
+        object's class name.
+
+2008-05-22  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5951529> JSProfiler: Allow the profiler to "Exclude" a
+        profile node.
+        -Implement 'exclude'; where the excluded node attributes its time to its
+        parent's self time.
+
+        * JavaScriptCore.exp: Export the exclude function.
+        * profiler/Profile.h: 
+        (KJS::Profile::exclude):
+        * profiler/ProfileNode.cpp: 
+        (KJS::ProfileNode::setTreeVisible): New function that allows a change in
+        visiblitiy to be propogated to all the children of a node.
+        (KJS::ProfileNode::exclude): If the node matches the callIdentifier then
+        set the visiblity of this node and all of its children to false and
+        attribute it's total time to it's caller's self time.
+        * profiler/ProfileNode.h:
+
+2008-05-22  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix access to static global variables in Windows release builds.
+
+        * kjs/JSGlobalObject.h: Don't store a reference to an Identifier
+        in GlobalPropertyInfo as the Identifier is likely to be a temporary
+        and therefore may be destroyed before the GlobalPropertyInfo.
+
+2008-05-22  Kevin McCullough  <kmccullough@apple.com>
+
+        Build fix.
+
+        * VM/Machine.cpp:
+        (KJS::callEval):
+
+2008-05-22  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5951561> Turn on JavaScript Profiler
+        Get basic JS profiling working.
+        Even with this patch the profiler will not be compiled in because we do
+        not know the extend, if any, of the performance regression it would cause
+        when it is not in use. However with these changes, if the profiler were
+        on, it would not crash and show good profiling data.
+
+        * VM/Machine.cpp: Instrument the calls sites that are needed for profiling.
+        (KJS::callEval):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * kjs/function.cpp: Ditto.
+        (KJS::globalFuncEval):
+        * kjs/interpreter.cpp: Ditto.
+        (KJS::Interpreter::evaluate):
+        * profiler/Profile.cpp: 
+        (KJS::Profile::willExecute):
+        (KJS::Profile::didExecute): Because we do not get a good context when
+        startProfiling is called it is possible that m_currentNode will be at the
+        top of the known stack when a didExecute() is called.  What we then do is
+        create a new node that represents the function being exited and insert
+        it between the head and the currently known children, since they should
+        be children of this new node.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode):
+        (KJS::ProfileNode::willExecute): Rename the add function for consistency.
+        (KJS::ProfileNode::addChild): Appends the child to this node but also
+        sets the parent pointer of the children to this node.
+        (KJS::ProfileNode::insertNode): Insert a node between this node and its
+        children.  Also set the time for the new node since it is now exiting
+        and we don't really know when it started.
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::startTimer):
+        * profiler/ProfileNode.h:
+        (KJS::CallIdentifier::toString): Added for debugging.
+        (KJS::ProfileNode::setParent):
+        (KJS::ProfileNode::setSelfTime): Fixed an old bug where we set the
+        visibleTotalTime not the visibleSelfTime.
+        (KJS::ProfileNode::children):
+        (KJS::ProfileNode::toString): Added for debugging.
+        * profiler/Profiler.cpp: remove unecessary calls.
+        (KJS::Profiler::startProfiling):
+
+2008-05-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Rename register arguments for op_call, op_call_eval, op_end, and op_construct 
+        to document what they are for.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall):
+        (KJS::CodeGenerator::emitCallEval):
+        (KJS::CodeGenerator::emitEnd):
+        (KJS::CodeGenerator::emitConstruct):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-05-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Bug 19116: SquirrelFish shouldn't regress on variable lookups
+        <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+        Last of the multiscope look up optimisations.  This is a wash overall on SunSpider
+        but is a factor of 5-10 improvement in multiscope read/write/modify (eg. ++, --, +=,
+        ... applied to any non-local var).
+
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+
+2008-05-22  David Kilzer  <ddkilzer@apple.com>
+
+        <rdar://problem/5954233> Add method to release free memory from FastMalloc
+
+        Patch suggested by Mark Rowe.  Rubber-stamped by Maciej.
+
+        * JavaScriptCore.exp: Export _releaseFastMallocFreeMemory.
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMallocStats::): Added releaseFastMallocFreeMemory() for both
+        system malloc and FastMalloc code paths.
+        * wtf/FastMalloc.h: Define releaseFastMallocFreeMemory().
+
+2008-05-22  Oliver Hunt  <oliver@apple.com>
+
+        RS=Maciej.
+
+        Roll out r34020 as it causes recursion tests to fail.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+
+2008-05-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark.
+
+        Don't leak the SymbolTable when compiling eval code.
+
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::generateCode):
+
+2008-05-22  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Oliver.
+
+        Qt build fix.
+
+        * JavaScriptCore.pri: Added DebuggerCallFrame to the build.
+        * VM/LabelID.h: Include limits.h for UINT_MAX.
+        * wtf/VectorTraits.h: Include memory for std::auto_ptr.
+
+2008-05-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adam Roben.
+        
+        Removed the old recursion guard mechanism, since squirrelfish has its
+        own mechanism. Also removed some old JS call tracing code, since we
+        have other ways to do that, too.
+        
+        SunSpider reports no change.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+
+2008-05-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fixed <rdar://problem/5954979> crash on celtic kane JS benchmark
+
+        * kjs/nodes.cpp:
+        (KJS::WithNode::emitCode):
+        (KJS::TryNode::emitCode):
+
+2008-05-21  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Maciej and Geoff.
+
+        <rdar://problem/5951561> Turn on JavaScript Profiler
+        -As part of the effort to turn on the profiler it would be helpful if it
+        did not need ExecStates to represent the stack location of the currently
+        executing statement.
+        -We now create each node as necessary with a reference to the current
+        node and each node knows its parent so that the tree can be made without
+        the entire stack.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile): The current node starts at the head.
+        (KJS::Profile::stopProfiling): The current node is cleared when profiling
+        stops.
+        (KJS::Profile::willExecute): The current node either adds a new child or
+        starts and returns a reference to an already existing child if the call
+        ID that is requested already exists.
+        (KJS::Profile::didExecute): The current node finishes and returns its
+        parent.
+        * profiler/Profile.h: Use a single callIdentifier instead of a vector
+        since we no longer use the whole stack.
+        * profiler/ProfileNode.cpp: Now profile nodes keep a reference to their
+        parent.
+        (KJS::ProfileNode::ProfileNode): Initialize the parent.
+        (KJS::ProfileNode::didExecute): Record the time and return the parent.
+        (KJS::ProfileNode::addOrStartChild): If the given callIdentifier is
+        already a child, start it and return it, otherwise create a new one and
+        return that.
+        (KJS::ProfileNode::stopProfiling): Same logic, just use the new function.
+        * profiler/ProfileNode.h: Utilize the parent.
+        (KJS::ProfileNode::create):
+        (KJS::ProfileNode::parent):
+        * profiler/Profiler.cpp: 
+        (KJS::Profiler::startProfiling): Here is the only place where the
+        ExecState is used to figure out where in the stack the profiler is
+        currently profiling.
+        (KJS::dispatchFunctionToProfiles): Only send one CallIdentifier instead
+        of a vector of them.
+        (KJS::Profiler::willExecute): Ditto.
+        (KJS::Profiler::didExecute): Ditto.
+        (KJS::createCallIdentifier): Create only one CallIdentifier.
+        (KJS::createCallIdentifierFromFunctionImp): Ditto.
+        * profiler/Profiler.h:
+
+2008-05-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19180
+          speed up the < operator for the case when both values are integers
+
+        Makes standalone SunSpider 1.022x faster.
+
+        * VM/Machine.cpp:
+        (KJS::jsLess): Add a special case for when both are numbers that fit in a JSImmediate.
+
+2008-05-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver and Sam.
+        
+        - fixed <rdar://problem/5815631> REGRESSION (r31239): Multiscope optimisation of function calls results in incorrect this value (breaks tvtv.de)
+        
+        Track global this value in the scope chain so we can retrieve it
+        efficiently but it follows lexical scope properly.
+
+        * kjs/ExecState.h:
+        (KJS::ExecState::globalThisValue):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+        * kjs/scope_chain.h:
+        (KJS::ScopeChainNode::ScopeChainNode):
+        (KJS::ScopeChainNode::globalThisObject):
+        (KJS::ScopeChainNode::push):
+        (KJS::ScopeChain::ScopeChain):
+
+2008-05-21  Kevin McCullough  <kmccullough@apple.com>
+
+        Sadness :(
+
+        * kjs/config.h:
+
+2008-05-21  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/5950867> JSProfiler: Allow the profiler to "Focus" a
+        profile node.
+        - This patch updatest the times of the visible nodes correctly, but to do
+        so, some of the design of the ProfileNode changed.
+
+        * JavaScriptCore.exp: export focus' symbol.
+        * profiler/Profile.cpp: ProfileNodes now take a reference to the head of
+        the profile tree to get up-to-date accurate total profile time.
+        (KJS::Profile::Profile): Pass 0 for the head node.
+        (KJS::Profile::stopProfiling): stopProfiling no longer needs the time
+        passed into it, since it can get it from the head and it does not need to
+        be told it is the head because it can figure it out on it's own.
+        (KJS::Profile::willExecute): Set the head node for each created node.
+        * profiler/Profile.h:
+        (KJS::Profile::focus): Instead of taking a CallIdentifier that the caller
+        would have to create, now focus() takes a ProfileNode that they should
+        already have a reference to and focus() can extract the CallIdentifier
+        from it.
+        * profiler/ProfileNode.cpp: Create actual and visible versions fo the
+        total and self times for focus and exclude.  Also add a head node
+        reference so that nodes can get information from their head.
+        (KJS::ProfileNode::ProfileNode):
+        (KJS::ProfileNode::stopProfiling): Rename the total and self time
+        variables and set the visual ones to the actual ones, so that without any
+        changes to the visual versions of these variables, their times will match
+        the actual times.
+        (KJS::ProfileNode::focus): Now focus() has a bool to force it's children
+        to be visible if this node is visible.  If this node does not match the
+        CallIdentifier being focused then the visibleTotalTime is only updated if
+        one or more of it's children is the CallIdentifier being focused. 
+        (KJS::ProfileNode::restoreAll): Restores all variables with respect to
+        the visible data in the ProfileNode.
+        (KJS::ProfileNode::endAndRecordCall): Name change.
+        (KJS::ProfileNode::debugPrintData): Dump the new variables.
+        (KJS::ProfileNode::debugPrintDataSampleStyle): Name change.
+        * profiler/ProfileNode.h: Use the new variables and reference to the head
+        node.
+        (KJS::ProfileNode::create):
+        (KJS::ProfileNode::totalTime):
+        (KJS::ProfileNode::setTotalTime):
+        (KJS::ProfileNode::selfTime):
+        (KJS::ProfileNode::setSelfTime):
+        (KJS::ProfileNode::totalPercent):
+        (KJS::ProfileNode::selfPercent):
+        (KJS::ProfileNode::setVisible):
+
+2008-05-21  Alp Toker  <alp@nuanti.com>
+
+        GTK+/UNIX testkjs build fix. Include signal.h.
+
+        * kjs/testkjs.cpp:
+
+2008-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Yet more windows build fixes
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Yet more windows build fixes
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-05-21  Alp Toker  <alp@nuanti.com>
+
+        GTK+ build fix. Add DebuggerCallFrame.cpp and take AllInOneFile.cpp
+        changes into account.
+
+        * GNUmakefile.am:
+
+2008-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Add DebuggerCallFrame.{h,cpp} to the project file
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-05-21  Alp Toker  <alp@nuanti.com>
+
+        GTK+ port build fixes following squirrelfish merge r33979.
+
+        * GNUmakefile.am:
+
+2008-05-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - save a hash lookup wne writing to global properties
+        0.3% speedup on SunSpider, 7% on bitops-bitwise-and
+
+        * VM/Machine.cpp:
+        (KJS::resolveBase): Check for being a the end of the scope chain
+        before hash lookup.
+
+2008-05-21  Alp Toker  <alp@nuanti.com>
+
+        Rubber-stamped by Maciej.
+
+        Replace non-standard #pragma marks with comments to avoid compiler
+        warnings.
+
+        * profiler/ProfileNode.cpp:
+
+2008-05-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Fix layout test failure in fast/dom/getter-on-window-object2 introduced in r33961.
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::defineGetter):
+        (KJS::JSGlobalObject::defineSetter):
+        * kjs/JSGlobalObject.h:
+
+=== End merge of squirrelfish ===
+
+2008-05-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Tim Hatcher.
+        
+        Merged with trunk WebCore's new debugger.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (KJS::DebuggerCallFrame::evaluate): Changed this function to separate
+        the exception value from the return value. The WebKit debugger treats
+        them as one, but the WebCore debugger doesn't.
+
+        * kjs/DebuggerCallFrame.h:
+        (KJS::DebuggerCallFrame::dynamicGlobalObject): Added a new accessor for
+        the dynamic global object, since the debugger doesn't want the lexical
+        global object.
+
+2008-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 19116: SquirrelFish shouldn't regress on variable lookups
+        <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+        Optimise cross scope assignment, 0.4% progression in sunspider.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPutScopedVar):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::AssignResolveNode::emitCode):
+
+2008-05-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - check property map before symbol table in JSGlobalObject::getOwnPropertySlot
+        0.5% speedup on SunSpider
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::getOwnPropertySlot): Check property map before symbol table
+        because symbol table access is likely to have been optimized.
+
+2008-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 19116: SquirrelFish shouldn't regress on variable lookups
+        <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+        Optimise multiscope lookup of statically resolvable function calls.
+        SunSpider reports a 1.5% improvement, including 37% on 
+        controlflow-recursive for some reason :D
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitResolve):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::emitCode):
+
+2008-05-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - give JSGlobalObject a special version of getOwnPropertySlot that tells you if the slot is directly writable
+        (WebCore change using this is a 2.6% speedup on in-browser SunSpider).
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::getOwnPropertySlot):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet):
+        * kjs/object.h:
+        (KJS::JSObject::getDirectLocation):
+        (KJS::JSObject::getOwnPropertySlotForWrite):
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getLocation):
+        * kjs/property_map.h:
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::putValue):
+
+2008-05-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 19116: SquirrelFish shouldn't regress on variable lookups
+        <https://bugs.webkit.org/show_bug.cgi?id=19116>
+
+        This restores multiscope optimisation to simple resolve, producing
+        a 2.6% progression in SunSpider.  Have verified that none of the
+        sites broken by the multiscope optimisation in trunk were effected
+        by this change.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::CodeBlock):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::findScopedProperty):
+        (KJS::CodeGenerator::emitResolve):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::resolve_n):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/JSVariableObject.h:
+
+2008-05-20  Oliver Hunt  <oliver@apple.com>
+
+        Fixerate the windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * VM/CodeGenerator.cpp:
+        * VM/RegisterFile.h:
+        * kjs/JSGlobalObject.h:
+        * kjs/Parser.cpp:
+        * kjs/interpreter.h:
+
+2008-05-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 19110: SquirrelFish: Google Maps - no maps
+        <https://bugs.webkit.org/show_bug.cgi?id=19110>
+
+        Correct a comedy of errors present in my original patch to "fix"
+        exceptions occurring midway through pre and post increment. This
+        solution is cleaner than the original, doesn't need the additional
+        opcodes, and as an added benefit does not break Google Maps.
+
+        Sunspider reports a 0.4% progression.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+
+2008-05-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - inline JSGlobalObject::getOwnPropertySlot
+        1% improvement on in-browser SunSpider (a wash command-line)
+
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::getOwnPropertySlot):
+
+2008-05-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+        <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+        Handle exceptions thrown by toString conversion in subscript operators,
+        this should basically complete exception handling in SquirrelFish.
+
+        Sunspider reports no regression.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-05-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        [Reapplying patch with previously missing files from r33553 -- Oliver]
+
+        Behold: debugging.
+        
+        SunSpider reports no change.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added DebuggerCallFrame.h/.cpp,
+        and created a debugger folder.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::generate): If the debugger is attached, always
+        generate full scope chains for its sake.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame): Notify the debugger when unwinding
+        due to an exception, so it doesn't keep stale call frames around.
+
+        (KJS::Machine::execute): Set Callee to 0 in eval frames, so the
+        debugger can distinguish them from function call frames.
+
+        (KJS::Machine::debug): Simplified this function, since the debugger
+        doesn't actually need all the information we used to provide.
+
+        (KJS::Machine::privateExecute): Treat debugging hooks like other function
+        calls, so the code we hook into (the debugger UI) can be optimized.
+
+        * kjs/debugger.cpp: Nixed these default callback implementations and
+        made the callbacks pure virtual instead, so the compiler could tell me
+        if I made a mistake in one of the subclasses.
+
+        * kjs/debugger.h: Removed a bunch of irrelevent data from the debugger
+        callbacks. Changed from passing an ExecState* to passing a
+        DebuggerCallFrame*, since an ExecState* doesn't contain sufficient
+        information anymore.
+
+        * kjs/function.cpp:
+        (KJS::globalFuncEval): Easiest bug fix evar!
+
+        [Previously missing files from r33553]
+        * kjs/DebuggerCallFrame.cpp: Copied from JavaScriptCore/profiler/FunctionCallProfile.h.
+        (KJS::DebuggerCallFrame::functionName):
+        (KJS::DebuggerCallFrame::thisObject):
+        (KJS::DebuggerCallFrame::evaluateScript):
+        * kjs/DebuggerCallFrame.h: Copied from JavaScriptCore/VM/Register.h.
+        (KJS::DebuggerCallFrame::DebuggerCallFrame):
+        (KJS::DebuggerCallFrame::scopeChain):
+        (KJS::DebuggerCallFrame::exception):
+
+2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
+        <https://bugs.webkit.org/show_bug.cgi?id=18991>
+
+        Fix the last remaining blocking cases of this bug.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ReadModifyResolveNode::emitCode):
+
+2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Partial fix for:
+
+        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
+        <https://bugs.webkit.org/show_bug.cgi?id=18991>
+
+        Ensure that the code generated for assignments uses temporaries whenever
+        necessary. This patch covers the vast majority of situations, but there
+        are still a few left.
+
+        This patch also adds some missing cases to CodeBlock::dump().
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::destinationForAssignResult):
+        (KJS::CodeGenerator::leftHandSideNeedsCopy):
+        (KJS::CodeGenerator::emitNodeForLeftHandSide):
+        * kjs/NodeInfo.h:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        (KJS::ForInNode::ForInNode):
+        * kjs/nodes.h:
+        (KJS::ReadModifyResolveNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::ReadModifyBracketNode::):
+        (KJS::AssignBracketNode::):
+        (KJS::AssignDotNode::):
+        (KJS::ReadModifyDotNode::):
+
+2008-05-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 19106: SquirrelFish: Activation is not marked correctly
+        <https://bugs.webkit.org/show_bug.cgi?id=19106>
+
+        We can't rely on the symbol table for a count of the number of globals
+        we need to mark as that misses duplicate parameters and 'this'.  Now we
+        use the actual local register count from the codeBlock.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::mark):
+
+2008-05-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 19076: SquirrelFish: RegisterFile can be corrupted if implictly reenter global scope with no declared vars
+        <https://bugs.webkit.org/show_bug.cgi?id=19076>
+
+        Don't delay allocation of initial global RegisterFile, as we can't guarantee we will be able
+        to allocate the global 'this' register safely at any point after initialisation of the Global
+        Object.
+
+        Unfortunately this initial allocation caused a regression of 0.2-0.3%, however this patch adds
+        support for the static slot optimisation for the global Math object which brings it to a 0.3%
+        progression.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::programCodeThis):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::addParameter):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * kjs/ExecState.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
+        (KJS::JSGlobalObject::addStaticGlobals):
+        * kjs/nodes.cpp:
+
+2008-05-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 19098: SquirrelFish: Ref'd temporaries can be clobbered
+        <https://bugs.webkit.org/show_bug.cgi?id=19098>
+
+        When doing code generation for a statement list, increase the reference
+        count on a register that might eventually be returned, so that it doesn't
+        get clobbered by a request for a new temporary.
+
+        * kjs/nodes.cpp:
+        (KJS::statementListEmitCode):
+
+2008-05-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fixed Bug 19044: SquirrelFish: Bogus values enter evaluation when closing over scope with parameter and var with same name
+        https://bugs.webkit.org/show_bug.cgi?id=19044
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::copyRegisters): Use numLocals from the code
+        block rather than the size of the symbol table for the number of
+        registers to copy, to account for duplicate parameters and vars
+        with the same name as parameters (we still have potentially
+        suboptimal codegen in that we allocate a local register for the
+        var in the latter case but it is never used).
+        
+2008-05-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        We regret to inform you that your program is crashing because you were
+        stupid.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Math is hard.
+
+2008-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        A little more debugger action: filled in op_debug. All debugger control
+        flow works now, but variable inspection and backtraces still don't.
+        
+        SunSpider reports no change.
+
+        * VM/CodeGenerator.cpp: Changed op_debug to accept line number parameters.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::getFunctionAndArguments): Moved op_debug into a
+        NEVER_INLINE function to avoid a stunning 10% performance regression.
+        Also factored out a common function for retrieving the function and 
+        arguments from a  call frame. 
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject): Use the new factored out
+        function mentioned above.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse): Increment m_sourceId before assigning it, so the
+        sourceId we send to the debugger matches the sourceId recorded in the
+        node.
+
+        * kjs/nodes.cpp: Emit debugging hooks.
+
+2008-05-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 19024: SQUIRRELFISH: ASSERTION FAILED: activation->isActivationObject() in Machine::unwindCallFrame
+        <https://bugs.webkit.org/show_bug.cgi?id=19024>
+
+        This fixes a number of issues.  The most important is that we now check every register
+        file for tainting rather than just looking for function register files as that was
+        insufficient. Additionally guarded against implicit re-entry into Eval code.
+
+        Also added a few additional assertions to reduce the amout of time between something
+        going wrong and us seeing the error.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::growBuffer):
+        (KJS::RegisterFile::addGlobalSlots):
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushGlobalRegisterFile):
+        (KJS::RegisterFileStack::pushFunctionRegisterFile):
+        * VM/RegisterFileStack.h:
+        (KJS::RegisterFileStack::inImplicitCall):
+
+2008-05-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little more debugger action: emit opcodes for debugger hooks. Right
+        now, the opcode implementation is just a stub.
+        
+        SunSpider reports no change.
+        
+        Some example codegen for "function f() { 1; }":
+
+            [   0] dbg         DidEnterCallFrame
+            [   2] dbg         WillExecuteStatement
+            [   4] load        tr0, 1(@k0)
+            [   7] load        tr0, undefined(@k1)
+            [  10] dbg         WillLeaveCallFrame
+            [  12] ret         tr0
+
+2008-05-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 19025: SQUIRRELFISH: malformed syntax in onload handler causes crash
+        <https://bugs.webkit.org/show_bug.cgi?id=19025>
+
+        Simple fix -- move the use of functionBodyNode to after the null check.
+
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a codegen crash with run-time parse errors.
+        
+        SunSpider reports no change.
+        
+        emitThrowError needs to return the temporary holding the error, not dst,
+        since dst may be NULL. In fact, emitThrowError shouldn't take a dst
+        parameter at all, since exceptions should not modify the destination
+        register.
+
+2008-05-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 19027: SquirrelFish: Incorrect codegen for pre-increment
+        <https://bugs.webkit.org/show_bug.cgi?id=19027>
+
+        This fixes the codegen issues for the pre-inc/decrement operators
+        to prevent incorrectly clobbering the destination in the event of
+        an exception.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPreInc):
+        (KJS::CodeGenerator::emitPreDec):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little more debugger action: supply a real line number, sourceId,
+        and sourceURL in op_new_error.
+        
+        SunSpider reports a .2% speedup. Not sure what that's about.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Use the new good stuff in op_new_error.
+
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::emitCode): Use the shared emitThrowError instead of
+        rolling our own.
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little more debugger action: implemented the exception callback.
+        
+        SunSpider reports a .2% speedup. Not sure what that's about.
+
+        * VM/CodeBlock.h: A little refactoring here. Store a pointer to our
+        owner ScopeNode so we can retrieve data from it. This allows us to
+        stop storing copies of the data ourselves. Also, store a "this" register
+        instead of a code type, since we were only using the code type to
+        calculate the "this" register.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::generate): Calculate the "this" register mentioned
+        above. Also, take care of removing "this" from the symbol table after
+        codegen is done, since relying on the timing of a destructor for correct
+        behavior is not so good.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException): Invoke the debugger's exception callback.
+        (KJS::Machine::privateExecute): Use the "this" register mentioned above.
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed some unused exception machinery.
+        
+        SunSpider reports a .3% speedup.
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/internal.cpp:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/value.h:
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little more debugger action.
+
+        * kjs/debugger.cpp:
+        * kjs/debugger.h: Removed debuggersPresent because it was unused.
+        Replaced AttachedGlobalObject linked list with a HashSet because HashSet
+        is faster and simpler. Changed all functions to return void instead of
+        bool, because no clients ever return false, and we don't want to support
+        it.
+
+        * kjs/nodes.cpp: Did some up-keep to avoid build bustage.
+        (KJS::Node::handleException):
+        (KJS::BreakpointCheckStatement::execute):
+        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
+
+2008-05-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+        <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+        Replace old attempt at "branchless" exceptions as the extra information
+        being passed made gcc an unhappy compiler, replacing these custom toNumber
+        calls with ordinary toNumber logic (by relying on toNumber now preventing
+        side effects after an exception has been thrown) provided sufficient leeway
+        to add the additional checks for the remaining unchecked cases.
+
+        This leaves only toString conversions in certain contexts as possibly
+        misbehaving.
+
+        * VM/Machine.cpp:
+        (KJS::jsAdd):
+        (KJS::resolve):
+        (KJS::resolveBaseAndProperty):
+        (KJS::resolveBaseAndFunc):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/value.h:
+        (KJS::JSValue::safeGetNumber):
+
+2008-05-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        First steps toward supporting the debugger API: support the sourceParsed
+        callback; plus some minor fixups.
+
+        SunSpider reports no regression.
+
+        * VM/CodeGenerator.h: Removed a misleading comment.
+
+        * kjs/Parser.h: Changed the parser to take an ExecState*, so it can
+        implement the sourceParsed callback -- that way, we only have to
+        implement the callback in one place.
+
+        * kjs/debugger.cpp: Nixed DebuggerImp, because its sole purpose in life
+        was to demonstrate the misapplication of design patterns.
+
+        * kjs/debugger.h: Changed sourceParsed to take a SourceProvider, to
+        reduce copying, and not to return a value, because pausing execution
+        after parsing is complicated, and no clients needed that ability, anyway.
+
+        * kjs/grammar.y: Make sure never to pass a NULL SourceElements* to
+        didFinishParsing -- that simplifies some code down the road.
+        
+        * kjs/nodes.cpp: Don't generate special AST nodes just because the
+        debugger is attached -- that's a relic of the old AST execution model,
+        and those nodes haven't been maintained.
+
+2008-05-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
+        <https://bugs.webkit.org/show_bug.cgi?id=18752>
+
+        First step: prevent incorrect evaluation of valueOf/toString conversion
+        in right hand side of expression after earlier conversion throws.
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::toNumber):
+        * kjs/object.cpp:
+        (KJS::JSObject::defaultValue):
+
+2008-05-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18934: SQUIRRELFISH: ASSERT @ nytimes.com due to RegisterFile being clobbered
+        <https://bugs.webkit.org/show_bug.cgi?id=18934>
+
+        Unfortunately we cannot create new statically optimised globals if there are any
+        tainted RegisterFiles on the RegisterFileStack.  To handle this we re-introduce
+        (in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushFunctionRegisterFile):
+        * VM/RegisterFileStack.h:
+
+2008-05-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Introduced support for function.caller.
+        
+        Improved support for walking interesting scopes for function introspection.
+        
+        This fixes all remaining layout tests not blocked by rebasing to trunk.
+        
+        SunSpider reports no change.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters): Fixed a spacing issue.
+
+2008-05-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18961: SQUIRRELFISH: Gmail doesn't load
+        <https://bugs.webkit.org/show_bug.cgi?id=18961>
+
+        Fix codegen for logical nodes so that they don't use their destination
+        as a temporary.
+
+        * kjs/nodes.cpp:
+        (KJS::LogicalAndNode::emitCode):
+        (KJS::LogicalOrNode::emitCode):
+
+2008-05-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        - JavaScriptCore part of fix for: "SQUIRRELFISH: function toString broken after calling"
+        https://bugs.webkit.org/show_bug.cgi?id=18869
+       
+        Three layout tests are fixed:
+          fast/js/toString-elision-trailing-comma.html
+          fast/js/toString-prefix-postfix-preserve-parens.html
+          fast/js/kde/lval-exceptions.html
+        
+        Functions now save a shared subrange of the original source used
+        to make them (so in the common case this adds no storage above the
+        memory cache).
+        
+        * kjs/SourceProvider.h: Added.
+        (KJS::SourceProvider): New abstract base class for classes that provide on-demand access
+        to the source for a JavaScript program. This allows function objects to have access to their
+        original source without copying.
+        (KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
+        (KJS::UStringSourceProvider::create):
+        (KJS::UStringSourceProvider::getRange):
+        (KJS::UStringSourceProvider::data):
+        (KJS::UStringSourceProvider::length):
+        (KJS::UStringSourceProvider::UStringSourceProvider):
+        * kjs/SourceRange.h: Added.
+        (KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
+        the source, to encapsulate on-demand access to the source of a function.
+        (KJS::SourceRange::toString):
+        * VM/Machine.cpp:
+        (KJS::eval): Pass a UStringSourceProvider to the parser.
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.
+        * kjs/Parser.h:
+        (KJS::Parser::parse): Take a SourceProvider.
+        * kjs/lexer.cpp:
+        (KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
+        use it to get the raw buffer and length.
+        * kjs/lexer.h:
+        (KJS::Lexer::sourceRange): Convenience function to get a source
+        range based on the lexer's source provieder, and char offsets
+        right before and after the desired range.
+        * kjs/function.cpp:
+        (KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.
+        * kjs/function_object.cpp:
+        (KJS::functionProtoFuncToString): Use toSourceString to get the source.
+        (KJS::FunctionObjectImp::construct): Give the parser a UStringSourceProvider.
+        * kjs/grammar.y: When parsing a function declaration, function
+        expression, or getter or setter, tell the function body about its
+        SourceRange.
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax): Pass a SourceProvider to the parser.
+        (KJS::Interpreter::evaluate): Pass a SourceProvider to the parser.
+        * kjs/interpreter.h:
+        * kjs/nodes.h:
+        (KJS::FunctionBodyNode::setSource): Establish a SourceRange for this function.
+        (KJS::FunctionBodyNode::toSourceString): Get the source string out
+        of the SourceRange.
+        (KJS::FuncExprNode::): Take a SourceRange and set it on the body.
+        (KJS::FuncDeclNode::): ditto
+        * kjs/testkjs.cpp:
+        (prettyPrintScript): Use a SourceProvider appropriately.
+        * JavaScriptCore.exp: Export new symbols.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add new files.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add new files.
+
+2008-05-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bring back RegisterFile tainting in order to correctly handle
+        natively implemented getters and setters that re-enter JavaScript
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        (KJS::tryGetAndCallProperty):
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::functionGetter):
+
+2008-05-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - track character offsets of open and close braces, in preparation for saving function source
+        
+        I verified that there is no performance regression from this change.
+
+        * kjs/grammar.y:
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex):
+        (KJS::Lexer::matchPunctuator):
+        * kjs/lexer.h:
+
+2008-05-09  Oliver Hunt  <oliver@apple.com>
+
+        Debug build fix
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::restoreLocalStorage):
+
+2008-05-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Build fixes for SquirrelFish on windows.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+        * VM/Register.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::restoreLocalStorage):
+        * kjs/collector.cpp:
+        (KJS::Collector::allocate):
+        (KJS::Collector::allocateNumber):
+        * kjs/collector.h:
+        (KJS::Collector::allocate):
+        (KJS::Collector::allocateNumber):
+        * kjs/property_slot.cpp:
+
+2008-05-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - fix activation tearoff in the case where functions are called with too many arguments
+        
+        Fixes:
+        fast/canvas/patternfill-repeat.html
+        fast/dom/SelectorAPI/bug-17313.html
+
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::scopeChainForCall):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+
+2008-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed failure in fast/canvas/canvas-pattern-behaviour.html.
+        
+        SunSpider reports a small speedup. Not sure what that's about.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump): Fixed op_call_eval to dump as "op_call_eval".
+        This helped me while debugging.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame): When looking for an activation to tear
+        off, don't use the scope chain. Inside eval, the scope chain doesn't
+        belong to us; it belongs to our calling function.
+        
+        Also, don't use the needsFullScopeChain flag to decide whether to tear
+        off the activation. "function.arguments" can create an activation
+        for a function whose needsFullScopeChain flag is set to false.
+
+2008-05-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix function.call for calls of more than 8 arguments
+        
+        Fixes svg/carto.net/button.svg
+
+        * kjs/list.cpp:
+        (KJS::List::getSlice): properly set up the m_buffer of the target list.
+
+2008-05-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - don't return a null RegisterID from RegExpNode in the exception case, since the caller may need a real register
+
+        Fixes:
+        - fast/regex/early-acid3-86.html
+        - http/tests/misc/acid3.html
+        
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::emitCode):
+
+2008-05-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Fix a performance regression caused by the introduction of property
+        attributes to SymbolTable in r32859 by encoding the attributes and the
+        register index into a single field of SymbolTableEntry.
+
+        This leaves Node::optimizeVariableAccess() definitely broken, although
+        it was probably not entirely correct in SquirrelFish before this change.
+
+        * VM/CodeBlock.h:
+        (KJS::missingThisObjectMarker):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::registerForLocal):
+        (KJS::CodeGenerator::registerForLocalConstInit):
+        (KJS::CodeGenerator::isLocalConstant):
+        (KJS::CodeGenerator::addConstant):
+        (KJS::CodeGenerator::emitCall):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::IdentifierMapIndexHashTraits::emptyValue):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::saveLocalStorage):
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames):
+        (KJS::JSVariableObject::getPropertyAttributes):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet):
+        (KJS::JSVariableObject::symbolTablePut):
+        (KJS::JSVariableObject::symbolTablePutWithAttributes):
+        * kjs/SymbolTable.h:
+        (KJS::SymbolTableEntry::SymbolTableEntry):
+        (KJS::SymbolTableEntry::isEmpty):
+        (KJS::SymbolTableEntry::getIndex):
+        (KJS::SymbolTableEntry::getAttributes):
+        (KJS::SymbolTableEntry::setAttributes):
+        (KJS::SymbolTableEntry::isReadOnly):
+        * kjs/nodes.cpp:
+        (KJS::getSymbolTableEntry):
+        (KJS::PostIncResolveNode::optimizeVariableAccess):
+        (KJS::PostDecResolveNode::optimizeVariableAccess):
+        (KJS::DeleteResolveNode::optimizeVariableAccess):
+        (KJS::TypeOfResolveNode::optimizeVariableAccess):
+        (KJS::PreIncResolveNode::optimizeVariableAccess):
+        (KJS::PreDecResolveNode::optimizeVariableAccess):
+        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::ProgramNode::initializeSymbolTable):
+
+2008-05-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Oliver.
+        
+        - add missing ! in an assert that I failed to reverse
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+
+2008-05-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fixed "SQUIRRELFISH: window.this shows up as a property, but it shouldn't"
+        https://bugs.webkit.org/show_bug.cgi?id=18868
+        
+        The basic approach is to have "this" only be present in the symbol
+        table at compile time, not runtime.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::~CodeGenerator): Remove "this" from symbol table.
+        (KJS::CodeGenerator::CodeGenerator): Add "this" back when re-using
+        a symbol table.
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute): Don't assert that "this" is in the symbol table.
+
+2008-05-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Trivial support for function.arguments: Currently, we only support
+        function.arguments from within the scope of function.
+        
+        This fixes the remaining Mozilla JS test failures.
+        
+        SunSpider reports no change.
+
+        * JavaScriptCore.exp:
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Separated scope chain deref from
+        activation register copying: since it is now possible for client code
+        to create an activation on behalf of a function that otherwise wouldn't
+        need one, having an activation no longer necessarily means that you need
+        to deref the scope chain.
+        
+        (KJS::Machine::getCallFrame): For now, this function only examines the
+        current scope. Walking parent scopes requires some refactoring in the
+        way we track execution stacks.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState): We use a negative call frame offset to
+        indicate that a given scope is not a function call scope.
+        
+2008-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Fix call frame set up for native -> JS function calls.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+
+2008-05-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed ecma_3/Object/8.6.2.6-001.js, and similar bugs.
+        
+        SunSpider reports a .4% speedup. Not sure what that's about.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Check for exception return from equal,
+        since toPrimitive can throw.
+
+        * kjs/operations.cpp:
+        (KJS::strictEqual): In response to an error I made in an earlier version
+        of this patch, I changed strictEqual to make clear the fact that it
+        performs no conversions and can't throw, making it slightly more efficient
+        in the process.
+
+2008-05-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix some dumb mistakes in my last patch
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPushScope):
+        (KJS::CodeGenerator::emitGetPropertyNames):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-05-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - document opcodes relating to jumps, scopes, and property name iteration
+        
+        Documented jmp, jtrue, false, push_scope, pop_scope, get_pnames,
+        next_pname and jmp_scopes.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJump):
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        (KJS::CodeGenerator::emitJumpIfFalse):
+        (KJS::CodeGenerator::emitPushScope):
+        (KJS::CodeGenerator::emitNextPropertyName):
+        (KJS::CodeGenerator::emitGetPropertyNames):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.cpp:
+        (KJS::LogicalAndNode::emitCode):
+        (KJS::LogicalOrNode::emitCode):
+        (KJS::ConditionalNode::emitCode):
+        (KJS::IfNode::emitCode):
+        (KJS::IfElseNode::emitCode):
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::ForInNode::emitCode):
+        (KJS::WithNode::emitCode):
+
+2008-05-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18749: SQUIRRELFISH: const support is broken
+        <https://bugs.webkit.org/show_bug.cgi?id=18749>
+
+        Adds support for const during code generation.
+
+        Fixes 2 layout tests.
+
+        * ChangeLog:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::isLocalConstant):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::addVar):
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+
+2008-05-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - document some more opcodes (and fix argument names)
+        
+        Added docs for eq, neq, stricteq, nstriceq, less and lesseq.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitEqual):
+        (KJS::CodeGenerator::emitNotEqual):
+        (KJS::CodeGenerator::emitStrictEqual):
+        (KJS::CodeGenerator::emitNotStrictEqual):
+        (KJS::CodeGenerator::emitLess):
+        (KJS::CodeGenerator::emitLessEq):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.cpp:
+        (KJS::LessNode::emitCode):
+        (KJS::GreaterNode::emitCode):
+        (KJS::LessEqNode::emitCode):
+        (KJS::GreaterEqNode::emitCode):
+        (KJS::EqualNode::emitCode):
+        (KJS::NotEqualNode::emitCode):
+        (KJS::StrictEqualNode::emitCode):
+        (KJS::NotStrictEqualNode::emitCode):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-05-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        More scaffolding for f.arguments.
+        
+        Track the offset of the last call frame in the ExecState, so we can
+        produce a backtrace at any time.
+        
+        Also, record numLocals, the sum of numVars + numParameters, in each code
+        block, to make updates to the ExecState a little cheaper than they
+        would be otherwise.
+        
+        We now use numLocals in a bunch of places where we used to calculate
+        numVars + numParameters or -numVars - numParameters.
+        
+        Reports are mixed, but all in all, this seems to be a wash on SunSpider.
+
+2008-05-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Whoops, correctly handle properties that don't exist in the 
+        symbol table.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTablePutWithAttributes):
+
+2008-05-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Add attribute information to SymbolTable as ground work for
+        various DontEnum and ReadOnly issues.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::registerForLocal):
+        (KJS::CodeGenerator::registerForLocalConstInit):
+        (KJS::CodeGenerator::addConstant):
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::saveLocalStorage):
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames):
+        (KJS::JSVariableObject::getPropertyAttributes):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTablePut):
+        (KJS::JSVariableObject::symbolTablePutWithAttributes):
+        * kjs/SymbolTable.h:
+        (KJS::SymbolTableEntry::SymbolTableEntry):
+        (KJS::SymbolTableIndexHashTraits::emptyValue):
+        * kjs/nodes.cpp:
+        (KJS::getSymbolTableEntry):
+        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::ProgramNode::initializeSymbolTable):
+
+2008-05-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        More scaffolding for f.arguments.
+        
+        Store the register file associated with an ExecState in the ExecState.
+        
+        SunSpider reports no change.
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Moved
+        registerFileStack above globalExec, so it gets initialized first.
+        Removed remnants of old activation scheme.
+
+2008-05-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Oliver.
+        
+        - renamed a few opcodes and fixed assembly formatting to accomodate the longest opcode
+        
+        equal --> eq
+        nequal --> neq
+        resolve_base_and_property --> resolve_with_base
+        resolve_base_and_func --> resolve_func
+        get_prop_id --> get_by_id
+        put_prop_id --> put_by_id
+        delete_prop_id --> del_by_id
+        get_prop_val --> get_by_val
+        put_prop_val --> put_by_val
+        delete_prop_val --> del_by_val
+        put_prop_index --> put_by_index
+        
+        * VM/CodeBlock.cpp:
+        (KJS::printUnaryOp):
+        (KJS::printBinaryOp):
+        (KJS::printConditionalJump):
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitEqual):
+        (KJS::CodeGenerator::emitNotEqual):
+        (KJS::CodeGenerator::emitResolveWithBase):
+        (KJS::CodeGenerator::emitResolveFunction):
+        (KJS::CodeGenerator::emitGetById):
+        (KJS::CodeGenerator::emitPutById):
+        (KJS::CodeGenerator::emitDeleteById):
+        (KJS::CodeGenerator::emitGetByVal):
+        (KJS::CodeGenerator::emitPutByVal):
+        (KJS::CodeGenerator::emitDeleteByVal):
+        (KJS::CodeGenerator::emitPutByIndex):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::ArrayNode::emitCode):
+        (KJS::PropertyListNode::emitCode):
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::EvalFunctionCallNode::emitCode):
+        (KJS::FunctionCallResolveNode::emitCode):
+        (KJS::FunctionCallBracketNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PostIncBracketNode::emitCode):
+        (KJS::PostDecBracketNode::emitCode):
+        (KJS::PostIncDotNode::emitCode):
+        (KJS::PostDecDotNode::emitCode):
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::DeleteBracketNode::emitCode):
+        (KJS::DeleteDotNode::emitCode):
+        (KJS::TypeOfResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        (KJS::ConstDeclNode::emitCodeSingle):
+        (KJS::ForInNode::emitCode):
+        (KJS::TryNode::emitCode):
+
+2008-05-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix assertion when accessing arguments object with too many arguments provided
+
+        The arguments constructor was assuming that the register offset given for argv
+        was an absolute offset into the registerfile, rather than the offset from the
+        frame.  This patches corrects that issue.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject):
+
+2008-05-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber stamped by Sam Weinig.
+        
+        Cleaned up Machine.cpp according to our style guidelines: moved static
+        data to the top of the file; moved stand-alone functions below that;
+        moved the Machine constructor above other Machine member functions.
+
+2008-05-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - fix accidental breakage from last patch
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-05-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - a bunch more opcode documentation and corresponding parameter name fixes
+
+        I renamed a few opcodes:
+        
+        type_of --> typeof (that's what the JS operator is named)
+        instance_of --> instanceof (ditto)
+        create_error --> new_error (for consistency with other new_* opcodes)
+        
+        I documented the following opcodes:
+        
+        - load
+        - new_object
+        - new_array
+        - new_regexp
+        - mov
+        - pre_inc
+        - pre_dec
+        - post_inc
+        - post_dec
+        - to_jsnumber
+        - negate
+        - bitnot
+        - not
+        - instanceof
+        - typeof
+        - in
+        - new_func
+        - new_funcexp
+        - new_error
+
+        I also fixed formatting on some existing opcode docs.
+        
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitMove):
+        (KJS::CodeGenerator::emitNot):
+        (KJS::CodeGenerator::emitPreInc):
+        (KJS::CodeGenerator::emitPreDec):
+        (KJS::CodeGenerator::emitPostInc):
+        (KJS::CodeGenerator::emitPostDec):
+        (KJS::CodeGenerator::emitToJSNumber):
+        (KJS::CodeGenerator::emitNegate):
+        (KJS::CodeGenerator::emitBitNot):
+        (KJS::CodeGenerator::emitInstanceOf):
+        (KJS::CodeGenerator::emitTypeOf):
+        (KJS::CodeGenerator::emitIn):
+        (KJS::CodeGenerator::emitLoad):
+        (KJS::CodeGenerator::emitNewObject):
+        (KJS::CodeGenerator::emitNewArray):
+        (KJS::CodeGenerator::emitNewRegExp):
+        (KJS::CodeGenerator::emitNewError):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::scopeDepth):
+        (KJS::CodeGenerator::addVar):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::Node::emitThrowError):
+        (KJS::RegExpNode::emitCode):
+        (KJS::TypeOfValueNode::emitCode):
+        (KJS::UnaryPlusNode::emitCode):
+        (KJS::NegateNode::emitCode):
+        (KJS::BitwiseNotNode::emitCode):
+        (KJS::LogicalNotNode::emitCode):
+        (KJS::InstanceOfNode::emitCode):
+        (KJS::InNode::emitCode):
+
+2008-05-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff and Sam.
+        
+        - generate HTML bytecode docs at build time
+
+        * DerivedSources.make:
+        * docs: Added.
+        * docs/make-bytecode-docs.pl: Added.
+
+2008-05-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Update ExecState::m_scopeChain when switching scope chains inside the
+        machine.
+        
+        This fixes uses of lexicalGlobalObject, such as, in a subframe
+
+            alert(top.makeArray() instanceof Array ? "FAIL" : "PASS");
+        
+        and a bunch of the security failures listed in
+        https://bugs.webkit.org/show_bug.cgi?id=18870. (Those tests still fail,
+        seemingly because of regressions in exception messages).
+        
+        SunSpider reports no change.
+
+        * VM/Machine.cpp: Factored out scope chain updating into a common
+        function that takes care to update ExecState::m_scopeChain, too.
+
+        * kjs/ExecState.h: I made Machine a friend of ExecState so that Machine
+        could update ExecState::m_scopeChain, even though that value is
+        read-only for everyone else.
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Changed
+        this client to be a little friendlier to ExecState's internal
+        storage type for scope chain data.
+
+2008-05-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=18876
+        Squirrelfish: ScopeChainNode leak in op_jmp_scopes.
+        
+        SunSpider reports no change.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Don't construct a ScopeChain object,
+        since the direct threaded interpreter will goto across its destructor.
+
+2008-05-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A bit more efficient fix than r32832: Don't copy globals into function
+        register files; instead, have the RegisterFileStack track only the base
+        of the last *global* register file, so the global object's register
+        references stay good.
+        
+        SunSpider reports a .3% speedup. Not sure what that's about.
+
+2008-05-03  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18864: SquirrelFish: Support getter and setter definition in object literals
+        <https://bugs.webkit.org/show_bug.cgi?id=18864>
+
+        Add new opcodes to allow us to add getters and setters to an object.  These are
+        only used by the codegen for object literals.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPutGetter):
+        (KJS::CodeGenerator::emitPutSetter):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PropertyListNode::emitCode):
+
+2008-05-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - properly copy globals into and out of implicit call register
+        files, otherwise they will fail at global lookup
+
+        Fixes fast/js/array-tostring-and-join.html layout test.
+        
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushGlobalRegisterFile):
+        (KJS::RegisterFileStack::popGlobalRegisterFile):
+        (KJS::RegisterFileStack::pushFunctionRegisterFile):
+        (KJS::RegisterFileStack::popFunctionRegisterFile):
+
+2008-05-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=18822
+        SQUIRRELFISH: incorrect eval used in some cases
+        
+        Changed all code inside the machine to fetch the lexical global object
+        directly from the scope chain, instead of from the ExecState.
+        
+        Clients who fetch the lexical global object through the ExecState
+        still don't work.
+        
+        SunSpider reports no change.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Fetch the lexical global object from
+        the scope chain.
+        
+        * kjs/ExecState.h:
+        (KJS::ExecState::ExecState::lexicalGlobalObject): Moved the logic for
+        this function into ScopeChainNode, but kept this function around to
+        support existing clients.
+
+2008-05-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber stamped by Oliver Hunt.
+        
+        Removed ExecState.cpp from AllInOneFile.cpp, for a .2% speedup.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+
+2008-05-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff and Maciej.
+
+        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
+        <https://bugs.webkit.org/show_bug.cgi?id=18827>
+
+        Remove safe/unsafe RegisterFile concept, and instead just add additional
+        logic to ensure we always push/pop RegisterFiles when executing getters
+        and setters, similar to the logic for valueOf and toString.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::functionGetter):
+
+2008-05-01  Oliver Hunt  <oliver@apple.com>
+
+        RS=Geoff
+
+        Rename unsafeForReentry to safeForReentry to avoid double negatives.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+
+2008-05-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
+        <https://bugs.webkit.org/show_bug.cgi?id=18827>
+        
+        This patch makes getters and setters work.  It does this by
+        tracking whether the RegisterFile is "safe", that is whether
+        the interpreter is in a state that in which it can handle
+        the RegisterFile being reallocated.
+
+        * VM/Machine.cpp:
+        (KJS::resolve):
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Release build fix: Always compile in "isGlobalObject", since it's
+        listed in our .exp file.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::isGlobalObject):
+        * kjs/ExecState.h:
+
+2008-04-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Minor code restructuring to prepare for getters and setters, 
+        also helps exception semantics a bit.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Fixed tyop.
+
+        * kjs/ExecState.h:
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Debug build fix: export a missing symbol.
+
+        * JavaScriptCore.exp:
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little more ExecState refactoring: Now, only the global object creates
+        an ExecState.
+        
+        Also inlined ExecState::lexicalGlobalObject().
+        
+        SunSpider reports no change.
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        WebCore build fix: forward-declare ScopeChain.
+
+        * kjs/interpreter.h:
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix for JavaScriptGlue: export a missing symbol.
+
+        * JavaScriptCore.exp:
+
+2008-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed a lot of unused bits from ExecState, moving them into
+        OldInterpreterExecState, the fake scaffolding class.
+        
+        The clutter was making it hard to see the forest from the trees.
+        
+        .4% SunSpider speedup, probably because ExecState::lexicalGlobalObject()
+        is faster now.
+
+2008-04-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
+        <https://bugs.webkit.org/show_bug.cgi?id=18643>
+
+        Prevent static slot optimisation for new variables and functions in
+        globally re-entrant code called from an an implicit function call.
+
+        This is necessary to prevent us from needing to resize the global
+        slot portion of the root RegisterFile during an implicit (and hence
+        unguarded) function call.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFile.h:
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushGlobalRegisterFile):
+        (KJS::RegisterFileStack::popGlobalRegisterFile):
+        (KJS::RegisterFileStack::pushFunctionRegisterFile):
+        (KJS::RegisterFileStack::popFunctionRegisterFile):
+        * VM/RegisterFileStack.h:
+        (KJS::RegisterFileStack::inImplicitFunctionCall):
+        (KJS::RegisterFileStack::lastGlobal):
+        * kjs/nodes.cpp:
+        (KJS::ProgramNode::generateCode):
+        * kjs/nodes.h:
+        (KJS::ProgramNode::):
+
+2008-04-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        In nested program code, don't propogate "this" back to the parent
+        register file. ("this" should remain constant in the parent register
+        file, regardless of the scripts it invokes.)
+
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::copyGlobals):
+
+2008-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Restore base pointer when popping a global RegisterFile
+
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::popGlobalRegisterFile):
+
+2008-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
+        <https://bugs.webkit.org/show_bug.cgi?id=18643>
+
+        Partial fix.  This results in all implicit calls to toString or valueOf
+        executing in a separate RegisterFile, so ensuring that the the pointers
+        in the triggering interpreter don't get trashed.  This still leaves the
+        task of preventing new global re-entry from toString and valueOf from
+        clobbering the RegisterFile.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushFunctionRegisterFile):
+        (KJS::RegisterFileStack::popFunctionRegisterFile):
+        * VM/RegisterFileStack.h:
+        * kjs/object.cpp:
+        (KJS::tryGetAndCallProperty):
+
+2008-04-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Simplified activation object a bit: No need to store the callee
+        in the activation object -- we can pull it out of the call frame
+        when needed, instead.
+        
+        SunSpider reports no change.
+
+2008-04-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        RS by Oliver Hunt on moving JSArguments.cpp out of AllInOneFile.cpp.
+
+        Substantially more handling of "arguments": "arguments" works fully
+        now, but "f.arguments" still doesn't work.
+
+        Fixes 10 regression tests.
+        
+        SunSpider reports no regression.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::createArgumentsObject): Reconstruct an arguments
+        List to pass to the arguments object constructor.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp: Removed JSActivation.cpp from AllInOneFile.cpp
+        because that seems to make GCC happy. (Previously, I had added
+        JSActivation.cpp to AllInOneFile.cpp because *that* seemed to make GCC
+        happy. So it goes.)
+
+2008-04-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Groundwork for more handling of "arguments". I'm not checking in the
+        actual handling of "arguments" yet, because it still needs a little
+        fiddling to avoid a performance regression.
+        
+        SunSpider reports no change.
+
+        * VM/Machine.cpp:
+        (KJS::initializeCallFrame): Put argc in the register file, so the
+        arguments object can find it later, to determine arguments.length.
+
+        * kjs/nodes.h:
+        (KJS::FunctionBodyNode::): Added a special code accessor for when you
+        know the code has already been generated, and you don't have a scopeChain
+        to supply for potential code generation. (This is the case when the
+        activation object creates the arguments object.)
+
+2008-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Replace unsafe use of auto_ptr in Vector with manual memory
+        management.
+
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::~RegisterFileStack):
+        (KJS::RegisterFileStack::popRegisterFile):
+        * VM/RegisterFileStack.h:
+
+2008-04-27  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18746: SQUIRRELFISH: indirect eval used when direct eval should be used
+        <https://bugs.webkit.org/show_bug.cgi?id=18746>
+
+        Change the base to the correct value of the 'this' object after the direct
+        eval test instead of before.
+
+        Fixes 5 layout tests.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.cpp:
+        (KJS::EvalFunctionCallNode::emitCode):
+
+2008-04-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - document all property getting, setting and deleting opcodes
+        
+        (And fix function parameter names to match corresponding opcode parameter names.)
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitResolve):
+        (KJS::CodeGenerator::emitResolveBase):
+        (KJS::CodeGenerator::emitResolveBaseAndProperty):
+        (KJS::CodeGenerator::emitResolveBaseAndFunc):
+        (KJS::CodeGenerator::emitGetPropId):
+        (KJS::CodeGenerator::emitPutPropId):
+        (KJS::CodeGenerator::emitDeletePropId):
+        (KJS::CodeGenerator::emitPutPropVal):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::resolve):
+        (KJS::resolveBase):
+        (KJS::resolveBaseAndProperty):
+        (KJS::resolveBaseAndFunc):
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.cpp:
+        (KJS::ResolveNode::emitCode):
+        (KJS::ArrayNode::emitCode):
+        (KJS::PropertyListNode::emitCode):
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::EvalFunctionCallNode::emitCode):
+        (KJS::FunctionCallResolveNode::emitCode):
+        (KJS::FunctionCallBracketNode::emitCode):
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PostIncBracketNode::emitCode):
+        (KJS::PostDecBracketNode::emitCode):
+        (KJS::PostIncDotNode::emitCode):
+        (KJS::PostDecDotNode::emitCode):
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::TypeOfResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        (KJS::ConstDeclNode::emitCodeSingle):
+
+2008-04-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18628: SQUIRRELFISH: need to support recursion limit
+        <https://bugs.webkit.org/show_bug.cgi?id=18628>
+
+        Basically completes recursion limiting.  There is still some
+        tuning we may want to do to make things better in the face of
+        very bad code, but certainly nothing worse than anything already
+        possible in trunk.
+
+        Also fixes a WebKit test by fixing the exception text :D
+
+        * JavaScriptCore.exp:
+        * VM/ExceptionHelpers.cpp:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::growBuffer):
+        (KJS::RegisterFile::addGlobalSlots):
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::grow):
+        (KJS::RegisterFile::uncheckedGrow):
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::pushRegisterFile):
+        * VM/RegisterFileStack.h:
+
+2008-04-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18628: SQUIRRELFISH: need to support recursion limit
+        <https://bugs.webkit.org/show_bug.cgi?id=18628>
+
+        Put a limit on the level of reentry recursion.  128 levels of re-entrant recursion
+        seems reasonable as it is greater than the old eval limit, and a long way short of
+        the reentry depth needed to overflow the stack.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/Machine.h:
+
+2008-04-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A tiny bit of cleanup to the regexp code.
+        
+        Removed some static_cast.
+        
+        Removed createRegExpImp because it's no longer used.
+
+2008-04-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18736: SQUIRRELFISH: switch statements with no default have incorrect codegen
+        <https://bugs.webkit.org/show_bug.cgi?id=18736>
+
+        Ensure the "default" target is correct in the absence of an explicit default handler.
+
+        * kjs/nodes.cpp:
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-04-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18628: SQUIRRELFISH: need to support recursion limit
+        <https://bugs.webkit.org/show_bug.cgi?id=18628>
+
+        More bounds checking.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::growBuffer):
+        * VM/RegisterFile.h:
+
+2008-04-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix signal catching magic
+        
+        The signal handlers are restored to _exit but are only set when
+        running under run-javascriptcore-tests. fprintf from a signal
+        handler is not safe.
+
+        * kjs/testkjs.cpp:
+        (main):
+        (parseArguments):
+        * tests/mozilla/jsDriver.pl:
+
+2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18732: SQUIRRELFISH: exceptions thrown by native constructors are ignored
+        <https://bugs.webkit.org/show_bug.cgi?id=18732>
+
+        Fixes another regression test.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18728: SQUIRRELFISH: invalid regular expression constants should throw exceptions
+        <https://bugs.webkit.org/show_bug.cgi?id=18728>
+
+        Fixes another regression test.
+
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::emitCode):
+
+2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoffrey Garen.
+
+        Bug 18735: SQUIRRELFISH: closures are sometimes given an incorrect 'this' value when called
+        <https://bugs.webkit.org/show_bug.cgi?id=18735>
+
+        The overloaded toThisObject method was not copied over to JSActivation.
+
+        Fixes two regression tests.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::toThisObject):
+        * kjs/JSActivation.h:
+
+2008-04-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Added support for arguments.callee.
+
+2008-04-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18628: SQUIRRELFISH: need to support recursion limit
+        <https://bugs.webkit.org/show_bug.cgi?id=18628>
+
+        Partial fix -- this gets us some of the required bounds checking, but not
+        complete coverage.  But it does manage to do them without regressing :D
+
+        * VM/ExceptionHelpers.cpp:
+        (KJS::createError):
+        (KJS::createStackOverflowError):
+        * VM/ExceptionHelpers.h:
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.cpp:
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::):
+        (KJS::RegisterFile::RegisterFile):
+        (KJS::RegisterFile::grow):
+
+2008-04-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A tiny bit more handling of "arguments": create a real, but mostly
+        hollow, arguments object.
+        
+        Fixes 2 regression tests.
+
+2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18717: SQUIRRELFISH: eval returns the wrong value for a variable declaration statement
+        <https://bugs.webkit.org/show_bug.cgi?id=18717>
+
+        Fixes a regression test, but exposes the failure of another due to the
+        lack of getters and setters.
+
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::emitCodeSingle):
+        (KJS::ConstDeclNode::emitCode):
+        (KJS::ConstStatementNode::emitCode):
+        (KJS::VarStatementNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Print a CRASH statement when crashing, so test failures are not a
+        mystery.
+
+        * kjs/testkjs.cpp:
+        (handleCrash):
+        (main):
+
+2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoffrey Garen.
+
+        Bug 18716: SQUIRRELFISH: typeof should return undefined for an undefined variable reference
+        <https://bugs.webkit.org/show_bug.cgi?id=18716>
+
+        This fixes 2 more regression tests.
+
+        * kjs/nodes.cpp:
+        (KJS::TypeOfResolveNode::emitCode):
+
+2008-04-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Put the callee in the call frame.
+        
+        Necessary in order to support "arguments" and "arguments.callee".
+
+        Also fixes a latent GC bug, where an executing function could be
+        subject to GC if the register holding it were overwritten. Here's
+        an example that would have caused problems:
+        
+        function f()
+        {
+            // Flood the machine stack to eliminate any old pointers to f.
+            g.call({});
+            
+            // Overwrite f in the register file.
+            f = 1;
+
+            // Force a GC.
+            for (var i = 0; i < 5000; ++i) {
+                ({});
+            }
+            
+            // Welcome to crash-ville.
+        }
+
+        function g()
+        {
+        }
+
+        f();
+
+        * VM/Machine.h: Changed the order of arguments to
+        execute(FunctionBodyNode*...) to match the other execute functions.
+        * kjs/function.cpp: Updated to match new argument requirements from
+        execute(FunctionBodyNode*...). Renamed newObj to thisObj to match the
+        rest of JavaScriptCore.
+
+        SunSpider reports no change.
+
+2008-04-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18707: SQUIRRELFISH: eval always performs toString() on its argument
+        <https://bugs.webkit.org/show_bug.cgi?id=18707>
+
+        This fixes 4 more regression tests.
+
+        * VM/Machine.cpp:
+        (KJS::eval):
+
+2008-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix logic bug in SegmentedVector::grow which would sometimes fail to resize a segment when needed
+        
+        Fixes 3 JSC tests.
+
+        * VM/SegmentedVector.h:
+        (KJS::SegmentedVector::grow):
+
+2008-04-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Degenerate handling of "arguments" as a property of the activation
+        object. Currently, we just return a vanilla object.
+        
+        SunSpider reports no change.
+
+        Fixes:
+
+        ecma_3/Function/regress-94506.js.
+        
+        Reveals to have been secretly broken:
+
+        ecma_3/Function/15.3.4.3-1.js
+        ecma_3/Function/15.3.4.4-1.js
+        
+        These tests were passing incorrectly. testkjs creates a global array
+        named "arguments" to hold command-line arguments. That array was
+        tricking these tests into thinking that an arguments object with length
+        0 had been created. Since our new vanilla object shadows the global
+        property named arguments, that object no longer fools these tests into
+        passing.
+        
+        Net change: +1 failing test.
+
+        * kjs/AllInOneFile.cpp: Had to put JSActivation.cpp into AllInOneFile.cpp
+        to solve a surprising 8.6% regression in bitops-3bit-bits-in-byte.
+
+2008-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - save and restore callFrame
+
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * kjs/testkjs.cpp:
+        (main):
+
+2008-04-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed scopes for named function expressions.
+        
+        Fixes one regression test.
+        
+        Two changes here:
+        
+        (1) The function's name is supposed to have attributes DontDelete,
+        ReadOnly, regardless of the type of code executing.
+        
+        (2) Push the name object on the function's scope chain, rather than
+        the ExecState's scope chain because, well, that's where it belongs.
+
+2008-04-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Inlined JSObject::putDirect, for a .4% SunSpider speedup.
+        
+        I did this as a first step toward removing nodes.cpp from
+        AllInOneFile.cpp, but I'm putting that larger project aside for now.
+
+2008-04-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Geoff.
+        
+        - add OldInterpreterExecState class and use it in dead code
+        
+        This will allow removing things from the real ExecState class
+        without having to figure out how to remove all this code without
+        getting a perf regression.
+
+        * kjs/nodes.cpp:
+        (KJS::ExpressionNode::evaluateToNumber):
+        (KJS::ExpressionNode::evaluateToBoolean):
+        (KJS::ExpressionNode::evaluateToInt32):
+        (KJS::ExpressionNode::evaluateToUInt32):
+        (KJS::Node::setErrorCompletion):
+        (KJS::Node::throwError):
+        (KJS::Node::throwUndefinedVariableError):
+        (KJS::Node::handleException):
+        (KJS::Node::rethrowException):
+        (KJS::BreakpointCheckStatement::execute):
+        (KJS::BreakpointCheckStatement::optimizeVariableAccess):
+        (KJS::NullNode::evaluate):
+        (KJS::FalseNode::evaluate):
+        (KJS::TrueNode::evaluate):
+        (KJS::NumberNode::evaluate):
+        (KJS::NumberNode::evaluateToNumber):
+        (KJS::NumberNode::evaluateToBoolean):
+        (KJS::NumberNode::evaluateToInt32):
+        (KJS::NumberNode::evaluateToUInt32):
+        (KJS::ImmediateNumberNode::evaluate):
+        (KJS::ImmediateNumberNode::evaluateToInt32):
+        (KJS::ImmediateNumberNode::evaluateToUInt32):
+        (KJS::StringNode::evaluate):
+        (KJS::StringNode::evaluateToNumber):
+        (KJS::StringNode::evaluateToBoolean):
+        (KJS::RegExpNode::evaluate):
+        (KJS::ThisNode::evaluate):
+        (KJS::ResolveNode::inlineEvaluate):
+        (KJS::ResolveNode::evaluate):
+        (KJS::ResolveNode::evaluateToNumber):
+        (KJS::ResolveNode::evaluateToBoolean):
+        (KJS::ResolveNode::evaluateToInt32):
+        (KJS::ResolveNode::evaluateToUInt32):
+        (KJS::getSymbolTableEntry):
+        (KJS::ResolveNode::optimizeVariableAccess):
+        (KJS::LocalVarAccessNode::inlineEvaluate):
+        (KJS::LocalVarAccessNode::evaluate):
+        (KJS::LocalVarAccessNode::evaluateToNumber):
+        (KJS::LocalVarAccessNode::evaluateToBoolean):
+        (KJS::LocalVarAccessNode::evaluateToInt32):
+        (KJS::LocalVarAccessNode::evaluateToUInt32):
+        (KJS::getNonLocalSymbol):
+        (KJS::ScopedVarAccessNode::inlineEvaluate):
+        (KJS::ScopedVarAccessNode::evaluate):
+        (KJS::ScopedVarAccessNode::evaluateToNumber):
+        (KJS::ScopedVarAccessNode::evaluateToBoolean):
+        (KJS::ScopedVarAccessNode::evaluateToInt32):
+        (KJS::ScopedVarAccessNode::evaluateToUInt32):
+        (KJS::NonLocalVarAccessNode::inlineEvaluate):
+        (KJS::NonLocalVarAccessNode::evaluate):
+        (KJS::NonLocalVarAccessNode::evaluateToNumber):
+        (KJS::NonLocalVarAccessNode::evaluateToBoolean):
+        (KJS::NonLocalVarAccessNode::evaluateToInt32):
+        (KJS::NonLocalVarAccessNode::evaluateToUInt32):
+        (KJS::ElementNode::optimizeVariableAccess):
+        (KJS::ElementNode::evaluate):
+        (KJS::ArrayNode::optimizeVariableAccess):
+        (KJS::ArrayNode::evaluate):
+        (KJS::ObjectLiteralNode::optimizeVariableAccess):
+        (KJS::ObjectLiteralNode::evaluate):
+        (KJS::PropertyListNode::optimizeVariableAccess):
+        (KJS::PropertyListNode::evaluate):
+        (KJS::PropertyNode::optimizeVariableAccess):
+        (KJS::PropertyNode::evaluate):
+        (KJS::BracketAccessorNode::optimizeVariableAccess):
+        (KJS::BracketAccessorNode::inlineEvaluate):
+        (KJS::BracketAccessorNode::evaluate):
+        (KJS::BracketAccessorNode::evaluateToNumber):
+        (KJS::BracketAccessorNode::evaluateToBoolean):
+        (KJS::BracketAccessorNode::evaluateToInt32):
+        (KJS::BracketAccessorNode::evaluateToUInt32):
+        (KJS::DotAccessorNode::optimizeVariableAccess):
+        (KJS::DotAccessorNode::inlineEvaluate):
+        (KJS::DotAccessorNode::evaluate):
+        (KJS::DotAccessorNode::evaluateToNumber):
+        (KJS::DotAccessorNode::evaluateToBoolean):
+        (KJS::DotAccessorNode::evaluateToInt32):
+        (KJS::DotAccessorNode::evaluateToUInt32):
+        (KJS::ArgumentListNode::optimizeVariableAccess):
+        (KJS::ArgumentListNode::evaluateList):
+        (KJS::ArgumentsNode::optimizeVariableAccess):
+        (KJS::NewExprNode::optimizeVariableAccess):
+        (KJS::NewExprNode::inlineEvaluate):
+        (KJS::NewExprNode::evaluate):
+        (KJS::NewExprNode::evaluateToNumber):
+        (KJS::NewExprNode::evaluateToBoolean):
+        (KJS::NewExprNode::evaluateToInt32):
+        (KJS::NewExprNode::evaluateToUInt32):
+        (KJS::ExpressionNode::resolveAndCall):
+        (KJS::EvalFunctionCallNode::optimizeVariableAccess):
+        (KJS::EvalFunctionCallNode::evaluate):
+        (KJS::FunctionCallValueNode::optimizeVariableAccess):
+        (KJS::FunctionCallValueNode::evaluate):
+        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
+        (KJS::FunctionCallResolveNode::inlineEvaluate):
+        (KJS::FunctionCallResolveNode::evaluate):
+        (KJS::FunctionCallResolveNode::evaluateToNumber):
+        (KJS::FunctionCallResolveNode::evaluateToBoolean):
+        (KJS::FunctionCallResolveNode::evaluateToInt32):
+        (KJS::FunctionCallResolveNode::evaluateToUInt32):
+        (KJS::LocalVarFunctionCallNode::inlineEvaluate):
+        (KJS::LocalVarFunctionCallNode::evaluate):
+        (KJS::LocalVarFunctionCallNode::evaluateToNumber):
+        (KJS::LocalVarFunctionCallNode::evaluateToBoolean):
+        (KJS::LocalVarFunctionCallNode::evaluateToInt32):
+        (KJS::LocalVarFunctionCallNode::evaluateToUInt32):
+        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
+        (KJS::ScopedVarFunctionCallNode::evaluate):
+        (KJS::ScopedVarFunctionCallNode::evaluateToNumber):
+        (KJS::ScopedVarFunctionCallNode::evaluateToBoolean):
+        (KJS::ScopedVarFunctionCallNode::evaluateToInt32):
+        (KJS::ScopedVarFunctionCallNode::evaluateToUInt32):
+        (KJS::NonLocalVarFunctionCallNode::inlineEvaluate):
+        (KJS::NonLocalVarFunctionCallNode::evaluate):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToNumber):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToBoolean):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToInt32):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToUInt32):
+        (KJS::FunctionCallBracketNode::optimizeVariableAccess):
+        (KJS::FunctionCallBracketNode::evaluate):
+        (KJS::FunctionCallDotNode::optimizeVariableAccess):
+        (KJS::FunctionCallDotNode::inlineEvaluate):
+        (KJS::FunctionCallDotNode::evaluate):
+        (KJS::FunctionCallDotNode::evaluateToNumber):
+        (KJS::FunctionCallDotNode::evaluateToBoolean):
+        (KJS::FunctionCallDotNode::evaluateToInt32):
+        (KJS::FunctionCallDotNode::evaluateToUInt32):
+        (KJS::PostIncResolveNode::optimizeVariableAccess):
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::optimizeVariableAccess):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
+        (KJS::PostDecLocalVarNode::evaluateToNumber):
+        (KJS::PostDecLocalVarNode::evaluateToBoolean):
+        (KJS::PostDecLocalVarNode::evaluateToInt32):
+        (KJS::PostDecLocalVarNode::evaluateToUInt32):
+        (KJS::PostfixBracketNode::optimizeVariableAccess):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostfixDotNode::optimizeVariableAccess):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::PostfixErrorNode::evaluate):
+        (KJS::DeleteResolveNode::optimizeVariableAccess):
+        (KJS::DeleteResolveNode::evaluate):
+        (KJS::LocalVarDeleteNode::evaluate):
+        (KJS::DeleteBracketNode::optimizeVariableAccess):
+        (KJS::DeleteBracketNode::evaluate):
+        (KJS::DeleteDotNode::optimizeVariableAccess):
+        (KJS::DeleteDotNode::evaluate):
+        (KJS::DeleteValueNode::optimizeVariableAccess):
+        (KJS::DeleteValueNode::evaluate):
+        (KJS::VoidNode::optimizeVariableAccess):
+        (KJS::VoidNode::evaluate):
+        (KJS::TypeOfValueNode::optimizeVariableAccess):
+        (KJS::TypeOfResolveNode::optimizeVariableAccess):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::TypeOfResolveNode::evaluate):
+        (KJS::TypeOfValueNode::evaluate):
+        (KJS::PreIncResolveNode::optimizeVariableAccess):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecResolveNode::optimizeVariableAccess):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::PreIncConstNode::evaluate):
+        (KJS::PreDecConstNode::evaluate):
+        (KJS::PostIncConstNode::evaluate):
+        (KJS::PostDecConstNode::evaluate):
+        (KJS::PrefixBracketNode::optimizeVariableAccess):
+        (KJS::PreIncBracketNode::evaluate):
+        (KJS::PreDecBracketNode::evaluate):
+        (KJS::PrefixDotNode::optimizeVariableAccess):
+        (KJS::PreIncDotNode::evaluate):
+        (KJS::PreDecDotNode::evaluate):
+        (KJS::PrefixErrorNode::evaluate):
+        (KJS::UnaryPlusNode::optimizeVariableAccess):
+        (KJS::UnaryPlusNode::evaluate):
+        (KJS::UnaryPlusNode::evaluateToBoolean):
+        (KJS::UnaryPlusNode::evaluateToNumber):
+        (KJS::UnaryPlusNode::evaluateToInt32):
+        (KJS::UnaryPlusNode::evaluateToUInt32):
+        (KJS::NegateNode::optimizeVariableAccess):
+        (KJS::NegateNode::evaluate):
+        (KJS::NegateNode::evaluateToNumber):
+        (KJS::BitwiseNotNode::optimizeVariableAccess):
+        (KJS::BitwiseNotNode::inlineEvaluateToInt32):
+        (KJS::BitwiseNotNode::evaluate):
+        (KJS::BitwiseNotNode::evaluateToNumber):
+        (KJS::BitwiseNotNode::evaluateToBoolean):
+        (KJS::BitwiseNotNode::evaluateToInt32):
+        (KJS::BitwiseNotNode::evaluateToUInt32):
+        (KJS::LogicalNotNode::optimizeVariableAccess):
+        (KJS::LogicalNotNode::evaluate):
+        (KJS::LogicalNotNode::evaluateToBoolean):
+        (KJS::MultNode::optimizeVariableAccess):
+        (KJS::MultNode::inlineEvaluateToNumber):
+        (KJS::MultNode::evaluate):
+        (KJS::MultNode::evaluateToNumber):
+        (KJS::MultNode::evaluateToBoolean):
+        (KJS::MultNode::evaluateToInt32):
+        (KJS::MultNode::evaluateToUInt32):
+        (KJS::DivNode::optimizeVariableAccess):
+        (KJS::DivNode::inlineEvaluateToNumber):
+        (KJS::DivNode::evaluate):
+        (KJS::DivNode::evaluateToNumber):
+        (KJS::DivNode::evaluateToInt32):
+        (KJS::DivNode::evaluateToUInt32):
+        (KJS::ModNode::optimizeVariableAccess):
+        (KJS::ModNode::inlineEvaluateToNumber):
+        (KJS::ModNode::evaluate):
+        (KJS::ModNode::evaluateToNumber):
+        (KJS::ModNode::evaluateToBoolean):
+        (KJS::ModNode::evaluateToInt32):
+        (KJS::ModNode::evaluateToUInt32):
+        (KJS::throwOutOfMemoryErrorToNumber):
+        (KJS::addSlowCase):
+        (KJS::addSlowCaseToNumber):
+        (KJS::add):
+        (KJS::addToNumber):
+        (KJS::AddNode::optimizeVariableAccess):
+        (KJS::AddNode::evaluate):
+        (KJS::AddNode::inlineEvaluateToNumber):
+        (KJS::AddNode::evaluateToNumber):
+        (KJS::AddNode::evaluateToInt32):
+        (KJS::AddNode::evaluateToUInt32):
+        (KJS::AddNumbersNode::inlineEvaluateToNumber):
+        (KJS::AddNumbersNode::evaluate):
+        (KJS::AddNumbersNode::evaluateToNumber):
+        (KJS::AddNumbersNode::evaluateToInt32):
+        (KJS::AddNumbersNode::evaluateToUInt32):
+        (KJS::AddStringsNode::evaluate):
+        (KJS::AddStringLeftNode::evaluate):
+        (KJS::AddStringRightNode::evaluate):
+        (KJS::SubNode::optimizeVariableAccess):
+        (KJS::SubNode::inlineEvaluateToNumber):
+        (KJS::SubNode::evaluate):
+        (KJS::SubNode::evaluateToNumber):
+        (KJS::SubNode::evaluateToInt32):
+        (KJS::SubNode::evaluateToUInt32):
+        (KJS::LeftShiftNode::optimizeVariableAccess):
+        (KJS::LeftShiftNode::inlineEvaluateToInt32):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::LeftShiftNode::evaluateToNumber):
+        (KJS::LeftShiftNode::evaluateToInt32):
+        (KJS::LeftShiftNode::evaluateToUInt32):
+        (KJS::RightShiftNode::optimizeVariableAccess):
+        (KJS::RightShiftNode::inlineEvaluateToInt32):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluateToNumber):
+        (KJS::RightShiftNode::evaluateToInt32):
+        (KJS::RightShiftNode::evaluateToUInt32):
+        (KJS::UnsignedRightShiftNode::optimizeVariableAccess):
+        (KJS::UnsignedRightShiftNode::inlineEvaluateToUInt32):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluateToNumber):
+        (KJS::UnsignedRightShiftNode::evaluateToInt32):
+        (KJS::UnsignedRightShiftNode::evaluateToUInt32):
+        (KJS::lessThan):
+        (KJS::lessThanEq):
+        (KJS::LessNode::optimizeVariableAccess):
+        (KJS::LessNode::inlineEvaluateToBoolean):
+        (KJS::LessNode::evaluate):
+        (KJS::LessNode::evaluateToBoolean):
+        (KJS::LessNumbersNode::inlineEvaluateToBoolean):
+        (KJS::LessNumbersNode::evaluate):
+        (KJS::LessNumbersNode::evaluateToBoolean):
+        (KJS::LessStringsNode::inlineEvaluateToBoolean):
+        (KJS::LessStringsNode::evaluate):
+        (KJS::LessStringsNode::evaluateToBoolean):
+        (KJS::GreaterNode::optimizeVariableAccess):
+        (KJS::GreaterNode::inlineEvaluateToBoolean):
+        (KJS::GreaterNode::evaluate):
+        (KJS::GreaterNode::evaluateToBoolean):
+        (KJS::LessEqNode::optimizeVariableAccess):
+        (KJS::LessEqNode::inlineEvaluateToBoolean):
+        (KJS::LessEqNode::evaluate):
+        (KJS::LessEqNode::evaluateToBoolean):
+        (KJS::GreaterEqNode::optimizeVariableAccess):
+        (KJS::GreaterEqNode::inlineEvaluateToBoolean):
+        (KJS::GreaterEqNode::evaluate):
+        (KJS::GreaterEqNode::evaluateToBoolean):
+        (KJS::InstanceOfNode::optimizeVariableAccess):
+        (KJS::InstanceOfNode::evaluate):
+        (KJS::InstanceOfNode::evaluateToBoolean):
+        (KJS::InNode::optimizeVariableAccess):
+        (KJS::InNode::evaluate):
+        (KJS::InNode::evaluateToBoolean):
+        (KJS::EqualNode::optimizeVariableAccess):
+        (KJS::EqualNode::inlineEvaluateToBoolean):
+        (KJS::EqualNode::evaluate):
+        (KJS::EqualNode::evaluateToBoolean):
+        (KJS::NotEqualNode::optimizeVariableAccess):
+        (KJS::NotEqualNode::inlineEvaluateToBoolean):
+        (KJS::NotEqualNode::evaluate):
+        (KJS::NotEqualNode::evaluateToBoolean):
+        (KJS::StrictEqualNode::optimizeVariableAccess):
+        (KJS::StrictEqualNode::inlineEvaluateToBoolean):
+        (KJS::StrictEqualNode::evaluate):
+        (KJS::StrictEqualNode::evaluateToBoolean):
+        (KJS::NotStrictEqualNode::optimizeVariableAccess):
+        (KJS::NotStrictEqualNode::inlineEvaluateToBoolean):
+        (KJS::NotStrictEqualNode::evaluate):
+        (KJS::NotStrictEqualNode::evaluateToBoolean):
+        (KJS::BitAndNode::optimizeVariableAccess):
+        (KJS::BitAndNode::evaluate):
+        (KJS::BitAndNode::inlineEvaluateToInt32):
+        (KJS::BitAndNode::evaluateToNumber):
+        (KJS::BitAndNode::evaluateToBoolean):
+        (KJS::BitAndNode::evaluateToInt32):
+        (KJS::BitAndNode::evaluateToUInt32):
+        (KJS::BitXOrNode::optimizeVariableAccess):
+        (KJS::BitXOrNode::inlineEvaluateToInt32):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitXOrNode::evaluateToNumber):
+        (KJS::BitXOrNode::evaluateToBoolean):
+        (KJS::BitXOrNode::evaluateToInt32):
+        (KJS::BitXOrNode::evaluateToUInt32):
+        (KJS::BitOrNode::optimizeVariableAccess):
+        (KJS::BitOrNode::inlineEvaluateToInt32):
+        (KJS::BitOrNode::evaluate):
+        (KJS::BitOrNode::evaluateToNumber):
+        (KJS::BitOrNode::evaluateToBoolean):
+        (KJS::BitOrNode::evaluateToInt32):
+        (KJS::BitOrNode::evaluateToUInt32):
+        (KJS::LogicalAndNode::optimizeVariableAccess):
+        (KJS::LogicalAndNode::evaluate):
+        (KJS::LogicalAndNode::evaluateToBoolean):
+        (KJS::LogicalOrNode::optimizeVariableAccess):
+        (KJS::LogicalOrNode::evaluate):
+        (KJS::LogicalOrNode::evaluateToBoolean):
+        (KJS::ConditionalNode::optimizeVariableAccess):
+        (KJS::ConditionalNode::evaluate):
+        (KJS::ConditionalNode::evaluateToBoolean):
+        (KJS::ConditionalNode::evaluateToNumber):
+        (KJS::ConditionalNode::evaluateToInt32):
+        (KJS::ConditionalNode::evaluateToUInt32):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::ReadModifyLocalVarNode::evaluate):
+        (KJS::AssignLocalVarNode::evaluate):
+        (KJS::ReadModifyConstNode::evaluate):
+        (KJS::AssignConstNode::evaluate):
+        (KJS::ReadModifyResolveNode::evaluate):
+        (KJS::AssignResolveNode::evaluate):
+        (KJS::AssignDotNode::optimizeVariableAccess):
+        (KJS::AssignDotNode::evaluate):
+        (KJS::ReadModifyDotNode::optimizeVariableAccess):
+        (KJS::ReadModifyDotNode::evaluate):
+        (KJS::AssignErrorNode::evaluate):
+        (KJS::AssignBracketNode::optimizeVariableAccess):
+        (KJS::AssignBracketNode::evaluate):
+        (KJS::ReadModifyBracketNode::optimizeVariableAccess):
+        (KJS::ReadModifyBracketNode::evaluate):
+        (KJS::CommaNode::optimizeVariableAccess):
+        (KJS::CommaNode::evaluate):
+        (KJS::ConstDeclNode::optimizeVariableAccess):
+        (KJS::ConstDeclNode::handleSlowCase):
+        (KJS::ConstDeclNode::evaluateSingle):
+        (KJS::ConstDeclNode::evaluate):
+        (KJS::ConstStatementNode::optimizeVariableAccess):
+        (KJS::ConstStatementNode::execute):
+        (KJS::statementListExecute):
+        (KJS::BlockNode::optimizeVariableAccess):
+        (KJS::BlockNode::execute):
+        (KJS::EmptyStatementNode::execute):
+        (KJS::ExprStatementNode::optimizeVariableAccess):
+        (KJS::ExprStatementNode::execute):
+        (KJS::VarStatementNode::optimizeVariableAccess):
+        (KJS::VarStatementNode::execute):
+        (KJS::IfNode::optimizeVariableAccess):
+        (KJS::IfNode::execute):
+        (KJS::IfElseNode::optimizeVariableAccess):
+        (KJS::IfElseNode::execute):
+        (KJS::DoWhileNode::optimizeVariableAccess):
+        (KJS::DoWhileNode::execute):
+        (KJS::WhileNode::optimizeVariableAccess):
+        (KJS::WhileNode::execute):
+        (KJS::ForNode::optimizeVariableAccess):
+        (KJS::ForNode::execute):
+        (KJS::ForInNode::optimizeVariableAccess):
+        (KJS::ForInNode::execute):
+        (KJS::ContinueNode::execute):
+        (KJS::BreakNode::execute):
+        (KJS::ReturnNode::optimizeVariableAccess):
+        (KJS::ReturnNode::execute):
+        (KJS::WithNode::optimizeVariableAccess):
+        (KJS::WithNode::execute):
+        (KJS::CaseClauseNode::optimizeVariableAccess):
+        (KJS::CaseClauseNode::evaluate):
+        (KJS::CaseClauseNode::executeStatements):
+        (KJS::ClauseListNode::optimizeVariableAccess):
+        (KJS::CaseBlockNode::optimizeVariableAccess):
+        (KJS::CaseBlockNode::executeBlock):
+        (KJS::SwitchNode::optimizeVariableAccess):
+        (KJS::SwitchNode::execute):
+        (KJS::LabelNode::optimizeVariableAccess):
+        (KJS::LabelNode::execute):
+        (KJS::ThrowNode::optimizeVariableAccess):
+        (KJS::ThrowNode::execute):
+        (KJS::TryNode::optimizeVariableAccess):
+        (KJS::TryNode::execute):
+        (KJS::ProgramNode::initializeSymbolTable):
+        (KJS::ScopeNode::optimizeVariableAccess):
+        (KJS::ProgramNode::processDeclarations):
+        (KJS::EvalNode::processDeclarations):
+        (KJS::ProgramNode::execute):
+        (KJS::EvalNode::execute):
+        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
+        (KJS::FuncDeclNode::execute):
+        (KJS::FuncExprNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::Node::):
+        (KJS::FalseNode::):
+        (KJS::TrueNode::):
+        (KJS::ArgumentsNode::):
+
+2008-04-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18672: SQUIRRELFISH: codegen fails with a large number of temporaries
+        <https://bugs.webkit.org/show_bug.cgi?id=18672>
+
+        Add a SegmentedVector type, which provides a Vector<T> which maintains
+        existing memory locations during resize.  This allows dynamically sizing
+        local, temporary and label "vectors" in CodeGenerator.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::newTemporary):
+        (KJS::CodeGenerator::newLabel):
+        * VM/CodeGenerator.h:
+        * VM/SegmentedVector.h: Added.
+        (KJS::SegmentedVector::SegmentedVector):
+        (KJS::SegmentedVector::~SegmentedVector):
+        (KJS::SegmentedVector::last):
+        (KJS::SegmentedVector::append):
+        (KJS::SegmentedVector::removeLast):
+        (KJS::SegmentedVector::size):
+        (KJS::SegmentedVector::operator[]):
+        (KJS::SegmentedVector::resize):
+        (KJS::SegmentedVector::shrink):
+        (KJS::SegmentedVector::grow):
+
+2008-04-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        A little refactoring in preparation for supporting 'arguments'.
+        
+        Fixes 2 regression tests.
+
+        SunSpider reports no change.        
+
+        We now check the activation register, instead of the codeBlock, to
+        determine whether we need to tear off the activation. This is to support
+        "f.arguments", which will create an activation/arguments pair for f,
+        even though the needsFullScopeChain flag is false for f's codeBlock.
+        
+        The test fixes resulted from calling initializeCallFrame for re-entrant
+        function code, instead of initializing (not enough) parts of the call
+        frame by hand.
+
+2008-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - propagate the "this" value properly to local eval
+        
+        (fixes a measly one regression test)
+
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::CodeBlock):
+        (KJS::ProgramCodeBlock::ProgramCodeBlock):
+        (KJS::EvalCodeBlock::EvalCodeBlock):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Add support for function declarations in eval code.
+
+        (this fixes 12 more regression tests)
+        
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::generateCode):
+
+2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Implement LabelNode.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::pushJumpContext):
+        (KJS::CodeGenerator::jumpContextForContinue):
+        (KJS::CodeGenerator::jumpContextForBreak):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::ForInNode::emitCode):
+        (KJS::ContinueNode::emitCode):
+        (KJS::BreakNode::emitCode):
+        (KJS::SwitchNode::emitCode):
+        (KJS::LabelNode::emitCode):
+
+2008-04-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed crash when unwinding from exceptions inside eval.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame): Don't assume that the top of the
+        current call frame's scope chain is an activation: it can be the global
+        object, instead.
+
+2008-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/testkjs.cpp:
+        (main): Convert signals to exit codes, so that crashing tests are
+        detected as regression test failures.
+
+2008-04-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Maciej Stachowiak.
+        
+        Renamed "needsActivation" to "needsFullScopeChain" because lying will
+        make hair grow on the backs of your hands.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed ScopeChainNode lifetime problems:
+        
+        (1) In "with" and "catch" scopes, we would construct a ScopeChain
+        object and then jump across its destructor, leaking the ScopeChainNode
+        we had pushed.
+
+        (2) In global and eval scopes, we would fail to initially ref
+        "scopeChain", causing us to overrelease it later. Now that we ref
+        "scopeChain" properly, we also need to deref it when the script
+        terminates.
+
+        SunSpider reports a .2% regression, but an earlier round of ScopeChain
+        refactoring was a .4% speedup, so there.
+
+2008-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey.
+        
+        - use global object instead of null for "this" on unqualified calls
+        
+        This fixes 10 more JSC test regressions.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - throw proper exceptions for objects that don't implement call or construct
+        
+        This fixes 21 more JSC test regressions. It is also seemingly an
+        0.5% progression.
+
+        * VM/ExceptionHelpers.cpp:
+        (KJS::createNotAnObjectError):
+        (KJS::createNotAConstructorError):
+        (KJS::createNotAFunctionError):
+        * VM/ExceptionHelpers.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Implement emitCode for ConstDeclNode.
+
+        This fixes the crash (assertion) in js1_5/Scope/scope-001.js
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::registerForLocalConstInit):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::ConstDeclNode::emitCodeSingle):
+        (KJS::ConstDeclNode::emitCode):
+        (KJS::ConstStatementNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - add some support for the split window object
+
+        This fixes many layout tests.
+        
+        * VM/Machine.cpp:
+        (KJS::resolveBaseAndFunc): Use toThisObject() to ensure we get the
+        wrapper global, if one exists, as the "this" object.
+        * kjs/function.cpp:
+        (KJS::globalFuncEval): Use toGlobalObject() to handle the wrapper
+        case properly.
+
+2008-04-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - restore ScopeChain::operator= to avoid crash on many layout tests
+        
+        Otherwise, FunctionImp::setScope would cause a reference
+        underflow. I implemented using the copy construct and swap idiom.
+
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::swap):
+        (KJS::ScopeChain::operator=):
+
+2008-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code
+        <https://bugs.webkit.org/show_bug.cgi?id=18649>
+
+        Allocate a callframe for eval() and initialise with a null codeBlock to
+        indicate native code.  This prevents the unwinder from clobbering the
+        register stack.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed ScopeChain::push(ScopeChain&) because it was unused. Moved
+        ScopeChain::print to ScopeChainNode.
+        
+        ScopeChain is now nothing more than a resource-handling wrapper around
+        ScopeChainNode.
+
+2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18671: SquirrelFish: continue inside switch fails
+        <https://bugs.webkit.org/show_bug.cgi?id=18671>
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::jumpContextForLabel):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::ContinueNode::emitCode):
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved push(JSObject*) and pop() from ScopeChain to ScopeChainNode,
+        rearranging scope_chain.h a bit.
+
+        SunSpider reports no change.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved bottom() from ScopeChain to ScopeChainNode, simplifying it based
+        on the knowledge that the ScopeChain is never empty.
+
+        SunSpider reports no change.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Moved begin() and end() from ScopeChain to ScopeChainNode. 
+        
+        Also marked a few methods "const".
+
+        SunSpider reports no change.
+        
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Turned ScopeChain::depth into a stand-alone function, and simplified it
+        a bit. 
+        
+        I also moved ScopeChain::depth to Machine.cpp because it doesn't report
+        the true depth of the ScopeChain -- just the Machine's perspective of
+        its depth within a given call frame.
+
+        SunSpider reports no change.
+        
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Removed indirection in ScopeChain::ref / ScopeChain::deref.
+        
+        SunSpider reports no change.
+        
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::ScopeChain):
+        (KJS::ScopeChain::~ScopeChain):
+        (KJS::ScopeChain::clear):
+
+2008-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Fix debug build
+
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::evaluateSingle):
+
+2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18664: SQUIRRELFISH: correctly throw a SyntaxError when parsing of eval code fails
+        <https://bugs.webkit.org/show_bug.cgi?id=18664>
+
+        Correctly throw a SyntaxError when parsing of eval code fails.
+
+        * VM/Machine.cpp:
+        (KJS::eval):
+
+2008-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Partial fix for Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code
+
+        Make sure we correct the register state before jumping to vm_throw.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Simplified ScopeChain ref/deref.
+        
+        SunSpider reports a .4% speedup.
+        
+        * kjs/scope_chain.h:
+        (KJS::ScopeChainNode::ref): Removed this function because it was nonsense.
+        ScopeChainNodes are initialized with a refCount of 1, so the loop was
+        guaranteed to iterate exactly once.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Removed support for empty ScopeChains.
+
+        SunSpider reports no change.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Removed some completely unused ScopeChain member functions.
+
+        SunSpider reports no change.
+
+2008-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Avoid creating unnecessary ScopeChain objects, to reduce refcount churn.
+
+        SunSpider reports no change.
+
+2008-04-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Alexey.
+        
+        Add some braces.x
+
+        * kjs/testkjs.cpp:
+        (runWithScripts):
+
+2008-04-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - only print "End:" output when -d flag is passed.
+        
+        This fixes half of our failing JSC regression tests.
+
+        * kjs/testkjs.cpp:
+        (runWithScripts):
+
+2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Add support for variable declarations in eval code.
+
+        * VM/CodeBlock.h:
+        (KJS::EvalCodeBlock::EvalCodeBlock):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/Machine.h:
+        * kjs/function.cpp:
+        (KJS::globalFuncEval):
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::generateCode):
+        * kjs/nodes.h:
+        (KJS::EvalNode::):
+
+2008-04-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Throw exceptions for invalid continue, break, and return statements.
+
+        Simple refactoring and extension of Cameron's AssignErrorNode, etc patch
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::pushJumpContext):
+        (KJS::CodeGenerator::popJumpContext):
+        (KJS::CodeGenerator::jumpContextForLabel):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::Node::emitThrowError):
+        (KJS::ContinueNode::emitCode):
+        (KJS::BreakNode::emitCode):
+        (KJS::ReturnNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed Machine.cpp from AllInOneFile.cpp, and manually inlined a few
+        things that used to be inlined automatically.
+        
+        1.9% speedup on SunSpider.
+        
+        My hope is that we'll face fewer surprises in Machine.cpp codegen, now
+        that GCC is making fewer decisions. The speedup seems to confirm that.
+
+2008-04-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18642: Iterator context may get placed into the return register, leading to much badness
+        <https://bugs.webkit.org/show_bug.cgi?id=18642>
+
+        To prevent incorrectly reusing what will become the result register for
+        eval and global code execution, we need to request and ref the destination
+        in advance of codegen.  Unfortunately this may lead to unnecessary copying,
+        although in future we can probably limit this.  Curiously SunSpider shows
+        a progression in a number of tests, although it comes out as a wash overall.
+
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::emitCode):
+        (KJS::ProgramNode::emitCode):
+
+2008-04-20  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Add support for AssignErrorNode, PrefixErrorNode, and PostfixErrorNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCreateError):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PostfixErrorNode::emitCode):
+        (KJS::PrefixErrorNode::emitCode):
+        (KJS::AssignErrorNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff and Mark.
+
+        Provide line number information in exceptions
+
+        Simple patch, adds line number information metadata to CodeBlock
+        and a simple method to get the line number responsible for a given
+        Instruction*.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::lineNumberForVPC):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::emitNode):
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException):
+
+2008-04-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Provide "sourceURL" in exceptions
+
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException):
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::generateCode):
+        (KJS::ProgramNode::generateCode):
+
+2008-04-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Don't call emitCode directly on subnodes, instead use CodeGenerator::emitNode
+
+        This patch just a preparation for tracking line numbers.
+
+        * kjs/nodes.cpp:
+        (KJS::ObjectLiteralNode::emitCode):
+        (KJS::PropertyListNode::emitCode):
+        (KJS::ArgumentListNode::emitCode):
+        (KJS::TryNode::emitCode):
+
+2008-04-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18619: Support continue, break, and return in try .. finally blocks
+        <https://bugs.webkit.org/show_bug.cgi?id=18619>
+
+        This patch replaces the current partial finally support (which uses code
+        duplication to achieve what it does) with a subroutine based approach.
+        This has a number of advantages over code duplication:
+          * Reduced code size
+          * Simplified exception handling as the finaliser code only exists in 
+            one place, so no "magic" is needed to get the correct handler for a 
+            finaliser.
+          * When we support instruction to line number mapping we won't need to
+            worry about the dramatic code movement caused by duplication
+
+        On the downside it is necessary to add two new opcodes, op_jsr and op_sret
+        to enter and exit the finaliser subroutines, happily SunSpider reports
+        a performance progression (gcc amazes me) and ubench reports a wash.
+
+        While jsr and sret provide a mechanism that allows us to enter and exit
+        any arbitrary finaliser we need to, it was still necessary to increase
+        the amount of information tracked when entering and exiting both finaliser
+        scopes and dynamic scopes ("with").  This means "scopeDepth" is now
+        the combination of "finaliserDepth" and "dynamicScopeDepth".  We also
+        now use a scopeContextStack to ensure that we pop scopes and execute
+        finalisers in the correct order.  This increases the cost of "with" nodes
+        during codegen, but it should not be significant enough to effect real
+        world performance and greatly simplifies codegen for return, break and
+        continue when interacting with finalisers.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+          Pretty printing of jsr/sret opcodes
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::emitPushScope):
+        (KJS::CodeGenerator::emitPopScope):
+          Dynamic scopes need to be tracked on the scopeContextStack now
+
+        (KJS::CodeGenerator::pushFinallyContext):
+        (KJS::CodeGenerator::popFinallyContext):
+          Handle entry and exit from code regions with finalisers.  This is
+          needed solely to support return, continue and break inside finaliser
+          regions.
+
+        (KJS::CodeGenerator::emitComplexJumpScopes):
+          Helper function for emitJumpScopes to handle the complex codegen
+          needed to handle return, continue and break inside a finaliser region
+
+        (KJS::CodeGenerator::emitJumpScopes):
+          Updated to be aware of finalisers, if a cross-scope jump occurs inside
+          a finaliser we hand off codegen to emitComplexJumpScopes, otherwise
+          we can handle the normal (trivial) case with a single instruction.
+
+        (KJS::CodeGenerator::emitJumpSubroutine):
+        (KJS::CodeGenerator::emitSubroutineReturn):
+          Trivial opcode emitter functions.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::scopeDepth):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+          Implement op_jsr and op_sret.
+
+        * VM/Opcode.h:
+          Ad op_jsr and op_sret
+
+        * kjs/nodes.cpp:
+        (KJS::TryNode::emitCode):
+          Fix codegen for new finaliser model.
+
+2008-04-17  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Remove unnecessary files from testkjs, testapi and minidom targets.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-04-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed ASSERT seen during run-sunspider of a debug build.
+
+        * VM/CodeGenerator.h: Made the default codegen buffers bigger. SunSpider
+        runs all tests in one global environment, so you end up with more than
+        128 locals. This is just a stop-gap until we code up a real
+        solution to arbitrary symbol and label limits.
+
+2008-04-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a bug in exception unwinding, where we wouldn't deref the scope
+        chain in global scope, so we would leak ScopeChainNodes when exceptions
+        were thrown inside "with" and "catch" scopes.
+        
+        Also did some cleanup of the unwinding code along the way.
+        
+        Scope chain reference counting is still wrong in a few ways. I thought
+        I would fix this portion of it first.
+        
+        run-sunspider shows no change.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::throwException):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+
+2008-04-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Add more exception checking to toNumber conversions
+
+        This corrects op_pre_dec, op_negate, op_mod and op_sub.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-17  Geoffrey Garen  <ggaren@apple.com> and Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+        
+        Behold: eval.
+        
+        Introduced a new opcode: op_call_eval. In the normal case, it performs
+        an eval. In the case where eval has been overridden in some way, it
+        performs a function call.
+
+        * VM/CodeGenerator.h: Added a feature so the code generator knows not
+        to optimized locals in eval code.
+        
+2008-04-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added some ASSERTs to document codegen failures in
+        run-javascriptcore-tests.
+        
+        For all tests, program-level codegen now either succeeds, or fails with
+        an ASSERT.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar):
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::newTemporary):
+        (KJS::CodeGenerator::newLabel):
+
+2008-04-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed another case of a dst register being an unreferenced temporary
+        (caused an ASSERT when running the full sunspider suite).
+
+        * kjs/nodes.cpp:
+        (KJS::CaseBlockNode::emitCodeForBlock):
+
+2008-04-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - add documentation (and meaningful parameter names) for arithmetic and bitwise binary ops
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitMul):
+        (KJS::CodeGenerator::emitDiv):
+        (KJS::CodeGenerator::emitMod):
+        (KJS::CodeGenerator::emitSub):
+        (KJS::CodeGenerator::emitLeftShift):
+        (KJS::CodeGenerator::emitRightShift):
+        (KJS::CodeGenerator::emitUnsignedRightShift):
+        (KJS::CodeGenerator::emitBitAnd):
+        (KJS::CodeGenerator::emitBitXOr):
+        (KJS::CodeGenerator::emitBitOr):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::MultNode::emitCode):
+        (KJS::DivNode::emitCode):
+        (KJS::ModNode::emitCode):
+        (KJS::SubNode::emitCode):
+        (KJS::LeftShiftNode::emitCode):
+        (KJS::RightShiftNode::emitCode):
+        (KJS::UnsignedRightShiftNode::emitCode):
+        (KJS::BitAndNode::emitCode):
+        (KJS::BitXOrNode::emitCode):
+        (KJS::BitOrNode::emitCode):
+        (KJS::emitReadModifyAssignment):
+        (KJS::ReadModifyResolveNode::emitCode):
+
+2008-04-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Exception checks for toNumber in op_pre_inc
+
+        This is somewhat more convoluted than the simple hadException checks
+        we currently use.  Instead we use special toNumber conversions that
+        select between the exception and ordinary vPC.  This allows us to 
+        remove any branches in the common case (incrementing a number).
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::toNumber):
+        * ChangeLog:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/JSPropertyNameIterator.cpp:
+        (KJS::JSPropertyNameIterator::toNumber):
+        * VM/JSPropertyNameIterator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        * kjs/JSNotAnObject.cpp:
+        (KJS::JSNotAnObject::toNumber):
+        * kjs/JSNotAnObject.h:
+        * kjs/internal.cpp:
+        (KJS::StringImp::toNumber):
+        (KJS::NumberImp::toNumber):
+        (KJS::GetterSetterImp::toNumber):
+        * kjs/internal.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::toNumber):
+        * kjs/object.h:
+        * kjs/value.h:
+        (KJS::JSValue::toNumber):
+
+2008-04-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - ensure that activations are kept in a register to protect them from GC
+        
+        Also renamed OptionalCalleeScopeChain constant to OptionalCalleeActivation, since
+        that is what is now kept there, and there is no more need to keep the scope chain in
+        the register file.
+
+        * VM/Machine.cpp:
+        (KJS::initializeCallFrame):
+        (KJS::scopeChainForCall):
+        * VM/Machine.h:
+        (KJS::Machine::):
+
+2008-04-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Made "this" work in program code / global scope.
+        
+        The machine can initialize "this" prior to execution because it knows
+        that, for program code, "this" is always stored in lr1. 
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        * VM/Machine.h:
+        (KJS::Machine::):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-04-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a codegen bug when returning from inside a dynamic scope (a with
+        or catch block): we need to pop any dynamic scope(s) that have been
+        added so op_ret can find the activation object at the top of the scope
+        chain.
+
+        * kjs/nodes.cpp:
+        (KJS::ReturnNode::emitCode): If we're returning from inside a dynamic
+        scope, emit a jmp_scopes to take care of popping any dynamic scope(s)
+        and then branching to the return instruction.
+
+2008-04-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - document the add and get_prop_id opcodes
+        
+        In addition to adding documentation in comments, I changed
+        references to register IDs or indices relating to these opcodes to
+        have meaningful names instead of r0 r1 r2.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitAdd):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.cpp:
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+        (KJS::PostIncDotNode::emitCode):
+        (KJS::PostDecDotNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+        (KJS::AddNode::emitCode):
+        (KJS::ReadModifyDotNode::emitCode):
+
+2008-04-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Maciej Stachowiak.
+        
+        Fixed a codegen bug in with and switch, and added an ASSERT to
+        make sure it doesn't happen again.
+        
+        emitCode() assumes that dst, if non-zero, is either referenced or
+        non-temporary (i.e., it assumes that newTemporary() will return a
+        register not equal to dst). Certain callers to emitCode() weren't
+        guaranteeing that to be so, so temporary register values were being
+        overwritten.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::emitNode): ASSERT that dst is referenced or non-temporary.
+
+        * kjs/nodes.cpp:
+        (KJS::CommaNode::emitCode): Reference the dst we pass.
+
+        (KJS::WithNode::emitCode): No need to pass an explicit dst register.
+        
+        (KJS::CaseBlockNode::emitCodeForBlock): No need to pass an explicit dst register.
+        (KJS::SwitchNode::emitCode): No need to pass an explicit dst register.
+
+        * kjs/nodes.h: Made dst the last parameter to emitCodeForBlock, to match
+        emitCode.
+
+2008-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18526: Throw exceptions when resolve fails for op_resolve_base_and_func.
+        <https://bugs.webkit.org/show_bug.cgi?id=18526>
+
+        Very simple fix, sunspider shows a 0.7% progression, ubench shows a 0.4% regression.
+
+        * VM/Machine.cpp:
+        (KJS::resolveBaseAndFunc):
+        (KJS::Machine::privateExecute):
+
+2008-04-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix incorrect result on 3d-raytrace test
+        
+        Oliver found and tracked down this bug, I just typed in the fix.
+
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall): When setting omitted parameters to undefined,
+        account for the space for local variables.
+
+2008-04-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix codegen handling of dst registers
+        
+        1.006x speedup (not sure why).
+        
+        Most emitCode functions take an optional "dst" parameter that says
+        where the output of the instruction should be written. I made some
+        functions for convenient handling of the dst register:
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::tempDestination): Takes the dst register. Returns it if
+        it is not null and is a temporary, otherwise allocates a new temporary. This is
+        intended for cases where an intermediate value might be written into the dst
+
+        (KJS::CodeGenerator::finalDestination): Takes the dst register and an optional
+        register that was used as a temp destination. Picks the right thing for the final
+        output. Intended to be used as the output register for the instruction that generates
+        the final value of a particular node.
+        
+        (KJS::CodeGenerator::moveToDestinationIfNeeded): Takes dst and a
+        RegisterID; moves from the register to dst if dst is defined and
+        different from the register. This is intended for cases where the
+        result of a node is already in a specific register (likely a
+        local), and so no code needs to be generated unless a specific
+        destination has been requested, in which case a move is needed.
+        
+        I also applied these methods throughout emitCode functions. In
+        some cases this was just cleanup, in other cases I fixed actual
+        codegen bugs. Below I have given specific comments for the cases
+        where I believe I fixed a codegen bug, or improved quality of codegen.
+        
+        * kjs/nodes.cpp:
+        (KJS::NullNode::emitCode):
+        (KJS::FalseNode::emitCode):
+        (KJS::TrueNode::emitCode):
+        (KJS::NumberNode::emitCode):
+        (KJS::StringNode::emitCode):
+        (KJS::RegExpNode::emitCode):
+        (KJS::ThisNode::emitCode): Now avoids emitting a mov when dst is
+        the same as the this register (the unlikely case of "this = this");
+        (KJS::ResolveNode::emitCode): Now avoids emitting a mov when dst
+        is the same as the local regiester, in the local var case (the
+        unlikely case of "x = x");
+        (KJS::ArrayNode::emitCode): Fixed a codegen bug where array
+        literal element expressions may have observed an intermediate
+        value of constructing the array.
+        (KJS::ObjectLiteralNode::emitCode): 
+        (KJS::PropertyListNode::emitCode): Fixed a codegen bug where object literal
+        property definition expressions may have obesrved an intermediate value of
+        constructing the object.
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::NewExprNode::emitCode):
+        (KJS::FunctionCallValueNode::emitCode):
+        (KJS::FunctionCallBracketNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PostIncBracketNode::emitCode):
+        (KJS::PostDecBracketNode::emitCode):
+        (KJS::PostIncDotNode::emitCode):
+        (KJS::PostDecDotNode::emitCode):
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::DeleteBracketNode::emitCode):
+        (KJS::DeleteDotNode::emitCode):
+        (KJS::DeleteValueNode::emitCode):
+        (KJS::VoidNode::emitCode):
+        (KJS::TypeOfResolveNode::emitCode):
+        (KJS::TypeOfValueNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode): Fixed a codegen bug where the final
+        value would not be output to the dst register in the local var case.
+        (KJS::PreDecResolveNode::emitCode): Fixed a codegen bug where the final
+        value would not be output to the dst register in the local var case.
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+        (KJS::UnaryPlusNode::emitCode):
+        (KJS::NegateNode::emitCode):
+        (KJS::BitwiseNotNode::emitCode):
+        (KJS::LogicalNotNode::emitCode):
+        (KJS::MultNode::emitCode):
+        (KJS::DivNode::emitCode):
+        (KJS::ModNode::emitCode):
+        (KJS::AddNode::emitCode):
+        (KJS::SubNode::emitCode):
+        (KJS::LeftShiftNode::emitCode):
+        (KJS::RightShiftNode::emitCode):
+        (KJS::UnsignedRightShiftNode::emitCode):
+        (KJS::LessNode::emitCode):
+        (KJS::GreaterNode::emitCode):
+        (KJS::LessEqNode::emitCode):
+        (KJS::GreaterEqNode::emitCode):
+        (KJS::InstanceOfNode::emitCode):
+        (KJS::InNode::emitCode):
+        (KJS::EqualNode::emitCode):
+        (KJS::NotEqualNode::emitCode):
+        (KJS::StrictEqualNode::emitCode):
+        (KJS::NotStrictEqualNode::emitCode):
+        (KJS::BitAndNode::emitCode):
+        (KJS::BitXOrNode::emitCode):
+        (KJS::BitOrNode::emitCode):
+        (KJS::LogicalAndNode::emitCode):
+        (KJS::LogicalOrNode::emitCode):
+        (KJS::ConditionalNode::emitCode):
+        (KJS::emitReadModifyAssignment): Allow an out argument separate from the operands,
+        needed for fixes below.
+        (KJS::ReadModifyResolveNode::emitCode): Fixed a codegen bug where the right side of
+        the expression may observe an intermediate value.
+        (KJS::AssignResolveNode::emitCode): Fixed a codegen bug where the right side of the
+        expression may observe an intermediate value.
+        (KJS::ReadModifyDotNode::emitCode): Fixed a codegen bug where the right side of the
+        expression may observe an intermediate value.
+        (KJS::ReadModifyBracketNode::emitCode): Fixed a codegen bug where the right side of the
+        expression may observe an intermediate value.
+        (KJS::CommaNode::emitCode): Avoid writing temporary value to dst register.
+        (KJS::ReturnNode::emitCode): Void return should return undefined, not null.
+        (KJS::FuncExprNode::emitCode):
+
+2008-04-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix huge performance regression (from trunk) in string-unpack-code
+        
+        This restores string-unpack-code performance to parity with
+        trunk (2.27x speedup relative to previous SquirrelFish)
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::execute): Shrink register file after call to avoid
+        growing repeatedly.
+
+2008-04-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed dumpCallFrame to match our new convention of passing around a
+        ScopeChainNode* instead of a ScopeChain*.
+
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpCallFrame):
+        * VM/Machine.h:
+
+2008-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18436: Need to throw exception on read/modify/write or similar resolve for nonexistent property
+        <https://bugs.webkit.org/show_bug.cgi?id=18436>
+
+        Add op_resolve_base_and_property for read/modify/write operations,
+        this adds a "superinstruction" to resolve the base and value of a
+        property simultaneously.  Just using resolveBase and resolve results 
+        in an 5% regression in ubench, 30% in loop-empty-resolve (which is 
+        expected).  1.3% progression in sunspider, 2.1% in ubench, with a 
+        21% gain in loop-empty-resolve.  The only outlier is function-missing-args
+        which gets a 3% regression that I could never resolve.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitResolveBaseAndProperty):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::resolveBaseAndProperty):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PostDecResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::ReadModifyResolveNode::emitCode):
+
+2008-04-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fixed "SquirrelFish crashes due to bad scope chain on some SunSpider tests"
+        https://bugs.webkit.org/show_bug.cgi?id=18508
+
+        3d-raytrace and string-unpack-code now run.
+        
+        The basic approach is to pass around ScopeChainNode* instead of
+        ScopeChain*, which in addition to not becoming suddenly an invalid
+        pointer also saves an indirection.
+        
+        This is an 0.4% speedup on SunSpider --squirrelfish (1.8% on --ubench)
+        
+        * VM/Machine.cpp:
+        (KJS::resolve):
+        (KJS::resolveBase):
+        (KJS::resolveBaseAndFunc):
+        (KJS::initializeCallFrame):
+        (KJS::scopeChainForCall):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::throwException):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * VM/Register.h:
+        (KJS::Register::):
+        * kjs/nodes.cpp:
+        (KJS::EvalNode::generateCode):
+        (KJS::FunctionBodyNode::generateCode):
+        (KJS::ProgramNode::generateCode):
+        (KJS::ProgramNode::processDeclarations):
+        (KJS::EvalNode::processDeclarations):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::makeFunction):
+        * kjs/nodes.h:
+        (KJS::ProgramNode::):
+        (KJS::EvalNode::):
+        (KJS::FunctionBodyNode::):
+        * kjs/object.h:
+        * kjs/scope_chain.h:
+        (KJS::ScopeChainNode::ScopeChainNode):
+        (KJS::ScopeChainNode::deref):
+        (KJS::ScopeChainIterator::ScopeChainIterator):
+        (KJS::ScopeChainIterator::operator*):
+        (KJS::ScopeChainIterator::operator->):
+        (KJS::ScopeChain::ScopeChain):
+        (KJS::ScopeChain::node):
+        (KJS::ScopeChain::deref):
+        (KJS::ScopeChain::ref):
+        (KJS::ScopeChainNode::ref):
+        (KJS::ScopeChainNode::release):
+        (KJS::ScopeChainNode::begin):
+        (KJS::ScopeChainNode::end):
+
+2008-04-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed crash when accessing registers in a torn-off activation object.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::copyRegisters): Update our registerOffset after
+        copying our registers, since our offset should now be relative to
+        our private register array, not the shared register file.
+
+2008-04-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix a codegen flaw that makes some tests run way too fast or way too slow
+        
+        The basic problem was that FunctionCallResolveNode results in
+        codegen which can incorrectly write an intermediate value into the
+        dst register even when that is a local. I added convenience
+        functions to CodeGenerator for getting this right, but for now I
+        only fixed FunctionCallResolve.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::tempDestination):
+        (KJS::CodeGenerator::):
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::emitCode):
+
+2008-04-14  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed and slightly tweaked by Geoffrey Garen.
+
+        Bug 18489: Squirrelfish doesn't build on linux
+        <https://bugs.webkit.org/show_bug.cgi?id=18489>
+
+        * JavaScriptCore.pri: Add VM into include path and its files into
+        source set
+        * VM/JSPropertyNameIterator.cpp: Fix include name
+        * VM/Machine.cpp: Add UNLIKELY macro for GCC
+        * VM/Machine.h: Add missing includes
+        * VM/RegisterFile.cpp: Add missing include
+        * kjs/testkjs.pro: Add VM into include path
+
+2008-04-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Restored OwnPtr in some places where I had removed it previously. We
+        can have an OwnPtr to an undefined class in a header as long as the
+        class's destructor isn't in the header.
+        
+2008-04-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed access to "this" inside dynamic scopes.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::registerForLocal): Always return a register for
+        "this", even if we're not optimizing access to other locals. Because
+        "this" is a keyword, it's always in a register and always accessible.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::shouldOptimizeLocals): Factored out a function
+        for determining whether we should optimize access to locals, since
+        eval will need to make this test a little more complicated.
+
+2008-04-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adam.
+        
+        - fix crash when running SunSpider full harness
+        
+        When growing the register file's buffer to make space for new globals,
+        make sure to copy accounting for the fact that the new space is logically
+        at the beginning of the buffer in this case, instead of at the end as when
+        growing for a new call frame.
+
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::newBuffer):
+        (KJS::RegisterFile::growBuffer):
+        (KJS::RegisterFile::addGlobalSlots):
+        * VM/RegisterFile.h:
+
+2008-04-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Mark constant pools for global and eval code (collectively known as
+        "program code"). (Constant pools for function code are already marked by
+        their functions.)
+        
+        The global object is responsible for marking program code constant
+        pools. Code blocks add themselves to the mark set at creation time, and
+        remove themselves from the mark set at destruction time.
+        
+        sunspider --squirrelfish reports a 1% speedup, perhaps because
+        generateCode() is now non-virtual.
+
+        * kjs/nodes.cpp: I had to use manual init and delete in this file
+        because putting an OwnPtr into the header would have created a circular
+        header dependency.
+
+2008-04-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 18231: Improve support for function call nodes in SquirrelFish
+        <https://bugs.webkit.org/show_bug.cgi?id=18231>
+
+        Use correct value of 'this' for function calls.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitResolveBaseAndFunc):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::resolveBaseAndFunc):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::emitCode):
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        This time for sure.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed Interpreter::execute to honor the new model for returning non-NULL
+        values when an exception is thrown.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-04-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Fix SquirrelFish interpreter to pass internal exceptions back to 
+        native code correctly.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Replace the use of getCallData in op_construct with the new
+        getConstructData function that replaces implementsConstruct.
+
+        * API/JSCallbackConstructor.cpp:
+        (KJS::JSCallbackConstructor::getConstructData):
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::getConstructData):
+        (KJS::::construct):
+        * API/JSObjectRef.cpp:
+        (JSObjectIsConstructor):
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/CallData.h:
+        * kjs/ConstructData.h: Copied from JavaScriptCore/kjs/CallData.h.
+        * kjs/array_object.cpp:
+        (KJS::ArrayObjectImp::getConstructData):
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        (KJS::BooleanObjectImp::getConstructData):
+        * kjs/bool_object.h:
+        * kjs/date_object.cpp:
+        (KJS::DateObjectImp::getConstructData):
+        * kjs/date_object.h:
+        * kjs/error_object.cpp:
+        (KJS::ErrorObjectImp::getConstructData):
+        (KJS::NativeErrorImp::getConstructData):
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::getCallData):
+        (KJS::FunctionImp::getConstructData):
+        (KJS::FunctionImp::construct):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::getConstructData):
+        * kjs/function_object.h:
+        * kjs/nodes.cpp:
+        (KJS::NewExprNode::inlineEvaluate):
+        * kjs/number_object.cpp:
+        (KJS::NumberObjectImp::getConstructData):
+        * kjs/number_object.h:
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectObjectImp::getConstructData):
+        * kjs/object_object.h:
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpObjectImp::getConstructData):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (KJS::StringObjectImp::getConstructData):
+        * kjs/string_object.h:
+        * kjs/value.cpp:
+        (KJS::JSCell::getConstructData):
+        * kjs/value.h:
+        (KJS::JSValue::getConstructData):
+
+2008-04-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18420: SquirrelFish: need to throw Reference and Type errors 
+        when attempting invalid operations on JSValues
+
+        Add validation and exception checks to SquirrelFish so that the
+        correct exceptions are thrown for undefined variables, type errors
+        and toObject failure.  Also handle exceptions thrown by native
+        function calls.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/ExceptionHelpers.cpp: Added.
+        (KJS::substitute):
+        (KJS::createError):
+        (KJS::createUndefinedVariableError):
+        * VM/ExceptionHelpers.h: Added.
+          Helper functions
+        * VM/Machine.cpp:
+        (KJS::resolve):
+           Modified to signal failure
+        (KJS::isNotObject):
+           Wrapper for JSValue::isObject and exception creation (these need
+           to be merged, lest GCC go off the deep end)
+        (KJS::Machine::privateExecute):
+           Adding the many exception and validity checks.
+
+        * kjs/JSNotAnObject.cpp: Added.
+          Stub object used to reduce the need for multiple exception checks
+          when toObject fails.
+        (KJS::JSNotAnObject::toPrimitive):
+        (KJS::JSNotAnObject::getPrimitiveNumber):
+        (KJS::JSNotAnObject::toBoolean):
+        (KJS::JSNotAnObject::toNumber):
+        (KJS::JSNotAnObject::toString):
+        (KJS::JSNotAnObject::toObject):
+        (KJS::JSNotAnObject::mark):
+        (KJS::JSNotAnObject::getOwnPropertySlot):
+        (KJS::JSNotAnObject::put):
+        (KJS::JSNotAnObject::deleteProperty):
+        (KJS::JSNotAnObject::defaultValue):
+        (KJS::JSNotAnObject::construct):
+        (KJS::JSNotAnObject::callAsFunction):
+        (KJS::JSNotAnObject::getPropertyNames):
+        * kjs/JSNotAnObject.h: Added.
+        (KJS::JSNotAnObject::JSNotAnObject):
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toObject):
+          modified to create an JSNotAnObject rather than throwing an exception
+          directly.
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Pass a function body node its function's scope chain, rather than the
+        current execution context's scope chain, when compiling it.
+        
+        This doesn't matter yet, but it will once we start using the scope
+        chain during compilation.
+
+        sunspider --squirrelfish notes a tiny speedup.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fix two bugs when throwing exceptions from re-entrant JS calls:
+        
+        (1) Don't shrink the register file to 0, since our caller may still
+        be using it.
+        
+        (2) In case of exception, return jsNull() instead of 0 because,
+        surprisingly, some JavaScriptCore clients rely on a function's return
+        value being safe to operate on even if the function threw an exception.
+        
+        Also:
+        
+        - Changed FunctionImp::callAsFunction to honor the new semantics of
+        exceptions not returning 0.
+        
+        - Renamed "handlerPC" to "handlerVPC" to match other uses of "VPC".
+        
+        - Renamed "exceptionData" to "exceptionValue", because "data" seemed to
+        imply something more than just a JSValue.
+        
+        - Merged prepareException into throwException, since throwException was
+        its only caller, and it seemed weird that throwException didn't take
+        an exception as an argument.
+
+        sunspider --squirrelfish does not seem to complain on my machine, but it
+        complains a little (.6%) on Oliver's.
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed op_construct for CallTypeNative to reacquire "r" before setting
+        its return value, since registerBase can theoretically change during the
+        execution of arbitrary code. (Not sure if any native constructors
+        actually make this possible.)
+
+        sunspider --squirrelfish does not seem to complain.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt and Sam Weinig.
+        
+        Re-entrant execution of function code (global code -> built-in function
+        -> JS function):
+        
+        Miraculously, sunspider --squirrelfish does not seem to complain.
+
+        A re-entrant function call is the same as a normal function call with
+        one exception: the re-entrant call leaves everything except for
+        CallerCodeBlock in the call frame header uninitialized, since the call
+        doesn't need to return to JS code. (It sets CallerCodeBlock to 0, to
+        indicate that the call shouldn't return to JS code.)
+        
+        Also fixed a few issues along the way:
+        
+        - Fixed two bugs in the read-write List implementation that caused
+        m_size and m_buffer to go stale.
+        
+        - Changed native call code to update "r" *before* setting the return
+        value, since the call may in turn call JS code, which changes the value
+        of "r".
+        
+        - Migrated initialization of "r" outside of Machine::privateExecute,
+        because global code and function code initialize "r" differently.
+        
+        - Migrated a codegen warning from Machine::privateExecute to the wiki.
+        
+        - Removed unnecessary "r" parameter from slideRegisterWindowForCall
+
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::scopeChainForCall):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        * kjs/list.cpp:
+        (KJS::List::getSlice):
+        * kjs/list.h:
+        (KJS::List::clear):
+
+2008-04-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix problem with code generation for return with no argument
+        
+        3d-cube now runs
+
+        * kjs/nodes.cpp:
+        (KJS::ReturnNode::emitCode):
+
+2008-04-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - Implement support for JS constructors
+        
+        access-binary-trees and access-nbody now run.
+        
+        Inexplicably a 1% speedup.
+
+        * VM/Machine.cpp:
+        (KJS::initializeCallFrame):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        (KJS::Machine::):
+
+2008-04-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        - More code cleanup in preparation for JS constructors
+
+        Factor the remaining interesting parts of JS function calls into
+        slideRegisterWindowForCall and scopeChainForCall.
+        
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::scopeChainForCall):
+        (KJS::Machine::privateExecute):
+
+2008-04-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - Code cleanup in preparation for JS constructors
+
+        - Renamed returnInfo to callFrame. 
+        - Made an enum which defines what goes where in the call frame.
+        - Factored out initializeCallFrame function from op_call
+        
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall):
+        (KJS::CodeGenerator::emitConstruct):
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters):
+        (KJS::initializeCallFrame):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        (KJS::Machine::):
+
+2008-04-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed two bugs in register allocation for function calls:
+        
+        (1) op_call used to allocate codeBlock->numVars too many registers for
+        each call frame, due to duplicated math. Fixing this revealed...
+        
+        (2) By unconditionally calling resize(), op_call used to truncate the
+        register file when calling a function whose registers fit wholly within
+        the register file already allocated by its caller.
+        
+        sunspider --squirrelfish reports no regression.
+        
+        I also threw in a little extra formatting to dumpCallFrame, because it
+        helped me debug these issues.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::shrink):
+        (KJS::RegisterFile::grow):
+        * VM/RegisterFileStack.cpp:
+        (KJS::RegisterFileStack::popRegisterFile):
+
+2008-04-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Next step toward re-entrant execution of function code (global code ->
+        built-in function -> JS function):
+        
+        Made op_ret return from Machine::privateExecute if its calling codeBlock
+        is NULL.
+        
+        I'm checking this in by itself to demonstrate that a more clever
+        mechanism is not necessary for performance.
+        
+        sunspider --squirrelfish reports no regression.
+
+        * ChangeLog:
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+
+2008-04-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Next step toward re-entrant execution of function code (global code ->
+        built-in function -> JS function):
+        
+        Made Machine::execute return a value.
+        
+        Sketched out some code for Machine::execute for functions -- still
+        doesn't work yet, though.
+
+        sunspider --squirrelfish reports no regression.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+        * kjs/testkjs.cpp:
+        (runWithScripts):
+
+2008-04-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        First step toward re-entrant execution of function code (global code ->
+        built-in function -> JS function):
+        
+        Tiny bit of refactoring in the Machine class.
+
+        sunspider --squirrelfish reports no regression.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        (KJS::Machine::isGlobalCallFrame):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+
+2008-04-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Support for re-entrant execution of global code (global code -> built-in
+        function -> global code).
+        
+        Keep a stack of register files instead of just one. Globals propogate
+        between register files as the register files enter and exit the stack.
+        
+        An activation still uses its own register file's base as its
+        registerBase, but the global object uses the register file *stack*'s
+        registerBase, which updates dynamically to match the register file at
+        the top of the stack.
+        
+        sunspider --squirrelfish reports no regression.
+
+2008-04-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - initial preparatory work for JS constructors
+        
+        1) Allocate registers for the returnInfo block and "this" value when generating code for
+        op_construct. These are not used yet, but the JS branch of op_construct will use them.
+        
+        2) Adjust argc and argv appropriately for native constructor calls.
+        
+        3) Assign return value in a more straightforward way in op_ret since this is actually
+        a bit faster (and makes up for the allocation of extra registers above).
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitConstruct):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed crashing SunSpider tests.
+        
+        Let's just pretend this never happened, bokay?
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/CodeGenerator.h:
+        * VM/RegisterFile.cpp:
+        (KJS::RegisterFile::addGlobals):
+
+2008-04-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Restored dumping of generated code as a command-line switch:
+        run-testkjs -d will do it.
+
+2008-04-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Next step toward supporting re-entrant evaluation: Moved register file
+        maintenance code into a proper "RegisterFile" class.
+        
+        There's a subtle change to the register file's internal layout: for
+        global code / the global object, registerOffset is always 0 now. In
+        other words, all register counting starts at 0, not 0 + (number of
+        global variables). The helps simplify accounting when the number of
+        global variables changes.
+
+2008-04-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18338: Support exceptions in SquirrelFish <http://bugs.webkit.org/show_bug.cgi?id=18338>
+        
+        Initial support for exceptions in SquirrelFish, only supports finalisers in the
+        simple cases (eg. exceptions and non-goto/return across finaliser boundaries).
+        This doesn't add the required exception checks to existing code, it merely adds
+        support for throw, catch, and the required stack unwinding.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        (KJS::CodeBlock::getHandlerForVPC):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCatch):
+        (KJS::CodeGenerator::emitThrow):
+        * VM/CodeGenerator.h:
+        * VM/JSPropertyNameIterator.cpp:
+        (KJS::JSPropertyNameIterator::create):
+        * VM/Machine.cpp:
+        (KJS::prepareException):
+        (KJS::Machine::unwindCallFrame):
+        (KJS::Machine::throwException):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::ThrowNode::emitCode):
+        (KJS::TryNode::emitCode):
+        * kjs/nodes.h:
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::depth):
+        * kjs/scope_chain.h:
+
+2008-04-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        First step toward supporting re-entrant evaluation: Switch register
+        clients from using "registers", a pointer to a register vector, to
+        "registerBase", an indirect pointer to the logical first entry in the
+        register file. (The logical first entry is the first entry that is not
+        a global variable).
+        
+        With a vector, offsets into the register file remain good when the
+        underlying buffer reallocates, but they go bad when the logical
+        first entry moves. (The logical first entry moves when new global
+        variables get added to the beginning of the register file.) With an
+        indirect pointer to the logical first entry, offsets will remain good
+        regardless.
+
+        1.4% speedup on sunspider --squirrelfish. I suspect this is due to
+        reduced allocation when creating closures, and reduced indirection
+        through the register vector.
+
+        * wtf/Vector.h: Added an accessor for an indirect pointer to the vector's
+        buffer, which we currently use (incorrectly) for registerBase. This is
+        temporary scaffolding to allow us to change client code without
+        changing behavior.
+
+2008-04-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Implement codegen for ReadModifyDotNode.
+
+        * kjs/nodes.cpp:
+        (KJS::ReadModifyDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix codegen for PostIncDotNode and implement codegen for PostIncBracketNode,
+        PostDecBracketNode and PostDecDotNode.
+
+        * kjs/nodes.cpp:
+        (KJS::PostIncBracketNode::emitCode):
+        (KJS::PostDecBracketNode::emitCode):
+        (KJS::PostIncDotNode::emitCode):
+        (KJS::PostDecDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement codegen for PreDecResolveNode, PreIncBracketNode, PreDecBracketNode,
+        PreIncDotNode and PreDecDotNode.  This required adding one new op code, op_pre_dec.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitPreDec):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::PreDecResolveNode::emitCode):
+        (KJS::PreIncBracketNode::emitCode):
+        (KJS::PreDecBracketNode::emitCode):
+        (KJS::PreIncDotNode::emitCode):
+        (KJS::PreDecDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Improved register dumping, plus a liberal smattering of "const". Here's
+        what the new format looks like:
+
+        (gdb) call (void)dumpCallFrame(codeBlock, scopeChain, registers->begin(), r)
+        4 instructions; 48 bytes at 0x509210; 3 locals (2 parameters); 1 temporaries
+
+        [   0] load             lr1, undefined(@k0)
+        [   3] load             lr1, 2(@k1)
+        [   6] add              tr0, lr2, lr1
+        [  10] ret              tr0
+
+        Constants:
+          k0 = undefined
+          k1 = 2
+
+        Register frame: 
+
+        ----------------------------------------
+             use      |   address  |    value   
+        ----------------------------------------
+        [return info] |   0x80ac08 |   0x5081c0 
+        [return info] |   0x80ac0c |   0x508e90 
+        [return info] |   0x80ac10 |   0x504acc 
+        [return info] |   0x80ac14 |        0x2 
+        [return info] |   0x80ac18 |        0x0 
+        [return info] |   0x80ac1c |        0x7 
+        [return info] |   0x80ac20 |        0x0 
+        ----------------------------------------
+        [param]       |   0x80ac24 |        0x1 
+        [param]       |   0x80ac28 |        0x7 
+        [var]         |   0x80ac2c |        0xb 
+        [temp]        |   0x80ac30 |        0xf 
+
+2008-04-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Support for evaluating multiple scripts in the same global environment.
+        (Still don't support re-entrant evaluation yet.)
+
+        The main changes here are:
+
+        (1) Obey the ECMA 10.1.3 rules regarding how to resolve collisions when
+        a given symbol is declared more than once. (This patch fixes the same
+        issue for function code, too.)
+        
+        (2) In the case of var and/or function collisions, reuse the existing
+        storage slot. For global code, this is required for previously
+        generated instructions to continue to work. For function code, it's
+        more of a "nice to have": it makes register layout in the case of
+        collisions easier to understand, and has the added benefit of saving
+        memory.
+        
+        (3) Allocate slots in the CodeGenerator's m_locals vector in parallel
+        to register indexes in the symbol table. This ensures that, given an
+        index in the symbol table, we can find the corresponding RegisterID
+        without hashing, which speeds up codegen. 
+        
+        I moved responsibility for emitting var and function initialization
+        instructions into the CodeGenerator, because bookkeeping in cases where
+        var, function, and/or parameter names collide requires a lot of
+        internal knowledge about the CodeGenerator.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addVar): Removed responsibility for checking whether
+        a var declaration overwrites "arguments", because the check is
+        inappropriate for global code, which may not have a pre-existing
+        "arguments" symbol in scope. Also changed this function to return a
+        boolean indicating whether addVar actually created a new RegisterID,
+        or just reused an old one.
+        
+        (KJS::CodeGenerator::CodeGenerator): Split out the constructors for
+        function code and global code, since they're quite different now.
+        
+        (KJS::CodeGenerator::registerForLocal): This function does its job
+        without any hashing now.
+        
+        * VM/Machine.cpp: Move old globals and update "r" before executing a
+        new script. That way, old globals stay at a constant offset from "r",
+        and previously optimized code still works.
+        
+        * VM/RegisterID.h: Added the ability to allocate a RegisterID before
+        initializing its index field. We use this for parameters now.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet): Changed the ungettable getter
+        ASSERT to account for the fact that symbol indexes are all negative.
+
+2008-04-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Implement codegen for InNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitIn):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::InNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        - Implement codegen for DeleteResolveNode, DeleteBracketNode, DeleteDotNode and DeleteValueNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitGetPropId):
+        (KJS::CodeGenerator::emitPutPropId):
+        (KJS::CodeGenerator::emitDeletePropId):
+        (KJS::CodeGenerator::emitDeletePropVal):
+        (KJS::CodeGenerator::emitPutPropIndex):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::DeleteResolveNode::emitCode):
+        (KJS::DeleteBracketNode::emitCode):
+        (KJS::DeleteDotNode::emitCode):
+        (KJS::DeleteValueNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        - Implement codegen for Switch statements.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::pushJumpContext):
+        (KJS::CodeGenerator::popJumpContext):
+        (KJS::CodeGenerator::jumpContextForLabel):
+        * VM/CodeGenerator.h:
+        Rename LoopContext to JumpContext now that it used of Switch statements in addition
+        to loops.
+
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::ForInNode::emitCode):
+        (KJS::ContinueNode::emitCode):
+        (KJS::BreakNode::emitCode):
+        (KJS::CaseBlockNode::emitCodeForBlock):
+        (KJS::SwitchNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::CaseClauseNode::expr):
+        (KJS::CaseClauseNode::children):
+        (KJS::CaseBlockNode::):
+
+2008-04-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - fix crash in codegen from new nodes
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitConstruct):
+        * kjs/nodes.h:
+
+2008-04-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+
+        * kjs/nodes.cpp:
+        (KJS::ReadModifyResolveNode::emitCode):
+        (KJS::ReadModifyBracketNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - take a shot at marking constant pools for global and eval code
+        
+        Geoff says this won't really work in all cases but is an ok stopgap.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::mark):
+
+2008-04-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - fix 2x perf regression in 3d-morph
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): If we subbed in null for the global object,
+        don't toObject it, since that will throw an exception (very slowly).
+
+2008-04-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Geoff
+        
+        - fix Release build
+
+        * kjs/nodes.cpp:
+        (KJS::getNonLocalSymbol):
+
+2008-04-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed the last vestiges of LocalStorage from JSVariableObject and
+        JSGlobalObject.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::saveLocalStorage): Save and restore from/to
+        registers. Use stub isReadOnly and isDontEnum methods for now, until
+        we really implement attributes in the symbol table.
+        (KJS::JSGlobalObject::restoreLocalStorage):
+        (KJS::JSGlobalObject::reset):
+
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames): Use stub isDontEnum method
+        for now, as above.
+        (KJS::JSVariableObject::getPropertyAttributes): ditto
+
+        * kjs/JSVariableObject.h: Removed LocalStorage from JSVariableObjectData.
+        Removed mark method, because subclasses implement different strategies for
+        marking registers.
+        (KJS::JSVariableObject::isReadOnly): Stub method
+        (KJS::JSVariableObject::isDontEnum): ditto
+
+        Changed the code below to ASSERT_NOT_REACHED() and return 0, since it
+        can no longer retrieve LocalStorage from the ExecState. (Eventually,
+        we'll just remove this code and all its friends, but that's a task for
+        later.)
+        
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::markChildren):
+        * kjs/function.h:
+        * kjs/nodes.cpp:
+        (KJS::getNonLocalSymbol):
+        (KJS::ScopeNode::optimizeVariableAccess):
+        (KJS::ProgramNode::processDeclarations):
+
+2008-04-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Got globals?
+        
+        To get things working, I had to roll out
+        http://trac.webkit.org/projects/webkit/changeset/31226 for the time
+        being.
+
+        * VM/CodeBlock.h: Removed obsolete function.
+        
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): For the sake of re-entrancy, we track
+        and restore the global object's old rOffset value. (No way to test this
+        yet, but I think it will work.)
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - mark the constant pool (at least for function code blocks)
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::mark):
+        * VM/CodeBlock.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::mark):
+        * kjs/nodes.cpp:
+        (KJS::ScopeNode::mark):
+        * kjs/nodes.h:
+        (KJS::FuncExprNode::body):
+        (KJS::FuncDeclNode::body):
+
+2008-04-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Cleaned up a few loose ends.
+
+        * JavaScriptCore.exp: Export dumpRegisters, so it's visible to gdb even
+        if we don't explicitly call it in the source text.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): No need to call dumpRegisters anymore,
+        since that was just a hack for gdb's sake.
+
+        * kjs/JSActivation.h: Removed obsolete comment.
+
+        * VM/CodeGenerator.cpp: Added ASSERTs to verify that the localCount
+        we're given matches the number of locals actually allocated.
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::CodeGenerator): Changed "localCount" to include
+        the parameter count, since we're using the word "local" to mean
+        parameter, var, function, or "this". Renamed "m_nextLocal" to
+        "m_nextVar", since "m_nextLocal" doesn't contrast well with
+        "m_nextParameter".
+        
+        Also moved tracking of implicit "this" parameter from here...
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::generateCode): ... to here
+        (KJS::ProgramNode::generateCode): ... and here
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump): Added missing "\n".
+
+2008-04-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Bug 18274: ResolveNode::emitCode() doesn't make a new temporary when dst
+                   is 0, leading to incorrect codegen
+        <http://bugs.webkit.org/show_bug.cgi?id=18274>
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallBracketNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - fix bug in for..in codegen (gotta use ident, not m_ident)
+
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::emitCode):
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - Add suport for regexp literals
+
+        * VM/CodeBlock.cpp:
+        (KJS::regexpToSourceString):
+        (KJS::regexpName):
+        (KJS::CodeBlock::dump):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addRegExp):
+        (KJS::CodeGenerator::emitNewRegExp):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff
+
+        Add support for for..in nodes
+        
+        Added two new opcodes to get_pnames and next_pname to handle iterating
+        over the set of properties on an object.  This iterator is explicitly
+        invalidated and the property name array is released on standard exit
+        from the loop, otherwise we rely on GC to do the clean up for us.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitNextPropertyName):
+        (KJS::CodeGenerator::emitGetPropertyNames):
+        * VM/CodeGenerator.h:
+        * VM/JSPropertyNameIterator.cpp: Added.
+        (KJS::JSPropertyNameIterator::JSPropertyNameIterator):
+        (KJS::JSPropertyNameIterator::type):
+        (KJS::JSPropertyNameIterator::toPrimitive):
+        (KJS::JSPropertyNameIterator::getPrimitiveNumber):
+        (KJS::JSPropertyNameIterator::toBoolean):
+        (KJS::JSPropertyNameIterator::toNumber):
+        (KJS::JSPropertyNameIterator::toString):
+        (KJS::JSPropertyNameIterator::toObject):
+        (KJS::JSPropertyNameIterator::mark):
+        (KJS::JSPropertyNameIterator::next):
+        (KJS::JSPropertyNameIterator::invalidate):
+        (KJS::JSPropertyNameIterator::~JSPropertyNameIterator):
+        (KJS::JSPropertyNameIterator::create):
+        * VM/JSPropertyNameIterator.h: Added.
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * VM/Register.h:
+        (KJS::Register::):
+        * kjs/PropertyNameArray.h:
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::emitCode):
+        * kjs/nodes.h:
+        * kjs/value.h:
+
+2008-04-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Change CodeGenerator::emitCall() so it increments the reference count of
+        registers passed to it, and change its callers so they don't needlessly
+        increment the reference count of the registers they are passing.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall):
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::emitCode):
+        (KJS::FunctionCallDotNode::emitCode):
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - generate call for PostIncDotNode
+
+        * kjs/nodes.cpp:
+        (KJS::PostIncDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Build fix.
+        
+        - fix build (not sure how this ever worked?)
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallBracketNode::emitCode):
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - generate code for FunctionCallBracketNode
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallBracketNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff.
+        
+        - Fix two crashing SunSpider tests
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): set up 'this' properly for native calls.
+        * kjs/list.h:
+        (KJS::List::List): Fix intialization of buffer and size from
+        vector, the initialization order was wrong.
+
+2008-04-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: marked ASSERT-only variables as UNUSED_PARAMs.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableInitializeVariable):
+
+2008-04-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Next step toward global code: Moved get, put, and initializeVariable
+        functionality up into JSVariableObject, and changed JSActivation to
+        rely on it. 
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::JSActivation):
+        (KJS::JSActivation::getOwnPropertySlot):
+        (KJS::JSActivation::put):
+        (KJS::JSActivation::initializeVariable):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::valueAt):
+        (KJS::JSVariableObject::isReadOnly):
+        (KJS::JSVariableObject::symbolTableGet):
+        (KJS::JSVariableObject::symbolTablePut):
+        (KJS::JSVariableObject::symbolTableInitializeVariable):
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - fix HashTable assertion on some SunSpider tests
+        
+        Don't use -1 as the deleted value for JSValue*-keyed hashtables,
+        since it is a valid value (it's the immediate for -1).
+
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::JSValueHashTraits::emptyValue):
+        (KJS::CodeGenerator::JSValueHashTraits::deletedValue):
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::impossibleValue):
+
+2008-04-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add support for calling Native constructors like new Array(). 
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitConstruct):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::NewExprNode::emitCode):
+        * kjs/nodes.h:
+
+2008-04-01  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - add some missing toOpbject calls to avoid crashing when calling methods on primitives
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-04-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Changed Machine::dumpRegisters to take a pointer instead of a reference,
+        so gdb understands how to call it.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::dumpRegisters):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+
+2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Fix CodeGenerator::addConstant() so it uses the functionExpressions
+        counter for function expressions, not the functions counter.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addConstant):
+
+2008-03-31  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add emitCode support for TypeOfResolveNode and TypeOfValueNode.
+        Added new opcode op_type_of to handle them.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitNot):
+        (KJS::CodeGenerator::emitInstanceOf):
+        (KJS::CodeGenerator::emitTypeOf):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::jsTypeStringForValue):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::TypeOfResolveNode::emitCode):
+        (KJS::TypeOfValueNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-31  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix non-computed goto version of isOpcode. op_end is a valid opcode.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::isOpcode):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Added op_post_dec.
+
+2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoffrey Garen.
+
+        Add support for FunctionCallDotNode.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+
+        Next step toward global code: Removed more obsolete API, moved
+        saveLocalStorage and restoreLocalStorage to JSGlobalObject subclass,
+        since it's only intended for use there.
+        
+        * ChangeLog:
+        * JavaScriptCore.exp:
+        * kjs/Activation.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::saveLocalStorage):
+        (KJS::JSGlobalObject::restoreLocalStorage):
+        * kjs/JSGlobalObject.h:
+        * kjs/JSVariableObject.cpp:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::ActivationImp):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+
+        Next step toward global code: subclass JSActivation + JSActivationData
+        from JSVariableObject + JSVariableObjectData.
+        
+        JSActivation now relies on JSVariableObject for access to registers and
+        symbol table, and for some delete functionality, but not for anything
+        else yet.
+
+        (KJS::JSActivation::mark): Cleaned up the style here a little bit.
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Next step toward global code: store "rOffset" in JSVariableObjectData.
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Next steps toward global code:
+        
+        * Moved access to the register file into JSVariableObject.
+        
+        * Added more ASSERTs to indicate obsolete APIs there are just hanging
+        around to stave off build failures.
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::registers):
+        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+        (KJS::JSVariableObject::JSVariableObject):
+
+2008-03-31  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver. Tweaked somewhat by Maciej.
+        
+        - implement codegen for ReadModifyResolveNode
+
+        * kjs/nodes.cpp:
+        (KJS::emitReadModifyAssignment):
+        (KJS::ReadModifyResolveNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoff.
+
+        Fix the build -- r31492 removed activation tear-off, but r31493 used it.
+
+        * kjs/nodes.cpp:
+        (KJS::FuncExprNode::makeFunction):
+
+2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Add support for FuncExprNode to SquirrelFish.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::addConstant):
+        (KJS::CodeGenerator::emitNewFunctionExpression):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::FuncExprNode::emitCode):
+        (KJS::FuncExprNode::makeFunction):
+        * kjs/nodes.h:
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        First step toward global code: removed some obsolete JSGlobalObject
+        APIs, changing clients to ASSERT_NOT_REACHED.
+        
+        Activation tear-off and scope chain pushing is obsolete because we
+        statically detect whether an activation + scope node is required.
+        
+        The variableObject() and activationObject() accessors are obsolete
+        because they haven't been maintained, and they're mostly used by
+        node evaluation code, anyway.
+        
+        The localStorage() accessor is obsolete because everything is in
+        registers now, and it's mostly used by node evaluation code, anyway.
+
+2008-03-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - implement codegen for bracket accessor and bracket assign
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitGetPropVal):
+        (KJS::CodeGenerator::emitPutPropVal):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::BracketAccessorNode::emitCode):
+        (KJS::AssignBracketNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Removed FIXME that I just fixed.
+        
+        Added ASSERT to cover an error previously only covered by a FIXME.
+
+        * kjs/JSActivation.cpp:
+        (KJS::JSActivation::getOwnPropertySlot):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+
+        Fixed indentation inside op_call. (I had left this code badly indented
+        to make the behavior-changing diff clearer.)
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed up logging of jump instructions to follow the following style:
+        
+        jump    offset(->absoluteTarget)
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+
+2008-03-31  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Changed the SymbolTable API to use int instead of size_t. It has been
+        using int internally for a while now (since squirrelfish symbols can
+        have negative indices).
+
+2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Add support for FunctionCallValueNode.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallValueNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        1) Implemented array literals
+        
+        2) Renamed op_object_get and op_object_put to op_get_prop_id and
+        op_put_prop_id in preparation for new variants.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitNewArray):
+        (KJS::CodeGenerator::emitGetPropId):
+        (KJS::CodeGenerator::emitPutPropId):
+        (KJS::CodeGenerator::emitPutPropIndex):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::CodeGenerator):
+        (KJS::CodeGenerator::propertyNames):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::ArrayNode::emitCode):
+        (KJS::PropertyListNode::emitCode):
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::PostIncResolveNode::emitCode):
+        (KJS::PreIncResolveNode::emitCode):
+        (KJS::AssignResolveNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Implemented native function calls. (Re-entering from native code back
+        to JS doesn't work yet, though.)
+
+        0.2% speedup overall, due to some inlining tweaks. 3.6% regression on
+        function-empty.js, since we're making a new virtual call and taking a
+        new branch inside every op_call.
+        
+        I adjusted the JavaScriptCore calling convention to minimize overhead,
+        like so:
+        
+        The machine calls a single virtual function, "getCallData", to get all
+        the data it needs for a function call. Native code still uses the old
+        "isObject()" check followed by an "implementsCall()" check, which
+        aliases to "getCallData". (We can optimize native code to use getCallData
+        at our leisure.)
+        
+        To supply a list of arguments, the machine calls a new List constructor
+        that just takes a pointer and a length, without copying. Native code
+        still appends to the list one argument at a time. (We can optimize
+        native code to use the new List constructor at our leisure.)
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Changed resize() call to grow() call,
+        to encourage the compiler to inline the Vector code.
+
+        * kjs/CallData.h: Added.
+        (KJS::): CallData is a union because eventually native calls will stuff
+        a function pointer into it, to eliminate the callAsFunction virtual call.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): Changed this to an ASSERT since
+        it's not implemented yet.
+        
+        * kjs/list.h: Made the List class two-faced, to support the old way and
+        the new way during this transition phase: lists can be made read-only
+        with just a pointer and a legnth, or you can append to them one item
+        at a time.
+
+        * kjs/value.h:
+        (KJS::jsUndefined): Marked this function ALWAYS_INLINE for the benefit
+        of a certain compiler that doesn't know what's best for it.
+
+2008-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        Dump code that codegen can't handle yet, so it's easier to prioritize missing nodes.
+        
+        * kjs/nodes.h:
+        (KJS::Node::emitCode):
+
+2008-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        Improve dumping of bytecode and fix coding style accordingly.
+        
+        Registers are printed as lr1 for locals, tr1 for temp registers. Identifiers print as
+        foobar(@id0) and constants print as "foo"(@k1) or 312.4(@k2) or the like. Constant and
+        identifier tables are dumped for reference.
+        
+        * VM/CodeBlock.cpp:
+        (KJS::escapeQuotes):
+        (KJS::valueToSourceString):
+        (KJS::registerName):
+        (KJS::constantName):
+        (KJS::idName):
+        (KJS::printUnaryOp):
+        (KJS::printBinaryOp):
+        (KJS::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (KJS::resolve):
+        (KJS::resolveBase):
+        (KJS::Machine::privateExecute):
+
+2008-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        Implement StringNode and VoidNode (both pretty trivial).
+
+        * kjs/nodes.cpp:
+        (KJS::StringNode::emitCode):
+        (KJS::VoidNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+
+        Implement CommaNode.
+        
+        * kjs/nodes.cpp:
+        (KJS::CommaNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Adds support for dot notation and object literals.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitNewObject):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::ObjectLiteralNode::emitCode):
+        (KJS::PropertyListNode::emitCode):
+        (KJS::DotAccessorNode::emitCode):
+        (KJS::AssignDotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Mark the register file. 
+        
+        It's a conservative mark for now, but once registers are typed, we can
+        do an exact mark.
+        
+        1.4% regression regardless of whether we actually do the marking.
+        GCC is is worth every penny.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Most of the changes here are just for
+        the fact that "registers" is a pointer now.
+
+        * kjs/JSGlobalObject.cpp: The global object owns the register file now.
+
+2008-03-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18204: SquirrelFish: continue/break do not correctly handle scope popping
+        <http://bugs.webkit.org/show_bug.cgi?id=18204>
+
+        We now track the scope depth as part of a loop context, and add an
+        extra instruction op_jump_scopes that is used to perform a jump across
+        dynamic scope boundaries.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpScopes):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::ContinueNode::emitCode):
+        (KJS::BreakNode::emitCode):
+
+2008-03-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add emitCode support for ConditionalNode.
+
+        * kjs/nodes.cpp:
+        (KJS::ConditionalNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Responding to feedback, added some comments, fixed up a few names, and
+        clarified that "locals" always means all local variables, functions,
+        and parameters.
+
+2008-03-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Added support for "this".
+        
+        Supply an implicit "this" value as the first argument to every function.
+        Alias the "this" keyword to that argument.
+        
+        1% regression overall, 2.5% regression on empty function calls. Seems
+        like a reasonable cost for now, since we're doing more work.
+        (Eventually, we might decide to create a version of op_call specialized
+        for a known null "this" value.)
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCall):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/CommonIdentifiers.cpp:
+        (KJS::CommonIdentifiers::CommonIdentifiers):
+        * kjs/CommonIdentifiers.h:
+        * kjs/nodes.cpp:
+        (KJS::ThisNode::emitCode):
+        (KJS::FunctionCallResolveNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 18192: Squirrelfish needs support for break and continue
+        <http://bugs.webkit.org/show_bug.cgi?id=18192>
+
+        Added a loop context stack to the code generator to provide the
+        correct jump labels for continue and goto.  Added logic to the
+        currently implemented loop constructs to manage entry and exit
+        from the loop contexts.  Finally, implemented codegen for break
+        and continue (and a pass through for LabelNode)
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::pushLoopContext):
+        (KJS::CodeGenerator::popLoopContext):
+        (KJS::CodeGenerator::loopContextForIdentifier):
+        (KJS::CodeGenerator::labelForContinue):
+        (KJS::CodeGenerator::labelForBreak):
+        * VM/CodeGenerator.h:
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::ContinueNode::emitCode):
+        (KJS::BreakNode::emitCode):
+        (KJS::LabelNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add emitCode support for UnaryPlusNode, NegateNode, BitwiseNotNode and LogicalNotNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::printUnaryOp):
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitToJSNumber):
+        (KJS::CodeGenerator::emitNegate):
+        (KJS::CodeGenerator::emitBitNot):
+        (KJS::CodeGenerator::emitNot):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::UnaryPlusNode::emitCode):
+        (KJS::NegateNode::emitCode):
+        (KJS::BitwiseNotNode::emitCode):
+        (KJS::LogicalNotNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-27  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add support for LogicalAndNode and LogicalOrNode.
+
+        * kjs/nodes.cpp:
+        (KJS::LogicalAndNode::emitCode):
+        (KJS::LogicalOrNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-27  Sam Weinig  <sam@webkit.org>
+
+        Clean up code and debug output.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-03-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Moved an ASSERT to a more logical place.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-03-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Add emitCode support for InstanceOfNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitInstanceOf):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::InstanceOfNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Bug 18142: squirrelfish needs to support dynamic scoping/with
+        <http://bugs.webkit.org/show_bug.cgi?id=18142>
+
+        Add support for dynamic scoping and add code to handle 'with'
+        statements.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::CodeBlock):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::getRegister):
+        (KJS::CodeGenerator::emitPushScope):
+        (KJS::CodeGenerator::emitPopScope):
+        * VM/CodeGenerator.h:
+        (KJS::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::WithNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add emitCode support for NullNode, FalseNode, TrueNode, IfNode, IfElseNode, DoWhileNode and WhileNode
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump): Dump op_jfalse opcode.
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfFalse): Identical to emitJumpIfTrue except it emits the op_jfalse opcode.
+        (KJS::CodeGenerator::emitLoad): Add and emitLoad override for booleans.
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute): Adds execution of op_jfalse. It is identical to op_jtrue, except the
+        the condition is reversed.
+        * VM/Opcode.h: Add op_jfalse.
+        * kjs/nodes.cpp:
+        (KJS::NullNode::emitCode): Added.
+        (KJS::FalseNode::emitCode): Added.
+        (KJS::TrueNode::emitCode): Added.
+        (KJS::IfNode::emitCode): Added.
+        (KJS::IfElseNode::emitCode): Added.
+        (KJS::DoWhileNode::emitCode): Added.
+        (KJS::WhileNode::emitCode): Added.
+        * kjs/nodes.h:
+
+2008-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Nixed an unused List.
+        
+        The calm before my stormy war against the List class.
+
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+
+2008-03-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoffrey Garen.
+
+        Adds support for EqualNode, NotEqualNode, StrictEqualNode, NotStrictEqualNode,
+        LessEqNode, GreaterNode, GreaterEqNode, MultNode, DivNode, ModNode, SubNode,
+        LeftShiftNode, RightShiftNode, UnsignedRightShiftNode, BitAndNode, BitXOrNode,
+        and BitOrNode.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitEqual):
+        (KJS::CodeGenerator::emitNotEqual):
+        (KJS::CodeGenerator::emitStrictEqual):
+        (KJS::CodeGenerator::emitNotStrictEqual):
+        (KJS::CodeGenerator::emitLessEq):
+        (KJS::CodeGenerator::emitMult):
+        (KJS::CodeGenerator::emitDiv):
+        (KJS::CodeGenerator::emitMod):
+        (KJS::CodeGenerator::emitSub):
+        (KJS::CodeGenerator::emitLeftShift):
+        (KJS::CodeGenerator::emitRightShift):
+        (KJS::CodeGenerator::emitUnsignedRightShift):
+        (KJS::CodeGenerator::emitBitAnd):
+        (KJS::CodeGenerator::emitBitXOr):
+        (KJS::CodeGenerator::emitBitOr):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::jsLessEq):
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (KJS::MultNode::emitCode):
+        (KJS::DivNode::emitCode):
+        (KJS::ModNode::emitCode):
+        (KJS::SubNode::emitCode):
+        (KJS::LeftShiftNode::emitCode):
+        (KJS::RightShiftNode::emitCode):
+        (KJS::UnsignedRightShiftNode::emitCode):
+        (KJS::GreaterNode::emitCode):
+        (KJS::LessEqNode::emitCode):
+        (KJS::GreaterEqNode::emitCode):
+        (KJS::EqualNode::emitCode):
+        (KJS::NotEqualNode::emitCode):
+        (KJS::StrictEqualNode::emitCode):
+        (KJS::NotStrictEqualNode::emitCode):
+        (KJS::BitAndNode::emitCode):
+        (KJS::BitXOrNode::emitCode):
+        (KJS::BitOrNode::emitCode):
+        * kjs/nodes.h:
+
+2008-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Only print debug dumps in debug builds.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::generate):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Moved a few files around in the XCode project.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-03-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Made closures work.
+        
+        An activation object aliases to the register file until its associated
+        function returns, at which point it copies the registers for locals and
+        parameters into an independent storage buffer.
+
+2008-03-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed recent 25% regression on simple for loop test. GCC seems to be
+        very finicky about the code that gets inlined into
+        Machine::privateExecute.
+
+        Everything in this patch is simply the result of experiment.
+        
+        The resolve and resolve_base opcodes do not seem to have gotten slower
+        from this change.
+
+        * VM/Machine.cpp:
+        (KJS::resolve):
+        (KJS::resolveBase):
+        (KJS::Machine::privateExecute):
+        * kjs/nodes.h:
+
+2008-03-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 18059: squirrelfish needs to compile on platforms without computed goto
+        <http://bugs.webkit.org/show_bug.cgi?id=18059>
+
+        "Standard" macro style support for conditionalising the use of computed goto.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/Machine.cpp:
+        (KJS::Machine::isOpcode):
+        (KJS::Machine::privateExecute):
+        * VM/Machine.h:
+        (KJS::Machine::getOpcode):
+        (KJS::Machine::getOpcodeID):
+        * VM/Opcode.h:
+        * wtf/Platform.h:
+
+2008-03-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Moved my notes from nodes.h to the wiki.
+
+        * kjs/nodes.h:
+
+2008-03-24  Geoffrey Garen  <ggaren@apple.com>
+
+        SquirrelFish lives.
+        
+        Initial check-in of the code I've been carrying around. Lots of stuff
+        doesn't work. Plus a bunch of empty files.
+
+=== Start merge of squirrelfish ===
+
+2008-05-21  Darin Adler  <darin@apple.com>
+
+        - try to fix the Windows build
+
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::stopProfiling): Use ptrdiff_t instead of the less-common but incredibly
+        similar ssize_t type.
+        * wtf/AVLTree.h:
+        (KJS::AVLTree::search): Added a typename for a dependent name that's a type.
+
+2008-05-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - fix <rdar://problem/5952721> bug in JavaScript arguments object property lookup
+
+        Test: fast/js/arguments-bad-index.html
+
+        * kjs/function.cpp:
+        (KJS::IndexToNameMap::IndexToNameMap): Use unsigned instead of int.
+        (KJS::IndexToNameMap::isMapped): Use unsigned instead of int, and also use the
+        strict version of the numeric conversion function, since we don't want to allow
+        trailing junk.
+        (KJS::IndexToNameMap::unMap): Ditto.
+        (KJS::IndexToNameMap::operator[]): Ditto.
+        * kjs/function.h: Changed IndexToNameMap::size type from int to unsigned.
+
+2008-05-21  Timothy Hatcher  <timothy@apple.com>
+
+        Change the Profiler to allow multiple profiles to be running at
+        the same time. This can happen when you have nested console.profile()
+        calls. This required two changes. First, the Profiler needed to keep a
+        Vector of current profiles, instead of one. Second, a Profile needs
+        to keep track of the global ExecState it started in and the page group
+        identifier it is tracking.
+
+        The stopProfiling call now takes the same arguments as startProfiling.
+        This makes sure the correct profile is stopped. Passing a null UString
+        as the title will stop the last profile for the matching ExecState.
+
+        <rdar://problem/5951559> Multiple pages profiling can interfere with each other
+
+        Reviewed by Kevin McCullough.
+
+        * JavaScriptCore.exp: Added new exports. Removed old symbols.
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile): New constructor arguments for the
+        originatingGlobalExec and pageGroupIdentifier.
+        (KJS::Profile::stopProfiling): Set the m_originatingGlobalExec to null.
+        * profiler/Profile.h:
+        (KJS::Profile::create): Additional arguments.
+        (KJS::Profile::originatingGlobalExec): Return m_originatingGlobalExec.
+        (KJS::Profile::pageGroupIdentifier): Return m_pageGroupIdentifier.
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::findProfile): Added. Finds a Profile that matches
+        the ExecState and title.
+        (KJS::Profiler::startProfiling): Return early if there is already
+        a Profile with the ExecState and title. If not, create a new profile
+        and append it to m_currentProfiles.
+        (KJS::Profiler::stopProfiling): Loops through m_currentProfiles
+        and find the one matching the ExecState and title. If one is found
+        call stopProfiling and return the Profile after removing it
+        from m_currentProfiles.
+        (KJS::dispatchFunctionToProfiles): Helper inline function to loop through
+        m_currentProfiles and call a Profile function.
+        (KJS::Profiler::willExecute): Call dispatchFunctionToProfiles.
+        (KJS::Profiler::didExecute): Ditto.
+        * profiler/Profiler.h:
+
+2008-05-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5908520> REGRESSION (3.1.1-r33033): Crash in WebKit when opening or
+        refreshing page on people.com
+
+        The problem was that STL algorithms do not work with non-conformant comparators, and the
+        site used sort(function() { return 0.5 - Math.random(); } to randomly shuffle an array.
+
+        https://bugs.webkit.org/show_bug.cgi?id=18687
+        REGRESSION(r32220): ecma/Array/15.4.4.5-3.js test now fails in GMT(BST)
+
+        Besides relying on sort stability, this test was just broken, and kept failing with the
+        new stable sort.
+
+        Tests: fast/js/sort-randomly.html
+               fast/js/sort-stability.html
+               fast/js/comparefn-sort-stability.html
+
+        * kjs/avl_tree.h: Added an AVL tree implementation.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/AVLTree.h: Added.
+        Added an AVL tree implementation.
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::increaseVectorLength):
+        (KJS::ArrayInstance::sort):
+        (KJS::AVLTreeAbstractorForArrayCompare::get_less):
+        (KJS::AVLTreeAbstractorForArrayCompare::set_less):
+        (KJS::AVLTreeAbstractorForArrayCompare::get_greater):
+        (KJS::AVLTreeAbstractorForArrayCompare::set_greater):
+        (KJS::AVLTreeAbstractorForArrayCompare::get_balance_factor):
+        (KJS::AVLTreeAbstractorForArrayCompare::set_balance_factor):
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_node):
+        (KJS::AVLTreeAbstractorForArrayCompare::compare_node_node):
+        (KJS::AVLTreeAbstractorForArrayCompare::null):
+        (KJS::ArrayInstance::compactForSorting):
+        
+        * kjs/array_instance.h: increaseVectorLength() now returns a bool to indicate whether it was
+        successful.
+
+        * wtf/Vector.h:
+        (WTF::Vector::Vector):
+        (WTF::::operator=):
+        (WTF::::fill):
+        Make these methods fail instead of crash when allocation fails, matching resize() and
+        reserveCapacity(), which already had this behavior. Callers need to check for null buffer
+        after making any Vector call that can try to allocate.
+
+        * tests/mozilla/ecma/Array/15.4.4.5-3.js: Fixed the test to use a consistent sort function,
+        as suggested in comments to a Mozilla bug filed about it (I'll keep tracking the bug to see
+        what the final resolution is).
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5950867> JSProfiler: Allow the profiler to "Focus" a
+        profile node.
+        - Implements focus by adding the idea of a profileNode being visible and
+        adding the ability to reset all of the visible flags.
+
+        * profiler/Profile.h: 
+        (KJS::Profile::focus):
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode): Initialize the visible flag.
+        (KJS::ProfileNode::setTreeVisible): Set the visibility of this node and
+        all of its descendents.
+        (KJS::ProfileNode::focus): Determine if this node should be visible when
+        focusing, if the functionName matches this node's function name or if any
+        of this node's children are visible.
+        (KJS::ProfileNode::restoreAll): Restore all nodes' visible flag.
+        (KJS::ProfileNode::debugPrintData):
+        * profiler/ProfileNode.h:
+        (KJS::ProfileNode::visible):
+        (KJS::ProfileNode::setVisible):
+
+2008-05-20  Timothy Hatcher  <timothy@apple.com>
+
+        Fixes a couple performance issues with the profiler. Also fixes
+        a regression where some nodes wouldn't be added to the tree.
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::addChild): Compare callIdentifier instead
+        of functionName.
+        * profiler/ProfileNode.h: 
+        (CallIdentifier.operator==): Compare the CallIdentifiers in
+        an order that fails sooner for non-matches.
+        (CallIdentifier.callIdentifier): Return the CallIdentifier by
+        reference to prevent making a new copy each time.
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5950796> JSProfiler: dump functions are in the code
+        Removed dump and logging functions from the Release version of the code
+        and renamed them to be obviously for debugging only.
+
+        * JavaScriptCore.exp:
+        * profiler/Profile.cpp:
+        (KJS::Profile::debugPrintData):
+        (KJS::Profile::debugPrintDataSampleStyle):
+        * profiler/Profile.h:
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::debugPrintData):
+        (KJS::ProfileNode::debugPrintDataSampleStyle):
+        * profiler/ProfileNode.h:
+        * profiler/Profiler.cpp:
+        * profiler/Profiler.h:
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5950538> JSProfiler: Keep track of non-JS execution time
+        We now have an extra node that represents the excess non-JS time.
+        - Also changed "SCRIPT" and "anonymous function" to be more consistent
+        with the debugger.
+
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::stopProfiling): If this ProfileNode is the head node
+        create a new child that has the excess execution time.
+        (KJS::ProfileNode::calculatePercentages): Moved calculation of the
+        percentages into a function since it's called from multiple places.
+        * profiler/ProfileNode.h: Add the newly needed functions used above.
+        (KJS::ProfileNode::setTotalTime):
+        (KJS::ProfileNode::setSelfTime):
+        (KJS::ProfileNode::setNumberOfCalls):
+        * profiler/Profiler.cpp: renamed "SCRIPT" and "anonymous function" to be
+        consistent with the debugger and use constants that can be localized
+        more easily.
+        (KJS::getCallIdentifiers):
+        (KJS::getCallIdentifierFromFunctionImp):
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        Removed only profiler-internal use of currentProfile since that concept
+        is changing.
+
+        * profiler/Profile.h: Now stopProfiling takes a time and bool as
+        arguments.  The time is used to calculate %s from and the bool tells
+        if this node is the head node and should be the one calculating the time.
+        (KJS::Profile::stopProfiling):
+        * profiler/ProfileNode.cpp: Ditto.
+        (KJS::ProfileNode::stopProfiling):
+        * profiler/ProfileNode.h: Ditto.
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Accidentally turned on the profiler.
+
+        * kjs/config.h:
+
+
+2008-05-20  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        Split function name into 3 parts so that the Web Inspector can link it to
+        the resource location from whence it came.
+
+        * kjs/ustring.cpp: Implemented operator> for UStrings
+        (KJS::operator>):
+        * kjs/ustring.h:
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile): Initialize all 3 values.
+        (KJS::Profile::willExecute): Use CallIdentifier struct.
+        (KJS::Profile::didExecute): Ditto.
+        * profiler/Profile.h: Ditto and remove unused function.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode): Use CallIdentifier struct.
+        (KJS::ProfileNode::willExecute): Ditto and fix an issue where we
+        restarted the m_startTime even though it was already started.
+        (KJS::ProfileNode::didExecute): Ditto.
+        (KJS::ProfileNode::findChild): Ditto.
+        (KJS::functionNameDescendingComparator): Ditto and use new comparator.
+        (KJS::functionNameAscendingComparator): Ditto.
+        (KJS::ProfileNode::printDataInspectorStyle): Use CallIdentifier struct.
+        (KJS::ProfileNode::printDataSampleStyle): Ditto.
+        * profiler/ProfileNode.h:
+        (KJS::CallIdentifier::CallIdentifier): Describe the CallIdentifier struct
+        (KJS::CallIdentifier::operator== ):
+        (KJS::ProfileNode::create): Use the CallIdentifier struct.
+        (KJS::ProfileNode::callIdentifier):
+        (KJS::ProfileNode::functionName): Now only return the function name, not
+        the url and line number too.
+        (KJS::ProfileNode::url):
+        (KJS::ProfileNode::lineNumber):
+        * profiler/Profiler.cpp: Use the CallIdentifier struct. 
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        (KJS::getCallIdentifiers):
+        (KJS::getCallIdentifierFromFunctionImp):
+
+2008-05-20  Timothy Hatcher  <timothy@apple.com>
+
+        Rename sortFileName{Ascending,Descending} to
+        sortFunctionName{Ascending,Descending}.
+
+        Reviewed by Kevin McCullough.
+
+        * JavaScriptCore.exp:
+        * kjs/config.h:
+        * profiler/Profile.h:
+        * profiler/ProfileNode.cpp:
+        (KJS::functionNameDescendingComparator):
+        (KJS::ProfileNode::sortFunctionNameDescending):
+        (KJS::functionNameAscendingComparator):
+        (KJS::ProfileNode::sortFunctionNameAscending):
+        * profiler/ProfileNode.h:
+
+2008-05-19  Timothy Hatcher  <timothy@apple.com>
+
+        Make the profiler use higher than millisecond resolution time-stamps.
+
+        Reviewed by Kevin McCullough.
+
+        * kjs/DateMath.cpp:
+        (KJS::getCurrentUTCTime): Call getCurrentUTCTimeWithMicroseconds and
+        floor the result.
+        (KJS::getCurrentUTCTimeWithMicroseconds): Copied from the previous
+        implementation of getCurrentUTCTime without the floor call.
+        * kjs/DateMath.h: Addded getCurrentUTCTimeWithMicroseconds.
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode): Use getCurrentUTCTimeWithMicroseconds.
+
+2008-05-19  Timothy Hatcher  <timothy@apple.com>
+
+        Fixes a bug in the profiler where call and apply would show up
+        and double the time spent in a function. We don't want to show call
+        and apply at all in the profiles. This change excludes them.
+
+        Reviewed by Kevin McCullough.
+
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::stopProfiling): Remove a second for loop and
+        calculate self time in the existing loop.
+        * profiler/Profiler.cpp:
+        (KJS::shouldExcludeFunction): Helper inline function that returns
+        true in the current function in an InternalFunctionImp and it is 
+        has the functionName call or apply.
+        (KJS::Profiler::willExecute): Call shouldExcludeFunction and return
+        early if if returns true.
+        (KJS::Profiler::didExecute): Ditto.
+
+2008-05-19  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Implement sorting by function name.
+
+        * JavaScriptCore.exp:
+        * profiler/Profile.h:
+        (KJS::Profile::sortFileNameDescending):
+        (KJS::Profile::sortFileNameAscending):
+        * profiler/ProfileNode.cpp:
+        (KJS::fileNameDescendingComparator):
+        (KJS::ProfileNode::sortFileNameDescending):
+        (KJS::fileNameAscendingComparator):
+        (KJS::ProfileNode::sortFileNameAscending):
+        * profiler/ProfileNode.h:
+
+2008-05-19  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Pass the exec state to profiler when calling startProfiling so that if
+        profiling is started within an execution context that location is
+        recorded correctly.
+
+        * JavaScriptCore.exp:
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::printDataInspectorStyle): Dump more info for debugging
+        purposes.
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        * profiler/Profiler.h:
+
+2008-05-19  Kevin McCullough  <kmccullough@apple.com>
+
+        Rubberstamped by Geoff.
+
+        Turn off the profiler because it is a performance regression.
+
+        * kjs/config.h:
+
+2008-05-19  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Anders and Beth.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16495
+        [GTK] Accessibility support with ATK/AT-SPI
+
+        Initial ATK/AT-SPI accessibility support for the GTK+ port.
+
+        * wtf/Platform.h:
+
+2008-05-19  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        -In an effort to make the profiler as efficient as possible instead of
+        prepending to a vector we keep the vector in reverse order and operate
+        over it backwards.
+
+        * profiler/Profile.cpp:
+        (KJS::Profile::willExecute):
+        (KJS::Profile::didExecute):
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::didExecute):
+        (KJS::ProfileNode::endAndRecordCall):
+        * profiler/ProfileNode.h:
+        * profiler/Profiler.cpp:
+        (KJS::getStackNames):
+
+2008-05-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        Implement sorting for the profiler.
+        I chose to sort the profileNodes in place since there is no reason they
+        need to retain their original order.
+
+        * JavaScriptCore.exp: Export the symbols.
+        * profiler/Profile.h: Add the different ways a profile can be sorted.
+        (KJS::Profile::sortTotalTimeDescending):
+        (KJS::Profile::sortTotalTimeAscending):
+        (KJS::Profile::sortSelfTimeDescending):
+        (KJS::Profile::sortSelfTimeAscending):
+        (KJS::Profile::sortCallsDescending):
+        (KJS::Profile::sortCallsAscending):
+        * profiler/ProfileNode.cpp: Implement those ways.
+        (KJS::totalTimeDescendingComparator):
+        (KJS::ProfileNode::sortTotalTimeDescending):
+        (KJS::totalTimeAscendingComparator):
+        (KJS::ProfileNode::sortTotalTimeAscending):
+        (KJS::selfTimeDescendingComparator):
+        (KJS::ProfileNode::sortSelfTimeDescending):
+        (KJS::selfTimeAscendingComparator):
+        (KJS::ProfileNode::sortSelfTimeAscending):
+        (KJS::callsDescendingComparator):
+        (KJS::ProfileNode::sortCallsDescending):
+        (KJS::callsAscendingComparator):
+        (KJS::ProfileNode::sortCallsAscending):
+        * profiler/ProfileNode.h: No longer use a Deque since it cannot be
+        sorted by std::sort and there was no reason not to use a Vector.  I
+        previously had though I would do prepending but am not.
+        (KJS::ProfileNode::selfTime):
+        (KJS::ProfileNode::totalPercent):
+        (KJS::ProfileNode::selfPercent):
+        (KJS::ProfileNode::children):
+        * profiler/Profiler.cpp: Removed these functions as they can be called
+        directoy on the Profile object after getting the Vector of them.
+        (KJS::getStackNames):
+        * profiler/Profiler.h:
+
+2008-05-15  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Since WebKitGtk is fully using autotools now, clean-up the .pro/.pri files
+        from gtk-port.
+
+        * JavaScriptCore.pro:
+        * kjs/testkjs.pro:
+
+2008-05-15  Kevin McCullough  <kmccullough@apple.com>
+
+        - Build fix.
+
+        * JavaScriptCore.exp:
+
+2008-05-15  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Cache some values to save on computing them repetitively. This will be
+        a big savings when we sort since we won't have to walk the tree for
+        every comparison!
+        - We cache these values when we end profiling because otherwise we won't
+        know which profile to get the totalTime for the whole profile from without
+        retaining a reference to the head profile or looking up the profile from
+        the list of all profiles.
+        - Also it's safe to assume we won't be asked for these values while we
+        are still profiling since the WebInspector only get's profileNodes from
+        profiles that are in the allProfiles() list and a profile is only added
+        to that list after it has finished and these values will no longer
+        change.
+
+        * JavaScriptCore.exp:
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::ProfileNode):
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::printDataInspectorStyle):
+        (KJS::ProfileNode::printDataSampleStyle):
+        (KJS::ProfileNode::endAndRecordCall):
+        * profiler/ProfileNode.h:
+        (KJS::ProfileNode::totalTime):
+        (KJS::ProfileNode::selfTime):
+        (KJS::ProfileNode::totalPercent):
+        (KJS::ProfileNode::selfPercent):
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::stopProfiling):
+
+2008-05-15  Simon Hausmann  <shausman@trolltech.com>
+
+        Reviewed by Holger.
+
+        Fix compilation when compiling with MSVC and wchar_t support.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::umemcasecmp):
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Turn on the profiler.
+
+        * kjs/config.h:
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Expose the new profiler functions to the WebInspector.
+
+        * JavaScriptCore.exp:
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Giving credit where credit is due.
+
+        * ChangeLog:
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff and Sam.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        Add the ability to get percentages of total and self time for displaying
+        in the WebInspector.
+
+        * profiler/Profile.h:
+        (KJS::Profile::totalProfileTime):
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::totalPercent):
+        (KJS::ProfileNode::selfPercent):
+        * profiler/ProfileNode.h:
+        * profiler/Profiler.h:
+        (KJS::Profiler::currentProfile):
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Rename FunctionCallProfile to ProfileNode.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * profiler/FunctionCallProfile.cpp: Removed.
+        * profiler/FunctionCallProfile.h: Removed.
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile):
+        (KJS::Profile::willExecute):
+        * profiler/Profile.h:
+        (KJS::Profile::callTree):
+        * profiler/ProfileNode.cpp: Copied from profiler/FunctionCallProfile.cpp.
+        (KJS::ProfileNode::ProfileNode):
+        (KJS::ProfileNode::willExecute):
+        (KJS::ProfileNode::didExecute):
+        (KJS::ProfileNode::addChild):
+        (KJS::ProfileNode::findChild):
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::selfTime):
+        (KJS::ProfileNode::printDataInspectorStyle):
+        (KJS::ProfileNode::printDataSampleStyle):
+        (KJS::ProfileNode::endAndRecordCall):
+        * profiler/ProfileNode.h: Copied from profiler/FunctionCallProfile.h.
+        (KJS::ProfileNode::create):
+        (KJS::ProfileNode::children):
+        * profiler/Profiler.cpp:
+
+2008-05-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by John.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Have each FunctionCallProfile be able to return it's total and self time.
+
+        * JavaScriptCore.exp:
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::selfTime):
+        * profiler/FunctionCallProfile.h:
+        (KJS::FunctionCallProfile::totalTime):
+
+2008-05-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5934376> REGRESSION: A script fails because of a straw BOM character in it.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=4931>
+        Unicode format characters (Cf) should be removed from JavaScript source
+
+        Of all Cf characters, we are only removing BOM, because this is what Firefox trunk has
+        settled upon, after extensive discussion and investigation.
+
+        Based on Darin's work on this bug.
+
+        Test: fast/js/removing-Cf-characters.html
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::setCode): Tweak formatting. Use a call to shift(4) to read in the
+        first characters, instead of having special case code here.
+        (KJS::Lexer::shift): Add a loop when reading a character to skip BOM characters.
+
+2008-05-13  Matt Lilek  <webkit@mattlilek.com>
+
+        Not reviewed, build fix.
+
+        * kjs/date_object.cpp:
+        (KJS::DateObjectFuncImp::callAsFunction):
+
+2008-05-13  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5933644> Implement Date.now
+        
+        Implement Date.now which returns the number of milliseconds since the epoch.
+        
+        * kjs/CommonIdentifiers.h:
+        * kjs/date_object.cpp:
+        (KJS::DateObjectFuncImp::):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+
+2008-05-13  Kevin McCullough  <kmccullough@apple.com>
+
+        Giving credit where credit is due.
+
+        * ChangeLog:
+
+2008-05-13  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam and Geoff.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        Use PassRefPtrs instead of RefPtrs when appropriate.
+
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::addChild):
+        * profiler/FunctionCallProfile.h:
+        * profiler/Profile.h:
+        (KJS::Profile::callTree):
+
+2008-05-13  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Made some functions static (as per Adam) and changed from using raw
+        pointers to RefPtr for making these JavaScript Objects.
+
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::addChild):
+        (KJS::FunctionCallProfile::findChild):
+        * profiler/FunctionCallProfile.h:
+        (KJS::FunctionCallProfile::create):
+        * profiler/Profile.cpp:
+        (KJS::Profile::Profile):
+        (KJS::Profile::willExecute):
+        (KJS::Profile::didExecute):
+        (KJS::functionNameCountPairComparator):
+        * profiler/Profile.h:
+        (KJS::Profile::create):
+        (KJS::Profile::title):
+        (KJS::Profile::callTree):
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        * profiler/Profiler.h:
+        (KJS::Profiler::allProfiles):
+        (KJS::Profiler::clearProfiles):
+
+2008-05-13  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        <rdar://problem/4949018> JavaScriptCore API claims to work with UTF8 strings, but only works
+        with ASCII strings
+        
+        * kjs/ustring.h:
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::createFromUTF8):
+        Added. Implementation adapted from JSStringCreateWithUTF8CString().
+
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithUTF8CString):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        Use UString::Rep::createFromUTF8().
+
+2008-05-12  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        <rdar://problem/4859666> WebKit needs availability macros in order to deprecate APIs
+
+        Create WebKit availability macros that key off the Mac OS X version being targeted to
+        determine the WebKit version being targeted.  Applications can define
+        WEBKIT_VERSION_MIN_REQUIRED before including WebKit headers in order to target a specific
+        version of WebKit.
+
+        The availability header is being added to JavaScriptCore rather than WebKit as JavaScriptCore
+        is the lowest-level portion of the public WebKit API.
+
+        * API/WebKitAvailability.h: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-05-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        https://bugs.webkit.org/show_bug.cgi?id=18828
+        Reproducible crash with PAC file
+
+        Naively moving JavaScriptCore into thread-specific data was inappropriate in the face of
+        exiting JavaScriptCore API clients, which expect a different therading model. Temporarily
+        disabling ThreadSpecific implementation until this can be sorted out.
+
+        * wtf/ThreadSpecific.h:
+        (WTF::::ThreadSpecific):
+        (WTF::::~ThreadSpecific):
+        (WTF::::get):
+        (WTF::::set):
+
+2008-05-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Roll out recent  threading changes (r32807, r32810, r32819, r32822) to simplify
+        SquirrelFish merging.
+
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        * JavaScriptCore.exp:
+        * kjs/ExecState.h:
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreadingOnce):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject):
+        (KJS::JSGlobalObject::init):
+        (KJS::JSGlobalObject::put):
+        (KJS::JSGlobalObject::reset):
+        (KJS::JSGlobalObject::tearOffActivation):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::head):
+        (KJS::JSGlobalObject::perThreadData):
+        * kjs/JSLock.cpp:
+        (KJS::JSLock::registerThread):
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::ArrayInstance):
+        (KJS::ArrayInstance::lengthGetter):
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayObjectImp::ArrayObjectImp):
+        (KJS::ArrayObjectImp::construct):
+        * kjs/bool_object.cpp:
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::BooleanObjectImp::BooleanObjectImp):
+        (KJS::BooleanObjectImp::construct):
+        * kjs/collector.cpp:
+        (KJS::allocateBlock):
+        (KJS::Collector::recordExtraCost):
+        (KJS::Collector::heapAllocate):
+        (KJS::Collector::allocate):
+        (KJS::Collector::allocateNumber):
+        (KJS::Collector::registerAsMainThread):
+        (KJS::onMainThread):
+        (KJS::PlatformThread::PlatformThread):
+        (KJS::getCurrentPlatformThread):
+        (KJS::Collector::Thread::Thread):
+        (KJS::destroyRegisteredThread):
+        (KJS::initializeRegisteredThreadKey):
+        (KJS::Collector::registerThread):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::markCurrentThreadConservativelyInternal):
+        (KJS::Collector::markCurrentThreadConservatively):
+        (KJS::suspendThread):
+        (KJS::resumeThread):
+        (KJS::getPlatformThreadRegisters):
+        (KJS::otherThreadStackPointer):
+        (KJS::Collector::markOtherThreadConservatively):
+        (KJS::protectedValues):
+        (KJS::Collector::protect):
+        (KJS::Collector::unprotect):
+        (KJS::Collector::collectOnMainThreadOnly):
+        (KJS::Collector::markProtectedObjects):
+        (KJS::Collector::markMainThreadOnlyObjects):
+        (KJS::Collector::sweep):
+        (KJS::Collector::collect):
+        (KJS::Collector::size):
+        (KJS::Collector::globalObjectCount):
+        (KJS::Collector::protectedGlobalObjectCount):
+        (KJS::Collector::protectedObjectCount):
+        (KJS::Collector::protectedObjectTypeCounts):
+        (KJS::Collector::isBusy):
+        (KJS::Collector::reportOutOfMemoryToAllExecStates):
+        * kjs/collector.h:
+        (KJS::Collector::cellBlock):
+        (KJS::Collector::cellOffset):
+        (KJS::Collector::isCellMarked):
+        (KJS::Collector::markCell):
+        (KJS::Collector::reportExtraMemoryCost):
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::DatePrototype::DatePrototype):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::errorProtoFuncToString):
+        (KJS::ErrorObjectImp::ErrorObjectImp):
+        (KJS::ErrorObjectImp::construct):
+        (KJS::NativeErrorPrototype::NativeErrorPrototype):
+        (KJS::NativeErrorImp::NativeErrorImp):
+        (KJS::NativeErrorImp::construct):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::construct):
+        (KJS::Arguments::Arguments):
+        (KJS::ActivationImp::createArgumentsObject):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        (KJS::functionProtoFuncToString):
+        (KJS::FunctionObjectImp::FunctionObjectImp):
+        (KJS::FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject):
+        * kjs/internal.h:
+        (KJS::StringImp::StringImp):
+        (KJS::NumberImp::operator new):
+        * kjs/list.cpp:
+        (KJS::List::markSet):
+        (KJS::List::markProtectedListsSlowCase):
+        (KJS::List::expandAndAppend):
+        * kjs/list.h:
+        (KJS::List::List):
+        (KJS::List::~List):
+        (KJS::List::markProtectedLists):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::cacheGlobalObject):
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::getValueProperty):
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/nodes.cpp:
+        (KJS::ParserRefCounted::ParserRefCounted):
+        (KJS::ParserRefCounted::ref):
+        (KJS::ParserRefCounted::deref):
+        (KJS::ParserRefCounted::refcount):
+        (KJS::ParserRefCounted::deleteNewObjects):
+        (KJS::Node::handleException):
+        (KJS::NumberNode::evaluate):
+        (KJS::StringNode::evaluate):
+        (KJS::ArrayNode::evaluate):
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::typeStringForValue):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::TypeOfResolveNode::evaluate):
+        (KJS::TypeOfValueNode::evaluate):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::PreIncConstNode::evaluate):
+        (KJS::PreDecConstNode::evaluate):
+        (KJS::PostIncConstNode::evaluate):
+        (KJS::PostDecConstNode::evaluate):
+        (KJS::PreIncBracketNode::evaluate):
+        (KJS::PreDecBracketNode::evaluate):
+        (KJS::PreIncDotNode::evaluate):
+        (KJS::PreDecDotNode::evaluate):
+        (KJS::NegateNode::evaluate):
+        (KJS::BitwiseNotNode::evaluate):
+        (KJS::MultNode::evaluate):
+        (KJS::DivNode::evaluate):
+        (KJS::ModNode::evaluate):
+        (KJS::addSlowCase):
+        (KJS::add):
+        (KJS::AddNumbersNode::evaluate):
+        (KJS::AddStringsNode::evaluate):
+        (KJS::AddStringLeftNode::evaluate):
+        (KJS::AddStringRightNode::evaluate):
+        (KJS::SubNode::evaluate):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitOrNode::evaluate):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::ForInNode::execute):
+        (KJS::TryNode::execute):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::evaluate):
+        * kjs/nodes.h:
+        * kjs/number_object.cpp:
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberObjectImp::NumberObjectImp):
+        (KJS::NumberObjectImp::getValueProperty):
+        (KJS::NumberObjectImp::construct):
+        (KJS::NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+        (KJS::JSObject::get):
+        (KJS::JSObject::put):
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::JSObject::putDirect):
+        (KJS::Error::create):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectObjectImp::ObjectObjectImp):
+        (KJS::ObjectObjectImp::construct):
+        * kjs/property_map.h:
+        (KJS::SavedProperty::SavedProperty):
+        (KJS::SavedProperty::init):
+        (KJS::SavedProperty::~SavedProperty):
+        (KJS::SavedProperty::name):
+        (KJS::SavedProperty::value):
+        (KJS::SavedProperty::attributes):
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpImp::getValueProperty):
+        (KJS::RegExpObjectImp::RegExpObjectImp):
+        (KJS::RegExpObjectImp::arrayOfMatches):
+        (KJS::RegExpObjectImp::getBackref):
+        (KJS::RegExpObjectImp::getLastParen):
+        (KJS::RegExpObjectImp::getLeftContext):
+        (KJS::RegExpObjectImp::getRightContext):
+        (KJS::RegExpObjectImp::getValueProperty):
+        (KJS::RegExpObjectImp::createRegExpImp):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::StringInstance):
+        (KJS::StringInstance::lengthGetter):
+        (KJS::StringInstance::indexGetter):
+        (KJS::stringInstanceNumericPropertyGetter):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::replace):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringObjectImp::StringObjectImp):
+        (KJS::StringObjectImp::construct):
+        (KJS::StringObjectImp::callAsFunction):
+        (KJS::StringObjectFuncImp::StringObjectFuncImp):
+        (KJS::StringObjectFuncImp::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
+        * kjs/testkjs.cpp:
+        (GlobalObject::GlobalObject):
+        (functionGC):
+        (functionRun):
+        (functionReadline):
+        (kjsmain):
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        (KJS::JSCell::operator new):
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        (KJS::jsNumberCell):
+        * kjs/value.h:
+        (KJS::jsNaN):
+        (KJS::jsNumber):
+        (KJS::jsNumberFromAnd):
+        (KJS::JSCell::marked):
+        (KJS::JSCell::mark):
+        (KJS::JSValue::toJSNumber):
+        * wtf/ThreadSpecific.h:
+        (WTF::T):
+
+2008-05-10  Julien Chaffraix  <jchaffraix@webkit.org>
+
+        Qt & wx build fix.
+
+        * JavaScriptCore.pri: Add profiler/Profile.cpp.
+        * JavaScriptCoreSources.bkl: Ditto.
+
+2008-05-10  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Reviewed by Maciej.
+
+        Gtk+ build fix
+
+        * GNUmakefile.am: Add Profile.cpp in _sources
+
+2008-05-09  Brady Eidson  <beidson@apple.com>
+
+        Build Fix.  Kevin is an idiot.  
+        ("My name is Kevin McCullough and I approve this message.")
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-05-09  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        -Add Profile class so that all profiles can be stored and retrieved by
+        the WebInspector when that time comes.
+
+        * JavaScriptCore.exp: Export the new function signatures.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add the new files to the
+        project
+        * profiler/Profile.cpp: Added. This class represents a single run of the
+        profiler.
+        (KJS::Profile::Profile):
+        (KJS::Profile::willExecute):
+        (KJS::Profile::didExecute):
+        (KJS::Profile::printDataInspectorStyle):
+        (KJS::functionNameCountPairComparator):
+        (KJS::Profile::printDataSampleStyle):
+        * profiler/Profile.h: Added. Ditto
+        (KJS::Profile::stopProfiling):
+        * profiler/Profiler.cpp: Now the profiler keeps track of many profiles
+        but only runs one at a time.
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        (KJS::Profiler::printDataInspectorStyle):
+        (KJS::Profiler::printDataSampleStyle):
+        * profiler/Profiler.h: Ditto.
+        (KJS::Profiler::~Profiler):
+        (KJS::Profiler::allProfiles):
+        (KJS::Profiler::clearProfiles):
+
+2008-05-08  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Mark.
+
+        Enable NPAPI plug-ins on 64-bit.
+        
+        * wtf/Platform.h:
+
+2008-05-07  Julien Chaffraix  <jchaffraix@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        wx & Gtk build fix.
+
+        Add SIZE_MAX definition for the wx port.
+
+        * os-win32/stdint.h:
+
+2008-05-07  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Support for isMainThread in the Qt port.
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::initializeThreading): Adjusted.
+        (WTF::isMainThread): Added.
+
+2008-05-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - fix debug-only leak seen on buildbot
+
+        * wtf/HashTable.h:
+        (WTF::HashTable::checkKey): After writing an empty value in, but before constructing a
+        deleted value on top of it, call the destructor so the empty value doesn't leak.
+
+2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Get rid of static data in nodes.cpp (well, at least of non-debug one).
+
+        No measurable change on SunSpider.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreadingOnce):
+        * kjs/nodes.cpp:
+        (KJS::newTrackedObjects):
+        (KJS::trackedObjectExtraRefCounts):
+        (KJS::initializeNodesThreading):
+        (KJS::ParserRefCounted::ParserRefCounted):
+        (KJS::ParserRefCounted::ref):
+        (KJS::ParserRefCounted::deref):
+        (KJS::ParserRefCounted::refcount):
+        (KJS::ParserRefCounted::deleteNewObjects):
+        * kjs/nodes.h:
+        Made newTrackedObjects and trackedObjectExtraRefCounts per-thread.
+
+2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Move call stack depth counter to global object.
+
+        * kjs/ExecState.h: (KJS::ExecState::functionCallDepth): Added a recursion depth counter to
+        per-thread data.
+        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::init): Initialize PerThreadData.functionCallDepth.
+        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::perThreadData): Made the result non-const.
+
+        * kjs/object.cpp:
+        (KJS::throwStackSizeExceededError): Moved throwError to a separate function, since it is now
+        the only thing in JSObject::call that needs a PIC branch.
+        (KJS::JSObject::call): Use a per-thread variable instead of local static for recursion depth
+        tracking.
+
+2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Make JavaScriptGlue and JavaScriptCore API functions implicitly call initializeThreading
+        for the sake of non-WebKit clients.
+
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate):
+        These are the JavaScriptCore API bottlenecks. There are a few other JSStringRef
+        and JSClassRef functions that can be called earlier, but they do not do anything that
+        requires initializeThreading.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::doInitializeThreading):
+        (KJS::initializeThreading):
+        On Darwin, make the initialization happen under pthread_once, since there is no guarantee
+        that non-WebKit clients won't try to call this function re-entrantly.
+
+        * kjs/InitializeThreading.h:
+        * wtf/Threading.h:
+        Spell out initializeThreading contract.
+
+        * wtf/ThreadingPthreads.cpp: (WTF::isMainThread): Make sure that results are correct on
+        Darwin, even if threading was initialized from a secondary thread.
+
+2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        https://bugs.webkit.org/show_bug.cgi?id=18826
+        Make JavaScript heap per-thread
+
+        * wtf/ThreadSpecific.h: Make sure to initialize POD thread-specific varaibles, too
+        (replaced "new T" with "new T()").
+
+        * kjs/collector.h: Renamed Collector to Heap, made the heap per-thread. Removed support for
+        multithreaded access to a heap.
+        (KJS::CollectorBlock): Removed collectOnMainThreadOnly bitmap, added a reference to owner heap.
+        (KJS::SmallCellCollectorBlock): Ditto.
+        (KJS::Heap::markListSet): Moved from a static variable in List.cpp to a per-thread one here.
+        (KJS::Heap::heap): Added a method to find which heap a JSValue is allocated in.
+
+        * kjs/collector.cpp: Changed "const size_t" constants to #defines, to avoid a PIC branch
+        (gcc was using one to access a constant used in std::max(), because it takes a reference,
+        even though std::max() itself was inlined).
+        (KJS::Heap::threadHeap): JS heap is now per-thread.
+        (KJS::Heap::Heap): Zero-initialize the heap.
+        (KJS::allocateBlock): Added NEVER_INLINE, because this function uses a PIC branch, so
+        inlining it in Heap::heapAllocate() is bad for performance, now that the latter doesn't
+        use any global data.
+        (KJS::Heap::heapAllocate): Initialize Block::heap.
+        (KJS::Heap::markCurrentThreadConservatively): Moved into markStackObjectsConservatively(),
+        as GC only works with a current thread's heap now.
+        (KJS::Heap::sweep): Removed collectOnMainThreadOnly checks.
+        (KJS::Heap::collect): Ditto.
+
+        * kjs/JSLock.cpp:
+        * kjs/JSLock.h:
+        (KJS::JSLock::JSLock):
+        Removed registerThread(), as the heap no longer cares.
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Initialize new per-thread
+        variables in Heap and JSGlobalObject.
+
+        * kjs/ExecState.h: (KJS::ExecState::heap): Added a heap pointer for faster access to
+        per-thread heap, and an accessor for it.
+
+        * kjs/JSGlobalObject.h: Made JSGlobalObject linked list per-thread.
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject): Fixed a bug in linked list handling. It only worked
+        right if the removed object was the head one!
+        (KJS::JSGlobalObject::head): Return a per-thread list head.
+        (KJS::JSGlobalObject::init): Store a reference to per-thread heap.
+        (KJS::JSGlobalObject::reset): Pass ExecState to functions that need it.
+        (KJS::JSGlobalObject::tearOffActivation): Ditto.
+        (KJS::JSGlobalObject::operator new): JSGlobalObject allocation cannot use an ExecState,
+        so it needs a custom operator new that directly accesses per-thread heap.
+
+        * kjs/list.h:
+        (KJS::List::List): Replaced m_isInMarkSet boolean with an actual pointer to the set, since it
+        is no longer a single static object.
+        (KJS::List::~List): Ditto.
+        * kjs/list.cpp:
+        (KJS::List::markSet): Removed, this is now stored in Heap.
+        (KJS::List::markProtectedLists): Take a reference to the list.
+        (KJS::List::expandAndAppend): Ask the current thread heap for a mark set reference.
+
+        * kjs/protect.h:
+        (KJS::gcProtect):
+        (KJS::gcUnprotect):
+        Use the newly added Heap::heap() method to find out which heap the value to be (un)protected
+        belongs to.
+
+        * kjs/property_map.h: Removed unused SavedProperty class.
+
+        * JavaScriptCore.exp:
+        * API/JSBase.cpp:
+        (JSGarbageCollect):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::staticFunctionGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        * API/JSValueRef.cpp:
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::ArrayInstance):
+        (KJS::ArrayInstance::lengthGetter):
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        (KJS::ArrayObjectImp::ArrayObjectImp):
+        (KJS::ArrayObjectImp::construct):
+        * kjs/bool_object.cpp:
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::BooleanObjectImp::BooleanObjectImp):
+        (KJS::BooleanObjectImp::construct):
+        * kjs/date_object.cpp:
+        (KJS::formatLocaleDate):
+        (KJS::DatePrototype::DatePrototype):
+        (KJS::DateObjectImp::DateObjectImp):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectImp::callAsFunction):
+        (KJS::DateObjectFuncImp::DateObjectFuncImp):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::errorProtoFuncToString):
+        (KJS::ErrorObjectImp::ErrorObjectImp):
+        (KJS::ErrorObjectImp::construct):
+        (KJS::NativeErrorPrototype::NativeErrorPrototype):
+        (KJS::NativeErrorImp::NativeErrorImp):
+        (KJS::NativeErrorImp::construct):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::lengthGetter):
+        (KJS::FunctionImp::construct):
+        (KJS::Arguments::Arguments):
+        (KJS::ActivationImp::createArgumentsObject):
+        (KJS::encode):
+        (KJS::decode):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        (KJS::functionProtoFuncToString):
+        (KJS::FunctionObjectImp::FunctionObjectImp):
+        (KJS::FunctionObjectImp::construct):
+        * kjs/internal.cpp:
+        (KJS::StringImp::toObject):
+        * kjs/internal.h:
+        (KJS::StringImp::StringImp):
+        (KJS::NumberImp::operator new):
+        * kjs/lookup.h:
+        (KJS::staticFunctionGetter):
+        (KJS::cacheGlobalObject):
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::getValueProperty):
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/nodes.cpp:
+        (KJS::Node::handleException):
+        (KJS::NumberNode::evaluate):
+        (KJS::StringNode::evaluate):
+        (KJS::ArrayNode::evaluate):
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::typeStringForValue):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::TypeOfResolveNode::evaluate):
+        (KJS::TypeOfValueNode::evaluate):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::PreIncConstNode::evaluate):
+        (KJS::PreDecConstNode::evaluate):
+        (KJS::PostIncConstNode::evaluate):
+        (KJS::PostDecConstNode::evaluate):
+        (KJS::PreIncBracketNode::evaluate):
+        (KJS::PreDecBracketNode::evaluate):
+        (KJS::PreIncDotNode::evaluate):
+        (KJS::PreDecDotNode::evaluate):
+        (KJS::NegateNode::evaluate):
+        (KJS::BitwiseNotNode::evaluate):
+        (KJS::MultNode::evaluate):
+        (KJS::DivNode::evaluate):
+        (KJS::ModNode::evaluate):
+        (KJS::addSlowCase):
+        (KJS::add):
+        (KJS::AddNumbersNode::evaluate):
+        (KJS::AddStringsNode::evaluate):
+        (KJS::AddStringLeftNode::evaluate):
+        (KJS::AddStringRightNode::evaluate):
+        (KJS::SubNode::evaluate):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitOrNode::evaluate):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::ForInNode::execute):
+        (KJS::TryNode::execute):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::evaluate):
+        * kjs/number_object.cpp:
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        (KJS::NumberObjectImp::NumberObjectImp):
+        (KJS::NumberObjectImp::getValueProperty):
+        (KJS::NumberObjectImp::construct):
+        (KJS::NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::defineGetter):
+        (KJS::JSObject::defineSetter):
+        (KJS::JSObject::putDirect):
+        (KJS::Error::create):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        (KJS::ObjectObjectImp::ObjectObjectImp):
+        (KJS::ObjectObjectImp::construct):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::regExpProtoFuncToString):
+        (KJS::RegExpImp::getValueProperty):
+        (KJS::RegExpObjectImp::RegExpObjectImp):
+        (KJS::RegExpObjectImp::arrayOfMatches):
+        (KJS::RegExpObjectImp::getBackref):
+        (KJS::RegExpObjectImp::getLastParen):
+        (KJS::RegExpObjectImp::getLeftContext):
+        (KJS::RegExpObjectImp::getRightContext):
+        (KJS::RegExpObjectImp::getValueProperty):
+        (KJS::RegExpObjectImp::createRegExpImp):
+        * kjs/regexp_object.h:
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::StringInstance):
+        (KJS::StringInstance::lengthGetter):
+        (KJS::StringInstance::indexGetter):
+        (KJS::stringInstanceNumericPropertyGetter):
+        (KJS::StringPrototype::StringPrototype):
+        (KJS::replace):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        (KJS::StringObjectImp::StringObjectImp):
+        (KJS::StringObjectImp::construct):
+        (KJS::StringObjectImp::callAsFunction):
+        (KJS::StringObjectFuncImp::StringObjectFuncImp):
+        (KJS::StringObjectFuncImp::callAsFunction):
+        * kjs/string_object.h:
+        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
+        * kjs/testkjs.cpp:
+        (GlobalObject::GlobalObject):
+        (functionGC):
+        (functionRun):
+        (functionReadline):
+        (kjsmain):
+        * kjs/ustring.h:
+        * kjs/value.cpp:
+        (KJS::JSCell::operator new):
+        (KJS::jsString):
+        (KJS::jsOwnedString):
+        (KJS::jsNumberCell):
+        * kjs/value.h:
+        (KJS::jsNaN):
+        (KJS::jsNumber):
+        (KJS::jsNumberFromAnd):
+        (KJS::JSCell::marked):
+        (KJS::JSCell::mark):
+        (KJS::JSValue::toJSNumber):
+        Removed collectOnMainThreadOnly, as this is the only way to collect now. Replaced calls to
+        static Collector methods with calls to per-thread Heap ones.
+
+2008-05-02  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - Mac build fix
+
+        * wtf/StrHash.h: Added header guards and removed #include "config.h".
+
+2008-05-01  Ada Chan  <adachan@apple.com>
+
+        #include <wtf/StrHash.h> in identifier.cpp.
+
+        Reviewed by Maciej.
+
+        * kjs/identifier.cpp:
+
+2008-05-01  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-05-01  Sam Weinig  <sam@webkit.org>
+
+        Fix build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-05-01  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - Fix "sample" output so that it can be imported into Instruments
+        - Also keep track of number of times a function is profiled.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add StrHash.h which needed
+        to be pulled out of identifier.cpp so that it could be used by the
+        profiler and identifiers.
+        * kjs/identifier.cpp: Ditto.
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::printDataInspectorStyle): Inspector style
+        printing should show microseconds.
+        (KJS::FunctionCallProfile::printDataSampleStyle): Sample style printing
+        now counts the number of times a function is in the stack tree and does
+        not print microseconds since that does not make sense for a sampler.
+        * profiler/FunctionCallProfile.h: Keep track of number of times a
+        function is profiled.
+        (KJS::FunctionCallProfile::numberOfCalls):
+        * profiler/Profiler.cpp:
+        (KJS::functionNameCountPairComparator): Comparator for sort function in
+        printDataSampleStyle.
+        (KJS::Profiler::printDataSampleStyle): Print the number of times that a
+        function is listed in the stack tree in order of most times listed.
+        * wtf/HashCountedSet.h: Added copyToVector since it didn't exist and is
+        a more standard way to copy a HashSet to a Vector. I added on variant
+        that takes a pair as the Vector's type and so the HashCountedSet simply
+        fills in that pair with its internal pair, and another variant that
+        takes a Vector of the type of the HashCountedSet and only fills in the
+        Vector with the first element of the pair.
+        (WTF::copyToVector):
+        * wtf/StrHash.h: Added.
+        (WTF::):
+
+2008-04-29  David Kilzer  <ddkilzer@apple.com>
+
+        BUILD FIX for ENABLE(DASHBOARD_SUPPORT)
+
+        * wtf/Platform.h: Defined ENABLE(DASHBOARD_SUPPORT) to 1 only for
+        PLATFORM(MAC) and PLATFORM(WIN).  Changed default to 0 for other
+        ports.
+
+2008-04-29  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Darin.
+
+        Wrapped Dashboard code with ENABLE(DASHBOARD_SUPPORT)
+
+        * wtf/Platform.h:
+
+2008-04-29  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        -Keep call count.
+
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::FunctionCallProfile):
+        (KJS::FunctionCallProfile::didExecute): Implements call count and fixed a bug where a stackIndex
+        of 0 was causing the assert to be hit.
+        (KJS::FunctionCallProfile::stopProfiling):
+        (KJS::FunctionCallProfile::endAndRecordCall):
+        * profiler/FunctionCallProfile.h:
+
+2008-04-29  Simon Hausmann  <hausmann@webkit.org>
+
+        Qt/Windows build fix. The externally declared hash tables are actually
+        declared const and the const is mangled in the symbol name, so when
+        importing they also need to be marked const.
+
+        When compiling without MULTIPLE_THREADS use a const HashTable&
+        instead of a HashTable& in ThreadClassInfoHashTables to avoid
+        initializing the latter with a const reference.
+
+        * kjs/JSGlobalObject.cpp:
+
+2008-04-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix.
+
+        * kjs/ExecState.h: For whatever reason, MSVC couldn't generate a default constructor for
+        a struct that had a "const List" member. Removing the const qulifier makes the problem go away.
+
+2008-04-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Fix run-webkit-tests --threading
+        and provisionally fix <https://bugs.webkit.org/show_bug.cgi?id=18661>
+        Proxy server issue in Sunday's Nightly
+
+        Changed ClassInfo objects for built-in objects to hold a getter function returning
+        a per-thread instance. This makes it safe to share these ClassInfo objects between threads -
+        and these are the only ones that need to be shared.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::~Lexer):
+        * kjs/lexer.h:
+        Made mainTable a member of Lexer, so that it no longer needs to be shared between threads.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::deleteProperty):
+        (KJS::JSObject::findPropertyHashEntry):
+        (KJS::JSObject::propertyIsEnumerable):
+        (KJS::JSObject::getPropertyAttributes):
+        (KJS::JSObject::getPropertyNames):
+        * kjs/object.h:
+        (KJS::ClassInfo::propHashTable):
+        Added a new classPropHashTableGetterFunction field to ClassInfo. If it is non-zero, the
+        static table is not used.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::ThreadClassInfoHashTables::ThreadClassInfoHashTables): This new class holds per-thread
+        HashTables for built-in classes. The old static structs are copied to create per-thread
+        instances.
+        (KJS::JSGlobalObject::threadClassInfoHashTables): An accessor/initializer for the above.
+        (KJS::JSGlobalObject::init): Copy per-thread data into a single structure for faster access.
+        Also, construct globalExec.
+        (KJS::JSGlobalObject::reset): Adapted for globalExec now being an OwnPtr.
+        (KJS::JSGlobalObject::mark): Ditto.
+        (KJS::JSGlobalObject::globalExec): Ditto.
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Made JSGlobalObject::JSGlobalObjectData::globalExec an OwnPtr, so that it can
+        be initialized from JSGlobalObject::init() after them. Otherwise, ExecState constructor was
+        trying to access half-initialized JSGlobalObject to make its own copy of these table
+        references, and failed.
+        (KJS::JSGlobalObject::JSGlobalObject): Pass "this" value to init() to create globalExec.
+        (KJS::JSGlobalObject::perThreadData): An accessor for per-thread data.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        (KJS::ExecState::propertyNames):
+        (KJS::ExecState::emptyList):
+        (KJS::ExecState::arrayTable):
+        (KJS::ExecState::dateTable):
+        (KJS::ExecState::mathTable):
+        (KJS::ExecState::numberTable):
+        (KJS::ExecState::RegExpImpTable):
+        (KJS::ExecState::RegExpObjectImpTable):
+        (KJS::ExecState::stringTable):
+        * kjs/ExecStateInlines.h:
+        (KJS::ExecState::ExecState):
+        Each ExecState holds its own reference to per-thread data, for even faster access. Moved
+        m_emptyList and m_propertyNames to the same structure, making ExecState faster to construct
+        and take less space on the stack.
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Initialize thread-static data
+        added to JSGlobalObject.
+
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackObject.cpp:
+        * JavaScriptCore.exp:
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyAttributes):
+        * kjs/JSVariableObject.h:
+        * kjs/array_instance.cpp:
+        * kjs/array_object.cpp:
+        (KJS::ArrayPrototype::getOwnPropertySlot):
+        * kjs/bool_object.cpp:
+        * kjs/create_hash_table:
+        * kjs/date_object.cpp:
+        (KJS::DatePrototype::getOwnPropertySlot):
+        (KJS::DateObjectImp::DateObjectImp):
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        * kjs/internal.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::getOwnPropertySlot):
+        * kjs/number_object.cpp:
+        (KJS::NumberObjectImp::getOwnPropertySlot):
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::RegExpImp::getOwnPropertySlot):
+        (KJS::RegExpImp::put):
+        (KJS::RegExpObjectImp::getOwnPropertySlot):
+        (KJS::RegExpObjectImp::put):
+        * kjs/string_object.cpp:
+        (KJS::StringPrototype::getOwnPropertySlot):
+        Adjust for the above changes.
+
+2008-04-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        - make sure RefPtr's default hash doesn't ref/deref when computing the hash
+        - remove remnants of the hash table storage type optimization
+
+        * wtf/HashFunctions.h: Used "using" to get the hash and equal functions
+        from PtrHash<P*> into PtrHash<RefPtr<P>>.
+
+        * wtf/HashMap.h: Replaced uses of PairBaseHashTraits with PairHashTraits.
+        Eliminated storage-related typedefs. Removed constructor, destructor,
+        copy constructor, and destructor since the compiler-generated ones are
+        fine. Removed refAll and derefAll. Took out unnnecessary typecasts.
+        Removed use of RefCounter.
+
+        * wtf/HashSet.h: Eliminated storage-related typedefs. Removed constructor,
+        destructor, copy constructor, and destructor since the compiler-generated
+        ones are fine. Removed refAll and derefAll. Removed unneeded template
+        arguents from HashSetTranslatorAdapter. Eliminated unneeded HashSetTranslator
+        template.
+
+        * wtf/HashTable.h: Tweaked formatting. Removed NeedsRef, RefCounterBase,
+        RefCounter, HashTableRefCounterBase, HashTableRefCounter, and Assigner
+        class templates.
+
+        * wtf/HashTraits.h: Removed StorageTraits, needsRef, PairBaseHashTraits,
+        and HashKeyStorageTraits.
+
+        * wtf/RefPtrHashMap.h: Made all the same fixes as in HashMap. Also made
+        the corresponding changes to RefPtrHashMapRawKeyTranslator.
+
+2008-04-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mitz.
+
+        - fix assertion hit every time you view www.apple.com
+
+        * kjs/PropertyNameArray.cpp:
+        (KJS::PropertyNameArray::add): Changed assertion to allow null and empty strings.
+        Now to find out why we have a property named "" and if that's a bug!
+
+2008-04-27  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix crash inside PtrHash::hash when loading a page.
+
+        * wtf/HashFunctions.h: Explicitly use the superclass implementation of hash to avoid infinite recursion.
+
+2008-04-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix <rdar://problem/5657459> REGRESSION: JavaScriptCore no longer builds with
+          GCC 4.2 due to pointer aliasing warnings
+
+        Fix this by removing the HashTable optimizations that allowed us to share a back end
+        implementation between hash tables with integers, pointers, RefPtr, and String objects
+        as keys. The way it worked was incompatible with strict aliasing.
+
+        This increases code size. On Mac OS X we'll have to regenerate .order files to avoid
+        slowing down Safari startup times.
+
+        This creates a slight slowdown in SunSpider, mitigated by the following four speedups:
+
+        - speed up array put slightly by moving a branch (was already done for get)
+
+        - speed up symbol table access by adding a function named inlineGet to HashMap
+          and using that in symbolTableGet/Put
+
+        - speed up PropertyNameArray creation by reducing the amount of reference count
+          churn and uniqueness checking when adding names and not doing any allocation at
+          all when building small arrays
+
+        - speed up conversion of strings to floating point numbers by eliminating the
+          malloc/free of the buffer for the ASCII copy of the string; a way to make
+          things even faster would be to change strtod to take a UTF-16 string
+
+        Note that there is considerable unused complexity now in HashSet/Map/Table to support
+        "storage types", which is no longer used. Will do in a separate patch.
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::JSCallbackObject<Base>::getPropertyNames): Removed explicit cast to Identifier to
+        take advantage of the new PropertyNameArray::add overload and avoid reference count churn.
+        * API/JSObjectRef.cpp:
+        (JSPropertyNameAccumulatorAddName): Ditto.
+        * JavaScriptCore.exp: Updated PropertyNameArray::add entry point name.
+
+        * kjs/JSVariableObject.cpp: Removed now-unneeded IdentifierRepHashTraits::nullRepPtr
+        definition (see below).
+        (KJS::JSVariableObject::getPropertyNames): Removed explicit cast to Identifier.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet): Use inlineGet for speed. Also changed to do
+        early exit instead of nesting the body inside an if.
+        (KJS::JSVariableObject::symbolTablePut): Ditto.
+
+        * kjs/PropertyNameArray.cpp:
+        (KJS::PropertyNameArray::add): Changed implementation to take a raw pointer instead of
+        a reference to an identifier. Do uniqueness checking by searching the vector when the
+        vector is short, only building the set once the vector is large enough.
+
+        * kjs/PropertyNameArray.h: Added an overload of add for a raw pointer, and made the old
+        add function call that one. Added an addKnownUnique function for use when the new
+        name is known to be different from any other in the array. Changed the vector to have
+        an inline capacity of 20.
+
+        * kjs/SymbolTable.h: Changed IdentifierRepHash to inherit from the default hash for
+        a RefPtr so we don't have to define so much. Added an overload of the hash function for
+        a raw pointer as required by the new RefPtrHashMap. Got rid of the now-unneeded
+        IdentifierRepHashTraits -- the default traits now work fine. Added a definition of
+        empthValueIsZero to SymbolTableIndexHashTraits; not having it was incorrect, but harmless.
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::put): Move the maxArrayIndex check inside the branch that checks
+        the index against the length, as done in the get function.
+
+        * kjs/function.cpp:
+        (KJS::globalFuncKJSPrint): Changed to use the new getCString instead of cstring.
+
+        * kjs/internal.cpp: Removed printInfo debugging function, a client of cstring.
+        If we need a debugging function we can easily make a better one and we haven't
+        used this one in a long time.
+        * kjs/internal.h: Ditto.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::getPropertyNames): Removed explicit cast to Identifier.
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getEnumerablePropertyNames): Ditto. Also added a special case for
+        the case where the propertyNames array is empty -- in that case we know we're adding
+        a set of names that are non-overlapping so we can use addKnownUnique.
+        * kjs/ustring.cpp:
+        (KJS::UString::getCString): Replaces cstring. Puts the C string into a CStringBuffer,
+        which is a char Vector with an inline capacity. Also returns a boolean to indicate if
+        the converion was lossy, which eliminates the need for a separate is8Bit call.
+        (KJS::UString::toDouble): Changed to call getCString instead of cstring.
+        * kjs/ustring.h: Ditto.
+
+        * wtf/HashFunctions.h: Overload the hash and equal functions for RefPtr's default
+        hash to take raw pointers. This works with the changes to RefPtrHashMap to avoid
+        introducing refcount churn.
+
+        * wtf/HashMap.h: Removed special code to convert the deleted value to the empty value
+        when writing a new value into the map. This is now handled elsewhere.
+        (WTF::HashMap::get): Removed code that checks for an empty hash table before calling
+        HashTable::lookup; it's slightly more efficient to do this check inside lookup.
+
+        * wtf/HashTable.h:
+        (WTF::HashTable::isDeletedBucket): Changed to use isDeletedValue instead of using
+        deletedValue and the equality operator.
+        (WTF::HashTable::deleteBucket): Changed to use constructDeletedValue instead of
+        using deletedValue and the assignment operator.
+        (WTF::HashTable::checkKey): Added. Factors out the check for values that are empty
+        or deleted keys that's used in various functions below.
+        (WTF::HashTable::lookup): Changed to use checkKey, check for a 0 table, and also
+        made public for use by RefPtrHashMap.
+        (WTF::HashTable::lookupForWriting): Changed to use checkKey.
+        (WTF::HashTable::fullLookupForWriting): Changed to use checkKey.
+        (WTF::HashTable::add): Changed to use checkKey, and call initializeBucket on a
+        deleted bucket before putting a new entry into it.
+        (WTF::HashTable::addPassingHashCode): Ditto.
+        (WTF::HashTable::deallocateTable): Check isDeletedBucket before calling ~ValueType.
+
+        * wtf/HashTraits.h: Got ridd of all the HashTraits specialization for the integer
+        types, since GeneicHashTraitsBase already deals with integers separately. Put the
+        deleted value support into GenericHashTraitsBase. Changed FloatHashTraits to
+        inherit from GenericHashTraits, and define construct/isDeletedValue rather than
+        deletedValue. Removed the ref and deref functions from RefPtr's HashTraits, and
+        defined construct/isDeletedValue. Eliminated DeletedValueAssigner. Changed
+        PairHashTraits to define construct/isDeletedValue, and also merged
+        PairBaseHashTraits in with PairHashTraits. Got rid of all specialization of
+        HashKeyStorageTraits. We'll remove that, and the needsRef data member, later.
+
+        * wtf/RefPtr.h: Added HashTableDeletedValueType, an enum type with a single value,
+        HashTableDeletedValue. Used that type to make a new constructor to construct
+        deleted values and also added an isHashTableDeletedValue function.
+
+        * wtf/RefPtrHashMap.h: Added RefPtrHashMapRawKeyTranslator and used it to implement
+        the raw pointer functions. This is a way to continue to avoid refcount thrash. We
+        can't use the old way because it depended on the underlying map using a non-RefPtr
+        type.
+        (WTF::HashMap::find): Use find with RefPtrHashMapRawKeyTranslator.
+        (WTF::HashMap::contains): Use contains with RefPtrHashMapRawKeyTranslator.
+        (WTF::HashMap::inlineAdd): Use add with RefPtrHashMapRawKeyTranslator.
+        (WTF::HashMap::get): Removed code that checks for an empty hash table before calling
+        HashTable::lookup; it's slightly more efficient to do this check inside lookup.
+        (WTF::HashMap::inlineGet): Added. Just like get, but marked inline for use in the
+        symbol table code.
+
+2008-04-25  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Mark Rowe.
+
+        Remove SavedBuiltins and SavedProperties classes and the methods used to
+        save data to them.  The CachedPage now stores a the JSGlobalObject in full.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        * kjs/JSVariableObject.cpp:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::localStorage):
+        * kjs/SavedBuiltins.h: Removed.
+        * kjs/object.h:
+        * kjs/property_map.cpp:
+        * kjs/property_map.h:
+
+2008-04-25  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Add some content to an empty ICU header file to prevent verification errors.
+
+        * icu/unicode/utf_old.h:
+
+2008-04-25  David Kilzer  <ddkilzer@apple.com>
+
+        <rdar://problem/5819422> REGRESSION: Wrong line number passed to -willLeaveCallFrame
+
+        Patch by George Dicker and Michael Kahl.  Reviewed by Darin.
+
+        When -[NSObject(WebScriptDebugDelegate) webView:willLeaveCallFrame:sourceId:line:forWebFrame:]
+        is invoked, the first line number of the function is returned instead of the last
+        line number.  This regressed in r28458.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNodeWithDebuggerHooks::execute): Pass lastLine() instead of lineNo()
+        when calling Debugger::returnEvent().
+
+2008-04-25  Darin Adler  <darin@apple.com>
+
+        Done with Stephanie Lewis.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Prepare for compilation with gcc 4.2 by
+        adding -fno-strict-aliasing to CollatorICU.cpp.
+
+2008-04-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Add a #define to easily enable collecting on every allocation to aid
+        debugging GC bugs.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+
+2008-04-24  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam and Sam.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        -Only profile the page group that starts profiling to avoid profiling
+        tools that shouldn't be profiled unless explicitly requested to.
+
+        * JavaScriptCore.exp: Export new signature.
+        * kjs/JSGlobalObject.cpp: Add unique identifiers to the JSGlobalObject.
+        (KJS::JSGlobalObject::init):
+        * kjs/JSGlobalObject.h: Ditto.
+        (KJS::JSGlobalObject::setPageGroupIdentifier):
+        (KJS::JSGlobalObject::pageGroupIdentifier):
+        * profiler/Profiler.cpp: Check the identifier of the page group of the
+        lexical global exec state and only profile if it matches the given page
+        group identifier.
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        * profiler/Profiler.h: Ditto.
+        (KJS::Profiler::Profiler):
+
+2008-04-24  Julien Chaffraix  <jchaffraix@webkit.org>
+
+        Reviewed by Simon.
+
+        Bug 15940: Implement threading API for Qt
+        https://bugs.webkit.org/show_bug.cgi?id=15940
+
+        Original patch by Justin Haygood, tweaked by me.
+
+        * JavaScriptCore.pri:
+        * wtf/ThreadingQt.cpp: Added.
+        (WTF::threadMapMutex):
+        (WTF::threadMap):
+        (WTF::establishIdentifierForThread):
+        (WTF::clearThreadForIdentifier):
+        (WTF::threadForIdentifier):
+        (WTF::initializeThreading):
+        (WTF::ThreadPrivate::getReturnValue):
+        (WTF::ThreadPrivate::ThreadPrivate):
+        (WTF::ThreadPrivate::run):
+        (WTF::createThread):
+        (WTF::waitForThreadCompletion): return !res to return
+        0 on success (to match the pthreads implementation).
+        (WTF::detachThread):
+        (WTF::identifierByQthreadHandle):
+        (WTF::currentThread):
+        (WTF::Mutex::Mutex):
+        (WTF::Mutex::~Mutex):
+        (WTF::Mutex::lock):
+        (WTF::Mutex::tryLock):
+        (WTF::Mutex::unlock):
+        (WTF::ThreadCondition::ThreadCondition):
+        (WTF::ThreadCondition::~ThreadCondition):
+        (WTF::ThreadCondition::wait):
+        (WTF::ThreadCondition::timedWait):
+        (WTF::ThreadCondition::signal):
+
+2008-04-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - simplify use of HashTraits to prepare for some upcoming hash table changes
+
+        * kjs/SymbolTable.h: Made SymbolTableIndexHashTraits derive from HashTraits<size_t>
+        and specialize only the empty value.
+
+2008-04-23  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Simon.
+
+        Removed the #define for USE_SYSTEM_MALLOC that we set in WebKit.pri
+        already.
+
+        * wtf/Platform.h:
+
+2008-04-21  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        <rdar://problem/5770054> JavaScript profiler (10928)
+        - When stop profiling is called we need to stop the timers on all the
+        functions that are still running.
+
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::didExecute):
+        (KJS::FunctionCallProfile::stopProfiling):
+        * profiler/FunctionCallProfile.h:
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::stopProfiling):
+
+2008-04-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Move collector main thread initialization from WebKit/win to KJS::initializeThreading.
+
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading):
+
+2008-04-21  Adam Roben  <aroben@apple.com>
+
+        MSVC build fix
+
+        Reviewed by Alexey Proskuryakov.
+
+        * kjs/ustring.h:
+        (KJS::UString::cost): Disable a warning about assigning a 32-bit
+        size_t into a 31-bit size_t.
+
+2008-04-21  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Lars.
+
+        Made convertValueToQVariant accessible from within WebKit/qt/Api
+
+        * bindings/qt/qt_runtime.h:
+
+2008-04-21  Holger Hans Peter Freyther  <holger.freyther@trolltech.com>
+
+        Reviewed by Simon.
+
+        Build fix for Qt 4.3
+
+        * When building WebCore/internal make sure the QT_[BEGIN,END]_NAMESPACE is
+        always defined. Do this by adding defines to the compiler line
+        * For users of our API this is not feasible. Every public header file should
+        include qwebkitglobal.h. Define the QT_BEGIN_NAMESPACE and QT_END_NAMESPACE
+        when we are building everything < 4.4.0 and don't have them defined.
+
+        * kjs/testkjs.pro:
+
+2008-04-19  Matt Lilek  <webkit@mattlilek.com>
+
+        Not reviewed, Windows build fix - copy the profiler headers in all
+        configurations, not just Debug_Internal.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-04-19  Mike Hommey  <glandium@debian.org>
+
+        Reviewed by Alp Toker.
+
+        Don't build testkjs with rpath.
+
+        * GNUmakefile.am:
+
+2008-04-18  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fixes. Rename LocalStorage.h to LocalStorageEntry.h
+        to avoid header detection issues between WebCore/storage/LocalStorage.h 
+        and it, and add $(PROFILER_SOURCES) to the wx JSCore build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jscore.bkl:
+        * kjs/ExecState.h:
+        * kjs/JSVariableObject.h:
+        * kjs/LocalStorage.h: Removed.
+        * kjs/LocalStorageEntry.h: Copied from JavaScriptCore/kjs/LocalStorage.h.
+        * kjs/function.h:
+
+2008-04-18 Jan  Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Reviewed by Alp Toker.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16620
+        [GTK] Autotools make dist and make check support
+
+        Cleanups.
+
+        * GNUmakefile.am:
+
+2008-04-18  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Windows
+        build fix.
+
+2008-04-11  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Antti Koivisto.
+
+        Silence GCC 4.3 warnings by removing extraneous consts.
+
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+
+2008-04-18  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        - Use Deque instead of Vector since the profiler uses prepend a lot
+        and deque is faster at that.
+
+        * profiler/FunctionCallProfile.h:
+        (KJS::FunctionCallProfile::milliSecs): Corrected the name to match
+        its output.
+        * wtf/Deque.h:
+        (WTF::deleteAllValues):
+
+2008-04-18  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam and Adam.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        - Cleaned up the header file and made some functions static, added
+        a new, sane, printing function, and fixed a few minor bugs.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/FunctionCallProfile.cpp:
+        (KJS::FunctionCallProfile::didExecute): Removed assertion that time is
+        > 0 because at ms resolution that may not be true and only cross-
+        platform way to get time differences is in ms.
+        (KJS::FunctionCallProfile::printDataInspectorStyle): Added a new
+        printing function for dumping data in a sane style.
+        (KJS::FunctionCallProfile::printDataSampleStyle): Fixed a bug where we
+        displayed too much precision when printing our floats. Also added logic
+        to make sure we don't display 0 because that doesn't make sense for a
+        sampling profile.
+        * profiler/FunctionCallProfile.h:
+        * profiler/Profiler.cpp: Moved functions that could be static into the
+        implementation, and chaned the ASSERTs to early returns.  I did this
+        because console.profile() is a JS function and so was being profiled
+        but asserting because the profiler had not been started! In the future
+        I would like to put the ASSERTs back and not profile the calls to
+        console.profile() and console.profileEnd().
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        (KJS::getStackNames): Fixed a bug where the wrong ExecState was being
+        used.
+        (KJS::getFunctionName):
+        (KJS::Profiler::printDataInspectorStyle):
+        * profiler/Profiler.h:
+
+2008-04-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Fix leaks during plugin tests (which actually excercise background JS), and potential
+        PAC brokenness that was not reported, but very likely.
+
+        The leaks shadowed a bigger problem with Identifier destruction. Identifier::remove involves
+        an IdentifierTable lookup, which is now a per-thread instance. Since garbage collection can
+        currently happen on a different thread than allocation, a wrong table was used.
+
+        No measurable change on SunSpider total, ~1% variation on individual tests.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create):
+        (KJS::UString::Rep::destroy):
+        * kjs/ustring.h:
+        Replaced isIdentifier with a pointer to IdentifierTable, so that destruction can be done
+        correctly. Took one bit from reportedCost, to avoid making UString::Rep larger (performance
+        effect was measurable on SunSpider).
+
+        * kjs/identifier.cpp:
+        (KJS::IdentifierTable::IdentifierTable):
+        (KJS::IdentifierTable::~IdentifierTable):
+        (KJS::IdentifierTable::add):
+        (KJS::IdentifierTable::remove):
+        Make IdentifierTable a real class. Its destructor needs to zero out outstanding references,
+        because some identifiers may briefly outlive it during thread destruction, and we don't want
+        them to use their stale pointers.
+
+        (KJS::LiteralIdentifierTable):
+        (KJS::Identifier::add):
+        Now that LiteralIdentifierTable is per-thread and can be destroyed not just during application
+        shutdown, it is not appropriate to simply bump refcount for strings that get there; changed
+        the table to hold RefPtrs.
+
+        (KJS::CStringTranslator::translate):
+        (KJS::UCharBufferTranslator::translate):
+        (KJS::Identifier::addSlowCase):
+        (KJS::Identifier::remove):
+        * kjs/identifier.h:
+        (KJS::Identifier::add):
+        Use and update UString::Rep::identifierTable as appropriate. Updating it is now done in
+        IdentifierTable::add, not in translators.
+
+2008-04-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Get rid of static compareWithCompareFunctionArguments in array_instance.cpp.
+
+        No change on SunSpider, CelticKane or iBench JavaScript. It is probable that in some cases,
+        merge sort is still faster, but more investigation is needed to determine a new cutoff.
+        Or possibly, it would be better to do what FIXME says (change to tree sort).
+
+        Also, made arguments a local variable - not sure why it was a member of
+        CompareWithCompareFunctionArguments.
+
+        * kjs/array_instance.cpp:
+        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
+        (KJS::CompareWithCompareFunctionArguments::operator()):
+        (KJS::ArrayInstance::sort):
+
+2008-04-18  Simon Hausmann  <hausmann@webkit.org>
+
+        Build fix for gcc 4.3. Include stdio.h for printf.
+
+        * profiler/FunctionCallProfile.cpp:
+        * profiler/Profiler.cpp:
+
+2008-04-17  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Reviewed by mrowe.
+
+        * wtf/Platform.h: Add HAVE_ACCESSIBILITY to Platform.h.
+
+2008-04-17  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        Thread static data destructors are not guaranteed to be called in any particular order;
+        turn ThreadSpecific into a phoenix-style singleton to avoid accessing freed memory when
+        deleted objects are interdependent (e.g. CommonIdentifiers and internal identifier tables).
+
+        No change on SunSpider.
+
+        * wtf/ThreadSpecific.h:
+        (WTF::ThreadSpecific::Data::Data):
+        (WTF::::get):
+        (WTF::::set):
+        (WTF::::destroy):
+
+2008-04-15  Srinivas Rao. M Hamse  <msrinirao@gmail.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - gcc 3.x build fix
+
+        * kjs/nodes.h: CallerType definition made public for gcc 3.x compilation
+
+2008-04-16  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Sam Weinig
+
+        Change ThreadSafeShared to act like RefCounted by starting out with a single ref by default
+
+        * wtf/Threading.h:
+        (WTF::ThreadSafeShared::ThreadSafeShared):
+
+2008-04-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        - To keep the behavior of the WebKit and JavaScriptCore API's the same,
+          we need to hide the fact that the global object and the window object
+          are no longer the same thing, and the the global object now changes on
+          navigations.  To do this, only the wrapper should ever be exposed.  This
+          fixes the two remaining spots where the internal global object is exposed,
+          the windowScriptObject returned from [WebFrame windowObject] and the object
+          return by calling JSContextGetGlobalObject on [WebFrame globalContext].
+
+        * API/JSContextRef.cpp:
+        (JSContextGetGlobalObject):
+        This is a bit of a hack, this returns the "this" representation of the globalObject
+        which will be the WrapperWindow for WebCore and the globalObject for non-WebCore.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectSetProperty):
+        Call the new putWithAttributes method instead of relying on lower-level calls.
+        This is needed so that the window wrapper can forward the calls.
+
+        * JavaScriptCore.exp:
+        * kjs/Activation.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::putWithAttributes):
+        * kjs/JSGlobalObject.h:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTablePutWithAttributes):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::putWithAttributes):
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::handleSlowCase):
+        (KJS::ConstDeclNode::evaluateSingle):
+        (KJS::EvalNode::processDeclarations):
+        * kjs/object.cpp:
+        (KJS::JSObject::putWithAttributes):
+        * kjs/object.h:
+        Rename initializeVariable to putWithAttributes and move it down to JSObject so it
+        can be used for JSObjectSetProperty.
+
+2008-04-16  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam and Geoff.
+
+        -<rdar://problem/5770054> JavaScript profiler (10928)
+        Inital profiler prototype
+
+        * GNUmakefile.am: Added new files to project
+        * JavaScriptCore.pri: Ditto
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto
+        * JavaScriptCoreSources.bkl: Ditto
+        * kjs/config.h: Put compiling flag in here.
+        * kjs/function.cpp: Instrument calling the function eval().
+        (KJS::eval):
+        * kjs/interpreter.cpp: Instrument evaluating global scopes.
+        (KJS::Interpreter::evaluate):
+        * kjs/object.cpp: Instrument JS function calls.
+        (KJS::JSObject::call):
+        * profiler: Added.
+        * profiler/FunctionCallProfile.cpp: Added.
+        (KJS::FunctionCallProfile::FunctionCallProfile):
+        (KJS::FunctionCallProfile::~FunctionCallProfile):
+        (KJS::FunctionCallProfile::willExecute): Call right before the JS function or executing context is executed to start the profiler's timer.
+        (KJS::FunctionCallProfile::didExecute): Call right after the JS function or executing context is executed to stop the profiler's timer.
+        (KJS::FunctionCallProfile::addChild): Add a child to the current FunctionCallProfile if it isn't already a child of the current FunctionalCallProfile.
+        (KJS::FunctionCallProfile::findChild): Return the child that matches the given name if there is one.
+        (KJS::FunctionCallProfile::printDataSampleStyle): Print the current profiled information in a format that matches sample's output.
+        * profiler/FunctionCallProfile.h: Added.
+        (KJS::FunctionCallProfile::FunctionCallProfile):
+        (KJS::FunctionCallProfile::~FunctionCallProfile):
+        (KJS::FunctionCallProfile::functionName):
+        (KJS::FunctionCallProfile::microSecs):
+        * profiler/Profiler.cpp: Added.
+        (KJS::Profiler::profiler):
+        (KJS::Profiler::sharedProfiler): Return global singleton (may change due to multi-threading concerns)
+        (KJS::Profiler::startProfiling): Don't start collecting profiling information until the user starts the profiler. Also don't clear old prfiled data until the profiler is restarted.
+        (KJS::Profiler::stopProfiling): Stop collecting profile information.
+        (KJS::Profiler::willExecute): Same as above. 
+        (KJS::Profiler::didExecute): Same as above.
+        (KJS::Profiler::insertStackNamesInTree): Follow the stack of the given names and if a sub-stack is not in the current tree, add it.
+        (KJS::Profiler::getStackNames): Get the names from the different passed in parameters and order them as a stack.
+        (KJS::Profiler::getFunctionName): Get the function name from the given parameter.
+        (KJS::Profiler::printDataSampleStyle): Print the current profiled information in a format that matches sample's output.
+        (KJS::Profiler::debugLog):
+        * profiler/Profiler.h: Added.
+        (KJS::Profiler::Profiler):
+
+2008-04-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        - Remove kjs_ prefix from strtod, dtoa, and freedtoa and put it
+          in the KJS namespace.
+        - Make strtod, dtoa, and freedtoa c++ functions instead of extern "C".
+        - Remove mode switching from dtoa.  ~2% improvement on test 26. 
+        - Removes all unnecessary #defines from dtoa code.
+
+        * JavaScriptCore.exp:
+        * kjs/dtoa.cpp:
+        (KJS::ulp):
+        (KJS::b2d):
+        (KJS::d2b):
+        (KJS::ratio):
+        (KJS::strtod):
+        (KJS::freedtoa):
+        (KJS::dtoa):
+        * kjs/dtoa.h:
+        * kjs/function.cpp:
+        (KJS::parseInt):
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex):
+        * kjs/number_object.cpp:
+        (KJS::integer_part_noexp):
+        (KJS::numberProtoFuncToExponential):
+        * kjs/ustring.cpp:
+        (KJS::UString::from):
+        (KJS::UString::toDouble):
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Get rid of static execForCompareByStringForQSort in array_instance.cpp.
+
+        No change on SunSpider, CelticKane or iBench JavaScript.
+
+        * kjs/array_instance.cpp:
+        (KJS::ArraySortComparator::ArraySortComparator):
+        (KJS::ArraySortComparator::operator()):
+        (KJS::ArrayInstance::sort):
+        Switch slow case to std::sort, so that ExecState can be passed in a comparator.
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        MSVC build fix.
+
+        * kjs/CommonIdentifiers.cpp:
+        * kjs/CommonIdentifiers.h:
+        * kjs/Parser.cpp:
+        * kjs/Parser.h:
+        * kjs/identifier.cpp:
+        * kjs/lexer.h:
+        * wtf/ThreadSpecific.h:
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * kjs/date_object.cpp:
+        * kjs/date_object.h:
+        Don't include DateMath.h from date_object.h, as the latter is used from WebCore, while
+        where the former is not available.
+
+2008-04-16  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Unreviewed build fix for MSVC. It does not want to have
+        WTF in the KJS namespace.
+
+        * kjs/CommonIdentifiers.h:
+
+2008-04-16  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Unreviewed build fix for gcc.
+
+        ::msToGregorianDateTime  is not known to it.
+
+        * kjs/date_object.cpp:
+        (KJS::DateInstance::msToGregorianDateTime):
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Initialize threadMapMutex safely (as already done in ThreadingWin).
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Cache Gregorian date/time structure on DateInstance objects for 1.027x SunSpider speedup
+        (1.65x on date-format-xparb, 1.13x on date-format-tofte).
+
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::copyFrom): Added. It presumably makes sense to keep GregorianDateTime
+        Noncopyable, so it's not just operator=.
+
+        * kjs/date_object.h: Added a per-object cache.
+
+        * kjs/date_object.cpp:
+        (KJS::DateInstance::DateInstance):
+        (KJS::DateInstance::msToGregorianDateTime):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        Use the cache when converting.
+
+2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Implement an abstraction for thread-specific storage, use it to get rid of some static objects.
+
+        SunSpider results were not conclusive, possibly up to 0.2% slowdown.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        Added ThreadSpecific.h
+
+        * wtf/ThreadSpecific.h: Added.
+        (WTF::::ThreadSpecific):
+        (WTF::::~ThreadSpecific):
+        (WTF::::get):
+        (WTF::::set):
+        (WTF::::destroy):
+        (WTF::T):
+        (WTF::::operator):
+        Only implemented for platforms that use pthreads.
+
+        * kjs/CommonIdentifiers.cpp:
+        (KJS::CommonIdentifiers::shared):
+        * kjs/CommonIdentifiers.h:
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading):
+        * kjs/Parser.cpp:
+        (KJS::parser):
+        * kjs/Parser.h:
+        * kjs/identifier.cpp:
+        (KJS::identifierTable):
+        (KJS::literalIdentifierTable):
+        (KJS::Identifier::initializeIdentifierThreading):
+        * kjs/identifier.h:
+        * kjs/lexer.cpp:
+        (KJS::lexer):
+        * kjs/lexer.h:
+        Make static instances per-thread.
+
+2008-04-15  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        Add ENABLE_OFFLINE_WEB_APPLICATIONS to FEATURE_DEFINES.
+        
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-04-15  Andre Poenitz  <andre.poenitz@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix compilation with Qt namespaces
+
+        Qt can be configured to have all of its classes inside a specified namespaces.
+        This is for example used in plugin/component environments like Eclipse.
+
+        This change makes it possible to let the Qt port compile against a namespaced
+        Qt by the use of macros Qt provides to properly forward declare Qt classes in
+        the namespace.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+
+2008-04-14  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        Don't leak the prototype class.
+        
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::create):
+
+2008-04-14  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix build.
+
+        * wtf/ThreadingWin.cpp:
+
+2008-04-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=18488
+        FastMalloc doesn't release thread-specific data on Windows
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::threadMapMutex): (WTF::initializeThreading): Call threadMapMutex once to initialize the static safely.
+        (WTF::ThreadFunctionInvocation::ThreadFunctionInvocation): Added a structure to wrap thread entry point and arguments.
+        (WTF::wtfThreadEntryPoint): Make sure to end all WTF threads with pthread_exit(), to give pthreads-win32 a chance to call
+        destructors of thread-specific data.
+        (WTF::createThread): Use _beginthreadex instead of CreateThread, because MSDN says so. Also removed a call to CreateEvent,
+        for which I could see no reason at all.
+
+2008-04-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Touched a file to make JavaScriptCore.vcproj rebuild.
+
+        * wtf/MathExtras.h:
+
+2008-04-14  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        Rubberstamped by Alexey Proskuryakov.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
+        the "potentially uninitialized variable" warning for grammar.cpp, as
+        it seems to be incorrect. yylval gets initialized by the lexer, but
+        MSVC doesn't seem to understand this.
+
+2008-04-11  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Maciej.
+        
+        Add default hash for pairs of hashable types.
+
+        * wtf/HashFunctions.h:
+        (WTF::PairHash::hash):
+        (WTF::PairHash::equal):
+        (WTF::):
+
+2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Make DateMath.cpp thread safe.
+
+        No measurable change on SunSpider (should be a very small speedup).
+
+        * kjs/DateMath.cpp:
+        (KJS::mimimumYearForDST): (KJS::equivalentYearForDST): Got rid of double caching of the
+        same precomputed value.
+        (KJS::calculateUTCOffset): (KJS::getUTCOffset): Factored actual UTC offset calculation code
+        out of getUTCOffset(), and notification setup into initDateMath().
+
+        (KJS::initDateMath): Added.
+
+        * kjs/DateMath.h:
+        * kjs/InitializeThreading.cpp:
+        (KJS::initializeThreading):
+        Added initDateMath().
+
+2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix.
+
+        * kjs/grammar.y:
+
+2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Tiger build fix. Forward declaring a union didn't work for whatever reason, make the
+        parameters void*.
+
+        * kjs/grammar.y:
+        * kjs/lexer.cpp:
+        (kjsyylex):
+        (KJS::Lexer::lex):
+        * kjs/lexer.h:
+
+2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        Generate a pure (re-entrant) parser with Bison.
+
+        No change on SunSpider.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/lexer.cpp:
+        (kjsyylex):
+        (KJS::Lexer::lex):
+        * kjs/lexer.h:
+        Pass state as function arguments, instead of global data. Don't call lexer() as often as
+        before, as this function is about to become slower due to thread-specific storage.
+
+        * kjs/function.cpp:
+        (KJS::isStrWhiteSpace): Don't call isSeparatorSpace() for 8-bit characters, as these are
+        already taken care of. This is a small speedup, compensating for a small slowdown caused
+        by switching Bison mode.
+
+2008-04-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff.
+
+        https://bugs.webkit.org/show_bug.cgi?id=18402
+        REGRESSION: visited element handling is incorrect in nested join/toString calls
+
+        No change on SunSpider total, possibly a tiny improvement (about 0.1%).
+
+        Test: fast/js/array-tostring-and-join.html
+
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::visitedElements): Store visited elements HashSet here, making it
+        common to toString/toLocalizedString/join again.
+
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        Got rid of static variables. Replaced UString with Vector to avoid O(n^2) behavior and
+        regain performance.
+
+        * wtf/Vector.h:
+        (WTF::::resize):
+        (WTF::::grow):
+        (WTF::::reserveCapacity):
+        (WTF::::append):
+        (WTF::::insert):
+        Added null checks, so that Vector methods don't crash when out of memory. The caller should
+        check that data pointer is not null before proceeding.
+
+2008-04-10  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix https://bugs.webkit.org/show_bug.cgi?id=18367 and the many dupes.
+        Bug 18367: Crash during celtic kane js speed 2007 test
+
+        GCC 4.2 on x86_64 Linux decided to reorder the local variables in markCurrentThreadConservatively's
+        stack frame.  This lead to the range of addresses the collector treated as stack to exclude the
+        contents of volatile registers that markCurrentThreadConservatively forces onto the stack.  This was
+        leading to objects being prematurely collected if the only reference to them was via a register at
+        the time a collection occurred.
+
+        The fix for this is to move the calculation of the top of the stack into a NEVER_INLINE function
+        that is called from markCurrentThreadConservatively.  This forces the dummy variable we use for
+        determining the top of stack to be in a different stack frame which prevents the compiler from
+        reordering it relative to the registers that markCurrentThreadConservatively forces onto the stack.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::markCurrentThreadConservativelyInternal):
+        (KJS::Collector::markCurrentThreadConservatively):
+        * kjs/collector.h:
+
+2008-04-10  Adam Roben  <aroben@apple.com>
+
+        VC++ Express build fix
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Link against user32.lib so
+        that anyone who links against WTF.lib will get user32.lib
+        automatically.
+
+2008-04-09  Adam Roben  <aroben@apple.com>
+
+        VC++ Express build fix
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Link against
+        user32.lib.
+
+2008-04-09  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        * JavaScriptCore.exp: Export isMainThread.
+
+2008-04-09  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        * wtf/AlwaysInline.h: Make sure to #include Platform.h before using
+        the macros it defines.
+
+2008-04-08  Mark Rowe  <mrowe@apple.com>
+
+        Export WTF::initializeThreading() from JavaScriptCore.
+
+        * JavaScriptCore.exp:
+
+2008-04-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        First step in implementing the "split window"
+
+        - Add a GlobalThisValue to ExecState which should be used 
+          in places that used to implement the "use the global object
+          as this if null" rule.
+        - Factor out lookupGetter/lookupSetter into virtual methods 
+          on JSObject so that they can be forwarded.
+        - Make defineGetter/defineSetter virtual methods for the same
+          reason.
+        - Have PrototypeReflexiveFunction store the globalObject used
+          to create it so that it can be used to get the correct thisObject
+          for eval.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectCallAsFunction):
+        * JavaScriptCore.exp:
+        * kjs/Activation.h:
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        (KJS::GlobalExecState::GlobalExecState):
+        * kjs/ExecState.h:
+        (KJS::ExecState::globalThisValue):
+        * kjs/ExecStateInlines.h:
+        (KJS::ExecState::ExecState):
+        (KJS::FunctionExecState::FunctionExecState):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        (KJS::JSGlobalObject::toGlobalObject):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        (KJS::JSGlobalObject::JSGlobalObject):
+        * kjs/array_instance.cpp:
+        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
+        (KJS::compareWithCompareFunctionForQSort):
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncSort):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::ActivationImp::toThisObject):
+        (KJS::globalFuncEval):
+        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
+        (KJS::PrototypeReflexiveFunction::mark):
+        * kjs/function.h:
+        (KJS::PrototypeReflexiveFunction::cachedGlobalObject):
+        * kjs/function_object.cpp:
+        (KJS::functionProtoFuncApply):
+        (KJS::functionProtoFuncCall):
+        * kjs/nodes.cpp:
+        (KJS::ExpressionNode::resolveAndCall):
+        (KJS::FunctionCallValueNode::evaluate):
+        (KJS::LocalVarFunctionCallNode::inlineEvaluate):
+        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
+        (KJS::FunctionCallBracketNode::evaluate):
+        (KJS::FunctionCallDotNode::inlineEvaluate):
+        * kjs/object.cpp:
+        (KJS::JSObject::call):
+        (KJS::JSObject::put):
+        (KJS::tryGetAndCallProperty):
+        (KJS::JSObject::lookupGetter):
+        (KJS::JSObject::lookupSetter):
+        (KJS::JSObject::toThisObject):
+        (KJS::JSObject::toGlobalObject):
+        (KJS::JSObject::fillGetterPropertySlot):
+        * kjs/object.h:
+        * kjs/object_object.cpp:
+        (KJS::objectProtoFuncLookupGetter):
+        (KJS::objectProtoFuncLookupSetter):
+        * kjs/string_object.cpp:
+        (KJS::replace):
+
+2008-04-08  Brady Eidson  <beidson@apple.com>
+
+        Encourage Windows to rebuild - AGAIN...
+
+        * kjs/DateMath.cpp:
+
+2008-04-08  Adam Roben  <aroben@apple.com>
+
+        Mac build fix
+
+        * JavaScriptCore.exp: Add callOnMainThread, and sorted the list.
+
+2008-04-08  Brady Eidson  <beidson@apple.com>
+
+        Rubberstamped by Adam Roben
+        
+        Touch some files to *strongly* encourage Windows to rebuilt with DOM_STORAGE enabled
+
+        * kjs/DateMath.cpp:
+
+2008-04-08  Adam Roben  <aroben@apple.com>
+
+        Move callOnMainThread to WTF
+
+        Reviewed by Alexey Proskuryakov.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        Added new files.
+
+        * wtf/MainThread.cpp:
+        * wtf/MainThread.h:
+        * wtf/gtk/MainThreadGtk.cpp:
+        * wtf/mac/MainThreadMac.mm:
+        * wtf/qt/MainThreadQt.cpp:
+        * wtf/win/MainThreadWin.cpp:
+        * wtf/wx/MainThreadWx.cpp:
+        Moved here from WebCore/platform. Replaced all instances of "WebCore"
+        with "WTF".
+
+        * kjs/bool_object.cpp: Touched to force JavaScriptCore.vcproj to
+        build.
+        to the WTF namespace.
+        * wtf/ThreadingWin.cpp:
+        (WTF::initializeThreading): Call initializeMainThread.
+
+2008-04-07  Brady Eidson  <beidson@apple.com>
+
+        Add "ENABLE_DOM_STORAGE" to keep in sync with the rest of the project
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-04-07  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * wtf/ThreadingWin.cpp: Back out some changes I didn't mean to land.
+
+2008-04-07  Adam Roben  <aroben@apple.com>
+
+        Add WTF::isMainThread
+
+        Reviewed by Alexey Proskuryakov.
+
+        * wtf/Threading.h: Declare the new function.
+        * wtf/ThreadingGtk.cpp:
+        (WTF::initializeThreading): Initialize the main thread identifier.
+        (WTF::isMainThread): Added.
+        * wtf/ThreadingNone.cpp: Ditto ThreadingGtk.cpp.
+        (WTF::initializeThreading):
+        (WTF::isMainThread):
+        * wtf/ThreadingPthreads.cpp: Ditto.
+        (WTF::initializeThreading):
+        (WTF::isMainThread):
+        * wtf/ThreadingWin.cpp: Ditto.
+        (WTF::initializeThreading):
+        (WTF::isMainThread):
+
+2008-04-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Make UString thread-safe.
+
+        No change on SunSpider total, although individual tests have changed a lot, up to 3%.
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Call UString::null() to initialize
+        a static.
+        
+        * kjs/identifier.cpp:
+        (KJS::CStringTranslator::translate):
+        (KJS::UCharBufferTranslator::translate):
+        Use "true" for a boolean value instead of 1, because it's C++.
+
+        * kjs/ustring.h:
+        (KJS::CString::adopt): Added a method to create from a char* buffer without copying.
+        (KJS::UString::Rep::ref): Removed an assertion for JSLock::lockCount, as it's no longer
+        necessary to hold JSLock when working with strings.
+        (KJS::UString::Rep::deref): Ditto.
+        (KJS::UString::Rep::isStatic): Added a field to quickly determine that this is an empty
+        or null static string.
+
+        * kjs/ustring.cpp:
+        (KJS::): Removed normalStatBufferSize and statBufferSize, as there is no reason to have such
+        an advanced implementation of a debug-only ascii() method. Removed a long-obsolete comment
+        about UChar.
+        (KJS::UString::Rep::createCopying): Removed an assertion for JSLock::lockCount.
+        (KJS::UString::Rep::create): Ditto.
+        (KJS::UString::Rep::destroy): Ditto. Do not do anything for static null and empty strings,
+        as refcounting is not reliable for those. Reordered branches for a noticeable speed gain -
+        apparently this functiton is hot enough for SunSpider to see an effect from this!
+        (KJS::UString::null): Moved a star, added a comment.
+        (KJS::UString::cstring): Reimplemented to not call ascii(), which is not thread-safe.
+        (KJS::UString::ascii): Simplified statBuffer handling logic.
+        (KJS::UString::toDouble): Use cstring() instead of ascii().
+
+2008-04-02  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Ensure that debug symbols are generated for x86_64 and ppc64 builds.
+
+        * Configurations/Base.xcconfig:
+
+2008-04-01  Christian Dywan  <christian@imendio.com>
+
+        Build fix for GCC 4.3.
+
+        * wtf/unicode/icu/CollatorICU.cpp: include string.h
+
+2008-04-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Darin.
+
+        Turn off using 64-bit arithmetic on 32-bit hardware, as dtoa own code is faster than
+        compiler-provided emulation.
+
+        1% speedup on Acid3 test 26.
+
+        * kjs/dtoa.cpp:
+
+2008-04-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Make MathExtras.h thread safe.
+
+        * kjs/math_object.cpp:
+        (KJS::mathProtoFuncRandom): If threading is enabled, rely on initializeThreading to call
+        wtf_random_init().
+
+        * wtf/Threading.h:
+        * wtf/ThreadingGtk.cpp:
+        (WTF::initializeThreading):
+        * wtf/ThreadingNone.cpp:
+        (WTF::initializeThreading):
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::initializeThreading):
+        * wtf/ThreadingWin.cpp:
+        (WTF::initializeThreading):
+        Call wtf_random_init(); made the function non-inline to avoid having to include too many
+        headers in Threading.h.
+
+2008-03-31  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+
+        Make matching of regexps using ^ much faster
+        http://bugs.webkit.org/show_bug.cgi?id=18086
+
+        * pcre/pcre_compile.cpp:
+        (compileBranch):
+        (branchNeedsLineStart):
+        * pcre/pcre_exec.cpp:
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2008-03-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/5829556> REGRESSION: Leak in KJS::initializeThreading()
+
+        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): There is no guarantee that
+        initializeThreading() is called only once; check that the mutex hasn't been already allocated.
+
+2008-03-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 17924: Crash in KJS::ConstDeclNode::evaluate with |with| and |const|
+        <http://bugs.webkit.org/show_bug.cgi?id=17924>
+        <rdar://problem/5806933>
+
+        It turns out this is trivially avoidable if we just match firefox's
+        semantics and ensure that an assignment in a const declaration always
+        writes to the variable object.
+
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::handleSlowCase):
+
+2008-03-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        Fix a dtoa thread safety issue.
+
+        WebCore can call kjs_strtod without holding JS lock, but we didn't have thread safety
+        compiled in for dtoa.
+
+        This is a 0.5% regression on SunSpider, which Sam Weinig has volunteered to cover with
+        his recent improvement.
+
+        * kjs/dtoa.cpp:
+        (Bigint::Balloc):
+        (Bigint::Bfree):
+        Changed to use fastMalloc/fastDelete - they are much faster than the dtoa custom version was
+        in the presence of locking (but somewhat slower in single-threaded case).
+        (Bigint::pow5mult): Got rid of the dreaded double-checked locking anti-pattern (had to
+        restructure the code to avoid significant performance implications).
+        (Bigint::lshift): Rewrote to avoid an allocation, if possible.
+
+        (Bigint::rv_alloc):
+        (Bigint::kjs_freedtoa):
+        (Bigint::kjs_dtoa):
+        Check for USE(MULTIPLE_THREADS), not dtoa legacy MULTIPLE_THREADS.
+
+        * kjs/InitializeThreading.cpp: Added.
+        (KJS::initializeThreading):
+        * kjs/InitializeThreading.h: Added.
+        Initialize threading at KJS level, if enabled.
+
+        * kjs/dtoa.h: Expose dtoa mutex for KJS::initializeThreading.
+
+        * kjs/testkjs.cpp: (kjsmain): Call initializeThreading.
+
+        * JavaScriptCore.exp: Export KJS::initializeThreading.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCoreSources.bkl:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Added InitializeThreading.{h,cpp}.
+
+        * wtf/Threading.h: Removed a using directive for WTF::initializeThreading - it is only
+        to be called from KJS::initializeThreading, and having it in the global namespace is useless.
+
+2008-03-28  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Darin
+
+        Export Unicode/UTF8.h and convertUTF16ToUTF8() for more flexible conversion in WebCore
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-03-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/5826236> Regular expressions with large nested repetition counts can have their
+        compiled length calculated incorrectly.
+
+        * pcre/pcre_compile.cpp:
+        (multiplyWithOverflowCheck):
+        (calculateCompiledPatternLength): Check for overflow when dealing with nested repetition counts
+        and bail with an error rather than returning incorrect results.
+
+2008-03-26  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Brady Eidson.
+
+        Update FEATURE_DEFINES to be consistent with the other locations in which it is defined.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-03-26  Adam Roben  <aroben@apple.com>
+
+        Fix Bug 18060: Assertion failure (JSLock not held) beneath
+        JSCallbackObject<Base>::toString
+
+        <http://bugs.webkit.org/show_bug.cgi?id=18060>
+
+        Reviewed by Geoff Garen.
+
+        Bug fix:
+
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::JSCallbackObject<Base>::toString): Make the DropAllLocks
+        instance only be in scope while calling convertToType.
+
+        Test:
+
+        * API/testapi.c:
+        (MyObject_convertToType): Implement type conversion to string.
+        * API/testapi.js: Add a test for type conversion to string.
+
+2008-03-26  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * kjs/array_instance.cpp: Touched this.
+        * wtf/HashFunctions.h:
+        (WTF::intHash): Added 8- and 16-bit versions of intHash.
+
+2008-03-26  Adam Roben  <aroben@apple.com>
+
+        Force JSC headers to be copied by touching a file
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::getPropertyNames):
+
+2008-03-26  Adam Roben  <aroben@apple.com>
+
+        Windows build fix after r31324
+
+        Written with Darin.
+
+        Added HashTable plumbing to support using wchar_t as a key type.
+
+        * wtf/HashFunctions.h:
+        * wtf/HashTraits.h:
+        (WTF::):
+
+2008-03-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - JSC part of fix for "SVG multichar glyph matching matches longest instead of first (affects Acid3 test 79)"
+        http://bugs.webkit.org/show_bug.cgi?id=18118
+
+        * wtf/HashFunctions.h:
+        (WTF::):
+        * wtf/HashTraits.h:
+        (WTF::):
+
+2008-03-26  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Cache C string identifiers by address, not value, assuming that C strings can only
+        be literals.
+
+        1% speedup on Acid3 test 26.
+
+        * kjs/identifier.cpp:
+        (KJS::literalIdentifierTable):
+        (KJS::Identifier::add):
+        Added a new table to cache UString::Reps created from C strings by address. Elements are
+        never removed from this cache, as only predefined identifiers can get there.
+
+        * kjs/identifier.h:
+        (KJS::Identifier::Identifier): Added a warning.
+
+2008-03-26  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Maciej.
+
+        An assertion was failing in function-toString-object-literals.html when parsing 1e-500.
+        The condition existed before, and got uncovered by turning compiled-out dtoa checks into
+        ASSERTs.
+
+        The assertion was verifying that the caller wasn't constructing a Bigint from 0.
+        This might have had some reason behind it originally, but I couldn't find any,
+        and this doesn't look like a reasonable requirement.
+
+        * kjs/dtoa.cpp: (d2b): Removed the assertion (two copies in different code paths).
+
+2008-03-25  Adam Roben  <aroben@apple.com>
+
+        Fix Bug 18077: Integrate testapi.c into the Windows build
+
+        <http://bugs.webkit.org/show_bug.cgi?id=18077>
+
+        Reviewed by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Added.
+
+2008-03-25  Adam Roben  <aroben@apple.com>
+
+        Make testapi.c compile under MSVC
+
+        Currently you must compile testapi.c as C++ code since MSVC does not
+        support many C features that GCC does.
+
+        Reviewed by Steve Falkenburg.
+
+        * API/testapi.c:
+        (nan): Added an implementation of this for MSVC.
+        (assertEqualsAsUTF8String): Use malloc instead of dynamically-sized
+        stack arrays.
+        (assertEqualsAsCharactersPtr): Ditto.
+        (print_callAsFunction): Ditto.
+        (main): Ditto, and explicitly cast from UniChar* to JSChar*.
+
+2008-03-25  Adam Roben  <aroben@apple.com>
+
+        Stop using JavaScriptCore's custom stdbool.h and stdint.h on Windows
+
+        We can't remove the os-win32 directory yet because other ports (at
+        least wx) are still relying on it.
+
+        Reviewed by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+          - Made all the include paths match the one for the Debug
+            configuration (these got out of sync in r30797)
+          - Removed os-win32 from the include path
+          - Removed os-win32 from the directories we copy to $WebKitOutputDir.
+          - Removed stdint.h from the project
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        Delete the files that we may have previously copied from the os-win32
+        directory.
+
+2008-03-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix.
+
+        * kjs/dtoa.cpp: Include stdint.h.
+
+2008-03-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Darin.
+
+        Cleanup dtoa.cpp style.
+
+        * kjs/dtoa.cpp:
+        (Bigint::Balloc):
+        (Bigint::Bfree):
+        (Bigint::multadd):
+        (Bigint::s2b):
+        (Bigint::hi0bits):
+        (Bigint::lo0bits):
+        (Bigint::i2b):
+        (Bigint::mult):
+        (Bigint::pow5mult):
+        (Bigint::lshift):
+        (Bigint::cmp):
+        (Bigint::diff):
+        (Bigint::ulp):
+        (Bigint::b2d):
+        (Bigint::d2b):
+        (Bigint::ratio):
+        (Bigint::):
+        (Bigint::match):
+        (Bigint::hexnan):
+        (Bigint::kjs_strtod):
+        (Bigint::quorem):
+        (Bigint::rv_alloc):
+        (Bigint::nrv_alloc):
+        (Bigint::kjs_freedtoa):
+        (Bigint::kjs_dtoa):
+        * kjs/dtoa.h:
+
+2008-03-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - convert a JavaScript immediate number to a string more efficiently
+
+        2% speedup of Acid3 test 26
+
+        * kjs/JSImmediate.cpp:
+        (KJS::JSImmediate::toString): Take advantage of the fact that all immediate
+        numbers are integers, and use the faster UString function for formatting integers
+        instead of the slower one that works for floating point. I think this is a leftover
+        from when immediate numbers were floating point.
+
+2008-03-23  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=18048
+        The "thisObject" parameter to JSEvaluateScript is not used properly
+
+        Making passing a thisObject to JSEvaluateScript actually set the thisObject of the created
+        ExecState.
+
+        * API/testapi.c:
+        (main): Add tests for setting the thisObject when calling JSEvaluateScript.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState): Assign the thisObject to m_thisValue and remove the comment. 
+
+2008-03-22  Jesse Ruderman  <jruderman@gmail.com>
+
+        Reviewed by Sam Weinig.  Landed by eseidel.
+        
+        Make testkjs flush stdout after printing.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/testkjs.cpp:
+        (functionPrint):
+
+2008-03-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Optimise lookup of Math, undefined, NaN and Infinity
+
+        Added a method to JSVariableObject to allow us to inject DontDelete properties
+        into the symbol table and localStorage.  This results in a 0.4% progression in
+        SunSpider, with a 8% gain in math-partial-sums.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableInsert):
+
+2008-03-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Global properties that use LocalStorage are not correctly listed as enumerable.
+
+        The problem was caused by JSObject::getPropertyAttributes not being aware
+        of the JSVariableObject SymbolTable.  The fix is to make getPropertyAttributes
+        virtual and override in JSVariableObject.  This does not produce any performance
+        regression.
+
+        * JavaScriptCore.exp:
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames):
+        (KJS::JSVariableObject::getPropertyAttributes):
+        * kjs/JSVariableObject.h:
+        * kjs/object.h:
+
+2008-03-21  Arkadiusz Miskiewicz  <arekm@maven.pl>
+
+        Webkit does not build on linux powerpc
+
+        <http://bugs.webkit.org/show_bug.cgi?id=17019>
+
+        Reviewed by David Kilzer.
+
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::Unlock):
+
+2008-03-21  Rodney Dawes  <dobey@wayofthemonkey.com>
+
+        Reviewed by Holger.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17981
+
+        Add javascriptcore_cppflags to Programs_minidom_CPPFLAGS.
+
+        * GNUmakefile.am:
+
+2008-03-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Consolidate static identifier initializers within CommonIdentifiers.
+
+        No reliably measurable change on SunSpider; maybe a tiny improvement (within 0.2%).
+
+        * kjs/CommonIdentifiers.h: Added static identifiers that were lazily initialized
+        throughout the code.
+
+        * kjs/date_object.cpp:
+        (KJS::DateObjectImp::DateObjectImp):
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        Use the values from CommonIdentifiers. 
+
+        * kjs/lookup.h: Caching the identifier in a static wasn't a win on SunSpider, removed it.
+
+        * kjs/value.h:
+        (KJS::jsNaN): We already have a shared NaN value, no need for a duplicate here.
+
+        * wtf/MathExtras.h:
+        (wtf_atan2): Having local variables for numeric_limits constants is good for readability,
+        but there is no reason to keep them static.
+
+        * JavaScriptCore.exp: Don't needlessly export JSGlobalObject::s_head.
+
+2008-03-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix for leak introduced by inline ScopeChainNode use
+
+        To avoid any extra branches when managing an inline ScopeChainNode
+        in the ScopeChain the inline node gets inserted with a refcount of
+        2.  This meant than when the ScopeChain was destroyed the ScopeChainNodes
+        above the inline node would be leaked.
+
+        We resolve this by manually popping the inline node in the
+        FunctionExecState destructor.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/ExecStateInlines.h:
+        (KJS::FunctionExecState::~FunctionExecState):
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::popInlineScopeNode):
+
+2008-03-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Ensure that the defines in FEATURE_DEFINES are sorted so that they will match the default settings of build-webkit.
+        This will prevent the world from being rebuilt if you happen to switch between building in Xcode and with build-webkit on the
+        command-line.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-03-20  David Krause  <david.krause@gmail.com>
+
+        Reviewed by David Kilzer.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17923
+        Bug 17923: ARM platform endian defines inaccurate
+
+        * wtf/Platform.h: 
+        Replaced !defined(__ARMEL__) check with !defined(__VFP_FP__)
+        for PLATFORM(MIDDLE_ENDIAN)
+
+2008-03-20  Maciej Stachowiak  <mjs@apple.com>
+
+        - fix build
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: install Activation.h as private
+
+2008-03-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - reduce function call overhead for 1.014x speedup on SunSpider
+
+        I moved some functions from ExecState.cpp to ExecStateInline.h and
+        from JSGlobalObject.cpp to JSGlobalObject.h, and declared them
+        inline; machine function call overhead for these was hurting JS
+        funcion call overhead.
+        
+        * kjs/ExecState.cpp:
+        * kjs/ExecStateInlines.h: Added.
+        (KJS::ExecState::ExecState):
+        (KJS::ExecState::~ExecState):
+        (KJS::FunctionExecState::FunctionExecState):
+        (KJS::FunctionExecState::~FunctionExecState):
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::pushActivation):
+        (KJS::JSGlobalObject::checkActivationCount):
+        (KJS::JSGlobalObject::popActivation):
+        * kjs/function.cpp:
+
+2008-03-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Avoid heap allocating the root scope chain node for eval and closure free functions
+
+        Maciej suggested using an inline ScopeChainNode for functions that don't use eval
+        or closures as they are unable to ever capture the scope chain.  This gives us a 2.4%
+        win in sunspider, a 15% win in controlflow-recursive, and big (>5%) wins in a number 
+        of other tests.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/ExecState.h:
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::push):
+
+2008-03-19  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix release build.
+
+        * kjs/JSGlobalObject.cpp:  Add missing #include.
+
+2008-03-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Fix for <rdar://problem/5785694>
+        Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file
+
+        Make the activeExecStates stack per JSGlobalObject instead of static to ensure
+        thread safety.
+
+        * JavaScriptCore.exp:
+        * kjs/ExecState.cpp:
+        (KJS::InterpreterExecState::InterpreterExecState):
+        (KJS::InterpreterExecState::~InterpreterExecState):
+        (KJS::EvalExecState::EvalExecState):
+        (KJS::EvalExecState::~EvalExecState):
+        (KJS::FunctionExecState::FunctionExecState):
+        (KJS::FunctionExecState::~FunctionExecState):
+        * kjs/ExecState.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::mark):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::activeExecStates):
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        (KJS::Collector::reportOutOfMemoryToAllExecStates): Iterate all JSGlobalObjects and report
+        the OutOfMemory condition to all the ExecStates in each.
+
+2008-03-19  Jasper Bryant-Greene  <jasper@unix.geek.nz>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17941
+        Bug 17941: C++-style comments in JavaScriptCore API
+
+        * API/JSBase.h:
+        Remove C++-style comments from public JavaScriptCore API, replacing
+        with standard C90 block comments.
+
+2008-03-19  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17939
+        Bug 17939: Crash decompiling "const a = 1, b;"
+
+        * kjs/nodes2string.cpp:
+        (KJS::ConstDeclNode::streamTo): Null-check the correct variable.
+
+2008-03-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Bug 17929: Incorrect decompilation with |const|, comma
+        http://bugs.webkit.org/show_bug.cgi?id=17929
+
+        There were actually two bugs here. First we weren't correctly handling const
+        nodes with multiple declarations. The second issue was caused by us not 
+        giving the correct precedence to the initialisers.
+
+        * kjs/nodes2string.cpp:
+        (KJS::ConstDeclNode::streamTo):
+
+2008-03-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - Speed up JavaScript built-in properties by changing the
+          hash table to take advantage of the identifier objects
+
+        5% speedup for Acid3 test 26
+
+        * JavaScriptCore.exp: Updated.
+        * kjs/create_hash_table: Compute size of hash table large enough so that there
+        are no collisions, but don't generate the hash table.
+        * kjs/identifier.h: Made the add function that returns a PassRefPtr public.
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex): Updated for change to HashTable interface.
+        * kjs/lookup.cpp:
+        (KJS::HashTable::changeKeysToIdentifiers): Added. Finds the identifier for
+        each property so the equality comparision can be done with pointer comparision.
+        * kjs/lookup.h: Made the key be a union of char* with UString::Rep* so it can
+        hold identifiers. Added a keysAreIdentifiers flag to the HashTable. Changed
+        the Lookup functions to be member functions of HashTable instead.
+        * kjs/object.cpp:
+        (KJS::JSObject::deleteProperty): Update for change to HashTable.
+        (KJS::JSObject::findPropertyHashEntry): Ditto.
+        (KJS::JSObject::getPropertyAttributes): Ditto.
+        (KJS::JSObject::getPropertyNames): Ditto.
+
+2008-03-18  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17925 and http://bugs.webkit.org/show_bug.cgi?id=17927.
+        - Bug 17925: Crash in KJS::JSObject::put after setting this.__proto__
+        - Bug 17927: Hang after attempting to create circular __proto__
+
+        * kjs/object.cpp:
+        (KJS::JSObject::put): Silently ignore attempts to set __proto__ to a non-object, non-null value.
+        Return after setting the exception when an attempt to set a cyclic __proto__ is detected so that
+        the cyclic value is not set.
+
+2008-03-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - inline ActivationImp::init for 0.8% SunSpider speedup
+
+        * kjs/Activation.h:
+        (KJS::ActivationImp::init): Moved here from function.cpp
+        * kjs/function.cpp:
+
+2008-03-18  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build.
+
+        Including config.h like in the other .cpp files gets the #ifdeffery
+        correct for rand_s.
+
+        * kjs/JSWrapperObject.cpp:
+
+2008-03-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        JavaScriptCore changes to support a WebCore speedup.
+
+        * JavaScriptCore.exp: Export the UString::Rep::computeHash function.
+        * wtf/HashSet.h: Added a find and contains function that take a translator,
+        like the add function.
+
+2008-03-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - a few micro-optimizations for 1.2% SunSpider speedup
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): check for Return completion before Throw,
+        it is more likely.
+        * kjs/object.cpp:
+        (KJS::JSObject::put): When walking prototype chain, instead of
+        checking isObject (a virtual call), compare to jsNull (compare to
+        a constant) since null is the only non-object that can be in a
+        prototype chain.
+
+2008-03-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Optimise multi-scope function call resolution
+
+        Refactor multiscope variable resolution and use to add
+        optimised FunctionCallResolveNode subclasses.  
+
+        2.6% gain in sunspider performance, *25%* gain in controlflow-recursive
+
+        * kjs/nodes.cpp:
+        (KJS::getSymbolTableEntry):
+        (KJS::ResolveNode::optimizeVariableAccess):
+        (KJS::getNonLocalSymbol):
+        (KJS::ExpressionNode::resolveAndCall):
+        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
+        (KJS::FunctionCallResolveNode::inlineEvaluate):
+        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
+        (KJS::ScopedVarFunctionCallNode::evaluate):
+        (KJS::ScopedVarFunctionCallNode::evaluateToNumber):
+        (KJS::ScopedVarFunctionCallNode::evaluateToBoolean):
+        (KJS::ScopedVarFunctionCallNode::evaluateToInt32):
+        (KJS::ScopedVarFunctionCallNode::evaluateToUInt32):
+        (KJS::NonLocalVarFunctionCallNode::inlineEvaluate):
+        (KJS::NonLocalVarFunctionCallNode::evaluate):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToNumber):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToBoolean):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToInt32):
+        (KJS::NonLocalVarFunctionCallNode::evaluateToUInt32):
+        * kjs/nodes.h:
+        (KJS::ScopedVarFunctionCallNode::):
+        (KJS::NonLocalVarFunctionCallNode::):
+
+2008-03-17  David Kilzer  <ddkilzer@apple.com>
+
+        Don't define PLATFORM(MIDDLE_ENDIAN) on little endian ARM.
+
+        Reviewed by Darin.
+
+        See <http://bugs.webkit.org/show_bug.cgi?id=15416#c13>.
+
+        * wtf/Platform.h: Added check for !defined(__ARMEL__) when defining
+        PLATFORM(MIDDLE_ENDIAN).
+
+2008-03-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff, Darin and Weinig.
+
+        Add fast multi-level scope lookup
+        
+        Add logic and AST nodes to provide rapid variable resolution across
+        static scope boundaries.  This also adds logic that allows us to skip
+        any static scopes that do not contain the variable to be resolved.
+        
+        This results in a ~2.5% speedup in SunSpider, and gives a 25-30% speedup
+        in some simple and ad hoc closure and global variable access tests.
+
+        * JavaScriptCore.exp:
+        * kjs/Activation.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        * kjs/JSVariableObject.cpp:
+        * kjs/JSVariableObject.h:
+        * kjs/function.cpp:
+        (KJS::ActivationImp::isDynamicScope):
+        * kjs/nodes.cpp:
+        (KJS::ResolveNode::optimizeVariableAccess):
+        (KJS::ScopedVarAccessNode::inlineEvaluate):
+        (KJS::ScopedVarAccessNode::evaluate):
+        (KJS::ScopedVarAccessNode::evaluateToNumber):
+        (KJS::ScopedVarAccessNode::evaluateToBoolean):
+        (KJS::ScopedVarAccessNode::evaluateToInt32):
+        (KJS::ScopedVarAccessNode::evaluateToUInt32):
+        (KJS::NonLocalVarAccessNode::inlineEvaluate):
+        (KJS::NonLocalVarAccessNode::evaluate):
+        (KJS::NonLocalVarAccessNode::evaluateToNumber):
+        (KJS::NonLocalVarAccessNode::evaluateToBoolean):
+        (KJS::NonLocalVarAccessNode::evaluateToInt32):
+        (KJS::NonLocalVarAccessNode::evaluateToUInt32):
+        (KJS::IfElseNode::optimizeVariableAccess):
+        (KJS::ScopeNode::optimizeVariableAccess):
+        * kjs/nodes.h:
+        (KJS::ScopedVarAccessNode::):
+        (KJS::NonLocalVarAccessNode::):
+        * kjs/object.h:
+
+ 2008-03-16  weihongzeng  <weihong.zeng@hotmail.com>
+ 
+         Reviewed by Darin Adler.
+ 
+         http://bugs.webkit.org/show_bug.cgi?id=15416
+         Add support for mixed-endian processors
+ 
+         * kjs/dtoa.cpp: Add IEEE_ARM, triggered by PLATFORM(MIDDLE_ENDIAN).
+ 
+2008-03-16  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Rubber stamped by Darin.
+
+        Add set-webkit-configuration support for wx port, and centralize
+        build dir location setting.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17790
+
+        * jscore.bkl:
+
+2008-03-14  Steve Falkenburg  <sfalken@apple.com>
+
+        PGO build fixes.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-03-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Add logic to track whether a function uses a locally scoped eval or requires a closure
+        
+        Now that we limit eval we can track those uses of eval that operate
+        in the local scope and functions that require a closure.  We track
+        this information during initial parsing to avoid yet another tree
+        walk.
+
+        * JavaScriptCore.exp:
+        * kjs/NodeInfo.h:
+        * kjs/Parser.cpp:
+        (KJS::Parser::didFinishParsing):
+        * kjs/Parser.h:
+        (KJS::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ScopeNode::ScopeNode):
+        (KJS::ProgramNode::ProgramNode):
+        (KJS::ProgramNode::create):
+        (KJS::EvalNode::EvalNode):
+        (KJS::EvalNode::create):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::FunctionBodyNode::create):
+        * kjs/nodes.h:
+        (KJS::ScopeNode::):
+        (KJS::ScopeNode::usesEval):
+        (KJS::ScopeNode::needsClosure):
+
+2008-03-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+
+        Fixed another problem with Vector::shrinkCapacity.
+        
+        moveOverlapping isn't good enough for the case where the buffer hasn't
+        changed, because it still destroys the contents of the buffer.
+
+        * wtf/Vector.h:
+        (WTF::::shrinkCapacity): Changed to explicitly check whether the call
+        to allocateBuffer produced a new buffer. If it didn't, there's no need
+        to move.
+
+2008-03-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Fixed a few problems with Vector::shrinkCapacity that I noticed in testing.
+
+        * wtf/Vector.h:
+        (WTF::VectorBufferBase::deallocateBuffer): Clear our m_buffer pointer
+        when we deallocate m_buffer, in case we're not asked to reallocate a new
+        buffer. (Otherwise, we would use a stale m_buffer if we were asked to
+        perform any operations after shrinkCapacity was called.)
+        
+        (WTF::VectorBuffer::allocateBuffer): Made VectorBuffer with inline
+        capacity aware that calls to allocateBuffer might be shrinks, rather
+        than grows, so we shouldn't allocate a new buffer on the heap unless
+        our inline buffer is too small.
+        
+        (WTF::::shrinkCapacity): Call resize() instead of just setting m_size,
+        so destructors run. Call resize before reallocating the buffer to make
+        sure that we still have access to the objects we need to destroy. Call
+        moveOverlapping instead of move, since a call to allocateBuffer on an
+        inline buffer may produce identical storage.
+
+2008-03-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Get rid of a localime() call on platforms that have better alternatives.
+
+        * kjs/DateMath.h: Added getLocalTime();
+
+        * kjs/DateMath.cpp:
+        (KJS::getLocalTime):
+        (KJS::getDSTOffsetSimple):
+        Implementation moved from getDSTOffsetSimple().
+
+        * kjs/date_object.cpp:
+        (KJS::DateObjectImp::callAsFunction): Switched to getLocalTime().
+
+2008-03-14  David D. Kilzer  <ddkilzer@apple.com>
+
+        Unify concept of enabling the Mac Java bridge.
+
+        Reviewed by Darin and Anders.
+
+        * wtf/Platform.h: Define ENABLE_MAC_JAVA_BRIDGE here.
+
+2008-03-13  Mark Mentovai  <mark@moxienet.com>
+
+        Reviewed by eseidel.  Landed by eseidel.
+
+        * wtf/FastMalloc.cpp: #include <wtf/HashSet.h> outside of any
+        namespaces.
+
+2008-03-13  Mark Mentovai  <mark@moxienet.com>
+
+        Reviewed by eseidel.  Landed by eseidel.
+
+        * pcre/pcre_exec.cpp: Fix misnamed variable, allowing -DDEBUG build
+        to succeed.
+        * wtf/ThreadingPthreads.cpp: #include <sys/time.h> for gettimeofday
+        in non-pch build.
+
+2008-03-13  Steve Falkenburg  <sfalken@apple.com>
+
+        PGO build fixes.
+        
+        Disable PGO for normal release builds.
+        Added work-in-progress Release_PGOInstrument/Release_PGOOptimize targets.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-03-13  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Geoff.
+
+        Adding new functionality to Vector. Currently all of the shrink and 
+        resize functions on Vector only shrink the size of the Vector, not 
+        the capacity. For the Vector to take up as little memory as 
+        possible, though, it is necessary to be able to shrink the capacity 
+        as well. So this patch adds that functionality. 
+
+        I need this for a speed up I am working on, and Geoff wants to use 
+        it in a speed up he is working on also, so he asked me to commit it 
+        now. 
+
+        * wtf/Vector.h:
+        (WTF::VectorBufferBase::allocateBuffer):
+        (WTF::::shrinkCapacity):
+
+2008-03-13  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Attempt at fixing the Qt/Windows build bot. Quote using double-quotes
+        instead of single quotes.
+
+        * pcre/dftables:
+
+2008-03-12  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2008-03-12  Alp Toker  <alp@atoker.com>
+
+        Another autotools testkjs build fix attempt.
+
+        * GNUmakefile.am:
+
+2008-03-12  Alp Toker  <alp@atoker.com>
+
+        Attempt to fix the autotools testkjs build on systems with
+        non-standard include paths.
+
+        * GNUmakefile.am:
+
+2008-03-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5787743> REGRESSION: Crash at WTF::Collator::CreateCollator() running fast/js/kde/StringObject.html on Windows
+
+        * wtf/unicode/icu/CollatorICU.cpp:
+        (WTF::Collator::createCollator): Check for null (== user default) m_locale before calling strcmp.
+
+2008-03-11  Steve Falkenburg  <sfalken@apple.com>
+
+        Disable LTCG/PGO for grammar.cpp and nodes.cpp.
+        PGO on these files causes us to hang.
+        
+        Copy newer vsprops files from relative WebKitLibraries path to environment variable based path.
+        
+        Reviewed by Oliver.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+
+2008-03-10  Darin Adler  <darin@apple.com>
+
+        - Windows build fix
+
+        * kjs/function.cpp: (KJS::decode): Initialize variable.
+
+2008-03-10  Brent Fulgham  <bfulgham@gmail.com>
+
+        Windows build fix
+
+        Reviewed by Adam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        Set the PATH to include Cygwin before running touch.
+
+2008-03-10  Eric Seidel  <eric@webkit.org>
+
+        Build fix for JSC on windows.
+
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+        * kjs/function.cpp:
+        (KJS::decode):
+        * kjs/nodes2string.cpp:
+        (KJS::escapeStringForPrettyPrinting):
+
+2008-03-10  Eric Seidel  <eric@webkit.org>
+        
+        No review, build fix only.
+        
+        Attempt to fix the windows build?
+
+        * kjs/ustring.h: change unsigned short to UChar
+
+2008-03-10  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Darin.
+
+        Remove KJS::UChar, use ::UChar instead
+        http://bugs.webkit.org/show_bug.cgi?id=17017
+
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters):
+        (JSStringCreateWithUTF8CString):
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+        * JavaScriptCore.exp:
+        * kjs/Parser.h:
+        * kjs/function.cpp:
+        (KJS::decode):
+        (KJS::parseInt):
+        (KJS::parseFloat):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnescape):
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+        * kjs/identifier.cpp:
+        (KJS::Identifier::equal):
+        (KJS::CStringTranslator::translate):
+        * kjs/interpreter.h:
+        * kjs/lexer.cpp:
+        (KJS::Lexer::setCode):
+        (KJS::Lexer::shift):
+        (KJS::Lexer::lex):
+        (KJS::Lexer::convertUnicode):
+        (KJS::Lexer::makeIdentifier):
+        * kjs/lookup.cpp:
+        (KJS::keysMatch):
+        * kjs/nodes2string.cpp:
+        (KJS::escapeStringForPrettyPrinting):
+        (KJS::SourceStream::operator<<):
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        (KJS::RegExp::match):
+        * kjs/string_object.cpp:
+        (KJS::substituteBackreferences):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::computeHash):
+        (KJS::UString::UString):
+        (KJS::UString::append):
+        (KJS::UString::ascii):
+        (KJS::UString::operator=):
+        (KJS::UString::is8Bit):
+        (KJS::UString::toStrictUInt32):
+        (KJS::UString::find):
+        (KJS::operator==):
+        (KJS::operator<):
+        (KJS::compare):
+        (KJS::UString::UTF8String):
+        * kjs/ustring.h:
+        * pcre/pcre.h:
+
+2008-03-09  Steve Falkenburg  <sfalken@apple.com>
+
+        Stop Windows build if an error occurs in a prior project.
+
+        Rubber stamped by Darin.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2008-03-09  J¸rg Billeter  <j@bitron.ch>
+
+        Reviewed by Alp Toker.
+
+        Conditionalise ICU for Unicode in the GTK+ port.
+
+        * wtf/Platform.h:
+
+2008-03-07  David D. Kilzer  <ddkilzer@apple.com>
+
+        Unify concept of enabling Netscape Plug-in API (NPAPI).
+
+        Reviewed by Darin.
+
+        * wtf/Platform.h: Define ENABLE_NETSCAPE_PLUGIN_API here.
+
+2008-03-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed <rdar://problem/5689093> Stricter (ES4) eval semantics
+        
+        The basic rule is:
+        
+        - "eval(s)" is treated as an operator that gives the ES3 eval behavior.
+            ... but only if there is no overriding declaration of "eval" in scope.
+        - All other invocations treat eval as a function that evaluates a
+        script in the context of its "this" object.
+            ... but if its "this" object is not the global object it was
+            originally associated with, eval throws an exception.
+        
+        Because only expressions of the form "eval(s)" have access to local
+        scope, the compiler can now statically determine whether a function
+        needs local scope to be dynamic.
+
+        * kjs/nodes.h: Added FunctionCallEvalNode. It works just like
+        FuncationCallResolveNode, except it statically indicates that the node
+        may execute eval in the ES3 way.
+        * kjs/nodes.cpp:
+        * kjs/nodes2string.cpp:
+
+        * tests/mozilla/expected.html: This patch happens to fix a Mozilla JS
+        test, but it's a bit of a pyrrhic victory. The test intends to test
+        Mozilla's generic API for calling eval on any object, but, in reality,
+        we only support calling eval on the global object.
+
+2008-03-06  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2008-03-06  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2008-03-06  Alp Toker  <alp@atoker.com>
+
+        Fix the build fix in r30845 to support out-of-tree builds.
+
+        * GNUmakefile.am:
+
+2008-03-06  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+2008-03-06  Darin Adler  <darin@apple.com>
+
+        - another small step towards fixing the Qt build
+
+        * JavaScriptCore.pri: Remove more references to the now-obsolete bindings directory.
+
+2008-03-06  Darin Adler  <darin@apple.com>
+
+        - a small step towards fixing the Qt build
+
+        * JavaScriptCore.pri: Remove references to files no longer present in JavaScriptCore/bindings.
+
+2008-03-06  Brady Eidson  <beidson@apple.com>
+
+        Gtk Build fix
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        Wx build fix.
+
+        * wtf/unicode/icu/CollatorICU.cpp:
+        (WTF::Collator::userDefault): Put ICU workaround under both PLATFORM(DARWIN) and
+        PLATFORM(CF) checks, so that each port can decide if it wants to use CF on Mac for it.
+
+2008-03-06  Brady Eidson <beidson@apple.com>
+
+        Reviewed by Darin
+
+        Add a timedWait() method to ThreadCondition
+
+        * JavaScriptCore.exp:
+
+        * wtf/Threading.h:
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadCondition::timedWait): Needs implementation
+
+2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        More build fixes.
+
+        * jscore.bkl: Add the wtf/unicode directory.
+        * wtf/unicode/CollatorDefault.cpp:
+        (WTF::Collator::userDefault): Use a constructor that does exist.
+        * wtf/unicode/icu/CollatorICU.cpp: Mac build fix for case-sensitive file systems.
+
+2008-03-06  Darin Adler  <darin@apple.com>
+
+        - try to fix the Qt build
+
+        * JavaScriptCore.pri: Add the wtf/unicode directory.
+
+2008-03-06  Darin Adler  <darin@apple.com>
+
+        - try to fix the GTK build
+
+        * GNUmakefile.am: Add a -I for the wtf/unicode directory.
+
+2008-03-06  Darin Adler  <darin@apple.com>
+
+        - try to fix the Mac build
+
+        * icu/unicode/parseerr.h: Copied from ../WebCore/icu/unicode/parseerr.h.
+        * icu/unicode/ucol.h: Copied from ../WebCore/icu/unicode/ucol.h.
+        * icu/unicode/uloc.h: Copied from ../WebCore/icu/unicode/uloc.h.
+        * icu/unicode/unorm.h: Copied from ../WebCore/icu/unicode/unorm.h.
+        * icu/unicode/uset.h: Copied from ../WebCore/icu/unicode/uset.h.
+
+2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5687269> Need to create a Collator abstraction for WebCore and JavaScriptCore
+
+        * wtf/Threading.h:
+        (WTF::initializeThreading):
+        * wtf/ThreadingGtk.cpp:
+        (WTF::initializeThreading):
+        * wtf/ThreadingNone.cpp:
+        * wtf/ThreadingPthreads.cpp:
+        * wtf/ThreadingWin.cpp:
+        Added AtomicallyInitializedStatic.
+
+        * kjs/string_object.cpp: (KJS::localeCompare): Changed to use Collator.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        Added new fiiles to projects.
+
+        * wtf/unicode/Collator.h: Added.
+        (WTF::Collator::):
+        * wtf/unicode/CollatorDefault.cpp: Added.
+        (WTF::Collator::Collator):
+        (WTF::Collator::~Collator):
+        (WTF::Collator::setOrderLowerFirst):
+        (WTF::Collator::collate):
+        * wtf/unicode/icu/CollatorICU.cpp: Added.
+        (WTF::cachedCollatorMutex):
+        (WTF::Collator::Collator):
+        (WTF::Collator::~Collator):
+        (WTF::Collator::setOrderLowerFirst):
+        (WTF::Collator::collate):
+        (WTF::Collator::createCollator):
+        (WTF::Collator::releaseCollator):
+
+2008-03-05  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Fix the wx build after the bindings move.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2008-03-05  Alp Toker  <alp@atoker.com>
+
+        GTK+ build fix for breakage introduced in r30800.
+
+        Track moved bridge sources from JavaScriptCore to WebCore.
+
+        * GNUmakefile.am:
+
+2008-03-05  Brent Fulgham  <bfulgham@gmail.com>
+
+        Reviewed by Adam Roben.
+
+        Remove definition of WTF_USE_SAFARI_THEME from wtf/Platform.h
+        because the PLATFORM(CG) flag is not set until config.h has
+        already included this file.
+
+        * wtf/Platform.h:  Remove useless definition of WTF_USE_SAFARI_THEME
+
+2008-03-05  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Alexey and Mark Rowe
+
+        Fix for <rdar://problem/5778247> - Reproducible crash on storage/execute-sql-args.html
+
+        DatabaseThread::unscheduleDatabaseTasks() manually filters through a MessageQueue,
+        removing particular items for Databases that were shutting down.
+
+        This filtering operation is not atomic, and therefore causes a race condition with the
+        MessageQueue waking up and reading from the message queue.  
+
+        The end result was an attempt to dereference a null DatabaseTask.  Timing-wise, this never
+        seemed to happen in a debug build, otherwise an assertion would've caught it.  Replacing that
+        assertion with a crash in a release build is what revealed this bug.
+
+        * wtf/MessageQueue.h:
+        (WTF::::waitForMessage): Tweak the waiting logic to check the queue's empty state then go back
+          to sleep if the queue was empty - checking m_killed each time it wakes up.
+
+2008-03-05  David D. Kilzer  <ddkilzer@apple.com>
+
+        Remove unused header includes from interpreter.cpp.
+
+        Reviewed by Darin.
+
+        * kjs/interpreter.cpp: Remove unused header includes.
+
+2008-03-05  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Sam.
+        
+        Remove bindings/.
+
+        * bindings: Removed.
+
+2008-03-05  Anders Carlsson  <andersca@apple.com>
+
+        Don't build bindings/ anymore.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-03-05  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Geoff.
+
+        Don't build JavaScriptCore/bindings.
+        
+        * JavaScriptCore.exp:
+        Export a couple of new functions. 
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Remove bindings/
+        
+        * kjs/config.h:
+        No need to define HAVE_JNI anymore.
+        
+        * kjs/interpreter.cpp:
+        Remove unnecessary include.
+
+2008-03-05  David D. Kilzer  <ddkilzer@apple.com>
+
+        Allow override of default script file name using command-line argument.
+
+        Reviewed by Adele.
+
+        * API/minidom.c:
+        (main): Allow first command-line argument to override the default script
+        file name of "minidom.js".
+        * API/testapi.c:
+        (main): Allow first command-line argument to override the default script
+        file name of "testapi.js".
+
+2008-03-04  Mark Rowe  <mrowe@apple.com>
+
+        Mac build fix.
+
+        * JavaScriptCore.exp:  Add new symbol to exports file.
+
+2008-03-03  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Anders.
+
+        Make ForInNode check for the timeout interrupt
+
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::execute):
+
+2008-03-02  Brent Fulgham  <bfulgham@gmail.com>
+
+        Reviewed by Alp Toker.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17415
+        GTK Build (using autotools) on Mac OS (DarwinPorts) Fails
+
+        Add -lstdc++ to link flags for minidom program.  This corrects
+        a build error for the GTK+ on Mac OS.
+
+        * GNUmakefile.am:
+
+2008-03-01  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        Update Xcode configuration to support building debug and release from the mysterious future.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/DebugRelease.xcconfig:
+
+2008-02-29  Brent Fulgham  <bfulgham@gmail.com>
+
+        http://bugs.webkit.org/show_bug.cgi?id=17483
+        Implement scrollbars on Windows (Cairo)
+
+        Reviewed by Adam Roben.
+
+        * wtf/Platform.h:
+
+2008-02-29  Adam Roben  <aroben@apple.com>
+
+        Remove unused DebuggerImp::abort and DebuggerImp::aborted
+
+        Reviewed by Tim and Sam.
+
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct):
+        * kjs/internal.h:
+        (KJS::DebuggerImp::DebuggerImp):
+        * kjs/nodes.cpp:
+        (KJS::Node::handleException):
+        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
+
+2008-02-28  Eric Christopher  <echristo@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        ** TOTAL **:          1.005x as fast    2867.6ms +/- 0.4%  2853.2ms +/- 0.3%    significant
+
+        * kjs/nodes.cpp: Tell the compiler that exceptions are unexpected (for
+        the sake of branch prediction and code organization).
+
+2008-02-27  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17030
+        Small buffer overflow within initialization
+
+        * kjs/date_object.cpp:
+        (KJS::DateObjectFuncImp::callAsFunction):
+        (KJS::parseDate):
+        Remove unnecessary and incorrect memset() calls - GregorianDateTime can initialize itself.
+
+2008-02-25  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        - Add a variant of remove that takes a position and a length.
+
+        * wtf/Vector.h:
+        (WTF::Vector::remove):
+
+2008-02-25  Mark Mentovai  <mark@moxienet.com>
+
+        Reviewed by Mark Rowe.
+
+        Enable CollectorHeapIntrospector to build by itself, as well as in an AllInOneFile build.
+        http://bugs.webkit.org/show_bug.cgi?id=17538
+
+        * kjs/CollectorHeapIntrospector.cpp: Provide "using" declaration for
+          WTF::RemoteMemoryReader.
+        * kjs/collector.h: Move CollectorHeap declaration here...
+        * kjs/collector.cpp: ... from here.
+
+2008-02-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        * JavaScriptCore.exp: Sort the contents of this file.
+
+2008-02-25  Adam Roben  <aroben@apple.com>
+
+        MSVC build fix
+
+        * kjs/testkjs.cpp:
+        (functionQuit): Don't add a return statement after exit(0) for MSVC.
+
+2008-02-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17529
+        Add support for reading from stdin from testkjs
+
+        * kjs/testkjs.cpp:
+        (GlobalObject::GlobalObject): Add readline function to global object.
+        (functionReadline): Added. Reads characters from stdin until a '\n' or
+        EOF is encountered. The input is returned as a String to the caller.
+
+2008-02-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17528
+        Give testkjs a bath
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj: Make the testkjs.cpp use 4 space indentation.
+        * kjs/testkjs.cpp:
+        (StopWatch::getElapsedMS):
+        (GlobalObject::className):
+        (GlobalObject::GlobalObject):
+        Rename GlobalImp to GlobalObject and setup the global functions
+        in the GlobalObject's constructor. Also, use static functions for
+        the implementation so we can use the standard PrototypeFunction
+        class and remove TestFunctionImp.
+        (functionPrint): Move print() functionality here.
+        (functionDebug): Move debug() functionality here.
+        (functionGC): Move gc() functionality here.
+        (functionVersion): Move version() functionality here.
+        (functionRun): Move run() functionality here.
+        (functionLoad): Move load() functionality here.
+        (functionQuit): Move quit() functionality here.
+        (prettyPrintScript): Fix indentation.
+        (runWithScripts): Since all the functionality of createGlobalObject is
+        now in the GlobalObject constructor, just call new here.
+        (parseArguments): Fix indentation.
+        (kjsmain): Ditto
+        (fillBufferWithContentsOfFile): Ditto.
+
+2008-02-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt and Mark Rowe.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17505
+        Add support for getting command line arguments in testkjs
+
+        - This slightly changes the behavior of parsing arguments by requiring
+          a '-f' before all files. 
+
+        * kjs/testkjs.cpp:
+        (createGlobalObject): Add a global property called 'arguments' which
+        contains an array with the parsed arguments as strings.
+        (runWithScripts): Pass in the arguments vector so that it can be passed
+        to the global object.
+        (parseArguments): Change parsing rules to require a '-f' before any script
+        file. After all '-f' and '-p' arguments have been parsed, the remaining
+        are added to the arguments vector and exposed to the script. If there is a
+        chance of ambiguity (the user wants to pass the string '-f' to the script),
+        the string '--' can be used separate the options from the pass through 
+        arguments.
+        (kjsmain):
+
+2008-02-24  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=17511
+          REGRESSION: Reproducible crash in SegmentedSubstring::SegmentedSubstring(SegmentedSubstring const&)
+
+        * wtf/Deque.h:
+        (WTF::::expandCapacityIfNeeded): Fixed the case where m_start and m_end
+        are both zero but the buffer capacity is non-zero.
+        (WTF::::prepend): Added validity checks.
+
+2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Rubber stamped by Darin.
+
+        Add separator '\' after libJavaScriptCore_la_LIBADD and cleanup
+        whitespaces introduced in the previous commit.
+
+        * GNUmakefile.am: 
+
+2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        * GNUmakefile.am: Add GLOBALDEPS for testkjs and minidom.
+
+2008-02-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17496
+          make Deque use a circular array; add iterators
+
+        * wtf/Deque.h: Wrote an all-new version of this class that uses a circular
+        buffer. Growth policy is identical to vector. Added iterators.
+
+        * wtf/Vector.h: Made two small refinements while using this to implement
+        Deque: Made VectorBufferBase derive from Noncopyable, which would have
+        saved me some debugging time if it had been there. Renamed Impl and
+        m_impl to Buffer and m_buffer.
+
+2008-02-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17067
+          eliminate attributes parameter from JSObject::put for speed/clarity
+
+        * API/JSCallbackObject.h: Removed attribute arguments.
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::JSCallbackObject<Base>::put): Ditto.
+        * API/JSObjectRef.cpp:
+        (JSObjectSetProperty): Use initializeVariable or putDirect when necessary
+        to set attribute values.
+        * JavaScriptCore.exp: Updated.
+        * bindings/objc/objc_runtime.h: Removed attribute arguments.
+        * bindings/objc/objc_runtime.mm:
+        (ObjcFallbackObjectImp::put): Ditto.
+        * bindings/runtime_array.cpp:
+        (RuntimeArray::put): Ditto.
+        * bindings/runtime_array.h: Ditto.
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::put): Ditto.
+        * bindings/runtime_object.h: Ditto. Also removed canPut which was only
+        called from one place in WebCore that can use hasProperty instead.
+
+        * kjs/Activation.h: Removed attribute argument from put and added the new
+        initializeVariable function that's used to put variables in variable objects.
+        Also made isActivationObject a const member.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::put): Removed attribute argument.
+        (KJS::JSGlobalObject::initializeVariable): Added. Used to give variables
+        their initial values, which can include the read-only property.
+        (KJS::JSGlobalObject::reset): Removed obsolete comments about flags.
+        Removed Internal flag, which is no longer needed.
+        * kjs/JSGlobalObject.h: More of the same.
+
+        * kjs/JSVariableObject.h: Added pure virtual initializeVariable function.
+        (KJS::JSVariableObject::symbolTablePut): Removed checkReadOnly flag; we always
+        check read-only.
+        (KJS::JSVariableObject::symbolTableInitializeVariable): Added.
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::put): Removed attribute argument.
+        * kjs/array_instance.h: Ditto.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::put): Ditto.
+        (KJS::Arguments::put): Ditto.
+        (KJS::ActivationImp::put): Ditto.
+        (KJS::ActivationImp::initializeVariable): Added.
+        * kjs/function.h: Removed attribute arguments.
+
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct): Removed Internal flag.
+
+        * kjs/lookup.h:
+        (KJS::lookupPut): Removed attributes argument. Also changed to use putDirect
+        instead of calling JSObject::put.
+        (KJS::cacheGlobalObject): Ditto.
+
+        * kjs/nodes.cpp:
+        (KJS::ConstDeclNode::handleSlowCase): Call initializeVariable to initialize
+        the constant.
+        (KJS::ConstDeclNode::evaluateSingle): Ditto.
+        (KJS::TryNode::execute): Use putDirect to set up the new object.
+        (KJS::FunctionBodyNode::processDeclarations): Removed Internal.
+        (KJS::ProgramNode::processDeclarations): Ditto.
+        (KJS::EvalNode::processDeclarations): Call initializeVariable to initialize
+        the variables and functions.
+        (KJS::FuncDeclNode::makeFunction): Removed Internal.
+        (KJS::FuncExprNode::evaluate): Ditto.
+
+        * kjs/object.cpp: Removed canPut, which was only being used in one code path,
+        not the normal high speed one.
+        (KJS::JSObject::put): Removed attribute argument. Moved the logic from
+        canPut here, in the one code ath that was still using it.
+        * kjs/object.h: Removed Internal attribute, ad canPut function. Removed the
+        attributes argument to the put function. Made isActivationObject const.
+
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpImp::put): Removed attributes argument.
+        (KJS::RegExpImp::putValueProperty): Ditto.
+        (KJS::RegExpObjectImp::put): Ditto.
+        (KJS::RegExpObjectImp::putValueProperty): Ditto.
+        * kjs/regexp_object.h: Ditto.
+
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::put): Removed attributes argument.
+        * kjs/string_object.h: Ditto.
+
+2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Not reviewed, Gtk build fix.
+
+        * kjs/testkjs.pro:
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix - move ThreadCondition implementation from WebCore to WTF.
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadCondition::ThreadCondition):
+        (WTF::ThreadCondition::~ThreadCondition):
+        (WTF::ThreadCondition::wait):
+        (WTF::ThreadCondition::signal):
+        (WTF::ThreadCondition::broadcast):
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Touch some files, hoping that Windows build bot will create JSC headers.
+
+        * kjs/AllInOneFile.cpp:
+        * kjs/array_instance.cpp:
+        * wtf/HashTable.cpp:
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Qt/Wx build fix - this file was still in a wrong namespace, too.
+
+        * wtf/ThreadingNone.cpp:
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        More build fixing - fix mismatched braces.
+
+        * JavaScriptCore.pri:
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Wx and Gtk build fixes.
+
+        * JavaScriptCore.pri: Don't try to compile ThreadingPthreads.
+        * wtf/ThreadingGtk.cpp: Use a correct namespace.
+
+2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        Move basic threading support from WebCore to WTF.
+
+        Added mutex protection to MessageQueue::killed() for paranoia sake.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * wtf/Locker.h: Copied from WebCore/platform/Locker.h.
+        * wtf/MessageQueue.h: Copied from WebCore/platform/MessageQueue.h.
+        (WTF::::killed):
+        * wtf/Threading.h: Copied from WebCore/platform/Threading.h.
+        * wtf/ThreadingGtk.cpp: Copied from WebCore/platform/gtk/ThreadingGtk.cpp.
+        (WebCore::createThread):
+        * wtf/ThreadingNone.cpp: Copied from WebCore/platform/ThreadingNone.cpp.
+        * wtf/ThreadingPthreads.cpp: Copied from WebCore/platform/pthreads/ThreadingPthreads.cpp.
+        (WTF::createThread):
+        * wtf/ThreadingWin.cpp: Copied from WebCore/platform/win/ThreadingWin.cpp.
+        (WTF::createThread):
+        (WTF::Mutex::Mutex):
+        (WTF::Mutex::~Mutex):
+        (WTF::Mutex::lock):
+        (WTF::Mutex::tryLock):
+        (WTF::Mutex::unlock):
+
+2008-02-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)
+        
+        I'm removing KJS_MEM_LIMIT for the following reasons:
+        
+        - We have a few reports of KJS_MEM_LIMIT breaking important web
+        applications, like GMail and Google Reader. (For example, if you
+        simply open 12 GMail tabs, tab #12 will hit the limit.)
+
+        - Firefox has no discernable JS object count limit, so any limit, even
+        a large one, is a potential compatibility problem.
+        
+        - KJS_MEM_LIMIT does not protect against malicious memory allocation,
+        since there are many ways to maliciously allocate memory without
+        increasing the JS object count.
+        
+        - KJS_MEM_LIMIT is already mostly broken, since it only aborts the
+        script that breaches the limit, not any subsequent scripts.
+        
+        - We've never gotten bug reports about websites that would have
+        benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
+        KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
+        needed it.
+        
+        - Any website that brings you anywhere close to crashing due to the
+        number of live JS objects will almost certainly put up the "slow
+        script" dialog at least 20 times beforehand.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        * kjs/nodes.cpp:
+        (KJS::TryNode::execute):
+
+2008-02-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey P.
+
+        <rdar://problem/5759327> REGRESSION: while(NaN) acts like while(true)
+
+        Fix yet another case where we incorrectly relied on implicit double
+        to bool coercion.
+
+        * kjs/nodes.cpp:
+        (KJS::PostDecLocalVarNode::evaluateToBoolean):
+
+2008-02-20  Michael Knaup  <michael.knaup@mac.com>
+
+        Reviewed by Darin.
+
+        Fix for Bug 16753: date set methods with no args should result in NaN (Acid3 bug)
+        The set values result in NaN now when called with no args, NaN or +/- inf values.
+        The setYear, setFullYear and setUTCFullYear methods used on NaN dates work as 
+        descripted in the standard.
+
+        * kjs/date_object.cpp:
+        (KJS::fillStructuresUsingTimeArgs):
+        (KJS::fillStructuresUsingDateArgs):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::dateProtoFuncSetYear):
+
+2008-02-19  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin.
+
+        Change OpaqueJSClass and RootObject to start with a ref count of 1.
+        
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        (OpaqueJSClass::createNoAutomaticPrototype):
+        (OpaqueJSClass::create):
+        * API/JSClassRef.h:
+        * API/JSObjectRef.cpp:
+        (JSClassCreate):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::RootObject::create):
+        (KJS::Bindings::RootObject::RootObject):
+
+2008-02-19  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Anders.
+
+        - removed explicit initialization to 1 for RefCounted; that's now the default
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Removed RefCounted initializer.
+
+2008-02-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Anders.
+
+        - next step for http://bugs.webkit.org/show_bug.cgi?id=17257
+          start ref counts at 1 instead of 0 for speed
+
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::RefCounted): Have refcounts default to 1. This allows us to start
+        removing the explicit initialization of RefCounted from classes and eventually we
+        can remove the ability to have the initial count of 0 entirely.
+
+2008-02-18  Samuel Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=17419
+        Remove CompatMode from JavaScriptCore as it is never set to anything other than NativeMode
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::setDebugger):
+        * kjs/date_object.cpp:
+        (KJS::dateProtoFuncGetYear):
+
+2008-02-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        * wtf/ASCIICType.h:
+        (WTF::toASCIIHexValue): Added.
+
+2008-02-17  Darin Adler  <darin@apple.com>
+
+        * wtf/ListHashSet.h: (WTF::swap): Removed stray return statement.
+
+2008-02-15  Adam Roben  <aroben@apple.com>
+
+        Make JavaScriptCore's FEATURE_DEFINES match WebCore's
+
+        Reviewed by Mark.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-02-14  Stephanie Lewis <slewis@apple.com>
+
+        Reviewed by Geoff.
+
+        Update order files.
+
+        * JavaScriptCore.order:
+
+2008-02-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/5737835> nee http://bugs.webkit.org/show_bug.cgi?id=17329
+        Crash in JSGlobalObject::popActivation when inserting hyperlink in Wordpress (17329)
+        
+        Don't reset the "activations" stack in JSGlobalObject::reset, since we
+        might be executing a script during the call to reset, and the script
+        needs to safely run to completion.
+        
+        Instead, initialize the "activations" stack when the global object is
+        created, and subsequently rely on pushing and popping during normal
+        execution to maintain the stack's state.
+        
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::init):
+        (KJS::JSGlobalObject::reset):
+
+2008-02-13  Bernhard Rosenkraenzer  <bero@arklinux.org>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17339
+          JavaScriptCore does not build with gcc 4.3
+
+        * kjs/interpreter.cpp: Add include of <unistd.h>, since that's where
+        getpid() comes from.
+
+2008-02-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Alexey P.
+
+        <rdar://problem/5737003> REGRESSION (r27747): can't browse pictures on fastcupid.com
+
+        When converting numeric values to booleans we need to account for NaN
+
+        * kjs/nodes.cpp:
+        (KJS::MultNode::evaluateToBoolean):
+        (KJS::ModNode::evaluateToBoolean):
+
+2008-02-08  Samuel Weinig  <sam@webkit.org>
+
+        Reviewed by Brady Eidson.
+
+        <rdar://problem/5659216> REGRESSION: PLT 0.3% slower due to r28868 (caching ClassNodeList and NamedNodeList)
+
+        - Tweak the statements in isASCIISpace to account for the statistical distribution of
+          usage in the PLT.
+
+        .4% speedup on my machine.  Stephanie's machine shows this as .3% speedup.
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCIISpace): 
+
+2008-02-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Fixes for:
+        <rdar://problem/5735497> Match Firefox's cross-domain model more accurately by return the built-in version of functions even if they have been overridden
+        <rdar://problem/5735443> Crash when setting the Window objects prototype to a custom Object and then calling a method on it
+
+        - Expose the native Object.prototype.toString implementation so that it can be used for cross-domain
+          toString calling.
+
+        * JavaScriptCore.exp:
+        * kjs/object_object.cpp:
+        * kjs/object_object.h:
+
+2008-02-10  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Eric.
+
+        * kjs/ExecState.h:
+        (KJS::ExecState::takeException): Added.
+
+2008-02-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17256
+          eliminate default ref. count of 0 in RefCounted class
+
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::RefCounted): Remove default of 0.
+
+2008-02-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17256
+          Make clients of RefCounted explicitly set the count to 0.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        * bindings/runtime_root.cpp:
+        (KJS::Bindings::RootObject::RootObject):
+
+2008-02-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mitz.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=17256
+          Change RegExp to start its ref count at 1, not 0
+
+        We'll want to do this to every RefCounted class, one at a time.
+
+        * kjs/nodes.h:
+        (KJS::RegExpNode::RegExpNode): Use RegExp::create instead of new RegExp.
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Marked inline, set initial ref count to 1.
+        (KJS::RegExp::create): Added. Calls new RegExp then adopts the initial ref.
+        * kjs/regexp.h: Reformatted. Made the constructors private. Added static
+        create functions that return objects already wrapped in PassRefPtr.
+        * kjs/regexp_object.cpp:
+        (KJS::regExpProtoFuncCompile): Use RegExp::create instead of new RegExp.
+        (KJS::RegExpObjectImp::construct): Ditto.
+        * kjs/string_object.cpp:
+        (KJS::stringProtoFuncMatch): Ditto.
+        (KJS::stringProtoFuncSearch): Ditto.
+
+2008-02-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        <rdar://problem/5731773> REGRESSION (r28973): Extraneous parentheses in function.toString()
+        https://bugs.webkit.org/show_bug.cgi?id=17214
+
+        Make a subclass of CommaNode to provide the correct precedence for each expression in
+        a variable declaration list.
+
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+        (KJS::VarDeclCommaNode::):
+
+2008-02-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=17247
+          Labelled continue/break can fail in some cases
+
+        Test: fast/js/continue-break-multiple-labels.html
+
+        * kjs/nodes.h:
+        (KJS::StatementNode::pushLabel): Made this virtual.
+        (KJS::LabelNode::pushLabel): Forward pushLabel calls to the statement inside.
+
+2008-02-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15003
+          Function.prototype.constructor should not be DontDelete/ReadOnly (Acid3 bug)
+
+        Test: fast/js/constructor-attributes.html
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset): Remove unwanted attributes from "constructor".
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct): Ditto.
+        * kjs/nodes.cpp:
+        (KJS::FuncDeclNode::makeFunction): Ditto.
+        (KJS::FuncExprNode::evaluate): Ditto.
+
+2008-02-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Added an ASSERT to catch refCount underflow, since it caused a leak in
+        my last check-in.
+
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::deref):
+
+2008-02-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        PLT speedup related to <rdar://problem/5659272> REGRESSION: PLT .4%
+        slower due to r28884 (global variable symbol table optimization)
+        
+        Tweaked RefCounted::deref() to be a little more efficient.
+
+        1% - 1.5% speedup on my machine. .7% speedup on Stephanie's machine.
+        
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::deref): Don't modify m_refCount if we're just going
+        to delete the object anyway. Also, use a simple == test, which might be
+        faster than <= on some hardware.
+
+2008-02-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=17094
+          Array.prototype functions create length properties with DontEnum/DontDelete
+
+        Test results match Gecko with very few obscure exceptions that seem to be
+        bugs in Gecko.
+
+        Test: fast/js/array-functions-non-arrays.html
+
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncConcat):  Removed DontEnum and DontDelete from the call
+        to set length.
+        (KJS::arrayProtoFuncPop): Ditto. Also added missing call to deleteProperty,
+        which is not needed for real arrays, but is needed for non-arrays.
+        (KJS::arrayProtoFuncPush): Ditto.
+        (KJS::arrayProtoFuncShift): Ditto.
+        (KJS::arrayProtoFuncSlice): Ditto.
+        (KJS::arrayProtoFuncSort): Removed incorrect call to set length when
+        the array has no elements.
+        (KJS::arrayProtoFuncSplice): Removed DontEnum and DontDelete from the call
+        to set length.
+        (KJS::arrayProtoFuncUnShift): Ditto. Also added a check for 0 arguments to
+        make behavior match the specification in that case.
+        * kjs/nodes.cpp:
+        (KJS::ArrayNode::evaluate): Removed DontEnum and DontDelete from the call
+        to set length.
+
+2008-02-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - replace calls to put to set up properties with calls to putDirect, to
+          prepare for a future change where put won't take attributes any more,
+          and for a slight performance boost
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor): Use putDirect instead of put.
+        * kjs/CommonIdentifiers.h: Removed lastIndex.
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset): Use putDirect instead of put.
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncConcat): Took out extra call to get length (unused).
+        (KJS::ArrayObjectImp::ArrayObjectImp): Use putDirect instead of put.
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype): Use putDirect instead of put.
+        * kjs/function.cpp:
+        (KJS::Arguments::Arguments): Use putDirect instead of put.
+        (KJS::PrototypeFunction::PrototypeFunction): Use putDirect instead of put.
+        * kjs/function_object.cpp:
+        (KJS::FunctionObjectImp::construct): Use putDirect instead of put.
+        * kjs/nodes.cpp:
+        (KJS::FuncDeclNode::makeFunction): Use putDirect instead of put.
+        (KJS::FuncExprNode::evaluate): Use putDirect instead of put.
+        * kjs/regexp_object.cpp:
+        (KJS::regExpProtoFuncCompile): Use setLastIndex instead of put(lastIndex).
+        (KJS::RegExpImp::match): Get and set lastIndex by using m_lastIndex instead of
+        calling get and put.
+        * kjs/regexp_object.h:
+        (KJS::RegExpImp::setLastIndex): Added.
+        * kjs/string_object.cpp:
+        (KJS::stringProtoFuncMatch): Use setLastIndex instead of put(lastIndex).
+
+2008-02-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=8080
+        NodeList (and other DOM lists) items are not enumeratable using for..in
+
+        * JavaScriptCore.exp:
+
+2008-02-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Update versioning to support the mysterious future.
+
+        * Configurations/Version.xcconfig: Add SYSTEM_VERSION_PREFIX_1060.
+
+2008-02-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Fixes Bug 16889: REGRESSION (r29425): Canvas-based graphing calculator fails to run
+              Bug 17015: REGRESSION (r29414-29428): www.fox.com "shows" menu fails to render
+              Bug 17164: REGRESSION: JavaScript pop-up menu appears at wrong location when hovering image at http://news.chinatimes.com/
+
+        <http://bugs.webkit.org/show_bug.cgi?id=16889>
+        <rdar://problem/5696255>
+
+        <http://bugs.webkit.org/show_bug.cgi?id=17015>
+
+        <http://bugs.webkit.org/show_bug.cgi?id=17164>
+        <rdar://problem/5720947>
+
+        The ActivationImp tear-off (r29425) introduced a problem with ReadModify
+        nodes that first resolve a slot, call valueForReadModifyNode(), and then
+        store a value in the previously resolved slot. Since valueForReadModifyNode()
+        may cause a tear-off, the slot needs to be resolved again, but this was
+        not happening with the existing code.
+
+        * kjs/nodes.cpp:
+        (KJS::ReadModifyLocalVarNode::evaluate):
+        (KJS::ReadModifyResolveNode::evaluate):
+
+2008-02-04  Cameron McCormack <cam@mcc.id.au>
+
+        Reviewed by Geoff Garen.
+
+        Remove some unneccesary UNUSED_PARAMs.  Clarify ownership rule of return value of JSObjectCopyPropertyNames.
+
+        * API/JSNode.c:
+        (JSNode_appendChild):
+        (JSNode_removeChild):
+        (JSNode_replaceChild):
+        (JSNode_getNodeType):
+        (JSNode_getFirstChild):
+        * API/JSNodeList.c:
+        (JSNodeList_length):
+        * API/JSObjectRef.h:
+
+2008-02-04  Rodney Dawes  <dobey@wayofthemonkey.com>
+
+        Reviewed by Alp Toker and Mark Rowe.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17175.
+        Bug 17175: Use of C++ compiler flags in CFLAGS
+
+        * GNUmakefile.am: Use global_cxxflags as well as global_cflags in CXXFLAGS.
+
+2008-02-04  Alp Toker  <alp@atoker.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        Remove all trailing whitespace in the GTK+ port and related
+        components.
+
+        * GNUmakefile.am:
+
+2008-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        PLT speedup related to <rdar://problem/5659272> REGRESSION: PLT .4%
+        slower due to r28884 (global variable symbol table optimization)
+
+        Geoff's theory is that the slowdown was due to copying hash tables when
+        putting things into the back/forward cache. If that's true, then this
+        should fix the problem.
+
+        (According to Geoff's measurements, in a PLT that exaggerates the
+        importance of symbol table saving during cached page creation, this
+        patch is a ~3X speedup in cached page creation, and a 9% speedup overall.)
+
+        * JavaScriptCore.exp: Updated.
+
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::saveLocalStorage): Updated for changes to SavedProperty,
+        which has been revised to avoid initializing each SavedProperty twice when building
+        the array. Store the property names too, so we don't have to store the symbol table
+        separately. Do this by iterating the symbol table instead of the local storage vector.
+        (KJS::JSVariableObject::restoreLocalStorage): Ditto. Restore the symbol table as
+        well as the local storage vector.
+
+        * kjs/JSVariableObject.h: Removed save/restoreSymbolTable and do that work inside
+        save/restoreLocalStorage instead. Made restoreLocalStorage a non-const member function
+        that takes a const reference to a SavedProperties object.
+
+        * kjs/LocalStorage.h: Changed attributes to be unsigned instead of int to match
+        other declarations of attributes elsewhere.
+
+        * kjs/property_map.cpp:
+        (KJS::SavedProperties::SavedProperties): Updated for data member name change.
+        (KJS::PropertyMap::save): Updated for data member name change and to use the new
+        inline init function instead of setting the fields directly. This allows us to
+        skip initializing the SavedProperty objects when first allocating the array, and
+        just do it when we're actually setting up the individual elements.
+        (KJS::PropertyMap::restore): Updated for SavedProperty changes.
+
+        * kjs/property_map.h: Changed SavedProperty from a struct to a class. Set it up so
+        it does not get initialized at construction time to avoid initializing twice when
+        creating an array of SavedProperty. Removed the m_ prefixes from the members of
+        the SavedProperties struct. Generally we use m_ for class members and not struct.
+
+2008-02-02  Tony Chang  <idealisms@gmail.com>
+
+        Reviewed by darin.  Landed by eseidel.
+
+        Add #define guards for WIN32_LEAN_AND_MEAN and _CRT_RAND_S.
+
+        * kjs/config.h:
+        * wtf/FastMalloc.cpp:
+        * wtf/TCSpinLock.h:
+
+2008-01-28  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        - Fix whitespace in nodes.h/cpp and nodes2string.cpp.
+
+        (NOTE: Specific changed functions elided for space and clarity)
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-01-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Patch for http://bugs.webkit.org/show_bug.cgi?id=17025
+        nodes.h/cpp has been rolling around in the mud - lets hose it down
+
+        - Rename member variables to use the m_ prefix.
+
+        (NOTE: Specific changed functions elided for space and clarity)
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+
+2008-01-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix <rdar://problem/5657450> REGRESSION: const is broken
+
+        Test: fast/js/const.html
+
+        SunSpider said this was 0.3% slower. And I saw some Shark samples in
+        JSGlobalObject::put -- not a lot but a few. We may be able to regain the
+        speed, but for now we will take that small hit for correctness sake.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::put): Pass the checkReadOnly flag in to symbolTablePut
+        instead of passing attributes.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTablePut): Removed the code to set attributes
+        here, since we only set attributes when creating a property. Added the code
+        to check read-only here, since we need that to implement const!
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::put): Pass the checkReadOnly flag in to symbolTablePut
+        instead of passing attributes.
+
+        * kjs/nodes.cpp:
+        (KJS::isConstant): Added.
+        (KJS::PostIncResolveNode::optimizeVariableAccess): Create a PostIncConstNode
+        if optimizing for a local variable and the variable is constant.
+        (KJS::PostDecResolveNode::optimizeVariableAccess): Ditto. But PostDecConstNode.
+        (KJS::PreIncResolveNode::optimizeVariableAccess): Ditto. But PreIncConstNode.
+        (KJS::PreDecResolveNode::optimizeVariableAccess): Ditto. But PreDecConstNode.
+        (KJS::PreIncConstNode::evaluate): Return the value + 1.
+        (KJS::PreDecConstNode::evaluate): Return the value - 1.
+        (KJS::PostIncConstNode::evaluate): Return the value converted to a number.
+        (KJS::PostDecConstNode::evaluate): Ditto.
+        (KJS::ReadModifyResolveNode::optimizeVariableAccess): Create a ReadModifyConstNode
+        if optimizing for a local variable and the variable is constant.
+        (KJS::AssignResolveNode::optimizeVariableAccess): Ditto. But AssignConstNode.
+        (KJS::ScopeNode::optimizeVariableAccess): Pass the local storage to the
+        node optimizeVariableAccess functions, since that's where we need to look to
+        figure out if a variable is constant.
+        (KJS::FunctionBodyNode::processDeclarations): Moved the call to
+        optimizeVariableAccess until after localStorage is set up.
+        (KJS::ProgramNode::processDeclarations): Ditto.
+
+        * kjs/nodes.h: Fixed the IsConstant and HasInitializer values. They are used
+        as flag masks, so a value of 0 will not work for IsConstant. Changed the
+        first parameter to optimizeVariableAccess to be a const reference to a symbol
+        table and added a const reference to local storage. Added classes for const
+        versions of local variable access: PostIncConstNode, PostDecConstNode,
+        PreIncConstNode, PreDecConstNode, ReadModifyConstNode, and AssignConstNode.
+
+        * kjs/object.cpp:
+        (KJS::JSObject::put): Tweaked comments a bit, and changed the checkReadOnly
+        expression to match the form used at the two other call sites.
+
+2008-01-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16498
+          ''.constructor.toString() gives [function]
+
+        Test: fast/js/function-names.html
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayObjectImp::ArrayObjectImp): Use the class name as the constructor's function name.
+        * kjs/bool_object.cpp:
+        (KJS::BooleanObjectImp::BooleanObjectImp): Ditto.
+        * kjs/date_object.cpp:
+        (KJS::DateObjectImp::DateObjectImp): Ditto.
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype): Make the error object be an Error.
+        (KJS::ErrorObjectImp::ErrorObjectImp): Use the class name as the constructor's function name.
+        (KJS::NativeErrorPrototype::NativeErrorPrototype): Take const UString&.
+        (KJS::NativeErrorImp::NativeErrorImp): Use the prototype's name as the constructor's function
+        name.
+        * kjs/error_object.h: Change ErrorPrototype to inherit from ErrorInstance. Change the
+        NativeErrorImp constructor to take a NativeErrorPrototype pointer for its prototype.
+        * kjs/function.h: Removed unneeded constructor for internal functions without names.
+        We want to avoid those!
+        * kjs/function_object.cpp:
+        (KJS::functionProtoFuncToString): Removed code that writes out just [function] for functions
+        that have no names. There's no reason to do that.
+        (KJS::FunctionObjectImp::FunctionObjectImp): Use the class name as the constructor's
+        function name.
+        * kjs/internal.cpp: Removed the unused constructor.
+        * kjs/number_object.cpp:
+        (KJS::fractionalPartToString): Marked static for internal linkage.
+        (KJS::exponentialPartToString): Ditto.
+        (KJS::numberProtoFuncToPrecision): Removed an unneeded else.
+        (KJS::NumberObjectImp::NumberObjectImp): Use the class name as the constructor's
+        function name.
+        (KJS::NumberObjectImp::getValueProperty): Tweaked formatting.
+        * kjs/object_object.cpp:
+        (KJS::ObjectObjectImp::ObjectObjectImp): Use "Object" for the function name.
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpObjectImp::RegExpObjectImp): Use "RegExp" for the function name.
+        * kjs/string_object.cpp:
+        (KJS::StringObjectImp::StringObjectImp): Use the class name as the constructor's
+        function name.
+
+2008-01-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=17027
+          Incorrect Function.toString behaviour with read/modify/write operators performed on negative numbers
+
+        Test: fast/js/function-toString-parentheses.html
+
+        The problem here was that a NumberNode with a negative number in it had the wrong
+        precedence. It's not a primary expression, it's a unary operator with a primary
+        expression after it.
+
+        Once the precedence of NumberNode was fixed, the cases from bug 17020 were also
+        fixed without trying to treat bracket nodes like dot nodes. That wasn't needed.
+        The reason we handle numbers before dot nodes specially is that the dot is a
+        legal character in a number. The same is not true of a bracket. Eventually we
+        could get smarter, and only add the parentheses when there is actual ambiguity.
+        There is none if the string form of the number already has a dot in it, or if
+        it's a number with a alphabetic name like infinity or NAN.
+
+        * kjs/nodes.h: Renamed back from ObjectAccess to DotExpr.
+        (KJS::NumberNode::precedence): Return PrecUnary for negative numbers, since
+        they serialize as a unary operator, not a primary expression.
+        * kjs/nodes2string.cpp:
+        (KJS::SourceStream::operator<<): Clear m_numberNeedsParens if this adds
+        parens; one set is enough.
+        (KJS::bracketNodeStreamTo): Remove unneeded special flag here. Normal
+        operator precedence suffices.
+        (KJS::NewExprNode::streamTo): Ditto.
+
+2008-01-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej and Darin.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=17020
+        Function.toString does not parenthesise numbers for the bracket accessor
+
+        It turns out that logic was there for all of the dot accessor nodes to make numbers be
+        parenthesised properly, so it was a trivial extension to extend that to the bracket nodes.
+        I renamed the enum type to reflect the fact that it is now used for both dot and bracket
+        accessors.
+
+        * kjs/nodes2string.cpp:
+        (KJS::bracketNodeStreamTo):
+        (KJS::BracketAccessorNode::streamTo):
+
+2008-01-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Fix Bug 17018: Incorrect code generated from Function.toString for get/setters in object literals
+
+        Don't quote getter and setter names during output, as that is simply wrong.
+
+        * kjs/nodes2string.cpp:
+        (KJS::PropertyNode::streamTo):
+
+2008-01-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16860
+          a bit of cleanup after the Activation optimization
+
+        * JavaScriptCore.exp: Export the GlobalExecState constructor instead of
+        the global flavor of the ExecState constructor. It'd probably be cleaner
+        to not export either one, but JSGlobalObject inlines the code that
+        constructs the ExecState. If we changed that, we could remove this export.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Re-sorted a few things and
+        put the new source files into the kjs group rather than at the top level.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState): Marked inline and updated for data member
+        name changes. This is now only for use for the derived classes. Also removed
+        code that sets the unused m_savedExec data member for the global case. That
+        data member is only used for the other two types.
+        (KJS::ExecState::~ExecState): Marked inline and removed all the code.
+        The derived class destructors now inclde the appropriate code.
+        (KJS::ExecState::lexicalGlobalObject): Removed unneeded special case for
+        an empty scope chain. The bottom function already returns 0 for that case,
+        so the general case code handles it fine. Also changed to use data members
+        directly rather than calling functions.
+        (KJS::GlobalExecState::GlobalExecState): Added. Calls through to the base
+        class constructor.
+        (KJS::GlobalExecState::~GlobalExecState): Added.
+        (KJS::InterpreterExecState::InterpreterExecState): Added. Moved code to
+        manipulate activeExecStates here since we don't want to have to check for the
+        special case of globalExec.
+        (KJS::InterpreterExecState::~InterpreterExecState): Added.
+        (KJS::EvalExecState::EvalExecState): Added.
+        (KJS::EvalExecState::~EvalExecState): Added.
+        (KJS::FunctionExecState::FunctionExecState): Added.
+        (KJS::FunctionExecState::~FunctionExecState): Added.
+
+        * kjs/ExecState.h: Tweaked the header, includes, and declarations a bit.
+        Made ExecState inherit from Noncopyable. Reformatted some comments and
+        made them a bit more brief. Rearranged declarations a little bit and removed
+        unused savedExec function. Changed seenLabels function to return a reference
+        rather than a pointer. Made constructors and destructor protected, and also
+        did the same with all data members. Renamed m_thisVal to m_thisValue and
+        ls to m_labelStack. Added three new derived classes for each of the
+        types of ExecState. The primary goal here was to remove a branch from the
+        code in the destructor, but it's also clearer than overloading the arguments
+        to the ExecState constructor.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::getCurrentTime): Fixed formatting.
+        (KJS::JSGlobalObject::pushActivation): Removed parentheses that don't make
+        the expression clearer -- other similar sites didn't have these parentheses,
+        even the one a couple lines earlier that sets stackEntry.
+        (KJS::JSGlobalObject::tearOffActivation): Got rid of unneeded static_cast
+        (I think I mentioned this during patch review) and used an early exit so that
+        the entire contents of the function aren't nested inside an if statement.
+        Also removed the check of codeType, instead checking Activation for 0.
+        For now, I kept the codeType check, but inside an assertion.
+
+        * kjs/JSGlobalObject.h: Changed type of globalExec to GlobalExecState.
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): Changed type to FunctionExecState.
+        (KJS::GlobalFuncImp::callAsFunction): Changed type to EvalExecState.
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate): Changed type to GlobalExecState.
+
+        * kjs/nodes.cpp:
+        (KJS::ContinueNode::execute): Changed code since seenLabels() returns a
+        reference now instead of a pointer.
+        (KJS::BreakNode::execute): Ditto.
+        (KJS::LabelNode::execute): Ditto.
+
+2008-01-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Cleanup node2string a little.
+        - Remove some unnecessary branching.
+        - Factor out bracket and dot streaming into static inline functions.
+
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        (KJS::bracketNodeStreamTo):
+        (KJS::dotNodeStreamTo):
+        (KJS::FunctionCallBracketNode::streamTo):
+        (KJS::FunctionCallDotNode::streamTo):
+        (KJS::PostIncBracketNode::streamTo):
+        (KJS::PostDecBracketNode::streamTo):
+        (KJS::PostIncDotNode::streamTo):
+        (KJS::PostDecDotNode::streamTo):
+        (KJS::DeleteBracketNode::streamTo):
+        (KJS::DeleteDotNode::streamTo):
+        (KJS::PreIncBracketNode::streamTo):
+        (KJS::PreDecBracketNode::streamTo):
+        (KJS::PreIncDotNode::streamTo):
+        (KJS::PreDecDotNode::streamTo):
+        (KJS::ReadModifyBracketNode::streamTo):
+        (KJS::AssignBracketNode::streamTo):
+        (KJS::ReadModifyDotNode::streamTo):
+        (KJS::AssignDotNode::streamTo):
+        (KJS::WhileNode::streamTo):
+
+2008-01-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=17001
+        Bug 17001: Build error with Gtk port on Mac OS X
+
+        If both XP_MACOSX and XP_UNIX are defined then X11.h and Carbon.h will both be included.
+        These provide conflicting definitions for a type named 'Cursor'.  As XP_UNIX is set by
+        the build system when targeting X11, it doesn't make sense for XP_MACOSX to also be set
+        in this instance.
+
+        * bindings/npapi.h: Don't define XP_MACOSX if XP_UNIX is defined.
+
+2008-01-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=17013
+          JSC can't round trip certain for-loops
+
+        Test: fast/js/toString-for-var-decl.html
+
+        * kjs/nodes.h: Added PlaceholderTrueNode so we can put nodes into
+        for loops without injecting the word "true" into them (nice, but not
+        the bug fix). Fixed ForNode constructor so expr1WasVarDecl is set
+        only when there is an expression, since it's common for the actual
+        variable declaration to be moved by the parser.
+
+        * kjs/nodes2string.cpp:
+        (KJS::PlaceholderTrueNode::streamTo): Added. Empty.
+
+2008-01-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix for bug 17012: REGRESSION: JSC can't round trip an object literal
+
+        Add logic to ensure that object literals and function expressions get
+        parentheses when necessary.
+
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        (KJS::SourceStream::operator<<):
+
+2008-01-24  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+
+2008-01-24  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+
+2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix QDateTime to JS Date conversion.
+        Several conversion errors (some UTC related, some month
+        offset related) and the conversion distance for Date
+        to DateTime conversion weights were fixed (it should never
+        be better to convert a JS Number into a Date rather than
+        an int).
+        
+        * bindings/qt/qt_runtime.cpp:
+        (KJS::Bindings::convertValueToQVariant):
+        (KJS::Bindings::convertQVariantToValue):
+
+2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Simon.
+
+        Add support for calling QObjects.
+        Add support for invokeDefaultMethod (via a call to
+        a specific slot), and also allow using it as a
+        constructor, like QtScript.
+        
+
+        * bindings/qt/qt_class.cpp:
+        (KJS::Bindings::QtClass::fallbackObject):
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtRuntimeObjectImp::construct):
+        (KJS::Bindings::QtInstance::QtInstance):
+        (KJS::Bindings::QtInstance::~QtInstance):
+        (KJS::Bindings::QtInstance::implementsCall):
+        (KJS::Bindings::QtInstance::invokeDefaultMethod):
+        * bindings/qt/qt_instance.h:
+        * bindings/qt/qt_runtime.cpp:
+        (KJS::Bindings::findMethodIndex):
+        (KJS::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
+        (KJS::Bindings::QtRuntimeMetaMethod::callAsFunction):
+        * bindings/qt/qt_runtime.h:
+
+2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Simon.
+
+        Code style cleanups.
+        Add spaces before/after braces in inline function.
+
+        * bindings/qt/qt_instance.h:
+
+2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Simon.
+
+        Code style cleanups.
+        Remove spaces and unneeded declared parameter names.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
+
+2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Simon.
+
+        Clear stale RuntimeObjectImps.
+        Since other objects can have refs to the QtInstance,
+        we can't rely on the QtInstance being deleted when the
+        RuntimeObjectImp is invalidate or deleted.  This
+        could result in a stale JSObject being returned for
+        a valid Instance.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtRuntimeObjectImp::QtRuntimeObjectImp):
+        (KJS::Bindings::QtRuntimeObjectImp::~QtRuntimeObjectImp):
+        (KJS::Bindings::QtRuntimeObjectImp::invalidate):
+        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
+        (KJS::Bindings::QtInstance::getRuntimeObject):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createRuntimeObject):
+        * bindings/runtime.h:
+
+2008-01-23  Alp Toker  <alp@atoker.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        Remove whitespace after -I in automake include lists.
+
+        * GNUmakefile.am:
+
+2008-01-23  Michael Goddard <michael.goddard@trolltech.com>
+
+        Reviewed by Lars Knoll <lars@trolltech.com>.
+
+        Reworked the JavaScriptCore Qt bindings:
+        
+        * Add initial support for string and variant arrays, as well
+        as sub QObjects in the JS bindings.
+        
+        * Don't expose fields marked as not scriptable by moc.
+        
+        * Add support for dynamic properties and accessing named
+        QObject children of an object (like QtScript and older
+        IE DOM style JS).
+        * Add support for custom toString methods.
+        
+        * Fine tune some bindings to be closer to QtScript.
+        Make void functions return undefined, and empty/
+        null QStrings return a zero length string.
+        
+        * Create framework for allowing more direct method calls.
+        Since RuntimeMethod doesn't allow us to add additional
+        methods/properties to a function, add these classes.
+        Start prototyping object.signal.connect(...).
+        
+        * Add signal support to the Qt bindings.
+        Allow connecting to signals (object.signal.connect(slot)),
+        disconnecting, and emitting signals.  Currently chooses
+        the first signal that matches the name, so this will need
+        improvement.
+        
+        * Add property names, and resolve signals closer to use.
+        Enumerating properties now returns some of the Qt properties
+        and signals.  Slots and methods aren't quite present.  Also,
+        resolve signal connections etc. closer to the time of use, so
+        we can do more dynamic resolution based on argument type etc.
+        Still picks the first one with the same name, at the moment.
+        
+        * Make signature comparison code consistent.
+        Use the same code for checking meta signatures in
+        the method and fallback getters, and avoid a
+        QByteArray construction when we can.
+        
+        * Fix minor memory leak, and handle pointers better.
+        Delete the private object in the dtors, and use RefPtrs
+        for holding Instances etc.
+        
+        * Handle method lookup better.
+        Allow invocation time method lookup based on the arguments,
+        which is closer to QtScript behaviour.  Also, cache the
+        method lists and delete them in the QtClass dtor (stops
+        a memory leak).
+        
+        * Improve JS to Qt data type conversions.
+        Add some support for Date & RegExp JS objects,
+        and provide some metrics on the quality of the
+        conversion.
+        
+        * A couple of fixes for autotest failures.
+        Better support for converting lists, read/write only
+        QMetaProperty support, modified slot search order...)
+
+        * bindings/qt/qt_class.cpp:
+        (KJS::Bindings::QtClass::QtClass):
+        (KJS::Bindings::QtClass::~QtClass):
+        (KJS::Bindings::QtClass::name):
+        (KJS::Bindings::QtClass::fallbackObject):
+        (KJS::Bindings::QtClass::methodsNamed):
+        (KJS::Bindings::QtClass::fieldNamed):
+        * bindings/qt/qt_class.h:
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::QtInstance):
+        (KJS::Bindings::QtInstance::~QtInstance):
+        (KJS::Bindings::QtInstance::getRuntimeObject):
+        (KJS::Bindings::QtInstance::getClass):
+        (KJS::Bindings::QtInstance::implementsCall):
+        (KJS::Bindings::QtInstance::getPropertyNames):
+        (KJS::Bindings::QtInstance::invokeMethod):
+        (KJS::Bindings::QtInstance::invokeDefaultMethod):
+        (KJS::Bindings::QtInstance::stringValue):
+        (KJS::Bindings::QtInstance::booleanValue):
+        (KJS::Bindings::QtInstance::valueOf):
+        (KJS::Bindings::QtField::name):
+        (KJS::Bindings::QtField::valueFromInstance):
+        (KJS::Bindings::QtField::setValueToInstance):
+        * bindings/qt/qt_instance.h:
+        (KJS::Bindings::QtInstance::getBindingLanguage):
+        (KJS::Bindings::QtInstance::getObject):
+        * bindings/qt/qt_runtime.cpp:
+        (KJS::Bindings::QWKNoDebug::QWKNoDebug):
+        (KJS::Bindings::QWKNoDebug::~QWKNoDebug):
+        (KJS::Bindings::QWKNoDebug::operator<<):
+        (KJS::Bindings::):
+        (KJS::Bindings::valueRealType):
+        (KJS::Bindings::convertValueToQVariant):
+        (KJS::Bindings::convertQVariantToValue):
+        (KJS::Bindings::QtRuntimeMethod::QtRuntimeMethod):
+        (KJS::Bindings::QtRuntimeMethod::~QtRuntimeMethod):
+        (KJS::Bindings::QtRuntimeMethod::codeType):
+        (KJS::Bindings::QtRuntimeMethod::execute):
+        (KJS::Bindings::QtRuntimeMethodData::~QtRuntimeMethodData):
+        (KJS::Bindings::QtRuntimeMetaMethodData::~QtRuntimeMetaMethodData):
+        (KJS::Bindings::QtRuntimeConnectionMethodData::~QtRuntimeConnectionMethodData):
+        (KJS::Bindings::QtMethodMatchType::):
+        (KJS::Bindings::QtMethodMatchType::QtMethodMatchType):
+        (KJS::Bindings::QtMethodMatchType::kind):
+        (KJS::Bindings::QtMethodMatchType::isValid):
+        (KJS::Bindings::QtMethodMatchType::isVariant):
+        (KJS::Bindings::QtMethodMatchType::isMetaType):
+        (KJS::Bindings::QtMethodMatchType::isUnresolved):
+        (KJS::Bindings::QtMethodMatchType::isMetaEnum):
+        (KJS::Bindings::QtMethodMatchType::enumeratorIndex):
+        (KJS::Bindings::QtMethodMatchType::variant):
+        (KJS::Bindings::QtMethodMatchType::metaType):
+        (KJS::Bindings::QtMethodMatchType::metaEnum):
+        (KJS::Bindings::QtMethodMatchType::unresolved):
+        (KJS::Bindings::QtMethodMatchType::typeId):
+        (KJS::Bindings::QtMethodMatchType::name):
+        (KJS::Bindings::QtMethodMatchData::QtMethodMatchData):
+        (KJS::Bindings::QtMethodMatchData::isValid):
+        (KJS::Bindings::QtMethodMatchData::firstUnresolvedIndex):
+        (KJS::Bindings::indexOfMetaEnum):
+        (KJS::Bindings::findMethodIndex):
+        (KJS::Bindings::findSignalIndex):
+        (KJS::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
+        (KJS::Bindings::QtRuntimeMetaMethod::mark):
+        (KJS::Bindings::QtRuntimeMetaMethod::callAsFunction):
+        (KJS::Bindings::QtRuntimeMetaMethod::getOwnPropertySlot):
+        (KJS::Bindings::QtRuntimeMetaMethod::lengthGetter):
+        (KJS::Bindings::QtRuntimeMetaMethod::connectGetter):
+        (KJS::Bindings::QtRuntimeMetaMethod::disconnectGetter):
+        (KJS::Bindings::QtRuntimeConnectionMethod::QtRuntimeConnectionMethod):
+        (KJS::Bindings::QtRuntimeConnectionMethod::callAsFunction):
+        (KJS::Bindings::QtRuntimeConnectionMethod::getOwnPropertySlot):
+        (KJS::Bindings::QtRuntimeConnectionMethod::lengthGetter):
+        (KJS::Bindings::QtConnectionObject::QtConnectionObject):
+        (KJS::Bindings::QtConnectionObject::~QtConnectionObject):
+        (KJS::Bindings::QtConnectionObject::metaObject):
+        (KJS::Bindings::QtConnectionObject::qt_metacast):
+        (KJS::Bindings::QtConnectionObject::qt_metacall):
+        (KJS::Bindings::QtConnectionObject::execute):
+        (KJS::Bindings::QtConnectionObject::match):
+        (KJS::Bindings::::QtArray):
+        (KJS::Bindings::::~QtArray):
+        (KJS::Bindings::::rootObject):
+        (KJS::Bindings::::setValueAt):
+        (KJS::Bindings::::valueAt):
+        * bindings/qt/qt_runtime.h:
+        (KJS::Bindings::QtField::):
+        (KJS::Bindings::QtField::QtField):
+        (KJS::Bindings::QtField::fieldType):
+        (KJS::Bindings::QtMethod::QtMethod):
+        (KJS::Bindings::QtMethod::name):
+        (KJS::Bindings::QtMethod::numParameters):
+        (KJS::Bindings::QtArray::getLength):
+        (KJS::Bindings::QtRuntimeMethod::d_func):
+        (KJS::Bindings::QtRuntimeMetaMethod::d_func):
+        (KJS::Bindings::QtRuntimeConnectionMethod::d_func):
+        (KJS::Bindings::):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        (KJS::Bindings::Instance::createRuntimeObject):
+        (KJS::Bindings::Instance::reallyCreateRuntimeObject):
+        * bindings/runtime.h:
+
+2008-01-22  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin and Adam.
+
+        <rdar://problem/5688975>
+        div element on microsoft site has wrong left offset.
+        
+        Return true even if NPN_GetProperty returns null or undefined. This matches Firefox 
+        (and is what the Silverlight plug-in expects).
+        
+        * bindings/NP_jsobject.cpp:
+        (_NPN_GetProperty):
+
+2008-01-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=16909
+        REGRESSION: Amazon.com crash (ActivationImp)
+        
+        (and a bunch of other crashes)
+        
+        Plus, a .7% SunSpider speedup to boot.
+        
+        Replaced the buggy currentExec and savedExec mechanisms with an
+        explicit ExecState stack.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect): Explicitly mark the ExecState stack.
+
+        (KJS::Collector::reportOutOfMemoryToAllExecStates): Slight change in
+        behavior: We no longer throw an exception in any global ExecStates,
+        since global ExecStates are more like pseudo-ExecStates, and aren't
+        used for script execution. (It's unclear what would happen if you left
+        an exception waiting around in a global ExecState, but it probably
+        wouldn't be good.)
+
+2008-01-21  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Reviewed by Alp Toker.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16955
+        Get errors when cross-compile webkit-gtk
+
+        * GNUmakefile.am: removed ICU_CFLAGS
+
+2008-01-18  Kevin McCullough  <kmccullough@apple.com>
+
+        - Build fix.
+
+        * kjs/ustring.h:
+
+2008-01-18  Kevin McCullough  <kmccullough@apple.com>
+
+        - Build fix.
+
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        (KJS::UString::cost):
+
+2008-01-18  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        - Correctly report cost of appended strings to trigger GC.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::Rep::create):
+        (KJS::UString::UString): Don't create unnecssary objects.
+        (KJS::UString::cost): Report cost if necessary but also keep track of 
+        reported cost.
+        * kjs/ustring.h:
+
+2008-01-18  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Holger.
+
+        Fix return type conversions from Qt slots to JS values.
+        
+        This also fixes fast/dom/open-and-close-by-DOM.html, which called
+        layoutTestController.windowCount().
+        
+        When constructing the QVariant that holds the return type we cannot
+        use the QVarian(Type) constuctor as that will create a null variant.
+        We have to use the QVariant(Type, void *) constructor instead, just
+        like in QMetaObject::read() for example.
+        
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::getRuntimeObject):
+
+2008-01-18  Prasanth Ullattil  <prasanth.ullattil@trolltech.com>
+
+        Reviewed by Simon Hausmann <hausmann@webkit.org>.
+
+        Fix compilation on Win64(2): Implemented currentThreadStackBase on X86-64 on Windows
+        
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+
+2008-01-18  Prasanth Ullattil  <prasanth.ullattil@trolltech.com>
+
+        Reviewed by Simon Hausmann <hausmann@webkit.org>.
+
+        Fix compilation on Win64(1): Define WTF_PLATFORM_X86_64 correctly on Win64.
+        
+
+        * wtf/Platform.h:
+
+2008-01-17  Antti Koivisto  <antti@apple.com>
+
+        Fix Windows build.
+
+        * kjs/regexp_object.cpp:
+        (KJS::regExpProtoFuncToString):
+
+2008-01-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Fix for http://bugs.webkit.org/show_bug.cgi?id=16901
+        Convert remaining JS function objects to use the new PrototypeFunction class
+
+        - Moves Boolean, Function, RegExp, Number, Object and Global functions to their
+          own static function implementations so that they can be used with the
+          PrototypeFunction class.  SunSpider says this is 1.003x as fast.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/array_object.h:
+        * kjs/bool_object.cpp:
+        (KJS::BooleanInstance::BooleanInstance):
+        (KJS::BooleanPrototype::BooleanPrototype):
+        (KJS::booleanProtoFuncToString):
+        (KJS::booleanProtoFuncValueOf):
+        (KJS::BooleanObjectImp::BooleanObjectImp):
+        (KJS::BooleanObjectImp::implementsConstruct):
+        (KJS::BooleanObjectImp::construct):
+        (KJS::BooleanObjectImp::callAsFunction):
+        * kjs/bool_object.h:
+        (KJS::BooleanInstance::classInfo):
+        * kjs/error_object.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::errorProtoFuncToString):
+        * kjs/error_object.h:
+        * kjs/function.cpp:
+        (KJS::globalFuncEval):
+        (KJS::globalFuncParseInt):
+        (KJS::globalFuncParseFloat):
+        (KJS::globalFuncIsNaN):
+        (KJS::globalFuncIsFinite):
+        (KJS::globalFuncDecodeURI):
+        (KJS::globalFuncDecodeURIComponent):
+        (KJS::globalFuncEncodeURI):
+        (KJS::globalFuncEncodeURIComponent):
+        (KJS::globalFuncEscape):
+        (KJS::globalFuncUnEscape):
+        (KJS::globalFuncKJSPrint):
+        (KJS::PrototypeFunction::PrototypeFunction):
+        * kjs/function.h:
+        * kjs/function_object.cpp:
+        (KJS::FunctionPrototype::FunctionPrototype):
+        (KJS::functionProtoFuncToString):
+        (KJS::functionProtoFuncApply):
+        (KJS::functionProtoFuncCall):
+        * kjs/function_object.h:
+        * kjs/number_object.cpp:
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::numberProtoFuncToString):
+        (KJS::numberProtoFuncToLocaleString):
+        (KJS::numberProtoFuncValueOf):
+        (KJS::numberProtoFuncToFixed):
+        (KJS::numberProtoFuncToExponential):
+        (KJS::numberProtoFuncToPrecision):
+        * kjs/number_object.h:
+        (KJS::NumberInstance::classInfo):
+        (KJS::NumberObjectImp::classInfo):
+        (KJS::NumberObjectImp::):
+        * kjs/object_object.cpp:
+        (KJS::ObjectPrototype::ObjectPrototype):
+        (KJS::objectProtoFuncValueOf):
+        (KJS::objectProtoFuncHasOwnProperty):
+        (KJS::objectProtoFuncIsPrototypeOf):
+        (KJS::objectProtoFuncDefineGetter):
+        (KJS::objectProtoFuncDefineSetter):
+        (KJS::objectProtoFuncLookupGetter):
+        (KJS::objectProtoFuncLookupSetter):
+        (KJS::objectProtoFuncPropertyIsEnumerable):
+        (KJS::objectProtoFuncToLocaleString):
+        (KJS::objectProtoFuncToString):
+        * kjs/object_object.h:
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpPrototype::RegExpPrototype):
+        (KJS::regExpProtoFuncTest):
+        (KJS::regExpProtoFuncExec):
+        (KJS::regExpProtoFuncCompile):
+        (KJS::regExpProtoFuncToString):
+        * kjs/regexp_object.h:
+
+2008-01-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej & Darin.
+
+        Fixes Bug 16868: Gmail crash
+          and Bug 16871: Crash when loading apple.com/startpage
+
+        <http://bugs.webkit.org/show_bug.cgi?id=16868>
+        <rdar://problem/5686108>
+
+        <http://bugs.webkit.org/show_bug.cgi?id=16871>
+        <rdar://problem/5686670>
+
+        Adds ActivationImp tear-off for cross-window eval() and fixes an
+        existing garbage collection issue exposed by the ActivationImp tear-off
+        patch (r29425) that can occur when an ExecState's m_callingExec is
+        different than its m_savedExec.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::mark):
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+
+2008-01-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver.
+
+        Clean up MathObjectImp, it needed a little scrubbing.
+
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::MathObjectImp):
+        (KJS::MathObjectImp::getOwnPropertySlot):
+        (KJS::MathObjectImp::getValueProperty):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/math_object.h:
+        (KJS::MathObjectImp::classInfo):
+        (KJS::MathObjectImp::):
+
+2008-01-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Rename Lexer variable bol to atLineStart.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::setCode):
+        (KJS::Lexer::nextLine):
+        (KJS::Lexer::lex):
+        * kjs/lexer.h:
+
+2008-01-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen and Anders Carlsson.
+
+        Remove uses of KJS_PURE_ECMA as we don't ever build with it defined,
+        and we have many features that are not included in the ECMA spec.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::setCode):
+        (KJS::Lexer::nextLine):
+        (KJS::Lexer::lex):
+        * kjs/lexer.h:
+        * kjs/string_object.cpp:
+        * kjs/string_object.h:
+
+2008-01-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Fix <rdar://problem/5595552> r27608 introduced a 20% increase in JS binary size, 4% increase in WebCore binary size
+
+        - This changes the way JS functions that use Lookup tables are handled.  Instead of using
+          one class per function, which allowed specialization of the virtual callAsFunction
+          method, we now use one class, PrototypeFunction, which takes a pointer to a static
+          function to use as the implementation.  This significantly decreases the binary size
+          of JavaScriptCore (about 145k on an Intel only build) while still keeping some of the
+          speedup r27608 garnered (SunSpider says this is 1.005x as slow, which should leave some
+          wiggle room from the original 1% speedup) and keeps the functions implementations in separate
+          functions to help with optimizations.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/array_object.cpp:
+        (KJS::arrayProtoFuncToString):
+        (KJS::arrayProtoFuncToLocaleString):
+        (KJS::arrayProtoFuncJoin):
+        (KJS::arrayProtoFuncConcat):
+        (KJS::arrayProtoFuncPop):
+        (KJS::arrayProtoFuncPush):
+        (KJS::arrayProtoFuncReverse):
+        (KJS::arrayProtoFuncShift):
+        (KJS::arrayProtoFuncSlice):
+        (KJS::arrayProtoFuncSort):
+        (KJS::arrayProtoFuncSplice):
+        (KJS::arrayProtoFuncUnShift):
+        (KJS::arrayProtoFuncFilter):
+        (KJS::arrayProtoFuncMap):
+        (KJS::arrayProtoFuncEvery):
+        (KJS::arrayProtoFuncForEach):
+        (KJS::arrayProtoFuncSome):
+        (KJS::arrayProtoFuncIndexOf):
+        (KJS::arrayProtoFuncLastIndexOf):
+        * kjs/array_object.h:
+        * kjs/date_object.cpp:
+        (KJS::DatePrototype::getOwnPropertySlot):
+        (KJS::dateProtoFuncToString):
+        (KJS::dateProtoFuncToUTCString):
+        (KJS::dateProtoFuncToDateString):
+        (KJS::dateProtoFuncToTimeString):
+        (KJS::dateProtoFuncToLocaleString):
+        (KJS::dateProtoFuncToLocaleDateString):
+        (KJS::dateProtoFuncToLocaleTimeString):
+        (KJS::dateProtoFuncValueOf):
+        (KJS::dateProtoFuncGetTime):
+        (KJS::dateProtoFuncGetFullYear):
+        (KJS::dateProtoFuncGetUTCFullYear):
+        (KJS::dateProtoFuncToGMTString):
+        (KJS::dateProtoFuncGetMonth):
+        (KJS::dateProtoFuncGetUTCMonth):
+        (KJS::dateProtoFuncGetDate):
+        (KJS::dateProtoFuncGetUTCDate):
+        (KJS::dateProtoFuncGetDay):
+        (KJS::dateProtoFuncGetUTCDay):
+        (KJS::dateProtoFuncGetHours):
+        (KJS::dateProtoFuncGetUTCHours):
+        (KJS::dateProtoFuncGetMinutes):
+        (KJS::dateProtoFuncGetUTCMinutes):
+        (KJS::dateProtoFuncGetSeconds):
+        (KJS::dateProtoFuncGetUTCSeconds):
+        (KJS::dateProtoFuncGetMilliSeconds):
+        (KJS::dateProtoFuncGetUTCMilliseconds):
+        (KJS::dateProtoFuncGetTimezoneOffset):
+        (KJS::dateProtoFuncSetTime):
+        (KJS::dateProtoFuncSetMilliSeconds):
+        (KJS::dateProtoFuncSetUTCMilliseconds):
+        (KJS::dateProtoFuncSetSeconds):
+        (KJS::dateProtoFuncSetUTCSeconds):
+        (KJS::dateProtoFuncSetMinutes):
+        (KJS::dateProtoFuncSetUTCMinutes):
+        (KJS::dateProtoFuncSetHours):
+        (KJS::dateProtoFuncSetUTCHours):
+        (KJS::dateProtoFuncSetDate):
+        (KJS::dateProtoFuncSetUTCDate):
+        (KJS::dateProtoFuncSetMonth):
+        (KJS::dateProtoFuncSetUTCMonth):
+        (KJS::dateProtoFuncSetFullYear):
+        (KJS::dateProtoFuncSetUTCFullYear):
+        (KJS::dateProtoFuncSetYear):
+        (KJS::dateProtoFuncGetYear):
+        * kjs/date_object.h:
+        * kjs/function.cpp:
+        (KJS::PrototypeFunction::PrototypeFunction):
+        (KJS::PrototypeFunction::callAsFunction):
+        * kjs/function.h:
+        * kjs/lookup.h:
+        (KJS::HashEntry::):
+        (KJS::staticFunctionGetter):
+        * kjs/math_object.cpp:
+        (KJS::mathProtoFuncAbs):
+        (KJS::mathProtoFuncACos):
+        (KJS::mathProtoFuncASin):
+        (KJS::mathProtoFuncATan):
+        (KJS::mathProtoFuncATan2):
+        (KJS::mathProtoFuncCeil):
+        (KJS::mathProtoFuncCos):
+        (KJS::mathProtoFuncExp):
+        (KJS::mathProtoFuncFloor):
+        (KJS::mathProtoFuncLog):
+        (KJS::mathProtoFuncMax):
+        (KJS::mathProtoFuncMin):
+        (KJS::mathProtoFuncPow):
+        (KJS::mathProtoFuncRandom):
+        (KJS::mathProtoFuncRound):
+        (KJS::mathProtoFuncSin):
+        (KJS::mathProtoFuncSqrt):
+        (KJS::mathProtoFuncTan):
+        * kjs/math_object.h:
+        * kjs/string_object.cpp:
+        (KJS::stringProtoFuncToString):
+        (KJS::stringProtoFuncValueOf):
+        (KJS::stringProtoFuncCharAt):
+        (KJS::stringProtoFuncCharCodeAt):
+        (KJS::stringProtoFuncConcat):
+        (KJS::stringProtoFuncIndexOf):
+        (KJS::stringProtoFuncLastIndexOf):
+        (KJS::stringProtoFuncMatch):
+        (KJS::stringProtoFuncSearch):
+        (KJS::stringProtoFuncReplace):
+        (KJS::stringProtoFuncSlice):
+        (KJS::stringProtoFuncSplit):
+        (KJS::stringProtoFuncSubstr):
+        (KJS::stringProtoFuncSubstring):
+        (KJS::stringProtoFuncToLowerCase):
+        (KJS::stringProtoFuncToUpperCase):
+        (KJS::stringProtoFuncToLocaleLowerCase):
+        (KJS::stringProtoFuncToLocaleUpperCase):
+        (KJS::stringProtoFuncLocaleCompare):
+        (KJS::stringProtoFuncBig):
+        (KJS::stringProtoFuncSmall):
+        (KJS::stringProtoFuncBlink):
+        (KJS::stringProtoFuncBold):
+        (KJS::stringProtoFuncFixed):
+        (KJS::stringProtoFuncItalics):
+        (KJS::stringProtoFuncStrike):
+        (KJS::stringProtoFuncSub):
+        (KJS::stringProtoFuncSup):
+        (KJS::stringProtoFuncFontcolor):
+        (KJS::stringProtoFuncFontsize):
+        (KJS::stringProtoFuncAnchor):
+        (KJS::stringProtoFuncLink):
+        * kjs/string_object.h:
+
+2008-01-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adam Roben.
+        
+        Some tweaks to our headerdoc, suggested by David Gatwood on the docs
+        team.
+
+        * API/JSBase.h:
+        * API/JSObjectRef.h:
+        * API/JSStringRef.h:
+        * API/JSValueRef.h:
+
+2008-01-15  Alp Toker  <alp@atoker.com>
+
+        Rubber-stamped by Anders.
+
+        Make the HTTP backend configurable in the GTK+ port. curl is currently
+        the only option.
+
+        * wtf/Platform.h: Don't hard-code WTF_USE_CURL for GTK
+
+2008-01-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Beth Dakin.
+
+        Remove unneeded variable.
+
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFuncSubstr::callAsFunction):
+
+2008-01-14  Steve Falkenburg  <sfalken@apple.com>
+
+        Use shared vsprops for most vcproj properties.
+        
+        Reviewed by Darin.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add missing Debug_Internal config.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add missing Debug_Internal config.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2008-01-14  Adam Roben  <aroben@apple.com>
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
+        some headers that were missing from the vcproj so their contents will
+        be included in Find in Files.
+
+2008-01-14  Adam Roben  <aroben@apple.com>
+
+        Fix Bug 16871: Crash when loading apple.com/startpage
+
+        <http://bugs.webkit.org/show_bug.cgi?id=16871>
+        <rdar://problem/5686670>
+
+        Patch written by Darin, reviewed by me.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::mark): Call ActivationImp::markChildren if our
+        m_activation is on the stack. This is what ScopeChain::mark also does,
+        but apparently in some cases it's possible for an ExecState's
+        ActivationImp to not be in any ScopeChain.
+
+2008-01-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Oliver.
+
+        -<rdar://problem/5622667> REGRESSION (Leopard-ToT): Endless loading loop
+        trying to view techreport.com comments
+        - We need to set values in the map, because if they are already in the
+        map they will not be reset when we use add().
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::put):
+
+2008-01-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        - re-speed-up the page load test (my StringImpl change slowed it down)
+
+        * wtf/RefCounted.h:
+        (WTF::RefCounted::RefCounted): Allow derived classes to start with a reference
+        count other than 0. Eventually everyone will want to start with a 1. This is a
+        staged change. For now, there's a default of 0, and you can specify 1. Later,
+        there will be no default and everyone will have to specify. And then later, there
+        will be a default of 1. Eventually, we can take away even the option of starting
+        with 0!
+
+        * wtf/Vector.h:
+        (WTF::Vector::Vector): Sped up creation of non-empty vectors by removing the
+        overhead of first constructing something empty and then calling resize.
+        (WTF::Vector::clear): Sped up the common case of calling clear on an empty
+        vector by adding a check for that case.
+        (WTF::Vector::releaseBuffer): Marked this function inline and removed a branch
+        in the case of vectors with no inline capacity (normal vectors) by leaving out
+        the code to copy the inline buffer in that case.
+
+2008-01-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by David Kilzer.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16787
+        array.splice() with 1 element not working
+
+        Test: fast/js/array-splice.html
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFuncSplice::callAsFunction): Implement this Mozilla extension, and fix
+        some other edge cases.
+
+2008-01-13  Steve Falkenburg  <sfalken@apple.com>
+
+        Share common files across projects.
+        
+        Unify vsprops files
+        Debug:          common.vsprops, debug.vsprops
+        Debug_Internal: common.vsprops, debug.vsprops, debug_internal.vsprops
+        Release:        common.vsprops, release.vsprops
+        
+        Shared properties can go into common.vsprops, shared debug settings can go into debug.vsprops.
+        debug_internal.vsprops will be mostly empty except for file path prefix modifiers.
+
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.vcproj/debug.vsprops: Removed.
+        * JavaScriptCore.vcproj/debug_internal.vsprops: Removed.
+        * JavaScriptCore.vcproj/release.vsprops: Removed.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2008-01-13  Marius Bugge Monsen  <mbm@trolltech.com>
+
+        Contributions and review by Adriaan de Groot,
+        Simon Hausmann, Eric Seidel, and Darin Adler.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16590
+          Compilation fixes for Solaris.
+
+        * kjs/DateMath.h:
+        (KJS::GregorianDateTime::GregorianDateTime): Use the WIN_OS code path
+        for SOLARIS too, presumably because Solaris also lacks the tm_gtoff and tm_zone
+        fields.
+        (KJS::GregorianDateTime::operator tm): Ditto.
+
+        * kjs/collector.cpp:
+        (KJS::currentThreadStackBase): Use thr_stksegment on Solaris.
+
+        * wtf/MathExtras.h:
+        (isfinite): Implement for Solaris.
+        (isinf): Ditto.
+        (signbit): Ditto. But this one is wrong, so I added a FIXME.
+
+        * wtf/Platform.h: Define PLATFORM(SOLARIS) when "sun" or "__sun" is defined.
+
+2008-01-13  Michael Goddard  <michael.goddard@trolltech.com>
+
+        Reviewed by Anders Carlsson.
+
+        Add binding language type to Instance.
+        Allows runtime determination of the type of an
+        Instance, to allow safe casting.  Doesn't actually
+        add any safe casting yet, though.
+
+        Add a helper function to get an Instance from a JSObject*.
+        Given an object and the expected binding language, see if
+        the JSObject actually wraps an Instance of the given type
+        and return it.  Otherwise return 0.
+
+        Move RuntimeObjectImp creations into Instance.
+        Make the ctor protected, and Instance a friend class, so
+        that all creation of RuntimeObjectImps goes through
+        one place.
+
+        Remove copy ctor/assignment operator for QtInstance.
+        Instance itself is Noncopyable, so QtInstance doesn't
+        need to have these.
+
+        Add caching for QtInstance and associated RuntimeObjectImps.
+        Push any dealings with QtLanguage bindings into QtInstance,
+        and cache them there, rather than in the Instance layer.  Add
+        a QtRuntimeObjectImp to help with caching.
+
+        * JavaScriptCore.exp:
+        * bindings/c/c_instance.h:
+        * bindings/jni/jni_instance.h:
+        * bindings/objc/objc_instance.h:
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtRuntimeObjectImp::QtRuntimeObjectImp):
+        (KJS::Bindings::QtRuntimeObjectImp::~QtRuntimeObjectImp):
+        (KJS::Bindings::QtRuntimeObjectImp::invalidate):
+        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
+        (KJS::Bindings::QtInstance::QtInstance):
+        (KJS::Bindings::QtInstance::~QtInstance):
+        (KJS::Bindings::QtInstance::getQtInstance):
+        (KJS::Bindings::QtInstance::getRuntimeObject):
+        * bindings/qt/qt_instance.h:
+        (KJS::Bindings::QtInstance::getBindingLanguage):
+        * bindings/runtime.cpp:
+        (KJS::Bindings::Instance::createBindingForLanguageInstance):
+        (KJS::Bindings::Instance::createRuntimeObject):
+        (KJS::Bindings::Instance::getInstance):
+        * bindings/runtime.h:
+        * bindings/runtime_object.h:
+        (KJS::RuntimeObjectImp::getInternalInstance):
+
+2008-01-12  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Mark Rowe.
+
+        Hide non-public symbols in GTK+/autotools release builds.
+
+        * GNUmakefile.am:
+
+2008-01-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Mark Rowe.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=16852
+        Fixes leaking of ActivationStackNode objects.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::deleteActivationStack):
+        (KJS::JSGlobalObject::~JSGlobalObject):
+        (KJS::JSGlobalObject::init):
+        (KJS::JSGlobalObject::reset):
+        * kjs/JSGlobalObject.h:
+
+2008-01-12  Darin Adler  <darin@apple.com>
+
+        - try to fix Qt Windows build
+
+        * pcre/dftables: Remove reliance on the list form of Perl pipes.
+
+2008-01-12  Darin Adler  <darin@apple.com>
+
+        - try to fix Qt build
+
+        * kjs/function.cpp: Added include of scope_chain_mark.h.
+        * kjs/scope_chain_mark.h: Added multiple-include guards.
+
+2008-01-12  Mark Rowe  <mrowe@apple.com>
+
+        Another Windows build fix.
+
+        * kjs/Activation.h:
+
+2008-01-12  Mark Rowe  <mrowe@apple.com>
+
+        Attempted Windows build fix.  Use struct consistently when forward-declaring
+        ActivationStackNode and StackActivation.
+
+        * kjs/Activation.h:
+        * kjs/JSGlobalObject.h:
+
+2008-01-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Fixes a problem with the ActivationImp tear-off patch (r29425) where
+        some of the calls to JSGlobalObject::tearOffActivation() were using
+        the wrong test to determine whether it should leave a relic behind.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::ActivationImp::getOwnPropertySlot):
+
+2008-01-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
+        variable access (16644)
+        
+        This bug was caused by var declarations shadowing built-in properties of
+        the global object.
+        
+        To match Firefox, we've decided that var declarations will never shadow
+        built-in properties of the global object or its prototypes. We used to
+        behave more like IE, which allows shadowing, but walking that line got
+        us into trouble with websites that sent us down the Firefox codepath.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet): New code to support calling
+        hasProperty before the variable object is fully initialized (so you
+        can call it during initialization).
+
+        * kjs/nodes.cpp:.
+        (KJS::ProgramNode::initializeSymbolTable): Always do a full hasProperty
+        check when looking for duplicates, not getDirect, since it only checks
+        the property map, and not hasOwnProperty, since it doesn't check
+        prototypes.
+        (KJS::EvalNode::processDeclarations): ditto
+
+        * kjs/property_slot.h:
+        (KJS::PropertySlot::ungettableGetter): Best function name evar.
+
+2008-01-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Optimized ActivationImp allocation, so that activation records are now
+        first allocated on an explicitly managed stack and only heap allocated
+        when necessary. Roughly a 5% improvement on SunSpider, and a larger
+        improvement on benchmarks that use more function calls.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/Activation.h: Added.
+        (KJS::ActivationImp::ActivationData::ActivationData):
+        (KJS::ActivationImp::ActivationImp):
+        (KJS::ActivationImp::classInfo):
+        (KJS::ActivationImp::isActivationObject):
+        (KJS::ActivationImp::isOnStack):
+        (KJS::ActivationImp::d):
+        (KJS::StackActivation::StackActivation):
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        (KJS::ExecState::~ExecState):
+        * kjs/ExecState.h:
+        (KJS::ExecState::replaceScopeChainTop):
+        (KJS::ExecState::setActivationObject):
+        (KJS::ExecState::setLocalStorage):
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        (KJS::JSGlobalObject::pushActivation):
+        (KJS::JSGlobalObject::checkActivationCount):
+        (KJS::JSGlobalObject::popActivationHelper):
+        (KJS::JSGlobalObject::popActivation):
+        (KJS::JSGlobalObject::tearOffActivation):
+        * kjs/JSGlobalObject.h:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
+        (KJS::JSVariableObject::JSVariableObject):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::ActivationImp::ActivationImp):
+        (KJS::ActivationImp::~ActivationImp):
+        (KJS::ActivationImp::init):
+        (KJS::ActivationImp::getOwnPropertySlot):
+        (KJS::ActivationImp::markHelper):
+        (KJS::ActivationImp::mark):
+        (KJS::ActivationImp::ActivationData::ActivationData):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function.h:
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::ReadModifyResolveNode::evaluate):
+        (KJS::AssignResolveNode::evaluate):
+        (KJS::WithNode::execute):
+        (KJS::TryNode::execute):
+        (KJS::FunctionBodyNode::processDeclarations):
+        (KJS::FuncExprNode::evaluate):
+        * kjs/object.h:
+        * kjs/scope_chain.h:
+        (KJS::ScopeChain::replace):
+        * kjs/scope_chain_mark.h: Added.
+        (KJS::ScopeChain::mark):
+
+2008-01-11  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix the (clean) qmake build. For generating chartables.c we don't
+        depend on a separate input source file anymore, the dftables perl
+        script is enough. So use that instead as value for the .input
+        variable, to ensure that qmake also generates a rule to call dftables.
+
+        * pcre/pcre.pri:
+
+2008-01-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by John Sullivan.
+
+        Fixed some world leak reports:
+        * <rdar://problem/5669436> PLT complains about world leak of 1 JavaScript
+        Interpreter after running cvs-base suite
+
+        * <rdar://problem/5669423> PLT complains about world leak if browser
+        window is open when PLT starts
+        
+        * kjs/collector.h: Added the ability to distinguish between global
+        objects and GC-protected global objects, since we only consider the
+        latter to be world leaks.
+        * kjs/collector.cpp:
+
+2008-01-11  Mark Rowe  <mrowe@apple.com>
+
+        Silence qmake warning about ctgen lacking input.
+
+        Rubber-stamped by Alp Toker.
+
+        * pcre/pcre.pri:
+
+2008-01-10  David Kilzer  <ddkilzer@apple.com>
+
+        dftables should be rewritten as a script
+
+        <http://bugs.webkit.org/show_bug.cgi?id=16818>
+        <rdar://problem/5681463>
+
+        Reviewed by Darin.
+
+        Rewrote the dftables utility in Perl.  Attempted to switch all
+        build systems to call the script directly instead of building
+        a binary first.  Only the Xcode build was able to be tested.
+
+        * DerivedSources.make: Added pcre directory to VPATH and changed
+        to invoke dftables directly.
+        * GNUmakefile.am: Removed build information and changed to invoke
+        dftables directly.
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed reference to
+        dftables project.
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Ditto.
+        * JavaScriptCore.vcproj/dftables: Removed.
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Removed.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Removed dftables target.
+        * jscore.bkl: Removed dftables executable definition.
+        * pcre/dftables: Copied from JavaScriptCore/pcre/dftables.cpp.
+        * pcre/dftables.cpp: Removed.
+        * pcre/dftables.pro: Removed.
+        * pcre/pcre.pri: Removed references to dftables.cpp and changed to
+        invoke dftables directly.
+
+2008-01-10  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16782
+          <rdar://problem/5675331> REGRESSION(r29266): Reproducible crash in fast/replaced/image-map.html
+
+        The crash resulted from a native object (DumpRenderTree's
+        EventSender) causing its wrapper to be invalidated (by clicking a
+        link that replaced the document in the window) and consequently
+        deallocated. The fix is to use RefPtrs to protect the native object
+        from deletion by self-invalidation.
+
+        * bindings/runtime_method.cpp:
+        (RuntimeMethod::callAsFunction):
+        * bindings/runtime_object.cpp:
+        (RuntimeObjectImp::fallbackObjectGetter):
+        (RuntimeObjectImp::fieldGetter):
+        (RuntimeObjectImp::methodGetter):
+        (RuntimeObjectImp::put):
+        (RuntimeObjectImp::defaultValue):
+        (RuntimeObjectImp::callAsFunction):
+
+2008-01-07  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Turn testIsInteger assertions into compile-time asserts and move them into HashTraits.h
+        where possible.
+
+        * kjs/testkjs.cpp:
+        * wtf/HashTraits.h:
+
+2008-01-07  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Mark.
+
+        Enable SVG_FONTS by default.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-01-07  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by David Kilzer.
+
+        - get rid of empty fpconst.cpp
+
+        * GNUmakefile.am: Remove fpconst.cpp.
+        * JavaScriptCore.pri: Ditto.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * JavaScriptCoreSources.bkl: Ditto.
+
+        * kjs/fpconst.cpp: Removed.
+
+2008-01-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by David Kilzer.
+
+        - fix alignment problem with NaN and Inf globals
+
+        * kjs/fpconst.cpp: Move the contents of this file from here back to
+        value.cpp. The reason this was in a separate file is that the DARWIN
+        version of this used a declaration of the globals with a different
+        type to avoid creating "init routines". That's no longer necessary for
+        DARWIN and was never necessary for the non-DARWIN code path.
+        To make this patch easy to merge, I didn't actually delete this file
+        yet. We'll do that in a separate changeset.
+
+        * kjs/value.cpp: If C99's NAN and INFINITY are present, then use them,
+        othrewise use the union trick from fpconst.cpp. I think it would be
+        better to eliminate KJS::NaN and KJS::Inf and just use NAN and INFINITY
+        directly or std::numeric_limits<double>::quiet_nan() and
+        std::numeric_limits<double>::infinity(). But when I tried that, it
+        slowed down SunSpider. Someone else could do that cleanup if they
+        could do it without slowing down the engine.
+
+2008-01-07  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
+        JavaScript.h to the project.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
+        Copy JavaScript.h to WEBKITOUTPUTDIR.
+
+2008-01-07  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Darin.
+
+        Fix Mac build.
+
+        * API/JSNode.c:
+        * API/JSNode.h:
+        * API/JSNodeList.c:
+        * API/JSNodeList.h:
+        * API/JavaScript.h:
+        * API/JavaScriptCore.h:
+        * API/minidom.c:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-01-07  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16029
+        JavaScriptCore.h is not suitable for platforms other than Mac OS X
+
+        Introduce a new JavaScriptCore/JavaScript.h public API header. This
+        should be used by all new portable code using the JavaScriptCore API.
+
+        JavaScriptCore/JavaScriptCore.h will remain for compatibility with
+        existing applications that depend on it including JSStringRefCF.h
+        which isn't portable.
+
+        Also add minidom to the GTK+/autotools build since we can now support
+        it on all platforms.
+
+        * API/JSNode.h:
+        * API/JSNodeList.h:
+        * API/JavaScript.h: Added.
+        * API/JavaScriptCore.h:
+        * ForwardingHeaders/JavaScriptCore/JavaScript.h: Added.
+        * GNUmakefile.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-01-06  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Abstract all DateObject.set* functions in preparation for fixing:
+        http://bugs.webkit.org/show_bug.cgi?id=16753
+        
+        SunSpider had random changes here and there but was overall a wash.
+
+        * kjs/date_object.cpp:
+        (KJS::fillStructuresUsingTimeArgs):
+        (KJS::setNewValueFromTimeArgs):
+        (KJS::setNewValueFromDateArgs):
+        (KJS::DateProtoFuncSetMilliSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMilliseconds::callAsFunction):
+        (KJS::DateProtoFuncSetSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetUTCSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetMinutes::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMinutes::callAsFunction):
+        (KJS::DateProtoFuncSetHours::callAsFunction):
+        (KJS::DateProtoFuncSetUTCHours::callAsFunction):
+        (KJS::DateProtoFuncSetDate::callAsFunction):
+        (KJS::DateProtoFuncSetUTCDate::callAsFunction):
+        (KJS::DateProtoFuncSetMonth::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMonth::callAsFunction):
+        (KJS::DateProtoFuncSetFullYear::callAsFunction):
+        (KJS::DateProtoFuncSetUTCFullYear::callAsFunction):
+
+2008-01-06  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Dan.
+
+        Add new helper function isArabicChar - SVG Fonts support needs it.
+
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::isArabicChar):
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::isArabicChar):
+
+2008-01-06  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Mark Rowe.
+
+        Use $(EXEEXT) to account for the .exe extension in the GTK+ Windows
+        build. (This is already done correctly in DerivedSources.make.) Issue
+        noticed by Mikkel when building in Cygwin.
+
+        Add a missing slash. This was a hack from the qmake build system that
+        isn't necessary with autotools.
+
+        * GNUmakefile.am:
+
+2008-01-05  Darin Adler  <darin@apple.com>
+
+        * API/JSRetainPtr.h: One more file that needed the change below.
+
+2008-01-05  Darin Adler  <darin@apple.com>
+
+        * wtf/OwnPtr.h: OwnPtr needs the same fix as RefPtr below.
+
+2008-01-05  Adam Roben  <aroben@apple.com>
+
+        Build fix.
+
+        Reviewed by Maciej.
+
+        * wtf/RetainPtr.h: Use PtrType instead of T* because of the
+        RemovePointer magic.
+
+2008-01-05  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Maciej Stachowiak.
+
+        - cut down own PIC branches by using a pointer-to-member-data instead of a
+          pointer-to-member-function in WTF smart pointers
+
+        * wtf/OwnArrayPtr.h:
+        * wtf/OwnPtr.h:
+        * wtf/PassRefPtr.h:
+        * wtf/RefPtr.h:
+        * wtf/RetainPtr.h:
+        Use a pointer to the m_ptr member instead of the get member.
+        The GCC compiler generates better code for this idiom.
+
+2008-01-05  Henry Mason  <hmason@mac.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16738
+        Bug 16738: Collector block offset could be stored as an cell offset instead of a byte offset
+
+        Gives a 0.4% SunSpider boost and prettier code.
+
+        * kjs/collector.cpp: Switched to cell offsets from byte offsets
+        (KJS::Collector::heapAllocate):
+        (KJS::Collector::sweep):
+
+2008-01-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Have the two malloc zones print useful diagnostics if their free method are unexpectedly invoked.
+        Due to <rdar://problem/5671357> this can happen if an application attempts to free a pointer that
+        was not allocated by any registered malloc zone on the system.
+
+        * kjs/CollectorHeapIntrospector.h:
+        * wtf/FastMalloc.cpp:
+
+2008-01-04  Alp Toker  <alp@atoker.com>
+
+        GTK+ autotools build fix. Terminate empty rules.
+
+        * GNUmakefile.am:
+
+2008-01-03  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix compilation with gcc 4.3: limits.h is needed for INT_MAX.
+
+        * pcre/pcre_exec.cpp:
+
+2008-01-03  Darin Adler  <darin@apple.com>
+
+        * tests/mozilla/expected.html: The fix for bug 16696 also fixed a test
+        case, ecma_3/RegExp/perlstress-002.js, so updated results to expect
+        that test to succeed.
+
+2008-01-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16696
+          JSCRE fails fails to match Acid3 regexp
+
+        Test: fast/regex/early-acid3-86.html
+
+        The problem was with the cutoff point between backreferences and octal
+        escape sequences. We need to determine the cutoff point by counting the
+        total number of capturing brackets, which requires an extra pass through
+        the expression when compiling it.
+
+        * pcre/pcre_compile.cpp:
+        (CompileData::CompileData): Added numCapturingBrackets. Removed some
+        unused fields.
+        (compileBranch): Use numCapturingBrackets when calling checkEscape.
+        (calculateCompiledPatternLength): Use numCapturingBrackets when calling
+        checkEscape, and also store the bracket count at the end of the compile.
+        (jsRegExpCompile): Call calculateCompiledPatternLength twice -- once to
+        count the number of brackets and then a second time to calculate the length.
+
+2008-01-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16696
+          JSCRE fails fails to match Acid3 regexp
+
+        Test: fast/regex/early-acid3-86.html
+
+        The problem was with the cutoff point between backreferences and octal
+        escape sequences. We need to determine the cutoff point by counting the
+        total number of capturing brackets, which requires an extra pass through
+        the expression when compiling it.
+
+        * pcre/pcre_compile.cpp:
+        (CompileData::CompileData): Added numCapturingBrackets. Removed some
+        unused fields.
+        (compileBranch): Use numCapturingBrackets when calling checkEscape.
+        (calculateCompiledPatternLength): Use numCapturingBrackets when calling
+        checkEscape, and also store the bracket count at the end of the compile.
+        (jsRegExpCompile): Call calculateCompiledPatternLength twice -- once to
+        count the number of brackets and then a second time to calculate the length.
+
+2008-01-02  David Kilzer <ddkilzer@webkit.org>
+
+        Reviewed and landed by Darin.
+
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::execute): Added a missing return.
+
+2008-01-02  Darin Adler  <darin@apple.com>
+
+        - try to fix Qt build
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::foldCase): Add some missing const.
+
+2008-01-02  Alice Liu  <alice.liu@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        need to export ASCIICType.h for use in DRT
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIUpper):
+
+2008-01-02  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Beth Dakin.
+
+        Cleanup error_object.h/cpp.
+
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::reset):
+        * kjs/error_object.cpp:
+        (KJS::ErrorInstance::ErrorInstance):
+        (KJS::ErrorPrototype::ErrorPrototype):
+        (KJS::ErrorProtoFuncToString::ErrorProtoFuncToString):
+        (KJS::ErrorProtoFuncToString::callAsFunction):
+        (KJS::ErrorObjectImp::ErrorObjectImp):
+        (KJS::ErrorObjectImp::implementsConstruct):
+        (KJS::ErrorObjectImp::construct):
+        (KJS::ErrorObjectImp::callAsFunction):
+        (KJS::NativeErrorPrototype::NativeErrorPrototype):
+        (KJS::NativeErrorImp::NativeErrorImp):
+        (KJS::NativeErrorImp::implementsConstruct):
+        (KJS::NativeErrorImp::construct):
+        (KJS::NativeErrorImp::callAsFunction):
+        (KJS::NativeErrorImp::mark):
+        * kjs/error_object.h:
+        (KJS::ErrorInstance::classInfo):
+        (KJS::NativeErrorImp::classInfo):
+
+2008-01-02  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Alp Toker.
+
+        * GNUmakefile.am: Add missing dependency on grammar.y.
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - fix for http://bugs.webkit.org/show_bug.cgi?id=16695
+          JSC allows non-identifier codepoints in identifiers (affects Acid3)
+
+        Test: fast/js/kde/parse.html
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex): Added additional states to distinguish Unicode escapes at the
+        start of identifiers from ones inside identifiers. Rejected characters that don't pass
+        the isIdentStart and isIdentPart tests.
+        (KJS::Lexer::convertUnicode): Removed incorrect FIXME comment.
+
+        * kjs/lexer.h: Added new states to distinguish \u escapes at the start of identifiers
+        from \u escapes inside identifiers.
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        - rolled scope chain optimization out; it was breaking the world
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16685
+          eliminate List::empty() to cut down on PIC branches
+
+        Also included one other speed-up -- remove the call to reserveCapacity from
+        FunctionBodyNode::processDeclarations in all but the most unusual cases.
+
+        Together these make SunSpider 1.016x as fast.
+
+        * JavaScriptCore.exp: Updated.
+        * kjs/ExecState.cpp:
+        (KJS::globalEmptyList): Added. Called only when creating global ExecState
+        instances.
+        (KJS::ExecState::ExecState): Broke constructor up into three separate functions,
+        for the three separate node types. Also went through each of the three and
+        streamlined as much as possible, removing dead code. This prevents us from having
+        to access the global in the function body version of the constructor.
+
+        * kjs/ExecState.h: Added emptyList(). Replaced the constructor with a set of
+        three that are specific to the different node types that can create new execution
+        state objects.
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFuncToLocaleString::callAsFunction): Use exec->emptyList() instead
+        of List::empty().
+        (KJS::ArrayProtoFuncConcat::callAsFunction): Ditto.
+        (KJS::ArrayProtoFuncSlice::callAsFunction): Ditto.
+        (KJS::ArrayProtoFuncSplice::callAsFunction): Ditto.
+        (KJS::ArrayProtoFuncFilter::callAsFunction): Ditto.
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): Updated to call new ExecState constructor.
+        (KJS::GlobalFuncImp::callAsFunction): Ditto (for eval).
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct): Use exec->emptyList() instead of List::empty().
+
+        * kjs/list.cpp: Removed List::empty.
+        * kjs/list.h: Ditto.
+
+        * kjs/nodes.cpp:
+        (KJS::ElementNode::evaluate): Use exec->emptyList() instead of List::empty().
+        (KJS::ArrayNode::evaluate): Ditto.
+        (KJS::ObjectLiteralNode::evaluate): Ditto.
+        (KJS::PropertyListNode::evaluate): Ditto.
+        (KJS::FunctionBodyNode::processDeclarations): Another speed-up. Check the capacity
+        before calling reserveCapacity, because it doesn't get inlined the local storage
+        vector is almost always big enough -- saving the function call overhead is a big
+        deal.
+        (KJS::FuncDeclNode::makeFunction): Use exec->emptyList() instead of List::empty().
+        (KJS::FuncExprNode::evaluate): Ditto.
+        * kjs/object.cpp:
+        (KJS::tryGetAndCallProperty): Ditto.
+        * kjs/property_slot.cpp:
+        (KJS::PropertySlot::functionGetter): Ditto.
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFuncSplit::callAsFunction): Ditto.
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16648
+          REGRESSION (r28165): Yuku.com navigation prints "jsRegExpExecute failed with result -2"
+          <rdar://problem/5646486> REGRESSION (r28165): Layout test fast/regex/test1 fails intermittently
+
+        Fixes 34 failing test cases in the fast/regex/test1.html test.
+
+        Restored the stack which prevents infinite loops for brackets that match the empty
+        string; it had been removed as an optimization.
+
+        Unfortunately, restoring this stack causes the regular expression test in SunSpider
+        to be 1.095x as slow and the overall test to be 1.004x as slow. Maybe we can find
+        a correct optimization to restore the speed!
+
+        It's possible the original change was on the right track but just off by one.
+
+        * pcre/pcre_exec.cpp: Add back eptrblock, but name it BracketChainNode.
+        (MatchStack::pushNewFrame): Add back the logic needed here.
+        (startNewGroup): Ditto.
+        (match): Ditto.
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16683
+          speed up function calls by making ScopeChain::push cheaper
+
+        This gives a 1.019x speedup on SunSpider.
+
+        After doing this, I realized this probably will be obsolete when the optimization
+        to avoid creating an activation object is done. When we do that one we should check
+        if rolling this out will speed things up, since this does add overhead at the time
+        you copy the scope chain.
+
+        * kjs/object.h: Removed the ScopeChain::release function. It was
+        marked inline, and called in exactly one place, so moved it there.
+        No idea why it was in this header file!
+
+        * kjs/scope_chain.cpp: Removed the overload of the ScopeChain::push
+        function that takes another ScopeChain. It was unused. I think we used
+        it over in WebCore at one point, but not any more.
+
+        * kjs/scope_chain.h: Changed ScopeChainNode into a struct rather than
+        a class, got rid of its constructor so we can have one that's uninitialized,
+        and moved the refCount into a derived struct, ScopeChainHeapNode. Made _node
+        mutable so it can be changed in the moveToHeap function. Changed the copy
+        constructor and assignment operator to call moveToHeap, since the top node
+        can't be shared when it's embedded in another ScopeChain object. Updated
+        functions as needed to handle the case where the first object isn't on the
+        heap or to add casts for cases where it's guaranteed to be. Changed the push
+        function to always put the new node into the ScopeChain object; it will get
+        put onto the heap when needed later.
+
+2008-01-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed slight logic error in reserveCapacity, where we would reallocate
+        the storage buffer unnecessarily.
+
+        * wtf/Vector.h:
+        (WTF::::reserveCapacity): No need to grow the buffer if newCapacity is
+        equal to capacity().
+
+2008-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16684
+          eliminate debugger overhead from function body execution
+
+        Speeds SunSpider up 1.003x. That's a small amount, but measurable.
+
+        * JavaScriptCore.exp: Updated.
+        * kjs/Parser.h:
+        (KJS::Parser::parse): Create the node with a static member function named create() instead
+        of using new explicitly.
+
+        * kjs/grammar.y: Changed calls to new FunctionBodyNode to use FunctionBodyNode::create().
+
+        * kjs/nodes.cpp:
+        (KJS::ProgramNode::create): Added. Calls new.
+        (KJS::EvalNode::create): Ditto.
+        (KJS::FunctionBodyNode::create): Ditto, but creates FunctionBodyNodeWithDebuggerHooks
+        when a debugger is present.
+        (KJS::FunctionBodyNode::execute): Removed debugger hooks.
+        (KJS::FunctionBodyNodeWithDebuggerHooks::FunctionBodyNodeWithDebuggerHooks): Added.
+        (KJS::FunctionBodyNodeWithDebuggerHooks::execute): Calls the debugger, then the code,
+        then the debugger again.
+
+        * kjs/nodes.h: Added create functions, made the constructors private and protected.
+
+2007-12-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        More small cleanup to array_object.cpp
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFuncToString::callAsFunction):
+        (KJS::ArrayProtoFuncToLocaleString::callAsFunction):
+        (KJS::ArrayProtoFuncJoin::callAsFunction):
+        (KJS::ArrayProtoFuncConcat::callAsFunction):
+        (KJS::ArrayProtoFuncReverse::callAsFunction):
+        (KJS::ArrayProtoFuncShift::callAsFunction):
+        (KJS::ArrayProtoFuncSlice::callAsFunction):
+        (KJS::ArrayProtoFuncSort::callAsFunction):
+        (KJS::ArrayProtoFuncSplice::callAsFunction):
+        (KJS::ArrayProtoFuncUnShift::callAsFunction):
+        (KJS::ArrayProtoFuncFilter::callAsFunction):
+        (KJS::ArrayProtoFuncMap::callAsFunction):
+        (KJS::ArrayProtoFuncEvery::callAsFunction):
+
+2007-12-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Apply wkstyle to array_object.cpp
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayPrototype::ArrayPrototype):
+        (KJS::ArrayPrototype::getOwnPropertySlot):
+        (KJS::ArrayProtoFuncConcat::callAsFunction):
+        (KJS::ArrayProtoFuncPop::callAsFunction):
+        (KJS::ArrayProtoFuncReverse::callAsFunction):
+        (KJS::ArrayProtoFuncShift::callAsFunction):
+        (KJS::ArrayProtoFuncSlice::callAsFunction):
+        (KJS::ArrayProtoFuncSort::callAsFunction):
+        (KJS::ArrayProtoFuncSplice::callAsFunction):
+        (KJS::ArrayProtoFuncUnShift::callAsFunction):
+        (KJS::ArrayProtoFuncFilter::callAsFunction):
+        (KJS::ArrayProtoFuncMap::callAsFunction):
+        (KJS::ArrayProtoFuncEvery::callAsFunction):
+        (KJS::ArrayProtoFuncLastIndexOf::callAsFunction):
+        (KJS::ArrayObjectImp::ArrayObjectImp):
+        (KJS::ArrayObjectImp::implementsConstruct):
+        (KJS::ArrayObjectImp::construct):
+        (KJS::ArrayObjectImp::callAsFunction):
+
+2007-12-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Remove maxInt/minInt, replacing with std:max/min<int>()
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFuncSplice::callAsFunction):
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+
+2007-12-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+        
+        Update Number.toString to properly throw exceptions.
+        Cleanup code in Number.toString implementation.
+
+        * kjs/number_object.cpp:
+        (KJS::numberToString):
+        * kjs/object.cpp:
+        (KJS::Error::create): Remove bogus debug lines.
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        ASSERT when debugging via Drosera due to missed var lookup optimization.
+        http://bugs.webkit.org/show_bug.cgi?id=16634
+        
+        No test case possible.
+
+        * kjs/nodes.cpp:
+        (KJS::BreakpointCheckStatement::optimizeVariableAccess):
+        * kjs/nodes.h:
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        Fix (-0).toFixed() and re-factor a little
+        Fix (-0).toExponential() and printing of trailing 0s in toExponential
+        Fix toPrecision(nan) handling
+        http://bugs.webkit.org/show_bug.cgi?id=16640
+
+        * kjs/number_object.cpp:
+        (KJS::numberToFixed):
+        (KJS::fractionalPartToString):
+        (KJS::numberToExponential):
+        (KJS::numberToPrecision):
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        More changes to make number code readable
+
+        * kjs/number_object.cpp:
+        (KJS::integer_part_noexp):
+        (KJS::numberToFixed):
+        (KJS::numberToExponential):
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        More small cleanups to toPrecision
+
+        * kjs/number_object.cpp:
+        (KJS::numberToPrecision):
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        More small attempts to make number code readable
+
+        * kjs/number_object.cpp:
+        (KJS::exponentialPartToString):
+        (KJS::numberToExponential):
+        (KJS::numberToPrecision):
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Break out callAsFunction implementations into static functions
+
+        * kjs/number_object.cpp:
+        (KJS::numberToString):
+        (KJS::numberToFixed):
+        (KJS::numberToExponential):
+        (KJS::numberToPrecision):
+        (KJS::NumberProtoFunc::callAsFunction):
+
+2007-12-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Apply wkstyle/astyle and fix placement of *
+
+        * kjs/number_object.cpp:
+        (KJS::NumberInstance::NumberInstance):
+        (KJS::NumberPrototype::NumberPrototype):
+        (KJS::NumberProtoFunc::NumberProtoFunc):
+        (KJS::integer_part_noexp):
+        (KJS::intPow10):
+        (KJS::NumberProtoFunc::callAsFunction):
+        (KJS::NumberObjectImp::NumberObjectImp):
+        (KJS::NumberObjectImp::getOwnPropertySlot):
+        (KJS::NumberObjectImp::getValueProperty):
+        (KJS::NumberObjectImp::implementsConstruct):
+        (KJS::NumberObjectImp::construct):
+        (KJS::NumberObjectImp::callAsFunction):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+
+2007-12-27  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        ASSERT in JavaScriptCore while viewing WICD test case
+        http://bugs.webkit.org/show_bug.cgi?id=16626
+        
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::execute): move KJS_CHECK_EXCEPTION to proper place
+
+2007-12-26  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
+
+        Reviewed by Alp Toker.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16390
+        Use autotools or GNU make as the build system for the GTK port
+
+        * GNUmakefile.am: Added.
+
+2007-12-25  Maciej Stachowiak  <mjs@apple.com>
+        
+        Reviewed by Oliver.
+                
+        - Remove unnecessary redundant check from property setting
+        http://bugs.webkit.org/show_bug.cgi?id=16602
+                
+        1.3% speedup on SunSpider.
+        
+        * kjs/object.cpp:
+        (KJS::JSObject::put): Don't do canPut check when not needed; let
+        the PropertyMap handle it.        
+        (KJS::JSObject::canPut): Don't check the static property
+        table. lookupPut does that already.
+        
+2007-12-24  Alp Toker  <alp@atoker.com>
+
+        Fix builds that don't use AllInOneFile.cpp following breakage
+        introduced in r28973.
+
+        * kjs/grammar.y:
+
+2007-12-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+
+        - Optimize variable declarations
+        http://bugs.webkit.org/show_bug.cgi?id=16585
+        
+        3.5% speedup on SunSpider.
+
+        var statements now result in either assignments or empty statements.
+        
+        This allows a couple of optimization opportunities:
+        - No need to branch at runtime to check if there is an initializer
+        - EmptyStatementNodes can be removed entirely (also done in this patch)
+        - Assignment expressions get properly optimized for local variables
+        
+        This patch also includes some code cleanup:
+        - Most of the old VarStatement/VarDecl logic is now only used for const declarations, 
+          thus it is renamed appropriately
+        - AssignExprNode is gone
+        
+        * JavaScriptCore.exp:
+        * kjs/NodeInfo.h:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::SourceElements::append):
+        (KJS::ConstDeclNode::ConstDeclNode):
+        (KJS::ConstDeclNode::optimizeVariableAccess):
+        (KJS::ConstDeclNode::handleSlowCase):
+        (KJS::ConstDeclNode::evaluateSingle):
+        (KJS::ConstDeclNode::evaluate):
+        (KJS::ConstStatementNode::optimizeVariableAccess):
+        (KJS::ConstStatementNode::execute):
+        (KJS::VarStatementNode::optimizeVariableAccess):
+        (KJS::VarStatementNode::execute):
+        (KJS::ForInNode::ForInNode):
+        (KJS::ForInNode::optimizeVariableAccess):
+        (KJS::ForInNode::execute):
+        (KJS::FunctionBodyNode::initializeSymbolTable):
+        (KJS::ProgramNode::initializeSymbolTable):
+        (KJS::FunctionBodyNode::processDeclarations):
+        (KJS::ProgramNode::processDeclarations):
+        (KJS::EvalNode::processDeclarations):
+        * kjs/nodes.h:
+        (KJS::DeclarationStacks::):
+        (KJS::StatementNode::):
+        (KJS::ConstDeclNode::):
+        (KJS::ConstStatementNode::):
+        (KJS::EmptyStatementNode::):
+        (KJS::VarStatementNode::):
+        (KJS::ForNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::ConstDeclNode::streamTo):
+        (KJS::ConstStatementNode::streamTo):
+        (KJS::ScopeNode::streamTo):
+        (KJS::VarStatementNode::streamTo):
+        (KJS::ForNode::streamTo):
+        (KJS::ForInNode::streamTo):
+
+2007-12-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        * JavaScriptCore.exp: Remove unused symbol to prevent a weak external symbol
+        being generated in JavaScriptCore.framework.
+
+2007-12-21  Darin Adler  <darin@apple.com>
+
+        Requested by Maciej.
+
+        * kjs/nodes.h: Use the new NEVER_INLINE here and eliminate the old
+        KJS_NO_INLINE. We don't want to have two, and we figured it was better
+        to keep the one that's in WTF.
+
+2007-12-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16561
+          remove debugger overhead from non-debugged JavaScript execution
+
+        1.022x as fast on SunSpider.
+
+        * JavaScriptCore.exp: Updated.
+
+        * kjs/NodeInfo.h: Renamed SourceElementsStub to SourceElements,
+        since that more accurately describes the role of this object, which
+        is a reference-counted wrapper for a Vector.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::didFinishParsing): Changed parameter type to SourceElements,
+        and use plain assignment instead of set.
+        * kjs/Parser.h: Changed parameter type of didFinishParsing to a
+        SourceElements. Also changed m_sourceElements; we now use a RefPtr instead
+        of an OwnPtr as well.
+
+        * kjs/grammar.y: Got rid of all the calls to release() on SourceElements.
+        That's now handed inside the constructors for various node types, since we now
+        use vector swapping instead.
+
+        * kjs/nodes.cpp:
+        (KJS::Node::rethrowException): Added NEVER_INLINE, because this was getting inlined
+        and we want exception handling out of the normal code flow.
+        (KJS::SourceElements::append): Moved here from the header. This now handles
+        creating a BreakpointCheckStatement for each statement in the debugger case.
+        That way we can get breakpoint handling without having it in every execute function.
+        (KJS::BreakpointCheckStatement::BreakpointCheckStatement): Added.
+        (KJS::BreakpointCheckStatement::execute): Added. Contains the code that was formerly
+        in the StatementNode::hitStatement function and the KJS_BREAKPOINT macro.
+        (KJS::BreakpointCheckStatement::streamTo): Added.
+        (KJS::ArgumentListNode::evaluateList): Use KJS_CHECKEXCEPTIONVOID since the return
+        type is void.
+        (KJS::VarStatementNode::execute): Removed KJS_BREAKPOINT.
+        (KJS::BlockNode::BlockNode): Changed parameter type to SourceElements.
+        Changed code to use release since the class now contains a vector rather than
+        a vector point.
+        (KJS::BlockNode::optimizeVariableAccess): Updated since member is now a vector
+        rather than a vector pointer.
+        (KJS::BlockNode::execute): Ditto.
+        (KJS::ExprStatementNode::execute): Removed KJS_BREAKPOINT.
+        (KJS::IfNode::execute): Ditto.
+        (KJS::IfElseNode::execute): Ditto.
+        (KJS::DoWhileNode::execute): Ditto.
+        (KJS::WhileNode::execute): Ditto.
+        (KJS::ContinueNode::execute): Ditto.
+        (KJS::BreakNode::execute): Ditto.
+        (KJS::ReturnNode::execute): Ditto.
+        (KJS::WithNode::execute): Ditto.
+        (KJS::CaseClauseNode::optimizeVariableAccess): Updated since member is now a vector
+        rather than a vector pointer.
+        (KJS::CaseClauseNode::executeStatements): Ditto.
+        (KJS::SwitchNode::execute): Removed KJS_BREAKPOINT.
+        (KJS::ThrowNode::execute): Ditto.
+        (KJS::TryNode::execute): Ditto.
+        (KJS::ScopeNode::ScopeNode): Changed parameter type to SourceElements.
+        (KJS::ProgramNode::ProgramNode): Ditto.
+        (KJS::EvalNode::EvalNode): Ditto.
+        (KJS::FunctionBodyNode::FunctionBodyNode): Ditto.
+        (KJS::ScopeNode::optimizeVariableAccess): Updated since member is now a vector
+        rather than a vector pointer.
+
+        * kjs/nodes.h: Removed hitStatement. Renamed SourceElements to StatementVector.
+        Renamed SourceElementsStub to SourceElements and made it derive from
+        ParserRefCounted rather than from Node, hold a vector rather than a pointer to
+        a vector, and changed the release function to swap with another vector rather
+        than the pointer idiom. Updated BlockNode and CaseClauseNode to hold actual
+        vectors instead of pointers to vectors. Added BreakpointCheckStatement.
+
+        * kjs/nodes2string.cpp:
+        (KJS::statementListStreamTo): Changed to work on a vector instead of a pointer
+        to a vector.
+        (KJS::BlockNode::streamTo): Ditto.
+        (KJS::CaseClauseNode::streamTo):  Ditto.
+
+        * wtf/AlwaysInline.h: Added NEVER_INLINE.
+        * wtf/PassRefPtr.h: Tweaked formatting. Added clear() function that matches the
+        ones in OwnPtr and auto_ptr.
+        * wtf/RefPtr.h: Ditto.
+
+2007-12-21  Darin Adler  <darin@apple.com>
+
+        - fix broken regression tests
+
+        The broken tests were fast/js/do-while-expression-value.html and
+        fast/js/while-expression-value.html.
+
+        * kjs/nodes.cpp: Check in the correct version of this file. I had accidentally landed
+        an old version of my patch for bug 16471.
+        (KJS::statementListExecute): The logic here was backwards. Have to set the value
+        even for non-normal execution results.
+
+2007-12-20  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Copy npruntime_internal.h
+        to WebKitBuild.
+
+2007-12-20  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+        
+        Split IfNode into IfNode and IfElseNode for speedup.
+        http://bugs.webkit.org/show_bug.cgi?id=16470
+        
+        SunSpider claims this is 1.003x as fast as before.
+        (This required running with --runs 15 to get consistent enough results to tell!)
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::IfNode::optimizeVariableAccess):
+        (KJS::IfNode::execute):
+        (KJS::IfNode::getDeclarations):
+        (KJS::IfElseNode::optimizeVariableAccess):
+        (KJS::IfElseNode::execute):
+        (KJS::IfElseNode::getDeclarations):
+        * kjs/nodes.h:
+        (KJS::IfNode::):
+        (KJS::IfElseNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::IfNode::streamTo):
+        (KJS::IfElseNode::streamTo):
+
+2007-12-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        * wtf/OwnPtr.h:
+        (WTF::operator==): Added.
+        (WTF::operator!=): Added.
+
+2007-12-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        AST optimization: Avoid NULL-checking ForNode's child nodes.
+        
+        0.6% speedup on SunSpider.
+        
+        This is a proof of concept patch that demonstrates how to optimize
+        grammar productions with optional components, like
+        
+            for (optional; optional; optional) {
+                ...
+            }
+            
+        The parser emits NULL for an optional component that is not present.
+
+        Instead of checking for a NULL child at execution time, a node that
+        expects an optional component to be present more often than not checks
+        for a NULL child at construction time, and substitutes a viable
+        alternative node in its place.
+
+        (We'd like the parser to start emitting NULL a lot more once we teach
+        it to emit NULL for certain no-op productions like EmptyStatement and
+        VariableStatement, so, as a foundation, it's important for nodes with
+        NULL optional components to be fast.)
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::didFinishParsing): Check for NULL SourceElements. Also,
+        moved didFinishParsing into the .cpp file because adding a branch while
+        it was in the header file caused a substantial and inexplicable
+        performance regression. (Did I mention that GCC is crazy?)
+
+        * kjs/grammar.y:
+
+        * kjs/nodes.cpp:
+        (KJS::BlockNode::BlockNode): Check for NULL SourceElements.
+        (KJS::ForNode::optimizeVariableAccess): No need to check for NULL here.
+        (KJS::ForNode::execute): No need to check for NULL here.
+        * kjs/nodes.h:
+        (KJS::ForNode::): Check for NULL SourceElements. Substitute a TrueNode
+        because it's semantically harmless, and it evaluates to boolean in an
+        efficient manner.
+
+2007-12-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Slight logic reordering in JSImmediate::from(double)
+
+        This gives a 0.6% improvement in SunSpider.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::from):
+
+2007-12-20  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+
+        Fix major Array regression introduced by 28899.
+
+        SunSpider claims this is at least 1.37x as fast as pre-regression. :)
+
+        * kjs/array_instance.cpp: make Arrays fast again!
+
+2007-12-20  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Geoff, then re-rubber-stamped by Geoff after final search/replace and testing.
+
+        Small reworking of Date code for 4% speedup on Date tests (0.2% overall)
+        http://bugs.webkit.org/show_bug.cgi?id=16537
+
+        Make msToYear human-readable
+        Make msToDayInMonth slightly more readable and avoid recalculating msToYear
+        Remove use of isInLeapYear to avoid calling msToYear
+        Remove dayInYear call by changing msToDayInMonth to dayInMonthFromDayInYear
+        Remove more duplicate calls to dayInYear and getUTCOffset for further speedup
+
+        * kjs/DateMath.cpp:
+        (KJS::daysFrom1970ToYear):
+        (KJS::msToYear):
+        (KJS::monthFromDayInYear):
+        (KJS::checkMonth):
+        (KJS::dayInMonthFromDayInYear):
+        (KJS::dateToDayInYear):
+        (KJS::getDSTOffsetSimple):
+        (KJS::getDSTOffset):
+        (KJS::gregorianDateTimeToMS):
+        (KJS::msToGregorianDateTime):
+
+2007-12-20  Rodney Dawes  <dobey@wayofthemonkey.com>
+
+        Reviewed by Darin Adler.
+
+        Proxy includes of npruntime.h or npapi.h through npruntime_internal.h
+        Include stdio.h in npapi.h for the use of FILE with XP_UNIX defined
+        This is for building with X11, as some type and enum names conflict
+        with #define names in X11 headers.
+        http://bugs.webkit.org/show_bug.cgi?id=15669
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/NP_jsobject.h:
+        * bindings/npapi.h:
+        * bindings/npruntime.cpp:
+        * bindings/npruntime_impl.h:
+        * bindings/npruntime_priv.h:
+        * bindings/npruntime_internal.h:
+        * bindings/testbindings.cpp:
+        * bindings/c/c_class.h:
+        * bindings/c/c_runtime.h:
+        * bindings/c/c_utility.h:
+
+2007-12-20  Darin Adler  <darin@apple.com>
+
+        - re-fix http://bugs.webkit.org/show_bug.cgi?id=16471
+          Completions need to be smaller (or not exist at all)
+
+        Same patch as last time with the test failures problem fixed.
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction): Make sure to check the completion
+        type from newExec to see if the execute raised an exception.
+
+2007-12-20  Darin Adler  <darin@apple.com>
+
+        - roll out that last change -- it was causing test failures;
+          I'll check it back in after fixing them
+
+2007-12-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16471
+          Completions need to be smaller (or not exist at all)
+
+        SuSpider shows 2.4% speedup.
+
+        Stop using completions in the execution engine.
+        Instead, the completion type and label target are both
+        stored in the ExecState.
+
+        * API/JSContextRef.cpp: Removed unneeded include of "completion.h".
+        * bindings/runtime_method.cpp: Removed unused execute function.
+        * bindings/runtime_method.h: Ditto.
+
+        * kjs/ExecState.h: Added completionType, breakOrContinueTarget,
+        setCompletionType, setNormalCompletion, setBreakCompletion,
+        setContinueCompletion, setReturnValueCompletion, setThrowCompletion,
+        setInterruptedCompletion, m_completionType, and m_breakOrContinueTarget.
+
+        * kjs/completion.h: Removed constructor and getter for target
+        for break and continue from Completion. This class is now only
+        used for the public API to Interpreter and such.
+
+        * kjs/date_object.h: Removed unused execute function.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction): Removed some unneeded
+        exception processing. Updated to call the new execute function
+        and to get the completion type from the ExecState. Merged in
+        the execute function, which repeated some of the same logic and
+        was called only from here.
+        (KJS::GlobalFuncImp::callAsFunction): More of the same for eval.
+        * kjs/function.h: Removed execute.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate): Added code to convert the result of
+        execut into a Completion.
+
+        * kjs/nodes.cpp:
+        (KJS::Node::setErrorCompletion): Renamed from createErrorCompletion.
+        Now sets the completion type in the ExecState.
+        (KJS::Node::rethrowException): Now sets the completion type in the
+        ExecState.
+        (KJS::StatementNode::hitStatement): Now sets the completion type in
+        the ExecState.
+        (KJS::VarStatementNode::execute): Updated to put completion type in
+        the ExecState instead of a Completion object.
+        (KJS::statementListExecute): Ditto. Also changed the for loop to use
+        indices instead of iterators.
+        (KJS::BlockNode::execute): Updated return type.
+        (KJS::EmptyStatementNode::execute): Updated to put completion type in
+        the ExecState instead of a Completion object.
+        (KJS::ExprStatementNode::execute): Ditto.
+        (KJS::IfNode::execute): Ditto.
+        (KJS::DoWhileNode::execute): Ditto. Also streamlined the logic a little
+        to make the normal case a little faster and moved the end outside the
+        loop so that "break" can do a break.
+        (KJS::WhileNode::execute): Ditto.
+        (KJS::ForNode::execute): Ditto.
+        (KJS::ForInNode::execute): Ditto.
+        (KJS::ContinueNode::execute): Updated to put completion type in
+        the ExecState instead of a Completion object.
+        (KJS::BreakNode::execute): Ditto.
+        (KJS::ReturnNode::execute): Ditto.
+        (KJS::WithNode::execute): Ditto.
+        (KJS::CaseClauseNode::executeStatements): Ditto. Also renamed to have
+        execute in its name to reflect the fact that it's a member of the same
+        family of functions.
+        (KJS::CaseBlockNode::executeBlock): Ditto.
+        (KJS::SwitchNode::execute): Ditto.
+        (KJS::LabelNode::execute): Ditto.
+        (KJS::ThrowNode::execute): Ditto.
+        (KJS::TryNode::execute): Ditto.
+        (KJS::ProgramNode::execute): Ditto.
+        (KJS::EvalNode::execute): Ditto.
+        (KJS::FunctionBodyNode::execute): Ditto.
+        (KJS::FuncDeclNode::execute): Ditto.
+
+        * kjs/nodes.h: Renamed setErrorCompletion to createErrorCompletion, made
+        hitStatement protected, changed return value of execute to a JSValue,
+        renamed evalStatements to executeStatements, and evalBlock to executeBlock.
+
+        * kjs/number_object.h: Removed unused execute function.
+
+2007-12-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Added Radar number.
+
+        * kjs/nodes.cpp:
+        (KJS::ProgramNode::processDeclarations):
+
+2007-12-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Linux build fix: config.h has to come first.
+
+        * kjs/error_object.cpp:
+
+2007-12-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Optimized global access to global variables, using a symbol table.
+        
+        SunSpider reports a 1.5% overall speedup, a 6.2% speedup on 3d-morph,
+        and a whopping 33.1% speedup on bitops-bitwise-and.
+
+        * API/JSCallbackObjectFunctions.h: Replaced calls to JSObject:: with
+        calls to Base::, since JSObject is not always our base class. This
+        was always a bug, but the bug is even more apparent after some of my
+        changes.
+
+        (KJS::::staticFunctionGetter): Replaced use of getDirect with call to
+        getOwnPropertySlot. Global declarations are no longer stored in the
+        property map, so a call to getDirect is insufficient for finding
+        override properties.
+
+        * API/testapi.c: 
+        * API/testapi.js: Added test for the getDirect change mentioned above.
+
+        * kjs/ExecState.cpp: 
+        * kjs/ExecState.h: Dialed back the optimization to store a direct
+        pointer to the localStorage buffer. One ExecState can grow the global
+        object's localStorage without another ExecState's knowledge, so
+        ExecState can't store a direct pointer to the localStorage buffer
+        unless/until we invent a way to update all the relevant ExecStates.
+
+        * kjs/JSGlobalObject.cpp: Inserted the symbol table into get and put
+        operations.
+        (KJS::JSGlobalObject::reset): Reset the symbol table and local storage,
+        too. Also, clear the property map here, removing the need for a
+        separate call.
+
+        * kjs/JSVariableObject.cpp:
+        * kjs/JSVariableObject.h: Added support for saving localStorage and the
+        symbol table to the back/forward cache, and restoring them.
+
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction): Renamed progNode to evalNode
+        because it's an EvalNode, not a ProgramNode.
+
+        * kjs/lookup.h:
+        (KJS::cacheGlobalObject): Replaced put with faster putDirect, since
+        that's how the rest of lookup.h works. putDirect is safe here because
+        cacheGlobalObject is only used for objects whose names are not valid
+        identifiers.
+
+        * kjs/nodes.cpp: The good stuff!
+
+        (KJS::EvalNode::processDeclarations): Replaced hasProperty with
+        the new hasOwnProperty, which is slightly faster.
+
+        * kjs/object.h: Nixed clearProperties because clear() does this job now.
+
+        * kjs/property_map.cpp:
+        * kjs/property_map.h: More back/forward cache support.
+        
+        * wtf/Vector.h:
+        (WTF::::grow): Added fast non-branching grow function. I used it in
+        an earlier version of this patch, even though it's not used anymore.
+
+2007-12-09  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Build fix for non-Mac platforms.  Move NodeInfo into its own header so that the YYTYPE
+        declaration in grammar.h is able to declare members of that type.
+
+        * kjs/NodeInfo.h: Added.
+        (KJS::createNodeInfo):
+        (KJS::mergeDeclarationLists):
+        (KJS::appendToVarDeclarationList):
+        * kjs/grammar.y:
+        * kjs/lexer.cpp:
+
+2007-12-19  Oliver Hunt  <oliver@apple.com>
+
+        Make appendToVarDeclarationList static
+
+        RS=Weinig.
+
+        * kjs/grammar.y:
+
+2007-12-18  Oliver Hunt  <oliver@apple.com>
+
+        Remove dead code due to removal of post-parse declaration discovery.
+
+        RS=Geoff.
+
+        Due to the removal of the declaration discovery pass after parsing we
+        no longer need any of the logic used for that discovery.
+
+        * kjs/nodes.cpp:
+        (KJS::Node::Node):
+        (KJS::VarDeclNode::VarDeclNode):
+        (KJS::BlockNode::BlockNode):
+        (KJS::ForInNode::ForInNode):
+        (KJS::CaseBlockNode::CaseBlockNode):
+        * kjs/nodes.h:
+        (KJS::VarStatementNode::):
+        (KJS::IfNode::):
+        (KJS::DoWhileNode::):
+        (KJS::WhileNode::):
+        (KJS::WithNode::):
+        (KJS::LabelNode::):
+        (KJS::TryNode::):
+        (KJS::FuncDeclNode::):
+        (KJS::CaseClauseNode::):
+        (KJS::ClauseListNode::):
+        (KJS::SwitchNode::):
+
+2007-12-18  Oliver Hunt  <oliver@apple.com>
+
+        Replace post-parse pass to find declarations with logic in the parser itself
+
+        Reviewed by Geoff.
+
+        Instead of finding declarations in a pass following the initial parsing of
+        a program, we incorporate the logic directly into the parser.  This lays
+        the groundwork for further optimisations (such as improving performance in
+        declaration expressions -- var x = y; -- to match that of standard assignment)
+        in addition to providing a 0.4% performance improvement in SunSpider.
+
+        * JavaScriptCore.exp:
+        * kjs/Parser.cpp:
+        (KJS::Parser::parse):
+        * kjs/Parser.h:
+        (KJS::Parser::didFinishParsing):
+        (KJS::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ParserTracked::ParserTracked):
+        (KJS::ParserTracked::~ParserTracked):
+        (KJS::ParserTracked::ref):
+        (KJS::ParserTracked::deref):
+        (KJS::ParserTracked::refcount):
+        (KJS::ParserTracked::clearNewTrackedObjects):
+        (KJS::Node::Node):
+        (KJS::ScopeNode::ScopeNode):
+        (KJS::ProgramNode::ProgramNode):
+        (KJS::EvalNode::EvalNode):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::FunctionBodyNode::initializeSymbolTable):
+        (KJS::FunctionBodyNode::processDeclarations):
+        * kjs/nodes.h:
+        (KJS::ParserTracked::):
+        (KJS::Node::):
+        (KJS::ScopeNode::):
+
+2007-12-18  Xan Lopez  <xan@gnome.org>
+
+        Reviewed by Geoff.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=14521
+        Bug 14521: JavaScriptCore fails to build on Linux/PPC gcc 4.1.2
+        
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::Unlock):
+
+        Use less strict memory operand constraint on inline asm generation.
+        PLATFORM(DARWIN) left unpatched due to Apple's GCC bug.
+
+        Patch by David Kilzer <ddkilzer@webkit.org>
+
+2007-12-18  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Maciej Stachowiak.
+
+        Remove outdated and non-functioning project files for the Apollo port.
+
+        * JavaScriptCore.apolloproj: Removed.
+
+2007-12-18  Darin Adler  <darin@apple.com>
+
+        - fix Windows build
+
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute): Change back from false/true to 0/1 -- I probably should not have
+        deleted MATCH_MATCH and MATCH_NOMATCH, but I'm going to leave them out.
+
+2007-12-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16458
+          REGRESSION (r28164): regular expressions can now hang due to lack of a match limit
+          <rdar://problem/5636067>
+
+        Test: fast/regex/slow.html
+
+        Slows down SunSpider a bit (about 1.01x); filed a bug to follow up on that:
+        http://bugs.webkit.org/show_bug.cgi?id=16503
+
+        * pcre/pcre.h: Changed name of error code to not specifically mention "recursion".
+        * pcre/pcre_exec.cpp:
+        (match): Replaced the depth limit, MATCH_RECURSION_LIMIT, with a total match looping
+        limit, matchLimit. Also eliminated the constants for MATCH_MATCH and MATCH_NOMATCH,
+        since they are just true and false (1 and 0).
+        (jsRegExpExecute): More of the MATCH_MATCH change.
+
+2007-12-17  Darin Adler  <darin@apple.com>
+
+        - speculative build fix for non-gcc platforms
+
+        * pcre/pcre_exec.cpp: (match): Remove unused cases from return switch.
+
+2007-12-16  Mark Rowe  <mrowe@apple.com>
+
+        Speculative build fix for non-Mac platforms.
+
+        * pcre/pcre_compile.cpp: Include string.h for memset, memmove, etc.
+
+2007-12-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=16438
+        - removed some more unused code
+        - changed quite a few more names to WebKit-style
+        - moved more things out of pcre_internal.h
+        - changed some indentation to WebKit-style
+        - improved design of the functions for reading and writing
+          2-byte values from the opcode stream (in pcre_internal.h)
+
+        * pcre/dftables.cpp:
+        (main): Added the kjs prefix a normal way in lieu of using macros.
+
+        * pcre/pcre_compile.cpp: Moved some definitions here from pcre_internal.h.
+        (errorText): Name changes, fewer typedefs.
+        (checkEscape): Ditto. Changed uppercase conversion to use toASCIIUpper.
+        (isCountedRepeat): Name change.
+        (readRepeatCounts): Name change.
+        (firstSignificantOpcode): Got rid of the use of OP_lengths, which is
+        very lightly used here. Hard-coded the length of OP_BRANUMBER.
+        (firstSignificantOpcodeSkippingAssertions): Ditto. Also changed to
+        use the advanceToEndOfBracket function.
+        (getOthercaseRange): Name changes.
+        (encodeUTF8): Ditto.
+        (compileBranch): Name changes. Removed unused after_manual_callout and
+        the code to handle it. Removed code to handle OP_ONCE since we never
+        emit this opcode. Changed to use advanceToEndOfBracket in more places.
+        (compileBracket): Name changes.
+        (branchIsAnchored): Removed code to handle OP_ONCE since we never emit
+        this opcode.
+        (bracketIsAnchored): Name changes.
+        (branchNeedsLineStart): More fo the same.
+        (bracketNeedsLineStart): Ditto.
+        (branchFindFirstAssertedCharacter): Removed OP_ONCE code.
+        (bracketFindFirstAssertedCharacter): More of the same.
+        (calculateCompiledPatternLengthAndFlags): Ditto.
+        (returnError): Name changes.
+        (jsRegExpCompile): Ditto.
+
+        * pcre/pcre_exec.cpp: Moved some definitions here from pcre_internal.h.
+        (matchRef): Updated names.
+        Improved macros to use the do { } while(0) idiom so they expand to single
+        statements rather than to blocks or multiple statements. And refeactored
+        the recursive match macros.
+        (MatchStack::pushNewFrame): Name changes.
+        (getUTF8CharAndIncrementLength): Name changes.
+        (match): Name changes. Removed the ONCE opcode.
+        (jsRegExpExecute): Name changes.
+
+        * pcre/pcre_internal.h: Removed quite a few unneeded includes. Rewrote
+        quite a few comments. Removed the macros that add kjs prefixes to the
+        functions with external linkage; instead renamed the functions. Removed
+        the unneeded typedefs pcre_uint16, pcre_uint32, and uschar. Removed the
+        dead and not-all-working code for LINK_SIZE values other than 2, although
+        we aim to keep the abstraction working. Removed the OP_LENGTHS macro.
+        (put2ByteValue): Replaces put2ByteOpcodeValueAtOffset.
+        (get2ByteValue): Replaces get2ByteOpcodeValueAtOffset.
+        (put2ByteValueAndAdvance): Replaces put2ByteOpcodeValueAtOffsetAndAdvance.
+        (putLinkValueAllowZero): Replaces putOpcodeValueAtOffset; doesn't do the
+        addition, since a comma is really no better than a plus sign. Added an
+        assertion to catch out of range values and changed the parameter type to
+        int rather than unsigned.
+        (getLinkValueAllowZero): Replaces getOpcodeValueAtOffset.
+        (putLinkValue): New function that most former callers of the
+        putOpcodeValueAtOffset function can use; asserts the value that is
+        being stored is non-zero and then calls putLinkValueAllowZero.
+        (getLinkValue): Ditto.
+        (putLinkValueAndAdvance): Replaces putOpcodeValueAtOffsetAndAdvance. No
+        caller was using an offset, which makes sense given the advancing behavior.
+        (putLinkValueAllowZeroAndAdvance): Ditto.
+        (isBracketOpcode): Added. For use in an assertion.
+        (advanceToEndOfBracket): Renamed from moveOpcodePtrPastAnyAlternateBranches,
+        and removed comments about how it's not well designed. This function takes
+        a pointer to the beginning of a bracket and advances to the end of the
+        bracket.
+
+        * pcre/pcre_tables.cpp: Updated names.
+        * pcre/pcre_ucp_searchfuncs.cpp:
+        (kjs_pcre_ucp_othercase): Ditto.
+        * pcre/pcre_xclass.cpp:
+        (getUTF8CharAndAdvancePointer): Ditto.
+        (kjs_pcre_xclass): Ditto.
+        * pcre/ucpinternal.h: Ditto.
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIAlpha): Added an int overload, like the one we already have for
+        isASCIIDigit.
+        (WTF::isASCIIAlphanumeric): Ditto.
+        (WTF::isASCIIHexDigit): Ditto.
+        (WTF::isASCIILower): Ditto.
+        (WTF::isASCIISpace): Ditto.
+        (WTF::toASCIILower): Ditto.
+        (WTF::toASCIIUpper): Ditto.
+
+2007-12-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16459
+          REGRESSION: assertion failure with regexp with \B in a case-ignoring character range
+          <rdar://problem/5646361>
+
+        The problem was that \B was not handled properly in character classes.
+
+        Test: fast/js/regexp-overflow.html
+
+        * pcre/pcre_compile.cpp:
+        (check_escape): Added handling of ESC_b and ESC_B in character classes here.
+        Allows us to get rid of the handling of \b in character classes from all the
+        call sites that handle it separately and to handle \B properly as well.
+        (compileBranch): Remove the ESC_b handling, since it's not needed any more.
+        (calculateCompiledPatternLengthAndFlags): Ditto.
+
+2007-12-16  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=16448
+        Bug 16448: [GTK] Celtic Kane JavaScript performance on Array test is slow relative to Mac
+
+        * kjs/array_instance.cpp:
+        (KJS::compareByStringPairForQSort):
+        (KJS::ArrayInstance::sort): Convert JSValue's to strings once up front and then sort the
+        results.  This avoids calling toString twice per comparison, but requires a temporary buffer
+        so we only use this approach in cases where the array being sorted is not too large.
+
+2007-12-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler and Maciej Stachowiak.
+        
+        More refactoring to support global variable optimization.
+        
+        Changed SymbolTable to use RefPtr<UString::Rep> as its key instead of
+        UString::Rep*. With globals, the symbol table can outlast the
+        declaration node for any given symbol, so the symbol table needs to ref
+        its symbol names.
+        
+        In support, specialized HashMaps with RefPtr keys to allow lookup
+        via raw pointer, avoiding refcount churn.
+        
+        SunSpider reports a .6% speedup (prolly just noise).
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added new file: wtf/RefPtrHashMap.h
+        * JavaScriptCore.xcodeproj/project.pbxproj: ditto
+
+        * kjs/JSVariableObject.cpp:
+        (KJS::JSVariableObject::getPropertyNames): Symbol table keys are RefPtrs now.
+
+        * kjs/SymbolTable.h: Modified key traits to match RefPtr. Added a
+        static Rep* for null, which helps compute the deletedValue() trait.
+
+        * wtf/HashMap.h: #include the RefPtr specialization so everyone can use it.
+
+        * wtf/RefPtrHashMap.h: Copied from wtf/HashMap.h. Added overloaded versions
+        of find(), contains(), get(), set(), add(), remove(), and take() that take
+        raw pointers as keys.
+
+2007-12-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16162
+        Problems with float parsing on Linux (locale-dependent parsing was used).
+
+        * kjs/dtoa.cpp: Removed USE_LOCALE to reduce future confusion.
+        * kjs/lexer.cpp: (KJS::Lexer::lex): Parse with kjs_strtod, not the system one.
+
+2007-12-14  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Mark Rowe.
+
+        Enable the AllInOneFile.cpp optimization for the GTK+ port.
+
+        * JavaScriptCore.pri:
+
+2007-12-14  Mark Rowe  <mrowe@apple.com>
+
+        Unreviewed.  Remove commented out fprintf's that were for debugging purposes only.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+
+2007-12-14  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Don't use the MADV_DONTNEED code path for now as it has no effect on Mac OS X and is
+        currently untested on other platforms.
+
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease): Return after releasing memory rather than potentially falling
+        through into another mechanism if multiple are supported.
+
+2007-12-14  Alp Toker  <alp@atoker.com>
+
+        Build fix for GTK+/Qt and ports that don't use AllInOneFile.cpp.
+
+        Include UnusedParam.h.
+
+        * wtf/TCSystemAlloc.cpp:
+
+2007-12-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Stephanie.
+
+        Fix build on windows
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+
+2007-12-14  Dan Bernstein  <mitz@apple.com>
+
+        - try again to fix the Windows build
+
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+
+2007-12-14  Dan Bernstein  <mitz@apple.com>
+
+        - try to fix the Windows build
+
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+
+2007-12-14  Mark Rowe <mrowe@apple.com>
+
+        Reviewed by Maciej and Oliver.
+
+        Add final changes to make TCMalloc release memory to the system.
+        This results in a 0.4% regression against ToT, but this is offset
+        against the gains made by the original TCMalloc r38 merge - in fact
+        we retain around 0.3-0.4% progression overall.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::InitSizeClasses):
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+
+2007-12-14  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - removed unnecessary includes of "Vector.h"
+
+        * wtf/HashMap.h:
+        (WTF::copyKeysToVector): Make the type of the vector be a template parameter.
+        This allows copying keys into a vector of a base class or one with an inline capacity.
+        (WTF::copyValuesToVector): Ditto.
+        * wtf/HashSet.h:
+        (WTF::copyToVector): Ditto.
+
+2007-12-14  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin and Geoff.
+
+        <rdar://problem/5619295> 
+        REGRESSION: 303-304: Embedded YouTube video fails to render- JS errors (16150) (Flash 9)
+        
+        Get rid of unnecessary and incorrect security checks for plug-ins accessing JavaScript objects. 
+        
+        The way this used to work was that each NPObject that wrapped a JSObject would have a root object
+        corresponding to the frame object (used for managing the lifecycle) and an origin root object (used for
+        doing security checks). 
+        
+        This would prevent a plug-in from accessing a frame's window object if it's security origin was different
+        (some parts of the window, such as the location object, can be accessed from frames with different security 
+        origins, and those checks are being done in WebCore).
+        
+        Also, if a plug-in were to access a window object of a frame that later went away, it could lead to that
+        Window JSObject being garbage collected and the NPObject pointing to freed memory.
+        
+        How this works now is that there is no origin root object anymore, and all NPObject wrappers that are created
+        for a plug-in will have the root object of the containing frame of that plug-in.
+        
+        * bindings/NP_jsobject.cpp:
+        (jsDeallocate):
+        Don't free the origin root object.
+        
+        (_NPN_CreateScriptObject):
+        Remove the origin root object parameter.
+        
+        (_NPN_InvokeDefault):
+        (_NPN_Invoke):
+        (_NPN_Evaluate):
+        (_NPN_GetProperty):
+        (_NPN_SetProperty):
+        (_NPN_RemoveProperty):
+        (_NPN_HasProperty):
+        (_NPN_HasMethod):
+        (_NPN_Enumerate):
+        Get rid of all security checks.
+        
+        * bindings/NP_jsobject.h:
+        Remove originRootObject from the JavaScriptObject struct.
+        
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant):
+        Always use the root object from the ExecState.
+        
+2007-12-13  Steve Falkenburg  <sfalken@apple.com>
+
+        Move source file generation into its own vcproj to fix build dependencies.
+
+        Reviewed by Adam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added.
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+
+2007-12-13  Alp Toker  <alp@atoker.com>
+
+        http://bugs.webkit.org/show_bug.cgi?id=16406
+        [Gtk] JavaScriptCore needs -lpthread
+
+        Build fix for Debian and any other platforms that don't implicitly
+        link to pthread.
+
+        Link to pthread on non-Windows platforms until this dependency is
+        removed from JSC.
+
+2007-12-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Build fix: Note some variables that are used only for ASSERTs.
+
+        * API/testapi.c:
+        (Base_finalize):
+        (globalObject_initialize):
+        (testInitializeFinalize):
+
+2007-12-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed: All JS tests crash on Windows.
+
+        NDEBUG wasn't defined when compiling testkjs in release builds, so the
+        HashTable definition in HashTable.h included an extra data member.
+
+        The solution was to add NDEBUG to the release testkjs configuration on
+        Windows and Mac.
+        
+        For giggles, I also added other missing #defines to testkjs on Windows.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/JavaScriptCore.xcconfig:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/testkjs.cpp:
+        (main):
+
+2007-12-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Removed bogus ASSERT.
+        
+        ASSERT should only be used when we know that a code path will not be
+        taken. This code path is taken often during the jsFunFuzz test.
+
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+
+2007-12-11  Darin Adler  <darin@apple.com>
+
+        * wtf/unicode/qt4/UnicodeQt4.h: Try to fix Qt build by adding U16_IS_SINGLE.
+
+2007-12-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16379
+          REGRESSION(r28525): Failures in http/tests/xmlhttprequest/response-encoding.html and
+          fast/dom/xmlhttprequest-html-response-encoding.html
+          and <rdar://problem/5640230> REGRESSION (306A4-ToT): Access violation in PCRE function
+          find_firstassertedchar
+
+        Test: fast/js/regexp-find-first-asserted.html
+
+        * pcre/pcre_compile.cpp:
+        (compileBracket): Take out unnecessary initialization of out parameters.
+        (branchFindFirstAssertedCharacter): Added. Broke out the half of the function that handles
+        a branch.
+        (bracketFindFirstAssertedCharacter): Renamed from find_firstassertedchar. Also removed the
+        options parameter -- the caller can handle the options.
+        (jsRegExpCompile): Changed call site to call the appropriate bracket or branch version of
+        the find_firstassertedchar function. Also put the REQ_IGNORE_CASE code here instead of
+        passing in the options.
+
+2007-12-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Split this:
+        
+                            FunctionBodyNode
+                                    ^
+                                    |
+                                ProgramNode
+            
+        into this:
+            
+                                ScopeNode
+                ^                   ^                   ^
+                |                   |                   |
+        FunctionBodyNode        ProgramNode         EvalNode
+
+        in preparation for specializing each class more while optimizing global
+        variable access.
+        
+        Also removed some cruft from the FunctionBodyNode interface to simplify
+        things.
+        
+        SunSpider says this patch is a .8% speedup, which seems reasonable,
+        since it eliminates a few branches and adds KJS_FAST_CALL in a few
+        places.
+        
+        Layout tests and JS tests pass. Also, this baby builds on Windows! (Qt
+        mileage may vary...)
+
+2007-12-10  Geoffrey Garen  <ggaren@apple.com>
+
+        RS by Mark Rowe.
+        
+        Mac build fix: added some exported symbols, now that Parser::parse is
+        defined in the header.
+
+        * JavaScriptCore.exp:
+
+2007-12-10  Sam Weinig  <sam@webkit.org>
+
+        Build fix.
+
+        Template methods need to be in the header.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * kjs/Parser.cpp:
+        * kjs/Parser.h:
+        (KJS::Parser::parse):
+
+2007-12-10  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Merged different implementations of Parser::parse into a single,
+        templatized implementation, in preparation for adding yet another
+        implementation for "eval" code.
+        
+        JS and layout tests pass.
+
+2007-12-10  Timothy Hatcher  <timothy@apple.com>
+
+        Reviewed by Mark Rowe
+
+        <rdar://problem/5639463> Bundle versions on Tiger should be 4523.x not 523.x
+
+        * Configurations/Version.xcconfig: Some Tiger versions of Xcode don't set MAC_OS_X_VERSION_MAJOR,
+          so assume Tiger and use a 4 for the SYSTEM_VERSION_PREFIX.
+
+2007-12-10  Mark Rowe  <mrowe@apple.com>
+
+        Tiger build fix.
+
+        * kjs/grammar.y: Use @1 and @0 in place of @$ where Tiger's bison chokes.
+
+2007-12-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16375
+          REGRESSION: Safari crashes on quit
+
+        Probably a debug-only issue.
+
+        * kjs/Parser.cpp:
+        (KJS::parser): Create the parser and never destroy it by using a pointer instead
+        of a global object.
+
+2007-12-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16369
+          REGRESSION (r28525): regular expression tests failing due to bad firstByte optimization
+
+        * pcre/pcre_compile.cpp: Changed some names to use interCaps intead of under_scores.
+        (branchIsAnchored): Broke is_anchored into two separate functions; this one works on a
+        branch and the other on an anchor. The old function would only work on a bracket.
+        Also removed unneeded parameters; the anchored check does not require the bracket
+        map or the options any more because we have a reduced set of features.
+        (bracketIsAnchored): Ditto.
+        (branchNeedsLineStart): Broke canApplyFirstCharOptimization into two functions and gave
+        both a better name. This is the function that was returning the wrong value. The failure
+        was beacuse the old function would only work on a bracket.
+        (bracketNeedsLineStart): Ditto.
+        (jsRegExpCompile): Changed to call the appropriate branch or bracket flavor of the
+        functions based on whether we compiled an outer bracket. Also removed inaccurate comments
+        and unneeded parameters.
+
+        - other small changes
+
+        * pcre/pcre.h: Renumbered error codes, in a logical order. First, normal failure, then
+        the recursion limit, then running out of memory, and finally an unexpected internal error.
+
+        * pcre/pcre_exec.cpp: Fixed indentation.
+        (jsRegExpExecute): Corrected an inaccurate comment.
+
+2007-12-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16370
+          REGRESSION (r28540): source URL and line number no longer set for outer function/programs
+
+        Test: fast/js/exception-linenums-in-html-1.html
+        Test: fast/js/exception-linenums-in-html-2.html
+        Test: fast/js/exception-linenums.html
+
+        By the time the ProgramNode was constructed, the source URL was empty.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::parseProgram): Added code to set and clear m_sourceURL, which is now
+        handled here instead of in the lexer; it needs to still be set when we create the
+        program node. Call setLoc to set the first and last line number.
+        (KJS::Parser::parseFunctionBody): Ditto, but for the body.
+        (KJS::Parser::parse): Removed the sourceURL argument.
+
+        * kjs/Parser.h: Added sourceURL(), m_sourceURL, and m_lastLine. Added a lastLine
+        parameter to didFinishParsing, since the bison grammar knows the last line number
+        and we otherwise do not know it. Removed the sourceURL parameter from parse, since
+        that's now handled at a higher level.
+
+        * kjs/grammar.y: Pass the last line number to didFinishParsing.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::setCode): Removed the sourceURL argument and the code to set m_sourceURL.
+        (KJS::Lexer::clear): Ditto.
+        * kjs/lexer.h: More of the same.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::FunctionBodyNode): Get the source URL from the parser rather
+        than from the lexer. Removed unneeded call to setLoc, since the line numbers already
+        both default to -1.
+
+2007-12-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam W.
+
+        Split the ENABLE_SVG_EXPERIMENTAL_FEATURES flag into separate flags.
+        
+        Fixes <rdar://problem/5620249> Must disable SVG animation
+        <rdar://problem/5612772> Disable SVG filters on Mac to match Windows behavior
+        
+        Minor config changes.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-12-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        - Rename isSafeScript to allowsAccessFrom.
+
+        * bindings/NP_jsobject.cpp:
+        (_isSafeScript):
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::allowsAccessFrom): Reverse caller/argument of allowsAccessFrom to match
+        the new call.
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Refactored variable access optimization: Removed the assumption that
+        the FunctionBodyNode holds the symbol table.
+        
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/nodes.cpp:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/interpreter.cpp:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/grammar.y:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/function_object.cpp:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed crash seen running layout tests.
+        
+        Reverted a change I made earlier today. Added a comment to try to
+        discourage myself from making this mistake a third time.
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::mark):
+        * kjs/function.h:
+        (KJS::ActivationImp::ActivationImpData::ActivationImpData):
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Refactored parsing of global code: Removed the assumption that 
+        ProgramNode inherits from FunctionBodyNode from the parser.
+
+        * kjs/Parser.cpp:
+        (KJS::Parser::parseProgram):
+        (KJS::Parser::parseFunctionBody):
+        (KJS::Parser::parse):
+        * kjs/Parser.h:
+        (KJS::Parser::didFinishParsing):
+        * kjs/function.cpp:
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added JSVariableObject.cpp to the .pri file.
+
+        * JavaScriptCore.pri:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/function.cpp:
+
+2007-12-07  Steve Falkenburg  <sfalken@apple.com>
+
+        Re-named our B&I flag from BUILDBOT to PRODUCTION.
+
+        Reviewed by Sam Weinig.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: removed stray name qualification.
+
+        * kjs/function.h:
+        (KJS::ActivationImp::ActivationImp):
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: moved functions with qualified names outside of class
+        declaration.
+
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::symbolTableGet):
+        (KJS::JSVariableObject::symbolTablePut):
+
+2007-12-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Next step in refactoring JSGlobalObject: Added JSVariableObject class,
+        and factored symbol-table-related code into it. (JSGlobalObject doesn't
+        use the symbol table code yet, though.)
+        
+        Layout and JS tests, and testapi, pass. SunSpider reports no regression.
+
+2007-12-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16185
+          jsRegExpCompile should not add implicit non-capturing bracket
+
+        While this does not make SunSpider faster, it will make many regular
+        expressions a bit faster.
+
+        * pcre/pcre_compile.cpp: Moved CompileData struct in here from the
+        header since it's private to this file.
+        (compile_branch): Updated for function name change.
+        (compile_bracket): Renamed from compile_regex, since, for one thing,
+        this does not compile an entire regular expression.
+        (calculateCompiledPatternLengthAndFlags): Removed unused item_count
+        local variable. Renamed CompileData to cd instead of compile_block
+        to be consistent with other functions. Added code to set the
+        needOuterBracket flag if there's at least one "|" at the outer level.
+        (jsRegExpCompile): Renamed CompileData to cd instead of compile_block
+        to be consistent with other functions. Removed unneeded "size" field
+        from the compiled regular expression. If no outer bracket is needed,
+        then use compile_branch to compile the regular expression.
+
+        * pcre/pcre_internal.h: Removed the CompileData struct, which is now
+        private to pcre_compile.cpp. Removed the size member from JSRegExp.
+
+2007-12-06  Kevin Ollivier  <kevino@theolliviers.com>
+
+        MSVC7 build fix due to a compiler bug with placement new and/or
+        templates and casting.
+
+        Reviewed by Darin Adler.
+
+        * wtf/Vector.h:
+        (WTF::::append):
+
+2007-12-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16321
+          new RegExp("[\u0097]{4,6}", "gmy") crashes in DEBUG builds
+          <rdar://problem/5632992>
+
+        Test: fast/js/regexp-oveflow.html
+
+        * pcre/pcre_compile.cpp:
+        (calculateCompiledPatternLengthAndFlags): In the case where a single character
+        character class is optimized to not use a character class at all, the preflight
+        code was not setting the lastitemlength variable.
+
+2007-12-05  Mark Rowe  <mrowe@apple.com>
+
+        Qt Windows build fix.  Include the time-related headers in the correct place.
+
+        * kjs/JSGlobalObject.cpp:
+        * kjs/interpreter.cpp:
+
+2007-12-05  Darin Adler  <darin@apple.com>
+
+        Not reviewed; just undoing a previous commit.
+
+        - remove earlier incorrect fix for http://bugs.webkit.org/show_bug.cgi?id=16220
+          <rdar://problem/5625221> Crash opening www.news.com (CNet)
+
+        The real bug was the backwards ?: in the compile function, which Geoff just
+        fixed. Rolling out the incorrect earlier fix.
+
+        * pcre/pcre_compile.cpp: (calculateCompiledPatternLengthAndFlags): Take out
+        the unneeded preflight change. The regression test proves this is still working
+        fine, so the bug remains fixed.
+
+2007-12-01  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.  Include headers before trying to use the things that they declare.
+
+        * kjs/JSImmediate.cpp:
+        * kjs/nodes.cpp:
+        * kjs/object.cpp:
+        * kjs/object_object.cpp:
+        * kjs/regexp_object.cpp:
+        * kjs/string_object.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added some #includes.
+
+        * kjs/JSImmediate.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added some #includes.
+
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSImmediate.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: Fixed #include spelling.
+
+        * kjs/debugger.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added #include.
+
+        * kjs/debugger.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added a forward declaration.
+
+        * kjs/debugger.h:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added an #include.
+
+        * kjs/error_object.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added an #include.
+
+        * kjs/bool_object.cpp:
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Third step in refactoring JSGlobalObject: Moved data members and 
+        functions accessing data members from Interpreter to JSGlobalObject.
+        Changed Interpreter member functions to static functions.
+        
+        This resolves a bug in global object bootstrapping, where the global
+        ExecState could be used when uninitialized.
+        
+        This is a big change, but it's mostly code motion and renaming.
+        
+        Layout and JS tests, and testjsglue and testapi, pass. SunSpider reports
+        a .7% regression, but Shark sees no difference related to this patch,
+        and SunSpider reported a .7% speedup from an earlier step in this 
+        refactoring, so I think it's fair to call that a wash.
+
+2007-12-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler. (Or vice versa.)
+        
+        Fixed ASSERT during run-javascriptcore-tests. (Darin just added the
+        ASSERT, but the bug wasn't new.)
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch): The ?: operator here was backwards, causing us to
+        execute the loop too many times, adding stray KET opcodes to the
+        compiled regular expression.
+
+2007-12-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        - Wait until local variable data is fully constructed before notifying the debugger of entering
+        or leaving a call frame.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::execute):
+
+2007-12-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver.
+
+        Build fix for GCC 4.2. Cast via a union to avoid strict-aliasing issues.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::):
+        (WTF::getPageHeap):
+
+2007-12-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin.
+
+        Fix testkjs in 64-bit.
+
+        When built for 64-bit the TCMalloc spin lock uses pthread mutexes rather than a custom spin lock
+        implemented in assembly.  If we fail to initialize the pthread mutex, attempts to lock or unlock
+        it will fail and trigger a call to abort.
+
+        * wtf/FastMalloc.cpp: Initialize the spin lock so that we can later lock and unlock it.
+        * wtf/TCSpinLock.h: Add an Init method to the optimised spin lock.
+
+2007-12-04  Oliver Hunt  <oliver@apple.com>
+
+        Fix gtk build.
+
+        * wtf/TCSystemAlloc.cpp:
+
+2007-12-03  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe and Geoff Garen.
+
+        Merge TCMalloc r38
+
+        It also result in a performance progression between 0.5% and 
+        0.9% depending on the test, however most if not all of this 
+        gain will be consumed by the overhead involved in the later
+        change to release memory to the system.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/FastMalloc.cpp:
+        (WTF::KernelSupportsTLS):
+        (WTF::CheckIfKernelSupportsTLS):
+        (WTF::):
+        (WTF::ClassIndex):
+        (WTF::SLL_Next):
+        (WTF::SLL_SetNext):
+        (WTF::SLL_Push):
+        (WTF::SLL_Pop):
+        (WTF::SLL_PopRange):
+        (WTF::SLL_PushRange):
+        (WTF::SLL_Size):
+        (WTF::SizeClass):
+        (WTF::ByteSizeForClass):
+        (WTF::NumMoveSize):
+        (WTF::InitSizeClasses):
+        (WTF::AllocationSize):
+        (WTF::TCMalloc_PageHeap::GetSizeClassIfCached):
+        (WTF::TCMalloc_PageHeap::CacheSizeClass):
+        (WTF::TCMalloc_PageHeap::init):
+        (WTF::TCMalloc_PageHeap::New):
+        (WTF::TCMalloc_PageHeap::AllocLarge):
+        (WTF::TCMalloc_PageHeap::Carve):
+        (WTF::TCMalloc_PageHeap::Delete):
+        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
+        (WTF::PagesToMB):
+        (WTF::TCMalloc_PageHeap::Dump):
+        (WTF::TCMalloc_PageHeap::GrowHeap):
+        (WTF::TCMalloc_PageHeap::Check):
+        (WTF::ReleaseFreeList):
+        (WTF::TCMalloc_PageHeap::ReleaseFreePages):
+        (WTF::TCMalloc_ThreadCache_FreeList::Push):
+        (WTF::TCMalloc_ThreadCache_FreeList::PushRange):
+        (WTF::TCMalloc_ThreadCache_FreeList::PopRange):
+        (WTF::TCMalloc_ThreadCache_FreeList::Pop):
+        (WTF::TCMalloc_Central_FreeList::length):
+        (WTF::TCMalloc_Central_FreeList::tc_length):
+        (WTF::TCMalloc_Central_FreeList::Init):
+        (WTF::TCMalloc_Central_FreeList::ReleaseListToSpans):
+        (WTF::TCMalloc_Central_FreeList::EvictRandomSizeClass):
+        (WTF::TCMalloc_Central_FreeList::MakeCacheSpace):
+        (WTF::TCMalloc_Central_FreeList::ShrinkCache):
+        (WTF::TCMalloc_Central_FreeList::InsertRange):
+        (WTF::TCMalloc_Central_FreeList::RemoveRange):
+        (WTF::TCMalloc_Central_FreeList::FetchFromSpansSafe):
+        (WTF::TCMalloc_Central_FreeList::Populate):
+        (WTF::TCMalloc_ThreadCache::Init):
+        (WTF::TCMalloc_ThreadCache::Cleanup):
+        (WTF::TCMalloc_ThreadCache::Allocate):
+        (WTF::TCMalloc_ThreadCache::Deallocate):
+        (WTF::TCMalloc_ThreadCache::FetchFromCentralCache):
+        (WTF::TCMalloc_ThreadCache::ReleaseToCentralCache):
+        (WTF::TCMalloc_ThreadCache::Scavenge):
+        (WTF::TCMalloc_ThreadCache::PickNextSample):
+        (WTF::TCMalloc_ThreadCache::NewHeap):
+        (WTF::TCMalloc_ThreadCache::GetThreadHeap):
+        (WTF::TCMalloc_ThreadCache::GetCache):
+        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (WTF::TCMalloc_ThreadCache::InitTSD):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+        (WTF::TCMallocStats::ExtractStats):
+        (WTF::TCMallocStats::DumpStats):
+        (WTF::TCMallocStats::DumpStackTraces):
+        (WTF::TCMallocStats::TCMallocImplementation::MarkThreadIdle):
+        (WTF::TCMallocStats::TCMallocImplementation::ReleaseFreeMemory):
+        (WTF::TCMallocStats::TCMallocGuard::TCMallocGuard):
+        (WTF::TCMallocStats::TCMallocGuard::~TCMallocGuard):
+        (WTF::TCMallocStats::DoSampledAllocation):
+        (WTF::TCMallocStats::CheckCachedSizeClass):
+        (WTF::TCMallocStats::CheckedMallocResult):
+        (WTF::TCMallocStats::SpanToMallocResult):
+        (WTF::TCMallocStats::do_malloc):
+        (WTF::TCMallocStats::do_free):
+        (WTF::TCMallocStats::do_memalign):
+        (WTF::TCMallocStats::do_malloc_stats):
+        (WTF::TCMallocStats::do_mallopt):
+        (WTF::TCMallocStats::do_mallinfo):
+        (WTF::TCMallocStats::realloc):
+        (WTF::TCMallocStats::cpp_alloc):
+        (WTF::TCMallocStats::operator new):
+        (WTF::TCMallocStats::):
+        (WTF::TCMallocStats::operator new[]):
+        (WTF::TCMallocStats::malloc_stats):
+        (WTF::TCMallocStats::mallopt):
+        (WTF::TCMallocStats::mallinfo):
+        * wtf/TCPackedCache.h: Added.
+        (PackedCache::PackedCache):
+        (PackedCache::Put):
+        (PackedCache::Has):
+        (PackedCache::GetOrDefault):
+        (PackedCache::Clear):
+        (PackedCache::EntryToValue):
+        (PackedCache::EntryToUpper):
+        (PackedCache::KeyToUpper):
+        (PackedCache::UpperToPartialKey):
+        (PackedCache::Hash):
+        (PackedCache::KeyMatch):
+        * wtf/TCPageMap.h:
+        (TCMalloc_PageMap2::PreallocateMoreMemory):
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+        * wtf/TCSystemAlloc.h:
+
+2007-12-04  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Sam.
+
+        Make isSafeScript const.
+        
+        * kjs/JSGlobalObject.h:
+        (KJS::JSGlobalObject::isSafeScript):
+
+2007-12-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix first part of http://bugs.webkit.org/show_bug.cgi?id=16220
+          <rdar://problem/5625221> Crash opening www.news.com (CNet)
+
+        Test: fast/js/regexp-overflow.html
+
+        * pcre/pcre_compile.cpp:
+        (calculateCompiledPatternLengthAndFlags): Add room for the additional BRA/KET that
+        was generated in the compile code but not taken into account here.
+
+2007-12-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15618
+          <rdar://problem/5619353> REGRESSION: Stack overflow/crash in KJS::equal (15618)
+
+        Test: fast/js/recursion-limit-equal.html
+
+        * kjs/operations.cpp: (KJS::equal): Check the exception from toPrimitive.
+
+2007-12-03  Dan Bernstein  <mitz@apple.com>
+
+        - fix a copy-and-paste-o
+
+        * bindings/npruntime.cpp:
+        (_NPN_GetIntIdentifier):
+
+2007-12-03  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        - fix an ASSERT when getIntIdentifier is called with 0 or -1
+
+        * bindings/npruntime.cpp:
+        (_NPN_GetIntIdentifier): We cannot use the hashmap for 0 and -1 since
+        they are the empty value and the deleted value. Instead, keep the
+        identifiers for those two integers in a static array.
+
+2007-12-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mitz.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15848
+          <rdar://problem/5619330> REGRESSION: Assertion failure viewing comments page on digg.com
+
+        Test: fast/js/sparse-array.html
+
+        * kjs/array_instance.cpp:
+        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Check sparse array cutoff before looking
+        in hash map. Can't avoid the branch because we can't look for 0 in the hash.
+        (KJS::ArrayInstance::deleteProperty): Ditto.
+
+2007-12-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: added an #include.
+
+        * kjs/collector.cpp:
+
+2007-12-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        Second step in refactoring JSGlobalObject: moved virtual functions from
+        Interpreter to JSGlobalObject.
+        
+        Layout and JS tests pass. SunSpider reports a .7% speedup -- don't 
+        believe his lies.
+
+2007-12-01  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Adam Roben.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16228
+        kJSClassDefinitionEmpty is not exported with JS_EXPORT
+
+        Add JS_EXPORT to kJSClassDefinitionEmpty.
+
+        Make the gcc compiler check take precedence over the WIN32||_WIN32
+        check to ensure that symbols are exported on Windows when using gcc.
+
+        Add a TODO referencing the bug about JS_EXPORT in the Win build
+        (http://bugs.webkit.org/show_bug.cgi?id=16227)
+
+        Don't define JS_EXPORT as 'extern' when the compiler is unknown since
+        it would result in the incorrect expansion:
+
+          extern extern const JSClassDefinition kJSClassDefinitionEmpty;
+
+        (This was something we inherited from CFBase.h that doesn't make sense
+        for JSBase.h)
+
+        * API/JSBase.h:
+        * API/JSObjectRef.h:
+
+2007-11-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Reversed the ownership relationship between Interpreter and JSGlobalObject.
+        Now, the JSGlobalObject owns the Interpreter, and top-level objects
+        that need the two to persist just protect the JSGlobalObject from GC.
+        
+        Global object bootstrapping looks a little odd right now, but it will
+        make much more sense soon, after further rounds of refactoring.
+
+        * bindings/runtime_root.h: Made this class inherit from RefCounted,
+        to avoid code duplication.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect): No need to give special GC treatment to 
+        Interpreters, since we mark their global objects, which mark them.
+
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::mark): No need to mark our global object, since it
+        marks us.
+        * kjs/interpreter.h: Don't inherit from RefCounted -- JSGlobalObject 
+        owns us directly.
+
+        * kjs/testkjs.cpp: Modified to follow the new rules.
+        (createGlobalObject):
+        (runWithScripts):
+
+2007-11-30  Brent Fulgham  <bfulgham@gmail.com>
+
+        Reviewed by Eric.
+
+        * ChangeLog:
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+
+2007-11-30  Eric Seidel  <eric@webkit.org>
+
+        No review, build fix only.
+        
+        Fix uninitialized var warnings in release build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * pcre/pcre_compile.cpp:
+        (compile_regex):
+
+2007-11-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam Roben.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16207
+          JavaScript regular expressions should match UTF-16 code units rather than characters
+
+        SunSpider says this is 5.5% faster on the regexp test, 0.4% faste overall.
+
+        Test: fast/js/regexp-non-bmp.html
+
+        Renamed ANY_CHAR to NOT_NEWLINE to more-accurately reflect its meaning.
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch): Removed calls to the UTF-16 character accessor functions, replacing
+        them with simple pointer dereferences in some cases, and no code at all in others.
+        (calculateCompiledPatternLengthAndFlags): Ditto.
+
+        * pcre/pcre_exec.cpp:
+        (match): Fixed indentation of some case labels (including all the BEGIN_OPCODE).
+        Removed calls to the UTF-16 character accessor functions, replacing them with simple
+        pointer dereferences in some cases, and no code at all in others. Also removed some
+        explicit UTF-16 support code in a few cases. Removed the unneeded "UTF-8" code path
+        in the ANY_CHAR repeat code, and in another case, eliminated the code to check against
+        end_subject in because it is already done outside the loop.
+        (jsRegExpExecute):
+
+        * pcre/pcre_internal.h: Removed all the UTF-16 helper functions.
+
+2007-11-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        PCRE crashes under GuardMalloc
+        http://bugs.webkit.org/show_bug.cgi?id=16127
+        check against patternEnd to make sure we don't walk off the end of the string
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (calculateCompiledPatternLengthAndFlags):
+
+2007-11-30  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        Fix layout test regressions caused by r28186
+        http://bugs.webkit.org/show_bug.cgi?id=16195
+        change first_byte and req_byte back to shorts instead of chars
+        (I think PCRE stuffs information in the high bits) 
+
+        * pcre/pcre_internal.h:
+
+2007-11-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej and Darin.
+
+        Make the JS collector work with multiple threads 
+
+        Under heavy contention it was possible the GC to suspend other
+        threads inside the pthread spinlock, which could lead to the GC
+        thread blocking on the pthread spinlock itself.
+
+        We now determine and store each thread's stack base when it is
+        registered, thus removing the need for any calls to pthread_get_stackaddr_np
+        that needed the pthread spinlock.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::Thread::Thread):
+        (KJS::Collector::registerThread):
+        (KJS::Collector::markOtherThreadConservatively):
+
+2007-11-29  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        Removed some unreachable code (ironically, the code was some
+        ASSERT_NOT_REACHED()s).
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2007-11-29  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Mark Rowe.
+        
+        Fix for --guard crash of fast/js/regexp-charclass-crash introduced by r28151.
+
+        * pcre/pcre_compile.cpp:
+        (is_anchored):
+
+2007-11-28  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.  Rubber-stamped by Eric.
+
+        * pcre/pcre_exec.cpp:
+        (match): Add braces around the body of the case statement to prevent
+        wanings about jumps across the initialization of a variable.
+
+2007-11-29  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Mark Rowe.
+        
+        Attempt to fix non-mac builds after PCRE cleanup.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCoreSources.bkl:
+        * pcre/pcre.pri:
+
+2007-11-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Centralize code for subjectPtr adjustments using inlines, only ever check for a single
+        trailing surrogate (as UTF16 only allows one), possibly fix PCRE bugs involving char
+        classes and garbled UTF16 strings.
+
+        * pcre/pcre_exec.cpp:
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+        (getPreviousChar):
+        (movePtrToPreviousChar):
+        (movePtrToNextChar):
+        (movePtrToStartOfCurrentChar):
+
+2007-11-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        change getChar* functions to return result and push 'c' into local scopes for clarity
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (calculateCompiledPatternLengthAndFlags):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+        (getChar):
+        (getCharAndAdvance):
+        (getCharAndLength):
+        (getCharAndAdvanceIfSurrogate):
+
+2007-11-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Comment cleanup
+
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Further cleanups to calculateCompiledPatternLengthAndFlags
+
+        * pcre/pcre_compile.cpp:
+        (calculateCompiledPatternLengthAndFlags):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Give consistent naming to the RegExp options/compile flags
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (is_anchored):
+        (find_firstassertedchar):
+        (printCompiledRegExp):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Pull first_byte and req_byte optimizations out into separate static funtions, SunSpider reported this as a win.
+
+        * pcre/pcre_exec.cpp:
+        (tryFirstByteOptimization):
+        (tryRequiredByteOptimization):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        give PCRE_MULTILINE a better name: OptionMatchAcrossMultipleLines
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (is_anchored):
+        (printCompiledRegExp):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        Deprecate jsRegExpExecute's offset-vector fallback code
+
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Make cur_is_word and prev_is_word locals, and change OP_ANY to OP_ANY_CHAR for clarity
+
+        * pcre/pcre_compile.cpp:
+        (find_fixedlength):
+        (compile_branch):
+        (canApplyFirstCharOptimization):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Mitz & Maciej.
+
+        Change _NC operators to use _IGNORING_CASE for clarity
+
+        * pcre/pcre_compile.cpp:
+        (find_fixedlength):
+        (compile_branch):
+        (find_firstassertedchar):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Mitz.
+
+        Remove branch from return
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Add repeatInformationFromInstructionOffset inline
+
+        * pcre/pcre_exec.cpp:
+        (repeatInformationFromInstructionOffset):
+        (match):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Remove no longer used error code JSRegExpErrorMatchLimit
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::match):
+        * pcre/pcre.h:
+        * pcre/pcre_internal.h:
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Make i locally scoped for better code clarity
+
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Give subjectPtr and instructionPtr sane names, reduce size of MatchFrame for a 0.2% speedup.
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (calculateCompiledPatternLengthAndFlags):
+        * pcre/pcre_exec.cpp:
+        (match_ref):
+        (MatchStack::pushNewFrame):
+        (getUTF8CharAndIncrementLength):
+        (match):
+        * pcre/pcre_internal.h:
+        (getChar):
+        (getCharAndAdvance):
+        (getCharAndLength):
+        (getCharAndAdvanceIfSurrogate):
+        * pcre/pcre_xclass.cpp:
+        (getUTF8CharAndAdvancePointer):
+
+2007-11-26  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Small speedup (0.7%) by simplifying canUseStackBufferForNextFrame() check
+
+        * pcre/pcre_exec.cpp:
+        (MatchStack::MatchStack):
+        (MatchStack::popCurrentFrame):
+
+2007-11-25  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Lower MATCH_LIMIT_RECURSION to more sane levels to prevent hangs on run-javascriptcore-tests
+
+        * pcre/pcre_internal.h:
+
+2007-11-25  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Remove match_is_group variable for another 5% speedup
+
+        * pcre/pcre_compile.cpp:
+        * pcre/pcre_exec.cpp:
+        (startNewGroup):
+        (match):
+
+2007-11-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Abstract frame variables into locals and args
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+
+2007-11-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Section off MatchData arguments into args struct
+
+        * pcre/pcre_exec.cpp:
+        (MatchStack::pushNewFrame):
+        (match):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Remove redundant eptrblock struct
+
+        * pcre/pcre_exec.cpp:
+        (MatchStack::pushNewFrame):
+        (match):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Remove redundant match_call_count and move recursion check out of super-hot code path
+        SunSpider says this is at least an 8% speedup for regexp.
+
+        * pcre/pcre_exec.cpp:
+        (MatchStack::MatchStack):
+        (MatchStack::pushNewFrame):
+        (MatchStack::popCurrentFrame):
+        (MatchStack::popAllFrames):
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Get rid of GETCHAR* macros, replacing them with better named inlines
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (calculateCompiledPatternLengthAndFlags):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+        (getCharAndAdvance):
+        (getCharAndLength):
+        (getCharAndAdvanceIfSurrogate):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Further cleanup GET/PUT inlines
+
+        * pcre/pcre_internal.h:
+        (putOpcodeValueAtOffset):
+        (getOpcodeValueAtOffset):
+        (putOpcodeValueAtOffsetAndAdvance):
+        (put2ByteOpcodeValueAtOffset):
+        (get2ByteOpcodeValueAtOffset):
+        (put2ByteOpcodeValueAtOffsetAndAdvance):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Give GET, PUT better names, and add (poor) moveOpcodePtrPastAnyAlternateBranches
+
+        * pcre/pcre_compile.cpp:
+        (firstSignificantOpCodeSkippingAssertions):
+        (find_fixedlength):
+        (complete_callout):
+        (compile_branch):
+        (compile_regex):
+        (is_anchored):
+        (canApplyFirstCharOptimization):
+        (find_firstassertedchar):
+        * pcre/pcre_exec.cpp:
+        (match):
+        * pcre/pcre_internal.h:
+        (putOpcodeValueAtOffset):
+        (getOpcodeValueAtOffset):
+        (putOpcodeValueAtOffsetAndAdvance):
+        (put2ByteOpcodeValueAtOffset):
+        (get2ByteOpcodeValueAtOffset):
+        (moveOpcodePtrPastAnyAlternateBranches):
+        * pcre/pcre_ucp_searchfuncs.cpp:
+        (_pcre_ucp_othercase):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Add inlines for toLowerCase, isWordChar, isSpaceChar for further regexp speedup
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+        (toLowerCase):
+        (flipCase):
+        (classBitmapForChar):
+        (charTypeForChar):
+        (isWordChar):
+        (isSpaceChar):
+        (CompileData::CompileData):
+        * pcre/pcre_xclass.cpp:
+        (_pcre_xclass):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        cleanup _pcre_ucp_othercase
+
+        * pcre/pcre_ucp_searchfuncs.cpp:
+        (_pcre_ucp_othercase):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Use better variable names for case ignoring options
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (find_firstassertedchar):
+        (printCompiledRegExp):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (match_ref):
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        split first_significant_code into two simpler functions
+
+        * pcre/pcre_compile.cpp:
+        (firstSignificantOpCode):
+        (firstSignificantOpCodeSkippingAssertions):
+        (is_anchored):
+        (canApplyFirstCharOptimization):
+        (find_firstassertedchar):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        clean up is_counted_repeat
+
+        * pcre/pcre_compile.cpp:
+        (is_counted_repeat):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        clean up check_escape
+
+        * pcre/pcre_compile.cpp:
+        (check_escape):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Reformat find_fixedlength
+
+        * pcre/pcre_compile.cpp:
+        (find_fixedlength):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        reformat is_anchored
+
+        * pcre/pcre_compile.cpp:
+        (is_anchored):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Remove unused function could_be_empty_branch
+
+        * pcre/pcre_compile.cpp:
+        (first_significant_code):
+        (find_fixedlength):
+        (compile_branch):
+        (canApplyFirstCharOptimization):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Pass around MatchData objects by reference
+
+        * pcre/pcre_exec.cpp:
+        (pchars):
+        (match_ref):
+        (match):
+        (jsRegExpExecute):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        give PCRE_STARTLINE a better name and rename match_data to MatchData
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (canApplyFirstCharOptimization):
+        (find_firstassertedchar):
+        (printCompiledRegExp):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (pchars):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Clean up find_firstassertedchar
+
+        * pcre/pcre_compile.cpp:
+        (get_othercase_range):
+        (find_firstassertedchar):
+        (calculateCompiledPatternLengthAndFlags):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Tim Hatcher.
+
+        Pass around CompileData& instead of CompileData*
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+        (jsRegExpCompile):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Clean up compile_branch, move _pcre_ord2utf8, and rename CompileData
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * pcre/pcre_compile.cpp:
+        (_pcre_ord2utf8):
+        (calculateCompiledPatternLengthAndFlags):
+        (jsRegExpCompile):
+        * pcre/pcre_internal.h:
+        * pcre/pcre_ord2utf8.cpp: Removed.
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        removing more macros
+
+        * pcre/pcre_compile.cpp:
+        (could_be_empty_branch):
+        (compile_branch):
+        (calculateCompiledPatternLengthAndFlags):
+        * pcre/pcre_exec.cpp:
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+        * pcre/pcre_xclass.cpp:
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        clean up formating in compile_branch
+
+        * pcre/pcre_compile.cpp:
+        (compile_branch):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Fix spacing for read_repeat_counts
+
+        * pcre/pcre_compile.cpp:
+        (read_repeat_counts):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Get rid of PCRE custom char types
+
+        * pcre/pcre_compile.cpp:
+        (check_escape):
+        (complete_callout):
+        (compile_branch):
+        (compile_regex):
+        (calculateCompiledPatternLengthAndFlags):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (match_ref):
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        reformat get_othercase_range
+
+        * pcre/pcre_compile.cpp:
+        (get_othercase_range):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Remove register keyword and more cleanup
+
+        * pcre/pcre_compile.cpp:
+        (find_fixedlength):
+        (compile_branch):
+        (is_anchored):
+        (is_startline):
+        (find_firstassertedchar):
+        (calculateCompiledPatternLengthAndFlags):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (MatchStack::canUseStackBufferForNextFrame):
+        (MatchStack::allocateNextFrame):
+        (MatchStack::pushNewFrame):
+        (MatchStack::frameIsStackAllocated):
+        (MatchStack::popCurrentFrame):
+        (MatchStack::unrollAnyHeapAllocatedFrames):
+        (getUTF8CharAndIncrementLength):
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+        (PUT2INC):
+        (isLeadingSurrogate):
+        (isTrailingSurrogate):
+        (decodeSurrogatePair):
+        (getChar):
+        * pcre/pcre_ord2utf8.cpp:
+        (_pcre_ord2utf8):
+        * pcre/pcre_xclass.cpp:
+        (getUTF8CharAndAdvancePointer):
+        (_pcre_xclass):
+
+2007-11-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Clean up jsRegExpExecute
+
+        * pcre/pcre_compile.cpp:
+        (returnError):
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+
+2007-11-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff.
+
+        Merging updated system alloc and spinlock code from r38 of TCMalloc.
+
+        This is needed as a precursor to the merge of TCMalloc proper.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_PageHeap::GrowHeap):
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::TCMalloc_SpinLock):
+        (TCMalloc_SpinLock::):
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        (TCMalloc_SpinLock::IsHeld):
+        * wtf/TCSystemAlloc.cpp:
+        (TrySbrk):
+        (TryMmap):
+        (TryVirtualAlloc):
+        (TryDevMem):
+        (TCMalloc_SystemAlloc):
+        * wtf/TCSystemAlloc.h:
+
+2007-11-28  Brady Eidson <beidson@apple.com>
+
+        Reviewed by Geoff
+
+        Add copyKeysToVector utility, mirroring copyValuesToVector
+        Also change the copyValuesToVector implementation to be a little more attractive
+
+        * wtf/HashMap.h:
+        (WTF::copyKeysToVector):
+        (WTF::copyValuesToVector):
+
+2007-11-27  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Mark Rowe.
+
+        Add a list of public JavaScriptCore headers for installation.
+
+        This follows the convention used for the Qt and GTK+ header lists.
+
+        * headers.pri: Added.
+
+2007-11-27  Alp Toker  <alp@atoker.com>
+
+        Prospective MSVC build fix.
+
+        Roll back dllexport/dllimport support for now.
+
+        * API/JSBase.h:
+
+2007-11-27  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Maciej.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15569
+        [gtk] GTK JavaScriptCore needs to export symbols for JSC API and WTF
+
+        Introduce JS_EXPORT to mark symbols to be exported as public API.
+
+        Export all public symbols in the JavaScriptCore C API.
+
+        This matches conventions for exporting symbols set by the CF and CG
+        frameworks.
+
+        * API/JSBase.h:
+        * API/JSContextRef.h:
+        * API/JSObjectRef.h:
+        * API/JSStringRef.h:
+        * API/JSStringRefBSTR.h:
+        * API/JSStringRefCF.h:
+        * API/JSValueRef.h:
+
+2007-11-27  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Adam.
+
+        Make PropertyNameArray and ScopeChain COMEnumVariant friendly.
+        
+        * kjs/PropertyNameArray.cpp:
+        (KJS::PropertyNameArray::swap):
+        Implement PropertyNameArray::swap.
+        
+        * kjs/PropertyNameArray.h:
+        Add ValueType typedef. Replace PropertyNameArrayIterator with 
+        PropertyNameArray::const_iterator.
+        
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::execute):
+        * kjs/scope_chain.cpp:
+        (KJS::ScopeChain::print):
+        Update for changes to PropertyNameArray.
+        
+        * kjs/scope_chain.h:
+        Add const_iterator and ValueType typedef.
+        
+2007-11-27  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin.
+
+        Add a ValueType typedef.
+        
+        * wtf/Vector.h:
+
+2007-11-26  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mitz.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=16096
+          REGRESSION (r26653-r26699): Plaxo.com addressbook does not load in webkit nightlies
+
+        Test: fast/js/regexp-overflow.html
+
+        * pcre/pcre_compile.cpp: (calculateCompiledPatternLengthAndFlags):
+        Removed a stray "ptr++" that I added by accident when merging the
+        changes between PCRE 6.4 and 6.5. 
+
+2007-11-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Kevin McCullough.
+        
+        Fixed <rdar://problem/5597937> REGRESSION (r27126): Drosera does not 
+        show variables (can't enumerate ActivationImp properties)
+        
+        Implemented a custom ActivationImp::getPropertyNames, since 
+        ActivationImp now uses a custom property storage mechanism for local
+        variables.
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getPropertyNames):
+        * kjs/function.h:
+
+2007-11-26  Alp Toker  <alp@atoker.com>
+
+        GTK+/Qt/Wx build fix for breakage introduced in r28039.
+
+        * ForwardingHeaders/JavaScriptCore/JSRetainPtr.h: Added.
+
+2007-11-24  Laszlo Gombos  <laszlo.gombos@gmail.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix minor compiler warning (GCC 4.1.3)
+
+        * pcre/pcre_internal.h:
+        * pcre/pcre_ucp_searchfuncs.cpp:
+        (_pcre_ucp_othercase):
+
+2007-11-25  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=16129
+        Bug 16129: REGRESSION (r27761-r27811): malloc error while visiting http://mysit.es (crashes release build)
+
+        * pcre/pcre_compile.cpp: Change errorcode to be passed by reference so that any error code is propagated
+        to our caller like they expect.
+
+2007-11-23  Kevin Ollivier  <kevino@theolliviers.com>
+
+        MSVC7 build fix. (rand_s doesn't exist there)
+
+        Reviewed by Adam Roben.
+
+        * kjs/config.h:
+        * wtf/MathExtras.h:
+
+2007-11-23  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Move WX_PYTHON logic into project build settings,
+        add WebKitLibraries dirs on Win, and explicitly include JSCore 
+        headers in testkjs rather than getting them from a template.
+        (Include dir order of JSCore/WTF and ICU headers is important due  
+        to wtf/unicode/utf8.h.)
+
+        * jscore.bkl:
+
+2007-11-23  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by George Staikos <staikos@kde.org>.
+
+        Fix make (dist)clean on Windows.
+        
+        OBJECTS_DIR_WTR does not exist anymore, use GENERATED_SOURCES_DIR.
+        
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2007-11-22  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by George.
+
+        Make the directory of where to put the generated sources configurable through the GENERATED_SOURCE_DIR variable
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2007-11-22  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by George.
+
+        Centralize the setup for all the extra compilers in a addExtraCompiler function.
+        
+        This allows adding a "generated_files" target that builds all generated files using "make generated_files".
+        For the build inside Qt we do not generate actual rules for the extra compilers but instead
+        do the variable substitution of compiler.output manually and add the generated sources to SOURCES.
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2007-11-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        <rdar://problem/5602936> Need to resolve new GCC 4.2 warnings
+
+        Fix all warnings emitted by GCC 4.2 when building JavaScriptCore.  This allows builds with
+        -Werror to succeed.  At present they will crash when executed due to code that is not safe
+        under strict aliasing (<rdar://problem/5536806>).
+
+        * Configurations/Base.xcconfig: Remove the -Wno-long-double flag.
+        * kjs/date_object.cpp:
+        (KJS::formatTime): Test whether the stack-allocated string is empty rather than at a non-null address.
+        * kjs/dtoa.cpp:
+        (Bigint::): Tweak formatting to silence warnings.
+        * pcre/pcre_exec.cpp:
+        (match): Tweak formatting to silence warnings
+        * wtf/Assertions.cpp: Add printf format attribute to functions that warrant it.
+        * wtf/Assertions.h: Ditto.
+
+2007-11-19  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx port build fix (wx headers include ctype functions).
+
+        * kjs/config.h:
+
+2007-11-19  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Remove outdated and unused Windows port files.
+
+        Reviewed by Adam Roben.
+
+        * Makefile.vc: Removed.
+        * README-Win32.txt: Removed.
+
+2007-11-18  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        * tests/mozilla/jsDriver.pl: exit non-0 when user aborts test run
+
+2007-11-17  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix: <rdar://problem/5607032> REGRESSION: testapi exits with assertion failure in debug build
+             <rdar://problem/5440659> JSGlobalContextCreate throws away globalObjectClass's prototype
+             http://bugs.webkit.org/show_bug.cgi?id=16033
+
+        Split Interpreter's initialization into two distinct steps:  the creation of the global prototypes
+        and constructors, and storing them on the global object.  This allows JSClassRef's passed to
+        JSGlobalContextCreate to be instantiated with the correct prototype.
+
+        * API/JSCallbackObject.cpp: Assert at compile-time that the custom global object will fit in a collector cell.
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::JSCallbackObject):
+        (KJS::::init):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Construct and set the interpreter's global object separately.  When globalObjectClass
+        is passed we need to set the interpreter's global object before doing the JSCallbackObject's initialization to
+        prevent any JSObjectInitializeCallback's being invoked before a global object is set.
+        * API/testapi.c:
+        (globalObject_initialize): Test the object passed in is correct and that it has the expected global properties.
+        (globalObject_get):
+        (globalObject_set):
+        (main):
+        * API/testapi.js: Test that any static properties exposed by the global object's custom class are found.
+        * JavaScriptCore.exp:
+        * bindings/testbindings.cpp:
+        (main): Update for changes in Interpreter method signatures.
+        * bindings/testbindings.mm:
+        (main): Ditto.
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        (KJS::ExecState::mark):
+        (KJS::ExecState::setGlobalObject):
+        * kjs/ExecState.h: Rename scope to m_scopeChain.
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::Interpreter):
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::globalObject):
+        (KJS::Interpreter::setGlobalObject):
+        (KJS::Interpreter::resetGlobalObjectProperties):
+        (KJS::Interpreter::createObjectsForGlobalObjectProperties):
+        (KJS::Interpreter::setGlobalObjectProperties): Switch to using putDirect to ensure that the global object's put method
+        cannot interfere with setting of the global properties.  This prevents a user-written JSClassRef from attempting to
+        call back into JavaScript from the initialization of the global object's members.
+        * kjs/interpreter.h:
+        * kjs/testkjs.cpp:
+        (setupInterpreter): Update for changes in Interpreter method signatures.
+
+2007-11-17  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Prevent testapi from reporting false leaks.  Clear out local variables pointing at
+        JSObjectRefs to allow their values to be collected.
+
+        * API/testapi.c:
+        (main):
+
+2007-11-17  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Prevent testapi from crashing if testapi.js can not be found by nil-checking the result of createStringWithContentsOfFile.
+
+        * API/testapi.c:
+        (main):
+
+2007-11-17  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Eric.
+
+        http://bugs.webkit.org/show_bug.cgi?id=16032
+        JS minidom is not portable
+
+        Use a plain UTF-8 string instead of a CFString.
+
+        Print to stdout, not stderr like CFShow() would have done, since that
+        behaviour seems unintentional.
+
+        * API/minidom.c:
+        (main):
+
+2007-11-17  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-11-16  Mark Rowe  <mrowe@apple.com>
+
+        Windows build fix.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::record8):
+
+2007-11-16  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Eric.
+
+        Replace strings, identifier, buffer8 and buffer16 members of Lexer with vectors.
+        SunSpider claims this is a 0.7% speedup.
+
+        * kjs/lexer.cpp:
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::lex):
+        (KJS::Lexer::record8):
+        (KJS::Lexer::record16):
+        (KJS::Lexer::scanRegExp):
+        (KJS::Lexer::clear):
+        (KJS::Lexer::makeIdentifier):
+        (KJS::Lexer::makeUString):
+        * kjs/lexer.h:
+        * kjs/ustring.cpp:
+        (KJS::UString::UString): Add a convenience constructor that takes a const Vector<UChar>&.
+        * kjs/ustring.h:
+
+2007-11-16  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Add a new include path
+        and ignore the int -> bool conversion warning.
+
+2007-11-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Fix Windows debug build.
+        Rubber-stamped by Eric
+
+        * pcre/pcre_exec.cpp: (match): Removed ASSERT_NOT_REACHED assertions that were making MSVC
+        complain about unreachable code.
+
+2007-11-15  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/Parser.cpp:
+
+2007-11-15  Mark Rowe  <mrowe@apple.com>
+
+        Mac build and header search path sanity fix.
+
+        Reviewed by Sam Weinig and Tim Hatcher.
+
+        Move base setting for HEADER_SEARCH_PATHS into Base.xcconfig, and extend
+        it in JavaScriptCore.xcconfig.  This removes the need to override it on a
+        per-target basis inside the .xcodeproj file.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/JavaScriptCore.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-11-15  Mark Rowe  <mrowe@apple.com>
+
+        Qt build fix.
+
+        * kjs/Parser.h:
+
+2007-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        Another round of grammar / parsing cleanup.
+        
+        1. Created distinct parser calls for parsing function bodies vs
+        programs. This will help later with optimizing global variable access.
+        
+        2. Turned Parser into a singleton. Cleaned up Lexer's singleton 
+        interface.
+        
+        3. Modified Lexer to free a little more memory when done lexing. (Added
+        FIXMEs for similar issues that I didn't fix.)
+        
+        4. Changed Lexer::makeIdentifier and Lexer::makeUString to start 
+        respecting the arguments passed to them. (No behavior change, but this
+        problem could have caused serious problems for an unsuspecting user of
+        these functions.)
+        
+        5. Removed KJS_DEBUG_MEM because it was bit-rotted.
+        
+        6. Removed Parser::prettyPrint because the same work was simpler to do
+        at the call site.
+        
+        7. Some renames:
+        
+            "Parser::accept" => "Parser::didFinishParsing"
+            "Parser::sid" => "Parser::m_sourceID"
+            "Lexer::doneParsing" => "Lexer::clear"
+            "sid" => "sourceId"
+            "lineno" => "lineNo"
+        
+        * JavaScriptCore.exp:
+        * kjs/Parser.cpp:
+        (KJS::Parser::Parser):
+        (KJS::Parser::parseProgram):
+        (KJS::Parser::parseFunctionBody):
+        (KJS::Parser::parse):
+        (KJS::Parser::didFinishParsing):
+        (KJS::parser):
+        * kjs/Parser.h:
+        (KJS::Parser::sourceId):
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function_object.cpp:
+        (FunctionObjectImp::construct):
+        * kjs/grammar.y:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+        * kjs/interpreter.h:
+        * kjs/lexer.cpp:
+        (kjsyylex):
+        (KJS::lexer):
+        (KJS::Lexer::Lexer):
+        (KJS::Lexer::~Lexer):
+        (KJS::Lexer::scanRegExp):
+        (KJS::Lexer::doneParsing):
+        (KJS::Lexer::makeIdentifier):
+        (KJS::Lexer::makeUString):
+        * kjs/lexer.h:
+        (KJS::Lexer::pattern):
+        (KJS::Lexer::flags):
+        (KJS::Lexer::sawError):
+        * kjs/nodes.cpp:
+        (KJS::Node::Node):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        * kjs/nodes.h:
+        * kjs/testkjs.cpp:
+        (prettyPrintScript):
+        (kjsmain):
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+
+2007-11-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        <rdar://problem/5601548> REGRESSION: All SourceElements and their children leak after a syntax error
+        
+        Add a stub node to maintain the Vector of SourceElements until assignment.
+
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+        (KJS::SourceElementsStub::SourceElementsStub):
+        (KJS::SourceElementsStub::append):
+        (KJS::SourceElementsStub::release):
+        (KJS::SourceElementsStub::):
+        (KJS::SourceElementsStub::precedence):
+
+2007-11-15  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Abstract most of RMATCH into MatchStack functions.
+        
+        SunSpider claims this, combined with the last 2 patches was a 1% speedup, 10% for dna-regexp.
+
+        * pcre/pcre_exec.cpp:
+        (MatchStack::canUseStackBufferForNextFrame):
+        (MatchStack::allocateNextFrame):
+        (MatchStack::pushNewFrame):
+        (MatchStack::frameIsStackAllocated):
+        (MatchStack::popCurrentFrame):
+        (MatchStack::unrollAnyHeapAllocatedFrames):
+        (match):
+
+2007-11-15  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Remove RETURN_ERROR, add MatchStack
+        
+        * pcre/pcre_exec.cpp:
+        (MatchStack::MatchStack):
+        (MatchStack::unrollAnyHeapAllocatedFrames):
+        (matchError):
+        (match):
+        
+2007-11-15  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Clean up match function to match WebKit style
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2007-11-15  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+
+2007-11-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15982
+        Improve JSString UTF-8 decoding
+
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithUTF8CString): Use strict decoding, return 0 on error.
+
+        * wtf/unicode/UTF8.cpp:
+        (WTF::Unicode::convertUTF16ToUTF8):
+        (WTF::Unicode::convertUTF8ToUTF16):
+        * wtf/unicode/UTF8.h:
+        Made these function names start with a lower case letter.
+
+        * kjs/ustring.cpp: (KJS::UString::UTF8String): Updated for the above renaming.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16WithLatin1Fallback): Renamed to highlight the difference
+        from convertUTF8ToUTF16 in wtf/unicode.
+        (KJS::Bindings::convertNPStringToUTF16): Updated for the above renaming.
+        (KJS::Bindings::identifierFromNPIdentifier): Ditto.
+        * bindings/c/c_utility.h: Made convertUTF8ToUTF16WithLatin1Fallback() a file static.
+
+2007-11-14  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Anders.
+
+        Fix the Xcode project file after it was messed up in r27402.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-11-14  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+        
+        More PCRE style cleanup.
+
+        * pcre/pcre_compile.cpp:
+        (compile_regex):
+
+2007-11-14  Adam Roben  <aroben@apple.com>
+
+        Clean up the bison conflict checking script
+
+        Reviewed by Geoff.
+
+        * DerivedSources.make:
+
+2007-11-14  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Geoff.
+
+        Another round of PCRE cleanups: inlines
+        
+        SunSpider claims that this, combined with my previous PCRE cleanup were a 0.7% speedup, go figure.
+
+        * pcre/pcre_compile.cpp:
+        (jsRegExpCompile):
+        * pcre/pcre_exec.cpp:
+        (match):
+        (jsRegExpExecute):
+        * pcre/pcre_internal.h:
+        (PUT):
+        (GET):
+        (PUT2):
+        (GET2):
+        (isNewline):
+
+2007-11-14  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+        
+        Give PCRE a (small) bath.
+        Fix some formating and break things off into separate functions
+        http://bugs.webkit.org/show_bug.cgi?id=15993
+
+        * pcre/pcre_compile.cpp:
+        (calculateCompiledPatternLengthAndFlags):
+        (printCompiledRegExp):
+        (returnError):
+        (jsRegExpCompile):
+        * pcre/pcre_internal.h:
+        (compile_data::compile_data):
+
+2007-11-14  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+        
+        Cleaned up the JavaScript grammar a bit.
+        
+        1. Changed BlockNode to always hold a child vector (which may be empty),
+        eliminating a few NULL-check branches in the common execution case.
+        
+        2. Changed the Block production to correctly report its starting and 
+        ending line numbers to the debugger. (It used to report its ending line
+        as its starting line.) Also, removed duplicate line-reporting code
+        inside the BlockNode constructor.
+        
+        3. Moved curly braces up from FunctionBody production into parent
+        productions. (I had to move the line number reporting code, too, since
+        it depends on the location of the curly braces.) This matches the ECMA
+        spec more closely, and makes some future changes I plan easier.
+        
+        4. Fixed statementList* convenience functions to deal appropriately with
+        empty Vectors.
+
+        SunSpider reports a small and statistically insignificant speedup.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::statementListPushFIFO):
+        (KJS::statementListGetDeclarations):
+        (KJS::statementListInitializeDeclarationStack):
+        (KJS::statementListInitializeVariableAccessStack):
+        (KJS::BlockNode::BlockNode):
+        (KJS::BlockNode::optimizeVariableAccess):
+        (KJS::BlockNode::getDeclarations):
+        (KJS::BlockNode::execute):
+        (KJS::FunctionBodyNode::initializeDeclarationStacks):
+        (KJS::FunctionBodyNode::optimizeVariableAccess):
+
+2007-11-13  Anders Carlsson  <andersca@apple.com>
+
+        Add RefCounted.h (And remove Shared.h)
+        
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2007-11-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * kjs/regexp.h:
+
+2007-11-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Renamed Shared to RefCounted.
+
+        * API/JSClassRef.h:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/interpreter.h:
+        * kjs/regexp.h:
+        * wtf/RefCounted.h: Copied from JavaScriptCore/wtf/Shared.h.
+        (WTF::RefCounted::RefCounted):
+        * wtf/Shared.h: Removed.
+
+2007-11-13  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        Reviewed by Geoff.
+
+        * kjs/regexp.h: Added a missing #include.
+
+2007-11-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Moved Shared.h into wtf so it could be used in more places. Deployed
+        Shared in places where JSCore previously had hand-rolled ref-counting
+        classes.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::OpaqueJSClass):
+        * API/JSClassRef.h:
+        * API/JSObjectRef.cpp:
+        (JSClassRetain):
+        (JSClassRelease):
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::init):
+        * kjs/interpreter.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        * kjs/regexp.h:
+        * wtf/Shared.h: Copied from WebCore/platform/Shared.h.
+
+2007-11-13  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Add an ASSERT to getTruncatedInt32 to enforce proper usage.
+        Best part about this patch?  It doesn't break the web!
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::getTruncatedInt32):
+        (KJS::JSImmediate::toDouble):
+        (KJS::JSImmediate::getUInt32):
+
+2007-11-13  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix.
+
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertUTF8ToUTF16):
+        * kjs/ustring.cpp:
+        (KJS::UString::UTF8String):
+        * wtf/unicode/UTF8.cpp:
+        (WTF::Unicode::ConvertUTF8ToUTF16):
+
+2007-11-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=11231
+          RegExp bug when handling newline characters
+          and a number of other differences between PCRE behvior
+          and JavaScript regular expressions:
+
+          + single-digit sequences like \4 should be treated as octal
+            character constants, unless there is a sufficient number
+            of brackets for them to be treated as backreferences
+
+          + \8 turns into the character "8", not a binary zero character
+            followed by "8" (same for 9)
+
+          + only the first 3 digits should be considered part of an
+            octal character constant (the old behavior was to decode
+            an arbitrarily long sequence and then mask with 0xFF)
+
+          + if \x is followed by anything other than two valid hex digits,
+            then it should simply be treated a the letter "x"; that includes
+            not supporting the \x{41} syntax
+
+          + if \u is followed by anything less than four valid hex digits,
+            then it should simply be treated a the letter "u"
+
+          + an extra "+" should be a syntax error, rather than being treated
+            as the "possessive quantifier"
+
+          + if a "]" character appears immediately after a "[" character that
+            starts a character class, then that's an empty character class,
+            rather than being the start of a character class that includes a
+            "]" character
+
+          + a "$" should not match a terminating newline; we could have gotten
+            PCRE to handle this the way we wanted by passing an appropriate option
+
+        Test: fast/js/regexp-no-extensions.html
+
+        * pcre/pcre_compile.cpp:
+        (check_escape): Check backreferences against bracount to catch both
+        overflows and things that should be treated as octal. Rewrite octal
+        loop to not go on indefinitely. Rewrite both hex loops to match and
+        remove \x{} support.
+        (compile_branch): Restructure loops so that we don't special-case a "]"
+        at the beginning of a character class. Remove code that treated "+" as
+        the possessive quantifier.
+        (jsRegExpCompile): Change the "]" handling here too.
+
+        * pcre/pcre_exec.cpp: (match): Changed CIRC to match the DOLL implementation.
+        Changed DOLL to remove handling of "terminating newline", a Perl concept
+        which we don't need.
+
+        * tests/mozilla/expected.html: Two tests are fixed now:
+        ecma_3/RegExp/regress-100199.js and ecma_3/RegExp/regress-188206.js.
+        One test fails now: ecma_3/RegExp/perlstress-002.js -- our success before
+        was due to a bug (we treated all 1-character numeric escapes as backreferences).
+        The date tests also now both expect success -- whatever was making them fail
+        before was probably due to the time being close to a DST shift; maybe we need
+        to get rid of those tests.
+
+2007-11-13  Darin Adler  <darin@apple.com>
+
+        * kjs/JSImmediate.h: (KJS::JSImmediate::getTruncatedInt32):
+        Remove too-strong assert that was firing constantly and preventing even basic
+        web browsing from working in a debug build. This function is used in many
+        cases where the immediate value is not a number; the assertion could perhaps
+        be added back later with a bit of reorganization.
+
+2007-11-13  Alp Toker  <alp@atoker.com>
+
+        Build fix for breakage to non-Mac builds introduced in r27746.
+
+        * kjs/ustring.cpp:
+
+2007-11-13  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+
+        Clean up evaluateToBoolean functions to use inlines instead of copy/paste code
+
+        * kjs/JSImmediate.h:
+        * kjs/nodes.cpp:
+        (KJS::GreaterNode::inlineEvaluateToBoolean):
+        (KJS::GreaterNode::evaluate):
+        (KJS::LessEqNode::inlineEvaluateToBoolean):
+        (KJS::LessEqNode::evaluate):
+        (KJS::GreaterEqNode::inlineEvaluateToBoolean):
+        (KJS::GreaterEqNode::evaluate):
+        (KJS::InNode::evaluateToBoolean):
+        (KJS::EqualNode::inlineEvaluateToBoolean):
+        (KJS::EqualNode::evaluate):
+        (KJS::NotEqualNode::inlineEvaluateToBoolean):
+        (KJS::NotEqualNode::evaluate):
+        (KJS::StrictEqualNode::inlineEvaluateToBoolean):
+        (KJS::StrictEqualNode::evaluate):
+        (KJS::NotStrictEqualNode::inlineEvaluateToBoolean):
+        (KJS::NotStrictEqualNode::evaluate):
+        * kjs/nodes.h:
+
+2007-11-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15958
+        base64 spends 1.1% of total time checking for special Infinity case
+        
+        Use a fast character test instead of calling strncmp.
+        
+        1.1% speedup on string-base64. SunSpider reports a .4% speedup overall;
+        Sharks reports only .1%. Who are you going to believe? Huh?
+
+        * kjs/ustring.cpp:
+        (KJS::UString::toDouble):
+
+2007-11-12  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        Add evaluateToInt32 and evaluateUInt32 methods and deploy them.
+        Fix a few missing evaluateToBoolean methods
+        Deploy all evaluateTo* functions to more nodes to avoid slowdowns
+        http://bugs.webkit.org/show_bug.cgi?id=15950
+        
+        SunSpider claims this is at least a 1.4% speedup.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::getTruncatedInt32):
+        (KJS::JSImmediate::toDouble):
+        (KJS::JSImmediate::getUInt32):
+        * kjs/nodes.cpp:
+        (KJS::ExpressionNode::evaluateToNumber):
+        (KJS::ExpressionNode::evaluateToInt32):
+        (KJS::ExpressionNode::evaluateToUInt32):
+        (KJS::NumberNode::evaluateToInt32):
+        (KJS::NumberNode::evaluateToUInt32):
+        (KJS::ImmediateNumberNode::evaluateToInt32):
+        (KJS::ImmediateNumberNode::evaluateToUInt32):
+        (KJS::ResolveNode::evaluate):
+        (KJS::ResolveNode::evaluateToNumber):
+        (KJS::ResolveNode::evaluateToBoolean):
+        (KJS::ResolveNode::evaluateToInt32):
+        (KJS::ResolveNode::evaluateToUInt32):
+        (KJS::LocalVarAccessNode::evaluateToInt32):
+        (KJS::LocalVarAccessNode::evaluateToUInt32):
+        (KJS::BracketAccessorNode::evaluateToNumber):
+        (KJS::BracketAccessorNode::evaluateToBoolean):
+        (KJS::BracketAccessorNode::evaluateToInt32):
+        (KJS::BracketAccessorNode::evaluateToUInt32):
+        (KJS::DotAccessorNode::inlineEvaluate):
+        (KJS::DotAccessorNode::evaluate):
+        (KJS::DotAccessorNode::evaluateToNumber):
+        (KJS::DotAccessorNode::evaluateToBoolean):
+        (KJS::DotAccessorNode::evaluateToInt32):
+        (KJS::DotAccessorNode::evaluateToUInt32):
+        (KJS::NewExprNode::inlineEvaluate):
+        (KJS::NewExprNode::evaluate):
+        (KJS::NewExprNode::evaluateToNumber):
+        (KJS::NewExprNode::evaluateToBoolean):
+        (KJS::NewExprNode::evaluateToInt32):
+        (KJS::NewExprNode::evaluateToUInt32):
+        (KJS::FunctionCallResolveNode::inlineEvaluate):
+        (KJS::FunctionCallResolveNode::evaluate):
+        (KJS::FunctionCallResolveNode::evaluateToNumber):
+        (KJS::FunctionCallResolveNode::evaluateToBoolean):
+        (KJS::FunctionCallResolveNode::evaluateToInt32):
+        (KJS::FunctionCallResolveNode::evaluateToUInt32):
+        (KJS::LocalVarFunctionCallNode::evaluate):
+        (KJS::LocalVarFunctionCallNode::evaluateToNumber):
+        (KJS::LocalVarFunctionCallNode::evaluateToBoolean):
+        (KJS::LocalVarFunctionCallNode::evaluateToInt32):
+        (KJS::LocalVarFunctionCallNode::evaluateToUInt32):
+        (KJS::FunctionCallDotNode::evaluate):
+        (KJS::FunctionCallDotNode::evaluateToNumber):
+        (KJS::FunctionCallDotNode::evaluateToBoolean):
+        (KJS::FunctionCallDotNode::evaluateToInt32):
+        (KJS::FunctionCallDotNode::evaluateToUInt32):
+        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
+        (KJS::PostDecLocalVarNode::evaluateToNumber):
+        (KJS::PostDecLocalVarNode::evaluateToBoolean):
+        (KJS::PostDecLocalVarNode::evaluateToInt32):
+        (KJS::PostDecLocalVarNode::evaluateToUInt32):
+        (KJS::typeStringForValue):
+        (KJS::UnaryPlusNode::evaluate):
+        (KJS::UnaryPlusNode::evaluateToBoolean):
+        (KJS::UnaryPlusNode::evaluateToNumber):
+        (KJS::UnaryPlusNode::evaluateToInt32):
+        (KJS::BitwiseNotNode::inlineEvaluateToInt32):
+        (KJS::BitwiseNotNode::evaluate):
+        (KJS::BitwiseNotNode::evaluateToNumber):
+        (KJS::BitwiseNotNode::evaluateToBoolean):
+        (KJS::BitwiseNotNode::evaluateToInt32):
+        (KJS::MultNode::evaluateToBoolean):
+        (KJS::MultNode::evaluateToInt32):
+        (KJS::MultNode::evaluateToUInt32):
+        (KJS::DivNode::evaluateToInt32):
+        (KJS::DivNode::evaluateToUInt32):
+        (KJS::ModNode::evaluateToBoolean):
+        (KJS::ModNode::evaluateToInt32):
+        (KJS::ModNode::evaluateToUInt32):
+        (KJS::AddNode::evaluateToNumber):
+        (KJS::AddNode::evaluateToInt32):
+        (KJS::AddNode::evaluateToUInt32):
+        (KJS::AddNumbersNode::evaluateToInt32):
+        (KJS::AddNumbersNode::evaluateToUInt32):
+        (KJS::SubNode::evaluateToInt32):
+        (KJS::SubNode::evaluateToUInt32):
+        (KJS::LeftShiftNode::inlineEvaluateToInt32):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::LeftShiftNode::evaluateToNumber):
+        (KJS::LeftShiftNode::evaluateToInt32):
+        (KJS::RightShiftNode::inlineEvaluateToInt32):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluateToNumber):
+        (KJS::RightShiftNode::evaluateToInt32):
+        (KJS::UnsignedRightShiftNode::inlineEvaluateToUInt32):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluateToNumber):
+        (KJS::UnsignedRightShiftNode::evaluateToInt32):
+        (KJS::LessNode::inlineEvaluateToBoolean):
+        (KJS::LessNode::evaluate):
+        (KJS::LessNode::evaluateToBoolean):
+        (KJS::LessNumbersNode::inlineEvaluateToBoolean):
+        (KJS::LessNumbersNode::evaluate):
+        (KJS::LessNumbersNode::evaluateToBoolean):
+        (KJS::LessStringsNode::inlineEvaluateToBoolean):
+        (KJS::LessStringsNode::evaluate):
+        (KJS::BitAndNode::evaluate):
+        (KJS::BitAndNode::inlineEvaluateToInt32):
+        (KJS::BitAndNode::evaluateToNumber):
+        (KJS::BitAndNode::evaluateToBoolean):
+        (KJS::BitAndNode::evaluateToInt32):
+        (KJS::BitXOrNode::inlineEvaluateToInt32):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitXOrNode::evaluateToNumber):
+        (KJS::BitXOrNode::evaluateToBoolean):
+        (KJS::BitXOrNode::evaluateToInt32):
+        (KJS::BitOrNode::inlineEvaluateToInt32):
+        (KJS::BitOrNode::evaluate):
+        (KJS::BitOrNode::evaluateToNumber):
+        (KJS::BitOrNode::evaluateToBoolean):
+        (KJS::BitOrNode::evaluateToInt32):
+        (KJS::ConditionalNode::evaluateToNumber):
+        (KJS::ConditionalNode::evaluateToInt32):
+        (KJS::ConditionalNode::evaluateToUInt32):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::AssignExprNode::evaluate):
+        (KJS::AssignExprNode::evaluateToBoolean):
+        (KJS::AssignExprNode::evaluateToNumber):
+        (KJS::AssignExprNode::evaluateToInt32):
+        (KJS::VarDeclNode::handleSlowCase):
+        * kjs/nodes.h:
+        (KJS::FunctionCallResolveNode::precedence):
+        (KJS::AddNode::precedence):
+        (KJS::AddNode::):
+        (KJS::LessNumbersNode::):
+        (KJS::LessStringsNode::):
+        * kjs/value.cpp:
+        (KJS::JSValue::toInt32SlowCase):
+        (KJS::JSValue::toUInt32SlowCase):
+        * kjs/value.h:
+        (KJS::JSValue::asCell):
+        (KJS::JSValue::toInt32):
+        (KJS::JSValue::toUInt32):
+
+2007-11-12  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15953
+        Add UTF-8 encoding/decoding to WTF
+
+        * kjs/ustring.h: Moved UTF8SequenceLength() and decodeUTF8Sequence() to wtf/unicode.
+        * kjs/ustring.cpp: (KJS::UString::UTF8String): Changed this function to take a strict/lenient
+        parameter. Callers are not interested in getting decoding results in strict mode, so 
+        this allows for bailing out as soon as an error is seen.
+
+        * kjs/function.cpp:
+        (KJS::encode): Updated for new UString::UTF8String() signature.
+
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters): Disambiguate UChar.
+        (JSStringCreateWithUTF8CString): Actually use UTF-8 when creating the string!
+        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16): Use ConvertUTF8ToUTF16().
+
+        * wtf/unicode/UTF8.cpp: Added.
+        (WTF::Unicode::inlineUTF8SequenceLengthNonASCII):
+        (WTF::Unicode::inlineUTF8SequenceLength):
+        (WTF::Unicode::UTF8SequenceLength):
+        (WTF::Unicode::decodeUTF8Sequence):
+        (WTF::Unicode::):
+        (WTF::Unicode::ConvertUTF16ToUTF8):
+        (WTF::Unicode::isLegalUTF8):
+        (WTF::Unicode::ConvertUTF8ToUTF16):
+        * wtf/unicode/UTF8.h: Added.
+        (WTF::Unicode::):
+        Some code moved from ustring.h, some adapted from unicode.org sources.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        Added UTF8.{h,cpp}
+
+2007-11-12  Josh Aas  <joshmoz@gmail.com>
+
+        Reviewed by Darin.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15946
+          add NPPValue NPPVpluginDrawingModel (Mozilla bug 403418 compat)
+
+        * bindings/npapi.h:
+
+2007-11-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15951
+          REGRESSION: assertion failure in regexp match() when running JS tests
+
+        Test: fast/js/regexp-many-brackets.html
+
+        * pcre/pcre_exec.cpp: (match): Added back accidentally-removed case for
+        the BRANUMBER opcode.
+
+2007-11-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix use of prefix and config.h, got rid of a few unneeded things in
+          the PCRE code; no behavior changes
+
+        * API/JSBase.cpp: Added include of config.h.
+        * API/JSCallbackConstructor.cpp: Ditto.
+        * API/JSCallbackFunction.cpp: Ditto.
+        * API/JSCallbackObject.cpp: Ditto.
+        * API/JSClassRef.cpp: Ditto.
+        * API/JSContextRef.cpp: Ditto.
+        * API/JSObjectRef.cpp: Ditto.
+        * API/JSStringRef.cpp: Ditto.
+        * API/JSValueRef.cpp: Ditto.
+
+        * JavaScriptCorePrefix.h: Removed obsolete <ctype.h> workaround.
+        Moved new/delete macros after includes, as they are in WebCore's prefix.
+        Removed "config.h".
+
+        * pcre/dftables.cpp: (main): Changed back to not use a separate maketables
+        function. This is needed for PCRE, but not helpful for our use. Also changed
+        the tables to all be 128 entries long instead of 256, since only the first
+        128 are ever used.
+
+        * pcre/pcre_compile.cpp: Added include of config.h. Eliminated digitab,
+        which was only being used to check hex digits. Changed all uses of TRUE and
+        FALSE to use the C++ true and false instead.
+        (check_escape): Just the TRUE/FALSE thing.
+        (is_counted_repeat): Ditto.
+        (could_be_empty_branch): Ditto.
+        (get_othercase_range): Ditto.
+        (compile_branch): Ditto.
+        (compile_regex): Ditto.
+        (is_anchored): Ditto.
+        (is_startline): Ditto.
+        (find_firstassertedchar): Ditto.
+        (jsRegExpCompile): Ditto.
+
+        * pcre/pcre_exec.cpp: Added include of config.h. Changed all uses of TRUE and
+        FALSE to use the C++ true and false instead.
+        (match_ref): Just the TRUE/FALSE thing.
+        (match): Ditto. Removed some unneeded braces.
+        (jsRegExpExecute): Just the TRUE/FALSE thing.
+
+        * pcre/pcre_internal.h: Moved the constants needed by dftables.cpp to the top
+        of the file instead of the bottom, so they can be used. Also changed the table
+        sizes to 128 instead of 256. Removed macro definitions of FALSE and TRUE.
+        Set array sizes for all the const arrays. Changed _pcre_utf8_table1_size to
+        be a macro instead of a extern int.
+
+        * pcre/pcre_maketables.cpp: Removed. It's all in dftables.cpp now.
+
+        * pcre/pcre_tables.cpp: Made table sizes explicit.
+
+        * pcre/pcre_xclass.cpp: Just the TRUE/FALSE thing.
+
+2007-11-12  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        * wtf/FastMalloc.h: Add missing using statement.
+
+2007-11-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Add special fastZeroedMalloc function to replace a 
+        number of fastCalloc calls where one argument was 1.
+        
+        This results in a 0.4% progression in SunSpider, more
+        than making up for the earlier regression caused by 
+        additional overflow checks.
+
+        * JavaScriptCore.exp:
+        * kjs/array_instance.cpp:
+        * kjs/property_map.cpp:
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/HashTable.h:
+
+2007-11-11  Adam Roben  <aroben@apple.com>
+
+        Fix <rdar://5578982> ASSERT in HashTable::checkTableConsistencyExceptSize beneath WebNotificationCenter
+
+        The bug was due to a mismatch between HashMap::remove and
+        HashTable::checkTableConsistency. HashMap::remove can delete the value
+        stored in the HashTable (by derefing it), which is not normally
+        allowed by HashTable. It's OK in this case because the value is about
+        to be removed from the table, but HashTable wasn't aware of this.
+
+        HashMap::remove now performs the consistency check itself before
+        derefing the value.
+
+        Darin noticed that the same bug would occur in HashSet, so I've fixed
+        it there as well.
+
+        Reviewed by Darin.
+
+        * wtf/HashMap.h:
+        (WTF::HashMap::remove): Perform the HashTable consistency check
+        manually before calling deref.
+        * wtf/HashSet.h:
+        (WTF::HashSet::remove): Ditto.
+        * wtf/HashTable.h: Made checkTableConsistency public so that HashMap
+        and HashSet can call it.
+        (WTF::HashTable::removeAndInvalidateWithoutEntryConsistencyCheck):
+        Added.
+        (WTF::HashTable::removeAndInvalidate): Added.
+        (WTF::HashTable::remove):
+        (WTF::HashTable::removeWithoutEntryConsistencyCheck): Added.
+
+2007-11-11  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.  Use the correct filename case.
+
+        * kjs/nodes.h:
+
+2007-11-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15902
+        15% of string-validate-input.js is spent compiling the same regular expression
+        
+        Store a compiled representation of the regular expression in the AST.
+        
+        Only a .2% SunSpider speedup overall, but a 10.6% speedup on 
+        string-validate-input.js.
+
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::RegExpNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::RegExpNode::streamTo):
+        * kjs/regexp.cpp:
+        (KJS::RegExp::flags):
+        * kjs/regexp.h:
+        (KJS::RegExp::pattern):
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpObjectImp::construct):
+        (KJS::RegExpObjectImp::createRegExpImp):
+        * kjs/regexp_object.h:
+
+2007-11-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Eric.
+
+        Partial fix for <rdar://problem/5585334> numfuzz: integer overflows opening malformed SVG file in WebCore::ImageBuffer::create
+
+        Unfortunately this is a very slight regression, but is unavoidable.
+
+        * wtf/FastMalloc.cpp:
+
+2007-11-10  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        Add simple type inferencing to the parser, and create custom
+        AddNode and LessNode subclasses based on inferred types.
+        http://bugs.webkit.org/show_bug.cgi?id=15884
+        
+        SunSpider claims this is at least a 0.5% speedup.
+
+        * JavaScriptCore.exp:
+        * kjs/grammar.y:
+        * kjs/internal.cpp:
+        (KJS::NumberImp::getPrimitiveNumber):
+        (KJS::GetterSetterImp::getPrimitiveNumber):
+        * kjs/internal.h:
+        * kjs/lexer.cpp:
+        (KJS::Lexer::lex):
+        * kjs/nodes.cpp:
+        (KJS::Node::Node):
+        (KJS::StringNode::evaluate):
+        (KJS::StringNode::evaluateToNumber):
+        (KJS::StringNode::evaluateToBoolean):
+        (KJS::RegExpNode::evaluate):
+        (KJS::UnaryPlusNode::optimizeVariableAccess):
+        (KJS::AddNode::evaluate):
+        (KJS::AddNode::evaluateToNumber):
+        (KJS::AddNumbersNode::inlineEvaluateToNumber):
+        (KJS::AddNumbersNode::evaluate):
+        (KJS::AddNumbersNode::evaluateToNumber):
+        (KJS::AddStringsNode::evaluate):
+        (KJS::AddStringLeftNode::evaluate):
+        (KJS::AddStringRightNode::evaluate):
+        (KJS::lessThan):
+        (KJS::lessThanEq):
+        (KJS::LessNumbersNode::evaluate):
+        (KJS::LessStringsNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::ExpressionNode::):
+        (KJS::RegExpNode::):
+        (KJS::RegExpNode::precedence):
+        (KJS::TypeOfResolveNode::):
+        (KJS::LocalVarTypeOfNode::):
+        (KJS::UnaryPlusNode::):
+        (KJS::UnaryPlusNode::precedence):
+        (KJS::AddNode::):
+        (KJS::AddNode::precedence):
+        (KJS::AddNumbersNode::):
+        (KJS::AddStringLeftNode::):
+        (KJS::AddStringRightNode::):
+        (KJS::AddStringsNode::):
+        (KJS::LessNode::):
+        (KJS::LessNode::precedence):
+        (KJS::LessNumbersNode::):
+        (KJS::LessStringsNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::StringNode::streamTo):
+        * kjs/object.cpp:
+        * kjs/object.h:
+        * kjs/value.h:
+        (KJS::JSValue::getPrimitiveNumber):
+
+2007-11-11  Darin Adler  <darin@apple.com>
+
+        - try another way of fixing dftables builds -- refactor pcre_internal.h a bit
+
+        * pcre/pcre_internal.h: Make most of this header do nothing when DFTABLES is set.
+        Later we can break it into two files.
+
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Take out now-unneeded include paths.
+        * pcre/dftables.cpp: Set DFTABLES. Use delete instead of free.
+        * pcre/dftables.pro: Take out now-unneeded include paths.
+        * pcre/pcre_maketables.cpp: Use new instead of malloc.
+
+2007-11-11  Darin Adler  <darin@apple.com>
+
+        * pcre/dftables.pro: Try fixing Qt builds (I looked at qt-win) by adding
+        another include path.
+
+2007-11-11  Darin Adler  <darin@apple.com>
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Try fixing Mac Tiger builds
+        by adding another include path.
+
+2007-11-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15924
+          next round of changes to JSRegExp (formerly PCRE)
+
+        This is a combination of converting to C++, tweaking the API, and adding
+        some additional optimizations.
+
+        Future steps will involve getting rid of the use of UTF-8 completely
+        (we'll use UTF-16 exclusively instead), eliminating more source files,
+        and some more speed-ups.
+
+        SunSpider says the current round is an 0.9% speed-up overall, and a
+        5.3% speed-up for regexp.
+
+        * JavaScriptCore.exp: Updated for new entry points.
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+        Updated for new source file names and ForwardingHeaders.
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Changed to use the error message without calling
+        strdup on it and to pass the new types and options.
+        (KJS::RegExp::~RegExp): Removed the now-unneeded free of the error message.
+        (KJS::RegExp::match): Pass the new types and options.
+        * kjs/regexp.h: Update type of m_constructionError.
+
+        * pcre/AUTHORS: Update to reflect the status of the project -- we don't include
+        the Google parts, and this isn't the PCRE library, per se.
+        * pcre/COPYING: Ditto.
+
+        * pcre/dftables.cpp: Copied from JavaScriptCore/pcre/dftables.c.
+        (main): Removed unneeded ctype_digit.
+
+        * pcre/pcre.h: Convert to C++, tweak API a bit. Use UChar instead of JSRegExpChar.
+
+        * pcre/pcre_compile.cpp: Copied from JavaScriptCore/pcre/pcre_compile.c.
+        Moved a lot of private stuff used only within this file here from pcre_internal.h.
+        Renumbered the error codes.
+        (error_text): Use a single string with embedded nulls for the error text (I got
+        this idea from newer versions of PCRE).
+        (check_escape): Changed return type to be enum instead of int. Replaced ctype_digit
+        uses with isASCIIDigit.
+        (is_counted_repeat): Ditto.
+        (read_repeat_counts): Ditto.
+        (first_significant_code): Ditto.
+        (find_fixedlength): Ditto.
+        (could_be_empty_branch): Ditto.
+        (compile_branch): Ditto. Also removed some code that handles changing options.
+        JavaScript doesn't have any of the features that allow options to change.
+        (compile_regex): Updated for change to options parameter.
+        (is_anchored): Ditto.
+        (find_firstassertedchar): Ditto.
+        (jsRegExpCompile): Changed to take separate flags instead of an options int.
+        Also changed to call new/delete instead of pcre_malloc/free.
+        (jsRegExpFree): Ditto.
+
+        * pcre/pcre_exec.cpp: Copied from JavaScriptCore/pcre/pcre_exec.c.
+        Added a case that uses computed goto for the opcode loop, but did not turn it on.
+        Changed the RMATCH macro to handle returns more efficiently by putting the where
+        pointer in the new frame instead of the old one, allowing us to branch to the
+        return with a single statement. Switched to new/delete from pcre_malloc/free.
+        Changed many RRETURN callers to not set the return value since it's already
+        set correctly. Replaced the rrc variable with an is_match variable. Values other
+        than "match" and "no match" are now handled differently. This allows us to remove
+        the code to check for those cases in various rules.
+        (match): All the case statements use a macro BEGIN_OPCODE instead. And all the
+        continue statements, or break statements that break out of the outer case use
+        a macro NEXT_OPCODE instead. Replaced a few if statements with assertions.
+        (jsRegExpExecute): Use new/delete instead of pcre_malloc/free. Removed unused
+        start_match field from the match block.
+
+        * pcre/pcre_internal.h: Moved the last few configuration macros from pcre-config.h
+        in here. Removed various unused types. Converted from JSRegExpChar to UChar.
+        Eliminated pcre_malloc/free. Replaced the opcode enum with a macro that can be
+        used in multiple places. Unfortunately we lose the comments for each opcode; we
+        should find a place to put those back. Removed ctype_digit.
+
+        * pcre/pcre_maketables.cpp: Copied from JavaScriptCore/pcre/pcre_maketables.c.
+        (pcre_maketables): Got rid of the conditional code that allows this to be compiled
+        in -- it's only used for dftables now (and soon may be obsolete entirely).
+        Changed code for cbit_digit to not use isdigit, and took the "_" case out of the
+        loop. Removed ctype_digit.
+
+        * pcre/pcre_ord2utf8.cpp: Copied from JavaScriptCore/pcre/pcre_ord2utf8.c.
+
+        * pcre/pcre_tables.cpp: Copied from JavaScriptCore/pcre/pcre_tables.c.
+        Moved _pcre_OP_lengths out of here into pcre_exec.cpp.
+
+        * pcre/pcre_ucp_searchfuncs.cpp: Copied from JavaScriptCore/pcre/pcre_ucp_searchfuncs.c.
+        Updated for other file name changes.
+
+        * pcre/pcre_xclass.cpp: Copied from JavaScriptCore/pcre/pcre_xclass.c.
+
+        * pcre/ucpinternal.h: Updated header.
+
+        * pcre/ucptable.cpp: Copied from JavaScriptCore/pcre/ucptable.c.
+
+        * wtf/ASCIICType.h: (WTF::isASCIIDigit): Removed a branch by changing from && to
+        & for this operation. Also added an overload that takes an int because that's
+        useful for PCRE. Later we could optimize for int and overload other functions in
+        this file; stuck to this simple one for now.
+
+        * wtf/unicode/icu/UnicodeIcu.h: Removed unused isUpper.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+        * pcre/LICENCE: Removed.
+        * pcre/pcre-config.h: Removed.
+        * wtf/FastMallocPCRE.cpp: Removed.
+
+        * pcre/dftables.c: Renamed to cpp.
+        * pcre/pcre_compile.c: Ditto.
+        * pcre/pcre_exec.c: Ditto.
+        * pcre/pcre_maketables.c: Ditto.
+        * pcre/pcre_ord2utf8.c: Ditto.
+        * pcre/pcre_tables.c: Ditto.
+        * pcre/pcre_ucp_searchfuncs.c: Ditto.
+        * pcre/pcre_xclass.c: Ditto.
+        * pcre/ucptable.c: Ditto.
+
+2007-11-11  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Oliver.
+
+        Add KJS_CHECKEXCEPTIONBOOLEAN to match rest of nodes.cpp
+
+        * kjs/nodes.cpp:
+        (KJS::ExpressionNode::evaluateToBoolean):
+        (KJS::LessNode::evaluateToBoolean):
+        (KJS::GreaterNode::evaluateToBoolean):
+        (KJS::LessEqNode::evaluateToBoolean):
+        (KJS::GreaterEqNode::evaluateToBoolean):
+        (KJS::InstanceOfNode::evaluateToBoolean):
+        (KJS::InNode::evaluateToBoolean):
+        (KJS::EqualNode::evaluateToBoolean):
+        (KJS::NotEqualNode::evaluateToBoolean):
+        (KJS::StrictEqualNode::evaluateToBoolean):
+        (KJS::NotStrictEqualNode::evaluateToBoolean):
+        (KJS::LogicalAndNode::evaluateToBoolean):
+        (KJS::LogicalOrNode::evaluateToBoolean):
+        (KJS::ConditionalNode::evaluateToBoolean):
+
+2007-11-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15927
+          REGRESSION(r27487): delete a.c followed by __defineGetter__("c", ...) incorrectly deletes another property
+          and <rdar://problem/5586384> REGRESSION (r27487): Can't switch out of Edit HTML Source mode on Leopard Wiki
+
+        Test: fast/js/delete-then-put.html
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::put): Added a missing "- 1"; code to find an empty slot was not working.
+        (KJS::PropertyMap::checkConsistency): Added a missing range check that would have caught this
+        problem before.
+
+        - roll out a last-minute change to my evaluateToBoolean patch that was incorrect.
+
+        * kjs/nodes.h: (KJS::ExprStatementNode::ExprStatementNode): Take out call to
+        optimizeForUnnecessaryResult, since the result is used in some cases.
+
+2007-11-10  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        Roll out some changes that were (seemingly accidentally) checked in
+        with r27664.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-11-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15915
+          add an evaluation path for booleans like the one we have for numbers
+
+        Gives 1.1% on SunSpider.
+
+        * kjs/grammar.y: Create TrueNode and FalseNode instead of BooleanNode.
+
+        * kjs/nodes.h: Changed to use Noncopyable. Moved optimizeForUnnecessaryResult
+        down from Node to ExpressionNode. Changed some classes to not inherit from
+        ExpressionNode where not necessary, and removed unnneeded evaluate functions
+        as well as evaluate functions that need not be virtual. Call the
+        optimizeForUnnecessaryResult function on the start of a for loop too.
+        * kjs/nodes.cpp:
+        (KJS::ExpressionNode::evaluateToBoolean): Added.
+        (KJS::FalseNode::evaluate): Added.
+        (KJS::TrueNode::evaluate): Added.
+        (KJS::NumberNode::evaluateToBoolean): Added.
+        (KJS::StringNode::evaluateToBoolean): Added.
+        (KJS::LocalVarAccessNode::evaluateToBoolean): Added.
+        (KJS::BracketAccessorNode::evaluateToBoolean): Added.
+        (KJS::LogicalNotNode::evaluate): Changed to call evaluateToBoolean.
+        (KJS::LogicalNotNode::evaluateToBoolean): Added.
+        (KJS::lessThan): Changed to return bool.
+        (KJS::lessThanEq): Ditto.
+        (KJS::LessNode::evaluate): Changed since lessThan returns bool.
+        (KJS::LessNode::evaluateToBoolean): Added.
+        (KJS::GreaterNode::evaluate): Changed since lessThanEq returns bool.
+        (KJS::GreaterNode::evaluateToBoolean): Added.
+        (KJS::LessEqNode::evaluate): Changed since lessThanEq returns bool.
+        (KJS::LessEqNode::evaluateToBoolean): Added.
+        (KJS::GreaterEqNode::evaluate): Changed since lessThan returns bool.
+        (KJS::GreaterEqNode::evaluateToBoolean): Added.
+        (KJS::InstanceOfNode::evaluateToBoolean): Added.
+        (KJS::InNode::evaluateToBoolean): Added.
+        (KJS::EqualNode::evaluateToBoolean): Added.
+        (KJS::NotEqualNode::evaluateToBoolean): Added.
+        (KJS::StrictEqualNode::evaluateToBoolean): Added.
+        (KJS::NotStrictEqualNode::evaluateToBoolean): Added.
+        (KJS::ConditionalNode::evaluate): Changed to call evaluateToBoolean.
+        (KJS::IfNode::execute): Ditto.
+        (KJS::DoWhileNode::execute): Ditto.
+        (KJS::WhileNode::execute): Ditto.
+        (KJS::ForNode::execute): Ditto.
+
+        * kjs/nodes2string.cpp:
+        (KJS::FalseNode::streamTo): Added.
+        (KJS::TrueNode::streamTo): Added.
+
+2007-11-09  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        Reviewed by Darin.
+
+        * kjs/value.h:
+        (KJS::jsNumber): Add some explicit casts.
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        - fix build
+
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+        * kjs/property_map.cpp:
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        - roll out accidentally-checked in changes
+
+        * kjs/nodes.cpp: Back to previous version.
+        * kjs/nodes.h: Ditto.
+        * kjs/grammar.y: Ditto.
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15912
+          fasta spends a lot of time in qsort
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::getEnumerablePropertyNames):
+        Use insertion sort instead of qsort for small sets of property names.
+        We can probably do some even-better speedups of for/in, but this nets
+        0.6% overall and 6.7% on fasta.
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15906
+          getting characters by indexing into a string is very slow
+
+        This fixes one source of the slowness -- the conversion to an unused
+        Identifier as we call the get function from the slot -- but doesn't
+        fix others, such as the fact that we have to allocate a new UString::Rep
+        for every single character.
+
+        Speeds up string-base64 30%, and at least 0.5% overall.
+        But does slow down access-fannkuch quite a bit. Might be worth
+        revisiting in the future to see what we can do about that (although
+        I did look at a profile for a while).
+
+        * kjs/property_slot.h: Add a new marker for "numeric" property slots;
+        slots where we don't need to pass the identifier to the get function.
+        (KJS::PropertySlot::getValue): Added code to call the numeric get function.
+        (KJS::PropertySlot::setCustomNumeric): Added.
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::indexGetter): Changed to use substr() instead
+        of constructing a wholly new UString each time.
+        (KJS::stringInstanceNumericPropertyGetter): Added. Like indexGetter, but
+        takes advantage of setCustomNumeric to avoid creating an Identifier.
+        (KJS::StringInstance::getOwnPropertySlot): Changed to use setCustomNumeric.
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15904
+          more speed-ups possible by tightening up int version of JSImmediate
+
+        1% improvement of SunSpider
+
+        * kjs/JSImmediate.h: Eliminate the now-unneeded FPBitValues struct template.
+        (KJS::JSImmediate::from): Overload for most numeric types; many types can
+        do fewer branches and checks.
+        (KJS::JSImmediate::getUInt32): Removed unneeded check for undefined.
+        (KJS::JSImmediate::getTruncatedInt32): Ditto.
+        (KJS::JSImmediate::getTruncatedUInt32): Ditto. There's no difference any more
+        between getUInt32 and getTruncatedUInt32, so that's worth a rename and merge later.
+
+        * kjs/grammar.y: Update since fromDouble is now just from.
+        * kjs/nodes.h: Ditto.
+
+        * kjs/value.h: (KJS::jsNumber): Overload for most numeric types.
+
+2007-11-08  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Bakefiles for building JavaScriptCore, needed by wx port.
+
+        Reviewed by Mark Rowe.
+
+        * JavaScriptCoreSources.bkl: Added.
+        * jscore.bkl: Added.
+
+2007-11-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix regression caused by earlier bitwise and optimisation.  1 & undefined != 1.
+
+        The implementation of JSImmediate::areBothImmediateNumbers relies on 
+        (JSImmediate::getTag(immediate1) & JSImmediate::getTag(immediate2)) having 
+        a unique result when both immediate values are numbers.
+
+        The regression was due to UndefinedType & NumberType returning NumberType (3 & 1).
+        By swapping the value of NumberType and UndefinedType this ceases to be a problem.
+
+        * kjs/JSType.h:
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        - fix build
+
+        * kjs/nodes.h: Add missing parameter name.
+
+2007-11-08  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+
+        Add ExpressionNode subclass of Node, use it.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::ForInNode):
+        * kjs/nodes.h:
+        (KJS::ExpressionNode::):
+        (KJS::NullNode::):
+        (KJS::NullNode::precedence):
+        (KJS::BooleanNode::):
+        (KJS::BooleanNode::precedence):
+        (KJS::RegExpNode::):
+        (KJS::RegExpNode::precedence):
+        (KJS::ThisNode::):
+        (KJS::ThisNode::precedence):
+        (KJS::ResolveNode::):
+        (KJS::ElementNode::):
+        (KJS::ArrayNode::):
+        (KJS::PropertyNode::):
+        (KJS::PropertyNode::precedence):
+        (KJS::PropertyNode::name):
+        (KJS::PropertyListNode::):
+        (KJS::ObjectLiteralNode::):
+        (KJS::ObjectLiteralNode::precedence):
+        (KJS::BracketAccessorNode::):
+        (KJS::DotAccessorNode::):
+        (KJS::DotAccessorNode::precedence):
+        (KJS::ArgumentListNode::):
+        (KJS::ArgumentsNode::):
+        (KJS::NewExprNode::):
+        (KJS::NewExprNode::precedence):
+        (KJS::FunctionCallValueNode::):
+        (KJS::FunctionCallValueNode::precedence):
+        (KJS::FunctionCallResolveNode::):
+        (KJS::FunctionCallBracketNode::):
+        (KJS::FunctionCallBracketNode::precedence):
+        (KJS::FunctionCallDotNode::):
+        (KJS::FunctionCallDotNode::precedence):
+        (KJS::PrePostResolveNode::):
+        (KJS::PostfixBracketNode::):
+        (KJS::PostfixBracketNode::precedence):
+        (KJS::PostIncBracketNode::):
+        (KJS::PostIncBracketNode::isIncrement):
+        (KJS::PostDecBracketNode::):
+        (KJS::PostDecBracketNode::isIncrement):
+        (KJS::PostfixDotNode::):
+        (KJS::PostfixDotNode::precedence):
+        (KJS::PostIncDotNode::):
+        (KJS::PostIncDotNode::isIncrement):
+        (KJS::PostDecDotNode::):
+        (KJS::PostDecDotNode::isIncrement):
+        (KJS::PostfixErrorNode::):
+        (KJS::PostfixErrorNode::precedence):
+        (KJS::DeleteResolveNode::):
+        (KJS::DeleteBracketNode::):
+        (KJS::DeleteBracketNode::precedence):
+        (KJS::DeleteDotNode::):
+        (KJS::DeleteDotNode::precedence):
+        (KJS::DeleteValueNode::):
+        (KJS::DeleteValueNode::precedence):
+        (KJS::VoidNode::):
+        (KJS::VoidNode::precedence):
+        (KJS::TypeOfResolveNode::):
+        (KJS::TypeOfValueNode::):
+        (KJS::PrefixBracketNode::):
+        (KJS::PrefixBracketNode::precedence):
+        (KJS::PreIncBracketNode::):
+        (KJS::PreIncBracketNode::isIncrement):
+        (KJS::PreDecBracketNode::):
+        (KJS::PreDecBracketNode::isIncrement):
+        (KJS::PrefixDotNode::):
+        (KJS::PrefixDotNode::precedence):
+        (KJS::PreIncDotNode::):
+        (KJS::PreIncDotNode::isIncrement):
+        (KJS::PreDecDotNode::):
+        (KJS::PreDecDotNode::isIncrement):
+        (KJS::PrefixErrorNode::):
+        (KJS::PrefixErrorNode::precedence):
+        (KJS::UnaryPlusNode::):
+        (KJS::UnaryPlusNode::precedence):
+        (KJS::NegateNode::):
+        (KJS::NegateNode::precedence):
+        (KJS::BitwiseNotNode::):
+        (KJS::BitwiseNotNode::precedence):
+        (KJS::LogicalNotNode::):
+        (KJS::LogicalNotNode::precedence):
+        (KJS::AddNode::):
+        (KJS::AddNode::precedence):
+        (KJS::LeftShiftNode::):
+        (KJS::LeftShiftNode::precedence):
+        (KJS::RightShiftNode::):
+        (KJS::RightShiftNode::precedence):
+        (KJS::UnsignedRightShiftNode::):
+        (KJS::UnsignedRightShiftNode::precedence):
+        (KJS::LessNode::):
+        (KJS::LessNode::precedence):
+        (KJS::GreaterNode::):
+        (KJS::GreaterNode::precedence):
+        (KJS::LessEqNode::):
+        (KJS::LessEqNode::precedence):
+        (KJS::GreaterEqNode::):
+        (KJS::GreaterEqNode::precedence):
+        (KJS::InstanceOfNode::):
+        (KJS::InstanceOfNode::precedence):
+        (KJS::InNode::):
+        (KJS::InNode::precedence):
+        (KJS::EqualNode::):
+        (KJS::EqualNode::precedence):
+        (KJS::NotEqualNode::):
+        (KJS::NotEqualNode::precedence):
+        (KJS::StrictEqualNode::):
+        (KJS::StrictEqualNode::precedence):
+        (KJS::NotStrictEqualNode::):
+        (KJS::NotStrictEqualNode::precedence):
+        (KJS::BitAndNode::):
+        (KJS::BitAndNode::precedence):
+        (KJS::BitOrNode::):
+        (KJS::BitOrNode::precedence):
+        (KJS::BitXOrNode::):
+        (KJS::BitXOrNode::precedence):
+        (KJS::LogicalAndNode::):
+        (KJS::LogicalAndNode::precedence):
+        (KJS::LogicalOrNode::):
+        (KJS::LogicalOrNode::precedence):
+        (KJS::ConditionalNode::):
+        (KJS::ConditionalNode::precedence):
+        (KJS::ReadModifyResolveNode::):
+        (KJS::ReadModifyResolveNode::precedence):
+        (KJS::AssignResolveNode::):
+        (KJS::AssignResolveNode::precedence):
+        (KJS::ReadModifyBracketNode::):
+        (KJS::ReadModifyBracketNode::precedence):
+        (KJS::AssignBracketNode::):
+        (KJS::AssignBracketNode::precedence):
+        (KJS::AssignDotNode::):
+        (KJS::AssignDotNode::precedence):
+        (KJS::ReadModifyDotNode::):
+        (KJS::ReadModifyDotNode::precedence):
+        (KJS::AssignErrorNode::):
+        (KJS::AssignErrorNode::precedence):
+        (KJS::CommaNode::):
+        (KJS::CommaNode::precedence):
+        (KJS::AssignExprNode::):
+        (KJS::AssignExprNode::precedence):
+        (KJS::ExprStatementNode::):
+        (KJS::IfNode::):
+        (KJS::DoWhileNode::):
+        (KJS::WhileNode::):
+        (KJS::ReturnNode::):
+        (KJS::WithNode::):
+        (KJS::ThrowNode::):
+        (KJS::ParameterNode::):
+        (KJS::CaseClauseNode::):
+        (KJS::CaseClauseNode::precedence):
+        (KJS::ClauseListNode::):
+        (KJS::SwitchNode::):
+
+2007-11-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam.
+
+        Add a fast path for bitwise-and of two immediate numbers for a 0.7% improvement in SunSpider (4% bitop improvement).
+
+        This only improves bitwise-and performance, as the additional logic required 
+        for similar code paths on or, xor, and shifting requires additional operations
+        and branches that negate (and in certain cases, regress) any advantage we might
+        otherwise receive.
+
+        This improves performance on all bitop tests, the cryptography tests, as well as 
+        the string-base64 and string-unpack-code tests.  No significant degradation on 
+        any other tests.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::areBothImmediateNumbers):
+        (KJS::JSImmediate::andImmediateNumbers):
+        * kjs/nodes.cpp:
+        (KJS::BitAndNode::evaluate):
+        * kjs/value.h:
+        (KJS::jsNumberFromAnd):
+
+2007-11-08  Adam Roben  <aroben@apple.com>
+
+        Stop using KJS inside of MathExtras.h
+
+        Reviewed by Darin.
+
+        * wtf/MathExtras.h: Removed an unused header, and a now-unused
+        forward-declaration.
+        (wtf_atan2): Use std::numeric_limits intead of KJS.
+
+2007-11-08  Sam Weinig  <sam@webkit.org>
+
+        Windows build fix.
+
+        * kjs/date_object.cpp:
+        (KJS::DateProtoFuncToLocaleString::callAsFunction): Fix unused arg warning.
+        (KJS::DateProtoFuncToLocaleDateString::callAsFunction): ditto
+        (KJS::DateProtoFuncToLocaleTimeString::callAsFunction): ditto
+
+2007-11-08  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/lookup.h: Add missing include.
+
+2007-11-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin.
+
+        Convert JavaScript internal function objects to use one class per
+        function.  This avoids a switch statement inside what used to be
+        the shared function classes and will allow Shark to better analyze
+        the code.
+
+        To make this switch, the value property of the HashEntry was changed
+        to a union of an intptr_t (which is used to continue handle valueGetters)
+        and function pointer which points to a static constructor for the
+        individual new function objects.
+
+        SunSpider claims this is a 1.0% speedup.
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayPrototype::getOwnPropertySlot):
+        (KJS::getProperty):
+        (KJS::ArrayProtoFuncToString::callAsFunction):
+        (KJS::ArrayProtoFuncToLocaleString::callAsFunction):
+        (KJS::ArrayProtoFuncJoin::callAsFunction):
+        (KJS::ArrayProtoFuncConcat::callAsFunction):
+        (KJS::ArrayProtoFuncPop::callAsFunction):
+        (KJS::ArrayProtoFuncPush::callAsFunction):
+        (KJS::ArrayProtoFuncReverse::callAsFunction):
+        (KJS::ArrayProtoFuncShift::callAsFunction):
+        (KJS::ArrayProtoFuncSlice::callAsFunction):
+        (KJS::ArrayProtoFuncSort::callAsFunction):
+        (KJS::ArrayProtoFuncSplice::callAsFunction):
+        (KJS::ArrayProtoFuncUnShift::callAsFunction):
+        (KJS::ArrayProtoFuncFilter::callAsFunction):
+        (KJS::ArrayProtoFuncMap::callAsFunction):
+        (KJS::ArrayProtoFuncEvery::callAsFunction):
+        (KJS::ArrayProtoFuncForEach::callAsFunction):
+        (KJS::ArrayProtoFuncSome::callAsFunction):
+        (KJS::ArrayProtoFuncIndexOf::callAsFunction):
+        (KJS::ArrayProtoFuncLastIndexOf::callAsFunction):
+        * kjs/array_object.h:
+        (KJS::ArrayPrototype::classInfo):
+        * kjs/create_hash_table:
+        * kjs/date_object.cpp:
+        (KJS::DatePrototype::getOwnPropertySlot):
+        (KJS::DateProtoFuncToString::callAsFunction):
+        (KJS::DateProtoFuncToUTCString::callAsFunction):
+        (KJS::DateProtoFuncToDateString::callAsFunction):
+        (KJS::DateProtoFuncToTimeString::callAsFunction):
+        (KJS::DateProtoFuncToLocaleString::callAsFunction):
+        (KJS::DateProtoFuncToLocaleDateString::callAsFunction):
+        (KJS::DateProtoFuncToLocaleTimeString::callAsFunction):
+        (KJS::DateProtoFuncValueOf::callAsFunction):
+        (KJS::DateProtoFuncGetTime::callAsFunction):
+        (KJS::DateProtoFuncGetFullYear::callAsFunction):
+        (KJS::DateProtoFuncGetUTCFullYear::callAsFunction):
+        (KJS::DateProtoFuncToGMTString::callAsFunction):
+        (KJS::DateProtoFuncGetMonth::callAsFunction):
+        (KJS::DateProtoFuncGetUTCMonth::callAsFunction):
+        (KJS::DateProtoFuncGetDate::callAsFunction):
+        (KJS::DateProtoFuncGetUTCDate::callAsFunction):
+        (KJS::DateProtoFuncGetDay::callAsFunction):
+        (KJS::DateProtoFuncGetUTCDay::callAsFunction):
+        (KJS::DateProtoFuncGetHours::callAsFunction):
+        (KJS::DateProtoFuncGetUTCHours::callAsFunction):
+        (KJS::DateProtoFuncGetMinutes::callAsFunction):
+        (KJS::DateProtoFuncGetUTCMinutes::callAsFunction):
+        (KJS::DateProtoFuncGetSeconds::callAsFunction):
+        (KJS::DateProtoFuncGetUTCSeconds::callAsFunction):
+        (KJS::DateProtoFuncGetMilliSeconds::callAsFunction):
+        (KJS::DateProtoFuncGetUTCMilliseconds::callAsFunction):
+        (KJS::DateProtoFuncGetTimezoneOffset::callAsFunction):
+        (KJS::DateProtoFuncSetTime::callAsFunction):
+        (KJS::DateProtoFuncSetMilliSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMilliseconds::callAsFunction):
+        (KJS::DateProtoFuncSetSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetUTCSeconds::callAsFunction):
+        (KJS::DateProtoFuncSetMinutes::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMinutes::callAsFunction):
+        (KJS::DateProtoFuncSetHours::callAsFunction):
+        (KJS::DateProtoFuncSetUTCHours::callAsFunction):
+        (KJS::DateProtoFuncSetDate::callAsFunction):
+        (KJS::DateProtoFuncSetUTCDate::callAsFunction):
+        (KJS::DateProtoFuncSetMonth::callAsFunction):
+        (KJS::DateProtoFuncSetUTCMonth::callAsFunction):
+        (KJS::DateProtoFuncSetFullYear::callAsFunction):
+        (KJS::DateProtoFuncSetUTCFullYear::callAsFunction):
+        (KJS::DateProtoFuncSetYear::callAsFunction):
+        (KJS::DateProtoFuncGetYear::callAsFunction):
+        * kjs/date_object.h:
+        * kjs/lookup.cpp:
+        (KJS::Lookup::find):
+        * kjs/lookup.h:
+        (KJS::HashEntry::):
+        (KJS::staticFunctionGetter):
+        (KJS::staticValueGetter):
+        (KJS::getStaticPropertySlot):
+        (KJS::getStaticFunctionSlot):
+        (KJS::lookupPut):
+        * kjs/math_object.cpp:
+        (KJS::MathObjectImp::getOwnPropertySlot):
+        (KJS::MathProtoFuncAbs::callAsFunction):
+        (KJS::MathProtoFuncACos::callAsFunction):
+        (KJS::MathProtoFuncASin::callAsFunction):
+        (KJS::MathProtoFuncATan::callAsFunction):
+        (KJS::MathProtoFuncATan2::callAsFunction):
+        (KJS::MathProtoFuncCeil::callAsFunction):
+        (KJS::MathProtoFuncCos::callAsFunction):
+        (KJS::MathProtoFuncExp::callAsFunction):
+        (KJS::MathProtoFuncFloor::callAsFunction):
+        (KJS::MathProtoFuncLog::callAsFunction):
+        (KJS::MathProtoFuncMax::callAsFunction):
+        (KJS::MathProtoFuncMin::callAsFunction):
+        (KJS::MathProtoFuncPow::callAsFunction):
+        (KJS::MathProtoFuncRandom::callAsFunction):
+        (KJS::MathProtoFuncRound::callAsFunction):
+        (KJS::MathProtoFuncSin::callAsFunction):
+        (KJS::MathProtoFuncSqrt::callAsFunction):
+        (KJS::MathProtoFuncTan::callAsFunction):
+        * kjs/math_object.h:
+        (KJS::MathObjectImp::classInfo):
+        (KJS::MathObjectImp::):
+        * kjs/string_object.cpp:
+        (KJS::StringPrototype::getOwnPropertySlot):
+        (KJS::StringProtoFuncToString::callAsFunction):
+        (KJS::StringProtoFuncValueOf::callAsFunction):
+        (KJS::StringProtoFuncCharAt::callAsFunction):
+        (KJS::StringProtoFuncCharCodeAt::callAsFunction):
+        (KJS::StringProtoFuncConcat::callAsFunction):
+        (KJS::StringProtoFuncIndexOf::callAsFunction):
+        (KJS::StringProtoFuncLastIndexOf::callAsFunction):
+        (KJS::StringProtoFuncMatch::callAsFunction):
+        (KJS::StringProtoFuncSearch::callAsFunction):
+        (KJS::StringProtoFuncReplace::callAsFunction):
+        (KJS::StringProtoFuncSlice::callAsFunction):
+        (KJS::StringProtoFuncSplit::callAsFunction):
+        (KJS::StringProtoFuncSubstr::callAsFunction):
+        (KJS::StringProtoFuncSubstring::callAsFunction):
+        (KJS::StringProtoFuncToLowerCase::callAsFunction):
+        (KJS::StringProtoFuncToUpperCase::callAsFunction):
+        (KJS::StringProtoFuncToLocaleLowerCase::callAsFunction):
+        (KJS::StringProtoFuncToLocaleUpperCase::callAsFunction):
+        (KJS::StringProtoFuncLocaleCompare::callAsFunction):
+        (KJS::StringProtoFuncBig::callAsFunction):
+        (KJS::StringProtoFuncSmall::callAsFunction):
+        (KJS::StringProtoFuncBlink::callAsFunction):
+        (KJS::StringProtoFuncBold::callAsFunction):
+        (KJS::StringProtoFuncFixed::callAsFunction):
+        (KJS::StringProtoFuncItalics::callAsFunction):
+        (KJS::StringProtoFuncStrike::callAsFunction):
+        (KJS::StringProtoFuncSub::callAsFunction):
+        (KJS::StringProtoFuncSup::callAsFunction):
+        (KJS::StringProtoFuncFontcolor::callAsFunction):
+        (KJS::StringProtoFuncFontsize::callAsFunction):
+        (KJS::StringProtoFuncAnchor::callAsFunction):
+        (KJS::StringProtoFuncLink::callAsFunction):
+        * kjs/string_object.h:
+
+2007-11-08  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        Reviewed by Sam and Ada.
+
+        * wtf/MathExtras.h: Get rid of a circular #include dependency to fix
+        the build.
+
+2007-11-08  Adam Roben  <aroben@apple.com>
+
+        Fix a precedence warning on Windows
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::toBoolean):
+
+2007-11-08  Mark Rowe  <mrowe@apple.com>
+
+        Build fix for JavaScriptGlue.
+
+        * wtf/MathExtras.h: Include stdlib.h for srand and RAND_MAX.
+
+2007-11-08  Darin Adler  <darin@apple.com>
+
+        - Windows build fix
+
+        * kjs/JSImmediate.h: Include MathExtras.h rather than math.h since this file uses "signbit".
+
+2007-11-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Replace the use of floats for immediate values with the use of integers for a 4.5% improvement in SunSpider.
+
+        Unfortunately this change results in NaN, +Inf, -Inf, and -0 being heap allocated now, but
+        we should now have faster array access, faster immediate to double conversion, and the 
+        potential to further improve bitwise operators in future.
+
+        This also removes the need for unions to avoid strict aliasing problems when extracting 
+        a value from immediates.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::trueImmediate):
+        (KJS::JSImmediate::falseImmediate):
+        (KJS::JSImmediate::undefinedImmediate):
+        (KJS::JSImmediate::nullImmediate):
+        (KJS::JSImmediate::toBoolean):
+        * kjs/value.h:
+        (KJS::jsNaN):
+
+2007-11-07  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Darin and Oliver.
+        
+        Add evaluateToNumber parallel evaluation tree to speed up number operations.
+        Make ImmediateNumberNode a subclass of NumberNode.
+        Share evaluate logic between evaluate and evaluateToNumber using inline functions
+        There is still a lot of improvement to be made here.
+        
+        SunSpider claims this is a 1.0% speedup overall (nbody 7.9%), base64 slowing 2.0%
+        Given the huge win that this prepares us for with simple type inferencing I see the small
+        regression in base64 being worth the substantial overall improvement.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::Node::evaluateToNumber):
+        (KJS::NumberNode::evaluate):
+        (KJS::NumberNode::evaluateToNumber):
+        (KJS::StringNode::evaluateToNumber):
+        (KJS::LocalVarAccessNode::inlineEvaluate):
+        (KJS::LocalVarAccessNode::evaluate):
+        (KJS::LocalVarAccessNode::evaluateToNumber):
+        (KJS::BracketAccessorNode::inlineEvaluate):
+        (KJS::BracketAccessorNode::evaluate):
+        (KJS::BracketAccessorNode::evaluateToNumber):
+        (KJS::NegateNode::evaluate):
+        (KJS::NegateNode::evaluateToNumber):
+        (KJS::MultNode::inlineEvaluateToNumber):
+        (KJS::MultNode::evaluate):
+        (KJS::MultNode::evaluateToNumber):
+        (KJS::DivNode::inlineEvaluateToNumber):
+        (KJS::DivNode::evaluate):
+        (KJS::DivNode::evaluateToNumber):
+        (KJS::ModNode::inlineEvaluateToNumber):
+        (KJS::ModNode::evaluate):
+        (KJS::ModNode::evaluateToNumber):
+        (KJS::throwOutOfMemoryErrorToNumber):
+        (KJS::addSlowCaseToNumber):
+        (KJS::add):
+        (KJS::addToNumber):
+        (KJS::AddNode::evaluateToNumber):
+        (KJS::SubNode::inlineEvaluateToNumber):
+        (KJS::SubNode::evaluate):
+        (KJS::SubNode::evaluateToNumber):
+        (KJS::valueForReadModifyAssignment):
+        (KJS::ReadModifyLocalVarNode::evaluate):
+        (KJS::ReadModifyResolveNode::evaluate):
+        (KJS::ReadModifyDotNode::evaluate):
+        (KJS::ReadModifyBracketNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::Node::):
+        (KJS::NumberNode::):
+        (KJS::ImmediateNumberNode::):
+        (KJS::AddNode::precedence):
+        * kjs/nodes2string.cpp:
+        (KJS::NumberNode::streamTo):
+
+2007-11-07  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Eric.
+
+        Fix up initialization after being mangled in r27572, and remove the
+        ternary expression as extraCost will always be zero for the numeric
+        heap.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+
+2007-11-07  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/regexp_object.cpp:
+
+2007-11-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Beth Dakin.
+        
+        Eliminated a bogus (though compiled-out) branch in the collector.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+
+2007-11-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed part of http://bugs.webkit.org/show_bug.cgi?id=15861 
+        5.8% of string-validate-input.js is spent creating RegExpImps
+
+        Put RegExpImp properties into a static hashtable to avoid a slew of
+        PropertyMap churn when creating a RegExpImp.
+        
+        Factored important bits of regular expression implementation out of
+        RegExpImp (the JS object) and into RegExp (the PCRE wrapper class), 
+        making RegExp a ref-counted class. (This will help later.)
+
+        Removed PCRE_POSIX support because I didn't quite know how to test it 
+        and keep it working with these changes.
+        
+        1.1% SunSpider speedup. 5.8% speedup on string-validate-input.js.
+
+        * kjs/regexp.h: A few interface changes:
+        1. Renamed "subpatterns()" => "numSubpatterns()"
+        2. Made flag enumeration private and replaced it with public getters for
+        specific flags.
+        3. Made RegExp ref-counted so RegExps can be shared by RegExpImps.
+        4. Made RegExp take a string of flags instead of an int, eliminating 
+        duplicated flag parsing code elsewhere.
+
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpProtoFunc::callAsFunction): For RegExp.compile: 
+        - Fixed a bug where compile(undefined) would throw an exception. 
+        - Removed some now-redundant code.
+        - Used RegExp sharing to eliminate an allocation and a bunch of 
+        PropertyMap thrash. (Not a big win since compile is a deprecated 
+        function. I mainly did this to test the plubming.)
+
+2007-11-07  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by nobody, Qt/Windows build fix.
+
+        JavaScriptCore.pri expects OBJECTS_DIR to be set, so set it in
+        testkjs.pro, too, where it's included from.
+
+        * kjs/testkjs.pro:
+
+2007-11-07  Simon Hausmann  <shausman@trolltech.com>
+
+        Reviewed by Lars.
+
+        Fix "nmake clean" for the Qt/Windows build by replacing tmp/ with a variable that ends with the correct type of slash/backslash depending on the choice of compiler/make tool.
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2007-11-07  Lars Knoll  <lars@trolltech.com>
+
+        Reviewed by Simon.
+
+        fix umemcasecmp
+        
+        Pretty embarrassing bug. Has the potential to fix quite a few test failures.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::umemcasecmp):
+
+2007-11-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.        
+        
+        - only collect when the heap is full, unless we have lots of extra cost garbage
+        
+        1.1% SunSpider speedup.
+        
+        This shouldn't hit memory use much since the extra space in those
+        blocks hangs around either way.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+        (KJS::Collector::collect): Fix logic error that reversed the sense of collect's 
+        return value.
+
+2007-11-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Avoid unnecessarily boxing the result from post inc/decrement for 0.3% gain in sunspider
+        
+        We now convert the common 'for (...; ...; <var>++) ...' to the semantically identical
+        'for (...; ...; ++<var>) ...'.
+
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::optimizeForUnnecessaryResult):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostIncLocalVarNode::optimizeForUnnecessaryResult):
+        (KJS::PostDecResolveNode::optimizeForUnnecessaryResult):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::optimizeForUnnecessaryResult):
+        * kjs/nodes.h:
+        (KJS::PrePostResolveNode::):
+        (KJS::PostIncResolveNode::):
+        (KJS::PostIncLocalVarNode::):
+        (KJS::PostDecResolveNode::):
+        (KJS::PostDecLocalVarNode::):
+        (KJS::PreIncResolveNode::):
+        (KJS::PreDecResolveNode::):
+        (KJS::ForNode::ForNode):
+
+2007-11-06  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+
+        This fixes a regressed layout test for string + object
+        
+        SunSpider claims this was an overall 0.3% speedup, although some individual tests were slower.
+
+        * kjs/nodes.cpp:
+        (KJS::add): remove erroneous "fast path" for string + *
+
+2007-11-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+        
+        Added toJSNumber, a fast path for converting a JSValue to a JS number,
+        and deployed it in postfix expressions. In the fast case this 
+        eliminates a call to jsNumber.
+        
+        0.4% speedup on SunSpider.
+
+        * ChangeLog:
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::UnaryPlusNode::evaluate):
+        * kjs/value.h:
+        (KJS::JSValue::toJSNumber):
+
+2007-11-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15846
+          REGRESSION (r27387): Memory corruption when running fast/js/kde/delete.html
+
+        There was a mistake in the algorithm used to find an empty slot in the property
+        map entries vector; when we were putting in a new property value and not overwriting
+        an existing deleted sentinel, we would enlarge the entries vector, but would not
+        overwrite the stale data that's in the new part. It was easy to pin this down by
+        turning on property map consistency checks -- I never would have landed with this
+        bug if I had run the regression tests once with consistency checks on!
+
+        * kjs/property_map.cpp: (KJS::PropertyMap::put): Changed logic for the case where
+        foundDeletedElement is false to always use the item at the end of the entries vector.
+        Also allowed me to merge with the logic for the "no deleted sentinels at all" case.
+
+2007-11-06  Oliver Hunt  <oliver@apple.com>
+
+        RS=Darin.
+
+        Fix previous patch to use a 3 bit shift, a 16 bit shift causes a regression in sunspider.
+
+        * kjs/nodes.cpp:
+        (KJS::add):
+
+2007-11-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Replace boolean comparisons in AddNode with mask
+        comparisons for a 0.2% improvement in sunspider.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/nodes.cpp:
+        (KJS::add):
+
+2007-11-06  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        SunSpider claims this is a 1.1% speedup.
+
+        * kjs/nodes.cpp:
+        (KJS::throwOutOfMemoryError): Added, non inline.
+        (KJS::addSlowCase): renamed from add(), non inline.
+        (KJS::add): add fast path for String + String, Number + Number and String + *
+
+2007-11-06  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+        
+        Avoid more UString creation.
+        
+        SunSpider claims this is a 0.4% speedup.
+
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpObjectImp::construct): use UString::find(UChar)
+
+2007-11-05  Mark Rowe  <mrowe@apple.com>
+
+        Mac build fix.
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFunc::callAsFunction):
+
+2007-11-05  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * kjs/list.h:
+
+2007-11-05  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.  Add missing #include.
+
+        * kjs/operations.cpp:
+
+2007-11-05  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+        
+        Remove another call to toString(exec)
+        
+        SunSpider claims this is a 0.5% speedup.
+
+        * kjs/operations.cpp:
+        (KJS::equal): remove another toString
+
+2007-11-05  Eric Seidel  <eric@webkit.org>
+
+        * kjs/operations.cpp:
+        (KJS::equal): correct broken change.
+
+2007-11-05  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by mjs.
+
+        Remove one more call to toString(exec).
+        
+        SunSpider claims this is a 0.7% speedup.
+
+        * kjs/operations.cpp:
+        (KJS::equal): remove a call to toString()
+
+2007-11-05  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * pcre/pcre.pri:
+
+2007-11-05  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/list.cpp:
+
+2007-11-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Touched a file to test my new HTTP access.
+
+        * kjs/scope_chain.cpp:
+
+2007-11-05  Alp Toker  <alp@atoker.com>
+
+        Unreviewed build fix for qmake-based ports.
+
+        Someone with a better understanding of qmake still needs to sort out
+        the INCLUDEPATH/DEPENDPATH mess.
+
+        * JavaScriptCore.pri:
+
+2007-11-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        http://bugs.webkit.org/show_bug.cgi?id=15835
+
+        Switched List implementation from a custom heap allocator to an inline
+        Vector, for a disappointing .5% SunSpider speedup.
+        
+        Also renamed List::slice to List::getSlice because "get" is the 
+        conventional prefix for functions returning a value through an out 
+        parameter.
+
+        * kjs/array_object.cpp:
+        (KJS::ArrayProtoFunc::callAsFunction): Removed some redundant function
+        calls and memory accesses.
+
+        * kjs/bool_object.cpp:
+        (BooleanObjectImp::construct): Removed questionable use of iterator.
+
+        * kjs/list.cpp:
+        * kjs/list.h: New List class, implemented in terms of Vector. Two 
+        interesting differences:
+            1. The inline capacity is 8, not 5. Many of the Lists constructed 
+            during a SunSpider run are larger than 5; almost none are larger
+            than 8.
+
+            2. The growth factor is 4, not 2. Since we can guarantee that Lists
+            aren't long-lived, we can grow them more aggressively, to avoid
+            excessive copying.
+
+        * kjs/regexp_object.cpp:
+        (RegExpObjectImp::construct): Removed redundant function calls.
+
+        * kjs/string_object.cpp:
+        (KJS::StringObjectImp::construct): Removed questionable use of iterator.
+
+        * wtf/Vector.h:
+        (WTF::::uncheckedAppend): Added a fast, unchecked version of append.
+
+2007-11-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Alp Toker.
+
+        Add DEPENDPATH to JavaScriptCore and pcre to help qmake with dependencies.
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2007-11-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15826
+          optimize opcode loop and case insensitive ASCII compares for a 30% speedup
+
+        SunSpider says it's 2.6% faster overall, 32.5% in the regular expression tests.
+
+        * pcre/pcre_internal.h: Added OP_ASCII_CHAR and OP_ASCII_LETTER_NC.
+
+        * pcre/pcre_compile.c:
+        (find_fixedlength): Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC. Also
+        added OP_NOT since there was no reason it should not be in here.
+        (could_be_empty_branch): Ditto.
+        (compile_branch): Streamlined all the single-character cases; there was a bit of
+        duplicate code. Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC as needed.
+        But in particular, compile to those opcodes when the single character match is
+        ASCII.
+        (find_firstassertedchar): Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC.
+
+        * pcre/pcre_exec.c: (match): Removed the "min", "minimize", and "op" fields from
+        the matchframe, after I discovered that none of them needed to be saved and restored
+        across recursive match calls. Also eliminated the ignored result field from the
+        matchframe, since I discovered that rrc ("recursive result code") was already the
+        exact same thing. Moved the handling of opcodes higher than OP_BRA into the default
+        statement of the switch instead of doing them before the switch. This removes a
+        branch from each iteration of the opcode interpreter, just as removal of "op"
+        removed at least one store from each iteration. Last, but not least, add the
+        OP_ASCII_CHAR and OP_ASCII_LETTER_NC functions. Neither can ever match a
+        surrogate pair and the letter case can be handled efficiently.
+
+2007-11-04  Darin Adler  <darin@apple.com>
+
+        * pcre/pcre_exec.c: (match): Try to fix the Windows build by removing unreachable code.
+
+2007-11-03  Darin Adler  <darin@apple.com>
+
+        - fix non-Mac builds; remove some more unused PCRE stuff
+
+        * pcre/pcre_compile.c:
+        (compile_branch): Removed branch chain and some unused ESC values.
+        (compile_regex): Ditto.
+        (jsRegExpCompile): Ditto.
+        * pcre/pcre_exec.c:
+        (match): Removed unused branch targets. Don't use macros any more.
+        (jsRegExpExecute): More of the same.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update for removed files.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * pcre/pcre.pri: Ditto.
+
+        * pcre/MERGING: Removed.
+        * pcre/pcre_fullinfo.c: Removed.
+        * pcre/pcre_get.c: Removed.
+        * pcre/pcre_internal.h:
+        * pcre/ucp.h: Removed.
+
+2007-11-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15821
+          remove unused PCRE features for speed
+
+        A first step toward removing the PCRE features we don't use.
+        This gives a 0.8% speedup on SunSpider, and a 6.5% speedup on
+        the SunSpider regular expression test.
+
+        Replaced the public interface with one that doesn't use the
+        name PCRE. Removed code we don't need for JavaScript and various
+        configurations we don't use. This is in preparation for still
+        more changes in the future. We'll probably switch to C++ and
+        make some even more significant changes to the regexp engine
+        to get some additional speed.
+
+        There's probably additional unused stuff that I haven't
+        deleted yet.
+
+        This does mean that our PCRE is now a fork, but I think that's
+        not really a big deal.
+
+        * JavaScriptCore.exp: Remove the 5 old entry points and add
+        the 3 new entry points for WebCore's direct use of the regular
+        expression engine.
+
+        * kjs/config.h: Remove the USE(PCRE16) define. I decided to flip
+        its sense and now there's a USE(POSIX_REGEX) instead, which should
+        probably not be set by anyone. Maybe later we'll just get rid of it
+        altogether.
+
+        * kjs/regexp.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Switch to new jsRegExp function names and
+        defines. Cut down on the number of functions used.
+        (KJS::RegExp::~RegExp): Ditto.
+        (KJS::RegExp::match): Ditto.
+
+        * pcre/dftables.c: (main): Get rid of ctype_letter and ctype_meta,
+        which are unused.
+
+        * pcre/pcre-config.h: Get rid of EBCIDIC, PCRE_DATA_SCOPE, const,
+        size_t, HAVE_STRERROR, HAVE_MEMMOVE, HAVE_BCOPY, NEWLINE,
+        POSIX_MALLOC_THRESHOLD, NO_RECURSE, SUPPORT_UCP, SUPPORT_UTF8,
+        and JAVASCRIPT. These are all no longer configurable in our copy
+        of the library.
+
+        * pcre/pcre.h: Remove the macro-based kjs prefix hack, the PCRE
+        version macros, PCRE_UTF16, the code to set up PCRE_DATA_SCOPE,
+        the include of <stdlib.h>, and most of the constants and
+        functions defined in this header. Changed the naming scheme to
+        use a JSRegExp prefix rather than a pcre prefix. In the future,
+        we'll probably change this to be a C++ header.
+
+        * pcre/pcre_compile.c: Removed all unused code branches,
+        including many whole functions and various byte codes.
+        Kept changes outside of removal to a minimum.
+        (check_escape):
+        (first_significant_code):
+        (find_fixedlength):
+        (find_recurse):
+        (could_be_empty_branch):
+        (compile_branch):
+        (compile_regex):
+        (is_anchored):
+        (is_startline):
+        (find_firstassertedchar):
+        (jsRegExpCompile): Renamed from pcre_compile2 and changed the
+        parameters around a bit.
+        (jsRegExpFree): Added.
+
+        * pcre/pcre_exec.c: Removed many unused opcodes and variables.
+        Also started tearing down the NO_RECURSE mechanism since it's
+        now the default. In some cases there were things in the explicit
+        frame that could be turned into plain old local variables and
+        other small like optimizations.
+        (pchars):
+        (match_ref):
+        (match): Changed parameters quite a bit since it's now not used
+        recursively.
+        (jsRegExpExecute): Renamed from pcre_exec.
+
+        * pcre/pcre_internal.h: Get rid of PCRE_DEFINITION, PCRE_SPTR,
+        PCRE_IMS, PCRE_ICHANGED, PCRE_NOPARTIAL, PCRE_STUDY_MAPPED,
+        PUBLIC_OPTIONS, PUBLIC_EXEC_OPTIONS, PUBLIC_DFA_EXEC_OPTIONS,
+        PUBLIC_STUDY_OPTIONS, MAGIC_NUMBER, 16 of the opcodes,
+        _pcre_utt, _pcre_utt_size, _pcre_try_flipped, _pcre_ucp_findprop,
+        and _pcre_valid_utf8. Also moved pcre_malloc and pcre_free here.
+
+        * pcre/pcre_maketables.c: Changed to only compile in dftables.
+        Also got rid of many of the tables that we don't use.
+
+        * pcre/pcre_tables.c: Removed the unused Unicode property tables.
+
+        * pcre/pcre_ucp_searchfuncs.c: Removed everything except for
+        _pcre_ucp_othercase.
+
+        * pcre/pcre_xclass.c: (_pcre_xclass): Removed uneeded support
+        for classes based on Unicode properties.
+
+        * wtf/FastMallocPCRE.cpp: Removed unused bits. It would be good
+        to eliminate this completely, but we need the regular expression
+        code to be C++ first.
+
+        * pcre/pcre_fullinfo.c:
+        * pcre/pcre_get.c:
+        * pcre/ucp.h:
+        Files that are no longer needed. I didn't remove them with this
+        check-in, because I didn't want to modify all the project files.
+
+2007-11-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam.
+        
+        - remove NaN check from JSImmediate::fromDouble for 0.5% SunSpider speedup
+
+        It turns out that doing this check costs more than it saves.
+        
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::fromDouble):
+
+2007-11-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver.
+
+        Remove dummy variable from ClassInfo reducing the size of the struct by 1 word.
+        The variable had been kept around for binary compatibility, but since nothing
+        else is there is no point in continuing to keep it around.
+
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackObject.cpp:
+        * bindings/objc/objc_runtime.mm:
+        * bindings/runtime_array.cpp:
+        * bindings/runtime_object.cpp:
+        * kjs/array_instance.cpp:
+        * kjs/array_object.cpp:
+        * kjs/bool_object.cpp:
+        * kjs/date_object.cpp:
+        * kjs/error_object.cpp:
+        * kjs/function.cpp:
+        * kjs/internal.cpp:
+        * kjs/lookup.h:
+        * kjs/math_object.cpp:
+        * kjs/number_object.cpp:
+        * kjs/object.h:
+        * kjs/regexp_object.cpp:
+        * kjs/string_object.cpp:
+
+2007-11-03  Kevin McCullough  <kmccullough@apple.com>
+
+        - Updated testkjs results to make the build bots green until we
+        can fix the tests that are failing.  The new failures are in DST.
+
+        * tests/mozilla/expected.html:
+
+2007-11-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adam.
+        
+        - don't print the var twice for ForInNodes with a var declaration
+
+        * kjs/nodes2string.cpp:
+        (KJS::ForInNode::streamTo):
+
+2007-11-03  Darin Adler  <darin@apple.com>
+
+        * pcre/pcre_compile.c: (check_escape): Windows build fix. Get rid of
+        C-incompatible declaration.
+
+2007-11-03  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/nodes.cpp:  Add missing include.
+
+2007-11-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15814
+          <rdar://problem/5536644> fast/js/kde/encode_decode_uri.html fails
+
+        These changes cause us to match the JavaScript specification and pass the
+        fast/js/kde/encode_decode_uri.html test.
+
+        * kjs/function.cpp: (KJS::encode): Call the UTF-8 string conversion in its
+        new strict mode, throwing an exception if there are malformed UTF-16 surrogate
+        pairs in the text.
+
+        * kjs/ustring.h: Added a strict version of the UTF-8 string conversion.
+        * kjs/ustring.cpp:
+        (KJS::decodeUTF8Sequence): Removed code to disallow U+FFFE and U+FFFF; while
+        those might be illegal in some sense, they aren't supposed to get any special
+        handling in the place where this function is currently used.
+        (KJS::UString::UTF8String): Added the strictness.
+
+2007-11-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15812
+          some JavaScript tests (from the Mozilla test suite) are failing
+
+        Two or three fixes get 7 more of the Mozilla tests passing.
+        This gets us down from 61 failing tests to 54.
+
+        * kjs/interpreter.h: (KJS::Interpreter::builtinRegExp):
+        Made this inline and gave it a more specific type. Some day we should
+        probably do that for all of these -- might even get a bit of a speed
+        boost from it.
+        * kjs/interpreter.cpp: Removed Interpreter::builtinRegExp now that it's
+        inline in the header.
+
+        * kjs/regexp_object.h:
+        * kjs/regexp_object.cpp:
+        (KJS::RegExpProtoFunc::callAsFunction): Moved test and exec out of the
+        switch statement into the RegExpImp object, so they can be shared with
+        RegExpImp::callAsFunction.
+        (KJS::RegExpImp::match): Added. Common code used by both test and exec.
+        (KJS::RegExpImp::test): Added.
+        (KJS::RegExpImp::exec): Added.
+        (KJS::RegExpImp::implementsCall): Added.
+        (KJS::RegExpImp::callAsFunction): Added.
+        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate): Initialize
+        lastInput to null rather than empty string -- we take advantage of the
+        difference in RegExpImp::match.
+        (KJS::RegExpObjectImp::input): Added. No reason to go through hash tables
+        just to get at a field like this.
+
+        * pcre/pcre_compile.c: (check_escape): Changed the \u handling to match
+        the JavaScript specification. If there are not 4 hex digits after the \u,
+        then it's processed as if it wasn't an escape sequence at all.
+
+        * pcre/pcre_internal.h: Added IS_NEWLINE, with the appropriate definition
+        for JavaScript (4 specific Unicode values).
+        * pcre/pcre_exec.c:
+        (match): Changed all call sites to use IS_NEWLINE.
+        (pcre_exec): Ditto.
+
+        * tests/mozilla/expected.html: Updated to expect 7 more successful tests.
+
+2007-11-03  David D. Kilzer  <ddkilzer@webkit.org>
+
+        Sort files(...); sections of Xcode project files.
+
+        Rubber-stamped by Darin.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-11-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - remove VarDeclListNode and simplify VarDeclNode evaluation for 0.4% SunSpider speedup
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::VarDeclNode::optimizeVariableAccess):
+        (KJS::VarDeclNode::getDeclarations):
+        (KJS::VarDeclNode::handleSlowCase):
+        (KJS::VarDeclNode::evaluateSingle):
+        (KJS::VarDeclNode::evaluate):
+        (KJS::VarStatementNode::execute):
+        * kjs/nodes.h:
+        (KJS::VarDeclNode::):
+        (KJS::VarStatementNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::VarDeclNode::streamTo):
+
+2007-11-03  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15800
+        REGRESSION (r27303): RegExp leaks
+
+        * kjs/regexp_object.h:
+        (KJS::RegExpImp::setRegExp):
+        (KJS::RegExpImp::regExp):
+        (KJS::RegExpImp::classInfo):
+        * kjs/regexp_object.cpp:
+        (RegExpImp::RegExpImp):
+        (RegExpImp::~RegExpImp):
+        Renamed reg member variable to m_regExp, changed it to use OwnPtr.
+
+2007-11-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - add SourceElements as a typedef for Vector<RefPtr<StatementNode> >.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::statementListPushFIFO):
+        (KJS::statementListGetDeclarations):
+        (KJS::statementListInitializeDeclarationStacks):
+        (KJS::statementListInitializeVariableAccessStack):
+        (KJS::statementListExecute):
+        (KJS::BlockNode::BlockNode):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::ProgramNode::ProgramNode):
+        * kjs/nodes.h:
+        (KJS::CaseClauseNode::):
+
+2007-11-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15791
+          change property map data structure for less memory use, better speed
+
+        The property map now has an array of indices and a separate array of
+        property map entries. This slightly slows down lookup because of a second
+        memory acess, but makes property maps smaller and faster to iterate in
+        functions like mark().
+
+        SunSpider says this is 1.2% faster, although it makes the bitwise-end test
+        more than 10% slower. To fix that we'll need to optimize global variable lookup.
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMapEntry::PropertyMapEntry):
+        (KJS::PropertyMapHashTable::entries):
+        (KJS::PropertyMapHashTable::allocationSize):
+        (KJS::SavedProperties::SavedProperties):
+        (KJS::SavedProperties::~SavedProperties):
+        (KJS::PropertyMap::checkConsistency):
+        (KJS::PropertyMap::~PropertyMap):
+        (KJS::PropertyMap::clear):
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::createTable):
+        (KJS::PropertyMap::rehash):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::mark):
+        (KJS::comparePropertyMapEntryIndices):
+        (KJS::PropertyMap::containsGettersOrSetters):
+        (KJS::PropertyMap::getEnumerablePropertyNames):
+        (KJS::PropertyMap::save):
+        (KJS::PropertyMap::restore):
+        * kjs/property_map.h:
+
+2007-11-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15807
+          HashMap needs a take() function that combines get and remove
+
+        * wtf/HashMap.h: Added take function. Simplistic implementation for now,
+        but still does only one hash table lookup.
+
+        * kjs/array_instance.cpp: (KJS::ArrayInstance::put): Use take rather than
+        a find followed by a remove.
+
+2007-11-02  David Carson  <dacarson@gmail.com>
+
+        Reviewed by Darin.
+
+        Fix compiler warning "warning: suggest parentheses around && within ||"
+        http://bugs.webkit.org/show_bug.cgi?id=15764
+
+        * kjs/value.h: (KJS::JSValue::isNumber): Add parentheses.
+
+2007-11-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        In preparation for making List a simple stack-allocated Vector:
+
+        Removed all instances of List copying and/or assignment, and made List 
+        inherit from Noncopyable.
+        
+        Functions that used to return a List by copy now take List& out 
+        parameters.
+        
+        Layout tests and JS tests pass.
+
+        * kjs/list.cpp:
+        (KJS::List::slice): Replaced copyTail with a more generic slice 
+        alternative. (JavaScriptCore only calls slice(1), but WebCore calls 
+        slice(2)).
+
+2007-11-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15785
+        REGRESSION(r27344): Crash on load at finance.yahoo.com
+        
+        Reverted a small portion of my last check-in. (The speedup and the List 
+        removal are still there, though.)
+        
+        ActivationImp needs to hold a pointer to its function, and mark that 
+        pointer (rather than accessing its function through its ExecState, and 
+        counting on the active scope to mark its function) because a closure 
+        can cause an ActivationImp to outlive its ExecState along with any 
+        active scope.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::~FunctionImp):
+        (KJS::ActivationImp::ActivationImp):
+        * kjs/function.h:
+        (KJS::ActivationImp::ActivationImpPrivate::ActivationImpPrivate):
+
+        Also made HashTable a little more crash-happy in debug builds, so 
+        problems like this will show up earlier:
+        
+        * wtf/HashTable.h:
+        (WTF::HashTable::~HashTable):
+
+2007-11-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adam Roben.
+        
+        Addressed some of Darin's review comments.
+        
+        Used perl -p, which is the shorthand while(<>) {}.
+        
+        Made sure not to suppress bison's output.
+        
+        Added line to removed bison_out.txt, since this script removes other 
+        intermediate files, too.
+
+        * DerivedSources.make:
+
+2007-11-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Removed List from ActivationImp, in preparation for making all lists
+        stack-allocated.
+        
+        Tests pass.
+        
+        1.0% speedup on SunSpider, presumably due to reduced List refcount thrash.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        (KJS::ExecState::~ExecState):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::ActivationImp):
+        (KJS::ActivationImp::createArgumentsObject):
+        * kjs/function.h:
+        (KJS::ActivationImp::ActivationImpPrivate::ActivationImpPrivate):
+
+2007-11-01  Adam Roben  <aroben@apple.com>
+
+        Use jsNumberCell instead of jsNumber when converting double constants to JSValues
+
+        This fixes fast/js/math.html, ecma/Date/15.9.5.10-1.js, and
+        ecma/Date/15.9.5.12-1.js, which were suffering from a bug in MSVC.
+
+        It also gets rid of an MSVC warning that we previously had to silence.
+
+        Reviewed by Geoff.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Turn
+        back on the "overflow in constant arithmetic" warning.
+        * kjs/number_object.cpp:
+        (NumberObjectImp::getValueProperty): Use jsNumberCell instead of
+        jsNumber.
+
+2007-10-31  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * kjs/ExecState.h:
+
+2007-10-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - shave some cycles off of local storage access for a 1% SunSpider speedup
+        
+        Keep the LocalStorage pointer in the ExecState, instead of getting
+        it from the ActivationImp all the time.
+
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::updateLocalStorage):
+        * kjs/ExecState.h:
+        (KJS::ExecState::localStorage):
+        * kjs/nodes.cpp:
+        (KJS::LocalVarAccessNode::evaluate):
+        (KJS::LocalVarFunctionCallNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::ReadModifyLocalVarNode::evaluate):
+        (KJS::AssignLocalVarNode::evaluate):
+        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
+
+2007-10-31  Adam Roben  <aroben@apple.com>
+
+        Fix a crash on launch due to a static initializer race
+
+        We now use fast inline assembler spinlocks which can be statically
+        initialized at compile time.
+
+        As a side benefit, this speeds up SunSpider by 0.4%.
+
+        Reviewed by Oliver.
+
+        * wtf/FastMalloc.cpp:
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        (TCMalloc_SlowLock):
+        * wtf/TCSystemAlloc.cpp:
+
+2007-10-31  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam.
+
+        - Corrected spelling.
+
+        * wtf/HashTraits.h:
+
+2007-10-31  Mark Rowe  <mrowe@apple.com>
+
+        Further Gtk build fixage.
+
+        * kjs/regexp_object.cpp:
+
+2007-10-31  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/regexp.h:
+
+2007-10-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15749
+          RegExp/RegExpObjectImp cause needless UString creation
+
+        Speeds things up 0.4% according to SunSpider.
+
+        * kjs/config.h: Define USE(PCRE16) instead of HAVE(PCREPOSIX),
+        because this library doesn't use the real PCRE -- it uses its
+        own PCRE that works on UTF-16.
+
+        * kjs/regexp.h: Removed a few unused functions. Changed the ifdef.
+        Use Noncopyable. Change the return value of match.
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Call pcre_compile2, for a slight speed boost.
+        (KJS::RegExp::~RegExp): PCRE16 rather than PCREPOSIX.
+        (KJS::RegExp::match): Change to return the position as an int and the
+        ovector as a OwnArrayPtr<int> for efficiency and clearer storage management.
+
+        * kjs/regexp_object.h: Change performMatch and arrayOfMatches to no longer
+        require a result string.
+        * kjs/regexp_object.cpp:
+        (RegExpProtoFunc::callAsFunction): Update for new signature of performMatch.
+        (RegExpObjectImp::performMatch): Change so it doesn't return a string.
+        (RegExpObjectImp::arrayOfMatches): Simplify by unifying the handling of
+        the main result with the backreferences; now it doesn't need to take
+        a result parameter.
+        (RegExpObjectImp::getBackref): Minor tweaks.
+        (RegExpObjectImp::getLastParen): Ditto.
+        (RegExpObjectImp::getLeftContext): Ditto.
+        (RegExpObjectImp::getRightContext): Ditto.
+        (RegExpObjectImp::getValueProperty): Change LastMatch case to call
+        getBackref(0) so we don't need a separate getLastMatch function.
+
+        * kjs/string_object.cpp:
+        (KJS::replace): Update to use new performMatch, including merging the
+        matched string section with the other substrings.
+        (KJS::StringProtoFunc::callAsFunction): Update functions to use the
+        new performMatch and match. Also change to use OwnArrayPtr.
+
+2007-10-31  Oliver Hunt  <oliver@apple.com>
+
+        * kjs/nodes.h: include OwnPtr.h
+
+2007-10-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Remove SourceCodeElement class and replaced with a Vector for a 0.8% gain on sunspider
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::statementListPushFIFO):
+        (KJS::statementListGetDeclarations):
+        (KJS::statementListInitializeDeclarationStacks):
+        (KJS::statementListInitializeVariableAccessStack):
+        (KJS::statementListExecute):
+        (KJS::BlockNode::optimizeVariableAccess):
+        (KJS::BlockNode::BlockNode):
+        (KJS::BlockNode::getDeclarations):
+        (KJS::BlockNode::execute):
+        (KJS::CaseClauseNode::optimizeVariableAccess):
+        (KJS::CaseClauseNode::getDeclarations):
+        (KJS::CaseClauseNode::evalStatements):
+        (KJS::FunctionBodyNode::initializeDeclarationStacks):
+        (KJS::FunctionBodyNode::optimizeVariableAccess):
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        (KJS::statementListStreamTo):
+        (KJS::BlockNode::streamTo):
+        (KJS::CaseClauseNode::streamTo):
+
+2007-10-30  Mark Rowe  <mrowe@apple.com>
+
+        * kjs/property_map.cpp: Added a missing using directive to fix the build
+        for non-Mac ports. Mac worked only because it does the AllInOneFile compile.
+
+2007-10-31  Maciej Stachowiak  <mjs@apple.com>
+
+        * kjs/property_map.cpp: Include HashTable.h the right way to fix the build
+        for non-Mac ports.
+
+2007-10-31  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=11001
+        WebKit doesn't support RegExp.compile method
+
+        Test: fast/js/regexp-compile.html
+
+        * kjs/regexp_object.cpp:
+        (RegExpPrototype::RegExpPrototype):
+        (RegExpProtoFunc::callAsFunction):
+        * kjs/regexp_object.h:
+        (KJS::RegExpProtoFunc::):
+        Added RegExp.compile.
+
+        * tests/mozilla/expected.html: js1_2/regexp/compile.js now passes.
+
+2007-10-31  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - get rid of integer divide in PropertyMap and HashTable for 1% SunSpider speedup
+        
+        Integer divide sucks. Fortunately, a bunch of shifts and XORs
+        biased towards the high bits is sufficient to provide a good
+        double hash. Besides the SunSpider win, I used the dump statistics
+        mode for both to verify that collisions did not increase and that
+        the longest collision chain is not any longer.
+
+        * kjs/property_map.cpp:
+        (KJS::doubleHash):
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::checkConsistency):
+        * wtf/HashTable.h:
+        (WTF::doubleHash):
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+
+2007-10-30  Adam Roben  <aroben@apple.com>
+
+        * kjs/collector.h: Make HeapType public so it can be used for non-member
+        things like the HeapConstants struct template. Fixes the build on Windows.
+
+2007-10-30  Adam Roben  <aroben@apple.com>
+
+        Change ALWAYS_INLINE and WTF_PRIVATE_INLINE to use __forceinline on Windows
+
+        Speeds up SunSpider by 0.4%.
+
+        Reviewed by Steve and Maciej.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
+        a warning during LTCG in release builds about double -> float
+        conversion.
+        * wtf/AlwaysInline.h:
+        * wtf/FastMalloc.h:
+
+2007-10-30  Adam Roben  <aroben@apple.com>
+
+        Use GetCurrentThreadId instead of pthread_self in FastMalloc
+
+        Speeds up SunSpider by 0.3%.
+
+        Reviewed by Steve.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_ThreadCache::InitTSD):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+
+2007-10-30  Adam Roben  <aroben@apple.com>
+
+        Switch to a Win32 critical section implementation of spinlocks
+        
+        Speeds up SunSpider by 0.4%.
+        
+        Reviewed by Steve.
+        
+        * wtf/FastMalloc.cpp:
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::TCMalloc_SpinLock):
+        (TCMalloc_SpinLock::Init):
+        (TCMalloc_SpinLock::Finalize):
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+        * wtf/TCSystemAlloc.cpp:
+
+2007-10-30  Adam Roben  <aroben@apple.com>
+
+        Fix Bug 15586: REGRESSION (r26759-r26785): Windows nightly builds crash with Safari 3 Public Beta
+
+        http://bugs.webkit.org/show_bug.cgi?id=15586
+
+        Also fixes: <rdar://5565303> Cannot use regsvr32.exe to register WebKit.dll
+
+        Use Win32 TLS functions instead of __declspec(thread), which breaks
+        delay-loading.
+
+        Reviewed by Steve.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::getThreadHeap):
+        (WTF::TCMalloc_ThreadCache::InitModule):
+
+2007-10-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - allocate numbers in half-size cells, for an 0.5% SunSpider speedup
+        http://bugs.webkit.org/show_bug.cgi?id=15772
+        
+        We do this by using a single mark bit per two number cells, and
+        tweaking marking.
+        
+        Besides being an 0.5% win overall, this is a 7.1% win on morph.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::heapAllocate):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::sweep):
+        * kjs/collector.h:
+        (KJS::SmallCollectorCell::):
+
+2007-10-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Adam Roben, Sam Weinig.
+        
+        Made conflicts in grammar.y a persistent build failure.
+
+        * DerivedSources.make:
+
+2007-10-30  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam and Geoff.
+
+        - Added a new cast so all the casts are in the same place.
+
+        * API/APICast.h:
+        (toGlobalRef):
+
+2007-10-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fixed <rdar://problem/5567504> shift/reduce conflict introduced in r24457
+        
+        JS tests, including 
+
+            ecma_2/Statements/dowhile-001.js
+            ecma_2/Statements/dowhile-002.js
+            ecma_2/Statements/dowhile-003.js
+            ecma_2/Statements/dowhile-004.js
+            ecma_2/Statements/dowhile-005.js
+            ecma_2/Statements/dowhile-006.js
+            ecma_2/Statements/dowhile-007.js
+            js1_2/statements/do_while.js
+
+        and layout tests, including
+
+            do-while-expression-value.html
+            do-while-semicolon.html
+            do-while-without-semicolon.html
+        
+        pass.
+        
+        * kjs/grammar.y: Use the explicit "error" production, as we do with other
+        automatic semicolon insertions, to disambiguate "do { } while();" from
+        "do { } while()" followed by ";" (the empty statement).
+
+2007-10-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Debranching remaining assignment nodes, and miscellaneous cleanup
+        
+        Split read-modify code paths out of AssignBracketNode and AssignDotNode
+        Removed now unnecessary check for write-only assignment in ReadModifyLocalVarNode 
+        and ReadModifyResolveNode evaluate methods
+
+        Leads to a 1% gain in SunSpider.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ReadModifyLocalVarNode::evaluate):
+        (KJS::ReadModifyResolveNode::evaluate):
+        (KJS::AssignDotNode::evaluate):
+        (KJS::ReadModifyDotNode::optimizeVariableAccess):
+        (KJS::ReadModifyDotNode::evaluate):
+        (KJS::AssignBracketNode::evaluate):
+        (KJS::ReadModifyBracketNode::optimizeVariableAccess):
+        (KJS::ReadModifyBracketNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::AssignBracketNode::):
+        (KJS::AssignBracketNode::precedence):
+        (KJS::AssignDotNode::):
+        (KJS::AssignDotNode::precedence):
+        * kjs/nodes2string.cpp:
+        (KJS::ReadModifyBracketNode::streamTo):
+        (KJS::AssignBracketNode::streamTo):
+        (KJS::ReadModifyDotNode::streamTo):
+        (KJS::AssignDotNode::streamTo):
+
+2007-10-29  Oliver Hunt  <oliver@apple.com>
+
+        Debranching various Node::evaluate implementations
+        
+        Reviewed by Maciej.
+        
+        Split the read-modify-write assignment cases out of AssignResolveNode and into ReadModifyResolveNode
+        Split the increment and decrement cases for Prefix- and Postfix- ResolveNode, BracketNode, and DotNode
+        
+        Gains 1.6% on SunSpider
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::PostIncResolveNode::optimizeVariableAccess):
+        (KJS::PostIncResolveNode::evaluate):
+        (KJS::PostIncLocalVarNode::evaluate):
+        (KJS::PostDecResolveNode::optimizeVariableAccess):
+        (KJS::PostDecResolveNode::evaluate):
+        (KJS::PostDecLocalVarNode::evaluate):
+        (KJS::PostIncBracketNode::evaluate):
+        (KJS::PostDecBracketNode::evaluate):
+        (KJS::PostIncDotNode::evaluate):
+        (KJS::PostDecDotNode::evaluate):
+        (KJS::PreIncResolveNode::optimizeVariableAccess):
+        (KJS::PreIncLocalVarNode::evaluate):
+        (KJS::PreIncResolveNode::evaluate):
+        (KJS::PreDecResolveNode::optimizeVariableAccess):
+        (KJS::PreDecLocalVarNode::evaluate):
+        (KJS::PreDecResolveNode::evaluate):
+        (KJS::PreIncBracketNode::evaluate):
+        (KJS::PreDecBracketNode::evaluate):
+        (KJS::PreIncDotNode::evaluate):
+        (KJS::PreDecDotNode::evaluate):
+        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::AssignLocalVarNode::evaluate):
+        (KJS::AssignResolveNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::PostDecResolveNode::):
+        (KJS::PostDecResolveNode::precedence):
+        (KJS::PostDecLocalVarNode::):
+        (KJS::PostfixBracketNode::):
+        (KJS::PostfixBracketNode::precedence):
+        (KJS::PostIncBracketNode::):
+        (KJS::PostIncBracketNode::isIncrement):
+        (KJS::PostDecBracketNode::):
+        (KJS::PostDecBracketNode::isIncrement):
+        (KJS::PostfixDotNode::):
+        (KJS::PostfixDotNode::precedence):
+        (KJS::PostIncDotNode::):
+        (KJS::PostIncDotNode::isIncrement):
+        (KJS::PostDecDotNode::):
+        (KJS::PreIncResolveNode::):
+        (KJS::PreDecResolveNode::):
+        (KJS::PreDecResolveNode::precedence):
+        (KJS::PreDecLocalVarNode::):
+        (KJS::PrefixBracketNode::):
+        (KJS::PrefixBracketNode::precedence):
+        (KJS::PreIncBracketNode::):
+        (KJS::PreIncBracketNode::isIncrement):
+        (KJS::PreDecBracketNode::):
+        (KJS::PreDecBracketNode::isIncrement):
+        (KJS::PrefixDotNode::):
+        (KJS::PrefixDotNode::precedence):
+        (KJS::PreIncDotNode::):
+        (KJS::PreIncDotNode::isIncrement):
+        (KJS::PreDecDotNode::):
+        (KJS::ReadModifyResolveNode::):
+        (KJS::ReadModifyLocalVarNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::AssignResolveNode::precedence):
+        * kjs/nodes2string.cpp:
+        (KJS::PostIncResolveNode::streamTo):
+        (KJS::PostDecResolveNode::streamTo):
+        (KJS::PostfixBracketNode::streamTo):
+        (KJS::PostfixDotNode::streamTo):
+        (KJS::PreIncResolveNode::streamTo):
+        (KJS::PreDecResolveNode::streamTo):
+        (KJS::ReadModifyResolveNode::streamTo):
+        (KJS::AssignResolveNode::streamTo):
+
+2007-10-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, build fix.
+        
+        - Include Vector.h in a way that actually works.
+
+        * kjs/LocalStorage.h:
+
+2007-10-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, build fix.
+        
+        - Install LocalStorage.h as a private header.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-10-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - Define good VectorTraits for LocalStorage entry for 0.5% speed improvement on SunSpider.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/LocalStorage.h: Added.
+        (KJS::LocalStorageEntry::LocalStorageEntry):
+        (WTF::):
+        * kjs/function.h:
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
+
+2007-10-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Some small tweaks that I notice while reviewing Oliver's last patch.
+        
+        Includes removal of an unnecessary KJS_CHECKEXCEPTIONVALUE.
+        
+        No change in SunSpider because SunSpider doesn't take the code path that
+        would execute the unnecessary KJS_CHECKEXCEPTIONVALUE much.
+
+        * kjs/nodes.cpp:
+        (KJS::LocalVarPostfixNode::evaluate):
+        (KJS::TypeOfResolveNode::optimizeVariableAccess):
+        (KJS::LocalVarTypeOfNode::evaluate):
+        (KJS::PrefixResolveNode::optimizeVariableAccess):
+        (KJS::LocalVarPrefixNode::evaluate):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::LocalVarAssignNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::LocalVarTypeOfNode::):
+        (KJS::PrefixResolveNode::):
+        (KJS::LocalVarPrefixNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::LocalVarAssignNode::):
+
+2007-10-29  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        SunSpider claims this was a 0.7% speedup.
+
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction): avoid mallocing a jsString in the common case
+
+2007-10-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - re-enable asserts for access to empty or deleted keys
+
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+
+2007-10-29  Eric Seidel  <eric@webkit.org>
+
+        Build fix only, no review.
+
+        * JavaScriptCore.exp: Export symbol for new StringInstance::getOwnPropertySlot
+
+2007-10-29  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.  Move struct declarations into nodes.h.
+
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+
+2007-10-29  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        Give StringInstance a getOwnPropertySlot(ExecState, unsigned, PropertySlot) fastpath, just like Arrays.
+        Make it a compile time error to use toString(ExecState) on a StringInstance
+        
+        SunSpider claims this was a 6.6% speedup overall (22% on string-base64)
+
+        * kjs/internal.h:
+        (KJS::StringImp::getLength):
+        * kjs/string_object.cpp:
+        (KJS::StringInstance::lengthGetter):
+        (KJS::StringInstance::inlineGetOwnPropertySlot):
+        (KJS::StringInstance::getOwnPropertySlot):
+        * kjs/string_object.h:
+
+2007-10-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Add nodes to allow Assignment, TypeOf, and prefix operators to 
+        make use of the new optimised local variable look up.
+
+        5% gain on sunspider
+
+        * kjs/nodes.cpp:
+        (KJS::TypeOfResolveNode::optimizeVariableAccess):
+        (KJS::LocalTypeOfAccessNode::evaluate):
+        (KJS::PrefixResolveNode::optimizeVariableAccess):
+        (KJS::PrefixLocalAccessNode::evaluate):
+        (KJS::AssignResolveNode::optimizeVariableAccess):
+        (KJS::AssignLocalAccessNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::TypeOfResolveNode::):
+        (KJS::TypeOfResolveNode::precedence):
+        (KJS::LocalTypeOfAccessNode::):
+        (KJS::PrefixResolveNode::):
+        (KJS::PrefixResolveNode::precedence):
+        (KJS::PrefixLocalAccessNode::):
+        (KJS::AssignResolveNode::):
+        (KJS::AssignLocalAccessNode::):
+
+2007-10-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - avoid creating and then breaking circular lists in the parser, instead track head and tail pointers at parse time
+        http://bugs.webkit.org/show_bug.cgi?id=15748
+        
+        Not a significant speedup or slowdown on SunSpider.
+
+        * kjs/Parser.cpp:
+        (KJS::clearNewNodes):
+        * kjs/Parser.h:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::BlockNode::BlockNode):
+        (KJS::CaseBlockNode::CaseBlockNode):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::SourceElementsNode::SourceElementsNode):
+        (KJS::ProgramNode::ProgramNode):
+        * kjs/nodes.h:
+        (KJS::ElementNode::):
+        (KJS::ArrayNode::):
+        (KJS::PropertyListNode::):
+        (KJS::ObjectLiteralNode::):
+        (KJS::ArgumentListNode::):
+        (KJS::ArgumentsNode::):
+        (KJS::VarDeclListNode::):
+        (KJS::VarStatementNode::):
+        (KJS::ForNode::):
+        (KJS::ParameterNode::):
+        (KJS::FuncExprNode::):
+        (KJS::FuncDeclNode::):
+        (KJS::SourceElementsNode::):
+        (KJS::CaseClauseNode::):
+        (KJS::ClauseListNode::):
+
+2007-10-28  Mark Rowe  <mrowe@apple.com>
+
+        Disable assertions in a manner that doesn't break the Qt Windows build.
+
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+
+2007-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Temporarily disabling some ASSERTs I introduced in my last check-in 
+        because of http://bugs.webkit.org/show_bug.cgi?id=15747
+        Lots of layout tests fail the !HashTranslator::equal(KeyTraits::emptyValue() ASSERT
+
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+
+2007-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15746
+        #ifndef ASSERT_DISABLED is no good!
+        
+        Replaced with #if !ASSERT_DISABLED.
+
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+
+2007-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Added FunctionCallResolveNode, PostfixResolveNode, and DeleteResolveNode
+        to the AST transfom that replaces slow resolve nodes with fast local 
+        variable alternatives.
+        
+        2.5% speedup on SunSpider.
+        
+        Also added some missing copyright notices.
+        
+        * kjs/nodes.cpp:
+        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
+        (KJS::FunctionCallResolveNode::evaluate):
+        (KJS::LocalVarFunctionCallNode::evaluate):
+        (KJS::PostfixResolveNode::optimizeVariableAccess):
+        (KJS::PostfixResolveNode::evaluate):
+        (KJS::LocalVarPostfixNode::evaluate):
+        (KJS::DeleteResolveNode::optimizeVariableAccess):
+        (KJS::DeleteResolveNode::evaluate):
+        (KJS::LocalVarDeleteNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::FunctionCallResolveNode::):
+        (KJS::LocalVarFunctionCallNode::LocalVarFunctionCallNode):
+        (KJS::PostfixResolveNode::):
+        (KJS::LocalVarPostfixNode::LocalVarPostfixNode):
+        (KJS::DeleteResolveNode::):
+        (KJS::LocalVarDeleteNode::LocalVarDeleteNode):
+
+2007-10-28  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        Inline UString::Rep::deref() for a 0.8% improvement in SunSpider
+        Add virtual keyword to a few virtual functions previously unmarked.
+
+        * kjs/internal.h:
+        (KJS::StringImp::type):
+        (KJS::NumberImp::type):
+        * kjs/ustring.h:
+        (KJS::UString::Rep::deref):
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        - fix "broken everything" from the storage leak fix
+
+        * wtf/RefPtr.h: (WTF::RefPtr::RefPtr): Added a PlacementNewAdopt constructor.
+        * kjs/ustring.h: (KJS::UString::UString): Pass PlacementNewAdopt along to RefPtr.
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Adam.
+
+        - turn on unused parameter waring on Mac OS X because it's already on elsewhere
+
+        * Configurations/Base.xcconfig: Took out -wno-unused-parameter.
+
+        * API/JSNode.c:
+        * API/JSNodeList.c:
+        * API/minidom.c:
+        * API/testapi.c:
+        Fixed unused variables by using them or marked them with UNUSED_PARAM.
+
+        * kjs/CollectorHeapIntrospector.h: (KJS::CollectorHeapIntrospector::zoneCalloc):
+        Removed parameter names to indicate they are unused.
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix a storage leak where we ref the UString every time we replace
+          a ResolveNode with a LocalVarAccessNode
+
+        * kjs/identifier.h: (KJS::Identifier::Identifier): Added a constructor
+        that takes PlacementNewAdopt.
+
+        * kjs/nodes.h: (KJS::ResolveNode::ResolveNode): Initialize the ident
+        with PlacementNewAdopt instead of the old value of ident.
+
+        * kjs/ustring.h: (KJS::UString::UString): Added a constructor that
+        takes PlacementNewAdopt.
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        - Windows build fix; get rid of unused parameter
+
+        * kjs/nodes.cpp: (KJS::ResolveNode::optimizeVariableAccess): Don't pass it.
+        * kjs/nodes.h: (KJS::LocalVarAccessNode::LocalVarAccessNode): Remove it.
+        The assertions weren't all that helpful.
+
+2007-10-28  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.  Add include of MathExtras.h.
+
+        * kjs/string_object.cpp:
+
+2007-10-28  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej and Tim.
+
+        Replace uses of isNaN and isInf with isnan and isinf, and
+        remove isNaN and isInf.
+
+        * kjs/config.h: Remove unused HAVE_'s.
+        * kjs/date_object.cpp:
+        (KJS::DateInstance::getTime):
+        (KJS::DateInstance::getUTCTime):
+        (KJS::DateProtoFunc::callAsFunction):
+        (KJS::DateObjectImp::construct):
+        (KJS::DateObjectFuncImp::callAsFunction):
+        * kjs/function.cpp:
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/math_object.cpp:
+        (MathFuncImp::callAsFunction):
+        * kjs/nodes2string.cpp:
+        (KJS::isParserRoundTripNumber):
+        * kjs/number_object.cpp:
+        (NumberProtoFunc::callAsFunction):
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction):
+        * kjs/ustring.cpp:
+        (KJS::UString::from):
+        * kjs/value.cpp:
+        (KJS::JSValue::toInteger):
+        (KJS::JSValue::toInt32SlowCase):
+        (KJS::JSValue::toUInt32SlowCase):
+
+2007-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: use the new-fangled missingSymbolMarker().
+
+        * kjs/nodes.cpp:
+        (KJS::ResolveNode::optimizeVariableAccess):
+        * kjs/nodes.h:
+        (KJS::LocalVarAccessNode::LocalVarAccessNode):
+
+2007-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak, Darin Adler.
+        
+        Much supporting work done by Maciej Stachowiak, Maks Orlovich, and 
+        Cameron Zwarich.
+        
+        AST transfom to replace slow resolve nodes with fast local variable
+        alternatives that do direct memory access. Currently, only ResolveNode
+        provides a fast local variable alternative. 6 others are soon to come.
+        
+        16.7% speedup on SunSpider.
+        
+        Most of this patch is just scaffolding to support iterating all the 
+        resolve nodes in the AST through optimizeResolveNodes(). In 
+        optimizeResolveNodes(), most classes just push their child nodes onto 
+        the processing stack, while ResolveNodes actually replace themselves in 
+        the tree with more optimized alternatives, if possible.
+
+        Here are the interesting bits:
+
+        * kjs/nodes.h: Added PlacementNewAdoptTag, along with implementations 
+        in Node and ResolveNode. This tag allows you to use placement new to 
+        swap out a base class Node in favor of a subclass copy that holds the
+        same data. (Without this tag, default initialization would NULL out
+        RefPtrs, change line numbers, etc.)
+
+        * kjs/nodes.cpp:
+        (KJS::ResolveNode::evaluate): Since we're taking the slow path, ASSERT
+        that the fast path is impossible, to make sure we didn't leave anything
+        on the table.
+
+        (KJS::FunctionBodyNode::optimizeResolveNodes): Here's where the AST 
+        transformation happens.
+        
+        (KJS::ResolveNode::optimizeResolveNodes): Here's where the ResolveNode
+        optimization happens.
+
+        * kjs/function.h: Added symbolTable() accessor for, for the sake of 
+        an ASSERT.
+
+2007-10-28  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Maciej.
+
+        Fix "AllInOneFile.o has a global initializer in it".
+
+        Some versions of gcc generate a global initializer for std::numeric_limits<size_t>::max().
+        We can avoid this by moving it inside an inline function.
+
+        * kjs/SymbolTable.h:
+        (KJS::missingSymbolMarker):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot):
+        (KJS::ActivationImp::put):
+
+2007-10-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - Added assertions to protect against adding empty or deleted keys to a HashTable
+
+        * wtf/HashTable.h:
+        (WTF::HashTable::lookup):
+        (WTF::HashTable::lookupForWriting):
+        (WTF::HashTable::fullLookupForWriting):
+        (WTF::HashTable::add):
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        - fix GTK build
+
+        * kjs/nodes2string.cpp: (KJS::isParserRoundTripNumber):
+        Use isNaN and isInf instead of isnan and isinf.
+
+2007-10-28  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15735
+          remove GroupNode to simplify AST and possibly get a modest speedup
+
+        This patch removes 4 node types: GroupNode, PropertyNameNode,
+        FunctionCallParenBracketNode, and FunctionCallParenDotNode.
+
+        To remove GroupNode, we add knowledge of precedence to the tree nodes,
+        and use that when serializing to determine where parentheses are needed.
+        This means we no longer have to represent parentheses in the tree.
+
+        The precedence values are named after productions in the grammar from the
+        JavaScript standard.
+
+        SunSpider says this is an 0.4% speedup.
+
+        * kjs/function.h:
+        * kjs/function.cpp: Removed escapeStringForPrettyPrinting -- it's part of
+        serialization, so I moved it to the file that takes care of that.
+
+        * kjs/grammar.y: Changed makeGetterOrSetterPropertyNode to use 0 to
+        indicate failure instead of a separate boolean. Got rid of PropertyNameNode
+        by merging the PropertyName rule into the Property rule (which was easier
+        than figuring out how to pass the Identifier from one node to another).
+        Got rid of GroupNode, nodeInsideAllParens(), FunctionCallParenBracketNode,
+        and FunctionCallParenDotNode.
+
+        * kjs/nodes.h: Removed unused forward declarations and Operator values.
+        Added Precedence enum, and precedence function to all nodes. Removed
+        nodeInsideAllParens. Added streamBinaryOperator function for serialization.
+        Removed GroupNode and PropertyNameNode. Made PropertyNode store an Identifier.
+        Removed FunctionCallParenBracketNode and FunctionCallParenDotNode.
+
+        * kjs/nodes.cpp: Removed Node::nodinsideAllParens, GroupNode, and PropertyNameNode.
+        (KJS::PropertyListNode::evaluate): Changed code to get name directly instead
+        of converting it from an Identifier to a jsString then back to a UString
+        then into an Identifier again!
+
+        * kjs/nodes2string.cpp: Changed special-token implementation to use a separate
+        function for each of Endl, Indent, Unindent, and DotExpr instead of using a
+        single function with a switch. Added a precedence that you can stream in, to
+        cause the next node serialized to add parentheses based on that precedence value.
+        (KJS::operatorString): Moved to the top of the file.
+        (KJS::escapeStringForPrettyPrinting): Moved here from function.cpp. Removed old
+        workaround for snprintf, since StringExtras.h takes care of that.
+        (KJS::operator<<): Made the char and char* versions faster by using UString's
+        character append functions instead of constructing a UString. Added the logic
+        to the Node* version to add parentheses if needed.
+        (KJS::Node::streamLeftAssociativeBinaryOperator): Added helper function.
+        (KJS::ElementNode::streamTo): Use PrecAssignment for the elements.
+        (KJS::BracketAccessorNode::streamTo): Use PrecCall for the expression before
+        the bracket.
+        (KJS::DotAccessorNode::streamTo): Use PrecCall for the expression before the dot.
+        (KJS::ArgumentListNode::streamTo): Use PrecAssignment for the arguments.
+        (KJS::NewExprNode::streamTo): Use PrecMember for the expression.
+        (KJS::FunctionCallValueNode::streamTo): Use PrecCall.
+        (KJS::FunctionCallBracketNode::streamTo): Ditto.
+        (KJS::FunctionCallDotNode::streamTo): Ditto.
+        (KJS::PostfixBracketNode::streamTo): Ditto.
+        (KJS::PostfixDotNode::streamTo): Ditto.
+        (KJS::PostfixErrorNode::streamTo): Use PrecLeftHandSide.
+        (KJS::DeleteBracketNode::streamTo): Use PrecCall.
+        (KJS::DeleteDotNode::streamTo): Ditto.
+        (KJS::DeleteValueNode::streamTo): Use PrecUnary.
+        (KJS::VoidNode::streamTo): Ditto.
+        (KJS::TypeOfValueNode::streamTo): Ditto.
+        (KJS::PrefixBracketNode::streamTo): Use PrecCall.
+        (KJS::PrefixDotNode::streamTo): Ditto.
+        (KJS::PrefixErrorNode::streamTo): Use PrecUnary.
+        (KJS::UnaryPlusNode::streamTo): Ditto.
+        (KJS::NegateNode::streamTo): Ditto.
+        (KJS::BitwiseNotNode::streamTo): Ditto.
+        (KJS::LogicalNotNode::streamTo): Ditto.
+        (KJS::MultNode::streamTo): Use streamLeftAssociativeBinaryOperator.
+        (KJS::DivNode::streamTo): Ditto.
+        (KJS::ModNode::streamTo): Ditto.
+        (KJS::AddNode::streamTo): Ditto.
+        (KJS::SubNode::streamTo): Ditto.
+        (KJS::LeftShiftNode::streamTo): Ditto.
+        (KJS::RightShiftNode::streamTo): Ditto.
+        (KJS::UnsignedRightShiftNode::streamTo): Ditto.
+        (KJS::LessNode::streamTo): Ditto.
+        (KJS::GreaterNode::streamTo): Ditto.
+        (KJS::LessEqNode::streamTo): Ditto.
+        (KJS::GreaterEqNode::streamTo): Ditto.
+        (KJS::InstanceOfNode::streamTo): Ditto.
+        (KJS::InNode::streamTo): Ditto.
+        (KJS::EqualNode::streamTo): Ditto.
+        (KJS::NotEqualNode::streamTo): Ditto.
+        (KJS::StrictEqualNode::streamTo): Ditto.
+        (KJS::NotStrictEqualNode::streamTo): Ditto.
+        (KJS::BitAndNode::streamTo): Ditto.
+        (KJS::BitXOrNode::streamTo): Ditto.
+        (KJS::BitOrNode::streamTo): Ditto.
+        (KJS::LogicalAndNode::streamTo): Ditto.
+        (KJS::LogicalOrNode::streamTo): Ditto.
+        (KJS::ConditionalNode::streamTo): Ditto.
+        (KJS::AssignResolveNode::streamTo): Use PrecAssignment for the right side.
+        (KJS::AssignBracketNode::streamTo): Use PrecCall for the expression before
+        the bracket and PrecAssignment for the right side.
+        (KJS::AssignDotNode::streamTo): Ditto.
+        (KJS::AssignErrorNode::streamTo): Use PrecLeftHandSide for the left side
+        and PrecAssignment for the right side.
+        (KJS::CommaNode::streamTo): Use PrecAssignment for both expressions.
+        (KJS::AssignExprNode::streamTo): Use PrecAssignment.
+
+2007-10-28  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Define wx port and set wx port USE options.
+
+        Reviewed by Adam Roben.
+
+        * wtf/Platform.h:
+
+2007-10-28  Mark Rowe  <mrowe@apple.com>
+
+        We don't include "config.h" in headers.
+
+        * bindings/jni/jni_instance.h:
+        * kjs/regexp.h:
+        * wtf/TCPageMap.h:
+        * wtf/TCSpinLock.h:
+
+2007-10-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Mark.
+        
+        - avoid using non-portable SIZE_T_MAX in favor of std::numeric_limits
+
+        * kjs/SymbolTable.h:
+        (KJS::SymbolTableIndexHashTraits::emptyValue):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot):
+        (KJS::ActivationImp::put):
+
+2007-10-28  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Eric.
+        
+        - switch SymbolTable to be a HashMap instead of a PropertyMap for 3% SunSpider speedup
+
+        * kjs/SymbolTable.h:
+        (KJS::IdentifierRepHash::hash): Special hash function for identifier reps.
+        (KJS::IdentifierRepHash::equal): ditto
+        (KJS::SymbolTableIndexHashTraits::emptyValue): Special HashTraits for the index value.
+        (KJS::SymbolTable): change to a typedef for a HashMap.
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot): Adjusted for new SymbolTable API.
+        (KJS::ActivationImp::deleteProperty): ditto
+        (KJS::ActivationImp::put): ditto
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::initializesymbolTable): Adjusted, since
+        you now have to store a UString::rep, not an identifier.
+
+2007-10-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - numerous HashTable performance improvements
+        
+        This does not quite add up to a measurable win on SunSpider, but it allows a
+        follow-on > 3% improvement and probably helps WebCore too.
+        
+        I made the following improvements, among others:
+        
+        - Made HashFunctions note whether it is ok to compare a real value with the equal() function
+        to the empty or deleted value, and used this to optimize the comparisons done in hash lookup.
+        
+        - Specialized lookup so it doesn't have to do so many extra branches and build so many extra
+        std::pairs for cases that don't need them. There are now four versions, one for read-only access,
+        two for writing, and one folded directly into add() (these all were improvments).
+        
+        - Made HashMap::get() use lookup() directly instead of find() to avoid having to build iterators.
+        
+        - Made a special constructor for iterators that knows it points to
+        a valid filled cell and so skips updating itself.
+
+        - Reordered memory accesses in the various lookup functions for better code generation
+        
+        - Made simple translators avoid passing a hash code around
+        
+        - Other minor tweaks
+        
+        * wtf/HashTable.h:
+        (WTF::):
+        (WTF::HashTableConstIterator::HashTableConstIterator):
+        (WTF::HashTableIterator::HashTableIterator):
+        (WTF::IdentityHashTranslator::translate):
+        (WTF::HashTable::end):
+        (WTF::HashTable::lookup):
+        (WTF::HashTable::lookupForWriting):
+        (WTF::HashTable::makeKnownGoodIterator):
+        (WTF::HashTable::makeKnownGoodConstIterator):
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+        (WTF::::addPassingHashCode):
+        (WTF::::reinsert):
+        (WTF::::find):
+        (WTF::::contains):
+        * kjs/identifier.cpp:
+        (WTF::):
+        * wtf/HashFunctions.h:
+        (WTF::):
+        * wtf/HashMap.h:
+        (WTF::):
+        (WTF::::get):
+        * wtf/HashSet.h:
+        (WTF::):
+        (WTF::::add):
+        * wtf/ListHashSet.h:
+        (WTF::ListHashSetTranslator::translate):
+
+2007-10-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - fix ASCIICType.h for some Windows compiles
+
+        * wtf/ASCIICType.h: Check the compiler, not the OS, since it's the
+        compiler/library that has the wchar_t that is just a typedef.
+
+2007-10-27  Kevin McCullough  <kmccullough@apple.com>
+
+        - BuildFix
+        - Forgot to change the build step when I changed the filename.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-10-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed the rest of "ASSERTION FAILED: _hash in KJS::UString::Rep::
+        computedHash()"
+        http://bugs.webkit.org/show_bug.cgi?id=15718
+
+        * kjs/identifier.cpp: Fixed more cases where an Identifier didn't get a 
+        hash value. Also changed O(n) strlen to O(1) check for empty string.
+        (KJS::Identifier::add):
+
+        * kjs/ustring.cpp: Changed O(n) strlens to O(1) checks for empty string.
+        (KJS::UString::UString):
+        (KJS::UString::operator=):
+
+2007-10-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - fix pow on Windows
+
+        * wtf/MathExtras.h: (wtf_pow): Add a special case for MSVC, which has
+        a "pow" function that does not properly handle the case where arg1 is
+        NaN and arg2 is 0.
+
+        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Don't explicity
+        specify "::pow" -- just "pow" is fine.
+
+2007-10-27  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15711
+          force JSImmediate to be inlined for roughly 1.2% SunSpider speedup
+
+        * kjs/JSImmediate.h: Put ALWAYS_INLINE on everything.
+
+        * kjs/object.h: Removed redundant includes.
+        * kjs/value.h: Ditto.
+
+2007-10-27  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+        
+        - fixed "ASSERTION FAILED: _hash in KJS::UString::Rep::computedHash()"
+        http://bugs.webkit.org/show_bug.cgi?id=15718
+
+        * kjs/identifier.cpp:
+        (KJS::Identifier::addSlowCase): Ensure that empty Identifiers have a hash computed,
+        now that we count on all Identifiers already having one.
+
+2007-10-27  Mark Rowe  <mrowe@apple.com>
+
+        Silence a warning.
+
+        * kjs/SymbolTable.h:
+
+2007-10-27  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/function.h:
+
+2007-10-26  Kevin McCullough  <kmccullough@apple.com>
+
+       Rubber stamp by Adam. 
+
+        - Renamed JSStringRefCOM to JSStringRefBSTR since it he only thing the
+        files contain are functions that operate on BSTRs.
+
+        * API/JSStringRefBSTR.cpp: Copied from API/JSStringRefCOM.cpp.
+        * API/JSStringRefBSTR.h: Copied from API/JSStringRefCOM.h.
+        * API/JSStringRefCOM.cpp: Removed.
+        * API/JSStringRefCOM.h: Removed.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-10-26  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Adam.
+
+        - Made JSStringCreateWithBSTR capable of handling null BSTRs.
+
+        * API/JSStringRefCOM.cpp:
+        (JSStringCreateWithBSTR):
+
+2007-10-26  Sam Weinig  <sam@webkit.org>
+
+        Windows build fix.
+
+        * kjs/SymbolTable.h: Add header gaurd.
+        * kjs/nodes.h: #include "SymbolTable.h"
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Suggested by Anders Carlsson.
+        
+        Fixed tyop.
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot):
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Suggested by Darin Adler.
+        
+        Use computedHash(), which is safer than just directly accessing _hash.
+
+        * kjs/lookup.cpp:
+        (KJS::Lookup::findEntry):
+        (KJS::Lookup::find):
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: svn add SymbolTable.h
+
+        * kjs/SymbolTable.h: Added.
+        (KJS::SymbolTable::set):
+        (KJS::SymbolTable::get):
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix: export SymbolTable.h to WebCore.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Comment tweak suggested by Maciej.
+
+        * kjs/function.cpp:
+        (KJS::ActivationImp::getOwnPropertySlot):
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Tweaked property maps to remove 2 branches. 2.5% speedup on SunSpider.
+
+        * kjs/property_map.cpp: Use a special no branch accessor to the UString's
+        hash value. Also, return immediately instead of branching to the end
+        of the loop if the value is not found.
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::checkConsistency):
+
+        * kjs/ustring.h:
+        (KJS::UString::Rep::computedHash): Special no branch accessor to the
+        UString's hash value. Used when the caller knows that the hash value
+        has already been computed. (For example, if the caller got the UString
+        from an Identifier.)
+
+2007-10-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Switched ActivationImp to using a symbol table. For now, though, all
+        clients take the slow path.
+        
+        Net .6% speedup on SunSpider.
+        
+        Slowdowns:
+            - ActivationImp now mallocs in its constructor
+            - Local variable hits use an extra level of indirection to retrieve 
+            data
+            - Local variable misses do two lookups
+
+        Speedups:
+            - Fast initialization of local variables upon function entry
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added SymbolTable.h
+        
+        * kjs/function.cpp:
+        (KJS::ActivationImp::ActivationImp): Malloc a private structure to hold
+        data that won't fit in a JSCell.
+        (KJS::ActivationImp::argumentsGetter): Use slow symbol table path for 
+        lookup.
+        (KJS::ActivationImp::getOwnPropertySlot): ditto
+        (KJS::ActivationImp::deleteProperty): ditto
+        (KJS::ActivationImp::put): ditto
+        (KJS::ActivationImp::createArgumentsObject): ditto
+
+        (KJS::ActivationImp::mark): Call JSObject::mark first so that one of
+        our properties doesn't try to recursively mark us. (This caused a crash
+        in earlier testing. Not sure why we haven't run into it before.)
+
+        * kjs/nodes.cpp: Functions now build a symbol table the first time 
+        they're called.
+        (KJS::VarDeclNode::evaluate):
+        (KJS::FunctionBodyNode::FunctionBodyNode):
+        (KJS::FunctionBodyNode::initializeSymbolTable):
+        (KJS::FunctionBodyNode::processDeclarations):
+        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
+        (KJS::FunctionBodyNode::processDeclarationsForProgramCode):
+
+        * kjs/nodes.h:
+        (KJS::FunctionBodyNode::symbolTable):
+
+        * wtf/Forward.h: Added Vector.
+
+2007-10-26  Kevin McCullough  <kmccullough@apple.com>
+
+        - Corrected function name mistake in this changelog.
+
+2007-10-26  Kevin McCullough  <kmccullough@apple.com>
+        Reviewed by Sam and Steve.
+
+        - Added convenience methods for converting between BSTR and JSStringRefs
+
+        * API/JSStringRefCOM.cpp: Added.
+        (JSStringCreateWithBSTR):
+        (JSStringCopyBSTR):
+        * API/JSStringRefCOM.h: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-10-26  Mark Rowe  <mrowe@apple.com>
+
+        Windows build fix.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+
+2007-10-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Make the JSC GC use a separate heap for JSNumbers to get a 0.7-1.4% progression in SunSpider.
+
+        * kjs/CollectorHeapIntrospector.cpp:
+        (KJS::CollectorHeapIntrospector::init):
+        (KJS::CollectorHeapIntrospector::enumerate):
+        * kjs/CollectorHeapIntrospector.h:
+        * kjs/collector.cpp:
+        (KJS::Collector::recordExtraCost):
+        (KJS::Collector::heapAllocate):
+        (KJS::Collector::allocate):
+        (KJS::Collector::allocateNumber):
+        (KJS::Collector::registerThread):
+        (KJS::Collector::markStackObjectsConservatively):
+        (KJS::Collector::markMainThreadOnlyObjects):
+        (KJS::Collector::sweep):
+        (KJS::Collector::collect):
+        * kjs/collector.h:
+        * kjs/internal.h:
+        (KJS::NumberImp::operator new):
+          Force numbers to be allocated in the secondary heap.
+
+2007-10-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - encourage GCC a little harder to inline a few hot functions for 1.5% improvement on SunSpider.
+
+        * kjs/value.h:
+        (KJS::JSValue::getUInt32):
+        (KJS::JSValue::getTruncatedInt32):
+        (KJS::JSValue::toNumber):
+        * wtf/PassRefPtr.h:
+        (WTF::PassRefPtr::~PassRefPtr):
+        * wtf/RefPtr.h:
+        (WTF::RefPtr::operator->):
+
+2007-10-26  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/ExecState.h:
+
+2007-10-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark.
+
+        - Merge Context class fully into ExecState, since they are always created and used together.
+
+        No measurable performance impact but this is a useful cleanup.
+
+        * JavaScriptCore.pri:
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::ExecState):
+        (KJS::ExecState::~ExecState):
+        (KJS::ExecState::mark):
+        (KJS::ExecState::lexicalInterpreter):
+        * kjs/ExecState.h:
+        (KJS::ExecState::dynamicInterpreter):
+        (KJS::ExecState::setException):
+        (KJS::ExecState::clearException):
+        (KJS::ExecState::exception):
+        (KJS::ExecState::exceptionSlot):
+        (KJS::ExecState::hadException):
+        (KJS::ExecState::scopeChain):
+        (KJS::ExecState::callingExecState):
+        (KJS::ExecState::propertyNames):
+        * kjs/collector.cpp:
+        (KJS::Collector::reportOutOfMemoryToAllInterpreters):
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::argumentsGetter):
+        (KJS::FunctionImp::callerGetter):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::Interpreter):
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::evaluate):
+        (KJS::Interpreter::mark):
+        * kjs/interpreter.h:
+        (KJS::Interpreter::setCurrentExec):
+        (KJS::Interpreter::currentExec):
+        * kjs/nodes.cpp:
+        (KJS::currentSourceId):
+        (KJS::currentSourceURL):
+        (KJS::ThisNode::evaluate):
+        (KJS::ResolveNode::evaluate):
+        (KJS::FunctionCallResolveNode::evaluate):
+        (KJS::PostfixResolveNode::evaluate):
+        (KJS::DeleteResolveNode::evaluate):
+        (KJS::TypeOfResolveNode::evaluate):
+        (KJS::PrefixResolveNode::evaluate):
+        (KJS::AssignResolveNode::evaluate):
+        (KJS::VarDeclNode::evaluate):
+        (KJS::DoWhileNode::execute):
+        (KJS::WhileNode::execute):
+        (KJS::ForNode::execute):
+        (KJS::ForInNode::execute):
+        (KJS::ContinueNode::execute):
+        (KJS::BreakNode::execute):
+        (KJS::ReturnNode::execute):
+        (KJS::WithNode::execute):
+        (KJS::SwitchNode::execute):
+        (KJS::LabelNode::execute):
+        (KJS::TryNode::execute):
+        (KJS::FunctionBodyNode::processDeclarationsFunctionCode):
+        (KJS::FunctionBodyNode::processDeclarationsProgramCode):
+        (KJS::FunctionBodyNode::processDeclarations):
+        (KJS::FuncDeclNode::makeFunction):
+        (KJS::FuncExprNode::evaluate):
+
+2007-10-26  Mark Rowe  <mrowe@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-10-26  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * JavaScriptCore.pri:
+        * kjs/ExecState.cpp:
+
+2007-10-26  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - moved Context class into ExecState.{h,cpp} in preparation for merging 
+        ExecState and Context classes.
+
+        * kjs/ExecState.h: Moved CodeType enum and Context class here in
+        preparation for merging ExecState and Context.
+        * kjs/ExecState.cpp: Moved Context class here from Context.cpp.
+        (KJS::Context::Context):
+        (KJS::Context::~Context):
+        (KJS::Context::mark):
+        * kjs/context.h: Removed.
+        * kjs/Context.cpp: Removed.
+        * kjs/function.h: Removed CodeType enum.
+        * kjs/LabelStack.h: Added. Pulled LabelStack class out of internal.h.
+        * kjs/internal.h: Removed LabelStack.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added new file, removed ones that are gone.
+        * kjs/collector.cpp: Fixed includes.
+        * kjs/function.cpp: ditto
+        * kjs/internal.cpp: ditto
+        * kjs/interpreter.cpp: ditto
+        * kjs/lookup.h: ditto
+        * kjs/nodes.cpp: ditto
+
+2007-10-26  Mark Rowe  <mrowe@apple.com>
+
+        Windows build fix.
+
+        * kjs/string_object.cpp:
+        (KJS::StringObjectFuncImp::callAsFunction):
+
+2007-10-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15703
+          fix numeric functions -- improve correctness and speed
+
+        Gives about 1% gain on SunSpider.
+
+        * kjs/value.h: Added toIntegerPreserveNan, removed toUInt16.
+        (KJS::JSValue::toInt32): Changed to call getTruncatedInt32 in a way that works
+        with both immediate and number values.
+        (KJS::JSValue::toUInt32): Ditto.
+        * kjs/value.cpp:
+        (KJS::JSValue::toInteger): Moved the logic from roundValue here, with a couple
+        differences. One is that it now correctly returns 0 for NaN, and another is that
+        there's no special case for 0 or infinity, since the general case already handles
+        those correctly.
+        (KJS::JSValue::toIntegerPreserveNaN): Added. Like toInteger, but without the
+        check for NaN.
+        (KJS::JSValue::toInt32SlowCase): Call toNumber instead of roundValue. The
+        truncation done by the typecast already does the necessary truncation that
+        roundValue was doing.
+        (KJS::JSValue::toUInt32SlowCase): Ditto.
+        (KJS::JSValue::toUInt16): Removed.
+
+        * kjs/internal.h: Removed roundValue.
+        * kjs/internal.cpp: Ditto.
+
+        * kjs/array_object.cpp: (KJS::ArrayProtoFunc::callAsFunction): Remove unneeded
+        code to handle NaN in Array.slice; toInteger now never returns NaN as specified.
+
+        * kjs/date_object.cpp:
+        (KJS::fillStructuresUsingTimeArgs): Replaced call to roundValue with a call to
+        toNumber as specified.
+        (KJS::DateProtoFunc::callAsFunction): In SetTime case, replaced call to roundValue
+        with a call to toNumber and timeClip as specified.
+        (KJS::DateObjectImp::construct): Removed unnecessary checks of numArgs in cases
+        where the default behavior of toInt32 (returning 0) was already correct. Replaced
+        call to roundValue with a call to toNumber as specified.
+        (KJS::DateObjectFuncImp::callAsFunction): Ditto.
+
+        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Removed unnecessary special
+        cases for the pow function that the library already handles correctly.
+
+        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction): Changed ToString to
+        call toIntegerPreserveNaN, so we can continue to handle the NaN case differently.
+        The real toInteger now returns 0 for NaN. Took out unneeded special case in
+        ToFixed for undefined; was only needed because our toInteger was wrong. Same
+        thing in ToExponential. Changed ToPrecision to call toIntegerPreserveNaN.
+
+        * kjs/string_object.cpp:
+        (KJS::StringProtoFunc::callAsFunction): Took out CharAt and CharCodeAt special
+        cases for undefined that were only needed because toInteger was wrong. Same in
+        IndexOf, and was able to remove some special cases. In LastIndexOf, used
+        toIntegerPreserveNaN, but was able to remove some special cases there too.
+        Changed Substr implementation to preserve correct behavior with the change
+        to toInteger and match the specification. Also made sure we weren't converting
+        an out of range double to an int.
+        (KJS::StringObjectFuncImp::callAsFunction): Changed constructor to just use
+        toUInt32, because truncating toUInt32 to 16 bits is the same thing and there's
+        no reason to have toUInt16 as a second, less-optimized function that's only
+        called at this one call site.
+
+        * wtf/MathExtras.h: Added trunc function for Windows.
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Tweaked the inner hashtable lookup loop to remove a branch in the "not 
+        found" case. .5% speedup on SunSpider.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+
+2007-10-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+
+        - fold together toPrimitive() and toNumber() conversions for 0.5% gain on SunSpider
+
+        * kjs/nodes.cpp:
+        (KJS::SubNode::evaluate): Subtract directly, since toPrimitive() is not
+        adding any value over toNumber() here.
+        (KJS::valueForReadModifyAssignment): Ditto.
+        (KJS::lessThan): Use new getPrimitiveNumber() method to avoid some virtual calls
+        and branches.
+        (KJS::lessThanEq): Ditto.
+        * JavaScriptCore.exp: Export new functions as needed.
+        * kjs/value.h:
+        (KJS::JSValue::toPrimitive): Fixed formatting.
+        (KJS::JSValue::getPrimitiveNumber): New method - this simultaneously converts
+        to number and tells you whether a toPrimitive() conversion with a Number hint
+        would have given a string.
+        * kjs/internal.cpp:
+        (KJS::StringImp::getPrimitiveNumber): Implemented. 
+        (KJS::NumberImp::getPrimitiveNumber): ditto
+        (KJS::GetterSetterImp::getPrimitiveNumber): ditto
+        (KJS::StringImp::toPrimitive): Fixed formatting.
+        (KJS::NumberImp::toPrimitive): ditto
+        (KJS::GetterSetterImp::toPrimitive): ditto
+        * kjs/internal.h:
+        * kjs/object.cpp:
+        (KJS::JSObject::getPrimitiveNumber): Implemented.
+        * kjs/object.h:
+
+2007-10-25  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Remove JSStringRefCFHack from windows as it is no longer needed.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Rolled out my last patch. It turns out that I needed 2 words, not 1,
+        so it didn't help.
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15694
+        Shrink the size of an activation object by 1 word
+        
+        This is in preparation for adding a symbol table to the activation 
+        object.
+        
+        The basic strategy here is to rely on the mutual exclusion between
+        the arguments object pointer and the function pointer (you only need
+        the latter in order to create the former), and store them in the same 
+        place. The LazyArgumentsObject class encapsulates this strategy.
+        
+        Also inlined the ArgumentsImp constructor, for good measure.
+        
+        SunSpider reports no regression. Regression tests pass.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/Context.cpp:
+        (KJS::Context::~Context):
+        * kjs/function.cpp:
+        (KJS::ActivationImp::LazyArgumentsObject::createArgumentsObject):
+        (KJS::ActivationImp::LazyArgumentsObject::mark):
+        (KJS::ActivationImp::argumentsGetter):
+        (KJS::ActivationImp::mark):
+        * kjs/function.h:
+        (KJS::ActivationImp::LazyArgumentsObject::LazyArgumentsObject):
+        (KJS::ActivationImp::LazyArgumentsObject::getOrCreate):
+        (KJS::ActivationImp::LazyArgumentsObject::resetArguments):
+        (KJS::ActivationImp::LazyArgumentsObject::setArgumentsObject):
+        (KJS::ActivationImp::LazyArgumentsObject::argumentsObject):
+        (KJS::ActivationImp::LazyArgumentsObject::setFunction):
+        (KJS::ActivationImp::LazyArgumentsObject::function):
+        (KJS::ActivationImp::LazyArgumentsObject::createdArgumentsObject):
+        (KJS::ActivationImp::LazyArgumentsObject::):
+        (KJS::ActivationImp::ActivationImp::ActivationImp):
+        (KJS::ActivationImp::resetArguments):
+
+2007-10-25  Adam Roben  <aroben@apple.com>
+
+        Change JavaScriptCore.vcproj to use DerivedSources.make
+
+        We were trying to emulate the logic of make in
+        build-generated-files.sh, but we got it wrong. We now use a
+        build-generated-files very much like the one that WebCore uses to
+        invoke make.
+
+        We also now only have a Debug configuration of dftables which we build
+        even when doing a Release build of JavaScriptCore. dftables also no
+        longer has the "_debug" name suffix.
+
+        Changes mostly made by Darin, reviewed by me.
+
+        * DerivedSources.make: Add a variable to set the extension used for
+        the dftables executable.
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Updated to use Debug
+        dftables in Release configurations.
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Ditto.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+           - Updated include path to point to the new location of the derived
+             sources.
+           - Modified pre-build event to pass the right arguments to
+             build-generated-files.sh and not call dftables directly.
+           - Added the derived source files to the project.
+           - Removed grammarWrapper.cpp, which isn't needed now that we're
+             compiling grammar.cpp directly.
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+        Slightly modified from the WebCore version.
+        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Removed.
+        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
+            - Changed the output location to match Mac.
+            - Removed the Release configuration.
+            - Removed the _debug suffix.
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Eric Seidel.
+        
+        Slightly elaborated the differences between declaration procesing in 
+        Function Code and Program Code.
+        
+        .3% speedup on SunSpider.
+
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::processDeclarationsFunctionCode): 
+        (KJS::FunctionBodyNode::processDeclarationsProgramCode): Store a 
+        minimum set of attributes instead of recomputing all the time. Also,
+        ignore m_parameters, since programs don't have arguments.
+
+2007-10-25  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        More preparation work before adding long-running mode to testkjs.
+
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+        (prettyPrintScript):
+        (runWithScripts):
+        (parseArguments):
+        (kjsmain):
+        (fillBufferWithContentsOfFile):
+
+2007-10-25  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        Bring testkjs code out of the dark ages in preparation for more
+        radical improvements (like long-running testing support!)
+
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction):
+        (setupInterpreter):
+        (doIt):
+        (fillBufferWithContentsOfFile):
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Make a fast path for declaration processing inside Function Code.
+        
+        Lifted declaration processing code up from individual declaration nodes
+        and into processDeclarations.
+        
+        Broke out processDeclarations into two cases, depending on the type of 
+        code. This eliminates 2 branches, and facilitates more radical 
+        divergeance in the future.
+        
+        2.5% SunSpider speedup.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/nodes.cpp:
+        (KJS::FunctionBodyNode::initializeDeclarationStacks):
+        (KJS::FunctionBodyNode::processDeclarationsFunctionCode):
+        (KJS::FunctionBodyNode::processDeclarationsProgramCode):
+        (KJS::FunctionBodyNode::execute):
+        (KJS::FuncDeclNode::makeFunction):
+        * kjs/nodes.h:
+
+2007-10-25  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adam.
+        
+        - add header includes needed on platforms that don't use AllInOneFile.cpp
+
+        * API/JSCallbackObject.cpp:
+        * kjs/Context.cpp:
+        * kjs/ExecState.cpp:
+        * kjs/array_instance.cpp:
+        * kjs/function_object.cpp:
+        * kjs/interpreter.cpp:
+        * kjs/nodes.cpp:
+
+2007-10-25  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Geoff.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: re-mark JSGlobalObject.h as private
+
+2007-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15683
+        Re-order declaration initialization to avoid calling hasProperty inside
+        VarDeclNode::processDeclaration
+        
+        .7% speedup on SunSpider.
+
+        * kjs/function.h:
+        * kjs/function.cpp: Merged parameter processing into FunctionBodyNode's
+        other processing of declared symbols, so the order of execution could 
+        change.
+
+        * kjs/nodes.cpp:
+        (KJS::VarDeclNode::getDeclarations): Added special case for the 
+        "arguments" property name, explained in the comment.
+
+        (KJS::VarDeclNode::processDeclaration): Removed call to hasProperty
+        in the case of function code, since we know the declared symbol
+        management will resolve conflicts between symbols. Yay!
+
+        (KJS::VarDeclListNode::getDeclarations): Now that VarDeclNode's 
+        implementation of getDeclarations is non-trivial, we can't take a 
+        short-cut here any longer -- we need to put the VarDecl node on the 
+        stack so it gets processed normally.
+
+        (KJS::FunctionBodyNode::processDeclarations): Changed the order of 
+        processing to enforce mutual exclusion rules.
+
+        * kjs/nodes.h:
+        (KJS::DeclarationStacks::DeclarationStacks): Structure includes an 
+        ExecState now, for fast access to the "arguments" property name.
+
+2007-10-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        Add a JSGlobalObject class and remove the InterpreterMap
+        http://bugs.webkit.org/show_bug.cgi?id=15681
+        
+        This required making JSCallbackObject a template class to allow for
+        JSGlobalObjects with JSCallbackObject functionality.
+        
+        SunSpider claims this was a 0.5% speedup.
+
+        * API/JSCallbackObject.cpp:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h: Copied from API/JSCallbackObject.cpp.
+        (KJS::::JSCallbackObject):
+        (KJS::::init):
+        (KJS::::~JSCallbackObject):
+        (KJS::::initializeIfNeeded):
+        (KJS::::className):
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::implementsConstruct):
+        (KJS::::construct):
+        (KJS::::implementsHasInstance):
+        (KJS::::hasInstance):
+        (KJS::::implementsCall):
+        (KJS::::callAsFunction):
+        (KJS::::getPropertyNames):
+        (KJS::::toNumber):
+        (KJS::::toString):
+        (KJS::::setPrivate):
+        (KJS::::getPrivate):
+        (KJS::::inherits):
+        (KJS::::cachedValueGetter):
+        (KJS::::staticValueGetter):
+        (KJS::::staticFunctionGetter):
+        (KJS::::callbackGetter):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        * API/JSValueRef.cpp:
+        (JSValueIsObjectOfClass):
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bindings/c/c_utility.cpp:
+        (KJS::Bindings::convertValueToNPVariant):
+        * bindings/jni/jni_jsobject.cpp:
+        * bindings/objc/objc_utility.mm:
+        (KJS::Bindings::convertValueToObjcValue):
+        * kjs/Context.cpp:
+        (KJS::Context::Context):
+        * kjs/ExecState.cpp:
+        (KJS::ExecState::lexicalInterpreter):
+        * kjs/JSGlobalObject.h: Added.
+        (KJS::JSGlobalObject::JSGlobalObject):
+        (KJS::JSGlobalObject::isGlobalObject):
+        (KJS::JSGlobalObject::interpreter):
+        (KJS::JSGlobalObject::setInterpreter):
+        * kjs/array_instance.cpp:
+        * kjs/context.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::Interpreter):
+        (KJS::Interpreter::init):
+        (KJS::Interpreter::~Interpreter):
+        (KJS::Interpreter::globalObject):
+        (KJS::Interpreter::initGlobalObject):
+        (KJS::Interpreter::evaluate):
+        * kjs/interpreter.h:
+        * kjs/lookup.h:
+        (KJS::cacheGlobalObject):
+        * kjs/object.h:
+        (KJS::JSObject::isGlobalObject):
+        * kjs/testkjs.cpp:
+
+2007-10-24  Eric Seidel  <eric@webkit.org>
+
+        Build fix for Gtk, no review.
+
+        * kjs/collector.cpp: #include "context.h"
+
+2007-10-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Maciej.
+        
+        Stop checking isOutOfMemory after every allocation, instead let the collector
+        notify all ExecStates if we ever hit this rare condition.
+        
+        SunSpider claims this was a 2.2% speedup.
+
+        * kjs/collector.cpp:
+        (KJS::Collector::collect):
+        (KJS::Collector::reportOutOfMemoryToAllInterpreters):
+        * kjs/collector.h:
+        * kjs/nodes.cpp:
+        (KJS::TryNode::execute):
+
+2007-10-24  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/identifier.h:  Remove extra qualification.
+
+2007-10-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Disable ALWAYS_INLINE in debug builds, since it drives the debugger
+        crazy.
+
+        * wtf/AlwaysInline.h:
+
+2007-10-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Inlined the fast path for creating an Identifier from an Identifier. 
+        
+        This is a .4% speedup on SunSpider overall, but as big as a 2.5% 
+        speedup on certain individual tests. 65% of the Identifiers creating 
+        by SunSpider are already Identifiers.
+        
+        (The main reason I'm making this change is that it resolves a large
+        regression in a patch I haven't checked in yet.)
+
+        * JavaScriptCore.exp:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::addSlowCase):
+        * kjs/identifier.h:
+        (KJS::Identifier::Identifier::add):
+
+2007-10-24  Lars Knoll  <lars@trolltech.com>
+
+        Reviewed by Simon.
+
+        some changes to the way JS values are converted to Qt values in the script bindings. Added support for converting JS arrays into QStringList's.
+
+        * bindings/qt/qt_instance.cpp:
+        (KJS::Bindings::QtInstance::invokeMethod):
+        * bindings/qt/qt_runtime.cpp:
+        (KJS::Bindings::convertValueToQVariant):
+        (KJS::Bindings::QtField::setValueToInstance):
+
+2007-10-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin.
+
+        Remove old relation method, replace with specialised LessThan and lessThenEq functions for a 0.5-0.6% improvement in SunSpider
+
+        * kjs/nodes.cpp:
+        (KJS::lessThan):
+        (KJS::lessThanEq):
+        (KJS::LessNode::evaluate):
+        (KJS::GreaterNode::evaluate):
+        (KJS::LessEqNode::evaluate):
+        (KJS::GreaterEqNode::evaluate):
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+
+2007-10-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+
+        * kjs/nodes.h:
+        (KJS::ImmediateNumberNode::): Fix ASSERT correctness (and debug build!)
+
+2007-10-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        * kjs/object.cpp: (KJS::JSObject::defaultValue): Get rid of a little
+        Identifier ref/deref for what SunSpider claims is a 0.4% speedup.
+
+2007-10-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - separate out the code to create a hash table the first time from the code
+          to rehash
+
+        SunSpider claims this was a 0.7% speedup.
+
+        * kjs/property_map.cpp:
+        (KJS::PropertyMap::expand): Changed to call either createTable or rehash.
+        (KJS::PropertyMap::createTable): Added. For the case where we had no table.
+        (KJS::PropertyMap::rehash): Removed code needed only in the case where we
+        had no table.
+        * kjs/property_map.h: Added createTable.
+
+2007-10-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by darin.
+        
+        Add ImmediateNumberNode to hold a JSValue* instead of a double for numbers
+        which can be represented by JSImmediate.
+        
+        SunSpider claims this was a 0.6% speedup.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::NumberNode::evaluate):
+        (KJS::ImmediateNumberNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::Node::):
+        (KJS::ImmediateNumberNode::):
+        * kjs/nodes2string.cpp:
+        (ImmediateNumberNode::streamTo):
+
+2007-10-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15657
+          change static hash tables to use powers of two for speed
+
+        Seems to give 0.7% SunSpider speedup.
+
+        * kjs/create_hash_table: Updated to generate new format.
+        * kjs/lookup.cpp:
+        (KJS::keysMatch): Took out unneeded typecast.
+        (KJS::findEntry): Updated to expect table type 3 -- changed the printf to a plain old assert.
+        Replaced the modulus with a bit mask.
+        (KJS::Lookup::findEntry): Get the hash directly, since we know identifiers already have computed
+        their hash -- saves a branch.
+        (KJS::Lookup::find): Ditto.
+        * kjs/lookup.h: Changed attr from 2-byte value to one-byte value. Replaced hashSize with hashSizeMask.
+
+2007-10-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+        
+        - remove KJS_CHECKEXCEPTIONs in places where exceptions can't happen for 0.6% SunSpider speedup
+
+        * kjs/nodes.cpp:
+        (KJS::DoWhileNode::execute):
+        (KJS::WhileNode::execute):
+        (KJS::ForNode::execute):
+        (KJS::ForInNode::execute):
+        (KJS::SourceElementsNode::execute):
+
+2007-10-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        * kjs/JSImmediate.h: (KJS::JSImmediate::getUInt32):
+        Changed an && to an & for a 1% gain in SunSpider.
+
+2007-10-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Reduce branching in implementations of some operator implementations, yielding 1.3% boost to SunSpider.
+
+        * kjs/nodes.cpp:
+        (KJS::MultNode::evaluate):
+        (KJS::DivNode::evaluate):
+        (KJS::ModNode::evaluate):
+        (KJS::add):
+        (KJS::sub):
+        (KJS::AddNode::evaluate):
+        (KJS::SubNode::evaluate):
+        (KJS::valueForReadModifyAssignment):
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+
+2007-10-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej.
+
+        Separating all of the simple (eg. non-read-modify-write) binary operators
+        into separate classes in preparation for further JS optimisations.
+        
+        Happily this produces a 0.8% to 1.0% performance increase in SunSpider with
+        no further work.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::MultNode::evaluate):
+        (KJS::DivNode::evaluate):
+        (KJS::ModNode::evaluate):
+        (KJS::AddNode::evaluate):
+        (KJS::SubNode::evaluate):
+        (KJS::LeftShiftNode::evaluate):
+        (KJS::RightShiftNode::evaluate):
+        (KJS::UnsignedRightShiftNode::evaluate):
+        (KJS::LessNode::evaluate):
+        (KJS::GreaterNode::evaluate):
+        (KJS::LessEqNode::evaluate):
+        (KJS::GreaterEqNode::evaluate):
+        (KJS::InstanceOfNode::evaluate):
+        (KJS::InNode::evaluate):
+        (KJS::EqualNode::evaluate):
+        (KJS::NotEqualNode::evaluate):
+        (KJS::StrictEqualNode::evaluate):
+        (KJS::NotStrictEqualNode::evaluate):
+        (KJS::BitAndNode::evaluate):
+        (KJS::BitXOrNode::evaluate):
+        (KJS::BitOrNode::evaluate):
+        (KJS::LogicalAndNode::evaluate):
+        (KJS::LogicalOrNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::MultNode::):
+        (KJS::DivNode::):
+        (KJS::ModNode::):
+        (KJS::AddNode::):
+        (KJS::SubNode::):
+        (KJS::LeftShiftNode::):
+        (KJS::RightShiftNode::):
+        (KJS::UnsignedRightShiftNode::):
+        (KJS::LessNode::):
+        (KJS::GreaterNode::):
+        (KJS::LessEqNode::):
+        (KJS::GreaterEqNode::):
+        (KJS::InstanceOfNode::):
+        (KJS::InNode::):
+        (KJS::EqualNode::):
+        (KJS::NotEqualNode::):
+        (KJS::StrictEqualNode::):
+        (KJS::NotStrictEqualNode::):
+        (KJS::BitAndNode::):
+        (KJS::BitOrNode::):
+        (KJS::BitXOrNode::):
+        (KJS::LogicalAndNode::):
+        (KJS::LogicalOrNode::):
+        * kjs/nodes2string.cpp:
+        (MultNode::streamTo):
+        (DivNode::streamTo):
+        (ModNode::streamTo):
+        (AddNode::streamTo):
+        (SubNode::streamTo):
+        (LeftShiftNode::streamTo):
+        (RightShiftNode::streamTo):
+        (UnsignedRightShiftNode::streamTo):
+        (LessNode::streamTo):
+        (GreaterNode::streamTo):
+        (LessEqNode::streamTo):
+        (GreaterEqNode::streamTo):
+        (InstanceOfNode::streamTo):
+        (InNode::streamTo):
+        (EqualNode::streamTo):
+        (NotEqualNode::streamTo):
+        (StrictEqualNode::streamTo):
+        (NotStrictEqualNode::streamTo):
+        (BitAndNode::streamTo):
+        (BitXOrNode::streamTo):
+        (BitOrNode::streamTo):
+        (LogicalAndNode::streamTo):
+
+2007-10-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15639
+          fix Math.abs(0), Math.ceil(-0), and Math.floor(-0)
+
+        Test: fast/js/math.html
+
+        * kjs/math_object.cpp: (MathFuncImp::callAsFunction):
+        Fix abs to look at the sign bit. Add a special case for values in the range
+        between -0 and -1 and a special case for ceil and for -0 for floor.
+
+2007-10-23  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric.
+
+        - streamline exception handling code for a >1% speed-up of SunSpider
+
+        * kjs/nodes.cpp: Changed macros to use functions for everything that's not
+        part of normal execution. We'll take function call overhead when propagating
+        an exception or out of memory.
+        (KJS::createOutOfMemoryCompletion): Added.
+        (KJS::substitute): Use append instead of the relatively inefficient + operator.
+        (KJS::Node::rethrowException): Added.
+        * kjs/nodes.h: Added rethrowException.
+
+2007-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15636
+          some JavaScriptCore regression tests are failing due to numeric conversion
+
+        This should restore correctness and make speed better too, restoring some
+        of the optimization we lost in my last check-in.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::getTruncatedInt32): Added. Uses the range checking idiom
+        I used in my patch yesterday.
+        (KJS::JSImmediate::getTruncatedUInt32): Ditto.
+
+        * kjs/internal.h: Removed getInt32 and added getTruncatedInt/UInt32.
+        * kjs/internal.cpp:
+        (KJS::NumberImp::getUInt32): Changed to always use double, since I can't find
+        a way to write this more efficiently for float.
+        (KJS::NumberImp::getTruncatedInt32): Added.
+        (KJS::NumberImp::getTruncatedUInt32): Added.
+
+        * kjs/value.h: Removed getInt32 and added getTruncatedInt/UInt32.
+        (KJS::JSValue::getUInt32):
+        (KJS::JSValue::getTruncatedInt32): Added.
+        (KJS::JSValue::getTruncatedUInt32): Added.
+        (KJS::JSValue::toInt32): Changed getInt32 call to getTruncatedInt32.
+        (KJS::JSValue::toUInt32): Changed getUInt32 call to getTruncatedUInt32.
+        * kjs/value.cpp:
+        (KJS::JSCell::getTruncatedInt32): Added.
+        (KJS::JSCell::getTruncatedUInt32): Added.
+        (KJS::JSValue::toInteger): Changed getUInt32 call to getTruncatedInt32.
+        (KJS::JSValue::toInt32SlowCase): Removed extra getInt32 call I accidentally
+        had left in here.
+        (KJS::JSValue::toUInt32SlowCase): Ditto.
+        (KJS::JSValue::toUInt16): Changed getUInt32 call to getTruncatedUInt32.
+
+        * JavaScriptCore.exp: Updated.
+
+2007-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15632
+          js1_5/Array/array-001.js test failing
+
+        One of the JavaScriptCore tests was failing; it failed because of
+        my change to NumberImp::getUInt32. The incorrect code I copied was
+        from JSImmediate::getUInt32, and was a pre-existing bug.
+
+        This patch fixes correctness, but will surely slow down SunSpider.
+        We may be able to code this tighter and get the speed back.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::getInt32): Renamed from toInt32 to more accurately
+        reflect the fact that this function only returns true if the value is
+        accurate (no fractional part, etc.). Changed code so that it returns
+        false when the value has a fraction.
+        (KJS::JSImmediate::getUInt32): Ditto.
+
+        * kjs/internal.cpp:
+        (KJS::NumberImp::getInt32): Changed code so that it returns false when
+        the value has a fraction. Restores the old behavior.
+        (KJS::NumberImp::getUInt32): Ditto.
+
+        * kjs/value.h:
+        (KJS::JSValue::getInt32): Updated for name change.
+        (KJS::JSValue::getUInt32): Ditto.
+        (KJS::JSValue::toInt32): Ditto.
+        (KJS::JSValue::toUInt32): Ditto.
+
+2007-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Brady.
+
+        - fix crash seen when running JavaScriptCore tests
+
+        * kjs/array_instance.cpp: (KJS::ArrayInstance::mark):
+        Copy and paste error: I accidentally had code here that was
+        making a copy of the HashMap -- that's illegal inside a mark
+        function and was unnecessary. The other callsite was modifying
+        the map as it iterated it, but this function is not.
+
+2007-10-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - Avoid moving floats into integer registers in jsNumber() for 3% speedup on SunSpider
+        http://bugs.webkit.org/show_bug.cgi?id=15627
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::fromDouble): Avoid moving floats to integer
+        registers since this is very slow.
+
+2007-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15617
+          improve speed of integer conversions
+
+        Makes SunSpider 6% faster.
+
+        * kjs/JSImmediate.h: Added toInt32 and toUInt32, with separate versions for
+        32-bit and 64-bit.
+        * kjs/value.h:
+        (KJS::JSValue::getUInt32): Call JSImmediate::toUInt32.
+
+        * kjs/internal.h: Added getInt32.
+        * kjs/internal.cpp:
+        (KJS::NumberImp::getInt32): Added.
+        (KJS::NumberImp::getUInt32): Replaced with more-optimal implementation
+        stolen from JSValue.
+
+        * kjs/value.h:
+        (KJS::jsNumber): Marked ALWAYS_INLINE, because this wasn't getting
+        inlined.
+        (KJS::JSValue::getInt32): Added.
+        (KJS::JSValue::getUInt32): Changed to call the new JSImmediate::toUInt32
+        to avoid converting from float to double.
+        (KJS::JSValue::toInt32): Made inline, separated out the slow case.
+        (KJS::JSValue::toUInt32): Ditto.
+        * kjs/value.cpp:
+        (KJS::JSCell::getInt32): Added.
+        (KJS::JSValue::toInt32SlowCase): Renamed from toInt32. Changed to use the
+        new getInt32. Added a faster case for in-range numbers.
+        (KJS::JSValue::toUInt32SlowCase): Ditto.
+        (KJS::JSValue::toUInt16): Added a faster case for in-range numbers.
+
+        * JavaScriptCore.exp: Updated for changes.
+
+2007-10-22  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Turn off
+        warning about implicit conversion to bool.
+
+2007-10-22  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * kjs/array_instance.cpp:
+
+2007-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15606
+          make cut-off for sparse vs. dense arrays smarter for speed with large arrays
+
+        Makes the morph test in SunSpider 26% faster, and the overall
+        benchmark 3% faster.
+
+        This also fixes some small problems we had with the distinction
+        between nonexistent and undefined values in arrays.
+
+        * kjs/array_instance.h: Tweaked formatting and naming.
+        * kjs/array_instance.cpp: Copied from kjs/array_object.cpp.
+        (KJS::storageSize): Added. Computes the size of the storage given a vector length.
+        (KJS::increasedVectorLength): Added. Implements the rule for resizing the vector.
+        (KJS::isDenseEnoughForVector): Added.
+        (KJS::ArrayInstance::ArrayInstance): Initialize the new fields.
+        (KJS::ArrayInstance::~ArrayInstance): Since m_storage is now never 0, delete it.
+        (KJS::ArrayInstance::getItem): Updated for name changes.
+        (KJS::ArrayInstance::lengthGetter): Ditto.
+        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Added. Allows both versions of
+        getOwnPropertySlot to share more code.
+        (KJS::ArrayInstance::getOwnPropertySlot): Just refactored, no code change.
+        (KJS::ArrayInstance::put): Added logic for extending the vector as long as the
+        array is dense enough. Also keep m_numValuesInVector up to date.
+        (KJS::ArrayInstance::deleteProperty): Added code to keep m_numValuesInVector
+        up to date.
+        (KJS::ArrayInstance::getPropertyNames): Fixed bug where this would omit names
+        for array indices with undefined values.
+        (KJS::ArrayInstance::increaseVectorLength): Renamed from resizeStorage. Also
+        simplified to only handle getting larger.
+        (KJS::ArrayInstance::setLength): Added code to update m_numValuesInVector, to
+        zero out the unused part of the vector and to delete the map if it's no longer
+        needed.
+        (KJS::ArrayInstance::mark): Tweaked formatting.
+        (KJS::compareByStringForQSort): Ditto.
+        (KJS::ArrayInstance::sort): Ditto.
+        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
+        Ditto.
+        (KJS::compareWithCompareFunctionForQSort): Ditto.
+        (KJS::ArrayInstance::compactForSorting): Fixed bug where this would turn
+        undefined values into nonexistent values in some cases.
+
+        * kjs/array_object.h: Removed MAX_ARRAY_INDEX.
+        * kjs/array_object.cpp: Removed ArrayInstance. Moved to a separate file.
+
+        * JavaScriptCore.pri: Added array_instance.cpp.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * kjs/AllInOneFile.cpp: Ditto.
+
+2007-10-22  Andrew Wellington  <proton@wiretapped.net>
+
+        Reviewed by Mark Rowe.
+        
+        Fix for local database support after r26879
+        Ensure that ENABLE_DATABASE and ENABLE_ICONDATABASE are correctly set
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2007-10-22  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Alp.
+
+        Build fix for the non-qmake builds.
+
+        * wtf/Platform.h: Default to enabling the database features unless
+        otherwise specified. (similar to ENABLE_ICONDATABASE)
+
+2007-10-22  Holger Freyther  <zecke@selfish.org>
+
+        Reviewed by Simon Hausmann <hausmann@kde.org>.
+
+        * Do not build testkjs as an application bundle. This is
+        needed for run-javascriptcore-tests on OSX.
+        * Also, based on r26633, allow to test the WebKit/Qt port on OSX.
+        * Set DYLD_LIBRARY_PATH if it was set in the environment. It must be set
+        as we do not have -rpath on OSX.
+
+        * kjs/testkjs.pro:
+
+2007-10-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Alp.
+
+        http://bugs.webkit.org/show_bug.cgi?id=15575
+        Bug 15575: [GTK] Implement threading using GThread
+
+        * wtf/Platform.h: Do not enable pthreads for Gtk.
+
+2007-10-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Mitz.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=15603
+        Bug 15603: Regression(r26847): Crash when sorting an empty array from JavaScript
+
+        * kjs/array_object.cpp:
+        (KJS::freeStorage): Reinstate null-check that was removed in r26847.
+
+2007-10-21  Darin Adler  <darin@apple.com>
+
+        - fix Windows build
+
+        * kjs/array_instance.h: Removed unused ExecState parameter.
+        * kjs/array_object.cpp:
+        (KJS::ArrayInstance::put): Ditto.
+        (KJS::ArrayInstance::setLength): Ditto.
+
+2007-10-21  Darin Adler  <darin@apple.com>
+
+        * kjs/array_object.cpp: (KJS::ArrayInstance::put):
+        Add missing assignment that was causing regression test crash.
+
+2007-10-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15585
+          speed up sparse arrays by using a custom map
+    
+        Speeds up SunSpider by 10%.
+
+        * kjs/array_object.cpp:
+        (allocateStorage): Leave room for an additional pointer.
+        (reallocateStorage): Ditto.
+        (freeStorage): Ditto.
+        (ArrayInstance::~ArrayInstance): Delete the overflow map if present.
+        (ArrayInstance::getItem): Read values from the overflow map if present.
+        Removed the check of length, since it slows down the common case.
+        (ArrayInstance::getOwnPropertySlot): Ditto. Also removed the fallback
+        to the property map.
+        (ArrayInstance::put): Write values into the overflow map as needed.
+        Also create overflow map when needed.
+        (ArrayInstance::deleteProperty): Remove values from the overflow map
+        as appropriate.
+        (ArrayInstance::getPropertyNames): Add a name for each identifier in
+        the property map. This is extremely inefficient.
+        (ArrayInstance::setLength): Remove any values in the overflow map
+        that are past the new length, as we formerly did with the property map.
+        (ArrayInstance::mark): Mark any values in the overflow map.
+        (compareByStringForQSort): Removed unneeded undefined case, since
+        compactForSorting guarantees we will have no undefined values.
+        (compareWithCompareFunctionForQSort): Ditto.
+        (ArrayInstance::compactForSorting): Copy all the values out of the
+        overflow map and destroy it.
+
+        * kjs/property_map.h: Removed now-unused getSparseArrayPropertyNames.
+        * kjs/property_map.cpp: Ditto.
+
+2007-10-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15579
+          stop churning identifier reference counts copying Completion objects
+
+        * kjs/completion.h: Replace the Identifier with an Identifier*.
+        * kjs/nodes.cpp:
+        (ForInNode::execute): Update for change to Completion constructor.
+        (ContinueNode::execute): Ditto.
+        (BreakNode::execute): Ditto.
+
+2007-10-20  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Alp.
+
+        Gtk changes needed to enable HTML 5 client-side database storage.
+
+        * wtf/Platform.h: Have Gtk use pthreads for now.
+
+2007-10-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15570
+        Store gathered declaration nodes in the function body node.
+        
+        This means that you only have to gather the declaration nodes the first 
+        time the function executes. Performance gain of 2.10% on SunSpider, 
+        0.90% on command-line JS iBench.
+
+        * kjs/nodes.cpp: Split declaration stack initialization code off into 
+        initializeDeclarationStacks().
+        (FunctionBodyNode::FunctionBodyNode):
+        (FunctionBodyNode::initializeDeclarationStacks):
+        (FunctionBodyNode::processDeclarations):
+
+        * kjs/nodes.h: Changed DeclarationStacks structure to hold references, 
+        since the actual Vectors are now stored either on the stack or in the 
+        function body node.
+
+2007-10-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        http://bugs.webkit.org/show_bug.cgi?id=15559
+        Moved processDeclarations call into FunctionBodyNode::execute
+
+        To improve encapsulation, moved processDeclarations call into
+        FunctionBodyNode::execute. Also marked processDeclarations 
+        ALWAYS_INLINE, since it has only 1 caller now. This is a .71% speedup 
+        on command-line JS iBench.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::GlobalFuncImp::callAsFunction):
+        * kjs/function.h:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::evaluate):
+        * kjs/nodes.cpp:
+        (FunctionBodyNode::execute):
+        * kjs/nodes.h:
+
+2007-10-19  Brady Eidson  <beidson@apple.com>
+
+        Reviewed by Sam
+
+        Queue -> Deque! and small style tweaks
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
+        * wtf/Deque.h: Added.
+        (WTF::DequeNode::DequeNode):
+        (WTF::Deque::Deque):
+        (WTF::Deque::~Deque):
+        (WTF::Deque::size):
+        (WTF::Deque::isEmpty):
+        (WTF::Deque::append):
+        (WTF::Deque::prepend):
+        (WTF::Deque::first):
+        (WTF::Deque::last):
+        (WTF::Deque::removeFirst):
+        (WTF::Deque::clear):
+        * wtf/Queue.h: Removed.
+
+
+2007-10-19  Brady Eidson <beidson@apple.com>
+
+        Reviewed by Oliver
+
+        Added a simple LinkedList based Queue to wtf
+        We can make a better, more sophisticated an efficient one later, but have
+        needed one for some time, now!
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/Queue.h: Added.
+        (WTF::QueueNode::QueueNode):
+        (WTF::Queue::Queue):
+        (WTF::Queue::~Queue):
+        (WTF::Queue::size):
+        (WTF::Queue::isEmpty):
+        (WTF::Queue::append):
+        (WTF::Queue::prepend):
+        (WTF::Queue::first):
+        (WTF::Queue::last):
+        (WTF::Queue::removeFirst):
+        (WTF::Queue::clear):
+
+2007-10-19  Nikolas Zimmermann  <zimmermann@kde.org>
+
+        Reviewed by Anders.
+
+        Try to fix Qt/Win build slave, by including windows.h also on Qt/Win.
+
+        * kjs/testkjs.cpp: Change PLATFORM(WIN) to PLATFORM(WIN_OS)
+
+2007-10-19  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Lars.
+
+        Fix compilation on Windows when wchar_t is a typedef instead of a native type (triggered by -Zc:wchar_t-).
+        Don't provide the wchar_t overloads then as they conflict with the unsigned short ones.
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIAlpha):
+        (WTF::isASCIIAlphanumeric):
+        (WTF::isASCIIDigit):
+        (WTF::isASCIIHexDigit):
+        (WTF::isASCIILower):
+        (WTF::isASCIISpace):
+        (WTF::toASCIILower):
+        (WTF::toASCIIUpper):
+
+2007-10-19  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Lars.
+
+        Another build fix for the windows/qt build: Apply the same fix as in revision 26686 also to kjs/config.h to disable the disallowctype feature.
+
+        * kjs/config.h:
+
+2007-10-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adam.
+        
+        - use __declspec(thread) for fast thread-local storage on Windows
+        
+        - 2.2% speedup on sunspider (on Windows)
+        - 7% speedup on the string section
+        - 6% speedup on JS iBench
+        
+        - fixed <rdar://problem/5473084> PLT on Windows got 2.5% slower between r25406 and r25422
+        - fixed at least some of <rdar://5527965? i-Bench JS was 14% slower in 310A11 than 310A10
+        
+        
+        * wtf/FastMalloc.cpp:
+        (WTF::getThreadHeap):
+        (WTF::setThreadHeap):
+        (WTF::TCMalloc_ThreadCache::GetCache):
+        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
+        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
+
+2007-10-17  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15543
+          <rdar://problem/5545639> REGRESSION (r26697):
+          GoogleDocs: Can't create new documents or open existing ones
+
+        Test: fast/js/regexp-non-character.html
+
+        * pcre/pcre_compile.c: (check_escape): Take out the checks for valid characters
+        in the \u sequences -- not needed and actively harmful.
+
+2007-10-17  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Oliver.
+
+        * wtf/Platform.h:
+        #define USE_PTHREADS on Mac.
+
+2007-10-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Merged DeclaredFunctionImp into FunctionImp (the base class) because 
+        the distinction between the two was unused.
+        
+        Removed codeType() from FunctionImp because FunctionImp and its 
+        subclasses all returned FunctionCode, so it was unused, practically 
+        speaking.
+        
+        Removed a different codeType() from GlobalFuncImp because it was unused.
+        (Perhaps it was vestigial from a time when GlobalFuncImp used to 
+        inherit from FunctionImp.)
+
+        * bindings/runtime_method.cpp:
+        * bindings/runtime_method.h:
+        * kjs/function.cpp:
+        (KJS::FunctionImp::FunctionImp):
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::construct):
+        (KJS::FunctionImp::execute):
+        (KJS::FunctionImp::processVarDecls):
+        * kjs/function.h:
+        (KJS::FunctionImp::implementsConstruct):
+        (KJS::FunctionImp::scope):
+        * kjs/function_object.cpp:
+        (FunctionProtoFunc::callAsFunction):
+        (FunctionObjectImp::construct):
+        * kjs/nodes.cpp:
+        (FuncDeclNode::processFuncDecl):
+        (FuncExprNode::evaluate):
+
+2007-10-17  Adam Roben  <aroben@apple.com>
+
+        Windows build fix part 2.
+
+        Fix was by Darin, reviewed by Anders and Adam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add
+        FastMallocPCRE.cpp to the project, and let Visual Studio have its way
+        with the post-build step.
+        * pcre/pcre.h: Don't DLL export the entry points just because this
+        is Win32 -- this is an internal copy of PCRE and should be private.
+        * pcre/pcre_compile.c: Fix an uninitialized variable warning --
+        there's no real problem but it's better to quiet the compiler by
+        tweaking the code slightly than turn off the warning entirely.
+
+2007-10-17  Adam Roben  <aroben@apple.com>
+
+        Windows build fix.
+
+        Reviewed by Anders.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
+        some mismatched signed/unsigned comparison warnings.
+        * pcre/pcre_exec.c:
+        (match): #if-out some labels that don't seem to exist.
+
+2007-10-17  Mark Rowe  <mrowe@apple.com>
+
+        Gtk build fix.
+
+        * JavaScriptCore.pri: Add FastMallocPCRE.cpp.
+        * pcre/pcre_get. #if out two functions that depend on pcre_get_stringnumber, which
+        is currently unavailable for UTF-16.
+
+2007-10-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - merged PCRE changes between 6.4 and 6.5
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Removed pcre_config.c, pcre_globals.c, pcre_info.c, pcre_maketables.c,
+        pcre_printint.src, pcre_refcount.c, pcre_study.c, pcre_try_flipped.c,
+        pcre_ucp_findchar.c, pcre_version.c, and ucptable.c. Added pcre_ucp_searchfuncs.c.
+
+        * pcre/AUTHORS:
+        * pcre/LICENCE:
+        * pcre/MERGING:
+        * pcre/dftables.c:
+        * pcre/pcre-config.h:
+        * pcre/pcre.h:
+        * pcre/pcre.pri:
+        * pcre/pcre_compile.c:
+        * pcre/pcre_exec.c:
+        * pcre/pcre_fullinfo.c:
+        * pcre/pcre_get.c:
+        * pcre/pcre_internal.h:
+        * pcre/pcre_maketables.c:
+        * pcre/pcre_ord2utf8.c:
+        * pcre/pcre_tables.c:
+        * pcre/pcre_ucp_searchfuncs.c: Copied from pcre/pcre_ucp_findchar.c.
+        * pcre/pcre_xclass.c:
+        * pcre/ucp.h:
+        * pcre/ucpinternal.h:
+        * pcre/ucptable.c:
+        Updated with new versions from the PCRE 6.5 release, merged with changes.
+
+        * pcre/pcre_config.c: Removed.
+        * pcre/pcre_globals.c: Removed.
+        * pcre/pcre_info.c: Removed.
+        * pcre/pcre_printint.src: Removed.
+        * pcre/pcre_refcount.c: Removed.
+        * pcre/pcre_study.c: Removed.
+        * pcre/pcre_try_flipped.c: Removed.
+        * pcre/pcre_ucp_findchar.c: Removed.
+        * pcre/pcre_version.c: Removed.
+
+2007-10-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Removed KJS_VERBOSE because it was getting in the way of readability, 
+        and the messages didn't seem very helpful.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::callAsFunction):
+        (KJS::FunctionImp::passInParameters):
+        * kjs/lookup.h:
+        (KJS::lookupPut):
+        * kjs/object.cpp:
+        (KJS::JSObject::put):
+        * kjs/value.h:
+
+2007-10-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Removed the Parameter class because it was a redundant wrapper around 
+        Identifier.
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::passInParameters):
+        (KJS::FunctionImp::getParameterName):
+        * kjs/nodes.cpp:
+        (FunctionBodyNode::addParam):
+        * kjs/nodes.h:
+        (KJS::FunctionBodyNode::):
+
+2007-10-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Global replace of assert with ASSERT.
+
+2007-10-16  Adam Roben  <aroben@apple.com>
+
+        Make testkjs not delay-load WebKit
+
+        Soon, delay-loading WebKit will be impossible (because we will be
+        using __declspec(thread) for thread-local storage). This change
+        prepares testkjs for the future.
+
+        Reviewed by Sam.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed WebKitInitializer,
+        added FindSafari.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Don't link against
+        WebKitInitializer, don't delay-load WebKit.
+        * kjs/testkjs.cpp: Don't use WebKitInitializer.
+
+2007-10-16  Adam Roben  <aroben@apple.com>
+
+        Updated testkjs for the rename of WebKit_debug.dll to WebKit.dll for the Debug configuration
+
+        Reviewed by Kevin McCullough.
+
+        * JavaScriptCore.vcproj/debug.vsprops: Added WebKitDLLConfigSuffix.
+        * JavaScriptCore.vcproj/debug_internal.vsprops: Ditto.
+        * JavaScriptCore.vcproj/release.vsprops: Ditto.
+        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Use
+        WebKitDLLConfigSuffix when referring to WebKit.dll, and fixed a typo
+        in the name of icuuc36[_debug].dll.
+
+2007-10-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Re-structured variable and function declaration code.
+        
+        Command-line JS iBench shows no regression.
+        
+        Here are the changes:
+
+        1. Function declarations are now processed at the same time as var 
+        declarations -- namely, immediately upon entry to an execution context. 
+        This does not match Firefox, which waits to process a function
+        declaration until the declaration's containing block executes, but it 
+        does match IE and the ECMA spec. (10.1.3 states that var and function 
+        declarations should be processed at the same time -- namely, "On 
+        entering an execution context." 12.2 states that "A Block does not 
+        define a new execution scope.")
+
+        2. Declaration processing proceeds iteratively now, rather than 
+        recursively, storing the nodes is finds in stacks. This will later 
+        facilitate an optimization to hold on to the gathered declaration nodes, 
+        rather than re-fetching them in every function call. 
+        [ http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+
+        Modified these tests because they expected the incorrect Mozilla 
+        behavior described above:
+
+        * tests/mozilla/ecma_3/Function/scope-001.js:
+        * tests/mozilla/js1_5/Scope/regress-184107.js:
+
+2007-10-16  Darin Adler  <darin@apple.com>
+
+        - try to fix the GTK build
+
+        * kjs/ustring.cpp: Include ASCIICType.h, not ASCIICtype.h.
+
+2007-10-16  Darin Adler  <darin@apple.com>
+
+        - try to fix the Windows build
+
+        * kjs/date_object.cpp: (KJS::parseDate): A couple instances of isspace were
+        in here. Not sure why it wasn't failing elsewhere. Changed to isASCIISpace.
+
+2007-10-16  Darin Adler  <darin@apple.com>
+
+        - try to fix the GTK build
+
+        * kjs/ustring.cpp: Include ASCIICType.h.
+
+2007-10-16  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej and Geoff (and looked over by Eric).
+
+        - http://bugs.webkit.org/show_bug.cgi?id=15519
+          eliminate use of <ctype.h> for processing ASCII
+
+        * wtf/ASCIICType.h: Added.
+        * wtf/DisallowCType.h: Added.
+
+        * kjs/config.h: Include DisallowCType.h.
+
+        * kjs/date_object.cpp:
+        (KJS::skipSpacesAndComments):
+        (KJS::findMonth):
+        (KJS::parseDate):
+        * kjs/function.cpp:
+        (KJS::decode):
+        * kjs/ustring.cpp:
+        (KJS::UString::toDouble):
+        Use ASCIICType.h functions instead of ctype.h ones.
+
+2007-10-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - fixes for "New JavaScript benchmark"
+        http://bugs.webkit.org/show_bug.cgi?id=15515
+        
+        * kjs/testkjs.cpp:
+        (TestFunctionImp::callAsFunction): Implement "load" for compatibility
+        with SpiderMonkey.
+        (TestFunctionImp::): ditto
+        (doIt): ditto
+        (kjsmain): Drop useless --> from output.
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Removed unnecessary #include.
+
+        * API/JSObjectRef.cpp:
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Double-reverse build fix. My tree was out of date.
+
+        * kjs/nodes.cpp:
+        (NumberNode::evaluate):
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * kjs/nodes.cpp:
+        (NumberNode::evaluate):
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Removed surprising self-named "hack" that made nested functions 
+        available as named properties of their containing functions, and placed
+        containing function objects in the scope chains of nested functions.
+        
+        There were a few reasons to remove this "hack:"
+
+        1. It contradicted FF, IE, and the ECMA spec.
+
+        2. It incurred a performance penalty, since merely parsing a function 
+        required parsing its body for nested functions (and so on).
+
+        3. SVN history contains no explanation for why it was added. It was just
+        legacy code in a large merge a long, long time ago.
+
+        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+
+        * kjs/nodes.cpp:
+        (FuncDeclNode::processFuncDecl):
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Removed the concept of AnonymousCode. It was unused, and it doesn't
+        exist in the ECMA spec.
+        
+        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+
+        * kjs/Context.cpp:
+        (KJS::Context::Context):
+        * kjs/function.h:
+        * kjs/nodes.cpp:
+        (ReturnNode::execute):
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Made function parameters DontDelete. This matches FF and the vague
+        description in ECMA 10.1.3. It's also required in order to make
+        symbol table based lookup of function parameters valid. (If the 
+        parameters aren't DontDelete, you can't guarantee that you'll find
+        them later in the symbol table.)
+
+        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+
+        * kjs/function.cpp:
+        (KJS::FunctionImp::passInParameters):
+
+2007-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Some Vector optimizations. These are especially important when using
+        Vector as a stack for implementing recursive algorithms iteratively.
+        
+        [ Broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+
+        1. Added shrink(), which is a version of resize() that you can call
+        to save a branch / improve code generation and inlining when you know 
+        that the vector is not getting bigger.
+        
+        2. Changed subclassing relationship in VectorBuffer to remove a call to
+        fastFree() in the destructor for the inlineCapacity != 0 template
+        specialization. This brings inline Vectors one step closer to true
+        stack-allocated arrays.
+        
+        Also changed abort() to CRASH(), since the latter works better.
+
+        * wtf/Vector.h:
+        (WTF::VectorBufferBase::allocateBuffer):
+        (WTF::VectorBufferBase::deallocateBuffer):
+        (WTF::VectorBufferBase::VectorBufferBase):
+        (WTF::VectorBufferBase::~VectorBufferBase):
+        (WTF::):
+        (WTF::VectorBuffer::VectorBuffer):
+        (WTF::VectorBuffer::~VectorBuffer):
+        (WTF::VectorBuffer::deallocateBuffer):
+        (WTF::VectorBuffer::releaseBuffer):
+        (WTF::Vector::clear):
+        (WTF::Vector::removeLast):
+        (WTF::::operator):
+        (WTF::::fill):
+        (WTF::::shrink):
+
+2007-10-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed http://bugs.webkit.org/show_bug.cgi?id=15490
+        Iteration statements sometimes incorrectly evaluate to the empty value 
+        (KDE r670547). 
+        
+        [ Broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
+        
+        This patch is a merge of KDE r670547, with substantial modification 
+        for performance.
+        
+        It fixes do-while statements to evaluate to a value. (They used
+        to evaluate to the empty value in all cases.) 
+
+        It also fixes SourceElementsNode to maintain the value of abnormal 
+        completions like "break" and "continue."
+        
+        It also re-works the main execution loop in SourceElementsNode so that
+        it (1) makes a little more sense and (2) avoids unnecessary work. This 
+        is a .28% speedup on command-line JS iBench.
+
+        * kjs/nodes.cpp:
+        (DoWhileNode::execute):
+        (SourceElementsNode::execute):
+
+2007-10-15  Simon Hausmann  <hausmann@kde.org>
+
+        Reviewed by Lars.
+
+        Fix compilation with gcc 4.3 by including 'limits' due to the use of std::numeric_limits.
+
+        * wtf/HashTraits.h:
+
+2007-10-5  Kevin Ollivier  <kevino@theolliviers.com>
+ 
+        Reviewed by Adam.
+        
+        Add support for MSVC7, and fix cases where PLATFORM(WIN) should
+        be PLATFORM(WIN_OS) for other ports building on Windows.
+ 
+        * kjs/DateMath.cpp:
+        (KJS::getDSTOffsetSimple):
+        * kjs/JSImmediate.h:
+        * wtf/Assertions.cpp:
+        * wtf/Assertions.h:
+        * wtf/Platform.h:
+        * wtf/StringExtras.h:
+        (snprintf):
+        (vsnprintf):
+
+2007-10-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Darin.
+
+        Adds NegateNode optimization from KJS. The relevant revision in KDE
+        is 666736.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (NumberNode::evaluate):
+        * kjs/nodes.h:
+        (KJS::Node::):
+        (KJS::NumberNode::):
+        * kjs/nodes2string.cpp:
+        (NumberNode::streamTo):
+
+2007-10-14  Jason Foreman  <jason@threeve.org>
+
+        Reviewed by Maciej.
+
+        Fix http://bugs.webkit.org/show_bug.cgi?id=15145
+        
+        Ensure that if adjusting n to minimize the difference of n*intPow10(e-p+1) to x,
+        that the property n < intPow10(p) is maintained.
+
+        * kjs/number_object.cpp:
+        (NumberProtoFunc::callAsFunction):
+
+== Rolled over to ChangeLog-2007-10-14 ==
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2009-06-16 b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2009-06-16
new file mode 100644
index 000000000..52d3c36e7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog-2009-06-16
@@ -0,0 +1,39978 @@
+2009-06-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Sam Weinig.
+
+        Rename PatchBuffer to LinkBuffer.  Previously our terminology has been a little
+        mixed up, but we have decided to fix on refering to the process that takes place
+        at the end of code generation as 'linking', and on any modifications that take
+        place later (and once the code has potentially already been executed) as 'patching'.
+
+        However, the term 'PatchBuffer' is already in use, and needs to be repurposed.
+
+        To try to minimize confusion, we're going to switch the terminology over in stages,
+        so for now we'll refer to later modifications as 'repatching'.  This means that the
+        new 'PatchBuffer' has been introduced with the name 'RepatchBuffer' instead.
+
+        This patch renames the old 'PatchBuffer' to 'LinkBuffer'.  We'll leave ToT in this
+        state for a week or so to try to avoid to much overlap of the meaning of the term
+        'PatchBuffer', then will come back and rename 'RepatchBuffer'.
+
+        * assembler/ARMv7Assembler.h:
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::LinkBuffer::LinkBuffer):
+        (JSC::AbstractMacroAssembler::LinkBuffer::~LinkBuffer):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::compile):
+
+2009-06-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Having moved most of their functionality into the RepatchBuffer class,
+        we can simplify the CodeLocation* classes.
+
+        The CodeLocation* classes are currently a tangle of templatey and friendly
+        badness, burried in the middle of AbstractMacroAssembler.  Having moved
+        the ability to repatch out into RepatchBufer they are now do-nothing wrappers
+        on CodePtr (MacroAssemblerCodePtr), that only exist to provide type-safety.
+
+        Simplify the code, and move them off into their own header.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
+        * assembler/CodeLocation.h: Copied from assembler/AbstractMacroAssembler.h.
+        (JSC::CodeLocationCommon::CodeLocationCommon):
+        (JSC::CodeLocationInstruction::CodeLocationInstruction):
+        (JSC::CodeLocationLabel::CodeLocationLabel):
+        (JSC::CodeLocationJump::CodeLocationJump):
+        (JSC::CodeLocationCall::CodeLocationCall):
+        (JSC::CodeLocationNearCall::CodeLocationNearCall):
+        (JSC::CodeLocationDataLabel32::CodeLocationDataLabel32):
+        (JSC::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
+        (JSC::CodeLocationCommon::instructionAtOffset):
+        (JSC::CodeLocationCommon::labelAtOffset):
+        (JSC::CodeLocationCommon::jumpAtOffset):
+        (JSC::CodeLocationCommon::callAtOffset):
+        (JSC::CodeLocationCommon::nearCallAtOffset):
+        (JSC::CodeLocationCommon::dataLabelPtrAtOffset):
+        (JSC::CodeLocationCommon::dataLabel32AtOffset):
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::MacroAssemblerCodePtr::operator!):
+        * bytecode/CodeBlock.h:
+        (JSC::getStructureStubInfoReturnLocation):
+        (JSC::getCallLinkInfoReturnLocation):
+        (JSC::getMethodCallLinkInfoReturnLocation):
+        * bytecode/Instruction.h:
+        * bytecode/JumpTable.h:
+        (JSC::StringJumpTable::ctiForValue):
+        (JSC::SimpleJumpTable::ctiForValue):
+        * bytecode/StructureStubInfo.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitCatch):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
+
+2009-06-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Having introduced the RepatchBuffer, ProcessorReturnAddress is now a do-nothing
+        wrapper around ReturnAddressPtr.  Remove it.  In tugging on this piece of string
+        it made sense to roll out the use of ReturnAddressPtr a little further into
+        JITStubs (which had always been the intention).
+
+        No performance impact.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkNearCallerToTrampoline):
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::ReturnAddressPtr::ReturnAddressPtr):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getStubInfo):
+        (JSC::CodeBlock::getCallLinkInfo):
+        (JSC::CodeBlock::getMethodCallLinkInfo):
+        (JSC::CodeBlock::getBytecodeIndex):
+        * interpreter/Interpreter.cpp:
+        (JSC::bytecodeOffsetForPC):
+        * jit/JIT.cpp:
+        (JSC::ctiPatchNearCallByReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdTransition):
+        (JSC::JIT::compilePatchGetArrayLength):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::StackHack::StackHack):
+        (JSC::returnToThrowTrampoline):
+        (JSC::throwStackOverflowError):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::):
+        (JSC::JITStackFrame::returnAddressSlot):
+        * runtime/JSGlobalData.h:
+
+2009-06-15  Simon Fraser  <simon.fraser@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6974857>
+
+        Define ENABLE_3D_RENDERING when building on 10.6, and move ENABLE_3D_RENDERING
+        switch from config.h to wtf/Platform.h.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * wtf/Platform.h:
+
+2009-06-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Move repatching methods into a set of methods on a class.  This will allow us to
+        coallesce memory reprotection calls.  Really, we want this class to be called
+        PatchBuffer, we want the class PatchBuffer to be called LinkBuffer, we want both
+        to be memblers of MacroAssembler rather then AbstractMacroAssembler, we don't
+        want the CodeLocationFoo types anymore (they are now only really there to provide
+        type safety, and that is completely undermined by the way we use offsets).  Then
+        the link & patch buffers should delegate the actual patching calls to the
+        architecture-specific layer of the MacroAssembler.  Landing all these changes as a
+        sequence of patches.
+
+        No performance impact.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::CodeLocationNearCall):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::calleeReturnAddressValue):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::RepatchBuffer):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relink):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::repatch):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkNearCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::RepatchBuffer::repatchLoadPtrToLEA):
+        * jit/JIT.cpp:
+        (JSC::ctiPatchNearCallByReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchMethodCallProto):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2009-06-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Hunt & Oliver Garen.
+
+        We are currently generating two copies of the slow path for op_call for no reason.  Stop that.
+
+        Originally op_call used two slow paths since the first set up the pointer to the CallLinkInfo
+        for use when linking.  However this is now looked up using the return address (as we do for
+        property accesses) so the two paths are now identical.
+
+        No performance impact, reduces memory footprint.
+
+        * bytecode/CodeBlock.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::linkCall):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+
+2009-06-12  Dave Hyatt  <hyatt@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26373
+
+        Add a new class to Threading in wtf called ReadWriteLock that handles single writer/multiple reader locking.
+        Provide a pthreads-only implementation of the lock for now, as this class is only going to be used
+        on Snow Leopard at first.
+
+        * wtf/Threading.h:
+        (WTF::ReadWriteLock::impl):
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::ReadWriteLock::ReadWriteLock):
+        (WTF::ReadWriteLock::~ReadWriteLock):
+        (WTF::ReadWriteLock::readLock):
+        (WTF::ReadWriteLock::tryReadLock):
+        (WTF::ReadWriteLock::writeLock):
+        (WTF::ReadWriteLock::tryWriteLock):
+        (WTF::ReadWriteLock::unlock):
+
+2009-06-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Make LiteralParser non-recursive
+
+        Convert LiteralParser from using a simple recursive descent parser
+        to a hand rolled PDA.  Relatively simple conversion, but required
+        modifications to MarkedArgumentBuffer to make it more suitable as
+        a generic marked vector.   I'll refactor and rename MarkedArgumentBuffer
+        in future as there are many other cases where it will be useful to
+        have such a class.
+
+        * runtime/ArgList.h:
+        (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
+        (JSC::MarkedArgumentBuffer::append):
+        (JSC::MarkedArgumentBuffer::removeLast):
+        (JSC::MarkedArgumentBuffer::last):
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::parse):
+        * runtime/LiteralParser.h:
+        (JSC::LiteralParser::LiteralParser):
+        (JSC::LiteralParser::tryLiteralParse):
+        (JSC::LiteralParser::):
+
+2009-06-12  David Levin  <levin@chromium.org>
+
+        Reviewed by NOBODY (build fix for windows).
+
+        Adjust the exports for JSC on Windows like what was done for OSX in
+        the previous commit.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-12  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        UString shouldn't create sharedBuffer for SmallStrings.
+        https://bugs.webkit.org/show_bug.cgi?id=26360
+
+        The methods changed are not used by JSC, so there is no JS perf impact.  However,
+        there is a potential DOM perf impact, so I re-ran several of the tests that
+        I ran previously and ensured that the perf stay the same which caused me to
+        adjust the minLengthToShare.
+
+        * JavaScriptCore.exp:
+        * runtime/UString.cpp:
+        (JSC::UString::Rep::sharedBuffer):
+            Determines if the buffer being shared is big enough before doing so.
+            Previously, BaseString::sharedBuffer was called but it would only know
+            the length of the base string (BaseString::len) which may not be the same
+            as the string being shared (Rep::len).
+        (JSC::UString::BaseString::sharedBuffer):
+            This is now only be used by Rep::sharedBuffer. which does the length check.
+        * runtime/UString.h:
+
+2009-06-12  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26191
+        Remove xmath include in MathExtras.h, because it is not needed and also
+        breaks VS2008 builds with TR1 turned on.
+
+        * wtf/MathExtras.h: Removed xmath include.
+
+2009-06-12  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Eric Seidel.
+
+        * ChangeLog-2007-10-14: Change pseudonym "Don Gibson" to me (was used while Google Chrome was not public); update my email address.
+
+2009-06-12  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Adding JSONObject.cpp to the build.
+
+        * JavaScriptCoreSources.bkl:
+
+2009-06-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Jan Michael Alonzo.
+
+        [Qt] Fix build break
+        https://bugs.webkit.org/show_bug.cgi?id=26340
+
+        * JavaScriptCore.pri: Add JSONObject.cpp to LUT files.
+
+2009-06-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (build fix).
+
+        Lower stringify recursion limit to deal with small windows stack.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSONObject.cpp:
+        (JSC::Stringifier::):
+
+2009-06-11  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Holger Freyther.
+
+        Fix compilation warnings
+        <https://bugs.webkit.org/show_bug.cgi?id=26015>
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadCondition::wait): Fix compilation warning.
+        (WTF::ThreadCondition::timedWait): Ditto.
+
+2009-06-10  Brent Fulgham  <bfulgham@webkit.org>
+
+        Build fix for Windows target.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+          Correct missing </File> tag after @r44550 that prevents the
+          project from being loaded in the Visual Studio IDE.
+
+2009-06-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber Stamped by Mark Rowe.
+
+        Tidy up a couple of comments.
+
+        * assembler/ARMv7Assembler.h:
+            Fix date in copyright, neaten up a couple of comments.
+        * assembler/MacroAssemblerARMv7.h:
+            Fix date in copyright.
+
+2009-06-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 26249: Support JSON.stringify
+        <https://bugs.webkit.org/show_bug.cgi?id=26249>
+        
+        Implement JSON.stringify.  This patch handles all the semantics of the ES5
+        JSON.stringify function, including replacer functions and arrays and both
+        string and numeric gap arguments.
+        
+        Currently uses a clamped recursive algorithm basically identical to the spec
+        description but with a few minor tweaks for performance and corrected semantics
+        discussed in the es-discuss mailing list.
+
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::jsonTable):
+        * runtime/CommonIdentifiers.h:
+           add toJSON to the list of common identifiers
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+            Add support for the JSON object lookup table
+
+        * runtime/JSONObject.cpp: Added.
+        (JSC::):
+        (JSC::JSONObject::getOwnPropertySlot):
+        (JSC::Stringifier::):
+        (JSC::Stringifier::Stringifier):
+        (JSC::Stringifier::stringify):
+        (JSC::Stringifier::appendString):
+
+        (JSC::Stringifier::StringKeyGenerator::StringKeyGenerator):
+        (JSC::Stringifier::StringKeyGenerator::getKey):
+        (JSC::Stringifier::IntKeyGenerator::IntKeyGenerator):
+        (JSC::Stringifier::IntKeyGenerator::getKey):
+            These KeyGenerator classes are used to abstract away the lazy evaluation of keys for
+            toJSON and replacer functions.
+
+        (JSC::Stringifier::toJSONValue):
+        (JSC::Stringifier::stringifyArray):
+        (JSC::Stringifier::stringifyObject):
+        (JSC::JSONProtoFuncStringify):
+        * runtime/JSONObject.h: Added.
+        (JSC::JSONObject:::JSObject):
+        (JSC::JSONObject::classInfo):
+        (JSC::JSONObject::createStructure):
+
+2009-06-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Enable JIT_OPTIMIZE_CALL & JIT_OPTIMIZE_METHOD_CALLS on ARMv7 platforms.
+
+        These optimizations function correctly with no further changes.
+
+        * wtf/Platform.h:
+            Change to enable JIT_OPTIMIZE_CALL & JIT_OPTIMIZE_METHOD_CALLS.
+
+2009-06-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Not Reviewed, build fix.
+
+        * assembler/MacroAssemblerARMv7.h:
+
+2009-06-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Enable JIT_OPTIMIZE_ARITHMETIC on ARMv7 platforms.
+
+        Temporarily split support for 'branchTruncateDoubleToInt32' onto its own switch
+        ('supportsFloatingPointTruncate').  See comment in MacroAssemblerARMv7, we need
+        to work out wherther we are going to be able to support the current interface on
+        all platforms, or whether this should be refactored.
+
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
+            Add implementation of supportsFloatingPointTruncate (returns true).
+        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
+            Add implementation of supportsFloatingPointTruncate (returns false).
+        (JSC::MacroAssemblerARMv7::loadDouble):
+        (JSC::MacroAssemblerARMv7::storeDouble):
+        (JSC::MacroAssemblerARMv7::addDouble):
+        (JSC::MacroAssemblerARMv7::subDouble):
+        (JSC::MacroAssemblerARMv7::mulDouble):
+        (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
+        (JSC::MacroAssemblerARMv7::branchDouble):
+            Implement FP code genertion operations.
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
+            Add implementation of supportsFloatingPointTruncate (returns true).
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
+            Add implementation of supportsFloatingPointTruncate (returns true).
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_rshift):
+            Changed to call supportsFloatingPointTruncate().
+        (JSC::JIT::emitSlow_op_rshift):
+            Changed to call supportsFloatingPointTruncate().
+        * wtf/Platform.h:
+            Change to enable JIT_OPTIMIZE_ARITHMETIC.
+
+2009-06-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe & Geoff Garen.
+
+        Enable JIT_OPTIMIZE_PROPERTY_ACCESS on ARMv7 platforms.
+
+        Firm up interface for planting load intructions that will be repatched by
+        repatchLoadPtrToLEA().  This method should now no longer be applied to just
+        any loadPtr instruction.
+
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::loadPtrWithPatchToLEA):
+            Implement loadPtrWithPatchToLEA interface (plants a load with a fixed width address).
+        (JSC::MacroAssemblerARMv7::move):
+        (JSC::MacroAssemblerARMv7::nearCall):
+        (JSC::MacroAssemblerARMv7::call):
+        (JSC::MacroAssemblerARMv7::moveWithPatch):
+        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
+            Switch to use common method 'moveFixedWidthEncoding()' to perform fixed width (often patchable) loads.
+        (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
+            Move an immediate to a register, always plants movT3/movt instruction pair.
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::loadPtrWithPatchToLEA):
+            Implement loadPtrWithPatchToLEA interface (just a regular 32-bit load on x86).
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::loadPtrWithPatchToLEA):
+            Implement loadPtrWithPatchToLEA interface (just a regular 64-bit load on x86_64).
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::emit_op_put_by_id):
+        * wtf/Platform.h:
+            Change to enable JIT_OPTIMIZE_PROPERTY_ACCESS.
+
+2009-06-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Enable JS language JIT for ARM thumb2 platforms.  Add ARMv7 specific
+        asm & constants, add appropriate configuration switches to Platform.h.
+
+        Landing this disabled until jump linking is completed (see YARR jit patch).
+
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::load32):
+            Fix: should load pointer with ImmPtr not Imm32.
+        (JSC::MacroAssemblerARMv7::store32):
+            Fix: should load pointer with ImmPtr not Imm32.
+        (JSC::MacroAssemblerARMv7::move):
+            Fix: When moving an Imm32 that is actually a pointer, should call movT3()
+            not mov(), to ensure code generation is repeatable (for exception handling).
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+            Disable JIT_OPTIMIZE_NATIVE_CALL specific code generation if the optimization is not enabled.
+        * jit/JIT.h:
+            Add ARMv7 specific values of constants & register names.
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::preverveReturnAddressAfterCall):
+        (JSC::JIT::restoreReturnAddressBeforeReturn):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+            Implement for ARMv7 (move value to/from lr).
+        * jit/JITStubs.cpp:
+            Add JIT entry/thow trampolines, add macro to add thunk wrapper around stub routines.
+        * jit/JITStubs.h:
+        (JSC::JITStackFrame::returnAddressSlot):
+            Add ARMv7 stack frame object.
+        * wtf/Platform.h:
+            Add changes necessary to allow JIT to build on this platform, disabled.
+
+2009-06-08  Mark Rowe  <mrowe@apple.com>
+
+        Speculative GTK build fix.
+
+        * wtf/DateMath.cpp:
+
+2009-06-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Previous patch caused a regression.
+
+        Restructure so no new (empty, inline) function calls are added on x86.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::makeWritable):
+        (JSC::ExecutableAllocator::makeExecutable):
+        (JSC::ExecutableAllocator::reprotectRegion):
+        (JSC::ExecutableAllocator::cacheFlush):
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Unreviewed, GTK build fix (thanks, bdash).
+
+        * GNUmakefile.am: Moved DateMath with all other wtf kin.
+
+2009-06-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Add (incomplete) support to YARR for running with the jit enabled
+        on Arm thumb2 platforms.  Adds new Assembler/MacroAssembler classes,
+        along with cache flushing support, tweaks to MacroAssemblerCodePtr
+        to support decorated thumb code pointers, and new enter/exit code
+        to YARR jit for the platform.
+
+        Support for this platform is still under development - the assembler
+        currrently only supports planting and linking jumps with a 16Mb range.
+        As such, initially commiting in a disabled state.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+            Add new assembler files.
+        * assembler/ARMv7Assembler.h: Added.
+            Add new Assembler.
+        * assembler/AbstractMacroAssembler.h:
+            Tweaks to ensure sizes of pointer values planted in JIT code do not change.
+        * assembler/MacroAssembler.h:
+            On ARMv7 platforms use MacroAssemblerARMv7.
+        * assembler/MacroAssemblerARMv7.h: Added.
+            Add new MacroAssembler.
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::FunctionPtr::FunctionPtr):
+            Add better ASSERT.
+        (JSC::ReturnAddressPtr::ReturnAddressPtr):
+            Add better ASSERT.
+        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
+            On ARMv7, MacroAssemblerCodePtr's mush be 'decorated' with a low bit set,
+            to indicate to the processor that the code is thumb code, not traditional
+            32-bit ARM.
+        (JSC::MacroAssemblerCodePtr::dataLocation):
+            On ARMv7, decoration must be removed.
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::makeWritable):
+            Reformatted, no change.
+        (JSC::ExecutableAllocator::makeExecutable):
+            When marking code executable also cache flush it, where necessary.
+        (JSC::ExecutableAllocator::MakeWritable::MakeWritable):
+            Only use the null implementation of this class if both !ASSEMBLER_WX_EXCLUSIVE
+            and running on x86(_64) - on other platforms we may also need ensure that
+            makeExecutable is called at the end to flush caches.
+        (JSC::ExecutableAllocator::reprotectRegion):
+            Reformatted, no change.
+        (JSC::ExecutableAllocator::cacheFlush):
+            Cache flush a region of memory, or platforms where this is necessary.
+        * wtf/Platform.h:
+            Add changes necessary to allow YARR jit to build on this platform, disabled.
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateEnter):
+        (JSC::Yarr::RegexGenerator::generateReturn):
+            Add support to these methods for ARMv7.
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Unreviewed, fix my previous fix.
+
+        * runtime/DateInstance.cpp:
+        (JSC::DateInstance::msToGregorianDateTime): Use WTF namespace qualifier to
+            disambiguate func signatures.
+
+2009-06-08  Mark Rowe  <mrowe@apple.com>
+
+        Attempt to fix the Tiger build.
+
+        * wtf/Platform.h: Only test the value of the macro once we know it is defined.
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Unreviewed, another Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Unreviewed, projectile-fixing Windows build.
+
+        * runtime/DateConversion.cpp: Added StringExtras include.
+        * wtf/DateMath.cpp: Replaced math with algorithm include (looking for std::min def for Windows).
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Unreviewed, Windows build fix.
+
+        * runtime/DateConstructor.cpp: Changed to use WTF namespace.
+        * runtime/DateConversion.cpp: Added UString include.
+        * runtime/DateInstance.cpp: Changed to use WTF namespace.
+        * wtf/DateMath.cpp: Added math include.
+
+2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=26238
+        Move most of runtime/DateMath functions to wtf/DateMath, and split off conversion-related
+        helpers to DateConversion.
+
+        * AllInOneFile.cpp: Changed DateMath->DateConversion.
+        * GNUmakefile.am: Ditto and added DateMath.
+        * JavaScriptCore.exp: Ditto.
+        * JavaScriptCore.pri: Ditto.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added DateMath.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * JavaScriptCoreSources.bkl: Ditto.
+        * pcre/pcre_exec.cpp: Changed to use DateMath.
+        * profiler/ProfileNode.cpp:
+        (JSC::getCount): Changed to use DateConversion.
+        * runtime/DateConstructor.cpp: Ditto.
+        * runtime/DateConversion.cpp: Copied from JavaScriptCore/runtime/DateMath.cpp.
+        (JSC::parseDate): Refactored to use null-terminated characters as input.
+        * runtime/DateConversion.h: Copied from JavaScriptCore/runtime/DateMath.h.
+        * runtime/DateInstance.cpp: Changed to use wtf/DateMath.
+        * runtime/DateInstance.h: Ditto.
+        * runtime/DateMath.cpp: Removed.
+        * runtime/DateMath.h: Removed.
+        * runtime/DatePrototype.cpp: Ditto.
+        * runtime/InitializeThreading.cpp: Ditto.
+        * wtf/DateMath.cpp: Copied from JavaScriptCore/runtime/DateMath.cpp.
+        * wtf/DateMath.h: Copied from JavaScriptCore/runtime/DateMath.h.
+
+2009-06-08  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+
+2009-06-07  David Kilzer  <ddkilzer@apple.com>
+
+        Make JavaScriptCore compile for iPhone and iPhone Simulator
+
+        Reviewed by Gavin Barraclough.
+
+        * Configurations/Base.xcconfig: Split GCC_ENABLE_OBJC_GC on
+        $(REAL_PLATFORM_NAME).  Added $(ARCHS_UNIVERSAL_IPHONE_OS) to
+        VALID_ARCHS.  Added REAL_PLATFORM_NAME_iphoneos,
+        REAL_PLATFORM_NAME_iphonesimulator, HAVE_DTRACE_iphoneos and
+        HAVE_DTRACE_iphonesimulator variables.
+        * Configurations/DebugRelase.xcconfig: Split ARCHS definition on
+        $(REAL_PLATFORM_NAME).
+        * Configurations/JavaScriptCore.xcconfig: Added
+        EXPORTED_SYMBOLS_FILE_armv6 and EXPORTED_SYMBOLS_FILE_armv7
+        variables.  Split OTHER_LDFLAGS into OTHER_LDFLAGS_BASE and
+        OTHER_LDFLAGS_$(REAL_PLATFORM_NAME) since CoreServices.framework
+        is only linked to on Mac OS X.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
+        to CoreServices.framework since it's linked using OTHER_LDFLAGS
+        in JavaScriptCore.xcconfig.
+        * profiler/ProfilerServer.mm: Added #import for iPhone
+        Simulator.
+        (-[ProfilerServer init]): Conditionalize use of
+        NSDistributedNotificationCenter to non-iPhone or iPhone
+        Simulator.
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMallocStats::): Build fix for iPhone and iPhone
+        Simulator.
+        * wtf/Platform.h: Defined PLATFORM(IPHONE) and
+        PLATFORM(IPHONE_SIMULATOR).
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::setThreadNameInternal): Build fix for iPhone and iPhone
+        Simulator.
+
+2009-06-08  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Use $QMAKE_PATH_SEP instead of hardcoded / to fix Windows build
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.pro:
+        * jsc.pro:
+
+2009-06-07  Gavin Barraclough  <barraclough@apple.com>
+
+        RS by Sam Weinig.
+
+        Remove bonus bogus \n from last commit.
+
+        * jit/JITStubs.cpp:
+        (JSC::):
+
+2009-06-07  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Change the implementation of op_throw so the stub function always modifies its
+        return address - if it doesn't find a 'catch' it will switch to a trampoline
+        to force a return from JIT execution.  This saves memory, by avoiding the need
+        for a unique return for every op_throw.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_throw):
+            JITStubs::cti_op_throw now always changes its return address,
+            remove return code generated after the stub call (this is now
+            handled by ctiOpThrowNotCaught).
+        * jit/JITStubs.cpp:
+        (JSC::):
+            Add ctiOpThrowNotCaught definitions.
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+            Change cti_op_throw to always change its return address.
+        * jit/JITStubs.h:
+            Add ctiOpThrowNotCaught declaration.
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Rudder stamped by Sam Weinig.
+
+        Add missing ASSERT.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::getRelocatedAddress):
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Switch storePtrWithPatch to take the initial immediate value as an argument.
+
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::storePtrWithPatch):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jsr):
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove patchLength..tByIdExternalLoadPrefix magic numbers from JIT.h.
+
+        These aren't really suitable values to be tracking within common code
+        of the JIT, since they are not (and realistically cannot) be checked
+        by ASSERTs, as the other repatch offsets are.  Move this functionality
+        (skipping the REX prefix when patching load instructions to LEAs on
+        x86-64) into the X86Assembler.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadPtrToLEA):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::repatchLoadPtrToLEA):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+
+2009-06-05  Shinichiro Hamaji  <hamaji@chromium.org>
+
+        Bug 26160: Compile fails in MacOSX when GNU fileutils are installed
+
+        <https://bugs.webkit.org/show_bug.cgi?id=26160>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Use /bin/ln instead of ln for cases where this command is used with -h option.
+        As this option is not supported by GNU fileutils, this change helps users 
+        who have GNU fileutils in their PATH.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove DoubleNotEqual floating point comparison condition for now -
+        it is not used, and it is unclear the semantics are correct (I think
+        this comparison would actually give you not-equal-or-unordered, which
+        might be what is wanted... we can revisit this interface & get it
+        right when required).
+
+        Also, fix asserts in branchArith32 ops.  All adds & subs can check
+        for Signed, multiply only sets OF so can only check for overflow.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::):
+        (JSC::MacroAssemblerX86Common::branchAdd32):
+        (JSC::MacroAssemblerX86Common::branchMul32):
+        (JSC::MacroAssemblerX86Common::branchSub32):
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Minor tidy up in JITStubs.
+
+        * jit/JITStubs.cpp:
+        (JSC::StackHack::StackHack):
+        * jit/JITStubs.h:
+
+2009-06-05  Koen Kooi <koen@dominion.thruhere.net>
+
+        Reviewed by Xan Lopez.
+
+        Build fix for glib unicode backend.
+
+        * wtf/unicode/glib/UnicodeMacrosFromICU.h:
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        3 tiny cleanups:
+
+        * assembler/MacroAssemblerX86.h:
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+            store*() methods should take an ImplicitAddress, rather than an Address.
+        * assembler/X86Assembler.h:
+            Make patchPointer private.
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_ret):
+            Remove empty line at end of function.
+
+2009-06-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Encapsulate many uses of void* in the assembler & jit with types that provide
+        more semantic information.  The new types are:
+        
+            * MacroAssemblerCodePtr - this wraps a pointer into JIT generated code.
+            * FunctionPtr - this wraps a pointer to a C/C++ function in JSC.
+            * ReturnAddressPtr - this wraps a return address resulting from a 'call' instruction.
+
+        Wrapping these types allows for stronger type-checking than is possible with everything
+        represented a void*.  For example, it is now enforced by the type system that near
+        calls can only be linked to JIT code and not to C functions in JSC (this was previously
+        required, but could not be enforced on the interface).
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::dataLocation):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::executableAddress):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadToLEA):
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::CodeLocationInstruction):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::operator!):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::reset):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::CodeLocationLabel):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::calleeReturnAddressValue):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::CodeLocationNearCall):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::addressForLookup):
+        (JSC::AbstractMacroAssembler::trampolineAt):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
+        (JSC::::CodeLocationCommon::instructionAtOffset):
+        (JSC::::CodeLocationCommon::labelAtOffset):
+        (JSC::::CodeLocationCommon::jumpAtOffset):
+        (JSC::::CodeLocationCommon::callAtOffset):
+        (JSC::::CodeLocationCommon::nearCallAtOffset):
+        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
+        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::FunctionPtr::FunctionPtr):
+        (JSC::FunctionPtr::value):
+        (JSC::FunctionPtr::executableAddress):
+        (JSC::ReturnAddressPtr::ReturnAddressPtr):
+        (JSC::ReturnAddressPtr::value):
+        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
+        (JSC::MacroAssemblerCodePtr::executableAddress):
+        (JSC::MacroAssemblerCodePtr::dataLocation):
+        (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::patchPointerForCall):
+        * jit/JIT.cpp:
+        (JSC::ctiPatchNearCallByReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITCode.h:
+        (JSC::JITCode::operator !):
+        (JSC::JITCode::addressForCall):
+        (JSC::JITCode::offsetOf):
+        (JSC::JITCode::execute):
+        (JSC::JITCode::size):
+        (JSC::JITCode::HostFunction):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitNakedCall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubs.cpp:
+        (JSC::JITThunks::JITThunks):
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::JITThunks::ctiArrayLengthTrampoline):
+        (JSC::JITThunks::ctiStringLengthTrampoline):
+        (JSC::JITThunks::ctiVirtualCallPreLink):
+        (JSC::JITThunks::ctiVirtualCallLink):
+        (JSC::JITThunks::ctiVirtualCall):
+        (JSC::JITThunks::ctiNativeCallThunk):
+        * yarr/RegexJIT.h:
+        (JSC::Yarr::RegexCodeBlock::operator!):
+        (JSC::Yarr::RegexCodeBlock::execute):
+
+2009-06-05  Antti Koivisto  <antti@apple.com>
+
+        Try to unbreak Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-03  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Dave Kilzer.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=13128
+        Safari not obeying cache header
+        
+        Export JSC::parseDate()
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-06-04  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug in property caching of getters and setters.
+
+        Make sure that the transition logic accounts for getters and setters.
+        If we don't we end up screwing up the transition tables so that some
+        transitions will start incorrectly believing that they need to check
+        for getters and setters. 
+
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        * runtime/JSObject.h:
+        (JSC::):
+        * runtime/Structure.h:
+
+2009-06-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Minor tweak to PatchBuffer, change it so it no longer holds a CodeRef, and instead
+        holds a separate code pointer and executable pool.  Since it now always holds its
+        own copy of the code size, and to simplify the construction sequence, it's neater
+        this way.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
+        (JSC::AbstractMacroAssembler::PatchBuffer::finalizeCode):
+        (JSC::AbstractMacroAssembler::PatchBuffer::code):
+        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
+
+2009-06-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove 'JIT_STUB_ARGUMENT_STACK' this is unused and untested.
+
+        This just leaves JIT_STUB_ARGUMENT_REGISTER and JIT_STUB_ARGUMENT_VA_LIST.
+        Since JIT_STUB_ARGUMENT_REGISTER is the sensible configuration on most platforms,
+        remove this define and make this the default behaviour.
+        Platforms must now define JIT_STUB_ARGUMENT_VA_LIST to get crazy va_list voodoo,
+        if they so desire.
+
+        (Refactoring of #ifdefs only, no functional change, no performance impact.)
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        * jit/JITStubs.h:
+        * wtf/Platform.h:
+
+2009-06-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Sam Weinig.
+
+        * jit/JITArithmetic.cpp:
+            Remove some redundant typedefs, unused since arithmetic was added to the MacroAssembler interface.
+
+2009-06-04  Brent Fulgham  <bfulgham@webkit.org>
+
+        Build fix due to header include problem.
+
+        * interpreter/Interpreter.h: Remove wtf from includes so that
+          compile can find the headers in expected places.
+
+2009-06-04  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        HashTable class (JavaScriptCore/wtf/HashTable.h) doesn't instantiated by 'new', so 
+        inheritance was removed. HashTable struct has been instantiated by operator new in
+        JSGlobalData.cpp:106.
+        HashTable couldn't inherited from FastAllocBase since struct with inheritance is 
+        no longer POD, so HashTable struct has been instantiated by fastNew, destroyed by
+        fastDelete.
+
+        * interpreter/Interpreter.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData):
+        * wtf/HashTable.h:
+
+2009-06-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Wrap the code that plants pushes/pops planted by JIT in explanatorily named
+        methods; move property storage reallocation into a standard stub function.
+
+        ~No performance impact (possible <1% progression on x86-64, likely just noise).
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+            Wrap calls to push/pop.
+        * jit/JIT.h:
+            Declare the new wrapper methods.
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::preverveReturnAddressAfterCall):
+        (JSC::JIT::restoreReturnAddressBeforeReturn):
+            Define the new wrapper methods.
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_end):
+        (JSC::JIT::emit_op_ret):
+            Wrap calls to push/pop.
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+            Move property storage reallocation into a standard stub function.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::JITStubs::):
+
+2009-06-04  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Ariya Hidayat.
+
+        [Qt] Single-threaded QtWebKit configuration
+        <https://bugs.webkit.org/show_bug.cgi?id=26015>
+
+        * JavaScriptCore.pri: Use ThreadingNone.cpp instead of
+        ThreadingQt.cpp and make sure ENABLE_JSC_MULTIPLE_THREADS is turned off
+        when ENABLE_SINGLE_THREADED is tuned on
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadCondition::wait): Fix compilation warning.
+        (WTF::ThreadCondition::timedWait): Ditto.
+
+2009-06-02  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Remove workaround that was added to address <rdar://problem/5488678> as it no longer affects our Tiger builds.
+
+        * Configurations/Base.xcconfig:
+
+2009-06-02  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Sam Weinig.
+
+        Use C-style comments in Platform.h so it can be included from C
+        files.
+
+        * wtf/Platform.h:
+
+2009-06-02  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Rubber-stamped by Simon Hausmann.
+
+        Use File::Spec->tmpdir instead of hardcoded paths for tempfile() dir
+        
+        This fixes the Windows-build if the user does not have a /tmp directory.
+
+        * pcre/dftables:
+
+2009-06-02  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver ">>" Hunt.
+
+        emitSlow_op_rshift is linking the wrong number of slow cases, if !supportsFloatingPoint().
+        Fixerate, and refactor/comment the code a little to make it clearer what is going on.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+
+2009-06-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY - speculative windows build fix (errm, for the other patch!).
+
+        * jit/JITStubs.cpp:
+        (JSC::):
+
+2009-06-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY - speculative windows build fix.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::::CodeLocationCall::CodeLocationCall):
+        (JSC::::CodeLocationNearCall::CodeLocationNearCall):
+
+2009-06-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Olliej Hunt.
+
+        Change JITStub functions from being static members on the JITStub class to be
+        global extern "C" functions, and switch their the function signature declaration
+        in the definition of the functions to be C-macro generated.  This makes it easier
+        to work with the stub functions from assembler code (since the names no longer
+        require mangling), and by delaring the functions with a macro we can look at
+        also auto-generating asm thunks to wrap the JITStub functions to perform the
+        work currently in 'restoreArgumentReference' (as a memory saving).
+
+        Making this change also forces us to be a bit more realistic about what is private
+        on the Register and CallFrame objects.  Presently most everything on these classes
+        is private, and the classes have plenty of friends.  We could befriend all the
+        global functions to perpetuate the delusion of encapsulation, but using friends is
+        a bit of a sledgehammer solution here - since friends can poke around with all of
+        the class's privates, and since all the major classes taht operate on Regsiters are
+        currently friends, right there is currently in practice very little protection at
+        all.  Better to start removing friend delclarations, and exposing just the parts
+        that need to be exposed.
+
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::returnPC):
+        (JSC::ExecState::setCallerFrame):
+        (JSC::ExecState::returnValueRegister):
+        (JSC::ExecState::setArgumentCount):
+        (JSC::ExecState::setCallee):
+        (JSC::ExecState::setCodeBlock):
+        * interpreter/Interpreter.h:
+        * interpreter/Register.h:
+        (JSC::Register::Register):
+        (JSC::Register::i):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        (JSC::JITThunks::JITThunks):
+        (JSC::JITThunks::tryCachePutByID):
+        (JSC::JITThunks::tryCacheGetByID):
+        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
+        * jit/JITStubs.h:
+        (JSC::JITStubs::):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::nativeFunction):
+        (JSC::JSFunction::classInfo):
+        * runtime/JSGlobalData.h:
+
+2009-06-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Tidy up the literal parser.
+
+        Make the number lexing in the LiteralParser exactly match the JSON spec, which
+        makes us cover more cases, but also more strict.  Also made string lexing only
+        allow double-quoted strings.
+
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::Lexer::lex):
+        (JSC::LiteralParser::Lexer::lexString):
+        (JSC::LiteralParser::Lexer::lexNumber):
+
+2009-06-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam "WX" Weinig.
+
+        Allow the JIT to operate without relying on use of RWX memory, on platforms where this is supported.
+
+        This patch adds a switch to Platform.h (ENABLE_ASSEMBLER_WX_EXCLUSIVE) which enables this mode of operation.
+        When this flag is set, all executable memory will be allocated RX, and switched to RW only whilst being
+        modified.  Upon completion of code generation the protection is switched back to RX to allow execution.
+
+        Further optimization will be required before it is desirable to enable this mode of operation by default;
+        enabling this presently incurs a 5%-10% regression.
+
+        (Submitting disabled - no performance impact).
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadToLEA):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::fromFunctionPointer):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationNearCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToFunction):
+        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
+        (JSC::AbstractMacroAssembler::PatchBuffer::~PatchBuffer):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
+        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
+        (JSC::::CodeLocationCommon::nearCallAtOffset):
+        (JSC::::CodeLocationCall::CodeLocationCall):
+        (JSC::::CodeLocationNearCall::CodeLocationNearCall):
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::executableCopy):
+        * assembler/X86Assembler.h:
+        (JSC::CAN_SIGN_EXTEND_U32_64):
+        (JSC::X86Assembler::linkJump):
+        (JSC::X86Assembler::linkCall):
+        (JSC::X86Assembler::patchPointer):
+        (JSC::X86Assembler::relinkJump):
+        (JSC::X86Assembler::relinkCall):
+        (JSC::X86Assembler::repatchInt32):
+        (JSC::X86Assembler::repatchPointer):
+        (JSC::X86Assembler::repatchLoadToLEA):
+        (JSC::X86Assembler::patchInt32):
+        (JSC::X86Assembler::patchRel32):
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutableAllocator::):
+        (JSC::ExecutableAllocator::makeWritable):
+        (JSC::ExecutableAllocator::makeExecutable):
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+        (JSC::ExecutablePool::systemRelease):
+        (JSC::ExecutableAllocator::reprotectRegion):
+        * jit/ExecutableAllocatorWin.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        * wtf/Platform.h:
+
+2009-05-29 Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Inherits Interpreter class from FastAllocBase because it has been
+        instantiated by 'new' in JavaScriptCore/runtime/JSGlobalData.cpp. 
+
+        * interpreter/Interpreter.h:
+
+2009-06-01  David Levin  <levin@chromium.org>
+
+        Reviewed by NOBODY (windows build fix).
+
+        Add exports for windows (corresponding to the JavaScriptCore.exp modification
+        in the previous change).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-06-01  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Alder and Maciej Stachowiak.
+
+        Bug 26057: StringImpl should share buffers with UString.
+        https://bugs.webkit.org/show_bug.cgi?id=26057
+
+        * JavaScriptCore.exp:
+        * runtime/UString.cpp:
+        (JSC::UString::Rep::create):
+        (JSC::UString::BaseString::sharedBuffer): Only do the sharing when
+        the buffer exceeds a certain size.  The size was tuned by running
+        various dom benchmarks with numbers ranging from 20 to 800 and finding
+        a place that seemed to do the best overall.
+        * runtime/UString.h:
+
+2009-05-31  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Olliej "you just need to change NativeFunctionWrapper.h" Hunt.
+
+        Add ENABLE_JIT_OPTIMIZE_NATIVE_CALL switch to allow JIT to operate without native call optimizations.
+
+        * runtime/NativeFunctionWrapper.h:
+        * wtf/Platform.h:
+
+2009-05-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <rdar://problem/6935193> REGRESSION (r42734): Celtic Kane JavaScript benchmark does not run:
+        "Maximum call stack size exceeded"
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString): Use the same recursion limit as the other recursion checks.
+        We need a limit of at least 100 to run the benchmark above.
+        (JSC::arrayProtoFuncToLocaleString): Ditto.
+        (JSC::arrayProtoFuncJoin): Ditto.
+
+2009-05-28  Dirk Schulze  <krit@webkit.org>
+
+        Reviewed by Nikolas Zimmermann.
+
+        Added new build flag --filters for Mac. More details in WebCore/ChangeLog.
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-05-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6928025> Stack overflow in JSC::stringProtoFuncReplace() running jsFunFuzz
+
+        We should always check for exceptions after creating a CachedCall, this wasn't being done in
+        the string replace logic.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+
+2009-05-27  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Unreviewed (make distcheck) build fix; adding missing headers.
+
+        * GNUmakefile.am:
+
+2009-05-27  Jessie Berlin  <jberlin@apple.com>
+
+        Reviewed by Adam Roben
+        
+        Fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-27  Fridrich Strba  <fridrich.strba@bluewin.ch>
+
+        Reviewed by Gustavo Noronha.
+
+        When building on Windows, consider Windows specific files.
+
+        * GNUmakefile.am:
+
+2009-05-27  Fridrich Strba  <fridrich.strba@bluewin.ch>
+
+        Reviewed by Maciej Stachowiak.
+
+        When building with MinGW, don't use the __declspec(dl{import,export})
+        decorations and rely on the linker to use its nifty auto-import feature.
+        It is extremely hard to get the decorations right with MinGW in general
+        and impossible in WebKit, where the resulting shared library is linking
+        together some static libraries.
+
+        * config.h:
+
+2009-05-26  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Xan Lopez.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25613
+
+        Be able to use GOwnPtr for GHashTable as well. The assumption
+        is that the hash table has been created with g_hash_table_new_full
+        and has proper destruction functions.
+
+        * wtf/GOwnPtr.cpp:
+        (WTF::GHashTable):
+        * wtf/GOwnPtr.h:
+
+2009-05-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6924033> REGRESSION: Assertion failure due to forward references
+
+        Add a pattern type for forward references to ensure that we don't confuse the
+        quantifier alternatives assertion.
+
+        * yarr/RegexCompiler.cpp:
+        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
+        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::ByteCompiler::emitDisjunction):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateTerm):
+        * yarr/RegexPattern.h:
+        (JSC::Yarr::PatternTerm::):
+        (JSC::Yarr::PatternTerm::PatternTerm):
+        (JSC::Yarr::PatternTerm::ForwardReference):
+
+2009-05-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for: <rdar://problem/6918095> REGRESSION: jQuery load() issue (25981),
+        and also an ASSERT failure on http://ihasahotdog.com/.
+
+        When overwriting a property on a dictionary with a cached specific value,
+        clear the cache if new value being written is different.
+
+        * JavaScriptCore.exp:
+            Export the new symbols.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_get_by_id_method_check_second):
+            Close dictionary prototypes upon caching a method access, as would happen when caching
+            a regular get_by_id.
+        * runtime/JSObject.h:
+        (JSC::JSObject::propertyStorage):
+        (JSC::JSObject::locationForOffset):
+            Make these methods private.
+        (JSC::JSObject::putDirectInternal):
+            When overwriting a property on a dictionary with a cached specific value,
+            clear the cache if new value being written is different.
+        * runtime/Structure.cpp:
+        (JSC::Structure::despecifyDictionaryFunction):
+            Reset the specific value field for a given property in a dictionary.
+        (JSC::Structure::despecifyFunctionTransition):
+            Rename of 'changeFunctionTransition' (this was already internally refered to as a despecification).
+        * runtime/Structure.h:
+            Declare new method.
+
+2009-05-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver "pieces of eight" Hunt.
+
+        When reseting RegexPattern class, should fully reset the class, not just bits of it.
+        In particular, we delete the cached character classes (for wordchars, etc), but do
+        not reset the set of pointers to the cached classes.  In the case of a repeated parse
+        due to an illegal back-reference we will continue to use the deleted character class.
+
+        * yarr/RegexPattern.h:
+        (JSC::Yarr::RegexPattern::reset):
+
+2009-05-26  Brent Fulgham  <bfulgham@webkit.org>
+
+        Build fix to correct r44161.
+
+        * wtf/FastAllocBase.h:
+
+2009-05-26  Zoltan Horvath  <horvath.zoltan.6@stud.u-szeged.hu>
+
+        Reviewed by Maciej Stachowiak.
+
+        Inherite HashTable from FastAllocBase, because it has been instantiated by
+        'new' in JavaScriptCore/runtime/JSGlobalData.cpp.
+
+        * wtf/HashTable.h:
+        * wtf/FastAllocBase.h: Remove 'wtf' path from TypeTraits.h to allow use outside of wtf.
+
+2009-05-25  David Levin  <levin@chromium.org>
+
+        Reviewed by Maciej Stachowiak and Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25126
+        Allow the buffer underlying UString to be shared.
+
+        In order to not grow the underlying size of any structure,
+        there is a union in the Rep string which holds
+         + m_sharedBuffer -- a pointer to the shared ref counted buffer
+           if the class is BaseString and the buffer is being shared OR
+         + m_baseString -- the BaseString if the class is only UString::Rep
+           but not a UString::BaseString
+
+        Ideally, m_sharedBuffer would be a RefPtr, but it cannot be because
+        it is in a union.
+
+        No change in sunspider perf.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/UString.cpp:
+        (JSC::UString::Rep::share):
+        (JSC::UString::Rep::destroy):
+        (JSC::UString::BaseString::sharedBuffer):
+        (JSC::UString::BaseString::setSharedBuffer):
+        (JSC::UString::BaseString::slowIsBufferReadOnly):
+        (JSC::expandCapacity):
+        (JSC::UString::Rep::reserveCapacity):
+        (JSC::UString::expandPreCapacity):
+        (JSC::concatenate):
+        (JSC::UString::append):
+        * runtime/UString.h:
+        (JSC::UString::Rep::Rep):
+        (JSC::UString::Rep::):
+        (JSC::UString::BaseString::isShared):
+        (JSC::UString::BaseString::isBufferReadOnly):
+        (JSC::UString::Rep::baseString):
+        * wtf/CrossThreadRefCounted.h:
+        (WTF::CrossThreadRefCounted::isShared):
+        * wtf/OwnFastMallocPtr.h: Added.
+        (WTF::OwnFastMallocPtr::OwnFastMallocPtr):
+        (WTF::OwnFastMallocPtr::~OwnFastMallocPtr):
+        (WTF::OwnFastMallocPtr::get):
+        (WTF::OwnFastMallocPtr::release):
+
+2009-05-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Re-add interpreter logic to jit-enabled builds as GCC mysteriously regresses without it
+
+        * wtf/Platform.h:
+
+2009-05-25  Fridrich Strba  <fridrich.strba@bluewin.ch>
+
+        Reviewed by Maciej Stachowiak.
+
+        The functions written in assembly need to have a leading
+        underscore on Windows too.
+
+        * jit/JITStubs.cpp:
+
+2009-05-24  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix for experimental PGO Windows target.
+        
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2009-05-23  David Kilzer  <ddkilzer@apple.com>
+
+        Part 1 of 2: Bug 25495: Implement PassOwnPtr and replace uses of std::auto_ptr
+
+        <https://bugs.webkit.org/show_bug.cgi?id=25495>
+
+        Reviewed by Oliver Hunt.
+
+        * GNUmakefile.am: Added OwnPtrCommon.h and PassOwnPtr.h.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+
+        * wtf/OwnPtr.h:
+        (WTF::OwnPtr::OwnPtr): Added constructors that take a
+        PassOwnPtr.  Also added a copy constructor declaration that's
+        required when assigning a PassOwnPtr to a stack-based OwnPtr.
+        (WTF::operator=): Added assignment operator methods that take a
+        PassOwnPtr.
+        (WTF::swap): Reformatted.
+        (WTF::operator==): Whitespace changes.
+        (WTF::operator!=): Ditto.
+
+        * wtf/OwnPtrCommon.h: Added.
+        (WTF::deleteOwnedPtr):
+
+        * wtf/PassOwnPtr.h: Added.
+        (WTF::PassOwnPtr::PassOwnPtr):
+        (WTF::PassOwnPtr::~PassOwnPtr):
+        (WTF::PassOwnPtr::get):
+        (WTF::PassOwnPtr::clear):
+        (WTF::PassOwnPtr::release):
+        (WTF::PassOwnPtr::operator*):
+        (WTF::PassOwnPtr::operator->):
+        (WTF::PassOwnPtr::operator!):
+        (WTF::PassOwnPtr::operator UnspecifiedBoolType):
+        (WTF::::operator):
+        (WTF::operator==):
+        (WTF::operator!=):
+        (WTF::static_pointer_cast):
+        (WTF::const_pointer_cast):
+        (WTF::getPtr):
+
+2009-05-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove interpreter specific logic from the JIT builds.
+
+        This saves ~100k in JSC release builds.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * wtf/Platform.h:
+
+2009-05-22  Mark Rowe  <mrowe@apple.com>
+
+        Part two of an attempted Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-22  Mark Rowe  <mrowe@apple.com>
+
+        Part one of an attempted Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        op_method_check
+
+        Optimize method calls, by caching specific function values within the Structure.
+        The new opcode is used almost like an x86 opcode prefix byte to optimize op_get_by_id,
+        where the property access is being used to read a function to be passed to op-call (i.e.
+        'foo.bar();').  This patch modifies the Structure class such that when a property is
+        put to an object for the first time we will check if the value is a function.  If it is,
+        we will cache the function value on the Structure.  A Structure in such a state guarantees
+        that not only does a property with the given identifier exist on the object, but also that
+        its value is unchanged.  Upon any further attempt to put a property with the same identifier
+        (but a different value) to the object, it will transition back to a normal Structure (where
+        it will guarantee the presence but not the value of the property).
+
+        op_method_check makes use of the new information made available by the Structure, by
+        augmenting the functionality of op_get_by_id.  Upon generating a FunctionCallDotNode a
+        check will be emitted prior to the property access reading the function value, and the JIT
+        will generate an extra (initially unlinked but patchable) set of checks prior to the regular
+        JIT code for get_by_id.  The new code will do inline structure and prototype structure check
+        (unlike a regular get_by_id, which can only handle 'self' accesses inline), and then performs
+        an immediate load of the function value, rather than using memory accesses to load the value
+        from the obejct's property storage array.  If the method check fails it will revert, or if
+        the access is polymorphic, the op_get_by_id will continue to operate - and optimize itself -
+        just as any other regular op_get_by_id would.
+
+        ~2.5% on v8-tests, due to a ~9% progression on richards.
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::put):
+        (JSC::::staticFunctionGetter):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor):
+        * JavaScriptCore.exp:
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::differenceBetween):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::moveWithPatch):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/CodeBlock.h:
+        (JSC::getMethodCallLinkInfoReturnLocation):
+        (JSC::CodeBlock::getMethodCallLinkInfo):
+        (JSC::CodeBlock::addMethodCallLinkInfos):
+        (JSC::CodeBlock::methodCallLinkInfo):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitMethodCheck):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
+        * jit/JITOpcodes.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_method_check):
+        (JSC::JIT::emitSlow_op_method_check):
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emitSlow_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        (JSC::JIT::emitSlow_op_put_by_id):
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::patchMethodCallProto):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_get_by_id_method_check):
+        (JSC::JITStubs::cti_op_get_by_id_method_check_second):
+        * jit/JITStubs.h:
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallDotNode::emitBytecode):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::put):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * runtime/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        (JSC::constructError):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::put):
+        (JSC::JSActivation::putWithAttributes):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::JSByteArray):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::getOwnPropertySlot):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::putWithAttributes):
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::mark):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
+        (JSC::JSGlobalObject::methodCallDummy):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::put):
+        (JSC::JSObject::putWithAttributes):
+        (JSC::JSObject::deleteProperty):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::getPropertyAttributes):
+        (JSC::JSObject::getPropertySpecificFunction):
+        (JSC::JSObject::putDirectFunction):
+        (JSC::JSObject::putDirectFunctionWithoutTransition):
+        * runtime/JSObject.h:
+        (JSC::getJSFunction):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::putDirectWithoutTransition):
+        * runtime/LiteralParser.cpp:
+        (JSC::LiteralParser::parseObject):
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/Lookup.h:
+        (JSC::lookupPut):
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        (JSC::NativeErrorConstructor::construct):
+        * runtime/NativeErrorPrototype.cpp:
+        (JSC::NativeErrorPrototype::NativeErrorPrototype):
+        * runtime/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * runtime/PropertyMapHashTable.h:
+        (JSC::PropertyMapEntry::PropertyMapEntry):
+        * runtime/PrototypeFunction.cpp:
+        (JSC::PrototypeFunction::PrototypeFunction):
+        * runtime/PutPropertySlot.h:
+        (JSC::PutPropertySlot::):
+        (JSC::PutPropertySlot::PutPropertySlot):
+        (JSC::PutPropertySlot::setNewProperty):
+        (JSC::PutPropertySlot::setDespecifyFunctionProperty):
+        (JSC::PutPropertySlot::isCacheable):
+        (JSC::PutPropertySlot::cachedOffset):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        * runtime/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::~Structure):
+        (JSC::Structure::materializePropertyMap):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::changeFunctionTransition):
+        (JSC::Structure::addPropertyWithoutTransition):
+        (JSC::Structure::get):
+        (JSC::Structure::despecifyFunction):
+        (JSC::Structure::put):
+        (JSC::Structure::remove):
+        * runtime/Structure.h:
+        (JSC::Structure::get):
+        (JSC::Structure::specificFunction):
+        * runtime/StructureTransitionTable.h:
+        (JSC::StructureTransitionTableHashTraits::emptyValue):
+        * wtf/Platform.h:
+
+2009-05-22  Brent Fulgham <bfulgham@webkit.org>
+
+        Reviewed by Steve Falkenburg.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25950
+        JavaScriptCore Fails to build on Windows (Cairo) due to CoreFoundation
+        link requirement.
+
+        Modify project to add new Debug_CFLite and Release_CFLite targets.  These
+        use the new JavaScriptCoreCFLite.vsprops to link against CFLite.dll.
+        Existing projects are changed to use the new JavaScriptCoreCF.vsprops
+        to link against CoreFoundation.dll.
+
+        The JavaScriptCoreCommon.vsprops is modified to remove the link
+        against CoreFoundation.dll.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+
+2009-05-22  Dominik Röttsches  <dominik.roettsches@access-company.com>
+
+        Reviewed by Gustavo Noronha.
+
+        https://bugs.webkit.org/show_bug.cgi?id=15914
+        [GTK] Implement Unicode functionality using GLib
+
+        Original patch by Jürg Billeter and Naiem Shaik.
+        Implementing WTF Unicode functionality based on GLib.
+
+        * GNUmakefile.am:
+        * wtf/unicode/Unicode.h:
+        * wtf/unicode/glib: Added.
+        * wtf/unicode/glib/UnicodeGLib.cpp: Added.
+        (WTF::Unicode::foldCase):
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::direction):
+        (WTF::Unicode::umemcasecmp):
+        * wtf/unicode/glib/UnicodeGLib.h: Added.
+        (WTF::Unicode::):
+        (WTF::Unicode::toLower):
+        (WTF::Unicode::toUpper):
+        (WTF::Unicode::toTitleCase):
+        (WTF::Unicode::isArabicChar):
+        (WTF::Unicode::isFormatChar):
+        (WTF::Unicode::isSeparatorSpace):
+        (WTF::Unicode::isPrintableChar):
+        (WTF::Unicode::isDigit):
+        (WTF::Unicode::isPunct):
+        (WTF::Unicode::mirroredChar):
+        (WTF::Unicode::category):
+        (WTF::Unicode::isLower):
+        (WTF::Unicode::digitValue):
+        (WTF::Unicode::combiningClass):
+        (WTF::Unicode::decompositionType):
+        * wtf/unicode/glib/UnicodeMacrosFromICU.h: Added.
+
+2009-05-21  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed build fix.
+
+        Add MacroAssemblerCodeRef.h to file list.
+
+        * GNUmakefile.am:
+
+2009-05-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+        Addition of MacroAssemblerCodeRef.h rubber stamped by Geoff Garen.
+
+        Refactor JIT code-handle objects.  The representation of generated code is currently
+        a bit of a mess.  We have a class JITCode which wraps the pointer to a block of
+        generated code, but this object does not reference the executable pool meaning that
+        external events (the pool being derefed) could make the pointer become invalid.
+        To overcome this both the JIT and Yarr implement further (and similar) objects to
+        wrap the code pointer with a RefPtr to the pool.  To add to the mire, as well as the
+        CodeBlock containing a handle onto the code the FunctionBodyNode also contains a
+        copy of the code pointer which is used almost (but not entirely) uniquely to access
+        the JIT code for a function.
+
+        Rationalization of all this:
+
+            * Add a new type 'MacroAssembler::CodeRef' as a handle for a block of JIT generated code.
+            * Change the JIT & Yarr to internally handle code using CodeRefs.
+            * Move the CodeRef (formerly anow defunct JITCodeRef) from CodeBlock to its owner node.
+            * Remove the (now) redundant code pointer from FunctionBodyNode.
+
+        While tidying this up I've made the PatchBuffer return code in new allocations using a CodeRef,
+        and have enforced an interface that the PatchBuffer will always be used, and 'finalizeCode()' or
+        'finalizeCodeAddendum()' will always be called exactly once on the PatchBuffer to complete code generation.
+
+        This gives us a potentially useful hook ('PatchBuffer::performFinalization()') at the end of generation,
+        which may have a number of uses.  It may be helpful should we wish to switch our generation
+        model to allow RW/RX exclusive memory, and it may be useful on non-cache-coherent platforms to
+        give us an oportunity to cache flush as necessary.
+
+        No performance impact.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
+        (JSC::AbstractMacroAssembler::CodeRef::CodeRef):
+        (JSC::AbstractMacroAssembler::CodeRef::trampolineAt):
+        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
+        (JSC::AbstractMacroAssembler::PatchBuffer::~PatchBuffer):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
+        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
+        (JSC::AbstractMacroAssembler::PatchBuffer::complete):
+        (JSC::AbstractMacroAssembler::PatchBuffer::finalize):
+        (JSC::AbstractMacroAssembler::PatchBuffer::entry):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::setJITCode):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getBytecodeIndex):
+        (JSC::CodeBlock::executablePool):
+        * interpreter/CallFrameClosure.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::linkCall):
+        * jit/JIT.h:
+        * jit/JITCode.h:
+        (JSC::JITCode::JITCode):
+        (JSC::JITCode::operator bool):
+        (JSC::JITCode::addressForCall):
+        (JSC::JITCode::offsetOf):
+        (JSC::JITCode::execute):
+        (JSC::JITCode::size):
+        (JSC::JITCode::executablePool):
+        (JSC::JITCode::HostFunction):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_vm_lazyLinkCall):
+        * parser/Nodes.cpp:
+        (JSC::ProgramNode::generateJITCode):
+        (JSC::EvalNode::generateJITCode):
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::createNativeThunk):
+        (JSC::FunctionBodyNode::generateJITCode):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::generatedJITCode):
+        (JSC::ScopeNode::getExecutablePool):
+        (JSC::ScopeNode::setJITCode):
+        (JSC::ProgramNode::jitCode):
+        (JSC::EvalNode::jitCode):
+        (JSC::FunctionBodyNode::jitCode):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::match):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::compile):
+        (JSC::Yarr::jitCompileRegex):
+        (JSC::Yarr::executeRegex):
+        * yarr/RegexJIT.h:
+        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
+        (JSC::Yarr::RegexCodeBlock::pcreFallback):
+        (JSC::Yarr::RegexCodeBlock::setFallback):
+        (JSC::Yarr::RegexCodeBlock::operator bool):
+        (JSC::Yarr::RegexCodeBlock::set):
+        (JSC::Yarr::RegexCodeBlock::execute):
+
+2009-05-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        <rdar://problem/6910264> REGRESSION: Cached DOM global object property access fails in browser (25921)
+        <https://bugs.webkit.org/show_bug.cgi?id=25921>
+
+        When caching properties on the global object we need to ensure that we're
+        not attempting to cache through a shell object.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveGlobal):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_resolve_global):
+
+2009-05-21  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+
+2009-05-21  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Bug 25945: Add support for MADV_FREE to TCMalloc
+        <https://bugs.webkit.org/show_bug.cgi?id=25945>
+        <rdar://problem/6910754>
+
+        Add support for MADV_FREE to TCMalloc_SystemRelease for platforms that
+        don't also support MADV_FREE_REUSE. The code is identical to the MADV_DONTNEED
+        case except for the advice passed to madvise(), so combining the two cases
+        makes the most sense.
+
+        * wtf/Platform.h: Only define HAVE_MADV_FREE when not building on Tiger or
+        Leopard, because while it is defined on these platforms it actually does
+        nothing.
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease): use MADV_FREE if it is available; otherwise use
+        MADV_DONTNEED.
+
+2009-05-21  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix <https://bugs.webkit.org/show_bug.cgi?id=25917> / <rdar://problem/6910066>.
+        Bug 25917: REGRESSION (r43559?): Javascript debugger crashes when pausing page
+
+        The debugger currently retrieves the arguments object from an activation rather than pulling
+        it from a call frame.  This is unreliable to due to the recent optimization to lazily create
+        the arguments object.  In the long-term it should stop doing that (<rdar://problem/6911886>),
+        but for now we force eager creation of the arguments object when debugging.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+
+2009-05-21  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 25912: Harden NumberPrototype.cpp by removing use of strcpy()
+        <https://bugs.webkit.org/show_bug.cgi?id=25912>
+
+        This causes no change on SunSpider.
+
+        * runtime/NumberPrototype.cpp:
+        (JSC::integerPartNoExp): replace strcpy() with memcpy(), ASSERT that the
+        temporary buffer has sufficient space to store the result, and move the
+        explicit null-termination closer to the memcpy() for easier visual inspection
+        of the code.
+        (JSC::fractionalPartToString): replace strcpy() with memcpy(), and ASSERT
+        that the temporary buffer has sufficient space to store the result. There
+        is no explicit null-termination because this is done by the caller. The
+        same is already true for exponentialPartToString().
+        (JSC::numberProtoFuncToExponential): replace strcpy() with memcpy(), explicitly
+        null-terminate the result, and ASSERT that the temporary buffer has sufficient
+        space to store the result.
+
+2009-05-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Cleanup the JSGlobalData when exiting early with the usage statement in jsc.
+
+        * jsc.cpp:
+        (printUsageStatement):
+        (parseArguments):
+        (jscmain):
+
+2009-05-20  Stephanie Lewis  <slewis@apple.com>
+
+        Update the order files.  <rdar://problem/6881750> Generate new order files.
+
+        * JavaScriptCore.order:
+
+2009-05-19  Kenneth Rohde Christiansen  <kenneth.christiansen@openbossa.org>
+
+        Reviewed by Simon Hausmann.
+
+        Replace WREC with YARR + YARR_JIT for the Qt port. This is only
+        used when compiled with JIT support for now, so it is a drop-in
+        replacement for the WREC usage. Still including the wrec headers
+        as they are being referred from RegExp.h, though the contents of
+        that header it protected by "#if ENABLE(WREC)".
+
+        * JavaScriptCore.pri:
+
+2009-05-20  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Eric Seidel.
+
+        Fix GTK debug build.
+
+        The function dumpDisjunction, compiled with debug enabled, uses
+        printf, which needs stdio.h to be included.
+
+        * yarr/RegexInterpreter.cpp:
+
+2009-05-20  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by George Staikos.
+
+        BUG 25843: [Qt] Remove qt-port build flag
+        <https://bugs.webkit.org/show_bug.cgi?id=25843>
+
+        * JavaScriptCore.pro:
+
+
+2009-05-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::releaseExcessCapacity): Copy-paste typo.
+
+2009-05-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/6885680> CrashTracer: [USER] 1 crash in Install
+        Mac OS X at <unknown binary> • 0x9274241c
+        
+        (Original patch by Joe Sokol and Ronnie Misra.)
+        
+        SunSpider says 1.004x faster.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::releaseExcessCapacity): Instead of doing complicated
+        math that sometimes used to overflow, just release the full range of the
+        register file.
+
+        * interpreter/RegisterFile.h:
+        (JSC::isPageAligned):
+        (JSC::RegisterFile::RegisterFile): Added ASSERTs to verify that it's
+        safe to release the full range of the register file.
+
+        (JSC::RegisterFile::shrink): No need to releaseExcessCapacity() if the
+        new end is not smaller than the old end. (Also, doing so used to cause
+        numeric overflow, unmapping basically the whole process from memory.)
+
+2009-05-19  Oliver Hunt  <oliver@apple.com>
+
+        RS=Mark Rowe.
+
+        <rdar://problem/6888393> REGRESSION: Start Debugging JavaScript crashes browser (nightly builds only?)
+        <https://bugs.webkit.org/show_bug.cgi?id=25717>
+
+        Remove JSC_FAST_CALL as it wasn't gaining us anything, and was
+        resulting in weird bugs in the nightly builds.
+
+        * parser/Nodes.cpp:
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::isNumber):
+        (JSC::ExpressionNode::isString):
+        (JSC::ExpressionNode::isNull):
+        (JSC::ExpressionNode::isPure):
+        (JSC::ExpressionNode::isLocation):
+        (JSC::ExpressionNode::isResolveNode):
+        (JSC::ExpressionNode::isBracketAccessorNode):
+        (JSC::ExpressionNode::isDotAccessorNode):
+        (JSC::ExpressionNode::isFuncExprNode):
+        (JSC::ExpressionNode::isSimpleArray):
+        (JSC::ExpressionNode::isAdd):
+        (JSC::ExpressionNode::resultDescriptor):
+        (JSC::StatementNode::firstLine):
+        (JSC::StatementNode::lastLine):
+        (JSC::StatementNode::isEmptyStatement):
+        (JSC::StatementNode::isReturnNode):
+        (JSC::StatementNode::isExprStatement):
+        (JSC::StatementNode::isBlock):
+        (JSC::NullNode::isNull):
+        (JSC::BooleanNode::isPure):
+        (JSC::NumberNode::value):
+        (JSC::NumberNode::setValue):
+        (JSC::NumberNode::isNumber):
+        (JSC::NumberNode::isPure):
+        (JSC::StringNode::isPure):
+        (JSC::StringNode::isString):
+        (JSC::ResolveNode::identifier):
+        (JSC::ResolveNode::isLocation):
+        (JSC::ResolveNode::isResolveNode):
+        (JSC::BracketAccessorNode::isLocation):
+        (JSC::BracketAccessorNode::isBracketAccessorNode):
+        (JSC::DotAccessorNode::base):
+        (JSC::DotAccessorNode::identifier):
+        (JSC::DotAccessorNode::isLocation):
+        (JSC::DotAccessorNode::isDotAccessorNode):
+        (JSC::TypeOfResolveNode::identifier):
+        (JSC::AddNode::isAdd):
+        (JSC::BlockNode::isBlock):
+        (JSC::EmptyStatementNode::isEmptyStatement):
+        (JSC::ExprStatementNode::isExprStatement):
+        (JSC::ReturnNode::isReturnNode):
+        (JSC::ScopeNode::sourceURL):
+        (JSC::ProgramNode::bytecode):
+        (JSC::EvalNode::bytecode):
+        (JSC::FunctionBodyNode::parameters):
+        (JSC::FunctionBodyNode::toSourceString):
+        (JSC::FunctionBodyNode::bytecode):
+        (JSC::FuncExprNode::isFuncExprNode):
+
+2009-05-19  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        - speed up string comparison, especially for short strings
+        
+        ~1% on SunSpider
+
+        * JavaScriptCore.exp:
+        * runtime/UString.cpp:
+        * runtime/UString.h:
+        (JSC::operator==): Inline UString's operator==, since it is called from
+        hot places in the runtime. Also, specialize 2-char strings in a similar way to
+        1-char, since we're taking the hit of a switch anyway.
+
+2009-05-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        - for polymorphic prototype lookups, increase the number of slots from 4 to 8
+        
+        ~4% faster on v8 raytrace benchmark
+
+        * bytecode/Instruction.h:
+
+2009-05-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - tighten up the code for the load_varargs stub
+        
+        ~1-2% on v8-raytrace
+        
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_load_varargs): Hoist some loop invariants that
+        the compiler didn't feel like hoisting for us. Remove unneeded exception check.
+
+2009-05-18  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - Improve code generation for access to prototype properties
+        
+        ~0.4% speedup on SunSpider.
+        
+        Based on a suggestion from Geoff Garen.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2009-05-18  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Reviewed by Gavin Barraclough.
+
+        Enable YARR, and disable WREC for GTK+.
+
+        * GNUmakefile.am:
+        * yarr/RegexParser.h:
+
+2009-05-18  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+         Reviewed by Xan Lopez.
+
+         [Gtk] Various autotools build refactoring and fixes
+         https://bugs.webkit.org/show_bug.cgi?id=25286
+
+         Add -no-install and -no-fast-install to programs and tests that we
+         don't install. Also remove -O2 since this is already handled at
+         configure time.
+
+         * GNUmakefile.am:
+
+2009-05-17  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Xan Lopez.
+
+        [Gtk] Various autotools build refactoring and fixes
+        https://bugs.webkit.org/show_bug.cgi?id=25286
+
+        Add JavaScriptCore/ to JSC include path only since it's not
+        required when building WebCore.
+
+        * GNUmakefile.am:
+
+2009-05-17  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2009-05-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Looking like MSVC doesn't like static variables in inline methods?
+        Make the state of the SSE2 check a static variable on the class
+        MacroAssemblerX86Common as a speculative build fix for Windows.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::convertInt32ToDouble):
+        (JSC::MacroAssemblerX86Common::branchDouble):
+        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+        (JSC::MacroAssemblerX86Common::isSSE2Present):
+        (JSC::MacroAssemblerX86Common::):
+        * jit/JIT.cpp:
+
+2009-05-15  Adam Roben  <aroben@apple.com>
+
+        Add some assembler headers to JavaScriptCore.vcproj
+
+        This is just a convenience for Windows developers.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2009-05-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add FP support to the MacroAssembler, port JITArithmetic over to make use of this. Also add
+        API to determine whether FP support is available 'MacroAssembler::supportsFloatingPoint()',
+        FP is presently only supported on SSE2 platforms, not x87.  On platforms where a suitable
+        hardware FPU is not available 'supportsFloatingPoint()' may simply return false, and all
+        other methods ASSERT_NOT_REACHED().
+
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::MacroAssemblerX86):
+        (JSC::MacroAssemblerX86::branch32):
+        (JSC::MacroAssemblerX86::branchPtrWithPatch):
+        (JSC::MacroAssemblerX86::supportsFloatingPoint):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::):
+        (JSC::MacroAssemblerX86Common::loadDouble):
+        (JSC::MacroAssemblerX86Common::storeDouble):
+        (JSC::MacroAssemblerX86Common::addDouble):
+        (JSC::MacroAssemblerX86Common::subDouble):
+        (JSC::MacroAssemblerX86Common::mulDouble):
+        (JSC::MacroAssemblerX86Common::convertInt32ToDouble):
+        (JSC::MacroAssemblerX86Common::branchDouble):
+        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
+        (JSC::MacroAssemblerX86Common::branch32):
+        (JSC::MacroAssemblerX86Common::branch16):
+        (JSC::MacroAssemblerX86Common::branchTest32):
+        (JSC::MacroAssemblerX86Common::branchAdd32):
+        (JSC::MacroAssemblerX86Common::branchMul32):
+        (JSC::MacroAssemblerX86Common::branchSub32):
+        (JSC::MacroAssemblerX86Common::set32):
+        (JSC::MacroAssemblerX86Common::setTest32):
+        (JSC::MacroAssemblerX86Common::x86Condition):
+        (JSC::MacroAssemblerX86Common::isSSE2Present):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::movePtrToDouble):
+        (JSC::MacroAssemblerX86_64::moveDoubleToPtr):
+        (JSC::MacroAssemblerX86_64::setPtr):
+        (JSC::MacroAssemblerX86_64::branchPtr):
+        (JSC::MacroAssemblerX86_64::branchTestPtr):
+        (JSC::MacroAssemblerX86_64::branchAddPtr):
+        (JSC::MacroAssemblerX86_64::branchSubPtr):
+        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
+        * assembler/X86Assembler.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_rshift):
+        (JSC::JIT::emitSlow_op_rshift):
+        (JSC::JIT::emitSlow_op_jnless):
+        (JSC::JIT::emitSlow_op_jnlesseq):
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emitSlow_op_mul):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+
+2009-05-15  Francisco Tolmasky  <francisco@280north.com>
+
+        BUG 25467: JavaScript debugger should use function.displayName as the function's name in the call stack
+        <https://bugs.webkit.org/show_bug.cgi?id=25467>
+        
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.exp: Added calculatedFunctionName
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Added calculatedFunctionName
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added calculatedFunctionName
+        * debugger/DebuggerCallFrame.cpp: Added calculatedFunctionName to match existing one in ProfileNode.
+        (JSC::DebuggerCallFrame::calculatedFunctionName):
+        * debugger/DebuggerCallFrame.h: Added calculatedFunctionName to match existing one in ProfileNode.
+
+2009-05-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Build fix, not reviewed.
+
+        Quick fixes for JIT builds with OPTIMIZE flags disabled.
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compilePutByIdHotPath):
+
+2009-05-14  Steve Falkenburg  <sfalken@apple.com>
+
+        Back out incorrect Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2009-05-14  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2009-05-14  Adam Roben  <aroben@apple.com>
+
+        Windows jsc build fix
+
+        r43648 modified jsc.vcproj's post-build event not to try to copy files
+        that aren't present. Then r43661 mistakenly un-did that modification.
+        This patch restores the modification from r43648, but puts the code in
+        jscCommon.vsprops (where it should have been added in r43648).
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Restored empty
+        VCPostBuildEventTool tags.
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Modified the post-build
+        event command line to match the one in jsc.vcproj from r43648.
+
+2009-05-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25325
+
+        Make sure pthread_self() is declared before it gets called in Collector.cpp
+
+        * runtime/Collector.cpp: Include pthread.h in most Unix-like platforms
+        (not just for OPENBSD)
+
+2009-05-14  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix <https://bugs.webkit.org/show_bug.cgi?id=25785>.
+        Bug 25785: Segfault in mark when using JSObjectMakeConstructor
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor): OpaqueJSClass::prototype can return 0.  We need to use the default object prototype when it does.
+        * API/tests/testapi.c:
+        (main): Add a test case.
+        * runtime/JSObject.h:
+        (JSC::JSObject::putDirect): Add a clearer assertion for a null value.  The assertion on the next line does catch this,
+        but the cause of the failure is not clear from the assertion itself.
+
+2009-05-14  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Darin Adler.
+
+        <rdar://problem/6681868> When building with Xcode 3.1.3 should be using gcc 4.2
+
+        The meaning of XCODE_VERSION_ACTUAL is more sensible in newer versions of Xcode.
+        Update our logic to select the compiler version to use the more appropriate XCODE_VERSION_MINOR
+        if the version of Xcode supports it, and fall back to XCODE_VERSION_ACTUAL if not.
+
+        * Configurations/Base.xcconfig:
+
+2009-05-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Checking register file bounds should be a ptr comparison (m_end is a Register*).
+        Also, the compare should be unsigned, pointers don'ts go negative.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+
+2009-05-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix <rdar://problem/6882919> REGRESSION: page at Metroauto site crashes in cti_op_loop_if_less (25730)
+
+        op_loop_if_less (imm < op) was loading op into regT1, but in the slow path spills regT0.
+        This leads to bad happen.
+
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_loop_if_less):
+        (JSC::JIT::emitSlow_op_loop_if_less):
+
+2009-05-13  Dmitry Titov  <dimich@chromium.org>
+
+        Rubber-stamped by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25746
+        Revert http://trac.webkit.org/changeset/43507 which caused crash in PPC nightlies with Safari 4.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingThread::start):
+        (JSC::SamplingThread::stop):
+        * bytecode/SamplingTool.h:
+        * wtf/CrossThreadRefCounted.h:
+        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
+        (WTF::::ref):
+        (WTF::::deref):
+        * wtf/Threading.h:
+        * wtf/ThreadingNone.cpp:
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::identifierByPthreadHandle):
+        (WTF::establishIdentifierForPthreadHandle):
+        (WTF::pthreadHandleForIdentifier):
+        (WTF::clearPthreadHandleForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+        * wtf/ThreadingWin.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::storeThreadHandleByIdentifier):
+        (WTF::threadHandleForIdentifier):
+        (WTF::clearThreadHandleForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+        * wtf/gtk/ThreadingGtk.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::identifierByGthreadHandle):
+        (WTF::establishIdentifierForThread):
+        (WTF::threadForIdentifier):
+        (WTF::clearThreadForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+        * wtf/qt/ThreadingQt.cpp:
+        (WTF::threadMapMutex):
+        (WTF::threadMap):
+        (WTF::identifierByQthreadHandle):
+        (WTF::establishIdentifierForThread):
+        (WTF::clearThreadForIdentifier):
+        (WTF::threadForIdentifier):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+2009-05-13  Darin Adler  <darin@apple.com>
+
+        Revert the parser arena change. It was a slowdown, not a speedup.
+        Better luck next time (I'll break it up into pieces).
+
+2009-05-13  Darin Adler  <darin@apple.com>
+
+        Tiger build fix.
+
+        * parser/Grammar.y: Add back empty code blocks, needed by older
+        versions of bison on certain rules.
+
+2009-05-13  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2009-05-13  Adam Roben  <aroben@apple.com>
+
+        Windows build fixes after r43642
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        Updated.
+
+        * debugger/Debugger.cpp:
+        * runtime/ArrayConstructor.cpp:
+        * runtime/JSArray.cpp:
+        * runtime/RegExp.cpp:
+        * runtime/RegExpConstructor.cpp:
+        * runtime/RegExpPrototype.cpp:
+        * runtime/StringPrototype.cpp:
+        Added missing #includes.
+
+2009-05-13  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 25674: syntax tree nodes should use arena allocation
+        https://bugs.webkit.org/show_bug.cgi?id=25674
+
+        Step 3: Add some actual arena allocation. About 1% SunSpider speedup.
+
+        * JavaScriptCore.exp: Updated.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): Updated since VarStack
+        contains const Identifier* now.
+        (JSC::BytecodeGenerator::emitPushNewScope): Updated to take a const
+        Identifier&.
+        * bytecompiler/BytecodeGenerator.h: Ditto
+
+        * bytecompiler/SegmentedVector.h: Added isEmpty.
+
+        * debugger/Debugger.cpp:
+        (JSC::Debugger::recompileAllJSFunctions): Moved this function here from
+        WebCore so WebCore doesn't need the details of FunctionBodyNode.
+        * debugger/Debugger.h: Ditto.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute): Updated since VarStack contains const
+        Identifier* now.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_vm_lazyLinkCall): Call isHostFunction on the body
+        rather than on the function object, since we can't easily have inlined
+        access to the FunctionBodyNode in JSFunction.h since WebCore needs
+        access to that header.
+        (JSC::JITStubs::cti_op_construct_JSConstruct): Ditto.
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::createCallIdentifier): Ditto.
+
+        * parser/Grammar.y: Use JSGlobalData* to pass the global data pointer
+        around whenever possible instead of using void*. Changed
+        SET_EXCEPTION_LOCATION from a macro to an inline function. Marked
+        the structure-creating functions inline. Changed the VarStack to use
+        identifier pointers instead of actual identifiers. This takes
+        advantage of the fact that all identifier pointers come from the
+        arena and avoids reference count churn. Changed Identifier* to
+        const Identifier* to make sure we don't modify any by accident.
+        Used identifiers for regular expression strings too, using the new
+        scanRegExp that has out parameters instead of the old one that relied
+        on side effects in the Lexer. Move the creation of numeric identifiers
+        out of this file and into the PropertyNode constructor.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::setCode): Pass in ParserArena, used for identifiers.
+        (JSC::Lexer::makeIdentifier): Changed return type to const Identifier*
+        and changed to call ParserArena.
+        (JSC::Lexer::scanRegExp): Added out arguments that are const Identifier*
+        as well as a prefix character argument so we can handle the /= case
+        without a string append.
+        (JSC::Lexer::skipRegExp): Added. Skips a regular expression without
+        allocating Identifier objects.
+        (JSC::Lexer::clear): Removed the code to manage m_identifiers, m_pattern,
+        and m_flags, and added code to set m_arena to 0.
+        * parser/Lexer.h: Updated for changes above.
+
+        * parser/NodeConstructors.h:
+        (JSC::ParserArenaFreeable::operator new): Added. Calls allocateFreeable
+        on the arena.
+        (JSC::ParserArenaDeletable::operator new): Changed to call the
+        allocateDeletable function on the arena instead of deleteWithArena.
+        (JSC::RegExpNode::RegExpNode): Changed arguments to Identifier instead
+        of UString since these come from the parser which makes identifiers.
+        (JSC::PropertyNode::PropertyNode): Added new constructor that makes
+        numeric identifiers. Some day we might want to optimize this for
+        integers so it doesn't create a string for each one.
+        (JSC::ContinueNode::ContinueNode): Initialize m_ident to nullIdentifier
+        since it's now a const Identifier& so it can't be left uninitialized.
+        (JSC::BreakNode::BreakNode): Ditto.
+        (JSC::CaseClauseNode::CaseClauseNode): Updated to use SourceElements*
+        to keep track of the statements rather than a separate statement vector.
+        (JSC::BlockNode::BlockNode): Ditto.
+        (JSC::ForInNode::ForInNode): Initialize m_ident to nullIdentifier.
+
+        * parser/Nodes.cpp: Moved the comment explaining emitBytecode in here.
+        It seemed strangely out of place in the header.
+        (JSC::ThrowableExpressionData::emitThrowError): Added an overload for
+        UString as well as Identifier.
+        (JSC::SourceElements::singleStatement): Added.
+        (JSC::SourceElements::lastStatement): Added.
+        (JSC::RegExpNode::emitBytecode): Updated since the pattern and flags
+        are now Identifier instead of UString. Also changed the throwError code
+        to use the substitution mechanism instead of doing a string append.
+        (JSC::SourceElements::emitBytecode): Added. Replaces the old
+        statementListEmitCode function, since we now keep the SourceElements
+        objects around.
+        (JSC::BlockNode::lastStatement): Added.
+        (JSC::BlockNode::emitBytecode): Changed to use emitBytecode instead of
+        statementListEmitCode.
+        (JSC::CaseClauseNode::emitBytecode): Added.
+        (JSC::CaseBlockNode::emitBytecodeForBlock): Changed to use emitBytecode
+        instead of statementListEmitCode.
+        (JSC::ScopeNodeData::ScopeNodeData): Changed to store the
+        SourceElements* instead of using releaseContentsIntoVector.
+        (JSC::ScopeNode::emitStatementsBytecode): Added.
+        (JSC::ScopeNode::singleStatement): Added.
+        (JSC::ProgramNode::emitBytecode): Call emitStatementsBytecode instead
+        of statementListEmitCode.
+        (JSC::EvalNode::emitBytecode): Ditto.
+        (JSC::EvalNode::generateBytecode): Removed code to clear the children
+        vector. This optimization is no longer possible since everything is in
+        a single arena.
+        (JSC::FunctionBodyNode::emitBytecode): Call emitStatementsBytecode
+        insetad of statementListEmitCode and check for the return node using
+        the new functions.
+
+        * parser/Nodes.h: Changed VarStack to store const Identifier* instead
+        of Identifier and rely on the arena to control lifetime. Added a new
+        ParserArenaFreeable class. Made ParserArenaDeletable inherit from
+        FastAllocBase instead of having its own operator new. Base the Node
+        class on ParserArenaFreeable. Changed the various Node classes
+        to use const Identifier& instead of Identifier to avoid the need to
+        call their destructors and allow them to function as "freeable" in the
+        arena. Removed extraneous JSC_FAST_CALL on definitions of inline functions.
+        Changed ElementNode, PropertyNode, ArgumentsNode, ParameterNode,
+        CaseClauseNode, ClauseListNode, and CaseBlockNode to use ParserArenaFreeable
+        as a base class since they do not descend from Node. Eliminated the
+        StatementVector type and instead have various classes use SourceElements*
+        instead of StatementVector. This prevents those classes from having th
+        use ParserArenaDeletable to make sure the vector destructor is called.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::parse): Pass the arena to the lexer.
+
+        * parser/Parser.h: Added an include of ParserArena.h, which is no longer
+        included by Nodes.h.
+
+        * parser/ParserArena.cpp:
+        (JSC::ParserArena::ParserArena): Added. Initializes the new members,
+        m_freeableMemory, m_freeablePoolEnd, and m_identifiers.
+        (JSC::ParserArena::freeablePool): Added. Computes the pool pointer,
+        since we store only the current pointer and the end of pool pointer.
+        (JSC::ParserArena::deallocateObjects): Added. Contains the common
+        memory-deallocation logic used by both the destructor and the
+        reset function.
+        (JSC::ParserArena::~ParserArena): Changed to call deallocateObjects.
+        (JSC::ParserArena::reset): Ditto. Also added code to zero out the
+        new structures, and switched to use clear() instead of shrink(0) since
+        we don't really reuse arenas.
+        (JSC::ParserArena::makeNumericIdentifier): Added.
+        (JSC::ParserArena::allocateFreeablePool): Added. Used when the pool
+        is empty.
+        (JSC::ParserArena::isEmpty): Added. No longer inline, which is fine
+        since this is used only for assertions at the moment.
+
+        * parser/ParserArena.h: Added an actual arena of "freeable" objects,
+        ones that don't need destructors to be called. Also added the segmented
+        vector of identifiers that used to be in the Lexer.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::extractFunctionBody): Use singleStatement function rather than
+        getting at a StatementVector.
+
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString): Call isHostFunction on the body
+        rather than the function object.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction): Moved the structure version of this in
+        here from the header. It's not hot enough that it needs to be inlined.
+        (JSC::JSFunction::isHostFunction): Moved this in here from the header.
+        It's now a helper to be used only within the class.
+        (JSC::JSFunction::setBody): Moved this in here. It's not hot enough that
+        it needs to be inlined, and we want to be able to compile the header
+        without the definition of FunctionBodyNode.
+
+        * runtime/JSFunction.h: Eliminated the include of "Nodes.h". This was
+        exposing too much JavaScriptCore dependency to WebCore. Because of this
+        change and some changes made to WebCore, we could now export a lot fewer
+        headers from JavaScriptCore, but I have not done that yet in this check-in.
+        Made a couple functions non-inline. Removes some isHostFunction() assertions.
+        
+        * wtf/FastAllocBase.h: Added the conventional using statements we use in
+        WTF so we can use identifiers from the WTF namespace without explicit
+        namespace qualification or namespace directive. This is the usual WTF style,
+        although it's unconventional in the C++ world. We use the namespace primarily
+        for link-time disambiguation, not compile-time.
+
+        * wtf/FastMalloc.cpp: Fixed an incorrect comment.
+
+2009-05-13  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed build fix: add JITStubCall.h to files list.
+
+        * GNUmakefile.am:
+
+2009-05-13  Ariya Hidayat  <ariya.hidayat@nokia.com>
+
+        Unreviewed build fix, as suggested by Yael Aharon <yael.aharon@nokia.com>.
+
+        * wtf/qt/ThreadingQt.cpp:
+        (WTF::waitForThreadCompletion): renamed IsValid to isValid.
+
+2009-05-13  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Revert r43562 - [Gtk] WTF_USE_JSC is already defined in
+        WebCore/config.h.
+
+        * wtf/Platform.h:
+
+2009-05-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add SamplingCounter tool to provide a simple mechanism for counting events in JSC
+        (enabled using ENABLE(SAMPLING_COUNTERS)).  To count events within a single function
+        use the class 'SamplingCounter', where the counter may be incremented from multiple
+        functions 'GlobalSamplingCounter' may be convenient; all other counters (stack or
+        heap allocated, rather than statically declared) should use the DeletableSamplingCounter.
+        Further description of these classes is provided alongside their definition in 
+        SamplingTool.h.
+
+        Counters may be incremented from c++ by calling the 'count()' method on the counter,
+        or may be incremented by JIT code by using the 'emitCount()' method within the JIT.
+
+        This patch also fixes CODEBLOCK_SAMPLING, which was missing a null pointer check.
+
+        * JavaScriptCore.exp:
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::addWithCarry32):
+        (JSC::MacroAssemblerX86::and32):
+        (JSC::MacroAssemblerX86::or32):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::and32):
+        (JSC::MacroAssemblerX86Common::or32):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::and32):
+        (JSC::MacroAssemblerX86_64::or32):
+        (JSC::MacroAssemblerX86_64::addPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::adcl_im):
+        (JSC::X86Assembler::addq_im):
+        (JSC::X86Assembler::andl_im):
+        (JSC::X86Assembler::orl_im):
+        * bytecode/SamplingTool.cpp:
+        (JSC::AbstractSamplingCounter::dump):
+        * bytecode/SamplingTool.h:
+        (JSC::AbstractSamplingCounter::count):
+        (JSC::GlobalSamplingCounter::name):
+        (JSC::SamplingCounter::SamplingCounter):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::setSamplingFlag):
+        (JSC::JIT::clearSamplingFlag):
+        (JSC::JIT::emitCount):
+        * jsc.cpp:
+        (runWithScripts):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        * wtf/Platform.h:
+
+2009-05-13  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+
+2009-05-12  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+
+2009-05-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6881457> Crash occurs at JSC::Interpreter::execute() when loading http://www.sears.com
+
+        We created the arguments objects before an op_push_scope but not
+        before op_push_new_scope, this meant a null arguments object could
+        be resolved inside catch blocks.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitPushNewScope):
+
+2009-05-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6879881> Crash occurs at JSC::JSActivation::mark() when loading http://www.monster.com; http://www.cnet.com
+        <https://bugs.webkit.org/show_bug.cgi?id=25736> Crash loading www.google.dk/ig (and other igoogle's as well)
+
+        Following on from the lazy arguments creation patch, it's now
+        possible for an activation to to have a null register in the callframe
+        so we can't just blindly mark the local registers in an activation,
+        and must null check first instead.
+
+        * API/tests/testapi.c:
+        (functionGC):
+        * API/tests/testapi.js:
+        (bludgeonArguments.return.g):
+        (bludgeonArguments):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::mark):
+
+2009-05-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Geoff Garen.
+
+        WTF_USE_CTI_REPATCH_PIC is no longer used, remove.
+
+        * jit/JIT.h:
+        * jit/JITStubCall.h:
+
+2009-05-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        We've run into some problems where changing the size of the class JIT leads to
+        performance fluctuations.  Try forcing alignment in an attempt to stabalize this.
+
+        * jit/JIT.h:
+
+2009-05-12  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Add ParserArena.cpp to the build.
+
+        * JavaScriptCoreSources.bkl:
+
+2009-05-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Unsigned underflow on 64bit cannot be treated as a negative number
+
+        This code included some placeswhere we deliberately create negative offsets
+        from unsigned values, on 32bit this is "safe", but in 64bit builds much
+        badness occurs. Solution is to use signed types as nature intended.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_load_varargs):
+
+2009-05-12  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Holger Freyther.
+
+        [Gtk] Various autotools build refactoring and fixes
+        https://bugs.webkit.org/show_bug.cgi?id=25286
+
+        Define WTF_USE_JSC for the Gtk port.
+
+        * wtf/Platform.h:
+
+2009-05-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - allow all of strictEqual to be inlined into cti_op_stricteq once again
+        
+        We had this optimization once but accidentally lost it at some point.
+
+        * runtime/Operations.h:
+        (JSC::JSValue::strictEqualSlowCaseInline):
+        (JSC::JSValue::strictEqual):
+
+2009-05-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        instanceof should throw if the constructor being tested does not implement
+        'HasInstance" (i.e. is a function).  Instead we were returning false.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::isInvalidParamForIn):
+        (JSC::isInvalidParamForInstanceOf):
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_instanceof):
+        * tests/mozilla/ecma_2/instanceof/instanceof-003.js:
+            Fix broken test case.
+        * tests/mozilla/ecma_2/instanceof/regress-7635.js:
+            Remove broken test case (was an exact duplicate of a test in instanceof-003.js).
+
+2009-05-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve function call forwarding performance
+
+        Make creation of the Arguments object occur lazily, so it
+        is not necessarily created for every function that references
+        it.  Then add logic to Function.apply to allow it to avoid
+        allocating the Arguments object at all.  Helps a lot with
+        the function forwarding/binding logic in jQuery, Prototype,
+        and numerous other JS libraries.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::registerFor):
+        (JSC::BytecodeGenerator::willResolveToArguments):
+        (JSC::BytecodeGenerator::uncheckedRegisterForArguments):
+        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
+        (JSC::BytecodeGenerator::emitCallEval):
+        (JSC::BytecodeGenerator::emitPushScope):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_create_arguments):
+        (JSC::JIT::emit_op_init_arguments):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        (JSC::JITStubs::cti_op_load_varargs):
+        * parser/Nodes.cpp:
+        (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
+2009-05-11  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Enable use of SamplingFlags directly from JIT code.
+
+        * bytecode/SamplingTool.h:
+        * jit/JIT.h:
+        (JSC::JIT::sampleCodeBlock):
+        (JSC::JIT::sampleInstruction):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::setSamplingFlag):
+        (JSC::JIT::clearSamplingFlag):
+
+2009-05-11  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Implement JIT generation for instanceof for non-objects (always returns false).
+        Also fixes the sequencing of the prototype and value isObject checks, to no match the spec.
+
+        0.5% progression on v8 tests overall, due to 3.5% on early-boyer.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::hasInstance):
+        * runtime/TypeInfo.h:
+        (JSC::TypeInfo::TypeInfo):
+
+2009-05-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A little more JIT refactoring.
+        
+        Rearranged code to more clearly indicate what's conditionally compiled
+        and why. Now, all shared code is at the top of our JIT files, and all
+        #if'd code is at the bottom. #if'd code is delineated by large comments.
+        
+        Moved functions that relate to the JIT but don't explicitly do codegen
+        into JIT.cpp. Refactored SSE2 check to store its result as a data member
+        in the JIT.
+
+        * jit/JIT.cpp:
+        (JSC::isSSE2Present):
+        (JSC::JIT::JIT):
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        * jit/JIT.h:
+        (JSC::JIT::isSSE2Present):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_mod):
+        (JSC::JIT::emitSlow_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+
+2009-05-11  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Build fix.
+
+        * JavaScriptCore.pri: Build the new JITOpcodes.cpp
+
+2009-05-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        More re-factoring of JIT code generation.  Use a macro to
+        forward the main switch-statement cases to the helper functions.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+
+2009-05-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        More re-factoring of JIT code generation to move opcode generation
+        to helper functions outside the main switch-statement and gave those
+        helper functions standardized names. This patch covers the remaining
+        slow cases.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+
+2009-05-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * GNUmakefile.am: Added JITOpcodes.cpp and JITStubCall.h to the project.
+
+2009-05-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
+        JITOpcodes.cpp and JITStubCall.h to the project.
+
+2009-05-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Some JIT refactoring.
+        
+        Moved JITStubCall* into its own header.
+        
+        Modified JITStubCall to ASSERT that its return value is handled correctly.
+        Also, replaced function template with explicit instantiations to resolve
+        some confusion.
+        
+        Replaced all uses of emit{Get,Put}CTIArgument with explicit peeks, pokes,
+        and calls to killLastResultRegister().
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        * jit/JITCall.cpp:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        * jit/JITPropertyAccess.cpp:
+        * jit/JITStubCall.h: Copied from jit/JIT.h.
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+        (JSC::JITStubCall::call):
+        (JSC::JITStubCall::):
+
+2009-05-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Start re-factoring JIT code generation to move opcode generation
+        to helper functions outside the main switch-statement and gave those
+        helper functions standardized names.  This patch only covers the main
+        pass and all the arithmetic opcodes in the slow path.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        * jit/JITOpcodes.cpp: Copied from jit/JIT.cpp.
+        * jit/JITPropertyAccess.cpp:
+
+2009-05-11  Steve Falkenburg  <sfalken@apple.com>
+
+        Re-add experimental PGO configs.
+        
+        Reviewed by Adam Roben.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2009-05-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey "1" Garen.
+
+        Rip out the !USE(CTI_REPATCH_PIC) code.  It was untested and unused.
+
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdChainList):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compileCTIMachineTrampolines):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::tryCachePutByID):
+        (JSC::JITStubs::tryCacheGetByID):
+
+2009-05-11  Dmitry Titov  <dimich@chromium.org>
+
+        GTK build fix - the deprecated waitForThreadCompletion is not needed on GTK.
+
+        * wtf/ThreadingPthreads.cpp: used #ifdef PLATFORM(DARWIN) around waitForThreadCompletion().
+
+2009-05-11  Adam Roben  <aroben@apple.com>
+
+        Build fix for newer versions of GCC
+
+        * wtf/ThreadingPthreads.cpp: Added a declaration of
+        waitForThreadCompletion before its definition to silence a warning.
+
+2009-05-11  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov and Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25348
+        Change WTF::ThreadIdentifier to be an actual (but wrapped) thread id, remove ThreadMap.
+
+        * wtf/Threading.h:
+        (WTF::ThreadIdentifier::ThreadIdentifier):
+        (WTF::ThreadIdentifier::isValid):
+        (WTF::ThreadIdentifier::invalidate):
+        (WTF::ThreadIdentifier::platformId):
+        ThreadIdentifier is now a class, containing a PlatformThreadIdentifier and
+        methods that are used across the code on thread ids: construction, comparisons,
+        check for 'valid' state etc. '0' is used as invalid id, which happens to just work
+        with all platform-specific thread id implementations.
+
+        All the following files repeatedly reflect the new ThreadIdentifier for each platform.
+        We remove ThreadMap and threadMapMutex from all of them, remove the functions that
+        populated/searched/cleared the map and add platform-specific comparison operators
+        for ThreadIdentifier.
+
+        There are specific temporary workarounds for Safari 4 beta on OSX and Win32 since the
+        public build uses WTF threading functions with old type of ThreadingIdentifier.
+        The next time Safari 4 is rebuilt, it will 'automatically' pick up the new type and new
+        functions so the deprecated ones can be removed.
+
+        * wtf/gtk/ThreadingGtk.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+        (WTF::waitForThreadCompletion): This is a workaround for Safari 4 beta on Mac.
+        Safari 4 is linked against old definition of ThreadIdentifier so it treats it as uint32_t.
+        This 'old' variant of waitForThreadCompletion takes uint32_t and has the old decorated name, so Safari can
+        load it from JavaScriptCore library. The other functions (CurrentThread() etc) happen to match their previous
+        decorated names and, while they return pthread_t now, it is a pointer which round-trips through a uint32_t.
+        This function will be removed as soon as Safari 4 will release next public build.
+
+        * wtf/qt/ThreadingQt.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal): All the platforms (except Windows) used a sequential
+        counter as a thread ID and mapped it into platform ID. Windows was using native thread
+        id and mapped it into thread handle. Since we can always obtain a thread handle
+        by thread id, createThread now closes the handle.
+        (WTF::waitForThreadCompletion): obtains another one using OpenThread(id) API. If can not obtain a handle,
+        it means the thread already exited.
+        (WTF::detachThread):
+        (WTF::currentThread):
+        (WTF::detachThreadDeprecated): old function, renamed (for Win Safari 4 beta which uses it for now).
+        (WTF::waitForThreadCompletionDeprecated): same.
+        (WTF::currentThreadDeprecated): same.
+        (WTF::createThreadDeprecated): same.
+
+        * bytecode/SamplingTool.h:
+        * bytecode/SamplingTool.cpp: Use DEFINE_STATIC_LOCAL for a static ThreadIdentifier variable, to avoid static constructor.
+
+        * JavaScriptCore.exp: export lists - updated decorated names of the WTF threading functions
+        since they now take a different type as a parameter.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: ditto for Windows, plus added "deprecated" functions
+        that take old parameter type - turns out public beta of Safari 4 uses those, so they need to be kept along for a while.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: ditto.
+
+2009-05-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 25560: REGRESSION (r34821): "string value".__proto__ gets the wrong object.
+        https://bugs.webkit.org/show_bug.cgi?id=25560
+        rdar://problem/6861069
+
+        I missed this case back a year ago when I sped up handling
+        of JavaScript wrappers. Easy to fix.
+
+        * runtime/JSObject.h:
+        (JSC::JSValue::get): Return the prototype itself if the property name
+        is __proto__.
+        * runtime/JSString.cpp:
+        (JSC::JSString::getOwnPropertySlot): Ditto.
+
+2009-05-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Rename emitGetFromCallFrameHeader to emitGetFromCallFrameHeaderPtr
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
+        (JSC::JIT::emitGetFromCallFrameHeader32):
+
+2009-05-11  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Unreviewed build fix. Build ParserAreana.cpp for Qt
+
+        * JavaScriptCore.pri:
+
+2009-05-11  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24536
+
+        Symbian compilers cannot resolve WTF::PassRefPtr<JSC::Profile>
+        unless Profile.h is included.
+
+        * profiler/ProfileGenerator.h:
+
+2009-05-11  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Holger Freyther.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24284
+
+        * JavaScriptCore.pri: coding style modified
+        * jsc.pro: duplicated values removed from INCLUDEPATH, DEFINES
+
+2009-05-11  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Reviewed by NOBODY (build fix).
+
+        Also add ParserArena, in addition to AllInOne, for release builds,
+        since adding it to AllInOne breaks Mac.
+
+        * GNUmakefile.am:
+
+2009-05-11  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Unreviewed build fix. Adding ParserArena to the autotools build.
+
+        * GNUmakefile.am:
+
+2009-05-11  Adam Roben  <aroben@apple.com>
+
+        More Windows build fixes after r43479
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        Export ParserArena::reset.
+
+2009-05-11  Adam Roben  <aroben@apple.com>
+
+        Windows build fixes after r43479
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
+        ParserArena to the project.
+
+        * parser/NodeConstructors.h: Added a missing include.
+        (JSC::ParserArenaDeletable::operator new): Marked these as inline.
+
+2009-05-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff Garen.
+        
+        - fixed REGRESSION(r43432): Many JavaScriptCore tests crash in 64-bit
+        https://bugs.webkit.org/show_bug.cgi?id=25680
+
+        Accound for the 64-bit instruction prefix when rewriting mov to lea on 64-bit.
+        
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+
+2009-05-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 25674: syntax tree nodes should use arena allocation
+        https://bugs.webkit.org/show_bug.cgi?id=25674
+
+        Part two: Remove reference counting from most nodes.
+
+        * JavaScriptCore.exp: Updated.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added ParserArena.h and .cpp.
+
+        * parser/Grammar.y: Replaced uses of ParserRefCountedData with uses of
+        ParserArenaData. Took out now-nonfunctional code that tries to manually
+        release declaration list. Changed the new calls that create FuncDeclNode
+        and FuncExprNode so that they use the proper version of operator new for
+        the reference-counted idiom, not the deletion idiom.
+
+        * parser/NodeConstructors.h:
+        (JSC::ParserArenaDeletable::operator new): Added.
+        (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Added.
+        (JSC::Node::Node): Removed ParserRefCounted initializer.
+        (JSC::ElementNode::ElementNode): Ditto.
+        (JSC::PropertyNode::PropertyNode): Ditto.
+        (JSC::ArgumentsNode::ArgumentsNode): Ditto.
+        (JSC::SourceElements::SourceElements): Ditto.
+        (JSC::ParameterNode::ParameterNode): Ditto.
+        (JSC::FuncExprNode::FuncExprNode): Added ParserArenaRefCounted initializer.
+        (JSC::FuncDeclNode::FuncDeclNode): Ditto.
+        (JSC::CaseClauseNode::CaseClauseNode): Removed ParserRefCounted initializer.
+        (JSC::ClauseListNode::ClauseListNode): Ditto.
+        (JSC::CaseBlockNode::CaseBlockNode): Ditto.
+
+        * parser/NodeInfo.h: Replaced uses of ParserRefCountedData with uses of
+        ParserArenaData.
+
+        * parser/Nodes.cpp:
+        (JSC::ScopeNode::ScopeNode): Added ParserArenaRefCounted initializer.
+        (JSC::ProgramNode::create): Use the proper version of operator new for
+        the reference-counted idiom, not the deletion idiom. Use the arena
+        contains function instead of the vecctor find function.
+        (JSC::EvalNode::create): Use the proper version of operator new for
+        the reference-counted idiom, not the deletion idiom. Use the arena
+        reset function instead of the vector shrink function.
+        (JSC::FunctionBodyNode::createNativeThunk): Use the proper version
+        of operator new for the reference-counted idiom, not the deletion idiom.
+        (JSC::FunctionBodyNode::create): More of the same.
+
+        * parser/Nodes.h: Added ParserArenaDeletable and ParserArenaRefCounted
+        to replace ParserRefCounted. Fixed inheritance so only the classes that
+        need reference counting inherit from ParserArenaRefCounted.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::parse): Set m_sourceElements to 0 since it now starts
+        uninitialized. Just set it to 0 again in the failure case, since it's
+        now just a raw pointer, not an owning one.
+        (JSC::Parser::reparseInPlace): Removed now-unneeded get() function.
+        (JSC::Parser::didFinishParsing): Replaced uses of ParserRefCountedData
+        with uses of ParserArenaData.
+
+        * parser/Parser.h: Less RefPtr, more arena.
+
+        * parser/ParserArena.cpp: Added.
+        * parser/ParserArena.h: Added.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData): Removed arena-related code, since it's
+        now in the Parser.
+        (JSC::JSGlobalData::createLeaked): Removed unneeded #ifndef.
+        (JSC::JSGlobalData::createNativeThunk): Tweaked #if a bit.
+
+        * runtime/JSGlobalData.h: Removed parserArena, which is now in Parser.
+
+        * wtf/RefCounted.h: Added deletionHasBegun function, for use in
+        assertions to catch deletion not done by the deref function.
+
+2009-05-10  David Kilzer  <ddkilzer@apple.com>
+
+        Part 2: Try to fix the Windows build by adding a symbol which is really just a re-mangling of a changed method signature
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-10  David Kilzer  <ddkilzer@apple.com>
+
+        Try to fix the Windows build by removing an unknown symbol
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-10  David Kilzer  <ddkilzer@apple.com>
+
+        Touch Nodes.cpp to try to fix Windows build
+
+        * parser/Nodes.cpp: Removed whitespace.
+
+2009-05-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Quick fix for failures seen on buildbot. Maciej plans a better fix later.
+
+        * wtf/dtoa.cpp: Change the hardcoded number of 32-bit words in a BigInt
+        from 32 to 64. Parsing "1e500", for example, requires more than 32 words.
+
+2009-05-10  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 25674: syntax tree nodes should use arena allocation
+        Part one: Change lifetimes so we won't have to use reference
+        counting so much, but don't eliminate the reference counts
+        entirely yet.
+
+        * JavaScriptCore.exp: Updated.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): Update for use of raw pointers
+        instead of RefPtr.
+        (JSC::BytecodeGenerator::emitCall): Ditto.
+        (JSC::BytecodeGenerator::emitConstruct): Ditto.
+
+        * parser/Grammar.y: Update node creating code to use new (JSGlobalData*)
+        instead of the plain new. At the moment this is just a hook for future
+        arena allocation; it's inline and JSGlobalData* is not used.
+
+        * parser/NodeConstructors.h: Updated for name change of parserObjects to
+        parserArena. Also added explicit initialization for raw pointers that used
+        to be RefPtr. Also removed some uses of get() that aren't needed now that
+        the pointers are raw pointers. Also eliminated m_parameter from FuncExprNode
+        and FuncDeclNode. Also changed node-creating code to use new (JSGlobalData*)
+        as above.
+
+        * parser/Nodes.cpp: Eliminated NodeReleaser and all use of it.
+        (JSC::ParserRefCounted::ParserRefCounted): Updated for name change of
+        parserObjects to parserArena.
+        (JSC::SourceElements::append): Use raw pointers.
+        (JSC::ArrayNode::emitBytecode): Ditto.
+        (JSC::ArrayNode::isSimpleArray): Ditto.
+        (JSC::ArrayNode::toArgumentList): Ditto.
+        (JSC::ObjectLiteralNode::emitBytecode): Ditto.
+        (JSC::PropertyListNode::emitBytecode): Ditto.
+        (JSC::BracketAccessorNode::emitBytecode): Ditto.
+        (JSC::DotAccessorNode::emitBytecode): Ditto.
+        (JSC::ArgumentListNode::emitBytecode): Ditto.
+        (JSC::NewExprNode::emitBytecode): Ditto.
+        (JSC::EvalFunctionCallNode::emitBytecode): Ditto.
+        (JSC::FunctionCallValueNode::emitBytecode): Ditto.
+        (JSC::FunctionCallResolveNode::emitBytecode): Ditto.
+        (JSC::FunctionCallBracketNode::emitBytecode): Ditto.
+        (JSC::FunctionCallDotNode::emitBytecode): Ditto.
+        (JSC::CallFunctionCallDotNode::emitBytecode): Ditto.
+        (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto.
+        (JSC::PostfixBracketNode::emitBytecode): Ditto.
+        (JSC::PostfixDotNode::emitBytecode): Ditto.
+        (JSC::DeleteBracketNode::emitBytecode): Ditto.
+        (JSC::DeleteDotNode::emitBytecode): Ditto.
+        (JSC::DeleteValueNode::emitBytecode): Ditto.
+        (JSC::VoidNode::emitBytecode): Ditto.
+        (JSC::TypeOfValueNode::emitBytecode): Ditto.
+        (JSC::PrefixBracketNode::emitBytecode): Ditto.
+        (JSC::PrefixDotNode::emitBytecode): Ditto.
+        (JSC::UnaryOpNode::emitBytecode): Ditto.
+        (JSC::BinaryOpNode::emitStrcat): Ditto.
+        (JSC::BinaryOpNode::emitBytecode): Ditto.
+        (JSC::EqualNode::emitBytecode): Ditto.
+        (JSC::StrictEqualNode::emitBytecode): Ditto.
+        (JSC::ReverseBinaryOpNode::emitBytecode): Ditto.
+        (JSC::ThrowableBinaryOpNode::emitBytecode): Ditto.
+        (JSC::InstanceOfNode::emitBytecode): Ditto.
+        (JSC::LogicalOpNode::emitBytecode): Ditto.
+        (JSC::ConditionalNode::emitBytecode): Ditto.
+        (JSC::ReadModifyResolveNode::emitBytecode): Ditto.
+        (JSC::AssignResolveNode::emitBytecode): Ditto.
+        (JSC::AssignDotNode::emitBytecode): Ditto.
+        (JSC::ReadModifyDotNode::emitBytecode): Ditto.
+        (JSC::AssignBracketNode::emitBytecode): Ditto.
+        (JSC::ReadModifyBracketNode::emitBytecode): Ditto.
+        (JSC::CommaNode::emitBytecode): Ditto.
+        (JSC::ConstDeclNode::emitCodeSingle): Ditto.
+        (JSC::ConstDeclNode::emitBytecode): Ditto.
+        (JSC::ConstStatementNode::emitBytecode): Ditto.
+        (JSC::statementListEmitCode): Ditto.
+        (JSC::BlockNode::emitBytecode): Ditto.
+        (JSC::ExprStatementNode::emitBytecode): Ditto.
+        (JSC::VarStatementNode::emitBytecode): Ditto.
+        (JSC::IfNode::emitBytecode): Ditto.
+        (JSC::IfElseNode::emitBytecode): Ditto.
+        (JSC::DoWhileNode::emitBytecode): Ditto.
+        (JSC::WhileNode::emitBytecode): Ditto.
+        (JSC::ForNode::emitBytecode): Ditto.
+        (JSC::ForInNode::emitBytecode): Ditto.
+        (JSC::ReturnNode::emitBytecode): Ditto.
+        (JSC::WithNode::emitBytecode): Ditto.
+        (JSC::CaseBlockNode::tryOptimizedSwitch): Ditto.
+        (JSC::CaseBlockNode::emitBytecodeForBlock): Ditto.
+        (JSC::SwitchNode::emitBytecode): Ditto.
+        (JSC::LabelNode::emitBytecode): Ditto.
+        (JSC::ThrowNode::emitBytecode): Ditto.
+        (JSC::TryNode::emitBytecode): Ditto.
+        (JSC::ScopeNodeData::ScopeNodeData): Use swap to transfer ownership
+        of the arena, varStack and functionStack.
+        (JSC::ScopeNode::ScopeNode): Pass in the arena when creating the
+        ScopeNodeData.
+        (JSC::ProgramNode::ProgramNode): Made this inline since it's used
+        in only one place.
+        (JSC::ProgramNode::create): Changed this to return a PassRefPtr since
+        we plan to have the scope nodes be outside the arena, so they will need
+        some kind of ownership transfer (maybe auto_ptr instead of PassRefPtr
+        in the future, though). Remove the node from the newly-created arena to
+        avoid a circular reference. Later we'll keep the node out of the arena
+        by using a different operator new, but for now it's the ParserRefCounted
+        constructor that puts the node into the arena, and there's no way to
+        bypass that.
+        (JSC::EvalNode::EvalNode): Ditto.
+        (JSC::EvalNode::create): Ditto.
+        (JSC::FunctionBodyNode::FunctionBodyNode): Ditto.
+        (JSC::FunctionBodyNode::createNativeThunk): Moved the code that
+        reseets the arena here instead of the caller.
+        (JSC::FunctionBodyNode::create): Same change as the other create
+        functions above.
+        (JSC::FunctionBodyNode::emitBytecode): Use raw pointers.
+
+        * parser/Nodes.h: Removed NodeReleaser. Changed FunctionStack to
+        use raw pointers. Removed the releaseNodes function. Added an override
+        of operator new that takes a JSGlobalData* to prepare for future arena use.
+        Use raw pointers instead of RefPtr everywhere possible.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::reparseInPlace): Pass the arena in.
+
+        * parser/Parser.h:
+        (JSC::Parser::parse): Updated for name change of parserObjects to parserArena.
+        (JSC::Parser::reparse): Ditto.
+        * runtime/FunctionConstructor.cpp:
+        (JSC::extractFunctionBody): Ditto.
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData): Ditto.
+        (JSC::JSGlobalData::createNativeThunk): Moved arena manipulation into the
+        FunctionBodyNode::createNativeThunk function.
+
+        * runtime/JSGlobalData.h: Tweaked formatting and renamed parserObjects to
+        parserArena.
+
+        * wtf/NotFound.h: Added the usual "using WTF" to this header to match the
+        rest of WTF.
+
+2009-05-10  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Geoffrey Garen.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25670
+        Remove no longer valid chunk of code from dtoa.
+
+        * wtf/dtoa.cpp:
+        (WTF::dtoa): Removed invalid code.
+
+2009-05-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        "Class const *" is the same as "const Class*", use the latter syntax consistently.
+
+        See <http://www.parashift.com/c++-faq-lite/const-correctness.html#faq-18.9>.
+
+        * pcre/pcre_compile.cpp:
+        (calculateCompiledPatternLength):
+        * runtime/JSObject.h:
+        (JSC::JSObject::offsetForLocation):
+        (JSC::JSObject::locationForOffset):
+
+2009-05-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+        
+        - speedup dtoa/strtod
+        
+        Added a bunch of inlining, and replaced malloc with stack allocation.
+        
+        0.5% SunSpider speedup (7% on string-tagcloud).
+
+        * runtime/NumberPrototype.cpp:
+        (JSC::integerPartNoExp):
+        (JSC::numberProtoFuncToExponential):
+        * runtime/UString.cpp:
+        (JSC::concatenate):
+        (JSC::UString::from):
+        * wtf/dtoa.cpp:
+        (WTF::BigInt::BigInt):
+        (WTF::BigInt::operator=):
+        (WTF::Balloc):
+        (WTF::Bfree):
+        (WTF::multadd):
+        (WTF::s2b):
+        (WTF::i2b):
+        (WTF::mult):
+        (WTF::pow5mult):
+        (WTF::lshift):
+        (WTF::cmp):
+        (WTF::diff):
+        (WTF::b2d):
+        (WTF::d2b):
+        (WTF::ratio):
+        (WTF::strtod):
+        (WTF::quorem):
+        (WTF::freedtoa):
+        (WTF::dtoa):
+        * wtf/dtoa.h:
+
+2009-05-09  Mike Hommey  <glandium@debian.org>
+
+        Reviewed by Geoffrey Garen. Landed by Jan Alonzo.
+
+        Enable JIT on x86-64 gtk+
+        https://bugs.webkit.org/show_bug.cgi?id=24724
+
+        * GNUmakefile.am:
+
+2009-05-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Removed the last non-call-related manually managed JIT stub call.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_rshift): Fully use the JITStubCall
+        abstraction, instead of emitPutJITStubArg.
+
+2009-05-09  Sebastian Andrzej Siewior  <sebastian@breakpoint.cc>
+
+        Reviewed by Gustavo Noronha.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25653
+        PLATFORM(X86_64) inherits ia64
+
+        __ia64__ is defined by gcc in an IA64 arch and has completely
+        nothing in common with X86-64 exept both are from Intel and have
+        an 64bit address space. That's it. Since code seems to expect x86
+        here, ia64 has to go.
+
+        * wtf/Platform.h:
+
+2009-05-09  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Suggested by Geoffrey Garen.
+
+        Assume SSE2 is present on X86-64 and on MAC X86-32. This fixes a
+        build breakage on non-Mac X86-64 when JIT is enabled.
+
+        * jit/JITArithmetic.cpp:
+
+2009-05-09  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Build fix, adding missing files to make dist.
+
+        * GNUmakefile.am:
+
+2009-05-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::patchLoadToLEA):
+
+2009-05-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::patchLoadToLEA):
+
+2009-05-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        Original patch by John McCall. Updated by Cameron Zwarich. Further refined by me.
+        
+        - Assorted speedups to property access
+        
+        ~.3%-1% speedup on SunSpider
+        
+        1) When we know from the structure ID that an object is using inline storage, plant direct
+        loads and stores against it; no need to indirect through storage pointer.
+        
+        2) Also because of the above, union the property storage pointer with the first inline property
+        slot and add an extra inline property slot.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::CodeLocationInstruction):
+        (JSC::AbstractMacroAssembler::CodeLocationInstruction::patchLoadToLEA):
+        (JSC::::CodeLocationCommon::instructionAtOffset):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::storePtr):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::store32):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::storePtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movq_EAXm):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::patchLoadToLEA):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compilePutDirectOffset):
+        (JSC::JIT::compileGetDirectOffset):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::removeDirect):
+        * runtime/JSObject.h:
+        (JSC::JSObject::propertyStorage):
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getOffset):
+        (JSC::JSObject::offsetForLocation):
+        (JSC::JSObject::locationForOffset):
+        (JSC::JSObject::getDirectOffset):
+        (JSC::JSObject::putDirectOffset):
+        (JSC::JSObject::isUsingInlineStorage):
+        (JSC::JSObject::):
+        (JSC::JSObject::JSObject):
+        (JSC::JSObject::~JSObject):
+        (JSC::Structure::isUsingInlineStorage):
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::putDirectWithoutTransition):
+        (JSC::JSObject::allocatePropertyStorageInline):
+        * runtime/Structure.h:
+
+2009-05-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Changed all our JIT stubs so that they return a maximum of 1 JS value or
+        two non-JS pointers, and do all other value returning through out
+        parameters, in preparation for 64bit JS values on a 32bit system.
+
+        Stubs that used to return two JSValues now return one JSValue and take
+        and out parameter specifying where in the register array the second
+        value should go.
+        
+        SunSpider reports no change.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_post_inc):
+        (JSC::JIT::compileFastArithSlow_op_post_dec):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_call_arityCheck):
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+        (JSC::JITStubs::cti_op_post_dec):
+        * jit/JITStubs.h:
+        (JSC::):
+
+2009-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed <rdar://problem/6634956> CrashTracer: [REGRESSION] >400 crashes
+        in Safari at com.apple.JavaScriptCore • JSC::BytecodeGenerator::emitComplexJumpScopes + 468
+        https://bugs.webkit.org/show_bug.cgi?id=25658
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitComplexJumpScopes): Guard the whole loop
+        with a bounds check. The old loop logic would decrement and read topScope
+        without a bounds check, which could cause crashes on page boundaries.
+
+2009-05-08  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by NOBODY (BuildFix).
+
+        Gtk fix: add LiteralParser to the build script per r43424.
+
+        Add LiteralParser to the Qt and Wx build scripts too.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCoreSources.bkl:
+
+2009-05-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough and Darin Adler.
+
+        Add a limited literal parser for eval to handle object and array literals fired at eval
+
+        This is a simplified parser and lexer that we can throw at strings passed to eval
+        in case a site is using eval to parse JSON (eg. json2.js).  The lexer is intentionally
+        limited (in effect it's whitelisting a limited "common" subset of the JSON grammar)
+        as this decreases the likelihood of us wating time attempting to parse any significant
+        amount of non-JSON content.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * runtime/LiteralParser.cpp: Added.
+        (JSC::isStringCharacter):
+        (JSC::LiteralParser::Lexer::lex):
+        (JSC::LiteralParser::Lexer::lexString):
+        (JSC::LiteralParser::Lexer::lexNumber):
+        (JSC::LiteralParser::parseStatement):
+        (JSC::LiteralParser::parseExpression):
+        (JSC::LiteralParser::parseArray):
+        (JSC::LiteralParser::parseObject):
+        (JSC::LiteralParser::StackGuard::StackGuard):
+        (JSC::LiteralParser::StackGuard::~StackGuard):
+        (JSC::LiteralParser::StackGuard::isSafe):
+        * runtime/LiteralParser.h: Added.
+        (JSC::LiteralParser::LiteralParser):
+        (JSC::LiteralParser::attemptJSONParse):
+        (JSC::LiteralParser::):
+        (JSC::LiteralParser::Lexer::Lexer):
+        (JSC::LiteralParser::Lexer::next):
+        (JSC::LiteralParser::Lexer::currentToken):
+        (JSC::LiteralParser::abortParse):
+
+2009-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Restored a Mozilla JS test I accidentally gutted.
+
+        * tests/mozilla/ecma/Array/15.4.4.2.js:
+        (getTestCases):
+        (test):
+
+2009-05-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        More abstraction for JITStub calls from JITed code.
+        
+        Added a JITStubCall class that automatically handles things like assigning
+        arguments to different stack slots and storing return values. Deployed
+        the class in about a billion places. A bunch more places remain to be
+        fixed up, but this is a good stopping point for now.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::emitTimeoutCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::JIT::JSRInfo::JSRInfo):
+        (JSC::JITStubCall::JITStubCall):
+        (JSC::JITStubCall::addArgument):
+        (JSC::JITStubCall::call):
+        (JSC::JITStubCall::):
+        (JSC::CallEvalJITStub::CallEvalJITStub):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_lshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_jnless):
+        (JSC::JIT::compileFastArithSlow_op_bitand):
+        (JSC::JIT::compileFastArithSlow_op_mod):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArithSlow_op_post_inc):
+        (JSC::JIT::compileFastArithSlow_op_post_dec):
+        (JSC::JIT::compileFastArithSlow_op_pre_inc):
+        (JSC::JIT::compileFastArithSlow_op_pre_dec):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArith_op_sub):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::compileFastArithSlow_op_add):
+        (JSC::JIT::compileFastArithSlow_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+
+2009-05-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add a new opcode jnlesseq, and optimize its compilation in the JIT using
+        techniques similar to what were used to optimize jnless in r43363.
+
+        This gives a 0.7% speedup on SunSpider, particularly on the tests 3d-cube,
+        control-flow-recursive, date-format-xparb, and string-base64.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Add support for dumping op_jnlesseq.
+        * bytecode/Opcode.h: Add op_jnlesseq to the list of opcodes.
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpIfFalse): Add a peephole optimization
+        for op_jnlesseq when emitting lesseq followed by a jump.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute): Add case for op_jnlesseq.
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass): Add case for op_jnlesseq.
+        (JSC::JIT::privateCompileSlowCases): Add case for op_jnlesseq.
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_jnlesseq): Added.
+        (JSC::JIT::compileFastArithSlow_op_jnlesseq): Added.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_jlesseq): Added.
+        * jit/JITStubs.h:
+
+2009-05-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - fix test failures on 64-bit
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_jnless): Avoid accidentaly treating an
+        immediate int as an immediate float in the 64-bit value representation.
+
+2009-05-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Oliver Hunt.
+
+        Removing an empty constructor and an uncalled, empty function seems to be a
+        pretty solid 1% regeression on my machine, so I'm going to put them back.
+        Um.  Yeah, this this pretty pointles and makes no sense at all.  I officially
+        lose the will to live in 3... 2...
+
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::notifyOfScope):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingTool::~SamplingTool):
+
+2009-05-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver "I see lots of ifdefs" Hunt.
+
+        Fix (kinda) for sampling tool breakage.  The codeblock sampling tool has become
+        b0rked due to recent changes in native function calling.  The initialization of
+        a ScopeNode appears to now occur before the sampling tool (or possibly the
+        interpreter has been brought into existence, wihich leads to crashyness).
+
+        This patch doesn't fix the problem.  The crash occurs when tracking a Scope, but
+        we shouldn't need to track scopes when we're just sampling opcodes, not
+        codeblocks.  Not retaining Scopes when just opcode sampling will reduce sampling
+        overhead reducing any instrumentation skew, which is a good thing.  As a side
+        benefit this patch also gets the opcode sampling going again, albeit in a bit of
+        a lame way.  Will come back later with a proper fix from codeblock sampling. 
+
+        * JavaScriptCore.exp:
+        * bytecode/SamplingTool.cpp:
+        (JSC::compareLineCountInfoSampling):
+        (JSC::SamplingTool::dump):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingTool::SamplingTool):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+
+2009-05-07  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Fix <https://bugs.webkit.org/show_bug.cgi?id=25640>.
+        Bug 25640: Crash on quit in r43384 nightly build on Leopard w/ Safari 4 beta installed
+        
+        Roll out r43366 as it removed symbols that Safari 4 Beta uses.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingThread::start):
+        (JSC::SamplingThread::stop):
+        * bytecode/SamplingTool.h:
+        * wtf/CrossThreadRefCounted.h:
+        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
+        (WTF::::ref):
+        (WTF::::deref):
+        * wtf/Threading.h:
+        * wtf/ThreadingNone.cpp:
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::identifierByPthreadHandle):
+        (WTF::establishIdentifierForPthreadHandle):
+        (WTF::pthreadHandleForIdentifier):
+        (WTF::clearPthreadHandleForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+        * wtf/ThreadingWin.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::storeThreadHandleByIdentifier):
+        (WTF::threadHandleForIdentifier):
+        (WTF::clearThreadHandleForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+        * wtf/gtk/ThreadingGtk.cpp:
+        (WTF::threadMapMutex):
+        (WTF::initializeThreading):
+        (WTF::threadMap):
+        (WTF::identifierByGthreadHandle):
+        (WTF::establishIdentifierForThread):
+        (WTF::threadForIdentifier):
+        (WTF::clearThreadForIdentifier):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+        * wtf/qt/ThreadingQt.cpp:
+        (WTF::threadMapMutex):
+        (WTF::threadMap):
+        (WTF::identifierByQthreadHandle):
+        (WTF::establishIdentifierForThread):
+        (WTF::clearThreadForIdentifier):
+        (WTF::threadForIdentifier):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+2009-05-07  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Suggested by Oliver Hunt.
+
+        Also check for Linux for the special-cased calling convention.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * wtf/Platform.h:
+
+2009-05-07  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Previously, when appending to an existing string and growing the underlying buffer,
+        we would actually allocate 110% of the required size in order to give us some space
+        to expand into.  Now we treat strings differently based on their size:
+
+        Small Strings (up to 4 pages):
+        Expand the allocation size to 112.5% of the amount requested.  This is largely sicking
+        to our previous policy, however 112.5% is cheaper to calculate.
+
+        Medium Strings (up to 128 pages):
+        For pages covering multiple pages over-allocation is less of a concern - any unused
+        space will not be paged in if it is not used, so this is purely a VM overhead.  For
+        these strings allocate 2x the requested size.
+
+        Large Strings (to infinity and beyond!):
+        Revert to our 112.5% policy - probably best to limit the amount of unused VM we allow
+        any individual string be responsible for.
+
+        Additionally, round small allocations up to a multiple of 16 bytes, and medium and
+        large allocations up to a multiple of page size.
+
+        ~1.5% progression on Sunspider, due to 5% improvement on tagcloud & 15% on validate.
+
+        * runtime/UString.cpp:
+        (JSC::expandedSize):
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed a minor sequencing error introduced by recent Parser speedups.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::createNativeThunk): Missed a spot in my last patch.
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+
+        * wtf/Platform.h: Reverted an accidental (and performance-catastrophic)
+        change.
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed a minor sequencing error introduced by recent Parser speedups.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::reparseInPlace): Missed a spot in my last patch.
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed a minor sequencing error introduced by recent Parser speedups.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::parse):
+        * parser/Parser.h:
+        (JSC::Parser::parse):
+        (JSC::Parser::reparse): Shrink the parsedObjects vector after allocating
+        the root node, to avoid leaving a stray node in the vector, since that's
+        a slight memory leak, and it causes problems during JSGlobalData teardown.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData): ASSERT that we're not being torn
+        down while we think we're still parsing, since that would cause lots of
+        bad memory references during our destruction.
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Replaced two more macros with references to the JITStackFrame structure.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        * jit/JITStubs.cpp:
+        (JSC::):
+        * jit/JITStubs.h:
+
+2009-05-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve native call performance
+
+        Fix the windows build by adding calling convention declarations everywhere,
+        chose fastcall as that seemed most sensible given we were having to declare
+        the convention explicitly.  In addition switched to fastcall on mac in the
+        deluded belief that documented fastcall behavior on windows would match 
+        actual its actual behavior.
+
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.h:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::argumentCount):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jsc.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionGC):
+        (functionVersion):
+        (functionRun):
+        (functionLoad):
+        (functionSetSamplingFlags):
+        (functionClearSamplingFlags):
+        (functionReadline):
+        (functionQuit):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::callArrayConstructor):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncReduce):
+        (JSC::arrayProtoFuncReduceRight):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::callBooleanConstructor):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString):
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/CallData.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::callDate):
+        (JSC::dateParse):
+        (JSC::dateNow):
+        (JSC::dateUTC):
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToString):
+        (JSC::dateProtoFuncToUTCString):
+        (JSC::dateProtoFuncToDateString):
+        (JSC::dateProtoFuncToTimeString):
+        (JSC::dateProtoFuncToLocaleString):
+        (JSC::dateProtoFuncToLocaleDateString):
+        (JSC::dateProtoFuncToLocaleTimeString):
+        (JSC::dateProtoFuncGetTime):
+        (JSC::dateProtoFuncGetFullYear):
+        (JSC::dateProtoFuncGetUTCFullYear):
+        (JSC::dateProtoFuncToGMTString):
+        (JSC::dateProtoFuncGetMonth):
+        (JSC::dateProtoFuncGetUTCMonth):
+        (JSC::dateProtoFuncGetDate):
+        (JSC::dateProtoFuncGetUTCDate):
+        (JSC::dateProtoFuncGetDay):
+        (JSC::dateProtoFuncGetUTCDay):
+        (JSC::dateProtoFuncGetHours):
+        (JSC::dateProtoFuncGetUTCHours):
+        (JSC::dateProtoFuncGetMinutes):
+        (JSC::dateProtoFuncGetUTCMinutes):
+        (JSC::dateProtoFuncGetSeconds):
+        (JSC::dateProtoFuncGetUTCSeconds):
+        (JSC::dateProtoFuncGetMilliSeconds):
+        (JSC::dateProtoFuncGetUTCMilliseconds):
+        (JSC::dateProtoFuncGetTimezoneOffset):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::dateProtoFuncSetMilliSeconds):
+        (JSC::dateProtoFuncSetUTCMilliseconds):
+        (JSC::dateProtoFuncSetSeconds):
+        (JSC::dateProtoFuncSetUTCSeconds):
+        (JSC::dateProtoFuncSetMinutes):
+        (JSC::dateProtoFuncSetUTCMinutes):
+        (JSC::dateProtoFuncSetHours):
+        (JSC::dateProtoFuncSetUTCHours):
+        (JSC::dateProtoFuncSetDate):
+        (JSC::dateProtoFuncSetUTCDate):
+        (JSC::dateProtoFuncSetMonth):
+        (JSC::dateProtoFuncSetUTCMonth):
+        (JSC::dateProtoFuncSetFullYear):
+        (JSC::dateProtoFuncSetUTCFullYear):
+        (JSC::dateProtoFuncSetYear):
+        (JSC::dateProtoFuncGetYear):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::callErrorConstructor):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::callFunctionConstructor):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::callFunctionPrototype):
+        (JSC::functionProtoFuncToString):
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::nativeFunction):
+        (JSC::JSFunction::setScopeChain):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        (JSC::globalFuncParseInt):
+        (JSC::globalFuncParseFloat):
+        (JSC::globalFuncIsNaN):
+        (JSC::globalFuncIsFinite):
+        (JSC::globalFuncDecodeURI):
+        (JSC::globalFuncDecodeURIComponent):
+        (JSC::globalFuncEncodeURI):
+        (JSC::globalFuncEncodeURIComponent):
+        (JSC::globalFuncEscape):
+        (JSC::globalFuncUnescape):
+        (JSC::globalFuncJSCPrint):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncAbs):
+        (JSC::mathProtoFuncACos):
+        (JSC::mathProtoFuncASin):
+        (JSC::mathProtoFuncATan):
+        (JSC::mathProtoFuncATan2):
+        (JSC::mathProtoFuncCeil):
+        (JSC::mathProtoFuncCos):
+        (JSC::mathProtoFuncExp):
+        (JSC::mathProtoFuncFloor):
+        (JSC::mathProtoFuncLog):
+        (JSC::mathProtoFuncMax):
+        (JSC::mathProtoFuncMin):
+        (JSC::mathProtoFuncPow):
+        (JSC::mathProtoFuncRandom):
+        (JSC::mathProtoFuncRound):
+        (JSC::mathProtoFuncSin):
+        (JSC::mathProtoFuncSqrt):
+        (JSC::mathProtoFuncTan):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::callNativeErrorConstructor):
+        * runtime/NativeFunctionWrapper.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::callNumberConstructor):
+        * runtime/NumberPrototype.cpp:
+        (JSC::numberProtoFuncToString):
+        (JSC::numberProtoFuncToLocaleString):
+        (JSC::numberProtoFuncValueOf):
+        (JSC::numberProtoFuncToFixed):
+        (JSC::numberProtoFuncToExponential):
+        (JSC::numberProtoFuncToPrecision):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::callObjectConstructor):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncValueOf):
+        (JSC::objectProtoFuncHasOwnProperty):
+        (JSC::objectProtoFuncIsPrototypeOf):
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        (JSC::objectProtoFuncLookupGetter):
+        (JSC::objectProtoFuncLookupSetter):
+        (JSC::objectProtoFuncPropertyIsEnumerable):
+        (JSC::objectProtoFuncToLocaleString):
+        (JSC::objectProtoFuncToString):
+        * runtime/ObjectPrototype.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::callRegExpConstructor):
+        * runtime/RegExpObject.cpp:
+        (JSC::callRegExpObject):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest):
+        (JSC::regExpProtoFuncExec):
+        (JSC::regExpProtoFuncCompile):
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCode):
+        (JSC::callStringConstructor):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncToString):
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncIndexOf):
+        (JSC::stringProtoFuncLastIndexOf):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSlice):
+        (JSC::stringProtoFuncSplit):
+        (JSC::stringProtoFuncSubstr):
+        (JSC::stringProtoFuncSubstring):
+        (JSC::stringProtoFuncToLowerCase):
+        (JSC::stringProtoFuncToUpperCase):
+        (JSC::stringProtoFuncLocaleCompare):
+        (JSC::stringProtoFuncBig):
+        (JSC::stringProtoFuncSmall):
+        (JSC::stringProtoFuncBlink):
+        (JSC::stringProtoFuncBold):
+        (JSC::stringProtoFuncFixed):
+        (JSC::stringProtoFuncItalics):
+        (JSC::stringProtoFuncStrike):
+        (JSC::stringProtoFuncSub):
+        (JSC::stringProtoFuncSup):
+        (JSC::stringProtoFuncFontcolor):
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncAnchor):
+        (JSC::stringProtoFuncLink):
+        * wtf/Platform.h:
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Rolled out a portion of r43352 because it broke 64bit.
+
+        * jit/JITStubs.h:
+
+2009-05-07  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Build fix for functions reaturning ThreadIdentifier.
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::createThreadInternal):
+        (WTF::currentThread):
+
+2009-05-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by John Honeycutt.
+        
+        - enable optimization case im the last patch that I accidentally had disabled.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_jnless):
+
+2009-05-07  Dmitry Titov  <dimich@chromium.org>
+
+        Attempt to fix Win build.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_jnless):
+
+2009-05-07  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov and Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25348
+        Change WTF::ThreadIdentifier to be an actual (but wrapped) thread id, remove ThreadMap.
+
+        * wtf/Threading.h:
+        (WTF::ThreadIdentifier::ThreadIdentifier):
+        (WTF::ThreadIdentifier::isValid):
+        (WTF::ThreadIdentifier::invalidate):
+        (WTF::ThreadIdentifier::platformId):
+        ThreadIdentifier is now a class, containing a PlatformThreadIdentifier and
+        methods that are used across the code on thread ids: construction, comparisons,
+        check for 'valid' state etc. '0' is used as invalid id, which happens to just work
+        with all platform-specific thread id implementations.
+
+        All the following files repeatedly reflect the new ThreadIdentifier for each platform.
+        We remove ThreadMap and threadMapMutex from all of them, remove the functions that
+        populated/searched/cleared the map and add platform-specific comparison operators
+        for ThreadIdentifier.
+
+        * wtf/gtk/ThreadingGtk.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::detachThread):
+        (WTF::currentThread):
+
+        * wtf/qt/ThreadingQt.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal):
+        (WTF::waitForThreadCompletion):
+        (WTF::currentThread):
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadIdentifier::operator==):
+        (WTF::ThreadIdentifier::operator!=):
+        (WTF::initializeThreading):
+        (WTF::createThreadInternal): All the platforms (except Windows) used a sequential
+        counter as a thread ID and mapped it into platform ID. Windows was using native thread
+        id and mapped it into thread handle. Since we can always obtain a thread handle
+        by thread id, createThread now closes the handle.
+        (WTF::waitForThreadCompletion): obtains another one using OpenThread(id) API. If can not obtain a handle,
+        it means the thread already exited.
+        (WTF::detachThread):
+        (WTF::currentThread):
+        (WTF::detachThreadDeprecated): old function, renamed (for Win Safari 4 beta which uses it for now).
+        (WTF::waitForThreadCompletionDeprecated): same.
+        (WTF::currentThreadDeprecated): same.
+        (WTF::createThreadDeprecated): same.
+
+        * bytecode/SamplingTool.h:
+        * bytecode/SamplingTool.cpp: Use DEFINE_STATIC_LOCAL for a static ThreadIdentifier variable, to avoid static constructor.
+
+        * JavaScriptCore.exp: export lists - updated the WTF threading functions decorated names
+        since they now take a different type as a parameter.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: ditto for Windows, plus added "deprecated" functions
+        that take old parameter type - turns out public beta of Safari 4 uses those, so they need to be kept along for a while.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: ditto.
+
+2009-05-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        - optimize various cases of branch-fused less
+        
+        1% speedup on SunSpider overall
+        13% speedup on math-cordic
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        op_loop_if_less: Optimize case of constant as first operand, just as case of constant as
+        second operand.
+        op_jnless: Factored out into compileFastArith_op_jnless.
+        (JSC::JIT::privateCompileSlowCases):
+        op_jnless: Factored out into compileFastArithSlow_op_jnless.
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_jnless): Factored out from main compile loop.
+        - Generate inline code for comparison of constant immediate int as first operand to another
+        immediate int, as for loop_if_less
+
+        (JSC::JIT::compileFastArithSlow_op_jnless):
+        - Generate inline code for comparing two floating point numbers.
+        - Generate code for both cases of comparing a floating point number to a constant immediate 
+        int.
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Fix dumping of op_jnless (tangentially related bugfix).
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added the return address of a stub function to the JITStackFrame abstraction.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITStubs.cpp:
+        (JSC::):
+        (JSC::StackHack::StackHack):
+        (JSC::StackHack::~StackHack):
+        (JSC::returnToThrowTrampoline):
+        (JSC::JITStubs::cti_op_convert_this):
+        (JSC::JITStubs::cti_op_end):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_timeout_check):
+        (JSC::JITStubs::cti_register_file_check):
+        (JSC::JITStubs::cti_op_loop_if_less):
+        (JSC::JITStubs::cti_op_loop_if_lesseq):
+        (JSC::JITStubs::cti_op_new_object):
+        (JSC::JITStubs::cti_op_put_by_id_generic):
+        (JSC::JITStubs::cti_op_get_by_id_generic):
+        (JSC::JITStubs::cti_op_put_by_id):
+        (JSC::JITStubs::cti_op_put_by_id_second):
+        (JSC::JITStubs::cti_op_put_by_id_fail):
+        (JSC::JITStubs::cti_op_get_by_id):
+        (JSC::JITStubs::cti_op_get_by_id_second):
+        (JSC::JITStubs::cti_op_get_by_id_self_fail):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
+        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
+        (JSC::JITStubs::cti_op_get_by_id_array_fail):
+        (JSC::JITStubs::cti_op_get_by_id_string_fail):
+        (JSC::JITStubs::cti_op_instanceof):
+        (JSC::JITStubs::cti_op_del_by_id):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_new_func):
+        (JSC::JITStubs::cti_op_call_JSFunction):
+        (JSC::JITStubs::cti_op_call_arityCheck):
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_vm_lazyLinkCall):
+        (JSC::JITStubs::cti_op_push_activation):
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_create_arguments):
+        (JSC::JITStubs::cti_op_create_arguments_no_params):
+        (JSC::JITStubs::cti_op_tear_off_activation):
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        (JSC::JITStubs::cti_op_profile_will_call):
+        (JSC::JITStubs::cti_op_profile_did_call):
+        (JSC::JITStubs::cti_op_ret_scopeChain):
+        (JSC::JITStubs::cti_op_new_array):
+        (JSC::JITStubs::cti_op_resolve):
+        (JSC::JITStubs::cti_op_construct_JSConstruct):
+        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_lesseq):
+        (JSC::JITStubs::cti_op_loop_if_true):
+        (JSC::JITStubs::cti_op_load_varargs):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_resolve_base):
+        (JSC::JITStubs::cti_op_resolve_skip):
+        (JSC::JITStubs::cti_op_resolve_global):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_jless):
+        (JSC::JITStubs::cti_op_not):
+        (JSC::JITStubs::cti_op_jtrue):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+        (JSC::JITStubs::cti_op_new_func_exp):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_less):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_new_regexp):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_op_throw):
+        (JSC::JITStubs::cti_op_get_pnames):
+        (JSC::JITStubs::cti_op_next_pname):
+        (JSC::JITStubs::cti_op_push_scope):
+        (JSC::JITStubs::cti_op_pop_scope):
+        (JSC::JITStubs::cti_op_typeof):
+        (JSC::JITStubs::cti_op_is_undefined):
+        (JSC::JITStubs::cti_op_is_boolean):
+        (JSC::JITStubs::cti_op_is_number):
+        (JSC::JITStubs::cti_op_is_string):
+        (JSC::JITStubs::cti_op_is_object):
+        (JSC::JITStubs::cti_op_is_function):
+        (JSC::JITStubs::cti_op_stricteq):
+        (JSC::JITStubs::cti_op_to_primitive):
+        (JSC::JITStubs::cti_op_strcat):
+        (JSC::JITStubs::cti_op_nstricteq):
+        (JSC::JITStubs::cti_op_to_jsnumber):
+        (JSC::JITStubs::cti_op_in):
+        (JSC::JITStubs::cti_op_push_new_scope):
+        (JSC::JITStubs::cti_op_jmp_scopes):
+        (JSC::JITStubs::cti_op_put_by_index):
+        (JSC::JITStubs::cti_op_switch_imm):
+        (JSC::JITStubs::cti_op_switch_char):
+        (JSC::JITStubs::cti_op_switch_string):
+        (JSC::JITStubs::cti_op_del_by_val):
+        (JSC::JITStubs::cti_op_put_getter):
+        (JSC::JITStubs::cti_op_put_setter):
+        (JSC::JITStubs::cti_op_new_error):
+        (JSC::JITStubs::cti_op_debug):
+        (JSC::JITStubs::cti_vm_throw):
+        * jit/JITStubs.h:
+        (JSC::JITStackFrame::returnAddressSlot):
+
+2009-05-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::lex): Fix missing braces. This would make us always
+        take the slower case for string parsing and Visual Studio correctly
+        noticed unreachable code.
+
+2009-05-07  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 25589: goto instead of state machine in lexer
+        https://bugs.webkit.org/show_bug.cgi?id=25589
+
+        SunSpider is 0.8% faster.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::currentCharacter): Added.
+        (JSC::Lexer::currentOffset): Changed to call currentCharacter for clarity.
+        (JSC::Lexer::setCode): Removed code to set now-obsolete m_skipLineEnd.
+        (JSC::Lexer::shiftLineTerminator): Added. Handles line numbers and the
+        two-character line terminators.
+        (JSC::Lexer::makeIdentifier): Changed to take characters and length rather
+        than a vector, since we now make these directly out of the source buffer
+        when possible.
+        (JSC::Lexer::lastTokenWasRestrKeyword): Added.
+        (JSC::isNonASCIIIdentStart): Broke out the non-inline part.
+        (JSC::isIdentStart): Moved here.
+        (JSC::isNonASCIIIdentPart): Broke out the non-inline part.
+        (JSC::isIdentPart): Moved here.
+        (JSC::singleEscape): Moved here, and removed some unneeded cases.
+        (JSC::Lexer::record8): Moved here.
+        (JSC::Lexer::record16): Moved here.
+        (JSC::Lexer::lex): Rewrote this whole function to use goto and not use
+        a state machine. Got rid of most of the local variables. Also rolled the
+        matchPunctuator function in here.
+        (JSC::Lexer::scanRegExp): Changed to use the new version of isLineTerminator.
+        Clear m_buffer16 after using it instead of before.
+
+        * parser/Lexer.h: Removed State enum, setDone function, nextLine function,
+        lookupKeywordFunction, one of the isLineTerminator functions, m_done data member,
+        m_skipLineEnd data member, and m_state data member. Added shiftLineTerminator
+        function, currentCharacter function, and changed the arguments to the makeIdentifier
+        function. Removed one branch from the isLineTerminator function.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace): Streamlined the case where we don't replace anything.
+
+2009-05-07  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Removed a few more special constants, and replaced them with uses of
+        the JITStackFrame struct.
+
+        Removed one of the two possible definitions of VoidPtrPair. The Mac
+        definition was more elegant, but SunSpider doesn't think it's any
+        faster, and it's net less elegant to have two ways of doing things.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        * jit/JITStubs.h:
+        (JSC::):
+
+2009-05-07  Darin Adler  <darin@apple.com>
+
+        * runtime/ScopeChain.h:
+        (JSC::ScopeChainNode::~ScopeChainNode): Tweak formatting.
+
+2009-05-07  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Fix the build thread stack base determination build on Symbian,
+        by moving the code block before PLATFORM(UNIX), which is also
+        enabled on Symbian builds.
+
+        * runtime/Collector.cpp:
+        (JSC::currentThreadStackBase):
+
+2009-05-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix crash due to incorrectly using an invalid scopechain 
+
+        stringProtoFuncReplace was checking for an exception on a CachedCall
+        by asking for the cached callframes exception.  Unfortunately this
+        could crash in certain circumstances as CachedCall does not guarantee
+        a valid callframe following a call.  Even more unfortunately the check
+        was entirely unnecessary as there is only a single exception slot per
+        global data, so it was already checked via the initial exec->hadException()
+        check.
+
+        To make bugs like this more obvious, i've added a debug only destructor
+        to ScopeChainNode that 0's all of its fields.  This exposed a crash in
+        the standard javascriptcore tests.
+
+        * runtime/ScopeChain.h:
+        (JSC::ScopeChainNode::~ScopeChainNode):
+        (JSC::ScopeChain::~ScopeChain):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+
+2009-05-07  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Enable op_strcat across += assignments.  This patch allows the lhs of a read/modify node
+        to be included within the concatenation operation, and also modifies the implementation
+        of the concatenation to attempt to reuse and cat onto the leftmost string, rather than
+        always allocating a new empty output string to copy into (as was previously the behaviour).
+
+        ~0.5% progression, due to a 3%-3.5% progression on the string tests (particularly validate).
+
+        * parser/Nodes.cpp:
+        (JSC::BinaryOpNode::emitStrcat):
+        (JSC::emitReadModifyAssignment):
+        (JSC::ReadModifyResolveNode::emitBytecode):
+        (JSC::ReadModifyDotNode::emitBytecode):
+        (JSC::ReadModifyBracketNode::emitBytecode):
+        * parser/Nodes.h:
+        * runtime/Operations.h:
+        (JSC::concatenateStrings):
+        * runtime/UString.cpp:
+        (JSC::UString::reserveCapacity):
+        * runtime/UString.h:
+
+2009-05-07  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix the build on Windows without JIT: interpreter/RegisterFile.h needs
+        roundUpAllocationSize, which is protected by #if ENABLED(ASSEMBLER).
+        Moved the #ifdef down and always offer the function.
+
+        * jit/ExecutableAllocator.h:
+
+2009-05-06  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin "++" Barraclough.
+        
+        Added some abstraction around the JIT stub calling convention by creating
+        a struct to represent the persistent stack frame JIT code shares with
+        JIT stubs.
+        
+        SunSpider reports no change.
+
+        * jit/JIT.h:
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_convert_this):
+        (JSC::JITStubs::cti_op_end):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_timeout_check):
+        (JSC::JITStubs::cti_register_file_check):
+        (JSC::JITStubs::cti_op_loop_if_less):
+        (JSC::JITStubs::cti_op_loop_if_lesseq):
+        (JSC::JITStubs::cti_op_new_object):
+        (JSC::JITStubs::cti_op_put_by_id_generic):
+        (JSC::JITStubs::cti_op_get_by_id_generic):
+        (JSC::JITStubs::cti_op_put_by_id):
+        (JSC::JITStubs::cti_op_put_by_id_second):
+        (JSC::JITStubs::cti_op_put_by_id_fail):
+        (JSC::JITStubs::cti_op_get_by_id):
+        (JSC::JITStubs::cti_op_get_by_id_second):
+        (JSC::JITStubs::cti_op_get_by_id_self_fail):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
+        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
+        (JSC::JITStubs::cti_op_get_by_id_array_fail):
+        (JSC::JITStubs::cti_op_get_by_id_string_fail):
+        (JSC::JITStubs::cti_op_instanceof):
+        (JSC::JITStubs::cti_op_del_by_id):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_new_func):
+        (JSC::JITStubs::cti_op_call_JSFunction):
+        (JSC::JITStubs::cti_op_call_arityCheck):
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_vm_lazyLinkCall):
+        (JSC::JITStubs::cti_op_push_activation):
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_create_arguments):
+        (JSC::JITStubs::cti_op_create_arguments_no_params):
+        (JSC::JITStubs::cti_op_tear_off_activation):
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        (JSC::JITStubs::cti_op_profile_will_call):
+        (JSC::JITStubs::cti_op_profile_did_call):
+        (JSC::JITStubs::cti_op_ret_scopeChain):
+        (JSC::JITStubs::cti_op_new_array):
+        (JSC::JITStubs::cti_op_resolve):
+        (JSC::JITStubs::cti_op_construct_JSConstruct):
+        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_lesseq):
+        (JSC::JITStubs::cti_op_loop_if_true):
+        (JSC::JITStubs::cti_op_load_varargs):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_resolve_base):
+        (JSC::JITStubs::cti_op_resolve_skip):
+        (JSC::JITStubs::cti_op_resolve_global):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_jless):
+        (JSC::JITStubs::cti_op_not):
+        (JSC::JITStubs::cti_op_jtrue):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+        (JSC::JITStubs::cti_op_new_func_exp):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_less):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_new_regexp):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_op_throw):
+        (JSC::JITStubs::cti_op_get_pnames):
+        (JSC::JITStubs::cti_op_next_pname):
+        (JSC::JITStubs::cti_op_push_scope):
+        (JSC::JITStubs::cti_op_pop_scope):
+        (JSC::JITStubs::cti_op_typeof):
+        (JSC::JITStubs::cti_op_is_undefined):
+        (JSC::JITStubs::cti_op_is_boolean):
+        (JSC::JITStubs::cti_op_is_number):
+        (JSC::JITStubs::cti_op_is_string):
+        (JSC::JITStubs::cti_op_is_object):
+        (JSC::JITStubs::cti_op_is_function):
+        (JSC::JITStubs::cti_op_stricteq):
+        (JSC::JITStubs::cti_op_to_primitive):
+        (JSC::JITStubs::cti_op_strcat):
+        (JSC::JITStubs::cti_op_nstricteq):
+        (JSC::JITStubs::cti_op_to_jsnumber):
+        (JSC::JITStubs::cti_op_in):
+        (JSC::JITStubs::cti_op_push_new_scope):
+        (JSC::JITStubs::cti_op_jmp_scopes):
+        (JSC::JITStubs::cti_op_put_by_index):
+        (JSC::JITStubs::cti_op_switch_imm):
+        (JSC::JITStubs::cti_op_switch_char):
+        (JSC::JITStubs::cti_op_switch_string):
+        (JSC::JITStubs::cti_op_del_by_val):
+        (JSC::JITStubs::cti_op_put_getter):
+        (JSC::JITStubs::cti_op_put_setter):
+        (JSC::JITStubs::cti_op_new_error):
+        (JSC::JITStubs::cti_op_debug):
+        (JSC::JITStubs::cti_vm_throw):
+        * jit/JITStubs.h:
+        (JSC::):
+
+2009-05-06  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak & Darin Adler.
+
+        Improve string concatenation (as coded in JS as a sequence of adds).
+
+        Detect patterns corresponding to string concatenation, and change the bytecode
+        generation to emit a new op_strcat instruction.  By handling the full set of
+        additions within a single function we do not need allocate JSString wrappers
+        for intermediate results, and we can calculate the size of the output string
+        prior to allocating storage, in order to prevent reallocation of the buffer.
+
+        1.5%-2% progression on Sunspider, largely due to a 30% progression on date-format-xparb.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+            Add new opcodes.
+        * bytecode/Opcode.h:
+            Add new opcodes.
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitStrcat):
+        (JSC::BytecodeGenerator::emitToPrimitive):
+            Add generation of new opcodes.
+        * bytecompiler/BytecodeGenerator.h:
+            Add generation of new opcodes.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+            Add implmentation of new opcodes.
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+            Add implmentation of new opcodes.
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_to_primitive):
+        (JSC::JITStubs::cti_op_strcat):
+            Add implmentation of new opcodes.
+        * jit/JITStubs.h:
+            Add implmentation of new opcodes.
+        * parser/Nodes.cpp:
+        (JSC::BinaryOpNode::emitStrcat):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::ReadModifyResolveNode::emitBytecode):
+            Add generation of new opcodes.
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::):
+        (JSC::AddNode::):
+            Add methods to allow identification of add nodes.
+        * parser/ResultType.h:
+        (JSC::ResultType::definitelyIsString):
+        (JSC::ResultType::forAdd):
+            Fix error in detection of adds that will produce string results.
+        * runtime/Operations.h:
+        (JSC::concatenateStrings):
+            Add implmentation of new opcodes.
+        * runtime/UString.cpp:
+        (JSC::UString::appendNumeric):
+            Add methods to append numbers to an existing string.
+        * runtime/UString.h:
+        (JSC::UString::Rep::createEmptyBuffer):
+        (JSC::UString::BaseString::BaseString):
+            Add support for creating an empty string with a non-zero capacity available in the BaseString.
+
+2009-05-06  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Made RefCounted::m_refCount private.
+
+        * runtime/Structure.h: Removed addressOfCount.
+        * wtf/RefCounted.h: Made m_refCount private.
+        Added addressOfCount.
+
+2009-05-06  Darin Adler  <darin@apple.com>
+
+        Fixed assertion seen a lot!
+
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::~FunctionBodyNode): Removed now-bogus assertion.
+
+2009-05-06  Darin Adler  <darin@apple.com>
+
+        Working with Sam Weinig.
+
+        Redo parse tree constructor optimization without breaking the Windows
+        build the way I did yesterday. The previous try broke the build by adding
+        an include of Lexer.h and all its dependencies that had to work outside
+        the JavaScriptCore project.
+
+        * GNUmakefile.am: Added NodeConstructors.h.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        Removed byteocde directory -- we no longer are trying to include Lexer.h
+        outside JavaScriptCore.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Change SegmentedVector.h
+        and Lexer.h back to internal files. Added NodeConstructors.h.
+
+        * parser/Grammar.y: Added include of NodeConstructors.h.
+        Changed use of ConstDeclNode to use public functions.
+
+        * parser/NodeConstructors.h: Copied from parser/Nodes.h.
+        Just contains the inlined constructors now.
+
+        * parser/Nodes.cpp: Added include of NodeConstructors.h.
+        Moved node constructors into the header.
+        (JSC::FunctionBodyNode::FunctionBodyNode): Removed m_refCount
+        initialization.
+
+        * parser/Nodes.h: Removed all the constructor definitions, and also
+        removed the JSC_FAST_CALL from them since these are all inlined, so the
+        calling convention is irrelevant. Made more things private. Used a data
+        member for operator opcodes instead of a virtual function. Removed the
+        special FunctionBodyNode::ref/deref functions since the default functions
+        are now just as fast.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::extractFunctionBody): Fixed types here so we don't typecast until
+        after we do type checking.
+
+2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Ariya Hidayat.
+
+        Fix the Qt build on Windows.
+
+        * JavaScriptCore.pri: Define BUILDING_JavaScriptCore/WTF to get the meaning
+        of the JS_EXPORTDATA macros correct
+
+2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Ariya Hidayat.
+
+        Enable the JIT for the Qt build on Windows.
+
+        * JavaScriptCore.pri:
+
+2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Tweak JavaScriptCore.pri for being able to override the generated sources dir for the
+        generated_files target.
+
+        * JavaScriptCore.pri:
+
+2009-05-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Build QtWebKit as a framework on Mac
+
+        This implies both debug and release build by default, unless
+        one of the --debug or --release config options are passed to
+        the build-webkit script.
+
+        Frameworks can be disabled by passing CONFIG+=webkit_no_framework
+        to the build-webkit script.
+
+        To be able to build both debug and release targets in parallel
+        we have to use separate output directories for the generated
+        sources, which is not optimal, but required to avoid race conditions.
+
+        An optimization would be to only require this spit-up on Mac.
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.pro:
+        * jsc.pro:
+
+2009-05-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        [Qt] Use $$GENERATED_SOURCES_DIR as output when running bison
+
+        A couple of the generators left the bison output file in the source
+        tree, and then moved it into $$GENERATED_SOURCES_DIR, which did not
+        work well when building release and debug configurations in parallel.
+
+        * JavaScriptCore.pri:
+
+2009-05-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Simplified a bit of codegen.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-05-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Moved all the JIT stub related code into one place.
+
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITCode.h:
+        * jit/JITStubs.cpp:
+        (JSC::):
+        * jit/JITStubs.h:
+
+2009-05-05  Sam Weinig  <sam@webkit.org>
+
+        Try to fix Windows build.
+
+        Move Node constructor to the .cpp file.
+
+        * parser/Nodes.cpp: 
+        * parser/Nodes.h:
+
+2009-05-05  Darin Adler  <darin@apple.com>
+
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+        Try to fix Mac build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Made SegmentedVector.h private.
+
+2009-05-05  Darin Adler  <darin@apple.com>
+
+        Try to fix Mac build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Made Lexer.h private.
+
+2009-05-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 25569: make ParserRefCounted use conventional reference counting
+        https://bugs.webkit.org/show_bug.cgi?id=25569
+
+        SunSpider speedup of about 1.6%.
+
+        * JavaScriptCore.exp: Updated.
+
+        * parser/Nodes.cpp:
+        (JSC::NodeReleaser::releaseAllNodes): ALWAYS_INLINE.
+        (JSC::NodeReleaser::adopt): Ditto.
+        (JSC::ParserRefCounted::ParserRefCounted): Removed most of the code.
+        Add the object to a Vector<RefPtr> that gets cleared after parsing.
+        (JSC::ParserRefCounted::~ParserRefCounted): Removed most of the code.
+
+        * parser/Nodes.h: Made ParserRefCounted inherit from RefCounted and
+        made inline versions of the constructor and destructor. Made the
+        Node constructor inline.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::parse): Call globalData->parserObjects.shrink(0) after
+        parsing, where it used to call ParserRefCounted::deleteNewObjects.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Eliminated code to manage the
+        newParserObjects and parserObjectExtraRefCounts.
+        (JSC::JSGlobalData::~JSGlobalData): Ditto.
+
+        * runtime/JSGlobalData.h: Replaced the HashSet and HashCountedSet
+        with a Vector.
+
+        * wtf/PassRefPtr.h:
+        (WTF::PassRefPtr::~PassRefPtr): The most common thing to do with a
+        PassRefPtr in hot code is to pass it and then destroy it once it's
+        set to zero. Help the optimizer by telling it that's true.
+
+2009-05-05  Xan Lopez  <xlopez@igalia.com> and Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
+
+        Reviewed by Oliver Hunt.
+
+        Disable the NativeFunctionWrapper for all non-Mac ports for now,
+        as it is also crashing on Linux/x86.
+
+        * runtime/NativeFunctionWrapper.h:
+
+2009-05-05  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Expose toThisObject for the DOM Window
+
+        * JavaScriptCore.exp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Make windows go again until i work out the
+        accursed calling convention).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * jit/JIT.cpp:
+        * runtime/NativeFunctionWrapper.h:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Fix windows debug builds).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Hopefully the last fix).
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Fix the build fix caused by a different build fix).
+
+        * parser/Nodes.cpp:
+        * parser/Nodes.h:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (No idea how my changes could have broken these).
+
+        * runtime/DatePrototype.cpp:
+        * runtime/RegExpObject.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Why should i expect msvc to list all the errors in a file?).
+
+        * parser/Nodes.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Fix warning, and another missing include).
+
+        * jit/JIT.cpp:
+        * parser/Nodes.h:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (More build fixes).
+
+        * runtime/ErrorPrototype.cpp:
+        * runtime/JSGlobalObject.cpp:
+        * runtime/NumberPrototype.cpp:
+        * runtime/ObjectPrototype.cpp:
+        * runtime/StringConstructor.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Will the fixes never end?).
+
+        * runtime/FunctionPrototype.h:
+        * runtime/Lookup.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (More build fixes).
+
+        * jit/JIT.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (More build fixing).
+
+        * runtime/CallData.h:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        * runtime/ArrayConstructor.cpp:
+        * runtime/BooleanPrototype.cpp:
+        * runtime/DateConstructor.cpp:
+        * runtime/Error.cpp:
+        * runtime/ObjectConstructor.cpp:
+        * runtime/RegExpPrototype.cpp:
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        Add missing file
+
+        * runtime/NativeFunctionWrapper.h: Copied from JavaScriptCore/jit/ExecutableAllocator.cpp.
+
+2009-05-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 25559: Improve native function call performance
+        <https://bugs.webkit.org/show_bug.cgi?id=25559>
+
+        In order to cache calls to native functions we now make the standard
+        prototype functions use a small assembly thunk that converts the JS
+        calling convention into the native calling convention.  As this is
+        only beneficial in the JIT we use the NativeFunctionWrapper typedef
+        to alternate between PrototypeFunction and JSFunction to keep the
+        code sane.  This change from PrototypeFunction to NativeFunctionWrapper
+        is the bulk of this patch.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::call):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::addPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::leaq_mr):
+        (JSC::X86Assembler::call_m):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::linkCall):
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCode.h:
+        (JSC::JITCode::operator bool):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetFromCallFrameHeader):
+        (JSC::JIT::emitGetFromCallFrameHeader32):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::JITStubs):
+        (JSC::JITStubs::cti_op_call_JSFunction):
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_vm_lazyLinkCall):
+        (JSC::JITStubs::cti_op_construct_JSConstruct):
+        * jit/JITStubs.h:
+        (JSC::JITStubs::ctiNativeCallThunk):
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::createNativeThunk):
+        (JSC::FunctionBodyNode::generateJITCode):
+        * parser/Nodes.h:
+        (JSC::FunctionBodyNode::):
+        (JSC::FunctionBodyNode::generatedJITCode):
+        (JSC::FunctionBodyNode::jitCode):
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::createCallIdentifier):
+        * runtime/ArgList.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::isNumericCompareFunction):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * runtime/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::addFunctionProperties):
+        (JSC::functionProtoFuncToString):
+        * runtime/FunctionPrototype.h:
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::~JSFunction):
+        (JSC::JSFunction::mark):
+        (JSC::JSFunction::getCallData):
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::argumentsGetter):
+        (JSC::JSFunction::callerGetter):
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getOwnPropertySlot):
+        (JSC::JSFunction::put):
+        (JSC::JSFunction::deleteProperty):
+        (JSC::JSFunction::getConstructData):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::setScope):
+        (JSC::JSFunction::scope):
+        (JSC::JSFunction::isHostFunction):
+        (JSC::JSFunction::scopeChain):
+        (JSC::JSFunction::clearScopeChain):
+        (JSC::JSFunction::setScopeChain):
+        (JSC::JSFunction::nativeFunction):
+        (JSC::JSFunction::setNativeFunction):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData):
+        (JSC::JSGlobalData::createNativeThunk):
+        * runtime/JSGlobalData.h:
+        (JSC::JSGlobalData::nativeFunctionThunk):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * runtime/JSGlobalObject.h:
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/Lookup.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * runtime/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+
+2009-05-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        For convenience, let the sampling flags tool clear multiple flags at once.
+
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        (functionSetSamplingFlags):
+        (functionClearSamplingFlags):
+
+2009-05-04  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Gavin.
+
+        - inline Vector::resize for a ~1.5% speedup on string-tagcloud
+
+        * wtf/Vector.h:
+        (WTF::Vector::resize): Inline
+
+2009-05-03  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
+
+2009-05-03  Mark Rowe  <mrowe@apple.com>
+
+        Fix the 64-bit build.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * runtime/JSNumberCell.cpp:
+        (JSC::jsAPIMangledNumber):
+        * runtime/JSNumberCell.h:
+
+2009-05-02  Sam Weinig  <sam@webkit.org>
+
+        Roll JSC API number marshaling back in one last time (I hope).
+
+2009-05-03  Sam Weinig  <sam@webkit.org>
+
+        Roll JSC API number marshaling back out. It still breaks windows.
+
+2009-05-03  Sam Weinig  <sam@webkit.org>
+
+        Roll JSC API number marshaling back in.
+
+2009-05-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 25519: streamline lexer by handling BOMs differently
+        https://bugs.webkit.org/show_bug.cgi?id=25519
+
+        Roughly 1% faster SunSpider.
+
+        * parser/Grammar.y: Tweak formatting a bit.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::Lexer): Remove unnnecessary initialization of data members
+        that are set up by setCode.
+        (JSC::Lexer::currentOffset): Added. Used where the old code would look at
+        m_currentOffset.
+        (JSC::Lexer::shift1): Replaces the old shift function. No longer does anything
+        to handle BOM characters.
+        (JSC::Lexer::shift2): Ditto.
+        (JSC::Lexer::shift3): Ditto.
+        (JSC::Lexer::shift4): Ditto.
+        (JSC::Lexer::setCode): Updated for name change from yylineno to m_line.
+        Removed now-unused m_eatNextIdentifier, m_stackToken, and m_restrKeyword.
+        Replaced m_skipLF and m_skipCR with m_skipLineEnd. Replaced the old
+        m_length with m_codeEnd and m_currentOffset with m_codeStart. Added code
+        to scan for a BOM character and call copyCodeWithoutBOMs() if we find any.
+        (JSC::Lexer::copyCodeWithoutBOMs): Added.
+        (JSC::Lexer::nextLine): Updated for name change from yylineno to m_line.
+        (JSC::Lexer::makeIdentifier): Moved up higher in the file.
+        (JSC::Lexer::matchPunctuator): Moved up higher in the file and changed to
+        use a switch statement instead of just if statements.
+        (JSC::Lexer::isLineTerminator): Moved up higher in the file and changed to
+        have fewer branches.
+        (JSC::Lexer::lastTokenWasRestrKeyword): Added. This replaces the old
+        m_restrKeyword boolean.
+        (JSC::Lexer::isIdentStart): Moved up higher in the file. Changed to use
+        fewer branches in the ASCII but not identifier case.
+        (JSC::Lexer::isIdentPart): Ditto.
+        (JSC::Lexer::singleEscape): Moved up higher in the file.
+        (JSC::Lexer::convertOctal): Moved up higher in the file.
+        (JSC::Lexer::convertHex): Moved up higher in the file. Changed to use
+        toASCIIHexValue instead of rolling our own here.
+        (JSC::Lexer::convertUnicode): Ditto.
+        (JSC::Lexer::record8): Moved up higher in the file.
+        (JSC::Lexer::record16): Moved up higher in the file.
+        (JSC::Lexer::lex): Changed type of stringType to int. Replaced m_skipLF
+        and m_skipCR with m_skipLineEnd, which requires fewer branches in the
+        main lexer loop. Use currentOffset instead of m_currentOffset. Removed
+        unneeded m_stackToken. Use isASCIIDigit instead of isDecimalDigit.
+        Split out the two cases for InIdentifierOrKeyword and InIdentifier.
+        Added special case tight loops for identifiers and other simple states.
+        Removed a branch from the code that sets m_atLineStart to false using goto.
+        Streamlined the number-handling code so we don't check for the same types
+        twice for non-numeric cases and don't add a null to m_buffer8 when it's
+        not being used. Removed m_eatNextIdentifier, which wasn't working anyway,
+        and m_restrKeyword, which is redundant with m_lastToken. Set the
+        m_delimited flag without using a branch.
+        (JSC::Lexer::scanRegExp): Tweaked style a bit.
+        (JSC::Lexer::clear): Clear m_codeWithoutBOMs so we don't use memory after
+        parsing. Clear out UString objects in the more conventional way.
+        (JSC::Lexer::sourceCode): Made this no-longer inline since it has more
+        work to do in the case where we stripped BOMs.
+
+        * parser/Lexer.h: Renamed yylineno to m_lineNumber. Removed convertHex
+        function, which is the same as toASCIIHexValue. Removed isHexDigit
+        function, which is the same as isASCIIHedDigit. Replaced shift with four
+        separate shift functions. Removed isWhiteSpace function that passes
+        m_current, instead just passing m_current explicitly. Removed isOctalDigit,
+        which is the same as isASCIIOctalDigit. Eliminated unused arguments from
+        matchPunctuator. Added copyCoodeWithoutBOMs and currentOffset. Moved the
+        makeIdentifier function out of the header. Added lastTokenWasRestrKeyword
+        function. Added new constants for m_skipLineEnd. Removed unused yycolumn,
+        m_restrKeyword, m_skipLF, m_skipCR, m_eatNextIdentifier, m_stackToken,
+        m_position, m_length, m_currentOffset, m_nextOffset1, m_nextOffset2,
+        m_nextOffset3. Added m_skipLineEnd, m_codeStart, m_codeEnd, and
+        m_codeWithoutBOMs.
+
+        * parser/SourceProvider.h: Added hasBOMs function. In the future this can
+        be used to tell the lexer about strings known not to have BOMs.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncUnescape): Changed to use isASCIIHexDigit.
+
+        * wtf/ASCIICType.h: Added using statements to match the design of the
+        other WTF headers.
+
+2009-05-02  Ada Chan  <adachan@apple.com>
+
+        Fix windows build (when doing a clean build)
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Simplified null-ish JSValues.
+        
+        Replaced calls to noValue() with calls to JSValue() (which is what
+        noValue() returned). Removed noValue().
+        
+        Replaced almost all uses of jsImpossibleValue() with uses of JSValue().
+        Its one remaining use is for construction of hash table deleted values.
+        For that specific task, I made a new, private constructor with a special
+        tag. Removed jsImpossibleValue().
+        
+        Removed "JSValue()" initialiazers, since default construction happens...
+        by default.
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::call):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitLoad):
+        * bytecompiler/BytecodeGenerator.h:
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * debugger/DebuggerCallFrame.h:
+        (JSC::DebuggerCallFrame::DebuggerCallFrame):
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::clearException):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveLastCaller):
+        * interpreter/Register.h:
+        (JSC::Register::Register):
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_vm_throw):
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::willExecute):
+        (JSC::Profiler::didExecute):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::getProperty):
+        * runtime/Completion.cpp:
+        (JSC::evaluate):
+        * runtime/Completion.h:
+        (JSC::Completion::Completion):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::getPrimitiveNumber):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::deleteProperty):
+        (JSC::JSArray::increaseVectorLength):
+        (JSC::JSArray::setLength):
+        (JSC::JSArray::pop):
+        (JSC::JSArray::sort):
+        (JSC::JSArray::compactForSorting):
+        * runtime/JSCell.cpp:
+        (JSC::JSCell::getJSNumber):
+        * runtime/JSCell.h:
+        (JSC::JSValue::getJSNumber):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::fromNumberOutsideIntegerRange):
+        (JSC::JSImmediate::from):
+        * runtime/JSNumberCell.cpp:
+        (JSC::jsNumberCell):
+        * runtime/JSObject.cpp:
+        (JSC::callDefaultValueFunction):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirect):
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::toPrimitive):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::next):
+        * runtime/JSValue.h:
+        (JSC::JSValue::):
+        (JSC::JSValueHashTraits::constructDeletedValue):
+        (JSC::JSValueHashTraits::isDeletedValue):
+        (JSC::JSValue::JSValue):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::JSWrapperObject):
+        * runtime/Operations.h:
+        (JSC::resolveBase):
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::clearBase):
+        (JSC::PropertySlot::clearValue):
+
+2009-05-02  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - speed up the lexer in various ways
+
+        ~2% command-line SunSpider speedup
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::setCode): Moved below shift() so it can inline.
+        (JSC::Lexer::scanRegExp):  Use resize(0) instead of clear() on Vectors, since the intent
+        here is not to free the underlying buffer.
+        (JSC::Lexer::lex): ditto; also, change the loop logic a bit for the main lexing loop
+        to avoid branching on !m_done twice per iteration. Now we only check it once.
+        (JSC::Lexer::shift): Make this ALWAYS_INLINE and tag an unusual branch as UNLIKELY
+        * parser/Lexer.h:
+        (JSC::Lexer::makeIdentifier): force to be ALWAYS_INLINE
+        * wtf/Vector.h:
+        (WTF::::append): force to be ALWAYS_INLINE (may have helped in ways other than parsing but it wasn't
+        getting inlined in a hot code path in the lexer)
+
+2009-05-01  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make:
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Fix 64bit build.
+
+        * runtime/JSNumberCell.h:
+        (JSC::JSValue::JSValue):
+        * runtime/JSValue.h:
+        (JSC::jsNumber):
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Roll out JavaScriptCore API number marshaling.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        * API/JSCallbackConstructor.cpp:
+        (JSC::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::getOwnPropertySlot):
+        (JSC::::put):
+        (JSC::::deleteProperty):
+        (JSC::::construct):
+        (JSC::::hasInstance):
+        (JSC::::call):
+        (JSC::::toNumber):
+        (JSC::::toString):
+        (JSC::::staticValueGetter):
+        (JSC::::callbackGetter):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectMakeArray):
+        (JSObjectMakeDate):
+        (JSObjectMakeError):
+        (JSObjectMakeRegExp):
+        (JSObjectGetPrototype):
+        (JSObjectSetPrototype):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeUndefined):
+        (JSValueMakeNull):
+        (JSValueMakeBoolean):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        * runtime/JSNumberCell.cpp:
+        * runtime/JSNumberCell.h:
+        * runtime/JSValue.h:
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Fix windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Fix the build.
+
+        * JavaScriptCore.exp:
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey "Too Far!" Garen.
+
+        Move JS number construction into JSValue.
+
+        * runtime/JSImmediate.h:
+        * runtime/JSNumberCell.h:
+        (JSC::JSValue::JSValue):
+        * runtime/JSValue.h:
+        (JSC::jsNumber):
+
+2009-05-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff "The Minneapolis" Garen.
+
+        Add mechanism to vend heap allocated JS numbers to JavaScriptCore API clients with a
+        representation that is independent of the number representation in the VM.
+        - Numbers leaving the interpreter are converted to a tagged JSNumberCell.
+        - The numbers coming into the interpreter (asserted to be the tagged JSNumberCell) are
+          converted back to the VM's internal number representation.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        * API/JSCallbackConstructor.cpp:
+        (JSC::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::getOwnPropertySlot):
+        (JSC::::put):
+        (JSC::::deleteProperty):
+        (JSC::::construct):
+        (JSC::::hasInstance):
+        (JSC::::call):
+        (JSC::::toNumber):
+        (JSC::::toString):
+        (JSC::::staticValueGetter):
+        (JSC::::callbackGetter):
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectMakeArray):
+        (JSObjectMakeDate):
+        (JSObjectMakeError):
+        (JSObjectMakeRegExp):
+        (JSObjectGetPrototype):
+        (JSObjectSetPrototype):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeUndefined):
+        (JSValueMakeNull):
+        (JSValueMakeBoolean):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * runtime/JSNumberCell.cpp:
+        (JSC::jsAPIMangledNumber):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::isAPIMangledNumber):
+        (JSC::JSNumberCell::):
+        (JSC::JSNumberCell::JSNumberCell):
+        (JSC::JSValue::isAPIMangledNumber):
+        * runtime/JSValue.h:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 6.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 5.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 4.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 3.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 2.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Windows build fix take 1.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber Stamped by Sam Weinig.
+        
+        Renamed JSValuePtr => JSValue.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructure):
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructure):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::asCallbackObject):
+        (JSC::::put):
+        (JSC::::hasInstance):
+        (JSC::::call):
+        (JSC::::staticValueGetter):
+        (JSC::::staticFunctionGetter):
+        (JSC::::callbackGetter):
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor):
+        (JSObjectSetPrototype):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * JavaScriptCore.exp:
+        * bytecode/CodeBlock.cpp:
+        (JSC::valueToSourceString):
+        (JSC::constantName):
+        (JSC::CodeBlock::dump):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getConstant):
+        (JSC::CodeBlock::addUnexpectedConstant):
+        (JSC::CodeBlock::unexpectedConstant):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::addConstant):
+        (JSC::BytecodeGenerator::addUnexpectedConstant):
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitGetScopedVar):
+        (JSC::BytecodeGenerator::emitPutScopedVar):
+        (JSC::BytecodeGenerator::emitNewError):
+        (JSC::keyForImmediateSwitch):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
+        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
+        * debugger/Debugger.cpp:
+        (JSC::evaluateInGlobalCallFrame):
+        * debugger/Debugger.h:
+        * debugger/DebuggerActivation.cpp:
+        (JSC::DebuggerActivation::put):
+        (JSC::DebuggerActivation::putWithAttributes):
+        (JSC::DebuggerActivation::lookupGetter):
+        (JSC::DebuggerActivation::lookupSetter):
+        * debugger/DebuggerActivation.h:
+        (JSC::DebuggerActivation::createStructure):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * debugger/DebuggerCallFrame.h:
+        (JSC::DebuggerCallFrame::DebuggerCallFrame):
+        (JSC::DebuggerCallFrame::exception):
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::CachedCall):
+        (JSC::CachedCall::call):
+        (JSC::CachedCall::setThis):
+        (JSC::CachedCall::setArgument):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::thisValue):
+        (JSC::CallFrame::dumpCaller):
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::setException):
+        (JSC::ExecState::exception):
+        (JSC::ExecState::exceptionSlot):
+        * interpreter/CallFrameClosure.h:
+        (JSC::CallFrameClosure::setArgument):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolve):
+        (JSC::Interpreter::resolveSkip):
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::resolveBaseAndProperty):
+        (JSC::Interpreter::resolveBaseAndFunc):
+        (JSC::isNotObject):
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        (JSC::Interpreter::retrieveCaller):
+        (JSC::Interpreter::retrieveLastCaller):
+        * interpreter/Interpreter.h:
+        * interpreter/Register.h:
+        (JSC::Register::):
+        (JSC::Register::Register):
+        (JSC::Register::jsValue):
+        * jit/JIT.cpp:
+        (JSC::):
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCode.h:
+        (JSC::):
+        (JSC::JITCode::execute):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::getConstantOperand):
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitInitRegister):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::tryCachePutByID):
+        (JSC::JITStubs::tryCacheGetByID):
+        (JSC::JITStubs::cti_op_convert_this):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_op_loop_if_less):
+        (JSC::JITStubs::cti_op_loop_if_lesseq):
+        (JSC::JITStubs::cti_op_get_by_id_generic):
+        (JSC::JITStubs::cti_op_get_by_id):
+        (JSC::JITStubs::cti_op_get_by_id_second):
+        (JSC::JITStubs::cti_op_get_by_id_self_fail):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
+        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
+        (JSC::JITStubs::cti_op_get_by_id_array_fail):
+        (JSC::JITStubs::cti_op_get_by_id_string_fail):
+        (JSC::JITStubs::cti_op_instanceof):
+        (JSC::JITStubs::cti_op_del_by_id):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_resolve):
+        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_lesseq):
+        (JSC::JITStubs::cti_op_loop_if_true):
+        (JSC::JITStubs::cti_op_load_varargs):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_resolve_base):
+        (JSC::JITStubs::cti_op_resolve_skip):
+        (JSC::JITStubs::cti_op_resolve_global):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_jless):
+        (JSC::JITStubs::cti_op_not):
+        (JSC::JITStubs::cti_op_jtrue):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_less):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_op_throw):
+        (JSC::JITStubs::cti_op_next_pname):
+        (JSC::JITStubs::cti_op_typeof):
+        (JSC::JITStubs::cti_op_is_undefined):
+        (JSC::JITStubs::cti_op_is_boolean):
+        (JSC::JITStubs::cti_op_is_number):
+        (JSC::JITStubs::cti_op_is_string):
+        (JSC::JITStubs::cti_op_is_object):
+        (JSC::JITStubs::cti_op_is_function):
+        (JSC::JITStubs::cti_op_stricteq):
+        (JSC::JITStubs::cti_op_nstricteq):
+        (JSC::JITStubs::cti_op_to_jsnumber):
+        (JSC::JITStubs::cti_op_in):
+        (JSC::JITStubs::cti_op_switch_imm):
+        (JSC::JITStubs::cti_op_switch_char):
+        (JSC::JITStubs::cti_op_switch_string):
+        (JSC::JITStubs::cti_op_del_by_val):
+        (JSC::JITStubs::cti_op_new_error):
+        (JSC::JITStubs::cti_vm_throw):
+        * jit/JITStubs.h:
+        * jsc.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionGC):
+        (functionVersion):
+        (functionRun):
+        (functionLoad):
+        (functionSetSamplingFlag):
+        (functionClearSamplingFlag):
+        (functionReadline):
+        (functionQuit):
+        * parser/Nodes.cpp:
+        (JSC::processClauseList):
+        * profiler/ProfileGenerator.cpp:
+        (JSC::ProfileGenerator::addParentForConsoleStart):
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::willExecute):
+        (JSC::Profiler::didExecute):
+        (JSC::Profiler::createCallIdentifier):
+        * profiler/Profiler.h:
+        * runtime/ArgList.cpp:
+        (JSC::MarkedArgumentBuffer::slowAppend):
+        * runtime/ArgList.h:
+        (JSC::MarkedArgumentBuffer::at):
+        (JSC::MarkedArgumentBuffer::append):
+        (JSC::ArgList::ArgList):
+        (JSC::ArgList::at):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::put):
+        * runtime/Arguments.h:
+        (JSC::Arguments::createStructure):
+        (JSC::asArguments):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::callArrayConstructor):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::getProperty):
+        (JSC::putProperty):
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncReduce):
+        (JSC::arrayProtoFuncReduceRight):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::callBooleanConstructor):
+        (JSC::constructBooleanFromImmediateBoolean):
+        * runtime/BooleanConstructor.h:
+        * runtime/BooleanObject.h:
+        (JSC::asBooleanObject):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString):
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/CallData.cpp:
+        (JSC::call):
+        * runtime/CallData.h:
+        * runtime/Collector.cpp:
+        (JSC::Heap::protect):
+        (JSC::Heap::unprotect):
+        (JSC::Heap::heap):
+        * runtime/Collector.h:
+        * runtime/Completion.cpp:
+        (JSC::evaluate):
+        * runtime/Completion.h:
+        (JSC::Completion::Completion):
+        (JSC::Completion::value):
+        (JSC::Completion::setValue):
+        * runtime/ConstructData.cpp:
+        (JSC::construct):
+        * runtime/ConstructData.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        (JSC::callDate):
+        (JSC::dateParse):
+        (JSC::dateNow):
+        (JSC::dateUTC):
+        * runtime/DateInstance.h:
+        (JSC::asDateInstance):
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToString):
+        (JSC::dateProtoFuncToUTCString):
+        (JSC::dateProtoFuncToDateString):
+        (JSC::dateProtoFuncToTimeString):
+        (JSC::dateProtoFuncToLocaleString):
+        (JSC::dateProtoFuncToLocaleDateString):
+        (JSC::dateProtoFuncToLocaleTimeString):
+        (JSC::dateProtoFuncGetTime):
+        (JSC::dateProtoFuncGetFullYear):
+        (JSC::dateProtoFuncGetUTCFullYear):
+        (JSC::dateProtoFuncToGMTString):
+        (JSC::dateProtoFuncGetMonth):
+        (JSC::dateProtoFuncGetUTCMonth):
+        (JSC::dateProtoFuncGetDate):
+        (JSC::dateProtoFuncGetUTCDate):
+        (JSC::dateProtoFuncGetDay):
+        (JSC::dateProtoFuncGetUTCDay):
+        (JSC::dateProtoFuncGetHours):
+        (JSC::dateProtoFuncGetUTCHours):
+        (JSC::dateProtoFuncGetMinutes):
+        (JSC::dateProtoFuncGetUTCMinutes):
+        (JSC::dateProtoFuncGetSeconds):
+        (JSC::dateProtoFuncGetUTCSeconds):
+        (JSC::dateProtoFuncGetMilliSeconds):
+        (JSC::dateProtoFuncGetUTCMilliseconds):
+        (JSC::dateProtoFuncGetTimezoneOffset):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::setNewValueFromTimeArgs):
+        (JSC::setNewValueFromDateArgs):
+        (JSC::dateProtoFuncSetMilliSeconds):
+        (JSC::dateProtoFuncSetUTCMilliseconds):
+        (JSC::dateProtoFuncSetSeconds):
+        (JSC::dateProtoFuncSetUTCSeconds):
+        (JSC::dateProtoFuncSetMinutes):
+        (JSC::dateProtoFuncSetUTCMinutes):
+        (JSC::dateProtoFuncSetHours):
+        (JSC::dateProtoFuncSetUTCHours):
+        (JSC::dateProtoFuncSetDate):
+        (JSC::dateProtoFuncSetUTCDate):
+        (JSC::dateProtoFuncSetMonth):
+        (JSC::dateProtoFuncSetUTCMonth):
+        (JSC::dateProtoFuncSetFullYear):
+        (JSC::dateProtoFuncSetUTCFullYear):
+        (JSC::dateProtoFuncSetYear):
+        (JSC::dateProtoFuncGetYear):
+        * runtime/DatePrototype.h:
+        (JSC::DatePrototype::createStructure):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::callErrorConstructor):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createInterruptedExecutionException):
+        (JSC::createError):
+        (JSC::createStackOverflowError):
+        (JSC::createUndefinedVariableError):
+        (JSC::createErrorMessage):
+        (JSC::createInvalidParamError):
+        (JSC::createNotAConstructorError):
+        (JSC::createNotAFunctionError):
+        * runtime/ExceptionHelpers.h:
+        * runtime/FunctionConstructor.cpp:
+        (JSC::callFunctionConstructor):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::callFunctionPrototype):
+        (JSC::functionProtoFuncToString):
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::toPrimitive):
+        (JSC::GetterSetter::getPrimitiveNumber):
+        * runtime/GetterSetter.h:
+        (JSC::asGetterSetter):
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::displayName):
+        * runtime/InternalFunction.h:
+        (JSC::InternalFunction::createStructure):
+        (JSC::asInternalFunction):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::getOwnPropertySlot):
+        (JSC::JSActivation::put):
+        (JSC::JSActivation::putWithAttributes):
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::createStructure):
+        (JSC::asActivation):
+        * runtime/JSArray.cpp:
+        (JSC::storageSize):
+        (JSC::JSArray::JSArray):
+        (JSC::JSArray::getOwnPropertySlot):
+        (JSC::JSArray::put):
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::deleteProperty):
+        (JSC::JSArray::setLength):
+        (JSC::JSArray::pop):
+        (JSC::JSArray::push):
+        (JSC::JSArray::mark):
+        (JSC::compareNumbersForQSort):
+        (JSC::JSArray::sortNumeric):
+        (JSC::JSArray::sort):
+        (JSC::JSArray::compactForSorting):
+        (JSC::JSArray::checkConsistency):
+        (JSC::constructArray):
+        * runtime/JSArray.h:
+        (JSC::JSArray::getIndex):
+        (JSC::JSArray::setIndex):
+        (JSC::JSArray::createStructure):
+        (JSC::asArray):
+        (JSC::isJSArray):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::createStructure):
+        (JSC::JSByteArray::put):
+        * runtime/JSByteArray.h:
+        (JSC::JSByteArray::getIndex):
+        (JSC::JSByteArray::setIndex):
+        (JSC::asByteArray):
+        (JSC::isJSByteArray):
+        * runtime/JSCell.cpp:
+        (JSC::JSCell::put):
+        (JSC::JSCell::getJSNumber):
+        * runtime/JSCell.h:
+        (JSC::asCell):
+        (JSC::JSValue::asCell):
+        (JSC::JSValue::isString):
+        (JSC::JSValue::isGetterSetter):
+        (JSC::JSValue::isObject):
+        (JSC::JSValue::getString):
+        (JSC::JSValue::getObject):
+        (JSC::JSValue::getCallData):
+        (JSC::JSValue::getConstructData):
+        (JSC::JSValue::getUInt32):
+        (JSC::JSValue::getTruncatedInt32):
+        (JSC::JSValue::getTruncatedUInt32):
+        (JSC::JSValue::mark):
+        (JSC::JSValue::marked):
+        (JSC::JSValue::toPrimitive):
+        (JSC::JSValue::getPrimitiveNumber):
+        (JSC::JSValue::toBoolean):
+        (JSC::JSValue::toNumber):
+        (JSC::JSValue::toString):
+        (JSC::JSValue::toObject):
+        (JSC::JSValue::toThisObject):
+        (JSC::JSValue::needsThisConversion):
+        (JSC::JSValue::toThisString):
+        (JSC::JSValue::getJSNumber):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::argumentsGetter):
+        (JSC::JSFunction::callerGetter):
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getOwnPropertySlot):
+        (JSC::JSFunction::put):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::createStructure):
+        (JSC::asFunction):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::JSGlobalObject::put):
+        (JSC::JSGlobalObject::putWithAttributes):
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::resetPrototype):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::createStructure):
+        (JSC::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
+        (JSC::asGlobalObject):
+        (JSC::Structure::prototypeForLookup):
+        (JSC::Structure::prototypeChain):
+        (JSC::Structure::isValid):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::encode):
+        (JSC::decode):
+        (JSC::globalFuncEval):
+        (JSC::globalFuncParseInt):
+        (JSC::globalFuncParseFloat):
+        (JSC::globalFuncIsNaN):
+        (JSC::globalFuncIsFinite):
+        (JSC::globalFuncDecodeURI):
+        (JSC::globalFuncDecodeURIComponent):
+        (JSC::globalFuncEncodeURI):
+        (JSC::globalFuncEncodeURIComponent):
+        (JSC::globalFuncEscape):
+        (JSC::globalFuncUnescape):
+        (JSC::globalFuncJSCPrint):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject):
+        (JSC::JSImmediate::toObject):
+        (JSC::JSImmediate::prototype):
+        (JSC::JSImmediate::toString):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::isImmediate):
+        (JSC::JSImmediate::isNumber):
+        (JSC::JSImmediate::isIntegerNumber):
+        (JSC::JSImmediate::isDoubleNumber):
+        (JSC::JSImmediate::isPositiveIntegerNumber):
+        (JSC::JSImmediate::isBoolean):
+        (JSC::JSImmediate::isUndefinedOrNull):
+        (JSC::JSImmediate::isEitherImmediate):
+        (JSC::JSImmediate::areBothImmediate):
+        (JSC::JSImmediate::areBothImmediateIntegerNumbers):
+        (JSC::JSImmediate::makeValue):
+        (JSC::JSImmediate::makeInt):
+        (JSC::JSImmediate::makeDouble):
+        (JSC::JSImmediate::makeBool):
+        (JSC::JSImmediate::makeUndefined):
+        (JSC::JSImmediate::makeNull):
+        (JSC::JSImmediate::doubleValue):
+        (JSC::JSImmediate::intValue):
+        (JSC::JSImmediate::uintValue):
+        (JSC::JSImmediate::boolValue):
+        (JSC::JSImmediate::rawValue):
+        (JSC::JSImmediate::trueImmediate):
+        (JSC::JSImmediate::falseImmediate):
+        (JSC::JSImmediate::undefinedImmediate):
+        (JSC::JSImmediate::nullImmediate):
+        (JSC::JSImmediate::zeroImmediate):
+        (JSC::JSImmediate::oneImmediate):
+        (JSC::JSImmediate::impossibleValue):
+        (JSC::JSImmediate::toBoolean):
+        (JSC::JSImmediate::getTruncatedUInt32):
+        (JSC::JSImmediate::fromNumberOutsideIntegerRange):
+        (JSC::JSImmediate::from):
+        (JSC::JSImmediate::getTruncatedInt32):
+        (JSC::JSImmediate::toDouble):
+        (JSC::JSImmediate::getUInt32):
+        (JSC::JSValue::JSValue):
+        (JSC::JSValue::isUndefinedOrNull):
+        (JSC::JSValue::isBoolean):
+        (JSC::JSValue::getBoolean):
+        (JSC::JSValue::toInt32):
+        (JSC::JSValue::toUInt32):
+        (JSC::JSValue::isCell):
+        (JSC::JSValue::isInt32Fast):
+        (JSC::JSValue::getInt32Fast):
+        (JSC::JSValue::isUInt32Fast):
+        (JSC::JSValue::getUInt32Fast):
+        (JSC::JSValue::makeInt32Fast):
+        (JSC::JSValue::areBothInt32Fast):
+        (JSC::JSFastMath::canDoFastBitwiseOperations):
+        (JSC::JSFastMath::equal):
+        (JSC::JSFastMath::notEqual):
+        (JSC::JSFastMath::andImmediateNumbers):
+        (JSC::JSFastMath::xorImmediateNumbers):
+        (JSC::JSFastMath::orImmediateNumbers):
+        (JSC::JSFastMath::canDoFastRshift):
+        (JSC::JSFastMath::canDoFastUrshift):
+        (JSC::JSFastMath::rightShiftImmediateNumbers):
+        (JSC::JSFastMath::canDoFastAdditiveOperations):
+        (JSC::JSFastMath::addImmediateNumbers):
+        (JSC::JSFastMath::subImmediateNumbers):
+        (JSC::JSFastMath::incImmediateNumber):
+        (JSC::JSFastMath::decImmediateNumber):
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::toPrimitive):
+        (JSC::JSNotAnObject::getPrimitiveNumber):
+        (JSC::JSNotAnObject::put):
+        * runtime/JSNotAnObject.h:
+        (JSC::JSNotAnObject::createStructure):
+        * runtime/JSNumberCell.cpp:
+        (JSC::JSNumberCell::toPrimitive):
+        (JSC::JSNumberCell::getPrimitiveNumber):
+        (JSC::JSNumberCell::getJSNumber):
+        (JSC::jsNumberCell):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructure):
+        (JSC::isNumberCell):
+        (JSC::asNumberCell):
+        (JSC::jsNumber):
+        (JSC::JSValue::isDoubleNumber):
+        (JSC::JSValue::getDoubleNumber):
+        (JSC::JSValue::isNumber):
+        (JSC::JSValue::uncheckedGetNumber):
+        (JSC::jsNaN):
+        (JSC::JSValue::toJSNumber):
+        (JSC::JSValue::getNumber):
+        (JSC::JSValue::numberToInt32):
+        (JSC::JSValue::numberToUInt32):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::put):
+        (JSC::JSObject::putWithAttributes):
+        (JSC::callDefaultValueFunction):
+        (JSC::JSObject::getPrimitiveNumber):
+        (JSC::JSObject::defaultValue):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::lookupGetter):
+        (JSC::JSObject::lookupSetter):
+        (JSC::JSObject::hasInstance):
+        (JSC::JSObject::toNumber):
+        (JSC::JSObject::toString):
+        (JSC::JSObject::fillGetterPropertySlot):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::offsetForLocation):
+        (JSC::JSObject::locationForOffset):
+        (JSC::JSObject::getDirectOffset):
+        (JSC::JSObject::putDirectOffset):
+        (JSC::JSObject::createStructure):
+        (JSC::asObject):
+        (JSC::JSObject::prototype):
+        (JSC::JSObject::setPrototype):
+        (JSC::JSValue::isObject):
+        (JSC::JSObject::inlineGetOwnPropertySlot):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSObject::getPropertySlot):
+        (JSC::JSObject::get):
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::putDirectWithoutTransition):
+        (JSC::JSObject::toPrimitive):
+        (JSC::JSValue::get):
+        (JSC::JSValue::put):
+        (JSC::JSObject::allocatePropertyStorageInline):
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::toPrimitive):
+        (JSC::JSPropertyNameIterator::getPrimitiveNumber):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::create):
+        (JSC::JSPropertyNameIterator::next):
+        * runtime/JSStaticScopeObject.cpp:
+        (JSC::JSStaticScopeObject::put):
+        (JSC::JSStaticScopeObject::putWithAttributes):
+        * runtime/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::createStructure):
+        * runtime/JSString.cpp:
+        (JSC::JSString::toPrimitive):
+        (JSC::JSString::getPrimitiveNumber):
+        (JSC::JSString::getOwnPropertySlot):
+        * runtime/JSString.h:
+        (JSC::JSString::createStructure):
+        (JSC::asString):
+        (JSC::isJSString):
+        (JSC::JSValue::toThisJSString):
+        * runtime/JSValue.cpp:
+        (JSC::JSValue::toInteger):
+        (JSC::JSValue::toIntegerPreserveNaN):
+        * runtime/JSValue.h:
+        (JSC::JSValue::makeImmediate):
+        (JSC::JSValue::asValue):
+        (JSC::noValue):
+        (JSC::jsImpossibleValue):
+        (JSC::jsNull):
+        (JSC::jsUndefined):
+        (JSC::jsBoolean):
+        (JSC::operator==):
+        (JSC::operator!=):
+        (JSC::JSValue::encode):
+        (JSC::JSValue::decode):
+        (JSC::JSValue::JSValue):
+        (JSC::JSValue::operator bool):
+        (JSC::JSValue::operator==):
+        (JSC::JSValue::operator!=):
+        (JSC::JSValue::isUndefined):
+        (JSC::JSValue::isNull):
+        * runtime/JSVariableObject.h:
+        (JSC::JSVariableObject::symbolTablePut):
+        (JSC::JSVariableObject::symbolTablePutWithAttributes):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::internalValue):
+        (JSC::JSWrapperObject::setInternalValue):
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/Lookup.h:
+        (JSC::lookupPut):
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncAbs):
+        (JSC::mathProtoFuncACos):
+        (JSC::mathProtoFuncASin):
+        (JSC::mathProtoFuncATan):
+        (JSC::mathProtoFuncATan2):
+        (JSC::mathProtoFuncCeil):
+        (JSC::mathProtoFuncCos):
+        (JSC::mathProtoFuncExp):
+        (JSC::mathProtoFuncFloor):
+        (JSC::mathProtoFuncLog):
+        (JSC::mathProtoFuncMax):
+        (JSC::mathProtoFuncMin):
+        (JSC::mathProtoFuncPow):
+        (JSC::mathProtoFuncRandom):
+        (JSC::mathProtoFuncRound):
+        (JSC::mathProtoFuncSin):
+        (JSC::mathProtoFuncSqrt):
+        (JSC::mathProtoFuncTan):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::callNativeErrorConstructor):
+        * runtime/NumberConstructor.cpp:
+        (JSC::numberConstructorNaNValue):
+        (JSC::numberConstructorNegInfinity):
+        (JSC::numberConstructorPosInfinity):
+        (JSC::numberConstructorMaxValue):
+        (JSC::numberConstructorMinValue):
+        (JSC::callNumberConstructor):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.cpp:
+        (JSC::NumberObject::getJSNumber):
+        (JSC::constructNumber):
+        * runtime/NumberObject.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::numberProtoFuncToString):
+        (JSC::numberProtoFuncToLocaleString):
+        (JSC::numberProtoFuncValueOf):
+        (JSC::numberProtoFuncToFixed):
+        (JSC::numberProtoFuncToExponential):
+        (JSC::numberProtoFuncToPrecision):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::constructObject):
+        (JSC::callObjectConstructor):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncValueOf):
+        (JSC::objectProtoFuncHasOwnProperty):
+        (JSC::objectProtoFuncIsPrototypeOf):
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        (JSC::objectProtoFuncLookupGetter):
+        (JSC::objectProtoFuncLookupSetter):
+        (JSC::objectProtoFuncPropertyIsEnumerable):
+        (JSC::objectProtoFuncToLocaleString):
+        (JSC::objectProtoFuncToString):
+        * runtime/ObjectPrototype.h:
+        * runtime/Operations.cpp:
+        (JSC::JSValue::equalSlowCase):
+        (JSC::JSValue::strictEqualSlowCase):
+        (JSC::throwOutOfMemoryError):
+        (JSC::jsAddSlowCase):
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::jsIsFunctionType):
+        * runtime/Operations.h:
+        (JSC::JSValue::equal):
+        (JSC::JSValue::equalSlowCaseInline):
+        (JSC::JSValue::strictEqual):
+        (JSC::JSValue::strictEqualSlowCaseInline):
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAdd):
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::resolveBase):
+        * runtime/PropertySlot.cpp:
+        (JSC::PropertySlot::functionGetter):
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot):
+        (JSC::PropertySlot::getValue):
+        (JSC::PropertySlot::putValue):
+        (JSC::PropertySlot::setValueSlot):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setCustom):
+        (JSC::PropertySlot::setCustomIndex):
+        (JSC::PropertySlot::slotBase):
+        (JSC::PropertySlot::setBase):
+        (JSC::PropertySlot::):
+        * runtime/Protect.h:
+        (JSC::gcProtect):
+        (JSC::gcUnprotect):
+        (JSC::ProtectedPtr::operator JSValue):
+        (JSC::ProtectedJSValue::ProtectedJSValue):
+        (JSC::ProtectedJSValue::get):
+        (JSC::ProtectedJSValue::operator JSValue):
+        (JSC::ProtectedJSValue::operator->):
+        (JSC::ProtectedJSValue::~ProtectedJSValue):
+        (JSC::ProtectedJSValue::operator=):
+        (JSC::operator==):
+        (JSC::operator!=):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::getBackref):
+        (JSC::RegExpConstructor::getLastParen):
+        (JSC::RegExpConstructor::getLeftContext):
+        (JSC::RegExpConstructor::getRightContext):
+        (JSC::regExpConstructorDollar1):
+        (JSC::regExpConstructorDollar2):
+        (JSC::regExpConstructorDollar3):
+        (JSC::regExpConstructorDollar4):
+        (JSC::regExpConstructorDollar5):
+        (JSC::regExpConstructorDollar6):
+        (JSC::regExpConstructorDollar7):
+        (JSC::regExpConstructorDollar8):
+        (JSC::regExpConstructorDollar9):
+        (JSC::regExpConstructorInput):
+        (JSC::regExpConstructorMultiline):
+        (JSC::regExpConstructorLastMatch):
+        (JSC::regExpConstructorLastParen):
+        (JSC::regExpConstructorLeftContext):
+        (JSC::regExpConstructorRightContext):
+        (JSC::RegExpConstructor::put):
+        (JSC::setRegExpConstructorInput):
+        (JSC::setRegExpConstructorMultiline):
+        (JSC::constructRegExp):
+        (JSC::callRegExpConstructor):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        (JSC::asRegExpConstructor):
+        * runtime/RegExpMatchesArray.h:
+        (JSC::RegExpMatchesArray::put):
+        * runtime/RegExpObject.cpp:
+        (JSC::regExpObjectGlobal):
+        (JSC::regExpObjectIgnoreCase):
+        (JSC::regExpObjectMultiline):
+        (JSC::regExpObjectSource):
+        (JSC::regExpObjectLastIndex):
+        (JSC::RegExpObject::put):
+        (JSC::setRegExpObjectLastIndex):
+        (JSC::RegExpObject::test):
+        (JSC::RegExpObject::exec):
+        (JSC::callRegExpObject):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        (JSC::asRegExpObject):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest):
+        (JSC::regExpProtoFuncExec):
+        (JSC::regExpProtoFuncCompile):
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCodeSlowCase):
+        (JSC::stringFromCharCode):
+        (JSC::callStringConstructor):
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::put):
+        * runtime/StringObject.h:
+        (JSC::StringObject::createStructure):
+        (JSC::asStringObject):
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncToString):
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncIndexOf):
+        (JSC::stringProtoFuncLastIndexOf):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSlice):
+        (JSC::stringProtoFuncSplit):
+        (JSC::stringProtoFuncSubstr):
+        (JSC::stringProtoFuncSubstring):
+        (JSC::stringProtoFuncToLowerCase):
+        (JSC::stringProtoFuncToUpperCase):
+        (JSC::stringProtoFuncLocaleCompare):
+        (JSC::stringProtoFuncBig):
+        (JSC::stringProtoFuncSmall):
+        (JSC::stringProtoFuncBlink):
+        (JSC::stringProtoFuncBold):
+        (JSC::stringProtoFuncFixed):
+        (JSC::stringProtoFuncItalics):
+        (JSC::stringProtoFuncStrike):
+        (JSC::stringProtoFuncSub):
+        (JSC::stringProtoFuncSup):
+        (JSC::stringProtoFuncFontcolor):
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncAnchor):
+        (JSC::stringProtoFuncLink):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::changePrototypeTransition):
+        * runtime/Structure.h:
+        (JSC::Structure::create):
+        (JSC::Structure::setPrototypeWithoutTransition):
+        (JSC::Structure::storedPrototype):
+
+2009-05-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam "That doesn't look like what I thought it looks like" Weinig.
+        
+        Beefed up the JSValuePtr class and removed some non-JSValuePtr dependencies
+        on JSImmediate, in prepapration for making JSImmediate an implementation
+        detail of JSValuePtr.
+        
+        SunSpider reports no change.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_mod):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt): Updated for interface changes.
+
+        * runtime/JSImmediate.h:
+        (JSC::JSValuePtr::JSValuePtr):
+        * runtime/JSValue.h:
+        (JSC::JSValuePtr::):
+        (JSC::jsImpossibleValue):
+        (JSC::jsNull):
+        (JSC::jsUndefined):
+        (JSC::jsBoolean):
+        (JSC::JSValuePtr::encode):
+        (JSC::JSValuePtr::decode):
+        (JSC::JSValuePtr::JSValuePtr):
+        (JSC::JSValuePtr::operator bool):
+        (JSC::JSValuePtr::operator==):
+        (JSC::JSValuePtr::operator!=):
+        (JSC::JSValuePtr::isUndefined):
+        (JSC::JSValuePtr::isNull): Changed jsImpossibleValue(), jsNull(),
+        jsUndefined(), and jsBoolean() to operate in terms of JSValuePtr instead
+        of JSImmediate.
+
+        * wtf/StdLibExtras.h:
+        (WTF::bitwise_cast): Fixed up for clarity.
+
+2009-04-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug fix for rdar:/6845379.  If a case-insensitive regex contains
+        a character class containing a range with an upper bound of \uFFFF
+        the parser will infinite-loop whist adding other-case characters
+        for characters in the range that do have another case.
+
+        * yarr/RegexCompiler.cpp:
+        (JSC::Yarr::CharacterClassConstructor::putRange):
+
+2009-04-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        OPCODE_SAMPLING without CODEBLOCK_SAMPLING is currently broken,
+        since SamplingTool::Sample::isNull() checks the m_codeBlock
+        member (which is always null without CODEBLOCK_SAMPLING).
+
+        Restructure the checks so make this work again.
+
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::doRun):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingTool::Sample::isNull):
+
+2009-04-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        - Concatenate final three strings in simple replace case at one go
+
+        ~0.2% SunSpider speedup
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace): Use new replaceRange helper instead of
+        taking substrings and concatenating three strings.
+        * runtime/UString.cpp:
+        (JSC::UString::replaceRange): New helper function.
+        * runtime/UString.h:
+
+2009-04-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber Stamped by Gavin Barraclough.
+        
+        Changed JSValueEncodedAsPtr* => EncodedJSValuePtr to support a non-pointer
+        encoding for JSValuePtrs.
+
+        * API/APICast.h:
+        (toJS):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
+        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
+        * interpreter/Register.h:
+        (JSC::Register::):
+        * jit/JIT.cpp:
+        (JSC::):
+        * jit/JIT.h:
+        * jit/JITCode.h:
+        (JSC::):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_op_get_by_id_generic):
+        (JSC::JITStubs::cti_op_get_by_id):
+        (JSC::JITStubs::cti_op_get_by_id_second):
+        (JSC::JITStubs::cti_op_get_by_id_self_fail):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
+        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
+        (JSC::JITStubs::cti_op_get_by_id_array_fail):
+        (JSC::JITStubs::cti_op_get_by_id_string_fail):
+        (JSC::JITStubs::cti_op_instanceof):
+        (JSC::JITStubs::cti_op_del_by_id):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_resolve):
+        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_lesseq):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_resolve_base):
+        (JSC::JITStubs::cti_op_resolve_skip):
+        (JSC::JITStubs::cti_op_resolve_global):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_not):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_less):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_op_throw):
+        (JSC::JITStubs::cti_op_next_pname):
+        (JSC::JITStubs::cti_op_typeof):
+        (JSC::JITStubs::cti_op_is_undefined):
+        (JSC::JITStubs::cti_op_is_boolean):
+        (JSC::JITStubs::cti_op_is_number):
+        (JSC::JITStubs::cti_op_is_string):
+        (JSC::JITStubs::cti_op_is_object):
+        (JSC::JITStubs::cti_op_is_function):
+        (JSC::JITStubs::cti_op_stricteq):
+        (JSC::JITStubs::cti_op_nstricteq):
+        (JSC::JITStubs::cti_op_to_jsnumber):
+        (JSC::JITStubs::cti_op_in):
+        (JSC::JITStubs::cti_op_del_by_val):
+        (JSC::JITStubs::cti_vm_throw):
+        * jit/JITStubs.h:
+        * runtime/JSValue.h:
+        (JSC::JSValuePtr::encode):
+        (JSC::JSValuePtr::decode):
+
+2009-04-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver "Abandon Ship!" Hunt.
+
+        Fix a leak in Yarr.
+
+        All Disjunctions should be recorded in RegexPattern::m_disjunctions,
+        so that they can be freed at the end of compilation - copyDisjunction
+        is failing to do so.
+
+        * yarr/RegexCompiler.cpp:
+        (JSC::Yarr::RegexPatternConstructor::copyDisjunction):
+
+2009-04-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Add function to CallFrame for dumping the current JS caller
+
+        Added debug only method CallFrame::dumpCaller() that provide the call location
+        of the deepest currently executing JS function.
+
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::dumpCaller):
+        * interpreter/CallFrame.h:
+
+2009-04-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - make BaseStrings have themselves as a base, instead of nothing, to remove common branches
+
+        ~0.7% SunSpider speedup
+
+        * runtime/UString.h:
+        (JSC::UString::Rep::Rep): For the constructor without a base, set self as base instead of null.
+        (JSC::UString::Rep::baseString): Just read m_baseString - no more branching.
+
+2009-04-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Two quick improvements to SamplingFlags mechanism.
+
+        SamplingFlags::ScopedFlag class to provide support for automagically
+        clearing a flag as it goes out of scope, and add a little more detail
+        to the output generated by the tool.
+
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingFlags::stop):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingFlags::ScopedFlag::ScopedFlag):
+        (JSC::SamplingFlags::ScopedFlag::~ScopedFlag):
+
+2009-04-30  Adam Roben  <aroben@apple.com>
+
+        Restore build event steps that were truncated in r43082
+
+        Rubber-stamped by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
+        Re-copied the command lines for the build events from the pre-r43082
+        .vcproj files.
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed an unnecessary
+        attribute.
+
+2009-04-30  Adam Roben  <aroben@apple.com>
+
+        Move settings from .vcproj files to .vsprops files within the
+        JavaScriptCore directory
+
+        Moving the settings to a .vsprops file means that we will only have to
+        change a single setting to affect all configurations, instead of one
+        setting per configuration.
+
+        Reviewed by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+        Moved settings from these files to the new .vsprops files. Note that
+        testapi.vcproj had a lot of overrides of default settings that were
+        the same as the defaults, which I've removed.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Added.
+        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Added.
+        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added.
+        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Added.
+
+2009-04-30  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Timothy Hatcher.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25470
+        Extend the cover of ENABLE_JAVASCRIPT_DEBUGGER to profiler.
+
+        * Configurations/FeatureDefines.xcconfig: Added ENABLE_JAVASCRIPT_DEBUGGER define.
+
+2009-04-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        - speed up string concatenation by reorganizing some simple cases
+
+        0.7% SunSpider speedup
+
+        * runtime/UString.cpp:
+        (JSC::concatenate): Put fast case for appending a single character
+        before the empty string special cases; streamline code a bit to
+        delay computing values that are not needed in the fast path.
+
+2009-04-30  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add SamplingFlags mechanism.
+
+        This mechanism allows fine-grained JSC and JavaScript program aware
+        performance measurement.  The mechanism provides a set of 32 flags,
+        numbered #1..#32.  Flag #16 is initially set, and all other flags
+        are cleared.  Flags may be set and cleared from within
+
+        Enable by setting ENABLE_SAMPLING_FLAGS to 1 in wtf/Platform.h.
+        Disabled by default, no performance impact.  Flags may be modified
+        by calling SamplingFlags::setFlag() and SamplingFlags::clearFlag()
+        from within JSC implementation, or by calling setSamplingFlag() and
+        clearSamplingFlag() from JavaScript.
+
+        The flags are sampled with a frequency of 10000Hz, and the highest
+        set flag in recorded, allowing multiple events to be measured (with
+        the highest flag number representing the highest priority).
+
+        Disabled by default; no performance impact.
+
+        * JavaScriptCore.exp:
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingFlags::sample):
+        (JSC::SamplingFlags::start):
+        (JSC::SamplingFlags::stop):
+        (JSC::SamplingThread::threadStartFunc):
+        (JSC::SamplingThread::start):
+        (JSC::SamplingThread::stop):
+        (JSC::ScopeSampleRecord::sample):
+        (JSC::SamplingTool::doRun):
+        (JSC::SamplingTool::sample):
+        (JSC::SamplingTool::start):
+        (JSC::SamplingTool::stop):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingFlags::setFlag):
+        (JSC::SamplingFlags::clearFlag):
+        (JSC::SamplingTool::SamplingTool):
+        * jsc.cpp:
+        (GlobalObject::GlobalObject):
+        (functionSetSamplingFlag):
+        (functionClearSamplingFlag):
+        (runWithScripts):
+        * wtf/Platform.h:
+
+2009-04-29  Sam Weinig  <sam@webkit.org>
+
+        Another attempt to fix the windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-04-29  Sam Weinig  <sam@webkit.org>
+
+        Try and fix the windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-04-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver "Peg-Leg" Hunt.
+
+        Coallesce input checking and reduce futzing with the index position
+        between alternatives and iterations of the main loop of a regex,
+        when run in YARR.
+
+        Consider the following regex:  /foo|bar/
+        
+        Prior to this patch, this will be implemented something like this pseudo-code description:
+        
+        loop:
+            check_for_available_input(3) // this increments the index by 3, for the first alterantive.
+                if (available) { test "foo" }
+            decrement_index(3)
+            check_for_available_input(3) // this increments the index by 3, for the second alterantive.
+                if (available) { test "bar" }
+            decrement_index(3)
+            check_for_available_input(1) // can we loop again?
+                if (available) { goto loop }
+
+        With these changes it will look more like this:
+
+            check_for_available_input(3) // this increments the index by 3, for the first alterantive.
+            if (!available) { goto fail }
+        loop:
+            test "foo"
+            test "bar"
+            check_for_available_input(1) // can we loop again?
+                if (available) { goto loop }
+        fail:
+
+
+        This gives about a 5% gain on v8-regex, no change on Sunspider.
+
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracksTo):
+        (JSC::Yarr::RegexGenerator::generateDisjunction):
+
+2009-04-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Clean up ArgList to be a trivial type
+
+        Separate out old ArgList logic to handle buffering and marking arguments
+        into a distinct MarkedArgumentBuffer type.  ArgList becomes a trivial
+        struct of a pointer and length.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction):
+        (JSObjectMakeArray):
+        (JSObjectMakeDate):
+        (JSObjectMakeError):
+        (JSObjectMakeRegExp):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        * JavaScriptCore.exp:
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::emptyList):
+        * runtime/ArgList.cpp:
+        (JSC::ArgList::getSlice):
+        (JSC::MarkedArgumentBuffer::markLists):
+        (JSC::MarkedArgumentBuffer::slowAppend):
+        * runtime/ArgList.h:
+        (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
+        (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
+        (JSC::ArgList::ArgList):
+        (JSC::ArgList::at):
+        (JSC::ArgList::isEmpty):
+        (JSC::ArgList::size):
+        (JSC::ArgList::begin):
+        (JSC::ArgList::end):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::fillArgList):
+        * runtime/Arguments.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncReduce):
+        (JSC::arrayProtoFuncReduceRight):
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect):
+        * runtime/Collector.h:
+        (JSC::Heap::markListSet):
+        * runtime/CommonIdentifiers.h:
+        * runtime/Error.cpp:
+        (JSC::Error::create):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        (JSC::JSArray::fillArgList):
+        (JSC::constructArray):
+        * runtime/JSArray.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::put):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCodeSlowCase):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncMatch):
+
+2009-04-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25334
+
+        Fix Qt build when ENABLE_JIT is explicitly set to 1
+        to overrule defaults.
+
+        * JavaScriptCore.pri:
+
+2009-04-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Steve Falkenburg.
+
+        Crash in profiler due to incorrect assuming displayName would be a string.
+
+        Fixed by adding a type guard.
+
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::displayName):
+
+2009-04-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber stamped by Beth Dakin.
+        
+        Removed scaffolding supporting dynamically converting between 32bit and
+        64bit value representations. 
+
+        * API/JSCallbackConstructor.cpp:
+        (JSC::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::construct):
+        (JSC::::call):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getConstant):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitEqualityOp):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::thisValue):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        * interpreter/Register.h:
+        (JSC::Register::):
+        (JSC::Register::Register):
+        (JSC::Register::jsValue):
+        (JSC::Register::marked):
+        (JSC::Register::mark):
+        (JSC::Register::i):
+        (JSC::Register::activation):
+        (JSC::Register::arguments):
+        (JSC::Register::callFrame):
+        (JSC::Register::codeBlock):
+        (JSC::Register::function):
+        (JSC::Register::propertyNameIterator):
+        (JSC::Register::scopeChain):
+        (JSC::Register::vPC):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_load_varargs):
+        (JSC::JITStubs::cti_op_call_eval):
+        * jsc.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionRun):
+        (functionLoad):
+        * runtime/ArgList.h:
+        (JSC::ArgList::at):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::copyToRegisters):
+        (JSC::Arguments::fillArgList):
+        (JSC::Arguments::getOwnPropertySlot):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::constructArrayWithSizeQuirk):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncReduce):
+        (JSC::arrayProtoFuncReduceRight):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::constructBoolean):
+        (JSC::callBooleanConstructor):
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        (JSC::dateParse):
+        (JSC::dateUTC):
+        * runtime/DatePrototype.cpp:
+        (JSC::formatLocaleDate):
+        (JSC::fillStructuresUsingTimeArgs):
+        (JSC::fillStructuresUsingDateArgs):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::dateProtoFuncSetYear):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::constructError):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        (JSC::constructArray):
+        * runtime/JSArray.h:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::encode):
+        (JSC::decode):
+        (JSC::globalFuncEval):
+        (JSC::globalFuncParseInt):
+        (JSC::globalFuncParseFloat):
+        (JSC::globalFuncIsNaN):
+        (JSC::globalFuncIsFinite):
+        (JSC::globalFuncEscape):
+        (JSC::globalFuncUnescape):
+        (JSC::globalFuncJSCPrint):
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncAbs):
+        (JSC::mathProtoFuncACos):
+        (JSC::mathProtoFuncASin):
+        (JSC::mathProtoFuncATan):
+        (JSC::mathProtoFuncATan2):
+        (JSC::mathProtoFuncCeil):
+        (JSC::mathProtoFuncCos):
+        (JSC::mathProtoFuncExp):
+        (JSC::mathProtoFuncFloor):
+        (JSC::mathProtoFuncLog):
+        (JSC::mathProtoFuncMax):
+        (JSC::mathProtoFuncMin):
+        (JSC::mathProtoFuncPow):
+        (JSC::mathProtoFuncRound):
+        (JSC::mathProtoFuncSin):
+        (JSC::mathProtoFuncSqrt):
+        (JSC::mathProtoFuncTan):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::construct):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        (JSC::callNumberConstructor):
+        * runtime/NumberPrototype.cpp:
+        (JSC::numberProtoFuncToString):
+        (JSC::numberProtoFuncToFixed):
+        (JSC::numberProtoFuncToExponential):
+        (JSC::numberProtoFuncToPrecision):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::constructObject):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncHasOwnProperty):
+        (JSC::objectProtoFuncIsPrototypeOf):
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        (JSC::objectProtoFuncLookupGetter):
+        (JSC::objectProtoFuncLookupSetter):
+        (JSC::objectProtoFuncPropertyIsEnumerable):
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::getValue):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::match):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCodeSlowCase):
+        (JSC::stringFromCharCode):
+        (JSC::constructWithStringConstructor):
+        (JSC::callStringConstructor):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncIndexOf):
+        (JSC::stringProtoFuncLastIndexOf):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSlice):
+        (JSC::stringProtoFuncSplit):
+        (JSC::stringProtoFuncSubstr):
+        (JSC::stringProtoFuncSubstring):
+        (JSC::stringProtoFuncLocaleCompare):
+        (JSC::stringProtoFuncFontcolor):
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncAnchor):
+        (JSC::stringProtoFuncLink):
+
+2009-04-28  David Kilzer  <ddkilzer@apple.com>
+
+        A little more hardening for UString
+
+        Reviewed by Maciej Stachowiak.
+
+        Revised fix for <rdar://problem/5861045> in r42644.
+
+        * runtime/UString.cpp:
+        (JSC::newCapacityWithOverflowCheck): Added.
+        (JSC::concatenate): Used newCapacityWithOverflowCheck().
+        (JSC::UString::append): Ditto.
+
+2009-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bring back r42969, this time with correct codegen
+
+        Add logic to the codegen for right shift to avoid jumping to a helper function
+        when shifting a small floating point value.
+
+        * jit/JITArithmetic.cpp:
+        (isSSE2Present):
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+
+2009-04-28  Kevin Ollivier <kevino@theolliviers.com>
+
+        wxMSW build fix. Switch JSCore build back to static. 
+
+        * API/JSBase.h:
+        * config.h:
+        * jscore.bkl:
+
+2009-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Roll out r42969, due to hangs in build bot.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        (JSC::isSSE2Present):
+
+2009-04-28  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed: fix distcheck build, add (even more) missing files to list.
+
+        * GNUmakefile.am:
+
+2009-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Improve performance of string indexing
+
+        Add a cti_get_by_val_string function to specialise indexing into a string object.
+        This gives us a slight performance win on a number of string tests.
+
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_string):
+        * jit/JITStubs.h:
+
+2009-04-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Improve performance of right shifts of large or otherwise floating point values.
+
+        Add logic to the codegen for right shift to avoid jumping to a helper function
+        when shifting a small floating point value.
+
+        * jit/JITArithmetic.cpp:
+        (isSSE2Present): Moved to the head of file.
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+
+2009-04-28  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed: fix distcheck build, add (more) missing files to list.
+
+        * GNUmakefile.am:
+
+2009-04-28  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed: fix distcheck build, add missing header to file list.
+
+        * GNUmakefile.am:
+
+2009-04-28  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Maciej "Henry Morgan" Stachowiak.
+
+        Enable YARR.
+        (Again.)
+
+        * wtf/Platform.h:
+
+2009-04-27  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Tweak a loop condition to keep GCC happy,
+        some GCCs seem to be having issues with this. :-/
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::breakTarget):
+        * wtf/Platform.h:
+
+2009-04-27  Adam Roben  <aroben@apple.com>
+
+        Windows Debug build fix
+
+        Not sure why the buildbots weren't affected by this problem.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Let VS
+        re-order the file list, and added JavaScriptCore[_debug].def to the
+        project. This was not necessary for the fix, but made making the fix
+        easier.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+        Removed a function that no longer exists.
+
+2009-04-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Weinig Sam.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=25416
+        "Cached prototype accesses unsafely hoist property storage load above structure checks."
+        
+        Do not hoist the load of the pointer to the property storage array.
+
+        No performance impact.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+
+2009-04-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey "Gaffe or energy?" Garen.
+
+        Randomize address requested by ExecutableAllocatorFixedVMPool.
+
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+
+2009-04-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Remove scons-based build system.
+
+        * JavaScriptCore.scons: Removed.
+
+2009-04-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        Make HAVE_MADV_FREE darwin only for now
+
+        * wtf/Platform.h:
+
+2009-04-25  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Gtk build fix - check if we have MADV_FREE before using it.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::releaseExcessCapacity):
+        * wtf/Platform.h:
+
+2009-04-24  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix. Switching JSCore from a static lib to a dynamic lib
+        to match the Apple build and fix symbol exports.
+
+        * jscore.bkl:
+
+2009-04-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25337
+        Move ThreadingQt.cpp under the qt directory.
+
+        * JavaScriptCore.pri:
+        * wtf/ThreadingQt.cpp: Removed.
+        * wtf/qt/ThreadingQt.cpp: Copied from JavaScriptCore/wtf/ThreadingQt.cpp.
+
+2009-04-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25338
+        Move ThreadingGtk.cpp under the gtk directory.
+
+        * GNUmakefile.am:
+        * wtf/ThreadingGtk.cpp: Removed.
+        * wtf/gtk/ThreadingGtk.cpp: Copied from JavaScriptCore/wtf/ThreadingGtk.cpp.
+
+2009-04-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam "Wesley" Weinig.
+
+        Improve performance to YARR interpreter.
+        (From about 3x slower than PCRE on regex-dna to about 30% slower).
+
+        * yarr/RegexCompiler.cpp:
+        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::checkCharacter):
+        (JSC::Yarr::Interpreter::checkCasedCharacter):
+        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
+        (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
+        (JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
+        (JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
+        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
+        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
+        (JSC::Yarr::Interpreter::matchDisjunction):
+        (JSC::Yarr::Interpreter::interpret):
+        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
+        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
+        (JSC::Yarr::ByteCompiler::closeAlternative):
+        (JSC::Yarr::ByteCompiler::closeBodyAlternative):
+        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
+        (JSC::Yarr::ByteCompiler::regexBegin):
+        (JSC::Yarr::ByteCompiler::regexEnd):
+        (JSC::Yarr::ByteCompiler::alterantiveBodyDisjunction):
+        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
+        (JSC::Yarr::ByteCompiler::emitDisjunction):
+        * yarr/RegexInterpreter.h:
+        (JSC::Yarr::ByteTerm::):
+        (JSC::Yarr::ByteTerm::ByteTerm):
+        (JSC::Yarr::ByteTerm::BodyAlternativeBegin):
+        (JSC::Yarr::ByteTerm::BodyAlternativeDisjunction):
+        (JSC::Yarr::ByteTerm::BodyAlternativeEnd):
+        (JSC::Yarr::ByteTerm::AlternativeBegin):
+        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
+        (JSC::Yarr::ByteTerm::AlternativeEnd):
+        (JSC::Yarr::ByteTerm::SubpatternBegin):
+        (JSC::Yarr::ByteTerm::SubpatternEnd):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
+        * yarr/RegexPattern.h:
+
+2009-04-24  Rob Raguet-Schofield  <ragfield@gmail.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        * wtf/CurrentTime.h: Fix a typo in a comment.
+
+2009-04-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Add reinterpret_cast
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::releaseExcessCapacity):
+
+2009-04-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        <rdar://problem/6050421> JavaScript register file should remap to release physical pages accumulated during deep recursion
+
+        We now track the maximum extent of the RegisterFile, and when we reach the final
+        return from JS (so the stack portion of the registerfile becomes empty) we see
+        if that extent is greater than maxExcessCapacity.  If it is we use madvise or
+        VirtualFree to release the physical pages that were backing the excess.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::releaseExcessCapacity):
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        (JSC::RegisterFile::shrink):
+        (JSC::RegisterFile::grow):
+
+2009-04-23  Mark Rowe  <mrowe@apple.com>
+
+        With great sadness and a heavy heart I switch us back from YARR to WREC in
+        order to restore greenness to the world once more.
+
+        * wtf/Platform.h:
+
+2009-04-23  Mark Rowe  <mrowe@apple.com>
+
+        More Windows build fixage.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
+
+2009-04-23  Mark Rowe  <mrowe@apple.com>
+
+        Attempt to fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:  Remove a symbol that no longer exists.
+
+2009-04-23  Francisco Tolmasky  <francisco@280north.com>
+
+        BUG 24604: WebKit profiler reports incorrect total times
+        <https://bugs.webkit.org/show_bug.cgi?id=24604>
+
+        Reviewed by Timothy Hatcher and Kevin McCullough.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * profiler/CallIdentifier.h:
+        (JSC::CallIdentifier::Hash::hash):
+        (JSC::CallIdentifier::Hash::equal):
+        (JSC::CallIdentifier::hash):
+        (WTF::):
+        * profiler/HeavyProfile.cpp: Removed.
+        * profiler/HeavyProfile.h: Removed.
+        * profiler/Profile.cpp: No more need for TreeProfile/HeavyProfile
+        (JSC::Profile::create):
+        * profiler/Profile.h:
+        * profiler/ProfileNode.cpp:
+        * profiler/ProfileNode.h:
+        * profiler/TreeProfile.cpp: Removed.
+        * profiler/TreeProfile.h: Removed.
+
+2009-04-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Not Reviewed.
+
+        Speculative Windows build fix II.
+
+        * yarr/RegexInterpreter.cpp:
+
+2009-04-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Not Reviewed.
+
+        Speculative Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * runtime/RegExp.cpp:
+
+2009-04-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by salty sea dogs Sam & Geoff.
+
+        Enable YARR_JIT by default (where supported), replacing WREC.
+
+        * wtf/Platform.h:
+
+2009-04-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff "Dread Pirate Roberts" Garen.
+
+        Various small fixes to YARR JIT, in preparation for enabling it by default.
+
+        * Correctly index into the callframe when storing restart addresses for
+          nested alternatives.
+        * Allow backtracking back into matched alternatives of parentheses.
+        * Fix callframe offset calculation for parenthetical assertions.
+        * When a set of parenthese are quantified with a fixed and variable portion,
+          and the variable portion is quantified once, this should not reset the
+          pattern match on failure to match (the last match from the firxed portion
+          should be preserved).
+        * Up the pattern size limit to match PCRE's new limit.
+        * Unlclosed parentheses should be reported with the message "missing )".
+
+        * wtf/Platform.h:
+        * yarr/RegexCompiler.cpp:
+        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
+        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
+        * yarr/RegexInterpreter.cpp:
+        (JSC::Yarr::Interpreter::matchParentheses):
+        (JSC::Yarr::Interpreter::backtrackParentheses):
+        (JSC::Yarr::ByteCompiler::emitDisjunction):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::loadFromFrameAndJump):
+        (JSC::Yarr::RegexGenerator::generateParenthesesDisjunction):
+        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
+        (JSC::Yarr::RegexGenerator::generateTerm):
+        (JSC::Yarr::executeRegex):
+        * yarr/RegexParser.h:
+        (JSC::Yarr::Parser::):
+        (JSC::Yarr::Parser::parseTokens):
+        (JSC::Yarr::Parser::parse):
+        * yarr/RegexPattern.h:
+        (JSC::Yarr::PatternTerm::):
+        (JSC::Yarr::PatternTerm::PatternTerm):
+
+2009-04-22  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Gavin Barraclough.
+
+        Add the m_ prefix on FixedVMPoolAllocator's member variables, and fix typos in a few comments.
+
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::addToFreeList):
+        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        (JSC::FixedVMPoolAllocator::alloc):
+        (JSC::FixedVMPoolAllocator::free):
+        (JSC::FixedVMPoolAllocator::isWithinVMPool):
+
+2009-04-22  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Gavin Barraclough.
+
+        Add some assertions to FixedVMPoolAllocator to guard against cases where we
+        attempt to free memory that didn't originate from the pool, or we attempt to
+        hand out a bogus address from alloc.
+
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::release):
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        (JSC::FixedVMPoolAllocator::alloc):
+        (JSC::FixedVMPoolAllocator::free):
+        (JSC::FixedVMPoolAllocator::isWithinVMPool):
+
+2009-04-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Sam "Blackbeard" Weinig.
+
+        Although pirates do spell the word 'generate' as 'genertate',
+        webkit developers do not.  Fixertate.
+
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::generateAssertionBOL):
+        (JSC::Yarr::RegexGenerator::generateAssertionEOL):
+        (JSC::Yarr::RegexGenerator::generateAssertionWordBoundary):
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterSingle):
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterPair):
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterFixed):
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
+        (JSC::Yarr::RegexGenerator::generatePatternCharacterNonGreedy):
+        (JSC::Yarr::RegexGenerator::generateCharacterClassSingle):
+        (JSC::Yarr::RegexGenerator::generateCharacterClassFixed):
+        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
+        (JSC::Yarr::RegexGenerator::generateCharacterClassNonGreedy):
+        (JSC::Yarr::RegexGenerator::generateTerm):
+
+2009-04-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam "Blackbeard" Weinig.
+
+        Improvements to YARR JIT.  This patch expands support in three key areas:
+            * Add (temporary) support for falling back to PCRE for expressions not supported.
+            * Add support for x86_64 and Windows.
+            * Add support for singly quantified parentheses (? and ??), alternatives within
+              parentheses, and parenthetical assertions.
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::match):
+        * yarr/RegexJIT.cpp:
+        (JSC::Yarr::RegexGenerator::storeToFrame):
+        (JSC::Yarr::RegexGenerator::storeToFrameWithPatch):
+        (JSC::Yarr::RegexGenerator::loadFromFrameAndJump):
+        (JSC::Yarr::RegexGenerator::AlternativeBacktrackRecord::AlternativeBacktrackRecord):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::resetAlternative):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::resetTerm):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::jumpToBacktrack):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::plantJumpToBacktrackIfExists):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::addBacktrackJump):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracks):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::propagateBacktrackingFrom):
+        (JSC::Yarr::RegexGenerator::genertateAssertionBOL):
+        (JSC::Yarr::RegexGenerator::genertateAssertionEOL):
+        (JSC::Yarr::RegexGenerator::matchAssertionWordchar):
+        (JSC::Yarr::RegexGenerator::genertateAssertionWordBoundary):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterSingle):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterPair):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterFixed):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterGreedy):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterNonGreedy):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassSingle):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassFixed):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassGreedy):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassNonGreedy):
+        (JSC::Yarr::RegexGenerator::generateParenthesesDisjunction):
+        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
+        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
+        (JSC::Yarr::RegexGenerator::generateTerm):
+        (JSC::Yarr::RegexGenerator::generateDisjunction):
+        (JSC::Yarr::RegexGenerator::generateEnter):
+        (JSC::Yarr::RegexGenerator::generateReturn):
+        (JSC::Yarr::RegexGenerator::RegexGenerator):
+        (JSC::Yarr::RegexGenerator::generate):
+        (JSC::Yarr::RegexGenerator::compile):
+        (JSC::Yarr::RegexGenerator::generationFailed):
+        (JSC::Yarr::jitCompileRegex):
+        (JSC::Yarr::executeRegex):
+        * yarr/RegexJIT.h:
+        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
+        (JSC::Yarr::RegexCodeBlock::~RegexCodeBlock):
+
+2009-04-22  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Darin Adler.
+
+        Fix for <rdar://problem/6816957>
+        Turn off Geolocation by default
+
+        * Configurations/FeatureDefines.xcconfig:
+
+2009-04-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        * interpreter/CachedCall.h:
+
+2009-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        * runtime/StringPrototype.cpp:
+
+2009-04-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Improve String.replace performance slightly
+
+        Apply our vm reentry caching logic to String.replace with global
+        regexes.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+
+2009-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich and Oliver Hunt.
+        
+        Re-Fixed <rdar://problem/6406045> REGRESSION: Stack overflow on PowerPC on
+        fast/workers/use-machine-stack.html (22531)
+        
+        SunSpider reports no change.
+        
+        Use a larger recursion limit on the main thread (because we can, and
+        there's some evidence that it may improve compatibility), and a smaller
+        recursion limit on secondary threads (because they tend to have smaller
+        stacks).
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::prepareForRepeatCall):
+        * interpreter/Interpreter.h:
+        (JSC::): Ditto. I wrote the recursion test slightly funny, so that the
+        common case remains a simple compare to constant.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin): Conservatively, set the array recursion limits
+        to the lower, secondary thread limit. We can do something fancier if
+        compatibility moves us, but this seems sufficient for now.
+
+2009-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber-stamped by Adam Roben.
+        
+        Disabled one more Mozilla JS test because it fails intermittently on Windows.
+        (See https://bugs.webkit.org/show_bug.cgi?id=25160.)
+
+        * tests/mozilla/expected.html:
+
+2009-04-21  Adam Roben  <aroben@apple.com>
+
+        Rename JavaScriptCore_debug.dll to JavaScriptCore.dll in the Debug
+        configuration
+
+        This matches the naming scheme for WebKit.dll, and will be necessary
+        once Safari links against JavaScriptCore.dll. This change also causes
+        run-safari not to fail (because the launcher printed by FindSafari was
+        always looking for JavaScriptCore.dll, never
+        JavaScriptCore_debug.dll).
+
+        Part of Bug 25305: can't run safari or drt on windows
+        <https://bugs.webkit.org/show_bug.cgi?id=25305>
+
+        Reviewed by Steve Falkenburg and Sam Weinig.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
+        Use $(WebKitDLLConfigSuffix) for naming JavaScriptCore.{dll,lib}.
+
+2009-04-21  Adam Roben  <aroben@apple.com>
+
+        Fix JavaScriptCore build on VC++ Express
+
+        Reviewed by Steve Falkenburg and Sam Weinig.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Link
+        explicitly against gdi32.lib and oleaut32.lib.
+
+2009-04-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        Tiger crash fix: Put VM tags in their own header file, and fixed up the
+        #ifdefs so they're not used on Tiger.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+        * runtime/Collector.cpp:
+        (JSC::allocateBlock):
+        * wtf/VMTags.h: Added.
+
+2009-04-20  Steve Falkenburg  <sfalken@apple.com>
+
+        More Windows build fixes.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.make: Copy DLLs, PDBs.
+        * JavaScriptCore.vcproj/JavaScriptCore.resources: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Added.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add version stamping, resource copying.
+
+2009-04-20  Steve Falkenburg  <sfalken@apple.com>
+
+        Separate JavaScriptCore.dll from WebKit.dll.
+        Slight performance improvement or no change on benchmarks.
+        
+        Allows us to break a circular dependency between CFNetwork and WebKit on Windows,
+        and simplifies standalone JavaScriptCore builds.
+
+        Reviewed by Oliver Hunt.
+
+        * API/JSBase.h: Export symbols with JS_EXPORT when using MSVC.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Build JavaScriptCore as a DLL instead of a static library.
+        * config.h: Specify __declspec(dllexport/dllimport) appropriately when exporting data.
+        * runtime/InternalFunction.h: Specify JS_EXPORTDATA on exported data.
+        * runtime/JSArray.h: Specify JS_EXPORTDATA on exported data.
+        * runtime/JSFunction.h: Specify JS_EXPORTDATA on exported data.
+        * runtime/StringObject.h: Specify JS_EXPORTDATA on exported data.
+        * runtime/UString.h: Specify JS_EXPORTDATA on exported data.
+
+2009-04-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Kevin McCullough.
+
+        Always tag mmaped memory on darwin and clean up #defines
+        now that they are a little bigger.
+
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+        * runtime/Collector.cpp:
+        (JSC::allocateBlock):
+
+2009-04-20  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Tim Hatcher.
+
+        Add licenses for xcconfig files.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/DebugRelease.xcconfig:
+        * Configurations/FeatureDefines.xcconfig:
+        * Configurations/JavaScriptCore.xcconfig:
+        * Configurations/Version.xcconfig:
+
+2009-04-20  Ariya Hidayat  <ariya.hidayat@nokia.com>
+
+        Build fix for Qt port (after r42646). Not reviewed.
+
+        * wtf/unicode/qt4/UnicodeQt4.h: Added U16_PREV.
+
+2009-04-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Better fix for JSStringCreateWithCFString hardening.
+
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+
+2009-04-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        Fix for <rdar://problem/5860954>
+        Harden JSStringCreateWithCFString against malformed CFStringRefs.
+
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+
+2009-04-19  David Kilzer  <ddkilzer@apple.com>
+
+        Make FEATURE_DEFINES completely dynamic
+
+        Reviewed by Darin Adler.
+
+        Make FEATURE_DEFINES depend on individual ENABLE_FEATURE_NAME
+        variables for each feature, making it possible to remove all
+        knowledge of FEATURE_DEFINES from build-webkit.
+
+        * Configurations/FeatureDefines.xcconfig: Extract a variable
+        from FEATURE_DEFINES for each feature setting.
+
+2009-04-18  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        Fix typo.  s/VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE/VM_MEMORY_JAVASCRIPT_CORE/
+
+        * runtime/Collector.cpp:
+        (JSC::allocateBlock): Fix bozo typo.
+
+2009-04-18  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Anders Carlsson.
+
+        Fix for <rdar://problem/6801555> Tag JavaScript memory on SnowLeopard
+
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemAlloc):
+        * runtime/Collector.cpp:
+        (JSC::allocateBlock):
+
+2009-04-18  Drew Wilson  <amw@apple.com>
+
+        <rdar://problem/6781407> VisiblePosition.characterAfter should return UChar32
+
+        Reviewed by Dan Bernstein.
+
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::hasLineBreakingPropertyComplexContextOrIdeographic): Added.
+
+2009-04-18  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix for <rdar://problem/5861045>
+        A little bit of hardening for UString.
+
+        * runtime/UString.cpp:
+        (JSC::concatenate):
+        (JSC::UString::append):
+
+2009-04-18  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe and Dan Bernstein.
+
+        Fix for <rdar://problem/5861188>
+        A little bit of hardening for Vector.
+
+        * wtf/Vector.h:
+        (WTF::Vector<T, inlineCapacity>::append):
+        (WTF::Vector<T, inlineCapacity>::insert):
+
+2009-04-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        On x86_64, make all JIT-code allocations from a new heap, managed
+        by FixedVMPoolAllocator.  This class allocates a single large (2Gb)
+        pool of virtual memory from which all further allocations take place.
+        Since all JIT code is allocated from this pool, we can continue to
+        safely assume (as is already asserted) that it will always be possible
+        to link any JIT-code to JIT-code jumps and calls.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+            Add new file.
+        * jit/ExecutableAllocatorFixedVMPool.cpp: Added.
+        (JSC::FreeListEntry::FreeListEntry):
+        (JSC::AVLTreeAbstractorForFreeList::get_less):
+        (JSC::AVLTreeAbstractorForFreeList::set_less):
+        (JSC::AVLTreeAbstractorForFreeList::get_greater):
+        (JSC::AVLTreeAbstractorForFreeList::set_greater):
+        (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
+        (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
+        (JSC::AVLTreeAbstractorForFreeList::null):
+        (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
+        (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
+        (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
+        (JSC::sortFreeListEntriesByPointer):
+        (JSC::sortCommonSizedAllocations):
+        (JSC::FixedVMPoolAllocator::release):
+        (JSC::FixedVMPoolAllocator::reuse):
+        (JSC::FixedVMPoolAllocator::addToFreeList):
+        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        (JSC::FixedVMPoolAllocator::alloc):
+        (JSC::FixedVMPoolAllocator::free):
+        (JSC::ExecutableAllocator::intializePageSize):
+        (JSC::ExecutablePool::systemAlloc):
+        (JSC::ExecutablePool::systemRelease):
+            The new 2Gb heap class!
+        * jit/ExecutableAllocatorPosix.cpp:
+            Disable use of this implementation on x86_64.
+        * wtf/AVLTree.h:
+            Add missing variable initialization.
+        (WTF::::remove):
+
+2009-04-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix bug where the VM reentry cache would not correctly unroll the cached callframe
+
+        Fix a check that was intended to mark a cached call as invalid when the callframe could
+        not be constructed.  Instead it was just checking that there was a place to put the
+        exception.  This eventually results in a non-recoverable RegisterFile starvation.
+
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::CachedCall):
+        (JSC::CachedCall::call): add assertion to ensure we don't use a bad callframe
+
+2009-04-17  David Kilzer  <ddkilzer@apple.com>
+
+        Simplify FEATURE_DEFINES definition
+
+        Reviewed by Darin Adler.
+
+        This moves FEATURE_DEFINES and its related ENABLE_FEATURE_NAME
+        variables to their own FeatureDefines.xcconfig file.  It also
+        extracts a new ENABLE_GEOLOCATION variable so that
+        FEATURE_DEFINES only needs to be defined once.
+
+        * Configurations/FeatureDefines.xcconfig: Added.
+        * Configurations/JavaScriptCore.xcconfig: Removed definition of
+        ENABLE_SVG_DOM_OBJC_BINDINGS and FEATURE_DEFINES.  Added include
+        of FeatureDefines.xcconfig.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added
+        FeatureDefines.xcconfig file.
+
+2009-04-08  Mihnea Ovidenie  <mihnea@adobe.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 25027: JavaScript parseInt wrong on negative numbers
+        <https://bugs.webkit.org/show_bug.cgi?id=25027>
+
+        When dealing with negative numbers, parseInt should use ceil instead of floor.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
+2009-04-16  Stephanie Lewis  <slewis@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6744652> 32-bit to 64-bit: Javascript hash tables double in size
+
+        Remove perfect hash optimization which removes 1 MB of overhead on 32-bit and almost 2 MB on 64-bit.  Removing the optimization was not a regression on SunSpider and the acid 3 test still passes.
+
+        * create_hash_table:
+        * runtime/Lookup.cpp:
+        (JSC::HashTable::createTable):
+        (JSC::HashTable::deleteTable):
+        * runtime/Lookup.h:
+        (JSC::HashEntry::initialize):
+        (JSC::HashEntry::next):
+        (JSC::HashTable::entry):
+        * runtime/Structure.cpp:
+        (JSC::Structure::getEnumerableNamesFromClassInfoTable):
+
+2009-04-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix subtle error in optimised VM reentry in Array.sort
+
+        Basically to ensure we don't accidentally invalidate the cached callframe
+        we should be using the cached callframe rather than our own exec state.
+        While the old behaviour was wrong i have been unable to actually create a
+        test case where anything actually ends up going wrong.
+
+        * interpreter/CachedCall.h:
+        (JSC::CachedCall::newCallFrame):
+        * runtime/JSArray.cpp:
+        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+
+2009-04-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Optimise op_resolve_base
+
+        If we can statically find a property we are trying to resolve
+        the base of, the base is guaranteed to be the global object.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitResolveBase):
+
+2009-04-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve performance of read-write-modify operators
+
+        Implement cross scope optimisation for read-write-modify
+        operators, to avoid unnecessary calls to property resolve
+        helper functions.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitLoadGlobalObject):
+        (JSC::BytecodeGenerator::emitResolveWithBase):
+        * bytecompiler/BytecodeGenerator.h:
+
+2009-04-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve performance of remaining array enumeration functions
+
+        Make use of function entry cache for remaining Array enumeration functions.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+
+2009-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve performance of Array.sort
+
+        Cache the VM entry for Array.sort when using a JS comparison function.
+
+        * runtime/JSArray.cpp:
+        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        (JSC::JSArray::sort):
+
+2009-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 25229: Need support for Array.prototype.reduceRight
+        <https://bugs.webkit.org/show_bug.cgi?id=25229>
+
+        Implement Array.reduceRight
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncReduceRight):
+
+2009-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 25227: Array.filter triggers an assertion when the target array shrinks while being filtered
+        <https://bugs.webkit.org/show_bug.cgi?id=25227>
+
+        We correct this simply by making the fast array path fall back on the slow path if
+        we ever discover the fast access is unsafe.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncFilter):
+
+2009-04-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 25159: Support Array.prototype.reduce
+        <https://bugs.webkit.org/show_bug.cgi?id=25159>
+
+        Implement Array.prototype.reduce
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncReduce):
+
+2009-04-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Move CallFrameClosure from inside the Interpreter class to its own file.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/CachedCall.h:
+        * interpreter/CallFrameClosure.h: Copied from JavaScriptCore/yarr/RegexJIT.h.
+        (JSC::CallFrameClosure::setArgument):
+        (JSC::CallFrameClosure::resetCallFrame):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::prepareForRepeatCall):
+        * interpreter/Interpreter.h:
+
+2009-04-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 25202: Improve performance of repeated callbacks into the VM
+
+        Add the concept of a CachedCall to native code for use in Array
+        prototype and similar functions where a single callback function
+        is called repeatedly with the same number of arguments.
+
+        Used Array.prototype.filter as the test function and got a 50% win
+        over a naive non-caching specialised version.  This makes the native
+        implementation of Array.prototype.filter faster than the JS one once
+        more.
+
+        * JavaScriptCore.vcproj/JavaScriptCore.sln:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/CachedCall.h: Added.
+        (JSC::CachedCall::CachedCall):
+        (JSC::CachedCall::call):
+        (JSC::CachedCall::setThis):
+        (JSC::CachedCall::setArgument):
+        (JSC::CachedCall::~CachedCall):
+           CachedCall is a wrapper that automates the calling and teardown
+           for a CallFrameClosure
+        * interpreter/CallFrame.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::prepareForRepeatCall):
+           Create the basic entry closure for a function
+        (JSC::Interpreter::execute):
+           A new ::execute method to enter the interpreter from a closure
+        (JSC::Interpreter::endRepeatCall):
+           Clear the entry closure
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::CallFrameClosure::setArgument):
+        (JSC::Interpreter::CallFrameClosure::resetCallFrame):
+           Helper functions to simplify setting up the closure's callframe
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncFilter):
+
+2009-04-14  Xan Lopez  <xlopez@igalia.com>
+
+        Fix the build.
+
+        Add the yarr headers (and only the headers) to the build, so that
+        RegExp.cpp can compile. The headers are ifdefed out with yarr
+        disabled, so we don't need anything else for now.
+
+        * GNUmakefile.am:
+
+2009-04-14  Adam Roben  <aroben@apple.com>
+
+        Remove support for profile-guided optimization on Windows
+
+        Rubber-stamped by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed
+        the Release_PGO configuration. Also let VS re-order the source files
+        list.
+
+2009-04-14  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed build fix.
+
+        * GNUmakefile.am:
+
+2009-04-14  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix when building minidom. Not reviewed.
+
+        Use C-style comment instead of C++ style since autotools builds
+        minidom using gcc and not g++.
+
+        * wtf/Platform.h:
+
+2009-04-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by NOBODY - speculative build fix.
+
+        * runtime/RegExp.h:
+
+2009-04-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cap'n Geoff Garen.
+
+        Yarr!
+        (Yet another regex runtime).
+
+        Currently disabled by default since the interpreter, whilst awesomely
+        functional, has not been optimized and is likely slower than PCRE, and
+        the JIT, whilst faster than WREC, is presently incomplete and does not
+        fallback to using an interpreter for the cases it cannot handle.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::move):
+        (JSC::MacroAssemblerX86Common::swap):
+        (JSC::MacroAssemblerX86Common::signExtend32ToPtr):
+        (JSC::MacroAssemblerX86Common::zeroExtend32ToPtr):
+        (JSC::MacroAssemblerX86Common::branch32):
+        (JSC::MacroAssemblerX86Common::branch16):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::cmpw_im):
+        (JSC::X86Assembler::testw_rr):
+        (JSC::X86Assembler::X86InstructionFormatter::immediate16):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::~RegExp):
+        (JSC::RegExp::create):
+        (JSC::RegExp::compile):
+        (JSC::RegExp::match):
+        * runtime/RegExp.h:
+        * wtf/Platform.h:
+        * yarr: Added.
+        * yarr/RegexCompiler.cpp: Added.
+        (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
+        (JSC::Yarr::CharacterClassConstructor::reset):
+        (JSC::Yarr::CharacterClassConstructor::append):
+        (JSC::Yarr::CharacterClassConstructor::putChar):
+        (JSC::Yarr::CharacterClassConstructor::isUnicodeUpper):
+        (JSC::Yarr::CharacterClassConstructor::isUnicodeLower):
+        (JSC::Yarr::CharacterClassConstructor::putRange):
+        (JSC::Yarr::CharacterClassConstructor::charClass):
+        (JSC::Yarr::CharacterClassConstructor::addSorted):
+        (JSC::Yarr::CharacterClassConstructor::addSortedRange):
+        (JSC::Yarr::newlineCreate):
+        (JSC::Yarr::digitsCreate):
+        (JSC::Yarr::spacesCreate):
+        (JSC::Yarr::wordcharCreate):
+        (JSC::Yarr::nondigitsCreate):
+        (JSC::Yarr::nonspacesCreate):
+        (JSC::Yarr::nonwordcharCreate):
+        (JSC::Yarr::RegexPatternConstructor::RegexPatternConstructor):
+        (JSC::Yarr::RegexPatternConstructor::~RegexPatternConstructor):
+        (JSC::Yarr::RegexPatternConstructor::reset):
+        (JSC::Yarr::RegexPatternConstructor::assertionBOL):
+        (JSC::Yarr::RegexPatternConstructor::assertionEOL):
+        (JSC::Yarr::RegexPatternConstructor::assertionWordBoundary):
+        (JSC::Yarr::RegexPatternConstructor::atomPatternCharacter):
+        (JSC::Yarr::RegexPatternConstructor::atomBuiltInCharacterClass):
+        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassBegin):
+        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassAtom):
+        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassRange):
+        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassBuiltIn):
+        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassEnd):
+        (JSC::Yarr::RegexPatternConstructor::atomParenthesesSubpatternBegin):
+        (JSC::Yarr::RegexPatternConstructor::atomParentheticalAssertionBegin):
+        (JSC::Yarr::RegexPatternConstructor::atomParenthesesEnd):
+        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
+        (JSC::Yarr::RegexPatternConstructor::copyDisjunction):
+        (JSC::Yarr::RegexPatternConstructor::copyTerm):
+        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
+        (JSC::Yarr::RegexPatternConstructor::disjunction):
+        (JSC::Yarr::RegexPatternConstructor::regexBegin):
+        (JSC::Yarr::RegexPatternConstructor::regexEnd):
+        (JSC::Yarr::RegexPatternConstructor::regexError):
+        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
+        (JSC::Yarr::RegexPatternConstructor::setupDisjunctionOffsets):
+        (JSC::Yarr::RegexPatternConstructor::setupOffsets):
+        (JSC::Yarr::compileRegex):
+        * yarr/RegexCompiler.h: Added.
+        * yarr/RegexInterpreter.cpp: Added.
+        (JSC::Yarr::Interpreter::appendParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::DisjunctionContext::DisjunctionContext):
+        (JSC::Yarr::Interpreter::DisjunctionContext::operator new):
+        (JSC::Yarr::Interpreter::allocDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeDisjunctionContext):
+        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::operator new):
+        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::restoreOutput):
+        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::getDisjunctionContext):
+        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
+        (JSC::Yarr::Interpreter::InputStream::InputStream):
+        (JSC::Yarr::Interpreter::InputStream::next):
+        (JSC::Yarr::Interpreter::InputStream::rewind):
+        (JSC::Yarr::Interpreter::InputStream::read):
+        (JSC::Yarr::Interpreter::InputStream::readChecked):
+        (JSC::Yarr::Interpreter::InputStream::reread):
+        (JSC::Yarr::Interpreter::InputStream::prev):
+        (JSC::Yarr::Interpreter::InputStream::getPos):
+        (JSC::Yarr::Interpreter::InputStream::setPos):
+        (JSC::Yarr::Interpreter::InputStream::atStart):
+        (JSC::Yarr::Interpreter::InputStream::atEnd):
+        (JSC::Yarr::Interpreter::InputStream::checkInput):
+        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
+        (JSC::Yarr::Interpreter::testCharacterClass):
+        (JSC::Yarr::Interpreter::tryConsumeCharacter):
+        (JSC::Yarr::Interpreter::checkCharacter):
+        (JSC::Yarr::Interpreter::tryConsumeCharacterClass):
+        (JSC::Yarr::Interpreter::checkCharacterClass):
+        (JSC::Yarr::Interpreter::tryConsumeBackReference):
+        (JSC::Yarr::Interpreter::matchAssertionBOL):
+        (JSC::Yarr::Interpreter::matchAssertionEOL):
+        (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
+        (JSC::Yarr::Interpreter::matchPatternCharacter):
+        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
+        (JSC::Yarr::Interpreter::matchCharacterClass):
+        (JSC::Yarr::Interpreter::backtrackCharacterClass):
+        (JSC::Yarr::Interpreter::matchBackReference):
+        (JSC::Yarr::Interpreter::backtrackBackReference):
+        (JSC::Yarr::Interpreter::recordParenthesesMatch):
+        (JSC::Yarr::Interpreter::resetMatches):
+        (JSC::Yarr::Interpreter::resetAssertionMatches):
+        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
+        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
+        (JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
+        (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
+        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
+        (JSC::Yarr::Interpreter::matchParentheticalAssertionOnceBegin):
+        (JSC::Yarr::Interpreter::matchParentheticalAssertionOnceEnd):
+        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionOnceBegin):
+        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionOnceEnd):
+        (JSC::Yarr::Interpreter::matchParentheses):
+        (JSC::Yarr::Interpreter::backtrackParentheses):
+        (JSC::Yarr::Interpreter::matchTerm):
+        (JSC::Yarr::Interpreter::backtrackTerm):
+        (JSC::Yarr::Interpreter::matchAlternative):
+        (JSC::Yarr::Interpreter::matchDisjunction):
+        (JSC::Yarr::Interpreter::matchNonZeroDisjunction):
+        (JSC::Yarr::Interpreter::interpret):
+        (JSC::Yarr::Interpreter::Interpreter):
+        (JSC::Yarr::ByteCompiler::ParenthesesStackEntry::ParenthesesStackEntry):
+        (JSC::Yarr::ByteCompiler::ByteCompiler):
+        (JSC::Yarr::ByteCompiler::compile):
+        (JSC::Yarr::ByteCompiler::checkInput):
+        (JSC::Yarr::ByteCompiler::assertionBOL):
+        (JSC::Yarr::ByteCompiler::assertionEOL):
+        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
+        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
+        (JSC::Yarr::ByteCompiler::atomCharacterClass):
+        (JSC::Yarr::ByteCompiler::atomBackReference):
+        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
+        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
+        (JSC::Yarr::ByteCompiler::popParenthesesStack):
+        (JSC::Yarr::ByteCompiler::dumpDisjunction):
+        (JSC::Yarr::ByteCompiler::closeAlternative):
+        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
+        (JSC::Yarr::ByteCompiler::regexBegin):
+        (JSC::Yarr::ByteCompiler::regexEnd):
+        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
+        (JSC::Yarr::ByteCompiler::emitDisjunction):
+        (JSC::Yarr::byteCompileRegex):
+        (JSC::Yarr::interpretRegex):
+        * yarr/RegexInterpreter.h: Added.
+        (JSC::Yarr::ByteTerm::):
+        (JSC::Yarr::ByteTerm::ByteTerm):
+        (JSC::Yarr::ByteTerm::BOL):
+        (JSC::Yarr::ByteTerm::CheckInput):
+        (JSC::Yarr::ByteTerm::EOL):
+        (JSC::Yarr::ByteTerm::WordBoundary):
+        (JSC::Yarr::ByteTerm::BackReference):
+        (JSC::Yarr::ByteTerm::AlternativeBegin):
+        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
+        (JSC::Yarr::ByteTerm::AlternativeEnd):
+        (JSC::Yarr::ByteTerm::PatternEnd):
+        (JSC::Yarr::ByteTerm::invert):
+        (JSC::Yarr::ByteTerm::capture):
+        (JSC::Yarr::ByteDisjunction::ByteDisjunction):
+        (JSC::Yarr::BytecodePattern::BytecodePattern):
+        (JSC::Yarr::BytecodePattern::~BytecodePattern):
+        * yarr/RegexJIT.cpp: Added.
+        (JSC::Yarr::RegexGenerator::optimizeAlternative):
+        (JSC::Yarr::RegexGenerator::matchCharacterClassRange):
+        (JSC::Yarr::RegexGenerator::matchCharacterClass):
+        (JSC::Yarr::RegexGenerator::jumpIfNoAvailableInput):
+        (JSC::Yarr::RegexGenerator::jumpIfAvailableInput):
+        (JSC::Yarr::RegexGenerator::checkInput):
+        (JSC::Yarr::RegexGenerator::atEndOfInput):
+        (JSC::Yarr::RegexGenerator::notAtEndOfInput):
+        (JSC::Yarr::RegexGenerator::jumpIfCharEquals):
+        (JSC::Yarr::RegexGenerator::jumpIfCharNotEquals):
+        (JSC::Yarr::RegexGenerator::readCharacter):
+        (JSC::Yarr::RegexGenerator::storeToFrame):
+        (JSC::Yarr::RegexGenerator::loadFromFrame):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::TermGenerationState):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::resetAlternative):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::alternativeValid):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::nextAlternative):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::alternative):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::resetTerm):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::termValid):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::nextTerm):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::term):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::lookaheadTerm):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::isSinglePatternCharacterLookaheadTerm):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::inputOffset):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::jumpToBacktrack):
+        (JSC::Yarr::RegexGenerator::TermGenerationState::setBacktrackGenerated):
+        (JSC::Yarr::RegexGenerator::jumpToBacktrackCheckEmitPending):
+        (JSC::Yarr::RegexGenerator::genertateAssertionBOL):
+        (JSC::Yarr::RegexGenerator::genertateAssertionEOL):
+        (JSC::Yarr::RegexGenerator::matchAssertionWordchar):
+        (JSC::Yarr::RegexGenerator::genertateAssertionWordBoundary):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterSingle):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterPair):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterFixed):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterGreedy):
+        (JSC::Yarr::RegexGenerator::genertatePatternCharacterNonGreedy):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassSingle):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassFixed):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassGreedy):
+        (JSC::Yarr::RegexGenerator::genertateCharacterClassNonGreedy):
+        (JSC::Yarr::RegexGenerator::generateParenthesesSingleDisjunctionOneAlternative):
+        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
+        (JSC::Yarr::RegexGenerator::generateTerm):
+        (JSC::Yarr::RegexGenerator::generateDisjunction):
+        (JSC::Yarr::RegexGenerator::RegexGenerator):
+        (JSC::Yarr::RegexGenerator::generate):
+        (JSC::Yarr::jitCompileRegex):
+        (JSC::Yarr::executeRegex):
+        * yarr/RegexJIT.h: Added.
+        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
+        * yarr/RegexParser.h: Added.
+        (JSC::Yarr::):
+        (JSC::Yarr::Parser::):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::begin):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacterUnescaped):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::end):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::flush):
+        (JSC::Yarr::Parser::CharacterClassParserDelegate::):
+        (JSC::Yarr::Parser::Parser):
+        (JSC::Yarr::Parser::parseEscape):
+        (JSC::Yarr::Parser::parseAtomEscape):
+        (JSC::Yarr::Parser::parseCharacterClassEscape):
+        (JSC::Yarr::Parser::parseCharacterClass):
+        (JSC::Yarr::Parser::parseParenthesesBegin):
+        (JSC::Yarr::Parser::parseParenthesesEnd):
+        (JSC::Yarr::Parser::parseQuantifier):
+        (JSC::Yarr::Parser::parseTokens):
+        (JSC::Yarr::Parser::parse):
+        (JSC::Yarr::Parser::saveState):
+        (JSC::Yarr::Parser::restoreState):
+        (JSC::Yarr::Parser::atEndOfPattern):
+        (JSC::Yarr::Parser::peek):
+        (JSC::Yarr::Parser::peekIsDigit):
+        (JSC::Yarr::Parser::peekDigit):
+        (JSC::Yarr::Parser::consume):
+        (JSC::Yarr::Parser::consumeDigit):
+        (JSC::Yarr::Parser::consumeNumber):
+        (JSC::Yarr::Parser::consumeOctal):
+        (JSC::Yarr::Parser::tryConsume):
+        (JSC::Yarr::Parser::tryConsumeHex):
+        (JSC::Yarr::parse):
+        * yarr/RegexPattern.h: Added.
+        (JSC::Yarr::CharacterRange::CharacterRange):
+        (JSC::Yarr::):
+        (JSC::Yarr::PatternTerm::):
+        (JSC::Yarr::PatternTerm::PatternTerm):
+        (JSC::Yarr::PatternTerm::BOL):
+        (JSC::Yarr::PatternTerm::EOL):
+        (JSC::Yarr::PatternTerm::WordBoundary):
+        (JSC::Yarr::PatternTerm::invert):
+        (JSC::Yarr::PatternTerm::capture):
+        (JSC::Yarr::PatternTerm::quantify):
+        (JSC::Yarr::PatternAlternative::PatternAlternative):
+        (JSC::Yarr::PatternAlternative::lastTerm):
+        (JSC::Yarr::PatternAlternative::removeLastTerm):
+        (JSC::Yarr::PatternDisjunction::PatternDisjunction):
+        (JSC::Yarr::PatternDisjunction::~PatternDisjunction):
+        (JSC::Yarr::PatternDisjunction::addNewAlternative):
+        (JSC::Yarr::RegexPattern::RegexPattern):
+        (JSC::Yarr::RegexPattern::~RegexPattern):
+        (JSC::Yarr::RegexPattern::reset):
+        (JSC::Yarr::RegexPattern::containsIllegalBackReference):
+        (JSC::Yarr::RegexPattern::newlineCharacterClass):
+        (JSC::Yarr::RegexPattern::digitsCharacterClass):
+        (JSC::Yarr::RegexPattern::spacesCharacterClass):
+        (JSC::Yarr::RegexPattern::wordcharCharacterClass):
+        (JSC::Yarr::RegexPattern::nondigitsCharacterClass):
+        (JSC::Yarr::RegexPattern::nonspacesCharacterClass):
+        (JSC::Yarr::RegexPattern::nonwordcharCharacterClass):
+
+2009-04-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Missed code from last patch).
+
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::displayName):
+        (JSC::InternalFunction::calculatedDisplayName):
+        * runtime/InternalFunction.h:
+
+2009-04-13  Francisco Tolmasky  <francisco@280north.com>
+
+        Reviewed by Oliver Hunt.
+        
+        BUG 25171: It should be possible to manually set the name of an anonymous function
+        <https://bugs.webkit.org/show_bug.cgi?id=25171>
+
+        This change adds the displayName property to functions, which when set overrides the 
+        normal name when appearing in the console.
+
+        * profiler/Profiler.cpp:
+        (JSC::createCallIdentifierFromFunctionImp): Changed call to InternalFunction::name to InternalFunction::calculatedDisplayName
+        * runtime/CommonIdentifiers.h: Added displayName common identifier.
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::displayName): Access to user settable displayName property
+        (JSC::InternalFunction::calculatedDisplayName): Returns displayName if it exists, if not then the natural name
+
+2009-04-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Disabled another JavaScriptCore test because it fails on Windows but
+        not Mac, so it makes the bots red.
+
+        * tests/mozilla/expected.html:
+
+2009-04-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Disabled two JavaScriptCore tests because they fail on Window or Mac but
+        not both, so they make the bots red.
+
+        * tests/mozilla/expected.html: Updated expected results.
+
+2009-04-09  Ben Murdoch  <benm@google.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25091
+        The Android platform requires threads to be registered with the VM.
+        This patch implements this behaviour inside ThreadingPthreads.cpp.
+
+        * wtf/ThreadingPthreads.cpp: Add a level above threadEntryPoint that takes care of (un)registering threads with the VM.
+        (WTF::runThreadWithRegistration): register the thread and run entryPoint. Unregister the thread afterwards.
+        (WTF::createThreadInternal): call runThreadWithRegistration instead of entryPoint directly.
+
+2009-04-09  David Kilzer  <ddkilzer@apple.com>
+
+        Reinstating <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
+
+        Rolled r42345 back in.  The build failure was caused by an
+        internal script which had not been updated the same way that
+        build-webkit was updated.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2009-04-09  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reverting <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings.
+        It broke Mac build, and I don't know how to fix it.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2009-04-09  Xan Lopez  <xlopez@igalia.com>
+
+        Unreviewed build fix.
+
+        Checking for __GLIBCXX__ being bigger than some date is not enough
+        to get std::tr1, C++0x has to be in use too. Add another check for
+        __GXX_EXPERIMENTAL_CXX0X__.
+
+        * wtf/TypeTraits.h:
+
+2009-04-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Adam Roben.
+
+        Fix assertion failure in function.apply
+
+        The result of excess arguments to function.apply is irrelevant
+        so we don't need to provide a result register.  We were providing
+        temporary result register but not ref'ing it resulting in an
+        assertion failure.
+
+        * parser/Nodes.cpp:
+        (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
+2009-04-08  David Kilzer  <ddkilzer@apple.com>
+
+        <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
+
+        Reviewed by Darin Adler and Maciej Stachowiak.
+
+        Introduce the ENABLE_SVG_DOM_OBJC_BINDINGS feature define so
+        that SVG DOM Objective-C bindings may be optionally disabled.
+
+        * Configurations/JavaScriptCore.xcconfig: Added
+        ENABLE_SVG_DOM_OBJC_BINDINGS variable and use it in
+        FEATURE_DEFINES.
+
+2009-04-08  Paul Pedriana <ppedriana@ea.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20422
+        Allow custom memory allocation control.
+        
+        * wtf/FastAllocBase.h:
+        New added file. Implements allocation base class.
+        * wtf/TypeTraits.h:
+        Augments existing type traits support as needed by FastAllocBase.
+        * wtf/FastMalloc.h:
+        Changed to support FastMalloc match validation.
+        * wtf/FastMalloc.cpp:
+        Changed to support FastMalloc match validation.
+        * wtf/Platform.h:
+        Added ENABLE_FAST_MALLOC_MATCH_VALIDATION; defaults to 0.
+        * GNUmakefile.am:
+        Updated to include added FastAllocBase.h.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Updated to include added FastAllocBase.h.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        Updated to include added FastAllocBase.h.
+
+2009-04-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Improve function.apply performance
+
+        Jump through a few hoops to improve performance of function.apply in the general case.
+
+        In the case of zero or one arguments, or if there are only two arguments and the
+        second is an array literal we treat function.apply as function.call.
+
+        Otherwise we use the new opcodes op_load_varargs and op_call_varargs to do the .apply call
+        without re-entering the virtual machine.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
+        (JSC::BytecodeGenerator::emitLoadVarargs):
+        (JSC::BytecodeGenerator::emitCallVarargs):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallVarargsSetupArgs):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCallVarargsSlowCase):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_load_varargs):
+        * jit/JITStubs.h:
+        * parser/Grammar.y:
+        * parser/Nodes.cpp:
+        (JSC::ArrayNode::isSimpleArray):
+        (JSC::ArrayNode::toArgumentList):
+        (JSC::CallFunctionCallDotNode::emitBytecode):
+        (JSC::ApplyFunctionCallDotNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::):
+        (JSC::ApplyFunctionCallDotNode::):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::copyToRegisters):
+        (JSC::Arguments::fillArgList):
+        * runtime/Arguments.h:
+        (JSC::Arguments::numProvidedArguments):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * runtime/FunctionPrototype.h:
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::copyToRegisters):
+        * runtime/JSArray.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::mark):
+        * runtime/JSGlobalObject.h:
+
+2009-04-08  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25073
+        JavaScriptCore tests don't run if time zone is not PST
+
+        * API/tests/testapi.c:
+        (timeZoneIsPST): Added a function that checks whether the time zone is PST, using the same
+        method as functions in DateMath.cpp do for formatting the result.
+        (main): Skip date string format test if the time zone is not PST.
+
+2009-04-07  David Levin  <levin@chromium.org>
+
+        Reviewed by Sam Weinig and Geoff Garen.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25039
+        UString refactoring to support UChar* sharing.
+
+        No change in sunspider perf.
+
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStringsStorage::SmallStringsStorage):
+        * runtime/UString.cpp:
+        (JSC::initializeStaticBaseString):
+        (JSC::initializeUString):
+        (JSC::UString::BaseString::isShared):
+        Encapsulate the meaning behind the refcount == 1 checks because
+        this needs to do slightly more when sharing is added.
+        (JSC::concatenate):
+        (JSC::UString::append):
+        (JSC::UString::operator=):
+        * runtime/UString.h:
+        Make m_baseString part of a union to get rid of casts, but make it protected because
+        it is tricky to use it correctly since it is only valid when the Rep is not a BaseString.
+        The void* will be filled in when sharing is added.
+
+        Add constructors due to the making members protected and it make ensuring proper
+        initialization work better (like in SmallStringsStorage).
+        (JSC::UString::Rep::create):
+        (JSC::UString::Rep::Rep):
+        (JSC::UString::Rep::):
+        (JSC::UString::BaseString::BaseString):
+        (JSC::UString::Rep::setBaseString):
+        (JSC::UString::Rep::baseString):
+
+2009-04-04  Xan Lopez  <xlopez@igalia.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=25033
+        dtoa.cpp segfaults with g++ 4.4.0
+
+        g++ 4.4.0 seems to be more strict about aliasing rules, so it
+        produces incorrect code if dtoa.cpp is compiled with
+        -fstrict-aliasing (it also emits a ton of warnings, so fair enough
+        I guess). The problem was that we were only casting variables to
+        union types in order to do type punning, but GCC and the C
+        standard require that we actually use a union to store the value.
+
+        This patch does just that, the code is mostly copied from the dtoa
+        version in GCC:
+        http://gcc.gnu.org/viewcvs/trunk/libjava/classpath/native/fdlibm/dtoa.c?view=markup.
+
+        * wtf/dtoa.cpp:
+        (WTF::ulp):
+        (WTF::b2d):
+        (WTF::ratio):
+        (WTF::hexnan):
+        (WTF::strtod):
+        (WTF::dtoa):
+
+2009-04-04  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix for Win port. Build the assembler sources to get missing functions.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+        * wtf/Platform.h:
+
+2009-04-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Kevin Decker.
+
+        <rdar://problem/6744471> crash in GC due to uninitialized callFunction pointer
+
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Initialize
+        callFunction as we do the other data members that are used in the mark function.
+
+2009-04-02  Yael Aharon  <yael.aharon@nokia.com>
+
+        Reviewed by Simon Hausmann
+
+        https://bugs.webkit.org/show_bug.cgi?id=24490
+
+        Implement WTF::ThreadSpecific in the Qt build using
+        QThreadStorage.
+
+        * wtf/ThreadSpecific.h:
+
+2009-04-01  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24990
+        Put SECTORDER_FLAGS into xcconfig files.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/DebugRelease.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2009-03-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix non-AllInOneFile builds.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+
+2009-03-27  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve performance of Function.prototype.call
+        <https://bugs.webkit.org/show_bug.cgi?id=24907>
+
+        Optimistically assume that expression.call(..) is going to be a call to
+        Function.prototype.call, and handle it specially to attempt to reduce the
+        degree of VM reentrancy.
+
+        When everything goes right this removes the vm reentry improving .call()
+        by around a factor of 10.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * parser/Grammar.y:
+        * parser/Nodes.cpp:
+        (JSC::CallFunctionCallDotNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::CallFunctionCallDotNode::):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * runtime/FunctionPrototype.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::mark):
+        * runtime/JSGlobalObject.h:
+
+2009-03-27  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 24884: Include strings.h for strcasecmp()
+        https://bugs.webkit.org/show_bug.cgi?id=24884
+
+        * runtime/DateMath.cpp: Reversed previous change including strings.h
+        * wtf/StringExtras.h: Include strings.h here is available
+
+2009-03-26  Adam Roben  <aroben@apple.com>
+
+        Copy testapi.js to $WebKitOutputDir on Windows
+
+        Part of Bug 24856: run-javascriptcore-tests should run testapi on
+        Windows
+        <https://bugs.webkit.org/show_bug.cgi?id=24856>
+
+        This matches what Mac does, which will help once we enable running
+        testapi from run-javascriptcore-tests on Windows.
+
+        Reviewed by Steve Falkenburg.
+
+        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Copy testapi.js next
+        to testapi.exe.
+
+2009-03-25  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fix exception handling for instanceof in the interpreter.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-03-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed <rdar://problem/6724011> Write to freed memory in JSC::Label::deref
+        when reloading http://helpme.att.net/speedtest/
+
+        * bytecompiler/BytecodeGenerator.h: Reversed the declaration order for
+        m_labelScopes and m_labels to reverse their destruction order.
+        m_labelScopes has references to memory within m_labels, so its destructor
+        needs to run first.
+
+2009-03-24  Eli Fidler  <eli.fidler@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        Correct warnings which in some environments are treated as errors.
+
+        * wtf/dtoa.cpp:
+        (WTF::b2d):
+        (WTF::d2b):
+        (WTF::strtod):
+        (WTF::dtoa):
+
+2009-03-24  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Darin Adler.
+        
+        Explicitly define HAVE_LANGINFO_H on Darwin. Fixes the wx build bot jscore 
+        test failure. 
+        
+        https://bugs.webkit.org/show_bug.cgi?id=24780
+
+        * wtf/Platform.h:
+
+2009-03-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix className() for API defined class
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::className):
+        * API/tests/testapi.c:
+        (EmptyObject_class):
+        (main):
+        * API/tests/testapi.js:
+
+2009-03-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Make testapi assertions run in release builds, so that testapi actually
+        works in a release build.
+
+        Many of the testapi assertions have side effects that are necessary, and
+        given testapi is a testing program, perf impact of an assertion is not
+        important, so it makes sense to apply the assertions in release builds
+        anyway.
+
+        * API/tests/testapi.c:
+        (EvilExceptionObject_hasInstance):
+
+2009-03-23  David Kilzer  <ddkilzer@apple.com>
+
+        Provide JavaScript exception information after slow script timeout
+
+        Reviewed by Oliver Hunt.
+
+        * runtime/Completion.cpp:
+        (JSC::evaluate): Set the exception object as the Completion
+        object's value for slow script timeouts.  This is used in
+        WebCore when reporting the exception.
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::InterruptedExecutionError::toString): Added.  Provides a
+        description message for the exception when it is reported.
+
+2009-03-23  Gustavo Noronha Silva  <gns@gnome.org> and Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
+
+        Reviewed by Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24674
+        Crashes in !PLATFORM(MAC)'s formatLocaleDate, in very specific situations
+
+        Make sure strftime never returns 2-digits years to avoid ambiguity
+        and a crash. We wrap this new code option in HAVE_LANGINFO_H,
+        since it is apparently not available in all platforms.
+
+        * runtime/DatePrototype.cpp:
+        (JSC::formatLocaleDate):
+        * wtf/Platform.h:
+
+2009-03-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix exception handling in API
+
+        We can't just use the ExecState exception slot for returning exceptions
+        from class introspection functions provided through the API as many JSC
+        functions will explicitly clear the ExecState exception when returning.
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::JSCallbackObject<Base>::getOwnPropertySlot):
+        (JSC::JSCallbackObject<Base>::put):
+        (JSC::JSCallbackObject<Base>::deleteProperty):
+        (JSC::JSCallbackObject<Base>::construct):
+        (JSC::JSCallbackObject<Base>::hasInstance):
+        (JSC::JSCallbackObject<Base>::call):
+        (JSC::JSCallbackObject<Base>::toNumber):
+        (JSC::JSCallbackObject<Base>::toString):
+        (JSC::JSCallbackObject<Base>::staticValueGetter):
+        (JSC::JSCallbackObject<Base>::callbackGetter):
+        * API/tests/testapi.c:
+        (MyObject_hasProperty):
+        (MyObject_getProperty):
+        (MyObject_setProperty):
+        (MyObject_deleteProperty):
+        (MyObject_callAsFunction):
+        (MyObject_callAsConstructor):
+        (MyObject_hasInstance):
+        (EvilExceptionObject_hasInstance):
+        (EvilExceptionObject_convertToType):
+        (EvilExceptionObject_class):
+        (main):
+        * API/tests/testapi.js:
+        (EvilExceptionObject.hasInstance):
+        (EvilExceptionObject.toNumber):
+        (EvilExceptionObject.toStringExplicit):
+
+2009-03-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20049: testapi failure: MyObject - 0 should be NaN but instead is 1.
+        <https://bugs.webkit.org/show_bug.cgi?id=20049>
+        <rdar://problem/6079127>
+
+        In this case, the test is wrong. According to the ECMA spec, subtraction
+        uses ToNumber, not ToPrimitive. Change the test to match the spec.
+
+        * API/tests/testapi.js:
+
+2009-03-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Ensure that JSObjectMakeFunction doesn't produce incorrect line numbers.
+
+        Also make test api correctly propagate failures.
+
+        * API/tests/testapi.c:
+        (main):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+
+2009-03-21  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Improve testapi by making it report failures in a way we can pick up
+        from our test scripts.
+
+        * API/tests/testapi.c:
+        (assertEqualsAsBoolean):
+        (assertEqualsAsNumber):
+        (assertEqualsAsUTF8String):
+        (assertEqualsAsCharactersPtr):
+        (main):
+        * API/tests/testapi.js:
+        (pass):
+        (fail):
+        (shouldBe):
+        (shouldThrow):
+
+2009-03-20  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24535
+
+        Fixes missing line terminator character (;) after macro call.
+        It is common practice to add the trailing ";" where macros are substituted
+        and not where they are defined with #define.
+        This change is consistent with other macro declarations across webkit,
+        and it also solves compilation failure with symbian compilers. 
+ 
+        * runtime/UString.cpp:
+        * wtf/Assertions.h:
+
+2009-03-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed a JavaScriptCore crash on the Windows buildbot.
+
+        * bytecompiler/BytecodeGenerator.h: Reduced the AST recursion limit.
+        Apparently, Windows has small stacks.
+
+2009-03-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        A little cleanup in the RegisterFile code.
+        
+        Moved large inline functions out of the class declaration, to make it
+        more readable.
+        
+        Switched over to using the roundUpAllocationSize function to avoid
+        duplicate code and subtle bugs.
+        
+        Renamed m_maxCommitted to m_commitEnd, to match m_end.
+        
+        Renamed allocationSize to commitSize because it's the chunk size for
+        committing memory, not allocating memory.
+        
+        SunSpider reports no change.
+
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        (JSC::RegisterFile::shrink):
+        (JSC::RegisterFile::grow):
+        * jit/ExecutableAllocator.h:
+        (JSC::roundUpAllocationSize):
+
+2009-03-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed <rdar://problem/6033712> -- a little bit of hardening in the Collector.
+        
+        SunSpider reports no change. I also verified in the disassembly that
+        we end up with a single compare to constant.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::heapAllocate):
+
+2009-03-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich and Oliver Hunt.
+
+        Fixed <rdar://problem/6406045> REGRESSION: Stack overflow on PowerPC on
+        fast/workers/use-machine-stack.html (22531)
+
+        Dialed down the re-entry allowance to 64 (from 128).
+        
+        On a 512K stack, this leaves about 64K for other code on the stack while
+        JavaScript is running. Not perfect, but it solves our crash on PPC.
+
+        Different platforms may want to dial this down even more.
+
+        Also, substantially shrunk BytecodeGenerator. Since we allocate one on
+        the stack in order to throw a stack overflow exception -- well, let's
+        just say the old code had an appreciation for irony.
+
+        SunSpider reports no change.
+
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.h:
+        (JSC::):
+
+2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 24350: REGRESSION: Safari 4 breaks SPAW wysiwyg editor multiple instances
+        <https://bugs.webkit.org/show_bug.cgi?id=24350>
+        <rdar://problem/6674182>
+
+        The SPAW editor's JavaScript assumes that toString() on a function
+        constructed with the Function constructor produces a function with
+        a newline after the opening brace.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction): Add a newline after the opening brace of the
+        function's source code.
+
+2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoff Garen.
+
+        Bug 23771: REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype
+        <https://bugs.webkit.org/show_bug.cgi?id=23771>
+        <rdar://problem/6561016>
+
+        * API/tests/testapi.c:
+        (main): Add a test for this bug.
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::resetPrototype): Don't set the prototype of the
+        last object in the prototype chain to the object prototype when the
+        object prototype is already the last object in the prototype chain.
+
+2009-03-19  Timothy Hatcher  <timothy@apple.com>
+
+        <rdar://problem/6687342> -[WebView scheduleInRunLoop:forMode:] has no affect on timers
+
+        Reviewed by Darin Adler.
+
+        * wtf/Platform.h: Added HAVE_RUNLOOP_TIMER for PLATFORM(MAC).
+
+2009-03-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed <rdar://problem/6279213> Regular expression run-time complexity
+        limit too low for long inputs (21485)
+        
+        I raised PCRE's "matchLimit" (limit on backtracking) by an order of
+        magnitude. This fixes all the reported examples of timing out on legitimate
+        regular expression matches.
+        
+        In my testing on a Core Duo MacBook Pro, the longest you can get stuck
+        trying to match a string is still under 1s, so this seems like a safe change.
+        
+        I can think of a number of better solutions that are more complicated,
+        but this is a good improvement for now.
+
+        * pcre/pcre_exec.cpp:
+
+2009-03-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/6603562> REGRESSION (Safari 4): regular expression
+        pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
+        
+        Bumped the pattern size limit to 1MB, and standardized it between PCRE
+        and WREC. (Empirical testing says that we can easily compile a 1MB regular
+        expression without risking a hang. Other browsers support bigger regular
+        expressions, but also hang.)
+        
+        SunSpider reports no change.
+        
+        I started with a patch posted to Bugzilla by Erik Corry (erikcorry@google.com).
+        
+        * pcre/pcre_internal.h:
+        (put3ByteValue):
+        (get3ByteValue):
+        (put3ByteValueAndAdvance):
+        (putLinkValueAllowZero):
+        (getLinkValueAllowZero): Made PCRE's "LINK_SIZE" (the number of bytes
+        used to record jumps between bytecodes) 3, to accomodate larger potential
+        jumps. Bumped PCRE's "MAX_PATTERN_SIZE" to 1MB. (Technically, at this
+        LINK_SIZE, we can support even larger patterns, but we risk a hang during
+        compilation, and it's not clear that such large patterns are important
+        on the web.)
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp): Match PCRE's maximum pattern size,
+        to avoid quirks between platforms.
+
+2009-03-18  Ada Chan  <adachan@apple.com>
+
+        Rolling out r41818 since it broke the windows build.
+        Error: ..\..\runtime\DatePrototype.cpp(30) : fatal error C1083: Cannot open include file: 'langinfo.h': No such file or directory
+
+        * runtime/DatePrototype.cpp:
+        (JSC::formatLocaleDate):
+
+2009-03-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        <rdar://problem/6692138> REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
+        <https://bugs.webkit.org/show_bug.cgi?id=24654>
+
+        If the return value for a function is in a local register we need
+        to copy it before executing any finalisers, otherwise it is possible
+        for the finaliser to clobber the result.
+
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::hasFinaliser):
+        * parser/Nodes.cpp:
+        (JSC::ReturnNode::emitBytecode):
+
+2009-03-17  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Mark Rowe.
+        
+        Move BUILDING_ON_* defines into Platform.h to make them available to other ports.
+        Also tweak the defines so that they work with the default values set by 
+        AvailabilityMacros.h.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24630
+
+        * JavaScriptCorePrefix.h:
+        * wtf/Platform.h:
+
+2009-03-15  Simon Fraser  <simon.fraser@apple.com>
+
+        Revert r41718 because it broke DumpRenderTree on Tiger.
+
+        * JavaScriptCorePrefix.h:
+        * wtf/Platform.h:
+
+2009-03-15  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Non-Apple Mac ports build fix. Move defines for the BUILDING_ON_ macros into
+        Platform.h so that they're defined for all ports building on Mac, and tweak
+        the definitions of those macros based on Mark Rowe's suggestions to accomodate
+        cases where the values may not be <= to the .0 release for that version.
+
+        * JavaScriptCorePrefix.h:
+        * wtf/Platform.h:
+
+2009-03-13  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Dan Bernstein.
+
+        Take advantage of the ability of recent versions of Xcode to easily switch the active
+        architecture.
+
+        * Configurations/DebugRelease.xcconfig:
+
+2009-03-13  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by David Kilzer.
+
+        Prevent AllInOneFile.cpp and ProfileGenerator.cpp from rebuilding unnecessarily when
+        switching between building in Xcode and via build-webkit.
+
+        build-webkit passes FEATURE_DEFINES to xcodebuild, resulting in it being present in the
+        Derived Sources build settings.  When building in Xcode, this setting isn't present so
+        Xcode reruns the script build phases.  This results in a new version of TracingDtrace.h
+        being generated, and the files that include it being rebuilt.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:  Don't regenerate TracingDtrace.h if it is
+        already newer than the input file.
+
+2009-03-13  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        Resolved name conflict with globally defined tzname in Symbian.
+        Replaced with different name instead of using namespace qualifier
+        (appeared to be less clumsy).
+
+        * runtime/DateMath.cpp:
+
+2009-03-12  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/6548446> TCMalloc_SystemRelease should use madvise rather than re-mmaping span of pages
+
+        * wtf/FastMalloc.cpp:
+        (WTF::mergeDecommittedStates): If either of the spans has been released to the system, release the other
+        span as well so that the flag in the merged span is accurate.
+        * wtf/Platform.h:
+        * wtf/TCSystemAlloc.cpp: Track decommitted spans when using MADV_FREE_REUSABLE / MADV_FREE_REUSE.
+        (TCMalloc_SystemRelease): Use madvise with MADV_FREE_REUSABLE when it is available.
+        (TCMalloc_SystemCommit): Use madvise with MADV_FREE_REUSE when it is available.
+        * wtf/TCSystemAlloc.h:
+
+2009-03-12  Adam Treat  <adam.treat@torchmobile.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Include string.h for strlen usage.
+
+        * wtf/Threading.cpp:
+
+2009-03-12  David Kilzer  <ddkilzer@apple.com>
+
+        Add NO_RETURN attribute to runInteractive() when not using readline
+
+        Reviewed by Darin Adler.
+
+        * jsc.cpp:
+        (runInteractive): If the readline library is not used, this method
+        will never return, thus the NO_RETURN attribute is needed to prevent
+        a gcc warning.
+
+2009-03-12  Adam Roben  <aroben@apple.com>
+
+        Adopt setThreadNameInternal on Windows
+
+        Also changed a Windows-only assertion about thread name length to an
+        all-platform log message.
+
+        Reviewed by Adam Treat.
+
+        * wtf/Threading.cpp:
+        (WTF::createThread): Warn if the thread name is longer than 31
+        characters, as Visual Studio will truncate names longer than that
+        length.
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::setThreadNameInternal): Renamed from setThreadName and changed
+        to always operate on the current thread.
+        (WTF::initializeThreading): Changed to use setThreadNameInternal.
+        (WTF::createThreadInternal): Removed call to setThreadName. This is
+        now handled by threadEntryPoint and setThreadNameInternal.
+
+2009-03-11  David Kilzer  <ddkilzer@apple.com>
+
+        Clarify comments regarding order of FEATURE_DEFINES
+
+        Rubber-stamped by Mark Rowe.
+
+        * Configurations/JavaScriptCore.xcconfig: Added warning about
+        the consequences when FEATURE_DEFINES are not kept in sync.
+
+2009-03-11  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Darin Adler.
+
+        - WTF support for fixing <rdar://problem/3919124> Thai text selection
+          in Safari is incorrect
+
+        * wtf/unicode/icu/UnicodeIcu.h:
+        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added. Returns
+        whether the character has Unicode line breaking property value SA
+        ("Complex Context").
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added an
+        implementation that always returns false.
+
+2009-03-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Give threads names on platforms with pthread_setname_np.
+
+        * wtf/Threading.cpp:
+        (WTF::NewThreadContext::NewThreadContext): Initialize thread name.
+        (WTF::threadEntryPoint): Call setThreadNameInternal.
+        (WTF::createThread): Pass thread name.
+
+        * wtf/Threading.h: Added new comments, setThreadNameInternal.
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::setThreadNameInternal): Added. Empty.
+        * wtf/ThreadingNone.cpp:
+        (WTF::setThreadNameInternal): Added. Empty.
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::setThreadNameInternal): Call pthread_setname_np when available.
+        * wtf/ThreadingQt.cpp:
+        (WTF::setThreadNameInternal): Added. Empty.
+        * wtf/ThreadingWin.cpp:
+        (WTF::setThreadNameInternal): Added. Empty.
+
+2009-03-11  Adam Roben  <aroben@apple.com>
+
+        Change the Windows implementation of ThreadSpecific to use functions
+        instead of extern globals
+
+        This will make it easier to export ThreadSpecific from WebKit.
+
+        Reviewed by John Sullivan.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript): 
+        Touched this file to force ThreadSpecific.h to be copied into
+        $WebKitOutputDir.
+
+        * wtf/ThreadSpecific.h: Replaced g_tls_key_count with tlsKeyCount()
+        and g_tls_keys with tlsKeys().
+
+        (WTF::::ThreadSpecific):
+        (WTF::::~ThreadSpecific):
+        (WTF::::get):
+        (WTF::::set):
+        (WTF::::destroy):
+        Updated to use the new functions.
+
+        * wtf/ThreadSpecificWin.cpp:
+        (WTF::tlsKeyCount):
+        (WTF::tlsKeys):
+        Added.
+
+        (WTF::ThreadSpecificThreadExit): Changed to use the new functions.
+
+2009-03-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Geoff Garen.
+
+        Bug 24291: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution
+        <https://bugs.webkit.org/show_bug.cgi?id=24291>
+        <rdar://problem/6663472>
+
+        Add an extra newline to the end of the body of the program text constructed
+        by the Function constructor for parsing. This allows single line comments to
+        be handled correctly by the parser.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+
+2009-03-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 24447: REGRESSION (r41508): Google Maps does not complete initialization
+        <rdar://problem/6657774>
+
+        r41508 actually exposed a pre-existing bug where we were not invalidating the result
+        register cache at jump targets.  This causes problems when condition loads occur in an
+        expression -- namely through the ?: and || operators.  This patch corrects these issues
+        by marking the target of all forward jumps as being a jump target, and then clears the
+        result register cache when ever it starts generating code for a targeted instruction.
+
+        I do not believe it is possible to cause this class of failure outside of a single
+        expression, and expressions only provide forward branches, so this should resolve this
+        entire class of bug.  That said i've included a test case that gets as close as possible
+        to hitting this bug with a back branch, to hopefully prevent anyone from introducing the
+        problem in future.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::Label::isUsed):
+        (JSC::AbstractMacroAssembler::Label::used):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::JmpDst::JmpDst):
+        (JSC::X86Assembler::JmpDst::isUsed):
+        (JSC::X86Assembler::JmpDst::used):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-03-09  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Bug 23175: String and UString should be able to share a UChar* buffer.
+        <https://bugs.webkit.org/show_bug.cgi?id=23175>
+
+        Add CrossThreadRefCounted.
+
+        * wtf/CrossThreadRefCounted.h: Added.
+        (WTF::CrossThreadRefCounted::create):
+        (WTF::CrossThreadRefCounted::isShared):
+        (WTF::CrossThreadRefCounted::dataAccessMustBeThreadSafe):
+        (WTF::CrossThreadRefCounted::mayBePassedToAnotherThread):
+        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
+        (WTF::CrossThreadRefCounted::~CrossThreadRefCounted):
+        (WTF::CrossThreadRefCounted::ref):
+        (WTF::CrossThreadRefCounted::deref):
+        (WTF::CrossThreadRefCounted::release):
+        (WTF::CrossThreadRefCounted::copy):
+        (WTF::CrossThreadRefCounted::threadSafeDeref):
+        * wtf/RefCounted.h:
+        * wtf/Threading.h:
+        (WTF::ThreadSafeSharedBase::ThreadSafeSharedBase):
+        (WTF::ThreadSafeSharedBase::derefBase):
+        (WTF::ThreadSafeShared::ThreadSafeShared):
+        (WTF::ThreadSafeShared::deref):
+
+2009-03-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24353
+        Allow to overrule default build options for Qt build.
+
+        * JavaScriptCore.pri: Allow to overrule ENABLE_JIT
+
+2009-03-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (build fix).
+
+        Build fix.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncConcat):
+
+2009-03-01  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 24268: RuntimeArray is not a fully implemented JSArray
+        <https://bugs.webkit.org/show_bug.cgi?id=24268>
+
+        Don't cast a type to JSArray, just because it reportsArray as a supertype
+        in the JS type system.  Doesn't appear feasible to create a testcase
+        unfortunately as setting up the failure conditions requires internal access 
+        to JSC not present in DRT.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncConcat):
+
+2009-03-06  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        When preforming an op_mov, preserve any existing register mapping.
+
+        ~0.5% progression on v8 tests x86-64.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-03-05  Simone Fiorentino  <simone.fiorentino@consulenti.fastweb.it>
+
+        Bug 24382: request to add SH4 platform
+
+        <https://bugs.webkit.org/show_bug.cgi?id=24382>
+
+        Reviewed by David Kilzer.
+
+        * wtf/Platform.h: Added support for SH4 platform.
+
+2009-03-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Writes of constant values to SF registers should be made with direct memory
+        writes where possible, rather than moving the value via a hardware register.
+
+        ~3% win on SunSpider tests on x86, ~1.5% win on v8 tests on x86-64.
+
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::storePtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movq_i32m):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-03-05  Mark Rowe  <mrowe@apple.com>
+
+        Fix the build.
+
+        Sprinkle "static" around NumberConstructor.cpp in order to please the compiler.
+
+        * runtime/NumberConstructor.cpp:
+        (JSC::numberConstructorNaNValue):
+        (JSC::numberConstructorNegInfinity):
+        (JSC::numberConstructorPosInfinity):
+        (JSC::numberConstructorMaxValue):
+        (JSC::numberConstructorMinValue):
+
+2009-03-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6354858> FastMallocZone's enumeration code reports fragmented administration space
+
+        The handling of MALLOC_ADMIN_REGION_RANGE_TYPE in FastMalloc's zone was incorrect.  It was attempting
+        to record the memory containing and individual span as an administrative region, when all memory
+        allocated via MetaDataAlloc should in fact be recorded.  This was causing memory regions allocated
+        via MetaDataAlloc to appear as "VM_ALLOCATE ?" in vmmap output.  They are now correctly reported as
+        "MALLOC_OTHER" regions associated with the JavaScriptCore FastMalloc zone.
+
+        Memory is allocated via MetaDataAlloc from two locations: PageHeapAllocator, and TCMalloc_PageMap{2,3}.
+        These two cases are handled differently.
+
+        PageHeapAllocator is extended to keep a linked list of memory regions that it has allocated.  The
+        first object in an allocated region contains the link to the previously allocated region. To record
+        the administrative regions of a PageHeapAllocator we can simply walk the linked list and record
+        each allocated region we encounter.
+
+        TCMalloc_PageMaps allocate memory via MetaDataAlloc to store each level of the radix tree.  To record
+        the administrative regions of a TCMalloc_PageMap we walk the tree and record the storage used for nodes
+        at each position rather than the nodes themselves.
+
+        A small performance improvement is achieved by coalescing adjacent memory regions inside the PageMapMemoryUsageRecorder
+        so that fewer calls in to the range recorder are necessary.  We further reduce the number of calls to the
+        range recorder by aggregating the in-use ranges of a given memory region into a local buffer before recording
+        them with a single call.  A similar approach is also used by AdminRegionRecorder.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::PageHeapAllocator::Init):
+        (WTF::PageHeapAllocator::New):
+        (WTF::PageHeapAllocator::recordAdministrativeRegions):
+        (WTF::TCMallocStats::FreeObjectFinder::isFreeObject):
+        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::~PageMapMemoryUsageRecorder):
+        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::recordPendingRegions):
+        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::visit):
+        (WTF::TCMallocStats::AdminRegionRecorder::AdminRegionRecorder):
+        (WTF::TCMallocStats::AdminRegionRecorder::recordRegion):
+        (WTF::TCMallocStats::AdminRegionRecorder::visit):
+        (WTF::TCMallocStats::AdminRegionRecorder::recordPendingRegions):
+        (WTF::TCMallocStats::AdminRegionRecorder::~AdminRegionRecorder):
+        (WTF::TCMallocStats::FastMallocZone::enumerate):
+        (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
+        (WTF::TCMallocStats::FastMallocZone::init):
+        * wtf/TCPageMap.h:
+        (TCMalloc_PageMap2::visitValues):
+        (TCMalloc_PageMap2::visitAllocations):
+        (TCMalloc_PageMap3::visitValues):
+        (TCMalloc_PageMap3::visitAllocations):
+
+2009-03-04  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24359
+        Repaint throttling mechanism
+        
+        Set ENABLE_REPAINT_THROTTLING to 0 by default.
+
+        * wtf/Platform.h:
+
+2009-03-03  David Kilzer  <ddkilzer@apple.com>
+
+        <rdar://problem/6581203> WebCore and WebKit should install the same set of headers during installhdrs phase as build phase
+
+        Reviewed by Mark Rowe.
+
+        * Configurations/Base.xcconfig: Defined REAL_PLATFORM_NAME based
+        on PLATFORM_NAME to work around the missing definition on Tiger.
+        Updated HAVE_DTRACE to use REAL_PLATFORM_NAME.
+
+2009-03-03  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6639110> console.profile() doesn't work without a title
+
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::startProfiling): assert if there is not title to ensure
+        we don't start profiling without one.
+
+2009-03-02  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Enable Geolocation (except on Tiger and Leopard).
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2009-03-01  David Kilzer  <ddkilzer@apple.com>
+
+        <rdar://problem/6635688> Move HAVE_DTRACE check to Base.xcconfig
+
+        Reviewed by Mark Rowe.
+
+        * Configurations/Base.xcconfig: Set HAVE_DTRACE Xcode variable
+        based on PLATFORM_NAME and MAC_OS_X_VERSION_MAJOR.  Also define
+        it as a preprocessor macro by modifying
+        GCC_PREPROCESSOR_DEFINITIONS.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Changed "Generate
+        DTrace header" script phase to check for HAVE_DTRACE instead of
+        MACOSX_DEPLOYMENT_TARGET.
+        * wtf/Platform.h: Removed definition of HAVE_DTRACE macro since
+        it's defined in Base.xcconfig now.
+
+2009-03-01  Horia Olaru  <olaru@adobe.com>
+
+        By looking in grammar.y there are only a few types of statement nodes
+        on which the debugger should stop. 
+
+        Removed isBlock and isLoop virtual calls. No need to emit debug hooks in
+        the "statementListEmitCode" method as long as the necessary hooks can be
+        added in each "emitCode".
+
+        https://bugs.webkit.org/show_bug.cgi?id=21073
+
+        Reviewed by Kevin McCullough.
+
+        * parser/Nodes.cpp:
+        (JSC::ConstStatementNode::emitBytecode):
+        (JSC::statementListEmitCode):
+        (JSC::EmptyStatementNode::emitBytecode):
+        (JSC::ExprStatementNode::emitBytecode):
+        (JSC::VarStatementNode::emitBytecode):
+        (JSC::IfNode::emitBytecode):
+        (JSC::IfElseNode::emitBytecode):
+        (JSC::DoWhileNode::emitBytecode):
+        (JSC::WhileNode::emitBytecode):
+        (JSC::ForNode::emitBytecode):
+        (JSC::ForInNode::emitBytecode):
+        (JSC::ContinueNode::emitBytecode):
+        (JSC::BreakNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::WithNode::emitBytecode):
+        (JSC::SwitchNode::emitBytecode):
+        (JSC::LabelNode::emitBytecode):
+        (JSC::ThrowNode::emitBytecode):
+        (JSC::TryNode::emitBytecode):
+        * parser/Nodes.h:
+
+2009-02-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fix bug #23614.  Switches on double precision values were incorrectly
+        truncating the scrutinee value.  E.g.:
+
+            switch (1.1) { case 1: print("FAIL"); }
+
+        Was resulting in FAIL.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::cti_op_switch_imm):
+
+2009-02-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Integer Immediate representation need not be canonical in x86 JIT code.
+        On x86-64 we already have loosened the requirement that the int immediate
+        representation in canonical, we should bring x86 into line.
+
+        This patch is a minor (~0.5%) improvement on sunspider & v8-tests, and
+        should reduce memory footoprint (reduces JIT code size).
+
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        (JSC::JIT::emitJumpIfImmediateNumber):
+        (JSC::JIT::emitJumpIfNotImmediateNumber):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+
+2009-02-26  Carol Szabo  <carol.szabo@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24099
+        ARM Compiler Warnings in pcre_exec.cpp
+
+        * pcre/pcre_exec.cpp:
+        (match):
+
+2009-02-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 24086: Regression (r40993): WebKit crashes after logging in to lists.zenbe
+        <https://bugs.webkit.org/show_bug.cgi?id=24086>
+        <rdar://problem/6625111>
+
+        The numeric sort optimization in r40993 generated bytecode for a function
+        without generating JIT code. This breaks an assumption in some parts of
+        the JIT's function calling logic that the presence of a CodeBlock implies
+        the existence of JIT code.
+
+        In order to fix this, we simply generate JIT code whenever we check whether
+        a function is a numeric sort function. This only incurs an additional cost
+        in the case when the function is a numeric sort function, in which case it
+        is not expensive to generate JIT code for it.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::isNumericCompareFunction):
+
+2009-02-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed <rdar://problem/6611174> REGRESSION (r36701): Unable to select
+        messages on hotmail (24052)
+        
+        The bug was that for-in enumeration used a cached prototype chain without
+        validating that it was up-to-date.
+        
+        This led me to refactor prototype chain caching so it was easier to work
+        with and harder to get wrong.
+        
+        After a bit of inlining, this patch is performance-neutral on SunSpider
+        and the v8 benchmarks.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::tryCachePutByID):
+        (JSC::JITStubs::tryCacheGetByID):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list): Use the new refactored goodness. See
+        lines beginning with "-" and smile.
+
+        * runtime/JSGlobalObject.h:
+        (JSC::Structure::prototypeForLookup): A shout out to const.
+
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::next): We can use a pointer comparison to
+        see if our cached structure chain is equal to the object's structure chain,
+        since in the case of a cache hit, we share references to the same structure
+        chain.
+
+        * runtime/Operations.h:
+        (JSC::countPrototypeChainEntriesAndCheckForProxies): Use the new refactored
+        goodness.
+
+        * runtime/PropertyNameArray.h:
+        (JSC::PropertyNameArray::PropertyNameArray):
+        (JSC::PropertyNameArray::setShouldCache):
+        (JSC::PropertyNameArray::shouldCache): Renamed "cacheable" to "shouldCache"
+        to communicate that the client is specifying a recommendation, not a
+        capability.
+        
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure): No need to initialize a RefPtr.
+        (JSC::Structure::getEnumerablePropertyNames): Moved some code into helper
+        functions.
+
+        (JSC::Structure::prototypeChain): New centralized accessor for a prototype
+        chain. Revalidates on every access, since the objects in the prototype
+        chain may have mutated.
+
+        (JSC::Structure::isValid): Helper function for revalidating a cached
+        prototype chain.
+
+        (JSC::Structure::getEnumerableNamesFromPropertyTable):
+        (JSC::Structure::getEnumerableNamesFromClassInfoTable): Factored out of
+        getEnumerablePropertyNames.
+
+        * runtime/Structure.h:
+
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::StructureChain):
+        * runtime/StructureChain.h:
+        (JSC::StructureChain::create): No need for structureChainsAreEqual, since
+        we use pointer equality now. Refactored StructureChain to make a little
+        more sense and eliminate special cases for null prototypes.
+
+2009-02-25  Steve Falkenburg  <sfalken@apple.com>
+
+        Use timeBeginPeriod to enable timing resolution greater than 16ms in command line jsc for Windows.
+        Allows more accurate reporting of benchmark times via command line jsc.exe. Doesn't affect WebKit's use of JavaScriptCore.
+        
+        Reviewed by Adam Roben.
+
+        * jsc.cpp:
+        (main):
+
+2009-02-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix?
+
+        * GNUmakefile.am:
+
+2009-02-24  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6259220> Rename AVAILABLE_AFTER_WEBKIT_VERSION_3_1 (etc.) to match the other macros
+
+        * API/JSBasePrivate.h:
+        * API/JSContextRef.h:
+        * API/JSObjectRef.h:
+        * API/WebKitAvailability.h:
+
+2009-02-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Next step in splitting JIT functionality out of the Interpreter class:
+        Moved vptr storage from Interpreter to JSGlobalData, so it could be shared
+        between Interpreter and JITStubs, and moved the *Trampoline JIT stubs
+        into the JITStubs class. Also added a VPtrSet class to encapsulate vptr
+        hacks during JSGlobalData initialization.
+        
+        SunSpider says 0.4% faster. Meh.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::JITStubs):
+        (JSC::JITStubs::tryCacheGetByID):
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_is_string):
+        * jit/JITStubs.h:
+        (JSC::JITStubs::ctiArrayLengthTrampoline):
+        (JSC::JITStubs::ctiStringLengthTrampoline):
+        (JSC::JITStubs::ctiVirtualCallPreLink):
+        (JSC::JITStubs::ctiVirtualCallLink):
+        (JSC::JITStubs::ctiVirtualCall):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        * runtime/JSArray.h:
+        (JSC::isJSArray):
+        * runtime/JSByteArray.h:
+        (JSC::asByteArray):
+        (JSC::isJSByteArray):
+        * runtime/JSCell.h:
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::VPtrSet::VPtrSet):
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::create):
+        (JSC::JSGlobalData::sharedInstance):
+        * runtime/JSGlobalData.h:
+        * runtime/JSString.h:
+        (JSC::isJSString):
+        * runtime/Operations.h:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+
+2009-02-23  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 23787: Allow JIT to generate SSE2 code if using GCC
+        <https://bugs.webkit.org/show_bug.cgi?id=23787>
+
+        GCC version of the cpuid check.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::isSSE2Present): previous assembly code fixed.
+
+2009-02-23  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 24047: Need to simplify nested if's in WorkerRunLoop::runInMode
+        <https://bugs.webkit.org/show_bug.cgi?id=24047>
+
+        * wtf/MessageQueue.h:
+        (WTF::MessageQueue::infiniteTime):
+        Allows for one to call waitForMessageFilteredWithTimeout and wait forever.
+
+        (WTF::MessageQueue::alwaysTruePredicate):
+        (WTF::MessageQueue::waitForMessage):
+        Made waitForMessage call waitForMessageFilteredWithTimeout, so that there is less
+        duplicate code.
+
+        (WTF::MessageQueue::waitForMessageFilteredWithTimeout):
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::ThreadCondition::timedWait):
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadCondition::timedWait):
+        Made these two implementations consistent with the pthread and gtk implementations.
+        Currently, the time calculations would overflow when passed large values.
+
+2009-02-23  Jeremy Moskovich  <jeremy@chromium.org>
+
+        Reviewed by Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=24096
+        PLATFORM(MAC)->PLATFORM(CF) since we want to use the CF functions in Chrome on OS X.
+
+        * wtf/CurrentTime.cpp:
+
+2009-02-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix?
+
+        * GNUmakefile.am:
+
+2009-02-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * GNUmakefile.am:
+
+2009-02-22  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Next step in splitting JIT functionality out of the Interpreter class:
+        Created a JITStubs class and renamed Interpreter::cti_* to JITStubs::cti_*.
+        
+        Also, moved timeout checking into its own class, located in JSGlobalData,
+        so both the Interpreter and the JIT could have access to it.
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * interpreter/CallFrame.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * interpreter/Register.h:
+        * jit/JIT.cpp:
+        (JSC::):
+        (JSC::JIT::emitTimeoutCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArithSlow_op_lshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_bitand):
+        (JSC::JIT::compileFastArithSlow_op_mod):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArithSlow_op_post_inc):
+        (JSC::JIT::compileFastArithSlow_op_post_dec):
+        (JSC::JIT::compileFastArithSlow_op_pre_inc):
+        (JSC::JIT::compileFastArithSlow_op_pre_dec):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArith_op_sub):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::compileFastArithSlow_op_add):
+        (JSC::JIT::compileFastArithSlow_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * jit/JITStubs.cpp:
+        (JSC::JITStubs::tryCachePutByID):
+        (JSC::JITStubs::tryCacheGetByID):
+        (JSC::JITStubs::cti_op_convert_this):
+        (JSC::JITStubs::cti_op_end):
+        (JSC::JITStubs::cti_op_add):
+        (JSC::JITStubs::cti_op_pre_inc):
+        (JSC::JITStubs::cti_timeout_check):
+        (JSC::JITStubs::cti_register_file_check):
+        (JSC::JITStubs::cti_op_loop_if_less):
+        (JSC::JITStubs::cti_op_loop_if_lesseq):
+        (JSC::JITStubs::cti_op_new_object):
+        (JSC::JITStubs::cti_op_put_by_id_generic):
+        (JSC::JITStubs::cti_op_get_by_id_generic):
+        (JSC::JITStubs::cti_op_put_by_id):
+        (JSC::JITStubs::cti_op_put_by_id_second):
+        (JSC::JITStubs::cti_op_put_by_id_fail):
+        (JSC::JITStubs::cti_op_get_by_id):
+        (JSC::JITStubs::cti_op_get_by_id_second):
+        (JSC::JITStubs::cti_op_get_by_id_self_fail):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list):
+        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
+        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
+        (JSC::JITStubs::cti_op_get_by_id_array_fail):
+        (JSC::JITStubs::cti_op_get_by_id_string_fail):
+        (JSC::JITStubs::cti_op_instanceof):
+        (JSC::JITStubs::cti_op_del_by_id):
+        (JSC::JITStubs::cti_op_mul):
+        (JSC::JITStubs::cti_op_new_func):
+        (JSC::JITStubs::cti_op_call_JSFunction):
+        (JSC::JITStubs::cti_op_call_arityCheck):
+        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
+        (JSC::JITStubs::cti_vm_lazyLinkCall):
+        (JSC::JITStubs::cti_op_push_activation):
+        (JSC::JITStubs::cti_op_call_NotJSFunction):
+        (JSC::JITStubs::cti_op_create_arguments):
+        (JSC::JITStubs::cti_op_create_arguments_no_params):
+        (JSC::JITStubs::cti_op_tear_off_activation):
+        (JSC::JITStubs::cti_op_tear_off_arguments):
+        (JSC::JITStubs::cti_op_profile_will_call):
+        (JSC::JITStubs::cti_op_profile_did_call):
+        (JSC::JITStubs::cti_op_ret_scopeChain):
+        (JSC::JITStubs::cti_op_new_array):
+        (JSC::JITStubs::cti_op_resolve):
+        (JSC::JITStubs::cti_op_construct_JSConstruct):
+        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
+        (JSC::JITStubs::cti_op_get_by_val):
+        (JSC::JITStubs::cti_op_get_by_val_byte_array):
+        (JSC::JITStubs::cti_op_resolve_func):
+        (JSC::JITStubs::cti_op_sub):
+        (JSC::JITStubs::cti_op_put_by_val):
+        (JSC::JITStubs::cti_op_put_by_val_array):
+        (JSC::JITStubs::cti_op_put_by_val_byte_array):
+        (JSC::JITStubs::cti_op_lesseq):
+        (JSC::JITStubs::cti_op_loop_if_true):
+        (JSC::JITStubs::cti_op_negate):
+        (JSC::JITStubs::cti_op_resolve_base):
+        (JSC::JITStubs::cti_op_resolve_skip):
+        (JSC::JITStubs::cti_op_resolve_global):
+        (JSC::JITStubs::cti_op_div):
+        (JSC::JITStubs::cti_op_pre_dec):
+        (JSC::JITStubs::cti_op_jless):
+        (JSC::JITStubs::cti_op_not):
+        (JSC::JITStubs::cti_op_jtrue):
+        (JSC::JITStubs::cti_op_post_inc):
+        (JSC::JITStubs::cti_op_eq):
+        (JSC::JITStubs::cti_op_lshift):
+        (JSC::JITStubs::cti_op_bitand):
+        (JSC::JITStubs::cti_op_rshift):
+        (JSC::JITStubs::cti_op_bitnot):
+        (JSC::JITStubs::cti_op_resolve_with_base):
+        (JSC::JITStubs::cti_op_new_func_exp):
+        (JSC::JITStubs::cti_op_mod):
+        (JSC::JITStubs::cti_op_less):
+        (JSC::JITStubs::cti_op_neq):
+        (JSC::JITStubs::cti_op_post_dec):
+        (JSC::JITStubs::cti_op_urshift):
+        (JSC::JITStubs::cti_op_bitxor):
+        (JSC::JITStubs::cti_op_new_regexp):
+        (JSC::JITStubs::cti_op_bitor):
+        (JSC::JITStubs::cti_op_call_eval):
+        (JSC::JITStubs::cti_op_throw):
+        (JSC::JITStubs::cti_op_get_pnames):
+        (JSC::JITStubs::cti_op_next_pname):
+        (JSC::JITStubs::cti_op_push_scope):
+        (JSC::JITStubs::cti_op_pop_scope):
+        (JSC::JITStubs::cti_op_typeof):
+        (JSC::JITStubs::cti_op_is_undefined):
+        (JSC::JITStubs::cti_op_is_boolean):
+        (JSC::JITStubs::cti_op_is_number):
+        (JSC::JITStubs::cti_op_is_string):
+        (JSC::JITStubs::cti_op_is_object):
+        (JSC::JITStubs::cti_op_is_function):
+        (JSC::JITStubs::cti_op_stricteq):
+        (JSC::JITStubs::cti_op_nstricteq):
+        (JSC::JITStubs::cti_op_to_jsnumber):
+        (JSC::JITStubs::cti_op_in):
+        (JSC::JITStubs::cti_op_push_new_scope):
+        (JSC::JITStubs::cti_op_jmp_scopes):
+        (JSC::JITStubs::cti_op_put_by_index):
+        (JSC::JITStubs::cti_op_switch_imm):
+        (JSC::JITStubs::cti_op_switch_char):
+        (JSC::JITStubs::cti_op_switch_string):
+        (JSC::JITStubs::cti_op_del_by_val):
+        (JSC::JITStubs::cti_op_put_getter):
+        (JSC::JITStubs::cti_op_put_setter):
+        (JSC::JITStubs::cti_op_new_error):
+        (JSC::JITStubs::cti_op_debug):
+        (JSC::JITStubs::cti_vm_throw):
+        * jit/JITStubs.h:
+        (JSC::):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        * runtime/JSGlobalObject.h:
+        * runtime/TimeoutChecker.cpp: Copied from interpreter/Interpreter.cpp.
+        (JSC::TimeoutChecker::TimeoutChecker):
+        (JSC::TimeoutChecker::reset):
+        (JSC::TimeoutChecker::didTimeOut):
+        * runtime/TimeoutChecker.h: Copied from interpreter/Interpreter.h.
+        (JSC::TimeoutChecker::setTimeoutInterval):
+        (JSC::TimeoutChecker::ticksUntilNextCheck):
+        (JSC::TimeoutChecker::start):
+        (JSC::TimeoutChecker::stop):
+
+2009-02-20  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Unreviewed build fix after r41100.
+
+        * GNUmakefile.am:
+
+2009-02-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6606660> 2==null returns true in 64bit jit
+
+        Code for op_eq_null and op_neq_null was incorrectly performing
+        a 32bit compare, which truncated the type tag from an integer
+        immediate, leading to incorrect behaviour.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::setPtr):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::setPtr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-02-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        First step in splitting JIT functionality out of the Interpreter class:
+        Created JITStubs.h/.cpp, and moved Interpreter::cti_* into JITStubs.cpp.
+        
+        Functions that the Interpreter and JITStubs share moved to Operations.h/.cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::checkTimeout):
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * jit/JITStubs.cpp: Copied from interpreter/Interpreter.cpp.
+        (JSC::Interpreter::cti_op_resolve_base):
+        * jit/JITStubs.h: Copied from interpreter/Interpreter.h.
+        * runtime/Operations.cpp:
+        (JSC::jsAddSlowCase):
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::jsIsFunctionType):
+        * runtime/Operations.h:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAdd):
+        (JSC::cachePrototypeChain):
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::resolveBase):
+
+2009-02-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for x86-64. Where the JavaScriptCore text segment lies outside
+        a 2gb range of the heap containing JIT generated code, callbacks
+        from JIT code to the stub functions in Interpreter will be incorrectly
+        linked.
+
+        No performance impact on Sunspider, 1% regression on v8-tests,
+        due to a 3% regression on richards.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::Call::Call):
+        (JSC::AbstractMacroAssembler::Jump::link):
+        (JSC::AbstractMacroAssembler::Jump::linkTo):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
+        (JSC::AbstractMacroAssembler::differenceBetween):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::tailRecursiveCall):
+        (JSC::MacroAssembler::makeTailRecursiveCall):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::call):
+        * assembler/MacroAssemblerX86Common.h:
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::call):
+        (JSC::MacroAssemblerX86_64::moveWithPatch):
+        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::jmp_r):
+        (JSC::X86Assembler::linkJump):
+        (JSC::X86Assembler::patchJump):
+        (JSC::X86Assembler::patchCall):
+        (JSC::X86Assembler::linkCall):
+        (JSC::X86Assembler::patchAddress):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCTICachePutByID):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompilePutByIdReplace):
+
+2009-02-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Simplified .call and .apply in preparation for optimizing them. Also,
+        a little cleanup.
+
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall): No need to do any specific conversion on
+        'this' -- op_convert_this will do it if necessary.
+
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject): Slightly relaxed the rules on
+        toThisObject to allow for 'undefined', which can be passed through
+        .call and .apply.
+
+2009-02-19  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 23976: MessageQueue needs a way to wait for a message that satisfies an arbitrary criteria.
+        <https://bugs.webkit.org/show_bug.cgi?id=23976>
+
+        * wtf/Deque.h:
+        (WTF::Deque<T>::findIf):
+        * wtf/MessageQueue.h:
+        (WTF::MessageQueue<T>::waitForMessageFiltered):
+
+2009-02-18  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 23974: Deque::Remove would be a useful method.
+        <https://bugs.webkit.org/show_bug.cgi?id=23974>
+
+        Add Deque::remove and DequeIteratorBase<T>::operator=.
+
+        Why was operator= added? Every concrete iterator (DequeIterator..DequeConstReverseIterator)
+        was calling DequeIteratorBase::assign(), which called Base::operator=(). Base::operator=()
+        was not implemented. This went unnoticed because the iterator copy code has been unused.
+
+        * wtf/Deque.h:
+        (WTF::Deque<T>::remove):
+        (WTF::DequeIteratorBase<T>::removeFromIteratorsList):
+        (WTF::DequeIteratorBase<T>::operator=):
+        (WTF::DequeIteratorBase<T>::~DequeIteratorBase):
+
+2009-02-18  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Reviewed by Holger Freyther.
+
+        Fix symbols.filter location, and add other missing files to the
+        autotools build, so that make dist works.
+
+        * GNUmakefile.am:
+
+2009-02-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed failure in js1_5/Regress/regress-168347.js, as seen on the Oliver
+        bot.
+        
+        Technically, both behaviors are OK, but we might as well keep this test
+        passing.
+
+        * runtime/FunctionPrototype.cpp:
+        (JSC::insertSemicolonIfNeeded): No need to add a trailing semicolon
+        after a trailing '}', since '}' ends a block, indicating the end of a
+        statement.
+
+2009-02-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * runtime/FunctionPrototype.cpp:
+
+2009-02-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Add assertion to guard against oversized pc relative calls.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::link):
+
+2009-02-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/6595040> REGRESSION: http://www.amnestyusa.org/
+        fails to load.
+        
+        amnestyusa.org uses the Optimist JavaScript library, which adds event
+        listeners by concatenating string-ified functions. This is only sure to
+        be syntactically valid if the string-ified functions end in semicolons.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::isWhiteSpace):
+        * parser/Lexer.h:
+        (JSC::Lexer::isWhiteSpace):
+        (JSC::Lexer::isLineTerminator): Added some helper functions for examining
+        whitespace.
+
+        * runtime/FunctionPrototype.cpp:
+        (JSC::appendSemicolonIfNeeded):
+        (JSC::functionProtoFuncToString): When string-ifying a function, insert
+        a semicolon in the last non-whitespace position, if one doesn't already exist.
+
+2009-02-16  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Roll out r41022 as it breaks qt and gtk builds
+
+        * jit/JITArithmetic.cpp:
+        (JSC::isSSE2Present):
+
+2009-02-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Fix for <rdar://problem/6468156>
+        REGRESSION (r36779): Adding link, images, flash in TinyMCE blocks entire page (21382)
+
+        No performance regression.
+
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::fillArgList): Add codepath for when the "length" property has been
+        overridden.
+
+2009-02-16  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMallocStats::):
+        (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
+
+2009-02-16  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 23787: Allow JIT to generate SSE2 code if using GCC
+        <https://bugs.webkit.org/show_bug.cgi?id=23787>
+
+        GCC version of the cpuid check.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::isSSE2Present): GCC assembly code added.
+        6.6% progression on x86 Linux with JIT and WREC on SunSpider if using SSE2 capable machine.
+
+2009-02-13  Adam Treat  <adam.treat@torchmobile.com>
+
+        Reviewed by George Staikos.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23960
+        Crash Fix.
+
+        Don't depend on 'initializeThreading()' to come before a call to 'isMainThread()'
+        as QtWebKit only calls 'initializeThreading()' during QWebPage construction.
+
+        A client app may well make a call to QWebSettings::iconForUrl() for instance
+        before creating a QWebPage and that call to QWebSettings triggers an
+        ASSERT(isMainThread()) deep within WebCore.
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::isMainThread):
+
+2009-02-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Some data in the instruction stream is potentially uninitialized - fix this.
+
+        Change the OperandTypes constructor so that uninitialized memory in the int
+        is zeroed, and modify the Instruction constructor taking an Opcode so that
+        if !HAVE(COMPUTED_GOTO) (i.e. when Opcode is an enum, and is potentially only
+        a byte) it zeros the Instruction first before writing the opcode.
+
+        * bytecode/Instruction.h:
+        (JSC::Instruction::Instruction):
+        * parser/ResultType.h:
+        (JSC::OperandTypes::OperandTypes):
+
+2009-02-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix for non_JIT platforms.
+
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::setIsNumericCompareFunction):
+        (JSC::CodeBlock::isNumericCompareFunction):
+
+2009-02-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed <rdar://problem/6584057> Optimize sort by JS numeric comparison
+        function not to run the comparison function
+        
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::setIsNumericCompareFunction):
+        (JSC::CodeBlock::isNumericCompareFunction): Added the ability to track
+        whether a CodeBlock performs a sort-like numeric comparison.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate): Set the isNumericCompareFunction bit
+        after compiling.
+
+        * parser/Nodes.cpp:
+        (JSC::FunctionBodyNode::emitBytecode): Fixed a bug that caused us to
+        codegen an extra return at the end of all functions (eek!), since this
+        made it harder / weirder to detect the numeric comparison pattern in
+        bytecode.
+
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncSort): Use the isNumericCompareFunction bit to do
+        a faster sort if we can.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::extractFunctionBody):
+        (JSC::constructFunction):
+        * runtime/FunctionConstructor.h: Renamed and exported extractFunctionBody for
+        use in initializing lazyNumericCompareFunction.
+
+        * runtime/JSArray.cpp:
+        (JSC::compareNumbersForQSort):
+        (JSC::compareByStringPairForQSort):
+        (JSC::JSArray::sortNumeric):
+        (JSC::JSArray::sort):
+        * runtime/JSArray.h: Added a fast numeric sort. Renamed ArrayQSortPair
+        to be more specific since we do different kinds of qsort now.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::numericCompareFunction):
+        (JSC::JSGlobalData::ClientData::~ClientData):
+        * runtime/JSGlobalData.h: Added helper data for computing the
+        isNumericCompareFunction bit.
+
+2009-02-13  Darin Adler  <darin@apple.com>
+
+        * Configurations/JavaScriptCore.xcconfig: Undo accidental commit of this file.
+
+2009-02-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt and Alexey Proskuryakov.
+
+        Speed up a couple string functions.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncIndexOf): Added a fast path for cases where the second
+        argument is either missing or an integer.
+        (JSC::stringProtoFuncBig): Use jsNontrivialString since the string is guaranteed
+        to be 2 or more characters long.
+        (JSC::stringProtoFuncSmall): Ditto.
+        (JSC::stringProtoFuncBlink): Ditto.
+        (JSC::stringProtoFuncBold): Ditto.
+        (JSC::stringProtoFuncItalics): Ditto.
+        (JSC::stringProtoFuncStrike): Ditto.
+        (JSC::stringProtoFuncSub): Ditto.
+        (JSC::stringProtoFuncSup): Ditto.
+        (JSC::stringProtoFuncFontcolor): Ditto.
+        (JSC::stringProtoFuncFontsize): Make the fast path Sam recently added even faster
+        by avoiding all but the minimum memory allocation.
+        (JSC::stringProtoFuncAnchor): Use jsNontrivialString.
+        (JSC::stringProtoFuncLink): Added a fast path.
+
+        * runtime/UString.cpp:
+        (JSC::UString::find): Added a fast path for single-character search strings.
+
+2009-02-13  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Bug 23926: Race condition in callOnMainThreadAndWait
+        <https://bugs.webkit.org/show_bug.cgi?id=23926>
+
+        * wtf/MainThread.cpp:
+        Removed callOnMainThreadAndWait since it isn't used.
+
+2009-02-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Jon Honeycutt.
+
+        Math.random is really slow on windows.
+
+        Math.random calls WTF::randomNumber which is implemented as
+        the secure rand_s on windows.  Unfortunately rand_s is an order
+        of magnitude slower than arc4random.  For this reason I've
+        added "weakRandomNumber" for use by JavaScript's Math Object.
+        In the long term we should look at using our own secure PRNG
+        in place of the system, but this will do for now.
+
+        30% win on SunSpider on Windows, resolving most of the remaining
+        disparity vs. Mac.
+
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        (JSC::mathProtoFuncRandom):
+        * wtf/RandomNumber.cpp:
+        (WTF::weakRandomNumber):
+        (WTF::randomNumber):
+        * wtf/RandomNumber.h:
+        * wtf/RandomNumberSeed.h:
+        (WTF::initializeWeakRandomNumberGenerator):
+
+2009-02-12  Mark Rowe  <mrowe@apple.com>
+
+        Fix the build for other platforms.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+
+2009-02-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove (/reduce) use of hard-wired register names from the JIT.
+        Currently there is no abstraction of registers used in the JIT,
+        which has a number of negative consequences.  Hard-wiring x86
+        register names makes the JIT less portable to other platforms,
+        and prevents us from performing dynamic register allocation to
+        attempt to maintain more temporary values in machine registers.
+        (The latter will be more important on x86-64, where we have more
+        registers to make use of).
+
+        Also, remove MacroAssembler::mod32.  This was not providing a
+        useful abstraction, and was not in keeping with the rest of the
+        MacroAssembler interface, in having specific register requirements.
+
+        * assembler/MacroAssemblerX86Common.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_lshift):
+        (JSC::JIT::compileFastArithSlow_op_lshift):
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        (JSC::JIT::compileFastArith_op_bitand):
+        (JSC::JIT::compileFastArithSlow_op_bitand):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArithSlow_op_mod):
+        (JSC::JIT::compileFastArith_op_post_inc):
+        (JSC::JIT::compileFastArithSlow_op_post_inc):
+        (JSC::JIT::compileFastArith_op_post_dec):
+        (JSC::JIT::compileFastArithSlow_op_post_dec):
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileFastArithSlow_op_pre_inc):
+        (JSC::JIT::compileFastArith_op_pre_dec):
+        (JSC::JIT::compileFastArithSlow_op_pre_dec):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArith_op_sub):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallEvalSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::emitPutVirtualRegister):
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+
+2009-02-12  Horia Olaru  <olaru@adobe.com>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23400
+
+        When throwing an exception within an eval argument string, the dst parameter was
+        modified in the functions below and the return value for eval was altered. Changed
+        the emitNode call in JSC::ThrowNode::emitBytecode to use a temporary register
+        to store its results instead of dst. The JSC::FunctionCallResolveNode::emitBytecode
+        would load the function within the dst registry, also altering the result returned
+        by eval. Replaced it with another temporary.
+
+        * parser/Nodes.cpp:
+        (JSC::FunctionCallResolveNode::emitBytecode):
+        (JSC::ThrowNode::emitBytecode):
+
+2009-02-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Speed up String.prototype.fontsize.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncFontsize): Specialize for defined/commonly used values.
+
+2009-02-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Correctness fix.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber): Divide by the maximum representable value, which
+        is different on each platform now, to get values between 0 and 1.
+
+2009-02-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Build fix.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+
+2009-02-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed <rdar://problem/6582048>.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber): Make only one call to the random number generator
+        on platforms where the generator is cryptographically secure. The value
+        of randomness over and above cryptographically secure randomness is not
+        clear, and it caused some performance problems.
+
+2009-02-12  Adam Roben  <aroben@apple.com>
+
+        Fix lots of Perl warnings when building JavaScriptCoreGenerated on
+        Windows
+
+        Reviewed by John Sullivan.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
+        Create the docs/ directory so that we can write bytecode.html into it.
+        This matches what JavaScriptCore.xcodeproj does.
+
+2009-02-12  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Rubber-stamped by Lars.
+
+        Re-enable the JIT in the Qt build with -fno-stack-protector on Linux.
+
+        * JavaScriptCore.pri:
+
+2009-02-11  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23705
+        Fix the UI freeze caused by Worker generating a flood of messages.
+        Measure time we spend in executing posted work items. If too much time is spent
+        without returning to the run loop, exit and reschedule.
+
+        * wtf/MainThread.h:
+        Added initializeMainThreadPlatform() to initialize low-level mechanism for posting
+        work items from thread to thread. This removes #ifdefs for WIN and CHROMIUM from platform-independent code.
+
+        * wtf/MainThread.cpp:
+        (WTF::initializeMainThread):
+        (WTF::dispatchFunctionsFromMainThread):
+        Instead of dispatching all work items in the queue, dispatch them one by one
+        and measure elapsed time. After a threshold, reschedule and quit.
+
+        (WTF::callOnMainThread):
+        (WTF::callOnMainThreadAndWait):
+        Only schedule dispatch if the queue was empty - to avoid many posted messages in the run loop queue.
+
+        * wtf/mac/MainThreadMac.mm:
+        (WTF::scheduleDispatchFunctionsOnMainThread):
+        Use static instance of the mainThreadCaller instead of allocating and releasing it each time.
+        (WTF::initializeMainThreadPlatform):
+        * wtf/gtk/MainThreadChromium.cpp:
+        (WTF::initializeMainThreadPlatform):
+        * wtf/gtk/MainThreadGtk.cpp:
+        (WTF::initializeMainThreadPlatform):
+        * wtf/qt/MainThreadQt.cpp:
+        (WTF::initializeMainThreadPlatform):
+        * wtf/win/MainThreadWin.cpp:
+        (WTF::initializeMainThreadPlatform):
+        * wtf/wx/MainThreadWx.cpp:
+        (WTF::initializeMainThreadPlatform):
+
+2009-02-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Style cleanup.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::operator bool):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::ProcessorReturnAddress):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::operator void*):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::::CodeLocationCommon::labelAtOffset):
+        (JSC::::CodeLocationCommon::jumpAtOffset):
+        (JSC::::CodeLocationCommon::callAtOffset):
+        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
+        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
+
+2009-02-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        * assembler/AbstractMacroAssembler.h: Fix comments.
+
+2009-02-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Trying to fix wx build.
+
+        * bytecode/JumpTable.h: Include "MacroAssembler.h", not <MacroAssembler.h>.
+        * jscore.bkl: Added assembler directory to search paths.
+
+2009-02-10  Gavin Barraclough  <barraclough@apple.com>
+
+        Build
+        fix.
+        (Narrow
+        changelog
+        for
+        dhyatt).
+
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+
+2009-02-10  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Reduce use of void* / reinterpret_cast in JIT repatching code,
+        add strong types for Calls and for the various types of pointers
+        we retain into the JIT generated instruction stream.
+
+        No performance impact.
+
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
+        (JSC::AbstractMacroAssembler::ImmPtr::asIntptr):
+        (JSC::AbstractMacroAssembler::Imm32::Imm32):
+        (JSC::AbstractMacroAssembler::Label::Label):
+        (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
+        (JSC::AbstractMacroAssembler::Call::Call):
+        (JSC::AbstractMacroAssembler::Call::link):
+        (JSC::AbstractMacroAssembler::Call::linkTo):
+        (JSC::AbstractMacroAssembler::Jump::Jump):
+        (JSC::AbstractMacroAssembler::Jump::linkTo):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::operator bool):
+        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::CodeLocationLabel):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
+        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
+        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
+        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
+        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::ProcessorReturnAddress):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
+        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::operator void*):
+        (JSC::AbstractMacroAssembler::PatchBuffer::entry):
+        (JSC::AbstractMacroAssembler::PatchBuffer::trampolineAt):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
+        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
+        (JSC::AbstractMacroAssembler::PatchBuffer::locationOf):
+        (JSC::AbstractMacroAssembler::PatchBuffer::returnAddressOffset):
+        (JSC::AbstractMacroAssembler::differenceBetween):
+        (JSC::::CodeLocationCommon::labelAtOffset):
+        (JSC::::CodeLocationCommon::jumpAtOffset):
+        (JSC::::CodeLocationCommon::callAtOffset):
+        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
+        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::call):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::getCallReturnOffset):
+        * bytecode/CodeBlock.h:
+        (JSC::CallLinkInfo::CallLinkInfo):
+        (JSC::getStructureStubInfoReturnLocation):
+        (JSC::getCallLinkInfoReturnLocation):
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+        * bytecode/JumpTable.h:
+        (JSC::StringJumpTable::ctiForValue):
+        (JSC::SimpleJumpTable::ctiForValue):
+        * bytecode/StructureStubInfo.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitCatch):
+        (JSC::prepareJumpTableForStringSwitch):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::getPolymorphicAccessStructureListSlot):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_vm_throw):
+        * jit/JIT.cpp:
+        (JSC::ctiSetReturnAddress):
+        (JSC::ctiPatchCallByReturnAddress):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JIT::compileGetByIdSelf):
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdReplace):
+        (JSC::JIT::compilePutByIdTransition):
+        (JSC::JIT::compilePatchGetArrayLength):
+        (JSC::JIT::emitCTICall):
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::emitCTICall_internal):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+
+2009-02-10  Adam Roben  <aroben@apple.com>
+
+        Windows build fix after r40813
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added profiler/ to the include
+        path so that Profiler.h can be found.
+
+2009-02-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Provide a class type for a generated block of JIT code.
+        Also changes the return address -> bytecode index map to
+        track the return addess as an unsigned offset into the code
+        instead of a ptrdiff_t in terms of void**s - the latter is
+        equal to the actual offset / sizeof(void*), making it a
+        potentially lossy representation.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::AbstractMacroAssembler::PatchBuffer::returnAddressOffset):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::getCallReturnOffset):
+        * bytecode/CodeBlock.h:
+        (JSC::CallReturnOffsetToBytecodeIndex::CallReturnOffsetToBytecodeIndex):
+        (JSC::getCallReturnOffset):
+        (JSC::CodeBlock::getBytecodeIndex):
+        (JSC::CodeBlock::jitCode):
+        (JSC::CodeBlock::callReturnIndexVector):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::):
+        * jit/JITCall.cpp:
+        (JSC::JIT::linkCall):
+        * jit/JITCode.h: Added.
+        (JSC::):
+        (JSC::JITCode::JITCode):
+        (JSC::JITCode::operator bool):
+        (JSC::JITCode::addressForCall):
+        (JSC::JITCode::offsetOf):
+        (JSC::JITCode::execute):
+
+2009-02-09  John Grabowski  <jrg@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23856
+        Change the definition of "main thread" for Chromium on OSX.
+        It does not match the DARWIN definition.
+
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::initializeThreading):
+        (WTF::isMainThread):
+
+2009-02-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Minor bugfix, incorrect check meant that subtraction causing integer overflow
+        would be missed on x86-64 JIT.
+
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOp):
+
+2009-02-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        A more sensible register allocation for x86-64.
+
+        When WREC was ported to x86-64 it stuck with the same register allocation as x86.
+        This requires registers to be reordered on entry into WREC generated code, since
+        argument passing is different on x86-64 and x86 (regparm(3)).  This patch switches
+        x86-64 to use a native register allocation, that does not require argument registers
+        to be reordered.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateReturnSuccess):
+        (JSC::WREC::Generator::generateReturnFailure):
+        * wrec/WRECGenerator.h:
+
+2009-02-05  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        Rubberstamped by Sam Weinig.
+
+        * wtf/TypeTraits.h: Include Platform.h, since this header uses macros
+        defined there.
+
+2009-02-05  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23747
+        Add Chromium threading-related files.
+
+        * wtf/MainThread.cpp: Added platform guard to initializeMainThread.
+        * wtf/chromium/ChromiumThreading.h: Added.
+        * wtf/chromium/MainThreadChromium.cpp: Added.
+        (WTF::initializeMainThread):
+        (WTF::scheduleDispatchFunctionsOnMainThread):
+
+2009-02-05  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        Bug 23713: COMPILE_ASSERTS should be moved out of TypeTraits.h and into .cpp file
+        <https://bugs.webkit.org/show_bug.cgi?id=23713>
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+
+        * wtf/HashTraits.h:
+        Remove unnecessary header file that I missed when moving out the type traits form this file.
+
+        * wtf/TypeTraits.cpp: Added.
+        (WTF::):
+        * wtf/TypeTraits.h:
+        Moved the compile asserts into TypeTraits.cpp file.
+
+2009-02-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver 'the nun' Hunt.
+
+        Add -e switch to jsc to enable evaluation of scripts passed on the command line.
+
+        * jsc.cpp:
+        (Script::Script):
+        (runWithScripts):
+        (printUsageStatement):
+        (parseArguments):
+        (jscmain):
+
+2009-02-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Sam 'Big Mac' Weinig.
+
+        * assembler/AbstractMacroAssembler.h: Copied from assembler/MacroAssembler.h.
+        * assembler/MacroAssemblerX86.h: Copied from assembler/MacroAssembler.h.
+        * assembler/MacroAssemblerX86Common.h: Copied from assembler/MacroAssembler.h.
+        * assembler/MacroAssemblerX86_64.h: Copied from assembler/MacroAssembler.h.
+
+2009-02-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        This patch tidies up the MacroAssembler, cleaning up the code and refactoring out the
+        platform-specific parts.  The MacroAssembler gets split up like a beef burger, with the
+        platform-agnostic data types being the lower bun (in the form of the class AbstractMacroAssembler),
+        the plaform-specific code generation forming a big meaty patty of methods like 'add32',
+        'branch32', etc (MacroAssemblerX86), and finally topped off with the bun-lid of the
+        MacroAssembler class itself, providing covenience methods such as the stack peek & poke,
+        and backwards branch methods, all of which can be described in a platform independent
+        way using methods from the base class.  The AbstractMacroAssembler is templated on the
+        type of the assembler class that will be used for code generation, and the three layers
+        are held together with the cocktail stick of inheritance.
+
+        The above description is a slight simplification since the MacroAssemblerX86 is actually
+        formed from two layers (in effect giving us a kind on bacon double cheeseburger) - with the
+        bulk of methods that are common between x86 & x86-64 implemented in MacroAssemblerX86Common,
+        which forms a base class for MacroAssemblerX86 and MacroAssemblerX86_64 (which add the methods
+        specific to the given platform).
+
+        I'm landing these changes first without splitting the classes across multiple files,
+        I will follow up with a second patch to split up the file MacroAssembler.h.
+
+        * assembler/MacroAssembler.h:
+        (JSC::AbstractMacroAssembler::):
+        (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
+        (JSC::AbstractMacroAssembler::DataLabelPtr::patch):
+        (JSC::AbstractMacroAssembler::DataLabel32::DataLabel32):
+        (JSC::AbstractMacroAssembler::DataLabel32::patch):
+        (JSC::AbstractMacroAssembler::Label::Label):
+        (JSC::AbstractMacroAssembler::Jump::Jump):
+        (JSC::AbstractMacroAssembler::Jump::link):
+        (JSC::AbstractMacroAssembler::Jump::linkTo):
+        (JSC::AbstractMacroAssembler::Jump::patch):
+        (JSC::AbstractMacroAssembler::JumpList::link):
+        (JSC::AbstractMacroAssembler::JumpList::linkTo):
+        (JSC::AbstractMacroAssembler::PatchBuffer::link):
+        (JSC::AbstractMacroAssembler::PatchBuffer::addressOf):
+        (JSC::AbstractMacroAssembler::PatchBuffer::setPtr):
+        (JSC::AbstractMacroAssembler::size):
+        (JSC::AbstractMacroAssembler::copyCode):
+        (JSC::AbstractMacroAssembler::label):
+        (JSC::AbstractMacroAssembler::align):
+        (JSC::AbstractMacroAssembler::differenceBetween):
+        (JSC::MacroAssemblerX86Common::xor32):
+        (JSC::MacroAssemblerX86Common::load32WithAddressOffsetPatch):
+        (JSC::MacroAssemblerX86Common::store32WithAddressOffsetPatch):
+        (JSC::MacroAssemblerX86Common::move):
+        (JSC::MacroAssemblerX86Common::swap):
+        (JSC::MacroAssemblerX86Common::signExtend32ToPtr):
+        (JSC::MacroAssemblerX86Common::zeroExtend32ToPtr):
+        (JSC::MacroAssemblerX86Common::branch32):
+        (JSC::MacroAssemblerX86Common::jump):
+        (JSC::MacroAssemblerX86_64::add32):
+        (JSC::MacroAssemblerX86_64::sub32):
+        (JSC::MacroAssemblerX86_64::load32):
+        (JSC::MacroAssemblerX86_64::store32):
+        (JSC::MacroAssemblerX86_64::addPtr):
+        (JSC::MacroAssemblerX86_64::andPtr):
+        (JSC::MacroAssemblerX86_64::orPtr):
+        (JSC::MacroAssemblerX86_64::rshiftPtr):
+        (JSC::MacroAssemblerX86_64::subPtr):
+        (JSC::MacroAssemblerX86_64::xorPtr):
+        (JSC::MacroAssemblerX86_64::loadPtr):
+        (JSC::MacroAssemblerX86_64::loadPtrWithAddressOffsetPatch):
+        (JSC::MacroAssemblerX86_64::storePtr):
+        (JSC::MacroAssemblerX86_64::storePtrWithAddressOffsetPatch):
+        (JSC::MacroAssemblerX86_64::branchPtr):
+        (JSC::MacroAssemblerX86_64::branchTestPtr):
+        (JSC::MacroAssemblerX86_64::branchAddPtr):
+        (JSC::MacroAssemblerX86_64::branchSubPtr):
+        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
+        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
+        (JSC::MacroAssemblerX86::add32):
+        (JSC::MacroAssemblerX86::sub32):
+        (JSC::MacroAssemblerX86::load32):
+        (JSC::MacroAssemblerX86::store32):
+        (JSC::MacroAssemblerX86::branch32):
+        (JSC::MacroAssemblerX86::branchPtrWithPatch):
+        (JSC::MacroAssemblerX86::storePtrWithPatch):
+        (JSC::MacroAssembler::pop):
+        (JSC::MacroAssembler::peek):
+        (JSC::MacroAssembler::poke):
+        (JSC::MacroAssembler::branchPtr):
+        (JSC::MacroAssembler::branch32):
+        (JSC::MacroAssembler::branch16):
+        (JSC::MacroAssembler::branchTestPtr):
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::andPtr):
+        (JSC::MacroAssembler::orPtr):
+        (JSC::MacroAssembler::rshiftPtr):
+        (JSC::MacroAssembler::subPtr):
+        (JSC::MacroAssembler::xorPtr):
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
+        (JSC::MacroAssembler::branchAddPtr):
+        (JSC::MacroAssembler::branchSubPtr):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOp):
+
+2009-02-04  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23681
+        Worker tests crash in debug builds if run --singly
+
+        The crash happened because worker threads continued running while debug-only static objects
+        were already being destroyed on main thread.
+
+        * runtime/Structure.cpp: Create static debug-only sets in heap, so that they don't get
+        destroyed.
+
+        * wtf/ThreadingPthreads.cpp: Changed assertions to conventional form.
+
+2009-02-03  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23715
+
+        Simplify MacroAssembler interface, by combining comparison methods.
+        Seprate operations are combined as follows:
+            jz32/jnz32/jzPtr/jnzPtr -> branchTest32/branchTestPtr,
+            j*(Add|Mul|Sub)32/j*(Add|Mul|Sub)Ptr -> branch(Add|Mul|Sub)32/branch(Add|Mul|Sub)Ptr
+            j*32/j*Ptr (all other two op combparisons) -> branch32/brnachPtr
+            set*32 -> set32
+
+        Also, represent the Scale of BaseIndex addresses as a plain enum (0,1,2,3),
+        instead of as multiplicands (1,2,4,8).
+
+        This patch singificantly reduces replication of code, and increases functionality supported
+        by the MacroAssembler.  No performance impact.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::):
+        (JSC::MacroAssembler::branchPtr):
+        (JSC::MacroAssembler::branchPtrWithPatch):
+        (JSC::MacroAssembler::branch32):
+        (JSC::MacroAssembler::branch16):
+        (JSC::MacroAssembler::branchTestPtr):
+        (JSC::MacroAssembler::branchTest32):
+        (JSC::MacroAssembler::branchAddPtr):
+        (JSC::MacroAssembler::branchAdd32):
+        (JSC::MacroAssembler::branchMul32):
+        (JSC::MacroAssembler::branchSubPtr):
+        (JSC::MacroAssembler::branchSub32):
+        (JSC::MacroAssembler::set32):
+        (JSC::MacroAssembler::setTest32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::jccRel32):
+        (JSC::X86Assembler::setccOpcode):
+        (JSC::X86Assembler::cmpq_mr):
+        (JSC::X86Assembler::setcc_r):
+        (JSC::X86Assembler::sete_r):
+        (JSC::X86Assembler::setne_r):
+        (JSC::X86Assembler::jne):
+        (JSC::X86Assembler::je):
+        (JSC::X86Assembler::jl):
+        (JSC::X86Assembler::jb):
+        (JSC::X86Assembler::jle):
+        (JSC::X86Assembler::jbe):
+        (JSC::X86Assembler::jge):
+        (JSC::X86Assembler::jg):
+        (JSC::X86Assembler::ja):
+        (JSC::X86Assembler::jae):
+        (JSC::X86Assembler::jo):
+        (JSC::X86Assembler::jp):
+        (JSC::X86Assembler::js):
+        (JSC::X86Assembler::jcc):
+        (JSC::X86Assembler::X86InstructionFormatter::putModRmSib):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_lshift):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArith_op_post_inc):
+        (JSC::JIT::compileFastArith_op_post_dec):
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileFastArith_op_pre_dec):
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::checkStructure):
+        (JSC::JIT::emitJumpIfJSCell):
+        (JSC::JIT::emitJumpIfNotJSCell):
+        (JSC::JIT::emitJumpIfImmediateNumber):
+        (JSC::JIT::emitJumpIfNotImmediateNumber):
+        (JSC::JIT::emitJumpIfImmediateInteger):
+        (JSC::JIT::emitJumpIfNotImmediateInteger):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::match):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateIncrementIndex):
+        (JSC::WREC::Generator::generateLoadCharacter):
+        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
+        (JSC::WREC::Generator::generateBackreferenceQuantifier):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacterPair):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::generateBackreference):
+
+2009-02-03  David Hyatt  <hyatt@apple.com>
+
+        Fix a bug in Vector's shrinkCapacity method.  It did not properly copy elements into the inline buffer
+        when shrinking down from a size that was greater than the inline capacity.
+
+        Reviewed by Maciej
+
+        * wtf/Vector.h:
+        (WTF::VectorBuffer::VectorBuffer):
+        (WTF::VectorBuffer::allocateBuffer):
+
+2009-02-03  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Added accessor for JSByteArray storage.
+
+        * runtime/JSByteArray.h:
+        (JSC::JSByteArray::storage):
+
+2009-02-03  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23560
+        Implement SharedTimer on WorkerRunLoop
+
+        * JavaScriptCore.exp:
+        Forgot to expose ThreadCondition::timedWait() in one of previous patches.
+
+2009-02-02  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=21414> REGRESSION: Regular Expressions and character classes, shorthands and ranges
+        <rdar://problem/6543487>
+
+        In certain circumstances when WREC::Generator::generateCharacterClassInvertedRange invokes
+        itself recursively, it will incorrectly emit (and thus consume) the next single character
+        match in the current character class.  As WREC uses a binary search this out of sequence
+        codegen could result in a character match being missed and so cause the regex to produce
+        incorrect results.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+
+2009-02-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dave Hyatt.
+
+        Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
+        https://bugs.webkit.org/show_bug.cgi?id=23676
+
+        * API/JSObjectRef.cpp:
+        (JSObjectCopyPropertyNames): Use reserveInitialCapacity.
+        * parser/Lexer.cpp:
+        (JSC::Lexer::Lexer): Ditto.
+        (JSC::Lexer::clear): Ditto.
+
+        * wtf/Vector.h: Added reserveInitialCapacity, a more efficient version of
+        reserveCapacity for use when the vector is brand new (still size 0 with no
+        capacity other than the inline capacity).
+
+2009-01-30  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        <rdar://problem/6391501> Enable the JIT on Mac OS X x86_64 as it passes all tests.
+
+        * wtf/Platform.h:
+
+2009-01-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe and Sam Weinig.
+
+        Finally fix load() to propagate exceptions correctly.
+
+        * jsc.cpp:
+        (functionLoad):
+
+2009-01-30  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23618
+        Templated worker tasks should be more error proof to use.
+        Fix Chromium build.
+
+        * wtf/TypeTraits.h:
+        (WTF::IsConvertibleToInteger::IsConvertibleToDouble):
+        Avoid "possible loss of data" warning when using Microsoft's C++ compiler
+        by avoiding an implicit conversion of int types to doubles.
+
+2009-01-30  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Bug 23580: GNU mode RVCT compilation support
+        <https://bugs.webkit.org/show_bug.cgi?id=23580>
+
+        * pcre/pcre_exec.cpp: Use COMPILER(GCC) instead of __GNUC__.
+        * wtf/FastMalloc.cpp: Ditto.
+        (WTF::TCMallocStats::):
+        * wtf/Platform.h: Don't define COMPILER(GCC) with RVCT --gnu.
+
+2009-01-30  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 23618: Templated worker tasks should be more error proof to use
+        <https://bugs.webkit.org/show_bug.cgi?id=23618>
+
+        Add the type traits needed for the generic worker tasks
+        and compile asserts for them.
+
+        Add a summary header to the TypeTraits.h file to explain what is in there.
+
+        Add a note to explain IsPod's deficiencies.
+
+        * wtf/TypeTraits.h:
+
+2009-01-30  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Bug 23616: Various "template helpers" should be consolidated from isolated files in JavaScriptCore.
+        <https://bugs.webkit.org/show_bug.cgi?id=23616>
+
+        * wtf/TypeTraits.h: Moved RemovePointer, IsPod, IsInteger to this file.
+
+        * wtf/OwnPtr.h: Use RemovePointer from TypeTraits.h.
+        * wtf/RetainPtr.h:  Ditto.
+
+        * wtf/HashTraits.h: Use IsInteger from TypeTraits.h.
+
+        * wtf/VectorTraits.h: Use IsPod from TypeTraits.h.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Added TypeTraits.h.
+
+2009-01-29  Stephanie Lewis <slewis@apple.com>
+
+        RS by Oliver Hunt.
+
+        Update the order files.
+
+        * JavaScriptCore.order:
+
+2009-01-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 23551: Crash on page load with profiler enabled and running
+        <https://bugs.webkit.org/show_bug.cgi?id=23551>
+        <rdar://problem/6529521>
+
+        Interpreter::execute(FunctionBodyNode*, ...) calls Profiler::didExecute()
+        with a stale CallFrame. If some part of the scope chain has already been
+        freed, Profiler::didExecute() will crash when attempting to get the lexical
+        global object. The fix is to make the didExecute() call use the caller's
+        CallFrame, not the one made for the function call. In this case, the
+        willExecute() call should also be changed to match.
+
+        Since this occurs in the actual inspector JS, it is difficult to reduce.
+        I couldn't make a layout test.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::execute):
+
+2009-01-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix for <rdar://problem/6525537>
+        Hang occurs when closing Installer window (iTunes, Aperture)
+
+        * JavaScriptCore.exp: Export JSGlobalData::sharedInstance.
+
+2009-01-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Initial patch by Mark Rowe.
+
+        <rdar://problem/6519356>
+        REGRESSION (r36006): "out of memory" alert running dromaeo on Windows
+
+        Report the cost of the ArrayStorage vector more accurately/often.
+
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray): Report the extra cost even for a filled array
+        because JSString using the single character optimization and immediates
+        wont increase the cost themselves. 
+        (JSC::JSArray::putSlowCase): Update the cost when increasing the size of
+        the array.
+        (JSC::JSArray::increaseVectorLength): Ditto.
+
+2009-01-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Fix for <rdar://problem/6129678>
+        REGRESSION (Safari 3-4): Local variable not accessible from Dashcode console or variables view
+
+        Iterating the properties of activation objects accessed through the WebKit debugging
+        APIs was broken by forced conversion of JSActivation to the global object. To fix this,
+        we use a proxy activation object that acts more like a normal JSObject.
+
+        * debugger/DebuggerActivation.cpp: Added.
+        (JSC::DebuggerActivation::DebuggerActivation):
+        (JSC::DebuggerActivation::mark):
+        (JSC::DebuggerActivation::className):
+        (JSC::DebuggerActivation::getOwnPropertySlot):
+        (JSC::DebuggerActivation::put):
+        (JSC::DebuggerActivation::putWithAttributes):
+        (JSC::DebuggerActivation::deleteProperty):
+        (JSC::DebuggerActivation::getPropertyNames):
+        (JSC::DebuggerActivation::getPropertyAttributes):
+        (JSC::DebuggerActivation::defineGetter):
+        (JSC::DebuggerActivation::defineSetter):
+        (JSC::DebuggerActivation::lookupGetter):
+        (JSC::DebuggerActivation::lookupSetter):
+        * debugger/DebuggerActivation.h: Added.
+        Proxy JSActivation object for Debugging.
+
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::isActivationObject): Added.
+        * runtime/JSObject.h:
+        (JSC::JSObject::isActivationObject): Added.
+
+2009-01-28  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 23490: Remove initialRefCount argument from RefCounted class
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23490>
+
+        Reviewed by Darin Adler.
+
+        RefCountedBase now always starts with a ref count of 1, so there
+        is no need to pass the initialRefCount into the class anymore.
+
+        * wtf/ByteArray.h:
+        (WTF::ByteArray::ByteArray): Removed call to RefCounted(1).
+        * wtf/RefCounted.h:
+        (WTF::RefCountedBase::RefCountedBase): Changed to start with a
+        ref count of 1.
+        (WTF::RefCounted::RefCounted): Removed initialRefCount argument
+        and removed call to RefCounted(1).
+
+2009-01-26  Adele Peterson  <adele@apple.com>
+
+        Build fix.  
+
+        * debugger/Debugger.cpp:
+
+2009-01-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fixes for eq null & neq null, on 64-bit JIT.
+        https://bugs.webkit.org/show_bug.cgi?id=23559
+
+        This patch degrades 64-bit JIT performance on some benchmarks,
+        due to the whole not-being-incorrect thing.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2009-01-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Gavin Barraclough.
+
+        Bug 23552: Dashcode evaluator no longer works after making ExecStates actual call frames
+        <https://bugs.webkit.org/show_bug.cgi?id=23552>
+        <rdar://problem/6398839>
+
+        * JavaScriptCore.exp:
+        * debugger/Debugger.cpp:
+        (JSC::evaluateInGlobalCallFrame): Added so that WebScriptCallFrame can
+        evaluate JS starting from a global call frame.
+        * debugger/Debugger.h:
+
+2009-01-25  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Dan Bernstein.
+
+        Improve the consistency of settings in our .xcconfig files.
+
+        * Configurations/Base.xcconfig: Enable GCC_OBJC_CALL_CXX_CDTORS to match other projects.
+
+2009-01-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Bug 23352: Turn on more compiler warnings in the Mac build
+        https://bugs.webkit.org/show_bug.cgi?id=23352
+
+        Turn on the following warnings:
+
+            -Wcast-qual
+            -Wextra-tokens
+            -Wformat=2
+            -Winit-self
+            -Wmissing-noreturn
+            -Wpacked
+            -Wrendundant-decls
+
+        * Configurations/Base.xcconfig: Added the new warnings. Switched to -Wextra instead of
+        -W for clarity since we don't have to support the older versions of gcc that require the
+        old -W syntax. Since we now use -Wformat=2, removed -Wformat-security. Also removed
+        -Wno-format-y2k since we can have that one on now.
+
+2009-01-25  Judit Jasz  <jasy@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+        
+        Compilation problem fixing 
+        http://bugs.webkit.org/show_bug.cgi?id=23497
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall): Use JSValuePtr::encode.
+
+2009-01-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 23352: Turn on more compiler warnings in the Mac build
+        https://bugs.webkit.org/show_bug.cgi?id=23352
+
+        Fourth patch: Deal with the last few stray warnings.
+
+        * parser/Parser.cpp: Only declare jscyyparse if it's not already declared.
+        This makes both separate compilation and all-in-one compilation work with the
+        -Wredundant-decls warning.
+
+2009-01-25  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 23352: Turn on more compiler warnings in the Mac build
+        https://bugs.webkit.org/show_bug.cgi?id=23352
+
+        Third patch: Use the noreturn attribute on functions that don't
+        return to prepare for the use of the -Wmissing-noreturn warning.
+
+        * jit/JITCall.cpp:
+        (JSC::unreachable): Added NO_RETURN.
+        * jsc.cpp:
+        (functionQuit): Ditto.
+        (printUsageStatement): Ditto.
+        * wtf/AlwaysInline.h: Added definition of NO_RETURN.
+
+2009-01-24  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Force inlining of Lexer::matchPunctuator
+
+        2.2% win when parsing jQuery, Mootools, Prototype, etc
+
+        * parser/Lexer.h:
+
+2009-01-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fix for <rdar://problem/6126212>
+        Ensure that callbacks out from the JSC interface are only allowed
+        to return in reverse-chronological order to that in which they were
+        made.  If we allow earlier callbacks to return first, then this may
+        result in setions of the RegisterFile in use by another thread
+        being trampled.
+
+        See uber-comment in JSLock.h for details.
+
+        * runtime/JSLock.cpp:
+        (JSC::JSLock::DropAllLocks::DropAllLocks):
+        (JSC::JSLock::DropAllLocks::~DropAllLocks):
+
+2009-01-23  Darin Adler  <darin@apple.com>
+
+        Try to fix WX build.
+
+        * runtime/JSGlobalObjectFunctions.h: Include <wtf/unicode/Unicode.h>
+        for the definition of UChar.
+
+2009-01-23  Anders Carlsson  <andersca@apple.com>
+
+        * Configurations/Base.xcconfig:
+        GCC 4.0 build fix.
+        
+        * runtime/JSNumberCell.h:
+        64-bit build fix.
+
+2009-01-23  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Turn on -Wmissing-prototypes and fix the warnings.
+        
+        * API/JSClassRef.cpp:
+        (clearReferenceToPrototype):
+        * Configurations/Base.xcconfig:
+        * runtime/Collector.cpp:
+        (JSC::getPlatformThreadRegisters):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createError):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/JSNumberCell.h:
+        * runtime/UString.cpp:
+        (JSC::initializeStaticBaseString):
+        (JSC::createRep):
+        * wtf/FastMalloc.cpp:
+        * wtf/Threading.cpp:
+
+2009-01-22  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Anders Carlsson.
+
+        Disable GCC_WARN_ABOUT_MISSING_PROTOTYPES temporarily.
+
+        Current versions of Xcode only respect it for C and Objective-C files,
+        and our code doesn't currently compile if it is applied to C++ and
+        Objective-C++ files.
+
+        * Configurations/Base.xcconfig:
+
+2009-01-22  Steve Falkenburg  <sfalken@apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=23489
+        
+        Return currentTime() in correct units for the two early return cases.
+
+        Reviewed by Mark Rowe.
+
+        * wtf/CurrentTime.cpp:
+        (WTF::currentTime):
+
+2009-01-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix for <rdar://problem/6439247>
+        FastMalloc allocating an extra 4MB of meta-data on 64-bit
+
+        Rely on the fact that on all known x86-64 platforms only use 48 bits of
+        address space to shrink the initial size of the PageMap from ~4MB to 120K.
+        For 64-bit we still use a 3-level radix tree, but now each level is only 12
+        bits wide.
+
+        No performance change.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::MapSelector): Add specialization for 64 bit that takes into account the
+        16 bits of unused address space on x86-64.
+
+2009-01-22  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=23461 LayoutTests/
+        fast/js/numeric-conversion.html is broken, and corresponding 
+        <rdar://problem/6514842>
+
+        The basic problem here is that parseInt(Infinity) should be NaN, 
+        but we were returning 0. NaN matches Safari 3.2.1 and Firefox.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
+2009-01-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        <rdar://problem/6516853> (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()"
+        <https://bugs.webkit.org/show_bug.cgi?id=23479>
+
+        Automatic semicolon insertion was resulting in this being accepted in the initial
+        nodeless parsing, but subsequent reparsing for code generation would fail, leading
+        to a crash.  The solution is to ensure that reparsing a function performs parsing
+        in the same state as the initial parse.  We do this by modifying the saved source
+        ranges to include rather than exclude the opening and closing braces.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): add an assertion for successful recompile
+        * parser/Lexer.h:
+        (JSC::Lexer::sourceCode): include rather than exclude braces.
+        * parser/Nodes.h:
+        (JSC::FunctionBodyNode::toSourceString):  No need to append braces anymore.
+
+2009-01-22  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23373
+
+        Implement ThreadCondition::timedWait().
+        Since we borrow the code for condition variables from other sources,
+        I did the same for timedWait(). See comments in ThreadingWin.cpp for
+        rationale and more info.
+
+        * wtf/CONTRIBUTORS.pthreads-win32: 
+        Added. A list of Pthreads-win32 contributors mentioned in their license. The license itself
+        is included into wtf/ThreadingWin32.cpp.
+
+        * wtf/Threading.h:
+        * wtf/ThreadingWin.cpp:
+        Additional info and Pthreads-win32 license at the beginning.
+        (WTF::PlatformCondition::timedWait): new method, derived from Pthreads-win32.
+        (WTF::PlatformCondition::signal): same
+        (WTF::ThreadCondition::ThreadCondition):
+        (WTF::ThreadCondition::~ThreadCondition):
+        (WTF::ThreadCondition::wait): this now calls PlatformCondition::timedWait.
+        (WTF::ThreadCondition::timedWait): same
+        (WTF::ThreadCondition::signal): this now calls PlatformCondition::signal.
+        (WTF::ThreadCondition::broadcast): same
+
+2009-01-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=23469.
+
+        We need to check all numbers in integer switches, not just those
+        represented as integer JSImmediates.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_switch_imm):
+
+2009-01-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=23468.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-01-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Suggested by Oliver Hunt. Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23456
+        Function argument names leak
+
+        * parser/Nodes.cpp: (JSC::FunctionBodyNode::~FunctionBodyNode): Destruct parameter names.
+
+2009-01-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2009-01-20  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Structure property table deleted offset maps are being leaked.
+        Probably shouldn't be doing that.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23442
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::~Structure):
+
+2009-01-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (build fix).
+
+        Attempt to fix gtk build
+
+        * GNUmakefile.am:
+
+2009-01-20  Darin Adler  <darin@apple.com>
+
+        * runtime/StringPrototype.cpp:
+        (JSC::substituteBackreferences): Add back the initialization to fix the build.
+
+2009-01-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Bug 23352: Turn on more compiler warnings in the Mac build
+        https://bugs.webkit.org/show_bug.cgi?id=23352
+
+        First patch: Fix some simple cases of various warnings.
+
+        * pcre/pcre_compile.cpp:
+        (jsRegExpCompile): Use const_cast to change const-ness.
+
+        * runtime/StringPrototype.cpp:
+        (JSC::substituteBackreferences): Remove unneeded initialization and
+        use UChar instead of unsigned short for UTF-16 values.
+
+        * wtf/dtoa.cpp:
+        (WTF::strtod): Use const_cast to change const-ness.
+
+2009-01-20  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (build fix).
+
+        Whoops, remove runtime/ByteArray references from .pri and .scons builds, update .bkl
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCoreSources.bkl:
+
+2009-01-20  Oliver Hunt  <oliver@apple.com>
+
+        RS=Dan Bernstein.
+
+        Move runtime/ByteArray to wtf/ByteArray
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/JSByteArray.cpp:
+        * runtime/JSByteArray.h:
+        * wtf/ByteArray.cpp: Renamed from JavaScriptCore/runtime/ByteArray.cpp.
+        (WTF::ByteArray::create):
+        * wtf/ByteArray.h: Renamed from JavaScriptCore/runtime/ByteArray.h.
+        (WTF::ByteArray::length):
+        (WTF::ByteArray::set):
+        (WTF::ByteArray::get):
+        (WTF::ByteArray::data):
+        (WTF::ByteArray::deref):
+        (WTF::ByteArray::ByteArray):
+
+2009-01-19  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Gavin Barraclough.
+
+        Remove temporary operator-> from JSValuePtr.
+
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::call):
+        (JSC::::toNumber):
+        (JSC::::toString):
+        * API/JSObjectRef.cpp:
+        (JSObjectSetPrototype):
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        * bytecode/CodeBlock.cpp:
+        (JSC::valueToSourceString):
+        (JSC::CodeBlock::mark):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::isKnownNotImmediate):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitEqualityOp):
+        (JSC::keyForImmediateSwitch):
+        * interpreter/Interpreter.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAddSlowCase):
+        (JSC::jsAdd):
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::jsIsFunctionType):
+        (JSC::isNotObject):
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::throwException):
+        (JSC::cachePrototypeChain):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
+        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
+        (JSC::Interpreter::cti_op_get_by_id_array_fail):
+        (JSC::Interpreter::cti_op_get_by_id_string_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_construct_JSConstruct):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_get_by_val_byte_array):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_put_by_val_byte_array):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_push_scope):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_is_boolean):
+        (JSC::Interpreter::cti_op_is_number):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_put_by_index):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_op_del_by_val):
+        (JSC::Interpreter::cti_op_put_getter):
+        (JSC::Interpreter::cti_op_put_setter):
+        (JSC::Interpreter::cti_op_new_error):
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::isJSArray):
+        (JSC::Interpreter::isJSString):
+        (JSC::Interpreter::isJSByteArray):
+        * interpreter/Register.h:
+        (JSC::Register::marked):
+        (JSC::Register::mark):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateInt):
+        (JSC::JIT::isOperandConstantImmediateInt):
+        * jsc.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionRun):
+        (functionLoad):
+        (runWithScripts):
+        (runInteractive):
+        * parser/Nodes.cpp:
+        (JSC::processClauseList):
+        * profiler/ProfileGenerator.cpp:
+        (JSC::ProfileGenerator::addParentForConsoleStart):
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::createCallIdentifier):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::constructArrayWithSizeQuirk):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::constructBoolean):
+        (JSC::callBooleanConstructor):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString):
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/Collector.cpp:
+        (JSC::Heap::protect):
+        (JSC::Heap::unprotect):
+        (JSC::Heap::heap):
+        (JSC::Heap::collect):
+        (JSC::typeName):
+        * runtime/Completion.cpp:
+        (JSC::evaluate):
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        (JSC::dateParse):
+        (JSC::dateUTC):
+        * runtime/DateInstance.h:
+        (JSC::DateInstance::internalNumber):
+        * runtime/DatePrototype.cpp:
+        (JSC::formatLocaleDate):
+        (JSC::fillStructuresUsingTimeArgs):
+        (JSC::fillStructuresUsingDateArgs):
+        (JSC::dateProtoFuncToString):
+        (JSC::dateProtoFuncToUTCString):
+        (JSC::dateProtoFuncToDateString):
+        (JSC::dateProtoFuncToTimeString):
+        (JSC::dateProtoFuncToLocaleString):
+        (JSC::dateProtoFuncToLocaleDateString):
+        (JSC::dateProtoFuncToLocaleTimeString):
+        (JSC::dateProtoFuncGetTime):
+        (JSC::dateProtoFuncGetFullYear):
+        (JSC::dateProtoFuncGetUTCFullYear):
+        (JSC::dateProtoFuncToGMTString):
+        (JSC::dateProtoFuncGetMonth):
+        (JSC::dateProtoFuncGetUTCMonth):
+        (JSC::dateProtoFuncGetDate):
+        (JSC::dateProtoFuncGetUTCDate):
+        (JSC::dateProtoFuncGetDay):
+        (JSC::dateProtoFuncGetUTCDay):
+        (JSC::dateProtoFuncGetHours):
+        (JSC::dateProtoFuncGetUTCHours):
+        (JSC::dateProtoFuncGetMinutes):
+        (JSC::dateProtoFuncGetUTCMinutes):
+        (JSC::dateProtoFuncGetSeconds):
+        (JSC::dateProtoFuncGetUTCSeconds):
+        (JSC::dateProtoFuncGetMilliSeconds):
+        (JSC::dateProtoFuncGetUTCMilliseconds):
+        (JSC::dateProtoFuncGetTimezoneOffset):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::setNewValueFromTimeArgs):
+        (JSC::setNewValueFromDateArgs):
+        (JSC::dateProtoFuncSetYear):
+        (JSC::dateProtoFuncGetYear):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::constructError):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createError):
+        (JSC::createErrorMessage):
+        * runtime/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString):
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::toObject):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::getOwnPropertySlot):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::put):
+        (JSC::JSArray::mark):
+        (JSC::JSArray::sort):
+        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
+        (JSC::JSArray::compactForSorting):
+        * runtime/JSByteArray.h:
+        (JSC::JSByteArray::setIndex):
+        * runtime/JSCell.h:
+        (JSC::asCell):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::construct):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::lastInPrototypeChain):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::encode):
+        (JSC::decode):
+        (JSC::globalFuncEval):
+        (JSC::globalFuncParseInt):
+        (JSC::globalFuncParseFloat):
+        (JSC::globalFuncIsNaN):
+        (JSC::globalFuncIsFinite):
+        (JSC::globalFuncEscape):
+        (JSC::globalFuncUnescape):
+        (JSC::globalFuncJSCPrint):
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject):
+        (JSC::JSImmediate::toObject):
+        (JSC::JSImmediate::prototype):
+        (JSC::JSImmediate::toString):
+        * runtime/JSImmediate.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::put):
+        (JSC::callDefaultValueFunction):
+        (JSC::JSObject::getPrimitiveNumber):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::lookupGetter):
+        (JSC::JSObject::lookupSetter):
+        (JSC::JSObject::hasInstance):
+        (JSC::JSObject::toNumber):
+        (JSC::JSObject::toString):
+        * runtime/JSObject.h:
+        (JSC::JSObject::JSObject):
+        (JSC::JSObject::inlineGetOwnPropertySlot):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSObject::getPropertySlot):
+        (JSC::JSValuePtr::get):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::create):
+        * runtime/JSString.cpp:
+        (JSC::JSString::getOwnPropertySlot):
+        * runtime/JSValue.h:
+        * runtime/JSWrapperObject.cpp:
+        (JSC::JSWrapperObject::mark):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::setInternalValue):
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncAbs):
+        (JSC::mathProtoFuncACos):
+        (JSC::mathProtoFuncASin):
+        (JSC::mathProtoFuncATan):
+        (JSC::mathProtoFuncATan2):
+        (JSC::mathProtoFuncCeil):
+        (JSC::mathProtoFuncCos):
+        (JSC::mathProtoFuncExp):
+        (JSC::mathProtoFuncFloor):
+        (JSC::mathProtoFuncLog):
+        (JSC::mathProtoFuncMax):
+        (JSC::mathProtoFuncMin):
+        (JSC::mathProtoFuncPow):
+        (JSC::mathProtoFuncRound):
+        (JSC::mathProtoFuncSin):
+        (JSC::mathProtoFuncSqrt):
+        (JSC::mathProtoFuncTan):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        (JSC::NativeErrorConstructor::construct):
+        * runtime/NumberConstructor.cpp:
+        (JSC::constructWithNumberConstructor):
+        (JSC::callNumberConstructor):
+        * runtime/NumberPrototype.cpp:
+        (JSC::numberProtoFuncToString):
+        (JSC::numberProtoFuncToLocaleString):
+        (JSC::numberProtoFuncValueOf):
+        (JSC::numberProtoFuncToFixed):
+        (JSC::numberProtoFuncToExponential):
+        (JSC::numberProtoFuncToPrecision):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::constructObject):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncValueOf):
+        (JSC::objectProtoFuncHasOwnProperty):
+        (JSC::objectProtoFuncIsPrototypeOf):
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        (JSC::objectProtoFuncLookupGetter):
+        (JSC::objectProtoFuncLookupSetter):
+        (JSC::objectProtoFuncPropertyIsEnumerable):
+        (JSC::objectProtoFuncToLocaleString):
+        (JSC::objectProtoFuncToString):
+        * runtime/Operations.h:
+        (JSC::JSValuePtr::equalSlowCaseInline):
+        (JSC::JSValuePtr::strictEqual):
+        (JSC::JSValuePtr::strictEqualSlowCaseInline):
+        * runtime/Protect.h:
+        (JSC::gcProtect):
+        (JSC::gcUnprotect):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::setRegExpConstructorInput):
+        (JSC::setRegExpConstructorMultiline):
+        (JSC::constructRegExp):
+        * runtime/RegExpObject.cpp:
+        (JSC::setRegExpObjectLastIndex):
+        (JSC::RegExpObject::match):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest):
+        (JSC::regExpProtoFuncExec):
+        (JSC::regExpProtoFuncCompile):
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCodeSlowCase):
+        (JSC::stringFromCharCode):
+        (JSC::constructWithStringConstructor):
+        (JSC::callStringConstructor):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncToString):
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncIndexOf):
+        (JSC::stringProtoFuncLastIndexOf):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSlice):
+        (JSC::stringProtoFuncSplit):
+        (JSC::stringProtoFuncSubstr):
+        (JSC::stringProtoFuncSubstring):
+        (JSC::stringProtoFuncToLowerCase):
+        (JSC::stringProtoFuncToUpperCase):
+        (JSC::stringProtoFuncLocaleCompare):
+        (JSC::stringProtoFuncBig):
+        (JSC::stringProtoFuncSmall):
+        (JSC::stringProtoFuncBlink):
+        (JSC::stringProtoFuncBold):
+        (JSC::stringProtoFuncFixed):
+        (JSC::stringProtoFuncItalics):
+        (JSC::stringProtoFuncStrike):
+        (JSC::stringProtoFuncSub):
+        (JSC::stringProtoFuncSup):
+        (JSC::stringProtoFuncFontcolor):
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncAnchor):
+        (JSC::stringProtoFuncLink):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::getEnumerablePropertyNames):
+        (JSC::Structure::createCachedPrototypeChain):
+        * runtime/Structure.h:
+        (JSC::Structure::mark):
+        * runtime/StructureChain.cpp:
+        (JSC::StructureChain::StructureChain):
+
+2009-01-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 23409: REGRESSION: RegExp 'replace()' function improperly processes '$$'
+        <https://bugs.webkit.org/show_bug.cgi?id=23409>
+        <rdar://problem/6505723>
+
+        Test: fast/js/string-replace-3.html
+
+        * runtime/StringPrototype.cpp:
+        (JSC::substituteBackreferences): Remove code that adds an extra $ -- not sure
+        how this ever worked.
+
+2009-01-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        On x86-64 jit, cache JSImmedate::TagMask & JSImmedate::TagTypeNumber in
+        registers, save reloading them every time they're used.
+
+        Draws x86-64 jit performance close to that of i386 jit.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::subPtr):
+        (JSC::MacroAssembler::jnzPtr):
+        (JSC::MacroAssembler::jzPtr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpIfJSCell):
+        (JSC::JIT::emitJumpIfNotJSCell):
+        (JSC::JIT::emitJumpIfImmediateNumber):
+        (JSC::JIT::emitJumpIfNotImmediateNumber):
+        (JSC::JIT::emitJumpIfImmediateInteger):
+        (JSC::JIT::emitJumpIfNotImmediateInteger):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+
+2009-01-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add support to x86-64 JIT for inline double precision arithmetic ops.
+        +5/6% on x86-64, JIT enabled, sunspider.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::addPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movq_rr):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArithSlow_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArithSlow_op_mul):
+        (JSC::JIT::compileFastArith_op_sub):
+        (JSC::JIT::compileFastArithSlow_op_sub):
+        * parser/ResultType.h:
+        (JSC::ResultType::isReusable):
+        (JSC::ResultType::isInt32):
+        (JSC::ResultType::definitelyIsNumber):
+        (JSC::ResultType::mightBeNumber):
+        (JSC::ResultType::isNotNumber):
+        (JSC::ResultType::unknownType):
+
+2009-01-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fixes for SamplingTool.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23390
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::storePtr):
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::run):
+        (JSC::SamplingTool::dump):
+        * bytecode/SamplingTool.h:
+        (JSC::SamplingTool::encodeSample):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::JIT::samplingToolTrackCodeBlock):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitCTICall_internal):
+
+2009-01-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed <rdar://problem/6452301> REGRESSION: Latest WebKit nightlies
+        turn "c" into "" when stripping \\c_ character
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::consumeEscape): Mimic a Firefox quirk when parsing
+        control escapes inside character classes.
+
+2009-01-16  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parseParentheses): Removed unreachable code.
+
+2009-01-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed <rdar://problem/6471394> REGRESSION (r39164): Discarding quantifier
+        on assertion gives incorrect result (23075)
+        
+        https://bugs.webkit.org/show_bug.cgi?id=23075
+
+        * pcre/pcre_compile.cpp:
+        (compileBranch): Throw away an assertion if it's followed by a quantifier
+        with a 0 minimum, to match SpiderMonkey, v8, and the ECMA spec.
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parseParentheses): Fall back on PCRE for the rare
+        case of an assertion with a quantifier with a 0 minimum, since we
+        don't handle quantified subexpressions yet, and in this special case,
+        we can't just throw away the quantifier.
+
+2009-01-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add support in ResultType to track that the results of bitops
+        are always of type int32_t.
+
+        * parser/Nodes.cpp:
+        (JSC::ReadModifyResolveNode::emitBytecode):
+        (JSC::ReadModifyDotNode::emitBytecode):
+        (JSC::ReadModifyBracketNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::):
+        (JSC::BooleanNode::):
+        (JSC::NumberNode::):
+        (JSC::StringNode::):
+        (JSC::PrePostResolveNode::):
+        (JSC::TypeOfResolveNode::):
+        (JSC::TypeOfValueNode::):
+        (JSC::UnaryPlusNode::):
+        (JSC::NegateNode::):
+        (JSC::BitwiseNotNode::):
+        (JSC::LogicalNotNode::):
+        (JSC::MultNode::):
+        (JSC::DivNode::):
+        (JSC::ModNode::):
+        (JSC::SubNode::):
+        (JSC::LeftShiftNode::):
+        (JSC::RightShiftNode::):
+        (JSC::UnsignedRightShiftNode::):
+        (JSC::LessNode::):
+        (JSC::GreaterNode::):
+        (JSC::LessEqNode::):
+        (JSC::GreaterEqNode::):
+        (JSC::InstanceOfNode::):
+        (JSC::EqualNode::):
+        (JSC::NotEqualNode::):
+        (JSC::StrictEqualNode::):
+        (JSC::NotStrictEqualNode::):
+        (JSC::BitAndNode::):
+        (JSC::BitOrNode::):
+        (JSC::BitXOrNode::):
+        (JSC::LogicalOpNode::):
+        * parser/ResultType.h:
+        (JSC::ResultType::isInt32):
+        (JSC::ResultType::isNotNumber):
+        (JSC::ResultType::booleanType):
+        (JSC::ResultType::numberType):
+        (JSC::ResultType::numberTypeCanReuse):
+        (JSC::ResultType::numberTypeCanReuseIsInt32):
+        (JSC::ResultType::stringOrNumberTypeCanReuse):
+        (JSC::ResultType::stringType):
+        (JSC::ResultType::unknownType):
+        (JSC::ResultType::forAdd):
+        (JSC::ResultType::forBitOp):
+        (JSC::OperandTypes::OperandTypes):
+
+2009-01-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add support for integer addition, subtraction and multiplication
+        in JIT code on x86-64.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::mul32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::joMul32):
+        (JSC::MacroAssembler::joSub32):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArithSlow_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArithSlow_op_mul):
+        (JSC::JIT::compileFastArith_op_sub):
+        (JSC::JIT::compileFastArithSlow_op_sub):
+
+2009-01-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        On x86-64 allow JSImmediate to encode 64-bit double precision values.
+        This patch only affects builds that set USE(ALTERNATE_JSIMMEDIATE).
+        Updates the implementation of JSValuePtr:: and JSImmediate:: methods
+        that operate on neumeric values to be be aware of the new representation.
+        When this representation is in use, the class JSNumberCell is redundant
+        and is compiled out.
+
+        The format of the new immediate representation is documented in JSImmediate.h.
+
+        * JavaScriptCore.exp:
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::subPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::subq_rr):
+        (JSC::X86Assembler::movq_rr):
+        (JSC::X86Assembler::ucomisd_rr):
+        (JSC::X86Assembler::X86InstructionFormatter::twoByteOp64):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_lshift):
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArith_op_bitand):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArith_op_post_inc):
+        (JSC::JIT::compileFastArith_op_post_dec):
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileFastArith_op_pre_dec):
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpIfBothJSCells):
+        (JSC::JIT::emitJumpIfEitherNumber):
+        (JSC::JIT::emitJumpIfNotEitherNumber):
+        (JSC::JIT::emitJumpIfImmediateIntegerNumber):
+        (JSC::JIT::emitJumpIfNotImmediateIntegerNumber):
+        (JSC::JIT::emitJumpIfNotImmediateIntegerNumbers):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmediateIntegerNumber):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmediateIntegerNumbers):
+        (JSC::JIT::emitFastArithDeTagImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+        * runtime/JSCell.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject):
+        (JSC::JSImmediate::toObject):
+        (JSC::JSImmediate::toString):
+        * runtime/JSImmediate.h:
+        (JSC::wtf_reinterpret_cast):
+        (JSC::JSImmediate::isNumber):
+        (JSC::JSImmediate::isIntegerNumber):
+        (JSC::JSImmediate::isDoubleNumber):
+        (JSC::JSImmediate::isPositiveIntegerNumber):
+        (JSC::JSImmediate::areBothImmediateIntegerNumbers):
+        (JSC::JSImmediate::makeInt):
+        (JSC::JSImmediate::makeDouble):
+        (JSC::JSImmediate::doubleValue):
+        (JSC::doubleToBoolean):
+        (JSC::JSImmediate::toBoolean):
+        (JSC::JSImmediate::getTruncatedUInt32):
+        (JSC::JSImmediate::makeOutOfIntegerRange):
+        (JSC::JSImmediate::from):
+        (JSC::JSImmediate::getTruncatedInt32):
+        (JSC::JSImmediate::toDouble):
+        (JSC::JSImmediate::getUInt32):
+        (JSC::JSValuePtr::isInt32Fast):
+        (JSC::JSValuePtr::isUInt32Fast):
+        (JSC::JSValuePtr::areBothInt32Fast):
+        (JSC::JSFastMath::canDoFastBitwiseOperations):
+        (JSC::JSFastMath::xorImmediateNumbers):
+        (JSC::JSFastMath::canDoFastRshift):
+        (JSC::JSFastMath::canDoFastUrshift):
+        (JSC::JSFastMath::rightShiftImmediateNumbers):
+        (JSC::JSFastMath::canDoFastAdditiveOperations):
+        (JSC::JSFastMath::addImmediateNumbers):
+        (JSC::JSFastMath::subImmediateNumbers):
+        * runtime/JSNumberCell.cpp:
+        (JSC::jsNumberCell):
+        * runtime/JSNumberCell.h:
+        (JSC::createNumberStructure):
+        (JSC::isNumberCell):
+        (JSC::asNumberCell):
+        (JSC::jsNumber):
+        (JSC::JSValuePtr::isDoubleNumber):
+        (JSC::JSValuePtr::getDoubleNumber):
+        (JSC::JSValuePtr::isNumber):
+        (JSC::JSValuePtr::uncheckedGetNumber):
+        (JSC::jsNaN):
+        (JSC::JSValuePtr::getNumber):
+        (JSC::JSValuePtr::numberToInt32):
+        (JSC::JSValuePtr::numberToUInt32):
+        * runtime/JSValue.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::numberConstructorNegInfinity):
+        (JSC::numberConstructorPosInfinity):
+        (JSC::numberConstructorMaxValue):
+        (JSC::numberConstructorMinValue):
+        * runtime/NumberObject.cpp:
+        (JSC::constructNumber):
+        * runtime/NumberObject.h:
+        * runtime/Operations.h:
+        (JSC::JSValuePtr::equal):
+        (JSC::JSValuePtr::equalSlowCaseInline):
+        (JSC::JSValuePtr::strictEqual):
+        (JSC::JSValuePtr::strictEqualSlowCaseInline):
+        * wtf/Platform.h:
+
+2009-01-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        <rdar://problem/6045018>
+        REGRESSION (r34838): JavaScript objects appear to be leaked after loading google.com
+
+        Subtract the number of JSStrings cached in SmallStrings when calculating the
+        number of live JSObjects.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::objectCount):
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStrings::count):
+        * runtime/SmallStrings.h:
+
+2009-01-15  Sam Weinig  <sam@webkit.org>
+
+        Fix Qt build.
+
+        * runtime/Collector.cpp:
+
+2009-01-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix crash seen running fast/canvas.
+
+        Make sure to mark the ScopeNode and CodeBlock being created
+        in the re-parse for exception information.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::mark):
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+
+2009-01-15  Craig Schlenter  <craig.schlenter@gmail.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23347
+        Compilation of JavaScriptCore/wtf/ThreadingPthreads.cpp fails on Linux
+
+        * wtf/ThreadingPthreads.cpp: included limits.h as INT_MAX is defined there.
+
+2009-01-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 23225: REGRESSION: Assertion failure in reparseInPlace() (m_sourceElements) at sfgate.com
+        <https://bugs.webkit.org/show_bug.cgi?id=23225> <rdar://problem/6487432>
+
+        Character position for open and closing brace was incorrectly referencing m_position to
+        record their position in a source document, however this is unsafe as BOMs may lead to
+        m_position being an arbitrary position from the real position of the current character.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::matchPunctuator):
+
+2009-01-14  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 23153: JSC build always touches JavaScriptCore/docs/bytecode.html
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23153>
+
+        Reviewed by Darin Adler.
+
+        Instead of building bytecode.html into ${SRCROOT}/docs/bytecode.html, build it
+        into ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore/docs/bytecode.html.
+
+        Also fixes make-bytecode-docs.pl to actually generate documentation.
+
+        * DerivedSources.make: Changed bytecode.html to be built into local docs
+        directory in ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added "/docs" to the end of the
+        "mkdir -p" command so that the docs subdirectory is automatically created.
+        * docs/make-bytecode-docs.pl: Changed BEGIN_OPCODE to DEFINE_OPCODE so that
+        documentation is actually generated.
+
+2009-01-14  Adam Treat  <adam.treat@torchmobile.com>
+
+        Build fix for Qt from Dmitry Titov.
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::ThreadCondition::timedWait):
+
+2009-01-14  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 22903: REGRESSION (r36267): visiting this site reliably crashes WebKit nightly
+
+        EvalCodeBlock's do not reference the functions that are declared inside the eval
+        code, this means that simply marking the EvalCodeBlock through the global object
+        is insufficient to mark the declared functions.  This patch corrects this by
+        explicitly marking the CodeBlocks of all the functions declared in the cached
+        EvalNode.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::mark):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::hasFunctions):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::mark):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::mark):
+        (JSC::EvalNode::mark):
+        * parser/Nodes.h:
+
+2009-01-14  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23312
+        Implement MessageQueue::waitForMessageTimed()
+        Also fixed ThreadCondition::timedWait() to take absolute time, as discussed on webkit-dev.
+        Win32 version of timedWait still has to be implemented.
+
+        * wtf/MessageQueue.h:
+        (WTF::MessageQueueWaitResult: new enum for the result of MessageQueue::waitForMessageTimed.
+        (WTF::MessageQueue::waitForMessage):
+        (WTF::MessageQueue::waitForMessageTimed): New method.
+        * wtf/Threading.h:
+        * wtf/ThreadingGtk.cpp:
+        (WTF::ThreadCondition::timedWait): changed to use absolute time instead of interval.
+        * wtf/ThreadingNone.cpp:
+        (WTF::ThreadCondition::timedWait): ditto.
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::ThreadCondition::timedWait): ditto.
+        * wtf/ThreadingQt.cpp:
+        (WTF::ThreadCondition::timedWait): ditto.
+        * wtf/ThreadingWin.cpp:
+        (WTF::ThreadCondition::timedWait): ditto. The actual Win32 code is still to be implemented.
+
+2009-01-14  Dean McNamee  <deanm@chromium.org>
+
+        Reviewed by Darin Adler and Oliver hunt.
+
+        Correctly match allocation functions by implementing a custom deref().
+
+        https://bugs.webkit.org/show_bug.cgi?id=23315
+
+        * runtime/ByteArray.h:
+        (JSC::ByteArray::deref):
+        (JSC::ByteArray::ByteArray):
+
+2009-01-14  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by John Sullivan.
+
+        - update copyright
+
+        * Info.plist:
+
+2009-01-13  Beth Dakin  <bdakin@apple.com>
+
+        Reviewed by Darin Adler and Oliver Hunt.
+
+        <rdar://problem/6489314> REGRESSION: Business widget's front side 
+        fails to render correctly when flipping widget
+
+        The problem here is that parseInt was parsing NaN as 0. This patch 
+        corrects that by parsing NaN as NaN. This matches our old behavior 
+        and Firefox. 
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
+2009-01-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for: https://bugs.webkit.org/show_bug.cgi?id=23292
+
+        Implementation of two argument canDoFastAdditiveOperations does not correlate well with reality.
+
+        * runtime/JSImmediate.h:
+        (JSC::JSFastMath::canDoFastAdditiveOperations):
+
+2009-01-13  Zalan Bujtas  <zbujtas@gmail.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23290
+        Fix JSImmediate::isImmediate(src) to !src->isCell()
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2009-01-13  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23281
+        Fix the Chromium Win build.
+        Need to use PLATFORM(WIN_OS) instead of PLATFORM(WIN).
+        Moved GTK and WX up in #if sequence because they could come with WIN_OS too,
+        while they have their own implementation even on Windows.
+
+        * wtf/CurrentTime.cpp:
+        (WTF::currentTime):
+
+2009-01-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Make the JSImmediate interface private.
+
+        All manipulation of JS values should be through the JSValuePtr class, not by using JSImmediate
+        directly.  The key missing methods on JSValuePtr are:
+
+            * isCell() - check for values that are JSCell*s, and as such where asCell() may be used.
+            * isInt32Fast() getInt32Fast() - fast check/access for integer immediates.
+            * isUInt32Fast() getUInt32Fast() - ditto for unsigned integer immediates.
+
+        The JIT is allowed full access to JSImmediate, since it needs to be able to directly
+        manipulate JSValuePtrs.  The Interpreter is provided access to perform operations directly
+        on JSValuePtrs through the new JSFastMath interface.
+
+        No performance impact.
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::toNumber):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        * JavaScriptCore.exp:
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::isKnownNotImmediate):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::keyForImmediateSwitch):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
+        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
+        * interpreter/Interpreter.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAdd):
+        (JSC::jsIsObjectType):
+        (JSC::cachePrototypeChain):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_get_by_val_byte_array):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_put_by_val_byte_array):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_call_eval):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_vm_throw):
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::isJSArray):
+        (JSC::Interpreter::isJSString):
+        (JSC::Interpreter::isJSByteArray):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        (JSC::JIT::isStrictEqCaseHandledInJITCode):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArith_op_bitand):
+        (JSC::JIT::compileFastArith_op_mod):
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperandImmediateInt):
+        (JSC::JIT::isOperandConstantImmediateInt):
+        * parser/Nodes.cpp:
+        (JSC::processClauseList):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/Collector.cpp:
+        (JSC::Heap::protect):
+        (JSC::Heap::unprotect):
+        (JSC::Heap::heap):
+        * runtime/JSByteArray.cpp:
+        (JSC::JSByteArray::getOwnPropertySlot):
+        * runtime/JSByteArray.h:
+        (JSC::JSByteArray::getIndex):
+        * runtime/JSCell.cpp:
+        * runtime/JSCell.h:
+        (JSC::JSValuePtr::isNumberCell):
+        (JSC::JSValuePtr::asCell):
+        (JSC::JSValuePtr::isNumber):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+        * runtime/JSImmediate.h:
+        (JSC::js0):
+        (JSC::jsImpossibleValue):
+        (JSC::JSValuePtr::toInt32):
+        (JSC::JSValuePtr::toUInt32):
+        (JSC::JSValuePtr::isCell):
+        (JSC::JSValuePtr::isInt32Fast):
+        (JSC::JSValuePtr::getInt32Fast):
+        (JSC::JSValuePtr::isUInt32Fast):
+        (JSC::JSValuePtr::getUInt32Fast):
+        (JSC::JSValuePtr::makeInt32Fast):
+        (JSC::JSValuePtr::areBothInt32Fast):
+        (JSC::JSFastMath::canDoFastBitwiseOperations):
+        (JSC::JSFastMath::equal):
+        (JSC::JSFastMath::notEqual):
+        (JSC::JSFastMath::andImmediateNumbers):
+        (JSC::JSFastMath::xorImmediateNumbers):
+        (JSC::JSFastMath::orImmediateNumbers):
+        (JSC::JSFastMath::canDoFastRshift):
+        (JSC::JSFastMath::canDoFastUrshift):
+        (JSC::JSFastMath::rightShiftImmediateNumbers):
+        (JSC::JSFastMath::canDoFastAdditiveOperations):
+        (JSC::JSFastMath::addImmediateNumbers):
+        (JSC::JSFastMath::subImmediateNumbers):
+        (JSC::JSFastMath::incImmediateNumber):
+        (JSC::JSFastMath::decImmediateNumber):
+        * runtime/JSNumberCell.h:
+        (JSC::JSValuePtr::asNumberCell):
+        (JSC::jsNumber):
+        (JSC::JSValuePtr::uncheckedGetNumber):
+        (JSC::JSNumberCell::toInt32):
+        (JSC::JSNumberCell::toUInt32):
+        (JSC::JSValuePtr::toJSNumber):
+        (JSC::JSValuePtr::getNumber):
+        (JSC::JSValuePtr::numberToInt32):
+        (JSC::JSValuePtr::numberToUInt32):
+        * runtime/JSObject.h:
+        (JSC::JSValuePtr::isObject):
+        (JSC::JSValuePtr::get):
+        (JSC::JSValuePtr::put):
+        * runtime/JSValue.cpp:
+        (JSC::JSValuePtr::toInteger):
+        (JSC::JSValuePtr::toIntegerPreserveNaN):
+        * runtime/JSValue.h:
+        * runtime/Operations.cpp:
+        (JSC::JSValuePtr::equalSlowCase):
+        (JSC::JSValuePtr::strictEqualSlowCase):
+        * runtime/Operations.h:
+        (JSC::JSValuePtr::equal):
+        (JSC::JSValuePtr::equalSlowCaseInline):
+        (JSC::JSValuePtr::strictEqual):
+        (JSC::JSValuePtr::strictEqualSlowCaseInline):
+        * runtime/Protect.h:
+        (JSC::gcProtect):
+        (JSC::gcUnprotect):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        * runtime/Structure.cpp:
+        (JSC::Structure::createCachedPrototypeChain):
+
+2009-01-12  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Since date time functions have moved here, now the wx port JSC
+        needs to depend on wx.
+
+        * jscore.bkl:
+
+2009-01-11  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23245
+
+        Add initializeThreading to key places in JS API to ensure that
+        UString is properly initialized.
+
+        * API/JSContextRef.cpp:
+        (JSContextGroupCreate):
+        (JSGlobalContextCreate):
+        * API/JSObjectRef.cpp:
+        (JSClassCreate):
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters):
+        (JSStringCreateWithUTF8CString):
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+
+2009-01-11  David Levin  <levin@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23175
+
+        Separate out BaseString information from UString::Rep and make all baseString access go through
+        a member function, so that it may be used for something else (in the future) in the BaseString
+        case.
+
+        * runtime/SmallStrings.cpp:
+        (JSC::SmallStringsStorage::rep):
+        (JSC::SmallStringsStorage::SmallStringsStorage):
+        (JSC::SmallStrings::SmallStrings):
+        (JSC::SmallStrings::mark):
+        Adjust to account for the changes in UString and put the UString in place in
+        SmallStringsStorage to aid in locality of reference among the UChar[] and UString::Rep's.
+
+        * runtime/SmallStrings.h:
+        * runtime/UString.cpp:
+        (JSC::initializeStaticBaseString):
+        (JSC::initializeUString):
+        (JSC::UString::Rep::create):
+        (JSC::UString::Rep::destroy):
+        (JSC::UString::Rep::checkConsistency):
+        (JSC::expandCapacity):
+        (JSC::UString::expandPreCapacity):
+        (JSC::concatenate):
+        (JSC::UString::append):
+        (JSC::UString::operator=):
+        * runtime/UString.h:
+        (JSC::UString::Rep::baseIsSelf):
+        (JSC::UString::Rep::setBaseString):
+        (JSC::UString::Rep::baseString):
+        (JSC::UString::Rep::):
+        (JSC::UString::Rep::null):
+        (JSC::UString::Rep::empty):
+        (JSC::UString::Rep::data):
+        (JSC::UString::cost):
+        Separate out the items out used by base strings from those used in Rep's that only
+        point to base strings.  (This potentially saves 24 bytes per Rep.)
+
+2009-01-11  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Bug 23239: improve handling of unused arguments in JavaScriptCore
+        https://bugs.webkit.org/show_bug.cgi?id=23239
+
+        * runtime/DatePrototype.cpp: Moved LocaleDateTimeFormat enum outside #if
+        so we can use this on all platforms. Changed valueOf to share the same
+        function with getTime, since the contents of the two are identical. Removed
+        a FIXME since the idea isn't really specific enough or helpful enough to
+        need to sit here in the source code.
+        (JSC::formatLocaleDate): Changed the Mac version of this function to take
+        the same arguments as the non-Mac version so the caller doesn't have to
+        special-case the two platforms. Also made the formatString array be const;
+        before the characters were, but the array was a modifiable global variable.
+        (JSC::dateProtoFuncToLocaleString): Changed to call the new unified
+        version of formatLocaleDate and remove the ifdef.
+        (JSC::dateProtoFuncToLocaleDateString): Ditto.
+        (JSC::dateProtoFuncToLocaleTimeString): Ditto.
+
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::toObject): Use the new ASSERT_UNUSED instead of the
+        old UNUSED_PARAM.
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp): Changed to only use UNUSED_PARAM when the parameter
+        is actually unused.
+
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease): Changed to only use UNUSED_PARAM when the parameter
+        is actually unused.
+        (TCMalloc_SystemCommit): Changed to omit the argument names instead of using
+        UNUSED_PARAM.
+
+2009-01-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix the build (whoops)
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_get_by_val):
+
+2009-01-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler and Anders Carlsson
+
+        Bug 23128: get/put_by_val need to respecialise in the face of ByteArray
+
+        Restructure the code slightly, and add comments per Darin's suggestions
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_get_by_val_byte_array):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_byte_array):
+
+2009-01-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Whoops, I accidentally removed an exception check from fast the
+        fast path for string indexing when i originally landed the
+        byte array logic.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_get_by_val):
+
+2009-01-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        Bug 23128: get/put_by_val need to respecialise in the face of ByteArray
+        <https://bugs.webkit.org/show_bug.cgi?id=23128>
+
+        Fairly simple patch, add specialised versions of cti_op_get/put_by_val
+        that assume ByteArray, thus avoiding a few branches in the case of bytearray
+        manipulation.
+
+        No effect on SunSpider.  15% win on the original testcase.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_get_by_val_byte_array):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_byte_array):
+        * interpreter/Interpreter.h:
+
+2009-01-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Try to fix Windows build.
+
+        * wtf/CurrentTime.cpp: Added a definition of msPerSecond (previously, this code was in
+        DateMath.cpp, with constant definition in DateTime.h)
+
+2009-01-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Try to fix Windows build.
+
+        * wtf/CurrentTime.cpp: Include <sys/types.h> and <sys/timeb.h>, as MSDN says to.
+
+2009-01-11  Dmitry Titov  <dimich@chromium.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23207
+        Moved currentTime() to from WebCore to WTF.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp: added export for WTF::currentTime()
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * runtime/DateMath.cpp:
+        (JSC::getCurrentUTCTimeWithMicroseconds): This function had another implementation of currentTime(), essentially. Now uses WTF version.
+        * wtf/CurrentTime.cpp: Added.
+        (WTF::currentTime):
+        (WTF::highResUpTime):
+        (WTF::lowResUTCTime):
+        (WTF::qpcAvailable):
+        * wtf/CurrentTime.h: Added.
+
+2009-01-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Stage two of converting JSValue from a pointer to a class type.
+        Remove the class JSValue.  The functionallity has been transitioned
+        into the wrapper class type JSValuePtr.
+
+        The last stage will be to rename JSValuePtr to JSValue, remove the
+        overloaded -> operator, and switch operations on JSValuePtrs from
+        using '->' to use '.' instead.
+
+        * API/APICast.h:
+        * JavaScriptCore.exp:
+        * runtime/JSCell.h:
+        (JSC::asCell):
+        (JSC::JSValuePtr::asCell):
+        (JSC::JSValuePtr::isNumber):
+        (JSC::JSValuePtr::isString):
+        (JSC::JSValuePtr::isGetterSetter):
+        (JSC::JSValuePtr::isObject):
+        (JSC::JSValuePtr::getNumber):
+        (JSC::JSValuePtr::getString):
+        (JSC::JSValuePtr::getObject):
+        (JSC::JSValuePtr::getCallData):
+        (JSC::JSValuePtr::getConstructData):
+        (JSC::JSValuePtr::getUInt32):
+        (JSC::JSValuePtr::getTruncatedInt32):
+        (JSC::JSValuePtr::getTruncatedUInt32):
+        (JSC::JSValuePtr::mark):
+        (JSC::JSValuePtr::marked):
+        (JSC::JSValuePtr::toPrimitive):
+        (JSC::JSValuePtr::getPrimitiveNumber):
+        (JSC::JSValuePtr::toBoolean):
+        (JSC::JSValuePtr::toNumber):
+        (JSC::JSValuePtr::toString):
+        (JSC::JSValuePtr::toObject):
+        (JSC::JSValuePtr::toThisObject):
+        (JSC::JSValuePtr::needsThisConversion):
+        (JSC::JSValuePtr::toThisString):
+        (JSC::JSValuePtr::getJSNumber):
+        * runtime/JSImmediate.h:
+        (JSC::JSValuePtr::isUndefined):
+        (JSC::JSValuePtr::isNull):
+        (JSC::JSValuePtr::isUndefinedOrNull):
+        (JSC::JSValuePtr::isBoolean):
+        (JSC::JSValuePtr::getBoolean):
+        (JSC::JSValuePtr::toInt32):
+        (JSC::JSValuePtr::toUInt32):
+        * runtime/JSNumberCell.h:
+        (JSC::JSValuePtr::uncheckedGetNumber):
+        (JSC::JSValuePtr::toJSNumber):
+        * runtime/JSObject.h:
+        (JSC::JSValuePtr::isObject):
+        (JSC::JSValuePtr::get):
+        (JSC::JSValuePtr::put):
+        * runtime/JSString.h:
+        (JSC::JSValuePtr::toThisJSString):
+        * runtime/JSValue.cpp:
+        (JSC::JSValuePtr::toInteger):
+        (JSC::JSValuePtr::toIntegerPreserveNaN):
+        (JSC::JSValuePtr::toInt32SlowCase):
+        (JSC::JSValuePtr::toUInt32SlowCase):
+        * runtime/JSValue.h:
+        (JSC::JSValuePtr::makeImmediate):
+        (JSC::JSValuePtr::immediateValue):
+        (JSC::JSValuePtr::JSValuePtr):
+        (JSC::JSValuePtr::operator->):
+        (JSC::JSValuePtr::operator bool):
+        (JSC::JSValuePtr::operator==):
+        (JSC::JSValuePtr::operator!=):
+        (JSC::JSValuePtr::encode):
+        (JSC::JSValuePtr::decode):
+        (JSC::JSValuePtr::toFloat):
+        (JSC::JSValuePtr::asValue):
+        (JSC::operator==):
+        (JSC::operator!=):
+
+2009-01-09  David Levin  <levin@chromium.org>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23175
+
+        Adjustment to previous patch.  Remove call to initilizeThreading from JSGlobalCreate
+        and fix jsc.cpp instead.
+
+        * jsc.cpp:
+        (main):
+        (jscmain):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::create):
+
+2009-01-09  Sam Weinig  <sam@webkit.org>
+
+        Roll r39720 back in with a working interpreted mode.
+
+2009-01-09  David Levin  <levin@chromium.org>
+
+        Reviewed by Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23175
+
+        Added a template to make the pointer and flags combination
+        in UString more readable and less error prone.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Added PtrAndFlags.h (and sorted the xcode project file).
+
+        * runtime/Identifier.cpp:
+        (JSC::Identifier::add):
+        (JSC::Identifier::addSlowCase):
+        * runtime/InitializeThreading.cpp:
+        (JSC::initializeThreadingOnce):
+        Made the init threading initialize the UString globals.  Before
+        these were initilized using {} but that became harder due to the
+        addition of this tempalte class.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::create):
+        * runtime/PropertyNameArray.cpp:
+        (JSC::PropertyNameArray::add):
+        * runtime/UString.cpp:
+        (JSC::initializeStaticBaseString):
+        (JSC::initializeUString):
+        (JSC::UString::Rep::create):
+        (JSC::UString::Rep::createFromUTF8):
+        (JSC::createRep):
+        (JSC::UString::UString):
+        (JSC::concatenate):
+        (JSC::UString::operator=):
+        (JSC::UString::makeNull):
+        (JSC::UString::nullRep):
+        * runtime/UString.h:
+        (JSC::UString::Rep::identifierTable):
+        (JSC::UString::Rep::setIdentifierTable):
+        (JSC::UString::Rep::isStatic):
+        (JSC::UString::Rep::setStatic):
+        (JSC::UString::Rep::):
+        (JSC::UString::Rep::null):
+        (JSC::UString::Rep::empty):
+        (JSC::UString::isNull):
+        (JSC::UString::null):
+        (JSC::UString::UString):
+
+        * wtf/PtrAndFlags.h: Added.
+        (WTF::PtrAndFlags::PtrAndFlags):
+        (WTF::PtrAndFlags::isFlagSet):
+        (WTF::PtrAndFlags::setFlag):
+        (WTF::PtrAndFlags::clearFlag):
+        (WTF::PtrAndFlags::get):
+        (WTF::PtrAndFlags::set):
+        A simple way to layer together a pointer and 2 flags.  It relies on the pointer being 4 byte aligned,
+        which should happen for all allocators (due to aligning pointers, int's, etc. on 4 byte boundaries).
+
+2009-01-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by -O-l-i-v-e-r- -H-u-n-t- Sam Weinig (sorry, Sam!).
+
+        Encode immediates in the low word of JSValuePtrs, on x86-64.
+
+        On 32-bit platforms a JSValuePtr may represent a 31-bit signed integer.
+        On 64-bit platforms, if USE(ALTERNATE_JSIMMEDIATE) is defined, a full
+        32-bit integer may be stored in an immediate.
+        
+        Presently USE(ALTERNATE_JSIMMEDIATE) uses the same encoding as the default
+        immediate format - the value is left shifted by one, so a one bit tag can
+        be added to indicate the value is an immediate.  However this means that
+        values must be commonly be detagged (by right shifting by one) before
+        arithmetic operations can be performed on immediates.  This patch modifies
+        the formattting so the the high bits of the immediate mark values as being
+        integer.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::not32):
+        (JSC::MacroAssembler::orPtr):
+        (JSC::MacroAssembler::zeroExtend32ToPtr):
+        (JSC::MacroAssembler::jaePtr):
+        (JSC::MacroAssembler::jbPtr):
+        (JSC::MacroAssembler::jnzPtr):
+        (JSC::MacroAssembler::jzPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::notl_r):
+        (JSC::X86Assembler::testq_i32r):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_lshift):
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArith_op_bitand):
+        (JSC::JIT::compileFastArithSlow_op_bitand):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArithSlow_op_mod):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArith_op_post_inc):
+        (JSC::JIT::compileFastArith_op_post_dec):
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileFastArith_op_pre_dec):
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpIfJSCell):
+        (JSC::JIT::emitJumpIfNotJSCell):
+        (JSC::JIT::emitJumpIfImmNum):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
+        (JSC::JIT::emitFastArithDeTagImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithImmToInt):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+        (JSC::JIT::emitTagAsBoolImmediate):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::resizePropertyStorage):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::isNumber):
+        (JSC::JSImmediate::isPositiveNumber):
+        (JSC::JSImmediate::areBothImmediateNumbers):
+        (JSC::JSImmediate::xorImmediateNumbers):
+        (JSC::JSImmediate::rightShiftImmediateNumbers):
+        (JSC::JSImmediate::canDoFastAdditiveOperations):
+        (JSC::JSImmediate::addImmediateNumbers):
+        (JSC::JSImmediate::subImmediateNumbers):
+        (JSC::JSImmediate::makeInt):
+        (JSC::JSImmediate::toBoolean):
+        * wtf/Platform.h:
+
+2009-01-08  Sam Weinig  <sam@webkit.org>
+
+        Revert r39720. It broke Interpreted mode.
+
+2009-01-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=23197
+        Delay creating the PCVector until an exception is thrown
+        Part of <rdar://problem/6469060>
+        Don't store exception information for a CodeBlock until first exception is thrown
+
+        - Change the process for re-parsing/re-generating bytecode for exception information
+          to use data from the original CodeBlock (offsets of GlobalResolve instructions) to
+          aid in creating an identical instruction stream on re-parse, instead of padding
+          interchangeable opcodes, which would result in different JITed code.
+        - Fix bug where the wrong ScopeChainNode was used when re-parsing/regenerating from
+          within some odd modified scope chains.
+        - Lazily create the pcVector by re-JITing the regenerated CodeBlock and stealing the
+          the pcVector from it.
+
+        Saves ~2MB on Membuster head.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
+        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
+        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
+        * bytecode/CodeBlock.h:
+        (JSC::JITCodeRef::JITCodeRef):
+        (JSC::GlobalResolveInfo::GlobalResolveInfo):
+        (JSC::CodeBlock::getBytecodeIndex):
+        (JSC::CodeBlock::addGlobalResolveInstruction):
+        (JSC::CodeBlock::addGlobalResolveInfo):
+        (JSC::CodeBlock::addFunctionRegisterInfo):
+        (JSC::CodeBlock::hasExceptionInfo):
+        (JSC::CodeBlock::pcVector):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+        (JSC::EvalCodeBlock::baseScopeDepth):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitResolve):
+        (JSC::BytecodeGenerator::emitGetScopedVar):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::setRegeneratingForExceptionInfo):
+        * interpreter/Interpreter.cpp:
+        (JSC::bytecodeOffsetForPC):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveLastCaller):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_vm_throw):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * parser/Nodes.cpp:
+        (JSC::EvalNode::generateBytecode):
+        (JSC::EvalNode::bytecodeForExceptionInfoReparse):
+        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
+        * parser/Nodes.h:
+
+2009-01-08  Jian Li  <jianli@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Add Win32 implementation of ThreadSpecific.
+        https://bugs.webkit.org/show_bug.cgi?id=22614
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * wtf/ThreadSpecific.h:
+        (WTF::ThreadSpecific::ThreadSpecific):
+        (WTF::ThreadSpecific::~ThreadSpecific):
+        (WTF::ThreadSpecific::get):
+        (WTF::ThreadSpecific::set):
+        (WTF::ThreadSpecific::destroy):
+        * wtf/ThreadSpecificWin.cpp: Added.
+        (WTF::ThreadSpecificThreadExit):
+        * wtf/ThreadingWin.cpp:
+        (WTF::wtfThreadEntryPoint):
+
+2009-01-08  Justin McPherson <justin.mcpherson@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix compilation with Qt on NetBSD.
+
+        * runtime/Collector.cpp:
+        (JSC::currentThreadStackBase): Use PLATFORM(NETBSD) to enter the
+        code path to retrieve the stack base using pthread_attr_get_np.
+        The PTHREAD_NP_H define is not used because the header file does
+        not exist on NetBSD, but the function is declared nevertheless.
+        * wtf/Platform.h: Introduce WTF_PLATFORM_NETBSD.
+
+2009-01-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        <rdar://problem/6469060> Don't store exception information for a CodeBlock until first exception is thrown
+
+        Don't initially store exception information (lineNumber/expressionRange/getByIdExcecptionInfo)
+        in CodeBlocks blocks.  Instead, re-parse for the data on demand and cache it then.
+
+        One important change that was needed to make this work was to pad op_get_global_var with nops to
+        be the same length as op_resolve_global, since one could be replaced for the other on re-parsing,
+        and we want to keep the offsets bytecode offsets the same.
+
+        1.3MB improvement on Membuster head.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Update op_get_global_var to account for the padding.
+        (JSC::CodeBlock::dumpStatistics): Add more statistic dumping.
+        (JSC::CodeBlock::CodeBlock): Initialize m_exceptionInfo.
+        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): Re-parses the CodeBlocks
+        associated SourceCode and steals the ExceptionInfo from it.
+        (JSC::CodeBlock::lineNumberForBytecodeOffset): Creates the exception info on demand.
+        (JSC::CodeBlock::expressionRangeForBytecodeOffset): Ditto.
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset): Ditto.
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::numberOfExceptionHandlers): Updated to account for m_exceptionInfo indirection.
+        (JSC::CodeBlock::addExceptionHandler): Ditto.
+        (JSC::CodeBlock::exceptionHandler): Ditto.
+        (JSC::CodeBlock::clearExceptionInfo): Ditto.
+        (JSC::CodeBlock::addExpressionInfo): Ditto.
+        (JSC::CodeBlock::addGetByIdExceptionInfo): Ditto.
+        (JSC::CodeBlock::numberOfLineInfos): Ditto.
+        (JSC::CodeBlock::addLineInfo): Ditto.
+        (JSC::CodeBlock::lastLineInfo): Ditto.
+
+        * bytecode/Opcode.h: Change length of op_get_global_var to match op_resolve_global.
+
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::dump): Add comment indicating why it is okay not to pass a CallFrame.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate): Clear the exception info after generation for Function and Eval
+        Code when not in regenerate for exception info mode.
+        (JSC::BytecodeGenerator::BytecodeGenerator): Initialize m_regeneratingForExceptionInfo to false.
+        (JSC::BytecodeGenerator::emitGetScopedVar): Pad op_get_global_var with 2 nops.
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::setRegeneratingForExcpeptionInfo): Added.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::throwException): Pass the CallFrame to exception info accessors.
+        (JSC::Interpreter::privateExecute): Ditto.
+        (JSC::Interpreter::retrieveLastCaller): Ditto.
+        (JSC::Interpreter::cti_op_new_error): Ditto.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass): Pass the current bytecode offset instead of hard coding the
+        line number, the stub will do the accessing if it gets called.
+
+        * parser/Nodes.cpp:
+        (JSC::ProgramNode::emitBytecode): Moved.
+        (JSC::ProgramNode::generateBytecode): Moved.
+        (JSC::EvalNode::create): Moved.
+        (JSC::EvalNode::bytecodeForExceptionInfoReparse): Added.
+        (JSC::FunctionBodyNode::generateBytecode): Rename reparse to reparseInPlace.
+        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse): Addded.
+
+        * parser/Nodes.h:
+        (JSC::ScopeNode::features): Added getter.
+        * parser/Parser.cpp:
+        (JSC::Parser::reparseInPlace): Renamed from reparse.
+        * parser/Parser.h:
+        (JSC::Parser::reparse): Added. Re-parses the passed in Node into
+        a new Node.
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createUndefinedVariableError): Pass along CallFrame.
+        (JSC::createInvalidParamError): Ditto.
+        (JSC::createNotAConstructorError): Ditto.
+        (JSC::createNotAFunctionError): Ditto.
+        (JSC::createNotAnObjectError): Ditto.
+
+2009-01-06  Gavin Barraclough  <baraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Replace accidentally removed references in BytecodeGenerator, deleting these
+        will be hindering the sharing of constant numbers and strings.
+
+        The code to add a new constant (either number or string) to their respective
+        map works by attempting to add a null entry, then checking the result of the
+        add for null.  The first time, this should return the null (or noValue).
+        The code checks for null (to see if this is the initial add), and then allocates
+        a new number / string object.  This code relies on the result returned from
+        the add to the map being stored as a reference, such that the allocated object
+        will be stored in the map, and will be resused if the same constant is encountered
+        again.  By failing to use a reference we will be leaking GC object for each
+        additional entry added to the map.  As GC objects they should be clollected,
+        be we should no be allocatin them in the first place.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23158
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitLoad):
+
+2009-01-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6040850> JavaScript register file should use VirtualAlloc on Windows
+
+        Fairly simple, just reserve 4Mb of address space for the
+        register file, and then commit one section at a time.  We
+        don't release committed memory as we drop back, but then
+        mac doesn't either so this probably not too much of a 
+        problem.
+
+        * interpreter/RegisterFile.cpp:
+        (JSC::RegisterFile::~RegisterFile):
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        (JSC::RegisterFile::grow):
+
+2009-01-06  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23142
+        ThreadGlobalData leaks seen on buildbot
+
+        * wtf/ThreadSpecific.h: (WTF::ThreadSpecific::destroy): Temporarily reset the thread
+        specific value to make getter work on Mac OS X.
+
+        * wtf/Platform.h: Touch this file again to make sure all Windows builds use the most recent
+        version of ThreadSpecific.h.
+
+2009-01-05  Gavin Barraclough  <baraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Replace all uses of JSValue* with a new smart pointer type, JSValuePtr.
+        
+        A JavaScript value may be a heap object or boxed primitive, represented by a
+        pointer, or may be an unboxed immediate value, such as an integer.  Since a
+        value may dynamically need to contain either a pointer value or an immediate,
+        we encode immediates as pointer values (since all valid JSCell pointers are
+        allocated at alligned addesses, unaligned addresses are available to encode
+        immediates).  As such all JavaScript values are represented using a JSValue*.
+
+        This implementation is encumbered by a number of constraints.  It ties the
+        JSValue representation to the size of pointer on the platform, which, for
+        example, means that we currently can represent different ranges of integers
+        as immediates on x86 and x86-64.  It also prevents us from overloading the
+        to-boolean conversion used to test for noValue() - effectively forcing us
+        to represent noValue() as 0.  This would potentially be problematic were we
+        to wish to encode integer values differently (e.g. were we to use the v8
+        encoding, where pointers are tagged with 1 and integers with 0, then the
+        immediate integer 0 would conflict with noValue()).
+
+        This patch replaces all usage of JSValue* with a new class, JSValuePtr,
+        which encapsulates the pointer.  JSValuePtr maintains the same interface as
+        JSValue*, overloading operator-> and operator bool such that previous
+        operations in the code on variables of type JSValue* are still supported.
+
+        In order to provide a ProtectPtr<> type with support for the new value
+        representation (without using the internal JSValue type directly), a new
+        ProtectJSValuePtr type has been added, equivalent to the previous type
+        ProtectPtr<JSValue>.
+
+        This patch is likely the first in a sequence of three changes.  With the
+        value now encapsulated it will likely make sense to migrate the functionality
+        from JSValue into JSValuePtr, such that the internal pointer representation
+        need not be exposed.  Through migrating the functionality to the wrapper
+        class the existing JSValue should be rendered redundant, and the class is
+        likely to be removed (the JSValuePtr now wrapping a pointer to a JSCell).
+        At this stage it will likely make sense to rename JSValuePtr to JSValue.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23114
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::call):
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructure):
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructure):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::asCallbackObject):
+        (JSC::::put):
+        (JSC::::hasInstance):
+        (JSC::::call):
+        (JSC::::staticValueGetter):
+        (JSC::::staticFunctionGetter):
+        (JSC::::callbackGetter):
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor):
+        (JSObjectSetPrototype):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        (JSValueIsUndefined):
+        (JSValueIsNull):
+        (JSValueIsBoolean):
+        (JSValueIsNumber):
+        (JSValueIsString):
+        (JSValueIsObject):
+        (JSValueIsObjectOfClass):
+        (JSValueIsEqual):
+        (JSValueIsStrictEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueToBoolean):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * JavaScriptCore.exp:
+        * bytecode/CodeBlock.cpp:
+        (JSC::valueToSourceString):
+        (JSC::constantName):
+        (JSC::CodeBlock::dump):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::getConstant):
+        (JSC::CodeBlock::addUnexpectedConstant):
+        (JSC::CodeBlock::unexpectedConstant):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::addConstant):
+        (JSC::BytecodeGenerator::addUnexpectedConstant):
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitLoadJSV):
+        (JSC::BytecodeGenerator::emitGetScopedVar):
+        (JSC::BytecodeGenerator::emitPutScopedVar):
+        (JSC::BytecodeGenerator::emitNewError):
+        (JSC::keyForImmediateSwitch):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
+        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * debugger/DebuggerCallFrame.h:
+        (JSC::DebuggerCallFrame::DebuggerCallFrame):
+        (JSC::DebuggerCallFrame::exception):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::thisValue):
+        * interpreter/CallFrame.h:
+        (JSC::ExecState::setException):
+        (JSC::ExecState::exception):
+        (JSC::ExecState::exceptionSlot):
+        (JSC::ExecState::hadException):
+        * interpreter/Interpreter.cpp:
+        (JSC::fastIsNumber):
+        (JSC::fastToInt32):
+        (JSC::fastToUInt32):
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAddSlowCase):
+        (JSC::jsAdd):
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::jsIsFunctionType):
+        (JSC::Interpreter::resolve):
+        (JSC::Interpreter::resolveSkip):
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::inlineResolveBase):
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::resolveBaseAndProperty):
+        (JSC::Interpreter::resolveBaseAndFunc):
+        (JSC::isNotObject):
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::checkTimeout):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::cachePrototypeChain):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        (JSC::Interpreter::retrieveCaller):
+        (JSC::Interpreter::retrieveLastCaller):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::returnToThrowTrampoline):
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_op_loop_if_less):
+        (JSC::Interpreter::cti_op_loop_if_lesseq):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
+        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
+        (JSC::Interpreter::cti_op_get_by_id_array_fail):
+        (JSC::Interpreter::cti_op_get_by_id_string_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_lesseq):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_resolve_base):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_jless):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_less):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_call_eval):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_next_pname):
+        (JSC::Interpreter::cti_op_typeof):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_is_boolean):
+        (JSC::Interpreter::cti_op_is_number):
+        (JSC::Interpreter::cti_op_is_string):
+        (JSC::Interpreter::cti_op_is_object):
+        (JSC::Interpreter::cti_op_is_function):
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_op_del_by_val):
+        (JSC::Interpreter::cti_op_new_error):
+        (JSC::Interpreter::cti_vm_throw):
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::isJSArray):
+        (JSC::Interpreter::isJSString):
+        * interpreter/Register.h:
+        (JSC::Register::):
+        (JSC::Register::Register):
+        (JSC::Register::jsValue):
+        (JSC::Register::getJSValue):
+        * jit/JIT.cpp:
+        (JSC::):
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        (JSC::):
+        (JSC::JIT::execute):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::getConstantOperand):
+        (JSC::JIT::isOperandConstant31BitImmediateInt):
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        (JSC::JIT::emitInitRegister):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::resizePropertyStorage):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * jsc.cpp:
+        (functionPrint):
+        (functionDebug):
+        (functionGC):
+        (functionVersion):
+        (functionRun):
+        (functionLoad):
+        (functionReadline):
+        (functionQuit):
+        * parser/Nodes.cpp:
+        (JSC::NullNode::emitBytecode):
+        (JSC::ArrayNode::emitBytecode):
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::FunctionCallResolveNode::emitBytecode):
+        (JSC::VoidNode::emitBytecode):
+        (JSC::ConstDeclNode::emitCodeSingle):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::processClauseList):
+        (JSC::EvalNode::emitBytecode):
+        (JSC::FunctionBodyNode::emitBytecode):
+        (JSC::ProgramNode::emitBytecode):
+        * profiler/ProfileGenerator.cpp:
+        (JSC::ProfileGenerator::addParentForConsoleStart):
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::willExecute):
+        (JSC::Profiler::didExecute):
+        (JSC::Profiler::createCallIdentifier):
+        * profiler/Profiler.h:
+        * runtime/ArgList.cpp:
+        (JSC::ArgList::slowAppend):
+        * runtime/ArgList.h:
+        (JSC::ArgList::at):
+        (JSC::ArgList::append):
+        * runtime/Arguments.cpp:
+        (JSC::Arguments::put):
+        * runtime/Arguments.h:
+        (JSC::Arguments::createStructure):
+        (JSC::asArguments):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::callArrayConstructor):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::getProperty):
+        (JSC::putProperty):
+        (JSC::arrayProtoFuncToString):
+        (JSC::arrayProtoFuncToLocaleString):
+        (JSC::arrayProtoFuncJoin):
+        (JSC::arrayProtoFuncConcat):
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        (JSC::arrayProtoFuncReverse):
+        (JSC::arrayProtoFuncShift):
+        (JSC::arrayProtoFuncSlice):
+        (JSC::arrayProtoFuncSort):
+        (JSC::arrayProtoFuncSplice):
+        (JSC::arrayProtoFuncUnShift):
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncMap):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncForEach):
+        (JSC::arrayProtoFuncSome):
+        (JSC::arrayProtoFuncIndexOf):
+        (JSC::arrayProtoFuncLastIndexOf):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::callBooleanConstructor):
+        (JSC::constructBooleanFromImmediateBoolean):
+        * runtime/BooleanConstructor.h:
+        * runtime/BooleanObject.h:
+        (JSC::asBooleanObject):
+        * runtime/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString):
+        (JSC::booleanProtoFuncValueOf):
+        * runtime/CallData.cpp:
+        (JSC::call):
+        * runtime/CallData.h:
+        * runtime/Collector.cpp:
+        (JSC::Heap::protect):
+        (JSC::Heap::unprotect):
+        (JSC::Heap::heap):
+        (JSC::Heap::collect):
+        * runtime/Collector.h:
+        * runtime/Completion.cpp:
+        (JSC::evaluate):
+        * runtime/Completion.h:
+        (JSC::Completion::Completion):
+        (JSC::Completion::value):
+        (JSC::Completion::setValue):
+        (JSC::Completion::isValueCompletion):
+        * runtime/ConstructData.cpp:
+        (JSC::construct):
+        * runtime/ConstructData.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::constructDate):
+        (JSC::callDate):
+        (JSC::dateParse):
+        (JSC::dateNow):
+        (JSC::dateUTC):
+        * runtime/DateInstance.h:
+        (JSC::asDateInstance):
+        * runtime/DatePrototype.cpp:
+        (JSC::dateProtoFuncToString):
+        (JSC::dateProtoFuncToUTCString):
+        (JSC::dateProtoFuncToDateString):
+        (JSC::dateProtoFuncToTimeString):
+        (JSC::dateProtoFuncToLocaleString):
+        (JSC::dateProtoFuncToLocaleDateString):
+        (JSC::dateProtoFuncToLocaleTimeString):
+        (JSC::dateProtoFuncValueOf):
+        (JSC::dateProtoFuncGetTime):
+        (JSC::dateProtoFuncGetFullYear):
+        (JSC::dateProtoFuncGetUTCFullYear):
+        (JSC::dateProtoFuncToGMTString):
+        (JSC::dateProtoFuncGetMonth):
+        (JSC::dateProtoFuncGetUTCMonth):
+        (JSC::dateProtoFuncGetDate):
+        (JSC::dateProtoFuncGetUTCDate):
+        (JSC::dateProtoFuncGetDay):
+        (JSC::dateProtoFuncGetUTCDay):
+        (JSC::dateProtoFuncGetHours):
+        (JSC::dateProtoFuncGetUTCHours):
+        (JSC::dateProtoFuncGetMinutes):
+        (JSC::dateProtoFuncGetUTCMinutes):
+        (JSC::dateProtoFuncGetSeconds):
+        (JSC::dateProtoFuncGetUTCSeconds):
+        (JSC::dateProtoFuncGetMilliSeconds):
+        (JSC::dateProtoFuncGetUTCMilliseconds):
+        (JSC::dateProtoFuncGetTimezoneOffset):
+        (JSC::dateProtoFuncSetTime):
+        (JSC::setNewValueFromTimeArgs):
+        (JSC::setNewValueFromDateArgs):
+        (JSC::dateProtoFuncSetMilliSeconds):
+        (JSC::dateProtoFuncSetUTCMilliseconds):
+        (JSC::dateProtoFuncSetSeconds):
+        (JSC::dateProtoFuncSetUTCSeconds):
+        (JSC::dateProtoFuncSetMinutes):
+        (JSC::dateProtoFuncSetUTCMinutes):
+        (JSC::dateProtoFuncSetHours):
+        (JSC::dateProtoFuncSetUTCHours):
+        (JSC::dateProtoFuncSetDate):
+        (JSC::dateProtoFuncSetUTCDate):
+        (JSC::dateProtoFuncSetMonth):
+        (JSC::dateProtoFuncSetUTCMonth):
+        (JSC::dateProtoFuncSetFullYear):
+        (JSC::dateProtoFuncSetUTCFullYear):
+        (JSC::dateProtoFuncSetYear):
+        (JSC::dateProtoFuncGetYear):
+        * runtime/DatePrototype.h:
+        (JSC::DatePrototype::createStructure):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::callErrorConstructor):
+        * runtime/ErrorPrototype.cpp:
+        (JSC::errorProtoFuncToString):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createInterruptedExecutionException):
+        (JSC::createError):
+        (JSC::createStackOverflowError):
+        (JSC::createUndefinedVariableError):
+        (JSC::createErrorMessage):
+        (JSC::createInvalidParamError):
+        (JSC::createNotAConstructorError):
+        (JSC::createNotAFunctionError):
+        * runtime/ExceptionHelpers.h:
+        * runtime/FunctionConstructor.cpp:
+        (JSC::callFunctionConstructor):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::callFunctionPrototype):
+        (JSC::functionProtoFuncToString):
+        (JSC::functionProtoFuncApply):
+        (JSC::functionProtoFuncCall):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/GetterSetter.cpp:
+        (JSC::GetterSetter::toPrimitive):
+        (JSC::GetterSetter::getPrimitiveNumber):
+        * runtime/GetterSetter.h:
+        (JSC::asGetterSetter):
+        * runtime/InitializeThreading.cpp:
+        * runtime/InternalFunction.h:
+        (JSC::InternalFunction::createStructure):
+        (JSC::asInternalFunction):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::getOwnPropertySlot):
+        (JSC::JSActivation::put):
+        (JSC::JSActivation::putWithAttributes):
+        (JSC::JSActivation::argumentsGetter):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::createStructure):
+        (JSC::asActivation):
+        * runtime/JSArray.cpp:
+        (JSC::storageSize):
+        (JSC::JSArray::JSArray):
+        (JSC::JSArray::getOwnPropertySlot):
+        (JSC::JSArray::put):
+        (JSC::JSArray::putSlowCase):
+        (JSC::JSArray::deleteProperty):
+        (JSC::JSArray::getPropertyNames):
+        (JSC::JSArray::setLength):
+        (JSC::JSArray::pop):
+        (JSC::JSArray::push):
+        (JSC::JSArray::mark):
+        (JSC::JSArray::sort):
+        (JSC::JSArray::compactForSorting):
+        (JSC::JSArray::checkConsistency):
+        (JSC::constructArray):
+        * runtime/JSArray.h:
+        (JSC::JSArray::getIndex):
+        (JSC::JSArray::setIndex):
+        (JSC::JSArray::createStructure):
+        (JSC::asArray):
+        * runtime/JSCell.cpp:
+        (JSC::JSCell::put):
+        (JSC::JSCell::getJSNumber):
+        * runtime/JSCell.h:
+        (JSC::asCell):
+        (JSC::JSValue::asCell):
+        (JSC::JSValue::toPrimitive):
+        (JSC::JSValue::getPrimitiveNumber):
+        (JSC::JSValue::getJSNumber):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::argumentsGetter):
+        (JSC::JSFunction::callerGetter):
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getOwnPropertySlot):
+        (JSC::JSFunction::put):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::createStructure):
+        (JSC::asFunction):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::JSGlobalObject::put):
+        (JSC::JSGlobalObject::putWithAttributes):
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::resetPrototype):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::createStructure):
+        (JSC::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
+        (JSC::asGlobalObject):
+        (JSC::Structure::prototypeForLookup):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::encode):
+        (JSC::decode):
+        (JSC::globalFuncEval):
+        (JSC::globalFuncParseInt):
+        (JSC::globalFuncParseFloat):
+        (JSC::globalFuncIsNaN):
+        (JSC::globalFuncIsFinite):
+        (JSC::globalFuncDecodeURI):
+        (JSC::globalFuncDecodeURIComponent):
+        (JSC::globalFuncEncodeURI):
+        (JSC::globalFuncEncodeURIComponent):
+        (JSC::globalFuncEscape):
+        (JSC::globalFuncUnescape):
+        (JSC::globalFuncJSCPrint):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject):
+        (JSC::JSImmediate::toObject):
+        (JSC::JSImmediate::prototype):
+        (JSC::JSImmediate::toString):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::isImmediate):
+        (JSC::JSImmediate::isNumber):
+        (JSC::JSImmediate::isPositiveNumber):
+        (JSC::JSImmediate::isBoolean):
+        (JSC::JSImmediate::isUndefinedOrNull):
+        (JSC::JSImmediate::isNegative):
+        (JSC::JSImmediate::isEitherImmediate):
+        (JSC::JSImmediate::isAnyImmediate):
+        (JSC::JSImmediate::areBothImmediate):
+        (JSC::JSImmediate::areBothImmediateNumbers):
+        (JSC::JSImmediate::andImmediateNumbers):
+        (JSC::JSImmediate::xorImmediateNumbers):
+        (JSC::JSImmediate::orImmediateNumbers):
+        (JSC::JSImmediate::rightShiftImmediateNumbers):
+        (JSC::JSImmediate::canDoFastAdditiveOperations):
+        (JSC::JSImmediate::addImmediateNumbers):
+        (JSC::JSImmediate::subImmediateNumbers):
+        (JSC::JSImmediate::incImmediateNumber):
+        (JSC::JSImmediate::decImmediateNumber):
+        (JSC::JSImmediate::makeValue):
+        (JSC::JSImmediate::makeInt):
+        (JSC::JSImmediate::makeBool):
+        (JSC::JSImmediate::makeUndefined):
+        (JSC::JSImmediate::makeNull):
+        (JSC::JSImmediate::intValue):
+        (JSC::JSImmediate::uintValue):
+        (JSC::JSImmediate::boolValue):
+        (JSC::JSImmediate::rawValue):
+        (JSC::JSImmediate::trueImmediate):
+        (JSC::JSImmediate::falseImmediate):
+        (JSC::JSImmediate::undefinedImmediate):
+        (JSC::JSImmediate::nullImmediate):
+        (JSC::JSImmediate::zeroImmediate):
+        (JSC::JSImmediate::oneImmediate):
+        (JSC::JSImmediate::impossibleValue):
+        (JSC::JSImmediate::toBoolean):
+        (JSC::JSImmediate::getTruncatedUInt32):
+        (JSC::JSImmediate::from):
+        (JSC::JSImmediate::getTruncatedInt32):
+        (JSC::JSImmediate::toDouble):
+        (JSC::JSImmediate::getUInt32):
+        (JSC::jsNull):
+        (JSC::jsBoolean):
+        (JSC::jsUndefined):
+        (JSC::JSValue::isUndefined):
+        (JSC::JSValue::isNull):
+        (JSC::JSValue::isUndefinedOrNull):
+        (JSC::JSValue::isBoolean):
+        (JSC::JSValue::getBoolean):
+        (JSC::JSValue::toInt32):
+        (JSC::JSValue::toUInt32):
+        (JSC::toInt32):
+        (JSC::toUInt32):
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::toPrimitive):
+        (JSC::JSNotAnObject::getPrimitiveNumber):
+        (JSC::JSNotAnObject::put):
+        * runtime/JSNotAnObject.h:
+        (JSC::JSNotAnObject::createStructure):
+        * runtime/JSNumberCell.cpp:
+        (JSC::JSNumberCell::toPrimitive):
+        (JSC::JSNumberCell::getPrimitiveNumber):
+        (JSC::JSNumberCell::getJSNumber):
+        (JSC::jsNumberCell):
+        (JSC::jsNaN):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructure):
+        (JSC::asNumberCell):
+        (JSC::jsNumber):
+        (JSC::JSValue::toJSNumber):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::put):
+        (JSC::JSObject::putWithAttributes):
+        (JSC::callDefaultValueFunction):
+        (JSC::JSObject::getPrimitiveNumber):
+        (JSC::JSObject::defaultValue):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::lookupGetter):
+        (JSC::JSObject::lookupSetter):
+        (JSC::JSObject::hasInstance):
+        (JSC::JSObject::toNumber):
+        (JSC::JSObject::toString):
+        (JSC::JSObject::fillGetterPropertySlot):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::offsetForLocation):
+        (JSC::JSObject::locationForOffset):
+        (JSC::JSObject::getDirectOffset):
+        (JSC::JSObject::putDirectOffset):
+        (JSC::JSObject::createStructure):
+        (JSC::asObject):
+        (JSC::JSObject::prototype):
+        (JSC::JSObject::setPrototype):
+        (JSC::JSObject::inlineGetOwnPropertySlot):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSObject::getPropertySlot):
+        (JSC::JSObject::get):
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::putDirectWithoutTransition):
+        (JSC::JSObject::toPrimitive):
+        (JSC::JSValue::get):
+        (JSC::JSValue::put):
+        (JSC::JSObject::allocatePropertyStorageInline):
+        * runtime/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::toPrimitive):
+        (JSC::JSPropertyNameIterator::getPrimitiveNumber):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::create):
+        (JSC::JSPropertyNameIterator::next):
+        * runtime/JSStaticScopeObject.cpp:
+        (JSC::JSStaticScopeObject::put):
+        (JSC::JSStaticScopeObject::putWithAttributes):
+        * runtime/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::createStructure):
+        * runtime/JSString.cpp:
+        (JSC::JSString::toPrimitive):
+        (JSC::JSString::getPrimitiveNumber):
+        (JSC::JSString::getOwnPropertySlot):
+        * runtime/JSString.h:
+        (JSC::JSString::createStructure):
+        (JSC::asString):
+        * runtime/JSValue.h:
+        (JSC::JSValuePtr::makeImmediate):
+        (JSC::JSValuePtr::immediateValue):
+        (JSC::JSValuePtr::JSValuePtr):
+        (JSC::JSValuePtr::operator->):
+        (JSC::JSValuePtr::hasValue):
+        (JSC::JSValuePtr::operator==):
+        (JSC::JSValuePtr::operator!=):
+        (JSC::JSValuePtr::encode):
+        (JSC::JSValuePtr::decode):
+        (JSC::JSValue::asValue):
+        (JSC::noValue):
+        (JSC::operator==):
+        (JSC::operator!=):
+        * runtime/JSVariableObject.h:
+        (JSC::JSVariableObject::symbolTablePut):
+        (JSC::JSVariableObject::symbolTablePutWithAttributes):
+        * runtime/JSWrapperObject.cpp:
+        (JSC::JSWrapperObject::mark):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::internalValue):
+        (JSC::JSWrapperObject::setInternalValue):
+        * runtime/Lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * runtime/Lookup.h:
+        (JSC::lookupPut):
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncAbs):
+        (JSC::mathProtoFuncACos):
+        (JSC::mathProtoFuncASin):
+        (JSC::mathProtoFuncATan):
+        (JSC::mathProtoFuncATan2):
+        (JSC::mathProtoFuncCeil):
+        (JSC::mathProtoFuncCos):
+        (JSC::mathProtoFuncExp):
+        (JSC::mathProtoFuncFloor):
+        (JSC::mathProtoFuncLog):
+        (JSC::mathProtoFuncMax):
+        (JSC::mathProtoFuncMin):
+        (JSC::mathProtoFuncPow):
+        (JSC::mathProtoFuncRandom):
+        (JSC::mathProtoFuncRound):
+        (JSC::mathProtoFuncSin):
+        (JSC::mathProtoFuncSqrt):
+        (JSC::mathProtoFuncTan):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::callNativeErrorConstructor):
+        * runtime/NumberConstructor.cpp:
+        (JSC::numberConstructorNaNValue):
+        (JSC::numberConstructorNegInfinity):
+        (JSC::numberConstructorPosInfinity):
+        (JSC::numberConstructorMaxValue):
+        (JSC::numberConstructorMinValue):
+        (JSC::callNumberConstructor):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.cpp:
+        (JSC::NumberObject::getJSNumber):
+        (JSC::constructNumberFromImmediateNumber):
+        * runtime/NumberObject.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::numberProtoFuncToString):
+        (JSC::numberProtoFuncToLocaleString):
+        (JSC::numberProtoFuncValueOf):
+        (JSC::numberProtoFuncToFixed):
+        (JSC::numberProtoFuncToExponential):
+        (JSC::numberProtoFuncToPrecision):
+        * runtime/ObjectConstructor.cpp:
+        (JSC::constructObject):
+        (JSC::callObjectConstructor):
+        * runtime/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncValueOf):
+        (JSC::objectProtoFuncHasOwnProperty):
+        (JSC::objectProtoFuncIsPrototypeOf):
+        (JSC::objectProtoFuncDefineGetter):
+        (JSC::objectProtoFuncDefineSetter):
+        (JSC::objectProtoFuncLookupGetter):
+        (JSC::objectProtoFuncLookupSetter):
+        (JSC::objectProtoFuncPropertyIsEnumerable):
+        (JSC::objectProtoFuncToLocaleString):
+        (JSC::objectProtoFuncToString):
+        * runtime/ObjectPrototype.h:
+        * runtime/Operations.cpp:
+        (JSC::equal):
+        (JSC::equalSlowCase):
+        (JSC::strictEqual):
+        (JSC::strictEqualSlowCase):
+        (JSC::throwOutOfMemoryError):
+        * runtime/Operations.h:
+        (JSC::equalSlowCaseInline):
+        (JSC::strictEqualSlowCaseInline):
+        * runtime/PropertySlot.cpp:
+        (JSC::PropertySlot::functionGetter):
+        * runtime/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot):
+        (JSC::PropertySlot::getValue):
+        (JSC::PropertySlot::putValue):
+        (JSC::PropertySlot::setValueSlot):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setCustom):
+        (JSC::PropertySlot::setCustomIndex):
+        (JSC::PropertySlot::slotBase):
+        (JSC::PropertySlot::setBase):
+        (JSC::PropertySlot::):
+        * runtime/Protect.h:
+        (JSC::gcProtect):
+        (JSC::gcUnprotect):
+        (JSC::ProtectedPtr::ProtectedPtr):
+        (JSC::ProtectedPtr::operator JSValuePtr):
+        (JSC::ProtectedJSValuePtr::ProtectedJSValuePtr):
+        (JSC::ProtectedJSValuePtr::get):
+        (JSC::ProtectedJSValuePtr::operator JSValuePtr):
+        (JSC::ProtectedJSValuePtr::operator->):
+        (JSC::::ProtectedPtr):
+        (JSC::::~ProtectedPtr):
+        (JSC::::operator):
+        (JSC::ProtectedJSValuePtr::~ProtectedJSValuePtr):
+        (JSC::ProtectedJSValuePtr::operator=):
+        (JSC::operator==):
+        (JSC::operator!=):
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::getBackref):
+        (JSC::RegExpConstructor::getLastParen):
+        (JSC::RegExpConstructor::getLeftContext):
+        (JSC::RegExpConstructor::getRightContext):
+        (JSC::regExpConstructorDollar1):
+        (JSC::regExpConstructorDollar2):
+        (JSC::regExpConstructorDollar3):
+        (JSC::regExpConstructorDollar4):
+        (JSC::regExpConstructorDollar5):
+        (JSC::regExpConstructorDollar6):
+        (JSC::regExpConstructorDollar7):
+        (JSC::regExpConstructorDollar8):
+        (JSC::regExpConstructorDollar9):
+        (JSC::regExpConstructorInput):
+        (JSC::regExpConstructorMultiline):
+        (JSC::regExpConstructorLastMatch):
+        (JSC::regExpConstructorLastParen):
+        (JSC::regExpConstructorLeftContext):
+        (JSC::regExpConstructorRightContext):
+        (JSC::RegExpConstructor::put):
+        (JSC::setRegExpConstructorInput):
+        (JSC::setRegExpConstructorMultiline):
+        (JSC::constructRegExp):
+        (JSC::callRegExpConstructor):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        (JSC::asRegExpConstructor):
+        * runtime/RegExpMatchesArray.h:
+        (JSC::RegExpMatchesArray::put):
+        * runtime/RegExpObject.cpp:
+        (JSC::regExpObjectGlobal):
+        (JSC::regExpObjectIgnoreCase):
+        (JSC::regExpObjectMultiline):
+        (JSC::regExpObjectSource):
+        (JSC::regExpObjectLastIndex):
+        (JSC::RegExpObject::put):
+        (JSC::setRegExpObjectLastIndex):
+        (JSC::RegExpObject::test):
+        (JSC::RegExpObject::exec):
+        (JSC::callRegExpObject):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        (JSC::asRegExpObject):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest):
+        (JSC::regExpProtoFuncExec):
+        (JSC::regExpProtoFuncCompile):
+        (JSC::regExpProtoFuncToString):
+        * runtime/StringConstructor.cpp:
+        (JSC::stringFromCharCodeSlowCase):
+        (JSC::stringFromCharCode):
+        (JSC::callStringConstructor):
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::put):
+        * runtime/StringObject.h:
+        (JSC::StringObject::createStructure):
+        (JSC::asStringObject):
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncToString):
+        (JSC::stringProtoFuncCharAt):
+        (JSC::stringProtoFuncCharCodeAt):
+        (JSC::stringProtoFuncConcat):
+        (JSC::stringProtoFuncIndexOf):
+        (JSC::stringProtoFuncLastIndexOf):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        (JSC::stringProtoFuncSlice):
+        (JSC::stringProtoFuncSplit):
+        (JSC::stringProtoFuncSubstr):
+        (JSC::stringProtoFuncSubstring):
+        (JSC::stringProtoFuncToLowerCase):
+        (JSC::stringProtoFuncToUpperCase):
+        (JSC::stringProtoFuncLocaleCompare):
+        (JSC::stringProtoFuncBig):
+        (JSC::stringProtoFuncSmall):
+        (JSC::stringProtoFuncBlink):
+        (JSC::stringProtoFuncBold):
+        (JSC::stringProtoFuncFixed):
+        (JSC::stringProtoFuncItalics):
+        (JSC::stringProtoFuncStrike):
+        (JSC::stringProtoFuncSub):
+        (JSC::stringProtoFuncSup):
+        (JSC::stringProtoFuncFontcolor):
+        (JSC::stringProtoFuncFontsize):
+        (JSC::stringProtoFuncAnchor):
+        (JSC::stringProtoFuncLink):
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure):
+        (JSC::Structure::changePrototypeTransition):
+        (JSC::Structure::createCachedPrototypeChain):
+        * runtime/Structure.h:
+        (JSC::Structure::create):
+        (JSC::Structure::setPrototypeWithoutTransition):
+        (JSC::Structure::storedPrototype):
+
+2009-01-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23085> [jsfunfuzz] Over released ScopeChainNode
+        <rdar://problem/6474110>
+
+        So this delightful bug was caused by our unwind code using a ScopeChain to perform
+        the unwind.  The ScopeChain would ref the initial top of the scope chain, then deref
+        the resultant top of scope chain, which is incorrect.
+
+        This patch removes the dependency on ScopeChain for the unwind, and i've filed
+        <https://bugs.webkit.org/show_bug.cgi?id=23144> to look into the unintuitive
+        ScopeChain behaviour.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::throwException):
+
+2009-01-06  Adam Roben  <aroben@apple.com>
+
+        Hopeful Windows crash-on-launch fix
+
+        * wtf/Platform.h: Force a world rebuild by touching this file.
+
+2009-01-06  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by NOBODY (Build fix).
+
+        * GNUmakefile.am:Add ByteArray.cpp too
+
+2009-01-06  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by NOBODY (Speculative build fix).
+
+        AllInOneFile.cpp does not include the JSByteArray.cpp include it...
+
+        * GNUmakefile.am:
+
+2009-01-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix Wx build
+
+        * JavaScriptCoreSources.bkl:
+
+2009-01-05  Oliver Hunt  <oliver@apple.com>
+
+        Windows build fixes
+
+        Rubber-stamped by Alice Liu.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        * runtime/ByteArray.cpp:
+        (JSC::ByteArray::create):
+        * runtime/ByteArray.h:
+
+2009-01-05  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        CanvasPixelArray performance is too slow 
+        <https://bugs.webkit.org/show_bug.cgi?id=23123>
+
+        The fix to this is to devirtualise get and put in a manner similar to
+        JSString and JSArray.  To do this I've added a ByteArray implementation
+        and JSByteArray wrapper to JSC.  We can then do vptr comparisons to
+        devirtualise the calls.
+
+        This devirtualisation improves performance by 1.5-2x in my somewhat ad
+        hoc tests.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_put_by_val):
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::isJSByteArray):
+        * runtime/ByteArray.cpp: Added.
+        (JSC::ByteArray::create):
+        * runtime/ByteArray.h: Added.
+        (JSC::ByteArray::length):
+        (JSC::ByteArray::set):
+        (JSC::ByteArray::get):
+        (JSC::ByteArray::data):
+        (JSC::ByteArray::ByteArray):
+        * runtime/JSByteArray.cpp: Added.
+        (JSC::):
+        (JSC::JSByteArray::JSByteArray):
+        (JSC::JSByteArray::createStructure):
+        (JSC::JSByteArray::getOwnPropertySlot):
+        (JSC::JSByteArray::put):
+        (JSC::JSByteArray::getPropertyNames):
+        * runtime/JSByteArray.h: Added.
+        (JSC::JSByteArray::canAccessIndex):
+        (JSC::JSByteArray::getIndex):
+        (JSC::JSByteArray::setIndex):
+        (JSC::JSByteArray::classInfo):
+        (JSC::JSByteArray::length):
+        (JSC::JSByteArray::):
+        (JSC::JSByteArray::JSByteArray):
+        (JSC::asByteArray):
+
+2009-01-05  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23073
+        <rdar://problem/6471129> Workers crash on Windows Release builds
+
+        * wtf/ThreadSpecific.h:
+        (WTF::ThreadSpecific::destroy): Changed to clear the pointer only after data object
+        destruction is finished - otherwise, WebCore::ThreadGlobalData destructor was re-creating
+        the object in order to access atomic string table.
+        (WTF::ThreadSpecific::operator T*): Symmetrically, set up the per-thread pointer before
+        data constructor is called.
+
+        * wtf/ThreadingWin.cpp: (WTF::wtfThreadEntryPoint): Remove a Windows-only hack to finalize
+        a thread - pthreadVC2 is a DLL, so it gets thread detached messages, and cleans up thread
+        specific data automatically. Besides, this code wasn't even compiled in for some time now.
+
+2009-01-05  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23115
+        Create a version of ASSERT for use with otherwise unused variables
+
+        * wtf/Assertions.h: Added ASSERT_UNUSED.
+
+        * jit/ExecutableAllocatorPosix.cpp:
+        (JSC::ExecutablePool::systemRelease):
+        * runtime/Collector.cpp:
+        (JSC::Heap::destroy):
+        (JSC::Heap::heapAllocate):
+        * runtime/JSNotAnObject.cpp:
+        (JSC::JSNotAnObject::toPrimitive):
+        (JSC::JSNotAnObject::getPrimitiveNumber):
+        (JSC::JSNotAnObject::toBoolean):
+        (JSC::JSNotAnObject::toNumber):
+        (JSC::JSNotAnObject::toString):
+        (JSC::JSNotAnObject::getOwnPropertySlot):
+        (JSC::JSNotAnObject::put):
+        (JSC::JSNotAnObject::deleteProperty):
+        (JSC::JSNotAnObject::getPropertyNames):
+        * wtf/TCSystemAlloc.cpp:
+        (TCMalloc_SystemRelease):
+        Use it in some places that used other idioms for this purpose.
+
+2009-01-04  Alice Liu  <alice.liu@apple.com>
+
+        <rdar://problem/6341776> Merge m_transitionCount and m_offset in Structure.
+
+        Reviewed by Darin Adler.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::Structure): Remove m_transitionCount
+        (JSC::Structure::addPropertyTransitionToExistingStructure): No need to wait until after the assignment to offset to assert if it's notFound; move it up.
+        (JSC::Structure::addPropertyTransition): Use method for transitionCount instead of m_transitionCount. Remove line that maintains the m_transitionCount.
+        (JSC::Structure::changePrototypeTransition): Remove line that maintains the m_transitionCount.
+        (JSC::Structure::getterSetterTransition): Remove line that maintains the m_transitionCount.
+        * runtime/Structure.h:
+        Changed s_maxTransitionLength and m_offset from size_t to signed char.  m_offset will never become greater than 64 
+        because the structure transitions to a dictionary at that time.
+        (JSC::Structure::transitionCount): method to replace the data member
+
+2009-01-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by David Kilzer.
+
+        Bug 15114: Provide compile-time assertions for sizeof(UChar), sizeof(DeprecatedChar), etc.
+        https://bugs.webkit.org/show_bug.cgi?id=15114
+
+        * wtf/unicode/Unicode.h: Assert size of UChar. There is no DeprecatedChar any more.
+
+2009-01-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Change the pcVector from storing native code pointers to storing offsets
+        from the base pointer. This will allow us to generate the pcVector on demand
+        for exceptions.
+
+        * bytecode/CodeBlock.h:
+        (JSC::PC::PC):
+        (JSC::getNativePCOffset):
+        (JSC::CodeBlock::getBytecodeIndex):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+
+2009-01-02  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+        
+        * runtime/ScopeChain.cpp:
+
+2009-01-02  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        [jsfunfuzz] unwind logic for exceptions in eval fails to account for dynamic scope external to the eval
+        https://bugs.webkit.org/show_bug.cgi?id=23078
+
+        This bug was caused by eval codeblocks being generated without accounting
+        for the depth of the scope chain they inherited.  This meant that exception
+        handlers would understate their expected scope chain depth, which in turn
+        led to incorrectly removing nodes from the scope chain.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitCatch):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::depth):
+        * runtime/ScopeChain.cpp:
+        (JSC::ScopeChain::localDepth):
+        * runtime/ScopeChain.h:
+        (JSC::ScopeChainNode::deref):
+        (JSC::ScopeChainNode::ref):
+
+2009-01-02  David Smith  <catfish.man@gmail.com>
+
+        Reviewed by Darin Adler.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22699
+        Enable NodeList caching for getElementsByTagName
+
+        * wtf/HashFunctions.h: Moved the definition of PHI here and renamed to stringHashingStartValue
+
+2009-01-02  David Kilzer  <ddkilzer@apple.com>
+
+        Attempt to fix Qt Linux build after r39553
+
+        * wtf/RandomNumberSeed.h: Include <sys/time.h> for gettimeofday().
+        Include <sys/types.h> and <unistd.h> for getpid().
+
+2009-01-02  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 23081: These files are no longer part of the KDE libraries
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23081>
+
+        Reviewed by Darin Adler.
+
+        Removed "This file is part of the KDE libraries" comment from
+        source files.  Added or updated Apple copyrights as well.
+
+        * parser/Lexer.h:
+        * wtf/HashCountedSet.h:
+        * wtf/RetainPtr.h:
+        * wtf/VectorTraits.h:
+
+2009-01-02  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 23080: Remove last vestiges of KJS references
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23080>
+
+        Reviewed by Darin Adler.
+
+        Also updated Apple copyright statements.
+
+        * DerivedSources.make: Changed bison "kjsyy" prefix to "jscyy".
+        * GNUmakefile.am: Ditto.
+        * JavaScriptCore.pri: Ditto.  Also changed KJSBISON to JSCBISON
+        and kjsbison to jscbison.
+
+        * JavaScriptCoreSources.bkl: Changed JSCORE_KJS_SOURCES to
+        JSCORE_JSC_SOURCES.
+        * jscore.bkl: Ditto.
+
+        * create_hash_table: Updated copyright and removed old comment.
+
+        * parser/Grammar.y: Changed "kjsyy" prefix to "jscyy" prefix.
+        * parser/Lexer.cpp: Ditto.  Also changed KJS_DEBUG_LEX to
+        JSC_DEBUG_LEX.
+        (jscyylex):
+        (JSC::Lexer::lex):
+        * parser/Parser.cpp: Ditto.
+        (JSC::Parser::parse):
+
+        * pcre/dftables: Changed "kjs_pcre_" prefix to "jsc_pcre_".
+        * pcre/pcre_compile.cpp: Ditto.
+        (getOthercaseRange):
+        (encodeUTF8):
+        (compileBranch):
+        (calculateCompiledPatternLength):
+        * pcre/pcre_exec.cpp: Ditto.
+        (matchRef):
+        (getUTF8CharAndIncrementLength):
+        (match):
+        * pcre/pcre_internal.h: Ditto.
+        (toLowerCase):
+        (flipCase):
+        (classBitmapForChar):
+        (charTypeForChar):
+        * pcre/pcre_tables.cpp: Ditto.
+        * pcre/pcre_ucp_searchfuncs.cpp: Ditto.
+        (jsc_pcre_ucp_othercase):
+        * pcre/pcre_xclass.cpp: Ditto.
+        (getUTF8CharAndAdvancePointer):
+        (jsc_pcre_xclass):
+
+        * runtime/Collector.h: Updated header guards using the
+        clean-header-guards script.
+        * runtime/CollectorHeapIterator.h: Added missing header guard.
+        * runtime/Identifier.h: Updated header guards.
+        * runtime/JSFunction.h: Fixed end-of-namespace comment.
+
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset): Renamed "kjsprint" debug function
+        to "jscprint".  Changed implementation method from
+        globalFuncKJSPrint() to globalFuncJSCPrint().
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncJSCPrint): Renamed from globalFuncKJSPrint().
+        * runtime/JSGlobalObjectFunctions.h: Ditto.
+
+        * runtime/JSImmediate.h: Updated header guards.
+        * runtime/JSLock.h: Ditto.
+        * runtime/JSType.h: Ditto.
+        * runtime/JSWrapperObject.h: Ditto.
+        * runtime/Lookup.h: Ditto.
+        * runtime/Operations.h: Ditto.
+        * runtime/Protect.h: Ditto.
+        * runtime/RegExp.h: Ditto.
+        * runtime/UString.h: Ditto.
+
+        * tests/mozilla/js1_5/Array/regress-157652.js: Changed "KJS"
+        reference in comment to "JSC".
+
+        * wrec/CharacterClassConstructor.cpp: Change "kjs_pcre_" function
+        prefixes to "jsc_pcre_".
+        (JSC::WREC::CharacterClassConstructor::put):
+        (JSC::WREC::CharacterClassConstructor::flush):
+
+        * wtf/unicode/Unicode.h: Change "KJS_" header guard to "WTF_".
+        * wtf/unicode/icu/UnicodeIcu.h: Ditto.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+2009-01-02  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Make randomNumber generate 2^53 values instead of 2^32 (or 2^31 for rand() platforms)
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+
+2009-01-02  David Kilzer  <ddkilzer@apple.com>
+
+        Remove declaration for JSC::Identifier::initializeIdentifierThreading()
+
+        Reviewed by Alexey Proskuryakov.
+
+        * runtime/Identifier.h:
+        (JSC::Identifier::initializeIdentifierThreading): Removed
+        declaration since the implementation was removed in r34412.
+
+2009-01-01  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        String.replace does not support $& replacement metacharacter when search term is not a RegExp
+        <https://bugs.webkit.org/show_bug.cgi?id=21431>
+        <rdar://problem/6274993>
+
+        Test: fast/js/string-replace-3.html
+
+        * runtime/StringPrototype.cpp:
+        (JSC::substituteBackreferences): Added a null check here so we won't try to handle $$-$9
+        backreferences when the search term is a string, not a RegExp. Added a check for 0 so we
+        won't try to handle $0 or $00 as a backreference.
+        (JSC::stringProtoFuncReplace): Added a call to substituteBackreferences.
+
+2009-01-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Allow 32-bit integers to be stored in JSImmediates, on x64-bit.
+        Presently the top 32-bits of a 64-bit JSImmediate serve as a sign extension of a 31-bit
+        int stored in the low word (shifted left by one, to make room for a tag).  In the new
+        format, the top 31-bits serve as a sign extension of a 32-bit int, still shifted left by
+        one.
+
+        The new behavior is enabled using a flag in Platform.h, 'WTF_USE_ALTERNATE_JSIMMEDIATE'.
+        When this is set the constants defining the range of ints allowed to be stored as
+        JSImmediate values is extended.  The code in JSImmediate.h can safely operate on either
+        format.  This patch updates the JIT so that it can also operate with the new format.
+
+        ~2% progression on x86-64, with & without the JIT, on sunspider & v8 tests.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::orPtr):
+        (JSC::MacroAssembler::or32):
+        (JSC::MacroAssembler::rshiftPtr):
+        (JSC::MacroAssembler::rshift32):
+        (JSC::MacroAssembler::subPtr):
+        (JSC::MacroAssembler::xorPtr):
+        (JSC::MacroAssembler::xor32):
+        (JSC::MacroAssembler::move):
+        (JSC::MacroAssembler::compareImm64ForBranch):
+        (JSC::MacroAssembler::compareImm64ForBranchEquality):
+        (JSC::MacroAssembler::jePtr):
+        (JSC::MacroAssembler::jgePtr):
+        (JSC::MacroAssembler::jlPtr):
+        (JSC::MacroAssembler::jlePtr):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jnzSubPtr):
+        (JSC::MacroAssembler::joAddPtr):
+        (JSC::MacroAssembler::jzSubPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::addq_rr):
+        (JSC::X86Assembler::orq_ir):
+        (JSC::X86Assembler::subq_ir):
+        (JSC::X86Assembler::xorq_rr):
+        (JSC::X86Assembler::sarq_CLr):
+        (JSC::X86Assembler::sarq_i8r):
+        (JSC::X86Assembler::cmpq_ir):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileFastArith_op_lshift):
+        (JSC::JIT::compileFastArithSlow_op_lshift):
+        (JSC::JIT::compileFastArith_op_rshift):
+        (JSC::JIT::compileFastArithSlow_op_rshift):
+        (JSC::JIT::compileFastArith_op_bitand):
+        (JSC::JIT::compileFastArithSlow_op_bitand):
+        (JSC::JIT::compileFastArith_op_mod):
+        (JSC::JIT::compileFastArithSlow_op_mod):
+        (JSC::JIT::compileFastArith_op_add):
+        (JSC::JIT::compileFastArithSlow_op_add):
+        (JSC::JIT::compileFastArith_op_mul):
+        (JSC::JIT::compileFastArithSlow_op_mul):
+        (JSC::JIT::compileFastArith_op_post_inc):
+        (JSC::JIT::compileFastArithSlow_op_post_inc):
+        (JSC::JIT::compileFastArith_op_post_dec):
+        (JSC::JIT::compileFastArithSlow_op_post_dec):
+        (JSC::JIT::compileFastArith_op_pre_inc):
+        (JSC::JIT::compileFastArithSlow_op_pre_inc):
+        (JSC::JIT::compileFastArith_op_pre_dec):
+        (JSC::JIT::compileFastArithSlow_op_pre_dec):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::getConstantOperand):
+        (JSC::JIT::getConstantOperandImmediateInt):
+        (JSC::JIT::isOperandConstantImmediateInt):
+        (JSC::JIT::isOperandConstant31BitImmediateInt):
+        (JSC::JIT::emitFastArithDeTagImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithImmToInt):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::isPositiveNumber):
+        (JSC::JSImmediate::isNegative):
+        (JSC::JSImmediate::rightShiftImmediateNumbers):
+        (JSC::JSImmediate::canDoFastAdditiveOperations):
+        (JSC::JSImmediate::makeValue):
+        (JSC::JSImmediate::makeInt):
+        (JSC::JSImmediate::makeBool):
+        (JSC::JSImmediate::intValue):
+        (JSC::JSImmediate::rawValue):
+        (JSC::JSImmediate::toBoolean):
+        (JSC::JSImmediate::from):
+        * wtf/Platform.h:
+
+2008-12-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        [jsfunfuzz] Assertion + incorrect behaviour with dynamically created local variable in a catch block
+        <https://bugs.webkit.org/show_bug.cgi?id=23063>
+
+        Eval inside a catch block attempts to use the catch block's static scope in
+        an unsafe way by attempting to add new properties to the scope.  This patch
+        fixes this issue simply by preventing the catch block from using a static
+        scope if it contains an eval.
+
+        * parser/Grammar.y:
+        * parser/Nodes.cpp:
+        (JSC::TryNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::TryNode::):
+
+2008-12-31  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        [jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
+        <https://bugs.webkit.org/show_bug.cgi?id=23062>
+
+        This was caused by the expression information for the initial resolve of
+        eval not being emitted.  If this resolve was the first instruction that
+        could throw an exception the information search would fail leading to an
+        assertion failure.  If it was not the first throwable opcode the wrong
+        expression information would used.
+
+        Fix is simply to emit the expression info.
+
+        * parser/Nodes.cpp:
+        (JSC::EvalFunctionCallNode::emitBytecode):
+
+2008-12-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 23054: Caching of global lookups occurs even when the global object has become a dictionary
+        <https://bugs.webkit.org/show_bug.cgi?id=23054>
+        <rdar://problem/6469905>
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::resolveGlobal): Do not cache lookup if the global
+        object has transitioned to a dictionary.
+        (JSC::Interpreter::cti_op_resolve_global): Do not cache lookup if the
+        global object has transitioned to a dictionary.
+
+2008-12-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=23049> [jsfunfuzz] With blocks do not correctly protect their scope object
+        <rdar://problem/6469742> Crash in JSC::TypeInfo::hasStandardGetOwnPropertySlot() running jsfunfuzz
+
+        The problem that caused this was that with nodes were not correctly protecting
+        the final object that was placed in the scope chain.  We correct this by forcing
+        the use of a temporary register (which stops us relying on a local register
+        protecting the scope) and changing the behaviour of op_push_scope so that it
+        will store the final scope object.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitPushScope):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_push_scope):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * parser/Nodes.cpp:
+        (JSC::WithNode::emitBytecode):
+
+2008-12-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam Weinig.
+
+        Bug 23037: Parsing and reparsing disagree on automatic semicolon insertion
+        <https://bugs.webkit.org/show_bug.cgi?id=23037>
+        <rdar://problem/6467124>
+
+        Parsing and reparsing disagree about automatic semicolon insertion, so that a
+        function like
+
+        function() { a = 1, }
+
+        is parsed as being syntactically valid but gets a syntax error upon reparsing.
+        This leads to an assertion failure in Parser::reparse(). It is not that big of
+        an issue in practice, because in a Release build such a function will return
+        'undefined' when called.
+
+        In this case, we are not following the spec and it should be a syntax error.
+        However, unless there is a newline separating the ',' and the '}', WebKit would
+        not treat it as a syntax error in the past either. It would be a bit of work to
+        make the automatic semicolon insertion match the spec exactly, so this patch
+        changes it to match our past behaviour.
+
+        The problem is that even during reparsing, the Lexer adds a semicolon at the
+        end of the input, which confuses allowAutomaticSemicolon(), because it is
+        expecting either a '}', the end of input, or a terminator like a newline.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::Lexer): Initialize m_isReparsing to false.
+        (JSC::Lexer::lex): Do not perform automatic semicolon insertion in the Lexer if
+        we are in the middle of reparsing.
+        (JSC::Lexer::clear): Set m_isReparsing to false.
+        * parser/Lexer.h:
+        (JSC::Lexer::setIsReparsing): Added.
+        * parser/Parser.cpp:
+        (JSC::Parser::reparse): Call Lexer::setIsReparsing() to notify the Lexer of
+        reparsing.
+
+2008-12-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Yet another attempt to fix Tiger.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+
+2008-12-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Tiger build fix (correct this time)
+
+        * wtf/RandomNumber.cpp:
+
+2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Alexey Proskuryakov.
+
+        Revert r39509, because kjsyydebug is used in the generated code if YYDEBUG is 1.
+
+        * parser/Grammar.y:
+
+2008-12-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Tiger build fix.
+
+        * wtf/RandomNumber.cpp:
+
+2008-12-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6358108> Insecure randomness in Math.random() leads to user tracking
+
+        Switch to arc4random on PLATFORM(DARWIN), this is ~1.5x slower than random(), but the
+        it is still so fast that there is no fathomable way it could be a bottleneck for anything.
+
+        randomNumber is called in two places
+          * During form submission where it is called once per form
+          * Math.random in JSC.  For this difference to show up you have to be looping on
+            a cached local copy of random, for a large (>10000) calls.
+
+        No change in SunSpider.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+        * wtf/RandomNumberSeed.h:
+        (WTF::initializeRandomNumberGenerator):
+
+2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Sam Weinig.
+
+        Remove unused kjsyydebug #define.
+
+        * parser/Grammar.y:
+
+2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt and Sam Weinig.
+
+        Bug 23029: REGRESSION (r39337): jsfunfuzz generates identical test files
+        <https://bugs.webkit.org/show_bug.cgi?id=23029>
+        <rdar://problem/6469185>
+
+        The unification of random number generation in r39337 resulted in random()
+        being initialized on Darwin, but rand() actually being used. Fix this by
+        making randomNumber() use random() instead of rand() on Darwin.
+
+        * wtf/RandomNumber.cpp:
+        (WTF::randomNumber):
+
+2008-12-29  Sam Weinig  <sam@webkit.org>
+
+        Fix buildbots.
+
+        * runtime/Structure.cpp:
+
+2008-12-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=23026
+        Move the deleted offsets vector into the PropertyMap
+
+        Saves 3 words per Structure.
+
+        * runtime/PropertyMapHashTable.h:
+        * runtime/Structure.cpp:
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::changePrototypeTransition):
+        (JSC::Structure::getterSetterTransition):
+        (JSC::Structure::toDictionaryTransition):
+        (JSC::Structure::fromDictionaryTransition):
+        (JSC::Structure::copyPropertyTable):
+        (JSC::Structure::put):
+        (JSC::Structure::remove):
+        (JSC::Structure::rehashPropertyMapHashTable):
+        * runtime/Structure.h:
+        (JSC::Structure::propertyStorageSize):
+
+2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Change code using m_body.get() as a boolean to take advantage of the 
+        implicit conversion of RefPtr to boolean.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+
+2008-12-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 22840: REGRESSION (r38349): Gmail doesn't load with profiling enabled
+        <https://bugs.webkit.org/show_bug.cgi?id=22840>
+        <rdar://problem/6468077>
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitNewArray): Add an assertion that the range
+        of registers passed to op_new_array is sequential.
+        (JSC::BytecodeGenerator::emitCall): Correct the relocation of registers
+        when emitting profiler hooks so that registers aren't leaked. Also, add
+        an assertion that the 'this' register is always ref'd (because it is),
+        remove the needless protection of the 'this' register when relocating,
+        and add an assertion that the range of registers passed to op_call for
+        function call arguments is sequential.
+        (JSC::BytecodeGenerator::emitConstruct): Correct the relocation of
+        registers when emitting profiler hooks so that registers aren't leaked.
+        Also, add an assertion that the range of registers passed to op_construct
+        for function call arguments is sequential.
+
+2008-12-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        <rdar://problem/6467376> Race condition in WTF::currentThread can lead to a thread using two different identifiers during its lifetime
+
+        If a newly-created thread calls WTF::currentThread() before WTF::createThread calls establishIdentifierForPthreadHandle
+        then more than one identifier will be used for the same thread.  We can avoid this by adding some extra synchronization
+        during thread creation that delays the execution of the thread function until the thread identifier has been set up, and
+        an assertion to catch this problem should it reappear in the future.
+
+        * wtf/Threading.cpp: Added.
+        (WTF::NewThreadContext::NewThreadContext):
+        (WTF::threadEntryPoint):
+        (WTF::createThread): Add cross-platform createThread function that delays the execution of the thread function until
+        after the thread identifier has been set up.
+        * wtf/Threading.h:
+        * wtf/ThreadingGtk.cpp:
+        (WTF::establishIdentifierForThread):
+        (WTF::createThreadInternal):
+        * wtf/ThreadingNone.cpp:
+        (WTF::createThreadInternal):
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::establishIdentifierForPthreadHandle):
+        (WTF::createThreadInternal):
+        * wtf/ThreadingQt.cpp:
+        (WTF::identifierByQthreadHandle):
+        (WTF::establishIdentifierForThread):
+        (WTF::createThreadInternal):
+        * wtf/ThreadingWin.cpp:
+        (WTF::storeThreadHandleByIdentifier):
+        (WTF::createThreadInternal):
+
+        Add Threading.cpp to the build.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+
+2008-12-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Remove unused method.
+
+        * runtime/Structure.h: Remove mutableTypeInfo.
+
+2008-12-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix rounding / bounds / signed comparison bug in ExecutableAllocator.
+
+        ExecutableAllocator::alloc assumed that m_freePtr would be aligned.  This was
+        not always true, since the first allocation from an additional pool would not
+        be rounded up.  Subsequent allocations would be unaligned, and too much memory
+        could be erroneously allocated from the pool, when the size requested was
+        available, but the size rounded up to word granularity was not available in the
+        pool.  This may result in the value of m_freePtr being greater than m_end.
+
+        Under these circumstances, the unsigned check for space will always pass,
+        resulting in pointers to memory outside of the arena being returned, and
+        ultimately segfaulty goodness when attempting to memcpy the hot freshly jitted
+        code from the AssemblerBuffer.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22974
+        ... and probably many, many more.
+
+        * jit/ExecutableAllocator.h:
+        (JSC::ExecutablePool::alloc):
+        (JSC::ExecutablePool::roundUpAllocationSize):
+        (JSC::ExecutablePool::ExecutablePool):
+        (JSC::ExecutablePool::poolAllocate):
+
+2008-12-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Rename all uses of the term "repatch" to "patch".
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::DataLabelPtr::patch):
+        (JSC::MacroAssembler::DataLabel32::patch):
+        (JSC::MacroAssembler::Jump::patch):
+        (JSC::MacroAssembler::PatchBuffer::PatchBuffer):
+        (JSC::MacroAssembler::PatchBuffer::setPtr):
+        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
+        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
+        (JSC::MacroAssembler::storePtrWithPatch):
+        (JSC::MacroAssembler::jnePtrWithPatch):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::patchAddress):
+        (JSC::X86Assembler::patchImmediate):
+        (JSC::X86Assembler::patchPointer):
+        (JSC::X86Assembler::patchBranchOffset):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        * jit/JIT.cpp:
+        (JSC::ctiPatchCallByReturnAddress):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        (JSC::JIT::compileOpCall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+
+2008-12-22  Adam Roben  <aroben@apple.com>
+
+        Build fix after r39428
+
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSlowCase): Added a missing MacroAssembler::
+
+2008-12-22  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
+
+        Rubber-stamped by George Staikos.
+
+        Unify all TorchMobile copyright lines. Consolidate in a single line, as requested by Mark Rowe, some time ago.
+
+        * wtf/RandomNumber.cpp:
+        * wtf/RandomNumber.h:
+        * wtf/RandomNumberSeed.h:
+
+2008-12-21  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
+
+        Rubber-stamped by George Staikos.
+
+        Fix copyright of the new RandomNumber* files.
+
+        * wtf/RandomNumber.cpp:
+        * wtf/RandomNumber.h:
+        * wtf/RandomNumberSeed.h:
+
+2008-12-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt & Cameron Zwarich.
+
+        Add support for call and property access repatching on x86-64.
+
+        No change in performance on current configurations (2x impovement on v8-tests with JIT enabled on x86-64).
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::DataLabelPtr::repatch):
+        (JSC::MacroAssembler::DataLabelPtr::operator X86Assembler::JmpDst):
+        (JSC::MacroAssembler::DataLabel32::repatch):
+        (JSC::MacroAssembler::RepatchBuffer::addressOf):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::loadPtrWithAddressOffsetRepatch):
+        (JSC::MacroAssembler::storePtrWithAddressOffsetRepatch):
+        (JSC::MacroAssembler::jePtr):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jnePtrWithRepatch):
+        (JSC::MacroAssembler::differenceBetween):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::addl_im):
+        (JSC::X86Assembler::subl_im):
+        (JSC::X86Assembler::cmpl_rm):
+        (JSC::X86Assembler::movq_rm_disp32):
+        (JSC::X86Assembler::movq_mr_disp32):
+        (JSC::X86Assembler::repatchPointer):
+        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp32):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::resizePropertyStorage):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        * wtf/Platform.h:
+
+2008-12-20  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Port optimized property access generation to the MacroAssembler.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::AbsoluteAddress::AbsoluteAddress):
+        (JSC::MacroAssembler::DataLabelPtr::repatch):
+        (JSC::MacroAssembler::DataLabel32::DataLabel32):
+        (JSC::MacroAssembler::DataLabel32::repatch):
+        (JSC::MacroAssembler::Label::operator X86Assembler::JmpDst):
+        (JSC::MacroAssembler::Jump::repatch):
+        (JSC::MacroAssembler::JumpList::empty):
+        (JSC::MacroAssembler::RepatchBuffer::link):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::and32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::loadPtrWithAddressRepatch):
+        (JSC::MacroAssembler::storePtrWithAddressRepatch):
+        (JSC::MacroAssembler::push):
+        (JSC::MacroAssembler::ja32):
+        (JSC::MacroAssembler::jePtr):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jnePtrWithRepatch):
+        (JSC::MacroAssembler::align):
+        (JSC::MacroAssembler::differenceBetween):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movl_rm_disp32):
+        (JSC::X86Assembler::movl_mr_disp32):
+        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp32):
+        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
+        * jit/JIT.cpp:
+        (JSC::ctiRepatchCallByReturnAddress):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::resizePropertyStorage):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * wtf/RefCounted.h:
+        (WTF::RefCountedBase::addressOfCount):
+
+2008-12-19  Gustavo Noronha Silva  <gns@gnome.org>
+
+        Reviewed by Holger Freyther.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22686
+
+        Added file which was missing to the javascriptcore_sources
+        variable, so that it shows up in the tarball created by `make
+        dist'.
+
+        * GNUmakefile.am:
+
+2008-12-19  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Antti Koivisto.
+
+        Build fix when building JS API tests with a c89 c compiler
+
+        Do not use C++ style comments and convert them to C comments.
+
+        * wtf/Platform.h:
+
+2008-12-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Same as last revision, adding cases for pre & post inc & dec.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22928
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2008-12-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fixes for the JIT's handling of JSImmediate values on x86-64.
+        On 64-bit systems, the code in JSImmediate.h relies on the upper
+        bits of a JSImmediate being a sign extension of the low 32-bits.
+        This was not being enforced by the JIT, since a number of inline
+        operations were being performed on 32-bit values in registers, and
+        when a 32-bit result is written to a register on x86-64 the value
+        is zero-extended to 64-bits.
+        
+        This fix honors previous behavoir.  A better fix in the long run
+        (when the JIT is enabled by default) may be to change JSImmediate.h
+        so it no longer relies on the upper bits of the pointer,... though
+        if we're going to change JSImmediate.h for 64-bit, we probably may
+        as well change the format so that the full range of 32-bit ints can
+        be stored, rather than just 31-bits.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22925
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::andPtr):
+        (JSC::MacroAssembler::orPtr):
+        (JSC::MacroAssembler::or32):
+        (JSC::MacroAssembler::xor32):
+        (JSC::MacroAssembler::xorPtr):
+        (JSC::MacroAssembler::signExtend32ToPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::andq_rr):
+        (JSC::X86Assembler::andq_ir):
+        (JSC::X86Assembler::orq_rr):
+        (JSC::X86Assembler::xorq_ir):
+        (JSC::X86Assembler::movsxd_rr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
+        (JSC::JIT::emitFastArithImmToInt):
+
+2008-12-18  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Just a tidy up - rename & refactor some the #defines configuring the JIT.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_end):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_timeout_check):
+        (JSC::Interpreter::cti_register_file_check):
+        (JSC::Interpreter::cti_op_loop_if_less):
+        (JSC::Interpreter::cti_op_loop_if_lesseq):
+        (JSC::Interpreter::cti_op_new_object):
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
+        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
+        (JSC::Interpreter::cti_op_get_by_id_array_fail):
+        (JSC::Interpreter::cti_op_get_by_id_string_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_new_func):
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_op_call_arityCheck):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        (JSC::Interpreter::cti_op_push_activation):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_create_arguments):
+        (JSC::Interpreter::cti_op_create_arguments_no_params):
+        (JSC::Interpreter::cti_op_tear_off_activation):
+        (JSC::Interpreter::cti_op_tear_off_arguments):
+        (JSC::Interpreter::cti_op_profile_will_call):
+        (JSC::Interpreter::cti_op_profile_did_call):
+        (JSC::Interpreter::cti_op_ret_scopeChain):
+        (JSC::Interpreter::cti_op_new_array):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_JSConstruct):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_lesseq):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_resolve_base):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_jless):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_new_func_exp):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_less):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_new_regexp):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_call_eval):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_get_pnames):
+        (JSC::Interpreter::cti_op_next_pname):
+        (JSC::Interpreter::cti_op_push_scope):
+        (JSC::Interpreter::cti_op_pop_scope):
+        (JSC::Interpreter::cti_op_typeof):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_is_boolean):
+        (JSC::Interpreter::cti_op_is_number):
+        (JSC::Interpreter::cti_op_is_string):
+        (JSC::Interpreter::cti_op_is_object):
+        (JSC::Interpreter::cti_op_is_function):
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_push_new_scope):
+        (JSC::Interpreter::cti_op_jmp_scopes):
+        (JSC::Interpreter::cti_op_put_by_index):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_op_del_by_val):
+        (JSC::Interpreter::cti_op_put_getter):
+        (JSC::Interpreter::cti_op_put_setter):
+        (JSC::Interpreter::cti_op_new_error):
+        (JSC::Interpreter::cti_op_debug):
+        (JSC::Interpreter::cti_vm_throw):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        * wtf/Platform.h:
+
+2008-12-18  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21855: REGRESSION (r37323): Gmail complains about popup blocking when opening a link
+        <https://bugs.webkit.org/show_bug.cgi?id=21855>
+        <rdar://problem/6278244>
+
+        Move DynamicGlobalObjectScope to JSGlobalObject.h so that it can be used
+        from WebCore.
+
+        * interpreter/Interpreter.cpp:
+        * runtime/JSGlobalObject.h:
+        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
+
+2008-12-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Gavin Barraclough.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22393
+        Segfault when caching property accesses to primitive cells.
+        
+        Changed some asObject casts to asCell casts in cases where a primitive
+        value may be a cell and not an object.
+        
+        Re-enabled property caching for primitives in cases where it had been
+        disabled because of this bug.
+        
+        Updated a comment to better explain something Darin thought needed
+        explaining in an old patch review.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+
+2008-12-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fixes for Sunspider failures with the JIT enabled on x86-64.
+
+        * assembler/MacroAssembler.h:
+            Switch the order of the RegisterID & Address form of je32, to keep it consistent with jne32.
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+            Port the m_ctiVirtualCall tramopline generation to use the MacroAssembler interface.
+        * jit/JITCall.cpp:
+            Fix bug in the non-optimizing code path, vptr check should have been to the memory address pointer
+            to by the register, not to the register itself.
+        * wrec/WRECGenerator.cpp:
+            See assembler/MacroAssembler.h, above.
+
+2008-12-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        print("Hello, 64-bit jitted world!");
+        Get hello-world working through the JIT, on x86-64.
+
+        * assembler/X86Assembler.h:
+            Fix encoding of opcode + RegisterID format instructions for 64-bit.
+        * interpreter/Interpreter.cpp:
+        * interpreter/Interpreter.h:
+            Make VoidPtrPair actually be a pair of void*s.
+            (Possibly should make this change for 32-bit Mac platforms, too - but won't change 32-bit behaviour in this patch).
+        * jit/JIT.cpp:
+        * jit/JIT.h:
+            Provide names for the timeoutCheckRegister & callFrameRegister on x86-64,
+            force x86-64 ctiTrampoline arguments onto the stack,
+            implement the asm trampolines for x86-64,
+            implement the restoreArgumentReference methods for x86-64 calling conventions.
+        * jit/JITCall.cpp:
+        * jit/JITInlineMethods.h:
+        * wtf/Platform.h:
+            Add switch settings to ENABLE(JIT), on PLATFORM(X86_64) (currently still disabled).
+
+2008-12-17  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Add more CodeBlock statistics.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpStatistics):
+
+2008-12-17  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22897
+        <rdar://problem/6428342>
+        Look into feasibility of discarding bytecode after native codegen
+
+        Clear the bytecode Instruction vector at the end JIT generation.
+
+        Saves 4.8 MB on Membuster head.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Add logging for the case that someone tries
+        to dump the instructions of a CodeBlock that has had its bytecode
+        vector cleared.
+        (JSC::CodeBlock::CodeBlock): Initialize the instructionCount
+        (JSC::CodeBlock::handlerForBytecodeOffset): Use instructionCount instead
+        of the size of the instruction vector in the assertion.
+        (JSC::CodeBlock::lineNumberForBytecodeOffset): Ditto.
+        (JSC::CodeBlock::expressionRangeForBytecodeOffset): Ditto.
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset): Ditto.
+        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Ditto.
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::setInstructionCount): Store the instruction vector size
+        in debug builds for assertions.
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile): Clear the bytecode vector unless we
+        have compiled with Opcode sampling where we will continue to require it
+
+2008-12-17  Cary Clark  <caryclark@google.com>
+
+        Reviewed by Darin Adler.
+        Landed by Adam Barth.
+
+        Add ENABLE_TEXT_CARET to permit the ANDROID platform
+        to invalidate and draw the caret in a separate thread.
+
+        * wtf/Platform.h:
+        Default ENABLE_TEXT_CARET to 1.
+
+2008-12-17  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard, take two.
+
+        * API/JSContextRef.cpp: The previous patch that claimed to do this was making Tiger and
+        Leopard always use unique context group instead.
+
+2008-12-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22838
+        Remove dependency on the bytecode Instruction buffer in Interpreter::throwException
+        Part of <rdar://problem/6428342>
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Added. Function to get
+        a function Register index in a callFrame for a bytecode offset.
+        (JSC::CodeBlock::shrinkToFit): Shrink m_getByIdExceptionInfo and m_functionRegisterInfos.
+        * bytecode/CodeBlock.h:
+        (JSC::FunctionRegisterInfo::FunctionRegisterInfo): Added.
+        (JSC::CodeBlock::addFunctionRegisterInfo):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitCall):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::throwException): Use functionRegisterForBytecodeOffset in JIT
+        mode.
+
+2008-12-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22837
+        Remove dependency on the bytecode Instruction buffer in Interpreter::cti_op_call_NotJSFunction
+        Part of <rdar://problem/6428342>
+
+        * interpreter/CallFrame.h: Added comment regarding returnPC storing a void*.
+        * interpreter/Interpreter.cpp:
+        (JSC::bytecodeOffsetForPC): We no longer have any cases of the PC
+        being in the instruction stream for JIT, so we can remove the check.
+        (JSC::Interpreter::cti_op_call_NotJSFunction): Use the CTI_RETURN_ADDRESS
+        as the call frame returnPC as it is only necessary for looking up when
+        throwing an exception.
+        * interpreter/RegisterFile.h:
+        (JSC::RegisterFile::): Added comment regarding returnPC storing a void*.
+        * jit/JIT.h: Remove ARG_instr4.
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs): Don't pass the instruction pointer.
+
+2008-12-16  Darin Adler  <darin@apple.com>
+
+        Reviewed and landed by Cameron Zwarich.
+
+        Preparatory work for fixing
+
+        Bug 22887: Make UString::Rep use RefCounted rather than implementing its own ref counting
+        <https://bugs.webkit.org/show_bug.cgi?id=22887>
+
+        Change the various string translators used by Identifier:add() so that
+        they never zero the ref count of a newly created UString::Rep.
+
+        * runtime/Identifier.cpp:
+        (JSC::CStringTranslator::translate):
+        (JSC::Identifier::add):
+        (JSC::UCharBufferTranslator::translate):
+
+2008-12-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Build fix for 'doze.
+
+        * assembler/AssemblerBuffer.h:
+
+2008-12-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Make the JIT compile on x86-64.
+        This largely involves populting the missing calls in MacroAssembler.h.
+        In addition some reinterpret_casts need removing from the JIT, and the
+        repatching property access code will need to be fully compiled out for
+        now.  The changes in interpret.cpp are to reorder the functions so that
+        the _generic forms come before all other property access methods, and
+        then to place all property access methods other than the generic forms
+        under control of the ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS macro.
+
+        No performance impact.
+
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::putInt64Unchecked):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::load32):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::storePtrWithRepatch):
+        (JSC::MacroAssembler::store32):
+        (JSC::MacroAssembler::poke):
+        (JSC::MacroAssembler::move):
+        (JSC::MacroAssembler::testImm64):
+        (JSC::MacroAssembler::jePtr):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jnzPtr):
+        (JSC::MacroAssembler::jzPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::cmpq_rr):
+        (JSC::X86Assembler::cmpq_rm):
+        (JSC::X86Assembler::cmpq_im):
+        (JSC::X86Assembler::testq_i32m):
+        (JSC::X86Assembler::movl_mEAX):
+        (JSC::X86Assembler::movl_i32r):
+        (JSC::X86Assembler::movl_EAXm):
+        (JSC::X86Assembler::movq_rm):
+        (JSC::X86Assembler::movq_mEAX):
+        (JSC::X86Assembler::movq_mr):
+        (JSC::X86Assembler::movq_i64r):
+        (JSC::X86Assembler::movl_mr):
+        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64):
+        (JSC::X86Assembler::X86InstructionFormatter::immediate64):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        * runtime/JSImmediate.h:
+        (JSC::JSImmediate::makeInt):
+
+2008-12-16  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22869: REGRESSION (r38407): http://news.cnet.com/8301-13579_3-9953533-37.html crashes
+        <https://bugs.webkit.org/show_bug.cgi?id=22869>
+        <rdar://problem/6402499>
+
+        Before r38407, Structure::m_nameInPrevious was ref'd due to it being
+        stored in a PropertyMap. However, PropertyMaps are created lazily after
+        r38407, so Structure::m_nameInPrevious is not necessarily ref'd while
+        it is being used. Making it a RefPtr instead of a raw pointer fixes
+        the problem.
+
+        Unfortunately, the crash in the bug is rather intermittent, and it is
+        impossible to add an assertion in UString::Ref::ref() to catch this bug
+        because some users of UString::Rep deliberately zero out the reference
+        count. Therefore, there is no layout test accompanying this bug fix.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::~Structure): Use get().
+        (JSC::Structure::materializePropertyMap): Use get().
+        (JSC::Structure::addPropertyTransitionToExistingStructure): Use get().
+        (JSC::Structure::addPropertyTransition): Use get().
+        * runtime/Structure.h: Make Structure::m_nameInPrevious a RefPtr instead
+        of a raw pointer.
+
+2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
+
+        Not reviewed. Attempt to fix win build. No 'using namespace WTF' in this file, needs manual WTF:: prefix.
+        Not sure why the build works as is here.
+
+        * runtime/MathObject.cpp:
+        (JSC::mathProtoFuncRandom):
+
+2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
+
+        Reviewed by Darin Adler.
+
+        Fixes: https://bugs.webkit.org/show_bug.cgi?id=22876
+
+        Unify random number generation in JavaScriptCore & WebCore, by introducing
+        wtf/RandomNumber.h and moving wtf_random/wtf_random_init out of MathExtras.h.
+
+        wtf_random_init() has been renamed to initializeRandomNumberGenerator() and
+        lives in it's own private header: wtf/RandomNumberSeed.h, only intended to
+        be used from within JavaScriptCore.
+
+        wtf_random() has been renamed to randomNumber() and lives in a public header
+        wtf/RandomNumber.h, usable from within JavaScriptCore & WebCore. It encapsulates
+        the code taking care of initializing the random number generator (only when
+        building without ENABLE(JSC_MULTIPLE_THREADS), otherwhise initializeThreading()
+        already took care of that).
+
+        Functional change on darwin: Use random() instead of rand(), as it got a larger
+        period (more randomness). HTMLFormElement already contains this implementation
+        and I just moved it in randomNumber(), as  special case for PLATFORM(DARWIN).
+
+        * GNUmakefile.am: Add RandomNumber.(cpp/h) / RandomNumberSeed.h.
+        * JavaScriptCore.exp: Ditto.
+        * JavaScriptCore.pri: Ditto.
+        * JavaScriptCore.scons: Ditto.
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * JavaScriptCoreSources.bkl: Ditto.
+        * runtime/MathObject.cpp: Use new WTF::randomNumber() functionality.
+        (JSC::mathProtoFuncRandom):
+        * wtf/MathExtras.h: Move wtf_random / wtf_random_init to new files.
+        * wtf/RandomNumber.cpp: Added.
+        (WTF::randomNumber):
+        * wtf/RandomNumber.h: Added.
+        * wtf/RandomNumberSeed.h: Added. Internal usage within JSC only.
+        (WTF::initializeRandomNumberGenerator):
+        * wtf/ThreadingGtk.cpp: Rename wtf_random_init() to initializeRandomNumberGenerator().
+        (WTF::initializeThreading):
+        * wtf/ThreadingPthreads.cpp: Ditto.
+        (WTF::initializeThreading):
+        * wtf/ThreadingQt.cpp: Ditto.
+        (WTF::initializeThreading):
+        * wtf/ThreadingWin.cpp: Ditto.
+        (WTF::initializeThreading):
+
+2008-12-16 Yael Aharon <yael.aharon@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Qt/Win build fix
+
+        * JavaScriptCore.pri:
+
+2008-12-15  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix the build with GCC 4.0.
+
+        * Configurations/JavaScriptCore.xcconfig:  GCC 4.0 appears to have a bug when compiling with -funwind-tables on,
+        so don't use it with that compiler version.
+
+2008-12-15  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Cameron Zwarich.
+
+        <rdar://problem/6289933> Change WebKit-related projects to build with GCC 4.2 on Leopard.
+
+        * Configurations/Base.xcconfig:
+        * Configurations/DebugRelease.xcconfig:
+
+2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard.
+
+        * API/JSContextRef.cpp: (JSGlobalContextCreate):
+
+2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/6445089> Mach ports leak from worker threads
+
+        * interpreter/Interpreter.cpp: (JSC::getCPUTime):
+        Deallocate the thread self port.
+
+2008-12-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Construct stack frames in JIT code, so that backtracing can still work.
+        <rdar://problem/6447870> JIT should play nice with attempts to take stack traces
+
+        * jit/JIT.cpp:
+        (JSC::):
+        (JSC::JIT::privateCompileMainPass):
+
+2008-12-15  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        <rdar://problem/6402262> JavaScriptCore needs exception handling tables in order to get stack traces without frame pointers
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-12-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Rubber stamped by Mark Rowe.
+
+        Revert r39226 / Bug 22818: Unify JIT callback argument access OS X / Windows
+        This causes Acid3 failures – reverting for now & will revisit later.
+        https://bugs.webkit.org/show_bug.cgi?id=22873
+
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        (JSC::JIT::emitCTICall_internal):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        * wtf/Platform.h:
+
+2008-12-15  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix <rdar://problem/6427048> crash due to infinite recursion after setting window.__proto__ = window
+
+        Replaced toGlobalObject with the more generally useful unwrappedObject and used it to
+        fix the cycle detection code in put(__proto__).
+
+        * JavaScriptCore.exp: Updated.
+
+        * runtime/JSGlobalObject.cpp: Removed toGlobalObject. We now use unwrappedObject instead.
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::isGlobalObject): Ditto.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval): Use unwrappedObject and isGlobalObject here rather than toGlobalObject.
+
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::put): Rewrote prototype cycle checking loop. Use unwrappedObject in the loop now.
+        (JSC::JSObject::unwrappedObject): Replaced toGlobalObject with this new function.
+        * runtime/JSObject.h: More of the same.
+
+2008-12-15  Steve Falkenburg  <sfalken@apple.com>
+
+        Windows build fix.
+        
+        Visual Studio requires visibility of forward declarations to match class declaration.
+
+        * assembler/X86Assembler.h:
+
+2008-12-15  Gustavo Noronha Silva  <kov@kov.eti.br>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22686
+
+        GTK+ build fix.
+
+        * GNUmakefile.am:
+
+2008-12-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Add support to X86Assembler emitting instructions that access all 16 registers on x86-64.
+        Add a new formating class, that is reponsible for both emitting the opcode bytes and the
+        ModRm  bytes of an instruction in a single call; this can insert the REX byte as necessary
+        before the opcode, but has access to the register numbers to build the REX.
+
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::isAligned):
+        (JSC::AssemblerBuffer::data):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::and32):
+        (JSC::MacroAssembler::or32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::xor32):
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::load32):
+        (JSC::MacroAssembler::load16):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::storePtrWithRepatch):
+        (JSC::MacroAssembler::store32):
+        (JSC::MacroAssembler::pop):
+        (JSC::MacroAssembler::push):
+        (JSC::MacroAssembler::compareImm32ForBranch):
+        (JSC::MacroAssembler::compareImm32ForBranchEquality):
+        (JSC::MacroAssembler::testImm32):
+        (JSC::MacroAssembler::jae32):
+        (JSC::MacroAssembler::jb32):
+        (JSC::MacroAssembler::je16):
+        (JSC::MacroAssembler::jg32):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jne32):
+        (JSC::MacroAssembler::jump):
+        * assembler/X86Assembler.h:
+        (JSC::X86::):
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::size):
+        (JSC::X86Assembler::push_r):
+        (JSC::X86Assembler::pop_r):
+        (JSC::X86Assembler::push_i32):
+        (JSC::X86Assembler::push_m):
+        (JSC::X86Assembler::pop_m):
+        (JSC::X86Assembler::addl_rr):
+        (JSC::X86Assembler::addl_mr):
+        (JSC::X86Assembler::addl_ir):
+        (JSC::X86Assembler::addq_ir):
+        (JSC::X86Assembler::addl_im):
+        (JSC::X86Assembler::andl_rr):
+        (JSC::X86Assembler::andl_ir):
+        (JSC::X86Assembler::orl_rr):
+        (JSC::X86Assembler::orl_mr):
+        (JSC::X86Assembler::orl_ir):
+        (JSC::X86Assembler::subl_rr):
+        (JSC::X86Assembler::subl_mr):
+        (JSC::X86Assembler::subl_ir):
+        (JSC::X86Assembler::subl_im):
+        (JSC::X86Assembler::xorl_rr):
+        (JSC::X86Assembler::xorl_ir):
+        (JSC::X86Assembler::sarl_i8r):
+        (JSC::X86Assembler::sarl_CLr):
+        (JSC::X86Assembler::shll_i8r):
+        (JSC::X86Assembler::shll_CLr):
+        (JSC::X86Assembler::imull_rr):
+        (JSC::X86Assembler::imull_i32r):
+        (JSC::X86Assembler::idivl_r):
+        (JSC::X86Assembler::cmpl_rr):
+        (JSC::X86Assembler::cmpl_rm):
+        (JSC::X86Assembler::cmpl_mr):
+        (JSC::X86Assembler::cmpl_ir):
+        (JSC::X86Assembler::cmpl_ir_force32):
+        (JSC::X86Assembler::cmpl_im):
+        (JSC::X86Assembler::cmpl_im_force32):
+        (JSC::X86Assembler::cmpw_rm):
+        (JSC::X86Assembler::testl_rr):
+        (JSC::X86Assembler::testl_i32r):
+        (JSC::X86Assembler::testl_i32m):
+        (JSC::X86Assembler::testq_rr):
+        (JSC::X86Assembler::testq_i32r):
+        (JSC::X86Assembler::testb_i8r):
+        (JSC::X86Assembler::sete_r):
+        (JSC::X86Assembler::setz_r):
+        (JSC::X86Assembler::setne_r):
+        (JSC::X86Assembler::setnz_r):
+        (JSC::X86Assembler::cdq):
+        (JSC::X86Assembler::xchgl_rr):
+        (JSC::X86Assembler::movl_rr):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::movl_mr):
+        (JSC::X86Assembler::movl_i32r):
+        (JSC::X86Assembler::movl_i32m):
+        (JSC::X86Assembler::movq_rr):
+        (JSC::X86Assembler::movq_rm):
+        (JSC::X86Assembler::movq_mr):
+        (JSC::X86Assembler::movzwl_mr):
+        (JSC::X86Assembler::movzbl_rr):
+        (JSC::X86Assembler::leal_mr):
+        (JSC::X86Assembler::call):
+        (JSC::X86Assembler::jmp):
+        (JSC::X86Assembler::jmp_r):
+        (JSC::X86Assembler::jmp_m):
+        (JSC::X86Assembler::jne):
+        (JSC::X86Assembler::jnz):
+        (JSC::X86Assembler::je):
+        (JSC::X86Assembler::jl):
+        (JSC::X86Assembler::jb):
+        (JSC::X86Assembler::jle):
+        (JSC::X86Assembler::jbe):
+        (JSC::X86Assembler::jge):
+        (JSC::X86Assembler::jg):
+        (JSC::X86Assembler::ja):
+        (JSC::X86Assembler::jae):
+        (JSC::X86Assembler::jo):
+        (JSC::X86Assembler::jp):
+        (JSC::X86Assembler::js):
+        (JSC::X86Assembler::addsd_rr):
+        (JSC::X86Assembler::addsd_mr):
+        (JSC::X86Assembler::cvtsi2sd_rr):
+        (JSC::X86Assembler::cvttsd2si_rr):
+        (JSC::X86Assembler::movd_rr):
+        (JSC::X86Assembler::movsd_rm):
+        (JSC::X86Assembler::movsd_mr):
+        (JSC::X86Assembler::mulsd_rr):
+        (JSC::X86Assembler::mulsd_mr):
+        (JSC::X86Assembler::pextrw_irr):
+        (JSC::X86Assembler::subsd_rr):
+        (JSC::X86Assembler::subsd_mr):
+        (JSC::X86Assembler::ucomis_rr):
+        (JSC::X86Assembler::int3):
+        (JSC::X86Assembler::ret):
+        (JSC::X86Assembler::predictNotTaken):
+        (JSC::X86Assembler::label):
+        (JSC::X86Assembler::align):
+        (JSC::X86Assembler::link):
+        (JSC::X86Assembler::executableCopy):
+        (JSC::X86Assembler::X86InstructionFormater::prefix):
+        (JSC::X86Assembler::X86InstructionFormater::oneByteOp):
+        (JSC::X86Assembler::X86InstructionFormater::twoByteOp):
+        (JSC::X86Assembler::X86InstructionFormater::oneByteOp64):
+        (JSC::X86Assembler::X86InstructionFormater::oneByteOp8):
+        (JSC::X86Assembler::X86InstructionFormater::twoByteOp8):
+        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate8):
+        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate32):
+        (JSC::X86Assembler::X86InstructionFormater::instructionRel32):
+        (JSC::X86Assembler::X86InstructionFormater::size):
+        (JSC::X86Assembler::X86InstructionFormater::isAligned):
+        (JSC::X86Assembler::X86InstructionFormater::data):
+        (JSC::X86Assembler::X86InstructionFormater::executableCopy):
+        (JSC::X86Assembler::X86InstructionFormater::registerModRM):
+        (JSC::X86Assembler::X86InstructionFormater::memoryModRM):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2008-12-15  Darin Adler  <darin@apple.com>
+
+        * interpreter/RegisterFile.h: Tweak include formatting.
+
+2008-12-15  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Build fix for Gtk+.
+
+        * interpreter/RegisterFile.h: Include stdio.h for fprintf
+
+2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6444455> Worker Thread crash running multiple workers for a moderate amount of time
+
+        * interpreter/RegisterFile.h: (JSC::RegisterFile::RegisterFile):
+        Improve error handling: if mmap fails, crash immediately, and print out the reason.
+
+2008-12-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Re-enable WREC on 64-bit.
+        Implements one of the MacroAssembler::jnzPtr methods, previously only implemented for 32-bit x86.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22849
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::testImm64):
+        (JSC::MacroAssembler::jnzPtr):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::testq_i32r):
+        (JSC::X86Assembler::testq_rr):
+        * wtf/Platform.h:
+
+2008-12-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Fix PPC builds.
+
+        * assembler/MacroAssembler.h:
+
+2008-12-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Build fix only, no review.
+
+        * bytecode/CodeBlock.h:
+
+2008-12-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Port the remainder of the JIT, bar calling convention related code, and code
+        implementing optimizations which can be disabled, to use the MacroAssembler.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::DataLabelPtr::DataLabelPtr):
+        (JSC::MacroAssembler::RepatchBuffer::RepatchBuffer):
+        (JSC::MacroAssembler::RepatchBuffer::link):
+        (JSC::MacroAssembler::RepatchBuffer::addressOf):
+        (JSC::MacroAssembler::RepatchBuffer::setPtr):
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::lshift32):
+        (JSC::MacroAssembler::mod32):
+        (JSC::MacroAssembler::rshift32):
+        (JSC::MacroAssembler::storePtrWithRepatch):
+        (JSC::MacroAssembler::jnzPtr):
+        (JSC::MacroAssembler::jzPtr):
+        (JSC::MacroAssembler::jump):
+        (JSC::MacroAssembler::label):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::xchgl_rr):
+        (JSC::X86Assembler::jmp_m):
+        (JSC::X86Assembler::repatchAddress):
+        (JSC::X86Assembler::getRelocatedAddress):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::JITCodeRef::JITCodeRef):
+        (JSC::CodeBlock::setJITCode):
+        (JSC::CodeBlock::jitCode):
+        (JSC::CodeBlock::executablePool):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileLinkPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JumpTable::JumpTable):
+        (JSC::JIT::emitCTICall):
+        (JSC::JIT::JSRInfo::JSRInfo):
+        * jit/JITArithmetic.cpp:
+        * jit/JITCall.cpp:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::emitCTICall_internal):
+        (JSC::JIT::checkStructure):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::addSlowCase):
+        (JSC::JIT::addJump):
+        (JSC::JIT::emitJumpSlowToHot):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2008-12-12  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix the failures of the following layout tests, which regressed in
+        r39255:
+
+        fast/dom/StyleSheet/ownerNode-lifetime-2.html
+        fast/xsl/transform-xhr-doc.xhtml
+
+        The binary search in CodeBlock::getByIdExceptionInfoForBytecodeOffset()
+        doesn't guarantee that it actually finds a match, so add an explicit check
+        for this.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
+
+2008-12-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Replace emitPutCallArg methods with emitPutJITStubArg methods.  Primarily to make the argument numbering
+        more sensible (1-based incrementing by 1, rather than 0-based incrementing by 4).  The CTI name also seems
+        to be being deprecated from the code generally.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallEvalSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutJITStubArg):
+        (JSC::JIT::emitPutJITStubArgConstant):
+        (JSC::JIT::emitGetJITStubArg):
+        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+
+2008-12-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Fix windows builds.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+
+2008-12-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Remove loop counter 'i' from the JIT generation passes, replace with a member m_bytecodeIndex.
+
+        No impact on performance.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JmpTable::JmpTable):
+        (JSC::JIT::emitCTICall):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::emitGetVirtualRegisters):
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::emitCTICall_internal):
+        (JSC::JIT::emitJumpSlowCaseIfJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
+        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
+        (JSC::JIT::addSlowCase):
+        (JSC::JIT::addJump):
+        (JSC::JIT::emitJumpSlowToHot):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compilePutByIdSlowCase):
+
+2008-12-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        <rdar://problem/6428342> Look into feasibility of discarding bytecode after native codegen
+
+        Move more JIT functionality to using offsets into the Instruction buffer
+        instead of raw pointers. Two to go!
+
+        * interpreter/Interpreter.cpp:
+        (JSC::bytecodeOffsetForPC): Rename from vPCForPC.
+        (JSC::Interpreter::resolve): Pass offset to exception helper.
+        (JSC::Interpreter::resolveSkip): Ditto.
+        (JSC::Interpreter::resolveGlobal): Ditto.
+        (JSC::Interpreter::resolveBaseAndProperty): Ditto.
+        (JSC::Interpreter::resolveBaseAndFunc): Ditto.
+        (JSC::isNotObject): Ditto.
+        (JSC::Interpreter::unwindCallFrame): Call bytecodeOffsetForPC.
+        (JSC::Interpreter::throwException): Use offsets instead of vPCs.
+        (JSC::Interpreter::privateExecute): Pass offset to exception helper.
+        (JSC::Interpreter::retrieveLastCaller): Ditto.
+        (JSC::Interpreter::cti_op_instanceof): Ditto.
+        (JSC::Interpreter::cti_op_call_NotJSFunction): Ditto.
+        (JSC::Interpreter::cti_op_resolve): Pass offset to exception helper.
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct): Ditto.
+        (JSC::Interpreter::cti_op_resolve_func): Ditto.
+        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
+        (JSC::Interpreter::cti_op_resolve_global): Ditto.
+        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
+        (JSC::Interpreter::cti_op_throw): Ditto.
+        (JSC::Interpreter::cti_op_in): Ditto.
+        (JSC::Interpreter::cti_vm_throw): Ditto.
+        * interpreter/Interpreter.h:
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass): Don't pass unnecessary vPC to stub.
+        * jit/JIT.h: Remove ARG_instr1 - ARG_instr3 and ARG_instr5 - ARG_instr6.
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallEvalSetupArgs): Don't pass unnecessary vPC to stub..
+        (JSC::JIT::compileOpConstructSetupArgs): Ditto.
+
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createUndefinedVariableError): Take an offset instead of vPC.
+        (JSC::createInvalidParamError): Ditto.
+        (JSC::createNotAConstructorError): Ditto.
+        (JSC::createNotAFunctionError): Ditto.
+        (JSC::createNotAnObjectError): Ditto.
+        * runtime/ExceptionHelpers.h:
+
+2008-12-12  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 22835: Crash during bytecode generation when comparing to null
+        <https://bugs.webkit.org/show_bug.cgi?id=22835>
+        <rdar://problem/6286749>
+
+        Change the special cases in bytecode generation for comparison to null
+        to use tempDestination().
+
+        * parser/Nodes.cpp:
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::EqualNode::emitBytecode):
+
+2008-12-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Move slow-cases of JIT code generation over to the MacroAssembler interface.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::Label::Label):
+        (JSC::MacroAssembler::jae32):
+        (JSC::MacroAssembler::jg32):
+        (JSC::MacroAssembler::jzPtr):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::emitGetVariableObjectRegister):
+        (JSC::JIT::emitPutVariableObjectRegister):
+        * jit/JIT.h:
+        (JSC::SlowCaseEntry::SlowCaseEntry):
+        (JSC::JIT::getSlowCase):
+        (JSC::JIT::linkSlowCase):
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::linkSlowCaseIfNotJSCell):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+
+2008-12-12  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 22828: Do not inspect bytecode instruction stream for op_get_by_id exception information
+        <https://bugs.webkit.org/show_bug.cgi?id=22828>
+
+        In order to remove the bytecode instruction stream after generating
+        native code, all inspection of bytecode instructions at runtime must
+        be removed. One particular instance of this is the special handling of
+        exceptions thrown by the op_get_by_id emitted directly before an
+        op_construct or an op_instanceof. This patch moves that information to
+        an auxiliary data structure in CodeBlock.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::addGetByIdExceptionInfo):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitConstruct):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::emitGetByIdExceptionInfo):
+        * parser/Nodes.cpp:
+        (JSC::InstanceOfNode::emitBytecode):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createNotAnObjectError):
+
+2008-12-12  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Change exception information accessors to take offsets into the bytecode
+        instruction buffer instead of pointers so that they can work even even
+        if the bytecode buffer is purged.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::instructionOffsetForNth):
+        (JSC::CodeBlock::handlerForBytecodeOffset):
+        (JSC::CodeBlock::lineNumberForBytecodeOffset):
+        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
+        * bytecode/CodeBlock.h:
+        * bytecode/SamplingTool.cpp:
+        (JSC::SamplingTool::dump):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveLastCaller):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * runtime/ExceptionHelpers.cpp:
+        (JSC::createUndefinedVariableError):
+        (JSC::createInvalidParamError):
+        (JSC::createNotAConstructorError):
+        (JSC::createNotAFunctionError):
+        (JSC::createNotAnObjectError):
+
+2008-12-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Tiny bit of refactoring in quantifier generation.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+
+2008-12-11  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove dependancy on having the Instruction buffer in order to
+        deref Structures used for property access and global resolves.
+        Instead, we put references to the necessary Structures in auxiliary
+        data structures on the CodeBlock. This is not an ideal solution,
+        as we still pay for having the Structures in two places and we
+        would like to eventually just hold on to offsets into the machine
+        code buffer.
+
+        - Also removes CodeBlock bloat in non-JIT by #ifdefing the JIT
+          only data structures.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * bytecode/CodeBlock.cpp:
+        (JSC::isGlobalResolve):
+        (JSC::isPropertyAccess):
+        (JSC::instructionOffsetForNth):
+        (JSC::printGlobalResolveInfo):
+        (JSC::printStructureStubInfo):
+        (JSC::CodeBlock::printStructures):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::GlobalResolveInfo::GlobalResolveInfo):
+        (JSC::getNativePC):
+        (JSC::CodeBlock::instructions):
+        (JSC::CodeBlock::getStubInfo):
+        (JSC::CodeBlock::getBytecodeIndex):
+        (JSC::CodeBlock::addPropertyAccessInstruction):
+        (JSC::CodeBlock::addGlobalResolveInstruction):
+        (JSC::CodeBlock::numberOfStructureStubInfos):
+        (JSC::CodeBlock::addStructureStubInfo):
+        (JSC::CodeBlock::structureStubInfo):
+        (JSC::CodeBlock::addGlobalResolveInfo):
+        (JSC::CodeBlock::globalResolveInfo):
+        (JSC::CodeBlock::numberOfCallLinkInfos):
+        (JSC::CodeBlock::addCallLinkInfo):
+        (JSC::CodeBlock::callLinkInfo):
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+        * bytecode/Opcode.h:
+        (JSC::):
+        * bytecode/StructureStubInfo.cpp: Copied from bytecode/CodeBlock.cpp.
+        (JSC::StructureStubInfo::deref):
+        * bytecode/StructureStubInfo.h: Copied from bytecode/CodeBlock.h.
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::StructureStubInfo::initGetByIdSelf):
+        (JSC::StructureStubInfo::initGetByIdProto):
+        (JSC::StructureStubInfo::initGetByIdChain):
+        (JSC::StructureStubInfo::initGetByIdSelfList):
+        (JSC::StructureStubInfo::initGetByIdProtoList):
+        (JSC::StructureStubInfo::initPutByIdTransition):
+        (JSC::StructureStubInfo::initPutByIdReplace):
+        (JSC::StructureStubInfo::):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitResolve):
+        (JSC::BytecodeGenerator::emitGetById):
+        (JSC::BytecodeGenerator::emitPutById):
+        (JSC::BytecodeGenerator::emitCall):
+        (JSC::BytecodeGenerator::emitConstruct):
+        (JSC::BytecodeGenerator::emitCatch):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::getPolymorphicAccessStructureListSlot):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_resolve_global):
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+
+2008-12-11  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove CTI_ARGUMENTS mode, use va_start implementation on Windows,
+        unifying JIT callback (cti_*) argument access on OS X & Windows
+
+        No performance impact.
+
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitCTICall):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        * wtf/Platform.h:
+
+2008-12-11  Holger Freyther  <zecke@selfish.org>
+
+        Reviewed by Simon Hausmann.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20953
+
+        For Qt it is not pratical to have a FontCache and GlyphPageTreeNode
+        implementation. This is one of the reasons why the Qt port is currently not
+        using WebCore/platform/graphics/Font.cpp. By allowing to not use
+        the simple/fast-path the Qt port will be able to use it.
+
+        Introduce USE(FONT_FAST_PATH) and define it for every port but the
+        Qt one.
+
+        * wtf/Platform.h: Enable USE(FONT_FAST_PATH)
+
+2008-12-11  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler and landed by Holger Freyther.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=22648>
+        Fix threading on Qt-port and Gtk-port for Sampling tool.
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::waitForThreadCompletion):
+        * wtf/ThreadingQt.cpp:
+        (WTF::waitForThreadCompletion):
+
+2008-12-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 22734: Debugger crashes when stepping into a function call in a return statement
+        <https://bugs.webkit.org/show_bug.cgi?id=22734>
+        <rdar://problem/6426796>
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): The DebuggerCallFrame uses
+        the 'this' value stored in a callFrame, so op_convert_this should be
+        emitted at the beginning of a function body when generating bytecode
+        with debug hooks.
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::thisObject): The assertion inherent in the call
+        to asObject() here is valid, because any 'this' value should have been
+        converted to a JSObject*.
+
+2008-12-10  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Port more of the JIT to use the MacroAssembler interface.
+        
+        Everything in the main pass, bar a few corner cases (operations with required
+        registers, or calling convention code).  Slightly refactors array creation,
+        moving the offset calculation into the callFrame into C code (reducing code
+        planted).
+
+        Overall this appears to be a 1% win on v8-tests, due to the smaller immediates
+        being planted (in jfalse in particular).
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_new_array):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+
+2008-12-10  Sam Weinig  <sam@webkit.org>
+
+        Fix non-JIT builds.
+
+        * bytecode/CodeBlock.h:
+
+2008-12-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        <rdar://problem/6428332> Remove the CTI return address table from CodeBlock
+
+        Step 2:
+
+        Convert the return address table from a HashMap to a sorted Vector.  This
+        reduces the size of the data structure by ~4.5MB on Membuster head.
+
+        SunSpider reports a 0.5% progression.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::sizeInBytes): Generic method to get the cost of a Vector.
+        (JSC::CodeBlock::dumpStatistics): Add dumping of member sizes.
+        * bytecode/CodeBlock.h:
+        (JSC::PC::PC): Struct representing NativePC -> VirtualPC mappings.
+        (JSC::getNativePC): Helper for binary chop.
+        (JSC::CodeBlock::getBytecodeIndex): Used to get the VirtualPC from a
+        NativePC using a binary chop of the pcVector.
+        (JSC::CodeBlock::pcVector): Accessor.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::vPCForPC): Use getBytecodeIndex instead of jitReturnAddressVPCMap().get().
+        (JSC::Interpreter::cti_op_instanceof): Ditto.
+        (JSC::Interpreter::cti_op_resolve): Ditto.
+        (JSC::Interpreter::cti_op_resolve_func): Ditto.
+        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
+        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
+        (JSC::Interpreter::cti_op_throw): Ditto.
+        (JSC::Interpreter::cti_op_in): Ditto.
+        (JSC::Interpreter::cti_vm_throw): Ditto.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile): Reserve exact capacity and fill the pcVector.
+
+2008-12-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Added WREC support for an assertion followed by a quantifier. Fixed
+        PCRE to match.
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parseParentheses): Throw away the quantifier, since
+        it's meaningless. (Firefox does the same.)
+
+        * pcre/pcre_compile.cpp:
+        (compileBranch): ditto.
+
+2008-12-09  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        In preparation for compiling WREC without PCRE:
+        
+        Further relaxed WREC's parsing to be more web-compatible. Fixed PCRE to
+        match in cases where it didn't already.
+        
+        Changed JavaScriptCore to report syntax errors detected by WREC, rather
+        than falling back on PCRE any time WREC sees an error.
+        
+        * pcre/pcre_compile.cpp:
+        (checkEscape): Relaxed parsing of \c and \N escapes to be more
+        web-compatible.
+        
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp): Only fall back on PCRE if WREC has not reported
+        a syntax error.
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp): Fixed some error reporting to
+        match PCRE.
+
+        * wrec/WRECParser.cpp: Added error messages that match PCRE.
+
+        (JSC::WREC::Parser::consumeGreedyQuantifier):
+        (JSC::WREC::Parser::parseParentheses):
+        (JSC::WREC::Parser::parseCharacterClass):
+        (JSC::WREC::Parser::parseNonCharacterEscape): Updated the above functions to
+        use the new setError API.
+
+        (JSC::WREC::Parser::consumeEscape): Relaxed parsing of \c \N \u \x \B
+        to be more web-compatible.
+
+        (JSC::WREC::Parser::parseAlternative): Distinguish between a malformed
+        quantifier and a quantifier with no prefix, like PCRE does.
+
+        (JSC::WREC::Parser::consumeParenthesesType): Updated to use the new setError API.
+
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::error):
+        (JSC::WREC::Parser::syntaxError):
+        (JSC::WREC::Parser::parsePattern):
+        (JSC::WREC::Parser::reset):
+        (JSC::WREC::Parser::setError): Store error messages instead of error codes,
+        to provide for exception messages. Use a setter for reporting errors, so
+        errors detected early are not overwritten by errors detected later.
+
+2008-12-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Use va_args to access cti function arguments.
+        https://bugs.webkit.org/show_bug.cgi?id=22774
+
+        This may be a minor regression, but we'll take the hit if so to reduce fragility.
+
+        * interpreter/Interpreter.cpp:
+        * interpreter/Interpreter.h:
+
+2008-12-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed twice by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22752
+        Clear SymbolTable after codegen for Function codeblocks that
+        don't require an activation
+
+        This is a ~1.5MB improvement on Membuster-head.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpStatistics): Add logging of non-empty symbol tables
+        and total size used by symbol tables.
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate): Clear the symbol table here.
+
+2008-12-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove unnecessary extra lookup when throwing an exception.
+        We used to first lookup the target offset using getHandlerForVPC
+        and then we would lookup the native code stub using 
+        nativeExceptionCodeForHandlerVPC.  Instead, we can just pass around
+        the HandlerInfo.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::handlerForVPC): Return the HandlerInfo.
+        * bytecode/CodeBlock.h: Remove nativeExceptionCodeForHandlerVPC.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::throwException): Return a HandlerInfo instead of
+        and Instruction offset.
+        (JSC::Interpreter::privateExecute): Get the offset from HandlerInfo.
+        (JSC::Interpreter::cti_op_throw): Get the native code from the HandleInfo.
+        (JSC::Interpreter::cti_vm_throw): Ditto.
+        * interpreter/Interpreter.h:
+
+2008-12-09  Eric Seidel  <eric@webkit.org>
+
+        Build fix only, no review.
+
+        Speculative fix for the Chromium-Windows bot.
+        Add JavaScriptCore/os-win32 to the include path (for stdint.h)
+        Strangely it builds fine on my local windows box (or at least doesn't hit this error)
+
+        * JavaScriptCore.scons:
+
+2008-12-09  Eric Seidel  <eric@webkit.org>
+
+        No review, build fix only.
+        
+        Add ExecutableAllocator files missing from Scons build.
+
+        * JavaScriptCore.scons:
+
+2008-12-09  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Timothy Hatcher.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22631
+        Allow ScriptCallFrame query names of functions in the call stack.
+
+        * JavaScriptCore.exp: added InternalFunction::name and
+        UString operator==() as exported symbol
+
+2008-12-08  Judit Jasz  <jasy@inf.u-szeged.hu>
+
+        Reviewed and tweaked by Cameron Zwarich.
+
+        Bug 22352: Annotate opcodes with their length
+        <https://bugs.webkit.org/show_bug.cgi?id=22352>
+
+        * bytecode/Opcode.cpp:
+        * bytecode/Opcode.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+
+2008-12-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Implemented more of the relaxed and somewhat weird rules for deciding
+        how to interpret a non-pattern-character.
+        
+        * wrec/Escapes.h:
+        (JSC::WREC::Escape::):
+        (JSC::WREC::Escape::Escape): Eliminated Escape::None because it was
+        unused. If you see an '\\', it's either a valid escape or an error.
+
+        * wrec/Quantifier.h:
+        (JSC::WREC::Quantifier::Quantifier):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier): Renamed "noMaxSpecified"
+        to "Infinity", since that's what it means.
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::consumeGreedyQuantifier): Re-wrote {n,m} parsing rules
+        because they were too strict before. Added support for backtracking
+        in the case where the {n,m} fails to parse as a quantifier, and yet is
+        not a syntax error.
+
+        (JSC::WREC::Parser::parseCharacterClass):
+        (JSC::WREC::Parser::parseNonCharacterEscape): Eliminated Escape::None,
+        as above.
+
+        (JSC::WREC::Parser::consumeEscape): Don't treat ASCII and _ escapes
+        as syntax errors. See fast/regex/non-pattern-characters.html.
+        
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::SavedState::SavedState):
+        (JSC::WREC::Parser::SavedState::restore): Added a state backtracker,
+        since parsing {n,m} forms requires backtracking if the form turns out
+        not to be a quantifier.
+
+2008-12-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Refactored WREC parsing so that only one piece of code needs to know
+        the relaxed and somewhat weird rules for deciding how to interpret a
+        non-pattern-character, in preparation for implementing those rules.
+        
+        Also, implemented the relaxed and somewhat weird rules for '}' and ']'.
+
+        * wrec/WREC.cpp: Reduced the regular expression size limit. Now that
+        WREC handles ']' properly, it compiles fast/js/regexp-charclass-crash.html,
+        which makes it hang at the old limit. (The old limit was based on the
+        misimpression that the same value in PCRE limited the regular expression
+        pattern size; in reality, it limited the expected compiled regular
+        expression size. WREC doesn't have a way to calculate an expected
+        compiled regular expression size, but this should be good enough.)
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::parsePatternCharacterSequence): Nixed this function because
+        it contained a second copy of the logic for handling non-pattern-characters,
+        which is about to get a lot more complicated.
+
+        (JSC::WREC::PatternCharacterSequence::PatternCharacterSequence): 
+        (JSC::WREC::PatternCharacterSequence::size):
+        (JSC::WREC::PatternCharacterSequence::append):
+        (JSC::WREC::PatternCharacterSequence::flush): Helper object for generating
+        an optimized sequence of pattern characters.
+
+        (JSC::WREC::Parser::parseNonCharacterEscape): Renamed to reflect the fact
+        that the main parseAlternative loop handles character escapes.
+
+        (JSC::WREC::Parser::parseAlternative): Moved pattern character sequence
+        logic from parsePatternCharacterSequence to here, using
+        PatternCharacterSequence to help with the details.
+
+        * wrec/WRECParser.h: Updated for renames.
+
+2008-12-08  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        <rdar://problem/6166088> Give JSGlobalContextCreate a behavior that is concurrency aware,
+        and un-deprecate it
+
+        * API/JSContextRef.cpp: (JSGlobalContextCreate):
+        * API/JSContextRef.h:
+        Use a unique context group for the context, unless the application was linked against old
+        JavaScriptCore.
+
+2008-12-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for <rdar://problem/6428332> Remove the CTI return address table from CodeBlock
+
+        Step 1:
+
+        Remove use of jitReturnAddressVPCMap when looking for vPC to store Structures
+        in for cached lookup.  Instead, use the offset in the StructureStubInfo that is
+        already required.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpStatistics): Fix extraneous semicolon.
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdSelf):
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdReplace):
+        (JSC::JIT::compilePutByIdTransition):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength): Remove extra call to getStubInfo.
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+
+2008-12-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Port the op_j?n?eq_null JIT code generation to use the MacroAssembler,
+        and clean up slightly at the same time.  The 'j' forms currently compare,
+        then set a register, then compare again, then branch.  Branch directly on
+        the result of the first compare.
+
+        Around a 1% progression on deltablue, crypto & early boyer, for about 1/2%
+        overall on v8-tests.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdSlowCase):
+
+2008-12-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Expand MacroAssembler to support more operations, required by the JIT.
+
+        Generally adds more operations and permutations of operands to the existing
+        interface.  Rename 'jset' to 'jnz' and 'jnset' to 'jz', which seem clearer,
+        and require that immediate pointer operands (though not pointer addresses to
+        load and store instructions) are wrapped in a ImmPtr() type, akin to Imm32().
+
+        No performance impact.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::):
+        (JSC::MacroAssembler::ImmPtr::ImmPtr):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::and32):
+        (JSC::MacroAssembler::or32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::xor32):
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::load32):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::store32):
+        (JSC::MacroAssembler::poke):
+        (JSC::MacroAssembler::move):
+        (JSC::MacroAssembler::testImm32):
+        (JSC::MacroAssembler::jae32):
+        (JSC::MacroAssembler::jb32):
+        (JSC::MacroAssembler::jePtr):
+        (JSC::MacroAssembler::je32):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jne32):
+        (JSC::MacroAssembler::jnzPtr):
+        (JSC::MacroAssembler::jnz32):
+        (JSC::MacroAssembler::jzPtr):
+        (JSC::MacroAssembler::jz32):
+        (JSC::MacroAssembler::joSub32):
+        (JSC::MacroAssembler::jump):
+        (JSC::MacroAssembler::sete32):
+        (JSC::MacroAssembler::setne32):
+        (JSC::MacroAssembler::setnz32):
+        (JSC::MacroAssembler::setz32):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::addl_mr):
+        (JSC::X86Assembler::andl_i8r):
+        (JSC::X86Assembler::cmpl_rm):
+        (JSC::X86Assembler::cmpl_mr):
+        (JSC::X86Assembler::cmpl_i8m):
+        (JSC::X86Assembler::subl_mr):
+        (JSC::X86Assembler::testl_i32m):
+        (JSC::X86Assembler::xorl_i32r):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::modRm_opmsib):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::emitPutCTIArgConstant):
+        (JSC::JIT::emitPutCTIParam):
+        (JSC::JIT::emitPutImmediateToCallFrameHeader):
+        (JSC::JIT::emitInitRegister):
+        (JSC::JIT::checkStructure):
+        (JSC::JIT::emitJumpIfJSCell):
+        (JSC::JIT::emitJumpIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+
+2008-12-08  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed a bug where WREC would allow a quantifier whose minimum was
+        greater than its maximum.
+        
+        * wrec/Quantifier.h:
+        (JSC::WREC::Quantifier::Quantifier): ASSERT that the quantifier is not
+        backwards.
+        
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::consumeGreedyQuantifier): Verify that the minimum
+        is not greater than the maximum.
+
+2008-12-08  Eric Seidel  <eric@webkit.org>
+        
+        Build fix only, no review.
+
+        * JavaScriptCore.scons: add bytecode/JumpTable.cpp
+
+2008-12-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=22716
+        <rdar://problem/6428315>
+        Add RareData structure to CodeBlock for infrequently used auxiliary data
+        members.
+
+        Reduces memory on Membuster-head by ~.5MB 
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::dumpStatistics):
+        (JSC::CodeBlock::mark):
+        (JSC::CodeBlock::getHandlerForVPC):
+        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::numberOfExceptionHandlers):
+        (JSC::CodeBlock::addExceptionHandler):
+        (JSC::CodeBlock::exceptionHandler):
+        (JSC::CodeBlock::addFunction):
+        (JSC::CodeBlock::function):
+        (JSC::CodeBlock::addUnexpectedConstant):
+        (JSC::CodeBlock::unexpectedConstant):
+        (JSC::CodeBlock::addRegExp):
+        (JSC::CodeBlock::regexp):
+        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
+        (JSC::CodeBlock::addImmediateSwitchJumpTable):
+        (JSC::CodeBlock::immediateSwitchJumpTable):
+        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
+        (JSC::CodeBlock::addCharacterSwitchJumpTable):
+        (JSC::CodeBlock::characterSwitchJumpTable):
+        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
+        (JSC::CodeBlock::addStringSwitchJumpTable):
+        (JSC::CodeBlock::stringSwitchJumpTable):
+        (JSC::CodeBlock::evalCodeCache):
+        (JSC::CodeBlock::createRareDataIfNecessary):
+
+2008-11-26  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Anders Carlsson.
+
+        https://bugs.webkit.org/show_bug.cgi?id=16814
+        Allow ports to disable ActiveX->NPAPI conversion for Media Player.
+        Improve handling of miscellaneous ActiveX objects.
+
+        * wtf/Platform.h: Add another ENABLE(...).
+
+2008-12-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Add dumping of CodeBlock member structure usage.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpStatistics):
+        * bytecode/EvalCodeCache.h:
+        (JSC::EvalCodeCache::isEmpty):
+
+2008-12-08  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 22555: Sort "children" sections in Xcode project files
+
+        <https://bugs.webkit.org/show_bug.cgi?id=22555>
+
+        Reviewed by Eric Seidel.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Sorted.
+
+2008-12-08  Tony Chang  <tony@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Enable Pan scrolling only when building on PLATFORM(WIN_OS)
+        Previously platforms like Apple Windows WebKit, Cairo Windows WebKit,
+        Wx and Chromium were enabling it explicitly, now we just turn it on
+        for all WIN_OS, later platforms can turn it off as needed on Windows
+        (or turn it on under Linux, etc.)
+        https://bugs.webkit.org/show_bug.cgi?id=22698
+
+        * wtf/Platform.h:
+
+2008-12-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Add basic memory statistics dumping for CodeBlock.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpStatistics):
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::~CodeBlock):
+        * bytecode/CodeBlock.h:
+
+2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Fix the Linux build with newer gcc/glibc.
+
+        * jit/ExecutableAllocatorPosix.cpp: Include unistd.h for
+        getpagesize(), according to
+        http://opengroup.org/onlinepubs/007908775/xsh/getpagesize.html
+
+2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Fix the build with Qt on Windows.
+
+        * JavaScriptCore.pri: Compile ExecutableAllocatorWin.cpp on Windows.
+
+2008-12-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Buildfix).
+
+        Fix non-WREC builds
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+
+2008-12-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Put ENABLE(ASSEMBLER) guards around use of ExecutableAllocator in global data
+
+        Correct Qt and Gtk project files
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * runtime/JSGlobalData.h:
+
+2008-12-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Add new files to other projects.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.pro:
+
+2008-12-07  Oliver Hunt  <oliver@apple.com>
+
+        Rubber stamped by Mark Rowe.
+
+        Rename ExecutableAllocatorMMAP to the more sensible ExecutableAllocatorPosix
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/ExecutableAllocator.h:
+        * jit/ExecutableAllocatorPosix.cpp: Renamed from JavaScriptCore/jit/ExecutableAllocatorMMAP.cpp.
+        (JSC::ExecutableAllocator::intializePageSize):
+        (JSC::ExecutablePool::systemAlloc):
+        (JSC::ExecutablePool::systemRelease):
+
+2008-12-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich and Sam Weinig
+
+        <rdar://problem/6309878> Need more granular control over allocation of executable memory (21783)
+        <https://bugs.webkit.org/show_bug.cgi?id=21783>
+
+        Add a new allocator for use by the JIT that provides executable pages, so
+        we can get rid of the current hack that makes the entire heap executable.
+
+        1-2% progression on SunSpider-v8, 1% on SunSpider.  Reduces memory usage as well!
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::size):
+        (JSC::AssemblerBuffer::executableCopy):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::size):
+        (JSC::MacroAssembler::copyCode):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::size):
+        (JSC::X86Assembler::executableCopy):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::executablePool):
+        (JSC::CodeBlock::setExecutablePool):
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::derefStructures):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::~Interpreter):
+        * interpreter/Interpreter.h:
+        * jit/ExecutableAllocator.cpp: Added.
+        * jit/ExecutableAllocator.h: Added.
+        (JSC::ExecutablePool::create):
+        (JSC::ExecutablePool::alloc):
+        (JSC::ExecutablePool::~ExecutablePool):
+        (JSC::ExecutablePool::available):
+        (JSC::ExecutablePool::ExecutablePool):
+        (JSC::ExecutablePool::poolAllocate):
+        (JSC::ExecutableAllocator::ExecutableAllocator):
+        (JSC::ExecutableAllocator::poolForSize):
+        (JSC::ExecutablePool::sizeForAllocation):
+        * jit/ExecutableAllocatorMMAP.cpp: Added.
+        (JSC::ExecutableAllocator::intializePageSize):
+        (JSC::ExecutablePool::systemAlloc):
+        (JSC::ExecutablePool::systemRelease):
+        * jit/ExecutableAllocatorWin.cpp: Added.
+        (JSC::ExecutableAllocator::intializePageSize):
+        (JSC::ExecutablePool::systemAlloc):
+        (JSC::ExecutablePool::systemRelease):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        (JSC::JIT::compileCTIMachineTrampolines):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        * parser/Nodes.cpp:
+        (JSC::RegExpNode::emitBytecode):
+        * runtime/JSGlobalData.h:
+        (JSC::JSGlobalData::poolForSize):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::create):
+        (JSC::RegExp::~RegExp):
+        * runtime/RegExp.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+        * wrec/WRECGenerator.h:
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/TCSystemAlloc.cpp:
+        (TryMmap):
+        (TryVirtualAlloc):
+        (TryDevMem):
+        (TCMalloc_SystemRelease):
+
+2008-12-06  Sam Weinig  <sam@webkit.org>
+
+        Fix the Gtk build.
+
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compilePutByIdHotPath):
+
+2008-12-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich,
+
+        Move CodeBlock constructor into the .cpp file.
+
+        Sunspider reports a .7% progression, but I can only assume this
+        is noise.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::CodeBlock):
+        * bytecode/CodeBlock.h:
+
+2008-12-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Split JumpTable code into its own file.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * bytecode/CodeBlock.cpp:
+        * bytecode/CodeBlock.h:
+        * bytecode/JumpTable.cpp: Copied from bytecode/CodeBlock.cpp.
+        * bytecode/JumpTable.h: Copied from bytecode/CodeBlock.h.
+
+2008-12-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22715
+        Encapsulate more CodeBlock members in preparation
+        of moving some of them to a rare data structure.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::locationForOffset):
+        (JSC::printConditionalJump):
+        (JSC::printGetByIdOp):
+        (JSC::printPutByIdOp):
+        (JSC::CodeBlock::printStructure):
+        (JSC::CodeBlock::printStructures):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        (JSC::CodeBlock::mark):
+        (JSC::CodeBlock::getHandlerForVPC):
+        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
+        (JSC::CodeBlock::lineNumberForVPC):
+        (JSC::CodeBlock::expressionRangeForVPC):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::addCaller):
+        (JSC::CodeBlock::removeCaller):
+        (JSC::CodeBlock::isKnownNotImmediate):
+        (JSC::CodeBlock::isConstantRegisterIndex):
+        (JSC::CodeBlock::getConstant):
+        (JSC::CodeBlock::isTemporaryRegisterIndex):
+        (JSC::CodeBlock::getStubInfo):
+        (JSC::CodeBlock::getCallLinkInfo):
+        (JSC::CodeBlock::instructions):
+        (JSC::CodeBlock::setJITCode):
+        (JSC::CodeBlock::jitCode):
+        (JSC::CodeBlock::ownerNode):
+        (JSC::CodeBlock::setGlobalData):
+        (JSC::CodeBlock::setThisRegister):
+        (JSC::CodeBlock::thisRegister):
+        (JSC::CodeBlock::setNeedsFullScopeChain):
+        (JSC::CodeBlock::needsFullScopeChain):
+        (JSC::CodeBlock::setUsesEval):
+        (JSC::CodeBlock::usesEval):
+        (JSC::CodeBlock::setUsesArguments):
+        (JSC::CodeBlock::usesArguments):
+        (JSC::CodeBlock::codeType):
+        (JSC::CodeBlock::source):
+        (JSC::CodeBlock::sourceOffset):
+        (JSC::CodeBlock::addGlobalResolveInstruction):
+        (JSC::CodeBlock::numberOfPropertyAccessInstructions):
+        (JSC::CodeBlock::addPropertyAccessInstruction):
+        (JSC::CodeBlock::propertyAccessInstruction):
+        (JSC::CodeBlock::numberOfCallLinkInfos):
+        (JSC::CodeBlock::addCallLinkInfo):
+        (JSC::CodeBlock::callLinkInfo):
+        (JSC::CodeBlock::numberOfJumpTargets):
+        (JSC::CodeBlock::addJumpTarget):
+        (JSC::CodeBlock::jumpTarget):
+        (JSC::CodeBlock::lastJumpTarget):
+        (JSC::CodeBlock::numberOfExceptionHandlers):
+        (JSC::CodeBlock::addExceptionHandler):
+        (JSC::CodeBlock::exceptionHandler):
+        (JSC::CodeBlock::addExpressionInfo):
+        (JSC::CodeBlock::numberOfLineInfos):
+        (JSC::CodeBlock::addLineInfo):
+        (JSC::CodeBlock::lastLineInfo):
+        (JSC::CodeBlock::jitReturnAddressVPCMap):
+        (JSC::CodeBlock::numberOfIdentifiers):
+        (JSC::CodeBlock::addIdentifier):
+        (JSC::CodeBlock::identifier):
+        (JSC::CodeBlock::numberOfConstantRegisters):
+        (JSC::CodeBlock::addConstantRegister):
+        (JSC::CodeBlock::constantRegister):
+        (JSC::CodeBlock::addFunction):
+        (JSC::CodeBlock::function):
+        (JSC::CodeBlock::addFunctionExpression):
+        (JSC::CodeBlock::functionExpression):
+        (JSC::CodeBlock::addUnexpectedConstant):
+        (JSC::CodeBlock::unexpectedConstant):
+        (JSC::CodeBlock::addRegExp):
+        (JSC::CodeBlock::regexp):
+        (JSC::CodeBlock::symbolTable):
+        (JSC::CodeBlock::evalCodeCache):
+        New inline setters/getters.
+
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::ProgramCodeBlock::~ProgramCodeBlock):
+        (JSC::ProgramCodeBlock::clearGlobalObject):
+        * bytecode/SamplingTool.cpp:
+        (JSC::ScopeSampleRecord::sample):
+        (JSC::SamplingTool::dump):
+        * bytecompiler/BytecodeGenerator.cpp:
+        * bytecompiler/BytecodeGenerator.h:
+        * bytecompiler/Label.h:
+        * interpreter/CallFrame.cpp:
+        * interpreter/Interpreter.cpp:
+        * jit/JIT.cpp:
+        * jit/JITCall.cpp:
+        * jit/JITInlineMethods.h:
+        * jit/JITPropertyAccess.cpp:
+        * parser/Nodes.cpp:
+        * runtime/Arguments.h:
+        * runtime/ExceptionHelpers.cpp:
+        * runtime/JSActivation.cpp:
+        * runtime/JSActivation.h:
+        * runtime/JSGlobalObject.cpp:
+        Change direct access to use new getter/setters.
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Prevent GCC4.2 from hanging when trying to compile Interpreter.cpp.
+        Added "-fno-var-tracking" compiler flag.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22704
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Ordering of branch operands in MacroAssembler in unnecessarily  inconsistent.
+
+        je, jg etc take an immediate operand as the second argument, but for the
+        equality branches (je, jne) the immediate operand was the first argument.  This
+        was unnecessarily inconsistent.  Change je, jne methods to take the immediate
+        as the second argument.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22703
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::je32):
+        (JSC::MacroAssembler::jne32):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacterPair):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Second tranche of porting JIT.cpp to MacroAssembler interface.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::mul32):
+        (JSC::MacroAssembler::jl32):
+        (JSC::MacroAssembler::jnzSub32):
+        (JSC::MacroAssembler::joAdd32):
+        (JSC::MacroAssembler::joMul32):
+        (JSC::MacroAssembler::jzSub32):
+        * jit/JIT.cpp:
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+
+2008-12-05  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 22609: Provide a build-time choice when generating hash tables for properties of built-in DOM objects
+
+        <https://bugs.webkit.org/show_bug.cgi?id=22609>
+        <rdar://problem/6331749>
+
+        Reviewed by Darin Adler.
+
+        Initial patch by Yosen Lin.  Adapted for ToT WebKit by David Kilzer.
+
+        Added back the code that generates a "compact" hash (instead of a
+        perfect hash) as a build-time option using the
+        ENABLE(PERFECT_HASH_SIZE) macro as defined in Lookup.h.
+
+        * create_hash_table: Rename variables to differentiate perfect hash
+        values from compact hash values.  Added back code to compute compact
+        hash tables.  Generate both hash table sizes and emit
+        conditionalized code based on ENABLE(PERFECT_HASH_SIZE).
+        * runtime/Lookup.cpp:
+        (JSC::HashTable::createTable): Added version of createTable() for
+        use with compact hash tables.
+        (JSC::HashTable::deleteTable): Updated to work with compact hash
+        tables.
+        * runtime/Lookup.h: Defined ENABLE(PERFECT_HASH_SIZE) macro here.
+        (JSC::HashEntry::initialize): Set m_next to zero when using compact
+        hash tables.
+        (JSC::HashEntry::setNext): Added for compact hash tables.
+        (JSC::HashEntry::next): Added for compact hash tables.
+        (JSC::HashTable::entry): Added version of entry() for use with
+        compact hash tables.
+        * runtime/Structure.cpp:
+        (JSC::Structure::getEnumerablePropertyNames): Updated to work with
+        compact hash tables.
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Remove redundant calls to JIT::emitSlowScriptCheck.
+        This is checked in the hot path, so is not needed on the slow path - and the code
+        was being planted before the start of the slow case, so was completely unreachable!
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Move JIT::compileOpStrictEq to MacroAssembler interface.
+
+        The rewrite also looks like a small (<1%) performance progression.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22697
+
+        * jit/JIT.cpp:
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitJumpIfJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfJSCell):
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Remove m_assembler from MacroAssembler::Jump.
+        Keeping a pointer allowed for some syntactic sugar - "link()" looks nicer
+        than "link(this)".  But maintaining this doubles the size of Jump, which
+        is even more unfortunate for the JIT, since there are many large structures
+        holding JmpSrcs.  Probably best to remove it.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22693
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::Jump::Jump):
+        (JSC::MacroAssembler::Jump::link):
+        (JSC::MacroAssembler::Jump::linkTo):
+        (JSC::MacroAssembler::JumpList::link):
+        (JSC::MacroAssembler::JumpList::linkTo):
+        (JSC::MacroAssembler::jae32):
+        (JSC::MacroAssembler::je32):
+        (JSC::MacroAssembler::je16):
+        (JSC::MacroAssembler::jg32):
+        (JSC::MacroAssembler::jge32):
+        (JSC::MacroAssembler::jl32):
+        (JSC::MacroAssembler::jle32):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jne32):
+        (JSC::MacroAssembler::jnset32):
+        (JSC::MacroAssembler::jset32):
+        (JSC::MacroAssembler::jump):
+        (JSC::MacroAssembler::jzSub32):
+        (JSC::MacroAssembler::joAdd32):
+        (JSC::MacroAssembler::call):
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateBackreferenceQuantifier):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateParenthesesAssertion):
+        (JSC::WREC::Generator::generateParenthesesInvertedAssertion):
+        (JSC::WREC::Generator::generateParenthesesNonGreedy):
+        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::generateBackreference):
+        (JSC::WREC::Generator::terminateAlternative):
+        (JSC::WREC::Generator::terminateDisjunction):
+        * wrec/WRECParser.h:
+
+2008-12-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Simplify JIT generated checks for timeout code, by moving more work into the C function.
+        https://bugs.webkit.org/show_bug.cgi?id=22688
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_timeout_check):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::emitSlowScriptCheck):
+
+2008-12-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Encapsulate access to jump tables in the CodeBlock in preparation
+        of moving them to a rare data structure.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::shrinkToFit):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
+        (JSC::CodeBlock::addImmediateSwitchJumpTable):
+        (JSC::CodeBlock::immediateSwitchJumpTable):
+        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
+        (JSC::CodeBlock::addCharacterSwitchJumpTable):
+        (JSC::CodeBlock::characterSwitchJumpTable):
+        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
+        (JSC::CodeBlock::addStringSwitchJumpTable):
+        (JSC::CodeBlock::stringSwitchJumpTable):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::endSwitch):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+
+2008-12-05  Adam Roben  <aroben@apple.com>
+
+        Windows build fix after r39020
+
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        Add some apparently-missing __.
+
+2008-12-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22673
+        
+        Added support for the assertion (?=) and inverted assertion (?!) atoms
+        in WREC.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateParenthesesAssertion):
+        (JSC::WREC::Generator::generateParenthesesInvertedAssertion): Split the
+        old (unused) generateParentheses into these two functions, with more
+        limited capabilities.
+        
+        * wrec/WRECGenerator.h:
+        (JSC::WREC::Generator::): Moved an enum to the top of the class definition,
+        to match the WebKit style, and removed a defunct comment.
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parseParentheses):
+        (JSC::WREC::Parser::consumeParenthesesType):
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::): Added support for parsing (?=) and (?!).
+
+2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Rubber-stamped by Tor Arne Vestbø.
+
+        Disable the JIT for the Qt build alltogether again, after observing
+        more miscompilations in a wider range of newer gcc versions.
+
+        * JavaScriptCore.pri:
+
+2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Disable the JIT for the Qt build on Linux unless gcc is >= 4.2,
+        due to miscompilations.
+
+        * JavaScriptCore.pri:
+
+2008-12-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Start porting the JIT to use the MacroAssembler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22671
+        No change in performance.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::Jump::operator X86Assembler::JmpSrc):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::and32):
+        (JSC::MacroAssembler::lshift32):
+        (JSC::MacroAssembler::rshift32):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::store32):
+        (JSC::MacroAssembler::poke):
+        (JSC::MacroAssembler::move):
+        (JSC::MacroAssembler::compareImm32ForBranchEquality):
+        (JSC::MacroAssembler::jnePtr):
+        (JSC::MacroAssembler::jnset32):
+        (JSC::MacroAssembler::jset32):
+        (JSC::MacroAssembler::jzeroSub32):
+        (JSC::MacroAssembler::joverAdd32):
+        (JSC::MacroAssembler::call):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::shll_i8r):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::compileBinaryArithOp):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::emitPutCTIArg):
+        (JSC::JIT::emitPutCTIArgConstant):
+        (JSC::JIT::emitGetCTIArg):
+        (JSC::JIT::emitPutCTIArgFromVirtualRegister):
+        (JSC::JIT::emitPutCTIParam):
+        (JSC::JIT::emitGetCTIParam):
+        (JSC::JIT::emitPutToCallFrameHeader):
+        (JSC::JIT::emitPutImmediateToCallFrameHeader):
+        (JSC::JIT::emitGetFromCallFrameHeader):
+        (JSC::JIT::emitPutVirtualRegister):
+        (JSC::JIT::emitInitRegister):
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::restoreArgumentReference):
+        (JSC::JIT::restoreArgumentReferenceForTrampoline):
+        (JSC::JIT::emitCTICall):
+        (JSC::JIT::checkStructure):
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
+        (JSC::JIT::emitFastArithDeTagImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
+        (JSC::JIT::emitFastArithImmToInt):
+        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+        (JSC::JIT::emitTagAsBoolImmediate):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByIdTransition):
+
+2008-12-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Some refactoring for generateGreedyQuantifier.
+        
+        SunSpider reports no change (possibly a 0.3% speedup).
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateGreedyQuantifier): Clarified label
+        meanings and unified some logic to simplify things.
+
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::parseAlternative): Added a version of parseAlternative
+        that can jump to a Label, instead of a JumpList, upon failure. (Eventually,
+        when we have a true Label class, this will be redundant.) This makes
+        things easier for generateGreedyQuantifier, because it can avoid
+        explicitly linking things.
+
+2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Holger Freyther.
+
+        Fix crashes in the Qt build on Linux/i386 with non-executable memory
+        by enabling TCSystemAlloc and the PROT_EXEC flag for mmap.
+
+        * JavaScriptCore.pri: Enable the use of TCSystemAlloc if the JIT is
+        enabled.
+        * wtf/TCSystemAlloc.cpp: Extend the PROT_EXEC permissions to
+        PLATFORM(QT).
+
+2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Enable ENABLE_JIT_OPTIMIZE_CALL, ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
+        and ENABLE_JIT_OPTIMIZE_ARITHMETIC, as suggested by Niko.
+
+        * JavaScriptCore.pri: 
+
+2008-12-04  Kent Hansen  <khansen@trolltech.com>
+
+        Reviewed by Simon Hausmann.
+
+        Enable the JSC jit for the Qt build by default for release builds on
+        linux-g++ and win32-msvc.
+
+        * JavaScriptCore.pri:
+
+2008-12-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Allow JIT to function without property access repatching and arithmetic optimizations.
+        Controlled by ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS and ENABLE_JIT_OPTIMIZE_ARITHMETIC switches.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22643
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp: Copied from jit/JIT.cpp.
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        * jit/JITPropertyAccess.cpp: Copied from jit/JIT.cpp.
+        (JSC::JIT::compileGetByIdHotPath):
+        (JSC::JIT::compileGetByIdSlowCase):
+        (JSC::JIT::compilePutByIdHotPath):
+        (JSC::JIT::compilePutByIdSlowCase):
+        (JSC::resizePropertyStorage):
+        (JSC::transitionWillNeedStorageRealloc):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * wtf/Platform.h:
+
+2008-12-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Optimized sequences of characters in regular expressions by comparing
+        two characters at a time.
+        
+        1-2% speedup on SunSpider, 19-25% speedup on regexp-dna.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::load32):
+        (JSC::MacroAssembler::jge32): Filled out a few more macro methods.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::movl_mr): Added a verion of movl_mr that operates
+        without an offset, to allow the macro assembler to optmize for that case.
+        
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp): Test the saved value of index
+        instead of the index register when checking for "end of input." The
+        index register doesn't increment by 1 in an orderly fashion, so testing
+        it for == "end of input" is not valid.
+        
+        Also, jump all the way to "return failure" upon reaching "end of input,"
+        instead of executing the next alternative. This is more logical, and
+        it's a slight optimization in the case of an expression with many alternatives.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateIncrementIndex): Added support for
+        jumping to a failure label in the case where the index has reached "end
+        of input."
+
+        (JSC::WREC::Generator::generatePatternCharacterSequence):
+        (JSC::WREC::Generator::generatePatternCharacterPair): This is the
+        optmization. It's basically like generatePatternCharacter, but it runs two
+        characters at a time.
+        
+        (JSC::WREC::Generator::generatePatternCharacter): Changed to use isASCII,
+        since it's clearer than comparing to a magic hex value.
+        
+        * wrec/WRECGenerator.h:
+
+2008-12-03  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Allow JIT to operate without the call-repatching optimization.
+        Controlled by ENABLE(JIT_OPTIMIZE_CALL), defaults on, disabling
+        this leads to significant performance regression.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22639
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * jit/JITCall.cpp: Copied from jit/JIT.cpp.
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallEvalSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        (JSC::unreachable):
+        * jit/JITInlineMethods.h: Copied from jit/JIT.cpp.
+        (JSC::JIT::checkStructure):
+        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
+        (JSC::JIT::emitTagAsBoolImmediate):
+        * wtf/Platform.h:
+
+2008-12-03  Eric Seidel  <eric@webkit.org>
+
+        Rubber-stamped by David Hyatt.
+
+        Make HAVE_ACCESSIBILITY only define if !defined
+
+        * wtf/Platform.h:
+
+2008-12-03  Sam Weinig  <sam@webkit.org>
+
+        Fix build.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::orl_i32r):
+
+2008-12-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove shared AssemblerBuffer 1MB buffer and instead give AssemblerBuffer
+        an 256 byte inline capacity.
+
+        1% progression on Sunspider.
+
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::AssemblerBuffer):
+        (JSC::AssemblerBuffer::~AssemblerBuffer):
+        (JSC::AssemblerBuffer::grow):
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::MacroAssembler):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::X86Assembler):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        * parser/Nodes.cpp:
+        (JSC::RegExpNode::emitBytecode):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::create):
+        * runtime/RegExp.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+        * wrec/WRECGenerator.h:
+        (JSC::WREC::Generator::Generator):
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::Parser):
+
+2008-12-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt, with help from Gavin Barraclough.
+        
+        orl_i32r was actually coded as an 8bit OR. So, I renamed orl_i32r to
+        orl_i8r, changed all orl_i32r clients to use orl_i8r, and then added
+        a new orl_i32r that actually does a 32bit OR.
+        
+        (32bit OR is currently unused, but a patch I'm working on uses it.)
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::or32): Updated to choose between 8bit and 32bit OR.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::orl_i8r): The old orl_i32r.
+        (JSC::X86Assembler::orl_i32r): The new orl_i32r.
+        
+        * jit/JIT.cpp:
+        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
+        (JSC::JIT::emitTagAsBoolImmediate): Use orl_i8r, since we're ORing 8bit
+        values.
+
+2008-12-03  Dean Jackson  <dino@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Helper functions for turn -> degrees.
+        https://bugs.webkit.org/show_bug.cgi?id=22497
+
+        * wtf/MathExtras.h:
+        (turn2deg):
+        (deg2turn):
+
+2008-12-02  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 22504: Crashes during code generation occur due to refing of ignoredResult()
+        <https://bugs.webkit.org/show_bug.cgi?id=22504>
+
+        Since ignoredResult() was implemented by casting 1 to a RegisterID*, any
+        attempt to ref ignoredResult() results in a crash. This will occur in
+        code generation of a function body where a node emits another node with
+        the dst that was passed to it, and then refs the returned RegisterID*.
+
+        To fix this problem, make ignoredResult() a member function of
+        BytecodeGenerator that simply returns a pointe to a fixed RegisterID
+        member of BytecodeGenerator.
+
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::ignoredResult):
+        * bytecompiler/RegisterID.h:
+        * parser/Nodes.cpp:
+        (JSC::NullNode::emitBytecode):
+        (JSC::BooleanNode::emitBytecode):
+        (JSC::NumberNode::emitBytecode):
+        (JSC::StringNode::emitBytecode):
+        (JSC::RegExpNode::emitBytecode):
+        (JSC::ThisNode::emitBytecode):
+        (JSC::ResolveNode::emitBytecode):
+        (JSC::ObjectLiteralNode::emitBytecode):
+        (JSC::PostfixResolveNode::emitBytecode):
+        (JSC::PostfixBracketNode::emitBytecode):
+        (JSC::PostfixDotNode::emitBytecode):
+        (JSC::DeleteValueNode::emitBytecode):
+        (JSC::VoidNode::emitBytecode):
+        (JSC::TypeOfResolveNode::emitBytecode):
+        (JSC::TypeOfValueNode::emitBytecode):
+        (JSC::PrefixResolveNode::emitBytecode):
+        (JSC::AssignResolveNode::emitBytecode):
+        (JSC::CommaNode::emitBytecode):
+        (JSC::ForNode::emitBytecode):
+        (JSC::ForInNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::ThrowNode::emitBytecode):
+        (JSC::FunctionBodyNode::emitBytecode):
+        (JSC::FuncDeclNode::emitBytecode):
+
+2008-12-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22537
+        REGRESSION (r38745): Assertion failure in jsSubstring() at ge.com
+
+        The bug was that index would become greater than length, so our
+        "end of input" checks, which all check "index == length", would fail.
+        
+        The solution is to check for end of input before incrementing index,
+        to ensure that index is always <= length.
+        
+        As a side benefit, generateJumpIfEndOfInput can now use je instead of
+        jg, which should be slightly faster.
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateJumpIfEndOfInput):
+
+2008-12-02  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Plant shift right immediate instructions, which are awesome.
+        https://bugs.webkit.org/show_bug.cgi?id=22610
+        ~5% on the v8-crypto test.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+
+2008-12-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Cleaned up SegmentedVector by abstracting segment access into helper
+        functions.
+        
+        SunSpider reports no change.
+
+        * bytecompiler/SegmentedVector.h:
+        (JSC::SegmentedVector::SegmentedVector):
+        (JSC::SegmentedVector::~SegmentedVector):
+        (JSC::SegmentedVector::size):
+        (JSC::SegmentedVector::at):
+        (JSC::SegmentedVector::operator[]):
+        (JSC::SegmentedVector::last):
+        (JSC::SegmentedVector::append):
+        (JSC::SegmentedVector::removeLast):
+        (JSC::SegmentedVector::grow):
+        (JSC::SegmentedVector::clear):
+        (JSC::SegmentedVector::deleteAllSegments):
+        (JSC::SegmentedVector::segmentFor):
+        (JSC::SegmentedVector::subscriptFor):
+        (JSC::SegmentedVector::ensureSegmentsFor):
+        (JSC::SegmentedVector::ensureSegment):
+
+2008-12-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Geoffrey Garen. (Patch by Cameron Zwarich <zwarich@apple.com>.)
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22482
+        REGRESSION (r37991): Occasionally see "Scene rendered incorrectly"
+        message when running the V8 Raytrace benchmark
+        
+        Rolled out r37991. It didn't properly save xmm0, which is caller-save,
+        before calling helper functions.
+        
+        SunSpider and v8 benchmarks show little change -- possibly a .2%
+        SunSpider regression, possibly a .2% v8 benchmark speedup.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Instruction.h:
+        (JSC::Instruction::):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitUnaryOp):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::emitToJSNumber):
+        (JSC::BytecodeGenerator::emitTypeOf):
+        (JSC::BytecodeGenerator::emitGetPropertyNames):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * parser/Nodes.cpp:
+        (JSC::UnaryOpNode::emitBytecode):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::EqualNode::emitBytecode):
+        * parser/ResultType.h:
+        (JSC::ResultType::isReusable):
+        (JSC::ResultType::mightBeNumber):
+        * runtime/JSNumberCell.h:
+
+2008-12-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove unused (sampling only, and derivable) argument to JIT::emitCTICall.
+        https://bugs.webkit.org/show_bug.cgi?id=22587
+
+        * jit/JIT.cpp:
+        (JSC::JIT::emitCTICall):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+
+2008-12-02  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Reviewed by Eric Seidel.
+        
+        Fix the inheritance chain for JSFunction.
+
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::info): Add InternalFunction::info as parent class
+
+2008-12-02  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Fix ability to include JavaScriptCore.pri from other .pro files.
+
+        * JavaScriptCore.pri: Moved -O3 setting into the .pro files.
+        * JavaScriptCore.pro:
+        * jsc.pro:
+
+2008-12-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich, with help from Gavin Barraclough.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22583.
+
+        Refactored regular expression parsing to parse sequences of characters
+        as a single unit, in preparation for optimizing sequences of characters.
+        
+        SunSpider reports no change.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wrec/Escapes.h: Added. Set of classes for representing an escaped
+        token in a pattern.
+
+        * wrec/Quantifier.h:
+        (JSC::WREC::Quantifier::Quantifier): Simplified this constructor slightly,
+        to match the new Escape constructor.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generatePatternCharacterSequence):
+        * wrec/WRECGenerator.h: Added an interface for generating a sequence
+        of pattern characters at a time. It doesn't do anything special yet.
+
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::consumeGreedyQuantifier):
+        (JSC::WREC::Parser::consumeQuantifier): Renamed "parse" to "consume" in
+        these functions, to match "consumeEscape."
+
+        (JSC::WREC::Parser::parsePatternCharacterSequence): New function for
+        iteratively aggregating a sequence of characters in a pattern.
+
+        (JSC::WREC::Parser::parseCharacterClassQuantifier):
+        (JSC::WREC::Parser::parseBackreferenceQuantifier): Renamed "parse" to
+        "consume" in these functions, to match "consumeEscape."
+
+        (JSC::WREC::Parser::parseCharacterClass): Refactored to use the common
+        escape processing code in consumeEscape.
+
+        (JSC::WREC::Parser::parseEscape): Refactored to use the common
+        escape processing code in consumeEscape.
+
+        (JSC::WREC::Parser::consumeEscape): Factored escaped token processing
+        into a common function, since we were doing this in a few places.
+
+        (JSC::WREC::Parser::parseTerm): Refactored to use the common
+        escape processing code in consumeEscape.
+
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::consumeOctal): Refactored to use a helper function
+        for reading a digit.
+
+2008-12-01  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
+        <https://bugs.webkit.org/show_bug.cgi?id=20340>
+
+        SegmentedVector currently frees segments and reallocates them when used
+        as a stack. This can lead to unsafe use of pointers into freed segments.
+
+        In order to fix this problem, SegmentedVector will be changed to only
+        grow and never shrink. Also, rename the reserveCapacity() member
+        function to grow() to match the actual usage in BytecodeGenerator, where
+        this function is used to allocate a group of registers at once, rather
+        than merely saving space for them.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): Use grow() instead of 
+        reserveCapacity().
+        * bytecompiler/SegmentedVector.h:
+        (JSC::SegmentedVector::SegmentedVector):
+        (JSC::SegmentedVector::last):
+        (JSC::SegmentedVector::append):
+        (JSC::SegmentedVector::removeLast):
+        (JSC::SegmentedVector::grow): Renamed from reserveCapacity().
+        (JSC::SegmentedVector::clear):
+
+2008-12-01  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Anders Carlsson.
+
+        Disable WREC for x86_64 since memory allocated by the system allocator is not marked executable,
+        which causes 64-bit debug builds to crash.  Once we have a dedicated allocator for executable
+        memory we can turn this back on.
+
+        * wtf/Platform.h:
+
+2008-12-01  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Restore inline buffer after vector is shrunk back below its inline capacity.
+
+        * wtf/Vector.h:
+        (WTF::):
+        (WTF::VectorBuffer::restoreInlineBufferIfNeeded):
+        (WTF::::shrinkCapacity):
+
+2008-11-30  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        Try to return free pages in the current thread cache too.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMallocStats::releaseFastMallocFreeMemory):
+
+2008-12-01  David Levin  <levin@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22567
+        Make HashTable work as expected with respect to threads. Specifically, it has class-level
+        thread safety and constant methods work on constant objects without synchronization.
+        
+        No observable change in behavior, so no test. This only affects debug builds.
+
+        * wtf/HashTable.cpp:
+        (WTF::hashTableStatsMutex):
+        (WTF::HashTableStats::~HashTableStats):
+        (WTF::HashTableStats::recordCollisionAtCount):
+        Guarded variable access with a mutex.
+
+        * wtf/HashTable.h:
+        (WTF::::lookup):
+        (WTF::::lookupForWriting):
+        (WTF::::fullLookupForWriting):
+        (WTF::::add):
+        (WTF::::reinsert):
+        (WTF::::remove):
+        (WTF::::rehash):
+        Changed increments of static variables to use atomicIncrement.
+
+        (WTF::::invalidateIterators):
+        (WTF::addIterator):
+        (WTF::removeIterator):
+        Guarded mutable access with a mutex.
+
+2008-11-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Enable WREC on PLATFORM(X86_64).  This change predominantly requires changes to the
+        WREC::Generator::generateEnter method to support the x86-64 ABI, and addition of
+        support for a limited number of quadword operations in the X86Assembler.
+
+        This patch will cause the JS heap to be allocated with RWX permissions on 64-bit Mac
+        platforms.  This is a regression with respect to previous 64-bit behaviour, but is no
+        more permissive than on 32-bit builds.  This issue should be addressed at some point.
+        (This is tracked by bug #21783.)
+
+        https://bugs.webkit.org/show_bug.cgi?id=22554
+        Greater than 4x speedup on regexp-dna, on x86-64.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::addPtr):
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::pop):
+        (JSC::MacroAssembler::push):
+        (JSC::MacroAssembler::move):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::movq_rr):
+        (JSC::X86Assembler::addl_i8m):
+        (JSC::X86Assembler::addl_i32r):
+        (JSC::X86Assembler::addq_i8r):
+        (JSC::X86Assembler::addq_i32r):
+        (JSC::X86Assembler::movq_mr):
+        (JSC::X86Assembler::movq_rm):
+        * wrec/WREC.h:
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateReturnSuccess):
+        (JSC::WREC::Generator::generateReturnFailure):
+        * wtf/Platform.h:
+        * wtf/TCSystemAlloc.cpp:
+
+2008-12-01  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Preliminary work for bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
+        <https://bugs.webkit.org/show_bug.cgi?id=20340>
+
+        SegmentedVector currently frees segments and reallocates them when used
+        as a stack. This can lead to unsafe use of pointers into freed segments.
+
+        In order to fix this problem, SegmentedVector will be changed to only
+        grow and never shrink, with the sole exception of clearing all of its
+        data, a capability that is required by Lexer. This patch changes the
+        public interface to only allow for these capabilities.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator): Use reserveCapacity()
+        instead of resize() for m_globals and m_parameters.
+        * bytecompiler/SegmentedVector.h:
+        (JSC::SegmentedVector::resize): Removed.
+        (JSC::SegmentedVector::reserveCapacity): Added.
+        (JSC::SegmentedVector::clear): Added.
+        (JSC::SegmentedVector::shrink): Removed.
+        (JSC::SegmentedVector::grow): Removed.
+        * parser/Lexer.cpp:
+        (JSC::Lexer::clear): Use clear() instead of resize(0).
+
+2008-11-30  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Renames jumps to m_jumps in JumpList.
+
+        * assembler/MacroAssembler.h:
+        (JSC::MacroAssembler::JumpList::link):
+        (JSC::MacroAssembler::JumpList::linkTo):
+        (JSC::MacroAssembler::JumpList::append):
+
+2008-11-30  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22557
+        
+        Report free size in central and thread caches too.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMallocStats::fastMallocStatistics):
+        * wtf/FastMalloc.h:
+
+2008-11-29  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Dan Bernstein.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22557
+        Add statistics for JavaScript GC heap.
+
+        * JavaScriptCore.exp:
+        * runtime/Collector.cpp:
+        (JSC::Heap::objectCount):
+        (JSC::addToStatistics):
+        (JSC::Heap::statistics):
+        * runtime/Collector.h:
+
+2008-11-29  Antti Koivisto  <antti@apple.com>
+
+        Fix debug build by adding a stub method.
+
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocStatistics):
+
+2008-11-29  Antti Koivisto  <antti@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22557
+        
+        Add function for getting basic statistics from FastMalloc.
+
+        * JavaScriptCore.exp:
+        * wtf/FastMalloc.cpp:
+        (WTF::DLL_Length):
+        (WTF::TCMalloc_PageHeap::ReturnedBytes):
+        (WTF::TCMallocStats::fastMallocStatistics):
+        * wtf/FastMalloc.h:
+
+2008-11-29  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        The C++ standard does not automatically grant the friendships of an
+        enclosing class to its nested subclasses, so we should do so explicitly.
+        This fixes the GCC 4.0 build, although both GCC 4.2 and Visual C++ 2005
+        accept the incorrect code as it is.
+
+        * assembler/MacroAssembler.h:
+
+2008-11-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Add the class MacroAssembler to provide some abstraction of code generation,
+        and change WREC to make use of this class, rather than directly accessing
+        the X86Assembler.
+
+        This patch also allows WREC to be compiled without the rest of the JIT enabled.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/MacroAssembler.h: Added.
+        (JSC::MacroAssembler::):
+        (JSC::MacroAssembler::MacroAssembler):
+        (JSC::MacroAssembler::copyCode):
+        (JSC::MacroAssembler::Address::Address):
+        (JSC::MacroAssembler::ImplicitAddress::ImplicitAddress):
+        (JSC::MacroAssembler::BaseIndex::BaseIndex):
+        (JSC::MacroAssembler::Label::Label):
+        (JSC::MacroAssembler::Jump::Jump):
+        (JSC::MacroAssembler::Jump::link):
+        (JSC::MacroAssembler::Jump::linkTo):
+        (JSC::MacroAssembler::JumpList::link):
+        (JSC::MacroAssembler::JumpList::linkTo):
+        (JSC::MacroAssembler::JumpList::append):
+        (JSC::MacroAssembler::Imm32::Imm32):
+        (JSC::MacroAssembler::add32):
+        (JSC::MacroAssembler::or32):
+        (JSC::MacroAssembler::sub32):
+        (JSC::MacroAssembler::loadPtr):
+        (JSC::MacroAssembler::load32):
+        (JSC::MacroAssembler::load16):
+        (JSC::MacroAssembler::storePtr):
+        (JSC::MacroAssembler::store32):
+        (JSC::MacroAssembler::pop):
+        (JSC::MacroAssembler::push):
+        (JSC::MacroAssembler::peek):
+        (JSC::MacroAssembler::poke):
+        (JSC::MacroAssembler::move):
+        (JSC::MacroAssembler::compareImm32ForBranch):
+        (JSC::MacroAssembler::compareImm32ForBranchEquality):
+        (JSC::MacroAssembler::jae32):
+        (JSC::MacroAssembler::je32):
+        (JSC::MacroAssembler::je16):
+        (JSC::MacroAssembler::jg32):
+        (JSC::MacroAssembler::jge32):
+        (JSC::MacroAssembler::jl32):
+        (JSC::MacroAssembler::jle32):
+        (JSC::MacroAssembler::jne32):
+        (JSC::MacroAssembler::jump):
+        (JSC::MacroAssembler::breakpoint):
+        (JSC::MacroAssembler::ret):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::cmpw_rm):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::Interpreter):
+        * interpreter/Interpreter.h:
+        (JSC::Interpreter::assemblerBuffer):
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        * wrec/WREC.cpp:
+        (JSC::WREC::Generator::compileRegExp):
+        * wrec/WREC.h:
+        * wrec/WRECFunctors.cpp:
+        (JSC::WREC::GeneratePatternCharacterFunctor::generateAtom):
+        (JSC::WREC::GenerateCharacterClassFunctor::generateAtom):
+        (JSC::WREC::GenerateBackreferenceFunctor::generateAtom):
+        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
+        * wrec/WRECFunctors.h:
+        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateReturnSuccess):
+        (JSC::WREC::Generator::generateSaveIndex):
+        (JSC::WREC::Generator::generateIncrementIndex):
+        (JSC::WREC::Generator::generateLoadCharacter):
+        (JSC::WREC::Generator::generateJumpIfEndOfInput):
+        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
+        (JSC::WREC::Generator::generateReturnFailure):
+        (JSC::WREC::Generator::generateBacktrack1):
+        (JSC::WREC::Generator::generateBacktrackBackreference):
+        (JSC::WREC::Generator::generateBackreferenceQuantifier):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateParentheses):
+        (JSC::WREC::Generator::generateParenthesesNonGreedy):
+        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::generateBackreference):
+        (JSC::WREC::Generator::terminateAlternative):
+        (JSC::WREC::Generator::terminateDisjunction):
+        * wrec/WRECGenerator.h:
+        (JSC::WREC::Generator::Generator):
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parsePatternCharacterQualifier):
+        (JSC::WREC::Parser::parseCharacterClassQuantifier):
+        (JSC::WREC::Parser::parseBackreferenceQuantifier):
+        (JSC::WREC::Parser::parseParentheses):
+        (JSC::WREC::Parser::parseCharacterClass):
+        (JSC::WREC::Parser::parseOctalEscape):
+        (JSC::WREC::Parser::parseEscape):
+        (JSC::WREC::Parser::parseTerm):
+        (JSC::WREC::Parser::parseDisjunction):
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::Parser):
+        (JSC::WREC::Parser::parsePattern):
+        (JSC::WREC::Parser::parseAlternative):
+        * wtf/Platform.h:
+
+2008-11-28  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Tor Arne Vestbø.
+
+        Fix compilation on Windows CE
+
+        Port away from the use of errno after calling strtol(), instead
+        detect conversion errors by checking the result and the stop
+        position.
+
+        * runtime/DateMath.cpp:
+        (JSC::parseLong):
+        (JSC::parseDate):
+
+2008-11-28  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Simon Hausmann.
+
+        Implement lowResUTCTime() on Windows CE using GetSystemTime as _ftime() is not available.
+
+        * runtime/DateMath.cpp:
+        (JSC::lowResUTCTime):
+
+2008-11-28  Simon Hausmann  <hausmann@webkit.org>
+
+        Rubber-stamped by Tor Arne Vestbø.
+
+        Removed unnecessary inclusion of errno.h, which also fixes compilation on Windows CE.
+
+        * runtime/JSGlobalObjectFunctions.cpp:
+
+2008-11-27  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        r38825 made JSFunction::m_body private, but some inspector code in
+        WebCore sets the field. Add setters for it.
+
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::setBody):
+
+2008-11-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix FIXME by adding accessor for JSFunction's m_body property.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        * profiler/Profiler.cpp:
+        (JSC::createCallIdentifierFromFunctionImp):
+        * runtime/Arguments.h:
+        (JSC::Arguments::getArgumentsData):
+        (JSC::Arguments::Arguments):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::body):
+
+2008-11-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Remove unused member variables from ProgramNode.
+
+        * parser/Nodes.h:
+
+2008-11-27  Brent Fulgham  <bfulgham@gmail.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Enable mouse panning feaure on Windows Cairo build.
+        See http://bugs.webkit.org/show_bug.cgi?id=22525
+
+        * wtf/Platform.h: Enable mouse panning feaure on Windows Cairo build.
+
+2008-11-27  Alp Toker  <alp@nuanti.com>
+
+        Change recently introduced C++ comments in Platform.h to C comments to
+        fix the minidom build with traditional C.
+
+        Build GtkLauncher and minidom with the '-ansi' compiler flag to detect
+        API header breakage at build time.
+
+        * GNUmakefile.am:
+        * wtf/Platform.h:
+
+2008-11-27  Alp Toker  <alp@nuanti.com>
+
+        Remove C++ comment from JavaScriptCore API headers (introduced r35449).
+        Fixes build for ANSI C applications using the public API.
+
+        * API/WebKitAvailability.h:
+
+2008-11-26  Eric Seidel  <eric@webkit.org>
+
+        No review, build fix only.
+
+        Fix the JSC Chromium Mac build by adding JavaScriptCore/icu into the include path
+
+        * JavaScriptCore.scons:
+
+2008-11-25  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove the unused member function JSFunction::getParameterName().
+
+        * runtime/JSFunction.cpp:
+        * runtime/JSFunction.h:
+
+2008-11-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Polymorpic caching for get by id chain.  Similar to the polymorphic caching already implemented
+        for self and proto accesses (implemented by allowing multiple trampolines to be JIT genertaed,
+        and linked together) - the get by id chain caching is implemented as a genericization of the
+        proto list caching, allowing cached access lists to contain a mix of proto and proto chain
+        accesses (since in JS style inheritance hierarchies you may commonly see a mix of properties
+        being overridden on the direct prototype, or higher up its prototype chain).
+
+        In order to allow this patch to compile there is a fix to appease gcc 4.2 compiler issues
+        (removing the jumps between fall-through cases in privateExecute).
+        
+        This patch also removes redundant immediate checking from the reptach code, and fixes a related
+        memory leak (failure to deallocate trampolines). 
+
+        ~2% progression on v8 tests (bulk on the win on deltablue)
+
+        * bytecode/Instruction.h:
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::):
+        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
+        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
+        (JSC::PolymorphicAccessStructureList::derefStructures):
+        * interpreter/Interpreter.cpp:
+        (JSC::countPrototypeChainEntriesAndCheckForProxies):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::getPolymorphicAccessStructureListSlot):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChainList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdChainList):
+
+2008-11-25  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Move the collect() call in Heap::heapAllocate() that is conditionally
+        compiled under COLLECT_ON_EVERY_ALLOCATION so that it is before we get
+        information about the heap. This was causing assertion failures for me
+        while I was reducing a bug.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::heapAllocate):
+
+2008-11-24  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 13790: Function declarations are not treated as statements (used to affect starcraft2.com)
+        <https://bugs.webkit.org/show_bug.cgi?id=13790>
+
+        Modify the parser to treat function declarations as statements,
+        simplifying the grammar in the process. Technically, according to the
+        grammar in the ECMA spec, function declarations are not statements and
+        can not be used everywhere that statements can, but it is not worth the
+        possibility compatibility issues just to stick to the spec in this case.
+
+        * parser/Grammar.y:
+        * parser/Nodes.cpp:
+        (JSC::FuncDeclNode::emitBytecode): Avoid returning ignoredResult()
+        as a result, because it causes a crash in DoWhileNode::emitBytecode().
+
+2008-11-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Unroll the regexp matching loop by 1. 10% speedup on simple matching
+        stress test. No change on SunSpider.
+        
+        (I decided not to unroll to arbitrary levels because the returns diminsh
+        quickly.)
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateJumpIfEndOfInput):
+        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
+        * wrec/WRECGenerator.h:
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::error):
+        (JSC::WREC::Parser::parsePattern):
+
+2008-11-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed some unnecessary "Generator::" prefixes.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateReturnSuccess):
+        (JSC::WREC::Generator::generateSaveIndex):
+        (JSC::WREC::Generator::generateIncrementIndex):
+        (JSC::WREC::Generator::generateLoopIfNotEndOfInput):
+        (JSC::WREC::Generator::generateReturnFailure):
+
+2008-11-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Made a bunch of WREC::Parser functions private, and added an explicit
+        "reset()" function, so a parser can be reused.
+
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::Parser):
+        (JSC::WREC::Parser::generator):
+        (JSC::WREC::Parser::ignoreCase):
+        (JSC::WREC::Parser::multiline):
+        (JSC::WREC::Parser::recordSubpattern):
+        (JSC::WREC::Parser::numSubpatterns):
+        (JSC::WREC::Parser::parsePattern):
+        (JSC::WREC::Parser::parseAlternative):
+        (JSC::WREC::Parser::reset):
+
+2008-11-24  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Implement repatching for get by id chain.
+        Previously the access is performed in a function stub, in the repatch form
+        the trampoline is not called to; instead the hot path is relinked to jump
+        directly to the trampoline, if it fails it will jump to the slow case.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22449
+        3% progression on deltablue.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2008-11-24  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Simon Hausmann.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20746
+
+        Various small compilation fixes to make the Qt port of WebKit
+        compile on Windows CE.
+
+        * config.h: Don't set _CRT_RAND_S for CE, it's not available.
+        * jsc.cpp: Disabled use of debugger includes for CE. It
+          does not have the debugging functions.
+        * runtime/DateMath.cpp: Use localtime() on Windows CE.
+        * wtf/Assertions.cpp: Compile on Windows CE without debugger.
+        * wtf/Assertions.h: Include windows.h before defining ASSERT.
+        * wtf/MathExtras.h: Include stdlib.h instead of xmath.h.
+        * wtf/Platform.h: Disable ERRNO_H and detect endianess based
+          on the Qt endianess. On Qt for Windows CE the endianess is
+          defined by the vendor specific build spec.
+        * wtf/Threading.h: Use the volatile-less atomic functions.
+        * wtf/dtoa.cpp: Compile without errno.
+        * wtf/win/MainThreadWin.cpp: Don't include windows.h on CE after
+        Assertions.h due to the redefinition of ASSERT.
+
+2008-11-22  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Replace accidentally deleted immediate check from get by id chain trampoline.
+        https://bugs.webkit.org/show_bug.cgi?id=22413
+
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileGetByIdChain):
+
+2008-11-21  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Add (really) polymorphic caching for get by id self.
+        Very similar to caching of prototype accesses, described below.
+
+        Oh, also, probably shouldn't have been leaking those structure list objects.
+        
+        4% preogression on deltablue.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::derefStructures):
+        (JSC::PrototypeStructureList::derefStructures):
+        * bytecode/Instruction.h:
+        * bytecode/Opcode.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileGetByIdSelfList):
+        (JSC::JIT::patchGetByIdSelf):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdSelfList):
+
+2008-11-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed many crashes seen 'round the world (but only in release builds).
+        
+        Update outputParameter offset to reflect slight re-ordering of push
+        instructions in r38669.
+
+        * wrec/WRECGenerator.cpp:
+
+2008-11-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A little more RegExp refactoring.
+        
+        Deployed a helper function for reading the next character. Used the "link
+        vector of jumps" helper in a place I missed before.
+
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateLoadCharacter):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        * wrec/WRECGenerator.h:
+
+2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22402
+        Replace abort() with CRASH()
+
+        * wtf/Assertions.h: Added a different method to crash, which should work even is 0xbbadbeef
+        is a valid memory address.
+
+        * runtime/Collector.cpp:
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/TCSpinLock.h:
+        Replace abort() with CRASH().
+
+2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reverted fix for bug 22042 (Replace abort() with CRASH()), because it was breaking
+        FOR_EACH_OPCODE_ID macro somehow, making Safari crash.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::heapAllocate):
+        (JSC::Heap::collect):
+        * wtf/Assertions.h:
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMalloc):
+        (WTF::fastCalloc):
+        (WTF::fastRealloc):
+        (WTF::InitSizeClasses):
+        (WTF::PageHeapAllocator::New):
+        (WTF::TCMallocStats::do_malloc):
+        * wtf/FastMalloc.h:
+        * wtf/TCSpinLock.h:
+        (TCMalloc_SpinLock::Init):
+        (TCMalloc_SpinLock::Finalize):
+        (TCMalloc_SpinLock::Lock):
+        (TCMalloc_SpinLock::Unlock):
+
+2008-11-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A little more RegExp refactoring.
+        
+        Moved all assembly from WREC.cpp into WRECGenerator helper functions.
+        This should help with portability and readability.
+        
+        Removed ASSERTs after calls to executableCopy(), and changed
+        executableCopy() to ASSERT instead.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::executableCopy):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateEnter):
+        (JSC::WREC::Generator::generateReturnSuccess):
+        (JSC::WREC::Generator::generateSaveIndex):
+        (JSC::WREC::Generator::generateIncrementIndex):
+        (JSC::WREC::Generator::generateLoopIfNotEndOfInput):
+        (JSC::WREC::Generator::generateReturnFailure):
+        * wrec/WRECGenerator.h:
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::ignoreCase):
+        (JSC::WREC::Parser::generator):
+
+2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * wtf/Assertions.h: Use ::abort for C++ code.
+
+2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22402
+        Replace abort() with CRASH()
+
+        * wtf/Assertions.h: Added abort() after an attempt to crash for extra safety.
+
+        * runtime/Collector.cpp:
+        * wtf/FastMalloc.cpp:
+        * wtf/FastMalloc.h:
+        * wtf/TCSpinLock.h:
+        Replace abort() with CRASH().
+
+2008-11-21  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed wrec => generator.
+
+        * wrec/WRECFunctors.cpp:
+        (JSC::WREC::GeneratePatternCharacterFunctor::generateAtom):
+        (JSC::WREC::GeneratePatternCharacterFunctor::backtrack):
+        (JSC::WREC::GenerateCharacterClassFunctor::generateAtom):
+        (JSC::WREC::GenerateCharacterClassFunctor::backtrack):
+        (JSC::WREC::GenerateBackreferenceFunctor::generateAtom):
+        (JSC::WREC::GenerateBackreferenceFunctor::backtrack):
+        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
+
+2008-11-19  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Add support for (really) polymorphic caching of prototype accesses.
+        
+        If a cached prototype access misses, cti_op_get_by_id_proto_list is called.
+        When this occurs the Structure pointers from the instruction stream are copied
+        off into a new ProtoStubInfo object.  A second prototype access trampoline is
+        generated, and chained onto the first.  Subsequent missed call to
+        cti_op_get_by_id_proto_list_append, which append futher new trampolines, up to
+        PROTOTYPE_LIST_CACHE_SIZE (currently 4).  If any of the misses result in an
+        access other than to a direct prototype property, list formation is halted (or
+        for the initial miss, does not take place at all).
+
+        Separate fail case functions are provided for each access since this contributes
+        to the performance progression (enables better processor branch prediction).
+
+        Overall this is a near 5% progression on v8, with around 10% wins on richards
+        and deltablue.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::derefStructures):
+        * bytecode/Instruction.h:
+        (JSC::ProtoStructureList::ProtoStubInfo::set):
+        (JSC::ProtoStructureList::ProtoStructureList):
+        (JSC::Instruction::Instruction):
+        (JSC::Instruction::):
+        * bytecode/Opcode.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id_self_fail):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list_append):
+        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
+        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
+        (JSC::Interpreter::cti_op_get_by_id_chain_fail):
+        (JSC::Interpreter::cti_op_get_by_id_array_fail):
+        (JSC::Interpreter::cti_op_get_by_id_string_fail):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdProtoList):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * jit/JIT.h:
+        (JSC::JIT::compileGetByIdProtoList):
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Try and fix the tiger build.
+
+        * parser/Grammar.y:
+
+2008-11-20  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Make JavaScriptCore Chromium build under Windows (cmd only, cygwin almost works)
+        https://bugs.webkit.org/show_bug.cgi?id=22347
+
+        * JavaScriptCore.scons:
+        * parser/Parser.cpp: Add using std::auto_ptr since we use auto_ptr
+
+2008-11-20  Steve Falkenburg  <sfalken@apple.com>
+
+        Fix build.
+        
+        Reviewed by Sam Weinig.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::reparse):
+
+2008-11-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        A little more RegExp refactoring.
+        
+        Created a helper function in the assembler for linking a vector of
+        JmpSrc to a location, and deployed it in a bunch of places.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::link):
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateParentheses):
+        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::terminateAlternative):
+        (JSC::WREC::Generator::terminateDisjunction):
+        * wrec/WRECParser.cpp:
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::consumeHex):
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Fix non-mac builds.
+
+        * parser/Lexer.cpp:
+        * parser/Parser.cpp:
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=22385
+        <rdar://problem/6390179>
+        Lazily reparse FunctionBodyNodes on first execution.
+
+        - Saves 57MB on Membuster head.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate): Remove vector shrinking since this is now
+        handled by destroying the ScopeNodeData after generation.
+
+        * parser/Grammar.y: Add alternate NoNode version of the grammar
+        that does not create nodes.  This is used to lazily create FunctionBodyNodes
+        on first execution.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::setCode): Fix bug where on reparse, the Lexer was confused about
+        what position and length meant. Position is the current position in the original
+        data buffer (important for getting correct line/column information) and length
+        the end offset in the original buffer.
+        * parser/Lexer.h:
+        (JSC::Lexer::sourceCode): Positions are relative to the beginning of the buffer.
+
+        * parser/Nodes.cpp:
+        (JSC::ScopeNodeData::ScopeNodeData): Move initialization of ScopeNode data here.
+        (JSC::ScopeNode::ScopeNode): Add constructor that only sets the JSGlobalData
+        for FunctionBodyNode stubs.
+        (JSC::ScopeNode::~ScopeNode): Release m_children now that we don't inherit from
+        BlockNode.
+        (JSC::ScopeNode::releaseNodes): Ditto.
+        (JSC::EvalNode::generateBytecode): Only shrink m_children, as we need to keep around
+        the rest of the data.
+        (JSC::FunctionBodyNode::FunctionBodyNode): Add constructor that only sets the
+        JSGlobalData. 
+        (JSC::FunctionBodyNode::create): Ditto.
+        (JSC::FunctionBodyNode::generateBytecode): If we don't have the data, do a reparse
+        to construct it. Then after generation, destroy the data.
+        (JSC::ProgramNode::generateBytecode): After generation, destroy the AST data.
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::): Add isFuncExprNode for FunctionConstructor.
+        (JSC::StatementNode::): Add isExprStatementNode for FunctionConstructor.
+        (JSC::ExprStatementNode::): Ditto.
+        (JSC::ExprStatementNode::expr): Add accessor for FunctionConstructor.
+        (JSC::FuncExprNode::): Add isFuncExprNode for FunctionConstructor
+
+        (JSC::ScopeNode::adoptData): Adopts a ScopeNodeData.
+        (JSC::ScopeNode::data): Accessor for ScopeNodeData.
+        (JSC::ScopeNode::destroyData): Deletes the ScopeNodeData.
+        (JSC::ScopeNode::setFeatures): Added.
+        (JSC::ScopeNode::varStack): Added assert.
+        (JSC::ScopeNode::functionStack): Ditto.
+        (JSC::ScopeNode::children): Ditto.
+        (JSC::ScopeNode::neededConstants): Ditto.
+        Factor m_varStack, m_functionStack, m_children and m_numConstants into ScopeNodeData.
+
+        * parser/Parser.cpp:
+        (JSC::Parser::reparse): Reparse the SourceCode in the FunctionBodyNode and set
+        set up the ScopeNodeData for it. 
+        * parser/Parser.h:
+
+        * parser/SourceCode.h:
+        (JSC::SourceCode::endOffset): Added for use in the lexer.
+
+        * runtime/FunctionConstructor.cpp:
+        (JSC::getFunctionBody): Assuming a ProgramNode with one FunctionExpression in it,
+        get the FunctionBodyNode.  Any issues signifies a parse failure in constructFunction. 
+        (JSC::constructFunction): Make parsing functions in the form new Function(""), easier
+        by concatenating the strings together (with some glue) and parsing the function expression
+        as a ProgramNode from which we can receive the FunctionBodyNode. This has the added benefit
+        of not having special parsing code for the arguments and lazily constructing the 
+        FunctionBodyNode's AST on first execution.
+
+        * runtime/Identifier.h:
+        (JSC::operator!=): Added.
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Speedup the lexer to offset coming re-parsing patch.
+
+        - .6% progression on Sunspider.
+
+        * bytecompiler/SegmentedVector.h:
+        (JSC::SegmentedVector::shrink): Fixed bug where m_size would not be
+        set when shrinking to 0.
+
+        * parser/Lexer.cpp:
+        (JSC::Lexer::Lexer):
+        (JSC::Lexer::isIdentStart): Use isASCIIAlpha and isASCII to avoid going into ICU in the common cases.
+        (JSC::Lexer::isIdentPart): Use isASCIIAlphanumeric and isASCII to avoid going into ICU in the common cases
+        (JSC::isDecimalDigit): Use version in ASCIICType.h. Inlining it was a regression.
+        (JSC::Lexer::isHexDigit): Ditto.
+        (JSC::Lexer::isOctalDigit): Ditto.
+        (JSC::Lexer::clear): Resize the m_identifiers SegmentedVector to initial
+        capacity
+        * parser/Lexer.h: Remove unused m_strings vector. Make m_identifiers
+        a SegmentedVector<Identifier> to avoid allocating a new Identifier* for
+        each identifier found.  The SegmentedVector is need so we can passes 
+        references to the Identifier to the parser, which remain valid even when
+        the vector is resized.
+        (JSC::Lexer::makeIdentifier): Inline and return a reference to the added
+        Identifier.
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Add isASCII to ASCIICType.  Use coming soon!
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCII):
+
+2008-11-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Add OwnPtr constructor and OwnPtr::adopt that take an auto_ptr.
+
+        * wtf/OwnPtr.h:
+        (WTF::OwnPtr::OwnPtr):
+        (WTF::OwnPtr::adopt):
+
+2008-11-20  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22364
+        Crashes seen on Tiger buildbots due to worker threads exhausting pthread keys
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::Heap):
+        (JSC::Heap::destroy):
+        (JSC::Heap::makeUsableFromMultipleThreads):
+        (JSC::Heap::registerThread):
+        * runtime/Collector.h:
+        Pthread key for tracking threads is only created on request now, because this is a limited
+        resource, and thread tracking is not needed for worker heaps, or for WebCore heap.
+
+        * API/JSContextRef.cpp: (JSGlobalContextCreateInGroup): Call makeUsableFromMultipleThreads().
+
+        * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::sharedInstance): Ditto.
+
+        * runtime/JSGlobalData.h: (JSC::JSGlobalData::makeUsableFromMultipleThreads): Just forward
+        the call to Heap, which clients need not know about, ideally.
+
+2008-11-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A little more WREC refactoring.
+        
+        Removed the "Register" suffix from register names in WREC, and renamed:
+            currentPosition => index
+            currentValue => character
+            quantifierCount => repeatCount
+            
+        Added a top-level parsePattern function to the WREC parser, which
+        allowed me to remove the error() and atEndOfPattern() accessors.
+        
+        Factored out an MSVC customization into a constant.
+        
+        Renamed nextLabel => beginPattern.
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateBacktrack1):
+        (JSC::WREC::Generator::generateBacktrackBackreference):
+        (JSC::WREC::Generator::generateBackreferenceQuantifier):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateParentheses):
+        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::generateBackreference):
+        (JSC::WREC::Generator::generateDisjunction):
+        (JSC::WREC::Generator::terminateDisjunction):
+        * wrec/WRECGenerator.h:
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::parsePattern):
+
+2008-11-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22361
+        A little more RegExp refactoring.
+        
+        Consistently named variables holding the starting position at which
+        regexp matching should begin to "startOffset".
+        
+        A few more "regExpObject" => "regExpConstructor" changes.
+        
+        Refactored RegExpObject::match for clarity, and replaced a slow "get"
+        of the "global" property with a fast access to the global bit.
+        
+        Made the error message you see when RegExpObject::match has no input a
+        little more informative, as in Firefox.
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::match):
+        * runtime/RegExp.h:
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::match):
+        * runtime/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+
+2008-11-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        A little more refactoring.
+        
+        Removed the "emit" and "emitUnlinked" prefixes from the assembler.
+        
+        Moved the JmpSrc and JmpDst class definitions to the top of the X86
+        assembler class, in accordance with WebKit style guidelines.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::JmpSrc::JmpSrc):
+        (JSC::X86Assembler::JmpDst::JmpDst):
+        (JSC::X86Assembler::int3):
+        (JSC::X86Assembler::pushl_m):
+        (JSC::X86Assembler::popl_m):
+        (JSC::X86Assembler::movl_rr):
+        (JSC::X86Assembler::addl_rr):
+        (JSC::X86Assembler::addl_i8r):
+        (JSC::X86Assembler::addl_i8m):
+        (JSC::X86Assembler::addl_i32r):
+        (JSC::X86Assembler::addl_mr):
+        (JSC::X86Assembler::andl_rr):
+        (JSC::X86Assembler::andl_i32r):
+        (JSC::X86Assembler::cmpl_i8r):
+        (JSC::X86Assembler::cmpl_rr):
+        (JSC::X86Assembler::cmpl_rm):
+        (JSC::X86Assembler::cmpl_mr):
+        (JSC::X86Assembler::cmpl_i32r):
+        (JSC::X86Assembler::cmpl_i32m):
+        (JSC::X86Assembler::cmpl_i8m):
+        (JSC::X86Assembler::cmpw_rm):
+        (JSC::X86Assembler::orl_rr):
+        (JSC::X86Assembler::orl_mr):
+        (JSC::X86Assembler::orl_i32r):
+        (JSC::X86Assembler::subl_rr):
+        (JSC::X86Assembler::subl_i8r):
+        (JSC::X86Assembler::subl_i8m):
+        (JSC::X86Assembler::subl_i32r):
+        (JSC::X86Assembler::subl_mr):
+        (JSC::X86Assembler::testl_i32r):
+        (JSC::X86Assembler::testl_i32m):
+        (JSC::X86Assembler::testl_rr):
+        (JSC::X86Assembler::xorl_i8r):
+        (JSC::X86Assembler::xorl_rr):
+        (JSC::X86Assembler::sarl_i8r):
+        (JSC::X86Assembler::sarl_CLr):
+        (JSC::X86Assembler::shl_i8r):
+        (JSC::X86Assembler::shll_CLr):
+        (JSC::X86Assembler::imull_rr):
+        (JSC::X86Assembler::imull_i32r):
+        (JSC::X86Assembler::idivl_r):
+        (JSC::X86Assembler::negl_r):
+        (JSC::X86Assembler::movl_mr):
+        (JSC::X86Assembler::movzbl_rr):
+        (JSC::X86Assembler::movzwl_mr):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::movl_i32r):
+        (JSC::X86Assembler::movl_i32m):
+        (JSC::X86Assembler::leal_mr):
+        (JSC::X86Assembler::jmp_r):
+        (JSC::X86Assembler::jmp_m):
+        (JSC::X86Assembler::movsd_mr):
+        (JSC::X86Assembler::xorpd_mr):
+        (JSC::X86Assembler::movsd_rm):
+        (JSC::X86Assembler::movd_rr):
+        (JSC::X86Assembler::cvtsi2sd_rr):
+        (JSC::X86Assembler::cvttsd2si_rr):
+        (JSC::X86Assembler::addsd_mr):
+        (JSC::X86Assembler::subsd_mr):
+        (JSC::X86Assembler::mulsd_mr):
+        (JSC::X86Assembler::addsd_rr):
+        (JSC::X86Assembler::subsd_rr):
+        (JSC::X86Assembler::mulsd_rr):
+        (JSC::X86Assembler::ucomis_rr):
+        (JSC::X86Assembler::pextrw_irr):
+        (JSC::X86Assembler::call):
+        (JSC::X86Assembler::jmp):
+        (JSC::X86Assembler::jne):
+        (JSC::X86Assembler::jnz):
+        (JSC::X86Assembler::je):
+        (JSC::X86Assembler::jl):
+        (JSC::X86Assembler::jb):
+        (JSC::X86Assembler::jle):
+        (JSC::X86Assembler::jbe):
+        (JSC::X86Assembler::jge):
+        (JSC::X86Assembler::jg):
+        (JSC::X86Assembler::ja):
+        (JSC::X86Assembler::jae):
+        (JSC::X86Assembler::jo):
+        (JSC::X86Assembler::jp):
+        (JSC::X86Assembler::js):
+        (JSC::X86Assembler::predictNotTaken):
+        (JSC::X86Assembler::convertToFastCall):
+        (JSC::X86Assembler::restoreArgumentReference):
+        (JSC::X86Assembler::restoreArgumentReferenceForTrampoline):
+        (JSC::X86Assembler::modRm_rr):
+        (JSC::X86Assembler::modRm_rr_Unchecked):
+        (JSC::X86Assembler::modRm_rm):
+        (JSC::X86Assembler::modRm_rm_Unchecked):
+        (JSC::X86Assembler::modRm_rmsib):
+        (JSC::X86Assembler::modRm_opr):
+        (JSC::X86Assembler::modRm_opr_Unchecked):
+        (JSC::X86Assembler::modRm_opm):
+        (JSC::X86Assembler::modRm_opm_Unchecked):
+        (JSC::X86Assembler::modRm_opmsib):
+        * jit/JIT.cpp:
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::emitNakedFastCall):
+        (JSC::JIT::emitCTICall):
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
+        (JSC::JIT::emitArithIntToImmWithJump):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECGenerator.cpp:
+        (JSC::WREC::Generator::generateBackreferenceQuantifier):
+        (JSC::WREC::Generator::generateNonGreedyQuantifier):
+        (JSC::WREC::Generator::generateGreedyQuantifier):
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateParentheses):
+        (JSC::WREC::Generator::generateParenthesesNonGreedy):
+        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        (JSC::WREC::Generator::generateBackreference):
+        (JSC::WREC::Generator::generateDisjunction):
+
+2008-11-19  Simon Hausmann  <hausmann@webkit.org>
+
+        Sun CC build fix, removed trailing comman for last enum value.
+
+        * wtf/unicode/qt4/UnicodeQt4.h:
+        (WTF::Unicode::):
+
+2008-11-19  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Expand the workaround for Apple GCC compiler bug <rdar://problem/6354696> to all versions of GCC 4.0.1.
+        It has been observed with builds 5465 (Xcode 3.0) and 5484 (Xcode 3.1), and there is no evidence
+        that it has been fixed in newer builds of GCC 4.0.1.
+
+        This addresses <https://bugs.webkit.org/show_bug.cgi?id=22351> (WebKit nightly crashes on launch on 10.4.11).
+
+        * wtf/StdLibExtras.h:
+
+2008-11-18  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak and Geoff Garen.
+
+        Bug 22287: ASSERTION FAILED: Not enough jumps linked in slow case codegen in CTI::privateCompileSlowCases())
+        <https://bugs.webkit.org/show_bug.cgi?id=22287>
+
+        Fix a typo in the number cell reuse code where the first and second
+        operands are sometimes confused.
+
+        * jit/JIT.cpp:
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+
+2008-11-18  Dan Bernstein  <mitz@apple.com>
+
+        - try to fix the Windows build
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+
+2008-11-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Minor RegExp cleanup.
+        
+        SunSpider says no change.
+
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::match): Renamed "regExpObj" to "regExpConstructor".
+
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp): Instead of checking for a NULL output vector,
+        ASSERT that the output vector is not NULL. (The rest of WREC is not
+        safe to use with a NULL output vector, and we probably don't want to
+        spend the time and/or performance to make it safe.)
+
+2008-11-18  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        A little more renaming and refactoring.
+        
+        VM_CHECK_EXCEPTION() => CHECK_FOR_EXCEPTION().
+        NEXT_INSTRUCTION => NEXT_INSTRUCTION().
+
+        Removed the "Error_" and "TempError_" prefixes from WREC error types.
+
+        Refactored the WREC parser so it doesn't need a "setError" function,
+        and changed "isEndOfPattern" and its use -- they read kind of backwards
+        before.
+        
+        Changed our "TODO:" error messages at least to say something, since you
+        can't say "TODO:" in shipping software.
+
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_op_loop_if_less):
+        (JSC::Interpreter::cti_op_loop_if_lesseq):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_lesseq):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_jless):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_less):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_push_scope):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_del_by_val):
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WRECParser.cpp:
+        (JSC::WREC::Parser::parseGreedyQuantifier):
+        (JSC::WREC::Parser::parseParentheses):
+        (JSC::WREC::Parser::parseCharacterClass):
+        (JSC::WREC::Parser::parseEscape):
+        * wrec/WRECParser.h:
+        (JSC::WREC::Parser::):
+        (JSC::WREC::Parser::atEndOfPattern):
+
+2008-11-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22337
+        Enable workers by default
+
+        * Configurations/JavaScriptCore.xcconfig: Define ENABLE_WORKERS.
+
+2008-11-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        - Windows build fix
+
+        * wrec/WRECFunctors.h:
+        * wrec/WRECGenerator.h:
+        * wrec/WRECParser.h:
+        CharacterClass is a struct, not a class, fix forward declarations.
+
+2008-11-18  Dan Bernstein  <mitz@apple.com>
+
+        - Windows build fix
+
+        * assembler/X86Assembler.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * wrec/Quantifier.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * assembler/AssemblerBuffer.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Split WREC classes out into individual files, with a few modifications
+        to more closely match the WebKit coding style.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler/X86Assembler.h:
+        * runtime/RegExp.cpp:
+        * wrec/CharacterClass.cpp: Copied from wrec/CharacterClassConstructor.cpp.
+        (JSC::WREC::CharacterClass::newline):
+        (JSC::WREC::CharacterClass::digits):
+        (JSC::WREC::CharacterClass::spaces):
+        (JSC::WREC::CharacterClass::wordchar):
+        (JSC::WREC::CharacterClass::nondigits):
+        (JSC::WREC::CharacterClass::nonspaces):
+        (JSC::WREC::CharacterClass::nonwordchar):
+        * wrec/CharacterClass.h: Copied from wrec/CharacterClassConstructor.h.
+        * wrec/CharacterClassConstructor.cpp:
+        (JSC::WREC::CharacterClassConstructor::addSortedRange):
+        (JSC::WREC::CharacterClassConstructor::append):
+        * wrec/CharacterClassConstructor.h:
+        * wrec/Quantifier.h: Copied from wrec/WREC.h.
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WREC.h:
+        * wrec/WRECFunctors.cpp: Copied from wrec/WREC.cpp.
+        * wrec/WRECFunctors.h: Copied from wrec/WREC.cpp.
+        (JSC::WREC::GenerateAtomFunctor::~GenerateAtomFunctor):
+        (JSC::WREC::GeneratePatternCharacterFunctor::GeneratePatternCharacterFunctor):
+        (JSC::WREC::GenerateCharacterClassFunctor::GenerateCharacterClassFunctor):
+        (JSC::WREC::GenerateBackreferenceFunctor::GenerateBackreferenceFunctor):
+        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
+        * wrec/WRECGenerator.cpp: Copied from wrec/WREC.cpp.
+        (JSC::WREC::Generator::generatePatternCharacter):
+        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
+        (JSC::WREC::Generator::generateCharacterClassInverted):
+        (JSC::WREC::Generator::generateCharacterClass):
+        (JSC::WREC::Generator::generateParentheses):
+        (JSC::WREC::Generator::generateAssertionBOL):
+        (JSC::WREC::Generator::generateAssertionEOL):
+        (JSC::WREC::Generator::generateAssertionWordBoundary):
+        * wrec/WRECGenerator.h: Copied from wrec/WREC.h.
+        * wrec/WRECParser.cpp: Copied from wrec/WREC.cpp.
+        (JSC::WREC::Parser::parseGreedyQuantifier):
+        (JSC::WREC::Parser::parseCharacterClassQuantifier):
+        (JSC::WREC::Parser::parseParentheses):
+        (JSC::WREC::Parser::parseCharacterClass):
+        (JSC::WREC::Parser::parseEscape):
+        (JSC::WREC::Parser::parseTerm):
+        * wrec/WRECParser.h: Copied from wrec/WREC.h.
+        (JSC::WREC::Parser::):
+        (JSC::WREC::Parser::Parser):
+        (JSC::WREC::Parser::setError):
+        (JSC::WREC::Parser::error):
+        (JSC::WREC::Parser::recordSubpattern):
+        (JSC::WREC::Parser::numSubpatterns):
+        (JSC::WREC::Parser::ignoreCase):
+        (JSC::WREC::Parser::multiline):
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix a few builds.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix a few builds.
+
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/CTI.* => jit/JIT.*.
+        
+        Removed VM.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp: Removed.
+        * VM/CTI.h: Removed.
+        * bytecode/CodeBlock.cpp:
+        * interpreter/Interpreter.cpp:
+        * jit: Added.
+        * jit/JIT.cpp: Copied from VM/CTI.cpp.
+        * jit/JIT.h: Copied from VM/CTI.h.
+        * runtime/RegExp.cpp:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved runtime/ExecState.* => interpreter/CallFrame.*.
+
+        * API/JSBase.cpp:
+        * API/OpaqueJSString.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * debugger/DebuggerCallFrame.h:
+        * interpreter/CallFrame.cpp: Copied from runtime/ExecState.cpp.
+        * interpreter/CallFrame.h: Copied from runtime/ExecState.h.
+        * interpreter/Interpreter.cpp:
+        * parser/Nodes.cpp:
+        * profiler/ProfileGenerator.cpp:
+        * profiler/Profiler.cpp:
+        * runtime/ClassInfo.h:
+        * runtime/Collector.cpp:
+        * runtime/Completion.cpp:
+        * runtime/ExceptionHelpers.cpp:
+        * runtime/ExecState.cpp: Removed.
+        * runtime/ExecState.h: Removed.
+        * runtime/Identifier.cpp:
+        * runtime/JSFunction.cpp:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        * runtime/JSLock.cpp:
+        * runtime/JSNumberCell.h:
+        * runtime/JSObject.h:
+        * runtime/JSString.h:
+        * runtime/Lookup.h:
+        * runtime/PropertyNameArray.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * API/APICast.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * API/APICast.h:
+        * runtime/ExecState.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/SamplingTool.* => bytecode/SamplingTool.*.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/SamplingTool.cpp: Removed.
+        * VM/SamplingTool.h: Removed.
+        * bytecode/SamplingTool.cpp: Copied from VM/SamplingTool.cpp.
+        * bytecode/SamplingTool.h: Copied from VM/SamplingTool.h.
+        * jsc.cpp:
+        (runWithScripts):
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * runtime/ExecState.h:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/ExceptionHelpers.cpp => runtime/ExceptionHelpers.cpp.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/ExceptionHelpers.cpp: Removed.
+        * runtime/ExceptionHelpers.cpp: Copied from VM/ExceptionHelpers.cpp.
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/RegisterFile.cpp => interpreter/RegisterFile.cpp.
+
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/RegisterFile.cpp: Removed.
+        * interpreter/RegisterFile.cpp: Copied from VM/RegisterFile.cpp.
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved:
+            VM/ExceptionHelpers.h => runtime/ExceptionHelpers.h
+            VM/Register.h => interpreter/Register.h
+            VM/RegisterFile.h => interpreter/RegisterFile.h
+        
+        
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/ExceptionHelpers.h: Removed.
+        * VM/Register.h: Removed.
+        * VM/RegisterFile.h: Removed.
+        * interpreter/Register.h: Copied from VM/Register.h.
+        * interpreter/RegisterFile.h: Copied from VM/RegisterFile.h.
+        * runtime/ExceptionHelpers.h: Copied from VM/ExceptionHelpers.h.
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * JavaScriptCore.pri:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/Machine.cpp => interpreter/Interpreter.cpp.
+
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/Machine.cpp: Removed.
+        * interpreter/Interpreter.cpp: Copied from VM/Machine.cpp.
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved VM/Machine.h => interpreter/Interpreter.h
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/ExceptionHelpers.cpp:
+        * VM/Machine.cpp:
+        * VM/Machine.h: Removed.
+        * VM/SamplingTool.cpp:
+        * bytecode/CodeBlock.cpp:
+        * bytecompiler/BytecodeGenerator.cpp:
+        * bytecompiler/BytecodeGenerator.h:
+        * debugger/DebuggerCallFrame.cpp:
+        * interpreter: Added.
+        * interpreter/Interpreter.h: Copied from VM/Machine.h.
+        * profiler/ProfileGenerator.cpp:
+        * runtime/Arguments.h:
+        * runtime/ArrayPrototype.cpp:
+        * runtime/Collector.cpp:
+        * runtime/Completion.cpp:
+        * runtime/ExecState.h:
+        * runtime/FunctionPrototype.cpp:
+        * runtime/JSActivation.cpp:
+        * runtime/JSFunction.cpp:
+        * runtime/JSGlobalData.cpp:
+        * runtime/JSGlobalObject.cpp:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        * wrec/WREC.cpp:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved runtime/Interpreter.cpp => runtime/Completion.cpp.
+
+        Moved functions from Interpreter.h to Completion.h, and removed
+        Interpreter.h from the project.
+
+        * API/JSBase.cpp:
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * jsc.cpp:
+        * runtime/Completion.cpp: Copied from runtime/Interpreter.cpp.
+        * runtime/Completion.h:
+        * runtime/Interpreter.cpp: Removed.
+        * runtime/Interpreter.h: Removed.
+
+2008-11-17  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=22312>
+        Fix PCRE include path problem on Qt-port
+
+        * JavaScriptCore.pri:
+        * pcre/pcre.pri:
+
+2008-11-17  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=22313>
+        Add missing CTI source to the build system on Qt-port
+
+        * JavaScriptCore.pri:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix JSGlue build.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * jsc.pro:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * JavaScriptCore.pri:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * JavaScriptCore.pri:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        More file moves:
+        
+        VM/CodeBlock.* => bytecode/CodeBlock.*
+        VM/EvalCodeCache.h => bytecode/EvalCodeCache.h
+        VM/Instruction.h => bytecode/Instruction.h
+        VM/Opcode.* => bytecode/Opcode.*
+
+        * GNUmakefile.am:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CodeBlock.cpp: Removed.
+        * VM/CodeBlock.h: Removed.
+        * VM/EvalCodeCache.h: Removed.
+        * VM/Instruction.h: Removed.
+        * VM/Opcode.cpp: Removed.
+        * VM/Opcode.h: Removed.
+        * bytecode: Added.
+        * bytecode/CodeBlock.cpp: Copied from VM/CodeBlock.cpp.
+        * bytecode/CodeBlock.h: Copied from VM/CodeBlock.h.
+        * bytecode/EvalCodeCache.h: Copied from VM/EvalCodeCache.h.
+        * bytecode/Instruction.h: Copied from VM/Instruction.h.
+        * bytecode/Opcode.cpp: Copied from VM/Opcode.cpp.
+        * bytecode/Opcode.h: Copied from VM/Opcode.h.
+        * jsc.pro:
+        * jscore.bkl:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix a few more builds.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCoreSources.bkl:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * GNUmakefile.am:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Some file moves:
+        
+        VM/LabelID.h => bytecompiler/Label.h
+        VM/RegisterID.h => bytecompiler/RegisterID.h
+        VM/SegmentedVector.h => bytecompiler/SegmentedVector.h
+        bytecompiler/CodeGenerator.* => bytecompiler/BytecodeGenerator.*
+
+        * AllInOneFile.cpp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/LabelID.h: Removed.
+        * VM/RegisterID.h: Removed.
+        * VM/SegmentedVector.h: Removed.
+        * bytecompiler/BytecodeGenerator.cpp: Copied from bytecompiler/CodeGenerator.cpp.
+        * bytecompiler/BytecodeGenerator.h: Copied from bytecompiler/CodeGenerator.h.
+        * bytecompiler/CodeGenerator.cpp: Removed.
+        * bytecompiler/CodeGenerator.h: Removed.
+        * bytecompiler/Label.h: Copied from VM/LabelID.h.
+        * bytecompiler/LabelScope.h:
+        * bytecompiler/RegisterID.h: Copied from VM/RegisterID.h.
+        * bytecompiler/SegmentedVector.h: Copied from VM/SegmentedVector.h.
+        * jsc.cpp:
+        * parser/Nodes.cpp:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved masm => assembler and split "AssemblerBuffer.h" out of "X86Assembler.h".
+        
+        Also renamed ENABLE_MASM to ENABLE_ASSEMBLER.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * assembler: Added.
+        * assembler/AssemblerBuffer.h: Copied from masm/X86Assembler.h.
+        (JSC::AssemblerBuffer::AssemblerBuffer):
+        (JSC::AssemblerBuffer::~AssemblerBuffer):
+        (JSC::AssemblerBuffer::ensureSpace):
+        (JSC::AssemblerBuffer::isAligned):
+        (JSC::AssemblerBuffer::putByteUnchecked):
+        (JSC::AssemblerBuffer::putByte):
+        (JSC::AssemblerBuffer::putShortUnchecked):
+        (JSC::AssemblerBuffer::putShort):
+        (JSC::AssemblerBuffer::putIntUnchecked):
+        (JSC::AssemblerBuffer::putInt):
+        (JSC::AssemblerBuffer::data):
+        (JSC::AssemblerBuffer::size):
+        (JSC::AssemblerBuffer::reset):
+        (JSC::AssemblerBuffer::executableCopy):
+        (JSC::AssemblerBuffer::grow):
+        * assembler/X86Assembler.h: Copied from masm/X86Assembler.h.
+        * masm: Removed.
+        * masm/X86Assembler.h: Removed.
+        * wtf/Platform.h:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * GNUmakefile.am:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Fixed tyop.
+
+        * VM/CTI.cpp:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix windows build.
+
+        * VM/CTI.cpp:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * GNUmakefile.am:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Renamed ENABLE_CTI and ENABLE(CTI) to ENABLE_JIT and ENABLE(JIT).
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        * VM/Machine.cpp:
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::initialize):
+        (JSC::Interpreter::~Interpreter):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::privateExecute):
+        * VM/Machine.h:
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::prepareJumpTableForStringSwitch):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+        * runtime/JSGlobalData.h:
+        * wrec/WREC.h:
+        * wtf/Platform.h:
+        * wtf/TCSystemAlloc.cpp:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix gtk build.
+
+        * VM/CTI.cpp:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by a few people on squirrelfish-dev.
+        
+        Renamed CTI => JIT.
+
+        * VM/CTI.cpp:
+        (JSC::JIT::killLastResultRegister):
+        (JSC::JIT::emitGetVirtualRegister):
+        (JSC::JIT::emitGetVirtualRegisters):
+        (JSC::JIT::emitPutCTIArgFromVirtualRegister):
+        (JSC::JIT::emitPutCTIArg):
+        (JSC::JIT::emitGetCTIArg):
+        (JSC::JIT::emitPutCTIArgConstant):
+        (JSC::JIT::getConstantImmediateNumericArg):
+        (JSC::JIT::emitPutCTIParam):
+        (JSC::JIT::emitGetCTIParam):
+        (JSC::JIT::emitPutToCallFrameHeader):
+        (JSC::JIT::emitGetFromCallFrameHeader):
+        (JSC::JIT::emitPutVirtualRegister):
+        (JSC::JIT::emitInitRegister):
+        (JSC::JIT::printBytecodeOperandTypes):
+        (JSC::JIT::emitAllocateNumber):
+        (JSC::JIT::emitNakedCall):
+        (JSC::JIT::emitNakedFastCall):
+        (JSC::JIT::emitCTICall):
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        (JSC::JIT::linkSlowCaseIfNotJSCell):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
+        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
+        (JSC::JIT::getDeTaggedConstantImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediate):
+        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::JIT::emitFastArithReTagImmediate):
+        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
+        (JSC::JIT::emitFastArithImmToInt):
+        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
+        (JSC::JIT::emitFastArithIntToImmNoCheck):
+        (JSC::JIT::emitArithIntToImmWithJump):
+        (JSC::JIT::emitTagAsBoolImmediate):
+        (JSC::JIT::JIT):
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallSetupArgs):
+        (JSC::JIT::compileOpCallEvalSetupArgs):
+        (JSC::JIT::compileOpConstructSetupArgs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpStrictEq):
+        (JSC::JIT::emitSlowScriptCheck):
+        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::JIT::compileBinaryArithOp):
+        (JSC::JIT::compileBinaryArithOpSlowCase):
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileLinkPass):
+        (JSC::JIT::privateCompileSlowCases):
+        (JSC::JIT::privateCompile):
+        (JSC::JIT::privateCompileGetByIdSelf):
+        (JSC::JIT::privateCompileGetByIdProto):
+        (JSC::JIT::privateCompileGetByIdChain):
+        (JSC::JIT::privateCompilePutByIdReplace):
+        (JSC::JIT::privateCompilePutByIdTransition):
+        (JSC::JIT::unlinkCall):
+        (JSC::JIT::linkCall):
+        (JSC::JIT::privateCompileCTIMachineTrampolines):
+        (JSC::JIT::freeCTIMachineTrampolines):
+        (JSC::JIT::patchGetByIdSelf):
+        (JSC::JIT::patchPutByIdReplace):
+        (JSC::JIT::privateCompilePatchGetArrayLength):
+        (JSC::JIT::emitGetVariableObjectRegister):
+        (JSC::JIT::emitPutVariableObjectRegister):
+        * VM/CTI.h:
+        (JSC::JIT::compile):
+        (JSC::JIT::compileGetByIdSelf):
+        (JSC::JIT::compileGetByIdProto):
+        (JSC::JIT::compileGetByIdChain):
+        (JSC::JIT::compilePutByIdReplace):
+        (JSC::JIT::compilePutByIdTransition):
+        (JSC::JIT::compileCTIMachineTrampolines):
+        (JSC::JIT::compilePatchGetArrayLength):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::unlinkCallers):
+        * VM/Machine.cpp:
+        (JSC::Interpreter::initialize):
+        (JSC::Interpreter::~Interpreter):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        * VM/Machine.h:
+        * VM/RegisterFile.h:
+        * parser/Nodes.h:
+        * runtime/JSArray.h:
+        * runtime/JSCell.h:
+        * runtime/JSFunction.h:
+        * runtime/JSImmediate.h:
+        * runtime/JSNumberCell.h:
+        * runtime/JSObject.h:
+        * runtime/JSString.h:
+        * runtime/JSVariableObject.h:
+        * runtime/ScopeChain.h:
+        * runtime/Structure.h:
+        * runtime/TypeInfo.h:
+        * runtime/UString.h:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix wx build.
+
+        * jscore.bkl:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Nixed X86:: and X86Assembler:: prefixes in a lot of places using typedefs.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetVirtualRegister):
+        (JSC::CTI::emitGetVirtualRegisters):
+        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
+        (JSC::CTI::emitPutCTIArg):
+        (JSC::CTI::emitGetCTIArg):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutVirtualRegister):
+        (JSC::CTI::emitNakedCall):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::CTI::emitFastArithReTagImmediate):
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        (JSC::CTI::emitFastArithImmToInt):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::emitFastArithIntToImmNoCheck):
+        (JSC::CTI::emitArithIntToImmWithJump):
+        (JSC::CTI::emitTagAsBoolImmediate):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::emitGetVariableObjectRegister):
+        (JSC::CTI::emitPutVariableObjectRegister):
+        * VM/CTI.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JmpTable::JmpTable):
+        (JSC::SlowCaseEntry::SlowCaseEntry):
+        (JSC::CTI::JSRInfo::JSRInfo):
+        * wrec/WREC.h:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * JavaScriptCore.pri:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed OBJECT_OFFSET => FIELD_OFFSET
+
+        Nixed use of OBJECT_OFFSET outside of CTI.cpp by making CTI a friend in
+        more places.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::emitGetVariableObjectRegister):
+        (JSC::CTI::emitPutVariableObjectRegister):
+        * runtime/JSValue.h:
+        * runtime/JSVariableObject.h:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renames:
+        
+        X86Assembler::copy => X86Assembler::executableCopy
+        AssemblerBuffer::copy => AssemblerBuffer::executableCopy
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        * masm/X86Assembler.h:
+        (JSC::AssemblerBuffer::executableCopy):
+        (JSC::X86Assembler::executableCopy):
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed WREC => JSC::WREC, removing JSC:: prefix in a lot of places.
+        Renamed WRECFunction => WREC::CompiledRegExp, and deployed this type
+        name in place of a few casts.
+
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::~RegExp):
+        (JSC::RegExp::match):
+        * runtime/RegExp.h:
+        * wrec/CharacterClassConstructor.cpp:
+        * wrec/CharacterClassConstructor.h:
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WREC.h:
+        (JSC::WREC::Generator::Generator):
+        (JSC::WREC::Parser::Parser):
+        (JSC::WREC::Parser::parseAlternative):
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed BytecodeInterpreter => Interpreter.
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::freeCTIMachineTrampolines):
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructures):
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        * VM/Machine.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::Interpreter::resolve):
+        (JSC::Interpreter::resolveSkip):
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::resolveBaseAndProperty):
+        (JSC::Interpreter::resolveBaseAndFunc):
+        (JSC::Interpreter::slideRegisterWindowForCall):
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::initialize):
+        (JSC::Interpreter::~Interpreter):
+        (JSC::Interpreter::dumpCallFrame):
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::isOpcode):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::debug):
+        (JSC::Interpreter::resetTimeoutCheck):
+        (JSC::Interpreter::checkTimeout):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::uncachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::uncacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        (JSC::Interpreter::retrieveCaller):
+        (JSC::Interpreter::retrieveLastCaller):
+        (JSC::Interpreter::findFunctionCallFrame):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_end):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_timeout_check):
+        (JSC::Interpreter::cti_register_file_check):
+        (JSC::Interpreter::cti_op_loop_if_less):
+        (JSC::Interpreter::cti_op_loop_if_lesseq):
+        (JSC::Interpreter::cti_op_new_object):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_new_func):
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_op_call_arityCheck):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        (JSC::Interpreter::cti_op_push_activation):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_create_arguments):
+        (JSC::Interpreter::cti_op_create_arguments_no_params):
+        (JSC::Interpreter::cti_op_tear_off_activation):
+        (JSC::Interpreter::cti_op_tear_off_arguments):
+        (JSC::Interpreter::cti_op_profile_will_call):
+        (JSC::Interpreter::cti_op_profile_did_call):
+        (JSC::Interpreter::cti_op_ret_scopeChain):
+        (JSC::Interpreter::cti_op_new_array):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_JSConstruct):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_lesseq):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_resolve_base):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_jless):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_new_func_exp):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_less):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_new_regexp):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_call_eval):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_get_pnames):
+        (JSC::Interpreter::cti_op_next_pname):
+        (JSC::Interpreter::cti_op_push_scope):
+        (JSC::Interpreter::cti_op_pop_scope):
+        (JSC::Interpreter::cti_op_typeof):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_is_boolean):
+        (JSC::Interpreter::cti_op_is_number):
+        (JSC::Interpreter::cti_op_is_string):
+        (JSC::Interpreter::cti_op_is_object):
+        (JSC::Interpreter::cti_op_is_function):
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_push_new_scope):
+        (JSC::Interpreter::cti_op_jmp_scopes):
+        (JSC::Interpreter::cti_op_put_by_index):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_op_del_by_val):
+        (JSC::Interpreter::cti_op_put_getter):
+        (JSC::Interpreter::cti_op_put_setter):
+        (JSC::Interpreter::cti_op_new_error):
+        (JSC::Interpreter::cti_op_debug):
+        (JSC::Interpreter::cti_vm_throw):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        * jsc.cpp:
+        (runWithScripts):
+        * runtime/ExecState.h:
+        (JSC::ExecState::interpreter):
+        * runtime/JSCell.h:
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSString.h:
+        * wrec/WREC.cpp:
+        (WREC::compileRegExp):
+        * wrec/WREC.h:
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Roll out r38461 (my last patch) because it broke the world.
+
+2008-11-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        A few more renames:
+
+        BytecodeInterpreter => Interpreter
+        WREC => JSC::WREC, removing JSC:: prefix in a lot of places
+        X86Assembler::copy => X86Assembler::executableCopy
+        AssemblerBuffer::copy => AssemblerBuffer::executableCopy
+        WRECFunction => WREC::RegExpFunction
+        OBJECT_OFFSET => FIELD_OFFSET
+        
+        Also:
+
+        Nixed use of OBJECT_OFFSET outside of CTI.cpp by making CTI a friend in more places.
+        Nixed X86:: and X86Assembler:: prefixes in a lot of places using typedefs
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitGetVirtualRegister):
+        (JSC::CTI::emitGetVirtualRegisters):
+        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
+        (JSC::CTI::emitPutCTIArg):
+        (JSC::CTI::emitGetCTIArg):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutVirtualRegister):
+        (JSC::CTI::emitNakedCall):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::CTI::emitFastArithReTagImmediate):
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        (JSC::CTI::emitFastArithImmToInt):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::emitFastArithIntToImmNoCheck):
+        (JSC::CTI::emitArithIntToImmWithJump):
+        (JSC::CTI::emitTagAsBoolImmediate):
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::freeCTIMachineTrampolines):
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::emitGetVariableObjectRegister):
+        (JSC::CTI::emitPutVariableObjectRegister):
+        * VM/CTI.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JmpTable::JmpTable):
+        (JSC::SlowCaseEntry::SlowCaseEntry):
+        (JSC::CTI::JSRInfo::JSRInfo):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructures):
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        * VM/Machine.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::Interpreter::resolve):
+        (JSC::Interpreter::resolveSkip):
+        (JSC::Interpreter::resolveGlobal):
+        (JSC::Interpreter::resolveBase):
+        (JSC::Interpreter::resolveBaseAndProperty):
+        (JSC::Interpreter::resolveBaseAndFunc):
+        (JSC::Interpreter::slideRegisterWindowForCall):
+        (JSC::Interpreter::callEval):
+        (JSC::Interpreter::Interpreter):
+        (JSC::Interpreter::initialize):
+        (JSC::Interpreter::~Interpreter):
+        (JSC::Interpreter::dumpCallFrame):
+        (JSC::Interpreter::dumpRegisters):
+        (JSC::Interpreter::isOpcode):
+        (JSC::Interpreter::unwindCallFrame):
+        (JSC::Interpreter::throwException):
+        (JSC::Interpreter::execute):
+        (JSC::Interpreter::debug):
+        (JSC::Interpreter::resetTimeoutCheck):
+        (JSC::Interpreter::checkTimeout):
+        (JSC::Interpreter::createExceptionScope):
+        (JSC::Interpreter::tryCachePutByID):
+        (JSC::Interpreter::uncachePutByID):
+        (JSC::Interpreter::tryCacheGetByID):
+        (JSC::Interpreter::uncacheGetByID):
+        (JSC::Interpreter::privateExecute):
+        (JSC::Interpreter::retrieveArguments):
+        (JSC::Interpreter::retrieveCaller):
+        (JSC::Interpreter::retrieveLastCaller):
+        (JSC::Interpreter::findFunctionCallFrame):
+        (JSC::Interpreter::tryCTICachePutByID):
+        (JSC::Interpreter::tryCTICacheGetByID):
+        (JSC::):
+        (JSC::Interpreter::cti_op_convert_this):
+        (JSC::Interpreter::cti_op_end):
+        (JSC::Interpreter::cti_op_add):
+        (JSC::Interpreter::cti_op_pre_inc):
+        (JSC::Interpreter::cti_timeout_check):
+        (JSC::Interpreter::cti_register_file_check):
+        (JSC::Interpreter::cti_op_loop_if_less):
+        (JSC::Interpreter::cti_op_loop_if_lesseq):
+        (JSC::Interpreter::cti_op_new_object):
+        (JSC::Interpreter::cti_op_put_by_id):
+        (JSC::Interpreter::cti_op_put_by_id_second):
+        (JSC::Interpreter::cti_op_put_by_id_generic):
+        (JSC::Interpreter::cti_op_put_by_id_fail):
+        (JSC::Interpreter::cti_op_get_by_id):
+        (JSC::Interpreter::cti_op_get_by_id_second):
+        (JSC::Interpreter::cti_op_get_by_id_generic):
+        (JSC::Interpreter::cti_op_get_by_id_fail):
+        (JSC::Interpreter::cti_op_instanceof):
+        (JSC::Interpreter::cti_op_del_by_id):
+        (JSC::Interpreter::cti_op_mul):
+        (JSC::Interpreter::cti_op_new_func):
+        (JSC::Interpreter::cti_op_call_JSFunction):
+        (JSC::Interpreter::cti_op_call_arityCheck):
+        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
+        (JSC::Interpreter::cti_vm_lazyLinkCall):
+        (JSC::Interpreter::cti_op_push_activation):
+        (JSC::Interpreter::cti_op_call_NotJSFunction):
+        (JSC::Interpreter::cti_op_create_arguments):
+        (JSC::Interpreter::cti_op_create_arguments_no_params):
+        (JSC::Interpreter::cti_op_tear_off_activation):
+        (JSC::Interpreter::cti_op_tear_off_arguments):
+        (JSC::Interpreter::cti_op_profile_will_call):
+        (JSC::Interpreter::cti_op_profile_did_call):
+        (JSC::Interpreter::cti_op_ret_scopeChain):
+        (JSC::Interpreter::cti_op_new_array):
+        (JSC::Interpreter::cti_op_resolve):
+        (JSC::Interpreter::cti_op_construct_JSConstruct):
+        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
+        (JSC::Interpreter::cti_op_get_by_val):
+        (JSC::Interpreter::cti_op_resolve_func):
+        (JSC::Interpreter::cti_op_sub):
+        (JSC::Interpreter::cti_op_put_by_val):
+        (JSC::Interpreter::cti_op_put_by_val_array):
+        (JSC::Interpreter::cti_op_lesseq):
+        (JSC::Interpreter::cti_op_loop_if_true):
+        (JSC::Interpreter::cti_op_negate):
+        (JSC::Interpreter::cti_op_resolve_base):
+        (JSC::Interpreter::cti_op_resolve_skip):
+        (JSC::Interpreter::cti_op_resolve_global):
+        (JSC::Interpreter::cti_op_div):
+        (JSC::Interpreter::cti_op_pre_dec):
+        (JSC::Interpreter::cti_op_jless):
+        (JSC::Interpreter::cti_op_not):
+        (JSC::Interpreter::cti_op_jtrue):
+        (JSC::Interpreter::cti_op_post_inc):
+        (JSC::Interpreter::cti_op_eq):
+        (JSC::Interpreter::cti_op_lshift):
+        (JSC::Interpreter::cti_op_bitand):
+        (JSC::Interpreter::cti_op_rshift):
+        (JSC::Interpreter::cti_op_bitnot):
+        (JSC::Interpreter::cti_op_resolve_with_base):
+        (JSC::Interpreter::cti_op_new_func_exp):
+        (JSC::Interpreter::cti_op_mod):
+        (JSC::Interpreter::cti_op_less):
+        (JSC::Interpreter::cti_op_neq):
+        (JSC::Interpreter::cti_op_post_dec):
+        (JSC::Interpreter::cti_op_urshift):
+        (JSC::Interpreter::cti_op_bitxor):
+        (JSC::Interpreter::cti_op_new_regexp):
+        (JSC::Interpreter::cti_op_bitor):
+        (JSC::Interpreter::cti_op_call_eval):
+        (JSC::Interpreter::cti_op_throw):
+        (JSC::Interpreter::cti_op_get_pnames):
+        (JSC::Interpreter::cti_op_next_pname):
+        (JSC::Interpreter::cti_op_push_scope):
+        (JSC::Interpreter::cti_op_pop_scope):
+        (JSC::Interpreter::cti_op_typeof):
+        (JSC::Interpreter::cti_op_is_undefined):
+        (JSC::Interpreter::cti_op_is_boolean):
+        (JSC::Interpreter::cti_op_is_number):
+        (JSC::Interpreter::cti_op_is_string):
+        (JSC::Interpreter::cti_op_is_object):
+        (JSC::Interpreter::cti_op_is_function):
+        (JSC::Interpreter::cti_op_stricteq):
+        (JSC::Interpreter::cti_op_nstricteq):
+        (JSC::Interpreter::cti_op_to_jsnumber):
+        (JSC::Interpreter::cti_op_in):
+        (JSC::Interpreter::cti_op_push_new_scope):
+        (JSC::Interpreter::cti_op_jmp_scopes):
+        (JSC::Interpreter::cti_op_put_by_index):
+        (JSC::Interpreter::cti_op_switch_imm):
+        (JSC::Interpreter::cti_op_switch_char):
+        (JSC::Interpreter::cti_op_switch_string):
+        (JSC::Interpreter::cti_op_del_by_val):
+        (JSC::Interpreter::cti_op_put_getter):
+        (JSC::Interpreter::cti_op_put_setter):
+        (JSC::Interpreter::cti_op_new_error):
+        (JSC::Interpreter::cti_op_debug):
+        (JSC::Interpreter::cti_vm_throw):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * VM/SamplingTool.cpp:
+        (JSC::SamplingTool::dump):
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        * jsc.cpp:
+        (runWithScripts):
+        * masm/X86Assembler.h:
+        (JSC::AssemblerBuffer::executableCopy):
+        (JSC::X86Assembler::executableCopy):
+        * runtime/ExecState.h:
+        (JSC::ExecState::interpreter):
+        * runtime/JSCell.h:
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSImmediate.h:
+        * runtime/JSString.h:
+        * runtime/JSValue.h:
+        * runtime/JSVariableObject.h:
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::~RegExp):
+        (JSC::RegExp::match):
+        * runtime/RegExp.h:
+        * wrec/CharacterClassConstructor.cpp:
+        * wrec/CharacterClassConstructor.h:
+        * wrec/WREC.cpp:
+        (JSC::WREC::compileRegExp):
+        * wrec/WREC.h:
+        (JSC::WREC::Generator::Generator):
+        (JSC::WREC::Parser::):
+        (JSC::WREC::Parser::Parser):
+        (JSC::WREC::Parser::parseAlternative):
+
+2008-11-16  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21810
+        Remove use of static C++ objects that are destroyed at exit time (destructors)
+
+        Conditionally have the DEFINE_STATIC_LOCAL workaround <rdar://problem/6354696> 
+        (Codegen issue with C++ static reference in gcc build 5465) based upon the compiler 
+        build versions. It will use the:
+        static T& = *new T;
+        style for all other compilers.
+
+        * wtf/StdLibExtras.h:
+
+2008-11-16  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22290
+        Remove cross-heap GC and MessagePort multi-threading support
+
+        It is broken (and may not be implementable at all), and no longer needed, as we
+        don't use MessagePorts for communication with workers any more.
+
+        * JavaScriptCore.exp:
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect):
+        * runtime/JSGlobalObject.cpp:
+        * runtime/JSGlobalObject.h:
+        Remove hooks for cross-heap GC.
+
+2008-11-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Cleanup jsc command line code a little.
+
+        * jsc.cpp:
+        (functionQuit):
+        (main): Use standard exit status macros
+        (cleanupGlobalData): Factor out cleanup code into this function.
+        (printUsageStatement): Use standard exit status macros.
+
+2008-11-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Cleanup BytecodeGenerator constructors.
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        * bytecompiler/CodeGenerator.h:
+        * parser/Nodes.cpp:
+        (JSC::ProgramNode::generateBytecode):
+
+2008-11-15  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Geoff Garen.
+
+        - do the long-planned StructureID -> Structure rename
+
+        * API/JSCallbackConstructor.cpp:
+        (JSC::JSCallbackConstructor::JSCallbackConstructor):
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructure):
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructure):
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructure):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::JSCallbackObject):
+        * API/JSValueRef.cpp:
+        (JSValueIsInstanceOfConstructor):
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.scons:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CTI.cpp:
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::transitionWillNeedStorageRealloc):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        * VM/CTI.h:
+        (JSC::CTI::compileGetByIdSelf):
+        (JSC::CTI::compileGetByIdProto):
+        (JSC::CTI::compileGetByIdChain):
+        (JSC::CTI::compilePutByIdReplace):
+        (JSC::CTI::compilePutByIdTransition):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructure):
+        (JSC::CodeBlock::printStructures):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::derefStructures):
+        (JSC::CodeBlock::refStructures):
+        * VM/CodeBlock.h:
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+        (JSC::Instruction::):
+        * VM/Machine.cpp:
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::BytecodeInterpreter::resolveGlobal):
+        (JSC::BytecodeInterpreter::BytecodeInterpreter):
+        (JSC::cachePrototypeChain):
+        (JSC::BytecodeInterpreter::tryCachePutByID):
+        (JSC::BytecodeInterpreter::uncachePutByID):
+        (JSC::BytecodeInterpreter::tryCacheGetByID):
+        (JSC::BytecodeInterpreter::uncacheGetByID):
+        (JSC::BytecodeInterpreter::privateExecute):
+        (JSC::BytecodeInterpreter::tryCTICachePutByID):
+        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
+        (JSC::BytecodeInterpreter::cti_op_instanceof):
+        (JSC::BytecodeInterpreter::cti_op_construct_JSConstruct):
+        (JSC::BytecodeInterpreter::cti_op_resolve_global):
+        (JSC::BytecodeInterpreter::cti_op_is_undefined):
+        * runtime/Arguments.h:
+        (JSC::Arguments::createStructure):
+        * runtime/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        * runtime/ArrayConstructor.h:
+        * runtime/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::ArrayPrototype):
+        * runtime/ArrayPrototype.h:
+        * runtime/BatchedTransitionOptimizer.h:
+        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
+        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
+        * runtime/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * runtime/BooleanConstructor.h:
+        * runtime/BooleanObject.cpp:
+        (JSC::BooleanObject::BooleanObject):
+        * runtime/BooleanObject.h:
+        * runtime/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * runtime/BooleanPrototype.h:
+        * runtime/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * runtime/DateConstructor.h:
+        * runtime/DateInstance.cpp:
+        (JSC::DateInstance::DateInstance):
+        * runtime/DateInstance.h:
+        * runtime/DatePrototype.cpp:
+        (JSC::DatePrototype::DatePrototype):
+        * runtime/DatePrototype.h:
+        (JSC::DatePrototype::createStructure):
+        * runtime/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        * runtime/ErrorConstructor.h:
+        * runtime/ErrorInstance.cpp:
+        (JSC::ErrorInstance::ErrorInstance):
+        * runtime/ErrorInstance.h:
+        * runtime/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * runtime/ErrorPrototype.h:
+        * runtime/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * runtime/FunctionConstructor.h:
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * runtime/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructure):
+        * runtime/GlobalEvalFunction.cpp:
+        (JSC::GlobalEvalFunction::GlobalEvalFunction):
+        * runtime/GlobalEvalFunction.h:
+        * runtime/Identifier.h:
+        * runtime/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction):
+        * runtime/InternalFunction.h:
+        (JSC::InternalFunction::createStructure):
+        (JSC::InternalFunction::InternalFunction):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::createStructure):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        * runtime/JSArray.h:
+        (JSC::JSArray::createStructure):
+        * runtime/JSCell.h:
+        (JSC::JSCell::JSCell):
+        (JSC::JSCell::isObject):
+        (JSC::JSCell::isString):
+        (JSC::JSCell::structure):
+        (JSC::JSValue::needsThisConversion):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::createStructure):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::createLeaked):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::markIfNeeded):
+        (JSC::JSGlobalObject::reset):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        (JSC::JSGlobalObject::argumentsStructure):
+        (JSC::JSGlobalObject::arrayStructure):
+        (JSC::JSGlobalObject::booleanObjectStructure):
+        (JSC::JSGlobalObject::callbackConstructorStructure):
+        (JSC::JSGlobalObject::callbackFunctionStructure):
+        (JSC::JSGlobalObject::callbackObjectStructure):
+        (JSC::JSGlobalObject::dateStructure):
+        (JSC::JSGlobalObject::emptyObjectStructure):
+        (JSC::JSGlobalObject::errorStructure):
+        (JSC::JSGlobalObject::functionStructure):
+        (JSC::JSGlobalObject::numberObjectStructure):
+        (JSC::JSGlobalObject::prototypeFunctionStructure):
+        (JSC::JSGlobalObject::regExpMatchesArrayStructure):
+        (JSC::JSGlobalObject::regExpStructure):
+        (JSC::JSGlobalObject::stringObjectStructure):
+        (JSC::JSGlobalObject::createStructure):
+        (JSC::Structure::prototypeForLookup):
+        * runtime/JSNotAnObject.h:
+        (JSC::JSNotAnObject::createStructure):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructure):
+        (JSC::JSNumberCell::JSNumberCell):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::put):
+        (JSC::JSObject::deleteProperty):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        (JSC::JSObject::getPropertyAttributes):
+        (JSC::JSObject::getPropertyNames):
+        (JSC::JSObject::removeDirect):
+        (JSC::JSObject::createInheritorID):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::hasCustomProperties):
+        (JSC::JSObject::hasGetterSetterProperties):
+        (JSC::JSObject::createStructure):
+        (JSC::JSObject::JSObject):
+        (JSC::JSObject::~JSObject):
+        (JSC::JSObject::prototype):
+        (JSC::JSObject::setPrototype):
+        (JSC::JSObject::setStructure):
+        (JSC::JSObject::inheritorID):
+        (JSC::JSObject::inlineGetOwnPropertySlot):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSCell::fastGetOwnPropertySlot):
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::putDirectWithoutTransition):
+        (JSC::JSObject::transitionTo):
+        * runtime/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::next):
+        * runtime/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::createStructure):
+        * runtime/JSString.h:
+        (JSC::JSString::JSString):
+        (JSC::JSString::createStructure):
+        * runtime/JSVariableObject.h:
+        (JSC::JSVariableObject::JSVariableObject):
+        * runtime/JSWrapperObject.h:
+        (JSC::JSWrapperObject::JSWrapperObject):
+        * runtime/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * runtime/MathObject.h:
+        (JSC::MathObject::createStructure):
+        * runtime/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        * runtime/NativeErrorConstructor.h:
+        * runtime/NativeErrorPrototype.cpp:
+        (JSC::NativeErrorPrototype::NativeErrorPrototype):
+        * runtime/NativeErrorPrototype.h:
+        * runtime/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * runtime/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructure):
+        * runtime/NumberObject.cpp:
+        (JSC::NumberObject::NumberObject):
+        * runtime/NumberObject.h:
+        * runtime/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * runtime/NumberPrototype.h:
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * runtime/ObjectConstructor.h:
+        * runtime/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * runtime/ObjectPrototype.h:
+        * runtime/Operations.h:
+        (JSC::equalSlowCaseInline):
+        * runtime/PropertyNameArray.h:
+        (JSC::PropertyNameArrayData::setCachedStructure):
+        (JSC::PropertyNameArrayData::cachedStructure):
+        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
+        (JSC::PropertyNameArrayData::cachedPrototypeChain):
+        (JSC::PropertyNameArrayData::PropertyNameArrayData):
+        * runtime/PrototypeFunction.cpp:
+        (JSC::PrototypeFunction::PrototypeFunction):
+        * runtime/PrototypeFunction.h:
+        * runtime/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        * runtime/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructure):
+        * runtime/RegExpObject.cpp:
+        (JSC::RegExpObject::RegExpObject):
+        * runtime/RegExpObject.h:
+        (JSC::RegExpObject::createStructure):
+        * runtime/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * runtime/RegExpPrototype.h:
+        * runtime/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        * runtime/StringConstructor.h:
+        * runtime/StringObject.cpp:
+        (JSC::StringObject::StringObject):
+        * runtime/StringObject.h:
+        (JSC::StringObject::createStructure):
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::create):
+        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
+        * runtime/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * runtime/StringPrototype.h:
+        * runtime/Structure.cpp: Copied from JavaScriptCore/runtime/StructureID.cpp.
+        (JSC::Structure::dumpStatistics):
+        (JSC::Structure::Structure):
+        (JSC::Structure::~Structure):
+        (JSC::Structure::startIgnoringLeaks):
+        (JSC::Structure::stopIgnoringLeaks):
+        (JSC::Structure::materializePropertyMap):
+        (JSC::Structure::getEnumerablePropertyNames):
+        (JSC::Structure::clearEnumerationCache):
+        (JSC::Structure::growPropertyStorageCapacity):
+        (JSC::Structure::addPropertyTransitionToExistingStructure):
+        (JSC::Structure::addPropertyTransition):
+        (JSC::Structure::removePropertyTransition):
+        (JSC::Structure::changePrototypeTransition):
+        (JSC::Structure::getterSetterTransition):
+        (JSC::Structure::toDictionaryTransition):
+        (JSC::Structure::fromDictionaryTransition):
+        (JSC::Structure::addPropertyWithoutTransition):
+        (JSC::Structure::removePropertyWithoutTransition):
+        (JSC::Structure::createCachedPrototypeChain):
+        (JSC::Structure::checkConsistency):
+        (JSC::Structure::copyPropertyTable):
+        (JSC::Structure::get):
+        (JSC::Structure::put):
+        (JSC::Structure::remove):
+        (JSC::Structure::insertIntoPropertyMapHashTable):
+        (JSC::Structure::createPropertyMapHashTable):
+        (JSC::Structure::expandPropertyMapHashTable):
+        (JSC::Structure::rehashPropertyMapHashTable):
+        (JSC::Structure::getEnumerablePropertyNamesInternal):
+        * runtime/Structure.h: Copied from JavaScriptCore/runtime/StructureID.h.
+        (JSC::Structure::create):
+        (JSC::Structure::previousID):
+        (JSC::Structure::setCachedPrototypeChain):
+        (JSC::Structure::cachedPrototypeChain):
+        (JSC::Structure::):
+        (JSC::Structure::get):
+        * runtime/StructureChain.cpp: Copied from JavaScriptCore/runtime/StructureIDChain.cpp.
+        (JSC::StructureChain::StructureChain):
+        (JSC::structureChainsAreEqual):
+        * runtime/StructureChain.h: Copied from JavaScriptCore/runtime/StructureIDChain.h.
+        (JSC::StructureChain::create):
+        (JSC::StructureChain::head):
+        * runtime/StructureID.cpp: Removed.
+        * runtime/StructureID.h: Removed.
+        * runtime/StructureIDChain.cpp: Removed.
+        * runtime/StructureIDChain.h: Removed.
+        * runtime/StructureIDTransitionTable.h: Removed.
+        * runtime/StructureTransitionTable.h: Copied from JavaScriptCore/runtime/StructureIDTransitionTable.h.
+
+2008-11-15  Darin Adler  <darin@apple.com>
+
+        - fix non-WREC build
+
+        * runtime/RegExp.cpp: Put "using namespace WREC" inside #if ENABLE(WREC).
+
+2008-11-15  Kevin Ollivier  <kevino@theolliviers.com>
+
+        Reviewed by Timothy Hatcher.
+        
+        As ThreadingNone doesn't implement threads, isMainThread should return true,
+        not false.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=22285
+
+        * wtf/ThreadingNone.cpp:
+        (WTF::isMainThread):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Moved all WREC-related code into WREC.cpp and put it in a WREC namespace.
+        Removed the WREC prefix from class names.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/Machine.h:
+        (JSC::BytecodeInterpreter::assemblerBuffer):
+        * masm/X86Assembler.h:
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+        * wrec/CharacterClassConstructor.cpp:
+        * wrec/CharacterClassConstructor.h:
+        * wrec/WREC.cpp:
+        (WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
+        (WREC::GeneratePatternCharacterFunctor::generateAtom):
+        (WREC::GeneratePatternCharacterFunctor::backtrack):
+        (WREC::GenerateCharacterClassFunctor::generateAtom):
+        (WREC::GenerateCharacterClassFunctor::backtrack):
+        (WREC::GenerateBackreferenceFunctor::generateAtom):
+        (WREC::GenerateBackreferenceFunctor::backtrack):
+        (WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
+        (WREC::GenerateParenthesesNonGreedyFunctor::backtrack):
+        (WREC::Generator::generateBacktrack1):
+        (WREC::Generator::generateBacktrackBackreference):
+        (WREC::Generator::generateBackreferenceQuantifier):
+        (WREC::Generator::generateNonGreedyQuantifier):
+        (WREC::Generator::generateGreedyQuantifier):
+        (WREC::Generator::generatePatternCharacter):
+        (WREC::Generator::generateCharacterClassInvertedRange):
+        (WREC::Generator::generateCharacterClassInverted):
+        (WREC::Generator::generateCharacterClass):
+        (WREC::Generator::generateParentheses):
+        (WREC::Generator::generateParenthesesNonGreedy):
+        (WREC::Generator::generateParenthesesResetTrampoline):
+        (WREC::Generator::generateAssertionBOL):
+        (WREC::Generator::generateAssertionEOL):
+        (WREC::Generator::generateAssertionWordBoundary):
+        (WREC::Generator::generateBackreference):
+        (WREC::Generator::generateDisjunction):
+        (WREC::Generator::terminateDisjunction):
+        (WREC::Parser::parseGreedyQuantifier):
+        (WREC::Parser::parseQuantifier):
+        (WREC::Parser::parsePatternCharacterQualifier):
+        (WREC::Parser::parseCharacterClassQuantifier):
+        (WREC::Parser::parseBackreferenceQuantifier):
+        (WREC::Parser::parseParentheses):
+        (WREC::Parser::parseCharacterClass):
+        (WREC::Parser::parseOctalEscape):
+        (WREC::Parser::parseEscape):
+        (WREC::Parser::parseTerm):
+        (WREC::Parser::parseDisjunction):
+        (WREC::compileRegExp):
+        * wrec/WREC.h:
+        (WREC::Generator::Generator):
+        (WREC::Parser::Parser):
+        (WREC::Parser::parseAlternative):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Changed another case of "m_jit" to "m_assembler".
+
+        * VM/CTI.cpp:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+        (JSC::WRECGenerator::WRECGenerator):
+        (JSC::WRECParser::WRECParser):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed "jit" to "assembler" and, for brevity, replaced *jit.* with __
+        using a macro.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetVirtualRegister):
+        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
+        (JSC::CTI::emitPutCTIArg):
+        (JSC::CTI::emitGetCTIArg):
+        (JSC::CTI::emitPutCTIArgConstant):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutVirtualRegister):
+        (JSC::CTI::emitInitRegister):
+        (JSC::CTI::emitAllocateNumber):
+        (JSC::CTI::emitNakedCall):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::linkSlowCaseIfNotJSCell):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::CTI::emitFastArithReTagImmediate):
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        (JSC::CTI::emitFastArithImmToInt):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::emitFastArithIntToImmNoCheck):
+        (JSC::CTI::emitArithIntToImmWithJump):
+        (JSC::CTI::emitTagAsBoolImmediate):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileLinkPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::emitGetVariableObjectRegister):
+        (JSC::CTI::emitPutVariableObjectRegister):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generateBacktrack1):
+        (JSC::WRECGenerator::generateBacktrackBackreference):
+        (JSC::WRECGenerator::generateBackreferenceQuantifier):
+        (JSC::WRECGenerator::generateNonGreedyQuantifier):
+        (JSC::WRECGenerator::generateGreedyQuantifier):
+        (JSC::WRECGenerator::generatePatternCharacter):
+        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
+        (JSC::WRECGenerator::generateCharacterClassInverted):
+        (JSC::WRECGenerator::generateCharacterClass):
+        (JSC::WRECGenerator::generateParentheses):
+        (JSC::WRECGenerator::generateParenthesesNonGreedy):
+        (JSC::WRECGenerator::generateParenthesesResetTrampoline):
+        (JSC::WRECGenerator::generateAssertionBOL):
+        (JSC::WRECGenerator::generateAssertionEOL):
+        (JSC::WRECGenerator::generateAssertionWordBoundary):
+        (JSC::WRECGenerator::generateBackreference):
+        (JSC::WRECGenerator::generateDisjunction):
+        (JSC::WRECGenerator::terminateDisjunction):
+
+2008-11-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove dead method declaration.
+
+        * bytecompiler/CodeGenerator.h:
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed LabelID to Label, Label::isForwardLabel to Label::isForward.
+
+        * VM/LabelID.h:
+        (JSC::Label::Label):
+        (JSC::Label::isForward):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::newLabel):
+        (JSC::BytecodeGenerator::emitLabel):
+        (JSC::BytecodeGenerator::emitJump):
+        (JSC::BytecodeGenerator::emitJumpIfTrue):
+        (JSC::BytecodeGenerator::emitJumpIfFalse):
+        (JSC::BytecodeGenerator::pushFinallyContext):
+        (JSC::BytecodeGenerator::emitComplexJumpScopes):
+        (JSC::BytecodeGenerator::emitJumpScopes):
+        (JSC::BytecodeGenerator::emitNextPropertyName):
+        (JSC::BytecodeGenerator::emitCatch):
+        (JSC::BytecodeGenerator::emitJumpSubroutine):
+        (JSC::prepareJumpTableForImmediateSwitch):
+        (JSC::prepareJumpTableForCharacterSwitch):
+        (JSC::prepareJumpTableForStringSwitch):
+        (JSC::BytecodeGenerator::endSwitch):
+        * bytecompiler/CodeGenerator.h:
+        * bytecompiler/LabelScope.h:
+        (JSC::LabelScope::LabelScope):
+        (JSC::LabelScope::breakTarget):
+        (JSC::LabelScope::continueTarget):
+        * parser/Nodes.cpp:
+        (JSC::LogicalOpNode::emitBytecode):
+        (JSC::ConditionalNode::emitBytecode):
+        (JSC::IfNode::emitBytecode):
+        (JSC::IfElseNode::emitBytecode):
+        (JSC::DoWhileNode::emitBytecode):
+        (JSC::WhileNode::emitBytecode):
+        (JSC::ForNode::emitBytecode):
+        (JSC::ForInNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::CaseBlockNode::emitBytecodeForBlock):
+        (JSC::TryNode::emitBytecode):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed JITCodeBuffer to AssemblerBuffer and renamed its data members
+        to be more like the rest of our buffer classes, with a size and a
+        capacity.
+        
+        Added an assert in the unchecked put case to match the test in the checked
+        put case.
+        
+        Changed a C-style cast to a C++-style cast.
+        
+        Renamed MAX_INSTRUCTION_SIZE to maxInstructionSize.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileRegExp):
+        * VM/Machine.cpp:
+        (JSC::BytecodeInterpreter::BytecodeInterpreter):
+        * VM/Machine.h:
+        (JSC::BytecodeInterpreter::assemblerBuffer):
+        * masm/X86Assembler.h:
+        (JSC::AssemblerBuffer::AssemblerBuffer):
+        (JSC::AssemblerBuffer::~AssemblerBuffer):
+        (JSC::AssemblerBuffer::ensureSpace):
+        (JSC::AssemblerBuffer::isAligned):
+        (JSC::AssemblerBuffer::putByteUnchecked):
+        (JSC::AssemblerBuffer::putByte):
+        (JSC::AssemblerBuffer::putShortUnchecked):
+        (JSC::AssemblerBuffer::putShort):
+        (JSC::AssemblerBuffer::putIntUnchecked):
+        (JSC::AssemblerBuffer::putInt):
+        (JSC::AssemblerBuffer::data):
+        (JSC::AssemblerBuffer::size):
+        (JSC::AssemblerBuffer::reset):
+        (JSC::AssemblerBuffer::copy):
+        (JSC::AssemblerBuffer::grow):
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::X86Assembler):
+        (JSC::X86Assembler::testl_i32r):
+        (JSC::X86Assembler::movl_mr):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::movl_i32m):
+        (JSC::X86Assembler::emitCall):
+        (JSC::X86Assembler::label):
+        (JSC::X86Assembler::emitUnlinkedJmp):
+        (JSC::X86Assembler::emitUnlinkedJne):
+        (JSC::X86Assembler::emitUnlinkedJe):
+        (JSC::X86Assembler::emitUnlinkedJl):
+        (JSC::X86Assembler::emitUnlinkedJb):
+        (JSC::X86Assembler::emitUnlinkedJle):
+        (JSC::X86Assembler::emitUnlinkedJbe):
+        (JSC::X86Assembler::emitUnlinkedJge):
+        (JSC::X86Assembler::emitUnlinkedJg):
+        (JSC::X86Assembler::emitUnlinkedJa):
+        (JSC::X86Assembler::emitUnlinkedJae):
+        (JSC::X86Assembler::emitUnlinkedJo):
+        (JSC::X86Assembler::emitUnlinkedJp):
+        (JSC::X86Assembler::emitUnlinkedJs):
+        (JSC::X86Assembler::link):
+        (JSC::X86Assembler::emitModRm_rr):
+        (JSC::X86Assembler::emitModRm_rm):
+        (JSC::X86Assembler::emitModRm_opr):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Suggested by Maciej Stachowiak.
+        
+        Reverted most "opcode" => "bytecode" renames. We use "bytecode" as a
+        mass noun to refer to a stream of instructions. Each instruction may be
+        an opcode or an operand.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructureIDs):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::derefStructureIDs):
+        (JSC::CodeBlock::refStructureIDs):
+        * VM/CodeBlock.h:
+        * VM/ExceptionHelpers.cpp:
+        (JSC::createNotAnObjectError):
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+        (JSC::Instruction::):
+        * VM/Machine.cpp:
+        (JSC::BytecodeInterpreter::isOpcode):
+        (JSC::BytecodeInterpreter::throwException):
+        (JSC::BytecodeInterpreter::tryCachePutByID):
+        (JSC::BytecodeInterpreter::uncachePutByID):
+        (JSC::BytecodeInterpreter::tryCacheGetByID):
+        (JSC::BytecodeInterpreter::uncacheGetByID):
+        (JSC::BytecodeInterpreter::privateExecute):
+        (JSC::BytecodeInterpreter::tryCTICachePutByID):
+        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
+        * VM/Machine.h:
+        (JSC::BytecodeInterpreter::getOpcode):
+        (JSC::BytecodeInterpreter::getOpcodeID):
+        (JSC::BytecodeInterpreter::isCallBytecode):
+        * VM/Opcode.cpp:
+        (JSC::):
+        (JSC::OpcodeStats::OpcodeStats):
+        (JSC::compareOpcodeIndices):
+        (JSC::compareOpcodePairIndices):
+        (JSC::OpcodeStats::~OpcodeStats):
+        (JSC::OpcodeStats::recordInstruction):
+        (JSC::OpcodeStats::resetLastInstruction):
+        * VM/Opcode.h:
+        (JSC::):
+        (JSC::padOpcodeName):
+        * VM/SamplingTool.cpp:
+        (JSC::ScopeSampleRecord::sample):
+        (JSC::SamplingTool::run):
+        (JSC::compareOpcodeIndicesSampling):
+        (JSC::SamplingTool::dump):
+        * VM/SamplingTool.h:
+        (JSC::ScopeSampleRecord::ScopeSampleRecord):
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::emitLabel):
+        (JSC::BytecodeGenerator::emitOpcode):
+        (JSC::BytecodeGenerator::emitJump):
+        (JSC::BytecodeGenerator::emitJumpIfTrue):
+        (JSC::BytecodeGenerator::emitJumpIfFalse):
+        (JSC::BytecodeGenerator::emitMove):
+        (JSC::BytecodeGenerator::emitUnaryOp):
+        (JSC::BytecodeGenerator::emitPreInc):
+        (JSC::BytecodeGenerator::emitPreDec):
+        (JSC::BytecodeGenerator::emitPostInc):
+        (JSC::BytecodeGenerator::emitPostDec):
+        (JSC::BytecodeGenerator::emitBinaryOp):
+        (JSC::BytecodeGenerator::emitEqualityOp):
+        (JSC::BytecodeGenerator::emitUnexpectedLoad):
+        (JSC::BytecodeGenerator::emitInstanceOf):
+        (JSC::BytecodeGenerator::emitResolve):
+        (JSC::BytecodeGenerator::emitGetScopedVar):
+        (JSC::BytecodeGenerator::emitPutScopedVar):
+        (JSC::BytecodeGenerator::emitResolveBase):
+        (JSC::BytecodeGenerator::emitResolveWithBase):
+        (JSC::BytecodeGenerator::emitResolveFunction):
+        (JSC::BytecodeGenerator::emitGetById):
+        (JSC::BytecodeGenerator::emitPutById):
+        (JSC::BytecodeGenerator::emitPutGetter):
+        (JSC::BytecodeGenerator::emitPutSetter):
+        (JSC::BytecodeGenerator::emitDeleteById):
+        (JSC::BytecodeGenerator::emitGetByVal):
+        (JSC::BytecodeGenerator::emitPutByVal):
+        (JSC::BytecodeGenerator::emitDeleteByVal):
+        (JSC::BytecodeGenerator::emitPutByIndex):
+        (JSC::BytecodeGenerator::emitNewObject):
+        (JSC::BytecodeGenerator::emitNewArray):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewRegExp):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        (JSC::BytecodeGenerator::emitCall):
+        (JSC::BytecodeGenerator::emitReturn):
+        (JSC::BytecodeGenerator::emitUnaryNoDstOp):
+        (JSC::BytecodeGenerator::emitConstruct):
+        (JSC::BytecodeGenerator::emitPopScope):
+        (JSC::BytecodeGenerator::emitDebugHook):
+        (JSC::BytecodeGenerator::emitComplexJumpScopes):
+        (JSC::BytecodeGenerator::emitJumpScopes):
+        (JSC::BytecodeGenerator::emitNextPropertyName):
+        (JSC::BytecodeGenerator::emitCatch):
+        (JSC::BytecodeGenerator::emitNewError):
+        (JSC::BytecodeGenerator::emitJumpSubroutine):
+        (JSC::BytecodeGenerator::emitSubroutineReturn):
+        (JSC::BytecodeGenerator::emitPushNewScope):
+        (JSC::BytecodeGenerator::beginSwitch):
+        * bytecompiler/CodeGenerator.h:
+        * jsc.cpp:
+        (runWithScripts):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::emitModRm_opr):
+        (JSC::X86Assembler::emitModRm_opr_Unchecked):
+        (JSC::X86Assembler::emitModRm_opm):
+        (JSC::X86Assembler::emitModRm_opm_Unchecked):
+        (JSC::X86Assembler::emitModRm_opmsib):
+        * parser/Nodes.cpp:
+        (JSC::UnaryOpNode::emitBytecode):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::ReverseBinaryOpNode::emitBytecode):
+        (JSC::ThrowableBinaryOpNode::emitBytecode):
+        (JSC::emitReadModifyAssignment):
+        (JSC::ScopeNode::ScopeNode):
+        * parser/Nodes.h:
+        (JSC::UnaryPlusNode::):
+        (JSC::NegateNode::):
+        (JSC::BitwiseNotNode::):
+        (JSC::LogicalNotNode::):
+        (JSC::MultNode::):
+        (JSC::DivNode::):
+        (JSC::ModNode::):
+        (JSC::AddNode::):
+        (JSC::SubNode::):
+        (JSC::LeftShiftNode::):
+        (JSC::RightShiftNode::):
+        (JSC::UnsignedRightShiftNode::):
+        (JSC::LessNode::):
+        (JSC::GreaterNode::):
+        (JSC::LessEqNode::):
+        (JSC::GreaterEqNode::):
+        (JSC::InstanceOfNode::):
+        (JSC::InNode::):
+        (JSC::EqualNode::):
+        (JSC::NotEqualNode::):
+        (JSC::StrictEqualNode::):
+        (JSC::NotStrictEqualNode::):
+        (JSC::BitAndNode::):
+        (JSC::BitOrNode::):
+        (JSC::BitXOrNode::):
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::fromDictionaryTransition):
+        * wtf/Platform.h:
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renames:
+        
+        CodeGenerator => BytecodeGenerator
+        emitCodeForBlock => emitBytecodeForBlock
+        generatedByteCode => generatedBytecode
+        generateCode => generateBytecode
+
+        * JavaScriptCore.exp:
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::BytecodeGenerator::setDumpsGeneratedCode):
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::addVar):
+        (JSC::BytecodeGenerator::addGlobalVar):
+        (JSC::BytecodeGenerator::allocateConstants):
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::addParameter):
+        (JSC::BytecodeGenerator::registerFor):
+        (JSC::BytecodeGenerator::constRegisterFor):
+        (JSC::BytecodeGenerator::isLocal):
+        (JSC::BytecodeGenerator::isLocalConstant):
+        (JSC::BytecodeGenerator::newRegister):
+        (JSC::BytecodeGenerator::newTemporary):
+        (JSC::BytecodeGenerator::highestUsedRegister):
+        (JSC::BytecodeGenerator::newLabelScope):
+        (JSC::BytecodeGenerator::newLabel):
+        (JSC::BytecodeGenerator::emitLabel):
+        (JSC::BytecodeGenerator::emitBytecode):
+        (JSC::BytecodeGenerator::retrieveLastBinaryOp):
+        (JSC::BytecodeGenerator::retrieveLastUnaryOp):
+        (JSC::BytecodeGenerator::rewindBinaryOp):
+        (JSC::BytecodeGenerator::rewindUnaryOp):
+        (JSC::BytecodeGenerator::emitJump):
+        (JSC::BytecodeGenerator::emitJumpIfTrue):
+        (JSC::BytecodeGenerator::emitJumpIfFalse):
+        (JSC::BytecodeGenerator::addConstant):
+        (JSC::BytecodeGenerator::addUnexpectedConstant):
+        (JSC::BytecodeGenerator::addRegExp):
+        (JSC::BytecodeGenerator::emitMove):
+        (JSC::BytecodeGenerator::emitUnaryOp):
+        (JSC::BytecodeGenerator::emitPreInc):
+        (JSC::BytecodeGenerator::emitPreDec):
+        (JSC::BytecodeGenerator::emitPostInc):
+        (JSC::BytecodeGenerator::emitPostDec):
+        (JSC::BytecodeGenerator::emitBinaryOp):
+        (JSC::BytecodeGenerator::emitEqualityOp):
+        (JSC::BytecodeGenerator::emitLoad):
+        (JSC::BytecodeGenerator::emitUnexpectedLoad):
+        (JSC::BytecodeGenerator::findScopedProperty):
+        (JSC::BytecodeGenerator::emitInstanceOf):
+        (JSC::BytecodeGenerator::emitResolve):
+        (JSC::BytecodeGenerator::emitGetScopedVar):
+        (JSC::BytecodeGenerator::emitPutScopedVar):
+        (JSC::BytecodeGenerator::emitResolveBase):
+        (JSC::BytecodeGenerator::emitResolveWithBase):
+        (JSC::BytecodeGenerator::emitResolveFunction):
+        (JSC::BytecodeGenerator::emitGetById):
+        (JSC::BytecodeGenerator::emitPutById):
+        (JSC::BytecodeGenerator::emitPutGetter):
+        (JSC::BytecodeGenerator::emitPutSetter):
+        (JSC::BytecodeGenerator::emitDeleteById):
+        (JSC::BytecodeGenerator::emitGetByVal):
+        (JSC::BytecodeGenerator::emitPutByVal):
+        (JSC::BytecodeGenerator::emitDeleteByVal):
+        (JSC::BytecodeGenerator::emitPutByIndex):
+        (JSC::BytecodeGenerator::emitNewObject):
+        (JSC::BytecodeGenerator::emitNewArray):
+        (JSC::BytecodeGenerator::emitNewFunction):
+        (JSC::BytecodeGenerator::emitNewRegExp):
+        (JSC::BytecodeGenerator::emitNewFunctionExpression):
+        (JSC::BytecodeGenerator::emitCall):
+        (JSC::BytecodeGenerator::emitCallEval):
+        (JSC::BytecodeGenerator::emitReturn):
+        (JSC::BytecodeGenerator::emitUnaryNoDstOp):
+        (JSC::BytecodeGenerator::emitConstruct):
+        (JSC::BytecodeGenerator::emitPushScope):
+        (JSC::BytecodeGenerator::emitPopScope):
+        (JSC::BytecodeGenerator::emitDebugHook):
+        (JSC::BytecodeGenerator::pushFinallyContext):
+        (JSC::BytecodeGenerator::popFinallyContext):
+        (JSC::BytecodeGenerator::breakTarget):
+        (JSC::BytecodeGenerator::continueTarget):
+        (JSC::BytecodeGenerator::emitComplexJumpScopes):
+        (JSC::BytecodeGenerator::emitJumpScopes):
+        (JSC::BytecodeGenerator::emitNextPropertyName):
+        (JSC::BytecodeGenerator::emitCatch):
+        (JSC::BytecodeGenerator::emitNewError):
+        (JSC::BytecodeGenerator::emitJumpSubroutine):
+        (JSC::BytecodeGenerator::emitSubroutineReturn):
+        (JSC::BytecodeGenerator::emitPushNewScope):
+        (JSC::BytecodeGenerator::beginSwitch):
+        (JSC::BytecodeGenerator::endSwitch):
+        (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
+        * bytecompiler/CodeGenerator.h:
+        * jsc.cpp:
+        (runWithScripts):
+        * parser/Nodes.cpp:
+        (JSC::ThrowableExpressionData::emitThrowError):
+        (JSC::NullNode::emitBytecode):
+        (JSC::BooleanNode::emitBytecode):
+        (JSC::NumberNode::emitBytecode):
+        (JSC::StringNode::emitBytecode):
+        (JSC::RegExpNode::emitBytecode):
+        (JSC::ThisNode::emitBytecode):
+        (JSC::ResolveNode::isPure):
+        (JSC::ResolveNode::emitBytecode):
+        (JSC::ArrayNode::emitBytecode):
+        (JSC::ObjectLiteralNode::emitBytecode):
+        (JSC::PropertyListNode::emitBytecode):
+        (JSC::BracketAccessorNode::emitBytecode):
+        (JSC::DotAccessorNode::emitBytecode):
+        (JSC::ArgumentListNode::emitBytecode):
+        (JSC::NewExprNode::emitBytecode):
+        (JSC::EvalFunctionCallNode::emitBytecode):
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::FunctionCallResolveNode::emitBytecode):
+        (JSC::FunctionCallBracketNode::emitBytecode):
+        (JSC::FunctionCallDotNode::emitBytecode):
+        (JSC::emitPreIncOrDec):
+        (JSC::emitPostIncOrDec):
+        (JSC::PostfixResolveNode::emitBytecode):
+        (JSC::PostfixBracketNode::emitBytecode):
+        (JSC::PostfixDotNode::emitBytecode):
+        (JSC::PostfixErrorNode::emitBytecode):
+        (JSC::DeleteResolveNode::emitBytecode):
+        (JSC::DeleteBracketNode::emitBytecode):
+        (JSC::DeleteDotNode::emitBytecode):
+        (JSC::DeleteValueNode::emitBytecode):
+        (JSC::VoidNode::emitBytecode):
+        (JSC::TypeOfResolveNode::emitBytecode):
+        (JSC::TypeOfValueNode::emitBytecode):
+        (JSC::PrefixResolveNode::emitBytecode):
+        (JSC::PrefixBracketNode::emitBytecode):
+        (JSC::PrefixDotNode::emitBytecode):
+        (JSC::PrefixErrorNode::emitBytecode):
+        (JSC::UnaryOpNode::emitBytecode):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::EqualNode::emitBytecode):
+        (JSC::StrictEqualNode::emitBytecode):
+        (JSC::ReverseBinaryOpNode::emitBytecode):
+        (JSC::ThrowableBinaryOpNode::emitBytecode):
+        (JSC::InstanceOfNode::emitBytecode):
+        (JSC::LogicalOpNode::emitBytecode):
+        (JSC::ConditionalNode::emitBytecode):
+        (JSC::emitReadModifyAssignment):
+        (JSC::ReadModifyResolveNode::emitBytecode):
+        (JSC::AssignResolveNode::emitBytecode):
+        (JSC::AssignDotNode::emitBytecode):
+        (JSC::ReadModifyDotNode::emitBytecode):
+        (JSC::AssignErrorNode::emitBytecode):
+        (JSC::AssignBracketNode::emitBytecode):
+        (JSC::ReadModifyBracketNode::emitBytecode):
+        (JSC::CommaNode::emitBytecode):
+        (JSC::ConstDeclNode::emitCodeSingle):
+        (JSC::ConstDeclNode::emitBytecode):
+        (JSC::ConstStatementNode::emitBytecode):
+        (JSC::statementListEmitCode):
+        (JSC::BlockNode::emitBytecode):
+        (JSC::EmptyStatementNode::emitBytecode):
+        (JSC::DebuggerStatementNode::emitBytecode):
+        (JSC::ExprStatementNode::emitBytecode):
+        (JSC::VarStatementNode::emitBytecode):
+        (JSC::IfNode::emitBytecode):
+        (JSC::IfElseNode::emitBytecode):
+        (JSC::DoWhileNode::emitBytecode):
+        (JSC::WhileNode::emitBytecode):
+        (JSC::ForNode::emitBytecode):
+        (JSC::ForInNode::emitBytecode):
+        (JSC::ContinueNode::emitBytecode):
+        (JSC::BreakNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::WithNode::emitBytecode):
+        (JSC::CaseBlockNode::emitBytecodeForBlock):
+        (JSC::SwitchNode::emitBytecode):
+        (JSC::LabelNode::emitBytecode):
+        (JSC::ThrowNode::emitBytecode):
+        (JSC::TryNode::emitBytecode):
+        (JSC::EvalNode::emitBytecode):
+        (JSC::EvalNode::generateBytecode):
+        (JSC::FunctionBodyNode::generateBytecode):
+        (JSC::FunctionBodyNode::emitBytecode):
+        (JSC::ProgramNode::emitBytecode):
+        (JSC::ProgramNode::generateBytecode):
+        (JSC::FuncDeclNode::emitBytecode):
+        (JSC::FuncExprNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::ExpressionNode::):
+        (JSC::BooleanNode::):
+        (JSC::NumberNode::):
+        (JSC::StringNode::):
+        (JSC::ProgramNode::):
+        (JSC::EvalNode::):
+        (JSC::FunctionBodyNode::):
+        * runtime/Arguments.h:
+        (JSC::Arguments::getArgumentsData):
+        (JSC::JSActivation::copyRegisters):
+        * runtime/JSActivation.cpp:
+        (JSC::JSActivation::mark):
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed all forms of "byte code" "opcode" "op code" "code" "bitcode"
+        etc. to "bytecode".
+
+        * VM/CTI.cpp:
+        (JSC::CTI::printBytecodeOperandTypes):
+        (JSC::CTI::emitAllocateNumber):
+        (JSC::CTI::emitNakedCall):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::SwitchRecord::SwitchRecord):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructureIDs):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::derefStructureIDs):
+        (JSC::CodeBlock::refStructureIDs):
+        * VM/CodeBlock.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        * VM/ExceptionHelpers.cpp:
+        (JSC::createNotAnObjectError):
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+        (JSC::Instruction::):
+        * VM/Machine.cpp:
+        (JSC::BytecodeInterpreter::isBytecode):
+        (JSC::BytecodeInterpreter::throwException):
+        (JSC::BytecodeInterpreter::execute):
+        (JSC::BytecodeInterpreter::tryCachePutByID):
+        (JSC::BytecodeInterpreter::uncachePutByID):
+        (JSC::BytecodeInterpreter::tryCacheGetByID):
+        (JSC::BytecodeInterpreter::uncacheGetByID):
+        (JSC::BytecodeInterpreter::privateExecute):
+        (JSC::BytecodeInterpreter::tryCTICachePutByID):
+        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
+        (JSC::BytecodeInterpreter::cti_op_call_JSFunction):
+        (JSC::BytecodeInterpreter::cti_vm_dontLazyLinkCall):
+        (JSC::BytecodeInterpreter::cti_vm_lazyLinkCall):
+        * VM/Machine.h:
+        (JSC::BytecodeInterpreter::getBytecode):
+        (JSC::BytecodeInterpreter::getBytecodeID):
+        (JSC::BytecodeInterpreter::isCallBytecode):
+        * VM/Opcode.cpp:
+        (JSC::):
+        (JSC::BytecodeStats::BytecodeStats):
+        (JSC::compareBytecodeIndices):
+        (JSC::compareBytecodePairIndices):
+        (JSC::BytecodeStats::~BytecodeStats):
+        (JSC::BytecodeStats::recordInstruction):
+        (JSC::BytecodeStats::resetLastInstruction):
+        * VM/Opcode.h:
+        (JSC::):
+        (JSC::padBytecodeName):
+        * VM/SamplingTool.cpp:
+        (JSC::ScopeSampleRecord::sample):
+        (JSC::SamplingTool::run):
+        (JSC::compareBytecodeIndicesSampling):
+        (JSC::SamplingTool::dump):
+        * VM/SamplingTool.h:
+        (JSC::ScopeSampleRecord::ScopeSampleRecord):
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate):
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::emitLabel):
+        (JSC::CodeGenerator::emitBytecode):
+        (JSC::CodeGenerator::emitJump):
+        (JSC::CodeGenerator::emitJumpIfTrue):
+        (JSC::CodeGenerator::emitJumpIfFalse):
+        (JSC::CodeGenerator::emitMove):
+        (JSC::CodeGenerator::emitUnaryOp):
+        (JSC::CodeGenerator::emitPreInc):
+        (JSC::CodeGenerator::emitPreDec):
+        (JSC::CodeGenerator::emitPostInc):
+        (JSC::CodeGenerator::emitPostDec):
+        (JSC::CodeGenerator::emitBinaryOp):
+        (JSC::CodeGenerator::emitEqualityOp):
+        (JSC::CodeGenerator::emitUnexpectedLoad):
+        (JSC::CodeGenerator::emitInstanceOf):
+        (JSC::CodeGenerator::emitResolve):
+        (JSC::CodeGenerator::emitGetScopedVar):
+        (JSC::CodeGenerator::emitPutScopedVar):
+        (JSC::CodeGenerator::emitResolveBase):
+        (JSC::CodeGenerator::emitResolveWithBase):
+        (JSC::CodeGenerator::emitResolveFunction):
+        (JSC::CodeGenerator::emitGetById):
+        (JSC::CodeGenerator::emitPutById):
+        (JSC::CodeGenerator::emitPutGetter):
+        (JSC::CodeGenerator::emitPutSetter):
+        (JSC::CodeGenerator::emitDeleteById):
+        (JSC::CodeGenerator::emitGetByVal):
+        (JSC::CodeGenerator::emitPutByVal):
+        (JSC::CodeGenerator::emitDeleteByVal):
+        (JSC::CodeGenerator::emitPutByIndex):
+        (JSC::CodeGenerator::emitNewObject):
+        (JSC::CodeGenerator::emitNewArray):
+        (JSC::CodeGenerator::emitNewFunction):
+        (JSC::CodeGenerator::emitNewRegExp):
+        (JSC::CodeGenerator::emitNewFunctionExpression):
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitReturn):
+        (JSC::CodeGenerator::emitUnaryNoDstOp):
+        (JSC::CodeGenerator::emitConstruct):
+        (JSC::CodeGenerator::emitPopScope):
+        (JSC::CodeGenerator::emitDebugHook):
+        (JSC::CodeGenerator::emitComplexJumpScopes):
+        (JSC::CodeGenerator::emitJumpScopes):
+        (JSC::CodeGenerator::emitNextPropertyName):
+        (JSC::CodeGenerator::emitCatch):
+        (JSC::CodeGenerator::emitNewError):
+        (JSC::CodeGenerator::emitJumpSubroutine):
+        (JSC::CodeGenerator::emitSubroutineReturn):
+        (JSC::CodeGenerator::emitPushNewScope):
+        (JSC::CodeGenerator::beginSwitch):
+        (JSC::CodeGenerator::endSwitch):
+        * bytecompiler/CodeGenerator.h:
+        (JSC::CodeGenerator::emitNode):
+        * jsc.cpp:
+        (runWithScripts):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::emitModRm_opr):
+        (JSC::X86Assembler::emitModRm_opr_Unchecked):
+        (JSC::X86Assembler::emitModRm_opm):
+        (JSC::X86Assembler::emitModRm_opm_Unchecked):
+        (JSC::X86Assembler::emitModRm_opmsib):
+        * parser/Nodes.cpp:
+        (JSC::NullNode::emitBytecode):
+        (JSC::BooleanNode::emitBytecode):
+        (JSC::NumberNode::emitBytecode):
+        (JSC::StringNode::emitBytecode):
+        (JSC::RegExpNode::emitBytecode):
+        (JSC::ThisNode::emitBytecode):
+        (JSC::ResolveNode::emitBytecode):
+        (JSC::ArrayNode::emitBytecode):
+        (JSC::ObjectLiteralNode::emitBytecode):
+        (JSC::PropertyListNode::emitBytecode):
+        (JSC::BracketAccessorNode::emitBytecode):
+        (JSC::DotAccessorNode::emitBytecode):
+        (JSC::ArgumentListNode::emitBytecode):
+        (JSC::NewExprNode::emitBytecode):
+        (JSC::EvalFunctionCallNode::emitBytecode):
+        (JSC::FunctionCallValueNode::emitBytecode):
+        (JSC::FunctionCallResolveNode::emitBytecode):
+        (JSC::FunctionCallBracketNode::emitBytecode):
+        (JSC::FunctionCallDotNode::emitBytecode):
+        (JSC::PostfixResolveNode::emitBytecode):
+        (JSC::PostfixBracketNode::emitBytecode):
+        (JSC::PostfixDotNode::emitBytecode):
+        (JSC::PostfixErrorNode::emitBytecode):
+        (JSC::DeleteResolveNode::emitBytecode):
+        (JSC::DeleteBracketNode::emitBytecode):
+        (JSC::DeleteDotNode::emitBytecode):
+        (JSC::DeleteValueNode::emitBytecode):
+        (JSC::VoidNode::emitBytecode):
+        (JSC::TypeOfResolveNode::emitBytecode):
+        (JSC::TypeOfValueNode::emitBytecode):
+        (JSC::PrefixResolveNode::emitBytecode):
+        (JSC::PrefixBracketNode::emitBytecode):
+        (JSC::PrefixDotNode::emitBytecode):
+        (JSC::PrefixErrorNode::emitBytecode):
+        (JSC::UnaryOpNode::emitBytecode):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::EqualNode::emitBytecode):
+        (JSC::StrictEqualNode::emitBytecode):
+        (JSC::ReverseBinaryOpNode::emitBytecode):
+        (JSC::ThrowableBinaryOpNode::emitBytecode):
+        (JSC::InstanceOfNode::emitBytecode):
+        (JSC::LogicalOpNode::emitBytecode):
+        (JSC::ConditionalNode::emitBytecode):
+        (JSC::emitReadModifyAssignment):
+        (JSC::ReadModifyResolveNode::emitBytecode):
+        (JSC::AssignResolveNode::emitBytecode):
+        (JSC::AssignDotNode::emitBytecode):
+        (JSC::ReadModifyDotNode::emitBytecode):
+        (JSC::AssignErrorNode::emitBytecode):
+        (JSC::AssignBracketNode::emitBytecode):
+        (JSC::ReadModifyBracketNode::emitBytecode):
+        (JSC::CommaNode::emitBytecode):
+        (JSC::ConstDeclNode::emitBytecode):
+        (JSC::ConstStatementNode::emitBytecode):
+        (JSC::BlockNode::emitBytecode):
+        (JSC::EmptyStatementNode::emitBytecode):
+        (JSC::DebuggerStatementNode::emitBytecode):
+        (JSC::ExprStatementNode::emitBytecode):
+        (JSC::VarStatementNode::emitBytecode):
+        (JSC::IfNode::emitBytecode):
+        (JSC::IfElseNode::emitBytecode):
+        (JSC::DoWhileNode::emitBytecode):
+        (JSC::WhileNode::emitBytecode):
+        (JSC::ForNode::emitBytecode):
+        (JSC::ForInNode::emitBytecode):
+        (JSC::ContinueNode::emitBytecode):
+        (JSC::BreakNode::emitBytecode):
+        (JSC::ReturnNode::emitBytecode):
+        (JSC::WithNode::emitBytecode):
+        (JSC::SwitchNode::emitBytecode):
+        (JSC::LabelNode::emitBytecode):
+        (JSC::ThrowNode::emitBytecode):
+        (JSC::TryNode::emitBytecode):
+        (JSC::ScopeNode::ScopeNode):
+        (JSC::EvalNode::emitBytecode):
+        (JSC::FunctionBodyNode::emitBytecode):
+        (JSC::ProgramNode::emitBytecode):
+        (JSC::FuncDeclNode::emitBytecode):
+        (JSC::FuncExprNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::UnaryPlusNode::):
+        (JSC::NegateNode::):
+        (JSC::BitwiseNotNode::):
+        (JSC::LogicalNotNode::):
+        (JSC::MultNode::):
+        (JSC::DivNode::):
+        (JSC::ModNode::):
+        (JSC::AddNode::):
+        (JSC::SubNode::):
+        (JSC::LeftShiftNode::):
+        (JSC::RightShiftNode::):
+        (JSC::UnsignedRightShiftNode::):
+        (JSC::LessNode::):
+        (JSC::GreaterNode::):
+        (JSC::LessEqNode::):
+        (JSC::GreaterEqNode::):
+        (JSC::InstanceOfNode::):
+        (JSC::InNode::):
+        (JSC::EqualNode::):
+        (JSC::NotEqualNode::):
+        (JSC::StrictEqualNode::):
+        (JSC::NotStrictEqualNode::):
+        (JSC::BitAndNode::):
+        (JSC::BitOrNode::):
+        (JSC::BitXOrNode::):
+        (JSC::ProgramNode::):
+        (JSC::EvalNode::):
+        (JSC::FunctionBodyNode::):
+        * runtime/JSNotAnObject.h:
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::fromDictionaryTransition):
+        * wtf/Platform.h:
+
+2008-11-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Renamed Machine to BytecodeInterpreter.
+        
+        Nixed the Interpreter class, and changed its two functions to stand-alone
+        functions.
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::freeCTIMachineTrampolines):
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructureIDs):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::derefStructureIDs):
+        (JSC::CodeBlock::refStructureIDs):
+        * VM/ExceptionHelpers.cpp:
+        (JSC::createNotAnObjectError):
+        * VM/Machine.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::BytecodeInterpreter::resolve):
+        (JSC::BytecodeInterpreter::resolveSkip):
+        (JSC::BytecodeInterpreter::resolveGlobal):
+        (JSC::BytecodeInterpreter::resolveBase):
+        (JSC::BytecodeInterpreter::resolveBaseAndProperty):
+        (JSC::BytecodeInterpreter::resolveBaseAndFunc):
+        (JSC::BytecodeInterpreter::slideRegisterWindowForCall):
+        (JSC::BytecodeInterpreter::callEval):
+        (JSC::BytecodeInterpreter::BytecodeInterpreter):
+        (JSC::BytecodeInterpreter::initialize):
+        (JSC::BytecodeInterpreter::~BytecodeInterpreter):
+        (JSC::BytecodeInterpreter::dumpCallFrame):
+        (JSC::BytecodeInterpreter::dumpRegisters):
+        (JSC::BytecodeInterpreter::isOpcode):
+        (JSC::BytecodeInterpreter::unwindCallFrame):
+        (JSC::BytecodeInterpreter::throwException):
+        (JSC::BytecodeInterpreter::execute):
+        (JSC::BytecodeInterpreter::debug):
+        (JSC::BytecodeInterpreter::resetTimeoutCheck):
+        (JSC::BytecodeInterpreter::checkTimeout):
+        (JSC::BytecodeInterpreter::createExceptionScope):
+        (JSC::BytecodeInterpreter::tryCachePutByID):
+        (JSC::BytecodeInterpreter::uncachePutByID):
+        (JSC::BytecodeInterpreter::tryCacheGetByID):
+        (JSC::BytecodeInterpreter::uncacheGetByID):
+        (JSC::BytecodeInterpreter::privateExecute):
+        (JSC::BytecodeInterpreter::retrieveArguments):
+        (JSC::BytecodeInterpreter::retrieveCaller):
+        (JSC::BytecodeInterpreter::retrieveLastCaller):
+        (JSC::BytecodeInterpreter::findFunctionCallFrame):
+        (JSC::BytecodeInterpreter::tryCTICachePutByID):
+        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
+        (JSC::BytecodeInterpreter::cti_op_convert_this):
+        (JSC::BytecodeInterpreter::cti_op_end):
+        (JSC::BytecodeInterpreter::cti_op_add):
+        (JSC::BytecodeInterpreter::cti_op_pre_inc):
+        (JSC::BytecodeInterpreter::cti_timeout_check):
+        (JSC::BytecodeInterpreter::cti_register_file_check):
+        (JSC::BytecodeInterpreter::cti_op_loop_if_less):
+        (JSC::BytecodeInterpreter::cti_op_loop_if_lesseq):
+        (JSC::BytecodeInterpreter::cti_op_new_object):
+        (JSC::BytecodeInterpreter::cti_op_put_by_id):
+        (JSC::BytecodeInterpreter::cti_op_put_by_id_second):
+        (JSC::BytecodeInterpreter::cti_op_put_by_id_generic):
+        (JSC::BytecodeInterpreter::cti_op_put_by_id_fail):
+        (JSC::BytecodeInterpreter::cti_op_get_by_id):
+        (JSC::BytecodeInterpreter::cti_op_get_by_id_second):
+        (JSC::BytecodeInterpreter::cti_op_get_by_id_generic):
+        (JSC::BytecodeInterpreter::cti_op_get_by_id_fail):
+        (JSC::BytecodeInterpreter::cti_op_instanceof):
+        (JSC::BytecodeInterpreter::cti_op_del_by_id):
+        (JSC::BytecodeInterpreter::cti_op_mul):
+        (JSC::BytecodeInterpreter::cti_op_new_func):
+        (JSC::BytecodeInterpreter::cti_op_call_JSFunction):
+        (JSC::BytecodeInterpreter::cti_op_call_arityCheck):
+        (JSC::BytecodeInterpreter::cti_vm_dontLazyLinkCall):
+        (JSC::BytecodeInterpreter::cti_vm_lazyLinkCall):
+        (JSC::BytecodeInterpreter::cti_op_push_activation):
+        (JSC::BytecodeInterpreter::cti_op_call_NotJSFunction):
+        (JSC::BytecodeInterpreter::cti_op_create_arguments):
+        (JSC::BytecodeInterpreter::cti_op_create_arguments_no_params):
+        (JSC::BytecodeInterpreter::cti_op_tear_off_activation):
+        (JSC::BytecodeInterpreter::cti_op_tear_off_arguments):
+        (JSC::BytecodeInterpreter::cti_op_profile_will_call):
+        (JSC::BytecodeInterpreter::cti_op_profile_did_call):
+        (JSC::BytecodeInterpreter::cti_op_ret_scopeChain):
+        (JSC::BytecodeInterpreter::cti_op_new_array):
+        (JSC::BytecodeInterpreter::cti_op_resolve):
+        (JSC::BytecodeInterpreter::cti_op_construct_JSConstruct):
+        (JSC::BytecodeInterpreter::cti_op_construct_NotJSConstruct):
+        (JSC::BytecodeInterpreter::cti_op_get_by_val):
+        (JSC::BytecodeInterpreter::cti_op_resolve_func):
+        (JSC::BytecodeInterpreter::cti_op_sub):
+        (JSC::BytecodeInterpreter::cti_op_put_by_val):
+        (JSC::BytecodeInterpreter::cti_op_put_by_val_array):
+        (JSC::BytecodeInterpreter::cti_op_lesseq):
+        (JSC::BytecodeInterpreter::cti_op_loop_if_true):
+        (JSC::BytecodeInterpreter::cti_op_negate):
+        (JSC::BytecodeInterpreter::cti_op_resolve_base):
+        (JSC::BytecodeInterpreter::cti_op_resolve_skip):
+        (JSC::BytecodeInterpreter::cti_op_resolve_global):
+        (JSC::BytecodeInterpreter::cti_op_div):
+        (JSC::BytecodeInterpreter::cti_op_pre_dec):
+        (JSC::BytecodeInterpreter::cti_op_jless):
+        (JSC::BytecodeInterpreter::cti_op_not):
+        (JSC::BytecodeInterpreter::cti_op_jtrue):
+        (JSC::BytecodeInterpreter::cti_op_post_inc):
+        (JSC::BytecodeInterpreter::cti_op_eq):
+        (JSC::BytecodeInterpreter::cti_op_lshift):
+        (JSC::BytecodeInterpreter::cti_op_bitand):
+        (JSC::BytecodeInterpreter::cti_op_rshift):
+        (JSC::BytecodeInterpreter::cti_op_bitnot):
+        (JSC::BytecodeInterpreter::cti_op_resolve_with_base):
+        (JSC::BytecodeInterpreter::cti_op_new_func_exp):
+        (JSC::BytecodeInterpreter::cti_op_mod):
+        (JSC::BytecodeInterpreter::cti_op_less):
+        (JSC::BytecodeInterpreter::cti_op_neq):
+        (JSC::BytecodeInterpreter::cti_op_post_dec):
+        (JSC::BytecodeInterpreter::cti_op_urshift):
+        (JSC::BytecodeInterpreter::cti_op_bitxor):
+        (JSC::BytecodeInterpreter::cti_op_new_regexp):
+        (JSC::BytecodeInterpreter::cti_op_bitor):
+        (JSC::BytecodeInterpreter::cti_op_call_eval):
+        (JSC::BytecodeInterpreter::cti_op_throw):
+        (JSC::BytecodeInterpreter::cti_op_get_pnames):
+        (JSC::BytecodeInterpreter::cti_op_next_pname):
+        (JSC::BytecodeInterpreter::cti_op_push_scope):
+        (JSC::BytecodeInterpreter::cti_op_pop_scope):
+        (JSC::BytecodeInterpreter::cti_op_typeof):
+        (JSC::BytecodeInterpreter::cti_op_is_undefined):
+        (JSC::BytecodeInterpreter::cti_op_is_boolean):
+        (JSC::BytecodeInterpreter::cti_op_is_number):
+        (JSC::BytecodeInterpreter::cti_op_is_string):
+        (JSC::BytecodeInterpreter::cti_op_is_object):
+        (JSC::BytecodeInterpreter::cti_op_is_function):
+        (JSC::BytecodeInterpreter::cti_op_stricteq):
+        (JSC::BytecodeInterpreter::cti_op_nstricteq):
+        (JSC::BytecodeInterpreter::cti_op_to_jsnumber):
+        (JSC::BytecodeInterpreter::cti_op_in):
+        (JSC::BytecodeInterpreter::cti_op_push_new_scope):
+        (JSC::BytecodeInterpreter::cti_op_jmp_scopes):
+        (JSC::BytecodeInterpreter::cti_op_put_by_index):
+        (JSC::BytecodeInterpreter::cti_op_switch_imm):
+        (JSC::BytecodeInterpreter::cti_op_switch_char):
+        (JSC::BytecodeInterpreter::cti_op_switch_string):
+        (JSC::BytecodeInterpreter::cti_op_del_by_val):
+        (JSC::BytecodeInterpreter::cti_op_put_getter):
+        (JSC::BytecodeInterpreter::cti_op_put_setter):
+        (JSC::BytecodeInterpreter::cti_op_new_error):
+        (JSC::BytecodeInterpreter::cti_op_debug):
+        (JSC::BytecodeInterpreter::cti_vm_throw):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * VM/SamplingTool.cpp:
+        (JSC::SamplingTool::run):
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::SamplingTool):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate):
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::emitOpcode):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate):
+        * jsc.cpp:
+        (runWithScripts):
+        * parser/Nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        * profiler/ProfileGenerator.cpp:
+        (JSC::ProfileGenerator::addParentForConsoleStart):
+        * runtime/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncPop):
+        (JSC::arrayProtoFuncPush):
+        * runtime/Collector.cpp:
+        (JSC::Heap::collect):
+        * runtime/ExecState.h:
+        (JSC::ExecState::interpreter):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        * runtime/Interpreter.cpp:
+        (JSC::Interpreter::evaluate):
+        * runtime/JSCell.h:
+        * runtime/JSFunction.cpp:
+        (JSC::JSFunction::call):
+        (JSC::JSFunction::argumentsGetter):
+        (JSC::JSFunction::callerGetter):
+        (JSC::JSFunction::construct):
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData):
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::~JSGlobalObject):
+        (JSC::JSGlobalObject::setTimeoutTime):
+        (JSC::JSGlobalObject::startTimeoutCheck):
+        (JSC::JSGlobalObject::stopTimeoutCheck):
+        (JSC::JSGlobalObject::mark):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * runtime/JSString.h:
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::RegExp):
+
+2008-11-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        - Remove SymbolTable from FunctionBodyNode and move it to CodeBlock
+        
+        It's not needed for functions that have never been executed, so no
+        need to waste the memory. Saves ~4M on membuster after 30 pages.
+
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::retrieveArguments):
+        * parser/Nodes.cpp:
+        (JSC::EvalNode::generateCode):
+        (JSC::FunctionBodyNode::generateCode):
+        * parser/Nodes.h:
+        * runtime/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+
+2008-11-14  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22259: Make all opcodes use eax as their final result register
+        <https://bugs.webkit.org/show_bug.cgi?id=22259>
+
+        Change one case of op_add (and the corresponding slow case) to use eax
+        rather than edx. Also, change the order in which the two results of
+        resolve_func and resolve_base are emitted so that the retrieved value is
+        put last into eax.
+
+        This gives no performance change on SunSpider or the V8 benchmark suite
+        when run in either harness.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+
+2008-11-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Geoff has this wacky notion that emitGetArg and emitPutArg should be related to
+        doing the same thing.  Crazy.
+        
+        Rename the methods for accessing virtual registers to say 'VirtualRegister' in the
+        name, and those for setting up the arguments for CTI methods to contain 'CTIArg'.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetVirtualRegister):
+        (JSC::CTI::emitGetVirtualRegisters):
+        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
+        (JSC::CTI::emitPutCTIArg):
+        (JSC::CTI::emitGetCTIArg):
+        (JSC::CTI::emitPutCTIArgConstant):
+        (JSC::CTI::emitPutVirtualRegister):
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCallEvalSetupArgs):
+        (JSC::CTI::compileOpConstructSetupArgs):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        * VM/CTI.h:
+
+2008-11-14  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Antti Koivisto
+
+        Fix potential build break by adding StdLibExtras.h
+        
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2008-11-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Generate less code for the slow cases of op_call and op_construct.
+        https://bugs.webkit.org/show_bug.cgi?id=22272
+
+        1% progression on v8 tests.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitRetrieveArg):
+        (JSC::CTI::emitNakedCall):
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        (JSC::getCallLinkInfoReturnLocation):
+        (JSC::CodeBlock::getCallLinkInfo):
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine):
+        (JSC::Machine::cti_vm_dontLazyLinkCall):
+        (JSC::Machine::cti_vm_lazyLinkCall):
+        * VM/Machine.h:
+
+2008-11-14  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Darin Alder.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21810
+        Remove use of static C++ objects that are destroyed at exit time (destructors)
+
+        Create DEFINE_STATIC_LOCAL macro. Change static local objects to leak to avoid 
+        exit-time destructor. Update code that was changed to fix this issue that ran 
+        into a gcc bug (<rdar://problem/6354696> Codegen issue with C++ static reference 
+        in gcc build 5465). Also typdefs for template types needed to be added in some 
+        cases so the type could make it through the macro successfully.
+
+        Basically code of the form:
+        static T m;
+        becomes:
+        DEFINE_STATIC_LOCAL(T, m, ());
+
+        Also any code of the form:
+        static T& m = *new T;
+        also becomes:
+        DEFINE_STATIC_LOCAL(T, m, ());
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wtf/MainThread.cpp:
+        (WTF::mainThreadFunctionQueueMutex):
+        (WTF::functionQueue):
+        * wtf/StdLibExtras.h: Added. Add DEFINE_STATIC_LOCAL macro
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::threadMapMutex):
+        (WTF::threadMap):
+        (WTF::identifierByPthreadHandle):
+
+2008-11-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22269
+        Reduce PropertyMap usage
+
+        From observation of StructureID statistics, it became clear that many
+        StructureID's were not being used as StructureIDs themselves, but rather
+        only being necessary as links in the transition chain.  Acknowledging this
+        and that PropertyMaps stored in StructureIDs can be treated as caches, that
+        is that they can be reconstructed on demand, it became clear that we could
+        reduce the memory consumption of StructureIDs by only keeping PropertyMaps
+        for the StructureIDs that need them the most.
+
+        The specific strategy used to reduce the number of StructureIDs with
+        PropertyMaps is to take the previous StructureIDs PropertyMap when initially
+        transitioning (addPropertyTransition) from it and clearing out the pointer 
+        in the process.  The next time we need to do the same transition, for instance
+        repeated calls to the same constructor, we use the new addPropertyTransitionToExistingStructure
+        first, which allows us not to need the PropertyMap to determine if the property
+        exists already, since a transition to that property would require it not already
+        be present in the StructureID.  Should there be no transition, the PropertyMap
+        can be constructed on demand (via materializePropertyMap) to determine if the put is a 
+        replace or a transition to a new StructureID.
+
+        Reduces memory use on Membuster head test (30 pages open) by ~15MB.
+
+        * JavaScriptCore.exp:
+        * runtime/JSObject.h:
+        (JSC::JSObject::putDirect): First use addPropertyTransitionToExistingStructure
+        so that we can avoid building the PropertyMap on subsequent similar object
+        creations.
+        * runtime/PropertyMapHashTable.h:
+        (JSC::PropertyMapEntry::PropertyMapEntry): Add version of constructor which takes
+        all values to be used when lazily building the PropertyMap. 
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics): Add statistics on the number of StructureIDs
+        with PropertyMaps.
+        (JSC::StructureID::StructureID): Rename m_cachedTransistionOffset to m_offset
+        (JSC::isPowerOf2):
+        (JSC::nextPowerOf2):
+        (JSC::sizeForKeyCount): Returns the expected size of a PropertyMap for a key count.
+        (JSC::StructureID::materializePropertyMap): Builds the PropertyMap out of its previous pointer chain.
+        (JSC::StructureID::addPropertyTransitionToExistingStructure): Only transitions if there is a
+        an existing transition.
+        (JSC::StructureID::addPropertyTransition): Instead of always copying the ProperyMap, try and take
+        it from it previous pointer.
+        (JSC::StructureID::removePropertyTransition): Simplify by calling toDictionaryTransition() to do
+        transition work.
+        (JSC::StructureID::changePrototypeTransition): Build the PropertyMap if necessary before transitioning
+        because once you have transitioned, you will not be able to reconstruct it afterwards as there is no
+        previous pointer, pinning the ProperyMap as well.
+        (JSC::StructureID::getterSetterTransition): Ditto.
+        (JSC::StructureID::toDictionaryTransition): Pin the PropertyMap so that it is not destroyed on further transitions.
+        (JSC::StructureID::fromDictionaryTransition): We can only transition back from a dictionary transition if there
+        are no deleted offsets.
+        (JSC::StructureID::addPropertyWithoutTransition): Build PropertyMap on demands and pin.
+        (JSC::StructureID::removePropertyWithoutTransition): Ditto.
+        (JSC::StructureID::get): Build on demand.
+        (JSC::StructureID::createPropertyMapHashTable): Add version of create that takes a size
+        for on demand building.
+        (JSC::StructureID::expandPropertyMapHashTable):
+        (JSC::StructureID::rehashPropertyMapHashTable):
+        (JSC::StructureID::getEnumerablePropertyNamesInternal): Build PropertyMap on demand.
+        * runtime/StructureID.h:
+        (JSC::StructureID::propertyStorageSize): Account for StructureIDs without PropertyMaps.
+        (JSC::StructureID::isEmpty): Ditto.
+        (JSC::StructureID::materializePropertyMapIfNecessary):
+        (JSC::StructureID::get): Build PropertyMap on demand
+
+2008-11-14  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Simon Hausmann.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=21500>
+
+        JavaScriptCore build with -O3 flag instead of -O2 (gcc).
+        2.02% speedup on SunSpider (Qt-port on Linux)
+        1.10% speedup on V8 (Qt-port on Linux)
+        3.45% speedup on WindScorpion (Qt-port on Linux)
+
+        * JavaScriptCore.pri:
+
+2008-11-14  Kristian Amlie  <kristian.amlie@trolltech.com>
+
+        Reviewed by Darin Adler.
+
+        Compile fix for RVCT.
+
+        In reality, it is two fixes:
+
+        1. Remove typename. I believe typename can only be used when the named
+        type depends on the template parameters, which it doesn't in this
+        case, so I think this is more correct.
+        2. Replace ::iterator scope with specialized typedef. This is to work
+        around a bug in RVCT.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22260
+
+        * wtf/ListHashSet.h:
+        (WTF::::find):
+
+2008-11-14  Kristian Amlie  <kristian.amlie@trolltech.com>
+
+        Reviewed by Darin Adler.
+
+        Compile fix for WINSCW.
+
+        This fix doesn't protect against implicit conversions from bool to
+        integers, but most likely that will be caught on another platform.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22260
+
+        * wtf/PassRefPtr.h:
+        (WTF::PassRefPtr::operator bool):
+        * wtf/RefPtr.h:
+        (WTF::RefPtr::operator bool):
+
+2008-11-14  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22245: Move wtf/dtoa.h into the WTF namespace
+        <https://bugs.webkit.org/show_bug.cgi?id=22245>
+
+        Move wtf/dtoa.h into the WTF namespace from the JSC namespace. This
+        introduces some ambiguities in name lookups, so I changed all uses of
+        the functions in wtf/dtoa.h to explicitly state the namespace.
+
+        * JavaScriptCore.exp:
+        * parser/Lexer.cpp:
+        (JSC::Lexer::lex):
+        * runtime/InitializeThreading.cpp:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::parseInt):
+        * runtime/NumberPrototype.cpp:
+        (JSC::integerPartNoExp):
+        (JSC::numberProtoFuncToExponential):
+        * runtime/UString.cpp:
+        (JSC::concatenate):
+        (JSC::UString::from):
+        (JSC::UString::toDouble):
+        * wtf/dtoa.cpp:
+        * wtf/dtoa.h:
+
+2008-11-14  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 22257: Enable redundant read optimizations for results generated by compileBinaryArithOp()
+        <https://bugs.webkit.org/show_bug.cgi?id=22257>
+
+        This shows no change in performance on either SunSpider or the V8
+        benchmark suite, but it removes an ugly special case and allows for
+        future optimizations to be implemented in a cleaner fashion.
+
+        This patch was essentially given to me by Gavin Barraclough upon my
+        request, but I did regression and performance testing so that he could
+        work on something else.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate): Move the final
+        result to eax if it is not already there.
+        (JSC::CTI::compileBinaryArithOp): Remove the killing of the final result
+        register that disables the optimization.
+
+2008-11-13  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        Add a Scons-based build system for building
+        the Chromium-Mac build of JavaScriptCore.
+        https://bugs.webkit.org/show_bug.cgi?id=21991
+
+        * JavaScriptCore.scons: Added.
+        * SConstruct: Added.
+
+2008-11-13  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Adam Roben.
+        
+        Add PLATFORM(CHROMIUM) to the "we don't use cairo" blacklist
+        until https://bugs.webkit.org/show_bug.cgi?id=22250 is fixed.
+
+        * wtf/Platform.h:
+
+2008-11-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        In r38375 the 'jsc' shell was changed to improve teardown on quit. The
+        main() function in jsc.cpp uses Structured Exception Handling, so Visual
+        C++ emits a warning when destructors are used.
+        
+        In order to speculatively fix the Windows build, this patch changes that
+        code to use explicit pointer manipulation and locking rather than smart
+        pointers and RAII.
+
+        * jsc.cpp:
+        (main):
+
+2008-11-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22246: Get arguments for opcodes together to eliminate more redundant memory reads
+        <https://bugs.webkit.org/show_bug.cgi?id=22246>
+
+        It is common for opcodes to read their first operand into eax and their
+        second operand into edx. If the value intended for the second operand is
+        in eax, we should first move eax to the register for the second operand
+        and then read the first operand into eax.
+
+        This is a 0.5% speedup on SunSpider and a 2.0% speedup on the V8
+        benchmark suite when measured using the V8 harness.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArgs):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+
+2008-11-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22238: Avoid unnecessary reads of temporaries when the target machine register is not eax
+        <https://bugs.webkit.org/show_bug.cgi?id=22238>
+
+        Enable the optimization of not reading a value back from memory that we
+        just wrote when the target machine register is not eax. In order to do
+        this, the code generation for op_put_global_var must be changed to
+        read its argument into a register before overwriting eax.
+
+        This is a 0.5% speedup on SunSpider and shows no change on the V8
+        benchmark suite when run in either harness.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::privateCompileMainPass):
+
+2008-11-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Perform teardown in the 'jsc' shell in order to suppress annoying and
+        misleading leak messages. There is still a lone JSC::Node leaking when
+        quit() is called, but hopefully that can be fixed as well.
+
+        * jsc.cpp:
+        (functionQuit):
+        (main):
+
+2008-11-13  Mike Pinkerton  <pinkerton@chromium.org>
+
+        Reviewed by Sam Weinig.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22087
+        Need correct platform defines for Mac Chromium
+
+        Set the appropriate platform defines for Mac Chromium, which is
+        similar to PLATFORM(MAC), but isn't.
+
+        * wtf/Platform.h:
+
+2008-11-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - remove immediate checks from native codegen for known non-immediate cases like "this"
+        
+        ~.5% speedup on v8 benchmarks
+        
+        In the future we can extend this model to remove all sorts of
+        typechecks based on local type info or type inference.
+        
+        I also added an assertion to verify that all slow cases linked as
+        many slow case jumps as the corresponding fast case generated, and
+        fixed the pre-existing cases where this was not true.
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::linkSlowCaseIfNotJSCell):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::isKnownNotImmediate):
+
+2008-11-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21943: Avoid needless reads of temporary values in CTI code
+        <https://bugs.webkit.org/show_bug.cgi?id=21943>
+
+        If an opcode needs to load a virtual register and a previous opcode left
+        the contents of that virtual register in a machine register, use the
+        value in the machine register rather than getting it from memory.
+
+        In order to perform this optimization, it is necessary to know the
+        jump tagets in the CodeBlock. For temporaries, the only problematic
+        jump targets are binary logical operators and the ternary conditional
+        operator. However, if this optimization were to be extended to local 
+        variable registers as well, other jump targets would need to be
+        included, like switch statement cases and the beginnings of catch
+        blocks.
+
+        This optimization also requires that the fast case and the slow case
+        of an opcode use emitPutResult() on the same register, which was chosen
+        to be eax, as that is the register into which we read the first operand
+        of opcodes. In order to make this the case, we needed to add some mov
+        instructions to the slow cases of some instructions.
+
+        This optimizaton is not applied whenever compileBinaryArithOp() is used
+        to compile an opcode, because different machine registers may be used to
+        store the final result. It seems possible to rewrite the code generation
+        in compileBinaryArithOp() to allow for this optimization.
+
+        This optimization is also not applied when generating slow cases,
+        because some fast cases overwrite the value of eax before jumping to the
+        slow case. In the future, it may be possible to apply this optimization
+        to slow cases as well, but it did not seem to be a speedup when testing
+        an early version of this patch.
+
+        This is a 1.0% speedup on SunSpider and a 6.3% speedup on the V8
+        benchmark suite.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::killLastResultRegister):
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutResult):
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileOpStrictEq):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::isTemporaryRegisterIndex):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitLabel):
+
+2008-11-12  Alp Toker  <alp@nuanti.com>
+
+        autotools build system fix-up only. Add FloatQuad.h to the source
+        lists and sort them.
+
+        * GNUmakefile.am:
+
+2008-11-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22192
+        +37 failures in fast/profiler
+        
+        along with Darin's review comments in
+        https://bugs.webkit.org/show_bug.cgi?id=22174
+        Simplified op_call by nixing its responsibility for moving the value of
+        "this" into the first argument slot
+
+        * VM/Machine.cpp:
+        (JSC::returnToThrowTrampoline):
+        (JSC::throwStackOverflowError):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_arityCheck):
+        (JSC::Machine::cti_vm_throw): Moved the throw logic into a function, since
+        functions are better than macros.
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct): Ensure that the function register
+        is preserved if profiling is enabled, since the profiler uses that
+        register.
+
+        * runtime/JSGlobalData.h: Renamed throwReturnAddress to exceptionLocation,
+        because I had a hard time understanding what "throwReturnAddress" meant.
+
+2008-11-12  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Roll in r38322, now that test failures have been fixed.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCallEvalSetupArgs):
+        (JSC::CTI::compileOpConstructSetupArgs):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::execute):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_arityCheck):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitCallEval):
+        (JSC::CodeGenerator::emitConstruct):
+        * bytecompiler/CodeGenerator.h:
+        * parser/Nodes.cpp:
+        (JSC::EvalFunctionCallNode::emitCode):
+        (JSC::FunctionCallValueNode::emitCode):
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::FunctionCallBracketNode::emitCode):
+        (JSC::FunctionCallDotNode::emitCode):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::neededConstants):
+
+2008-11-12  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=22201
+        Integer conversion in array.length was safe signed values,
+        but the length is unsigned.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+
+2008-11-12  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        Roll out r38322 due to test failures on the bots.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::execute):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::throwStackOverflowPreviousFrame):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_arityCheck):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitCallEval):
+        (JSC::CodeGenerator::emitConstruct):
+        * bytecompiler/CodeGenerator.h:
+        * parser/Nodes.cpp:
+        (JSC::EvalFunctionCallNode::emitCode):
+        (JSC::FunctionCallValueNode::emitCode):
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::FunctionCallBracketNode::emitCode):
+        (JSC::FunctionCallDotNode::emitCode):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::neededConstants):
+
+2008-11-11  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22174
+        Simplified op_call by nixing its responsibility for moving the value of
+        "this" into the first argument slot.
+
+        Instead, the caller emits an explicit load or mov instruction, or relies
+        on implicit knowledge that "this" is already in the first argument slot.
+        As a result, two operands to op_call are gone: firstArg and thisVal.
+        
+        SunSpider and v8 tests show no change in bytecode or CTI.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCallEvalSetupArgs):
+        (JSC::CTI::compileOpConstructSetupArgs): Split apart these three versions
+        of setting up arguments to op_call, because they're more different than
+        they are the same -- even more so with this patch.
+
+        (JSC::CTI::compileOpCall): Updated for the fact that op_construct doesn't
+        match op_call anymore.
+
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases): Merged a few call cases. Updated
+        for changes mentioned above.
+
+        * VM/CTI.h:
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Updated for new bytecode format of call / construct.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval): Updated for new bytecode format of call / construct.
+
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters): Simplified these debugging functions, 
+        taking advantage of the new call frame layout.
+
+        (JSC::Machine::execute): Fixed up the eval version of execute to be
+        friendlier to calls in the new format.
+
+        (JSC::Machine::privateExecute): Implemented the new call format in
+        bytecode.
+
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_call_eval): Updated CTI helpers to match the new
+        call format.
+        
+        Fixed a latent bug in stack overflow checking that is now hit because
+        the register layout has changed a bit -- namely: when throwing a stack
+        overflow exception inside an op_call helper, we need to account for the
+        fact that the current call frame is only half-constructed, and use the
+        parent call frame instead.
+
+        * VM/Machine.h:
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitCallEval):
+        (JSC::CodeGenerator::emitConstruct):
+        * bytecompiler/CodeGenerator.h: Updated codegen to match the new call
+        format.
+
+        * parser/Nodes.cpp:
+        (JSC::EvalFunctionCallNode::emitCode):
+        (JSC::FunctionCallValueNode::emitCode):
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::FunctionCallBracketNode::emitCode):
+        (JSC::FunctionCallDotNode::emitCode):
+        * parser/Nodes.h:
+        (JSC::ScopeNode::neededConstants): ditto
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Remove an unused forwarding header for a file that no longer exists.
+
+        * ForwardingHeaders/JavaScriptCore/JSLock.h: Removed.
+
+2008-11-11  Mark Rowe  <mrowe@apple.com>
+
+        Fix broken dependencies building JavaScriptCore on a freezing cold cat, caused
+        by failure to update all instances of "kjs" to their new locations.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-11-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Rubber-stamped by Adam Roben.
+
+        * wtf/AVLTree.h: (WTF::AVLTree::Iterator::start_iter):
+        Fix indentation a little more.
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Clean up EvalCodeCache to match our coding style a bit more.
+
+        * VM/EvalCodeCache.h:
+        (JSC::EvalCodeCache::get):
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Bug 22179: Move EvalCodeCache from CodeBlock.h into its own file
+        <https://bugs.webkit.org/show_bug.cgi?id=22179>
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeBlock.h:
+        * VM/EvalCodeCache.h: Copied from VM/CodeBlock.h.
+        * VM/Machine.cpp:
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove the 'm_' prefix from the fields of the SwitchRecord struct.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h:
+        (JSC::SwitchRecord):
+        (JSC::SwitchRecord::SwitchRecord):
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Make asInteger() a static function so that it has internal linkage.
+
+        * VM/CTI.cpp:
+        (JSC::asInteger):
+
+2008-11-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        - shrink CodeBlock and AST related Vectors to exact fit (5-10M savings on membuster test)
+        
+        No perf regression combined with the last patch (each seems like a small regression individually)
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate):
+        * parser/Nodes.h:
+        (JSC::SourceElements::releaseContentsIntoVector):
+        * wtf/Vector.h:
+        (WTF::Vector::shrinkToFit):
+
+2008-11-11  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        - remove inline capacity from declaration stacks (15M savings on membuster test)
+
+        No perf regression on SunSpider or V8 test combined with other upcoming memory improvement patch.
+        
+        * JavaScriptCore.exp:
+        * parser/Nodes.h:
+
+2008-11-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        While r38286 removed the need for the m_callFrame member variable of
+        CTI, it should be also be removed.
+
+        * VM/CTI.h:
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Make CTI::asInteger() a non-member function, since it needs no access to
+        any of CTI's member variables.
+
+        * VM/CTI.cpp:
+        (JSC::asInteger):
+        * VM/CTI.h:
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Use 'value' instead of 'js' in CTI as a name for JSValue* to match our
+        usual convention elsewhere.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Make CTI::getConstant() a member function of CodeBlock instead.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::getConstant):
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Rename CodeBlock::isConstant() to isConstantRegisterIndex().
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::isConstantRegisterIndex):
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp):
+
+2008-11-10  Gavin Barraclough  <barraclough@apple.com>
+
+        Build fix for non-CTI builds.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::initialize):
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove the unused labels member variable of CodeBlock.
+
+        * VM/CodeBlock.h:
+        * VM/LabelID.h:
+        (JSC::LabelID::setLocation):
+
+2008-11-10  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Batch compile the set of static trampolines at the point Machine is constructed, using a single allocation.
+        Refactor out m_callFrame from CTI, since this is only needed to access the global data (instead store a
+        pointer to the global data directly, since this is available at the point the Machine is constructed).
+        Add a method to align the code buffer, to allow JIT generation for multiple trampolines in one block.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::getConstant):
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompileCTIMachineTrampolines):
+        (JSC::CTI::freeCTIMachineTrampolines):
+        * VM/CTI.h:
+        (JSC::CTI::compile):
+        (JSC::CTI::compileGetByIdSelf):
+        (JSC::CTI::compileGetByIdProto):
+        (JSC::CTI::compileGetByIdChain):
+        (JSC::CTI::compilePutByIdReplace):
+        (JSC::CTI::compilePutByIdTransition):
+        (JSC::CTI::compileCTIMachineTrampolines):
+        (JSC::CTI::compilePatchGetArrayLength):
+        * VM/Machine.cpp:
+        (JSC::Machine::initialize):
+        (JSC::Machine::~Machine):
+        (JSC::Machine::execute):
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::tryCTICacheGetByID):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_lazyLinkCall):
+        * VM/Machine.h:
+        * masm/X86Assembler.h:
+        (JSC::JITCodeBuffer::isAligned):
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::align):
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+
+2008-11-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Antti Koivisto.
+        
+        - Make Vector::clear() release the Vector's memory (1MB savings on membuster)
+        https://bugs.webkit.org/show_bug.cgi?id=22170
+
+        * wtf/Vector.h:
+        (WTF::VectorBufferBase::deallocateBuffer): Set capacity to 0 as
+        well as size, otherwise shrinking capacity to 0 can fail to reset
+        the capacity and thus cause a future crash.
+        (WTF::Vector::~Vector): Shrink size not capacity; we only need
+        to call destructors, the buffer will be freed anyway.
+        (WTF::Vector::clear): Change this to shrinkCapacity(0), not just shrink(0).
+        (WTF::::shrinkCapacity): Use shrink() instead of resize() for case where
+        the size is greater than the new capacity, to work with types that have no
+        default constructor.
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Split multiple definitions into separate lines.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileBinaryArithOp):
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 22162: Remove cachedValueGetter from the JavaScriptCore API implementation
+        <https://bugs.webkit.org/show_bug.cgi?id=22162>
+
+        There is no more need for the cachedValueGetter hack now that we have
+        PropertySlot::setValue(), so we should remove it.
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::getOwnPropertySlot):
+
+2008-11-10  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22152: Remove asObject() call from JSCallbackObject::getOwnPropertySlot()
+        <https://bugs.webkit.org/show_bug.cgi?id=22152>
+
+        With the recent change to adopt asType() style cast functions with
+        assertions instead of static_casts in many places, the assertion for
+        the asObject() call in JSCallbackObject::getOwnPropertySlot() has been
+        failing when using any nontrivial client of the JavaScriptCore API.
+        The cast isn't even necessary to call slot.setCustom(), so it should
+        be removed.
+
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::JSCallbackObject::getOwnPropertySlot):
+
+2008-11-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Adam Roben.
+
+        A few coding style fixes for AVLTree.
+
+        * wtf/AVLTree.h: Moved to WTF namespace, Removed "KJS_" from include guards.
+        (WTF::AVLTree::Iterator::start_iter): Fixed indentation
+
+        * runtime/JSArray.cpp: Added "using namepace WTF".
+
+2008-11-09  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Speculatively fix the non-AllInOne build.
+
+        * runtime/NativeErrorConstructor.cpp:
+
+2008-11-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=22149
+          remove unused code from the parser
+
+        * AllInOneFile.cpp: Removed nodes2string.cpp.
+        * GNUmakefile.am: Ditto.
+        * JavaScriptCore.exp: Ditto.
+        * JavaScriptCore.pri: Ditto.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * JavaScriptCoreSources.bkl: Ditto.
+
+        * VM/CodeBlock.h: Added include.
+
+        * VM/Machine.cpp: (JSC::Machine::execute): Use the types from
+        DeclarationStacks as DeclarationStacks:: rather than Node:: since
+        "Node" really has little to do with it.
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator): Ditto.
+
+        * jsc.cpp:
+        (Options::Options): Removed prettyPrint option.
+        (runWithScripts): Ditto.
+        (printUsageStatement): Ditto.
+        (parseArguments): Ditto.
+        (jscmain): Ditto.
+
+        * parser/Grammar.y: Removed use of obsolete ImmediateNumberNode.
+
+        * parser/Nodes.cpp:
+        (JSC::ThrowableExpressionData::emitThrowError): Use inline functions
+        instead of direct member access for ThrowableExpressionData values.
+        (JSC::BracketAccessorNode::emitCode): Ditto.
+        (JSC::DotAccessorNode::emitCode): Ditto.
+        (JSC::NewExprNode::emitCode): Ditto.
+        (JSC::EvalFunctionCallNode::emitCode): Ditto.
+        (JSC::FunctionCallValueNode::emitCode): Ditto.
+        (JSC::FunctionCallResolveNode::emitCode): Ditto.
+        (JSC::FunctionCallBracketNode::emitCode): Ditto.
+        (JSC::FunctionCallDotNode::emitCode): Ditto.
+        (JSC::PostfixResolveNode::emitCode): Ditto.
+        (JSC::PostfixBracketNode::emitCode): Ditto.
+        (JSC::PostfixDotNode::emitCode): Ditto.
+        (JSC::DeleteResolveNode::emitCode): Ditto.
+        (JSC::DeleteBracketNode::emitCode): Ditto.
+        (JSC::DeleteDotNode::emitCode): Ditto.
+        (JSC::PrefixResolveNode::emitCode): Ditto.
+        (JSC::PrefixBracketNode::emitCode): Ditto.
+        (JSC::PrefixDotNode::emitCode): Ditto.
+        (JSC::ThrowableBinaryOpNode::emitCode): Ditto.
+        (JSC::InstanceOfNode::emitCode): Ditto.
+        (JSC::ReadModifyResolveNode::emitCode): Ditto.
+        (JSC::AssignResolveNode::emitCode): Ditto.
+        (JSC::AssignDotNode::emitCode): Ditto.
+        (JSC::ReadModifyDotNode::emitCode): Ditto.
+        (JSC::AssignBracketNode::emitCode): Ditto.
+        (JSC::ReadModifyBracketNode::emitCode): Ditto.
+        (JSC::statementListEmitCode): Take a const StatementVector instead
+        of a non-const one. Also removed unused statementListPushFIFO.
+        (JSC::ForInNode::emitCode): Inline functions instead of member access.
+        (JSC::ThrowNode::emitCode): Ditto.
+        (JSC::EvalNode::emitCode): Ditto.
+        (JSC::FunctionBodyNode::emitCode): Ditto.
+        (JSC::ProgramNode::emitCode): Ditto.
+
+        * parser/Nodes.h: Removed unused includes and forward declarations.
+        Removed Precedence enum. Made many more members private instead of
+        protected or public. Removed unused NodeStack typedef. Moved the
+        VarStack and FunctionStack typedefs from Node to ScopeNode. Made
+        Node::emitCode pure virtual and changed classes that don't emit
+        any code to inherit from ParserRefCounted rather than Node.
+        Moved isReturnNode from Node to StatementNode. Removed the
+        streamTo, precedence, and needsParensIfLeftmost functions from
+        all classes. Removed the ImmediateNumberNode class and make
+        NumberNode::setValue nonvirtual.
+
+        * parser/nodes2string.cpp: Removed.
+
+2008-11-09  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig and Maciej Stachowiak.
+        Includes some work done by Chris Brichford.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=14886
+          Stack overflow due to deeply nested parse tree doing repeated string concatentation
+
+        Test: fast/js/large-expressions.html
+
+        1) Code generation is recursive, so takes stack proportional to the complexity
+           of the source code expression. Fixed by setting an arbitrary recursion limit
+           of 10,000 nodes.
+
+        2) Destruction of the syntax tree was recursive. Fixed by introducing a
+           non-recursive mechanism for destroying the tree.
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator): Initialize depth to 0.
+        (JSC::CodeGenerator::emitThrowExpressionTooDeepException): Added. Emits the code
+        to throw a "too deep" exception.
+        * bytecompiler/CodeGenerator.h:
+        (JSC::CodeGenerator::emitNode): Check depth and emit an exception if we exceed
+        the maximum depth.
+
+        * parser/Nodes.cpp:
+        (JSC::NodeReleaser::releaseAllNodes): Added. To be called inside node destructors
+        to avoid recursive calls to destructors for nodes inside this one.
+        (JSC::NodeReleaser::release): Added. To be called inside releaseNodes functions.
+        Also added releaseNodes functions and calls to releaseAllNodes inside destructors
+        for each class derived from Node that has RefPtr to other nodes.
+        (JSC::NodeReleaser::adopt): Added. Used by the release function.
+        (JSC::NodeReleaser::adoptFunctionBodyNode): Added.
+
+        * parser/Nodes.h: Added declarations of releaseNodes and destructors in all classes
+        that needed it. Eliminated use of ListRefPtr and releaseNext, which are the two parts
+        of an older solution to the non-recursive destruction problem that works only for
+        lists, whereas the new solution works for other graphs. Changed ReverseBinaryOpNode
+        to use BinaryOpNode as a base class to avoid some duplicated code.
+
+2008-11-08  Kevin Ollivier  <kevino@theolliviers.com>
+        
+        wx build fixes after addition of JSCore parser and bycompiler dirs. Also cleanup
+        the JSCore Bakefile's group names to be consistent.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2008-11-07  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21801: REGRESSION (r37821): YUI date formatting JavaScript puts the letter 'd' in place of the day
+        <https://bugs.webkit.org/show_bug.cgi?id=21801>
+
+        Fix the constant register check in the 'typeof' optimization in
+        CodeGenerator, which was completely broken after r37821.
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp):
+
+2008-11-07  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 22129: Move CTI::isConstant() to CodeBlock
+        <https://bugs.webkit.org/show_bug.cgi?id=22129>
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::isConstant):
+
+2008-11-07  Alp Toker  <alp@nuanti.com>
+
+        autotools fix. Always use the configured perl binary (which may be
+        different to the one in $PATH) when generating sources.
+
+        * GNUmakefile.am:
+
+2008-11-07  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Change grammar.cpp to Grammar.cpp and grammar.h to Grammar.h in several
+        build scripts.
+
+        * DerivedSources.make:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCoreSources.bkl:
+
+2008-11-07  Alp Toker  <alp@nuanti.com>
+
+        More grammar.cpp -> Grammar.cpp build fixes.
+
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+
+2008-11-07  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the build on case-sensitive file systems. grammar.y was renamed to
+        Grammar.y but Lexer.cpp includes grammar.h. The build bots didn't
+        notice this change because of stale files.
+
+        * parser/Lexer.cpp:
+
+2008-11-07  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Rename the m_nextGlobal, m_nextParameter, and m_nextConstant member
+        variables of CodeGenerator to m_nextGlobalIndex, m_nextParameterIndex,
+        and m_nextConstantIndex respectively. This is to distinguish these from
+        member variables like m_lastConstant, which are actually RefPtrs to
+        Registers.
+
+        * bytecompiler/CodeGenerator.cpp:
+        (JSC::CodeGenerator::addGlobalVar):
+        (JSC::CodeGenerator::allocateConstants):
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::addParameter):
+        (JSC::CodeGenerator::addConstant):
+        * bytecompiler/CodeGenerator.h:
+
+2008-11-06  Gavin Barraclough  barraclough@apple.com
+
+        Reviewed by Oliver Hunt.
+
+        Do not make a cti_* call to perform an op_call unless either:
+        (1) The codeblock for the function body has not been generated.
+        (2) The number of arguments passed does not match the callee arity.
+
+        ~1% progression on sunspider --v8
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_call_arityCheck):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+        * kjs/nodes.h:
+
+2008-11-06  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Move the remaining files in the kjs subdirectory of JavaScriptCore to
+        a new parser subdirectory, and remove the kjs subdirectory entirely.
+
+        * AllInOneFile.cpp:
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CodeBlock.h:
+        * VM/ExceptionHelpers.cpp:
+        * VM/SamplingTool.h:
+        * bytecompiler/CodeGenerator.h:
+        * jsc.pro:
+        * jscore.bkl:
+        * kjs: Removed.
+        * kjs/NodeInfo.h: Removed.
+        * kjs/Parser.cpp: Removed.
+        * kjs/Parser.h: Removed.
+        * kjs/ResultType.h: Removed.
+        * kjs/SourceCode.h: Removed.
+        * kjs/SourceProvider.h: Removed.
+        * kjs/grammar.y: Removed.
+        * kjs/keywords.table: Removed.
+        * kjs/lexer.cpp: Removed.
+        * kjs/lexer.h: Removed.
+        * kjs/nodes.cpp: Removed.
+        * kjs/nodes.h: Removed.
+        * kjs/nodes2string.cpp: Removed.
+        * parser: Added.
+        * parser/Grammar.y: Copied from kjs/grammar.y.
+        * parser/Keywords.table: Copied from kjs/keywords.table.
+        * parser/Lexer.cpp: Copied from kjs/lexer.cpp.
+        * parser/Lexer.h: Copied from kjs/lexer.h.
+        * parser/NodeInfo.h: Copied from kjs/NodeInfo.h.
+        * parser/Nodes.cpp: Copied from kjs/nodes.cpp.
+        * parser/Nodes.h: Copied from kjs/nodes.h.
+        * parser/Parser.cpp: Copied from kjs/Parser.cpp.
+        * parser/Parser.h: Copied from kjs/Parser.h.
+        * parser/ResultType.h: Copied from kjs/ResultType.h.
+        * parser/SourceCode.h: Copied from kjs/SourceCode.h.
+        * parser/SourceProvider.h: Copied from kjs/SourceProvider.h.
+        * parser/nodes2string.cpp: Copied from kjs/nodes2string.cpp.
+        * pcre/pcre.pri:
+        * pcre/pcre_exec.cpp:
+        * runtime/FunctionConstructor.cpp:
+        * runtime/JSActivation.h:
+        * runtime/JSFunction.h:
+        * runtime/JSGlobalData.cpp:
+        * runtime/JSGlobalObjectFunctions.cpp:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::toNumber):
+        * runtime/RegExp.cpp:
+
+2008-11-06  Adam Roben  <aroben@apple.com>
+
+        Windows build fix after r38196
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added bytecompiler/ to the
+        include path.
+
+2008-11-06  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Create a new bytecompiler subdirectory of JavaScriptCore and move some
+        relevant files to it.
+
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CodeGenerator.cpp: Removed.
+        * VM/CodeGenerator.h: Removed.
+        * bytecompiler: Added.
+        * bytecompiler/CodeGenerator.cpp: Copied from VM/CodeGenerator.cpp.
+        * bytecompiler/CodeGenerator.h: Copied from VM/CodeGenerator.h.
+        * bytecompiler/LabelScope.h: Copied from kjs/LabelScope.h.
+        * jscore.bkl:
+        * kjs/LabelScope.h: Removed.
+
+2008-11-06  Adam Roben  <aroben@apple.com>
+
+        Windows clean build fix after r38155
+
+        Rubberstamped by Cameron Zwarich.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update
+        the post-build event for the move of create_hash_table out of kjs/.
+
+2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22107
+
+        Bug uncovered during RVCT port in functions not used. get_lt() and
+        get_gt() takes only one argument - remove second argument where
+        applicable.
+
+        * wtf/AVLTree.h:
+        (JSC::AVLTree::remove): Remove second argument of get_lt/get_gt().
+        (JSC::AVLTree::subst): Ditto.
+
+2008-11-06  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Cameron Zwarich.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22033
+        [GTK] CTI/Linux r38064 crashes; JIT requires executable memory
+
+        Mark pages allocated by the FastMalloc mmap code path executable with
+        PROT_EXEC. This fixes crashes seen on CPUs and kernels that enforce
+        non-executable memory (like ExecShield on Fedora Linux) when the JIT
+        is enabled.
+
+        This patch does not resolve the issue on debug builds so affected
+        developers may still need to pass --disable-jit to configure.
+
+        * wtf/TCSystemAlloc.cpp:
+        (TryMmap):
+        (TryDevMem):
+        (TCMalloc_SystemRelease):
+
+2008-11-06  Peter Gal  <galpeter@inf.u-szeged.hu>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 22099: Make the Qt port build the JSC shell in the correct place
+        <https://bugs.webkit.org/show_bug.cgi?id=22099>
+
+        Adjust include paths and build destination dir for the 'jsc' executable
+        in the Qt build.
+
+        * jsc.pro:
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Implemented the block allocation on Symbian through heap allocation.
+
+        Unfortunately there is no way to allocate virtual memory. The Posix
+        layer provides mmap() but no anonymous mapping. So this is a very slow
+        solution but it should work as a start.
+
+        * runtime/Collector.cpp:
+        (JSC::allocateBlock):
+        (JSC::freeBlock):
+
+2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Borrow some math functions from the MSVC port to the build with the
+        RVCT compiler.
+
+        * wtf/MathExtras.h:
+        (isinf):
+        (isnan):
+        (signbit):
+
+2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Include strings.h for strncasecmp().
+        This is needed for compilation inside Symbian and it is also
+        confirmed by the man-page on Linux.
+
+        * runtime/DateMath.cpp:
+
+2008-11-06  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Implemented currentThreadStackBase for Symbian.
+
+        * runtime/Collector.cpp:
+        (JSC::currentThreadStackBase):
+
+2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        RVCT does not support tm_gmtoff field, so disable that code just like
+        for MSVC.
+
+        * runtime/DateMath.h:
+        (JSC::GregorianDateTime::GregorianDateTime):
+        (JSC::GregorianDateTime::operator tm):
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Define PLATFORM(UNIX) for S60. Effectively WebKit on S60 is compiled
+        on top of the Posix layer.
+
+        * wtf/Platform.h:
+
+2008-11-06  Norbert Leser  <norbert.leser@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Added __SYMBIAN32__ condition for defining PLATFORM(SYMBIAN).
+
+        * wtf/Platform.h:
+
+2008-11-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon Hausmann.
+
+        Added WINSCW compiler define for Symbian S60.
+
+        * wtf/Platform.h:
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Use the GCC defines of the WTF_ALIGN* macros for the RVCT and the
+        MINSCW compiler.
+
+        * wtf/Vector.h:
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Define capabilities of the SYMBIAN platform. Some of the system
+        headers are actually dependent on RVCT.
+
+        * wtf/Platform.h:
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Add missing stddef.h header needed for compilation in Symbian.
+
+        * runtime/Collector.h:
+
+2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Added COMPILER(RVCT) to detect the ARM RVCT compiler used in the Symbian environment.
+
+        * wtf/Platform.h:
+
+2008-11-06  Simon Hausmann  <hausmann@webkit.org>
+
+        Fix the Qt build, adjust include paths after move of jsc.pro.
+
+        * jsc.pro:
+
+2008-11-06  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move kjs/Shell.cpp to the top level of the JavaScriptCore directory and
+        rename it to jsc.cpp to reflect the name of the binary compiled from it.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * jsc.cpp: Copied from kjs/Shell.cpp.
+        * jsc.pro:
+        * jscore.bkl:
+        * kjs/Shell.cpp: Removed.
+
+2008-11-06  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move create_hash_table and jsc.pro out of the kjs directory and into the
+        root directory of JavaScriptCore.
+
+        * DerivedSources.make:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * create_hash_table: Copied from kjs/create_hash_table.
+        * jsc.pro: Copied from kjs/jsc.pro.
+        * kjs/create_hash_table: Removed.
+        * kjs/jsc.pro: Removed.
+        * make-generated-sources.sh:
+
+2008-11-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22094
+
+        Fix for bug where the callee incorrectly recieves the caller's lexical
+        global object as this, rather than its own.  Implementation closely
+        follows the spec, passing jsNull, checking in the callee and replacing
+        with the global object where necessary.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_call_eval):
+        * runtime/JSCell.h:
+        (JSC::JSValue::toThisObject):
+        * runtime/JSImmediate.cpp:
+        (JSC::JSImmediate::toThisObject):
+        * runtime/JSImmediate.h:
+
+2008-11-05  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix after Operations.cpp move.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-11-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the build for case-sensitive build systems and wxWindows.
+
+        * JavaScriptCoreSources.bkl:
+        * kjs/create_hash_table:
+
+2008-11-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the build for case-sensitive build systems.
+
+        * JavaScriptCoreSources.bkl:
+        * kjs/Shell.cpp:
+        * runtime/Interpreter.cpp:
+        * runtime/JSArray.cpp:
+
+2008-11-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the build for case-sensitive build systems.
+
+        * API/JSBase.cpp:
+        * API/JSObjectRef.cpp:
+        * runtime/CommonIdentifiers.h:
+        * runtime/Identifier.cpp:
+        * runtime/InitializeThreading.cpp:
+        * runtime/InternalFunction.h:
+        * runtime/JSString.h:
+        * runtime/Lookup.h:
+        * runtime/PropertyNameArray.h:
+        * runtime/PropertySlot.h:
+        * runtime/StructureID.cpp:
+        * runtime/StructureID.h:
+        * runtime/UString.cpp:
+
+2008-11-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move more files to the runtime subdirectory of JavaScriptCore.
+
+        * API/APICast.h:
+        * API/JSBase.cpp:
+        * API/JSCallbackObject.cpp:
+        * API/JSClassRef.cpp:
+        * API/JSClassRef.h:
+        * API/JSStringRefCF.cpp:
+        * API/JSValueRef.cpp:
+        * API/OpaqueJSString.cpp:
+        * API/OpaqueJSString.h:
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        * VM/Machine.cpp:
+        * VM/RegisterFile.h:
+        * debugger/Debugger.h:
+        * kjs/SourceProvider.h:
+        * kjs/TypeInfo.h: Removed.
+        * kjs/collector.cpp: Removed.
+        * kjs/collector.h: Removed.
+        * kjs/completion.h: Removed.
+        * kjs/create_hash_table:
+        * kjs/identifier.cpp: Removed.
+        * kjs/identifier.h: Removed.
+        * kjs/interpreter.cpp: Removed.
+        * kjs/interpreter.h: Removed.
+        * kjs/lexer.cpp:
+        * kjs/lexer.h:
+        * kjs/lookup.cpp: Removed.
+        * kjs/lookup.h: Removed.
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/operations.cpp: Removed.
+        * kjs/operations.h: Removed.
+        * kjs/protect.h: Removed.
+        * kjs/regexp.cpp: Removed.
+        * kjs/regexp.h: Removed.
+        * kjs/ustring.cpp: Removed.
+        * kjs/ustring.h: Removed.
+        * pcre/pcre_exec.cpp:
+        * profiler/CallIdentifier.h:
+        * profiler/Profile.h:
+        * runtime/ArrayConstructor.cpp:
+        * runtime/ArrayPrototype.cpp:
+        * runtime/ArrayPrototype.h:
+        * runtime/Collector.cpp: Copied from kjs/collector.cpp.
+        * runtime/Collector.h: Copied from kjs/collector.h.
+        * runtime/CollectorHeapIterator.h:
+        * runtime/Completion.h: Copied from kjs/completion.h.
+        * runtime/ErrorPrototype.cpp:
+        * runtime/Identifier.cpp: Copied from kjs/identifier.cpp.
+        * runtime/Identifier.h: Copied from kjs/identifier.h.
+        * runtime/InitializeThreading.cpp:
+        * runtime/Interpreter.cpp: Copied from kjs/interpreter.cpp.
+        * runtime/Interpreter.h: Copied from kjs/interpreter.h.
+        * runtime/JSCell.h:
+        * runtime/JSGlobalData.cpp:
+        * runtime/JSGlobalData.h:
+        * runtime/JSLock.cpp:
+        * runtime/JSNumberCell.cpp:
+        * runtime/JSNumberCell.h:
+        * runtime/JSObject.cpp:
+        * runtime/JSValue.h:
+        * runtime/Lookup.cpp: Copied from kjs/lookup.cpp.
+        * runtime/Lookup.h: Copied from kjs/lookup.h.
+        * runtime/MathObject.cpp:
+        * runtime/NativeErrorPrototype.cpp:
+        * runtime/NumberPrototype.cpp:
+        * runtime/Operations.cpp: Copied from kjs/operations.cpp.
+        * runtime/Operations.h: Copied from kjs/operations.h.
+        * runtime/PropertyMapHashTable.h:
+        * runtime/Protect.h: Copied from kjs/protect.h.
+        * runtime/RegExp.cpp: Copied from kjs/regexp.cpp.
+        * runtime/RegExp.h: Copied from kjs/regexp.h.
+        * runtime/RegExpConstructor.cpp:
+        * runtime/RegExpObject.h:
+        * runtime/RegExpPrototype.cpp:
+        * runtime/SmallStrings.h:
+        * runtime/StringObjectThatMasqueradesAsUndefined.h:
+        * runtime/StructureID.cpp:
+        * runtime/StructureID.h:
+        * runtime/StructureIDTransitionTable.h:
+        * runtime/SymbolTable.h:
+        * runtime/TypeInfo.h: Copied from kjs/TypeInfo.h.
+        * runtime/UString.cpp: Copied from kjs/ustring.cpp.
+        * runtime/UString.h: Copied from kjs/ustring.h.
+        * wrec/CharacterClassConstructor.h:
+        * wrec/WREC.h:
+
+2008-11-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Suggested by Darin Adler.
+        
+        Removed two copy constructors that the compiler can generate for us
+        automatically.
+
+        * VM/LabelID.h:
+        (JSC::LabelID::setLocation):
+        (JSC::LabelID::offsetFrom):
+        (JSC::LabelID::ref):
+        (JSC::LabelID::refCount):
+        * kjs/LabelScope.h:
+
+2008-11-05  Anders Carlsson  <andersca@apple.com>
+
+        Fix Snow Leopard build.
+        
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-11-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Steve Falkenburg.
+
+        Move dtoa.cpp and dtoa.h to the WTF Visual Studio project to reflect
+        their movement in the filesystem.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+
+2008-11-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move kjs/dtoa.h to the wtf subdirectory of JavaScriptCore.
+
+        * AllInOneFile.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/dtoa.cpp: Removed.
+        * kjs/dtoa.h: Removed.
+        * wtf/dtoa.cpp: Copied from kjs/dtoa.cpp.
+        * wtf/dtoa.h: Copied from kjs/dtoa.h.
+
+2008-11-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move kjs/config.h to the top level of JavaScriptCore.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * config.h: Copied from kjs/config.h.
+        * kjs/config.h: Removed.
+
+2008-11-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        * wtf/ThreadingNone.cpp: Tweak formatting.
+
+2008-11-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=22061
+          create script to check for exit-time destructors
+
+        * JavaScriptCore.exp: Changed to export functions rather than
+        a global for the atomically initialized static mutex.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added a script
+        phase that runs the check-for-exit-time-destructors script.
+
+        * wtf/MainThread.cpp:
+        (WTF::mainThreadFunctionQueueMutex): Changed to leak an object
+        rather than using an exit time destructor.
+        (WTF::functionQueue): Ditto.
+        * wtf/unicode/icu/CollatorICU.cpp:
+        (WTF::cachedCollatorMutex): Ditto.
+
+        * wtf/Threading.h: Changed other platforms to share the Windows
+        approach where the mutex is internal and the functions are exported.
+        * wtf/ThreadingGtk.cpp:
+        (WTF::lockAtomicallyInitializedStaticMutex): Ditto.
+        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
+        * wtf/ThreadingNone.cpp:
+        (WTF::lockAtomicallyInitializedStaticMutex): Ditto.
+        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
+        * wtf/ThreadingPthreads.cpp:
+        (WTF::threadMapMutex): Changed to leak an object rather than using
+        an exit time destructor.
+        (WTF::lockAtomicallyInitializedStaticMutex): Mutex change.
+        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
+        (WTF::threadMap): Changed to leak an object rather than using
+        an exit time destructor.
+        * wtf/ThreadingQt.cpp:
+        (WTF::lockAtomicallyInitializedStaticMutex): Mutex change.
+        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
+        * wtf/ThreadingWin.cpp:
+        (WTF::lockAtomicallyInitializedStaticMutex): Added an assertion.
+
+2008-11-04  Adam Roben  <aroben@apple.com>
+
+        Windows build fix
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update
+        the location of JSStaticScopeObject.{cpp,h}.
+
+2008-11-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Move AllInOneFile.cpp to the top level of JavaScriptCore.
+
+        * AllInOneFile.cpp: Copied from kjs/AllInOneFile.cpp.
+        * GNUmakefile.am:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp: Removed.
+
+2008-11-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Alexey Proskuryakov.
+
+        Add NodeInfo.h to the JavaScriptCore Xcode project.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-11-03  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Maciej Stachowiak.
+
+        Move more files into the runtime subdirectory of JavaScriptCore.
+
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackFunction.cpp:
+        * API/JSClassRef.cpp:
+        * API/OpaqueJSString.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArgList.cpp: Removed.
+        * kjs/ArgList.h: Removed.
+        * kjs/Arguments.cpp: Removed.
+        * kjs/Arguments.h: Removed.
+        * kjs/BatchedTransitionOptimizer.h: Removed.
+        * kjs/CollectorHeapIterator.h: Removed.
+        * kjs/CommonIdentifiers.cpp: Removed.
+        * kjs/CommonIdentifiers.h: Removed.
+        * kjs/ExecState.cpp: Removed.
+        * kjs/ExecState.h: Removed.
+        * kjs/GetterSetter.cpp: Removed.
+        * kjs/GetterSetter.h: Removed.
+        * kjs/InitializeThreading.cpp: Removed.
+        * kjs/InitializeThreading.h: Removed.
+        * kjs/JSActivation.cpp: Removed.
+        * kjs/JSActivation.h: Removed.
+        * kjs/JSGlobalData.cpp: Removed.
+        * kjs/JSGlobalData.h: Removed.
+        * kjs/JSLock.cpp: Removed.
+        * kjs/JSLock.h: Removed.
+        * kjs/JSStaticScopeObject.cpp: Removed.
+        * kjs/JSStaticScopeObject.h: Removed.
+        * kjs/JSType.h: Removed.
+        * kjs/PropertyNameArray.cpp: Removed.
+        * kjs/PropertyNameArray.h: Removed.
+        * kjs/ScopeChain.cpp: Removed.
+        * kjs/ScopeChain.h: Removed.
+        * kjs/ScopeChainMark.h: Removed.
+        * kjs/SymbolTable.h: Removed.
+        * kjs/Tracing.d: Removed.
+        * kjs/Tracing.h: Removed.
+        * runtime/ArgList.cpp: Copied from kjs/ArgList.cpp.
+        * runtime/ArgList.h: Copied from kjs/ArgList.h.
+        * runtime/Arguments.cpp: Copied from kjs/Arguments.cpp.
+        * runtime/Arguments.h: Copied from kjs/Arguments.h.
+        * runtime/BatchedTransitionOptimizer.h: Copied from kjs/BatchedTransitionOptimizer.h.
+        * runtime/CollectorHeapIterator.h: Copied from kjs/CollectorHeapIterator.h.
+        * runtime/CommonIdentifiers.cpp: Copied from kjs/CommonIdentifiers.cpp.
+        * runtime/CommonIdentifiers.h: Copied from kjs/CommonIdentifiers.h.
+        * runtime/ExecState.cpp: Copied from kjs/ExecState.cpp.
+        * runtime/ExecState.h: Copied from kjs/ExecState.h.
+        * runtime/GetterSetter.cpp: Copied from kjs/GetterSetter.cpp.
+        * runtime/GetterSetter.h: Copied from kjs/GetterSetter.h.
+        * runtime/InitializeThreading.cpp: Copied from kjs/InitializeThreading.cpp.
+        * runtime/InitializeThreading.h: Copied from kjs/InitializeThreading.h.
+        * runtime/JSActivation.cpp: Copied from kjs/JSActivation.cpp.
+        * runtime/JSActivation.h: Copied from kjs/JSActivation.h.
+        * runtime/JSGlobalData.cpp: Copied from kjs/JSGlobalData.cpp.
+        * runtime/JSGlobalData.h: Copied from kjs/JSGlobalData.h.
+        * runtime/JSLock.cpp: Copied from kjs/JSLock.cpp.
+        * runtime/JSLock.h: Copied from kjs/JSLock.h.
+        * runtime/JSStaticScopeObject.cpp: Copied from kjs/JSStaticScopeObject.cpp.
+        * runtime/JSStaticScopeObject.h: Copied from kjs/JSStaticScopeObject.h.
+        * runtime/JSType.h: Copied from kjs/JSType.h.
+        * runtime/PropertyNameArray.cpp: Copied from kjs/PropertyNameArray.cpp.
+        * runtime/PropertyNameArray.h: Copied from kjs/PropertyNameArray.h.
+        * runtime/ScopeChain.cpp: Copied from kjs/ScopeChain.cpp.
+        * runtime/ScopeChain.h: Copied from kjs/ScopeChain.h.
+        * runtime/ScopeChainMark.h: Copied from kjs/ScopeChainMark.h.
+        * runtime/SymbolTable.h: Copied from kjs/SymbolTable.h.
+        * runtime/Tracing.d: Copied from kjs/Tracing.d.
+        * runtime/Tracing.h: Copied from kjs/Tracing.h.
+
+2008-11-03  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Move #define to turn on dumping StructureID statistics to StructureID.cpp so that
+        turning it on does not require a full rebuild. 
+
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics):
+        * runtime/StructureID.h:
+
+2008-11-03  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Fix warning when building on Darwin without JSC_MULTIPLE_THREADS
+        enabled.
+
+        * kjs/InitializeThreading.cpp:
+
+2008-11-02  Matt Lilek  <webkit@mattlilek.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 22042: REGRESSION(r38066): ASSERTION FAILED: source in CodeBlock
+        <https://bugs.webkit.org/show_bug.cgi?id=22042>
+
+        Rename parameter name to avoid ASSERT.
+
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+
+2008-11-02  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 22035: Remove the '_' suffix on constructor parameter names for structs
+        <https://bugs.webkit.org/show_bug.cgi?id=22035>
+
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::JSCallbackObjectData::JSCallbackObjectData):
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::ProgramCodeBlock::ProgramCodeBlock):
+        (JSC::EvalCodeBlock::EvalCodeBlock):
+        * wrec/WREC.h:
+        (JSC::Quantifier::Quantifier):
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Geoff Garen.
+
+        Rename SourceRange.h to SourceCode.h.
+
+        * API/JSBase.cpp:
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeBlock.h:
+        * kjs/SourceCode.h: Copied from kjs/SourceRange.h.
+        * kjs/SourceRange.h: Removed.
+        * kjs/grammar.y:
+        * kjs/lexer.h:
+        * kjs/nodes.cpp:
+        (JSC::ForInNode::ForInNode):
+        * kjs/nodes.h:
+        (JSC::ThrowableExpressionData::setExceptionSourceCode):
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22019: Move JSC::Interpreter::shouldPrintExceptions() to WebCore::Console
+        <https://bugs.webkit.org/show_bug.cgi?id=22019>
+
+        The JSC::Interpreter::shouldPrintExceptions() function is not used at
+        all in JavaScriptCore, so it should be moved to WebCore::Console, its
+        only user.
+
+        * JavaScriptCore.exp:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Windows build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Remove the call to Interpreter::setShouldPrintExceptions() from the
+        GlobalObject constructor in the shell. The shouldPrintExceptions()
+        information is not used anywhere in JavaScriptCore, only in WebCore.
+
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+
+2008-10-31  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wxMSW build fix.
+
+        * wtf/Threading.h:
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Move more files from the kjs subdirectory of JavaScriptCore to the
+        runtime subdirectory.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/RegExpConstructor.cpp: Removed.
+        * kjs/RegExpConstructor.h: Removed.
+        * kjs/RegExpMatchesArray.h: Removed.
+        * kjs/RegExpObject.cpp: Removed.
+        * kjs/RegExpObject.h: Removed.
+        * kjs/RegExpPrototype.cpp: Removed.
+        * kjs/RegExpPrototype.h: Removed.
+        * runtime/RegExpConstructor.cpp: Copied from kjs/RegExpConstructor.cpp.
+        * runtime/RegExpConstructor.h: Copied from kjs/RegExpConstructor.h.
+        * runtime/RegExpMatchesArray.h: Copied from kjs/RegExpMatchesArray.h.
+        * runtime/RegExpObject.cpp: Copied from kjs/RegExpObject.cpp.
+        * runtime/RegExpObject.h: Copied from kjs/RegExpObject.h.
+        * runtime/RegExpPrototype.cpp: Copied from kjs/RegExpPrototype.cpp.
+        * runtime/RegExpPrototype.h: Copied from kjs/RegExpPrototype.h.
+
+2008-10-31  Mark Rowe  <mrowe@apple.com>
+
+        Revert an incorrect portion of r38034.
+
+        * profiler/ProfilerServer.mm:
+
+2008-10-31  Mark Rowe  <mrowe@apple.com>
+
+        Fix the 64-bit build.
+
+        Disable strict aliasing in ProfilerServer.mm as it leads to the compiler being unhappy
+        with the common Obj-C idiom self = [super init];
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Change a header guard to match our coding style.
+
+        * kjs/InitializeThreading.h:
+
+2008-10-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed a small bit of https://bugs.webkit.org/show_bug.cgi?id=21962
+        AST uses way too much memory
+        
+        Removed a word from StatementNode by nixing LabelStack and turning it
+        into a compile-time data structure managed by CodeGenerator.
+        
+        v8 tests and SunSpider, run by Gavin, report no change.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.order:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+        * JavaScriptCoreSources.bkl: I sure hope this builds!
+        
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::newLabelScope):
+        (JSC::CodeGenerator::breakTarget):
+        (JSC::CodeGenerator::continueTarget):
+        * VM/CodeGenerator.h: Nixed the JumpContext system because it depended
+        on a LabelStack in the AST, and it was a little cumbersome on the client
+        side. Replaced with LabelScope, which tracks all break / continue
+        information in the CodeGenerator, just like we track LabelIDs and other
+        stacks of compile-time data.
+
+        * kjs/LabelScope.h: Added.
+        (JSC::LabelScope::):
+        (JSC::LabelScope::LabelScope):
+        (JSC::LabelScope::ref):
+        (JSC::LabelScope::deref):
+        (JSC::LabelScope::refCount):
+        (JSC::LabelScope::breakTarget):
+        (JSC::LabelScope::continueTarget):
+        (JSC::LabelScope::type):
+        (JSC::LabelScope::name):
+        (JSC::LabelScope::scopeDepth): Simple abstraction for holding everything
+        you might want to know about a break-able / continue-able scope.
+
+        * kjs/LabelStack.cpp: Removed.
+        * kjs/LabelStack.h: Removed.
+
+        * kjs/grammar.y: No need to push labels at parse time -- we don't store
+        LabelStacks in the AST anymore.
+
+        * kjs/nodes.cpp:
+        (JSC::DoWhileNode::emitCode):
+        (JSC::WhileNode::emitCode):
+        (JSC::ForNode::emitCode):
+        (JSC::ForInNode::emitCode):
+        (JSC::ContinueNode::emitCode):
+        (JSC::BreakNode::emitCode):
+        (JSC::SwitchNode::emitCode):
+        (JSC::LabelNode::emitCode):
+        * kjs/nodes.h:
+        (JSC::StatementNode::):
+        (JSC::LabelNode::): Use LabelScope where we used to use JumpContext.
+        Simplified a bunch of code. Touched up label-related error messages a
+        bit.
+
+        * kjs/nodes2string.cpp:
+        (JSC::LabelNode::streamTo): Updated for rename.
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 22005: Move StructureIDChain into its own file
+        <https://bugs.webkit.org/show_bug.cgi?id=22005>
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * runtime/StructureID.cpp:
+        * runtime/StructureID.h:
+        * runtime/StructureIDChain.cpp: Copied from runtime/StructureID.cpp.
+        * runtime/StructureIDChain.h: Copied from runtime/StructureID.h.
+
+2008-10-31  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2008-10-31  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-10-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        - fix storage leak seen on buildbot
+
+        Some other cleanup too. The storage leak was caused by the fact
+        that HashTraits<CallIdentifier>::needsDestruction was false, so
+        the call identifier objects didn't get deleted.
+
+        * profiler/CallIdentifier.h:
+        
+        Added a default constructor to create empty call identifiers.
+
+        Changed the normal constructor to use const UString&
+        to avoid extra copying and reference count thrash.
+        
+        Removed the explicit copy constructor definition, since it's what
+        the compiler will automatically generate. (Rule of thumb: Either
+        you need both a custom copy constructor and a custom assignment
+        operator, or neither.)
+
+        Moved the CallIdentifier hash function out of the WTF namespace;
+        there's no reason to put it there.
+
+        Changed the CallIdentifier hash function to be a struct rather than
+        a specialization of the IntHash struct template. Having it be
+        a specialization made no sense, since CallIdentifier is not an integer,
+        and did no good.
+
+        Removed explicit definition of emptyValueIsZero in the hash traits,
+        since inheriting from GenericHashTraits already makes that false.
+
+        Removed explicit definition of emptyValue, instead relying on the
+        default constructor and GenericHashTraits.
+
+        Removed explicit definition of needsDestruction, because we want it
+        to have its default value: true, not false. This fixes the leak!
+
+        Changed constructDeletedValue and isDeletedValue to use a line number
+        of numeric_limits<unsigned>::max() to indicate a value is deleted.
+        Previously this used empty strings for the empty value and null strings
+        for the deleted value, but it's more efficient to use null for both.
+
+2008-10-31  Timothy Hatcher  <timothy@apple.com>
+
+        Emit the WillExecuteStatement debugger hook before the for loop body
+        when the statement node for the body isn't a block. This allows
+        breakpoints on those statements in the Web Inspector.
+
+        https://bugs.webkit.org/show_bug.cgi?id=22004
+
+        Reviewed by Darin Adler.
+
+        * kjs/nodes.cpp:
+        (JSC::ForNode::emitCode): Emit the WillExecuteStatement
+        debugger hook before the statement node if isn't a block.
+        Also emit the WillExecuteStatement debugger hook for the
+        loop as the first op-code.
+        (JSC::ForInNode::emitCode): Ditto.
+
+2008-10-31  Timothy Hatcher  <timothy@apple.com>
+
+        Fixes console warnings about not having an autorelease pool.
+        Also fixes the build for Snow Leopard, by including individual
+        Foundation headers instead of Foundation.h.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21995
+
+        Reviewed by Oliver Hunt.
+
+        * profiler/ProfilerServer.mm:
+        (-[ProfilerServer init]): Create a NSAutoreleasePool and drain it.
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Speculative wxWindows build fix.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Maciej Stachowiak.
+
+        Move VM/JSPropertyNameIterator.cpp and VM/JSPropertyNameIterator.h to
+        the runtime directory.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * VM/JSPropertyNameIterator.cpp: Removed.
+        * VM/JSPropertyNameIterator.h: Removed.
+        * runtime/JSPropertyNameIterator.cpp: Copied from VM/JSPropertyNameIterator.cpp.
+        * runtime/JSPropertyNameIterator.h: Copied from VM/JSPropertyNameIterator.h.
+
+2008-10-31  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Speculative wxWindows build fix.
+
+        * jscore.bkl:
+
+2008-10-30  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Jon Homeycutt.
+
+        Explicitly default to building for only the native architecture in debug and release builds.
+
+        * Configurations/DebugRelease.xcconfig:
+
+2008-10-30  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Create a debugger directory in JavaScriptCore and move the relevant
+        files to it.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeBlock.cpp:
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        * debugger: Added.
+        * debugger/Debugger.cpp: Copied from kjs/debugger.cpp.
+        * debugger/Debugger.h: Copied from kjs/debugger.h.
+        * debugger/DebuggerCallFrame.cpp: Copied from kjs/DebuggerCallFrame.cpp.
+        * debugger/DebuggerCallFrame.h: Copied from kjs/DebuggerCallFrame.h.
+        * kjs/AllInOneFile.cpp:
+        * kjs/DebuggerCallFrame.cpp: Removed.
+        * kjs/DebuggerCallFrame.h: Removed.
+        * kjs/Parser.cpp:
+        * kjs/Parser.h:
+        * kjs/debugger.cpp: Removed.
+        * kjs/debugger.h: Removed.
+        * kjs/interpreter.cpp:
+        * kjs/nodes.cpp:
+        * runtime/FunctionConstructor.cpp:
+        * runtime/JSGlobalObject.cpp:
+
+2008-10-30  Benjamin K. Stuhl  <bks24@cornell.edu>
+
+        gcc 4.3.3/linux-x86 generates "suggest parentheses around && within ||"
+        warnings; add some parentheses to disambiguate things. No functional
+        changes, so no tests.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21973
+        Add parentheses to clean up some gcc warnings
+
+        Reviewed by Dan Bernstein.
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIAlphanumeric):
+        (WTF::isASCIIHexDigit):
+
+2008-10-30  Kevin Lindeman  <klindeman@apple.com>
+
+        Adds ProfilerServer, which is a distributed notification listener
+        that allows starting and stopping the profiler remotely for use
+        in conjunction with the profiler's DTace probes.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21719
+
+        Reviewed by Timothy Hatcher.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Calls startProfilerServerIfNeeded.
+        * profiler/ProfilerServer.h: Added.
+        * profiler/ProfilerServer.mm: Added.
+        (+[ProfilerServer sharedProfileServer]):
+        (-[ProfilerServer init]):
+        (-[ProfilerServer startProfiling]):
+        (-[ProfilerServer stopProfiling]):
+        (JSC::startProfilerServerIfNeeded):
+
+2008-10-30  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fix after PropertyMap and StructureID merge.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-10-30  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Change the JavaScriptCore Xcode project to use relative paths for the
+        PCRE source files.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-10-30  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich and Geoffrey Garen.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21989
+        Merge PropertyMap and StructureID
+
+        - Move PropertyMap code into StructureID in preparation for lazily
+          creating the map on gets.
+        - Make remove with transition explicit by adding removePropertyTransition.
+        - Make the put/remove without transition explicit.
+        - Make cache invalidation part of put/remove without transition.
+
+        1% speedup on SunSpider; 0.5% speedup on v8 suite.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/identifier.h:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::removeDirect):
+        * runtime/JSObject.h:
+        (JSC::JSObject::putDirect):
+        * runtime/PropertyMap.cpp: Removed.
+        * runtime/PropertyMap.h: Removed.
+        * runtime/PropertyMapHashTable.h: Copied from runtime/PropertyMap.h.
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics):
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+        (JSC::StructureID::getEnumerablePropertyNames):
+        (JSC::StructureID::addPropertyTransition):
+        (JSC::StructureID::removePropertyTransition):
+        (JSC::StructureID::toDictionaryTransition):
+        (JSC::StructureID::changePrototypeTransition):
+        (JSC::StructureID::getterSetterTransition):
+        (JSC::StructureID::addPropertyWithoutTransition):
+        (JSC::StructureID::removePropertyWithoutTransition):
+        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
+        (JSC::StructureID::checkConsistency):
+        (JSC::StructureID::copyPropertyTable):
+        (JSC::StructureID::get):
+        (JSC::StructureID::put):
+        (JSC::StructureID::remove):
+        (JSC::StructureID::insertIntoPropertyMapHashTable):
+        (JSC::StructureID::expandPropertyMapHashTable):
+        (JSC::StructureID::createPropertyMapHashTable):
+        (JSC::StructureID::rehashPropertyMapHashTable):
+        (JSC::comparePropertyMapEntryIndices):
+        (JSC::StructureID::getEnumerablePropertyNamesInternal):
+        * runtime/StructureID.h:
+        (JSC::StructureID::propertyStorageSize):
+        (JSC::StructureID::isEmpty):
+        (JSC::StructureID::get):
+
+2008-10-30  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 21987: CTI::putDoubleResultToJSNumberCellOrJSImmediate() hardcodes its result register
+        <https://bugs.webkit.org/show_bug.cgi?id=21987>
+
+        CTI::putDoubleResultToJSNumberCellOrJSImmediate() hardcodes its result
+        register as ecx, but it should be tempReg1, which is ecx at all of its
+        callsites.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
+
+2008-10-30  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 21985: Opcodes should use eax as their destination register whenever possible
+        <https://bugs.webkit.org/show_bug.cgi?id=21985>
+
+        Change more opcodes to use eax as the register for their final result,
+        and change calls to emitPutResult() that pass eax to rely on the default
+        value of eax.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+
+2008-10-30  Alp Toker  <alp@nuanti.com>
+
+        Build fix attempt for older gcc on the trunk-mac-intel build bot
+        (error: initializer for scalar variable requires one element).
+
+        Modify the initializer syntax slightly with an additional comma.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_post_dec):
+
+2008-10-30  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21571
+        VoidPtrPair breaks CTI on Linux
+
+        The VoidPtrPair return change made in r37457 does not work on Linux
+        since POD structs aren't passed in registers.
+
+        This patch uses a union to vectorize VoidPtrPair to a uint64_t and
+        matches Darwin/MSVC fixing CTI/WREC on Linux.
+
+        Alexey reports no measurable change in Mac performance with this fix.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_post_dec):
+        * VM/Machine.h:
+        (JSC::):
+
+2008-10-29  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Initial work to reduce cost of JSNumberCell allocation
+
+        This does the initial work needed to bring more of number
+        allocation into CTI code directly, rather than just falling
+        back onto the slow paths if we can't guarantee that a number
+        cell can be reused.
+
+        Initial implementation only used by op_negate to make sure
+        it all works.  In a negate heavy (though not dominated) test
+        it results in a 10% win in the non-reusable cell case.
+
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitAllocateNumber):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitArithIntToImmWithJump):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitUnaryOp):
+        * VM/CodeGenerator.h:
+        (JSC::CodeGenerator::emitToJSNumber):
+        (JSC::CodeGenerator::emitTypeOf):
+        (JSC::CodeGenerator::emitGetPropertyNames):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/ResultType.h:
+        (JSC::ResultType::isReusableNumber):
+        (JSC::ResultType::toInt):
+        * kjs/nodes.cpp:
+        (JSC::UnaryOpNode::emitCode):
+        (JSC::BinaryOpNode::emitCode):
+        (JSC::EqualNode::emitCode):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::negl_r):
+        (JSC::X86Assembler::xorpd_mr):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::JSNumberCell):
+
+2008-10-29  Steve Falkenburg  <sfalken@apple.com>
+
+        <rdar://problem/6326563> Crash on launch
+
+        For Windows, export explicit functions rather than exporting data for atomicallyInitializedStaticMutex.
+        
+        Exporting data from a DLL on Windows requires specifying __declspec(dllimport) in the header used by
+        callers, but __declspec(dllexport) when defined in the DLL implementation. By instead exporting
+        the explicit lock/unlock functions, we can avoid this.
+        
+        Fixes a crash on launch, since we were previously erroneously exporting atomicallyInitializedStaticMutex as a function.
+        
+        Reviewed by Darin Adler.
+
+        * wtf/Threading.h:
+        (WTF::lockAtomicallyInitializedStaticMutex):
+        (WTF::unlockAtomicallyInitializedStaticMutex):
+        * wtf/ThreadingWin.cpp:
+        (WTF::lockAtomicallyInitializedStaticMutex):
+        (WTF::unlockAtomicallyInitializedStaticMutex):
+
+2008-10-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Remove direct use of PropertyMap.
+
+        * JavaScriptCore.exp:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::mark):
+        (JSC::JSObject::put):
+        (JSC::JSObject::deleteProperty):
+        (JSC::JSObject::getPropertyAttributes):
+        (JSC::JSObject::removeDirect):
+        * runtime/JSObject.h:
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::hasCustomProperties):
+        (JSC::JSObject::JSObject):
+        (JSC::JSObject::putDirect):
+        * runtime/PropertyMap.cpp:
+        (JSC::PropertyMap::get):
+        * runtime/PropertyMap.h:
+        (JSC::PropertyMap::isEmpty):
+        (JSC::PropertyMap::get):
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics):
+        * runtime/StructureID.h:
+        (JSC::StructureID::propertyStorageSize):
+        (JSC::StructureID::get):
+        (JSC::StructureID::put):
+        (JSC::StructureID::remove):
+        (JSC::StructureID::isEmpty):
+
+2008-10-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Rename and move the StructureID transition table to its own file.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::addPropertyTransition):
+        * runtime/StructureID.h:
+        (JSC::StructureID::):
+        * runtime/StructureIDTransitionTable.h: Copied from runtime/StructureID.h.
+        (JSC::StructureIDTransitionTableHash::hash):
+        (JSC::StructureIDTransitionTableHash::equal):
+
+2008-10-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21958
+        Pack bits in StructureID to reduce the size of each StructureID by 2 words.
+
+        * runtime/PropertyMap.h:
+        (JSC::PropertyMap::propertyMapSize):
+        * runtime/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics): Add additional size statistics when dumping.
+        (JSC::StructureID::StructureID):
+        * runtime/StructureID.h:
+
+2008-10-29  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fixes after addition of runtime and ImageBuffer changes.
+
+        * JavaScriptCoreSources.bkl:
+        * jscore.bkl:
+
+2008-10-29  Timothy Hatcher  <timothy@apple.com>
+
+        Emit the WillExecuteStatement debugger hook before the "else" body
+        when there is no block for the "else" body. This allows breakpoints
+        on those statements in the Web Inspector.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21944
+
+        Reviewed by Maciej Stachowiak.
+
+        * kjs/nodes.cpp:
+        (JSC::IfElseNode::emitCode): Emit the WillExecuteStatement
+        debugger hook before the else node if isn't a block.
+
+2008-10-29  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * JavaScriptCore.exp: Export HashTable::deleteTable().
+
+2008-10-28  Alp Toker  <alp@nuanti.com>
+
+        Fix builddir != srcdir builds after kjs -> runtime breakage. Sources
+        may now be generated in both kjs/ and runtime/.
+
+        Also sort the sources list for readability.
+
+        * GNUmakefile.am:
+
+2008-10-28  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Build fix attempt after kjs -> runtime rename.
+
+        * GNUmakefile.am:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Remove a duplicate includes directory.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Attempt to fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2008-10-28  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        - export WTF::atomicallyInitializedStaticMutex
+
+        * JavaScriptCore.exp:
+
+2008-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed CodeBlock dumping to accurately report constant register indices.
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        More Qt build fixes.
+
+        * JavaScriptCore.pri:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the Qt build, hopefully for real this time.
+
+        * JavaScriptCore.pri:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the Qt build.
+
+        * JavaScriptCore.pri:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Fix the Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-10-28  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Create a runtime directory in JavaScriptCore and begin moving files to
+        it. This is the first step towards removing the kjs directory and
+        placing files in more meaningful subdirectories of JavaScriptCore.
+
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSClassRef.cpp:
+        * API/JSClassRef.h:
+        * API/JSStringRefCF.cpp:
+        * API/JSValueRef.cpp:
+        * API/OpaqueJSString.cpp:
+        * DerivedSources.make:
+        * GNUmakefile.am:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/AllInOneFile.cpp:
+        * kjs/ArrayConstructor.cpp: Removed.
+        * kjs/ArrayConstructor.h: Removed.
+        * kjs/ArrayPrototype.cpp: Removed.
+        * kjs/ArrayPrototype.h: Removed.
+        * kjs/BooleanConstructor.cpp: Removed.
+        * kjs/BooleanConstructor.h: Removed.
+        * kjs/BooleanObject.cpp: Removed.
+        * kjs/BooleanObject.h: Removed.
+        * kjs/BooleanPrototype.cpp: Removed.
+        * kjs/BooleanPrototype.h: Removed.
+        * kjs/CallData.cpp: Removed.
+        * kjs/CallData.h: Removed.
+        * kjs/ClassInfo.h: Removed.
+        * kjs/ConstructData.cpp: Removed.
+        * kjs/ConstructData.h: Removed.
+        * kjs/DateConstructor.cpp: Removed.
+        * kjs/DateConstructor.h: Removed.
+        * kjs/DateInstance.cpp: Removed.
+        * kjs/DateInstance.h: Removed.
+        * kjs/DateMath.cpp: Removed.
+        * kjs/DateMath.h: Removed.
+        * kjs/DatePrototype.cpp: Removed.
+        * kjs/DatePrototype.h: Removed.
+        * kjs/Error.cpp: Removed.
+        * kjs/Error.h: Removed.
+        * kjs/ErrorConstructor.cpp: Removed.
+        * kjs/ErrorConstructor.h: Removed.
+        * kjs/ErrorInstance.cpp: Removed.
+        * kjs/ErrorInstance.h: Removed.
+        * kjs/ErrorPrototype.cpp: Removed.
+        * kjs/ErrorPrototype.h: Removed.
+        * kjs/FunctionConstructor.cpp: Removed.
+        * kjs/FunctionConstructor.h: Removed.
+        * kjs/FunctionPrototype.cpp: Removed.
+        * kjs/FunctionPrototype.h: Removed.
+        * kjs/GlobalEvalFunction.cpp: Removed.
+        * kjs/GlobalEvalFunction.h: Removed.
+        * kjs/InternalFunction.cpp: Removed.
+        * kjs/InternalFunction.h: Removed.
+        * kjs/JSArray.cpp: Removed.
+        * kjs/JSArray.h: Removed.
+        * kjs/JSCell.cpp: Removed.
+        * kjs/JSCell.h: Removed.
+        * kjs/JSFunction.cpp: Removed.
+        * kjs/JSFunction.h: Removed.
+        * kjs/JSGlobalObject.cpp: Removed.
+        * kjs/JSGlobalObject.h: Removed.
+        * kjs/JSGlobalObjectFunctions.cpp: Removed.
+        * kjs/JSGlobalObjectFunctions.h: Removed.
+        * kjs/JSImmediate.cpp: Removed.
+        * kjs/JSImmediate.h: Removed.
+        * kjs/JSNotAnObject.cpp: Removed.
+        * kjs/JSNotAnObject.h: Removed.
+        * kjs/JSNumberCell.cpp: Removed.
+        * kjs/JSNumberCell.h: Removed.
+        * kjs/JSObject.cpp: Removed.
+        * kjs/JSObject.h: Removed.
+        * kjs/JSString.cpp: Removed.
+        * kjs/JSString.h: Removed.
+        * kjs/JSValue.cpp: Removed.
+        * kjs/JSValue.h: Removed.
+        * kjs/JSVariableObject.cpp: Removed.
+        * kjs/JSVariableObject.h: Removed.
+        * kjs/JSWrapperObject.cpp: Removed.
+        * kjs/JSWrapperObject.h: Removed.
+        * kjs/MathObject.cpp: Removed.
+        * kjs/MathObject.h: Removed.
+        * kjs/NativeErrorConstructor.cpp: Removed.
+        * kjs/NativeErrorConstructor.h: Removed.
+        * kjs/NativeErrorPrototype.cpp: Removed.
+        * kjs/NativeErrorPrototype.h: Removed.
+        * kjs/NumberConstructor.cpp: Removed.
+        * kjs/NumberConstructor.h: Removed.
+        * kjs/NumberObject.cpp: Removed.
+        * kjs/NumberObject.h: Removed.
+        * kjs/NumberPrototype.cpp: Removed.
+        * kjs/NumberPrototype.h: Removed.
+        * kjs/ObjectConstructor.cpp: Removed.
+        * kjs/ObjectConstructor.h: Removed.
+        * kjs/ObjectPrototype.cpp: Removed.
+        * kjs/ObjectPrototype.h: Removed.
+        * kjs/PropertyMap.cpp: Removed.
+        * kjs/PropertyMap.h: Removed.
+        * kjs/PropertySlot.cpp: Removed.
+        * kjs/PropertySlot.h: Removed.
+        * kjs/PrototypeFunction.cpp: Removed.
+        * kjs/PrototypeFunction.h: Removed.
+        * kjs/PutPropertySlot.h: Removed.
+        * kjs/SmallStrings.cpp: Removed.
+        * kjs/SmallStrings.h: Removed.
+        * kjs/StringConstructor.cpp: Removed.
+        * kjs/StringConstructor.h: Removed.
+        * kjs/StringObject.cpp: Removed.
+        * kjs/StringObject.h: Removed.
+        * kjs/StringObjectThatMasqueradesAsUndefined.h: Removed.
+        * kjs/StringPrototype.cpp: Removed.
+        * kjs/StringPrototype.h: Removed.
+        * kjs/StructureID.cpp: Removed.
+        * kjs/StructureID.h: Removed.
+        * kjs/completion.h:
+        * kjs/interpreter.h:
+        * runtime: Added.
+        * runtime/ArrayConstructor.cpp: Copied from kjs/ArrayConstructor.cpp.
+        * runtime/ArrayConstructor.h: Copied from kjs/ArrayConstructor.h.
+        * runtime/ArrayPrototype.cpp: Copied from kjs/ArrayPrototype.cpp.
+        * runtime/ArrayPrototype.h: Copied from kjs/ArrayPrototype.h.
+        * runtime/BooleanConstructor.cpp: Copied from kjs/BooleanConstructor.cpp.
+        * runtime/BooleanConstructor.h: Copied from kjs/BooleanConstructor.h.
+        * runtime/BooleanObject.cpp: Copied from kjs/BooleanObject.cpp.
+        * runtime/BooleanObject.h: Copied from kjs/BooleanObject.h.
+        * runtime/BooleanPrototype.cpp: Copied from kjs/BooleanPrototype.cpp.
+        * runtime/BooleanPrototype.h: Copied from kjs/BooleanPrototype.h.
+        * runtime/CallData.cpp: Copied from kjs/CallData.cpp.
+        * runtime/CallData.h: Copied from kjs/CallData.h.
+        * runtime/ClassInfo.h: Copied from kjs/ClassInfo.h.
+        * runtime/ConstructData.cpp: Copied from kjs/ConstructData.cpp.
+        * runtime/ConstructData.h: Copied from kjs/ConstructData.h.
+        * runtime/DateConstructor.cpp: Copied from kjs/DateConstructor.cpp.
+        * runtime/DateConstructor.h: Copied from kjs/DateConstructor.h.
+        * runtime/DateInstance.cpp: Copied from kjs/DateInstance.cpp.
+        * runtime/DateInstance.h: Copied from kjs/DateInstance.h.
+        * runtime/DateMath.cpp: Copied from kjs/DateMath.cpp.
+        * runtime/DateMath.h: Copied from kjs/DateMath.h.
+        * runtime/DatePrototype.cpp: Copied from kjs/DatePrototype.cpp.
+        * runtime/DatePrototype.h: Copied from kjs/DatePrototype.h.
+        * runtime/Error.cpp: Copied from kjs/Error.cpp.
+        * runtime/Error.h: Copied from kjs/Error.h.
+        * runtime/ErrorConstructor.cpp: Copied from kjs/ErrorConstructor.cpp.
+        * runtime/ErrorConstructor.h: Copied from kjs/ErrorConstructor.h.
+        * runtime/ErrorInstance.cpp: Copied from kjs/ErrorInstance.cpp.
+        * runtime/ErrorInstance.h: Copied from kjs/ErrorInstance.h.
+        * runtime/ErrorPrototype.cpp: Copied from kjs/ErrorPrototype.cpp.
+        * runtime/ErrorPrototype.h: Copied from kjs/ErrorPrototype.h.
+        * runtime/FunctionConstructor.cpp: Copied from kjs/FunctionConstructor.cpp.
+        * runtime/FunctionConstructor.h: Copied from kjs/FunctionConstructor.h.
+        * runtime/FunctionPrototype.cpp: Copied from kjs/FunctionPrototype.cpp.
+        * runtime/FunctionPrototype.h: Copied from kjs/FunctionPrototype.h.
+        * runtime/GlobalEvalFunction.cpp: Copied from kjs/GlobalEvalFunction.cpp.
+        * runtime/GlobalEvalFunction.h: Copied from kjs/GlobalEvalFunction.h.
+        * runtime/InternalFunction.cpp: Copied from kjs/InternalFunction.cpp.
+        * runtime/InternalFunction.h: Copied from kjs/InternalFunction.h.
+        * runtime/JSArray.cpp: Copied from kjs/JSArray.cpp.
+        * runtime/JSArray.h: Copied from kjs/JSArray.h.
+        * runtime/JSCell.cpp: Copied from kjs/JSCell.cpp.
+        * runtime/JSCell.h: Copied from kjs/JSCell.h.
+        * runtime/JSFunction.cpp: Copied from kjs/JSFunction.cpp.
+        * runtime/JSFunction.h: Copied from kjs/JSFunction.h.
+        * runtime/JSGlobalObject.cpp: Copied from kjs/JSGlobalObject.cpp.
+        * runtime/JSGlobalObject.h: Copied from kjs/JSGlobalObject.h.
+        * runtime/JSGlobalObjectFunctions.cpp: Copied from kjs/JSGlobalObjectFunctions.cpp.
+        * runtime/JSGlobalObjectFunctions.h: Copied from kjs/JSGlobalObjectFunctions.h.
+        * runtime/JSImmediate.cpp: Copied from kjs/JSImmediate.cpp.
+        * runtime/JSImmediate.h: Copied from kjs/JSImmediate.h.
+        * runtime/JSNotAnObject.cpp: Copied from kjs/JSNotAnObject.cpp.
+        * runtime/JSNotAnObject.h: Copied from kjs/JSNotAnObject.h.
+        * runtime/JSNumberCell.cpp: Copied from kjs/JSNumberCell.cpp.
+        * runtime/JSNumberCell.h: Copied from kjs/JSNumberCell.h.
+        * runtime/JSObject.cpp: Copied from kjs/JSObject.cpp.
+        * runtime/JSObject.h: Copied from kjs/JSObject.h.
+        * runtime/JSString.cpp: Copied from kjs/JSString.cpp.
+        * runtime/JSString.h: Copied from kjs/JSString.h.
+        * runtime/JSValue.cpp: Copied from kjs/JSValue.cpp.
+        * runtime/JSValue.h: Copied from kjs/JSValue.h.
+        * runtime/JSVariableObject.cpp: Copied from kjs/JSVariableObject.cpp.
+        * runtime/JSVariableObject.h: Copied from kjs/JSVariableObject.h.
+        * runtime/JSWrapperObject.cpp: Copied from kjs/JSWrapperObject.cpp.
+        * runtime/JSWrapperObject.h: Copied from kjs/JSWrapperObject.h.
+        * runtime/MathObject.cpp: Copied from kjs/MathObject.cpp.
+        * runtime/MathObject.h: Copied from kjs/MathObject.h.
+        * runtime/NativeErrorConstructor.cpp: Copied from kjs/NativeErrorConstructor.cpp.
+        * runtime/NativeErrorConstructor.h: Copied from kjs/NativeErrorConstructor.h.
+        * runtime/NativeErrorPrototype.cpp: Copied from kjs/NativeErrorPrototype.cpp.
+        * runtime/NativeErrorPrototype.h: Copied from kjs/NativeErrorPrototype.h.
+        * runtime/NumberConstructor.cpp: Copied from kjs/NumberConstructor.cpp.
+        * runtime/NumberConstructor.h: Copied from kjs/NumberConstructor.h.
+        * runtime/NumberObject.cpp: Copied from kjs/NumberObject.cpp.
+        * runtime/NumberObject.h: Copied from kjs/NumberObject.h.
+        * runtime/NumberPrototype.cpp: Copied from kjs/NumberPrototype.cpp.
+        * runtime/NumberPrototype.h: Copied from kjs/NumberPrototype.h.
+        * runtime/ObjectConstructor.cpp: Copied from kjs/ObjectConstructor.cpp.
+        * runtime/ObjectConstructor.h: Copied from kjs/ObjectConstructor.h.
+        * runtime/ObjectPrototype.cpp: Copied from kjs/ObjectPrototype.cpp.
+        * runtime/ObjectPrototype.h: Copied from kjs/ObjectPrototype.h.
+        * runtime/PropertyMap.cpp: Copied from kjs/PropertyMap.cpp.
+        * runtime/PropertyMap.h: Copied from kjs/PropertyMap.h.
+        * runtime/PropertySlot.cpp: Copied from kjs/PropertySlot.cpp.
+        * runtime/PropertySlot.h: Copied from kjs/PropertySlot.h.
+        * runtime/PrototypeFunction.cpp: Copied from kjs/PrototypeFunction.cpp.
+        * runtime/PrototypeFunction.h: Copied from kjs/PrototypeFunction.h.
+        * runtime/PutPropertySlot.h: Copied from kjs/PutPropertySlot.h.
+        * runtime/SmallStrings.cpp: Copied from kjs/SmallStrings.cpp.
+        * runtime/SmallStrings.h: Copied from kjs/SmallStrings.h.
+        * runtime/StringConstructor.cpp: Copied from kjs/StringConstructor.cpp.
+        * runtime/StringConstructor.h: Copied from kjs/StringConstructor.h.
+        * runtime/StringObject.cpp: Copied from kjs/StringObject.cpp.
+        * runtime/StringObject.h: Copied from kjs/StringObject.h.
+        * runtime/StringObjectThatMasqueradesAsUndefined.h: Copied from kjs/StringObjectThatMasqueradesAsUndefined.h.
+        * runtime/StringPrototype.cpp: Copied from kjs/StringPrototype.cpp.
+        * runtime/StringPrototype.h: Copied from kjs/StringPrototype.h.
+        * runtime/StructureID.cpp: Copied from kjs/StructureID.cpp.
+        * runtime/StructureID.h: Copied from kjs/StructureID.h.
+
+2008-10-28  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21919
+        Sampler reports bogus time in op_enter during 3d-raytrace.js
+        
+        Fixed a bug where we would pass the incorrect Instruction* during some
+        parts of CTI codegen.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/SamplingTool.cpp:
+        (JSC::SamplingTool::run):
+        * wtf/Platform.h:
+
+2008-10-28  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        -Removed unused includes.
+        Apparent .4% speedup in Sunspider
+
+        * kjs/JSObject.cpp:
+        * kjs/interpreter.cpp:
+
+2008-10-28  Alp Toker  <alp@nuanti.com>
+
+        Include copyright license files in the autotools dist target.
+
+        Change suggested by Mike Hommey.
+
+        * GNUmakefile.am:
+
+2008-10-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Stop discarding CodeBlock samples that can't be charged to a specific
+        opcode. Instead, charge the relevant CodeBlock, and provide a footnote
+        explaining the situation.
+        
+        This will help us tell which CodeBlocks are hot, even if we can't
+        identify specific lines of code within the CodeBlocks.
+
+        * VM/SamplingTool.cpp:
+        (JSC::ScopeSampleRecord::sample):
+        (JSC::compareScopeSampleRecords):
+        (JSC::SamplingTool::dump):
+
+        * VM/SamplingTool.h:
+        (JSC::ScopeSampleRecord::ScopeSampleRecord):
+        (JSC::ScopeSampleRecord::~ScopeSampleRecord):
+
+2008-10-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Added a mutex around the SamplingTool's ScopeNode* map, to solve a crash
+        when sampling the v8 tests.
+
+        * VM/SamplingTool.cpp:
+        (JSC::SamplingTool::run):
+        (JSC::SamplingTool::notifyOfScope):
+        * VM/SamplingTool.h: Since new ScopeNodes can be created after
+        the SamplingTools has begun sampling, reads and writes to / from the
+        map need to be synchronized. Shark says this doesn't measurably increase
+        sampling overhead.
+
+2008-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): Provide a dummy value to the
+        HostCallRecord in CTI non-sampling builds, to silence compiler warning.
+
+2008-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Windows build.
+
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::encodeSample): Explicitly cast bool to int, to
+        silence compiler warning.
+
+2008-10-25  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig, with Gavin Barraclough's help.
+        
+        Fixed Sampling Tool:
+            - Made CodeBlock sampling work with CTI
+            - Improved accuracy by unifying most sampling data into a single
+              32bit word, which can be written / read atomically.
+            - Split out three different #ifdefs for modularity: OPCODE_SAMPLING;
+              CODEBLOCK_SAMPLING; OPCODE_STATS.
+            - Improved reporting clarity
+            - Refactored for code clarity
+
+        * JavaScriptCore.exp: Exported another symbol.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h: Updated CTI codegen to use the unified SamplingTool interface
+        for encoding samples. (This required passing the current vPC to a lot
+        more functions, since the unified interface samples the current vPC.)
+        Added hooks for writing the current CodeBlock* on function entry and
+        after a function call, for the sake of the CodeBlock sampler. Removed
+        obsolete hook for clearing the current sample inside op_end. Also removed
+        the custom enum used to differentiate flavors of op_call, since the
+        OpcodeID enum works just as well. (This was important in an earlier
+        version of the patch, but now it's just cleanup.)
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::lineNumberForVPC):
+        * VM/CodeBlock.h: Upated for refactored #ifdefs. Changed lineNumberForVPC
+        to be robust against vPCs not recorded for exception handling, since
+        the Sampler may ask for an arbitrary vPC.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::execute):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        * VM/Machine.h:
+        (JSC::Machine::setSampler):
+        (JSC::Machine::sampler):
+        (JSC::Machine::jitCodeBuffer): Upated for refactored #ifdefs. Changed
+        Machine to use SamplingTool helper objects to record movement in and
+        out of host code. This makes samples a bit more precise.
+        
+        * VM/Opcode.cpp:
+        (JSC::OpcodeStats::~OpcodeStats):
+        * VM/Opcode.h: Upated for refactored #ifdefs. Added a little more padding,
+        to accomodate our more verbose opcode names.
+
+        * VM/SamplingTool.cpp:
+        (JSC::ScopeSampleRecord::sample): Only count a sample toward our total
+        if we actually record it. This solves cases where a CodeBlock will
+        claim to have been sampled many times, with reported samples that don't
+        match.
+
+        (JSC::SamplingTool::run): Read the current sample into a Sample helper
+        object, to ensure that the data doesn't change while we're analyzing it,
+        and to help decode the data. Only access the CodeBlock sampling hash
+        table if CodeBlock sampling has been enabled, so non-CodeBlock sampling
+        runs can operate with even less overhead.
+
+        (JSC::SamplingTool::dump): I reorganized this code a lot to print the
+        most important info at the top, print as a table, annotate and document
+        the stuff I didn't understand when I started, etc.
+
+        * VM/SamplingTool.h: New helper classes, described above.
+
+        * kjs/Parser.h:
+        * kjs/Shell.cpp:
+        (runWithScripts):
+        * kjs/nodes.cpp:
+        (JSC::ScopeNode::ScopeNode): Updated for new sampling APIs.
+
+        * wtf/Platform.h: Moved sampling #defines here, since our custom is to
+        put ENABLE #defines into Platform.h. Made explicit the fact that
+        CODEBLOCK_SAMPLING depends on OPCODE_SAMPLING.
+
+2008-10-25  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        JSC Build fix, not reviewed.
+
+        * VM/CTI.cpp: add missing include stdio.h for debug builds
+
+2008-10-24  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Darin Adler.
+        
+        Get rid of a bonus ASSERT when using a null string as a regexp.
+        Specifically calling: RegularExpression::match() with String::empty()
+        will hit this ASSERT.
+        Chromium hits this, but I don't know of any way to make a layout test.
+
+        * pcre/pcre_exec.cpp:
+        (jsRegExpExecute):
+
+2008-10-24  Alexey Proskuryakov  <ap@webkit.org>
+
+        Suggested and rubber-stamped by Geoff Garen.
+
+        Fix a crash when opening Font Picker.
+
+        The change also hopefully fixes this bug, which I could never reproduce:
+        https://bugs.webkit.org/show_bug.cgi?id=20241
+        <rdar://problem/6290576> Safari crashes at JSValueUnprotect() when fontpicker view close
+
+        * API/JSContextRef.cpp: (JSContextGetGlobalObject): Use lexical global object instead of
+        dynamic one.
+
+2008-10-24  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Remove ScopeChainNode::bottom() and inline it into its only caller,
+        ScopeChainnode::globalObject().
+
+        * kjs/JSGlobalObject.h:
+        (JSC::ScopeChainNode::globalObject):
+        * kjs/ScopeChain.h:
+        (JSC::ScopeChain::bottom):
+
+2008-10-24  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21862: Create JSFunction prototype property lazily
+        <https://bugs.webkit.org/show_bug.cgi?id=21862>
+
+        This is a 1.5% speedup on SunSpider and a 1.4% speedup on the V8
+        benchmark suite, including a 3.8% speedup on Earley-Boyer.
+
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::getOwnPropertySlot):
+        * kjs/nodes.cpp:
+        (JSC::FuncDeclNode::makeFunction):
+        (JSC::FuncExprNode::makeFunction):
+
+2008-10-24  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21475
+        
+        Provide support for the Geolocation API
+        
+        http://dev.w3.org/geo/api/spec-source.html
+
+        * wtf/Platform.h: ENABLE_GEOLOCATION defaults to 0
+
+2008-10-24  Darin Adler  <darin@apple.com>
+
+        - finish rolling out https://bugs.webkit.org/show_bug.cgi?id=21732
+
+        * API/APICast.h:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSValueRef.cpp:
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        * VM/CodeGenerator.h:
+        * VM/ExceptionHelpers.cpp:
+        * VM/ExceptionHelpers.h:
+        * VM/JSPropertyNameIterator.cpp:
+        * VM/JSPropertyNameIterator.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * VM/Register.h:
+        * kjs/ArgList.cpp:
+        * kjs/ArgList.h:
+        * kjs/Arguments.cpp:
+        * kjs/Arguments.h:
+        * kjs/ArrayConstructor.cpp:
+        * kjs/ArrayPrototype.cpp:
+        * kjs/BooleanConstructor.cpp:
+        * kjs/BooleanConstructor.h:
+        * kjs/BooleanObject.h:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/CallData.cpp:
+        * kjs/CallData.h:
+        * kjs/ConstructData.cpp:
+        * kjs/ConstructData.h:
+        * kjs/DateConstructor.cpp:
+        * kjs/DateInstance.h:
+        * kjs/DatePrototype.cpp:
+        * kjs/DatePrototype.h:
+        * kjs/DebuggerCallFrame.cpp:
+        * kjs/DebuggerCallFrame.h:
+        * kjs/ErrorConstructor.cpp:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h:
+        * kjs/FunctionConstructor.cpp:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/FunctionPrototype.h:
+        * kjs/GetterSetter.cpp:
+        * kjs/GetterSetter.h:
+        * kjs/InternalFunction.h:
+        * kjs/JSActivation.cpp:
+        * kjs/JSActivation.h:
+        * kjs/JSArray.cpp:
+        * kjs/JSArray.h:
+        * kjs/JSCell.cpp:
+        * kjs/JSCell.h:
+        * kjs/JSFunction.cpp:
+        * kjs/JSFunction.h:
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        * kjs/JSGlobalObjectFunctions.cpp:
+        * kjs/JSGlobalObjectFunctions.h:
+        * kjs/JSImmediate.cpp:
+        * kjs/JSImmediate.h:
+        * kjs/JSNotAnObject.cpp:
+        * kjs/JSNotAnObject.h:
+        * kjs/JSNumberCell.cpp:
+        * kjs/JSNumberCell.h:
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/JSStaticScopeObject.cpp:
+        * kjs/JSStaticScopeObject.h:
+        * kjs/JSString.cpp:
+        * kjs/JSString.h:
+        * kjs/JSValue.h:
+        * kjs/JSVariableObject.h:
+        * kjs/JSWrapperObject.h:
+        * kjs/MathObject.cpp:
+        * kjs/MathObject.h:
+        * kjs/NativeErrorConstructor.cpp:
+        * kjs/NumberConstructor.cpp:
+        * kjs/NumberConstructor.h:
+        * kjs/NumberObject.cpp:
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.cpp:
+        * kjs/ObjectConstructor.cpp:
+        * kjs/ObjectPrototype.cpp:
+        * kjs/ObjectPrototype.h:
+        * kjs/PropertyMap.h:
+        * kjs/PropertySlot.cpp:
+        * kjs/PropertySlot.h:
+        * kjs/RegExpConstructor.cpp:
+        * kjs/RegExpConstructor.h:
+        * kjs/RegExpMatchesArray.h:
+        * kjs/RegExpObject.cpp:
+        * kjs/RegExpObject.h:
+        * kjs/RegExpPrototype.cpp:
+        * kjs/Shell.cpp:
+        * kjs/StringConstructor.cpp:
+        * kjs/StringObject.cpp:
+        * kjs/StringObject.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        * kjs/StringPrototype.cpp:
+        * kjs/StructureID.cpp:
+        * kjs/StructureID.h:
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/completion.h:
+        * kjs/grammar.y:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/nodes.h:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/protect.h:
+        * profiler/ProfileGenerator.cpp:
+        * profiler/Profiler.cpp:
+        * profiler/Profiler.h:
+        Use JSValue* instead of JSValuePtr.
+
+2008-10-24  David Kilzer  <ddkilzer@apple.com>
+
+        Rolled out r37840.
+
+        * wtf/Platform.h:
+
+2008-10-23  Greg Bolsinga  <bolsinga@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21475
+        
+        Provide support for the Geolocation API
+        
+        http://dev.w3.org/geo/api/spec-source.html
+
+        * wtf/Platform.h: ENABLE_GEOLOCATION defaults to 0
+
+2008-10-23  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 21832: Fix scripts using 'new File::Temp' for Perl 5.10
+
+        <https://bugs.webkit.org/show_bug.cgi?id=21832>
+
+        Reviewed by Sam Weinig.
+
+        * pcre/dftables: Use imported tempfile() from File::Temp instead of
+        'new File::Temp' to make the script work with Perl 5.10.
+
+2008-10-23  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix hideous pathological case performance when looking up repatch info, bug #21727.
+
+        When repatching JIT code to optimize we look up records providing information about
+        the generated code (also used to track recsources used in linking to be later released). 
+        The lookup was being performed using a linear scan of all such records.
+
+        (1) Split up the different types of reptach information.  This means we can search them
+            separately, and in some cases should reduce their size.
+        (2) In the case of property accesses, search with a binary chop over the data.
+        (3) In the case of calls, pass a pointer to the repatch info into the relink function.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::unlinkCall):
+        (JSC::CTI::linkCall):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        (JSC::CodeBlock::derefStructureIDs):
+        * VM/CodeBlock.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::CallLinkInfo::CallLinkInfo):
+        (JSC::CallLinkInfo::setUnlinked):
+        (JSC::CallLinkInfo::isLinked):
+        (JSC::getStructureStubInfoReturnLocation):
+        (JSC::binaryChop):
+        (JSC::CodeBlock::addCaller):
+        (JSC::CodeBlock::getStubInfo):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitResolve):
+        (JSC::CodeGenerator::emitGetById):
+        (JSC::CodeGenerator::emitPutById):
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_vm_lazyLinkCall):
+
+2008-10-23  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Adam Roben.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21833
+        Place JavaScript Debugger hooks under #if ENABLE(JAVASCRIPT_DEBUGGER).
+
+        * wtf/Platform.h:
+
+2008-10-23  David Kilzer  <ddkilzer@apple.com>
+
+        Bug 21831: Fix create_hash_table for Perl 5.10
+
+        <https://bugs.webkit.org/show_bug.cgi?id=21831>
+
+        Reviewed by Sam Weinig.
+
+        * kjs/create_hash_table: Escaped square brackets so that Perl 5.10
+        doesn't try to use @nameEntries.
+
+2008-10-23  Darin Adler  <darin@apple.com>
+
+        - roll out https://bugs.webkit.org/show_bug.cgi?id=21732
+          to remove the JSValuePtr class, to fix two problems
+
+            1) slowness under MSVC, since it doesn't handle a
+               class with a single pointer in it as efficiently
+               as a pointer
+
+            2) uninitialized pointers in Vector
+
+        * JavaScriptCore.exp: Updated.
+
+        * API/APICast.h:
+        (toRef):
+        * VM/CTI.cpp:
+        (JSC::CTI::asInteger):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::addConstant):
+        * VM/CodeGenerator.h:
+        (JSC::CodeGenerator::JSValueHashTraits::constructDeletedValue):
+        (JSC::CodeGenerator::JSValueHashTraits::isDeletedValue):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_vm_throw):
+        Removed calls to payload functions.
+
+        * VM/Register.h:
+        (JSC::Register::Register): Removed overload for JSCell and call
+        to payload function.
+
+        * kjs/JSCell.h: Changed JSCell to derive from JSValue again.
+        Removed JSValuePtr constructor.
+        (JSC::asCell): Changed cast from reinterpret_cast to static_cast.
+
+        * kjs/JSImmediate.h: Removed JSValuePtr class. Added typedef back.
+
+        * kjs/JSValue.h:
+        (JSC::JSValue::JSValue): Added empty protected inline constructor back.
+        (JSC::JSValue::~JSValue): Same for destructor.
+        Removed == and != operator for JSValuePtr.
+
+        * kjs/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot): Chnaged argument to const JSValue*
+        and added a const_cast.
+
+        * kjs/protect.h: Removed overloads and specialization for JSValuePtr.
+
+2008-10-22  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Really "fix" CTI mode on windows 2k3.
+
+        This adds new methods fastMallocExecutable and fastFreeExecutable
+        to wrap allocation for cti code.  This still just makes fastMalloc
+        return executable memory all the time, which will be fixed in a
+        later patch.
+
+        However in windows debug builds all executable allocations will be
+        allocated on separate executable pages, which should resolve any
+        remaining 2k3 issues.  Conveniently the 2k3 bot will now also fail
+        if there are any fastFree vs. fastFreeExecutable errors.
+
+        * ChangeLog:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        * kjs/regexp.cpp:
+        (JSC::RegExp::~RegExp):
+        * masm/X86Assembler.h:
+        (JSC::JITCodeBuffer::copy):
+        * wtf/FastMalloc.cpp:
+        (WTF::fastMallocExecutable):
+        (WTF::fastFreeExecutable):
+        (WTF::TCMallocStats::fastMallocExecutable):
+        (WTF::TCMallocStats::fastFreeExecutable):
+        * wtf/FastMalloc.h:
+
+2008-10-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=21294
+          Bug 21294: Devirtualize getOwnPropertySlot()
+
+        A bit over 3% faster on V8 tests.
+
+        * JavascriptCore.exp: Export leak-related functions..
+
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructureID): Set HasStandardGetOwnPropertySlot
+        since this class doesn't override getPropertySlot.
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructureID): Ditto.
+
+        * VM/ExceptionHelpers.cpp:
+        (JSC::InterruptedExecutionError::InterruptedExecutionError): Use a structure
+        that's created just for this class instead of trying to share a single "null
+        prototype" structure.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_create_arguments_no_params): Rename
+        Arguments::ArgumentsNoParameters to Arguments::NoParameters.
+        
+        * kjs/Arguments.h: Rename the enum from Arguments::ArgumentsParameters to
+        Arguments::NoParametersType and the value from Arguments::ArgumentsNoParameters
+        to Arguments::NoParameters.
+        (JSC::Arguments::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+        (JSC::Arguments::Arguments): Added an assertion that there are no parameters.
+
+        * kjs/DatePrototype.h:
+        (JSC::DatePrototype::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+
+        * kjs/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructureID): Set HasStandardGetOwnPropertySlot
+        since this class doesn't override getPropertySlot.
+        * kjs/InternalFunction.h:
+        (JSC::InternalFunction::createStructureID): Ditto.
+
+        * kjs/JSArray.h:
+        (JSC::JSArray::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+
+        * kjs/JSCell.h: Added declaration of fastGetOwnPropertySlot; a non-virtual
+        version that uses the structure bit to decide whether to call the virtual
+        version.
+
+        * kjs/JSFunction.h:
+        (JSC::JSFunction::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Initialize new structures; removed
+        nullProtoStructureID.
+        * kjs/JSGlobalData.h: Added new structures. Removed nullProtoStructureID.
+
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+
+        * kjs/JSNotAnObject.h:
+        (JSC::JSNotAnObjectErrorStub::JSNotAnObjectErrorStub): Use a structure
+        that's created just for this class instead of trying to share a single "null
+        prototype" structure.
+        (JSC::JSNotAnObjectErrorStub::isNotAnObjectErrorStub): Marked this function
+        virtual for clarity and made it private since no one should call it if they
+        already have a pointer to this specific type.
+        (JSC::JSNotAnObject::JSNotAnObject): Use a structure that's created just
+        for this class instead of trying to share a single "null prototype" structure.
+        (JSC::JSNotAnObject::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+
+        * kjs/JSObject.h:
+        (JSC::JSObject::createStructureID): Added HasStandardGetOwnPropertySlot.
+        (JSC::JSObject::inlineGetOwnPropertySlot): Added. Used so we can share code
+        between getOwnPropertySlot and fastGetOwnPropertySlot.
+        (JSC::JSObject::getOwnPropertySlot): Moved so that functions are above the
+        functions that call them. Moved the guts of this function into
+        inlineGetOwnPropertySlot.
+        (JSC::JSCell::fastGetOwnPropertySlot): Added. Checks the
+        HasStandardGetOwnPropertySlot bit and if it's set, calls
+        inlineGetOwnPropertySlot, otherwise calls getOwnPropertySlot.
+        (JSC::JSObject::getPropertySlot): Changed to call fastGetOwnPropertySlot.
+        (JSC::JSValue::get): Changed to call fastGetOwnPropertySlot.
+
+        * kjs/JSWrapperObject.h: Made constructor protected to emphasize that
+        this class is only a base class and never instantiated.
+
+        * kjs/MathObject.h:
+        (JSC::MathObject::createStructureID): Added. Returns a structure without
+        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
+        * kjs/NumberConstructor.h:
+        (JSC::NumberConstructor::createStructureID): Ditto.
+        * kjs/RegExpConstructor.h:
+        (JSC::RegExpConstructor::createStructureID): Ditto.
+        * kjs/RegExpObject.h:
+        (JSC::RegExpObject::createStructureID): Ditto.
+        * kjs/StringObject.h:
+        (JSC::StringObject::createStructureID): Ditto.
+
+        * kjs/TypeInfo.h: Added HasStandardGetOwnPropertySlot flag and
+        hasStandardGetOwnPropertySlot accessor function.
+
+2008-10-22  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21803: Fuse op_jfalse with op_eq_null and op_neq_null
+        <https://bugs.webkit.org/show_bug.cgi?id=21803>
+
+        Fuse op_jfalse with op_eq_null and op_neq_null to make the new opcodes
+        op_jeq_null and op_jneq_null.
+
+        This is a 2.6% speedup on the V8 Raytrace benchmark, and strangely also
+        a 4.7% speedup on the V8 Arguments benchmark, even though it uses
+        neither of the two new opcodes.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitJumpIfTrue):
+        (JSC::CodeGenerator::emitJumpIfFalse):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        * VM/Opcode.h:
+
+2008-10-22  Darin Fisher  <darin@chromium.org>
+
+        Reviewed by Eric Seidel.
+
+        Should not define PLATFORM(WIN,MAC,GTK) when PLATFORM(CHROMIUM) is defined
+        https://bugs.webkit.org/show_bug.cgi?id=21757
+
+        PLATFORM(CHROMIUM) implies HAVE_ACCESSIBILITY
+
+        * wtf/Platform.h:
+
+2008-10-22  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Correct opcode names in documentation.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-21  Oliver Hunt <oliver@apple.com>
+
+        RS=Maciej Stachowiak.
+
+        Force FastMalloc to make all allocated pages executable in
+        a vague hope this will allow the Win2k3 bot to be able to
+        run tests.
+
+        Filed Bug 21783: Need more granular control over allocation of executable memory
+        to cover a more granular version of this patch.
+
+        * wtf/TCSystemAlloc.cpp:
+        (TryVirtualAlloc):
+
+2008-10-21  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21769
+        MessagePort should be GC protected if there are messages to be delivered
+
+        * wtf/MessageQueue.h:
+        (WTF::::isEmpty): Added. Also added a warning for methods that return a snapshot of queue
+        state, thus likely to cause race conditions.
+
+2008-10-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - convert post-increment to pre-increment in a couple more places for speed
+
+        Speeds up V8 benchmarks a little on most computers. (But, strangely, slows
+        them down a little on my computer.)
+
+        * kjs/nodes.cpp:
+        (JSC::statementListEmitCode): Removed default argument, since we always want
+        to specify this explicitly.
+        (JSC::ForNode::emitCode): Tolerate ignoredResult() as the dst -- means the
+        same thing as 0.
+        (JSC::ReturnNode::emitCode): Ditto.
+        (JSC::ThrowNode::emitCode): Ditto.
+        (JSC::FunctionBodyNode::emitCode): Pass ignoredResult() so that we know we
+        don't have to compute the result of function statements.
+
+2008-10-21  Peter Kasting  <pkasting@google.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix an include of a non-public header to use "" instead of <>.
+
+        * API/JSProfilerPrivate.cpp:
+
+2008-10-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21766
+        REGRESSION: 12 JSC tests fail
+
+        The JSGlobalObject was mutating the shared nullProtoStructureID when
+        used in jsc.  Instead of using nullProtoStructureID, use a new StructureID.
+
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::JSCallbackObject):
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreateInGroup):
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+        (jscmain):
+
+2008-10-20  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove an untaken branch in CodeGenerator::emitJumpIfFalse(). This
+        function is never called with a backwards target LabelID, and there is
+        even an assertion to this effect at the top of the function body.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitJumpIfFalse):
+
+2008-10-20  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Add opcode documentation for undocumented opcodes.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
+        Don't create intermediate StructureIDs for builtin objects
+
+        Second stage in reduce number of StructureIDs created when initializing the
+        JSGlobalObject.
+
+        - Use putDirectWithoutTransition for the remaining singleton objects to reduce
+          the number of StructureIDs create for about:blank from 132 to 73.
+
+        * kjs/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        * kjs/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * kjs/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * kjs/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * kjs/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        * kjs/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * kjs/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * kjs/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * kjs/FunctionPrototype.h:
+        (JSC::FunctionPrototype::createStructureID):
+        * kjs/InternalFunction.cpp:
+        * kjs/InternalFunction.h:
+        (JSC::InternalFunction::InternalFunction):
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * kjs/JSObject.h:
+        * kjs/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * kjs/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * kjs/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * kjs/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * kjs/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        * kjs/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * kjs/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        * kjs/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics):
+        * kjs/StructureID.h:
+        (JSC::StructureID::setPrototypeWithoutTransition):
+
+2008-10-20  Alp Toker  <alp@nuanti.com>
+
+        Fix autotools dist build target by listing recently added header
+        files only. Not reviewed.
+
+        * GNUmakefile.am:
+
+2008-10-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders Carlsson.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::tryCacheGetByID): Removed a redundant and sometimes
+        incorrect cast, which started ASSERTing after Darin's last checkin.
+
+2008-10-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Re-enable CTI, which I accidentally disabled while checking in fixes
+        to bytecode.
+
+        * wtf/Platform.h:
+
+2008-10-20  Alp Toker  <alp@nuanti.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        Typo fix in function name: mimimum -> minimum.
+
+        * kjs/DateMath.cpp:
+        (JSC::minimumYearForDST):
+        (JSC::equivalentYearForDST):
+
+2008-10-20  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Mark Rowe.
+
+        Use pthread instead of GThread where possible in the GTK+ port. This
+        fixes issues with global initialisation, particularly on GTK+/Win32
+        where a late g_thread_init() will cause hangs.
+
+        * GNUmakefile.am:
+        * wtf/Platform.h:
+        * wtf/Threading.h:
+        * wtf/ThreadingGtk.cpp:
+        * wtf/ThreadingPthreads.cpp:
+
+2008-10-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21735
+        Emit profiling instrumentation only if the Web Inspector's profiling
+        feature is enabled
+
+        22.2% speedup on empty function call benchmark.
+        2.9% speedup on v8 benchmark.
+        0.7% speedup on SunSpider.
+        
+        Lesser but similar speedups in bytecode.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases): Nixed JITed profiler hooks. Profiler
+        hooks now have their own opcodes. Added support for compiling profiler
+        hook opcodes.
+        
+        (JSC::CodeBlock::dump): Dump support for the new profiling opcodes.
+
+        * VM/CodeGenerator.h:
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct): Conditionally emit profiling hooks
+        around call and construct, at the call site. (It's easier to get things
+        right this way, if you have profiled code calling non-profiled code.
+        Also, you get a slightly more accurate profile, since you charge the full
+        cost of the call / construct operation to the callee.)
+        
+        Also, fixed a bug where construct would fetch the ".prototype" property
+        from the constructor before evaluating the arguments to the constructor,
+        incorrectly allowing an "invalid constructor" exception to short-circuit
+        argument evaluation. I encountered this bug when trying to make
+        constructor exceptions work with profiling.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval): Removed obsolete profiler hooks.
+
+        (JSC::Machine::throwException): Added a check for an exception thrown
+        within a call instruction. We didn't need this before because the call
+        instruction would check for a valid call before involing the profiler.
+        (JSC::Machine::execute): Added a didExecute hook at the end of top-level
+        function invocation, since op_ret no longer does this for us.
+
+        (JSC::Machine::privateExecute): Removed obsolete profiler hooks. Added
+        profiler opcodes. Changed some ++vPC to vPC[x] notation, since the
+        latter is better for performance, and it makes reasoning about the
+        current opcode in exception handling much simpler.
+
+        (JSC::Machine::cti_op_call_NotJSFunction): Removed obsolete profiler
+        hooks.
+
+        (JSC::Machine::cti_op_create_arguments_no_params): Added missing
+        CTI_STACK_HACK that I noticed when adding CTI_STACK_HACK to the new
+        profiler opcode functions.
+
+        (JSC::Machine::cti_op_profile_will_call):
+        (JSC::Machine::cti_op_profile_did_call): The new profiler opcode
+        functions.
+
+        (JSC::Machine::cti_op_construct_NotJSConstruct): Removed obsolete profiler
+        hooks.
+
+        * VM/Machine.h:
+        (JSC::Machine::isCallOpcode): Helper for exception handling.
+
+        * VM/Opcode.h: Declare new opcodes.
+
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::supportsProfiling): Added virtual interface that
+        allows WebCore to specify whether the target global object has the Web
+        Inspector's profiling feature enabled.
+
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::willExecute):
+        (JSC::Profiler::didExecute):
+        (JSC::Profiler::createCallIdentifier):
+        * profiler/Profiler.h: Added support for invoking the profiler with
+        an arbitrary JSValue*, and not a known object. We didn't need this
+        before because the call instruction would check for a valid call before
+        involing the profiler.
+
+2008-10-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - get CTI working on Windows again
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCTICall): Add an overload for functions that
+        return JSObject*.
+        * VM/CTI.h: Use JSValue* and JSObject* as return types for
+        cti_op functions. Apparently, MSVC doesn't handle returning
+        the JSValuePtr struct in a register. We'll have to look into
+        this more.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstructFast):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_vm_throw):
+        Change these functions to return pointer types, and never
+        JSValuePtr.
+        * VM/Machine.h: Ditto.
+
+2008-10-20  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed some recent break-age in bytecode mode.
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::printStructureIDs): Fixed up an ASSERT caused by
+        Gavin's last checkin. This is a temporary fix so I can keep on moving.
+        I'll send email about what I think is an underlying problem soon.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): Removed a redundant and sometimes
+        incorrect cast, which started ASSERTing after Darin's last checkin.
+
+2008-10-20  Darin Adler  <darin@apple.com>
+
+        - another similar Windows build fix
+
+        * VM/CTI.cpp: Changed return type to JSObject* instead of JSValuePtr.
+
+2008-10-20  Darin Adler  <darin@apple.com>
+
+        - try to fix Windows build
+
+        * VM/CTI.cpp: Use JSValue* instead of JSValuePtr for ctiTrampoline.
+        * VM/CTI.h: Ditto.
+
+2008-10-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - finish https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_profiler): Use asFunction.
+        (JSC::Machine::cti_vm_lazyLinkCall): Ditto.
+        (JSC::Machine::cti_op_construct_JSConstructFast): Use asObject.
+
+        * kjs/JSCell.h: Re-sort friend classes. Eliminate inheritance from
+        JSValue. Changed cast in asCell from static_cast to reinterpret_cast.
+        Removed JSValue::getNumber(double&) and one of JSValue::getObject
+        overloads.
+
+        * kjs/JSValue.h: Made the private constructor and destructor both
+        non-virtual and also remove the definitions. This class can never
+        be instantiated or derived.
+
+2008-10-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        Change JSValuePtr from a typedef into a class. This allows us to support
+        conversion from JSCell* to JSValuePtr even if JSCell isn't derived from
+        JSValue.
+
+        * JavaScriptCore.exp: Updated symbols that involve JSValuePtr, since
+        it's now a distinct type.
+
+        * API/APICast.h:
+        (toRef): Extract the JSValuePtr payload explicitly since we can't just
+        cast any more.
+        * VM/CTI.cpp:
+        (JSC::CTI::asInteger): Ditto.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::addConstant): Get at the payload directly.
+        (JSC::CodeGenerator::emitLoad): Added an overload of JSCell* because
+        otherwise classes derived from JSValue end up calling the bool
+        overload instead of JSValuePtr.
+        * VM/CodeGenerator.h: Ditto. Also update traits to use JSValue*
+        and the payload functions.
+
+        * VM/Register.h: Added a JSCell* overload and use of payload functions.
+
+        * kjs/JSCell.h:
+        (JSC::asCell): Use payload function.
+        (JSC::JSValue::asCell): Use JSValue* instead of JSValuePtr.
+        (JSC::JSValuePtr::JSValuePtr): Added. Constructor that takes JSCell*
+        and creates a JSValuePtr.
+
+        * kjs/JSImmediate.h: Added JSValuePtr class. Also updated makeValue
+        and makeInt to work with JSValue* and the payload function.
+
+        * kjs/JSValue.h: Added == and != operators for JSValuePtr. Put them
+        here because eventually all the JSValue functions should go here
+        except what's needed by JSImmediate. Also fix asValue to use
+        JSValue* instead of JSValuePtr.
+
+        * kjs/PropertySlot.h: Change constructor to take JSValuePtr.
+
+        * kjs/protect.h: Update gcProtect functions to work with JSCell*
+        as well as JSValuePtr. Also updated the ProtectedPtr<JSValuePtr>
+        specialization to work more directly. Also changed all the call
+        sites to use gcProtectNullTolerant.
+
+2008-10-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        Remove most uses of JSValue, which will be removed in a future patch.
+
+        * VM/Machine.cpp:
+        (JSC::fastToUInt32): Call toUInt32SlowCase function; no longer a member
+        of JSValue.
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::toInt32): Ditto.
+        (JSC::JSNumberCell::toUInt32): Ditto.
+
+        * kjs/JSValue.cpp:
+        (JSC::toInt32SlowCase): Made a non-member function.
+        (JSC::JSValue::toInt32SlowCase): Changed to call non-member function.
+        (JSC::toUInt32SlowCase): More of the same.
+        (JSC::JSValue::toUInt32SlowCase): Ditto.
+
+        * kjs/JSValue.h: Moved static member function so they are no longer
+        member functions at all.
+
+        * VM/CTI.h: Removed forward declaration of JSValue.
+        * VM/ExceptionHelpers.h: Ditto.
+        * kjs/CallData.h: Ditto.
+        * kjs/ConstructData.h: Ditto.
+        * kjs/JSGlobalObjectFunctions.h: Ditto.
+        * kjs/PropertyMap.h: Ditto.
+        * kjs/StructureID.h: Ditto.
+        * kjs/collector.h: Ditto.
+        * kjs/completion.h: Ditto.
+
+        * kjs/grammar.y:
+        (JSC::makeBitwiseNotNode): Call new non-member toInt32 function.
+        (JSC::makeLeftShiftNode): More of the same.
+        (JSC::makeRightShiftNode): Ditto.
+
+        * kjs/protect.h: Added a specialization for ProtectedPtr<JSValuePtr>
+        so this can be used with JSValuePtr.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        Tweak a little more to get closer to where we can make JSValuePtr a class.
+
+        * API/APICast.h:
+        (toJS): Change back to JSValue* here, since we're converting the
+        pointer type.
+        * VM/CTI.cpp:
+        (JSC::CTI::unlinkCall): Call asPointer.
+        * VM/CTI.h: Cast to JSValue* here, since it's a pointer cast.
+        * kjs/DebuggerCallFrame.h:
+        (JSC::DebuggerCallFrame::DebuggerCallFrame): Call noValue.
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Call noValue.
+        * kjs/JSImmediate.cpp:
+        (JSC::JSImmediate::toObject): Remove unneeded const_cast.
+        * kjs/JSWrapperObject.h:
+        (JSC::JSWrapperObject::JSWrapperObject): Call noValue.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - fix non-all-in-one build
+
+        * kjs/completion.h:
+        (JSC::Completion::Completion): Add include of JSValue.h.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - fix assertions I introduced with my casting changes
+
+        These were showing up as failures in the JavaScriptCore tests.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_instanceof): Remove the bogus asCell casting that
+        was at the top of the function, and instead cast at the point of use.
+        (JSC::Machine::cti_op_construct_NotJSConstruct): Moved the cast to
+        object after checking the construct type.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - fix non-all-in-one build
+
+        * kjs/JSGlobalObjectFunctions.h: Add include of JSImmedate.h (for now).
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - fix build
+
+        * kjs/interpreter.h: Include JSValue.h instead of JSImmediate.h.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        * kjs/interpreter.h: Fix include of JSImmediate.h.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - fix non-all-in-one build
+
+        * kjs/interpreter.h: Add include of JSImmediate.h.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - fix non-all-in-one build
+
+        * kjs/ConstructData.h: Add include of JSImmedate.h (for now).
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        - try to fix Windows build
+
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine): Use JSCell* type since MSVC seems to only allow
+        calling ~JSCell directly if it's a JSCell*.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - next step on https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        Use JSValuePtr everywhere instead of JSValue*. In the future, we'll be
+        changing JSValuePtr to be a class, and then eventually renaming it
+        to JSValue once that's done.
+
+        * JavaScriptCore.exp: Update entry points, since some now take JSValue*
+        instead of const JSValue*.
+
+        * API/APICast.h:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSValueRef.cpp:
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        * VM/CodeGenerator.h:
+        * VM/ExceptionHelpers.cpp:
+        * VM/ExceptionHelpers.h:
+        * VM/JSPropertyNameIterator.cpp:
+        * VM/JSPropertyNameIterator.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * VM/Register.h:
+        * kjs/ArgList.cpp:
+        * kjs/ArgList.h:
+        * kjs/Arguments.cpp:
+        * kjs/Arguments.h:
+        * kjs/ArrayConstructor.cpp:
+        * kjs/ArrayPrototype.cpp:
+        * kjs/BooleanConstructor.cpp:
+        * kjs/BooleanConstructor.h:
+        * kjs/BooleanObject.h:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/CallData.cpp:
+        * kjs/CallData.h:
+        * kjs/ConstructData.cpp:
+        * kjs/ConstructData.h:
+        * kjs/DateConstructor.cpp:
+        * kjs/DateInstance.h:
+        * kjs/DatePrototype.cpp:
+        * kjs/DebuggerCallFrame.cpp:
+        * kjs/DebuggerCallFrame.h:
+        * kjs/ErrorConstructor.cpp:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h:
+        * kjs/FunctionConstructor.cpp:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/GetterSetter.cpp:
+        * kjs/GetterSetter.h:
+        * kjs/InternalFunction.h:
+        * kjs/JSActivation.cpp:
+        * kjs/JSActivation.h:
+        * kjs/JSArray.cpp:
+        * kjs/JSArray.h:
+        * kjs/JSCell.cpp:
+        * kjs/JSCell.h:
+        * kjs/JSFunction.cpp:
+        * kjs/JSFunction.h:
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        * kjs/JSGlobalObjectFunctions.cpp:
+        * kjs/JSGlobalObjectFunctions.h:
+        * kjs/JSImmediate.cpp:
+        * kjs/JSImmediate.h:
+        * kjs/JSNotAnObject.cpp:
+        * kjs/JSNotAnObject.h:
+        * kjs/JSNumberCell.cpp:
+        * kjs/JSNumberCell.h:
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/JSStaticScopeObject.cpp:
+        * kjs/JSStaticScopeObject.h:
+        * kjs/JSString.cpp:
+        * kjs/JSString.h:
+        * kjs/JSValue.h:
+        * kjs/JSVariableObject.h:
+        * kjs/JSWrapperObject.h:
+        * kjs/MathObject.cpp:
+        * kjs/NativeErrorConstructor.cpp:
+        * kjs/NumberConstructor.cpp:
+        * kjs/NumberConstructor.h:
+        * kjs/NumberObject.cpp:
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.cpp:
+        * kjs/ObjectConstructor.cpp:
+        * kjs/ObjectPrototype.cpp:
+        * kjs/ObjectPrototype.h:
+        * kjs/PropertyMap.h:
+        * kjs/PropertySlot.cpp:
+        * kjs/PropertySlot.h:
+        * kjs/RegExpConstructor.cpp:
+        * kjs/RegExpConstructor.h:
+        * kjs/RegExpMatchesArray.h:
+        * kjs/RegExpObject.cpp:
+        * kjs/RegExpObject.h:
+        * kjs/RegExpPrototype.cpp:
+        * kjs/Shell.cpp:
+        * kjs/StringConstructor.cpp:
+        * kjs/StringObject.cpp:
+        * kjs/StringObject.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        * kjs/StringPrototype.cpp:
+        * kjs/StructureID.cpp:
+        * kjs/StructureID.h:
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/completion.h:
+        * kjs/grammar.y:
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/nodes.h:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/protect.h:
+        * profiler/ProfileGenerator.cpp:
+        Replace JSValue* with JSValuePtr.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_eval): Removed stray parentheses from my
+        last check-in.
+
+2008-10-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - first step of https://bugs.webkit.org/show_bug.cgi?id=21732
+          improve performance by eliminating JSValue as a base class for JSCell
+
+        Remove casts from JSValue* to derived classes, replacing them with
+        calls to inline casting functions. These functions are also a bit
+        better than aidrect cast because they also do a runtime assertion.
+
+        Removed use of 0 as for JSValue*, changing call sites to use a
+        noValue() function instead.
+
+        Move things needed by classes derived from JSValue out of the class,
+        since the classes won't be deriving from JSValue any more soon.
+
+        I did most of these changes by changing JSValue to not be JSValue* any
+        more, then fixing a lot of the compilation problems, then rolling out
+        the JSValue change.
+
+        1.011x as fast on SunSpider (presumably due to some of the Machine.cpp changes)
+
+        * API/APICast.h: Removed unneeded forward declarations.
+
+        * API/JSCallbackObject.h: Added an asCallbackObject function for casting.
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::JSCallbackObject::asCallbackObject): Added.
+        (JSC::JSCallbackObject::getOwnPropertySlot): Use asObject.
+        (JSC::JSCallbackObject::call): Use noValue.
+        (JSC::JSCallbackObject::staticValueGetter): Use asCallbackObject.
+        (JSC::JSCallbackObject::staticFunctionGetter): Ditto.
+        (JSC::JSCallbackObject::callbackGetter): Ditto.
+
+        * JavaScriptCore.exp: Updated.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Added RegExpMatchesArray.h.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::asInteger): Added. For use casting a JSValue to an integer.
+        (JSC::CTI::emitGetArg): Use asInteger.
+        (JSC::CTI::emitGetPutArg): Ditto.
+        (JSC::CTI::getConstantImmediateNumericArg): Ditto. Also use noValue.
+        (JSC::CTI::emitInitRegister): Use asInteger.
+        (JSC::CTI::getDeTaggedConstantImmediate): Ditto.
+        (JSC::CTI::compileOpCallInitializeCallFrame): Ditto.
+        (JSC::CTI::compileOpCall): Ditto.
+        (JSC::CTI::compileOpStrictEq): Ditto.
+        (JSC::CTI::privateCompileMainPass): Ditto.
+        (JSC::CTI::privateCompileGetByIdProto): Ditto.
+        (JSC::CTI::privateCompileGetByIdChain): Ditto.
+        (JSC::CTI::privateCompilePutByIdTransition): Ditto.
+        * VM/CTI.h: Rewrite the ARG-related macros to use C++ casts instead of
+        C casts and get rid of some extra parentheses. Addd declaration of
+        asInteger.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp): Use asString.
+        (JSC::CodeGenerator::emitLoad): Use noValue.
+        (JSC::CodeGenerator::findScopedProperty): Change globalObject argument
+        to JSObject* instead of JSValue*.
+        (JSC::CodeGenerator::emitResolve): Remove unneeded cast.
+        (JSC::CodeGenerator::emitGetScopedVar): Use asCell.
+        (JSC::CodeGenerator::emitPutScopedVar): Ditto.
+        * VM/CodeGenerator.h: Changed out argument of findScopedProperty.
+        Also change the JSValueMap to use PtrHash explicitly instead of
+        getting it from DefaultHash.
+
+        * VM/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::toPrimitive): Use noValue.
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::next): Ditto.
+
+        * VM/Machine.cpp:
+        (JSC::fastIsNumber): Moved isImmediate check here instead of
+        checking for 0 inside Heap::isNumber. Use asCell and asNumberCell.
+        (JSC::fastToInt32): Ditto.
+        (JSC::fastToUInt32): Ditto.
+        (JSC::jsLess): Use asString.
+        (JSC::jsLessEq): Ditto.
+        (JSC::jsAdd): Ditto.
+        (JSC::jsTypeStringForValue): Use asObject.
+        (JSC::jsIsObjectType): Ditto.
+        (JSC::jsIsFunctionType): Ditto.
+        (JSC::inlineResolveBase): Use noValue.
+        (JSC::Machine::callEval): Use asString. Initialize result to
+        undefined, not 0.
+        (JSC::Machine::Machine): Remove unneeded casts to JSCell*.
+        (JSC::Machine::throwException): Use asObject.
+        (JSC::Machine::debug): Remove explicit calls to the DebuggerCallFrame
+        constructor.
+        (JSC::Machine::checkTimeout): Use noValue.
+        (JSC::cachePrototypeChain): Use asObject.
+        (JSC::Machine::tryCachePutByID): Use asCell.
+        (JSC::Machine::tryCacheGetByID): Use aCell and asObject.
+        (JSC::Machine::privateExecute): Use noValue, asCell, asObject, asString,
+        asArray, asActivation, asFunction. Changed code that creates call frames
+        for host functions to pass 0 for the function pointer -- the call frame
+        needs a JSFunction* and a host function object is not one. This was
+        caught by the assertions in the casting functions. Also remove some
+        unneeded casts in cases where two values are compared.
+        (JSC::Machine::retrieveLastCaller): Use noValue.
+        (JSC::Machine::tryCTICachePutByID): Use asCell.
+        (JSC::Machine::tryCTICacheGetByID): Use aCell and asObject.
+        (JSC::setUpThrowTrampolineReturnAddress): Added this function to restore
+        the PIC-branch-avoidance that was recently lost.
+        (JSC::Machine::cti_op_add): Use asString.
+        (JSC::Machine::cti_op_instanceof): Use asCell and asObject.
+        (JSC::Machine::cti_op_call_JSFunction): Use asFunction.
+        (JSC::Machine::cti_op_call_NotJSFunction): Changed code to pass 0 for
+        the function pointer, since we don't have a JSFunction. Use asObject.
+        (JSC::Machine::cti_op_tear_off_activation): Use asActivation.
+        (JSC::Machine::cti_op_construct_JSConstruct): Use asFunction and asObject.
+        (JSC::Machine::cti_op_construct_NotJSConstruct): use asObject.
+        (JSC::Machine::cti_op_get_by_val): Use asArray and asString.
+        (JSC::Machine::cti_op_resolve_func): Use asPointer; this helps prepare
+        us for a situation where JSValue is not a pointer.
+        (JSC::Machine::cti_op_put_by_val): Use asArray.
+        (JSC::Machine::cti_op_put_by_val_array): Ditto.
+        (JSC::Machine::cti_op_resolve_global): Use asGlobalObject.
+        (JSC::Machine::cti_op_post_inc): Change VM_CHECK_EXCEPTION_2 to
+        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
+        that point. Also use asPointer.
+        (JSC::Machine::cti_op_resolve_with_base): Use asPointer.
+        (JSC::Machine::cti_op_post_dec): Change VM_CHECK_EXCEPTION_2 to
+        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
+        that point. Also use asPointer.
+        (JSC::Machine::cti_op_call_eval): Use asObject, noValue, and change
+        VM_CHECK_EXCEPTION_ARG to VM_THROW_EXCEPTION_AT_END.
+        (JSC::Machine::cti_op_throw): Change return value to a JSValue*.
+        (JSC::Machine::cti_op_in): Use asObject.
+        (JSC::Machine::cti_op_switch_char): Use asString.
+        (JSC::Machine::cti_op_switch_string): Ditto.
+        (JSC::Machine::cti_op_put_getter): Use asObject.
+        (JSC::Machine::cti_op_put_setter): Ditto.
+        (JSC::Machine::cti_vm_throw): Change return value to a JSValue*.
+        Use noValue.
+        * VM/Machine.h: Change return values of both cti_op_throw and
+        cti_vm_throw to JSValue*.
+
+        * VM/Register.h: Remove nullJSValue, which is the same thing
+        as noValue(). Also removed unneeded definition of JSValue.
+
+        * kjs/ArgList.h: Removed unneeded definition of JSValue.
+
+        * kjs/Arguments.h:
+        (JSC::asArguments): Added.
+
+        * kjs/ArrayPrototype.cpp:
+        (JSC::getProperty): Use noValue.
+        (JSC::arrayProtoFuncToString): Use asArray.
+        (JSC::arrayProtoFuncToLocaleString): Ditto.
+        (JSC::arrayProtoFuncConcat): Ditto.
+        (JSC::arrayProtoFuncPop): Ditto. Also removed unneeded initialization
+        of the result, which is set in both sides of the branch.
+        (JSC::arrayProtoFuncPush): Ditto.
+        (JSC::arrayProtoFuncShift): Removed unneeded initialization
+        of the result, which is set in both sides of the branch.
+        (JSC::arrayProtoFuncSort): Use asArray.
+
+        * kjs/BooleanObject.h:
+        (JSC::asBooleanObject): Added.
+
+        * kjs/BooleanPrototype.cpp:
+        (JSC::booleanProtoFuncToString): Use asBooleanObject.
+        (JSC::booleanProtoFuncValueOf): Ditto.
+
+        * kjs/CallData.cpp:
+        (JSC::call): Use asObject and asFunction.
+        * kjs/ConstructData.cpp:
+        (JSC::construct): Ditto.
+
+        * kjs/DateConstructor.cpp:
+        (JSC::constructDate): Use asDateInstance.
+
+        * kjs/DateInstance.h:
+        (JSC::asDateInstance): Added.
+
+        * kjs/DatePrototype.cpp:
+        (JSC::dateProtoFuncToString): Use asDateInstance.
+        (JSC::dateProtoFuncToUTCString): Ditto.
+        (JSC::dateProtoFuncToDateString): Ditto.
+        (JSC::dateProtoFuncToTimeString): Ditto.
+        (JSC::dateProtoFuncToLocaleString): Ditto.
+        (JSC::dateProtoFuncToLocaleDateString): Ditto.
+        (JSC::dateProtoFuncToLocaleTimeString): Ditto.
+        (JSC::dateProtoFuncValueOf): Ditto.
+        (JSC::dateProtoFuncGetTime): Ditto.
+        (JSC::dateProtoFuncGetFullYear): Ditto.
+        (JSC::dateProtoFuncGetUTCFullYear): Ditto.
+        (JSC::dateProtoFuncToGMTString): Ditto.
+        (JSC::dateProtoFuncGetMonth): Ditto.
+        (JSC::dateProtoFuncGetUTCMonth): Ditto.
+        (JSC::dateProtoFuncGetDate): Ditto.
+        (JSC::dateProtoFuncGetUTCDate): Ditto.
+        (JSC::dateProtoFuncGetDay): Ditto.
+        (JSC::dateProtoFuncGetUTCDay): Ditto.
+        (JSC::dateProtoFuncGetHours): Ditto.
+        (JSC::dateProtoFuncGetUTCHours): Ditto.
+        (JSC::dateProtoFuncGetMinutes): Ditto.
+        (JSC::dateProtoFuncGetUTCMinutes): Ditto.
+        (JSC::dateProtoFuncGetSeconds): Ditto.
+        (JSC::dateProtoFuncGetUTCSeconds): Ditto.
+        (JSC::dateProtoFuncGetMilliSeconds): Ditto.
+        (JSC::dateProtoFuncGetUTCMilliseconds): Ditto.
+        (JSC::dateProtoFuncGetTimezoneOffset): Ditto.
+        (JSC::dateProtoFuncSetTime): Ditto.
+        (JSC::setNewValueFromTimeArgs): Ditto.
+        (JSC::setNewValueFromDateArgs): Ditto.
+        (JSC::dateProtoFuncSetYear): Ditto.
+        (JSC::dateProtoFuncGetYear): Ditto.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::thisObject): Use asObject.
+        (JSC::DebuggerCallFrame::evaluate): Use noValue.
+        * kjs/DebuggerCallFrame.h: Added a constructor that
+        takes only a callFrame.
+
+        * kjs/ExecState.h:
+        (JSC::ExecState::clearException): Use noValue.
+
+        * kjs/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString): Use asFunction.
+        (JSC::functionProtoFuncApply): Use asArguments and asArray.
+
+        * kjs/GetterSetter.cpp:
+        (JSC::GetterSetter::getPrimitiveNumber): Use noValue.
+
+        * kjs/GetterSetter.h:
+        (JSC::asGetterSetter): Added.
+
+        * kjs/InternalFunction.cpp:
+        (JSC::InternalFunction::name): Use asString.
+
+        * kjs/InternalFunction.h:
+        (JSC::asInternalFunction): Added.
+
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter): Use asActivation.
+
+        * kjs/JSActivation.h:
+        (JSC::asActivation): Added.
+
+        * kjs/JSArray.cpp:
+        (JSC::JSArray::putSlowCase): Use noValue.
+        (JSC::JSArray::deleteProperty): Ditto.
+        (JSC::JSArray::increaseVectorLength): Ditto.
+        (JSC::JSArray::setLength): Ditto.
+        (JSC::JSArray::pop): Ditto.
+        (JSC::JSArray::sort): Ditto.
+        (JSC::JSArray::compactForSorting): Ditto.
+        * kjs/JSArray.h:
+        (JSC::asArray): Added.
+
+        * kjs/JSCell.cpp:
+        (JSC::JSCell::getJSNumber): Use noValue.
+
+        * kjs/JSCell.h:
+        (JSC::asCell): Added.
+        (JSC::JSValue::asCell): Changed to not preserve const.
+        Given the wide use of JSValue* and JSCell*, it's not
+        really useful to use const.
+        (JSC::JSValue::isNumber): Use asValue.
+        (JSC::JSValue::isString): Ditto.
+        (JSC::JSValue::isGetterSetter): Ditto.
+        (JSC::JSValue::isObject): Ditto.
+        (JSC::JSValue::getNumber): Ditto.
+        (JSC::JSValue::getString): Ditto.
+        (JSC::JSValue::getObject): Ditto.
+        (JSC::JSValue::getCallData): Ditto.
+        (JSC::JSValue::getConstructData): Ditto.
+        (JSC::JSValue::getUInt32): Ditto.
+        (JSC::JSValue::getTruncatedInt32): Ditto.
+        (JSC::JSValue::getTruncatedUInt32): Ditto.
+        (JSC::JSValue::mark): Ditto.
+        (JSC::JSValue::marked): Ditto.
+        (JSC::JSValue::toPrimitive): Ditto.
+        (JSC::JSValue::getPrimitiveNumber): Ditto.
+        (JSC::JSValue::toBoolean): Ditto.
+        (JSC::JSValue::toNumber): Ditto.
+        (JSC::JSValue::toString): Ditto.
+        (JSC::JSValue::toObject): Ditto.
+        (JSC::JSValue::toThisObject): Ditto.
+        (JSC::JSValue::needsThisConversion): Ditto.
+        (JSC::JSValue::toThisString): Ditto.
+        (JSC::JSValue::getJSNumber): Ditto.
+
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::argumentsGetter): Use asFunction.
+        (JSC::JSFunction::callerGetter): Ditto.
+        (JSC::JSFunction::lengthGetter): Ditto.
+        (JSC::JSFunction::construct): Use asObject.
+
+        * kjs/JSFunction.h:
+        (JSC::asFunction): Added.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::lastInPrototypeChain): Use asObject.
+
+        * kjs/JSGlobalObject.h:
+        (JSC::asGlobalObject): Added.
+        (JSC::ScopeChainNode::globalObject): Use asGlobalObject.
+
+        * kjs/JSImmediate.h: Added noValue, asPointer, and makeValue
+        functions. Use rawValue, makeValue, and noValue consistently
+        instead of doing reinterpret_cast in various functions.
+
+        * kjs/JSNumberCell.h:
+        (JSC::asNumberCell): Added.
+        (JSC::JSValue::uncheckedGetNumber): Use asValue and asNumberCell.
+        (JSC::JSValue::toJSNumber): Use asValue.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::put): Use asObject and asGetterSetter.
+        (JSC::callDefaultValueFunction): Use noValue.
+        (JSC::JSObject::defineGetter): Use asGetterSetter.
+        (JSC::JSObject::defineSetter): Ditto.
+        (JSC::JSObject::lookupGetter): Ditto. Also use asObject.
+        (JSC::JSObject::lookupSetter): Ditto.
+        (JSC::JSObject::hasInstance): Use asObject.
+        (JSC::JSObject::fillGetterPropertySlot): Use asGetterSetter.
+
+        * kjs/JSObject.h:
+        (JSC::JSObject::getDirect): Use noValue.
+        (JSC::asObject): Added.
+        (JSC::JSValue::isObject): Use asValue.
+        (JSC::JSObject::get): Removed unneeded const_cast.
+        (JSC::JSObject::getPropertySlot): Use asObject.
+        (JSC::JSValue::get): Removed unneeded const_cast.
+        Use asValue, asCell, and asObject.
+        (JSC::JSValue::put): Ditto.
+        (JSC::JSObject::allocatePropertyStorageInline): Fixed spelling
+        of "oldPropertStorage".
+
+        * kjs/JSString.cpp:
+        (JSC::JSString::getOwnPropertySlot): Use asObject.
+
+        * kjs/JSString.h:
+        (JSC::asString): Added.
+        (JSC::JSValue::toThisJSString): Use asValue.
+
+        * kjs/JSValue.h: Make PreferredPrimitiveType a top level enum
+        instead of a member of JSValue. Added an asValue function that
+        returns this. Removed overload of asCell for const. Use asValue
+        instead of getting right at this.
+
+        * kjs/ObjectPrototype.cpp:
+        (JSC::objectProtoFuncIsPrototypeOf): Use asObject.
+        (JSC::objectProtoFuncDefineGetter): Ditto.
+        (JSC::objectProtoFuncDefineSetter): Ditto.
+
+        * kjs/PropertySlot.h:
+        (JSC::PropertySlot::PropertySlot): Take a const JSValue* so the
+        callers don't have to worry about const.
+        (JSC::PropertySlot::clearBase): Use noValue.
+        (JSC::PropertySlot::clearValue): Ditto.
+
+        * kjs/RegExpConstructor.cpp:
+        (JSC::regExpConstructorDollar1): Use asRegExpConstructor.
+        (JSC::regExpConstructorDollar2): Ditto.
+        (JSC::regExpConstructorDollar3): Ditto.
+        (JSC::regExpConstructorDollar4): Ditto.
+        (JSC::regExpConstructorDollar5): Ditto.
+        (JSC::regExpConstructorDollar6): Ditto.
+        (JSC::regExpConstructorDollar7): Ditto.
+        (JSC::regExpConstructorDollar8): Ditto.
+        (JSC::regExpConstructorDollar9): Ditto.
+        (JSC::regExpConstructorInput): Ditto.
+        (JSC::regExpConstructorMultiline): Ditto.
+        (JSC::regExpConstructorLastMatch): Ditto.
+        (JSC::regExpConstructorLastParen): Ditto.
+        (JSC::regExpConstructorLeftContext): Ditto.
+        (JSC::regExpConstructorRightContext): Ditto.
+        (JSC::setRegExpConstructorInput): Ditto.
+        (JSC::setRegExpConstructorMultiline): Ditto.
+        (JSC::constructRegExp): Use asObject.
+
+        * kjs/RegExpConstructor.h:
+        (JSC::asRegExpConstructor): Added.
+
+        * kjs/RegExpObject.cpp:
+        (JSC::regExpObjectGlobal): Use asRegExpObject.
+        (JSC::regExpObjectIgnoreCase): Ditto.
+        (JSC::regExpObjectMultiline): Ditto.
+        (JSC::regExpObjectSource): Ditto.
+        (JSC::regExpObjectLastIndex): Ditto.
+        (JSC::setRegExpObjectLastIndex): Ditto.
+        (JSC::callRegExpObject): Ditto.
+
+        * kjs/RegExpObject.h:
+        (JSC::asRegExpObject): Added.
+
+        * kjs/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncTest): Use asRegExpObject.
+        (JSC::regExpProtoFuncExec): Ditto.
+        (JSC::regExpProtoFuncCompile): Ditto.
+        (JSC::regExpProtoFuncToString): Ditto.
+
+        * kjs/StringObject.h:
+        (JSC::StringObject::internalValue): Use asString.
+        (JSC::asStringObject): Added.
+
+        * kjs/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace): Use asRegExpObject.
+        (JSC::stringProtoFuncToString): Ue asStringObject.
+        (JSC::stringProtoFuncMatch): Use asRegExpObject.
+        (JSC::stringProtoFuncSearch): Ditto.
+        (JSC::stringProtoFuncSplit): Ditto.
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames): Use asObject.
+        (JSC::StructureID::createCachedPrototypeChain): Ditto.
+        (JSC::StructureIDChain::StructureIDChain): Use asCell and asObject.
+
+        * kjs/collector.h:
+        (JSC::Heap::isNumber): Removed null handling. This can only be called
+        on valid cells.
+        (JSC::Heap::cellBlock): Removed overload for const and non-const.
+        Whether the JSCell* is const or not really should have no effect on
+        whether you can modify the collector block it's in.
+
+        * kjs/interpreter.cpp:
+        (JSC::Interpreter::evaluate): Use noValue and noObject.
+
+        * kjs/nodes.cpp:
+        (JSC::FunctionCallResolveNode::emitCode): Use JSObject for the global
+        object rather than JSValue.
+        (JSC::PostfixResolveNode::emitCode): Ditto.
+        (JSC::PrefixResolveNode::emitCode): Ditto.
+        (JSC::ReadModifyResolveNode::emitCode): Ditto.
+        (JSC::AssignResolveNode::emitCode): Ditto.
+
+        * kjs/operations.h:
+        (JSC::equalSlowCaseInline): Use asString, asCell, asNumberCell, 
+        (JSC::strictEqualSlowCaseInline): Ditto.
+
+2008-10-18  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 21702: Special op_create_activation for the case where there are no named parameters
+        <https://bugs.webkit.org/show_bug.cgi?id=21702>
+
+        This is a 2.5% speedup on the V8 Raytrace benchmark and a 1.1% speedup
+        on the V8 Earley-Boyer benchmark.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_create_arguments_no_params):
+        * VM/Machine.h:
+        * kjs/Arguments.h:
+        (JSC::Arguments::):
+        (JSC::Arguments::Arguments):
+
+2008-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - in debug builds, alter the stack to avoid blowing out MallocStackLogging
+        
+        (In essence, while executing a CTI function we alter the return
+        address to jscGeneratedNativeCode so that a single consistent
+        function is on the stack instead of many random functions without
+        symbols.)
+
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::doSetReturnAddress):
+        (JSC::):
+        (JSC::StackHack::StackHack):
+        (JSC::StackHack::~StackHack):
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_end):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_timeout_check):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_loop_if_less):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_second):
+        (JSC::Machine::cti_op_put_by_id_generic):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_call_profiler):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_lazyLinkCall):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstructFast):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_put_by_val):
+        (JSC::Machine::cti_op_put_by_val_array):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_jless):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_post_dec):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_get_pnames):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_push_scope):
+        (JSC::Machine::cti_op_pop_scope):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_jmp_scopes):
+        (JSC::Machine::cti_op_put_by_index):
+        (JSC::Machine::cti_op_switch_imm):
+        (JSC::Machine::cti_op_switch_char):
+        (JSC::Machine::cti_op_switch_string):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_put_getter):
+        (JSC::Machine::cti_op_put_setter):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_op_debug):
+        (JSC::Machine::cti_vm_throw):
+
+2008-10-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Optimize op_call by allowing call sites to be directly linked to callees.
+
+        For the hot path of op_call, CTI now generates a check (initially for an impossible
+        value), and the first time the call is executed we attempt to link the call directly
+        to the callee.  We can currently only do so if the arity of the caller and callee
+        match.  The (optimized) setup for the call on the hot path is linked directly to
+        the ctiCode for the callee, without indirection.
+        
+        Two forms of the slow case of the call are generated, the first will be executed the
+        first time the call is reached.  As well as this path attempting to link the call to
+        a callee, it also relinks the slow case to a second slow case, which will not continue
+        to attempt relinking the call.  (This policy could be changed in future, but for not
+        this is intended to prevent thrashing).
+
+        If a callee that the caller has been linked to is garbage collected, then the link
+        in the caller's JIt code will be reset back to a value that cannot match - to prevent
+        any false positive matches.
+
+        ~20% progression on deltablue & richards, >12% overall reduction in v8-tests
+        runtime, one or two percent progression on sunspider.
+
+        Reviewed by Oliver Hunt.
+
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitNakedCall):
+        (JSC::unreachable):
+        (JSC::CTI::compileOpCallInitializeCallFrame):
+        (JSC::CTI::compileOpCallSetupArgs):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::unlinkCall):
+        (JSC::CTI::linkCall):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        (JSC::CodeBlock::derefStructureIDs):
+        * VM/CodeBlock.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::CallLinkInfo::CallLinkInfo):
+        (JSC::CodeBlock::addCaller):
+        (JSC::CodeBlock::removeCaller):
+        (JSC::CodeBlock::getStubInfo):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_profiler):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_lazyLinkCall):
+        (JSC::Machine::cti_op_construct_JSConstructFast):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        * VM/Machine.h:
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::~JSFunction):
+        * kjs/JSFunction.h:
+        * kjs/nodes.h:
+        (JSC::FunctionBodyNode::):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::getDifferenceBetweenLabels):
+
+2008-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff Garen.
+        
+        - remove ASSERT that makes the leaks buildbot cry
+
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+
+2008-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich
+        
+        - don't bother to do arguments tearoff when it will have no effect
+
+        ~1% on v8 raytrace
+        
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitReturn):
+
+2008-10-17  Marco Barisione  <marco.barisione@collabora.co.uk>
+
+        Reviewed by Sam Weinig. Landed by Jan Alonzo.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21603
+        [GTK] Minor fixes to GOwnPtr
+
+        * wtf/GOwnPtr.cpp:
+        (WTF::GError):
+        (WTF::GList):
+        (WTF::GCond):
+        (WTF::GMutex):
+        (WTF::GPatternSpec):
+        (WTF::GDir):
+        * wtf/GOwnPtr.h:
+        (WTF::freeOwnedGPtr):
+        (WTF::GOwnPtr::~GOwnPtr):
+        (WTF::GOwnPtr::outPtr):
+        (WTF::GOwnPtr::set):
+        (WTF::GOwnPtr::clear):
+        * wtf/Threading.h:
+
+2008-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - speed up transitions that resize the property storage a fair bit
+        
+        ~3% speedup on v8 RayTrace benchmark, ~1% on DeltaBlue
+
+        * VM/CTI.cpp:
+        (JSC::resizePropertyStorage): renamed from transitionObject, and reduced to just resize
+        the object's property storage with one inline call.
+        (JSC::CTI::privateCompilePutByIdTransition): Use a separate function for property storage
+        resize, but still do all the rest of the work in assembly in that case, and pass the known
+        compile-time constants of old and new size rather than structureIDs, saving a bunch of
+        redundant memory access.
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::allocatePropertyStorage): Just call the inline version.
+        * kjs/JSObject.h:
+        (JSC::JSObject::allocatePropertyStorageInline): Inline version of allocatePropertyStorage
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::pushl_i32): Add code to assmeble push of a constant; code originally by Cameron Zwarich.
+
+2008-10-17  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove some C style casts.
+
+        * masm/X86Assembler.h:
+        (JSC::JITCodeBuffer::putIntUnchecked):
+        (JSC::X86Assembler::link):
+        (JSC::X86Assembler::linkAbsoluteAddress):
+        (JSC::X86Assembler::getRelocatedAddress):
+
+2008-10-17  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Maciej Stachowiak.
+
+        Remove some C style casts.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        * VM/Machine.cpp:
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::tryCTICacheGetByID):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_fail):
+
+2008-10-17  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - Avoid restoring the caller's 'r' value in op_ret
+        https://bugs.webkit.org/show_bug.cgi?id=21319
+
+        This patch stops writing the call frame at call and return points;
+        instead it does so immediately before any CTI call.
+        
+        0.5% speedup or so on the v8 benchmark
+               
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCTICall):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h:
+
+2008-10-17  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Make WREC require CTI because it won't actually compile otherwise.
+
+        * wtf/Platform.h:
+
+2008-10-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
+        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
+
+        This time there is no performance regression; we can avoid having
+        to use the fastcall calling convention for CTI functions by using
+        varargs to prevent the compiler from moving things around on the
+        stack.
+        
+        * Configurations/DebugRelease.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        * VM/Machine.h:
+        * wtf/Platform.h:
+
+2008-10-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - fix for REGRESSION: r37631 causing crashes on buildbot
+        https://bugs.webkit.org/show_bug.cgi?id=21682
+        
+        * kjs/collector.cpp:
+        (JSC::Heap::collect): Avoid crashing when a GC occurs while no global objects are live.
+
+2008-10-16  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
+        Don't create intermediate StructureIDs for builtin objects
+
+        First step in reduce number of StructureIDs created when initializing the
+        JSGlobalObject.
+
+        - In order to avoid creating the intermediate StructureIDs use the new putDirectWithoutTransition
+          and putDirectFunctionWithoutTransition to add properties to JSObjects without transitioning
+          the StructureID.  This patch just implements this strategy for ObjectPrototype but alone
+          reduces the number of StructureIDs create for about:blank by 10, from 142 to 132.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::putDirectFunctionWithoutTransition):
+        * kjs/JSObject.h:
+        (JSC::JSObject::putDirectWithoutTransition):
+        * kjs/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * kjs/ObjectPrototype.h:
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::addPropertyWithoutTransition):
+        * kjs/StructureID.h:
+
+2008-10-16  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - fix for: REGRESSION: over 100 StructureIDs leak loading about:blank (result of fix for bug 21633)
+        
+        Apparent slight progression (< 0.5%) on v8 benchmarks and SunSpider.
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::~StructureID): Don't deref this object's parent's pointer to
+        itself from the destructor; that doesn't even make sense.
+        (JSC::StructureID::addPropertyTransition): Don't refer the single transition;
+        the rule is that parent StructureIDs are ref'd but child ones are not. Refing
+        the child creates a cycle.
+
+2008-10-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21609
+        Make MessagePorts protect their peers across heaps
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::markCrossHeapDependentObjects):
+        * kjs/JSGlobalObject.h:
+        * kjs/collector.cpp:
+        (JSC::Heap::collect):
+        Before GC sweep phase, a function supplied by global object is now called for all global
+        objects in the heap, making it possible to implement cross-heap dependencies.
+
+2008-10-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21610
+        run-webkit-threads --threaded crashes in StructureID destructor
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+        Protect access to a static (debug-only) HashSet with a lock.
+
+2008-10-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Goeffrey Garen.
+
+        Add function to dump statistics for StructureIDs.
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::dumpStatistics):
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+        * kjs/StructureID.h:
+
+2008-10-15  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21633: Avoid using a HashMap when there is only a single transition
+        <https://bugs.webkit.org/show_bug.cgi?id=21633>
+
+        This is a 0.8% speedup on SunSpider and between a 0.5% and 1.0% speedup
+        on the V8 benchmark suite, depending on which harness we use. It will
+        also slightly reduce the memory footprint of a StructureID.
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+        (JSC::StructureID::addPropertyTransition):
+        * kjs/StructureID.h:
+        (JSC::StructureID::):
+
+2008-10-15  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Geoffrey Garen.
+
+        1.40% speedup on SunSpider, 1.44% speedup on V8. (Linux)
+        
+        No change on Mac.
+
+        * VM/Machine.cpp:
+        (JSC::fastIsNumber): ALWAYS_INLINE modifier added.
+
+2008-10-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21345
+        Start the debugger without reloading the inspected page
+
+        * JavaScriptCore.exp: New symbols.
+        * JavaScriptCore.xcodeproj/project.pbxproj: New files.
+
+        * VM/CodeBlock.h:
+        (JSC::EvalCodeCache::get): Updated for tweak to parsing API.
+
+        * kjs/CollectorHeapIterator.h: Added. An iterator for the object heap,
+        which we use to find all the live functions and recompile them.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate): Updated for tweak to parsing API.
+
+        * kjs/FunctionConstructor.cpp:
+        (JSC::constructFunction): Updated for tweak to parsing API.
+
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction): Try to validate our SourceCode in debug
+        builds by ASSERTing that it's syntactically valid. This doesn't catch
+        all SourceCode bugs, but it catches a lot of them.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval): Updated for tweak to parsing API.
+
+        * kjs/Parser.cpp:
+        (JSC::Parser::parse):
+        * kjs/Parser.h:
+        (JSC::Parser::parse): Tweaked the parser to make it possible to parse
+        without an ExecState, and to allow the client to specify a debugger to
+        notify (or not) about the source we parse. This allows the inspector
+        to recompile even though no JavaScript is executing, then notify the
+        debugger about all source code when it's done.
+
+        * kjs/Shell.cpp:
+        (prettyPrintScript): Updated for tweak to parsing API.
+
+        * kjs/SourceRange.h:
+        (JSC::SourceCode::isNull): Added to help with ASSERTs.
+
+        * kjs/collector.cpp:
+        (JSC::Heap::heapAllocate):
+        (JSC::Heap::sweep):
+        (JSC::Heap::primaryHeapBegin):
+        (JSC::Heap::primaryHeapEnd):
+        * kjs/collector.h:
+        (JSC::): Moved a bunch of declarations around to enable compilation of
+        CollectorHeapIterator.
+
+        * kjs/interpreter.cpp:
+        (JSC::Interpreter::checkSyntax):
+        (JSC::Interpreter::evaluate): Updated for tweak to parsing API.
+
+        * kjs/lexer.h:
+        (JSC::Lexer::sourceCode): BUG FIX: Calculate SourceCode ranges relative
+        to the SourceCode range in which we're lexing, otherwise nested functions
+        that are compiled individually get SourceCode ranges that don't reflect
+        their nesting.
+
+        * kjs/nodes.cpp:
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::finishParsing):
+        (JSC::FunctionBodyNode::create):
+        (JSC::FunctionBodyNode::copyParameters):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::setSource):
+        (JSC::FunctionBodyNode::parameterCount): Added some helper functions for
+        copying one FunctionBodyNode's parameters to another. The recompiler uses
+        these when calling "finishParsing".
+
+2008-10-15  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Darin Adler.
+
+        - part of https://bugs.webkit.org/show_bug.cgi?id=20746
+          Fix compilation on Windows CE.
+
+        str(n)icmp, strdup and vsnprintf are not available on Windows CE,
+        they are called _str(n)icmp, etc. instead
+
+        * wtf/StringExtras.h: Added inline function implementations.
+
+2008-10-15  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Cameron Zwarich.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=20912>
+        Use simple uint32_t multiplication on op_mul if both operands are
+        immediate number and they are between zero and 0x7FFF.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-09  Darin Fisher  <darin@chromium.org>
+
+        Reviewed by Sam Weinig.
+
+        Make pan scrolling a platform configurable option.
+        https://bugs.webkit.org/show_bug.cgi?id=21515
+
+        * wtf/Platform.h: Add ENABLE_PAN_SCROLLING
+
+2008-10-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Sam Weinig.
+        
+        - revert r37572 and r37581 for now
+        
+        Turns out GCC 4.2 is still a (small) regression, we'll have to do
+        more work to turn it on.
+
+        * Configurations/DebugRelease.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_end):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_timeout_check):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_loop_if_less):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_second):
+        (JSC::Machine::cti_op_put_by_id_generic):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_put_by_val):
+        (JSC::Machine::cti_op_put_by_val_array):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_jless):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_post_dec):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_get_pnames):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_push_scope):
+        (JSC::Machine::cti_op_pop_scope):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_jmp_scopes):
+        (JSC::Machine::cti_op_put_by_index):
+        (JSC::Machine::cti_op_switch_imm):
+        (JSC::Machine::cti_op_switch_char):
+        (JSC::Machine::cti_op_switch_string):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_put_getter):
+        (JSC::Machine::cti_op_put_setter):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_op_debug):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitRestoreArgumentReference):
+        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
+        * wtf/Platform.h:
+
+2008-10-14  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20256
+        Array.push and other standard methods disappear
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData):
+        Don't use static hash tables even on platforms that don't enable JSC_MULTIPLE_THREADS -
+        these tables reference IdentifierTable, which is always per-GlobalData.
+
+2008-10-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - always use CTI_ARGUMENTS and CTI_ARGUMENTS_FASTCALL
+        
+        This is a small regression for GCC 4.0, but simplifies the code
+        for future improvements and lets us focus on GCC 4.2+ and MSVC.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_end):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_timeout_check):
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_loop_if_less):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_second):
+        (JSC::Machine::cti_op_put_by_id_generic):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_put_by_val):
+        (JSC::Machine::cti_op_put_by_val_array):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_jless):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_post_dec):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_get_pnames):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_push_scope):
+        (JSC::Machine::cti_op_pop_scope):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_jmp_scopes):
+        (JSC::Machine::cti_op_put_by_index):
+        (JSC::Machine::cti_op_switch_imm):
+        (JSC::Machine::cti_op_switch_char):
+        (JSC::Machine::cti_op_switch_string):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_put_getter):
+        (JSC::Machine::cti_op_put_setter):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_op_debug):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitRestoreArgumentReference):
+        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
+        * wtf/Platform.h:
+
+2008-10-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - make Machine::getArgumentsData an Arguments method and inline it
+        
+        ~2% on v8 raytrace
+
+        * VM/Machine.cpp:
+        * kjs/Arguments.h:
+        (JSC::Machine::getArgumentsData):
+
+2008-10-13  Alp Toker  <alp@nuanti.com>
+
+        Fix autotools dist build target by listing recently added header
+        files only. Not reviewed.
+
+        * GNUmakefile.am:
+
+2008-10-13  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Mark Rowe.
+        
+        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
+        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
+
+        * Configurations/DebugRelease.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-10-13  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21541: Move RegisterFile growth check to callee
+        <https://bugs.webkit.org/show_bug.cgi?id=21541>
+
+        Move the RegisterFile growth check to the callee in the common case,
+        where some of the information is known statically at JIT time. There is
+        still a check in the caller in the case where the caller provides too
+        few arguments.
+
+        This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
+        the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
+        1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
+        SunSpider.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompile):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+        * VM/RegisterFile.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::cmpl_mr):
+        (JSC::X86Assembler::emitUnlinkedJg):
+
+2008-10-13  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21577
+        5 false positive StructureID leaks
+
+        - Add leak ignore set to StructureID to selectively ignore leaking some StructureIDs.
+        - Add create method to JSGlolalData to be used when the data will be intentionally
+          leaked and ignore all leaks caused the StructureIDs stored in it.
+
+        * JavaScriptCore.exp:
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::createLeaked):
+        * kjs/JSGlobalData.h:
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+        (JSC::StructureID::startIgnoringLeaks):
+        (JSC::StructureID::stopIgnoringLeaks):
+        * kjs/StructureID.h:
+
+2008-10-13  Marco Barisione  <marco.barisione@collabora.co.uk>
+
+        Reviewed by Darin Adler. Landed by Jan Alonzo.
+
+        WebKit GTK Port needs a smartpointer to handle g_free (GFreePtr?)
+        http://bugs.webkit.org/show_bug.cgi?id=20483
+
+        Add a GOwnPtr smart pointer (similar to OwnPtr) to handle memory
+        allocated by GLib and start the conversion to use it.
+
+        * GNUmakefile.am:
+        * wtf/GOwnPtr.cpp: Added.
+        (WTF::GError):
+        (WTF::GList):
+        (WTF::GCond):
+        (WTF::GMutex):
+        (WTF::GPatternSpec):
+        (WTF::GDir):
+        * wtf/GOwnPtr.h: Added.
+        (WTF::freeOwnedPtr):
+        (WTF::GOwnPtr::GOwnPtr):
+        (WTF::GOwnPtr::~GOwnPtr):
+        (WTF::GOwnPtr::get):
+        (WTF::GOwnPtr::release):
+        (WTF::GOwnPtr::rawPtr):
+        (WTF::GOwnPtr::set):
+        (WTF::GOwnPtr::clear):
+        (WTF::GOwnPtr::operator*):
+        (WTF::GOwnPtr::operator->):
+        (WTF::GOwnPtr::operator!):
+        (WTF::GOwnPtr::operator UnspecifiedBoolType):
+        (WTF::GOwnPtr::swap):
+        (WTF::swap):
+        (WTF::operator==):
+        (WTF::operator!=):
+        (WTF::getPtr):
+        * wtf/Threading.h:
+        * wtf/ThreadingGtk.cpp:
+        (WTF::Mutex::~Mutex):
+        (WTF::Mutex::lock):
+        (WTF::Mutex::tryLock):
+        (WTF::Mutex::unlock):
+        (WTF::ThreadCondition::~ThreadCondition):
+        (WTF::ThreadCondition::wait):
+        (WTF::ThreadCondition::timedWait):
+        (WTF::ThreadCondition::signal):
+        (WTF::ThreadCondition::broadcast):
+
+2008-10-12  Gabriella Toth  <gtoth@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        - part of https://bugs.webkit.org/show_bug.cgi?id=21055
+          Bug 21055: not invoked functions
+
+        * kjs/nodes.cpp: Deleted a function that is not invoked:
+        statementListInitializeVariableAccessStack.
+
+2008-10-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        * wtf/unicode/icu/UnicodeIcu.h: Fixed indentation to match WebKit coding style.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+2008-10-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21556
+          Bug 21556: non-ASCII digits are allowed in places where only ASCII should be
+
+        * wtf/unicode/icu/UnicodeIcu.h: Removed isDigit, digitValue, and isFormatChar.
+        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
+
+2008-10-12  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Make the append method that takes a Vector more strict - it now requires the elements 
+        of the vector to be appended same type as the elements of the Vector they're being appended to.
+        
+        This would cause problems when dealing with Vectors containing other Vectors.
+        
+        * wtf/Vector.h:
+        (WTF::::append):
+
+2008-10-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Clean up RegExpMatchesArray.h to match our coding style.
+
+        * kjs/RegExpMatchesArray.h:
+        (JSC::RegExpMatchesArray::getOwnPropertySlot):
+        (JSC::RegExpMatchesArray::put):
+        (JSC::RegExpMatchesArray::deleteProperty):
+        (JSC::RegExpMatchesArray::getPropertyNames):
+
+2008-10-11  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Bug 21525: 55 StructureID leaks on Wikitravel's main page
+        <https://bugs.webkit.org/show_bug.cgi?id=21525>
+
+        Bug 21533: Simple JavaScript code leaks StructureIDs
+        <https://bugs.webkit.org/show_bug.cgi?id=21533>
+
+        StructureID::getEnumerablePropertyNames() ends up calling back to itself
+        via JSObject::getPropertyNames(), which causes the PropertyNameArray to
+        be cached twice. This leads to a memory leak in almost every use of
+        JSObject::getPropertyNames() on an object. The fix here is based on a
+        suggestion of Sam Weinig.
+
+        This patch also fixes every StructureID leaks that occurs while running
+        the Mozilla MemBuster test.
+
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArray::PropertyNameArray):
+        (JSC::PropertyNameArray::setCacheable):
+        (JSC::PropertyNameArray::cacheable):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames):
+
+2008-10-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Use fastcall calling convention on GCC > 4.0
+
+        Results in a 2-3% improvement in GCC 4.2 performance, so
+        that it is no longer a regression vs. GCC 4.0
+
+        * VM/CTI.cpp:
+        * VM/Machine.h:
+        * wtf/Platform.h:
+
+2008-10-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        - Add a workaround for a bug in ceil in Darwin libc.
+        - Remove old workarounds for JS math functions that are not needed
+          anymore.
+
+        The math functions are heavily tested by fast/js/math.html.
+
+        * kjs/MathObject.cpp:
+        (JSC::mathProtoFuncAbs): Remove workaround.
+        (JSC::mathProtoFuncCeil): Ditto.
+        (JSC::mathProtoFuncFloor): Ditto.
+        * wtf/MathExtras.h:
+        (wtf_ceil): Add ceil workaround for darwin.
+
+2008-10-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler
+
+        Add Assertions to JSObject constructor.
+
+        * kjs/JSObject.h:
+        (JSC::JSObject::JSObject):
+
+2008-10-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Remove now unused m_getterSetterFlag variable from PropertyMap.
+
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::operator=):
+        * kjs/PropertyMap.h:
+        (JSC::PropertyMap::PropertyMap):
+
+2008-10-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add leaks checking to StructureID.
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::~StructureID):
+
+2008-10-09  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20760
+        Implement support for x86 Linux in CTI
+
+        Prepare to enable CTI/WREC on supported architectures.
+
+        Make it possible to use the CTI_ARGUMENT workaround with GCC as well
+        as MSVC by fixing some preprocessor conditionals.
+
+        Note that CTI/WREC no longer requires CTI_ARGUMENT on Linux so we
+        don't actually enable it except when building with MSVC. GCC on Win32
+        remains untested.
+
+        Adapt inline ASM code to use the global symbol underscore prefix only
+        on Darwin and to call the properly mangled Machine::cti_vm_throw
+        symbol name depending on CTI_ARGUMENT.
+
+        Also avoid global inclusion of the JIT infrastructure headers
+        throughout WebCore and WebKit causing recompilation of about ~1500
+        source files after modification to X86Assembler.h, CTI.h, WREC.h,
+        which are only used deep inside JavaScriptCore.
+
+        * GNUmakefile.am:
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * kjs/regexp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::~RegExp):
+        (JSC::RegExp::match):
+        * kjs/regexp.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitConvertToFastCall):
+        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
+        (JSC::X86Assembler::emitRestoreArgumentReference):
+
+2008-10-09  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for bug #21160, x=0;1/(x*-1) == -Infinity
+
+        * ChangeLog:
+        * VM/CTI.cpp:
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::emitUnlinkedJs):
+
+2008-10-09  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 21459: REGRESSION (r37324): Safari crashes inside JavaScriptCore while browsing hulu.com
+        <https://bugs.webkit.org/show_bug.cgi?id=21459>
+
+        After r37324, an Arguments object does not mark an associated activation
+        object. This change was made because Arguments no longer directly used
+        the activation object in any way. However, if an activation is torn off,
+        then the backing store of Arguments becomes the register array of the
+        activation object. Arguments directly marks all of the arguments, but
+        the activation object is being collected, which causes its register
+        array to be freed and new memory to be allocated in its place.
+
+        Unfortunately, it does not seem possible to reproduce this issue in a
+        layout test.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::mark):
+        * kjs/Arguments.h:
+        (JSC::Arguments::setActivation):
+        (JSC::Arguments::Arguments):
+        (JSC::JSActivation::copyRegisters):
+
+2008-10-09  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Build fix for MinGW.
+
+        * wtf/AlwaysInline.h:
+
+2008-10-08  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21497: REGRESSION (r37433): Bytecode JSC tests are severely broken
+        <https://bugs.webkit.org/show_bug.cgi?id=21497>
+
+        Fix a typo in r37433 that causes the failure of a large number of JSC
+        tests with the bytecode interpreter enabled.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-08  Mark Rowe  <mrowe@apple.com>
+
+        Windows build fix.
+
+        * VM/CTI.cpp:
+        (JSC::): Update type of argument to ctiTrampoline.
+
+2008-10-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21403
+          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
+
+        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
+        client over to the new name.
+
+        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
+        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
+        accessor functions to get at things in the frame.
+
+        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
+        JSGlobalData* and in other cases eliminating them entirely.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        * API/OpaqueJSString.cpp:
+        * API/OpaqueJSString.h:
+        * VM/CTI.cpp:
+        (JSC::CTI::getConstant):
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp):
+        (JSC::CodeGenerator::emitLoad):
+        (JSC::CodeGenerator::emitUnexpectedLoad):
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAddSlowCase):
+        (JSC::jsAdd):
+        (JSC::jsTypeStringForValue):
+        (JSC::Machine::resolve):
+        (JSC::Machine::resolveSkip):
+        (JSC::Machine::resolveGlobal):
+        (JSC::inlineResolveBase):
+        (JSC::Machine::resolveBase):
+        (JSC::Machine::resolveBaseAndProperty):
+        (JSC::Machine::resolveBaseAndFunc):
+        (JSC::Machine::slideRegisterWindowForCall):
+        (JSC::isNotObject):
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::throwException):
+        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
+        (JSC::Machine::execute):
+        (JSC::Machine::debug):
+        (JSC::Machine::createExceptionScope):
+        (JSC::cachePrototypeChain):
+        (JSC::Machine::tryCachePutByID):
+        (JSC::Machine::tryCacheGetByID):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::retrieveCaller):
+        (JSC::Machine::retrieveLastCaller):
+        (JSC::Machine::findFunctionCallFrame):
+        (JSC::Machine::getArgumentsData):
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::getCTIArrayLengthTrampoline):
+        (JSC::Machine::getCTIStringLengthTrampoline):
+        (JSC::Machine::tryCTICacheGetByID):
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_end):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_timeout_check):
+        (JSC::Machine::cti_op_loop_if_less):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_second):
+        (JSC::Machine::cti_op_put_by_id_generic):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_put_by_val):
+        (JSC::Machine::cti_op_put_by_val_array):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_jless):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_post_dec):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_get_pnames):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_push_scope):
+        (JSC::Machine::cti_op_pop_scope):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_jmp_scopes):
+        (JSC::Machine::cti_op_put_by_index):
+        (JSC::Machine::cti_op_switch_imm):
+        (JSC::Machine::cti_op_switch_char):
+        (JSC::Machine::cti_op_switch_string):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_put_getter):
+        (JSC::Machine::cti_op_put_setter):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_op_debug):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * VM/RegisterFile.h:
+        * kjs/Arguments.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::functionName):
+        (JSC::DebuggerCallFrame::type):
+        (JSC::DebuggerCallFrame::thisObject):
+        (JSC::DebuggerCallFrame::evaluate):
+        * kjs/DebuggerCallFrame.h:
+        * kjs/ExecState.cpp:
+        (JSC::CallFrame::thisValue):
+        * kjs/ExecState.h:
+        * kjs/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        (JSC::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * kjs/JSVariableObject.h:
+        * kjs/Parser.cpp:
+        (JSC::Parser::parse):
+        * kjs/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * kjs/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * kjs/Shell.cpp:
+        (prettyPrintScript):
+        * kjs/StringPrototype.cpp:
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        * kjs/identifier.cpp:
+        (JSC::Identifier::checkSameIdentifierTable):
+        * kjs/interpreter.cpp:
+        (JSC::Interpreter::checkSyntax):
+        (JSC::Interpreter::evaluate):
+        * kjs/nodes.cpp:
+        (JSC::ThrowableExpressionData::emitThrowError):
+        (JSC::RegExpNode::emitCode):
+        (JSC::ArrayNode::emitCode):
+        (JSC::InstanceOfNode::emitCode):
+        * kjs/nodes.h:
+        * kjs/regexp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::create):
+        * kjs/regexp.h:
+        * profiler/HeavyProfile.h:
+        * profiler/Profile.h:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+
+2008-10-08  Mark Rowe  <mrowe@apple.com>
+
+        Typed by Maciej Stachowiak, reviewed by Mark Rowe.
+
+        Fix crash in fast/js/constant-folding.html with CTI disabled.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-08  Timothy Hatcher  <timothy@apple.com>
+
+        Roll out r37427 because it causes an infinite recursion loading about:blank.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21476
+
+2008-10-08  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21403
+          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
+
+        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
+        client over to the new name.
+
+        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
+        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
+        accessor functions to get at things in the frame.
+
+        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
+        JSGlobalData* and in other cases eliminating them entirely.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectDeleteProperty):
+        * API/OpaqueJSString.cpp:
+        * API/OpaqueJSString.h:
+        * VM/CTI.cpp:
+        (JSC::CTI::getConstant):
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+        (JSC::CTI::printOpcodeOperandTypes):
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp):
+        (JSC::CodeGenerator::emitLoad):
+        (JSC::CodeGenerator::emitUnexpectedLoad):
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::jsLess):
+        (JSC::jsLessEq):
+        (JSC::jsAddSlowCase):
+        (JSC::jsAdd):
+        (JSC::jsTypeStringForValue):
+        (JSC::Machine::resolve):
+        (JSC::Machine::resolveSkip):
+        (JSC::Machine::resolveGlobal):
+        (JSC::inlineResolveBase):
+        (JSC::Machine::resolveBase):
+        (JSC::Machine::resolveBaseAndProperty):
+        (JSC::Machine::resolveBaseAndFunc):
+        (JSC::Machine::slideRegisterWindowForCall):
+        (JSC::isNotObject):
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::throwException):
+        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
+        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
+        (JSC::Machine::execute):
+        (JSC::Machine::debug):
+        (JSC::Machine::createExceptionScope):
+        (JSC::cachePrototypeChain):
+        (JSC::Machine::tryCachePutByID):
+        (JSC::Machine::tryCacheGetByID):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::retrieveCaller):
+        (JSC::Machine::retrieveLastCaller):
+        (JSC::Machine::findFunctionCallFrame):
+        (JSC::Machine::getArgumentsData):
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::getCTIArrayLengthTrampoline):
+        (JSC::Machine::getCTIStringLengthTrampoline):
+        (JSC::Machine::tryCTICacheGetByID):
+        (JSC::Machine::cti_op_convert_this):
+        (JSC::Machine::cti_op_end):
+        (JSC::Machine::cti_op_add):
+        (JSC::Machine::cti_op_pre_inc):
+        (JSC::Machine::cti_timeout_check):
+        (JSC::Machine::cti_op_loop_if_less):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        (JSC::Machine::cti_op_new_object):
+        (JSC::Machine::cti_op_put_by_id):
+        (JSC::Machine::cti_op_put_by_id_second):
+        (JSC::Machine::cti_op_put_by_id_generic):
+        (JSC::Machine::cti_op_put_by_id_fail):
+        (JSC::Machine::cti_op_get_by_id):
+        (JSC::Machine::cti_op_get_by_id_second):
+        (JSC::Machine::cti_op_get_by_id_generic):
+        (JSC::Machine::cti_op_get_by_id_fail):
+        (JSC::Machine::cti_op_instanceof):
+        (JSC::Machine::cti_op_del_by_id):
+        (JSC::Machine::cti_op_mul):
+        (JSC::Machine::cti_op_new_func):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        (JSC::Machine::cti_op_new_array):
+        (JSC::Machine::cti_op_resolve):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_get_by_val):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_sub):
+        (JSC::Machine::cti_op_put_by_val):
+        (JSC::Machine::cti_op_put_by_val_array):
+        (JSC::Machine::cti_op_lesseq):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_negate):
+        (JSC::Machine::cti_op_resolve_base):
+        (JSC::Machine::cti_op_resolve_skip):
+        (JSC::Machine::cti_op_resolve_global):
+        (JSC::Machine::cti_op_div):
+        (JSC::Machine::cti_op_pre_dec):
+        (JSC::Machine::cti_op_jless):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_lshift):
+        (JSC::Machine::cti_op_bitand):
+        (JSC::Machine::cti_op_rshift):
+        (JSC::Machine::cti_op_bitnot):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_new_func_exp):
+        (JSC::Machine::cti_op_mod):
+        (JSC::Machine::cti_op_less):
+        (JSC::Machine::cti_op_neq):
+        (JSC::Machine::cti_op_post_dec):
+        (JSC::Machine::cti_op_urshift):
+        (JSC::Machine::cti_op_bitxor):
+        (JSC::Machine::cti_op_new_regexp):
+        (JSC::Machine::cti_op_bitor):
+        (JSC::Machine::cti_op_call_eval):
+        (JSC::Machine::cti_op_throw):
+        (JSC::Machine::cti_op_get_pnames):
+        (JSC::Machine::cti_op_next_pname):
+        (JSC::Machine::cti_op_push_scope):
+        (JSC::Machine::cti_op_pop_scope):
+        (JSC::Machine::cti_op_typeof):
+        (JSC::Machine::cti_op_to_jsnumber):
+        (JSC::Machine::cti_op_in):
+        (JSC::Machine::cti_op_push_new_scope):
+        (JSC::Machine::cti_op_jmp_scopes):
+        (JSC::Machine::cti_op_put_by_index):
+        (JSC::Machine::cti_op_switch_imm):
+        (JSC::Machine::cti_op_switch_char):
+        (JSC::Machine::cti_op_switch_string):
+        (JSC::Machine::cti_op_del_by_val):
+        (JSC::Machine::cti_op_put_getter):
+        (JSC::Machine::cti_op_put_setter):
+        (JSC::Machine::cti_op_new_error):
+        (JSC::Machine::cti_op_debug):
+        (JSC::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * VM/Register.h:
+        * VM/RegisterFile.h:
+        * kjs/Arguments.h:
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::functionName):
+        (JSC::DebuggerCallFrame::type):
+        (JSC::DebuggerCallFrame::thisObject):
+        (JSC::DebuggerCallFrame::evaluate):
+        * kjs/DebuggerCallFrame.h:
+        * kjs/ExecState.cpp:
+        (JSC::CallFrame::thisValue):
+        * kjs/ExecState.h:
+        * kjs/FunctionConstructor.cpp:
+        (JSC::constructFunction):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        (JSC::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval):
+        * kjs/JSVariableObject.h:
+        * kjs/Parser.cpp:
+        (JSC::Parser::parse):
+        * kjs/RegExpConstructor.cpp:
+        (JSC::constructRegExp):
+        * kjs/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncCompile):
+        * kjs/Shell.cpp:
+        (prettyPrintScript):
+        * kjs/StringPrototype.cpp:
+        (JSC::stringProtoFuncMatch):
+        (JSC::stringProtoFuncSearch):
+        * kjs/identifier.cpp:
+        (JSC::Identifier::checkSameIdentifierTable):
+        * kjs/interpreter.cpp:
+        (JSC::Interpreter::checkSyntax):
+        (JSC::Interpreter::evaluate):
+        * kjs/nodes.cpp:
+        (JSC::ThrowableExpressionData::emitThrowError):
+        (JSC::RegExpNode::emitCode):
+        (JSC::ArrayNode::emitCode):
+        (JSC::InstanceOfNode::emitCode):
+        * kjs/nodes.h:
+        * kjs/regexp.cpp:
+        (JSC::RegExp::RegExp):
+        (JSC::RegExp::create):
+        * kjs/regexp.h:
+        * profiler/HeavyProfile.h:
+        * profiler/Profile.h:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+
+2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
+
+        Reviewed by Oliver Hunt.
+
+        Avoid endless loops when compiling without the computed goto
+        optimization.
+
+        NEXT_OPCODE expands to "continue", which will not work inside
+        loops.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-10-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Re-landing the following fix with the crashing bug in it fixed (r37405):
+        
+        - optimize away multiplication by constant 1.0
+        
+        2.3% speedup on v8 RayTrace benchmark
+
+        Apparently it's not uncommon for JavaScript code to multiply by
+        constant 1.0 in the mistaken belief that this converts integer to
+        floating point and that there is any operational difference.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
+        case where parameter is already number.
+        (JSC::CTI::privateCompileSlowCases): ditto
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): ditto
+        * kjs/grammar.y:
+        (makeMultNode): Transform as follows:
+        +FOO * BAR ==> FOO * BAR
+        FOO * +BAR ==> FOO * BAR
+        FOO * 1 ==> +FOO
+        1 * FOO ==> +FOO
+        (makeDivNode): Transform as follows:
+        +FOO / BAR ==> FOO / BAR
+        FOO / +BAR ==> FOO / BAR
+        (makeSubNode): Transform as follows:
+        +FOO - BAR ==> FOO - BAR
+        FOO - +BAR ==> FOO - BAR
+        * kjs/nodes.h:
+        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
+        grammar.y changes
+        (JSC::UnaryPlusNode::stripUnaryPlus): ditto
+
+2008-10-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - correctly handle appending -0 to a string, it should stringify as just 0
+
+        * kjs/ustring.cpp:
+        (JSC::concatenate):
+
+2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix WebKit compilation with VC2008SP1
+
+        Apply the TR1 workaround for JavaScriptCore, too.
+
+        * JavaScriptCore.pro:
+
+2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix compilation errors on VS2008 64Bit
+
+        * kjs/collector.cpp:
+        (JSC::currentThreadStackBase):
+
+2008-10-08  André Pönitz  <apoenitz@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix compilation with Qt namespaces.
+
+        * wtf/Threading.h:
+
+2008-10-07  Sam Weinig  <sam@webkit.org>
+
+        Roll out r37405.
+
+2008-10-07  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Switch CTI runtime calls to the fastcall calling convention
+
+        Basically this means that we get to store the argument for CTI
+        calls in the ECX register, which saves a register->memory write
+        and subsequent memory->register read.
+        
+        This is a 1.7% progression in SunSpider and 2.4% on commandline
+        v8 tests on Windows
+
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        * VM/CTI.h:
+        * VM/Machine.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitRestoreArgumentReference):
+        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
+          We need this to correctly reload ecx from inside certain property access
+          trampolines.
+        * wtf/Platform.h:
+
+2008-10-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        - optimize away multiplication by constant 1.0
+        
+        2.3% speedup on v8 RayTrace benchmark
+
+        Apparently it's not uncommon for JavaScript code to multiply by
+        constant 1.0 in the mistaken belief that this converts integer to
+        floating point and that there is any operational difference.
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
+        case where parameter is already number.
+        (JSC::CTI::privateCompileSlowCases): ditto
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): ditto
+        * kjs/grammar.y:
+        (makeMultNode): Transform as follows:
+        +FOO * BAR ==> FOO * BAR
+        FOO * +BAR ==> FOO * BAR
+        FOO * 1 ==> +FOO
+        1 * FOO ==> +FOO
+        (makeDivNode): Transform as follows:
+        +FOO / BAR ==> FOO / BAR
+        FOO / +BAR ==> FOO / BAR
+        (makeSubNode): Transform as follows:
+        +FOO - BAR ==> FOO - BAR
+        FOO - +BAR ==> FOO - BAR
+        * kjs/nodes.h:
+        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
+        grammar.y changes
+        (JSC::UnaryPlusNode::stripUnaryPlus): ditto
+
+2008-10-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - make constant folding code more consistent
+        
+        Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
+        instead of allocating nodes directly in other places in the grammar.
+
+        * kjs/grammar.y:
+
+2008-10-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Move hasGetterSetterProperties flag from PropertyMap to StructureID.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::put):
+        (JSC::JSObject::defineGetter):
+        (JSC::JSObject::defineSetter):
+        * kjs/JSObject.h:
+        (JSC::JSObject::hasGetterSetterProperties):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSObject::getOwnPropertySlot):
+        * kjs/PropertyMap.h:
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::addPropertyTransition):
+        (JSC::StructureID::toDictionaryTransition):
+        (JSC::StructureID::changePrototypeTransition):
+        (JSC::StructureID::getterSetterTransition):
+        * kjs/StructureID.h:
+        (JSC::StructureID::hasGetterSetterProperties):
+        (JSC::StructureID::setHasGetterSetterProperties):
+
+2008-10-07  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Roll r37370 back in with bug fixes.
+
+        - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
+          and has nothing to do with the internal deletedSentinel count anymore.
+
+2008-10-07  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Move callframe initialization into JIT code, again.
+        
+        As a part of the restructuring the second result from functions is now
+        returned in edx, allowing the new value of 'r' to be returned via a
+        register, and stored to the stack from JIT code, too.
+
+        4.5% progression on v8-tests. (3% in their harness)
+
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitCall):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/CTI.h:
+        (JSC::CallRecord::CallRecord):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_resolve_func):
+        (JSC::Machine::cti_op_post_inc):
+        (JSC::Machine::cti_op_resolve_with_base):
+        (JSC::Machine::cti_op_post_dec):
+        * VM/Machine.h:
+        * kjs/JSFunction.h:
+        * kjs/ScopeChain.h:
+
+2008-10-07  Mark Rowe  <mrowe@apple.com>
+
+        Fix typo in method name.
+
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+
+2008-10-07  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Mark Rowe.
+
+        Roll out r37370.
+
+2008-10-06  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
+        Improve the division between PropertyStorageArray and PropertyMap
+
+        - Rework ProperyMap to store offsets in the value so that they don't
+          change when rehashing.  This allows us not to have to keep the 
+          PropertyStorageArray in sync and thus not have to pass it in.
+        - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
+          now also return offsets.
+        - A Vector of deleted offsets is now needed since the storage is out of
+          band.
+
+        1% win on SunSpider.  Wash on V8 suite.
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::transitionWillNeedStorageRealloc):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        Transition logic can be greatly simplified by the fact that
+        the storage capacity is always known, and is correct for the
+        inline case.
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::put): Rename getOffset -> get.
+        (JSC::JSObject::deleteProperty): Ditto.
+        (JSC::JSObject::getPropertyAttributes): Ditto.
+        (JSC::JSObject::removeDirect): Use returned offset to
+        clear the value in the PropertyNameArray.
+        (JSC::JSObject::allocatePropertyStorage): Add assert.
+        * kjs/JSObject.h:
+        (JSC::JSObject::getDirect): Rename getOffset -> get
+        (JSC::JSObject::getDirectLocation): Rename getOffset -> get
+        (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
+        or not to resize.  Also, since put now returns an offset (and thus 
+        addPropertyTransition does also) setting of the PropertyStorageArray is
+        now done here.
+        (JSC::JSObject::transitionTo):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer 
+        passed in.
+        (JSC::PropertyMap::operator=): Copy the delete offsets vector.
+        (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
+        explicitly, return the offset where the value should go.
+        (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
+        explicitly, return the offset where the value should be removed.
+        (JSC::PropertyMap::get): Switch to using the stored offset, instead
+        of the implicit one.
+        (JSC::PropertyMap::insert):
+        (JSC::PropertyMap::expand): This is never called when m_table is null,
+        so remove that branch and add it as an assertion.
+        (JSC::PropertyMap::createTable): Consistency checks no longer take
+        a PropertyNameArray.
+        (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
+        now that it is completely out of band.
+        * kjs/PropertyMap.h:
+        (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
+        (JSC::PropertyMap::get): Switch to using the stored offset, instead
+        of the implicit one.
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to 
+        JSObject::inlineStorageCapacity.
+        (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
+        described below.
+        (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
+        (JSC::StructureID::toDictionaryTransition): Ditto.
+        (JSC::StructureID::changePrototypeTransition): Ditto.
+        (JSC::StructureID::getterSetterTransition): Ditto.
+        * kjs/StructureID.h:
+        (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
+        which is the current capacity for the JSObjects PropertyStorageArray.
+        It starts at the JSObject::inlineStorageCapacity (currently 2), then
+        when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
+        (currently 16), and after that doubles each time.
+
+2008-10-06  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 21396: Remove the OptionalCalleeActivation call frame slot
+        <https://bugs.webkit.org/show_bug.cgi?id=21396>
+
+        Remove the OptionalCalleeActivation call frame slot. We have to be
+        careful to store the activation object in a register, because objects
+        in the scope chain do not get marked.
+
+        This is a 0.3% speedup on both SunSpider and the V8 benchmark.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::emitReturn):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_push_activation):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+        (JSC::Machine::initializeCallFrame):
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::):
+
+2008-10-06  Tony Chang  <tony@chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Chromium doesn't use pthreads on windows, so make its use conditional.
+        
+        Also convert a WORD to a DWORD to avoid a compiler warning.  This
+        matches the other methods around it.
+
+        * wtf/ThreadingWin.cpp:
+        (WTF::wtfThreadEntryPoint):
+        (WTF::ThreadCondition::broadcast):
+
+2008-10-06  Mark Mentovai  <mark@moxienet.com>
+
+        Reviewed by Tim Hatcher.
+
+        Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
+        disabled on the Mac.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21333
+
+        * wtf/Platform.h:
+
+2008-10-06  Steve Falkenburg  <sfalken@apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=21416
+        Pass 0 for size to VirtualAlloc, as documented by MSDN.
+        Identified by Application Verifier.
+        
+        Reviewed by Darin Adler.
+
+        * kjs/collector.cpp:
+        (KJS::freeBlock):
+
+2008-10-06  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim Hatcheri and Oliver Hunt.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21412
+        Bug 21412: Refactor user initiated profile count to be more stable
+        - Export UString::from for use with creating the profile title.
+
+        * JavaScriptCore.exp:
+
+2008-10-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed. Build fix.
+        
+        - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these
+
+        * API/JSValueRef.cpp:
+        (JSValueToBoolean):
+        * ChangeLog:
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        * kjs/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncSome):
+        * kjs/BooleanConstructor.cpp:
+        (JSC::constructBoolean):
+        (JSC::callBooleanConstructor):
+        * kjs/GetterSetter.h:
+        * kjs/JSCell.h:
+        (JSC::JSValue::toBoolean):
+        * kjs/JSNumberCell.cpp:
+        (JSC::JSNumberCell::toBoolean):
+        * kjs/JSNumberCell.h:
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::toBoolean):
+        * kjs/JSObject.h:
+        * kjs/JSString.cpp:
+        (JSC::JSString::toBoolean):
+        * kjs/JSString.h:
+        * kjs/JSValue.h:
+        * kjs/RegExpConstructor.cpp:
+        (JSC::setRegExpConstructorMultiline):
+        * kjs/RegExpObject.cpp:
+        (JSC::RegExpObject::match):
+        * kjs/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncToString):
+
+2008-10-06  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        - optimize op_jtrue, op_loop_if_true and op_not in various ways
+        https://bugs.webkit.org/show_bug.cgi?id=21404
+        
+        1) Make JSValue::toBoolean nonvirtual and completely inline by
+        making use of the StructureID type field.
+        
+        2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
+        
+        3) Make op_not, op_loop_if_true and op_jtrue not read the
+        ExecState (toBoolean doesn't need it any more) and not check
+        exceptions (toBoolean can't throw).
+
+        * API/JSValueRef.cpp:
+        (JSValueToBoolean):
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_loop_if_true):
+        (JSC::Machine::cti_op_not):
+        (JSC::Machine::cti_op_jtrue):
+        * kjs/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncFilter):
+        (JSC::arrayProtoFuncEvery):
+        (JSC::arrayProtoFuncSome):
+        * kjs/BooleanConstructor.cpp:
+        (JSC::constructBoolean):
+        (JSC::callBooleanConstructor):
+        * kjs/GetterSetter.h:
+        * kjs/JSCell.h:
+        (JSC::JSValue::toBoolean):
+        * kjs/JSNumberCell.cpp:
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::toBoolean):
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        (JSC::JSObject::toBoolean):
+        (JSC::JSCell::toBoolean):
+        * kjs/JSString.cpp:
+        * kjs/JSString.h:
+        (JSC::JSString::toBoolean):
+        * kjs/JSValue.h:
+        * kjs/RegExpConstructor.cpp:
+        (JSC::setRegExpConstructorMultiline):
+        * kjs/RegExpObject.cpp:
+        (JSC::RegExpObject::match):
+        * kjs/RegExpPrototype.cpp:
+        (JSC::regExpProtoFuncToString):
+
+2008-10-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
+
+        Reviewed by Simon.
+
+        Build fix for MinGW.
+
+        * JavaScriptCore.pri:
+        * kjs/DateMath.cpp:
+        (JSC::highResUpTime):
+
+2008-10-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remove ScopeNode::containsClosures() now that it is unused.
+
+        * kjs/nodes.h:
+        (JSC::ScopeNode::containsClosures):
+
+2008-10-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - fix releas-only test failures caused by the fix to bug 21375
+
+        * VM/Machine.cpp:
+        (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
+        it now matters more to have a still-valid ExecState, since dynamicGlobalObject
+        will make use of the ExecState's scope chain.
+        * VM/Machine.h:
+
+2008-10-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
+        <https://bugs.webkit.org/show_bug.cgi?id=21364>
+
+        Use information from the parser to detect whether an activation is
+        needed or 'arguments' is used, and emit explicit instructions to tear
+        them off before op_ret. This allows a branch to be removed from op_ret
+        and simplifies some other code. This does cause a small change in the
+        behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
+        mentioned in the lexical scope of the function.
+
+        It should now be easy to remove the OptionaCalleeActivation slot in the
+        call frame, but this will be done in a later patch.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitReturn):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_tear_off_activation):
+        (JSC::Machine::cti_op_tear_off_arguments):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::mark):
+        * kjs/Arguments.h:
+        (JSC::Arguments::isTornOff):
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::copyRegisters):
+        (JSC::JSActivation::copyRegisters):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+
+2008-10-05  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
+        https://bugs.webkit.org/show_bug.cgi?id=21375
+        
+        The problem is that dynamicGlobalObject had become O(N) in number
+        of call frames, but unwinding the stack for an exception called it
+        for every call frame, resulting in O(N^2) behavior for an
+        exception thrown from inside deep recursion.
+
+        Instead of doing it that way, stash the dynamic global object in JSGlobalData.
+        
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
+        store and later restore a dynamicGlobalObject in JSGlobalData.
+        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
+        (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
+        For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
+        only if none is currently set.
+        * VM/Machine.h:
+        * kjs/ExecState.h:
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.h:
+        (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
+        Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
+        for the one stashed there.
+
+2008-10-05  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Avoid an extra lookup when transitioning to an existing StructureID
+        by caching the offset of property that caused the transition.
+
+        1% win on V8 suite.  Wash on SunSpider.
+
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::put):
+        * kjs/PropertyMap.h:
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::addPropertyTransition):
+        * kjs/StructureID.h:
+        (JSC::StructureID::setCachedTransistionOffset):
+        (JSC::StructureID::cachedTransistionOffset):
+
+2008-10-05  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
+        <https://bugs.webkit.org/show_bug.cgi?id=21364>
+
+        This patch does not yet remove the branch, but it does a bit of refactoring
+        so that a CodeGenerator now knows whether the associated CodeBlock will need
+        a full scope before doing any code generation. This makes it possible to emit
+        explicit tear-off instructions before every op_ret.
+
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate):
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::emitPushScope):
+        (JSC::CodeGenerator::emitPushNewScope):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::needsActivation):
+
+2008-10-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Fix for bug #21387 - using SamplingTool with CTI.
+
+        (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
+        (2) Fix an incusion order problem due to ExecState changes.
+        (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.
+
+        * VM/CTI.h:
+        (JSC::CTI::execute):
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::privateExecuteReturned):
+        * kjs/Shell.cpp:
+
+2008-10-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Tim Hatcher.
+
+        Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-10-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix https://bugs.webkit.org/show_bug.cgi?id=21320
+        leaks of PropertyNameArrayData seen on buildbot
+
+        - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
+          to the StructureID a weak pointer.
+
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArrayData::setCachedStructureID):
+        (JSC::PropertyNameArrayData::cachedStructureID):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames):
+        (JSC::StructureID::clearEnumerationCache):
+        (JSC::StructureID::~StructureID):
+
+2008-10-04  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21295
+          Bug 21295: Replace ExecState with a call frame Register pointer
+
+        10% faster on Richards; other v8 benchmarks faster too.
+        A wash on SunSpider.
+
+        This does the minimum necessary to get the speedup. Next step in
+        cleaning this up is to replace ExecState with a CallFrame class,
+        and be more judicious about when to pass a call frame and when
+        to pass a global data pointer, global object pointer, or perhaps
+        something else entirely.
+
+        * VM/CTI.cpp: Remove the debug-only check of the exception in
+        ctiVMThrowTrampoline -- already checked in the code the trampoline
+        jumps to, so not all that useful. Removed the exec argument from
+        ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
+        (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
+        (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
+        the exception from ExecState::m_exception; instead, the code that
+        jumps into catch will make sure the exception is already in eax.
+        * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
+        non-helpful "volatile". Temporarily left ARG_exec in as a synonym
+        for ARG_r; I'll change that on a future cleanup pass when introducing
+        more use of the CallFrame type.
+        (JSC::CTI::execute): Removed the ExecState* argument.
+
+        * VM/ExceptionHelpers.cpp:
+        (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
+        JSGlobalData* instead of ExecState*.
+        (JSC::createInterruptedExecutionException): Ditto.
+        * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.
+
+        * VM/Machine.cpp:
+        (JSC::slideRegisterWindowForCall): Removed the exec and
+        exceptionValue arguments. Changed to return 0 when there's a stack
+        overflow rather than using a separate exception argument to cut
+        down on memory accesses in the calling convention.
+        (JSC::Machine::unwindCallFrame): Removed the exec argument when
+        constructing a DebuggerCallFrame. Also removed code to set
+        ExecState::m_callFrame.
+        (JSC::Machine::throwException): Removed the exec argument when
+        construction a DebuggerCallFrame.
+        (JSC::Machine::execute): Updated to use the register instead of
+        ExecState and also removed various uses of ExecState.
+        (JSC::Machine::debug):
+        (JSC::Machine::privateExecute): Put globalData into a local
+        variable so it can be used throughout the interpreter. Changed
+        the VM_CHECK_EXCEPTION to get the exception in globalData instead
+        of through ExecState.
+        (JSC::Machine::retrieveLastCaller): Turn exec into a registers
+        pointer by calling registers() instead of by getting m_callFrame.
+        (JSC::Machine::callFrame): Ditto.
+        Tweaked exception macros. Made new versions for when you know
+        you have an exception. Get at global exception with ARG_globalData.
+        Got rid of the need to pass in the return value type.
+        (JSC::Machine::cti_op_add): Update to use new version of exception
+        macros.
+        (JSC::Machine::cti_op_pre_inc): Ditto.
+        (JSC::Machine::cti_timeout_check): Ditto.
+        (JSC::Machine::cti_op_instanceof): Ditto.
+        (JSC::Machine::cti_op_new_func): Ditto.
+        (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
+        ARG values directly instead of through local variables -- this gets
+        rid of code that just shuffles things around in the stack frame.
+        Also get rid of ExecState and update for the new way exceptions are
+        handled in slideRegisterWindowForCall.
+        (JSC::Machine::cti_vm_compile): Update to make exec out of r since
+        they are both the same thing now.
+        (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
+        (JSC::Machine::cti_op_init_arguments): Ditto.
+        (JSC::Machine::cti_op_resolve): Ditto.
+        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
+        (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
+        (JSC::Machine::cti_op_resolve_func): Ditto.
+        (JSC::Machine::cti_op_put_by_val): Ditto.
+        (JSC::Machine::cti_op_put_by_val_array): Ditto.
+        (JSC::Machine::cti_op_resolve_skip): Ditto.
+        (JSC::Machine::cti_op_resolve_global): Ditto.
+        (JSC::Machine::cti_op_post_inc): Ditto.
+        (JSC::Machine::cti_op_resolve_with_base): Ditto.
+        (JSC::Machine::cti_op_post_dec): Ditto.
+        (JSC::Machine::cti_op_call_eval): Ditto.
+        (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
+        the exception value as the return value so it can be used by
+        op_catch.
+        (JSC::Machine::cti_op_push_scope): Ditto.
+        (JSC::Machine::cti_op_in): Ditto.
+        (JSC::Machine::cti_op_del_by_val): Ditto.
+        (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
+        the exception value as the return value so it can be used by
+        op_catch.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::functionName): Pass globalData.
+        (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
+        new ExecState.
+        * kjs/DebuggerCallFrame.h: Removed ExecState argument from
+        constructor.
+
+        * kjs/ExecState.h: Eliminated all data members and made ExecState
+        inherit privately from Register instead. Also added a typedef to
+        the future name for this class, which is CallFrame. It's just a
+        Register* that knows it's a pointer at a call frame. The new class
+        can't be constructed or copied. Changed all functions to use
+        the this pointer instead of m_callFrame. Changed exception-related
+        functions to access an exception in JSGlobalData. Removed functions
+        used by CTI to pass the return address to the throw machinery --
+        this is now done directly with a global in the global data.
+
+        * kjs/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncToString): Pass globalData instead of exec.
+
+        * kjs/InternalFunction.cpp:
+        (JSC::InternalFunction::name): Take globalData instead of exec.
+        * kjs/InternalFunction.h: Ditto.
+
+        * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
+        * kjs/JSGlobalData.h: Declare two new globals. One for the current
+        exception and another for the return address used by CTI to
+        implement the throw operation.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init): Removed code to set up globalExec,
+        which is now the same thing as globalCallFrame.
+        (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
+        function so we don't have to repeat the logic twice.
+        (JSC::JSGlobalObject::mark): Removed code to mark the exception;
+        the exception is now stored in JSGlobalData and marked there.
+        (JSC::JSGlobalObject::globalExec): Return a pointer to the end
+        of the global call frame.
+        * kjs/JSGlobalObject.h: Removed the globalExec data member.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.
+
+        * kjs/collector.cpp:
+        (JSC::Heap::collect): Mark the global exception.
+
+        * profiler/ProfileGenerator.cpp:
+        (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
+        instead of exec to createCallIdentifier.
+
+        * profiler/Profiler.cpp:
+        (JSC::Profiler::willExecute): Pass globalData instead of exec to
+        createCallIdentifier.
+        (JSC::Profiler::didExecute): Ditto.
+        (JSC::Profiler::createCallIdentifier): Take globalData instead of
+        exec.
+        (JSC::createCallIdentifierFromFunctionImp): Ditto.
+        * profiler/Profiler.h: Change interface to take a JSGlobalData
+        instead of an ExecState.
+
+2008-10-04  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 21369: Add opcode documentation for all undocumented opcodes
+        <https://bugs.webkit.org/show_bug.cgi?id=21369>
+
+        This patch adds opcode documentation for all undocumented opcodes, and
+        it also renames op_init_arguments to op_create_arguments.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_create_arguments):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+
+2008-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - "this" object in methods called on primitives should be wrapper object
+        https://bugs.webkit.org/show_bug.cgi?id=21362
+
+        I changed things so that functions which use "this" do a fast
+        version of toThisObject conversion if needed. Currently we miss
+        the conversion entirely, at least for primitive types. Using
+        TypeInfo and the primitive check, I made the fast case bail out
+        pretty fast.
+        
+        This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
+     
+        Also renamed some opcodes for clarity:
+        
+        init ==> enter
+        init_activation ==> enter_with_activation
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate):
+        (JSC::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_convert_this):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::JSActivation):
+        * kjs/JSActivation.h:
+        (JSC::JSActivation::createStructureID):
+        * kjs/JSCell.h:
+        (JSC::JSValue::needsThisConversion):
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructureID):
+        * kjs/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::createStructureID):
+        * kjs/JSString.h:
+        (JSC::JSString::createStructureID):
+        * kjs/JSValue.h:
+        * kjs/TypeInfo.h:
+        (JSC::TypeInfo::needsThisConversion):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::usesThis):
+
+2008-10-03  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
+        <https://bugs.webkit.org/show_bug.cgi?id=21356>
+
+        The RegisterFile decreases in size (measured in terms of numbers of
+        Registers) as the size of a Register increases. This causes
+
+            js1_5/Regress/regress-159334.js
+
+        to fail in 64-bit debug builds. This fix makes the RegisterFile on all
+        platforms the same size that it is in 32-bit Release builds.
+
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+
+2008-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - Some code cleanup to how we handle code features.
+        
+        1) Rename FeatureInfo typedef to CodeFeatures.
+        2) Rename NodeFeatureInfo template to NodeInfo.
+        3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
+        4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
+        of ClosureFeature.
+        5) Make setUsersArguments() not take an argument since it only goes one way.
+
+        * JavaScriptCore.exp:
+        * VM/CodeBlock.h:
+        (JSC::CodeBlock::CodeBlock):
+        * kjs/NodeInfo.h:
+        * kjs/Parser.cpp:
+        (JSC::Parser::didFinishParsing):
+        * kjs/Parser.h:
+        (JSC::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        (JSC::ProgramNode::ProgramNode):
+        (JSC::ProgramNode::create):
+        (JSC::EvalNode::EvalNode):
+        (JSC::EvalNode::create):
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::create):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::usesEval):
+        (JSC::ScopeNode::containsClosures):
+        (JSC::ScopeNode::usesArguments):
+        (JSC::ScopeNode::setUsesArguments):
+
+2008-10-03  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
+        <https://bugs.webkit.org/show_bug.cgi?id=21343>
+
+        A fix was landed for this issue in r37253, and the ChangeLog assumes
+        that it is a compiler bug, but it turns out that it is a subtle issue
+        with mixing signed and unsigned 32-bit values in a 64-bit environment.
+        In order to properly fix this bug, we should convert our signed offsets
+        into the register file to use ptrdiff_t.
+
+        This may not be the only instance of this issue, but I will land this
+        fix first and look for more later.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::getArgumentsData):
+        * VM/Machine.h:
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::getOwnPropertySlot):
+        * kjs/Arguments.h:
+        (JSC::Arguments::init):
+
+2008-10-03  Darin Adler  <darin@apple.com>
+
+        * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.
+
+        * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
+        declarations of JSGlobalData overloads of jsNumberCell.
+
+2008-10-03  Darin Adler  <darin@apple.com>
+
+        - try to fix Windows build
+
+        * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.
+
+2008-10-03  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
+          Turn ExecState into a call frame pointer.
+
+        Remove m_globalObject and m_globalData from ExecState.
+
+        SunSpider says this is a wash (slightly faster but not statistically
+        significant); which is good enough since it's a preparation step and
+        not supposed to be a spedup.
+
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::JSCallbackFunction):
+        * kjs/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        * kjs/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        * kjs/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        * kjs/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        * kjs/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        * kjs/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        * kjs/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        * kjs/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        * kjs/PrototypeFunction.cpp:
+        (JSC::PrototypeFunction::PrototypeFunction):
+        * kjs/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        * kjs/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        Pass JSGlobalData* instead of ExecState* to the InternalFunction
+        constructor.
+
+        * API/OpaqueJSString.cpp: Added now-needed include.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
+        instead of ARGS_exec.
+
+        * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
+        While it's possible to get to the global data pointer using the
+        ExecState pointer, it's slow enough that it's better to just keep
+        it around in the CTI arguments.
+
+        * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::execute): Pass fewer arguments when constructing
+        ExecState, and pass the global data pointer when invoking CTI.
+        (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
+        object, which is in the scope chain of the first call frame.
+        (JSC::Machine::cti_op_add): Use globalData instead of exec when
+        possible, to keep fast cases fast, since it's now more expensive to
+        get to it through the exec pointer.
+        (JSC::Machine::cti_timeout_check): Ditto.
+        (JSC::Machine::cti_op_put_by_id_second): Ditto.
+        (JSC::Machine::cti_op_get_by_id_second): Ditto.
+        (JSC::Machine::cti_op_mul): Ditto.
+        (JSC::Machine::cti_vm_compile): Ditto.
+        (JSC::Machine::cti_op_get_by_val): Ditto.
+        (JSC::Machine::cti_op_sub): Ditto.
+        (JSC::Machine::cti_op_put_by_val): Ditto.
+        (JSC::Machine::cti_op_put_by_val_array): Ditto.
+        (JSC::Machine::cti_op_negate): Ditto.
+        (JSC::Machine::cti_op_div): Ditto.
+        (JSC::Machine::cti_op_pre_dec): Ditto.
+        (JSC::Machine::cti_op_post_inc): Ditto.
+        (JSC::Machine::cti_op_lshift): Ditto.
+        (JSC::Machine::cti_op_bitand): Ditto.
+        (JSC::Machine::cti_op_rshift): Ditto.
+        (JSC::Machine::cti_op_bitnot): Ditto.
+        (JSC::Machine::cti_op_mod): Ditto.
+        (JSC::Machine::cti_op_post_dec): Ditto.
+        (JSC::Machine::cti_op_urshift): Ditto.
+        (JSC::Machine::cti_op_bitxor): Ditto.
+        (JSC::Machine::cti_op_bitor): Ditto.
+        (JSC::Machine::cti_op_call_eval): Ditto.
+        (JSC::Machine::cti_op_throw): Ditto.
+        (JSC::Machine::cti_op_is_string): Ditto.
+        (JSC::Machine::cti_op_debug): Ditto.
+        (JSC::Machine::cti_vm_throw): Ditto.
+
+        * VM/Machine.h: Added firstCallFrame.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
+        constructing ExecState.
+
+        * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
+        file altogether.
+
+        * kjs/ExecState.h: Removed m_globalObject and m_globalData.
+        Moved CodeType into another header.
+        (JSC::ExecState::ExecState): Take only a single argument, a
+        call frame pointer.
+        (JSC::ExecState::dynamicGlobalObject): Get the object from
+        the first call frame since it's no longer stored.
+        (JSC::ExecState::globalData): Get the global data from the
+        scope chain, since we no longer store a pointer to it here.
+        (JSC::ExecState::identifierTable): Ditto.
+        (JSC::ExecState::propertyNames): Ditto.
+        (JSC::ExecState::emptyList): Ditto.
+        (JSC::ExecState::lexer): Ditto.
+        (JSC::ExecState::parser): Ditto.
+        (JSC::ExecState::machine): Ditto.
+        (JSC::ExecState::arrayTable): Ditto.
+        (JSC::ExecState::dateTable): Ditto.
+        (JSC::ExecState::mathTable): Ditto.
+        (JSC::ExecState::numberTable): Ditto.
+        (JSC::ExecState::regExpTable): Ditto.
+        (JSC::ExecState::regExpConstructorTable): Ditto.
+        (JSC::ExecState::stringTable): Ditto.
+        (JSC::ExecState::heap): Ditto.
+
+        * kjs/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor): Pass
+        JSGlobalData* instead of ExecState* to the InternalFunction
+        constructor.
+        (JSC::constructFunction): Pass the global data pointer when
+        constructing a new scope chain.
+
+        * kjs/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
+        instead of an ExecState*. Later we can change more places to
+        work this way -- it's more efficient to take the type you need
+        since the caller might already have it.
+        * kjs/InternalFunction.h: Ditto.
+
+        * kjs/JSCell.h:
+        (JSC::JSCell::operator new): Added an overload that takes a
+        JSGlobalData* so you can construct without an ExecState*.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init): Moved creation of the global scope
+        chain in here, since it now requires a pointer to the global data.
+        Moved the initialization of the call frame in here since it requires
+        the global scope chain node. Removed the extra argument to ExecState
+        when creating the global ExecState*.
+        * kjs/JSGlobalObject.h: Removed initialization of globalScopeChain
+        and the call frame from the JSGlobalObjectData constructor. Added
+        a thisValue argument to the init function.
+
+        * kjs/JSNumberCell.cpp: Added versions of jsNumberCell that take
+        JSGlobalData* rather than ExecState*.
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::operator new): Added a version that takes
+        JSGlobalData*.
+        (JSC::JSNumberCell::JSNumberCell): Ditto.
+        (JSC::jsNumber): Ditto.
+        * kjs/JSString.cpp:
+        (JSC::jsString): Ditto.
+        (JSC::jsSubstring): Ditto.
+        (JSC::jsOwnedString): Ditto.
+        * kjs/JSString.h:
+        (JSC::JSString::JSString): Changed to take JSGlobalData*.
+        (JSC::jsEmptyString): Added a version that takes JSGlobalData*.
+        (JSC::jsSingleCharacterString): Ditto.
+        (JSC::jsSingleCharacterSubstring): Ditto.
+        (JSC::jsNontrivialString): Ditto.
+        (JSC::JSString::getIndex): Ditto.
+        (JSC::jsString): Ditto.
+        (JSC::jsSubstring): Ditto.
+        (JSC::jsOwnedString): Ditto.
+
+        * kjs/ScopeChain.h: Added a globalData pointer to each node.
+        (JSC::ScopeChainNode::ScopeChainNode): Initialize the globalData
+        pointer.
+        (JSC::ScopeChainNode::push): Set the global data pointer in the
+        new node.
+        (JSC::ScopeChain::ScopeChain): Take a globalData argument.
+
+        * kjs/SmallStrings.cpp:
+        (JSC::SmallStrings::createEmptyString): Take JSGlobalData* instead of
+        ExecState*.
+        (JSC::SmallStrings::createSingleCharacterString): Ditto.
+        * kjs/SmallStrings.h:
+        (JSC::SmallStrings::emptyString): Ditto.
+        (JSC::SmallStrings::singleCharacterString): Ditto.
+
+2008-10-03  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
+        <https://bugs.webkit.org/show_bug.cgi?id=21343>
+
+        Add a workaround for a bug in GCC, which affects GCC 4.0, GCC 4.2, and
+        llvm-gcc 4.2. I put it in an #ifdef because it was a slight regression
+        on SunSpider in 32-bit, although that might be entirely random.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::getOwnPropertySlot):
+
+2008-10-03  Darin Adler  <darin@apple.com>
+
+        Rubber stamped by Alexey Proskuryakov.
+
+        * kjs/Shell.cpp: (main): Don't delete JSGlobalData. Later, we need to change
+        this tool to use public JavaScriptCore API instead.
+
+2008-10-03  Darin Adler  <darin@apple.com>
+
+        Suggested by Alexey Proskuryakov.
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::~JSGlobalData): Remove call to heap.destroy() because
+        it's too late to ref the JSGlobalData object once it's already being
+        destroyed. In practice this is not a problem because WebCore's JSGlobalData
+        is never destroyed and JSGlobalContextRelease takes care of calling
+        heap.destroy() in advance.
+
+2008-10-02  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Replace SSE3 check with an SSE2 check, and implement SSE2 check on windows.
+
+        5.6% win on SunSpider on windows.
+
+        * VM/CTI.cpp:
+        (JSC::isSSE2Present):
+        (JSC::CTI::compileBinaryArithOp):
+        (JSC::CTI::compileBinaryArithOpSlowCase):
+
+2008-10-03  Maciej Stachowiak  <mjs@apple.com>
+
+        Rubber stamped by Cameron Zwarich.
+        
+        - fix mistaken change of | to || which caused a big perf regression on EarleyBoyer
+
+        * kjs/grammar.y:
+
+2008-10-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21321
+          Bug 21321: speed up JavaScriptCore by inlining Heap in JSGlobalData
+
+        1.019x as fast on SunSpider.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript): Use heap. instead of heap-> to work with the heap.
+        (JSCheckScriptSyntax): Ditto.
+        (JSGarbageCollect): Ditto.
+        (JSReportExtraMemoryCost): Ditto.
+        * API/JSContextRef.cpp:
+        (JSGlobalContextRetain): Ditto.
+        (JSGlobalContextRelease): Destroy the heap with the destroy function instead
+        of the delete operator.
+        (JSContextGetGlobalObject): Use heap. instead of heap-> to work with the heap.
+        * API/JSObjectRef.cpp:
+        (JSObjectMake): Use heap. instead of heap-> to work with the heap.
+        (JSObjectMakeFunctionWithCallback): Ditto.
+        (JSObjectMakeConstructor): Ditto.
+        (JSObjectMakeFunction): Ditto.
+        (JSObjectMakeArray): Ditto.
+        (JSObjectMakeDate): Ditto.
+        (JSObjectMakeError): Ditto.
+        (JSObjectMakeRegExp): Ditto.
+        (JSObjectHasProperty): Ditto.
+        (JSObjectGetProperty): Ditto.
+        (JSObjectSetProperty): Ditto.
+        (JSObjectGetPropertyAtIndex): Ditto.
+        (JSObjectSetPropertyAtIndex): Ditto.
+        (JSObjectDeleteProperty): Ditto.
+        (JSObjectCallAsFunction): Ditto.
+        (JSObjectCallAsConstructor): Ditto.
+        (JSObjectCopyPropertyNames): Ditto.
+        (JSPropertyNameAccumulatorAddName): Ditto.
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual): Ditto.
+        (JSValueIsInstanceOfConstructor): Ditto.
+        (JSValueMakeNumber): Ditto.
+        (JSValueMakeString): Ditto.
+        (JSValueToNumber): Ditto.
+        (JSValueToStringCopy): Ditto.
+        (JSValueToObject): Ditto.
+        (JSValueProtect): Ditto.
+        (JSValueUnprotect): Ditto.
+
+        * kjs/ExecState.h:
+        (JSC::ExecState::heap): Update to use the & operator.
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Update to initialize a heap member
+        instead of calling new to make a heap.
+        (JSC::JSGlobalData::~JSGlobalData): Destroy the heap with the destroy
+        function instead of the delete operator.
+        * kjs/JSGlobalData.h: Change from Heap* to a Heap.
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::mark): Use the & operator here.
+        (JSC::JSGlobalObject::operator new): Use heap. instead of heap-> to work
+        with the heap.
+
+2008-10-02  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Bug 21317: Replace RegisterFile size and capacity information with Register pointers
+        <https://bugs.webkit.org/show_bug.cgi?id=21317>
+
+        This is a 2.3% speedup on the V8 DeltaBlue benchmark, a 3.3% speedup on
+        the V8 Raytrace benchmark, and a 1.0% speedup on SunSpider.
+
+        * VM/Machine.cpp:
+        (JSC::slideRegisterWindowForCall):
+        (JSC::Machine::callEval):
+        (JSC::Machine::execute):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/RegisterFile.cpp:
+        (JSC::RegisterFile::~RegisterFile):
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::RegisterFile):
+        (JSC::RegisterFile::start):
+        (JSC::RegisterFile::end):
+        (JSC::RegisterFile::size):
+        (JSC::RegisterFile::shrink):
+        (JSC::RegisterFile::grow):
+        (JSC::RegisterFile::lastGlobal):
+        (JSC::RegisterFile::markGlobals):
+        (JSC::RegisterFile::markCallFrames):
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::copyGlobalsTo):
+
+2008-10-02  Cameron Zwarich  <zwarich@apple.com>
+
+        Rubber-stamped by Darin Adler.
+
+        Change bitwise operations introduced in r37166 to boolean operations. We
+        only use bitwise operations over boolean operations for increasing
+        performance in extremely hot code, but that does not apply to anything
+        in the parser.
+
+        * kjs/grammar.y:
+
+2008-10-02  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Fix for bug #21232 - should reset m_isPendingDash on flush,
+        and should allow '\-' as beginning or end of a range (though
+        not to specifiy a range itself).
+
+        * ChangeLog:
+        * wrec/CharacterClassConstructor.cpp:
+        (JSC::CharacterClassConstructor::put):
+        (JSC::CharacterClassConstructor::flush):
+        * wrec/CharacterClassConstructor.h:
+        (JSC::CharacterClassConstructor::flushBeforeEscapedHyphen):
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generateDisjunction):
+        (JSC::WRECParser::parseCharacterClass):
+        (JSC::WRECParser::parseDisjunction):
+        * wrec/WREC.h:
+
+2008-10-02  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - remove the "static" from declarations in a header file, since we
+          don't want them to have internal linkage
+
+        * VM/Machine.h: Remove the static keyword from the constant and the
+        three inline functions that Geoff just moved here.
+
+2008-10-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21283.
+        Profiler Crashes When Started
+
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        (JSC::makeHostCallFramePointer):
+        (JSC::isHostCallFrame):
+        (JSC::stripHostCallFrameBit): Moved some things to the header so
+        JSGlobalObject could use them.
+
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Call the
+        new makeHostCallFramePointer API, since 0 no longer indicates a host
+        call frame.
+
+2008-10-02  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21304
+        Stop using a static wrapper map for WebCore JS bindings
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        (JSC::JSGlobalData::~JSGlobalData):
+        (JSC::JSGlobalData::ClientData::~ClientData):
+        * kjs/JSGlobalData.h:
+        Added a client data member to JSGlobalData. WebCore will use it to store bindings-related
+        global data.
+
+        * JavaScriptCore.exp: Export virtual ClientData destructor.
+
+2008-10-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+        
+        Try to fix Qt build.
+
+        * kjs/Error.h:
+
+2008-10-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler and Cameron Zwarich.
+
+        Preliminary step toward dynamic recompilation: Standardized and
+        simplified the parsing interface.
+        
+        The main goal in this patch is to make it easy to ask for a duplicate
+        compilation, and get back a duplicate result -- same source URL, same
+        debugger / profiler ID, same toString behavior, etc.
+        
+        The basic unit of compilation and evaluation is now SourceCode, which
+        encompasses a SourceProvider, a range in that provider, and a starting
+        line number.
+
+        A SourceProvider now encompasses a source URL, and *is* a source ID,
+        since a pointer is a unique identifier.
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax): Provide a SourceCode to the Interpreter, since
+        other APIs are no longer supported.
+        
+        * VM/CodeBlock.h:
+        (JSC::EvalCodeCache::get): Provide a SourceCode to the Interpreter, since
+        other APIs are no longer supported.
+        (JSC::CodeBlock::CodeBlock): ASSERT something that used to be ASSERTed
+        by our caller -- this is a better bottleneck.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator): Updated for the fact that
+        FunctionBodyNode's parameters are no longer a WTF::Vector.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::Arguments): ditto
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate): Provide a SourceCode to the Parser,
+        since other APIs are no longer supported.
+
+        * kjs/FunctionConstructor.cpp:
+        (JSC::constructFunction): Provide a SourceCode to the Parser, since
+        other APIs are no longer supported. Adopt FunctionBodyNode's new
+        "finishParsing" API.
+
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::lengthGetter):
+        (JSC::JSFunction::getParameterName): Updated for the fact that
+        FunctionBodyNode's parameters are no longer a wtf::Vector.
+
+        * kjs/JSFunction.h: Nixed some cruft.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncEval): Provide a SourceCode to the Parser, since
+        other APIs are no longer supported. 
+
+        * kjs/Parser.cpp:
+        (JSC::Parser::parse): Require a SourceCode argument, instead of a bunch
+        of broken out parameters. Stop tracking sourceId as an integer, since we
+        use the SourceProvider pointer for this now. Don't clamp the
+        startingLineNumber, since SourceCode does that now.
+
+        * kjs/Parser.h:
+        (JSC::Parser::parse): Standardized the parsing interface to require a
+        SourceCode.
+
+        * kjs/Shell.cpp:
+        (functionRun):
+        (functionLoad):
+        (prettyPrintScript):
+        (runWithScripts):
+        (runInteractive): Provide a SourceCode to the Interpreter, since
+        other APIs are no longer supported.
+
+        * kjs/SourceProvider.h:
+        (JSC::SourceProvider::SourceProvider):
+        (JSC::SourceProvider::url):
+        (JSC::SourceProvider::asId):
+        (JSC::UStringSourceProvider::create):
+        (JSC::UStringSourceProvider::UStringSourceProvider): Added new
+        responsibilities described above.
+
+        * kjs/SourceRange.h:
+        (JSC::SourceCode::SourceCode):
+        (JSC::SourceCode::toString):
+        (JSC::SourceCode::provider):
+        (JSC::SourceCode::firstLine):
+        (JSC::SourceCode::data):
+        (JSC::SourceCode::length): Added new responsibilities described above.
+        Renamed SourceRange to SourceCode, based on review feedback. Added
+        a makeSource function for convenience.
+
+        * kjs/debugger.h: Provide a SourceCode to the client, since other APIs
+        are no longer supported.
+
+        * kjs/grammar.y: Provide startingLineNumber when creating a SourceCode.
+
+        * kjs/debugger.h: Treat sourceId as intptr_t to avoid loss of precision
+        on 64bit platforms.
+
+        * kjs/interpreter.cpp:
+        (JSC::Interpreter::checkSyntax):
+        (JSC::Interpreter::evaluate):
+        * kjs/interpreter.h: Require a SourceCode instead of broken out arguments.
+
+        * kjs/lexer.cpp:
+        (JSC::Lexer::setCode):
+        * kjs/lexer.h:
+        (JSC::Lexer::sourceRange): Fold together the SourceProvider and line number
+        into a SourceCode. Fixed a bug where the Lexer would accidentally keep
+        alive the last SourceProvider forever.
+
+        * kjs/nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        (JSC::ProgramNode::ProgramNode):
+        (JSC::ProgramNode::create):
+        (JSC::EvalNode::EvalNode):
+        (JSC::EvalNode::generateCode):
+        (JSC::EvalNode::create):
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::finishParsing):
+        (JSC::FunctionBodyNode::create):
+        (JSC::FunctionBodyNode::generateCode):
+        (JSC::ProgramNode::generateCode):
+        (JSC::FunctionBodyNode::paramString):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::):
+        (JSC::ScopeNode::sourceId):
+        (JSC::FunctionBodyNode::):
+        (JSC::FunctionBodyNode::parameterCount):
+        (JSC::FuncExprNode::):
+        (JSC::FuncDeclNode::): Store a SourceCode in all ScopeNodes, since
+        SourceCode is now responsible for tracking URL, ID, etc. Streamlined
+        some ad hoc FunctionBodyNode fixups into a "finishParsing" function, to
+        help make clear what you need to do in order to finish parsing a
+        FunctionBodyNode.
+
+        * wtf/Vector.h:
+        (WTF::::releaseBuffer): Don't ASSERT that releaseBuffer() is only called
+        when buffer is not 0, since FunctionBodyNode is more than happy
+        to get back a 0 buffer, and other functions like RefPtr::release() allow
+        for 0, too.
+
+2008-10-01  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21289: REGRESSION (r37160): Inspector crashes on load
+        <https://bugs.webkit.org/show_bug.cgi?id=21289>
+
+        The code in Arguments::mark() in r37160 was wrong. It marks indices in
+        d->registers, but that makes no sense (they are local variables, not
+        arguments). It should mark those indices in d->registerArray instead.
+
+        This patch also changes Arguments::copyRegisters() to use d->numParameters
+        instead of recomputing it.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::mark):
+        * kjs/Arguments.h:
+        (JSC::Arguments::copyRegisters):
+
+2008-09-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21214
+          work on getting rid of ExecState
+
+        Eliminate some unneeded uses of dynamicGlobalObject.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::contextData): Changed to use a map in the global data instead
+        of on the global object. Also fixed to use only a single hash table lookup.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeConstructor): Use lexicalGlobalObject rather than dynamicGlobalObject
+        to get the object prototype.
+
+        * kjs/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncToString): Use arrayVisitedElements set in global data rather
+        than in the global object.
+        (JSC::arrayProtoFuncToLocaleString): Ditto.
+        (JSC::arrayProtoFuncJoin): Ditto.
+
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Don't initialize opaqueJSClassData, since
+        it's no longer a pointer.
+        (JSC::JSGlobalData::~JSGlobalData): We still need to delete all the values, but
+        we don't need to delete the map since it's no longer a pointer.
+
+        * kjs/JSGlobalData.h: Made opaqueJSClassData a map instead of a pointer to a map.
+        Also added arrayVisitedElements.
+
+        * kjs/JSGlobalObject.h: Removed arrayVisitedElements.
+
+        * kjs/Shell.cpp:
+        (functionRun): Use lexicalGlobalObject instead of dynamicGlobalObject.
+        (functionLoad): Ditto.
+
+2008-10-01  Cameron Zwarich  <zwarich@apple.com>
+
+        Not reviewed.
+
+        Speculative Windows build fix.
+
+        * kjs/grammar.y:
+
+2008-10-01  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 21123: using "arguments" in a function should not force creation of an activation object
+        <https://bugs.webkit.org/show_bug.cgi?id=21123>
+
+        Make the 'arguments' object not require a JSActivation. We store the
+        'arguments' object in the OptionalCalleeArguments call frame slot. We
+        need to be able to get the original 'arguments' object to tear it off
+        when returning from a function, but 'arguments' may be assigned to in a
+        number of ways.
+
+        Therefore, we use the OptionalCalleeArguments slot when we want to get
+        the original activation or we know that 'arguments' was not assigned a
+        different value. When 'arguments' may have been assigned a new value,
+        we use a new local variable that is initialized with 'arguments'. Since
+        a function parameter named 'arguments' may overwrite the value of
+        'arguments', we also need to be careful to look up 'arguments' in the
+        symbol table, so we get the parameter named 'arguments' instead of the
+        local variable that we have added for holding the 'arguments' object.
+
+        This is a 19.1% win on the V8 Raytrace benchmark using the SunSpider
+        harness, and a 20.7% win using the V8 harness. This amounts to a 6.5%
+        total speedup on the V8 benchmark suite using the V8 harness.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::cti_op_init_arguments):
+        (JSC::Machine::cti_op_ret_activation_arguments):
+        * VM/Machine.h:
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::):
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::mark):
+        (JSC::Arguments::fillArgList):
+        (JSC::Arguments::getOwnPropertySlot):
+        (JSC::Arguments::put):
+        * kjs/Arguments.h:
+        (JSC::Arguments::setRegisters):
+        (JSC::Arguments::init):
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::copyRegisters):
+        (JSC::JSActivation::copyRegisters):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+        * kjs/grammar.y:
+        * kjs/nodes.h:
+        (JSC::ScopeNode::setUsesArguments):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::orl_mr):
+
+2008-10-01  Kevin McCullough  <kmccullough@apple.com>
+
+        Rubberstamped by Geoff Garen.
+
+        Remove BreakpointCheckStatement because it's not used anymore.
+        No effect on sunspider or the jsc tests.
+
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+
+2008-09-30  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Improve performance of CTI on windows.
+
+        Currently on platforms where the compiler doesn't allow us to safely
+        index relative to the address of a parameter we need to actually
+        provide a pointer to CTI runtime call arguments.  This patch improves
+        performance in this case by making the CTI logic for restoring this
+        parameter much less conservative by only resetting it before we actually
+        make a call, rather than between each and every SF bytecode we generate
+        code for.
+
+        This results in a 3.6% progression on the v8 benchmark when compiled with MSVC.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCall):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        * VM/CTI.h:
+        * masm/X86Assembler.h:
+        * wtf/Platform.h:
+
+2008-09-30  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        - track uses of "this", "with" and "catch" in the parser
+        
+        Knowing this up front will be useful for future optimizations.
+        
+        Perf and correctness remain the same.
+        
+        * kjs/NodeInfo.h:
+        * kjs/grammar.y:
+
+2008-09-30  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Add WebKitAvailability macros for JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError,
+        and JSObjectMakeRegExp
+
+        * API/JSObjectRef.h:
+
+2008-09-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21214
+          work on getting rid of ExecState
+
+        Replaced the m_prev field of ExecState with a bit in the
+        call frame pointer to indicate "host" call frames.
+
+        * VM/Machine.cpp:
+        (JSC::makeHostCallFramePointer): Added. Sets low bit.
+        (JSC::isHostCallFrame): Added. Checks low bit.
+        (JSC::stripHostCallFrameBit): Added. Clears low bit.
+        (JSC::Machine::unwindCallFrame): Replaced null check that was
+        formerly used to detect host call frames with an isHostCallFrame check.
+        (JSC::Machine::execute): Pass in a host call frame pointer rather than
+        always passing 0 when starting execution from the host. This allows us
+        to follow the entire call frame pointer chain when desired, or to stop
+        at the host calls when that's desired.
+        (JSC::Machine::privateExecute): Replaced null check that was
+        formerly used to detect host call frames with an isHostCallFrame check.
+        (JSC::Machine::retrieveCaller): Ditto.
+        (JSC::Machine::retrieveLastCaller): Ditto.
+        (JSC::Machine::callFrame): Removed the code to walk up m_prev pointers
+        and replaced it with code that uses the caller pointer and uses the
+        stripHostCallFrameBit function.
+
+        * kjs/ExecState.cpp: Removed m_prev.
+        * kjs/ExecState.h: Ditto.
+
+2008-09-30  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Move all detection of 'arguments' in a lexical scope to the parser, in
+        preparation for fixing
+
+        Bug 21123: using "arguments" in a function should not force creation of an activation object
+        <https://bugs.webkit.org/show_bug.cgi?id=21123>
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        * kjs/NodeInfo.h:
+        * kjs/grammar.y:
+
+2008-09-30  Geoffrey Garen  <ggaren@apple.com>
+
+        Not reviewed.
+
+        * kjs/Shell.cpp:
+        (runWithScripts): Fixed indentation.
+
+2008-09-30  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Sam Weinig.
+
+        Build fix.  Move InternalFunction::classInfo implementation into the .cpp
+        file to prevent the vtable for InternalFunction being generated as a weak symbol.
+        Has no effect on SunSpider.
+
+        * kjs/InternalFunction.cpp:
+        (JSC::InternalFunction::classInfo):
+        * kjs/InternalFunction.h:
+
+2008-09-29  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        - optimize appending a number to a string
+        https://bugs.webkit.org/show_bug.cgi?id=21203
+        
+        It's pretty common in real-world code (and on some of the v8
+        benchmarks) to append a number to a string, so I made this one of
+        the fast cases, and also added support to UString to do it
+        directly without allocating a temporary UString.
+        
+        ~1% speedup on v8 benchmark.
+
+        * VM/Machine.cpp:
+        (JSC::jsAddSlowCase): Make this NEVER_INLINE because somehow otherwise
+        the change is a regression.
+        (JSC::jsAdd): Handle number + string special case.
+        (JSC::Machine::cti_op_add): Integrate much of the logic of jsAdd to
+        avoid exception check in the str + str, num + num and str + num cases.
+        * kjs/ustring.cpp:
+        (JSC::expandedSize): Make this a non-member function, since it needs to be 
+        called in non-member functions but not outside this file.
+        (JSC::expandCapacity): Ditto.
+        (JSC::UString::expandCapacity): Call the non-member version. 
+        (JSC::createRep): Helper to make a rep from a char*.
+        (JSC::UString::UString): Use above helper.
+        (JSC::concatenate): Guts of concatenating constructor for cases where first
+        item is a UString::Rep, and second is a UChar* and length, or a char*.
+        (JSC::UString::append): Implement for cases where first item is a UString::Rep,
+        and second is an int or double. Sadly duplicates logic of UString::from(int)
+        and UString::from(double).
+        * kjs/ustring.h:
+
+2008-09-29  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21214
+          work on getting rid of ExecState
+
+        * JavaScriptCore.exp: Updated since JSGlobalObject::init
+        no longer takes a parameter.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::execute): Removed m_registerFile argument
+        for ExecState constructors.
+
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluate): Removed globalThisValue
+        argument for ExecState constructor.
+
+        * kjs/ExecState.cpp:
+        (JSC::ExecState::ExecState): Removed globalThisValue and
+        registerFile arguments to constructors.
+
+        * kjs/ExecState.h: Removed m_globalThisValue and
+        m_registerFile data members.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init): Removed globalThisValue
+        argument for ExecState constructor.
+
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::JSGlobalObject): Got rid of parameter
+        for the init function.
+
+2008-09-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Rubber-stamped by Cameron Zwarich.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21225
+        Machine::retrieveLastCaller should check for a NULL codeBlock
+        
+        In order to crash, you would need to call retrieveCaller in a situation
+        where you had two host call frames in a row in the register file. I
+        don't know how to make that happen, or if it's even possible, so I don't
+        have a test case -- but better safe than sorry!
+
+        * VM/Machine.cpp:
+        (JSC::Machine::retrieveLastCaller):
+
+2008-09-29  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Store the callee ScopeChain, not the caller ScopeChain, in the call frame
+        header. Nix the "scopeChain" local variable and ExecState::m_scopeChain, and
+        access the callee ScopeChain through the call frame header instead.
+
+        Profit: call + return are simpler, because they don't have to update the
+        "scopeChain" local variable, or ExecState::m_scopeChain.
+        
+        Because CTI keeps "r" in a register, reading the callee ScopeChain relative
+        to "r" can be very fast, in any cases we care to optimize.
+
+        0% speedup on empty function call benchmark. (5.5% speedup in bytecode.)
+        0% speedup on SunSpider. (7.5% speedup on controlflow-recursive.)
+        2% speedup on SunSpider --v8.
+        2% speedup on v8 benchmark.
+
+        * VM/CTI.cpp: Changed scope chain access to read the scope chain from
+        the call frame header. Sped up op_ret by changing it not to fuss with
+        the "scopeChain" local variable or ExecState::m_scopeChain.
+
+        * VM/CTI.h: Updated CTI trampolines not to take a ScopeChainNode*
+        argument, since that's stored in the call frame header now.
+
+        * VM/Machine.cpp: Access "scopeChain" and "codeBlock" through new helper
+        functions that read from the call frame header. Updated functions operating
+        on ExecState::m_callFrame to account for / take advantage of the fact that
+        Exec:m_callFrame is now never NULL.
+        
+        Fixed a bug in op_construct, where it would use the caller's default
+        object prototype, rather than the callee's, when constructing a new object.
+
+        * VM/Machine.h: Made some helper functions available. Removed
+        ScopeChainNode* arguments to a lot of functions, since the ScopeChainNode*
+        is now stored in the call frame header.
+
+        * VM/RegisterFile.h: Renamed "CallerScopeChain" to "ScopeChain", since
+        that's what it is now.
+
+        * kjs/DebuggerCallFrame.cpp: Updated for change to ExecState signature.
+
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h: Nixed ExecState::m_callFrame, along with the unused
+        isGlobalObject function.
+
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h: Gave the global object a fake call frame in
+        which to store the global scope chain, since our code now assumes that
+        it can always read the scope chain out of the ExecState's call frame.
+
+2008-09-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam Weinig.
+
+        Remove the isActivationObject() virtual method on JSObject and use
+        StructureID information instead. This should be slightly faster, but
+        isActivationObject() is only used in assertions and unwinding the stack
+        for exceptions.
+
+        * VM/Machine.cpp:
+        (JSC::depth):
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_ret_activation):
+        * kjs/JSActivation.cpp:
+        * kjs/JSActivation.h:
+        * kjs/JSObject.h:
+
+2008-09-29  Peter Gal  <galpeter@inf.u-szeged.hu>
+
+        Reviewed and tweaked by Darin Adler.
+
+        Fix build for non-all-in-one platforms.
+
+        * kjs/StringPrototype.cpp: Added missing ASCIICType.h include.
+
+2008-09-29  Bradley T. Hughes  <bradley.hughes@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Fix compilation with icpc
+
+        * wtf/HashSet.h:
+        (WTF::::find):
+        (WTF::::contains):
+
+2008-09-29  Thiago Macieira  <thiago.macieira@nokia.com>
+
+        Reviewed by Simon Hausmann.
+
+        Changed copyright from Trolltech ASA to Nokia.
+        
+        Nokia acquired Trolltech ASA, assets were transferred on September 26th 2008.
+        
+
+        * wtf/qt/MainThreadQt.cpp:
+
+2008-09-29  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by Lars Knoll.
+
+        Don't accidentially install libJavaScriptCore.a for the build inside
+        Qt.
+
+        * JavaScriptCore.pro:
+
+2008-09-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 21200: Allow direct access to 'arguments' without using op_resolve
+        <https://bugs.webkit.org/show_bug.cgi?id=21200>
+
+        Allow fast access to the 'arguments' object by adding an extra slot to
+        the callframe to store it.
+
+        This is a 3.0% speedup on the V8 Raytrace benchmark.
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::registerFor):
+        * VM/CodeGenerator.h:
+        (JSC::CodeGenerator::registerFor):
+        * VM/Machine.cpp:
+        (JSC::Machine::initializeCallFrame):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_create_arguments):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::mark):
+        (JSC::JSActivation::argumentsGetter):
+        * kjs/JSActivation.h:
+        (JSC::JSActivation::JSActivationData::JSActivationData):
+        * kjs/NodeInfo.h:
+        * kjs/Parser.cpp:
+        (JSC::Parser::didFinishParsing):
+        * kjs/Parser.h:
+        (JSC::Parser::parse):
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (JSC::ScopeNode::ScopeNode):
+        (JSC::ProgramNode::ProgramNode):
+        (JSC::ProgramNode::create):
+        (JSC::EvalNode::EvalNode):
+        (JSC::EvalNode::create):
+        (JSC::FunctionBodyNode::FunctionBodyNode):
+        (JSC::FunctionBodyNode::create):
+        * kjs/nodes.h:
+        (JSC::ScopeNode::usesArguments):
+
+2008-09-28  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Add an ASCII fast-path to toLowerCase and toUpperCase.
+
+        The fast path speeds up the common case of an ASCII-only string by up to 60% while adding a less than 5% penalty
+        to the less common non-ASCII case.
+
+        This also removes stringProtoFuncToLocaleLowerCase and stringProtoFuncToLocaleUpperCase, which were identical
+        to the non-locale variants of the functions.  toLocaleLowerCase and toLocaleUpperCase now use the non-locale
+        variants of the functions directly.
+
+        * kjs/StringPrototype.cpp:
+        (JSC::stringProtoFuncToLowerCase):
+        (JSC::stringProtoFuncToUpperCase):
+
+2008-09-28  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Speed up parseInt and parseFloat.
+
+        Repeatedly indexing into a UString is slow, so retrieve a pointer into the underlying buffer once up front
+        and use that instead.  This is a 7% win on a parseInt/parseFloat micro-benchmark.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::parseInt):
+        (JSC::parseFloat):
+
+2008-09-28  Simon Hausmann  <hausmann@webkit.org>
+
+        Reviewed by David Hyatt.
+
+        In Qt's initializeThreading re-use an existing thread identifier for the main
+        thread if it exists.
+
+        currentThread() implicitly creates new identifiers and it could be that
+        it is called before initializeThreading().
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::initializeThreading):
+
+2008-09-27  Keishi Hattori  <casey.hattori@gmail.com>
+
+        Added Machine::retrieveCaller to the export list.
+
+        Reviewed by Kevin McCullough and Tim Hatcher.
+
+        * JavaScriptCore.exp: Added Machine::retrieveCaller.
+
+2008-09-27  Anders Carlsson  <andersca@apple.com>
+
+        Fix build.
+
+        * VM/CTI.cpp:
+        (JSC::):
+
+2008-09-27  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        https://bugs.webkit.org/show_bug.cgi?id=21175
+
+        Store the callee CodeBlock, not the caller CodeBlock, in the call frame
+        header. Nix the "codeBlock" local variable, and access the callee
+        CodeBlock through the call frame header instead.
+        
+        Profit: call + return are simpler, because they don't have to update the
+        "codeBlock" local variable.
+        
+        Because CTI keeps "r" in a register, reading the callee CodeBlock relative
+        to "r" can be very fast, in any cases we care to optimize. Presently,
+        no such cases seem important.
+        
+        Also, stop writing "dst" to the call frame header. CTI doesn't use it.
+        
+        21.6% speedup on empty function call benchmark.
+        3.8% speedup on SunSpider --v8.
+        2.1% speedup on v8 benchmark.
+        0.7% speedup on SunSpider (6% speedup on controlflow-recursive).
+        
+        Small regression in bytecode, because currently every op_ret reads the
+        callee CodeBlock to check needsFullScopeChain, and bytecode does not
+        keep "r" in a register. On-balance, this is probably OK, since CTI is
+        our high-performance execution model. Also, this should go away once
+        we make needsFullScopeChain statically determinable at parse time.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall): The speedup!
+        (JSC::CTI::privateCompileSlowCases): ditto
+
+        * VM/CTI.h:
+        (JSC::): Fixed up magic trampoline constants to account for the nixed
+        "codeBlock" argument.
+        (JSC::CTI::execute): Changed trampoline function not to take a "codeBlock"
+        argument, since codeBlock is now stored in the call frame header.
+        
+        * VM/Machine.cpp: Read the callee CodeBlock from the register file. Use
+        a NULL CallerRegisters in the call frame header to signal a built-in
+        caller, since CodeBlock is now never NULL.
+
+        * VM/Machine.h: Made some stand-alone functions Machine member functions
+        so they could call the private codeBlock() accessor in the Register
+        class, of which Machine is a friend. Renamed "CallerCodeBlock" to
+        "CodeBlock", since it's no longer the caller's CodeBlock.
+
+        * VM/RegisterFile.h: Marked some methods const to accommodate a 
+        const RegisterFile* being passed around in Machine.cpp.
+
+2008-09-26  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix. Not reviewed.
+
+        Narrow-down the target of the JavaScriptCore .lut.h generator so
+        it won't try to create the WebCore .lut.hs.
+
+        * GNUmakefile.am:
+
+2008-09-26  Matt Lilek  <webkit@mattlilek.com>
+
+        Reviewed by Tim Hatcher.
+
+        Update FEATURE_DEFINES after ENABLE_CROSS_DOCUMENT_MESSAGING was removed.
+
+        * Configurations/JavaScriptCore.xcconfig:
+
+2008-09-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Anders Carlson.
+
+        Change the name 'sc' to 'scopeChainNode' in a few places.
+
+        * kjs/nodes.cpp:
+        (JSC::EvalNode::generateCode):
+        (JSC::FunctionBodyNode::generateCode):
+        (JSC::ProgramNode::generateCode):
+
+2008-09-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=21152
+        Speedup static property get/put
+
+        Convert getting/setting static property values to use static functions
+        instead of storing an integer and switching in getValueProperty/putValueProperty.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::deleteProperty):
+        (JSC::JSObject::getPropertyAttributes):
+        * kjs/MathObject.cpp:
+        (JSC::MathObject::getOwnPropertySlot):
+        * kjs/NumberConstructor.cpp:
+        (JSC::numberConstructorNaNValue):
+        (JSC::numberConstructorNegInfinity):
+        (JSC::numberConstructorPosInfinity):
+        (JSC::numberConstructorMaxValue):
+        (JSC::numberConstructorMinValue):
+        * kjs/PropertySlot.h:
+        (JSC::PropertySlot::):
+        * kjs/RegExpConstructor.cpp:
+        (JSC::regExpConstructorDollar1):
+        (JSC::regExpConstructorDollar2):
+        (JSC::regExpConstructorDollar3):
+        (JSC::regExpConstructorDollar4):
+        (JSC::regExpConstructorDollar5):
+        (JSC::regExpConstructorDollar6):
+        (JSC::regExpConstructorDollar7):
+        (JSC::regExpConstructorDollar8):
+        (JSC::regExpConstructorDollar9):
+        (JSC::regExpConstructorInput):
+        (JSC::regExpConstructorMultiline):
+        (JSC::regExpConstructorLastMatch):
+        (JSC::regExpConstructorLastParen):
+        (JSC::regExpConstructorLeftContext):
+        (JSC::regExpConstructorRightContext):
+        (JSC::setRegExpConstructorInput):
+        (JSC::setRegExpConstructorMultiline):
+        (JSC::RegExpConstructor::setInput):
+        (JSC::RegExpConstructor::setMultiline):
+        (JSC::RegExpConstructor::multiline):
+        * kjs/RegExpConstructor.h:
+        * kjs/RegExpObject.cpp:
+        (JSC::regExpObjectGlobal):
+        (JSC::regExpObjectIgnoreCase):
+        (JSC::regExpObjectMultiline):
+        (JSC::regExpObjectSource):
+        (JSC::regExpObjectLastIndex):
+        (JSC::setRegExpObjectLastIndex):
+        * kjs/RegExpObject.h:
+        (JSC::RegExpObject::setLastIndex):
+        (JSC::RegExpObject::lastIndex):
+        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames):
+        * kjs/create_hash_table:
+        * kjs/lexer.cpp:
+        (JSC::Lexer::lex):
+        * kjs/lookup.cpp:
+        (JSC::HashTable::createTable):
+        (JSC::HashTable::deleteTable):
+        (JSC::setUpStaticFunctionSlot):
+        * kjs/lookup.h:
+        (JSC::HashEntry::initialize):
+        (JSC::HashEntry::setKey):
+        (JSC::HashEntry::key):
+        (JSC::HashEntry::attributes):
+        (JSC::HashEntry::function):
+        (JSC::HashEntry::functionLength):
+        (JSC::HashEntry::propertyGetter):
+        (JSC::HashEntry::propertyPutter):
+        (JSC::HashEntry::lexerValue):
+        (JSC::HashEntry::):
+        (JSC::HashTable::entry):
+        (JSC::getStaticPropertySlot):
+        (JSC::getStaticValueSlot):
+        (JSC::lookupPut):
+
+2008-09-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak & Oliver Hunt.
+
+        Add support for reusing temporary JSNumberCells.  This change is based on the observation
+        that if the result of certain operations is a JSNumberCell and is consumed by a subsequent
+        operation that would produce a JSNumberCell, we can reuse the object rather than allocating
+        a fresh one.  E.g. given the expression ((a * b) * c), we can statically determine that
+        (a * b) will have a numeric result (or else it will have thrown an exception), so the result
+        will either be a JSNumberCell or a JSImmediate.
+
+        This patch changes three areas of JSC:
+            * The AST now tracks type information about the result of each node.
+            * This information is consumed in bytecode compilation, and certain bytecode operations
+              now carry the statically determined type information about their operands.
+            * CTI uses the information in a number of fashions:
+                * Where an operand to certain arithmetic operations is reusable, it will plant code
+                  to try to perform the operation in JIT code & reuse the cell, where appropriate.
+                * Where it can be statically determined that an operand can only be numeric (typically
+                  the result of another arithmetic operation) the code will not redundantly check that
+                  the JSCell is a JSNumberCell.
+                * Where either of the operands to an add are non-numeric do not plant an optimized
+                  arithmetic code path, just call straight out to the C function.
+
+        +6% Sunspider (10% progression on 3D, 16% progression on math, 60% progression on access-nbody),
+        +1% v8-tests (improvements in raytrace & crypto)
+
+        * VM/CTI.cpp: Add optimized code generation with reuse of temporary JSNumberCells.
+        * VM/CTI.h:
+        * kjs/JSNumberCell.h:
+        * masm/X86Assembler.h:
+
+        * VM/CodeBlock.cpp: Add type information to specific bytecodes.
+        * VM/CodeGenerator.cpp:
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+
+        * kjs/nodes.cpp: Track static type information for nodes.
+        * kjs/nodes.h:
+        * kjs/ResultDescriptor.h: (Added)
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-09-26  Yichao Yin  <yichao.yin@torchmobile.com.cn>
+
+        Reviewed by George Staikos, Maciej Stachowiak.
+
+        Add utility functions needed for upcoming WML code.
+
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIPrintable):
+
+2008-09-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Reverted the part of r36614 that used static data because static data
+        is not thread-safe.
+
+2008-09-26  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Removed dynamic check for whether the callee needs an activation object.
+        Replaced with callee code to create the activation object.
+
+        0.5% speedup on SunSpider.
+        No change on v8 benchmark. (Might be a speedup, but it's in range of the
+        variance.)
+
+        0.7% speedup on v8 benchmark in bytecode.
+        1.3% speedup on empty call benchmark in bytecode.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass): Added support for op_init_activation,
+        the new opcode that specifies that the callee's initialization should
+        create an activation object.
+        (JSC::CTI::privateCompile): Removed previous code that did a similar
+        thing in an ad-hoc way.
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Added a case for dumping op_init_activation.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::generate): Added fixup code to change op_init to
+        op_init_activation if necessary. (With a better parser, we would know
+        which to use from the beginning.)
+
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+        (WTF::): Faster traits for the instruction vector. An earlier version
+        of this patch relied on inserting at the beginning of the vector, and
+        depended on this change for speed.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::execute): Removed clients of setScopeChain, the old
+        abstraction for dynamically checking for whether an activation object
+        needed to be created.
+        (JSC::Machine::privateExecute): ditto
+
+        (JSC::Machine::cti_op_push_activation): Renamed this function from
+        cti_vm_updateScopeChain, and made it faster by removing the call to 
+        setScopeChain.
+        * VM/Machine.h:
+
+        * VM/Opcode.h: Declared op_init_activation.
+
+2008-09-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Move most of the return code back into the callee, now that the callee
+        doesn't have to calculate anything dynamically.
+        
+        11.5% speedup on empty function call benchmark.
+        
+        SunSpider says 0.3% faster. SunSpider --v8 says no change.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+
+2008-09-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove staticFunctionGetter.  There is only one remaining user of
+        staticFunctionGetter and it can be converted to use setUpStaticFunctionSlot.
+
+        * JavaScriptCore.exp:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+
+2008-09-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - inline JIT fast case of op_neq
+        - remove extra level of function call indirection from slow cases of eq and neq
+        
+        1% speedup on Richards
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_eq):
+        (JSC::Machine::cti_op_neq):
+        * kjs/operations.cpp:
+        (JSC::equal):
+        (JSC::equalSlowCase):
+        * kjs/operations.h:
+        (JSC::equalSlowCaseInline):
+
+2008-09-24  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
+        <rdar://problem/6243534>
+        Crash below Function.apply when using a runtime array as the argument list
+
+        Test: plugins/bindings-array-apply-crash.html
+
+        * kjs/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from 
+        JSArray (via ClassInfo) but is not a JSArray.
+
+2008-09-24  Kevin McCullough  <kmccullough@apple.com>
+
+        Style change.
+
+        * kjs/nodes.cpp:
+        (JSC::statementListEmitCode):
+
+2008-09-24  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+        Bug 21031: Breakpoints in the condition of loops only breaks the first
+        time
+        - Now when setting breakpoints in the condition of a loop (for, while,
+        for in, and do while) will successfully break each time throught the
+        loop.
+        - For 'for' loops we need a little more complicated behavior that cannot
+        be accomplished without some more significant changes:
+        https://bugs.webkit.org/show_bug.cgi?id=21073
+
+        * kjs/nodes.cpp:
+        (JSC::statementListEmitCode): We don't want to blindly emit a debug hook
+        at the first line of loops, instead let the loop emit the debug hooks.
+        (JSC::DoWhileNode::emitCode):
+        (JSC::WhileNode::emitCode):
+        (JSC::ForNode::emitCode):
+        (JSC::ForInNode::emitCode):
+        * kjs/nodes.h:
+        (JSC::StatementNode::):
+        (JSC::DoWhileNode::):
+        (JSC::WhileNode::):
+        (JSC::ForInNode::):
+
+2008-09-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Fixed <rdar://problem/5605532> Need a SPI for telling JS the size of
+        the objects it retains
+
+        * API/tests/testapi.c: Test the new SPI a little.
+
+        * API/JSSPI.cpp: Add the new SPI.
+        * API/JSSPI.h: Add the new SPI.
+        * JavaScriptCore.exp: Add the new SPI.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Add the new SPI.
+
+2008-09-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        * API/JSBase.h: Filled in some missing function names.
+
+2008-09-24  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21057
+        Crash in RegisterID::deref() running fast/canvas/canvas-putImageData.html
+
+        * VM/CodeGenerator.h: Changed declaration order to ensure the
+        m_lastConstant, which is a RefPtr that points into m_calleeRegisters,
+        has its destructor called before the destructor for m_calleeRegisters.
+
+2008-09-24  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21047
+          speed up ret_activation with inlining
+
+        About 1% on v8-raytrace.
+
+        * JavaScriptCore.exp: Removed JSVariableObject::setRegisters.
+
+        * kjs/JSActivation.cpp: Moved copyRegisters to the header to make it inline.
+        * kjs/JSActivation.h:
+        (JSC::JSActivation::copyRegisters): Moved here. Also removed the registerArraySize
+        argument to setRegisters, since the object doesn't need to store the number of
+        registers.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset): Removed unnecessary clearing left over from when we
+        used this on objects that weren't brand new. These days, this function is really
+        just part of the constructor.
+
+        * kjs/JSGlobalObject.h: Added registerArraySize to JSGlobalObjectData, since
+        JSVariableObjectData no longer needs it. Added a setRegisters override here
+        that handles storing the size.
+
+        * kjs/JSStaticScopeObject.h: Removed code to set registerArraySize, since it
+        no longer exists.
+
+        * kjs/JSVariableObject.cpp: Moved copyRegisterArray and setRegisters to the
+        header to make them inline.
+        * kjs/JSVariableObject.h: Removed registerArraySize from JSVariableObjectData,
+        since it was only used for the global object.
+        (JSC::JSVariableObject::copyRegisterArray): Moved here ot make it inline.
+        (JSC::JSVariableObject::setRegisters): Moved here to make it inline. Also
+        removed the code to set registerArraySize and changed an if statement into
+        an assert to save an unnnecessary branch.
+
+2008-09-24  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        - inline PropertyMap::getOffset to speed up polymorphic lookups
+        
+        ~1.5% speedup on v8 benchmark
+        no effect on SunSpider
+
+        * JavaScriptCore.exp:
+        * kjs/PropertyMap.cpp:
+        * kjs/PropertyMap.h:
+        (JSC::PropertyMap::getOffset):
+
+2008-09-24  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Alp Toker.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20992
+        Build fails on GTK+ Mac OS
+
+        * wtf/ThreadingGtk.cpp: Remove platform ifdef as suggested by
+          Richard Hult.
+        (WTF::initializeThreading):
+
+2008-09-23  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 19968: Slow Script at www.huffingtonpost.com
+        <https://bugs.webkit.org/show_bug.cgi?id=19968>
+
+        Finally found the cause of this accursed issue.  It is triggered
+        by synchronous creation of a new global object from JS.  The new
+        global object resets the timer state in this execution group's
+        Machine, taking timerCheckCount to 0.  Then when JS returns the
+        timerCheckCount is decremented making it non-zero.  The next time
+        we execute JS we will start the timeout counter, however the non-zero
+        timeoutCheckCount means we don't reset the timer information. This
+        means that the timeout check is now checking the cumulative time
+        since the creation of the global object rather than the time since
+        JS was last entered.  At this point the slow script dialog is guaranteed
+        to eventually be displayed incorrectly unless a page is loaded
+        asynchronously (which will reset everything into a sane state).
+
+        The fix for this is rather trivial -- the JSGlobalObject constructor
+        should not be resetting the machine timer state.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine):
+          Now that we can't rely on the GlobalObject initialising the timeout
+          state, we do it in the Machine constructor.
+
+        * VM/Machine.h:
+        (JSC::Machine::stopTimeoutCheck):
+          Add assertions to guard against this happening.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+          Don't reset the timeout state.
+
+2008-09-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
+        Uncaught exceptions in regex replace callbacks crash webkit
+        
+        This was a combination of two problems:
+        
+        (1) the replace function would continue execution after an exception
+        had been thrown.
+        
+        (2) In some cases, the Machine would return 0 in the case of an exception,
+        despite the fact that a few clients dereference the Machine's return
+        value without first checking for an exception.
+        
+        * VM/Machine.cpp:
+        (JSC::Machine::execute):
+        
+        ^ Return jsNull() instead of 0 in the case of an exception, since some
+        clients depend on using our return value.
+        
+        ^ ASSERT that execution does not continue after an exception has been
+        thrown, to help catch problems like this in the future.
+
+        * kjs/StringPrototype.cpp:
+        (JSC::stringProtoFuncReplace):
+        
+        ^ Stop execution if an exception has been thrown.
+
+2008-09-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Try to fix the windows build.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+
+2008-09-23  Alp Toker  <alp@nuanti.com>
+
+        Build fix.
+
+        * VM/CTI.h:
+
+2008-09-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        * wtf/Platform.h: Removed duplicate #if.
+
+2008-09-23  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Changed the layout of the call frame from
+        
+        { header, parameters, locals | constants, temporaries }
+        
+        to
+        
+        { parameters, header | locals, constants, temporaries }
+        
+        This simplifies function entry+exit, and enables a number of future
+        optimizations.
+        
+        13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
+        empty call benchmark for CTI.
+        
+        SunSpider says no change. SunSpider --v8 says 1% faster.
+
+        * VM/CTI.cpp:
+        
+        Added a bit of abstraction for calculating whether a register is a
+        constant, since this patch changes that calculation:
+        (JSC::CTI::isConstant):
+        (JSC::CTI::getConstant):
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::getConstantImmediateNumericArg):
+
+        Updated for changes to callframe header location:
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::printOpcodeOperandTypes):
+        
+        Renamed to spite Oliver:
+        (JSC::CTI::emitInitRegister):
+        
+        Added an abstraction for emitting a call through a register, so that
+        calls through registers generate exception info, too:
+        (JSC::CTI::emitCall):
+
+        Updated to match the new callframe header layout, and to support calls
+        through registers, which have no destination address:
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+
+        * VM/CTI.h:
+
+        More of the above:
+        (JSC::CallRecord::CallRecord):
+
+        * VM/CodeBlock.cpp:
+
+        Updated for new register layout:
+        (JSC::registerName):
+        (JSC::CodeBlock::dump):
+
+        * VM/CodeBlock.h:
+        
+        Updated CodeBlock to track slightly different information about the
+        register frame, and tweaked the style of an ASSERT_NOT_REACHED.
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::getStubInfo):
+
+        * VM/CodeGenerator.cpp:
+        
+        Added some abstraction around constant register allocation, since this
+        patch changes it, changed codegen to account for the new callframe
+        layout, and added abstraction around register fetching code
+        that used to assume that all local registers lived at negative indices,
+        since vars now live at positive indices:
+        (JSC::CodeGenerator::generate):
+        (JSC::CodeGenerator::addVar):
+        (JSC::CodeGenerator::addGlobalVar):
+        (JSC::CodeGenerator::allocateConstants):
+        (JSC::CodeGenerator::CodeGenerator):
+        (JSC::CodeGenerator::addParameter):
+        (JSC::CodeGenerator::registerFor):
+        (JSC::CodeGenerator::constRegisterFor):
+        (JSC::CodeGenerator::newRegister):
+        (JSC::CodeGenerator::newTemporary):
+        (JSC::CodeGenerator::highestUsedRegister):
+        (JSC::CodeGenerator::addConstant):
+        
+        ASSERT that our caller referenced the registers it passed to us.
+        Otherwise, we might overwrite them with parameters:
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct):
+
+        * VM/CodeGenerator.h:
+        
+        Added some abstraction for getting a RegisterID for a given index,
+        since the rules are a little weird:
+        (JSC::CodeGenerator::registerFor):
+
+        * VM/Machine.cpp:
+
+        Utility function to transform a machine return PC to a virtual machine
+        return VPC, for the sake of stack unwinding, since both PCs are stored
+        in the same location now:
+        (JSC::vPCForPC):
+
+        Tweaked to account for new call frame:
+        (JSC::Machine::initializeCallFrame):
+        
+        Tweaked to account for registerOffset supplied by caller:
+        (JSC::slideRegisterWindowForCall):
+
+        Tweaked to account for new register layout:
+        (JSC::scopeChainForCall):
+        (JSC::Machine::callEval):
+        (JSC::Machine::dumpRegisters):
+        (JSC::Machine::unwindCallFrame):
+        (JSC::Machine::execute):
+
+        Changed op_call and op_construct to implement the new calling convention:
+        (JSC::Machine::privateExecute):
+
+        Tweaked to account for the new register layout:
+        (JSC::Machine::retrieveArguments):
+        (JSC::Machine::retrieveCaller):
+        (JSC::Machine::retrieveLastCaller):
+        (JSC::Machine::callFrame):
+        (JSC::Machine::getArgumentsData):
+
+        Changed CTI call helpers to implement the new calling convention:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+        (JSC::Machine::cti_op_ret_activation):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+        (JSC::Machine::cti_op_call_eval):
+
+        * VM/Machine.h:
+
+        * VM/Opcode.h:
+        
+        Renamed op_initialise_locals to op_init, because this opcode
+        doesn't initialize all locals, and it doesn't initialize only locals.
+        Also, to spite Oliver.
+        
+        * VM/RegisterFile.h:
+        
+        New call frame enumeration values:
+        (JSC::RegisterFile::):
+
+        Simplified the calculation of whether a RegisterID is a temporary,
+        since we can no longer assume that all positive non-constant registers
+        are temporaries:
+        * VM/RegisterID.h:
+        (JSC::RegisterID::RegisterID):
+        (JSC::RegisterID::setTemporary):
+        (JSC::RegisterID::isTemporary):
+
+        Renamed firstArgumentIndex to firstParameterIndex because the assumption
+        that this variable pertained to the actual arguments supplied by the
+        caller caused me to write some buggy code:
+        * kjs/Arguments.cpp:
+        (JSC::ArgumentsData::ArgumentsData):
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::fillArgList):
+        (JSC::Arguments::getOwnPropertySlot):
+        (JSC::Arguments::put):
+
+        Updated for new call frame layout:
+        * kjs/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::functionName):
+        (JSC::DebuggerCallFrame::type):
+        * kjs/DebuggerCallFrame.h:
+
+        Changed the activation object to account for the fact that a call frame
+        header now sits between parameters and local variables. This change
+        requires all variable objects to do their own marking, since they
+        now use their register storage differently:
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::mark):
+        (JSC::JSActivation::copyRegisters):
+        (JSC::JSActivation::createArgumentsObject):
+        * kjs/JSActivation.h:
+
+        Updated global object to use the new interfaces required by the change
+        to JSActivation above:
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::mark):
+        (JSC::JSGlobalObject::copyGlobalsFrom):
+        (JSC::JSGlobalObject::copyGlobalsTo):
+        * kjs/JSGlobalObject.h:
+        (JSC::JSGlobalObject::addStaticGlobals):
+
+        Updated static scope object to use the new interfaces required by the 
+        change to JSActivation above:
+        * kjs/JSStaticScopeObject.cpp:
+        (JSC::JSStaticScopeObject::mark):
+        (JSC::JSStaticScopeObject::~JSStaticScopeObject):
+        * kjs/JSStaticScopeObject.h:
+        (JSC::JSStaticScopeObject::JSStaticScopeObject):
+        (JSC::JSStaticScopeObject::d):
+
+        Updated variable object to use the new interfaces required by the 
+        change to JSActivation above:
+        * kjs/JSVariableObject.cpp:
+        (JSC::JSVariableObject::copyRegisterArray):
+        (JSC::JSVariableObject::setRegisters):
+        * kjs/JSVariableObject.h:
+
+        Changed the bit twiddling in symbol table not to assume that all indices
+        are negative, since they can be positive now:
+        * kjs/SymbolTable.h:
+        (JSC::SymbolTableEntry::SymbolTableEntry):
+        (JSC::SymbolTableEntry::isNull):
+        (JSC::SymbolTableEntry::getIndex):
+        (JSC::SymbolTableEntry::getAttributes):
+        (JSC::SymbolTableEntry::setAttributes):
+        (JSC::SymbolTableEntry::isReadOnly):
+        (JSC::SymbolTableEntry::pack):
+        (JSC::SymbolTableEntry::isValidIndex):
+
+        Changed call and construct nodes to ref their functions and/or bases,
+        so that emitCall/emitConstruct doesn't overwrite them with parameters.
+        Also, updated for rename to registerFor:
+        * kjs/nodes.cpp:
+        (JSC::ResolveNode::emitCode):
+        (JSC::NewExprNode::emitCode):
+        (JSC::EvalFunctionCallNode::emitCode):
+        (JSC::FunctionCallValueNode::emitCode):
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::FunctionCallBracketNode::emitCode):
+        (JSC::FunctionCallDotNode::emitCode):
+        (JSC::PostfixResolveNode::emitCode):
+        (JSC::DeleteResolveNode::emitCode):
+        (JSC::TypeOfResolveNode::emitCode):
+        (JSC::PrefixResolveNode::emitCode):
+        (JSC::ReadModifyResolveNode::emitCode):
+        (JSC::AssignResolveNode::emitCode):
+        (JSC::ConstDeclNode::emitCodeSingle):
+        (JSC::ForInNode::emitCode):
+
+        Added abstraction for getting exception info out of a call through a
+        register:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitCall):
+        
+        Removed duplicate #if:
+        * wtf/Platform.h:
+
+2008-09-23  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        Bug 21030: The JS debugger breaks on the do of a do-while not the while
+        (where the conditional statement is)
+        https://bugs.webkit.org/show_bug.cgi?id=21030
+        Now the statementListEmitCode detects if a do-while node is being
+        emited and emits the debug hook on the last line instead of the first.
+
+        This change had no effect on sunspider.
+
+        * kjs/nodes.cpp:
+        (JSC::statementListEmitCode):
+        * kjs/nodes.h:
+        (JSC::StatementNode::isDoWhile):
+        (JSC::DoWhileNode::isDoWhile):
+
+2008-09-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - inline the fast case of instanceof
+        https://bugs.webkit.org/show_bug.cgi?id=20818
+
+        ~2% speedup on EarleyBoyer test.
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_instanceof):
+
+2008-09-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - add forgotten slow case logic for !==
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileSlowCases):
+
+2008-09-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - inline the fast cases of !==, same as for ===
+        
+        2.9% speedup on EarleyBoyer benchmark
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpStrictEq): Factored stricteq codegen into this function,
+        and parameterized so it can do the reverse version as well.
+        (JSC::CTI::privateCompileMainPass): Use the above for stricteq and nstricteq.
+        * VM/CTI.h:
+        (JSC::CTI::): Declare above stuff.
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_nstricteq): Removed fast cases, now handled inline.
+
+2008-09-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20989: Aguments constructor should put 'callee' and 'length' properties in a more efficient way
+        <https://bugs.webkit.org/show_bug.cgi?id=20989>
+
+        Make special cases for the 'callee' and 'length' properties in the
+        Arguments object.
+
+        This is somewhere between a 7.8% speedup and a 10% speedup on the V8
+        Raytrace benchmark, depending on whether it is run alone or with the
+        other V8 benchmarks.
+
+        * kjs/Arguments.cpp:
+        (JSC::ArgumentsData::ArgumentsData):
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::mark):
+        (JSC::Arguments::getOwnPropertySlot):
+        (JSC::Arguments::put):
+        (JSC::Arguments::deleteProperty):
+
+2008-09-23  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin.
+
+        - speed up instanceof some more
+        https://bugs.webkit.org/show_bug.cgi?id=20818
+        
+        ~2% speedup on EarleyBoyer
+
+        The idea here is to record in the StructureID whether the class
+        needs a special hasInstance or if it can use the normal logic from
+        JSObject. 
+        
+        Based on this I inlined the real work directly into
+        cti_op_instanceof and put the fastest checks up front and the
+        error handling at the end (so it should be fairly straightforward
+        to split off the beginning to be inlined if desired).
+
+        I only did this for CTI, not the bytecode interpreter.
+        
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructureID):
+        * ChangeLog:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_instanceof):
+        * kjs/JSImmediate.h:
+        (JSC::JSImmediate::isAnyImmediate):
+        * kjs/TypeInfo.h:
+        (JSC::TypeInfo::overridesHasInstance):
+        (JSC::TypeInfo::flags):
+
+2008-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=21019
+          make FunctionBodyNode::ref/deref fast
+
+        Speeds up v8-raytrace by 7.2%.
+
+        * kjs/nodes.cpp:
+        (JSC::FunctionBodyNode::FunctionBodyNode): Initialize m_refCount to 0.
+        * kjs/nodes.h:
+        (JSC::FunctionBodyNode::ref): Call base class ref once, and thereafter use
+        m_refCount.
+        (JSC::FunctionBodyNode::deref): Ditto, but the deref side.
+
+2008-09-22  Darin Adler  <darin@apple.com>
+
+        Pointed out by Sam Weinig.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::fillArgList): Fix bad copy and paste. Oops!
+
+2008-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20983
+          ArgumentsData should have some room to allocate some extra arguments inline
+
+        Speeds up v8-raytrace by 5%.
+
+        * kjs/Arguments.cpp:
+        (JSC::ArgumentsData::ArgumentsData): Use a fixed buffer if there are 4 or fewer
+        extra arguments.
+        (JSC::Arguments::Arguments): Use a fixed buffer if there are 4 or fewer
+        extra arguments.
+        (JSC::Arguments::~Arguments): Delete the buffer if necessary.
+        (JSC::Arguments::mark): Update since extraArguments are now Register.
+        (JSC::Arguments::fillArgList): Added special case for the only case that's
+        actually used in the practice, when there are no parameters. There are some
+        other special cases in there too, but that's the only one that matters.
+        (JSC::Arguments::getOwnPropertySlot): Updated to use setValueSlot since there's
+        no operation to get you at the JSValue* inside a Register as a "slot".
+
+2008-09-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=21014
+        Speed up for..in by using StructureID to avoid calls to hasProperty
+
+        Speeds up fasta by 8%.
+
+        * VM/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::invalidate):
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::next):
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArrayData::begin):
+        (JSC::PropertyNameArrayData::end):
+        (JSC::PropertyNameArrayData::setCachedStructureID):
+        (JSC::PropertyNameArrayData::cachedStructureID):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames):
+        (JSC::structureIDChainsAreEqual):
+        * kjs/StructureID.h:
+
+2008-09-22  Kelvin Sherlock  <ksherlock@gmail.com>
+
+        Updated and tweaked by Sam Weinig.
+
+        Reviewed by Geoffrey Garen.
+
+        Bug 20020: Proposed enhancement to JavaScriptCore API
+        <https://bugs.webkit.org/show_bug.cgi?id=20020>
+
+        Add JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError, and JSObjectMakeRegExp
+        functions to create JavaScript Array, Date, Error, and RegExp objects, respectively.
+
+        * API/JSObjectRef.cpp: The functions
+        * API/JSObjectRef.h: Function prototype and documentation
+        * JavaScriptCore.exp: Added functions to exported function list
+        * API/tests/testapi.c: Added basic functionality tests.
+
+        * kjs/DateConstructor.cpp:
+        Replaced static JSObject* constructDate(ExecState* exec, JSObject*, const ArgList& args)
+        with JSObject* constructDate(ExecState* exec, const ArgList& args).
+        Added static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args) function
+
+        * kjs/DateConstructor.h:
+        added prototype for JSObject* constructDate(ExecState* exec, const ArgList& args)
+
+        * kjs/ErrorConstructor.cpp:
+        removed static qualifier from ErrorInstance* constructError(ExecState* exec, const ArgList& args)
+
+        * kjs/ErrorConstructor.h:
+        added prototype for ErrorInstance* constructError(ExecState* exec, const ArgList& args)
+
+        * kjs/RegExpConstructor.cpp:
+        removed static qualifier from JSObject* constructRegExp(ExecState* exec, const ArgList& args)
+
+        * kjs/RegExpConstructor.h:
+        added prototype for JSObject* constructRegExp(ExecState* exec, const ArgList& args)
+
+2008-09-22  Matt Lilek  <webkit@mattlilek.com>
+
+        Not reviewed, Windows build fix.
+
+        * kjs/Arguments.cpp:
+        * kjs/FunctionPrototype.cpp:
+
+2008-09-22  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=20982
+        Speed up the apply method of functions by special-casing array and 'arguments' objects
+
+        1% speedup on v8-raytrace.
+
+        Test: fast/js/function-apply.html
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::fillArgList):
+        * kjs/Arguments.h:
+        * kjs/FunctionPrototype.cpp:
+        (JSC::functionProtoFuncApply):
+        * kjs/JSArray.cpp:
+        (JSC::JSArray::fillArgList):
+        * kjs/JSArray.h:
+
+2008-09-22  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20993
+          Array.push/pop need optimized cases for JSArray
+
+        3% or so speedup on DeltaBlue benchmark.
+
+        * kjs/ArrayPrototype.cpp:
+        (JSC::arrayProtoFuncPop): Call JSArray::pop when appropriate.
+        (JSC::arrayProtoFuncPush): Call JSArray::push when appropriate.
+
+        * kjs/JSArray.cpp:
+        (JSC::JSArray::putSlowCase): Set m_fastAccessCutoff when appropriate, getting
+        us into the fast code path.
+        (JSC::JSArray::pop): Added.
+        (JSC::JSArray::push): Added.
+        * kjs/JSArray.h: Added push and pop.
+
+        * kjs/operations.cpp:
+        (JSC::throwOutOfMemoryError): Don't inline this. Helps us avoid PIC branches.
+
+2008-09-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - speed up instanceof operator by replacing implementsHasInstance method with a TypeInfo flag
+
+        Partial work towards <https://bugs.webkit.org/show_bug.cgi?id=20818>
+        
+        2.2% speedup on EarleyBoyer benchmark.
+
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackConstructor.h:
+        (JSC::JSCallbackConstructor::createStructureID):
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        (JSC::JSCallbackFunction::createStructureID):
+        * API/JSCallbackObject.h:
+        (JSC::JSCallbackObject::createStructureID):
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::hasInstance):
+        * API/JSValueRef.cpp:
+        (JSValueIsInstanceOfConstructor):
+        * JavaScriptCore.exp:
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_instanceof):
+        * kjs/InternalFunction.cpp:
+        * kjs/InternalFunction.h:
+        (JSC::InternalFunction::createStructureID):
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/TypeInfo.h:
+        (JSC::TypeInfo::implementsHasInstance):
+
+2008-09-22  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dave Hyatt.
+        
+        Based on initial work by Darin Adler.
+        
+        - replace masqueradesAsUndefined virtual method with a flag in TypeInfo
+        - use this to JIT inline code for eq_null and neq_null
+        https://bugs.webkit.org/show_bug.cgi?id=20823
+
+        0.5% speedup on SunSpider
+        ~4% speedup on Richards benchmark
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/Machine.cpp:
+        (JSC::jsTypeStringForValue):
+        (JSC::jsIsObjectType):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_is_undefined):
+        * VM/Machine.h:
+        * kjs/JSCell.h:
+        * kjs/JSValue.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::create):
+        (JSC::StringObjectThatMasqueradesAsUndefined::createStructureID):
+        * kjs/StructureID.h:
+        (JSC::StructureID::mutableTypeInfo):
+        * kjs/TypeInfo.h:
+        (JSC::TypeInfo::TypeInfo):
+        (JSC::TypeInfo::masqueradesAsUndefined):
+        * kjs/operations.cpp:
+        (JSC::equal):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::setne_r):
+        (JSC::X86Assembler::setnz_r):
+        (JSC::X86Assembler::testl_i32m):
+
+2008-09-22  Tor Arne Vestbø  <tavestbo@trolltech.com>
+
+        Reviewed by Simon.
+
+        Initialize QCoreApplication in kjs binary/Shell.cpp
+        
+        This allows us to use QCoreApplication::instance() to
+        get the main thread in ThreadingQt.cpp
+
+        * kjs/Shell.cpp:
+        (main):
+        * wtf/ThreadingQt.cpp:
+        (WTF::initializeThreading):
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        - blind attempt to fix non-all-in-one builds
+
+        * kjs/JSGlobalObject.cpp: Added includes of Arguments.h and RegExpObject.h.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        - fix debug build
+
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::addPropertyTransition): Use typeInfo().type() instead of m_type.
+        (JSC::StructureID::createCachedPrototypeChain): Ditto.
+
+2008-09-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        - introduce a TypeInfo class, for holding per-type (in the C++ class sense) date in StructureID
+        https://bugs.webkit.org/show_bug.cgi?id=20981
+
+        * JavaScriptCore.exp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        * VM/Machine.cpp:
+        (JSC::jsIsObjectType):
+        (JSC::Machine::Machine):
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSCell.h:
+        (JSC::JSCell::isObject):
+        (JSC::JSCell::isString):
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        * kjs/JSGlobalObject.h:
+        (JSC::StructureID::prototypeForLookup):
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::createStructureID):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::createInheritorID):
+        * kjs/JSObject.h:
+        (JSC::JSObject::createStructureID):
+        * kjs/JSString.h:
+        (JSC::JSString::createStructureID):
+        * kjs/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        * kjs/RegExpConstructor.cpp:
+        * kjs/RegExpMatchesArray.h: Added.
+        (JSC::RegExpMatchesArray::getOwnPropertySlot):
+        (JSC::RegExpMatchesArray::put):
+        (JSC::RegExpMatchesArray::deleteProperty):
+        (JSC::RegExpMatchesArray::getPropertyNames):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::addPropertyTransition):
+        (JSC::StructureID::toDictionaryTransition):
+        (JSC::StructureID::changePrototypeTransition):
+        (JSC::StructureID::getterSetterTransition):
+        * kjs/StructureID.h:
+        (JSC::StructureID::create):
+        (JSC::StructureID::typeInfo):
+        * kjs/TypeInfo.h: Added.
+        (JSC::TypeInfo::TypeInfo):
+        (JSC::TypeInfo::type):
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - fix crash logging into Gmail due to recent Arguments change
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::Arguments): Fix window where mark() function could
+        see d->extraArguments with uninitialized contents.
+        (JSC::Arguments::mark): Check d->extraArguments for 0 to handle two
+        cases: 1) Inside the constructor before it's initialized.
+        2) numArguments <= numParameters.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        - fix loose end from the "duplicate constant values" patch
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitLoad): Add a special case for values the
+        hash table can't handle.
+
+2008-09-21  Mark Rowe  <mrowe@apple.com>
+
+        Fix the non-AllInOneFile build.
+
+        * kjs/Arguments.cpp: Add missing #include.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich and Mark Rowe.
+
+        - fix test failure caused by my recent IndexToNameMap patch
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::deleteProperty): Added the accidentally-omitted
+        check of the boolean result from toArrayIndex.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20975
+          inline immediate-number case of ==
+
+        * VM/CTI.h: Renamed emitJumpSlowCaseIfNotImm to
+        emitJumpSlowCaseIfNotImmNum, since the old name was incorrect.
+
+        * VM/CTI.cpp: Updated for new name.
+        (JSC::CTI::privateCompileMainPass): Added op_eq.
+        (JSC::CTI::privateCompileSlowCases): Added op_eq.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_eq): Removed fast case, since it's now
+        compiled.
+
+2008-09-21  Peter Gal  <galpter@inf.u-szeged.hu>
+
+        Reviewed by Tim Hatcher and Eric Seidel.
+
+        Fix the QT/Linux JavaScriptCore segmentation fault.
+        https://bugs.webkit.org/show_bug.cgi?id=20914
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::initializeThreading): Use currentThread() if
+        platform is not a MAC (like in pre 36541 revisions)
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        * kjs/debugger.h: Removed some unneeded includes and declarations.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20972
+          speed up Arguments further by eliminating the IndexToNameMap
+
+        No change on SunSpider. 1.29x as fast on V8 Raytrace.
+
+        * kjs/Arguments.cpp: Moved ArgumentsData in here. Eliminated the
+        indexToNameMap and hadDeletes data members. Changed extraArguments into
+        an OwnArrayPtr and added deletedArguments, another OwnArrayPtr.
+        Replaced numExtraArguments with numParameters, since that's what's
+        used more directly in hot code paths.
+        (JSC::Arguments::Arguments): Pass in argument count instead of ArgList.
+        Initialize ArgumentsData the new way.
+        (JSC::Arguments::mark): Updated.
+        (JSC::Arguments::getOwnPropertySlot): Overload for the integer form so
+        we don't have to convert integers to identifiers just to get an argument.
+        Integrated the deleted case with the fast case.
+        (JSC::Arguments::put): Ditto.
+        (JSC::Arguments::deleteProperty): Ditto.
+
+        * kjs/Arguments.h: Minimized includes. Made everything private. Added
+        overloads for the integral property name case. Eliminated mappedIndexSetter.
+        Moved ArgumentsData into the .cpp file.
+
+        * kjs/IndexToNameMap.cpp: Emptied out and prepared for deletion.
+        * kjs/IndexToNameMap.h: Ditto.
+
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::createArgumentsObject): Elminated ArgList.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        Removed IndexToNameMap.
+
+2008-09-21  Darin Adler  <darin@apple.com>
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitLoad): One more tweak: Wrote this in a slightly
+        clearer style.
+
+2008-09-21  Judit Jasz  <jasy@inf.u-szeged.hu>
+
+        Reviewed and tweaked by Darin Adler.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20645
+          Elminate duplicate constant values in CodeBlocks.
+
+        Seems to be a wash on SunSpider.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitLoad): Use m_numberMap and m_stringMap to guarantee
+        we emit the same JSValue* for identical numbers and strings.
+        * VM/CodeGenerator.h: Added overload of emitLoad for const Identifier&.
+        Add NumberMap and IdentifierStringMap types and m_numberMap and m_stringMap.
+        * kjs/nodes.cpp:
+        (JSC::StringNode::emitCode): Call the new emitLoad and let it do the
+        JSString creation.
+
+2008-09-21  Paul Pedriana  <webkit@pedriana.com>
+
+        Reviewed and tweaked by Darin Adler.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=16925
+          Fixed lack of Vector buffer alignment for both GCC and MSVC.
+          Since there's no portable way to do this, for now we don't support
+          other compilers.
+
+        * wtf/Vector.h: Added WTF_ALIGH_ON, WTF_ALIGNED, AlignedBufferChar, and AlignedBuffer.
+        Use AlignedBuffer insteadof an array of char in VectorBuffer.
+
+2008-09-21  Gabor Loki  <loki@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=19408
+          Add lightweight constant folding to the parser for *, /, + (only for numbers), <<, >>, ~ operators.
+
+        1.008x as fast on SunSpider.
+
+        * kjs/grammar.y:
+        (makeNegateNode): Fold if expression is a number > 0.
+        (makeBitwiseNotNode): Fold if expression is a number.
+        (makeMultNode): Fold if expressions are both numbers.
+        (makeDivNode): Fold if expressions are both numbers.
+        (makeAddNode): Fold if expressions are both numbers.
+        (makeLeftShiftNode): Fold if expressions are both numbers.
+        (makeRightShiftNode): Fold if expressions are both numbers.
+
+2008-09-21  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - speed up === operator by generating inline machine code for the fast paths
+        https://bugs.webkit.org/show_bug.cgi?id=20820
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumber):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumbers):
+        (JSC::CTI::emitJumpSlowCaseIfNotImmediates):
+        (JSC::CTI::emitTagAsBoolImmediate):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_stricteq):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::sete_r):
+        (JSC::X86Assembler::setz_r):
+        (JSC::X86Assembler::movzbl_rr):
+        (JSC::X86Assembler::emitUnlinkedJnz):
+
+2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Free memory allocated for extra arguments in the destructor of the
+        Arguments object.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::~Arguments):
+        * kjs/Arguments.h:
+
+2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20815: 'arguments' object creation is non-optimal
+        <https://bugs.webkit.org/show_bug.cgi?id=20815>
+
+        Fix our inefficient way of creating the arguments object by only
+        creating named properties for each of the arguments after a use of the
+        'delete' statement. This patch also speeds up access to the 'arguments'
+        object slightly, but it still does not use the array fast path for
+        indexed access that exists for many opcodes.
+
+        This is about a 20% improvement on the V8 Raytrace benchmark, and a 1.5%
+        improvement on the Earley-Boyer benchmark, which gives a 4% improvement
+        overall.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::Arguments):
+        (JSC::Arguments::mark):
+        (JSC::Arguments::getOwnPropertySlot):
+        (JSC::Arguments::put):
+        (JSC::Arguments::deleteProperty):
+        * kjs/Arguments.h:
+        (JSC::Arguments::ArgumentsData::ArgumentsData):
+        * kjs/IndexToNameMap.h:
+        (JSC::IndexToNameMap::size):
+        * kjs/JSActivation.cpp:
+        (JSC::JSActivation::createArgumentsObject):
+        * kjs/JSActivation.h:
+        (JSC::JSActivation::uncheckedSymbolTableGet):
+        (JSC::JSActivation::uncheckedSymbolTableGetValue):
+        (JSC::JSActivation::uncheckedSymbolTablePut):
+        * kjs/JSFunction.h:
+        (JSC::JSFunction::numParameters):
+
+2008-09-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        - fix crash seen on buildbot
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::mark): Add back mark of arrayPrototype,
+        deleted by accident in my recent check-in.
+
+2008-09-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Not reviewed, build fix.
+        
+        - speculative fix for non-AllInOne builds
+
+        * kjs/operations.h:
+
+2008-09-20  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        - assorted optimizations to === and !== operators
+        (work towards <https://bugs.webkit.org/show_bug.cgi?id=20820>)
+        
+        2.5% speedup on earley-boyer test
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_stricteq): Use inline version of
+        strictEqualSlowCase; remove unneeded exception check.
+        (JSC::Machine::cti_op_nstricteq): ditto
+        * kjs/operations.cpp:
+        (JSC::strictEqual): Use strictEqualSlowCaseInline
+        (JSC::strictEqualSlowCase): ditto
+        * kjs/operations.h:
+        (JSC::strictEqualSlowCaseInline): Version of strictEqualSlowCase that can be inlined,
+        since the extra function call indirection is a lose for CTI.
+
+2008-09-20  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - finish https://bugs.webkit.org/show_bug.cgi?id=20858
+          make each distinct C++ class get a distinct JSC::Structure
+
+        This also includes some optimizations that make the change an overall
+        small speedup. Without those it was a bit of a slowdown.
+
+        * API/JSCallbackConstructor.cpp:
+        (JSC::JSCallbackConstructor::JSCallbackConstructor): Take a structure.
+        * API/JSCallbackConstructor.h: Ditto.
+        * API/JSCallbackFunction.cpp:
+        (JSC::JSCallbackFunction::JSCallbackFunction): Pass a structure.
+        * API/JSCallbackObject.h: Take a structure.
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::JSCallbackObject::JSCallbackObject): Ditto.
+
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype): Pass in a structure. Call setPrototype
+        if there's a custom prototype involved.
+        * API/JSObjectRef.cpp:
+        (JSObjectMake): Ditto.
+        (JSObjectMakeConstructor): Pass in a structure.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/Machine.cpp:
+        (JSC::jsLess): Added a special case for when both arguments are strings.
+        This avoids converting both strings to with UString::toDouble.
+        (JSC::jsLessEq): Ditto.
+        (JSC::Machine::privateExecute): Pass in a structure.
+        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
+        (JSC::Machine::cti_op_new_regexp): Ditto.
+        (JSC::Machine::cti_op_is_string): Ditto.
+        * VM/Machine.h: Made isJSString public so it can be used in the CTI.
+
+        * kjs/Arguments.cpp:
+        (JSC::Arguments::Arguments): Pass in a structure.
+
+        * kjs/JSCell.h: Mark constructor explicit.
+
+        * kjs/JSGlobalObject.cpp:
+        (JSC::markIfNeeded): Added an overload for marking structures.
+        (JSC::JSGlobalObject::reset): Eliminate code to set data members to
+        zero. We now do that in the constructor, and we no longer use this
+        anywhere except in the constructor. Added code to create structures.
+        Pass structures rather than prototypes when creating objects.
+        (JSC::JSGlobalObject::mark): Mark the structures.
+
+        * kjs/JSGlobalObject.h: Removed unneeded class declarations.
+        Added initializers for raw pointers in JSGlobalObjectData so
+        everything starts with a 0. Added structure data and accessor
+        functions.
+
+        * kjs/JSImmediate.cpp:
+        (JSC::JSImmediate::nonInlineNaN): Added.
+        * kjs/JSImmediate.h:
+        (JSC::JSImmediate::toDouble): Rewrote to avoid PIC branches.
+
+        * kjs/JSNumberCell.cpp:
+        (JSC::jsNumberCell): Made non-inline to avoid PIC branches
+        in functions that call this one.
+        (JSC::jsNaN): Ditto.
+        * kjs/JSNumberCell.h: Ditto.
+
+        * kjs/JSObject.h: Removed constructor that takes a prototype.
+        All callers now pass structures.
+
+        * kjs/ArrayConstructor.cpp:
+        (JSC::ArrayConstructor::ArrayConstructor):
+        (JSC::constructArrayWithSizeQuirk):
+        * kjs/ArrayConstructor.h:
+        * kjs/ArrayPrototype.cpp:
+        (JSC::ArrayPrototype::ArrayPrototype):
+        * kjs/ArrayPrototype.h:
+        * kjs/BooleanConstructor.cpp:
+        (JSC::BooleanConstructor::BooleanConstructor):
+        (JSC::constructBoolean):
+        (JSC::constructBooleanFromImmediateBoolean):
+        * kjs/BooleanConstructor.h:
+        * kjs/BooleanObject.cpp:
+        (JSC::BooleanObject::BooleanObject):
+        * kjs/BooleanObject.h:
+        * kjs/BooleanPrototype.cpp:
+        (JSC::BooleanPrototype::BooleanPrototype):
+        * kjs/BooleanPrototype.h:
+        * kjs/DateConstructor.cpp:
+        (JSC::DateConstructor::DateConstructor):
+        (JSC::constructDate):
+        * kjs/DateConstructor.h:
+        * kjs/DateInstance.cpp:
+        (JSC::DateInstance::DateInstance):
+        * kjs/DateInstance.h:
+        * kjs/DatePrototype.cpp:
+        (JSC::DatePrototype::DatePrototype):
+        * kjs/DatePrototype.h:
+        * kjs/ErrorConstructor.cpp:
+        (JSC::ErrorConstructor::ErrorConstructor):
+        (JSC::constructError):
+        * kjs/ErrorConstructor.h:
+        * kjs/ErrorInstance.cpp:
+        (JSC::ErrorInstance::ErrorInstance):
+        * kjs/ErrorInstance.h:
+        * kjs/ErrorPrototype.cpp:
+        (JSC::ErrorPrototype::ErrorPrototype):
+        * kjs/ErrorPrototype.h:
+        * kjs/FunctionConstructor.cpp:
+        (JSC::FunctionConstructor::FunctionConstructor):
+        * kjs/FunctionConstructor.h:
+        * kjs/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::FunctionPrototype):
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * kjs/FunctionPrototype.h:
+        * kjs/GlobalEvalFunction.cpp:
+        (JSC::GlobalEvalFunction::GlobalEvalFunction):
+        * kjs/GlobalEvalFunction.h:
+        * kjs/InternalFunction.cpp:
+        (JSC::InternalFunction::InternalFunction):
+        * kjs/InternalFunction.h:
+        (JSC::InternalFunction::InternalFunction):
+        * kjs/JSArray.cpp:
+        (JSC::JSArray::JSArray):
+        (JSC::constructEmptyArray):
+        (JSC::constructArray):
+        * kjs/JSArray.h:
+        * kjs/JSFunction.cpp:
+        (JSC::JSFunction::JSFunction):
+        (JSC::JSFunction::construct):
+        * kjs/JSObject.cpp:
+        (JSC::constructEmptyObject):
+        * kjs/JSString.cpp:
+        (JSC::StringObject::create):
+        * kjs/JSWrapperObject.h:
+        * kjs/MathObject.cpp:
+        (JSC::MathObject::MathObject):
+        * kjs/MathObject.h:
+        * kjs/NativeErrorConstructor.cpp:
+        (JSC::NativeErrorConstructor::NativeErrorConstructor):
+        (JSC::NativeErrorConstructor::construct):
+        * kjs/NativeErrorConstructor.h:
+        * kjs/NativeErrorPrototype.cpp:
+        (JSC::NativeErrorPrototype::NativeErrorPrototype):
+        * kjs/NativeErrorPrototype.h:
+        * kjs/NumberConstructor.cpp:
+        (JSC::NumberConstructor::NumberConstructor):
+        (JSC::constructWithNumberConstructor):
+        * kjs/NumberConstructor.h:
+        * kjs/NumberObject.cpp:
+        (JSC::NumberObject::NumberObject):
+        (JSC::constructNumber):
+        (JSC::constructNumberFromImmediateNumber):
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.cpp:
+        (JSC::NumberPrototype::NumberPrototype):
+        * kjs/NumberPrototype.h:
+        * kjs/ObjectConstructor.cpp:
+        (JSC::ObjectConstructor::ObjectConstructor):
+        (JSC::constructObject):
+        * kjs/ObjectConstructor.h:
+        * kjs/ObjectPrototype.cpp:
+        (JSC::ObjectPrototype::ObjectPrototype):
+        * kjs/ObjectPrototype.h:
+        * kjs/PrototypeFunction.cpp:
+        (JSC::PrototypeFunction::PrototypeFunction):
+        * kjs/PrototypeFunction.h:
+        * kjs/RegExpConstructor.cpp:
+        (JSC::RegExpConstructor::RegExpConstructor):
+        (JSC::RegExpMatchesArray::RegExpMatchesArray):
+        (JSC::constructRegExp):
+        * kjs/RegExpConstructor.h:
+        * kjs/RegExpObject.cpp:
+        (JSC::RegExpObject::RegExpObject):
+        * kjs/RegExpObject.h:
+        * kjs/RegExpPrototype.cpp:
+        (JSC::RegExpPrototype::RegExpPrototype):
+        * kjs/RegExpPrototype.h:
+        * kjs/Shell.cpp:
+        (GlobalObject::GlobalObject):
+        * kjs/StringConstructor.cpp:
+        (JSC::StringConstructor::StringConstructor):
+        (JSC::constructWithStringConstructor):
+        * kjs/StringConstructor.h:
+        * kjs/StringObject.cpp:
+        (JSC::StringObject::StringObject):
+        * kjs/StringObject.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+        * kjs/StringPrototype.cpp:
+        (JSC::StringPrototype::StringPrototype):
+        * kjs/StringPrototype.h:
+        Take and pass structures.
+
+2008-09-19  Alp Toker  <alp@nuanti.com>
+
+        Build fix for the 'gold' linker and recent binutils. New behaviour
+        requires that we link to used libraries explicitly.
+
+        * GNUmakefile.am:
+
+2008-09-19  Sam Weinig  <sam@webkit.org>
+
+        Roll r36694 back in.  It did not cause the crash.
+
+        * JavaScriptCore.exp:
+        * VM/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::invalidate):
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::getPropertyNames):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::getEnumerablePropertyNames):
+        * kjs/PropertyMap.h:
+        * kjs/PropertyNameArray.cpp:
+        (JSC::PropertyNameArray::add):
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArrayData::create):
+        (JSC::PropertyNameArrayData::propertyNameVector):
+        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
+        (JSC::PropertyNameArrayData::cachedPrototypeChain):
+        (JSC::PropertyNameArrayData::begin):
+        (JSC::PropertyNameArrayData::end):
+        (JSC::PropertyNameArrayData::PropertyNameArrayData):
+        (JSC::PropertyNameArray::PropertyNameArray):
+        (JSC::PropertyNameArray::addKnownUnique):
+        (JSC::PropertyNameArray::size):
+        (JSC::PropertyNameArray::operator[]):
+        (JSC::PropertyNameArray::begin):
+        (JSC::PropertyNameArray::end):
+        (JSC::PropertyNameArray::setData):
+        (JSC::PropertyNameArray::data):
+        (JSC::PropertyNameArray::releaseData):
+        * kjs/StructureID.cpp:
+        (JSC::structureIDChainsAreEqual):
+        (JSC::StructureID::getEnumerablePropertyNames):
+        (JSC::StructureID::clearEnumerationCache):
+        (JSC::StructureID::createCachedPrototypeChain):
+        * kjs/StructureID.h:
+
+2008-09-19  Sam Weinig  <sam@webkit.org>
+
+        Roll out r36694.
+
+        * JavaScriptCore.exp:
+        * VM/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::invalidate):
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::getPropertyNames):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::getEnumerablePropertyNames):
+        * kjs/PropertyMap.h:
+        * kjs/PropertyNameArray.cpp:
+        (JSC::PropertyNameArray::add):
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArray::PropertyNameArray):
+        (JSC::PropertyNameArray::addKnownUnique):
+        (JSC::PropertyNameArray::begin):
+        (JSC::PropertyNameArray::end):
+        (JSC::PropertyNameArray::size):
+        (JSC::PropertyNameArray::operator[]):
+        (JSC::PropertyNameArray::releaseIdentifiers):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::getEnumerablePropertyNames):
+        * kjs/StructureID.h:
+        (JSC::StructureID::clearEnumerationCache):
+
+2008-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Improve peformance of local variable initialisation.
+
+        Pull local and constant initialisation out of slideRegisterWindowForCall
+        and into its own opcode.  This allows the JIT to generate the initialisation
+        code for a function directly into the instruction stream and so avoids a few
+        branches on function entry.
+
+        Results a 1% progression in SunSpider, particularly in a number of the bitop
+        tests where the called functions are very fast. 
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitInitialiseRegister):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::CodeGenerator):
+        * VM/Machine.cpp:
+        (JSC::slideRegisterWindowForCall):
+        (JSC::Machine::privateExecute):
+        * VM/Opcode.h:
+
+2008-09-19  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=20928
+        Speed up JS property enumeration by caching entire PropertyNameArray
+
+        1.3% speedup on Sunspider, 30% on string-fasta.
+
+        * JavaScriptCore.exp:
+        * VM/JSPropertyNameIterator.cpp:
+        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::invalidate):
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        (JSC::JSPropertyNameIterator::create):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::getPropertyNames):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::getEnumerablePropertyNames):
+        * kjs/PropertyMap.h:
+        * kjs/PropertyNameArray.cpp:
+        (JSC::PropertyNameArray::add):
+        * kjs/PropertyNameArray.h:
+        (JSC::PropertyNameArrayData::create):
+        (JSC::PropertyNameArrayData::propertyNameVector):
+        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
+        (JSC::PropertyNameArrayData::cachedPrototypeChain):
+        (JSC::PropertyNameArrayData::begin):
+        (JSC::PropertyNameArrayData::end):
+        (JSC::PropertyNameArrayData::PropertyNameArrayData):
+        (JSC::PropertyNameArray::PropertyNameArray):
+        (JSC::PropertyNameArray::addKnownUnique):
+        (JSC::PropertyNameArray::size):
+        (JSC::PropertyNameArray::operator[]):
+        (JSC::PropertyNameArray::begin):
+        (JSC::PropertyNameArray::end):
+        (JSC::PropertyNameArray::setData):
+        (JSC::PropertyNameArray::data):
+        (JSC::PropertyNameArray::releaseData):
+        * kjs/ScopeChain.cpp:
+        (JSC::ScopeChainNode::print):
+        * kjs/StructureID.cpp:
+        (JSC::structureIDChainsAreEqual):
+        (JSC::StructureID::getEnumerablePropertyNames):
+        (JSC::StructureID::clearEnumerationCache):
+        (JSC::StructureID::createCachedPrototypeChain):
+        * kjs/StructureID.h:
+
+2008-09-19  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix a mismatched new[]/delete in JSObject::allocatePropertyStorage
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::allocatePropertyStorage): Spotted by valgrind.
+
+2008-09-19  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - part 2 of https://bugs.webkit.org/show_bug.cgi?id=20858
+          make each distinct C++ class get a distinct JSC::Structure
+
+        * JavaScriptCore.exp: Exported constructEmptyObject for use in WebCore.
+
+        * kjs/JSGlobalObject.h: Changed the protected constructor to take a
+        structure instead of a prototype.
+
+        * kjs/JSVariableObject.h: Removed constructor that takes a prototype.
+
+2008-09-19  Julien Chaffraix  <jchaffraix@pleyo.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Use the template hoisting technique on the RefCounted class. This reduces the code bloat due to
+        non-template methods' code been copied for each instance of the template.
+        The patch splits RefCounted between a base class that holds non-template methods and attributes
+        and the template RefCounted class that keeps the same functionnality.
+
+        On my Linux with gcc 4.3 for the Gtk port, this is:
+        - a ~600KB save on libwebkit.so in release.
+        - a ~1.6MB save on libwebkit.so in debug.
+
+        It is a wash on Sunspider and a small win on Dromaeo (not sure it is relevant).
+        On the whole, it should be a small win as we reduce the compiled code size and the only
+        new function call should be inlined by the compiler.
+
+        * wtf/RefCounted.h:
+        (WTF::RefCountedBase::ref): Copied from RefCounted.
+        (WTF::RefCountedBase::hasOneRef): Ditto.
+        (WTF::RefCountedBase::refCount): Ditto.
+        (WTF::RefCountedBase::RefCountedBase): Ditto.
+        (WTF::RefCountedBase::~RefCountedBase): Ditto.
+        (WTF::RefCountedBase::derefBase): Tweaked from the RefCounted version to remove
+        template section.
+        (WTF::RefCounted::RefCounted):
+        (WTF::RefCounted::deref): Small wrapper around RefCountedBase::derefBase().
+        (WTF::RefCounted::~RefCounted): Keep private destructor.
+
+2008-09-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - part 1 of https://bugs.webkit.org/show_bug.cgi?id=20858
+          make each distinct C++ class get a distinct JSC::Structure
+
+        * kjs/lookup.h: Removed things here that were used only in WebCore:
+        cacheGlobalObject, JSC_DEFINE_PROTOTYPE, JSC_DEFINE_PROTOTYPE_WITH_PROTOTYPE,
+        and JSC_IMPLEMENT_PROTOTYPE.
+
+2008-09-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20927
+          simplify/streamline the code to turn strings into identifiers while parsing
+
+        * kjs/grammar.y: Get rid of string from the union, and use ident for STRING as
+        well as for IDENT.
+
+        * kjs/lexer.cpp:
+        (JSC::Lexer::lex): Use makeIdentifier instead of makeUString for String.
+        * kjs/lexer.h: Remove makeUString.
+
+        * kjs/nodes.h: Changed StringNode to hold an Identifier instead of UString.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::keyForCharacterSwitch): Updated since StringNode now holds an Identifier.
+        (JSC::prepareJumpTableForStringSwitch): Ditto.
+        * kjs/nodes.cpp:
+        (JSC::StringNode::emitCode): Ditto. The comment from here is now in the lexer.
+        (JSC::processClauseList): Ditto.
+        * kjs/nodes2string.cpp:
+        (JSC::StringNode::streamTo): Ditto.
+
+2008-09-18  Sam Weinig  <sam@webkit.org>
+
+        Fix style.
+
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+
+2008-09-18  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20911: REGRESSION(r36480?): Reproducible assertion failure below derefStructureIDs 64-bit JavaScriptCore
+        <https://bugs.webkit.org/show_bug.cgi?id=20911>
+
+        The problem was simply caused by the int constructor for Instruction
+        failing to initialise the full struct in 64bit builds.
+
+        * VM/Instruction.h:
+        (JSC::Instruction::Instruction):
+
+2008-09-18  Darin Adler  <darin@apple.com>
+
+        - fix release build
+
+        * wtf/RefCountedLeakCounter.cpp: Removed stray "static".
+
+2008-09-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        * kjs/JSGlobalObject.h: Tiny style guideline tweak.
+
+2008-09-18  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=20925
+          LEAK messages appear every time I quit
+
+        * JavaScriptCore.exp: Updated, and also added an export
+        needed for future WebCore use of JSC::StructureID.
+
+        * wtf/RefCountedLeakCounter.cpp:
+        (WTF::RefCountedLeakCounter::suppressMessages): Added.
+        (WTF::RefCountedLeakCounter::cancelMessageSuppression): Added.
+        (WTF::RefCountedLeakCounter::RefCountedLeakCounter): Tweaked a bit.
+        (WTF::RefCountedLeakCounter::~RefCountedLeakCounter): Added code to
+        log the reason there was no leak checking done.
+        (WTF::RefCountedLeakCounter::increment): Tweaked a bit.
+        (WTF::RefCountedLeakCounter::decrement): Ditto.
+
+        * wtf/RefCountedLeakCounter.h: Replaced setLogLeakMessages with two
+        new functions, suppressMessages and cancelMessageSuppression. Also
+        added m_ prefixes to the data member names.
+
+2008-09-18  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Mark Rowe.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20437
+
+        Add a proper #define to define which XML Parser implementation to use. Client
+        code can use #if USE(QXMLSTREAM) to decide if the Qt XML StreamReader
+        implementation is going to be used.
+
+        * wtf/Platform.h:
+
+2008-09-18  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Make a Unicode non-breaking space count as a whitespace character in
+        PCRE. This change was already made in WREC, and it fixes one of the
+        Mozilla JS tests. Since it is now fixed in PCRE as well, we can check
+        in a new set of expected test results.
+
+        * pcre/pcre_internal.h:
+        (isSpaceChar):
+        * tests/mozilla/expected.html:
+
+2008-09-18  Stephanie Lewis  <slewis@apple.com>
+
+        Reviewed by Mark Rowe and Maciej Stachowiak.
+
+        add an option use arch to specify which architecture to run.
+
+        * tests/mozilla/jsDriver.pl:
+
+2008-09-17  Oliver Hunt  <oliver@apple.com>
+
+        Correctly restore argument reference prior to SFX runtime calls.
+        
+        Reviewed by Steve Falkenburg.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+
+2008-09-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20876: REGRESSION (r36417, r36427): fast/js/exception-expression-offset.html fails
+        <https://bugs.webkit.org/show_bug.cgi?id=20876>
+
+        r36417 and r36427 caused an get_by_id opcode to be emitted before the
+        instanceof and construct opcodes, in order to enable inline caching of
+        the prototype property. Unfortunately, this regressed some tests dealing
+        with exceptions thrown by 'instanceof' and the 'new' operator. We fix
+        these problems by detecting whether an "is not an object" exception is
+        thrown before op_instanceof or op_construct, and emit the proper
+        exception in those cases.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/CodeGenerator.h:
+        * VM/ExceptionHelpers.cpp:
+        (JSC::createInvalidParamError):
+        (JSC::createNotAConstructorError):
+        (JSC::createNotAnObjectError):
+        * VM/ExceptionHelpers.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::getOpcode):
+        (JSC::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/nodes.cpp:
+        (JSC::NewExprNode::emitCode):
+        (JSC::InstanceOfNode::emitCode):
+
+2008-09-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        JIT generation cti_op_construct_verify.
+        
+        Quarter to half percent progression on v8-tests.
+        Roughly not change on SunSpider (possible minor progression).
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+
+2008-09-15  Steve Falkenburg  <sfalken@apple.com>
+
+        Improve timer accuracy for JavaScript Date object on Windows.
+        
+        Use a combination of ftime and QueryPerformanceCounter.
+        ftime returns the information we want, but doesn't have sufficient resolution.
+        QueryPerformanceCounter has high resolution, but is only usable to measure time intervals.
+        To combine them, we call ftime and QueryPerformanceCounter initially. Later calls will use
+        QueryPerformanceCounter by itself, adding the delta to the saved ftime.  We re-sync to
+        correct for drift if the low-res and high-res elapsed time between calls differs by more
+        than twice the low-resolution timer resolution.
+        
+        QueryPerformanceCounter may be inaccurate due to a problems with:
+        - some PCI bridge chipsets (http://support.microsoft.com/kb/274323)
+        - BIOS bugs (http://support.microsoft.com/kb/895980/)
+        - BIOS/HAL bugs on multiprocessor/multicore systems (http://msdn.microsoft.com/en-us/library/ms644904.aspx)
+        
+        Reviewed by Darin Adler.
+
+        * kjs/DateMath.cpp:
+        (JSC::highResUpTime):
+        (JSC::lowResUTCTime):
+        (JSC::qpcAvailable):
+        (JSC::getCurrentUTCTimeWithMicroseconds):
+
+2008-09-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Implement JIT generation of CallFrame initialization, for op_call.
+
+        1% sunspider 2.5% v8-tests.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_call_NotJSFunction):
+
+2008-09-17  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Optimizations for op_call in CTI.  Move check for (ctiCode == 0) into JIT code,
+        move copying of scopeChain for CodeBlocks that needFullScopeChain into head of
+        functions, instead of checking prior to making the call.
+
+        3% on v8-tests (4% on richards, 6% in delta-blue)
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        * VM/Machine.cpp:
+        (JSC::Machine::execute):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_vm_compile):
+        (JSC::Machine::cti_vm_updateScopeChain):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+
+2008-09-17  Tor Arne Vestbø  <tavestbo@trolltech.com>
+
+        Fix the QtWebKit/Mac build
+
+        * wtf/ThreadingQt.cpp:
+        (WTF::initializeThreading): use QCoreApplication to get the main thread
+
+2008-09-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20857: REGRESSION (r36427): ASSERTION FAILED: m_refCount >= 0 in RegisterID::deref()
+        <https://bugs.webkit.org/show_bug.cgi?id=20857>
+
+        Fix a problem stemming from the slightly unsafe behaviour of the
+        CodeGenerator::finalDestination() method by putting the "func" argument
+        of the emitConstruct() method in a RefPtr in its caller. Also, add an
+        assertion guaranteeing that this is always the case.
+
+        CodeGenerator::finalDestination() is still incorrect and can cause
+        problems with a different allocator; see bug 20340 for more details.
+
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitConstruct):
+        * kjs/nodes.cpp:
+        (JSC::NewExprNode::emitCode):
+
+2008-09-16  Alice Liu  <alice.liu@apple.com>
+
+        build fix.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+
+2008-09-16  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        CTI code generation for op_ret.  The majority of the work
+        (updating variables on the stack & on exec) can be performed
+        directly in generated code.
+
+        We still need to check, & to call out to C-code to handle
+        activation records, profiling, and full scope chains.
+
+        +1.5% Sunspider, +5/6% v8 tests.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_ret_activation):
+        (JSC::Machine::cti_op_ret_profiler):
+        (JSC::Machine::cti_op_ret_scopeChain):
+        * VM/Machine.h:
+
+2008-09-16  Dimitri Glazkov  <dglazkov@chromium.org>
+
+        Fix the Windows build.
+
+        Add some extra parentheses to stop MSVC from complaining so much.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        * kjs/operations.cpp:
+        (JSC::strictEqual):
+
+2008-09-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - speed up the === and !== operators by choosing the fast cases better
+        
+        No effect on SunSpider but speeds up the V8 EarlyBoyer benchmark about 4%.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_stricteq):
+        (JSC::Machine::cti_op_nstricteq):
+        * kjs/JSImmediate.h:
+        (JSC::JSImmediate::areBothImmediate):
+        * kjs/operations.cpp:
+        (JSC::strictEqual):
+        (JSC::strictEqualSlowCase):
+        * kjs/operations.h:
+
+2008-09-15  Oliver Hunt  <oliver@apple.com>
+
+        RS=Sam Weinig.
+
+        Coding style cleanup.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+
+2008-09-15  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 20874: op_resolve does not do any form of caching
+        <https://bugs.webkit.org/show_bug.cgi?id=20874>
+
+        This patch adds an op_resolve_global opcode to handle (and cache)
+        property lookup we can statically determine must occur on the global
+        object (if at all).
+
+        3% progression on sunspider, 3.2x improvement to bitops-bitwise-and, and
+        10% in math-partial-sums
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::findScopedProperty):
+        (JSC::CodeGenerator::emitResolve):
+        * VM/Machine.cpp:
+        (JSC::resolveGlobal):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_resolve_global):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+
+2008-09-15  Sam Weinig  <sam@webkit.org>
+
+        Roll out r36462.  It broke document.all.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine):
+        (JSC::Machine::cti_op_eq_null):
+        (JSC::Machine::cti_op_neq_null):
+        * VM/Machine.h:
+        (JSC::Machine::isJSString):
+        * kjs/JSCell.h:
+        * kjs/JSWrapperObject.h:
+        * kjs/StringObject.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+
+2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20863: ASSERTION FAILED: addressOffset < instructions.size() in CodeBlock::getHandlerForVPC
+        <https://bugs.webkit.org/show_bug.cgi?id=20863>
+
+        r36427 changed the number of arguments to op_construct without changing
+        the argument index for the vPC in the call to initializeCallFrame() in
+        the CTI case. This caused a JSC test failure. Correcting the argument
+        index fixes the test failure.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_construct_JSConstruct):
+
+2008-09-15  Mark Rowe  <mrowe@apple.com>
+
+        Fix GCC 4.2 build.
+
+        * VM/CTI.h:
+
+2008-09-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Fixed a typo in op_get_by_id_chain that caused it to miss every time
+        in the interpreter.
+        
+        Also, a little cleanup.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): Set up baseObject before entering the
+        loop, so we compare against the right values.
+
+2008-09-15  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Removed the CalledAsConstructor flag from the call frame header. Now,
+        we use an explicit opcode at the call site to fix up constructor results.
+
+        SunSpider says 0.4% faster.
+        
+        cti_op_construct_verify is an out-of-line function call for now, but we
+        can fix that once StructureID holds type information like isObject.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass): Codegen for the new opcode.
+
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+
+        * VM/CodeGenerator.cpp: Codegen for the new opcode. Also...
+        (JSC::CodeGenerator::emitCall): ... don't test for known non-zero value.
+        (JSC::CodeGenerator::emitConstruct): ... ditto.
+
+        * VM/Machine.cpp: No more CalledAsConstructor
+        (JSC::Machine::privateExecute): Implementation for the new opcode.
+        (JSC::Machine::cti_op_ret): The speedup: no need to check whether we were
+        called as a constructor.
+        (JSC::Machine::cti_op_construct_verify): Implementation for the new opcode.
+        * VM/Machine.h:
+
+        * VM/Opcode.h: Declare new opcode.
+
+        * VM/RegisterFile.h:
+        (JSC::RegisterFile::): No more CalledAsConstructor
+
+2008-09-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Inline code generation of eq_null/neq_null for CTI.  Uses vptr checking for
+        StringObjectsThatAreMasqueradingAsBeingUndefined.  In the long run, the
+        masquerading may be handled differently (through the StructureIDs - see bug
+        #20823).
+
+        >1% on v8-tests.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitJumpSlowCaseIfIsJSCell):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine):
+        (JSC::Machine::cti_op_eq_null):
+        (JSC::Machine::cti_op_neq_null):
+        * VM/Machine.h:
+        (JSC::Machine::doesMasqueradesAsUndefined):
+        * kjs/JSWrapperObject.h:
+        (JSC::JSWrapperObject::):
+        (JSC::JSWrapperObject::JSWrapperObject):
+        * kjs/StringObject.h:
+        (JSC::StringObject::StringObject):
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
+
+2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Oliver Hunt.
+
+        r36427 broke CodeBlock::dump() by changing the number of arguments to
+        op_construct without changing the code that prints it. This patch fixes
+        it by printing the additional argument.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+
+2008-09-15  Adam Roben  <aroben@apple.com>
+
+        Build fix
+
+        * kjs/StructureID.cpp: Removed a stray semicolon.
+
+2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix a crash in fast/js/exception-expression-offset.html caused by not
+        updating all mentions of the length of op_construct in r36427.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_construct_NotJSConstruct):
+
+2008-09-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - fix layout test failure introduced by fix for 20849
+        
+        (The failing test was fast/js/delete-then-put.html)
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::removeDirect): Clear enumeration cache
+        in the dictionary case.
+        * kjs/JSObject.h:
+        (JSC::JSObject::putDirect): Ditto.
+        * kjs/StructureID.h:
+        (JSC::StructureID::clearEnumerationCache): Inline to handle the
+        clear.
+
+2008-09-15  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - fix JSC test failures introduced by fix for 20849
+
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::getEnumerablePropertyNames): Use the correct count.
+
+2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20851: REGRESSION (r36410): fast/js/kde/GlobalObject.html fails
+        <https://bugs.webkit.org/show_bug.cgi?id=20851>
+
+        r36410 introduced an optimization for parseInt() that is incorrect when
+        its argument is larger than the range of a 32-bit integer. If the
+        argument is a number that is not an immediate integer, then the correct
+        behaviour is to return the floor of its value, unless it is an infinite
+        value, in which case the correct behaviour is to return 0.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt):
+
+2008-09-15  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=20849
+        Cache property names for getEnumerablePropertyNames in the StructureID.
+
+        ~0.5% speedup on Sunspider overall (9.7% speedup on string-fasta).  ~1% speedup
+        on the v8 test suite.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::getPropertyNames):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::getEnumerablePropertyNames):
+        * kjs/PropertyMap.h:
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::getEnumerablePropertyNames):
+        * kjs/StructureID.h:
+
+2008-09-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - speed up JS construction by extracting "prototype" lookup so PIC applies.
+        
+        ~0.5% speedup on SunSpider
+        Speeds up some of the V8 tests as well, most notably earley-boyer.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileOpCall): Account for extra arg for prototype.
+        (JSC::CTI::privateCompileMainPass): Account for increased size of op_construct.
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitConstruct): Emit separate lookup to get prototype property.
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): Expect prototype arg in op_construct.
+        (JSC::Machine::cti_op_construct_JSConstruct): ditto
+        (JSC::Machine::cti_op_construct_NotJSConstruct): ditto
+
+2008-09-10  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        Add a protected destructor for RefCounted.
+
+        It is wrong to call its destructor directly, because (1) this should be taken care of by
+        deref(), and (2) many classes that use RefCounted have non-virtual destructors.
+
+        No change in behavior.
+
+        * wtf/RefCounted.h: (WTF::RefCounted::~RefCounted):
+
+2008-09-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Accelerated property accesses.
+
+        Inline more of the array access code into the JIT code for get/put_by_val.
+        Accelerate get/put_by_id by speculatively inlining a disable direct access
+        into the hot path of the code, and repatch this with the correct StructureID
+        and property map offset once these are known.  In the case of accesses to the
+        prototype and reading the array-length a trampoline is genertaed, and the
+        branch to the slow-case is relinked to jump to this.
+
+        By repatching, we mean rewriting the x86 instruction stream.  Instructions are
+        only modified in a simple fasion - altering immediate operands, memory access
+        deisplacements, and branch offsets.
+        
+        For regular get_by_id/put_by_id accesses to an object, a StructureID in an
+        instruction's immediate operant is updateded, and a memory access operation's
+        displacement is updated to access the correct field on the object.  In the case
+        of more complex accesses (array length and get_by_id_prototype) the offset on
+        the branch to slow-case is updated, to now jump to a trampoline.
+
+        +2.8% sunspider, +13% v8-tests
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCall):
+        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
+        (JSC::CTI::CTI):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        (JSC::CTI::privateCompileArrayLengthTrampoline):
+        (JSC::CTI::privateCompileStringLengthTrampoline):
+        (JSC::CTI::patchGetByIdSelf):
+        (JSC::CTI::patchPutByIdReplace):
+        (JSC::CTI::privateCompilePatchGetArrayLength):
+        (JSC::CTI::privateCompilePatchGetStringLength):
+        * VM/CTI.h:
+        (JSC::CTI::compileGetByIdSelf):
+        (JSC::CTI::compileGetByIdProto):
+        (JSC::CTI::compileGetByIdChain):
+        (JSC::CTI::compilePutByIdReplace):
+        (JSC::CTI::compilePutByIdTransition):
+        (JSC::CTI::compileArrayLengthTrampoline):
+        (JSC::CTI::compileStringLengthTrampoline):
+        (JSC::CTI::compilePatchGetArrayLength):
+        (JSC::CTI::compilePatchGetStringLength):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        * VM/CodeBlock.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::CodeBlock::getStubInfo):
+        * VM/Machine.cpp:
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::tryCTICacheGetByID):
+        (JSC::Machine::cti_op_put_by_val_array):
+        * VM/Machine.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::cmpl_i8m):
+        (JSC::X86Assembler::emitUnlinkedJa):
+        (JSC::X86Assembler::getRelocatedAddress):
+        (JSC::X86Assembler::getDifferenceBetweenLabels):
+        (JSC::X86Assembler::emitModRm_opmsib):
+
+2008-09-14  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        - split the "prototype" lookup for hasInstance into opcode stream so it can be cached
+        
+        ~5% speedup on v8 earley-boyer test
+
+        * API/JSCallbackObject.h: Add a parameter for the pre-looked-up prototype.
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::::hasInstance): Ditto.
+        * API/JSValueRef.cpp:
+        (JSValueIsInstanceOfConstructor): Look up and pass in prototype.
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass): Pass along prototype.
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump): Print third arg.
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitInstanceOf): Implement this, now that there
+        is a third argument.
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute): Pass along the prototype.
+        (JSC::Machine::cti_op_instanceof): ditto
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::hasInstance): Expect to get a pre-looked-up prototype.
+        * kjs/JSObject.h:
+        * kjs/nodes.cpp:
+        (JSC::InstanceOfNode::emitCode): Emit a get_by_id of the prototype
+        property and pass that register to instanceof.
+        * kjs/nodes.h:
+
+2008-09-14  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Remove unnecessary virtual function call from cti_op_call_JSFunction -
+        ~5% on richards, ~2.5% on v8-tests, ~0.5% on sunspider.
+
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_op_call_JSFunction):
+
+2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20827: the 'typeof' operator is slow
+        <https://bugs.webkit.org/show_bug.cgi?id=20827>
+
+        Optimize the 'typeof' operator when its result is compared to a constant
+        string.
+
+        This is a 5.5% speedup on the V8 Earley-Boyer test.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitEqualityOp):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::jsIsObjectType):
+        (JSC::jsIsFunctionType):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_is_undefined):
+        (JSC::Machine::cti_op_is_boolean):
+        (JSC::Machine::cti_op_is_number):
+        (JSC::Machine::cti_op_is_string):
+        (JSC::Machine::cti_op_is_object):
+        (JSC::Machine::cti_op_is_function):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (JSC::BinaryOpNode::emitCode):
+        (JSC::EqualNode::emitCode):
+        (JSC::StrictEqualNode::emitCode):
+        * kjs/nodes.h:
+
+2008-09-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Patch for https://bugs.webkit.org/show_bug.cgi?id=20844
+        Speed up parseInt for numbers
+
+        Sunspider reports this as 1.029x as fast overall and 1.37x as fast on string-unpack-code.
+        No change on the v8 suite.
+
+        * kjs/JSGlobalObjectFunctions.cpp:
+        (JSC::globalFuncParseInt): Don't convert numbers to strings just to
+        convert them back to numbers.
+
+2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20816: op_lesseq should be optimized
+        <https://bugs.webkit.org/show_bug.cgi?id=20816>
+
+        Add a loop_if_lesseq opcode that is similar to the loop_if_less opcode.
+
+        This is a 9.4% speedup on the V8 Crypto benchmark.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitJumpIfTrue):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_loop_if_lesseq):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+
+2008-09-14  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Cleanup Sampling code.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitCall):
+        (JSC::CTI::privateCompileMainPass):
+        * VM/CTI.h:
+        (JSC::CTI::execute):
+        * VM/SamplingTool.cpp:
+        (JSC::):
+        (JSC::SamplingTool::run):
+        (JSC::SamplingTool::dump):
+        * VM/SamplingTool.h:
+        (JSC::SamplingTool::callingHostFunction):
+
+2008-09-13  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Bug 20821: Cache property transitions to speed up object initialization
+        https://bugs.webkit.org/show_bug.cgi?id=20821
+
+        Implement a transition cache to improve the performance of new properties
+        being added to objects.  This is extremely beneficial in constructors and
+        shows up as a 34% improvement on access-binary-trees in SunSpider (0.8%
+        overall)
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::):
+        (JSC::transitionWillNeedStorageRealloc):
+        (JSC::CTI::privateCompilePutByIdTransition):
+        * VM/CTI.h:
+        (JSC::CTI::compilePutByIdTransition):
+        * VM/CodeBlock.cpp:
+        (JSC::printPutByIdOp):
+        (JSC::CodeBlock::printStructureIDs):
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::derefStructureIDs):
+        (JSC::CodeBlock::refStructureIDs):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitPutById):
+        * VM/Machine.cpp:
+        (JSC::cachePrototypeChain):
+        (JSC::Machine::tryCachePutByID):
+        (JSC::Machine::tryCacheGetByID):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::tryCTICacheGetByID):
+        * VM/Machine.h:
+        * VM/Opcode.h:
+        * kjs/JSObject.h:
+        (JSC::JSObject::putDirect):
+        (JSC::JSObject::transitionTo):
+        * kjs/PutPropertySlot.h:
+        (JSC::PutPropertySlot::PutPropertySlot):
+        (JSC::PutPropertySlot::wasTransition):
+        (JSC::PutPropertySlot::setWasTransition):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::transitionTo):
+        (JSC::StructureIDChain::StructureIDChain):
+        * kjs/StructureID.h:
+        (JSC::StructureID::previousID):
+        (JSC::StructureID::setCachedPrototypeChain):
+        (JSC::StructureID::cachedPrototypeChain):
+        (JSC::StructureID::propertyMap):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::addl_i8m):
+        (JSC::X86Assembler::subl_i8m):
+
+2008-09-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20819: JSValue::isObject() is slow
+        <https://bugs.webkit.org/show_bug.cgi?id=20819>
+
+        Optimize JSCell::isObject() and JSCell::isString() by making them
+        non-virtual calls that rely on the StructureID type information.
+
+        This is a 0.7% speedup on SunSpider and a 1.0% speedup on the V8
+        benchmark suite.
+
+        * JavaScriptCore.exp:
+        * kjs/JSCell.cpp:
+        * kjs/JSCell.h:
+        (JSC::JSCell::isObject):
+        (JSC::JSCell::isString):
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/JSString.cpp:
+        * kjs/JSString.h:
+        (JSC::JSString::JSString):
+        * kjs/StructureID.h:
+        (JSC::StructureID::type):
+
+2008-09-11  Stephanie Lewis  <slewis@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Turn off PGO Optimization on CTI.cpp -> <rdar://problem/6207709>.  Fixes
+        crash on CNN and on Dromaeo.
+        Fix Missing close tag in vcproj. 
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+
+2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Not reviewed.
+
+        Correct an SVN problem with the last commit and actually add the new
+        files.
+
+        * wrec/CharacterClassConstructor.cpp: Added.
+        (JSC::):
+        (JSC::getCharacterClassNewline):
+        (JSC::getCharacterClassDigits):
+        (JSC::getCharacterClassSpaces):
+        (JSC::getCharacterClassWordchar):
+        (JSC::getCharacterClassNondigits):
+        (JSC::getCharacterClassNonspaces):
+        (JSC::getCharacterClassNonwordchar):
+        (JSC::CharacterClassConstructor::addSorted):
+        (JSC::CharacterClassConstructor::addSortedRange):
+        (JSC::CharacterClassConstructor::put):
+        (JSC::CharacterClassConstructor::flush):
+        (JSC::CharacterClassConstructor::append):
+        * wrec/CharacterClassConstructor.h: Added.
+        (JSC::CharacterClassConstructor::CharacterClassConstructor):
+        (JSC::CharacterClassConstructor::isUpsideDown):
+        (JSC::CharacterClassConstructor::charClass):
+
+2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20788: Split CharacterClassConstructor into its own file
+        <https://bugs.webkit.org/show_bug.cgi?id=20788>
+
+        Split CharacterClassConstructor into its own file and clean up some
+        style issues.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * wrec/CharacterClassConstructor.cpp: Added.
+        (JSC::):
+        (JSC::getCharacterClassNewline):
+        (JSC::getCharacterClassDigits):
+        (JSC::getCharacterClassSpaces):
+        (JSC::getCharacterClassWordchar):
+        (JSC::getCharacterClassNondigits):
+        (JSC::getCharacterClassNonspaces):
+        (JSC::getCharacterClassNonwordchar):
+        (JSC::CharacterClassConstructor::addSorted):
+        (JSC::CharacterClassConstructor::addSortedRange):
+        (JSC::CharacterClassConstructor::put):
+        (JSC::CharacterClassConstructor::flush):
+        (JSC::CharacterClassConstructor::append):
+        * wrec/CharacterClassConstructor.h: Added.
+        (JSC::CharacterClassConstructor::CharacterClassConstructor):
+        (JSC::CharacterClassConstructor::isUpsideDown):
+        (JSC::CharacterClassConstructor::charClass):
+        * wrec/WREC.cpp:
+        (JSC::WRECParser::parseCharacterClass):
+
+2008-09-10  Simon Hausmann  <hausmann@webkit.org>
+
+        Not reviewed but trivial one-liner for yet unused macro.
+
+        Changed PLATFORM(WINCE) to PLATFORM(WIN_CE) as requested by Mark.
+
+        (part of https://bugs.webkit.org/show_bug.cgi?id=20746)
+
+        * wtf/Platform.h:
+
+2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Fix a typo by renaming the overloaded orl_rr that takes an immediate to
+        orl_i32r.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::orl_i32r):
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generatePatternCharacter):
+        (JSC::WRECGenerator::generateCharacterClassInverted):
+
+2008-09-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Add inline property storage for JSObject.
+
+        1.2% progression on Sunspider. .5% progression on the v8 test suite.
+
+        * JavaScriptCore.exp:
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::mark): There is no reason to check storageSize now that
+        we start from 0.
+        (JSC::JSObject::allocatePropertyStorage): Allocates/reallocates heap storage.
+        * kjs/JSObject.h:
+        (JSC::JSObject::offsetForLocation): m_propertyStorage is not an OwnArrayPtr
+        now so there is no reason to .get()
+        (JSC::JSObject::usingInlineStorage):
+        (JSC::JSObject::JSObject): Start with m_propertyStorage pointing to the
+        inline storage.
+        (JSC::JSObject::~JSObject): Free the heap storage if not using the inline
+        storage.
+        (JSC::JSObject::putDirect): Switch to the heap storage only when we know
+        we know that we are about to add a property that will overflow the inline
+        storage.
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::createTable): Don't allocate the propertyStorage, that is
+        now handled by JSObject.
+        (JSC::PropertyMap::rehash): PropertyStorage is not a OwnArrayPtr anymore.
+        * kjs/PropertyMap.h:
+        (JSC::PropertyMap::storageSize): Rename from markingCount.
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::addPropertyTransition): Don't resize the property storage
+        if we are using inline storage.
+        * kjs/StructureID.h:
+
+2008-09-10  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Inline immediate number version of op_mul.
+
+        Renamed mull_rr to imull_rr as that's what it's 
+        actually doing, and added imull_i32r for the constant
+        case immediate multiply.
+
+        1.1% improvement to SunSpider.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::imull_rr):
+        (JSC::X86Assembler::imull_i32r):
+
+2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Not reviewed.
+
+        Mac build fix.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-09-09  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add optimised access to known properties on the global object.
+
+        Improve cross scope access to the global object by emitting
+        code to access it directly rather than by walking the scope chain.
+
+        This is a 0.8% win in SunSpider and a 1.7% win in the v8 benchmarks.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::emitGetVariableObjectRegister):
+        (JSC::CTI::emitPutVariableObjectRegister):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::findScopedProperty):
+        (JSC::CodeGenerator::emitResolve):
+        (JSC::CodeGenerator::emitGetScopedVar):
+        (JSC::CodeGenerator::emitPutScopedVar):
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        * VM/Opcode.h:
+        * kjs/nodes.cpp:
+        (JSC::FunctionCallResolveNode::emitCode):
+        (JSC::PostfixResolveNode::emitCode):
+        (JSC::PrefixResolveNode::emitCode):
+        (JSC::ReadModifyResolveNode::emitCode):
+        (JSC::AssignResolveNode::emitCode):
+
+2008-09-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Oliver.
+        
+        - enable polymorphic inline caching of properties of primitives
+        
+        1.012x speedup on SunSpider.
+
+        We create special structure IDs for JSString and
+        JSNumberCell. Unlike normal structure IDs, these cannot hold the
+        true prototype. Due to JS autoboxing semantics, the prototype used
+        when looking up string or number properties depends on the lexical
+        global object of the call site, not the creation site. Thus we
+        enable StructureIDs to handle this quirk for primitives.
+        
+        Everything else should be straightforward.
+        
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        * VM/CTI.h:
+        (JSC::CTI::compileGetByIdProto):
+        (JSC::CTI::compileGetByIdChain):
+        * VM/JSPropertyNameIterator.h:
+        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
+        * VM/Machine.cpp:
+        (JSC::Machine::Machine):
+        (JSC::cachePrototypeChain):
+        (JSC::Machine::tryCachePutByID):
+        (JSC::Machine::tryCacheGetByID):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::tryCTICachePutByID):
+        (JSC::Machine::tryCTICacheGetByID):
+        * kjs/GetterSetter.h:
+        (JSC::GetterSetter::GetterSetter):
+        * kjs/JSCell.h:
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.h:
+        (JSC::StructureID::prototypeForLookup):
+        * kjs/JSNumberCell.h:
+        (JSC::JSNumberCell::JSNumberCell):
+        (JSC::jsNumberCell):
+        * kjs/JSObject.h:
+        (JSC::JSObject::prototype):
+        * kjs/JSString.cpp:
+        (JSC::jsString):
+        (JSC::jsSubstring):
+        (JSC::jsOwnedString):
+        * kjs/JSString.h:
+        (JSC::JSString::JSString):
+        (JSC::JSString::):
+        (JSC::jsSingleCharacterString):
+        (JSC::jsSingleCharacterSubstring):
+        (JSC::jsNontrivialString):
+        * kjs/SmallStrings.cpp:
+        (JSC::SmallStrings::createEmptyString):
+        (JSC::SmallStrings::createSingleCharacterString):
+        * kjs/StructureID.cpp:
+        (JSC::StructureID::StructureID):
+        (JSC::StructureID::addPropertyTransition):
+        (JSC::StructureID::getterSetterTransition):
+        (JSC::StructureIDChain::StructureIDChain):
+        * kjs/StructureID.h:
+        (JSC::StructureID::create):
+        (JSC::StructureID::storedPrototype):
+
+2008-09-09  Joerg Bornemann  <joerg.bornemann@trolltech.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20746
+
+        Added WINCE platform macro.
+
+        * wtf/Platform.h:
+
+2008-09-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Remove unnecessary override of getOffset.
+
+        Sunspider reports this as a .6% progression.
+
+        * JavaScriptCore.exp:
+        * kjs/JSObject.h:
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::getOwnPropertySlotForWrite):
+        (JSC::JSObject::putDirect):
+        * kjs/PropertyMap.cpp:
+        * kjs/PropertyMap.h:
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20759: Remove MacroAssembler
+        <https://bugs.webkit.org/show_bug.cgi?id=20759>
+
+        Remove MacroAssembler and move its functionality to X86Assembler.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::emitPutArg):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutResult):
+        (JSC::CTI::emitDebugExceptionCheck):
+        (JSC::CTI::emitJumpSlowCaseIfNotImm):
+        (JSC::CTI::emitJumpSlowCaseIfNotImms):
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithReTagImmediate):
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        (JSC::CTI::emitFastArithImmToInt):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::emitFastArithIntToImmNoCheck):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateArrayLengthTrampoline):
+        (JSC::CTI::privateStringLengthTrampoline):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        (JSC::CallRecord::CallRecord):
+        (JSC::JmpTable::JmpTable):
+        (JSC::SlowCaseEntry::SlowCaseEntry):
+        (JSC::CTI::JSRInfo::JSRInfo):
+        * masm/MacroAssembler.h: Removed.
+        * masm/MacroAssemblerWin.cpp: Removed.
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::emitConvertToFastCall):
+        (JSC::X86Assembler::emitRestoreArgumentReference):
+        * wrec/WREC.h:
+        (JSC::WRECGenerator::WRECGenerator):
+        (JSC::WRECParser::WRECParser):
+
+2008-09-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Cameron Zwarich.
+
+        Don't waste the first item in the PropertyStorage.
+
+        - Fix typo (makingCount -> markingCount)
+        - Remove undefined method declaration.
+
+        No change on Sunspider.
+
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::mark):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::put):
+        (JSC::PropertyMap::remove):
+        (JSC::PropertyMap::getOffset):
+        (JSC::PropertyMap::insert):
+        (JSC::PropertyMap::rehash):
+        (JSC::PropertyMap::resizePropertyStorage):
+        (JSC::PropertyMap::checkConsistency):
+        * kjs/PropertyMap.h:
+        (JSC::PropertyMap::markingCount): Fix typo.
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Not reviewed.
+
+        Speculative Windows build fix.
+
+        * masm/MacroAssemblerWin.cpp:
+        (JSC::MacroAssembler::emitConvertToFastCall):
+        (JSC::MacroAssembler::emitRestoreArgumentReference):
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20755: Create an X86 namespace for register names and other things
+        <https://bugs.webkit.org/show_bug.cgi?id=20755>
+
+        Create an X86 namespace to put X86 register names. Perhaps I will move
+        opcode names here later as well.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::emitPutArg):
+        (JSC::CTI::emitPutArgConstant):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutResult):
+        (JSC::CTI::emitDebugExceptionCheck):
+        (JSC::CTI::emitJumpSlowCaseIfNotImms):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateArrayLengthTrampoline):
+        (JSC::CTI::privateStringLengthTrampoline):
+        (JSC::CTI::compileRegExp):
+        * VM/CTI.h:
+        * masm/X86Assembler.h:
+        (JSC::X86::):
+        (JSC::X86Assembler::emitModRm_rm):
+        (JSC::X86Assembler::emitModRm_rm_Unchecked):
+        (JSC::X86Assembler::emitModRm_rmsib):
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generateNonGreedyQuantifier):
+        (JSC::WRECGenerator::generateGreedyQuantifier):
+        (JSC::WRECGenerator::generateParentheses):
+        (JSC::WRECGenerator::generateBackreference):
+        (JSC::WRECGenerator::gernerateDisjunction):
+        * wrec/WREC.h:
+
+2008-09-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Remove unnecessary friend declaration.
+
+        * kjs/PropertyMap.h:
+
+2008-09-09  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoffrey Garen.
+
+        Replace uses of PropertyMap::get and PropertyMap::getLocation with
+        PropertyMap::getOffset.
+
+        Sunspider reports this as a .6% improvement.
+
+        * JavaScriptCore.exp:
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::put):
+        (JSC::JSObject::deleteProperty):
+        (JSC::JSObject::getPropertyAttributes):
+        * kjs/JSObject.h:
+        (JSC::JSObject::getDirect):
+        (JSC::JSObject::getDirectLocation):
+        (JSC::JSObject::locationForOffset):
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMap::remove):
+        (JSC::PropertyMap::getOffset):
+        * kjs/PropertyMap.h:
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam Weinig.
+
+        Bug 20754: Remove emit prefix from assembler opcode methods
+        <https://bugs.webkit.org/show_bug.cgi?id=20754>
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitGetArg):
+        (JSC::CTI::emitGetPutArg):
+        (JSC::CTI::emitPutArg):
+        (JSC::CTI::emitPutArgConstant):
+        (JSC::CTI::emitPutCTIParam):
+        (JSC::CTI::emitGetCTIParam):
+        (JSC::CTI::emitPutToCallFrameHeader):
+        (JSC::CTI::emitGetFromCallFrameHeader):
+        (JSC::CTI::emitPutResult):
+        (JSC::CTI::emitDebugExceptionCheck):
+        (JSC::CTI::emitCall):
+        (JSC::CTI::emitJumpSlowCaseIfNotImm):
+        (JSC::CTI::emitJumpSlowCaseIfNotImms):
+        (JSC::CTI::emitFastArithDeTagImmediate):
+        (JSC::CTI::emitFastArithReTagImmediate):
+        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
+        (JSC::CTI::emitFastArithImmToInt):
+        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
+        (JSC::CTI::emitFastArithIntToImmNoCheck):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::privateCompileGetByIdSelf):
+        (JSC::CTI::privateCompileGetByIdProto):
+        (JSC::CTI::privateCompileGetByIdChain):
+        (JSC::CTI::privateCompilePutByIdReplace):
+        (JSC::CTI::privateArrayLengthTrampoline):
+        (JSC::CTI::privateStringLengthTrampoline):
+        (JSC::CTI::compileRegExp):
+        * masm/MacroAssemblerWin.cpp:
+        (JSC::MacroAssembler::emitConvertToFastCall):
+        (JSC::MacroAssembler::emitRestoreArgumentReference):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::pushl_r):
+        (JSC::X86Assembler::pushl_m):
+        (JSC::X86Assembler::popl_r):
+        (JSC::X86Assembler::popl_m):
+        (JSC::X86Assembler::movl_rr):
+        (JSC::X86Assembler::addl_rr):
+        (JSC::X86Assembler::addl_i8r):
+        (JSC::X86Assembler::addl_i32r):
+        (JSC::X86Assembler::addl_mr):
+        (JSC::X86Assembler::andl_rr):
+        (JSC::X86Assembler::andl_i32r):
+        (JSC::X86Assembler::cmpl_i8r):
+        (JSC::X86Assembler::cmpl_rr):
+        (JSC::X86Assembler::cmpl_rm):
+        (JSC::X86Assembler::cmpl_i32r):
+        (JSC::X86Assembler::cmpl_i32m):
+        (JSC::X86Assembler::cmpw_rm):
+        (JSC::X86Assembler::orl_rr):
+        (JSC::X86Assembler::subl_rr):
+        (JSC::X86Assembler::subl_i8r):
+        (JSC::X86Assembler::subl_i32r):
+        (JSC::X86Assembler::subl_mr):
+        (JSC::X86Assembler::testl_i32r):
+        (JSC::X86Assembler::testl_rr):
+        (JSC::X86Assembler::xorl_i8r):
+        (JSC::X86Assembler::xorl_rr):
+        (JSC::X86Assembler::sarl_i8r):
+        (JSC::X86Assembler::sarl_CLr):
+        (JSC::X86Assembler::shl_i8r):
+        (JSC::X86Assembler::shll_CLr):
+        (JSC::X86Assembler::mull_rr):
+        (JSC::X86Assembler::idivl_r):
+        (JSC::X86Assembler::cdq):
+        (JSC::X86Assembler::movl_mr):
+        (JSC::X86Assembler::movzwl_mr):
+        (JSC::X86Assembler::movl_rm):
+        (JSC::X86Assembler::movl_i32r):
+        (JSC::X86Assembler::movl_i32m):
+        (JSC::X86Assembler::leal_mr):
+        (JSC::X86Assembler::ret):
+        (JSC::X86Assembler::jmp_r):
+        (JSC::X86Assembler::jmp_m):
+        (JSC::X86Assembler::call_r):
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generateBacktrack1):
+        (JSC::WRECGenerator::generateBacktrackBackreference):
+        (JSC::WRECGenerator::generateBackreferenceQuantifier):
+        (JSC::WRECGenerator::generateNonGreedyQuantifier):
+        (JSC::WRECGenerator::generateGreedyQuantifier):
+        (JSC::WRECGenerator::generatePatternCharacter):
+        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
+        (JSC::WRECGenerator::generateCharacterClassInverted):
+        (JSC::WRECGenerator::generateCharacterClass):
+        (JSC::WRECGenerator::generateParentheses):
+        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
+        (JSC::WRECGenerator::generateAssertionBOL):
+        (JSC::WRECGenerator::generateAssertionEOL):
+        (JSC::WRECGenerator::generateAssertionWordBoundary):
+        (JSC::WRECGenerator::generateBackreference):
+        (JSC::WRECGenerator::gernerateDisjunction):
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Clean up the WREC code some more.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::compileRegExp):
+        * wrec/WREC.cpp:
+        (JSC::getCharacterClassNewline):
+        (JSC::getCharacterClassDigits):
+        (JSC::getCharacterClassSpaces):
+        (JSC::getCharacterClassWordchar):
+        (JSC::getCharacterClassNondigits):
+        (JSC::getCharacterClassNonspaces):
+        (JSC::getCharacterClassNonwordchar):
+        (JSC::WRECGenerator::generateBacktrack1):
+        (JSC::WRECGenerator::generateBacktrackBackreference):
+        (JSC::WRECGenerator::generateBackreferenceQuantifier):
+        (JSC::WRECGenerator::generateNonGreedyQuantifier):
+        (JSC::WRECGenerator::generateGreedyQuantifier):
+        (JSC::WRECGenerator::generatePatternCharacter):
+        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
+        (JSC::WRECGenerator::generateCharacterClassInverted):
+        (JSC::WRECGenerator::generateCharacterClass):
+        (JSC::WRECGenerator::generateParentheses):
+        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
+        (JSC::WRECGenerator::generateAssertionBOL):
+        (JSC::WRECGenerator::generateAssertionEOL):
+        (JSC::WRECGenerator::generateAssertionWordBoundary):
+        (JSC::WRECGenerator::generateBackreference):
+        (JSC::WRECGenerator::gernerateDisjunction):
+        (JSC::WRECParser::parseCharacterClass):
+        (JSC::WRECParser::parseEscape):
+        (JSC::WRECParser::parseTerm):
+        * wrec/WREC.h:
+
+2008-09-09  Mark Rowe  <mrowe@apple.com>
+
+        Build fix, rubber-stamped by Anders Carlsson.
+
+        Silence spurious build warnings about missing format attributes on functions in Assertions.cpp.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-09-09  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Fix builds using the "debug" variant.
+
+        This reverts r36130 and tweaks Identifier to export the same symbols for Debug
+        and Release configurations.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * DerivedSources.make:
+        * JavaScriptCore.Debug.exp: Removed.
+        * JavaScriptCore.base.exp: Removed.
+        * JavaScriptCore.exp: Added.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/identifier.cpp:
+        (JSC::Identifier::addSlowCase): #ifdef the call to checkSameIdentifierTable so that
+        there is no overhead in Release builds.
+        (JSC::Identifier::checkSameIdentifierTable): Add empty functions for Release builds.
+        * kjs/identifier.h:
+        (JSC::Identifier::add): #ifdef the calls to checkSameIdentifierTable so that there is
+        no overhead in Release builds, and remove the inline definitions of checkSameIdentifierTable.
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Clean up WREC a bit to bring it closer to our coding style guidelines.
+
+        * wrec/WREC.cpp:
+        (JSC::):
+        (JSC::getCharacterClass_newline):
+        (JSC::getCharacterClass_d):
+        (JSC::getCharacterClass_s):
+        (JSC::getCharacterClass_w):
+        (JSC::getCharacterClass_D):
+        (JSC::getCharacterClass_S):
+        (JSC::getCharacterClass_W):
+        (JSC::CharacterClassConstructor::append):
+        (JSC::WRECGenerator::generateNonGreedyQuantifier):
+        (JSC::WRECGenerator::generateGreedyQuantifier):
+        (JSC::WRECGenerator::generateCharacterClassInverted):
+        (JSC::WRECParser::parseQuantifier):
+        (JSC::WRECParser::parsePatternCharacterQualifier):
+        (JSC::WRECParser::parseCharacterClassQuantifier):
+        (JSC::WRECParser::parseBackreferenceQuantifier):
+        * wrec/WREC.h:
+        (JSC::Quantifier::):
+        (JSC::Quantifier::Quantifier):
+
+2008-09-09  Jungshik Shin  <jungshik.shin@gmail.com>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Try MIME charset names before trying IANA names 
+        ( https://bugs.webkit.org/show_bug.cgi?id=17537 )
+
+        * wtf/StringExtras.h: (strcasecmp): Added.
+
+2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Mark Rowe.
+
+        Bug 20719: REGRESSION (r36135-36244): Hangs, then crashes after several seconds
+        <https://bugs.webkit.org/show_bug.cgi?id=20719>
+        <rdar://problem/6205787>
+
+        Fix a typo in the case-insensitive matching of character patterns.
+
+        * wrec/WREC.cpp:
+        (JSC::WRECGenerator::generatePatternCharacter):
+
+2008-09-09  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        - allow polymorphic inline cache to handle Math object functions and possibly other similar things
+        
+        1.012x speedup on SunSpider.
+
+        * kjs/MathObject.cpp:
+        (JSC::MathObject::getOwnPropertySlot):
+        * kjs/lookup.cpp:
+        (JSC::setUpStaticFunctionSlot):
+        * kjs/lookup.h:
+        (JSC::getStaticPropertySlot):
+
+2008-09-08  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Maciej Stachowiak and Oliver Hunt.
+
+        Split storage of properties out of the PropertyMap and into the JSObject
+        to allow sharing PropertyMap on the StructureID.  In order to get this
+        function correctly, the StructureID's transition mappings were changed to
+        transition based on property name and attribute pairs, instead of just
+        property name.
+
+        - Removes the single property optimization now that the PropertyMap is shared.
+          This will be replaced by in-lining some values on the JSObject.
+
+        This is a wash on Sunspider and a 6.7% win on the v8 test suite.
+
+        * JavaScriptCore.base.exp:
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompileGetByIdSelf): Get the storage directly off the JSObject.
+        (JSC::CTI::privateCompileGetByIdProto): Ditto.
+        (JSC::CTI::privateCompileGetByIdChain): Ditto.
+        (JSC::CTI::privateCompilePutByIdReplace): Ditto.
+        * kjs/JSObject.cpp:
+        (JSC::JSObject::mark): Mark the PropertyStorage.
+        (JSC::JSObject::put): Update to get the propertyMap of the StructureID.
+        (JSC::JSObject::deleteProperty): Ditto.
+        (JSC::JSObject::defineGetter): Return early if the property is already a getter/setter.
+        (JSC::JSObject::defineSetter): Ditto.
+        (JSC::JSObject::getPropertyAttributes): Update to get the propertyMap of the StructureID
+        (JSC::JSObject::getPropertyNames): Ditto.
+        (JSC::JSObject::removeDirect): Ditto.
+        * kjs/JSObject.h: Remove PropertyMap and add PropertyStorage.
+        (JSC::JSObject::propertyStorage): return the PropertyStorage.
+        (JSC::JSObject::getDirect): Update to get the propertyMap of the StructureID.
+        (JSC::JSObject::getDirectLocation): Ditto.
+        (JSC::JSObject::offsetForLocation): Compute location directly.
+        (JSC::JSObject::hasCustomProperties): Update to get the propertyMap of the StructureID.
+        (JSC::JSObject::hasGetterSetterProperties): Ditto.
+        (JSC::JSObject::getDirectOffset): Get by indexing into PropertyStorage.
+        (JSC::JSObject::putDirectOffset): Put by indexing into PropertyStorage.
+        (JSC::JSObject::getOwnPropertySlotForWrite): Update to get the propertyMap of the StructureID.
+        (JSC::JSObject::getOwnPropertySlot): Ditto.
+        (JSC::JSObject::putDirect): Move putting into the StructureID unless the property already exists.
+        * kjs/PropertyMap.cpp: Use the propertyStorage as the storage for the JSValues.
+        (JSC::PropertyMap::checkConsistency): 
+        (JSC::PropertyMap::operator=):
+        (JSC::PropertyMap::~PropertyMap):
+        (JSC::PropertyMap::get):
+        (JSC::PropertyMap::getLocation):
+        (JSC::PropertyMap::put):
+        (JSC::PropertyMap::getOffset):
+        (JSC::PropertyMap::insert):
+        (JSC::PropertyMap::expand):
+        (JSC::PropertyMap::rehash):
+        (JSC::PropertyMap::createTable):
+        (JSC::PropertyMap::resizePropertyStorage): Resize the storage to match the size of the map
+        (JSC::PropertyMap::remove):
+        (JSC::PropertyMap::getEnumerablePropertyNames):
+        * kjs/PropertyMap.h: 
+        (JSC::PropertyMapEntry::PropertyMapEntry):
+        (JSC::PropertyMap::isEmpty):
+        (JSC::PropertyMap::size):
+        (JSC::PropertyMap::makingCount):
+        (JSC::PropertyMap::PropertyMap):
+
+        * kjs/StructureID.cpp: 
+        (JSC::StructureID::addPropertyTransition): Transitions now are based off the property name
+        and attributes. 
+        (JSC::StructureID::toDictionaryTransition): Copy the map.
+        (JSC::StructureID::changePrototypeTransition): Copy the map.
+        (JSC::StructureID::getterSetterTransition): Copy the map.
+        (JSC::StructureID::~StructureID): 
+        * kjs/StructureID.h:
+        (JSC::TransitionTableHash::hash): Custom hash for transition map.
+        (JSC::TransitionTableHash::equal): Ditto.
+        (JSC::TransitionTableHashTraits::emptyValue): Custom traits for transition map
+        (JSC::TransitionTableHashTraits::constructDeletedValue): Ditto.
+        (JSC::TransitionTableHashTraits::isDeletedValue): Ditto.
+        (JSC::StructureID::propertyMap): Added.
+
+2008-09-08  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Bug 20694: Slow Script error pops up when running Dromaeo tests
+
+        Correct error in timeout logic where execution tick count would
+        be reset to incorrect value due to incorrect offset and indirection.
+        Codegen for the slow script dialog was factored out into a separate
+        method (emitSlowScriptCheck) rather than having multiple copies of
+        the same code.  Also added calls to generate slow script checks
+        for loop_if_less and loop_if_true opcodes.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::emitSlowScriptCheck):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+
+2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Remove references to the removed WRECompiler class.
+
+        * VM/Machine.h:
+        * wrec/WREC.h:
+
+2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Mark Rowe.
+
+        Fix the build with CTI enabled but WREC disabled.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+
+2008-09-08  Dan Bernstein  <mitz@apple.com>
+
+        - build fix
+
+        * kjs/nodes.h:
+        (JSC::StatementNode::):
+        (JSC::BlockNode::):
+
+2008-09-08  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff.
+
+       <rdar://problem/6134407> Breakpoints in for loops, while loops or
+       conditions without curly braces don't break. (19306)
+       -Statement Lists already emit debug hooks but conditionals without
+       brackets are not lists.
+
+        * kjs/nodes.cpp:
+        (KJS::IfNode::emitCode):
+        (KJS::IfElseNode::emitCode):
+        (KJS::DoWhileNode::emitCode):
+        (KJS::WhileNode::emitCode):
+        (KJS::ForNode::emitCode):
+        (KJS::ForInNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::StatementNode::):
+        (KJS::BlockNode::):
+
+2008-09-08  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Anders Carlsson.
+        
+        - Cache the code generated for eval to speed up SunSpider and web sites
+        https://bugs.webkit.org/show_bug.cgi?id=20718
+        
+        1.052x on SunSpider
+        2.29x on date-format-tofte
+        
+        Lots of real sites seem to get many hits on this cache as well,
+        including GMail, Google Spreadsheets, Slate and Digg (the last of
+        these gets over 100 hits on initial page load).
+
+        * VM/CodeBlock.h:
+        (JSC::EvalCodeCache::get):
+        * VM/Machine.cpp:
+        (JSC::Machine::callEval):
+        (JSC::Machine::privateExecute):
+        (JSC::Machine::cti_op_call_eval):
+        * VM/Machine.h:
+
+2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20711: Change KJS prefix on preprocessor macros to JSC
+        <https://bugs.webkit.org/show_bug.cgi?id=20711>
+
+        * kjs/CommonIdentifiers.cpp:
+        (JSC::CommonIdentifiers::CommonIdentifiers):
+        * kjs/CommonIdentifiers.h:
+        * kjs/PropertySlot.h:
+        (JSC::PropertySlot::getValue):
+        (JSC::PropertySlot::putValue):
+        (JSC::PropertySlot::setValueSlot):
+        (JSC::PropertySlot::setValue):
+        (JSC::PropertySlot::setRegisterSlot):
+        * kjs/lookup.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        (JSC::Node::):
+        (JSC::ExpressionNode::):
+        (JSC::StatementNode::):
+        (JSC::NullNode::):
+        (JSC::BooleanNode::):
+        (JSC::NumberNode::):
+        (JSC::ImmediateNumberNode::):
+        (JSC::StringNode::):
+        (JSC::RegExpNode::):
+        (JSC::ThisNode::):
+        (JSC::ResolveNode::):
+        (JSC::ElementNode::):
+        (JSC::ArrayNode::):
+        (JSC::PropertyNode::):
+        (JSC::PropertyListNode::):
+        (JSC::ObjectLiteralNode::):
+        (JSC::BracketAccessorNode::):
+        (JSC::DotAccessorNode::):
+        (JSC::ArgumentListNode::):
+        (JSC::ArgumentsNode::):
+        (JSC::NewExprNode::):
+        (JSC::EvalFunctionCallNode::):
+        (JSC::FunctionCallValueNode::):
+        (JSC::FunctionCallResolveNode::):
+        (JSC::FunctionCallBracketNode::):
+        (JSC::FunctionCallDotNode::):
+        (JSC::PrePostResolveNode::):
+        (JSC::PostfixResolveNode::):
+        (JSC::PostfixBracketNode::):
+        (JSC::PostfixDotNode::):
+        (JSC::PostfixErrorNode::):
+        (JSC::DeleteResolveNode::):
+        (JSC::DeleteBracketNode::):
+        (JSC::DeleteDotNode::):
+        (JSC::DeleteValueNode::):
+        (JSC::VoidNode::):
+        (JSC::TypeOfResolveNode::):
+        (JSC::TypeOfValueNode::):
+        (JSC::PrefixResolveNode::):
+        (JSC::PrefixBracketNode::):
+        (JSC::PrefixDotNode::):
+        (JSC::PrefixErrorNode::):
+        (JSC::UnaryPlusNode::):
+        (JSC::NegateNode::):
+        (JSC::BitwiseNotNode::):
+        (JSC::LogicalNotNode::):
+        (JSC::MultNode::):
+        (JSC::DivNode::):
+        (JSC::ModNode::):
+        (JSC::AddNode::):
+        (JSC::SubNode::):
+        (JSC::LeftShiftNode::):
+        (JSC::RightShiftNode::):
+        (JSC::UnsignedRightShiftNode::):
+        (JSC::LessNode::):
+        (JSC::GreaterNode::):
+        (JSC::LessEqNode::):
+        (JSC::GreaterEqNode::):
+        (JSC::ThrowableBinaryOpNode::):
+        (JSC::InstanceOfNode::):
+        (JSC::InNode::):
+        (JSC::EqualNode::):
+        (JSC::NotEqualNode::):
+        (JSC::StrictEqualNode::):
+        (JSC::NotStrictEqualNode::):
+        (JSC::BitAndNode::):
+        (JSC::BitOrNode::):
+        (JSC::BitXOrNode::):
+        (JSC::LogicalOpNode::):
+        (JSC::ConditionalNode::):
+        (JSC::ReadModifyResolveNode::):
+        (JSC::AssignResolveNode::):
+        (JSC::ReadModifyBracketNode::):
+        (JSC::AssignBracketNode::):
+        (JSC::AssignDotNode::):
+        (JSC::ReadModifyDotNode::):
+        (JSC::AssignErrorNode::):
+        (JSC::CommaNode::):
+        (JSC::VarDeclCommaNode::):
+        (JSC::ConstDeclNode::):
+        (JSC::ConstStatementNode::):
+        (JSC::EmptyStatementNode::):
+        (JSC::DebuggerStatementNode::):
+        (JSC::ExprStatementNode::):
+        (JSC::VarStatementNode::):
+        (JSC::IfNode::):
+        (JSC::IfElseNode::):
+        (JSC::DoWhileNode::):
+        (JSC::WhileNode::):
+        (JSC::ForNode::):
+        (JSC::ContinueNode::):
+        (JSC::BreakNode::):
+        (JSC::ReturnNode::):
+        (JSC::WithNode::):
+        (JSC::LabelNode::):
+        (JSC::ThrowNode::):
+        (JSC::TryNode::):
+        (JSC::ParameterNode::):
+        (JSC::ScopeNode::):
+        (JSC::ProgramNode::):
+        (JSC::EvalNode::):
+        (JSC::FunctionBodyNode::):
+        (JSC::FuncExprNode::):
+        (JSC::FuncDeclNode::):
+        (JSC::CaseClauseNode::):
+        (JSC::ClauseListNode::):
+        (JSC::CaseBlockNode::):
+        (JSC::SwitchNode::):
+
+2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20704: Replace the KJS namespace
+        <https://bugs.webkit.org/show_bug.cgi?id=20704>
+
+        Rename the KJS namespace to JSC. There are still some uses of KJS in
+        preprocessor macros and comments, but these will also be changed some
+        time in the near future.
+
+        * API/APICast.h:
+        (toJS):
+        (toRef):
+        (toGlobalRef):
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.cpp:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::staticValues):
+        (OpaqueJSClass::staticFunctions):
+        * API/JSClassRef.h:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSProfilerPrivate.cpp:
+        * API/JSStringRef.cpp:
+        * API/JSValueRef.cpp:
+        (JSValueGetType):
+        * API/OpaqueJSString.cpp:
+        * API/OpaqueJSString.h:
+        * JavaScriptCore.Debug.exp:
+        * JavaScriptCore.base.exp:
+        * VM/CTI.cpp:
+        (JSC::):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        * VM/CodeGenerator.h:
+        * VM/ExceptionHelpers.cpp:
+        * VM/ExceptionHelpers.h:
+        * VM/Instruction.h:
+        * VM/JSPropertyNameIterator.cpp:
+        * VM/JSPropertyNameIterator.h:
+        * VM/LabelID.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * VM/Opcode.cpp:
+        * VM/Opcode.h:
+        * VM/Register.h:
+        (WTF::):
+        * VM/RegisterFile.cpp:
+        * VM/RegisterFile.h:
+        * VM/RegisterID.h:
+        (WTF::):
+        * VM/SamplingTool.cpp:
+        * VM/SamplingTool.h:
+        * VM/SegmentedVector.h:
+        * kjs/ArgList.cpp:
+        * kjs/ArgList.h:
+        * kjs/Arguments.cpp:
+        * kjs/Arguments.h:
+        * kjs/ArrayConstructor.cpp:
+        * kjs/ArrayConstructor.h:
+        * kjs/ArrayPrototype.cpp:
+        * kjs/ArrayPrototype.h:
+        * kjs/BatchedTransitionOptimizer.h:
+        * kjs/BooleanConstructor.cpp:
+        * kjs/BooleanConstructor.h:
+        * kjs/BooleanObject.cpp:
+        * kjs/BooleanObject.h:
+        * kjs/BooleanPrototype.cpp:
+        * kjs/BooleanPrototype.h:
+        * kjs/CallData.cpp:
+        * kjs/CallData.h:
+        * kjs/ClassInfo.h:
+        * kjs/CommonIdentifiers.cpp:
+        * kjs/CommonIdentifiers.h:
+        * kjs/ConstructData.cpp:
+        * kjs/ConstructData.h:
+        * kjs/DateConstructor.cpp:
+        * kjs/DateConstructor.h:
+        * kjs/DateInstance.cpp:
+        (JSC::DateInstance::msToGregorianDateTime):
+        * kjs/DateInstance.h:
+        * kjs/DateMath.cpp:
+        * kjs/DateMath.h:
+        * kjs/DatePrototype.cpp:
+        * kjs/DatePrototype.h:
+        * kjs/DebuggerCallFrame.cpp:
+        * kjs/DebuggerCallFrame.h:
+        * kjs/Error.cpp:
+        * kjs/Error.h:
+        * kjs/ErrorConstructor.cpp:
+        * kjs/ErrorConstructor.h:
+        * kjs/ErrorInstance.cpp:
+        * kjs/ErrorInstance.h:
+        * kjs/ErrorPrototype.cpp:
+        * kjs/ErrorPrototype.h:
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h:
+        * kjs/FunctionConstructor.cpp:
+        * kjs/FunctionConstructor.h:
+        * kjs/FunctionPrototype.cpp:
+        * kjs/FunctionPrototype.h:
+        * kjs/GetterSetter.cpp:
+        * kjs/GetterSetter.h:
+        * kjs/GlobalEvalFunction.cpp:
+        * kjs/GlobalEvalFunction.h:
+        * kjs/IndexToNameMap.cpp:
+        * kjs/IndexToNameMap.h:
+        * kjs/InitializeThreading.cpp:
+        * kjs/InitializeThreading.h:
+        * kjs/InternalFunction.cpp:
+        * kjs/InternalFunction.h:
+        (JSC::InternalFunction::InternalFunction):
+        * kjs/JSActivation.cpp:
+        * kjs/JSActivation.h:
+        * kjs/JSArray.cpp:
+        * kjs/JSArray.h:
+        * kjs/JSCell.cpp:
+        * kjs/JSCell.h:
+        * kjs/JSFunction.cpp:
+        * kjs/JSFunction.h:
+        (JSC::JSFunction::JSFunction):
+        * kjs/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData):
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        * kjs/JSGlobalObject.h:
+        * kjs/JSGlobalObjectFunctions.cpp:
+        * kjs/JSGlobalObjectFunctions.h:
+        * kjs/JSImmediate.cpp:
+        * kjs/JSImmediate.h:
+        * kjs/JSLock.cpp:
+        * kjs/JSLock.h:
+        * kjs/JSNotAnObject.cpp:
+        * kjs/JSNotAnObject.h:
+        * kjs/JSNumberCell.cpp:
+        * kjs/JSNumberCell.h:
+        * kjs/JSObject.cpp:
+        * kjs/JSObject.h:
+        * kjs/JSStaticScopeObject.cpp:
+        * kjs/JSStaticScopeObject.h:
+        * kjs/JSString.cpp:
+        * kjs/JSString.h:
+        * kjs/JSType.h:
+        * kjs/JSValue.cpp:
+        * kjs/JSValue.h:
+        * kjs/JSVariableObject.cpp:
+        * kjs/JSVariableObject.h:
+        * kjs/JSWrapperObject.cpp:
+        * kjs/JSWrapperObject.h:
+        * kjs/LabelStack.cpp:
+        * kjs/LabelStack.h:
+        * kjs/MathObject.cpp:
+        * kjs/MathObject.h:
+        * kjs/NativeErrorConstructor.cpp:
+        * kjs/NativeErrorConstructor.h:
+        * kjs/NativeErrorPrototype.cpp:
+        * kjs/NativeErrorPrototype.h:
+        * kjs/NodeInfo.h:
+        * kjs/NumberConstructor.cpp:
+        * kjs/NumberConstructor.h:
+        * kjs/NumberObject.cpp:
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.cpp:
+        * kjs/NumberPrototype.h:
+        * kjs/ObjectConstructor.cpp:
+        * kjs/ObjectConstructor.h:
+        * kjs/ObjectPrototype.cpp:
+        * kjs/ObjectPrototype.h:
+        * kjs/Parser.cpp:
+        * kjs/Parser.h:
+        * kjs/PropertyMap.cpp:
+        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
+        * kjs/PropertyMap.h:
+        * kjs/PropertyNameArray.cpp:
+        * kjs/PropertyNameArray.h:
+        * kjs/PropertySlot.cpp:
+        * kjs/PropertySlot.h:
+        * kjs/PrototypeFunction.cpp:
+        * kjs/PrototypeFunction.h:
+        * kjs/PutPropertySlot.h:
+        * kjs/RegExpConstructor.cpp:
+        * kjs/RegExpConstructor.h:
+        * kjs/RegExpObject.cpp:
+        * kjs/RegExpObject.h:
+        * kjs/RegExpPrototype.cpp:
+        * kjs/RegExpPrototype.h:
+        * kjs/ScopeChain.cpp:
+        * kjs/ScopeChain.h:
+        * kjs/ScopeChainMark.h:
+        * kjs/Shell.cpp:
+        (jscmain):
+        * kjs/SmallStrings.cpp:
+        * kjs/SmallStrings.h:
+        * kjs/SourceProvider.h:
+        * kjs/SourceRange.h:
+        * kjs/StringConstructor.cpp:
+        * kjs/StringConstructor.h:
+        * kjs/StringObject.cpp:
+        * kjs/StringObject.h:
+        * kjs/StringObjectThatMasqueradesAsUndefined.h:
+        * kjs/StringPrototype.cpp:
+        * kjs/StringPrototype.h:
+        * kjs/StructureID.cpp:
+        * kjs/StructureID.h:
+        * kjs/SymbolTable.h:
+        * kjs/collector.cpp:
+        * kjs/collector.h:
+        * kjs/completion.h:
+        * kjs/create_hash_table:
+        * kjs/debugger.cpp:
+        * kjs/debugger.h:
+        * kjs/dtoa.cpp:
+        * kjs/dtoa.h:
+        * kjs/grammar.y:
+        * kjs/identifier.cpp:
+        * kjs/identifier.h:
+        (JSC::Identifier::equal):
+        * kjs/interpreter.cpp:
+        * kjs/interpreter.h:
+        * kjs/lexer.cpp:
+        (JSC::Lexer::Lexer):
+        (JSC::Lexer::clear):
+        (JSC::Lexer::makeIdentifier):
+        * kjs/lexer.h:
+        * kjs/lookup.cpp:
+        * kjs/lookup.h:
+        * kjs/nodes.cpp:
+        * kjs/nodes.h:
+        * kjs/nodes2string.cpp:
+        * kjs/operations.cpp:
+        * kjs/operations.h:
+        * kjs/protect.h:
+        * kjs/regexp.cpp:
+        * kjs/regexp.h:
+        * kjs/ustring.cpp:
+        * kjs/ustring.h:
+        (JSC::operator!=):
+        (JSC::IdentifierRepHash::hash):
+        (WTF::):
+        * masm/MacroAssembler.h:
+        * masm/MacroAssemblerWin.cpp:
+        * masm/X86Assembler.h:
+        * pcre/pcre_exec.cpp:
+        * profiler/CallIdentifier.h:
+        (WTF::):
+        * profiler/HeavyProfile.cpp:
+        * profiler/HeavyProfile.h:
+        * profiler/Profile.cpp:
+        * profiler/Profile.h:
+        * profiler/ProfileGenerator.cpp:
+        * profiler/ProfileGenerator.h:
+        * profiler/ProfileNode.cpp:
+        * profiler/ProfileNode.h:
+        * profiler/Profiler.cpp:
+        * profiler/Profiler.h:
+        * profiler/TreeProfile.cpp:
+        * profiler/TreeProfile.h:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+        * wtf/AVLTree.h:
+
+2008-09-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dan Bernstein.
+        
+        - rename IA32MacroAssembler class to X86Assembler
+        
+        We otherwise call the platform X86, and also, I don't see any macros.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * masm/IA32MacroAsm.h: Removed.
+        * masm/MacroAssembler.h:
+        (KJS::MacroAssembler::MacroAssembler):
+        * masm/MacroAssemblerWin.cpp:
+        (KJS::MacroAssembler::emitRestoreArgumentReference):
+        * masm/X86Assembler.h: Copied from masm/IA32MacroAsm.h.
+        (KJS::X86Assembler::X86Assembler):
+        * wrec/WREC.cpp:
+        (KJS::WRECGenerator::generateNonGreedyQuantifier):
+        (KJS::WRECGenerator::generateGreedyQuantifier):
+        (KJS::WRECGenerator::generateParentheses):
+        (KJS::WRECGenerator::generateBackreference):
+        (KJS::WRECGenerator::gernerateDisjunction):
+        * wrec/WREC.h:
+
+2008-09-07  Cameron Zwarich  <cwzwarich@webkit.org>
+
+        Not reviewed.
+
+        Visual C++ seems to have some odd casting rules, so just convert the
+        offending cast back to a C-style cast for now.
+
+        * kjs/collector.cpp:
+        (KJS::otherThreadStackPointer):
+
+2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Mark Rowe.
+
+        Attempt to fix the Windows build by using a const_cast to cast regs.Esp
+        to a uintptr_t instead of a reinterpret_cast.
+
+        * kjs/collector.cpp:
+        (KJS::otherThreadStackPointer):
+
+2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Sam Weinig.
+
+        Remove C-style casts from kjs/collector.cpp.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::heapAllocate):
+        (KJS::currentThreadStackBase):
+        (KJS::Heap::markConservatively):
+        (KJS::otherThreadStackPointer):
+        (KJS::Heap::markOtherThreadConservatively):
+        (KJS::Heap::sweep):
+
+2008-09-07  Mark Rowe  <mrowe@apple.com>
+
+        Build fix for the debug variant.
+
+        * DerivedSources.make: Also use the .Debug.exp exports file when building the debug variant.
+
+2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Timothy Hatcher.
+
+        Remove C-style casts from the CTI code.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitGetArg):
+        (KJS::CTI::emitGetPutArg):
+        (KJS::ctiRepatchCallByReturnAddress):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompileMainPass):
+        (KJS::CTI::privateCompileGetByIdSelf):
+        (KJS::CTI::privateCompileGetByIdProto):
+        (KJS::CTI::privateCompileGetByIdChain):
+        (KJS::CTI::privateCompilePutByIdReplace):
+        (KJS::CTI::privateArrayLengthTrampoline):
+        (KJS::CTI::privateStringLengthTrampoline):
+
+=== End merge of squirrelfish-extreme ===
+
+2008-09-06  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig. Adapted somewhat by Maciej Stachowiak.
+        
+        - refactor WREC to share more of the JIT infrastructure with CTI
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitGetArg):
+        (KJS::CTI::emitGetPutArg):
+        (KJS::CTI::emitPutArg):
+        (KJS::CTI::emitPutArgConstant):
+        (KJS::CTI::emitPutCTIParam):
+        (KJS::CTI::emitGetCTIParam):
+        (KJS::CTI::emitPutToCallFrameHeader):
+        (KJS::CTI::emitGetFromCallFrameHeader):
+        (KJS::CTI::emitPutResult):
+        (KJS::CTI::emitDebugExceptionCheck):
+        (KJS::CTI::emitJumpSlowCaseIfNotImm):
+        (KJS::CTI::emitJumpSlowCaseIfNotImms):
+        (KJS::CTI::emitFastArithDeTagImmediate):
+        (KJS::CTI::emitFastArithReTagImmediate):
+        (KJS::CTI::emitFastArithPotentiallyReTagImmediate):
+        (KJS::CTI::emitFastArithImmToInt):
+        (KJS::CTI::emitFastArithIntToImmOrSlowCase):
+        (KJS::CTI::emitFastArithIntToImmNoCheck):
+        (KJS::CTI::CTI):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompileMainPass):
+        (KJS::CTI::privateCompileSlowCases):
+        (KJS::CTI::privateCompile):
+        (KJS::CTI::privateCompileGetByIdSelf):
+        (KJS::CTI::privateCompileGetByIdProto):
+        (KJS::CTI::privateCompileGetByIdChain):
+        (KJS::CTI::privateCompilePutByIdReplace):
+        (KJS::CTI::privateArrayLengthTrampoline):
+        (KJS::CTI::privateStringLengthTrampoline):
+        (KJS::CTI::compileRegExp):
+        * VM/CTI.h:
+        (KJS::CallRecord::CallRecord):
+        (KJS::JmpTable::JmpTable):
+        (KJS::SlowCaseEntry::SlowCaseEntry):
+        (KJS::CTI::JSRInfo::JSRInfo):
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        * wrec/WREC.cpp:
+        (KJS::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
+        (KJS::GeneratePatternCharacterFunctor::generateAtom):
+        (KJS::GeneratePatternCharacterFunctor::backtrack):
+        (KJS::GenerateCharacterClassFunctor::generateAtom):
+        (KJS::GenerateCharacterClassFunctor::backtrack):
+        (KJS::GenerateBackreferenceFunctor::generateAtom):
+        (KJS::GenerateBackreferenceFunctor::backtrack):
+        (KJS::GenerateParenthesesNonGreedyFunctor::generateAtom):
+        (KJS::GenerateParenthesesNonGreedyFunctor::backtrack):
+        (KJS::WRECGenerate::generateBacktrack1):
+        (KJS::WRECGenerate::generateBacktrackBackreference):
+        (KJS::WRECGenerate::generateBackreferenceQuantifier):
+        (KJS::WRECGenerate::generateNonGreedyQuantifier):
+        (KJS::WRECGenerate::generateGreedyQuantifier):
+        (KJS::WRECGenerate::generatePatternCharacter):
+        (KJS::WRECGenerate::generateCharacterClassInvertedRange):
+        (KJS::WRECGenerate::generateCharacterClassInverted):
+        (KJS::WRECGenerate::generateCharacterClass):
+        (KJS::WRECGenerate::generateParentheses):
+        (KJS::WRECGenerate::generateParenthesesNonGreedy):
+        (KJS::WRECGenerate::gererateParenthesesResetTrampoline):
+        (KJS::WRECGenerate::generateAssertionBOL):
+        (KJS::WRECGenerate::generateAssertionEOL):
+        (KJS::WRECGenerate::generateAssertionWordBoundary):
+        (KJS::WRECGenerate::generateBackreference):
+        (KJS::WRECGenerate::gernerateDisjunction):
+        (KJS::WRECGenerate::terminateDisjunction):
+        (KJS::WRECParser::parseGreedyQuantifier):
+        (KJS::WRECParser::parseQuantifier):
+        (KJS::WRECParser::parsePatternCharacterQualifier):
+        (KJS::WRECParser::parseCharacterClassQuantifier):
+        (KJS::WRECParser::parseBackreferenceQuantifier):
+        (KJS::WRECParser::parseParentheses):
+        (KJS::WRECParser::parseCharacterClass):
+        (KJS::WRECParser::parseOctalEscape):
+        (KJS::WRECParser::parseEscape):
+        (KJS::WRECParser::parseTerm):
+        (KJS::WRECParser::parseDisjunction):
+        * wrec/WREC.h:
+        (KJS::WRECGenerate::WRECGenerate):
+        (KJS::WRECParser::):
+        (KJS::WRECParser::WRECParser):
+        (KJS::WRECParser::parseAlternative):
+        (KJS::WRECParser::isEndOfPattern):
+
+2008-09-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by NOBODY (Build fix).
+
+        Fix the sampler build.
+
+        * VM/SamplingTool.h:
+
+2008-09-06  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Jump through the necessary hoops required to make MSVC cooperate with SFX
+
+        We now explicitly declare the calling convention on all cti_op_* cfunctions,
+        and return int instead of bool where appropriate (despite the cdecl calling
+        convention seems to state MSVC generates code that returns the result value
+        through ecx).  SFX behaves slightly differently under MSVC, specifically it
+        stores the base argument address for the cti_op_* functions in the first
+        argument, and then does the required stack manipulation through that pointer.
+        This is necessary as MSVC's optimisations assume they have complete control
+        of the stack, and periodically elide our stack manipulations, or move
+        values in unexpected ways.  MSVC also frequently produces tail calls which may
+        clobber the first argument, so the MSVC path is slightly less efficient due
+        to the need to restore it.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        (KJS::):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompileMainPass):
+        (KJS::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * masm/MacroAssembler.h:
+        (KJS::MacroAssembler::emitConvertToFastCall):
+        * masm/MacroAssemblerIA32GCC.cpp: Removed.
+           For performance reasons we need these no-op functions to be inlined.
+
+        * masm/MacroAssemblerWin.cpp:
+        (KJS::MacroAssembler::emitRestoreArgumentReference):
+        * wtf/Platform.h:
+
+2008-09-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Maciej Stachowiak, or maybe the other way around.
+        
+        Added the ability to coalesce JITCode buffer grow operations by first
+        growing the buffer and then executing unchecked puts to it.
+        
+        About a 2% speedup on date-format-tofte.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::compileOpCall):
+        * masm/IA32MacroAsm.h:
+        (KJS::JITCodeBuffer::ensureSpace):
+        (KJS::JITCodeBuffer::putByteUnchecked):
+        (KJS::JITCodeBuffer::putByte):
+        (KJS::JITCodeBuffer::putShortUnchecked):
+        (KJS::JITCodeBuffer::putShort):
+        (KJS::JITCodeBuffer::putIntUnchecked):
+        (KJS::JITCodeBuffer::putInt):
+        (KJS::IA32MacroAssembler::emitTestl_i32r):
+        (KJS::IA32MacroAssembler::emitMovl_mr):
+        (KJS::IA32MacroAssembler::emitMovl_rm):
+        (KJS::IA32MacroAssembler::emitMovl_i32m):
+        (KJS::IA32MacroAssembler::emitUnlinkedJe):
+        (KJS::IA32MacroAssembler::emitModRm_rr):
+        (KJS::IA32MacroAssembler::emitModRm_rr_Unchecked):
+        (KJS::IA32MacroAssembler::emitModRm_rm_Unchecked):
+        (KJS::IA32MacroAssembler::emitModRm_rm):
+        (KJS::IA32MacroAssembler::emitModRm_opr):
+        (KJS::IA32MacroAssembler::emitModRm_opr_Unchecked):
+        (KJS::IA32MacroAssembler::emitModRm_opm_Unchecked):
+
+2008-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Disable WREC and CTI on platforms that we have not yet had a chance to test with.
+
+        * wtf/Platform.h:
+
+2008-09-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Use jo instead of a mask compare when fetching array.length and
+        string.length. 4% speedup on array.length / string.length torture
+        test.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateArrayLengthTrampoline):
+        (KJS::CTI::privateStringLengthTrampoline):
+
+2008-09-05  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Removed a CTI compilation pass by recording labels during bytecode
+        generation. This is more to reduce complexity than it is to improve
+        performance.
+
+        SunSpider reports no change.
+
+        CodeBlock now keeps a "labels" set, which holds the offsets of all the
+        instructions that can be jumped to.
+
+        * VM/CTI.cpp: Nixed a pass.
+
+        * VM/CodeBlock.h: Added a "labels" set.
+
+        * VM/LabelID.h: No need for a special LableID for holding jump
+        destinations, since the CodeBlock now knows all jump destinations.
+
+        * wtf/HashTraits.h: New hash traits to accomodate putting offset 0 in
+        the set.
+
+        * kjs/nodes.cpp:
+        (KJS::TryNode::emitCode): Emit a dummy label to record sret targets.
+
+2008-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt and Gavin Barraclough.
+
+        Move the JITCodeBuffer onto Machine and remove the static variables.
+
+        * VM/CTI.cpp: Initialize m_jit with the Machine's code buffer.
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine): Allocate a JITCodeBuffer.
+        * VM/Machine.h:
+        * kjs/RegExpConstructor.cpp:
+        (KJS::constructRegExp): Pass the ExecState through.
+        * kjs/RegExpPrototype.cpp:
+        (KJS::regExpProtoFuncCompile): Ditto.
+        * kjs/StringPrototype.cpp:
+        (KJS::stringProtoFuncMatch): Ditto.
+        (KJS::stringProtoFuncSearch): Ditto.
+        * kjs/nodes.cpp:
+        (KJS::RegExpNode::emitCode): Compile the pattern at code generation time
+        so that we have access to an ExecState.
+        * kjs/nodes.h:
+        (KJS::RegExpNode::):
+        * kjs/nodes2string.cpp:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp): Pass the ExecState through.
+        (KJS::RegExp::create): Ditto.
+        * kjs/regexp.h:
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::IA32MacroAssembler): Reset the JITCodeBuffer when we are
+        constructed.
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::compile): Retrieve the JITCodeBuffer from the Machine.
+        * wrec/WREC.h:
+
+2008-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt and Gavin Barraclough.
+
+        Fix the build when CTI is disabled.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::~CodeBlock):
+        * VM/CodeGenerator.cpp:
+        (KJS::prepareJumpTableForStringSwitch):
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine):
+        (KJS::Machine::~Machine):
+
+2008-09-05  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Mark Rowe.
+
+        Fix some windows abi issues.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompileMainPass):
+        (KJS::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        (KJS::CallRecord::CallRecord):
+        (KJS::):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_post_inc):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_post_dec):
+        * VM/Machine.h:
+
+2008-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix ecma/FunctionObjects/15.3.5.3.js after I broke it in r93.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_call_NotJSFunction): Restore m_callFrame to the correct value after making the native call.
+        (KJS::Machine::cti_op_construct_NotJSConstruct): Ditto.
+
+2008-09-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Fix fast/dom/Window/console-functions.html.
+
+        The call frame on the ExecState was not being updated on calls into native functions.  This meant that functions
+        such as console.log would use the line number of the last JS function on the call stack.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_call_NotJSFunction): Update the ExecState's call frame before making a native function call,
+        and restore it when the function is done.
+        (KJS::Machine::cti_op_construct_NotJSConstruct): Ditto.
+
+2008-09-05  Oliver Hunt  <oliver@apple.com>
+
+        Start bringing up SFX on windows.
+
+        Reviewed by Mark Rowe and Sam Weinig
+
+        Start doing the work to bring up SFX on windows.  Initially
+        just working on WREC, as it does not make any calls so reduces
+        the amount of code that needs to be corrected.
+        
+        Start abstracting the CTI JIT codegen engine.
+
+        * ChangeLog:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        * masm/IA32MacroAsm.h:
+        * masm/MacroAssembler.h: Added.
+        (KJS::MacroAssembler::MacroAssembler):
+        * masm/MacroAssemblerIA32GCC.cpp: Added.
+        (KJS::MacroAssembler::emitConvertToFastCall):
+        * masm/MacroAssemblerWin.cpp: Added.
+        (KJS::MacroAssembler::emitConvertToFastCall):
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseGreedyQuantifier):
+        (KJS::WRECompiler::parseCharacterClass):
+        (KJS::WRECompiler::parseEscape):
+        (KJS::WRECompiler::compilePattern):
+        * wrec/WREC.h:
+
+2008-09-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Support for slow scripts (timeout checking).
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompileMainPass):
+        (KJS::CTI::privateCompile):
+        * VM/Machine.cpp:
+        (KJS::slideRegisterWindowForCall):
+        (KJS::Machine::cti_timeout_check):
+        (KJS::Machine::cti_vm_throw):
+
+2008-09-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Third round of style cleanup.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * kjs/ExecState.h:
+
+2008-09-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Jon Honeycutt.
+
+        Second round of style cleanup.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * wrec/WREC.h:
+
+2008-09-04  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        First round of style cleanup.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * masm/IA32MacroAsm.h:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+
+2008-09-04  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Mark Rowe.
+        
+        Merged http://trac.webkit.org/changeset/36081 to work with CTI.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::tryCtiCacheGetByID):
+
+2008-09-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Enable profiling in CTI.
+
+        * VM/CTI.h:
+        (KJS::):
+        (KJS::CTI::execute):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_call_JSFunction):
+        (KJS::Machine::cti_op_call_NotJSFunction):
+        (KJS::Machine::cti_op_ret):
+        (KJS::Machine::cti_op_construct_JSConstruct):
+        (KJS::Machine::cti_op_construct_NotJSConstruct):
+
+2008-09-04  Victor Hernandez  <vhernandez@apple.com>
+
+        Reviewed by Geoffrey Garen.
+        
+        Fixed an #if to support using WREC without CTI.
+
+        * kjs/regexp.cpp:
+        (KJS::RegExp::match):
+
+2008-09-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        The array/string length trampolines are owned by the Machine, not the codeblock that compiled them.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateArrayLengthTrampoline):
+        (KJS::CTI::privateStringLengthTrampoline):
+        * VM/Machine.cpp:
+        (KJS::Machine::~Machine):
+        * VM/Machine.h:
+
+2008-09-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough and Sam Weinig.
+
+        Fix a crash on launch of jsc when GuardMalloc is enabled.
+
+        * kjs/ScopeChain.h:
+        (KJS::ScopeChain::ScopeChain): Initialize m_node to 0 when we have no valid scope chain.
+        (KJS::ScopeChain::~ScopeChain): Null-check m_node before calling deref.
+
+2008-09-03  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Fix inspector and fast array access so that it bounds
+        checks correctly.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main):
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::):
+        (KJS::IA32MacroAssembler::emitUnlinkedJb):
+        (KJS::IA32MacroAssembler::emitUnlinkedJbe):
+
+2008-09-03  Mark Rowe  <mrowe@apple.com>
+
+        Move the assertion after the InitializeAndReturn block, as
+        that is used even when CTI is enabled.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-09-03  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Replace calls to exit with ASSERT_WITH_MESSAGE or ASSERT_NOT_REACHED.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::cti_vm_throw):
+
+2008-09-03  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Tweak JavaScriptCore to compile on non-x86 platforms.  This is achieved
+        by wrapping more code with ENABLE(CTI), ENABLE(WREC), and PLATFORM(X86)
+        #if's.
+
+        * VM/CTI.cpp:
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::printStructureIDs): Use %td as the format specifier for
+        printing a ptrdiff_t.
+        * VM/Machine.cpp:
+        * VM/Machine.h:
+        * kjs/regexp.cpp:
+        (KJS::RegExp::RegExp):
+        (KJS::RegExp::~RegExp):
+        (KJS::RegExp::match):
+        * kjs/regexp.h:
+        * masm/IA32MacroAsm.h:
+        * wrec/WREC.cpp:
+        * wrec/WREC.h:
+        * wtf/Platform.h: Only enable CTI and WREC on x86.  Add an extra define to
+        track whether any MASM-using features are enabled.
+
+2008-09-03  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Copy Geoff's array/string length optimization for CTI.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateArrayLengthTrampoline):
+        (KJS::CTI::privateStringLengthTrampoline):
+        * VM/CTI.h:
+        (KJS::CTI::compileArrayLengthTrampoline):
+        (KJS::CTI::compileStringLengthTrampoline):
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine):
+        (KJS::Machine::getCtiArrayLengthTrampoline):
+        (KJS::Machine::getCtiStringLengthTrampoline):
+        (KJS::Machine::tryCtiCacheGetByID):
+        (KJS::Machine::cti_op_get_by_id_second):
+        * VM/Machine.h:
+        * kjs/JSString.h:
+        * kjs/ustring.h:
+
+2008-09-03  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Implement fast array accesses in CTI - 2-3% progression on sunspider.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitFastArithIntToImmNoCheck):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        * VM/CTI.h:
+        * kjs/JSArray.h:
+
+2008-09-02  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Enable fast property access support in CTI.
+
+        * VM/CTI.cpp:
+        (KJS::ctiSetReturnAddress):
+        (KJS::ctiRepatchCallByReturnAddress):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        (KJS::CTI::privateCompileGetByIdSelf):
+        (KJS::CTI::privateCompileGetByIdProto):
+        (KJS::CTI::privateCompileGetByIdChain):
+        (KJS::CTI::privateCompilePutByIdReplace):
+        * VM/CTI.h:
+        (KJS::CTI::compileGetByIdSelf):
+        (KJS::CTI::compileGetByIdProto):
+        (KJS::CTI::compileGetByIdChain):
+        (KJS::CTI::compilePutByIdReplace):
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::~CodeBlock):
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+        (KJS::doSetReturnAddressVmThrowTrampoline):
+        (KJS::Machine::tryCtiCachePutByID):
+        (KJS::Machine::tryCtiCacheGetByID):
+        (KJS::Machine::cti_op_put_by_id):
+        (KJS::Machine::cti_op_put_by_id_second):
+        (KJS::Machine::cti_op_put_by_id_generic):
+        (KJS::Machine::cti_op_put_by_id_fail):
+        (KJS::Machine::cti_op_get_by_id):
+        (KJS::Machine::cti_op_get_by_id_second):
+        (KJS::Machine::cti_op_get_by_id_generic):
+        (KJS::Machine::cti_op_get_by_id_fail):
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * kjs/JSCell.h:
+        * kjs/JSObject.h:
+        * kjs/PropertyMap.h:
+        * kjs/StructureID.cpp:
+        (KJS::StructureIDChain::StructureIDChain):
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::emitCmpl_i32m):
+        (KJS::IA32MacroAssembler::emitMovl_mr):
+        (KJS::IA32MacroAssembler::emitMovl_rm):
+
+2008-09-02  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        A backslash (\) at the of a RegEx should produce an error.
+        Fixes fast/regex/test1.html.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseEscape):
+
+2008-09-02  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Link jumps for the slow case of op_loop_if_less.  Fixes acid3.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Maciej Stachowiak.
+
+        Switch WREC on by default.
+
+        * wtf/Platform.h:
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix two failures in fast/regex/test1.html
+          - \- in a character class should be treated as a literal -
+          - A missing max quantifier needs to be treated differently than
+            a null max quantifier.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::generateNonGreedyQuantifier):
+        (KJS::WRECompiler::generateGreedyQuantifier):
+        (KJS::WRECompiler::parseCharacterClass):
+        * wrec/WREC.h:
+        (KJS::Quantifier::Quantifier):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Fix crash in fast/js/kde/evil-n.html
+
+        * kjs/regexp.cpp: Always pass a non-null offset vector to the wrec function.
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        Add pattern length limit fixing one test in fast/js.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::compile):
+        * wrec/WREC.h:
+        (KJS::WRECompiler::):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        Make octal escape parsing/back-reference parsing more closely match 
+        prior behavior fixing one test in fast/js.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseCharacterClass): 8 and 9 should be IdentityEscaped
+        (KJS::WRECompiler::parseEscape):
+        * wrec/WREC.h:
+        (KJS::WRECompiler::peekDigit):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        Fix one mozilla test.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::generateCharacterClassInverted): Fix incorrect not
+        ascii upper check.
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        Parse octal escapes in character classes fixing one mozilla test.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseCharacterClass):
+        (KJS::WRECompiler::parseOctalEscape):
+        * wrec/WREC.h:
+        (KJS::WRECompiler::consumeOctal):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fixes two mozilla tests with WREC enabled.
+
+        * wrec/WREC.cpp:
+        (KJS::CharacterClassConstructor::append): Keep the character class sorted
+        when appending another character class.
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Mark Rowe.
+
+        Fixes two mozilla tests with WREC enabled.
+
+        * wrec/WREC.cpp:
+        (KJS::CharacterClassConstructor::addSortedRange): Insert the range at the correct position
+        instead of appending it to the end.
+
+2008-09-01  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Move cross-compilation unit call into NEVER_INLINE function.
+
+        * VM/Machine.cpp:
+        (KJS::doSetReturnAddressVmThrowTrampoline):
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Fix one test in fast/js.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_construct_NotJSConstruct): Throw a createNotAConstructorError,
+        instead of a createNotAFunctionError.
+
+2008-08-31  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Zero-cost exception handling.  This patch takes the exception checking
+        back of the hot path.  When an exception occurs in a Machine::cti*
+        method, the return address to JIT code is recorded, and is then
+        overwritten with a pointer to a trampoline routine.  When the method
+        returns the trampoline will cause the cti_vm_throw method to be invoked.
+
+        cti_vm_throw uses the return address preserved above, to discover the
+        vPC of the bytecode that raised the exception (using a map build during
+        translation).  From the VPC of the faulting bytecode the vPC of a catch
+        routine may be discovered (unwinding the stack where necesary), and then
+        a bytecode address for the catch routine is looked up.  Final cti_vm_throw
+        overwrites its return address to JIT code again, to trampoline directly
+        to the catch routine.
+        
+        cti_op_throw is handled in a similar fashion.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitPutCTIParam):
+        (KJS::CTI::emitPutToCallFrameHeader):
+        (KJS::CTI::emitGetFromCallFrameHeader):
+        (KJS::ctiSetReturnAddressForArgs):
+        (KJS::CTI::emitDebugExceptionCheck):
+        (KJS::CTI::printOpcodeOperandTypes):
+        (KJS::CTI::emitCall):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::CallRecord::CallRecord):
+        (KJS::):
+        (KJS::CTI::execute):
+        * VM/CodeBlock.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::cti_op_instanceof):
+        (KJS::Machine::cti_op_call_NotJSFunction):
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_op_in):
+        (KJS::Machine::cti_vm_throw):
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::):
+        * kjs/ExecState.h:
+        (KJS::ExecState::setCtiReturnAddress):
+        (KJS::ExecState::ctiReturnAddress):
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::):
+        (KJS::IA32MacroAssembler::emitPushl_m):
+        (KJS::IA32MacroAssembler::emitPopl_m):
+        (KJS::IA32MacroAssembler::getRelocatedAddress):
+
+2008-08-31  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fall back to PCRE for any regexp containing parentheses until we correctly backtrack within them.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseParentheses):
+        * wrec/WREC.h:
+        (KJS::WRECompiler::):
+
+2008-08-31  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix several issues within ecma_3/RegExp/perlstress-001.js with WREC enabled.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::generateNonGreedyQuantifier): Compare with the maximum quantifier count rather than the minimum.
+        (KJS::WRECompiler::generateAssertionEOL): Do a register-to-register comparison rather than immediate-to-register.
+        (KJS::WRECompiler::parseCharacterClass): Pass through the correct inversion flag.
+
+2008-08-30  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Re-fix the six remaining failures in the Mozilla JavaScript tests in a manner that does not kill performance.
+        This shows up as a 0.6% progression on SunSpider on my machine.
+
+        Grow the JITCodeBuffer's underlying buffer when we run out of space rather than just bailing out.
+
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::~CodeBlock): Switch to using fastFree now that JITCodeBuffer::copy uses fastMalloc.
+        * kjs/regexp.cpp: Ditto.
+        * masm/IA32MacroAsm.h:
+        (KJS::JITCodeBuffer::growBuffer):
+        (KJS::JITCodeBuffer::JITCodeBuffer):
+        (KJS::JITCodeBuffer::~JITCodeBuffer):
+        (KJS::JITCodeBuffer::putByte):
+        (KJS::JITCodeBuffer::putShort):
+        (KJS::JITCodeBuffer::putInt):
+        (KJS::JITCodeBuffer::reset):
+        (KJS::JITCodeBuffer::copy):
+
+2008-08-29  Oliver Hunt  <oliver@apple.com>
+
+        RS=Maciej
+
+        Roll out previous patch as it causes a 5% performance regression
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp:
+        (KJS::getJCB):
+        (KJS::CTI::privateCompile):
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::~CodeBlock):
+        * masm/IA32MacroAsm.h:
+        (KJS::JITCodeBuffer::JITCodeBuffer):
+        (KJS::JITCodeBuffer::putByte):
+        (KJS::JITCodeBuffer::putShort):
+        (KJS::JITCodeBuffer::putInt):
+        (KJS::JITCodeBuffer::getEIP):
+        (KJS::JITCodeBuffer::start):
+        (KJS::JITCodeBuffer::getOffset):
+        (KJS::JITCodeBuffer::reset):
+        (KJS::JITCodeBuffer::copy):
+        (KJS::IA32MacroAssembler::emitModRm_rr):
+        (KJS::IA32MacroAssembler::emitModRm_rm):
+        (KJS::IA32MacroAssembler::emitModRm_rmsib):
+        (KJS::IA32MacroAssembler::IA32MacroAssembler):
+        (KJS::IA32MacroAssembler::emitInt3):
+        (KJS::IA32MacroAssembler::emitPushl_r):
+        (KJS::IA32MacroAssembler::emitPopl_r):
+        (KJS::IA32MacroAssembler::emitMovl_rr):
+        (KJS::IA32MacroAssembler::emitAddl_rr):
+        (KJS::IA32MacroAssembler::emitAddl_i8r):
+        (KJS::IA32MacroAssembler::emitAddl_i32r):
+        (KJS::IA32MacroAssembler::emitAddl_mr):
+        (KJS::IA32MacroAssembler::emitAndl_rr):
+        (KJS::IA32MacroAssembler::emitAndl_i32r):
+        (KJS::IA32MacroAssembler::emitCmpl_i8r):
+        (KJS::IA32MacroAssembler::emitCmpl_rr):
+        (KJS::IA32MacroAssembler::emitCmpl_rm):
+        (KJS::IA32MacroAssembler::emitCmpl_i32r):
+        (KJS::IA32MacroAssembler::emitCmpl_i32m):
+        (KJS::IA32MacroAssembler::emitCmpw_rm):
+        (KJS::IA32MacroAssembler::emitOrl_rr):
+        (KJS::IA32MacroAssembler::emitOrl_i8r):
+        (KJS::IA32MacroAssembler::emitSubl_rr):
+        (KJS::IA32MacroAssembler::emitSubl_i8r):
+        (KJS::IA32MacroAssembler::emitSubl_i32r):
+        (KJS::IA32MacroAssembler::emitSubl_mr):
+        (KJS::IA32MacroAssembler::emitTestl_i32r):
+        (KJS::IA32MacroAssembler::emitTestl_rr):
+        (KJS::IA32MacroAssembler::emitXorl_i8r):
+        (KJS::IA32MacroAssembler::emitXorl_rr):
+        (KJS::IA32MacroAssembler::emitSarl_i8r):
+        (KJS::IA32MacroAssembler::emitSarl_CLr):
+        (KJS::IA32MacroAssembler::emitShl_i8r):
+        (KJS::IA32MacroAssembler::emitShll_CLr):
+        (KJS::IA32MacroAssembler::emitMull_rr):
+        (KJS::IA32MacroAssembler::emitIdivl_r):
+        (KJS::IA32MacroAssembler::emitCdq):
+        (KJS::IA32MacroAssembler::emitMovl_mr):
+        (KJS::IA32MacroAssembler::emitMovzwl_mr):
+        (KJS::IA32MacroAssembler::emitMovl_rm):
+        (KJS::IA32MacroAssembler::emitMovl_i32r):
+        (KJS::IA32MacroAssembler::emitMovl_i32m):
+        (KJS::IA32MacroAssembler::emitLeal_mr):
+        (KJS::IA32MacroAssembler::emitRet):
+        (KJS::IA32MacroAssembler::emitJmpN_r):
+        (KJS::IA32MacroAssembler::emitJmpN_m):
+        (KJS::IA32MacroAssembler::emitCall):
+        (KJS::IA32MacroAssembler::label):
+        (KJS::IA32MacroAssembler::emitUnlinkedJmp):
+        (KJS::IA32MacroAssembler::emitUnlinkedJne):
+        (KJS::IA32MacroAssembler::emitUnlinkedJe):
+        (KJS::IA32MacroAssembler::emitUnlinkedJl):
+        (KJS::IA32MacroAssembler::emitUnlinkedJle):
+        (KJS::IA32MacroAssembler::emitUnlinkedJge):
+        (KJS::IA32MacroAssembler::emitUnlinkedJae):
+        (KJS::IA32MacroAssembler::emitUnlinkedJo):
+        (KJS::IA32MacroAssembler::link):
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::compilePattern):
+        (KJS::WRECompiler::compile):
+        * wrec/WREC.h:
+
+2008-08-29  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Have JITCodeBuffer manage a Vector containing the generated code so that it can grow
+        as needed when generating code for a large function.  This fixes all six remaining failures
+        in Mozilla tests in both debug and release builds.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile):
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::~CodeBlock):
+        * masm/IA32MacroAsm.h:
+        (KJS::JITCodeBuffer::putByte):
+        (KJS::JITCodeBuffer::putShort):
+        (KJS::JITCodeBuffer::putInt):
+        (KJS::JITCodeBuffer::getEIP):
+        (KJS::JITCodeBuffer::start):
+        (KJS::JITCodeBuffer::getOffset):
+        (KJS::JITCodeBuffer::getCode):
+        (KJS::IA32MacroAssembler::emitModRm_rr):
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::compilePattern):
+        * wrec/WREC.h:
+
+2008-08-29  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Implement parsing of octal escapes in regular expressions.  This fixes three Mozilla tests.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::parseOctalEscape):
+        (KJS::WRECompiler::parseEscape): Parse the escape sequence as an octal escape if it has a leading zero.
+        Add a FIXME about treating invalid backreferences as octal escapes in the future.
+        * wrec/WREC.h:
+        (KJS::WRECompiler::consumeNumber): Multiply by 10 rather than 0 so that we handle numbers with more than
+        one digit.
+        * wtf/ASCIICType.h:
+        (WTF::isASCIIOctalDigit):
+
+2008-08-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Pass vPC to instanceof method.  Fixes 2 mozilla tests in debug.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_instanceof):
+
+2008-08-29  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Pass vPCs to resolve methods for correct exception creation.  Fixes
+        17 mozilla tests in debug.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_resolve_with_base):
+
+2008-08-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Remembering to actually throw the exception passed to op throw helps.
+        Regressions 19 -> 6.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_vm_throw):
+
+2008-08-29  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Support for exception unwinding the stack.
+        
+        Once upon a time, Sam asked me for a bettr ChangeLog entry.  The return address
+        is now preserved on entry to a JIT code function (if we preserve lazily we need
+        restore the native return address during exception stack unwind).  This takes
+        the number of regressions down from ~150 to 19.
+
+        * VM/CTI.cpp:
+        (KJS::getJCB):
+        (KJS::CTI::emitExceptionCheck):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::):
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException):
+        (KJS::Machine::cti_op_call_JSFunction):
+        (KJS::Machine::cti_op_call_NotJSFunction):
+        (KJS::Machine::cti_op_construct_JSConstruct):
+        (KJS::Machine::cti_op_construct_NotJSConstruct):
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_vm_throw):
+
+2008-08-29  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix js1_2/regexp/word_boundary.js and four other Mozilla tests with WREC enabled.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::generateCharacterClassInvertedRange): If none of the exact matches
+        succeeded, jump to failure.
+        (KJS::WRECompiler::compilePattern): Restore and increment the current position stored
+        on the stack to ensure that it will be reset to the correct position after a failed
+        match has consumed input.
+
+2008-08-29  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix a hang in ecma_3/RegExp/15.10.2-1.js with WREC enabled.
+        A backreference with a quantifier would get stuck in an infinite
+        loop if the captured range was empty.
+
+        * wrec/WREC.cpp:
+        (KJS::WRECompiler::generateBackreferenceQuantifier): If the captured range
+        was empty, do not attempt to match the backreference.
+        (KJS::WRECompiler::parseBackreferenceQuantifier):
+        * wrec/WREC.h:
+        (KJS::Quantifier::):
+
+2008-08-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Implement op_debug.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::debug):
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::cti_op_debug):
+        * VM/Machine.h:
+
+2008-08-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Implement op_switch_string fixing 1 mozilla test and one test in fast/js.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::SwitchRecord::):
+        (KJS::SwitchRecord::SwitchRecord):
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeBlock.h:
+        (KJS::ExpressionRangeInfo::):
+        (KJS::StringJumpTable::offsetForValue):
+        (KJS::StringJumpTable::ctiForValue):
+        (KJS::SimpleJumpTable::add):
+        (KJS::SimpleJumpTable::ctiForValue):
+        * VM/CodeGenerator.cpp:
+        (KJS::prepareJumpTableForStringSwitch):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::cti_op_switch_string):
+        * VM/Machine.h:
+
+2008-08-28  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Do not recurse on the machine stack when executing op_call.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitGetPutArg):
+        (KJS::CTI::emitPutArg):
+        (KJS::CTI::emitPutArgConstant):
+        (KJS::CTI::compileOpCall):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::):
+        (KJS::CTI::compile):
+        (KJS::CTI::execute):
+        (KJS::CTI::):
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine):
+        (KJS::Machine::execute):
+        (KJS::Machine::cti_op_call_JSFunction):
+        (KJS::Machine::cti_op_call_NotJSFunction):
+        (KJS::Machine::cti_op_ret):
+        (KJS::Machine::cti_op_construct_JSConstruct):
+        (KJS::Machine::cti_op_construct_NotJSConstruct):
+        (KJS::Machine::cti_op_call_eval):
+        * VM/Machine.h:
+        * VM/Register.h:
+        (KJS::Register::Register):
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::):
+        * kjs/InternalFunction.h:
+        (KJS::InternalFunction::InternalFunction):
+        * kjs/JSFunction.h:
+        (KJS::JSFunction::JSFunction):
+        * kjs/ScopeChain.h:
+        (KJS::ScopeChain::ScopeChain):
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::):
+        (KJS::IA32MacroAssembler::emitModRm_opm):
+        (KJS::IA32MacroAssembler::emitCmpl_i32m):
+        (KJS::IA32MacroAssembler::emitCallN_r):
+
+2008-08-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Exit instead of crashing in ctiUnsupported and ctiTimedOut.
+
+        * VM/Machine.cpp:
+        (KJS::ctiUnsupported):
+        (KJS::ctiTimedOut):
+
+2008-08-28  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Implement codegen for op_jsr and op_sret.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::CTI::JSRInfo::JSRInfo):
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::emitJmpN_m):
+        (KJS::IA32MacroAssembler::linkAbsoluteAddress):
+
+2008-08-28  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Initial support for exceptions (throw / catch must occur in same CodeBlock).
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitExceptionCheck):
+        (KJS::CTI::emitCall):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::nativeExceptionCodeForHandlerVPC):
+        * VM/CodeBlock.h:
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitCatch):
+        * VM/Machine.cpp:
+        (KJS::Machine::throwException):
+        (KJS::Machine::privateExecute):
+        (KJS::ctiUnsupported):
+        (KJS::ctiTimedOut):
+        (KJS::Machine::cti_op_add):
+        (KJS::Machine::cti_op_pre_inc):
+        (KJS::Machine::cti_timeout_check):
+        (KJS::Machine::cti_op_loop_if_less):
+        (KJS::Machine::cti_op_put_by_id):
+        (KJS::Machine::cti_op_get_by_id):
+        (KJS::Machine::cti_op_instanceof):
+        (KJS::Machine::cti_op_del_by_id):
+        (KJS::Machine::cti_op_mul):
+        (KJS::Machine::cti_op_call):
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_construct):
+        (KJS::Machine::cti_op_get_by_val):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_sub):
+        (KJS::Machine::cti_op_put_by_val):
+        (KJS::Machine::cti_op_lesseq):
+        (KJS::Machine::cti_op_loop_if_true):
+        (KJS::Machine::cti_op_negate):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_div):
+        (KJS::Machine::cti_op_pre_dec):
+        (KJS::Machine::cti_op_jless):
+        (KJS::Machine::cti_op_not):
+        (KJS::Machine::cti_op_jtrue):
+        (KJS::Machine::cti_op_post_inc):
+        (KJS::Machine::cti_op_eq):
+        (KJS::Machine::cti_op_lshift):
+        (KJS::Machine::cti_op_bitand):
+        (KJS::Machine::cti_op_rshift):
+        (KJS::Machine::cti_op_bitnot):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_mod):
+        (KJS::Machine::cti_op_less):
+        (KJS::Machine::cti_op_neq):
+        (KJS::Machine::cti_op_post_dec):
+        (KJS::Machine::cti_op_urshift):
+        (KJS::Machine::cti_op_bitxor):
+        (KJS::Machine::cti_op_bitor):
+        (KJS::Machine::cti_op_call_eval):
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_op_push_scope):
+        (KJS::Machine::cti_op_stricteq):
+        (KJS::Machine::cti_op_nstricteq):
+        (KJS::Machine::cti_op_to_jsnumber):
+        (KJS::Machine::cti_op_in):
+        (KJS::Machine::cti_op_del_by_val):
+        (KJS::Machine::cti_vm_throw):
+        * VM/Machine.h:
+        * kjs/ExecState.h:
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::emitCmpl_i32m):
+
+2008-08-28  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Print debugging info to stderr so that run-webkit-tests can capture it.
+        This makes it easy to check whether test failures are due to unimplemented
+        op codes, missing support for exceptions, etc.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::printOpcodeOperandTypes):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        (KJS::CTI::privateCompile):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        (KJS::ctiException):
+        (KJS::ctiUnsupported):
+        (KJS::Machine::cti_op_call):
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_construct):
+        (KJS::Machine::cti_op_get_by_val):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_call_eval):
+
+2008-08-27  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough and Maciej Stachowiak.
+
+        Fix fast/js/bitwise-and-on-undefined.html.
+
+        A temporary value in the slow path of op_bitand was being stored in edx, but was
+        being clobbered by emitGetPutArg before we used it.  To fix this, emitGetPutArg
+        now takes a third argument that specifies the scratch register to use when loading
+        from memory.  This allows us to avoid clobbering the temporary in op_bitand.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitGetPutArg):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        * VM/CTI.h:
+
+2008-08-27  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Switch CTI on by default.
+
+        * wtf/Platform.h:
+
+2008-08-27  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Fix the build of the full WebKit stack.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Mark two new headers as private so they can be pulled in from WebCore.
+        * VM/CTI.h: Fix build issues that show up when compiled with GCC 4.2 as part of WebCore.
+        * wrec/WREC.h: Ditto.
+
+2008-08-27  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Implement op_new_error.  Does not fix any tests as it is always followed by the unimplemented op_throw.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_new_error):
+        * VM/Machine.h:
+
+2008-08-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Implement op_put_getter and op_put_setter.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_put_getter):
+        (KJS::Machine::cti_op_put_setter):
+        * VM/Machine.h:
+
+2008-08-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Implement op_del_by_val fixing 3 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_del_by_val):
+        * VM/Machine.h:
+
+2008-08-27  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Quick & dirty fix to get SamplingTool sampling op_call.
+
+        * VM/SamplingTool.h:
+        (KJS::SamplingTool::callingHostFunction):
+
+2008-08-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Fix op_put_by_index.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main): Use emitPutArgConstant instead of emitGetPutArg
+        for the property value.
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_put_by_index): Get the property value from the correct argument.
+
+2008-08-27  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Implement op_switch_imm in the CTI fixing 13 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_switch_imm):
+        * VM/Machine.h:
+
+2008-08-27  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Implement op_switch_char in CTI.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitCall):
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        (KJS::CallRecord::CallRecord):
+        (KJS::SwitchRecord::SwitchRecord):
+        * VM/CodeBlock.h:
+        (KJS::SimpleJumpTable::SimpleJumpTable::ctiForValue):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_switch_char):
+        * VM/Machine.h:
+        * masm/IA32MacroAsm.h:
+        (KJS::IA32MacroAssembler::):
+        (KJS::IA32MacroAssembler::emitJmpN_r):
+        (KJS::IA32MacroAssembler::getRelocatedAddress):
+        * wtf/Platform.h:
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        Implement op_put_by_index to fix 1 mozilla test.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_put_by_index):
+        * VM/Machine.h:
+
+2008-08-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        More fixes from Geoff's review.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::emitGetArg):
+        (KJS::CTI::emitGetPutArg):
+        (KJS::CTI::emitPutArg):
+        (KJS::CTI::emitPutArgConstant):
+        (KJS::CTI::getConstantImmediateNumericArg):
+        (KJS::CTI::emitGetCTIParam):
+        (KJS::CTI::emitPutResult):
+        (KJS::CTI::emitCall):
+        (KJS::CTI::emitJumpSlowCaseIfNotImm):
+        (KJS::CTI::emitJumpSlowCaseIfNotImms):
+        (KJS::CTI::getDeTaggedConstantImmediate):
+        (KJS::CTI::emitFastArithDeTagImmediate):
+        (KJS::CTI::emitFastArithReTagImmediate):
+        (KJS::CTI::emitFastArithPotentiallyReTagImmediate):
+        (KJS::CTI::emitFastArithImmToInt):
+        (KJS::CTI::emitFastArithIntToImmOrSlowCase):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Implement op_jmp_scopes to fix 2 Mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_push_new_scope): Update ExecState::m_scopeChain after calling ARG_setScopeChain.
+        (KJS::Machine::cti_op_jmp_scopes):
+        * VM/Machine.h:
+
+2008-08-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        WebKit Regular Expression Compiler. (set ENABLE_WREC = 1 in Platform.h).
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/regexp.cpp:
+        * kjs/regexp.h:
+        * wrec: Added.
+        * wrec/WREC.cpp: Added.
+        * wrec/WREC.h: Added.
+        * wtf/Platform.h:
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Remove bogus assertion.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_del_by_id):
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Implement op_push_new_scope and stub out op_catch.  This fixes 11 Mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_push_new_scope):
+        (KJS::Machine::cti_op_catch):
+        * VM/Machine.h:
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Clean up op_resolve_base so that it shares its implementation with the bytecode interpreter.
+
+        * VM/Machine.cpp:
+        (KJS::inlineResolveBase):
+        (KJS::resolveBase):
+
+2008-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Add codegen support for op_instanceof, fixing 15 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_instanceof):
+        (KJS::Machine::cti_op_del_by_id):
+        * VM/Machine.h:
+        * wtf/Platform.h:
+
+2008-08-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Fixes for initial review comments.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::ctiCompileGetArg):
+        (KJS::CTI::ctiCompileGetPutArg):
+        (KJS::CTI::ctiCompilePutResult):
+        (KJS::CTI::ctiCompileCall):
+        (KJS::CTI::CTI):
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::printOpcodeOperandTypes):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h:
+        * VM/Register.h:
+        * kjs/JSValue.h:
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Fix up exception checking code.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_call):
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_construct):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_call_eval):
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Fix slowcase for op_post_inc and op_post_dec fixing 2 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Implement op_in, fixing 8 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_in):
+        * VM/Machine.h:
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Don't hardcode the size of a Register for op_new_array.  Fixes a crash
+        seen during the Mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main):
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Add support for op_push_scope and op_pop_scope, fixing 20 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/CTI.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_push_scope):
+        (KJS::Machine::cti_op_pop_scope):
+        * VM/Machine.h:
+
+2008-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Add codegen support for op_del_by_id, fixing 49 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+        * VM/Machine.cpp:
+        (KJS::Machine::cti_op_del_by_id):
+        * VM/Machine.h:
+
+2008-08-26  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Gavin Barraclough and Geoff Garen.
+
+        Don't hardcode the size of a Register for op_get_scoped_var and op_put_scoped_var 
+        fixing 513 mozilla tests in debug build.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass2_Main):
+
+2008-08-26  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+        
+        Added code generator support for op_loop, fixing around 60 mozilla tests.
+
+        * VM/CTI.cpp:
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::privateCompile_pass2_Main):
+
+2008-08-26  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Set -fomit-frame-pointer in the correct location.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-08-26  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+        
+        Inital cut of CTI, Geoff's review fixes to follow.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/CTI.cpp: Added.
+        (KJS::getJCB):
+        (KJS::CTI::ctiCompileGetArg):
+        (KJS::CTI::ctiCompileGetPutArg):
+        (KJS::CTI::ctiCompilePutArg):
+        (KJS::CTI::ctiCompilePutArgImm):
+        (KJS::CTI::ctiImmediateNumericArg):
+        (KJS::CTI::ctiCompileGetCTIParam):
+        (KJS::CTI::ctiCompilePutResult):
+        (KJS::CTI::ctiCompileCall):
+        (KJS::CTI::slowCaseIfNotImm):
+        (KJS::CTI::slowCaseIfNotImms):
+        (KJS::CTI::ctiFastArithDeTagConstImmediate):
+        (KJS::CTI::ctiFastArithDeTagImmediate):
+        (KJS::CTI::ctiFastArithReTagImmediate):
+        (KJS::CTI::ctiFastArithPotentiallyReTagImmediate):
+        (KJS::CTI::ctiFastArithImmToInt):
+        (KJS::CTI::ctiFastArithIntToImmOrSlowCase):
+        (KJS::CTI::CTI):
+        (KJS::CTI::privateCompile_pass1_Scan):
+        (KJS::CTI::ctiCompileAdd):
+        (KJS::CTI::ctiCompileAddImm):
+        (KJS::CTI::ctiCompileAddImmNotInt):
+        (KJS::CTI::TEMP_HACK_PRINT_TYPES):
+        (KJS::CTI::privateCompile_pass2_Main):
+        (KJS::CTI::privateCompile_pass3_Link):
+        (KJS::CTI::privateCompile_pass4_SlowCases):
+        (KJS::CTI::privateCompile):
+        * VM/CTI.h: Added.
+        (KJS::CTI2Result::CTI2Result):
+        (KJS::CallRecord::CallRecord):
+        (KJS::JmpTable::JmpTable):
+        (KJS::SlowCaseEntry::SlowCaseEntry):
+        (KJS::CTI::compile):
+        (KJS::CTI::LabelInfo::LabelInfo):
+        * VM/CodeBlock.h:
+        (KJS::CodeBlock::CodeBlock):
+        (KJS::CodeBlock::~CodeBlock):
+        * VM/Machine.cpp:
+        (KJS::Machine::execute):
+        (KJS::Machine::privateExecute):
+        (KJS::ctiException):
+        (KJS::ctiUnsupported):
+        (KJS::ctiTimedOut):
+        (KJS::Machine::cti_op_end):
+        (KJS::Machine::cti_op_add):
+        (KJS::Machine::cti_op_pre_inc):
+        (KJS::Machine::cti_timeout_check):
+        (KJS::Machine::cti_op_loop_if_less):
+        (KJS::Machine::cti_op_new_object):
+        (KJS::Machine::cti_op_put_by_id):
+        (KJS::Machine::cti_op_get_by_id):
+        (KJS::Machine::cti_op_mul):
+        (KJS::Machine::cti_op_new_func):
+        (KJS::Machine::cti_op_call):
+        (KJS::Machine::cti_op_ret):
+        (KJS::Machine::cti_op_new_array):
+        (KJS::Machine::cti_op_resolve):
+        (KJS::Machine::cti_op_construct):
+        (KJS::Machine::cti_op_get_by_val):
+        (KJS::Machine::cti_op_resolve_func):
+        (KJS::Machine::cti_op_sub):
+        (KJS::Machine::cti_op_put_by_val):
+        (KJS::Machine::cti_op_lesseq):
+        (KJS::Machine::cti_op_loop_if_true):
+        (KJS::Machine::cti_op_negate):
+        (KJS::Machine::cti_op_resolve_base):
+        (KJS::Machine::cti_op_resolve_skip):
+        (KJS::Machine::cti_op_div):
+        (KJS::Machine::cti_op_pre_dec):
+        (KJS::Machine::cti_op_jless):
+        (KJS::Machine::cti_op_not):
+        (KJS::Machine::cti_op_jtrue):
+        (KJS::Machine::cti_op_post_inc):
+        (KJS::Machine::cti_op_eq):
+        (KJS::Machine::cti_op_lshift):
+        (KJS::Machine::cti_op_bitand):
+        (KJS::Machine::cti_op_rshift):
+        (KJS::Machine::cti_op_bitnot):
+        (KJS::Machine::cti_op_resolve_with_base):
+        (KJS::Machine::cti_op_new_func_exp):
+        (KJS::Machine::cti_op_mod):
+        (KJS::Machine::cti_op_less):
+        (KJS::Machine::cti_op_neq):
+        (KJS::Machine::cti_op_post_dec):
+        (KJS::Machine::cti_op_urshift):
+        (KJS::Machine::cti_op_bitxor):
+        (KJS::Machine::cti_op_new_regexp):
+        (KJS::Machine::cti_op_bitor):
+        (KJS::Machine::cti_op_call_eval):
+        (KJS::Machine::cti_op_throw):
+        (KJS::Machine::cti_op_get_pnames):
+        (KJS::Machine::cti_op_next_pname):
+        (KJS::Machine::cti_op_typeof):
+        (KJS::Machine::cti_op_stricteq):
+        (KJS::Machine::cti_op_nstricteq):
+        (KJS::Machine::cti_op_to_jsnumber):
+        * VM/Machine.h:
+        * VM/Register.h:
+        (KJS::Register::jsValue):
+        (KJS::Register::getJSValue):
+        (KJS::Register::codeBlock):
+        (KJS::Register::scopeChain):
+        (KJS::Register::i):
+        (KJS::Register::r):
+        (KJS::Register::vPC):
+        (KJS::Register::jsPropertyNameIterator):
+        * VM/SamplingTool.cpp:
+        (KJS::):
+        (KJS::SamplingTool::run):
+        (KJS::SamplingTool::dump):
+        * VM/SamplingTool.h:
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::zeroImmediate):
+        (KJS::JSImmediate::oneImmediate):
+        * kjs/JSValue.h:
+        * kjs/JSVariableObject.h:
+        (KJS::JSVariableObject::JSVariableObjectData::offsetOf_registers):
+        (KJS::JSVariableObject::offsetOf_d):
+        (KJS::JSVariableObject::offsetOf_Data_registers):
+        * masm: Added.
+        * masm/IA32MacroAsm.h: Added.
+        (KJS::JITCodeBuffer::JITCodeBuffer):
+        (KJS::JITCodeBuffer::putByte):
+        (KJS::JITCodeBuffer::putShort):
+        (KJS::JITCodeBuffer::putInt):
+        (KJS::JITCodeBuffer::getEIP):
+        (KJS::JITCodeBuffer::start):
+        (KJS::JITCodeBuffer::getOffset):
+        (KJS::JITCodeBuffer::reset):
+        (KJS::JITCodeBuffer::copy):
+        (KJS::IA32MacroAssembler::):
+        (KJS::IA32MacroAssembler::emitModRm_rr):
+        (KJS::IA32MacroAssembler::emitModRm_rm):
+        (KJS::IA32MacroAssembler::emitModRm_rmsib):
+        (KJS::IA32MacroAssembler::emitModRm_opr):
+        (KJS::IA32MacroAssembler::emitModRm_opm):
+        (KJS::IA32MacroAssembler::IA32MacroAssembler):
+        (KJS::IA32MacroAssembler::emitInt3):
+        (KJS::IA32MacroAssembler::emitPushl_r):
+        (KJS::IA32MacroAssembler::emitPopl_r):
+        (KJS::IA32MacroAssembler::emitMovl_rr):
+        (KJS::IA32MacroAssembler::emitAddl_rr):
+        (KJS::IA32MacroAssembler::emitAddl_i8r):
+        (KJS::IA32MacroAssembler::emitAddl_i32r):
+        (KJS::IA32MacroAssembler::emitAddl_mr):
+        (KJS::IA32MacroAssembler::emitAndl_rr):
+        (KJS::IA32MacroAssembler::emitAndl_i32r):
+        (KJS::IA32MacroAssembler::emitCmpl_i8r):
+        (KJS::IA32MacroAssembler::emitCmpl_rr):
+        (KJS::IA32MacroAssembler::emitCmpl_rm):
+        (KJS::IA32MacroAssembler::emitCmpl_i32r):
+        (KJS::IA32MacroAssembler::emitCmpw_rm):
+        (KJS::IA32MacroAssembler::emitOrl_rr):
+        (KJS::IA32MacroAssembler::emitOrl_i8r):
+        (KJS::IA32MacroAssembler::emitSubl_rr):
+        (KJS::IA32MacroAssembler::emitSubl_i8r):
+        (KJS::IA32MacroAssembler::emitSubl_i32r):
+        (KJS::IA32MacroAssembler::emitSubl_mr):
+        (KJS::IA32MacroAssembler::emitTestl_i32r):
+        (KJS::IA32MacroAssembler::emitTestl_rr):
+        (KJS::IA32MacroAssembler::emitXorl_i8r):
+        (KJS::IA32MacroAssembler::emitXorl_rr):
+        (KJS::IA32MacroAssembler::emitSarl_i8r):
+        (KJS::IA32MacroAssembler::emitSarl_CLr):
+        (KJS::IA32MacroAssembler::emitShl_i8r):
+        (KJS::IA32MacroAssembler::emitShll_CLr):
+        (KJS::IA32MacroAssembler::emitMull_rr):
+        (KJS::IA32MacroAssembler::emitIdivl_r):
+        (KJS::IA32MacroAssembler::emitCdq):
+        (KJS::IA32MacroAssembler::emitMovl_mr):
+        (KJS::IA32MacroAssembler::emitMovzwl_mr):
+        (KJS::IA32MacroAssembler::emitMovl_rm):
+        (KJS::IA32MacroAssembler::emitMovl_i32r):
+        (KJS::IA32MacroAssembler::emitMovl_i32m):
+        (KJS::IA32MacroAssembler::emitLeal_mr):
+        (KJS::IA32MacroAssembler::emitRet):
+        (KJS::IA32MacroAssembler::JmpSrc::JmpSrc):
+        (KJS::IA32MacroAssembler::JmpDst::JmpDst):
+        (KJS::IA32MacroAssembler::emitCall):
+        (KJS::IA32MacroAssembler::label):
+        (KJS::IA32MacroAssembler::emitUnlinkedJmp):
+        (KJS::IA32MacroAssembler::emitUnlinkedJne):
+        (KJS::IA32MacroAssembler::emitUnlinkedJe):
+        (KJS::IA32MacroAssembler::emitUnlinkedJl):
+        (KJS::IA32MacroAssembler::emitUnlinkedJle):
+        (KJS::IA32MacroAssembler::emitUnlinkedJge):
+        (KJS::IA32MacroAssembler::emitUnlinkedJae):
+        (KJS::IA32MacroAssembler::emitUnlinkedJo):
+        (KJS::IA32MacroAssembler::emitPredictionNotTaken):
+        (KJS::IA32MacroAssembler::link):
+        (KJS::IA32MacroAssembler::copy):
+        * wtf/Platform.h:
+
+2008-08-26  Oliver Hunt  <oliver@apple.com>
+
+        RS=Maciej.
+
+        Enabled -fomit-frame-pointer on Release and Production builds, add additional Profiling build config for shark, etc.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+=== Start merge of squirrelfish-extreme ===
+
+2008-09-06  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Fix the Mac Debug build by adding symbols that are exported only in a
+        Debug configuration.
+
+        * Configurations/JavaScriptCore.xcconfig:
+        * DerivedSources.make:
+        * JavaScriptCore.Debug.exp: Added.
+        * JavaScriptCore.base.exp: Copied from JavaScriptCore.exp.
+        * JavaScriptCore.exp: Removed.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-09-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20681
+          JSPropertyNameIterator functions need to be inlined
+
+        1.007x as fast on SunSpider overall
+        1.081x as fast on SunSpider math-cordic
+
+        * VM/JSPropertyNameIterator.cpp: Moved functions out of here.
+        * VM/JSPropertyNameIterator.h:
+        (KJS::JSPropertyNameIterator::JSPropertyNameIterator): Moved
+        this into the header and marked it inline.
+        (KJS::JSPropertyNameIterator::create): Ditto.
+        (KJS::JSPropertyNameIterator::next): Ditto.
+
+2008-09-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=20673
+          single-character strings are churning in the Identifier table
+
+        1.007x as fast on SunSpider overall
+        1.167x as fast on SunSpider string-fasta
+
+        * JavaScriptCore.exp: Updated.
+        * kjs/SmallStrings.cpp:
+        (KJS::SmallStrings::singleCharacterStringRep): Added.
+        * kjs/SmallStrings.h: Added singleCharacterStringRep for clients that
+        need just a UString, not a JSString.
+        * kjs/identifier.cpp:
+        (KJS::Identifier::add): Added special cases for single character strings
+        so that the UString::Rep that ends up in the identifier table is the one
+        from the single-character string optimization; otherwise we end up having
+        to look it up in the identifier table over and over again.
+        (KJS::Identifier::addSlowCase): Ditto.
+        (KJS::Identifier::checkSameIdentifierTable): Made this function an empty
+        inline in release builds so that callers don't have to put #ifndef NDEBUG
+        at each call site.
+        * kjs/identifier.h:
+        (KJS::Identifier::add): Removed #ifndef NDEBUG around the calls to
+        checkSameIdentifierTable.
+        (KJS::Identifier::checkSameIdentifierTable): Added. Empty inline version
+        for NDEBUG builds.
+
+2008-09-05  Mark Rowe  <mrowe@apple.com>
+
+        Build fix.
+
+        * kjs/JSObject.h: Move the inline virtual destructor after a non-inline
+        virtual function so that the symbol for the vtable is not marked as a
+        weakly exported symbol.
+
+2008-09-05  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=20671
+          JavaScriptCore string manipulation spends too much time in memcpy
+
+        1.011x as fast on SunSpider overall
+        1.028x as fast on SunSpider string tests
+
+        For small strings, use a loop rather than calling memcpy. The loop can
+        be faster because there's no function call overhead, and because it can
+        assume the pointers are aligned instead of checking that. Currently the
+        threshold is set at 20 characters, based on some testing on one particular
+        computer. Later we can tune this for various platforms by setting
+        USTRING_COPY_CHARS_INLINE_CUTOFF appropriately, but it does no great harm
+        if not perfectly tuned.
+
+        * kjs/ustring.cpp:
+        (KJS::overflowIndicator): Removed bogus const.
+        (KJS::maxUChars): Ditto.
+        (KJS::copyChars): Added.
+        (KJS::UString::Rep::createCopying): Call copyChars instead of memcpy.
+        Also eliminated need for const_cast.
+        (KJS::UString::expandPreCapacity): Ditto.
+        (KJS::concatenate): Ditto.
+        (KJS::UString::spliceSubstringsWithSeparators): Ditto.
+        (KJS::UString::append): Ditto.
+
+2008-09-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Sam and Alexey.
+
+        Make the profiler work with a null exec state.  This will allow other
+        applications start the profiler to get DTrace probes going without
+        needing a WebView.
+
+        * ChangeLog:
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::ProfileGenerator):
+        (KJS::ProfileGenerator::willExecute):
+        (KJS::ProfileGenerator::didExecute):
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling):
+        (KJS::dispatchFunctionToProfiles):
+
+2008-09-04  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoffrey Garen.
+        
+        Fixed an off-by-one error that would cause the StructureIDChain to
+        be one object too short.
+        
+        Can't construct a test case because other factors make this not crash
+        (yet!).
+
+        * kjs/StructureID.cpp:
+        (KJS::StructureIDChain::StructureIDChain):
+
+2008-09-04  Kevin Ollivier  <kevino@theolliviers.com>
+
+        wx build fixes.
+
+        * JavaScriptCoreSources.bkl:
+
+2008-09-04  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Eric Seidel.
+
+        Fix https://bugs.webkit.org/show_bug.cgi?id=20639.
+        Bug 20639: ENABLE_DASHBOARD_SUPPORT does not need to be a FEATURE_DEFINE
+
+        * Configurations/JavaScriptCore.xcconfig: Remove ENABLE_DASHBOARD_SUPPORT from FEATURE_DEFINES.
+        * wtf/Platform.h: Set ENABLE_DASHBOARD_SUPPORT for PLATFORM(MAC).
+
+2008-09-04  Adele Peterson  <adele@apple.com>
+
+        Build fix.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
+
+2008-09-04  Mark Rowe  <mrowe@apple.com>
+
+        Mac build fix.
+
+        * kjs/config.h: Only check the value of HAVE_CONFIG_H if it is defined.
+
+2008-09-04  Marco Barisione  <marco.barisione@collabora.co.uk>
+
+        Reviewed by Eric Seidel.
+
+        http://bugs.webkit.org/show_bug.cgi?id=20380
+        [GTK][AUTOTOOLS] Include autotoolsconfig.h from config.h
+
+        * kjs/config.h: Include the configuration header generated by
+        autotools if available.
+
+2008-09-04  Tor Arne Vestbø  <tavestbo@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix the QtWebKit build to match changes in r36016
+
+        * JavaScriptCore.pri:
+
+2008-09-04  Mark Rowe  <mrowe@apple.com>
+
+        Fix the 64-bit build.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::printStructureID): Store the instruction offset into an unsigned local
+        to avoid a warning related to format specifiers.
+        (KJS::CodeBlock::printStructureIDs): Ditto.
+
+2008-09-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Oliver Hunt.
+
+        Correct the spelling of 'entryIndices'.
+
+        * kjs/PropertyMap.cpp:
+        (KJS::PropertyMap::get):
+        (KJS::PropertyMap::getLocation):
+        (KJS::PropertyMap::put):
+        (KJS::PropertyMap::insert):
+        (KJS::PropertyMap::remove):
+        (KJS::PropertyMap::checkConsistency):
+        * kjs/PropertyMap.h:
+        (KJS::PropertyMapHashTable::entries):
+        (KJS::PropertyMap::getOffset):
+        (KJS::PropertyMap::putOffset):
+        (KJS::PropertyMap::offsetForTableLocation):
+
+2008-09-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+        
+        Fixed <rdar://problem/6193925> REGRESSION: Crash occurs at
+        KJS::Machine::privateExecute() when attempting to load my Mobile Gallery
+        (http://www.me.com/gallery/#home)
+        
+        also
+        
+        https://bugs.webkit.org/show_bug.cgi?id=20633 Crash in privateExecute
+        @ cs.byu.edu
+        
+        The underlying problem was that we would cache prototype properties
+        even if the prototype was a dictionary.
+        
+        The fix is to transition a prototype back from dictionary to normal
+        status when an opcode caches access to it. (This is better than just
+        refusing to cache, since a heavily accessed prototype is almost
+        certainly not a true dictionary.)
+
+        * VM/Machine.cpp:
+        (KJS::Machine::tryCacheGetByID):
+        * kjs/JSObject.h:
+
+2008-09-03  Eric Seidel  <eric@webkit.org>
+
+        Reviewed by Sam.
+
+        Clean up Platform.h and add PLATFORM(CHROMIUM), PLATFORM(SKIA) and USE(V8_BINDINGS)
+
+        * Configurations/JavaScriptCore.xcconfig: add missing ENABLE_*
+        * wtf/ASCIICType.h: include <wtf/Assertions.h> since it depends on it.
+        * wtf/Platform.h:
+
+2008-09-03  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        Remove the rest of the "zombie" code from the profiler.
+        - There is no longer a need for the ProfilerClient callback mechanism.
+
+        * API/JSProfilerPrivate.cpp:
+        (JSStartProfiling):
+        * JavaScriptCore.exp:
+        * profiler/HeavyProfile.h:
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::create):
+        (KJS::ProfileGenerator::ProfileGenerator):
+        * profiler/ProfileGenerator.h:
+        (KJS::ProfileGenerator::profileGroup):
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling): Immediately return the profile when
+        stopped instead of using a callback.
+        * profiler/Profiler.h:
+        * profiler/TreeProfile.h:
+
+2008-09-03  Adele Peterson  <adele@apple.com>
+
+        Build fix.
+
+        * wtf/win/MainThreadWin.cpp:
+
+2008-09-02  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin and Tim.
+
+        Remove most of the "zombie" mode from the profiler.  Next we will need
+        to remove the client callback mechanism in profiles.
+
+        - This simplifies the code, leverages the recent changes I've made in
+        getting line numbers from SquirrelFish, and is a slight speed
+        improvement on SunSpider.
+        - Also the "zombie" mode was a constant source of odd edge cases and
+        obscure bugs so it's good to remove since all of its issues may not have
+        been found.
+
+        * API/JSProfilerPrivate.cpp: No need to call didFinishAllExecution() any
+        more.
+        (JSEndProfiling):
+        * JavaScriptCore.exp: Export the new signature of retrieveLastCaller()
+        * VM/Machine.cpp:
+        (KJS::Machine::execute): No need to call didFinishAllExecution() any
+        more.
+        (KJS::Machine::retrieveCaller): Now operates on InternalFunctions now
+        since the RegisterFile is no longer guaranteeded to store only
+        JSFunctions
+        (KJS::Machine::retrieveLastCaller): Now also retrieve the function's
+        name
+        (KJS::Machine::callFrame): A result of changing retrieveCaller()
+        * VM/Machine.h:
+        * VM/Register.h: 
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject):
+        * kjs/nodes.h:
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::create): Now pass the original exec and get the
+        global exec and client when necessary.  We need the original exec so we
+        can have the stack frame where profiling started.
+        (KJS::ProfileGenerator::ProfileGenerator): ditto.
+        (KJS::ProfileGenerator::addParentForConsoleStart): This is where the 
+        parent to star of the profile is added, if there is one.
+        (KJS::ProfileGenerator::willExecute): Remove uglyness!
+        (KJS::ProfileGenerator::didExecute): Ditto!
+        (KJS::ProfileGenerator::stopProfiling):
+        (KJS::ProfileGenerator::removeProfileStart): Use a better way to find
+        and remove the function we are looking for.
+        (KJS::ProfileGenerator::removeProfileEnd): Ditto.
+        * profiler/ProfileGenerator.h:
+        (KJS::ProfileGenerator::client):
+        * profiler/ProfileNode.cpp:
+        (KJS::ProfileNode::removeChild): Add a better way to remove a child from
+        a ProfileNode.
+        (KJS::ProfileNode::stopProfiling):
+        (KJS::ProfileNode::debugPrintData): Modified a debug-only diagnostic
+        function to be sane.
+        * profiler/ProfileNode.h:
+        * profiler/Profiler.cpp: Change to pass the original exec state.
+        (KJS::Profiler::startProfiling):
+        (KJS::Profiler::stopProfiling):
+        (KJS::Profiler::willExecute):
+        (KJS::Profiler::didExecute):
+        (KJS::Profiler::createCallIdentifier):
+        * profiler/Profiler.h:
+
+2008-09-01  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Implement callOnMainThreadAndWait().
+
+        This will be useful when a background thread needs to perform UI calls synchronously
+        (e.g. an openDatabase() call cannot return until the user answers to a confirmation dialog).
+
+        * wtf/MainThread.cpp:
+        (WTF::FunctionWithContext::FunctionWithContext): Added a ThreadCondition member. When
+        non-zero, the condition is signalled after the function is called.
+        (WTF::mainThreadFunctionQueueMutex): Renamed from functionQueueMutex, sinc this is no longer
+        static. Changed to be initialized from initializeThreading() to avoid lock contention.
+        (WTF::initializeMainThread): On non-Windows platforms, just call mainThreadFunctionQueueMutex.
+        (WTF::dispatchFunctionsFromMainThread): Signal synchronous calls when done.
+        (WTF::callOnMainThread): Updated for functionQueueMutex rename.
+        (WTF::callOnMainThreadAndWait):  Added.
+
+        * wtf/MainThread.h: Added callOnMainThreadAndWait(); initializeMainThread() now exists on
+        all platforms.
+
+        * wtf/win/MainThreadWin.cpp: (WTF::initializeMainThread): Added a callOnMainThreadAndWait()
+        call to initialize function queue mutex.
+
+        * wtf/ThreadingGtk.cpp: (WTF::initializeThreading):
+        * wtf/ThreadingPthreads.cpp: (WTF::initializeThreading):
+        * wtf/ThreadingQt.cpp: (WTF::initializeThreading):
+        Only initialize mainThreadIdentifier on non-Darwin platforms. It was not guaranteed to be
+        accurate on Darwin.
+
+2008-09-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+        
+        Use isUndefinedOrNull() instead of separate checks for each in op_eq_null
+        and op_neq_null.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-09-02  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
+
+        Reviewed by Darin Adler.
+
+        Bug 20296: OpcodeStats doesn't build on platforms which don't have mergesort().
+        <https://bugs.webkit.org/show_bug.cgi?id=20296>
+
+        * VM/Opcode.cpp:
+        (KJS::OpcodeStats::~OpcodeStats): mergesort() replaced with qsort()
+
+2008-09-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Fast path for array.length and string.length.
+        
+        SunSpider says 0.5% faster.
+
+2008-09-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Anders Carlsson.
+        
+        Added optimized paths for comparing to null.
+        
+        SunSpider says 0.5% faster.
+
+2008-09-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Changed jsDriver.pl to dump the exact text you would need in order to
+        reproduce a test result. This enables a fast workflow where you copy
+        and paste a test failure in the terminal.
+
+        * tests/mozilla/jsDriver.pl:
+
+2008-09-02  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+        
+        Implemented the rest of Darin's review comments for the 09-01 inline
+        caching patch.
+        
+        SunSpider says 0.5% faster, but that seems like noise.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Put PutPropertySlot into
+        its own file, and added BatchedTransitionOptimizer.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::~CodeBlock): Use array indexing instead of a pointer
+        iterator.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator): Used BatchedTransitionOptimizer to
+        make batched put and remove for declared variables fast, without forever
+        pessimizing the global object. Removed the old getDirect/removeDirect hack
+        that tried to do the same in a more limited way.
+
+        * VM/CodeGenerator.h: Moved IdentifierRepHash to the KJS namespace since
+        it doesn't specialize anything in WTF.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::Machine): Nixed the DummyConstruct tag because it was
+        confusingly named.
+
+        (KJS::Machine::execute):  Used BatchedTransitionOptimizer, as above. Fixed
+        up some comments.
+
+        (KJS::cachePrototypeChain): Cast to JSObject*, since it's more specific.
+
+        (KJS::Machine::tryCachePutByID): Use isNull() instead of comparing to
+        jsNull(), since isNull() leaves more options open for the future.
+        (KJS::Machine::tryCacheGetByID): ditto
+        (KJS::Machine::privateExecute): ditto
+
+        * VM/SamplingTool.cpp:
+        (KJS::SamplingTool::dump): Use C++-style cast, to match our style
+        guidelines.
+
+        * kjs/BatchedTransitionOptimizer.h: Added. New class that allows host
+        code to add a batch of properties to an object in an efficient way.
+
+        * kjs/JSActivation.cpp: Use isNull(), as above.
+
+        * kjs/JSArray.cpp: Get rid of DummyConstruct tag, as above.
+        * kjs/JSArray.h:
+
+        * kjs/JSGlobalData.cpp: Nixed two unused StructureIDs.
+        * kjs/JSGlobalData.h:
+
+        * kjs/JSImmediate.cpp: Use isNull(), as above.
+
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::mark): Moved mark tracing code elsewhere, to make this
+        function more readable.
+
+        (KJS::JSObject::put): Use isNull(), as above.
+
+        (KJS::JSObject::createInheritorID): Return a raw pointer, since the
+        object is owned by a data member, not necessarily the caller.
+        * kjs/JSObject.h:
+
+        * kjs/JSString.cpp: Use isNull(), as above.
+
+        * kjs/PropertyMap.h: Updated to use PropertySlot::invalidOffset.
+
+        * kjs/PropertySlot.h: Changed KJS_INVALID_OFFSET to WTF::notFound
+        because C macros are so 80's.
+
+        * kjs/PutPropertySlot.h: Added. Split out of PropertySlot.h. Also renamed
+        PutPropertySlot::SlotType to PutPropertySlot::Type, and slotBase to base,
+        since "slot" was redundant.
+
+        * kjs/StructureID.cpp: Added a new transition *away* from dictionary
+        status, to support BatchedTransitionOptimizer.
+
+        (KJS::StructureIDChain::StructureIDChain): No need to store m_size as
+        a data member, so keep it in a local, which might be faster.
+        * kjs/StructureID.h:
+
+        * kjs/SymbolTable.h: Moved IdentifierRepHash to KJS namespace, as above.
+        * kjs/ustring.h:
+
+2008-09-02  Adam Roben  <aroben@apple.com>
+
+        Windows build fixes
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add
+        StructureID.{cpp,h} to the project. Also let VS reorder this file.
+        * VM/CodeBlock.cpp: Include StringExtras so that snprintf will be
+        defined on Windows.
+
+2008-09-01  Sam Weinig  <sam@webkit.org>
+
+        Fix release build.
+
+        * JavaScriptCore.exp:
+
+2008-09-01  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Gtk buildfix
+
+        * GNUmakefile.am:
+        * kjs/PropertyMap.cpp: rename Identifier.h to identifier.h
+        * kjs/StructureID.cpp: include JSObject.h
+
+2008-09-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        First cut at inline caching for access to vanilla JavaScript properties.
+        
+        SunSpider says 4% faster. Tests heavy on dictionary-like access have
+        regressed a bit -- we have a lot of room to improve in this area,
+        but this patch is over-ripe as-is.
+        
+        JSCells now have a StructureID that uniquely identifies their layout,
+        and holds their prototype.
+        
+        JSValue::put takes a PropertySlot& argument, so it can fill in details
+        about where it put a value, for the sake of caching.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::CodeGenerator): Avoid calling removeDirect if we
+        can, since it disables inline caching in the global object. This can
+        probably improve in the future.
+
+        * kjs/JSGlobalObject.cpp: Nixed reset(), since it complicates caching, and
+        wasn't really necessary.
+
+        * kjs/JSObject.cpp: Tweaked getter / setter behavior not to rely on the
+        IsGetterSetter flag, since the flag was buggy. This is necessary in order
+        to avoid accidentally accessing a getter / setter as a normal property.
+        
+        Also changed getter / setter creation to honor ReadOnly, matching Mozilla.
+        
+        * kjs/PropertyMap.cpp: Nixed clear(), since it complicates caching and
+        isn't necessary.
+
+        * kjs/Shell.cpp: Moved SamplingTool dumping outside the loop. This allows
+        you to aggregate sampling of multiple files (or the same file repeatedly),
+        which helped me track down regressions.
+
+        * kjs/ustring.h: Moved IdentifierRepHash here to share it.
+
+2008-09-01  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Eagerly allocate the Math object's numeric constants. This avoids
+        constantly reallocating them in loops, and also ensures that the Math
+        object will not use the single property optimization, which makes
+        properties ineligible for caching.
+
+        SunSpider reports a small speedup, in combination with inline caching.
+
+        * kjs/MathObject.cpp:
+        (KJS::MathObject::MathObject):
+        (KJS::MathObject::getOwnPropertySlot):
+        * kjs/MathObject.h:
+
+2008-09-01  Jan Michael Alonzo  <jmalonzo@webkit.org>
+
+        Gtk build fix, not reviewed.
+
+        * GNUmakefile.am: Add SmallStrings.cpp in both release and debug builds
+
+2008-08-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej Stachowiak.
+
+        Bug 20577: REGRESSION (r36006): Gmail is broken
+        <https://bugs.webkit.org/show_bug.cgi?id=20577>
+
+        r36006 changed stringProtoFuncSubstr() so that it is uses the more
+        efficient jsSubstring(), rather than using UString::substr() and then
+        calling jsString(). However, the change did not account for the case
+        where the start and the length of the substring extend beyond the length
+        of the original string. This patch corrects that.
+
+        * kjs/StringPrototype.cpp:
+        (KJS::stringProtoFuncSubstr):
+
+2008-08-31  Simon Hausmann  <hausmann@wekit.org>
+
+        Unreviewed build fix (with gcc 4.3)
+
+        * kjs/ustring.h: Properly forward declare operator== for UString and
+        the the concatenate functions inside the KJS namespace.
+
+2008-08-30  Darin Adler  <darin@apple.com>
+
+        Reviewed by Maciej.
+
+        - https://bugs.webkit.org/show_bug.cgi?id=20333
+          improve JavaScript speed when handling single-character strings
+
+        1.035x as fast on SunSpider overall.
+        1.127x as fast on SunSpider string tests.
+        1.910x as fast on SunSpider string-base64 test.
+
+        * API/JSObjectRef.cpp:
+        (JSObjectMakeFunction): Removed unneeded explicit construction of UString.
+
+        * GNUmakefile.am: Added SmallStrings.h and SmallStrings.cpp.
+        * JavaScriptCore.pri: Ditto.
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        Ditto.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
+        * JavaScriptCoreSources.bkl: Ditto.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/Machine.cpp:
+        (KJS::jsAddSlowCase): Changed to use a code path that doesn't involve
+        a UString constructor. This avoids an extra jump caused by the "in charge"
+        vs. "not in charge" constructors.
+        (KJS::jsAdd): Ditto.
+        (KJS::jsTypeStringForValue): Adopted jsNontrivialString.
+
+        * kjs/ArrayPrototype.cpp:
+        (KJS::arrayProtoFuncToString): Adopted jsEmptyString.
+        (KJS::arrayProtoFuncToLocaleString): Ditto.
+        (KJS::arrayProtoFuncJoin): Ditto.
+        * kjs/BooleanPrototype.cpp:
+        (KJS::booleanProtoFuncToString): Adopted jsNontrivialString.
+        * kjs/DateConstructor.cpp:
+        (KJS::callDate): Ditto.
+        * kjs/DatePrototype.cpp:
+        (KJS::formatLocaleDate): Adopted jsEmptyString and jsNontrivialString.
+        (KJS::dateProtoFuncToString): Ditto.
+        (KJS::dateProtoFuncToUTCString): Ditto.
+        (KJS::dateProtoFuncToDateString): Ditto.
+        (KJS::dateProtoFuncToTimeString): Ditto.
+        (KJS::dateProtoFuncToLocaleString): Ditto.
+        (KJS::dateProtoFuncToLocaleDateString): Ditto.
+        (KJS::dateProtoFuncToLocaleTimeString): Ditto.
+        (KJS::dateProtoFuncToGMTString): Ditto.
+
+        * kjs/ErrorPrototype.cpp:
+        (KJS::ErrorPrototype::ErrorPrototype): Ditto.
+        (KJS::errorProtoFuncToString): Ditto.
+
+        * kjs/JSGlobalData.h: Added SmallStrings.
+
+        * kjs/JSString.cpp:
+        (KJS::jsString): Eliminated the overload that takes a const char*.
+        Added code to use SmallStrings to get strings of small sizes rather
+        than creating a new JSString every time.
+        (KJS::jsSubstring): Added. Used when creating a string from a substring
+        to avoid creating a JSString in cases where the substring will end up
+        empty or as one character.
+        (KJS::jsOwnedString): Added the same code as in jsString.
+
+        * kjs/JSString.h: Added new functions jsEmptyString, jsSingleCharacterString,
+        jsSingleCharacterSubstring, jsSubstring, and jsNontrivialString for various
+        cases where we want to create JSString, and want special handling for small
+        strings.
+        (KJS::JSString::JSString): Added an overload that takes a PassRefPtr of
+        a UString::Rep so you don't have to construct a UString; PassRefPtr can be
+        more efficient.
+        (KJS::jsEmptyString): Added.
+        (KJS::jsSingleCharacterString): Added.
+        (KJS::jsSingleCharacterSubstring): Added.
+        (KJS::jsNontrivialString): Added.
+        (KJS::JSString::getIndex): Adopted jsSingleCharacterSubstring.
+        (KJS::JSString::getStringPropertySlot): Ditto.
+
+        * kjs/NumberPrototype.cpp:
+        (KJS::numberProtoFuncToFixed): Adopted jsNontrivialString.
+        (KJS::numberProtoFuncToExponential): Ditto.
+        (KJS::numberProtoFuncToPrecision): Ditto.
+
+        * kjs/ObjectPrototype.cpp:
+        (KJS::objectProtoFuncToLocaleString): Adopted toThisJSString.
+        (KJS::objectProtoFuncToString): Adopted jsNontrivialString.
+
+        * kjs/RegExpConstructor.cpp: Separated the lastInput value that's used
+        with the lastOvector to return matches from the input value that can be
+        changed via JavaScript. They will be equal in many cases, but not all.
+        (KJS::RegExpConstructor::performMatch): Set input.
+        (KJS::RegExpMatchesArray::RegExpMatchesArray): Ditto.
+        (KJS::RegExpMatchesArray::fillArrayInstance): Adopted jsSubstring. Also,
+        use input rather than lastInput in the appropriate place.
+        (KJS::RegExpConstructor::getBackref): Adopted jsSubstring and jsEmptyString.
+        Added code to handle the case where there is no backref -- before this
+        depended on range checking in UString::substr which is not present in
+        jsSubstring.
+        (KJS::RegExpConstructor::getLastParen): Ditto.
+        (KJS::RegExpConstructor::getLeftContext): Ditto.
+        (KJS::RegExpConstructor::getRightContext): Ditto.
+        (KJS::RegExpConstructor::getValueProperty): Use input rather than lastInput.
+        Also adopt jsEmptyString.
+        (KJS::RegExpConstructor::putValueProperty): Ditto.
+        (KJS::RegExpConstructor::input): Ditto.
+
+        * kjs/RegExpPrototype.cpp:
+        (KJS::regExpProtoFuncToString): Adopt jsNonTrivialString. Also changed to
+        use UString::append to append single characters rather than using += and
+        a C-style string.
+
+        * kjs/SmallStrings.cpp: Added.
+        (KJS::SmallStringsStorage::SmallStringsStorage): Construct the
+        buffer and UString::Rep for all 256 single-character strings for
+        the U+0000 through U+00FF. This covers all the values used in
+        the base64 test as well as most values seen elsewhere on the web
+        as well. It's possible that later we might fix this to only work
+        for U+0000 through U+007F but the others are used quite a bit in
+        the current version of the base64 test.
+        (KJS::SmallStringsStorage::~SmallStringsStorage): Free memory.
+        (KJS::SmallStrings::SmallStrings): Create a set of small strings,
+        initially not created; created later when they are used.
+        (KJS::SmallStrings::~SmallStrings): Deallocate. Not left compiler
+        generated because the SmallStringsStorage class's destructor needs
+        to be visible.
+        (KJS::SmallStrings::mark): Mark all the strings.
+        (KJS::SmallStrings::createEmptyString): Create a cell for the
+        empty string. Called only the first time.
+        (KJS::SmallStrings::createSingleCharacterString): Create a cell
+        for one of the single-character strings. Called only the first time.
+        * kjs/SmallStrings.h: Added.
+
+        * kjs/StringConstructor.cpp:
+        (KJS::stringFromCharCodeSlowCase): Factored out of strinFromCharCode.
+        Only used for cases where the caller does not pass exactly one argument.
+        (KJS::stringFromCharCode): Adopted jsSingleCharacterString.
+        (KJS::callStringConstructor): Adopted jsEmptyString.
+
+        * kjs/StringObject.cpp:
+        (KJS::StringObject::StringObject): Adopted jsEmptyString.
+
+        * kjs/StringPrototype.cpp:
+        (KJS::stringProtoFuncReplace): Adopted jsSubstring.
+        (KJS::stringProtoFuncCharAt): Adopted jsEmptyString and
+        jsSingleCharacterSubstring and also added a special case when the
+        index is an immediate number to avoid conversion to and from floating
+        point, since that's the common case.
+        (KJS::stringProtoFuncCharCodeAt): Ditto.
+        (KJS::stringProtoFuncMatch): Adopted jsSubstring and jsEmptyString.
+        (KJS::stringProtoFuncSlice): Adopted jsSubstring and
+        jsSingleCharacterSubstring. Also got rid of some unneeded locals and
+        removed unneeded code to set the length property of the array, since it
+        is automatically updated as values are added to the array.
+        (KJS::stringProtoFuncSplit): Adopted jsEmptyString.
+        (KJS::stringProtoFuncSubstr): Adopted jsSubstring.
+        (KJS::stringProtoFuncSubstring): Ditto.
+
+        * kjs/collector.cpp:
+        (KJS::Heap::collect): Added a call to mark SmallStrings.
+
+        * kjs/ustring.cpp:
+        (KJS::UString::expandedSize): Made this a static member function since
+        it doesn't need to look at any data members.
+        (KJS::UString::expandCapacity): Use a non-inline function, makeNull, to
+        set the rep to null in failure cases. This avoids adding a PIC branch for
+        the normal case when there is no failure.
+        (KJS::UString::expandPreCapacity): Ditto.
+        (KJS::UString::UString): Ditto.
+        (KJS::concatenate): Refactored the concatenation constructor into this
+        separate function. Calling the concatenation constructor was leading to
+        an extra branch because of the in-charge vs. not-in-charge versions not
+        both being inlined, and this was showing up as nearly 1% on Shark. Also
+        added a special case for when the second string is a single character,
+        since it's a common idiom to build up a string that way and we can do
+        things much more quickly, without involving memcpy for example. Also
+        adopted the non-inline function, nullRep, for the same reason given for
+        makeNull above.
+        (KJS::UString::append): Adopted makeNull for failure cases.
+        (KJS::UString::operator=): Ditto.
+        (KJS::UString::toDouble): Added a special case for converting single
+        character strings to numbers. We're doing this a ton of times while
+        running the base64 test.
+        (KJS::operator==): Added special cases so we can compare single-character
+        strings without calling memcmp. Later we might want to special case other
+        short lengths similarly.
+        (KJS::UString::makeNull): Added.
+        (KJS::UString::nullRep): Added.
+        * kjs/ustring.h: Added declarations for the nullRep and makeNull. Changed
+        expandedSize to be a static member function. Added a declaration of the
+        concatenate function. Removed the concatenation constructor. Rewrote
+        operator+ to use the concatenate function.
+
+2008-08-29  Anders Carlsson  <andersca@apple.com>
+
+        Build fix.
+
+        * VM/Machine.cpp:
+        (KJS::getCPUTime):
+
+2008-08-29  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/6174667> 
+        When a machine is under heavy load, the Slow Script dialog often comes up many times and just gets in the way
+        
+        Instead of using clock time, use the CPU time spent executing the current thread when
+        determining if the script has been running for too long.
+        
+        * VM/Machine.cpp:
+        (KJS::getCPUTime):
+        (KJS::Machine::checkTimeout):
+
+2008-08-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Sam Weinig.
+
+        Change 'term' to 'expr' in variable names to standardize terminology.
+
+        * kjs/nodes.cpp:
+        (KJS::BinaryOpNode::emitCode):
+        (KJS::ReverseBinaryOpNode::emitCode):
+        (KJS::ThrowableBinaryOpNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::BinaryOpNode::BinaryOpNode):
+        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
+        (KJS::MultNode::):
+        (KJS::DivNode::):
+        (KJS::ModNode::):
+        (KJS::AddNode::):
+        (KJS::SubNode::):
+        (KJS::LeftShiftNode::):
+        (KJS::RightShiftNode::):
+        (KJS::UnsignedRightShiftNode::):
+        (KJS::LessNode::):
+        (KJS::GreaterNode::):
+        (KJS::LessEqNode::):
+        (KJS::GreaterEqNode::):
+        (KJS::ThrowableBinaryOpNode::):
+        (KJS::InstanceOfNode::):
+        (KJS::InNode::):
+        (KJS::EqualNode::):
+        (KJS::NotEqualNode::):
+        (KJS::StrictEqualNode::):
+        (KJS::NotStrictEqualNode::):
+        (KJS::BitAndNode::):
+        (KJS::BitOrNode::):
+        (KJS::BitXOrNode::):
+        * kjs/nodes2string.cpp:
+        (KJS::MultNode::streamTo):
+        (KJS::DivNode::streamTo):
+        (KJS::ModNode::streamTo):
+        (KJS::AddNode::streamTo):
+        (KJS::SubNode::streamTo):
+        (KJS::LeftShiftNode::streamTo):
+        (KJS::RightShiftNode::streamTo):
+        (KJS::UnsignedRightShiftNode::streamTo):
+        (KJS::LessNode::streamTo):
+        (KJS::GreaterNode::streamTo):
+        (KJS::LessEqNode::streamTo):
+        (KJS::GreaterEqNode::streamTo):
+        (KJS::InstanceOfNode::streamTo):
+        (KJS::InNode::streamTo):
+        (KJS::EqualNode::streamTo):
+        (KJS::NotEqualNode::streamTo):
+        (KJS::StrictEqualNode::streamTo):
+        (KJS::NotStrictEqualNode::streamTo):
+        (KJS::BitAndNode::streamTo):
+        (KJS::BitXOrNode::streamTo):
+        (KJS::BitOrNode::streamTo):
+
+2008-08-28  Alp Toker  <alp@nuanti.com>
+
+        GTK+ dist/build fix. List newly added header files.
+
+        * GNUmakefile.am:
+
+2008-08-28  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Oliver Hunt.
+
+        Change to throw a ReferenceError at runtime instead of a ParseError
+        at parse time, when the left hand side expression of a for-in statement
+        is not an lvalue.
+
+        * kjs/grammar.y:
+        * kjs/nodes.cpp:
+        (KJS::ForInNode::emitCode):
+
+2008-08-28  Alexey Proskuryakov  <ap@webkit.org>
+
+        Not reviewed, build fix (at least for OpenBSD, posssibly more).
+
+        https://bugs.webkit.org/show_bug.cgi?id=20545
+        missing #include <unistd.h> in JavaScriptCore/VM/SamplingTool.cpp
+
+        * VM/SamplingTool.cpp: add the missing include.
+
+2008-08-26  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff and Cameron.
+
+        <rdar://problem/6174603> Hitting assertion in Register::codeBlock when
+        loading facebook (20516).
+
+        - This was a result of my line numbers change.  After a host function is
+        called the stack does not get reset correctly.
+        - Oddly this also appears to be a slight speedup on SunSpider.
+
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+
+2008-08-26  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff and Tim.
+
+        Export new API methods.
+
+        * JavaScriptCore.exp:
+
+2008-08-25  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Geoff, Tim and Mark.
+
+        <rdar://problem/6150623> JSProfiler: It would be nice if the profiles
+        in the console said what file and line number they came from
+        - Lay the foundation for getting line numbers and other data from the
+        JavaScript engine.  With the cleanup in kjs/ExecState this is actually
+        a slight performance improvement.
+
+        * JavaScriptCore.exp: Export retrieveLastCaller() for WebCore.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * VM/Machine.cpp: Now Host and JS functions set a call frame on the
+        exec state, so this and the profiler code were pulled out of the
+        branches.
+        (KJS::Machine::privateExecute):
+        (KJS::Machine::retrieveLastCaller): This get's the lineNumber, sourceID
+        and sourceURL for the previously called function.
+        * VM/Machine.h:
+        * kjs/ExecState.cpp: Remove references to JSFunction since it's not used
+        anywhere.
+        * kjs/ExecState.h:
+
+2008-08-25  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Ensure that JSGlobalContextRelease() performs garbage collection, even if there are other
+        contexts in the current context's group.
+
+        This is only really necessary when the last reference is released, but there is no way to
+        determine that, and no harm in collecting slightly more often.
+
+        * API/JSContextRef.cpp: (JSGlobalContextRelease): Explicitly collect the heap if it is not
+        being destroyed.
+
+2008-08-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver Hunt.
+
+        Bug 20093: JSC shell does not clear exceptions after it executes toString on an expression
+        <https://bugs.webkit.org/show_bug.cgi?id=20093>
+
+        Clear exceptions after evaluating any code in the JSC shell. We do not
+        report exceptions that are caused by calling toString on the final
+        valued, but at least we avoid incorrect behaviour.
+
+        Also, print any exceptions that occurred while evaluating code at the
+        interactive prompt, not just while evaluating code from a file.
+
+        * kjs/Shell.cpp:
+        (runWithScripts):
+        (runInteractive):
+
+2008-08-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Remove an unnecessary RefPtr to a RegisterID.
+
+        * kjs/nodes.cpp:
+        (KJS::DeleteBracketNode::emitCode):
+
+2008-08-24  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        Use the correct version number for when JSGlobalContextCreate was introduced.
+
+        * API/JSContextRef.h:
+
+2008-08-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Rubber-stamped by Mark Rowe.
+
+        Remove modelines.
+
+        * API/APICast.h:
+        * API/JSBase.cpp:
+        * API/JSCallbackConstructor.cpp:
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackFunction.cpp:
+        * API/JSCallbackFunction.h:
+        * API/JSCallbackObject.cpp:
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        * API/JSClassRef.cpp:
+        * API/JSContextRef.cpp:
+        * API/JSObjectRef.cpp:
+        * API/JSProfilerPrivate.cpp:
+        * API/JSStringRef.cpp:
+        * API/JSStringRefBSTR.cpp:
+        * API/JSStringRefCF.cpp:
+        * API/JSValueRef.cpp:
+        * API/tests/JSNode.c:
+        * API/tests/JSNode.h:
+        * API/tests/JSNodeList.c:
+        * API/tests/JSNodeList.h:
+        * API/tests/Node.c:
+        * API/tests/Node.h:
+        * API/tests/NodeList.c:
+        * API/tests/NodeList.h:
+        * API/tests/minidom.c:
+        * API/tests/minidom.js:
+        * API/tests/testapi.c:
+        * API/tests/testapi.js:
+        * JavaScriptCore.pro:
+        * kjs/FunctionConstructor.h:
+        * kjs/FunctionPrototype.h:
+        * kjs/JSArray.h:
+        * kjs/JSString.h:
+        * kjs/JSWrapperObject.cpp:
+        * kjs/NumberConstructor.h:
+        * kjs/NumberObject.h:
+        * kjs/NumberPrototype.h:
+        * kjs/lexer.h:
+        * kjs/lookup.h:
+        * wtf/Assertions.cpp:
+        * wtf/Assertions.h:
+        * wtf/HashCountedSet.h:
+        * wtf/HashFunctions.h:
+        * wtf/HashIterators.h:
+        * wtf/HashMap.h:
+        * wtf/HashSet.h:
+        * wtf/HashTable.h:
+        * wtf/HashTraits.h:
+        * wtf/ListHashSet.h:
+        * wtf/ListRefPtr.h:
+        * wtf/Noncopyable.h:
+        * wtf/OwnArrayPtr.h:
+        * wtf/OwnPtr.h:
+        * wtf/PassRefPtr.h:
+        * wtf/Platform.h:
+        * wtf/RefPtr.h:
+        * wtf/RefPtrHashMap.h:
+        * wtf/RetainPtr.h:
+        * wtf/UnusedParam.h:
+        * wtf/Vector.h:
+        * wtf/VectorTraits.h:
+        * wtf/unicode/Unicode.h:
+        * wtf/unicode/icu/UnicodeIcu.h:
+
+2008-08-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Oliver.
+
+        Some cleanup to match our coding style.
+
+        * VM/CodeGenerator.h:
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * kjs/ExecState.cpp:
+        * kjs/ExecState.h:
+        * kjs/completion.h:
+        * kjs/identifier.cpp:
+        (KJS::Identifier::equal):
+        (KJS::CStringTranslator::hash):
+        (KJS::CStringTranslator::equal):
+        (KJS::CStringTranslator::translate):
+        (KJS::UCharBufferTranslator::equal):
+        (KJS::UCharBufferTranslator::translate):
+        (KJS::Identifier::remove):
+        * kjs/operations.h:
+
+2008-08-20  Alexey Proskuryakov  <ap@webkit.org>
+
+        Windows build fix.
+
+        * API/WebKitAvailability.h: Define DEPRECATED_ATTRIBUTE.
+
+2008-08-19  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        Bring back shared JSGlobalData and implicit locking, because too many clients rely on it.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::~JSGlobalData):
+        (KJS::JSGlobalData::JSGlobalData): Re-add shared instance.
+        (KJS::JSGlobalData::sharedInstanceExists): Ditto.
+        (KJS::JSGlobalData::sharedInstance): Ditto.
+        (KJS::JSGlobalData::sharedInstanceInternal): Ditto.
+
+        * API/JSContextRef.h: Deprecated JSGlobalContextCreate(). Added a very conservative
+        description of its threading model (nothing is allowed).
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Use shared JSGlobalData.
+        (JSGlobalContextCreateInGroup): Support passing NULL group to request a unique one.
+        (JSGlobalContextRetain): Added back locking.
+        (JSGlobalContextRelease): Ditto.
+        (JSContextGetGlobalObject): Ditto.
+
+        * API/tests/minidom.c: (main):
+        * API/tests/testapi.c: (main):
+        Switched to JSGlobalContextCreateInGroup() to avoid deprecation warnings.
+
+        * JavaScriptCore.exp: Re-added JSLock methods. Added JSGlobalContextCreateInGroup (d'oh!).
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        (JSGarbageCollect):
+        * API/JSCallbackConstructor.cpp:
+        (KJS::constructJSCallback):
+        * API/JSCallbackFunction.cpp:
+        (KJS::JSCallbackFunction::call):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::init):
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::construct):
+        (KJS::::hasInstance):
+        (KJS::::call):
+        (KJS::::getPropertyNames):
+        (KJS::::toNumber):
+        (KJS::::toString):
+        (KJS::::staticValueGetter):
+        (KJS::::callbackGetter):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectMakeFunctionWithCallback):
+        (JSObjectMakeConstructor):
+        (JSObjectMakeFunction):
+        (JSObjectHasProperty):
+        (JSObjectGetProperty):
+        (JSObjectSetProperty):
+        (JSObjectGetPropertyAtIndex):
+        (JSObjectSetPropertyAtIndex):
+        (JSObjectDeleteProperty):
+        (JSObjectCallAsFunction):
+        (JSObjectCallAsConstructor):
+        (JSObjectCopyPropertyNames):
+        (JSPropertyNameArrayRelease):
+        (JSPropertyNameAccumulatorAddName):
+        * API/JSValueRef.cpp:
+        (JSValueIsEqual):
+        (JSValueIsInstanceOfConstructor):
+        (JSValueMakeNumber):
+        (JSValueMakeString):
+        (JSValueToNumber):
+        (JSValueToStringCopy):
+        (JSValueToObject):
+        (JSValueProtect):
+        (JSValueUnprotect):
+        * ForwardingHeaders/JavaScriptCore/JSLock.h: Added.
+        * GNUmakefile.am:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        * kjs/AllInOneFile.cpp:
+        * kjs/JSGlobalData.h:
+        * kjs/JSGlobalObject.cpp:
+        (KJS::JSGlobalObject::~JSGlobalObject):
+        (KJS::JSGlobalObject::init):
+        * kjs/JSLock.cpp: Added.
+        (KJS::createJSLockCount):
+        (KJS::JSLock::lockCount):
+        (KJS::setLockCount):
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::lock):
+        (KJS::JSLock::unlock):
+        (KJS::JSLock::currentThreadIsHoldingLock):
+        (KJS::JSLock::DropAllLocks::DropAllLocks):
+        (KJS::JSLock::DropAllLocks::~DropAllLocks):
+        * kjs/JSLock.h: Added.
+        (KJS::JSLock::JSLock):
+        (KJS::JSLock::~JSLock):
+        * kjs/Shell.cpp:
+        (functionGC):
+        (jscmain):
+        * kjs/collector.cpp:
+        (KJS::Heap::~Heap):
+        (KJS::Heap::heapAllocate):
+        (KJS::Heap::setGCProtectNeedsLocking):
+        (KJS::Heap::protect):
+        (KJS::Heap::unprotect):
+        (KJS::Heap::collect):
+        * kjs/identifier.cpp:
+        * kjs/interpreter.cpp:
+        (KJS::Interpreter::checkSyntax):
+        (KJS::Interpreter::evaluate):
+        Re-added implicit locking.
+
+2008-08-19  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim and Mark.
+
+        Implement DTrace hooks for dashcode and instruments.
+
+        * API/JSProfilerPrivate.cpp: Added. Expose SPI so that profiling can be
+        turned on from a client.  The DTrace probes were added within the
+        profiler mechanism for performance reasons so the profiler must be
+        started to enable tracing.
+        (JSStartProfiling):
+        (JSEndProfiling):
+        * API/JSProfilerPrivate.h: Added. Ditto.
+        * JavaScriptCore.exp: Exposing the start/stop methods to clients.
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * kjs/Tracing.d: Define the DTrace probes.
+        * kjs/Tracing.h: Ditto.
+        * profiler/ProfileGenerator.cpp: Implement the DTrace probes in the
+        profiler.
+        (KJS::ProfileGenerator::willExecute):
+        (KJS::ProfileGenerator::didExecute):
+
+2008-08-19  Steve Falkenburg  <sfalken@apple.com>
+
+        Build fix.
+        
+        * kjs/operations.cpp:
+        (KJS::equal):
+
+2008-08-18  Timothy Hatcher  <timothy@apple.com>
+
+        Fix an assertion when generating a heavy profile because the
+        empty value and deleted value of CallIdentifier where equal.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20439
+
+        Reviewed by Dan Bernstein.
+
+        * profiler/CallIdentifier.h: Make the emptyValue for CallIdentifier
+        use empty strings for URL and function name.
+
+2008-08-12  Darin Adler  <darin@apple.com>
+
+        Reviewed by Geoff.
+
+        - eliminate JSValue::type()
+
+        This will make it slightly easier to change the JSImmediate design without
+        having to touch so many call sites.
+
+        SunSpider says this change is a wash (looked like a slight speedup, but not
+        statistically significant).
+
+        * API/JSStringRef.cpp: Removed include of JSType.h.
+        * API/JSValueRef.cpp: Removed include of JSType.h.
+        (JSValueGetType): Replaced use of JSValue::type() with
+        JSValue::is functions.
+
+        * JavaScriptCore.exp: Updated.
+
+        * VM/JSPropertyNameIterator.cpp: Removed type() implementation.
+        (KJS::JSPropertyNameIterator::toPrimitive): Changed to take
+        PreferredPrimitiveType argument instead of JSType.
+        * VM/JSPropertyNameIterator.h: Ditto.
+
+        * VM/Machine.cpp:
+        (KJS::fastIsNumber): Updated for name change.
+        (KJS::fastToInt32): Ditto.
+        (KJS::fastToUInt32): Ditto.
+        (KJS::jsAddSlowCase): Updated toPrimitive caller for change from
+        JSType to PreferredPrimitiveType.
+        (KJS::jsAdd): Replaced calls to JSValue::type() with calls to
+        JSValue::isString().
+        (KJS::jsTypeStringForValue): Replaced calls to JSValue::type()
+        with multiple calls to JSValue::is -- we could make this a
+        virtual function instead if we want to have faster performance.
+        (KJS::Machine::privateExecute): Renamed JSImmediate::toTruncatedUInt32
+        to JSImmediate::getTruncatedUInt32 for consistency with other functions.
+        Changed two calls of JSValue::type() to JSValue::isString().
+
+        * kjs/GetterSetter.cpp:
+        (KJS::GetterSetter::toPrimitive): Changed to take
+        PreferredPrimitiveType argument instead of JSType.
+        (KJS::GetterSetter::isGetterSetter): Added.
+        * kjs/GetterSetter.h:
+
+        * kjs/JSCell.cpp:
+        (KJS::JSCell::isString): Added.
+        (KJS::JSCell::isGetterSetter): Added.
+        (KJS::JSCell::isObject): Added.
+
+        * kjs/JSCell.h: Eliminated type function. Added isGetterSetter.
+        Made isString and isObject virtual. Changed toPrimitive to take
+        PreferredPrimitiveType argument instead of JSType.
+        (KJS::JSCell::isNumber): Use Heap::isNumber for faster performance.
+        (KJS::JSValue::isGetterSetter): Added.
+        (KJS::JSValue::toPrimitive): Changed to take
+        PreferredPrimitiveType argument instead of JSType.
+
+        * kjs/JSImmediate.h: Removed JSValue::type() and replaced
+        JSValue::toTruncatedUInt32 with JSValue::getTruncatedUInt32.
+        (KJS::JSImmediate::isEitherImmediate): Added.
+
+        * kjs/JSNotAnObject.cpp:
+        (KJS::JSNotAnObject::toPrimitive): Changed to take
+        PreferredPrimitiveType argument instead of JSType.
+        * kjs/JSNotAnObject.h: Ditto.
+        * kjs/JSNumberCell.cpp:
+        (KJS::JSNumberCell::toPrimitive): Ditto.
+        * kjs/JSNumberCell.h:
+        (KJS::JSNumberCell::toInt32): Renamed from fastToInt32. There's no
+        other "slow" version of this once you have a JSNumberCell, so there's
+        no need for "fast" in the name. It's a feature that this hides the
+        base class toInt32, which does the same job less efficiently (and has
+        an additional ExecState argument).
+        (KJS::JSNumberCell::toUInt32): Ditto.
+
+        * kjs/JSObject.cpp:
+        (KJS::callDefaultValueFunction): Use isGetterSetter instead of type.
+        (KJS::JSObject::getPrimitiveNumber): Use PreferredPrimitiveType.
+        (KJS::JSObject::defaultValue): Ditto.
+        (KJS::JSObject::defineGetter): Use isGetterSetter.
+        (KJS::JSObject::defineSetter): Ditto.
+        (KJS::JSObject::lookupGetter): Ditto.
+        (KJS::JSObject::lookupSetter): Ditto.
+        (KJS::JSObject::toNumber): Use PreferredPrimitiveType.
+        (KJS::JSObject::toString): Ditto.
+        (KJS::JSObject::isObject): Added.
+
+        * kjs/JSObject.h:
+        (KJS::JSObject::inherits): Call the isObject from JSCell; it's now
+        hidden by our override of isObject.
+        (KJS::JSObject::getOwnPropertySlotForWrite): Use isGetterSetter
+        instead of type.
+        (KJS::JSObject::getOwnPropertySlot): Ditto.
+        (KJS::JSObject::toPrimitive): Use PreferredPrimitiveType.
+
+        * kjs/JSString.cpp:
+        (KJS::JSString::toPrimitive): Use PreferredPrimitiveType.
+        (KJS::JSString::isString): Added.
+        * kjs/JSString.h: Ditto.
+
+        * kjs/JSValue.h: Removed type(), added isGetterSetter(). Added
+        PreferredPrimitiveType enum and used it as the argument for the
+        toPrimitive function.
+        (KJS::JSValue::getBoolean): Simplified a bit an removed a branch.
+
+        * kjs/collector.cpp:
+        (KJS::typeName): Changed to use JSCell::is functions instead of
+        calling JSCell::type.
+
+        * kjs/collector.h:
+        (KJS::Heap::isNumber): Renamed from fastIsNumber.
+
+        * kjs/nodes.h: Added now-needed include of JSType, since the type
+        is used here to record types of values in the tree.
+
+        * kjs/operations.cpp:
+        (KJS::equal): Rewrote to no longer depend on type().
+        (KJS::strictEqual): Ditto.
+
+2008-08-18  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        If there are no nodes in a profile all the time should be attributed to
+        (idle)
+
+        * profiler/Profile.cpp: If ther are no nodes make sure we still process
+        the head.
+        (KJS::Profile::forEach):
+        * profiler/ProfileGenerator.cpp: Remove some useless code.
+        (KJS::ProfileGenerator::stopProfiling):
+
+2008-08-18  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Maciej.
+
+        Make JSGlobalContextRetain/Release actually work.
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextRetain):
+        (JSGlobalContextRelease):
+        Ref/deref global data to give checking for globalData.refCount() some sense.
+
+        * API/tests/testapi.c: (main): Added a test for this bug.
+
+        * kjs/JSGlobalData.cpp:
+        (KJS::JSGlobalData::~JSGlobalData):
+        While checking for memory leaks, found that JSGlobalData::emptyList has changed to
+        a pointer, but it was not destructed, causing a huge leak in run-webkit-tests --threaded.
+
+2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Change the counting of constants so that preincrement and predecrement of
+        const local variables are considered unexpected loads.
+
+        * kjs/nodes.cpp:
+        (KJS::PrefixResolveNode::emitCode):
+        * kjs/nodes.h:
+        (KJS::ScopeNode::neededConstants):
+
+2008-08-17  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        <rdar://problem/6150322> In Gmail, a crash occurs at KJS::Machine::privateExecute() when applying list styling to text after a quote had been removed
+        <https://bugs.webkit.org/show_bug.cgi?id=20386>
+
+        This crash was caused by "depth()" incorrectly determining the scope depth 
+        of a 0 depth function without a full scope chain.  Because such a function
+        would not have an activation the depth function would return the scope depth
+        of the parent frame, thus triggering an incorrect unwind.  Any subsequent 
+        look up that walked the scope chain would result in incorrect behaviour,
+        leading to a crash or incorrect variable resolution.  This can only actually
+        happen in try...finally statements as that's the only path that can result in
+        the need to unwind the scope chain, but not force the function to need a
+        full scope chain.
+
+        The fix is simply to check for this case before attempting to walk the scope chain.
+
+        * VM/Machine.cpp:
+        (KJS::depth):
+        (KJS::Machine::throwException):
+
+2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Maciej.
+
+        Bug 20419: Remove op_jless
+        <https://bugs.webkit.org/show_bug.cgi?id=20419>
+
+        Remove op_jless, which is rarely used now that we have op_loop_if_less.
+
+        * VM/CodeBlock.cpp:
+        (KJS::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::emitJumpIfTrue):
+        * VM/Machine.cpp:
+        (KJS::Machine::privateExecute):
+        * VM/Opcode.h:
+
+2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
+
+        Reviewed by Dan Bernstein.
+
+        Fix a typo in r35807 that is also causing build failures for
+        non-AllInOne builds.
+
+        * kjs/NumberConstructor.cpp:
+
+2008-08-17  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Cameron Zwarich.
+
+        Made room for a free word in JSCell.
+        
+        SunSpider says no change.
+        
+        I changed JSCallbackObjectData, Arguments, JSArray, and RegExpObject to
+        store auxiliary data in a secondary structure.
+
+        I changed InternalFunction to store the function's name in the property
+        map.
+        
+        I changed JSGlobalObjectData to use a virtual destructor, so WebCore's
+        JSDOMWindowBaseData could inherit from it safely. (It's a strange design
+        for JSDOMWindowBase to allocate an object that JSGlobalObject deletes,
+        but that's really our only option, given the size constraint.)
+        
+        I also added a bunch of compile-time ASSERTs, and removed lots of comments
+        in JSObject.h because they were often out of date, and they got in the
+        way of reading what was actually going on.
+        
+        Also renamed JSArray::getLength to JSArray::length, to match our style
+        guidelines.
+
+2008-08-16  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Sped up property access for array.length and string.length by adding a
+        mechanism for returning a temporary value directly instead of returning
+        a pointer to a function that retrieves the value.
+        
+        Also removed some unused cruft from PropertySlot.
+        
+        SunSpider says 0.5% - 1.2% faster.
+
+        NOTE: This optimization is not a good idea in general, because it's
+        actually a pessimization in the case of resolve for assignment,
+        and it may get in the way of other optimizations in the future.
+        
+2008-08-16  Dan Bernstein  <mitz@apple.com>
+
+        Reviewed by Geoffrey Garen.
+
+        Disable dead code stripping in debug builds.
+
+        * Configurations/Base.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+2008-08-15  Mark Rowe  <mrowe@apple.com>
+
+        Reviewed by Oliver Hunt.
+
+        <rdar://problem/6143072> FastMallocZone's enumeration code makes assumptions about handling of remote memory regions that overlap
+
+        * wtf/FastMalloc.cpp:
+        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Don't directly compare pointers mapped into the local process with
+        a pointer that has not been mapped.  Instead, calculate a local address for the pointer and compare with that.
+        (WTF::TCMallocStats::FreeObjectFinder::findFreeObjects): Pass in the remote address of the central free list so that it can
+        be used when calculating local addresses.
+        (WTF::TCMallocStats::FastMallocZone::enumerate): Ditto.
+
+2008-08-15  Mark Rowe  <mrowe@apple.com>
+
+        Rubber-stamped by Geoff Garen.
+
+        <rdar://problem/6139914> Please include a _debug version of JavaScriptCore framework
+
+        * Configurations/Base.xcconfig: Factor out the debug-only settings so that they can shared
+        between the Debug configuration and debug Production variant.
+        * JavaScriptCore.xcodeproj/project.pbxproj: Enable the debug variant.
+
+2008-08-15  Mark Rowe  <mrowe@apple.com>
+
+        Fix the 64-bit build.
+
+        Add extra cast to avoid warnings about loss of precision when casting from
+        JSValue* to an integer type.
+
+        * kjs/JSImmediate.h:
+        (KJS::JSImmediate::intValue):
+        (KJS::JSImmediate::uintValue):
+
+2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Still fixing Windows build.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Added OpaqueJSString
+        to yet another place.
+
+2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Trying to fix non-Apple builds.
+
+        * ForwardingHeaders/JavaScriptCore/OpaqueJSString.h: Added.
+
+2008-08-15  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Allow JSImmediate to hold 31 bit signed integer immediate values.  The low two bits of a
+        JSValue* are a tag, with the tag value 00 indicating the JSValue* is a pointer to a
+        JSCell.  Non-zero tag values used to indicate that the JSValue* is not a real pointer,
+        but instead holds an immediate value encoded within the pointer.  This patch changes the
+        encoding so both the tag values 01 and 11 indicate the value is a signed integer, allowing
+        a 31 bit value to be stored.  All other immediates are tagged with the value 10, and
+        distinguished by a secondary tag.
+
+        Roughly +2% on SunSpider.
+
+        * kjs/JSImmediate.h: Encoding of JSImmediates has changed - see comment at head of file for
+                             descption of new layout.
+
+2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        More build fixes.
+
+        * API/OpaqueJSString.h: Add a namespace to friend declaration to appease MSVC.
+        * API/JSStringRefCF.h: (JSStringCreateWithCFString) Cast UniChar* to UChar* explicitly.
+        * JavaScriptCore.exp: Added OpaqueJSString::create(const KJS::UString&) to fix WebCore build.
+
+2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj: Marked OpaqueJSString as private
+
+        * kjs/identifier.cpp:
+        (KJS::Identifier::checkSameIdentifierTable):
+        * kjs/identifier.h:
+        (KJS::Identifier::add):
+        Since checkSameIdentifierTable is exported for debug build's sake, gcc wants it to be
+        non-inline in release builds, too.
+
+        * JavaScriptCore.exp: Don't export inline OpaqueJSString destructor.
+
+2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Geoff Garen.
+
+        JSStringRef is created context-free, but can get linked to one via an identifier table,
+        breaking an implicit API contract.
+
+        Made JSStringRef point to OpaqueJSString, which is a new string object separate from UString.
+
+        * API/APICast.h: Removed toRef/toJS conversions for JSStringRef, as this is no longer a
+        simple typecast.
+
+        * kjs/identifier.cpp:
+        (KJS::Identifier::checkSameIdentifierTable):
+        * kjs/identifier.h:
+        (KJS::Identifier::add):
+        (KJS::UString::checkSameIdentifierTable):
+        Added assertions to verify that an identifier is not being added to a different JSGlobalData.
+
+        * API/JSObjectRef.cpp:
+        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray): Changed OpaqueJSPropertyNameArray to
+        hold JSStringRefs. This is necessary to avoid having to construct (and leak) a new instance
+        in JSPropertyNameArrayGetNameAtIndex(), now that making a JSStringRef is not just a typecast.
+
+        * API/OpaqueJSString.cpp: Added.
+        (OpaqueJSString::create):
+        (OpaqueJSString::ustring):
+        (OpaqueJSString::identifier):
+        * API/OpaqueJSString.h: Added.
+        (OpaqueJSString::create):
+        (OpaqueJSString::characters):
+        (OpaqueJSString::length):
+        (OpaqueJSString::OpaqueJSString):
+        (OpaqueJSString::~OpaqueJSString):
+
+        * API/JSBase.cpp:
+        (JSEvaluateScript):
+        (JSCheckScriptSyntax):
+        * API/JSCallbackObjectFunctions.h:
+        (KJS::::getOwnPropertySlot):
+        (KJS::::put):
+        (KJS::::deleteProperty):
+        (KJS::::staticValueGetter):
+        (KJS::::callbackGetter):
+        * API/JSStringRef.cpp:
+        (JSStringCreateWithCharacters):
+        (JSStringCreateWithUTF8CString):
+        (JSStringRetain):
+        (JSStringRelease):
+        (JSStringGetLength):
+        (JSStringGetCharactersPtr):
+        (JSStringGetMaximumUTF8CStringSize):
+        (JSStringGetUTF8CString):
+        (JSStringIsEqual):
+        * API/JSStringRefCF.cpp:
+        (JSStringCreateWithCFString):
+        (JSStringCopyCFString):
+        * API/JSValueRef.cpp:
+        (JSValueMakeString):
+        (JSValueToStringCopy):
+        Updated to use OpaqueJSString.
+
+        * GNUmakefile.am:
+        * JavaScriptCore.exp:
+        * JavaScriptCore.pri:
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * JavaScriptCoreSources.bkl:
+        Added OpaqueJSString.
+
+2008-08-14  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Tim.
+
+        <rdar://problem/6115819> Notify of profile in console
+        - Profiles now have a unique ID so that they can be linked to the
+        console message that announces that a profile completed.
+
+        * profiler/HeavyProfile.cpp: 
+        (KJS::HeavyProfile::HeavyProfile):
+        * profiler/Profile.cpp:
+        (KJS::Profile::create):
+        (KJS::Profile::Profile):
+        * profiler/Profile.h:
+        (KJS::Profile::uid):
+        * profiler/ProfileGenerator.cpp:
+        (KJS::ProfileGenerator::create):
+        (KJS::ProfileGenerator::ProfileGenerator):
+        * profiler/ProfileGenerator.h:
+        * profiler/Profiler.cpp:
+        (KJS::Profiler::startProfiling):
+        * profiler/TreeProfile.cpp:
+        (KJS::TreeProfile::create):
+        (KJS::TreeProfile::TreeProfile):
+        * profiler/TreeProfile.h:
+
+2008-08-13  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Oliver Hunt.
+        
+        Nixed a PIC branch from JSObject::getOwnPropertySlot, by forcing
+        fillGetterProperty, which references a global function pointer,
+        out-of-line.
+        
+        .2% SunSpider speedup, 4.3% access-nbody speedup, 8.7% speedup on a
+        custom property access benchmark for objects with one property.
+
+        * kjs/JSObject.cpp:
+        (KJS::JSObject::fillGetterPropertySlot):
+
+2008-08-13  Alp Toker  <alp@nuanti.com>
+
+        Reviewed by Eric Seidel.
+
+        https://bugs.webkit.org/show_bug.cgi?id=20349
+        WTF::initializeThreading() fails if threading is already initialized
+
+        Fix threading initialization logic to support cases where
+        g_thread_init() has already been called elsewhere.
+
+        Resolves database-related crashers reported in several applications.
+
+        * wtf/ThreadingGtk.cpp:
+        (WTF::initializeThreading):
+
+2008-08-13  Brad Hughes <bhughes@trolltech.com>
+
+        Reviewed by Simon.
+
+        Fix compiling of QtWebKit in release mode with the Intel C++ Compiler for Linux
+
+        The latest upgrade of the intel compiler allows us to compile all of
+        Qt with optimizations enabled (yay!).
+
+        * JavaScriptCore.pro:
+
+2008-08-12  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Geoff Garen.
+
+        Add peephole optimisation to 'op_not... jfalse...' (eg. if(!...) )
+
+        This is a very slight win in sunspider, and a fairly substantial win
+        in hot code that does if(!...), etc.
+
+        * VM/CodeGenerator.cpp:
+        (KJS::CodeGenerator::retrieveLastUnaryOp):
+        (KJS::CodeGenerator::rewindBinaryOp):
+        (KJS::CodeGenerator::rewindUnaryOp):
+        (KJS::CodeGenerator::emitJumpIfFalse):
+        * VM/CodeGenerator.h:
+
+2008-08-12  Dan Bernstein  <mitz@apple.com>
+
+        - JavaScriptCore part of <rdar://problem/6121636>
+          Make fast*alloc() abort() on failure and add "try" variants that
+          return NULL on failure.
+
+        Reviewed by Darin Adler.
+
+        * JavaScriptCore.exp: Exported tryFastCalloc().
+        * VM/RegisterFile.h:
+        (KJS::RegisterFile::RegisterFile): Removed an ASSERT().
+        * kjs/JSArray.cpp:
+        (KJS::JSArray::putSlowCase): Changed to use tryFastRealloc().
+        (KJS::JSArray::increaseVectorLength): Ditto.
+        * kjs/ustring.cpp:
+        (KJS::allocChars): Changed to use tryFastMalloc().
+        (KJS::reallocChars): Changed to use tryFastRealloc().
+        * wtf/FastMalloc.cpp:
+        (WTF::fastZeroedMalloc): Removed null checking of fastMalloc()'s result
+        and removed extra call to InvokeNewHook().
+        (WTF::tryFastZeroedMalloc): Added. Uses tryFastMalloc().
+        (WTF::tryFastMalloc): Renamed fastMalloc() to this.
+        (WTF::fastMalloc): Added. This version abort()s if allocation fails.
+        (WTF::tryFastCalloc): Renamed fastCalloc() to this.
+        (WTF::fastCalloc): Added. This version abort()s if allocation fails.
+        (WTF::tryFastRealloc): Renamed fastRealloc() to this.
+        (WTF::fastRealloc): Added. This version abort()s if allocation fails.
+        (WTF::do_malloc): Made this a function template. When the abortOnFailure
+        template parameter is set, the function abort()s on failure to allocate.
+        Otherwise, it sets errno to ENOMEM and returns zero.
+        (WTF::TCMallocStats::fastMalloc): Defined to abort() on failure.
+        (WTF::TCMallocStats::tryFastMalloc): Added. Does not abort() on
+        failure.
+        (WTF::TCMallocStats::fastCalloc): Defined to abort() on failure.
+        (WTF::TCMallocStats::tryFastCalloc): Added. Does not abort() on
+        failure.
+        (WTF::TCMallocStats::fastRealloc): Defined to abort() on failure.
+        (WTF::TCMallocStats::tryFastRealloc): Added. Does not abort() on
+        failure.
+        * wtf/FastMalloc.h: Declared the "try" variants.
+
+2008-08-11  Adam Roben  <aroben@apple.com>
+
+        Move WTF::notFound into its own header so that it can be used
+        independently of Vector
+
+        Rubberstamped by Darin Adler.
+
+        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        Added NotFound.h to the project.
+        * wtf/NotFound.h: Added. Moved the notFound constant here...
+        * wtf/Vector.h: ...from here.
+
+2008-08-11  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Mark Rowe.
+
+        <rdar://problem/6130393> REGRESSION: PhotoBooth hangs after launching under TOT Webkit
+
+        * API/JSContextRef.cpp: (JSGlobalContextRelease): Corrected a comment.
+
+        * kjs/collector.cpp: (KJS::Heap::~Heap): Ensure that JSGlobalData is not deleted while
+        sweeping the heap.
+
+== Rolled over to ChangeLog-2008-08-10 ==
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/DerivedSources.make b/src/3rdparty/javascriptcore/JavaScriptCore/DerivedSources.make
new file mode 100644
index 000000000..9eaccab4b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/DerivedSources.make
@@ -0,0 +1,76 @@
+# Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1.  Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer. 
+# 2.  Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in the
+#     documentation and/or other materials provided with the distribution. 
+# 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+#     its contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission. 
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+VPATH = \
+    $(JavaScriptCore) \
+    $(JavaScriptCore)/parser \
+    $(JavaScriptCore)/pcre \
+    $(JavaScriptCore)/docs \
+    $(JavaScriptCore)/runtime \
+    $(JavaScriptCore)/interpreter \
+    $(JavaScriptCore)/jit \
+#
+
+.PHONY : all
+all : \
+    ArrayPrototype.lut.h \
+    chartables.c \
+    DatePrototype.lut.h \
+    Grammar.cpp \
+    JSONObject.lut.h \
+    Lexer.lut.h \
+    MathObject.lut.h \
+    NumberConstructor.lut.h \
+    RegExpConstructor.lut.h \
+    RegExpObject.lut.h \
+    StringPrototype.lut.h \
+    docs/bytecode.html \
+#
+
+# lookup tables for classes
+
+%.lut.h: create_hash_table %.cpp
+	$^ -i > $@
+Lexer.lut.h: create_hash_table Keywords.table
+	$^ > $@
+
+# JavaScript language grammar
+
+Grammar.cpp: Grammar.y
+	bison -d -p jscyy $< -o $@ > bison_out.txt 2>&1
+	perl -p -e 'END { if ($$conflict) { unlink "Grammar.cpp"; die; } } $$conflict ||= /conflict/' < bison_out.txt
+	touch Grammar.cpp.h
+	touch Grammar.hpp
+	cat Grammar.cpp.h Grammar.hpp > Grammar.h
+	rm -f Grammar.cpp.h Grammar.hpp bison_out.txt
+
+# character tables for PCRE
+
+chartables.c : dftables
+	$^ $@
+
+docs/bytecode.html: make-bytecode-docs.pl Interpreter.cpp 
+	perl $^ $@
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/APICast.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/APICast.h
new file mode 100644
index 000000000..06b566b90
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/APICast.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/APICast.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSBase.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSBase.h
new file mode 100644
index 000000000..25b2aa441
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSBase.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSBase.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSContextRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSContextRef.h
new file mode 100644
index 000000000..f7e57be83
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSContextRef.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSContextRef.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSObjectRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSObjectRef.h
new file mode 100644
index 000000000..77137223d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSObjectRef.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSObjectRef.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSRetainPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSRetainPtr.h
new file mode 100644
index 000000000..e048d3475
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSRetainPtr.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSRetainPtr.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRef.h
new file mode 100644
index 000000000..d32e0c734
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRef.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSStringRef.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRefCF.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRefCF.h
new file mode 100644
index 000000000..11ae723e7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSStringRefCF.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSStringRefCF.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSValueRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSValueRef.h
new file mode 100644
index 000000000..718628750
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JSValueRef.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JSValueRef.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScript.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScript.h
new file mode 100644
index 000000000..ab90c6d75
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScript.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JavaScript.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScriptCore.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScriptCore.h
new file mode 100644
index 000000000..7dc8e0804
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/JavaScriptCore.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/JavaScriptCore.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/OpaqueJSString.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/OpaqueJSString.h
new file mode 100644
index 000000000..51e029e4a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/OpaqueJSString.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/OpaqueJSString.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/WebKitAvailability.h b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/WebKitAvailability.h
new file mode 100644
index 000000000..0c58890bd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ForwardingHeaders/JavaScriptCore/WebKitAvailability.h
@@ -0,0 +1 @@
+#include <JavaScriptCore/API/WebKitAvailability.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/Info.plist b/src/3rdparty/javascriptcore/JavaScriptCore/Info.plist
new file mode 100644
index 000000000..17949b026
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/Info.plist
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundleGetInfoString</key>
+	<string>${BUNDLE_VERSION}, Copyright 2003-2009 Apple Inc.; Copyright 1999-2001 Harri Porten &lt;porten@kde.org&gt;; Copyright 2001 Peter Kelly &lt;pmk@post.com&gt;; Copyright 1997-2005 University of Cambridge; Copyright 1991, 2000, 2001 by Lucent Technologies.</string>
+	<key>CFBundleIdentifier</key>
+	<string>com.apple.${PRODUCT_NAME}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>${SHORT_VERSION_STRING}</string>
+	<key>CFBundleVersion</key>
+	<string>${BUNDLE_VERSION}</string>
+</dict>
+</plist>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.gypi b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.gypi
new file mode 100644
index 000000000..15a0c0f5f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.gypi
@@ -0,0 +1,457 @@
+{
+    'variables': {
+        'javascriptcore_files': [
+            'AllInOneFile.cpp',
+            'API/APICast.h',
+            'API/JavaScript.h',
+            'API/JavaScriptCore.h',
+            'API/JSBase.cpp',
+            'API/JSBase.h',
+            'API/JSBasePrivate.h',
+            'API/JSCallbackConstructor.cpp',
+            'API/JSCallbackConstructor.h',
+            'API/JSCallbackFunction.cpp',
+            'API/JSCallbackFunction.h',
+            'API/JSCallbackObject.cpp',
+            'API/JSCallbackObject.h',
+            'API/JSCallbackObjectFunctions.h',
+            'API/JSClassRef.cpp',
+            'API/JSClassRef.h',
+            'API/JSContextRef.cpp',
+            'API/JSContextRef.h',
+            'API/JSObjectRef.cpp',
+            'API/JSObjectRef.h',
+            'API/JSProfilerPrivate.cpp',
+            'API/JSProfilerPrivate.h',
+            'API/JSRetainPtr.h',
+            'API/JSStringRef.cpp',
+            'API/JSStringRef.h',
+            'API/JSStringRefBSTR.cpp',
+            'API/JSStringRefBSTR.h',
+            'API/JSStringRefCF.cpp',
+            'API/JSStringRefCF.h',
+            'API/JSValueRef.cpp',
+            'API/JSValueRef.h',
+            'API/OpaqueJSString.cpp',
+            'API/OpaqueJSString.h',
+            'API/tests/JSNode.h',
+            'API/tests/JSNodeList.h',
+            'API/tests/Node.h',
+            'API/tests/NodeList.h',
+            'API/WebKitAvailability.h',
+            'assembler/AbstractMacroAssembler.h',
+            'assembler/ARMv7Assembler.h',
+            'assembler/AssemblerBuffer.h',
+            'assembler/CodeLocation.h',
+            'assembler/MacroAssembler.h',
+            'assembler/MacroAssemblerARMv7.h',
+            'assembler/MacroAssemblerCodeRef.h',
+            'assembler/MacroAssemblerX86.h',
+            'assembler/MacroAssemblerX86_64.h',
+            'assembler/MacroAssemblerX86Common.h',
+            'assembler/X86Assembler.h',
+            'bytecode/CodeBlock.cpp',
+            'bytecode/CodeBlock.h',
+            'bytecode/EvalCodeCache.h',
+            'bytecode/Instruction.h',
+            'bytecode/JumpTable.cpp',
+            'bytecode/JumpTable.h',
+            'bytecode/Opcode.cpp',
+            'bytecode/Opcode.h',
+            'bytecode/SamplingTool.cpp',
+            'bytecode/SamplingTool.h',
+            'bytecode/StructureStubInfo.cpp',
+            'bytecode/StructureStubInfo.h',
+            'bytecompiler/BytecodeGenerator.cpp',
+            'bytecompiler/BytecodeGenerator.h',
+            'bytecompiler/Label.h',
+            'bytecompiler/LabelScope.h',
+            'bytecompiler/RegisterID.h',
+            'config.h',
+            'debugger/Debugger.cpp',
+            'debugger/Debugger.h',
+            'debugger/DebuggerActivation.cpp',
+            'debugger/DebuggerActivation.h',
+            'debugger/DebuggerCallFrame.cpp',
+            'debugger/DebuggerCallFrame.h',
+            'icu/unicode/parseerr.h',
+            'icu/unicode/platform.h',
+            'icu/unicode/putil.h',
+            'icu/unicode/uchar.h',
+            'icu/unicode/ucnv.h',
+            'icu/unicode/ucnv_err.h',
+            'icu/unicode/ucol.h',
+            'icu/unicode/uconfig.h',
+            'icu/unicode/uenum.h',
+            'icu/unicode/uiter.h',
+            'icu/unicode/uloc.h',
+            'icu/unicode/umachine.h',
+            'icu/unicode/unorm.h',
+            'icu/unicode/urename.h',
+            'icu/unicode/uset.h',
+            'icu/unicode/ustring.h',
+            'icu/unicode/utf.h',
+            'icu/unicode/utf16.h',
+            'icu/unicode/utf8.h',
+            'icu/unicode/utf_old.h',
+            'icu/unicode/utypes.h',
+            'icu/unicode/uversion.h',
+            'interpreter/CachedCall.h',
+            'interpreter/CallFrame.cpp',
+            'interpreter/CallFrame.h',
+            'interpreter/CallFrameClosure.h',
+            'interpreter/Interpreter.cpp',
+            'interpreter/Interpreter.h',
+            'interpreter/Register.h',
+            'interpreter/RegisterFile.cpp',
+            'interpreter/RegisterFile.h',
+            'JavaScriptCorePrefix.h',
+            'jit/ExecutableAllocator.cpp',
+            'jit/ExecutableAllocator.h',
+            'jit/ExecutableAllocatorFixedVMPool.cpp',
+            'jit/ExecutableAllocatorPosix.cpp',
+            'jit/ExecutableAllocatorWin.cpp',
+            'jit/JIT.cpp',
+            'jit/JIT.h',
+            'jit/JITArithmetic.cpp',
+            'jit/JITCall.cpp',
+            'jit/JITCode.h',
+            'jit/JITInlineMethods.h',
+            'jit/JITOpcodes.cpp',
+            'jit/JITPropertyAccess.cpp',
+            'jit/JITStubCall.h',
+            'jit/JITStubs.cpp',
+            'jit/JITStubs.h',
+            'jsc.cpp',
+            'os-win32/stdbool.h',
+            'os-win32/stdint.h',
+            'parser/Lexer.cpp',
+            'parser/Lexer.h',
+            'parser/NodeConstructors.h',
+            'parser/NodeInfo.h',
+            'parser/Nodes.cpp',
+            'parser/Nodes.h',
+            'parser/Parser.cpp',
+            'parser/Parser.h',
+            'parser/ParserArena.cpp',
+            'parser/ParserArena.h',
+            'parser/ResultType.h',
+            'parser/SourceCode.h',
+            'parser/SourceProvider.h',
+            'pcre/pcre.h',
+            'pcre/pcre_compile.cpp',
+            'pcre/pcre_exec.cpp',
+            'pcre/pcre_internal.h',
+            'pcre/pcre_tables.cpp',
+            'pcre/pcre_ucp_searchfuncs.cpp',
+            'pcre/pcre_xclass.cpp',
+            'pcre/ucpinternal.h',
+            'pcre/ucptable.cpp',
+            'profiler/CallIdentifier.h',
+            'profiler/HeavyProfile.cpp',
+            'profiler/HeavyProfile.h',
+            'profiler/Profile.cpp',
+            'profiler/Profile.h',
+            'profiler/ProfileGenerator.cpp',
+            'profiler/ProfileGenerator.h',
+            'profiler/ProfileNode.cpp',
+            'profiler/ProfileNode.h',
+            'profiler/Profiler.cpp',
+            'profiler/Profiler.h',
+            'profiler/ProfilerServer.h',
+            'profiler/TreeProfile.cpp',
+            'profiler/TreeProfile.h',
+            'runtime/ArgList.cpp',
+            'runtime/ArgList.h',
+            'runtime/Arguments.cpp',
+            'runtime/Arguments.h',
+            'runtime/ArrayConstructor.cpp',
+            'runtime/ArrayConstructor.h',
+            'runtime/ArrayPrototype.cpp',
+            'runtime/ArrayPrototype.h',
+            'runtime/BatchedTransitionOptimizer.h',
+            'runtime/BooleanConstructor.cpp',
+            'runtime/BooleanConstructor.h',
+            'runtime/BooleanObject.cpp',
+            'runtime/BooleanObject.h',
+            'runtime/BooleanPrototype.cpp',
+            'runtime/BooleanPrototype.h',
+            'runtime/CallData.cpp',
+            'runtime/CallData.h',
+            'runtime/ClassInfo.h',
+            'runtime/Collector.cpp',
+            'runtime/Collector.h',
+            'runtime/CollectorHeapIterator.h',
+            'runtime/CommonIdentifiers.cpp',
+            'runtime/CommonIdentifiers.h',
+            'runtime/Completion.cpp',
+            'runtime/Completion.h',
+            'runtime/ConstructData.cpp',
+            'runtime/ConstructData.h',
+            'runtime/DateConstructor.cpp',
+            'runtime/DateConstructor.h',
+            'runtime/DateConversion.cpp',
+            'runtime/DateConversion.h',
+            'runtime/DateInstance.cpp',
+            'runtime/DateInstance.h',
+            'runtime/DatePrototype.cpp',
+            'runtime/DatePrototype.h',
+            'runtime/Error.cpp',
+            'runtime/Error.h',
+            'runtime/ErrorConstructor.cpp',
+            'runtime/ErrorConstructor.h',
+            'runtime/ErrorInstance.cpp',
+            'runtime/ErrorInstance.h',
+            'runtime/ErrorPrototype.cpp',
+            'runtime/ErrorPrototype.h',
+            'runtime/ExceptionHelpers.cpp',
+            'runtime/ExceptionHelpers.h',
+            'runtime/FunctionConstructor.cpp',
+            'runtime/FunctionConstructor.h',
+            'runtime/FunctionPrototype.cpp',
+            'runtime/FunctionPrototype.h',
+            'runtime/GetterSetter.cpp',
+            'runtime/GetterSetter.h',
+            'runtime/GlobalEvalFunction.cpp',
+            'runtime/GlobalEvalFunction.h',
+            'runtime/Identifier.cpp',
+            'runtime/Identifier.h',
+            'runtime/InitializeThreading.cpp',
+            'runtime/InitializeThreading.h',
+            'runtime/InternalFunction.cpp',
+            'runtime/InternalFunction.h',
+            'runtime/JSActivation.cpp',
+            'runtime/JSActivation.h',
+            'runtime/JSArray.cpp',
+            'runtime/JSArray.h',
+            'runtime/JSByteArray.cpp',
+            'runtime/JSByteArray.h',
+            'runtime/JSCell.cpp',
+            'runtime/JSCell.h',
+            'runtime/JSFunction.cpp',
+            'runtime/JSFunction.h',
+            'runtime/JSGlobalData.cpp',
+            'runtime/JSGlobalData.h',
+            'runtime/JSGlobalObject.cpp',
+            'runtime/JSGlobalObject.h',
+            'runtime/JSGlobalObjectFunctions.cpp',
+            'runtime/JSGlobalObjectFunctions.h',
+            'runtime/JSImmediate.cpp',
+            'runtime/JSImmediate.h',
+            'runtime/JSLock.cpp',
+            'runtime/JSLock.h',
+            'runtime/JSNotAnObject.cpp',
+            'runtime/JSNotAnObject.h',
+            'runtime/JSNumberCell.cpp',
+            'runtime/JSNumberCell.h',
+            'runtime/JSObject.cpp',
+            'runtime/JSObject.h',
+            'runtime/JSONObject.cpp',
+            'runtime/JSONObject.h',
+            'runtime/JSPropertyNameIterator.cpp',
+            'runtime/JSPropertyNameIterator.h',
+            'runtime/JSStaticScopeObject.cpp',
+            'runtime/JSStaticScopeObject.h',
+            'runtime/JSString.cpp',
+            'runtime/JSString.h',
+            'runtime/JSType.h',
+            'runtime/JSTypeInfo.h',
+            'runtime/JSValue.cpp',
+            'runtime/JSValue.h',
+            'runtime/JSVariableObject.cpp',
+            'runtime/JSVariableObject.h',
+            'runtime/JSWrapperObject.cpp',
+            'runtime/JSWrapperObject.h',
+            'runtime/LiteralParser.cpp',
+            'runtime/LiteralParser.h',
+            'runtime/Lookup.cpp',
+            'runtime/Lookup.h',
+            'runtime/MarkStack.cpp',
+            'runtime/MarkStack.h',
+            'runtime/MarkStackWin.cpp',
+            'runtime/MathObject.cpp',
+            'runtime/MathObject.h',
+            'runtime/NativeErrorConstructor.cpp',
+            'runtime/NativeErrorConstructor.h',
+            'runtime/NativeErrorPrototype.cpp',
+            'runtime/NativeErrorPrototype.h',
+            'runtime/NativeFunctionWrapper.h',
+            'runtime/NumberConstructor.cpp',
+            'runtime/NumberConstructor.h',
+            'runtime/NumberObject.cpp',
+            'runtime/NumberObject.h',
+            'runtime/NumberPrototype.cpp',
+            'runtime/NumberPrototype.h',
+            'runtime/ObjectConstructor.cpp',
+            'runtime/ObjectConstructor.h',
+            'runtime/ObjectPrototype.cpp',
+            'runtime/ObjectPrototype.h',
+            'runtime/Operations.cpp',
+            'runtime/Operations.h',
+            'runtime/PropertyDescriptor.cpp',
+            'runtime/PropertyDescriptor.h',
+            'runtime/PropertyMapHashTable.h',
+            'runtime/PropertyNameArray.cpp',
+            'runtime/PropertyNameArray.h',
+            'runtime/PropertySlot.cpp',
+            'runtime/PropertySlot.h',
+            'runtime/Protect.h',
+            'runtime/PrototypeFunction.cpp',
+            'runtime/PrototypeFunction.h',
+            'runtime/PutPropertySlot.h',
+            'runtime/RegExp.cpp',
+            'runtime/RegExp.h',
+            'runtime/RegExpConstructor.cpp',
+            'runtime/RegExpConstructor.h',
+            'runtime/RegExpMatchesArray.h',
+            'runtime/RegExpObject.cpp',
+            'runtime/RegExpObject.h',
+            'runtime/RegExpPrototype.cpp',
+            'runtime/RegExpPrototype.h',
+            'runtime/ScopeChain.cpp',
+            'runtime/ScopeChain.h',
+            'runtime/ScopeChainMark.h',
+            'runtime/SmallStrings.cpp',
+            'runtime/SmallStrings.h',
+            'runtime/StringConstructor.cpp',
+            'runtime/StringConstructor.h',
+            'runtime/StringObject.cpp',
+            'runtime/StringObject.h',
+            'runtime/StringObjectThatMasqueradesAsUndefined.h',
+            'runtime/StringPrototype.cpp',
+            'runtime/StringPrototype.h',
+            'runtime/Structure.cpp',
+            'runtime/Structure.h',
+            'runtime/StructureChain.cpp',
+            'runtime/StructureChain.h',
+            'runtime/StructureTransitionTable.h',
+            'runtime/SymbolTable.h',
+            'runtime/TimeoutChecker.cpp',
+            'runtime/TimeoutChecker.h',
+            'runtime/Tracing.h',
+            'runtime/UString.cpp',
+            'runtime/UString.h',
+            'wrec/CharacterClass.cpp',
+            'wrec/CharacterClass.h',
+            'wrec/CharacterClassConstructor.cpp',
+            'wrec/CharacterClassConstructor.h',
+            'wrec/Escapes.h',
+            'wrec/Quantifier.h',
+            'wrec/WREC.cpp',
+            'wrec/WREC.h',
+            'wrec/WRECFunctors.cpp',
+            'wrec/WRECFunctors.h',
+            'wrec/WRECGenerator.cpp',
+            'wrec/WRECGenerator.h',
+            'wrec/WRECParser.cpp',
+            'wrec/WRECParser.h',
+            'wtf/AlwaysInline.h',
+            'wtf/ASCIICType.h',
+            'wtf/Assertions.cpp',
+            'wtf/Assertions.h',
+            'wtf/AVLTree.h',
+            'wtf/ByteArray.cpp',
+            'wtf/ByteArray.h',
+            'wtf/chromium/ChromiumThreading.h',
+            'wtf/chromium/MainThreadChromium.cpp',
+            'wtf/CrossThreadRefCounted.h',
+            'wtf/CurrentTime.cpp',
+            'wtf/CurrentTime.h',
+            'wtf/DateMath.cpp',
+            'wtf/DateMath.h',
+            'wtf/Deque.h',
+            'wtf/DisallowCType.h',
+            'wtf/dtoa.cpp',
+            'wtf/dtoa.h',
+            'wtf/FastAllocBase.h',
+            'wtf/FastMalloc.cpp',
+            'wtf/FastMalloc.h',
+            'wtf/Forward.h',
+            'wtf/GetPtr.h',
+            'wtf/GOwnPtr.cpp',
+            'wtf/GOwnPtr.h',
+            'wtf/gtk/MainThreadGtk.cpp',
+            'wtf/gtk/ThreadingGtk.cpp',
+            'wtf/HashCountedSet.h',
+            'wtf/HashFunctions.h',
+            'wtf/HashIterators.h',
+            'wtf/HashMap.h',
+            'wtf/HashSet.h',
+            'wtf/HashTable.cpp',
+            'wtf/HashTable.h',
+            'wtf/HashTraits.h',
+            'wtf/ListHashSet.h',
+            'wtf/ListRefPtr.h',
+            'wtf/Locker.h',
+            'wtf/MainThread.cpp',
+            'wtf/MainThread.h',
+            'wtf/MallocZoneSupport.h',
+            'wtf/MathExtras.h',
+            'wtf/MessageQueue.h',
+            'wtf/Noncopyable.h',
+            'wtf/NotFound.h',
+            'wtf/OwnArrayPtr.h',
+            'wtf/OwnFastMallocPtr.h',
+            'wtf/OwnPtr.h',
+            'wtf/OwnPtrCommon.h',
+            'wtf/OwnPtrWin.cpp',
+            'wtf/PassOwnPtr.h',
+            'wtf/PassRefPtr.h',
+            'wtf/Platform.h',
+            'wtf/PtrAndFlags.h',
+            'wtf/qt/MainThreadQt.cpp',
+            'wtf/qt/ThreadingQt.cpp',
+            'wtf/RandomNumber.cpp',
+            'wtf/RandomNumber.h',
+            'wtf/RandomNumberSeed.h',
+            'wtf/RefCounted.h',
+            'wtf/RefCountedLeakCounter.cpp',
+            'wtf/RefCountedLeakCounter.h',
+            'wtf/RefPtr.h',
+            'wtf/RefPtrHashMap.h',
+            'wtf/RetainPtr.h',
+            'wtf/SegmentedVector.h',
+            'wtf/StdLibExtras.h',
+            'wtf/StringExtras.h',
+            'wtf/TCPackedCache.h',
+            'wtf/TCPageMap.h',
+            'wtf/TCSpinLock.h',
+            'wtf/TCSystemAlloc.cpp',
+            'wtf/TCSystemAlloc.h',
+            'wtf/Threading.cpp',
+            'wtf/Threading.h',
+            'wtf/ThreadingNone.cpp',
+            'wtf/ThreadingPthreads.cpp',
+            'wtf/ThreadingWin.cpp',
+            'wtf/ThreadSpecific.h',
+            'wtf/ThreadSpecificWin.cpp',
+            'wtf/TypeTraits.cpp',
+            'wtf/TypeTraits.h',
+            'wtf/unicode/Collator.h',
+            'wtf/unicode/CollatorDefault.cpp',
+            'wtf/unicode/glib/UnicodeGLib.cpp',
+            'wtf/unicode/glib/UnicodeGLib.h',
+            'wtf/unicode/glib/UnicodeMacrosFromICU.h',
+            'wtf/unicode/icu/CollatorICU.cpp',
+            'wtf/unicode/icu/UnicodeIcu.h',
+            'wtf/unicode/qt4/UnicodeQt4.h',
+            'wtf/unicode/Unicode.h',
+            'wtf/unicode/UTF8.cpp',
+            'wtf/unicode/UTF8.h',
+            'wtf/UnusedParam.h',
+            'wtf/Vector.h',
+            'wtf/VectorTraits.h',
+            'wtf/VMTags.h',
+            'wtf/win/MainThreadWin.cpp',
+            'wtf/wx/MainThreadWx.cpp',
+            'yarr/RegexCompiler.cpp',
+            'yarr/RegexCompiler.h',
+            'yarr/RegexInterpreter.cpp',
+            'yarr/RegexInterpreter.h',
+            'yarr/RegexJIT.cpp',
+            'yarr/RegexJIT.h',
+            'yarr/RegexParser.h',
+            'yarr/RegexPattern.h',
+        ]
+    }
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.order b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.order
new file mode 100644
index 000000000..3ae3ec6dd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.order
@@ -0,0 +1,1965 @@
+__ZN3WTF10fastMallocEm
+__ZN3WTF10fastMallocILb1EEEPvm
+__ZN3WTF20TCMalloc_ThreadCache10InitModuleEv
+__ZN3WTFL15InitSizeClassesEv
+__Z20TCMalloc_SystemAllocmPmm
+__ZN3WTFL13MetaDataAllocEm
+__ZN3WTF20TCMalloc_ThreadCache22CreateCacheIfNecessaryEv
+__ZN3WTF25TCMalloc_Central_FreeList11RemoveRangeEPPvS2_Pi
+__ZN3WTF25TCMalloc_Central_FreeList18FetchFromSpansSafeEv
+__ZN3WTF17TCMalloc_PageHeap10AllocLargeEm
+__ZN3WTF17TCMalloc_PageHeap8GrowHeapEm
+__ZN3WTF19initializeThreadingEv
+__ZN3WTF20initializeMainThreadEv
+__ZN3WTF5MutexC1Ev
+__ZN3WTF28initializeMainThreadPlatformEv
+__ZN3WTF36lockAtomicallyInitializedStaticMutexEv
+__ZN3WTF8fastFreeEPv
+__ZN3WTF38unlockAtomicallyInitializedStaticMutexEv
+__ZN3JSC19initializeThreadingEv
+__ZN3JSCL23initializeThreadingOnceEv
+__ZN3JSC17initializeUStringEv
+__ZN3JSC12initDateMathEv
+__ZN3WTF11currentTimeEv
+__ZN3WTF15ThreadConditionC1Ev
+__ZN3WTF5Mutex4lockEv
+__ZN3WTF5Mutex6unlockEv
+__ZN3WTF12createThreadEPFPvS0_ES0_PKc
+__ZN3WTF20createThreadInternalEPFPvS0_ES0_PKc
+__ZN3WTFL35establishIdentifierForPthreadHandleERP17_opaque_pthread_t
+__ZN3WTF9HashTableIjSt4pairIjP17_opaque_pthread_tENS_18PairFirstExtractorIS4_EENS_7IntHashIjEENS_14PairHashTraitsINS_10HashTrai
+__ZN3WTFL16threadEntryPointEPv
+__ZN3WTF16fastZeroedMallocEm
+__ZN3WTF21setThreadNameInternalEPKc
+__ZN3WTF5MutexD1Ev
+__ZN3WTF25TCMalloc_Central_FreeList11InsertRangeEPvS1_i
+__ZN3WTF25TCMalloc_Central_FreeList18ReleaseListToSpansEPv
+__ZN3WTF12isMainThreadEv
+__ZN3WTF14FastMallocZone4sizeEP14_malloc_zone_tPKv
+__ZN3WTF13currentThreadEv
+__ZN3WTF16callOnMainThreadEPFvPvES0_
+__ZN3WTF5DequeINS_19FunctionWithContextEE14expandCapacityEv
+__ZN3WTF37scheduleDispatchFunctionsOnMainThreadEv
+__ZN3WTF15ThreadCondition4waitERNS_5MutexE
+__ZN3JSC8DebuggerC2Ev
+__ZN3WTF6strtodEPKcPPc
+__ZN3WTF15ThreadCondition6signalEv
+__ZN3WTF15ThreadCondition9timedWaitERNS_5MutexEd
+__ZN3WTF15ThreadCondition9broadcastEv
+-[WTFMainThreadCaller call]
+__ZN3WTF31dispatchFunctionsFromMainThreadEv
+__ZN3WTF14FastMallocZone9forceLockEP14_malloc_zone_t
+__ZN3WTF11fastReallocEPvm
+__ZN3WTF11fastReallocILb1EEEPvS1_m
+__ZN3JSC7UStringC1EPKti
+__ZN3JSC7UStringC2EPKti
+__ZN3JSC12JSGlobalData12createLeakedEv
+__ZN3JSC9Structure18startIgnoringLeaksEv
+__ZN3JSC7VPtrSetC2Ev
+__ZN3JSC9StructureC1ENS_7JSValueERKNS_8TypeInfoE
+__ZN3JSC7JSArrayC1EN3WTF10PassRefPtrINS_9StructureEEE
+__ZN3JSC7JSArrayD1Ev
+__ZN3JSC7JSArrayD2Ev
+__ZN3WTF10RefCountedIN3JSC9StructureEE5derefEv
+__ZN3JSC9StructureD1Ev
+__ZN3JSC9StructureD2Ev
+__ZN3JSC11JSByteArray15createStructureENS_7JSValueE
+__ZN3JSC11JSByteArrayD1Ev
+__ZN3JSC8JSStringD1Ev
+__ZN3JSC10JSFunctionD1Ev
+__ZN3JSC10JSFunctionD2Ev
+__ZN3JSC8JSObjectD2Ev
+__ZN3JSC12JSGlobalDataC2EbRKNS_7VPtrSetE
+__ZN3JSC21createIdentifierTableEv
+__ZN3JSC17CommonIdentifiersC1EPNS_12JSGlobalDataE
+__ZN3JSC17CommonIdentifiersC2EPNS_12JSGlobalDataE
+__ZN3JSC10Identifier3addEPNS_12JSGlobalDataEPKc
+__ZN3WTF7HashSetIPN3JSC7UString3RepENS_7StrHashIS4_EENS_10HashTraitsIS4_EEE3addIPKcNS1_17CStringTranslatorEEESt4pairINS_24HashT
+__ZN3WTF9HashTableIPN3JSC7UString3RepES4_NS_17IdentityExtractorIS4_EENS_7StrHashIS4_EENS_10HashTraitsIS4_EESA_E6rehashEi
+__ZN3WTF9HashTableIPKcSt4pairIS2_NS_6RefPtrIN3JSC7UString3RepEEEENS_18PairFirstExtractorIS9_EENS_7PtrHashIS2_EENS_14PairHashTra
+__ZN3WTF6RefPtrIN3JSC7UString3RepEED1Ev
+__ZN3JSC12SmallStringsC1Ev
+__ZN3JSC19ExecutableAllocator17intializePageSizeEv
+__ZN3JSC14ExecutablePool11systemAllocEm
+__ZN3JSC5LexerC1EPNS_12JSGlobalDataE
+__ZN3JSC5LexerC2EPNS_12JSGlobalDataE
+__ZN3JSC11InterpreterC1Ev
+__ZN3JSC11InterpreterC2Ev
+__ZN3JSC11Interpreter14privateExecuteENS0_13ExecutionFlagEPNS_12RegisterFileEPNS_9ExecStateEPNS_7JSValueE
+__ZN3WTF7HashMapIPvN3JSC8OpcodeIDENS_7PtrHashIS1_EENS_10HashTraitsIS1_EENS6_IS3_EEE3addERKS1_RKS3_
+__ZN3WTF9HashTableIPvSt4pairIS1_N3JSC8OpcodeIDEENS_18PairFirstExtractorIS5_EENS_7PtrHashIS1_EENS_14PairHashTraitsINS_10HashTrai
+__ZN3JSC8JITStubsC1EPNS_12JSGlobalDataE
+__ZN3JSC3JITC1EPNS_12JSGlobalDataEPNS_9CodeBlockE
+__ZN3JSC3JITC2EPNS_12JSGlobalDataEPNS_9CodeBlockE
+__ZN3JSC3JIT35privateCompileCTIMachineTrampolinesEPN3WTF6RefPtrINS_14ExecutablePoolEEEPNS_12JSGlobalDataEPPvS9_S9_S9_S9_S9_
+__ZN3JSC12X86Assembler23X86InstructionFormatter11oneByteOp64ENS0_15OneByteOpcodeIDEiNS_3X8610RegisterIDE
+__ZN3JSC12X86Assembler3jCCENS0_9ConditionE
+__ZN3JSC23MacroAssemblerX86Common4moveENS_22AbstractMacroAssemblerINS_12X86AssemblerEE6ImmPtrENS_3X8610RegisterIDE
+__ZN3JSC12X86Assembler23X86InstructionFormatter11oneByteOp64ENS0_15OneByteOpcodeIDEiNS_3X8610RegisterIDEi
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDEiNS_3X8610RegisterIDE
+__ZN3JSC15AssemblerBuffer11ensureSpaceEi
+__ZN3JSC20MacroAssemblerX86_6413branchTestPtrENS_23MacroAssemblerX86Common9ConditionENS_3X8610RegisterIDENS_22AbstractMacroAsse
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDENS_3X8610RegisterIDE
+__ZN3JSC20MacroAssemblerX86_644callEv
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDEiNS_3X8610RegisterIDEi
+__ZN3JSC3JIT32compileOpCallInitializeCallFrameEv
+__ZN3JSC12X86Assembler23X86InstructionFormatter11memoryModRMEiNS_3X8610RegisterIDEi
+__ZN3JSC20MacroAssemblerX86_6421makeTailRecursiveCallENS_22AbstractMacroAssemblerINS_12X86AssemblerEE4JumpE
+__ZN3JSC14TimeoutCheckerC1Ev
+__ZN3JSC4HeapC1EPNS_12JSGlobalDataE
+__ZN3JSC27startProfilerServerIfNeededEv
++[ProfilerServer sharedProfileServer]
+-[ProfilerServer init]
+__ZN3JSC9Structure17stopIgnoringLeaksEv
+__ZN3JSC4Heap8allocateEm
+__ZN3JSCL13allocateBlockILNS_8HeapTypeE0EEEPNS_14CollectorBlockEv
+__ZN3JSC4Heap4heapENS_7JSValueE
+__ZN3JSC4Heap7protectENS_7JSValueE
+__ZN3WTF7HashMapIPN3JSC6JSCellEjNS_7PtrHashIS3_EENS_10HashTraitsIS3_EENS6_IjEEE3addERKS3_RKj
+__ZN3WTF9HashTableIPN3JSC6JSCellESt4pairIS3_jENS_18PairFirstExtractorIS5_EENS_7PtrHashIS3_EENS_14PairHashTraitsINS_10HashTraits
+__ZN3JSC14JSGlobalObjectnwEmPNS_12JSGlobalDataE
+__ZN3JSC14JSGlobalObject4initEPNS_8JSObjectE
+__ZN3JSC14JSGlobalObject5resetENS_7JSValueE
+__ZN3JSC4Heap12heapAllocateILNS_8HeapTypeE0EEEPvm
+__ZN3JSC8jsStringEPNS_12JSGlobalDataERKNS_7UStringE
+__ZN3JSC12SmallStrings17createEmptyStringEPNS_12JSGlobalDataE
+__ZN3JSC7UStringC1EPKc
+__ZN3JSCL9createRepEPKc
+__ZN3JSC8JSObject9putDirectERKNS_10IdentifierENS_7JSValueEjbRNS_15PutPropertySlotE
+__ZN3JSC9Structure40addPropertyTransitionToExistingStructureEPS0_RKNS_10IdentifierEjRm
+__ZN3JSC9Structure3getERKNS_10IdentifierERj
+__ZN3JSC9Structure21addPropertyTransitionEPS0_RKNS_10IdentifierEjRm
+__ZN3JSC9Structure3putERKNS_10IdentifierEj
+__ZN3JSC8JSObject26putDirectWithoutTransitionERKNS_10IdentifierENS_7JSValueEj
+__ZN3JSC9Structure28addPropertyWithoutTransitionERKNS_10IdentifierEj
+__ZN3JSC17FunctionPrototype21addFunctionPropertiesEPNS_9ExecStateEPNS_9StructureEPPNS_10JSFunctionES7_
+__ZN3JSC10JSFunctionC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESA_RK
+__ZN3JSC12JSGlobalData17createNativeThunkEv
+__ZN3JSC16FunctionBodyNode17createNativeThunkEPNS_12JSGlobalDataE
+__ZN3WTF6VectorINS_6RefPtrIN3JSC21ParserArenaRefCountedEEELm0EE15reserveCapacityEm
+__ZN3JSC11ParserArena5resetEv
+__ZN3JSC8JSObject34putDirectFunctionWithoutTransitionEPNS_9ExecStateEPNS_16InternalFunctionEj
+__ZN3JSC15ObjectPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_
+__ZN3JSC9Structure26rehashPropertyMapHashTableEj
+__ZN3JSC15StringPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEE
+__ZN3JSC16BooleanPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_
+__ZN3JSC15NumberPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_
+__ZN3JSC15RegExpPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_
+__ZN3JSC14ErrorPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_
+__ZN3JSC20NativeErrorPrototypeC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEERKNS_7UStringES9_
+__ZN3JSC17ObjectConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_15ObjectPrototypeE
+__ZN3JSC19FunctionConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_17FunctionPrototypeE
+__ZNK3JSC16InternalFunction9classInfoEv
+__ZN3JSC16ArrayConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_14ArrayPrototypeE
+__ZNK3JSC14ArrayPrototype9classInfoEv
+__ZN3JSC17StringConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_PNS_15StringPrototypeE
+__ZNK3JSC15StringPrototype9classInfoEv
+__ZN3JSC18BooleanConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_16BooleanPrototypeE
+__ZNK3JSC13BooleanObject9classInfoEv
+__ZN3JSC17NumberConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_15NumberPrototypeE
+__ZN3JSC15DateConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPS5_PNS_13DatePrototypeE
+__ZNK3JSC13DatePrototype9classInfoEv
+__ZN3JSC17RegExpConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_15RegExpPrototypeE
+__ZN3JSC16ErrorConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_14ErrorPrototypeE
+__ZNK3JSC13ErrorInstance9classInfoEv
+__ZN3JSC22NativeErrorConstructorC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS_20NativeErrorPrototypeE
+__ZN3JSC10Identifier11addSlowCaseEPNS_12JSGlobalDataEPNS_7UString3RepE
+__ZN3WTF7HashSetIPN3JSC7UString3RepENS_7StrHashIS4_EENS_10HashTraitsIS4_EEE3addERKS4_
+__ZN3JSC10MathObjectC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEE
+__ZN3JSC12SmallStrings24singleCharacterStringRepEh
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEENS2_16SymbolTableEntryENS2_17IdentifierRepHashENS_10HashTraitsIS5_EENS2_26Symbo
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEESt4pairIS5_NS2_16SymbolTableEntryEENS_18PairFirstExtractorIS8_EENS2_17Identif
+__ZN3JSC17PrototypeFunctionC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjec
+__ZN3JSC9Structure25changePrototypeTransitionEPS0_NS_7JSValueE
+__ZN3JSC9Structure17copyPropertyTableEv
+__ZN3JSC14JSGlobalObject10globalExecEv
+__ZN3JSC10Identifier3addEPNS_9ExecStateEPKc
+__ZN3JSC4Heap9unprotectENS_7JSValueE
+__ZN3JSC6JSCellnwEmPNS_9ExecStateE
+__ZN3JSC14TimeoutChecker5resetEv
+__ZN3JSC8evaluateEPNS_9ExecStateERNS_10ScopeChainERKNS_10SourceCodeENS_7JSValueE
+__ZN3JSC6JSLock4lockEb
+__ZN3JSC6Parser5parseINS_11ProgramNodeEEEN3WTF10PassRefPtrIT_EEPNS_9ExecStateEPNS_8DebuggerERKNS_10SourceCodeEPiPNS_7UStringE
+__ZN3JSC6Parser5parseEPNS_12JSGlobalDataEPiPNS_7UStringE
+__ZN3JSC7UStringaSEPKc
+__Z10jscyyparsePv
+__ZN3JSC5Lexer3lexEPvS1_
+__ZN3JSC10Identifier3addEPNS_12JSGlobalDataEPKti
+__ZN3WTF7HashSetIPN3JSC7UString3RepENS_7StrHashIS4_EENS_10HashTraitsIS4_EEE3addINS1_11UCharBufferENS1_21UCharBufferTranslatorEE
+__ZN3WTF15SegmentedVectorINS_10IdentifierELm64EE6appendIS1_EEvRKT_
+__ZNK3JSC9HashTable11createTableEPNS_12JSGlobalDataE
+__ZN3JSC20ParserArenaDeletablenwEmPNS_12JSGlobalDataE
+__ZN3WTF6VectorIPN3JSC20ParserArenaDeletableELm0EE15reserveCapacityEm
+__ZN3JSC5Lexer10sourceCodeEiii
+__ZN3JSC16FunctionBodyNode13finishParsingERKNS_10SourceCodeEPNS_13ParameterNodeE
+__ZN3WTF6VectorIN3JSC10IdentifierELm0EE14expandCapacityEm
+__ZN3WTF6VectorIPN3JSC12FuncDeclNodeELm0EE14expandCapacityEm
+__ZN3JSC14SourceElements6appendEPNS_13StatementNodeE
+__ZNK3JSC13StatementNode16isEmptyStatementEv
+__ZN3WTF6VectorIPN3JSC13StatementNodeELm0EE14expandCapacityEm
+__ZL20makeFunctionCallNodePvN3JSC8NodeInfoIPNS0_14ExpressionNodeEEENS1_IPNS0_13ArgumentsNodeEEEiii
+__ZNK3JSC11ResolveNode10isLocationEv
+__ZNK3JSC11ResolveNode13isResolveNodeEv
+__ZN3JSC5Lexer7record8Ei
+__ZN3JSC5Lexer10scanRegExpEv
+__ZN3JSC7UStringC2ERKN3WTF6VectorItLm0EEE
+__ZN3JSC7UString3Rep7destroyEv
+__ZN3JSC5Lexer5clearEv
+__ZN3JSC10Identifier6removeEPNS_7UString3RepE
+__ZN3WTF6VectorIN3JSC10IdentifierELm64EE14shrinkCapacityEm
+__ZN3JSC9ScopeNodeC2EPNS_12JSGlobalDataERKNS_10SourceCodeEPNS_14SourceElementsEPN3WTF6VectorISt4pairINS_10IdentifierEjELm0EEEPN
+__ZN3WTF6VectorIPN3JSC13StatementNodeELm0EE14shrinkCapacityEm
+__ZN3JSC11ParserArena10removeLastEv
+__ZNK3JSC8JSObject8toObjectEPNS_9ExecStateE
+__ZN3JSC11Interpreter7executeEPNS_11ProgramNodeEPNS_9ExecStateEPNS_14ScopeChainNodeEPNS_8JSObjectEPNS_7JSValueE
+__ZN3JSC11ProgramNode16generateBytecodeEPNS_14ScopeChainNodeE
+__ZN3JSC9CodeBlockC2EPNS_9ScopeNodeENS_8CodeTypeEN3WTF10PassRefPtrINS_14SourceProviderEEEj
+__ZN3WTF7HashSetIPN3JSC16ProgramCodeBlockENS_7PtrHashIS3_EENS_10HashTraitsIS3_EEE3addERKS3_
+__ZN3WTF9HashTableIPN3JSC16ProgramCodeBlockES3_NS_17IdentityExtractorIS3_EENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES9_E6rehashEi
+__ZN3JSC17BytecodeGeneratorC2EPNS_11ProgramNodeEPKNS_8DebuggerERKNS_10ScopeChainEPN3WTF7HashMapINS9_6RefPtrINS_7UString3RepEEEN
+__ZN3WTF6VectorIN3JSC11InstructionELm0EE14expandCapacityEm
+__ZN3JSC9Structure22toDictionaryTransitionEPS0_
+__ZN3JSC8JSObject12removeDirectERKNS_10IdentifierE
+__ZN3JSC9Structure31removePropertyWithoutTransitionERKNS_10IdentifierE
+__ZN3JSC9Structure6removeERKNS_10IdentifierE
+__ZN3JSC17BytecodeGenerator12addGlobalVarERKNS_10IdentifierEbRPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator15emitNewFunctionEPNS_10RegisterIDEPNS_12FuncDeclNodeE
+__ZN3JSC9CodeBlock25createRareDataIfNecessaryEv
+__ZN3JSC17BytecodeGenerator11newRegisterEv
+__ZN3JSC9Structure24fromDictionaryTransitionEPS0_
+__ZN3JSC17BytecodeGenerator8generateEv
+__ZN3JSC11ProgramNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator13emitDebugHookENS_11DebugHookIDEii
+__ZN3JSC17BytecodeGenerator11addConstantENS_7JSValueE
+__ZN3WTF9HashTableIPvSt4pairIS1_jENS_18PairFirstExtractorIS3_EENS_7PtrHashIS1_EENS_14PairHashTraitsIN3JSC17JSValueHashTraitsENS
+__ZN3WTF6VectorIN3JSC8RegisterELm0EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator8emitMoveEPNS_10RegisterIDES2_
+__ZN3JSC17BytecodeGenerator8emitNodeEPNS_10RegisterIDEPNS_4NodeE
+__ZN3WTF6VectorIN3JSC8LineInfoELm0EE14expandCapacityEm
+__ZN3JSC12FuncDeclNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17ExprStatementNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC23FunctionCallResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator11registerForERKNS_10IdentifierE
+__ZN3JSC17BytecodeGenerator8emitCallENS_8OpcodeIDEPNS_10RegisterIDES3_S3_PNS_13ArgumentsNodeEjjj
+__ZN3JSC16ArgumentListNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC12FuncExprNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator25emitNewFunctionExpressionEPNS_10RegisterIDEPNS_12FuncExprNodeE
+__ZN3WTF6VectorIN3JSC19ExpressionRangeInfoELm0EE14expandCapacityEm
+__ZN3WTF6VectorIN3JSC12CallLinkInfoELm0EE14expandCapacityEm
+__ZN3JSC11ResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC12JSGlobalData22numericCompareFunctionEPNS_9ExecStateE
+__ZNK3JSC21UStringSourceProvider6lengthEv
+__ZNK3JSC21UStringSourceProvider4dataEv
+__ZN3JSC19extractFunctionBodyEPNS_11ProgramNodeE
+__ZNK3JSC17ExprStatementNode15isExprStatementEv
+__ZNK3JSC12FuncExprNode14isFuncExprNodeEv
+__ZN3JSC16FunctionBodyNode16generateBytecodeEPNS_14ScopeChainNodeE
+__ZN3JSC6Parser14reparseInPlaceEPNS_12JSGlobalDataEPNS_16FunctionBodyNodeE
+__ZL11makeSubNodePvPN3JSC14ExpressionNodeES2_b
+__ZN3JSC14ExpressionNode14stripUnaryPlusEv
+__ZNK3JSC14ExpressionNode8isNumberEv
+__ZN3JSC9CodeBlockC1EPNS_9ScopeNodeENS_8CodeTypeEN3WTF10PassRefPtrINS_14SourceProviderEEEj
+__ZN3JSC17BytecodeGeneratorC2EPNS_16FunctionBodyNodeEPKNS_8DebuggerERKNS_10ScopeChainEPN3WTF7HashMapINS9_6RefPtrINS_7UString3Re
+__ZN3JSC17BytecodeGenerator12addParameterERKNS_10IdentifierE
+__ZN3JSC16FunctionBodyNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC9BlockNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC10ReturnNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC12BinaryOpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC11ResolveNode6isPureERNS_17BytecodeGeneratorE
+__ZN3JSC17BytecodeGenerator12newTemporaryEv
+__ZN3JSC17BytecodeGenerator12emitBinaryOpENS_8OpcodeIDEPNS_10RegisterIDES3_S3_NS_12OperandTypesE
+__ZN3JSC17BytecodeGenerator10emitReturnEPNS_10RegisterIDE
+__ZNK3JSC9BlockNode7isBlockEv
+__ZNK3JSC10ReturnNode12isReturnNodeEv
+__ZN3JSC9CodeBlock11shrinkToFitEv
+__ZN3WTF6VectorIN3JSC11InstructionELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIN3JSC17StructureStubInfoELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIPN3JSC12CallLinkInfoELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIN3JSC10IdentifierELm0EE14shrinkCapacityEm
+__ZN3JSC11ParserArenaD1Ev
+__ZN3JSC11ResolveNodeD0Ev
+__ZN3JSC7SubNodeD0Ev
+__ZN3JSC10ReturnNodeD0Ev
+__ZN3JSC14SourceElementsD0Ev
+__ZN3JSC9BlockNodeD0Ev
+__ZN3JSC17BytecodeGeneratorD2Ev
+__ZN3WTF6VectorIN3JSC11InstructionELm0EEaSERKS3_
+__ZThn16_N3JSC11ProgramNodeD0Ev
+__ZN3JSC11ProgramNodeD0Ev
+__ZN3JSC13ParameterNodeD0Ev
+__ZN3JSC17ExprStatementNodeD0Ev
+__ZThn16_N3JSC12FuncExprNodeD0Ev
+__ZN3JSC12FuncExprNodeD0Ev
+__ZThn16_N3JSC16FunctionBodyNodeD0Ev
+__ZN3JSC16FunctionBodyNodeD0Ev
+__ZN3JSC9CodeBlockD1Ev
+__ZN3JSC9CodeBlockD2Ev
+__ZN3JSC21UStringSourceProviderD0Ev
+__ZN3WTF6VectorIN3JSC19ExpressionRangeInfoELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIN3JSC8LineInfoELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorINS_6RefPtrIN3JSC12FuncDeclNodeEEELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIN3JSC15SimpleJumpTableELm0EE14shrinkCapacityEm
+__ZN3WTF6VectorIN3JSC15StringJumpTableELm0EE14shrinkCapacityEm
+__ZN3JSC15ParserArenaDataIN3WTF6VectorIPNS_12FuncDeclNodeELm0EEEED0Ev
+__ZN3JSC16ArgumentListNodeD0Ev
+__ZN3JSC13ArgumentsNodeD0Ev
+__ZN3JSC23FunctionCallResolveNodeD0Ev
+__ZN3JSC14JSGlobalObject13copyGlobalsToERNS_12RegisterFileE
+__ZN3JSC3JIT14privateCompileEv
+__ZN3JSC3JIT22privateCompileMainPassEv
+__ZN3JSC3JIT13emit_op_enterEPNS_11InstructionE
+__ZN3JSC3JIT16emit_op_new_funcEPNS_11InstructionE
+__ZN3JSC20MacroAssemblerX86_648storePtrENS_22AbstractMacroAssemblerINS_12X86AssemblerEE6ImmPtrENS3_15ImplicitAddressE
+__ZN3JSC11JITStubCall4callEj
+__ZN3WTF6VectorIN3JSC10CallRecordELm0EE14expandCapacityEm
+__ZN3JSC3JIT11emit_op_movEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_new_func_expEPNS_11InstructionE
+__ZN3JSC3JIT12emit_op_callEPNS_11InstructionE
+__ZN3JSC3JIT13compileOpCallENS_8OpcodeIDEPNS_11InstructionEj
+__ZN3WTF6VectorIN3JSC13SlowCaseEntryELm0EE14expandCapacityEm
+__ZN3JSC3JIT11emit_op_endEPNS_11InstructionE
+__ZN3JSC11JITStubCall4callEv
+__ZN3WTF6VectorIN3JSC9JumpTableELm0EE14shrinkCapacityEm
+__ZN3JSC3JIT23privateCompileSlowCasesEv
+__ZN3JSC3JIT16emitSlow_op_callEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT21compileOpCallSlowCaseEPNS_11InstructionERPNS_13SlowCaseEntryEjNS_8OpcodeIDE
+__ZN3JSC3JIT22compileOpCallSetupArgsEPNS_11InstructionE
+__ZN3JSC9CodeBlock10setJITCodeERNS_10JITCodeRefE
+__ZN3JSC17BytecodeGenerator18dumpsGeneratedCodeEv
+__ZN3WTF10RefCountedIN3JSC14ExecutablePoolEE5derefEv
+_ctiTrampoline
+__ZN3JSC8JITStubs15cti_op_new_funcEPPv
+__ZN3JSC12FuncDeclNode12makeFunctionEPNS_9ExecStateEPNS_14ScopeChainNodeE
+__ZN3JSC8JITStubs19cti_op_new_func_expEPPv
+__ZN3JSC12FuncExprNode12makeFunctionEPNS_9ExecStateEPNS_14ScopeChainNodeE
+__ZN3JSC8JITStubs22cti_op_call_JSFunctionEPPv
+__ZN3JSC16FunctionBodyNode15generateJITCodeEPNS_14ScopeChainNodeE
+__ZN3JSC10IfElseNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator8newLabelEv
+__ZN3JSC15DotAccessorNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator11emitResolveEPNS_10RegisterIDERKNS_10IdentifierE
+__ZN3JSC17BytecodeGenerator18findScopedPropertyERKNS_10IdentifierERiRmbRPNS_8JSObjectE
+__ZNK3JSC16JSVariableObject16isVariableObjectEv
+__ZN3JSC17BytecodeGenerator16emitGetScopedVarEPNS_10RegisterIDEmiNS_7JSValueE
+__ZN3JSC17BytecodeGenerator11emitGetByIdEPNS_10RegisterIDES2_RKNS_10IdentifierE
+__ZN3WTF6VectorIN3JSC17StructureStubInfoELm0EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator11addConstantERKNS_10IdentifierE
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEEiNS2_17IdentifierRepHashENS_10HashTraitsIS5_EENS2_17BytecodeGenerator28Identifi
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEESt4pairIS5_iENS_18PairFirstExtractorIS7_EENS2_17IdentifierRepHashENS_14PairHa
+__ZN3JSC17BytecodeGenerator15emitJumpIfFalseEPNS_10RegisterIDEPNS_5LabelE
+__ZNK3JSC14JSGlobalObject14isDynamicScopeEv
+__ZN3JSC17BytecodeGenerator19emitResolveFunctionEPNS_10RegisterIDES2_RKNS_10IdentifierE
+__ZN3JSC10StringNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator8emitLoadEPNS_10RegisterIDERKNS_10IdentifierE
+__ZN3WTF9HashTableIPN3JSC7UString3RepESt4pairIS4_PNS1_8JSStringEENS_18PairFirstExtractorIS8_EENS1_17IdentifierRepHashENS_14Pair
+__ZN3JSC11BooleanNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator8emitJumpEPNS_5LabelE
+__ZN3JSC17BytecodeGenerator9emitLabelEPNS_5LabelE
+__ZN3WTF6VectorIjLm0EE15reserveCapacityEm
+__ZN3JSC6IfNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC13StatementNode12isReturnNodeEv
+__ZN3JSC15DotAccessorNodeD0Ev
+__ZN3JSC10StringNodeD0Ev
+__ZN3JSC11BooleanNodeD0Ev
+__ZN3JSC6IfNodeD0Ev
+__ZN3JSC10IfElseNodeD0Ev
+__ZN3JSC3JIT22emit_op_get_global_varEPNS_11InstructionE
+__ZN3JSC3JIT29emitGetVariableObjectRegisterENS_3X8610RegisterIDEiS2_
+__ZN3JSC3JIT17emit_op_get_by_idEPNS_11InstructionE
+__ZN3JSC3JIT21compileGetByIdHotPathEiiPNS_10IdentifierEj
+__ZN3WTF6VectorIN3JSC13SlowCaseEntryELm0EE14expandCapacityEmPKS2_
+__ZN3JSC3JIT14emit_op_jfalseEPNS_11InstructionE
+__ZN3JSC20MacroAssemblerX86_649branchPtrENS_23MacroAssemblerX86Common9ConditionENS_3X8610RegisterIDENS_22AbstractMacroAssembler
+__ZN3JSC20MacroAssemblerX86_649branchPtrENS_23MacroAssemblerX86Common9ConditionENS_3X8610RegisterIDES4_
+__ZN3WTF6VectorIN3JSC9JumpTableELm0EE14expandCapacityEmPKS2_
+__ZN3WTF6VectorIN3JSC9JumpTableELm0EE14expandCapacityEm
+__ZN3JSC3JIT20emit_op_resolve_funcEPNS_11InstructionE
+__ZN3JSC3JIT11emit_op_jmpEPNS_11InstructionE
+__ZN3JSC3JIT11emit_op_retEPNS_11InstructionE
+__ZN3JSC3JIT21emitSlow_op_get_by_idEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT22compileGetByIdSlowCaseEiiPNS_10IdentifierERPNS_13SlowCaseEntryEj
+__ZN3JSC3JIT18emitSlow_op_jfalseEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC23MacroAssemblerX86Common12branchTest32ENS0_9ConditionENS_3X8610RegisterIDENS_22AbstractMacroAssemblerINS_12X86Assemble
+__ZN3JSC8JITStubs23cti_vm_dontLazyLinkCallEPPv
+__ZN3JSC31ctiPatchNearCallByReturnAddressENS_22AbstractMacroAssemblerINS_12X86AssemblerEE22ProcessorReturnAddressEPv
+__ZN3JSC8JITStubs23cti_register_file_checkEPPv
+__ZN3JSC8JITStubs16cti_op_get_by_idEPPv
+__ZNK3JSC7JSValue3getEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC23setUpStaticFunctionSlotEPNS_9ExecStateEPKNS_9HashEntryEPNS_8JSObjectERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC27ctiPatchCallByReturnAddressENS_22AbstractMacroAssemblerINS_12X86AssemblerEE22ProcessorReturnAddressEPv
+__ZN3JSC8JITStubs12cti_op_jtrueEPPv
+__ZNK3JSC8JSObject9toBooleanEPNS_9ExecStateE
+__ZN3JSC8JITStubs19cti_op_resolve_funcEPPv
+__ZNK3JSC8JSObject12toThisObjectEPNS_9ExecStateE
+__ZNK3JSC8JSString8toStringEPNS_9ExecStateE
+__ZN3JSC8JITStubs23cti_op_get_by_id_secondEPPv
+__ZN3JSC8JITStubs15tryCacheGetByIDEPNS_9ExecStateEPNS_9CodeBlockEPvNS_7JSValueERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC3JIT26privateCompileGetByIdProtoEPNS_17StructureStubInfoEPNS_9StructureES4_mNS_22AbstractMacroAssemblerINS_12X86Assembl
+__ZN3JSC3JIT22compileGetDirectOffsetEPNS_8JSObjectENS_3X8610RegisterIDES4_m
+__ZN3JSC8JITStubs19cti_vm_lazyLinkCallEPPv
+__ZN3JSC3JIT8linkCallEPNS_10JSFunctionEPNS_9CodeBlockENS_7JITCodeEPNS_12CallLinkInfoEi
+__ZN3JSC8JITStubs10cti_op_endEPPv
+__ZThn16_N3JSC12FuncDeclNodeD0Ev
+__ZN3JSC12FuncDeclNodeD0Ev
+__ZN3WTF25TCMalloc_Central_FreeList11ShrinkCacheEib
+__ZN3JSC10JSFunction18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC10JSFunction11getCallDataERNS_8CallDataE
+__ZN3JSC4callEPNS_9ExecStateENS_7JSValueENS_8CallTypeERKNS_8CallDataES2_RKNS_7ArgListE
+__ZN3JSC11Interpreter7executeEPNS_16FunctionBodyNodeEPNS_9ExecStateEPNS_10JSFunctionEPNS_8JSObjectERKNS_7ArgListEPNS_14ScopeCha
+__ZNK3JSC15DotAccessorNode10isLocationEv
+__ZNK3JSC14ExpressionNode13isResolveNodeEv
+__ZNK3JSC14ExpressionNode21isBracketAccessorNodeEv
+__ZN3JSC19FunctionCallDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC19FunctionCallDotNodeD0Ev
+__ZL26appendToVarDeclarationListPvRPN3JSC15ParserArenaDataIN3WTF6VectorISt4pairINS0_10IdentifierEjELm0EEEEERKS5_j
+__ZN3WTF6VectorISt4pairIN3JSC10IdentifierEjELm0EE14expandCapacityEm
+__ZL14makeAssignNodePvPN3JSC14ExpressionNodeENS0_8OperatorES2_bbiii
+__ZL11makeAddNodePvPN3JSC14ExpressionNodeES2_b
+__ZN3JSC16VarStatementNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17AssignResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC11UnaryOpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC10RegExpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC6RegExp6createEPNS_12JSGlobalDataERKNS_7UStringES5_
+__ZN3JSC4Yarr15jitCompileRegexEPNS_12JSGlobalDataERNS0_14RegexCodeBlockERKNS_7UStringERjRPKcbb
+__ZN3JSC4Yarr12compileRegexERKNS_7UStringERNS0_12RegexPatternE
+__ZN3JSC4Yarr18PatternDisjunction17addNewAlternativeEv
+__ZN3WTF6VectorIPN3JSC4Yarr18PatternAlternativeELm0EE14expandCapacityEm
+__ZN3JSC4Yarr6ParserINS0_23RegexPatternConstructorEE11parseTokensEv
+__ZN3WTF6VectorIN3JSC4Yarr11PatternTermELm0EE14expandCapacityEmPKS3_
+__ZN3WTF6VectorIN3JSC4Yarr11PatternTermELm0EE14expandCapacityEm
+__ZN3JSC4Yarr6ParserINS0_23RegexPatternConstructorEE11parseEscapeILb0ES2_EEbRT0_
+__ZN3JSC4Yarr23RegexPatternConstructor25atomBuiltInCharacterClassENS0_23BuiltInCharacterClassIDEb
+__ZN3JSC4Yarr14wordcharCreateEv
+__ZN3WTF6VectorItLm0EE14expandCapacityEm
+__ZN3WTF6VectorIN3JSC4Yarr14CharacterRangeELm0EE14expandCapacityEmPKS3_
+__ZN3WTF6VectorIN3JSC4Yarr14CharacterRangeELm0EE14expandCapacityEm
+__ZN3WTF6VectorIPN3JSC4Yarr14CharacterClassELm0EE14expandCapacityEmPKS4_
+__ZN3WTF6VectorIPN3JSC4Yarr14CharacterClassELm0EE14expandCapacityEm
+__ZN3JSC4Yarr14RegexGenerator19generateDisjunctionEPNS0_18PatternDisjunctionE
+__ZN3JSC12X86Assembler7addl_irEiNS_3X8610RegisterIDE
+__ZN3JSC23MacroAssemblerX86Common8branch32ENS0_9ConditionENS_3X8610RegisterIDES3_
+__ZN3JSC22AbstractMacroAssemblerINS_12X86AssemblerEE8JumpList6appendENS2_4JumpE
+__ZN3JSC4Yarr14RegexGenerator12generateTermERNS1_19TermGenerationStateE
+__ZN3JSC23MacroAssemblerX86Common8branch32ENS0_9ConditionENS_3X8610RegisterIDENS_22AbstractMacroAssemblerINS_12X86AssemblerEE5I
+__ZN3JSC4Yarr14RegexGenerator19TermGenerationState15jumpToBacktrackENS_22AbstractMacroAssemblerINS_12X86AssemblerEE4JumpEPNS_14
+__ZN3JSC4Yarr14RegexGenerator13readCharacterEiNS_3X8610RegisterIDE
+__ZN3JSC4Yarr14RegexGenerator19matchCharacterClassENS_3X8610RegisterIDERNS_22AbstractMacroAssemblerINS_12X86AssemblerEE8JumpLis
+__ZN3JSC4Yarr14RegexGenerator24matchCharacterClassRangeENS_3X8610RegisterIDERNS_22AbstractMacroAssemblerINS_12X86AssemblerEE8Ju
+__ZN3JSC22AbstractMacroAssemblerINS_12X86AssemblerEE8JumpList4linkEPS2_
+__ZN3JSC23MacroAssemblerX86Common4jumpEv
+__ZN3WTF6VectorIN3JSC22AbstractMacroAssemblerINS1_12X86AssemblerEE4JumpELm16EED1Ev
+__ZN3JSC4Yarr14RegexGenerator28generateCharacterClassGreedyERNS1_19TermGenerationStateE
+__ZN3JSC12X86Assembler7subl_irEiNS_3X8610RegisterIDE
+__ZN3JSC15AssemblerBuffer4growEv
+__ZN3WTF15deleteAllValuesIPN3JSC4Yarr14CharacterClassELm0EEEvRKNS_6VectorIT_XT0_EEE
+__ZN3JSC17BytecodeGenerator13emitNewRegExpEPNS_10RegisterIDEPNS_6RegExpE
+__ZN3JSC15ConditionalNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC9EqualNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC14ExpressionNode6isNullEv
+__ZNK3JSC10StringNode6isPureERNS_17BytecodeGeneratorE
+__ZN3JSC19BracketAccessorNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC10NumberNode6isPureERNS_17BytecodeGeneratorE
+__ZN3JSC10NumberNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator8emitLoadEPNS_10RegisterIDEd
+__ZN3JSC17BytecodeGenerator12emitGetByValEPNS_10RegisterIDES2_S2_
+__ZN3JSC17BytecodeGenerator14emitEqualityOpENS_8OpcodeIDEPNS_10RegisterIDES3_S3_
+__ZN3JSC19ReverseBinaryOpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC14ExpressionNode5isAddEv
+__ZN3JSC12SmallStrings27createSingleCharacterStringEPNS_12JSGlobalDataEh
+__ZN3JSC13AssignDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator11emitPutByIdEPNS_10RegisterIDERKNS_10IdentifierES2_
+__ZN3JSC17AssignResolveNodeD0Ev
+__ZN3JSC15ParserArenaDataIN3WTF6VectorISt4pairINS_10IdentifierEjELm0EEEED0Ev
+__ZN3JSC16VarStatementNodeD0Ev
+__ZN3JSC14LogicalNotNodeD0Ev
+__ZN3JSC10RegExpNodeD0Ev
+__ZN3JSC10NumberNodeD0Ev
+__ZN3JSC19BracketAccessorNodeD0Ev
+__ZN3JSC9EqualNodeD0Ev
+__ZN3JSC15ConditionalNodeD0Ev
+__ZN3JSC7AddNodeD0Ev
+__ZN3JSC13GreaterEqNodeD0Ev
+__ZN3JSC13AssignDotNodeD0Ev
+__ZN3JSC3JIT13emit_op_jtrueEPNS_11InstructionE
+__ZN3JSC3JIT18emit_op_new_regexpEPNS_11InstructionE
+__ZN3JSC3JIT18emit_op_get_by_valEPNS_11InstructionE
+__ZN3JSC3JIT10emit_op_eqEPNS_11InstructionE
+__ZN3JSC3JIT11emit_op_addEPNS_11InstructionE
+__ZN3JSC11JITStubCall11addArgumentEjNS_3X8610RegisterIDE
+__ZN3JSC3JIT16emit_op_jnlesseqEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_put_by_idEPNS_11InstructionE
+__ZN3JSC3JIT21compilePutByIdHotPathEiPNS_10IdentifierEij
+__ZN3JSC3JIT17emitSlow_op_jtrueEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT22emitSlow_op_get_by_valEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT14emitSlow_op_eqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT20emitSlow_op_jnlesseqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC20MacroAssemblerX86_6413branchTestPtrENS_23MacroAssemblerX86Common9ConditionENS_3X8610RegisterIDES4_
+__ZN3JSC12X86Assembler23X86InstructionFormatter9twoByteOpENS0_15TwoByteOpcodeIDEiNS_3X8610RegisterIDE
+__ZN3JSC23MacroAssemblerX86Common12branchDoubleENS0_15DoubleConditionENS_3X8613XMMRegisterIDES3_
+__ZN3JSC3JIT21emitSlow_op_put_by_idEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT22compilePutByIdSlowCaseEiPNS_10IdentifierEiRPNS_13SlowCaseEntryEj
+__ZN3JSC13LogicalOpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3WTF6VectorIN3JSC17GlobalResolveInfoELm0EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator14emitJumpIfTrueEPNS_10RegisterIDEPNS_5LabelE
+__ZN3JSC13LogicalOpNodeD0Ev
+__ZN3JSC3JIT22emit_op_resolve_globalEPNS_11InstructionE
+__ZN3JSC8JITStubs21cti_op_resolve_globalEPPv
+__ZNK3JSC8JSString9toBooleanEPNS_9ExecStateE
+__ZN3JSC8JSString18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC15StringPrototype18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC12StringObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL20stringProtoFuncMatchEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC8JSString12toThisStringEPNS_9ExecStateE
+__ZNK3JSC6JSCell8isObjectEPKNS_9ClassInfoE
+__ZNK3JSC6JSCell9classInfoEv
+__ZN3JSC4Yarr23RegexPatternConstructor20atomPatternCharacterEt
+__ZN3JSC4Yarr25CharacterClassConstructor7putCharEt
+__ZN3JSC4Yarr25CharacterClassConstructor9addSortedERN3WTF6VectorItLm0EEEt
+__ZN3JSC4Yarr23RegexPatternConstructor21atomCharacterClassEndEv
+__ZN3JSC4Yarr23RegexPatternConstructor23setupDisjunctionOffsetsEPNS0_18PatternDisjunctionEjj
+__ZN3JSC4Yarr14RegexGenerator25generateParenthesesSingleERNS1_19TermGenerationStateE
+__ZN3JSC4Yarr14RegexGenerator30generateParenthesesDisjunctionERNS0_11PatternTermERNS1_19TermGenerationStateEj
+__ZN3WTF6VectorIN3JSC4Yarr14RegexGenerator26AlternativeBacktrackRecordELm0EE14expandCapacityEm
+__ZN3JSC4Yarr14RegexGenerator19jumpIfCharNotEqualsEti
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDEiNS_3X8610RegisterIDES4_ii
+__ZN3JSC4Yarr14RegexGenerator19TermGenerationState15jumpToBacktrackERNS_22AbstractMacroAssemblerINS_12X86AssemblerEE8JumpListEP
+__ZN3JSC17RegExpConstructor12performMatchEPNS_6RegExpERKNS_7UStringEiRiS6_PPi
+__ZN3JSC6RegExp5matchERKNS_7UStringEiPN3WTF11OwnArrayPtrIiEE
+__ZN3JSC4Yarr12executeRegexERNS0_14RegexCodeBlockEPKtjjPii
+__ZN3JSC8JITStubs17cti_op_new_regexpEPPv
+__ZN3JSC12RegExpObjectC1EN3WTF10PassRefPtrINS_9StructureEEENS2_INS_6RegExpEEE
+__ZNK3JSC12RegExpObject9classInfoEv
+__ZN3JSC18RegExpMatchesArrayC2EPNS_9ExecStateEPNS_24RegExpConstructorPrivateE
+__ZN3JSC8JITStubs17cti_op_get_by_valEPPv
+__ZN3JSC18RegExpMatchesArray18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC18RegExpMatchesArray17fillArrayInstanceEPNS_9ExecStateE
+__ZN3JSC11jsSubstringEPNS_12JSGlobalDataERKNS_7UStringEjj
+__ZN3JSC7JSArray3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC8JSObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC7JSArray18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC8JITStubs9cti_op_eqEPPv
+__ZN3JSCeqERKNS_7UStringES2_
+__ZN3JSC8JITStubs10cti_op_addEPPv
+__ZN3JSC11concatenateEPNS_7UString3RepES2_
+__ZN3JSCL22stringProtoFuncIndexOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7UString4findERKS0_i
+__ZN3JSC8JITStubs16cti_op_put_by_idEPPv
+__ZNK3JSC7UString8toUInt32EPbb
+__ZNK3JSC7UString8toDoubleEbb
+__ZNK3JSC7UString10getCStringERN3WTF6VectorIcLm32EEE
+__ZN3WTF14FastMallocZone11forceUnlockEP14_malloc_zone_t
+__Z15jsRegExpCompilePKti24JSRegExpIgnoreCaseOption23JSRegExpMultilineOptionPjPPKc
+__ZL30calculateCompiledPatternLengthPKti24JSRegExpIgnoreCaseOptionR11CompileDataR9ErrorCode
+__ZL11checkEscapePPKtS0_P9ErrorCodeib
+__ZL13compileBranchiPiPPhPPKtS3_P9ErrorCodeS_S_R11CompileData
+__Z15jsRegExpExecutePK8JSRegExpPKtiiPii
+__ZL5matchPKtPKhiR9MatchData
+__ZNK3JSC7UString14toStrictUInt32EPb
+__ZN3JSC17ObjectLiteralNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC16PropertyListNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC7TryNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator9emitCatchEPNS_10RegisterIDEPNS_5LabelES4_
+__ZN3WTF6VectorIN3JSC11HandlerInfoELm0EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator16emitPushNewScopeEPNS_10RegisterIDERNS_10IdentifierES2_
+__ZN3WTF6VectorIN3JSC18ControlFlowContextELm0EE14expandCapacityEm
+__ZNK3JSC14ExpressionNode6isPureERNS_17BytecodeGeneratorE
+__ZN3JSC12PropertyNodeD0Ev
+__ZN3JSC16PropertyListNodeD0Ev
+__ZN3JSC17ObjectLiteralNodeD0Ev
+__ZN3JSC7TryNodeD0Ev
+__ZN3JSC3JIT18emit_op_new_objectEPNS_11InstructionE
+__ZN3JSC3JIT13emit_op_catchEPNS_11InstructionE
+__ZN3JSC3JIT22emit_op_push_new_scopeEPNS_11InstructionE
+__ZN3JSC3JIT15emit_op_resolveEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_pop_scopeEPNS_11InstructionE
+__ZN3JSC8JITStubs17cti_op_new_objectEPPv
+__ZN3JSC20constructEmptyObjectEPNS_9ExecStateE
+__ZN3JSC17StructureStubInfo5derefEv
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEES5_NS_17IdentityExtractorIS5_EENS2_17IdentifierRepHashENS_10HashTraitsIS5_EES
+__ZN3JSC8ThisNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC21ThrowableBinaryOpNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC8ThisNodeD0Ev
+__ZN3JSC6InNodeD0Ev
+__ZN3JSC3JIT29emit_op_enter_with_activationEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_convert_thisEPNS_11InstructionE
+__ZN3JSC3JIT27emit_op_tear_off_activationEPNS_11InstructionE
+__ZN3JSC3JIT24emitSlow_op_convert_thisEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs22cti_op_push_activationEPPv
+__ZN3JSC12JSActivationC1EPNS_9ExecStateEN3WTF10PassRefPtrINS_16FunctionBodyNodeEEE
+__ZN3JSC12JSActivationC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_16FunctionBodyNodeEEE
+__ZN3JSC4Yarr6ParserINS0_23RegexPatternConstructorEE11parseEscapeILb1ENS3_28CharacterClassParserDelegateEEEbRT0_
+__ZN3JSC4Yarr12digitsCreateEv
+__ZN3JSC4Yarr25CharacterClassConstructor6appendEPKNS0_14CharacterClassE
+__ZN3JSC4Yarr25CharacterClassConstructor14addSortedRangeERN3WTF6VectorINS0_14CharacterRangeELm0EEEtt
+__ZN3JSC4Yarr6ParserINS0_23RegexPatternConstructorEE28CharacterClassParserDelegate20atomPatternCharacterEt
+__ZN3JSC11GreaterNodeD0Ev
+__ZN3JSCL26stringProtoFuncToLowerCaseEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JSString14toThisJSStringEPNS_9ExecStateE
+__ZN3JSC7UStringC2EPtib
+__ZN3JSC18globalFuncParseIntEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC11JSImmediate12nonInlineNaNEv
+__ZN3JSC8JITStubs11cti_op_lessEPPv
+__ZN3JSC8JITStubs9cti_op_inEPPv
+__ZNK3JSC6JSCell9getUInt32ERj
+__ZNK3JSC8JSObject11hasPropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZL14makePrefixNodePvPN3JSC14ExpressionNodeENS0_8OperatorEiii
+__ZN3JSC7ForNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator13newLabelScopeENS_10LabelScope4TypeEPKNS_10IdentifierE
+__ZN3JSC12ContinueNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator14continueTargetERKNS_10IdentifierE
+__ZN3JSC17BytecodeGenerator14emitJumpScopesEPNS_5LabelEi
+__ZN3JSC17PrefixResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC21ReadModifyResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC11NewExprNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator13emitConstructEPNS_10RegisterIDES2_PNS_13ArgumentsNodeEjjj
+__ZN3WTF6VectorIN3JSC20GetByIdExceptionInfoELm0EE14expandCapacityEm
+__ZN3JSC8LessNodeD0Ev
+__ZN3JSC17PrefixResolveNodeD0Ev
+__ZN3JSC12ContinueNodeD0Ev
+__ZN3JSC7ForNodeD0Ev
+__ZN3JSC21ReadModifyResolveNodeD0Ev
+__ZN3JSC11NewExprNodeD0Ev
+__ZN3JSC3JIT11emit_op_notEPNS_11InstructionE
+__ZN3JSC3JIT15emit_op_pre_incEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_loop_if_lessEPNS_11InstructionE
+__ZN3JSC3JIT16emitTimeoutCheckEv
+__ZN3JSC3JIT20compileBinaryArithOpENS_8OpcodeIDEjjjNS_12OperandTypesE
+__ZN3JSC3JIT11emit_op_subEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_constructEPNS_11InstructionE
+__ZN3JSC3JIT24emit_op_construct_verifyEPNS_11InstructionE
+__ZN3JSC3JIT15emitSlow_op_notEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT19emitSlow_op_pre_incEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT24emitSlow_op_loop_if_lessEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT15emitSlow_op_addEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT28compileBinaryArithOpSlowCaseENS_8OpcodeIDERPNS_13SlowCaseEntryEjjjNS_12OperandTypesE
+__ZN3JSC15AssemblerBuffer7putByteEi
+__ZN3JSC12X86Assembler23X86InstructionFormatter11twoByteOp64ENS0_15TwoByteOpcodeIDEiNS_3X8610RegisterIDE
+__ZN3JSC3JIT15emitSlow_op_subEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT21emitSlow_op_constructEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT27compileOpConstructSetupArgsEPNS_11InstructionE
+__ZN3JSC3JIT28emitSlow_op_construct_verifyEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC7UString4fromEj
+__ZN3JSC10Identifier11addSlowCaseEPNS_9ExecStateEPNS_7UString3RepE
+__ZN3JSC8JITStubs10cti_op_notEPPv
+__ZN3JSC8JITStubs24cti_op_get_by_id_genericEPPv
+__ZN3JSC7JSArrayC2EN3WTF10PassRefPtrINS_9StructureEEERKNS_7ArgListE
+__ZN3JSC7JSArray18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL24stringProtoFuncSubstringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs31cti_op_construct_NotJSConstructEPPv
+__ZN3JSC3JIT33privateCompilePatchGetArrayLengthENS_22AbstractMacroAssemblerINS_12X86AssemblerEE22ProcessorReturnAddressE
+__ZN3JSC8JITStubs27cti_op_get_by_id_proto_listEPPv
+__ZN3JSC3JIT30privateCompileGetByIdProtoListEPNS_17StructureStubInfoEPNS_30PolymorphicAccessStructureListEiPNS_9StructureES6_mP
+__ZN3JSC3JIT16patchGetByIdSelfEPNS_17StructureStubInfoEPNS_9StructureEmNS_22AbstractMacroAssemblerINS_12X86AssemblerEE22Process
+__ZN3JSC14StructureChainC1EPNS_9StructureE
+__ZN3JSC14StructureChainC2EPNS_9StructureE
+__ZN3JSC3JIT26privateCompileGetByIdChainEPNS_17StructureStubInfoEPNS_9StructureEPNS_14StructureChainEmmNS_22AbstractMacroAssemb
+__ZN3JSC8JITStubs23cti_op_put_by_id_secondEPPv
+__ZN3JSC8JITStubs15tryCachePutByIDEPNS_9ExecStateEPNS_9CodeBlockEPvNS_7JSValueERKNS_15PutPropertySlotE
+__ZN3JSC8JITStubs24cti_op_put_by_id_genericEPPv
+__ZN3JSC8JITStubs26cti_op_tear_off_activationEPPv
+__ZN3JSC8JITStubs21cti_op_ret_scopeChainEPPv
+__ZN3JSC17BytecodeGenerator16emitPutScopedVarEmiPNS_10RegisterIDENS_7JSValueE
+__ZN3JSC3JIT22emit_op_get_scoped_varEPNS_11InstructionE
+__ZN3JSC3JIT22emit_op_put_scoped_varEPNS_11InstructionE
+__ZN3JSC3JIT29emitPutVariableObjectRegisterENS_3X8610RegisterIDES2_i
+__ZN3JSC12X86Assembler7movq_rrENS_3X8610RegisterIDENS1_13XMMRegisterIDE
+__ZN3WTF20TCMalloc_ThreadCache18DestroyThreadCacheEPv
+__ZN3WTF20TCMalloc_ThreadCache11DeleteCacheEPS0_
+__ZN3JSC15StrictEqualNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC15StrictEqualNodeD0Ev
+__ZN3JSC3JIT16emit_op_stricteqEPNS_11InstructionE
+__ZN3JSC3JIT17compileOpStrictEqEPNS_11InstructionENS0_21CompileOpStrictEqTypeE
+__ZN3JSC3JIT20emitSlow_op_stricteqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs15cti_op_stricteqEPPv
+__ZN3WTF12detachThreadEj
+__ZN3WTFL26pthreadHandleForIdentifierEj
+__ZN3WTFL31clearPthreadHandleForIdentifierEj
+__ZN3WTF6VectorIPNS0_IN3JSC10IdentifierELm64EEELm32EE14expandCapacityEmPKS4_
+__ZN3WTF6VectorIPNS0_IN3JSC10IdentifierELm64EEELm32EE15reserveCapacityEm
+__ZN3JSC8NullNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC8NullNodeD0Ev
+__ZN3WTF7HashMapISt4pairINS_6RefPtrIN3JSC7UString3RepEEEjEPNS3_9StructureENS3_28StructureTransitionTableHashENS3_34StructureTra
+__ZN3WTF9HashTableISt4pairINS_6RefPtrIN3JSC7UString3RepEEEjES1_IS7_PNS3_9StructureEENS_18PairFirstExtractorISA_EENS3_28Structur
+__ZN3JSC9Structure22materializePropertyMapEv
+__ZN3JSC15TypeOfValueNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC15TypeOfValueNodeD0Ev
+__ZN3JSC12NotEqualNodeD0Ev
+__ZN3JSC3JIT11emit_op_neqEPNS_11InstructionE
+__ZN3JSC3JIT15emitSlow_op_neqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs13cti_op_typeofEPPv
+__ZN3JSC20jsTypeStringForValueEPNS_9ExecStateENS_7JSValueE
+__ZN3JSC8JITStubs10cti_op_neqEPPv
+__ZN3JSC14ExecutablePool13systemReleaseERKNS0_10AllocationE
+__ZN3WTF6VectorItLm0EE14expandCapacityEmPKt
+__ZNK3JSC10NumberNode8isNumberEv
+__ZNK3JSC14ExpressionNode10isLocationEv
+__ZN3WTF6VectorIPN3JSC10RegisterIDELm32EE14expandCapacityEm
+__ZNK3JSC11BooleanNode6isPureERNS_17BytecodeGeneratorE
+__ZN3JSC4Yarr13newlineCreateEv
+__ZN3JSC12X86Assembler23X86InstructionFormatter15emitRexIfNeededEiii
+__ZN3JSC12X86Assembler23X86InstructionFormatter11memoryModRMEiNS_3X8610RegisterIDES3_ii
+__ZN3JSC17TypeOfResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator15emitResolveBaseEPNS_10RegisterIDERKNS_10IdentifierE
+__ZN3JSC17BytecodeGenerator20emitLoadGlobalObjectEPNS_10RegisterIDEPNS_8JSObjectE
+__ZN3WTF6VectorIN3JSC7JSValueELm0EE14expandCapacityEm
+__ZNK3JSC7AddNode5isAddEv
+__ZN3JSC12BinaryOpNode10emitStrcatERNS_17BytecodeGeneratorEPNS_10RegisterIDES4_PNS_21ReadModifyResolveNodeE
+__ZNK3JSC10StringNode8isStringEv
+__ZNK3JSC14ExpressionNode8isStringEv
+__ZN3JSC17BytecodeGenerator10emitStrcatEPNS_10RegisterIDES2_i
+__ZN3JSC4Yarr12spacesCreateEv
+__ZN3JSC4Yarr15nonspacesCreateEv
+__ZN3JSC8WithNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator13emitPushScopeEPNS_10RegisterIDE
+__ZN3JSC23MacroAssemblerX86Common4moveENS_22AbstractMacroAssemblerINS_12X86AssemblerEE5Imm32ENS_3X8610RegisterIDE
+__ZN3JSC14MacroAssembler4peekENS_3X8610RegisterIDEi
+__ZN3JSC4Yarr14RegexGenerator12atEndOfInputEv
+__ZN3JSC22AbstractMacroAssemblerINS_12X86AssemblerEE8JumpList6linkToENS2_5LabelEPS2_
+__ZN3JSC14MacroAssembler4pokeENS_3X8610RegisterIDEi
+__ZN3JSC21FunctionCallValueNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC9ArrayNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator12emitNewArrayEPNS_10RegisterIDEPNS_11ElementNodeE
+__ZN3JSC23CallFunctionCallDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator25emitJumpIfNotFunctionCallEPNS_10RegisterIDEPNS_5LabelE
+__ZN3JSC4Yarr14RegexGenerator29generateAssertionWordBoundaryERNS1_19TermGenerationStateE
+__ZN3JSC4Yarr14RegexGenerator22matchAssertionWordcharERNS1_19TermGenerationStateERNS_22AbstractMacroAssemblerINS_12X86Assembler
+__ZN3WTF6VectorIPN3JSC4Yarr18PatternDisjunctionELm4EE14expandCapacityEm
+__ZL14compileBracketiPiPPhPPKtS3_P9ErrorCodeiS_S_R11CompileData
+__ZN3JSC9ThrowNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC9CommaNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3WTF9HashTableIdSt4pairIdN3JSC7JSValueEENS_18PairFirstExtractorIS4_EENS_9FloatHashIdEENS_14PairHashTraitsINS_10HashTraitsId
+__ZN3JSC17TypeOfResolveNodeD0Ev
+__ZN3JSC18NotStrictEqualNodeD0Ev
+__ZN3JSC8WithNodeD0Ev
+__ZN3JSC21FunctionCallValueNodeD0Ev
+__ZN3JSC9ArrayNodeD0Ev
+__ZN3JSC11ElementNodeD0Ev
+__ZN3JSC23CallFunctionCallDotNodeD0Ev
+__ZN3JSC9ThrowNodeD0Ev
+__ZN3JSC9CommaNodeD0Ev
+__ZN3JSC3JIT23emit_op_unexpected_loadEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_to_primitiveEPNS_11InstructionE
+__ZN3JSC3JIT14emit_op_strcatEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_nstricteqEPNS_11InstructionE
+__ZN3JSC3JIT18emit_op_push_scopeEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_new_arrayEPNS_11InstructionE
+__ZN3JSC3JIT16emit_op_jneq_ptrEPNS_11InstructionE
+__ZN3JSC3JIT13emit_op_throwEPNS_11InstructionE
+__ZN3JSC3JIT14emit_op_jnlessEPNS_11InstructionE
+__ZN3JSC3JIT24emitSlow_op_to_primitiveEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT21emitSlow_op_nstricteqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT18emitSlow_op_jnlessEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZL15makePostfixNodePvPN3JSC14ExpressionNodeENS0_8OperatorEiii
+__ZN3JSC18PostfixResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC18PostfixResolveNodeD0Ev
+__ZN3JSC8JITStubs22cti_op_call_arityCheckEPPv
+__ZN3JSC19FunctionConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL32constructWithFunctionConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC17constructFunctionEPNS_9ExecStateERKNS_7ArgListERKNS_10IdentifierERKNS_7UStringEi
+__ZN3JSCplERKNS_7UStringES2_
+__ZN3JSC7UString6appendERKS0_
+__ZN3JSC7UString17expandPreCapacityEi
+__ZN3WTF11fastReallocILb0EEEPvS1_m
+__ZN3JSC14JSGlobalObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZL11makeDivNodePvPN3JSC14ExpressionNodeES2_b
+__ZL12makeMultNodePvPN3JSC14ExpressionNodeES2_b
+__ZN3JSC9WhileNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC7ModNodeD0Ev
+__ZN3JSC7DivNodeD0Ev
+__ZN3JSC8MultNodeD0Ev
+__ZN3JSC9WhileNodeD0Ev
+__ZN3JSC3JIT11emit_op_modEPNS_11InstructionE
+__ZN3JSC3JIT11emit_op_mulEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_loop_if_trueEPNS_11InstructionE
+__ZN3JSC3JIT15emitSlow_op_modEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT15emitSlow_op_mulEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT24emitSlow_op_loop_if_trueEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSCL26stringProtoFuncLastIndexOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7JSValue20toIntegerPreserveNaNEPNS_9ExecStateE
+__ZN3JSC8JITStubs10cti_op_divEPPv
+__ZN3JSC3JIT22emit_op_loop_if_lesseqEPNS_11InstructionE
+__ZN3JSC3JIT26emitSlow_op_loop_if_lesseqEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs13cti_op_lesseqEPPv
+__ZN3JSCL20stringProtoFuncSplitEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC19constructEmptyArrayEPNS_9ExecStateE
+__ZN3JSC7JSArray3putEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC7JSArray11putSlowCaseEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC14ArrayPrototype18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL18arrayProtoFuncJoinEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF7HashSetIPN3JSC8JSObjectENS_7PtrHashIS3_EENS_10HashTraitsIS3_EEE3addERKS3_
+__ZN3WTF9HashTableIPN3JSC8JSObjectES3_NS_17IdentityExtractorIS3_EENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES9_E6rehashEi
+__ZN3WTF6VectorItLm256EE6appendItEEvPKT_m
+__ZN3WTF6VectorItLm256EE14expandCapacityEm
+__ZN3WTF6VectorIPN3JSC12CallLinkInfoELm0EE15reserveCapacityEm
+__ZN3JSC4Heap7collectEv
+__ZN3JSC4Heap30markStackObjectsConservativelyEv
+__ZN3JSC4Heap31markCurrentThreadConservativelyEv
+__ZN3JSC4Heap39markCurrentThreadConservativelyInternalEv
+__ZN3JSC4Heap18markConservativelyEPvS1_
+__ZN3JSC7JSArray4markEv
+__ZN3JSC8JSObject4markEv
+__ZN3JSC10JSFunction4markEv
+__ZN3JSC6JSCell4markEv
+__ZN3JSC14JSGlobalObject4markEv
+__ZN3JSC15JSWrapperObject4markEv
+__ZN3JSC18GlobalEvalFunction4markEv
+__ZN3JSC16FunctionBodyNode4markEv
+__ZN3JSC9CodeBlock4markEv
+__ZN3JSC4Heap20markProtectedObjectsEv
+__ZN3JSC12SmallStrings4markEv
+__ZN3JSC4Heap5sweepILNS_8HeapTypeE0EEEmv
+__ZN3JSC14JSGlobalObjectD2Ev
+__ZN3JSC17FunctionPrototypeD1Ev
+__ZN3JSC15ObjectPrototypeD1Ev
+__ZN3JSC14ArrayPrototypeD1Ev
+__ZN3JSC15StringPrototypeD1Ev
+__ZN3JSC16BooleanPrototypeD1Ev
+__ZN3JSC15NumberPrototypeD1Ev
+__ZN3JSC13DatePrototypeD1Ev
+__ZN3JSC12DateInstanceD2Ev
+__ZN3JSC15RegExpPrototypeD1Ev
+__ZN3JSC14ErrorPrototypeD1Ev
+__ZN3JSC20NativeErrorPrototypeD1Ev
+__ZN3JSC17ObjectConstructorD1Ev
+__ZN3JSC19FunctionConstructorD1Ev
+__ZN3JSC16ArrayConstructorD1Ev
+__ZN3JSC17StringConstructorD1Ev
+__ZN3JSC18BooleanConstructorD1Ev
+__ZN3JSC17NumberConstructorD1Ev
+__ZN3JSC15DateConstructorD1Ev
+__ZN3JSC17RegExpConstructorD1Ev
+__ZN3JSC16ErrorConstructorD1Ev
+__ZN3JSC22NativeErrorConstructorD1Ev
+__ZN3JSC10MathObjectD1Ev
+__ZN3JSC18GlobalEvalFunctionD1Ev
+__ZN3JSC8JSObjectD1Ev
+__ZN3JSC9CodeBlock13unlinkCallersEv
+__ZN3WTF6VectorINS_6RefPtrIN3JSC6RegExpEEELm0EE6shrinkEm
+__ZN3JSC12JSActivationD1Ev
+__ZN3JSC12JSActivationD2Ev
+__ZN3JSC12RegExpObjectD1Ev
+__ZN3JSC18RegExpMatchesArrayD1Ev
+__ZN3JSC4Heap5sweepILNS_8HeapTypeE1EEEmv
+__ZN3JSC20globalFuncParseFloatEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF17TCMalloc_PageHeap3NewEm
+__ZN3JSC8JITStubs28cti_op_construct_JSConstructEPPv
+__ZN3JSC8JSObject17createInheritorIDEv
+__ZNK3JSC19BracketAccessorNode10isLocationEv
+__ZNK3JSC19BracketAccessorNode21isBracketAccessorNodeEv
+__ZN3JSC17AssignBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator12emitPutByValEPNS_10RegisterIDES2_S2_
+__ZN3JSC14PostfixDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17ReadModifyDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17AssignBracketNodeD0Ev
+__ZN3JSC14PostfixDotNodeD0Ev
+__ZN3JSC17ReadModifyDotNodeD0Ev
+__ZN3JSC3JIT18emit_op_put_by_valEPNS_11InstructionE
+__ZN3JSC3JIT22emitSlow_op_put_by_valEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC16ArrayConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL29constructWithArrayConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSCL27constructArrayWithSizeQuirkEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC8JITStubs23cti_op_put_by_val_arrayEPPv
+__ZN3JSC8JITStubs13cti_op_strcatEPPv
+__ZN3JSC7UString3Rep15reserveCapacityEi
+__ZN3JSC7UString13appendNumericEi
+__ZN3JSC11concatenateEPNS_7UString3RepEi
+__ZN3JSC12JSActivation18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL18stringFromCharCodeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC16globalFuncEscapeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26stringProtoFuncToUpperCaseEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12JSActivation14isDynamicScopeEv
+__ZN3WTF6VectorINS_6RefPtrIN3JSC10RegisterIDEEELm16EE14expandCapacityEm
+__ZN3JSC17ObjectConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL30constructWithObjectConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC8JITStubs17cti_op_put_by_valEPPv
+__ZN3JSC15DateConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL28constructWithDateConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC13constructDateEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC8JITStubs18cti_op_is_functionEPPv
+__ZN3JSC16jsIsFunctionTypeENS_7JSValueE
+__ZN3JSC10Identifier5equalEPKNS_7UString3RepEPKc
+__ZN3JSC11JSImmediate8toStringENS_7JSValueE
+__ZN3JSC7UString4fromEi
+__ZN3JSC7UString3Rep11computeHashEPKti
+__ZNK3JSC8NullNode6isNullEv
+__ZN3JSC9BreakNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator11breakTargetERKNS_10IdentifierE
+__ZN3JSC9BreakNodeD0Ev
+__ZN3JSC3JIT15emit_op_eq_nullEPNS_11InstructionE
+__ZN3JSC8JITStubs19cti_op_is_undefinedEPPv
+__ZN3JSC12JSActivation4markEv
+__ZN3JSC12DateInstanceD1Ev
+__ZNK3JSC18EmptyStatementNode16isEmptyStatementEv
+__ZN3JSC18EmptyStatementNodeD0Ev
+__ZN3JSC3JIT15emit_op_pre_decEPNS_11InstructionE
+__ZN3JSC3JIT19emitSlow_op_pre_decEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3WTF13tryFastMallocEm
+__ZN3JSC8JITStubs17cti_timeout_checkEPPv
+__ZN3JSC14TimeoutChecker10didTimeOutEPNS_9ExecStateE
+__ZN3JSC8JITStubs14cti_op_pre_decEPPv
+__ZN3JSC13jsAddSlowCaseEPNS_9ExecStateENS_7JSValueES2_
+__ZNK3JSC8JSString11toPrimitiveEPNS_9ExecStateENS_22PreferredPrimitiveTypeE
+__ZNK3JSC8JSObject11toPrimitiveEPNS_9ExecStateENS_22PreferredPrimitiveTypeE
+__ZNK3JSC8JSObject12defaultValueEPNS_9ExecStateENS_22PreferredPrimitiveTypeE
+__ZN3JSCL22objectProtoFuncValueOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL25functionProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC10JSFunction9classInfoEv
+__ZNK3JSC21UStringSourceProvider8getRangeEii
+__ZNK3JSC7UString6substrEii
+__ZN3JSC8JITStubs26cti_op_get_by_id_self_failEPPv
+__ZN3JSC3JIT29privateCompileGetByIdSelfListEPNS_17StructureStubInfoEPNS_30PolymorphicAccessStructureListEiPNS_9StructureEm
+__ZN3JSC8JITStubs16cti_op_nstricteqEPPv
+__ZN3JSC9ForInNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator20emitNextPropertyNameEPNS_10RegisterIDES2_PNS_5LabelE
+__ZN3JSC9ForInNodeD0Ev
+__ZN3JSC3JIT18emit_op_next_pnameEPNS_11InstructionE
+__ZN3JSC8JITStubs17cti_op_get_pnamesEPPv
+__ZN3JSC8JSObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3JSC9Structure26getEnumerablePropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayEPNS_8JSObjectE
+__ZN3JSC9Structure35getEnumerableNamesFromPropertyTableERNS_17PropertyNameArrayE
+__ZN3JSC8JITStubs17cti_op_next_pnameEPPv
+__ZN3JSC13jsOwnedStringEPNS_12JSGlobalDataERKNS_7UStringE
+__ZN3JSC22JSPropertyNameIterator10invalidateEv
+__ZN3JSC3JIT22emit_op_init_argumentsEPNS_11InstructionE
+__ZN3JSC3JIT24emit_op_create_argumentsEPNS_11InstructionE
+__ZN3JSC8JITStubs33cti_op_create_arguments_no_paramsEPPv
+__ZN3JSC9Arguments18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC3JIT16emit_op_post_decEPNS_11InstructionE
+__ZN3JSC3JIT20emitSlow_op_post_decEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs15cti_op_post_decEPPv
+__ZN3JSC9Arguments18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC17RegExpConstructor18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC17RegExpConstructor3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC6JSCell11getCallDataERNS_8CallDataE
+__ZN3JSC10JSFunction3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC8JITStubs16cti_op_new_arrayEPPv
+__ZN3JSC14constructArrayEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSCL18arrayProtoFuncPushEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL30comparePropertyMapEntryIndicesEPKvS1_
+__ZN3WTF6VectorIN3JSC10IdentifierELm20EE15reserveCapacityEm
+__ZN3JSC12StringObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC8JITStubs17cti_op_push_scopeEPPv
+__ZN3JSC8JITStubs14cti_op_resolveEPPv
+__ZN3JSC8JITStubs16cti_op_pop_scopeEPPv
+__ZN3JSC3JIT31privateCompilePutByIdTransitionEPNS_17StructureStubInfoEPNS_9StructureES4_mPNS_14StructureChainENS_22AbstractMacr
+__ZN3JSC20MacroAssemblerX86_649branchPtrENS_23MacroAssemblerX86Common9ConditionENS_22AbstractMacroAssemblerINS_12X86AssemblerEE
+__ZN3JSC3JIT19patchPutByIdReplaceEPNS_17StructureStubInfoEPNS_9StructureEmNS_22AbstractMacroAssemblerINS_12X86AssemblerEE22Proc
+__ZN3JSC17NumberConstructor18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC8JITStubs16cti_op_is_stringEPPv
+__ZN3JSC8JITStubs19cti_op_convert_thisEPPv
+__ZNK3JSC8JSString12toThisObjectEPNS_9ExecStateE
+__ZN3JSCL22stringProtoFuncReplaceEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC12StringObject14toThisJSStringEPNS_9ExecStateE
+__ZN3JSCL21arrayProtoFuncForEachEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC11Interpreter20prepareForRepeatCallEPNS_16FunctionBodyNodeEPNS_9ExecStateEPNS_10JSFunctionEiPNS_14ScopeChainNodeEPNS_7J
+__ZN3JSC3JIT16emit_op_post_incEPNS_11InstructionE
+__ZN3JSC3JIT20emitSlow_op_post_incEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC11Interpreter7executeERNS_16CallFrameClosureEPNS_7JSValueE
+__ZN3JSC10MathObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC11Interpreter13endRepeatCallERNS_16CallFrameClosureE
+__ZN3JSCL21resizePropertyStorageEPNS_8JSObjectEii
+__ZN3JSC8JSObject23allocatePropertyStorageEmm
+__ZN3JSC14ExecutablePool12poolAllocateEm
+__ZN3JSC9Arguments4markEv
+__ZN3JSC22JSPropertyNameIterator4markEv
+__ZN3JSC3JIT10unlinkCallEPNS_12CallLinkInfoE
+__ZN3JSC22JSPropertyNameIteratorD1Ev
+__ZN3JSC9ArgumentsD1Ev
+__ZN3JSC9ArgumentsD2Ev
+__ZN3JSC12StringObjectD1Ev
+__ZN3WTF6VectorIPN3JSC9StructureELm8EE14expandCapacityEmPKS3_
+__ZN3WTF6VectorIPN3JSC9StructureELm8EE15reserveCapacityEm
+__ZN3JSCL19arrayProtoFuncShiftEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL11getPropertyEPNS_9ExecStateEPNS_8JSObjectEj
+__ZN3JSC7JSArray14deletePropertyEPNS_9ExecStateEj
+__ZN3JSC7JSArray9setLengthEj
+__ZN3JSC7UString6appendEPKc
+__ZN3JSC8JITStubs23cti_op_create_argumentsEPPv
+__ZN3JSCL19arrayProtoFuncSliceEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7JSValue9toIntegerEPNS_9ExecStateE
+__ZN3JSC24ApplyFunctionCallDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZNK3JSC14ExpressionNode13isSimpleArrayEv
+__ZN3JSC17BytecodeGenerator26emitJumpIfNotFunctionApplyEPNS_10RegisterIDEPNS_5LabelE
+__ZN3JSC17BytecodeGenerator15emitCallVarargsEPNS_10RegisterIDES2_S2_S2_jjj
+__ZN3JSC24ApplyFunctionCallDotNodeD0Ev
+__ZN3JSC3JIT20emit_op_load_varargsEPNS_11InstructionE
+__ZN3JSC3JIT20emit_op_call_varargsEPNS_11InstructionE
+__ZN3JSC3JIT20compileOpCallVarargsEPNS_11InstructionE
+__ZN3JSC3JIT29compileOpCallVarargsSetupArgsEPNS_11InstructionE
+__ZN3JSC3JIT24emitSlow_op_call_varargsEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC3JIT28compileOpCallVarargsSlowCaseEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs19cti_op_load_varargsEPPv
+__ZNK3JSC7JSArray9classInfoEv
+__ZN3JSC7JSArray15copyToRegistersEPNS_9ExecStateEPNS_8RegisterEj
+__ZNK3JSC7UString30spliceSubstringsWithSeparatorsEPKNS0_5RangeEiPKS0_i
+__ZN3JSC8JSObject18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC8JSObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC7UString4fromEd
+__ZN3WTF4dtoaEPcdiPiS1_PS0_
+__ZN3JSC8JITStubs21cti_op_put_by_id_failEPPv
+__ZN3JSC13DeleteDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator14emitDeleteByIdEPNS_10RegisterIDES2_RKNS_10IdentifierE
+__ZN3JSC13DeleteDotNodeD0Ev
+__ZN3JSC3JIT17emit_op_del_by_idEPNS_11InstructionE
+__ZN3JSC8JITStubs16cti_op_del_by_idEPPv
+__ZN3JSC10JSFunction14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSC8JSObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZNK3JSC7ArgList8getSliceEiRS0_
+__ZN3JSC3JIT26emit_op_tear_off_argumentsEPNS_11InstructionE
+__ZN3JSC8JITStubs25cti_op_tear_off_argumentsEPPv
+__ZNK3JSC12StringObject12toThisStringEPNS_9ExecStateE
+__ZN3JSC13PrefixDotNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC13PrefixDotNodeD0Ev
+__ZNK3JSC8JSObject8toStringEPNS_9ExecStateE
+__ZN3JSCL22arrayProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL21arrayProtoFuncIndexOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC16ErrorConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL29constructWithErrorConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC14constructErrorEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSCL21stringProtoFuncCharAtEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs32cti_op_get_by_id_proto_list_fullEPPv
+__ZN3JSC14InstanceOfNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator14emitInstanceOfEPNS_10RegisterIDES2_S2_S2_
+__ZN3JSC14InstanceOfNodeD0Ev
+__ZN3JSC3JIT18emit_op_instanceofEPNS_11InstructionE
+__ZN3JSC3JIT22emitSlow_op_instanceofEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC12X86Assembler6orl_irEiNS_3X8610RegisterIDE
+__ZN3JSC17RegExpConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL30constructWithRegExpConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC15constructRegExpEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC13DatePrototype18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL20dateProtoFuncGetTimeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12DateInstance9classInfoEv
+__ZN3JSC12RegExpObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL19regExpProtoFuncTestEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC12RegExpObject5matchEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC3JIT18emit_op_jmp_scopesEPNS_11InstructionE
+__ZN3JSC3JIT30privateCompileGetByIdChainListEPNS_17StructureStubInfoEPNS_30PolymorphicAccessStructureListEiPNS_9StructureEPNS_1
+__ZN3JSC18globalFuncUnescapeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7UString6appendEt
+__ZN3JSC8JSObject3putEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC17PropertyNameArray3addEPNS_7UString3RepE
+__ZN3WTF7HashSetIPN3JSC7UString3RepENS_7PtrHashIS4_EENS_10HashTraitsIS4_EEE3addERKS4_
+__ZN3WTF9HashTableIPN3JSC7UString3RepES4_NS_17IdentityExtractorIS4_EENS_7PtrHashIS4_EENS_10HashTraitsIS4_EESA_E6rehashEi
+__ZN3WTF6VectorIN3JSC10IdentifierELm20EE14expandCapacityEm
+__ZN3JSCL20arrayProtoFuncConcatEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC9ArrayNode13isSimpleArrayEv
+__ZN3JSC8JITStubs10cti_op_mulEPPv
+__ZN3JSC8JITStubs16cti_op_is_objectEPPv
+__ZN3JSC14jsIsObjectTypeENS_7JSValueE
+__ZNK3JSC11Interpreter18retrieveLastCallerEPNS_9ExecStateERiRlRNS_7UStringERNS_7JSValueE
+__ZN3JSC9CodeBlock34reparseForExceptionInfoIfNecessaryEPNS_9ExecStateE
+__ZNK3JSC10ScopeChain10localDepthEv
+__ZNK3JSC12JSActivation9classInfoEv
+__ZN3JSC6Parser7reparseINS_16FunctionBodyNodeEEEN3WTF10PassRefPtrIT_EEPNS_12JSGlobalDataEPS5_
+__ZN3JSC16FunctionBodyNode6createEPNS_12JSGlobalDataEPNS_14SourceElementsEPN3WTF6VectorISt4pairINS_10IdentifierEjELm0EEEPNS6_IP
+__ZN3JSC13StatementNode6setLocEii
+__ZN3JSC16FunctionBodyNode14copyParametersEv
+__ZN3JSC16FunctionBodyNode13finishParsingEPNS_10IdentifierEm
+__ZN3JSC16FunctionBodyNode31bytecodeForExceptionInfoReparseEPNS_14ScopeChainNodeEPNS_9CodeBlockE
+__ZN3JSC9CodeBlock36hasGlobalResolveInfoAtBytecodeOffsetEj
+__ZN3JSC9CodeBlock27lineNumberForBytecodeOffsetEPNS_9ExecStateEj
+__ZN3WTF6VectorIPvLm0EE14expandCapacityEmPKS1_
+__ZN3WTF6VectorIPvLm0EE15reserveCapacityEm
+__ZN3JSC3JIT16emit_op_jeq_nullEPNS_11InstructionE
+__ZN3JSC8JITStubs16cti_op_is_numberEPPv
+__ZN3JSCL23stringProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12StringObject9classInfoEv
+__ZN3JSC8JITStubs28cti_op_get_by_id_string_failEPPv
+__ZN3JSC11JSImmediate9prototypeENS_7JSValueEPNS_9ExecStateE
+__ZN3JSCL23numberProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC3JIT16emit_op_neq_nullEPNS_11InstructionE
+__ZN3JSC4Yarr23RegexPatternConstructor8copyTermERNS0_11PatternTermE
+__ZL17bracketIsAnchoredPKh
+__ZL32branchFindFirstAssertedCharacterPKhb
+__ZL20branchNeedsLineStartPKhjj
+__ZN3JSC18RegExpMatchesArray18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSCL20stringProtoFuncSliceEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC3JIT17emit_op_jneq_nullEPNS_11InstructionE
+__ZN3JSC8JITStubs25cti_op_call_NotJSFunctionEPPv
+__ZN3JSC17StringConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL21callStringConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12StringObject8toStringEPNS_9ExecStateE
+__ZN3JSC23FunctionCallBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC20EvalFunctionCallNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator19emitResolveWithBaseEPNS_10RegisterIDES2_RKNS_10IdentifierE
+__ZN3JSC23FunctionCallBracketNodeD0Ev
+__ZN3JSC20EvalFunctionCallNodeD0Ev
+__ZN3JSC3JIT25emit_op_resolve_with_baseEPNS_11InstructionE
+__ZN3JSC3JIT17emit_op_call_evalEPNS_11InstructionE
+__ZN3JSC3JIT21emitSlow_op_call_evalEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC14MacroAssembler4jumpENS_22AbstractMacroAssemblerINS_12X86AssemblerEE5LabelE
+__ZN3JSCL19regExpProtoFuncExecEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7UString12replaceRangeEiiRKS0_
+__ZN3JSC8JITStubs17cti_op_is_booleanEPPv
+__ZN3JSC3JIT22emit_op_put_global_varEPNS_11InstructionE
+__ZN3JSCL23regExpProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL18regExpObjectSourceEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL18regExpObjectGlobalEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL22regExpObjectIgnoreCaseEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL21regExpObjectMultilineEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC4Yarr14RegexGenerator30generatePatternCharacterGreedyERNS1_19TermGenerationStateE
+__ZN3JSC8JITStubs27cti_op_get_by_id_proto_failEPPv
+__ZN3JSC17DeleteResolveNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17DeleteResolveNodeD0Ev
+__ZN3JSC3JIT20emit_op_resolve_baseEPNS_11InstructionE
+__ZN3JSC8JITStubs19cti_op_resolve_baseEPPv
+__ZN3JSC12JSActivation14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSC16JSVariableObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZNK3JSC8JSString8toNumberEPNS_9ExecStateE
+__ZN3JSC8JITStubs24cti_op_resolve_with_baseEPPv
+__ZN3JSC8JITStubs16cti_op_call_evalEPPv
+__ZN3JSC11Interpreter8callEvalEPNS_9ExecStateEPNS_12RegisterFileEPNS_8RegisterEiiRNS_7JSValueE
+__ZN3JSC13LiteralParser5Lexer3lexERNS1_18LiteralParserTokenE
+__ZN3JSC13LiteralParser14parseStatementEv
+__ZN3JSC13LiteralParser15parseExpressionEv
+__ZN3JSC13LiteralParser10parseArrayEv
+__ZN3JSC13LiteralParser11parseObjectEv
+__ZN3JSC10Identifier3addEPNS_9ExecStateEPKti
+__ZN3JSC7JSArray4pushEPNS_9ExecStateENS_7JSValueE
+__ZN3JSCL19mathProtoFuncRandomEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF16weakRandomNumberEv
+__ZN3JSCL18mathProtoFuncFloorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC4Heap15recordExtraCostEm
+__ZN3JSC6Parser5parseINS_8EvalNodeEEEN3WTF10PassRefPtrIT_EEPNS_9ExecStateEPNS_8DebuggerERKNS_10SourceCodeEPiPNS_7UStringE
+__ZN3JSC9ExecState9thisValueEv
+__ZN3JSC11Interpreter7executeEPNS_8EvalNodeEPNS_9ExecStateEPNS_8JSObjectEiPNS_14ScopeChainNodeEPNS_7JSValueE
+__ZN3JSC8EvalNode16generateBytecodeEPNS_14ScopeChainNodeE
+__ZN3JSC17BytecodeGeneratorC2EPNS_8EvalNodeEPKNS_8DebuggerERKNS_10ScopeChainEPN3WTF7HashMapINS9_6RefPtrINS_7UString3RepEEENS_16
+__ZN3JSC8EvalNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZThn16_N3JSC8EvalNodeD0Ev
+__ZN3JSC8EvalNodeD0Ev
+__ZN3JSC23objectProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC8JSObject9classNameEv
+__ZN3JSC11JSImmediate12toThisObjectENS_7JSValueEPNS_9ExecStateE
+__ZNK3JSC6JSCell17getTruncatedInt32ERi
+__ZN3JSC15toInt32SlowCaseEdRb
+__ZN3JSCL20dateProtoFuncSetYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12DateInstance21msToGregorianDateTimeEdbRNS_17GregorianDateTimeE
+__ZN3JSC21msToGregorianDateTimeEdbRNS_17GregorianDateTimeE
+__ZN3JSCL12getDSTOffsetEdd
+__ZN3JSC21gregorianDateTimeToMSERKNS_17GregorianDateTimeEdb
+__ZN3JSCL15dateToDayInYearEiii
+__ZN3JSC8JITStubs19cti_op_to_primitiveEPPv
+__ZN3JSCL21dateProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC10formatTimeERKNS_17GregorianDateTimeEb
+__ZN3JSCL24dateProtoFuncToGMTStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7UString13appendNumericEd
+__ZN3JSC11concatenateEPNS_7UString3RepEd
+__ZN3JSCL20dateProtoFuncGetYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL20dateProtoFuncGetDateEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL21dateProtoFuncGetMonthEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL21dateProtoFuncGetHoursEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23dateProtoFuncGetMinutesEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23dateProtoFuncGetSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL19dateProtoFuncGetDayEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL30dateProtoFuncGetTimezoneOffsetEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC28createUndefinedVariableErrorEPNS_9ExecStateERKNS_10IdentifierEjPNS_9CodeBlockE
+__ZN3JSC9CodeBlock32expressionRangeForBytecodeOffsetEPNS_9ExecStateEjRiS3_S3_
+__ZN3JSC5Error6createEPNS_9ExecStateENS_9ErrorTypeERKNS_7UStringEilS6_
+__ZN3JSC22NativeErrorConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL35constructWithNativeErrorConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC22NativeErrorConstructor9constructEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC8JSObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueEj
+__ZN3JSCL23returnToThrowTrampolineEPNS_12JSGlobalDataEPvRS2_
+_ctiVMThrowTrampoline
+__ZN3JSC8JITStubs12cti_vm_throwEPPv
+__ZN3JSC11Interpreter14throwExceptionERPNS_9ExecStateERNS_7JSValueEjb
+__ZNK3JSC8JSObject22isNotAnObjectErrorStubEv
+__ZNK3JSC8JSObject19isWatchdogExceptionEv
+__ZN3JSC9CodeBlock24handlerForBytecodeOffsetEj
+__ZN3JSC8JITStubs21cti_op_push_new_scopeEPPv
+__ZN3WTF6VectorIN3JSC22AbstractMacroAssemblerINS1_12X86AssemblerEE4JumpELm16EE14expandCapacityEm
+__ZN3JSCL20dateProtoFuncSetTimeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEENS1_INS2_8EvalNodeEEENS_7StrHashIS5_EENS_10HashTraitsIS5_EENSA_IS7_EEE3getEPS4
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEENS1_INS2_8EvalNodeEEENS_7StrHashIS5_EENS_10HashTraitsIS5_EENSA_IS7_EEE3setEPS4_
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEESt4pairIS5_NS1_INS2_8EvalNodeEEEENS_18PairFirstExtractorIS9_EENS_7StrHashIS5_
+__ZN3JSC10LessEqNodeD0Ev
+__ZN3JSC8JITStubs14cti_op_jlesseqEPPv
+__ZN3JSC8JSString18getPrimitiveNumberEPNS_9ExecStateERdRNS_7JSValueE
+__ZL18makeRightShiftNodePvPN3JSC14ExpressionNodeES2_b
+__ZN3JSC14RightShiftNodeD0Ev
+__ZN3JSC3JIT14emit_op_rshiftEPNS_11InstructionE
+__ZN3JSC3JIT18emitSlow_op_rshiftEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC18PostfixBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC18PostfixBracketNodeD0Ev
+__ZN3JSC21ReadModifyBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC21ReadModifyBracketNodeD0Ev
+__ZN3JSC11Interpreter15unwindCallFrameERPNS_9ExecStateENS_7JSValueERjRPNS_9CodeBlockE
+__ZN3JSCL22errorProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF23waitForThreadCompletionEjPPv
+__ZN3WTF15ThreadConditionD1Ev
+__ZN3JSC9Structure24removePropertyTransitionEPS0_RKNS_10IdentifierERm
+__ZN3JSC12JSActivation3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC26createNotAnObjectErrorStubEPNS_9ExecStateEb
+__ZN3JSC13JSNotAnObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZNK3JSC22JSNotAnObjectErrorStub22isNotAnObjectErrorStubEv
+__ZN3JSC22createNotAnObjectErrorEPNS_9ExecStateEPNS_22JSNotAnObjectErrorStubEjPNS_9CodeBlockE
+__ZN3JSC9CodeBlock37getByIdExceptionInfoForBytecodeOffsetEPNS_9ExecStateEjRNS_8OpcodeIDE
+__ZN3JSCL18createErrorMessageEPNS_9ExecStateEPNS_9CodeBlockEiiiNS_7JSValueENS_7UStringE
+__ZN3JSC13ErrorInstanceD1Ev
+__ZN3JSC22JSNotAnObjectErrorStubD1Ev
+__ZN3JSC13JSNotAnObjectD1Ev
+__ZN3JSC19JSStaticScopeObjectD1Ev
+__ZN3JSC19JSStaticScopeObjectD2Ev
+__ZN3JSC17DeleteBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17BytecodeGenerator15emitDeleteByValEPNS_10RegisterIDES2_S2_
+__ZN3JSC17DeleteBracketNodeD0Ev
+__ZN3JSC8JITStubs17cti_op_del_by_valEPPv
+__ZN3JSC8JSObject14deletePropertyEPNS_9ExecStateEj
+__ZN3JSC28globalFuncEncodeURIComponentEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL6encodeEPNS_9ExecStateERKNS_7ArgListEPKc
+__ZNK3JSC7UString10UTF8StringEb
+__ZN3WTF7Unicode18convertUTF16ToUTF8EPPKtS2_PPcS4_b
+__ZN3JSC10NegateNodeD0Ev
+__ZN3JSC8JITStubs13cti_op_negateEPPv
+__ZN3JSCL17mathProtoFuncSqrtEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16mathProtoFuncAbsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL18mathProtoFuncRoundEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16mathProtoFuncCosEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16mathProtoFuncSinEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs10cti_op_subEPPv
+__ZNK3JSC8JSObject8toNumberEPNS_9ExecStateE
+__ZN3JSC16ArrayConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL20callArrayConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs10cti_op_modEPPv
+__ZN3JSC8JITStubs12cti_op_jlessEPPv
+__ZL17makeLeftShiftNodePvPN3JSC14ExpressionNodeES2_b
+__ZN3JSC13LeftShiftNodeD0Ev
+__ZN3JSC3JIT14emit_op_lshiftEPNS_11InstructionE
+__ZN3JSC3JIT18emitSlow_op_lshiftEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC11JITStubCall11addArgumentENS_3X8610RegisterIDE
+__ZN3JSCL16mathProtoFuncMaxEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC10BitAndNodeD0Ev
+__ZN3JSC3JIT14emit_op_bitandEPNS_11InstructionE
+__ZN3JSC3JIT18emitSlow_op_bitandEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs13cti_op_bitandEPPv
+__ZN3JSC14BitwiseNotNodeD0Ev
+__ZN3JSC3JIT14emit_op_bitnotEPNS_11InstructionE
+__ZN3JSC3JIT18emitSlow_op_bitnotEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC22UnsignedRightShiftNodeD0Ev
+__ZN3JSC10BitXOrNodeD0Ev
+__ZN3JSC3JIT14emit_op_bitxorEPNS_11InstructionE
+__ZN3JSC3JIT18emitSlow_op_bitxorEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSCL25stringProtoFuncCharCodeAtEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs14cti_op_urshiftEPPv
+__ZN3JSC16toUInt32SlowCaseEdRb
+__ZN3JSCL17mathProtoFuncCeilEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC6JSCell18getTruncatedUInt32ERj
+__ZN3JSC3JIT13emit_op_bitorEPNS_11InstructionE
+__ZN3JSC3JIT17emitSlow_op_bitorEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs12cti_op_bitorEPPv
+__ZN3JSC9BitOrNodeD0Ev
+__ZN3JSC8JITStubs13cti_op_rshiftEPPv
+__ZN3JSC8JITStubs13cti_op_bitxorEPPv
+__ZN3JSC9parseDateERKNS_7UStringE
+__ZN3WTF6VectorIN3JSC10CallRecordELm0EE14expandCapacityEmPKS2_
+__ZNK3JSC12JSActivation12toThisObjectEPNS_9ExecStateE
+__ZN3JSC3JIT20emit_op_resolve_skipEPNS_11InstructionE
+__ZN3JSC8JITStubs19cti_op_resolve_skipEPPv
+__ZN3JSCL24dateProtoFuncGetFullYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC17StringConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL30constructWithStringConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC5equalEPKNS_7UString3RepES3_
+__ZN3JSC8EvalNode4markEv
+__ZN3JSC10SwitchNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC13CaseBlockNode20emitBytecodeForBlockERNS_17BytecodeGeneratorEPNS_10RegisterIDES4_
+__ZN3JSC13CaseBlockNode18tryOptimizedSwitchERN3WTF6VectorIPNS_14ExpressionNodeELm8EEERiS7_
+__ZN3JSCL17processClauseListEPNS_14ClauseListNodeERN3WTF6VectorIPNS_14ExpressionNodeELm8EEERNS_10SwitchKindERbRiSB_
+__ZN3WTF6VectorIPN3JSC14ExpressionNodeELm8EE14expandCapacityEm
+__ZN3WTF6VectorINS_6RefPtrIN3JSC5LabelEEELm8EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator11beginSwitchEPNS_10RegisterIDENS_10SwitchInfo10SwitchTypeE
+__ZN3WTF6VectorIN3JSC10SwitchInfoELm0EE14expandCapacityEm
+__ZN3JSC17BytecodeGenerator9endSwitchEjPN3WTF6RefPtrINS_5LabelEEEPPNS_14ExpressionNodeEPS3_ii
+__ZN3WTF6VectorIN3JSC15SimpleJumpTableELm0EE14expandCapacityEm
+__ZN3WTF6VectorIiLm0EE15reserveCapacityEm
+__ZN3JSC14CaseClauseNodeD0Ev
+__ZN3JSC14ClauseListNodeD0Ev
+__ZN3JSC13CaseBlockNodeD0Ev
+__ZN3JSC10SwitchNodeD0Ev
+__ZN3JSC3JIT19emit_op_switch_charEPNS_11InstructionE
+__ZN3WTF6VectorIN3JSC12SwitchRecordELm0EE14expandCapacityEm
+__ZN3WTF6VectorIN3JSC22AbstractMacroAssemblerINS1_12X86AssemblerEE17CodeLocationLabelELm0EE4growEm
+__ZN3JSC8JITStubs18cti_op_switch_charEPPv
+__ZN3JSCL16mathProtoFuncPowEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF6VectorIcLm0EE14expandCapacityEm
+__ZN3WTF6VectorIN3JSC7UString5RangeELm16EE14expandCapacityEm
+__ZN3WTF6VectorIN3JSC7UStringELm16EE14expandCapacityEmPKS2_
+__ZN3WTF6VectorIN3JSC7UStringELm16EE15reserveCapacityEm
+__ZN3JSC7JSArray16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3JSC9ExecState10arrayTableEPS0_
+__ZN3JSC20MarkedArgumentBuffer10slowAppendENS_7JSValueE
+__ZN3WTF9HashTableIPN3JSC20MarkedArgumentBufferES3_NS_17IdentityExtractorIS3_EENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES9_E6rehas
+__ZN3JSC8JITStubs24cti_op_get_by_val_stringEPPv
+__ZN3JSCL16mathProtoFuncLogEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7UString8toDoubleEv
+__ZN3WTF9HashTableIPN3JSC7UString3RepES4_NS_17IdentityExtractorIS4_EENS_7PtrHashIS4_EENS_10HashTraitsIS4_EESA_E4findIS4_NS_22Id
+__ZN3JSCL29objectProtoFuncHasOwnPropertyEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL18arrayProtoFuncSortEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7JSArray4sortEPNS_9ExecStateENS_7JSValueENS_8CallTypeERKNS_8CallDataE
+__ZN3WTF7AVLTreeIN3JSC32AVLTreeAbstractorForArrayCompareELj44ENS_18AVLTreeDefaultBSetILj44EEEE6insertEi
+__ZN3JSCltERKNS_7UStringES2_
+__ZN3WTF7AVLTreeIN3JSC32AVLTreeAbstractorForArrayCompareELj44ENS_18AVLTreeDefaultBSetILj44EEEE7balanceEi
+__Z12jsRegExpFreeP8JSRegExp
+__ZN3JSCL21stringProtoFuncConcatEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC19globalFuncEncodeURIEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC19globalFuncDecodeURIEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL6decodeEPNS_9ExecStateERKNS_7ArgListEPKcb
+__ZN3WTF7Unicode18UTF8SequenceLengthEc
+__ZN3WTF7Unicode18decodeUTF8SequenceEPKc
+__ZN3JSCL22numberProtoFuncToFixedEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16integerPartNoExpEd
+__ZN3WTF14FastMallocZone10statisticsEP14_malloc_zone_tP19malloc_statistics_t
+__ZN3JSC4Heap26protectedGlobalObjectCountEv
+__ZN3JSC10JSFunction15argumentsGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZNK3JSC11Interpreter17retrieveArgumentsEPNS_9ExecStateEPNS_10JSFunctionE
+__ZN3JSCL21dateProtoFuncSetMonthEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23setNewValueFromDateArgsEPNS_9ExecStateENS_7JSValueERKNS_7ArgListEib
+__ZN3JSCL20dateProtoFuncSetDateEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF6VectorIPNS0_IN3JSC10RegisterIDELm32EEELm32EE14expandCapacityEm
+__ZN3JSC8JITStubs14cti_op_pre_incEPPv
+__ZN3WTF6VectorIPN3JSC14ExpressionNodeELm16EE14expandCapacityEm
+__ZN3JSC13UnaryPlusNodeD0Ev
+__ZN3JSC3JIT19emit_op_to_jsnumberEPNS_11InstructionE
+__ZN3JSC3JIT23emitSlow_op_to_jsnumberEPNS_11InstructionERPNS_13SlowCaseEntryE
+__ZN3JSC8JITStubs18cti_op_to_jsnumberEPPv
+__ZN3JSC6JSLock12DropAllLocksC1Eb
+__ZN3JSCL17createJSLockCountEv
+__ZN3JSC6JSLock12DropAllLocksD1Ev
+__ZN3JSCL24dateProtoFuncSetFullYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF6VectorIN3JSC15StringJumpTableELm0EE15reserveCapacityEm
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEENS2_14OffsetLocationENS_7StrHashIS5_EENS_10HashTraitsIS5_EENS9_IS6_EEE3addEPS4_
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEESt4pairIS5_NS2_14OffsetLocationEENS_18PairFirstExtractorIS8_EENS_7StrHashIS5_
+__ZN3JSC3JIT21emit_op_switch_stringEPNS_11InstructionE
+__ZN3JSC8JITStubs20cti_op_switch_stringEPPv
+__ZN3WTF6VectorIN3JSC14ExecutablePool10AllocationELm2EE14expandCapacityEm
+__ZN3JSC12JSGlobalData6createEb
+__ZN3JSCL13allocateBlockILNS_8HeapTypeE1EEEPNS_14CollectorBlockEv
+__ZN3JSC7JSValueC1EPNS_9ExecStateEd
+__ZN3JSC10JSFunctionC1EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectESA_RK
+__ZN3JSC8JSObject17putDirectFunctionEPNS_9ExecStateEPNS_16InternalFunctionEj
+__ZN3JSC7CStringD1Ev
+__ZN3WTF7HashMapIPvjNS_7PtrHashIS1_EEN3JSC17JSValueHashTraitsENS_10HashTraitsIjEEE3addERKS1_RKj
+__ZN3WTF6VectorINS_6RefPtrIN3JSC12FuncExprNodeEEELm0EE14shrinkCapacityEm
+__ZN3JSC14ExpressionNodeD2Ev
+__ZThn12_N3JSC11ProgramNodeD0Ev
+__ZThn12_N3JSC12FuncExprNodeD0Ev
+__ZThn12_N3JSC16FunctionBodyNodeD0Ev
+__ZN3JSC8JITStubs16cti_op_new_arrayEPvz
+__ZN3WTF6VectorIN3JSC17StructureStubInfoELm0EE15reserveCapacityEm
+__ZN3JSC17BytecodeGenerator10emitOpcodeENS_8OpcodeIDE
+__ZN3JSC23MacroAssemblerX86Common4moveENS_3X8610RegisterIDES2_
+__ZN3JSC8JITStubs15cti_op_new_funcEPvz
+__ZN3JSC8JITStubs21cti_op_resolve_globalEPvz
+__ZN3JSC8JITStubs16cti_op_get_by_idEPvz
+__ZN3JSC8JITStubs31cti_op_construct_NotJSConstructEPvz
+__ZN3JSC8JITStubs16cti_op_put_by_idEPvz
+__ZN3JSC8JITStubs13cti_op_strcatEPvz
+__ZN3JSC8JITStubs19cti_op_resolve_funcEPvz
+__ZN3JSC8JITStubs23cti_vm_dontLazyLinkCallEPvz
+__ZN3JSC8JITStubs22cti_op_call_JSFunctionEPvz
+__ZN3JSC8JITStubs23cti_register_file_checkEPvz
+__ZN3JSC8JITStubs13cti_op_negateEPvz
+__ZN3JSC8JITStubs28cti_op_construct_JSConstructEPvz
+__ZN3JSC23MacroAssemblerX86Common12branchTest32ENS0_9ConditionENS_22AbstractMacroAssemblerINS_12X86AssemblerEE7AddressENS4_5Imm
+__ZN3JSC8JITStubs23cti_op_put_by_val_arrayEPvz
+__ZN3JSC8JITStubs23cti_op_put_by_id_secondEPvz
+__ZN3JSC15AssemblerBuffer14executableCopyEPNS_14ExecutablePoolE
+__ZN3JSC12X86Assembler8sarl_i8rEiNS_3X8610RegisterIDE
+__ZN3JSC12X86Assembler23X86InstructionFormatter9twoByteOpENS0_15TwoByteOpcodeIDEiNS_3X8610RegisterIDEi
+__ZN3JSC8JITStubs10cti_op_mulEPvz
+__ZN3JSC12jsNumberCellEPNS_12JSGlobalDataEd
+__ZN3JSC8JITStubs10cti_op_subEPvz
+__ZN3JSC8JITStubs10cti_op_divEPvz
+__ZN3JSC8JITStubs23cti_op_get_by_id_secondEPvz
+__ZN3JSC8JITStubs19cti_vm_lazyLinkCallEPvz
+__ZN3WTF6VectorIPN3JSC12CallLinkInfoELm0EE14expandCapacityEm
+__ZN3JSC8JITStubs19cti_op_convert_thisEPvz
+__ZN3JSC8JITStubs21cti_op_put_by_id_failEPvz
+__ZN3JSC8JITStubs10cti_op_addEPvz
+__ZN3JSC8JITStubs17cti_timeout_checkEPvz
+__ZN3JSC9jsBooleanEb
+__ZN3JSC9CodeBlock19isKnownNotImmediateEi
+__ZN3JSC12X86Assembler8movsd_mrEiNS_3X8610RegisterIDENS1_13XMMRegisterIDE
+__ZN3JSC8JITStubs25cti_op_call_NotJSFunctionEPvz
+__ZNK3JSC12JSNumberCell8toNumberEPNS_9ExecStateE
+__ZN3JSC8JITStubs26cti_op_get_by_id_self_failEPvz
+__ZN3JSC8JITStubs10cti_op_endEPvz
+__ZThn12_N3JSC12FuncDeclNodeD0Ev
+__ZN3JSC8JITStubs24cti_op_resolve_with_baseEPvz
+__ZN3JSC8JITStubs19cti_op_new_func_expEPvz
+__ZN3JSC8JITStubs22cti_op_push_activationEPvz
+__ZN3JSC8JITStubs17cti_op_get_by_valEPvz
+__ZN3JSC8JITStubs22cti_op_call_arityCheckEPvz
+__ZN3JSC8JITStubs11cti_op_lessEPvz
+__ZN3JSC12JSNumberCell18getPrimitiveNumberEPNS_9ExecStateERdRNS_7JSValueE
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDE
+__ZN3JSC8JITStubs27cti_op_get_by_id_proto_listEPvz
+__ZN3JSC8JITStubs12cti_op_jtrueEPvz
+__ZN3JSC8JITStubs10cti_op_modEPvz
+__ZN3JSC8JITStubs10cti_op_neqEPvz
+__ZN3JSC8JITStubs12cti_op_jlessEPvz
+__ZN3JSC8JITStubs24cti_op_get_by_id_genericEPvz
+__ZN3JSC8JITStubs14cti_op_jlesseqEPvz
+__ZN3JSC8JITStubs26cti_op_tear_off_activationEPvz
+__ZN3JSC8JITStubs21cti_op_ret_scopeChainEPvz
+__ZN3JSC8JITStubs19cti_op_to_primitiveEPvz
+__ZNK3JSC12JSNumberCell8toStringEPNS_9ExecStateE
+__ZN3JSC8JITStubs13cti_op_bitandEPvz
+__ZN3JSC8JITStubs13cti_op_lshiftEPvz
+__ZN3JSC8JITStubs13cti_op_bitnotEPvz
+__ZNK3JSC12JSNumberCell9toBooleanEPNS_9ExecStateE
+__ZN3JSC8JITStubs14cti_op_urshiftEPvz
+__ZNK3JSC12JSNumberCell18getTruncatedUInt32ERj
+__ZN3JSC4Yarr14RegexGenerator28generateCharacterClassSingleERNS1_19TermGenerationStateE
+__ZN3WTF15deleteAllValuesIPN3JSC4Yarr18PatternDisjunctionELm4EEEvRKNS_6VectorIT_XT0_EEE
+__ZN3JSC8JITStubs17cti_op_new_regexpEPvz
+__ZN3JSC8JITStubs12cti_op_bitorEPvz
+__ZNK3JSC12JSNumberCell17getTruncatedInt32ERi
+__ZN3JSC8JITStubs13cti_op_rshiftEPvz
+__ZN3JSC8JITStubs13cti_op_bitxorEPvz
+__ZN3WTF7HashSetINS_6RefPtrIN3JSC7UString3RepEEENS2_17IdentifierRepHashENS_10HashTraitsIS5_EEE3addERKS5_
+__ZN3JSC8JITStubs9cti_op_eqEPvz
+__ZN3JSC8JITStubs16cti_op_call_evalEPvz
+__ZN3JSC8JITStubs19cti_op_resolve_skipEPvz
+__ZN3JSC8JITStubs17cti_op_new_objectEPvz
+__ZN3JSC8JITStubs14cti_op_resolveEPvz
+__ZN3JSC8JITStubs17cti_op_put_by_valEPvz
+__ZN3JSC8JITStubs18cti_op_switch_charEPvz
+__ZN3JSC8JITStubs28cti_op_get_by_id_string_failEPvz
+__ZThn12_N3JSC8EvalNodeD0Ev
+__ZN3WTF6VectorIN3JSC7UStringELm16EE14expandCapacityEm
+__ZN3JSC8JITStubs17cti_op_get_pnamesEPvz
+__ZN3JSC8JITStubs17cti_op_next_pnameEPvz
+__ZN3WTF7HashSetIPN3JSC20MarkedArgumentBufferENS_7PtrHashIS3_EENS_10HashTraitsIS3_EEE3addERKS3_
+__ZN3WTF9HashTableIPN3JSC20MarkedArgumentBufferES3_NS_17IdentityExtractorIS3_EENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES9_E4findI
+__ZN3JSC8JITStubs24cti_op_get_by_val_stringEPvz
+__ZN3JSC4Yarr6ParserINS0_23RegexPatternConstructorEE28CharacterClassParserDelegate25atomBuiltInCharacterClassENS0_23BuiltInChar
+__ZN3JSC12jsNumberCellEPNS_9ExecStateEd
+__ZN3JSC8JITStubs18cti_op_is_functionEPvz
+__ZN3JSC8JITStubs16cti_op_is_objectEPvz
+__ZN3JSC8JITStubs16cti_op_nstricteqEPvz
+__ZN3JSC8JITStubs13cti_op_lesseqEPvz
+__ZNK3JSC12JSNumberCell11toPrimitiveEPNS_9ExecStateENS_22PreferredPrimitiveTypeE
+__ZN3JSC4Yarr14RegexGenerator27generateCharacterClassFixedERNS1_19TermGenerationStateE
+__ZN3JSC4Heap7destroyEv
+__ZN3JSC12JSGlobalDataD1Ev
+__ZN3JSC12JSGlobalDataD2Ev
+__ZN3JSC12RegisterFileD1Ev
+__ZNK3JSC9HashTable11deleteTableEv
+__ZN3JSC5LexerD1Ev
+__ZN3JSC5LexerD2Ev
+__ZN3WTF20deleteAllPairSecondsIP24OpaqueJSClassContextDataKNS_7HashMapIP13OpaqueJSClassS2_NS_7PtrHashIS5_EENS_10HashTraitsIS5_E
+__ZN3JSC17CommonIdentifiersD2Ev
+__ZN3JSC21deleteIdentifierTableEPNS_15IdentifierTableE
+__ZN3JSC4HeapD1Ev
+__ZN3JSC12SmallStringsD1Ev
+__ZN3JSCL16mathProtoFuncMinEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL17arrayProtoFuncPopEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7JSArray3popEv
+__ZN3JSC11DoWhileNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC11DoWhileNodeD0Ev
+__ZN3JSC3JIT18emit_op_switch_immEPNS_11InstructionE
+__ZN3JSC8JITStubs17cti_op_switch_immEPPv
+__ZN3JSC13UnaryPlusNode14stripUnaryPlusEv
+__ZN3JSC15globalFuncIsNaNEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC17NumberConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL21callNumberConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF6VectorIPNS0_IN3JSC10IdentifierELm64EEELm32EE14expandCapacityEm
+__ZN3JSC8JITStubs19cti_op_is_undefinedEPvz
+__ZN3JSC8JITStubs13cti_op_typeofEPvz
+__ZN3JSC8JITStubs33cti_op_create_arguments_no_paramsEPvz
+__ZN3JSC8JITStubs19cti_op_load_varargsEPvz
+__ZN3JSC8JITStubs10cti_op_notEPvz
+__ZN3JSC8JITStubs16cti_op_is_stringEPvz
+__ZN3JSCL24regExpConstructorDollar1EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3WTF6VectorIN3JSC15StringJumpTableELm0EE14expandCapacityEm
+__ZN3JSC8JITStubs20cti_op_switch_stringEPvz
+__ZN3JSC9Arguments3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC8JITStubs18cti_op_to_jsnumberEPvz
+__ZN3JSC8JITStubs19cti_op_loop_if_lessEPvz
+__ZN3JSC9LabelNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC9LabelNodeD0Ev
+__ZNK3JSC7UString5asciiEv
+__ZN3JSC8JITStubs27cti_op_get_by_id_array_failEPvz
+__ZN3JSC12X86Assembler23X86InstructionFormatter9oneByteOpENS0_15OneByteOpcodeIDEiPv
+__ZN3JSC8JITStubs23cti_op_create_argumentsEPvz
+__ZN3JSCL21arrayProtoFuncUnShiftEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs25cti_op_tear_off_argumentsEPvz
+__ZN3JSC7JSArray11sortNumericEPNS_9ExecStateENS_7JSValueENS_8CallTypeERKNS_8CallDataE
+__ZN3JSC7JSArray17compactForSortingEv
+__ZN3JSCL22compareNumbersForQSortEPKvS1_
+__ZN3JSC8JITStubs15cti_op_post_incEPPv
+__ZN3JSC8JITStubs24cti_op_put_by_id_genericEPvz
+__ZN3JSCL24regExpConstructorDollar2EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar3EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar4EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar5EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar6EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL21stringProtoFuncSubstrEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23stringProtoFuncFontsizeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL24dateProtoFuncToUTCStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL19stringProtoFuncLinkEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL9dateParseEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs21cti_op_loop_if_lesseqEPPv
+__ZN3JSCL16mathProtoFuncExpEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC4Yarr17nonwordcharCreateEv
+__ZN3WTF6VectorIPN3JSC4Yarr18PatternDisjunctionELm4EE14expandCapacityEmPKS4_
+__Z15jsc_pcre_xclassiPKh
+__ZN3JSC18RegExpMatchesArray3putEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC28globalFuncDecodeURIComponentEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs27cti_op_get_by_id_array_failEPPv
+__ZNK3JSC9Arguments9classInfoEv
+__ZN3JSC9Arguments15copyToRegistersEPNS_9ExecStateEPNS_8RegisterEj
+__ZN3JSC19JSStaticScopeObject4markEv
+__ZN3JSC8JITStubs19cti_op_loop_if_lessEPPv
+__ZN3JSC8JITStubs16cti_op_del_by_idEPvz
+__ZN3JSC7JSArray14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSC7UString6appendEPKti
+__ZN3JSC8JITStubs17cti_op_push_scopeEPvz
+__ZN3JSC8JITStubs19cti_op_resolve_baseEPvz
+__ZN3JSC8JITStubs16cti_op_pop_scopeEPvz
+__ZN3JSC8JITStubs17cti_op_is_booleanEPvz
+__ZN3JSCL20arrayProtoFuncSpliceEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs17cti_op_jmp_scopesEPvz
+__ZN3JSC8JITStubs9cti_op_inEPvz
+__ZN3JSC8JITStubs15cti_op_stricteqEPvz
+__ZN3JSC8JITStubs32cti_op_get_by_id_proto_list_fullEPvz
+__ZN3WTF6VectorIiLm8EE14expandCapacityEm
+__ZN3JSCL21stringProtoFuncSearchEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs12cti_vm_throwEPvz
+__ZN3JSC8JITStubs21cti_op_push_new_scopeEPvz
+__ZN3JSC8JITStubs16cti_op_is_numberEPvz
+__ZN3JSC16JSVariableObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZNK3JSC8JSString8toObjectEPNS_9ExecStateE
+__ZN3JSC12StringObject16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3JSC9ExecState11stringTableEPS0_
+__ZN3JSC11JSImmediate8toObjectENS_7JSValueEPNS_9ExecStateE
+__ZN3JSC36constructBooleanFromImmediateBooleanEPNS_9ExecStateENS_7JSValueE
+__ZN3JSC13BooleanObjectD1Ev
+__ZN3JSCL17arrayProtoFuncMapEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7JSArrayC2EN3WTF10PassRefPtrINS_9StructureEEEj
+__ZN3JSC8JITStubs17cti_op_del_by_valEPvz
+__ZN3JSC8JITStubs27cti_op_get_by_id_proto_failEPvz
+__ZN3JSC10JSFunction12callerGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZNK3JSC11Interpreter14retrieveCallerEPNS_9ExecStateEPNS_16InternalFunctionE
+__ZN3JSC18globalFuncIsFiniteEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC6JSCell18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZNK3JSC12JSNumberCell8toObjectEPNS_9ExecStateE
+__ZN3JSC15constructNumberEPNS_9ExecStateENS_7JSValueE
+__ZN3JSC12NumberObject11getJSNumberEv
+__ZN3JSCL7dateNowEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC12NumberObjectD1Ev
+__ZN3JSC8JSObject18getPrimitiveNumberEPNS_9ExecStateERdRNS_7JSValueE
+__ZN3JSCL22numberProtoFuncValueOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC13JSNotAnObject18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC19JSStaticScopeObject18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC16InternalFunction4nameEPNS_12JSGlobalDataE
+__ZN3JSCL18arrayProtoFuncSomeEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JSString18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC12JSNumberCell11getJSNumberEv
+__ZN3JSC23createNotAFunctionErrorEPNS_9ExecStateENS_7JSValueEjPNS_9CodeBlockE
+__ZN3JSC17PrefixBracketNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC17PrefixBracketNodeD0Ev
+__ZN3JSC17RegExpConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL21callRegExpConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC7JSArray4sortEPNS_9ExecStateE
+__ZN3JSCL27dateProtoFuncSetUTCFullYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL24dateProtoFuncSetUTCHoursEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23setNewValueFromTimeArgsEPNS_9ExecStateENS_7JSValueERKNS_7ArgListEib
+__ZN3JSC8JITStubs17cti_op_switch_immEPvz
+__ZN3JSC12RegExpObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSCL24setRegExpObjectLastIndexEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueE
+__ZN3JSCL28regExpConstructorLeftContextEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC18RegExpMatchesArray14deletePropertyEPNS_9ExecStateEj
+__ZN3JSC18RegExpMatchesArray3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC10JSFunction12lengthGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZNK3JSC12NumberObject9classInfoEv
+__ZN3JSC8JITStubs12cti_op_throwEPvz
+__ZN3JSCL19isNonASCIIIdentPartEi
+__ZN3JSCL27dateProtoFuncToLocaleStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16formatLocaleDateEPNS_9ExecStateEPNS_12DateInstanceEdNS_20LocaleDateTimeFormatERKNS_7ArgListE
+__ZN3JSCL21dateProtoFuncSetHoursEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23dateProtoFuncSetMinutesEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23dateProtoFuncSetSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL28dateProtoFuncSetMilliSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC12JSNumberCell12toThisObjectEPNS_9ExecStateE
+__ZN3JSC16ErrorConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL20callErrorConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC17PrototypeFunctionC1EPNS_9ExecStateEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectES6_RKNS_7ArgListEE
+__ZN3JSC17PrototypeFunctionC2EPNS_9ExecStateEiRKNS_10IdentifierEPFNS_7JSValueES2_PNS_8JSObjectES6_RKNS_7ArgListEE
+__ZN3JSC17PrototypeFunction11getCallDataERNS_8CallDataE
+__ZN3JSC17PrototypeFunctionD1Ev
+__ZN3JSCL24booleanProtoFuncToStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC17BytecodeGenerator18emitJumpSubroutineEPNS_10RegisterIDEPNS_5LabelE
+__ZN3JSC3JIT11emit_op_jsrEPNS_11InstructionE
+__ZN3WTF6VectorIN3JSC3JIT7JSRInfoELm0EE14expandCapacityEm
+__ZN3JSC3JIT12emit_op_sretEPNS_11InstructionE
+__ZN3JSC6Parser7reparseINS_8EvalNodeEEEN3WTF10PassRefPtrIT_EEPNS_12JSGlobalDataEPS5_
+__ZN3JSC8EvalNode6createEPNS_12JSGlobalDataEPNS_14SourceElementsEPN3WTF6VectorISt4pairINS_10IdentifierEjELm0EEEPNS6_IPNS_12Func
+__ZN3JSC8EvalNode31bytecodeForExceptionInfoReparseEPNS_14ScopeChainNodeEPNS_9CodeBlockE
+__ZN3JSC20FixedVMPoolAllocator17coalesceFreeSpaceEv
+__ZN3WTF6VectorIPN3JSC13FreeListEntryELm0EE15reserveCapacityEm
+__ZN3JSCL35reverseSortFreeListEntriesByPointerEPKvS1_
+__ZN3JSC14globalFuncEvalEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL21functionProtoFuncCallEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL22functionProtoFuncApplyEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC9Arguments11fillArgListEPNS_9ExecStateERNS_20MarkedArgumentBufferE
+__ZNK3JSC7JSValue12toThisObjectEPNS_9ExecStateE
+__ZN3JSC8VoidNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC8VoidNodeD0Ev
+__ZN3JSC16InternalFunctionC2EPNS_12JSGlobalDataEN3WTF10PassRefPtrINS_9StructureEEERKNS_10IdentifierE
+__ZN3JSC20MarkedArgumentBuffer9markListsERN3WTF7HashSetIPS0_NS1_7PtrHashIS3_EENS1_10HashTraitsIS3_EEEE
+__ZN3JSC7CStringaSERKS0_
+__ZNK3JSC19JSStaticScopeObject14isDynamicScopeEv
+__ZN3JSCL33reverseSortCommonSizedAllocationsEPKvS1_
+__ZN3JSCL20arrayProtoFuncFilterEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC17NumberConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL30constructWithNumberConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC17BytecodeGenerator18emitUnexpectedLoadEPNS_10RegisterIDEb
+__ZN3JSC8JITStubs12cti_op_throwEPPv
+__ZN3JSC6JSCell9getObjectEv
+__ZN3JSCL21arrayProtoFuncReverseEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC8JSObject16isVariableObjectEv
+__ZN3JSC18EmptyStatementNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSCL27compareByStringPairForQSortEPKvS1_
+__Z22jsc_pcre_ucp_othercasej
+__ZN3JSCL35objectProtoFuncPropertyIsEnumerableEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC8JSObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
+__ZN3WTF7HashMapIjN3JSC7JSValueENS_7IntHashIjEENS_10HashTraitsIjEENS5_IS2_EEE3setERKjRKS2_
+__ZN3WTF9HashTableIjSt4pairIjN3JSC7JSValueEENS_18PairFirstExtractorIS4_EENS_7IntHashIjEENS_14PairHashTraitsINS_10HashTraitsIjEE
+__ZN3JSC12RegisterFile21releaseExcessCapacityEv
+__ZN3JSCL20isNonASCIIIdentStartEi
+__ZN3JSC17BytecodeGenerator14emitPutByIndexEPNS_10RegisterIDEjS2_
+__ZN3JSC3JIT20emit_op_put_by_indexEPNS_11InstructionE
+__ZN3JSC8JITStubs19cti_op_put_by_indexEPPv
+__ZN3JSCL25numberConstructorMaxValueEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL28numberConstructorPosInfinityEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL28numberConstructorNegInfinityEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC18BooleanConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL22callBooleanConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL17mathProtoFuncATanEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JITStubs17cti_op_jmp_scopesEPPv
+__ZNK3JSC8JSObject11hasPropertyEPNS_9ExecStateEj
+__ZN3JSCL17mathProtoFuncASinEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC11Interpreter7executeEPNS_8EvalNodeEPNS_9ExecStateEPNS_8JSObjectEPNS_14ScopeChainNodeEPNS_7JSValueE
+_JSContextGetGlobalObject
+__ZN3JSC4Heap14registerThreadEv
+__ZN3JSC6JSLockC1EPNS_9ExecStateE
+_JSStringCreateWithUTF8CString
+__ZN3WTF7Unicode18convertUTF8ToUTF16EPPKcS2_PPtS4_b
+_JSClassCreate
+__ZN13OpaqueJSClass6createEPK17JSClassDefinition
+__ZN13OpaqueJSClassC2EPK17JSClassDefinitionPS_
+__ZN3JSC7UString3Rep14createFromUTF8EPKc
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEEP19StaticFunctionEntryNS_7StrHashIS5_EENS_10HashTraitsIS5_EENSA_IS7_EEE3addERKS
+__ZN3WTF9HashTableINS_6RefPtrIN3JSC7UString3RepEEESt4pairIS5_P19StaticFunctionEntryENS_18PairFirstExtractorIS9_EENS_7StrHashIS5
+__ZN3WTF7HashMapINS_6RefPtrIN3JSC7UString3RepEEEP16StaticValueEntryNS_7StrHashIS5_EENS_10HashTraitsIS5_EENSA_IS7_EEE3addERKS5_R
+_JSClassRetain
+_JSObjectMake
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE4initEPNS_9ExecStateE
+__ZN13OpaqueJSClass9prototypeEPN3JSC9ExecStateE
+__ZN13OpaqueJSClass11contextDataEPN3JSC9ExecStateE
+__ZN3WTF9HashTableIP13OpaqueJSClassSt4pairIS2_P24OpaqueJSClassContextDataENS_18PairFirstExtractorIS6_EENS_7PtrHashIS2_EENS_14Pa
+__ZN24OpaqueJSClassContextDataC2EP13OpaqueJSClass
+__ZN3JSC7UString3Rep13createCopyingEPKti
+_JSObjectSetProperty
+__ZNK14OpaqueJSString10identifierEPN3JSC12JSGlobalDataE
+__ZN3JSC14JSGlobalObject17putWithAttributesEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueEj
+_JSStringRelease
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE20staticFunctionGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC18JSCallbackFunctionC1EPNS_9ExecStateEPFPK13OpaqueJSValuePK15OpaqueJSContextPS3_S9_mPKS5_PS5_ERKNS_10IdentifierE
+__ZN3JSC18JSCallbackFunction11getCallDataERNS_8CallDataE
+__ZN3JSC18JSCallbackFunction4callEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC6JSLock12DropAllLocksC1EPNS_9ExecStateE
+_JSObjectGetPrivate
+__ZNK3JSC16JSCallbackObjectINS_8JSObjectEE9classInfoEv
+_JSValueMakeUndefined
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE17staticValueGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN14OpaqueJSString6createERKN3JSC7UStringE
+_JSStringCreateWithCharacters
+_JSValueMakeString
+__ZNK14OpaqueJSString7ustringEv
+__ZN3JSC7UStringC1EPtib
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEED1Ev
+_JSClassRelease
+__ZL25clearReferenceToPrototypeP13OpaqueJSValue
+_JSObjectGetProperty
+_JSValueToObject
+__ZN3JSCL22dateProtoFuncGetUTCDayEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL24dateProtoFuncGetUTCMonthEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23dateProtoFuncGetUTCDateEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL27dateProtoFuncGetUTCFullYearEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC7UString8toUInt32EPb
+__ZN3JSCL24dateProtoFuncGetUTCHoursEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26dateProtoFuncGetUTCMinutesEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26dateProtoFuncGetUTCSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL7dateUTCEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC12RegExpObject11getCallDataERNS_8CallDataE
+__ZN3JSC9Arguments14deletePropertyEPNS_9ExecStateEj
+_JSValueMakeBoolean
+_JSValueToNumber
+_JSStringCreateWithCFString
+__ZN3WTF13tryFastCallocEmm
+_JSValueMakeNumber
+__ZN3JSC18JSCallbackFunctionD1Ev
+_JSValueToStringCopy
+_JSStringCopyCFString
+__ZN3JSC18ConstStatementNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC13ConstDeclNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC13ConstDeclNode14emitCodeSingleERNS_17BytecodeGeneratorE
+__ZN3JSC13ConstDeclNodeD0Ev
+__ZN3JSC18ConstStatementNodeD0Ev
+__ZN3JSC18BooleanConstructor16getConstructDataERNS_13ConstructDataE
+__ZN3JSCL31constructWithBooleanConstructorEPNS_9ExecStateEPNS_8JSObjectERKNS_7ArgListE
+__ZN3JSC16constructBooleanEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSCL31dateProtoFuncGetUTCMillisecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL28dateProtoFuncGetMilliSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL31dateProtoFuncToLocaleTimeStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL21regExpObjectLastIndexEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC21DebuggerStatementNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC21DebuggerStatementNodeD0Ev
+__ZN3JSC4Yarr12RegexPattern21newlineCharacterClassEv
+__ZN3JSC17ObjectConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL23dateProtoFuncSetUTCDateEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26stringFromCharCodeSlowCaseEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSCL21callObjectConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL27objectProtoFuncDefineGetterEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JSObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
+__ZN3JSC12GetterSetter4markEv
+__ZN3JSC12GetterSetterD1Ev
+__ZN3JSCL22regExpProtoFuncCompileEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC17NumberConstructor9classInfoEv
+__ZNK3JSC17RegExpConstructor9classInfoEv
+__ZN3JSCL31dateProtoFuncToLocaleDateStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC8JSObject14isGlobalObjectEv
+_JSValueToBoolean
+__ZN3JSC8JITStubs13cti_op_lshiftEPPv
+__ZN3JSC8JITStubs13cti_op_bitnotEPPv
+__ZN3JSC6JSCell3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC19FunctionConstructor11getCallDataERNS_8CallDataE
+__ZN3WTF9ByteArray6createEm
+__ZNK3JSC6JSCell9getStringERNS_7UStringE
+__ZN3JSC3JIT12emit_op_loopEPNS_11InstructionE
+__ZN3JSC10throwErrorEPNS_9ExecStateENS_9ErrorTypeE
+__ZN3JSC11JSByteArrayC1EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS3_9ByteArrayEPKNS_9ClassInfoE
+__ZN3JSC11JSByteArrayC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEEPNS3_9ByteArrayEPKNS_9ClassInfoE
+__ZN3JSC11JSByteArray18getOwnPropertySlotEPNS_9ExecStateERKNS_10IdentifierERNS_12PropertySlotE
+__ZN3JSC11JSByteArray3putEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC11JSByteArray3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC11JSByteArray18getOwnPropertySlotEPNS_9ExecStateEjRNS_12PropertySlotE
+__ZN3JSC8JITStubs28cti_op_get_by_val_byte_arrayEPPv
+__ZN3JSC8JITStubs28cti_op_put_by_val_byte_arrayEPPv
+__ZL30makeGetterOrSetterPropertyNodePvRKN3JSC10IdentifierES3_PNS0_13ParameterNodeEPNS0_16FunctionBodyNodeERKNS0_10SourceCodeE
+__ZN3JSC17BytecodeGenerator13emitPutGetterEPNS_10RegisterIDERKNS_10IdentifierES2_
+__ZN3JSC17BytecodeGenerator13emitPutSetterEPNS_10RegisterIDERKNS_10IdentifierES2_
+__ZN3JSC3JIT18emit_op_put_getterEPNS_11InstructionE
+__ZN3JSC3JIT18emit_op_put_setterEPNS_11InstructionE
+__ZN3JSC8JITStubs17cti_op_put_getterEPPv
+__ZN3JSC8JITStubs17cti_op_put_setterEPPv
+__ZN3JSC8JSObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPS0_
+__ZNK3JSC12GetterSetter14isGetterSetterEv
+__ZNK3JSC6JSCell14isGetterSetterEv
+__ZN3JSCL29regExpConstructorRightContextEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSC5Lexer19copyCodeWithoutBOMsEv
+__ZN3JSC13JSNotAnObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC6JSCell16getConstructDataERNS_13ConstructDataE
+__ZN3JSC26createNotAConstructorErrorEPNS_9ExecStateENS_7JSValueEjPNS_9CodeBlockE
+__ZN3JSC15isStrWhiteSpaceEt
+__ZN3JSC10throwErrorEPNS_9ExecStateENS_9ErrorTypeEPKc
+__ZNK3JSC22NativeErrorConstructor9classInfoEv
+__ZNK3JSC16JSCallbackObjectINS_8JSObjectEE9classNameEv
+__ZN3JSC4Heap11objectCountEv
+__ZNK3JSC12SmallStrings5countEv
+__ZN3JSC14JSGlobalObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectE
+__ZN3JSCL27objectProtoFuncLookupGetterEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JSObject12lookupGetterEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSCL27objectProtoFuncDefineSetterEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC14JSGlobalObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectE
+__ZN3JSC9Structure22getterSetterTransitionEPS0_
+__ZN3JSC8JSObject22fillGetterPropertySlotERNS_12PropertySlotEPNS_7JSValueE
+__ZN3JSC12PropertySlot14functionGetterEPNS_9ExecStateERKNS_10IdentifierERKS0_
+__ZN3JSCL28objectProtoFuncIsPrototypeOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC12StringObjectC2EPNS_9ExecStateEN3WTF10PassRefPtrINS_9StructureEEERKNS_7UStringE
+__ZNK3JSC7UString6is8BitEv
+__ZN3JSC8JSObject15unwrappedObjectEv
+__ZN3JSC22NativeErrorConstructor11getCallDataERNS_8CallDataE
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE11getCallDataERNS_8CallDataE
+__ZN3JSC17BytecodeGenerator21emitComplexJumpScopesEPNS_5LabelEPNS_18ControlFlowContextES4_
+__ZN3JSC23ThrowableExpressionData14emitThrowErrorERNS_17BytecodeGeneratorENS_9ErrorTypeEPKc
+__ZN3JSC17BytecodeGenerator12emitNewErrorEPNS_10RegisterIDENS_9ErrorTypeENS_7JSValueE
+__ZN3JSC3JIT17emit_op_new_errorEPNS_11InstructionE
+__ZN3JSC23MacroAssemblerX86Common8branch16ENS0_9ConditionENS_22AbstractMacroAssemblerINS_12X86AssemblerEE9BaseIndexENS4_5Imm32E
+_JSStringRetain
+__ZN3JSCL19arrayProtoFuncEveryEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL20arrayProtoFuncReduceEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL25arrayProtoFuncReduceRightEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL28arrayProtoFuncToLocaleStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL25arrayProtoFuncLastIndexOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC15AssignErrorNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC8JITStubs16cti_op_new_errorEPPv
+__ZN3JSC15AssignErrorNodeD0Ev
+__ZN3JSC17BytecodeGenerator18emitUnexpectedLoadEPNS_10RegisterIDEd
+__ZN3JSC19JSStaticScopeObject3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZN3JSC9ExecState9dateTableEPS0_
+__ZNK3JSC15RegExpPrototype9classInfoEv
+__ZN3JSC12StringObject14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+__ZN3JSCL25dateProtoFuncToDateStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL25dateProtoFuncToTimeStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL25numberConstructorNaNValueEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL31dateProtoFuncSetUTCMillisecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26dateProtoFuncSetUTCSecondsEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26dateProtoFuncSetUTCMinutesEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL24dateProtoFuncSetUTCMonthEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL23throwStackOverflowErrorEPNS_9ExecStateEPNS_12JSGlobalDataEPvRS4_
+__ZN3JSC24createStackOverflowErrorEPNS_9ExecStateE
+__ZN3JSC15DeleteValueNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC15DeleteValueNodeD0Ev
+__ZN3JSC16PostfixErrorNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC15PrefixErrorNode12emitBytecodeERNS_17BytecodeGeneratorEPNS_10RegisterIDE
+__ZN3JSC16PostfixErrorNodeD0Ev
+__ZN3JSC15PrefixErrorNodeD0Ev
+__ZN3JSC23createInvalidParamErrorEPNS_9ExecStateEPKcNS_7JSValueEjPNS_9CodeBlockE
+__ZNK3JSC15DotAccessorNode17isDotAccessorNodeEv
+__ZNK3JSC14ExpressionNode17isDotAccessorNodeEv
+__ZN3JSC13JSNotAnObject3putEPNS_9ExecStateEjNS_7JSValueE
+__ZN3JSC4Heap24setGCProtectNeedsLockingEv
+__ZN3JSCL23callFunctionConstructorEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZNK3JSC16JSCallbackObjectINS_8JSObjectEE8toStringEPNS_9ExecStateE
+__ZN3JSC8JITStubs17cti_op_instanceofEPPv
+__ZN3JSC17BytecodeGenerator35emitThrowExpressionTooDeepExceptionEv
+__ZN3JSCL25numberConstructorMinValueEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL17mathProtoFuncACosEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL18mathProtoFuncATan2EPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL16mathProtoFuncTanEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL28numberProtoFuncToExponentialEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL26numberProtoFuncToPrecisionEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL12charSequenceEci
+__ZN3JSCL29objectProtoFuncToLocaleStringEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC6JSCell14toThisJSStringEPNS_9ExecStateE
+__ZNK3JSC6JSCell12toThisStringEPNS_9ExecStateE
+__ZN3JSCL27objectProtoFuncLookupSetterEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC8JSObject12lookupSetterEPNS_9ExecStateERKNS_10IdentifierE
+__ZNK3JSC16JSVariableObject21getPropertyAttributesEPNS_9ExecStateERKNS_10IdentifierERj
+__ZN3JSC9ExecState22regExpConstructorTableEPS0_
+__ZN3JSCL24regExpConstructorDollar7EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar8EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL24regExpConstructorDollar9EPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL22regExpConstructorInputEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL25setRegExpConstructorInputEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueE
+__ZN3JSCL26regExpConstructorLastMatchEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL26regExpConstructorLastParenEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL26regExpConstructorMultilineEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL29setRegExpConstructorMultilineEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueE
+__ZN3JSC4Yarr15nondigitsCreateEv
+__ZNK3JSC19JSStaticScopeObject12toThisObjectEPNS_9ExecStateE
+__ZN3JSC12JSActivation18getArgumentsGetterEv
+__ZN3JSC12JSActivation15argumentsGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+__ZN3JSCL23booleanProtoFuncValueOfEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSCL28stringProtoFuncLocaleCompareEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3WTF8Collator11userDefaultEv
+__ZNK3WTF8Collator7collateEPKtmS2_m
+__ZNK3WTF8Collator14createCollatorEv
+__ZN3WTF8CollatorD1Ev
+__ZN3WTF8Collator15releaseCollatorEv
+__ZNK3JSC10MathObject9classInfoEv
+__ZN3JSC9ExecState9mathTableEPS0_
+__ZN3WTF6VectorIN3JSC20FunctionRegisterInfoELm0EE14expandCapacityEm
+__ZN3JSC3JIT25emit_op_profile_will_callEPNS_11InstructionE
+__ZN3JSC3JIT24emit_op_profile_did_callEPNS_11InstructionE
+__ZN3JSC8Profiler8profilerEv
+__ZN3JSC8Profiler14startProfilingEPNS_9ExecStateERKNS_7UStringE
+__ZN3JSC16ProfileGenerator6createERKNS_7UStringEPNS_9ExecStateEj
+__ZN3JSC16ProfileGeneratorC2ERKNS_7UStringEPNS_9ExecStateEj
+__ZN3JSC7Profile6createERKNS_7UStringEj
+__ZN3JSC7ProfileC2ERKNS_7UStringEj
+__ZN3JSC11ProfileNodeC1ERKNS_14CallIdentifierEPS0_S4_
+__ZN3JSC33getCurrentUTCTimeWithMicrosecondsEv
+__ZN3JSC16ProfileGenerator24addParentForConsoleStartEPNS_9ExecStateE
+__ZN3JSC8Profiler20createCallIdentifierEPNS_12JSGlobalDataENS_7JSValueERKNS_7UStringEi
+__ZN3JSC16InternalFunction21calculatedDisplayNameEPNS_12JSGlobalDataE
+__ZN3JSC11ProfileNode10insertNodeEN3WTF10PassRefPtrIS0_EE
+__ZN3WTF6VectorINS_6RefPtrIN3JSC11ProfileNodeEEELm0EE14expandCapacityEm
+__ZN3WTF6VectorINS_6RefPtrIN3JSC16ProfileGeneratorEEELm0EE14expandCapacityEm
+__ZN3JSC8JITStubs23cti_op_profile_did_callEPPv
+__ZN3JSC8Profiler10didExecuteEPNS_9ExecStateENS_7JSValueE
+__ZN3JSC16ProfileGenerator10didExecuteERKNS_14CallIdentifierE
+__ZN3JSC11ProfileNode10didExecuteEv
+__ZN3JSC8JITStubs24cti_op_profile_will_callEPPv
+__ZN3JSC8Profiler11willExecuteEPNS_9ExecStateENS_7JSValueE
+__ZN3JSC16ProfileGenerator11willExecuteERKNS_14CallIdentifierE
+__ZN3JSC11ProfileNode11willExecuteERKNS_14CallIdentifierE
+__ZN3JSC8Profiler13stopProfilingEPNS_9ExecStateERKNS_7UStringE
+__ZN3JSC16ProfileGenerator13stopProfilingEv
+__ZN3JSC7Profile7forEachEMNS_11ProfileNodeEFvvE
+__ZNK3JSC11ProfileNode25traverseNextNodePostOrderEv
+__ZN3JSC11ProfileNode13stopProfilingEv
+__ZN3JSCeqERKNS_7UStringEPKc
+__ZN3JSC11ProfileNode11removeChildEPS0_
+__ZN3JSC11ProfileNode8addChildEN3WTF10PassRefPtrIS0_EE
+_JSValueIsObjectOfClass
+_JSObjectCallAsConstructor
+__ZN3JSC9constructEPNS_9ExecStateENS_7JSValueENS_13ConstructTypeERKNS_13ConstructDataERKNS_7ArgListE
+_JSObjectCallAsFunction
+__ZN3JSC4Heap14primaryHeapEndEv
+__ZN3JSC4Heap16primaryHeapBeginEv
+__ZNK3JSC18JSCallbackFunction9classInfoEv
+__ZN3JSC8Profiler11willExecuteEPNS_9ExecStateERKNS_7UStringEi
+__ZN3JSC8Profiler10didExecuteEPNS_9ExecStateERKNS_7UStringEi
+__ZNK3JSC16ProfileGenerator5titleEv
+__ZN3JSC7ProfileD0Ev
+__ZN3WTF10RefCountedIN3JSC11ProfileNodeEE5derefEv
+__ZN3JSC4Yarr14RegexGenerator33generatePatternCharacterNonGreedyERNS1_19TermGenerationStateE
+__ZN3JSC35createInterruptedExecutionExceptionEPNS_12JSGlobalDataE
+__ZNK3JSC25InterruptedExecutionError19isWatchdogExceptionEv
+__ZN3JSC25InterruptedExecutionErrorD1Ev
+__ZN3JSC12JSGlobalData10ClientDataD2Ev
+__ZN3JSC18RegExpMatchesArray16getPropertyNamesEPNS_9ExecStateERNS_17PropertyNameArrayE
+__ZN3WTF8CollatorC1EPKc
+__ZN3WTF8Collator18setOrderLowerFirstEb
+__ZN3WTF12randomNumberEv
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE3putEPNS_9ExecStateERKNS_10IdentifierENS_7JSValueERNS_15PutPropertySlotE
+__ZNK3JSC6JSCell9getStringEv
+__ZNK3JSC12DateInstance7getTimeERdRi
+__ZN3JSC10throwErrorEPNS_9ExecStateENS_9ErrorTypeERKNS_7UStringE
+_JSGlobalContextCreate
+_JSGlobalContextCreateInGroup
+__ZN3JSC4Heap29makeUsableFromMultipleThreadsEv
+_JSGlobalContextRetain
+__ZN3JSC6JSLock6unlockEb
+_JSEvaluateScript
+__ZNK3JSC14JSGlobalObject17supportsProfilingEv
+_JSGlobalContextRelease
+__ZN3JSC14JSGlobalObjectD1Ev
+__ZN3JSC14JSGlobalObject18JSGlobalObjectDataD0Ev
+__ZN3JSC17FunctionPrototype11getCallDataERNS_8CallDataE
+__ZN3JSC15DateConstructor11getCallDataERNS_8CallDataE
+__ZN3JSCL8callDateEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE
+__ZN3JSC13JSNotAnObject4markEv
+_JSObjectIsFunction
+__ZN3JSC4Heap17globalObjectCountEv
+__ZN3JSC4Heap20protectedObjectCountEv
+__ZN3JSC4Heap25protectedObjectTypeCountsEv
+__ZN3WTF9HashTableIPKcSt4pairIS2_jENS_18PairFirstExtractorIS4_EENS_7PtrHashIS2_EENS_14PairHashTraitsINS_10HashTraitsIS2_EENSA_I
+__ZN3WTF20fastMallocStatisticsEv
+__ZNK3JSC4Heap10statisticsEv
+__ZN3WTF27releaseFastMallocFreeMemoryEv
+__ZN3JSC10JSFunction16getConstructDataERNS_13ConstructDataE
+__ZN3JSC10JSFunction9constructEPNS_9ExecStateERKNS_7ArgListE
+__ZN3JSC8Debugger6attachEPNS_14JSGlobalObjectE
+__ZN3WTF7HashSetIPN3JSC14JSGlobalObjectENS_7PtrHashIS3_EENS_10HashTraitsIS3_EEE3addERKS3_
+__ZN3WTF9HashTableIPN3JSC14JSGlobalObjectES3_NS_17IdentityExtractorIS3_EENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES9_E6rehashEi
+__ZN3JSC3JIT13emit_op_debugEPNS_11InstructionE
+__ZN3JSC8JITStubs12cti_op_debugEPPv
+__ZN3JSC11Interpreter5debugEPNS_9ExecStateENS_11DebugHookIDEii
+__ZN3JSC8Debugger6detachEPNS_14JSGlobalObjectE
+__ZN3JSC9CodeBlock33functionRegisterForBytecodeOffsetEjRi
+_JSStringIsEqualToUTF8CString
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE14callbackGetterEPNS_9ExecStateERKNS_10IdentifierERKNS_12PropertySlotE
+_JSObjectSetPrivate
+__ZN3JSC7UString3Rep11computeHashEPKci
+__ZN3JSC16JSCallbackObjectINS_8JSObjectEE14deletePropertyEPNS_9ExecStateERKNS_10IdentifierE
+_JSGarbageCollect
+__ZN3JSC4Heap6isBusyEv
+__ZN3JSCL18styleFromArgStringERKNS_7UStringEl
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
new file mode 100644
index 000000000..a6fb2f899
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
@@ -0,0 +1,276 @@
+# JavaScriptCore - Qt4 build info
+VPATH += $$PWD
+
+CONFIG(debug, debug|release) {
+    isEmpty(GENERATED_SOURCES_DIR):GENERATED_SOURCES_DIR = generated$${QMAKE_DIR_SEP}debug
+    OBJECTS_DIR = obj/debug
+} else { # Release
+    isEmpty(GENERATED_SOURCES_DIR):GENERATED_SOURCES_DIR = generated$${QMAKE_DIR_SEP}release
+    OBJECTS_DIR = obj/release
+}
+
+INCLUDEPATH = \
+    $$PWD \
+    $$PWD/.. \
+    $$PWD/assembler \
+    $$PWD/bytecode \
+    $$PWD/bytecompiler \
+    $$PWD/debugger \
+    $$PWD/interpreter \
+    $$PWD/jit \
+    $$PWD/parser \
+    $$PWD/profiler \
+    $$PWD/runtime \
+    $$PWD/wrec \
+    $$PWD/wtf \
+    $$PWD/wtf/unicode \
+    $$PWD/yarr \
+    $$PWD/API \
+    $$PWD/ForwardingHeaders \
+    $$GENERATED_SOURCES_DIR \
+    $$INCLUDEPATH
+
+DEFINES += BUILDING_QT__ BUILDING_JavaScriptCore BUILDING_WTF
+
+GENERATED_SOURCES_DIR_SLASH = $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}
+win32-* {
+    LIBS += -lwinmm
+}
+contains(JAVASCRIPTCORE_JIT,yes) {
+    DEFINES+=ENABLE_JIT=1
+    DEFINES+=ENABLE_YARR_JIT=1
+    DEFINES+=ENABLE_YARR=1
+}
+contains(JAVASCRIPTCORE_JIT,no) {
+    DEFINES+=ENABLE_JIT=0
+    DEFINES+=ENABLE_YARR_JIT=0
+    DEFINES+=ENABLE_YARR=0
+}
+
+# In debug mode JIT disabled until crash fixed
+win32-* {
+    CONFIG(debug):!contains(DEFINES, ENABLE_JIT=1): DEFINES+=ENABLE_JIT=0
+}
+
+# Rules when JIT enabled (not disabled)
+!contains(DEFINES, ENABLE_JIT=0) {
+    linux*-g++*:greaterThan(QT_GCC_MAJOR_VERSION,3):greaterThan(QT_GCC_MINOR_VERSION,0) {
+        QMAKE_CXXFLAGS += -fno-stack-protector
+        QMAKE_CFLAGS += -fno-stack-protector
+    }
+}
+
+wince* {
+    INCLUDEPATH += $$QT_SOURCE_TREE/src/3rdparty/ce-compat
+    SOURCES += $$QT_SOURCE_TREE/src/3rdparty/ce-compat/ce_time.c
+    DEFINES += WINCEBASIC
+}
+
+include(pcre/pcre.pri)
+
+LUT_FILES += \
+    runtime/DatePrototype.cpp \
+    runtime/JSONObject.cpp \
+    runtime/NumberConstructor.cpp \
+    runtime/StringPrototype.cpp \
+    runtime/ArrayPrototype.cpp \
+    runtime/MathObject.cpp \
+    runtime/RegExpConstructor.cpp \
+    runtime/RegExpObject.cpp
+
+KEYWORDLUT_FILES += \
+    parser/Keywords.table
+
+JSCBISON += \
+    parser/Grammar.y
+
+SOURCES += \
+    wtf/Assertions.cpp \
+    wtf/ByteArray.cpp \
+    wtf/HashTable.cpp \
+    wtf/MainThread.cpp \
+    wtf/RandomNumber.cpp \
+    wtf/RefCountedLeakCounter.cpp \
+    wtf/TypeTraits.cpp \
+    wtf/unicode/CollatorDefault.cpp \
+    wtf/unicode/icu/CollatorICU.cpp \
+    wtf/unicode/UTF8.cpp \
+    API/JSBase.cpp \
+    API/JSCallbackConstructor.cpp \
+    API/JSCallbackFunction.cpp \
+    API/JSCallbackObject.cpp \
+    API/JSClassRef.cpp \
+    API/JSContextRef.cpp \
+    API/JSObjectRef.cpp \
+    API/JSStringRef.cpp \
+    API/JSValueRef.cpp \
+    API/OpaqueJSString.cpp \
+    runtime/InitializeThreading.cpp \
+    runtime/JSGlobalData.cpp \
+    runtime/JSGlobalObject.cpp \
+    runtime/JSStaticScopeObject.cpp \
+    runtime/JSVariableObject.cpp \
+    runtime/JSActivation.cpp \
+    runtime/JSNotAnObject.cpp \
+    runtime/JSONObject.cpp \
+    runtime/LiteralParser.cpp \
+    runtime/MarkStack.cpp \
+    runtime/TimeoutChecker.cpp \
+    bytecode/CodeBlock.cpp \
+    bytecode/StructureStubInfo.cpp \
+    bytecode/JumpTable.cpp \
+    assembler/ARMAssembler.cpp \
+    assembler/MacroAssemblerARM.cpp \
+    jit/JIT.cpp \
+    jit/JITCall.cpp \
+    jit/JITArithmetic.cpp \
+    jit/JITOpcodes.cpp \
+    jit/JITPropertyAccess.cpp \
+    jit/ExecutableAllocator.cpp \
+    jit/JITStubs.cpp \
+    bytecompiler/BytecodeGenerator.cpp \
+    runtime/ExceptionHelpers.cpp \
+    runtime/JSPropertyNameIterator.cpp \
+    interpreter/Interpreter.cpp \
+    bytecode/Opcode.cpp \
+    bytecode/SamplingTool.cpp \
+    yarr/RegexCompiler.cpp \
+    yarr/RegexInterpreter.cpp \
+    yarr/RegexJIT.cpp \
+    interpreter/RegisterFile.cpp
+
+win32-*|wince* {
+    SOURCES += jit/ExecutableAllocatorWin.cpp \
+               runtime/MarkStackWin.cpp
+} else {
+    SOURCES += jit/ExecutableAllocatorPosix.cpp \
+               runtime/MarkStackPosix.cpp
+}
+
+!contains(DEFINES, USE_SYSTEM_MALLOC) {
+    SOURCES += wtf/TCSystemAlloc.cpp
+}
+
+# AllInOneFile.cpp helps gcc analize and optimize code
+# Other compilers may be able to do this at link time
+SOURCES += \
+    runtime/ArgList.cpp \
+    runtime/Arguments.cpp \
+    runtime/ArrayConstructor.cpp \
+    runtime/ArrayPrototype.cpp \
+    runtime/BooleanConstructor.cpp \
+    runtime/BooleanObject.cpp \
+    runtime/BooleanPrototype.cpp \
+    runtime/CallData.cpp \
+    runtime/Collector.cpp \
+    runtime/CommonIdentifiers.cpp \
+    runtime/ConstructData.cpp \
+    wtf/CurrentTime.cpp \
+    runtime/DateConstructor.cpp \
+    runtime/DateConversion.cpp \
+    runtime/DateInstance.cpp \
+    runtime/DatePrototype.cpp \
+    debugger/Debugger.cpp \
+    debugger/DebuggerCallFrame.cpp \
+    debugger/DebuggerActivation.cpp \
+    wtf/dtoa.cpp \
+    runtime/Error.cpp \
+    runtime/ErrorConstructor.cpp \
+    runtime/ErrorInstance.cpp \
+    runtime/ErrorPrototype.cpp \
+    interpreter/CallFrame.cpp \
+    runtime/Executable.cpp \
+    runtime/FunctionConstructor.cpp \
+    runtime/FunctionPrototype.cpp \
+    runtime/GetterSetter.cpp \
+    runtime/GlobalEvalFunction.cpp \
+    runtime/Identifier.cpp \
+    runtime/InternalFunction.cpp \
+    runtime/Completion.cpp \
+    runtime/JSArray.cpp \
+    runtime/JSAPIValueWrapper.cpp \
+    runtime/JSByteArray.cpp \
+    runtime/JSCell.cpp \
+    runtime/JSFunction.cpp \
+    runtime/JSGlobalObjectFunctions.cpp \
+    runtime/JSImmediate.cpp \
+    runtime/JSLock.cpp \
+    runtime/JSNumberCell.cpp \
+    runtime/JSObject.cpp \
+    runtime/JSString.cpp \
+    runtime/JSValue.cpp \
+    runtime/JSWrapperObject.cpp \
+    parser/Lexer.cpp \
+    runtime/Lookup.cpp \
+    runtime/MathObject.cpp \
+    runtime/NativeErrorConstructor.cpp \
+    runtime/NativeErrorPrototype.cpp \
+    parser/Nodes.cpp \
+    runtime/NumberConstructor.cpp \
+    runtime/NumberObject.cpp \
+    runtime/NumberPrototype.cpp \
+    runtime/ObjectConstructor.cpp \
+    runtime/ObjectPrototype.cpp \
+    runtime/Operations.cpp \
+    parser/Parser.cpp \
+    parser/ParserArena.cpp \
+    runtime/PropertyDescriptor.cpp \
+    runtime/PropertyNameArray.cpp \
+    runtime/PropertySlot.cpp \
+    runtime/PrototypeFunction.cpp \
+    runtime/RegExp.cpp \
+    runtime/RegExpConstructor.cpp \
+    runtime/RegExpObject.cpp \
+    runtime/RegExpPrototype.cpp \
+    runtime/ScopeChain.cpp \
+    runtime/SmallStrings.cpp \
+    runtime/StringConstructor.cpp \
+    runtime/StringObject.cpp \
+    runtime/StringPrototype.cpp \
+    runtime/Structure.cpp \
+    runtime/StructureChain.cpp \
+    runtime/UString.cpp \
+    profiler/HeavyProfile.cpp \
+    profiler/Profile.cpp \
+    profiler/ProfileGenerator.cpp \
+    profiler/ProfileNode.cpp \
+    profiler/Profiler.cpp \
+    profiler/TreeProfile.cpp \
+    wtf/DateMath.cpp \
+    wtf/FastMalloc.cpp \
+    wtf/Threading.cpp \
+    wtf/qt/MainThreadQt.cpp
+
+!contains(DEFINES, ENABLE_SINGLE_THREADED=1) {
+    SOURCES += wtf/qt/ThreadingQt.cpp
+} else {
+    DEFINES += ENABLE_JSC_MULTIPLE_THREADS=0
+    SOURCES += wtf/ThreadingNone.cpp
+}
+
+# GENERATOR 1-A: LUT creator
+lut.output = $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.lut.h
+lut.commands = perl $$PWD/create_hash_table ${QMAKE_FILE_NAME} -i > ${QMAKE_FILE_OUT}
+lut.depend = ${QMAKE_FILE_NAME}
+lut.input = LUT_FILES
+lut.CONFIG += no_link
+addExtraCompiler(lut)
+
+# GENERATOR 1-B: particular LUT creator (for 1 file only)
+keywordlut.output = $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}Lexer.lut.h
+keywordlut.commands = perl $$PWD/create_hash_table ${QMAKE_FILE_NAME} -i > ${QMAKE_FILE_OUT}
+keywordlut.depend = ${QMAKE_FILE_NAME}
+keywordlut.input = KEYWORDLUT_FILES
+keywordlut.CONFIG += no_link
+addExtraCompiler(keywordlut)
+
+# GENERATOR 2: bison grammar
+jscbison.output = $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.cpp
+jscbison.commands = bison -d -p jscyy ${QMAKE_FILE_NAME} -o $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.tab.c && $(MOVE) $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.tab.c ${QMAKE_FILE_OUT} && $(MOVE) $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.tab.h $${GENERATED_SOURCES_DIR}$${QMAKE_DIR_SEP}${QMAKE_FILE_BASE}.h
+jscbison.depend = ${QMAKE_FILE_NAME}
+jscbison.input = JSCBISON
+jscbison.variable_out = GENERATED_SOURCES
+jscbison.dependency_type = TYPE_C
+jscbison.CONFIG = target_predeps
+addExtraCompilerWithHeader(jscbison)
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCorePrefix.h b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCorePrefix.h
new file mode 100644
index 000000000..13b21bbbe
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCorePrefix.h
@@ -0,0 +1,35 @@
+#ifdef __cplusplus
+#define NULL __null
+#else
+#define NULL ((void *)0)
+#endif
+
+#include <ctype.h>
+#include <float.h>
+#include <locale.h>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <time.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/timeb.h>
+#include <sys/types.h>
+
+#ifdef __cplusplus
+
+#include <list>
+#include <typeinfo>
+
+#endif
+
+#ifdef __cplusplus
+#define new ("if you use new/delete make sure to include config.h at the top of the file"()) 
+#define delete ("if you use new/delete make sure to include config.h at the top of the file"()) 
+#endif
+
+/* Work around bug with C++ library that screws up Objective-C++ when exception support is disabled. */
+#undef try
+#undef catch
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/THANKS b/src/3rdparty/javascriptcore/JavaScriptCore/THANKS
new file mode 100644
index 000000000..b9a964943
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/THANKS
@@ -0,0 +1,8 @@
+
+I would like to thank the following people for their help:
+
+Richard Moore <rich@kde.org> - for filling the Math object with some life
+Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing
+                                  much code for the String and Date object.
+Marco Pinelli <pinmc@libero.it> - for his patches
+Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.cpp
new file mode 100644
index 000000000..1324586dc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.cpp
@@ -0,0 +1,393 @@
+/*
+ * Copyright (C) 2009 University of Szeged
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY UNIVERSITY OF SZEGED ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL UNIVERSITY OF SZEGED OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#include "ARMAssembler.h"
+
+namespace JSC {
+
+// Patching helpers
+
+ARMWord* ARMAssembler::getLdrImmAddress(ARMWord* insn, uint32_t* constPool)
+{
+    // Must be an ldr ..., [pc +/- imm]
+    ASSERT((*insn & 0x0f7f0000) == 0x051f0000);
+
+    if (constPool && (*insn & 0x1))
+        return reinterpret_cast<ARMWord*>(constPool + ((*insn & SDT_OFFSET_MASK) >> 1));
+
+    ARMWord addr = reinterpret_cast<ARMWord>(insn) + 2 * sizeof(ARMWord);
+    if (*insn & DT_UP)
+        return reinterpret_cast<ARMWord*>(addr + (*insn & SDT_OFFSET_MASK));
+    else
+        return reinterpret_cast<ARMWord*>(addr - (*insn & SDT_OFFSET_MASK));
+}
+
+void ARMAssembler::linkBranch(void* code, JmpSrc from, void* to, int useConstantPool)
+{
+    ARMWord* insn = reinterpret_cast<ARMWord*>(code) + (from.m_offset / sizeof(ARMWord));
+
+    if (!useConstantPool) {
+        int diff = reinterpret_cast<ARMWord*>(to) - reinterpret_cast<ARMWord*>(insn + 2);
+
+        if ((diff <= BOFFSET_MAX && diff >= BOFFSET_MIN)) {
+            *insn = B | getConditionalField(*insn) | (diff & BRANCH_MASK);
+            ExecutableAllocator::cacheFlush(insn, sizeof(ARMWord));
+            return;
+        }
+    }
+    ARMWord* addr = getLdrImmAddress(insn);
+    *addr = reinterpret_cast<ARMWord>(to);
+    ExecutableAllocator::cacheFlush(addr, sizeof(ARMWord));
+}
+
+void ARMAssembler::patchConstantPoolLoad(void* loadAddr, void* constPoolAddr)
+{
+    ARMWord *ldr = reinterpret_cast<ARMWord*>(loadAddr);
+    ARMWord diff = reinterpret_cast<ARMWord*>(constPoolAddr) - ldr;
+    ARMWord index = (*ldr & 0xfff) >> 1;
+
+    ASSERT(diff >= 1);
+    if (diff >= 2 || index > 0) {
+        diff = (diff + index - 2) * sizeof(ARMWord);
+        ASSERT(diff <= 0xfff);
+        *ldr = (*ldr & ~0xfff) | diff;
+    } else
+        *ldr = (*ldr & ~(0xfff | ARMAssembler::DT_UP)) | sizeof(ARMWord);
+}
+
+// Handle immediates
+
+ARMWord ARMAssembler::getOp2(ARMWord imm)
+{
+    int rol;
+
+    if (imm <= 0xff)
+        return OP2_IMM | imm;
+
+    if ((imm & 0xff000000) == 0) {
+        imm <<= 8;
+        rol = 8;
+    }
+    else {
+        imm = (imm << 24) | (imm >> 8);
+        rol = 0;
+    }
+
+    if ((imm & 0xff000000) == 0) {
+        imm <<= 8;
+        rol += 4;
+    }
+
+    if ((imm & 0xf0000000) == 0) {
+        imm <<= 4;
+        rol += 2;
+    }
+
+    if ((imm & 0xc0000000) == 0) {
+        imm <<= 2;
+        rol += 1;
+    }
+
+    if ((imm & 0x00ffffff) == 0)
+        return OP2_IMM | (imm >> 24) | (rol << 8);
+
+    return 0;
+}
+
+int ARMAssembler::genInt(int reg, ARMWord imm, bool positive)
+{
+    // Step1: Search a non-immediate part
+    ARMWord mask;
+    ARMWord imm1;
+    ARMWord imm2;
+    int rol;
+
+    mask = 0xff000000;
+    rol = 8;
+    while(1) {
+        if ((imm & mask) == 0) {
+            imm = (imm << rol) | (imm >> (32 - rol));
+            rol = 4 + (rol >> 1);
+            break;
+        }
+        rol += 2;
+        mask >>= 2;
+        if (mask & 0x3) {
+            // rol 8
+            imm = (imm << 8) | (imm >> 24);
+            mask = 0xff00;
+            rol = 24;
+            while (1) {
+                if ((imm & mask) == 0) {
+                    imm = (imm << rol) | (imm >> (32 - rol));
+                    rol = (rol >> 1) - 8;
+                    break;
+                }
+                rol += 2;
+                mask >>= 2;
+                if (mask & 0x3)
+                    return 0;
+            }
+            break;
+        }
+    }
+
+    ASSERT((imm & 0xff) == 0);
+
+    if ((imm & 0xff000000) == 0) {
+        imm1 = OP2_IMM | ((imm >> 16) & 0xff) | (((rol + 4) & 0xf) << 8);
+        imm2 = OP2_IMM | ((imm >> 8) & 0xff) | (((rol + 8) & 0xf) << 8);
+    } else if (imm & 0xc0000000) {
+        imm1 = OP2_IMM | ((imm >> 24) & 0xff) | ((rol & 0xf) << 8);
+        imm <<= 8;
+        rol += 4;
+
+        if ((imm & 0xff000000) == 0) {
+            imm <<= 8;
+            rol += 4;
+        }
+
+        if ((imm & 0xf0000000) == 0) {
+            imm <<= 4;
+            rol += 2;
+        }
+
+        if ((imm & 0xc0000000) == 0) {
+            imm <<= 2;
+            rol += 1;
+        }
+
+        if ((imm & 0x00ffffff) == 0)
+            imm2 = OP2_IMM | (imm >> 24) | ((rol & 0xf) << 8);
+        else
+            return 0;
+    } else {
+        if ((imm & 0xf0000000) == 0) {
+            imm <<= 4;
+            rol += 2;
+        }
+
+        if ((imm & 0xc0000000) == 0) {
+            imm <<= 2;
+            rol += 1;
+        }
+
+        imm1 = OP2_IMM | ((imm >> 24) & 0xff) | ((rol & 0xf) << 8);
+        imm <<= 8;
+        rol += 4;
+
+        if ((imm & 0xf0000000) == 0) {
+            imm <<= 4;
+            rol += 2;
+        }
+
+        if ((imm & 0xc0000000) == 0) {
+            imm <<= 2;
+            rol += 1;
+        }
+
+        if ((imm & 0x00ffffff) == 0)
+            imm2 = OP2_IMM | (imm >> 24) | ((rol & 0xf) << 8);
+        else
+            return 0;
+    }
+
+    if (positive) {
+        mov_r(reg, imm1);
+        orr_r(reg, reg, imm2);
+    } else {
+        mvn_r(reg, imm1);
+        bic_r(reg, reg, imm2);
+    }
+
+    return 1;
+}
+
+ARMWord ARMAssembler::getImm(ARMWord imm, int tmpReg, bool invert)
+{
+    ARMWord tmp;
+
+    // Do it by 1 instruction
+    tmp = getOp2(imm);
+    if (tmp)
+        return tmp;
+
+    tmp = getOp2(~imm);
+    if (tmp) {
+        if (invert)
+            return tmp | OP2_INV_IMM;
+        mvn_r(tmpReg, tmp);
+        return tmpReg;
+    }
+
+    // Do it by 2 instruction
+    if (genInt(tmpReg, imm, true))
+        return tmpReg;
+    if (genInt(tmpReg, ~imm, false))
+        return tmpReg;
+
+    ldr_imm(tmpReg, imm);
+    return tmpReg;
+}
+
+void ARMAssembler::moveImm(ARMWord imm, int dest)
+{
+    ARMWord tmp;
+
+    // Do it by 1 instruction
+    tmp = getOp2(imm);
+    if (tmp) {
+        mov_r(dest, tmp);
+        return;
+    }
+
+    tmp = getOp2(~imm);
+    if (tmp) {
+        mvn_r(dest, tmp);
+        return;
+    }
+
+    // Do it by 2 instruction
+    if (genInt(dest, imm, true))
+        return;
+    if (genInt(dest, ~imm, false))
+        return;
+
+    ldr_imm(dest, imm);
+}
+
+// Memory load/store helpers
+
+void ARMAssembler::dataTransfer32(bool isLoad, RegisterID srcDst, RegisterID base, int32_t offset)
+{
+    if (offset >= 0) {
+        if (offset <= 0xfff)
+            dtr_u(isLoad, srcDst, base, offset);
+        else if (offset <= 0xfffff) {
+            add_r(ARMRegisters::S0, base, OP2_IMM | (offset >> 12) | (10 << 8));
+            dtr_u(isLoad, srcDst, ARMRegisters::S0, offset & 0xfff);
+        } else {
+            ARMWord reg = getImm(offset, ARMRegisters::S0);
+            dtr_ur(isLoad, srcDst, base, reg);
+        }
+    } else {
+        offset = -offset;
+        if (offset <= 0xfff)
+            dtr_d(isLoad, srcDst, base, offset);
+        else if (offset <= 0xfffff) {
+            sub_r(ARMRegisters::S0, base, OP2_IMM | (offset >> 12) | (10 << 8));
+            dtr_d(isLoad, srcDst, ARMRegisters::S0, offset & 0xfff);
+        } else {
+            ARMWord reg = getImm(offset, ARMRegisters::S0);
+            dtr_dr(isLoad, srcDst, base, reg);
+        }
+    }
+}
+
+void ARMAssembler::baseIndexTransfer32(bool isLoad, RegisterID srcDst, RegisterID base, RegisterID index, int scale, int32_t offset)
+{
+    ARMWord op2;
+
+    ASSERT(scale >= 0 && scale <= 3);
+    op2 = lsl(index, scale);
+
+    if (offset >= 0 && offset <= 0xfff) {
+        add_r(ARMRegisters::S0, base, op2);
+        dtr_u(isLoad, srcDst, ARMRegisters::S0, offset);
+        return;
+    }
+    if (offset <= 0 && offset >= -0xfff) {
+        add_r(ARMRegisters::S0, base, op2);
+        dtr_d(isLoad, srcDst, ARMRegisters::S0, -offset);
+        return;
+    }
+
+    ldr_un_imm(ARMRegisters::S0, offset);
+    add_r(ARMRegisters::S0, ARMRegisters::S0, op2);
+    dtr_ur(isLoad, srcDst, base, ARMRegisters::S0);
+}
+
+void ARMAssembler::doubleTransfer(bool isLoad, FPRegisterID srcDst, RegisterID base, int32_t offset)
+{
+    if (offset & 0x3) {
+        if (offset <= 0x3ff && offset >= 0) {
+            fdtr_u(isLoad, srcDst, base, offset >> 2);
+            return;
+        }
+        if (offset <= 0x3ffff && offset >= 0) {
+            add_r(ARMRegisters::S0, base, OP2_IMM | (offset >> 10) | (11 << 8));
+            fdtr_u(isLoad, srcDst, ARMRegisters::S0, (offset >> 2) & 0xff);
+            return;
+        }
+        offset = -offset;
+
+        if (offset <= 0x3ff && offset >= 0) {
+            fdtr_d(isLoad, srcDst, base, offset >> 2);
+            return;
+        }
+        if (offset <= 0x3ffff && offset >= 0) {
+            sub_r(ARMRegisters::S0, base, OP2_IMM | (offset >> 10) | (11 << 8));
+            fdtr_d(isLoad, srcDst, ARMRegisters::S0, (offset >> 2) & 0xff);
+            return;
+        }
+        offset = -offset;
+    }
+
+    ldr_un_imm(ARMRegisters::S0, offset);
+    add_r(ARMRegisters::S0, ARMRegisters::S0, base);
+    fdtr_u(isLoad, srcDst, ARMRegisters::S0, 0);
+}
+
+void* ARMAssembler::executableCopy(ExecutablePool* allocator)
+{
+    // 64-bit alignment is required for next constant pool and JIT code as well
+    m_buffer.flushWithoutBarrier(true);
+    if (m_buffer.uncheckedSize() & 0x7)
+        bkpt(0);
+
+    char* data = reinterpret_cast<char*>(m_buffer.executableCopy(allocator));
+
+    for (Jumps::Iterator iter = m_jumps.begin(); iter != m_jumps.end(); ++iter) {
+        // The last bit is set if the constant must be placed on constant pool.
+        int pos = (*iter) & (~0x1);
+        ARMWord* ldrAddr = reinterpret_cast<ARMWord*>(data + pos);
+        ARMWord offset = *getLdrImmAddress(ldrAddr);
+        if (offset != 0xffffffff) {
+            JmpSrc jmpSrc(pos);
+            linkBranch(data, jmpSrc, data + offset, ((*iter) & 1));
+        }
+    }
+
+    return data;
+}
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.h
new file mode 100644
index 000000000..9f9a450e1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMAssembler.h
@@ -0,0 +1,769 @@
+/*
+ * Copyright (C) 2009 University of Szeged
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY UNIVERSITY OF SZEGED ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL UNIVERSITY OF SZEGED OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ARMAssembler_h
+#define ARMAssembler_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#include "AssemblerBufferWithConstantPool.h"
+#include <wtf/Assertions.h>
+namespace JSC {
+
+    typedef uint32_t ARMWord;
+
+    namespace ARMRegisters {
+        typedef enum {
+            r0 = 0,
+            r1,
+            r2,
+            r3,
+            S0 = r3,
+            r4,
+            r5,
+            r6,
+            r7,
+            r8,
+            S1 = r8,
+            r9,
+            r10,
+            r11,
+            r12,
+            r13,
+            sp = r13,
+            r14,
+            lr = r14,
+            r15,
+            pc = r15
+        } RegisterID;
+
+        typedef enum {
+            d0,
+            d1,
+            d2,
+            d3,
+            SD0 = d3
+        } FPRegisterID;
+
+    } // namespace ARMRegisters
+
+    class ARMAssembler {
+    public:
+        typedef ARMRegisters::RegisterID RegisterID;
+        typedef ARMRegisters::FPRegisterID FPRegisterID;
+        typedef AssemblerBufferWithConstantPool<2048, 4, 4, ARMAssembler> ARMBuffer;
+        typedef SegmentedVector<int, 64> Jumps;
+
+        ARMAssembler() { }
+
+        // ARM conditional constants
+        typedef enum {
+            EQ = 0x00000000, // Zero
+            NE = 0x10000000, // Non-zero
+            CS = 0x20000000,
+            CC = 0x30000000,
+            MI = 0x40000000,
+            PL = 0x50000000,
+            VS = 0x60000000,
+            VC = 0x70000000,
+            HI = 0x80000000,
+            LS = 0x90000000,
+            GE = 0xa0000000,
+            LT = 0xb0000000,
+            GT = 0xc0000000,
+            LE = 0xd0000000,
+            AL = 0xe0000000
+        } Condition;
+
+        // ARM instruction constants
+        enum {
+            AND = (0x0 << 21),
+            EOR = (0x1 << 21),
+            SUB = (0x2 << 21),
+            RSB = (0x3 << 21),
+            ADD = (0x4 << 21),
+            ADC = (0x5 << 21),
+            SBC = (0x6 << 21),
+            RSC = (0x7 << 21),
+            TST = (0x8 << 21),
+            TEQ = (0x9 << 21),
+            CMP = (0xa << 21),
+            CMN = (0xb << 21),
+            ORR = (0xc << 21),
+            MOV = (0xd << 21),
+            BIC = (0xe << 21),
+            MVN = (0xf << 21),
+            MUL = 0x00000090,
+            MULL = 0x00c00090,
+            FADDD = 0x0e300b00,
+            FSUBD = 0x0e300b40,
+            FMULD = 0x0e200b00,
+            FCMPD = 0x0eb40b40,
+            DTR = 0x05000000,
+            LDRH = 0x00100090,
+            STRH = 0x00000090,
+            STMDB = 0x09200000,
+            LDMIA = 0x08b00000,
+            FDTR = 0x0d000b00,
+            B = 0x0a000000,
+            BL = 0x0b000000,
+            FMSR = 0x0e000a10,
+            FSITOD = 0x0eb80bc0,
+            FMSTAT = 0x0ef1fa10,
+#if ARM_ARCH_VERSION >= 5
+            CLZ = 0x016f0f10,
+            BKPT = 0xe120070,
+#endif
+        };
+
+        enum {
+            OP2_IMM = (1 << 25),
+            OP2_IMMh = (1 << 22),
+            OP2_INV_IMM = (1 << 26),
+            SET_CC = (1 << 20),
+            OP2_OFSREG = (1 << 25),
+            DT_UP = (1 << 23),
+            DT_WB = (1 << 21),
+            // This flag is inlcuded in LDR and STR
+            DT_PRE = (1 << 24),
+            HDT_UH = (1 << 5),
+            DT_LOAD = (1 << 20),
+        };
+
+        // Masks of ARM instructions
+        enum {
+            BRANCH_MASK = 0x00ffffff,
+            NONARM = 0xf0000000,
+            SDT_MASK = 0x0c000000,
+            SDT_OFFSET_MASK = 0xfff,
+        };
+
+        enum {
+            BOFFSET_MIN = -0x00800000,
+            BOFFSET_MAX = 0x007fffff,
+            SDT = 0x04000000,
+        };
+
+        enum {
+            padForAlign8  = 0x00,
+            padForAlign16 = 0x0000,
+            padForAlign32 = 0xee120070,
+        };
+
+        class JmpSrc {
+            friend class ARMAssembler;
+        public:
+            JmpSrc()
+                : m_offset(-1)
+            {
+            }
+
+        private:
+            JmpSrc(int offset)
+                : m_offset(offset)
+            {
+            }
+
+            int m_offset;
+        };
+
+        class JmpDst {
+            friend class ARMAssembler;
+        public:
+            JmpDst()
+                : m_offset(-1)
+                , m_used(false)
+            {
+            }
+
+            bool isUsed() const { return m_used; }
+            void used() { m_used = true; }
+        private:
+            JmpDst(int offset)
+                : m_offset(offset)
+                , m_used(false)
+            {
+                ASSERT(m_offset == offset);
+            }
+
+            int m_offset : 31;
+            int m_used : 1;
+        };
+
+        // Instruction formating
+
+        void emitInst(ARMWord op, int rd, int rn, ARMWord op2)
+        {
+            ASSERT ( ((op2 & ~OP2_IMM) <= 0xfff) || (((op2 & ~OP2_IMMh) <= 0xfff)) );
+            m_buffer.putInt(op | RN(rn) | RD(rd) | op2);
+        }
+
+        void and_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | AND, rd, rn, op2);
+        }
+
+        void ands_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | AND | SET_CC, rd, rn, op2);
+        }
+
+        void eor_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | EOR, rd, rn, op2);
+        }
+
+        void eors_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | EOR | SET_CC, rd, rn, op2);
+        }
+
+        void sub_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | SUB, rd, rn, op2);
+        }
+
+        void subs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | SUB | SET_CC, rd, rn, op2);
+        }
+
+        void rsb_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | RSB, rd, rn, op2);
+        }
+
+        void rsbs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | RSB | SET_CC, rd, rn, op2);
+        }
+
+        void add_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ADD, rd, rn, op2);
+        }
+
+        void adds_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ADD | SET_CC, rd, rn, op2);
+        }
+
+        void adc_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ADC, rd, rn, op2);
+        }
+
+        void adcs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ADC | SET_CC, rd, rn, op2);
+        }
+
+        void sbc_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | SBC, rd, rn, op2);
+        }
+
+        void sbcs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | SBC | SET_CC, rd, rn, op2);
+        }
+
+        void rsc_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | RSC, rd, rn, op2);
+        }
+
+        void rscs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | RSC | SET_CC, rd, rn, op2);
+        }
+
+        void tst_r(int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | TST | SET_CC, 0, rn, op2);
+        }
+
+        void teq_r(int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | TEQ | SET_CC, 0, rn, op2);
+        }
+
+        void cmp_r(int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | CMP | SET_CC, 0, rn, op2);
+        }
+
+        void orr_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ORR, rd, rn, op2);
+        }
+
+        void orrs_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | ORR | SET_CC, rd, rn, op2);
+        }
+
+        void mov_r(int rd, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | MOV, rd, ARMRegisters::r0, op2);
+        }
+
+        void movs_r(int rd, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | MOV | SET_CC, rd, ARMRegisters::r0, op2);
+        }
+
+        void bic_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | BIC, rd, rn, op2);
+        }
+
+        void bics_r(int rd, int rn, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | BIC | SET_CC, rd, rn, op2);
+        }
+
+        void mvn_r(int rd, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | MVN, rd, ARMRegisters::r0, op2);
+        }
+
+        void mvns_r(int rd, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | MVN | SET_CC, rd, ARMRegisters::r0, op2);
+        }
+
+        void mul_r(int rd, int rn, int rm, Condition cc = AL)
+        {
+            m_buffer.putInt(static_cast<ARMWord>(cc) | MUL | RN(rd) | RS(rn) | RM(rm));
+        }
+
+        void muls_r(int rd, int rn, int rm, Condition cc = AL)
+        {
+            m_buffer.putInt(static_cast<ARMWord>(cc) | MUL | SET_CC | RN(rd) | RS(rn) | RM(rm));
+        }
+
+        void mull_r(int rdhi, int rdlo, int rn, int rm, Condition cc = AL)
+        {
+            m_buffer.putInt(static_cast<ARMWord>(cc) | MULL | RN(rdhi) | RD(rdlo) | RS(rn) | RM(rm));
+        }
+
+        void faddd_r(int dd, int dn, int dm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FADDD, dd, dn, dm);
+        }
+
+        void fsubd_r(int dd, int dn, int dm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FSUBD, dd, dn, dm);
+        }
+
+        void fmuld_r(int dd, int dn, int dm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FMULD, dd, dn, dm);
+        }
+
+        void fcmpd_r(int dd, int dm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FCMPD, dd, 0, dm);
+        }
+
+        void ldr_imm(int rd, ARMWord imm, Condition cc = AL)
+        {
+            m_buffer.putIntWithConstantInt(static_cast<ARMWord>(cc) | DTR | DT_LOAD | DT_UP | RN(ARMRegisters::pc) | RD(rd), imm, true);
+        }
+
+        void ldr_un_imm(int rd, ARMWord imm, Condition cc = AL)
+        {
+            m_buffer.putIntWithConstantInt(static_cast<ARMWord>(cc) | DTR | DT_LOAD | DT_UP | RN(ARMRegisters::pc) | RD(rd), imm);
+        }
+
+        void dtr_u(bool isLoad, int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | DTR | (isLoad ? DT_LOAD : 0) | DT_UP, rd, rb, op2);
+        }
+
+        void dtr_ur(bool isLoad, int rd, int rb, int rm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | DTR | (isLoad ? DT_LOAD : 0) | DT_UP | OP2_OFSREG, rd, rb, rm);
+        }
+
+        void dtr_d(bool isLoad, int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | DTR | (isLoad ? DT_LOAD : 0), rd, rb, op2);
+        }
+
+        void dtr_dr(bool isLoad, int rd, int rb, int rm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | DTR | (isLoad ? DT_LOAD : 0) | OP2_OFSREG, rd, rb, rm);
+        }
+
+        void ldrh_r(int rd, int rn, int rm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | LDRH | HDT_UH | DT_UP | DT_PRE, rd, rn, rm);
+        }
+
+        void ldrh_d(int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | LDRH | HDT_UH | DT_PRE, rd, rb, op2);
+        }
+
+        void ldrh_u(int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | LDRH | HDT_UH | DT_UP | DT_PRE, rd, rb, op2);
+        }
+
+        void strh_r(int rn, int rm, int rd, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | STRH | HDT_UH | DT_UP | DT_PRE, rd, rn, rm);
+        }
+
+        void fdtr_u(bool isLoad, int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            ASSERT(op2 <= 0xff);
+            emitInst(static_cast<ARMWord>(cc) | FDTR | DT_UP | (isLoad ? DT_LOAD : 0), rd, rb, op2);
+        }
+
+        void fdtr_d(bool isLoad, int rd, int rb, ARMWord op2, Condition cc = AL)
+        {
+            ASSERT(op2 <= 0xff);
+            emitInst(static_cast<ARMWord>(cc) | FDTR | (isLoad ? DT_LOAD : 0), rd, rb, op2);
+        }
+
+        void push_r(int reg, Condition cc = AL)
+        {
+            ASSERT(ARMWord(reg) <= 0xf);
+            m_buffer.putInt(cc | DTR | DT_WB | RN(ARMRegisters::sp) | RD(reg) | 0x4);
+        }
+
+        void pop_r(int reg, Condition cc = AL)
+        {
+            ASSERT(ARMWord(reg) <= 0xf);
+            m_buffer.putInt(cc | (DTR ^ DT_PRE) | DT_LOAD | DT_UP | RN(ARMRegisters::sp) | RD(reg) | 0x4);
+        }
+
+        inline void poke_r(int reg, Condition cc = AL)
+        {
+            dtr_d(false, ARMRegisters::sp, 0, reg, cc);
+        }
+
+        inline void peek_r(int reg, Condition cc = AL)
+        {
+            dtr_u(true, reg, ARMRegisters::sp, 0, cc);
+        }
+
+        void fmsr_r(int dd, int rn, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FMSR, rn, dd, 0);
+        }
+
+        void fsitod_r(int dd, int dm, Condition cc = AL)
+        {
+            emitInst(static_cast<ARMWord>(cc) | FSITOD, dd, 0, dm);
+        }
+
+        void fmstat(Condition cc = AL)
+        {
+            m_buffer.putInt(static_cast<ARMWord>(cc) | FMSTAT);
+        }
+
+#if ARM_ARCH_VERSION >= 5
+        void clz_r(int rd, int rm, Condition cc = AL)
+        {
+            m_buffer.putInt(static_cast<ARMWord>(cc) | CLZ | RD(rd) | RM(rm));
+        }
+#endif
+
+        void bkpt(ARMWord value)
+        {
+#if ARM_ARCH_VERSION >= 5
+            m_buffer.putInt(BKPT | ((value & 0xff0) << 4) | (value & 0xf));
+#else
+            // Cannot access to Zero memory address
+            dtr_dr(true, ARMRegisters::S0, ARMRegisters::S0, ARMRegisters::S0);
+#endif
+        }
+
+        static ARMWord lsl(int reg, ARMWord value)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(value <= 0x1f);
+            return reg | (value << 7) | 0x00;
+        }
+
+        static ARMWord lsr(int reg, ARMWord value)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(value <= 0x1f);
+            return reg | (value << 7) | 0x20;
+        }
+
+        static ARMWord asr(int reg, ARMWord value)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(value <= 0x1f);
+            return reg | (value << 7) | 0x40;
+        }
+
+        static ARMWord lsl_r(int reg, int shiftReg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(shiftReg <= ARMRegisters::pc);
+            return reg | (shiftReg << 8) | 0x10;
+        }
+
+        static ARMWord lsr_r(int reg, int shiftReg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(shiftReg <= ARMRegisters::pc);
+            return reg | (shiftReg << 8) | 0x30;
+        }
+
+        static ARMWord asr_r(int reg, int shiftReg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            ASSERT(shiftReg <= ARMRegisters::pc);
+            return reg | (shiftReg << 8) | 0x50;
+        }
+
+        // General helpers
+
+        int size()
+        {
+            return m_buffer.size();
+        }
+
+        void ensureSpace(int insnSpace, int constSpace)
+        {
+            m_buffer.ensureSpace(insnSpace, constSpace);
+        }
+
+        int sizeOfConstantPool()
+        {
+            return m_buffer.sizeOfConstantPool();
+        }
+
+        JmpDst label()
+        {
+            return JmpDst(m_buffer.size());
+        }
+
+        JmpDst align(int alignment)
+        {
+            while (!m_buffer.isAligned(alignment))
+                mov_r(ARMRegisters::r0, ARMRegisters::r0);
+
+            return label();
+        }
+
+        JmpSrc jmp(Condition cc = AL, int useConstantPool = 0)
+        {
+            ensureSpace(sizeof(ARMWord), sizeof(ARMWord));
+            int s = m_buffer.uncheckedSize();
+            ldr_un_imm(ARMRegisters::pc, 0xffffffff, cc);
+            m_jumps.append(s | (useConstantPool & 0x1));
+            return JmpSrc(s);
+        }
+
+        void* executableCopy(ExecutablePool* allocator);
+
+        // Patching helpers
+
+        static ARMWord* getLdrImmAddress(ARMWord* insn, uint32_t* constPool = 0);
+        static void linkBranch(void* code, JmpSrc from, void* to, int useConstantPool = 0);
+
+        static void patchPointerInternal(intptr_t from, void* to)
+        {
+            ARMWord* insn = reinterpret_cast<ARMWord*>(from);
+            ARMWord* addr = getLdrImmAddress(insn);
+            *addr = reinterpret_cast<ARMWord>(to);
+            ExecutableAllocator::cacheFlush(addr, sizeof(ARMWord));
+        }
+
+        static ARMWord patchConstantPoolLoad(ARMWord load, ARMWord value)
+        {
+            value = (value << 1) + 1;
+            ASSERT(!(value & ~0xfff));
+            return (load & ~0xfff) | value;
+        }
+
+        static void patchConstantPoolLoad(void* loadAddr, void* constPoolAddr);
+
+        // Patch pointers
+
+        static void linkPointer(void* code, JmpDst from, void* to)
+        {
+            patchPointerInternal(reinterpret_cast<intptr_t>(code) + from.m_offset, to);
+        }
+
+        static void repatchInt32(void* from, int32_t to)
+        {
+            patchPointerInternal(reinterpret_cast<intptr_t>(from), reinterpret_cast<void*>(to));
+        }
+
+        static void repatchPointer(void* from, void* to)
+        {
+            patchPointerInternal(reinterpret_cast<intptr_t>(from), to);
+        }
+
+        static void repatchLoadPtrToLEA(void* from)
+        {
+            // On arm, this is a patch from LDR to ADD. It is restricted conversion,
+            // from special case to special case, altough enough for its purpose
+            ARMWord* insn = reinterpret_cast<ARMWord*>(from);
+            ASSERT((*insn & 0x0ff00f00) == 0x05900000);
+
+            *insn = (*insn & 0xf00ff0ff) | 0x02800000;
+            ExecutableAllocator::cacheFlush(insn, sizeof(ARMWord));
+        }
+
+        // Linkers
+
+        void linkJump(JmpSrc from, JmpDst to)
+        {
+            ARMWord* insn = reinterpret_cast<ARMWord*>(m_buffer.data()) + (from.m_offset / sizeof(ARMWord));
+            *getLdrImmAddress(insn, m_buffer.poolAddress()) = static_cast<ARMWord>(to.m_offset);
+        }
+
+        static void linkJump(void* code, JmpSrc from, void* to)
+        {
+            linkBranch(code, from, to);
+        }
+
+        static void relinkJump(void* from, void* to)
+        {
+            patchPointerInternal(reinterpret_cast<intptr_t>(from) - sizeof(ARMWord), to);
+        }
+
+        static void linkCall(void* code, JmpSrc from, void* to)
+        {
+            linkBranch(code, from, to, true);
+        }
+
+        static void relinkCall(void* from, void* to)
+        {
+            relinkJump(from, to);
+        }
+
+        // Address operations
+
+        static void* getRelocatedAddress(void* code, JmpSrc jump)
+        {
+            return reinterpret_cast<void*>(reinterpret_cast<ARMWord*>(code) + jump.m_offset / sizeof(ARMWord) + 1);
+        }
+
+        static void* getRelocatedAddress(void* code, JmpDst label)
+        {
+            return reinterpret_cast<void*>(reinterpret_cast<ARMWord*>(code) + label.m_offset / sizeof(ARMWord));
+        }
+
+        // Address differences
+
+        static int getDifferenceBetweenLabels(JmpDst from, JmpSrc to)
+        {
+            return (to.m_offset + sizeof(ARMWord)) - from.m_offset;
+        }
+
+        static int getDifferenceBetweenLabels(JmpDst from, JmpDst to)
+        {
+            return to.m_offset - from.m_offset;
+        }
+
+        static unsigned getCallReturnOffset(JmpSrc call)
+        {
+            return call.m_offset + sizeof(ARMWord);
+        }
+
+        // Handle immediates
+
+        static ARMWord getOp2Byte(ARMWord imm)
+        {
+            ASSERT(imm <= 0xff);
+            return OP2_IMMh | (imm & 0x0f) | ((imm & 0xf0) << 4) ;
+        }
+
+        static ARMWord getOp2(ARMWord imm);
+        ARMWord getImm(ARMWord imm, int tmpReg, bool invert = false);
+        void moveImm(ARMWord imm, int dest);
+
+        // Memory load/store helpers
+
+        void dataTransfer32(bool isLoad, RegisterID srcDst, RegisterID base, int32_t offset);
+        void baseIndexTransfer32(bool isLoad, RegisterID srcDst, RegisterID base, RegisterID index, int scale, int32_t offset);
+        void doubleTransfer(bool isLoad, FPRegisterID srcDst, RegisterID base, int32_t offset);
+
+        // Constant pool hnadlers
+
+        static ARMWord placeConstantPoolBarrier(int offset)
+        {
+            offset = (offset - sizeof(ARMWord)) >> 2;
+            ASSERT((offset <= BOFFSET_MAX && offset >= BOFFSET_MIN));
+            return AL | B | (offset & BRANCH_MASK);
+        }
+
+    private:
+        ARMWord RM(int reg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            return reg;
+        }
+
+        ARMWord RS(int reg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            return reg << 8;
+        }
+
+        ARMWord RD(int reg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            return reg << 12;
+        }
+
+        ARMWord RN(int reg)
+        {
+            ASSERT(reg <= ARMRegisters::pc);
+            return reg << 16;
+        }
+
+        static ARMWord getConditionalField(ARMWord i)
+        {
+            return i & 0xf0000000;
+        }
+
+        int genInt(int reg, ARMWord imm, bool positive);
+
+        ARMBuffer m_buffer;
+        Jumps m_jumps;
+    };
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#endif // ARMAssembler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMv7Assembler.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMv7Assembler.h
new file mode 100644
index 000000000..078de4474
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/ARMv7Assembler.h
@@ -0,0 +1,1758 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ARMAssembler_h
+#define ARMAssembler_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(ARM_THUMB2)
+
+#include "AssemblerBuffer.h"
+#include <wtf/Assertions.h>
+#include <wtf/Vector.h>
+#include <stdint.h>
+
+namespace JSC {
+
+namespace ARMRegisters {
+    typedef enum {
+        r0,
+        r1,
+        r2,
+        r3,
+        r4,
+        r5,
+        r6,
+        r7, wr = r7,   // thumb work register
+        r8,
+        r9, sb = r9,   // static base
+        r10, sl = r10, // stack limit
+        r11, fp = r11, // frame pointer
+        r12, ip = r12,
+        r13, sp = r13,
+        r14, lr = r14,
+        r15, pc = r15,
+    } RegisterID;
+
+    // s0 == d0 == q0
+    // s4 == d2 == q1
+    // etc
+    typedef enum {
+        s0 = 0,
+        s1 = 1,
+        s2 = 2,
+        s3 = 3,
+        s4 = 4,
+        s5 = 5,
+        s6 = 6,
+        s7 = 7,
+        s8 = 8,
+        s9 = 9,
+        s10 = 10,
+        s11 = 11,
+        s12 = 12,
+        s13 = 13,
+        s14 = 14,
+        s15 = 15,
+        s16 = 16,
+        s17 = 17,
+        s18 = 18,
+        s19 = 19,
+        s20 = 20,
+        s21 = 21,
+        s22 = 22,
+        s23 = 23,
+        s24 = 24,
+        s25 = 25,
+        s26 = 26,
+        s27 = 27,
+        s28 = 28,
+        s29 = 29,
+        s30 = 30,
+        s31 = 31,
+        d0 = 0 << 1,
+        d1 = 1 << 1,
+        d2 = 2 << 1,
+        d3 = 3 << 1,
+        d4 = 4 << 1,
+        d5 = 5 << 1,
+        d6 = 6 << 1,
+        d7 = 7 << 1,
+        d8 = 8 << 1,
+        d9 = 9 << 1,
+        d10 = 10 << 1,
+        d11 = 11 << 1,
+        d12 = 12 << 1,
+        d13 = 13 << 1,
+        d14 = 14 << 1,
+        d15 = 15 << 1,
+        d16 = 16 << 1,
+        d17 = 17 << 1,
+        d18 = 18 << 1,
+        d19 = 19 << 1,
+        d20 = 20 << 1,
+        d21 = 21 << 1,
+        d22 = 22 << 1,
+        d23 = 23 << 1,
+        d24 = 24 << 1,
+        d25 = 25 << 1,
+        d26 = 26 << 1,
+        d27 = 27 << 1,
+        d28 = 28 << 1,
+        d29 = 29 << 1,
+        d30 = 30 << 1,
+        d31 = 31 << 1,
+        q0 = 0 << 2,
+        q1 = 1 << 2,
+        q2 = 2 << 2,
+        q3 = 3 << 2,
+        q4 = 4 << 2,
+        q5 = 5 << 2,
+        q6 = 6 << 2,
+        q7 = 7 << 2,
+        q8 = 8 << 2,
+        q9 = 9 << 2,
+        q10 = 10 << 2,
+        q11 = 11 << 2,
+        q12 = 12 << 2,
+        q13 = 13 << 2,
+        q14 = 14 << 2,
+        q15 = 15 << 2,
+        q16 = 16 << 2,
+        q17 = 17 << 2,
+        q18 = 18 << 2,
+        q19 = 19 << 2,
+        q20 = 20 << 2,
+        q21 = 21 << 2,
+        q22 = 22 << 2,
+        q23 = 23 << 2,
+        q24 = 24 << 2,
+        q25 = 25 << 2,
+        q26 = 26 << 2,
+        q27 = 27 << 2,
+        q28 = 28 << 2,
+        q29 = 29 << 2,
+        q30 = 30 << 2,
+        q31 = 31 << 2,
+    } FPRegisterID;
+}
+
+class ARMv7Assembler;
+class ARMThumbImmediate {
+    friend class ARMv7Assembler;
+
+    typedef uint8_t ThumbImmediateType;
+    static const ThumbImmediateType TypeInvalid = 0;
+    static const ThumbImmediateType TypeEncoded = 1;
+    static const ThumbImmediateType TypeUInt16 = 2;
+
+    typedef union {
+        int16_t asInt;
+        struct {
+            unsigned imm8 : 8;
+            unsigned imm3 : 3;
+            unsigned i    : 1;
+            unsigned imm4 : 4;
+        };
+        // If this is an encoded immediate, then it may describe a shift, or a pattern.
+        struct {
+            unsigned shiftValue7 : 7;
+            unsigned shiftAmount : 5;
+        };
+        struct {
+            unsigned immediate   : 8;
+            unsigned pattern     : 4;
+        };
+    } ThumbImmediateValue;
+
+    // byte0 contains least significant bit; not using an array to make client code endian agnostic.
+    typedef union {
+        int32_t asInt;
+        struct {
+            uint8_t byte0;
+            uint8_t byte1;
+            uint8_t byte2;
+            uint8_t byte3;
+        };
+    } PatternBytes;
+
+    ALWAYS_INLINE static void countLeadingZerosPartial(uint32_t& value, int32_t& zeros, const int N)
+    {
+        if (value & ~((1<<N)-1)) /* check for any of the top N bits (of 2N bits) are set */ \
+            value >>= N;         /* if any were set, lose the bottom N */ \
+        else                     /* if none of the top N bits are set, */ \
+            zeros += N;          /* then we have identified N leading zeros */
+    }
+
+    static int32_t countLeadingZeros(uint32_t value)
+    {
+        if (!value)
+            return 32;
+
+        int32_t zeros = 0;
+        countLeadingZerosPartial(value, zeros, 16);
+        countLeadingZerosPartial(value, zeros, 8);
+        countLeadingZerosPartial(value, zeros, 4);
+        countLeadingZerosPartial(value, zeros, 2);
+        countLeadingZerosPartial(value, zeros, 1);
+        return zeros;
+    }
+
+    ARMThumbImmediate()
+        : m_type(TypeInvalid)
+    {
+        m_value.asInt = 0;
+    }
+        
+    ARMThumbImmediate(ThumbImmediateType type, ThumbImmediateValue value)
+        : m_type(type)
+        , m_value(value)
+    {
+    }
+
+    ARMThumbImmediate(ThumbImmediateType type, uint16_t value)
+        : m_type(TypeUInt16)
+    {
+        m_value.asInt = value;
+    }
+
+public:
+    static ARMThumbImmediate makeEncodedImm(uint32_t value)
+    {
+        ThumbImmediateValue encoding;
+        encoding.asInt = 0;
+
+        // okay, these are easy.
+        if (value < 256) {
+            encoding.immediate = value;
+            encoding.pattern = 0;
+            return ARMThumbImmediate(TypeEncoded, encoding);
+        }
+
+        int32_t leadingZeros = countLeadingZeros(value);
+        // if there were 24 or more leading zeros, then we'd have hit the (value < 256) case.
+        ASSERT(leadingZeros < 24);
+
+        // Given a number with bit fields Z:B:C, where count(Z)+count(B)+count(C) == 32,
+        // Z are the bits known zero, B is the 8-bit immediate, C are the bits to check for
+        // zero.  count(B) == 8, so the count of bits to be checked is 24 - count(Z).
+        int32_t rightShiftAmount = 24 - leadingZeros;
+        if (value == ((value >> rightShiftAmount) << rightShiftAmount)) {
+            // Shift the value down to the low byte position.  The assign to 
+            // shiftValue7 drops the implicit top bit.
+            encoding.shiftValue7 = value >> rightShiftAmount;
+            // The endoded shift amount is the magnitude of a right rotate.
+            encoding.shiftAmount = 8 + leadingZeros;
+            return ARMThumbImmediate(TypeEncoded, encoding);
+        }
+        
+        PatternBytes bytes;
+        bytes.asInt = value;
+
+        if ((bytes.byte0 == bytes.byte1) && (bytes.byte0 == bytes.byte2) && (bytes.byte0 == bytes.byte3)) {
+            encoding.immediate = bytes.byte0;
+            encoding.pattern = 3;
+            return ARMThumbImmediate(TypeEncoded, encoding);
+        }
+
+        if ((bytes.byte0 == bytes.byte2) && !(bytes.byte1 | bytes.byte3)) {
+            encoding.immediate = bytes.byte0;
+            encoding.pattern = 1;
+            return ARMThumbImmediate(TypeEncoded, encoding);
+        }
+
+        if ((bytes.byte1 == bytes.byte3) && !(bytes.byte0 | bytes.byte2)) {
+            encoding.immediate = bytes.byte0;
+            encoding.pattern = 2;
+            return ARMThumbImmediate(TypeEncoded, encoding);
+        }
+
+        return ARMThumbImmediate();
+    }
+
+    static ARMThumbImmediate makeUInt12(int32_t value)
+    {
+        return (!(value & 0xfffff000))
+            ? ARMThumbImmediate(TypeUInt16, (uint16_t)value)
+            : ARMThumbImmediate();
+    }
+
+    static ARMThumbImmediate makeUInt12OrEncodedImm(int32_t value)
+    {
+        // If this is not a 12-bit unsigned it, try making an encoded immediate.
+        return (!(value & 0xfffff000))
+            ? ARMThumbImmediate(TypeUInt16, (uint16_t)value)
+            : makeEncodedImm(value);
+    }
+
+    // The 'make' methods, above, return a !isValid() value if the argument
+    // cannot be represented as the requested type.  This methods  is called
+    // 'get' since the argument can always be represented.
+    static ARMThumbImmediate makeUInt16(uint16_t value)
+    {
+        return ARMThumbImmediate(TypeUInt16, value);
+    }
+    
+    bool isValid()
+    {
+        return m_type != TypeInvalid;
+    }
+
+    // These methods rely on the format of encoded byte values.
+    bool isUInt3() { return !(m_value.asInt & 0xfff8); }
+    bool isUInt4() { return !(m_value.asInt & 0xfff0); }
+    bool isUInt5() { return !(m_value.asInt & 0xffe0); }
+    bool isUInt6() { return !(m_value.asInt & 0xffc0); }
+    bool isUInt7() { return !(m_value.asInt & 0xff80); }
+    bool isUInt8() { return !(m_value.asInt & 0xff00); }
+    bool isUInt9() { return (m_type == TypeUInt16) && !(m_value.asInt & 0xfe00); }
+    bool isUInt10() { return (m_type == TypeUInt16) && !(m_value.asInt & 0xfc00); }
+    bool isUInt12() { return (m_type == TypeUInt16) && !(m_value.asInt & 0xf000); }
+    bool isUInt16() { return m_type == TypeUInt16; }
+    uint8_t getUInt3() { ASSERT(isUInt3()); return m_value.asInt; }
+    uint8_t getUInt4() { ASSERT(isUInt4()); return m_value.asInt; }
+    uint8_t getUInt5() { ASSERT(isUInt5()); return m_value.asInt; }
+    uint8_t getUInt6() { ASSERT(isUInt6()); return m_value.asInt; }
+    uint8_t getUInt7() { ASSERT(isUInt7()); return m_value.asInt; }
+    uint8_t getUInt8() { ASSERT(isUInt8()); return m_value.asInt; }
+    uint8_t getUInt9() { ASSERT(isUInt9()); return m_value.asInt; }
+    uint8_t getUInt10() { ASSERT(isUInt10()); return m_value.asInt; }
+    uint16_t getUInt12() { ASSERT(isUInt12()); return m_value.asInt; }
+    uint16_t getUInt16() { ASSERT(isUInt16()); return m_value.asInt; }
+
+    bool isEncodedImm() { return m_type == TypeEncoded; }
+
+private:
+    ThumbImmediateType m_type;
+    ThumbImmediateValue m_value;
+};
+
+
+typedef enum {
+    SRType_LSL,
+    SRType_LSR,
+    SRType_ASR,
+    SRType_ROR,
+
+    SRType_RRX = SRType_ROR
+} ARMShiftType;
+
+class ARMv7Assembler;
+class ShiftTypeAndAmount {
+    friend class ARMv7Assembler;
+
+public:
+    ShiftTypeAndAmount()
+    {
+        m_u.type = (ARMShiftType)0;
+        m_u.amount = 0;
+    }
+    
+    ShiftTypeAndAmount(ARMShiftType type, unsigned amount)
+    {
+        m_u.type = type;
+        m_u.amount = amount & 31;
+    }
+    
+    unsigned lo4() { return m_u.lo4; }
+    unsigned hi4() { return m_u.hi4; }
+    
+private:
+    union {
+        struct {
+            unsigned lo4 : 4;
+            unsigned hi4 : 4;
+        };
+        struct {
+            unsigned type   : 2;
+            unsigned amount : 5;
+        };
+    } m_u;
+};
+
+
+/*
+Some features of the Thumb instruction set are deprecated in ARMv7. Deprecated features affecting 
+instructions supported by ARMv7-M are as follows: 
+• use of the PC as <Rd> or <Rm> in a 16-bit ADD (SP plus register) instruction 
+• use of the SP as <Rm> in a 16-bit ADD (SP plus register) instruction 
+• use of the SP as <Rm> in a 16-bit CMP (register) instruction 
+• use of MOV (register) instructions in which <Rd> is the SP or PC and <Rm> is also the SP or PC. 
+• use of <Rn> as the lowest-numbered register in the register list of a 16-bit STM instruction with base 
+register writeback 
+*/
+
+class ARMv7Assembler {
+public:
+    typedef ARMRegisters::RegisterID RegisterID;
+    typedef ARMRegisters::FPRegisterID FPRegisterID;
+
+    // (HS, LO, HI, LS) -> (AE, B, A, BE)
+    // (VS, VC) -> (O, NO)
+    typedef enum {
+        ConditionEQ,
+        ConditionNE,
+        ConditionHS,
+        ConditionLO,
+        ConditionMI,
+        ConditionPL,
+        ConditionVS,
+        ConditionVC,
+        ConditionHI,
+        ConditionLS,
+        ConditionGE,
+        ConditionLT,
+        ConditionGT,
+        ConditionLE,
+        ConditionAL,
+
+        ConditionCS = ConditionHS,
+        ConditionCC = ConditionLO,
+    } Condition;
+
+    class JmpSrc {
+        friend class ARMv7Assembler;
+        friend class ARMInstructionFormatter;
+    public:
+        JmpSrc()
+            : m_offset(-1)
+        {
+        }
+
+    private:
+        JmpSrc(int offset)
+            : m_offset(offset)
+        {
+        }
+
+        int m_offset;
+    };
+    
+    class JmpDst {
+        friend class ARMv7Assembler;
+        friend class ARMInstructionFormatter;
+    public:
+        JmpDst()
+            : m_offset(-1)
+            , m_used(false)
+        {
+        }
+
+        bool isUsed() const { return m_used; }
+        void used() { m_used = true; }
+    private:
+        JmpDst(int offset)
+            : m_offset(offset)
+            , m_used(false)
+        {
+            ASSERT(m_offset == offset);
+        }
+
+        int m_offset : 31;
+        int m_used : 1;
+    };
+
+private:
+
+    // ARMv7, Appx-A.6.3
+    bool BadReg(RegisterID reg)
+    {
+        return (reg == ARMRegisters::sp) || (reg == ARMRegisters::pc);
+    }
+
+    bool isSingleRegister(FPRegisterID reg)
+    {
+        // Check that the high bit isn't set (q16+), and that the low bit isn't (s1, s3, etc).
+        return !(reg & ~31);
+    }
+
+    bool isDoubleRegister(FPRegisterID reg)
+    {
+        // Check that the high bit isn't set (q16+), and that the low bit isn't (s1, s3, etc).
+        return !(reg & ~(31 << 1));
+    }
+
+    bool isQuadRegister(FPRegisterID reg)
+    {
+        return !(reg & ~(31 << 2));
+    }
+
+    uint32_t singleRegisterNum(FPRegisterID reg)
+    {
+        ASSERT(isSingleRegister(reg));
+        return reg;
+    }
+
+    uint32_t doubleRegisterNum(FPRegisterID reg)
+    {
+        ASSERT(isDoubleRegister(reg));
+        return reg >> 1;
+    }
+
+    uint32_t quadRegisterNum(FPRegisterID reg)
+    {
+        ASSERT(isQuadRegister(reg));
+        return reg >> 2;
+    }
+
+    uint32_t singleRegisterMask(FPRegisterID rd, int highBitsShift, int lowBitShift)
+    {
+        uint32_t rdNum = singleRegisterNum(rd);
+        uint32_t rdMask = (rdNum >> 1) << highBitsShift;
+        if (rdNum & 1)
+            rdMask |= 1 << lowBitShift;
+        return rdMask;
+    }
+
+    uint32_t doubleRegisterMask(FPRegisterID rd, int highBitShift, int lowBitsShift)
+    {
+        uint32_t rdNum = doubleRegisterNum(rd);
+        uint32_t rdMask = (rdNum & 0xf) << lowBitsShift;
+        if (rdNum & 16)
+            rdMask |= 1 << highBitShift;
+        return rdMask;
+    }
+
+    typedef enum {
+        OP_ADD_reg_T1       = 0x1800,
+        OP_ADD_S_reg_T1     = 0x1800,
+        OP_SUB_reg_T1       = 0x1A00,
+        OP_SUB_S_reg_T1     = 0x1A00,
+        OP_ADD_imm_T1       = 0x1C00,
+        OP_ADD_S_imm_T1     = 0x1C00,
+        OP_SUB_imm_T1       = 0x1E00,
+        OP_SUB_S_imm_T1     = 0x1E00,
+        OP_MOV_imm_T1       = 0x2000,
+        OP_CMP_imm_T1       = 0x2800,
+        OP_ADD_imm_T2       = 0x3000,
+        OP_ADD_S_imm_T2     = 0x3000,
+        OP_SUB_imm_T2       = 0x3800,
+        OP_SUB_S_imm_T2     = 0x3800,
+        OP_AND_reg_T1       = 0x4000,
+        OP_EOR_reg_T1       = 0x4040,
+        OP_TST_reg_T1       = 0x4200,
+        OP_CMP_reg_T1       = 0x4280,
+        OP_ORR_reg_T1       = 0x4300,
+        OP_MVN_reg_T1       = 0x43C0,
+        OP_ADD_reg_T2       = 0x4400,
+        OP_MOV_reg_T1       = 0x4600,
+        OP_BLX              = 0x4700,
+        OP_BX               = 0x4700,
+        OP_LDRH_reg_T1      = 0x5A00,
+        OP_STR_reg_T1       = 0x5000,
+        OP_LDR_reg_T1       = 0x5800,
+        OP_STR_imm_T1       = 0x6000,
+        OP_LDR_imm_T1       = 0x6800,
+        OP_LDRH_imm_T1      = 0x8800,
+        OP_STR_imm_T2       = 0x9000,
+        OP_LDR_imm_T2       = 0x9800,
+        OP_ADD_SP_imm_T1    = 0xA800,
+        OP_ADD_SP_imm_T2    = 0xB000,
+        OP_SUB_SP_imm_T1    = 0xB080,
+        OP_BKPT             = 0xBE00,
+        OP_IT               = 0xBF00,
+    } OpcodeID;
+
+    typedef enum {
+        OP_AND_reg_T2   = 0xEA00,
+        OP_TST_reg_T2   = 0xEA10,
+        OP_ORR_reg_T2   = 0xEA40,
+        OP_ASR_imm_T1   = 0xEA4F,
+        OP_LSL_imm_T1   = 0xEA4F,
+        OP_LSR_imm_T1   = 0xEA4F,
+        OP_ROR_imm_T1   = 0xEA4F,
+        OP_MVN_reg_T2   = 0xEA6F,
+        OP_EOR_reg_T2   = 0xEA80,
+        OP_ADD_reg_T3   = 0xEB00,
+        OP_ADD_S_reg_T3 = 0xEB10,
+        OP_SUB_reg_T2   = 0xEBA0,
+        OP_SUB_S_reg_T2 = 0xEBB0,
+        OP_CMP_reg_T2   = 0xEBB0,
+        OP_B_T4a        = 0xF000,
+        OP_AND_imm_T1   = 0xF000,
+        OP_TST_imm      = 0xF010,
+        OP_ORR_imm_T1   = 0xF040,
+        OP_MOV_imm_T2   = 0xF040,
+        OP_MVN_imm      = 0xF060,
+        OP_EOR_imm_T1   = 0xF080,
+        OP_ADD_imm_T3   = 0xF100,
+        OP_ADD_S_imm_T3 = 0xF110,
+        OP_CMN_imm      = 0xF110,
+        OP_SUB_imm_T3   = 0xF1A0,
+        OP_SUB_S_imm_T3 = 0xF1B0,
+        OP_CMP_imm_T2   = 0xF1B0,
+        OP_ADD_imm_T4   = 0xF200,
+        OP_MOV_imm_T3   = 0xF240,
+        OP_SUB_imm_T4   = 0xF2A0,
+        OP_MOVT         = 0xF2C0,
+        OP_LDRH_reg_T2  = 0xF830,
+        OP_LDRH_imm_T3  = 0xF830,
+        OP_STR_imm_T4   = 0xF840,
+        OP_STR_reg_T2   = 0xF840,
+        OP_LDR_imm_T4   = 0xF850,
+        OP_LDR_reg_T2   = 0xF850,
+        OP_LDRH_imm_T2  = 0xF8B0,
+        OP_STR_imm_T3   = 0xF8C0,
+        OP_LDR_imm_T3   = 0xF8D0,
+        OP_LSL_reg_T2   = 0xFA00,
+        OP_LSR_reg_T2   = 0xFA20,
+        OP_ASR_reg_T2   = 0xFA40,
+        OP_ROR_reg_T2   = 0xFA60,
+        OP_SMULL_T1     = 0xFB80,
+    } OpcodeID1;
+
+    typedef enum {
+        OP_B_T4b        = 0x9000,
+    } OpcodeID2;
+
+    struct FourFours {
+        FourFours(unsigned f3, unsigned f2, unsigned f1, unsigned f0)
+        {
+            m_u.f0 = f0;
+            m_u.f1 = f1;
+            m_u.f2 = f2;
+            m_u.f3 = f3;
+        }
+
+        union {
+            unsigned value;
+            struct {
+                unsigned f0 : 4;
+                unsigned f1 : 4;
+                unsigned f2 : 4;
+                unsigned f3 : 4;
+            };
+        } m_u;
+    };
+
+    class ARMInstructionFormatter;
+
+    // false means else!
+    bool ifThenElseConditionBit(Condition condition, bool isIf)
+    {
+        return isIf ? (condition & 1) : !(condition & 1);
+    }
+    uint8_t ifThenElse(Condition condition, bool inst2if, bool inst3if, bool inst4if)
+    {
+        int mask = (ifThenElseConditionBit(condition, inst2if) << 3)
+            | (ifThenElseConditionBit(condition, inst3if) << 2)
+            | (ifThenElseConditionBit(condition, inst4if) << 1)
+            | 1;
+        ASSERT((condition != ConditionAL) || (mask & (mask - 1)));
+        return (condition << 4) | mask;
+    }
+    uint8_t ifThenElse(Condition condition, bool inst2if, bool inst3if)
+    {
+        int mask = (ifThenElseConditionBit(condition, inst2if) << 3)
+            | (ifThenElseConditionBit(condition, inst3if) << 2)
+            | 2;
+        ASSERT((condition != ConditionAL) || (mask & (mask - 1)));
+        return (condition << 4) | mask;
+    }
+    uint8_t ifThenElse(Condition condition, bool inst2if)
+    {
+        int mask = (ifThenElseConditionBit(condition, inst2if) << 3)
+            | 4;
+        ASSERT((condition != ConditionAL) || (mask & (mask - 1)));
+        return (condition << 4) | mask;
+    }
+
+    uint8_t ifThenElse(Condition condition)
+    {
+        int mask = 8;
+        ASSERT((condition != ConditionAL) || (mask & (mask - 1)));
+        return (condition << 4) | mask;
+    }
+
+public:
+
+    void add(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        // Rd can only be SP if Rn is also SP.
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isValid());
+
+        if (rn == ARMRegisters::sp) {
+            if (!(rd & 8) && imm.isUInt10()) {
+                m_formatter.oneWordOp5Reg3Imm8(OP_ADD_SP_imm_T1, rd, imm.getUInt10() >> 2);
+                return;
+            } else if ((rd == ARMRegisters::sp) && imm.isUInt9()) {
+                m_formatter.oneWordOp9Imm7(OP_ADD_SP_imm_T2, imm.getUInt9() >> 2);
+                return;
+            }
+        } else if (!((rd | rn) & 8)) {
+            if (imm.isUInt3()) {
+                m_formatter.oneWordOp7Reg3Reg3Reg3(OP_ADD_imm_T1, (RegisterID)imm.getUInt3(), rn, rd);
+                return;
+            } else if ((rd == rn) && imm.isUInt8()) {
+                m_formatter.oneWordOp5Reg3Imm8(OP_ADD_imm_T2, rd, imm.getUInt8());
+                return;
+            }
+        }
+
+        if (imm.isEncodedImm())
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_ADD_imm_T3, rn, rd, imm);
+        else {
+            ASSERT(imm.isUInt12());
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_ADD_imm_T4, rn, rd, imm);
+        }
+    }
+
+    void add(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_ADD_reg_T3, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    // NOTE: In an IT block, add doesn't modify the flags register.
+    void add(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if (rd == rn)
+            m_formatter.oneWordOp8RegReg143(OP_ADD_reg_T2, rm, rd);
+        else if (rd == rm)
+            m_formatter.oneWordOp8RegReg143(OP_ADD_reg_T2, rn, rd);
+        else if (!((rd | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_ADD_reg_T1, rm, rn, rd);
+        else
+            add(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    // Not allowed in an IT (if then) block.
+    void add_S(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        // Rd can only be SP if Rn is also SP.
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isEncodedImm());
+
+        if (!((rd | rn) & 8)) {
+            if (imm.isUInt3()) {
+                m_formatter.oneWordOp7Reg3Reg3Reg3(OP_ADD_S_imm_T1, (RegisterID)imm.getUInt3(), rn, rd);
+                return;
+            } else if ((rd == rn) && imm.isUInt8()) {
+                m_formatter.oneWordOp5Reg3Imm8(OP_ADD_S_imm_T2, rd, imm.getUInt8());
+                return;
+            }
+        }
+
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_ADD_S_imm_T3, rn, rd, imm);
+    }
+
+    // Not allowed in an IT (if then) block?
+    void add_S(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_ADD_S_reg_T3, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    // Not allowed in an IT (if then) block.
+    void add_S(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if (!((rd | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_ADD_S_reg_T1, rm, rn, rd);
+        else
+            add_S(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    void ARM_and(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(imm.isEncodedImm());
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_AND_imm_T1, rn, rd, imm);
+    }
+
+    void ARM_and(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_AND_reg_T2, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void ARM_and(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if ((rd == rn) && !((rd | rm) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_AND_reg_T1, rm, rd);
+        else if ((rd == rm) && !((rd | rn) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_AND_reg_T1, rn, rd);
+        else
+            ARM_and(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    void asr(RegisterID rd, RegisterID rm, int32_t shiftAmount)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rm));
+        ShiftTypeAndAmount shift(SRType_ASR, shiftAmount);
+        m_formatter.twoWordOp16FourFours(OP_ASR_imm_T1, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void asr(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_ASR_reg_T2, rn, FourFours(0xf, rd, 0, rm));
+    }
+
+    // Only allowed in IT (if then) block if last instruction.
+    JmpSrc b()
+    {
+        m_formatter.twoWordOp16Op16(OP_B_T4a, OP_B_T4b);
+        return JmpSrc(m_formatter.size());
+    }
+    
+    // Only allowed in IT (if then) block if last instruction.
+    JmpSrc blx(RegisterID rm)
+    {
+        ASSERT(rm != ARMRegisters::pc);
+        m_formatter.oneWordOp8RegReg143(OP_BLX, rm, (RegisterID)8);
+        return JmpSrc(m_formatter.size());
+    }
+
+    // Only allowed in IT (if then) block if last instruction.
+    JmpSrc bx(RegisterID rm)
+    {
+        m_formatter.oneWordOp8RegReg143(OP_BX, rm, (RegisterID)0);
+        return JmpSrc(m_formatter.size());
+    }
+
+    void bkpt(uint8_t imm=0)
+    {
+        m_formatter.oneWordOp8Imm8(OP_BKPT, imm);
+    }
+
+    void cmn(RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isEncodedImm());
+
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_CMN_imm, rn, (RegisterID)0xf, imm);
+    }
+
+    void cmp(RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isEncodedImm());
+
+        if (!(rn & 8) && imm.isUInt8())
+            m_formatter.oneWordOp5Reg3Imm8(OP_CMP_imm_T1, rn, imm.getUInt8());
+        else
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_CMP_imm_T2, rn, (RegisterID)0xf, imm);
+    }
+
+    void cmp(RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_CMP_reg_T2, rn, FourFours(shift.hi4(), 0xf, shift.lo4(), rm));
+    }
+
+    void cmp(RegisterID rn, RegisterID rm)
+    {
+        if ((rn | rm) & 8)
+            cmp(rn, rm, ShiftTypeAndAmount());
+        else
+            m_formatter.oneWordOp10Reg3Reg3(OP_CMP_reg_T1, rm, rn);
+    }
+
+    // xor is not spelled with an 'e'. :-(
+    void eor(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(imm.isEncodedImm());
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_EOR_imm_T1, rn, rd, imm);
+    }
+
+    // xor is not spelled with an 'e'. :-(
+    void eor(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_EOR_reg_T2, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    // xor is not spelled with an 'e'. :-(
+    void eor(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if ((rd == rn) && !((rd | rm) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_EOR_reg_T1, rm, rd);
+        else if ((rd == rm) && !((rd | rn) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_EOR_reg_T1, rn, rd);
+        else
+            eor(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    void it(Condition cond)
+    {
+        m_formatter.oneWordOp8Imm8(OP_IT, ifThenElse(cond));
+    }
+
+    void it(Condition cond, bool inst2if)
+    {
+        m_formatter.oneWordOp8Imm8(OP_IT, ifThenElse(cond, inst2if));
+    }
+
+    void it(Condition cond, bool inst2if, bool inst3if)
+    {
+        m_formatter.oneWordOp8Imm8(OP_IT, ifThenElse(cond, inst2if, inst3if));
+    }
+
+    void it(Condition cond, bool inst2if, bool inst3if, bool inst4if)
+    {
+        m_formatter.oneWordOp8Imm8(OP_IT, ifThenElse(cond, inst2if, inst3if, inst4if));
+    }
+
+    // rt == ARMRegisters::pc only allowed if last instruction in IT (if then) block.
+    void ldr(RegisterID rt, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(rn != ARMRegisters::pc); // LDR (literal)
+        ASSERT(imm.isUInt12());
+
+        if (!((rt | rn) & 8) && imm.isUInt7())
+            m_formatter.oneWordOp5Imm5Reg3Reg3(OP_LDR_imm_T1, imm.getUInt7() >> 2, rn, rt);
+        else if ((rn == ARMRegisters::sp) && !(rt & 8) && imm.isUInt10())
+            m_formatter.oneWordOp5Reg3Imm8(OP_LDR_imm_T2, rt, imm.getUInt10() >> 2);
+        else
+            m_formatter.twoWordOp12Reg4Reg4Imm12(OP_LDR_imm_T3, rn, rt, imm.getUInt12());
+    }
+
+    // If index is set, this is a regular offset or a pre-indexed load;
+    // if index is not set then is is a post-index load.
+    //
+    // If wback is set rn is updated - this is a pre or post index load,
+    // if wback is not set this is a regular offset memory access.
+    //
+    // (-255 <= offset <= 255)
+    // _reg = REG[rn]
+    // _tmp = _reg + offset
+    // MEM[index ? _tmp : _reg] = REG[rt]
+    // if (wback) REG[rn] = _tmp
+    void ldr(RegisterID rt, RegisterID rn, int offset, bool index, bool wback)
+    {
+        ASSERT(rt != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(index || wback);
+        ASSERT(!wback | (rt != rn));
+    
+        bool add = true;
+        if (offset < 0) {
+            add = false;
+            offset = -offset;
+        }
+        ASSERT((offset & ~0xff) == 0);
+        
+        offset |= (wback << 8);
+        offset |= (add   << 9);
+        offset |= (index << 10);
+        offset |= (1 << 11);
+        
+        m_formatter.twoWordOp12Reg4Reg4Imm12(OP_LDR_imm_T4, rn, rt, offset);
+    }
+
+    // rt == ARMRegisters::pc only allowed if last instruction in IT (if then) block.
+    void ldr(RegisterID rt, RegisterID rn, RegisterID rm, unsigned shift=0)
+    {
+        ASSERT(rn != ARMRegisters::pc); // LDR (literal)
+        ASSERT(!BadReg(rm));
+        ASSERT(shift <= 3);
+
+        if (!shift && !((rt | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_LDR_reg_T1, rm, rn, rt);
+        else
+            m_formatter.twoWordOp12Reg4FourFours(OP_LDR_reg_T2, rn, FourFours(rt, 0, shift, rm));
+    }
+
+    // rt == ARMRegisters::pc only allowed if last instruction in IT (if then) block.
+    void ldrh(RegisterID rt, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(rn != ARMRegisters::pc); // LDR (literal)
+        ASSERT(imm.isUInt12());
+
+        if (!((rt | rn) & 8) && imm.isUInt6())
+            m_formatter.oneWordOp5Imm5Reg3Reg3(OP_LDRH_imm_T1, imm.getUInt6() >> 2, rn, rt);
+        else
+            m_formatter.twoWordOp12Reg4Reg4Imm12(OP_LDRH_imm_T2, rn, rt, imm.getUInt12());
+    }
+
+    // If index is set, this is a regular offset or a pre-indexed load;
+    // if index is not set then is is a post-index load.
+    //
+    // If wback is set rn is updated - this is a pre or post index load,
+    // if wback is not set this is a regular offset memory access.
+    //
+    // (-255 <= offset <= 255)
+    // _reg = REG[rn]
+    // _tmp = _reg + offset
+    // MEM[index ? _tmp : _reg] = REG[rt]
+    // if (wback) REG[rn] = _tmp
+    void ldrh(RegisterID rt, RegisterID rn, int offset, bool index, bool wback)
+    {
+        ASSERT(rt != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(index || wback);
+        ASSERT(!wback | (rt != rn));
+    
+        bool add = true;
+        if (offset < 0) {
+            add = false;
+            offset = -offset;
+        }
+        ASSERT((offset & ~0xff) == 0);
+        
+        offset |= (wback << 8);
+        offset |= (add   << 9);
+        offset |= (index << 10);
+        offset |= (1 << 11);
+        
+        m_formatter.twoWordOp12Reg4Reg4Imm12(OP_LDRH_imm_T3, rn, rt, offset);
+    }
+
+    void ldrh(RegisterID rt, RegisterID rn, RegisterID rm, unsigned shift=0)
+    {
+        ASSERT(!BadReg(rt));   // Memory hint
+        ASSERT(rn != ARMRegisters::pc); // LDRH (literal)
+        ASSERT(!BadReg(rm));
+        ASSERT(shift <= 3);
+
+        if (!shift && !((rt | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_LDRH_reg_T1, rm, rn, rt);
+        else
+            m_formatter.twoWordOp12Reg4FourFours(OP_LDRH_reg_T2, rn, FourFours(rt, 0, shift, rm));
+    }
+
+    void lsl(RegisterID rd, RegisterID rm, int32_t shiftAmount)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rm));
+        ShiftTypeAndAmount shift(SRType_LSL, shiftAmount);
+        m_formatter.twoWordOp16FourFours(OP_LSL_imm_T1, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void lsl(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_LSL_reg_T2, rn, FourFours(0xf, rd, 0, rm));
+    }
+
+    void lsr(RegisterID rd, RegisterID rm, int32_t shiftAmount)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rm));
+        ShiftTypeAndAmount shift(SRType_LSR, shiftAmount);
+        m_formatter.twoWordOp16FourFours(OP_LSR_imm_T1, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void lsr(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_LSR_reg_T2, rn, FourFours(0xf, rd, 0, rm));
+    }
+
+    void movT3(RegisterID rd, ARMThumbImmediate imm)
+    {
+        ASSERT(imm.isValid());
+        ASSERT(!imm.isEncodedImm());
+        ASSERT(!BadReg(rd));
+        
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MOV_imm_T3, imm.m_value.imm4, rd, imm);
+    }
+
+     void mov(RegisterID rd, ARMThumbImmediate imm)
+    {
+        ASSERT(imm.isValid());
+        ASSERT(!BadReg(rd));
+        
+        if ((rd < 8) && imm.isUInt8())
+            m_formatter.oneWordOp5Reg3Imm8(OP_MOV_imm_T1, rd, imm.getUInt8());
+        else if (imm.isEncodedImm())
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MOV_imm_T2, 0xf, rd, imm);
+        else
+            movT3(rd, imm);
+    }
+
+   void mov(RegisterID rd, RegisterID rm)
+    {
+        m_formatter.oneWordOp8RegReg143(OP_MOV_reg_T1, rm, rd);
+    }
+
+    void movt(RegisterID rd, ARMThumbImmediate imm)
+    {
+        ASSERT(imm.isUInt16());
+        ASSERT(!BadReg(rd));
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MOVT, imm.m_value.imm4, rd, imm);
+    }
+
+    void mvn(RegisterID rd, ARMThumbImmediate imm)
+    {
+        ASSERT(imm.isEncodedImm());
+        ASSERT(!BadReg(rd));
+        
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MVN_imm, 0xf, rd, imm);
+    }
+
+    void mvn(RegisterID rd, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp16FourFours(OP_MVN_reg_T2, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void mvn(RegisterID rd, RegisterID rm)
+    {
+        if (!((rd | rm) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_MVN_reg_T1, rm, rd);
+        else
+            mvn(rd, rm, ShiftTypeAndAmount());
+    }
+
+    void orr(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(imm.isEncodedImm());
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_ORR_imm_T1, rn, rd, imm);
+    }
+
+    void orr(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_ORR_reg_T2, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void orr(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if ((rd == rn) && !((rd | rm) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_ORR_reg_T1, rm, rd);
+        else if ((rd == rm) && !((rd | rn) & 8))
+            m_formatter.oneWordOp10Reg3Reg3(OP_ORR_reg_T1, rn, rd);
+        else
+            orr(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    void ror(RegisterID rd, RegisterID rm, int32_t shiftAmount)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rm));
+        ShiftTypeAndAmount shift(SRType_ROR, shiftAmount);
+        m_formatter.twoWordOp16FourFours(OP_ROR_imm_T1, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    void ror(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        ASSERT(!BadReg(rd));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_ROR_reg_T2, rn, FourFours(0xf, rd, 0, rm));
+    }
+
+    void smull(RegisterID rdLo, RegisterID rdHi, RegisterID rn, RegisterID rm)
+    {
+        ASSERT(!BadReg(rdLo));
+        ASSERT(!BadReg(rdHi));
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        ASSERT(rdLo != rdHi);
+        m_formatter.twoWordOp12Reg4FourFours(OP_SMULL_T1, rn, FourFours(rdLo, rdHi, 0, rm));
+    }
+
+    // rt == ARMRegisters::pc only allowed if last instruction in IT (if then) block.
+    void str(RegisterID rt, RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(rt != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isUInt12());
+
+        if (!((rt | rn) & 8) && imm.isUInt7())
+            m_formatter.oneWordOp5Imm5Reg3Reg3(OP_STR_imm_T1, imm.getUInt7() >> 2, rn, rt);
+        else if ((rn == ARMRegisters::sp) && !(rt & 8) && imm.isUInt10())
+            m_formatter.oneWordOp5Reg3Imm8(OP_STR_imm_T2, rt, imm.getUInt10() >> 2);
+        else
+            m_formatter.twoWordOp12Reg4Reg4Imm12(OP_STR_imm_T3, rn, rt, imm.getUInt12());
+    }
+
+    // If index is set, this is a regular offset or a pre-indexed store;
+    // if index is not set then is is a post-index store.
+    //
+    // If wback is set rn is updated - this is a pre or post index store,
+    // if wback is not set this is a regular offset memory access.
+    //
+    // (-255 <= offset <= 255)
+    // _reg = REG[rn]
+    // _tmp = _reg + offset
+    // MEM[index ? _tmp : _reg] = REG[rt]
+    // if (wback) REG[rn] = _tmp
+    void str(RegisterID rt, RegisterID rn, int offset, bool index, bool wback)
+    {
+        ASSERT(rt != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(index || wback);
+        ASSERT(!wback | (rt != rn));
+    
+        bool add = true;
+        if (offset < 0) {
+            add = false;
+            offset = -offset;
+        }
+        ASSERT((offset & ~0xff) == 0);
+        
+        offset |= (wback << 8);
+        offset |= (add   << 9);
+        offset |= (index << 10);
+        offset |= (1 << 11);
+        
+        m_formatter.twoWordOp12Reg4Reg4Imm12(OP_STR_imm_T4, rn, rt, offset);
+    }
+
+    // rt == ARMRegisters::pc only allowed if last instruction in IT (if then) block.
+    void str(RegisterID rt, RegisterID rn, RegisterID rm, unsigned shift=0)
+    {
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        ASSERT(shift <= 3);
+
+        if (!shift && !((rt | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_STR_reg_T1, rm, rn, rt);
+        else
+            m_formatter.twoWordOp12Reg4FourFours(OP_STR_reg_T2, rn, FourFours(rt, 0, shift, rm));
+    }
+
+    void sub(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        // Rd can only be SP if Rn is also SP.
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isValid());
+
+        if ((rn == ARMRegisters::sp) && (rd == ARMRegisters::sp) && imm.isUInt9()) {
+            m_formatter.oneWordOp9Imm7(OP_SUB_SP_imm_T1, imm.getUInt9() >> 2);
+            return;
+        } else if (!((rd | rn) & 8)) {
+            if (imm.isUInt3()) {
+                m_formatter.oneWordOp7Reg3Reg3Reg3(OP_SUB_imm_T1, (RegisterID)imm.getUInt3(), rn, rd);
+                return;
+            } else if ((rd == rn) && imm.isUInt8()) {
+                m_formatter.oneWordOp5Reg3Imm8(OP_SUB_imm_T2, rd, imm.getUInt8());
+                return;
+            }
+        }
+
+        if (imm.isEncodedImm())
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_SUB_imm_T3, rn, rd, imm);
+        else {
+            ASSERT(imm.isUInt12());
+            m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_SUB_imm_T4, rn, rd, imm);
+        }
+    }
+
+    void sub(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_SUB_reg_T2, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    // NOTE: In an IT block, add doesn't modify the flags register.
+    void sub(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if (!((rd | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_SUB_reg_T1, rm, rn, rd);
+        else
+            sub(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    // Not allowed in an IT (if then) block.
+    void sub_S(RegisterID rd, RegisterID rn, ARMThumbImmediate imm)
+    {
+        // Rd can only be SP if Rn is also SP.
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(imm.isValid());
+
+        if ((rn == ARMRegisters::sp) && (rd == ARMRegisters::sp) && imm.isUInt9()) {
+            m_formatter.oneWordOp9Imm7(OP_SUB_SP_imm_T1, imm.getUInt9() >> 2);
+            return;
+        } else if (!((rd | rn) & 8)) {
+            if (imm.isUInt3()) {
+                m_formatter.oneWordOp7Reg3Reg3Reg3(OP_SUB_S_imm_T1, (RegisterID)imm.getUInt3(), rn, rd);
+                return;
+            } else if ((rd == rn) && imm.isUInt8()) {
+                m_formatter.oneWordOp5Reg3Imm8(OP_SUB_S_imm_T2, rd, imm.getUInt8());
+                return;
+            }
+        }
+
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_SUB_S_imm_T3, rn, rd, imm);
+    }
+
+    // Not allowed in an IT (if then) block?
+    void sub_S(RegisterID rd, RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT((rd != ARMRegisters::sp) || (rn == ARMRegisters::sp));
+        ASSERT(rd != ARMRegisters::pc);
+        ASSERT(rn != ARMRegisters::pc);
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_SUB_S_reg_T2, rn, FourFours(shift.hi4(), rd, shift.lo4(), rm));
+    }
+
+    // Not allowed in an IT (if then) block.
+    void sub_S(RegisterID rd, RegisterID rn, RegisterID rm)
+    {
+        if (!((rd | rn | rm) & 8))
+            m_formatter.oneWordOp7Reg3Reg3Reg3(OP_SUB_S_reg_T1, rm, rn, rd);
+        else
+            sub_S(rd, rn, rm, ShiftTypeAndAmount());
+    }
+
+    void tst(RegisterID rn, ARMThumbImmediate imm)
+    {
+        ASSERT(!BadReg(rn));
+        ASSERT(imm.isEncodedImm());
+
+        m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_TST_imm, rn, (RegisterID)0xf, imm);
+    }
+
+    void tst(RegisterID rn, RegisterID rm, ShiftTypeAndAmount shift)
+    {
+        ASSERT(!BadReg(rn));
+        ASSERT(!BadReg(rm));
+        m_formatter.twoWordOp12Reg4FourFours(OP_TST_reg_T2, rn, FourFours(shift.hi4(), 0xf, shift.lo4(), rm));
+    }
+
+    void tst(RegisterID rn, RegisterID rm)
+    {
+        if ((rn | rm) & 8)
+            tst(rn, rm, ShiftTypeAndAmount());
+        else
+            m_formatter.oneWordOp10Reg3Reg3(OP_TST_reg_T1, rm, rn);
+    }
+
+    void vadd_F64(FPRegisterID rd, FPRegisterID rn, FPRegisterID rm)
+    {
+        m_formatter.vfpOp(0x0b00ee30 | doubleRegisterMask(rd, 6, 28) | doubleRegisterMask(rn, 23, 0) | doubleRegisterMask(rm, 21, 16));
+    }
+
+    void vcmp_F64(FPRegisterID rd, FPRegisterID rm)
+    {
+        m_formatter.vfpOp(0x0bc0eeb4 | doubleRegisterMask(rd, 6, 28) | doubleRegisterMask(rm, 21, 16));
+    }
+
+    void vcvt_F64_S32(FPRegisterID fd, FPRegisterID sm)
+    {
+        m_formatter.vfpOp(0x0bc0eeb8 | doubleRegisterMask(fd, 6, 28) | singleRegisterMask(sm, 16, 21));
+    }
+
+    void vcvt_S32_F64(FPRegisterID sd, FPRegisterID fm)
+    {
+        m_formatter.vfpOp(0x0bc0eebd | singleRegisterMask(sd, 28, 6) | doubleRegisterMask(fm, 21, 16));
+    }
+
+    void vldr(FPRegisterID rd, RegisterID rn, int32_t imm)
+    {
+        vmem(rd, rn, imm, true);
+    }
+
+    void vmov(RegisterID rd, FPRegisterID sn)
+    {
+        m_formatter.vfpOp(0x0a10ee10 | (rd << 28) | singleRegisterMask(sn, 0, 23));
+    }
+
+    void vmov(FPRegisterID sn, RegisterID rd)
+    {
+        m_formatter.vfpOp(0x0a10ee00 | (rd << 28) | singleRegisterMask(sn, 0, 23));
+    }
+
+    // move FPSCR flags to APSR.
+    void vmrs_APSR_nzcv_FPSCR()
+    {
+        m_formatter.vfpOp(0xfa10eef1);
+    }
+
+    void vmul_F64(FPRegisterID rd, FPRegisterID rn, FPRegisterID rm)
+    {
+        m_formatter.vfpOp(0x0b00ee20 | doubleRegisterMask(rd, 6, 28) | doubleRegisterMask(rn, 23, 0) | doubleRegisterMask(rm, 21, 16));
+    }
+
+    void vstr(FPRegisterID rd, RegisterID rn, int32_t imm)
+    {
+        vmem(rd, rn, imm, false);
+    }
+
+    void vsub_F64(FPRegisterID rd, FPRegisterID rn, FPRegisterID rm)
+    {
+        m_formatter.vfpOp(0x0b40ee30 | doubleRegisterMask(rd, 6, 28) | doubleRegisterMask(rn, 23, 0) | doubleRegisterMask(rm, 21, 16));
+    }
+
+
+    JmpDst label()
+    {
+        return JmpDst(m_formatter.size());
+    }
+    
+    JmpDst align(int alignment)
+    {
+        while (!m_formatter.isAligned(alignment))
+            bkpt();
+
+        return label();
+    }
+    
+    static void* getRelocatedAddress(void* code, JmpSrc jump)
+    {
+        ASSERT(jump.m_offset != -1);
+
+        return reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(code) + jump.m_offset);
+    }
+    
+    static void* getRelocatedAddress(void* code, JmpDst destination)
+    {
+        ASSERT(destination.m_offset != -1);
+
+        return reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(code) + destination.m_offset);
+    }
+    
+    static int getDifferenceBetweenLabels(JmpDst src, JmpDst dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    static int getDifferenceBetweenLabels(JmpDst src, JmpSrc dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    static int getDifferenceBetweenLabels(JmpSrc src, JmpDst dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    // Assembler admin methods:
+
+    size_t size() const
+    {
+        return m_formatter.size();
+    }
+
+    void* executableCopy(ExecutablePool* allocator)
+    {
+        void* copy = m_formatter.executableCopy(allocator);
+        ASSERT(copy);
+        return copy;
+    }
+
+    static unsigned getCallReturnOffset(JmpSrc call)
+    {
+        ASSERT(call.m_offset >= 0);
+        return call.m_offset;
+    }
+
+    // Linking & patching:
+    //
+    // 'link' and 'patch' methods are for use on unprotected code - such as the code
+    // within the AssemblerBuffer, and code being patched by the patch buffer.  Once
+    // code has been finalized it is (platform support permitting) within a non-
+    // writable region of memory; to modify the code in an execute-only execuable
+    // pool the 'repatch' and 'relink' methods should be used.
+
+    void linkJump(JmpSrc from, JmpDst to)
+    {
+        ASSERT(to.m_offset != -1);
+        ASSERT(from.m_offset != -1);
+
+        uint16_t* location = reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(m_formatter.data()) + from.m_offset);
+        intptr_t relative = to.m_offset - from.m_offset;
+
+        linkWithOffset(location, relative);
+    }
+
+    static void linkJump(void* code, JmpSrc from, void* to)
+    {
+        ASSERT(from.m_offset != -1);
+        
+        uint16_t* location = reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(code) + from.m_offset);
+        intptr_t relative = reinterpret_cast<intptr_t>(to) - reinterpret_cast<intptr_t>(location);
+
+        linkWithOffset(location, relative);
+    }
+
+    // bah, this mathod should really be static, since it is used by the LinkBuffer.
+    // return a bool saying whether the link was successful?
+    static void linkCall(void* code, JmpSrc from, void* to)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(code) & 1));
+        ASSERT(from.m_offset != -1);
+        ASSERT(reinterpret_cast<intptr_t>(to) & 1);
+
+        setPointer(reinterpret_cast<uint16_t*>(reinterpret_cast<intptr_t>(code) + from.m_offset) - 1, to);
+    }
+
+    static void linkPointer(void* code, JmpDst where, void* value)
+    {
+        setPointer(reinterpret_cast<char*>(code) + where.m_offset, value);
+    }
+
+    static void relinkJump(void* from, void* to)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(from) & 1));
+        ASSERT(!(reinterpret_cast<intptr_t>(to) & 1));
+
+        intptr_t relative = reinterpret_cast<intptr_t>(to) - reinterpret_cast<intptr_t>(from);
+        linkWithOffset(reinterpret_cast<uint16_t*>(from), relative);
+
+        ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(from) - 2, 2 * sizeof(uint16_t));
+    }
+    
+    static void relinkCall(void* from, void* to)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(from) & 1));
+        ASSERT(reinterpret_cast<intptr_t>(to) & 1);
+
+        setPointer(reinterpret_cast<uint16_t*>(from) - 1, to);
+
+        ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(from) - 5, 4 * sizeof(uint16_t));
+    }
+
+    static void repatchInt32(void* where, int32_t value)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(where) & 1));
+        
+        setInt32(where, value);
+
+        ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(where) - 4, 4 * sizeof(uint16_t));
+    }
+
+    static void repatchPointer(void* where, void* value)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(where) & 1));
+        
+        setPointer(where, value);
+
+        ExecutableAllocator::cacheFlush(reinterpret_cast<uint16_t*>(where) - 4, 4 * sizeof(uint16_t));
+    }
+
+    static void repatchLoadPtrToLEA(void* where)
+    {
+        ASSERT(!(reinterpret_cast<intptr_t>(where) & 1));
+
+        uint16_t* loadOp = reinterpret_cast<uint16_t*>(where) + 4;
+        ASSERT((*loadOp & 0xfff0) == OP_LDR_reg_T2);
+
+        *loadOp = OP_ADD_reg_T3 | (*loadOp & 0xf);
+        ExecutableAllocator::cacheFlush(loadOp, sizeof(uint16_t));
+    }
+
+private:
+
+    // Arm vfp addresses can be offset by a 9-bit ones-comp immediate, left shifted by 2.
+    // (i.e. +/-(0..255) 32-bit words)
+    void vmem(FPRegisterID rd, RegisterID rn, int32_t imm, bool isLoad)
+    {
+        bool up;
+        uint32_t offset;
+        if (imm < 0) {
+            offset = -imm;
+            up = false;
+        } else {
+            offset = imm;
+            up = true;
+        }
+
+        // offset is effectively leftshifted by 2 already (the bottom two bits are zero, and not
+        // reperesented in the instruction.  Left shift by 14, to mov it into position 0x00AA0000.
+        ASSERT((offset & ~(0xff << 2)) == 0);
+        offset <<= 14;
+
+        m_formatter.vfpOp(0x0b00ed00 | offset | (up << 7) | (isLoad << 4) | doubleRegisterMask(rd, 6, 28) | rn);
+    }
+
+    static void setInt32(void* code, uint32_t value)
+    {
+        uint16_t* location = reinterpret_cast<uint16_t*>(code);
+
+        uint16_t lo16 = value;
+        uint16_t hi16 = value >> 16;
+
+        spliceHi5(location - 4, lo16);
+        spliceLo11(location - 3, lo16);
+        spliceHi5(location - 2, hi16);
+        spliceLo11(location - 1, hi16);
+
+        ExecutableAllocator::cacheFlush(location - 4, 4 * sizeof(uint16_t));
+    }
+
+    static void setPointer(void* code, void* value)
+    {
+        setInt32(code, reinterpret_cast<uint32_t>(value));
+    }
+
+    // Linking & patching:
+    // This method assumes that the JmpSrc being linked is a T4 b instruction.
+    static void linkWithOffset(uint16_t* instruction, intptr_t relative)
+    {
+        // Currently branches > 16m = mostly deathy.
+        if (((relative << 7) >> 7) != relative) {
+            // FIXME: This CRASH means we cannot turn the JIT on by default on arm-v7.
+            fprintf(stderr, "Error: Cannot link T4b.\n");
+            CRASH();
+        }
+        
+        // ARM encoding for the top two bits below the sign bit is 'peculiar'.
+        if (relative >= 0)
+            relative ^= 0xC00000;
+
+        // All branch offsets should be an even distance.
+        ASSERT(!(relative & 1));
+
+        int word1 = ((relative & 0x1000000) >> 14) | ((relative & 0x3ff000) >> 12);
+        int word2 = ((relative & 0x800000) >> 10) | ((relative & 0x400000) >> 11) | ((relative & 0xffe) >> 1);
+
+        instruction[-2] = OP_B_T4a | word1;
+        instruction[-1] = OP_B_T4b | word2;
+    }
+
+    // These functions can be used to splice 16-bit immediates back into previously generated instructions.
+    static void spliceHi5(uint16_t* where, uint16_t what)
+    {
+        uint16_t pattern = (what >> 12) | ((what & 0x0800) >> 1);
+        *where = (*where & 0xFBF0) | pattern;
+    }
+    static void spliceLo11(uint16_t* where, uint16_t what)
+    {
+        uint16_t pattern = ((what & 0x0700) << 4) | (what & 0x00FF);
+        *where = (*where & 0x8F00) | pattern;
+    }
+
+    class ARMInstructionFormatter {
+    public:
+        void oneWordOp5Reg3Imm8(OpcodeID op, RegisterID rd, uint8_t imm)
+        {
+            m_buffer.putShort(op | (rd << 8) | imm);
+        }
+        
+        void oneWordOp5Imm5Reg3Reg3(OpcodeID op, uint8_t imm, RegisterID reg1, RegisterID reg2)
+        {
+            m_buffer.putShort(op | (imm << 6) | (reg1 << 3) | reg2);
+        }
+
+        void oneWordOp7Reg3Reg3Reg3(OpcodeID op, RegisterID reg1, RegisterID reg2, RegisterID reg3)
+        {
+            m_buffer.putShort(op | (reg1 << 6) | (reg2 << 3) | reg3);
+        }
+
+        void oneWordOp8Imm8(OpcodeID op, uint8_t imm)
+        {
+            m_buffer.putShort(op | imm);
+        }
+
+        void oneWordOp8RegReg143(OpcodeID op, RegisterID reg1, RegisterID reg2)
+        {
+            m_buffer.putShort(op | ((reg2 & 8) << 4) | (reg1 << 3) | (reg2 & 7));
+        }
+        void oneWordOp9Imm7(OpcodeID op, uint8_t imm)
+        {
+            m_buffer.putShort(op | imm);
+        }
+
+        void oneWordOp10Reg3Reg3(OpcodeID op, RegisterID reg1, RegisterID reg2)
+        {
+            m_buffer.putShort(op | (reg1 << 3) | reg2);
+        }
+
+        void twoWordOp12Reg4FourFours(OpcodeID1 op, RegisterID reg, FourFours ff)
+        {
+            m_buffer.putShort(op | reg);
+            m_buffer.putShort(ff.m_u.value);
+        }
+        
+        void twoWordOp16FourFours(OpcodeID1 op, FourFours ff)
+        {
+            m_buffer.putShort(op);
+            m_buffer.putShort(ff.m_u.value);
+        }
+        
+        void twoWordOp16Op16(OpcodeID1 op1, OpcodeID2 op2)
+        {
+            m_buffer.putShort(op1);
+            m_buffer.putShort(op2);
+        }
+
+        void twoWordOp5i6Imm4Reg4EncodedImm(OpcodeID1 op, int imm4, RegisterID rd, ARMThumbImmediate imm)
+        {
+            m_buffer.putShort(op | (imm.m_value.i << 10) | imm4);
+            m_buffer.putShort((imm.m_value.imm3 << 12) | (rd << 8) | imm.m_value.imm8);
+        }
+
+        void twoWordOp12Reg4Reg4Imm12(OpcodeID1 op, RegisterID reg1, RegisterID reg2, uint16_t imm)
+        {
+            m_buffer.putShort(op | reg1);
+            m_buffer.putShort((reg2 << 12) | imm);
+        }
+
+        void vfpOp(int32_t op)
+        {
+            m_buffer.putInt(op);
+        }
+
+
+        // Administrative methods:
+
+        size_t size() const { return m_buffer.size(); }
+        bool isAligned(int alignment) const { return m_buffer.isAligned(alignment); }
+        void* data() const { return m_buffer.data(); }
+        void* executableCopy(ExecutablePool* allocator) { return m_buffer.executableCopy(allocator); }
+
+    private:
+        AssemblerBuffer m_buffer;
+    } m_formatter;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(ARM_THUMB2)
+
+#endif // ARMAssembler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AbstractMacroAssembler.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AbstractMacroAssembler.h
new file mode 100644
index 000000000..525fe9813
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AbstractMacroAssembler.h
@@ -0,0 +1,535 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef AbstractMacroAssembler_h
+#define AbstractMacroAssembler_h
+
+#include <wtf/Platform.h>
+
+#include <MacroAssemblerCodeRef.h>
+#include <CodeLocation.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/UnusedParam.h>
+
+#if ENABLE(ASSEMBLER)
+
+namespace JSC {
+
+class LinkBuffer;
+class RepatchBuffer;
+
+template <class AssemblerType>
+class AbstractMacroAssembler {
+public:
+    typedef AssemblerType AssemblerType_T;
+
+    typedef MacroAssemblerCodePtr CodePtr;
+    typedef MacroAssemblerCodeRef CodeRef;
+
+    class Jump;
+
+    typedef typename AssemblerType::RegisterID RegisterID;
+    typedef typename AssemblerType::FPRegisterID FPRegisterID;
+    typedef typename AssemblerType::JmpSrc JmpSrc;
+    typedef typename AssemblerType::JmpDst JmpDst;
+
+
+    // Section 1: MacroAssembler operand types
+    //
+    // The following types are used as operands to MacroAssembler operations,
+    // describing immediate  and memory operands to the instructions to be planted.
+
+
+    enum Scale {
+        TimesOne,
+        TimesTwo,
+        TimesFour,
+        TimesEight,
+    };
+
+    // Address:
+    //
+    // Describes a simple base-offset address.
+    struct Address {
+        explicit Address(RegisterID base, int32_t offset = 0)
+            : base(base)
+            , offset(offset)
+        {
+        }
+
+        RegisterID base;
+        int32_t offset;
+    };
+
+    // ImplicitAddress:
+    //
+    // This class is used for explicit 'load' and 'store' operations
+    // (as opposed to situations in which a memory operand is provided
+    // to a generic operation, such as an integer arithmetic instruction).
+    //
+    // In the case of a load (or store) operation we want to permit
+    // addresses to be implicitly constructed, e.g. the two calls:
+    //
+    //     load32(Address(addrReg), destReg);
+    //     load32(addrReg, destReg);
+    //
+    // Are equivalent, and the explicit wrapping of the Address in the former
+    // is unnecessary.
+    struct ImplicitAddress {
+        ImplicitAddress(RegisterID base)
+            : base(base)
+            , offset(0)
+        {
+        }
+
+        ImplicitAddress(Address address)
+            : base(address.base)
+            , offset(address.offset)
+        {
+        }
+
+        RegisterID base;
+        int32_t offset;
+    };
+
+    // BaseIndex:
+    //
+    // Describes a complex addressing mode.
+    struct BaseIndex {
+        BaseIndex(RegisterID base, RegisterID index, Scale scale, int32_t offset = 0)
+            : base(base)
+            , index(index)
+            , scale(scale)
+            , offset(offset)
+        {
+        }
+
+        RegisterID base;
+        RegisterID index;
+        Scale scale;
+        int32_t offset;
+    };
+
+    // AbsoluteAddress:
+    //
+    // Describes an memory operand given by a pointer.  For regular load & store
+    // operations an unwrapped void* will be used, rather than using this.
+    struct AbsoluteAddress {
+        explicit AbsoluteAddress(void* ptr)
+            : m_ptr(ptr)
+        {
+        }
+
+        void* m_ptr;
+    };
+
+    // ImmPtr:
+    //
+    // A pointer sized immediate operand to an instruction - this is wrapped
+    // in a class requiring explicit construction in order to differentiate
+    // from pointers used as absolute addresses to memory operations
+    struct ImmPtr {
+        explicit ImmPtr(void* value)
+            : m_value(value)
+        {
+        }
+
+        intptr_t asIntptr()
+        {
+            return reinterpret_cast<intptr_t>(m_value);
+        }
+
+        void* m_value;
+    };
+
+    // Imm32:
+    //
+    // A 32bit immediate operand to an instruction - this is wrapped in a
+    // class requiring explicit construction in order to prevent RegisterIDs
+    // (which are implemented as an enum) from accidentally being passed as
+    // immediate values.
+    struct Imm32 {
+        explicit Imm32(int32_t value)
+            : m_value(value)
+#if PLATFORM(ARM)
+            , m_isPointer(false)
+#endif
+        {
+        }
+
+#if !PLATFORM(X86_64)
+        explicit Imm32(ImmPtr ptr)
+            : m_value(ptr.asIntptr())
+#if PLATFORM(ARM)
+            , m_isPointer(true)
+#endif
+        {
+        }
+#endif
+
+        int32_t m_value;
+#if PLATFORM(ARM)
+        // We rely on being able to regenerate code to recover exception handling
+        // information.  Since ARMv7 supports 16-bit immediates there is a danger
+        // that if pointer values change the layout of the generated code will change.
+        // To avoid this problem, always generate pointers (and thus Imm32s constructed
+        // from ImmPtrs) with a code sequence that is able  to represent  any pointer
+        // value - don't use a more compact form in these cases.
+        bool m_isPointer;
+#endif
+    };
+
+
+    // Section 2: MacroAssembler code buffer handles
+    //
+    // The following types are used to reference items in the code buffer
+    // during JIT code generation.  For example, the type Jump is used to
+    // track the location of a jump instruction so that it may later be
+    // linked to a label marking its destination.
+
+
+    // Label:
+    //
+    // A Label records a point in the generated instruction stream, typically such that
+    // it may be used as a destination for a jump.
+    class Label {
+        template<class TemplateAssemblerType>
+        friend class AbstractMacroAssembler;
+        friend class Jump;
+        friend class MacroAssemblerCodeRef;
+        friend class LinkBuffer;
+
+    public:
+        Label()
+        {
+        }
+
+        Label(AbstractMacroAssembler<AssemblerType>* masm)
+            : m_label(masm->m_assembler.label())
+        {
+        }
+        
+        bool isUsed() const { return m_label.isUsed(); }
+        void used() { m_label.used(); }
+    private:
+        JmpDst m_label;
+    };
+
+    // DataLabelPtr:
+    //
+    // A DataLabelPtr is used to refer to a location in the code containing a pointer to be
+    // patched after the code has been generated.
+    class DataLabelPtr {
+        template<class TemplateAssemblerType>
+        friend class AbstractMacroAssembler;
+        friend class LinkBuffer;
+    public:
+        DataLabelPtr()
+        {
+        }
+
+        DataLabelPtr(AbstractMacroAssembler<AssemblerType>* masm)
+            : m_label(masm->m_assembler.label())
+        {
+        }
+        
+    private:
+        JmpDst m_label;
+    };
+
+    // DataLabel32:
+    //
+    // A DataLabelPtr is used to refer to a location in the code containing a pointer to be
+    // patched after the code has been generated.
+    class DataLabel32 {
+        template<class TemplateAssemblerType>
+        friend class AbstractMacroAssembler;
+        friend class LinkBuffer;
+    public:
+        DataLabel32()
+        {
+        }
+
+        DataLabel32(AbstractMacroAssembler<AssemblerType>* masm)
+            : m_label(masm->m_assembler.label())
+        {
+        }
+
+    private:
+        JmpDst m_label;
+    };
+
+    // Call:
+    //
+    // A Call object is a reference to a call instruction that has been planted
+    // into the code buffer - it is typically used to link the call, setting the
+    // relative offset such that when executed it will call to the desired
+    // destination.
+    class Call {
+        template<class TemplateAssemblerType>
+        friend class AbstractMacroAssembler;
+
+    public:
+        enum Flags {
+            None = 0x0,
+            Linkable = 0x1,
+            Near = 0x2,
+            LinkableNear = 0x3,
+        };
+
+        Call()
+            : m_flags(None)
+        {
+        }
+        
+        Call(JmpSrc jmp, Flags flags)
+            : m_jmp(jmp)
+            , m_flags(flags)
+        {
+        }
+
+        bool isFlagSet(Flags flag)
+        {
+            return m_flags & flag;
+        }
+
+        static Call fromTailJump(Jump jump)
+        {
+            return Call(jump.m_jmp, Linkable);
+        }
+
+        JmpSrc m_jmp;
+    private:
+        Flags m_flags;
+    };
+
+    // Jump:
+    //
+    // A jump object is a reference to a jump instruction that has been planted
+    // into the code buffer - it is typically used to link the jump, setting the
+    // relative offset such that when executed it will jump to the desired
+    // destination.
+    class Jump {
+        template<class TemplateAssemblerType>
+        friend class AbstractMacroAssembler;
+        friend class Call;
+        friend class LinkBuffer;
+    public:
+        Jump()
+        {
+        }
+        
+        Jump(JmpSrc jmp)    
+            : m_jmp(jmp)
+        {
+        }
+        
+        void link(AbstractMacroAssembler<AssemblerType>* masm)
+        {
+            masm->m_assembler.linkJump(m_jmp, masm->m_assembler.label());
+        }
+        
+        void linkTo(Label label, AbstractMacroAssembler<AssemblerType>* masm)
+        {
+            masm->m_assembler.linkJump(m_jmp, label.m_label);
+        }
+
+    private:
+        JmpSrc m_jmp;
+    };
+
+    // JumpList:
+    //
+    // A JumpList is a set of Jump objects.
+    // All jumps in the set will be linked to the same destination.
+    class JumpList {
+        friend class LinkBuffer;
+
+    public:
+        typedef Vector<Jump, 16> JumpVector;
+
+        void link(AbstractMacroAssembler<AssemblerType>* masm)
+        {
+            size_t size = m_jumps.size();
+            for (size_t i = 0; i < size; ++i)
+                m_jumps[i].link(masm);
+            m_jumps.clear();
+        }
+        
+        void linkTo(Label label, AbstractMacroAssembler<AssemblerType>* masm)
+        {
+            size_t size = m_jumps.size();
+            for (size_t i = 0; i < size; ++i)
+                m_jumps[i].linkTo(label, masm);
+            m_jumps.clear();
+        }
+        
+        void append(Jump jump)
+        {
+            m_jumps.append(jump);
+        }
+        
+        void append(JumpList& other)
+        {
+            m_jumps.append(other.m_jumps.begin(), other.m_jumps.size());
+        }
+
+        bool empty()
+        {
+            return !m_jumps.size();
+        }
+        
+        const JumpVector& jumps() { return m_jumps; }
+
+    private:
+        JumpVector m_jumps;
+    };
+
+
+    // Section 3: Misc admin methods
+
+    static CodePtr trampolineAt(CodeRef ref, Label label)
+    {
+        return CodePtr(AssemblerType::getRelocatedAddress(ref.m_code.dataLocation(), label.m_label));
+    }
+
+    size_t size()
+    {
+        return m_assembler.size();
+    }
+
+    Label label()
+    {
+        return Label(this);
+    }
+    
+    Label align()
+    {
+        m_assembler.align(16);
+        return Label(this);
+    }
+
+    ptrdiff_t differenceBetween(Label from, Jump to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_jmp);
+    }
+
+    ptrdiff_t differenceBetween(Label from, Call to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_jmp);
+    }
+
+    ptrdiff_t differenceBetween(Label from, Label to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_label);
+    }
+
+    ptrdiff_t differenceBetween(Label from, DataLabelPtr to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_label);
+    }
+
+    ptrdiff_t differenceBetween(Label from, DataLabel32 to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_label);
+    }
+
+    ptrdiff_t differenceBetween(DataLabelPtr from, Jump to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_jmp);
+    }
+
+    ptrdiff_t differenceBetween(DataLabelPtr from, DataLabelPtr to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_label);
+    }
+
+    ptrdiff_t differenceBetween(DataLabelPtr from, Call to)
+    {
+        return AssemblerType::getDifferenceBetweenLabels(from.m_label, to.m_jmp);
+    }
+
+protected:
+    AssemblerType m_assembler;
+
+    friend class LinkBuffer;
+    friend class RepatchBuffer;
+
+    static void linkJump(void* code, Jump jump, CodeLocationLabel target)
+    {
+        AssemblerType::linkJump(code, jump.m_jmp, target.dataLocation());
+    }
+
+    static void linkPointer(void* code, typename AssemblerType::JmpDst label, void* value)
+    {
+        AssemblerType::linkPointer(code, label, value);
+    }
+
+    static void* getLinkerAddress(void* code, typename AssemblerType::JmpSrc label)
+    {
+        return AssemblerType::getRelocatedAddress(code, label);
+    }
+
+    static void* getLinkerAddress(void* code, typename AssemblerType::JmpDst label)
+    {
+        return AssemblerType::getRelocatedAddress(code, label);
+    }
+
+    static unsigned getLinkerCallReturnOffset(Call call)
+    {
+        return AssemblerType::getCallReturnOffset(call.m_jmp);
+    }
+
+    static void repatchJump(CodeLocationJump jump, CodeLocationLabel destination)
+    {
+        AssemblerType::relinkJump(jump.dataLocation(), destination.dataLocation());
+    }
+
+    static void repatchNearCall(CodeLocationNearCall nearCall, CodeLocationLabel destination)
+    {
+        AssemblerType::relinkCall(nearCall.dataLocation(), destination.executableAddress());
+    }
+
+    static void repatchInt32(CodeLocationDataLabel32 dataLabel32, int32_t value)
+    {
+        AssemblerType::repatchInt32(dataLabel32.dataLocation(), value);
+    }
+
+    static void repatchPointer(CodeLocationDataLabelPtr dataLabelPtr, void* value)
+    {
+        AssemblerType::repatchPointer(dataLabelPtr.dataLocation(), value);
+    }
+
+    static void repatchLoadPtrToLEA(CodeLocationInstruction instruction)
+    {
+        AssemblerType::repatchLoadPtrToLEA(instruction.dataLocation());
+    }
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // AbstractMacroAssembler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBuffer.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBuffer.h
new file mode 100644
index 000000000..073906a52
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBuffer.h
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef AssemblerBuffer_h
+#define AssemblerBuffer_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include "stdint.h"
+#include <string.h>
+#include <jit/ExecutableAllocator.h>
+#include <wtf/Assertions.h>
+#include <wtf/FastMalloc.h>
+
+namespace JSC {
+
+    class AssemblerBuffer {
+        static const int inlineCapacity = 256;
+    public:
+        AssemblerBuffer()
+            : m_buffer(m_inlineBuffer)
+            , m_capacity(inlineCapacity)
+            , m_size(0)
+        {
+        }
+
+        ~AssemblerBuffer()
+        {
+            if (m_buffer != m_inlineBuffer)
+                fastFree(m_buffer);
+        }
+
+        void ensureSpace(int space)
+        {
+            if (m_size > m_capacity - space)
+                grow();
+        }
+
+        bool isAligned(int alignment) const
+        {
+            return !(m_size & (alignment - 1));
+        }
+
+        void putByteUnchecked(int value)
+        {
+            ASSERT(!(m_size > m_capacity - 4));
+            m_buffer[m_size] = value;
+            m_size++;
+        }
+
+        void putByte(int value)
+        {
+            if (m_size > m_capacity - 4)
+                grow();
+            putByteUnchecked(value);
+        }
+
+        void putShortUnchecked(int value)
+        {
+            ASSERT(!(m_size > m_capacity - 4));
+            *reinterpret_cast<short*>(&m_buffer[m_size]) = value;
+            m_size += 2;
+        }
+
+        void putShort(int value)
+        {
+            if (m_size > m_capacity - 4)
+                grow();
+            putShortUnchecked(value);
+        }
+
+        void putIntUnchecked(int value)
+        {
+            ASSERT(!(m_size > m_capacity - 4));
+            *reinterpret_cast<int*>(&m_buffer[m_size]) = value;
+            m_size += 4;
+        }
+
+        void putInt64Unchecked(int64_t value)
+        {
+            ASSERT(!(m_size > m_capacity - 8));
+            *reinterpret_cast<int64_t*>(&m_buffer[m_size]) = value;
+            m_size += 8;
+        }
+
+        void putInt(int value)
+        {
+            if (m_size > m_capacity - 4)
+                grow();
+            putIntUnchecked(value);
+        }
+
+        void* data() const
+        {
+            return m_buffer;
+        }
+
+        int size() const
+        {
+            return m_size;
+        }
+
+        void* executableCopy(ExecutablePool* allocator)
+        {
+            if (!m_size)
+                return 0;
+
+            void* result = allocator->alloc(m_size);
+
+            if (!result)
+                return 0;
+
+            ExecutableAllocator::makeWritable(result, m_size);
+
+            return memcpy(result, m_buffer, m_size);
+        }
+
+    protected:
+        void append(const char* data, int size)
+        {
+            if (m_size > m_capacity - size)
+                grow(size);
+
+            memcpy(m_buffer + m_size, data, size);
+            m_size += size;
+        }
+
+        void grow(int extraCapacity = 0)
+        {
+            m_capacity += m_capacity / 2 + extraCapacity;
+
+            if (m_buffer == m_inlineBuffer) {
+                char* newBuffer = static_cast<char*>(fastMalloc(m_capacity));
+                m_buffer = static_cast<char*>(memcpy(newBuffer, m_buffer, m_size));
+            } else
+                m_buffer = static_cast<char*>(fastRealloc(m_buffer, m_capacity));
+        }
+
+        char m_inlineBuffer[inlineCapacity];
+        char* m_buffer;
+        int m_capacity;
+        int m_size;
+    };
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // AssemblerBuffer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBufferWithConstantPool.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBufferWithConstantPool.h
new file mode 100644
index 000000000..af3c3be07
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/AssemblerBufferWithConstantPool.h
@@ -0,0 +1,318 @@
+/*
+ * Copyright (C) 2009 University of Szeged
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY UNIVERSITY OF SZEGED ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL UNIVERSITY OF SZEGED OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef AssemblerBufferWithConstantPool_h
+#define AssemblerBufferWithConstantPool_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include "AssemblerBuffer.h"
+#include <wtf/SegmentedVector.h>
+
+#define ASSEMBLER_HAS_CONSTANT_POOL 1
+
+namespace JSC {
+
+/*
+    On a constant pool 4 or 8 bytes data can be stored. The values can be
+    constants or addresses. The addresses should be 32 or 64 bits. The constants
+    should be double-precisions float or integer numbers which are hard to be
+    encoded as few machine instructions.
+
+    TODO: The pool is desinged to handle both 32 and 64 bits values, but
+    currently only the 4 bytes constants are implemented and tested.
+
+    The AssemblerBuffer can contain multiple constant pools. Each pool is inserted
+    into the instruction stream - protected by a jump instruction from the
+    execution flow.
+
+    The flush mechanism is called when no space remain to insert the next instruction
+    into the pool. Three values are used to determine when the constant pool itself
+    have to be inserted into the instruction stream (Assembler Buffer):
+
+    - maxPoolSize: size of the constant pool in bytes, this value cannot be
+        larger than the maximum offset of a PC relative memory load
+
+    - barrierSize: size of jump instruction in bytes which protects the
+        constant pool from execution
+
+    - maxInstructionSize: maximum length of a machine instruction in bytes
+
+    There are some callbacks which solve the target architecture specific
+    address handling:
+
+    - TYPE patchConstantPoolLoad(TYPE load, int value):
+        patch the 'load' instruction with the index of the constant in the
+        constant pool and return the patched instruction.
+
+    - void patchConstantPoolLoad(void* loadAddr, void* constPoolAddr):
+        patch the a PC relative load instruction at 'loadAddr' address with the
+        final relative offset. The offset can be computed with help of
+        'constPoolAddr' (the address of the constant pool) and index of the
+        constant (which is stored previously in the load instruction itself).
+
+    - TYPE placeConstantPoolBarrier(int size):
+        return with a constant pool barrier instruction which jumps over the
+        constant pool.
+
+    The 'put*WithConstant*' functions should be used to place a data into the
+    constant pool.
+*/
+
+template <int maxPoolSize, int barrierSize, int maxInstructionSize, class AssemblerType>
+class AssemblerBufferWithConstantPool: public AssemblerBuffer {
+    typedef SegmentedVector<uint32_t, 512> LoadOffsets;
+public:
+    enum {
+        UniqueConst,
+        ReusableConst,
+        UnusedEntry,
+    };
+
+    AssemblerBufferWithConstantPool()
+        : AssemblerBuffer()
+        , m_numConsts(0)
+        , m_maxDistance(maxPoolSize)
+        , m_lastConstDelta(0)
+    {
+        m_pool = static_cast<uint32_t*>(fastMalloc(maxPoolSize));
+        m_mask = static_cast<char*>(fastMalloc(maxPoolSize / sizeof(uint32_t)));
+    }
+
+    ~AssemblerBufferWithConstantPool()
+    {
+        fastFree(m_mask);
+        fastFree(m_pool);
+    }
+
+    void ensureSpace(int space)
+    {
+        flushIfNoSpaceFor(space);
+        AssemblerBuffer::ensureSpace(space);
+    }
+
+    void ensureSpace(int insnSpace, int constSpace)
+    {
+        flushIfNoSpaceFor(insnSpace, constSpace);
+        AssemblerBuffer::ensureSpace(insnSpace);
+    }
+
+    bool isAligned(int alignment)
+    {
+        flushIfNoSpaceFor(alignment);
+        return AssemblerBuffer::isAligned(alignment);
+    }
+
+    void putByteUnchecked(int value)
+    {
+        AssemblerBuffer::putByteUnchecked(value);
+        correctDeltas(1);
+    }
+
+    void putByte(int value)
+    {
+        flushIfNoSpaceFor(1);
+        AssemblerBuffer::putByte(value);
+        correctDeltas(1);
+    }
+
+    void putShortUnchecked(int value)
+    {
+        AssemblerBuffer::putShortUnchecked(value);
+        correctDeltas(2);
+    }
+
+    void putShort(int value)
+    {
+        flushIfNoSpaceFor(2);
+        AssemblerBuffer::putShort(value);
+        correctDeltas(2);
+    }
+
+    void putIntUnchecked(int value)
+    {
+        AssemblerBuffer::putIntUnchecked(value);
+        correctDeltas(4);
+    }
+
+    void putInt(int value)
+    {
+        flushIfNoSpaceFor(4);
+        AssemblerBuffer::putInt(value);
+        correctDeltas(4);
+    }
+
+    void putInt64Unchecked(int64_t value)
+    {
+        AssemblerBuffer::putInt64Unchecked(value);
+        correctDeltas(8);
+    }
+
+    int size()
+    {
+        flushIfNoSpaceFor(maxInstructionSize, sizeof(uint64_t));
+        return AssemblerBuffer::size();
+    }
+
+    int uncheckedSize()
+    {
+        return AssemblerBuffer::size();
+    }
+
+    void* executableCopy(ExecutablePool* allocator)
+    {
+        flushConstantPool(false);
+        return AssemblerBuffer::executableCopy(allocator);
+    }
+
+    void putIntWithConstantInt(uint32_t insn, uint32_t constant, bool isReusable = false)
+    {
+        flushIfNoSpaceFor(4, 4);
+
+        m_loadOffsets.append(AssemblerBuffer::size());
+        if (isReusable)
+            for (int i = 0; i < m_numConsts; ++i) {
+                if (m_mask[i] == ReusableConst && m_pool[i] == constant) {
+                    AssemblerBuffer::putInt(AssemblerType::patchConstantPoolLoad(insn, i));
+                    correctDeltas(4);
+                    return;
+                }
+            }
+
+        m_pool[m_numConsts] = constant;
+        m_mask[m_numConsts] = static_cast<char>(isReusable ? ReusableConst : UniqueConst);
+
+        AssemblerBuffer::putInt(AssemblerType::patchConstantPoolLoad(insn, m_numConsts));
+        ++m_numConsts;
+
+        correctDeltas(4, 4);
+    }
+
+    // This flushing mechanism can be called after any unconditional jumps.
+    void flushWithoutBarrier(bool isForced = false)
+    {
+        // Flush if constant pool is more than 60% full to avoid overuse of this function.
+        if (isForced || 5 * m_numConsts > 3 * maxPoolSize / sizeof(uint32_t))
+            flushConstantPool(false);
+    }
+
+    uint32_t* poolAddress()
+    {
+        return m_pool;
+    }
+
+    int sizeOfConstantPool()
+    {
+        return m_numConsts;
+    }
+
+private:
+    void correctDeltas(int insnSize)
+    {
+        m_maxDistance -= insnSize;
+        m_lastConstDelta -= insnSize;
+        if (m_lastConstDelta < 0)
+            m_lastConstDelta = 0;
+    }
+
+    void correctDeltas(int insnSize, int constSize)
+    {
+        correctDeltas(insnSize);
+
+        m_maxDistance -= m_lastConstDelta;
+        m_lastConstDelta = constSize;
+    }
+
+    void flushConstantPool(bool useBarrier = true)
+    {
+        if (m_numConsts == 0)
+            return;
+        int alignPool = (AssemblerBuffer::size() + (useBarrier ? barrierSize : 0)) & (sizeof(uint64_t) - 1);
+
+        if (alignPool)
+            alignPool = sizeof(uint64_t) - alignPool;
+
+        // Callback to protect the constant pool from execution
+        if (useBarrier)
+            AssemblerBuffer::putInt(AssemblerType::placeConstantPoolBarrier(m_numConsts * sizeof(uint32_t) + alignPool));
+
+        if (alignPool) {
+            if (alignPool & 1)
+                AssemblerBuffer::putByte(AssemblerType::padForAlign8);
+            if (alignPool & 2)
+                AssemblerBuffer::putShort(AssemblerType::padForAlign16);
+            if (alignPool & 4)
+                AssemblerBuffer::putInt(AssemblerType::padForAlign32);
+        }
+
+        int constPoolOffset = AssemblerBuffer::size();
+        append(reinterpret_cast<char*>(m_pool), m_numConsts * sizeof(uint32_t));
+
+        // Patch each PC relative load
+        for (LoadOffsets::Iterator iter = m_loadOffsets.begin(); iter != m_loadOffsets.end(); ++iter) {
+            void* loadAddr = reinterpret_cast<void*>(m_buffer + *iter);
+            AssemblerType::patchConstantPoolLoad(loadAddr, reinterpret_cast<void*>(m_buffer + constPoolOffset));
+        }
+
+        m_loadOffsets.clear();
+        m_numConsts = 0;
+        m_maxDistance = maxPoolSize;
+    }
+
+    void flushIfNoSpaceFor(int nextInsnSize)
+    {
+        if (m_numConsts == 0)
+            return;
+        int lastConstDelta = m_lastConstDelta > nextInsnSize ? m_lastConstDelta - nextInsnSize : 0;
+        if ((m_maxDistance < nextInsnSize + lastConstDelta + barrierSize + (int)sizeof(uint32_t)))
+            flushConstantPool();
+    }
+
+    void flushIfNoSpaceFor(int nextInsnSize, int nextConstSize)
+    {
+        if (m_numConsts == 0)
+            return;
+        if ((m_maxDistance < nextInsnSize + m_lastConstDelta + nextConstSize + barrierSize + (int)sizeof(uint32_t)) ||
+            (m_numConsts * sizeof(uint32_t) + nextConstSize >= maxPoolSize))
+            flushConstantPool();
+    }
+
+    uint32_t* m_pool;
+    char* m_mask;
+    LoadOffsets m_loadOffsets;
+
+    int m_numConsts;
+    int m_maxDistance;
+    int m_lastConstDelta;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // AssemblerBufferWithConstantPool_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/CodeLocation.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/CodeLocation.h
new file mode 100644
index 000000000..b910b6f88
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/CodeLocation.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CodeLocation_h
+#define CodeLocation_h
+
+#include <wtf/Platform.h>
+
+#include <MacroAssemblerCodeRef.h>
+
+#if ENABLE(ASSEMBLER)
+
+namespace JSC {
+
+class CodeLocationInstruction;
+class CodeLocationLabel;
+class CodeLocationJump;
+class CodeLocationCall;
+class CodeLocationNearCall;
+class CodeLocationDataLabel32;
+class CodeLocationDataLabelPtr;
+
+// The CodeLocation* types are all pretty much do-nothing wrappers around
+// CodePtr (or MacroAssemblerCodePtr, to give it its full name).  These
+// classes only exist to provide type-safety when linking and patching code.
+//
+// The one new piece of functionallity introduced by these classes is the
+// ability to create (or put another way, to re-discover) another CodeLocation
+// at an offset from one you already know.  When patching code to optimize it
+// we often want to patch a number of instructions that are short, fixed
+// offsets apart.  To reduce memory overhead we will only retain a pointer to
+// one of the instructions, and we will use the *AtOffset methods provided by
+// CodeLocationCommon to find the other points in the code to modify.
+class CodeLocationCommon : public MacroAssemblerCodePtr {
+public:
+    CodeLocationInstruction instructionAtOffset(int offset);
+    CodeLocationLabel labelAtOffset(int offset);
+    CodeLocationJump jumpAtOffset(int offset);
+    CodeLocationCall callAtOffset(int offset);
+    CodeLocationNearCall nearCallAtOffset(int offset);
+    CodeLocationDataLabelPtr dataLabelPtrAtOffset(int offset);
+    CodeLocationDataLabel32 dataLabel32AtOffset(int offset);
+
+protected:
+    CodeLocationCommon()
+    {
+    }
+
+    CodeLocationCommon(MacroAssemblerCodePtr location)
+        : MacroAssemblerCodePtr(location)
+    {
+    }
+};
+
+class CodeLocationInstruction : public CodeLocationCommon {
+public:
+    CodeLocationInstruction() {}
+    explicit CodeLocationInstruction(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationInstruction(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationLabel : public CodeLocationCommon {
+public:
+    CodeLocationLabel() {}
+    explicit CodeLocationLabel(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationLabel(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationJump : public CodeLocationCommon {
+public:
+    CodeLocationJump() {}
+    explicit CodeLocationJump(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationJump(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationCall : public CodeLocationCommon {
+public:
+    CodeLocationCall() {}
+    explicit CodeLocationCall(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationCall(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationNearCall : public CodeLocationCommon {
+public:
+    CodeLocationNearCall() {}
+    explicit CodeLocationNearCall(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationNearCall(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationDataLabel32 : public CodeLocationCommon {
+public:
+    CodeLocationDataLabel32() {}
+    explicit CodeLocationDataLabel32(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationDataLabel32(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+class CodeLocationDataLabelPtr : public CodeLocationCommon {
+public:
+    CodeLocationDataLabelPtr() {}
+    explicit CodeLocationDataLabelPtr(MacroAssemblerCodePtr location)
+        : CodeLocationCommon(location) {}
+    explicit CodeLocationDataLabelPtr(void* location)
+        : CodeLocationCommon(MacroAssemblerCodePtr(location)) {}
+};
+
+inline CodeLocationInstruction CodeLocationCommon::instructionAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationInstruction(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationLabel CodeLocationCommon::labelAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationLabel(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationJump CodeLocationCommon::jumpAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationJump(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationCall CodeLocationCommon::callAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationCall(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationNearCall CodeLocationCommon::nearCallAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationNearCall(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationDataLabelPtr CodeLocationCommon::dataLabelPtrAtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationDataLabelPtr(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+inline CodeLocationDataLabel32 CodeLocationCommon::dataLabel32AtOffset(int offset)
+{
+    ASSERT_VALID_CODE_OFFSET(offset);
+    return CodeLocationDataLabel32(reinterpret_cast<char*>(dataLocation()) + offset);
+}
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // CodeLocation_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/LinkBuffer.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/LinkBuffer.h
new file mode 100644
index 000000000..6d0811703
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/LinkBuffer.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef LinkBuffer_h
+#define LinkBuffer_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include <MacroAssembler.h>
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+
+// LinkBuffer:
+//
+// This class assists in linking code generated by the macro assembler, once code generation
+// has been completed, and the code has been copied to is final location in memory.  At this
+// time pointers to labels within the code may be resolved, and relative offsets to external
+// addresses may be fixed.
+//
+// Specifically:
+//   * Jump objects may be linked to external targets,
+//   * The address of Jump objects may taken, such that it can later be relinked.
+//   * The return address of a Call may be acquired.
+//   * The address of a Label pointing into the code may be resolved.
+//   * The value referenced by a DataLabel may be set.
+//
+class LinkBuffer : public Noncopyable {
+    typedef MacroAssemblerCodeRef CodeRef;
+    typedef MacroAssembler::Label Label;
+    typedef MacroAssembler::Jump Jump;
+    typedef MacroAssembler::JumpList JumpList;
+    typedef MacroAssembler::Call Call;
+    typedef MacroAssembler::DataLabel32 DataLabel32;
+    typedef MacroAssembler::DataLabelPtr DataLabelPtr;
+
+public:
+    // Note: Initialization sequence is significant, since executablePool is a PassRefPtr.
+    //       First, executablePool is copied into m_executablePool, then the initialization of
+    //       m_code uses m_executablePool, *not* executablePool, since this is no longer valid.
+    LinkBuffer(MacroAssembler* masm, PassRefPtr<ExecutablePool> executablePool)
+        : m_executablePool(executablePool)
+        , m_code(masm->m_assembler.executableCopy(m_executablePool.get()))
+        , m_size(masm->m_assembler.size())
+#ifndef NDEBUG
+        , m_completed(false)
+#endif
+    {
+    }
+
+    ~LinkBuffer()
+    {
+        ASSERT(m_completed);
+    }
+
+    // These methods are used to link or set values at code generation time.
+
+    void link(Call call, FunctionPtr function)
+    {
+        ASSERT(call.isFlagSet(Call::Linkable));
+        MacroAssembler::linkCall(code(), call, function);
+    }
+    
+    void link(Jump jump, CodeLocationLabel label)
+    {
+        MacroAssembler::linkJump(code(), jump, label);
+    }
+
+    void link(JumpList list, CodeLocationLabel label)
+    {
+        for (unsigned i = 0; i < list.m_jumps.size(); ++i)
+            MacroAssembler::linkJump(code(), list.m_jumps[i], label);
+    }
+
+    void patch(DataLabelPtr label, void* value)
+    {
+        MacroAssembler::linkPointer(code(), label.m_label, value);
+    }
+
+    void patch(DataLabelPtr label, CodeLocationLabel value)
+    {
+        MacroAssembler::linkPointer(code(), label.m_label, value.executableAddress());
+    }
+
+    // These methods are used to obtain handles to allow the code to be relinked / repatched later.
+
+    CodeLocationCall locationOf(Call call)
+    {
+        ASSERT(call.isFlagSet(Call::Linkable));
+        ASSERT(!call.isFlagSet(Call::Near));
+        return CodeLocationCall(MacroAssembler::getLinkerAddress(code(), call.m_jmp));
+    }
+
+    CodeLocationNearCall locationOfNearCall(Call call)
+    {
+        ASSERT(call.isFlagSet(Call::Linkable));
+        ASSERT(call.isFlagSet(Call::Near));
+        return CodeLocationNearCall(MacroAssembler::getLinkerAddress(code(), call.m_jmp));
+    }
+
+    CodeLocationLabel locationOf(Label label)
+    {
+        return CodeLocationLabel(MacroAssembler::getLinkerAddress(code(), label.m_label));
+    }
+
+    CodeLocationDataLabelPtr locationOf(DataLabelPtr label)
+    {
+        return CodeLocationDataLabelPtr(MacroAssembler::getLinkerAddress(code(), label.m_label));
+    }
+
+    CodeLocationDataLabel32 locationOf(DataLabel32 label)
+    {
+        return CodeLocationDataLabel32(MacroAssembler::getLinkerAddress(code(), label.m_label));
+    }
+
+    // This method obtains the return address of the call, given as an offset from
+    // the start of the code.
+    unsigned returnAddressOffset(Call call)
+    {
+        return MacroAssembler::getLinkerCallReturnOffset(call);
+    }
+
+    // Upon completion of all patching either 'finalizeCode()' or 'finalizeCodeAddendum()' should be called
+    // once to complete generation of the code.  'finalizeCode()' is suited to situations
+    // where the executable pool must also be retained, the lighter-weight 'finalizeCodeAddendum()' is
+    // suited to adding to an existing allocation.
+    CodeRef finalizeCode()
+    {
+        performFinalization();
+
+        return CodeRef(m_code, m_executablePool, m_size);
+    }
+    CodeLocationLabel finalizeCodeAddendum()
+    {
+        performFinalization();
+
+        return CodeLocationLabel(code());
+    }
+
+private:
+    // Keep this private! - the underlying code should only be obtained externally via 
+    // finalizeCode() or finalizeCodeAddendum().
+    void* code()
+    {
+        return m_code;
+    }
+
+    void performFinalization()
+    {
+#ifndef NDEBUG
+        ASSERT(!m_completed);
+        m_completed = true;
+#endif
+
+        ExecutableAllocator::makeExecutable(code(), m_size);
+        ExecutableAllocator::cacheFlush(code(), m_size);
+    }
+
+    RefPtr<ExecutablePool> m_executablePool;
+    void* m_code;
+    size_t m_size;
+#ifndef NDEBUG
+    bool m_completed;
+#endif
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // LinkBuffer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssembler.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssembler.h
new file mode 100644
index 000000000..2743ab4e4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssembler.h
@@ -0,0 +1,347 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssembler_h
+#define MacroAssembler_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#if PLATFORM(ARM_THUMB2)
+#include "MacroAssemblerARMv7.h"
+namespace JSC { typedef MacroAssemblerARMv7 MacroAssemblerBase; };
+
+#elif PLATFORM(ARM_TRADITIONAL)
+#include "MacroAssemblerARM.h"
+namespace JSC { typedef MacroAssemblerARM MacroAssemblerBase; };
+
+#elif PLATFORM(X86)
+#include "MacroAssemblerX86.h"
+namespace JSC { typedef MacroAssemblerX86 MacroAssemblerBase; };
+
+#elif PLATFORM(X86_64)
+#include "MacroAssemblerX86_64.h"
+namespace JSC { typedef MacroAssemblerX86_64 MacroAssemblerBase; };
+
+#else
+#error "The MacroAssembler is not supported on this platform."
+#endif
+
+
+namespace JSC {
+
+class MacroAssembler : public MacroAssemblerBase {
+public:
+
+    using MacroAssemblerBase::pop;
+    using MacroAssemblerBase::jump;
+    using MacroAssemblerBase::branch32;
+    using MacroAssemblerBase::branch16;
+#if PLATFORM(X86_64)
+    using MacroAssemblerBase::branchPtr;
+    using MacroAssemblerBase::branchTestPtr;
+#endif
+
+
+    // Platform agnostic onvenience functions,
+    // described in terms of other macro assembly methods.
+    void pop()
+    {
+        addPtr(Imm32(sizeof(void*)), stackPointerRegister);
+    }
+    
+    void peek(RegisterID dest, int index = 0)
+    {
+        loadPtr(Address(stackPointerRegister, (index * sizeof(void*))), dest);
+    }
+
+    void poke(RegisterID src, int index = 0)
+    {
+        storePtr(src, Address(stackPointerRegister, (index * sizeof(void*))));
+    }
+
+    void poke(Imm32 value, int index = 0)
+    {
+        store32(value, Address(stackPointerRegister, (index * sizeof(void*))));
+    }
+
+    void poke(ImmPtr imm, int index = 0)
+    {
+        storePtr(imm, Address(stackPointerRegister, (index * sizeof(void*))));
+    }
+
+
+    // Backwards banches, these are currently all implemented using existing forwards branch mechanisms.
+    void branchPtr(Condition cond, RegisterID op1, ImmPtr imm, Label target)
+    {
+        branchPtr(cond, op1, imm).linkTo(target, this);
+    }
+
+    void branch32(Condition cond, RegisterID op1, RegisterID op2, Label target)
+    {
+        branch32(cond, op1, op2).linkTo(target, this);
+    }
+
+    void branch32(Condition cond, RegisterID op1, Imm32 imm, Label target)
+    {
+        branch32(cond, op1, imm).linkTo(target, this);
+    }
+
+    void branch32(Condition cond, RegisterID left, Address right, Label target)
+    {
+        branch32(cond, left, right).linkTo(target, this);
+    }
+
+    void branch16(Condition cond, BaseIndex left, RegisterID right, Label target)
+    {
+        branch16(cond, left, right).linkTo(target, this);
+    }
+    
+    void branchTestPtr(Condition cond, RegisterID reg, Label target)
+    {
+        branchTestPtr(cond, reg).linkTo(target, this);
+    }
+
+    void jump(Label target)
+    {
+        jump().linkTo(target, this);
+    }
+
+
+    // Ptr methods
+    // On 32-bit platforms (i.e. x86), these methods directly map onto their 32-bit equivalents.
+#if !PLATFORM(X86_64)
+    void addPtr(RegisterID src, RegisterID dest)
+    {
+        add32(src, dest);
+    }
+
+    void addPtr(Imm32 imm, RegisterID srcDest)
+    {
+        add32(imm, srcDest);
+    }
+
+    void addPtr(ImmPtr imm, RegisterID dest)
+    {
+        add32(Imm32(imm), dest);
+    }
+
+    void addPtr(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        add32(imm, src, dest);
+    }
+
+    void andPtr(RegisterID src, RegisterID dest)
+    {
+        and32(src, dest);
+    }
+
+    void andPtr(Imm32 imm, RegisterID srcDest)
+    {
+        and32(imm, srcDest);
+    }
+
+    void orPtr(RegisterID src, RegisterID dest)
+    {
+        or32(src, dest);
+    }
+
+    void orPtr(ImmPtr imm, RegisterID dest)
+    {
+        or32(Imm32(imm), dest);
+    }
+
+    void orPtr(Imm32 imm, RegisterID dest)
+    {
+        or32(imm, dest);
+    }
+
+    void rshiftPtr(RegisterID shift_amount, RegisterID dest)
+    {
+        rshift32(shift_amount, dest);
+    }
+
+    void rshiftPtr(Imm32 imm, RegisterID dest)
+    {
+        rshift32(imm, dest);
+    }
+
+    void subPtr(RegisterID src, RegisterID dest)
+    {
+        sub32(src, dest);
+    }
+    
+    void subPtr(Imm32 imm, RegisterID dest)
+    {
+        sub32(imm, dest);
+    }
+    
+    void subPtr(ImmPtr imm, RegisterID dest)
+    {
+        sub32(Imm32(imm), dest);
+    }
+
+    void xorPtr(RegisterID src, RegisterID dest)
+    {
+        xor32(src, dest);
+    }
+
+    void xorPtr(Imm32 imm, RegisterID srcDest)
+    {
+        xor32(imm, srcDest);
+    }
+
+
+    void loadPtr(ImplicitAddress address, RegisterID dest)
+    {
+        load32(address, dest);
+    }
+
+    void loadPtr(BaseIndex address, RegisterID dest)
+    {
+        load32(address, dest);
+    }
+
+    void loadPtr(void* address, RegisterID dest)
+    {
+        load32(address, dest);
+    }
+
+    DataLabel32 loadPtrWithAddressOffsetPatch(Address address, RegisterID dest)
+    {
+        return load32WithAddressOffsetPatch(address, dest);
+    }
+
+    void setPtr(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        set32(cond, left, right, dest);
+    }
+
+    void storePtr(RegisterID src, ImplicitAddress address)
+    {
+        store32(src, address);
+    }
+
+    void storePtr(RegisterID src, BaseIndex address)
+    {
+        store32(src, address);
+    }
+
+    void storePtr(RegisterID src, void* address)
+    {
+        store32(src, address);
+    }
+
+    void storePtr(ImmPtr imm, ImplicitAddress address)
+    {
+        store32(Imm32(imm), address);
+    }
+
+    void storePtr(ImmPtr imm, void* address)
+    {
+        store32(Imm32(imm), address);
+    }
+
+    DataLabel32 storePtrWithAddressOffsetPatch(RegisterID src, Address address)
+    {
+        return store32WithAddressOffsetPatch(src, address);
+    }
+
+
+    Jump branchPtr(Condition cond, RegisterID left, RegisterID right)
+    {
+        return branch32(cond, left, right);
+    }
+
+    Jump branchPtr(Condition cond, RegisterID left, ImmPtr right)
+    {
+        return branch32(cond, left, Imm32(right));
+    }
+
+    Jump branchPtr(Condition cond, RegisterID left, Address right)
+    {
+        return branch32(cond, left, right);
+    }
+
+    Jump branchPtr(Condition cond, Address left, RegisterID right)
+    {
+        return branch32(cond, left, right);
+    }
+
+    Jump branchPtr(Condition cond, AbsoluteAddress left, RegisterID right)
+    {
+        return branch32(cond, left, right);
+    }
+
+    Jump branchPtr(Condition cond, Address left, ImmPtr right)
+    {
+        return branch32(cond, left, Imm32(right));
+    }
+
+    Jump branchPtr(Condition cond, AbsoluteAddress left, ImmPtr right)
+    {
+        return branch32(cond, left, Imm32(right));
+    }
+
+    Jump branchTestPtr(Condition cond, RegisterID reg, RegisterID mask)
+    {
+        return branchTest32(cond, reg, mask);
+    }
+
+    Jump branchTestPtr(Condition cond, RegisterID reg, Imm32 mask = Imm32(-1))
+    {
+        return branchTest32(cond, reg, mask);
+    }
+
+    Jump branchTestPtr(Condition cond, Address address, Imm32 mask = Imm32(-1))
+    {
+        return branchTest32(cond, address, mask);
+    }
+
+    Jump branchTestPtr(Condition cond, BaseIndex address, Imm32 mask = Imm32(-1))
+    {
+        return branchTest32(cond, address, mask);
+    }
+
+
+    Jump branchAddPtr(Condition cond, RegisterID src, RegisterID dest)
+    {
+        return branchAdd32(cond, src, dest);
+    }
+
+    Jump branchSubPtr(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        return branchSub32(cond, imm, dest);
+    }
+#endif
+
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssembler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.cpp
new file mode 100644
index 000000000..d726ecd9c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.cpp
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2009 University of Szeged
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY UNIVERSITY OF SZEGED ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL UNIVERSITY OF SZEGED OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#include "MacroAssemblerARM.h"
+
+#if PLATFORM(LINUX)
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <elf.h>
+#include <asm/hwcap.h>
+#endif
+
+namespace JSC {
+
+static bool isVFPPresent()
+{
+#if PLATFORM(LINUX)
+    int fd = open("/proc/self/auxv", O_RDONLY);
+    if (fd > 0) {
+        Elf32_auxv_t aux;
+        while (read(fd, &aux, sizeof(Elf32_auxv_t))) {
+            if (aux.a_type == AT_HWCAP) {
+                close(fd);
+                return aux.a_un.a_val & HWCAP_VFP;
+            }
+        }
+        close(fd);
+    }
+#endif
+
+    return false;
+}
+
+const bool MacroAssemblerARM::s_isVFPPresent = isVFPPresent();
+
+#if defined(ARM_REQUIRE_NATURAL_ALIGNMENT) && ARM_REQUIRE_NATURAL_ALIGNMENT
+void MacroAssemblerARM::load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest)
+{
+    ARMWord op2;
+
+    ASSERT(address.scale >= 0 && address.scale <= 3);
+    op2 = m_assembler.lsl(address.index, static_cast<int>(address.scale));
+
+    if (address.offset >= 0 && address.offset + 0x2 <= 0xff) {
+        m_assembler.add_r(ARMRegisters::S0, address.base, op2);
+        m_assembler.ldrh_u(dest, ARMRegisters::S0, ARMAssembler::getOp2Byte(address.offset));
+        m_assembler.ldrh_u(ARMRegisters::S0, ARMRegisters::S0, ARMAssembler::getOp2Byte(address.offset + 0x2));
+    } else if (address.offset < 0 && address.offset >= -0xff) {
+        m_assembler.add_r(ARMRegisters::S0, address.base, op2);
+        m_assembler.ldrh_d(dest, ARMRegisters::S0, ARMAssembler::getOp2Byte(-address.offset));
+        m_assembler.ldrh_d(ARMRegisters::S0, ARMRegisters::S0, ARMAssembler::getOp2Byte(-address.offset - 0x2));
+    } else {
+        m_assembler.ldr_un_imm(ARMRegisters::S0, address.offset);
+        m_assembler.add_r(ARMRegisters::S0, ARMRegisters::S0, op2);
+        m_assembler.ldrh_r(dest, address.base, ARMRegisters::S0);
+        m_assembler.add_r(ARMRegisters::S0, ARMRegisters::S0, ARMAssembler::OP2_IMM | 0x2);
+        m_assembler.ldrh_r(ARMRegisters::S0, address.base, ARMRegisters::S0);
+    }
+    m_assembler.orr_r(dest, dest, m_assembler.lsl(ARMRegisters::S0, 16));
+}
+#endif
+
+}
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.h
new file mode 100644
index 000000000..aa8cbb036
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARM.h
@@ -0,0 +1,817 @@
+/*
+ * Copyright (C) 2008 Apple Inc.
+ * Copyright (C) 2009 University of Szeged
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MacroAssemblerARM_h
+#define MacroAssemblerARM_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#include "ARMAssembler.h"
+#include "AbstractMacroAssembler.h"
+
+namespace JSC {
+
+class MacroAssemblerARM : public AbstractMacroAssembler<ARMAssembler> {
+public:
+    enum Condition {
+        Equal = ARMAssembler::EQ,
+        NotEqual = ARMAssembler::NE,
+        Above = ARMAssembler::HI,
+        AboveOrEqual = ARMAssembler::CS,
+        Below = ARMAssembler::CC,
+        BelowOrEqual = ARMAssembler::LS,
+        GreaterThan = ARMAssembler::GT,
+        GreaterThanOrEqual = ARMAssembler::GE,
+        LessThan = ARMAssembler::LT,
+        LessThanOrEqual = ARMAssembler::LE,
+        Overflow = ARMAssembler::VS,
+        Signed = ARMAssembler::MI,
+        Zero = ARMAssembler::EQ,
+        NonZero = ARMAssembler::NE
+    };
+
+    enum DoubleCondition {
+        DoubleEqual = ARMAssembler::EQ,
+        DoubleGreaterThan = ARMAssembler::GT,
+        DoubleGreaterThanOrEqual = ARMAssembler::GE,
+        DoubleLessThan = ARMAssembler::LT,
+        DoubleLessThanOrEqual = ARMAssembler::LE,
+    };
+
+    static const RegisterID stackPointerRegister = ARMRegisters::sp;
+
+    static const Scale ScalePtr = TimesFour;
+
+    void add32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.adds_r(dest, dest, src);
+    }
+
+    void add32(Imm32 imm, Address address)
+    {
+        load32(address, ARMRegisters::S1);
+        add32(imm, ARMRegisters::S1);
+        store32(ARMRegisters::S1, address);
+    }
+
+    void add32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.adds_r(dest, dest, m_assembler.getImm(imm.m_value, ARMRegisters::S0));
+    }
+
+    void add32(Address src, RegisterID dest)
+    {
+        load32(src, ARMRegisters::S1);
+        add32(ARMRegisters::S1, dest);
+    }
+
+    void and32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.ands_r(dest, dest, src);
+    }
+
+    void and32(Imm32 imm, RegisterID dest)
+    {
+        ARMWord w = m_assembler.getImm(imm.m_value, ARMRegisters::S0, true);
+        if (w & ARMAssembler::OP2_INV_IMM)
+            m_assembler.bics_r(dest, dest, w & ~ARMAssembler::OP2_INV_IMM);
+        else
+            m_assembler.ands_r(dest, dest, w);
+    }
+
+    void lshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.movs_r(dest, m_assembler.lsl(dest, imm.m_value & 0x1f));
+    }
+
+    void lshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        m_assembler.movs_r(dest, m_assembler.lsl_r(dest, shift_amount));
+    }
+
+    void mul32(RegisterID src, RegisterID dest)
+    {
+        if (src == dest) {
+            move(src, ARMRegisters::S0);
+            src = ARMRegisters::S0;
+        }
+        m_assembler.muls_r(dest, dest, src);
+    }
+
+    void mul32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        move(imm, ARMRegisters::S0);
+        m_assembler.muls_r(dest, src, ARMRegisters::S0);
+    }
+
+    void not32(RegisterID dest)
+    {
+        m_assembler.mvns_r(dest, dest);
+    }
+
+    void or32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.orrs_r(dest, dest, src);
+    }
+
+    void or32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.orrs_r(dest, dest, m_assembler.getImm(imm.m_value, ARMRegisters::S0));
+    }
+
+    void rshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        m_assembler.movs_r(dest, m_assembler.asr_r(dest, shift_amount));
+    }
+
+    void rshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.movs_r(dest, m_assembler.asr(dest, imm.m_value & 0x1f));
+    }
+
+    void sub32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.subs_r(dest, dest, src);
+    }
+
+    void sub32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.subs_r(dest, dest, m_assembler.getImm(imm.m_value, ARMRegisters::S0));
+    }
+
+    void sub32(Imm32 imm, Address address)
+    {
+        load32(address, ARMRegisters::S1);
+        sub32(imm, ARMRegisters::S1);
+        store32(ARMRegisters::S1, address);
+    }
+
+    void sub32(Address src, RegisterID dest)
+    {
+        load32(src, ARMRegisters::S1);
+        sub32(ARMRegisters::S1, dest);
+    }
+
+    void xor32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.eors_r(dest, dest, src);
+    }
+
+    void xor32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.eors_r(dest, dest, m_assembler.getImm(imm.m_value, ARMRegisters::S0));
+    }
+
+    void load32(ImplicitAddress address, RegisterID dest)
+    {
+        m_assembler.dataTransfer32(true, dest, address.base, address.offset);
+    }
+
+    void load32(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.baseIndexTransfer32(true, dest, address.base, address.index, static_cast<int>(address.scale), address.offset);
+    }
+
+#if defined(ARM_REQUIRE_NATURAL_ALIGNMENT) && ARM_REQUIRE_NATURAL_ALIGNMENT
+    void load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest);
+#else
+    void load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest)
+    {
+        load32(address, dest);
+    }
+#endif
+
+    DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)
+    {
+        DataLabel32 dataLabel(this);
+        m_assembler.ldr_un_imm(ARMRegisters::S0, 0);
+        m_assembler.dtr_ur(true, dest, address.base, ARMRegisters::S0);
+        return dataLabel;
+    }
+
+    Label loadPtrWithPatchToLEA(Address address, RegisterID dest)
+    {
+        Label label(this);
+        load32(address, dest);
+        return label;
+    }
+
+    void load16(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.add_r(ARMRegisters::S0, address.base, m_assembler.lsl(address.index, address.scale));
+        if (address.offset>=0)
+            m_assembler.ldrh_u(dest, ARMRegisters::S0, ARMAssembler::getOp2Byte(address.offset));
+        else
+            m_assembler.ldrh_d(dest, ARMRegisters::S0, ARMAssembler::getOp2Byte(-address.offset));
+    }
+
+    DataLabel32 store32WithAddressOffsetPatch(RegisterID src, Address address)
+    {
+        DataLabel32 dataLabel(this);
+        m_assembler.ldr_un_imm(ARMRegisters::S0, 0);
+        m_assembler.dtr_ur(false, src, address.base, ARMRegisters::S0);
+        return dataLabel;
+    }
+
+    void store32(RegisterID src, ImplicitAddress address)
+    {
+        m_assembler.dataTransfer32(false, src, address.base, address.offset);
+    }
+
+    void store32(RegisterID src, BaseIndex address)
+    {
+        m_assembler.baseIndexTransfer32(false, src, address.base, address.index, static_cast<int>(address.scale), address.offset);
+    }
+
+    void store32(Imm32 imm, ImplicitAddress address)
+    {
+        if (imm.m_isPointer)
+            m_assembler.ldr_un_imm(ARMRegisters::S1, imm.m_value);
+        else
+            move(imm, ARMRegisters::S1);
+        store32(ARMRegisters::S1, address);
+    }
+
+    void store32(RegisterID src, void* address)
+    {
+        m_assembler.ldr_un_imm(ARMRegisters::S0, reinterpret_cast<ARMWord>(address));
+        m_assembler.dtr_u(false, src, ARMRegisters::S0, 0);
+    }
+
+    void store32(Imm32 imm, void* address)
+    {
+        m_assembler.ldr_un_imm(ARMRegisters::S0, reinterpret_cast<ARMWord>(address));
+        if (imm.m_isPointer)
+            m_assembler.ldr_un_imm(ARMRegisters::S1, imm.m_value);
+        else
+            m_assembler.moveImm(imm.m_value, ARMRegisters::S1);
+        m_assembler.dtr_u(false, ARMRegisters::S1, ARMRegisters::S0, 0);
+    }
+
+    void pop(RegisterID dest)
+    {
+        m_assembler.pop_r(dest);
+    }
+
+    void push(RegisterID src)
+    {
+        m_assembler.push_r(src);
+    }
+
+    void push(Address address)
+    {
+        load32(address, ARMRegisters::S1);
+        push(ARMRegisters::S1);
+    }
+
+    void push(Imm32 imm)
+    {
+        move(imm, ARMRegisters::S0);
+        push(ARMRegisters::S0);
+    }
+
+    void move(Imm32 imm, RegisterID dest)
+    {
+        if (imm.m_isPointer)
+            m_assembler.ldr_un_imm(dest, imm.m_value);
+        else
+            m_assembler.moveImm(imm.m_value, dest);
+    }
+
+    void move(RegisterID src, RegisterID dest)
+    {
+        m_assembler.mov_r(dest, src);
+    }
+
+    void move(ImmPtr imm, RegisterID dest)
+    {
+        move(Imm32(imm), dest);
+    }
+
+    void swap(RegisterID reg1, RegisterID reg2)
+    {
+        m_assembler.mov_r(ARMRegisters::S0, reg1);
+        m_assembler.mov_r(reg1, reg2);
+        m_assembler.mov_r(reg2, ARMRegisters::S0);
+    }
+
+    void signExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        if (src != dest)
+            move(src, dest);
+    }
+
+    void zeroExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        if (src != dest)
+            move(src, dest);
+    }
+
+    Jump branch32(Condition cond, RegisterID left, RegisterID right, int useConstantPool = 0)
+    {
+        m_assembler.cmp_r(left, right);
+        return Jump(m_assembler.jmp(ARMCondition(cond), useConstantPool));
+    }
+
+    Jump branch32(Condition cond, RegisterID left, Imm32 right, int useConstantPool = 0)
+    {
+        if (right.m_isPointer) {
+            m_assembler.ldr_un_imm(ARMRegisters::S0, right.m_value);
+            m_assembler.cmp_r(left, ARMRegisters::S0);
+        } else
+            m_assembler.cmp_r(left, m_assembler.getImm(right.m_value, ARMRegisters::S0));
+        return Jump(m_assembler.jmp(ARMCondition(cond), useConstantPool));
+    }
+
+    Jump branch32(Condition cond, RegisterID left, Address right)
+    {
+        load32(right, ARMRegisters::S1);
+        return branch32(cond, left, ARMRegisters::S1);
+    }
+
+    Jump branch32(Condition cond, Address left, RegisterID right)
+    {
+        load32(left, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Jump branch32(Condition cond, Address left, Imm32 right)
+    {
+        load32(left, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Jump branch32(Condition cond, BaseIndex left, Imm32 right)
+    {
+        load32(left, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Jump branch32WithUnalignedHalfWords(Condition cond, BaseIndex left, Imm32 right)
+    {
+        load32WithUnalignedHalfWords(left, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, RegisterID right)
+    {
+        UNUSED_PARAM(cond);
+        UNUSED_PARAM(left);
+        UNUSED_PARAM(right);
+        ASSERT_NOT_REACHED();
+        return jump();
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, Imm32 right)
+    {
+        load16(left, ARMRegisters::S0);
+        move(right, ARMRegisters::S1);
+        m_assembler.cmp_r(ARMRegisters::S0, ARMRegisters::S1);
+        return m_assembler.jmp(ARMCondition(cond));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, RegisterID mask)
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        m_assembler.tst_r(reg, mask);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        ARMWord w = m_assembler.getImm(mask.m_value, ARMRegisters::S0, true);
+        if (w & ARMAssembler::OP2_INV_IMM)
+            m_assembler.bics_r(ARMRegisters::S0, reg, w & ~ARMAssembler::OP2_INV_IMM);
+        else
+            m_assembler.tst_r(reg, w);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, Address address, Imm32 mask = Imm32(-1))
+    {
+        load32(address, ARMRegisters::S1);
+        return branchTest32(cond, ARMRegisters::S1, mask);
+    }
+
+    Jump branchTest32(Condition cond, BaseIndex address, Imm32 mask = Imm32(-1))
+    {
+        load32(address, ARMRegisters::S1);
+        return branchTest32(cond, ARMRegisters::S1, mask);
+    }
+
+    Jump jump()
+    {
+        return Jump(m_assembler.jmp());
+    }
+
+    void jump(RegisterID target)
+    {
+        move(target, ARMRegisters::pc);
+    }
+
+    void jump(Address address)
+    {
+        load32(address, ARMRegisters::pc);
+    }
+
+    Jump branchAdd32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        add32(imm, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    void mull32(RegisterID src1, RegisterID src2, RegisterID dest)
+    {
+        if (src1 == dest) {
+            move(src1, ARMRegisters::S0);
+            src1 = ARMRegisters::S0;
+        }
+        m_assembler.mull_r(ARMRegisters::S1, dest, src2, src1);
+        m_assembler.cmp_r(ARMRegisters::S1, m_assembler.asr(dest, 31));
+    }
+
+    Jump branchMul32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        if (cond == Overflow) {
+            mull32(src, dest, dest);
+            cond = NonZero;
+        }
+        else
+            mul32(src, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchMul32(Condition cond, Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        if (cond == Overflow) {
+            move(imm, ARMRegisters::S0);
+            mull32(ARMRegisters::S0, src, dest);
+            cond = NonZero;
+        }
+        else
+            mul32(imm, src, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        sub32(imm, dest);
+        return Jump(m_assembler.jmp(ARMCondition(cond)));
+    }
+
+    void breakpoint()
+    {
+        m_assembler.bkpt(0);
+    }
+
+    Call nearCall()
+    {
+        prepareCall();
+        return Call(m_assembler.jmp(ARMAssembler::AL, true), Call::LinkableNear);
+    }
+
+    Call call(RegisterID target)
+    {
+        prepareCall();
+        move(ARMRegisters::pc, target);
+        JmpSrc jmpSrc;
+        return Call(jmpSrc, Call::None);
+    }
+
+    void call(Address address)
+    {
+        call32(address.base, address.offset);
+    }
+
+    void ret()
+    {
+        pop(ARMRegisters::pc);
+    }
+
+    void set32(Condition cond, RegisterID left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmp_r(left, right);
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(0));
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(1), ARMCondition(cond));
+    }
+
+    void set32(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        m_assembler.cmp_r(left, m_assembler.getImm(right.m_value, ARMRegisters::S0));
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(0));
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(1), ARMCondition(cond));
+    }
+
+    void setTest32(Condition cond, Address address, Imm32 mask, RegisterID dest)
+    {
+        load32(address, ARMRegisters::S1);
+        if (mask.m_value == -1)
+            m_assembler.cmp_r(0, ARMRegisters::S1);
+        else
+            m_assembler.tst_r(ARMRegisters::S1, m_assembler.getImm(mask.m_value, ARMRegisters::S0));
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(0));
+        m_assembler.mov_r(dest, ARMAssembler::getOp2(1), ARMCondition(cond));
+    }
+
+    void add32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        m_assembler.add_r(dest, src, m_assembler.getImm(imm.m_value, ARMRegisters::S0));
+    }
+
+    void add32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.ldr_un_imm(ARMRegisters::S1, reinterpret_cast<ARMWord>(address.m_ptr));
+        m_assembler.dtr_u(true, ARMRegisters::S1, ARMRegisters::S1, 0);
+        add32(imm, ARMRegisters::S1);
+        m_assembler.ldr_un_imm(ARMRegisters::S0, reinterpret_cast<ARMWord>(address.m_ptr));
+        m_assembler.dtr_u(false, ARMRegisters::S1, ARMRegisters::S0, 0);
+    }
+
+    void sub32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.ldr_un_imm(ARMRegisters::S1, reinterpret_cast<ARMWord>(address.m_ptr));
+        m_assembler.dtr_u(true, ARMRegisters::S1, ARMRegisters::S1, 0);
+        sub32(imm, ARMRegisters::S1);
+        m_assembler.ldr_un_imm(ARMRegisters::S0, reinterpret_cast<ARMWord>(address.m_ptr));
+        m_assembler.dtr_u(false, ARMRegisters::S1, ARMRegisters::S0, 0);
+    }
+
+    void load32(void* address, RegisterID dest)
+    {
+        m_assembler.ldr_un_imm(ARMRegisters::S0, reinterpret_cast<ARMWord>(address));
+        m_assembler.dtr_u(true, dest, ARMRegisters::S0, 0);
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, RegisterID right)
+    {
+        load32(left.m_ptr, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, Imm32 right)
+    {
+        load32(left.m_ptr, ARMRegisters::S1);
+        return branch32(cond, ARMRegisters::S1, right);
+    }
+
+    Call call()
+    {
+        prepareCall();
+        return Call(m_assembler.jmp(ARMAssembler::AL, true), Call::Linkable);
+    }
+
+    Call tailRecursiveCall()
+    {
+        return Call::fromTailJump(jump());
+    }
+
+    Call makeTailRecursiveCall(Jump oldJump)
+    {
+        return Call::fromTailJump(oldJump);
+    }
+
+    DataLabelPtr moveWithPatch(ImmPtr initialValue, RegisterID dest)
+    {
+        DataLabelPtr dataLabel(this);
+        m_assembler.ldr_un_imm(dest, reinterpret_cast<ARMWord>(initialValue.m_value));
+        return dataLabel;
+    }
+
+    Jump branchPtrWithPatch(Condition cond, RegisterID left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        dataLabel = moveWithPatch(initialRightValue, ARMRegisters::S1);
+        Jump jump = branch32(cond, left, ARMRegisters::S1, true);
+        return jump;
+    }
+
+    Jump branchPtrWithPatch(Condition cond, Address left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        load32(left, ARMRegisters::S1);
+        dataLabel = moveWithPatch(initialRightValue, ARMRegisters::S0);
+        Jump jump = branch32(cond, ARMRegisters::S0, ARMRegisters::S1, true);
+        return jump;
+    }
+
+    DataLabelPtr storePtrWithPatch(ImmPtr initialValue, ImplicitAddress address)
+    {
+        DataLabelPtr dataLabel = moveWithPatch(initialValue, ARMRegisters::S1);
+        store32(ARMRegisters::S1, address);
+        return dataLabel;
+    }
+
+    DataLabelPtr storePtrWithPatch(ImplicitAddress address)
+    {
+        return storePtrWithPatch(ImmPtr(0), address);
+    }
+
+    // Floating point operators
+    bool supportsFloatingPoint() const
+    {
+        return s_isVFPPresent;
+    }
+
+    bool supportsFloatingPointTruncate() const
+    {
+        return false;
+    }
+
+    void loadDouble(ImplicitAddress address, FPRegisterID dest)
+    {
+        m_assembler.doubleTransfer(true, dest, address.base, address.offset);
+    }
+
+    void storeDouble(FPRegisterID src, ImplicitAddress address)
+    {
+        m_assembler.doubleTransfer(false, src, address.base, address.offset);
+    }
+
+    void addDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.faddd_r(dest, dest, src);
+    }
+
+    void addDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, ARMRegisters::SD0);
+        addDouble(ARMRegisters::SD0, dest);
+    }
+
+    void subDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.fsubd_r(dest, dest, src);
+    }
+
+    void subDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, ARMRegisters::SD0);
+        subDouble(ARMRegisters::SD0, dest);
+    }
+
+    void mulDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.fmuld_r(dest, dest, src);
+    }
+
+    void mulDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, ARMRegisters::SD0);
+        mulDouble(ARMRegisters::SD0, dest);
+    }
+
+    void convertInt32ToDouble(RegisterID src, FPRegisterID dest)
+    {
+        m_assembler.fmsr_r(dest, src);
+        m_assembler.fsitod_r(dest, dest);
+    }
+
+    Jump branchDouble(DoubleCondition cond, FPRegisterID left, FPRegisterID right)
+    {
+        m_assembler.fcmpd_r(left, right);
+        m_assembler.fmstat();
+        return Jump(m_assembler.jmp(static_cast<ARMAssembler::Condition>(cond)));
+    }
+
+    // Truncates 'src' to an integer, and places the resulting 'dest'.
+    // If the result is not representable as a 32 bit value, branch.
+    // May also branch for some values that are representable in 32 bits
+    // (specifically, in this case, INT_MIN).
+    Jump branchTruncateDoubleToInt32(FPRegisterID src, RegisterID dest)
+    {
+        UNUSED_PARAM(src);
+        UNUSED_PARAM(dest);
+        ASSERT_NOT_REACHED();
+        return jump();
+    }
+
+protected:
+    ARMAssembler::Condition ARMCondition(Condition cond)
+    {
+        return static_cast<ARMAssembler::Condition>(cond);
+    }
+
+    void ensureSpace(int insnSpace, int constSpace)
+    {
+        m_assembler.ensureSpace(insnSpace, constSpace);
+    }
+
+    int sizeOfConstantPool()
+    {
+        return m_assembler.sizeOfConstantPool();
+    }
+
+    void prepareCall()
+    {
+        ensureSpace(3 * sizeof(ARMWord), sizeof(ARMWord));
+
+        // S0 might be used for parameter passing
+        m_assembler.add_r(ARMRegisters::S1, ARMRegisters::pc, ARMAssembler::OP2_IMM | 0x4);
+        m_assembler.push_r(ARMRegisters::S1);
+    }
+
+    void call32(RegisterID base, int32_t offset)
+    {
+        if (base == ARMRegisters::sp)
+            offset += 4;
+
+        if (offset >= 0) {
+            if (offset <= 0xfff) {
+                prepareCall();
+                m_assembler.dtr_u(true, ARMRegisters::pc, base, offset);
+            } else if (offset <= 0xfffff) {
+                m_assembler.add_r(ARMRegisters::S0, base, ARMAssembler::OP2_IMM | (offset >> 12) | (10 << 8));
+                prepareCall();
+                m_assembler.dtr_u(true, ARMRegisters::pc, ARMRegisters::S0, offset & 0xfff);
+            } else {
+                ARMWord reg = m_assembler.getImm(offset, ARMRegisters::S0);
+                prepareCall();
+                m_assembler.dtr_ur(true, ARMRegisters::pc, base, reg);
+            }
+        } else  {
+            offset = -offset;
+            if (offset <= 0xfff) {
+                prepareCall();
+                m_assembler.dtr_d(true, ARMRegisters::pc, base, offset);
+            } else if (offset <= 0xfffff) {
+                m_assembler.sub_r(ARMRegisters::S0, base, ARMAssembler::OP2_IMM | (offset >> 12) | (10 << 8));
+                prepareCall();
+                m_assembler.dtr_d(true, ARMRegisters::pc, ARMRegisters::S0, offset & 0xfff);
+            } else {
+                ARMWord reg = m_assembler.getImm(offset, ARMRegisters::S0);
+                prepareCall();
+                m_assembler.dtr_dr(true, ARMRegisters::pc, base, reg);
+            }
+        }
+    }
+
+private:
+    friend class LinkBuffer;
+    friend class RepatchBuffer;
+
+    static void linkCall(void* code, Call call, FunctionPtr function)
+    {
+        ARMAssembler::linkCall(code, call.m_jmp, function.value());
+    }
+
+    static void repatchCall(CodeLocationCall call, CodeLocationLabel destination)
+    {
+        ARMAssembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+
+    static void repatchCall(CodeLocationCall call, FunctionPtr destination)
+    {
+        ARMAssembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+
+    static const bool s_isVFPPresent;
+};
+
+}
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(ARM_TRADITIONAL)
+
+#endif // MacroAssemblerARM_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARMv7.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARMv7.h
new file mode 100644
index 000000000..a549604ff
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerARMv7.h
@@ -0,0 +1,1095 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssemblerARMv7_h
+#define MacroAssemblerARMv7_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include "ARMv7Assembler.h"
+#include "AbstractMacroAssembler.h"
+
+namespace JSC {
+
+class MacroAssemblerARMv7 : public AbstractMacroAssembler<ARMv7Assembler> {
+    // FIXME: switch dataTempRegister & addressTempRegister, or possibly use r7?
+    //        - dTR is likely used more than aTR, and we'll get better instruction
+    //        encoding if it's in the low 8 registers.
+    static const ARMRegisters::RegisterID dataTempRegister = ARMRegisters::ip;
+    static const RegisterID addressTempRegister = ARMRegisters::r3;
+    static const FPRegisterID fpTempRegister = ARMRegisters::d7;
+
+    struct ArmAddress {
+        enum AddressType {
+            HasOffset,
+            HasIndex,
+        } type;
+        RegisterID base;
+        union {
+            int32_t offset;
+            struct {
+                RegisterID index;
+                Scale scale;
+            };
+        } u;
+        
+        explicit ArmAddress(RegisterID base, int32_t offset = 0)
+            : type(HasOffset)
+            , base(base)
+        {
+            u.offset = offset;
+        }
+        
+        explicit ArmAddress(RegisterID base, RegisterID index, Scale scale = TimesOne)
+            : type(HasIndex)
+            , base(base)
+        {
+            u.index = index;
+            u.scale = scale;
+        }
+    };
+    
+public:
+
+    static const Scale ScalePtr = TimesFour;
+
+    enum Condition {
+        Equal = ARMv7Assembler::ConditionEQ,
+        NotEqual = ARMv7Assembler::ConditionNE,
+        Above = ARMv7Assembler::ConditionHI,
+        AboveOrEqual = ARMv7Assembler::ConditionHS,
+        Below = ARMv7Assembler::ConditionLO,
+        BelowOrEqual = ARMv7Assembler::ConditionLS,
+        GreaterThan = ARMv7Assembler::ConditionGT,
+        GreaterThanOrEqual = ARMv7Assembler::ConditionGE,
+        LessThan = ARMv7Assembler::ConditionLT,
+        LessThanOrEqual = ARMv7Assembler::ConditionLE,
+        Overflow = ARMv7Assembler::ConditionVS,
+        Signed = ARMv7Assembler::ConditionMI,
+        Zero = ARMv7Assembler::ConditionEQ,
+        NonZero = ARMv7Assembler::ConditionNE
+    };
+
+    enum DoubleCondition {
+        DoubleEqual = ARMv7Assembler::ConditionEQ,
+        DoubleGreaterThan = ARMv7Assembler::ConditionGT,
+        DoubleGreaterThanOrEqual = ARMv7Assembler::ConditionGE,
+        DoubleLessThan = ARMv7Assembler::ConditionLO,
+        DoubleLessThanOrEqual = ARMv7Assembler::ConditionLS,
+    };
+
+    static const RegisterID stackPointerRegister = ARMRegisters::sp;
+    static const RegisterID linkRegister = ARMRegisters::lr;
+
+    // Integer arithmetic operations:
+    //
+    // Operations are typically two operand - operation(source, srcDst)
+    // For many operations the source may be an Imm32, the srcDst operand
+    // may often be a memory location (explictly described using an Address
+    // object).
+
+    void add32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.add(dest, dest, src);
+    }
+
+    void add32(Imm32 imm, RegisterID dest)
+    {
+        add32(imm, dest, dest);
+    }
+
+    void add32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.add(dest, src, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.add(dest, src, dataTempRegister);
+        }
+    }
+
+    void add32(Imm32 imm, Address address)
+    {
+        load32(address, dataTempRegister);
+
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.add(dataTempRegister, dataTempRegister, armImm);
+        else {
+            // Hrrrm, since dataTempRegister holds the data loaded,
+            // use addressTempRegister to hold the immediate.
+            move(imm, addressTempRegister);
+            m_assembler.add(dataTempRegister, dataTempRegister, addressTempRegister);
+        }
+
+        store32(dataTempRegister, address);
+    }
+
+    void add32(Address src, RegisterID dest)
+    {
+        load32(src, dataTempRegister);
+        add32(dataTempRegister, dest);
+    }
+
+    void add32(Imm32 imm, AbsoluteAddress address)
+    {
+        load32(address.m_ptr, dataTempRegister);
+
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.add(dataTempRegister, dataTempRegister, armImm);
+        else {
+            // Hrrrm, since dataTempRegister holds the data loaded,
+            // use addressTempRegister to hold the immediate.
+            move(imm, addressTempRegister);
+            m_assembler.add(dataTempRegister, dataTempRegister, addressTempRegister);
+        }
+
+        store32(dataTempRegister, address.m_ptr);
+    }
+
+    void and32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.ARM_and(dest, dest, src);
+    }
+
+    void and32(Imm32 imm, RegisterID dest)
+    {
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.ARM_and(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.ARM_and(dest, dest, dataTempRegister);
+        }
+    }
+
+    void lshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.lsl(dest, dest, imm.m_value);
+    }
+
+    void lshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        m_assembler.lsl(dest, dest, shift_amount);
+    }
+
+    void mul32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.smull(dest, dataTempRegister, dest, src);
+    }
+
+    void mul32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        move(imm, dataTempRegister);
+        m_assembler.smull(dest, dataTempRegister, src, dataTempRegister);
+    }
+
+    void not32(RegisterID srcDest)
+    {
+        m_assembler.mvn(srcDest, srcDest);
+    }
+
+    void or32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.orr(dest, dest, src);
+    }
+
+    void or32(Imm32 imm, RegisterID dest)
+    {
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.orr(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.orr(dest, dest, dataTempRegister);
+        }
+    }
+
+    void rshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        m_assembler.asr(dest, dest, shift_amount);
+    }
+
+    void rshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.asr(dest, dest, imm.m_value);
+    }
+
+    void sub32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.sub(dest, dest, src);
+    }
+
+    void sub32(Imm32 imm, RegisterID dest)
+    {
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.sub(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.sub(dest, dest, dataTempRegister);
+        }
+    }
+
+    void sub32(Imm32 imm, Address address)
+    {
+        load32(address, dataTempRegister);
+
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.sub(dataTempRegister, dataTempRegister, armImm);
+        else {
+            // Hrrrm, since dataTempRegister holds the data loaded,
+            // use addressTempRegister to hold the immediate.
+            move(imm, addressTempRegister);
+            m_assembler.sub(dataTempRegister, dataTempRegister, addressTempRegister);
+        }
+
+        store32(dataTempRegister, address);
+    }
+
+    void sub32(Address src, RegisterID dest)
+    {
+        load32(src, dataTempRegister);
+        sub32(dataTempRegister, dest);
+    }
+
+    void sub32(Imm32 imm, AbsoluteAddress address)
+    {
+        load32(address.m_ptr, dataTempRegister);
+
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12OrEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.sub(dataTempRegister, dataTempRegister, armImm);
+        else {
+            // Hrrrm, since dataTempRegister holds the data loaded,
+            // use addressTempRegister to hold the immediate.
+            move(imm, addressTempRegister);
+            m_assembler.sub(dataTempRegister, dataTempRegister, addressTempRegister);
+        }
+
+        store32(dataTempRegister, address.m_ptr);
+    }
+
+    void xor32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.eor(dest, dest, src);
+    }
+
+    void xor32(Imm32 imm, RegisterID dest)
+    {
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.eor(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.eor(dest, dest, dataTempRegister);
+        }
+    }
+    
+
+    // Memory access operations:
+    //
+    // Loads are of the form load(address, destination) and stores of the form
+    // store(source, address).  The source for a store may be an Imm32.  Address
+    // operand objects to loads and store will be implicitly constructed if a
+    // register is passed.
+
+private:
+    void load32(ArmAddress address, RegisterID dest)
+    {
+        if (address.type == ArmAddress::HasIndex)
+            m_assembler.ldr(dest, address.base, address.u.index, address.u.scale);
+        else if (address.u.offset >= 0) {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12(address.u.offset);
+            ASSERT(armImm.isValid());
+            m_assembler.ldr(dest, address.base, armImm);
+        } else {
+            ASSERT(address.u.offset >= -255);
+            m_assembler.ldr(dest, address.base, address.u.offset, true, false);
+        }
+    }
+
+    void load16(ArmAddress address, RegisterID dest)
+    {
+        if (address.type == ArmAddress::HasIndex)
+            m_assembler.ldrh(dest, address.base, address.u.index, address.u.scale);
+        else if (address.u.offset >= 0) {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12(address.u.offset);
+            ASSERT(armImm.isValid());
+            m_assembler.ldrh(dest, address.base, armImm);
+        } else {
+            ASSERT(address.u.offset >= -255);
+            m_assembler.ldrh(dest, address.base, address.u.offset, true, false);
+        }
+    }
+
+    void store32(RegisterID src, ArmAddress address)
+    {
+        if (address.type == ArmAddress::HasIndex)
+            m_assembler.str(src, address.base, address.u.index, address.u.scale);
+        else if (address.u.offset >= 0) {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeUInt12(address.u.offset);
+            ASSERT(armImm.isValid());
+            m_assembler.str(src, address.base, armImm);
+        } else {
+            ASSERT(address.u.offset >= -255);
+            m_assembler.str(src, address.base, address.u.offset, true, false);
+        }
+    }
+
+public:
+    void load32(ImplicitAddress address, RegisterID dest)
+    {
+        load32(setupArmAddress(address), dest);
+    }
+
+    void load32(BaseIndex address, RegisterID dest)
+    {
+        load32(setupArmAddress(address), dest);
+    }
+
+    void load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest)
+    {
+        load32(setupArmAddress(address), dest);
+    }
+
+    void load32(void* address, RegisterID dest)
+    {
+        move(ImmPtr(address), addressTempRegister);
+        m_assembler.ldr(dest, addressTempRegister, ARMThumbImmediate::makeUInt16(0));
+    }
+
+    DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)
+    {
+        DataLabel32 label = moveWithPatch(Imm32(address.offset), dataTempRegister);
+        load32(ArmAddress(address.base, dataTempRegister), dest);
+        return label;
+    }
+
+    Label loadPtrWithPatchToLEA(Address address, RegisterID dest)
+    {
+        Label label(this);
+        moveFixedWidthEncoding(Imm32(address.offset), dataTempRegister);
+        load32(ArmAddress(address.base, dataTempRegister), dest);
+        return label;
+    }
+
+    void load16(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.ldrh(dest, makeBaseIndexBase(address), address.index, address.scale);
+    }
+
+    DataLabel32 store32WithAddressOffsetPatch(RegisterID src, Address address)
+    {
+        DataLabel32 label = moveWithPatch(Imm32(address.offset), dataTempRegister);
+        store32(src, ArmAddress(address.base, dataTempRegister));
+        return label;
+    }
+
+    void store32(RegisterID src, ImplicitAddress address)
+    {
+        store32(src, setupArmAddress(address));
+    }
+
+    void store32(RegisterID src, BaseIndex address)
+    {
+        store32(src, setupArmAddress(address));
+    }
+
+    void store32(Imm32 imm, ImplicitAddress address)
+    {
+        move(imm, dataTempRegister);
+        store32(dataTempRegister, setupArmAddress(address));
+    }
+
+    void store32(RegisterID src, void* address)
+    {
+        move(ImmPtr(address), addressTempRegister);
+        m_assembler.str(src, addressTempRegister, ARMThumbImmediate::makeUInt16(0));
+    }
+
+    void store32(Imm32 imm, void* address)
+    {
+        move(imm, dataTempRegister);
+        store32(dataTempRegister, address);
+    }
+
+
+    // Floating-point operations:
+
+    bool supportsFloatingPoint() const { return true; }
+    // On x86(_64) the MacroAssembler provides an interface to truncate a double to an integer.
+    // If a value is not representable as an integer, and possibly for some values that are,
+    // (on x86 INT_MIN, since this is indistinguishable from results for out-of-range/NaN input)
+    // a branch will  be taken.  It is not clear whether this interface will be well suited to
+    // other platforms.  On ARMv7 the hardware truncation operation produces multiple possible
+    // failure values (saturates to INT_MIN & INT_MAX, NaN reulsts in a value of 0).  This is a
+    // temporary solution while we work out what this interface should be.  Either we need to
+    // decide to make this interface work on all platforms, rework the interface to make it more
+    // generic, or decide that the MacroAssembler cannot practically be used to abstracted these
+    // operations, and make clients go directly to the m_assembler to plant truncation instructions.
+    // In short, FIXME:.
+    bool supportsFloatingPointTruncate() const { return false; }
+
+    void loadDouble(ImplicitAddress address, FPRegisterID dest)
+    {
+        RegisterID base = address.base;
+        int32_t offset = address.offset;
+
+        // Arm vfp addresses can be offset by a 9-bit ones-comp immediate, left shifted by 2.
+        if ((offset & 3) || (offset > (255 * 4)) || (offset < -(255 * 4))) {
+            add32(Imm32(offset), base, addressTempRegister);
+            base = addressTempRegister;
+            offset = 0;
+        }
+        
+        m_assembler.vldr(dest, base, offset);
+    }
+
+    void storeDouble(FPRegisterID src, ImplicitAddress address)
+    {
+        RegisterID base = address.base;
+        int32_t offset = address.offset;
+
+        // Arm vfp addresses can be offset by a 9-bit ones-comp immediate, left shifted by 2.
+        if ((offset & 3) || (offset > (255 * 4)) || (offset < -(255 * 4))) {
+            add32(Imm32(offset), base, addressTempRegister);
+            base = addressTempRegister;
+            offset = 0;
+        }
+        
+        m_assembler.vstr(src, base, offset);
+    }
+
+    void addDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.vadd_F64(dest, dest, src);
+    }
+
+    void addDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, fpTempRegister);
+        addDouble(fpTempRegister, dest);
+    }
+
+    void subDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.vsub_F64(dest, dest, src);
+    }
+
+    void subDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, fpTempRegister);
+        subDouble(fpTempRegister, dest);
+    }
+
+    void mulDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        m_assembler.vmul_F64(dest, dest, src);
+    }
+
+    void mulDouble(Address src, FPRegisterID dest)
+    {
+        loadDouble(src, fpTempRegister);
+        mulDouble(fpTempRegister, dest);
+    }
+
+    void convertInt32ToDouble(RegisterID src, FPRegisterID dest)
+    {
+        m_assembler.vmov(fpTempRegister, src);
+        m_assembler.vcvt_F64_S32(dest, fpTempRegister);
+    }
+
+    Jump branchDouble(DoubleCondition cond, FPRegisterID left, FPRegisterID right)
+    {
+        m_assembler.vcmp_F64(left, right);
+        m_assembler.vmrs_APSR_nzcv_FPSCR();
+        return makeBranch(cond);
+    }
+
+    Jump branchTruncateDoubleToInt32(FPRegisterID, RegisterID)
+    {
+        ASSERT_NOT_REACHED();
+        return jump();
+    }
+
+
+    // Stack manipulation operations:
+    //
+    // The ABI is assumed to provide a stack abstraction to memory,
+    // containing machine word sized units of data.  Push and pop
+    // operations add and remove a single register sized unit of data
+    // to or from the stack.  Peek and poke operations read or write
+    // values on the stack, without moving the current stack position.
+    
+    void pop(RegisterID dest)
+    {
+        // store postindexed with writeback
+        m_assembler.ldr(dest, ARMRegisters::sp, sizeof(void*), false, true);
+    }
+
+    void push(RegisterID src)
+    {
+        // store preindexed with writeback
+        m_assembler.str(src, ARMRegisters::sp, -sizeof(void*), true, true);
+    }
+
+    void push(Address address)
+    {
+        load32(address, dataTempRegister);
+        push(dataTempRegister);
+    }
+
+    void push(Imm32 imm)
+    {
+        move(imm, dataTempRegister);
+        push(dataTempRegister);
+    }
+
+    // Register move operations:
+    //
+    // Move values in registers.
+
+    void move(Imm32 imm, RegisterID dest)
+    {
+        uint32_t value = imm.m_value;
+
+        if (imm.m_isPointer)
+            moveFixedWidthEncoding(imm, dest);
+        else {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(value);
+
+            if (armImm.isValid())
+                m_assembler.mov(dest, armImm);
+            else if ((armImm = ARMThumbImmediate::makeEncodedImm(~value)).isValid())
+                m_assembler.mvn(dest, armImm);
+            else {
+                m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(value));
+                if (value & 0xffff0000)
+                    m_assembler.movt(dest, ARMThumbImmediate::makeUInt16(value >> 16));
+            }
+        }
+    }
+
+    void move(RegisterID src, RegisterID dest)
+    {
+        m_assembler.mov(dest, src);
+    }
+
+    void move(ImmPtr imm, RegisterID dest)
+    {
+        move(Imm32(imm), dest);
+    }
+
+    void swap(RegisterID reg1, RegisterID reg2)
+    {
+        move(reg1, dataTempRegister);
+        move(reg2, reg1);
+        move(dataTempRegister, reg2);
+    }
+
+    void signExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        if (src != dest)
+            move(src, dest);
+    }
+
+    void zeroExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        if (src != dest)
+            move(src, dest);
+    }
+
+
+    // Forwards / external control flow operations:
+    //
+    // This set of jump and conditional branch operations return a Jump
+    // object which may linked at a later point, allow forwards jump,
+    // or jumps that will require external linkage (after the code has been
+    // relocated).
+    //
+    // For branches, signed <, >, <= and >= are denoted as l, g, le, and ge
+    // respecitvely, for unsigned comparisons the names b, a, be, and ae are
+    // used (representing the names 'below' and 'above').
+    //
+    // Operands to the comparision are provided in the expected order, e.g.
+    // jle32(reg1, Imm32(5)) will branch if the value held in reg1, when
+    // treated as a signed 32bit value, is less than or equal to 5.
+    //
+    // jz and jnz test whether the first operand is equal to zero, and take
+    // an optional second operand of a mask under which to perform the test.
+private:
+
+    // Should we be using TEQ for equal/not-equal?
+    void compare32(RegisterID left, Imm32 right)
+    {
+        int32_t imm = right.m_value;
+        if (!imm)
+            m_assembler.tst(left, left);
+        else {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm);
+            if (armImm.isValid())
+                m_assembler.cmp(left, armImm);
+            if ((armImm = ARMThumbImmediate::makeEncodedImm(-imm)).isValid())
+                m_assembler.cmn(left, armImm);
+            else {
+                move(Imm32(imm), dataTempRegister);
+                m_assembler.cmp(left, dataTempRegister);
+            }
+        }
+    }
+
+    void test32(RegisterID reg, Imm32 mask)
+    {
+        int32_t imm = mask.m_value;
+
+        if (imm == -1)
+            m_assembler.tst(reg, reg);
+        else {
+            ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm);
+            if (armImm.isValid())
+                m_assembler.tst(reg, armImm);
+            else {
+                move(mask, dataTempRegister);
+                m_assembler.tst(reg, dataTempRegister);
+            }
+        }
+    }
+
+public:
+    Jump branch32(Condition cond, RegisterID left, RegisterID right)
+    {
+        m_assembler.cmp(left, right);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branch32(Condition cond, RegisterID left, Imm32 right)
+    {
+        compare32(left, right);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branch32(Condition cond, RegisterID left, Address right)
+    {
+        load32(right, dataTempRegister);
+        return branch32(cond, left, dataTempRegister);
+    }
+
+    Jump branch32(Condition cond, Address left, RegisterID right)
+    {
+        load32(left, dataTempRegister);
+        return branch32(cond, dataTempRegister, right);
+    }
+
+    Jump branch32(Condition cond, Address left, Imm32 right)
+    {
+        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
+        load32(left, addressTempRegister);
+        return branch32(cond, addressTempRegister, right);
+    }
+
+    Jump branch32(Condition cond, BaseIndex left, Imm32 right)
+    {
+        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
+        load32(left, addressTempRegister);
+        return branch32(cond, addressTempRegister, right);
+    }
+
+    Jump branch32WithUnalignedHalfWords(Condition cond, BaseIndex left, Imm32 right)
+    {
+        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
+        load32WithUnalignedHalfWords(left, addressTempRegister);
+        return branch32(cond, addressTempRegister, right);
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, RegisterID right)
+    {
+        load32(left.m_ptr, dataTempRegister);
+        return branch32(cond, dataTempRegister, right);
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, Imm32 right)
+    {
+        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
+        load32(left.m_ptr, addressTempRegister);
+        return branch32(cond, addressTempRegister, right);
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, RegisterID right)
+    {
+        load16(left, dataTempRegister);
+        m_assembler.lsl(addressTempRegister, right, 16);
+        m_assembler.lsl(dataTempRegister, dataTempRegister, 16);
+        return branch32(cond, dataTempRegister, addressTempRegister);
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, Imm32 right)
+    {
+        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
+        load16(left, addressTempRegister);
+        m_assembler.lsl(addressTempRegister, addressTempRegister, 16);
+        return branch32(cond, addressTempRegister, Imm32(right.m_value << 16));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, RegisterID mask)
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        m_assembler.tst(reg, mask);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        test32(reg, mask);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branchTest32(Condition cond, Address address, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        // use addressTempRegister incase the branchTest32 we call uses dataTempRegister. :-/
+        load32(address, addressTempRegister);
+        return branchTest32(cond, addressTempRegister, mask);
+    }
+
+    Jump branchTest32(Condition cond, BaseIndex address, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        // use addressTempRegister incase the branchTest32 we call uses dataTempRegister. :-/
+        load32(address, addressTempRegister);
+        return branchTest32(cond, addressTempRegister, mask);
+    }
+
+    Jump jump()
+    {
+        return Jump(makeJump());
+    }
+
+    void jump(RegisterID target)
+    {
+        m_assembler.bx(target);
+    }
+
+    // Address is a memory location containing the address to jump to
+    void jump(Address address)
+    {
+        load32(address, dataTempRegister);
+        m_assembler.bx(dataTempRegister);
+    }
+
+
+    // Arithmetic control flow operations:
+    //
+    // This set of conditional branch operations branch based
+    // on the result of an arithmetic operation.  The operation
+    // is performed as normal, storing the result.
+    //
+    // * jz operations branch if the result is zero.
+    // * jo operations branch if the (signed) arithmetic
+    //   operation caused an overflow to occur.
+    
+    Jump branchAdd32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        m_assembler.add_S(dest, dest, src);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branchAdd32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.add_S(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.add_S(dest, dest, dataTempRegister);
+        }
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branchMul32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT(cond == Overflow);
+        m_assembler.smull(dest, dataTempRegister, dest, src);
+        m_assembler.asr(addressTempRegister, dest, 31);
+        return branch32(NotEqual, addressTempRegister, dataTempRegister);
+    }
+
+    Jump branchMul32(Condition cond, Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        ASSERT(cond == Overflow);
+        move(imm, dataTempRegister);
+        m_assembler.smull(dest, dataTempRegister, src, dataTempRegister);
+        m_assembler.asr(addressTempRegister, dest, 31);
+        return branch32(NotEqual, addressTempRegister, dataTempRegister);
+    }
+
+    Jump branchSub32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        m_assembler.sub_S(dest, dest, src);
+        return Jump(makeBranch(cond));
+    }
+
+    Jump branchSub32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
+        if (armImm.isValid())
+            m_assembler.sub_S(dest, dest, armImm);
+        else {
+            move(imm, dataTempRegister);
+            m_assembler.sub_S(dest, dest, dataTempRegister);
+        }
+        return Jump(makeBranch(cond));
+    }
+    
+
+    // Miscellaneous operations:
+
+    void breakpoint()
+    {
+        m_assembler.bkpt();
+    }
+
+    Call nearCall()
+    {
+        moveFixedWidthEncoding(Imm32(0), dataTempRegister);
+        return Call(m_assembler.blx(dataTempRegister), Call::LinkableNear);
+    }
+
+    Call call()
+    {
+        moveFixedWidthEncoding(Imm32(0), dataTempRegister);
+        return Call(m_assembler.blx(dataTempRegister), Call::Linkable);
+    }
+
+    Call call(RegisterID target)
+    {
+        return Call(m_assembler.blx(target), Call::None);
+    }
+
+    Call call(Address address)
+    {
+        load32(address, dataTempRegister);
+        return Call(m_assembler.blx(dataTempRegister), Call::None);
+    }
+
+    void ret()
+    {
+        m_assembler.bx(linkRegister);
+    }
+
+    void set32(Condition cond, RegisterID left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmp(left, right);
+        m_assembler.it(armV7Condition(cond), false);
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(1));
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(0));
+    }
+
+    void set32(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        compare32(left, right);
+        m_assembler.it(armV7Condition(cond), false);
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(1));
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(0));
+    }
+
+    // FIXME:
+    // The mask should be optional... paerhaps the argument order should be
+    // dest-src, operations always have a dest? ... possibly not true, considering
+    // asm ops like test, or pseudo ops like pop().
+    void setTest32(Condition cond, Address address, Imm32 mask, RegisterID dest)
+    {
+        load32(address, dataTempRegister);
+        test32(dataTempRegister, mask);
+        m_assembler.it(armV7Condition(cond), false);
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(1));
+        m_assembler.mov(dest, ARMThumbImmediate::makeUInt16(0));
+    }
+
+
+    DataLabel32 moveWithPatch(Imm32 imm, RegisterID dst)
+    {
+        moveFixedWidthEncoding(imm, dst);
+        return DataLabel32(this);
+    }
+
+    DataLabelPtr moveWithPatch(ImmPtr imm, RegisterID dst)
+    {
+        moveFixedWidthEncoding(Imm32(imm), dst);
+        return DataLabelPtr(this);
+    }
+
+    Jump branchPtrWithPatch(Condition cond, RegisterID left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        dataLabel = moveWithPatch(initialRightValue, dataTempRegister);
+        return branch32(cond, left, dataTempRegister);
+    }
+
+    Jump branchPtrWithPatch(Condition cond, Address left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        load32(left, addressTempRegister);
+        dataLabel = moveWithPatch(initialRightValue, dataTempRegister);
+        return branch32(cond, addressTempRegister, dataTempRegister);
+    }
+
+    DataLabelPtr storePtrWithPatch(ImmPtr initialValue, ImplicitAddress address)
+    {
+        DataLabelPtr label = moveWithPatch(initialValue, dataTempRegister);
+        store32(dataTempRegister, address);
+        return label;
+    }
+    DataLabelPtr storePtrWithPatch(ImplicitAddress address) { return storePtrWithPatch(ImmPtr(0), address); }
+
+
+    Call tailRecursiveCall()
+    {
+        // Like a normal call, but don't link.
+        moveFixedWidthEncoding(Imm32(0), dataTempRegister);
+        return Call(m_assembler.bx(dataTempRegister), Call::Linkable);
+    }
+
+    Call makeTailRecursiveCall(Jump oldJump)
+    {
+        oldJump.link(this);
+        return tailRecursiveCall();
+    }
+
+
+protected:
+    ARMv7Assembler::JmpSrc makeJump()
+    {
+        return m_assembler.b();
+    }
+
+    ARMv7Assembler::JmpSrc makeBranch(ARMv7Assembler::Condition cond)
+    {
+        m_assembler.it(cond);
+        return m_assembler.b();
+    }
+    ARMv7Assembler::JmpSrc makeBranch(Condition cond) { return makeBranch(armV7Condition(cond)); }
+    ARMv7Assembler::JmpSrc makeBranch(DoubleCondition cond) { return makeBranch(armV7Condition(cond)); }
+
+    ArmAddress setupArmAddress(BaseIndex address)
+    {
+        if (address.offset) {
+            ARMThumbImmediate imm = ARMThumbImmediate::makeUInt12OrEncodedImm(address.offset);
+            if (imm.isValid())
+                m_assembler.add(addressTempRegister, address.base, imm);
+            else {
+                move(Imm32(address.offset), addressTempRegister);
+                m_assembler.add(addressTempRegister, addressTempRegister, address.base);
+            }
+
+            return ArmAddress(addressTempRegister, address.index, address.scale);
+        } else
+            return ArmAddress(address.base, address.index, address.scale);
+    }
+
+    ArmAddress setupArmAddress(Address address)
+    {
+        if ((address.offset >= -0xff) && (address.offset <= 0xfff))
+            return ArmAddress(address.base, address.offset);
+
+        move(Imm32(address.offset), addressTempRegister);
+        return ArmAddress(address.base, addressTempRegister);
+    }
+
+    ArmAddress setupArmAddress(ImplicitAddress address)
+    {
+        if ((address.offset >= -0xff) && (address.offset <= 0xfff))
+            return ArmAddress(address.base, address.offset);
+
+        move(Imm32(address.offset), addressTempRegister);
+        return ArmAddress(address.base, addressTempRegister);
+    }
+
+    RegisterID makeBaseIndexBase(BaseIndex address)
+    {
+        if (!address.offset)
+            return address.base;
+
+        ARMThumbImmediate imm = ARMThumbImmediate::makeUInt12OrEncodedImm(address.offset);
+        if (imm.isValid())
+            m_assembler.add(addressTempRegister, address.base, imm);
+        else {
+            move(Imm32(address.offset), addressTempRegister);
+            m_assembler.add(addressTempRegister, addressTempRegister, address.base);
+        }
+
+        return addressTempRegister;
+    }
+
+    void moveFixedWidthEncoding(Imm32 imm, RegisterID dst)
+    {
+        uint32_t value = imm.m_value;
+        m_assembler.movT3(dst, ARMThumbImmediate::makeUInt16(value & 0xffff));
+        m_assembler.movt(dst, ARMThumbImmediate::makeUInt16(value >> 16));
+    }
+
+    ARMv7Assembler::Condition armV7Condition(Condition cond)
+    {
+        return static_cast<ARMv7Assembler::Condition>(cond);
+    }
+
+    ARMv7Assembler::Condition armV7Condition(DoubleCondition cond)
+    {
+        return static_cast<ARMv7Assembler::Condition>(cond);
+    }
+
+private:
+    friend class LinkBuffer;
+    friend class RepatchBuffer;
+
+    static void linkCall(void* code, Call call, FunctionPtr function)
+    {
+        ARMv7Assembler::linkCall(code, call.m_jmp, function.value());
+    }
+
+    static void repatchCall(CodeLocationCall call, CodeLocationLabel destination)
+    {
+        ARMv7Assembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+
+    static void repatchCall(CodeLocationCall call, FunctionPtr destination)
+    {
+        ARMv7Assembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssemblerARMv7_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerCodeRef.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerCodeRef.h
new file mode 100644
index 000000000..568260a4f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerCodeRef.h
@@ -0,0 +1,188 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssemblerCodeRef_h
+#define MacroAssemblerCodeRef_h
+
+#include <wtf/Platform.h>
+
+#include "ExecutableAllocator.h"
+#include "PassRefPtr.h"
+#include "RefPtr.h"
+#include "UnusedParam.h"
+
+#if ENABLE(ASSEMBLER)
+
+// ASSERT_VALID_CODE_POINTER checks that ptr is a non-null pointer, and that it is a valid
+// instruction address on the platform (for example, check any alignment requirements).
+#if PLATFORM(ARM_THUMB2)
+// ARM/thumb instructions must be 16-bit aligned, but all code pointers to be loaded
+// into the processor are decorated with the bottom bit set, indicating that this is
+// thumb code (as oposed to 32-bit traditional ARM).  The first test checks for both
+// decorated and undectorated null, and the second test ensures that the pointer is
+// decorated.
+#define ASSERT_VALID_CODE_POINTER(ptr) \
+    ASSERT(reinterpret_cast<intptr_t>(ptr) & ~1); \
+    ASSERT(reinterpret_cast<intptr_t>(ptr) & 1)
+#define ASSERT_VALID_CODE_OFFSET(offset) \
+    ASSERT(!(offset & 1)) // Must be multiple of 2.
+#else
+#define ASSERT_VALID_CODE_POINTER(ptr) \
+    ASSERT(ptr)
+#define ASSERT_VALID_CODE_OFFSET(offset) // Anything goes!
+#endif
+
+namespace JSC {
+
+// FunctionPtr:
+//
+// FunctionPtr should be used to wrap pointers to C/C++ functions in JSC
+// (particularly, the stub functions).
+class FunctionPtr {
+public:
+    FunctionPtr()
+        : m_value(0)
+    {
+    }
+
+    template<typename FunctionType>
+    explicit FunctionPtr(FunctionType* value)
+        : m_value(reinterpret_cast<void*>(value))
+    {
+        ASSERT_VALID_CODE_POINTER(m_value);
+    }
+
+    void* value() const { return m_value; }
+    void* executableAddress() const { return m_value; }
+
+
+private:
+    void* m_value;
+};
+
+// ReturnAddressPtr:
+//
+// ReturnAddressPtr should be used to wrap return addresses generated by processor
+// 'call' instructions exectued in JIT code.  We use return addresses to look up
+// exception and optimization information, and to repatch the call instruction
+// that is the source of the return address.
+class ReturnAddressPtr {
+public:
+    ReturnAddressPtr()
+        : m_value(0)
+    {
+    }
+
+    explicit ReturnAddressPtr(void* value)
+        : m_value(value)
+    {
+        ASSERT_VALID_CODE_POINTER(m_value);
+    }
+
+    explicit ReturnAddressPtr(FunctionPtr function)
+        : m_value(function.value())
+    {
+        ASSERT_VALID_CODE_POINTER(m_value);
+    }
+
+    void* value() const { return m_value; }
+
+private:
+    void* m_value;
+};
+
+// MacroAssemblerCodePtr:
+//
+// MacroAssemblerCodePtr should be used to wrap pointers to JIT generated code.
+class MacroAssemblerCodePtr {
+public:
+    MacroAssemblerCodePtr()
+        : m_value(0)
+    {
+    }
+
+    explicit MacroAssemblerCodePtr(void* value)
+#if PLATFORM(ARM_THUMB2)
+        // Decorate the pointer as a thumb code pointer.
+        : m_value(reinterpret_cast<char*>(value) + 1)
+#else
+        : m_value(value)
+#endif
+    {
+        ASSERT_VALID_CODE_POINTER(m_value);
+    }
+
+    explicit MacroAssemblerCodePtr(ReturnAddressPtr ra)
+        : m_value(ra.value())
+    {
+        ASSERT_VALID_CODE_POINTER(m_value);
+    }
+
+    void* executableAddress() const { return m_value; }
+#if PLATFORM(ARM_THUMB2)
+    // To use this pointer as a data address remove the decoration.
+    void* dataLocation() const { ASSERT_VALID_CODE_POINTER(m_value); return reinterpret_cast<char*>(m_value) - 1; }
+#else
+    void* dataLocation() const { ASSERT_VALID_CODE_POINTER(m_value); return m_value; }
+#endif
+
+    bool operator!()
+    {
+        return !m_value;
+    }
+
+private:
+    void* m_value;
+};
+
+// MacroAssemblerCodeRef:
+//
+// A reference to a section of JIT generated code.  A CodeRef consists of a
+// pointer to the code, and a ref pointer to the pool from within which it
+// was allocated.
+class MacroAssemblerCodeRef {
+public:
+    MacroAssemblerCodeRef()
+        : m_size(0)
+    {
+    }
+
+    MacroAssemblerCodeRef(void* code, PassRefPtr<ExecutablePool> executablePool, size_t size)
+        : m_code(code)
+        , m_executablePool(executablePool)
+        , m_size(size)
+    {
+    }
+
+    MacroAssemblerCodePtr m_code;
+    RefPtr<ExecutablePool> m_executablePool;
+    size_t m_size;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssemblerCodeRef_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86.h
new file mode 100644
index 000000000..6e962406d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86.h
@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssemblerX86_h
+#define MacroAssemblerX86_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(X86)
+
+#include "MacroAssemblerX86Common.h"
+
+namespace JSC {
+
+class MacroAssemblerX86 : public MacroAssemblerX86Common {
+public:
+    MacroAssemblerX86()
+        : m_isSSE2Present(isSSE2Present())
+    {
+    }
+
+    static const Scale ScalePtr = TimesFour;
+
+    using MacroAssemblerX86Common::add32;
+    using MacroAssemblerX86Common::and32;
+    using MacroAssemblerX86Common::sub32;
+    using MacroAssemblerX86Common::or32;
+    using MacroAssemblerX86Common::load32;
+    using MacroAssemblerX86Common::store32;
+    using MacroAssemblerX86Common::branch32;
+    using MacroAssemblerX86Common::call;
+    using MacroAssemblerX86Common::loadDouble;
+    using MacroAssemblerX86Common::convertInt32ToDouble;
+
+    void add32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        m_assembler.leal_mr(imm.m_value, src, dest);
+    }
+
+    void add32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.addl_im(imm.m_value, address.m_ptr);
+    }
+    
+    void addWithCarry32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.adcl_im(imm.m_value, address.m_ptr);
+    }
+    
+    void and32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.andl_im(imm.m_value, address.m_ptr);
+    }
+    
+    void or32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.orl_im(imm.m_value, address.m_ptr);
+    }
+
+    void sub32(Imm32 imm, AbsoluteAddress address)
+    {
+        m_assembler.subl_im(imm.m_value, address.m_ptr);
+    }
+
+    void load32(void* address, RegisterID dest)
+    {
+        m_assembler.movl_mr(address, dest);
+    }
+
+    void loadDouble(void* address, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.movsd_mr(address, dest);
+    }
+
+    void convertInt32ToDouble(AbsoluteAddress src, FPRegisterID dest)
+    {
+        m_assembler.cvtsi2sd_mr(src.m_ptr, dest);
+    }
+
+    void store32(Imm32 imm, void* address)
+    {
+        m_assembler.movl_i32m(imm.m_value, address);
+    }
+
+    void store32(RegisterID src, void* address)
+    {
+        m_assembler.movl_rm(src, address);
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, RegisterID right)
+    {
+        m_assembler.cmpl_rm(right, left.m_ptr);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch32(Condition cond, AbsoluteAddress left, Imm32 right)
+    {
+        m_assembler.cmpl_im(right.m_value, left.m_ptr);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Call call()
+    {
+        return Call(m_assembler.call(), Call::Linkable);
+    }
+
+    Call tailRecursiveCall()
+    {
+        return Call::fromTailJump(jump());
+    }
+
+    Call makeTailRecursiveCall(Jump oldJump)
+    {
+        return Call::fromTailJump(oldJump);
+    }
+
+
+    DataLabelPtr moveWithPatch(ImmPtr initialValue, RegisterID dest)
+    {
+        m_assembler.movl_i32r(initialValue.asIntptr(), dest);
+        return DataLabelPtr(this);
+    }
+
+    Jump branchPtrWithPatch(Condition cond, RegisterID left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        m_assembler.cmpl_ir_force32(initialRightValue.asIntptr(), left);
+        dataLabel = DataLabelPtr(this);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchPtrWithPatch(Condition cond, Address left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        m_assembler.cmpl_im_force32(initialRightValue.asIntptr(), left.offset, left.base);
+        dataLabel = DataLabelPtr(this);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    DataLabelPtr storePtrWithPatch(ImmPtr initialValue, ImplicitAddress address)
+    {
+        m_assembler.movl_i32m(initialValue.asIntptr(), address.offset, address.base);
+        return DataLabelPtr(this);
+    }
+
+    Label loadPtrWithPatchToLEA(Address address, RegisterID dest)
+    {
+        Label label(this);
+        load32(address, dest);
+        return label;
+    }
+
+    bool supportsFloatingPoint() const { return m_isSSE2Present; }
+    // See comment on MacroAssemblerARMv7::supportsFloatingPointTruncate()
+    bool supportsFloatingPointTruncate() const { return m_isSSE2Present; }
+
+private:
+    const bool m_isSSE2Present;
+
+    friend class LinkBuffer;
+    friend class RepatchBuffer;
+
+    static void linkCall(void* code, Call call, FunctionPtr function)
+    {
+        X86Assembler::linkCall(code, call.m_jmp, function.value());
+    }
+
+    static void repatchCall(CodeLocationCall call, CodeLocationLabel destination)
+    {
+        X86Assembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+
+    static void repatchCall(CodeLocationCall call, FunctionPtr destination)
+    {
+        X86Assembler::relinkCall(call.dataLocation(), destination.executableAddress());
+    }
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssemblerX86_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86Common.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86Common.h
new file mode 100644
index 000000000..5ebefa7df
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86Common.h
@@ -0,0 +1,971 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssemblerX86Common_h
+#define MacroAssemblerX86Common_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include "X86Assembler.h"
+#include "AbstractMacroAssembler.h"
+
+namespace JSC {
+
+class MacroAssemblerX86Common : public AbstractMacroAssembler<X86Assembler> {
+public:
+
+    enum Condition {
+        Equal = X86Assembler::ConditionE,
+        NotEqual = X86Assembler::ConditionNE,
+        Above = X86Assembler::ConditionA,
+        AboveOrEqual = X86Assembler::ConditionAE,
+        Below = X86Assembler::ConditionB,
+        BelowOrEqual = X86Assembler::ConditionBE,
+        GreaterThan = X86Assembler::ConditionG,
+        GreaterThanOrEqual = X86Assembler::ConditionGE,
+        LessThan = X86Assembler::ConditionL,
+        LessThanOrEqual = X86Assembler::ConditionLE,
+        Overflow = X86Assembler::ConditionO,
+        Signed = X86Assembler::ConditionS,
+        Zero = X86Assembler::ConditionE,
+        NonZero = X86Assembler::ConditionNE
+    };
+
+    enum DoubleCondition {
+        DoubleEqual = X86Assembler::ConditionE,
+        DoubleNotEqual = X86Assembler::ConditionNE,
+        DoubleGreaterThan = X86Assembler::ConditionA,
+        DoubleGreaterThanOrEqual = X86Assembler::ConditionAE,
+        DoubleLessThan = X86Assembler::ConditionB,
+        DoubleLessThanOrEqual = X86Assembler::ConditionBE,
+    };
+
+    static const RegisterID stackPointerRegister = X86Registers::esp;
+
+    // Integer arithmetic operations:
+    //
+    // Operations are typically two operand - operation(source, srcDst)
+    // For many operations the source may be an Imm32, the srcDst operand
+    // may often be a memory location (explictly described using an Address
+    // object).
+
+    void add32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.addl_rr(src, dest);
+    }
+
+    void add32(Imm32 imm, Address address)
+    {
+        m_assembler.addl_im(imm.m_value, address.offset, address.base);
+    }
+
+    void add32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.addl_ir(imm.m_value, dest);
+    }
+    
+    void add32(Address src, RegisterID dest)
+    {
+        m_assembler.addl_mr(src.offset, src.base, dest);
+    }
+
+    void add32(RegisterID src, Address dest)
+    {
+        m_assembler.addl_rm(src, dest.offset, dest.base);
+    }
+    
+    void and32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.andl_rr(src, dest);
+    }
+
+    void and32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.andl_ir(imm.m_value, dest);
+    }
+
+    void and32(RegisterID src, Address dest)
+    {
+        m_assembler.andl_rm(src, dest.offset, dest.base);
+    }
+
+    void and32(Address src, RegisterID dest)
+    {
+        m_assembler.andl_mr(src.offset, src.base, dest);
+    }
+
+    void and32(Imm32 imm, Address address)
+    {
+        m_assembler.andl_im(imm.m_value, address.offset, address.base);
+    }
+
+    void lshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.shll_i8r(imm.m_value, dest);
+    }
+    
+    void lshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        // On x86 we can only shift by ecx; if asked to shift by another register we'll
+        // need rejig the shift amount into ecx first, and restore the registers afterwards.
+        if (shift_amount != X86Registers::ecx) {
+            swap(shift_amount, X86Registers::ecx);
+
+            // E.g. transform "shll %eax, %eax" -> "xchgl %eax, %ecx; shll %ecx, %ecx; xchgl %eax, %ecx"
+            if (dest == shift_amount)
+                m_assembler.shll_CLr(X86Registers::ecx);
+            // E.g. transform "shll %eax, %ecx" -> "xchgl %eax, %ecx; shll %ecx, %eax; xchgl %eax, %ecx"
+            else if (dest == X86Registers::ecx)
+                m_assembler.shll_CLr(shift_amount);
+            // E.g. transform "shll %eax, %ebx" -> "xchgl %eax, %ecx; shll %ecx, %ebx; xchgl %eax, %ecx"
+            else
+                m_assembler.shll_CLr(dest);
+        
+            swap(shift_amount, X86Registers::ecx);
+        } else
+            m_assembler.shll_CLr(dest);
+    }
+    
+    void mul32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.imull_rr(src, dest);
+    }
+
+    void mul32(Address src, RegisterID dest)
+    {
+        m_assembler.imull_mr(src.offset, src.base, dest);
+    }
+    
+    void mul32(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        m_assembler.imull_i32r(src, imm.m_value, dest);
+    }
+
+    void neg32(RegisterID srcDest)
+    {
+        m_assembler.negl_r(srcDest);
+    }
+
+    void neg32(Address srcDest)
+    {
+        m_assembler.negl_m(srcDest.offset, srcDest.base);
+    }
+
+    void not32(RegisterID srcDest)
+    {
+        m_assembler.notl_r(srcDest);
+    }
+
+    void not32(Address srcDest)
+    {
+        m_assembler.notl_m(srcDest.offset, srcDest.base);
+    }
+    
+    void or32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.orl_rr(src, dest);
+    }
+
+    void or32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.orl_ir(imm.m_value, dest);
+    }
+
+    void or32(RegisterID src, Address dest)
+    {
+        m_assembler.orl_rm(src, dest.offset, dest.base);
+    }
+
+    void or32(Address src, RegisterID dest)
+    {
+        m_assembler.orl_mr(src.offset, src.base, dest);
+    }
+
+    void or32(Imm32 imm, Address address)
+    {
+        m_assembler.orl_im(imm.m_value, address.offset, address.base);
+    }
+
+    void rshift32(RegisterID shift_amount, RegisterID dest)
+    {
+        // On x86 we can only shift by ecx; if asked to shift by another register we'll
+        // need rejig the shift amount into ecx first, and restore the registers afterwards.
+        if (shift_amount != X86Registers::ecx) {
+            swap(shift_amount, X86Registers::ecx);
+
+            // E.g. transform "shll %eax, %eax" -> "xchgl %eax, %ecx; shll %ecx, %ecx; xchgl %eax, %ecx"
+            if (dest == shift_amount)
+                m_assembler.sarl_CLr(X86Registers::ecx);
+            // E.g. transform "shll %eax, %ecx" -> "xchgl %eax, %ecx; shll %ecx, %eax; xchgl %eax, %ecx"
+            else if (dest == X86Registers::ecx)
+                m_assembler.sarl_CLr(shift_amount);
+            // E.g. transform "shll %eax, %ebx" -> "xchgl %eax, %ecx; shll %ecx, %ebx; xchgl %eax, %ecx"
+            else
+                m_assembler.sarl_CLr(dest);
+        
+            swap(shift_amount, X86Registers::ecx);
+        } else
+            m_assembler.sarl_CLr(dest);
+    }
+
+    void rshift32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.sarl_i8r(imm.m_value, dest);
+    }
+
+    void sub32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.subl_rr(src, dest);
+    }
+    
+    void sub32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.subl_ir(imm.m_value, dest);
+    }
+    
+    void sub32(Imm32 imm, Address address)
+    {
+        m_assembler.subl_im(imm.m_value, address.offset, address.base);
+    }
+
+    void sub32(Address src, RegisterID dest)
+    {
+        m_assembler.subl_mr(src.offset, src.base, dest);
+    }
+
+    void sub32(RegisterID src, Address dest)
+    {
+        m_assembler.subl_rm(src, dest.offset, dest.base);
+    }
+
+
+    void xor32(RegisterID src, RegisterID dest)
+    {
+        m_assembler.xorl_rr(src, dest);
+    }
+
+    void xor32(Imm32 imm, Address dest)
+    {
+        m_assembler.xorl_im(imm.m_value, dest.offset, dest.base);
+    }
+
+    void xor32(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.xorl_ir(imm.m_value, dest);
+    }
+
+    void xor32(RegisterID src, Address dest)
+    {
+        m_assembler.xorl_rm(src, dest.offset, dest.base);
+    }
+
+    void xor32(Address src, RegisterID dest)
+    {
+        m_assembler.xorl_mr(src.offset, src.base, dest);
+    }
+    
+
+    // Memory access operations:
+    //
+    // Loads are of the form load(address, destination) and stores of the form
+    // store(source, address).  The source for a store may be an Imm32.  Address
+    // operand objects to loads and store will be implicitly constructed if a
+    // register is passed.
+
+    void load32(ImplicitAddress address, RegisterID dest)
+    {
+        m_assembler.movl_mr(address.offset, address.base, dest);
+    }
+
+    void load32(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.movl_mr(address.offset, address.base, address.index, address.scale, dest);
+    }
+
+    void load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest)
+    {
+        load32(address, dest);
+    }
+
+    DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)
+    {
+        m_assembler.movl_mr_disp32(address.offset, address.base, dest);
+        return DataLabel32(this);
+    }
+
+    void load16(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.movzwl_mr(address.offset, address.base, address.index, address.scale, dest);
+    }
+
+    DataLabel32 store32WithAddressOffsetPatch(RegisterID src, Address address)
+    {
+        m_assembler.movl_rm_disp32(src, address.offset, address.base);
+        return DataLabel32(this);
+    }
+
+    void store32(RegisterID src, ImplicitAddress address)
+    {
+        m_assembler.movl_rm(src, address.offset, address.base);
+    }
+
+    void store32(RegisterID src, BaseIndex address)
+    {
+        m_assembler.movl_rm(src, address.offset, address.base, address.index, address.scale);
+    }
+
+    void store32(Imm32 imm, ImplicitAddress address)
+    {
+        m_assembler.movl_i32m(imm.m_value, address.offset, address.base);
+    }
+
+
+    // Floating-point operation:
+    //
+    // Presently only supports SSE, not x87 floating point.
+
+    void loadDouble(ImplicitAddress address, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.movsd_mr(address.offset, address.base, dest);
+    }
+
+    void storeDouble(FPRegisterID src, ImplicitAddress address)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.movsd_rm(src, address.offset, address.base);
+    }
+
+    void addDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.addsd_rr(src, dest);
+    }
+
+    void addDouble(Address src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.addsd_mr(src.offset, src.base, dest);
+    }
+
+    void divDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.divsd_rr(src, dest);
+    }
+
+    void divDouble(Address src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.divsd_mr(src.offset, src.base, dest);
+    }
+
+    void subDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.subsd_rr(src, dest);
+    }
+
+    void subDouble(Address src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.subsd_mr(src.offset, src.base, dest);
+    }
+
+    void mulDouble(FPRegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.mulsd_rr(src, dest);
+    }
+
+    void mulDouble(Address src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.mulsd_mr(src.offset, src.base, dest);
+    }
+
+    void convertInt32ToDouble(RegisterID src, FPRegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.cvtsi2sd_rr(src, dest);
+    }
+
+    void convertInt32ToDouble(Address src, FPRegisterID dest)
+    {
+        m_assembler.cvtsi2sd_mr(src.offset, src.base, dest);
+    }
+
+    Jump branchDouble(DoubleCondition cond, FPRegisterID left, FPRegisterID right)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.ucomisd_rr(right, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchDouble(DoubleCondition cond, FPRegisterID left, Address right)
+    {
+        m_assembler.ucomisd_mr(right.offset, right.base, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    // Truncates 'src' to an integer, and places the resulting 'dest'.
+    // If the result is not representable as a 32 bit value, branch.
+    // May also branch for some values that are representable in 32 bits
+    // (specifically, in this case, INT_MIN).
+    Jump branchTruncateDoubleToInt32(FPRegisterID src, RegisterID dest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.cvttsd2si_rr(src, dest);
+        return branch32(Equal, dest, Imm32(0x80000000));
+    }
+
+    void zeroDouble(FPRegisterID srcDest)
+    {
+        ASSERT(isSSE2Present());
+        m_assembler.xorpd_rr(srcDest, srcDest);
+    }
+
+
+    // Stack manipulation operations:
+    //
+    // The ABI is assumed to provide a stack abstraction to memory,
+    // containing machine word sized units of data.  Push and pop
+    // operations add and remove a single register sized unit of data
+    // to or from the stack.  Peek and poke operations read or write
+    // values on the stack, without moving the current stack position.
+    
+    void pop(RegisterID dest)
+    {
+        m_assembler.pop_r(dest);
+    }
+
+    void push(RegisterID src)
+    {
+        m_assembler.push_r(src);
+    }
+
+    void push(Address address)
+    {
+        m_assembler.push_m(address.offset, address.base);
+    }
+
+    void push(Imm32 imm)
+    {
+        m_assembler.push_i32(imm.m_value);
+    }
+
+
+    // Register move operations:
+    //
+    // Move values in registers.
+
+    void move(Imm32 imm, RegisterID dest)
+    {
+        // Note: on 64-bit the Imm32 value is zero extended into the register, it
+        // may be useful to have a separate version that sign extends the value?
+        if (!imm.m_value)
+            m_assembler.xorl_rr(dest, dest);
+        else
+            m_assembler.movl_i32r(imm.m_value, dest);
+    }
+
+#if PLATFORM(X86_64)
+    void move(RegisterID src, RegisterID dest)
+    {
+        // Note: on 64-bit this is is a full register move; perhaps it would be
+        // useful to have separate move32 & movePtr, with move32 zero extending?
+        if (src != dest)
+            m_assembler.movq_rr(src, dest);
+    }
+
+    void move(ImmPtr imm, RegisterID dest)
+    {
+        m_assembler.movq_i64r(imm.asIntptr(), dest);
+    }
+
+    void swap(RegisterID reg1, RegisterID reg2)
+    {
+        m_assembler.xchgq_rr(reg1, reg2);
+    }
+
+    void signExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.movsxd_rr(src, dest);
+    }
+
+    void zeroExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.movl_rr(src, dest);
+    }
+#else
+    void move(RegisterID src, RegisterID dest)
+    {
+        if (src != dest)
+            m_assembler.movl_rr(src, dest);
+    }
+
+    void move(ImmPtr imm, RegisterID dest)
+    {
+        m_assembler.movl_i32r(imm.asIntptr(), dest);
+    }
+
+    void swap(RegisterID reg1, RegisterID reg2)
+    {
+        if (reg1 != reg2)
+            m_assembler.xchgl_rr(reg1, reg2);
+    }
+
+    void signExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        move(src, dest);
+    }
+
+    void zeroExtend32ToPtr(RegisterID src, RegisterID dest)
+    {
+        move(src, dest);
+    }
+#endif
+
+
+    // Forwards / external control flow operations:
+    //
+    // This set of jump and conditional branch operations return a Jump
+    // object which may linked at a later point, allow forwards jump,
+    // or jumps that will require external linkage (after the code has been
+    // relocated).
+    //
+    // For branches, signed <, >, <= and >= are denoted as l, g, le, and ge
+    // respecitvely, for unsigned comparisons the names b, a, be, and ae are
+    // used (representing the names 'below' and 'above').
+    //
+    // Operands to the comparision are provided in the expected order, e.g.
+    // jle32(reg1, Imm32(5)) will branch if the value held in reg1, when
+    // treated as a signed 32bit value, is less than or equal to 5.
+    //
+    // jz and jnz test whether the first operand is equal to zero, and take
+    // an optional second operand of a mask under which to perform the test.
+
+public:
+    Jump branch32(Condition cond, RegisterID left, RegisterID right)
+    {
+        m_assembler.cmpl_rr(right, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch32(Condition cond, RegisterID left, Imm32 right)
+    {
+        if (((cond == Equal) || (cond == NotEqual)) && !right.m_value)
+            m_assembler.testl_rr(left, left);
+        else
+            m_assembler.cmpl_ir(right.m_value, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branch32(Condition cond, RegisterID left, Address right)
+    {
+        m_assembler.cmpl_mr(right.offset, right.base, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branch32(Condition cond, Address left, RegisterID right)
+    {
+        m_assembler.cmpl_rm(right, left.offset, left.base);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch32(Condition cond, Address left, Imm32 right)
+    {
+        m_assembler.cmpl_im(right.m_value, left.offset, left.base);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch32(Condition cond, BaseIndex left, Imm32 right)
+    {
+        m_assembler.cmpl_im(right.m_value, left.offset, left.base, left.index, left.scale);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch32WithUnalignedHalfWords(Condition cond, BaseIndex left, Imm32 right)
+    {
+        return branch32(cond, left, right);
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, RegisterID right)
+    {
+        m_assembler.cmpw_rm(right, left.offset, left.base, left.index, left.scale);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branch16(Condition cond, BaseIndex left, Imm32 right)
+    {
+        ASSERT(!(right.m_value & 0xFFFF0000));
+
+        m_assembler.cmpw_im(right.m_value, left.offset, left.base, left.index, left.scale);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, RegisterID mask)
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        m_assembler.testl_rr(reg, mask);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, RegisterID reg, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        // if we are only interested in the low seven bits, this can be tested with a testb
+        if (mask.m_value == -1)
+            m_assembler.testl_rr(reg, reg);
+        else if ((mask.m_value & ~0x7f) == 0)
+            m_assembler.testb_i8r(mask.m_value, reg);
+        else
+            m_assembler.testl_i32r(mask.m_value, reg);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, Address address, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        if (mask.m_value == -1)
+            m_assembler.cmpl_im(0, address.offset, address.base);
+        else
+            m_assembler.testl_i32m(mask.m_value, address.offset, address.base);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTest32(Condition cond, BaseIndex address, Imm32 mask = Imm32(-1))
+    {
+        ASSERT((cond == Zero) || (cond == NonZero));
+        if (mask.m_value == -1)
+            m_assembler.cmpl_im(0, address.offset, address.base, address.index, address.scale);
+        else
+            m_assembler.testl_i32m(mask.m_value, address.offset, address.base, address.index, address.scale);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump jump()
+    {
+        return Jump(m_assembler.jmp());
+    }
+
+    void jump(RegisterID target)
+    {
+        m_assembler.jmp_r(target);
+    }
+
+    // Address is a memory location containing the address to jump to
+    void jump(Address address)
+    {
+        m_assembler.jmp_m(address.offset, address.base);
+    }
+
+
+    // Arithmetic control flow operations:
+    //
+    // This set of conditional branch operations branch based
+    // on the result of an arithmetic operation.  The operation
+    // is performed as normal, storing the result.
+    //
+    // * jz operations branch if the result is zero.
+    // * jo operations branch if the (signed) arithmetic
+    //   operation caused an overflow to occur.
+    
+    Jump branchAdd32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        add32(imm, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branchAdd32(Condition cond, Imm32 src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, RegisterID src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchAdd32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        add32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchMul32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT(cond == Overflow);
+        mul32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchMul32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        mul32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branchMul32(Condition cond, Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        ASSERT(cond == Overflow);
+        mul32(imm, src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branchSub32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+    
+    Jump branchSub32(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Signed) || (cond == Zero) || (cond == NonZero));
+        sub32(imm, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, Imm32 imm, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(imm, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, RegisterID src, Address dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSub32(Condition cond, Address src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        sub32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchOr32(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Signed) || (cond == Zero) || (cond == NonZero));
+        or32(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+
+    // Miscellaneous operations:
+
+    void breakpoint()
+    {
+        m_assembler.int3();
+    }
+
+    Call nearCall()
+    {
+        return Call(m_assembler.call(), Call::LinkableNear);
+    }
+
+    Call call(RegisterID target)
+    {
+        return Call(m_assembler.call(target), Call::None);
+    }
+
+    void call(Address address)
+    {
+        m_assembler.call_m(address.offset, address.base);
+    }
+
+    void ret()
+    {
+        m_assembler.ret();
+    }
+
+    void set8(Condition cond, RegisterID left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmpl_rr(right, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void set8(Condition cond, Address left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmpl_mr(left.offset, left.base, right);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void set8(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        if (((cond == Equal) || (cond == NotEqual)) && !right.m_value)
+            m_assembler.testl_rr(left, left);
+        else
+            m_assembler.cmpl_ir(right.m_value, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void set32(Condition cond, RegisterID left, RegisterID right, RegisterID dest)
+    {
+        m_assembler.cmpl_rr(right, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+        m_assembler.movzbl_rr(dest, dest);
+    }
+
+    void set32(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        if (((cond == Equal) || (cond == NotEqual)) && !right.m_value)
+            m_assembler.testl_rr(left, left);
+        else
+            m_assembler.cmpl_ir(right.m_value, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+        m_assembler.movzbl_rr(dest, dest);
+    }
+
+    // FIXME:
+    // The mask should be optional... paerhaps the argument order should be
+    // dest-src, operations always have a dest? ... possibly not true, considering
+    // asm ops like test, or pseudo ops like pop().
+
+    void setTest8(Condition cond, Address address, Imm32 mask, RegisterID dest)
+    {
+        if (mask.m_value == -1)
+            m_assembler.cmpl_im(0, address.offset, address.base);
+        else
+            m_assembler.testl_i32m(mask.m_value, address.offset, address.base);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+    }
+
+    void setTest32(Condition cond, Address address, Imm32 mask, RegisterID dest)
+    {
+        if (mask.m_value == -1)
+            m_assembler.cmpl_im(0, address.offset, address.base);
+        else
+            m_assembler.testl_i32m(mask.m_value, address.offset, address.base);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+        m_assembler.movzbl_rr(dest, dest);
+    }
+
+protected:
+    X86Assembler::Condition x86Condition(Condition cond)
+    {
+        return static_cast<X86Assembler::Condition>(cond);
+    }
+
+    X86Assembler::Condition x86Condition(DoubleCondition cond)
+    {
+        return static_cast<X86Assembler::Condition>(cond);
+    }
+
+private:
+    // Only MacroAssemblerX86 should be using the following method; SSE2 is always available on
+    // x86_64, and clients & subclasses of MacroAssembler should be using 'supportsFloatingPoint()'.
+    friend class MacroAssemblerX86;
+
+#if PLATFORM(X86)
+#if PLATFORM(MAC)
+
+    // All X86 Macs are guaranteed to support at least SSE2,
+    static bool isSSE2Present()
+    {
+        return true;
+    }
+
+#else // PLATFORM(MAC)
+
+    enum SSE2CheckState {
+        NotCheckedSSE2,
+        HasSSE2,
+        NoSSE2
+    };
+
+    static bool isSSE2Present()
+    {
+        if (s_sse2CheckState == NotCheckedSSE2) {
+            // Default the flags value to zero; if the compiler is
+            // not MSVC or GCC we will read this as SSE2 not present.
+            int flags = 0;
+#if COMPILER(MSVC)
+            _asm {
+                mov eax, 1 // cpuid function 1 gives us the standard feature set
+                cpuid;
+                mov flags, edx;
+            }
+#elif COMPILER(GCC)
+            asm (
+                 "movl $0x1, %%eax;"
+                 "pushl %%ebx;"
+                 "cpuid;"
+                 "popl %%ebx;"
+                 "movl %%edx, %0;"
+                 : "=g" (flags)
+                 :
+                 : "%eax", "%ecx", "%edx"
+                 );
+#endif
+            static const int SSE2FeatureBit = 1 << 26;
+            s_sse2CheckState = (flags & SSE2FeatureBit) ? HasSSE2 : NoSSE2;
+        }
+        // Only check once.
+        ASSERT(s_sse2CheckState != NotCheckedSSE2);
+
+        return s_sse2CheckState == HasSSE2;
+    }
+    
+    static SSE2CheckState s_sse2CheckState;
+
+#endif // PLATFORM(MAC)
+#elif !defined(NDEBUG) // PLATFORM(X86)
+
+    // On x86-64 we should never be checking for SSE2 in a non-debug build,
+    // but non debug add this method to keep the asserts above happy.
+    static bool isSSE2Present()
+    {
+        return true;
+    }
+
+#endif
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssemblerX86Common_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86_64.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86_64.h
new file mode 100644
index 000000000..0f95fe62e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/MacroAssemblerX86_64.h
@@ -0,0 +1,480 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MacroAssemblerX86_64_h
+#define MacroAssemblerX86_64_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(X86_64)
+
+#include "MacroAssemblerX86Common.h"
+
+#define REPTACH_OFFSET_CALL_R11 3
+
+namespace JSC {
+
+class MacroAssemblerX86_64 : public MacroAssemblerX86Common {
+protected:
+    static const X86Registers::RegisterID scratchRegister = X86Registers::r11;
+
+public:
+    static const Scale ScalePtr = TimesEight;
+
+    using MacroAssemblerX86Common::add32;
+    using MacroAssemblerX86Common::and32;
+    using MacroAssemblerX86Common::or32;
+    using MacroAssemblerX86Common::sub32;
+    using MacroAssemblerX86Common::load32;
+    using MacroAssemblerX86Common::store32;
+    using MacroAssemblerX86Common::call;
+    using MacroAssemblerX86Common::loadDouble;
+    using MacroAssemblerX86Common::convertInt32ToDouble;
+
+    void add32(Imm32 imm, AbsoluteAddress address)
+    {
+        move(ImmPtr(address.m_ptr), scratchRegister);
+        add32(imm, Address(scratchRegister));
+    }
+    
+    void and32(Imm32 imm, AbsoluteAddress address)
+    {
+        move(ImmPtr(address.m_ptr), scratchRegister);
+        and32(imm, Address(scratchRegister));
+    }
+    
+    void or32(Imm32 imm, AbsoluteAddress address)
+    {
+        move(ImmPtr(address.m_ptr), scratchRegister);
+        or32(imm, Address(scratchRegister));
+    }
+
+    void sub32(Imm32 imm, AbsoluteAddress address)
+    {
+        move(ImmPtr(address.m_ptr), scratchRegister);
+        sub32(imm, Address(scratchRegister));
+    }
+
+    void load32(void* address, RegisterID dest)
+    {
+        if (dest == X86Registers::eax)
+            m_assembler.movl_mEAX(address);
+        else {
+            move(X86Registers::eax, dest);
+            m_assembler.movl_mEAX(address);
+            swap(X86Registers::eax, dest);
+        }
+    }
+
+    void loadDouble(void* address, FPRegisterID dest)
+    {
+        move(ImmPtr(address), scratchRegister);
+        loadDouble(scratchRegister, dest);
+    }
+
+    void convertInt32ToDouble(AbsoluteAddress src, FPRegisterID dest)
+    {
+        move(Imm32(*static_cast<int32_t*>(src.m_ptr)), scratchRegister);
+        m_assembler.cvtsi2sd_rr(scratchRegister, dest);
+    }
+
+    void store32(Imm32 imm, void* address)
+    {
+        move(X86Registers::eax, scratchRegister);
+        move(imm, X86Registers::eax);
+        m_assembler.movl_EAXm(address);
+        move(scratchRegister, X86Registers::eax);
+    }
+
+    Call call()
+    {
+        DataLabelPtr label = moveWithPatch(ImmPtr(0), scratchRegister);
+        Call result = Call(m_assembler.call(scratchRegister), Call::Linkable);
+        ASSERT(differenceBetween(label, result) == REPTACH_OFFSET_CALL_R11);
+        return result;
+    }
+
+    Call tailRecursiveCall()
+    {
+        DataLabelPtr label = moveWithPatch(ImmPtr(0), scratchRegister);
+        Jump newJump = Jump(m_assembler.jmp_r(scratchRegister));
+        ASSERT(differenceBetween(label, newJump) == REPTACH_OFFSET_CALL_R11);
+        return Call::fromTailJump(newJump);
+    }
+
+    Call makeTailRecursiveCall(Jump oldJump)
+    {
+        oldJump.link(this);
+        DataLabelPtr label = moveWithPatch(ImmPtr(0), scratchRegister);
+        Jump newJump = Jump(m_assembler.jmp_r(scratchRegister));
+        ASSERT(differenceBetween(label, newJump) == REPTACH_OFFSET_CALL_R11);
+        return Call::fromTailJump(newJump);
+    }
+
+
+    void addPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.addq_rr(src, dest);
+    }
+
+    void addPtr(Imm32 imm, RegisterID srcDest)
+    {
+        m_assembler.addq_ir(imm.m_value, srcDest);
+    }
+
+    void addPtr(ImmPtr imm, RegisterID dest)
+    {
+        move(imm, scratchRegister);
+        m_assembler.addq_rr(scratchRegister, dest);
+    }
+
+    void addPtr(Imm32 imm, RegisterID src, RegisterID dest)
+    {
+        m_assembler.leaq_mr(imm.m_value, src, dest);
+    }
+
+    void addPtr(Imm32 imm, Address address)
+    {
+        m_assembler.addq_im(imm.m_value, address.offset, address.base);
+    }
+
+    void addPtr(Imm32 imm, AbsoluteAddress address)
+    {
+        move(ImmPtr(address.m_ptr), scratchRegister);
+        addPtr(imm, Address(scratchRegister));
+    }
+    
+    void andPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.andq_rr(src, dest);
+    }
+
+    void andPtr(Imm32 imm, RegisterID srcDest)
+    {
+        m_assembler.andq_ir(imm.m_value, srcDest);
+    }
+
+    void orPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.orq_rr(src, dest);
+    }
+
+    void orPtr(ImmPtr imm, RegisterID dest)
+    {
+        move(imm, scratchRegister);
+        m_assembler.orq_rr(scratchRegister, dest);
+    }
+
+    void orPtr(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.orq_ir(imm.m_value, dest);
+    }
+
+    void rshiftPtr(RegisterID shift_amount, RegisterID dest)
+    {
+        // On x86 we can only shift by ecx; if asked to shift by another register we'll
+        // need rejig the shift amount into ecx first, and restore the registers afterwards.
+        if (shift_amount != X86Registers::ecx) {
+            swap(shift_amount, X86Registers::ecx);
+
+            // E.g. transform "shll %eax, %eax" -> "xchgl %eax, %ecx; shll %ecx, %ecx; xchgl %eax, %ecx"
+            if (dest == shift_amount)
+                m_assembler.sarq_CLr(X86Registers::ecx);
+            // E.g. transform "shll %eax, %ecx" -> "xchgl %eax, %ecx; shll %ecx, %eax; xchgl %eax, %ecx"
+            else if (dest == X86Registers::ecx)
+                m_assembler.sarq_CLr(shift_amount);
+            // E.g. transform "shll %eax, %ebx" -> "xchgl %eax, %ecx; shll %ecx, %ebx; xchgl %eax, %ecx"
+            else
+                m_assembler.sarq_CLr(dest);
+        
+            swap(shift_amount, X86Registers::ecx);
+        } else
+            m_assembler.sarq_CLr(dest);
+    }
+
+    void rshiftPtr(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.sarq_i8r(imm.m_value, dest);
+    }
+
+    void subPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.subq_rr(src, dest);
+    }
+    
+    void subPtr(Imm32 imm, RegisterID dest)
+    {
+        m_assembler.subq_ir(imm.m_value, dest);
+    }
+    
+    void subPtr(ImmPtr imm, RegisterID dest)
+    {
+        move(imm, scratchRegister);
+        m_assembler.subq_rr(scratchRegister, dest);
+    }
+
+    void xorPtr(RegisterID src, RegisterID dest)
+    {
+        m_assembler.xorq_rr(src, dest);
+    }
+
+    void xorPtr(Imm32 imm, RegisterID srcDest)
+    {
+        m_assembler.xorq_ir(imm.m_value, srcDest);
+    }
+
+
+    void loadPtr(ImplicitAddress address, RegisterID dest)
+    {
+        m_assembler.movq_mr(address.offset, address.base, dest);
+    }
+
+    void loadPtr(BaseIndex address, RegisterID dest)
+    {
+        m_assembler.movq_mr(address.offset, address.base, address.index, address.scale, dest);
+    }
+
+    void loadPtr(void* address, RegisterID dest)
+    {
+        if (dest == X86Registers::eax)
+            m_assembler.movq_mEAX(address);
+        else {
+            move(X86Registers::eax, dest);
+            m_assembler.movq_mEAX(address);
+            swap(X86Registers::eax, dest);
+        }
+    }
+
+    DataLabel32 loadPtrWithAddressOffsetPatch(Address address, RegisterID dest)
+    {
+        m_assembler.movq_mr_disp32(address.offset, address.base, dest);
+        return DataLabel32(this);
+    }
+
+    void storePtr(RegisterID src, ImplicitAddress address)
+    {
+        m_assembler.movq_rm(src, address.offset, address.base);
+    }
+
+    void storePtr(RegisterID src, BaseIndex address)
+    {
+        m_assembler.movq_rm(src, address.offset, address.base, address.index, address.scale);
+    }
+    
+    void storePtr(RegisterID src, void* address)
+    {
+        if (src == X86Registers::eax)
+            m_assembler.movq_EAXm(address);
+        else {
+            swap(X86Registers::eax, src);
+            m_assembler.movq_EAXm(address);
+            swap(X86Registers::eax, src);
+        }
+    }
+
+    void storePtr(ImmPtr imm, ImplicitAddress address)
+    {
+        move(imm, scratchRegister);
+        storePtr(scratchRegister, address);
+    }
+
+    DataLabel32 storePtrWithAddressOffsetPatch(RegisterID src, Address address)
+    {
+        m_assembler.movq_rm_disp32(src, address.offset, address.base);
+        return DataLabel32(this);
+    }
+
+    void movePtrToDouble(RegisterID src, FPRegisterID dest)
+    {
+        m_assembler.movq_rr(src, dest);
+    }
+
+    void moveDoubleToPtr(FPRegisterID src, RegisterID dest)
+    {
+        m_assembler.movq_rr(src, dest);
+    }
+
+    void setPtr(Condition cond, RegisterID left, Imm32 right, RegisterID dest)
+    {
+        if (((cond == Equal) || (cond == NotEqual)) && !right.m_value)
+            m_assembler.testq_rr(left, left);
+        else
+            m_assembler.cmpq_ir(right.m_value, left);
+        m_assembler.setCC_r(x86Condition(cond), dest);
+        m_assembler.movzbl_rr(dest, dest);
+    }
+
+    Jump branchPtr(Condition cond, RegisterID left, RegisterID right)
+    {
+        m_assembler.cmpq_rr(right, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchPtr(Condition cond, RegisterID left, ImmPtr right)
+    {
+        move(right, scratchRegister);
+        return branchPtr(cond, left, scratchRegister);
+    }
+
+    Jump branchPtr(Condition cond, RegisterID left, Address right)
+    {
+        m_assembler.cmpq_mr(right.offset, right.base, left);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchPtr(Condition cond, AbsoluteAddress left, RegisterID right)
+    {
+        move(ImmPtr(left.m_ptr), scratchRegister);
+        return branchPtr(cond, Address(scratchRegister), right);
+    }
+
+    Jump branchPtr(Condition cond, Address left, RegisterID right)
+    {
+        m_assembler.cmpq_rm(right, left.offset, left.base);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchPtr(Condition cond, Address left, ImmPtr right)
+    {
+        move(right, scratchRegister);
+        return branchPtr(cond, left, scratchRegister);
+    }
+
+    Jump branchTestPtr(Condition cond, RegisterID reg, RegisterID mask)
+    {
+        m_assembler.testq_rr(reg, mask);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTestPtr(Condition cond, RegisterID reg, Imm32 mask = Imm32(-1))
+    {
+        // if we are only interested in the low seven bits, this can be tested with a testb
+        if (mask.m_value == -1)
+            m_assembler.testq_rr(reg, reg);
+        else if ((mask.m_value & ~0x7f) == 0)
+            m_assembler.testb_i8r(mask.m_value, reg);
+        else
+            m_assembler.testq_i32r(mask.m_value, reg);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTestPtr(Condition cond, Address address, Imm32 mask = Imm32(-1))
+    {
+        if (mask.m_value == -1)
+            m_assembler.cmpq_im(0, address.offset, address.base);
+        else
+            m_assembler.testq_i32m(mask.m_value, address.offset, address.base);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchTestPtr(Condition cond, BaseIndex address, Imm32 mask = Imm32(-1))
+    {
+        if (mask.m_value == -1)
+            m_assembler.cmpq_im(0, address.offset, address.base, address.index, address.scale);
+        else
+            m_assembler.testq_i32m(mask.m_value, address.offset, address.base, address.index, address.scale);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+
+    Jump branchAddPtr(Condition cond, RegisterID src, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        addPtr(src, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    Jump branchSubPtr(Condition cond, Imm32 imm, RegisterID dest)
+    {
+        ASSERT((cond == Overflow) || (cond == Zero) || (cond == NonZero));
+        subPtr(imm, dest);
+        return Jump(m_assembler.jCC(x86Condition(cond)));
+    }
+
+    DataLabelPtr moveWithPatch(ImmPtr initialValue, RegisterID dest)
+    {
+        m_assembler.movq_i64r(initialValue.asIntptr(), dest);
+        return DataLabelPtr(this);
+    }
+
+    Jump branchPtrWithPatch(Condition cond, RegisterID left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        dataLabel = moveWithPatch(initialRightValue, scratchRegister);
+        return branchPtr(cond, left, scratchRegister);
+    }
+
+    Jump branchPtrWithPatch(Condition cond, Address left, DataLabelPtr& dataLabel, ImmPtr initialRightValue = ImmPtr(0))
+    {
+        dataLabel = moveWithPatch(initialRightValue, scratchRegister);
+        return branchPtr(cond, left, scratchRegister);
+    }
+
+    DataLabelPtr storePtrWithPatch(ImmPtr initialValue, ImplicitAddress address)
+    {
+        DataLabelPtr label = moveWithPatch(initialValue, scratchRegister);
+        storePtr(scratchRegister, address);
+        return label;
+    }
+
+    Label loadPtrWithPatchToLEA(Address address, RegisterID dest)
+    {
+        Label label(this);
+        loadPtr(address, dest);
+        return label;
+    }
+
+    bool supportsFloatingPoint() const { return true; }
+    // See comment on MacroAssemblerARMv7::supportsFloatingPointTruncate()
+    bool supportsFloatingPointTruncate() const { return true; }
+
+private:
+    friend class LinkBuffer;
+    friend class RepatchBuffer;
+
+    static void linkCall(void* code, Call call, FunctionPtr function)
+    {
+        if (!call.isFlagSet(Call::Near))
+            X86Assembler::linkPointer(code, X86Assembler::labelFor(call.m_jmp, -REPTACH_OFFSET_CALL_R11), function.value());
+        else
+            X86Assembler::linkCall(code, call.m_jmp, function.value());
+    }
+
+    static void repatchCall(CodeLocationCall call, CodeLocationLabel destination)
+    {
+        X86Assembler::repatchPointer(call.dataLabelPtrAtOffset(-REPTACH_OFFSET_CALL_R11).dataLocation(), destination.executableAddress());
+    }
+
+    static void repatchCall(CodeLocationCall call, FunctionPtr destination)
+    {
+        X86Assembler::repatchPointer(call.dataLabelPtrAtOffset(-REPTACH_OFFSET_CALL_R11).dataLocation(), destination.executableAddress());
+    }
+
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // MacroAssemblerX86_64_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/RepatchBuffer.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/RepatchBuffer.h
new file mode 100644
index 000000000..89cbf06d1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/RepatchBuffer.h
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RepatchBuffer_h
+#define RepatchBuffer_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER)
+
+#include <MacroAssembler.h>
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+
+// RepatchBuffer:
+//
+// This class is used to modify code after code generation has been completed,
+// and after the code has potentially already been executed.  This mechanism is
+// used to apply optimizations to the code.
+//
+class RepatchBuffer {
+    typedef MacroAssemblerCodePtr CodePtr;
+
+public:
+    RepatchBuffer(CodeBlock* codeBlock)
+    {
+        JITCode& code = codeBlock->getJITCode();
+        m_start = code.start();
+        m_size = code.size();
+
+        ExecutableAllocator::makeWritable(m_start, m_size);
+    }
+
+    ~RepatchBuffer()
+    {
+        ExecutableAllocator::makeExecutable(m_start, m_size);
+    }
+
+    void relink(CodeLocationJump jump, CodeLocationLabel destination)
+    {
+        MacroAssembler::repatchJump(jump, destination);
+    }
+
+    void relink(CodeLocationCall call, CodeLocationLabel destination)
+    {
+        MacroAssembler::repatchCall(call, destination);
+    }
+
+    void relink(CodeLocationCall call, FunctionPtr destination)
+    {
+        MacroAssembler::repatchCall(call, destination);
+    }
+
+    void relink(CodeLocationNearCall nearCall, CodePtr destination)
+    {
+        MacroAssembler::repatchNearCall(nearCall, CodeLocationLabel(destination));
+    }
+
+    void relink(CodeLocationNearCall nearCall, CodeLocationLabel destination)
+    {
+        MacroAssembler::repatchNearCall(nearCall, destination);
+    }
+
+    void repatch(CodeLocationDataLabel32 dataLabel32, int32_t value)
+    {
+        MacroAssembler::repatchInt32(dataLabel32, value);
+    }
+
+    void repatch(CodeLocationDataLabelPtr dataLabelPtr, void* value)
+    {
+        MacroAssembler::repatchPointer(dataLabelPtr, value);
+    }
+
+    void repatchLoadPtrToLEA(CodeLocationInstruction instruction)
+    {
+        MacroAssembler::repatchLoadPtrToLEA(instruction);
+    }
+
+    void relinkCallerToTrampoline(ReturnAddressPtr returnAddress, CodeLocationLabel label)
+    {
+        relink(CodeLocationCall(CodePtr(returnAddress)), label);
+    }
+    
+    void relinkCallerToTrampoline(ReturnAddressPtr returnAddress, CodePtr newCalleeFunction)
+    {
+        relinkCallerToTrampoline(returnAddress, CodeLocationLabel(newCalleeFunction));
+    }
+
+    void relinkCallerToFunction(ReturnAddressPtr returnAddress, FunctionPtr function)
+    {
+        relink(CodeLocationCall(CodePtr(returnAddress)), function);
+    }
+    
+    void relinkNearCallerToTrampoline(ReturnAddressPtr returnAddress, CodeLocationLabel label)
+    {
+        relink(CodeLocationNearCall(CodePtr(returnAddress)), label);
+    }
+    
+    void relinkNearCallerToTrampoline(ReturnAddressPtr returnAddress, CodePtr newCalleeFunction)
+    {
+        relinkNearCallerToTrampoline(returnAddress, CodeLocationLabel(newCalleeFunction));
+    }
+
+private:
+    void* m_start;
+    size_t m_size;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // RepatchBuffer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/assembler/X86Assembler.h b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/X86Assembler.h
new file mode 100644
index 000000000..cbbaaa5a1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/assembler/X86Assembler.h
@@ -0,0 +1,2053 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef X86Assembler_h
+#define X86Assembler_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(ASSEMBLER) && (PLATFORM(X86) || PLATFORM(X86_64))
+
+#include "AssemblerBuffer.h"
+#include <stdint.h>
+#include <wtf/Assertions.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+inline bool CAN_SIGN_EXTEND_8_32(int32_t value) { return value == (int32_t)(signed char)value; }
+
+namespace X86Registers {
+    typedef enum {
+        eax,
+        ecx,
+        edx,
+        ebx,
+        esp,
+        ebp,
+        esi,
+        edi,
+
+#if PLATFORM(X86_64)
+        r8,
+        r9,
+        r10,
+        r11,
+        r12,
+        r13,
+        r14,
+        r15,
+#endif
+    } RegisterID;
+
+    typedef enum {
+        xmm0,
+        xmm1,
+        xmm2,
+        xmm3,
+        xmm4,
+        xmm5,
+        xmm6,
+        xmm7,
+    } XMMRegisterID;
+}
+
+class X86Assembler {
+public:
+    typedef X86Registers::RegisterID RegisterID;
+    typedef X86Registers::XMMRegisterID XMMRegisterID;
+    typedef XMMRegisterID FPRegisterID;
+
+    typedef enum {
+        ConditionO,
+        ConditionNO,
+        ConditionB,
+        ConditionAE,
+        ConditionE,
+        ConditionNE,
+        ConditionBE,
+        ConditionA,
+        ConditionS,
+        ConditionNS,
+        ConditionP,
+        ConditionNP,
+        ConditionL,
+        ConditionGE,
+        ConditionLE,
+        ConditionG,
+
+        ConditionC  = ConditionB,
+        ConditionNC = ConditionAE,
+    } Condition;
+
+private:
+    typedef enum {
+        OP_ADD_EvGv                     = 0x01,
+        OP_ADD_GvEv                     = 0x03,
+        OP_OR_EvGv                      = 0x09,
+        OP_OR_GvEv                      = 0x0B,
+        OP_2BYTE_ESCAPE                 = 0x0F,
+        OP_AND_EvGv                     = 0x21,
+        OP_AND_GvEv                     = 0x23,
+        OP_SUB_EvGv                     = 0x29,
+        OP_SUB_GvEv                     = 0x2B,
+        PRE_PREDICT_BRANCH_NOT_TAKEN    = 0x2E,
+        OP_XOR_EvGv                     = 0x31,
+        OP_XOR_GvEv                     = 0x33,
+        OP_CMP_EvGv                     = 0x39,
+        OP_CMP_GvEv                     = 0x3B,
+#if PLATFORM(X86_64)
+        PRE_REX                         = 0x40,
+#endif
+        OP_PUSH_EAX                     = 0x50,
+        OP_POP_EAX                      = 0x58,
+#if PLATFORM(X86_64)
+        OP_MOVSXD_GvEv                  = 0x63,
+#endif
+        PRE_OPERAND_SIZE                = 0x66,
+        PRE_SSE_66                      = 0x66,
+        OP_PUSH_Iz                      = 0x68,
+        OP_IMUL_GvEvIz                  = 0x69,
+        OP_GROUP1_EvIz                  = 0x81,
+        OP_GROUP1_EvIb                  = 0x83,
+        OP_TEST_EvGv                    = 0x85,
+        OP_XCHG_EvGv                    = 0x87,
+        OP_MOV_EvGv                     = 0x89,
+        OP_MOV_GvEv                     = 0x8B,
+        OP_LEA                          = 0x8D,
+        OP_GROUP1A_Ev                   = 0x8F,
+        OP_CDQ                          = 0x99,
+        OP_MOV_EAXOv                    = 0xA1,
+        OP_MOV_OvEAX                    = 0xA3,
+        OP_MOV_EAXIv                    = 0xB8,
+        OP_GROUP2_EvIb                  = 0xC1,
+        OP_RET                          = 0xC3,
+        OP_GROUP11_EvIz                 = 0xC7,
+        OP_INT3                         = 0xCC,
+        OP_GROUP2_Ev1                   = 0xD1,
+        OP_GROUP2_EvCL                  = 0xD3,
+        OP_CALL_rel32                   = 0xE8,
+        OP_JMP_rel32                    = 0xE9,
+        PRE_SSE_F2                      = 0xF2,
+        OP_HLT                          = 0xF4,
+        OP_GROUP3_EbIb                  = 0xF6,
+        OP_GROUP3_Ev                    = 0xF7,
+        OP_GROUP3_EvIz                  = 0xF7, // OP_GROUP3_Ev has an immediate, when instruction is a test. 
+        OP_GROUP5_Ev                    = 0xFF,
+    } OneByteOpcodeID;
+
+    typedef enum {
+        OP2_MOVSD_VsdWsd    = 0x10,
+        OP2_MOVSD_WsdVsd    = 0x11,
+        OP2_CVTSI2SD_VsdEd  = 0x2A,
+        OP2_CVTTSD2SI_GdWsd = 0x2C,
+        OP2_UCOMISD_VsdWsd  = 0x2E,
+        OP2_ADDSD_VsdWsd    = 0x58,
+        OP2_MULSD_VsdWsd    = 0x59,
+        OP2_SUBSD_VsdWsd    = 0x5C,
+        OP2_DIVSD_VsdWsd    = 0x5E,
+        OP2_XORPD_VpdWpd    = 0x57,
+        OP2_MOVD_VdEd       = 0x6E,
+        OP2_MOVD_EdVd       = 0x7E,
+        OP2_JCC_rel32       = 0x80,
+        OP_SETCC            = 0x90,
+        OP2_IMUL_GvEv       = 0xAF,
+        OP2_MOVZX_GvEb      = 0xB6,
+        OP2_MOVZX_GvEw      = 0xB7,
+        OP2_PEXTRW_GdUdIb   = 0xC5,
+    } TwoByteOpcodeID;
+
+    TwoByteOpcodeID jccRel32(Condition cond)
+    {
+        return (TwoByteOpcodeID)(OP2_JCC_rel32 + cond);
+    }
+
+    TwoByteOpcodeID setccOpcode(Condition cond)
+    {
+        return (TwoByteOpcodeID)(OP_SETCC + cond);
+    }
+
+    typedef enum {
+        GROUP1_OP_ADD = 0,
+        GROUP1_OP_OR  = 1,
+        GROUP1_OP_ADC = 2,
+        GROUP1_OP_AND = 4,
+        GROUP1_OP_SUB = 5,
+        GROUP1_OP_XOR = 6,
+        GROUP1_OP_CMP = 7,
+
+        GROUP1A_OP_POP = 0,
+
+        GROUP2_OP_SHL = 4,
+        GROUP2_OP_SAR = 7,
+
+        GROUP3_OP_TEST = 0,
+        GROUP3_OP_NOT  = 2,
+        GROUP3_OP_NEG  = 3,
+        GROUP3_OP_IDIV = 7,
+
+        GROUP5_OP_CALLN = 2,
+        GROUP5_OP_JMPN  = 4,
+        GROUP5_OP_PUSH  = 6,
+
+        GROUP11_MOV = 0,
+    } GroupOpcodeID;
+    
+    class X86InstructionFormatter;
+public:
+
+    class JmpSrc {
+        friend class X86Assembler;
+        friend class X86InstructionFormatter;
+    public:
+        JmpSrc()
+            : m_offset(-1)
+        {
+        }
+
+    private:
+        JmpSrc(int offset)
+            : m_offset(offset)
+        {
+        }
+
+        int m_offset;
+    };
+    
+    class JmpDst {
+        friend class X86Assembler;
+        friend class X86InstructionFormatter;
+    public:
+        JmpDst()
+            : m_offset(-1)
+            , m_used(false)
+        {
+        }
+
+        bool isUsed() const { return m_used; }
+        void used() { m_used = true; }
+    private:
+        JmpDst(int offset)
+            : m_offset(offset)
+            , m_used(false)
+        {
+            ASSERT(m_offset == offset);
+        }
+
+        int m_offset : 31;
+        bool m_used : 1;
+    };
+
+    X86Assembler()
+    {
+    }
+
+    size_t size() const { return m_formatter.size(); }
+
+    // Stack operations:
+
+    void push_r(RegisterID reg)
+    {
+        m_formatter.oneByteOp(OP_PUSH_EAX, reg);
+    }
+
+    void pop_r(RegisterID reg)
+    {
+        m_formatter.oneByteOp(OP_POP_EAX, reg);
+    }
+
+    void push_i32(int imm)
+    {
+        m_formatter.oneByteOp(OP_PUSH_Iz);
+        m_formatter.immediate32(imm);
+    }
+
+    void push_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP5_OP_PUSH, base, offset);
+    }
+
+    void pop_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP1A_Ev, GROUP1A_OP_POP, base, offset);
+    }
+
+    // Arithmetic operations:
+
+#if !PLATFORM(X86_64)
+    void adcl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_ADC, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_ADC, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void addl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_ADD_EvGv, src, dst);
+    }
+
+    void addl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_ADD_GvEv, dst, base, offset);
+    }
+
+    void addl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_ADD_EvGv, src, base, offset);
+    }
+
+    void addl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_ADD, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_ADD, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void addl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_ADD, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_ADD, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+#if PLATFORM(X86_64)
+    void addq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_ADD_EvGv, src, dst);
+    }
+
+    void addq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_ADD, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_ADD, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void addq_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_ADD, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_ADD, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+#else
+    void addl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_ADD, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_ADD, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void andl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_AND_EvGv, src, dst);
+    }
+
+    void andl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_AND_GvEv, dst, base, offset);
+    }
+
+    void andl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_AND_EvGv, src, base, offset);
+    }
+
+    void andl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_AND, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_AND, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void andl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_AND, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_AND, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+#if PLATFORM(X86_64)
+    void andq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_AND_EvGv, src, dst);
+    }
+
+    void andq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_AND, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_AND, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+#else
+    void andl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_AND, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_AND, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void negl_r(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NEG, dst);
+    }
+
+    void negl_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NEG, base, offset);
+    }
+
+    void notl_r(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NOT, dst);
+    }
+
+    void notl_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_NOT, base, offset);
+    }
+
+    void orl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_OR_EvGv, src, dst);
+    }
+
+    void orl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_OR_GvEv, dst, base, offset);
+    }
+
+    void orl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_OR_EvGv, src, base, offset);
+    }
+
+    void orl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_OR, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_OR, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void orl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_OR, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_OR, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+#if PLATFORM(X86_64)
+    void orq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_OR_EvGv, src, dst);
+    }
+
+    void orq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_OR, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_OR, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+#else
+    void orl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_OR, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_OR, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void subl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_SUB_EvGv, src, dst);
+    }
+
+    void subl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_SUB_GvEv, dst, base, offset);
+    }
+
+    void subl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_SUB_EvGv, src, base, offset);
+    }
+
+    void subl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_SUB, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_SUB, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+    
+    void subl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_SUB, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_SUB, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+#if PLATFORM(X86_64)
+    void subq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_SUB_EvGv, src, dst);
+    }
+
+    void subq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_SUB, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_SUB, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+#else
+    void subl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_SUB, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_SUB, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void xorl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_XOR_EvGv, src, dst);
+    }
+
+    void xorl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_XOR_GvEv, dst, base, offset);
+    }
+
+    void xorl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_XOR_EvGv, src, base, offset);
+    }
+
+    void xorl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_XOR, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_XOR, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void xorl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_XOR, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_XOR, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+#if PLATFORM(X86_64)
+    void xorq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_XOR_EvGv, src, dst);
+    }
+
+    void xorq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_XOR, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_XOR, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void sarl_i8r(int imm, RegisterID dst)
+    {
+        if (imm == 1)
+            m_formatter.oneByteOp(OP_GROUP2_Ev1, GROUP2_OP_SAR, dst);
+        else {
+            m_formatter.oneByteOp(OP_GROUP2_EvIb, GROUP2_OP_SAR, dst);
+            m_formatter.immediate8(imm);
+        }
+    }
+
+    void sarl_CLr(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP2_EvCL, GROUP2_OP_SAR, dst);
+    }
+
+    void shll_i8r(int imm, RegisterID dst)
+    {
+        if (imm == 1)
+            m_formatter.oneByteOp(OP_GROUP2_Ev1, GROUP2_OP_SHL, dst);
+        else {
+            m_formatter.oneByteOp(OP_GROUP2_EvIb, GROUP2_OP_SHL, dst);
+            m_formatter.immediate8(imm);
+        }
+    }
+
+    void shll_CLr(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP2_EvCL, GROUP2_OP_SHL, dst);
+    }
+
+#if PLATFORM(X86_64)
+    void sarq_CLr(RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_GROUP2_EvCL, GROUP2_OP_SAR, dst);
+    }
+
+    void sarq_i8r(int imm, RegisterID dst)
+    {
+        if (imm == 1)
+            m_formatter.oneByteOp64(OP_GROUP2_Ev1, GROUP2_OP_SAR, dst);
+        else {
+            m_formatter.oneByteOp64(OP_GROUP2_EvIb, GROUP2_OP_SAR, dst);
+            m_formatter.immediate8(imm);
+        }
+    }
+#endif
+
+    void imull_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.twoByteOp(OP2_IMUL_GvEv, dst, src);
+    }
+
+    void imull_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.twoByteOp(OP2_IMUL_GvEv, dst, base, offset);
+    }
+
+    void imull_i32r(RegisterID src, int32_t value, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_IMUL_GvEvIz, dst, src);
+        m_formatter.immediate32(value);
+    }
+
+    void idivl_r(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_Ev, GROUP3_OP_IDIV, dst);
+    }
+
+    // Comparisons:
+
+    void cmpl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_CMP_EvGv, src, dst);
+    }
+
+    void cmpl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_CMP_EvGv, src, base, offset);
+    }
+
+    void cmpl_mr(int offset, RegisterID base, RegisterID src)
+    {
+        m_formatter.oneByteOp(OP_CMP_GvEv, src, base, offset);
+    }
+
+    void cmpl_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_CMP, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void cmpl_ir_force32(int imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, dst);
+        m_formatter.immediate32(imm);
+    }
+
+    void cmpl_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_CMP, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void cmpl_im(int imm, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void cmpl_im_force32(int imm, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, offset);
+        m_formatter.immediate32(imm);
+    }
+
+#if PLATFORM(X86_64)
+    void cmpq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_CMP_EvGv, src, dst);
+    }
+
+    void cmpq_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp64(OP_CMP_EvGv, src, base, offset);
+    }
+
+    void cmpq_mr(int offset, RegisterID base, RegisterID src)
+    {
+        m_formatter.oneByteOp64(OP_CMP_GvEv, src, base, offset);
+    }
+
+    void cmpq_ir(int imm, RegisterID dst)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_CMP, dst);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_CMP, dst);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void cmpq_im(int imm, int offset, RegisterID base)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_CMP, base, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+
+    void cmpq_im(int imm, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIb, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp64(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate32(imm);
+        }
+    }
+#else
+    void cmpl_rm(RegisterID reg, void* addr)
+    {
+        m_formatter.oneByteOp(OP_CMP_EvGv, reg, addr);
+    }
+
+    void cmpl_im(int imm, void* addr)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_CMP, addr);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, addr);
+            m_formatter.immediate32(imm);
+        }
+    }
+#endif
+
+    void cmpw_rm(RegisterID src, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        m_formatter.prefix(PRE_OPERAND_SIZE);
+        m_formatter.oneByteOp(OP_CMP_EvGv, src, base, index, scale, offset);
+    }
+
+    void cmpw_im(int imm, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        if (CAN_SIGN_EXTEND_8_32(imm)) {
+            m_formatter.prefix(PRE_OPERAND_SIZE);
+            m_formatter.oneByteOp(OP_GROUP1_EvIb, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate8(imm);
+        } else {
+            m_formatter.prefix(PRE_OPERAND_SIZE);
+            m_formatter.oneByteOp(OP_GROUP1_EvIz, GROUP1_OP_CMP, base, index, scale, offset);
+            m_formatter.immediate16(imm);
+        }
+    }
+
+    void testl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_TEST_EvGv, src, dst);
+    }
+    
+    void testl_i32r(int imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_EvIz, GROUP3_OP_TEST, dst);
+        m_formatter.immediate32(imm);
+    }
+
+    void testl_i32m(int imm, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_EvIz, GROUP3_OP_TEST, base, offset);
+        m_formatter.immediate32(imm);
+    }
+
+    void testl_i32m(int imm, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        m_formatter.oneByteOp(OP_GROUP3_EvIz, GROUP3_OP_TEST, base, index, scale, offset);
+        m_formatter.immediate32(imm);
+    }
+
+#if PLATFORM(X86_64)
+    void testq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_TEST_EvGv, src, dst);
+    }
+
+    void testq_i32r(int imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_GROUP3_EvIz, GROUP3_OP_TEST, dst);
+        m_formatter.immediate32(imm);
+    }
+
+    void testq_i32m(int imm, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp64(OP_GROUP3_EvIz, GROUP3_OP_TEST, base, offset);
+        m_formatter.immediate32(imm);
+    }
+
+    void testq_i32m(int imm, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        m_formatter.oneByteOp64(OP_GROUP3_EvIz, GROUP3_OP_TEST, base, index, scale, offset);
+        m_formatter.immediate32(imm);
+    }
+#endif 
+
+    void testw_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.prefix(PRE_OPERAND_SIZE);
+        m_formatter.oneByteOp(OP_TEST_EvGv, src, dst);
+    }
+    
+    void testb_i8r(int imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp8(OP_GROUP3_EbIb, GROUP3_OP_TEST, dst);
+        m_formatter.immediate8(imm);
+    }
+
+    void setCC_r(Condition cond, RegisterID dst)
+    {
+        m_formatter.twoByteOp8(setccOpcode(cond), (GroupOpcodeID)0, dst);
+    }
+
+    void sete_r(RegisterID dst)
+    {
+        m_formatter.twoByteOp8(setccOpcode(ConditionE), (GroupOpcodeID)0, dst);
+    }
+
+    void setz_r(RegisterID dst)
+    {
+        sete_r(dst);
+    }
+
+    void setne_r(RegisterID dst)
+    {
+        m_formatter.twoByteOp8(setccOpcode(ConditionNE), (GroupOpcodeID)0, dst);
+    }
+
+    void setnz_r(RegisterID dst)
+    {
+        setne_r(dst);
+    }
+
+    // Various move ops:
+
+    void cdq()
+    {
+        m_formatter.oneByteOp(OP_CDQ);
+    }
+
+    void xchgl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_XCHG_EvGv, src, dst);
+    }
+
+#if PLATFORM(X86_64)
+    void xchgq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_XCHG_EvGv, src, dst);
+    }
+#endif
+
+    void movl_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_MOV_EvGv, src, dst);
+    }
+    
+    void movl_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_MOV_EvGv, src, base, offset);
+    }
+
+    void movl_rm_disp32(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp_disp32(OP_MOV_EvGv, src, base, offset);
+    }
+
+    void movl_rm(RegisterID src, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        m_formatter.oneByteOp(OP_MOV_EvGv, src, base, index, scale, offset);
+    }
+    
+    void movl_mEAX(void* addr)
+    {
+        m_formatter.oneByteOp(OP_MOV_EAXOv);
+#if PLATFORM(X86_64)
+        m_formatter.immediate64(reinterpret_cast<int64_t>(addr));
+#else
+        m_formatter.immediate32(reinterpret_cast<int>(addr));
+#endif
+    }
+
+    void movl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_MOV_GvEv, dst, base, offset);
+    }
+
+    void movl_mr_disp32(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp_disp32(OP_MOV_GvEv, dst, base, offset);
+    }
+
+    void movl_mr(int offset, RegisterID base, RegisterID index, int scale, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_MOV_GvEv, dst, base, index, scale, offset);
+    }
+
+    void movl_i32r(int imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_MOV_EAXIv, dst);
+        m_formatter.immediate32(imm);
+    }
+
+    void movl_i32m(int imm, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP11_EvIz, GROUP11_MOV, base, offset);
+        m_formatter.immediate32(imm);
+    }
+
+    void movl_EAXm(void* addr)
+    {
+        m_formatter.oneByteOp(OP_MOV_OvEAX);
+#if PLATFORM(X86_64)
+        m_formatter.immediate64(reinterpret_cast<int64_t>(addr));
+#else
+        m_formatter.immediate32(reinterpret_cast<int>(addr));
+#endif
+    }
+
+#if PLATFORM(X86_64)
+    void movq_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_MOV_EvGv, src, dst);
+    }
+
+    void movq_rm(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp64(OP_MOV_EvGv, src, base, offset);
+    }
+
+    void movq_rm_disp32(RegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp64_disp32(OP_MOV_EvGv, src, base, offset);
+    }
+
+    void movq_rm(RegisterID src, int offset, RegisterID base, RegisterID index, int scale)
+    {
+        m_formatter.oneByteOp64(OP_MOV_EvGv, src, base, index, scale, offset);
+    }
+
+    void movq_mEAX(void* addr)
+    {
+        m_formatter.oneByteOp64(OP_MOV_EAXOv);
+        m_formatter.immediate64(reinterpret_cast<int64_t>(addr));
+    }
+
+    void movq_EAXm(void* addr)
+    {
+        m_formatter.oneByteOp64(OP_MOV_OvEAX);
+        m_formatter.immediate64(reinterpret_cast<int64_t>(addr));
+    }
+
+    void movq_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_MOV_GvEv, dst, base, offset);
+    }
+
+    void movq_mr_disp32(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp64_disp32(OP_MOV_GvEv, dst, base, offset);
+    }
+
+    void movq_mr(int offset, RegisterID base, RegisterID index, int scale, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_MOV_GvEv, dst, base, index, scale, offset);
+    }
+
+    void movq_i32m(int imm, int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp64(OP_GROUP11_EvIz, GROUP11_MOV, base, offset);
+        m_formatter.immediate32(imm);
+    }
+
+    void movq_i64r(int64_t imm, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_MOV_EAXIv, dst);
+        m_formatter.immediate64(imm);
+    }
+    
+    void movsxd_rr(RegisterID src, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_MOVSXD_GvEv, dst, src);
+    }
+    
+    
+#else
+    void movl_rm(RegisterID src, void* addr)
+    {
+        if (src == X86Registers::eax)
+            movl_EAXm(addr);
+        else 
+            m_formatter.oneByteOp(OP_MOV_EvGv, src, addr);
+    }
+    
+    void movl_mr(void* addr, RegisterID dst)
+    {
+        if (dst == X86Registers::eax)
+            movl_mEAX(addr);
+        else
+            m_formatter.oneByteOp(OP_MOV_GvEv, dst, addr);
+    }
+
+    void movl_i32m(int imm, void* addr)
+    {
+        m_formatter.oneByteOp(OP_GROUP11_EvIz, GROUP11_MOV, addr);
+        m_formatter.immediate32(imm);
+    }
+#endif
+
+    void movzwl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.twoByteOp(OP2_MOVZX_GvEw, dst, base, offset);
+    }
+
+    void movzwl_mr(int offset, RegisterID base, RegisterID index, int scale, RegisterID dst)
+    {
+        m_formatter.twoByteOp(OP2_MOVZX_GvEw, dst, base, index, scale, offset);
+    }
+
+    void movzbl_rr(RegisterID src, RegisterID dst)
+    {
+        // In 64-bit, this may cause an unnecessary REX to be planted (if the dst register
+        // is in the range ESP-EDI, and the src would not have required a REX).  Unneeded
+        // REX prefixes are defined to be silently ignored by the processor.
+        m_formatter.twoByteOp8(OP2_MOVZX_GvEb, dst, src);
+    }
+
+    void leal_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_LEA, dst, base, offset);
+    }
+#if PLATFORM(X86_64)
+    void leaq_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_formatter.oneByteOp64(OP_LEA, dst, base, offset);
+    }
+#endif
+
+    // Flow control:
+
+    JmpSrc call()
+    {
+        m_formatter.oneByteOp(OP_CALL_rel32);
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc call(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP5_OP_CALLN, dst);
+        return JmpSrc(m_formatter.size());
+    }
+    
+    void call_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP5_OP_CALLN, base, offset);
+    }
+
+    JmpSrc jmp()
+    {
+        m_formatter.oneByteOp(OP_JMP_rel32);
+        return m_formatter.immediateRel32();
+    }
+    
+    // Return a JmpSrc so we have a label to the jump, so we can use this
+    // To make a tail recursive call on x86-64.  The MacroAssembler
+    // really shouldn't wrap this as a Jump, since it can't be linked. :-/
+    JmpSrc jmp_r(RegisterID dst)
+    {
+        m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP5_OP_JMPN, dst);
+        return JmpSrc(m_formatter.size());
+    }
+    
+    void jmp_m(int offset, RegisterID base)
+    {
+        m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP5_OP_JMPN, base, offset);
+    }
+
+    JmpSrc jne()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionNE));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jnz()
+    {
+        return jne();
+    }
+
+    JmpSrc je()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionE));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jz()
+    {
+        return je();
+    }
+
+    JmpSrc jl()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionL));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jb()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionB));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jle()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionLE));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jbe()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionBE));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jge()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionGE));
+        return m_formatter.immediateRel32();
+    }
+
+    JmpSrc jg()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionG));
+        return m_formatter.immediateRel32();
+    }
+
+    JmpSrc ja()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionA));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jae()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionAE));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc jo()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionO));
+        return m_formatter.immediateRel32();
+    }
+
+    JmpSrc jp()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionP));
+        return m_formatter.immediateRel32();
+    }
+    
+    JmpSrc js()
+    {
+        m_formatter.twoByteOp(jccRel32(ConditionS));
+        return m_formatter.immediateRel32();
+    }
+
+    JmpSrc jCC(Condition cond)
+    {
+        m_formatter.twoByteOp(jccRel32(cond));
+        return m_formatter.immediateRel32();
+    }
+
+    // SSE operations:
+
+    void addsd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_ADDSD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void addsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_ADDSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void cvtsi2sd_rr(RegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTSI2SD_VsdEd, (RegisterID)dst, src);
+    }
+
+    void cvtsi2sd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTSI2SD_VsdEd, (RegisterID)dst, base, offset);
+    }
+
+#if !PLATFORM(X86_64)
+    void cvtsi2sd_mr(void* address, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTSI2SD_VsdEd, (RegisterID)dst, address);
+    }
+#endif
+
+    void cvttsd2si_rr(XMMRegisterID src, RegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_CVTTSD2SI_GdWsd, dst, (RegisterID)src);
+    }
+
+    void movd_rr(XMMRegisterID src, RegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_MOVD_EdVd, (RegisterID)src, dst);
+    }
+
+#if PLATFORM(X86_64)
+    void movq_rr(XMMRegisterID src, RegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp64(OP2_MOVD_EdVd, (RegisterID)src, dst);
+    }
+
+    void movq_rr(RegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp64(OP2_MOVD_VdEd, (RegisterID)dst, src);
+    }
+#endif
+
+    void movsd_rm(XMMRegisterID src, int offset, RegisterID base)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MOVSD_WsdVsd, (RegisterID)src, base, offset);
+    }
+
+    void movsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MOVSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+#if !PLATFORM(X86_64)
+    void movsd_mr(void* address, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MOVSD_VsdWsd, (RegisterID)dst, address);
+    }
+#endif
+
+    void mulsd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MULSD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void mulsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_MULSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void pextrw_irr(int whichWord, XMMRegisterID src, RegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_PEXTRW_GdUdIb, (RegisterID)dst, (RegisterID)src);
+        m_formatter.immediate8(whichWord);
+    }
+
+    void subsd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_SUBSD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void subsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_SUBSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void ucomisd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_UCOMISD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void ucomisd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_UCOMISD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void divsd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_DIVSD_VsdWsd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    void divsd_mr(int offset, RegisterID base, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_F2);
+        m_formatter.twoByteOp(OP2_DIVSD_VsdWsd, (RegisterID)dst, base, offset);
+    }
+
+    void xorpd_rr(XMMRegisterID src, XMMRegisterID dst)
+    {
+        m_formatter.prefix(PRE_SSE_66);
+        m_formatter.twoByteOp(OP2_XORPD_VpdWpd, (RegisterID)dst, (RegisterID)src);
+    }
+
+    // Misc instructions:
+
+    void int3()
+    {
+        m_formatter.oneByteOp(OP_INT3);
+    }
+    
+    void ret()
+    {
+        m_formatter.oneByteOp(OP_RET);
+    }
+
+    void predictNotTaken()
+    {
+        m_formatter.prefix(PRE_PREDICT_BRANCH_NOT_TAKEN);
+    }
+
+    // Assembler admin methods:
+
+    JmpDst label()
+    {
+        return JmpDst(m_formatter.size());
+    }
+    
+    static JmpDst labelFor(JmpSrc jump, intptr_t offset = 0)
+    {
+        return JmpDst(jump.m_offset + offset);
+    }
+    
+    JmpDst align(int alignment)
+    {
+        while (!m_formatter.isAligned(alignment))
+            m_formatter.oneByteOp(OP_HLT);
+
+        return label();
+    }
+
+    // Linking & patching:
+    //
+    // 'link' and 'patch' methods are for use on unprotected code - such as the code
+    // within the AssemblerBuffer, and code being patched by the patch buffer.  Once
+    // code has been finalized it is (platform support permitting) within a non-
+    // writable region of memory; to modify the code in an execute-only execuable
+    // pool the 'repatch' and 'relink' methods should be used.
+
+    void linkJump(JmpSrc from, JmpDst to)
+    {
+        ASSERT(from.m_offset != -1);
+        ASSERT(to.m_offset != -1);
+
+        char* code = reinterpret_cast<char*>(m_formatter.data());
+        setRel32(code + from.m_offset, code + to.m_offset);
+    }
+    
+    static void linkJump(void* code, JmpSrc from, void* to)
+    {
+        ASSERT(from.m_offset != -1);
+
+        setRel32(reinterpret_cast<char*>(code) + from.m_offset, to);
+    }
+
+    static void linkCall(void* code, JmpSrc from, void* to)
+    {
+        ASSERT(from.m_offset != -1);
+
+        setRel32(reinterpret_cast<char*>(code) + from.m_offset, to);
+    }
+
+    static void linkPointer(void* code, JmpDst where, void* value)
+    {
+        ASSERT(where.m_offset != -1);
+
+        setPointer(reinterpret_cast<char*>(code) + where.m_offset, value);
+    }
+
+    static void relinkJump(void* from, void* to)
+    {
+        setRel32(from, to);
+    }
+    
+    static void relinkCall(void* from, void* to)
+    {
+        setRel32(from, to);
+    }
+
+    static void repatchInt32(void* where, int32_t value)
+    {
+        setInt32(where, value);
+    }
+
+    static void repatchPointer(void* where, void* value)
+    {
+        setPointer(where, value);
+    }
+
+    static void repatchLoadPtrToLEA(void* where)
+    {
+#if PLATFORM(X86_64)
+        // On x86-64 pointer memory accesses require a 64-bit operand, and as such a REX prefix.
+        // Skip over the prefix byte.
+        where = reinterpret_cast<char*>(where) + 1;
+#endif
+        *reinterpret_cast<unsigned char*>(where) = static_cast<unsigned char>(OP_LEA);
+    }
+    
+    static unsigned getCallReturnOffset(JmpSrc call)
+    {
+        ASSERT(call.m_offset >= 0);
+        return call.m_offset;
+    }
+
+    static void* getRelocatedAddress(void* code, JmpSrc jump)
+    {
+        ASSERT(jump.m_offset != -1);
+
+        return reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(code) + jump.m_offset);
+    }
+    
+    static void* getRelocatedAddress(void* code, JmpDst destination)
+    {
+        ASSERT(destination.m_offset != -1);
+
+        return reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(code) + destination.m_offset);
+    }
+    
+    static int getDifferenceBetweenLabels(JmpDst src, JmpDst dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    static int getDifferenceBetweenLabels(JmpDst src, JmpSrc dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    static int getDifferenceBetweenLabels(JmpSrc src, JmpDst dst)
+    {
+        return dst.m_offset - src.m_offset;
+    }
+    
+    void* executableCopy(ExecutablePool* allocator)
+    {
+        void* copy = m_formatter.executableCopy(allocator);
+        ASSERT(copy);
+        return copy;
+    }
+
+private:
+
+    static void setPointer(void* where, void* value)
+    {
+        reinterpret_cast<void**>(where)[-1] = value;
+    }
+
+    static void setInt32(void* where, int32_t value)
+    {
+        reinterpret_cast<int32_t*>(where)[-1] = value;
+    }
+
+    static void setRel32(void* from, void* to)
+    {
+        intptr_t offset = reinterpret_cast<intptr_t>(to) - reinterpret_cast<intptr_t>(from);
+        ASSERT(offset == static_cast<int32_t>(offset));
+
+        setInt32(from, offset);
+    }
+
+    class X86InstructionFormatter {
+
+        static const int maxInstructionSize = 16;
+
+    public:
+
+        // Legacy prefix bytes:
+        //
+        // These are emmitted prior to the instruction.
+
+        void prefix(OneByteOpcodeID pre)
+        {
+            m_buffer.putByte(pre);
+        }
+
+        // Word-sized operands / no operand instruction formatters.
+        //
+        // In addition to the opcode, the following operand permutations are supported:
+        //   * None - instruction takes no operands.
+        //   * One register - the low three bits of the RegisterID are added into the opcode.
+        //   * Two registers - encode a register form ModRm (for all ModRm formats, the reg field is passed first, and a GroupOpcodeID may be passed in its place).
+        //   * Three argument ModRM - a register, and a register and an offset describing a memory operand.
+        //   * Five argument ModRM - a register, and a base register, an index, scale, and offset describing a memory operand.
+        //
+        // For 32-bit x86 targets, the address operand may also be provided as a void*.
+        // On 64-bit targets REX prefixes will be planted as necessary, where high numbered registers are used.
+        //
+        // The twoByteOp methods plant two-byte Intel instructions sequences (first opcode byte 0x0F).
+
+        void oneByteOp(OneByteOpcodeID opcode)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            m_buffer.putByteUnchecked(opcode);
+        }
+
+        void oneByteOp(OneByteOpcodeID opcode, RegisterID reg)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(0, 0, reg);
+            m_buffer.putByteUnchecked(opcode + (reg & 7));
+        }
+
+        void oneByteOp(OneByteOpcodeID opcode, int reg, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, 0, rm);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(reg, rm);
+        }
+
+        void oneByteOp(OneByteOpcodeID opcode, int reg, RegisterID base, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, 0, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, offset);
+        }
+
+        void oneByteOp_disp32(OneByteOpcodeID opcode, int reg, RegisterID base, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, 0, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM_disp32(reg, base, offset);
+        }
+
+        void oneByteOp(OneByteOpcodeID opcode, int reg, RegisterID base, RegisterID index, int scale, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, index, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, index, scale, offset);
+        }
+
+#if !PLATFORM(X86_64)
+        void oneByteOp(OneByteOpcodeID opcode, int reg, void* address)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, address);
+        }
+#endif
+
+        void twoByteOp(TwoByteOpcodeID opcode)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+        }
+
+        void twoByteOp(TwoByteOpcodeID opcode, int reg, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, 0, rm);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(reg, rm);
+        }
+
+        void twoByteOp(TwoByteOpcodeID opcode, int reg, RegisterID base, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, 0, base);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, offset);
+        }
+
+        void twoByteOp(TwoByteOpcodeID opcode, int reg, RegisterID base, RegisterID index, int scale, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIfNeeded(reg, index, base);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, index, scale, offset);
+        }
+
+#if !PLATFORM(X86_64)
+        void twoByteOp(TwoByteOpcodeID opcode, int reg, void* address)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, address);
+        }
+#endif
+
+#if PLATFORM(X86_64)
+        // Quad-word-sized operands:
+        //
+        // Used to format 64-bit operantions, planting a REX.w prefix.
+        // When planting d64 or f64 instructions, not requiring a REX.w prefix,
+        // the normal (non-'64'-postfixed) formatters should be used.
+
+        void oneByteOp64(OneByteOpcodeID opcode)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(0, 0, 0);
+            m_buffer.putByteUnchecked(opcode);
+        }
+
+        void oneByteOp64(OneByteOpcodeID opcode, RegisterID reg)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(0, 0, reg);
+            m_buffer.putByteUnchecked(opcode + (reg & 7));
+        }
+
+        void oneByteOp64(OneByteOpcodeID opcode, int reg, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(reg, 0, rm);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(reg, rm);
+        }
+
+        void oneByteOp64(OneByteOpcodeID opcode, int reg, RegisterID base, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(reg, 0, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, offset);
+        }
+
+        void oneByteOp64_disp32(OneByteOpcodeID opcode, int reg, RegisterID base, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(reg, 0, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM_disp32(reg, base, offset);
+        }
+
+        void oneByteOp64(OneByteOpcodeID opcode, int reg, RegisterID base, RegisterID index, int scale, int offset)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(reg, index, base);
+            m_buffer.putByteUnchecked(opcode);
+            memoryModRM(reg, base, index, scale, offset);
+        }
+
+        void twoByteOp64(TwoByteOpcodeID opcode, int reg, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexW(reg, 0, rm);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(reg, rm);
+        }
+#endif
+
+        // Byte-operands:
+        //
+        // These methods format byte operations.  Byte operations differ from the normal
+        // formatters in the circumstances under which they will decide to emit REX prefixes.
+        // These should be used where any register operand signifies a byte register.
+        //
+        // The disctinction is due to the handling of register numbers in the range 4..7 on
+        // x86-64.  These register numbers may either represent the second byte of the first
+        // four registers (ah..bh) or the first byte of the second four registers (spl..dil).
+        //
+        // Since ah..bh cannot be used in all permutations of operands (specifically cannot
+        // be accessed where a REX prefix is present), these are likely best treated as
+        // deprecated.  In order to ensure the correct registers spl..dil are selected a
+        // REX prefix will be emitted for any byte register operand in the range 4..15.
+        //
+        // These formatters may be used in instructions where a mix of operand sizes, in which
+        // case an unnecessary REX will be emitted, for example:
+        //     movzbl %al, %edi
+        // In this case a REX will be planted since edi is 7 (and were this a byte operand
+        // a REX would be required to specify dil instead of bh).  Unneeded REX prefixes will
+        // be silently ignored by the processor.
+        //
+        // Address operands should still be checked using regRequiresRex(), while byteRegRequiresRex()
+        // is provided to check byte register operands.
+
+        void oneByteOp8(OneByteOpcodeID opcode, GroupOpcodeID groupOp, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIf(byteRegRequiresRex(rm), 0, 0, rm);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(groupOp, rm);
+        }
+
+        void twoByteOp8(TwoByteOpcodeID opcode, RegisterID reg, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIf(byteRegRequiresRex(reg)|byteRegRequiresRex(rm), reg, 0, rm);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(reg, rm);
+        }
+
+        void twoByteOp8(TwoByteOpcodeID opcode, GroupOpcodeID groupOp, RegisterID rm)
+        {
+            m_buffer.ensureSpace(maxInstructionSize);
+            emitRexIf(byteRegRequiresRex(rm), 0, 0, rm);
+            m_buffer.putByteUnchecked(OP_2BYTE_ESCAPE);
+            m_buffer.putByteUnchecked(opcode);
+            registerModRM(groupOp, rm);
+        }
+
+        // Immediates:
+        //
+        // An immedaite should be appended where appropriate after an op has been emitted.
+        // The writes are unchecked since the opcode formatters above will have ensured space.
+
+        void immediate8(int imm)
+        {
+            m_buffer.putByteUnchecked(imm);
+        }
+
+        void immediate16(int imm)
+        {
+            m_buffer.putShortUnchecked(imm);
+        }
+
+        void immediate32(int imm)
+        {
+            m_buffer.putIntUnchecked(imm);
+        }
+
+        void immediate64(int64_t imm)
+        {
+            m_buffer.putInt64Unchecked(imm);
+        }
+
+        JmpSrc immediateRel32()
+        {
+            m_buffer.putIntUnchecked(0);
+            return JmpSrc(m_buffer.size());
+        }
+
+        // Administrative methods:
+
+        size_t size() const { return m_buffer.size(); }
+        bool isAligned(int alignment) const { return m_buffer.isAligned(alignment); }
+        void* data() const { return m_buffer.data(); }
+        void* executableCopy(ExecutablePool* allocator) { return m_buffer.executableCopy(allocator); }
+
+    private:
+
+        // Internals; ModRm and REX formatters.
+
+        static const RegisterID noBase = X86Registers::ebp;
+        static const RegisterID hasSib = X86Registers::esp;
+        static const RegisterID noIndex = X86Registers::esp;
+#if PLATFORM(X86_64)
+        static const RegisterID noBase2 = X86Registers::r13;
+        static const RegisterID hasSib2 = X86Registers::r12;
+
+        // Registers r8 & above require a REX prefixe.
+        inline bool regRequiresRex(int reg)
+        {
+            return (reg >= X86Registers::r8);
+        }
+
+        // Byte operand register spl & above require a REX prefix (to prevent the 'H' registers be accessed).
+        inline bool byteRegRequiresRex(int reg)
+        {
+            return (reg >= X86Registers::esp);
+        }
+
+        // Format a REX prefix byte.
+        inline void emitRex(bool w, int r, int x, int b)
+        {
+            m_buffer.putByteUnchecked(PRE_REX | ((int)w << 3) | ((r>>3)<<2) | ((x>>3)<<1) | (b>>3));
+        }
+
+        // Used to plant a REX byte with REX.w set (for 64-bit operations).
+        inline void emitRexW(int r, int x, int b)
+        {
+            emitRex(true, r, x, b);
+        }
+
+        // Used for operations with byte operands - use byteRegRequiresRex() to check register operands,
+        // regRequiresRex() to check other registers (i.e. address base & index).
+        inline void emitRexIf(bool condition, int r, int x, int b)
+        {
+            if (condition) emitRex(false, r, x, b);
+        }
+
+        // Used for word sized operations, will plant a REX prefix if necessary (if any register is r8 or above).
+        inline void emitRexIfNeeded(int r, int x, int b)
+        {
+            emitRexIf(regRequiresRex(r) || regRequiresRex(x) || regRequiresRex(b), r, x, b);
+        }
+#else
+        // No REX prefix bytes on 32-bit x86.
+        inline bool regRequiresRex(int) { return false; }
+        inline bool byteRegRequiresRex(int) { return false; }
+        inline void emitRexIf(bool, int, int, int) {}
+        inline void emitRexIfNeeded(int, int, int) {}
+#endif
+
+        enum ModRmMode {
+            ModRmMemoryNoDisp,
+            ModRmMemoryDisp8,
+            ModRmMemoryDisp32,
+            ModRmRegister,
+        };
+
+        void putModRm(ModRmMode mode, int reg, RegisterID rm)
+        {
+            m_buffer.putByteUnchecked((mode << 6) | ((reg & 7) << 3) | (rm & 7));
+        }
+
+        void putModRmSib(ModRmMode mode, int reg, RegisterID base, RegisterID index, int scale)
+        {
+            ASSERT(mode != ModRmRegister);
+
+            putModRm(mode, reg, hasSib);
+            m_buffer.putByteUnchecked((scale << 6) | ((index & 7) << 3) | (base & 7));
+        }
+
+        void registerModRM(int reg, RegisterID rm)
+        {
+            putModRm(ModRmRegister, reg, rm);
+        }
+
+        void memoryModRM(int reg, RegisterID base, int offset)
+        {
+            // A base of esp or r12 would be interpreted as a sib, so force a sib with no index & put the base in there.
+#if PLATFORM(X86_64)
+            if ((base == hasSib) || (base == hasSib2)) {
+#else
+            if (base == hasSib) {
+#endif
+                if (!offset) // No need to check if the base is noBase, since we know it is hasSib!
+                    putModRmSib(ModRmMemoryNoDisp, reg, base, noIndex, 0);
+                else if (CAN_SIGN_EXTEND_8_32(offset)) {
+                    putModRmSib(ModRmMemoryDisp8, reg, base, noIndex, 0);
+                    m_buffer.putByteUnchecked(offset);
+                } else {
+                    putModRmSib(ModRmMemoryDisp32, reg, base, noIndex, 0);
+                    m_buffer.putIntUnchecked(offset);
+                }
+            } else {
+#if PLATFORM(X86_64)
+                if (!offset && (base != noBase) && (base != noBase2))
+#else
+                if (!offset && (base != noBase))
+#endif
+                    putModRm(ModRmMemoryNoDisp, reg, base);
+                else if (CAN_SIGN_EXTEND_8_32(offset)) {
+                    putModRm(ModRmMemoryDisp8, reg, base);
+                    m_buffer.putByteUnchecked(offset);
+                } else {
+                    putModRm(ModRmMemoryDisp32, reg, base);
+                    m_buffer.putIntUnchecked(offset);
+                }
+            }
+        }
+    
+        void memoryModRM_disp32(int reg, RegisterID base, int offset)
+        {
+            // A base of esp or r12 would be interpreted as a sib, so force a sib with no index & put the base in there.
+#if PLATFORM(X86_64)
+            if ((base == hasSib) || (base == hasSib2)) {
+#else
+            if (base == hasSib) {
+#endif
+                putModRmSib(ModRmMemoryDisp32, reg, base, noIndex, 0);
+                m_buffer.putIntUnchecked(offset);
+            } else {
+                putModRm(ModRmMemoryDisp32, reg, base);
+                m_buffer.putIntUnchecked(offset);
+            }
+        }
+    
+        void memoryModRM(int reg, RegisterID base, RegisterID index, int scale, int offset)
+        {
+            ASSERT(index != noIndex);
+
+#if PLATFORM(X86_64)
+            if (!offset && (base != noBase) && (base != noBase2))
+#else
+            if (!offset && (base != noBase))
+#endif
+                putModRmSib(ModRmMemoryNoDisp, reg, base, index, scale);
+            else if (CAN_SIGN_EXTEND_8_32(offset)) {
+                putModRmSib(ModRmMemoryDisp8, reg, base, index, scale);
+                m_buffer.putByteUnchecked(offset);
+            } else {
+                putModRmSib(ModRmMemoryDisp32, reg, base, index, scale);
+                m_buffer.putIntUnchecked(offset);
+            }
+        }
+
+#if !PLATFORM(X86_64)
+        void memoryModRM(int reg, void* address)
+        {
+            // noBase + ModRmMemoryNoDisp means noBase + ModRmMemoryDisp32!
+            putModRm(ModRmMemoryNoDisp, reg, noBase);
+            m_buffer.putIntUnchecked(reinterpret_cast<int32_t>(address));
+        }
+#endif
+
+        AssemblerBuffer m_buffer;
+    } m_formatter;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(ASSEMBLER) && PLATFORM(X86)
+
+#endif // X86Assembler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.cpp
new file mode 100644
index 000000000..7e5f6cf69
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.cpp
@@ -0,0 +1,1657 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CodeBlock.h"
+
+#include "JIT.h"
+#include "JSValue.h"
+#include "Interpreter.h"
+#include "JSFunction.h"
+#include "JSStaticScopeObject.h"
+#include "Debugger.h"
+#include "BytecodeGenerator.h"
+#include <stdio.h>
+#include <wtf/StringExtras.h>
+
+#define DUMP_CODE_BLOCK_STATISTICS 0
+
+namespace JSC {
+
+#if !defined(NDEBUG) || ENABLE(OPCODE_SAMPLING)
+
+static UString escapeQuotes(const UString& str)
+{
+    UString result = str;
+    int pos = 0;
+    while ((pos = result.find('\"', pos)) >= 0) {
+        result = result.substr(0, pos) + "\"\\\"\"" + result.substr(pos + 1);
+        pos += 4;
+    }
+    return result;
+}
+
+static UString valueToSourceString(ExecState* exec, JSValue val)
+{
+    if (!val)
+        return "0";
+
+    if (val.isString()) {
+        UString result("\"");
+        result += escapeQuotes(val.toString(exec)) + "\"";
+        return result;
+    } 
+
+    return val.toString(exec);
+}
+
+static CString registerName(int r)
+{
+    if (r == missingThisObjectMarker())
+        return "<null>";
+
+    return (UString("r") + UString::from(r)).UTF8String();
+}
+
+static CString constantName(ExecState* exec, int k, JSValue value)
+{
+    return (valueToSourceString(exec, value) + "(@k" + UString::from(k) + ")").UTF8String();
+}
+
+static CString idName(int id0, const Identifier& ident)
+{
+    return (ident.ustring() + "(@id" + UString::from(id0) +")").UTF8String();
+}
+
+static UString regexpToSourceString(RegExp* regExp)
+{
+    UString pattern = UString("/") + regExp->pattern() + "/";
+    if (regExp->global())
+        pattern += "g";
+    if (regExp->ignoreCase())
+        pattern += "i";
+    if (regExp->multiline())
+        pattern += "m";
+
+    return pattern;
+}
+
+static CString regexpName(int re, RegExp* regexp)
+{
+    return (regexpToSourceString(regexp) + "(@re" + UString::from(re) + ")").UTF8String();
+}
+
+static UString pointerToSourceString(void* p)
+{
+    char buffer[2 + 2 * sizeof(void*) + 1]; // 0x [two characters per byte] \0
+    snprintf(buffer, sizeof(buffer), "%p", p);
+    return buffer;
+}
+
+NEVER_INLINE static const char* debugHookName(int debugHookID)
+{
+    switch (static_cast<DebugHookID>(debugHookID)) {
+        case DidEnterCallFrame:
+            return "didEnterCallFrame";
+        case WillLeaveCallFrame:
+            return "willLeaveCallFrame";
+        case WillExecuteStatement:
+            return "willExecuteStatement";
+        case WillExecuteProgram:
+            return "willExecuteProgram";
+        case DidExecuteProgram:
+            return "didExecuteProgram";
+        case DidReachBreakpoint:
+            return "didReachBreakpoint";
+    }
+
+    ASSERT_NOT_REACHED();
+    return "";
+}
+
+static int locationForOffset(const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator& it, int offset)
+{
+    return it - begin + offset;
+}
+
+static void printUnaryOp(int location, Vector<Instruction>::const_iterator& it, const char* op)
+{
+    int r0 = (++it)->u.operand;
+    int r1 = (++it)->u.operand;
+
+    printf("[%4d] %s\t\t %s, %s\n", location, op, registerName(r0).c_str(), registerName(r1).c_str());
+}
+
+static void printBinaryOp(int location, Vector<Instruction>::const_iterator& it, const char* op)
+{
+    int r0 = (++it)->u.operand;
+    int r1 = (++it)->u.operand;
+    int r2 = (++it)->u.operand;
+    printf("[%4d] %s\t\t %s, %s, %s\n", location, op, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str());
+}
+
+static void printConditionalJump(const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator& it, int location, const char* op)
+{
+    int r0 = (++it)->u.operand;
+    int offset = (++it)->u.operand;
+    printf("[%4d] %s\t\t %s, %d(->%d)\n", location, op, registerName(r0).c_str(), offset, locationForOffset(begin, it, offset));
+}
+
+static void printGetByIdOp(int location, Vector<Instruction>::const_iterator& it, const Vector<Identifier>& m_identifiers, const char* op)
+{
+    int r0 = (++it)->u.operand;
+    int r1 = (++it)->u.operand;
+    int id0 = (++it)->u.operand;
+    printf("[%4d] %s\t %s, %s, %s\n", location, op, registerName(r0).c_str(), registerName(r1).c_str(), idName(id0, m_identifiers[id0]).c_str());
+    it += 4;
+}
+
+static void printPutByIdOp(int location, Vector<Instruction>::const_iterator& it, const Vector<Identifier>& m_identifiers, const char* op)
+{
+    int r0 = (++it)->u.operand;
+    int id0 = (++it)->u.operand;
+    int r1 = (++it)->u.operand;
+    printf("[%4d] %s\t %s, %s, %s\n", location, op, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str(), registerName(r1).c_str());
+    it += 4;
+}
+
+#if ENABLE(JIT)
+static bool isGlobalResolve(OpcodeID opcodeID)
+{
+    return opcodeID == op_resolve_global;
+}
+
+static bool isPropertyAccess(OpcodeID opcodeID)
+{
+    switch (opcodeID) {
+        case op_get_by_id_self:
+        case op_get_by_id_proto:
+        case op_get_by_id_chain:
+        case op_get_by_id_self_list:
+        case op_get_by_id_proto_list:
+        case op_put_by_id_transition:
+        case op_put_by_id_replace:
+        case op_get_by_id:
+        case op_put_by_id:
+        case op_get_by_id_generic:
+        case op_put_by_id_generic:
+        case op_get_array_length:
+        case op_get_string_length:
+            return true;
+        default:
+            return false;
+    }
+}
+
+static unsigned instructionOffsetForNth(ExecState* exec, const Vector<Instruction>& instructions, int nth, bool (*predicate)(OpcodeID))
+{
+    size_t i = 0;
+    while (i < instructions.size()) {
+        OpcodeID currentOpcode = exec->interpreter()->getOpcodeID(instructions[i].u.opcode);
+        if (predicate(currentOpcode)) {
+            if (!--nth)
+                return i;
+        }
+        i += opcodeLengths[currentOpcode];
+    }
+
+    ASSERT_NOT_REACHED();
+    return 0;
+}
+
+static void printGlobalResolveInfo(const GlobalResolveInfo& resolveInfo, unsigned instructionOffset)
+{
+    printf("  [%4d] %s: %s\n", instructionOffset, "resolve_global", pointerToSourceString(resolveInfo.structure).UTF8String().c_str());
+}
+
+static void printStructureStubInfo(const StructureStubInfo& stubInfo, unsigned instructionOffset)
+{
+    switch (stubInfo.accessType) {
+    case access_get_by_id_self:
+        printf("  [%4d] %s: %s\n", instructionOffset, "get_by_id_self", pointerToSourceString(stubInfo.u.getByIdSelf.baseObjectStructure).UTF8String().c_str());
+        return;
+    case access_get_by_id_proto:
+        printf("  [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_proto", pointerToSourceString(stubInfo.u.getByIdProto.baseObjectStructure).UTF8String().c_str(), pointerToSourceString(stubInfo.u.getByIdProto.prototypeStructure).UTF8String().c_str());
+        return;
+    case access_get_by_id_chain:
+        printf("  [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_chain", pointerToSourceString(stubInfo.u.getByIdChain.baseObjectStructure).UTF8String().c_str(), pointerToSourceString(stubInfo.u.getByIdChain.chain).UTF8String().c_str());
+        return;
+    case access_get_by_id_self_list:
+        printf("  [%4d] %s: %s (%d)\n", instructionOffset, "op_get_by_id_self_list", pointerToSourceString(stubInfo.u.getByIdSelfList.structureList).UTF8String().c_str(), stubInfo.u.getByIdSelfList.listSize);
+        return;
+    case access_get_by_id_proto_list:
+        printf("  [%4d] %s: %s (%d)\n", instructionOffset, "op_get_by_id_proto_list", pointerToSourceString(stubInfo.u.getByIdProtoList.structureList).UTF8String().c_str(), stubInfo.u.getByIdProtoList.listSize);
+        return;
+    case access_put_by_id_transition:
+        printf("  [%4d] %s: %s, %s, %s\n", instructionOffset, "put_by_id_transition", pointerToSourceString(stubInfo.u.putByIdTransition.previousStructure).UTF8String().c_str(), pointerToSourceString(stubInfo.u.putByIdTransition.structure).UTF8String().c_str(), pointerToSourceString(stubInfo.u.putByIdTransition.chain).UTF8String().c_str());
+        return;
+    case access_put_by_id_replace:
+        printf("  [%4d] %s: %s\n", instructionOffset, "put_by_id_replace", pointerToSourceString(stubInfo.u.putByIdReplace.baseObjectStructure).UTF8String().c_str());
+        return;
+    case access_get_by_id:
+        printf("  [%4d] %s\n", instructionOffset, "get_by_id");
+        return;
+    case access_put_by_id:
+        printf("  [%4d] %s\n", instructionOffset, "put_by_id");
+        return;
+    case access_get_by_id_generic:
+        printf("  [%4d] %s\n", instructionOffset, "op_get_by_id_generic");
+        return;
+    case access_put_by_id_generic:
+        printf("  [%4d] %s\n", instructionOffset, "op_put_by_id_generic");
+        return;
+    case access_get_array_length:
+        printf("  [%4d] %s\n", instructionOffset, "op_get_array_length");
+        return;
+    case access_get_string_length:
+        printf("  [%4d] %s\n", instructionOffset, "op_get_string_length");
+        return;
+    default:
+        ASSERT_NOT_REACHED();
+    }
+}
+#endif
+
+void CodeBlock::printStructure(const char* name, const Instruction* vPC, int operand) const
+{
+    unsigned instructionOffset = vPC - m_instructions.begin();
+    printf("  [%4d] %s: %s\n", instructionOffset, name, pointerToSourceString(vPC[operand].u.structure).UTF8String().c_str());
+}
+
+void CodeBlock::printStructures(const Instruction* vPC) const
+{
+    Interpreter* interpreter = m_globalData->interpreter;
+    unsigned instructionOffset = vPC - m_instructions.begin();
+
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id)) {
+        printStructure("get_by_id", vPC, 4);
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self)) {
+        printStructure("get_by_id_self", vPC, 4);
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto)) {
+        printf("  [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_proto", pointerToSourceString(vPC[4].u.structure).UTF8String().c_str(), pointerToSourceString(vPC[5].u.structure).UTF8String().c_str());
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition)) {
+        printf("  [%4d] %s: %s, %s, %s\n", instructionOffset, "put_by_id_transition", pointerToSourceString(vPC[4].u.structure).UTF8String().c_str(), pointerToSourceString(vPC[5].u.structure).UTF8String().c_str(), pointerToSourceString(vPC[6].u.structureChain).UTF8String().c_str());
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain)) {
+        printf("  [%4d] %s: %s, %s\n", instructionOffset, "get_by_id_chain", pointerToSourceString(vPC[4].u.structure).UTF8String().c_str(), pointerToSourceString(vPC[5].u.structureChain).UTF8String().c_str());
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id)) {
+        printStructure("put_by_id", vPC, 4);
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_replace)) {
+        printStructure("put_by_id_replace", vPC, 4);
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_resolve_global)) {
+        printStructure("resolve_global", vPC, 4);
+        return;
+    }
+
+    // These m_instructions doesn't ref Structures.
+    ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_call) || vPC[0].u.opcode == interpreter->getOpcode(op_call_eval) || vPC[0].u.opcode == interpreter->getOpcode(op_construct));
+}
+
+void CodeBlock::dump(ExecState* exec) const
+{
+    if (m_instructions.isEmpty()) {
+        printf("No instructions available.\n");
+        return;
+    }
+
+    size_t instructionCount = 0;
+
+    for (size_t i = 0; i < m_instructions.size(); i += opcodeLengths[exec->interpreter()->getOpcodeID(m_instructions[i].u.opcode)])
+        ++instructionCount;
+
+    printf("%lu m_instructions; %lu bytes at %p; %d parameter(s); %d callee register(s)\n\n",
+        static_cast<unsigned long>(instructionCount),
+        static_cast<unsigned long>(m_instructions.size() * sizeof(Instruction)),
+        this, m_numParameters, m_numCalleeRegisters);
+
+    Vector<Instruction>::const_iterator begin = m_instructions.begin();
+    Vector<Instruction>::const_iterator end = m_instructions.end();
+    for (Vector<Instruction>::const_iterator it = begin; it != end; ++it)
+        dump(exec, begin, it);
+
+    if (!m_identifiers.isEmpty()) {
+        printf("\nIdentifiers:\n");
+        size_t i = 0;
+        do {
+            printf("  id%u = %s\n", static_cast<unsigned>(i), m_identifiers[i].ascii());
+            ++i;
+        } while (i != m_identifiers.size());
+    }
+
+    if (!m_constantRegisters.isEmpty()) {
+        printf("\nConstants:\n");
+        unsigned registerIndex = m_numVars;
+        size_t i = 0;
+        do {
+            printf("   r%u = %s\n", registerIndex, valueToSourceString(exec, m_constantRegisters[i].jsValue()).ascii());
+            ++i;
+            ++registerIndex;
+        } while (i < m_constantRegisters.size());
+    }
+
+    if (m_rareData && !m_rareData->m_regexps.isEmpty()) {
+        printf("\nm_regexps:\n");
+        size_t i = 0;
+        do {
+            printf("  re%u = %s\n", static_cast<unsigned>(i), regexpToSourceString(m_rareData->m_regexps[i].get()).ascii());
+            ++i;
+        } while (i < m_rareData->m_regexps.size());
+    }
+
+#if ENABLE(JIT)
+    if (!m_globalResolveInfos.isEmpty() || !m_structureStubInfos.isEmpty())
+        printf("\nStructures:\n");
+
+    if (!m_globalResolveInfos.isEmpty()) {
+        size_t i = 0;
+        do {
+             printGlobalResolveInfo(m_globalResolveInfos[i], instructionOffsetForNth(exec, m_instructions, i + 1, isGlobalResolve));
+             ++i;
+        } while (i < m_globalResolveInfos.size());
+    }
+    if (!m_structureStubInfos.isEmpty()) {
+        size_t i = 0;
+        do {
+            printStructureStubInfo(m_structureStubInfos[i], instructionOffsetForNth(exec, m_instructions, i + 1, isPropertyAccess));
+             ++i;
+        } while (i < m_structureStubInfos.size());
+    }
+#else
+    if (!m_globalResolveInstructions.isEmpty() || !m_propertyAccessInstructions.isEmpty())
+        printf("\nStructures:\n");
+
+    if (!m_globalResolveInstructions.isEmpty()) {
+        size_t i = 0;
+        do {
+             printStructures(&m_instructions[m_globalResolveInstructions[i]]);
+             ++i;
+        } while (i < m_globalResolveInstructions.size());
+    }
+    if (!m_propertyAccessInstructions.isEmpty()) {
+        size_t i = 0;
+        do {
+            printStructures(&m_instructions[m_propertyAccessInstructions[i]]);
+             ++i;
+        } while (i < m_propertyAccessInstructions.size());
+    }
+#endif
+
+    if (m_rareData && !m_rareData->m_exceptionHandlers.isEmpty()) {
+        printf("\nException Handlers:\n");
+        unsigned i = 0;
+        do {
+            printf("\t %d: { start: [%4d] end: [%4d] target: [%4d] }\n", i + 1, m_rareData->m_exceptionHandlers[i].start, m_rareData->m_exceptionHandlers[i].end, m_rareData->m_exceptionHandlers[i].target);
+            ++i;
+        } while (i < m_rareData->m_exceptionHandlers.size());
+    }
+    
+    if (m_rareData && !m_rareData->m_immediateSwitchJumpTables.isEmpty()) {
+        printf("Immediate Switch Jump Tables:\n");
+        unsigned i = 0;
+        do {
+            printf("  %1d = {\n", i);
+            int entry = 0;
+            Vector<int32_t>::const_iterator end = m_rareData->m_immediateSwitchJumpTables[i].branchOffsets.end();
+            for (Vector<int32_t>::const_iterator iter = m_rareData->m_immediateSwitchJumpTables[i].branchOffsets.begin(); iter != end; ++iter, ++entry) {
+                if (!*iter)
+                    continue;
+                printf("\t\t%4d => %04d\n", entry + m_rareData->m_immediateSwitchJumpTables[i].min, *iter);
+            }
+            printf("      }\n");
+            ++i;
+        } while (i < m_rareData->m_immediateSwitchJumpTables.size());
+    }
+    
+    if (m_rareData && !m_rareData->m_characterSwitchJumpTables.isEmpty()) {
+        printf("\nCharacter Switch Jump Tables:\n");
+        unsigned i = 0;
+        do {
+            printf("  %1d = {\n", i);
+            int entry = 0;
+            Vector<int32_t>::const_iterator end = m_rareData->m_characterSwitchJumpTables[i].branchOffsets.end();
+            for (Vector<int32_t>::const_iterator iter = m_rareData->m_characterSwitchJumpTables[i].branchOffsets.begin(); iter != end; ++iter, ++entry) {
+                if (!*iter)
+                    continue;
+                ASSERT(!((i + m_rareData->m_characterSwitchJumpTables[i].min) & ~0xFFFF));
+                UChar ch = static_cast<UChar>(entry + m_rareData->m_characterSwitchJumpTables[i].min);
+                printf("\t\t\"%s\" => %04d\n", UString(&ch, 1).ascii(), *iter);
+        }
+            printf("      }\n");
+            ++i;
+        } while (i < m_rareData->m_characterSwitchJumpTables.size());
+    }
+    
+    if (m_rareData && !m_rareData->m_stringSwitchJumpTables.isEmpty()) {
+        printf("\nString Switch Jump Tables:\n");
+        unsigned i = 0;
+        do {
+            printf("  %1d = {\n", i);
+            StringJumpTable::StringOffsetTable::const_iterator end = m_rareData->m_stringSwitchJumpTables[i].offsetTable.end();
+            for (StringJumpTable::StringOffsetTable::const_iterator iter = m_rareData->m_stringSwitchJumpTables[i].offsetTable.begin(); iter != end; ++iter)
+                printf("\t\t\"%s\" => %04d\n", UString(iter->first).ascii(), iter->second.branchOffset);
+            printf("      }\n");
+            ++i;
+        } while (i < m_rareData->m_stringSwitchJumpTables.size());
+    }
+
+    printf("\n");
+}
+
+void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator& it) const
+{
+    int location = it - begin;
+    switch (exec->interpreter()->getOpcodeID(it->u.opcode)) {
+        case op_enter: {
+            printf("[%4d] enter\n", location);
+            break;
+        }
+        case op_enter_with_activation: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] enter_with_activation %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_create_arguments: {
+            printf("[%4d] create_arguments\n", location);
+            break;
+        }
+        case op_init_arguments: {
+            printf("[%4d] init_arguments\n", location);
+            break;
+        }
+        case op_convert_this: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] convert_this %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_new_object: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] new_object\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_new_array: {
+            int dst = (++it)->u.operand;
+            int argv = (++it)->u.operand;
+            int argc = (++it)->u.operand;
+            printf("[%4d] new_array\t %s, %s, %d\n", location, registerName(dst).c_str(), registerName(argv).c_str(), argc);
+            break;
+        }
+        case op_new_regexp: {
+            int r0 = (++it)->u.operand;
+            int re0 = (++it)->u.operand;
+            printf("[%4d] new_regexp\t %s, %s\n", location, registerName(r0).c_str(), regexpName(re0, regexp(re0)).c_str());
+            break;
+        }
+        case op_mov: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] mov\t\t %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_not: {
+            printUnaryOp(location, it, "not");
+            break;
+        }
+        case op_eq: {
+            printBinaryOp(location, it, "eq");
+            break;
+        }
+        case op_eq_null: {
+            printUnaryOp(location, it, "eq_null");
+            break;
+        }
+        case op_neq: {
+            printBinaryOp(location, it, "neq");
+            break;
+        }
+        case op_neq_null: {
+            printUnaryOp(location, it, "neq_null");
+            break;
+        }
+        case op_stricteq: {
+            printBinaryOp(location, it, "stricteq");
+            break;
+        }
+        case op_nstricteq: {
+            printBinaryOp(location, it, "nstricteq");
+            break;
+        }
+        case op_less: {
+            printBinaryOp(location, it, "less");
+            break;
+        }
+        case op_lesseq: {
+            printBinaryOp(location, it, "lesseq");
+            break;
+        }
+        case op_pre_inc: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] pre_inc\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_pre_dec: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] pre_dec\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_post_inc: {
+            printUnaryOp(location, it, "post_inc");
+            break;
+        }
+        case op_post_dec: {
+            printUnaryOp(location, it, "post_dec");
+            break;
+        }
+        case op_to_jsnumber: {
+            printUnaryOp(location, it, "to_jsnumber");
+            break;
+        }
+        case op_negate: {
+            printUnaryOp(location, it, "negate");
+            break;
+        }
+        case op_add: {
+            printBinaryOp(location, it, "add");
+            ++it;
+            break;
+        }
+        case op_mul: {
+            printBinaryOp(location, it, "mul");
+            ++it;
+            break;
+        }
+        case op_div: {
+            printBinaryOp(location, it, "div");
+            ++it;
+            break;
+        }
+        case op_mod: {
+            printBinaryOp(location, it, "mod");
+            break;
+        }
+        case op_sub: {
+            printBinaryOp(location, it, "sub");
+            ++it;
+            break;
+        }
+        case op_lshift: {
+            printBinaryOp(location, it, "lshift");
+            break;            
+        }
+        case op_rshift: {
+            printBinaryOp(location, it, "rshift");
+            break;
+        }
+        case op_urshift: {
+            printBinaryOp(location, it, "urshift");
+            break;
+        }
+        case op_bitand: {
+            printBinaryOp(location, it, "bitand");
+            ++it;
+            break;
+        }
+        case op_bitxor: {
+            printBinaryOp(location, it, "bitxor");
+            ++it;
+            break;
+        }
+        case op_bitor: {
+            printBinaryOp(location, it, "bitor");
+            ++it;
+            break;
+        }
+        case op_bitnot: {
+            printUnaryOp(location, it, "bitnot");
+            break;
+        }
+        case op_instanceof: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            int r3 = (++it)->u.operand;
+            printf("[%4d] instanceof\t\t %s, %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str(), registerName(r3).c_str());
+            break;
+        }
+        case op_typeof: {
+            printUnaryOp(location, it, "typeof");
+            break;
+        }
+        case op_is_undefined: {
+            printUnaryOp(location, it, "is_undefined");
+            break;
+        }
+        case op_is_boolean: {
+            printUnaryOp(location, it, "is_boolean");
+            break;
+        }
+        case op_is_number: {
+            printUnaryOp(location, it, "is_number");
+            break;
+        }
+        case op_is_string: {
+            printUnaryOp(location, it, "is_string");
+            break;
+        }
+        case op_is_object: {
+            printUnaryOp(location, it, "is_object");
+            break;
+        }
+        case op_is_function: {
+            printUnaryOp(location, it, "is_function");
+            break;
+        }
+        case op_in: {
+            printBinaryOp(location, it, "in");
+            break;
+        }
+        case op_resolve: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            printf("[%4d] resolve\t\t %s, %s\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str());
+            break;
+        }
+        case op_resolve_skip: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            int skipLevels = (++it)->u.operand;
+            printf("[%4d] resolve_skip\t %s, %s, %d\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str(), skipLevels);
+            break;
+        }
+        case op_resolve_global: {
+            int r0 = (++it)->u.operand;
+            JSValue scope = JSValue((++it)->u.jsCell);
+            int id0 = (++it)->u.operand;
+            printf("[%4d] resolve_global\t %s, %s, %s\n", location, registerName(r0).c_str(), valueToSourceString(exec, scope).ascii(), idName(id0, m_identifiers[id0]).c_str());
+            it += 2;
+            break;
+        }
+        case op_get_scoped_var: {
+            int r0 = (++it)->u.operand;
+            int index = (++it)->u.operand;
+            int skipLevels = (++it)->u.operand;
+            printf("[%4d] get_scoped_var\t %s, %d, %d\n", location, registerName(r0).c_str(), index, skipLevels);
+            break;
+        }
+        case op_put_scoped_var: {
+            int index = (++it)->u.operand;
+            int skipLevels = (++it)->u.operand;
+            int r0 = (++it)->u.operand;
+            printf("[%4d] put_scoped_var\t %d, %d, %s\n", location, index, skipLevels, registerName(r0).c_str());
+            break;
+        }
+        case op_get_global_var: {
+            int r0 = (++it)->u.operand;
+            JSValue scope = JSValue((++it)->u.jsCell);
+            int index = (++it)->u.operand;
+            printf("[%4d] get_global_var\t %s, %s, %d\n", location, registerName(r0).c_str(), valueToSourceString(exec, scope).ascii(), index);
+            break;
+        }
+        case op_put_global_var: {
+            JSValue scope = JSValue((++it)->u.jsCell);
+            int index = (++it)->u.operand;
+            int r0 = (++it)->u.operand;
+            printf("[%4d] put_global_var\t %s, %d, %s\n", location, valueToSourceString(exec, scope).ascii(), index, registerName(r0).c_str());
+            break;
+        }
+        case op_resolve_base: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            printf("[%4d] resolve_base\t %s, %s\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str());
+            break;
+        }
+        case op_resolve_with_base: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            printf("[%4d] resolve_with_base %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), idName(id0, m_identifiers[id0]).c_str());
+            break;
+        }
+        case op_get_by_id: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id");
+            break;
+        }
+        case op_get_by_id_self: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id_self");
+            break;
+        }
+        case op_get_by_id_self_list: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id_self_list");
+            break;
+        }
+        case op_get_by_id_proto: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id_proto");
+            break;
+        }
+        case op_get_by_id_proto_list: {
+            printGetByIdOp(location, it, m_identifiers, "op_get_by_id_proto_list");
+            break;
+        }
+        case op_get_by_id_chain: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id_chain");
+            break;
+        }
+        case op_get_by_id_generic: {
+            printGetByIdOp(location, it, m_identifiers, "get_by_id_generic");
+            break;
+        }
+        case op_get_array_length: {
+            printGetByIdOp(location, it, m_identifiers, "get_array_length");
+            break;
+        }
+        case op_get_string_length: {
+            printGetByIdOp(location, it, m_identifiers, "get_string_length");
+            break;
+        }
+        case op_put_by_id: {
+            printPutByIdOp(location, it, m_identifiers, "put_by_id");
+            break;
+        }
+        case op_put_by_id_replace: {
+            printPutByIdOp(location, it, m_identifiers, "put_by_id_replace");
+            break;
+        }
+        case op_put_by_id_transition: {
+            printPutByIdOp(location, it, m_identifiers, "put_by_id_transition");
+            break;
+        }
+        case op_put_by_id_generic: {
+            printPutByIdOp(location, it, m_identifiers, "put_by_id_generic");
+            break;
+        }
+        case op_put_getter: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] put_getter\t %s, %s, %s\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_put_setter: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] put_setter\t %s, %s, %s\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_method_check: {
+            printf("[%4d] op_method_check\n", location);
+            break;
+        }
+        case op_del_by_id: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            printf("[%4d] del_by_id\t %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), idName(id0, m_identifiers[id0]).c_str());
+            break;
+        }
+        case op_get_by_val: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            printf("[%4d] get_by_val\t %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str());
+            break;
+        }
+        case op_put_by_val: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            printf("[%4d] put_by_val\t %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str());
+            break;
+        }
+        case op_del_by_val: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int r2 = (++it)->u.operand;
+            printf("[%4d] del_by_val\t %s, %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str(), registerName(r2).c_str());
+            break;
+        }
+        case op_put_by_index: {
+            int r0 = (++it)->u.operand;
+            unsigned n0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] put_by_index\t %s, %u, %s\n", location, registerName(r0).c_str(), n0, registerName(r1).c_str());
+            break;
+        }
+        case op_jmp: {
+            int offset = (++it)->u.operand;
+            printf("[%4d] jmp\t\t %d(->%d)\n", location, offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_loop: {
+            int offset = (++it)->u.operand;
+            printf("[%4d] loop\t\t %d(->%d)\n", location, offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_jtrue: {
+            printConditionalJump(begin, it, location, "jtrue");
+            break;
+        }
+        case op_loop_if_true: {
+            printConditionalJump(begin, it, location, "loop_if_true");
+            break;
+        }
+        case op_jfalse: {
+            printConditionalJump(begin, it, location, "jfalse");
+            break;
+        }
+        case op_jeq_null: {
+            printConditionalJump(begin, it, location, "jeq_null");
+            break;
+        }
+        case op_jneq_null: {
+            printConditionalJump(begin, it, location, "jneq_null");
+            break;
+        }
+        case op_jneq_ptr: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] jneq_ptr\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_jnless: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] jnless\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_jnlesseq: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] jnlesseq\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_loop_if_less: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] loop_if_less\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_loop_if_lesseq: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] loop_if_lesseq\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_switch_imm: {
+            int tableIndex = (++it)->u.operand;
+            int defaultTarget = (++it)->u.operand;
+            int scrutineeRegister = (++it)->u.operand;
+            printf("[%4d] switch_imm\t %d, %d(->%d), %s\n", location, tableIndex, defaultTarget, locationForOffset(begin, it, defaultTarget), registerName(scrutineeRegister).c_str());
+            break;
+        }
+        case op_switch_char: {
+            int tableIndex = (++it)->u.operand;
+            int defaultTarget = (++it)->u.operand;
+            int scrutineeRegister = (++it)->u.operand;
+            printf("[%4d] switch_char\t %d, %d(->%d), %s\n", location, tableIndex, defaultTarget, locationForOffset(begin, it, defaultTarget), registerName(scrutineeRegister).c_str());
+            break;
+        }
+        case op_switch_string: {
+            int tableIndex = (++it)->u.operand;
+            int defaultTarget = (++it)->u.operand;
+            int scrutineeRegister = (++it)->u.operand;
+            printf("[%4d] switch_string\t %d, %d(->%d), %s\n", location, tableIndex, defaultTarget, locationForOffset(begin, it, defaultTarget), registerName(scrutineeRegister).c_str());
+            break;
+        }
+        case op_new_func: {
+            int r0 = (++it)->u.operand;
+            int f0 = (++it)->u.operand;
+            printf("[%4d] new_func\t\t %s, f%d\n", location, registerName(r0).c_str(), f0);
+            break;
+        }
+        case op_new_func_exp: {
+            int r0 = (++it)->u.operand;
+            int f0 = (++it)->u.operand;
+            printf("[%4d] new_func_exp\t %s, f%d\n", location, registerName(r0).c_str(), f0);
+            break;
+        }
+        case op_call: {
+            int dst = (++it)->u.operand;
+            int func = (++it)->u.operand;
+            int argCount = (++it)->u.operand;
+            int registerOffset = (++it)->u.operand;
+            printf("[%4d] call\t\t %s, %s, %d, %d\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset);
+            break;
+        }
+        case op_call_eval: {
+            int dst = (++it)->u.operand;
+            int func = (++it)->u.operand;
+            int argCount = (++it)->u.operand;
+            int registerOffset = (++it)->u.operand;
+            printf("[%4d] call_eval\t %s, %s, %d, %d\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset);
+            break;
+        }
+        case op_call_varargs: {
+            int dst = (++it)->u.operand;
+            int func = (++it)->u.operand;
+            int argCount = (++it)->u.operand;
+            int registerOffset = (++it)->u.operand;
+            printf("[%4d] call_varargs\t %s, %s, %s, %d\n", location, registerName(dst).c_str(), registerName(func).c_str(), registerName(argCount).c_str(), registerOffset);
+            break;
+        }
+        case op_load_varargs: {
+            printUnaryOp(location, it, "load_varargs");
+            break;
+        }
+        case op_tear_off_activation: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] tear_off_activation\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_tear_off_arguments: {
+            printf("[%4d] tear_off_arguments\n", location);
+            break;
+        }
+        case op_ret: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] ret\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_construct: {
+            int dst = (++it)->u.operand;
+            int func = (++it)->u.operand;
+            int argCount = (++it)->u.operand;
+            int registerOffset = (++it)->u.operand;
+            int proto = (++it)->u.operand;
+            int thisRegister = (++it)->u.operand;
+            printf("[%4d] construct\t %s, %s, %d, %d, %s, %s\n", location, registerName(dst).c_str(), registerName(func).c_str(), argCount, registerOffset, registerName(proto).c_str(), registerName(thisRegister).c_str());
+            break;
+        }
+        case op_construct_verify: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] construct_verify\t %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_strcat: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            int count = (++it)->u.operand;
+            printf("[%4d] op_strcat\t %s, %s, %d\n", location, registerName(r0).c_str(), registerName(r1).c_str(), count);
+            break;
+        }
+        case op_to_primitive: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] op_to_primitive\t %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_get_pnames: {
+            int r0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] get_pnames\t %s, %s\n", location, registerName(r0).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_next_pname: {
+            int dest = (++it)->u.operand;
+            int iter = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] next_pname\t %s, %s, %d(->%d)\n", location, registerName(dest).c_str(), registerName(iter).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_push_scope: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] push_scope\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_pop_scope: {
+            printf("[%4d] pop_scope\n", location);
+            break;
+        }
+        case op_push_new_scope: {
+            int r0 = (++it)->u.operand;
+            int id0 = (++it)->u.operand;
+            int r1 = (++it)->u.operand;
+            printf("[%4d] push_new_scope \t%s, %s, %s\n", location, registerName(r0).c_str(), idName(id0, m_identifiers[id0]).c_str(), registerName(r1).c_str());
+            break;
+        }
+        case op_jmp_scopes: {
+            int scopeDelta = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] jmp_scopes\t^%d, %d(->%d)\n", location, scopeDelta, offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_catch: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] catch\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_throw: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] throw\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+        case op_new_error: {
+            int r0 = (++it)->u.operand;
+            int errorType = (++it)->u.operand;
+            int k0 = (++it)->u.operand;
+            printf("[%4d] new_error\t %s, %d, %s\n", location, registerName(r0).c_str(), errorType, constantName(exec, k0, getConstant(k0)).c_str());
+            break;
+        }
+        case op_jsr: {
+            int retAddrDst = (++it)->u.operand;
+            int offset = (++it)->u.operand;
+            printf("[%4d] jsr\t\t %s, %d(->%d)\n", location, registerName(retAddrDst).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_sret: {
+            int retAddrSrc = (++it)->u.operand;
+            printf("[%4d] sret\t\t %s\n", location, registerName(retAddrSrc).c_str());
+            break;
+        }
+        case op_debug: {
+            int debugHookID = (++it)->u.operand;
+            int firstLine = (++it)->u.operand;
+            int lastLine = (++it)->u.operand;
+            int column = (++it)->u.operand;
+            printf("[%4d] debug\t\t %s, %d, %d, %d\n", location, debugHookName(debugHookID), firstLine, lastLine, column);
+            break;
+        }
+        case op_profile_will_call: {
+            int function = (++it)->u.operand;
+            printf("[%4d] profile_will_call %s\n", location, registerName(function).c_str());
+            break;
+        }
+        case op_profile_did_call: {
+            int function = (++it)->u.operand;
+            printf("[%4d] profile_did_call\t %s\n", location, registerName(function).c_str());
+            break;
+        }
+        case op_end: {
+            int r0 = (++it)->u.operand;
+            printf("[%4d] end\t\t %s\n", location, registerName(r0).c_str());
+            break;
+        }
+    }
+}
+
+#endif // !defined(NDEBUG) || ENABLE(OPCODE_SAMPLING)
+
+#if DUMP_CODE_BLOCK_STATISTICS
+static HashSet<CodeBlock*> liveCodeBlockSet;
+#endif
+
+#define FOR_EACH_MEMBER_VECTOR(macro) \
+    macro(instructions) \
+    macro(globalResolveInfos) \
+    macro(structureStubInfos) \
+    macro(callLinkInfos) \
+    macro(linkedCallerList) \
+    macro(identifiers) \
+    macro(functionExpressions) \
+    macro(constantRegisters)
+
+#define FOR_EACH_MEMBER_VECTOR_RARE_DATA(macro) \
+    macro(regexps) \
+    macro(functions) \
+    macro(exceptionHandlers) \
+    macro(immediateSwitchJumpTables) \
+    macro(characterSwitchJumpTables) \
+    macro(stringSwitchJumpTables) \
+    macro(functionRegisterInfos)
+
+#define FOR_EACH_MEMBER_VECTOR_EXCEPTION_INFO(macro) \
+    macro(expressionInfo) \
+    macro(lineInfo) \
+    macro(getByIdExceptionInfo) \
+    macro(pcVector)
+
+template<typename T>
+static size_t sizeInBytes(const Vector<T>& vector)
+{
+    return vector.capacity() * sizeof(T);
+}
+
+void CodeBlock::dumpStatistics()
+{
+#if DUMP_CODE_BLOCK_STATISTICS
+    #define DEFINE_VARS(name) size_t name##IsNotEmpty = 0; size_t name##TotalSize = 0;
+        FOR_EACH_MEMBER_VECTOR(DEFINE_VARS)
+        FOR_EACH_MEMBER_VECTOR_RARE_DATA(DEFINE_VARS)
+        FOR_EACH_MEMBER_VECTOR_EXCEPTION_INFO(DEFINE_VARS)
+    #undef DEFINE_VARS
+
+    // Non-vector data members
+    size_t evalCodeCacheIsNotEmpty = 0;
+
+    size_t symbolTableIsNotEmpty = 0;
+    size_t symbolTableTotalSize = 0;
+
+    size_t hasExceptionInfo = 0;
+    size_t hasRareData = 0;
+
+    size_t isFunctionCode = 0;
+    size_t isGlobalCode = 0;
+    size_t isEvalCode = 0;
+
+    HashSet<CodeBlock*>::const_iterator end = liveCodeBlockSet.end();
+    for (HashSet<CodeBlock*>::const_iterator it = liveCodeBlockSet.begin(); it != end; ++it) {
+        CodeBlock* codeBlock = *it;
+
+        #define GET_STATS(name) if (!codeBlock->m_##name.isEmpty()) { name##IsNotEmpty++; name##TotalSize += sizeInBytes(codeBlock->m_##name); }
+            FOR_EACH_MEMBER_VECTOR(GET_STATS)
+        #undef GET_STATS
+
+        if (!codeBlock->m_symbolTable.isEmpty()) {
+            symbolTableIsNotEmpty++;
+            symbolTableTotalSize += (codeBlock->m_symbolTable.capacity() * (sizeof(SymbolTable::KeyType) + sizeof(SymbolTable::MappedType)));
+        }
+
+        if (codeBlock->m_exceptionInfo) {
+            hasExceptionInfo++;
+            #define GET_STATS(name) if (!codeBlock->m_exceptionInfo->m_##name.isEmpty()) { name##IsNotEmpty++; name##TotalSize += sizeInBytes(codeBlock->m_exceptionInfo->m_##name); }
+                FOR_EACH_MEMBER_VECTOR_EXCEPTION_INFO(GET_STATS)
+            #undef GET_STATS
+        }
+
+        if (codeBlock->m_rareData) {
+            hasRareData++;
+            #define GET_STATS(name) if (!codeBlock->m_rareData->m_##name.isEmpty()) { name##IsNotEmpty++; name##TotalSize += sizeInBytes(codeBlock->m_rareData->m_##name); }
+                FOR_EACH_MEMBER_VECTOR_RARE_DATA(GET_STATS)
+            #undef GET_STATS
+
+            if (!codeBlock->m_rareData->m_evalCodeCache.isEmpty())
+                evalCodeCacheIsNotEmpty++;
+        }
+
+        switch (codeBlock->codeType()) {
+            case FunctionCode:
+                ++isFunctionCode;
+                break;
+            case GlobalCode:
+                ++isGlobalCode;
+                break;
+            case EvalCode:
+                ++isEvalCode;
+                break;
+        }
+    }
+
+    size_t totalSize = 0;
+
+    #define GET_TOTAL_SIZE(name) totalSize += name##TotalSize;
+        FOR_EACH_MEMBER_VECTOR(GET_TOTAL_SIZE)
+        FOR_EACH_MEMBER_VECTOR_RARE_DATA(GET_TOTAL_SIZE)
+        FOR_EACH_MEMBER_VECTOR_EXCEPTION_INFO(GET_TOTAL_SIZE)
+    #undef GET_TOTAL_SIZE
+
+    totalSize += symbolTableTotalSize;
+    totalSize += (liveCodeBlockSet.size() * sizeof(CodeBlock));
+
+    printf("Number of live CodeBlocks: %d\n", liveCodeBlockSet.size());
+    printf("Size of a single CodeBlock [sizeof(CodeBlock)]: %zu\n", sizeof(CodeBlock));
+    printf("Size of all CodeBlocks: %zu\n", totalSize);
+    printf("Average size of a CodeBlock: %zu\n", totalSize / liveCodeBlockSet.size());
+
+    printf("Number of FunctionCode CodeBlocks: %zu (%.3f%%)\n", isFunctionCode, static_cast<double>(isFunctionCode) * 100.0 / liveCodeBlockSet.size());
+    printf("Number of GlobalCode CodeBlocks: %zu (%.3f%%)\n", isGlobalCode, static_cast<double>(isGlobalCode) * 100.0 / liveCodeBlockSet.size());
+    printf("Number of EvalCode CodeBlocks: %zu (%.3f%%)\n", isEvalCode, static_cast<double>(isEvalCode) * 100.0 / liveCodeBlockSet.size());
+
+    printf("Number of CodeBlocks with exception info: %zu (%.3f%%)\n", hasExceptionInfo, static_cast<double>(hasExceptionInfo) * 100.0 / liveCodeBlockSet.size());
+    printf("Number of CodeBlocks with rare data: %zu (%.3f%%)\n", hasRareData, static_cast<double>(hasRareData) * 100.0 / liveCodeBlockSet.size());
+
+    #define PRINT_STATS(name) printf("Number of CodeBlocks with " #name ": %zu\n", name##IsNotEmpty); printf("Size of all " #name ": %zu\n", name##TotalSize); 
+        FOR_EACH_MEMBER_VECTOR(PRINT_STATS)
+        FOR_EACH_MEMBER_VECTOR_RARE_DATA(PRINT_STATS)
+        FOR_EACH_MEMBER_VECTOR_EXCEPTION_INFO(PRINT_STATS)
+    #undef PRINT_STATS
+
+    printf("Number of CodeBlocks with evalCodeCache: %zu\n", evalCodeCacheIsNotEmpty);
+    printf("Number of CodeBlocks with symbolTable: %zu\n", symbolTableIsNotEmpty);
+
+    printf("Size of all symbolTables: %zu\n", symbolTableTotalSize);
+
+#else
+    printf("Dumping CodeBlock statistics is not enabled.\n");
+#endif
+}
+
+CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, CodeType codeType, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, SymbolTable* symTab)
+    : m_numCalleeRegisters(0)
+    , m_numVars(0)
+    , m_numParameters(0)
+    , m_ownerExecutable(ownerExecutable)
+    , m_globalData(0)
+#ifndef NDEBUG
+    , m_instructionCount(0)
+#endif
+    , m_needsFullScopeChain(ownerExecutable->needsActivation())
+    , m_usesEval(ownerExecutable->usesEval())
+    , m_usesArguments(ownerExecutable->usesArguments())
+    , m_isNumericCompareFunction(false)
+    , m_codeType(codeType)
+    , m_source(sourceProvider)
+    , m_sourceOffset(sourceOffset)
+    , m_symbolTable(symTab)
+    , m_exceptionInfo(new ExceptionInfo)
+{
+    ASSERT(m_source);
+
+#if DUMP_CODE_BLOCK_STATISTICS
+    liveCodeBlockSet.add(this);
+#endif
+}
+
+CodeBlock::~CodeBlock()
+{
+#if !ENABLE(JIT)
+    for (size_t size = m_globalResolveInstructions.size(), i = 0; i < size; ++i)
+        derefStructures(&m_instructions[m_globalResolveInstructions[i]]);
+
+    for (size_t size = m_propertyAccessInstructions.size(), i = 0; i < size; ++i)
+        derefStructures(&m_instructions[m_propertyAccessInstructions[i]]);
+#else
+    for (size_t size = m_globalResolveInfos.size(), i = 0; i < size; ++i) {
+        if (m_globalResolveInfos[i].structure)
+            m_globalResolveInfos[i].structure->deref();
+    }
+
+    for (size_t size = m_structureStubInfos.size(), i = 0; i < size; ++i)
+        m_structureStubInfos[i].deref();
+
+    for (size_t size = m_callLinkInfos.size(), i = 0; i < size; ++i) {
+        CallLinkInfo* callLinkInfo = &m_callLinkInfos[i];
+        if (callLinkInfo->isLinked())
+            callLinkInfo->callee->removeCaller(callLinkInfo);
+    }
+
+    for (size_t size = m_methodCallLinkInfos.size(), i = 0; i < size; ++i) {
+        if (Structure* structure = m_methodCallLinkInfos[i].cachedStructure) {
+            structure->deref();
+            // Both members must be filled at the same time
+            ASSERT(!!m_methodCallLinkInfos[i].cachedPrototypeStructure);
+            m_methodCallLinkInfos[i].cachedPrototypeStructure->deref();
+        }
+    }
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    unlinkCallers();
+#endif
+
+#endif // !ENABLE(JIT)
+
+#if DUMP_CODE_BLOCK_STATISTICS
+    liveCodeBlockSet.remove(this);
+#endif
+}
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+void CodeBlock::unlinkCallers()
+{
+    size_t size = m_linkedCallerList.size();
+    for (size_t i = 0; i < size; ++i) {
+        CallLinkInfo* currentCaller = m_linkedCallerList[i];
+        JIT::unlinkCall(currentCaller);
+        currentCaller->setUnlinked();
+    }
+    m_linkedCallerList.clear();
+}
+#endif
+
+void CodeBlock::derefStructures(Instruction* vPC) const
+{
+    Interpreter* interpreter = m_globalData->interpreter;
+
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self)) {
+        vPC[4].u.structure->deref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto)) {
+        vPC[4].u.structure->deref();
+        vPC[5].u.structure->deref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain)) {
+        vPC[4].u.structure->deref();
+        vPC[5].u.structureChain->deref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition)) {
+        vPC[4].u.structure->deref();
+        vPC[5].u.structure->deref();
+        vPC[6].u.structureChain->deref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_replace)) {
+        vPC[4].u.structure->deref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_resolve_global)) {
+        if(vPC[4].u.structure)
+            vPC[4].u.structure->deref();
+        return;
+    }
+    if ((vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto_list))
+        || (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self_list))) {
+        PolymorphicAccessStructureList* polymorphicStructures = vPC[4].u.polymorphicStructures;
+        polymorphicStructures->derefStructures(vPC[5].u.operand);
+        delete polymorphicStructures;
+        return;
+    }
+
+    // These instructions don't ref their Structures.
+    ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_get_array_length) || vPC[0].u.opcode == interpreter->getOpcode(op_get_string_length));
+}
+
+void CodeBlock::refStructures(Instruction* vPC) const
+{
+    Interpreter* interpreter = m_globalData->interpreter;
+
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_self)) {
+        vPC[4].u.structure->ref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto)) {
+        vPC[4].u.structure->ref();
+        vPC[5].u.structure->ref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain)) {
+        vPC[4].u.structure->ref();
+        vPC[5].u.structureChain->ref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_transition)) {
+        vPC[4].u.structure->ref();
+        vPC[5].u.structure->ref();
+        vPC[6].u.structureChain->ref();
+        return;
+    }
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_replace)) {
+        vPC[4].u.structure->ref();
+        return;
+    }
+    
+    // These instructions don't ref their Structures.
+    ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id) || vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == interpreter->getOpcode(op_put_by_id_generic));
+}
+
+void CodeBlock::markAggregate(MarkStack& markStack)
+{
+    for (size_t i = 0; i < m_constantRegisters.size(); ++i)
+        markStack.append(m_constantRegisters[i].jsValue());
+    for (size_t i = 0; i < m_functionExprs.size(); ++i)
+        m_functionExprs[i]->markAggregate(markStack);
+    for (size_t i = 0; i < m_functionDecls.size(); ++i)
+        m_functionDecls[i]->markAggregate(markStack);
+}
+
+void CodeBlock::reparseForExceptionInfoIfNecessary(CallFrame* callFrame)
+{
+    if (m_exceptionInfo)
+        return;
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    if (m_needsFullScopeChain) {
+        ScopeChain sc(scopeChain);
+        int scopeDelta = sc.localDepth();
+        if (m_codeType == EvalCode)
+            scopeDelta -= static_cast<EvalCodeBlock*>(this)->baseScopeDepth();
+        else if (m_codeType == FunctionCode)
+            scopeDelta++; // Compilation of function code assumes activation is not on the scope chain yet.
+        ASSERT(scopeDelta >= 0);
+        while (scopeDelta--)
+            scopeChain = scopeChain->next;
+    }
+
+    m_exceptionInfo.set(m_ownerExecutable->reparseExceptionInfo(m_globalData, scopeChain, this));
+}
+
+HandlerInfo* CodeBlock::handlerForBytecodeOffset(unsigned bytecodeOffset)
+{
+    ASSERT(bytecodeOffset < m_instructionCount);
+
+    if (!m_rareData)
+        return 0;
+    
+    Vector<HandlerInfo>& exceptionHandlers = m_rareData->m_exceptionHandlers;
+    for (size_t i = 0; i < exceptionHandlers.size(); ++i) {
+        // Handlers are ordered innermost first, so the first handler we encounter
+        // that contains the source address is the correct handler to use.
+        if (exceptionHandlers[i].start <= bytecodeOffset && exceptionHandlers[i].end >= bytecodeOffset)
+            return &exceptionHandlers[i];
+    }
+
+    return 0;
+}
+
+int CodeBlock::lineNumberForBytecodeOffset(CallFrame* callFrame, unsigned bytecodeOffset)
+{
+    ASSERT(bytecodeOffset < m_instructionCount);
+
+    reparseForExceptionInfoIfNecessary(callFrame);
+    ASSERT(m_exceptionInfo);
+
+    if (!m_exceptionInfo->m_lineInfo.size())
+        return m_ownerExecutable->source().firstLine(); // Empty function
+
+    int low = 0;
+    int high = m_exceptionInfo->m_lineInfo.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_exceptionInfo->m_lineInfo[mid].instructionOffset <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+    
+    if (!low)
+        return m_ownerExecutable->source().firstLine();
+    return m_exceptionInfo->m_lineInfo[low - 1].lineNumber;
+}
+
+int CodeBlock::expressionRangeForBytecodeOffset(CallFrame* callFrame, unsigned bytecodeOffset, int& divot, int& startOffset, int& endOffset)
+{
+    ASSERT(bytecodeOffset < m_instructionCount);
+
+    reparseForExceptionInfoIfNecessary(callFrame);
+    ASSERT(m_exceptionInfo);
+
+    if (!m_exceptionInfo->m_expressionInfo.size()) {
+        // We didn't think anything could throw.  Apparently we were wrong.
+        startOffset = 0;
+        endOffset = 0;
+        divot = 0;
+        return lineNumberForBytecodeOffset(callFrame, bytecodeOffset);
+    }
+
+    int low = 0;
+    int high = m_exceptionInfo->m_expressionInfo.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_exceptionInfo->m_expressionInfo[mid].instructionOffset <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+    
+    ASSERT(low);
+    if (!low) {
+        startOffset = 0;
+        endOffset = 0;
+        divot = 0;
+        return lineNumberForBytecodeOffset(callFrame, bytecodeOffset);
+    }
+
+    startOffset = m_exceptionInfo->m_expressionInfo[low - 1].startOffset;
+    endOffset = m_exceptionInfo->m_expressionInfo[low - 1].endOffset;
+    divot = m_exceptionInfo->m_expressionInfo[low - 1].divotPoint + m_sourceOffset;
+    return lineNumberForBytecodeOffset(callFrame, bytecodeOffset);
+}
+
+bool CodeBlock::getByIdExceptionInfoForBytecodeOffset(CallFrame* callFrame, unsigned bytecodeOffset, OpcodeID& opcodeID)
+{
+    ASSERT(bytecodeOffset < m_instructionCount);
+
+    reparseForExceptionInfoIfNecessary(callFrame);
+    ASSERT(m_exceptionInfo);        
+
+    if (!m_exceptionInfo->m_getByIdExceptionInfo.size())
+        return false;
+
+    int low = 0;
+    int high = m_exceptionInfo->m_getByIdExceptionInfo.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_exceptionInfo->m_getByIdExceptionInfo[mid].bytecodeOffset <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+
+    if (!low || m_exceptionInfo->m_getByIdExceptionInfo[low - 1].bytecodeOffset != bytecodeOffset)
+        return false;
+
+    opcodeID = m_exceptionInfo->m_getByIdExceptionInfo[low - 1].isOpConstruct ? op_construct : op_instanceof;
+    return true;
+}
+
+#if ENABLE(JIT)
+bool CodeBlock::functionRegisterForBytecodeOffset(unsigned bytecodeOffset, int& functionRegisterIndex)
+{
+    ASSERT(bytecodeOffset < m_instructionCount);
+
+    if (!m_rareData || !m_rareData->m_functionRegisterInfos.size())
+        return false;
+
+    int low = 0;
+    int high = m_rareData->m_functionRegisterInfos.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_rareData->m_functionRegisterInfos[mid].bytecodeOffset <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+
+    if (!low || m_rareData->m_functionRegisterInfos[low - 1].bytecodeOffset != bytecodeOffset)
+        return false;
+
+    functionRegisterIndex = m_rareData->m_functionRegisterInfos[low - 1].functionRegisterIndex;
+    return true;
+}
+#endif
+
+#if !ENABLE(JIT)
+bool CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset(unsigned bytecodeOffset)
+{
+    if (m_globalResolveInstructions.isEmpty())
+        return false;
+
+    int low = 0;
+    int high = m_globalResolveInstructions.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_globalResolveInstructions[mid] <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+
+    if (!low || m_globalResolveInstructions[low - 1] != bytecodeOffset)
+        return false;
+    return true;
+}
+#else
+bool CodeBlock::hasGlobalResolveInfoAtBytecodeOffset(unsigned bytecodeOffset)
+{
+    if (m_globalResolveInfos.isEmpty())
+        return false;
+
+    int low = 0;
+    int high = m_globalResolveInfos.size();
+    while (low < high) {
+        int mid = low + (high - low) / 2;
+        if (m_globalResolveInfos[mid].bytecodeOffset <= bytecodeOffset)
+            low = mid + 1;
+        else
+            high = mid;
+    }
+
+    if (!low || m_globalResolveInfos[low - 1].bytecodeOffset != bytecodeOffset)
+        return false;
+    return true;
+}
+#endif
+
+void CodeBlock::shrinkToFit()
+{
+    m_instructions.shrinkToFit();
+
+#if !ENABLE(JIT)
+    m_propertyAccessInstructions.shrinkToFit();
+    m_globalResolveInstructions.shrinkToFit();
+#else
+    m_structureStubInfos.shrinkToFit();
+    m_globalResolveInfos.shrinkToFit();
+    m_callLinkInfos.shrinkToFit();
+    m_linkedCallerList.shrinkToFit();
+#endif
+
+    m_identifiers.shrinkToFit();
+    m_functionDecls.shrinkToFit();
+    m_functionExprs.shrinkToFit();
+    m_constantRegisters.shrinkToFit();
+
+    if (m_exceptionInfo) {
+        m_exceptionInfo->m_expressionInfo.shrinkToFit();
+        m_exceptionInfo->m_lineInfo.shrinkToFit();
+        m_exceptionInfo->m_getByIdExceptionInfo.shrinkToFit();
+    }
+
+    if (m_rareData) {
+        m_rareData->m_exceptionHandlers.shrinkToFit();
+        m_rareData->m_regexps.shrinkToFit();
+        m_rareData->m_immediateSwitchJumpTables.shrinkToFit();
+        m_rareData->m_characterSwitchJumpTables.shrinkToFit();
+        m_rareData->m_stringSwitchJumpTables.shrinkToFit();
+#if ENABLE(JIT)
+        m_rareData->m_functionRegisterInfos.shrinkToFit();
+#endif
+    }
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.h
new file mode 100644
index 000000000..01635401e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/CodeBlock.h
@@ -0,0 +1,640 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CodeBlock_h
+#define CodeBlock_h
+
+#include "EvalCodeCache.h"
+#include "Instruction.h"
+#include "JITCode.h"
+#include "JSGlobalObject.h"
+#include "JumpTable.h"
+#include "Nodes.h"
+#include "PtrAndFlags.h"
+#include "RegExp.h"
+#include "UString.h"
+#include <wtf/FastAllocBase.h>
+#include <wtf/RefPtr.h>
+#include <wtf/Vector.h>
+
+#if ENABLE(JIT)
+#include "StructureStubInfo.h"
+#endif
+
+// Register numbers used in bytecode operations have different meaning accoring to their ranges:
+//      0x80000000-0xFFFFFFFF  Negative indicies from the CallFrame pointer are entries in the call frame, see RegisterFile.h.
+//      0x00000000-0x3FFFFFFF  Forwards indices from the CallFrame pointer are local vars and temporaries with the function's callframe.
+//      0x40000000-0x7FFFFFFF  Positive indices from 0x40000000 specify entries in the constant pool on the CodeBlock.
+static const int FirstConstantRegisterIndex = 0x40000000;
+
+namespace JSC {
+
+    enum HasSeenShouldRepatch {
+        hasSeenShouldRepatch
+    };
+
+    class ExecState;
+
+    enum CodeType { GlobalCode, EvalCode, FunctionCode };
+
+    static ALWAYS_INLINE int missingThisObjectMarker() { return std::numeric_limits<int>::max(); }
+
+    struct HandlerInfo {
+        uint32_t start;
+        uint32_t end;
+        uint32_t target;
+        uint32_t scopeDepth;
+#if ENABLE(JIT)
+        CodeLocationLabel nativeCode;
+#endif
+    };
+
+    struct ExpressionRangeInfo {
+        enum {
+            MaxOffset = (1 << 7) - 1, 
+            MaxDivot = (1 << 25) - 1
+        };
+        uint32_t instructionOffset : 25;
+        uint32_t divotPoint : 25;
+        uint32_t startOffset : 7;
+        uint32_t endOffset : 7;
+    };
+
+    struct LineInfo {
+        uint32_t instructionOffset;
+        int32_t lineNumber;
+    };
+
+    // Both op_construct and op_instanceof require a use of op_get_by_id to get
+    // the prototype property from an object. The exception messages for exceptions
+    // thrown by these instances op_get_by_id need to reflect this.
+    struct GetByIdExceptionInfo {
+        unsigned bytecodeOffset : 31;
+        bool isOpConstruct : 1;
+    };
+
+#if ENABLE(JIT)
+    struct CallLinkInfo {
+        CallLinkInfo()
+            : callee(0)
+        {
+        }
+    
+        unsigned bytecodeIndex;
+        CodeLocationNearCall callReturnLocation;
+        CodeLocationDataLabelPtr hotPathBegin;
+        CodeLocationNearCall hotPathOther;
+        PtrAndFlags<CodeBlock, HasSeenShouldRepatch> ownerCodeBlock;
+        CodeBlock* callee;
+        unsigned position;
+        
+        void setUnlinked() { callee = 0; }
+        bool isLinked() { return callee; }
+
+        bool seenOnce()
+        {
+            return ownerCodeBlock.isFlagSet(hasSeenShouldRepatch);
+        }
+
+        void setSeen()
+        {
+            ownerCodeBlock.setFlag(hasSeenShouldRepatch);
+        }
+    };
+
+    struct MethodCallLinkInfo {
+        MethodCallLinkInfo()
+            : cachedStructure(0)
+        {
+        }
+
+        bool seenOnce()
+        {
+            return cachedPrototypeStructure.isFlagSet(hasSeenShouldRepatch);
+        }
+
+        void setSeen()
+        {
+            cachedPrototypeStructure.setFlag(hasSeenShouldRepatch);
+        }
+
+        CodeLocationCall callReturnLocation;
+        CodeLocationDataLabelPtr structureLabel;
+        Structure* cachedStructure;
+        PtrAndFlags<Structure, HasSeenShouldRepatch> cachedPrototypeStructure;
+    };
+
+    struct FunctionRegisterInfo {
+        FunctionRegisterInfo(unsigned bytecodeOffset, int functionRegisterIndex)
+            : bytecodeOffset(bytecodeOffset)
+            , functionRegisterIndex(functionRegisterIndex)
+        {
+        }
+
+        unsigned bytecodeOffset;
+        int functionRegisterIndex;
+    };
+
+    struct GlobalResolveInfo {
+        GlobalResolveInfo(unsigned bytecodeOffset)
+            : structure(0)
+            , offset(0)
+            , bytecodeOffset(bytecodeOffset)
+        {
+        }
+
+        Structure* structure;
+        unsigned offset;
+        unsigned bytecodeOffset;
+    };
+
+    // This structure is used to map from a call return location
+    // (given as an offset in bytes into the JIT code) back to
+    // the bytecode index of the corresponding bytecode operation.
+    // This is then used to look up the corresponding handler.
+    struct CallReturnOffsetToBytecodeIndex {
+        CallReturnOffsetToBytecodeIndex(unsigned callReturnOffset, unsigned bytecodeIndex)
+            : callReturnOffset(callReturnOffset)
+            , bytecodeIndex(bytecodeIndex)
+        {
+        }
+
+        unsigned callReturnOffset;
+        unsigned bytecodeIndex;
+    };
+
+    // valueAtPosition helpers for the binaryChop algorithm below.
+
+    inline void* getStructureStubInfoReturnLocation(StructureStubInfo* structureStubInfo)
+    {
+        return structureStubInfo->callReturnLocation.executableAddress();
+    }
+
+    inline void* getCallLinkInfoReturnLocation(CallLinkInfo* callLinkInfo)
+    {
+        return callLinkInfo->callReturnLocation.executableAddress();
+    }
+
+    inline void* getMethodCallLinkInfoReturnLocation(MethodCallLinkInfo* methodCallLinkInfo)
+    {
+        return methodCallLinkInfo->callReturnLocation.executableAddress();
+    }
+
+    inline unsigned getCallReturnOffset(CallReturnOffsetToBytecodeIndex* pc)
+    {
+        return pc->callReturnOffset;
+    }
+
+    // Binary chop algorithm, calls valueAtPosition on pre-sorted elements in array,
+    // compares result with key (KeyTypes should be comparable with '--', '<', '>').
+    // Optimized for cases where the array contains the key, checked by assertions.
+    template<typename ArrayType, typename KeyType, KeyType(*valueAtPosition)(ArrayType*)>
+    inline ArrayType* binaryChop(ArrayType* array, size_t size, KeyType key)
+    {
+        // The array must contain at least one element (pre-condition, array does conatin key).
+        // If the array only contains one element, no need to do the comparison.
+        while (size > 1) {
+            // Pick an element to check, half way through the array, and read the value.
+            int pos = (size - 1) >> 1;
+            KeyType val = valueAtPosition(&array[pos]);
+            
+            // If the key matches, success!
+            if (val == key)
+                return &array[pos];
+            // The item we are looking for is smaller than the item being check; reduce the value of 'size',
+            // chopping off the right hand half of the array.
+            else if (key < val)
+                size = pos;
+            // Discard all values in the left hand half of the array, up to and including the item at pos.
+            else {
+                size -= (pos + 1);
+                array += (pos + 1);
+            }
+
+            // 'size' should never reach zero.
+            ASSERT(size);
+        }
+        
+        // If we reach this point we've chopped down to one element, no need to check it matches
+        ASSERT(size == 1);
+        ASSERT(key == valueAtPosition(&array[0]));
+        return &array[0];
+    }
+#endif
+
+    struct ExceptionInfo : FastAllocBase {
+        Vector<ExpressionRangeInfo> m_expressionInfo;
+        Vector<LineInfo> m_lineInfo;
+        Vector<GetByIdExceptionInfo> m_getByIdExceptionInfo;
+
+#if ENABLE(JIT)
+        Vector<CallReturnOffsetToBytecodeIndex> m_callReturnIndexVector;
+#endif
+    };
+
+    class CodeBlock : public FastAllocBase {
+        friend class JIT;
+    protected:
+        CodeBlock(ScriptExecutable* ownerExecutable, CodeType, PassRefPtr<SourceProvider>, unsigned sourceOffset, SymbolTable* symbolTable);
+    public:
+        virtual ~CodeBlock();
+
+        void markAggregate(MarkStack&);
+        void refStructures(Instruction* vPC) const;
+        void derefStructures(Instruction* vPC) const;
+#if ENABLE(JIT_OPTIMIZE_CALL)
+        void unlinkCallers();
+#endif
+
+        static void dumpStatistics();
+
+#if !defined(NDEBUG) || ENABLE_OPCODE_SAMPLING
+        void dump(ExecState*) const;
+        void printStructures(const Instruction*) const;
+        void printStructure(const char* name, const Instruction*, int operand) const;
+#endif
+
+        inline bool isKnownNotImmediate(int index)
+        {
+            if (index == m_thisRegister)
+                return true;
+
+            if (isConstantRegisterIndex(index))
+                return getConstant(index).isCell();
+
+            return false;
+        }
+
+        ALWAYS_INLINE bool isTemporaryRegisterIndex(int index)
+        {
+            return index >= m_numVars;
+        }
+
+        HandlerInfo* handlerForBytecodeOffset(unsigned bytecodeOffset);
+        int lineNumberForBytecodeOffset(CallFrame*, unsigned bytecodeOffset);
+        int expressionRangeForBytecodeOffset(CallFrame*, unsigned bytecodeOffset, int& divot, int& startOffset, int& endOffset);
+        bool getByIdExceptionInfoForBytecodeOffset(CallFrame*, unsigned bytecodeOffset, OpcodeID&);
+
+#if ENABLE(JIT)
+        void addCaller(CallLinkInfo* caller)
+        {
+            caller->callee = this;
+            caller->position = m_linkedCallerList.size();
+            m_linkedCallerList.append(caller);
+        }
+
+        void removeCaller(CallLinkInfo* caller)
+        {
+            unsigned pos = caller->position;
+            unsigned lastPos = m_linkedCallerList.size() - 1;
+
+            if (pos != lastPos) {
+                m_linkedCallerList[pos] = m_linkedCallerList[lastPos];
+                m_linkedCallerList[pos]->position = pos;
+            }
+            m_linkedCallerList.shrink(lastPos);
+        }
+
+        StructureStubInfo& getStubInfo(ReturnAddressPtr returnAddress)
+        {
+            return *(binaryChop<StructureStubInfo, void*, getStructureStubInfoReturnLocation>(m_structureStubInfos.begin(), m_structureStubInfos.size(), returnAddress.value()));
+        }
+
+        CallLinkInfo& getCallLinkInfo(ReturnAddressPtr returnAddress)
+        {
+            return *(binaryChop<CallLinkInfo, void*, getCallLinkInfoReturnLocation>(m_callLinkInfos.begin(), m_callLinkInfos.size(), returnAddress.value()));
+        }
+
+        MethodCallLinkInfo& getMethodCallLinkInfo(ReturnAddressPtr returnAddress)
+        {
+            return *(binaryChop<MethodCallLinkInfo, void*, getMethodCallLinkInfoReturnLocation>(m_methodCallLinkInfos.begin(), m_methodCallLinkInfos.size(), returnAddress.value()));
+        }
+
+        unsigned getBytecodeIndex(CallFrame* callFrame, ReturnAddressPtr returnAddress)
+        {
+            reparseForExceptionInfoIfNecessary(callFrame);
+            return binaryChop<CallReturnOffsetToBytecodeIndex, unsigned, getCallReturnOffset>(callReturnIndexVector().begin(), callReturnIndexVector().size(), ownerExecutable()->generatedJITCode().offsetOf(returnAddress.value()))->bytecodeIndex;
+        }
+        
+        bool functionRegisterForBytecodeOffset(unsigned bytecodeOffset, int& functionRegisterIndex);
+#endif
+
+        void setIsNumericCompareFunction(bool isNumericCompareFunction) { m_isNumericCompareFunction = isNumericCompareFunction; }
+        bool isNumericCompareFunction() { return m_isNumericCompareFunction; }
+
+        Vector<Instruction>& instructions() { return m_instructions; }
+        void discardBytecode() { m_instructions.clear(); }
+
+#ifndef NDEBUG
+        unsigned instructionCount() { return m_instructionCount; }
+        void setInstructionCount(unsigned instructionCount) { m_instructionCount = instructionCount; }
+#endif
+
+#if ENABLE(JIT)
+        JITCode& getJITCode() { return ownerExecutable()->generatedJITCode(); }
+        ExecutablePool* executablePool() { return ownerExecutable()->getExecutablePool(); }
+#endif
+
+        ScriptExecutable* ownerExecutable() const { return m_ownerExecutable; }
+
+        void setGlobalData(JSGlobalData* globalData) { m_globalData = globalData; }
+
+        void setThisRegister(int thisRegister) { m_thisRegister = thisRegister; }
+        int thisRegister() const { return m_thisRegister; }
+
+        void setNeedsFullScopeChain(bool needsFullScopeChain) { m_needsFullScopeChain = needsFullScopeChain; }
+        bool needsFullScopeChain() const { return m_needsFullScopeChain; }
+        void setUsesEval(bool usesEval) { m_usesEval = usesEval; }
+        bool usesEval() const { return m_usesEval; }
+        void setUsesArguments(bool usesArguments) { m_usesArguments = usesArguments; }
+        bool usesArguments() const { return m_usesArguments; }
+
+        CodeType codeType() const { return m_codeType; }
+
+        SourceProvider* source() const { return m_source.get(); }
+        unsigned sourceOffset() const { return m_sourceOffset; }
+
+        size_t numberOfJumpTargets() const { return m_jumpTargets.size(); }
+        void addJumpTarget(unsigned jumpTarget) { m_jumpTargets.append(jumpTarget); }
+        unsigned jumpTarget(int index) const { return m_jumpTargets[index]; }
+        unsigned lastJumpTarget() const { return m_jumpTargets.last(); }
+
+#if !ENABLE(JIT)
+        void addPropertyAccessInstruction(unsigned propertyAccessInstruction) { m_propertyAccessInstructions.append(propertyAccessInstruction); }
+        void addGlobalResolveInstruction(unsigned globalResolveInstruction) { m_globalResolveInstructions.append(globalResolveInstruction); }
+        bool hasGlobalResolveInstructionAtBytecodeOffset(unsigned bytecodeOffset);
+#else
+        size_t numberOfStructureStubInfos() const { return m_structureStubInfos.size(); }
+        void addStructureStubInfo(const StructureStubInfo& stubInfo) { m_structureStubInfos.append(stubInfo); }
+        StructureStubInfo& structureStubInfo(int index) { return m_structureStubInfos[index]; }
+
+        void addGlobalResolveInfo(unsigned globalResolveInstruction) { m_globalResolveInfos.append(GlobalResolveInfo(globalResolveInstruction)); }
+        GlobalResolveInfo& globalResolveInfo(int index) { return m_globalResolveInfos[index]; }
+        bool hasGlobalResolveInfoAtBytecodeOffset(unsigned bytecodeOffset);
+
+        size_t numberOfCallLinkInfos() const { return m_callLinkInfos.size(); }
+        void addCallLinkInfo() { m_callLinkInfos.append(CallLinkInfo()); }
+        CallLinkInfo& callLinkInfo(int index) { return m_callLinkInfos[index]; }
+
+        void addMethodCallLinkInfos(unsigned n) { m_methodCallLinkInfos.grow(n); }
+        MethodCallLinkInfo& methodCallLinkInfo(int index) { return m_methodCallLinkInfos[index]; }
+
+        void addFunctionRegisterInfo(unsigned bytecodeOffset, int functionIndex) { createRareDataIfNecessary(); m_rareData->m_functionRegisterInfos.append(FunctionRegisterInfo(bytecodeOffset, functionIndex)); }
+#endif
+
+        // Exception handling support
+
+        size_t numberOfExceptionHandlers() const { return m_rareData ? m_rareData->m_exceptionHandlers.size() : 0; }
+        void addExceptionHandler(const HandlerInfo& hanler) { createRareDataIfNecessary(); return m_rareData->m_exceptionHandlers.append(hanler); }
+        HandlerInfo& exceptionHandler(int index) { ASSERT(m_rareData); return m_rareData->m_exceptionHandlers[index]; }
+
+        bool hasExceptionInfo() const { return m_exceptionInfo; }
+        void clearExceptionInfo() { m_exceptionInfo.clear(); }
+        ExceptionInfo* extractExceptionInfo() { ASSERT(m_exceptionInfo); return m_exceptionInfo.release(); }
+
+        void addExpressionInfo(const ExpressionRangeInfo& expressionInfo) { ASSERT(m_exceptionInfo); m_exceptionInfo->m_expressionInfo.append(expressionInfo); }
+        void addGetByIdExceptionInfo(const GetByIdExceptionInfo& info) { ASSERT(m_exceptionInfo); m_exceptionInfo->m_getByIdExceptionInfo.append(info); }
+
+        size_t numberOfLineInfos() const { ASSERT(m_exceptionInfo); return m_exceptionInfo->m_lineInfo.size(); }
+        void addLineInfo(const LineInfo& lineInfo) { ASSERT(m_exceptionInfo); m_exceptionInfo->m_lineInfo.append(lineInfo); }
+        LineInfo& lastLineInfo() { ASSERT(m_exceptionInfo); return m_exceptionInfo->m_lineInfo.last(); }
+
+#if ENABLE(JIT)
+        Vector<CallReturnOffsetToBytecodeIndex>& callReturnIndexVector() { ASSERT(m_exceptionInfo); return m_exceptionInfo->m_callReturnIndexVector; }
+#endif
+
+        // Constant Pool
+
+        size_t numberOfIdentifiers() const { return m_identifiers.size(); }
+        void addIdentifier(const Identifier& i) { return m_identifiers.append(i); }
+        Identifier& identifier(int index) { return m_identifiers[index]; }
+
+        size_t numberOfConstantRegisters() const { return m_constantRegisters.size(); }
+        void addConstantRegister(const Register& r) { return m_constantRegisters.append(r); }
+        Register& constantRegister(int index) { return m_constantRegisters[index - FirstConstantRegisterIndex]; }
+        ALWAYS_INLINE bool isConstantRegisterIndex(int index) { return index >= FirstConstantRegisterIndex; }
+        ALWAYS_INLINE JSValue getConstant(int index) const { return m_constantRegisters[index - FirstConstantRegisterIndex].jsValue(); }
+
+        unsigned addFunctionDecl(PassRefPtr<FunctionExecutable> n) { unsigned size = m_functionDecls.size(); m_functionDecls.append(n); return size; }
+        FunctionExecutable* functionDecl(int index) { return m_functionDecls[index].get(); }
+        int numberOfFunctionDecls() { return m_functionDecls.size(); }
+        unsigned addFunctionExpr(PassRefPtr<FunctionExecutable> n) { unsigned size = m_functionExprs.size(); m_functionExprs.append(n); return size; }
+        FunctionExecutable* functionExpr(int index) { return m_functionExprs[index].get(); }
+
+        unsigned addRegExp(RegExp* r) { createRareDataIfNecessary(); unsigned size = m_rareData->m_regexps.size(); m_rareData->m_regexps.append(r); return size; }
+        RegExp* regexp(int index) const { ASSERT(m_rareData); return m_rareData->m_regexps[index].get(); }
+
+
+        // Jump Tables
+
+        size_t numberOfImmediateSwitchJumpTables() const { return m_rareData ? m_rareData->m_immediateSwitchJumpTables.size() : 0; }
+        SimpleJumpTable& addImmediateSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_immediateSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_immediateSwitchJumpTables.last(); }
+        SimpleJumpTable& immediateSwitchJumpTable(int tableIndex) { ASSERT(m_rareData); return m_rareData->m_immediateSwitchJumpTables[tableIndex]; }
+
+        size_t numberOfCharacterSwitchJumpTables() const { return m_rareData ? m_rareData->m_characterSwitchJumpTables.size() : 0; }
+        SimpleJumpTable& addCharacterSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_characterSwitchJumpTables.append(SimpleJumpTable()); return m_rareData->m_characterSwitchJumpTables.last(); }
+        SimpleJumpTable& characterSwitchJumpTable(int tableIndex) { ASSERT(m_rareData); return m_rareData->m_characterSwitchJumpTables[tableIndex]; }
+
+        size_t numberOfStringSwitchJumpTables() const { return m_rareData ? m_rareData->m_stringSwitchJumpTables.size() : 0; }
+        StringJumpTable& addStringSwitchJumpTable() { createRareDataIfNecessary(); m_rareData->m_stringSwitchJumpTables.append(StringJumpTable()); return m_rareData->m_stringSwitchJumpTables.last(); }
+        StringJumpTable& stringSwitchJumpTable(int tableIndex) { ASSERT(m_rareData); return m_rareData->m_stringSwitchJumpTables[tableIndex]; }
+
+
+        SymbolTable* symbolTable() { return m_symbolTable; }
+        SharedSymbolTable* sharedSymbolTable() { ASSERT(m_codeType == FunctionCode); return static_cast<SharedSymbolTable*>(m_symbolTable); }
+
+        EvalCodeCache& evalCodeCache() { createRareDataIfNecessary(); return m_rareData->m_evalCodeCache; }
+
+        void shrinkToFit();
+
+        // FIXME: Make these remaining members private.
+
+        int m_numCalleeRegisters;
+        int m_numVars;
+        int m_numParameters;
+
+    private:
+#if !defined(NDEBUG) || ENABLE(OPCODE_SAMPLING)
+        void dump(ExecState*, const Vector<Instruction>::const_iterator& begin, Vector<Instruction>::const_iterator&) const;
+#endif
+
+        void reparseForExceptionInfoIfNecessary(CallFrame*);
+
+        void createRareDataIfNecessary()
+        {
+            if (!m_rareData)
+                m_rareData.set(new RareData);
+        }
+
+        ScriptExecutable* m_ownerExecutable;
+        JSGlobalData* m_globalData;
+
+        Vector<Instruction> m_instructions;
+#ifndef NDEBUG
+        unsigned m_instructionCount;
+#endif
+
+        int m_thisRegister;
+
+        bool m_needsFullScopeChain;
+        bool m_usesEval;
+        bool m_usesArguments;
+        bool m_isNumericCompareFunction;
+
+        CodeType m_codeType;
+
+        RefPtr<SourceProvider> m_source;
+        unsigned m_sourceOffset;
+
+#if !ENABLE(JIT)
+        Vector<unsigned> m_propertyAccessInstructions;
+        Vector<unsigned> m_globalResolveInstructions;
+#else
+        Vector<StructureStubInfo> m_structureStubInfos;
+        Vector<GlobalResolveInfo> m_globalResolveInfos;
+        Vector<CallLinkInfo> m_callLinkInfos;
+        Vector<MethodCallLinkInfo> m_methodCallLinkInfos;
+        Vector<CallLinkInfo*> m_linkedCallerList;
+#endif
+
+        Vector<unsigned> m_jumpTargets;
+
+        // Constant Pool
+        Vector<Identifier> m_identifiers;
+        Vector<Register> m_constantRegisters;
+        Vector<RefPtr<FunctionExecutable> > m_functionDecls;
+        Vector<RefPtr<FunctionExecutable> > m_functionExprs;
+
+        SymbolTable* m_symbolTable;
+
+        OwnPtr<ExceptionInfo> m_exceptionInfo;
+
+        struct RareData : FastAllocBase {
+            Vector<HandlerInfo> m_exceptionHandlers;
+
+            // Rare Constants
+            Vector<RefPtr<RegExp> > m_regexps;
+
+            // Jump Tables
+            Vector<SimpleJumpTable> m_immediateSwitchJumpTables;
+            Vector<SimpleJumpTable> m_characterSwitchJumpTables;
+            Vector<StringJumpTable> m_stringSwitchJumpTables;
+
+            EvalCodeCache m_evalCodeCache;
+
+#if ENABLE(JIT)
+            Vector<FunctionRegisterInfo> m_functionRegisterInfos;
+#endif
+        };
+        OwnPtr<RareData> m_rareData;
+    };
+
+    // Program code is not marked by any function, so we make the global object
+    // responsible for marking it.
+
+    class GlobalCodeBlock : public CodeBlock {
+    public:
+        GlobalCodeBlock(ScriptExecutable* ownerExecutable, CodeType codeType, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset, JSGlobalObject* globalObject)
+            : CodeBlock(ownerExecutable, codeType, sourceProvider, sourceOffset, &m_unsharedSymbolTable)
+            , m_globalObject(globalObject)
+        {
+            m_globalObject->codeBlocks().add(this);
+        }
+
+        ~GlobalCodeBlock()
+        {
+            if (m_globalObject)
+                m_globalObject->codeBlocks().remove(this);
+        }
+
+        void clearGlobalObject() { m_globalObject = 0; }
+
+    private:
+        JSGlobalObject* m_globalObject; // For program and eval nodes, the global object that marks the constant pool.
+        SymbolTable m_unsharedSymbolTable;
+    };
+
+    class ProgramCodeBlock : public GlobalCodeBlock {
+    public:
+        ProgramCodeBlock(ProgramExecutable* ownerExecutable, CodeType codeType, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider)
+            : GlobalCodeBlock(ownerExecutable, codeType, sourceProvider, 0, globalObject)
+        {
+        }
+    };
+
+    class EvalCodeBlock : public GlobalCodeBlock {
+    public:
+        EvalCodeBlock(EvalExecutable* ownerExecutable, JSGlobalObject* globalObject, PassRefPtr<SourceProvider> sourceProvider, int baseScopeDepth)
+            : GlobalCodeBlock(ownerExecutable, EvalCode, sourceProvider, 0, globalObject)
+            , m_baseScopeDepth(baseScopeDepth)
+        {
+        }
+
+        int baseScopeDepth() const { return m_baseScopeDepth; }
+
+        const Identifier& variable(unsigned index) { return m_variables[index]; }
+        unsigned numVariables() { return m_variables.size(); }
+        void adoptVariables(Vector<Identifier>& variables)
+        {
+            ASSERT(m_variables.isEmpty());
+            m_variables.swap(variables);
+        }
+
+    private:
+        int m_baseScopeDepth;
+        Vector<Identifier> m_variables;
+    };
+
+    class FunctionCodeBlock : public CodeBlock {
+    public:
+        // Rather than using the usual RefCounted::create idiom for SharedSymbolTable we just use new
+        // as we need to initialise the CodeBlock before we could initialise any RefPtr to hold the shared
+        // symbol table, so we just pass as a raw pointer with a ref count of 1.  We then manually deref
+        // in the destructor.
+        FunctionCodeBlock(FunctionExecutable* ownerExecutable, CodeType codeType, PassRefPtr<SourceProvider> sourceProvider, unsigned sourceOffset)
+            : CodeBlock(ownerExecutable, codeType, sourceProvider, sourceOffset, new SharedSymbolTable)
+        {
+        }
+        ~FunctionCodeBlock()
+        {
+            sharedSymbolTable()->deref();
+        }
+    };
+
+    inline Register& ExecState::r(int index)
+    {
+        CodeBlock* codeBlock = this->codeBlock();
+        if (codeBlock->isConstantRegisterIndex(index))
+            return codeBlock->constantRegister(index);
+        return this[index];
+    }
+
+} // namespace JSC
+
+#endif // CodeBlock_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/EvalCodeCache.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/EvalCodeCache.h
new file mode 100644
index 000000000..05834fcbf
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/EvalCodeCache.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef EvalCodeCache_h
+#define EvalCodeCache_h
+
+#include "Executable.h"
+#include "JSGlobalObject.h"
+#include "Nodes.h"
+#include "Parser.h"
+#include "SourceCode.h"
+#include "UString.h"
+#include <wtf/HashMap.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class EvalCodeCache {
+    public:
+        PassRefPtr<EvalExecutable> get(ExecState* exec, const UString& evalSource, ScopeChainNode* scopeChain, JSValue& exceptionValue)
+        {
+            RefPtr<EvalExecutable> evalExecutable;
+
+            if (evalSource.size() < maxCacheableSourceLength && (*scopeChain->begin())->isVariableObject())
+                evalExecutable = m_cacheMap.get(evalSource.rep());
+
+            if (!evalExecutable) {
+                evalExecutable = EvalExecutable::create(exec, makeSource(evalSource));
+                exceptionValue = evalExecutable->compile(exec, scopeChain);
+                if (exceptionValue)
+                    return 0;
+
+                if (evalSource.size() < maxCacheableSourceLength && (*scopeChain->begin())->isVariableObject() && m_cacheMap.size() < maxCacheEntries)
+                    m_cacheMap.set(evalSource.rep(), evalExecutable);
+            }
+
+            return evalExecutable.release();
+        }
+
+        bool isEmpty() const { return m_cacheMap.isEmpty(); }
+
+    private:
+        static const int maxCacheableSourceLength = 256;
+        static const int maxCacheEntries = 64;
+
+        typedef HashMap<RefPtr<UString::Rep>, RefPtr<EvalExecutable> > EvalCacheMap;
+        EvalCacheMap m_cacheMap;
+    };
+
+} // namespace JSC
+
+#endif // EvalCodeCache_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Instruction.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Instruction.h
new file mode 100644
index 000000000..bc2de198d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Instruction.h
@@ -0,0 +1,167 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Instruction_h
+#define Instruction_h
+
+#include "MacroAssembler.h"
+#include "Opcode.h"
+#include "Structure.h"
+#include "StructureChain.h"
+#include <wtf/VectorTraits.h>
+
+#define POLYMORPHIC_LIST_CACHE_SIZE 8
+
+namespace JSC {
+
+    // *Sigh*, If the JIT is enabled we need to track the stubRountine (of type CodeLocationLabel),
+    // If the JIT is not in use we don't actually need the variable (that said, if the JIT is not in use we don't
+    // curently actually use PolymorphicAccessStructureLists, which we should).  Anyway, this seems like the best
+    // solution for now - will need to something smarter if/when we actually want mixed-mode operation.
+#if ENABLE(JIT)
+    typedef CodeLocationLabel PolymorphicAccessStructureListStubRoutineType;
+#else
+    typedef void* PolymorphicAccessStructureListStubRoutineType;
+#endif
+
+    class JSCell;
+    class Structure;
+    class StructureChain;
+
+    // Structure used by op_get_by_id_self_list and op_get_by_id_proto_list instruction to hold data off the main opcode stream.
+    struct PolymorphicAccessStructureList : FastAllocBase {
+        struct PolymorphicStubInfo {
+            bool isChain;
+            PolymorphicAccessStructureListStubRoutineType stubRoutine;
+            Structure* base;
+            union {
+                Structure* proto;
+                StructureChain* chain;
+            } u;
+
+            void set(PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base)
+            {
+                stubRoutine = _stubRoutine;
+                base = _base;
+                u.proto = 0;
+                isChain = false;
+            }
+            
+            void set(PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base, Structure* _proto)
+            {
+                stubRoutine = _stubRoutine;
+                base = _base;
+                u.proto = _proto;
+                isChain = false;
+            }
+            
+            void set(PolymorphicAccessStructureListStubRoutineType _stubRoutine, Structure* _base, StructureChain* _chain)
+            {
+                stubRoutine = _stubRoutine;
+                base = _base;
+                u.chain = _chain;
+                isChain = true;
+            }
+        } list[POLYMORPHIC_LIST_CACHE_SIZE];
+        
+        PolymorphicAccessStructureList(PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase)
+        {
+            list[0].set(stubRoutine, firstBase);
+        }
+
+        PolymorphicAccessStructureList(PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase, Structure* firstProto)
+        {
+            list[0].set(stubRoutine, firstBase, firstProto);
+        }
+
+        PolymorphicAccessStructureList(PolymorphicAccessStructureListStubRoutineType stubRoutine, Structure* firstBase, StructureChain* firstChain)
+        {
+            list[0].set(stubRoutine, firstBase, firstChain);
+        }
+
+        void derefStructures(int count)
+        {
+            for (int i = 0; i < count; ++i) {
+                PolymorphicStubInfo& info = list[i];
+
+                ASSERT(info.base);
+                info.base->deref();
+
+                if (info.u.proto) {
+                    if (info.isChain)
+                        info.u.chain->deref();
+                    else
+                        info.u.proto->deref();
+                }
+            }
+        }
+    };
+
+    struct Instruction {
+        Instruction(Opcode opcode)
+        {
+#if !HAVE(COMPUTED_GOTO)
+            // We have to initialize one of the pointer members to ensure that
+            // the entire struct is initialized, when opcode is not a pointer.
+            u.jsCell = 0;
+#endif
+            u.opcode = opcode;
+        }
+
+        Instruction(int operand)
+        {
+            // We have to initialize one of the pointer members to ensure that
+            // the entire struct is initialized in 64-bit.
+            u.jsCell = 0;
+            u.operand = operand;
+        }
+
+        Instruction(Structure* structure) { u.structure = structure; }
+        Instruction(StructureChain* structureChain) { u.structureChain = structureChain; }
+        Instruction(JSCell* jsCell) { u.jsCell = jsCell; }
+        Instruction(PolymorphicAccessStructureList* polymorphicStructures) { u.polymorphicStructures = polymorphicStructures; }
+
+        union {
+            Opcode opcode;
+            int operand;
+            Structure* structure;
+            StructureChain* structureChain;
+            JSCell* jsCell;
+            PolymorphicAccessStructureList* polymorphicStructures;
+        } u;
+    };
+
+} // namespace JSC
+
+namespace WTF {
+
+    template<> struct VectorTraits<JSC::Instruction> : VectorTraitsBase<true, JSC::Instruction> { };
+
+} // namespace WTF
+
+#endif // Instruction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.cpp
new file mode 100644
index 000000000..175c1b349
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.cpp
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JumpTable.h"
+
+namespace JSC {
+
+int32_t SimpleJumpTable::offsetForValue(int32_t value, int32_t defaultOffset)
+{
+    if (value >= min && static_cast<uint32_t>(value - min) < branchOffsets.size()) {
+        int32_t offset = branchOffsets[value - min];
+        if (offset)
+            return offset;
+    }
+    return defaultOffset;        
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.h
new file mode 100644
index 000000000..b4f8e4401
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/JumpTable.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JumpTable_h
+#define JumpTable_h
+
+#include "MacroAssembler.h"
+#include "UString.h"
+#include <wtf/HashMap.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    struct OffsetLocation {
+        int32_t branchOffset;
+#if ENABLE(JIT)
+        CodeLocationLabel ctiOffset;
+#endif
+    };
+
+    struct StringJumpTable {
+        typedef HashMap<RefPtr<UString::Rep>, OffsetLocation> StringOffsetTable;
+        StringOffsetTable offsetTable;
+#if ENABLE(JIT)
+        CodeLocationLabel ctiDefault; // FIXME: it should not be necessary to store this.
+#endif
+
+        inline int32_t offsetForValue(UString::Rep* value, int32_t defaultOffset)
+        {
+            StringOffsetTable::const_iterator end = offsetTable.end();
+            StringOffsetTable::const_iterator loc = offsetTable.find(value);
+            if (loc == end)
+                return defaultOffset;
+            return loc->second.branchOffset;
+        }
+
+#if ENABLE(JIT)
+        inline CodeLocationLabel ctiForValue(UString::Rep* value)
+        {
+            StringOffsetTable::const_iterator end = offsetTable.end();
+            StringOffsetTable::const_iterator loc = offsetTable.find(value);
+            if (loc == end)
+                return ctiDefault;
+            return loc->second.ctiOffset;
+        }
+#endif
+    };
+
+    struct SimpleJumpTable {
+        // FIXME: The two Vectors can be combind into one Vector<OffsetLocation>
+        Vector<int32_t> branchOffsets;
+        int32_t min;
+#if ENABLE(JIT)
+        Vector<CodeLocationLabel> ctiOffsets;
+        CodeLocationLabel ctiDefault;
+#endif
+
+        int32_t offsetForValue(int32_t value, int32_t defaultOffset);
+        void add(int32_t key, int32_t offset)
+        {
+            if (!branchOffsets[key])
+                branchOffsets[key] = offset;
+        }
+
+#if ENABLE(JIT)
+        inline CodeLocationLabel ctiForValue(int32_t value)
+        {
+            if (value >= min && static_cast<uint32_t>(value - min) < ctiOffsets.size())
+                return ctiOffsets[value - min];
+            return ctiDefault;
+        }
+#endif
+    };
+
+} // namespace JSC
+
+#endif // JumpTable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.cpp
new file mode 100644
index 000000000..bb7696dd8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.cpp
@@ -0,0 +1,186 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Opcode.h"
+
+using namespace std;
+
+namespace JSC {
+
+#if ENABLE(OPCODE_SAMPLING) || ENABLE(CODEBLOCK_SAMPLING) || ENABLE(OPCODE_STATS)
+
+const char* const opcodeNames[] = {
+#define OPCODE_NAME_ENTRY(opcode, size) #opcode,
+    FOR_EACH_OPCODE_ID(OPCODE_NAME_ENTRY)
+#undef OPCODE_NAME_ENTRY
+};
+
+#endif
+
+#if ENABLE(OPCODE_STATS)
+
+long long OpcodeStats::opcodeCounts[numOpcodeIDs];
+long long OpcodeStats::opcodePairCounts[numOpcodeIDs][numOpcodeIDs];
+int OpcodeStats::lastOpcode = -1;
+
+static OpcodeStats logger;
+
+OpcodeStats::OpcodeStats()
+{
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        opcodeCounts[i] = 0;
+    
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        for (int j = 0; j < numOpcodeIDs; ++j)
+            opcodePairCounts[i][j] = 0;
+}
+
+static int compareOpcodeIndices(const void* left, const void* right)
+{
+    long long leftValue = OpcodeStats::opcodeCounts[*(int*) left];
+    long long rightValue = OpcodeStats::opcodeCounts[*(int*) right];
+    
+    if (leftValue < rightValue)
+        return 1;
+    else if (leftValue > rightValue)
+        return -1;
+    else
+        return 0;
+}
+
+static int compareOpcodePairIndices(const void* left, const void* right)
+{
+    pair<int, int> leftPair = *(pair<int, int>*) left;
+    long long leftValue = OpcodeStats::opcodePairCounts[leftPair.first][leftPair.second];
+    pair<int, int> rightPair = *(pair<int, int>*) right;
+    long long rightValue = OpcodeStats::opcodePairCounts[rightPair.first][rightPair.second];
+    
+    if (leftValue < rightValue)
+        return 1;
+    else if (leftValue > rightValue)
+        return -1;
+    else
+        return 0;
+}
+
+OpcodeStats::~OpcodeStats()
+{
+    long long totalInstructions = 0;
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        totalInstructions += opcodeCounts[i];
+    
+    long long totalInstructionPairs = 0;
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        for (int j = 0; j < numOpcodeIDs; ++j)
+            totalInstructionPairs += opcodePairCounts[i][j];
+
+    int sortedIndices[numOpcodeIDs];    
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        sortedIndices[i] = i;
+    qsort(sortedIndices, numOpcodeIDs, sizeof(int), compareOpcodeIndices);
+    
+    pair<int, int> sortedPairIndices[numOpcodeIDs * numOpcodeIDs];
+    pair<int, int>* currentPairIndex = sortedPairIndices;
+    for (int i = 0; i < numOpcodeIDs; ++i)
+        for (int j = 0; j < numOpcodeIDs; ++j)
+            *(currentPairIndex++) = make_pair(i, j);
+    qsort(sortedPairIndices, numOpcodeIDs * numOpcodeIDs, sizeof(pair<int, int>), compareOpcodePairIndices);
+    
+    printf("\nExecuted opcode statistics\n"); 
+    
+    printf("Total instructions executed: %lld\n\n", totalInstructions);
+
+    printf("All opcodes by frequency:\n\n");
+
+    for (int i = 0; i < numOpcodeIDs; ++i) {
+        int index = sortedIndices[i];
+        printf("%s:%s %lld - %.2f%%\n", opcodeNames[index], padOpcodeName((OpcodeID)index, 28), opcodeCounts[index], ((double) opcodeCounts[index]) / ((double) totalInstructions) * 100.0);    
+    }
+    
+    printf("\n");
+    printf("2-opcode sequences by frequency: %lld\n\n", totalInstructions);
+    
+    for (int i = 0; i < numOpcodeIDs * numOpcodeIDs; ++i) {
+        pair<int, int> indexPair = sortedPairIndices[i];
+        long long count = opcodePairCounts[indexPair.first][indexPair.second];
+        
+        if (!count)
+            break;
+        
+        printf("%s%s %s:%s %lld %.2f%%\n", opcodeNames[indexPair.first], padOpcodeName((OpcodeID)indexPair.first, 28), opcodeNames[indexPair.second], padOpcodeName((OpcodeID)indexPair.second, 28), count, ((double) count) / ((double) totalInstructionPairs) * 100.0);
+    }
+    
+    printf("\n");
+    printf("Most common opcodes and sequences:\n");
+
+    for (int i = 0; i < numOpcodeIDs; ++i) {
+        int index = sortedIndices[i];
+        long long opcodeCount = opcodeCounts[index];
+        double opcodeProportion = ((double) opcodeCount) / ((double) totalInstructions);
+        if (opcodeProportion < 0.0001)
+            break;
+        printf("\n%s:%s %lld - %.2f%%\n", opcodeNames[index], padOpcodeName((OpcodeID)index, 28), opcodeCount, opcodeProportion * 100.0);
+
+        for (int j = 0; j < numOpcodeIDs * numOpcodeIDs; ++j) {
+            pair<int, int> indexPair = sortedPairIndices[j];
+            long long pairCount = opcodePairCounts[indexPair.first][indexPair.second];
+            double pairProportion = ((double) pairCount) / ((double) totalInstructionPairs);
+        
+            if (!pairCount || pairProportion < 0.0001 || pairProportion < opcodeProportion / 100)
+                break;
+
+            if (indexPair.first != index && indexPair.second != index)
+                continue;
+
+            printf("    %s%s %s:%s %lld - %.2f%%\n", opcodeNames[indexPair.first], padOpcodeName((OpcodeID)indexPair.first, 28), opcodeNames[indexPair.second], padOpcodeName((OpcodeID)indexPair.second, 28), pairCount, pairProportion * 100.0);
+        }
+        
+    }
+    printf("\n");
+}
+
+void OpcodeStats::recordInstruction(int opcode)
+{
+    opcodeCounts[opcode]++;
+    
+    if (lastOpcode != -1)
+        opcodePairCounts[lastOpcode][opcode]++;
+    
+    lastOpcode = opcode;
+}
+
+void OpcodeStats::resetLastInstruction()
+{
+    lastOpcode = -1;
+}
+
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.h
new file mode 100644
index 000000000..cf5044220
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/Opcode.h
@@ -0,0 +1,237 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Opcode_h
+#define Opcode_h
+
+#include <algorithm>
+#include <string.h>
+
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+    #define FOR_EACH_OPCODE_ID(macro) \
+        macro(op_enter, 1) \
+        macro(op_enter_with_activation, 2) \
+        macro(op_init_arguments, 1) \
+        macro(op_create_arguments, 1) \
+        macro(op_convert_this, 2) \
+        \
+        macro(op_new_object, 2) \
+        macro(op_new_array, 4) \
+        macro(op_new_regexp, 3) \
+        macro(op_mov, 3) \
+        \
+        macro(op_not, 3) \
+        macro(op_eq, 4) \
+        macro(op_eq_null, 3) \
+        macro(op_neq, 4) \
+        macro(op_neq_null, 3) \
+        macro(op_stricteq, 4) \
+        macro(op_nstricteq, 4) \
+        macro(op_less, 4) \
+        macro(op_lesseq, 4) \
+        \
+        macro(op_pre_inc, 2) \
+        macro(op_pre_dec, 2) \
+        macro(op_post_inc, 3) \
+        macro(op_post_dec, 3) \
+        macro(op_to_jsnumber, 3) \
+        macro(op_negate, 3) \
+        macro(op_add, 5) \
+        macro(op_mul, 5) \
+        macro(op_div, 5) \
+        macro(op_mod, 4) \
+        macro(op_sub, 5) \
+        \
+        macro(op_lshift, 4) \
+        macro(op_rshift, 4) \
+        macro(op_urshift, 4) \
+        macro(op_bitand, 5) \
+        macro(op_bitxor, 5) \
+        macro(op_bitor, 5) \
+        macro(op_bitnot, 3) \
+        \
+        macro(op_instanceof, 5) \
+        macro(op_typeof, 3) \
+        macro(op_is_undefined, 3) \
+        macro(op_is_boolean, 3) \
+        macro(op_is_number, 3) \
+        macro(op_is_string, 3) \
+        macro(op_is_object, 3) \
+        macro(op_is_function, 3) \
+        macro(op_in, 4) \
+        \
+        macro(op_resolve, 3) \
+        macro(op_resolve_skip, 4) \
+        macro(op_resolve_global, 6) \
+        macro(op_get_scoped_var, 4) \
+        macro(op_put_scoped_var, 4) \
+        macro(op_get_global_var, 4) \
+        macro(op_put_global_var, 4) \
+        macro(op_resolve_base, 3) \
+        macro(op_resolve_with_base, 4) \
+        macro(op_get_by_id, 8) \
+        macro(op_get_by_id_self, 8) \
+        macro(op_get_by_id_self_list, 8) \
+        macro(op_get_by_id_proto, 8) \
+        macro(op_get_by_id_proto_list, 8) \
+        macro(op_get_by_id_chain, 8) \
+        macro(op_get_by_id_generic, 8) \
+        macro(op_get_array_length, 8) \
+        macro(op_get_string_length, 8) \
+        macro(op_put_by_id, 8) \
+        macro(op_put_by_id_transition, 8) \
+        macro(op_put_by_id_replace, 8) \
+        macro(op_put_by_id_generic, 8) \
+        macro(op_del_by_id, 4) \
+        macro(op_get_by_val, 4) \
+        macro(op_put_by_val, 4) \
+        macro(op_del_by_val, 4) \
+        macro(op_put_by_index, 4) \
+        macro(op_put_getter, 4) \
+        macro(op_put_setter, 4) \
+        \
+        macro(op_jmp, 2) \
+        macro(op_jtrue, 3) \
+        macro(op_jfalse, 3) \
+        macro(op_jeq_null, 3) \
+        macro(op_jneq_null, 3) \
+        macro(op_jneq_ptr, 4) \
+        macro(op_jnless, 4) \
+        macro(op_jnlesseq, 4) \
+        macro(op_jmp_scopes, 3) \
+        macro(op_loop, 2) \
+        macro(op_loop_if_true, 3) \
+        macro(op_loop_if_less, 4) \
+        macro(op_loop_if_lesseq, 4) \
+        macro(op_switch_imm, 4) \
+        macro(op_switch_char, 4) \
+        macro(op_switch_string, 4) \
+        \
+        macro(op_new_func, 3) \
+        macro(op_new_func_exp, 3) \
+        macro(op_call, 5) \
+        macro(op_call_eval, 5) \
+        macro(op_call_varargs, 5) \
+        macro(op_load_varargs, 3) \
+        macro(op_tear_off_activation, 2) \
+        macro(op_tear_off_arguments, 1) \
+        macro(op_ret, 2) \
+        macro(op_method_check, 1) \
+        \
+        macro(op_construct, 7) \
+        macro(op_construct_verify, 3) \
+        macro(op_strcat, 4) \
+        macro(op_to_primitive, 3) \
+        \
+        macro(op_get_pnames, 3) \
+        macro(op_next_pname, 4) \
+        \
+        macro(op_push_scope, 2) \
+        macro(op_pop_scope, 1) \
+        macro(op_push_new_scope, 4) \
+        \
+        macro(op_catch, 2) \
+        macro(op_throw, 2) \
+        macro(op_new_error, 4) \
+        \
+        macro(op_jsr, 3) \
+        macro(op_sret, 2) \
+        \
+        macro(op_debug, 5) \
+        macro(op_profile_will_call, 2) \
+        macro(op_profile_did_call, 2) \
+        \
+        macro(op_end, 2) // end must be the last opcode in the list
+
+    #define OPCODE_ID_ENUM(opcode, length) opcode,
+        typedef enum { FOR_EACH_OPCODE_ID(OPCODE_ID_ENUM) } OpcodeID;
+    #undef OPCODE_ID_ENUM
+
+    const int numOpcodeIDs = op_end + 1;
+
+    #define OPCODE_ID_LENGTHS(id, length) const int id##_length = length;
+         FOR_EACH_OPCODE_ID(OPCODE_ID_LENGTHS);
+    #undef OPCODE_ID_LENGTHS
+    
+    #define OPCODE_LENGTH(opcode) opcode##_length
+
+    #define OPCODE_ID_LENGTH_MAP(opcode, length) length,
+        const int opcodeLengths[numOpcodeIDs] = { FOR_EACH_OPCODE_ID(OPCODE_ID_LENGTH_MAP) };
+    #undef OPCODE_ID_LENGTH_MAP
+
+    #define VERIFY_OPCODE_ID(id, size) COMPILE_ASSERT(id <= op_end, ASSERT_THAT_JS_OPCODE_IDS_ARE_VALID);
+        FOR_EACH_OPCODE_ID(VERIFY_OPCODE_ID);
+    #undef VERIFY_OPCODE_ID
+
+#if HAVE(COMPUTED_GOTO)
+    typedef void* Opcode;
+#else
+    typedef OpcodeID Opcode;
+#endif
+
+#if ENABLE(OPCODE_SAMPLING) || ENABLE(CODEBLOCK_SAMPLING) || ENABLE(OPCODE_STATS)
+
+#define PADDING_STRING "                                "
+#define PADDING_STRING_LENGTH static_cast<unsigned>(strlen(PADDING_STRING))
+
+    extern const char* const opcodeNames[];
+
+    inline const char* padOpcodeName(OpcodeID op, unsigned width)
+    {
+        unsigned pad = width - strlen(opcodeNames[op]);
+        pad = std::min(pad, PADDING_STRING_LENGTH);
+        return PADDING_STRING + PADDING_STRING_LENGTH - pad;
+    }
+
+#undef PADDING_STRING_LENGTH
+#undef PADDING_STRING
+
+#endif
+
+#if ENABLE(OPCODE_STATS)
+
+    struct OpcodeStats {
+        OpcodeStats();
+        ~OpcodeStats();
+        static long long opcodeCounts[numOpcodeIDs];
+        static long long opcodePairCounts[numOpcodeIDs][numOpcodeIDs];
+        static int lastOpcode;
+
+        static void recordInstruction(int opcode);
+        static void resetLastInstruction();
+    };
+
+#endif
+
+} // namespace JSC
+
+#endif // Opcode_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.cpp
new file mode 100644
index 000000000..865c91933
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.cpp
@@ -0,0 +1,406 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SamplingTool.h"
+
+#include "CodeBlock.h"
+#include "Interpreter.h"
+#include "Opcode.h"
+
+#if !PLATFORM(WIN_OS)
+#include <unistd.h>
+#endif
+
+namespace JSC {
+
+#if ENABLE(SAMPLING_FLAGS)
+
+void SamplingFlags::sample()
+{
+    uint32_t mask = 1 << 31;
+    unsigned index;
+
+    for (index = 0; index < 32; ++index) {
+        if (mask & s_flags)
+            break;
+        mask >>= 1;
+    }
+
+    s_flagCounts[32 - index]++;
+}
+
+void SamplingFlags::start()
+{
+    for (unsigned i = 0; i <= 32; ++i)
+        s_flagCounts[i] = 0;
+}
+void SamplingFlags::stop()
+{
+    uint64_t total = 0;
+    for (unsigned i = 0; i <= 32; ++i)
+        total += s_flagCounts[i];
+
+    if (total) {
+        printf("\nSamplingFlags: sample counts with flags set: (%lld total)\n", total);
+        for (unsigned i = 0; i <= 32; ++i) {
+            if (s_flagCounts[i])
+                printf("  [ %02d ] : %lld\t\t(%03.2f%%)\n", i, s_flagCounts[i], (100.0 * s_flagCounts[i]) / total);
+        }
+        printf("\n");
+    } else
+    printf("\nSamplingFlags: no samples.\n\n");
+}
+uint64_t SamplingFlags::s_flagCounts[33];
+
+#else
+void SamplingFlags::start() {}
+void SamplingFlags::stop() {}
+#endif
+
+/*
+  Start with flag 16 set.
+  By doing this the monitoring of lower valued flags will be masked out
+  until flag 16 is explictly cleared.
+*/
+uint32_t SamplingFlags::s_flags = 1 << 15;
+
+
+#if PLATFORM(WIN_OS)
+
+static void sleepForMicroseconds(unsigned us)
+{
+    unsigned ms = us / 1000;
+    if (us && !ms)
+        ms = 1;
+    Sleep(ms);
+}
+
+#else 
+
+static void sleepForMicroseconds(unsigned us)
+{
+    usleep(us);
+}
+
+#endif
+
+static inline unsigned hertz2us(unsigned hertz)
+{
+    return 1000000 / hertz;
+}
+
+
+SamplingTool* SamplingTool::s_samplingTool = 0;
+
+
+bool SamplingThread::s_running = false;
+unsigned SamplingThread::s_hertz = 10000;
+ThreadIdentifier SamplingThread::s_samplingThread;
+
+void* SamplingThread::threadStartFunc(void*)
+{
+    while (s_running) {
+        sleepForMicroseconds(hertz2us(s_hertz));
+
+#if ENABLE(SAMPLING_FLAGS)
+        SamplingFlags::sample();
+#endif
+#if ENABLE(OPCODE_SAMPLING)
+        SamplingTool::sample();
+#endif
+    }
+
+    return 0;
+}
+
+
+void SamplingThread::start(unsigned hertz)
+{
+    ASSERT(!s_running);
+    s_running = true;
+    s_hertz = hertz;
+
+    s_samplingThread = createThread(threadStartFunc, 0, "JavaScriptCore::Sampler");
+}
+
+void SamplingThread::stop()
+{
+    ASSERT(s_running);
+    s_running = false;
+    waitForThreadCompletion(s_samplingThread, 0);
+}
+
+
+void ScriptSampleRecord::sample(CodeBlock* codeBlock, Instruction* vPC)
+{
+    if (!m_samples) {
+        m_size = codeBlock->instructions().size();
+        m_samples = static_cast<int*>(calloc(m_size, sizeof(int)));
+        m_codeBlock = codeBlock;
+    }
+
+    ++m_sampleCount;
+
+    unsigned offest = vPC - codeBlock->instructions().begin();
+    // Since we don't read and write codeBlock and vPC atomically, this check
+    // can fail if we sample mid op_call / op_ret.
+    if (offest < m_size) {
+        m_samples[offest]++;
+        m_opcodeSampleCount++;
+    }
+}
+
+void SamplingTool::doRun()
+{
+    Sample sample(m_sample, m_codeBlock);
+    ++m_sampleCount;
+
+    if (sample.isNull())
+        return;
+
+    if (!sample.inHostFunction()) {
+        unsigned opcodeID = m_interpreter->getOpcodeID(sample.vPC()[0].u.opcode);
+
+        ++m_opcodeSampleCount;
+        ++m_opcodeSamples[opcodeID];
+
+        if (sample.inCTIFunction())
+            m_opcodeSamplesInCTIFunctions[opcodeID]++;
+    }
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+    if (CodeBlock* codeBlock = sample.codeBlock()) {
+        MutexLocker locker(m_scriptSampleMapMutex);
+        ScriptSampleRecord* record = m_scopeSampleMap->get(codeBlock->ownerExecutable());
+        ASSERT(record);
+        record->sample(codeBlock, sample.vPC());
+    }
+#endif
+}
+
+void SamplingTool::sample()
+{
+    s_samplingTool->doRun();
+}
+
+void SamplingTool::notifyOfScope(ScriptExecutable* script)
+{
+#if ENABLE(CODEBLOCK_SAMPLING)
+    MutexLocker locker(m_scriptSampleMapMutex);
+    m_scopeSampleMap->set(script, new ScriptSampleRecord(script));
+#else
+    UNUSED_PARAM(script);
+#endif
+}
+
+void SamplingTool::setup()
+{
+    s_samplingTool = this;
+}
+
+#if ENABLE(OPCODE_SAMPLING)
+
+struct OpcodeSampleInfo {
+    OpcodeID opcode;
+    long long count;
+    long long countInCTIFunctions;
+};
+
+struct LineCountInfo {
+    unsigned line;
+    unsigned count;
+};
+
+static int compareOpcodeIndicesSampling(const void* left, const void* right)
+{
+    const OpcodeSampleInfo* leftSampleInfo = reinterpret_cast<const OpcodeSampleInfo*>(left);
+    const OpcodeSampleInfo* rightSampleInfo = reinterpret_cast<const OpcodeSampleInfo*>(right);
+
+    return (leftSampleInfo->count < rightSampleInfo->count) ? 1 : (leftSampleInfo->count > rightSampleInfo->count) ? -1 : 0;
+}
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+static int compareLineCountInfoSampling(const void* left, const void* right)
+{
+    const LineCountInfo* leftLineCount = reinterpret_cast<const LineCountInfo*>(left);
+    const LineCountInfo* rightLineCount = reinterpret_cast<const LineCountInfo*>(right);
+
+    return (leftLineCount->line > rightLineCount->line) ? 1 : (leftLineCount->line < rightLineCount->line) ? -1 : 0;
+}
+
+static int compareScriptSampleRecords(const void* left, const void* right)
+{
+    const ScriptSampleRecord* const leftValue = *static_cast<const ScriptSampleRecord* const *>(left);
+    const ScriptSampleRecord* const rightValue = *static_cast<const ScriptSampleRecord* const *>(right);
+
+    return (leftValue->m_sampleCount < rightValue->m_sampleCount) ? 1 : (leftValue->m_sampleCount > rightValue->m_sampleCount) ? -1 : 0;
+}
+#endif
+
+void SamplingTool::dump(ExecState* exec)
+{
+    // Tidies up SunSpider output by removing short scripts - such a small number of samples would likely not be useful anyhow.
+    if (m_sampleCount < 10)
+        return;
+    
+    // (1) Build and sort 'opcodeSampleInfo' array.
+
+    OpcodeSampleInfo opcodeSampleInfo[numOpcodeIDs];
+    for (int i = 0; i < numOpcodeIDs; ++i) {
+        opcodeSampleInfo[i].opcode = static_cast<OpcodeID>(i);
+        opcodeSampleInfo[i].count = m_opcodeSamples[i];
+        opcodeSampleInfo[i].countInCTIFunctions = m_opcodeSamplesInCTIFunctions[i];
+    }
+
+    qsort(opcodeSampleInfo, numOpcodeIDs, sizeof(OpcodeSampleInfo), compareOpcodeIndicesSampling);
+
+    // (2) Print Opcode sampling results.
+
+    printf("\nBytecode samples [*]\n");
+    printf("                             sample   %% of       %% of     |   cti     cti %%\n");
+    printf("opcode                       count     VM        total    |  count   of self\n");
+    printf("-------------------------------------------------------   |  ----------------\n");
+
+    for (int i = 0; i < numOpcodeIDs; ++i) {
+        long long count = opcodeSampleInfo[i].count;
+        if (!count)
+            continue;
+
+        OpcodeID opcodeID = opcodeSampleInfo[i].opcode;
+        
+        const char* opcodeName = opcodeNames[opcodeID];
+        const char* opcodePadding = padOpcodeName(opcodeID, 28);
+        double percentOfVM = (static_cast<double>(count) * 100) / m_opcodeSampleCount;
+        double percentOfTotal = (static_cast<double>(count) * 100) / m_sampleCount;
+        long long countInCTIFunctions = opcodeSampleInfo[i].countInCTIFunctions;
+        double percentInCTIFunctions = (static_cast<double>(countInCTIFunctions) * 100) / count;
+        fprintf(stdout, "%s:%s%-6lld %.3f%%\t%.3f%%\t  |   %-6lld %.3f%%\n", opcodeName, opcodePadding, count, percentOfVM, percentOfTotal, countInCTIFunctions, percentInCTIFunctions);
+    }
+    
+    printf("\n[*] Samples inside host code are not charged to any Bytecode.\n\n");
+    printf("\tSamples inside VM:\t\t%lld / %lld (%.3f%%)\n", m_opcodeSampleCount, m_sampleCount, (static_cast<double>(m_opcodeSampleCount) * 100) / m_sampleCount);
+    printf("\tSamples inside host code:\t%lld / %lld (%.3f%%)\n\n", m_sampleCount - m_opcodeSampleCount, m_sampleCount, (static_cast<double>(m_sampleCount - m_opcodeSampleCount) * 100) / m_sampleCount);
+    printf("\tsample count:\tsamples inside this opcode\n");
+    printf("\t%% of VM:\tsample count / all opcode samples\n");
+    printf("\t%% of total:\tsample count / all samples\n");
+    printf("\t--------------\n");
+    printf("\tcti count:\tsamples inside a CTI function called by this opcode\n");
+    printf("\tcti %% of self:\tcti count / sample count\n");
+    
+#if ENABLE(CODEBLOCK_SAMPLING)
+
+    // (3) Build and sort 'codeBlockSamples' array.
+
+    int scopeCount = m_scopeSampleMap->size();
+    Vector<ScriptSampleRecord*> codeBlockSamples(scopeCount);
+    ScriptSampleRecordMap::iterator iter = m_scopeSampleMap->begin();
+    for (int i = 0; i < scopeCount; ++i, ++iter)
+        codeBlockSamples[i] = iter->second;
+
+    qsort(codeBlockSamples.begin(), scopeCount, sizeof(ScriptSampleRecord*), compareScriptSampleRecords);
+
+    // (4) Print data from 'codeBlockSamples' array.
+
+    printf("\nCodeBlock samples\n\n"); 
+
+    for (int i = 0; i < scopeCount; ++i) {
+        ScriptSampleRecord* record = codeBlockSamples[i];
+        CodeBlock* codeBlock = record->m_codeBlock;
+
+        double blockPercent = (record->m_sampleCount * 100.0) / m_sampleCount;
+
+        if (blockPercent >= 1) {
+            //Instruction* code = codeBlock->instructions().begin();
+            printf("#%d: %s:%d: %d / %lld (%.3f%%)\n", i + 1, record->m_executable->sourceURL().UTF8String().c_str(), codeBlock->lineNumberForBytecodeOffset(exec, 0), record->m_sampleCount, m_sampleCount, blockPercent);
+            if (i < 10) {
+                HashMap<unsigned,unsigned> lineCounts;
+                codeBlock->dump(exec);
+
+                printf("    Opcode and line number samples [*]\n\n");
+                for (unsigned op = 0; op < record->m_size; ++op) {
+                    int count = record->m_samples[op];
+                    if (count) {
+                        printf("    [% 4d] has sample count: % 4d\n", op, count);
+                        unsigned line = codeBlock->lineNumberForBytecodeOffset(exec, op);
+                        lineCounts.set(line, (lineCounts.contains(line) ? lineCounts.get(line) : 0) + count);
+                    }
+                }
+                printf("\n");
+
+                int linesCount = lineCounts.size();
+                Vector<LineCountInfo> lineCountInfo(linesCount);
+                int lineno = 0;
+                for (HashMap<unsigned,unsigned>::iterator iter = lineCounts.begin(); iter != lineCounts.end(); ++iter, ++lineno) {
+                    lineCountInfo[lineno].line = iter->first;
+                    lineCountInfo[lineno].count = iter->second;
+                }
+
+                qsort(lineCountInfo.begin(), linesCount, sizeof(LineCountInfo), compareLineCountInfoSampling);
+
+                for (lineno = 0; lineno < linesCount; ++lineno) {
+                    printf("    Line #%d has sample count %d.\n", lineCountInfo[lineno].line, lineCountInfo[lineno].count);
+                }
+                printf("\n");
+                printf("    [*] Samples inside host code are charged to the calling Bytecode.\n");
+                printf("        Samples on a call / return boundary are not charged to a specific opcode or line.\n\n");
+                printf("            Samples on a call / return boundary: %d / %d (%.3f%%)\n\n", record->m_sampleCount - record->m_opcodeSampleCount, record->m_sampleCount, (static_cast<double>(record->m_sampleCount - record->m_opcodeSampleCount) * 100) / record->m_sampleCount);
+            }
+        }
+    }
+#else
+    UNUSED_PARAM(exec);
+#endif
+}
+
+#else
+
+void SamplingTool::dump(ExecState*)
+{
+}
+
+#endif
+
+void AbstractSamplingCounter::dump()
+{
+#if ENABLE(SAMPLING_COUNTERS)
+    if (s_abstractSamplingCounterChain != &s_abstractSamplingCounterChainEnd) {
+        printf("\nSampling Counter Values:\n");
+        for (AbstractSamplingCounter* currCounter = s_abstractSamplingCounterChain; (currCounter != &s_abstractSamplingCounterChainEnd); currCounter = currCounter->m_next)
+            printf("\t%s\t: %lld\n", currCounter->m_name, currCounter->m_counter);
+        printf("\n\n");
+    }
+    s_completed = true;
+#endif
+}
+
+AbstractSamplingCounter AbstractSamplingCounter::s_abstractSamplingCounterChainEnd;
+AbstractSamplingCounter* AbstractSamplingCounter::s_abstractSamplingCounterChain = &s_abstractSamplingCounterChainEnd;
+bool AbstractSamplingCounter::s_completed = false;
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.h
new file mode 100644
index 000000000..711b08676
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/SamplingTool.h
@@ -0,0 +1,414 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SamplingTool_h
+#define SamplingTool_h
+
+#include <wtf/Assertions.h>
+#include <wtf/HashMap.h>
+#include <wtf/Threading.h>
+
+#include "Nodes.h"
+#include "Opcode.h"
+
+namespace JSC {
+
+    class ScriptExecutable;
+
+    class SamplingFlags {
+        friend class JIT;
+    public:
+        static void start();
+        static void stop();
+
+#if ENABLE(SAMPLING_FLAGS)
+        static void setFlag(unsigned flag)
+        {
+            ASSERT(flag >= 1);
+            ASSERT(flag <= 32);
+            s_flags |= 1u << (flag - 1);
+        }
+
+        static void clearFlag(unsigned flag)
+        {
+            ASSERT(flag >= 1);
+            ASSERT(flag <= 32);
+            s_flags &= ~(1u << (flag - 1));
+        }
+
+        static void sample();
+
+        class ScopedFlag {
+        public:
+            ScopedFlag(int flag)
+                : m_flag(flag)
+            {
+                setFlag(flag);
+            }
+
+            ~ScopedFlag()
+            {
+                clearFlag(m_flag);
+            }
+
+        private:
+            int m_flag;
+        };
+    
+#endif
+    private:
+        static uint32_t s_flags;
+#if ENABLE(SAMPLING_FLAGS)
+        static uint64_t s_flagCounts[33];
+#endif
+    };
+
+    class CodeBlock;
+    class ExecState;
+    class Interpreter;
+    class ScopeNode;
+    struct Instruction;
+
+    struct ScriptSampleRecord {
+        ScriptSampleRecord(ScriptExecutable* executable)
+            : m_executable(executable)
+            , m_codeBlock(0)
+            , m_sampleCount(0)
+            , m_opcodeSampleCount(0)
+            , m_samples(0)
+            , m_size(0)
+        {
+        }
+        
+        ~ScriptSampleRecord()
+        {
+            if (m_samples)
+                free(m_samples);
+        }
+        
+        void sample(CodeBlock*, Instruction*);
+
+        ScriptExecutable* m_executable;
+        CodeBlock* m_codeBlock;
+        int m_sampleCount;
+        int m_opcodeSampleCount;
+        int* m_samples;
+        unsigned m_size;
+    };
+
+    typedef WTF::HashMap<ScriptExecutable*, ScriptSampleRecord*> ScriptSampleRecordMap;
+
+    class SamplingThread {
+    public:
+        // Sampling thread state.
+        static bool s_running;
+        static unsigned s_hertz;
+        static ThreadIdentifier s_samplingThread;
+
+        static void start(unsigned hertz=10000);
+        static void stop();
+
+        static void* threadStartFunc(void*);
+    };
+
+    class SamplingTool {
+    public:
+        friend struct CallRecord;
+        friend class HostCallRecord;
+        
+#if ENABLE(OPCODE_SAMPLING)
+        class CallRecord : public Noncopyable {
+        public:
+            CallRecord(SamplingTool* samplingTool)
+                : m_samplingTool(samplingTool)
+                , m_savedSample(samplingTool->m_sample)
+                , m_savedCodeBlock(samplingTool->m_codeBlock)
+            {
+            }
+
+            ~CallRecord()
+            {
+                m_samplingTool->m_sample = m_savedSample;
+                m_samplingTool->m_codeBlock = m_savedCodeBlock;
+            }
+
+        private:
+            SamplingTool* m_samplingTool;
+            intptr_t m_savedSample;
+            CodeBlock* m_savedCodeBlock;
+        };
+        
+        class HostCallRecord : public CallRecord {
+        public:
+            HostCallRecord(SamplingTool* samplingTool)
+                : CallRecord(samplingTool)
+            {
+                samplingTool->m_sample |= 0x1;
+            }
+        };
+#else
+        class CallRecord : public Noncopyable {
+        public:
+            CallRecord(SamplingTool*)
+            {
+            }
+        };
+
+        class HostCallRecord : public CallRecord {
+        public:
+            HostCallRecord(SamplingTool* samplingTool)
+                : CallRecord(samplingTool)
+            {
+            }
+        };
+#endif        
+
+        SamplingTool(Interpreter* interpreter)
+            : m_interpreter(interpreter)
+            , m_codeBlock(0)
+            , m_sample(0)
+            , m_sampleCount(0)
+            , m_opcodeSampleCount(0)
+#if ENABLE(CODEBLOCK_SAMPLING)
+            , m_scopeSampleMap(new ScriptSampleRecordMap())
+#endif
+        {
+            memset(m_opcodeSamples, 0, sizeof(m_opcodeSamples));
+            memset(m_opcodeSamplesInCTIFunctions, 0, sizeof(m_opcodeSamplesInCTIFunctions));
+        }
+
+        ~SamplingTool()
+        {
+#if ENABLE(CODEBLOCK_SAMPLING)
+            deleteAllValues(*m_scopeSampleMap);
+#endif
+        }
+
+        void setup();
+        void dump(ExecState*);
+
+        void notifyOfScope(ScriptExecutable* scope);
+
+        void sample(CodeBlock* codeBlock, Instruction* vPC)
+        {
+            ASSERT(!(reinterpret_cast<intptr_t>(vPC) & 0x3));
+            m_codeBlock = codeBlock;
+            m_sample = reinterpret_cast<intptr_t>(vPC);
+        }
+
+        CodeBlock** codeBlockSlot() { return &m_codeBlock; }
+        intptr_t* sampleSlot() { return &m_sample; }
+
+        void* encodeSample(Instruction* vPC, bool inCTIFunction = false, bool inHostFunction = false)
+        {
+            ASSERT(!(reinterpret_cast<intptr_t>(vPC) & 0x3));
+            return reinterpret_cast<void*>(reinterpret_cast<intptr_t>(vPC) | (static_cast<intptr_t>(inCTIFunction) << 1) | static_cast<intptr_t>(inHostFunction));
+        }
+
+        static void sample();
+
+    private:
+        class Sample {
+        public:
+            Sample(volatile intptr_t sample, CodeBlock* volatile codeBlock)
+                : m_sample(sample)
+                , m_codeBlock(codeBlock)
+            {
+            }
+            
+            bool isNull() { return !m_sample; }
+            CodeBlock* codeBlock() { return m_codeBlock; }
+            Instruction* vPC() { return reinterpret_cast<Instruction*>(m_sample & ~0x3); }
+            bool inHostFunction() { return m_sample & 0x1; }
+            bool inCTIFunction() { return m_sample & 0x2; }
+
+        private:
+            intptr_t m_sample;
+            CodeBlock* m_codeBlock;
+        };
+
+        void doRun();
+        static SamplingTool* s_samplingTool;
+        
+        Interpreter* m_interpreter;
+        
+        // State tracked by the main thread, used by the sampling thread.
+        CodeBlock* m_codeBlock;
+        intptr_t m_sample;
+
+        // Gathered sample data.
+        long long m_sampleCount;
+        long long m_opcodeSampleCount;
+        unsigned m_opcodeSamples[numOpcodeIDs];
+        unsigned m_opcodeSamplesInCTIFunctions[numOpcodeIDs];
+        
+#if ENABLE(CODEBLOCK_SAMPLING)
+        Mutex m_scriptSampleMapMutex;
+        OwnPtr<ScriptSampleRecordMap> m_scopeSampleMap;
+#endif
+    };
+
+    // AbstractSamplingCounter:
+    //
+    // Implements a named set of counters, printed on exit if ENABLE(SAMPLING_COUNTERS).
+    // See subclasses below, SamplingCounter, GlobalSamplingCounter and DeletableSamplingCounter.
+    class AbstractSamplingCounter {
+        friend class JIT;
+        friend class DeletableSamplingCounter;
+    public:
+        void count(uint32_t count = 1)
+        {
+            m_counter += count;
+        }
+
+        static void dump();
+
+    protected:
+        // Effectively the contructor, however called lazily in the case of GlobalSamplingCounter.
+        void init(const char* name)
+        {
+            m_counter = 0;
+            m_name = name;
+
+            // Set m_next to point to the head of the chain, and inform whatever is
+            // currently at the head that this node will now hold the pointer to it.
+            m_next = s_abstractSamplingCounterChain;
+            s_abstractSamplingCounterChain->m_referer = &m_next;
+            // Add this node to the head of the list.
+            s_abstractSamplingCounterChain = this;
+            m_referer = &s_abstractSamplingCounterChain;
+        }
+
+        int64_t m_counter;
+        const char* m_name;
+        AbstractSamplingCounter* m_next;
+        // This is a pointer to the pointer to this node in the chain; used to
+        // allow fast linked list deletion.
+        AbstractSamplingCounter** m_referer;
+        // Null object used to detect end of static chain.
+        static AbstractSamplingCounter s_abstractSamplingCounterChainEnd;
+        static AbstractSamplingCounter* s_abstractSamplingCounterChain;
+        static bool s_completed;
+    };
+
+#if ENABLE(SAMPLING_COUNTERS)
+    // SamplingCounter:
+    //
+    // This class is suitable and (hopefully!) convenient for cases where a counter is
+    // required within the scope of a single function.  It can be instantiated as a
+    // static variable since it contains a constructor but not a destructor (static
+    // variables in WebKit cannot have destructors).
+    //
+    // For example:
+    //
+    // void someFunction()
+    // {
+    //     static SamplingCounter countMe("This is my counter.  There are many like it, but this one is mine.");
+    //     countMe.count();
+    //     // ...
+    // }
+    //
+    class SamplingCounter : public AbstractSamplingCounter {
+    public:
+        SamplingCounter(const char* name) { init(name); }
+    };
+
+    // GlobalSamplingCounter:
+    //
+    // This class is suitable for use where a counter is to be declared globally,
+    // since it contains neither a constructor nor destructor.  Instead, ensure
+    // that 'name()' is called to provide the counter with a name (and also to
+    // allow it to be printed out on exit).
+    //
+    // GlobalSamplingCounter globalCounter;
+    //
+    // void firstFunction()
+    // {
+    //     // Put this within a function that is definitely called!
+    //     // (Or alternatively alongside all calls to 'count()').
+    //     globalCounter.name("I Name You Destroyer.");
+    //     globalCounter.count();
+    //     // ...
+    // }
+    //
+    // void secondFunction()
+    // {
+    //     globalCounter.count();
+    //     // ...
+    // }
+    //
+    class GlobalSamplingCounter : public AbstractSamplingCounter {
+    public:
+        void name(const char* name)
+        {
+            // Global objects should be mapped in zero filled memory, so this should
+            // be a safe (albeit not necessarily threadsafe) check for 'first call'.
+            if (!m_next)
+                init(name);
+        }
+    };
+
+    // DeletableSamplingCounter:
+    //
+    // The above classes (SamplingCounter, GlobalSamplingCounter), are intended for
+    // use within a global or static scope, and as such cannot have a destructor.
+    // This means there is no convenient way for them to remove themselves from the
+    // static list of counters, and should an instance of either class be freed
+    // before 'dump()' has walked over the list it will potentially walk over an
+    // invalid pointer.
+    //
+    // This class is intended for use where the counter may possibly be deleted before
+    // the program exits.  Should this occur, the counter will print it's value to
+    // stderr, and remove itself from the static list.  Example:
+    //
+    // DeletableSamplingCounter* counter = new DeletableSamplingCounter("The Counter With No Name");
+    // counter->count();
+    // delete counter;
+    //
+    class DeletableSamplingCounter : public AbstractSamplingCounter {
+    public:
+        DeletableSamplingCounter(const char* name) { init(name); }
+
+        ~DeletableSamplingCounter()
+        {
+            if (!s_completed)
+                fprintf(stderr, "DeletableSamplingCounter \"%s\" deleted early (with count %lld)\n", m_name, m_counter);
+            // Our m_referer pointer should know where the pointer to this node is,
+            // and m_next should know that this node is the previous node in the list.
+            ASSERT(*m_referer == this);
+            ASSERT(m_next->m_referer == &m_next);
+            // Remove this node from the list, and inform m_next that we have done so.
+            m_next->m_referer = m_referer;
+            *m_referer = m_next;
+        }
+    };
+#endif
+
+} // namespace JSC
+
+#endif // SamplingTool_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.cpp
new file mode 100644
index 000000000..018d83289
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.cpp
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "StructureStubInfo.h"
+
+namespace JSC {
+
+#if ENABLE(JIT)
+void StructureStubInfo::deref()
+{
+    switch (accessType) {
+    case access_get_by_id_self:
+        u.getByIdSelf.baseObjectStructure->deref();
+        return;
+    case access_get_by_id_proto:
+        u.getByIdProto.baseObjectStructure->deref();
+        u.getByIdProto.prototypeStructure->deref();
+        return;
+    case access_get_by_id_chain:
+        u.getByIdChain.baseObjectStructure->deref();
+        u.getByIdChain.chain->deref();
+        return;
+    case access_get_by_id_self_list: {
+        PolymorphicAccessStructureList* polymorphicStructures = u.getByIdSelfList.structureList;
+        polymorphicStructures->derefStructures(u.getByIdSelfList.listSize);
+        delete polymorphicStructures;
+        return;
+    }
+    case access_get_by_id_proto_list: {
+        PolymorphicAccessStructureList* polymorphicStructures = u.getByIdProtoList.structureList;
+        polymorphicStructures->derefStructures(u.getByIdProtoList.listSize);
+        delete polymorphicStructures;
+        return;
+    }
+    case access_put_by_id_transition:
+        u.putByIdTransition.previousStructure->deref();
+        u.putByIdTransition.structure->deref();
+        u.putByIdTransition.chain->deref();
+        return;
+    case access_put_by_id_replace:
+        u.putByIdReplace.baseObjectStructure->deref();
+        return;
+    case access_get_by_id:
+    case access_put_by_id:
+    case access_get_by_id_generic:
+    case access_put_by_id_generic:
+    case access_get_array_length:
+    case access_get_string_length:
+        // These instructions don't ref their Structures.
+        return;
+    default:
+        ASSERT_NOT_REACHED();
+    }
+}
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.h
new file mode 100644
index 000000000..8e2c489aa
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecode/StructureStubInfo.h
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef StructureStubInfo_h
+#define StructureStubInfo_h
+
+#if ENABLE(JIT)
+
+#include "Instruction.h"
+#include "MacroAssembler.h"
+#include "Opcode.h"
+#include "Structure.h"
+
+namespace JSC {
+
+    enum AccessType {
+        access_get_by_id_self,
+        access_get_by_id_proto,
+        access_get_by_id_chain,
+        access_get_by_id_self_list,
+        access_get_by_id_proto_list,
+        access_put_by_id_transition,
+        access_put_by_id_replace,
+        access_get_by_id,
+        access_put_by_id,
+        access_get_by_id_generic,
+        access_put_by_id_generic,
+        access_get_array_length,
+        access_get_string_length,
+    };
+
+    struct StructureStubInfo {
+        StructureStubInfo(AccessType accessType)
+            : accessType(accessType)
+            , seen(false)
+        {
+        }
+
+        void initGetByIdSelf(Structure* baseObjectStructure)
+        {
+            accessType = access_get_by_id_self;
+
+            u.getByIdSelf.baseObjectStructure = baseObjectStructure;
+            baseObjectStructure->ref();
+        }
+
+        void initGetByIdProto(Structure* baseObjectStructure, Structure* prototypeStructure)
+        {
+            accessType = access_get_by_id_proto;
+
+            u.getByIdProto.baseObjectStructure = baseObjectStructure;
+            baseObjectStructure->ref();
+
+            u.getByIdProto.prototypeStructure = prototypeStructure;
+            prototypeStructure->ref();
+        }
+
+        void initGetByIdChain(Structure* baseObjectStructure, StructureChain* chain)
+        {
+            accessType = access_get_by_id_chain;
+
+            u.getByIdChain.baseObjectStructure = baseObjectStructure;
+            baseObjectStructure->ref();
+
+            u.getByIdChain.chain = chain;
+            chain->ref();
+        }
+
+        void initGetByIdSelfList(PolymorphicAccessStructureList* structureList, int listSize)
+        {
+            accessType = access_get_by_id_self_list;
+
+            u.getByIdProtoList.structureList = structureList;
+            u.getByIdProtoList.listSize = listSize;
+        }
+
+        void initGetByIdProtoList(PolymorphicAccessStructureList* structureList, int listSize)
+        {
+            accessType = access_get_by_id_proto_list;
+
+            u.getByIdProtoList.structureList = structureList;
+            u.getByIdProtoList.listSize = listSize;
+        }
+
+        // PutById*
+
+        void initPutByIdTransition(Structure* previousStructure, Structure* structure, StructureChain* chain)
+        {
+            accessType = access_put_by_id_transition;
+
+            u.putByIdTransition.previousStructure = previousStructure;
+            previousStructure->ref();
+
+            u.putByIdTransition.structure = structure;
+            structure->ref();
+
+            u.putByIdTransition.chain = chain;
+            chain->ref();
+        }
+
+        void initPutByIdReplace(Structure* baseObjectStructure)
+        {
+            accessType = access_put_by_id_replace;
+    
+            u.putByIdReplace.baseObjectStructure = baseObjectStructure;
+            baseObjectStructure->ref();
+        }
+
+        void deref();
+
+        bool seenOnce()
+        {
+            return seen;
+        }
+
+        void setSeen()
+        {
+            seen = true;
+        }
+
+        int accessType : 31;
+        int seen : 1;
+
+        union {
+            struct {
+                Structure* baseObjectStructure;
+            } getByIdSelf;
+            struct {
+                Structure* baseObjectStructure;
+                Structure* prototypeStructure;
+            } getByIdProto;
+            struct {
+                Structure* baseObjectStructure;
+                StructureChain* chain;
+            } getByIdChain;
+            struct {
+                PolymorphicAccessStructureList* structureList;
+                int listSize;
+            } getByIdSelfList;
+            struct {
+                PolymorphicAccessStructureList* structureList;
+                int listSize;
+            } getByIdProtoList;
+            struct {
+                Structure* previousStructure;
+                Structure* structure;
+                StructureChain* chain;
+            } putByIdTransition;
+            struct {
+                Structure* baseObjectStructure;
+            } putByIdReplace;
+        } u;
+
+        CodeLocationLabel stubRoutine;
+        CodeLocationCall callReturnLocation;
+        CodeLocationLabel hotPathBegin;
+    };
+
+} // namespace JSC
+
+#endif
+
+#endif // StructureStubInfo_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
new file mode 100644
index 000000000..10a1136c5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
@@ -0,0 +1,1957 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "BytecodeGenerator.h"
+
+#include "BatchedTransitionOptimizer.h"
+#include "PrototypeFunction.h"
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "UString.h"
+
+using namespace std;
+
+namespace JSC {
+
+/*
+    The layout of a register frame looks like this:
+
+    For
+
+    function f(x, y) {
+        var v1;
+        function g() { }
+        var v2;
+        return (x) * (y);
+    }
+
+    assuming (x) and (y) generated temporaries t1 and t2, you would have
+
+    ------------------------------------
+    |  x |  y |  g | v2 | v1 | t1 | t2 | <-- value held
+    ------------------------------------
+    | -5 | -4 | -3 | -2 | -1 | +0 | +1 | <-- register index
+    ------------------------------------
+    | params->|<-locals      | temps->
+
+    Because temporary registers are allocated in a stack-like fashion, we
+    can reclaim them with a simple popping algorithm. The same goes for labels.
+    (We never reclaim parameter or local registers, because parameters and
+    locals are DontDelete.)
+
+    The register layout before a function call looks like this:
+
+    For
+
+    function f(x, y)
+    {
+    }
+
+    f(1);
+
+    >                        <------------------------------
+    <                        >  reserved: call frame  |  1 | <-- value held
+    >         >snip<         <------------------------------
+    <                        > +0 | +1 | +2 | +3 | +4 | +5 | <-- register index
+    >                        <------------------------------
+    | params->|<-locals      | temps->
+
+    The call instruction fills in the "call frame" registers. It also pads
+    missing arguments at the end of the call:
+
+    >                        <-----------------------------------
+    <                        >  reserved: call frame  |  1 |  ? | <-- value held ("?" stands for "undefined")
+    >         >snip<         <-----------------------------------
+    <                        > +0 | +1 | +2 | +3 | +4 | +5 | +6 | <-- register index
+    >                        <-----------------------------------
+    | params->|<-locals      | temps->
+
+    After filling in missing arguments, the call instruction sets up the new
+    stack frame to overlap the end of the old stack frame:
+
+                             |---------------------------------->                        <
+                             |  reserved: call frame  |  1 |  ? <                        > <-- value held ("?" stands for "undefined")
+                             |---------------------------------->         >snip<         <
+                             | -7 | -6 | -5 | -4 | -3 | -2 | -1 <                        > <-- register index
+                             |---------------------------------->                        <
+                             |                        | params->|<-locals       | temps->
+
+    That way, arguments are "copied" into the callee's stack frame for free.
+
+    If the caller supplies too many arguments, this trick doesn't work. The
+    extra arguments protrude into space reserved for locals and temporaries.
+    In that case, the call instruction makes a real copy of the call frame header,
+    along with just the arguments expected by the callee, leaving the original
+    call frame header and arguments behind. (The call instruction can't just discard
+    extra arguments, because the "arguments" object may access them later.)
+    This copying strategy ensures that all named values will be at the indices
+    expected by the callee.
+*/
+
+#ifndef NDEBUG
+static bool s_dumpsGeneratedCode = false;
+#endif
+
+void BytecodeGenerator::setDumpsGeneratedCode(bool dumpsGeneratedCode)
+{
+#ifndef NDEBUG
+    s_dumpsGeneratedCode = dumpsGeneratedCode;
+#else
+    UNUSED_PARAM(dumpsGeneratedCode);
+#endif
+}
+
+bool BytecodeGenerator::dumpsGeneratedCode()
+{
+#ifndef NDEBUG
+    return s_dumpsGeneratedCode;
+#else
+    return false;
+#endif
+}
+
+void BytecodeGenerator::generate()
+{
+    m_codeBlock->setThisRegister(m_thisRegister.index());
+
+    m_scopeNode->emitBytecode(*this);
+
+#ifndef NDEBUG
+    m_codeBlock->setInstructionCount(m_codeBlock->instructions().size());
+
+    if (s_dumpsGeneratedCode)
+        m_codeBlock->dump(m_scopeChain->globalObject()->globalExec());
+#endif
+
+    if ((m_codeType == FunctionCode && !m_codeBlock->needsFullScopeChain() && !m_codeBlock->usesArguments()) || m_codeType == EvalCode)
+        symbolTable().clear();
+        
+    m_codeBlock->setIsNumericCompareFunction(instructions() == m_globalData->numericCompareFunction(m_scopeChain->globalObject()->globalExec()));
+
+#if !ENABLE(OPCODE_SAMPLING)
+    if (!m_regeneratingForExceptionInfo && (m_codeType == FunctionCode || m_codeType == EvalCode))
+        m_codeBlock->clearExceptionInfo();
+#endif
+
+    m_codeBlock->shrinkToFit();
+}
+
+bool BytecodeGenerator::addVar(const Identifier& ident, bool isConstant, RegisterID*& r0)
+{
+    int index = m_calleeRegisters.size();
+    SymbolTableEntry newEntry(index, isConstant ? ReadOnly : 0);
+    pair<SymbolTable::iterator, bool> result = symbolTable().add(ident.ustring().rep(), newEntry);
+
+    if (!result.second) {
+        r0 = &registerFor(result.first->second.getIndex());
+        return false;
+    }
+
+    ++m_codeBlock->m_numVars;
+    r0 = newRegister();
+    return true;
+}
+
+bool BytecodeGenerator::addGlobalVar(const Identifier& ident, bool isConstant, RegisterID*& r0)
+{
+    int index = m_nextGlobalIndex;
+    SymbolTableEntry newEntry(index, isConstant ? ReadOnly : 0);
+    pair<SymbolTable::iterator, bool> result = symbolTable().add(ident.ustring().rep(), newEntry);
+
+    if (!result.second)
+        index = result.first->second.getIndex();
+    else {
+        --m_nextGlobalIndex;
+        m_globals.append(index + m_globalVarStorageOffset);
+    }
+
+    r0 = &registerFor(index);
+    return result.second;
+}
+
+void BytecodeGenerator::preserveLastVar()
+{
+    if ((m_firstConstantIndex = m_calleeRegisters.size()) != 0)
+        m_lastVar = &m_calleeRegisters.last();
+}
+
+BytecodeGenerator::BytecodeGenerator(ProgramNode* programNode, const Debugger* debugger, const ScopeChain& scopeChain, SymbolTable* symbolTable, ProgramCodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(!!debugger)
+    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
+    , m_scopeChain(&scopeChain)
+    , m_symbolTable(symbolTable)
+    , m_scopeNode(programNode)
+    , m_codeBlock(codeBlock)
+    , m_thisRegister(RegisterFile::ProgramCodeThisRegister)
+    , m_finallyDepth(0)
+    , m_dynamicScopeDepth(0)
+    , m_baseScopeDepth(0)
+    , m_codeType(GlobalCode)
+    , m_nextGlobalIndex(-1)
+    , m_nextConstantOffset(0)
+    , m_globalConstantIndex(0)
+    , m_globalData(&scopeChain.globalObject()->globalExec()->globalData())
+    , m_lastOpcodeID(op_end)
+    , m_emitNodeDepth(0)
+    , m_regeneratingForExceptionInfo(false)
+    , m_codeBlockBeingRegeneratedFrom(0)
+{
+    if (m_shouldEmitDebugHooks)
+        m_codeBlock->setNeedsFullScopeChain(true);
+
+    emitOpcode(op_enter);
+    codeBlock->setGlobalData(m_globalData);
+
+    // FIXME: Move code that modifies the global object to Interpreter::execute.
+    
+    m_codeBlock->m_numParameters = 1; // Allocate space for "this"
+
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+    ExecState* exec = globalObject->globalExec();
+    RegisterFile* registerFile = &exec->globalData().interpreter->registerFile();
+    
+    // Shift register indexes in generated code to elide registers allocated by intermediate stack frames.
+    m_globalVarStorageOffset = -RegisterFile::CallFrameHeaderSize - m_codeBlock->m_numParameters - registerFile->size();
+
+    // Add previously defined symbols to bookkeeping.
+    m_globals.grow(symbolTable->size());
+    SymbolTable::iterator end = symbolTable->end();
+    for (SymbolTable::iterator it = symbolTable->begin(); it != end; ++it)
+        registerFor(it->second.getIndex()).setIndex(it->second.getIndex() + m_globalVarStorageOffset);
+        
+    BatchedTransitionOptimizer optimizer(globalObject);
+
+    const VarStack& varStack = programNode->varStack();
+    const FunctionStack& functionStack = programNode->functionStack();
+    bool canOptimizeNewGlobals = symbolTable->size() + functionStack.size() + varStack.size() < registerFile->maxGlobals();
+    if (canOptimizeNewGlobals) {
+        // Shift new symbols so they get stored prior to existing symbols.
+        m_nextGlobalIndex -= symbolTable->size();
+
+        for (size_t i = 0; i < functionStack.size(); ++i) {
+            FunctionBodyNode* function = functionStack[i];
+            globalObject->removeDirect(function->ident()); // Make sure our new function is not shadowed by an old property.
+            emitNewFunction(addGlobalVar(function->ident(), false), function);
+        }
+
+        Vector<RegisterID*, 32> newVars;
+        for (size_t i = 0; i < varStack.size(); ++i)
+            if (!globalObject->hasProperty(exec, *varStack[i].first))
+                newVars.append(addGlobalVar(*varStack[i].first, varStack[i].second & DeclarationStacks::IsConstant));
+
+        preserveLastVar();
+
+        for (size_t i = 0; i < newVars.size(); ++i)
+            emitLoad(newVars[i], jsUndefined());
+    } else {
+        for (size_t i = 0; i < functionStack.size(); ++i) {
+            FunctionBodyNode* function = functionStack[i];
+            globalObject->putWithAttributes(exec, function->ident(), new (exec) JSFunction(exec, makeFunction(exec, function), scopeChain.node()), DontDelete);
+        }
+        for (size_t i = 0; i < varStack.size(); ++i) {
+            if (globalObject->hasProperty(exec, *varStack[i].first))
+                continue;
+            int attributes = DontDelete;
+            if (varStack[i].second & DeclarationStacks::IsConstant)
+                attributes |= ReadOnly;
+            globalObject->putWithAttributes(exec, *varStack[i].first, jsUndefined(), attributes);
+        }
+
+        preserveLastVar();
+    }
+}
+
+BytecodeGenerator::BytecodeGenerator(FunctionBodyNode* functionBody, const Debugger* debugger, const ScopeChain& scopeChain, SymbolTable* symbolTable, CodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(!!debugger)
+    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
+    , m_scopeChain(&scopeChain)
+    , m_symbolTable(symbolTable)
+    , m_scopeNode(functionBody)
+    , m_codeBlock(codeBlock)
+    , m_finallyDepth(0)
+    , m_dynamicScopeDepth(0)
+    , m_baseScopeDepth(0)
+    , m_codeType(FunctionCode)
+    , m_nextConstantOffset(0)
+    , m_globalConstantIndex(0)
+    , m_globalData(&scopeChain.globalObject()->globalExec()->globalData())
+    , m_lastOpcodeID(op_end)
+    , m_emitNodeDepth(0)
+    , m_regeneratingForExceptionInfo(false)
+    , m_codeBlockBeingRegeneratedFrom(0)
+{
+    if (m_shouldEmitDebugHooks)
+        m_codeBlock->setNeedsFullScopeChain(true);
+
+    codeBlock->setGlobalData(m_globalData);
+
+    bool usesArguments = functionBody->usesArguments();
+    codeBlock->setUsesArguments(usesArguments);
+    if (usesArguments) {
+        m_argumentsRegister.setIndex(RegisterFile::OptionalCalleeArguments);
+        addVar(propertyNames().arguments, false);
+    }
+
+    if (m_codeBlock->needsFullScopeChain()) {
+        ++m_codeBlock->m_numVars;
+        m_activationRegisterIndex = newRegister()->index();
+        emitOpcode(op_enter_with_activation);
+        instructions().append(m_activationRegisterIndex);
+    } else
+        emitOpcode(op_enter);
+
+    if (usesArguments) {
+        emitOpcode(op_init_arguments);
+
+        // The debugger currently retrieves the arguments object from an activation rather than pulling
+        // it from a call frame.  In the long-term it should stop doing that (<rdar://problem/6911886>),
+        // but for now we force eager creation of the arguments object when debugging.
+        if (m_shouldEmitDebugHooks)
+            emitOpcode(op_create_arguments);
+    }
+
+    const DeclarationStacks::FunctionStack& functionStack = functionBody->functionStack();
+    for (size_t i = 0; i < functionStack.size(); ++i) {
+        FunctionBodyNode* function = functionStack[i];
+        const Identifier& ident = function->ident();
+        m_functions.add(ident.ustring().rep());
+        emitNewFunction(addVar(ident, false), function);
+    }
+
+    const DeclarationStacks::VarStack& varStack = functionBody->varStack();
+    for (size_t i = 0; i < varStack.size(); ++i)
+        addVar(*varStack[i].first, varStack[i].second & DeclarationStacks::IsConstant);
+
+    FunctionParameters& parameters = *functionBody->parameters();
+    size_t parameterCount = parameters.size();
+    m_nextParameterIndex = -RegisterFile::CallFrameHeaderSize - parameterCount - 1;
+    m_parameters.grow(1 + parameterCount); // reserve space for "this"
+
+    // Add "this" as a parameter
+    m_thisRegister.setIndex(m_nextParameterIndex);
+    ++m_nextParameterIndex;
+    ++m_codeBlock->m_numParameters;
+
+    if (functionBody->usesThis() || m_shouldEmitDebugHooks) {
+        emitOpcode(op_convert_this);
+        instructions().append(m_thisRegister.index());
+    }
+    
+    for (size_t i = 0; i < parameterCount; ++i)
+        addParameter(parameters[i]);
+
+    preserveLastVar();
+}
+
+BytecodeGenerator::BytecodeGenerator(EvalNode* evalNode, const Debugger* debugger, const ScopeChain& scopeChain, SymbolTable* symbolTable, EvalCodeBlock* codeBlock)
+    : m_shouldEmitDebugHooks(!!debugger)
+    , m_shouldEmitProfileHooks(scopeChain.globalObject()->supportsProfiling())
+    , m_scopeChain(&scopeChain)
+    , m_symbolTable(symbolTable)
+    , m_scopeNode(evalNode)
+    , m_codeBlock(codeBlock)
+    , m_thisRegister(RegisterFile::ProgramCodeThisRegister)
+    , m_finallyDepth(0)
+    , m_dynamicScopeDepth(0)
+    , m_baseScopeDepth(codeBlock->baseScopeDepth())
+    , m_codeType(EvalCode)
+    , m_nextConstantOffset(0)
+    , m_globalConstantIndex(0)
+    , m_globalData(&scopeChain.globalObject()->globalExec()->globalData())
+    , m_lastOpcodeID(op_end)
+    , m_emitNodeDepth(0)
+    , m_regeneratingForExceptionInfo(false)
+    , m_codeBlockBeingRegeneratedFrom(0)
+{
+    if (m_shouldEmitDebugHooks || m_baseScopeDepth)
+        m_codeBlock->setNeedsFullScopeChain(true);
+
+    emitOpcode(op_enter);
+    codeBlock->setGlobalData(m_globalData);
+    m_codeBlock->m_numParameters = 1; // Allocate space for "this"
+
+    const DeclarationStacks::FunctionStack& functionStack = evalNode->functionStack();
+    for (size_t i = 0; i < functionStack.size(); ++i)
+        m_codeBlock->addFunctionDecl(makeFunction(m_globalData, functionStack[i]));
+
+    const DeclarationStacks::VarStack& varStack = evalNode->varStack();
+    unsigned numVariables = varStack.size();
+    Vector<Identifier> variables;
+    variables.reserveCapacity(numVariables);
+    for (size_t i = 0; i < numVariables; ++i)
+        variables.append(*varStack[i].first);
+    codeBlock->adoptVariables(variables);
+
+    preserveLastVar();
+}
+
+RegisterID* BytecodeGenerator::addParameter(const Identifier& ident)
+{
+    // Parameters overwrite var declarations, but not function declarations.
+    RegisterID* result = 0;
+    UString::Rep* rep = ident.ustring().rep();
+    if (!m_functions.contains(rep)) {
+        symbolTable().set(rep, m_nextParameterIndex);
+        RegisterID& parameter = registerFor(m_nextParameterIndex);
+        parameter.setIndex(m_nextParameterIndex);
+        result = &parameter;
+    }
+
+    // To maintain the calling convention, we have to allocate unique space for
+    // each parameter, even if the parameter doesn't make it into the symbol table.
+    ++m_nextParameterIndex;
+    ++m_codeBlock->m_numParameters;
+    return result;
+}
+
+RegisterID* BytecodeGenerator::registerFor(const Identifier& ident)
+{
+    if (ident == propertyNames().thisIdentifier)
+        return &m_thisRegister;
+
+    if (!shouldOptimizeLocals())
+        return 0;
+
+    SymbolTableEntry entry = symbolTable().get(ident.ustring().rep());
+    if (entry.isNull())
+        return 0;
+
+    if (ident == propertyNames().arguments)
+        createArgumentsIfNecessary();
+
+    return &registerFor(entry.getIndex());
+}
+
+bool BytecodeGenerator::willResolveToArguments(const Identifier& ident)
+{
+    if (ident != propertyNames().arguments)
+        return false;
+    
+    if (!shouldOptimizeLocals())
+        return false;
+    
+    SymbolTableEntry entry = symbolTable().get(ident.ustring().rep());
+    if (entry.isNull())
+        return false;
+    
+    if (m_codeBlock->usesArguments() && m_codeType == FunctionCode)
+        return true;
+    
+    return false;
+}
+
+RegisterID* BytecodeGenerator::uncheckedRegisterForArguments()
+{
+    ASSERT(willResolveToArguments(propertyNames().arguments));
+
+    SymbolTableEntry entry = symbolTable().get(propertyNames().arguments.ustring().rep());
+    ASSERT(!entry.isNull());
+    return &registerFor(entry.getIndex());
+}
+
+RegisterID* BytecodeGenerator::constRegisterFor(const Identifier& ident)
+{
+    if (m_codeType == EvalCode)
+        return 0;
+
+    SymbolTableEntry entry = symbolTable().get(ident.ustring().rep());
+    if (entry.isNull())
+        return 0;
+
+    return &registerFor(entry.getIndex());
+}
+
+bool BytecodeGenerator::isLocal(const Identifier& ident)
+{
+    if (ident == propertyNames().thisIdentifier)
+        return true;
+    
+    return shouldOptimizeLocals() && symbolTable().contains(ident.ustring().rep());
+}
+
+bool BytecodeGenerator::isLocalConstant(const Identifier& ident)
+{
+    return symbolTable().get(ident.ustring().rep()).isReadOnly();
+}
+
+RegisterID* BytecodeGenerator::newRegister()
+{
+    m_calleeRegisters.append(m_calleeRegisters.size());
+    m_codeBlock->m_numCalleeRegisters = max<int>(m_codeBlock->m_numCalleeRegisters, m_calleeRegisters.size());
+    return &m_calleeRegisters.last();
+}
+
+RegisterID* BytecodeGenerator::newTemporary()
+{
+    // Reclaim free register IDs.
+    while (m_calleeRegisters.size() && !m_calleeRegisters.last().refCount())
+        m_calleeRegisters.removeLast();
+        
+    RegisterID* result = newRegister();
+    result->setTemporary();
+    return result;
+}
+
+RegisterID* BytecodeGenerator::highestUsedRegister()
+{
+    size_t count = m_codeBlock->m_numCalleeRegisters;
+    while (m_calleeRegisters.size() < count)
+        newRegister();
+    return &m_calleeRegisters.last();
+}
+
+PassRefPtr<LabelScope> BytecodeGenerator::newLabelScope(LabelScope::Type type, const Identifier* name)
+{
+    // Reclaim free label scopes.
+    while (m_labelScopes.size() && !m_labelScopes.last().refCount())
+        m_labelScopes.removeLast();
+
+    // Allocate new label scope.
+    LabelScope scope(type, name, scopeDepth(), newLabel(), type == LabelScope::Loop ? newLabel() : PassRefPtr<Label>(0)); // Only loops have continue targets.
+    m_labelScopes.append(scope);
+    return &m_labelScopes.last();
+}
+
+PassRefPtr<Label> BytecodeGenerator::newLabel()
+{
+    // Reclaim free label IDs.
+    while (m_labels.size() && !m_labels.last().refCount())
+        m_labels.removeLast();
+
+    // Allocate new label ID.
+    m_labels.append(m_codeBlock);
+    return &m_labels.last();
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitLabel(Label* l0)
+{
+    unsigned newLabelIndex = instructions().size();
+    l0->setLocation(newLabelIndex);
+
+    if (m_codeBlock->numberOfJumpTargets()) {
+        unsigned lastLabelIndex = m_codeBlock->lastJumpTarget();
+        ASSERT(lastLabelIndex <= newLabelIndex);
+        if (newLabelIndex == lastLabelIndex) {
+            // Peephole optimizations have already been disabled by emitting the last label
+            return l0;
+        }
+    }
+
+    m_codeBlock->addJumpTarget(newLabelIndex);
+
+    // This disables peephole optimizations when an instruction is a jump target
+    m_lastOpcodeID = op_end;
+    return l0;
+}
+
+void BytecodeGenerator::emitOpcode(OpcodeID opcodeID)
+{
+    instructions().append(globalData()->interpreter->getOpcode(opcodeID));
+    m_lastOpcodeID = opcodeID;
+}
+
+void BytecodeGenerator::retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index)
+{
+    ASSERT(instructions().size() >= 4);
+    size_t size = instructions().size();
+    dstIndex = instructions().at(size - 3).u.operand;
+    src1Index = instructions().at(size - 2).u.operand;
+    src2Index = instructions().at(size - 1).u.operand;
+}
+
+void BytecodeGenerator::retrieveLastUnaryOp(int& dstIndex, int& srcIndex)
+{
+    ASSERT(instructions().size() >= 3);
+    size_t size = instructions().size();
+    dstIndex = instructions().at(size - 2).u.operand;
+    srcIndex = instructions().at(size - 1).u.operand;
+}
+
+void ALWAYS_INLINE BytecodeGenerator::rewindBinaryOp()
+{
+    ASSERT(instructions().size() >= 4);
+    instructions().shrink(instructions().size() - 4);
+}
+
+void ALWAYS_INLINE BytecodeGenerator::rewindUnaryOp()
+{
+    ASSERT(instructions().size() >= 3);
+    instructions().shrink(instructions().size() - 3);
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJump(Label* target)
+{
+    emitOpcode(target->isForward() ? op_jmp : op_loop);
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpIfTrue(RegisterID* cond, Label* target)
+{
+    if (m_lastOpcodeID == op_less && !target->isForward()) {
+        int dstIndex;
+        int src1Index;
+        int src2Index;
+
+        retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindBinaryOp();
+            emitOpcode(op_loop_if_less);
+            instructions().append(src1Index);
+            instructions().append(src2Index);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_lesseq && !target->isForward()) {
+        int dstIndex;
+        int src1Index;
+        int src2Index;
+
+        retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindBinaryOp();
+            emitOpcode(op_loop_if_lesseq);
+            instructions().append(src1Index);
+            instructions().append(src2Index);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_eq_null && target->isForward()) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindUnaryOp();
+            emitOpcode(op_jeq_null);
+            instructions().append(srcIndex);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_neq_null && target->isForward()) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindUnaryOp();
+            emitOpcode(op_jneq_null);
+            instructions().append(srcIndex);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    }
+
+    emitOpcode(target->isForward() ? op_jtrue : op_loop_if_true);
+    instructions().append(cond->index());
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpIfFalse(RegisterID* cond, Label* target)
+{
+    ASSERT(target->isForward());
+
+    if (m_lastOpcodeID == op_less) {
+        int dstIndex;
+        int src1Index;
+        int src2Index;
+
+        retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindBinaryOp();
+            emitOpcode(op_jnless);
+            instructions().append(src1Index);
+            instructions().append(src2Index);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_lesseq) {
+        int dstIndex;
+        int src1Index;
+        int src2Index;
+
+        retrieveLastBinaryOp(dstIndex, src1Index, src2Index);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindBinaryOp();
+            emitOpcode(op_jnlesseq);
+            instructions().append(src1Index);
+            instructions().append(src2Index);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_not) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindUnaryOp();
+            emitOpcode(op_jtrue);
+            instructions().append(srcIndex);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_eq_null) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindUnaryOp();
+            emitOpcode(op_jneq_null);
+            instructions().append(srcIndex);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    } else if (m_lastOpcodeID == op_neq_null) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (cond->index() == dstIndex && cond->isTemporary() && !cond->refCount()) {
+            rewindUnaryOp();
+            emitOpcode(op_jeq_null);
+            instructions().append(srcIndex);
+            instructions().append(target->offsetFrom(instructions().size()));
+            return target;
+        }
+    }
+
+    emitOpcode(op_jfalse);
+    instructions().append(cond->index());
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label* target)
+{
+    emitOpcode(op_jneq_ptr);
+    instructions().append(cond->index());
+    instructions().append(m_scopeChain->globalObject()->d()->callFunction);
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionApply(RegisterID* cond, Label* target)
+{
+    emitOpcode(op_jneq_ptr);
+    instructions().append(cond->index());
+    instructions().append(m_scopeChain->globalObject()->d()->applyFunction);
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+unsigned BytecodeGenerator::addConstant(const Identifier& ident)
+{
+    UString::Rep* rep = ident.ustring().rep();
+    pair<IdentifierMap::iterator, bool> result = m_identifierMap.add(rep, m_codeBlock->numberOfIdentifiers());
+    if (result.second) // new entry
+        m_codeBlock->addIdentifier(Identifier(m_globalData, rep));
+
+    return result.first->second;
+}
+
+RegisterID* BytecodeGenerator::addConstantValue(JSValue v)
+{
+    int index = m_nextConstantOffset;
+
+    pair<JSValueMap::iterator, bool> result = m_jsValueMap.add(JSValue::encode(v), m_nextConstantOffset);
+    if (result.second) {
+        m_constantPoolRegisters.append(FirstConstantRegisterIndex + m_nextConstantOffset);
+        ++m_nextConstantOffset;
+        m_codeBlock->addConstantRegister(JSValue(v));
+    } else
+        index = result.first->second;
+
+    return &m_constantPoolRegisters[index];
+}
+
+unsigned BytecodeGenerator::addRegExp(RegExp* r)
+{
+    return m_codeBlock->addRegExp(r);
+}
+
+RegisterID* BytecodeGenerator::emitMove(RegisterID* dst, RegisterID* src)
+{
+    emitOpcode(op_mov);
+    instructions().append(dst->index());
+    instructions().append(src->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src)
+{
+    emitOpcode(opcodeID);
+    instructions().append(dst->index());
+    instructions().append(src->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPreInc(RegisterID* srcDst)
+{
+    emitOpcode(op_pre_inc);
+    instructions().append(srcDst->index());
+    return srcDst;
+}
+
+RegisterID* BytecodeGenerator::emitPreDec(RegisterID* srcDst)
+{
+    emitOpcode(op_pre_dec);
+    instructions().append(srcDst->index());
+    return srcDst;
+}
+
+RegisterID* BytecodeGenerator::emitPostInc(RegisterID* dst, RegisterID* srcDst)
+{
+    emitOpcode(op_post_inc);
+    instructions().append(dst->index());
+    instructions().append(srcDst->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPostDec(RegisterID* dst, RegisterID* srcDst)
+{
+    emitOpcode(op_post_dec);
+    instructions().append(dst->index());
+    instructions().append(srcDst->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitBinaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes types)
+{
+    emitOpcode(opcodeID);
+    instructions().append(dst->index());
+    instructions().append(src1->index());
+    instructions().append(src2->index());
+
+    if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor ||
+        opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div)
+        instructions().append(types.toInt());
+
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitEqualityOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2)
+{
+    if (m_lastOpcodeID == op_typeof) {
+        int dstIndex;
+        int srcIndex;
+
+        retrieveLastUnaryOp(dstIndex, srcIndex);
+
+        if (src1->index() == dstIndex
+            && src1->isTemporary()
+            && m_codeBlock->isConstantRegisterIndex(src2->index())
+            && m_codeBlock->constantRegister(src2->index()).jsValue().isString()) {
+            const UString& value = asString(m_codeBlock->constantRegister(src2->index()).jsValue())->value();
+            if (value == "undefined") {
+                rewindUnaryOp();
+                emitOpcode(op_is_undefined);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+            if (value == "boolean") {
+                rewindUnaryOp();
+                emitOpcode(op_is_boolean);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+            if (value == "number") {
+                rewindUnaryOp();
+                emitOpcode(op_is_number);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+            if (value == "string") {
+                rewindUnaryOp();
+                emitOpcode(op_is_string);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+            if (value == "object") {
+                rewindUnaryOp();
+                emitOpcode(op_is_object);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+            if (value == "function") {
+                rewindUnaryOp();
+                emitOpcode(op_is_function);
+                instructions().append(dst->index());
+                instructions().append(srcIndex);
+                return dst;
+            }
+        }
+    }
+
+    emitOpcode(opcodeID);
+    instructions().append(dst->index());
+    instructions().append(src1->index());
+    instructions().append(src2->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, bool b)
+{
+    return emitLoad(dst, jsBoolean(b));
+}
+
+RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, double number)
+{
+    // FIXME: Our hash tables won't hold infinity, so we make a new JSNumberCell each time.
+    // Later we can do the extra work to handle that like the other cases.
+    if (number == HashTraits<double>::emptyValue() || HashTraits<double>::isDeletedValue(number))
+        return emitLoad(dst, jsNumber(globalData(), number));
+    JSValue& valueInMap = m_numberMap.add(number, JSValue()).first->second;
+    if (!valueInMap)
+        valueInMap = jsNumber(globalData(), number);
+    return emitLoad(dst, valueInMap);
+}
+
+RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, const Identifier& identifier)
+{
+    JSString*& stringInMap = m_stringMap.add(identifier.ustring().rep(), 0).first->second;
+    if (!stringInMap)
+        stringInMap = jsOwnedString(globalData(), identifier.ustring());
+    return emitLoad(dst, JSValue(stringInMap));
+}
+
+RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, JSValue v)
+{
+    RegisterID* constantID = addConstantValue(v);
+    if (dst)
+        return emitMove(dst, constantID);
+    return constantID;
+}
+
+bool BytecodeGenerator::findScopedProperty(const Identifier& property, int& index, size_t& stackDepth, bool forWriting, JSObject*& globalObject)
+{
+    // Cases where we cannot statically optimize the lookup.
+    if (property == propertyNames().arguments || !canOptimizeNonLocals()) {
+        stackDepth = 0;
+        index = missingSymbolMarker();
+
+        if (shouldOptimizeLocals() && m_codeType == GlobalCode) {
+            ScopeChainIterator iter = m_scopeChain->begin();
+            globalObject = *iter;
+            ASSERT((++iter) == m_scopeChain->end());
+        }
+        return false;
+    }
+
+    size_t depth = 0;
+    
+    ScopeChainIterator iter = m_scopeChain->begin();
+    ScopeChainIterator end = m_scopeChain->end();
+    for (; iter != end; ++iter, ++depth) {
+        JSObject* currentScope = *iter;
+        if (!currentScope->isVariableObject())
+            break;
+        JSVariableObject* currentVariableObject = static_cast<JSVariableObject*>(currentScope);
+        SymbolTableEntry entry = currentVariableObject->symbolTable().get(property.ustring().rep());
+
+        // Found the property
+        if (!entry.isNull()) {
+            if (entry.isReadOnly() && forWriting) {
+                stackDepth = 0;
+                index = missingSymbolMarker();
+                if (++iter == end)
+                    globalObject = currentVariableObject;
+                return false;
+            }
+            stackDepth = depth;
+            index = entry.getIndex();
+            if (++iter == end)
+                globalObject = currentVariableObject;
+            return true;
+        }
+        if (currentVariableObject->isDynamicScope())
+            break;
+    }
+
+    // Can't locate the property but we're able to avoid a few lookups.
+    stackDepth = depth;
+    index = missingSymbolMarker();
+    JSObject* scope = *iter;
+    if (++iter == end)
+        globalObject = scope;
+    return true;
+}
+
+RegisterID* BytecodeGenerator::emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* base, RegisterID* basePrototype)
+{ 
+    emitOpcode(op_instanceof);
+    instructions().append(dst->index());
+    instructions().append(value->index());
+    instructions().append(base->index());
+    instructions().append(basePrototype->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitResolve(RegisterID* dst, const Identifier& property)
+{
+    size_t depth = 0;
+    int index = 0;
+    JSObject* globalObject = 0;
+    if (!findScopedProperty(property, index, depth, false, globalObject) && !globalObject) {
+        // We can't optimise at all :-(
+        emitOpcode(op_resolve);
+        instructions().append(dst->index());
+        instructions().append(addConstant(property));
+        return dst;
+    }
+
+    if (globalObject) {
+        bool forceGlobalResolve = false;
+        if (m_regeneratingForExceptionInfo) {
+#if ENABLE(JIT)
+            forceGlobalResolve = m_codeBlockBeingRegeneratedFrom->hasGlobalResolveInfoAtBytecodeOffset(instructions().size());
+#else
+            forceGlobalResolve = m_codeBlockBeingRegeneratedFrom->hasGlobalResolveInstructionAtBytecodeOffset(instructions().size());
+#endif
+        }
+
+        if (index != missingSymbolMarker() && !forceGlobalResolve) {
+            // Directly index the property lookup across multiple scopes.
+            return emitGetScopedVar(dst, depth, index, globalObject);
+        }
+
+#if ENABLE(JIT)
+        m_codeBlock->addGlobalResolveInfo(instructions().size());
+#else
+        m_codeBlock->addGlobalResolveInstruction(instructions().size());
+#endif
+        emitOpcode(op_resolve_global);
+        instructions().append(dst->index());
+        instructions().append(globalObject);
+        instructions().append(addConstant(property));
+        instructions().append(0);
+        instructions().append(0);
+        return dst;
+    }
+
+    if (index != missingSymbolMarker()) {
+        // Directly index the property lookup across multiple scopes.
+        return emitGetScopedVar(dst, depth, index, globalObject);
+    }
+
+    // In this case we are at least able to drop a few scope chains from the
+    // lookup chain, although we still need to hash from then on.
+    emitOpcode(op_resolve_skip);
+    instructions().append(dst->index());
+    instructions().append(addConstant(property));
+    instructions().append(depth);
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitGetScopedVar(RegisterID* dst, size_t depth, int index, JSValue globalObject)
+{
+    if (globalObject) {
+        emitOpcode(op_get_global_var);
+        instructions().append(dst->index());
+        instructions().append(asCell(globalObject));
+        instructions().append(index);
+        return dst;
+    }
+
+    emitOpcode(op_get_scoped_var);
+    instructions().append(dst->index());
+    instructions().append(index);
+    instructions().append(depth);
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPutScopedVar(size_t depth, int index, RegisterID* value, JSValue globalObject)
+{
+    if (globalObject) {
+        emitOpcode(op_put_global_var);
+        instructions().append(asCell(globalObject));
+        instructions().append(index);
+        instructions().append(value->index());
+        return value;
+    }
+    emitOpcode(op_put_scoped_var);
+    instructions().append(index);
+    instructions().append(depth);
+    instructions().append(value->index());
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitResolveBase(RegisterID* dst, const Identifier& property)
+{
+    size_t depth = 0;
+    int index = 0;
+    JSObject* globalObject = 0;
+    findScopedProperty(property, index, depth, false, globalObject);
+    if (!globalObject) {
+        // We can't optimise at all :-(
+        emitOpcode(op_resolve_base);
+        instructions().append(dst->index());
+        instructions().append(addConstant(property));
+        return dst;
+    }
+
+    // Global object is the base
+    return emitLoad(dst, JSValue(globalObject));
+}
+
+RegisterID* BytecodeGenerator::emitResolveWithBase(RegisterID* baseDst, RegisterID* propDst, const Identifier& property)
+{
+    size_t depth = 0;
+    int index = 0;
+    JSObject* globalObject = 0;
+    if (!findScopedProperty(property, index, depth, false, globalObject) || !globalObject) {
+        // We can't optimise at all :-(
+        emitOpcode(op_resolve_with_base);
+        instructions().append(baseDst->index());
+        instructions().append(propDst->index());
+        instructions().append(addConstant(property));
+        return baseDst;
+    }
+
+    bool forceGlobalResolve = false;
+    if (m_regeneratingForExceptionInfo) {
+#if ENABLE(JIT)
+        forceGlobalResolve = m_codeBlockBeingRegeneratedFrom->hasGlobalResolveInfoAtBytecodeOffset(instructions().size());
+#else
+        forceGlobalResolve = m_codeBlockBeingRegeneratedFrom->hasGlobalResolveInstructionAtBytecodeOffset(instructions().size());
+#endif
+    }
+
+    // Global object is the base
+    emitLoad(baseDst, JSValue(globalObject));
+
+    if (index != missingSymbolMarker() && !forceGlobalResolve) {
+        // Directly index the property lookup across multiple scopes.
+        emitGetScopedVar(propDst, depth, index, globalObject);
+        return baseDst;
+    }
+
+#if ENABLE(JIT)
+    m_codeBlock->addGlobalResolveInfo(instructions().size());
+#else
+    m_codeBlock->addGlobalResolveInstruction(instructions().size());
+#endif
+    emitOpcode(op_resolve_global);
+    instructions().append(propDst->index());
+    instructions().append(globalObject);
+    instructions().append(addConstant(property));
+    instructions().append(0);
+    instructions().append(0);
+    return baseDst;
+}
+
+void BytecodeGenerator::emitMethodCheck()
+{
+    emitOpcode(op_method_check);
+}
+
+RegisterID* BytecodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property)
+{
+#if ENABLE(JIT)
+    m_codeBlock->addStructureStubInfo(StructureStubInfo(access_get_by_id));
+#else
+    m_codeBlock->addPropertyAccessInstruction(instructions().size());
+#endif
+
+    emitOpcode(op_get_by_id);
+    instructions().append(dst->index());
+    instructions().append(base->index());
+    instructions().append(addConstant(property));
+    instructions().append(0);
+    instructions().append(0);
+    instructions().append(0);
+    instructions().append(0);
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value)
+{
+#if ENABLE(JIT)
+    m_codeBlock->addStructureStubInfo(StructureStubInfo(access_put_by_id));
+#else
+    m_codeBlock->addPropertyAccessInstruction(instructions().size());
+#endif
+
+    emitOpcode(op_put_by_id);
+    instructions().append(base->index());
+    instructions().append(addConstant(property));
+    instructions().append(value->index());
+    instructions().append(0);
+    instructions().append(0);
+    instructions().append(0);
+    instructions().append(0);
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitPutGetter(RegisterID* base, const Identifier& property, RegisterID* value)
+{
+    emitOpcode(op_put_getter);
+    instructions().append(base->index());
+    instructions().append(addConstant(property));
+    instructions().append(value->index());
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitPutSetter(RegisterID* base, const Identifier& property, RegisterID* value)
+{
+    emitOpcode(op_put_setter);
+    instructions().append(base->index());
+    instructions().append(addConstant(property));
+    instructions().append(value->index());
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier& property)
+{
+    emitOpcode(op_del_by_id);
+    instructions().append(dst->index());
+    instructions().append(base->index());
+    instructions().append(addConstant(property));
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
+{
+    emitOpcode(op_get_by_val);
+    instructions().append(dst->index());
+    instructions().append(base->index());
+    instructions().append(property->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value)
+{
+    emitOpcode(op_put_by_val);
+    instructions().append(base->index());
+    instructions().append(property->index());
+    instructions().append(value->index());
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property)
+{
+    emitOpcode(op_del_by_val);
+    instructions().append(dst->index());
+    instructions().append(base->index());
+    instructions().append(property->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitPutByIndex(RegisterID* base, unsigned index, RegisterID* value)
+{
+    emitOpcode(op_put_by_index);
+    instructions().append(base->index());
+    instructions().append(index);
+    instructions().append(value->index());
+    return value;
+}
+
+RegisterID* BytecodeGenerator::emitNewObject(RegisterID* dst)
+{
+    emitOpcode(op_new_object);
+    instructions().append(dst->index());
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitNewArray(RegisterID* dst, ElementNode* elements)
+{
+    Vector<RefPtr<RegisterID>, 16> argv;
+    for (ElementNode* n = elements; n; n = n->next()) {
+        if (n->elision())
+            break;
+        argv.append(newTemporary());
+        // op_new_array requires the initial values to be a sequential range of registers
+        ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
+        emitNode(argv.last().get(), n->value());
+    }
+    emitOpcode(op_new_array);
+    instructions().append(dst->index());
+    instructions().append(argv.size() ? argv[0]->index() : 0); // argv
+    instructions().append(argv.size()); // argc
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitNewFunction(RegisterID* dst, FunctionBodyNode* function)
+{
+    unsigned index = m_codeBlock->addFunctionDecl(makeFunction(m_globalData, function));
+
+    emitOpcode(op_new_func);
+    instructions().append(dst->index());
+    instructions().append(index);
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitNewRegExp(RegisterID* dst, RegExp* regExp)
+{
+    emitOpcode(op_new_regexp);
+    instructions().append(dst->index());
+    instructions().append(addRegExp(regExp));
+    return dst;
+}
+
+
+RegisterID* BytecodeGenerator::emitNewFunctionExpression(RegisterID* r0, FuncExprNode* n)
+{
+    FunctionBodyNode* function = n->body();
+    unsigned index = m_codeBlock->addFunctionExpr(makeFunction(m_globalData, function));
+
+    emitOpcode(op_new_func_exp);
+    instructions().append(r0->index());
+    instructions().append(index);
+    return r0;
+}
+
+RegisterID* BytecodeGenerator::emitCall(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    return emitCall(op_call, dst, func, thisRegister, argumentsNode, divot, startOffset, endOffset);
+}
+
+void BytecodeGenerator::createArgumentsIfNecessary()
+{
+    if (m_codeBlock->usesArguments() && m_codeType == FunctionCode)
+        emitOpcode(op_create_arguments);
+}
+
+RegisterID* BytecodeGenerator::emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    createArgumentsIfNecessary();
+    return emitCall(op_call_eval, dst, func, thisRegister, argumentsNode, divot, startOffset, endOffset);
+}
+
+RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    ASSERT(opcodeID == op_call || opcodeID == op_call_eval);
+    ASSERT(func->refCount());
+    ASSERT(thisRegister->refCount());
+
+    RegisterID* originalFunc = func;
+    if (m_shouldEmitProfileHooks) {
+        // If codegen decided to recycle func as this call's destination register,
+        // we need to undo that optimization here so that func will still be around
+        // for the sake of op_profile_did_call.
+        if (dst == func) {
+            RefPtr<RegisterID> movedThisRegister = emitMove(newTemporary(), thisRegister);
+            RefPtr<RegisterID> movedFunc = emitMove(thisRegister, func);
+            
+            thisRegister = movedThisRegister.release().releaseRef();
+            func = movedFunc.release().releaseRef();
+        }
+    }
+
+    // Generate code for arguments.
+    Vector<RefPtr<RegisterID>, 16> argv;
+    argv.append(thisRegister);
+    for (ArgumentListNode* n = argumentsNode->m_listNode; n; n = n->m_next) {
+        argv.append(newTemporary());
+        // op_call requires the arguments to be a sequential range of registers
+        ASSERT(argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
+        emitNode(argv.last().get(), n);
+    }
+
+    // Reserve space for call frame.
+    Vector<RefPtr<RegisterID>, RegisterFile::CallFrameHeaderSize> callFrame;
+    for (int i = 0; i < RegisterFile::CallFrameHeaderSize; ++i)
+        callFrame.append(newTemporary());
+
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_will_call);
+        instructions().append(func->index());
+
+#if ENABLE(JIT)
+        m_codeBlock->addFunctionRegisterInfo(instructions().size(), func->index());
+#endif
+    }
+
+    emitExpressionInfo(divot, startOffset, endOffset);
+
+#if ENABLE(JIT)
+    m_codeBlock->addCallLinkInfo();
+#endif
+
+    // Emit call.
+    emitOpcode(opcodeID);
+    instructions().append(dst->index()); // dst
+    instructions().append(func->index()); // func
+    instructions().append(argv.size()); // argCount
+    instructions().append(argv[0]->index() + argv.size() + RegisterFile::CallFrameHeaderSize); // registerOffset
+
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_did_call);
+        instructions().append(func->index());
+
+        if (dst == originalFunc) {
+            thisRegister->deref();
+            func->deref();
+        }
+    }
+
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitLoadVarargs(RegisterID* argCountDst, RegisterID* arguments)
+{
+    ASSERT(argCountDst->index() < arguments->index());
+    emitOpcode(op_load_varargs);
+    instructions().append(argCountDst->index());
+    instructions().append(arguments->index());
+    return argCountDst;
+}
+
+RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* argCountRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    ASSERT(func->refCount());
+    ASSERT(thisRegister->refCount());
+    ASSERT(dst != func);
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_will_call);
+        instructions().append(func->index());
+        
+#if ENABLE(JIT)
+        m_codeBlock->addFunctionRegisterInfo(instructions().size(), func->index());
+#endif
+    }
+    
+    emitExpressionInfo(divot, startOffset, endOffset);
+    
+    // Emit call.
+    emitOpcode(op_call_varargs);
+    instructions().append(dst->index()); // dst
+    instructions().append(func->index()); // func
+    instructions().append(argCountRegister->index()); // arg count
+    instructions().append(thisRegister->index() + RegisterFile::CallFrameHeaderSize); // initial registerOffset
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_did_call);
+        instructions().append(func->index());
+    }
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
+{
+    if (m_codeBlock->needsFullScopeChain()) {
+        emitOpcode(op_tear_off_activation);
+        instructions().append(m_activationRegisterIndex);
+    } else if (m_codeBlock->usesArguments() && m_codeBlock->m_numParameters > 1)
+        emitOpcode(op_tear_off_arguments);
+
+    return emitUnaryNoDstOp(op_ret, src);
+}
+
+RegisterID* BytecodeGenerator::emitUnaryNoDstOp(OpcodeID opcodeID, RegisterID* src)
+{
+    emitOpcode(opcodeID);
+    instructions().append(src->index());
+    return src;
+}
+
+RegisterID* BytecodeGenerator::emitConstruct(RegisterID* dst, RegisterID* func, ArgumentsNode* argumentsNode, unsigned divot, unsigned startOffset, unsigned endOffset)
+{
+    ASSERT(func->refCount());
+
+    RegisterID* originalFunc = func;
+    if (m_shouldEmitProfileHooks) {
+        // If codegen decided to recycle func as this call's destination register,
+        // we need to undo that optimization here so that func will still be around
+        // for the sake of op_profile_did_call.
+        if (dst == func) {
+            RefPtr<RegisterID> movedFunc = emitMove(newTemporary(), func);
+            func = movedFunc.release().releaseRef();
+        }
+    }
+
+    RefPtr<RegisterID> funcProto = newTemporary();
+
+    // Generate code for arguments.
+    Vector<RefPtr<RegisterID>, 16> argv;
+    argv.append(newTemporary()); // reserve space for "this"
+    for (ArgumentListNode* n = argumentsNode ? argumentsNode->m_listNode : 0; n; n = n->m_next) {
+        argv.append(newTemporary());
+        // op_construct requires the arguments to be a sequential range of registers
+        ASSERT(argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
+        emitNode(argv.last().get(), n);
+    }
+
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_will_call);
+        instructions().append(func->index());
+    }
+
+    // Load prototype.
+    emitExpressionInfo(divot, startOffset, endOffset);
+    emitGetByIdExceptionInfo(op_construct);
+    emitGetById(funcProto.get(), func, globalData()->propertyNames->prototype);
+
+    // Reserve space for call frame.
+    Vector<RefPtr<RegisterID>, RegisterFile::CallFrameHeaderSize> callFrame;
+    for (int i = 0; i < RegisterFile::CallFrameHeaderSize; ++i)
+        callFrame.append(newTemporary());
+
+    emitExpressionInfo(divot, startOffset, endOffset);
+
+#if ENABLE(JIT)
+    m_codeBlock->addCallLinkInfo();
+#endif
+
+    emitOpcode(op_construct);
+    instructions().append(dst->index()); // dst
+    instructions().append(func->index()); // func
+    instructions().append(argv.size()); // argCount
+    instructions().append(argv[0]->index() + argv.size() + RegisterFile::CallFrameHeaderSize); // registerOffset
+    instructions().append(funcProto->index()); // proto
+    instructions().append(argv[0]->index()); // thisRegister
+
+    emitOpcode(op_construct_verify);
+    instructions().append(dst->index());
+    instructions().append(argv[0]->index());
+
+    if (m_shouldEmitProfileHooks) {
+        emitOpcode(op_profile_did_call);
+        instructions().append(func->index());
+        
+        if (dst == originalFunc)
+            func->deref();
+    }
+
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitStrcat(RegisterID* dst, RegisterID* src, int count)
+{
+    emitOpcode(op_strcat);
+    instructions().append(dst->index());
+    instructions().append(src->index());
+    instructions().append(count);
+
+    return dst;
+}
+
+void BytecodeGenerator::emitToPrimitive(RegisterID* dst, RegisterID* src)
+{
+    emitOpcode(op_to_primitive);
+    instructions().append(dst->index());
+    instructions().append(src->index());
+}
+
+RegisterID* BytecodeGenerator::emitPushScope(RegisterID* scope)
+{
+    ASSERT(scope->isTemporary());
+    ControlFlowContext context;
+    context.isFinallyBlock = false;
+    m_scopeContextStack.append(context);
+    m_dynamicScopeDepth++;
+    createArgumentsIfNecessary();
+
+    return emitUnaryNoDstOp(op_push_scope, scope);
+}
+
+void BytecodeGenerator::emitPopScope()
+{
+    ASSERT(m_scopeContextStack.size());
+    ASSERT(!m_scopeContextStack.last().isFinallyBlock);
+
+    emitOpcode(op_pop_scope);
+
+    m_scopeContextStack.removeLast();
+    m_dynamicScopeDepth--;
+}
+
+void BytecodeGenerator::emitDebugHook(DebugHookID debugHookID, int firstLine, int lastLine, int column)
+{
+    if (!m_shouldEmitDebugHooks)
+        return;
+    emitOpcode(op_debug);
+    instructions().append(debugHookID);
+    instructions().append(firstLine);
+    instructions().append(lastLine);
+    instructions().append(column);
+}
+
+void BytecodeGenerator::pushFinallyContext(Label* target, RegisterID* retAddrDst)
+{
+    ControlFlowContext scope;
+    scope.isFinallyBlock = true;
+    FinallyContext context = { target, retAddrDst };
+    scope.finallyContext = context;
+    m_scopeContextStack.append(scope);
+    m_finallyDepth++;
+}
+
+void BytecodeGenerator::popFinallyContext()
+{
+    ASSERT(m_scopeContextStack.size());
+    ASSERT(m_scopeContextStack.last().isFinallyBlock);
+    ASSERT(m_finallyDepth > 0);
+    m_scopeContextStack.removeLast();
+    m_finallyDepth--;
+}
+
+LabelScope* BytecodeGenerator::breakTarget(const Identifier& name)
+{
+    // Reclaim free label scopes.
+    //
+    // The condition was previously coded as 'm_labelScopes.size() && !m_labelScopes.last().refCount()',
+    // however sometimes this appears to lead to GCC going a little haywire and entering the loop with
+    // size 0, leading to segfaulty badness.  We are yet to identify a valid cause within our code to
+    // cause the GCC codegen to misbehave in this fashion, and as such the following refactoring of the
+    // loop condition is a workaround.
+    while (m_labelScopes.size()) {
+        if  (m_labelScopes.last().refCount())
+            break;
+        m_labelScopes.removeLast();
+    }
+
+    if (!m_labelScopes.size())
+        return 0;
+
+    // We special-case the following, which is a syntax error in Firefox:
+    // label:
+    //     break;
+    if (name.isEmpty()) {
+        for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
+            LabelScope* scope = &m_labelScopes[i];
+            if (scope->type() != LabelScope::NamedLabel) {
+                ASSERT(scope->breakTarget());
+                return scope;
+            }
+        }
+        return 0;
+    }
+
+    for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
+        LabelScope* scope = &m_labelScopes[i];
+        if (scope->name() && *scope->name() == name) {
+            ASSERT(scope->breakTarget());
+            return scope;
+        }
+    }
+    return 0;
+}
+
+LabelScope* BytecodeGenerator::continueTarget(const Identifier& name)
+{
+    // Reclaim free label scopes.
+    while (m_labelScopes.size() && !m_labelScopes.last().refCount())
+        m_labelScopes.removeLast();
+
+    if (!m_labelScopes.size())
+        return 0;
+
+    if (name.isEmpty()) {
+        for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
+            LabelScope* scope = &m_labelScopes[i];
+            if (scope->type() == LabelScope::Loop) {
+                ASSERT(scope->continueTarget());
+                return scope;
+            }
+        }
+        return 0;
+    }
+
+    // Continue to the loop nested nearest to the label scope that matches
+    // 'name'.
+    LabelScope* result = 0;
+    for (int i = m_labelScopes.size() - 1; i >= 0; --i) {
+        LabelScope* scope = &m_labelScopes[i];
+        if (scope->type() == LabelScope::Loop) {
+            ASSERT(scope->continueTarget());
+            result = scope;
+        }
+        if (scope->name() && *scope->name() == name)
+            return result; // may be 0
+    }
+    return 0;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitComplexJumpScopes(Label* target, ControlFlowContext* topScope, ControlFlowContext* bottomScope)
+{
+    while (topScope > bottomScope) {
+        // First we count the number of dynamic scopes we need to remove to get
+        // to a finally block.
+        int nNormalScopes = 0;
+        while (topScope > bottomScope) {
+            if (topScope->isFinallyBlock)
+                break;
+            ++nNormalScopes;
+            --topScope;
+        }
+
+        if (nNormalScopes) {
+            // We need to remove a number of dynamic scopes to get to the next
+            // finally block
+            emitOpcode(op_jmp_scopes);
+            instructions().append(nNormalScopes);
+
+            // If topScope == bottomScope then there isn't actually a finally block
+            // left to emit, so make the jmp_scopes jump directly to the target label
+            if (topScope == bottomScope) {
+                instructions().append(target->offsetFrom(instructions().size()));
+                return target;
+            }
+
+            // Otherwise we just use jmp_scopes to pop a group of scopes and go
+            // to the next instruction
+            RefPtr<Label> nextInsn = newLabel();
+            instructions().append(nextInsn->offsetFrom(instructions().size()));
+            emitLabel(nextInsn.get());
+        }
+
+        while (topScope > bottomScope && topScope->isFinallyBlock) {
+            emitJumpSubroutine(topScope->finallyContext.retAddrDst, topScope->finallyContext.finallyAddr);
+            --topScope;
+        }
+    }
+    return emitJump(target);
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpScopes(Label* target, int targetScopeDepth)
+{
+    ASSERT(scopeDepth() - targetScopeDepth >= 0);
+    ASSERT(target->isForward());
+
+    size_t scopeDelta = scopeDepth() - targetScopeDepth;
+    ASSERT(scopeDelta <= m_scopeContextStack.size());
+    if (!scopeDelta)
+        return emitJump(target);
+
+    if (m_finallyDepth)
+        return emitComplexJumpScopes(target, &m_scopeContextStack.last(), &m_scopeContextStack.last() - scopeDelta);
+
+    emitOpcode(op_jmp_scopes);
+    instructions().append(scopeDelta);
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+RegisterID* BytecodeGenerator::emitNextPropertyName(RegisterID* dst, RegisterID* iter, Label* target)
+{
+    emitOpcode(op_next_pname);
+    instructions().append(dst->index());
+    instructions().append(iter->index());
+    instructions().append(target->offsetFrom(instructions().size()));
+    return dst;
+}
+
+RegisterID* BytecodeGenerator::emitCatch(RegisterID* targetRegister, Label* start, Label* end)
+{
+#if ENABLE(JIT)
+    HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth + m_baseScopeDepth, CodeLocationLabel() };
+#else
+    HandlerInfo info = { start->offsetFrom(0), end->offsetFrom(0), instructions().size(), m_dynamicScopeDepth + m_baseScopeDepth };
+#endif
+
+    m_codeBlock->addExceptionHandler(info);
+    emitOpcode(op_catch);
+    instructions().append(targetRegister->index());
+    return targetRegister;
+}
+
+RegisterID* BytecodeGenerator::emitNewError(RegisterID* dst, ErrorType type, JSValue message)
+{
+    emitOpcode(op_new_error);
+    instructions().append(dst->index());
+    instructions().append(static_cast<int>(type));
+    instructions().append(addConstantValue(message)->index());
+    return dst;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpSubroutine(RegisterID* retAddrDst, Label* finally)
+{
+    emitOpcode(op_jsr);
+    instructions().append(retAddrDst->index());
+    instructions().append(finally->offsetFrom(instructions().size()));
+    emitLabel(newLabel().get()); // Record the fact that the next instruction is implicitly labeled, because op_sret will return to it.
+    return finally;
+}
+
+void BytecodeGenerator::emitSubroutineReturn(RegisterID* retAddrSrc)
+{
+    emitOpcode(op_sret);
+    instructions().append(retAddrSrc->index());
+}
+
+void BytecodeGenerator::emitPushNewScope(RegisterID* dst, const Identifier& property, RegisterID* value)
+{
+    ControlFlowContext context;
+    context.isFinallyBlock = false;
+    m_scopeContextStack.append(context);
+    m_dynamicScopeDepth++;
+    
+    createArgumentsIfNecessary();
+
+    emitOpcode(op_push_new_scope);
+    instructions().append(dst->index());
+    instructions().append(addConstant(property));
+    instructions().append(value->index());
+}
+
+void BytecodeGenerator::beginSwitch(RegisterID* scrutineeRegister, SwitchInfo::SwitchType type)
+{
+    SwitchInfo info = { instructions().size(), type };
+    switch (type) {
+        case SwitchInfo::SwitchImmediate:
+            emitOpcode(op_switch_imm);
+            break;
+        case SwitchInfo::SwitchCharacter:
+            emitOpcode(op_switch_char);
+            break;
+        case SwitchInfo::SwitchString:
+            emitOpcode(op_switch_string);
+            break;
+        default:
+            ASSERT_NOT_REACHED();
+    }
+
+    instructions().append(0); // place holder for table index
+    instructions().append(0); // place holder for default target    
+    instructions().append(scrutineeRegister->index());
+    m_switchContextStack.append(info);
+}
+
+static int32_t keyForImmediateSwitch(ExpressionNode* node, int32_t min, int32_t max)
+{
+    UNUSED_PARAM(max);
+    ASSERT(node->isNumber());
+    double value = static_cast<NumberNode*>(node)->value();
+    int32_t key = static_cast<int32_t>(value);
+    ASSERT(key == value);
+    ASSERT(key >= min);
+    ASSERT(key <= max);
+    return key - min;
+}
+
+static void prepareJumpTableForImmediateSwitch(SimpleJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes, int32_t min, int32_t max)
+{
+    jumpTable.min = min;
+    jumpTable.branchOffsets.resize(max - min + 1);
+    jumpTable.branchOffsets.fill(0);
+    for (uint32_t i = 0; i < clauseCount; ++i) {
+        // We're emitting this after the clause labels should have been fixed, so 
+        // the labels should not be "forward" references
+        ASSERT(!labels[i]->isForward());
+        jumpTable.add(keyForImmediateSwitch(nodes[i], min, max), labels[i]->offsetFrom(switchAddress)); 
+    }
+}
+
+static int32_t keyForCharacterSwitch(ExpressionNode* node, int32_t min, int32_t max)
+{
+    UNUSED_PARAM(max);
+    ASSERT(node->isString());
+    UString::Rep* clause = static_cast<StringNode*>(node)->value().ustring().rep();
+    ASSERT(clause->size() == 1);
+    
+    int32_t key = clause->data()[0];
+    ASSERT(key >= min);
+    ASSERT(key <= max);
+    return key - min;
+}
+
+static void prepareJumpTableForCharacterSwitch(SimpleJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes, int32_t min, int32_t max)
+{
+    jumpTable.min = min;
+    jumpTable.branchOffsets.resize(max - min + 1);
+    jumpTable.branchOffsets.fill(0);
+    for (uint32_t i = 0; i < clauseCount; ++i) {
+        // We're emitting this after the clause labels should have been fixed, so 
+        // the labels should not be "forward" references
+        ASSERT(!labels[i]->isForward());
+        jumpTable.add(keyForCharacterSwitch(nodes[i], min, max), labels[i]->offsetFrom(switchAddress)); 
+    }
+}
+
+static void prepareJumpTableForStringSwitch(StringJumpTable& jumpTable, int32_t switchAddress, uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes)
+{
+    for (uint32_t i = 0; i < clauseCount; ++i) {
+        // We're emitting this after the clause labels should have been fixed, so 
+        // the labels should not be "forward" references
+        ASSERT(!labels[i]->isForward());
+        
+        ASSERT(nodes[i]->isString());
+        UString::Rep* clause = static_cast<StringNode*>(nodes[i])->value().ustring().rep();
+        OffsetLocation location;
+        location.branchOffset = labels[i]->offsetFrom(switchAddress);
+        jumpTable.offsetTable.add(clause, location);
+    }
+}
+
+void BytecodeGenerator::endSwitch(uint32_t clauseCount, RefPtr<Label>* labels, ExpressionNode** nodes, Label* defaultLabel, int32_t min, int32_t max)
+{
+    SwitchInfo switchInfo = m_switchContextStack.last();
+    m_switchContextStack.removeLast();
+    if (switchInfo.switchType == SwitchInfo::SwitchImmediate) {
+        instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfImmediateSwitchJumpTables();
+        instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->offsetFrom(switchInfo.bytecodeOffset + 3);
+
+        SimpleJumpTable& jumpTable = m_codeBlock->addImmediateSwitchJumpTable();
+        prepareJumpTableForImmediateSwitch(jumpTable, switchInfo.bytecodeOffset + 3, clauseCount, labels, nodes, min, max);
+    } else if (switchInfo.switchType == SwitchInfo::SwitchCharacter) {
+        instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfCharacterSwitchJumpTables();
+        instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->offsetFrom(switchInfo.bytecodeOffset + 3);
+        
+        SimpleJumpTable& jumpTable = m_codeBlock->addCharacterSwitchJumpTable();
+        prepareJumpTableForCharacterSwitch(jumpTable, switchInfo.bytecodeOffset + 3, clauseCount, labels, nodes, min, max);
+    } else {
+        ASSERT(switchInfo.switchType == SwitchInfo::SwitchString);
+        instructions()[switchInfo.bytecodeOffset + 1] = m_codeBlock->numberOfStringSwitchJumpTables();
+        instructions()[switchInfo.bytecodeOffset + 2] = defaultLabel->offsetFrom(switchInfo.bytecodeOffset + 3);
+
+        StringJumpTable& jumpTable = m_codeBlock->addStringSwitchJumpTable();
+        prepareJumpTableForStringSwitch(jumpTable, switchInfo.bytecodeOffset + 3, clauseCount, labels, nodes);
+    }
+}
+
+RegisterID* BytecodeGenerator::emitThrowExpressionTooDeepException()
+{
+    // It would be nice to do an even better job of identifying exactly where the expression is.
+    // And we could make the caller pass the node pointer in, if there was some way of getting
+    // that from an arbitrary node. However, calling emitExpressionInfo without any useful data
+    // is still good enough to get us an accurate line number.
+    emitExpressionInfo(0, 0, 0);
+    RegisterID* exception = emitNewError(newTemporary(), SyntaxError, jsString(globalData(), "Expression too deep"));
+    emitThrow(exception);
+    return exception;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.h
new file mode 100644
index 000000000..f614f0bd6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/BytecodeGenerator.h
@@ -0,0 +1,499 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BytecodeGenerator_h
+#define BytecodeGenerator_h
+
+#include "CodeBlock.h"
+#include "HashTraits.h"
+#include "Instruction.h"
+#include "Label.h"
+#include "LabelScope.h"
+#include "Interpreter.h"
+#include "RegisterID.h"
+#include "SymbolTable.h"
+#include "Debugger.h"
+#include "Nodes.h"
+#include <wtf/FastAllocBase.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/SegmentedVector.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    class Identifier;
+    class ScopeChain;
+    class ScopeNode;
+
+    struct FinallyContext {
+        Label* finallyAddr;
+        RegisterID* retAddrDst;
+    };
+
+    struct ControlFlowContext {
+        bool isFinallyBlock;
+        FinallyContext finallyContext;
+    };
+
+    class BytecodeGenerator : public FastAllocBase {
+    public:
+        typedef DeclarationStacks::VarStack VarStack;
+        typedef DeclarationStacks::FunctionStack FunctionStack;
+
+        static void setDumpsGeneratedCode(bool dumpsGeneratedCode);
+        static bool dumpsGeneratedCode();
+
+        BytecodeGenerator(ProgramNode*, const Debugger*, const ScopeChain&, SymbolTable*, ProgramCodeBlock*);
+        BytecodeGenerator(FunctionBodyNode*, const Debugger*, const ScopeChain&, SymbolTable*, CodeBlock*);
+        BytecodeGenerator(EvalNode*, const Debugger*, const ScopeChain&, SymbolTable*, EvalCodeBlock*);
+
+        JSGlobalData* globalData() const { return m_globalData; }
+        const CommonIdentifiers& propertyNames() const { return *m_globalData->propertyNames; }
+
+        void generate();
+
+        // Returns the register corresponding to a local variable, or 0 if no
+        // such register exists. Registers returned by registerFor do not
+        // require explicit reference counting.
+        RegisterID* registerFor(const Identifier&);
+        
+        bool willResolveToArguments(const Identifier&);
+        RegisterID* uncheckedRegisterForArguments();
+
+        // Behaves as registerFor does, but ignores dynamic scope as
+        // dynamic scope should not interfere with const initialisation
+        RegisterID* constRegisterFor(const Identifier&);
+
+        // Searches the scope chain in an attempt to  statically locate the requested
+        // property.  Returns false if for any reason the property cannot be safely
+        // optimised at all.  Otherwise it will return the index and depth of the
+        // VariableObject that defines the property.  If the property cannot be found
+        // statically, depth will contain the depth of the scope chain where dynamic
+        // lookup must begin.
+        //
+        // NB: depth does _not_ include the local scope.  eg. a depth of 0 refers
+        // to the scope containing this codeblock.
+        bool findScopedProperty(const Identifier&, int& index, size_t& depth, bool forWriting, JSObject*& globalObject);
+
+        // Returns the register storing "this"
+        RegisterID* thisRegister() { return &m_thisRegister; }
+
+        bool isLocal(const Identifier&);
+        bool isLocalConstant(const Identifier&);
+
+        // Returns the next available temporary register. Registers returned by
+        // newTemporary require a modified form of reference counting: any
+        // register with a refcount of 0 is considered "available", meaning that
+        // the next instruction may overwrite it.
+        RegisterID* newTemporary();
+
+        RegisterID* highestUsedRegister();
+
+        // The same as newTemporary(), but this function returns "suggestion" if
+        // "suggestion" is a temporary. This function is helpful in situations
+        // where you've put "suggestion" in a RefPtr, but you'd like to allow
+        // the next instruction to overwrite it anyway.
+        RegisterID* newTemporaryOr(RegisterID* suggestion) { return suggestion->isTemporary() ? suggestion : newTemporary(); }
+
+        // Functions for handling of dst register
+
+        RegisterID* ignoredResult() { return &m_ignoredResultRegister; }
+
+        // Returns a place to write intermediate values of an operation
+        // which reuses dst if it is safe to do so.
+        RegisterID* tempDestination(RegisterID* dst)
+        {
+            return (dst && dst != ignoredResult() && dst->isTemporary()) ? dst : newTemporary();
+        }
+
+        // Returns the place to write the final output of an operation.
+        RegisterID* finalDestination(RegisterID* originalDst, RegisterID* tempDst = 0)
+        {
+            if (originalDst && originalDst != ignoredResult())
+                return originalDst;
+            ASSERT(tempDst != ignoredResult());
+            if (tempDst && tempDst->isTemporary())
+                return tempDst;
+            return newTemporary();
+        }
+
+        RegisterID* destinationForAssignResult(RegisterID* dst)
+        {
+            if (dst && dst != ignoredResult() && m_codeBlock->needsFullScopeChain())
+                return dst->isTemporary() ? dst : newTemporary();
+            return 0;
+        }
+
+        // Moves src to dst if dst is not null and is different from src, otherwise just returns src.
+        RegisterID* moveToDestinationIfNeeded(RegisterID* dst, RegisterID* src)
+        {
+            return dst == ignoredResult() ? 0 : (dst && dst != src) ? emitMove(dst, src) : src;
+        }
+
+        PassRefPtr<LabelScope> newLabelScope(LabelScope::Type, const Identifier* = 0);
+        PassRefPtr<Label> newLabel();
+
+        // The emitNode functions are just syntactic sugar for calling
+        // Node::emitCode. These functions accept a 0 for the register,
+        // meaning that the node should allocate a register, or ignoredResult(),
+        // meaning that the node need not put the result in a register.
+        // Other emit functions do not accept 0 or ignoredResult().
+        RegisterID* emitNode(RegisterID* dst, Node* n)
+        {
+            // Node::emitCode assumes that dst, if provided, is either a local or a referenced temporary.
+            ASSERT(!dst || dst == ignoredResult() || !dst->isTemporary() || dst->refCount());
+            if (!m_codeBlock->numberOfLineInfos() || m_codeBlock->lastLineInfo().lineNumber != n->lineNo()) {
+                LineInfo info = { instructions().size(), n->lineNo() };
+                m_codeBlock->addLineInfo(info);
+            }
+            if (m_emitNodeDepth >= s_maxEmitNodeDepth)
+                return emitThrowExpressionTooDeepException();
+            ++m_emitNodeDepth;
+            RegisterID* r = n->emitBytecode(*this, dst);
+            --m_emitNodeDepth;
+            return r;
+        }
+
+        RegisterID* emitNode(Node* n)
+        {
+            return emitNode(0, n);
+        }
+
+        void emitExpressionInfo(unsigned divot, unsigned startOffset, unsigned endOffset)
+        { 
+            divot -= m_codeBlock->sourceOffset();
+            if (divot > ExpressionRangeInfo::MaxDivot) {
+                // Overflow has occurred, we can only give line number info for errors for this region
+                divot = 0;
+                startOffset = 0;
+                endOffset = 0;
+            } else if (startOffset > ExpressionRangeInfo::MaxOffset) {
+                // If the start offset is out of bounds we clear both offsets
+                // so we only get the divot marker.  Error message will have to be reduced
+                // to line and column number.
+                startOffset = 0;
+                endOffset = 0;
+            } else if (endOffset > ExpressionRangeInfo::MaxOffset) {
+                // The end offset is only used for additional context, and is much more likely
+                // to overflow (eg. function call arguments) so we are willing to drop it without
+                // dropping the rest of the range.
+                endOffset = 0;
+            }
+            
+            ExpressionRangeInfo info;
+            info.instructionOffset = instructions().size();
+            info.divotPoint = divot;
+            info.startOffset = startOffset;
+            info.endOffset = endOffset;
+            m_codeBlock->addExpressionInfo(info);
+        }
+
+        void emitGetByIdExceptionInfo(OpcodeID opcodeID)
+        {
+            // Only op_construct and op_instanceof need exception info for
+            // a preceding op_get_by_id.
+            ASSERT(opcodeID == op_construct || opcodeID == op_instanceof);
+            GetByIdExceptionInfo info;
+            info.bytecodeOffset = instructions().size();
+            info.isOpConstruct = (opcodeID == op_construct);
+            m_codeBlock->addGetByIdExceptionInfo(info);
+        }
+        
+        ALWAYS_INLINE bool leftHandSideNeedsCopy(bool rightHasAssignments, bool rightIsPure)
+        {
+            return (m_codeType != FunctionCode || m_codeBlock->needsFullScopeChain() || rightHasAssignments) && !rightIsPure;
+        }
+
+        ALWAYS_INLINE PassRefPtr<RegisterID> emitNodeForLeftHandSide(ExpressionNode* n, bool rightHasAssignments, bool rightIsPure)
+        {
+            if (leftHandSideNeedsCopy(rightHasAssignments, rightIsPure)) {
+                PassRefPtr<RegisterID> dst = newTemporary();
+                emitNode(dst.get(), n);
+                return dst;
+            }
+
+            return PassRefPtr<RegisterID>(emitNode(n));
+        }
+
+        RegisterID* emitLoad(RegisterID* dst, bool);
+        RegisterID* emitLoad(RegisterID* dst, double);
+        RegisterID* emitLoad(RegisterID* dst, const Identifier&);
+        RegisterID* emitLoad(RegisterID* dst, JSValue);
+
+        RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src);
+        RegisterID* emitBinaryOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes);
+        RegisterID* emitEqualityOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2);
+        RegisterID* emitUnaryNoDstOp(OpcodeID, RegisterID* src);
+
+        RegisterID* emitNewObject(RegisterID* dst);
+        RegisterID* emitNewArray(RegisterID* dst, ElementNode*); // stops at first elision
+
+        RegisterID* emitNewFunction(RegisterID* dst, FunctionBodyNode* body);
+        RegisterID* emitNewFunctionExpression(RegisterID* dst, FuncExprNode* func);
+        RegisterID* emitNewRegExp(RegisterID* dst, RegExp* regExp);
+
+        RegisterID* emitMove(RegisterID* dst, RegisterID* src);
+
+        RegisterID* emitToJSNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_jsnumber, dst, src); }
+        RegisterID* emitPreInc(RegisterID* srcDst);
+        RegisterID* emitPreDec(RegisterID* srcDst);
+        RegisterID* emitPostInc(RegisterID* dst, RegisterID* srcDst);
+        RegisterID* emitPostDec(RegisterID* dst, RegisterID* srcDst);
+
+        RegisterID* emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* base, RegisterID* basePrototype);
+        RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); }
+        RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) { return emitBinaryOp(op_in, dst, property, base, OperandTypes()); }
+
+        RegisterID* emitResolve(RegisterID* dst, const Identifier& property);
+        RegisterID* emitGetScopedVar(RegisterID* dst, size_t skip, int index, JSValue globalObject);
+        RegisterID* emitPutScopedVar(size_t skip, int index, RegisterID* value, JSValue globalObject);
+
+        RegisterID* emitResolveBase(RegisterID* dst, const Identifier& property);
+        RegisterID* emitResolveWithBase(RegisterID* baseDst, RegisterID* propDst, const Identifier& property);
+
+        void emitMethodCheck();
+
+        RegisterID* emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property);
+        RegisterID* emitPutById(RegisterID* base, const Identifier& property, RegisterID* value);
+        RegisterID* emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier&);
+        RegisterID* emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property);
+        RegisterID* emitPutByVal(RegisterID* base, RegisterID* property, RegisterID* value);
+        RegisterID* emitDeleteByVal(RegisterID* dst, RegisterID* base, RegisterID* property);
+        RegisterID* emitPutByIndex(RegisterID* base, unsigned index, RegisterID* value);
+        RegisterID* emitPutGetter(RegisterID* base, const Identifier& property, RegisterID* value);
+        RegisterID* emitPutSetter(RegisterID* base, const Identifier& property, RegisterID* value);
+
+        RegisterID* emitCall(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* argCount, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitLoadVarargs(RegisterID* argCountDst, RegisterID* args);
+
+        RegisterID* emitReturn(RegisterID* src);
+        RegisterID* emitEnd(RegisterID* src) { return emitUnaryNoDstOp(op_end, src); }
+
+        RegisterID* emitConstruct(RegisterID* dst, RegisterID* func, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitStrcat(RegisterID* dst, RegisterID* src, int count);
+        void emitToPrimitive(RegisterID* dst, RegisterID* src);
+
+        PassRefPtr<Label> emitLabel(Label*);
+        PassRefPtr<Label> emitJump(Label* target);
+        PassRefPtr<Label> emitJumpIfTrue(RegisterID* cond, Label* target);
+        PassRefPtr<Label> emitJumpIfFalse(RegisterID* cond, Label* target);
+        PassRefPtr<Label> emitJumpIfNotFunctionCall(RegisterID* cond, Label* target);
+        PassRefPtr<Label> emitJumpIfNotFunctionApply(RegisterID* cond, Label* target);
+        PassRefPtr<Label> emitJumpScopes(Label* target, int targetScopeDepth);
+
+        PassRefPtr<Label> emitJumpSubroutine(RegisterID* retAddrDst, Label*);
+        void emitSubroutineReturn(RegisterID* retAddrSrc);
+
+        RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base) { return emitUnaryOp(op_get_pnames, dst, base); }
+        RegisterID* emitNextPropertyName(RegisterID* dst, RegisterID* iter, Label* target);
+
+        RegisterID* emitCatch(RegisterID*, Label* start, Label* end);
+        void emitThrow(RegisterID* exc) { emitUnaryNoDstOp(op_throw, exc); }
+        RegisterID* emitNewError(RegisterID* dst, ErrorType type, JSValue message);
+        void emitPushNewScope(RegisterID* dst, const Identifier& property, RegisterID* value);
+
+        RegisterID* emitPushScope(RegisterID* scope);
+        void emitPopScope();
+
+        void emitDebugHook(DebugHookID, int firstLine, int lastLine, int column );
+
+        int scopeDepth() { return m_dynamicScopeDepth + m_finallyDepth; }
+        bool hasFinaliser() { return m_finallyDepth != 0; }
+
+        void pushFinallyContext(Label* target, RegisterID* returnAddrDst);
+        void popFinallyContext();
+
+        LabelScope* breakTarget(const Identifier&);
+        LabelScope* continueTarget(const Identifier&);
+
+        void beginSwitch(RegisterID*, SwitchInfo::SwitchType);
+        void endSwitch(uint32_t clauseCount, RefPtr<Label>*, ExpressionNode**, Label* defaultLabel, int32_t min, int32_t range);
+
+        CodeType codeType() const { return m_codeType; }
+
+        void setRegeneratingForExceptionInfo(CodeBlock* originalCodeBlock)
+        {
+            m_regeneratingForExceptionInfo = true;
+            m_codeBlockBeingRegeneratedFrom = originalCodeBlock;
+        }
+
+    private:
+        void emitOpcode(OpcodeID);
+        void retrieveLastBinaryOp(int& dstIndex, int& src1Index, int& src2Index);
+        void retrieveLastUnaryOp(int& dstIndex, int& srcIndex);
+        void rewindBinaryOp();
+        void rewindUnaryOp();
+
+        PassRefPtr<Label> emitComplexJumpScopes(Label* target, ControlFlowContext* topScope, ControlFlowContext* bottomScope);
+
+        typedef HashMap<EncodedJSValue, unsigned, EncodedJSValueHash, EncodedJSValueHashTraits> JSValueMap;
+
+        struct IdentifierMapIndexHashTraits {
+            typedef int TraitType;
+            typedef IdentifierMapIndexHashTraits StorageTraits;
+            static int emptyValue() { return std::numeric_limits<int>::max(); }
+            static const bool emptyValueIsZero = false;
+            static const bool needsDestruction = false;
+            static const bool needsRef = false;
+        };
+
+        typedef HashMap<RefPtr<UString::Rep>, int, IdentifierRepHash, HashTraits<RefPtr<UString::Rep> >, IdentifierMapIndexHashTraits> IdentifierMap;
+        typedef HashMap<double, JSValue> NumberMap;
+        typedef HashMap<UString::Rep*, JSString*, IdentifierRepHash> IdentifierStringMap;
+        
+        RegisterID* emitCall(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+        
+        RegisterID* newRegister();
+
+        // Returns the RegisterID corresponding to ident.
+        RegisterID* addVar(const Identifier& ident, bool isConstant)
+        {
+            RegisterID* local;
+            addVar(ident, isConstant, local);
+            return local;
+        }
+        // Returns true if a new RegisterID was added, false if a pre-existing RegisterID was re-used.
+        bool addVar(const Identifier&, bool isConstant, RegisterID*&);
+
+        // Returns the RegisterID corresponding to ident.
+        RegisterID* addGlobalVar(const Identifier& ident, bool isConstant)
+        {
+            RegisterID* local;
+            addGlobalVar(ident, isConstant, local);
+            return local;
+        }
+        // Returns true if a new RegisterID was added, false if a pre-existing RegisterID was re-used.
+        bool addGlobalVar(const Identifier&, bool isConstant, RegisterID*&);
+
+        RegisterID* addParameter(const Identifier&);
+        
+        void preserveLastVar();
+
+        RegisterID& registerFor(int index)
+        {
+            if (index >= 0)
+                return m_calleeRegisters[index];
+
+            if (index == RegisterFile::OptionalCalleeArguments)
+                return m_argumentsRegister;
+
+            if (m_parameters.size()) {
+                ASSERT(!m_globals.size());
+                return m_parameters[index + m_parameters.size() + RegisterFile::CallFrameHeaderSize];
+            }
+
+            return m_globals[-index - 1];
+        }
+
+        unsigned addConstant(const Identifier&);
+        RegisterID* addConstantValue(JSValue);
+        unsigned addRegExp(RegExp*);
+
+        PassRefPtr<FunctionExecutable> makeFunction(ExecState* exec, FunctionBodyNode* body)
+        {
+            return FunctionExecutable::create(exec, body->ident(), body->source(), body->usesArguments(), body->parameters(), body->lineNo(), body->lastLine());
+        }
+
+        PassRefPtr<FunctionExecutable> makeFunction(JSGlobalData* globalData, FunctionBodyNode* body)
+        {
+            return FunctionExecutable::create(globalData, body->ident(), body->source(), body->usesArguments(), body->parameters(), body->lineNo(), body->lastLine());
+        }
+
+        Vector<Instruction>& instructions() { return m_codeBlock->instructions(); }
+        SymbolTable& symbolTable() { return *m_symbolTable; }
+
+        bool shouldOptimizeLocals() { return (m_codeType != EvalCode) && !m_dynamicScopeDepth; }
+        bool canOptimizeNonLocals() { return (m_codeType == FunctionCode) && !m_dynamicScopeDepth && !m_codeBlock->usesEval(); }
+
+        RegisterID* emitThrowExpressionTooDeepException();
+
+        void createArgumentsIfNecessary();
+
+        bool m_shouldEmitDebugHooks;
+        bool m_shouldEmitProfileHooks;
+
+        const ScopeChain* m_scopeChain;
+        SymbolTable* m_symbolTable;
+
+        ScopeNode* m_scopeNode;
+        CodeBlock* m_codeBlock;
+
+        // Some of these objects keep pointers to one another. They are arranged
+        // to ensure a sane destruction order that avoids references to freed memory.
+        HashSet<RefPtr<UString::Rep>, IdentifierRepHash> m_functions;
+        RegisterID m_ignoredResultRegister;
+        RegisterID m_thisRegister;
+        RegisterID m_argumentsRegister;
+        int m_activationRegisterIndex;
+        SegmentedVector<RegisterID, 32> m_constantPoolRegisters;
+        SegmentedVector<RegisterID, 32> m_calleeRegisters;
+        SegmentedVector<RegisterID, 32> m_parameters;
+        SegmentedVector<RegisterID, 32> m_globals;
+        SegmentedVector<Label, 32> m_labels;
+        SegmentedVector<LabelScope, 8> m_labelScopes;
+        RefPtr<RegisterID> m_lastVar;
+        int m_finallyDepth;
+        int m_dynamicScopeDepth;
+        int m_baseScopeDepth;
+        CodeType m_codeType;
+
+        Vector<ControlFlowContext> m_scopeContextStack;
+        Vector<SwitchInfo> m_switchContextStack;
+
+        int m_nextGlobalIndex;
+        int m_nextParameterIndex;
+        int m_firstConstantIndex;
+        int m_nextConstantOffset;
+        unsigned m_globalConstantIndex;
+
+        int m_globalVarStorageOffset;
+
+        // Constant pool
+        IdentifierMap m_identifierMap;
+        JSValueMap m_jsValueMap;
+        NumberMap m_numberMap;
+        IdentifierStringMap m_stringMap;
+
+        JSGlobalData* m_globalData;
+
+        OpcodeID m_lastOpcodeID;
+
+        unsigned m_emitNodeDepth;
+
+        bool m_regeneratingForExceptionInfo;
+        CodeBlock* m_codeBlockBeingRegeneratedFrom;
+
+        static const unsigned s_maxEmitNodeDepth = 5000;
+    };
+
+}
+
+#endif // BytecodeGenerator_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/Label.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/Label.h
new file mode 100644
index 000000000..0b3d03824
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/Label.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Label_h
+#define Label_h
+
+#include "CodeBlock.h"
+#include "Instruction.h"
+#include <wtf/Assertions.h>
+#include <wtf/Vector.h>
+#include <limits.h>
+
+namespace JSC {
+
+    class Label {
+    public:
+        explicit Label(CodeBlock* codeBlock)
+            : m_refCount(0)
+            , m_location(invalidLocation)
+            , m_codeBlock(codeBlock)
+        {
+        }
+
+        void setLocation(unsigned location)
+        {
+            m_location = location;
+
+            unsigned size = m_unresolvedJumps.size();
+            for (unsigned i = 0; i < size; ++i) {
+                unsigned j = m_unresolvedJumps[i];
+                m_codeBlock->instructions()[j].u.operand = m_location - j;
+            }
+        }
+
+        int offsetFrom(int location) const
+        {
+            if (m_location == invalidLocation) {
+                m_unresolvedJumps.append(location);
+                return 0;
+            }
+            return m_location - location;
+        }
+
+        void ref() { ++m_refCount; }
+        void deref()
+        {
+            --m_refCount;
+            ASSERT(m_refCount >= 0);
+        }
+        int refCount() const { return m_refCount; }
+
+        bool isForward() const { return m_location == invalidLocation; }
+
+    private:
+        typedef Vector<int, 8> JumpVector;
+
+        static const unsigned invalidLocation = UINT_MAX;
+
+        int m_refCount;
+        unsigned m_location;
+        CodeBlock* m_codeBlock;
+        mutable JumpVector m_unresolvedJumps;
+    };
+
+} // namespace JSC
+
+#endif // Label_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/LabelScope.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/LabelScope.h
new file mode 100644
index 000000000..cc21fffd1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/LabelScope.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LabelScope_h
+#define LabelScope_h
+
+#include <wtf/PassRefPtr.h>
+#include "Label.h"
+
+namespace JSC {
+
+    class Identifier;
+
+    class LabelScope {
+    public:
+        enum Type { Loop, Switch, NamedLabel };
+
+        LabelScope(Type type, const Identifier* name, int scopeDepth, PassRefPtr<Label> breakTarget, PassRefPtr<Label> continueTarget)
+            : m_refCount(0)
+            , m_type(type)
+            , m_name(name)
+            , m_scopeDepth(scopeDepth)
+            , m_breakTarget(breakTarget)
+            , m_continueTarget(continueTarget)
+        {
+        }
+
+        void ref() { ++m_refCount; }
+        void deref()
+        {
+            --m_refCount;
+            ASSERT(m_refCount >= 0);
+        }
+        int refCount() const { return m_refCount; }
+
+        Label* breakTarget() const { return m_breakTarget.get(); }
+        Label* continueTarget() const { return m_continueTarget.get(); }
+
+        Type type() const { return m_type; }
+        const Identifier* name() const { return m_name; }
+        int scopeDepth() const { return m_scopeDepth; }
+
+    private:
+        int m_refCount;
+        Type m_type;
+        const Identifier* m_name;
+        int m_scopeDepth;
+        RefPtr<Label> m_breakTarget;
+        RefPtr<Label> m_continueTarget;
+    };
+
+} // namespace JSC
+
+#endif // LabelScope_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/RegisterID.h b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/RegisterID.h
new file mode 100644
index 000000000..3532ad802
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/bytecompiler/RegisterID.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef RegisterID_h
+#define RegisterID_h
+
+#include <wtf/Assertions.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/VectorTraits.h>
+
+namespace JSC {
+
+    class RegisterID : public Noncopyable {
+    public:
+        RegisterID()
+            : m_refCount(0)
+            , m_isTemporary(false)
+#ifndef NDEBUG
+            , m_didSetIndex(false)
+#endif
+        {
+        }
+
+        explicit RegisterID(int index)
+            : m_refCount(0)
+            , m_index(index)
+            , m_isTemporary(false)
+#ifndef NDEBUG
+            , m_didSetIndex(true)
+#endif
+        {
+        }
+
+        void setIndex(int index)
+        {
+            ASSERT(!m_refCount);
+#ifndef NDEBUG
+            m_didSetIndex = true;
+#endif
+            m_index = index;
+        }
+
+        void setTemporary()
+        {
+            m_isTemporary = true;
+        }
+
+        int index() const
+        {
+            ASSERT(m_didSetIndex);
+            return m_index;
+        }
+
+        bool isTemporary()
+        {
+            return m_isTemporary;
+        }
+
+        void ref()
+        {
+            ++m_refCount;
+        }
+
+        void deref()
+        {
+            --m_refCount;
+            ASSERT(m_refCount >= 0);
+        }
+
+        int refCount() const
+        {
+            return m_refCount;
+        }
+
+    private:
+
+        int m_refCount;
+        int m_index;
+        bool m_isTemporary;
+#ifndef NDEBUG
+        bool m_didSetIndex;
+#endif
+    };
+
+} // namespace JSC
+
+namespace WTF {
+
+    template<> struct VectorTraits<JSC::RegisterID> : VectorTraitsBase<true, JSC::RegisterID> {
+        static const bool needsInitialization = true;
+        static const bool canInitializeWithMemset = true; // Default initialization just sets everything to 0 or false, so this is safe.
+    };
+
+} // namespace WTF
+
+#endif // RegisterID_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/config.h b/src/3rdparty/javascriptcore/JavaScriptCore/config.h
new file mode 100644
index 000000000..5e702656e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/config.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2006 Samuel Weinig <sam.weinig@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#if defined(HAVE_CONFIG_H) && HAVE_CONFIG_H
+#include "autotoolsconfig.h"
+#endif
+
+#include <wtf/Platform.h>
+
+#if !defined(JS_EXPORTDATA)
+#if PLATFORM(WIN_OS) && !defined(BUILDING_WX__) && !COMPILER(GCC)
+#if defined(BUILDING_JavaScriptCore) || defined(BUILDING_WTF)
+#define JS_EXPORTDATA __declspec(dllexport)
+#else
+#define JS_EXPORTDATA __declspec(dllimport)
+#endif
+#else
+#define JS_EXPORTDATA
+#endif
+#endif
+
+#if PLATFORM(WIN_OS)
+
+// If we don't define these, they get defined in windef.h. 
+// We want to use std::min and std::max
+#define max max
+#define min min
+
+#if !COMPILER(MSVC7) && !PLATFORM(WINCE)
+// We need to define this before the first #include of stdlib.h or it won't contain rand_s.
+#ifndef _CRT_RAND_S
+#define _CRT_RAND_S
+#endif
+#endif
+
+#endif
+
+#if PLATFORM(FREEBSD) || PLATFORM(OPENBSD)
+#define HAVE_PTHREAD_NP_H 1
+#endif
+
+/* FIXME: if all platforms have these, do they really need #defines? */
+#define HAVE_STDINT_H 1
+#define HAVE_STRING_H 1
+
+#define WTF_CHANGES 1
+
+#ifdef __cplusplus
+#undef new
+#undef delete
+#include <wtf/FastMalloc.h>
+#endif
+
+// this breaks compilation of <QFontDatabase>, at least, so turn it off for now
+// Also generates errors on wx on Windows, because these functions
+// are used from wx headers. 
+#if !PLATFORM(QT) && !PLATFORM(WX)
+#include <wtf/DisallowCType.h>
+#endif
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/create_hash_table b/src/3rdparty/javascriptcore/JavaScriptCore/create_hash_table
new file mode 100755
index 000000000..4184500ed
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/create_hash_table
@@ -0,0 +1,274 @@
+#! /usr/bin/perl -w
+#
+# Static Hashtable Generator
+#
+# (c) 2000-2002 by Harri Porten <porten@kde.org> and
+#                  David Faure <faure@kde.org>
+# Modified (c) 2004 by Nikolas Zimmermann <wildfox@kde.org>
+# Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+use strict;
+
+my $file = $ARGV[0];
+shift;
+my $includelookup = 0;
+
+# Use -i as second argument to make it include "Lookup.h"
+$includelookup = 1 if (defined($ARGV[0]) && $ARGV[0] eq "-i");
+
+# Use -n as second argument to make it use the third argument as namespace parameter ie. -n KDOM
+my $useNameSpace = $ARGV[1] if (defined($ARGV[0]) && $ARGV[0] eq "-n");
+
+print STDERR "Creating hashtable for $file\n";
+open(IN, $file) or die "No such file $file";
+
+my @keys = ();
+my @attrs = ();
+my @values = ();
+my @hashes = ();
+
+my $inside = 0;
+my $name;
+my $pefectHashSize;
+my $compactSize;
+my $compactHashSizeMask;
+my $banner = 0;
+sub calcPerfectHashSize();
+sub calcCompactHashSize();
+sub output();
+sub jsc_ucfirst($);
+sub hashValue($);
+
+while (<IN>) {
+    chomp;
+    s/^\s+//;
+    next if /^\#|^$/; # Comment or blank line. Do nothing.
+    if (/^\@begin/ && !$inside) {
+        if (/^\@begin\s*([:_\w]+)\s*\d*\s*$/) {
+            $inside = 1;
+            $name = $1;
+        } else {
+            print STDERR "WARNING: \@begin without table name, skipping $_\n";
+        }
+    } elsif (/^\@end\s*$/ && $inside) {
+        calcPerfectHashSize();
+        calcCompactHashSize();
+        output();
+
+        @keys = ();
+        @attrs = ();
+        @values = ();
+        @hashes = ();
+
+        $inside = 0;
+    } elsif (/^(\S+)\s*(\S+)\s*([\w\|]*)\s*(\w*)\s*$/ && $inside) {
+        my $key = $1;
+        my $val = $2;
+        my $att = $3;
+        my $param = $4;
+
+        push(@keys, $key);
+        push(@attrs, length($att) > 0 ? $att : "0");
+
+        if ($att =~ m/Function/) {
+            push(@values, { "type" => "Function", "function" => $val, "params" => (length($param) ? $param : "") });
+            #printf STDERR "WARNING: Number of arguments missing for $key/$val\n" if (length($param) == 0);
+        } elsif (length($att)) {
+            my $get = $val;
+            my $put = !($att =~ m/ReadOnly/) ? "set" . jsc_ucfirst($val) : "0";
+            push(@values, { "type" => "Property", "get" => $get, "put" => $put });
+        } else {
+            push(@values, { "type" => "Lexer", "value" => $val });        
+        }
+        push(@hashes, hashValue($key));
+    } elsif ($inside) {
+        die "invalid data {" . $_ . "}";
+    }
+}
+
+die "missing closing \@end" if ($inside);
+
+sub jsc_ucfirst($)
+{
+    my ($value) = @_;
+
+    if ($value =~ /js/) {
+        $value =~ s/js/JS/;
+        return $value;
+    }
+
+    return ucfirst($value);
+}
+
+
+sub ceilingToPowerOf2
+{
+    my ($pefectHashSize) = @_;
+
+    my $powerOf2 = 1;
+    while ($pefectHashSize > $powerOf2) {
+        $powerOf2 <<= 1;
+    }
+
+    return $powerOf2;
+}
+
+sub calcPerfectHashSize()
+{
+tableSizeLoop:
+    for ($pefectHashSize = ceilingToPowerOf2(scalar @keys); ; $pefectHashSize += $pefectHashSize) {
+        my @table = ();
+        foreach my $key (@keys) {
+            my $h = hashValue($key) % $pefectHashSize;
+            next tableSizeLoop if $table[$h];
+            $table[$h] = 1;
+        }
+        last;
+    }
+}
+
+sub leftShift($$) {
+    my ($value, $distance) = @_;
+    return (($value << $distance) & 0xFFFFFFFF);
+}
+
+sub calcCompactHashSize()
+{
+    my @table = ();
+    my @links = ();
+    my $compactHashSize = ceilingToPowerOf2(2 * @keys);
+    $compactHashSizeMask = $compactHashSize - 1;
+    $compactSize = $compactHashSize;
+    my $collisions = 0;
+    my $maxdepth = 0;
+    my $i = 0;
+    foreach my $key (@keys) {
+        my $depth = 0;
+        my $h = hashValue($key) % $compactHashSize;
+        while (defined($table[$h])) {
+            if (defined($links[$h])) {
+                $h = $links[$h];
+                $depth++;
+            } else {
+                $collisions++;
+                $links[$h] = $compactSize;
+                $h = $compactSize;
+                $compactSize++;
+            }
+        }
+        $table[$h] = $i;
+        $i++;
+        $maxdepth = $depth if ( $depth > $maxdepth);
+    }
+}
+
+# Paul Hsieh's SuperFastHash
+# http://www.azillionmonkeys.com/qed/hash.html
+# Ported from UString..
+sub hashValue($) {
+  my @chars = split(/ */, $_[0]);
+
+  # This hash is designed to work on 16-bit chunks at a time. But since the normal case
+  # (above) is to hash UTF-16 characters, we just treat the 8-bit chars as if they
+  # were 16-bit chunks, which should give matching results
+
+  my $EXP2_32 = 4294967296;
+
+  my $hash = 0x9e3779b9;
+  my $l    = scalar @chars; #I wish this was in Ruby --- Maks
+  my $rem  = $l & 1;
+  $l = $l >> 1;
+
+  my $s = 0;
+
+  # Main loop
+  for (; $l > 0; $l--) {
+    $hash   += ord($chars[$s]);
+    my $tmp = leftShift(ord($chars[$s+1]), 11) ^ $hash;
+    $hash   = (leftShift($hash, 16)% $EXP2_32) ^ $tmp;
+    $s += 2;
+    $hash += $hash >> 11;
+    $hash %= $EXP2_32;
+  }
+
+  # Handle end case
+  if ($rem !=0) {
+    $hash += ord($chars[$s]);
+    $hash ^= (leftShift($hash, 11)% $EXP2_32);
+    $hash += $hash >> 17;
+  }
+
+  # Force "avalanching" of final 127 bits
+  $hash ^= leftShift($hash, 3);
+  $hash += ($hash >> 5);
+  $hash = ($hash% $EXP2_32);
+  $hash ^= (leftShift($hash, 2)% $EXP2_32);
+  $hash += ($hash >> 15);
+  $hash = $hash% $EXP2_32;
+  $hash ^= (leftShift($hash, 10)% $EXP2_32);
+  
+  # this avoids ever returning a hash code of 0, since that is used to
+  # signal "hash not computed yet", using a value that is likely to be
+  # effectively the same as 0 when the low bits are masked
+  $hash = 0x80000000  if ($hash == 0);
+
+  return $hash;
+}
+
+sub output() {
+    if (!$banner) {
+        $banner = 1;
+        print "// Automatically generated from $file using $0. DO NOT EDIT!\n";
+    }
+
+    my $nameEntries = "${name}Values";
+    $nameEntries =~ s/:/_/g;
+
+    print "\n#include \"Lookup.h\"\n" if ($includelookup);
+    if ($useNameSpace) {
+        print "\nnamespace ${useNameSpace} {\n";
+        print "\nusing namespace JSC;\n";
+    } else {
+        print "\nnamespace JSC {\n";
+    }
+    my $count = scalar @keys + 1;
+    print "\nstatic const struct HashTableValue ${nameEntries}\[$count\] = {\n";
+    my $i = 0;
+    foreach my $key (@keys) {
+        my $firstValue = "";
+        my $secondValue = "";
+
+        if ($values[$i]{"type"} eq "Function") {
+            $firstValue = $values[$i]{"function"};
+            $secondValue = $values[$i]{"params"};
+        } elsif ($values[$i]{"type"} eq "Property") {
+            $firstValue = $values[$i]{"get"};
+            $secondValue = $values[$i]{"put"};
+        } elsif ($values[$i]{"type"} eq "Lexer") {
+            $firstValue = $values[$i]{"value"};
+            $secondValue = "0";
+        }
+        print "   { \"$key\", $attrs[$i], (intptr_t)$firstValue, (intptr_t)$secondValue },\n";
+        $i++;
+    }
+    print "   { 0, 0, 0, 0 }\n";
+    print "};\n\n";
+    print "extern JSC_CONST_HASHTABLE HashTable $name =\n";
+    print "    \{ $compactSize, $compactHashSizeMask, $nameEntries, 0 \};\n";
+    print "} // namespace\n";
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.cpp
new file mode 100644
index 000000000..db0232991
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.cpp
@@ -0,0 +1,111 @@
+/*
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "Debugger.h"
+
+#include "CollectorHeapIterator.h"
+#include "Error.h"
+#include "Interpreter.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "Parser.h"
+#include "Protect.h"
+
+namespace JSC {
+
+Debugger::~Debugger()
+{
+    HashSet<JSGlobalObject*>::iterator end = m_globalObjects.end();
+    for (HashSet<JSGlobalObject*>::iterator it = m_globalObjects.begin(); it != end; ++it)
+        (*it)->setDebugger(0);
+}
+
+void Debugger::attach(JSGlobalObject* globalObject)
+{
+    ASSERT(!globalObject->debugger());
+    globalObject->setDebugger(this);
+    m_globalObjects.add(globalObject);
+}
+
+void Debugger::detach(JSGlobalObject* globalObject)
+{
+    ASSERT(m_globalObjects.contains(globalObject));
+    m_globalObjects.remove(globalObject);
+    globalObject->setDebugger(0);
+}
+
+void Debugger::recompileAllJSFunctions(JSGlobalData* globalData)
+{
+    // If JavaScript is running, it's not safe to recompile, since we'll end
+    // up throwing away code that is live on the stack.
+    ASSERT(!globalData->dynamicGlobalObject);
+    if (globalData->dynamicGlobalObject)
+        return;
+
+    typedef HashSet<FunctionExecutable*> FunctionExecutableSet;
+    typedef HashMap<SourceProvider*, ExecState*> SourceProviderMap;
+
+    FunctionExecutableSet functionExecutables;
+    SourceProviderMap sourceProviders;
+
+    Heap::iterator heapEnd = globalData->heap.primaryHeapEnd();
+    for (Heap::iterator it = globalData->heap.primaryHeapBegin(); it != heapEnd; ++it) {
+        if (!(*it)->inherits(&JSFunction::info))
+            continue;
+
+        JSFunction* function = asFunction(*it);
+        if (function->executable()->isHostFunction())
+            continue;
+
+        FunctionExecutable* executable = function->jsExecutable();
+
+        // Check if the function is already in the set - if so,
+        // we've already retranslated it, nothing to do here.
+        if (!functionExecutables.add(executable).second)
+            continue;
+
+        ExecState* exec = function->scope().globalObject()->JSGlobalObject::globalExec();
+        executable->recompile(exec);
+        if (function->scope().globalObject()->debugger() == this)
+            sourceProviders.add(executable->source().provider(), exec);
+    }
+
+    // Call sourceParsed() after reparsing all functions because it will execute
+    // JavaScript in the inspector.
+    SourceProviderMap::const_iterator end = sourceProviders.end();
+    for (SourceProviderMap::const_iterator iter = sourceProviders.begin(); iter != end; ++iter)
+        sourceParsed(iter->second, SourceCode(iter->first), -1, 0);
+}
+
+JSValue evaluateInGlobalCallFrame(const UString& script, JSValue& exception, JSGlobalObject* globalObject)
+{
+    CallFrame* globalCallFrame = globalObject->globalExec();
+
+    EvalExecutable eval(globalCallFrame, makeSource(script));
+    JSObject* error = eval.compile(globalCallFrame, globalCallFrame->scopeChain());
+    if (error)
+        return error;
+
+    return globalObject->globalData()->interpreter->execute(&eval, globalCallFrame, globalObject, globalCallFrame->scopeChain(), &exception);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.h b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.h
new file mode 100644
index 000000000..811818d5d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/Debugger.h
@@ -0,0 +1,113 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef Debugger_h
+#define Debugger_h
+
+#include <debugger/DebuggerCallFrame.h>
+#include <wtf/HashSet.h>
+
+namespace JSC {
+
+    class ExecState;
+    class JSGlobalData;
+    class JSGlobalObject;
+    class JSValue;
+    class SourceCode;
+    class UString;
+
+    class Debugger {
+    public:
+        virtual ~Debugger();
+
+        void attach(JSGlobalObject*);
+        virtual void detach(JSGlobalObject*);
+
+#if PLATFORM(QT)
+#ifdef QT_BUILD_SCRIPT_LIB
+        virtual void scriptUnload(QT_PREPEND_NAMESPACE(qint64) id)
+        {
+            UNUSED_PARAM(id);
+        };
+        virtual void scriptLoad(QT_PREPEND_NAMESPACE(qint64) id,
+                            const UString &program,
+                            const UString &fileName, int baseLineNumber)
+        {
+            UNUSED_PARAM(id);
+            UNUSED_PARAM(program);
+            UNUSED_PARAM(fileName);
+            UNUSED_PARAM(baseLineNumber);
+        };
+        virtual void contextPush() {};
+        virtual void contextPop() {};
+
+        virtual void evaluateStart(intptr_t sourceID)
+        {
+            UNUSED_PARAM(sourceID);
+        }
+        virtual void evaluateStop(const JSC::JSValue& returnValue, intptr_t sourceID)
+        {
+            UNUSED_PARAM(sourceID);
+            UNUSED_PARAM(returnValue);
+        }
+
+        virtual void exceptionThrow(const JSC::DebuggerCallFrame& frame, intptr_t sourceID, bool hasHandler)
+        {
+            UNUSED_PARAM(frame);
+            UNUSED_PARAM(sourceID);
+            UNUSED_PARAM(hasHandler);
+        };
+        virtual void exceptionCatch(const JSC::DebuggerCallFrame& frame, intptr_t sourceID)
+        {
+            UNUSED_PARAM(frame);
+            UNUSED_PARAM(sourceID);
+        };
+
+        virtual void functionExit(const JSC::JSValue& returnValue, intptr_t sourceID)
+        {
+            UNUSED_PARAM(returnValue);
+            UNUSED_PARAM(sourceID);
+        };
+#endif
+#endif
+
+        virtual void sourceParsed(ExecState*, const SourceCode&, int errorLineNumber, const UString& errorMessage) = 0;
+        virtual void exception(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber) = 0;
+        virtual void atStatement(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber, int column) = 0;
+        virtual void callEvent(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber) = 0;
+        virtual void returnEvent(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber) = 0;
+
+        virtual void willExecuteProgram(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber) = 0;
+        virtual void didExecuteProgram(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber) = 0;
+        virtual void didReachBreakpoint(const DebuggerCallFrame&, intptr_t sourceID, int lineNumber, int column) = 0;
+
+        void recompileAllJSFunctions(JSGlobalData*);
+
+    private:
+        HashSet<JSGlobalObject*> m_globalObjects;
+    };
+
+    // This function exists only for backwards compatibility with existing WebScriptDebugger clients.
+    JSValue evaluateInGlobalCallFrame(const UString&, JSValue& exception, JSGlobalObject*);
+
+} // namespace JSC
+
+#endif // Debugger_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.cpp
new file mode 100644
index 000000000..fa41374fb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.cpp
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "DebuggerActivation.h"
+
+#include "JSActivation.h"
+
+namespace JSC {
+
+DebuggerActivation::DebuggerActivation(JSObject* activation)
+    : JSObject(DebuggerActivation::createStructure(jsNull()))
+{
+    ASSERT(activation);
+    ASSERT(activation->isActivationObject());
+    m_activation = static_cast<JSActivation*>(activation);
+}
+
+void DebuggerActivation::markChildren(MarkStack& markStack)
+{
+    JSObject::markChildren(markStack);
+
+    if (m_activation)
+        markStack.append(m_activation);
+}
+
+UString DebuggerActivation::className() const
+{
+    return m_activation->className();
+}
+
+bool DebuggerActivation::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return m_activation->getOwnPropertySlot(exec, propertyName, slot);
+}
+
+void DebuggerActivation::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    m_activation->put(exec, propertyName, value, slot);
+}
+
+void DebuggerActivation::putWithAttributes(ExecState* exec, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    m_activation->putWithAttributes(exec, propertyName, value, attributes);
+}
+
+bool DebuggerActivation::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    return m_activation->deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+void DebuggerActivation::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    m_activation->getPropertyNames(exec, propertyNames);
+}
+
+bool DebuggerActivation::getPropertyAttributes(JSC::ExecState* exec, const Identifier& propertyName, unsigned& attributes) const
+{
+    return m_activation->getPropertyAttributes(exec, propertyName, attributes);
+}
+
+void DebuggerActivation::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes)
+{
+    m_activation->defineGetter(exec, propertyName, getterFunction, attributes);
+}
+
+void DebuggerActivation::defineSetter(ExecState* exec, const Identifier& propertyName, JSObject* setterFunction, unsigned attributes)
+{
+    m_activation->defineSetter(exec, propertyName, setterFunction, attributes);
+}
+
+JSValue DebuggerActivation::lookupGetter(ExecState* exec, const Identifier& propertyName)
+{
+    return m_activation->lookupGetter(exec, propertyName);
+}
+
+JSValue DebuggerActivation::lookupSetter(ExecState* exec, const Identifier& propertyName)
+{
+    return m_activation->lookupSetter(exec, propertyName);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.h b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.h
new file mode 100644
index 000000000..9bb1acd28
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerActivation.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef DebuggerActivation_h
+#define DebuggerActivation_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class JSActivation;
+
+    class DebuggerActivation : public JSObject {
+    public:
+        DebuggerActivation(JSObject*);
+
+        virtual void markChildren(MarkStack&);
+        virtual UString className() const;
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual void putWithAttributes(ExecState*, const Identifier& propertyName, JSValue, unsigned attributes);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+        virtual bool getPropertyAttributes(ExecState*, const Identifier& propertyName, unsigned& attributes) const;
+        virtual void defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes);
+        virtual void defineSetter(ExecState*, const Identifier& propertyName, JSObject* setterFunction, unsigned attributes);
+        virtual JSValue lookupGetter(ExecState*, const Identifier& propertyName);
+        virtual JSValue lookupSetter(ExecState*, const Identifier& propertyName);
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype) 
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasDefaultGetPropertyNames)); 
+        }
+
+    private:
+        JSActivation* m_activation;
+    };
+
+} // namespace JSC
+
+#endif // DebuggerActivation_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.cpp
new file mode 100644
index 000000000..88b14e6b0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.cpp
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DebuggerCallFrame.h"
+
+#include "JSFunction.h"
+#include "CodeBlock.h"
+#include "Interpreter.h"
+#include "Parser.h"
+
+namespace JSC {
+
+const UString* DebuggerCallFrame::functionName() const
+{
+    if (!m_callFrame->codeBlock())
+        return 0;
+
+    JSFunction* function = asFunction(m_callFrame->callee());
+    if (!function)
+        return 0;
+    return &function->name(&m_callFrame->globalData());
+}
+    
+UString DebuggerCallFrame::calculatedFunctionName() const
+{
+    if (!m_callFrame->codeBlock())
+        return 0;
+    
+    JSFunction* function = asFunction(m_callFrame->callee());
+    if (!function)
+        return 0;
+    return function->calculatedDisplayName(&m_callFrame->globalData());
+}
+
+DebuggerCallFrame::Type DebuggerCallFrame::type() const
+{
+    if (m_callFrame->callee())
+        return FunctionType;
+
+    return ProgramType;
+}
+
+JSObject* DebuggerCallFrame::thisObject() const
+{
+    if (!m_callFrame->codeBlock())
+        return 0;
+
+    return asObject(m_callFrame->thisValue());
+}
+
+JSValue DebuggerCallFrame::evaluate(const UString& script, JSValue& exception) const
+{
+    if (!m_callFrame->codeBlock())
+        return JSValue();
+
+    EvalExecutable eval(m_callFrame, makeSource(script));
+    JSObject* error = eval.compile(m_callFrame, m_callFrame->scopeChain());
+    if (error)
+        return error;
+
+    return m_callFrame->scopeChain()->globalData->interpreter->execute(&eval, m_callFrame, thisObject(), m_callFrame->scopeChain(), &exception);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.h b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.h
new file mode 100644
index 000000000..5984fabed
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/debugger/DebuggerCallFrame.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#ifndef DebuggerCallFrame_h
+#define DebuggerCallFrame_h
+
+#include "CallFrame.h"
+
+namespace JSC {
+    
+    class DebuggerCallFrame {
+    public:
+        enum Type { ProgramType, FunctionType };
+
+        DebuggerCallFrame(CallFrame* callFrame)
+            : m_callFrame(callFrame)
+        {
+        }
+
+        DebuggerCallFrame(CallFrame* callFrame, JSValue exception)
+            : m_callFrame(callFrame)
+            , m_exception(exception)
+        {
+        }
+
+        JSGlobalObject* dynamicGlobalObject() const { return m_callFrame->dynamicGlobalObject(); }
+        const ScopeChainNode* scopeChain() const { return m_callFrame->scopeChain(); }
+        const UString* functionName() const;
+        UString calculatedFunctionName() const;
+        Type type() const;
+        JSObject* thisObject() const;
+        JSValue evaluate(const UString&, JSValue& exception) const;
+        JSValue exception() const { return m_exception; }
+#if QT_BUILD_SCRIPT_LIB
+        CallFrame* callFrame() const { return m_callFrame; }
+#endif
+
+    private:
+        CallFrame* m_callFrame;
+        JSValue m_exception;
+    };
+
+} // namespace JSC
+
+#endif // DebuggerCallFrame_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/docs/make-bytecode-docs.pl b/src/3rdparty/javascriptcore/JavaScriptCore/docs/make-bytecode-docs.pl
new file mode 100755
index 000000000..9494d1b1e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/docs/make-bytecode-docs.pl
@@ -0,0 +1,42 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+open MACHINE, "<" . $ARGV[0];
+open OUTPUT, ">" . $ARGV[1];
+
+my @undocumented = ();
+
+print OUTPUT "<style>p code \{ font-size: 14px; \}</style>\n";
+
+while (<MACHINE>) {
+    if (/^ *DEFINE_OPCODE/) {
+        chomp;
+        s/^ *DEFINE_OPCODE\(op_//;
+        s/\).*$//;
+        my $opcode = $_;
+        $_ = <MACHINE>;
+        chomp;
+        if (m|/\* |) {
+            my $format = $_;
+            $format =~ s|.* /\* ||;
+            my $doc = "";
+            while (<MACHINE>) {
+                if (m|\*/|) {
+                    last;
+                }
+                $doc .= $_ . " ";
+            }
+
+            print OUTPUT "<h2><code>${opcode}</code></h2>\n<p><b>Format: </b><code>\n${format}\n</code></p>\n<p>\n${doc}\n</p>\n";
+        } else {
+            push @undocumented, $opcode;
+        }
+    }
+}
+
+close OUTPUT;
+
+for my $undoc (@undocumented) {
+    print "UNDOCUMENTED: ${undoc}\n";
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/ArrayPrototype.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/ArrayPrototype.lut.h
new file mode 100644
index 000000000..5732add97
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/ArrayPrototype.lut.h
@@ -0,0 +1,34 @@
+// Automatically generated from ../runtime/ArrayPrototype.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue arrayTableValues[22] = {
+   { "toString", DontEnum|Function, (intptr_t)arrayProtoFuncToString, (intptr_t)0 },
+   { "toLocaleString", DontEnum|Function, (intptr_t)arrayProtoFuncToLocaleString, (intptr_t)0 },
+   { "concat", DontEnum|Function, (intptr_t)arrayProtoFuncConcat, (intptr_t)1 },
+   { "join", DontEnum|Function, (intptr_t)arrayProtoFuncJoin, (intptr_t)1 },
+   { "pop", DontEnum|Function, (intptr_t)arrayProtoFuncPop, (intptr_t)0 },
+   { "push", DontEnum|Function, (intptr_t)arrayProtoFuncPush, (intptr_t)1 },
+   { "reverse", DontEnum|Function, (intptr_t)arrayProtoFuncReverse, (intptr_t)0 },
+   { "shift", DontEnum|Function, (intptr_t)arrayProtoFuncShift, (intptr_t)0 },
+   { "slice", DontEnum|Function, (intptr_t)arrayProtoFuncSlice, (intptr_t)2 },
+   { "sort", DontEnum|Function, (intptr_t)arrayProtoFuncSort, (intptr_t)1 },
+   { "splice", DontEnum|Function, (intptr_t)arrayProtoFuncSplice, (intptr_t)2 },
+   { "unshift", DontEnum|Function, (intptr_t)arrayProtoFuncUnShift, (intptr_t)1 },
+   { "every", DontEnum|Function, (intptr_t)arrayProtoFuncEvery, (intptr_t)1 },
+   { "forEach", DontEnum|Function, (intptr_t)arrayProtoFuncForEach, (intptr_t)1 },
+   { "some", DontEnum|Function, (intptr_t)arrayProtoFuncSome, (intptr_t)1 },
+   { "indexOf", DontEnum|Function, (intptr_t)arrayProtoFuncIndexOf, (intptr_t)1 },
+   { "lastIndexOf", DontEnum|Function, (intptr_t)arrayProtoFuncLastIndexOf, (intptr_t)1 },
+   { "filter", DontEnum|Function, (intptr_t)arrayProtoFuncFilter, (intptr_t)1 },
+   { "reduce", DontEnum|Function, (intptr_t)arrayProtoFuncReduce, (intptr_t)1 },
+   { "reduceRight", DontEnum|Function, (intptr_t)arrayProtoFuncReduceRight, (intptr_t)1 },
+   { "map", DontEnum|Function, (intptr_t)arrayProtoFuncMap, (intptr_t)1 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable arrayTable =
+    { 65, 63, arrayTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/DatePrototype.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/DatePrototype.lut.h
new file mode 100644
index 000000000..8b1c7350c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/DatePrototype.lut.h
@@ -0,0 +1,59 @@
+// Automatically generated from ../runtime/DatePrototype.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue dateTableValues[47] = {
+   { "toString", DontEnum|Function, (intptr_t)dateProtoFuncToString, (intptr_t)0 },
+   { "toISOString", DontEnum|Function, (intptr_t)dateProtoFuncToISOString, (intptr_t)0 },
+   { "toUTCString", DontEnum|Function, (intptr_t)dateProtoFuncToUTCString, (intptr_t)0 },
+   { "toDateString", DontEnum|Function, (intptr_t)dateProtoFuncToDateString, (intptr_t)0 },
+   { "toTimeString", DontEnum|Function, (intptr_t)dateProtoFuncToTimeString, (intptr_t)0 },
+   { "toLocaleString", DontEnum|Function, (intptr_t)dateProtoFuncToLocaleString, (intptr_t)0 },
+   { "toLocaleDateString", DontEnum|Function, (intptr_t)dateProtoFuncToLocaleDateString, (intptr_t)0 },
+   { "toLocaleTimeString", DontEnum|Function, (intptr_t)dateProtoFuncToLocaleTimeString, (intptr_t)0 },
+   { "valueOf", DontEnum|Function, (intptr_t)dateProtoFuncGetTime, (intptr_t)0 },
+   { "getTime", DontEnum|Function, (intptr_t)dateProtoFuncGetTime, (intptr_t)0 },
+   { "getFullYear", DontEnum|Function, (intptr_t)dateProtoFuncGetFullYear, (intptr_t)0 },
+   { "getUTCFullYear", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCFullYear, (intptr_t)0 },
+   { "toGMTString", DontEnum|Function, (intptr_t)dateProtoFuncToGMTString, (intptr_t)0 },
+   { "getMonth", DontEnum|Function, (intptr_t)dateProtoFuncGetMonth, (intptr_t)0 },
+   { "getUTCMonth", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCMonth, (intptr_t)0 },
+   { "getDate", DontEnum|Function, (intptr_t)dateProtoFuncGetDate, (intptr_t)0 },
+   { "getUTCDate", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCDate, (intptr_t)0 },
+   { "getDay", DontEnum|Function, (intptr_t)dateProtoFuncGetDay, (intptr_t)0 },
+   { "getUTCDay", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCDay, (intptr_t)0 },
+   { "getHours", DontEnum|Function, (intptr_t)dateProtoFuncGetHours, (intptr_t)0 },
+   { "getUTCHours", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCHours, (intptr_t)0 },
+   { "getMinutes", DontEnum|Function, (intptr_t)dateProtoFuncGetMinutes, (intptr_t)0 },
+   { "getUTCMinutes", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCMinutes, (intptr_t)0 },
+   { "getSeconds", DontEnum|Function, (intptr_t)dateProtoFuncGetSeconds, (intptr_t)0 },
+   { "getUTCSeconds", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCSeconds, (intptr_t)0 },
+   { "getMilliseconds", DontEnum|Function, (intptr_t)dateProtoFuncGetMilliSeconds, (intptr_t)0 },
+   { "getUTCMilliseconds", DontEnum|Function, (intptr_t)dateProtoFuncGetUTCMilliseconds, (intptr_t)0 },
+   { "getTimezoneOffset", DontEnum|Function, (intptr_t)dateProtoFuncGetTimezoneOffset, (intptr_t)0 },
+   { "setTime", DontEnum|Function, (intptr_t)dateProtoFuncSetTime, (intptr_t)1 },
+   { "setMilliseconds", DontEnum|Function, (intptr_t)dateProtoFuncSetMilliSeconds, (intptr_t)1 },
+   { "setUTCMilliseconds", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCMilliseconds, (intptr_t)1 },
+   { "setSeconds", DontEnum|Function, (intptr_t)dateProtoFuncSetSeconds, (intptr_t)2 },
+   { "setUTCSeconds", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCSeconds, (intptr_t)2 },
+   { "setMinutes", DontEnum|Function, (intptr_t)dateProtoFuncSetMinutes, (intptr_t)3 },
+   { "setUTCMinutes", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCMinutes, (intptr_t)3 },
+   { "setHours", DontEnum|Function, (intptr_t)dateProtoFuncSetHours, (intptr_t)4 },
+   { "setUTCHours", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCHours, (intptr_t)4 },
+   { "setDate", DontEnum|Function, (intptr_t)dateProtoFuncSetDate, (intptr_t)1 },
+   { "setUTCDate", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCDate, (intptr_t)1 },
+   { "setMonth", DontEnum|Function, (intptr_t)dateProtoFuncSetMonth, (intptr_t)2 },
+   { "setUTCMonth", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCMonth, (intptr_t)2 },
+   { "setFullYear", DontEnum|Function, (intptr_t)dateProtoFuncSetFullYear, (intptr_t)3 },
+   { "setUTCFullYear", DontEnum|Function, (intptr_t)dateProtoFuncSetUTCFullYear, (intptr_t)3 },
+   { "setYear", DontEnum|Function, (intptr_t)dateProtoFuncSetYear, (intptr_t)1 },
+   { "getYear", DontEnum|Function, (intptr_t)dateProtoFuncGetYear, (intptr_t)0 },
+   { "toJSON", DontEnum|Function, (intptr_t)dateProtoFuncToJSON, (intptr_t)0 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable dateTable =
+    { 134, 127, dateTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.cpp
new file mode 100644
index 000000000..f1fa70860
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.cpp
@@ -0,0 +1,5123 @@
+/* A Bison parser, made by GNU Bison 2.3.  */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+   Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.  */
+
+/* As a special exception, you may create a larger work that contains
+   part or all of the Bison parser skeleton and distribute that work
+   under terms of your choice, so long as that work isn't itself a
+   parser generator using the skeleton or a modified version thereof
+   as a parser skeleton.  Alternatively, if you modify or redistribute
+   the parser skeleton itself, you may (at your option) remove this
+   special exception, which will cause the skeleton and the resulting
+   Bison output files to be licensed under the GNU General Public
+   License without this special exception.
+
+   This special exception was added by the Free Software Foundation in
+   version 2.2 of Bison.  */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+   simplifying the original so-called "semantic" parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Bison version.  */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 1
+
+/* Using locations.  */
+#define YYLSP_NEEDED 1
+
+/* Substitute the variable and function names.  */
+#define yyparse jscyyparse
+#define yylex   jscyylex
+#define yyerror jscyyerror
+#define yylval  jscyylval
+#define yychar  jscyychar
+#define yydebug jscyydebug
+#define yynerrs jscyynerrs
+#define yylloc jscyylloc
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     NULLTOKEN = 258,
+     TRUETOKEN = 259,
+     FALSETOKEN = 260,
+     BREAK = 261,
+     CASE = 262,
+     DEFAULT = 263,
+     FOR = 264,
+     NEW = 265,
+     VAR = 266,
+     CONSTTOKEN = 267,
+     CONTINUE = 268,
+     FUNCTION = 269,
+     RETURN = 270,
+     VOIDTOKEN = 271,
+     DELETETOKEN = 272,
+     IF = 273,
+     THISTOKEN = 274,
+     DO = 275,
+     WHILE = 276,
+     INTOKEN = 277,
+     INSTANCEOF = 278,
+     TYPEOF = 279,
+     SWITCH = 280,
+     WITH = 281,
+     RESERVED = 282,
+     THROW = 283,
+     TRY = 284,
+     CATCH = 285,
+     FINALLY = 286,
+     DEBUGGER = 287,
+     IF_WITHOUT_ELSE = 288,
+     ELSE = 289,
+     EQEQ = 290,
+     NE = 291,
+     STREQ = 292,
+     STRNEQ = 293,
+     LE = 294,
+     GE = 295,
+     OR = 296,
+     AND = 297,
+     PLUSPLUS = 298,
+     MINUSMINUS = 299,
+     LSHIFT = 300,
+     RSHIFT = 301,
+     URSHIFT = 302,
+     PLUSEQUAL = 303,
+     MINUSEQUAL = 304,
+     MULTEQUAL = 305,
+     DIVEQUAL = 306,
+     LSHIFTEQUAL = 307,
+     RSHIFTEQUAL = 308,
+     URSHIFTEQUAL = 309,
+     ANDEQUAL = 310,
+     MODEQUAL = 311,
+     XOREQUAL = 312,
+     OREQUAL = 313,
+     OPENBRACE = 314,
+     CLOSEBRACE = 315,
+     NUMBER = 316,
+     IDENT = 317,
+     STRING = 318,
+     AUTOPLUSPLUS = 319,
+     AUTOMINUSMINUS = 320
+   };
+#endif
+/* Tokens.  */
+#define NULLTOKEN 258
+#define TRUETOKEN 259
+#define FALSETOKEN 260
+#define BREAK 261
+#define CASE 262
+#define DEFAULT 263
+#define FOR 264
+#define NEW 265
+#define VAR 266
+#define CONSTTOKEN 267
+#define CONTINUE 268
+#define FUNCTION 269
+#define RETURN 270
+#define VOIDTOKEN 271
+#define DELETETOKEN 272
+#define IF 273
+#define THISTOKEN 274
+#define DO 275
+#define WHILE 276
+#define INTOKEN 277
+#define INSTANCEOF 278
+#define TYPEOF 279
+#define SWITCH 280
+#define WITH 281
+#define RESERVED 282
+#define THROW 283
+#define TRY 284
+#define CATCH 285
+#define FINALLY 286
+#define DEBUGGER 287
+#define IF_WITHOUT_ELSE 288
+#define ELSE 289
+#define EQEQ 290
+#define NE 291
+#define STREQ 292
+#define STRNEQ 293
+#define LE 294
+#define GE 295
+#define OR 296
+#define AND 297
+#define PLUSPLUS 298
+#define MINUSMINUS 299
+#define LSHIFT 300
+#define RSHIFT 301
+#define URSHIFT 302
+#define PLUSEQUAL 303
+#define MINUSEQUAL 304
+#define MULTEQUAL 305
+#define DIVEQUAL 306
+#define LSHIFTEQUAL 307
+#define RSHIFTEQUAL 308
+#define URSHIFTEQUAL 309
+#define ANDEQUAL 310
+#define MODEQUAL 311
+#define XOREQUAL 312
+#define OREQUAL 313
+#define OPENBRACE 314
+#define CLOSEBRACE 315
+#define NUMBER 316
+#define IDENT 317
+#define STRING 318
+#define AUTOPLUSPLUS 319
+#define AUTOMINUSMINUS 320
+
+
+
+
+/* Copy the first part of user declarations.  */
+#line 3 "../parser/Grammar.y"
+
+
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+
+#include "JSObject.h"
+#include "JSString.h"
+#include "NodeConstructors.h"
+#include "NodeInfo.h"
+#include <stdlib.h>
+#include <string.h>
+#include <wtf/MathExtras.h>
+
+#define YYMALLOC fastMalloc
+#define YYFREE fastFree
+
+#define YYMAXDEPTH 10000
+#define YYENABLE_NLS 0
+
+// Default values for bison.
+#define YYDEBUG 0 // Set to 1 to debug a parse error.
+#define jscyydebug 0 // Set to 1 to debug a parse error.
+#if !PLATFORM(DARWIN)
+// Avoid triggering warnings in older bison by not setting this on the Darwin platform.
+// FIXME: Is this still needed?
+#define YYERROR_VERBOSE
+#endif
+
+int jscyylex(void* lvalp, void* llocp, void* globalPtr);
+int jscyyerror(const char*);
+
+static inline bool allowAutomaticSemicolon(JSC::Lexer&, int);
+
+#define GLOBAL_DATA static_cast<JSGlobalData*>(globalPtr)
+#define AUTO_SEMICOLON do { if (!allowAutomaticSemicolon(*GLOBAL_DATA->lexer, yychar)) YYABORT; } while (0)
+
+using namespace JSC;
+using namespace std;
+
+static ExpressionNode* makeAssignNode(JSGlobalData*, ExpressionNode* left, Operator, ExpressionNode* right, bool leftHasAssignments, bool rightHasAssignments, int start, int divot, int end);
+static ExpressionNode* makePrefixNode(JSGlobalData*, ExpressionNode*, Operator, int start, int divot, int end);
+static ExpressionNode* makePostfixNode(JSGlobalData*, ExpressionNode*, Operator, int start, int divot, int end);
+static PropertyNode* makeGetterOrSetterPropertyNode(JSGlobalData*, const Identifier& getOrSet, const Identifier& name, ParameterNode*, FunctionBodyNode*, const SourceCode&);
+static ExpressionNodeInfo makeFunctionCallNode(JSGlobalData*, ExpressionNodeInfo function, ArgumentsNodeInfo, int start, int divot, int end);
+static ExpressionNode* makeTypeOfNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* makeDeleteNode(JSGlobalData*, ExpressionNode*, int start, int divot, int end);
+static ExpressionNode* makeNegateNode(JSGlobalData*, ExpressionNode*);
+static NumberNode* makeNumberNode(JSGlobalData*, double);
+static ExpressionNode* makeBitwiseNotNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* makeMultNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeDivNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeAddNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeSubNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeLeftShiftNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeRightShiftNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static StatementNode* makeVarStatementNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* combineCommaNodes(JSGlobalData*, ExpressionNode* list, ExpressionNode* init);
+
+#if COMPILER(MSVC)
+
+#pragma warning(disable: 4065)
+#pragma warning(disable: 4244)
+#pragma warning(disable: 4702)
+
+#endif
+
+#define YYPARSE_PARAM globalPtr
+#define YYLEX_PARAM globalPtr
+
+template <typename T> inline NodeDeclarationInfo<T> createNodeDeclarationInfo(T node,
+    ParserArenaData<DeclarationStacks::VarStack>* varDecls,
+    ParserArenaData<DeclarationStacks::FunctionStack>* funcDecls,
+    CodeFeatures info, int numConstants) 
+{
+    ASSERT((info & ~AllFeatures) == 0);
+    NodeDeclarationInfo<T> result = { node, varDecls, funcDecls, info, numConstants };
+    return result;
+}
+
+template <typename T> inline NodeInfo<T> createNodeInfo(T node, CodeFeatures info, int numConstants)
+{
+    ASSERT((info & ~AllFeatures) == 0);
+    NodeInfo<T> result = { node, info, numConstants };
+    return result;
+}
+
+template <typename T> inline T mergeDeclarationLists(T decls1, T decls2) 
+{
+    // decls1 or both are null
+    if (!decls1)
+        return decls2;
+    // only decls1 is non-null
+    if (!decls2)
+        return decls1;
+
+    // Both are non-null
+    decls1->data.append(decls2->data);
+    
+    // Manually release as much as possible from the now-defunct declaration lists
+    // to avoid accumulating so many unused heap allocated vectors.
+    decls2->data.clear();
+
+    return decls1;
+}
+
+static inline void appendToVarDeclarationList(JSGlobalData* globalData, ParserArenaData<DeclarationStacks::VarStack>*& varDecls, const Identifier& ident, unsigned attrs)
+{
+    if (!varDecls)
+        varDecls = new (globalData) ParserArenaData<DeclarationStacks::VarStack>;
+
+    varDecls->data.append(make_pair(&ident, attrs));
+}
+
+static inline void appendToVarDeclarationList(JSGlobalData* globalData, ParserArenaData<DeclarationStacks::VarStack>*& varDecls, ConstDeclNode* decl)
+{
+    unsigned attrs = DeclarationStacks::IsConstant;
+    if (decl->hasInitializer())
+        attrs |= DeclarationStacks::HasInitializer;        
+    appendToVarDeclarationList(globalData, varDecls, decl->ident(), attrs);
+}
+
+
+
+/* Enabling traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table.  */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 146 "../parser/Grammar.y"
+{
+    int                 intValue;
+    double              doubleValue;
+    const Identifier*   ident;
+
+    // expression subtrees
+    ExpressionNodeInfo  expressionNode;
+    FuncDeclNodeInfo    funcDeclNode;
+    PropertyNodeInfo    propertyNode;
+    ArgumentsNodeInfo   argumentsNode;
+    ConstDeclNodeInfo   constDeclNode;
+    CaseBlockNodeInfo   caseBlockNode;
+    CaseClauseNodeInfo  caseClauseNode;
+    FuncExprNodeInfo    funcExprNode;
+
+    // statement nodes
+    StatementNodeInfo   statementNode;
+    FunctionBodyNode*   functionBodyNode;
+    ProgramNode*        programNode;
+
+    SourceElementsInfo  sourceElements;
+    PropertyListInfo    propertyList;
+    ArgumentListInfo    argumentList;
+    VarDeclListInfo     varDeclList;
+    ConstDeclListInfo   constDeclList;
+    ClauseListInfo      clauseList;
+    ElementListInfo     elementList;
+    ParameterListInfo   parameterList;
+
+    Operator            op;
+}
+/* Line 187 of yacc.c.  */
+#line 409 "JavaScriptCore/tmp/../generated/Grammar.tab.c"
+	YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
+typedef struct YYLTYPE
+{
+  int first_line;
+  int first_column;
+  int last_line;
+  int last_column;
+} YYLTYPE;
+# define yyltype YYLTYPE /* obsolescent; will be withdrawn */
+# define YYLTYPE_IS_DECLARED 1
+# define YYLTYPE_IS_TRIVIAL 1
+#endif
+
+
+/* Copy the second part of user declarations.  */
+#line 178 "../parser/Grammar.y"
+
+
+template <typename T> inline void setStatementLocation(StatementNode* statement, const T& start, const T& end)
+{
+    statement->setLoc(start.first_line, end.last_line, start.first_column);
+}
+
+static inline void setExceptionLocation(ThrowableExpressionData* node, unsigned start, unsigned divot, unsigned end)
+{
+    node->setExceptionSourceCode(divot, divot - start, end - divot);
+}
+
+
+
+/* Line 216 of yacc.c.  */
+#line 447 "JavaScriptCore/tmp/../generated/Grammar.tab.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+#  define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+#  define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# else
+#  define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if YYENABLE_NLS
+#  if ENABLE_NLS
+#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+#   define YY_(msgid) dgettext ("bison-runtime", msgid)
+#  endif
+# endif
+# ifndef YY_
+#  define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E.  */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions.  */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+    int i;
+#endif
+{
+  return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# ifdef YYSTACK_USE_ALLOCA
+#  if YYSTACK_USE_ALLOCA
+#   ifdef __GNUC__
+#    define YYSTACK_ALLOC __builtin_alloca
+#   elif defined __BUILTIN_VA_ARG_INCR
+#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+#   elif defined _AIX
+#    define YYSTACK_ALLOC __alloca
+#   elif defined _MSC_VER
+#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+#    define alloca _alloca
+#   else
+#    define YYSTACK_ALLOC alloca
+#    if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#     ifndef _STDLIB_H
+#      define _STDLIB_H 1
+#     endif
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's `empty if-body' warning.  */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+    /* The OS might guarantee only one guard page at the bottom of the stack,
+       and a page size can be as small as 4096 bytes.  So we cannot safely
+       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
+       to allow for a few compiler-allocated temporary stack slots.  */
+#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+#  endif
+# else
+#  define YYSTACK_ALLOC YYMALLOC
+#  define YYSTACK_FREE YYFREE
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+#  endif
+#  if (defined __cplusplus && ! defined _STDLIB_H \
+       && ! ((defined YYMALLOC || defined malloc) \
+	     && (defined YYFREE || defined free)))
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   ifndef _STDLIB_H
+#    define _STDLIB_H 1
+#   endif
+#  endif
+#  ifndef YYMALLOC
+#   define YYMALLOC malloc
+#   if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+#  ifndef YYFREE
+#   define YYFREE free
+#   if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+     && (! defined __cplusplus \
+	 || (defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL \
+	     && defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  yytype_int16 yyss;
+  YYSTYPE yyvs;
+    YYLTYPE yyls;
+};
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE) + sizeof (YYLTYPE)) \
+      + 2 * YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if defined __GNUC__ && 1 < __GNUC__
+#   define YYCOPY(To, From, Count) \
+      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+#  else
+#   define YYCOPY(To, From, Count)		\
+      do					\
+	{					\
+	  YYSIZE_T yyi;				\
+	  for (yyi = 0; yyi < (Count); yyi++)	\
+	    (To)[yyi] = (From)[yyi];		\
+	}					\
+      while (YYID (0))
+#  endif
+# endif
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack)					\
+    do									\
+      {									\
+	YYSIZE_T yynewbytes;						\
+	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+	Stack = &yyptr->Stack;						\
+	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+	yyptr += yynewbytes / sizeof (*yyptr);				\
+      }									\
+    while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state.  */
+#define YYFINAL  206
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   2349
+
+/* YYNTOKENS -- Number of terminals.  */
+#define YYNTOKENS  88
+/* YYNNTS -- Number of nonterminals.  */
+#define YYNNTS  194
+/* YYNRULES -- Number of rules.  */
+#define YYNRULES  597
+/* YYNRULES -- Number of states.  */
+#define YYNSTATES  1082
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   320
+
+#define YYTRANSLATE(YYX)						\
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+static const yytype_uint8 yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,    77,     2,     2,     2,    79,    82,     2,
+      68,    69,    78,    74,    70,    75,    73,    66,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,    67,    87,
+      80,    86,    81,    85,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,    71,     2,    72,    83,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,    84,     2,    76,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
+      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
+      35,    36,    37,    38,    39,    40,    41,    42,    43,    44,
+      45,    46,    47,    48,    49,    50,    51,    52,    53,    54,
+      55,    56,    57,    58,    59,    60,    61,    62,    63,    64,
+      65
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+   YYRHS.  */
+static const yytype_uint16 yyprhs[] =
+{
+       0,     0,     3,     5,     7,     9,    11,    13,    15,    17,
+      21,    25,    29,    37,    46,    48,    52,    54,    57,    61,
+      66,    68,    70,    72,    74,    78,    82,    86,    92,    95,
+     100,   101,   103,   105,   108,   110,   112,   117,   121,   125,
+     127,   132,   136,   140,   142,   145,   147,   150,   153,   156,
+     161,   165,   168,   171,   176,   180,   183,   187,   189,   193,
+     195,   197,   199,   201,   203,   206,   209,   211,   214,   217,
+     220,   223,   226,   229,   232,   235,   238,   241,   244,   247,
+     250,   252,   254,   256,   258,   260,   264,   268,   272,   274,
+     278,   282,   286,   288,   292,   296,   298,   302,   306,   308,
+     312,   316,   320,   322,   326,   330,   334,   336,   340,   344,
+     348,   352,   356,   360,   362,   366,   370,   374,   378,   382,
+     384,   388,   392,   396,   400,   404,   408,   410,   414,   418,
+     422,   426,   428,   432,   436,   440,   444,   446,   450,   454,
+     458,   462,   464,   468,   470,   474,   476,   480,   482,   486,
+     488,   492,   494,   498,   500,   504,   506,   510,   512,   516,
+     518,   522,   524,   528,   530,   534,   536,   540,   542,   546,
+     548,   552,   554,   560,   562,   568,   570,   576,   578,   582,
+     584,   588,   590,   594,   596,   598,   600,   602,   604,   606,
+     608,   610,   612,   614,   616,   618,   620,   624,   626,   630,
+     632,   636,   638,   640,   642,   644,   646,   648,   650,   652,
+     654,   656,   658,   660,   662,   664,   666,   668,   670,   673,
+     677,   681,   685,   687,   690,   694,   699,   701,   704,   708,
+     713,   717,   721,   723,   727,   729,   732,   735,   738,   740,
+     743,   746,   752,   760,   768,   776,   782,   792,   803,   811,
+     820,   830,   831,   833,   834,   836,   839,   842,   846,   850,
+     853,   856,   860,   864,   867,   870,   874,   878,   884,   890,
+     894,   900,   901,   903,   905,   908,   912,   917,   920,   924,
+     928,   932,   936,   941,   949,   959,   962,   965,   973,   982,
+     989,   997,  1005,  1014,  1016,  1020,  1021,  1023,  1024,  1026,
+    1028,  1031,  1033,  1035,  1037,  1039,  1041,  1043,  1045,  1049,
+    1053,  1057,  1065,  1074,  1076,  1080,  1082,  1085,  1089,  1094,
+    1096,  1098,  1100,  1102,  1106,  1110,  1114,  1120,  1123,  1128,
+    1129,  1131,  1133,  1136,  1138,  1140,  1145,  1149,  1153,  1155,
+    1160,  1164,  1168,  1170,  1173,  1175,  1178,  1181,  1184,  1189,
+    1193,  1196,  1199,  1204,  1208,  1211,  1215,  1217,  1221,  1223,
+    1225,  1227,  1229,  1231,  1234,  1237,  1239,  1242,  1245,  1248,
+    1251,  1254,  1257,  1260,  1263,  1266,  1269,  1272,  1275,  1278,
+    1280,  1282,  1284,  1286,  1288,  1292,  1296,  1300,  1302,  1306,
+    1310,  1314,  1316,  1320,  1324,  1326,  1330,  1334,  1336,  1340,
+    1344,  1348,  1350,  1354,  1358,  1362,  1364,  1368,  1372,  1376,
+    1380,  1384,  1388,  1390,  1394,  1398,  1402,  1406,  1410,  1412,
+    1416,  1420,  1424,  1428,  1432,  1436,  1438,  1442,  1446,  1450,
+    1454,  1456,  1460,  1464,  1468,  1472,  1474,  1478,  1482,  1486,
+    1490,  1492,  1496,  1498,  1502,  1504,  1508,  1510,  1514,  1516,
+    1520,  1522,  1526,  1528,  1532,  1534,  1538,  1540,  1544,  1546,
+    1550,  1552,  1556,  1558,  1562,  1564,  1568,  1570,  1574,  1576,
+    1580,  1582,  1588,  1590,  1596,  1598,  1604,  1606,  1610,  1612,
+    1616,  1618,  1622,  1624,  1626,  1628,  1630,  1632,  1634,  1636,
+    1638,  1640,  1642,  1644,  1646,  1648,  1652,  1654,  1658,  1660,
+    1664,  1666,  1668,  1670,  1672,  1674,  1676,  1678,  1680,  1682,
+    1684,  1686,  1688,  1690,  1692,  1694,  1696,  1698,  1701,  1705,
+    1709,  1713,  1715,  1718,  1722,  1727,  1729,  1732,  1736,  1741,
+    1745,  1749,  1751,  1755,  1757,  1760,  1763,  1766,  1768,  1771,
+    1774,  1780,  1788,  1796,  1804,  1810,  1820,  1831,  1839,  1848,
+    1858,  1859,  1861,  1862,  1864,  1867,  1870,  1874,  1878,  1881,
+    1884,  1888,  1892,  1895,  1898,  1902,  1906,  1912,  1918,  1922,
+    1928,  1929,  1931,  1933,  1936,  1940,  1945,  1948,  1952,  1956,
+    1960,  1964,  1969,  1977,  1987,  1990,  1993,  2001,  2010,  2017,
+    2025,  2033,  2042,  2044,  2048,  2049,  2051,  2053
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS.  */
+static const yytype_int16 yyrhs[] =
+{
+     184,     0,    -1,     3,    -1,     4,    -1,     5,    -1,    61,
+      -1,    63,    -1,    66,    -1,    51,    -1,    62,    67,   143,
+      -1,    63,    67,   143,    -1,    61,    67,   143,    -1,    62,
+      62,    68,    69,    59,   183,    60,    -1,    62,    62,    68,
+     182,    69,    59,   183,    60,    -1,    90,    -1,    91,    70,
+      90,    -1,    93,    -1,    59,    60,    -1,    59,    91,    60,
+      -1,    59,    91,    70,    60,    -1,    19,    -1,    89,    -1,
+      94,    -1,    62,    -1,    68,   147,    69,    -1,    71,    96,
+      72,    -1,    71,    95,    72,    -1,    71,    95,    70,    96,
+      72,    -1,    96,   143,    -1,    95,    70,    96,   143,    -1,
+      -1,    97,    -1,    70,    -1,    97,    70,    -1,    92,    -1,
+     181,    -1,    98,    71,   147,    72,    -1,    98,    73,    62,
+      -1,    10,    98,   104,    -1,    93,    -1,    99,    71,   147,
+      72,    -1,    99,    73,    62,    -1,    10,    98,   104,    -1,
+      98,    -1,    10,   100,    -1,    99,    -1,    10,   100,    -1,
+      98,   104,    -1,   102,   104,    -1,   102,    71,   147,    72,
+      -1,   102,    73,    62,    -1,    99,   104,    -1,   103,   104,
+      -1,   103,    71,   147,    72,    -1,   103,    73,    62,    -1,
+      68,    69,    -1,    68,   105,    69,    -1,   143,    -1,   105,
+      70,   143,    -1,   100,    -1,   102,    -1,   101,    -1,   103,
+      -1,   106,    -1,   106,    43,    -1,   106,    44,    -1,   107,
+      -1,   107,    43,    -1,   107,    44,    -1,    17,   111,    -1,
+      16,   111,    -1,    24,   111,    -1,    43,   111,    -1,    64,
+     111,    -1,    44,   111,    -1,    65,   111,    -1,    74,   111,
+      -1,    75,   111,    -1,    76,   111,    -1,    77,   111,    -1,
+     108,    -1,   110,    -1,   109,    -1,   110,    -1,   111,    -1,
+     113,    78,   111,    -1,   113,    66,   111,    -1,   113,    79,
+     111,    -1,   112,    -1,   114,    78,   111,    -1,   114,    66,
+     111,    -1,   114,    79,   111,    -1,   113,    -1,   115,    74,
+     113,    -1,   115,    75,   113,    -1,   114,    -1,   116,    74,
+     113,    -1,   116,    75,   113,    -1,   115,    -1,   117,    45,
+     115,    -1,   117,    46,   115,    -1,   117,    47,   115,    -1,
+     116,    -1,   118,    45,   115,    -1,   118,    46,   115,    -1,
+     118,    47,   115,    -1,   117,    -1,   119,    80,   117,    -1,
+     119,    81,   117,    -1,   119,    39,   117,    -1,   119,    40,
+     117,    -1,   119,    23,   117,    -1,   119,    22,   117,    -1,
+     117,    -1,   120,    80,   117,    -1,   120,    81,   117,    -1,
+     120,    39,   117,    -1,   120,    40,   117,    -1,   120,    23,
+     117,    -1,   118,    -1,   121,    80,   117,    -1,   121,    81,
+     117,    -1,   121,    39,   117,    -1,   121,    40,   117,    -1,
+     121,    23,   117,    -1,   121,    22,   117,    -1,   119,    -1,
+     122,    35,   119,    -1,   122,    36,   119,    -1,   122,    37,
+     119,    -1,   122,    38,   119,    -1,   120,    -1,   123,    35,
+     120,    -1,   123,    36,   120,    -1,   123,    37,   120,    -1,
+     123,    38,   120,    -1,   121,    -1,   124,    35,   119,    -1,
+     124,    36,   119,    -1,   124,    37,   119,    -1,   124,    38,
+     119,    -1,   122,    -1,   125,    82,   122,    -1,   123,    -1,
+     126,    82,   123,    -1,   124,    -1,   127,    82,   122,    -1,
+     125,    -1,   128,    83,   125,    -1,   126,    -1,   129,    83,
+     126,    -1,   127,    -1,   130,    83,   125,    -1,   128,    -1,
+     131,    84,   128,    -1,   129,    -1,   132,    84,   129,    -1,
+     130,    -1,   133,    84,   128,    -1,   131,    -1,   134,    42,
+     131,    -1,   132,    -1,   135,    42,   132,    -1,   133,    -1,
+     136,    42,   131,    -1,   134,    -1,   137,    41,   134,    -1,
+     135,    -1,   138,    41,   135,    -1,   136,    -1,   139,    41,
+     134,    -1,   137,    -1,   137,    85,   143,    67,   143,    -1,
+     138,    -1,   138,    85,   144,    67,   144,    -1,   139,    -1,
+     139,    85,   143,    67,   143,    -1,   140,    -1,   106,   146,
+     143,    -1,   141,    -1,   106,   146,   144,    -1,   142,    -1,
+     107,   146,   143,    -1,    86,    -1,    48,    -1,    49,    -1,
+      50,    -1,    51,    -1,    52,    -1,    53,    -1,    54,    -1,
+      55,    -1,    57,    -1,    58,    -1,    56,    -1,   143,    -1,
+     147,    70,   143,    -1,   144,    -1,   148,    70,   144,    -1,
+     145,    -1,   149,    70,   143,    -1,   151,    -1,   152,    -1,
+     155,    -1,   180,    -1,   160,    -1,   161,    -1,   162,    -1,
+     163,    -1,   166,    -1,   167,    -1,   168,    -1,   169,    -1,
+     170,    -1,   176,    -1,   177,    -1,   178,    -1,   179,    -1,
+      59,    60,    -1,    59,   185,    60,    -1,    11,   153,    87,
+      -1,    11,   153,     1,    -1,    62,    -1,    62,   158,    -1,
+     153,    70,    62,    -1,   153,    70,    62,   158,    -1,    62,
+      -1,    62,   159,    -1,   154,    70,    62,    -1,   154,    70,
+      62,   159,    -1,    12,   156,    87,    -1,    12,   156,     1,
+      -1,   157,    -1,   156,    70,   157,    -1,    62,    -1,    62,
+     158,    -1,    86,   143,    -1,    86,   144,    -1,    87,    -1,
+     149,    87,    -1,   149,     1,    -1,    18,    68,   147,    69,
+     150,    -1,    18,    68,   147,    69,   150,    34,   150,    -1,
+      20,   150,    21,    68,   147,    69,    87,    -1,    20,   150,
+      21,    68,   147,    69,     1,    -1,    21,    68,   147,    69,
+     150,    -1,     9,    68,   165,    87,   164,    87,   164,    69,
+     150,    -1,     9,    68,    11,   154,    87,   164,    87,   164,
+      69,   150,    -1,     9,    68,   106,    22,   147,    69,   150,
+      -1,     9,    68,    11,    62,    22,   147,    69,   150,    -1,
+       9,    68,    11,    62,   159,    22,   147,    69,   150,    -1,
+      -1,   147,    -1,    -1,   148,    -1,    13,    87,    -1,    13,
+       1,    -1,    13,    62,    87,    -1,    13,    62,     1,    -1,
+       6,    87,    -1,     6,     1,    -1,     6,    62,    87,    -1,
+       6,    62,     1,    -1,    15,    87,    -1,    15,     1,    -1,
+      15,   147,    87,    -1,    15,   147,     1,    -1,    26,    68,
+     147,    69,   150,    -1,    25,    68,   147,    69,   171,    -1,
+      59,   172,    60,    -1,    59,   172,   175,   172,    60,    -1,
+      -1,   173,    -1,   174,    -1,   173,   174,    -1,     7,   147,
+      67,    -1,     7,   147,    67,   185,    -1,     8,    67,    -1,
+       8,    67,   185,    -1,    62,    67,   150,    -1,    28,   147,
+      87,    -1,    28,   147,     1,    -1,    29,   151,    31,   151,
+      -1,    29,   151,    30,    68,    62,    69,   151,    -1,    29,
+     151,    30,    68,    62,    69,   151,    31,   151,    -1,    32,
+      87,    -1,    32,     1,    -1,    14,    62,    68,    69,    59,
+     183,    60,    -1,    14,    62,    68,   182,    69,    59,   183,
+      60,    -1,    14,    68,    69,    59,   183,    60,    -1,    14,
+      68,   182,    69,    59,   183,    60,    -1,    14,    62,    68,
+      69,    59,   183,    60,    -1,    14,    62,    68,   182,    69,
+      59,   183,    60,    -1,    62,    -1,   182,    70,    62,    -1,
+      -1,   281,    -1,    -1,   185,    -1,   150,    -1,   185,   150,
+      -1,     3,    -1,     4,    -1,     5,    -1,    61,    -1,    63,
+      -1,    66,    -1,    51,    -1,    62,    67,   240,    -1,    63,
+      67,   240,    -1,    61,    67,   240,    -1,    62,    62,    68,
+      69,    59,   280,    60,    -1,    62,    62,    68,   279,    69,
+      59,   280,    60,    -1,   187,    -1,   188,    70,   187,    -1,
+     190,    -1,    59,    60,    -1,    59,   188,    60,    -1,    59,
+     188,    70,    60,    -1,    19,    -1,   186,    -1,   191,    -1,
+      62,    -1,    68,   244,    69,    -1,    71,   193,    72,    -1,
+      71,   192,    72,    -1,    71,   192,    70,   193,    72,    -1,
+     193,   240,    -1,   192,    70,   193,   240,    -1,    -1,   194,
+      -1,    70,    -1,   194,    70,    -1,   189,    -1,   278,    -1,
+     195,    71,   244,    72,    -1,   195,    73,    62,    -1,    10,
+     195,   201,    -1,   190,    -1,   196,    71,   244,    72,    -1,
+     196,    73,    62,    -1,    10,   195,   201,    -1,   195,    -1,
+      10,   197,    -1,   196,    -1,    10,   197,    -1,   195,   201,
+      -1,   199,   201,    -1,   199,    71,   244,    72,    -1,   199,
+      73,    62,    -1,   196,   201,    -1,   200,   201,    -1,   200,
+      71,   244,    72,    -1,   200,    73,    62,    -1,    68,    69,
+      -1,    68,   202,    69,    -1,   240,    -1,   202,    70,   240,
+      -1,   197,    -1,   199,    -1,   198,    -1,   200,    -1,   203,
+      -1,   203,    43,    -1,   203,    44,    -1,   204,    -1,   204,
+      43,    -1,   204,    44,    -1,    17,   208,    -1,    16,   208,
+      -1,    24,   208,    -1,    43,   208,    -1,    64,   208,    -1,
+      44,   208,    -1,    65,   208,    -1,    74,   208,    -1,    75,
+     208,    -1,    76,   208,    -1,    77,   208,    -1,   205,    -1,
+     207,    -1,   206,    -1,   207,    -1,   208,    -1,   210,    78,
+     208,    -1,   210,    66,   208,    -1,   210,    79,   208,    -1,
+     209,    -1,   211,    78,   208,    -1,   211,    66,   208,    -1,
+     211,    79,   208,    -1,   210,    -1,   212,    74,   210,    -1,
+     212,    75,   210,    -1,   211,    -1,   213,    74,   210,    -1,
+     213,    75,   210,    -1,   212,    -1,   214,    45,   212,    -1,
+     214,    46,   212,    -1,   214,    47,   212,    -1,   213,    -1,
+     215,    45,   212,    -1,   215,    46,   212,    -1,   215,    47,
+     212,    -1,   214,    -1,   216,    80,   214,    -1,   216,    81,
+     214,    -1,   216,    39,   214,    -1,   216,    40,   214,    -1,
+     216,    23,   214,    -1,   216,    22,   214,    -1,   214,    -1,
+     217,    80,   214,    -1,   217,    81,   214,    -1,   217,    39,
+     214,    -1,   217,    40,   214,    -1,   217,    23,   214,    -1,
+     215,    -1,   218,    80,   214,    -1,   218,    81,   214,    -1,
+     218,    39,   214,    -1,   218,    40,   214,    -1,   218,    23,
+     214,    -1,   218,    22,   214,    -1,   216,    -1,   219,    35,
+     216,    -1,   219,    36,   216,    -1,   219,    37,   216,    -1,
+     219,    38,   216,    -1,   217,    -1,   220,    35,   217,    -1,
+     220,    36,   217,    -1,   220,    37,   217,    -1,   220,    38,
+     217,    -1,   218,    -1,   221,    35,   216,    -1,   221,    36,
+     216,    -1,   221,    37,   216,    -1,   221,    38,   216,    -1,
+     219,    -1,   222,    82,   219,    -1,   220,    -1,   223,    82,
+     220,    -1,   221,    -1,   224,    82,   219,    -1,   222,    -1,
+     225,    83,   222,    -1,   223,    -1,   226,    83,   223,    -1,
+     224,    -1,   227,    83,   222,    -1,   225,    -1,   228,    84,
+     225,    -1,   226,    -1,   229,    84,   226,    -1,   227,    -1,
+     230,    84,   225,    -1,   228,    -1,   231,    42,   228,    -1,
+     229,    -1,   232,    42,   229,    -1,   230,    -1,   233,    42,
+     228,    -1,   231,    -1,   234,    41,   231,    -1,   232,    -1,
+     235,    41,   232,    -1,   233,    -1,   236,    41,   231,    -1,
+     234,    -1,   234,    85,   240,    67,   240,    -1,   235,    -1,
+     235,    85,   241,    67,   241,    -1,   236,    -1,   236,    85,
+     240,    67,   240,    -1,   237,    -1,   203,   243,   240,    -1,
+     238,    -1,   203,   243,   241,    -1,   239,    -1,   204,   243,
+     240,    -1,    86,    -1,    48,    -1,    49,    -1,    50,    -1,
+      51,    -1,    52,    -1,    53,    -1,    54,    -1,    55,    -1,
+      57,    -1,    58,    -1,    56,    -1,   240,    -1,   244,    70,
+     240,    -1,   241,    -1,   245,    70,   241,    -1,   242,    -1,
+     246,    70,   240,    -1,   248,    -1,   249,    -1,   252,    -1,
+     277,    -1,   257,    -1,   258,    -1,   259,    -1,   260,    -1,
+     263,    -1,   264,    -1,   265,    -1,   266,    -1,   267,    -1,
+     273,    -1,   274,    -1,   275,    -1,   276,    -1,    59,    60,
+      -1,    59,   281,    60,    -1,    11,   250,    87,    -1,    11,
+     250,     1,    -1,    62,    -1,    62,   255,    -1,   250,    70,
+      62,    -1,   250,    70,    62,   255,    -1,    62,    -1,    62,
+     256,    -1,   251,    70,    62,    -1,   251,    70,    62,   256,
+      -1,    12,   253,    87,    -1,    12,   253,     1,    -1,   254,
+      -1,   253,    70,   254,    -1,    62,    -1,    62,   255,    -1,
+      86,   240,    -1,    86,   241,    -1,    87,    -1,   246,    87,
+      -1,   246,     1,    -1,    18,    68,   244,    69,   247,    -1,
+      18,    68,   244,    69,   247,    34,   247,    -1,    20,   247,
+      21,    68,   244,    69,    87,    -1,    20,   247,    21,    68,
+     244,    69,     1,    -1,    21,    68,   244,    69,   247,    -1,
+       9,    68,   262,    87,   261,    87,   261,    69,   247,    -1,
+       9,    68,    11,   251,    87,   261,    87,   261,    69,   247,
+      -1,     9,    68,   203,    22,   244,    69,   247,    -1,     9,
+      68,    11,    62,    22,   244,    69,   247,    -1,     9,    68,
+      11,    62,   256,    22,   244,    69,   247,    -1,    -1,   244,
+      -1,    -1,   245,    -1,    13,    87,    -1,    13,     1,    -1,
+      13,    62,    87,    -1,    13,    62,     1,    -1,     6,    87,
+      -1,     6,     1,    -1,     6,    62,    87,    -1,     6,    62,
+       1,    -1,    15,    87,    -1,    15,     1,    -1,    15,   244,
+      87,    -1,    15,   244,     1,    -1,    26,    68,   244,    69,
+     247,    -1,    25,    68,   244,    69,   268,    -1,    59,   269,
+      60,    -1,    59,   269,   272,   269,    60,    -1,    -1,   270,
+      -1,   271,    -1,   270,   271,    -1,     7,   244,    67,    -1,
+       7,   244,    67,   281,    -1,     8,    67,    -1,     8,    67,
+     281,    -1,    62,    67,   247,    -1,    28,   244,    87,    -1,
+      28,   244,     1,    -1,    29,   248,    31,   248,    -1,    29,
+     248,    30,    68,    62,    69,   248,    -1,    29,   248,    30,
+      68,    62,    69,   248,    31,   248,    -1,    32,    87,    -1,
+      32,     1,    -1,    14,    62,    68,    69,    59,   280,    60,
+      -1,    14,    62,    68,   279,    69,    59,   280,    60,    -1,
+      14,    68,    69,    59,   280,    60,    -1,    14,    68,   279,
+      69,    59,   280,    60,    -1,    14,    62,    68,    69,    59,
+     280,    60,    -1,    14,    62,    68,   279,    69,    59,   280,
+      60,    -1,    62,    -1,   279,    70,    62,    -1,    -1,   281,
+      -1,   247,    -1,   281,   247,    -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+static const yytype_uint16 yyrline[] =
+{
+       0,   293,   293,   294,   295,   296,   297,   298,   309,   323,
+     324,   325,   326,   327,   339,   343,   350,   351,   352,   354,
+     358,   359,   360,   361,   362,   366,   367,   368,   372,   376,
+     384,   385,   389,   390,   394,   395,   396,   400,   404,   411,
+     412,   416,   420,   427,   428,   435,   436,   443,   444,   445,
+     449,   455,   456,   457,   461,   468,   469,   473,   477,   484,
+     485,   489,   490,   494,   495,   496,   500,   501,   502,   506,
+     507,   508,   509,   510,   511,   512,   513,   514,   515,   516,
+     519,   520,   524,   525,   529,   530,   531,   532,   536,   537,
+     539,   541,   546,   547,   548,   552,   553,   555,   560,   561,
+     562,   563,   567,   568,   569,   570,   574,   575,   576,   577,
+     578,   579,   582,   588,   589,   590,   591,   592,   593,   600,
+     601,   602,   603,   604,   605,   609,   616,   617,   618,   619,
+     620,   624,   625,   627,   629,   631,   636,   637,   639,   640,
+     642,   647,   648,   652,   653,   658,   659,   663,   664,   668,
+     669,   674,   675,   680,   681,   685,   686,   691,   692,   697,
+     698,   702,   703,   708,   709,   714,   715,   719,   720,   725,
+     726,   730,   731,   736,   737,   742,   743,   748,   749,   756,
+     757,   764,   765,   772,   773,   774,   775,   776,   777,   778,
+     779,   780,   781,   782,   783,   787,   788,   792,   793,   797,
+     798,   802,   803,   804,   805,   806,   807,   808,   809,   810,
+     811,   812,   813,   814,   815,   816,   817,   818,   822,   824,
+     829,   831,   837,   844,   853,   861,   874,   881,   890,   898,
+     911,   913,   919,   927,   939,   940,   944,   948,   952,   956,
+     958,   963,   966,   976,   978,   980,   982,   988,   995,  1004,
+    1010,  1021,  1022,  1026,  1027,  1031,  1035,  1039,  1043,  1050,
+    1053,  1056,  1059,  1065,  1068,  1071,  1074,  1080,  1086,  1092,
+    1093,  1102,  1103,  1107,  1113,  1123,  1124,  1128,  1129,  1133,
+    1139,  1143,  1150,  1156,  1162,  1172,  1174,  1179,  1180,  1191,
+    1192,  1199,  1200,  1210,  1213,  1219,  1220,  1224,  1225,  1230,
+    1237,  1248,  1249,  1250,  1251,  1252,  1253,  1254,  1258,  1259,
+    1260,  1261,  1262,  1266,  1267,  1271,  1272,  1273,  1275,  1279,
+    1280,  1281,  1282,  1283,  1287,  1288,  1289,  1293,  1294,  1297,
+    1299,  1303,  1304,  1308,  1309,  1310,  1311,  1312,  1316,  1317,
+    1318,  1319,  1323,  1324,  1328,  1329,  1333,  1334,  1335,  1336,
+    1340,  1341,  1342,  1343,  1347,  1348,  1352,  1353,  1357,  1358,
+    1362,  1363,  1367,  1368,  1369,  1373,  1374,  1375,  1379,  1380,
+    1381,  1382,  1383,  1384,  1385,  1386,  1387,  1388,  1389,  1392,
+    1393,  1397,  1398,  1402,  1403,  1404,  1405,  1409,  1410,  1411,
+    1412,  1416,  1417,  1418,  1422,  1423,  1424,  1428,  1429,  1430,
+    1431,  1435,  1436,  1437,  1438,  1442,  1443,  1444,  1445,  1446,
+    1447,  1448,  1452,  1453,  1454,  1455,  1456,  1457,  1461,  1462,
+    1463,  1464,  1465,  1466,  1467,  1471,  1472,  1473,  1474,  1475,
+    1479,  1480,  1481,  1482,  1483,  1487,  1488,  1489,  1490,  1491,
+    1495,  1496,  1500,  1501,  1505,  1506,  1510,  1511,  1515,  1516,
+    1520,  1521,  1525,  1526,  1530,  1531,  1535,  1536,  1540,  1541,
+    1545,  1546,  1550,  1551,  1555,  1556,  1560,  1561,  1565,  1566,
+    1570,  1571,  1575,  1576,  1580,  1581,  1585,  1586,  1590,  1591,
+    1595,  1596,  1600,  1601,  1602,  1603,  1604,  1605,  1606,  1607,
+    1608,  1609,  1610,  1611,  1615,  1616,  1620,  1621,  1625,  1626,
+    1630,  1631,  1632,  1633,  1634,  1635,  1636,  1637,  1638,  1639,
+    1640,  1641,  1642,  1643,  1644,  1645,  1646,  1650,  1651,  1655,
+    1656,  1660,  1661,  1662,  1663,  1667,  1668,  1669,  1670,  1674,
+    1675,  1679,  1680,  1684,  1685,  1689,  1693,  1697,  1701,  1702,
+    1706,  1707,  1711,  1712,  1713,  1714,  1715,  1716,  1717,  1718,
+    1721,  1723,  1726,  1728,  1732,  1733,  1734,  1735,  1739,  1740,
+    1741,  1742,  1746,  1747,  1748,  1749,  1753,  1757,  1761,  1762,
+    1765,  1767,  1771,  1772,  1776,  1777,  1781,  1782,  1786,  1790,
+    1791,  1795,  1796,  1797,  1801,  1802,  1806,  1807,  1811,  1812,
+    1813,  1814,  1818,  1819,  1822,  1824,  1828,  1829
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "NULLTOKEN", "TRUETOKEN", "FALSETOKEN",
+  "BREAK", "CASE", "DEFAULT", "FOR", "NEW", "VAR", "CONSTTOKEN",
+  "CONTINUE", "FUNCTION", "RETURN", "VOIDTOKEN", "DELETETOKEN", "IF",
+  "THISTOKEN", "DO", "WHILE", "INTOKEN", "INSTANCEOF", "TYPEOF", "SWITCH",
+  "WITH", "RESERVED", "THROW", "TRY", "CATCH", "FINALLY", "DEBUGGER",
+  "IF_WITHOUT_ELSE", "ELSE", "EQEQ", "NE", "STREQ", "STRNEQ", "LE", "GE",
+  "OR", "AND", "PLUSPLUS", "MINUSMINUS", "LSHIFT", "RSHIFT", "URSHIFT",
+  "PLUSEQUAL", "MINUSEQUAL", "MULTEQUAL", "DIVEQUAL", "LSHIFTEQUAL",
+  "RSHIFTEQUAL", "URSHIFTEQUAL", "ANDEQUAL", "MODEQUAL", "XOREQUAL",
+  "OREQUAL", "OPENBRACE", "CLOSEBRACE", "NUMBER", "IDENT", "STRING",
+  "AUTOPLUSPLUS", "AUTOMINUSMINUS", "'/'", "':'", "'('", "')'", "','",
+  "'['", "']'", "'.'", "'+'", "'-'", "'~'", "'!'", "'*'", "'%'", "'<'",
+  "'>'", "'&'", "'^'", "'|'", "'?'", "'='", "';'", "$accept", "Literal",
+  "Property", "PropertyList", "PrimaryExpr", "PrimaryExprNoBrace",
+  "ArrayLiteral", "ElementList", "ElisionOpt", "Elision", "MemberExpr",
+  "MemberExprNoBF", "NewExpr", "NewExprNoBF", "CallExpr", "CallExprNoBF",
+  "Arguments", "ArgumentList", "LeftHandSideExpr", "LeftHandSideExprNoBF",
+  "PostfixExpr", "PostfixExprNoBF", "UnaryExprCommon", "UnaryExpr",
+  "UnaryExprNoBF", "MultiplicativeExpr", "MultiplicativeExprNoBF",
+  "AdditiveExpr", "AdditiveExprNoBF", "ShiftExpr", "ShiftExprNoBF",
+  "RelationalExpr", "RelationalExprNoIn", "RelationalExprNoBF",
+  "EqualityExpr", "EqualityExprNoIn", "EqualityExprNoBF", "BitwiseANDExpr",
+  "BitwiseANDExprNoIn", "BitwiseANDExprNoBF", "BitwiseXORExpr",
+  "BitwiseXORExprNoIn", "BitwiseXORExprNoBF", "BitwiseORExpr",
+  "BitwiseORExprNoIn", "BitwiseORExprNoBF", "LogicalANDExpr",
+  "LogicalANDExprNoIn", "LogicalANDExprNoBF", "LogicalORExpr",
+  "LogicalORExprNoIn", "LogicalORExprNoBF", "ConditionalExpr",
+  "ConditionalExprNoIn", "ConditionalExprNoBF", "AssignmentExpr",
+  "AssignmentExprNoIn", "AssignmentExprNoBF", "AssignmentOperator", "Expr",
+  "ExprNoIn", "ExprNoBF", "Statement", "Block", "VariableStatement",
+  "VariableDeclarationList", "VariableDeclarationListNoIn",
+  "ConstStatement", "ConstDeclarationList", "ConstDeclaration",
+  "Initializer", "InitializerNoIn", "EmptyStatement", "ExprStatement",
+  "IfStatement", "IterationStatement", "ExprOpt", "ExprNoInOpt",
+  "ContinueStatement", "BreakStatement", "ReturnStatement",
+  "WithStatement", "SwitchStatement", "CaseBlock", "CaseClausesOpt",
+  "CaseClauses", "CaseClause", "DefaultClause", "LabelledStatement",
+  "ThrowStatement", "TryStatement", "DebuggerStatement",
+  "FunctionDeclaration", "FunctionExpr", "FormalParameterList",
+  "FunctionBody", "Program", "SourceElements", "Literal_NoNode",
+  "Property_NoNode", "PropertyList_NoNode", "PrimaryExpr_NoNode",
+  "PrimaryExprNoBrace_NoNode", "ArrayLiteral_NoNode", "ElementList_NoNode",
+  "ElisionOpt_NoNode", "Elision_NoNode", "MemberExpr_NoNode",
+  "MemberExprNoBF_NoNode", "NewExpr_NoNode", "NewExprNoBF_NoNode",
+  "CallExpr_NoNode", "CallExprNoBF_NoNode", "Arguments_NoNode",
+  "ArgumentList_NoNode", "LeftHandSideExpr_NoNode",
+  "LeftHandSideExprNoBF_NoNode", "PostfixExpr_NoNode",
+  "PostfixExprNoBF_NoNode", "UnaryExprCommon_NoNode", "UnaryExpr_NoNode",
+  "UnaryExprNoBF_NoNode", "MultiplicativeExpr_NoNode",
+  "MultiplicativeExprNoBF_NoNode", "AdditiveExpr_NoNode",
+  "AdditiveExprNoBF_NoNode", "ShiftExpr_NoNode", "ShiftExprNoBF_NoNode",
+  "RelationalExpr_NoNode", "RelationalExprNoIn_NoNode",
+  "RelationalExprNoBF_NoNode", "EqualityExpr_NoNode",
+  "EqualityExprNoIn_NoNode", "EqualityExprNoBF_NoNode",
+  "BitwiseANDExpr_NoNode", "BitwiseANDExprNoIn_NoNode",
+  "BitwiseANDExprNoBF_NoNode", "BitwiseXORExpr_NoNode",
+  "BitwiseXORExprNoIn_NoNode", "BitwiseXORExprNoBF_NoNode",
+  "BitwiseORExpr_NoNode", "BitwiseORExprNoIn_NoNode",
+  "BitwiseORExprNoBF_NoNode", "LogicalANDExpr_NoNode",
+  "LogicalANDExprNoIn_NoNode", "LogicalANDExprNoBF_NoNode",
+  "LogicalORExpr_NoNode", "LogicalORExprNoIn_NoNode",
+  "LogicalORExprNoBF_NoNode", "ConditionalExpr_NoNode",
+  "ConditionalExprNoIn_NoNode", "ConditionalExprNoBF_NoNode",
+  "AssignmentExpr_NoNode", "AssignmentExprNoIn_NoNode",
+  "AssignmentExprNoBF_NoNode", "AssignmentOperator_NoNode", "Expr_NoNode",
+  "ExprNoIn_NoNode", "ExprNoBF_NoNode", "Statement_NoNode", "Block_NoNode",
+  "VariableStatement_NoNode", "VariableDeclarationList_NoNode",
+  "VariableDeclarationListNoIn_NoNode", "ConstStatement_NoNode",
+  "ConstDeclarationList_NoNode", "ConstDeclaration_NoNode",
+  "Initializer_NoNode", "InitializerNoIn_NoNode", "EmptyStatement_NoNode",
+  "ExprStatement_NoNode", "IfStatement_NoNode",
+  "IterationStatement_NoNode", "ExprOpt_NoNode", "ExprNoInOpt_NoNode",
+  "ContinueStatement_NoNode", "BreakStatement_NoNode",
+  "ReturnStatement_NoNode", "WithStatement_NoNode",
+  "SwitchStatement_NoNode", "CaseBlock_NoNode", "CaseClausesOpt_NoNode",
+  "CaseClauses_NoNode", "CaseClause_NoNode", "DefaultClause_NoNode",
+  "LabelledStatement_NoNode", "ThrowStatement_NoNode",
+  "TryStatement_NoNode", "DebuggerStatement_NoNode",
+  "FunctionDeclaration_NoNode", "FunctionExpr_NoNode",
+  "FormalParameterList_NoNode", "FunctionBody_NoNode",
+  "SourceElements_NoNode", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+   token YYLEX-NUM.  */
+static const yytype_uint16 yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+     295,   296,   297,   298,   299,   300,   301,   302,   303,   304,
+     305,   306,   307,   308,   309,   310,   311,   312,   313,   314,
+     315,   316,   317,   318,   319,   320,    47,    58,    40,    41,
+      44,    91,    93,    46,    43,    45,   126,    33,    42,    37,
+      60,    62,    38,    94,   124,    63,    61,    59
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const yytype_uint16 yyr1[] =
+{
+       0,    88,    89,    89,    89,    89,    89,    89,    89,    90,
+      90,    90,    90,    90,    91,    91,    92,    92,    92,    92,
+      93,    93,    93,    93,    93,    94,    94,    94,    95,    95,
+      96,    96,    97,    97,    98,    98,    98,    98,    98,    99,
+      99,    99,    99,   100,   100,   101,   101,   102,   102,   102,
+     102,   103,   103,   103,   103,   104,   104,   105,   105,   106,
+     106,   107,   107,   108,   108,   108,   109,   109,   109,   110,
+     110,   110,   110,   110,   110,   110,   110,   110,   110,   110,
+     111,   111,   112,   112,   113,   113,   113,   113,   114,   114,
+     114,   114,   115,   115,   115,   116,   116,   116,   117,   117,
+     117,   117,   118,   118,   118,   118,   119,   119,   119,   119,
+     119,   119,   119,   120,   120,   120,   120,   120,   120,   121,
+     121,   121,   121,   121,   121,   121,   122,   122,   122,   122,
+     122,   123,   123,   123,   123,   123,   124,   124,   124,   124,
+     124,   125,   125,   126,   126,   127,   127,   128,   128,   129,
+     129,   130,   130,   131,   131,   132,   132,   133,   133,   134,
+     134,   135,   135,   136,   136,   137,   137,   138,   138,   139,
+     139,   140,   140,   141,   141,   142,   142,   143,   143,   144,
+     144,   145,   145,   146,   146,   146,   146,   146,   146,   146,
+     146,   146,   146,   146,   146,   147,   147,   148,   148,   149,
+     149,   150,   150,   150,   150,   150,   150,   150,   150,   150,
+     150,   150,   150,   150,   150,   150,   150,   150,   151,   151,
+     152,   152,   153,   153,   153,   153,   154,   154,   154,   154,
+     155,   155,   156,   156,   157,   157,   158,   159,   160,   161,
+     161,   162,   162,   163,   163,   163,   163,   163,   163,   163,
+     163,   164,   164,   165,   165,   166,   166,   166,   166,   167,
+     167,   167,   167,   168,   168,   168,   168,   169,   170,   171,
+     171,   172,   172,   173,   173,   174,   174,   175,   175,   176,
+     177,   177,   178,   178,   178,   179,   179,   180,   180,   181,
+     181,   181,   181,   182,   182,   183,   183,   184,   184,   185,
+     185,   186,   186,   186,   186,   186,   186,   186,   187,   187,
+     187,   187,   187,   188,   188,   189,   189,   189,   189,   190,
+     190,   190,   190,   190,   191,   191,   191,   192,   192,   193,
+     193,   194,   194,   195,   195,   195,   195,   195,   196,   196,
+     196,   196,   197,   197,   198,   198,   199,   199,   199,   199,
+     200,   200,   200,   200,   201,   201,   202,   202,   203,   203,
+     204,   204,   205,   205,   205,   206,   206,   206,   207,   207,
+     207,   207,   207,   207,   207,   207,   207,   207,   207,   208,
+     208,   209,   209,   210,   210,   210,   210,   211,   211,   211,
+     211,   212,   212,   212,   213,   213,   213,   214,   214,   214,
+     214,   215,   215,   215,   215,   216,   216,   216,   216,   216,
+     216,   216,   217,   217,   217,   217,   217,   217,   218,   218,
+     218,   218,   218,   218,   218,   219,   219,   219,   219,   219,
+     220,   220,   220,   220,   220,   221,   221,   221,   221,   221,
+     222,   222,   223,   223,   224,   224,   225,   225,   226,   226,
+     227,   227,   228,   228,   229,   229,   230,   230,   231,   231,
+     232,   232,   233,   233,   234,   234,   235,   235,   236,   236,
+     237,   237,   238,   238,   239,   239,   240,   240,   241,   241,
+     242,   242,   243,   243,   243,   243,   243,   243,   243,   243,
+     243,   243,   243,   243,   244,   244,   245,   245,   246,   246,
+     247,   247,   247,   247,   247,   247,   247,   247,   247,   247,
+     247,   247,   247,   247,   247,   247,   247,   248,   248,   249,
+     249,   250,   250,   250,   250,   251,   251,   251,   251,   252,
+     252,   253,   253,   254,   254,   255,   256,   257,   258,   258,
+     259,   259,   260,   260,   260,   260,   260,   260,   260,   260,
+     261,   261,   262,   262,   263,   263,   263,   263,   264,   264,
+     264,   264,   265,   265,   265,   265,   266,   267,   268,   268,
+     269,   269,   270,   270,   271,   271,   272,   272,   273,   274,
+     274,   275,   275,   275,   276,   276,   277,   277,   278,   278,
+     278,   278,   279,   279,   280,   280,   281,   281
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+static const yytype_uint8 yyr2[] =
+{
+       0,     2,     1,     1,     1,     1,     1,     1,     1,     3,
+       3,     3,     7,     8,     1,     3,     1,     2,     3,     4,
+       1,     1,     1,     1,     3,     3,     3,     5,     2,     4,
+       0,     1,     1,     2,     1,     1,     4,     3,     3,     1,
+       4,     3,     3,     1,     2,     1,     2,     2,     2,     4,
+       3,     2,     2,     4,     3,     2,     3,     1,     3,     1,
+       1,     1,     1,     1,     2,     2,     1,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       1,     1,     1,     1,     1,     3,     3,     3,     1,     3,
+       3,     3,     1,     3,     3,     1,     3,     3,     1,     3,
+       3,     3,     1,     3,     3,     3,     1,     3,     3,     3,
+       3,     3,     3,     1,     3,     3,     3,     3,     3,     1,
+       3,     3,     3,     3,     3,     3,     1,     3,     3,     3,
+       3,     1,     3,     3,     3,     3,     1,     3,     3,     3,
+       3,     1,     3,     1,     3,     1,     3,     1,     3,     1,
+       3,     1,     3,     1,     3,     1,     3,     1,     3,     1,
+       3,     1,     3,     1,     3,     1,     3,     1,     3,     1,
+       3,     1,     5,     1,     5,     1,     5,     1,     3,     1,
+       3,     1,     3,     1,     1,     1,     1,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     3,     1,     3,     1,
+       3,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     1,     1,     2,     3,
+       3,     3,     1,     2,     3,     4,     1,     2,     3,     4,
+       3,     3,     1,     3,     1,     2,     2,     2,     1,     2,
+       2,     5,     7,     7,     7,     5,     9,    10,     7,     8,
+       9,     0,     1,     0,     1,     2,     2,     3,     3,     2,
+       2,     3,     3,     2,     2,     3,     3,     5,     5,     3,
+       5,     0,     1,     1,     2,     3,     4,     2,     3,     3,
+       3,     3,     4,     7,     9,     2,     2,     7,     8,     6,
+       7,     7,     8,     1,     3,     0,     1,     0,     1,     1,
+       2,     1,     1,     1,     1,     1,     1,     1,     3,     3,
+       3,     7,     8,     1,     3,     1,     2,     3,     4,     1,
+       1,     1,     1,     3,     3,     3,     5,     2,     4,     0,
+       1,     1,     2,     1,     1,     4,     3,     3,     1,     4,
+       3,     3,     1,     2,     1,     2,     2,     2,     4,     3,
+       2,     2,     4,     3,     2,     3,     1,     3,     1,     1,
+       1,     1,     1,     2,     2,     1,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     1,
+       1,     1,     1,     1,     3,     3,     3,     1,     3,     3,
+       3,     1,     3,     3,     1,     3,     3,     1,     3,     3,
+       3,     1,     3,     3,     3,     1,     3,     3,     3,     3,
+       3,     3,     1,     3,     3,     3,     3,     3,     1,     3,
+       3,     3,     3,     3,     3,     1,     3,     3,     3,     3,
+       1,     3,     3,     3,     3,     1,     3,     3,     3,     3,
+       1,     3,     1,     3,     1,     3,     1,     3,     1,     3,
+       1,     3,     1,     3,     1,     3,     1,     3,     1,     3,
+       1,     3,     1,     3,     1,     3,     1,     3,     1,     3,
+       1,     5,     1,     5,     1,     5,     1,     3,     1,     3,
+       1,     3,     1,     1,     1,     1,     1,     1,     1,     1,
+       1,     1,     1,     1,     1,     3,     1,     3,     1,     3,
+       1,     1,     1,     1,     1,     1,     1,     1,     1,     1,
+       1,     1,     1,     1,     1,     1,     1,     2,     3,     3,
+       3,     1,     2,     3,     4,     1,     2,     3,     4,     3,
+       3,     1,     3,     1,     2,     2,     2,     1,     2,     2,
+       5,     7,     7,     7,     5,     9,    10,     7,     8,     9,
+       0,     1,     0,     1,     2,     2,     3,     3,     2,     2,
+       3,     3,     2,     2,     3,     3,     5,     5,     3,     5,
+       0,     1,     1,     2,     3,     4,     2,     3,     3,     3,
+       3,     4,     7,     9,     2,     2,     7,     8,     6,     7,
+       7,     8,     1,     3,     0,     1,     1,     2
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
+   means the default is an error.  */
+static const yytype_uint16 yydefact[] =
+{
+     297,     2,     3,     4,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,    20,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     8,     0,     5,    23,
+       6,     0,     0,     7,     0,    30,     0,     0,     0,     0,
+     238,    21,    39,    22,    45,    61,    62,    66,    82,    83,
+      88,    95,   102,   119,   136,   145,   151,   157,   163,   169,
+     175,   181,   199,     0,   299,   201,   202,   203,   205,   206,
+     207,   208,   209,   210,   211,   212,   213,   214,   215,   216,
+     217,   204,     0,   298,   260,     0,   259,   253,     0,     0,
+       0,    23,    34,    16,    43,    46,    35,   222,     0,   234,
+       0,   232,   256,     0,   255,     0,   264,   263,    43,    59,
+      60,    63,    80,    81,    84,    92,    98,   106,   126,   141,
+     147,   153,   159,   165,   171,   177,   195,     0,    63,    70,
+      69,     0,     0,     0,    71,     0,     0,     0,     0,   286,
+     285,    72,    74,   218,     0,     0,    73,    75,     0,    32,
+       0,     0,    31,    76,    77,    78,    79,     0,     0,     0,
+      51,     0,     0,    52,    67,    68,   184,   185,   186,   187,
+     188,   189,   190,   191,   194,   192,   193,   183,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,   240,     0,   239,     1,   300,   262,   261,
+       0,    63,   113,   131,   143,   149,   155,   161,   167,   173,
+     179,   197,   254,     0,    43,    44,     0,     0,    17,     0,
+       0,     0,    14,     0,     0,     0,    42,     0,   223,   221,
+       0,   220,   235,   231,     0,   230,   258,   257,     0,    47,
+       0,     0,    48,    64,    65,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+     266,     0,   265,     0,     0,     0,     0,     0,   281,   280,
+       0,     0,   219,   279,    24,    30,    26,    25,    28,    33,
+      55,     0,    57,     0,    41,     0,    54,   182,    90,    89,
+      91,    96,    97,   103,   104,   105,   125,   124,   122,   123,
+     120,   121,   137,   138,   139,   140,   146,   152,   158,   164,
+     170,     0,   200,   226,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,   251,    38,     0,   293,     0,     0,     0,
+       0,     0,     0,    18,     0,     0,    37,   236,   224,   233,
+       0,     0,     0,    50,   178,    86,    85,    87,    93,    94,
+      99,   100,   101,   112,   111,   109,   110,   107,   108,   127,
+     128,   129,   130,   142,   148,   154,   160,   166,     0,   196,
+       0,     0,     0,     0,     0,     0,   282,     0,    56,     0,
+      40,    53,     0,     0,     0,   227,     0,   251,     0,    63,
+     180,   118,   116,   117,   114,   115,   132,   133,   134,   135,
+     144,   150,   156,   162,   168,     0,   198,   252,     0,     0,
+       0,   295,     0,     0,    11,     0,     9,    10,    19,    15,
+      36,   225,   295,     0,    49,     0,   241,     0,   245,   271,
+     268,   267,     0,    27,    29,    58,   176,     0,   237,     0,
+     228,     0,     0,     0,   251,   295,     0,   301,   302,   303,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,   319,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,   307,     0,   304,   322,   305,     0,     0,   306,
+       0,   329,     0,     0,     0,     0,   537,     0,   320,   338,
+     321,   344,   360,   361,   365,   381,   382,   387,   394,   401,
+     418,   435,   444,   450,   456,   462,   468,   474,   480,   498,
+       0,   596,   500,   501,   502,   504,   505,   506,   507,   508,
+     509,   510,   511,   512,   513,   514,   515,   516,   503,   296,
+     295,   294,     0,     0,     0,   295,   172,     0,     0,     0,
+       0,   272,   273,     0,     0,     0,   229,   251,   248,   174,
+       0,     0,   295,   559,     0,   558,   552,     0,     0,     0,
+     322,   333,   315,   342,   345,   334,   521,     0,   533,     0,
+     531,   555,     0,   554,     0,   563,   562,   342,   358,   359,
+     362,   379,   380,   383,   391,   397,   405,   425,   440,   446,
+     452,   458,   464,   470,   476,   494,     0,   362,   369,   368,
+       0,     0,     0,   370,     0,     0,     0,     0,   585,   584,
+     371,   373,   517,     0,     0,   372,   374,     0,   331,     0,
+       0,   330,   375,   376,   377,   378,   289,     0,     0,     0,
+     350,     0,     0,   351,   366,   367,   483,   484,   485,   486,
+     487,   488,   489,   490,   493,   491,   492,   482,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,   539,     0,   538,   597,     0,   295,     0,
+     287,     0,   242,   244,   243,     0,     0,   269,   271,   274,
+     283,   249,     0,     0,     0,   291,     0,   561,   560,     0,
+     362,   412,   430,   442,   448,   454,   460,   466,   472,   478,
+     496,   553,     0,   342,   343,     0,     0,   316,     0,     0,
+       0,   313,     0,     0,     0,   341,     0,   522,   520,     0,
+     519,   534,   530,     0,   529,   557,   556,     0,   346,     0,
+       0,   347,   363,   364,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,   565,
+       0,   564,     0,     0,     0,     0,     0,   580,   579,     0,
+       0,   518,   578,   323,   329,   325,   324,   327,   332,   354,
+       0,   356,     0,   340,     0,   353,   481,   389,   388,   390,
+     395,   396,   402,   403,   404,   424,   423,   421,   422,   419,
+     420,   436,   437,   438,   439,   445,   451,   457,   463,   469,
+       0,   499,   290,     0,   295,   288,   275,   277,     0,     0,
+     250,     0,   246,   292,   525,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,   550,   337,     0,   592,     0,     0,
+       0,     0,     0,     0,   317,     0,     0,   336,   535,   523,
+     532,     0,     0,     0,   349,   477,   385,   384,   386,   392,
+     393,   398,   399,   400,   411,   410,   408,   409,   406,   407,
+     426,   427,   428,   429,   441,   447,   453,   459,   465,     0,
+     495,     0,     0,     0,     0,     0,     0,   581,     0,   355,
+       0,   339,   352,     0,    12,     0,   276,   278,   270,   284,
+     247,     0,     0,   526,     0,   550,     0,   362,   479,   417,
+     415,   416,   413,   414,   431,   432,   433,   434,   443,   449,
+     455,   461,   467,     0,   497,   551,     0,     0,     0,   594,
+       0,     0,   310,     0,   308,   309,   318,   314,   335,   524,
+     594,     0,   348,     0,   540,     0,   544,   570,   567,   566,
+       0,   326,   328,   357,   475,    13,     0,   536,     0,   527,
+       0,     0,     0,   550,   594,     0,     0,   595,   594,   593,
+       0,     0,     0,   594,   471,     0,     0,     0,     0,   571,
+     572,     0,     0,     0,   528,   550,   547,   473,     0,     0,
+     594,   588,     0,   594,     0,   586,     0,   541,   543,   542,
+       0,     0,   568,   570,   573,   582,   548,     0,     0,     0,
+     590,     0,   589,     0,   594,   587,   574,   576,     0,     0,
+     549,     0,   545,   591,   311,     0,   575,   577,   569,   583,
+     546,   312
+};
+
+/* YYDEFGOTO[NTERM-NUM].  */
+static const yytype_int16 yydefgoto[] =
+{
+      -1,    41,   232,   233,    92,    93,    43,   150,   151,   152,
+     108,    44,   109,    45,   110,    46,   160,   301,   128,    47,
+     112,    48,   113,   114,    50,   115,    51,   116,    52,   117,
+      53,   118,   213,    54,   119,   214,    55,   120,   215,    56,
+     121,   216,    57,   122,   217,    58,   123,   218,    59,   124,
+     219,    60,   125,   220,    61,   126,   221,    62,   336,   437,
+     222,    63,    64,    65,    66,    98,   334,    67,   100,   101,
+     238,   415,    68,    69,    70,    71,   438,   223,    72,    73,
+      74,    75,    76,   460,   570,   571,   572,   718,    77,    78,
+      79,    80,    81,    96,   358,   517,    82,    83,   518,   751,
+     752,   591,   592,   520,   649,   650,   651,   607,   521,   608,
+     522,   609,   523,   660,   820,   627,   524,   611,   525,   612,
+     613,   527,   614,   528,   615,   529,   616,   530,   617,   732,
+     531,   618,   733,   532,   619,   734,   533,   620,   735,   534,
+     621,   736,   535,   622,   737,   536,   623,   738,   537,   624,
+     739,   538,   625,   740,   539,   867,   975,   741,   540,   541,
+     542,   543,   597,   865,   544,   599,   600,   757,   953,   545,
+     546,   547,   548,   976,   742,   549,   550,   551,   552,   553,
+     998,  1028,  1029,  1030,  1053,   554,   555,   556,   557,   558,
+     595,   889,  1016,   559
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
+#define YYPACT_NINF -941
+static const yytype_int16 yypact[] =
+{
+    1516,  -941,  -941,  -941,    44,    -2,   839,    26,   178,    73,
+     192,   954,  2114,  2114,   189,  -941,  1516,   207,  2114,   245,
+     275,  2114,   226,    47,  2114,  2114,  -941,  1200,  -941,   280,
+    -941,  2114,  2114,  -941,  2114,    20,  2114,  2114,  2114,  2114,
+    -941,  -941,  -941,  -941,   350,  -941,   361,  2201,  -941,  -941,
+    -941,     6,   -21,   437,   446,   264,   269,   315,   306,   364,
+       9,  -941,  -941,    69,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,   417,  1516,  -941,    88,  -941,  1670,   839,    25,
+     435,  -941,  -941,  -941,   390,  -941,  -941,   338,    96,   338,
+     151,  -941,  -941,    90,  -941,   365,  -941,  -941,   390,  -941,
+     394,  2224,  -941,  -941,  -941,   215,   255,   483,   509,   504,
+     374,   377,   380,   424,    14,  -941,  -941,   163,   445,  -941,
+    -941,  2114,   452,  2114,  -941,  2114,  2114,   164,   486,  -941,
+    -941,  -941,  -941,  -941,  1279,  1516,  -941,  -941,   495,  -941,
+     311,  1706,   400,  -941,  -941,  -941,  -941,  1781,  2114,   418,
+    -941,  2114,   432,  -941,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  2114,  2114,
+    2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  -941,  2114,  -941,  -941,  -941,  -941,  -941,
+     442,   737,   483,   355,   583,   428,   440,   453,   491,    17,
+    -941,  -941,   481,   469,   390,  -941,   505,   187,  -941,   513,
+      -5,   521,  -941,   177,  2114,   539,  -941,  2114,  -941,  -941,
+     545,  -941,  -941,  -941,   178,  -941,  -941,  -941,   236,  -941,
+    2114,   547,  -941,  -941,  -941,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,
+    -941,  2114,  -941,   499,   548,   559,   582,   617,  -941,  -941,
+     556,   226,  -941,  -941,  -941,    20,  -941,  -941,  -941,  -941,
+    -941,   628,  -941,   314,  -941,   329,  -941,  -941,  -941,  -941,
+    -941,   215,   215,   255,   255,   255,   483,   483,   483,   483,
+     483,   483,   509,   509,   509,   509,   504,   374,   377,   380,
+     424,   546,  -941,    29,   -11,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,  2114,
+    2114,  2114,  2114,  2114,  -941,   256,  -941,   567,   632,  2114,
+     563,  2114,  2114,  -941,   586,   358,  -941,  -941,   338,  -941,
+     574,   635,   436,  -941,  -941,  -941,  -941,  -941,   215,   215,
+     255,   255,   255,   483,   483,   483,   483,   483,   483,   509,
+     509,   509,   509,   504,   374,   377,   380,   424,   571,  -941,
+    1516,  2114,  1516,   584,  1516,   591,  -941,  1817,  -941,  2114,
+    -941,  -941,  2114,  2114,  2114,   656,   598,  2114,   648,  2224,
+    -941,   483,   483,   483,   483,   483,   355,   355,   355,   355,
+     583,   428,   440,   453,   491,   639,  -941,   614,   608,   649,
+     662,  1595,   651,   650,  -941,   283,  -941,  -941,  -941,  -941,
+    -941,  -941,  1595,   660,  -941,  2114,   681,   670,  -941,   716,
+    -941,  -941,   657,  -941,  -941,  -941,  -941,   680,  -941,  2114,
+     647,   654,  1516,  2114,  2114,  1595,   677,  -941,  -941,  -941,
+     141,   688,  1122,   707,   712,   179,   717,  1087,  2150,  2150,
+     728,  -941,  1595,   730,  2150,   732,   743,  2150,   754,    91,
+    2150,  2150,  -941,  1358,  -941,   755,  -941,  2150,  2150,  -941,
+    2150,   714,  2150,  2150,  2150,  2150,  -941,   756,  -941,  -941,
+    -941,   403,  -941,   434,  2240,  -941,  -941,  -941,   257,   581,
+     498,   619,   630,   747,   769,   753,   828,    23,  -941,  -941,
+     185,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  1595,
+    1595,  -941,   819,   685,   821,  1595,  -941,  1516,   171,  2114,
+     219,   716,  -941,   226,  1516,   692,  -941,  2114,  -941,  -941,
+     810,   822,  1595,  -941,   183,  -941,  1892,  1122,   305,   609,
+    -941,  -941,  -941,   441,  -941,  -941,   797,   195,   797,   203,
+    -941,  -941,   197,  -941,   816,  -941,  -941,   441,  -941,   447,
+    2263,  -941,  -941,  -941,   262,   698,   515,   640,   638,   812,
+     802,   811,   845,    28,  -941,  -941,   208,   739,  -941,  -941,
+    2150,   868,  2150,  -941,  2150,  2150,   216,   777,  -941,  -941,
+    -941,  -941,  -941,  1437,  1595,  -941,  -941,   740,  -941,   449,
+    1928,   827,  -941,  -941,  -941,  -941,  -941,  2003,  2150,   837,
+    -941,  2150,   841,  -941,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,  -941,  -941,  -941,  -941,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  -941,  2150,  -941,  -941,   844,  1595,   847,
+    -941,   848,  -941,  -941,  -941,     8,   842,  -941,   716,  -941,
+     880,  -941,  1516,   849,  1516,  -941,   859,  -941,  -941,   860,
+    2185,   515,   357,   655,   843,   838,   840,   884,   150,  -941,
+    -941,   857,   846,   441,  -941,   861,   299,  -941,   863,   181,
+     870,  -941,   284,  2150,   866,  -941,  2150,  -941,  -941,   873,
+    -941,  -941,  -941,   712,  -941,  -941,  -941,   301,  -941,  2150,
+     876,  -941,  -941,  -941,  2150,  2150,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  -941,
+    2150,  -941,   749,   871,   751,   757,   766,  -941,  -941,   872,
+     754,  -941,  -941,  -941,   714,  -941,  -941,  -941,  -941,  -941,
+     778,  -941,   464,  -941,   511,  -941,  -941,  -941,  -941,  -941,
+     262,   262,   698,   698,   698,   515,   515,   515,   515,   515,
+     515,   640,   640,   640,   640,   638,   812,   802,   811,   845,
+     878,  -941,  -941,   891,  1595,  -941,  1516,  1516,   894,   226,
+    -941,  1516,  -941,  -941,    39,    -7,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,  2150,
+    2150,  2150,  2150,  2150,  2150,  -941,   307,  -941,   897,   781,
+    2150,   892,  2150,  2150,  -941,   683,   522,  -941,  -941,   797,
+    -941,   902,   785,   525,  -941,  -941,  -941,  -941,  -941,   262,
+     262,   698,   698,   698,   515,   515,   515,   515,   515,   515,
+     640,   640,   640,   640,   638,   812,   802,   811,   845,   895,
+    -941,  1595,  2150,  1595,   904,  1595,   907,  -941,  2039,  -941,
+    2150,  -941,  -941,  2150,  -941,   906,  1516,  1516,  -941,  -941,
+    -941,  2150,  2150,   950,   912,  2150,   793,  2263,  -941,   515,
+     515,   515,   515,   515,   357,   357,   357,   357,   655,   843,
+     838,   840,   884,   908,  -941,   909,   889,   918,   796,  1595,
+     921,   919,  -941,   313,  -941,  -941,  -941,  -941,  -941,  -941,
+    1595,   923,  -941,  2150,   949,   798,  -941,   977,  -941,  -941,
+     916,  -941,  -941,  -941,  -941,  -941,   803,  -941,  2150,   900,
+     901,  1595,  2150,  2150,  1595,   928,   935,  1595,  1595,  -941,
+     937,   805,   939,  1595,  -941,  1595,   217,  2150,   237,   977,
+    -941,   754,  1595,   807,  -941,  2150,  -941,  -941,   931,   941,
+    1595,  -941,   942,  1595,   944,  -941,   946,  -941,  -941,  -941,
+      37,   940,  -941,   977,  -941,   973,  -941,  1595,   943,  1595,
+    -941,   948,  -941,   951,  1595,  -941,  1595,  1595,   961,   754,
+    -941,  1595,  -941,  -941,  -941,   963,  1595,  1595,  -941,  -941,
+    -941,  -941
+};
+
+/* YYPGOTO[NTERM-NUM].  */
+static const yytype_int16 yypgoto[] =
+{
+    -941,  -941,   645,  -941,  -941,     0,  -941,  -941,   715,  -941,
+      22,  -941,   186,  -941,  -941,  -941,   -29,  -941,   479,  -941,
+    -941,  -941,     3,   169,  -941,   105,  -941,   230,  -941,   725,
+    -941,   138,   423,  -941,  -174,   668,  -941,    31,   679,  -941,
+      40,   676,  -941,    42,   678,  -941,    68,   682,  -941,  -941,
+    -941,  -941,  -941,  -941,  -941,   -35,  -305,  -941,   172,    18,
+    -941,  -941,   -15,   -20,  -941,  -941,  -941,  -941,  -941,   791,
+     -91,   566,  -941,  -941,  -941,  -941,  -407,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,   319,  -941,   471,  -941,  -941,  -941,
+    -941,  -941,  -941,  -941,  -235,  -441,  -941,   -23,  -941,   148,
+    -941,  -941,  -432,  -941,  -941,   231,  -941,  -450,  -941,  -449,
+    -941,  -941,  -941,  -511,  -941,   167,  -941,  -941,  -941,  -329,
+     263,  -941,  -661,  -941,  -460,  -941,  -428,  -941,  -480,   -70,
+    -941,  -679,   170,  -941,  -673,   166,  -941,  -663,   173,  -941,
+    -660,   174,  -941,  -657,   165,  -941,  -941,  -941,  -941,  -941,
+    -941,  -941,  -601,  -841,  -941,  -302,  -473,  -941,  -941,  -454,
+    -493,  -941,  -941,  -941,  -941,  -941,   290,  -592,    46,  -941,
+    -941,  -941,  -941,  -940,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,     5,  -941,    49,  -941,  -941,  -941,  -941,  -941,  -941,
+    -941,  -760,  -652,  -468
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule which
+   number is the opposite.  If zero, do what YYDEFACT says.
+   If YYTABLE_NINF, syntax error.  */
+#define YYTABLE_NINF -1
+static const yytype_uint16 yytable[] =
+{
+      42,   132,   138,    49,   144,   637,   761,   902,   242,   519,
+     471,   564,   663,   371,   626,  1010,    42,   163,   845,    49,
+     519,   830,   831,   326,   636,   846,   958,    42,    94,   127,
+      49,   420,   593,   594,   581,   643,   847,   647,   631,   137,
+     848,   973,   974,   519,   849,    84,   435,   436,   139,   817,
+     201,   413,   148,   182,   183,   278,   821,   360,   350,   416,
+     519,   951,   361,   954,   701,   236,    87,   580,   207,   797,
+     203,   519,   179,  1038,   102,   856,   417,   826,   281,   249,
+     955,   252,   755,    42,   180,   181,    49,   226,    97,   208,
+     149,   246,   638,   227,   202,  1058,   768,   239,   771,   279,
+     393,   850,   351,   851,  1066,   706,    85,   800,   702,   468,
+     224,  1007,   526,   798,   924,   414,   298,   909,   910,   707,
+     440,   925,   302,   526,   711,   952,   978,   519,   519,   207,
+     293,    86,   926,   519,   140,   103,   927,   743,   744,   204,
+     928,   726,   583,   307,    42,    42,   526,    49,    49,   283,
+     519,   285,   243,   286,   287,   898,   205,   802,   731,   804,
+     104,   805,   806,   526,   280,   288,   240,   331,   579,   332,
+     723,  1037,   713,   905,   526,   209,   303,   247,   639,   305,
+     601,   129,   130,   241,   727,   822,   703,   134,   824,   706,
+     812,   881,    95,   141,   142,   354,   758,   929,   765,   930,
+     146,   147,   367,   584,   762,   153,   154,   155,   156,   799,
+     563,   519,   519,   841,   842,   843,   844,   807,  1048,   178,
+     374,   244,   678,  1021,   832,   833,   834,   716,   585,   327,
+     526,   526,   885,   281,   281,   882,   526,   363,   245,   328,
+      99,   602,   329,   891,   398,  1051,   399,   364,   892,   356,
+     282,   289,   365,   526,   105,   704,   357,   131,   714,   835,
+     836,   837,   838,   839,   840,   759,   603,   853,   372,   330,
+     728,   406,   705,   763,   225,   133,   519,   451,   800,   717,
+     896,   256,   760,   255,   766,    27,   800,   311,   312,   982,
+     764,   984,   985,   257,   258,   801,   903,  1052,   356,   193,
+     194,   195,   196,   808,  1049,   370,   394,   989,   774,   920,
+     921,   922,   923,   135,   526,   526,   395,   937,   356,   396,
+     911,   912,   913,   679,   444,   439,   446,   447,   775,   259,
+     260,   322,   323,   324,   325,   680,   681,  1002,  1022,  1003,
+     776,   777,  1004,   136,   894,   356,   397,   145,   308,   309,
+     310,   197,   562,   418,   895,   914,   915,   916,   917,   918,
+     919,   887,  1039,   887,   378,   379,  1042,   745,   888,   887,
+     901,  1046,   464,   746,   465,   887,   977,   466,   337,   526,
+     868,   295,  1020,   296,   281,   456,   410,   458,  1061,   461,
+     199,  1063,  1024,   956,   338,   339,   869,   870,   198,   281,
+      42,   411,    42,    49,    42,    49,   200,    49,   389,   390,
+     391,   392,  1075,   945,   313,   314,   315,   206,   157,   457,
+     566,   158,   519,   159,   237,   375,   376,   377,   281,   157,
+     450,   467,   161,   248,   162,   340,   341,   871,   872,   731,
+     959,   960,   961,   962,   963,   731,   731,   731,   731,   731,
+     731,   731,   731,   731,   731,   731,   274,   578,   157,   995,
+     275,   234,   157,   235,   276,   250,   277,   251,   187,   188,
+     299,   657,    42,   284,   658,    49,   659,   994,  1006,   996,
+     304,   999,   184,   185,   186,   189,   190,   575,   253,   254,
+     111,   380,   381,   382,   306,   228,   229,   230,   231,   519,
+     111,   519,   657,   519,   333,   661,   281,   662,   454,   657,
+     346,  1017,   753,   111,   754,   657,   290,   291,   769,   814,
+     770,   815,  1017,   347,   731,   526,   191,   192,   261,   262,
+     263,   264,   265,   349,   800,  1033,   941,   348,  1055,   270,
+     271,   272,   273,   684,   685,   686,  1017,   519,   266,   267,
+    1017,   352,   712,   720,  1050,  1017,   353,  1036,   519,   721,
+     780,   781,   782,   706,   294,   281,   211,    42,   400,   281,
+      49,  1047,  1017,   355,    42,  1017,  1079,    49,  1056,   519,
+     359,   800,   519,   942,   731,   519,   519,   715,   362,   268,
+     269,   519,   800,   519,   988,   800,  1017,   992,  1076,  1077,
+     519,   366,   526,  1070,   526,  1072,   526,   368,   519,   373,
+     111,   519,   111,   412,   111,   111,   401,  1080,   342,   343,
+     344,   345,   706,   706,   405,   519,   441,   519,   402,   281,
+     111,   445,   519,   452,   519,   519,   111,   111,   455,   519,
+     111,   687,   688,   459,   519,   519,   448,   229,   230,   231,
+     526,   403,   281,   462,   610,   682,   683,   111,   689,   690,
+     470,   526,   783,   784,   610,   693,   694,   695,   696,   747,
+     748,   749,   750,   789,   790,   791,   792,   610,   469,   785,
+     786,   111,   526,   111,   281,   526,   404,   281,   526,   526,
+     873,   874,   875,   876,   526,   474,   526,   408,   409,   691,
+     692,   442,   443,   526,   453,   443,   473,   860,   475,   862,
+     560,   526,   561,   111,   526,   567,   111,   472,   281,   565,
+     787,   788,    42,   569,    42,    49,   573,    49,   526,   111,
+     526,   476,   443,   414,   111,   526,   582,   526,   526,   568,
+     281,   577,   526,   986,   748,   749,   750,   526,   526,   574,
+     281,   628,   629,   730,   709,   443,   586,   633,   111,   335,
+     111,   722,   281,   640,   641,   426,   427,   428,   429,   596,
+     645,   646,   778,   779,   598,   652,   653,   654,   655,   604,
+     253,   254,   772,   773,   648,   166,   167,   168,   169,   170,
+     171,   172,   173,   174,   175,   176,   630,   610,   632,   610,
+     634,   610,   610,   964,   965,   966,   967,   809,   810,   813,
+     800,   635,   212,   503,   111,   419,   656,   610,   931,   800,
+     933,   800,   644,   177,   610,   610,   934,   800,   610,   697,
+     419,   419,   111,   946,   947,   935,   800,   699,   111,   949,
+     111,   111,     1,     2,     3,   610,   950,   939,   940,    88,
+     980,   981,   698,    89,   991,   981,    42,    42,    15,    49,
+      49,    42,  1011,   800,    49,  1015,   981,  1026,   800,   610,
+     700,   610,  1032,   800,  1044,   981,  1057,   800,   708,   724,
+     111,   710,   725,   756,   767,   794,   111,   796,   111,   803,
+      26,   111,   111,   419,   793,   795,   111,   818,    90,   823,
+      28,    91,    30,   825,   852,    33,   854,    34,   855,   857,
+      35,   859,   316,   317,   318,   319,   320,   321,   861,   863,
+     610,   878,   864,   610,   879,   877,   880,   883,   897,   886,
+     890,   207,   207,   884,   111,   899,   610,   893,   904,   932,
+     936,   610,   827,   828,   829,   943,    42,    42,   111,    49,
+      49,   944,   419,   111,   948,   106,   979,     1,     2,     3,
+     983,   990,   993,   997,    88,   610,  1005,   610,    89,  1000,
+      12,    13,  1008,    15,  1009,  1012,  1013,  1014,    18,   800,
+    1018,  1019,  1023,  1025,  1027,  1031,   952,  1040,  1035,   383,
+     384,   385,   386,   387,   388,  1041,  1043,    24,    25,  1045,
+    1059,  1060,  1062,  1064,  1069,    26,  1065,  1067,  1073,   449,
+     407,  1074,  1071,    90,   430,    28,    91,    30,    31,    32,
+      33,  1078,    34,  1081,   432,    35,   431,   433,    36,    37,
+      38,    39,   434,   610,   957,   369,   576,   858,   906,   907,
+     908,   107,   719,   987,   969,   938,   972,   968,   111,   957,
+     957,   610,   970,   900,   971,  1034,   111,   610,  1068,   610,
+     610,   212,   421,   422,   423,   424,   425,   212,   212,   212,
+     212,   212,   212,   212,   212,   212,   212,   212,  1054,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,   605,     0,
+     477,   478,   479,     0,     0,     0,     0,   587,     0,   610,
+       0,   588,     0,   488,   489,   610,   491,   610,     0,     0,
+     610,   494,     0,     0,     0,     0,     0,     0,   610,   957,
+       0,     0,   610,     0,     0,   477,   478,   479,     0,     0,
+     500,   501,   587,     0,     0,     0,   588,     0,   502,   212,
+       0,   491,     0,     0,     0,     0,   589,     0,   504,   590,
+     506,   507,   508,   509,     0,   510,     0,     0,   511,     0,
+     610,   512,   513,   514,   515,     0,     0,     0,     0,     0,
+       0,     0,     0,   502,   606,   610,     0,     0,     0,   957,
+     610,   589,     0,   504,   590,   506,     0,     0,   509,     0,
+     510,     0,     0,   511,   610,     0,     0,     0,   212,     0,
+       0,     0,   610,     1,     2,     3,     4,     0,     0,     5,
+       6,     7,     8,     9,    10,    11,    12,    13,    14,    15,
+      16,    17,     0,     0,    18,    19,    20,     0,    21,    22,
+       0,     0,    23,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,    24,    25,     0,     0,     0,     0,     0,
+       0,    26,     0,     0,     0,     0,     0,     0,     0,    27,
+     143,    28,    29,    30,    31,    32,    33,     0,    34,     0,
+       0,    35,     0,     0,    36,    37,    38,    39,     0,     0,
+       0,     0,     1,     2,     3,     4,     0,    40,     5,     6,
+       7,     8,     9,    10,    11,    12,    13,    14,    15,    16,
+      17,     0,     0,    18,    19,    20,     0,    21,    22,     0,
+       0,    23,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,    24,    25,     0,     0,     0,     0,     0,     0,
+      26,     0,     0,     0,     0,     0,     0,     0,    27,   292,
+      28,    29,    30,    31,    32,    33,     0,    34,     0,     0,
+      35,     0,     0,    36,    37,    38,    39,     0,     0,     0,
+       0,   477,   478,   479,   480,     0,    40,   481,   482,   483,
+     484,   485,   486,   487,   488,   489,   490,   491,   492,   493,
+       0,     0,   494,   495,   496,     0,   497,   498,     0,     0,
+     499,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,   500,   501,     0,     0,     0,     0,     0,     0,   502,
+       0,     0,     0,     0,     0,     0,     0,   503,   642,   504,
+     505,   506,   507,   508,   509,     0,   510,     0,     0,   511,
+       0,     0,   512,   513,   514,   515,     0,     0,     0,     0,
+     477,   478,   479,   480,     0,   516,   481,   482,   483,   484,
+     485,   486,   487,   488,   489,   490,   491,   492,   493,     0,
+       0,   494,   495,   496,     0,   497,   498,     0,     0,   499,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+     500,   501,     0,     0,     0,     0,     0,     0,   502,     0,
+       0,     0,     0,     0,     0,     0,   503,   811,   504,   505,
+     506,   507,   508,   509,     0,   510,     0,     0,   511,     0,
+       0,   512,   513,   514,   515,     0,     0,     0,     0,     1,
+       2,     3,     4,     0,   516,     5,     6,     7,     8,     9,
+      10,    11,    12,    13,    14,    15,    16,    17,     0,     0,
+      18,    19,    20,     0,    21,    22,     0,     0,    23,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,    24,
+      25,     0,     0,     0,     0,     0,     0,    26,     0,     0,
+       0,     0,     0,     0,     0,    27,     0,    28,    29,    30,
+      31,    32,    33,     0,    34,     0,     0,    35,     0,     0,
+      36,    37,    38,    39,     0,     0,     0,     0,   477,   478,
+     479,   480,     0,    40,   481,   482,   483,   484,   485,   486,
+     487,   488,   489,   490,   491,   492,   493,     0,     0,   494,
+     495,   496,     0,   497,   498,     0,     0,   499,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,   500,   501,
+       0,     0,     0,     0,     0,     0,   502,     0,     0,     0,
+       0,     0,     0,     0,   503,     0,   504,   505,   506,   507,
+     508,   509,     0,   510,     0,     0,   511,     0,     0,   512,
+     513,   514,   515,     1,     2,     3,     0,     0,     0,     0,
+      88,   210,   516,     0,    89,     0,    12,    13,     0,    15,
+       0,     0,     0,     0,    18,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     1,
+       2,     3,     0,    24,    25,     0,    88,     0,     0,     0,
+      89,    26,    12,    13,     0,    15,     0,     0,     0,    90,
+      18,    28,    91,    30,    31,    32,    33,     0,    34,     0,
+       0,    35,     0,     0,    36,    37,    38,    39,     0,    24,
+      25,     0,     0,     0,     0,     0,     0,    26,     0,     0,
+       0,     0,     0,     0,     0,    90,     0,    28,    91,    30,
+      31,    32,    33,     0,    34,     0,     0,    35,   297,     0,
+      36,    37,    38,    39,     1,     2,     3,     0,     0,     0,
+       0,    88,     0,     0,     0,    89,     0,    12,    13,     0,
+      15,     0,     0,     0,     0,    18,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       1,     2,     3,     0,    24,    25,     0,    88,     0,     0,
+       0,    89,    26,    12,    13,     0,    15,     0,     0,     0,
+      90,    18,    28,    91,    30,    31,    32,    33,     0,    34,
+     300,     0,    35,     0,     0,    36,    37,    38,    39,     0,
+      24,    25,     0,     0,     0,     0,     0,     0,    26,     0,
+       0,     0,     0,     0,     0,     0,    90,     0,    28,    91,
+      30,    31,    32,    33,     0,    34,     0,     0,    35,   463,
+       0,    36,    37,    38,    39,   477,   478,   479,     0,     0,
+       0,     0,   587,   729,     0,     0,   588,     0,   488,   489,
+       0,   491,     0,     0,     0,     0,   494,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,   477,   478,   479,     0,   500,   501,     0,   587,     0,
+       0,     0,   588,   502,   488,   489,     0,   491,     0,     0,
+       0,   589,   494,   504,   590,   506,   507,   508,   509,     0,
+     510,     0,     0,   511,     0,     0,   512,   513,   514,   515,
+       0,   500,   501,     0,     0,     0,     0,     0,     0,   502,
+       0,     0,     0,     0,     0,     0,     0,   589,     0,   504,
+     590,   506,   507,   508,   509,     0,   510,     0,     0,   511,
+     816,     0,   512,   513,   514,   515,   477,   478,   479,     0,
+       0,     0,     0,   587,     0,     0,     0,   588,     0,   488,
+     489,     0,   491,     0,     0,     0,     0,   494,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,   477,   478,   479,     0,   500,   501,     0,   587,
+       0,     0,     0,   588,   502,   488,   489,     0,   491,     0,
+       0,     0,   589,   494,   504,   590,   506,   507,   508,   509,
+       0,   510,   819,     0,   511,     0,     0,   512,   513,   514,
+     515,     0,   500,   501,     0,     0,     0,     0,     0,     0,
+     502,     0,     0,     0,     0,     0,     0,     0,   589,     0,
+     504,   590,   506,   507,   508,   509,     0,   510,     0,     0,
+     511,  1001,     0,   512,   513,   514,   515,     1,     2,     3,
+       0,     0,     0,     0,    88,     0,     0,     0,    89,     0,
+      12,    13,     0,    15,     0,     0,     0,     0,    18,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,   477,   478,   479,     0,    24,    25,     0,
+     587,     0,     0,     0,   588,    26,   488,   489,     0,   491,
+       0,     0,     0,    90,   494,    28,    91,    30,    31,    32,
+      33,     0,    34,     0,     0,    35,     0,     0,    36,    37,
+      38,    39,     0,   500,   501,     0,     0,     0,     0,     0,
+       0,   502,     0,     0,     0,     0,     0,   866,     0,   589,
+       0,   504,   590,   506,   507,   508,   509,     0,   510,     0,
+       0,   511,     0,     0,   512,   513,   514,   515,   772,   773,
+       0,     0,     0,   666,   667,   668,   669,   670,   671,   672,
+     673,   674,   675,   676,   164,   165,     0,     0,     0,   166,
+     167,   168,   169,   170,   171,   172,   173,   174,   175,   176,
+       0,     0,     0,     0,     0,     0,     0,   253,   254,     0,
+       0,   677,   166,   167,   168,   169,   170,   171,   172,   173,
+     174,   175,   176,   664,   665,     0,     0,   177,   666,   667,
+     668,   669,   670,   671,   672,   673,   674,   675,   676,     0,
+       0,     0,     0,     0,     0,     0,   772,   773,     0,     0,
+     177,   666,   667,   668,   669,   670,   671,   672,   673,   674,
+     675,   676,     0,     0,     0,     0,   677,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,     0,   677
+};
+
+static const yytype_int16 yycheck[] =
+{
+       0,    16,    22,     0,    27,   498,   598,   767,    99,   441,
+     417,   452,   523,   248,   487,   955,    16,    46,   697,    16,
+     452,   682,   683,   197,   497,   698,   867,    27,     6,    11,
+      27,   336,   482,   482,   475,   503,   699,   510,   492,    21,
+     700,   882,   883,   475,   701,     1,   351,   352,     1,   650,
+      41,    22,    34,    74,    75,    41,   657,    62,    41,    70,
+     492,    22,    67,    70,    41,    94,    68,   474,    83,    41,
+       1,   503,    66,  1013,     1,    67,    87,   678,    70,   108,
+      87,   110,   593,    83,    78,    79,    83,    62,    62,     1,
+      70,     1,     1,    68,    85,  1035,   607,     1,   609,    85,
+     274,   702,    85,   704,    67,   559,    62,    70,    85,   414,
+      88,   952,   441,    85,   793,    86,   151,   778,   779,   560,
+     355,   794,   157,   452,   565,    86,   886,   559,   560,   144,
+     145,    87,   795,   565,    87,    62,   796,   587,   587,    70,
+     797,   582,     1,   178,   144,   145,   475,   144,   145,   131,
+     582,   133,     1,   135,   136,   756,    87,   630,   586,   632,
+      87,   634,   635,   492,     1,     1,    70,   202,   473,   204,
+     577,  1012,     1,   774,   503,    87,   158,    87,    87,   161,
+       1,    12,    13,    87,     1,   658,     1,    18,   661,   643,
+     644,    41,     6,    24,    25,   224,     1,   798,     1,   800,
+      31,    32,   237,    62,     1,    36,    37,    38,    39,     1,
+     445,   643,   644,   693,   694,   695,   696,     1,     1,    47,
+     255,    70,   524,   983,   684,   685,   686,     8,    87,   198,
+     559,   560,   743,    70,    70,    85,   565,    60,    87,   199,
+      62,    62,   200,    62,   279,     8,   281,    70,    67,    62,
+      87,    87,   234,   582,    62,    70,    69,    68,    87,   687,
+     688,   689,   690,   691,   692,    70,    87,   708,   250,   201,
+      87,   291,    87,    70,    88,    68,   708,   368,    70,    60,
+     753,    66,    87,   111,    87,    59,    70,   182,   183,   890,
+      87,   892,   893,    78,    79,    87,   769,    60,    62,    35,
+      36,    37,    38,    87,    87,    69,   275,   899,   610,   789,
+     790,   791,   792,    68,   643,   644,   276,   810,    62,   277,
+     780,   781,   782,    66,   359,    69,   361,   362,    66,    74,
+      75,   193,   194,   195,   196,    78,    79,   938,   990,   940,
+      78,    79,   943,    68,    60,    62,   278,    67,   179,   180,
+     181,    82,    69,   335,    70,   783,   784,   785,   786,   787,
+     788,    62,  1014,    62,   259,   260,  1018,    62,    69,    62,
+      69,  1023,   407,    68,   409,    62,    69,   412,    23,   708,
+      23,    70,    69,    72,    70,   400,    72,   402,  1040,   404,
+      84,  1043,   993,   866,    39,    40,    39,    40,    83,    70,
+     400,    72,   402,   400,   404,   402,    42,   404,   270,   271,
+     272,   273,  1064,   854,   184,   185,   186,     0,    68,   401,
+     455,    71,   854,    73,    86,   256,   257,   258,    70,    68,
+      72,   413,    71,    68,    73,    80,    81,    80,    81,   867,
+     868,   869,   870,   871,   872,   873,   874,   875,   876,   877,
+     878,   879,   880,   881,   882,   883,    82,   472,    68,   932,
+      83,    71,    68,    73,    84,    71,    42,    73,    22,    23,
+      70,    68,   472,    21,    71,   472,    73,   931,   951,   933,
+      62,   935,    45,    46,    47,    39,    40,   469,    43,    44,
+      11,   261,   262,   263,    62,    60,    61,    62,    63,   931,
+      21,   933,    68,   935,    62,    71,    70,    73,    72,    68,
+      82,   979,    71,    34,    73,    68,    30,    31,    71,    70,
+      73,    72,   990,    83,   952,   854,    80,    81,    45,    46,
+      47,    22,    23,    42,    70,  1008,    72,    84,  1031,    35,
+      36,    37,    38,    45,    46,    47,  1014,   979,    39,    40,
+    1018,    70,   567,   573,  1027,  1023,    87,  1011,   990,   574,
+      45,    46,    47,  1017,    69,    70,    87,   567,    69,    70,
+     567,  1025,  1040,    68,   574,  1043,  1069,   574,  1032,  1011,
+      67,    70,  1014,    72,  1012,  1017,  1018,   569,    67,    80,
+      81,  1023,    70,  1025,    72,    70,  1064,    72,  1066,  1067,
+    1032,    62,   931,  1057,   933,  1059,   935,    62,  1040,    62,
+     131,  1043,   133,    67,   135,   136,    68,  1071,    35,    36,
+      37,    38,  1076,  1077,    68,  1057,    59,  1059,    69,    70,
+     151,    68,  1064,    59,  1066,  1067,   157,   158,    67,  1071,
+     161,    22,    23,    59,  1076,  1077,    60,    61,    62,    63,
+     979,    69,    70,    62,   487,    74,    75,   178,    39,    40,
+      62,   990,    22,    23,   497,    35,    36,    37,    38,    60,
+      61,    62,    63,    35,    36,    37,    38,   510,    22,    39,
+      40,   202,  1011,   204,    70,  1014,    69,    70,  1017,  1018,
+      35,    36,    37,    38,  1023,    87,  1025,    69,    70,    80,
+      81,    69,    70,  1032,    69,    70,    67,   722,    59,   724,
+      59,  1040,    62,   234,  1043,    34,   237,    69,    70,    59,
+      80,    81,   722,     7,   724,   722,    69,   724,  1057,   250,
+    1059,    69,    70,    86,   255,  1064,    59,  1066,  1067,    69,
+      70,    87,  1071,    60,    61,    62,    63,  1076,  1077,    69,
+      70,   488,   489,   586,    69,    70,    68,   494,   279,    22,
+     281,    69,    70,   500,   501,   342,   343,   344,   345,    62,
+     507,   508,    74,    75,    62,   512,   513,   514,   515,    62,
+      43,    44,    43,    44,    70,    48,    49,    50,    51,    52,
+      53,    54,    55,    56,    57,    58,    68,   630,    68,   632,
+      68,   634,   635,   873,   874,   875,   876,    30,    31,    69,
+      70,    68,    87,    59,   335,   336,    60,   650,    69,    70,
+      69,    70,    67,    86,   657,   658,    69,    70,   661,    82,
+     351,   352,   353,   856,   857,    69,    70,    84,   359,   859,
+     361,   362,     3,     4,     5,   678,   861,    69,    70,    10,
+      69,    70,    83,    14,    69,    70,   856,   857,    19,   856,
+     857,   861,    69,    70,   861,    69,    70,    69,    70,   702,
+      42,   704,    69,    70,    69,    70,    69,    70,    59,    69,
+     401,    60,    60,    86,    68,    83,   407,    42,   409,    21,
+      51,   412,   413,   414,    82,    84,   417,    70,    59,    62,
+      61,    62,    63,    62,    60,    66,    59,    68,    60,    67,
+      71,    31,   187,   188,   189,   190,   191,   192,    69,    60,
+     753,    83,    62,   756,    84,    82,    42,    70,    62,    68,
+      67,   946,   947,    87,   455,    62,   769,    67,    62,    68,
+      68,   774,   679,   680,   681,    67,   946,   947,   469,   946,
+     947,    60,   473,   474,    60,     1,    59,     3,     4,     5,
+      68,    59,    67,    59,    10,   798,    60,   800,    14,    62,
+      16,    17,    22,    19,    62,    67,    87,    59,    24,    70,
+      59,    62,    59,    34,     7,    69,    86,    59,    87,   264,
+     265,   266,   267,   268,   269,    60,    59,    43,    44,    60,
+      69,    60,    60,    59,    31,    51,    60,    67,    60,   364,
+     295,    60,    69,    59,   346,    61,    62,    63,    64,    65,
+      66,    60,    68,    60,   348,    71,   347,   349,    74,    75,
+      76,    77,   350,   866,   867,   244,   470,   718,   775,   776,
+     777,    87,   571,   895,   878,   814,   881,   877,   569,   882,
+     883,   884,   879,   763,   880,  1009,   577,   890,  1053,   892,
+     893,   336,   337,   338,   339,   340,   341,   342,   343,   344,
+     345,   346,   347,   348,   349,   350,   351,   352,  1029,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,     1,    -1,
+       3,     4,     5,    -1,    -1,    -1,    -1,    10,    -1,   932,
+      -1,    14,    -1,    16,    17,   938,    19,   940,    -1,    -1,
+     943,    24,    -1,    -1,    -1,    -1,    -1,    -1,   951,   952,
+      -1,    -1,   955,    -1,    -1,     3,     4,     5,    -1,    -1,
+      43,    44,    10,    -1,    -1,    -1,    14,    -1,    51,   414,
+      -1,    19,    -1,    -1,    -1,    -1,    59,    -1,    61,    62,
+      63,    64,    65,    66,    -1,    68,    -1,    -1,    71,    -1,
+     993,    74,    75,    76,    77,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,    51,    87,  1008,    -1,    -1,    -1,  1012,
+    1013,    59,    -1,    61,    62,    63,    -1,    -1,    66,    -1,
+      68,    -1,    -1,    71,  1027,    -1,    -1,    -1,   473,    -1,
+      -1,    -1,  1035,     3,     4,     5,     6,    -1,    -1,     9,
+      10,    11,    12,    13,    14,    15,    16,    17,    18,    19,
+      20,    21,    -1,    -1,    24,    25,    26,    -1,    28,    29,
+      -1,    -1,    32,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,    43,    44,    -1,    -1,    -1,    -1,    -1,
+      -1,    51,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    59,
+      60,    61,    62,    63,    64,    65,    66,    -1,    68,    -1,
+      -1,    71,    -1,    -1,    74,    75,    76,    77,    -1,    -1,
+      -1,    -1,     3,     4,     5,     6,    -1,    87,     9,    10,
+      11,    12,    13,    14,    15,    16,    17,    18,    19,    20,
+      21,    -1,    -1,    24,    25,    26,    -1,    28,    29,    -1,
+      -1,    32,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    43,    44,    -1,    -1,    -1,    -1,    -1,    -1,
+      51,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    59,    60,
+      61,    62,    63,    64,    65,    66,    -1,    68,    -1,    -1,
+      71,    -1,    -1,    74,    75,    76,    77,    -1,    -1,    -1,
+      -1,     3,     4,     5,     6,    -1,    87,     9,    10,    11,
+      12,    13,    14,    15,    16,    17,    18,    19,    20,    21,
+      -1,    -1,    24,    25,    26,    -1,    28,    29,    -1,    -1,
+      32,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    43,    44,    -1,    -1,    -1,    -1,    -1,    -1,    51,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    59,    60,    61,
+      62,    63,    64,    65,    66,    -1,    68,    -1,    -1,    71,
+      -1,    -1,    74,    75,    76,    77,    -1,    -1,    -1,    -1,
+       3,     4,     5,     6,    -1,    87,     9,    10,    11,    12,
+      13,    14,    15,    16,    17,    18,    19,    20,    21,    -1,
+      -1,    24,    25,    26,    -1,    28,    29,    -1,    -1,    32,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      43,    44,    -1,    -1,    -1,    -1,    -1,    -1,    51,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    59,    60,    61,    62,
+      63,    64,    65,    66,    -1,    68,    -1,    -1,    71,    -1,
+      -1,    74,    75,    76,    77,    -1,    -1,    -1,    -1,     3,
+       4,     5,     6,    -1,    87,     9,    10,    11,    12,    13,
+      14,    15,    16,    17,    18,    19,    20,    21,    -1,    -1,
+      24,    25,    26,    -1,    28,    29,    -1,    -1,    32,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    43,
+      44,    -1,    -1,    -1,    -1,    -1,    -1,    51,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    59,    -1,    61,    62,    63,
+      64,    65,    66,    -1,    68,    -1,    -1,    71,    -1,    -1,
+      74,    75,    76,    77,    -1,    -1,    -1,    -1,     3,     4,
+       5,     6,    -1,    87,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    -1,    -1,    24,
+      25,    26,    -1,    28,    29,    -1,    -1,    32,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    43,    44,
+      -1,    -1,    -1,    -1,    -1,    -1,    51,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    59,    -1,    61,    62,    63,    64,
+      65,    66,    -1,    68,    -1,    -1,    71,    -1,    -1,    74,
+      75,    76,    77,     3,     4,     5,    -1,    -1,    -1,    -1,
+      10,    11,    87,    -1,    14,    -1,    16,    17,    -1,    19,
+      -1,    -1,    -1,    -1,    24,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,     3,
+       4,     5,    -1,    43,    44,    -1,    10,    -1,    -1,    -1,
+      14,    51,    16,    17,    -1,    19,    -1,    -1,    -1,    59,
+      24,    61,    62,    63,    64,    65,    66,    -1,    68,    -1,
+      -1,    71,    -1,    -1,    74,    75,    76,    77,    -1,    43,
+      44,    -1,    -1,    -1,    -1,    -1,    -1,    51,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    59,    -1,    61,    62,    63,
+      64,    65,    66,    -1,    68,    -1,    -1,    71,    72,    -1,
+      74,    75,    76,    77,     3,     4,     5,    -1,    -1,    -1,
+      -1,    10,    -1,    -1,    -1,    14,    -1,    16,    17,    -1,
+      19,    -1,    -1,    -1,    -1,    24,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+       3,     4,     5,    -1,    43,    44,    -1,    10,    -1,    -1,
+      -1,    14,    51,    16,    17,    -1,    19,    -1,    -1,    -1,
+      59,    24,    61,    62,    63,    64,    65,    66,    -1,    68,
+      69,    -1,    71,    -1,    -1,    74,    75,    76,    77,    -1,
+      43,    44,    -1,    -1,    -1,    -1,    -1,    -1,    51,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    59,    -1,    61,    62,
+      63,    64,    65,    66,    -1,    68,    -1,    -1,    71,    72,
+      -1,    74,    75,    76,    77,     3,     4,     5,    -1,    -1,
+      -1,    -1,    10,    11,    -1,    -1,    14,    -1,    16,    17,
+      -1,    19,    -1,    -1,    -1,    -1,    24,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,     3,     4,     5,    -1,    43,    44,    -1,    10,    -1,
+      -1,    -1,    14,    51,    16,    17,    -1,    19,    -1,    -1,
+      -1,    59,    24,    61,    62,    63,    64,    65,    66,    -1,
+      68,    -1,    -1,    71,    -1,    -1,    74,    75,    76,    77,
+      -1,    43,    44,    -1,    -1,    -1,    -1,    -1,    -1,    51,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    59,    -1,    61,
+      62,    63,    64,    65,    66,    -1,    68,    -1,    -1,    71,
+      72,    -1,    74,    75,    76,    77,     3,     4,     5,    -1,
+      -1,    -1,    -1,    10,    -1,    -1,    -1,    14,    -1,    16,
+      17,    -1,    19,    -1,    -1,    -1,    -1,    24,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,     3,     4,     5,    -1,    43,    44,    -1,    10,
+      -1,    -1,    -1,    14,    51,    16,    17,    -1,    19,    -1,
+      -1,    -1,    59,    24,    61,    62,    63,    64,    65,    66,
+      -1,    68,    69,    -1,    71,    -1,    -1,    74,    75,    76,
+      77,    -1,    43,    44,    -1,    -1,    -1,    -1,    -1,    -1,
+      51,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    59,    -1,
+      61,    62,    63,    64,    65,    66,    -1,    68,    -1,    -1,
+      71,    72,    -1,    74,    75,    76,    77,     3,     4,     5,
+      -1,    -1,    -1,    -1,    10,    -1,    -1,    -1,    14,    -1,
+      16,    17,    -1,    19,    -1,    -1,    -1,    -1,    24,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,     3,     4,     5,    -1,    43,    44,    -1,
+      10,    -1,    -1,    -1,    14,    51,    16,    17,    -1,    19,
+      -1,    -1,    -1,    59,    24,    61,    62,    63,    64,    65,
+      66,    -1,    68,    -1,    -1,    71,    -1,    -1,    74,    75,
+      76,    77,    -1,    43,    44,    -1,    -1,    -1,    -1,    -1,
+      -1,    51,    -1,    -1,    -1,    -1,    -1,    22,    -1,    59,
+      -1,    61,    62,    63,    64,    65,    66,    -1,    68,    -1,
+      -1,    71,    -1,    -1,    74,    75,    76,    77,    43,    44,
+      -1,    -1,    -1,    48,    49,    50,    51,    52,    53,    54,
+      55,    56,    57,    58,    43,    44,    -1,    -1,    -1,    48,
+      49,    50,    51,    52,    53,    54,    55,    56,    57,    58,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    43,    44,    -1,
+      -1,    86,    48,    49,    50,    51,    52,    53,    54,    55,
+      56,    57,    58,    43,    44,    -1,    -1,    86,    48,    49,
+      50,    51,    52,    53,    54,    55,    56,    57,    58,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    43,    44,    -1,    -1,
+      86,    48,    49,    50,    51,    52,    53,    54,    55,    56,
+      57,    58,    -1,    -1,    -1,    -1,    86,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,
+      -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    -1,    86
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+   symbol of state STATE-NUM.  */
+static const yytype_uint16 yystos[] =
+{
+       0,     3,     4,     5,     6,     9,    10,    11,    12,    13,
+      14,    15,    16,    17,    18,    19,    20,    21,    24,    25,
+      26,    28,    29,    32,    43,    44,    51,    59,    61,    62,
+      63,    64,    65,    66,    68,    71,    74,    75,    76,    77,
+      87,    89,    93,    94,    99,   101,   103,   107,   109,   110,
+     112,   114,   116,   118,   121,   124,   127,   130,   133,   136,
+     139,   142,   145,   149,   150,   151,   152,   155,   160,   161,
+     162,   163,   166,   167,   168,   169,   170,   176,   177,   178,
+     179,   180,   184,   185,     1,    62,    87,    68,    10,    14,
+      59,    62,    92,    93,    98,   100,   181,    62,   153,    62,
+     156,   157,     1,    62,    87,    62,     1,    87,    98,   100,
+     102,   106,   108,   110,   111,   113,   115,   117,   119,   122,
+     125,   128,   131,   134,   137,   140,   143,   147,   106,   111,
+     111,    68,   150,    68,   111,    68,    68,   147,   151,     1,
+      87,   111,   111,    60,   185,    67,   111,   111,   147,    70,
+      95,    96,    97,   111,   111,   111,   111,    68,    71,    73,
+     104,    71,    73,   104,    43,    44,    48,    49,    50,    51,
+      52,    53,    54,    55,    56,    57,    58,    86,   146,    66,
+      78,    79,    74,    75,    45,    46,    47,    22,    23,    39,
+      40,    80,    81,    35,    36,    37,    38,    82,    83,    84,
+      42,    41,    85,     1,    70,    87,     0,   150,     1,    87,
+      11,   106,   117,   120,   123,   126,   129,   132,   135,   138,
+     141,   144,   148,   165,    98,   100,    62,    68,    60,    61,
+      62,    63,    90,    91,    71,    73,   104,    86,   158,     1,
+      70,    87,   158,     1,    70,    87,     1,    87,    68,   104,
+      71,    73,   104,    43,    44,   146,    66,    78,    79,    74,
+      75,    45,    46,    47,    22,    23,    39,    40,    80,    81,
+      35,    36,    37,    38,    82,    83,    84,    42,    41,    85,
+       1,    70,    87,   147,    21,   147,   147,   147,     1,    87,
+      30,    31,    60,   150,    69,    70,    72,    72,   143,    70,
+      69,   105,   143,   147,    62,   147,    62,   143,   111,   111,
+     111,   113,   113,   115,   115,   115,   117,   117,   117,   117,
+     117,   117,   119,   119,   119,   119,   122,   125,   128,   131,
+     134,   143,   143,    62,   154,    22,   146,    23,    39,    40,
+      80,    81,    35,    36,    37,    38,    82,    83,    84,    42,
+      41,    85,    70,    87,   104,    68,    62,    69,   182,    67,
+      62,    67,    67,    60,    70,   147,    62,   143,    62,   157,
+      69,   182,   147,    62,   143,   111,   111,   111,   113,   113,
+     115,   115,   115,   117,   117,   117,   117,   117,   117,   119,
+     119,   119,   119,   122,   125,   128,   131,   134,   143,   143,
+      69,    68,    69,    69,    69,    68,   151,    96,    69,    70,
+      72,    72,    67,    22,    86,   159,    70,    87,   147,   106,
+     144,   117,   117,   117,   117,   117,   120,   120,   120,   120,
+     123,   126,   129,   132,   135,   144,   144,   147,   164,    69,
+     182,    59,    69,    70,   143,    68,   143,   143,    60,    90,
+      72,   158,    59,    69,    72,    67,   150,   147,   150,    59,
+     171,   150,    62,    72,   143,   143,   143,   147,   144,    22,
+      62,   164,    69,    67,    87,    59,    69,     3,     4,     5,
+       6,     9,    10,    11,    12,    13,    14,    15,    16,    17,
+      18,    19,    20,    21,    24,    25,    26,    28,    29,    32,
+      43,    44,    51,    59,    61,    62,    63,    64,    65,    66,
+      68,    71,    74,    75,    76,    77,    87,   183,   186,   190,
+     191,   196,   198,   200,   204,   206,   207,   209,   211,   213,
+     215,   218,   221,   224,   227,   230,   233,   236,   239,   242,
+     246,   247,   248,   249,   252,   257,   258,   259,   260,   263,
+     264,   265,   266,   267,   273,   274,   275,   276,   277,   281,
+      59,    62,    69,   182,   183,    59,   143,    34,    69,     7,
+     172,   173,   174,    69,    69,   147,   159,    87,   150,   144,
+     164,   183,    59,     1,    62,    87,    68,    10,    14,    59,
+      62,   189,   190,   195,   197,   278,    62,   250,    62,   253,
+     254,     1,    62,    87,    62,     1,    87,   195,   197,   199,
+     203,   205,   207,   208,   210,   212,   214,   216,   219,   222,
+     225,   228,   231,   234,   237,   240,   244,   203,   208,   208,
+      68,   247,    68,   208,    68,    68,   244,   248,     1,    87,
+     208,   208,    60,   281,    67,   208,   208,   244,    70,   192,
+     193,   194,   208,   208,   208,   208,    60,    68,    71,    73,
+     201,    71,    73,   201,    43,    44,    48,    49,    50,    51,
+      52,    53,    54,    55,    56,    57,    58,    86,   243,    66,
+      78,    79,    74,    75,    45,    46,    47,    22,    23,    39,
+      40,    80,    81,    35,    36,    37,    38,    82,    83,    84,
+      42,    41,    85,     1,    70,    87,   247,   183,    59,    69,
+      60,   183,   150,     1,    87,   147,     8,    60,   175,   174,
+     151,   150,    69,   164,    69,    60,   183,     1,    87,    11,
+     203,   214,   217,   220,   223,   226,   229,   232,   235,   238,
+     241,   245,   262,   195,   197,    62,    68,    60,    61,    62,
+      63,   187,   188,    71,    73,   201,    86,   255,     1,    70,
+      87,   255,     1,    70,    87,     1,    87,    68,   201,    71,
+      73,   201,    43,    44,   243,    66,    78,    79,    74,    75,
+      45,    46,    47,    22,    23,    39,    40,    80,    81,    35,
+      36,    37,    38,    82,    83,    84,    42,    41,    85,     1,
+      70,    87,   244,    21,   244,   244,   244,     1,    87,    30,
+      31,    60,   247,    69,    70,    72,    72,   240,    70,    69,
+     202,   240,   244,    62,   244,    62,   240,   208,   208,   208,
+     210,   210,   212,   212,   212,   214,   214,   214,   214,   214,
+     214,   216,   216,   216,   216,   219,   222,   225,   228,   231,
+     240,   240,    60,   183,    59,    60,    67,    67,   172,    31,
+     150,    69,   150,    60,    62,   251,    22,   243,    23,    39,
+      40,    80,    81,    35,    36,    37,    38,    82,    83,    84,
+      42,    41,    85,    70,    87,   201,    68,    62,    69,   279,
+      67,    62,    67,    67,    60,    70,   244,    62,   240,    62,
+     254,    69,   279,   244,    62,   240,   208,   208,   208,   210,
+     210,   212,   212,   212,   214,   214,   214,   214,   214,   214,
+     216,   216,   216,   216,   219,   222,   225,   228,   231,   240,
+     240,    69,    68,    69,    69,    69,    68,   248,   193,    69,
+      70,    72,    72,    67,    60,   183,   185,   185,    60,   151,
+     150,    22,    86,   256,    70,    87,   244,   203,   241,   214,
+     214,   214,   214,   214,   217,   217,   217,   217,   220,   223,
+     226,   229,   232,   241,   241,   244,   261,    69,   279,    59,
+      69,    70,   240,    68,   240,   240,    60,   187,    72,   255,
+      59,    69,    72,    67,   247,   244,   247,    59,   268,   247,
+      62,    72,   240,   240,   240,    60,   244,   241,    22,    62,
+     261,    69,    67,    87,    59,    69,   280,   281,    59,    62,
+      69,   279,   280,    59,   240,    34,    69,     7,   269,   270,
+     271,    69,    69,   244,   256,    87,   247,   241,   261,   280,
+      59,    60,   280,    59,    69,    60,   280,   247,     1,    87,
+     244,     8,    60,   272,   271,   248,   247,    69,   261,    69,
+      60,   280,    60,   280,    59,    60,    67,    67,   269,    31,
+     247,    69,   247,    60,    60,   280,   281,   281,    60,   248,
+     247,    60
+};
+
+#define yyerrok		(yyerrstatus = 0)
+#define yyclearin	(yychar = YYEMPTY)
+#define YYEMPTY		(-2)
+#define YYEOF		0
+
+#define YYACCEPT	goto yyacceptlab
+#define YYABORT		goto yyabortlab
+#define YYERROR		goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror.  This remains here temporarily
+   to ease the transition to the new meaning of YYERROR, for GCC.
+   Once GCC version 2 has supplanted version 1, this can go.  */
+
+#define YYFAIL		goto yyerrlab
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)					\
+do								\
+  if (yychar == YYEMPTY && yylen == 1)				\
+    {								\
+      yychar = (Token);						\
+      yylval = (Value);						\
+      yytoken = YYTRANSLATE (yychar);				\
+      YYPOPSTACK (1);						\
+      goto yybackup;						\
+    }								\
+  else								\
+    {								\
+      yyerror (YY_("syntax error: cannot back up")); \
+      YYERROR;							\
+    }								\
+while (YYID (0))
+
+
+#define YYTERROR	1
+#define YYERRCODE	256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+   If N is 0, then set CURRENT to the empty location which ends
+   the previous symbol: RHS[0] (always defined).  */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N)				\
+    do									\
+      if (YYID (N))                                                    \
+	{								\
+	  (Current).first_line   = YYRHSLOC (Rhs, 1).first_line;	\
+	  (Current).first_column = YYRHSLOC (Rhs, 1).first_column;	\
+	  (Current).last_line    = YYRHSLOC (Rhs, N).last_line;		\
+	  (Current).last_column  = YYRHSLOC (Rhs, N).last_column;	\
+	}								\
+      else								\
+	{								\
+	  (Current).first_line   = (Current).last_line   =		\
+	    YYRHSLOC (Rhs, 0).last_line;				\
+	  (Current).first_column = (Current).last_column =		\
+	    YYRHSLOC (Rhs, 0).last_column;				\
+	}								\
+    while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+   This macro was not mandated originally: define only if we know
+   we won't break user code: when these are the locations we know.  */
+
+#ifndef YY_LOCATION_PRINT
+# if YYLTYPE_IS_TRIVIAL
+#  define YY_LOCATION_PRINT(File, Loc)			\
+     fprintf (File, "%d.%d-%d.%d",			\
+	      (Loc).first_line, (Loc).first_column,	\
+	      (Loc).last_line,  (Loc).last_column)
+# else
+#  define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments.  */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM)
+#else
+# define YYLEX yylex (&yylval, &yylloc)
+#endif
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)			\
+do {						\
+  if (yydebug)					\
+    YYFPRINTF Args;				\
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)			  \
+do {									  \
+  if (yydebug)								  \
+    {									  \
+      YYFPRINTF (stderr, "%s ", Title);					  \
+      yy_symbol_print (stderr,						  \
+		  Type, Value, Location); \
+      YYFPRINTF (stderr, "\n");						  \
+    }									  \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, YYLTYPE const * const yylocationp)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE const * const yyvaluep;
+    YYLTYPE const * const yylocationp;
+#endif
+{
+  if (!yyvaluep)
+    return;
+  YYUSE (yylocationp);
+# ifdef YYPRINT
+  if (yytype < YYNTOKENS)
+    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+  YYUSE (yyoutput);
+# endif
+  switch (yytype)
+    {
+      default:
+	break;
+    }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, YYLTYPE const * const yylocationp)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep, yylocationp)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE const * const yyvaluep;
+    YYLTYPE const * const yylocationp;
+#endif
+{
+  if (yytype < YYNTOKENS)
+    YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+  else
+    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+  YY_LOCATION_PRINT (yyoutput, *yylocationp);
+  YYFPRINTF (yyoutput, ": ");
+  yy_symbol_value_print (yyoutput, yytype, yyvaluep, yylocationp);
+  YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included).                                                   |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+    yytype_int16 *bottom;
+    yytype_int16 *top;
+#endif
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (; bottom <= top; ++bottom)
+    YYFPRINTF (stderr, " %d", *bottom);
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)				\
+do {								\
+  if (yydebug)							\
+    yy_stack_print ((Bottom), (Top));				\
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, YYLTYPE *yylsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yylsp, yyrule)
+    YYSTYPE *yyvsp;
+    YYLTYPE *yylsp;
+    int yyrule;
+#endif
+{
+  int yynrhs = yyr2[yyrule];
+  int yyi;
+  unsigned long int yylno = yyrline[yyrule];
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+	     yyrule - 1, yylno);
+  /* The symbols being reduced.  */
+  for (yyi = 0; yyi < yynrhs; yyi++)
+    {
+      fprintf (stderr, "   $%d = ", yyi + 1);
+      yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+		       &(yyvsp[(yyi + 1) - (yynrhs)])
+		       , &(yylsp[(yyi + 1) - (yynrhs)])		       );
+      fprintf (stderr, "\n");
+    }
+}
+
+# define YY_REDUCE_PRINT(Rule)		\
+do {					\
+  if (yydebug)				\
+    yy_reduce_print (yyvsp, yylsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef	YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined __GLIBC__ && defined _STRING_H
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+    const char *yystr;
+#endif
+{
+  YYSIZE_T yylen;
+  for (yylen = 0; yystr[yylen]; yylen++)
+    continue;
+  return yylen;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+    char *yydest;
+    const char *yysrc;
+#endif
+{
+  char *yyd = yydest;
+  const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+   quotes and backslashes, so that it's suitable for yyerror.  The
+   heuristic is that double-quoting is unnecessary unless the string
+   contains an apostrophe, a comma, or backslash (other than
+   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
+   null, do not copy; instead, return the length of what the result
+   would have been.  */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+  if (*yystr == '"')
+    {
+      YYSIZE_T yyn = 0;
+      char const *yyp = yystr;
+
+      for (;;)
+	switch (*++yyp)
+	  {
+	  case '\'':
+	  case ',':
+	    goto do_not_strip_quotes;
+
+	  case '\\':
+	    if (*++yyp != '\\')
+	      goto do_not_strip_quotes;
+	    /* Fall through.  */
+	  default:
+	    if (yyres)
+	      yyres[yyn] = *yyp;
+	    yyn++;
+	    break;
+
+	  case '"':
+	    if (yyres)
+	      yyres[yyn] = '\0';
+	    return yyn;
+	  }
+    do_not_strip_quotes: ;
+    }
+
+  if (! yyres)
+    return yystrlen (yystr);
+
+  return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+   YYCHAR while in state YYSTATE.  Return the number of bytes copied,
+   including the terminating null byte.  If YYRESULT is null, do not
+   copy anything; just return the number of bytes that would be
+   copied.  As a special case, return 0 if an ordinary "syntax error"
+   message will do.  Return YYSIZE_MAXIMUM if overflow occurs during
+   size calculation.  */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+  int yyn = yypact[yystate];
+
+  if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+    return 0;
+  else
+    {
+      int yytype = YYTRANSLATE (yychar);
+      YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+      YYSIZE_T yysize = yysize0;
+      YYSIZE_T yysize1;
+      int yysize_overflow = 0;
+      enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+      char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+      int yyx;
+
+# if 0
+      /* This is so xgettext sees the translatable formats that are
+	 constructed on the fly.  */
+      YY_("syntax error, unexpected %s");
+      YY_("syntax error, unexpected %s, expecting %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+      YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+      char *yyfmt;
+      char const *yyf;
+      static char const yyunexpected[] = "syntax error, unexpected %s";
+      static char const yyexpecting[] = ", expecting %s";
+      static char const yyor[] = " or %s";
+      char yyformat[sizeof yyunexpected
+		    + sizeof yyexpecting - 1
+		    + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+		       * (sizeof yyor - 1))];
+      char const *yyprefix = yyexpecting;
+
+      /* Start YYX at -YYN if negative to avoid negative indexes in
+	 YYCHECK.  */
+      int yyxbegin = yyn < 0 ? -yyn : 0;
+
+      /* Stay within bounds of both yycheck and yytname.  */
+      int yychecklim = YYLAST - yyn + 1;
+      int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+      int yycount = 1;
+
+      yyarg[0] = yytname[yytype];
+      yyfmt = yystpcpy (yyformat, yyunexpected);
+
+      for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+	if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+	  {
+	    if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+	      {
+		yycount = 1;
+		yysize = yysize0;
+		yyformat[sizeof yyunexpected - 1] = '\0';
+		break;
+	      }
+	    yyarg[yycount++] = yytname[yyx];
+	    yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+	    yysize_overflow |= (yysize1 < yysize);
+	    yysize = yysize1;
+	    yyfmt = yystpcpy (yyfmt, yyprefix);
+	    yyprefix = yyor;
+	  }
+
+      yyf = YY_(yyformat);
+      yysize1 = yysize + yystrlen (yyf);
+      yysize_overflow |= (yysize1 < yysize);
+      yysize = yysize1;
+
+      if (yysize_overflow)
+	return YYSIZE_MAXIMUM;
+
+      if (yyresult)
+	{
+	  /* Avoid sprintf, as that infringes on the user's name space.
+	     Don't have undefined behavior even if the translation
+	     produced a string with the wrong number of "%s"s.  */
+	  char *yyp = yyresult;
+	  int yyi = 0;
+	  while ((*yyp = *yyf) != '\0')
+	    {
+	      if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+		{
+		  yyp += yytnamerr (yyp, yyarg[yyi++]);
+		  yyf += 2;
+		}
+	      else
+		{
+		  yyp++;
+		  yyf++;
+		}
+	    }
+	}
+      return yysize;
+    }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, YYLTYPE *yylocationp)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep, yylocationp)
+    const char *yymsg;
+    int yytype;
+    YYSTYPE *yyvaluep;
+    YYLTYPE *yylocationp;
+#endif
+{
+  YYUSE (yyvaluep);
+  YYUSE (yylocationp);
+
+  if (!yymsg)
+    yymsg = "Deleting";
+  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+  switch (yytype)
+    {
+
+      default:
+	break;
+    }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes.  */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+    void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+     || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+  /* The look-ahead symbol.  */
+int yychar;
+
+/* The semantic value of the look-ahead symbol.  */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far.  */
+int yynerrs;
+/* Location data for the look-ahead symbol.  */
+YYLTYPE yylloc;
+
+  int yystate;
+  int yyn;
+  int yyresult;
+  /* Number of tokens to shift before error messages enabled.  */
+  int yyerrstatus;
+  /* Look-ahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+#if YYERROR_VERBOSE
+  /* Buffer for error messages, and its allocated size.  */
+  char yymsgbuf[128];
+  char *yymsg = yymsgbuf;
+  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+  /* Three stacks and their tools:
+     `yyss': related to states,
+     `yyvs': related to semantic values,
+     `yyls': related to locations.
+
+     Refer to the stacks thru separate pointers, to allow yyoverflow
+     to reallocate them elsewhere.  */
+
+  /* The state stack.  */
+  yytype_int16 yyssa[YYINITDEPTH];
+  yytype_int16 *yyss = yyssa;
+  yytype_int16 *yyssp;
+
+  /* The semantic value stack.  */
+  YYSTYPE yyvsa[YYINITDEPTH];
+  YYSTYPE *yyvs = yyvsa;
+  YYSTYPE *yyvsp;
+
+  /* The location stack.  */
+  YYLTYPE yylsa[YYINITDEPTH];
+  YYLTYPE *yyls = yylsa;
+  YYLTYPE *yylsp;
+  /* The locations where the error started and ended.  */
+  YYLTYPE yyerror_range[2];
+
+#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N), yylsp -= (N))
+
+  YYSIZE_T yystacksize = YYINITDEPTH;
+
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+  YYLTYPE yyloc;
+
+  /* The number of symbols on the RHS of the reduced rule.
+     Keep to zero when no symbol should be popped.  */
+  int yylen = 0;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY;		/* Cause a token to be read.  */
+
+  /* Initialize stack pointers.
+     Waste one element of value and location stack
+     so that they stay on the same level as the state stack.
+     The wasted elements are never initialized.  */
+
+  yyssp = yyss;
+  yyvsp = yyvs;
+  yylsp = yyls;
+#if YYLTYPE_IS_TRIVIAL
+  /* Initialize the default location before parsing starts.  */
+  yylloc.first_line   = yylloc.last_line   = 1;
+  yylloc.first_column = yylloc.last_column = 0;
+#endif
+
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed.  So pushing a state here evens the stacks.  */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+	/* Give user a chance to reallocate the stack.  Use copies of
+	   these so that the &'s don't force the real ones into
+	   memory.  */
+	YYSTYPE *yyvs1 = yyvs;
+	yytype_int16 *yyss1 = yyss;
+	YYLTYPE *yyls1 = yyls;
+
+	/* Each stack pointer address is followed by the size of the
+	   data in use in that stack, in bytes.  This used to be a
+	   conditional around just the two extra args, but that might
+	   be undefined if yyoverflow is a macro.  */
+	yyoverflow (YY_("memory exhausted"),
+		    &yyss1, yysize * sizeof (*yyssp),
+		    &yyvs1, yysize * sizeof (*yyvsp),
+		    &yyls1, yysize * sizeof (*yylsp),
+		    &yystacksize);
+	yyls = yyls1;
+	yyss = yyss1;
+	yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyexhaustedlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+	goto yyexhaustedlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+	yystacksize = YYMAXDEPTH;
+
+      {
+	yytype_int16 *yyss1 = yyss;
+	union yyalloc *yyptr =
+	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+	if (! yyptr)
+	  goto yyexhaustedlab;
+	YYSTACK_RELOCATE (yyss);
+	YYSTACK_RELOCATE (yyvs);
+	YYSTACK_RELOCATE (yyls);
+#  undef YYSTACK_RELOCATE
+	if (yyss1 != yyssa)
+	  YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+      yylsp = yyls + yysize - 1;
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+		  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+	YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+  /* Do appropriate processing given the current state.  Read a
+     look-ahead token if we need one and don't already have one.  */
+
+  /* First try to decide what to do without reference to look-ahead token.  */
+  yyn = yypact[yystate];
+  if (yyn == YYPACT_NINF)
+    goto yydefault;
+
+  /* Not known => get a look-ahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = YYLEX;
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yyn == 0 || yyn == YYTABLE_NINF)
+	goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  /* Shift the look-ahead token.  */
+  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+  /* Discard the shifted token unless it is eof.  */
+  if (yychar != YYEOF)
+    yychar = YYEMPTY;
+
+  yystate = yyn;
+  *++yyvsp = yylval;
+  *++yylsp = yylloc;
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     `$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+  /* Default location.  */
+  YYLLOC_DEFAULT (yyloc, (yylsp - yylen), yylen);
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 2:
+#line 293 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NullNode(GLOBAL_DATA), 0, 1); ;}
+    break;
+
+  case 3:
+#line 294 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BooleanNode(GLOBAL_DATA, true), 0, 1); ;}
+    break;
+
+  case 4:
+#line 295 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BooleanNode(GLOBAL_DATA, false), 0, 1); ;}
+    break;
+
+  case 5:
+#line 296 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeNumberNode(GLOBAL_DATA, (yyvsp[(1) - (1)].doubleValue)), 0, 1); ;}
+    break;
+
+  case 6:
+#line 297 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StringNode(GLOBAL_DATA, *(yyvsp[(1) - (1)].ident)), 0, 1); ;}
+    break;
+
+  case 7:
+#line 298 "../parser/Grammar.y"
+    {
+                                            Lexer& l = *GLOBAL_DATA->lexer;
+                                            const Identifier* pattern;
+                                            const Identifier* flags;
+                                            if (!l.scanRegExp(pattern, flags))
+                                                YYABORT;
+                                            RegExpNode* node = new (GLOBAL_DATA) RegExpNode(GLOBAL_DATA, *pattern, *flags);
+                                            int size = pattern->size() + 2; // + 2 for the two /'s
+                                            setExceptionLocation(node, (yylsp[(1) - (1)]).first_column, (yylsp[(1) - (1)]).first_column + size, (yylsp[(1) - (1)]).first_column + size);
+                                            (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, 0, 0);
+                                        ;}
+    break;
+
+  case 8:
+#line 309 "../parser/Grammar.y"
+    {
+                                            Lexer& l = *GLOBAL_DATA->lexer;
+                                            const Identifier* pattern;
+                                            const Identifier* flags;
+                                            if (!l.scanRegExp(pattern, flags, '='))
+                                                YYABORT;
+                                            RegExpNode* node = new (GLOBAL_DATA) RegExpNode(GLOBAL_DATA, *pattern, *flags);
+                                            int size = pattern->size() + 2; // + 2 for the two /'s
+                                            setExceptionLocation(node, (yylsp[(1) - (1)]).first_column, (yylsp[(1) - (1)]).first_column + size, (yylsp[(1) - (1)]).first_column + size);
+                                            (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, 0, 0);
+                                        ;}
+    break;
+
+  case 9:
+#line 323 "../parser/Grammar.y"
+    { (yyval.propertyNode) = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, *(yyvsp[(1) - (3)].ident), (yyvsp[(3) - (3)].expressionNode).m_node, PropertyNode::Constant), (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 10:
+#line 324 "../parser/Grammar.y"
+    { (yyval.propertyNode) = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, *(yyvsp[(1) - (3)].ident), (yyvsp[(3) - (3)].expressionNode).m_node, PropertyNode::Constant), (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 11:
+#line 325 "../parser/Grammar.y"
+    { (yyval.propertyNode) = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, (yyvsp[(1) - (3)].doubleValue), (yyvsp[(3) - (3)].expressionNode).m_node, PropertyNode::Constant), (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 12:
+#line 326 "../parser/Grammar.y"
+    { (yyval.propertyNode) = createNodeInfo<PropertyNode*>(makeGetterOrSetterPropertyNode(GLOBAL_DATA, *(yyvsp[(1) - (7)].ident), *(yyvsp[(2) - (7)].ident), 0, (yyvsp[(6) - (7)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(5) - (7)].intValue), (yyvsp[(7) - (7)].intValue), (yylsp[(5) - (7)]).first_line)), ClosureFeature, 0); setStatementLocation((yyvsp[(6) - (7)].functionBodyNode), (yylsp[(5) - (7)]), (yylsp[(7) - (7)])); if (!(yyval.propertyNode).m_node) YYABORT; ;}
+    break;
+
+  case 13:
+#line 328 "../parser/Grammar.y"
+    {
+                                                                 (yyval.propertyNode) = createNodeInfo<PropertyNode*>(makeGetterOrSetterPropertyNode(GLOBAL_DATA, *(yyvsp[(1) - (8)].ident), *(yyvsp[(2) - (8)].ident), (yyvsp[(4) - (8)].parameterList).m_node.head, (yyvsp[(7) - (8)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(6) - (8)].intValue), (yyvsp[(8) - (8)].intValue), (yylsp[(6) - (8)]).first_line)), (yyvsp[(4) - (8)].parameterList).m_features | ClosureFeature, 0); 
+                                                                 if ((yyvsp[(4) - (8)].parameterList).m_features & ArgumentsFeature)
+                                                                     (yyvsp[(7) - (8)].functionBodyNode)->setUsesArguments(); 
+                                                                 setStatementLocation((yyvsp[(7) - (8)].functionBodyNode), (yylsp[(6) - (8)]), (yylsp[(8) - (8)])); 
+                                                                 if (!(yyval.propertyNode).m_node) 
+                                                                     YYABORT; 
+                                                             ;}
+    break;
+
+  case 14:
+#line 339 "../parser/Grammar.y"
+    { (yyval.propertyList).m_node.head = new (GLOBAL_DATA) PropertyListNode(GLOBAL_DATA, (yyvsp[(1) - (1)].propertyNode).m_node); 
+                                          (yyval.propertyList).m_node.tail = (yyval.propertyList).m_node.head;
+                                          (yyval.propertyList).m_features = (yyvsp[(1) - (1)].propertyNode).m_features;
+                                          (yyval.propertyList).m_numConstants = (yyvsp[(1) - (1)].propertyNode).m_numConstants; ;}
+    break;
+
+  case 15:
+#line 343 "../parser/Grammar.y"
+    { (yyval.propertyList).m_node.head = (yyvsp[(1) - (3)].propertyList).m_node.head;
+                                          (yyval.propertyList).m_node.tail = new (GLOBAL_DATA) PropertyListNode(GLOBAL_DATA, (yyvsp[(3) - (3)].propertyNode).m_node, (yyvsp[(1) - (3)].propertyList).m_node.tail);
+                                          (yyval.propertyList).m_features = (yyvsp[(1) - (3)].propertyList).m_features | (yyvsp[(3) - (3)].propertyNode).m_features;
+                                          (yyval.propertyList).m_numConstants = (yyvsp[(1) - (3)].propertyList).m_numConstants + (yyvsp[(3) - (3)].propertyNode).m_numConstants; ;}
+    break;
+
+  case 17:
+#line 351 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA), 0, 0); ;}
+    break;
+
+  case 18:
+#line 352 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA, (yyvsp[(2) - (3)].propertyList).m_node.head), (yyvsp[(2) - (3)].propertyList).m_features, (yyvsp[(2) - (3)].propertyList).m_numConstants); ;}
+    break;
+
+  case 19:
+#line 354 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA, (yyvsp[(2) - (4)].propertyList).m_node.head), (yyvsp[(2) - (4)].propertyList).m_features, (yyvsp[(2) - (4)].propertyList).m_numConstants); ;}
+    break;
+
+  case 20:
+#line 358 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ThisNode(GLOBAL_DATA), ThisFeature, 0); ;}
+    break;
+
+  case 23:
+#line 361 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ResolveNode(GLOBAL_DATA, *(yyvsp[(1) - (1)].ident), (yylsp[(1) - (1)]).first_column), (*(yyvsp[(1) - (1)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0, 0); ;}
+    break;
+
+  case 24:
+#line 362 "../parser/Grammar.y"
+    { (yyval.expressionNode) = (yyvsp[(2) - (3)].expressionNode); ;}
+    break;
+
+  case 25:
+#line 366 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, (yyvsp[(2) - (3)].intValue)), 0, (yyvsp[(2) - (3)].intValue) ? 1 : 0); ;}
+    break;
+
+  case 26:
+#line 367 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, (yyvsp[(2) - (3)].elementList).m_node.head), (yyvsp[(2) - (3)].elementList).m_features, (yyvsp[(2) - (3)].elementList).m_numConstants); ;}
+    break;
+
+  case 27:
+#line 368 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, (yyvsp[(4) - (5)].intValue), (yyvsp[(2) - (5)].elementList).m_node.head), (yyvsp[(2) - (5)].elementList).m_features, (yyvsp[(4) - (5)].intValue) ? (yyvsp[(2) - (5)].elementList).m_numConstants + 1 : (yyvsp[(2) - (5)].elementList).m_numConstants); ;}
+    break;
+
+  case 28:
+#line 372 "../parser/Grammar.y"
+    { (yyval.elementList).m_node.head = new (GLOBAL_DATA) ElementNode(GLOBAL_DATA, (yyvsp[(1) - (2)].intValue), (yyvsp[(2) - (2)].expressionNode).m_node);
+                                          (yyval.elementList).m_node.tail = (yyval.elementList).m_node.head;
+                                          (yyval.elementList).m_features = (yyvsp[(2) - (2)].expressionNode).m_features;
+                                          (yyval.elementList).m_numConstants = (yyvsp[(2) - (2)].expressionNode).m_numConstants; ;}
+    break;
+
+  case 29:
+#line 377 "../parser/Grammar.y"
+    { (yyval.elementList).m_node.head = (yyvsp[(1) - (4)].elementList).m_node.head;
+                                          (yyval.elementList).m_node.tail = new (GLOBAL_DATA) ElementNode(GLOBAL_DATA, (yyvsp[(1) - (4)].elementList).m_node.tail, (yyvsp[(3) - (4)].intValue), (yyvsp[(4) - (4)].expressionNode).m_node);
+                                          (yyval.elementList).m_features = (yyvsp[(1) - (4)].elementList).m_features | (yyvsp[(4) - (4)].expressionNode).m_features;
+                                          (yyval.elementList).m_numConstants = (yyvsp[(1) - (4)].elementList).m_numConstants + (yyvsp[(4) - (4)].expressionNode).m_numConstants; ;}
+    break;
+
+  case 30:
+#line 384 "../parser/Grammar.y"
+    { (yyval.intValue) = 0; ;}
+    break;
+
+  case 32:
+#line 389 "../parser/Grammar.y"
+    { (yyval.intValue) = 1; ;}
+    break;
+
+  case 33:
+#line 390 "../parser/Grammar.y"
+    { (yyval.intValue) = (yyvsp[(1) - (2)].intValue) + 1; ;}
+    break;
+
+  case 35:
+#line 395 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>((yyvsp[(1) - (1)].funcExprNode).m_node, (yyvsp[(1) - (1)].funcExprNode).m_features, (yyvsp[(1) - (1)].funcExprNode).m_numConstants); ;}
+    break;
+
+  case 36:
+#line 396 "../parser/Grammar.y"
+    { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (4)]).first_column, (yylsp[(1) - (4)]).last_column, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (4)].expressionNode).m_features | (yyvsp[(3) - (4)].expressionNode).m_features, (yyvsp[(1) - (4)].expressionNode).m_numConstants + (yyvsp[(3) - (4)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 37:
+#line 400 "../parser/Grammar.y"
+    { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, *(yyvsp[(3) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(1) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 38:
+#line 404 "../parser/Grammar.y"
+    { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].argumentsNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(2) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].argumentsNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].argumentsNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 40:
+#line 412 "../parser/Grammar.y"
+    { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (4)]).first_column, (yylsp[(1) - (4)]).last_column, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (4)].expressionNode).m_features | (yyvsp[(3) - (4)].expressionNode).m_features, (yyvsp[(1) - (4)].expressionNode).m_numConstants + (yyvsp[(3) - (4)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 41:
+#line 416 "../parser/Grammar.y"
+    { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, *(yyvsp[(3) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(1) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 42:
+#line 420 "../parser/Grammar.y"
+    { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].argumentsNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(2) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].argumentsNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].argumentsNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 44:
+#line 428 "../parser/Grammar.y"
+    { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).last_column, (yylsp[(2) - (2)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 46:
+#line 436 "../parser/Grammar.y"
+    { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).last_column, (yylsp[(2) - (2)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 47:
+#line 443 "../parser/Grammar.y"
+    { (yyval.expressionNode) = makeFunctionCallNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode), (yyvsp[(2) - (2)].argumentsNode), (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column); ;}
+    break;
+
+  case 48:
+#line 444 "../parser/Grammar.y"
+    { (yyval.expressionNode) = makeFunctionCallNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode), (yyvsp[(2) - (2)].argumentsNode), (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column); ;}
+    break;
+
+  case 49:
+#line 445 "../parser/Grammar.y"
+    { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (4)]).first_column, (yylsp[(1) - (4)]).last_column, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (4)].expressionNode).m_features | (yyvsp[(3) - (4)].expressionNode).m_features, (yyvsp[(1) - (4)].expressionNode).m_numConstants + (yyvsp[(3) - (4)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 50:
+#line 449 "../parser/Grammar.y"
+    { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, *(yyvsp[(3) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(1) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 51:
+#line 455 "../parser/Grammar.y"
+    { (yyval.expressionNode) = makeFunctionCallNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode), (yyvsp[(2) - (2)].argumentsNode), (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column); ;}
+    break;
+
+  case 52:
+#line 456 "../parser/Grammar.y"
+    { (yyval.expressionNode) = makeFunctionCallNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode), (yyvsp[(2) - (2)].argumentsNode), (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column); ;}
+    break;
+
+  case 53:
+#line 457 "../parser/Grammar.y"
+    { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_node, (yyvsp[(3) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (4)]).first_column, (yylsp[(1) - (4)]).last_column, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (4)].expressionNode).m_features | (yyvsp[(3) - (4)].expressionNode).m_features, (yyvsp[(1) - (4)].expressionNode).m_numConstants + (yyvsp[(3) - (4)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 54:
+#line 461 "../parser/Grammar.y"
+    { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, *(yyvsp[(3) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(1) - (3)]).last_column, (yylsp[(3) - (3)]).last_column);
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 55:
+#line 468 "../parser/Grammar.y"
+    { (yyval.argumentsNode) = createNodeInfo<ArgumentsNode*>(new (GLOBAL_DATA) ArgumentsNode(GLOBAL_DATA), 0, 0); ;}
+    break;
+
+  case 56:
+#line 469 "../parser/Grammar.y"
+    { (yyval.argumentsNode) = createNodeInfo<ArgumentsNode*>(new (GLOBAL_DATA) ArgumentsNode(GLOBAL_DATA, (yyvsp[(2) - (3)].argumentList).m_node.head), (yyvsp[(2) - (3)].argumentList).m_features, (yyvsp[(2) - (3)].argumentList).m_numConstants); ;}
+    break;
+
+  case 57:
+#line 473 "../parser/Grammar.y"
+    { (yyval.argumentList).m_node.head = new (GLOBAL_DATA) ArgumentListNode(GLOBAL_DATA, (yyvsp[(1) - (1)].expressionNode).m_node);
+                                          (yyval.argumentList).m_node.tail = (yyval.argumentList).m_node.head;
+                                          (yyval.argumentList).m_features = (yyvsp[(1) - (1)].expressionNode).m_features;
+                                          (yyval.argumentList).m_numConstants = (yyvsp[(1) - (1)].expressionNode).m_numConstants; ;}
+    break;
+
+  case 58:
+#line 477 "../parser/Grammar.y"
+    { (yyval.argumentList).m_node.head = (yyvsp[(1) - (3)].argumentList).m_node.head;
+                                          (yyval.argumentList).m_node.tail = new (GLOBAL_DATA) ArgumentListNode(GLOBAL_DATA, (yyvsp[(1) - (3)].argumentList).m_node.tail, (yyvsp[(3) - (3)].expressionNode).m_node);
+                                          (yyval.argumentList).m_features = (yyvsp[(1) - (3)].argumentList).m_features | (yyvsp[(3) - (3)].expressionNode).m_features;
+                                          (yyval.argumentList).m_numConstants = (yyvsp[(1) - (3)].argumentList).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants; ;}
+    break;
+
+  case 64:
+#line 495 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node, OpPlusPlus, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column), (yyvsp[(1) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 65:
+#line 496 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node, OpMinusMinus, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column), (yyvsp[(1) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 67:
+#line 501 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node, OpPlusPlus, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column), (yyvsp[(1) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 68:
+#line 502 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node, OpMinusMinus, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(2) - (2)]).last_column), (yyvsp[(1) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 69:
+#line 506 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeDeleteNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).last_column, (yylsp[(2) - (2)]).last_column), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 70:
+#line 507 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) VoidNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants + 1); ;}
+    break;
+
+  case 71:
+#line 508 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeTypeOfNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 72:
+#line 509 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node, OpPlusPlus, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column), (yyvsp[(2) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 73:
+#line 510 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node, OpPlusPlus, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column), (yyvsp[(2) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 74:
+#line 511 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node, OpMinusMinus, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column), (yyvsp[(2) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 75:
+#line 512 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node, OpMinusMinus, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column), (yyvsp[(2) - (2)].expressionNode).m_features | AssignFeature, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 76:
+#line 513 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnaryPlusNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 77:
+#line 514 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeNegateNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 78:
+#line 515 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeBitwiseNotNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 79:
+#line 516 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalNotNode(GLOBAL_DATA, (yyvsp[(2) - (2)].expressionNode).m_node), (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 85:
+#line 530 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeMultNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 86:
+#line 531 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeDivNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 87:
+#line 532 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ModNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 89:
+#line 538 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeMultNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 90:
+#line 540 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeDivNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 91:
+#line 542 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ModNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 93:
+#line 547 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeAddNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 94:
+#line 548 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeSubNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 96:
+#line 554 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeAddNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 97:
+#line 556 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeSubNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 99:
+#line 561 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeLeftShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 100:
+#line 562 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeRightShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 101:
+#line 563 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnsignedRightShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 103:
+#line 568 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeLeftShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 104:
+#line 569 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeRightShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 105:
+#line 570 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnsignedRightShiftNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 107:
+#line 575 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 108:
+#line 576 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 109:
+#line 577 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 110:
+#line 578 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 111:
+#line 579 "../parser/Grammar.y"
+    { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(3) - (3)]).first_column, (yylsp[(3) - (3)]).last_column);  
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 112:
+#line 582 "../parser/Grammar.y"
+    { InNode* node = new (GLOBAL_DATA) InNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(3) - (3)]).first_column, (yylsp[(3) - (3)]).last_column);  
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 114:
+#line 589 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 115:
+#line 590 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 116:
+#line 591 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 117:
+#line 592 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 118:
+#line 594 "../parser/Grammar.y"
+    { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(3) - (3)]).first_column, (yylsp[(3) - (3)]).last_column);  
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 120:
+#line 601 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 121:
+#line 602 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 122:
+#line 603 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 123:
+#line 604 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 124:
+#line 606 "../parser/Grammar.y"
+    { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(3) - (3)]).first_column, (yylsp[(3) - (3)]).last_column);  
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 125:
+#line 610 "../parser/Grammar.y"
+    { InNode* node = new (GLOBAL_DATA) InNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(3) - (3)]).first_column, (yylsp[(3) - (3)]).last_column);  
+                                          (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(node, (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 127:
+#line 617 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 128:
+#line 618 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 129:
+#line 619 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 130:
+#line 620 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 132:
+#line 626 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 133:
+#line 628 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 134:
+#line 630 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 135:
+#line 632 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 137:
+#line 638 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 138:
+#line 639 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 139:
+#line 641 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 140:
+#line 643 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 142:
+#line 648 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 144:
+#line 654 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 146:
+#line 659 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 148:
+#line 664 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 150:
+#line 670 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 152:
+#line 676 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 154:
+#line 681 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 156:
+#line 687 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 158:
+#line 693 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 160:
+#line 698 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalAnd), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 162:
+#line 704 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalAnd), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 164:
+#line 710 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalAnd), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 166:
+#line 715 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalOr), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 168:
+#line 721 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalOr), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 170:
+#line 726 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node, OpLogicalOr), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 172:
+#line 732 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, (yyvsp[(1) - (5)].expressionNode).m_node, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].expressionNode).m_node), (yyvsp[(1) - (5)].expressionNode).m_features | (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].expressionNode).m_features, (yyvsp[(1) - (5)].expressionNode).m_numConstants + (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 174:
+#line 738 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, (yyvsp[(1) - (5)].expressionNode).m_node, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].expressionNode).m_node), (yyvsp[(1) - (5)].expressionNode).m_features | (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].expressionNode).m_features, (yyvsp[(1) - (5)].expressionNode).m_numConstants + (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 176:
+#line 744 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, (yyvsp[(1) - (5)].expressionNode).m_node, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].expressionNode).m_node), (yyvsp[(1) - (5)].expressionNode).m_features | (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].expressionNode).m_features, (yyvsp[(1) - (5)].expressionNode).m_numConstants + (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 178:
+#line 750 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(2) - (3)].op), (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(1) - (3)].expressionNode).m_features & AssignFeature, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature, 
+                                                                                                     (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).first_column + 1, (yylsp[(3) - (3)]).last_column), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 180:
+#line 758 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(2) - (3)].op), (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(1) - (3)].expressionNode).m_features & AssignFeature, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature, 
+                                                                                                     (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).first_column + 1, (yylsp[(3) - (3)]).last_column), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants);
+                                        ;}
+    break;
+
+  case 182:
+#line 766 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(2) - (3)].op), (yyvsp[(3) - (3)].expressionNode).m_node, (yyvsp[(1) - (3)].expressionNode).m_features & AssignFeature, (yyvsp[(3) - (3)].expressionNode).m_features & AssignFeature,
+                                                                                                     (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).first_column + 1, (yylsp[(3) - (3)]).last_column), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features | AssignFeature, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); 
+                                        ;}
+    break;
+
+  case 183:
+#line 772 "../parser/Grammar.y"
+    { (yyval.op) = OpEqual; ;}
+    break;
+
+  case 184:
+#line 773 "../parser/Grammar.y"
+    { (yyval.op) = OpPlusEq; ;}
+    break;
+
+  case 185:
+#line 774 "../parser/Grammar.y"
+    { (yyval.op) = OpMinusEq; ;}
+    break;
+
+  case 186:
+#line 775 "../parser/Grammar.y"
+    { (yyval.op) = OpMultEq; ;}
+    break;
+
+  case 187:
+#line 776 "../parser/Grammar.y"
+    { (yyval.op) = OpDivEq; ;}
+    break;
+
+  case 188:
+#line 777 "../parser/Grammar.y"
+    { (yyval.op) = OpLShift; ;}
+    break;
+
+  case 189:
+#line 778 "../parser/Grammar.y"
+    { (yyval.op) = OpRShift; ;}
+    break;
+
+  case 190:
+#line 779 "../parser/Grammar.y"
+    { (yyval.op) = OpURShift; ;}
+    break;
+
+  case 191:
+#line 780 "../parser/Grammar.y"
+    { (yyval.op) = OpAndEq; ;}
+    break;
+
+  case 192:
+#line 781 "../parser/Grammar.y"
+    { (yyval.op) = OpXOrEq; ;}
+    break;
+
+  case 193:
+#line 782 "../parser/Grammar.y"
+    { (yyval.op) = OpOrEq; ;}
+    break;
+
+  case 194:
+#line 783 "../parser/Grammar.y"
+    { (yyval.op) = OpModEq; ;}
+    break;
+
+  case 196:
+#line 788 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 198:
+#line 793 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 200:
+#line 798 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, (yyvsp[(1) - (3)].expressionNode).m_node, (yyvsp[(3) - (3)].expressionNode).m_node), (yyvsp[(1) - (3)].expressionNode).m_features | (yyvsp[(3) - (3)].expressionNode).m_features, (yyvsp[(1) - (3)].expressionNode).m_numConstants + (yyvsp[(3) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 218:
+#line 822 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BlockNode(GLOBAL_DATA, 0), 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 219:
+#line 824 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BlockNode(GLOBAL_DATA, (yyvsp[(2) - (3)].sourceElements).m_node), (yyvsp[(2) - (3)].sourceElements).m_varDeclarations, (yyvsp[(2) - (3)].sourceElements).m_funcDeclarations, (yyvsp[(2) - (3)].sourceElements).m_features, (yyvsp[(2) - (3)].sourceElements).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 220:
+#line 829 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(makeVarStatementNode(GLOBAL_DATA, (yyvsp[(2) - (3)].varDeclList).m_node), (yyvsp[(2) - (3)].varDeclList).m_varDeclarations, (yyvsp[(2) - (3)].varDeclList).m_funcDeclarations, (yyvsp[(2) - (3)].varDeclList).m_features, (yyvsp[(2) - (3)].varDeclList).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 221:
+#line 831 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(makeVarStatementNode(GLOBAL_DATA, (yyvsp[(2) - (3)].varDeclList).m_node), (yyvsp[(2) - (3)].varDeclList).m_varDeclarations, (yyvsp[(2) - (3)].varDeclList).m_funcDeclarations, (yyvsp[(2) - (3)].varDeclList).m_features, (yyvsp[(2) - (3)].varDeclList).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)]));
+                                          AUTO_SEMICOLON; ;}
+    break;
+
+  case 222:
+#line 837 "../parser/Grammar.y"
+    { (yyval.varDeclList).m_node = 0;
+                                          (yyval.varDeclList).m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(1) - (1)].ident), 0);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (*(yyvsp[(1) - (1)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          (yyval.varDeclList).m_numConstants = 0;
+                                        ;}
+    break;
+
+  case 223:
+#line 844 "../parser/Grammar.y"
+    { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *(yyvsp[(1) - (2)].ident), (yyvsp[(2) - (2)].expressionNode).m_node, (yyvsp[(2) - (2)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column);
+                                          (yyval.varDeclList).m_node = node;
+                                          (yyval.varDeclList).m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(1) - (2)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = ((*(yyvsp[(1) - (2)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(2) - (2)].expressionNode).m_features;
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(2) - (2)].expressionNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 224:
+#line 854 "../parser/Grammar.y"
+    { (yyval.varDeclList).m_node = (yyvsp[(1) - (3)].varDeclList).m_node;
+                                          (yyval.varDeclList).m_varDeclarations = (yyvsp[(1) - (3)].varDeclList).m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(3) - (3)].ident), 0);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (yyvsp[(1) - (3)].varDeclList).m_features | ((*(yyvsp[(3) - (3)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(1) - (3)].varDeclList).m_numConstants;
+                                        ;}
+    break;
+
+  case 225:
+#line 862 "../parser/Grammar.y"
+    { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *(yyvsp[(3) - (4)].ident), (yyvsp[(4) - (4)].expressionNode).m_node, (yyvsp[(4) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(3) - (4)]).first_column, (yylsp[(4) - (4)]).first_column + 1, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.varDeclList).m_node = combineCommaNodes(GLOBAL_DATA, (yyvsp[(1) - (4)].varDeclList).m_node, node);
+                                          (yyval.varDeclList).m_varDeclarations = (yyvsp[(1) - (4)].varDeclList).m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(3) - (4)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (yyvsp[(1) - (4)].varDeclList).m_features | ((*(yyvsp[(3) - (4)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(4) - (4)].expressionNode).m_features;
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(1) - (4)].varDeclList).m_numConstants + (yyvsp[(4) - (4)].expressionNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 226:
+#line 874 "../parser/Grammar.y"
+    { (yyval.varDeclList).m_node = 0;
+                                          (yyval.varDeclList).m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(1) - (1)].ident), 0);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (*(yyvsp[(1) - (1)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          (yyval.varDeclList).m_numConstants = 0;
+                                        ;}
+    break;
+
+  case 227:
+#line 881 "../parser/Grammar.y"
+    { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *(yyvsp[(1) - (2)].ident), (yyvsp[(2) - (2)].expressionNode).m_node, (yyvsp[(2) - (2)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(2) - (2)]).first_column + 1, (yylsp[(2) - (2)]).last_column);
+                                          (yyval.varDeclList).m_node = node;
+                                          (yyval.varDeclList).m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(1) - (2)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = ((*(yyvsp[(1) - (2)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(2) - (2)].expressionNode).m_features;
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(2) - (2)].expressionNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 228:
+#line 891 "../parser/Grammar.y"
+    { (yyval.varDeclList).m_node = (yyvsp[(1) - (3)].varDeclList).m_node;
+                                          (yyval.varDeclList).m_varDeclarations = (yyvsp[(1) - (3)].varDeclList).m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(3) - (3)].ident), 0);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (yyvsp[(1) - (3)].varDeclList).m_features | ((*(yyvsp[(3) - (3)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(1) - (3)].varDeclList).m_numConstants;
+                                        ;}
+    break;
+
+  case 229:
+#line 899 "../parser/Grammar.y"
+    { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *(yyvsp[(3) - (4)].ident), (yyvsp[(4) - (4)].expressionNode).m_node, (yyvsp[(4) - (4)].expressionNode).m_features & AssignFeature);
+                                          setExceptionLocation(node, (yylsp[(3) - (4)]).first_column, (yylsp[(4) - (4)]).first_column + 1, (yylsp[(4) - (4)]).last_column);
+                                          (yyval.varDeclList).m_node = combineCommaNodes(GLOBAL_DATA, (yyvsp[(1) - (4)].varDeclList).m_node, node);
+                                          (yyval.varDeclList).m_varDeclarations = (yyvsp[(1) - (4)].varDeclList).m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.varDeclList).m_varDeclarations, *(yyvsp[(3) - (4)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.varDeclList).m_funcDeclarations = 0;
+                                          (yyval.varDeclList).m_features = (yyvsp[(1) - (4)].varDeclList).m_features | ((*(yyvsp[(3) - (4)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(4) - (4)].expressionNode).m_features;
+                                          (yyval.varDeclList).m_numConstants = (yyvsp[(1) - (4)].varDeclList).m_numConstants + (yyvsp[(4) - (4)].expressionNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 230:
+#line 911 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ConstStatementNode(GLOBAL_DATA, (yyvsp[(2) - (3)].constDeclList).m_node.head), (yyvsp[(2) - (3)].constDeclList).m_varDeclarations, (yyvsp[(2) - (3)].constDeclList).m_funcDeclarations, (yyvsp[(2) - (3)].constDeclList).m_features, (yyvsp[(2) - (3)].constDeclList).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 231:
+#line 914 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ConstStatementNode(GLOBAL_DATA, (yyvsp[(2) - (3)].constDeclList).m_node.head), (yyvsp[(2) - (3)].constDeclList).m_varDeclarations, (yyvsp[(2) - (3)].constDeclList).m_funcDeclarations, (yyvsp[(2) - (3)].constDeclList).m_features, (yyvsp[(2) - (3)].constDeclList).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 232:
+#line 919 "../parser/Grammar.y"
+    { (yyval.constDeclList).m_node.head = (yyvsp[(1) - (1)].constDeclNode).m_node;
+                                          (yyval.constDeclList).m_node.tail = (yyval.constDeclList).m_node.head;
+                                          (yyval.constDeclList).m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.constDeclList).m_varDeclarations, (yyvsp[(1) - (1)].constDeclNode).m_node);
+                                          (yyval.constDeclList).m_funcDeclarations = 0; 
+                                          (yyval.constDeclList).m_features = (yyvsp[(1) - (1)].constDeclNode).m_features;
+                                          (yyval.constDeclList).m_numConstants = (yyvsp[(1) - (1)].constDeclNode).m_numConstants;
+    ;}
+    break;
+
+  case 233:
+#line 928 "../parser/Grammar.y"
+    { (yyval.constDeclList).m_node.head = (yyvsp[(1) - (3)].constDeclList).m_node.head;
+                                          (yyvsp[(1) - (3)].constDeclList).m_node.tail->m_next = (yyvsp[(3) - (3)].constDeclNode).m_node;
+                                          (yyval.constDeclList).m_node.tail = (yyvsp[(3) - (3)].constDeclNode).m_node;
+                                          (yyval.constDeclList).m_varDeclarations = (yyvsp[(1) - (3)].constDeclList).m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyval.constDeclList).m_varDeclarations, (yyvsp[(3) - (3)].constDeclNode).m_node);
+                                          (yyval.constDeclList).m_funcDeclarations = 0;
+                                          (yyval.constDeclList).m_features = (yyvsp[(1) - (3)].constDeclList).m_features | (yyvsp[(3) - (3)].constDeclNode).m_features;
+                                          (yyval.constDeclList).m_numConstants = (yyvsp[(1) - (3)].constDeclList).m_numConstants + (yyvsp[(3) - (3)].constDeclNode).m_numConstants; ;}
+    break;
+
+  case 234:
+#line 939 "../parser/Grammar.y"
+    { (yyval.constDeclNode) = createNodeInfo<ConstDeclNode*>(new (GLOBAL_DATA) ConstDeclNode(GLOBAL_DATA, *(yyvsp[(1) - (1)].ident), 0), (*(yyvsp[(1) - (1)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0, 0); ;}
+    break;
+
+  case 235:
+#line 940 "../parser/Grammar.y"
+    { (yyval.constDeclNode) = createNodeInfo<ConstDeclNode*>(new (GLOBAL_DATA) ConstDeclNode(GLOBAL_DATA, *(yyvsp[(1) - (2)].ident), (yyvsp[(2) - (2)].expressionNode).m_node), ((*(yyvsp[(1) - (2)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(2) - (2)].expressionNode).m_features, (yyvsp[(2) - (2)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 236:
+#line 944 "../parser/Grammar.y"
+    { (yyval.expressionNode) = (yyvsp[(2) - (2)].expressionNode); ;}
+    break;
+
+  case 237:
+#line 948 "../parser/Grammar.y"
+    { (yyval.expressionNode) = (yyvsp[(2) - (2)].expressionNode); ;}
+    break;
+
+  case 238:
+#line 952 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) EmptyStatementNode(GLOBAL_DATA), 0, 0, 0, 0); ;}
+    break;
+
+  case 239:
+#line 956 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ExprStatementNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node), 0, 0, (yyvsp[(1) - (2)].expressionNode).m_features, (yyvsp[(1) - (2)].expressionNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 240:
+#line 958 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ExprStatementNode(GLOBAL_DATA, (yyvsp[(1) - (2)].expressionNode).m_node), 0, 0, (yyvsp[(1) - (2)].expressionNode).m_features, (yyvsp[(1) - (2)].expressionNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(1) - (2)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 241:
+#line 964 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) IfNode(GLOBAL_DATA, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].statementNode).m_node), (yyvsp[(5) - (5)].statementNode).m_varDeclarations, (yyvsp[(5) - (5)].statementNode).m_funcDeclarations, (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].statementNode).m_features, (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (5)]), (yylsp[(4) - (5)])); ;}
+    break;
+
+  case 242:
+#line 967 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) IfElseNode(GLOBAL_DATA, (yyvsp[(3) - (7)].expressionNode).m_node, (yyvsp[(5) - (7)].statementNode).m_node, (yyvsp[(7) - (7)].statementNode).m_node), 
+                                                                                         mergeDeclarationLists((yyvsp[(5) - (7)].statementNode).m_varDeclarations, (yyvsp[(7) - (7)].statementNode).m_varDeclarations),
+                                                                                         mergeDeclarationLists((yyvsp[(5) - (7)].statementNode).m_funcDeclarations, (yyvsp[(7) - (7)].statementNode).m_funcDeclarations),
+                                                                                         (yyvsp[(3) - (7)].expressionNode).m_features | (yyvsp[(5) - (7)].statementNode).m_features | (yyvsp[(7) - (7)].statementNode).m_features,
+                                                                                         (yyvsp[(3) - (7)].expressionNode).m_numConstants + (yyvsp[(5) - (7)].statementNode).m_numConstants + (yyvsp[(7) - (7)].statementNode).m_numConstants); 
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (7)]), (yylsp[(4) - (7)])); ;}
+    break;
+
+  case 243:
+#line 976 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DoWhileNode(GLOBAL_DATA, (yyvsp[(2) - (7)].statementNode).m_node, (yyvsp[(5) - (7)].expressionNode).m_node), (yyvsp[(2) - (7)].statementNode).m_varDeclarations, (yyvsp[(2) - (7)].statementNode).m_funcDeclarations, (yyvsp[(2) - (7)].statementNode).m_features | (yyvsp[(5) - (7)].expressionNode).m_features, (yyvsp[(2) - (7)].statementNode).m_numConstants + (yyvsp[(5) - (7)].expressionNode).m_numConstants);
+                                             setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (7)]), (yylsp[(3) - (7)])); ;}
+    break;
+
+  case 244:
+#line 978 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DoWhileNode(GLOBAL_DATA, (yyvsp[(2) - (7)].statementNode).m_node, (yyvsp[(5) - (7)].expressionNode).m_node), (yyvsp[(2) - (7)].statementNode).m_varDeclarations, (yyvsp[(2) - (7)].statementNode).m_funcDeclarations, (yyvsp[(2) - (7)].statementNode).m_features | (yyvsp[(5) - (7)].expressionNode).m_features, (yyvsp[(2) - (7)].statementNode).m_numConstants + (yyvsp[(5) - (7)].expressionNode).m_numConstants);
+                                             setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (7)]), (yylsp[(3) - (7)])); ;}
+    break;
+
+  case 245:
+#line 980 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) WhileNode(GLOBAL_DATA, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].statementNode).m_node), (yyvsp[(5) - (5)].statementNode).m_varDeclarations, (yyvsp[(5) - (5)].statementNode).m_funcDeclarations, (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].statementNode).m_features, (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (5)]), (yylsp[(4) - (5)])); ;}
+    break;
+
+  case 246:
+#line 983 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ForNode(GLOBAL_DATA, (yyvsp[(3) - (9)].expressionNode).m_node, (yyvsp[(5) - (9)].expressionNode).m_node, (yyvsp[(7) - (9)].expressionNode).m_node, (yyvsp[(9) - (9)].statementNode).m_node, false), (yyvsp[(9) - (9)].statementNode).m_varDeclarations, (yyvsp[(9) - (9)].statementNode).m_funcDeclarations, 
+                                                                                         (yyvsp[(3) - (9)].expressionNode).m_features | (yyvsp[(5) - (9)].expressionNode).m_features | (yyvsp[(7) - (9)].expressionNode).m_features | (yyvsp[(9) - (9)].statementNode).m_features,
+                                                                                         (yyvsp[(3) - (9)].expressionNode).m_numConstants + (yyvsp[(5) - (9)].expressionNode).m_numConstants + (yyvsp[(7) - (9)].expressionNode).m_numConstants + (yyvsp[(9) - (9)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (9)]), (yylsp[(8) - (9)])); 
+                                        ;}
+    break;
+
+  case 247:
+#line 989 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ForNode(GLOBAL_DATA, (yyvsp[(4) - (10)].varDeclList).m_node, (yyvsp[(6) - (10)].expressionNode).m_node, (yyvsp[(8) - (10)].expressionNode).m_node, (yyvsp[(10) - (10)].statementNode).m_node, true),
+                                                                                         mergeDeclarationLists((yyvsp[(4) - (10)].varDeclList).m_varDeclarations, (yyvsp[(10) - (10)].statementNode).m_varDeclarations),
+                                                                                         mergeDeclarationLists((yyvsp[(4) - (10)].varDeclList).m_funcDeclarations, (yyvsp[(10) - (10)].statementNode).m_funcDeclarations),
+                                                                                         (yyvsp[(4) - (10)].varDeclList).m_features | (yyvsp[(6) - (10)].expressionNode).m_features | (yyvsp[(8) - (10)].expressionNode).m_features | (yyvsp[(10) - (10)].statementNode).m_features,
+                                                                                         (yyvsp[(4) - (10)].varDeclList).m_numConstants + (yyvsp[(6) - (10)].expressionNode).m_numConstants + (yyvsp[(8) - (10)].expressionNode).m_numConstants + (yyvsp[(10) - (10)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (10)]), (yylsp[(9) - (10)])); ;}
+    break;
+
+  case 248:
+#line 996 "../parser/Grammar.y"
+    {
+                                            ForInNode* node = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, (yyvsp[(3) - (7)].expressionNode).m_node, (yyvsp[(5) - (7)].expressionNode).m_node, (yyvsp[(7) - (7)].statementNode).m_node);
+                                            setExceptionLocation(node, (yylsp[(3) - (7)]).first_column, (yylsp[(3) - (7)]).last_column, (yylsp[(5) - (7)]).last_column);
+                                            (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, (yyvsp[(7) - (7)].statementNode).m_varDeclarations, (yyvsp[(7) - (7)].statementNode).m_funcDeclarations,
+                                                                                           (yyvsp[(3) - (7)].expressionNode).m_features | (yyvsp[(5) - (7)].expressionNode).m_features | (yyvsp[(7) - (7)].statementNode).m_features,
+                                                                                           (yyvsp[(3) - (7)].expressionNode).m_numConstants + (yyvsp[(5) - (7)].expressionNode).m_numConstants + (yyvsp[(7) - (7)].statementNode).m_numConstants);
+                                            setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (7)]), (yylsp[(6) - (7)]));
+                                        ;}
+    break;
+
+  case 249:
+#line 1005 "../parser/Grammar.y"
+    { ForInNode *forIn = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, *(yyvsp[(4) - (8)].ident), 0, (yyvsp[(6) - (8)].expressionNode).m_node, (yyvsp[(8) - (8)].statementNode).m_node, (yylsp[(5) - (8)]).first_column, (yylsp[(5) - (8)]).first_column - (yylsp[(4) - (8)]).first_column, (yylsp[(6) - (8)]).last_column - (yylsp[(5) - (8)]).first_column);
+                                          setExceptionLocation(forIn, (yylsp[(4) - (8)]).first_column, (yylsp[(5) - (8)]).first_column + 1, (yylsp[(6) - (8)]).last_column);
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyvsp[(8) - (8)].statementNode).m_varDeclarations, *(yyvsp[(4) - (8)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(forIn, (yyvsp[(8) - (8)].statementNode).m_varDeclarations, (yyvsp[(8) - (8)].statementNode).m_funcDeclarations, ((*(yyvsp[(4) - (8)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(6) - (8)].expressionNode).m_features | (yyvsp[(8) - (8)].statementNode).m_features, (yyvsp[(6) - (8)].expressionNode).m_numConstants + (yyvsp[(8) - (8)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (8)]), (yylsp[(7) - (8)])); ;}
+    break;
+
+  case 250:
+#line 1011 "../parser/Grammar.y"
+    { ForInNode *forIn = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, *(yyvsp[(4) - (9)].ident), (yyvsp[(5) - (9)].expressionNode).m_node, (yyvsp[(7) - (9)].expressionNode).m_node, (yyvsp[(9) - (9)].statementNode).m_node, (yylsp[(5) - (9)]).first_column, (yylsp[(5) - (9)]).first_column - (yylsp[(4) - (9)]).first_column, (yylsp[(5) - (9)]).last_column - (yylsp[(5) - (9)]).first_column);
+                                          setExceptionLocation(forIn, (yylsp[(4) - (9)]).first_column, (yylsp[(6) - (9)]).first_column + 1, (yylsp[(7) - (9)]).last_column);
+                                          appendToVarDeclarationList(GLOBAL_DATA, (yyvsp[(9) - (9)].statementNode).m_varDeclarations, *(yyvsp[(4) - (9)].ident), DeclarationStacks::HasInitializer);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(forIn, (yyvsp[(9) - (9)].statementNode).m_varDeclarations, (yyvsp[(9) - (9)].statementNode).m_funcDeclarations,
+                                                                                         ((*(yyvsp[(4) - (9)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(5) - (9)].expressionNode).m_features | (yyvsp[(7) - (9)].expressionNode).m_features | (yyvsp[(9) - (9)].statementNode).m_features,
+                                                                                         (yyvsp[(5) - (9)].expressionNode).m_numConstants + (yyvsp[(7) - (9)].expressionNode).m_numConstants + (yyvsp[(9) - (9)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (9)]), (yylsp[(8) - (9)])); ;}
+    break;
+
+  case 251:
+#line 1021 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(0, 0, 0); ;}
+    break;
+
+  case 253:
+#line 1026 "../parser/Grammar.y"
+    { (yyval.expressionNode) = createNodeInfo<ExpressionNode*>(0, 0, 0); ;}
+    break;
+
+  case 255:
+#line 1031 "../parser/Grammar.y"
+    { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 256:
+#line 1035 "../parser/Grammar.y"
+    { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(1) - (2)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 257:
+#line 1039 "../parser/Grammar.y"
+    { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA, *(yyvsp[(2) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 258:
+#line 1043 "../parser/Grammar.y"
+    { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA, *(yyvsp[(2) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 259:
+#line 1050 "../parser/Grammar.y"
+    { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 260:
+#line 1053 "../parser/Grammar.y"
+    { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BreakNode(GLOBAL_DATA), 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(1) - (2)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 261:
+#line 1056 "../parser/Grammar.y"
+    { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *(yyvsp[(2) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 262:
+#line 1059 "../parser/Grammar.y"
+    { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *(yyvsp[(2) - (3)].ident));
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *(yyvsp[(2) - (3)].ident)), 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 263:
+#line 1065 "../parser/Grammar.y"
+    { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, 0); 
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 264:
+#line 1068 "../parser/Grammar.y"
+    { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, 0); 
+                                          setExceptionLocation(node, (yylsp[(1) - (2)]).first_column, (yylsp[(1) - (2)]).last_column, (yylsp[(1) - (2)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(1) - (2)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 265:
+#line 1071 "../parser/Grammar.y"
+    { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node); 
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, (yyvsp[(2) - (3)].expressionNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(3) - (3)])); ;}
+    break;
+
+  case 266:
+#line 1074 "../parser/Grammar.y"
+    { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node); 
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column); 
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, (yyvsp[(2) - (3)].expressionNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 267:
+#line 1080 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) WithNode(GLOBAL_DATA, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].statementNode).m_node, (yylsp[(3) - (5)]).last_column, (yylsp[(3) - (5)]).last_column - (yylsp[(3) - (5)]).first_column),
+                                                                                         (yyvsp[(5) - (5)].statementNode).m_varDeclarations, (yyvsp[(5) - (5)].statementNode).m_funcDeclarations, (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].statementNode).m_features | WithFeature, (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (5)]), (yylsp[(4) - (5)])); ;}
+    break;
+
+  case 268:
+#line 1086 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) SwitchNode(GLOBAL_DATA, (yyvsp[(3) - (5)].expressionNode).m_node, (yyvsp[(5) - (5)].caseBlockNode).m_node), (yyvsp[(5) - (5)].caseBlockNode).m_varDeclarations, (yyvsp[(5) - (5)].caseBlockNode).m_funcDeclarations,
+                                                                                         (yyvsp[(3) - (5)].expressionNode).m_features | (yyvsp[(5) - (5)].caseBlockNode).m_features, (yyvsp[(3) - (5)].expressionNode).m_numConstants + (yyvsp[(5) - (5)].caseBlockNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (5)]), (yylsp[(4) - (5)])); ;}
+    break;
+
+  case 269:
+#line 1092 "../parser/Grammar.y"
+    { (yyval.caseBlockNode) = createNodeDeclarationInfo<CaseBlockNode*>(new (GLOBAL_DATA) CaseBlockNode(GLOBAL_DATA, (yyvsp[(2) - (3)].clauseList).m_node.head, 0, 0), (yyvsp[(2) - (3)].clauseList).m_varDeclarations, (yyvsp[(2) - (3)].clauseList).m_funcDeclarations, (yyvsp[(2) - (3)].clauseList).m_features, (yyvsp[(2) - (3)].clauseList).m_numConstants); ;}
+    break;
+
+  case 270:
+#line 1094 "../parser/Grammar.y"
+    { (yyval.caseBlockNode) = createNodeDeclarationInfo<CaseBlockNode*>(new (GLOBAL_DATA) CaseBlockNode(GLOBAL_DATA, (yyvsp[(2) - (5)].clauseList).m_node.head, (yyvsp[(3) - (5)].caseClauseNode).m_node, (yyvsp[(4) - (5)].clauseList).m_node.head),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists((yyvsp[(2) - (5)].clauseList).m_varDeclarations, (yyvsp[(3) - (5)].caseClauseNode).m_varDeclarations), (yyvsp[(4) - (5)].clauseList).m_varDeclarations),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists((yyvsp[(2) - (5)].clauseList).m_funcDeclarations, (yyvsp[(3) - (5)].caseClauseNode).m_funcDeclarations), (yyvsp[(4) - (5)].clauseList).m_funcDeclarations),
+                                                                                         (yyvsp[(2) - (5)].clauseList).m_features | (yyvsp[(3) - (5)].caseClauseNode).m_features | (yyvsp[(4) - (5)].clauseList).m_features,
+                                                                                         (yyvsp[(2) - (5)].clauseList).m_numConstants + (yyvsp[(3) - (5)].caseClauseNode).m_numConstants + (yyvsp[(4) - (5)].clauseList).m_numConstants); ;}
+    break;
+
+  case 271:
+#line 1102 "../parser/Grammar.y"
+    { (yyval.clauseList).m_node.head = 0; (yyval.clauseList).m_node.tail = 0; (yyval.clauseList).m_varDeclarations = 0; (yyval.clauseList).m_funcDeclarations = 0; (yyval.clauseList).m_features = 0; (yyval.clauseList).m_numConstants = 0; ;}
+    break;
+
+  case 273:
+#line 1107 "../parser/Grammar.y"
+    { (yyval.clauseList).m_node.head = new (GLOBAL_DATA) ClauseListNode(GLOBAL_DATA, (yyvsp[(1) - (1)].caseClauseNode).m_node);
+                                          (yyval.clauseList).m_node.tail = (yyval.clauseList).m_node.head;
+                                          (yyval.clauseList).m_varDeclarations = (yyvsp[(1) - (1)].caseClauseNode).m_varDeclarations;
+                                          (yyval.clauseList).m_funcDeclarations = (yyvsp[(1) - (1)].caseClauseNode).m_funcDeclarations; 
+                                          (yyval.clauseList).m_features = (yyvsp[(1) - (1)].caseClauseNode).m_features;
+                                          (yyval.clauseList).m_numConstants = (yyvsp[(1) - (1)].caseClauseNode).m_numConstants; ;}
+    break;
+
+  case 274:
+#line 1113 "../parser/Grammar.y"
+    { (yyval.clauseList).m_node.head = (yyvsp[(1) - (2)].clauseList).m_node.head;
+                                          (yyval.clauseList).m_node.tail = new (GLOBAL_DATA) ClauseListNode(GLOBAL_DATA, (yyvsp[(1) - (2)].clauseList).m_node.tail, (yyvsp[(2) - (2)].caseClauseNode).m_node);
+                                          (yyval.clauseList).m_varDeclarations = mergeDeclarationLists((yyvsp[(1) - (2)].clauseList).m_varDeclarations, (yyvsp[(2) - (2)].caseClauseNode).m_varDeclarations);
+                                          (yyval.clauseList).m_funcDeclarations = mergeDeclarationLists((yyvsp[(1) - (2)].clauseList).m_funcDeclarations, (yyvsp[(2) - (2)].caseClauseNode).m_funcDeclarations);
+                                          (yyval.clauseList).m_features = (yyvsp[(1) - (2)].clauseList).m_features | (yyvsp[(2) - (2)].caseClauseNode).m_features;
+                                          (yyval.clauseList).m_numConstants = (yyvsp[(1) - (2)].clauseList).m_numConstants + (yyvsp[(2) - (2)].caseClauseNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 275:
+#line 1123 "../parser/Grammar.y"
+    { (yyval.caseClauseNode) = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node), 0, 0, (yyvsp[(2) - (3)].expressionNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants); ;}
+    break;
+
+  case 276:
+#line 1124 "../parser/Grammar.y"
+    { (yyval.caseClauseNode) = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, (yyvsp[(2) - (4)].expressionNode).m_node, (yyvsp[(4) - (4)].sourceElements).m_node), (yyvsp[(4) - (4)].sourceElements).m_varDeclarations, (yyvsp[(4) - (4)].sourceElements).m_funcDeclarations, (yyvsp[(2) - (4)].expressionNode).m_features | (yyvsp[(4) - (4)].sourceElements).m_features, (yyvsp[(2) - (4)].expressionNode).m_numConstants + (yyvsp[(4) - (4)].sourceElements).m_numConstants); ;}
+    break;
+
+  case 277:
+#line 1128 "../parser/Grammar.y"
+    { (yyval.caseClauseNode) = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, 0), 0, 0, 0, 0); ;}
+    break;
+
+  case 278:
+#line 1129 "../parser/Grammar.y"
+    { (yyval.caseClauseNode) = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, 0, (yyvsp[(3) - (3)].sourceElements).m_node), (yyvsp[(3) - (3)].sourceElements).m_varDeclarations, (yyvsp[(3) - (3)].sourceElements).m_funcDeclarations, (yyvsp[(3) - (3)].sourceElements).m_features, (yyvsp[(3) - (3)].sourceElements).m_numConstants); ;}
+    break;
+
+  case 279:
+#line 1133 "../parser/Grammar.y"
+    { LabelNode* node = new (GLOBAL_DATA) LabelNode(GLOBAL_DATA, *(yyvsp[(1) - (3)].ident), (yyvsp[(3) - (3)].statementNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, (yyvsp[(3) - (3)].statementNode).m_varDeclarations, (yyvsp[(3) - (3)].statementNode).m_funcDeclarations, (yyvsp[(3) - (3)].statementNode).m_features, (yyvsp[(3) - (3)].statementNode).m_numConstants); ;}
+    break;
+
+  case 280:
+#line 1139 "../parser/Grammar.y"
+    { ThrowNode* node = new (GLOBAL_DATA) ThrowNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, (yyvsp[(2) - (3)].expressionNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)]));
+                                        ;}
+    break;
+
+  case 281:
+#line 1143 "../parser/Grammar.y"
+    { ThrowNode* node = new (GLOBAL_DATA) ThrowNode(GLOBAL_DATA, (yyvsp[(2) - (3)].expressionNode).m_node);
+                                          setExceptionLocation(node, (yylsp[(1) - (3)]).first_column, (yylsp[(2) - (3)]).last_column, (yylsp[(2) - (3)]).last_column);
+                                          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, (yyvsp[(2) - (3)].expressionNode).m_features, (yyvsp[(2) - (3)].expressionNode).m_numConstants); setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (3)]), (yylsp[(2) - (3)])); AUTO_SEMICOLON; 
+                                        ;}
+    break;
+
+  case 282:
+#line 1150 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, (yyvsp[(2) - (4)].statementNode).m_node, GLOBAL_DATA->propertyNames->nullIdentifier, false, 0, (yyvsp[(4) - (4)].statementNode).m_node),
+                                                                                         mergeDeclarationLists((yyvsp[(2) - (4)].statementNode).m_varDeclarations, (yyvsp[(4) - (4)].statementNode).m_varDeclarations),
+                                                                                         mergeDeclarationLists((yyvsp[(2) - (4)].statementNode).m_funcDeclarations, (yyvsp[(4) - (4)].statementNode).m_funcDeclarations),
+                                                                                         (yyvsp[(2) - (4)].statementNode).m_features | (yyvsp[(4) - (4)].statementNode).m_features,
+                                                                                         (yyvsp[(2) - (4)].statementNode).m_numConstants + (yyvsp[(4) - (4)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (4)]), (yylsp[(2) - (4)])); ;}
+    break;
+
+  case 283:
+#line 1156 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, (yyvsp[(2) - (7)].statementNode).m_node, *(yyvsp[(5) - (7)].ident), ((yyvsp[(7) - (7)].statementNode).m_features & EvalFeature) != 0, (yyvsp[(7) - (7)].statementNode).m_node, 0),
+                                                                                         mergeDeclarationLists((yyvsp[(2) - (7)].statementNode).m_varDeclarations, (yyvsp[(7) - (7)].statementNode).m_varDeclarations),
+                                                                                         mergeDeclarationLists((yyvsp[(2) - (7)].statementNode).m_funcDeclarations, (yyvsp[(7) - (7)].statementNode).m_funcDeclarations),
+                                                                                         (yyvsp[(2) - (7)].statementNode).m_features | (yyvsp[(7) - (7)].statementNode).m_features | CatchFeature,
+                                                                                         (yyvsp[(2) - (7)].statementNode).m_numConstants + (yyvsp[(7) - (7)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (7)]), (yylsp[(2) - (7)])); ;}
+    break;
+
+  case 284:
+#line 1163 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, (yyvsp[(2) - (9)].statementNode).m_node, *(yyvsp[(5) - (9)].ident), ((yyvsp[(7) - (9)].statementNode).m_features & EvalFeature) != 0, (yyvsp[(7) - (9)].statementNode).m_node, (yyvsp[(9) - (9)].statementNode).m_node),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists((yyvsp[(2) - (9)].statementNode).m_varDeclarations, (yyvsp[(7) - (9)].statementNode).m_varDeclarations), (yyvsp[(9) - (9)].statementNode).m_varDeclarations),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists((yyvsp[(2) - (9)].statementNode).m_funcDeclarations, (yyvsp[(7) - (9)].statementNode).m_funcDeclarations), (yyvsp[(9) - (9)].statementNode).m_funcDeclarations),
+                                                                                         (yyvsp[(2) - (9)].statementNode).m_features | (yyvsp[(7) - (9)].statementNode).m_features | (yyvsp[(9) - (9)].statementNode).m_features | CatchFeature,
+                                                                                         (yyvsp[(2) - (9)].statementNode).m_numConstants + (yyvsp[(7) - (9)].statementNode).m_numConstants + (yyvsp[(9) - (9)].statementNode).m_numConstants);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (9)]), (yylsp[(2) - (9)])); ;}
+    break;
+
+  case 285:
+#line 1172 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DebuggerStatementNode(GLOBAL_DATA), 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(2) - (2)])); ;}
+    break;
+
+  case 286:
+#line 1174 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DebuggerStatementNode(GLOBAL_DATA), 0, 0, 0, 0);
+                                          setStatementLocation((yyval.statementNode).m_node, (yylsp[(1) - (2)]), (yylsp[(1) - (2)])); AUTO_SEMICOLON; ;}
+    break;
+
+  case 287:
+#line 1179 "../parser/Grammar.y"
+    { (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) FuncDeclNode(GLOBAL_DATA, *(yyvsp[(2) - (7)].ident), (yyvsp[(6) - (7)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(5) - (7)].intValue), (yyvsp[(7) - (7)].intValue), (yylsp[(5) - (7)]).first_line)), 0, new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::FunctionStack>, ((*(yyvsp[(2) - (7)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | ClosureFeature, 0); setStatementLocation((yyvsp[(6) - (7)].functionBodyNode), (yylsp[(5) - (7)]), (yylsp[(7) - (7)])); (yyval.statementNode).m_funcDeclarations->data.append(static_cast<FuncDeclNode*>((yyval.statementNode).m_node)->body()); ;}
+    break;
+
+  case 288:
+#line 1181 "../parser/Grammar.y"
+    {
+          (yyval.statementNode) = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) FuncDeclNode(GLOBAL_DATA, *(yyvsp[(2) - (8)].ident), (yyvsp[(7) - (8)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(6) - (8)].intValue), (yyvsp[(8) - (8)].intValue), (yylsp[(6) - (8)]).first_line), (yyvsp[(4) - (8)].parameterList).m_node.head), 0, new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::FunctionStack>, ((*(yyvsp[(2) - (8)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | (yyvsp[(4) - (8)].parameterList).m_features | ClosureFeature, 0);
+          if ((yyvsp[(4) - (8)].parameterList).m_features & ArgumentsFeature)
+              (yyvsp[(7) - (8)].functionBodyNode)->setUsesArguments();
+          setStatementLocation((yyvsp[(7) - (8)].functionBodyNode), (yylsp[(6) - (8)]), (yylsp[(8) - (8)]));
+          (yyval.statementNode).m_funcDeclarations->data.append(static_cast<FuncDeclNode*>((yyval.statementNode).m_node)->body());
+      ;}
+    break;
+
+  case 289:
+#line 1191 "../parser/Grammar.y"
+    { (yyval.funcExprNode) = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, GLOBAL_DATA->propertyNames->nullIdentifier, (yyvsp[(5) - (6)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(4) - (6)].intValue), (yyvsp[(6) - (6)].intValue), (yylsp[(4) - (6)]).first_line)), ClosureFeature, 0); setStatementLocation((yyvsp[(5) - (6)].functionBodyNode), (yylsp[(4) - (6)]), (yylsp[(6) - (6)])); ;}
+    break;
+
+  case 290:
+#line 1193 "../parser/Grammar.y"
+    {
+          (yyval.funcExprNode) = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, GLOBAL_DATA->propertyNames->nullIdentifier, (yyvsp[(6) - (7)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(5) - (7)].intValue), (yyvsp[(7) - (7)].intValue), (yylsp[(5) - (7)]).first_line), (yyvsp[(3) - (7)].parameterList).m_node.head), (yyvsp[(3) - (7)].parameterList).m_features | ClosureFeature, 0);
+          if ((yyvsp[(3) - (7)].parameterList).m_features & ArgumentsFeature)
+              (yyvsp[(6) - (7)].functionBodyNode)->setUsesArguments();
+          setStatementLocation((yyvsp[(6) - (7)].functionBodyNode), (yylsp[(5) - (7)]), (yylsp[(7) - (7)]));
+      ;}
+    break;
+
+  case 291:
+#line 1199 "../parser/Grammar.y"
+    { (yyval.funcExprNode) = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, *(yyvsp[(2) - (7)].ident), (yyvsp[(6) - (7)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(5) - (7)].intValue), (yyvsp[(7) - (7)].intValue), (yylsp[(5) - (7)]).first_line)), ClosureFeature, 0); setStatementLocation((yyvsp[(6) - (7)].functionBodyNode), (yylsp[(5) - (7)]), (yylsp[(7) - (7)])); ;}
+    break;
+
+  case 292:
+#line 1201 "../parser/Grammar.y"
+    {
+          (yyval.funcExprNode) = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, *(yyvsp[(2) - (8)].ident), (yyvsp[(7) - (8)].functionBodyNode), GLOBAL_DATA->lexer->sourceCode((yyvsp[(6) - (8)].intValue), (yyvsp[(8) - (8)].intValue), (yylsp[(6) - (8)]).first_line), (yyvsp[(4) - (8)].parameterList).m_node.head), (yyvsp[(4) - (8)].parameterList).m_features | ClosureFeature, 0); 
+          if ((yyvsp[(4) - (8)].parameterList).m_features & ArgumentsFeature)
+              (yyvsp[(7) - (8)].functionBodyNode)->setUsesArguments();
+          setStatementLocation((yyvsp[(7) - (8)].functionBodyNode), (yylsp[(6) - (8)]), (yylsp[(8) - (8)]));
+      ;}
+    break;
+
+  case 293:
+#line 1210 "../parser/Grammar.y"
+    { (yyval.parameterList).m_node.head = new (GLOBAL_DATA) ParameterNode(GLOBAL_DATA, *(yyvsp[(1) - (1)].ident));
+                                          (yyval.parameterList).m_features = (*(yyvsp[(1) - (1)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          (yyval.parameterList).m_node.tail = (yyval.parameterList).m_node.head; ;}
+    break;
+
+  case 294:
+#line 1213 "../parser/Grammar.y"
+    { (yyval.parameterList).m_node.head = (yyvsp[(1) - (3)].parameterList).m_node.head;
+                                          (yyval.parameterList).m_features = (yyvsp[(1) - (3)].parameterList).m_features | ((*(yyvsp[(3) - (3)].ident) == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          (yyval.parameterList).m_node.tail = new (GLOBAL_DATA) ParameterNode(GLOBAL_DATA, (yyvsp[(1) - (3)].parameterList).m_node.tail, *(yyvsp[(3) - (3)].ident));  ;}
+    break;
+
+  case 295:
+#line 1219 "../parser/Grammar.y"
+    { (yyval.functionBodyNode) = FunctionBodyNode::create(GLOBAL_DATA); ;}
+    break;
+
+  case 296:
+#line 1220 "../parser/Grammar.y"
+    { (yyval.functionBodyNode) = FunctionBodyNode::create(GLOBAL_DATA); ;}
+    break;
+
+  case 297:
+#line 1224 "../parser/Grammar.y"
+    { GLOBAL_DATA->parser->didFinishParsing(new (GLOBAL_DATA) SourceElements(GLOBAL_DATA), 0, 0, NoFeatures, (yylsp[(0) - (0)]).last_line, 0); ;}
+    break;
+
+  case 298:
+#line 1225 "../parser/Grammar.y"
+    { GLOBAL_DATA->parser->didFinishParsing((yyvsp[(1) - (1)].sourceElements).m_node, (yyvsp[(1) - (1)].sourceElements).m_varDeclarations, (yyvsp[(1) - (1)].sourceElements).m_funcDeclarations, (yyvsp[(1) - (1)].sourceElements).m_features, 
+                                                                                (yylsp[(1) - (1)]).last_line, (yyvsp[(1) - (1)].sourceElements).m_numConstants); ;}
+    break;
+
+  case 299:
+#line 1230 "../parser/Grammar.y"
+    { (yyval.sourceElements).m_node = new (GLOBAL_DATA) SourceElements(GLOBAL_DATA);
+                                          (yyval.sourceElements).m_node->append((yyvsp[(1) - (1)].statementNode).m_node);
+                                          (yyval.sourceElements).m_varDeclarations = (yyvsp[(1) - (1)].statementNode).m_varDeclarations;
+                                          (yyval.sourceElements).m_funcDeclarations = (yyvsp[(1) - (1)].statementNode).m_funcDeclarations;
+                                          (yyval.sourceElements).m_features = (yyvsp[(1) - (1)].statementNode).m_features;
+                                          (yyval.sourceElements).m_numConstants = (yyvsp[(1) - (1)].statementNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 300:
+#line 1237 "../parser/Grammar.y"
+    { (yyval.sourceElements).m_node->append((yyvsp[(2) - (2)].statementNode).m_node);
+                                          (yyval.sourceElements).m_varDeclarations = mergeDeclarationLists((yyvsp[(1) - (2)].sourceElements).m_varDeclarations, (yyvsp[(2) - (2)].statementNode).m_varDeclarations);
+                                          (yyval.sourceElements).m_funcDeclarations = mergeDeclarationLists((yyvsp[(1) - (2)].sourceElements).m_funcDeclarations, (yyvsp[(2) - (2)].statementNode).m_funcDeclarations);
+                                          (yyval.sourceElements).m_features = (yyvsp[(1) - (2)].sourceElements).m_features | (yyvsp[(2) - (2)].statementNode).m_features;
+                                          (yyval.sourceElements).m_numConstants = (yyvsp[(1) - (2)].sourceElements).m_numConstants + (yyvsp[(2) - (2)].statementNode).m_numConstants;
+                                        ;}
+    break;
+
+  case 304:
+#line 1251 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 305:
+#line 1252 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 306:
+#line 1253 "../parser/Grammar.y"
+    { if (!GLOBAL_DATA->lexer->skipRegExp()) YYABORT; ;}
+    break;
+
+  case 307:
+#line 1254 "../parser/Grammar.y"
+    { if (!GLOBAL_DATA->lexer->skipRegExp()) YYABORT; ;}
+    break;
+
+  case 308:
+#line 1258 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 309:
+#line 1259 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 310:
+#line 1260 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 311:
+#line 1261 "../parser/Grammar.y"
+    { if (*(yyvsp[(1) - (7)].ident) != "get" && *(yyvsp[(1) - (7)].ident) != "set") YYABORT; ;}
+    break;
+
+  case 312:
+#line 1262 "../parser/Grammar.y"
+    { if (*(yyvsp[(1) - (8)].ident) != "get" && *(yyvsp[(1) - (8)].ident) != "set") YYABORT; ;}
+    break;
+
+  case 316:
+#line 1272 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 317:
+#line 1273 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 318:
+#line 1275 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 322:
+#line 1282 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 517:
+#line 1650 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 518:
+#line 1651 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 520:
+#line 1656 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 521:
+#line 1660 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 522:
+#line 1661 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 525:
+#line 1667 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 526:
+#line 1668 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 530:
+#line 1675 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 533:
+#line 1684 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 534:
+#line 1685 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 539:
+#line 1702 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 555:
+#line 1733 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 557:
+#line 1735 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 559:
+#line 1740 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 561:
+#line 1742 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 563:
+#line 1747 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 565:
+#line 1749 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 568:
+#line 1761 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 569:
+#line 1762 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 578:
+#line 1786 "../parser/Grammar.y"
+    { ;}
+    break;
+
+  case 580:
+#line 1791 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 585:
+#line 1802 "../parser/Grammar.y"
+    { AUTO_SEMICOLON; ;}
+    break;
+
+  case 592:
+#line 1818 "../parser/Grammar.y"
+    { ;}
+    break;
+
+
+/* Line 1267 of yacc.c.  */
+#line 4634 "JavaScriptCore/tmp/../generated/Grammar.tab.c"
+      default: break;
+    }
+  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+  *++yylsp = yyloc;
+
+  /* Now `shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if ! YYERROR_VERBOSE
+      yyerror (YY_("syntax error"));
+#else
+      {
+	YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+	if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+	  {
+	    YYSIZE_T yyalloc = 2 * yysize;
+	    if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+	      yyalloc = YYSTACK_ALLOC_MAXIMUM;
+	    if (yymsg != yymsgbuf)
+	      YYSTACK_FREE (yymsg);
+	    yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+	    if (yymsg)
+	      yymsg_alloc = yyalloc;
+	    else
+	      {
+		yymsg = yymsgbuf;
+		yymsg_alloc = sizeof yymsgbuf;
+	      }
+	  }
+
+	if (0 < yysize && yysize <= yymsg_alloc)
+	  {
+	    (void) yysyntax_error (yymsg, yystate, yychar);
+	    yyerror (yymsg);
+	  }
+	else
+	  {
+	    yyerror (YY_("syntax error"));
+	    if (yysize != 0)
+	      goto yyexhaustedlab;
+	  }
+      }
+#endif
+    }
+
+  yyerror_range[0] = yylloc;
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse look-ahead token after an
+	 error, discard it.  */
+
+      if (yychar <= YYEOF)
+	{
+	  /* Return failure if at end of input.  */
+	  if (yychar == YYEOF)
+	    YYABORT;
+	}
+      else
+	{
+	  yydestruct ("Error: discarding",
+		      yytoken, &yylval, &yylloc);
+	  yychar = YYEMPTY;
+	}
+    }
+
+  /* Else will try to reuse look-ahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR.  |
+`---------------------------------------------------*/
+yyerrorlab:
+
+  /* Pacify compilers like GCC when the user code never invokes
+     YYERROR and the label yyerrorlab therefore never appears in user
+     code.  */
+  if (/*CONSTCOND*/ 0)
+     goto yyerrorlab;
+
+  yyerror_range[0] = yylsp[1-yylen];
+  /* Do not reclaim the symbols of the rule which action triggered
+     this YYERROR.  */
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+  yystate = *yyssp;
+  goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR.  |
+`-------------------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (yyn != YYPACT_NINF)
+	{
+	  yyn += YYTERROR;
+	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+	    {
+	      yyn = yytable[yyn];
+	      if (0 < yyn)
+		break;
+	    }
+	}
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+	YYABORT;
+
+      yyerror_range[0] = *yylsp;
+      yydestruct ("Error: popping",
+		  yystos[yystate], yyvsp, yylsp);
+      YYPOPSTACK (1);
+      yystate = *yyssp;
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  *++yyvsp = yylval;
+
+  yyerror_range[1] = yylloc;
+  /* Using YYLLOC is tempting, but would change the location of
+     the look-ahead.  YYLOC is available though.  */
+  YYLLOC_DEFAULT (yyloc, (yyerror_range - 1), 2);
+  *++yylsp = yyloc;
+
+  /* Shift the error token.  */
+  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here.  |
+`-------------------------------------------------*/
+yyexhaustedlab:
+  yyerror (YY_("memory exhausted"));
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+  if (yychar != YYEOF && yychar != YYEMPTY)
+     yydestruct ("Cleanup: discarding lookahead",
+		 yytoken, &yylval, &yylloc);
+  /* Do not reclaim the symbols of the rule which action triggered
+     this YYABORT or YYACCEPT.  */
+  YYPOPSTACK (yylen);
+  YY_STACK_PRINT (yyss, yyssp);
+  while (yyssp != yyss)
+    {
+      yydestruct ("Cleanup: popping",
+		  yystos[*yyssp], yyvsp, yylsp);
+      YYPOPSTACK (1);
+    }
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+  if (yymsg != yymsgbuf)
+    YYSTACK_FREE (yymsg);
+#endif
+  /* Make sure YYID is used.  */
+  return YYID (yyresult);
+}
+
+
+#line 1834 "../parser/Grammar.y"
+
+
+#undef GLOBAL_DATA
+
+static ExpressionNode* makeAssignNode(JSGlobalData* globalData, ExpressionNode* loc, Operator op, ExpressionNode* expr, bool locHasAssignments, bool exprHasAssignments, int start, int divot, int end)
+{
+    if (!loc->isLocation())
+        return new (globalData) AssignErrorNode(globalData, loc, op, expr, divot, divot - start, end - divot);
+
+    if (loc->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(loc);
+        if (op == OpEqual) {
+            AssignResolveNode* node = new (globalData) AssignResolveNode(globalData, resolve->identifier(), expr, exprHasAssignments);
+            setExceptionLocation(node, start, divot, end);
+            return node;
+        } else
+            return new (globalData) ReadModifyResolveNode(globalData, resolve->identifier(), op, expr, exprHasAssignments, divot, divot - start, end - divot);
+    }
+    if (loc->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(loc);
+        if (op == OpEqual)
+            return new (globalData) AssignBracketNode(globalData, bracket->base(), bracket->subscript(), expr, locHasAssignments, exprHasAssignments, bracket->divot(), bracket->divot() - start, end - bracket->divot());
+        else {
+            ReadModifyBracketNode* node = new (globalData) ReadModifyBracketNode(globalData, bracket->base(), bracket->subscript(), op, expr, locHasAssignments, exprHasAssignments, divot, divot - start, end - divot);
+            node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+            return node;
+        }
+    }
+    ASSERT(loc->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(loc);
+    if (op == OpEqual)
+        return new (globalData) AssignDotNode(globalData, dot->base(), dot->identifier(), expr, exprHasAssignments, dot->divot(), dot->divot() - start, end - dot->divot());
+
+    ReadModifyDotNode* node = new (globalData) ReadModifyDotNode(globalData, dot->base(), dot->identifier(), op, expr, exprHasAssignments, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return node;
+}
+
+static ExpressionNode* makePrefixNode(JSGlobalData* globalData, ExpressionNode* expr, Operator op, int start, int divot, int end)
+{
+    if (!expr->isLocation())
+        return new (globalData) PrefixErrorNode(globalData, expr, op, divot, divot - start, end - divot);
+    
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) PrefixResolveNode(globalData, resolve->identifier(), op, divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        PrefixBracketNode* node = new (globalData) PrefixBracketNode(globalData, bracket->base(), bracket->subscript(), op, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->startOffset());
+        return node;
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    PrefixDotNode* node = new (globalData) PrefixDotNode(globalData, dot->base(), dot->identifier(), op, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->startOffset());
+    return node;
+}
+
+static ExpressionNode* makePostfixNode(JSGlobalData* globalData, ExpressionNode* expr, Operator op, int start, int divot, int end)
+{ 
+    if (!expr->isLocation())
+        return new (globalData) PostfixErrorNode(globalData, expr, op, divot, divot - start, end - divot);
+    
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) PostfixResolveNode(globalData, resolve->identifier(), op, divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        PostfixBracketNode* node = new (globalData) PostfixBracketNode(globalData, bracket->base(), bracket->subscript(), op, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+        return node;
+        
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    PostfixDotNode* node = new (globalData) PostfixDotNode(globalData, dot->base(), dot->identifier(), op, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return node;
+}
+
+static ExpressionNodeInfo makeFunctionCallNode(JSGlobalData* globalData, ExpressionNodeInfo func, ArgumentsNodeInfo args, int start, int divot, int end)
+{
+    CodeFeatures features = func.m_features | args.m_features;
+    int numConstants = func.m_numConstants + args.m_numConstants;
+    if (!func.m_node->isLocation())
+        return createNodeInfo<ExpressionNode*>(new (globalData) FunctionCallValueNode(globalData, func.m_node, args.m_node, divot, divot - start, end - divot), features, numConstants);
+    if (func.m_node->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(func.m_node);
+        const Identifier& identifier = resolve->identifier();
+        if (identifier == globalData->propertyNames->eval)
+            return createNodeInfo<ExpressionNode*>(new (globalData) EvalFunctionCallNode(globalData, args.m_node, divot, divot - start, end - divot), EvalFeature | features, numConstants);
+        return createNodeInfo<ExpressionNode*>(new (globalData) FunctionCallResolveNode(globalData, identifier, args.m_node, divot, divot - start, end - divot), features, numConstants);
+    }
+    if (func.m_node->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(func.m_node);
+        FunctionCallBracketNode* node = new (globalData) FunctionCallBracketNode(globalData, bracket->base(), bracket->subscript(), args.m_node, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+        return createNodeInfo<ExpressionNode*>(node, features, numConstants);
+    }
+    ASSERT(func.m_node->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(func.m_node);
+    FunctionCallDotNode* node;
+    if (dot->identifier() == globalData->propertyNames->call)
+        node = new (globalData) CallFunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    else if (dot->identifier() == globalData->propertyNames->apply)
+        node = new (globalData) ApplyFunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    else
+        node = new (globalData) FunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return createNodeInfo<ExpressionNode*>(node, features, numConstants);
+}
+
+static ExpressionNode* makeTypeOfNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) TypeOfResolveNode(globalData, resolve->identifier());
+    }
+    return new (globalData) TypeOfValueNode(globalData, expr);
+}
+
+static ExpressionNode* makeDeleteNode(JSGlobalData* globalData, ExpressionNode* expr, int start, int divot, int end)
+{
+    if (!expr->isLocation())
+        return new (globalData) DeleteValueNode(globalData, expr);
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) DeleteResolveNode(globalData, resolve->identifier(), divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        return new (globalData) DeleteBracketNode(globalData, bracket->base(), bracket->subscript(), divot, divot - start, end - divot);
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    return new (globalData) DeleteDotNode(globalData, dot->base(), dot->identifier(), divot, divot - start, end - divot);
+}
+
+static PropertyNode* makeGetterOrSetterPropertyNode(JSGlobalData* globalData, const Identifier& getOrSet, const Identifier& name, ParameterNode* params, FunctionBodyNode* body, const SourceCode& source)
+{
+    PropertyNode::Type type;
+    if (getOrSet == "get")
+        type = PropertyNode::Getter;
+    else if (getOrSet == "set")
+        type = PropertyNode::Setter;
+    else
+        return 0;
+    return new (globalData) PropertyNode(globalData, name, new (globalData) FuncExprNode(globalData, globalData->propertyNames->nullIdentifier, body, source, params), type);
+}
+
+static ExpressionNode* makeNegateNode(JSGlobalData* globalData, ExpressionNode* n)
+{
+    if (n->isNumber()) {
+        NumberNode* number = static_cast<NumberNode*>(n);
+
+        if (number->value() > 0.0) {
+            number->setValue(-number->value());
+            return number;
+        }
+    }
+
+    return new (globalData) NegateNode(globalData, n);
+}
+
+static NumberNode* makeNumberNode(JSGlobalData* globalData, double d)
+{
+    return new (globalData) NumberNode(globalData, d);
+}
+
+static ExpressionNode* makeBitwiseNotNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (expr->isNumber())
+        return makeNumberNode(globalData, ~toInt32(static_cast<NumberNode*>(expr)->value()));
+    return new (globalData) BitwiseNotNode(globalData, expr);
+}
+
+static ExpressionNode* makeMultNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() * static_cast<NumberNode*>(expr2)->value());
+
+    if (expr1->isNumber() && static_cast<NumberNode*>(expr1)->value() == 1)
+        return new (globalData) UnaryPlusNode(globalData, expr2);
+
+    if (expr2->isNumber() && static_cast<NumberNode*>(expr2)->value() == 1)
+        return new (globalData) UnaryPlusNode(globalData, expr1);
+
+    return new (globalData) MultNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeDivNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() / static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) DivNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeAddNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() + static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) AddNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeSubNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() - static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) SubNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeLeftShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, toInt32(static_cast<NumberNode*>(expr1)->value()) << (toUInt32(static_cast<NumberNode*>(expr2)->value()) & 0x1f));
+    return new (globalData) LeftShiftNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeRightShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, toInt32(static_cast<NumberNode*>(expr1)->value()) >> (toUInt32(static_cast<NumberNode*>(expr2)->value()) & 0x1f));
+    return new (globalData) RightShiftNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+// Called by yyparse on error.
+int yyerror(const char*)
+{
+    return 1;
+}
+
+// May we automatically insert a semicolon?
+static bool allowAutomaticSemicolon(Lexer& lexer, int yychar)
+{
+    return yychar == CLOSEBRACE || yychar == 0 || lexer.prevTerminator();
+}
+
+static ExpressionNode* combineCommaNodes(JSGlobalData* globalData, ExpressionNode* list, ExpressionNode* init)
+{
+    if (!list)
+        return init;
+    if (list->isCommaNode()) {
+        static_cast<CommaNode*>(list)->append(init);
+        return list;
+    }
+    return new (globalData) CommaNode(globalData, list, init);
+}
+
+// We turn variable declarations into either assignments or empty
+// statements (which later get stripped out), because the actual
+// declaration work is hoisted up to the start of the function body
+static StatementNode* makeVarStatementNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (!expr)
+        return new (globalData) EmptyStatementNode(globalData);
+    return new (globalData) VarStatementNode(globalData, expr);
+}
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.h
new file mode 100644
index 000000000..1fdb03548
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Grammar.h
@@ -0,0 +1,232 @@
+/* A Bison parser, made by GNU Bison 2.3.  */
+
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+   Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.  */
+
+/* As a special exception, you may create a larger work that contains
+   part or all of the Bison parser skeleton and distribute that work
+   under terms of your choice, so long as that work isn't itself a
+   parser generator using the skeleton or a modified version thereof
+   as a parser skeleton.  Alternatively, if you modify or redistribute
+   the parser skeleton itself, you may (at your option) remove this
+   special exception, which will cause the skeleton and the resulting
+   Bison output files to be licensed under the GNU General Public
+   License without this special exception.
+
+   This special exception was added by the Free Software Foundation in
+   version 2.2 of Bison.  */
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     NULLTOKEN = 258,
+     TRUETOKEN = 259,
+     FALSETOKEN = 260,
+     BREAK = 261,
+     CASE = 262,
+     DEFAULT = 263,
+     FOR = 264,
+     NEW = 265,
+     VAR = 266,
+     CONSTTOKEN = 267,
+     CONTINUE = 268,
+     FUNCTION = 269,
+     RETURN = 270,
+     VOIDTOKEN = 271,
+     DELETETOKEN = 272,
+     IF = 273,
+     THISTOKEN = 274,
+     DO = 275,
+     WHILE = 276,
+     INTOKEN = 277,
+     INSTANCEOF = 278,
+     TYPEOF = 279,
+     SWITCH = 280,
+     WITH = 281,
+     RESERVED = 282,
+     THROW = 283,
+     TRY = 284,
+     CATCH = 285,
+     FINALLY = 286,
+     DEBUGGER = 287,
+     IF_WITHOUT_ELSE = 288,
+     ELSE = 289,
+     EQEQ = 290,
+     NE = 291,
+     STREQ = 292,
+     STRNEQ = 293,
+     LE = 294,
+     GE = 295,
+     OR = 296,
+     AND = 297,
+     PLUSPLUS = 298,
+     MINUSMINUS = 299,
+     LSHIFT = 300,
+     RSHIFT = 301,
+     URSHIFT = 302,
+     PLUSEQUAL = 303,
+     MINUSEQUAL = 304,
+     MULTEQUAL = 305,
+     DIVEQUAL = 306,
+     LSHIFTEQUAL = 307,
+     RSHIFTEQUAL = 308,
+     URSHIFTEQUAL = 309,
+     ANDEQUAL = 310,
+     MODEQUAL = 311,
+     XOREQUAL = 312,
+     OREQUAL = 313,
+     OPENBRACE = 314,
+     CLOSEBRACE = 315,
+     NUMBER = 316,
+     IDENT = 317,
+     STRING = 318,
+     AUTOPLUSPLUS = 319,
+     AUTOMINUSMINUS = 320
+   };
+#endif
+/* Tokens.  */
+#define NULLTOKEN 258
+#define TRUETOKEN 259
+#define FALSETOKEN 260
+#define BREAK 261
+#define CASE 262
+#define DEFAULT 263
+#define FOR 264
+#define NEW 265
+#define VAR 266
+#define CONSTTOKEN 267
+#define CONTINUE 268
+#define FUNCTION 269
+#define RETURN 270
+#define VOIDTOKEN 271
+#define DELETETOKEN 272
+#define IF 273
+#define THISTOKEN 274
+#define DO 275
+#define WHILE 276
+#define INTOKEN 277
+#define INSTANCEOF 278
+#define TYPEOF 279
+#define SWITCH 280
+#define WITH 281
+#define RESERVED 282
+#define THROW 283
+#define TRY 284
+#define CATCH 285
+#define FINALLY 286
+#define DEBUGGER 287
+#define IF_WITHOUT_ELSE 288
+#define ELSE 289
+#define EQEQ 290
+#define NE 291
+#define STREQ 292
+#define STRNEQ 293
+#define LE 294
+#define GE 295
+#define OR 296
+#define AND 297
+#define PLUSPLUS 298
+#define MINUSMINUS 299
+#define LSHIFT 300
+#define RSHIFT 301
+#define URSHIFT 302
+#define PLUSEQUAL 303
+#define MINUSEQUAL 304
+#define MULTEQUAL 305
+#define DIVEQUAL 306
+#define LSHIFTEQUAL 307
+#define RSHIFTEQUAL 308
+#define URSHIFTEQUAL 309
+#define ANDEQUAL 310
+#define MODEQUAL 311
+#define XOREQUAL 312
+#define OREQUAL 313
+#define OPENBRACE 314
+#define CLOSEBRACE 315
+#define NUMBER 316
+#define IDENT 317
+#define STRING 318
+#define AUTOPLUSPLUS 319
+#define AUTOMINUSMINUS 320
+
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 146 "../parser/Grammar.y"
+{
+    int                 intValue;
+    double              doubleValue;
+    const Identifier*   ident;
+
+    // expression subtrees
+    ExpressionNodeInfo  expressionNode;
+    FuncDeclNodeInfo    funcDeclNode;
+    PropertyNodeInfo    propertyNode;
+    ArgumentsNodeInfo   argumentsNode;
+    ConstDeclNodeInfo   constDeclNode;
+    CaseBlockNodeInfo   caseBlockNode;
+    CaseClauseNodeInfo  caseClauseNode;
+    FuncExprNodeInfo    funcExprNode;
+
+    // statement nodes
+    StatementNodeInfo   statementNode;
+    FunctionBodyNode*   functionBodyNode;
+    ProgramNode*        programNode;
+
+    SourceElementsInfo  sourceElements;
+    PropertyListInfo    propertyList;
+    ArgumentListInfo    argumentList;
+    VarDeclListInfo     varDeclList;
+    ConstDeclListInfo   constDeclList;
+    ClauseListInfo      clauseList;
+    ElementListInfo     elementList;
+    ParameterListInfo   parameterList;
+
+    Operator            op;
+}
+/* Line 1489 of yacc.c.  */
+#line 211 "JavaScriptCore/tmp/../generated/Grammar.tab.h"
+	YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+#if ! defined YYLTYPE && ! defined YYLTYPE_IS_DECLARED
+typedef struct YYLTYPE
+{
+  int first_line;
+  int first_column;
+  int last_line;
+  int last_column;
+} YYLTYPE;
+# define yyltype YYLTYPE /* obsolescent; will be withdrawn */
+# define YYLTYPE_IS_DECLARED 1
+# define YYLTYPE_IS_TRIVIAL 1
+#endif
+
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/JSONObject.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/JSONObject.lut.h
new file mode 100644
index 000000000..a9b163130
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/JSONObject.lut.h
@@ -0,0 +1,15 @@
+// Automatically generated from ../runtime/JSONObject.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue jsonTableValues[3] = {
+   { "parse", DontEnum|Function, (intptr_t)JSONProtoFuncParse, (intptr_t)1 },
+   { "stringify", DontEnum|Function, (intptr_t)JSONProtoFuncStringify, (intptr_t)1 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable jsonTable =
+    { 4, 3, jsonTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/Lexer.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Lexer.lut.h
new file mode 100644
index 000000000..95c33b637
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/Lexer.lut.h
@@ -0,0 +1,49 @@
+// Automatically generated from ../parser/Keywords.table using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue mainTableValues[37] = {
+   { "null", 0, (intptr_t)NULLTOKEN, (intptr_t)0 },
+   { "true", 0, (intptr_t)TRUETOKEN, (intptr_t)0 },
+   { "false", 0, (intptr_t)FALSETOKEN, (intptr_t)0 },
+   { "break", 0, (intptr_t)BREAK, (intptr_t)0 },
+   { "case", 0, (intptr_t)CASE, (intptr_t)0 },
+   { "catch", 0, (intptr_t)CATCH, (intptr_t)0 },
+   { "const", 0, (intptr_t)CONSTTOKEN, (intptr_t)0 },
+   { "default", 0, (intptr_t)DEFAULT, (intptr_t)0 },
+   { "finally", 0, (intptr_t)FINALLY, (intptr_t)0 },
+   { "for", 0, (intptr_t)FOR, (intptr_t)0 },
+   { "instanceof", 0, (intptr_t)INSTANCEOF, (intptr_t)0 },
+   { "new", 0, (intptr_t)NEW, (intptr_t)0 },
+   { "var", 0, (intptr_t)VAR, (intptr_t)0 },
+   { "continue", 0, (intptr_t)CONTINUE, (intptr_t)0 },
+   { "function", 0, (intptr_t)FUNCTION, (intptr_t)0 },
+   { "return", 0, (intptr_t)RETURN, (intptr_t)0 },
+   { "void", 0, (intptr_t)VOIDTOKEN, (intptr_t)0 },
+   { "delete", 0, (intptr_t)DELETETOKEN, (intptr_t)0 },
+   { "if", 0, (intptr_t)IF, (intptr_t)0 },
+   { "this", 0, (intptr_t)THISTOKEN, (intptr_t)0 },
+   { "do", 0, (intptr_t)DO, (intptr_t)0 },
+   { "while", 0, (intptr_t)WHILE, (intptr_t)0 },
+   { "else", 0, (intptr_t)ELSE, (intptr_t)0 },
+   { "in", 0, (intptr_t)INTOKEN, (intptr_t)0 },
+   { "switch", 0, (intptr_t)SWITCH, (intptr_t)0 },
+   { "throw", 0, (intptr_t)THROW, (intptr_t)0 },
+   { "try", 0, (intptr_t)TRY, (intptr_t)0 },
+   { "typeof", 0, (intptr_t)TYPEOF, (intptr_t)0 },
+   { "with", 0, (intptr_t)WITH, (intptr_t)0 },
+   { "debugger", 0, (intptr_t)DEBUGGER, (intptr_t)0 },
+   { "class", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { "enum", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { "export", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { "extends", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { "import", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { "super", 0, (intptr_t)RESERVED, (intptr_t)0 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable mainTable =
+    { 133, 127, mainTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/MathObject.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/MathObject.lut.h
new file mode 100644
index 000000000..9cb0ee21d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/MathObject.lut.h
@@ -0,0 +1,31 @@
+// Automatically generated from ../runtime/MathObject.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue mathTableValues[19] = {
+   { "abs", DontEnum|Function, (intptr_t)mathProtoFuncAbs, (intptr_t)1 },
+   { "acos", DontEnum|Function, (intptr_t)mathProtoFuncACos, (intptr_t)1 },
+   { "asin", DontEnum|Function, (intptr_t)mathProtoFuncASin, (intptr_t)1 },
+   { "atan", DontEnum|Function, (intptr_t)mathProtoFuncATan, (intptr_t)1 },
+   { "atan2", DontEnum|Function, (intptr_t)mathProtoFuncATan2, (intptr_t)2 },
+   { "ceil", DontEnum|Function, (intptr_t)mathProtoFuncCeil, (intptr_t)1 },
+   { "cos", DontEnum|Function, (intptr_t)mathProtoFuncCos, (intptr_t)1 },
+   { "exp", DontEnum|Function, (intptr_t)mathProtoFuncExp, (intptr_t)1 },
+   { "floor", DontEnum|Function, (intptr_t)mathProtoFuncFloor, (intptr_t)1 },
+   { "log", DontEnum|Function, (intptr_t)mathProtoFuncLog, (intptr_t)1 },
+   { "max", DontEnum|Function, (intptr_t)mathProtoFuncMax, (intptr_t)2 },
+   { "min", DontEnum|Function, (intptr_t)mathProtoFuncMin, (intptr_t)2 },
+   { "pow", DontEnum|Function, (intptr_t)mathProtoFuncPow, (intptr_t)2 },
+   { "random", DontEnum|Function, (intptr_t)mathProtoFuncRandom, (intptr_t)0 },
+   { "round", DontEnum|Function, (intptr_t)mathProtoFuncRound, (intptr_t)1 },
+   { "sin", DontEnum|Function, (intptr_t)mathProtoFuncSin, (intptr_t)1 },
+   { "sqrt", DontEnum|Function, (intptr_t)mathProtoFuncSqrt, (intptr_t)1 },
+   { "tan", DontEnum|Function, (intptr_t)mathProtoFuncTan, (intptr_t)1 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable mathTable =
+    { 67, 63, mathTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/NumberConstructor.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/NumberConstructor.lut.h
new file mode 100644
index 000000000..6285d6264
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/NumberConstructor.lut.h
@@ -0,0 +1,18 @@
+// Automatically generated from ../runtime/NumberConstructor.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue numberTableValues[6] = {
+   { "NaN", DontEnum|DontDelete|ReadOnly, (intptr_t)numberConstructorNaNValue, (intptr_t)0 },
+   { "NEGATIVE_INFINITY", DontEnum|DontDelete|ReadOnly, (intptr_t)numberConstructorNegInfinity, (intptr_t)0 },
+   { "POSITIVE_INFINITY", DontEnum|DontDelete|ReadOnly, (intptr_t)numberConstructorPosInfinity, (intptr_t)0 },
+   { "MAX_VALUE", DontEnum|DontDelete|ReadOnly, (intptr_t)numberConstructorMaxValue, (intptr_t)0 },
+   { "MIN_VALUE", DontEnum|DontDelete|ReadOnly, (intptr_t)numberConstructorMinValue, (intptr_t)0 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable numberTable =
+    { 16, 15, numberTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpConstructor.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpConstructor.lut.h
new file mode 100644
index 000000000..a3f15b3a3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpConstructor.lut.h
@@ -0,0 +1,34 @@
+// Automatically generated from ../runtime/RegExpConstructor.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue regExpConstructorTableValues[22] = {
+   { "input", None, (intptr_t)regExpConstructorInput, (intptr_t)setRegExpConstructorInput },
+   { "$_", DontEnum, (intptr_t)regExpConstructorInput, (intptr_t)setRegExpConstructorInput },
+   { "multiline", None, (intptr_t)regExpConstructorMultiline, (intptr_t)setRegExpConstructorMultiline },
+   { "$*", DontEnum, (intptr_t)regExpConstructorMultiline, (intptr_t)setRegExpConstructorMultiline },
+   { "lastMatch", DontDelete|ReadOnly, (intptr_t)regExpConstructorLastMatch, (intptr_t)0 },
+   { "$&", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpConstructorLastMatch, (intptr_t)0 },
+   { "lastParen", DontDelete|ReadOnly, (intptr_t)regExpConstructorLastParen, (intptr_t)0 },
+   { "$+", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpConstructorLastParen, (intptr_t)0 },
+   { "leftContext", DontDelete|ReadOnly, (intptr_t)regExpConstructorLeftContext, (intptr_t)0 },
+   { "$`", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpConstructorLeftContext, (intptr_t)0 },
+   { "rightContext", DontDelete|ReadOnly, (intptr_t)regExpConstructorRightContext, (intptr_t)0 },
+   { "$'", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpConstructorRightContext, (intptr_t)0 },
+   { "$1", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar1, (intptr_t)0 },
+   { "$2", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar2, (intptr_t)0 },
+   { "$3", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar3, (intptr_t)0 },
+   { "$4", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar4, (intptr_t)0 },
+   { "$5", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar5, (intptr_t)0 },
+   { "$6", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar6, (intptr_t)0 },
+   { "$7", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar7, (intptr_t)0 },
+   { "$8", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar8, (intptr_t)0 },
+   { "$9", DontDelete|ReadOnly, (intptr_t)regExpConstructorDollar9, (intptr_t)0 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable regExpConstructorTable =
+    { 65, 63, regExpConstructorTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpObject.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpObject.lut.h
new file mode 100644
index 000000000..8c87f1647
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/RegExpObject.lut.h
@@ -0,0 +1,18 @@
+// Automatically generated from ../runtime/RegExpObject.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue regExpTableValues[6] = {
+   { "global", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpObjectGlobal, (intptr_t)0 },
+   { "ignoreCase", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpObjectIgnoreCase, (intptr_t)0 },
+   { "multiline", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpObjectMultiline, (intptr_t)0 },
+   { "source", DontDelete|ReadOnly|DontEnum, (intptr_t)regExpObjectSource, (intptr_t)0 },
+   { "lastIndex", DontDelete|DontEnum, (intptr_t)regExpObjectLastIndex, (intptr_t)setRegExpObjectLastIndex },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable regExpTable =
+    { 17, 15, regExpTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/StringPrototype.lut.h b/src/3rdparty/javascriptcore/JavaScriptCore/generated/StringPrototype.lut.h
new file mode 100644
index 000000000..f912298cb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/StringPrototype.lut.h
@@ -0,0 +1,45 @@
+// Automatically generated from ../runtime/StringPrototype.cpp using JavaScriptCore/create_hash_table. DO NOT EDIT!
+
+#include "Lookup.h"
+
+namespace JSC {
+
+static const struct HashTableValue stringTableValues[33] = {
+   { "toString", DontEnum|Function, (intptr_t)stringProtoFuncToString, (intptr_t)0 },
+   { "valueOf", DontEnum|Function, (intptr_t)stringProtoFuncToString, (intptr_t)0 },
+   { "charAt", DontEnum|Function, (intptr_t)stringProtoFuncCharAt, (intptr_t)1 },
+   { "charCodeAt", DontEnum|Function, (intptr_t)stringProtoFuncCharCodeAt, (intptr_t)1 },
+   { "concat", DontEnum|Function, (intptr_t)stringProtoFuncConcat, (intptr_t)1 },
+   { "indexOf", DontEnum|Function, (intptr_t)stringProtoFuncIndexOf, (intptr_t)1 },
+   { "lastIndexOf", DontEnum|Function, (intptr_t)stringProtoFuncLastIndexOf, (intptr_t)1 },
+   { "match", DontEnum|Function, (intptr_t)stringProtoFuncMatch, (intptr_t)1 },
+   { "replace", DontEnum|Function, (intptr_t)stringProtoFuncReplace, (intptr_t)2 },
+   { "search", DontEnum|Function, (intptr_t)stringProtoFuncSearch, (intptr_t)1 },
+   { "slice", DontEnum|Function, (intptr_t)stringProtoFuncSlice, (intptr_t)2 },
+   { "split", DontEnum|Function, (intptr_t)stringProtoFuncSplit, (intptr_t)2 },
+   { "substr", DontEnum|Function, (intptr_t)stringProtoFuncSubstr, (intptr_t)2 },
+   { "substring", DontEnum|Function, (intptr_t)stringProtoFuncSubstring, (intptr_t)2 },
+   { "toLowerCase", DontEnum|Function, (intptr_t)stringProtoFuncToLowerCase, (intptr_t)0 },
+   { "toUpperCase", DontEnum|Function, (intptr_t)stringProtoFuncToUpperCase, (intptr_t)0 },
+   { "localeCompare", DontEnum|Function, (intptr_t)stringProtoFuncLocaleCompare, (intptr_t)1 },
+   { "toLocaleLowerCase", DontEnum|Function, (intptr_t)stringProtoFuncToLowerCase, (intptr_t)0 },
+   { "toLocaleUpperCase", DontEnum|Function, (intptr_t)stringProtoFuncToUpperCase, (intptr_t)0 },
+   { "big", DontEnum|Function, (intptr_t)stringProtoFuncBig, (intptr_t)0 },
+   { "small", DontEnum|Function, (intptr_t)stringProtoFuncSmall, (intptr_t)0 },
+   { "blink", DontEnum|Function, (intptr_t)stringProtoFuncBlink, (intptr_t)0 },
+   { "bold", DontEnum|Function, (intptr_t)stringProtoFuncBold, (intptr_t)0 },
+   { "fixed", DontEnum|Function, (intptr_t)stringProtoFuncFixed, (intptr_t)0 },
+   { "italics", DontEnum|Function, (intptr_t)stringProtoFuncItalics, (intptr_t)0 },
+   { "strike", DontEnum|Function, (intptr_t)stringProtoFuncStrike, (intptr_t)0 },
+   { "sub", DontEnum|Function, (intptr_t)stringProtoFuncSub, (intptr_t)0 },
+   { "sup", DontEnum|Function, (intptr_t)stringProtoFuncSup, (intptr_t)0 },
+   { "fontcolor", DontEnum|Function, (intptr_t)stringProtoFuncFontcolor, (intptr_t)1 },
+   { "fontsize", DontEnum|Function, (intptr_t)stringProtoFuncFontsize, (intptr_t)1 },
+   { "anchor", DontEnum|Function, (intptr_t)stringProtoFuncAnchor, (intptr_t)1 },
+   { "link", DontEnum|Function, (intptr_t)stringProtoFuncLink, (intptr_t)1 },
+   { 0, 0, 0, 0 }
+};
+
+extern JSC_CONST_HASHTABLE HashTable stringTable =
+    { 71, 63, stringTableValues, 0 };
+} // namespace
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/generated/chartables.c b/src/3rdparty/javascriptcore/JavaScriptCore/generated/chartables.c
new file mode 100644
index 000000000..5c99db0b9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/generated/chartables.c
@@ -0,0 +1,96 @@
+/*************************************************
+*      Perl-Compatible Regular Expressions       *
+*************************************************/
+
+/* This file is automatically written by the dftables auxiliary 
+program. If you edit it by hand, you might like to edit the Makefile to 
+prevent its ever being regenerated.
+
+This file contains the default tables for characters with codes less than
+128 (ASCII characters). These tables are used when no external tables are
+passed to PCRE. */
+
+const unsigned char jsc_pcre_default_tables[480] = {
+
+/* This table is a lower casing table. */
+
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 
+  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 
+  0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 
+  0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 
+  0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 
+  0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 
+  0x40, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 
+  0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 
+  0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 
+  0x78, 0x79, 0x7A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 
+  0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 
+  0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 
+  0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 
+  0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F,
+
+/* This table is a case flipping table. */
+
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+  0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 
+  0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 
+  0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 
+  0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 
+  0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 
+  0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 
+  0x40, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 
+  0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 
+  0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 
+  0x78, 0x79, 0x7A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 
+  0x60, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 
+  0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 
+  0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 
+  0x58, 0x59, 0x5A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F,
+
+/* This table contains bit maps for various character classes.
+Each map is 32 bytes long and the bits run from the least
+significant end of each byte. The classes are: space, digit, word. */
+
+  0x00, 0x3E, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x03, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x03, 
+  0xFE, 0xFF, 0xFF, 0x87, 0xFE, 0xFF, 0xFF, 0x07, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+
+/* This table identifies various classes of character by individual bits:
+  0x01   white space character
+  0x08   hexadecimal digit
+  0x10   alphanumeric or '_'
+*/
+
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*   0-  7 */
+  0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00,  /*   8- 15 */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*  16- 23 */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*  24- 31 */
+  0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*    - '  */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*  ( - /  */
+  0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,  /*  0 - 7  */
+  0x18, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /*  8 - ?  */
+  0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x10,  /*  @ - G  */
+  0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,  /*  H - O  */
+  0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,  /*  P - W  */
+  0x10, 0x10, 0x10, 0x00, 0x00, 0x00, 0x00, 0x10,  /*  X - _  */
+  0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x10,  /*  ` - g  */
+  0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,  /*  h - o  */
+  0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,  /*  p - w  */
+  0x10, 0x10, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00}; /*  x -127 */
+
+
+/* End of chartables.c */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/headers.pri b/src/3rdparty/javascriptcore/JavaScriptCore/headers.pri
new file mode 100644
index 000000000..3fb886bab
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/headers.pri
@@ -0,0 +1,9 @@
+JS_API_HEADERS += \
+    JSBase.h \
+    JSContextRef.h \
+    JSObjectRef.h \
+    JSStringRef.h \
+    JSStringRefCF.h \
+    JSStringRefBSTR.h \
+    JSValueRef.h \
+    JavaScriptCore.h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CachedCall.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CachedCall.h
new file mode 100644
index 000000000..b9fa48464
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CachedCall.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CachedCall_h
+#define CachedCall_h
+
+#include "CallFrameClosure.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "Interpreter.h"
+
+namespace JSC {
+    class CachedCall : public Noncopyable {
+    public:
+        CachedCall(CallFrame* callFrame, JSFunction* function, int argCount, JSValue* exception)
+            : m_valid(false)
+            , m_interpreter(callFrame->interpreter())
+            , m_exception(exception)
+            , m_globalObjectScope(callFrame, callFrame->globalData().dynamicGlobalObject ? callFrame->globalData().dynamicGlobalObject : function->scope().node()->globalObject())
+        {
+            ASSERT(!function->isHostFunction());
+            m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, function, argCount, function->scope().node(), exception);
+            m_valid = !*exception;
+        }
+        
+        JSValue call()
+        { 
+            ASSERT(m_valid);
+            return m_interpreter->execute(m_closure, m_exception);
+        }
+        void setThis(JSValue v) { m_closure.setArgument(0, v); }
+        void setArgument(int n, JSValue v) { m_closure.setArgument(n + 1, v); }
+        CallFrame* newCallFrame() { return m_closure.newCallFrame; }
+        ~CachedCall()
+        {
+            if (m_valid)
+                m_interpreter->endRepeatCall(m_closure);
+        }
+        
+    private:
+        bool m_valid;
+        Interpreter* m_interpreter;
+        JSValue* m_exception;
+        DynamicGlobalObjectScope m_globalObjectScope;
+        CallFrameClosure m_closure;
+    };
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.cpp
new file mode 100644
index 000000000..972487565
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.cpp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "CallFrame.h"
+
+#include "CodeBlock.h"
+#include "Interpreter.h"
+
+namespace JSC {
+
+JSValue CallFrame::thisValue()
+{
+    return this[codeBlock()->thisRegister()].jsValue();
+}
+
+#ifndef NDEBUG
+void CallFrame::dumpCaller()
+{
+    int signedLineNumber;
+    intptr_t sourceID;
+    UString urlString;
+    JSValue function;
+    
+    interpreter()->retrieveLastCaller(this, signedLineNumber, sourceID, urlString, function);
+    printf("Callpoint => %s:%d\n", urlString.ascii(), signedLineNumber);
+}
+#endif
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.h
new file mode 100644
index 000000000..b04e1c1fa
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrame.h
@@ -0,0 +1,150 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef CallFrame_h
+#define CallFrame_h
+
+#include "JSGlobalData.h"
+#include "RegisterFile.h"
+#include "ScopeChain.h"
+
+namespace JSC  {
+
+    class Arguments;
+    class JSActivation;
+    class Interpreter;
+
+    // Represents the current state of script execution.
+    // Passed as the first argument to most functions.
+    class ExecState : private Register {
+    public:
+        JSObject* callee() const { return this[RegisterFile::Callee].object(); }
+        CodeBlock* codeBlock() const { return this[RegisterFile::CodeBlock].Register::codeBlock(); }
+        ScopeChainNode* scopeChain() const { return this[RegisterFile::ScopeChain].Register::scopeChain(); }
+        int argumentCount() const { return this[RegisterFile::ArgumentCount].i(); }
+
+        JSValue thisValue();
+
+        // Global object in which execution began.
+        JSGlobalObject* dynamicGlobalObject();
+
+        // Global object in which the currently executing code was defined.
+        // Differs from dynamicGlobalObject() during function calls across web browser frames.
+        JSGlobalObject* lexicalGlobalObject() const
+        {
+            return scopeChain()->globalObject();
+        }
+
+        // Differs from lexicalGlobalObject because this will have DOM window shell rather than
+        // the actual DOM window, which can't be "this" for security reasons.
+        JSObject* globalThisValue() const
+        {
+            return scopeChain()->globalThisObject();
+        }
+
+        // FIXME: Elsewhere, we use JSGlobalData* rather than JSGlobalData&.
+        // We should make this more uniform and either use a reference everywhere
+        // or a pointer everywhere.
+        JSGlobalData& globalData() const
+        {
+            return *scopeChain()->globalData;
+        }
+
+        // Convenience functions for access to global data.
+        // It takes a few memory references to get from a call frame to the global data
+        // pointer, so these are inefficient, and should be used sparingly in new code.
+        // But they're used in many places in legacy code, so they're not going away any time soon.
+
+        void setException(JSValue exception) { globalData().exception = exception; }
+        void clearException() { globalData().exception = JSValue(); }
+        JSValue exception() const { return globalData().exception; }
+        JSValue* exceptionSlot() { return &globalData().exception; }
+        bool hadException() const { return globalData().exception; }
+
+        const CommonIdentifiers& propertyNames() const { return *globalData().propertyNames; }
+        const MarkedArgumentBuffer& emptyList() const { return *globalData().emptyList; }
+        Interpreter* interpreter() { return globalData().interpreter; }
+        Heap* heap() { return &globalData().heap; }
+#ifndef NDEBUG
+        void dumpCaller();
+#endif
+        static const HashTable* arrayTable(CallFrame* callFrame) { return callFrame->globalData().arrayTable; }
+        static const HashTable* dateTable(CallFrame* callFrame) { return callFrame->globalData().dateTable; }
+        static const HashTable* jsonTable(CallFrame* callFrame) { return callFrame->globalData().jsonTable; }
+        static const HashTable* mathTable(CallFrame* callFrame) { return callFrame->globalData().mathTable; }
+        static const HashTable* numberTable(CallFrame* callFrame) { return callFrame->globalData().numberTable; }
+        static const HashTable* regExpTable(CallFrame* callFrame) { return callFrame->globalData().regExpTable; }
+        static const HashTable* regExpConstructorTable(CallFrame* callFrame) { return callFrame->globalData().regExpConstructorTable; }
+        static const HashTable* stringTable(CallFrame* callFrame) { return callFrame->globalData().stringTable; }
+
+        static CallFrame* create(Register* callFrameBase) { return static_cast<CallFrame*>(callFrameBase); }
+        Register* registers() { return this; }
+
+        CallFrame& operator=(const Register& r) { *static_cast<Register*>(this) = r; return *this; }
+
+        CallFrame* callerFrame() const { return this[RegisterFile::CallerFrame].callFrame(); }
+        Arguments* optionalCalleeArguments() const { return this[RegisterFile::OptionalCalleeArguments].arguments(); }
+        Instruction* returnPC() const { return this[RegisterFile::ReturnPC].vPC(); }
+
+        void setCalleeArguments(JSValue arguments) { this[RegisterFile::OptionalCalleeArguments] = arguments; }
+        void setCallerFrame(CallFrame* callerFrame) { this[RegisterFile::CallerFrame] = callerFrame; }
+        void setScopeChain(ScopeChainNode* scopeChain) { this[RegisterFile::ScopeChain] = scopeChain; }
+
+        ALWAYS_INLINE void init(CodeBlock* codeBlock, Instruction* vPC, ScopeChainNode* scopeChain,
+            CallFrame* callerFrame, int returnValueRegister, int argc, JSObject* callee)
+        {
+            ASSERT(callerFrame); // Use noCaller() rather than 0 for the outer host call frame caller.
+
+            setCodeBlock(codeBlock);
+            setScopeChain(scopeChain);
+            setCallerFrame(callerFrame);
+            this[RegisterFile::ReturnPC] = vPC; // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
+            this[RegisterFile::ReturnValueRegister] = Register::withInt(returnValueRegister);
+            setArgumentCount(argc); // original argument count (for the sake of the "arguments" object)
+            setCallee(callee);
+            setCalleeArguments(JSValue());
+        }
+
+        // Read a register from the codeframe (or constant from the CodeBlock).
+        inline Register& r(int);
+
+        static CallFrame* noCaller() { return reinterpret_cast<CallFrame*>(HostCallFrameFlag); }
+        int returnValueRegister() const { return this[RegisterFile::ReturnValueRegister].i(); }
+
+        bool hasHostCallFrameFlag() const { return reinterpret_cast<intptr_t>(this) & HostCallFrameFlag; }
+        CallFrame* addHostCallFrameFlag() const { return reinterpret_cast<CallFrame*>(reinterpret_cast<intptr_t>(this) | HostCallFrameFlag); }
+        CallFrame* removeHostCallFrameFlag() { return reinterpret_cast<CallFrame*>(reinterpret_cast<intptr_t>(this) & ~HostCallFrameFlag); }
+
+    private:
+        void setArgumentCount(int count) { this[RegisterFile::ArgumentCount] = Register::withInt(count); }
+        void setCallee(JSObject* callee) { this[RegisterFile::Callee] = callee; }
+        void setCodeBlock(CodeBlock* codeBlock) { this[RegisterFile::CodeBlock] = codeBlock; }
+
+        static const intptr_t HostCallFrameFlag = 1;
+
+        ExecState();
+        ~ExecState();
+    };
+
+} // namespace JSC
+
+#endif // CallFrame_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrameClosure.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrameClosure.h
new file mode 100644
index 000000000..a301060d2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/CallFrameClosure.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CallFrameClosure_h
+#define CallFrameClosure_h
+
+namespace JSC {
+
+struct CallFrameClosure {
+    CallFrame* oldCallFrame;
+    CallFrame* newCallFrame;
+    JSFunction* function;
+    FunctionExecutable* functionExecutable;
+    JSGlobalData* globalData;
+    Register* oldEnd;
+    ScopeChainNode* scopeChain;
+    int expectedParams;
+    int providedParams;
+    
+    void setArgument(int arg, JSValue value)
+    {
+        if (arg < expectedParams)
+            newCallFrame[arg - RegisterFile::CallFrameHeaderSize - expectedParams] = value;
+        else
+            newCallFrame[arg - RegisterFile::CallFrameHeaderSize - expectedParams - providedParams] = value;
+    }
+    void resetCallFrame()
+    {
+        newCallFrame->setScopeChain(scopeChain);
+        newCallFrame->setCalleeArguments(JSValue());
+        for (int i = providedParams; i < expectedParams; ++i)
+            newCallFrame[i - RegisterFile::CallFrameHeaderSize - expectedParams] = jsUndefined();
+    }
+};
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp
new file mode 100644
index 000000000..4f00b2b6c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp
@@ -0,0 +1,3995 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Interpreter.h"
+
+#include "Arguments.h"
+#include "BatchedTransitionOptimizer.h"
+#include "CallFrame.h"
+#include "CallFrameClosure.h"
+#include "CodeBlock.h"
+#include "Collector.h"
+#include "Debugger.h"
+#include "DebuggerCallFrame.h"
+#include "EvalCodeCache.h"
+#include "ExceptionHelpers.h"
+#include "GlobalEvalFunction.h"
+#include "JSActivation.h"
+#include "JSArray.h"
+#include "JSByteArray.h"
+#include "JSFunction.h"
+#include "JSNotAnObject.h"
+#include "JSPropertyNameIterator.h"
+#include "LiteralParser.h"
+#include "JSStaticScopeObject.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "Operations.h"
+#include "Parser.h"
+#include "Profiler.h"
+#include "RegExpObject.h"
+#include "RegExpPrototype.h"
+#include "Register.h"
+#include "SamplingTool.h"
+#include <limits.h>
+#include <stdio.h>
+#include <wtf/Threading.h>
+
+#if ENABLE(JIT)
+#include "JIT.h"
+#endif
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "bridge/qscriptobject_p.h"
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+static ALWAYS_INLINE unsigned bytecodeOffsetForPC(CallFrame* callFrame, CodeBlock* codeBlock, void* pc)
+{
+#if ENABLE(JIT)
+    return codeBlock->getBytecodeIndex(callFrame, ReturnAddressPtr(pc));
+#else
+    UNUSED_PARAM(callFrame);
+    return static_cast<Instruction*>(pc) - codeBlock->instructions().begin();
+#endif
+}
+
+// Returns the depth of the scope chain within a given call frame.
+static int depth(CodeBlock* codeBlock, ScopeChain& sc)
+{
+    if (!codeBlock->needsFullScopeChain())
+        return 0;
+    return sc.localDepth();
+}
+
+#if USE(INTERPRETER)
+NEVER_INLINE bool Interpreter::resolve(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    int dst = (vPC + 1)->u.operand;
+    int property = (vPC + 2)->u.operand;
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+    ASSERT(iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Identifier& ident = codeBlock->identifier(property);
+    do {
+        JSObject* o = *iter;
+        PropertySlot slot(o);
+        if (o->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            exceptionValue = callFrame->globalData().exception;
+            if (exceptionValue)
+                return false;
+            callFrame->r(dst) = JSValue(result);
+            return true;
+        }
+    } while (++iter != end);
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
+NEVER_INLINE bool Interpreter::resolveSkip(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    CodeBlock* codeBlock = callFrame->codeBlock();
+
+    int dst = (vPC + 1)->u.operand;
+    int property = (vPC + 2)->u.operand;
+    int skip = (vPC + 3)->u.operand + codeBlock->needsFullScopeChain();
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+    ASSERT(iter != end);
+    while (skip--) {
+        ++iter;
+        ASSERT(iter != end);
+    }
+    Identifier& ident = codeBlock->identifier(property);
+    do {
+        JSObject* o = *iter;
+        PropertySlot slot(o);
+        if (o->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            exceptionValue = callFrame->globalData().exception;
+            if (exceptionValue)
+                return false;
+            callFrame->r(dst) = JSValue(result);
+            return true;
+        }
+    } while (++iter != end);
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
+NEVER_INLINE bool Interpreter::resolveGlobal(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    int dst = (vPC + 1)->u.operand;
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>((vPC + 2)->u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int property = (vPC + 3)->u.operand;
+    Structure* structure = (vPC + 4)->u.structure;
+    int offset = (vPC + 5)->u.operand;
+
+    if (structure == globalObject->structure()) {
+        callFrame->r(dst) = JSValue(globalObject->getDirectOffset(offset));
+        return true;
+    }
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Identifier& ident = codeBlock->identifier(property);
+    PropertySlot slot(globalObject);
+    if (globalObject->getPropertySlot(callFrame, ident, slot)) {
+        JSValue result = slot.getValue(callFrame, ident);
+        if (slot.isCacheable() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
+            if (vPC[4].u.structure)
+                vPC[4].u.structure->deref();
+            globalObject->structure()->ref();
+            vPC[4] = globalObject->structure();
+            vPC[5] = slot.cachedOffset();
+            callFrame->r(dst) = JSValue(result);
+            return true;
+        }
+
+        exceptionValue = callFrame->globalData().exception;
+        if (exceptionValue)
+            return false;
+        callFrame->r(dst) = JSValue(result);
+        return true;
+    }
+
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
+NEVER_INLINE void Interpreter::resolveBase(CallFrame* callFrame, Instruction* vPC)
+{
+    int dst = (vPC + 1)->u.operand;
+    int property = (vPC + 2)->u.operand;
+    callFrame->r(dst) = JSValue(JSC::resolveBase(callFrame, callFrame->codeBlock()->identifier(property), callFrame->scopeChain()));
+}
+
+NEVER_INLINE bool Interpreter::resolveBaseAndProperty(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    int baseDst = (vPC + 1)->u.operand;
+    int propDst = (vPC + 2)->u.operand;
+    int property = (vPC + 3)->u.operand;
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+
+    // FIXME: add scopeDepthIsZero optimization
+
+    ASSERT(iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Identifier& ident = codeBlock->identifier(property);
+    JSObject* base;
+    do {
+        base = *iter;
+        PropertySlot slot(base);
+        if (base->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            exceptionValue = callFrame->globalData().exception;
+            if (exceptionValue)
+                return false;
+            callFrame->r(propDst) = JSValue(result);
+            callFrame->r(baseDst) = JSValue(base);
+            return true;
+        }
+        ++iter;
+    } while (iter != end);
+
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
+NEVER_INLINE bool Interpreter::resolveBaseAndFunc(CallFrame* callFrame, Instruction* vPC, JSValue& exceptionValue)
+{
+    int baseDst = (vPC + 1)->u.operand;
+    int funcDst = (vPC + 2)->u.operand;
+    int property = (vPC + 3)->u.operand;
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+
+    // FIXME: add scopeDepthIsZero optimization
+
+    ASSERT(iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Identifier& ident = codeBlock->identifier(property);
+    JSObject* base;
+    do {
+        base = *iter;
+        PropertySlot slot(base);
+        if (base->getPropertySlot(callFrame, ident, slot)) {            
+            // ECMA 11.2.3 says that if we hit an activation the this value should be null.
+            // However, section 10.2.3 says that in the case where the value provided
+            // by the caller is null, the global object should be used. It also says
+            // that the section does not apply to internal functions, but for simplicity
+            // of implementation we use the global object anyway here. This guarantees
+            // that in host objects you always get a valid object for this.
+            // We also handle wrapper substitution for the global object at the same time.
+            JSObject* thisObj = base->toThisObject(callFrame);
+            JSValue result = slot.getValue(callFrame, ident);
+            exceptionValue = callFrame->globalData().exception;
+            if (exceptionValue)
+                return false;
+
+            callFrame->r(baseDst) = JSValue(thisObj);
+            callFrame->r(funcDst) = JSValue(result);
+            return true;
+        }
+        ++iter;
+    } while (iter != end);
+
+    exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
+    return false;
+}
+
+#endif // USE(INTERPRETER)
+
+ALWAYS_INLINE CallFrame* Interpreter::slideRegisterWindowForCall(CodeBlock* newCodeBlock, RegisterFile* registerFile, CallFrame* callFrame, size_t registerOffset, int argc)
+{
+    Register* r = callFrame->registers();
+    Register* newEnd = r + registerOffset + newCodeBlock->m_numCalleeRegisters;
+
+    if (LIKELY(argc == newCodeBlock->m_numParameters)) { // correct number of arguments
+        if (UNLIKELY(!registerFile->grow(newEnd)))
+            return 0;
+        r += registerOffset;
+    } else if (argc < newCodeBlock->m_numParameters) { // too few arguments -- fill in the blanks
+        size_t omittedArgCount = newCodeBlock->m_numParameters - argc;
+        registerOffset += omittedArgCount;
+        newEnd += omittedArgCount;
+        if (!registerFile->grow(newEnd))
+            return 0;
+        r += registerOffset;
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
+        for (size_t i = 0; i < omittedArgCount; ++i)
+            argv[i] = jsUndefined();
+    } else { // too many arguments -- copy expected arguments, leaving the extra arguments behind
+        size_t numParameters = newCodeBlock->m_numParameters;
+        registerOffset += numParameters;
+        newEnd += numParameters;
+
+        if (!registerFile->grow(newEnd))
+            return 0;
+        r += registerOffset;
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argc;
+        for (size_t i = 0; i < numParameters; ++i)
+            argv[i + argc] = argv[i];
+    }
+
+    return CallFrame::create(r);
+}
+
+#if USE(INTERPRETER)
+static NEVER_INLINE bool isInvalidParamForIn(CallFrame* callFrame, CodeBlock* codeBlock, const Instruction* vPC, JSValue value, JSValue& exceptionData)
+{
+    if (value.isObject())
+        return false;
+    exceptionData = createInvalidParamError(callFrame, "in" , value, vPC - codeBlock->instructions().begin(), codeBlock);
+    return true;
+}
+
+static NEVER_INLINE bool isInvalidParamForInstanceOf(CallFrame* callFrame, CodeBlock* codeBlock, const Instruction* vPC, JSValue value, JSValue& exceptionData)
+{
+    if (value.isObject() && asObject(value)->structure()->typeInfo().implementsHasInstance())
+        return false;
+    exceptionData = createInvalidParamError(callFrame, "instanceof" , value, vPC - codeBlock->instructions().begin(), codeBlock);
+    return true;
+}
+#endif
+
+NEVER_INLINE JSValue Interpreter::callEval(CallFrame* callFrame, RegisterFile* registerFile, Register* argv, int argc, int registerOffset, JSValue& exceptionValue)
+{
+    if (argc < 2)
+        return jsUndefined();
+
+    JSValue program = argv[1].jsValue();
+
+    if (!program.isString())
+        return program;
+
+    UString programSource = asString(program)->value();
+
+    LiteralParser preparser(callFrame, programSource, LiteralParser::NonStrictJSON);
+    if (JSValue parsedObject = preparser.tryLiteralParse())
+        return parsedObject;
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    RefPtr<EvalExecutable> eval = codeBlock->evalCodeCache().get(callFrame, programSource, scopeChain, exceptionValue);
+
+    JSValue result = jsUndefined();
+    if (eval)
+        result = callFrame->globalData().interpreter->execute(eval.get(), callFrame, callFrame->thisValue().toThisObject(callFrame), callFrame->registers() - registerFile->start() + registerOffset, scopeChain, &exceptionValue);
+
+    return result;
+}
+
+Interpreter::Interpreter()
+    : m_sampler(0)
+    , m_reentryDepth(0)
+{
+    privateExecute(InitializeAndReturn, 0, 0, 0);
+}
+
+#ifndef NDEBUG
+
+void Interpreter::dumpCallFrame(CallFrame* callFrame)
+{
+    callFrame->codeBlock()->dump(callFrame);
+    dumpRegisters(callFrame);
+}
+
+void Interpreter::dumpRegisters(CallFrame* callFrame)
+{
+    printf("Register frame: \n\n");
+    printf("-----------------------------------------------------------------------------\n");
+    printf("            use            |   address  |                value               \n");
+    printf("-----------------------------------------------------------------------------\n");
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    RegisterFile* registerFile = &callFrame->scopeChain()->globalObject()->globalData()->interpreter->registerFile();
+    const Register* it;
+    const Register* end;
+    JSValue v;
+
+    if (codeBlock->codeType() == GlobalCode) {
+        it = registerFile->lastGlobal();
+        end = it + registerFile->numGlobals();
+        while (it != end) {
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[global var]               | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v));
+#else
+            printf("[global var]               | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v));
+#endif
+            ++it;
+        }
+        printf("-----------------------------------------------------------------------------\n");
+    }
+    
+    it = callFrame->registers() - RegisterFile::CallFrameHeaderSize - codeBlock->m_numParameters;
+    v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+    printf("[this]                     | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v)); ++it;
+#else
+    printf("[this]                     | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v)); ++it;
+#endif
+    end = it + max(codeBlock->m_numParameters - 1, 0); // - 1 to skip "this"
+    if (it != end) {
+        do {
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[param]                    | %10p | %-16s 0x%llx \n", it, v.description(), JSValue::encode(v));
+#else
+            printf("[param]                    | %10p | %-16s %p \n", it, v.description(), JSValue::encode(v));
+#endif
+            ++it;
+        } while (it != end);
+    }
+    printf("-----------------------------------------------------------------------------\n");
+    printf("[CodeBlock]                | %10p | %p \n", it, (*it).codeBlock()); ++it;
+    printf("[ScopeChain]               | %10p | %p \n", it, (*it).scopeChain()); ++it;
+    printf("[CallerRegisters]          | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[ReturnPC]                 | %10p | %p \n", it, (*it).vPC()); ++it;
+    printf("[ReturnValueRegister]      | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[ArgumentCount]            | %10p | %d \n", it, (*it).i()); ++it;
+    printf("[Callee]                   | %10p | %p \n", it, (*it).object()); ++it;
+    printf("[OptionalCalleeArguments]  | %10p | %p \n", it, (*it).arguments()); ++it;
+    printf("-----------------------------------------------------------------------------\n");
+
+    int registerCount = 0;
+
+    end = it + codeBlock->m_numVars;
+    if (it != end) {
+        do {
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[r%2d]                      | %10p | %-16s 0x%llx \n", registerCount, it, v.description(), JSValue::encode(v));
+#else
+            printf("[r%2d]                      | %10p | %-16s %p \n", registerCount, it, v.description(), JSValue::encode(v));
+#endif
+            ++it;
+            ++registerCount;
+        } while (it != end);
+    }
+    printf("-----------------------------------------------------------------------------\n");
+
+    end = it + codeBlock->m_numCalleeRegisters - codeBlock->m_numVars;
+    if (it != end) {
+        do {
+            v = (*it).jsValue();
+#if USE(JSVALUE32_64)
+            printf("[r%2d]                      | %10p | %-16s 0x%llx \n", registerCount, it, v.description(), JSValue::encode(v));
+#else
+            printf("[r%2d]                      | %10p | %-16s %p \n", registerCount, it, v.description(), JSValue::encode(v));
+#endif
+            ++it;
+            ++registerCount;
+        } while (it != end);
+    }
+    printf("-----------------------------------------------------------------------------\n");
+}
+
+#endif
+
+bool Interpreter::isOpcode(Opcode opcode)
+{
+#if HAVE(COMPUTED_GOTO)
+    return opcode != HashTraits<Opcode>::emptyValue()
+        && !HashTraits<Opcode>::isDeletedValue(opcode)
+        && m_opcodeIDTable.contains(opcode);
+#else
+    return opcode >= 0 && opcode <= op_end;
+#endif
+}
+
+NEVER_INLINE bool Interpreter::unwindCallFrame(CallFrame*& callFrame, JSValue exceptionValue, unsigned& bytecodeOffset, CodeBlock*& codeBlock)
+{
+    CodeBlock* oldCodeBlock = codeBlock;
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+
+    if (Debugger* debugger = callFrame->dynamicGlobalObject()->debugger()) {
+        DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
+        if (callFrame->callee()) {
+            debugger->returnEvent(debuggerCallFrame, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->lastLine());
+#ifdef QT_BUILD_SCRIPT_LIB
+            debugger->functionExit(exceptionValue, codeBlock->ownerExecutable()->sourceID());
+#endif
+        } else
+            debugger->didExecuteProgram(debuggerCallFrame, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->lastLine());
+    }
+
+    if (Profiler* profiler = *Profiler::enabledProfilerReference()) {
+        if (callFrame->callee())
+            profiler->didExecute(callFrame, callFrame->callee());
+        else
+            profiler->didExecute(callFrame, codeBlock->ownerExecutable()->sourceURL(), codeBlock->ownerExecutable()->lineNo());
+    }
+
+    // If this call frame created an activation or an 'arguments' object, tear it off.
+    if (oldCodeBlock->codeType() == FunctionCode && oldCodeBlock->needsFullScopeChain()) {
+        while (!scopeChain->object->inherits(&JSActivation::info))
+            scopeChain = scopeChain->pop();
+        static_cast<JSActivation*>(scopeChain->object)->copyRegisters(callFrame->optionalCalleeArguments());
+    } else if (Arguments* arguments = callFrame->optionalCalleeArguments()) {
+        if (!arguments->isTornOff())
+            arguments->copyRegisters();
+    }
+
+    if (oldCodeBlock->needsFullScopeChain())
+        scopeChain->deref();
+
+    void* returnPC = callFrame->returnPC();
+    callFrame = callFrame->callerFrame();
+    if (callFrame->hasHostCallFrameFlag())
+        return false;
+
+    codeBlock = callFrame->codeBlock();
+    bytecodeOffset = bytecodeOffsetForPC(callFrame, codeBlock, returnPC);
+    return true;
+}
+
+NEVER_INLINE HandlerInfo* Interpreter::throwException(CallFrame*& callFrame, JSValue& exceptionValue, unsigned bytecodeOffset, bool explicitThrow)
+{
+    // Set up the exception object
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    if (exceptionValue.isObject()) {
+        JSObject* exception = asObject(exceptionValue);
+        if (exception->isNotAnObjectErrorStub()) {
+            exception = createNotAnObjectError(callFrame, static_cast<JSNotAnObjectErrorStub*>(exception), bytecodeOffset, codeBlock);
+            exceptionValue = exception;
+        } else {
+            if (!exception->hasProperty(callFrame, Identifier(callFrame, JSC_ERROR_LINENUMBER_PROPERTYNAME)) && 
+                !exception->hasProperty(callFrame, Identifier(callFrame, "sourceId")) && 
+                !exception->hasProperty(callFrame, Identifier(callFrame, JSC_ERROR_FILENAME_PROPERTYNAME)) && 
+                !exception->hasProperty(callFrame, Identifier(callFrame, expressionBeginOffsetPropertyName)) && 
+                !exception->hasProperty(callFrame, Identifier(callFrame, expressionCaretOffsetPropertyName)) && 
+                !exception->hasProperty(callFrame, Identifier(callFrame, expressionEndOffsetPropertyName))) {
+                if (explicitThrow) {
+                    int startOffset = 0;
+                    int endOffset = 0;
+                    int divotPoint = 0;
+                    int line = codeBlock->expressionRangeForBytecodeOffset(callFrame, bytecodeOffset, divotPoint, startOffset, endOffset);
+                    exception->putWithAttributes(callFrame, Identifier(callFrame, JSC_ERROR_LINENUMBER_PROPERTYNAME), jsNumber(callFrame, line), ReadOnly | DontDelete);
+                    
+                    // We only hit this path for error messages and throw statements, which don't have a specific failure position
+                    // So we just give the full range of the error/throw statement.
+                    exception->putWithAttributes(callFrame, Identifier(callFrame, expressionBeginOffsetPropertyName), jsNumber(callFrame, divotPoint - startOffset), ReadOnly | DontDelete);
+                    exception->putWithAttributes(callFrame, Identifier(callFrame, expressionEndOffsetPropertyName), jsNumber(callFrame, divotPoint + endOffset), ReadOnly | DontDelete);
+                } else
+                    exception->putWithAttributes(callFrame, Identifier(callFrame, JSC_ERROR_LINENUMBER_PROPERTYNAME), jsNumber(callFrame, codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset)), ReadOnly | DontDelete);
+                exception->putWithAttributes(callFrame, Identifier(callFrame, "sourceId"), jsNumber(callFrame, codeBlock->ownerExecutable()->sourceID()), ReadOnly | DontDelete);
+                exception->putWithAttributes(callFrame, Identifier(callFrame, JSC_ERROR_FILENAME_PROPERTYNAME), jsOwnedString(callFrame, codeBlock->ownerExecutable()->sourceURL()), ReadOnly | DontDelete);
+            }
+            
+            if (exception->isWatchdogException()) {
+                while (unwindCallFrame(callFrame, exceptionValue, bytecodeOffset, codeBlock)) {
+                    // Don't need handler checks or anything, we just want to unroll all the JS callframes possible.
+                }
+                return 0;
+            }
+        }
+    }
+
+    Debugger* debugger = callFrame->dynamicGlobalObject()->debugger();
+    if (debugger) {
+        DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
+        debugger->exception(debuggerCallFrame, codeBlock->ownerExecutable()->sourceID(), codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset));
+    }
+
+    // If we throw in the middle of a call instruction, we need to notify
+    // the profiler manually that the call instruction has returned, since
+    // we'll never reach the relevant op_profile_did_call.
+    if (Profiler* profiler = *Profiler::enabledProfilerReference()) {
+#if !ENABLE(JIT)
+        if (isCallBytecode(codeBlock->instructions()[bytecodeOffset].u.opcode))
+            profiler->didExecute(callFrame, callFrame->r(codeBlock->instructions()[bytecodeOffset + 2].u.operand).jsValue());
+        else if (codeBlock->instructions()[bytecodeOffset + 8].u.opcode == getOpcode(op_construct))
+            profiler->didExecute(callFrame, callFrame->r(codeBlock->instructions()[bytecodeOffset + 10].u.operand).jsValue());
+#else
+        int functionRegisterIndex;
+        if (codeBlock->functionRegisterForBytecodeOffset(bytecodeOffset, functionRegisterIndex))
+            profiler->didExecute(callFrame, callFrame->r(functionRegisterIndex).jsValue());
+#endif
+    }
+
+    // Calculate an exception handler vPC, unwinding call frames as necessary.
+
+    HandlerInfo* handler = 0;
+
+#ifdef QT_BUILD_SCRIPT_LIB
+    //try to find handler
+    bool hasHandler = true;
+    CallFrame *callFrameTemp = callFrame;
+    unsigned bytecodeOffsetTemp = bytecodeOffset;
+    CodeBlock *codeBlockTemp = codeBlock;
+    while (!(handler = codeBlockTemp->handlerForBytecodeOffset(bytecodeOffsetTemp))) {
+        void* returnPC = callFrameTemp->returnPC();
+        callFrameTemp = callFrameTemp->callerFrame();
+        if (callFrameTemp->hasHostCallFrameFlag()) {
+            hasHandler = false;
+            break;
+        } else {
+            codeBlockTemp = callFrameTemp->codeBlock();
+            bytecodeOffsetTemp = bytecodeOffsetForPC(callFrameTemp, codeBlockTemp, returnPC);
+        }
+    }
+    if (debugger)
+        debugger->exceptionThrow(DebuggerCallFrame(callFrame, exceptionValue), codeBlock->ownerExecutable()->sourceID(), hasHandler);
+#endif
+
+    while (!(handler = codeBlock->handlerForBytecodeOffset(bytecodeOffset))) {
+        if (!unwindCallFrame(callFrame, exceptionValue, bytecodeOffset, codeBlock)) {
+            return 0;
+        }
+    }
+    // Now unwind the scope chain within the exception handler's call frame.
+
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+    ScopeChain sc(scopeChain);
+    int scopeDelta = depth(codeBlock, sc) - handler->scopeDepth;
+    ASSERT(scopeDelta >= 0);
+    while (scopeDelta--)
+        scopeChain = scopeChain->pop();
+    callFrame->setScopeChain(scopeChain);
+
+    return handler;
+}
+
+JSValue Interpreter::execute(ProgramExecutable* program, CallFrame* callFrame, ScopeChainNode* scopeChain, JSObject* thisObj, JSValue* exception)
+{
+    ASSERT(!scopeChain->globalData->exception);
+
+    if (m_reentryDepth >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || m_reentryDepth >= MaxMainThreadReentryDepth) {
+            *exception = createStackOverflowError(callFrame);
+            return jsNull();
+        }
+    }
+
+    CodeBlock* codeBlock = &program->bytecode(callFrame, scopeChain);
+
+    Register* oldEnd = m_registerFile.end();
+    Register* newEnd = oldEnd + codeBlock->m_numParameters + RegisterFile::CallFrameHeaderSize + codeBlock->m_numCalleeRegisters;
+    if (!m_registerFile.grow(newEnd)) {
+        *exception = createStackOverflowError(callFrame);
+        return jsNull();
+    }
+
+    DynamicGlobalObjectScope globalObjectScope(callFrame, scopeChain->globalObject());
+
+    JSGlobalObject* lastGlobalObject = m_registerFile.globalObject();
+    JSGlobalObject* globalObject = callFrame->dynamicGlobalObject();
+    globalObject->copyGlobalsTo(m_registerFile);
+
+    CallFrame* newCallFrame = CallFrame::create(oldEnd + codeBlock->m_numParameters + RegisterFile::CallFrameHeaderSize);
+    newCallFrame->r(codeBlock->thisRegister()) = JSValue(thisObj);
+    newCallFrame->init(codeBlock, 0, scopeChain, CallFrame::noCaller(), 0, 0, 0);
+
+    if (codeBlock->needsFullScopeChain())
+        scopeChain->ref();
+
+    Profiler** profiler = Profiler::enabledProfilerReference();
+    if (*profiler)
+        (*profiler)->willExecute(newCallFrame, program->sourceURL(), program->lineNo());
+
+    JSValue result;
+    {
+        SamplingTool::CallRecord callRecord(m_sampler);
+
+        m_reentryDepth++;
+#if ENABLE(JIT)
+        result = program->jitCode(newCallFrame, scopeChain).execute(&m_registerFile, newCallFrame, scopeChain->globalData, exception);
+#else
+        result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
+#endif
+        m_reentryDepth--;
+    }
+
+    if (*profiler)
+        (*profiler)->didExecute(callFrame, program->sourceURL(), program->lineNo());
+
+    if (m_reentryDepth && lastGlobalObject && globalObject != lastGlobalObject)
+        lastGlobalObject->copyGlobalsTo(m_registerFile);
+
+    m_registerFile.shrink(oldEnd);
+
+    return result;
+}
+
+JSValue Interpreter::execute(FunctionExecutable* functionExecutable, CallFrame* callFrame, JSFunction* function, JSObject* thisObj, const ArgList& args, ScopeChainNode* scopeChain, JSValue* exception)
+{
+    ASSERT(!scopeChain->globalData->exception);
+
+    if (m_reentryDepth >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || m_reentryDepth >= MaxMainThreadReentryDepth) {
+            *exception = createStackOverflowError(callFrame);
+            return jsNull();
+        }
+    }
+
+    Register* oldEnd = m_registerFile.end();
+    int argc = 1 + args.size(); // implicit "this" parameter
+
+    if (!m_registerFile.grow(oldEnd + argc)) {
+        *exception = createStackOverflowError(callFrame);
+        return jsNull();
+    }
+
+    DynamicGlobalObjectScope globalObjectScope(callFrame, callFrame->globalData().dynamicGlobalObject ? callFrame->globalData().dynamicGlobalObject : scopeChain->globalObject());
+
+    CallFrame* newCallFrame = CallFrame::create(oldEnd);
+    size_t dst = 0;
+    newCallFrame->r(0) = JSValue(thisObj);
+    ArgList::const_iterator end = args.end();
+    for (ArgList::const_iterator it = args.begin(); it != end; ++it)
+        newCallFrame->r(++dst) = *it;
+
+    CodeBlock* codeBlock = &functionExecutable->bytecode(callFrame, scopeChain);
+    newCallFrame = slideRegisterWindowForCall(codeBlock, &m_registerFile, newCallFrame, argc + RegisterFile::CallFrameHeaderSize, argc);
+    if (UNLIKELY(!newCallFrame)) {
+        *exception = createStackOverflowError(callFrame);
+        m_registerFile.shrink(oldEnd);
+        return jsNull();
+    }
+    // a 0 codeBlock indicates a built-in caller
+    newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), 0, argc, function);
+
+    Profiler** profiler = Profiler::enabledProfilerReference();
+    if (*profiler)
+        (*profiler)->willExecute(callFrame, function);
+
+    JSValue result;
+    {
+        SamplingTool::CallRecord callRecord(m_sampler);
+
+        m_reentryDepth++;
+#if ENABLE(JIT)
+        result = functionExecutable->jitCode(newCallFrame, scopeChain).execute(&m_registerFile, newCallFrame, scopeChain->globalData, exception);
+#else
+        result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
+#endif
+        m_reentryDepth--;
+    }
+
+    if (*profiler)
+        (*profiler)->didExecute(callFrame, function);
+
+    m_registerFile.shrink(oldEnd);
+    return result;
+}
+
+CallFrameClosure Interpreter::prepareForRepeatCall(FunctionExecutable* FunctionExecutable, CallFrame* callFrame, JSFunction* function, int argCount, ScopeChainNode* scopeChain, JSValue* exception)
+{
+    ASSERT(!scopeChain->globalData->exception);
+    
+    if (m_reentryDepth >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || m_reentryDepth >= MaxMainThreadReentryDepth) {
+            *exception = createStackOverflowError(callFrame);
+            return CallFrameClosure();
+        }
+    }
+    
+    Register* oldEnd = m_registerFile.end();
+    int argc = 1 + argCount; // implicit "this" parameter
+    
+    if (!m_registerFile.grow(oldEnd + argc)) {
+        *exception = createStackOverflowError(callFrame);
+        return CallFrameClosure();
+    }
+
+    CallFrame* newCallFrame = CallFrame::create(oldEnd);
+    size_t dst = 0;
+    for (int i = 0; i < argc; ++i)
+        newCallFrame->r(++dst) = jsUndefined();
+    
+    CodeBlock* codeBlock = &FunctionExecutable->bytecode(callFrame, scopeChain);
+    newCallFrame = slideRegisterWindowForCall(codeBlock, &m_registerFile, newCallFrame, argc + RegisterFile::CallFrameHeaderSize, argc);
+    if (UNLIKELY(!newCallFrame)) {
+        *exception = createStackOverflowError(callFrame);
+        m_registerFile.shrink(oldEnd);
+        return CallFrameClosure();
+    }
+    // a 0 codeBlock indicates a built-in caller
+    newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), 0, argc, function);
+#if ENABLE(JIT)
+    FunctionExecutable->jitCode(newCallFrame, scopeChain);
+#endif
+
+    CallFrameClosure result = { callFrame, newCallFrame, function, FunctionExecutable, scopeChain->globalData, oldEnd, scopeChain, codeBlock->m_numParameters, argc };
+    return result;
+}
+
+JSValue Interpreter::execute(CallFrameClosure& closure, JSValue* exception) 
+{
+    closure.resetCallFrame();
+    Profiler** profiler = Profiler::enabledProfilerReference();
+    if (*profiler)
+        (*profiler)->willExecute(closure.oldCallFrame, closure.function);
+    
+    JSValue result;
+    {
+        SamplingTool::CallRecord callRecord(m_sampler);
+        
+        m_reentryDepth++;
+#if ENABLE(JIT)
+        result = closure.functionExecutable->generatedJITCode().execute(&m_registerFile, closure.newCallFrame, closure.globalData, exception);
+#else
+        result = privateExecute(Normal, &m_registerFile, closure.newCallFrame, exception);
+#endif
+        m_reentryDepth--;
+    }
+    
+    if (*profiler)
+        (*profiler)->didExecute(closure.oldCallFrame, closure.function);
+    return result;
+}
+
+void Interpreter::endRepeatCall(CallFrameClosure& closure)
+{
+    m_registerFile.shrink(closure.oldEnd);
+}
+
+JSValue Interpreter::execute(EvalExecutable* eval, CallFrame* callFrame, JSObject* thisObj, ScopeChainNode* scopeChain, JSValue* exception)
+{
+    return execute(eval, callFrame, thisObj, m_registerFile.size() + eval->bytecode(callFrame, scopeChain).m_numParameters + RegisterFile::CallFrameHeaderSize, scopeChain, exception);
+}
+
+JSValue Interpreter::execute(EvalExecutable* eval, CallFrame* callFrame, JSObject* thisObj, int globalRegisterOffset, ScopeChainNode* scopeChain, JSValue* exception)
+{
+    ASSERT(!scopeChain->globalData->exception);
+
+    if (m_reentryDepth >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || m_reentryDepth >= MaxMainThreadReentryDepth) {
+            *exception = createStackOverflowError(callFrame);
+            return jsNull();
+        }
+    }
+
+    DynamicGlobalObjectScope globalObjectScope(callFrame, callFrame->globalData().dynamicGlobalObject ? callFrame->globalData().dynamicGlobalObject : scopeChain->globalObject());
+
+    EvalCodeBlock* codeBlock = &eval->bytecode(callFrame, scopeChain);
+
+    JSVariableObject* variableObject;
+    for (ScopeChainNode* node = scopeChain; ; node = node->next) {
+        ASSERT(node);
+        if (node->object->isVariableObject()) {
+            variableObject = static_cast<JSVariableObject*>(node->object);
+            break;
+        }
+    }
+
+    { // Scope for BatchedTransitionOptimizer
+
+        BatchedTransitionOptimizer optimizer(variableObject);
+
+        unsigned numVariables = codeBlock->numVariables();
+        for (unsigned i = 0; i < numVariables; ++i) {
+            const Identifier& ident = codeBlock->variable(i);
+            if (!variableObject->hasProperty(callFrame, ident)) {
+                PutPropertySlot slot;
+                variableObject->put(callFrame, ident, jsUndefined(), slot);
+            }
+        }
+
+        int numFunctions = codeBlock->numberOfFunctionDecls();
+        for (int i = 0; i < numFunctions; ++i) {
+            FunctionExecutable* function = codeBlock->functionDecl(i);
+            PutPropertySlot slot;
+            variableObject->put(callFrame, function->name(), function->make(callFrame, scopeChain), slot);
+        }
+
+    }
+
+    Register* oldEnd = m_registerFile.end();
+#ifdef  QT_BUILD_SCRIPT_LIB //with QtScript, we do not necesserly start from scratch
+    Register* newEnd = oldEnd + globalRegisterOffset + codeBlock->m_numCalleeRegisters;
+#else
+    Register* newEnd = m_registerFile.start() + globalRegisterOffset + codeBlock->m_numCalleeRegisters;
+#endif
+    if (!m_registerFile.grow(newEnd)) {
+        *exception = createStackOverflowError(callFrame);
+        return jsNull();
+    }
+
+#ifdef QT_BUILD_SCRIPT_LIB //with QtScript, we do not necesserly start from scratch
+    CallFrame* newCallFrame = CallFrame::create(oldEnd + globalRegisterOffset);
+#else
+    CallFrame* newCallFrame = CallFrame::create(m_registerFile.start() + globalRegisterOffset);
+#endif
+
+    // a 0 codeBlock indicates a built-in caller
+    newCallFrame->r(codeBlock->thisRegister()) = JSValue(thisObj);
+    newCallFrame->init(codeBlock, 0, scopeChain, callFrame->addHostCallFrameFlag(), 0, 0, 0);
+
+    if (codeBlock->needsFullScopeChain())
+        scopeChain->ref();
+
+    Profiler** profiler = Profiler::enabledProfilerReference();
+    if (*profiler)
+        (*profiler)->willExecute(newCallFrame, eval->sourceURL(), eval->lineNo());
+
+    JSValue result;
+    {
+        SamplingTool::CallRecord callRecord(m_sampler);
+
+        m_reentryDepth++;
+#if ENABLE(JIT)
+        result = eval->jitCode(newCallFrame, scopeChain).execute(&m_registerFile, newCallFrame, scopeChain->globalData, exception);
+#else
+        result = privateExecute(Normal, &m_registerFile, newCallFrame, exception);
+#endif
+        m_reentryDepth--;
+    }
+
+    if (*profiler)
+        (*profiler)->didExecute(callFrame, eval->sourceURL(), eval->lineNo());
+
+    m_registerFile.shrink(oldEnd);
+    return result;
+}
+
+NEVER_INLINE void Interpreter::debug(CallFrame* callFrame, DebugHookID debugHookID, int firstLine, int lastLine, int column)
+{
+    Debugger* debugger = callFrame->dynamicGlobalObject()->debugger();
+    if (!debugger)
+        return;
+
+    switch (debugHookID) {
+        case DidEnterCallFrame:
+            debugger->callEvent(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), firstLine);
+            return;
+        case WillLeaveCallFrame:
+            debugger->returnEvent(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), lastLine);
+            return;
+        case WillExecuteStatement:
+            debugger->atStatement(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), firstLine, column);
+            return;
+        case WillExecuteProgram:
+            debugger->willExecuteProgram(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), firstLine);
+            return;
+        case DidExecuteProgram:
+            debugger->didExecuteProgram(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), lastLine);
+            return;
+        case DidReachBreakpoint:
+            debugger->didReachBreakpoint(callFrame, callFrame->codeBlock()->ownerExecutable()->sourceID(), lastLine, column);
+            return;
+    }
+}
+    
+#if USE(INTERPRETER)
+NEVER_INLINE ScopeChainNode* Interpreter::createExceptionScope(CallFrame* callFrame, const Instruction* vPC)
+{
+    int dst = (++vPC)->u.operand;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Identifier& property = codeBlock->identifier((++vPC)->u.operand);
+    JSValue value = callFrame->r((++vPC)->u.operand).jsValue();
+    JSObject* scope = new (callFrame) JSStaticScopeObject(callFrame, property, value, DontDelete);
+    callFrame->r(dst) = JSValue(scope);
+
+    return callFrame->scopeChain()->push(scope);
+}
+
+NEVER_INLINE void Interpreter::tryCachePutByID(CallFrame* callFrame, CodeBlock* codeBlock, Instruction* vPC, JSValue baseValue, const PutPropertySlot& slot)
+{
+    // Recursive invocation may already have specialized this instruction.
+    if (vPC[0].u.opcode != getOpcode(op_put_by_id))
+        return;
+
+    if (!baseValue.isCell())
+        return;
+
+    // Uncacheable: give up.
+    if (!slot.isCacheable()) {
+        vPC[0] = getOpcode(op_put_by_id_generic);
+        return;
+    }
+    
+    JSCell* baseCell = asCell(baseValue);
+    Structure* structure = baseCell->structure();
+
+    if (structure->isUncacheableDictionary()) {
+        vPC[0] = getOpcode(op_put_by_id_generic);
+        return;
+    }
+
+    // Cache miss: record Structure to compare against next time.
+    Structure* lastStructure = vPC[4].u.structure;
+    if (structure != lastStructure) {
+        // First miss: record Structure to compare against next time.
+        if (!lastStructure) {
+            vPC[4] = structure;
+            return;
+        }
+
+        // Second miss: give up.
+        vPC[0] = getOpcode(op_put_by_id_generic);
+        return;
+    }
+
+    // Cache hit: Specialize instruction and ref Structures.
+
+    // If baseCell != slot.base(), then baseCell must be a proxy for another object.
+    if (baseCell != slot.base()) {
+        vPC[0] = getOpcode(op_put_by_id_generic);
+        return;
+    }
+
+    StructureChain* protoChain = structure->prototypeChain(callFrame);
+    if (!protoChain->isCacheable()) {
+        vPC[0] = getOpcode(op_put_by_id_generic);
+        return;
+    }
+
+    // Structure transition, cache transition info
+    if (slot.type() == PutPropertySlot::NewProperty) {
+        if (structure->isDictionary()) {
+            vPC[0] = getOpcode(op_put_by_id_generic);
+            return;
+        }
+        vPC[0] = getOpcode(op_put_by_id_transition);
+        vPC[4] = structure->previousID();
+        vPC[5] = structure;
+        vPC[6] = protoChain;
+        vPC[7] = slot.cachedOffset();
+        codeBlock->refStructures(vPC);
+        return;
+    }
+
+    vPC[0] = getOpcode(op_put_by_id_replace);
+    vPC[5] = slot.cachedOffset();
+    codeBlock->refStructures(vPC);
+}
+
+NEVER_INLINE void Interpreter::uncachePutByID(CodeBlock* codeBlock, Instruction* vPC)
+{
+    codeBlock->derefStructures(vPC);
+    vPC[0] = getOpcode(op_put_by_id);
+    vPC[4] = 0;
+}
+
+NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, Instruction* vPC, JSValue baseValue, const Identifier& propertyName, const PropertySlot& slot)
+{
+    // Recursive invocation may already have specialized this instruction.
+    if (vPC[0].u.opcode != getOpcode(op_get_by_id))
+        return;
+
+    // FIXME: Cache property access for immediates.
+    if (!baseValue.isCell()) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    JSGlobalData* globalData = &callFrame->globalData();
+    if (isJSArray(globalData, baseValue) && propertyName == callFrame->propertyNames().length) {
+        vPC[0] = getOpcode(op_get_array_length);
+        return;
+    }
+
+    if (isJSString(globalData, baseValue) && propertyName == callFrame->propertyNames().length) {
+        vPC[0] = getOpcode(op_get_string_length);
+        return;
+    }
+
+    // Uncacheable: give up.
+    if (!slot.isCacheable()) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    Structure* structure = asCell(baseValue)->structure();
+
+    if (structure->isUncacheableDictionary()) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    // Cache miss
+    Structure* lastStructure = vPC[4].u.structure;
+    if (structure != lastStructure) {
+        // First miss: record Structure to compare against next time.
+        if (!lastStructure) {
+            vPC[4] = structure;
+            return;
+        }
+
+        // Second miss: give up.
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    // Cache hit: Specialize instruction and ref Structures.
+
+    if (slot.slotBase() == baseValue) {
+        vPC[0] = getOpcode(op_get_by_id_self);
+        vPC[5] = slot.cachedOffset();
+
+        codeBlock->refStructures(vPC);
+        return;
+    }
+
+    if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
+        ASSERT(slot.slotBase().isObject());
+
+        JSObject* baseObject = asObject(slot.slotBase());
+
+        // Since we're accessing a prototype in a loop, it's a good bet that it
+        // should not be treated as a dictionary.
+        if (baseObject->structure()->isDictionary())
+            baseObject->setStructure(Structure::fromDictionaryTransition(baseObject->structure()));
+
+        vPC[0] = getOpcode(op_get_by_id_proto);
+        vPC[5] = baseObject->structure();
+        vPC[6] = slot.cachedOffset();
+
+        codeBlock->refStructures(vPC);
+        return;
+    }
+
+    size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
+    if (!count) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    StructureChain* protoChain = structure->prototypeChain(callFrame);
+    if (!protoChain->isCacheable()) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
+    }
+
+    vPC[0] = getOpcode(op_get_by_id_chain);
+    vPC[4] = structure;
+    vPC[5] = protoChain;
+    vPC[6] = count;
+    vPC[7] = slot.cachedOffset();
+    codeBlock->refStructures(vPC);
+}
+
+NEVER_INLINE void Interpreter::uncacheGetByID(CodeBlock* codeBlock, Instruction* vPC)
+{
+    codeBlock->derefStructures(vPC);
+    vPC[0] = getOpcode(op_get_by_id);
+    vPC[4] = 0;
+}
+
+#endif // USE(INTERPRETER)
+
+JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFile, CallFrame* callFrame, JSValue* exception)
+{
+    // One-time initialization of our address tables. We have to put this code
+    // here because our labels are only in scope inside this function.
+    if (flag == InitializeAndReturn) {
+        #if HAVE(COMPUTED_GOTO)
+            #define ADD_BYTECODE(id, length) m_opcodeTable[id] = &&id;
+                FOR_EACH_OPCODE_ID(ADD_BYTECODE);
+            #undef ADD_BYTECODE
+
+            #define ADD_OPCODE_ID(id, length) m_opcodeIDTable.add(&&id, id);
+                FOR_EACH_OPCODE_ID(ADD_OPCODE_ID);
+            #undef ADD_OPCODE_ID
+            ASSERT(m_opcodeIDTable.size() == numOpcodeIDs);
+        #endif // HAVE(COMPUTED_GOTO)
+        return JSValue();
+    }
+
+#if ENABLE(JIT)
+    // Mixing Interpreter + JIT is not supported.
+    ASSERT_NOT_REACHED();
+#endif
+#if !USE(INTERPRETER)
+    UNUSED_PARAM(registerFile);
+    UNUSED_PARAM(callFrame);
+    UNUSED_PARAM(exception);
+    return JSValue();
+#else
+
+    JSGlobalData* globalData = &callFrame->globalData();
+    JSValue exceptionValue;
+    HandlerInfo* handler = 0;
+
+    Instruction* vPC = callFrame->codeBlock()->instructions().begin();
+    Profiler** enabledProfilerReference = Profiler::enabledProfilerReference();
+    unsigned tickCount = globalData->timeoutChecker->ticksUntilNextCheck();
+
+#define CHECK_FOR_EXCEPTION() \
+    do { \
+        if (UNLIKELY(globalData->exception != JSValue())) { \
+            exceptionValue = globalData->exception; \
+            goto vm_throw; \
+        } \
+    } while (0)
+
+#if ENABLE(OPCODE_STATS)
+    OpcodeStats::resetLastInstruction();
+#endif
+
+#define CHECK_FOR_TIMEOUT() \
+    if (!--tickCount) { \
+        if (globalData->timeoutChecker->didTimeOut(callFrame)) { \
+            exceptionValue = jsNull(); \
+            goto vm_throw; \
+        } \
+        tickCount = globalData->timeoutChecker->ticksUntilNextCheck(); \
+        CHECK_FOR_EXCEPTION(); \
+    }
+    
+#if ENABLE(OPCODE_SAMPLING)
+    #define SAMPLE(codeBlock, vPC) m_sampler->sample(codeBlock, vPC)
+#else
+    #define SAMPLE(codeBlock, vPC)
+#endif
+
+#if HAVE(COMPUTED_GOTO)
+    #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto *vPC->u.opcode
+#if ENABLE(OPCODE_STATS)
+    #define DEFINE_OPCODE(opcode) opcode: OpcodeStats::recordInstruction(opcode);
+#else
+    #define DEFINE_OPCODE(opcode) opcode:
+#endif
+    NEXT_INSTRUCTION();
+#else
+    #define NEXT_INSTRUCTION() SAMPLE(callFrame->codeBlock(), vPC); goto interpreterLoopStart
+#if ENABLE(OPCODE_STATS)
+    #define DEFINE_OPCODE(opcode) case opcode: OpcodeStats::recordInstruction(opcode);
+#else
+    #define DEFINE_OPCODE(opcode) case opcode:
+#endif
+    while (1) { // iterator loop begins
+    interpreterLoopStart:;
+    switch (vPC->u.opcode)
+#endif
+    {
+    DEFINE_OPCODE(op_new_object) {
+        /* new_object dst(r)
+
+           Constructs a new empty Object instance using the original
+           constructor, and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        callFrame->r(dst) = JSValue(constructEmptyObject(callFrame));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_new_array) {
+        /* new_array dst(r) firstArg(r) argCount(n)
+
+           Constructs a new Array instance using the original
+           constructor, and puts the result in register dst.
+           The array will contain argCount elements with values
+           taken from registers starting at register firstArg.
+        */
+        int dst = (++vPC)->u.operand;
+        int firstArg = (++vPC)->u.operand;
+        int argCount = (++vPC)->u.operand;
+        ArgList args(callFrame->registers() + firstArg, argCount);
+        callFrame->r(dst) = JSValue(constructArray(callFrame, args));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_new_regexp) {
+        /* new_regexp dst(r) regExp(re)
+
+           Constructs a new RegExp instance using the original
+           constructor from regexp regExp, and puts the result in
+           register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int regExp = (++vPC)->u.operand;
+        callFrame->r(dst) = JSValue(new (globalData) RegExpObject(callFrame->scopeChain()->globalObject()->regExpStructure(), callFrame->codeBlock()->regexp(regExp)));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_mov) {
+        /* mov dst(r) src(r)
+
+           Copies register src to register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = callFrame->r(src);
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_eq) {
+        /* eq dst(r) src1(r) src2(r)
+
+           Checks whether register src1 and register src2 are equal,
+           as with the ECMAScript '==' operator, and puts the result
+           as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsBoolean(src1.asInt32() == src2.asInt32());
+        else {
+            JSValue result = jsBoolean(JSValue::equalSlowCase(callFrame, src1, src2));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_eq_null) {
+        /* eq_null dst(r) src(r)
+
+           Checks whether register src is null, as with the ECMAScript '!='
+           operator, and puts the result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (src.isUndefinedOrNull()) {
+            callFrame->r(dst) = jsBoolean(true);
+            ++vPC;
+            NEXT_INSTRUCTION();
+        }
+        
+        callFrame->r(dst) = jsBoolean(src.isCell() && src.asCell()->structure()->typeInfo().masqueradesAsUndefined());
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_neq) {
+        /* neq dst(r) src1(r) src2(r)
+
+           Checks whether register src1 and register src2 are not
+           equal, as with the ECMAScript '!=' operator, and puts the
+           result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsBoolean(src1.asInt32() != src2.asInt32());
+        else {
+            JSValue result = jsBoolean(!JSValue::equalSlowCase(callFrame, src1, src2));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_neq_null) {
+        /* neq_null dst(r) src(r)
+
+           Checks whether register src is not null, as with the ECMAScript '!='
+           operator, and puts the result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (src.isUndefinedOrNull()) {
+            callFrame->r(dst) = jsBoolean(false);
+            ++vPC;
+            NEXT_INSTRUCTION();
+        }
+        
+        callFrame->r(dst) = jsBoolean(!src.isCell() || !asCell(src)->structure()->typeInfo().masqueradesAsUndefined());
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_stricteq) {
+        /* stricteq dst(r) src1(r) src2(r)
+
+           Checks whether register src1 and register src2 are strictly
+           equal, as with the ECMAScript '===' operator, and puts the
+           result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        callFrame->r(dst) = jsBoolean(JSValue::strictEqual(src1, src2));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_nstricteq) {
+        /* nstricteq dst(r) src1(r) src2(r)
+
+           Checks whether register src1 and register src2 are not
+           strictly equal, as with the ECMAScript '!==' operator, and
+           puts the result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        callFrame->r(dst) = jsBoolean(!JSValue::strictEqual(src1, src2));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_less) {
+        /* less dst(r) src1(r) src2(r)
+
+           Checks whether register src1 is less than register src2, as
+           with the ECMAScript '<' operator, and puts the result as
+           a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue result = jsBoolean(jsLess(callFrame, src1, src2));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_lesseq) {
+        /* lesseq dst(r) src1(r) src2(r)
+
+           Checks whether register src1 is less than or equal to
+           register src2, as with the ECMAScript '<=' operator, and
+           puts the result as a boolean in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue result = jsBoolean(jsLessEq(callFrame, src1, src2));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_pre_inc) {
+        /* pre_inc srcDst(r)
+
+           Converts register srcDst to number, adds one, and puts the result
+           back in register srcDst.
+        */
+        int srcDst = (++vPC)->u.operand;
+        JSValue v = callFrame->r(srcDst).jsValue();
+        if (v.isInt32() && v.asInt32() < INT_MAX)
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() + 1);
+        else {
+            JSValue result = jsNumber(callFrame, v.toNumber(callFrame) + 1);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_pre_dec) {
+        /* pre_dec srcDst(r)
+
+           Converts register srcDst to number, subtracts one, and puts the result
+           back in register srcDst.
+        */
+        int srcDst = (++vPC)->u.operand;
+        JSValue v = callFrame->r(srcDst).jsValue();
+        if (v.isInt32() && v.asInt32() > INT_MIN)
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() - 1);
+        else {
+            JSValue result = jsNumber(callFrame, v.toNumber(callFrame) - 1);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_post_inc) {
+        /* post_inc dst(r) srcDst(r)
+
+           Converts register srcDst to number. The number itself is
+           written to register dst, and the number plus one is written
+           back to register srcDst.
+        */
+        int dst = (++vPC)->u.operand;
+        int srcDst = (++vPC)->u.operand;
+        JSValue v = callFrame->r(srcDst).jsValue();
+        if (v.isInt32() && v.asInt32() < INT_MAX) {
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() + 1);
+            callFrame->r(dst) = v;
+        } else {
+            JSValue number = callFrame->r(srcDst).jsValue().toJSNumber(callFrame);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = jsNumber(callFrame, number.uncheckedGetNumber() + 1);
+            callFrame->r(dst) = number;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_post_dec) {
+        /* post_dec dst(r) srcDst(r)
+
+           Converts register srcDst to number. The number itself is
+           written to register dst, and the number minus one is written
+           back to register srcDst.
+        */
+        int dst = (++vPC)->u.operand;
+        int srcDst = (++vPC)->u.operand;
+        JSValue v = callFrame->r(srcDst).jsValue();
+        if (v.isInt32() && v.asInt32() > INT_MIN) {
+            callFrame->r(srcDst) = jsNumber(callFrame, v.asInt32() - 1);
+            callFrame->r(dst) = v;
+        } else {
+            JSValue number = callFrame->r(srcDst).jsValue().toJSNumber(callFrame);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(srcDst) = jsNumber(callFrame, number.uncheckedGetNumber() - 1);
+            callFrame->r(dst) = number;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_to_jsnumber) {
+        /* to_jsnumber dst(r) src(r)
+
+           Converts register src to number, and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+
+        JSValue srcVal = callFrame->r(src).jsValue();
+
+        if (LIKELY(srcVal.isNumber()))
+            callFrame->r(dst) = callFrame->r(src);
+        else {
+            JSValue result = srcVal.toJSNumber(callFrame);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_negate) {
+        /* negate dst(r) src(r)
+
+           Converts register src to number, negates it, and puts the
+           result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src.isInt32() && src.asInt32())
+            callFrame->r(dst) = jsNumber(callFrame, -src.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, -src.toNumber(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_add) {
+        /* add dst(r) src1(r) src2(r)
+
+           Adds register src1 and register src2, and puts the result
+           in register dst. (JS add may be string concatenation or
+           numeric add, depending on the types of the operands.)
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() & 0xc0000000)) // no overflow
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() + src2.asInt32());
+        else {
+            JSValue result = jsAdd(callFrame, src1, src2);
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_mul) {
+        /* mul dst(r) src1(r) src2(r)
+
+           Multiplies register src1 and register src2 (converted to
+           numbers), and puts the product in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() >> 15)) // no overflow
+                callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() * src2.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, src1.toNumber(callFrame) * src2.toNumber(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_div) {
+        /* div dst(r) dividend(r) divisor(r)
+
+           Divides register dividend (converted to number) by the
+           register divisor (converted to number), and puts the
+           quotient in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue dividend = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue divisor = callFrame->r((++vPC)->u.operand).jsValue();
+
+        JSValue result = jsNumber(callFrame, dividend.toNumber(callFrame) / divisor.toNumber(callFrame));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_mod) {
+        /* mod dst(r) dividend(r) divisor(r)
+
+           Divides register dividend (converted to number) by
+           register divisor (converted to number), and puts the
+           remainder in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue dividend = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue divisor = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (dividend.isInt32() && divisor.isInt32() && divisor.asInt32() != 0) {
+            JSValue result = jsNumber(callFrame, dividend.asInt32() % divisor.asInt32());
+            ASSERT(result);
+            callFrame->r(dst) = result;
+            ++vPC;
+            NEXT_INSTRUCTION();
+        }
+
+        // Conversion to double must happen outside the call to fmod since the
+        // order of argument evaluation is not guaranteed.
+        double d1 = dividend.toNumber(callFrame);
+        double d2 = divisor.toNumber(callFrame);
+        JSValue result = jsNumber(callFrame, fmod(d1, d2));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_sub) {
+        /* sub dst(r) src1(r) src2(r)
+
+           Subtracts register src2 (converted to number) from register
+           src1 (converted to number), and puts the difference in
+           register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32() && !(src1.asInt32() | src2.asInt32() & 0xc0000000)) // no overflow
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() - src2.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, src1.toNumber(callFrame) - src2.toNumber(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_lshift) {
+        /* lshift dst(r) val(r) shift(r)
+
+           Performs left shift of register val (converted to int32) by
+           register shift (converted to uint32), and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (val.isInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() << (shift.asInt32() & 0x1f));
+        else {
+            JSValue result = jsNumber(callFrame, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_rshift) {
+        /* rshift dst(r) val(r) shift(r)
+
+           Performs arithmetic right shift of register val (converted
+           to int32) by register shift (converted to
+           uint32), and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
+
+        if (val.isInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() >> (shift.asInt32() & 0x1f));
+        else {
+            JSValue result = jsNumber(callFrame, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_urshift) {
+        /* rshift dst(r) val(r) shift(r)
+
+           Performs logical right shift of register val (converted
+           to uint32) by register shift (converted to
+           uint32), and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue val = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue shift = callFrame->r((++vPC)->u.operand).jsValue();
+        if (val.isUInt32() && shift.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, val.asInt32() >> (shift.asInt32() & 0x1f));
+        else {
+            JSValue result = jsNumber(callFrame, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_bitand) {
+        /* bitand dst(r) src1(r) src2(r)
+
+           Computes bitwise AND of register src1 (converted to int32)
+           and register src2 (converted to int32), and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() & src2.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) & src2.toInt32(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_bitxor) {
+        /* bitxor dst(r) src1(r) src2(r)
+
+           Computes bitwise XOR of register src1 (converted to int32)
+           and register src2 (converted to int32), and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() ^ src2.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) ^ src2.toInt32(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_bitor) {
+        /* bitor dst(r) src1(r) src2(r)
+
+           Computes bitwise OR of register src1 (converted to int32)
+           and register src2 (converted to int32), and puts the
+           result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src1.isInt32() && src2.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, src1.asInt32() | src2.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, src1.toInt32(callFrame) | src2.toInt32(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_bitnot) {
+        /* bitnot dst(r) src(r)
+
+           Computes bitwise NOT of register src1 (converted to int32),
+           and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        JSValue src = callFrame->r((++vPC)->u.operand).jsValue();
+        if (src.isInt32())
+            callFrame->r(dst) = jsNumber(callFrame, ~src.asInt32());
+        else {
+            JSValue result = jsNumber(callFrame, ~src.toInt32(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = result;
+        }
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_not) {
+        /* not dst(r) src(r)
+
+           Computes logical NOT of register src (converted to
+           boolean), and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        JSValue result = jsBoolean(!callFrame->r(src).jsValue().toBoolean(callFrame));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_instanceof) {
+        /* instanceof dst(r) value(r) constructor(r) constructorProto(r)
+
+           Tests whether register value is an instance of register
+           constructor, and puts the boolean result in register
+           dst. Register constructorProto must contain the "prototype"
+           property (not the actual prototype) of the object in
+           register constructor. This lookup is separated so that
+           polymorphic inline caching can apply.
+
+           Raises an exception if register constructor is not an
+           object.
+        */
+        int dst = vPC[1].u.operand;
+        int value = vPC[2].u.operand;
+        int base = vPC[3].u.operand;
+        int baseProto = vPC[4].u.operand;
+
+        JSValue baseVal = callFrame->r(base).jsValue();
+
+        if (isInvalidParamForInstanceOf(callFrame, callFrame->codeBlock(), vPC, baseVal, exceptionValue))
+            goto vm_throw;
+
+        bool result = asObject(baseVal)->hasInstance(callFrame, callFrame->r(value).jsValue(), callFrame->r(baseProto).jsValue());
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = jsBoolean(result);
+
+        vPC += 5;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_typeof) {
+        /* typeof dst(r) src(r)
+
+           Determines the type string for src according to ECMAScript
+           rules, and puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = JSValue(jsTypeStringForValue(callFrame, callFrame->r(src).jsValue()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_undefined) {
+        /* is_undefined dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "undefined", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        JSValue v = callFrame->r(src).jsValue();
+        callFrame->r(dst) = jsBoolean(v.isCell() ? v.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v.isUndefined());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_boolean) {
+        /* is_boolean dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "boolean", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = jsBoolean(callFrame->r(src).jsValue().isBoolean());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_number) {
+        /* is_number dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "number", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = jsBoolean(callFrame->r(src).jsValue().isNumber());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_string) {
+        /* is_string dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "string", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = jsBoolean(callFrame->r(src).jsValue().isString());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_object) {
+        /* is_object dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "object", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = jsBoolean(jsIsObjectType(callFrame->r(src).jsValue()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_is_function) {
+        /* is_function dst(r) src(r)
+
+           Determines whether the type string for src according to
+           the ECMAScript rules is "function", and puts the result
+           in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        callFrame->r(dst) = jsBoolean(jsIsFunctionType(callFrame->r(src).jsValue()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_in) {
+        /* in dst(r) property(r) base(r)
+
+           Tests whether register base has a property named register
+           property, and puts the boolean result in register dst.
+
+           Raises an exception if register constructor is not an
+           object.
+        */
+        int dst = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+        int base = (++vPC)->u.operand;
+
+        JSValue baseVal = callFrame->r(base).jsValue();
+        if (isInvalidParamForIn(callFrame, callFrame->codeBlock(), vPC, baseVal, exceptionValue))
+            goto vm_throw;
+
+        JSObject* baseObj = asObject(baseVal);
+
+        JSValue propName = callFrame->r(property).jsValue();
+
+        uint32_t i;
+        if (propName.getUInt32(i))
+            callFrame->r(dst) = jsBoolean(baseObj->hasProperty(callFrame, i));
+        else {
+            Identifier property(callFrame, propName.toString(callFrame));
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = jsBoolean(baseObj->hasProperty(callFrame, property));
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_resolve) {
+        /* resolve dst(r) property(id)
+
+           Looks up the property named by identifier property in the
+           scope chain, and writes the resulting value to register
+           dst. If the property is not found, raises an exception.
+        */
+        if (UNLIKELY(!resolve(callFrame, vPC, exceptionValue)))
+            goto vm_throw;
+
+        vPC += 3;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_resolve_skip) {
+        /* resolve_skip dst(r) property(id) skip(n)
+
+         Looks up the property named by identifier property in the
+         scope chain skipping the top 'skip' levels, and writes the resulting
+         value to register dst. If the property is not found, raises an exception.
+         */
+        if (UNLIKELY(!resolveSkip(callFrame, vPC, exceptionValue)))
+            goto vm_throw;
+
+        vPC += 4;
+
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_resolve_global) {
+        /* resolve_skip dst(r) globalObject(c) property(id) structure(sID) offset(n)
+         
+           Performs a dynamic property lookup for the given property, on the provided
+           global object.  If structure matches the Structure of the global then perform
+           a fast lookup using the case offset, otherwise fall back to a full resolve and
+           cache the new structure and offset
+         */
+        if (UNLIKELY(!resolveGlobal(callFrame, vPC, exceptionValue)))
+            goto vm_throw;
+        
+        vPC += 6;
+        
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_global_var) {
+        /* get_global_var dst(r) globalObject(c) index(n)
+
+           Gets the global var at global slot index and places it in register dst.
+         */
+        int dst = (++vPC)->u.operand;
+        JSGlobalObject* scope = static_cast<JSGlobalObject*>((++vPC)->u.jsCell);
+        ASSERT(scope->isGlobalObject());
+        int index = (++vPC)->u.operand;
+
+        callFrame->r(dst) = scope->registerAt(index);
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_global_var) {
+        /* put_global_var globalObject(c) index(n) value(r)
+         
+           Puts value into global slot index.
+         */
+        JSGlobalObject* scope = static_cast<JSGlobalObject*>((++vPC)->u.jsCell);
+        ASSERT(scope->isGlobalObject());
+        int index = (++vPC)->u.operand;
+        int value = (++vPC)->u.operand;
+        
+        scope->registerAt(index) = JSValue(callFrame->r(value).jsValue());
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }            
+    DEFINE_OPCODE(op_get_scoped_var) {
+        /* get_scoped_var dst(r) index(n) skip(n)
+
+         Loads the contents of the index-th local from the scope skip nodes from
+         the top of the scope chain, and places it in register dst
+         */
+        int dst = (++vPC)->u.operand;
+        int index = (++vPC)->u.operand;
+        int skip = (++vPC)->u.operand + callFrame->codeBlock()->needsFullScopeChain();
+
+        ScopeChainNode* scopeChain = callFrame->scopeChain();
+        ScopeChainIterator iter = scopeChain->begin();
+        ScopeChainIterator end = scopeChain->end();
+        ASSERT(iter != end);
+        while (skip--) {
+            ++iter;
+            ASSERT(iter != end);
+        }
+
+        ASSERT((*iter)->isVariableObject());
+        JSVariableObject* scope = static_cast<JSVariableObject*>(*iter);
+        callFrame->r(dst) = scope->registerAt(index);
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_scoped_var) {
+        /* put_scoped_var index(n) skip(n) value(r)
+
+         */
+        int index = (++vPC)->u.operand;
+        int skip = (++vPC)->u.operand + callFrame->codeBlock()->needsFullScopeChain();
+        int value = (++vPC)->u.operand;
+
+        ScopeChainNode* scopeChain = callFrame->scopeChain();
+        ScopeChainIterator iter = scopeChain->begin();
+        ScopeChainIterator end = scopeChain->end();
+        ASSERT(iter != end);
+        while (skip--) {
+            ++iter;
+            ASSERT(iter != end);
+        }
+
+        ASSERT((*iter)->isVariableObject());
+        JSVariableObject* scope = static_cast<JSVariableObject*>(*iter);
+        scope->registerAt(index) = JSValue(callFrame->r(value).jsValue());
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_resolve_base) {
+        /* resolve_base dst(r) property(id)
+
+           Searches the scope chain for an object containing
+           identifier property, and if one is found, writes it to
+           register dst. If none is found, the outermost scope (which
+           will be the global object) is stored in register dst.
+        */
+        resolveBase(callFrame, vPC);
+
+        vPC += 3;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_resolve_with_base) {
+        /* resolve_with_base baseDst(r) propDst(r) property(id)
+
+           Searches the scope chain for an object containing
+           identifier property, and if one is found, writes it to
+           register srcDst, and the retrieved property value to register
+           propDst. If the property is not found, raises an exception.
+
+           This is more efficient than doing resolve_base followed by
+           resolve, or resolve_base followed by get_by_id, as it
+           avoids duplicate hash lookups.
+        */
+        if (UNLIKELY(!resolveBaseAndProperty(callFrame, vPC, exceptionValue)))
+            goto vm_throw;
+
+        vPC += 4;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id) {
+        /* get_by_id dst(r) base(r) property(id) structure(sID) nop(n) nop(n) nop(n)
+
+           Generic property access: Gets the property named by identifier
+           property from the value base, and puts the result in register dst.
+        */
+        int dst = vPC[1].u.operand;
+        int base = vPC[2].u.operand;
+        int property = vPC[3].u.operand;
+
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        Identifier& ident = codeBlock->identifier(property);
+        JSValue baseValue = callFrame->r(base).jsValue();
+        PropertySlot slot(baseValue);
+        JSValue result = baseValue.get(callFrame, ident, slot);
+        CHECK_FOR_EXCEPTION();
+
+        tryCacheGetByID(callFrame, codeBlock, vPC, baseValue, ident, slot);
+
+        callFrame->r(dst) = result;
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_self) {
+        /* op_get_by_id_self dst(r) base(r) property(id) structure(sID) offset(n) nop(n) nop(n)
+
+           Cached property access: Attempts to get a cached property from the
+           value base. If the cache misses, op_get_by_id_self reverts to
+           op_get_by_id.
+        */
+        int base = vPC[2].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+
+        if (LIKELY(baseValue.isCell())) {
+            JSCell* baseCell = asCell(baseValue);
+            Structure* structure = vPC[4].u.structure;
+
+            if (LIKELY(baseCell->structure() == structure)) {
+                ASSERT(baseCell->isObject());
+                JSObject* baseObject = asObject(baseCell);
+                int dst = vPC[1].u.operand;
+                int offset = vPC[5].u.operand;
+
+                ASSERT(baseObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == baseObject->getDirectOffset(offset));
+                callFrame->r(dst) = JSValue(baseObject->getDirectOffset(offset));
+
+                vPC += 8;
+                NEXT_INSTRUCTION();
+            }
+        }
+
+        uncacheGetByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_proto) {
+        /* op_get_by_id_proto dst(r) base(r) property(id) structure(sID) prototypeStructure(sID) offset(n) nop(n)
+
+           Cached property access: Attempts to get a cached property from the
+           value base's prototype. If the cache misses, op_get_by_id_proto
+           reverts to op_get_by_id.
+        */
+        int base = vPC[2].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+
+        if (LIKELY(baseValue.isCell())) {
+            JSCell* baseCell = asCell(baseValue);
+            Structure* structure = vPC[4].u.structure;
+
+            if (LIKELY(baseCell->structure() == structure)) {
+                ASSERT(structure->prototypeForLookup(callFrame).isObject());
+                JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+                Structure* prototypeStructure = vPC[5].u.structure;
+
+                if (LIKELY(protoObject->structure() == prototypeStructure)) {
+                    int dst = vPC[1].u.operand;
+                    int offset = vPC[6].u.operand;
+
+                    ASSERT(protoObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == protoObject->getDirectOffset(offset));
+                    callFrame->r(dst) = JSValue(protoObject->getDirectOffset(offset));
+
+                    vPC += 8;
+                    NEXT_INSTRUCTION();
+                }
+            }
+        }
+
+        uncacheGetByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_self_list) {
+        // Polymorphic self access caching currently only supported when JITting.
+        ASSERT_NOT_REACHED();
+        // This case of the switch must not be empty, else (op_get_by_id_self_list == op_get_by_id_chain)!
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_proto_list) {
+        // Polymorphic prototype access caching currently only supported when JITting.
+        ASSERT_NOT_REACHED();
+        // This case of the switch must not be empty, else (op_get_by_id_proto_list == op_get_by_id_chain)!
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_chain) {
+        /* op_get_by_id_chain dst(r) base(r) property(id) structure(sID) structureChain(chain) count(n) offset(n)
+
+           Cached property access: Attempts to get a cached property from the
+           value base's prototype chain. If the cache misses, op_get_by_id_chain
+           reverts to op_get_by_id.
+        */
+        int base = vPC[2].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+
+        if (LIKELY(baseValue.isCell())) {
+            JSCell* baseCell = asCell(baseValue);
+            Structure* structure = vPC[4].u.structure;
+
+            if (LIKELY(baseCell->structure() == structure)) {
+                RefPtr<Structure>* it = vPC[5].u.structureChain->head();
+                size_t count = vPC[6].u.operand;
+                RefPtr<Structure>* end = it + count;
+
+                while (true) {
+                    JSObject* baseObject = asObject(baseCell->structure()->prototypeForLookup(callFrame));
+
+                    if (UNLIKELY(baseObject->structure() != (*it).get()))
+                        break;
+
+                    if (++it == end) {
+                        int dst = vPC[1].u.operand;
+                        int offset = vPC[7].u.operand;
+
+                        ASSERT(baseObject->get(callFrame, callFrame->codeBlock()->identifier(vPC[3].u.operand)) == baseObject->getDirectOffset(offset));
+                        callFrame->r(dst) = JSValue(baseObject->getDirectOffset(offset));
+
+                        vPC += 8;
+                        NEXT_INSTRUCTION();
+                    }
+
+                    // Update baseCell, so that next time around the loop we'll pick up the prototype's prototype.
+                    baseCell = baseObject;
+                }
+            }
+        }
+
+        uncacheGetByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_id_generic) {
+        /* op_get_by_id_generic dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
+
+           Generic property access: Gets the property named by identifier
+           property from the value base, and puts the result in register dst.
+        */
+        int dst = vPC[1].u.operand;
+        int base = vPC[2].u.operand;
+        int property = vPC[3].u.operand;
+
+        Identifier& ident = callFrame->codeBlock()->identifier(property);
+        JSValue baseValue = callFrame->r(base).jsValue();
+        PropertySlot slot(baseValue);
+        JSValue result = baseValue.get(callFrame, ident, slot);
+        CHECK_FOR_EXCEPTION();
+
+        callFrame->r(dst) = result;
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_array_length) {
+        /* op_get_array_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
+
+           Cached property access: Gets the length of the array in register base,
+           and puts the result in register dst. If register base does not hold
+           an array, op_get_array_length reverts to op_get_by_id.
+        */
+
+        int base = vPC[2].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+        if (LIKELY(isJSArray(globalData, baseValue))) {
+            int dst = vPC[1].u.operand;
+            callFrame->r(dst) = jsNumber(callFrame, asArray(baseValue)->length());
+            vPC += 8;
+            NEXT_INSTRUCTION();
+        }
+
+        uncacheGetByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_string_length) {
+        /* op_get_string_length dst(r) base(r) property(id) nop(sID) nop(n) nop(n) nop(n)
+
+           Cached property access: Gets the length of the string in register base,
+           and puts the result in register dst. If register base does not hold
+           a string, op_get_string_length reverts to op_get_by_id.
+        */
+
+        int base = vPC[2].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+        if (LIKELY(isJSString(globalData, baseValue))) {
+            int dst = vPC[1].u.operand;
+            callFrame->r(dst) = jsNumber(callFrame, asString(baseValue)->value().size());
+            vPC += 8;
+            NEXT_INSTRUCTION();
+        }
+
+        uncacheGetByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_id) {
+        /* put_by_id base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n)
+
+           Generic property access: Sets the property named by identifier
+           property, belonging to register base, to register value.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+
+        int base = vPC[1].u.operand;
+        int property = vPC[2].u.operand;
+        int value = vPC[3].u.operand;
+
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        JSValue baseValue = callFrame->r(base).jsValue();
+        Identifier& ident = codeBlock->identifier(property);
+        PutPropertySlot slot;
+        baseValue.put(callFrame, ident, callFrame->r(value).jsValue(), slot);
+        CHECK_FOR_EXCEPTION();
+
+        tryCachePutByID(callFrame, codeBlock, vPC, baseValue, slot);
+
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_id_transition) {
+        /* op_put_by_id_transition base(r) property(id) value(r) oldStructure(sID) newStructure(sID) structureChain(chain) offset(n)
+         
+           Cached property access: Attempts to set a new property with a cached transition
+           property named by identifier property, belonging to register base,
+           to register value. If the cache misses, op_put_by_id_transition
+           reverts to op_put_by_id_generic.
+         
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+         */
+        int base = vPC[1].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+        
+        if (LIKELY(baseValue.isCell())) {
+            JSCell* baseCell = asCell(baseValue);
+            Structure* oldStructure = vPC[4].u.structure;
+            Structure* newStructure = vPC[5].u.structure;
+            
+            if (LIKELY(baseCell->structure() == oldStructure)) {
+                ASSERT(baseCell->isObject());
+                JSObject* baseObject = asObject(baseCell);
+
+                RefPtr<Structure>* it = vPC[6].u.structureChain->head();
+
+                JSValue proto = baseObject->structure()->prototypeForLookup(callFrame);
+                while (!proto.isNull()) {
+                    if (UNLIKELY(asObject(proto)->structure() != (*it).get())) {
+                        uncachePutByID(callFrame->codeBlock(), vPC);
+                        NEXT_INSTRUCTION();
+                    }
+                    ++it;
+                    proto = asObject(proto)->structure()->prototypeForLookup(callFrame);
+                }
+
+                baseObject->transitionTo(newStructure);
+
+                int value = vPC[3].u.operand;
+                unsigned offset = vPC[7].u.operand;
+                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->codeBlock()->identifier(vPC[2].u.operand))) == offset);
+                baseObject->putDirectOffset(offset, callFrame->r(value).jsValue());
+
+                vPC += 8;
+                NEXT_INSTRUCTION();
+            }
+        }
+        
+        uncachePutByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_id_replace) {
+        /* op_put_by_id_replace base(r) property(id) value(r) structure(sID) offset(n) nop(n) nop(n)
+
+           Cached property access: Attempts to set a pre-existing, cached
+           property named by identifier property, belonging to register base,
+           to register value. If the cache misses, op_put_by_id_replace
+           reverts to op_put_by_id.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+        int base = vPC[1].u.operand;
+        JSValue baseValue = callFrame->r(base).jsValue();
+
+        if (LIKELY(baseValue.isCell())) {
+            JSCell* baseCell = asCell(baseValue);
+            Structure* structure = vPC[4].u.structure;
+
+            if (LIKELY(baseCell->structure() == structure)) {
+                ASSERT(baseCell->isObject());
+                JSObject* baseObject = asObject(baseCell);
+                int value = vPC[3].u.operand;
+                unsigned offset = vPC[5].u.operand;
+                
+                ASSERT(baseObject->offsetForLocation(baseObject->getDirectLocation(callFrame->codeBlock()->identifier(vPC[2].u.operand))) == offset);
+                baseObject->putDirectOffset(offset, callFrame->r(value).jsValue());
+
+                vPC += 8;
+                NEXT_INSTRUCTION();
+            }
+        }
+
+        uncachePutByID(callFrame->codeBlock(), vPC);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_id_generic) {
+        /* op_put_by_id_generic base(r) property(id) value(r) nop(n) nop(n) nop(n) nop(n)
+
+           Generic property access: Sets the property named by identifier
+           property, belonging to register base, to register value.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+        int base = vPC[1].u.operand;
+        int property = vPC[2].u.operand;
+        int value = vPC[3].u.operand;
+
+        JSValue baseValue = callFrame->r(base).jsValue();
+        Identifier& ident = callFrame->codeBlock()->identifier(property);
+        PutPropertySlot slot;
+        baseValue.put(callFrame, ident, callFrame->r(value).jsValue(), slot);
+        CHECK_FOR_EXCEPTION();
+
+        vPC += 8;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_del_by_id) {
+        /* del_by_id dst(r) base(r) property(id)
+
+           Converts register base to Object, deletes the property
+           named by identifier property from the object, and writes a
+           boolean indicating success (if true) or failure (if false)
+           to register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+
+        JSObject* baseObj = callFrame->r(base).jsValue().toObject(callFrame);
+        Identifier& ident = callFrame->codeBlock()->identifier(property);
+        JSValue result = jsBoolean(baseObj->deleteProperty(callFrame, ident));
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_by_val) {
+        /* get_by_val dst(r) base(r) property(r)
+
+           Converts register base to Object, gets the property named
+           by register property from the object, and puts the result
+           in register dst. property is nominally converted to string
+           but numbers are treated more efficiently.
+        */
+        int dst = (++vPC)->u.operand;
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+        
+        JSValue baseValue = callFrame->r(base).jsValue();
+        JSValue subscript = callFrame->r(property).jsValue();
+
+        JSValue result;
+
+        if (LIKELY(subscript.isUInt32())) {
+            uint32_t i = subscript.asUInt32();
+            if (isJSArray(globalData, baseValue)) {
+                JSArray* jsArray = asArray(baseValue);
+                if (jsArray->canGetIndex(i))
+                    result = jsArray->getIndex(i);
+                else
+                    result = jsArray->JSArray::get(callFrame, i);
+            } else if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i))
+                result = asString(baseValue)->getIndex(&callFrame->globalData(), i);
+            else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i))
+                result = asByteArray(baseValue)->getIndex(callFrame, i);
+            else
+                result = baseValue.get(callFrame, i);
+        } else {
+            Identifier property(callFrame, subscript.toString(callFrame));
+            result = baseValue.get(callFrame, property);
+        }
+
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_val) {
+        /* put_by_val base(r) property(r) value(r)
+
+           Sets register value on register base as the property named
+           by register property. Base is converted to object
+           first. register property is nominally converted to string
+           but numbers are treated more efficiently.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+        int value = (++vPC)->u.operand;
+
+        JSValue baseValue = callFrame->r(base).jsValue();
+        JSValue subscript = callFrame->r(property).jsValue();
+
+        if (LIKELY(subscript.isUInt32())) {
+            uint32_t i = subscript.asUInt32();
+            if (isJSArray(globalData, baseValue)) {
+                JSArray* jsArray = asArray(baseValue);
+                if (jsArray->canSetIndex(i))
+                    jsArray->setIndex(i, callFrame->r(value).jsValue());
+                else
+                    jsArray->JSArray::put(callFrame, i, callFrame->r(value).jsValue());
+            } else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+                JSByteArray* jsByteArray = asByteArray(baseValue);
+                double dValue = 0;
+                JSValue jsValue = callFrame->r(value).jsValue();
+                if (jsValue.isInt32())
+                    jsByteArray->setIndex(i, jsValue.asInt32());
+                else if (jsValue.getNumber(dValue))
+                    jsByteArray->setIndex(i, dValue);
+                else
+                    baseValue.put(callFrame, i, jsValue);
+            } else
+                baseValue.put(callFrame, i, callFrame->r(value).jsValue());
+        } else {
+            Identifier property(callFrame, subscript.toString(callFrame));
+            if (!globalData->exception) { // Don't put to an object if toString threw an exception.
+                PutPropertySlot slot;
+                baseValue.put(callFrame, property, callFrame->r(value).jsValue(), slot);
+            }
+        }
+
+        CHECK_FOR_EXCEPTION();
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_del_by_val) {
+        /* del_by_val dst(r) base(r) property(r)
+
+           Converts register base to Object, deletes the property
+           named by register property from the object, and writes a
+           boolean indicating success (if true) or failure (if false)
+           to register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+
+        JSObject* baseObj = callFrame->r(base).jsValue().toObject(callFrame); // may throw
+
+        JSValue subscript = callFrame->r(property).jsValue();
+        JSValue result;
+        uint32_t i;
+        if (subscript.getUInt32(i))
+            result = jsBoolean(baseObj->deleteProperty(callFrame, i));
+        else {
+            CHECK_FOR_EXCEPTION();
+            Identifier property(callFrame, subscript.toString(callFrame));
+            CHECK_FOR_EXCEPTION();
+            result = jsBoolean(baseObj->deleteProperty(callFrame, property));
+        }
+
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(dst) = result;
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_by_index) {
+        /* put_by_index base(r) property(n) value(r)
+
+           Sets register value on register base as the property named
+           by the immediate number property. Base is converted to
+           object first.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+
+           This opcode is mainly used to initialize array literals.
+        */
+        int base = (++vPC)->u.operand;
+        unsigned property = (++vPC)->u.operand;
+        int value = (++vPC)->u.operand;
+
+        callFrame->r(base).jsValue().put(callFrame, property, callFrame->r(value).jsValue());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_loop) {
+        /* loop target(offset)
+         
+           Jumps unconditionally to offset target from the current
+           instruction.
+
+           Additionally this loop instruction may terminate JS execution is
+           the JS timeout is reached.
+         */
+#if ENABLE(OPCODE_STATS)
+        OpcodeStats::resetLastInstruction();
+#endif
+        int target = (++vPC)->u.operand;
+        CHECK_FOR_TIMEOUT();
+        vPC += target;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jmp) {
+        /* jmp target(offset)
+
+           Jumps unconditionally to offset target from the current
+           instruction.
+        */
+#if ENABLE(OPCODE_STATS)
+        OpcodeStats::resetLastInstruction();
+#endif
+        int target = (++vPC)->u.operand;
+
+        vPC += target;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_loop_if_true) {
+        /* loop_if_true cond(r) target(offset)
+         
+           Jumps to offset target from the current instruction, if and
+           only if register cond converts to boolean as true.
+
+           Additionally this loop instruction may terminate JS execution is
+           the JS timeout is reached.
+         */
+        int cond = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        if (callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+            vPC += target;
+            CHECK_FOR_TIMEOUT();
+            NEXT_INSTRUCTION();
+        }
+        
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jtrue) {
+        /* jtrue cond(r) target(offset)
+
+           Jumps to offset target from the current instruction, if and
+           only if register cond converts to boolean as true.
+        */
+        int cond = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        if (callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jfalse) {
+        /* jfalse cond(r) target(offset)
+
+           Jumps to offset target from the current instruction, if and
+           only if register cond converts to boolean as false.
+        */
+        int cond = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        if (!callFrame->r(cond).jsValue().toBoolean(callFrame)) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jeq_null) {
+        /* jeq_null src(r) target(offset)
+
+           Jumps to offset target from the current instruction, if and
+           only if register src is null.
+        */
+        int src = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        JSValue srcValue = callFrame->r(src).jsValue();
+
+        if (srcValue.isUndefinedOrNull() || (srcValue.isCell() && srcValue.asCell()->structure()->typeInfo().masqueradesAsUndefined())) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jneq_null) {
+        /* jneq_null src(r) target(offset)
+
+           Jumps to offset target from the current instruction, if and
+           only if register src is not null.
+        */
+        int src = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        JSValue srcValue = callFrame->r(src).jsValue();
+
+        if (!srcValue.isUndefinedOrNull() || (srcValue.isCell() && !srcValue.asCell()->structure()->typeInfo().masqueradesAsUndefined())) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jneq_ptr) {
+        /* jneq_ptr src(r) ptr(jsCell) target(offset)
+         
+           Jumps to offset target from the current instruction, if the value r is equal
+           to ptr, using pointer equality.
+         */
+        int src = (++vPC)->u.operand;
+        JSValue ptr = JSValue((++vPC)->u.jsCell);
+        int target = (++vPC)->u.operand;
+        JSValue srcValue = callFrame->r(src).jsValue();
+        if (srcValue != ptr) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_loop_if_less) {
+        /* loop_if_less src1(r) src2(r) target(offset)
+
+           Checks whether register src1 is less than register src2, as
+           with the ECMAScript '<' operator, and then jumps to offset
+           target from the current instruction, if and only if the 
+           result of the comparison is true.
+
+           Additionally this loop instruction may terminate JS execution is
+           the JS timeout is reached.
+         */
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        int target = (++vPC)->u.operand;
+        
+        bool result = jsLess(callFrame, src1, src2);
+        CHECK_FOR_EXCEPTION();
+        
+        if (result) {
+            vPC += target;
+            CHECK_FOR_TIMEOUT();
+            NEXT_INSTRUCTION();
+        }
+        
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_loop_if_lesseq) {
+        /* loop_if_lesseq src1(r) src2(r) target(offset)
+
+           Checks whether register src1 is less than or equal to register
+           src2, as with the ECMAScript '<=' operator, and then jumps to
+           offset target from the current instruction, if and only if the 
+           result of the comparison is true.
+
+           Additionally this loop instruction may terminate JS execution is
+           the JS timeout is reached.
+        */
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        int target = (++vPC)->u.operand;
+        
+        bool result = jsLessEq(callFrame, src1, src2);
+        CHECK_FOR_EXCEPTION();
+        
+        if (result) {
+            vPC += target;
+            CHECK_FOR_TIMEOUT();
+            NEXT_INSTRUCTION();
+        }
+        
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jnless) {
+        /* jnless src1(r) src2(r) target(offset)
+
+           Checks whether register src1 is less than register src2, as
+           with the ECMAScript '<' operator, and then jumps to offset
+           target from the current instruction, if and only if the 
+           result of the comparison is false.
+        */
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        int target = (++vPC)->u.operand;
+
+        bool result = jsLess(callFrame, src1, src2);
+        CHECK_FOR_EXCEPTION();
+        
+        if (!result) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jnlesseq) {
+        /* jnlesseq src1(r) src2(r) target(offset)
+
+           Checks whether register src1 is less than or equal to
+           register src2, as with the ECMAScript '<=' operator,
+           and then jumps to offset target from the current instruction,
+           if and only if theresult of the comparison is false.
+        */
+        JSValue src1 = callFrame->r((++vPC)->u.operand).jsValue();
+        JSValue src2 = callFrame->r((++vPC)->u.operand).jsValue();
+        int target = (++vPC)->u.operand;
+
+        bool result = jsLessEq(callFrame, src1, src2);
+        CHECK_FOR_EXCEPTION();
+        
+        if (!result) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_switch_imm) {
+        /* switch_imm tableIndex(n) defaultOffset(offset) scrutinee(r)
+
+           Performs a range checked switch on the scrutinee value, using
+           the tableIndex-th immediate switch jump table.  If the scrutinee value
+           is an immediate number in the range covered by the referenced jump
+           table, and the value at jumpTable[scrutinee value] is non-zero, then
+           that value is used as the jump offset, otherwise defaultOffset is used.
+         */
+        int tableIndex = (++vPC)->u.operand;
+        int defaultOffset = (++vPC)->u.operand;
+        JSValue scrutinee = callFrame->r((++vPC)->u.operand).jsValue();
+        if (scrutinee.isInt32())
+            vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(scrutinee.asInt32(), defaultOffset);
+        else {
+            double value;
+            int32_t intValue;
+            if (scrutinee.getNumber(value) && ((intValue = static_cast<int32_t>(value)) == value))
+                vPC += callFrame->codeBlock()->immediateSwitchJumpTable(tableIndex).offsetForValue(intValue, defaultOffset);
+            else
+                vPC += defaultOffset;
+        }
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_switch_char) {
+        /* switch_char tableIndex(n) defaultOffset(offset) scrutinee(r)
+
+           Performs a range checked switch on the scrutinee value, using
+           the tableIndex-th character switch jump table.  If the scrutinee value
+           is a single character string in the range covered by the referenced jump
+           table, and the value at jumpTable[scrutinee value] is non-zero, then
+           that value is used as the jump offset, otherwise defaultOffset is used.
+         */
+        int tableIndex = (++vPC)->u.operand;
+        int defaultOffset = (++vPC)->u.operand;
+        JSValue scrutinee = callFrame->r((++vPC)->u.operand).jsValue();
+        if (!scrutinee.isString())
+            vPC += defaultOffset;
+        else {
+            UString::Rep* value = asString(scrutinee)->value().rep();
+            if (value->size() != 1)
+                vPC += defaultOffset;
+            else
+                vPC += callFrame->codeBlock()->characterSwitchJumpTable(tableIndex).offsetForValue(value->data()[0], defaultOffset);
+        }
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_switch_string) {
+        /* switch_string tableIndex(n) defaultOffset(offset) scrutinee(r)
+
+           Performs a sparse hashmap based switch on the value in the scrutinee
+           register, using the tableIndex-th string switch jump table.  If the 
+           scrutinee value is a string that exists as a key in the referenced 
+           jump table, then the value associated with the string is used as the 
+           jump offset, otherwise defaultOffset is used.
+         */
+        int tableIndex = (++vPC)->u.operand;
+        int defaultOffset = (++vPC)->u.operand;
+        JSValue scrutinee = callFrame->r((++vPC)->u.operand).jsValue();
+        if (!scrutinee.isString())
+            vPC += defaultOffset;
+        else 
+            vPC += callFrame->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(asString(scrutinee)->value().rep(), defaultOffset);
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_new_func) {
+        /* new_func dst(r) func(f)
+
+           Constructs a new Function instance from function func and
+           the current scope chain using the original Function
+           constructor, using the rules for function declarations, and
+           puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int func = (++vPC)->u.operand;
+
+        callFrame->r(dst) = JSValue(callFrame->codeBlock()->functionDecl(func)->make(callFrame, callFrame->scopeChain()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_new_func_exp) {
+        /* new_func_exp dst(r) func(f)
+
+           Constructs a new Function instance from function func and
+           the current scope chain using the original Function
+           constructor, using the rules for function expressions, and
+           puts the result in register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int funcIndex = (++vPC)->u.operand;
+
+        FunctionExecutable* function = callFrame->codeBlock()->functionExpr(funcIndex);
+        JSFunction* func = function->make(callFrame, callFrame->scopeChain());
+
+        /* 
+            The Identifier in a FunctionExpression can be referenced from inside
+            the FunctionExpression's FunctionBody to allow the function to call
+            itself recursively. However, unlike in a FunctionDeclaration, the
+            Identifier in a FunctionExpression cannot be referenced from and
+            does not affect the scope enclosing the FunctionExpression.
+         */
+        if (!function->name().isNull()) {
+            JSStaticScopeObject* functionScopeObject = new (callFrame) JSStaticScopeObject(callFrame, function->name(), func, ReadOnly | DontDelete);
+            func->scope().push(functionScopeObject);
+        }
+
+        callFrame->r(dst) = JSValue(func);
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_call_eval) {
+        /* call_eval dst(r) func(r) argCount(n) registerOffset(n)
+
+           Call a function named "eval" with no explicit "this" value
+           (which may therefore be the eval operator). If register
+           thisVal is the global object, and register func contains
+           that global object's original global eval function, then
+           perform the eval operator in local scope (interpreting
+           the argument registers as for the "call"
+           opcode). Otherwise, act exactly as the "call" opcode would.
+         */
+
+        int dst = vPC[1].u.operand;
+        int func = vPC[2].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
+
+        JSValue funcVal = callFrame->r(func).jsValue();
+
+        Register* newCallFrame = callFrame->registers() + registerOffset;
+        Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
+        JSValue thisValue = argv[0].jsValue();
+        JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+        if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
+            JSValue result = callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+            if (exceptionValue)
+                goto vm_throw;
+            callFrame->r(dst) = result;
+
+            vPC += 5;
+            NEXT_INSTRUCTION();
+        }
+
+        // We didn't find the blessed version of eval, so process this
+        // instruction as a normal function call.
+        // fall through to op_call
+    }
+    DEFINE_OPCODE(op_call) {
+        /* call dst(r) func(r) argCount(n) registerOffset(n)
+
+           Perform a function call.
+           
+           registerOffset is the distance the callFrame pointer should move
+           before the VM initializes the new call frame's header.
+           
+           dst is where op_ret should store its result.
+         */
+
+        int dst = vPC[1].u.operand;
+        int func = vPC[2].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
+
+        JSValue v = callFrame->r(func).jsValue();
+
+        CallData callData;
+        CallType callType = v.getCallData(callData);
+
+        if (callType == CallTypeJS) {
+            ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
+            CodeBlock* newCodeBlock = &callData.js.functionExecutable->bytecode(callFrame, callDataScopeChain);
+
+            CallFrame* previousCallFrame = callFrame;
+
+            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (UNLIKELY(!callFrame)) {
+                callFrame = previousCallFrame;
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
+
+            callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            vPC = newCodeBlock->instructions().begin();
+
+#if ENABLE(OPCODE_STATS)
+            OpcodeStats::resetLastInstruction();
+#endif
+
+            NEXT_INSTRUCTION();
+        }
+
+        if (callType == CallTypeHost) {
+            ScopeChainNode* scopeChain = callFrame->scopeChain();
+            CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+#ifdef QT_BUILD_SCRIPT_LIB //we need the returnValue to be 0 as it is used as flags
+            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, 0, argCount, asObject(v));
+#else
+            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, asObject(v));
+#endif
+
+            Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
+            ArgList args(thisRegister + 1, argCount - 1);
+
+            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            JSValue thisValue = thisRegister->jsValue();
+            if (thisValue == jsNull())
+                thisValue = callFrame->globalThisValue();
+
+            JSValue returnValue;
+            {
+                SamplingTool::HostCallRecord callRecord(m_sampler);
+                returnValue = callData.native.function(newCallFrame, asObject(v), thisValue, args);
+            }
+            CHECK_FOR_EXCEPTION();
+
+            callFrame->r(dst) = returnValue;
+
+            vPC += 5;
+            NEXT_INSTRUCTION();
+        }
+
+        ASSERT(callType == CallTypeNone);
+
+        exceptionValue = createNotAFunctionError(callFrame, v, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
+        goto vm_throw;
+    }
+    DEFINE_OPCODE(op_load_varargs) {
+        int argCountDst = (++vPC)->u.operand;
+        int argsOffset = (++vPC)->u.operand;
+        
+        JSValue arguments = callFrame->r(argsOffset).jsValue();
+        int32_t argCount = 0;
+        if (!arguments) {
+            argCount = (uint32_t)(callFrame->argumentCount()) - 1;
+            int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+            Register* newEnd = callFrame->registers() + sizeDelta;
+            if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
+            ASSERT(!asFunction(callFrame->callee())->isHostFunction());
+            int32_t expectedParams = static_cast<JSFunction*>(callFrame->callee())->jsExecutable()->parameterCount();
+            int32_t inplaceArgs = min(argCount, expectedParams);
+            int32_t i = 0;
+            Register* argStore = callFrame->registers() + argsOffset;
+
+            // First step is to copy the "expected" parameters from their normal location relative to the callframe
+            for (; i < inplaceArgs; i++)
+                argStore[i] = callFrame->registers()[i - RegisterFile::CallFrameHeaderSize - expectedParams];
+            // Then we copy any additional arguments that may be further up the stack ('-1' to account for 'this')
+            for (; i < argCount; i++)
+                argStore[i] = callFrame->registers()[i - RegisterFile::CallFrameHeaderSize - expectedParams - argCount - 1];
+        } else if (!arguments.isUndefinedOrNull()) {
+            if (!arguments.isObject()) {
+                exceptionValue = createInvalidParamError(callFrame, "Function.prototype.apply", arguments, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
+                goto vm_throw;
+            }
+            if (asObject(arguments)->classInfo() == &Arguments::info) {
+                Arguments* args = asArguments(arguments);
+                argCount = args->numProvidedArguments(callFrame);
+                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+                Register* newEnd = callFrame->registers() + sizeDelta;
+                if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                    exceptionValue = createStackOverflowError(callFrame);
+                    goto vm_throw;
+                }
+                args->copyToRegisters(callFrame, callFrame->registers() + argsOffset, argCount);
+            } else if (isJSArray(&callFrame->globalData(), arguments)) {
+                JSArray* array = asArray(arguments);
+                argCount = array->length();
+                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+                Register* newEnd = callFrame->registers() + sizeDelta;
+                if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                    exceptionValue = createStackOverflowError(callFrame);
+                    goto vm_throw;
+                }
+                array->copyToRegisters(callFrame, callFrame->registers() + argsOffset, argCount);
+            } else if (asObject(arguments)->inherits(&JSArray::info)) {
+                JSObject* argObject = asObject(arguments);
+                argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+                int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+                Register* newEnd = callFrame->registers() + sizeDelta;
+                if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                    exceptionValue = createStackOverflowError(callFrame);
+                    goto vm_throw;
+                }
+                Register* argsBuffer = callFrame->registers() + argsOffset;
+                for (int32_t i = 0; i < argCount; ++i) {
+                    argsBuffer[i] = asObject(arguments)->get(callFrame, i);
+                    CHECK_FOR_EXCEPTION();
+                }
+            } else {
+                if (!arguments.isObject()) {
+                    exceptionValue = createInvalidParamError(callFrame, "Function.prototype.apply", arguments, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
+                    goto vm_throw;
+                }
+            }
+        }
+        CHECK_FOR_EXCEPTION();
+        callFrame->r(argCountDst) = Register::withInt(argCount + 1);
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_call_varargs) {
+        /* call_varargs dst(r) func(r) argCountReg(r) baseRegisterOffset(n)
+         
+         Perform a function call with a dynamic set of arguments.
+         
+         registerOffset is the distance the callFrame pointer should move
+         before the VM initializes the new call frame's header, excluding
+         space for arguments.
+         
+         dst is where op_ret should store its result.
+         */
+        
+        int dst = vPC[1].u.operand;
+        int func = vPC[2].u.operand;
+        int argCountReg = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
+        
+        JSValue v = callFrame->r(func).jsValue();
+        int argCount = callFrame->r(argCountReg).i();
+        registerOffset += argCount;
+        CallData callData;
+        CallType callType = v.getCallData(callData);
+        
+        if (callType == CallTypeJS) {
+            ScopeChainNode* callDataScopeChain = callData.js.scopeChain;
+            CodeBlock* newCodeBlock = &callData.js.functionExecutable->bytecode(callFrame, callDataScopeChain);
+            
+            CallFrame* previousCallFrame = callFrame;
+            
+            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (UNLIKELY(!callFrame)) {
+                callFrame = previousCallFrame;
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
+            
+            callFrame->init(newCodeBlock, vPC + 5, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            vPC = newCodeBlock->instructions().begin();
+            
+#if ENABLE(OPCODE_STATS)
+            OpcodeStats::resetLastInstruction();
+#endif
+            
+            NEXT_INSTRUCTION();
+        }
+        
+        if (callType == CallTypeHost) {
+            ScopeChainNode* scopeChain = callFrame->scopeChain();
+            CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+#ifdef QT_BUILD_SCRIPT_LIB //we need the returnValue to be 0 as it is used as flags
+            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, 0, argCount, asObject(v));
+#else
+            newCallFrame->init(0, vPC + 5, scopeChain, callFrame, dst, argCount, asObject(v));
+#endif
+
+            Register* thisRegister = newCallFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
+            ArgList args(thisRegister + 1, argCount - 1);
+            
+            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            JSValue thisValue = thisRegister->jsValue();
+            if (thisValue == jsNull())
+                thisValue = callFrame->globalThisValue();
+            
+            JSValue returnValue;
+            {
+                SamplingTool::HostCallRecord callRecord(m_sampler);
+                returnValue = callData.native.function(newCallFrame, asObject(v), thisValue, args);
+            }
+            CHECK_FOR_EXCEPTION();
+            
+            callFrame->r(dst) = returnValue;
+            
+            vPC += 5;
+            NEXT_INSTRUCTION();
+        }
+        
+        ASSERT(callType == CallTypeNone);
+        
+        exceptionValue = createNotAFunctionError(callFrame, v, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
+        goto vm_throw;
+    }
+    DEFINE_OPCODE(op_tear_off_activation) {
+        /* tear_off_activation activation(r)
+
+           Copy all locals and parameters to new memory allocated on
+           the heap, and make the passed activation use this memory
+           in the future when looking up entries in the symbol table.
+           If there is an 'arguments' object, then it will also use
+           this memory for storing the named parameters, but not any
+           extra arguments.
+
+           This opcode should only be used immediately before op_ret.
+        */
+
+        int src = (++vPC)->u.operand;
+        ASSERT(callFrame->codeBlock()->needsFullScopeChain());
+
+        asActivation(callFrame->r(src).jsValue())->copyRegisters(callFrame->optionalCalleeArguments());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_tear_off_arguments) {
+        /* tear_off_arguments
+
+           Copy all arguments to new memory allocated on the heap,
+           and make the 'arguments' object use this memory in the
+           future when looking up named parameters, but not any
+           extra arguments. If an activation object exists for the
+           current function context, then the tear_off_activation
+           opcode should be used instead.
+
+           This opcode should only be used immediately before op_ret.
+        */
+
+        ASSERT(callFrame->codeBlock()->usesArguments() && !callFrame->codeBlock()->needsFullScopeChain());
+
+        if (callFrame->optionalCalleeArguments())
+            callFrame->optionalCalleeArguments()->copyRegisters();
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_ret) {
+        /* ret result(r)
+           
+           Return register result as the return value of the current
+           function call, writing it into the caller's expected return
+           value register. In addition, unwind one call frame and
+           restore the scope chain, code block instruction pointer and
+           register base to those of the calling function.
+        */
+
+#ifdef QT_BUILD_SCRIPT_LIB
+        Debugger* debugger = callFrame->dynamicGlobalObject()->debugger();
+        intptr_t sourceId = callFrame->codeBlock()->source()->asID();
+#endif
+
+        int result = (++vPC)->u.operand;
+
+        if (callFrame->codeBlock()->needsFullScopeChain())
+            callFrame->scopeChain()->deref();
+
+        JSValue returnValue = callFrame->r(result).jsValue();
+#ifdef QT_BUILD_SCRIPT_LIB
+        if (debugger) {
+            debugger->functionExit(returnValue, sourceId);
+        }
+#endif
+
+        vPC = callFrame->returnPC();
+        int dst = callFrame->returnValueRegister();
+        callFrame = callFrame->callerFrame();
+
+        if (callFrame->hasHostCallFrameFlag())
+            return returnValue;
+
+        callFrame->r(dst) = returnValue;
+
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_enter) {
+        /* enter
+
+           Initializes local variables to undefined and fills constant
+           registers with their values. If the code block requires an
+           activation, enter_with_activation should be used instead.
+
+           This opcode should only be used at the beginning of a code
+           block.
+        */
+
+        size_t i = 0;
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        
+        for (size_t count = codeBlock->m_numVars; i < count; ++i)
+            callFrame->r(i) = jsUndefined();
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_enter_with_activation) {
+        /* enter_with_activation dst(r)
+
+           Initializes local variables to undefined, fills constant
+           registers with their values, creates an activation object,
+           and places the new activation both in dst and at the top
+           of the scope chain. If the code block does not require an
+           activation, enter should be used instead.
+
+           This opcode should only be used at the beginning of a code
+           block.
+        */
+
+        size_t i = 0;
+        CodeBlock* codeBlock = callFrame->codeBlock();
+
+        for (size_t count = codeBlock->m_numVars; i < count; ++i)
+            callFrame->r(i) = jsUndefined();
+
+        int dst = (++vPC)->u.operand;
+        JSActivation* activation = new (globalData) JSActivation(callFrame, static_cast<FunctionExecutable*>(codeBlock->ownerExecutable()));
+        callFrame->r(dst) = JSValue(activation);
+        callFrame->setScopeChain(callFrame->scopeChain()->copy()->push(activation));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_convert_this) {
+        /* convert_this this(r)
+
+           Takes the value in the 'this' register, converts it to a
+           value that is suitable for use as the 'this' value, and
+           stores it in the 'this' register. This opcode is emitted
+           to avoid doing the conversion in the caller unnecessarily.
+
+           This opcode should only be used at the beginning of a code
+           block.
+        */
+
+        int thisRegister = (++vPC)->u.operand;
+        JSValue thisVal = callFrame->r(thisRegister).jsValue();
+        if (thisVal.needsThisConversion())
+            callFrame->r(thisRegister) = JSValue(thisVal.toThisObject(callFrame));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_init_arguments) {
+        /* create_arguments
+
+           Initialises the arguments object reference to null to ensure
+           we can correctly detect that we need to create it later (or
+           avoid creating it altogether).
+
+           This opcode should only be used at the beginning of a code
+           block.
+         */
+        callFrame->r(RegisterFile::ArgumentsRegister) = JSValue();
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_create_arguments) {
+        /* create_arguments
+
+           Creates the 'arguments' object and places it in both the
+           'arguments' call frame slot and the local 'arguments'
+           register, if it has not already been initialised.
+         */
+        
+         if (!callFrame->r(RegisterFile::ArgumentsRegister).jsValue()) {
+             Arguments* arguments = new (globalData) Arguments(callFrame);
+             callFrame->setCalleeArguments(arguments);
+             callFrame->r(RegisterFile::ArgumentsRegister) = JSValue(arguments);
+         }
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_construct) {
+        /* construct dst(r) func(r) argCount(n) registerOffset(n) proto(r) thisRegister(r)
+
+           Invoke register "func" as a constructor. For JS
+           functions, the calling convention is exactly as for the
+           "call" opcode, except that the "this" value is a newly
+           created Object. For native constructors, no "this"
+           value is passed. In either case, the argCount and registerOffset
+           registers are interpreted as for the "call" opcode.
+
+           Register proto must contain the prototype property of
+           register func. This is to enable polymorphic inline
+           caching of this lookup.
+        */
+
+        int dst = vPC[1].u.operand;
+        int func = vPC[2].u.operand;
+        int argCount = vPC[3].u.operand;
+        int registerOffset = vPC[4].u.operand;
+        int proto = vPC[5].u.operand;
+        int thisRegister = vPC[6].u.operand;
+
+        JSValue v = callFrame->r(func).jsValue();
+
+        ConstructData constructData;
+        ConstructType constructType = v.getConstructData(constructData);
+
+        if (constructType == ConstructTypeJS) {
+            ScopeChainNode* callDataScopeChain = constructData.js.scopeChain;
+            CodeBlock* newCodeBlock = &constructData.js.functionExecutable->bytecode(callFrame, callDataScopeChain);
+
+            Structure* structure;
+            JSValue prototype = callFrame->r(proto).jsValue();
+            if (prototype.isObject())
+                structure = asObject(prototype)->inheritorID();
+            else
+                structure = callDataScopeChain->globalObject()->emptyObjectStructure();
+#ifdef QT_BUILD_SCRIPT_LIB
+            // ### world-class hack
+            QT_PREPEND_NAMESPACE(QScriptObject)* newObject
+                = new (globalData) QT_PREPEND_NAMESPACE(QScriptObject)(structure);
+#else
+            JSObject* newObject = new (globalData) JSObject(structure);
+#endif
+            callFrame->r(thisRegister) = JSValue(newObject); // "this" value
+
+            CallFrame* previousCallFrame = callFrame;
+
+            callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
+            if (UNLIKELY(!callFrame)) {
+                callFrame = previousCallFrame;
+                exceptionValue = createStackOverflowError(callFrame);
+                goto vm_throw;
+            }
+
+            callFrame->init(newCodeBlock, vPC + 7, callDataScopeChain, previousCallFrame, dst, argCount, asFunction(v));
+            vPC = newCodeBlock->instructions().begin();
+
+#if ENABLE(OPCODE_STATS)
+            OpcodeStats::resetLastInstruction();
+#endif
+
+            NEXT_INSTRUCTION();
+        }
+
+        if (constructType == ConstructTypeHost) {
+            ArgList args(callFrame->registers() + thisRegister + 1, argCount - 1);
+
+            ScopeChainNode* scopeChain = callFrame->scopeChain();
+
+            CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + registerOffset);
+#ifdef QT_BUILD_SCRIPT_LIB //we need the returnValue to be 0 as it is used as flags
+            newCallFrame->init(0, vPC + 7, scopeChain, callFrame, 0, argCount, asObject(v));
+#else
+            newCallFrame->init(0, vPC + 7, scopeChain, callFrame, dst, argCount, asObject(v));
+#endif
+
+            JSValue returnValue;
+            {
+                SamplingTool::HostCallRecord callRecord(m_sampler);
+                returnValue = constructData.native.function(newCallFrame, asObject(v), args);
+            }
+            CHECK_FOR_EXCEPTION();
+            callFrame->r(dst) = JSValue(returnValue);
+
+            vPC += 7;
+            NEXT_INSTRUCTION();
+        }
+
+        ASSERT(constructType == ConstructTypeNone);
+
+        exceptionValue = createNotAConstructorError(callFrame, v, vPC - callFrame->codeBlock()->instructions().begin(), callFrame->codeBlock());
+        goto vm_throw;
+    }
+    DEFINE_OPCODE(op_construct_verify) {
+        /* construct_verify dst(r) override(r)
+
+           Verifies that register dst holds an object. If not, moves
+           the object in register override to register dst.
+        */
+
+        int dst = vPC[1].u.operand;
+        if (LIKELY(callFrame->r(dst).jsValue().isObject())) {
+            vPC += 3;
+            NEXT_INSTRUCTION();
+        }
+
+        int override = vPC[2].u.operand;
+        callFrame->r(dst) = callFrame->r(override);
+
+        vPC += 3;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_strcat) {
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+        int count = (++vPC)->u.operand;
+
+        callFrame->r(dst) = concatenateStrings(callFrame, &callFrame->registers()[src], count);
+        ++vPC;
+
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_to_primitive) {
+        int dst = (++vPC)->u.operand;
+        int src = (++vPC)->u.operand;
+
+        callFrame->r(dst) = callFrame->r(src).jsValue().toPrimitive(callFrame);
+        ++vPC;
+
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_push_scope) {
+        /* push_scope scope(r)
+
+           Converts register scope to object, and pushes it onto the top
+           of the current scope chain.  The contents of the register scope
+           are replaced by the result of toObject conversion of the scope.
+        */
+        int scope = (++vPC)->u.operand;
+        JSValue v = callFrame->r(scope).jsValue();
+        JSObject* o = v.toObject(callFrame);
+        CHECK_FOR_EXCEPTION();
+
+        callFrame->r(scope) = JSValue(o);
+        callFrame->setScopeChain(callFrame->scopeChain()->push(o));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_pop_scope) {
+        /* pop_scope
+
+           Removes the top item from the current scope chain.
+        */
+        callFrame->setScopeChain(callFrame->scopeChain()->pop());
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_get_pnames) {
+        /* get_pnames dst(r) base(r)
+
+           Creates a property name list for register base and puts it
+           in register dst. This is not a true JavaScript value, just
+           a synthetic value used to keep the iteration state in a
+           register.
+        */
+        int dst = (++vPC)->u.operand;
+        int base = (++vPC)->u.operand;
+
+        callFrame->r(dst) = JSPropertyNameIterator::create(callFrame, callFrame->r(base).jsValue());
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_next_pname) {
+        /* next_pname dst(r) iter(r) target(offset)
+
+           Tries to copies the next name from property name list in
+           register iter. If there are names left, then copies one to
+           register dst, and jumps to offset target. If there are none
+           left, invalidates the iterator and continues to the next
+           instruction.
+        */
+        int dst = (++vPC)->u.operand;
+        int iter = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+
+        JSPropertyNameIterator* it = callFrame->r(iter).propertyNameIterator();
+        if (JSValue temp = it->next(callFrame)) {
+            CHECK_FOR_TIMEOUT();
+            callFrame->r(dst) = JSValue(temp);
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+        it->invalidate();
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jmp_scopes) {
+        /* jmp_scopes count(n) target(offset)
+
+           Removes the a number of items from the current scope chain
+           specified by immediate number count, then jumps to offset
+           target.
+        */
+        int count = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+
+        ScopeChainNode* tmp = callFrame->scopeChain();
+        while (count--)
+            tmp = tmp->pop();
+        callFrame->setScopeChain(tmp);
+
+        vPC += target;
+        NEXT_INSTRUCTION();
+    }
+#if HAVE(COMPUTED_GOTO)
+    // Appease GCC
+    goto *(&&skip_new_scope);
+#endif
+    DEFINE_OPCODE(op_push_new_scope) {
+        /* new_scope dst(r) property(id) value(r)
+         
+           Constructs a new StaticScopeObject with property set to value.  That scope
+           object is then pushed onto the ScopeChain.  The scope object is then stored
+           in dst for GC.
+         */
+        callFrame->setScopeChain(createExceptionScope(callFrame, vPC));
+
+        vPC += 4;
+        NEXT_INSTRUCTION();
+    }
+#if HAVE(COMPUTED_GOTO)
+    skip_new_scope:
+#endif
+    DEFINE_OPCODE(op_catch) {
+        /* catch ex(r)
+
+           Retrieves the VM's current exception and puts it in register
+           ex. This is only valid after an exception has been raised,
+           and usually forms the beginning of an exception handler.
+        */
+        ASSERT(exceptionValue);
+        ASSERT(!globalData->exception);
+
+#ifdef QT_BUILD_SCRIPT_LIB
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        Debugger* debugger = callFrame->dynamicGlobalObject()->debugger();
+        if (debugger) {
+            DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
+            debugger->exceptionCatch(debuggerCallFrame, codeBlock->ownerExecutable()->sourceID());
+        }
+#endif
+
+        int ex = (++vPC)->u.operand;
+        callFrame->r(ex) = exceptionValue;
+        exceptionValue = JSValue();
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_throw) {
+        /* throw ex(r)
+
+           Throws register ex as an exception. This involves three
+           steps: first, it is set as the current exception in the
+           VM's internal state, then the stack is unwound until an
+           exception handler or a native code boundary is found, and
+           then control resumes at the exception handler if any or
+           else the script returns control to the nearest native caller.
+        */
+
+        int ex = (++vPC)->u.operand;
+        exceptionValue = callFrame->r(ex).jsValue();
+
+        handler = throwException(callFrame, exceptionValue, vPC - callFrame->codeBlock()->instructions().begin(), true);
+        if (!handler) {
+            *exception = exceptionValue;
+            return jsNull();
+        }
+
+        vPC = callFrame->codeBlock()->instructions().begin() + handler->target;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_new_error) {
+        /* new_error dst(r) type(n) message(k)
+
+           Constructs a new Error instance using the original
+           constructor, using immediate number n as the type and
+           constant message as the message string. The result is
+           written to register dst.
+        */
+        int dst = (++vPC)->u.operand;
+        int type = (++vPC)->u.operand;
+        int message = (++vPC)->u.operand;
+
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        callFrame->r(dst) = JSValue(Error::create(callFrame, (ErrorType)type, callFrame->r(message).jsValue().toString(callFrame), codeBlock->lineNumberForBytecodeOffset(callFrame, vPC - codeBlock->instructions().begin()), codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_end) {
+        /* end result(r)
+           
+           Return register result as the value of a global or eval
+           program. Return control to the calling native code.
+        */
+
+        if (callFrame->codeBlock()->needsFullScopeChain()) {
+            ScopeChainNode* scopeChain = callFrame->scopeChain();
+            ASSERT(scopeChain->refCount > 1);
+            scopeChain->deref();
+        }
+        int result = (++vPC)->u.operand;
+        return callFrame->r(result).jsValue();
+    }
+    DEFINE_OPCODE(op_put_getter) {
+        /* put_getter base(r) property(id) function(r)
+
+           Sets register function on register base as the getter named
+           by identifier property. Base and function are assumed to be
+           objects as this op should only be used for getters defined
+           in object literal form.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+        int function = (++vPC)->u.operand;
+
+        ASSERT(callFrame->r(base).jsValue().isObject());
+        JSObject* baseObj = asObject(callFrame->r(base).jsValue());
+        Identifier& ident = callFrame->codeBlock()->identifier(property);
+        ASSERT(callFrame->r(function).jsValue().isObject());
+        baseObj->defineGetter(callFrame, ident, asObject(callFrame->r(function).jsValue()));
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_put_setter) {
+        /* put_setter base(r) property(id) function(r)
+
+           Sets register function on register base as the setter named
+           by identifier property. Base and function are assumed to be
+           objects as this op should only be used for setters defined
+           in object literal form.
+
+           Unlike many opcodes, this one does not write any output to
+           the register file.
+        */
+        int base = (++vPC)->u.operand;
+        int property = (++vPC)->u.operand;
+        int function = (++vPC)->u.operand;
+
+        ASSERT(callFrame->r(base).jsValue().isObject());
+        JSObject* baseObj = asObject(callFrame->r(base).jsValue());
+        Identifier& ident = callFrame->codeBlock()->identifier(property);
+        ASSERT(callFrame->r(function).jsValue().isObject());
+        baseObj->defineSetter(callFrame, ident, asObject(callFrame->r(function).jsValue()), 0);
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_method_check) {
+        vPC++;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_jsr) {
+        /* jsr retAddrDst(r) target(offset)
+
+           Places the address of the next instruction into the retAddrDst
+           register and jumps to offset target from the current instruction.
+        */
+        int retAddrDst = (++vPC)->u.operand;
+        int target = (++vPC)->u.operand;
+        callFrame->r(retAddrDst) = vPC + 1;
+
+        vPC += target;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_sret) {
+        /* sret retAddrSrc(r)
+
+         Jumps to the address stored in the retAddrSrc register. This
+         differs from op_jmp because the target address is stored in a
+         register, not as an immediate.
+        */
+        int retAddrSrc = (++vPC)->u.operand;
+        vPC = callFrame->r(retAddrSrc).vPC();
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_debug) {
+        /* debug debugHookID(n) firstLine(n) lastLine(n) columnNumber(n)
+
+         Notifies the debugger of the current state of execution. This opcode
+         is only generated while the debugger is attached.
+        */
+        int debugHookID = (++vPC)->u.operand;
+        int firstLine = (++vPC)->u.operand;
+        int lastLine = (++vPC)->u.operand;
+        int column = (++vPC)->u.operand;
+
+        debug(callFrame, static_cast<DebugHookID>(debugHookID), firstLine, lastLine, column);
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_profile_will_call) {
+        /* op_profile_will_call function(r)
+
+         Notifies the profiler of the beginning of a function call. This opcode
+         is only generated if developer tools are enabled.
+        */
+        int function = vPC[1].u.operand;
+
+        if (*enabledProfilerReference)
+            (*enabledProfilerReference)->willExecute(callFrame, callFrame->r(function).jsValue());
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    DEFINE_OPCODE(op_profile_did_call) {
+        /* op_profile_did_call function(r)
+
+         Notifies the profiler of the end of a function call. This opcode
+         is only generated if developer tools are enabled.
+        */
+        int function = vPC[1].u.operand;
+
+        if (*enabledProfilerReference)
+            (*enabledProfilerReference)->didExecute(callFrame, callFrame->r(function).jsValue());
+
+        vPC += 2;
+        NEXT_INSTRUCTION();
+    }
+    vm_throw: {
+        globalData->exception = JSValue();
+        if (!tickCount) {
+            // The exceptionValue is a lie! (GCC produces bad code for reasons I 
+            // cannot fathom if we don't assign to the exceptionValue before branching)
+            exceptionValue = createInterruptedExecutionException(globalData);
+        }
+        handler = throwException(callFrame, exceptionValue, vPC - callFrame->codeBlock()->instructions().begin(), false);
+        if (!handler) {
+            *exception = exceptionValue;
+            return jsNull();
+        }
+
+        vPC = callFrame->codeBlock()->instructions().begin() + handler->target;
+        NEXT_INSTRUCTION();
+    }
+    }
+#if !HAVE(COMPUTED_GOTO)
+    } // iterator loop ends
+#endif
+#endif // USE(INTERPRETER)
+    #undef NEXT_INSTRUCTION
+    #undef DEFINE_OPCODE
+    #undef CHECK_FOR_EXCEPTION
+    #undef CHECK_FOR_TIMEOUT
+}
+
+JSValue Interpreter::retrieveArguments(CallFrame* callFrame, JSFunction* function) const
+{
+    CallFrame* functionCallFrame = findFunctionCallFrame(callFrame, function);
+    if (!functionCallFrame)
+        return jsNull();
+
+    CodeBlock* codeBlock = functionCallFrame->codeBlock();
+    if (codeBlock->usesArguments()) {
+        ASSERT(codeBlock->codeType() == FunctionCode);
+        SymbolTable& symbolTable = *codeBlock->symbolTable();
+        int argumentsIndex = symbolTable.get(functionCallFrame->propertyNames().arguments.ustring().rep()).getIndex();
+        if (!functionCallFrame->r(argumentsIndex).jsValue()) {
+            Arguments* arguments = new (callFrame) Arguments(functionCallFrame);
+            functionCallFrame->setCalleeArguments(arguments);
+            functionCallFrame->r(RegisterFile::ArgumentsRegister) = JSValue(arguments);
+        }
+        return functionCallFrame->r(argumentsIndex).jsValue();
+    }
+
+    Arguments* arguments = functionCallFrame->optionalCalleeArguments();
+    if (!arguments) {
+        arguments = new (functionCallFrame) Arguments(functionCallFrame);
+        arguments->copyRegisters();
+        callFrame->setCalleeArguments(arguments);
+    }
+
+    return arguments;
+}
+
+JSValue Interpreter::retrieveCaller(CallFrame* callFrame, InternalFunction* function) const
+{
+    CallFrame* functionCallFrame = findFunctionCallFrame(callFrame, function);
+    if (!functionCallFrame)
+        return jsNull();
+
+    CallFrame* callerFrame = functionCallFrame->callerFrame();
+    if (callerFrame->hasHostCallFrameFlag())
+        return jsNull();
+
+    JSValue caller = callerFrame->callee();
+    if (!caller)
+        return jsNull();
+
+    return caller;
+}
+
+void Interpreter::retrieveLastCaller(CallFrame* callFrame, int& lineNumber, intptr_t& sourceID, UString& sourceURL, JSValue& function) const
+{
+    function = JSValue();
+    lineNumber = -1;
+    sourceURL = UString();
+
+    CallFrame* callerFrame = callFrame->callerFrame();
+    if (callerFrame->hasHostCallFrameFlag())
+        return;
+
+    CodeBlock* callerCodeBlock = callerFrame->codeBlock();
+    if (!callerCodeBlock)
+        return;
+
+    unsigned bytecodeOffset = bytecodeOffsetForPC(callerFrame, callerCodeBlock, callFrame->returnPC());
+    lineNumber = callerCodeBlock->lineNumberForBytecodeOffset(callerFrame, bytecodeOffset - 1);
+    sourceID = callerCodeBlock->ownerExecutable()->sourceID();
+    sourceURL = callerCodeBlock->ownerExecutable()->sourceURL();
+    function = callerFrame->callee();
+}
+
+CallFrame* Interpreter::findFunctionCallFrame(CallFrame* callFrame, InternalFunction* function)
+{
+    for (CallFrame* candidate = callFrame; candidate; candidate = candidate->callerFrame()->removeHostCallFrameFlag()) {
+        if (candidate->callee() == function)
+            return candidate;
+    }
+    return 0;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.h
new file mode 100644
index 000000000..157e0c721
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.h
@@ -0,0 +1,166 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Interpreter_h
+#define Interpreter_h
+
+#include "ArgList.h"
+#include "FastAllocBase.h"
+#include "JSCell.h"
+#include "JSValue.h"
+#include "JSObject.h"
+#include "Opcode.h"
+#include "RegisterFile.h"
+
+#include <wtf/HashMap.h>
+
+namespace JSC {
+
+    class CodeBlock;
+    class EvalExecutable;
+    class FunctionExecutable;
+    class InternalFunction;
+    class JSFunction;
+    class JSGlobalObject;
+    class ProgramExecutable;
+    class Register;
+    class ScopeChainNode;
+    class SamplingTool;
+    struct CallFrameClosure;
+    struct HandlerInfo;
+    struct Instruction;
+    
+    enum DebugHookID {
+        WillExecuteProgram,
+        DidExecuteProgram,
+        DidEnterCallFrame,
+        DidReachBreakpoint,
+        WillLeaveCallFrame,
+        WillExecuteStatement
+    };
+
+    enum { MaxMainThreadReentryDepth = 256, MaxSecondaryThreadReentryDepth = 32 };
+
+    class Interpreter : public FastAllocBase {
+        friend class JIT;
+        friend class CachedCall;
+    public:
+        Interpreter();
+
+        RegisterFile& registerFile() { return m_registerFile; }
+        
+        Opcode getOpcode(OpcodeID id)
+        {
+            #if HAVE(COMPUTED_GOTO)
+                return m_opcodeTable[id];
+            #else
+                return id;
+            #endif
+        }
+
+        OpcodeID getOpcodeID(Opcode opcode)
+        {
+            #if HAVE(COMPUTED_GOTO)
+                ASSERT(isOpcode(opcode));
+                return m_opcodeIDTable.get(opcode);
+            #else
+                return opcode;
+            #endif
+        }
+
+        bool isOpcode(Opcode);
+        
+        JSValue execute(ProgramExecutable*, CallFrame*, ScopeChainNode*, JSObject* thisObj, JSValue* exception);
+        JSValue execute(FunctionExecutable*, CallFrame*, JSFunction*, JSObject* thisObj, const ArgList& args, ScopeChainNode*, JSValue* exception);
+        JSValue execute(EvalExecutable* evalNode, CallFrame* exec, JSObject* thisObj, ScopeChainNode* scopeChain, JSValue* exception);
+
+        JSValue retrieveArguments(CallFrame*, JSFunction*) const;
+        JSValue retrieveCaller(CallFrame*, InternalFunction*) const;
+        void retrieveLastCaller(CallFrame*, int& lineNumber, intptr_t& sourceID, UString& sourceURL, JSValue& function) const;
+        
+        void getArgumentsData(CallFrame*, JSFunction*&, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc);
+        
+        void setSampler(SamplingTool* sampler) { m_sampler = sampler; }
+        SamplingTool* sampler() { return m_sampler; }
+
+        NEVER_INLINE JSValue callEval(CallFrame*, RegisterFile*, Register* argv, int argc, int registerOffset, JSValue& exceptionValue);
+        NEVER_INLINE HandlerInfo* throwException(CallFrame*&, JSValue&, unsigned bytecodeOffset, bool);
+        NEVER_INLINE void debug(CallFrame*, DebugHookID, int firstLine, int lastLine, int column);
+
+    private:
+        enum ExecutionFlag { Normal, InitializeAndReturn };
+
+        CallFrameClosure prepareForRepeatCall(FunctionExecutable*, CallFrame*, JSFunction*, int argCount, ScopeChainNode*, JSValue* exception);
+        void endRepeatCall(CallFrameClosure&);
+        JSValue execute(CallFrameClosure&, JSValue* exception);
+
+        JSValue execute(EvalExecutable*, CallFrame*, JSObject* thisObject, int globalRegisterOffset, ScopeChainNode*, JSValue* exception);
+
+#if USE(INTERPRETER)
+        NEVER_INLINE bool resolve(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE bool resolveSkip(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE bool resolveGlobal(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE void resolveBase(CallFrame*, Instruction* vPC);
+        NEVER_INLINE bool resolveBaseAndProperty(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE bool resolveBaseAndFunc(CallFrame*, Instruction*, JSValue& exceptionValue);
+        NEVER_INLINE ScopeChainNode* createExceptionScope(CallFrame*, const Instruction* vPC);
+
+        void tryCacheGetByID(CallFrame*, CodeBlock*, Instruction*, JSValue baseValue, const Identifier& propertyName, const PropertySlot&);
+        void uncacheGetByID(CodeBlock*, Instruction* vPC);
+        void tryCachePutByID(CallFrame*, CodeBlock*, Instruction*, JSValue baseValue, const PutPropertySlot&);
+        void uncachePutByID(CodeBlock*, Instruction* vPC);        
+#endif
+
+        NEVER_INLINE bool unwindCallFrame(CallFrame*&, JSValue, unsigned& bytecodeOffset, CodeBlock*&);
+
+        static ALWAYS_INLINE CallFrame* slideRegisterWindowForCall(CodeBlock*, RegisterFile*, CallFrame*, size_t registerOffset, int argc);
+
+        static CallFrame* findFunctionCallFrame(CallFrame*, InternalFunction*);
+
+        JSValue privateExecute(ExecutionFlag, RegisterFile*, CallFrame*, JSValue* exception);
+
+        void dumpCallFrame(CallFrame*);
+        void dumpRegisters(CallFrame*);
+        
+        bool isCallBytecode(Opcode opcode) { return opcode == getOpcode(op_call) || opcode == getOpcode(op_construct) || opcode == getOpcode(op_call_eval); }
+
+        SamplingTool* m_sampler;
+
+        int m_reentryDepth;
+
+        RegisterFile m_registerFile;
+        
+#if HAVE(COMPUTED_GOTO)
+        Opcode m_opcodeTable[numOpcodeIDs]; // Maps OpcodeID => Opcode for compiling
+        HashMap<Opcode, OpcodeID> m_opcodeIDTable; // Maps Opcode => OpcodeID for decompiling
+#endif
+    };
+    
+} // namespace JSC
+
+#endif // Interpreter_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Register.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Register.h
new file mode 100644
index 000000000..ea1f84930
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/Register.h
@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Register_h
+#define Register_h
+
+#include "JSValue.h"
+#include <wtf/Assertions.h>
+#include <wtf/FastAllocBase.h>
+#include <wtf/VectorTraits.h>
+
+namespace JSC {
+
+    class Arguments;
+    class CodeBlock;
+    class ExecState;
+    class JSActivation;
+    class JSPropertyNameIterator;
+    class ScopeChainNode;
+
+    struct Instruction;
+
+    typedef ExecState CallFrame;
+
+    class Register : public WTF::FastAllocBase {
+    public:
+        Register();
+        Register(JSValue);
+
+        JSValue jsValue() const;
+        
+        Register(JSActivation*);
+        Register(CallFrame*);
+        Register(CodeBlock*);
+        Register(JSObject*);
+        Register(JSPropertyNameIterator*);
+        Register(ScopeChainNode*);
+        Register(Instruction*);
+
+        int32_t i() const;
+        JSActivation* activation() const;
+        Arguments* arguments() const;
+        CallFrame* callFrame() const;
+        CodeBlock* codeBlock() const;
+        JSObject* object() const;
+        JSPropertyNameIterator* propertyNameIterator() const;
+        ScopeChainNode* scopeChain() const;
+        Instruction* vPC() const;
+
+        static Register withInt(int32_t i)
+        {
+            return Register(i);
+        }
+
+    private:
+        Register(int32_t);
+
+        union {
+            int32_t i;
+            EncodedJSValue value;
+
+            JSActivation* activation;
+            CallFrame* callFrame;
+            CodeBlock* codeBlock;
+            JSObject* object;
+            JSPropertyNameIterator* propertyNameIterator;
+            ScopeChainNode* scopeChain;
+            Instruction* vPC;
+        } u;
+    };
+
+    ALWAYS_INLINE Register::Register()
+    {
+#ifndef NDEBUG
+        u.value = JSValue::encode(JSValue());
+#endif
+    }
+
+    ALWAYS_INLINE Register::Register(JSValue v)
+    {
+        u.value = JSValue::encode(v);
+    }
+
+    ALWAYS_INLINE JSValue Register::jsValue() const
+    {
+        return JSValue::decode(u.value);
+    }
+
+    // Interpreter functions
+
+    ALWAYS_INLINE Register::Register(JSActivation* activation)
+    {
+        u.activation = activation;
+    }
+
+    ALWAYS_INLINE Register::Register(CallFrame* callFrame)
+    {
+        u.callFrame = callFrame;
+    }
+
+    ALWAYS_INLINE Register::Register(CodeBlock* codeBlock)
+    {
+        u.codeBlock = codeBlock;
+    }
+
+    ALWAYS_INLINE Register::Register(JSObject* object)
+    {
+        u.object = object;
+    }
+
+    ALWAYS_INLINE Register::Register(Instruction* vPC)
+    {
+        u.vPC = vPC;
+    }
+
+    ALWAYS_INLINE Register::Register(ScopeChainNode* scopeChain)
+    {
+        u.scopeChain = scopeChain;
+    }
+
+    ALWAYS_INLINE Register::Register(JSPropertyNameIterator* propertyNameIterator)
+    {
+        u.propertyNameIterator = propertyNameIterator;
+    }
+
+    ALWAYS_INLINE Register::Register(int32_t i)
+    {
+        u.i = i;
+    }
+
+    ALWAYS_INLINE int32_t Register::i() const
+    {
+        return u.i;
+    }
+    
+    ALWAYS_INLINE JSActivation* Register::activation() const
+    {
+        return u.activation;
+    }
+    
+    ALWAYS_INLINE CallFrame* Register::callFrame() const
+    {
+        return u.callFrame;
+    }
+    
+    ALWAYS_INLINE CodeBlock* Register::codeBlock() const
+    {
+        return u.codeBlock;
+    }
+    
+    ALWAYS_INLINE JSObject* Register::object() const
+    {
+        return u.object;
+    }
+    
+    ALWAYS_INLINE JSPropertyNameIterator* Register::propertyNameIterator() const
+    {
+        return u.propertyNameIterator;
+    }
+    
+    ALWAYS_INLINE ScopeChainNode* Register::scopeChain() const
+    {
+        return u.scopeChain;
+    }
+    
+    ALWAYS_INLINE Instruction* Register::vPC() const
+    {
+        return u.vPC;
+    }
+
+} // namespace JSC
+
+namespace WTF {
+
+    template<> struct VectorTraits<JSC::Register> : VectorTraitsBase<true, JSC::Register> { };
+
+} // namespace WTF
+
+#endif // Register_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.cpp
new file mode 100644
index 000000000..de5175eb9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "RegisterFile.h"
+
+namespace JSC {
+
+RegisterFile::~RegisterFile()
+{
+#if HAVE(MMAP)
+    munmap(reinterpret_cast<char*>(m_buffer), ((m_max - m_start) + m_maxGlobals) * sizeof(Register));
+#elif HAVE(VIRTUALALLOC)
+#if PLATFORM(WINCE)
+    VirtualFree(m_buffer, DWORD(m_commitEnd) - DWORD(m_buffer), MEM_DECOMMIT);
+#endif
+    VirtualFree(m_buffer, 0, MEM_RELEASE);
+#else
+    fastFree(m_buffer);
+#endif
+}
+
+void RegisterFile::releaseExcessCapacity()
+{
+#if HAVE(MMAP) && HAVE(MADV_FREE) && !HAVE(VIRTUALALLOC)
+    while (madvise(m_start, (m_max - m_start) * sizeof(Register), MADV_FREE) == -1 && errno == EAGAIN) { }
+#elif HAVE(VIRTUALALLOC)
+    VirtualFree(m_start, (m_max - m_start) * sizeof(Register), MEM_DECOMMIT);
+    m_commitEnd = m_start;
+#endif
+    m_maxUsed = m_start;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.h b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.h
new file mode 100644
index 000000000..0eeff0eff
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/interpreter/RegisterFile.h
@@ -0,0 +1,265 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef RegisterFile_h
+#define RegisterFile_h
+
+#include "Collector.h"
+#include "ExecutableAllocator.h"
+#include "Register.h"
+#include <stdio.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/VMTags.h>
+
+#if HAVE(MMAP)
+#include <errno.h>
+#include <sys/mman.h>
+#endif
+
+namespace JSC {
+
+/*
+    A register file is a stack of register frames. We represent a register
+    frame by its offset from "base", the logical first entry in the register
+    file. The bottom-most register frame's offset from base is 0.
+
+    In a program where function "a" calls function "b" (global code -> a -> b),
+    the register file might look like this:
+
+    |       global frame     |        call frame      |        call frame      |     spare capacity     |
+    -----------------------------------------------------------------------------------------------------
+    |  0 |  1 |  2 |  3 |  4 |  5 |  6 |  7 |  8 |  9 | 10 | 11 | 12 | 13 | 14 |    |    |    |    |    | <-- index in buffer
+    -----------------------------------------------------------------------------------------------------
+    | -3 | -2 | -1 |  0 |  1 |  2 |  3 |  4 |  5 |  6 |  7 |  8 |  9 | 10 | 11 |    |    |    |    |    | <-- index relative to base
+    -----------------------------------------------------------------------------------------------------
+    |    <-globals | temps-> |  <-vars | temps->      |                 <-vars |
+       ^              ^                   ^                                       ^
+       |              |                   |                                       |
+     buffer    base (frame 0)          frame 1                                 frame 2
+
+    Since all variables, including globals, are accessed by negative offsets
+    from their register frame pointers, to keep old global offsets correct, new
+    globals must appear at the beginning of the register file, shifting base
+    to the right.
+
+    If we added one global variable to the register file depicted above, it
+    would look like this:
+
+    |         global frame        |<                                                                    >
+    ------------------------------->                                                                    <
+    |  0 |  1 |  2 |  3 |  4 |  5 |<                             >snip<                                 > <-- index in buffer
+    ------------------------------->                                                                    <
+    | -4 | -3 | -2 | -1 |  0 |  1 |<                                                                    > <-- index relative to base
+    ------------------------------->                                                                    <
+    |         <-globals | temps-> |
+       ^                   ^
+       |                   |
+     buffer         base (frame 0)
+
+    As you can see, global offsets relative to base have stayed constant,
+    but base itself has moved. To keep up with possible changes to base,
+    clients keep an indirect pointer, so their calculations update
+    automatically when base changes.
+
+    For client simplicity, the RegisterFile measures size and capacity from
+    "base", not "buffer".
+*/
+
+    class JSGlobalObject;
+
+    class RegisterFile : public Noncopyable {
+        friend class JIT;
+    public:
+        enum CallFrameHeaderEntry {
+            CallFrameHeaderSize = 8,
+
+            CodeBlock = -8,
+            ScopeChain = -7,
+            CallerFrame = -6,
+            ReturnPC = -5, // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.
+            ReturnValueRegister = -4,
+            ArgumentCount = -3,
+            Callee = -2,
+            OptionalCalleeArguments = -1
+        };
+
+        enum { ProgramCodeThisRegister = -CallFrameHeaderSize - 1 };
+        enum { ArgumentsRegister = 0 };
+
+        static const size_t defaultCapacity = 524288;
+        static const size_t defaultMaxGlobals = 8192;
+        static const size_t commitSize = 1 << 14;
+        // Allow 8k of excess registers before we start trying to reap the registerfile
+        static const ptrdiff_t maxExcessCapacity = 8 * 1024;
+
+        RegisterFile(size_t capacity = defaultCapacity, size_t maxGlobals = defaultMaxGlobals);
+        ~RegisterFile();
+
+        Register* start() const { return m_start; }
+        Register* end() const { return m_end; }
+        size_t size() const { return m_end - m_start; }
+
+        void setGlobalObject(JSGlobalObject* globalObject) { m_globalObject = globalObject; }
+        JSGlobalObject* globalObject() { return m_globalObject; }
+
+        bool grow(Register* newEnd);
+        void shrink(Register* newEnd);
+        
+        void setNumGlobals(size_t numGlobals) { m_numGlobals = numGlobals; }
+        int numGlobals() const { return m_numGlobals; }
+        size_t maxGlobals() const { return m_maxGlobals; }
+
+        Register* lastGlobal() const { return m_start - m_numGlobals; }
+        
+        void markGlobals(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, lastGlobal(), m_start); }
+        void markCallFrames(MarkStack& markStack, Heap* heap) { heap->markConservatively(markStack, m_start, m_end); }
+
+    private:
+        void releaseExcessCapacity();
+        size_t m_numGlobals;
+        const size_t m_maxGlobals;
+        Register* m_start;
+        Register* m_end;
+        Register* m_max;
+        Register* m_buffer;
+        Register* m_maxUsed;
+
+#if HAVE(VIRTUALALLOC)
+        Register* m_commitEnd;
+#endif
+
+        JSGlobalObject* m_globalObject; // The global object whose vars are currently stored in the register file.
+    };
+
+    // FIXME: Add a generic getpagesize() to WTF, then move this function to WTF as well.
+    inline bool isPageAligned(size_t size) { return size != 0 && size % (8 * 1024) == 0; }
+
+    inline RegisterFile::RegisterFile(size_t capacity, size_t maxGlobals)
+        : m_numGlobals(0)
+        , m_maxGlobals(maxGlobals)
+        , m_start(0)
+        , m_end(0)
+        , m_max(0)
+        , m_buffer(0)
+        , m_globalObject(0)
+    {
+        // Verify that our values will play nice with mmap and VirtualAlloc.
+        ASSERT(isPageAligned(maxGlobals));
+        ASSERT(isPageAligned(capacity));
+
+        size_t bufferLength = (capacity + maxGlobals) * sizeof(Register);
+    #if HAVE(MMAP)
+        m_buffer = reinterpret_cast<Register*>(mmap(0, bufferLength, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, VM_TAG_FOR_REGISTERFILE_MEMORY, 0));
+        if (m_buffer == MAP_FAILED) {
+#if PLATFORM(WINCE)
+            fprintf(stderr, "Could not allocate register file: %d\n", GetLastError());
+#else
+            fprintf(stderr, "Could not allocate register file: %d\n", errno);
+#endif
+            CRASH();
+        }
+    #elif HAVE(VIRTUALALLOC)
+        m_buffer = static_cast<Register*>(VirtualAlloc(0, roundUpAllocationSize(bufferLength, commitSize), MEM_RESERVE, PAGE_READWRITE));
+        if (!m_buffer) {
+#if PLATFORM(WINCE)
+            fprintf(stderr, "Could not allocate register file: %d\n", GetLastError());
+#else
+            fprintf(stderr, "Could not allocate register file: %d\n", errno);
+#endif
+            CRASH();
+        }
+        size_t committedSize = roundUpAllocationSize(maxGlobals * sizeof(Register), commitSize);
+        void* commitCheck = VirtualAlloc(m_buffer, committedSize, MEM_COMMIT, PAGE_READWRITE);
+        if (commitCheck != m_buffer) {
+#if PLATFORM(WINCE)
+            fprintf(stderr, "Could not allocate register file: %d\n", GetLastError());
+#else
+            fprintf(stderr, "Could not allocate register file: %d\n", errno);
+#endif
+            CRASH();
+        }
+        m_commitEnd = reinterpret_cast<Register*>(reinterpret_cast<char*>(m_buffer) + committedSize);
+    #else 
+        /* 
+         * If neither MMAP nor VIRTUALALLOC are available - use fastMalloc instead.
+         *
+         * Please note that this is the fallback case, which is non-optimal.
+         * If any possible, the platform should provide for a better memory
+         * allocation mechanism that allows for "lazy commit" or dynamic
+         * pre-allocation, similar to mmap or VirtualAlloc, to avoid waste of memory.
+         */
+        m_buffer = static_cast<Register*>(fastMalloc(bufferLength));
+    #endif
+        m_start = m_buffer + maxGlobals;
+        m_end = m_start;
+        m_maxUsed = m_end;
+        m_max = m_start + capacity;
+    }
+
+    inline void RegisterFile::shrink(Register* newEnd)
+    {
+        if (newEnd >= m_end)
+            return;
+        m_end = newEnd;
+        if (m_end == m_start && (m_maxUsed - m_start) > maxExcessCapacity)
+            releaseExcessCapacity();
+    }
+
+    inline bool RegisterFile::grow(Register* newEnd)
+    {
+        if (newEnd < m_end)
+            return true;
+
+        if (newEnd > m_max)
+            return false;
+
+#if !HAVE(MMAP) && HAVE(VIRTUALALLOC)
+        if (newEnd > m_commitEnd) {
+            size_t size = roundUpAllocationSize(reinterpret_cast<char*>(newEnd) - reinterpret_cast<char*>(m_commitEnd), commitSize);
+            if (!VirtualAlloc(m_commitEnd, size, MEM_COMMIT, PAGE_READWRITE)) {
+#if PLATFORM(WINCE)
+                fprintf(stderr, "Could not allocate register file: %d\n", GetLastError());
+#else
+                fprintf(stderr, "Could not allocate register file: %d\n", errno);
+#endif
+                CRASH();
+            }
+            m_commitEnd = reinterpret_cast<Register*>(reinterpret_cast<char*>(m_commitEnd) + size);
+        }
+#endif
+
+        if (newEnd > m_maxUsed)
+            m_maxUsed = newEnd;
+
+        m_end = newEnd;
+        return true;
+    }
+
+} // namespace JSC
+
+#endif // RegisterFile_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
new file mode 100644
index 000000000..f6b27ec2a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "ExecutableAllocator.h"
+
+#if ENABLE(ASSEMBLER)
+
+namespace JSC {
+
+size_t ExecutableAllocator::pageSize = 0;
+
+}
+
+#endif // HAVE(ASSEMBLER)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h
new file mode 100644
index 000000000..3274fcc67
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h
@@ -0,0 +1,258 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ExecutableAllocator_h
+#define ExecutableAllocator_h
+
+#include <limits>
+#include <wtf/Assertions.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+#include <wtf/UnusedParam.h>
+#include <wtf/Vector.h>
+
+#if PLATFORM(IPHONE)
+#include <libkern/OSCacheControl.h>
+#include <sys/mman.h>
+#endif
+
+#if PLATFORM(SYMBIAN)
+#include <e32std.h>
+#endif
+
+#define JIT_ALLOCATOR_PAGE_SIZE (ExecutableAllocator::pageSize)
+#define JIT_ALLOCATOR_LARGE_ALLOC_SIZE (ExecutableAllocator::pageSize * 4)
+
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+#define PROTECTION_FLAGS_RW (PROT_READ | PROT_WRITE)
+#define PROTECTION_FLAGS_RX (PROT_READ | PROT_EXEC)
+#define INITIAL_PROTECTION_FLAGS PROTECTION_FLAGS_RX
+#else
+#define INITIAL_PROTECTION_FLAGS (PROT_READ | PROT_WRITE | PROT_EXEC)
+#endif
+
+namespace JSC {
+
+inline size_t roundUpAllocationSize(size_t request, size_t granularity)
+{
+    if ((std::numeric_limits<size_t>::max() - granularity) <= request)
+        CRASH(); // Allocation is too large
+    
+    // Round up to next page boundary
+    size_t size = request + (granularity - 1);
+    size = size & ~(granularity - 1);
+    ASSERT(size >= request);
+    return size;
+}
+
+}
+
+#if ENABLE(ASSEMBLER)
+
+namespace JSC {
+
+class ExecutablePool : public RefCounted<ExecutablePool> {
+private:
+    struct Allocation {
+        char* pages;
+        size_t size;
+    };
+    typedef Vector<Allocation, 2> AllocationList;
+
+public:
+    static PassRefPtr<ExecutablePool> create(size_t n)
+    {
+        return adoptRef(new ExecutablePool(n));
+    }
+
+    void* alloc(size_t n)
+    {
+        ASSERT(m_freePtr <= m_end);
+
+        // Round 'n' up to a multiple of word size; if all allocations are of
+        // word sized quantities, then all subsequent allocations will be aligned.
+        n = roundUpAllocationSize(n, sizeof(void*));
+
+        if (static_cast<ptrdiff_t>(n) < (m_end - m_freePtr)) {
+            void* result = m_freePtr;
+            m_freePtr += n;
+            return result;
+        }
+
+        // Insufficient space to allocate in the existing pool
+        // so we need allocate into a new pool
+        return poolAllocate(n);
+    }
+    
+    ~ExecutablePool()
+    {
+        AllocationList::const_iterator end = m_pools.end();
+        for (AllocationList::const_iterator ptr = m_pools.begin(); ptr != end; ++ptr)
+            ExecutablePool::systemRelease(*ptr);
+    }
+
+    size_t available() const { return (m_pools.size() > 1) ? 0 : m_end - m_freePtr; }
+
+private:
+    static Allocation systemAlloc(size_t n);
+    static void systemRelease(const Allocation& alloc);
+
+    ExecutablePool(size_t n);
+
+    void* poolAllocate(size_t n);
+
+    char* m_freePtr;
+    char* m_end;
+    AllocationList m_pools;
+};
+
+class ExecutableAllocator {
+    enum ProtectionSeting { Writable, Executable };
+
+public:
+    static size_t pageSize;
+    ExecutableAllocator()
+    {
+        if (!pageSize)
+            intializePageSize();
+        m_smallAllocationPool = ExecutablePool::create(JIT_ALLOCATOR_LARGE_ALLOC_SIZE);
+    }
+
+    PassRefPtr<ExecutablePool> poolForSize(size_t n)
+    {
+        // Try to fit in the existing small allocator
+        if (n < m_smallAllocationPool->available())
+            return m_smallAllocationPool;
+
+        // If the request is large, we just provide a unshared allocator
+        if (n > JIT_ALLOCATOR_LARGE_ALLOC_SIZE)
+            return ExecutablePool::create(n);
+
+        // Create a new allocator
+        RefPtr<ExecutablePool> pool = ExecutablePool::create(JIT_ALLOCATOR_LARGE_ALLOC_SIZE);
+
+        // If the new allocator will result in more free space than in
+        // the current small allocator, then we will use it instead
+        if ((pool->available() - n) > m_smallAllocationPool->available())
+            m_smallAllocationPool = pool;
+        return pool.release();
+    }
+
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+    static void makeWritable(void* start, size_t size)
+    {
+        reprotectRegion(start, size, Writable);
+    }
+
+    static void makeExecutable(void* start, size_t size)
+    {
+        reprotectRegion(start, size, Executable);
+    }
+#else
+    static void makeWritable(void*, size_t) {}
+    static void makeExecutable(void*, size_t) {}
+#endif
+
+
+#if PLATFORM(X86) || PLATFORM(X86_64)
+    static void cacheFlush(void*, size_t)
+    {
+    }
+#elif PLATFORM(ARM_THUMB2) && PLATFORM(IPHONE)
+    static void cacheFlush(void* code, size_t size)
+    {
+        sys_dcache_flush(code, size);
+        sys_icache_invalidate(code, size);
+    }
+#elif PLATFORM(SYMBIAN)
+    static void cacheFlush(void* code, size_t size)
+    {
+        User::IMB_Range(code, static_cast<char*>(code) + size);
+    }
+#elif PLATFORM(ARM_TRADITIONAL) && PLATFORM(LINUX)
+    static void cacheFlush(void* code, size_t size)
+    {
+        asm volatile (
+            "push    {r7}\n"
+            "mov     r0, %0\n"
+            "mov     r1, %1\n"
+            "mov     r7, #0xf0000\n"
+            "add     r7, r7, #0x2\n"
+            "mov     r2, #0x0\n"
+            "svc     0x0\n"
+            "pop     {r7}\n"
+            :
+            : "r" (code), "r" (reinterpret_cast<char*>(code) + size)
+            : "r0", "r1");
+    }
+#else
+    #error "The cacheFlush support is missing on this platform."
+#endif
+
+private:
+
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+    static void reprotectRegion(void*, size_t, ProtectionSeting);
+#endif
+
+    RefPtr<ExecutablePool> m_smallAllocationPool;
+    static void intializePageSize();
+};
+
+inline ExecutablePool::ExecutablePool(size_t n)
+{
+    size_t allocSize = roundUpAllocationSize(n, JIT_ALLOCATOR_PAGE_SIZE);
+    Allocation mem = systemAlloc(allocSize);
+    m_pools.append(mem);
+    m_freePtr = mem.pages;
+    if (!m_freePtr)
+        CRASH(); // Failed to allocate
+    m_end = m_freePtr + allocSize;
+}
+
+inline void* ExecutablePool::poolAllocate(size_t n)
+{
+    size_t allocSize = roundUpAllocationSize(n, JIT_ALLOCATOR_PAGE_SIZE);
+    
+    Allocation result = systemAlloc(allocSize);
+    if (!result.pages)
+        CRASH(); // Failed to allocate
+    
+    ASSERT(m_end >= m_freePtr);
+    if ((allocSize - n) > static_cast<size_t>(m_end - m_freePtr)) {
+        // Replace allocation pool
+        m_freePtr = result.pages + n;
+        m_end = result.pages + allocSize;
+    }
+
+    m_pools.append(result);
+    return result.pages;
+}
+
+}
+
+#endif // ENABLE(ASSEMBLER)
+
+#endif // !defined(ExecutableAllocator)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
new file mode 100644
index 000000000..7682b9c64
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
@@ -0,0 +1,447 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "ExecutableAllocator.h"
+
+#include <errno.h>
+
+#if ENABLE(ASSEMBLER) && PLATFORM(MAC) && PLATFORM(X86_64)
+
+#include "TCSpinLock.h"
+#include <mach/mach_init.h>
+#include <mach/vm_map.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <wtf/AVLTree.h>
+#include <wtf/VMTags.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+#define TWO_GB (2u * 1024u * 1024u * 1024u)
+#define SIXTEEN_MB (16u * 1024u * 1024u)
+
+// FreeListEntry describes a free chunk of memory, stored in the freeList.
+struct FreeListEntry {
+    FreeListEntry(void* pointer, size_t size)
+        : pointer(pointer)
+        , size(size)
+        , nextEntry(0)
+        , less(0)
+        , greater(0)
+        , balanceFactor(0)
+    {
+    }
+
+    // All entries of the same size share a single entry
+    // in the AVLTree, and are linked together in a linked
+    // list, using nextEntry.
+    void* pointer;
+    size_t size;
+    FreeListEntry* nextEntry;
+
+    // These fields are used by AVLTree.
+    FreeListEntry* less;
+    FreeListEntry* greater;
+    int balanceFactor;
+};
+
+// Abstractor class for use in AVLTree.
+// Nodes in the AVLTree are of type FreeListEntry, keyed on
+// (and thus sorted by) their size.
+struct AVLTreeAbstractorForFreeList {
+    typedef FreeListEntry* handle;
+    typedef int32_t size;
+    typedef size_t key;
+
+    handle get_less(handle h) { return h->less; }
+    void set_less(handle h, handle lh) { h->less = lh; }
+    handle get_greater(handle h) { return h->greater; }
+    void set_greater(handle h, handle gh) { h->greater = gh; }
+    int get_balance_factor(handle h) { return h->balanceFactor; }
+    void set_balance_factor(handle h, int bf) { h->balanceFactor = bf; }
+
+    static handle null() { return 0; }
+
+    int compare_key_key(key va, key vb) { return va - vb; }
+    int compare_key_node(key k, handle h) { return compare_key_key(k, h->size); }
+    int compare_node_node(handle h1, handle h2) { return compare_key_key(h1->size, h2->size); }
+};
+
+// Used to reverse sort an array of FreeListEntry pointers.
+static int reverseSortFreeListEntriesByPointer(const void* leftPtr, const void* rightPtr)
+{
+    FreeListEntry* left = *(FreeListEntry**)leftPtr;
+    FreeListEntry* right = *(FreeListEntry**)rightPtr;
+
+    return (intptr_t)(right->pointer) - (intptr_t)(left->pointer);
+}
+
+// Used to reverse sort an array of pointers.
+static int reverseSortCommonSizedAllocations(const void* leftPtr, const void* rightPtr)
+{
+    void* left = *(void**)leftPtr;
+    void* right = *(void**)rightPtr;
+
+    return (intptr_t)right - (intptr_t)left;
+}
+
+class FixedVMPoolAllocator
+{
+    // The free list is stored in a sorted tree.
+    typedef AVLTree<AVLTreeAbstractorForFreeList, 40> SizeSortedFreeTree;
+
+    // Use madvise as apropriate to prevent freed pages from being spilled,
+    // and to attempt to ensure that used memory is reported correctly.
+#if HAVE(MADV_FREE_REUSE)
+    void release(void* position, size_t size)
+    {
+        while (madvise(position, size, MADV_FREE_REUSABLE) == -1 && errno == EAGAIN) { }
+    }
+
+    void reuse(void* position, size_t size)
+    {
+        while (madvise(position, size, MADV_FREE_REUSE) == -1 && errno == EAGAIN) { }
+    }
+#elif HAVE(MADV_DONTNEED)
+    void release(void* position, size_t size)
+    {
+        while (madvise(position, size, MADV_DONTNEED) == -1 && errno == EAGAIN) { }
+    }
+
+    void reuse(void*, size_t) {}
+#else
+    void release(void*, size_t) {}
+    void reuse(void*, size_t) {}
+#endif
+
+    // All addition to the free list should go through this method, rather than
+    // calling insert directly, to avoid multiple entries beging added with the
+    // same key.  All nodes being added should be singletons, they should not
+    // already be a part of a chain.
+    void addToFreeList(FreeListEntry* entry)
+    {
+        ASSERT(!entry->nextEntry);
+
+        if (entry->size == m_commonSize) {
+            m_commonSizedAllocations.append(entry->pointer);
+            delete entry;
+        } else if (FreeListEntry* entryInFreeList = m_freeList.search(entry->size, m_freeList.EQUAL)) {
+            // m_freeList already contain an entry for this size - insert this node into the chain.
+            entry->nextEntry = entryInFreeList->nextEntry;
+            entryInFreeList->nextEntry = entry;
+        } else
+            m_freeList.insert(entry);
+    }
+
+    // We do not attempt to coalesce addition, which may lead to fragmentation;
+    // instead we periodically perform a sweep to try to coalesce neigboring
+    // entries in m_freeList.  Presently this is triggered at the point 16MB
+    // of memory has been released.
+    void coalesceFreeSpace()
+    {
+        Vector<FreeListEntry*> freeListEntries;
+        SizeSortedFreeTree::Iterator iter;
+        iter.start_iter_least(m_freeList);
+
+        // Empty m_freeList into a Vector.
+        for (FreeListEntry* entry; (entry = *iter); ++iter) {
+            // Each entry in m_freeList might correspond to multiple
+            // free chunks of memory (of the same size).  Walk the chain
+            // (this is likely of couse only be one entry long!) adding
+            // each entry to the Vector (at reseting the next in chain
+            // pointer to separate each node out).
+            FreeListEntry* next;
+            do {
+                next = entry->nextEntry;
+                entry->nextEntry = 0;
+                freeListEntries.append(entry);
+            } while ((entry = next));
+        }
+        // All entries are now in the Vector; purge the tree.
+        m_freeList.purge();
+
+        // Reverse-sort the freeListEntries and m_commonSizedAllocations Vectors.
+        // We reverse-sort so that we can logically work forwards through memory,
+        // whilst popping items off the end of the Vectors using last() and removeLast().
+        qsort(freeListEntries.begin(), freeListEntries.size(), sizeof(FreeListEntry*), reverseSortFreeListEntriesByPointer);
+        qsort(m_commonSizedAllocations.begin(), m_commonSizedAllocations.size(), sizeof(void*), reverseSortCommonSizedAllocations);
+
+        // The entries from m_commonSizedAllocations that cannot be
+        // coalesced into larger chunks will be temporarily stored here.
+        Vector<void*> newCommonSizedAllocations;
+
+        // Keep processing so long as entries remain in either of the vectors.
+        while (freeListEntries.size() || m_commonSizedAllocations.size()) {
+            // We're going to try to find a FreeListEntry node that we can coalesce onto.
+            FreeListEntry* coalescionEntry = 0;
+
+            // Is the lowest addressed chunk of free memory of common-size, or is it in the free list?
+            if (m_commonSizedAllocations.size() && (!freeListEntries.size() || (m_commonSizedAllocations.last() < freeListEntries.last()->pointer))) {
+                // Pop an item from the m_commonSizedAllocations vector - this is the lowest
+                // addressed free chunk.  Find out the begin and end addresses of the memory chunk.
+                void* begin = m_commonSizedAllocations.last();
+                void* end = (void*)((intptr_t)begin + m_commonSize);
+                m_commonSizedAllocations.removeLast();
+
+                // Try to find another free chunk abutting onto the end of the one we have already found.
+                if (freeListEntries.size() && (freeListEntries.last()->pointer == end)) {
+                    // There is an existing FreeListEntry for the next chunk of memory!
+                    // we can reuse this.  Pop it off the end of m_freeList.
+                    coalescionEntry = freeListEntries.last();
+                    freeListEntries.removeLast();
+                    // Update the existing node to include the common-sized chunk that we also found. 
+                    coalescionEntry->pointer = (void*)((intptr_t)coalescionEntry->pointer - m_commonSize);
+                    coalescionEntry->size += m_commonSize;
+                } else if (m_commonSizedAllocations.size() && (m_commonSizedAllocations.last() == end)) {
+                    // There is a second common-sized chunk that can be coalesced.
+                    // Allocate a new node.
+                    m_commonSizedAllocations.removeLast();
+                    coalescionEntry = new FreeListEntry(begin, 2 * m_commonSize);
+                } else {
+                    // Nope - this poor little guy is all on his own. :-(
+                    // Add him into the newCommonSizedAllocations vector for now, we're
+                    // going to end up adding him back into the m_commonSizedAllocations
+                    // list when we're done.
+                    newCommonSizedAllocations.append(begin);
+                    continue;
+                }
+            } else {
+                ASSERT(freeListEntries.size());
+                ASSERT(!m_commonSizedAllocations.size() || (freeListEntries.last()->pointer < m_commonSizedAllocations.last()));
+                // The lowest addressed item is from m_freeList; pop it from the Vector.
+                coalescionEntry = freeListEntries.last();
+                freeListEntries.removeLast();
+            }
+            
+            // Right, we have a FreeListEntry, we just need check if there is anything else
+            // to coalesce onto the end.
+            ASSERT(coalescionEntry);
+            while (true) {
+                // Calculate the end address of the chunk we have found so far.
+                void* end = (void*)((intptr_t)coalescionEntry->pointer - coalescionEntry->size);
+
+                // Is there another chunk adjacent to the one we already have?
+                if (freeListEntries.size() && (freeListEntries.last()->pointer == end)) {
+                    // Yes - another FreeListEntry -pop it from the list.
+                    FreeListEntry* coalescee = freeListEntries.last();
+                    freeListEntries.removeLast();
+                    // Add it's size onto our existing node.
+                    coalescionEntry->size += coalescee->size;
+                    delete coalescee;
+                } else if (m_commonSizedAllocations.size() && (m_commonSizedAllocations.last() == end)) {
+                    // We can coalesce the next common-sized chunk.
+                    m_commonSizedAllocations.removeLast();
+                    coalescionEntry->size += m_commonSize;
+                } else
+                    break; // Nope, nothing to be added - stop here.
+            }
+
+            // We've coalesced everything we can onto the current chunk.
+            // Add it back into m_freeList.
+            addToFreeList(coalescionEntry);
+        }
+
+        // All chunks of free memory larger than m_commonSize should be
+        // back in m_freeList by now.  All that remains to be done is to
+        // copy the contents on the newCommonSizedAllocations back into
+        // the m_commonSizedAllocations Vector.
+        ASSERT(m_commonSizedAllocations.size() == 0);
+        m_commonSizedAllocations.append(newCommonSizedAllocations);
+    }
+
+public:
+
+    FixedVMPoolAllocator(size_t commonSize, size_t totalHeapSize)
+        : m_commonSize(commonSize)
+        , m_countFreedSinceLastCoalesce(0)
+        , m_totalHeapSize(totalHeapSize)
+    {
+        // Cook up an address to allocate at, using the following recipe:
+        //   17 bits of zero, stay in userspace kids.
+        //   26 bits of randomness for ASLR.
+        //   21 bits of zero, at least stay aligned within one level of the pagetables.
+        //
+        // But! - as a temporary workaround for some plugin problems (rdar://problem/6812854),
+        // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus
+        // 2^24, which should put up somewhere in the middle of usespace (in the address range
+        // 0x200000000000 .. 0x5fffffffffff).
+        intptr_t randomLocation = arc4random() & ((1 << 25) - 1);
+        randomLocation += (1 << 24);
+        randomLocation <<= 21;
+        m_base = mmap(reinterpret_cast<void*>(randomLocation), m_totalHeapSize, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE | MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
+        if (!m_base)
+            CRASH();
+
+        // For simplicity, we keep all memory in m_freeList in a 'released' state.
+        // This means that we can simply reuse all memory when allocating, without
+        // worrying about it's previous state, and also makes coalescing m_freeList
+        // simpler since we need not worry about the possibility of coalescing released
+        // chunks with non-released ones.
+        release(m_base, m_totalHeapSize);
+        m_freeList.insert(new FreeListEntry(m_base, m_totalHeapSize));
+    }
+
+    void* alloc(size_t size)
+    {
+        void* result;
+
+        // Freed allocations of the common size are not stored back into the main
+        // m_freeList, but are instead stored in a separate vector.  If the request
+        // is for a common sized allocation, check this list.
+        if ((size == m_commonSize) && m_commonSizedAllocations.size()) {
+            result = m_commonSizedAllocations.last();
+            m_commonSizedAllocations.removeLast();
+        } else {
+            // Serach m_freeList for a suitable sized chunk to allocate memory from.
+            FreeListEntry* entry = m_freeList.search(size, m_freeList.GREATER_EQUAL);
+
+            // This would be bad news.
+            if (!entry) {
+                // Errk!  Lets take a last-ditch desparation attempt at defragmentation...
+                coalesceFreeSpace();
+                // Did that free up a large enough chunk?
+                entry = m_freeList.search(size, m_freeList.GREATER_EQUAL);
+                // No?...  *BOOM!*
+                if (!entry)
+                    CRASH();
+            }
+            ASSERT(entry->size != m_commonSize);
+
+            // Remove the entry from m_freeList.  But! -
+            // Each entry in the tree may represent a chain of multiple chunks of the
+            // same size, and we only want to remove one on them.  So, if this entry
+            // does have a chain, just remove the first-but-one item from the chain.
+            if (FreeListEntry* next = entry->nextEntry) {
+                // We're going to leave 'entry' in the tree; remove 'next' from its chain.
+                entry->nextEntry = next->nextEntry;
+                next->nextEntry = 0;
+                entry = next;
+            } else
+                m_freeList.remove(entry->size);
+
+            // Whoo!, we have a result!
+            ASSERT(entry->size >= size);
+            result = entry->pointer;
+
+            // If the allocation exactly fits the chunk we found in the,
+            // m_freeList then the FreeListEntry node is no longer needed.
+            if (entry->size == size)
+                delete entry;
+            else {
+                // There is memory left over, and it is not of the common size.
+                // We can reuse the existing FreeListEntry node to add this back
+                // into m_freeList.
+                entry->pointer = (void*)((intptr_t)entry->pointer + size);
+                entry->size -= size;
+                addToFreeList(entry);
+            }
+        }
+
+        // Call reuse to report to the operating system that this memory is in use.
+        ASSERT(isWithinVMPool(result, size));
+        reuse(result, size);
+        return result;
+    }
+
+    void free(void* pointer, size_t size)
+    {
+        // Call release to report to the operating system that this
+        // memory is no longer in use, and need not be paged out.
+        ASSERT(isWithinVMPool(pointer, size));
+        release(pointer, size);
+
+        // Common-sized allocations are stored in the m_commonSizedAllocations
+        // vector; all other freed chunks are added to m_freeList.
+        if (size == m_commonSize)
+            m_commonSizedAllocations.append(pointer);
+        else
+            addToFreeList(new FreeListEntry(pointer, size));
+
+        // Do some housekeeping.  Every time we reach a point that
+        // 16MB of allocations have been freed, sweep m_freeList
+        // coalescing any neighboring fragments.
+        m_countFreedSinceLastCoalesce += size;
+        if (m_countFreedSinceLastCoalesce >= SIXTEEN_MB) {
+            m_countFreedSinceLastCoalesce = 0;
+            coalesceFreeSpace();
+        }
+    }
+
+private:
+
+#ifndef NDEBUG
+    bool isWithinVMPool(void* pointer, size_t size)
+    {
+        return pointer >= m_base && (reinterpret_cast<char*>(pointer) + size <= reinterpret_cast<char*>(m_base) + m_totalHeapSize);
+    }
+#endif
+
+    // Freed space from the most common sized allocations will be held in this list, ...
+    const size_t m_commonSize;
+    Vector<void*> m_commonSizedAllocations;
+
+    // ... and all other freed allocations are held in m_freeList.
+    SizeSortedFreeTree m_freeList;
+
+    // This is used for housekeeping, to trigger defragmentation of the freed lists.
+    size_t m_countFreedSinceLastCoalesce;
+
+    void* m_base;
+    size_t m_totalHeapSize;
+};
+
+void ExecutableAllocator::intializePageSize()
+{
+    ExecutableAllocator::pageSize = getpagesize();
+}
+
+static FixedVMPoolAllocator* allocator = 0;
+static SpinLock spinlock = SPINLOCK_INITIALIZER;
+
+ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t size)
+{
+  SpinLockHolder lock_holder(&spinlock);
+
+    if (!allocator)
+        allocator = new FixedVMPoolAllocator(JIT_ALLOCATOR_LARGE_ALLOC_SIZE, TWO_GB);
+    ExecutablePool::Allocation alloc = {reinterpret_cast<char*>(allocator->alloc(size)), size};
+    return alloc;
+}
+
+void ExecutablePool::systemRelease(const ExecutablePool::Allocation& allocation) 
+{
+  SpinLockHolder lock_holder(&spinlock);
+
+    ASSERT(allocator);
+    allocator->free(allocation.pages, allocation.size);
+}
+
+}
+
+#endif // HAVE(ASSEMBLER)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
new file mode 100644
index 000000000..13a862678
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "ExecutableAllocator.h"
+
+#if ENABLE(ASSEMBLER)
+
+#include <sys/mman.h>
+#include <unistd.h>
+#include <wtf/VMTags.h>
+
+namespace JSC {
+
+#if !(PLATFORM(MAC) && PLATFORM(X86_64))
+
+void ExecutableAllocator::intializePageSize()
+{
+    ExecutableAllocator::pageSize = getpagesize();
+}
+
+ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t n)
+{
+    void* allocation = mmap(NULL, n, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE | MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
+    if (allocation == MAP_FAILED)
+        CRASH();
+    ExecutablePool::Allocation alloc = { reinterpret_cast<char*>(allocation), n };
+    return alloc;
+}
+
+void ExecutablePool::systemRelease(const ExecutablePool::Allocation& alloc)
+{ 
+    int result = munmap(alloc.pages, alloc.size);
+    ASSERT_UNUSED(result, !result);
+}
+
+#endif // !(PLATFORM(MAC) && PLATFORM(X86_64))
+
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSeting setting)
+{
+    if (!pageSize)
+        intializePageSize();
+
+    // Calculate the start of the page containing this region,
+    // and account for this extra memory within size.
+    intptr_t startPtr = reinterpret_cast<intptr_t>(start);
+    intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
+    void* pageStart = reinterpret_cast<void*>(pageStartPtr);
+    size += (startPtr - pageStartPtr);
+
+    // Round size up
+    size += (pageSize - 1);
+    size &= ~(pageSize - 1);
+
+    mprotect(pageStart, size, (setting == Writable) ? PROTECTION_FLAGS_RW : PROTECTION_FLAGS_RX);
+}
+#endif
+
+}
+
+#endif // HAVE(ASSEMBLER)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
new file mode 100644
index 000000000..e6ac85571
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "ExecutableAllocator.h"
+
+#if ENABLE(ASSEMBLER)
+
+#include "windows.h"
+
+namespace JSC {
+
+void ExecutableAllocator::intializePageSize()
+{
+    SYSTEM_INFO system_info;
+    GetSystemInfo(&system_info);
+    ExecutableAllocator::pageSize = system_info.dwPageSize;
+}
+
+ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t n)
+{
+    void* allocation = VirtualAlloc(0, n, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+    if (!allocation)
+        CRASH();
+    ExecutablePool::Allocation alloc = {reinterpret_cast<char*>(allocation), n};
+    return alloc;
+}
+
+void ExecutablePool::systemRelease(const ExecutablePool::Allocation& alloc)
+{ 
+    VirtualFree(alloc.pages, 0, MEM_RELEASE); 
+}
+
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+#error "ASSEMBLER_WX_EXCLUSIVE not yet suported on this platform."
+#endif
+
+}
+
+#endif // HAVE(ASSEMBLER)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.cpp
new file mode 100644
index 000000000..ea8434ebb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.cpp
@@ -0,0 +1,611 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JIT.h"
+
+// This probably does not belong here; adding here for now as a quick Windows build fix.
+#if ENABLE(ASSEMBLER) && PLATFORM(X86) && !PLATFORM(MAC)
+#include "MacroAssembler.h"
+JSC::MacroAssemblerX86Common::SSE2CheckState JSC::MacroAssemblerX86Common::s_sse2CheckState = NotCheckedSSE2;
+#endif
+
+#if ENABLE(JIT)
+
+#include "CodeBlock.h"
+#include "Interpreter.h"
+#include "JITInlineMethods.h"
+#include "JITStubs.h"
+#include "JITStubCall.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "LinkBuffer.h"
+#include "RepatchBuffer.h"
+#include "ResultType.h"
+#include "SamplingTool.h"
+
+#ifndef NDEBUG
+#include <stdio.h>
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+void ctiPatchNearCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, MacroAssemblerCodePtr newCalleeFunction)
+{
+    RepatchBuffer repatchBuffer(codeblock);
+    repatchBuffer.relinkNearCallerToTrampoline(returnAddress, newCalleeFunction);
+}
+
+void ctiPatchCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, MacroAssemblerCodePtr newCalleeFunction)
+{
+    RepatchBuffer repatchBuffer(codeblock);
+    repatchBuffer.relinkCallerToTrampoline(returnAddress, newCalleeFunction);
+}
+
+void ctiPatchCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, FunctionPtr newCalleeFunction)
+{
+    RepatchBuffer repatchBuffer(codeblock);
+    repatchBuffer.relinkCallerToFunction(returnAddress, newCalleeFunction);
+}
+
+JIT::JIT(JSGlobalData* globalData, CodeBlock* codeBlock)
+    : m_interpreter(globalData->interpreter)
+    , m_globalData(globalData)
+    , m_codeBlock(codeBlock)
+    , m_labels(codeBlock ? codeBlock->instructions().size() : 0)
+    , m_propertyAccessCompilationInfo(codeBlock ? codeBlock->numberOfStructureStubInfos() : 0)
+    , m_callStructureStubCompilationInfo(codeBlock ? codeBlock->numberOfCallLinkInfos() : 0)
+    , m_bytecodeIndex((unsigned)-1)
+#if USE(JSVALUE32_64)
+    , m_jumpTargetIndex(0)
+    , m_mappedBytecodeIndex((unsigned)-1)
+    , m_mappedVirtualRegisterIndex((unsigned)-1)
+    , m_mappedTag((RegisterID)-1)
+    , m_mappedPayload((RegisterID)-1)
+#else
+    , m_lastResultBytecodeRegister(std::numeric_limits<int>::max())
+    , m_jumpTargetsPosition(0)
+#endif
+{
+}
+
+#if USE(JSVALUE32_64)
+void JIT::emitTimeoutCheck()
+{
+    Jump skipTimeout = branchSub32(NonZero, Imm32(1), timeoutCheckRegister);
+    JITStubCall stubCall(this, cti_timeout_check);
+    stubCall.addArgument(regT1, regT0); // save last result registers.
+    stubCall.call(timeoutCheckRegister);
+    stubCall.getArgument(0, regT1, regT0); // reload last result registers.
+    skipTimeout.link(this);
+}
+#else
+void JIT::emitTimeoutCheck()
+{
+    Jump skipTimeout = branchSub32(NonZero, Imm32(1), timeoutCheckRegister);
+    JITStubCall(this, cti_timeout_check).call(timeoutCheckRegister);
+    skipTimeout.link(this);
+
+    killLastResultRegister();
+}
+#endif
+
+#define NEXT_OPCODE(name) \
+    m_bytecodeIndex += OPCODE_LENGTH(name); \
+    break;
+
+#if USE(JSVALUE32_64)
+#define DEFINE_BINARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand); \
+        stubCall.addArgument(currentInstruction[3].u.operand); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+
+#define DEFINE_UNARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+
+#else // USE(JSVALUE32_64)
+
+#define DEFINE_BINARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand, regT2); \
+        stubCall.addArgument(currentInstruction[3].u.operand, regT2); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+
+#define DEFINE_UNARY_OP(name) \
+    case name: { \
+        JITStubCall stubCall(this, cti_##name); \
+        stubCall.addArgument(currentInstruction[2].u.operand, regT2); \
+        stubCall.call(currentInstruction[1].u.operand); \
+        NEXT_OPCODE(name); \
+    }
+#endif // USE(JSVALUE32_64)
+
+#define DEFINE_OP(name) \
+    case name: { \
+        emit_##name(currentInstruction); \
+        NEXT_OPCODE(name); \
+    }
+
+#define DEFINE_SLOWCASE_OP(name) \
+    case name: { \
+        emitSlow_##name(currentInstruction, iter); \
+        NEXT_OPCODE(name); \
+    }
+
+void JIT::privateCompileMainPass()
+{
+    Instruction* instructionsBegin = m_codeBlock->instructions().begin();
+    unsigned instructionCount = m_codeBlock->instructions().size();
+
+    m_propertyAccessInstructionIndex = 0;
+    m_globalResolveInfoIndex = 0;
+    m_callLinkInfoIndex = 0;
+
+    for (m_bytecodeIndex = 0; m_bytecodeIndex < instructionCount; ) {
+        Instruction* currentInstruction = instructionsBegin + m_bytecodeIndex;
+        ASSERT_WITH_MESSAGE(m_interpreter->isOpcode(currentInstruction->u.opcode), "privateCompileMainPass gone bad @ %d", m_bytecodeIndex);
+
+#if ENABLE(OPCODE_SAMPLING)
+        if (m_bytecodeIndex > 0) // Avoid the overhead of sampling op_enter twice.
+            sampleInstruction(currentInstruction);
+#endif
+
+#if !USE(JSVALUE32_64)
+        if (m_labels[m_bytecodeIndex].isUsed())
+            killLastResultRegister();
+#endif
+
+        m_labels[m_bytecodeIndex] = label();
+
+        switch (m_interpreter->getOpcodeID(currentInstruction->u.opcode)) {
+        DEFINE_BINARY_OP(op_del_by_val)
+#if USE(JSVALUE32)
+        DEFINE_BINARY_OP(op_div)
+#endif
+        DEFINE_BINARY_OP(op_in)
+        DEFINE_BINARY_OP(op_less)
+        DEFINE_BINARY_OP(op_lesseq)
+        DEFINE_BINARY_OP(op_urshift)
+        DEFINE_UNARY_OP(op_get_pnames)
+        DEFINE_UNARY_OP(op_is_boolean)
+        DEFINE_UNARY_OP(op_is_function)
+        DEFINE_UNARY_OP(op_is_number)
+        DEFINE_UNARY_OP(op_is_object)
+        DEFINE_UNARY_OP(op_is_string)
+        DEFINE_UNARY_OP(op_is_undefined)
+#if !USE(JSVALUE32_64)
+        DEFINE_UNARY_OP(op_negate)
+#endif
+        DEFINE_UNARY_OP(op_typeof)
+
+        DEFINE_OP(op_add)
+        DEFINE_OP(op_bitand)
+        DEFINE_OP(op_bitnot)
+        DEFINE_OP(op_bitor)
+        DEFINE_OP(op_bitxor)
+        DEFINE_OP(op_call)
+        DEFINE_OP(op_call_eval)
+        DEFINE_OP(op_call_varargs)
+        DEFINE_OP(op_catch)
+        DEFINE_OP(op_construct)
+        DEFINE_OP(op_construct_verify)
+        DEFINE_OP(op_convert_this)
+        DEFINE_OP(op_init_arguments)
+        DEFINE_OP(op_create_arguments)
+        DEFINE_OP(op_debug)
+        DEFINE_OP(op_del_by_id)
+#if !USE(JSVALUE32)
+        DEFINE_OP(op_div)
+#endif
+        DEFINE_OP(op_end)
+        DEFINE_OP(op_enter)
+        DEFINE_OP(op_enter_with_activation)
+        DEFINE_OP(op_eq)
+        DEFINE_OP(op_eq_null)
+        DEFINE_OP(op_get_by_id)
+        DEFINE_OP(op_get_by_val)
+        DEFINE_OP(op_get_global_var)
+        DEFINE_OP(op_get_scoped_var)
+        DEFINE_OP(op_instanceof)
+        DEFINE_OP(op_jeq_null)
+        DEFINE_OP(op_jfalse)
+        DEFINE_OP(op_jmp)
+        DEFINE_OP(op_jmp_scopes)
+        DEFINE_OP(op_jneq_null)
+        DEFINE_OP(op_jneq_ptr)
+        DEFINE_OP(op_jnless)
+        DEFINE_OP(op_jnlesseq)
+        DEFINE_OP(op_jsr)
+        DEFINE_OP(op_jtrue)
+        DEFINE_OP(op_load_varargs)
+        DEFINE_OP(op_loop)
+        DEFINE_OP(op_loop_if_less)
+        DEFINE_OP(op_loop_if_lesseq)
+        DEFINE_OP(op_loop_if_true)
+        DEFINE_OP(op_lshift)
+        DEFINE_OP(op_method_check)
+        DEFINE_OP(op_mod)
+        DEFINE_OP(op_mov)
+        DEFINE_OP(op_mul)
+#if USE(JSVALUE32_64)
+        DEFINE_OP(op_negate)
+#endif
+        DEFINE_OP(op_neq)
+        DEFINE_OP(op_neq_null)
+        DEFINE_OP(op_new_array)
+        DEFINE_OP(op_new_error)
+        DEFINE_OP(op_new_func)
+        DEFINE_OP(op_new_func_exp)
+        DEFINE_OP(op_new_object)
+        DEFINE_OP(op_new_regexp)
+        DEFINE_OP(op_next_pname)
+        DEFINE_OP(op_not)
+        DEFINE_OP(op_nstricteq)
+        DEFINE_OP(op_pop_scope)
+        DEFINE_OP(op_post_dec)
+        DEFINE_OP(op_post_inc)
+        DEFINE_OP(op_pre_dec)
+        DEFINE_OP(op_pre_inc)
+        DEFINE_OP(op_profile_did_call)
+        DEFINE_OP(op_profile_will_call)
+        DEFINE_OP(op_push_new_scope)
+        DEFINE_OP(op_push_scope)
+        DEFINE_OP(op_put_by_id)
+        DEFINE_OP(op_put_by_index)
+        DEFINE_OP(op_put_by_val)
+        DEFINE_OP(op_put_getter)
+        DEFINE_OP(op_put_global_var)
+        DEFINE_OP(op_put_scoped_var)
+        DEFINE_OP(op_put_setter)
+        DEFINE_OP(op_resolve)
+        DEFINE_OP(op_resolve_base)
+        DEFINE_OP(op_resolve_global)
+        DEFINE_OP(op_resolve_skip)
+        DEFINE_OP(op_resolve_with_base)
+        DEFINE_OP(op_ret)
+        DEFINE_OP(op_rshift)
+        DEFINE_OP(op_sret)
+        DEFINE_OP(op_strcat)
+        DEFINE_OP(op_stricteq)
+        DEFINE_OP(op_sub)
+        DEFINE_OP(op_switch_char)
+        DEFINE_OP(op_switch_imm)
+        DEFINE_OP(op_switch_string)
+        DEFINE_OP(op_tear_off_activation)
+        DEFINE_OP(op_tear_off_arguments)
+        DEFINE_OP(op_throw)
+        DEFINE_OP(op_to_jsnumber)
+        DEFINE_OP(op_to_primitive)
+
+        case op_get_array_length:
+        case op_get_by_id_chain:
+        case op_get_by_id_generic:
+        case op_get_by_id_proto:
+        case op_get_by_id_proto_list:
+        case op_get_by_id_self:
+        case op_get_by_id_self_list:
+        case op_get_string_length:
+        case op_put_by_id_generic:
+        case op_put_by_id_replace:
+        case op_put_by_id_transition:
+            ASSERT_NOT_REACHED();
+        }
+    }
+
+    ASSERT(m_propertyAccessInstructionIndex == m_codeBlock->numberOfStructureStubInfos());
+    ASSERT(m_callLinkInfoIndex == m_codeBlock->numberOfCallLinkInfos());
+
+#ifndef NDEBUG
+    // Reset this, in order to guard its use with ASSERTs.
+    m_bytecodeIndex = (unsigned)-1;
+#endif
+}
+
+
+void JIT::privateCompileLinkPass()
+{
+    unsigned jmpTableCount = m_jmpTable.size();
+    for (unsigned i = 0; i < jmpTableCount; ++i)
+        m_jmpTable[i].from.linkTo(m_labels[m_jmpTable[i].toBytecodeIndex], this);
+    m_jmpTable.clear();
+}
+
+void JIT::privateCompileSlowCases()
+{
+    Instruction* instructionsBegin = m_codeBlock->instructions().begin();
+
+    m_propertyAccessInstructionIndex = 0;
+#if USE(JSVALUE32_64)
+    m_globalResolveInfoIndex = 0;
+#endif
+    m_callLinkInfoIndex = 0;
+
+    for (Vector<SlowCaseEntry>::iterator iter = m_slowCases.begin(); iter != m_slowCases.end();) {
+#if !USE(JSVALUE32_64)
+        killLastResultRegister();
+#endif
+
+        m_bytecodeIndex = iter->to;
+#ifndef NDEBUG
+        unsigned firstTo = m_bytecodeIndex;
+#endif
+        Instruction* currentInstruction = instructionsBegin + m_bytecodeIndex;
+
+        switch (m_interpreter->getOpcodeID(currentInstruction->u.opcode)) {
+        DEFINE_SLOWCASE_OP(op_add)
+        DEFINE_SLOWCASE_OP(op_bitand)
+        DEFINE_SLOWCASE_OP(op_bitnot)
+        DEFINE_SLOWCASE_OP(op_bitor)
+        DEFINE_SLOWCASE_OP(op_bitxor)
+        DEFINE_SLOWCASE_OP(op_call)
+        DEFINE_SLOWCASE_OP(op_call_eval)
+        DEFINE_SLOWCASE_OP(op_call_varargs)
+        DEFINE_SLOWCASE_OP(op_construct)
+        DEFINE_SLOWCASE_OP(op_construct_verify)
+        DEFINE_SLOWCASE_OP(op_convert_this)
+#if !USE(JSVALUE32)
+        DEFINE_SLOWCASE_OP(op_div)
+#endif
+        DEFINE_SLOWCASE_OP(op_eq)
+        DEFINE_SLOWCASE_OP(op_get_by_id)
+        DEFINE_SLOWCASE_OP(op_get_by_val)
+        DEFINE_SLOWCASE_OP(op_instanceof)
+        DEFINE_SLOWCASE_OP(op_jfalse)
+        DEFINE_SLOWCASE_OP(op_jnless)
+        DEFINE_SLOWCASE_OP(op_jnlesseq)
+        DEFINE_SLOWCASE_OP(op_jtrue)
+        DEFINE_SLOWCASE_OP(op_loop_if_less)
+        DEFINE_SLOWCASE_OP(op_loop_if_lesseq)
+        DEFINE_SLOWCASE_OP(op_loop_if_true)
+        DEFINE_SLOWCASE_OP(op_lshift)
+        DEFINE_SLOWCASE_OP(op_method_check)
+        DEFINE_SLOWCASE_OP(op_mod)
+        DEFINE_SLOWCASE_OP(op_mul)
+#if USE(JSVALUE32_64)
+        DEFINE_SLOWCASE_OP(op_negate)
+#endif
+        DEFINE_SLOWCASE_OP(op_neq)
+        DEFINE_SLOWCASE_OP(op_not)
+        DEFINE_SLOWCASE_OP(op_nstricteq)
+        DEFINE_SLOWCASE_OP(op_post_dec)
+        DEFINE_SLOWCASE_OP(op_post_inc)
+        DEFINE_SLOWCASE_OP(op_pre_dec)
+        DEFINE_SLOWCASE_OP(op_pre_inc)
+        DEFINE_SLOWCASE_OP(op_put_by_id)
+        DEFINE_SLOWCASE_OP(op_put_by_val)
+#if USE(JSVALUE32_64)
+        DEFINE_SLOWCASE_OP(op_resolve_global)
+#endif
+        DEFINE_SLOWCASE_OP(op_rshift)
+        DEFINE_SLOWCASE_OP(op_stricteq)
+        DEFINE_SLOWCASE_OP(op_sub)
+        DEFINE_SLOWCASE_OP(op_to_jsnumber)
+        DEFINE_SLOWCASE_OP(op_to_primitive)
+        default:
+            ASSERT_NOT_REACHED();
+        }
+
+        ASSERT_WITH_MESSAGE(iter == m_slowCases.end() || firstTo != iter->to,"Not enough jumps linked in slow case codegen.");
+        ASSERT_WITH_MESSAGE(firstTo == (iter - 1)->to, "Too many jumps linked in slow case codegen.");
+
+        emitJumpSlowToHot(jump(), 0);
+    }
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    ASSERT(m_propertyAccessInstructionIndex == m_codeBlock->numberOfStructureStubInfos());
+#endif
+    ASSERT(m_callLinkInfoIndex == m_codeBlock->numberOfCallLinkInfos());
+
+#ifndef NDEBUG
+    // Reset this, in order to guard its use with ASSERTs.
+    m_bytecodeIndex = (unsigned)-1;
+#endif
+}
+
+JITCode JIT::privateCompile()
+{
+    sampleCodeBlock(m_codeBlock);
+#if ENABLE(OPCODE_SAMPLING)
+    sampleInstruction(m_codeBlock->instructions().begin());
+#endif
+
+    // Could use a pop_m, but would need to offset the following instruction if so.
+    preserveReturnAddressAfterCall(regT2);
+    emitPutToCallFrameHeader(regT2, RegisterFile::ReturnPC);
+
+    Jump slowRegisterFileCheck;
+    Label afterRegisterFileCheck;
+    if (m_codeBlock->codeType() == FunctionCode) {
+        // In the case of a fast linked call, we do not set this up in the caller.
+        emitPutImmediateToCallFrameHeader(m_codeBlock, RegisterFile::CodeBlock);
+
+        peek(regT0, OBJECT_OFFSETOF(JITStackFrame, registerFile) / sizeof (void*));
+        addPtr(Imm32(m_codeBlock->m_numCalleeRegisters * sizeof(Register)), callFrameRegister, regT1);
+
+        slowRegisterFileCheck = branchPtr(Above, regT1, Address(regT0, OBJECT_OFFSETOF(RegisterFile, m_end)));
+        afterRegisterFileCheck = label();
+    }
+
+    privateCompileMainPass();
+    privateCompileLinkPass();
+    privateCompileSlowCases();
+
+    if (m_codeBlock->codeType() == FunctionCode) {
+        slowRegisterFileCheck.link(this);
+        m_bytecodeIndex = 0;
+        JITStubCall(this, cti_register_file_check).call();
+#ifndef NDEBUG
+        m_bytecodeIndex = (unsigned)-1; // Reset this, in order to guard its use with ASSERTs.
+#endif
+        jump(afterRegisterFileCheck);
+    }
+
+    ASSERT(m_jmpTable.isEmpty());
+
+    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
+
+    // Translate vPC offsets into addresses in JIT generated code, for switch tables.
+    for (unsigned i = 0; i < m_switches.size(); ++i) {
+        SwitchRecord record = m_switches[i];
+        unsigned bytecodeIndex = record.bytecodeIndex;
+
+        if (record.type != SwitchRecord::String) {
+            ASSERT(record.type == SwitchRecord::Immediate || record.type == SwitchRecord::Character); 
+            ASSERT(record.jumpTable.simpleJumpTable->branchOffsets.size() == record.jumpTable.simpleJumpTable->ctiOffsets.size());
+
+            record.jumpTable.simpleJumpTable->ctiDefault = patchBuffer.locationOf(m_labels[bytecodeIndex + 3 + record.defaultOffset]);
+
+            for (unsigned j = 0; j < record.jumpTable.simpleJumpTable->branchOffsets.size(); ++j) {
+                unsigned offset = record.jumpTable.simpleJumpTable->branchOffsets[j];
+                record.jumpTable.simpleJumpTable->ctiOffsets[j] = offset ? patchBuffer.locationOf(m_labels[bytecodeIndex + 3 + offset]) : record.jumpTable.simpleJumpTable->ctiDefault;
+            }
+        } else {
+            ASSERT(record.type == SwitchRecord::String);
+
+            record.jumpTable.stringJumpTable->ctiDefault = patchBuffer.locationOf(m_labels[bytecodeIndex + 3 + record.defaultOffset]);
+
+            StringJumpTable::StringOffsetTable::iterator end = record.jumpTable.stringJumpTable->offsetTable.end();            
+            for (StringJumpTable::StringOffsetTable::iterator it = record.jumpTable.stringJumpTable->offsetTable.begin(); it != end; ++it) {
+                unsigned offset = it->second.branchOffset;
+                it->second.ctiOffset = offset ? patchBuffer.locationOf(m_labels[bytecodeIndex + 3 + offset]) : record.jumpTable.stringJumpTable->ctiDefault;
+            }
+        }
+    }
+
+    for (size_t i = 0; i < m_codeBlock->numberOfExceptionHandlers(); ++i) {
+        HandlerInfo& handler = m_codeBlock->exceptionHandler(i);
+        handler.nativeCode = patchBuffer.locationOf(m_labels[handler.target]);
+    }
+
+    for (Vector<CallRecord>::iterator iter = m_calls.begin(); iter != m_calls.end(); ++iter) {
+        if (iter->to)
+            patchBuffer.link(iter->from, FunctionPtr(iter->to));
+    }
+
+    if (m_codeBlock->hasExceptionInfo()) {
+        m_codeBlock->callReturnIndexVector().reserveCapacity(m_calls.size());
+        for (Vector<CallRecord>::iterator iter = m_calls.begin(); iter != m_calls.end(); ++iter)
+            m_codeBlock->callReturnIndexVector().append(CallReturnOffsetToBytecodeIndex(patchBuffer.returnAddressOffset(iter->from), iter->bytecodeIndex));
+    }
+
+    // Link absolute addresses for jsr
+    for (Vector<JSRInfo>::iterator iter = m_jsrSites.begin(); iter != m_jsrSites.end(); ++iter)
+        patchBuffer.patch(iter->storeLocation, patchBuffer.locationOf(iter->target).executableAddress());
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    for (unsigned i = 0; i < m_codeBlock->numberOfStructureStubInfos(); ++i) {
+        StructureStubInfo& info = m_codeBlock->structureStubInfo(i);
+        info.callReturnLocation = patchBuffer.locationOf(m_propertyAccessCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = patchBuffer.locationOf(m_propertyAccessCompilationInfo[i].hotPathBegin);
+    }
+#endif
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    for (unsigned i = 0; i < m_codeBlock->numberOfCallLinkInfos(); ++i) {
+        CallLinkInfo& info = m_codeBlock->callLinkInfo(i);
+        info.ownerCodeBlock = m_codeBlock;
+        info.callReturnLocation = patchBuffer.locationOfNearCall(m_callStructureStubCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = patchBuffer.locationOf(m_callStructureStubCompilationInfo[i].hotPathBegin);
+        info.hotPathOther = patchBuffer.locationOfNearCall(m_callStructureStubCompilationInfo[i].hotPathOther);
+    }
+#endif
+    unsigned methodCallCount = m_methodCallCompilationInfo.size();
+    m_codeBlock->addMethodCallLinkInfos(methodCallCount);
+    for (unsigned i = 0; i < methodCallCount; ++i) {
+        MethodCallLinkInfo& info = m_codeBlock->methodCallLinkInfo(i);
+        info.structureLabel = patchBuffer.locationOf(m_methodCallCompilationInfo[i].structureToCompare);
+        info.callReturnLocation = m_codeBlock->structureStubInfo(m_methodCallCompilationInfo[i].propertyAccessIndex).callReturnLocation;
+    }
+
+    return patchBuffer.finalizeCode();
+}
+
+#if !USE(JSVALUE32_64)
+void JIT::emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst)
+{
+    loadPtr(Address(variableObject, OBJECT_OFFSETOF(JSVariableObject, d)), dst);
+    loadPtr(Address(dst, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), dst);
+    loadPtr(Address(dst, index * sizeof(Register)), dst);
+}
+
+void JIT::emitPutVariableObjectRegister(RegisterID src, RegisterID variableObject, int index)
+{
+    loadPtr(Address(variableObject, OBJECT_OFFSETOF(JSVariableObject, d)), variableObject);
+    loadPtr(Address(variableObject, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), variableObject);
+    storePtr(src, Address(variableObject, index * sizeof(Register)));
+}
+#endif
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+void JIT::unlinkCall(CallLinkInfo* callLinkInfo)
+{
+    // When the JSFunction is deleted the pointer embedded in the instruction stream will no longer be valid
+    // (and, if a new JSFunction happened to be constructed at the same location, we could get a false positive
+    // match).  Reset the check so it no longer matches.
+    RepatchBuffer repatchBuffer(callLinkInfo->ownerCodeBlock.get());
+#if USE(JSVALUE32_64)
+    repatchBuffer.repatch(callLinkInfo->hotPathBegin, 0);
+#else
+    repatchBuffer.repatch(callLinkInfo->hotPathBegin, JSValue::encode(JSValue()));
+#endif
+}
+
+void JIT::linkCall(JSFunction* callee, CodeBlock* callerCodeBlock, CodeBlock* calleeCodeBlock, JITCode& code, CallLinkInfo* callLinkInfo, int callerArgCount, JSGlobalData* globalData)
+{
+    RepatchBuffer repatchBuffer(callerCodeBlock);
+
+    // Currently we only link calls with the exact number of arguments.
+    // If this is a native call calleeCodeBlock is null so the number of parameters is unimportant
+    if (!calleeCodeBlock || (callerArgCount == calleeCodeBlock->m_numParameters)) {
+        ASSERT(!callLinkInfo->isLinked());
+    
+        if (calleeCodeBlock)
+            calleeCodeBlock->addCaller(callLinkInfo);
+    
+        repatchBuffer.repatch(callLinkInfo->hotPathBegin, callee);
+        repatchBuffer.relink(callLinkInfo->hotPathOther, code.addressForCall());
+    }
+
+    // patch the call so we do not continue to try to link.
+    repatchBuffer.relink(callLinkInfo->callReturnLocation, globalData->jitStubs.ctiVirtualCall());
+}
+#endif // ENABLE(JIT_OPTIMIZE_CALL)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.h
new file mode 100644
index 000000000..fcbc45e10
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JIT.h
@@ -0,0 +1,910 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JIT_h
+#define JIT_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(JIT)
+
+// We've run into some problems where changing the size of the class JIT leads to
+// performance fluctuations.  Try forcing alignment in an attempt to stabalize this.
+#if COMPILER(GCC)
+#define JIT_CLASS_ALIGNMENT __attribute__ ((aligned (32)))
+#else
+#define JIT_CLASS_ALIGNMENT
+#endif
+
+#include "CodeBlock.h"
+#include "Interpreter.h"
+#include "JITCode.h"
+#include "JITStubs.h"
+#include "Opcode.h"
+#include "RegisterFile.h"
+#include "MacroAssembler.h"
+#include "Profiler.h"
+#include <bytecode/SamplingTool.h>
+#include <wtf/AlwaysInline.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    class CodeBlock;
+    class JIT;
+    class JSPropertyNameIterator;
+    class Interpreter;
+    class Register;
+    class RegisterFile;
+    class ScopeChainNode;
+    class StructureChain;
+
+    struct CallLinkInfo;
+    struct Instruction;
+    struct OperandTypes;
+    struct PolymorphicAccessStructureList;
+    struct SimpleJumpTable;
+    struct StringJumpTable;
+    struct StructureStubInfo;
+
+    struct CallRecord {
+        MacroAssembler::Call from;
+        unsigned bytecodeIndex;
+        void* to;
+
+        CallRecord()
+        {
+        }
+
+        CallRecord(MacroAssembler::Call from, unsigned bytecodeIndex, void* to = 0)
+            : from(from)
+            , bytecodeIndex(bytecodeIndex)
+            , to(to)
+        {
+        }
+    };
+
+    struct JumpTable {
+        MacroAssembler::Jump from;
+        unsigned toBytecodeIndex;
+
+        JumpTable(MacroAssembler::Jump f, unsigned t)
+            : from(f)
+            , toBytecodeIndex(t)
+        {
+        }
+    };
+
+    struct SlowCaseEntry {
+        MacroAssembler::Jump from;
+        unsigned to;
+        unsigned hint;
+        
+        SlowCaseEntry(MacroAssembler::Jump f, unsigned t, unsigned h = 0)
+            : from(f)
+            , to(t)
+            , hint(h)
+        {
+        }
+    };
+
+    struct SwitchRecord {
+        enum Type {
+            Immediate,
+            Character,
+            String
+        };
+
+        Type type;
+
+        union {
+            SimpleJumpTable* simpleJumpTable;
+            StringJumpTable* stringJumpTable;
+        } jumpTable;
+
+        unsigned bytecodeIndex;
+        unsigned defaultOffset;
+
+        SwitchRecord(SimpleJumpTable* jumpTable, unsigned bytecodeIndex, unsigned defaultOffset, Type type)
+            : type(type)
+            , bytecodeIndex(bytecodeIndex)
+            , defaultOffset(defaultOffset)
+        {
+            this->jumpTable.simpleJumpTable = jumpTable;
+        }
+
+        SwitchRecord(StringJumpTable* jumpTable, unsigned bytecodeIndex, unsigned defaultOffset)
+            : type(String)
+            , bytecodeIndex(bytecodeIndex)
+            , defaultOffset(defaultOffset)
+        {
+            this->jumpTable.stringJumpTable = jumpTable;
+        }
+    };
+
+    struct PropertyStubCompilationInfo {
+        MacroAssembler::Call callReturnLocation;
+        MacroAssembler::Label hotPathBegin;
+    };
+
+    struct StructureStubCompilationInfo {
+        MacroAssembler::DataLabelPtr hotPathBegin;
+        MacroAssembler::Call hotPathOther;
+        MacroAssembler::Call callReturnLocation;
+    };
+
+    struct MethodCallCompilationInfo {
+        MethodCallCompilationInfo(unsigned propertyAccessIndex)
+            : propertyAccessIndex(propertyAccessIndex)
+        {
+        }
+
+        MacroAssembler::DataLabelPtr structureToCompare;
+        unsigned propertyAccessIndex;
+    };
+
+    // Near calls can only be patched to other JIT code, regular calls can be patched to JIT code or relinked to stub functions.
+    void ctiPatchNearCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, MacroAssemblerCodePtr newCalleeFunction);
+    void ctiPatchCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, MacroAssemblerCodePtr newCalleeFunction);
+    void ctiPatchCallByReturnAddress(CodeBlock* codeblock, ReturnAddressPtr returnAddress, FunctionPtr newCalleeFunction);
+
+    class JIT : private MacroAssembler {
+        friend class JITStubCall;
+
+        using MacroAssembler::Jump;
+        using MacroAssembler::JumpList;
+        using MacroAssembler::Label;
+
+        // NOTES:
+        //
+        // regT0 has two special meanings.  The return value from a stub
+        // call will always be in regT0, and by default (unless
+        // a register is specified) emitPutVirtualRegister() will store
+        // the value from regT0.
+        //
+        // regT3 is required to be callee-preserved.
+        //
+        // tempRegister2 is has no such dependencies.  It is important that
+        // on x86/x86-64 it is ecx for performance reasons, since the
+        // MacroAssembler will need to plant register swaps if it is not -
+        // however the code will still function correctly.
+#if PLATFORM(X86_64)
+        static const RegisterID returnValueRegister = X86Registers::eax;
+        static const RegisterID cachedResultRegister = X86Registers::eax;
+        static const RegisterID firstArgumentRegister = X86Registers::edi;
+
+        static const RegisterID timeoutCheckRegister = X86Registers::r12;
+        static const RegisterID callFrameRegister = X86Registers::r13;
+        static const RegisterID tagTypeNumberRegister = X86Registers::r14;
+        static const RegisterID tagMaskRegister = X86Registers::r15;
+
+        static const RegisterID regT0 = X86Registers::eax;
+        static const RegisterID regT1 = X86Registers::edx;
+        static const RegisterID regT2 = X86Registers::ecx;
+        static const RegisterID regT3 = X86Registers::ebx;
+
+        static const FPRegisterID fpRegT0 = X86Registers::xmm0;
+        static const FPRegisterID fpRegT1 = X86Registers::xmm1;
+        static const FPRegisterID fpRegT2 = X86Registers::xmm2;
+#elif PLATFORM(X86)
+        static const RegisterID returnValueRegister = X86Registers::eax;
+        static const RegisterID cachedResultRegister = X86Registers::eax;
+        // On x86 we always use fastcall conventions = but on
+        // OS X if might make more sense to just use regparm.
+        static const RegisterID firstArgumentRegister = X86Registers::ecx;
+
+        static const RegisterID timeoutCheckRegister = X86Registers::esi;
+        static const RegisterID callFrameRegister = X86Registers::edi;
+
+        static const RegisterID regT0 = X86Registers::eax;
+        static const RegisterID regT1 = X86Registers::edx;
+        static const RegisterID regT2 = X86Registers::ecx;
+        static const RegisterID regT3 = X86Registers::ebx;
+
+        static const FPRegisterID fpRegT0 = X86Registers::xmm0;
+        static const FPRegisterID fpRegT1 = X86Registers::xmm1;
+        static const FPRegisterID fpRegT2 = X86Registers::xmm2;
+#elif PLATFORM(ARM_THUMB2)
+        static const RegisterID returnValueRegister = ARMRegisters::r0;
+        static const RegisterID cachedResultRegister = ARMRegisters::r0;
+        static const RegisterID firstArgumentRegister = ARMRegisters::r0;
+
+        static const RegisterID regT0 = ARMRegisters::r0;
+        static const RegisterID regT1 = ARMRegisters::r1;
+        static const RegisterID regT2 = ARMRegisters::r2;
+        static const RegisterID regT3 = ARMRegisters::r4;
+
+        static const RegisterID callFrameRegister = ARMRegisters::r5;
+        static const RegisterID timeoutCheckRegister = ARMRegisters::r6;
+
+        static const FPRegisterID fpRegT0 = ARMRegisters::d0;
+        static const FPRegisterID fpRegT1 = ARMRegisters::d1;
+        static const FPRegisterID fpRegT2 = ARMRegisters::d2;
+#elif PLATFORM(ARM_TRADITIONAL)
+        static const RegisterID returnValueRegister = ARMRegisters::r0;
+        static const RegisterID cachedResultRegister = ARMRegisters::r0;
+        static const RegisterID firstArgumentRegister = ARMRegisters::r0;
+
+        static const RegisterID timeoutCheckRegister = ARMRegisters::r5;
+        static const RegisterID callFrameRegister = ARMRegisters::r4;
+        static const RegisterID ctiReturnRegister = ARMRegisters::r6;
+
+        static const RegisterID regT0 = ARMRegisters::r0;
+        static const RegisterID regT1 = ARMRegisters::r1;
+        static const RegisterID regT2 = ARMRegisters::r2;
+        // Callee preserved
+        static const RegisterID regT3 = ARMRegisters::r7;
+
+        static const RegisterID regS0 = ARMRegisters::S0;
+        // Callee preserved
+        static const RegisterID regS1 = ARMRegisters::S1;
+
+        static const RegisterID regStackPtr = ARMRegisters::sp;
+        static const RegisterID regLink = ARMRegisters::lr;
+
+        static const FPRegisterID fpRegT0 = ARMRegisters::d0;
+        static const FPRegisterID fpRegT1 = ARMRegisters::d1;
+        static const FPRegisterID fpRegT2 = ARMRegisters::d2;
+#else
+    #error "JIT not supported on this platform."
+#endif
+
+        static const int patchGetByIdDefaultStructure = -1;
+        // Magic number - initial offset cannot be representable as a signed 8bit value, or the X86Assembler
+        // will compress the displacement, and we may not be able to fit a patched offset.
+        static const int patchGetByIdDefaultOffset = 256;
+
+    public:
+        static JITCode compile(JSGlobalData* globalData, CodeBlock* codeBlock)
+        {
+            return JIT(globalData, codeBlock).privateCompile();
+        }
+
+        static void compileGetByIdProto(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdProto(stubInfo, structure, prototypeStructure, cachedOffset, returnAddress, callFrame);
+        }
+
+        static void compileGetByIdSelfList(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdSelfList(stubInfo, polymorphicStructures, currentIndex, structure, cachedOffset);
+        }
+        static void compileGetByIdProtoList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdProtoList(stubInfo, prototypeStructureList, currentIndex, structure, prototypeStructure, cachedOffset, callFrame);
+        }
+        static void compileGetByIdChainList(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructureList, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdChainList(stubInfo, prototypeStructureList, currentIndex, structure, chain, count, cachedOffset, callFrame);
+        }
+
+        static void compileGetByIdChain(JSGlobalData* globalData, CallFrame* callFrame, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompileGetByIdChain(stubInfo, structure, chain, count, cachedOffset, returnAddress, callFrame);
+        }
+        
+        static void compilePutByIdTransition(JSGlobalData* globalData, CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            jit.privateCompilePutByIdTransition(stubInfo, oldStructure, newStructure, cachedOffset, chain, returnAddress);
+        }
+
+        static void compileCTIMachineTrampolines(JSGlobalData* globalData, RefPtr<ExecutablePool>* executablePool, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+        {
+            JIT jit(globalData);
+            jit.privateCompileCTIMachineTrampolines(executablePool, globalData, ctiStringLengthTrampoline, ctiVirtualCallLink, ctiVirtualCall, ctiNativeCallThunk);
+        }
+
+        static void patchGetByIdSelf(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
+        static void patchPutByIdReplace(CodeBlock* codeblock, StructureStubInfo*, Structure*, size_t cachedOffset, ReturnAddressPtr returnAddress);
+        static void patchMethodCallProto(CodeBlock* codeblock, MethodCallLinkInfo&, JSFunction*, Structure*, JSObject*, ReturnAddressPtr);
+
+        static void compilePatchGetArrayLength(JSGlobalData* globalData, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
+        {
+            JIT jit(globalData, codeBlock);
+            return jit.privateCompilePatchGetArrayLength(returnAddress);
+        }
+
+        static void linkCall(JSFunction* callee, CodeBlock* callerCodeBlock, CodeBlock* calleeCodeBlock, JITCode&, CallLinkInfo*, int callerArgCount, JSGlobalData*);
+        static void unlinkCall(CallLinkInfo*);
+
+    private:
+        struct JSRInfo {
+            DataLabelPtr storeLocation;
+            Label target;
+
+            JSRInfo(DataLabelPtr storeLocation, Label targetLocation)
+                : storeLocation(storeLocation)
+                , target(targetLocation)
+            {
+            }
+        };
+
+        JIT(JSGlobalData*, CodeBlock* = 0);
+
+        void privateCompileMainPass();
+        void privateCompileLinkPass();
+        void privateCompileSlowCases();
+        JITCode privateCompile();
+        void privateCompileGetByIdProto(StructureStubInfo*, Structure*, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
+        void privateCompileGetByIdSelfList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, size_t cachedOffset);
+        void privateCompileGetByIdProtoList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame);
+        void privateCompileGetByIdChainList(StructureStubInfo*, PolymorphicAccessStructureList*, int, Structure*, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame);
+        void privateCompileGetByIdChain(StructureStubInfo*, Structure*, StructureChain*, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame);
+        void privateCompilePutByIdTransition(StructureStubInfo*, Structure*, Structure*, size_t cachedOffset, StructureChain*, ReturnAddressPtr returnAddress);
+
+        void privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* data, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk);
+        void privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress);
+
+        void addSlowCase(Jump);
+        void addSlowCase(JumpList);
+        void addJump(Jump, int);
+        void emitJumpSlowToHot(Jump, int);
+
+        void compileOpCall(OpcodeID, Instruction* instruction, unsigned callLinkInfoIndex);
+        void compileOpCallVarargs(Instruction* instruction);
+        void compileOpCallInitializeCallFrame();
+        void compileOpCallSetupArgs(Instruction*);
+        void compileOpCallVarargsSetupArgs(Instruction*);
+        void compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID);
+        void compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter);
+        void compileOpConstructSetupArgs(Instruction*);
+
+        enum CompileOpStrictEqType { OpStrictEq, OpNStrictEq };
+        void compileOpStrictEq(Instruction* instruction, CompileOpStrictEqType type);
+        bool isOperandConstantImmediateDouble(unsigned src);
+        
+        void emitLoadDouble(unsigned index, FPRegisterID value);
+        void emitLoadInt32ToDouble(unsigned index, FPRegisterID value);
+
+        Address addressFor(unsigned index, RegisterID base = callFrameRegister);
+
+#if USE(JSVALUE32_64)
+        Address tagFor(unsigned index, RegisterID base = callFrameRegister);
+        Address payloadFor(unsigned index, RegisterID base = callFrameRegister);
+
+        bool getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant);
+
+        void emitLoadTag(unsigned index, RegisterID tag);
+        void emitLoadPayload(unsigned index, RegisterID payload);
+
+        void emitLoad(const JSValue& v, RegisterID tag, RegisterID payload);
+        void emitLoad(unsigned index, RegisterID tag, RegisterID payload, RegisterID base = callFrameRegister);
+        void emitLoad2(unsigned index1, RegisterID tag1, RegisterID payload1, unsigned index2, RegisterID tag2, RegisterID payload2);
+
+        void emitStore(unsigned index, RegisterID tag, RegisterID payload, RegisterID base = callFrameRegister);
+        void emitStore(unsigned index, const JSValue constant, RegisterID base = callFrameRegister);
+        void emitStoreInt32(unsigned index, RegisterID payload, bool indexIsInt32 = false);
+        void emitStoreInt32(unsigned index, Imm32 payload, bool indexIsInt32 = false);
+        void emitStoreCell(unsigned index, RegisterID payload, bool indexIsCell = false);
+        void emitStoreBool(unsigned index, RegisterID tag, bool indexIsBool = false);
+        void emitStoreDouble(unsigned index, FPRegisterID value);
+
+        bool isLabeled(unsigned bytecodeIndex);
+        void map(unsigned bytecodeIndex, unsigned virtualRegisterIndex, RegisterID tag, RegisterID payload);
+        void unmap(RegisterID);
+        void unmap();
+        bool isMapped(unsigned virtualRegisterIndex);
+        bool getMappedPayload(unsigned virtualRegisterIndex, RegisterID& payload);
+        bool getMappedTag(unsigned virtualRegisterIndex, RegisterID& tag);
+
+        void emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex);
+        void emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex, RegisterID tag);
+        void linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator&, unsigned virtualRegisterIndex);
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+        void compileGetByIdHotPath();
+        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck = false);
+#endif
+        void compileGetDirectOffset(RegisterID base, RegisterID resultTag, RegisterID resultPayload, Structure* structure, size_t cachedOffset);
+        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID resultTag, RegisterID resultPayload, size_t cachedOffset);
+        void compilePutDirectOffset(RegisterID base, RegisterID valueTag, RegisterID valuePayload, Structure* structure, size_t cachedOffset);
+
+        // Arithmetic opcode helpers
+        void emitAdd32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType);
+        void emitSub32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType);
+        void emitBinaryDoubleOp(OpcodeID, unsigned dst, unsigned op1, unsigned op2, OperandTypes, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters = true, bool op2IsInRegisters = true);
+
+#if PLATFORM(X86)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 7;
+        static const int patchOffsetPutByIdExternalLoad = 13;
+        static const int patchLengthPutByIdExternalLoad = 3;
+        static const int patchOffsetPutByIdPropertyMapOffset1 = 22;
+        static const int patchOffsetPutByIdPropertyMapOffset2 = 28;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 7;
+        static const int patchOffsetGetByIdBranchToSlowCase = 13;
+        static const int patchOffsetGetByIdExternalLoad = 13;
+        static const int patchLengthGetByIdExternalLoad = 3;
+        static const int patchOffsetGetByIdPropertyMapOffset1 = 22;
+        static const int patchOffsetGetByIdPropertyMapOffset2 = 28;
+        static const int patchOffsetGetByIdPutResult = 28;
+#if ENABLE(OPCODE_SAMPLING) && USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 35;
+#elif ENABLE(OPCODE_SAMPLING)
+        static const int patchOffsetGetByIdSlowCaseCall = 37;
+#elif USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 25;
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 27;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 6;
+
+        static const int patchOffsetMethodCheckProtoObj = 11;
+        static const int patchOffsetMethodCheckProtoStruct = 18;
+        static const int patchOffsetMethodCheckPutFunction = 29;
+#else
+#error "JSVALUE32_64 not supported on this platform."
+#endif
+
+#else // USE(JSVALUE32_64)
+        void emitGetVirtualRegister(int src, RegisterID dst);
+        void emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2);
+        void emitPutVirtualRegister(unsigned dst, RegisterID from = regT0);
+
+        int32_t getConstantOperandImmediateInt(unsigned src);
+
+        void emitGetVariableObjectRegister(RegisterID variableObject, int index, RegisterID dst);
+        void emitPutVariableObjectRegister(RegisterID src, RegisterID variableObject, int index);
+        
+        void killLastResultRegister();
+
+        Jump emitJumpIfJSCell(RegisterID);
+        Jump emitJumpIfBothJSCells(RegisterID, RegisterID, RegisterID);
+        void emitJumpSlowCaseIfJSCell(RegisterID);
+        Jump emitJumpIfNotJSCell(RegisterID);
+        void emitJumpSlowCaseIfNotJSCell(RegisterID);
+        void emitJumpSlowCaseIfNotJSCell(RegisterID, int VReg);
+#if USE(JSVALUE64)
+        JIT::Jump emitJumpIfImmediateNumber(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID);
+#else
+        JIT::Jump emitJumpIfImmediateNumber(RegisterID reg)
+        {
+            return emitJumpIfImmediateInteger(reg);
+        }
+        
+        JIT::Jump emitJumpIfNotImmediateNumber(RegisterID reg)
+        {
+            return emitJumpIfNotImmediateInteger(reg);
+        }
+#endif
+        JIT::Jump emitJumpIfImmediateInteger(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateInteger(RegisterID);
+        JIT::Jump emitJumpIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
+        void emitJumpSlowCaseIfNotImmediateInteger(RegisterID);
+        void emitJumpSlowCaseIfNotImmediateNumber(RegisterID);
+        void emitJumpSlowCaseIfNotImmediateIntegers(RegisterID, RegisterID, RegisterID);
+
+#if !USE(JSVALUE64)
+        void emitFastArithDeTagImmediate(RegisterID);
+        Jump emitFastArithDeTagImmediateJumpIfZero(RegisterID);
+#endif
+        void emitFastArithReTagImmediate(RegisterID src, RegisterID dest);
+        void emitFastArithImmToInt(RegisterID);
+        void emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest);
+
+        void emitTagAsBoolImmediate(RegisterID reg);
+        void compileBinaryArithOp(OpcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes opi);
+#if USE(JSVALUE64)
+        void compileBinaryArithOpSlowCase(OpcodeID, Vector<SlowCaseEntry>::iterator&, unsigned dst, unsigned src1, unsigned src2, OperandTypes, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase);
+#else
+        void compileBinaryArithOpSlowCase(OpcodeID, Vector<SlowCaseEntry>::iterator&, unsigned dst, unsigned src1, unsigned src2, OperandTypes);
+#endif
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+        void compileGetByIdHotPath(int resultVReg, int baseVReg, Identifier* ident, unsigned propertyAccessInstructionIndex);
+        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck = false);
+#endif
+        void compileGetDirectOffset(RegisterID base, RegisterID result, Structure* structure, size_t cachedOffset);
+        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset);
+        void compilePutDirectOffset(RegisterID base, RegisterID value, Structure* structure, size_t cachedOffset);
+
+#if PLATFORM(X86_64)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 10;
+        static const int patchOffsetPutByIdExternalLoad = 20;
+        static const int patchLengthPutByIdExternalLoad = 4;
+        static const int patchOffsetPutByIdPropertyMapOffset = 31;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 10;
+        static const int patchOffsetGetByIdBranchToSlowCase = 20;
+        static const int patchOffsetGetByIdExternalLoad = 20;
+        static const int patchLengthGetByIdExternalLoad = 4;
+        static const int patchOffsetGetByIdPropertyMapOffset = 31;
+        static const int patchOffsetGetByIdPutResult = 31;
+#if ENABLE(OPCODE_SAMPLING)
+        static const int patchOffsetGetByIdSlowCaseCall = 63;
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 41;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 9;
+
+        static const int patchOffsetMethodCheckProtoObj = 20;
+        static const int patchOffsetMethodCheckProtoStruct = 30;
+        static const int patchOffsetMethodCheckPutFunction = 50;
+#elif PLATFORM(X86)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 7;
+        static const int patchOffsetPutByIdExternalLoad = 13;
+        static const int patchLengthPutByIdExternalLoad = 3;
+        static const int patchOffsetPutByIdPropertyMapOffset = 22;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 7;
+        static const int patchOffsetGetByIdBranchToSlowCase = 13;
+        static const int patchOffsetGetByIdExternalLoad = 13;
+        static const int patchLengthGetByIdExternalLoad = 3;
+        static const int patchOffsetGetByIdPropertyMapOffset = 22;
+        static const int patchOffsetGetByIdPutResult = 22;
+#if ENABLE(OPCODE_SAMPLING) && USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 31;
+#elif ENABLE(OPCODE_SAMPLING)
+        static const int patchOffsetGetByIdSlowCaseCall = 33;
+#elif USE(JIT_STUB_ARGUMENT_VA_LIST)
+        static const int patchOffsetGetByIdSlowCaseCall = 21;
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 23;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 6;
+
+        static const int patchOffsetMethodCheckProtoObj = 11;
+        static const int patchOffsetMethodCheckProtoStruct = 18;
+        static const int patchOffsetMethodCheckPutFunction = 29;
+#elif PLATFORM(ARM_THUMB2)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 10;
+        static const int patchOffsetPutByIdExternalLoad = 20;
+        static const int patchLengthPutByIdExternalLoad = 12;
+        static const int patchOffsetPutByIdPropertyMapOffset = 40;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 10;
+        static const int patchOffsetGetByIdBranchToSlowCase = 20;
+        static const int patchOffsetGetByIdExternalLoad = 20;
+        static const int patchLengthGetByIdExternalLoad = 12;
+        static const int patchOffsetGetByIdPropertyMapOffset = 40;
+        static const int patchOffsetGetByIdPutResult = 44;
+#if ENABLE(OPCODE_SAMPLING)
+        static const int patchOffsetGetByIdSlowCaseCall = 0; // FIMXE
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 28;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 10;
+
+        static const int patchOffsetMethodCheckProtoObj = 18;
+        static const int patchOffsetMethodCheckProtoStruct = 28;
+        static const int patchOffsetMethodCheckPutFunction = 46;
+#elif PLATFORM(ARM_TRADITIONAL)
+        // These architecture specific value are used to enable patching - see comment on op_put_by_id.
+        static const int patchOffsetPutByIdStructure = 4;
+        static const int patchOffsetPutByIdExternalLoad = 16;
+        static const int patchLengthPutByIdExternalLoad = 4;
+        static const int patchOffsetPutByIdPropertyMapOffset = 20;
+        // These architecture specific value are used to enable patching - see comment on op_get_by_id.
+        static const int patchOffsetGetByIdStructure = 4;
+        static const int patchOffsetGetByIdBranchToSlowCase = 16;
+        static const int patchOffsetGetByIdExternalLoad = 16;
+        static const int patchLengthGetByIdExternalLoad = 4;
+        static const int patchOffsetGetByIdPropertyMapOffset = 20;
+        static const int patchOffsetGetByIdPutResult = 28;
+#if ENABLE(OPCODE_SAMPLING)
+        #error "OPCODE_SAMPLING is not yet supported"
+#else
+        static const int patchOffsetGetByIdSlowCaseCall = 36;
+#endif
+        static const int patchOffsetOpCallCompareToJump = 12;
+
+        static const int patchOffsetMethodCheckProtoObj = 12;
+        static const int patchOffsetMethodCheckProtoStruct = 20;
+        static const int patchOffsetMethodCheckPutFunction = 32;
+#endif
+#endif // USE(JSVALUE32_64)
+
+#if PLATFORM(ARM_TRADITIONAL)
+        // sequenceOpCall
+        static const int sequenceOpCallInstructionSpace = 12;
+        static const int sequenceOpCallConstantSpace = 2;
+        // sequenceMethodCheck
+        static const int sequenceMethodCheckInstructionSpace = 40;
+        static const int sequenceMethodCheckConstantSpace = 6;
+        // sequenceGetByIdHotPath
+        static const int sequenceGetByIdHotPathInstructionSpace = 28;
+        static const int sequenceGetByIdHotPathConstantSpace = 3;
+        // sequenceGetByIdSlowCase
+        static const int sequenceGetByIdSlowCaseInstructionSpace = 40;
+        static const int sequenceGetByIdSlowCaseConstantSpace = 2;
+        // sequencePutById
+        static const int sequencePutByIdInstructionSpace = 28;
+        static const int sequencePutByIdConstantSpace = 3;
+#endif
+
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+#define BEGIN_UNINTERRUPTED_SEQUENCE(name) beginUninterruptedSequence(name ## InstructionSpace, name ## ConstantSpace)
+#define END_UNINTERRUPTED_SEQUENCE(name) endUninterruptedSequence(name ## InstructionSpace, name ## ConstantSpace)
+
+        void beginUninterruptedSequence(int, int);
+        void endUninterruptedSequence(int, int);
+
+#else
+#define BEGIN_UNINTERRUPTED_SEQUENCE(name)
+#define END_UNINTERRUPTED_SEQUENCE(name)
+#endif
+
+        void emit_op_add(Instruction*);
+        void emit_op_bitand(Instruction*);
+        void emit_op_bitnot(Instruction*);
+        void emit_op_bitor(Instruction*);
+        void emit_op_bitxor(Instruction*);
+        void emit_op_call(Instruction*);
+        void emit_op_call_eval(Instruction*);
+        void emit_op_call_varargs(Instruction*);
+        void emit_op_catch(Instruction*);
+        void emit_op_construct(Instruction*);
+        void emit_op_construct_verify(Instruction*);
+        void emit_op_convert_this(Instruction*);
+        void emit_op_create_arguments(Instruction*);
+        void emit_op_debug(Instruction*);
+        void emit_op_del_by_id(Instruction*);
+        void emit_op_div(Instruction*);
+        void emit_op_end(Instruction*);
+        void emit_op_enter(Instruction*);
+        void emit_op_enter_with_activation(Instruction*);
+        void emit_op_eq(Instruction*);
+        void emit_op_eq_null(Instruction*);
+        void emit_op_get_by_id(Instruction*);
+        void emit_op_get_by_val(Instruction*);
+        void emit_op_get_global_var(Instruction*);
+        void emit_op_get_scoped_var(Instruction*);
+        void emit_op_init_arguments(Instruction*);
+        void emit_op_instanceof(Instruction*);
+        void emit_op_jeq_null(Instruction*);
+        void emit_op_jfalse(Instruction*);
+        void emit_op_jmp(Instruction*);
+        void emit_op_jmp_scopes(Instruction*);
+        void emit_op_jneq_null(Instruction*);
+        void emit_op_jneq_ptr(Instruction*);
+        void emit_op_jnless(Instruction*);
+        void emit_op_jnlesseq(Instruction*);
+        void emit_op_jsr(Instruction*);
+        void emit_op_jtrue(Instruction*);
+        void emit_op_load_varargs(Instruction*);
+        void emit_op_loop(Instruction*);
+        void emit_op_loop_if_less(Instruction*);
+        void emit_op_loop_if_lesseq(Instruction*);
+        void emit_op_loop_if_true(Instruction*);
+        void emit_op_lshift(Instruction*);
+        void emit_op_method_check(Instruction*);
+        void emit_op_mod(Instruction*);
+        void emit_op_mov(Instruction*);
+        void emit_op_mul(Instruction*);
+        void emit_op_negate(Instruction*);
+        void emit_op_neq(Instruction*);
+        void emit_op_neq_null(Instruction*);
+        void emit_op_new_array(Instruction*);
+        void emit_op_new_error(Instruction*);
+        void emit_op_new_func(Instruction*);
+        void emit_op_new_func_exp(Instruction*);
+        void emit_op_new_object(Instruction*);
+        void emit_op_new_regexp(Instruction*);
+        void emit_op_next_pname(Instruction*);
+        void emit_op_not(Instruction*);
+        void emit_op_nstricteq(Instruction*);
+        void emit_op_pop_scope(Instruction*);
+        void emit_op_post_dec(Instruction*);
+        void emit_op_post_inc(Instruction*);
+        void emit_op_pre_dec(Instruction*);
+        void emit_op_pre_inc(Instruction*);
+        void emit_op_profile_did_call(Instruction*);
+        void emit_op_profile_will_call(Instruction*);
+        void emit_op_push_new_scope(Instruction*);
+        void emit_op_push_scope(Instruction*);
+        void emit_op_put_by_id(Instruction*);
+        void emit_op_put_by_index(Instruction*);
+        void emit_op_put_by_val(Instruction*);
+        void emit_op_put_getter(Instruction*);
+        void emit_op_put_global_var(Instruction*);
+        void emit_op_put_scoped_var(Instruction*);
+        void emit_op_put_setter(Instruction*);
+        void emit_op_resolve(Instruction*);
+        void emit_op_resolve_base(Instruction*);
+        void emit_op_resolve_global(Instruction*);
+        void emit_op_resolve_skip(Instruction*);
+        void emit_op_resolve_with_base(Instruction*);
+        void emit_op_ret(Instruction*);
+        void emit_op_rshift(Instruction*);
+        void emit_op_sret(Instruction*);
+        void emit_op_strcat(Instruction*);
+        void emit_op_stricteq(Instruction*);
+        void emit_op_sub(Instruction*);
+        void emit_op_switch_char(Instruction*);
+        void emit_op_switch_imm(Instruction*);
+        void emit_op_switch_string(Instruction*);
+        void emit_op_tear_off_activation(Instruction*);
+        void emit_op_tear_off_arguments(Instruction*);
+        void emit_op_throw(Instruction*);
+        void emit_op_to_jsnumber(Instruction*);
+        void emit_op_to_primitive(Instruction*);
+        void emit_op_unexpected_load(Instruction*);
+
+        void emitSlow_op_add(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitand(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitnot(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitor(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_bitxor(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_call(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_call_eval(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_call_varargs(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_construct(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_construct_verify(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_convert_this(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_div(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_eq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_instanceof(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jfalse(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jnless(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jnlesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_jtrue(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_less(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_lesseq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_loop_if_true(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_lshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_mul(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_negate(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_neq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_not(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_nstricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_post_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_post_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_pre_dec(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_pre_inc(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_put_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_resolve_global(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_rshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_stricteq(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_sub(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_to_jsnumber(Instruction*, Vector<SlowCaseEntry>::iterator&);
+        void emitSlow_op_to_primitive(Instruction*, Vector<SlowCaseEntry>::iterator&);
+
+        /* These functions are deprecated: Please use JITStubCall instead. */
+        void emitPutJITStubArg(RegisterID src, unsigned argumentNumber);
+#if USE(JSVALUE32_64)
+        void emitPutJITStubArg(RegisterID tag, RegisterID payload, unsigned argumentNumber);
+        void emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2);
+#else
+        void emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch);
+#endif
+        void emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber);
+        void emitPutJITStubArgConstant(void* value, unsigned argumentNumber);
+        void emitGetJITStubArg(unsigned argumentNumber, RegisterID dst);
+
+        void emitInitRegister(unsigned dst);
+
+        void emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry);
+        void emitPutImmediateToCallFrameHeader(void* value, RegisterFile::CallFrameHeaderEntry entry);
+        void emitGetFromCallFrameHeaderPtr(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from = callFrameRegister);
+        void emitGetFromCallFrameHeader32(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from = callFrameRegister);
+
+        JSValue getConstantOperand(unsigned src);
+        bool isOperandConstantImmediateInt(unsigned src);
+
+        Jump getSlowCase(Vector<SlowCaseEntry>::iterator& iter)
+        {
+            return iter++->from;
+        }
+        void linkSlowCase(Vector<SlowCaseEntry>::iterator& iter)
+        {
+            iter->from.link(this);
+            ++iter;
+        }
+        void linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator&, int vReg);
+
+        Jump checkStructure(RegisterID reg, Structure* structure);
+
+        void restoreArgumentReference();
+        void restoreArgumentReferenceForTrampoline();
+
+        Call emitNakedCall(CodePtr function = CodePtr());
+
+        void preserveReturnAddressAfterCall(RegisterID);
+        void restoreReturnAddressBeforeReturn(RegisterID);
+        void restoreReturnAddressBeforeReturn(Address);
+
+        void emitTimeoutCheck();
+#ifndef NDEBUG
+        void printBytecodeOperandTypes(unsigned src1, unsigned src2);
+#endif
+
+#if ENABLE(SAMPLING_FLAGS)
+        void setSamplingFlag(int32_t);
+        void clearSamplingFlag(int32_t);
+#endif
+
+#if ENABLE(SAMPLING_COUNTERS)
+        void emitCount(AbstractSamplingCounter&, uint32_t = 1);
+#endif
+
+#if ENABLE(OPCODE_SAMPLING)
+        void sampleInstruction(Instruction*, bool = false);
+#endif
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+        void sampleCodeBlock(CodeBlock*);
+#else
+        void sampleCodeBlock(CodeBlock*) {}
+#endif
+
+        Interpreter* m_interpreter;
+        JSGlobalData* m_globalData;
+        CodeBlock* m_codeBlock;
+
+        Vector<CallRecord> m_calls;
+        Vector<Label> m_labels;
+        Vector<PropertyStubCompilationInfo> m_propertyAccessCompilationInfo;
+        Vector<StructureStubCompilationInfo> m_callStructureStubCompilationInfo;
+        Vector<MethodCallCompilationInfo> m_methodCallCompilationInfo;
+        Vector<JumpTable> m_jmpTable;
+
+        unsigned m_bytecodeIndex;
+        Vector<JSRInfo> m_jsrSites;
+        Vector<SlowCaseEntry> m_slowCases;
+        Vector<SwitchRecord> m_switches;
+
+        unsigned m_propertyAccessInstructionIndex;
+        unsigned m_globalResolveInfoIndex;
+        unsigned m_callLinkInfoIndex;
+
+#if USE(JSVALUE32_64)
+        unsigned m_jumpTargetIndex;
+        unsigned m_mappedBytecodeIndex;
+        unsigned m_mappedVirtualRegisterIndex;
+        RegisterID m_mappedTag;
+        RegisterID m_mappedPayload;
+#else
+        int m_lastResultBytecodeRegister;
+        unsigned m_jumpTargetsPosition;
+#endif
+
+#ifndef NDEBUG
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+        Label m_uninterruptedInstructionSequenceBegin;
+        int m_uninterruptedConstantSequenceBegin;
+#endif
+#endif
+    } JIT_CLASS_ALIGNMENT;
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif // JIT_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp
new file mode 100644
index 000000000..7afc1f255
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp
@@ -0,0 +1,2542 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JIT.h"
+
+#if ENABLE(JIT)
+
+#include "CodeBlock.h"
+#include "JITInlineMethods.h"
+#include "JITStubCall.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "ResultType.h"
+#include "SamplingTool.h"
+
+#ifndef NDEBUG
+#include <stdio.h>
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::emit_op_negate(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump srcNotInt = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branch32(Equal, regT0, Imm32(0)));
+
+    neg32(regT0);
+    emitStoreInt32(dst, regT0, (dst == src));
+
+    Jump end = jump();
+
+    srcNotInt.link(this);
+    addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+    xor32(Imm32(1 << 31), regT1);
+    store32(regT1, tagFor(dst));
+    if (dst != src)
+        store32(regT0, payloadFor(dst));
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_negate(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // 0 check
+    linkSlowCase(iter); // double check
+
+    JITStubCall stubCall(this, cti_op_negate);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_jnless(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    // Int32 less.
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT3, regT2);
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThanOrEqual, regT2, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+    } else {
+        emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, regT2), target + 3);
+    }
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double less.
+    emitBinaryDoubleOp(op_jnless, target, op1, op2, OperandTypes(), notInt32Op1, notInt32Op2, !isOperandConstantImmediateInt(op1), isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!supportsFloatingPoint()) {
+        if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    } else {
+        if (!isOperandConstantImmediateInt(op1)) {
+            linkSlowCase(iter); // double check
+            linkSlowCase(iter); // int32 check
+        }
+        if (isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // double check
+    }
+
+    JITStubCall stubCall(this, cti_op_jless);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+}
+
+void JIT::emit_op_jnlesseq(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    // Int32 less.
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT3, regT2);
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThan, regT2, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+    } else {
+        emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+        notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, regT2), target + 3);
+    }
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double less.
+    emitBinaryDoubleOp(op_jnlesseq, target, op1, op2, OperandTypes(), notInt32Op1, notInt32Op2, !isOperandConstantImmediateInt(op1), isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_jnlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!supportsFloatingPoint()) {
+        if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    } else {
+        if (!isOperandConstantImmediateInt(op1)) {
+            linkSlowCase(iter); // double check
+            linkSlowCase(iter); // int32 check
+        }
+        if (isOperandConstantImmediateInt(op1) || !isOperandConstantImmediateInt(op2))
+            linkSlowCase(iter); // double check
+    }
+
+    JITStubCall stubCall(this, cti_op_jlesseq);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+}
+
+// LeftShift (<<)
+
+void JIT::emit_op_lshift(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        lshift32(Imm32(getConstantOperand(op2).asInt32()), regT0);
+        emitStoreInt32(dst, regT0, dst == op1);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    if (!isOperandConstantImmediateInt(op1))
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    lshift32(regT2, regT0);
+    emitStoreInt32(dst, regT0, dst == op1 || dst == op2);
+}
+
+void JIT::emitSlow_op_lshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_lshift);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// RightShift (>>)
+
+void JIT::emit_op_rshift(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        rshift32(Imm32(getConstantOperand(op2).asInt32()), regT0);
+        emitStoreInt32(dst, regT0, dst == op1);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    if (!isOperandConstantImmediateInt(op1))
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    rshift32(regT2, regT0);
+    emitStoreInt32(dst, regT0, dst == op1 || dst == op2);
+}
+
+void JIT::emitSlow_op_rshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_rshift);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitAnd (&)
+
+void JIT::emit_op_bitand(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        and32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    and32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitand(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitand);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitOr (|)
+
+void JIT::emit_op_bitor(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        or32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    or32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitor);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitXor (^)
+
+void JIT::emit_op_bitxor(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitLoad(op, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        xor32(Imm32(constant), regT0);
+        emitStoreInt32(dst, regT0, (op == dst));
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    xor32(regT2, regT0);
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+}
+
+void JIT::emitSlow_op_bitxor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitxor);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// BitNot (~)
+
+void JIT::emit_op_bitnot(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    not32(regT0);
+    emitStoreInt32(dst, regT0, (dst == src));
+}
+
+void JIT::emitSlow_op_bitnot(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_bitnot);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+// PostInc (i++)
+
+void JIT::emit_op_post_inc(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+    
+    emitLoad(srcDst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    if (dst == srcDst) // x = x++ is a noop for ints.
+        return;
+
+    emitStoreInt32(dst, regT0);
+
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_post_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    if (dst != srcDst)
+        linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_post_inc);
+    stubCall.addArgument(srcDst);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(dst);
+}
+
+// PostDec (i--)
+
+void JIT::emit_op_post_dec(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+
+    if (dst == srcDst) // x = x-- is a noop for ints.
+        return;
+
+    emitStoreInt32(dst, regT0);
+
+    addSlowCase(branchSub32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_post_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    if (dst != srcDst)
+        linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_post_dec);
+    stubCall.addArgument(srcDst);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(dst);
+}
+
+// PreInc (++i)
+
+void JIT::emit_op_pre_inc(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_pre_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_pre_inc);
+    stubCall.addArgument(srcDst);
+    stubCall.call(srcDst);
+}
+
+// PreDec (--i)
+
+void JIT::emit_op_pre_dec(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitLoad(srcDst, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branchSub32(Overflow, Imm32(1), regT0));
+    emitStoreInt32(srcDst, regT0, true);
+}
+
+void JIT::emitSlow_op_pre_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // overflow check
+
+    JITStubCall stubCall(this, cti_op_pre_dec);
+    stubCall.addArgument(srcDst);
+    stubCall.call(srcDst);
+}
+
+// Addition (+)
+
+void JIT::emit_op_add(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
+        JITStubCall stubCall(this, cti_op_add);
+        stubCall.addArgument(op1);
+        stubCall.addArgument(op2);
+        stubCall.call(dst);
+        return;
+    }
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        emitAdd32Constant(dst, op, constant, op == op1 ? types.first() : types.second());
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    addSlowCase(branchAdd32(Overflow, regT2, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_add, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitAdd32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType)
+{
+    // Int32 case.
+    emitLoad(op, regT1, regT0);
+    Jump notInt32 = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branchAdd32(Overflow, Imm32(constant), regT0));
+    emitStoreInt32(dst, regT0, (op == dst));
+
+    // Double case.
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32);
+        return;
+    }
+    Jump end = jump();
+
+    notInt32.link(this);
+    if (!opType.definitelyIsNumber())
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+    move(Imm32(constant), regT2);
+    convertInt32ToDouble(regT2, fpRegT0);
+    emitLoadDouble(op, fpRegT1);
+    addDouble(fpRegT1, fpRegT0);
+    emitStoreDouble(dst, fpRegT0);
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber())
+        return;
+
+    unsigned op;
+    int32_t constant;
+    if (getOperandConstantImmediateInt(op1, op2, op, constant)) {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint())
+            linkSlowCase(iter); // non-sse case
+        else {
+            ResultType opType = op == op1 ? types.first() : types.second();
+            if (!opType.definitelyIsNumber())
+                linkSlowCase(iter); // double check
+        }
+    } else {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // int32 check
+        } else {
+            if (!types.first().definitelyIsNumber())
+                linkSlowCase(iter); // double check
+
+            if (!types.second().definitelyIsNumber()) {
+                linkSlowCase(iter); // int32 check
+                linkSlowCase(iter); // double check
+            }
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_add);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Subtraction (-)
+
+void JIT::emit_op_sub(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitSub32Constant(dst, op1, getConstantOperand(op2).asInt32(), types.first());
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    addSlowCase(branchSub32(Overflow, regT2, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_sub, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSub32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType)
+{
+    // Int32 case.
+    emitLoad(op, regT1, regT0);
+    Jump notInt32 = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branchSub32(Overflow, Imm32(constant), regT0));
+    emitStoreInt32(dst, regT0, (op == dst));
+
+    // Double case.
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32);
+        return;
+    }
+    Jump end = jump();
+
+    notInt32.link(this);
+    if (!opType.definitelyIsNumber())
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+    move(Imm32(constant), regT2);
+    convertInt32ToDouble(regT2, fpRegT0);
+    emitLoadDouble(op, fpRegT1);
+    subDouble(fpRegT0, fpRegT1);
+    emitStoreDouble(dst, fpRegT1);
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint() || !types.first().definitelyIsNumber())
+            linkSlowCase(iter); // int32 or double check
+    } else {
+        linkSlowCase(iter); // overflow check
+
+        if (!supportsFloatingPoint()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // int32 check
+        } else {
+            if (!types.first().definitelyIsNumber())
+                linkSlowCase(iter); // double check
+
+            if (!types.second().definitelyIsNumber()) {
+                linkSlowCase(iter); // int32 check
+                linkSlowCase(iter); // double check
+            }
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_sub);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+void JIT::emitBinaryDoubleOp(OpcodeID opcodeID, unsigned dst, unsigned op1, unsigned op2, OperandTypes types, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters, bool op2IsInRegisters)
+{
+    JumpList end;
+    
+    if (!notInt32Op1.empty()) {
+        // Double case 1: Op1 is not int32; Op2 is unknown.
+        notInt32Op1.link(this);
+
+        ASSERT(op1IsInRegisters);
+
+        // Verify Op1 is double.
+        if (!types.first().definitelyIsNumber())
+            addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+        if (!op2IsInRegisters)
+            emitLoad(op2, regT3, regT2);
+
+        Jump doubleOp2 = branch32(Below, regT3, Imm32(JSValue::LowestTag));
+
+        if (!types.second().definitelyIsNumber())
+            addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+        convertInt32ToDouble(regT2, fpRegT0);
+        Jump doTheMath = jump();
+
+        // Load Op2 as double into double register.
+        doubleOp2.link(this);
+        emitLoadDouble(op2, fpRegT0);
+
+        // Do the math.
+        doTheMath.link(this);
+        switch (opcodeID) {
+            case op_mul:
+                emitLoadDouble(op1, fpRegT2);
+                mulDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_add:
+                emitLoadDouble(op1, fpRegT2);
+                addDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_sub:
+                emitLoadDouble(op1, fpRegT1);
+                subDouble(fpRegT0, fpRegT1);
+                emitStoreDouble(dst, fpRegT1);
+                break;
+            case op_div:
+                emitLoadDouble(op1, fpRegT1);
+                divDouble(fpRegT0, fpRegT1);
+                emitStoreDouble(dst, fpRegT1);
+                break;
+            case op_jnless:
+                emitLoadDouble(op1, fpRegT2);
+                addJump(branchDouble(DoubleLessThanOrEqual, fpRegT0, fpRegT2), dst + 3);
+                break;
+            case op_jnlesseq:
+                emitLoadDouble(op1, fpRegT2);
+                addJump(branchDouble(DoubleLessThan, fpRegT0, fpRegT2), dst + 3);
+                break;
+            default:
+                ASSERT_NOT_REACHED();
+        }
+
+        if (!notInt32Op2.empty())
+            end.append(jump());
+    }
+
+    if (!notInt32Op2.empty()) {
+        // Double case 2: Op1 is int32; Op2 is not int32.
+        notInt32Op2.link(this);
+
+        ASSERT(op2IsInRegisters);
+
+        if (!op1IsInRegisters)
+            emitLoadPayload(op1, regT0);
+
+        convertInt32ToDouble(regT0, fpRegT0);
+
+        // Verify op2 is double.
+        if (!types.second().definitelyIsNumber())
+            addSlowCase(branch32(Above, regT3, Imm32(JSValue::LowestTag)));
+
+        // Do the math.
+        switch (opcodeID) {
+            case op_mul:
+                emitLoadDouble(op2, fpRegT2);
+                mulDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_add:
+                emitLoadDouble(op2, fpRegT2);
+                addDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_sub:
+                emitLoadDouble(op2, fpRegT2);
+                subDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_div:
+                emitLoadDouble(op2, fpRegT2);
+                divDouble(fpRegT2, fpRegT0);
+                emitStoreDouble(dst, fpRegT0);
+                break;
+            case op_jnless:
+                emitLoadDouble(op2, fpRegT1);
+                addJump(branchDouble(DoubleLessThanOrEqual, fpRegT1, fpRegT0), dst + 3);
+                break;
+            case op_jnlesseq:
+                emitLoadDouble(op2, fpRegT1);
+                addJump(branchDouble(DoubleLessThan, fpRegT1, fpRegT0), dst + 3);
+                break;
+            default:
+                ASSERT_NOT_REACHED();
+        }
+    }
+
+    end.link(this);
+}
+
+// Multiplication (*)
+
+void JIT::emit_op_mul(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    // Int32 case.
+    move(regT0, regT3);
+    addSlowCase(branchMul32(Overflow, regT2, regT0));
+    addSlowCase(branchTest32(Zero, regT0));
+    emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(notInt32Op1);
+        addSlowCase(notInt32Op2);
+        return;
+    }
+    Jump end = jump();
+
+    // Double case.
+    emitBinaryDoubleOp(op_mul, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    Jump overflow = getSlowCase(iter); // overflow check
+    linkSlowCase(iter); // zero result check
+
+    Jump negZero = branchOr32(Signed, regT2, regT3);
+    emitStoreInt32(dst, Imm32(0), (op1 == dst || op2 == dst));
+
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_mul));
+
+    negZero.link(this);
+    overflow.link(this);
+
+    if (!supportsFloatingPoint()) {
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+    }
+
+    if (supportsFloatingPoint()) {
+        if (!types.first().definitelyIsNumber())
+            linkSlowCase(iter); // double check
+
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // double check
+        }
+    }
+
+    Label jitStubCall(this);
+    JITStubCall stubCall(this, cti_op_mul);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Division (/)
+
+void JIT::emit_op_div(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!supportsFloatingPoint()) {
+        addSlowCase(jump());
+        return;
+    }
+
+    // Int32 divide.
+    JumpList notInt32Op1;
+    JumpList notInt32Op2;
+
+    JumpList end;
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+
+    notInt32Op1.append(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    notInt32Op2.append(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+
+    convertInt32ToDouble(regT0, fpRegT0);
+    convertInt32ToDouble(regT2, fpRegT1);
+    divDouble(fpRegT1, fpRegT0);
+
+    JumpList doubleResult;
+    if (!isOperandConstantImmediateInt(op1) || getConstantOperand(op1).asInt32() > 1) {
+        m_assembler.cvttsd2si_rr(fpRegT0, regT0);
+        convertInt32ToDouble(regT0, fpRegT1);
+        m_assembler.ucomisd_rr(fpRegT1, fpRegT0);
+
+        doubleResult.append(m_assembler.jne());
+        doubleResult.append(m_assembler.jp());
+        
+        doubleResult.append(branchTest32(Zero, regT0));
+
+        // Int32 result.
+        emitStoreInt32(dst, regT0, (op1 == dst || op2 == dst));
+        end.append(jump());
+    }
+
+    // Double result.
+    doubleResult.link(this);
+    emitStoreDouble(dst, fpRegT0);
+    end.append(jump());
+
+    // Double divide.
+    emitBinaryDoubleOp(op_div, dst, op1, op2, types, notInt32Op1, notInt32Op2);
+    end.link(this);
+}
+
+void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!supportsFloatingPoint())
+        linkSlowCase(iter);
+    else {
+        if (!types.first().definitelyIsNumber())
+            linkSlowCase(iter); // double check
+
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCase(iter); // int32 check
+            linkSlowCase(iter); // double check
+        }
+    }
+
+    JITStubCall stubCall(this, cti_op_div);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+// Mod (%)
+
+/* ------------------------------ BEGIN: OP_MOD ------------------------------ */
+
+#if PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2) && getConstantOperand(op2).asInt32() != 0) {
+        emitLoad(op1, X86Registers::edx, X86Registers::eax);
+        move(Imm32(getConstantOperand(op2).asInt32()), X86Registers::ecx);
+        addSlowCase(branch32(NotEqual, X86Registers::edx, Imm32(JSValue::Int32Tag)));
+        if (getConstantOperand(op2).asInt32() == -1)
+            addSlowCase(branch32(Equal, X86Registers::eax, Imm32(0x80000000))); // -2147483648 / -1 => EXC_ARITHMETIC
+    } else {
+        emitLoad2(op1, X86Registers::edx, X86Registers::eax, op2, X86Registers::ebx, X86Registers::ecx);
+        addSlowCase(branch32(NotEqual, X86Registers::edx, Imm32(JSValue::Int32Tag)));
+        addSlowCase(branch32(NotEqual, X86Registers::ebx, Imm32(JSValue::Int32Tag)));
+
+        addSlowCase(branch32(Equal, X86Registers::eax, Imm32(0x80000000))); // -2147483648 / -1 => EXC_ARITHMETIC
+        addSlowCase(branch32(Equal, X86Registers::ecx, Imm32(0))); // divide by 0
+    }
+
+    move(X86Registers::eax, X86Registers::ebx); // Save dividend payload, in case of 0.
+    m_assembler.cdq();
+    m_assembler.idivl_r(X86Registers::ecx);
+    
+    // If the remainder is zero and the dividend is negative, the result is -0.
+    Jump storeResult1 = branchTest32(NonZero, X86Registers::edx);
+    Jump storeResult2 = branchTest32(Zero, X86Registers::ebx, Imm32(0x80000000)); // not negative
+    emitStore(dst, jsNumber(m_globalData, -0.0));
+    Jump end = jump();
+
+    storeResult1.link(this);
+    storeResult2.link(this);
+    emitStoreInt32(dst, X86Registers::edx, (op1 == dst || op2 == dst));
+    end.link(this);
+}
+
+void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2) && getConstantOperand(op2).asInt32() != 0) {
+        linkSlowCase(iter); // int32 check
+        if (getConstantOperand(op2).asInt32() == -1)
+            linkSlowCase(iter); // 0x80000000 check
+    } else {
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // int32 check
+        linkSlowCase(iter); // 0 check
+        linkSlowCase(iter); // 0x80000000 check
+    }
+
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+#else // PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call(dst);
+}
+
+void JIT::emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+}
+
+#endif // PLATFORM(X86) || PLATFORM(X86_64)
+
+/* ------------------------------ END: OP_MOD ------------------------------ */
+
+#else // USE(JSVALUE32_64)
+
+void JIT::emit_op_lshift(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(op1, regT0, op2, regT2);
+    // FIXME: would we be better using 'emitJumpSlowCaseIfNotImmediateIntegers'? - we *probably* ought to be consistent.
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT2);
+    emitFastArithImmToInt(regT0);
+    emitFastArithImmToInt(regT2);
+#if !PLATFORM(X86)
+    // Mask with 0x1f as per ecma-262 11.7.2 step 7.
+    // On 32-bit x86 this is not necessary, since the shift anount is implicitly masked in the instruction.
+    and32(Imm32(0x1f), regT2);
+#endif
+    lshift32(regT2, regT0);
+#if !USE(JSVALUE64)
+    addSlowCase(branchAdd32(Overflow, regT0, regT0));
+    signExtend32ToPtr(regT0, regT0);
+#endif
+    emitFastArithReTagImmediate(regT0, regT0);
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_lshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+#if USE(JSVALUE64)
+    UNUSED_PARAM(op1);
+    UNUSED_PARAM(op2);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+#else
+    // If we are limited to 32-bit immediates there is a third slow case, which required the operands to have been reloaded.
+    Jump notImm1 = getSlowCase(iter);
+    Jump notImm2 = getSlowCase(iter);
+    linkSlowCase(iter);
+    emitGetVirtualRegisters(op1, regT0, op2, regT2);
+    notImm1.link(this);
+    notImm2.link(this);
+#endif
+    JITStubCall stubCall(this, cti_op_lshift);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT2);
+    stubCall.call(result);
+}
+
+void JIT::emit_op_rshift(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op2)) {
+        // isOperandConstantImmediateInt(op2) => 1 SlowCase
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        // Mask with 0x1f as per ecma-262 11.7.2 step 7.
+#if USE(JSVALUE64)
+        rshift32(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
+#else
+        rshiftPtr(Imm32(getConstantOperandImmediateInt(op2) & 0x1f), regT0);
+#endif
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT2);
+        if (supportsFloatingPointTruncate()) {
+            Jump lhsIsInt = emitJumpIfImmediateInteger(regT0);
+#if USE(JSVALUE64)
+            // supportsFloatingPoint() && USE(JSVALUE64) => 3 SlowCases
+            addSlowCase(emitJumpIfNotImmediateNumber(regT0));
+            addPtr(tagTypeNumberRegister, regT0);
+            movePtrToDouble(regT0, fpRegT0);
+            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
+#else
+            // supportsFloatingPoint() && !USE(JSVALUE64) => 5 SlowCases (of which 1 IfNotJSCell)
+            emitJumpSlowCaseIfNotJSCell(regT0, op1);
+            addSlowCase(checkStructure(regT0, m_globalData->numberStructure.get()));
+            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+            addSlowCase(branchTruncateDoubleToInt32(fpRegT0, regT0));
+            addSlowCase(branchAdd32(Overflow, regT0, regT0));
+#endif
+            lhsIsInt.link(this);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
+        } else {
+            // !supportsFloatingPoint() => 2 SlowCases
+            emitJumpSlowCaseIfNotImmediateInteger(regT0);
+            emitJumpSlowCaseIfNotImmediateInteger(regT2);
+        }
+        emitFastArithImmToInt(regT2);
+#if !PLATFORM(X86)
+        // Mask with 0x1f as per ecma-262 11.7.2 step 7.
+        // On 32-bit x86 this is not necessary, since the shift anount is implicitly masked in the instruction.
+        and32(Imm32(0x1f), regT2);
+#endif
+#if USE(JSVALUE64)
+        rshift32(regT2, regT0);
+#else
+        rshiftPtr(regT2, regT0);
+#endif
+    }
+#if USE(JSVALUE64)
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+    orPtr(Imm32(JSImmediate::TagTypeNumber), regT0);
+#endif
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_rshift(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_rshift);
+
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+    } else {
+        if (supportsFloatingPointTruncate()) {
+#if USE(JSVALUE64)
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+#else
+            linkSlowCaseIfNotJSCell(iter, op1);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+#endif
+            // We're reloading op1 to regT0 as we can no longer guarantee that
+            // we have not munged the operand.  It may have already been shifted
+            // correctly, but it still will not have been tagged.
+            stubCall.addArgument(op1, regT0);
+            stubCall.addArgument(regT2);
+        } else {
+            linkSlowCase(iter);
+            linkSlowCase(iter);
+            stubCall.addArgument(regT0);
+            stubCall.addArgument(regT2);
+        }
+    }
+
+    stubCall.call(result);
+}
+
+void JIT::emit_op_jnless(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    // We generate inline code for the following cases in the fast path:
+    // - int immediate to constant int immediate
+    // - constant int immediate to int immediate
+    // - int immediate to int immediate
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t op2imm = getConstantOperandImmediateInt(op2);
+#else
+        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
+#endif
+        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(op2imm)), target + 3);
+    } else if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+#if USE(JSVALUE64)
+        int32_t op1imm = getConstantOperandImmediateInt(op1);
+#else
+        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
+#endif
+        addJump(branch32(LessThanOrEqual, regT1, Imm32(op1imm)), target + 3);
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+
+        addJump(branch32(GreaterThanOrEqual, regT0, regT1), target + 3);
+    }
+}
+
+void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    // We generate inline code for the following cases in the slow path:
+    // - floating-point number to constant int immediate
+    // - constant int immediate to floating-point number
+    // - floating-point number to floating-point number.
+
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
+            addPtr(tagTypeNumberRegister, regT0);
+            movePtrToDouble(regT0, fpRegT0);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1 = emitJumpIfNotJSCell(regT0);
+
+            Jump fail2 = checkStructure(regT0, m_globalData->numberStructure.get());
+            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+#endif
+            
+            int32_t op2imm = getConstantOperand(op2).asInt32();;
+                    
+            move(Imm32(op2imm), regT1);
+            convertInt32ToDouble(regT1, fpRegT1);
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqual, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1.link(this);
+            fail2.link(this);
+#endif
+        }
+
+        JITStubCall stubCall(this, cti_op_jless);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+
+    } else if (isOperandConstantImmediateInt(op1)) {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
+            addPtr(tagTypeNumberRegister, regT1);
+            movePtrToDouble(regT1, fpRegT1);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail1 = emitJumpIfNotJSCell(regT1);
+            
+            Jump fail2 = checkStructure(regT1, m_globalData->numberStructure.get());
+            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
+#endif
+            
+            int32_t op1imm = getConstantOperand(op1).asInt32();;
+                    
+            move(Imm32(op1imm), regT0);
+            convertInt32ToDouble(regT0, fpRegT0);
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqual, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail1.link(this);
+            fail2.link(this);
+#endif
+        }
+
+        JITStubCall stubCall(this, cti_op_jless);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+
+    } else {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
+            Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
+            Jump fail3 = emitJumpIfImmediateInteger(regT1);
+            addPtr(tagTypeNumberRegister, regT0);
+            addPtr(tagTypeNumberRegister, regT1);
+            movePtrToDouble(regT0, fpRegT0);
+            movePtrToDouble(regT1, fpRegT1);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1 = emitJumpIfNotJSCell(regT0);
+
+            Jump fail2;
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail2 = emitJumpIfNotJSCell(regT1);
+
+            Jump fail3 = checkStructure(regT0, m_globalData->numberStructure.get());
+            Jump fail4 = checkStructure(regT1, m_globalData->numberStructure.get());
+            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
+#endif
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThanOrEqual, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnless));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+            fail2.link(this);
+            fail3.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1.link(this);
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail2.link(this);
+            fail3.link(this);
+            fail4.link(this);
+#endif
+        }
+
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_jless);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+    }
+}
+
+void JIT::emit_op_jnlesseq(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    // We generate inline code for the following cases in the fast path:
+    // - int immediate to constant int immediate
+    // - constant int immediate to int immediate
+    // - int immediate to int immediate
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t op2imm = getConstantOperandImmediateInt(op2);
+#else
+        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
+#endif
+        addJump(branch32(GreaterThan, regT0, Imm32(op2imm)), target + 3);
+    } else if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+#if USE(JSVALUE64)
+        int32_t op1imm = getConstantOperandImmediateInt(op1);
+#else
+        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
+#endif
+        addJump(branch32(LessThan, regT1, Imm32(op1imm)), target + 3);
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+
+        addJump(branch32(GreaterThan, regT0, regT1), target + 3);
+    }
+}
+
+void JIT::emitSlow_op_jnlesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    // We generate inline code for the following cases in the slow path:
+    // - floating-point number to constant int immediate
+    // - constant int immediate to floating-point number
+    // - floating-point number to floating-point number.
+
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
+            addPtr(tagTypeNumberRegister, regT0);
+            movePtrToDouble(regT0, fpRegT0);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1 = emitJumpIfNotJSCell(regT0);
+
+            Jump fail2 = checkStructure(regT0, m_globalData->numberStructure.get());
+            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+#endif
+            
+            int32_t op2imm = getConstantOperand(op2).asInt32();;
+                    
+            move(Imm32(op2imm), regT1);
+            convertInt32ToDouble(regT1, fpRegT1);
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1.link(this);
+            fail2.link(this);
+#endif
+        }
+
+        JITStubCall stubCall(this, cti_op_jlesseq);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+
+    } else if (isOperandConstantImmediateInt(op1)) {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT1);
+            addPtr(tagTypeNumberRegister, regT1);
+            movePtrToDouble(regT1, fpRegT1);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail1 = emitJumpIfNotJSCell(regT1);
+            
+            Jump fail2 = checkStructure(regT1, m_globalData->numberStructure.get());
+            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
+#endif
+            
+            int32_t op1imm = getConstantOperand(op1).asInt32();;
+                    
+            move(Imm32(op1imm), regT0);
+            convertInt32ToDouble(regT0, fpRegT0);
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail1.link(this);
+            fail2.link(this);
+#endif
+        }
+
+        JITStubCall stubCall(this, cti_op_jlesseq);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+
+    } else {
+        linkSlowCase(iter);
+
+        if (supportsFloatingPoint()) {
+#if USE(JSVALUE64)
+            Jump fail1 = emitJumpIfNotImmediateNumber(regT0);
+            Jump fail2 = emitJumpIfNotImmediateNumber(regT1);
+            Jump fail3 = emitJumpIfImmediateInteger(regT1);
+            addPtr(tagTypeNumberRegister, regT0);
+            addPtr(tagTypeNumberRegister, regT1);
+            movePtrToDouble(regT0, fpRegT0);
+            movePtrToDouble(regT1, fpRegT1);
+#else
+            Jump fail1;
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1 = emitJumpIfNotJSCell(regT0);
+
+            Jump fail2;
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail2 = emitJumpIfNotJSCell(regT1);
+
+            Jump fail3 = checkStructure(regT0, m_globalData->numberStructure.get());
+            Jump fail4 = checkStructure(regT1, m_globalData->numberStructure.get());
+            loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+            loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
+#endif
+
+            emitJumpSlowToHot(branchDouble(DoubleLessThan, fpRegT1, fpRegT0), target + 3);
+
+            emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_jnlesseq));
+
+#if USE(JSVALUE64)
+            fail1.link(this);
+            fail2.link(this);
+            fail3.link(this);
+#else
+            if (!m_codeBlock->isKnownNotImmediate(op1))
+                fail1.link(this);
+            if (!m_codeBlock->isKnownNotImmediate(op2))
+                fail2.link(this);
+            fail3.link(this);
+            fail4.link(this);
+#endif
+        }
+
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_jlesseq);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(Zero, regT0), target + 3);
+    }
+}
+
+void JIT::emit_op_bitand(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t imm = getConstantOperandImmediateInt(op1);
+        andPtr(Imm32(imm), regT0);
+        if (imm >= 0)
+            emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+        andPtr(Imm32(static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)))), regT0);
+#endif
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t imm = getConstantOperandImmediateInt(op2);
+        andPtr(Imm32(imm), regT0);
+        if (imm >= 0)
+            emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+        andPtr(Imm32(static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)))), regT0);
+#endif
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT1);
+        andPtr(regT1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    }
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_bitand(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter);
+    if (isOperandConstantImmediateInt(op1)) {
+        JITStubCall stubCall(this, cti_op_bitand);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT0);
+        stubCall.call(result);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        JITStubCall stubCall(this, cti_op_bitand);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call(result);
+    } else {
+        JITStubCall stubCall(this, cti_op_bitand);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT1);
+        stubCall.call(result);
+    }
+}
+
+void JIT::emit_op_post_inc(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(srcDst, regT0);
+    move(regT0, regT1);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT1));
+    emitFastArithIntToImmNoCheck(regT1, regT1);
+#else
+    addSlowCase(branchAdd32(Overflow, Imm32(1 << JSImmediate::IntegerPayloadShift), regT1));
+    signExtend32ToPtr(regT1, regT1);
+#endif
+    emitPutVirtualRegister(srcDst, regT1);
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_post_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_post_inc);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(result);
+}
+
+void JIT::emit_op_post_dec(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(srcDst, regT0);
+    move(regT0, regT1);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+    addSlowCase(branchSub32(Zero, Imm32(1), regT1));
+    emitFastArithIntToImmNoCheck(regT1, regT1);
+#else
+    addSlowCase(branchSub32(Zero, Imm32(1 << JSImmediate::IntegerPayloadShift), regT1));
+    signExtend32ToPtr(regT1, regT1);
+#endif
+    emitPutVirtualRegister(srcDst, regT1);
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_post_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned srcDst = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_post_dec);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(Imm32(srcDst));
+    stubCall.call(result);
+}
+
+void JIT::emit_op_pre_inc(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitGetVirtualRegister(srcDst, regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+    addSlowCase(branchAdd32(Overflow, Imm32(1), regT0));
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+    addSlowCase(branchAdd32(Overflow, Imm32(1 << JSImmediate::IntegerPayloadShift), regT0));
+    signExtend32ToPtr(regT0, regT0);
+#endif
+    emitPutVirtualRegister(srcDst);
+}
+
+void JIT::emitSlow_op_pre_inc(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    Jump notImm = getSlowCase(iter);
+    linkSlowCase(iter);
+    emitGetVirtualRegister(srcDst, regT0);
+    notImm.link(this);
+    JITStubCall stubCall(this, cti_op_pre_inc);
+    stubCall.addArgument(regT0);
+    stubCall.call(srcDst);
+}
+
+void JIT::emit_op_pre_dec(Instruction* currentInstruction)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    emitGetVirtualRegister(srcDst, regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+    addSlowCase(branchSub32(Zero, Imm32(1), regT0));
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+    addSlowCase(branchSub32(Zero, Imm32(1 << JSImmediate::IntegerPayloadShift), regT0));
+    signExtend32ToPtr(regT0, regT0);
+#endif
+    emitPutVirtualRegister(srcDst);
+}
+
+void JIT::emitSlow_op_pre_dec(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned srcDst = currentInstruction[1].u.operand;
+
+    Jump notImm = getSlowCase(iter);
+    linkSlowCase(iter);
+    emitGetVirtualRegister(srcDst, regT0);
+    notImm.link(this);
+    JITStubCall stubCall(this, cti_op_pre_dec);
+    stubCall.addArgument(regT0);
+    stubCall.call(srcDst);
+}
+
+/* ------------------------------ BEGIN: OP_MOD ------------------------------ */
+
+#if PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(op1, X86Registers::eax, op2, X86Registers::ecx);
+    emitJumpSlowCaseIfNotImmediateInteger(X86Registers::eax);
+    emitJumpSlowCaseIfNotImmediateInteger(X86Registers::ecx);
+#if USE(JSVALUE64)
+    addSlowCase(branchPtr(Equal, X86Registers::ecx, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0)))));
+    m_assembler.cdq();
+    m_assembler.idivl_r(X86Registers::ecx);
+#else
+    emitFastArithDeTagImmediate(X86Registers::eax);
+    addSlowCase(emitFastArithDeTagImmediateJumpIfZero(X86Registers::ecx));
+    m_assembler.cdq();
+    m_assembler.idivl_r(X86Registers::ecx);
+    signExtend32ToPtr(X86Registers::edx, X86Registers::edx);
+#endif
+    emitFastArithReTagImmediate(X86Registers::edx, X86Registers::eax);
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_mod(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+
+#if USE(JSVALUE64)
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+#else
+    Jump notImm1 = getSlowCase(iter);
+    Jump notImm2 = getSlowCase(iter);
+    linkSlowCase(iter);
+    emitFastArithReTagImmediate(X86Registers::eax, X86Registers::eax);
+    emitFastArithReTagImmediate(X86Registers::ecx, X86Registers::ecx);
+    notImm1.link(this);
+    notImm2.link(this);
+#endif
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(X86Registers::eax);
+    stubCall.addArgument(X86Registers::ecx);
+    stubCall.call(result);
+}
+
+#else // PLATFORM(X86) || PLATFORM(X86_64)
+
+void JIT::emit_op_mod(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_mod);
+    stubCall.addArgument(op1, regT2);
+    stubCall.addArgument(op2, regT2);
+    stubCall.call(result);
+}
+
+void JIT::emitSlow_op_mod(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+#endif // PLATFORM(X86) || PLATFORM(X86_64)
+
+/* ------------------------------ END: OP_MOD ------------------------------ */
+
+#if USE(JSVALUE64)
+
+/* ------------------------------ BEGIN: USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
+
+void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned, unsigned op1, unsigned op2, OperandTypes)
+{
+    emitGetVirtualRegisters(op1, regT0, op2, regT1);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT1);
+    if (opcodeID == op_add)
+        addSlowCase(branchAdd32(Overflow, regT1, regT0));
+    else if (opcodeID == op_sub)
+        addSlowCase(branchSub32(Overflow, regT1, regT0));
+    else {
+        ASSERT(opcodeID == op_mul);
+        addSlowCase(branchMul32(Overflow, regT1, regT0));
+        addSlowCase(branchTest32(Zero, regT0));
+    }
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+}
+
+void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, unsigned result, unsigned op1, unsigned op2, OperandTypes types, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase)
+{
+    // We assume that subtracting TagTypeNumber is equivalent to adding DoubleEncodeOffset.
+    COMPILE_ASSERT(((JSImmediate::TagTypeNumber + JSImmediate::DoubleEncodeOffset) == 0), TagTypeNumber_PLUS_DoubleEncodeOffset_EQUALS_0);
+    
+    Jump notImm1;
+    Jump notImm2;
+    if (op1HasImmediateIntFastCase) {
+        notImm2 = getSlowCase(iter);
+    } else if (op2HasImmediateIntFastCase) {
+        notImm1 = getSlowCase(iter);
+    } else {
+        notImm1 = getSlowCase(iter);
+        notImm2 = getSlowCase(iter);
+    }
+
+    linkSlowCase(iter); // Integer overflow case - we could handle this in JIT code, but this is likely rare.
+    if (opcodeID == op_mul && !op1HasImmediateIntFastCase && !op2HasImmediateIntFastCase) // op_mul has an extra slow case to handle 0 * negative number.
+        linkSlowCase(iter);
+    emitGetVirtualRegister(op1, regT0);
+
+    Label stubFunctionCall(this);
+    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
+    if (op1HasImmediateIntFastCase || op2HasImmediateIntFastCase) {
+        emitGetVirtualRegister(op1, regT0);
+        emitGetVirtualRegister(op2, regT1);
+    }
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call(result);
+    Jump end = jump();
+
+    if (op1HasImmediateIntFastCase) {
+        notImm2.link(this);
+        if (!types.second().definitelyIsNumber())
+            emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
+        emitGetVirtualRegister(op1, regT1);
+        convertInt32ToDouble(regT1, fpRegT1);
+        addPtr(tagTypeNumberRegister, regT0);
+        movePtrToDouble(regT0, fpRegT2);
+    } else if (op2HasImmediateIntFastCase) {
+        notImm1.link(this);
+        if (!types.first().definitelyIsNumber())
+            emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
+        emitGetVirtualRegister(op2, regT1);
+        convertInt32ToDouble(regT1, fpRegT1);
+        addPtr(tagTypeNumberRegister, regT0);
+        movePtrToDouble(regT0, fpRegT2);
+    } else {
+        // if we get here, eax is not an int32, edx not yet checked.
+        notImm1.link(this);
+        if (!types.first().definitelyIsNumber())
+            emitJumpIfNotImmediateNumber(regT0).linkTo(stubFunctionCall, this);
+        if (!types.second().definitelyIsNumber())
+            emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
+        addPtr(tagTypeNumberRegister, regT0);
+        movePtrToDouble(regT0, fpRegT1);
+        Jump op2isDouble = emitJumpIfNotImmediateInteger(regT1);
+        convertInt32ToDouble(regT1, fpRegT2);
+        Jump op2wasInteger = jump();
+
+        // if we get here, eax IS an int32, edx is not.
+        notImm2.link(this);
+        if (!types.second().definitelyIsNumber())
+            emitJumpIfNotImmediateNumber(regT1).linkTo(stubFunctionCall, this);
+        convertInt32ToDouble(regT0, fpRegT1);
+        op2isDouble.link(this);
+        addPtr(tagTypeNumberRegister, regT1);
+        movePtrToDouble(regT1, fpRegT2);
+        op2wasInteger.link(this);
+    }
+
+    if (opcodeID == op_add)
+        addDouble(fpRegT2, fpRegT1);
+    else if (opcodeID == op_sub)
+        subDouble(fpRegT2, fpRegT1);
+    else if (opcodeID == op_mul)
+        mulDouble(fpRegT2, fpRegT1);
+    else {
+        ASSERT(opcodeID == op_div);
+        divDouble(fpRegT2, fpRegT1);
+    }
+    moveDoubleToPtr(fpRegT1, regT0);
+    subPtr(tagTypeNumberRegister, regT0);
+    emitPutVirtualRegister(result, regT0);
+
+    end.link(this);
+}
+
+void JIT::emit_op_add(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
+        JITStubCall stubCall(this, cti_op_add);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call(result);
+        return;
+    }
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op1)), regT0));
+        emitFastArithIntToImmNoCheck(regT0, regT0);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op2)), regT0));
+        emitFastArithIntToImmNoCheck(regT0, regT0);
+    } else
+        compileBinaryArithOp(op_add, result, op1, op2, types);
+
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber())
+        return;
+
+    bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1);
+    bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2);
+    compileBinaryArithOpSlowCase(op_add, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand), op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
+}
+
+void JIT::emit_op_mul(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    // For now, only plant a fast int case if the constant operand is greater than zero.
+    int32_t value;
+    if (isOperandConstantImmediateInt(op1) && ((value = getConstantOperandImmediateInt(op1)) > 0)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
+        emitFastArithReTagImmediate(regT0, regT0);
+    } else if (isOperandConstantImmediateInt(op2) && ((value = getConstantOperandImmediateInt(op2)) > 0)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
+        emitFastArithReTagImmediate(regT0, regT0);
+    } else
+        compileBinaryArithOp(op_mul, result, op1, op2, types);
+
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1) && getConstantOperandImmediateInt(op1) > 0;
+    bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2) && getConstantOperandImmediateInt(op2) > 0;
+    compileBinaryArithOpSlowCase(op_mul, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand), op1HasImmediateIntFastCase, op2HasImmediateIntFastCase);
+}
+
+void JIT::emit_op_div(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (isOperandConstantImmediateDouble(op1)) {
+        emitGetVirtualRegister(op1, regT0);
+        addPtr(tagTypeNumberRegister, regT0);
+        movePtrToDouble(regT0, fpRegT0);
+    } else if (isOperandConstantImmediateInt(op1)) {
+        emitLoadInt32ToDouble(op1, fpRegT0);
+    } else {
+        emitGetVirtualRegister(op1, regT0);
+        if (!types.first().definitelyIsNumber())
+            emitJumpSlowCaseIfNotImmediateNumber(regT0);
+        Jump notInt = emitJumpIfNotImmediateInteger(regT0);
+        convertInt32ToDouble(regT0, fpRegT0);
+        Jump skipDoubleLoad = jump();
+        notInt.link(this);
+        addPtr(tagTypeNumberRegister, regT0);
+        movePtrToDouble(regT0, fpRegT0);
+        skipDoubleLoad.link(this);
+    }
+    
+    if (isOperandConstantImmediateDouble(op2)) {
+        emitGetVirtualRegister(op2, regT1);
+        addPtr(tagTypeNumberRegister, regT1);
+        movePtrToDouble(regT1, fpRegT1);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitLoadInt32ToDouble(op2, fpRegT1);
+    } else {
+        emitGetVirtualRegister(op2, regT1);
+        if (!types.second().definitelyIsNumber())
+            emitJumpSlowCaseIfNotImmediateNumber(regT1);
+        Jump notInt = emitJumpIfNotImmediateInteger(regT1);
+        convertInt32ToDouble(regT1, fpRegT1);
+        Jump skipDoubleLoad = jump();
+        notInt.link(this);
+        addPtr(tagTypeNumberRegister, regT1);
+        movePtrToDouble(regT1, fpRegT1);
+        skipDoubleLoad.link(this);
+    }
+    divDouble(fpRegT1, fpRegT0);
+
+    JumpList doubleResult;
+    Jump end;
+    bool attemptIntConversion = (!isOperandConstantImmediateInt(op1) || getConstantOperand(op1).asInt32() > 1) && isOperandConstantImmediateInt(op2);
+    if (attemptIntConversion) {
+        m_assembler.cvttsd2si_rr(fpRegT0, regT0);
+        doubleResult.append(branchTest32(Zero, regT0));
+        m_assembler.ucomisd_rr(fpRegT1, fpRegT0);
+        
+        doubleResult.append(m_assembler.jne());
+        doubleResult.append(m_assembler.jp());
+        emitFastArithIntToImmNoCheck(regT0, regT0);
+        end = jump();
+    }
+
+    // Double result.
+    doubleResult.link(this);
+    moveDoubleToPtr(fpRegT0, regT0);
+    subPtr(tagTypeNumberRegister, regT0);
+
+    if (attemptIntConversion)
+        end.link(this);
+    emitPutVirtualRegister(dst, regT0);
+}
+
+void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+    if (types.first().definitelyIsNumber() && types.second().definitelyIsNumber()) {
+#ifndef NDEBUG
+        breakpoint();
+#endif
+        return;
+    }
+    if (!isOperandConstantImmediateDouble(op1) && !isOperandConstantImmediateInt(op1)) {
+        if (!types.first().definitelyIsNumber())
+            linkSlowCase(iter);
+    }
+    if (!isOperandConstantImmediateDouble(op2) && !isOperandConstantImmediateInt(op2)) {
+        if (!types.second().definitelyIsNumber())
+            linkSlowCase(iter);
+    }
+    // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
+    JITStubCall stubCall(this, cti_op_div);
+    stubCall.addArgument(op1, regT2);
+    stubCall.addArgument(op2, regT2);
+    stubCall.call(result);
+}
+
+void JIT::emit_op_sub(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    compileBinaryArithOp(op_sub, result, op1, op2, types);
+    emitPutVirtualRegister(result);
+}
+
+void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    compileBinaryArithOpSlowCase(op_sub, iter, result, op1, op2, types, false, false);
+}
+
+#else // USE(JSVALUE64)
+
+/* ------------------------------ BEGIN: !USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
+
+void JIT::compileBinaryArithOp(OpcodeID opcodeID, unsigned dst, unsigned src1, unsigned src2, OperandTypes types)
+{
+    Structure* numberStructure = m_globalData->numberStructure.get();
+    Jump wasJSNumberCell1;
+    Jump wasJSNumberCell2;
+
+    emitGetVirtualRegisters(src1, regT0, src2, regT1);
+
+    if (types.second().isReusable() && supportsFloatingPoint()) {
+        ASSERT(types.second().mightBeNumber());
+
+        // Check op2 is a number
+        Jump op2imm = emitJumpIfImmediateInteger(regT1);
+        if (!types.second().definitelyIsNumber()) {
+            emitJumpSlowCaseIfNotJSCell(regT1, src2);
+            addSlowCase(checkStructure(regT1, numberStructure));
+        }
+
+        // (1) In this case src2 is a reusable number cell.
+        //     Slow case if src1 is not a number type.
+        Jump op1imm = emitJumpIfImmediateInteger(regT0);
+        if (!types.first().definitelyIsNumber()) {
+            emitJumpSlowCaseIfNotJSCell(regT0, src1);
+            addSlowCase(checkStructure(regT0, numberStructure));
+        }
+
+        // (1a) if we get here, src1 is also a number cell
+        loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+        Jump loadedDouble = jump();
+        // (1b) if we get here, src1 is an immediate
+        op1imm.link(this);
+        emitFastArithImmToInt(regT0);
+        convertInt32ToDouble(regT0, fpRegT0);
+        // (1c) 
+        loadedDouble.link(this);
+        if (opcodeID == op_add)
+            addDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+        else if (opcodeID == op_sub)
+            subDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+        else {
+            ASSERT(opcodeID == op_mul);
+            mulDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+        }
+
+        // Store the result to the JSNumberCell and jump.
+        storeDouble(fpRegT0, Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)));
+        move(regT1, regT0);
+        emitPutVirtualRegister(dst);
+        wasJSNumberCell2 = jump();
+
+        // (2) This handles cases where src2 is an immediate number.
+        //     Two slow cases - either src1 isn't an immediate, or the subtract overflows.
+        op2imm.link(this);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+    } else if (types.first().isReusable() && supportsFloatingPoint()) {
+        ASSERT(types.first().mightBeNumber());
+
+        // Check op1 is a number
+        Jump op1imm = emitJumpIfImmediateInteger(regT0);
+        if (!types.first().definitelyIsNumber()) {
+            emitJumpSlowCaseIfNotJSCell(regT0, src1);
+            addSlowCase(checkStructure(regT0, numberStructure));
+        }
+
+        // (1) In this case src1 is a reusable number cell.
+        //     Slow case if src2 is not a number type.
+        Jump op2imm = emitJumpIfImmediateInteger(regT1);
+        if (!types.second().definitelyIsNumber()) {
+            emitJumpSlowCaseIfNotJSCell(regT1, src2);
+            addSlowCase(checkStructure(regT1, numberStructure));
+        }
+
+        // (1a) if we get here, src2 is also a number cell
+        loadDouble(Address(regT1, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT1);
+        Jump loadedDouble = jump();
+        // (1b) if we get here, src2 is an immediate
+        op2imm.link(this);
+        emitFastArithImmToInt(regT1);
+        convertInt32ToDouble(regT1, fpRegT1);
+        // (1c) 
+        loadedDouble.link(this);
+        loadDouble(Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)), fpRegT0);
+        if (opcodeID == op_add)
+            addDouble(fpRegT1, fpRegT0);
+        else if (opcodeID == op_sub)
+            subDouble(fpRegT1, fpRegT0);
+        else {
+            ASSERT(opcodeID == op_mul);
+            mulDouble(fpRegT1, fpRegT0);
+        }
+        storeDouble(fpRegT0, Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)));
+        emitPutVirtualRegister(dst);
+
+        // Store the result to the JSNumberCell and jump.
+        storeDouble(fpRegT0, Address(regT0, OBJECT_OFFSETOF(JSNumberCell, m_value)));
+        emitPutVirtualRegister(dst);
+        wasJSNumberCell1 = jump();
+
+        // (2) This handles cases where src1 is an immediate number.
+        //     Two slow cases - either src2 isn't an immediate, or the subtract overflows.
+        op1imm.link(this);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+    } else
+        emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
+
+    if (opcodeID == op_add) {
+        emitFastArithDeTagImmediate(regT0);
+        addSlowCase(branchAdd32(Overflow, regT1, regT0));
+    } else  if (opcodeID == op_sub) {
+        addSlowCase(branchSub32(Overflow, regT1, regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitFastArithReTagImmediate(regT0, regT0);
+    } else {
+        ASSERT(opcodeID == op_mul);
+        // convert eax & edx from JSImmediates to ints, and check if either are zero
+        emitFastArithImmToInt(regT1);
+        Jump op1Zero = emitFastArithDeTagImmediateJumpIfZero(regT0);
+        Jump op2NonZero = branchTest32(NonZero, regT1);
+        op1Zero.link(this);
+        // if either input is zero, add the two together, and check if the result is < 0.
+        // If it is, we have a problem (N < 0), (N * 0) == -0, not representatble as a JSImmediate. 
+        move(regT0, regT2);
+        addSlowCase(branchAdd32(Signed, regT1, regT2));
+        // Skip the above check if neither input is zero
+        op2NonZero.link(this);
+        addSlowCase(branchMul32(Overflow, regT1, regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitFastArithReTagImmediate(regT0, regT0);
+    }
+    emitPutVirtualRegister(dst);
+
+    if (types.second().isReusable() && supportsFloatingPoint())
+        wasJSNumberCell2.link(this);
+    else if (types.first().isReusable() && supportsFloatingPoint())
+        wasJSNumberCell1.link(this);
+}
+
+void JIT::compileBinaryArithOpSlowCase(OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, unsigned dst, unsigned src1, unsigned src2, OperandTypes types)
+{
+    linkSlowCase(iter);
+    if (types.second().isReusable() && supportsFloatingPoint()) {
+        if (!types.first().definitelyIsNumber()) {
+            linkSlowCaseIfNotJSCell(iter, src1);
+            linkSlowCase(iter);
+        }
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCaseIfNotJSCell(iter, src2);
+            linkSlowCase(iter);
+        }
+    } else if (types.first().isReusable() && supportsFloatingPoint()) {
+        if (!types.first().definitelyIsNumber()) {
+            linkSlowCaseIfNotJSCell(iter, src1);
+            linkSlowCase(iter);
+        }
+        if (!types.second().definitelyIsNumber()) {
+            linkSlowCaseIfNotJSCell(iter, src2);
+            linkSlowCase(iter);
+        }
+    }
+    linkSlowCase(iter);
+
+    // additional entry point to handle -0 cases.
+    if (opcodeID == op_mul)
+        linkSlowCase(iter);
+
+    JITStubCall stubCall(this, opcodeID == op_add ? cti_op_add : opcodeID == op_sub ? cti_op_sub : cti_op_mul);
+    stubCall.addArgument(src1, regT2);
+    stubCall.addArgument(src2, regT2);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_add(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
+        JITStubCall stubCall(this, cti_op_add);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call(result);
+        return;
+    }
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op1) << JSImmediate::IntegerPayloadShift), regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitPutVirtualRegister(result);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        addSlowCase(branchAdd32(Overflow, Imm32(getConstantOperandImmediateInt(op2) << JSImmediate::IntegerPayloadShift), regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitPutVirtualRegister(result);
+    } else {
+        compileBinaryArithOp(op_add, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
+    }
+}
+
+void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+    if (!types.first().mightBeNumber() || !types.second().mightBeNumber())
+        return;
+
+    if (isOperandConstantImmediateInt(op1)) {
+        Jump notImm = getSlowCase(iter);
+        linkSlowCase(iter);
+        sub32(Imm32(getConstantOperandImmediateInt(op1) << JSImmediate::IntegerPayloadShift), regT0);
+        notImm.link(this);
+        JITStubCall stubCall(this, cti_op_add);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT0);
+        stubCall.call(result);
+    } else if (isOperandConstantImmediateInt(op2)) {
+        Jump notImm = getSlowCase(iter);
+        linkSlowCase(iter);
+        sub32(Imm32(getConstantOperandImmediateInt(op2) << JSImmediate::IntegerPayloadShift), regT0);
+        notImm.link(this);
+        JITStubCall stubCall(this, cti_op_add);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call(result);
+    } else {
+        OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+        ASSERT(types.first().mightBeNumber() && types.second().mightBeNumber());
+        compileBinaryArithOpSlowCase(op_add, iter, result, op1, op2, types);
+    }
+}
+
+void JIT::emit_op_mul(Instruction* currentInstruction)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    // For now, only plant a fast int case if the constant operand is greater than zero.
+    int32_t value;
+    if (isOperandConstantImmediateInt(op1) && ((value = getConstantOperandImmediateInt(op1)) > 0)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitFastArithDeTagImmediate(regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitFastArithReTagImmediate(regT0, regT0);
+        emitPutVirtualRegister(result);
+    } else if (isOperandConstantImmediateInt(op2) && ((value = getConstantOperandImmediateInt(op2)) > 0)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitFastArithDeTagImmediate(regT0);
+        addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT0));
+        signExtend32ToPtr(regT0, regT0);
+        emitFastArithReTagImmediate(regT0, regT0);
+        emitPutVirtualRegister(result);
+    } else
+        compileBinaryArithOp(op_mul, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
+}
+
+void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned result = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+
+    if ((isOperandConstantImmediateInt(op1) && (getConstantOperandImmediateInt(op1) > 0))
+        || (isOperandConstantImmediateInt(op2) && (getConstantOperandImmediateInt(op2) > 0))) {
+        linkSlowCase(iter);
+        linkSlowCase(iter);
+        // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
+        JITStubCall stubCall(this, cti_op_mul);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call(result);
+    } else
+        compileBinaryArithOpSlowCase(op_mul, iter, result, op1, op2, OperandTypes::fromInt(currentInstruction[4].u.operand));
+}
+
+void JIT::emit_op_sub(Instruction* currentInstruction)
+{
+    compileBinaryArithOp(op_sub, currentInstruction[1].u.operand, currentInstruction[2].u.operand, currentInstruction[3].u.operand, OperandTypes::fromInt(currentInstruction[4].u.operand));
+}
+
+void JIT::emitSlow_op_sub(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileBinaryArithOpSlowCase(op_sub, iter, currentInstruction[1].u.operand, currentInstruction[2].u.operand, currentInstruction[3].u.operand, OperandTypes::fromInt(currentInstruction[4].u.operand));
+}
+
+#endif // USE(JSVALUE64)
+
+/* ------------------------------ END: OP_ADD, OP_SUB, OP_MUL ------------------------------ */
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCall.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCall.cpp
new file mode 100644
index 000000000..f4f6e6253
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCall.cpp
@@ -0,0 +1,726 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JIT.h"
+
+#if ENABLE(JIT)
+
+#include "CodeBlock.h"
+#include "JITInlineMethods.h"
+#include "JITStubCall.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "ResultType.h"
+#include "SamplingTool.h"
+
+#ifndef NDEBUG
+#include <stdio.h>
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::compileOpCallInitializeCallFrame()
+{
+    // regT0 holds callee, regT1 holds argCount
+    store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // scopeChain
+
+    emitStore(static_cast<unsigned>(RegisterFile::OptionalCalleeArguments), JSValue());
+    storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register)))); // callee
+    storePtr(regT1, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register)))); // scopeChain
+}
+
+void JIT::compileOpCallSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    emitPutJITStubArg(regT1, regT0, 0);
+    emitPutJITStubArgConstant(registerOffset, 1);
+    emitPutJITStubArgConstant(argCount, 2);
+}
+          
+void JIT::compileOpConstructSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+    int proto = instruction[5].u.operand;
+    int thisRegister = instruction[6].u.operand;
+
+    emitPutJITStubArg(regT1, regT0, 0);
+    emitPutJITStubArgConstant(registerOffset, 1);
+    emitPutJITStubArgConstant(argCount, 2);
+    emitPutJITStubArgFromVirtualRegister(proto, 3, regT2, regT3);
+    emitPutJITStubArgConstant(thisRegister, 4);
+}
+
+void JIT::compileOpCallVarargsSetupArgs(Instruction*)
+{
+    emitPutJITStubArg(regT1, regT0, 0);
+    emitPutJITStubArg(regT3, 1); // registerOffset
+    emitPutJITStubArg(regT2, 2); // argCount
+}
+
+void JIT::compileOpCallVarargs(Instruction* instruction)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCountRegister = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    emitLoad(callee, regT1, regT0);
+    emitLoadPayload(argCountRegister, regT2); // argCount
+    addPtr(Imm32(registerOffset), regT2, regT3); // registerOffset
+
+    compileOpCallVarargsSetupArgs(instruction);
+
+    emitJumpSlowCaseIfNotJSCell(callee, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    mul32(Imm32(sizeof(Register)), regT3, regT3);
+    addPtr(callFrameRegister, regT3);
+    storePtr(callFrameRegister, Address(regT3, RegisterFile::CallerFrame * static_cast<int>(sizeof(Register))));
+    move(regT3, callFrameRegister);
+
+    move(regT2, regT1); // argCount
+
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    emitStore(dst, regT1, regT0);
+    
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, callee);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_call_varargs), dst, regT1, regT0);
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::emit_op_ret(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+#ifdef QT_BUILD_SCRIPT_LIB
+    JITStubCall stubCall(this, cti_op_debug_return);
+    stubCall.addArgument(Imm32(dst));
+    stubCall.call();
+#endif
+
+    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_ret_scopeChain).call();
+
+    emitLoad(dst, regT1, regT0);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+}
+
+void JIT::emit_op_construct_verify(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+
+    emitLoad(dst, regT1, regT0);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
+}
+
+void JIT::emitSlow_op_construct_verify(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    emitLoad(src, regT1, regT0);
+    emitStore(dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_call(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call);
+}
+
+void JIT::emitSlow_op_call_eval(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call_eval);
+}
+
+void JIT::emitSlow_op_call_varargs(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallVarargsSlowCase(currentInstruction, iter);
+}
+
+void JIT::emitSlow_op_construct(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_construct);
+}
+
+void JIT::emit_op_call(Instruction* currentInstruction)
+{
+    compileOpCall(op_call, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_call_eval(Instruction* currentInstruction)
+{
+    compileOpCall(op_call_eval, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_load_varargs(Instruction* currentInstruction)
+{
+    int argCountDst = currentInstruction[1].u.operand;
+    int argsOffset = currentInstruction[2].u.operand;
+
+    JITStubCall stubCall(this, cti_op_load_varargs);
+    stubCall.addArgument(Imm32(argsOffset));
+    stubCall.call();
+    // Stores a naked int32 in the register file.
+    store32(returnValueRegister, Address(callFrameRegister, argCountDst * sizeof(Register)));
+}
+
+void JIT::emit_op_call_varargs(Instruction* currentInstruction)
+{
+    compileOpCallVarargs(currentInstruction);
+}
+
+void JIT::emit_op_construct(Instruction* currentInstruction)
+{
+    compileOpCall(op_construct, currentInstruction, m_callLinkInfoIndex++);
+}
+
+#if !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    Jump wasEval;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval = branch32(Equal, regT1, Imm32(JSValue::EmptyValueTag));
+    }
+
+    emitLoad(callee, regT1, regT2);
+
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    emitJumpSlowCaseIfNotJSCell(callee, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitLoad(callee, regT1, regT2);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    if (opcodeID == op_call_eval)
+        wasEval.link(this);
+
+    emitStore(dst, regT1, regT0);;
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, callee);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned callLinkInfoIndex)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    Jump wasEval;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval = branch32(NotEqual, regT1, Imm32(JSValue::EmptyValueTag));
+    }
+
+    emitLoad(callee, regT1, regT0);
+
+    DataLabelPtr addressOfLinkedFunctionCheck;
+    Jump jumpToSlow = branchPtrWithPatch(NotEqual, regT0, addressOfLinkedFunctionCheck, ImmPtr(0));
+    addSlowCase(jumpToSlow);
+    ASSERT(differenceBetween(addressOfLinkedFunctionCheck, jumpToSlow) == patchOffsetOpCallCompareToJump);
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    // The following is the fast case, only used whan a callee can be linked.
+
+    // In the case of OpConstruct, call out to a cti_ function to create the new object.
+    if (opcodeID == op_construct) {
+        int proto = instruction[5].u.operand;
+        int thisRegister = instruction[6].u.operand;
+
+        JITStubCall stubCall(this, cti_op_construct_JSConstruct);
+        stubCall.addArgument(regT1, regT0);
+        stubCall.addArgument(Imm32(0)); // FIXME: Remove this unused JITStub argument.
+        stubCall.addArgument(Imm32(0)); // FIXME: Remove this unused JITStub argument.
+        stubCall.addArgument(proto);
+        stubCall.call(thisRegister);
+
+        emitLoad(callee, regT1, regT0);
+    }
+
+    // Fast version of stack frame initialization, directly relative to edi.
+    // Note that this omits to set up RegisterFile::CodeBlock, which is set in the callee
+    emitStore(registerOffset + RegisterFile::OptionalCalleeArguments, JSValue());
+    emitStore(registerOffset + RegisterFile::Callee, regT1, regT0);
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // newScopeChain
+    store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));
+    storePtr(callFrameRegister, Address(callFrameRegister, (registerOffset + RegisterFile::CallerFrame) * static_cast<int>(sizeof(Register))));
+    storePtr(regT1, Address(callFrameRegister, (registerOffset + RegisterFile::ScopeChain) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * sizeof(Register)), callFrameRegister);
+
+    // Call to the callee
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();
+    
+    if (opcodeID == op_call_eval)
+        wasEval.link(this);
+
+    // Put the return value in dst. In the interpreter, op_ret does this.
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + opcodeLengths[opcodeID], dst, regT1, regT0);
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    // The arguments have been set up on the hot path for op_call_eval
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    // Fast check for JS function.
+    Jump callLinkFailNotObject = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    Jump callLinkFailNotJSFunction = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitLoad(callee, regT1, regT0);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].callReturnLocation = emitNakedCall(m_globalData->jitStubs.ctiVirtualCallLink());
+
+    // Put the return value in dst.
+    emitStore(dst, regT1, regT0);;
+    sampleCodeBlock(m_codeBlock);
+
+    // If not, we need an extra case in the if below!
+    ASSERT(OPCODE_LENGTH(op_call) == OPCODE_LENGTH(op_call_eval));
+
+    // Done! - return back to the hot path.
+    if (opcodeID == op_construct)
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_construct));
+    else
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_call));
+
+    // This handles host functions
+    callLinkFailNotObject.link(this);
+    callLinkFailNotJSFunction.link(this);
+    JITStubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction).call();
+
+    emitStore(dst, regT1, regT0);;
+    sampleCodeBlock(m_codeBlock);
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_CALL)
+
+#else // USE(JSVALUE32_64)
+
+void JIT::compileOpCallInitializeCallFrame()
+{
+    store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // newScopeChain
+
+    storePtr(ImmPtr(JSValue::encode(JSValue())), Address(callFrameRegister, RegisterFile::OptionalCalleeArguments * static_cast<int>(sizeof(Register))));
+    storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register))));
+    storePtr(regT1, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register))));
+}
+
+void JIT::compileOpCallSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    // ecx holds func
+    emitPutJITStubArg(regT0, 0);
+    emitPutJITStubArgConstant(argCount, 2);
+    emitPutJITStubArgConstant(registerOffset, 1);
+}
+          
+void JIT::compileOpCallVarargsSetupArgs(Instruction* instruction)
+{
+    int registerOffset = instruction[4].u.operand;
+    
+    // ecx holds func
+    emitPutJITStubArg(regT0, 0);
+    emitPutJITStubArg(regT1, 2);
+    addPtr(Imm32(registerOffset), regT1, regT2);
+    emitPutJITStubArg(regT2, 1);
+}
+
+void JIT::compileOpConstructSetupArgs(Instruction* instruction)
+{
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+    int proto = instruction[5].u.operand;
+    int thisRegister = instruction[6].u.operand;
+
+    // ecx holds func
+    emitPutJITStubArg(regT0, 0);
+    emitPutJITStubArgConstant(registerOffset, 1);
+    emitPutJITStubArgConstant(argCount, 2);
+    emitPutJITStubArgFromVirtualRegister(proto, 3, regT2);
+    emitPutJITStubArgConstant(thisRegister, 4);
+}
+
+void JIT::compileOpCallVarargs(Instruction* instruction)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCountRegister = instruction[3].u.operand;
+
+    emitGetVirtualRegister(argCountRegister, regT1);
+    emitGetVirtualRegister(callee, regT0);
+    compileOpCallVarargsSetupArgs(instruction);
+
+    // Check for JSFunctions.
+    emitJumpSlowCaseIfNotJSCell(regT0);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    mul32(Imm32(sizeof(Register)), regT2, regT2);
+    intptr_t offset = (intptr_t)sizeof(Register) * (intptr_t)RegisterFile::CallerFrame;
+    addPtr(Imm32((int32_t)offset), regT2, regT3);
+    addPtr(callFrameRegister, regT3);
+    storePtr(callFrameRegister, regT3);
+    addPtr(regT2, callFrameRegister);
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    // Put the return value in dst. In the interpreter, op_ret does this.
+    emitPutVirtualRegister(dst);
+    
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallVarargsSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = instruction[1].u.operand;
+    
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+    
+    sampleCodeBlock(m_codeBlock);
+}
+    
+#if !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    // Handle eval
+    Jump wasEval;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee, regT0);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval = branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(JSValue())));
+    }
+
+    emitGetVirtualRegister(callee, regT0);
+    // The arguments have been set up on the hot path for op_call_eval
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    // Check for JSFunctions.
+    emitJumpSlowCaseIfNotJSCell(regT0);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr)));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitGetVirtualRegister(callee, regT0);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    emitNakedCall(m_globalData->jitStubs.ctiVirtualCall());
+
+    if (opcodeID == op_call_eval)
+        wasEval.link(this);
+
+    // Put the return value in dst. In the interpreter, op_ret does this.
+    emitPutVirtualRegister(dst);
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction);
+    stubCall.call(dst); // In the interpreter, the callee puts the return value in dst.
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_CALL)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned callLinkInfoIndex)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    // Handle eval
+    Jump wasEval;
+    if (opcodeID == op_call_eval) {
+        JITStubCall stubCall(this, cti_op_call_eval);
+        stubCall.addArgument(callee, regT0);
+        stubCall.addArgument(JIT::Imm32(registerOffset));
+        stubCall.addArgument(JIT::Imm32(argCount));
+        stubCall.call();
+        wasEval = branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(JSValue())));
+    }
+
+    // This plants a check for a cached JSFunction value, so we can plant a fast link to the callee.
+    // This deliberately leaves the callee in ecx, used when setting up the stack frame below
+    emitGetVirtualRegister(callee, regT0);
+    DataLabelPtr addressOfLinkedFunctionCheck;
+
+    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceOpCall);
+
+    Jump jumpToSlow = branchPtrWithPatch(NotEqual, regT0, addressOfLinkedFunctionCheck, ImmPtr(JSValue::encode(JSValue())));
+
+    END_UNINTERRUPTED_SEQUENCE(sequenceOpCall);
+
+    addSlowCase(jumpToSlow);
+    ASSERT(differenceBetween(addressOfLinkedFunctionCheck, jumpToSlow) == patchOffsetOpCallCompareToJump);
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
+
+    // The following is the fast case, only used whan a callee can be linked.
+
+    // In the case of OpConstruct, call out to a cti_ function to create the new object.
+    if (opcodeID == op_construct) {
+        int proto = instruction[5].u.operand;
+        int thisRegister = instruction[6].u.operand;
+
+        emitPutJITStubArg(regT0, 0);
+        emitPutJITStubArgFromVirtualRegister(proto, 3, regT2);
+        JITStubCall stubCall(this, cti_op_construct_JSConstruct);
+        stubCall.call(thisRegister);
+        emitGetVirtualRegister(callee, regT0);
+    }
+
+    // Fast version of stack frame initialization, directly relative to edi.
+    // Note that this omits to set up RegisterFile::CodeBlock, which is set in the callee
+    storePtr(ImmPtr(JSValue::encode(JSValue())), Address(callFrameRegister, (registerOffset + RegisterFile::OptionalCalleeArguments) * static_cast<int>(sizeof(Register))));
+    storePtr(regT0, Address(callFrameRegister, (registerOffset + RegisterFile::Callee) * static_cast<int>(sizeof(Register))));
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_data) + OBJECT_OFFSETOF(ScopeChain, m_node)), regT1); // newScopeChain
+    store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));
+    storePtr(callFrameRegister, Address(callFrameRegister, (registerOffset + RegisterFile::CallerFrame) * static_cast<int>(sizeof(Register))));
+    storePtr(regT1, Address(callFrameRegister, (registerOffset + RegisterFile::ScopeChain) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * sizeof(Register)), callFrameRegister);
+
+    // Call to the callee
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();
+    
+    if (opcodeID == op_call_eval)
+        wasEval.link(this);
+
+    // Put the return value in dst. In the interpreter, op_ret does this.
+    emitPutVirtualRegister(dst);
+
+    sampleCodeBlock(m_codeBlock);
+}
+
+void JIT::compileOpCallSlowCase(Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter, unsigned callLinkInfoIndex, OpcodeID opcodeID)
+{
+    int dst = instruction[1].u.operand;
+    int callee = instruction[2].u.operand;
+    int argCount = instruction[3].u.operand;
+    int registerOffset = instruction[4].u.operand;
+
+    linkSlowCase(iter);
+
+    // The arguments have been set up on the hot path for op_call_eval
+    if (opcodeID == op_call)
+        compileOpCallSetupArgs(instruction);
+    else if (opcodeID == op_construct)
+        compileOpConstructSetupArgs(instruction);
+
+    // Fast check for JS function.
+    Jump callLinkFailNotObject = emitJumpIfNotJSCell(regT0);
+    Jump callLinkFailNotJSFunction = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsFunctionVPtr));
+
+    // First, in the case of a construct, allocate the new object.
+    if (opcodeID == op_construct) {
+        JITStubCall(this, cti_op_construct_JSConstruct).call(registerOffset - RegisterFile::CallFrameHeaderSize - argCount);
+        emitGetVirtualRegister(callee, regT0);
+    }
+
+    // Speculatively roll the callframe, assuming argCount will match the arity.
+    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
+    move(Imm32(argCount), regT1);
+
+    move(regT0, regT2);
+
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].callReturnLocation = emitNakedCall(m_globalData->jitStubs.ctiVirtualCallLink());
+
+    // Put the return value in dst.
+    emitPutVirtualRegister(dst);
+    sampleCodeBlock(m_codeBlock);
+
+    // If not, we need an extra case in the if below!
+    ASSERT(OPCODE_LENGTH(op_call) == OPCODE_LENGTH(op_call_eval));
+
+    // Done! - return back to the hot path.
+    if (opcodeID == op_construct)
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_construct));
+    else
+        emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_call));
+
+    // This handles host functions
+    callLinkFailNotObject.link(this);
+    callLinkFailNotJSFunction.link(this);
+    JITStubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction).call();
+
+    emitPutVirtualRegister(dst);
+    sampleCodeBlock(m_codeBlock);
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_CALL) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_CALL)
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h
new file mode 100644
index 000000000..69cf16728
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JITCode_h
+#define JITCode_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(JIT)
+
+#include "CallFrame.h"
+#include "JSValue.h"
+#include "MacroAssemblerCodeRef.h"
+#include "Profiler.h"
+
+namespace JSC {
+
+    class JSGlobalData;
+    class RegisterFile;
+
+    class JITCode {
+        typedef MacroAssemblerCodeRef CodeRef;
+        typedef MacroAssemblerCodePtr CodePtr;
+    public:
+        JITCode()
+        {
+        }
+
+        JITCode(const CodeRef ref)
+            : m_ref(ref)
+        {
+        }
+
+        bool operator !() const
+        {
+            return !m_ref.m_code.executableAddress();
+        }
+
+        CodePtr addressForCall()
+        {
+            return m_ref.m_code;
+        }
+
+        // This function returns the offset in bytes of 'pointerIntoCode' into
+        // this block of code.  The pointer provided must be a pointer into this
+        // block of code.  It is ASSERTed that no codeblock >4gb in size.
+        unsigned offsetOf(void* pointerIntoCode)
+        {
+            intptr_t result = reinterpret_cast<intptr_t>(pointerIntoCode) - reinterpret_cast<intptr_t>(m_ref.m_code.executableAddress());
+            ASSERT(static_cast<intptr_t>(static_cast<unsigned>(result)) == result);
+            return static_cast<unsigned>(result);
+        }
+
+        // Execute the code!
+        inline JSValue execute(RegisterFile* registerFile, CallFrame* callFrame, JSGlobalData* globalData, JSValue* exception)
+        {
+            return JSValue::decode(ctiTrampoline(m_ref.m_code.executableAddress(), registerFile, callFrame, exception, Profiler::enabledProfilerReference(), globalData));
+        }
+
+        void* start()
+        {
+            return m_ref.m_code.dataLocation();
+        }
+
+        size_t size()
+        {
+            ASSERT(m_ref.m_code.executableAddress());
+            return m_ref.m_size;
+        }
+
+        ExecutablePool* getExecutablePool()
+        {
+            return m_ref.m_executablePool.get();
+        }
+
+        // Host functions are a bit special; they have a m_code pointer but they
+        // do not individully ref the executable pool containing the trampoline.
+        static JITCode HostFunction(CodePtr code)
+        {
+            return JITCode(code.dataLocation(), 0, 0);
+        }
+
+    private:
+        JITCode(void* code, PassRefPtr<ExecutablePool> executablePool, size_t size)
+            : m_ref(code, executablePool, size)
+        {
+        }
+
+        CodeRef m_ref;
+    };
+
+};
+
+#endif
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITInlineMethods.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITInlineMethods.h
new file mode 100644
index 000000000..f26457ab0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITInlineMethods.h
@@ -0,0 +1,870 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JITInlineMethods_h
+#define JITInlineMethods_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(JIT)
+
+namespace JSC {
+
+/* Deprecated: Please use JITStubCall instead. */
+
+// puts an arg onto the stack, as an arg to a context threaded function.
+ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID src, unsigned argumentNumber)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    poke(src, argumentStackOffset);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    poke(Imm32(value), argumentStackOffset);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(void* value, unsigned argumentNumber)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    poke(ImmPtr(value), argumentStackOffset);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    peek(dst, argumentStackOffset);
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateDouble(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isDouble();
+}
+
+ALWAYS_INLINE JSValue JIT::getConstantOperand(unsigned src)
+{
+    ASSERT(m_codeBlock->isConstantRegisterIndex(src));
+    return m_codeBlock->getConstant(src);
+}
+
+ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
+{
+    storePtr(from, Address(callFrameRegister, entry * sizeof(Register)));
+}
+
+ALWAYS_INLINE void JIT::emitPutImmediateToCallFrameHeader(void* value, RegisterFile::CallFrameHeaderEntry entry)
+{
+    storePtr(ImmPtr(value), Address(callFrameRegister, entry * sizeof(Register)));
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeaderPtr(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    loadPtr(Address(from, entry * sizeof(Register)), to);
+#if !USE(JSVALUE32_64)
+    killLastResultRegister();
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitGetFromCallFrameHeader32(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from)
+{
+    load32(Address(from, entry * sizeof(Register)), to);
+#if !USE(JSVALUE32_64)
+    killLastResultRegister();
+#endif
+}
+
+ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    Call nakedCall = nearCall();
+    m_calls.append(CallRecord(nakedCall, m_bytecodeIndex, function.executableAddress()));
+    return nakedCall;
+}
+
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+
+ALWAYS_INLINE void JIT::beginUninterruptedSequence(int insnSpace, int constSpace)
+{
+#if PLATFORM(ARM_TRADITIONAL)
+#ifndef NDEBUG
+    // Ensure the label after the sequence can also fit
+    insnSpace += sizeof(ARMWord);
+    constSpace += sizeof(uint64_t);
+#endif
+
+    ensureSpace(insnSpace, constSpace);
+
+#endif
+
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+#ifndef NDEBUG
+    m_uninterruptedInstructionSequenceBegin = label();
+    m_uninterruptedConstantSequenceBegin = sizeOfConstantPool();
+#endif
+#endif
+}
+
+ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace)
+{
+#if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
+    ASSERT(differenceBetween(m_uninterruptedInstructionSequenceBegin, label()) == insnSpace);
+    ASSERT(sizeOfConstantPool() - m_uninterruptedConstantSequenceBegin == constSpace);
+#endif
+}
+
+#endif
+
+#if PLATFORM(ARM_THUMB2)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    move(linkRegister, reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    move(reg, linkRegister);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    loadPtr(address, linkRegister);
+}
+
+#else // PLATFORM(X86) || PLATFORM(X86_64) || PLATFORM(ARM_TRADITIONAL)
+
+ALWAYS_INLINE void JIT::preserveReturnAddressAfterCall(RegisterID reg)
+{
+    pop(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(RegisterID reg)
+{
+    push(reg);
+}
+
+ALWAYS_INLINE void JIT::restoreReturnAddressBeforeReturn(Address address)
+{
+    push(address);
+}
+
+#endif
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+ALWAYS_INLINE void JIT::restoreArgumentReference()
+{
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+}
+ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline() {}
+#else
+ALWAYS_INLINE void JIT::restoreArgumentReference()
+{
+    move(stackPointerRegister, firstArgumentRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+#if PLATFORM(ARM_TRADITIONAL)
+    move(ctiReturnRegister, ARMRegisters::lr);
+#endif
+}
+ALWAYS_INLINE void JIT::restoreArgumentReferenceForTrampoline()
+{
+#if PLATFORM(X86)
+    // Within a trampoline the return address will be on the stack at this point.
+    addPtr(Imm32(sizeof(void*)), stackPointerRegister, firstArgumentRegister);
+#elif PLATFORM(ARM_THUMB2)
+    move(stackPointerRegister, firstArgumentRegister);
+#endif
+    // In the trampoline on x86-64, the first argument register is not overwritten.
+}
+#endif
+
+ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
+{
+    return branchPtr(NotEqual, Address(reg, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(structure));
+}
+
+ALWAYS_INLINE void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        linkSlowCase(iter);
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(Jump jump)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    m_slowCases.append(SlowCaseEntry(jump, m_bytecodeIndex));
+}
+
+ALWAYS_INLINE void JIT::addSlowCase(JumpList jumpList)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    const JumpList::JumpVector& jumpVector = jumpList.jumps();
+    size_t size = jumpVector.size();
+    for (size_t i = 0; i < size; ++i)
+        m_slowCases.append(SlowCaseEntry(jumpVector[i], m_bytecodeIndex));
+}
+
+ALWAYS_INLINE void JIT::addJump(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    m_jmpTable.append(JumpTable(jump, m_bytecodeIndex + relativeOffset));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowToHot(Jump jump, int relativeOffset)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    jump.linkTo(m_labels[m_bytecodeIndex + relativeOffset], this);
+}
+
+#if ENABLE(SAMPLING_FLAGS)
+ALWAYS_INLINE void JIT::setSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    or32(Imm32(1u << (flag - 1)), AbsoluteAddress(&SamplingFlags::s_flags));
+}
+
+ALWAYS_INLINE void JIT::clearSamplingFlag(int32_t flag)
+{
+    ASSERT(flag >= 1);
+    ASSERT(flag <= 32);
+    and32(Imm32(~(1u << (flag - 1))), AbsoluteAddress(&SamplingFlags::s_flags));
+}
+#endif
+
+#if ENABLE(SAMPLING_COUNTERS)
+ALWAYS_INLINE void JIT::emitCount(AbstractSamplingCounter& counter, uint32_t count)
+{
+#if PLATFORM(X86_64) // Or any other 64-bit plattform.
+    addPtr(Imm32(count), AbsoluteAddress(&counter.m_counter));
+#elif PLATFORM(X86) // Or any other little-endian 32-bit plattform.
+    intptr_t hiWord = reinterpret_cast<intptr_t>(&counter.m_counter) + sizeof(int32_t);
+    add32(Imm32(count), AbsoluteAddress(&counter.m_counter));
+    addWithCarry32(Imm32(0), AbsoluteAddress(reinterpret_cast<void*>(hiWord)));
+#else
+#error "SAMPLING_FLAGS not implemented on this platform."
+#endif
+}
+#endif
+
+#if ENABLE(OPCODE_SAMPLING)
+#if PLATFORM(X86_64)
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    move(ImmPtr(m_interpreter->sampler()->sampleSlot()), X86Registers::ecx);
+    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), X86Registers::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleInstruction(Instruction* instruction, bool inHostFunction)
+{
+    storePtr(ImmPtr(m_interpreter->sampler()->encodeSample(instruction, inHostFunction)), m_interpreter->sampler()->sampleSlot());
+}
+#endif
+#endif
+
+#if ENABLE(CODEBLOCK_SAMPLING)
+#if PLATFORM(X86_64)
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    move(ImmPtr(m_interpreter->sampler()->codeBlockSlot()), X86Registers::ecx);
+    storePtr(ImmPtr(codeBlock), X86Registers::ecx);
+}
+#else
+ALWAYS_INLINE void JIT::sampleCodeBlock(CodeBlock* codeBlock)
+{
+    storePtr(ImmPtr(codeBlock), m_interpreter->sampler()->codeBlockSlot());
+}
+#endif
+#endif
+
+inline JIT::Address JIT::addressFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)));
+}
+
+#if USE(JSVALUE32_64)
+
+inline JIT::Address JIT::tagFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.tag));
+}
+
+inline JIT::Address JIT::payloadFor(unsigned index, RegisterID base)
+{
+    return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.payload));
+}
+
+inline void JIT::emitLoadTag(unsigned index, RegisterID tag)
+{
+    RegisterID mappedTag;
+    if (getMappedTag(index, mappedTag)) {
+        move(mappedTag, tag);
+        unmap(tag);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).tag()), tag);
+        unmap(tag);
+        return;
+    }
+
+    load32(tagFor(index), tag);
+    unmap(tag);
+}
+
+inline void JIT::emitLoadPayload(unsigned index, RegisterID payload)
+{
+    RegisterID mappedPayload;
+    if (getMappedPayload(index, mappedPayload)) {
+        move(mappedPayload, payload);
+        unmap(payload);
+        return;
+    }
+
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        move(Imm32(getConstantOperand(index).payload()), payload);
+        unmap(payload);
+        return;
+    }
+
+    load32(payloadFor(index), payload);
+    unmap(payload);
+}
+
+inline void JIT::emitLoad(const JSValue& v, RegisterID tag, RegisterID payload)
+{
+    move(Imm32(v.payload()), payload);
+    move(Imm32(v.tag()), tag);
+}
+
+inline void JIT::emitLoad(unsigned index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    ASSERT(tag != payload);
+
+    if (base == callFrameRegister) {
+        ASSERT(payload != base);
+        emitLoadPayload(index, payload);
+        emitLoadTag(index, tag);
+        return;
+    }
+
+    if (payload == base) { // avoid stomping base
+        load32(tagFor(index, base), tag);
+        load32(payloadFor(index, base), payload);
+        return;
+    }
+
+    load32(payloadFor(index, base), payload);
+    load32(tagFor(index, base), tag);
+}
+
+inline void JIT::emitLoad2(unsigned index1, RegisterID tag1, RegisterID payload1, unsigned index2, RegisterID tag2, RegisterID payload2)
+{
+    if (isMapped(index1)) {
+        emitLoad(index1, tag1, payload1);
+        emitLoad(index2, tag2, payload2);
+        return;
+    }
+    emitLoad(index2, tag2, payload2);
+    emitLoad(index1, tag1, payload1);
+}
+
+inline void JIT::emitLoadDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        loadDouble(&inConstantPool, value);
+    } else
+        loadDouble(addressFor(index), value);
+}
+
+inline void JIT::emitLoadInt32ToDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        char* bytePointer = reinterpret_cast<char*>(&inConstantPool);
+        convertInt32ToDouble(AbsoluteAddress(bytePointer + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), value);
+    } else
+        convertInt32ToDouble(payloadFor(index), value);
+}
+
+inline void JIT::emitStore(unsigned index, RegisterID tag, RegisterID payload, RegisterID base)
+{
+    store32(payload, payloadFor(index, base));
+    store32(tag, tagFor(index, base));
+}
+
+inline void JIT::emitStoreInt32(unsigned index, RegisterID payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(Imm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreInt32(unsigned index, Imm32 payload, bool indexIsInt32)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsInt32)
+        store32(Imm32(JSValue::Int32Tag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreCell(unsigned index, RegisterID payload, bool indexIsCell)
+{
+    store32(payload, payloadFor(index, callFrameRegister));
+    if (!indexIsCell)
+        store32(Imm32(JSValue::CellTag), tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreBool(unsigned index, RegisterID tag, bool indexIsBool)
+{
+    if (!indexIsBool)
+        store32(Imm32(0), payloadFor(index, callFrameRegister));
+    store32(tag, tagFor(index, callFrameRegister));
+}
+
+inline void JIT::emitStoreDouble(unsigned index, FPRegisterID value)
+{
+    storeDouble(value, addressFor(index));
+}
+
+inline void JIT::emitStore(unsigned index, const JSValue constant, RegisterID base)
+{
+    store32(Imm32(constant.payload()), payloadFor(index, base));
+    store32(Imm32(constant.tag()), tagFor(index, base));
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    emitStore(dst, jsUndefined());
+}
+
+inline bool JIT::isLabeled(unsigned bytecodeIndex)
+{
+    for (size_t numberOfJumpTargets = m_codeBlock->numberOfJumpTargets(); m_jumpTargetIndex != numberOfJumpTargets; ++m_jumpTargetIndex) {
+        unsigned jumpTarget = m_codeBlock->jumpTarget(m_jumpTargetIndex);
+        if (jumpTarget == bytecodeIndex)
+            return true;
+        if (jumpTarget > bytecodeIndex)
+            return false;
+    }
+    return false;
+}
+
+inline void JIT::map(unsigned bytecodeIndex, unsigned virtualRegisterIndex, RegisterID tag, RegisterID payload)
+{
+    if (isLabeled(bytecodeIndex))
+        return;
+
+    m_mappedBytecodeIndex = bytecodeIndex;
+    m_mappedVirtualRegisterIndex = virtualRegisterIndex;
+    m_mappedTag = tag;
+    m_mappedPayload = payload;
+}
+
+inline void JIT::unmap(RegisterID registerID)
+{
+    if (m_mappedTag == registerID)
+        m_mappedTag = (RegisterID)-1;
+    else if (m_mappedPayload == registerID)
+        m_mappedPayload = (RegisterID)-1;
+}
+
+inline void JIT::unmap()
+{
+    m_mappedBytecodeIndex = (unsigned)-1;
+    m_mappedVirtualRegisterIndex = (unsigned)-1;
+    m_mappedTag = (RegisterID)-1;
+    m_mappedPayload = (RegisterID)-1;
+}
+
+inline bool JIT::isMapped(unsigned virtualRegisterIndex)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    return true;
+}
+
+inline bool JIT::getMappedPayload(unsigned virtualRegisterIndex, RegisterID& payload)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedPayload == (RegisterID)-1)
+        return false;
+    payload = m_mappedPayload;
+    return true;
+}
+
+inline bool JIT::getMappedTag(unsigned virtualRegisterIndex, RegisterID& tag)
+{
+    if (m_mappedBytecodeIndex != m_bytecodeIndex)
+        return false;
+    if (m_mappedVirtualRegisterIndex != virtualRegisterIndex)
+        return false;
+    if (m_mappedTag == (RegisterID)-1)
+        return false;
+    tag = m_mappedTag;
+    return true;
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        addSlowCase(branch32(NotEqual, tagFor(virtualRegisterIndex), Imm32(JSValue::CellTag)));
+}
+
+inline void JIT::emitJumpSlowCaseIfNotJSCell(unsigned virtualRegisterIndex, RegisterID tag)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        addSlowCase(branch32(NotEqual, tag, Imm32(JSValue::CellTag)));
+}
+
+inline void JIT::linkSlowCaseIfNotJSCell(Vector<SlowCaseEntry>::iterator& iter, unsigned virtualRegisterIndex)
+{
+    if (!m_codeBlock->isKnownNotImmediate(virtualRegisterIndex))
+        linkSlowCase(iter);
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE bool JIT::getOperandConstantImmediateInt(unsigned op1, unsigned op2, unsigned& op, int32_t& constant)
+{
+    if (isOperandConstantImmediateInt(op1)) {
+        constant = getConstantOperand(op1).asInt32();
+        op = op2;
+        return true;
+    }
+
+    if (isOperandConstantImmediateInt(op2)) {
+        constant = getConstantOperand(op2).asInt32();
+        op = op1;
+        return true;
+    }
+    
+    return false;
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID tag, RegisterID payload, unsigned argumentNumber)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    poke(payload, argumentStackOffset);
+    poke(tag, argumentStackOffset + 1);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+ALWAYS_INLINE void JIT::emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        JSValue constant = m_codeBlock->getConstant(src);
+        poke(Imm32(constant.payload()), argumentStackOffset);
+        poke(Imm32(constant.tag()), argumentStackOffset + 1);
+    } else {
+        emitLoad(src, scratch1, scratch2);
+        poke(scratch2, argumentStackOffset);
+        poke(scratch1, argumentStackOffset + 1);
+    }
+}
+
+#else // USE(JSVALUE32_64)
+
+ALWAYS_INLINE void JIT::killLastResultRegister()
+{
+    m_lastResultBytecodeRegister = std::numeric_limits<int>::max();
+}
+
+// get arg puts an arg from the SF register array into a h/w register
+ALWAYS_INLINE void JIT::emitGetVirtualRegister(int src, RegisterID dst)
+{
+    ASSERT(m_bytecodeIndex != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeIndex is set.
+
+    // TODO: we want to reuse values that are already in registers if we can - add a register allocator!
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        JSValue value = m_codeBlock->getConstant(src);
+        move(ImmPtr(JSValue::encode(value)), dst);
+        killLastResultRegister();
+        return;
+    }
+
+    if (src == m_lastResultBytecodeRegister && m_codeBlock->isTemporaryRegisterIndex(src)) {
+        bool atJumpTarget = false;
+        while (m_jumpTargetsPosition < m_codeBlock->numberOfJumpTargets() && m_codeBlock->jumpTarget(m_jumpTargetsPosition) <= m_bytecodeIndex) {
+            if (m_codeBlock->jumpTarget(m_jumpTargetsPosition) == m_bytecodeIndex)
+                atJumpTarget = true;
+            ++m_jumpTargetsPosition;
+        }
+
+        if (!atJumpTarget) {
+            // The argument we want is already stored in eax
+            if (dst != cachedResultRegister)
+                move(cachedResultRegister, dst);
+            killLastResultRegister();
+            return;
+        }
+    }
+
+    loadPtr(Address(callFrameRegister, src * sizeof(Register)), dst);
+    killLastResultRegister();
+}
+
+ALWAYS_INLINE void JIT::emitGetVirtualRegisters(int src1, RegisterID dst1, int src2, RegisterID dst2)
+{
+    if (src2 == m_lastResultBytecodeRegister) {
+        emitGetVirtualRegister(src2, dst2);
+        emitGetVirtualRegister(src1, dst1);
+    } else {
+        emitGetVirtualRegister(src1, dst1);
+        emitGetVirtualRegister(src2, dst2);
+    }
+}
+
+ALWAYS_INLINE int32_t JIT::getConstantOperandImmediateInt(unsigned src)
+{
+    return getConstantOperand(src).asInt32();
+}
+
+ALWAYS_INLINE bool JIT::isOperandConstantImmediateInt(unsigned src)
+{
+    return m_codeBlock->isConstantRegisterIndex(src) && getConstantOperand(src).isInt32();
+}
+
+ALWAYS_INLINE void JIT::emitPutVirtualRegister(unsigned dst, RegisterID from)
+{
+    storePtr(from, Address(callFrameRegister, dst * sizeof(Register)));
+    m_lastResultBytecodeRegister = (from == cachedResultRegister) ? dst : std::numeric_limits<int>::max();
+}
+
+ALWAYS_INLINE void JIT::emitInitRegister(unsigned dst)
+{
+    storePtr(ImmPtr(JSValue::encode(jsUndefined())), Address(callFrameRegister, dst * sizeof(Register)));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfJSCell(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchTestPtr(Zero, reg, tagMaskRegister);
+#else
+    return branchTest32(Zero, reg, Imm32(JSImmediate::TagMask));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfBothJSCells(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    orPtr(reg2, scratch);
+    return emitJumpIfJSCell(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfJSCell(reg));
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotJSCell(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchTestPtr(NonZero, reg, tagMaskRegister);
+#else
+    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagMask));
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotJSCell(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, int vReg)
+{
+    if (!m_codeBlock->isKnownNotImmediate(vReg))
+        emitJumpSlowCaseIfNotJSCell(reg);
+}
+
+#if USE(JSVALUE64)
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateNumber(RegisterID reg)
+{
+    return branchTestPtr(NonZero, reg, tagTypeNumberRegister);
+}
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateNumber(RegisterID reg)
+{
+    return branchTestPtr(Zero, reg, tagTypeNumberRegister);
+}
+
+inline void JIT::emitLoadDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        loadDouble(&inConstantPool, value);
+    } else
+        loadDouble(addressFor(index), value);
+}
+
+inline void JIT::emitLoadInt32ToDouble(unsigned index, FPRegisterID value)
+{
+    if (m_codeBlock->isConstantRegisterIndex(index)) {
+        Register& inConstantPool = m_codeBlock->constantRegister(index);
+        convertInt32ToDouble(AbsoluteAddress(&inConstantPool), value);
+    } else
+        convertInt32ToDouble(addressFor(index), value);
+}
+#endif
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfImmediateInteger(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchPtr(AboveOrEqual, reg, tagTypeNumberRegister);
+#else
+    return branchTest32(NonZero, reg, Imm32(JSImmediate::TagTypeNumber));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateInteger(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    return branchPtr(Below, reg, tagTypeNumberRegister);
+#else
+    return branchTest32(Zero, reg, Imm32(JSImmediate::TagTypeNumber));
+#endif
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitJumpIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    move(reg1, scratch);
+    andPtr(reg2, scratch);
+    return emitJumpIfNotImmediateInteger(scratch);
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateInteger(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotImmediateInteger(reg));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateIntegers(RegisterID reg1, RegisterID reg2, RegisterID scratch)
+{
+    addSlowCase(emitJumpIfNotImmediateIntegers(reg1, reg2, scratch));
+}
+
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotImmediateNumber(RegisterID reg)
+{
+    addSlowCase(emitJumpIfNotImmediateNumber(reg));
+}
+
+#if !USE(JSVALUE64)
+ALWAYS_INLINE void JIT::emitFastArithDeTagImmediate(RegisterID reg)
+{
+    subPtr(Imm32(JSImmediate::TagTypeNumber), reg);
+}
+
+ALWAYS_INLINE JIT::Jump JIT::emitFastArithDeTagImmediateJumpIfZero(RegisterID reg)
+{
+    return branchSubPtr(Zero, Imm32(JSImmediate::TagTypeNumber), reg);
+}
+#endif
+
+ALWAYS_INLINE void JIT::emitFastArithReTagImmediate(RegisterID src, RegisterID dest)
+{
+#if USE(JSVALUE64)
+    emitFastArithIntToImmNoCheck(src, dest);
+#else
+    if (src != dest)
+        move(src, dest);
+    addPtr(Imm32(JSImmediate::TagTypeNumber), dest);
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitFastArithImmToInt(RegisterID reg)
+{
+#if USE(JSVALUE64)
+    UNUSED_PARAM(reg);
+#else
+    rshiftPtr(Imm32(JSImmediate::IntegerPayloadShift), reg);
+#endif
+}
+
+// operand is int32_t, must have been zero-extended if register is 64-bit.
+ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)
+{
+#if USE(JSVALUE64)
+    if (src != dest)
+        move(src, dest);
+    orPtr(tagTypeNumberRegister, dest);
+#else
+    signExtend32ToPtr(src, dest);
+    addPtr(dest, dest);
+    emitFastArithReTagImmediate(dest, dest);
+#endif
+}
+
+ALWAYS_INLINE void JIT::emitTagAsBoolImmediate(RegisterID reg)
+{
+    lshift32(Imm32(JSImmediate::ExtendedPayloadShift), reg);
+    or32(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), reg);
+}
+
+/* Deprecated: Please use JITStubCall instead. */
+
+// get arg puts an arg from the SF register array onto the stack, as an arg to a context threaded function.
+ALWAYS_INLINE void JIT::emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch)
+{
+    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        JSValue value = m_codeBlock->getConstant(src);
+        poke(ImmPtr(JSValue::encode(value)), argumentStackOffset);
+    } else {
+        loadPtr(Address(callFrameRegister, src * sizeof(Register)), scratch);
+        poke(scratch, argumentStackOffset);
+    }
+
+    killLastResultRegister();
+}
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITOpcodes.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITOpcodes.cpp
new file mode 100644
index 000000000..b5f659724
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITOpcodes.cpp
@@ -0,0 +1,2950 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JIT.h"
+
+#if ENABLE(JIT)
+
+#include "JITInlineMethods.h"
+#include "JITStubCall.h"
+#include "JSArray.h"
+#include "JSCell.h"
+#include "JSFunction.h"
+#include "LinkBuffer.h"
+
+namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+{
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    // (1) This function provides fast property access for string length
+    Label stringLengthBegin = align();
+    
+    // regT0 holds payload, regT1 holds tag
+    
+    Jump string_failureCases1 = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+
+    // Checks out okay! - get the length from the Ustring.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSString, m_value) + OBJECT_OFFSETOF(UString, m_rep)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(UString::Rep, len)), regT2);
+
+    Jump string_failureCases3 = branch32(Above, regT2, Imm32(INT_MAX));
+    move(regT2, regT0);
+    move(Imm32(JSValue::Int32Tag), regT1);
+
+    ret();
+#endif
+
+    // (2) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    // VirtualCallLink Trampoline
+    // regT0 holds callee, regT1 holds argCount.  regT2 will hold the FunctionExecutable.
+    Label virtualCallLinkBegin = align();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+
+    Jump isNativeFunc2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+
+    Jump hasCodeBlock2 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction2 = call();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    hasCodeBlock2.link(this);
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callArityCheck2 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    arityCheckOkay2.link(this);
+
+    isNativeFunc2.link(this);
+
+    compileOpCallInitializeCallFrame();
+
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callLazyLinkCall = call();
+    restoreReturnAddressBeforeReturn(regT3);
+    jump(regT0);
+#endif // ENABLE(JIT_OPTIMIZE_CALL)
+
+    // VirtualCall Trampoline
+    // regT0 holds callee, regT1 holds argCount.  regT2 will hold the FunctionExecutable.
+    Label virtualCallBegin = align();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+
+    Jump isNativeFunc3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+
+    Jump hasCodeBlock3 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction1 = call();
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    hasCodeBlock3.link(this);
+    
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callArityCheck1 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    arityCheckOkay3.link(this);
+
+    isNativeFunc3.link(this);
+
+    compileOpCallInitializeCallFrame();
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_jitCode)), regT0);
+    jump(regT0);
+
+#if PLATFORM(X86)
+    Label nativeCallThunk = align();
+    preserveReturnAddressAfterCall(regT0);
+    emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
+
+    // Load caller frame's scope chain into this callframe so that whatever we call can
+    // get to its global data.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
+    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
+
+    /* We have two structs that we use to describe the stackframe we set up for our
+     * call to native code.  NativeCallFrameStructure describes the how we set up the stack
+     * in advance of the call.  NativeFunctionCalleeSignature describes the callframe
+     * as the native code expects it.  We do this as we are using the fastcall calling
+     * convention which results in the callee popping its arguments off the stack, but
+     * not the rest of the callframe so we need a nice way to ensure we increment the
+     * stack pointer by the right amount after the call.
+     */
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+#if COMPILER(MSVC)
+#pragma pack(push)
+#pragma pack(4)
+#endif // COMPILER(MSVC)
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in EDX
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+        JSValue result;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#if COMPILER(MSVC)
+#pragma pack(pop)
+#endif // COMPILER(MSVC)
+#else
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in ECX
+      //  JSObject* callee; // passed in EDX
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#endif
+    
+    const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
+    // Allocate system stack frame
+    subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
+
+    // Set up arguments
+    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
+
+    // push argcount
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
+    
+    // Calculate the start of the callframe header, and store in regT1
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
+    mul32(Imm32(sizeof(Register)), regT0, regT0);
+    subPtr(regT0, regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
+
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
+
+    // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
+    loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
+    loadPtr(Address(regT1, -(int)sizeof(Register) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), regT3);
+    storePtr(regT2, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+    storePtr(regT3, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
+
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::eax);
+    storePtr(X86Registers::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
+
+    // Plant callframe
+    move(callFrameRegister, X86Registers::edx);
+
+    call(Address(X86Registers::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
+
+    // JSValue is a non-POD type, so eax points to it
+    emitLoad(0, regT1, regT0, X86Registers::eax);
+#else
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::edx); // callee
+    move(callFrameRegister, X86Registers::ecx); // callFrame
+    call(Address(X86Registers::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
+#endif
+
+    // We've put a few temporaries on the stack in addition to the actual arguments
+    // so pull them off now
+    addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
+
+    // Check for an exception
+    move(ImmPtr(&globalData->exception), regT2);
+    Jump sawException = branch32(NotEqual, tagFor(0, regT2), Imm32(JSValue::EmptyValueTag));
+
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT3);
+    
+    // Restore our caller's "r".
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    
+    // Return.
+    restoreReturnAddressBeforeReturn(regT3);
+    ret();
+
+    // Handle an exception
+    sawException.link(this);
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    move(ImmPtr(&globalData->exceptionLocation), regT2);
+    storePtr(regT1, regT2);
+    move(ImmPtr(reinterpret_cast<void*>(ctiVMThrowTrampoline)), regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+
+#elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
+#error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
+#else
+    breakpoint();
+#endif
+    
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
+    Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
+    Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
+#endif
+
+    // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
+    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
+#endif
+    patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
+#endif
+
+    CodeRef finalCode = patchBuffer.finalizeCode();
+    *executablePool = finalCode.m_executablePool;
+
+    *ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
+    *ctiNativeCallThunk = trampolineAt(finalCode, nativeCallThunk);
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    *ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
+#else
+    UNUSED_PARAM(ctiStringLengthTrampoline);
+#endif
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    *ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
+#else
+    UNUSED_PARAM(ctiVirtualCallLink);
+#endif
+}
+
+void JIT::emit_op_mov(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    if (m_codeBlock->isConstantRegisterIndex(src))
+        emitStore(dst, getConstantOperand(src));
+    else {
+        emitLoad(src, regT1, regT0);
+        emitStore(dst, regT1, regT0);
+        map(m_bytecodeIndex + OPCODE_LENGTH(op_mov), dst, regT1, regT0);
+    }
+}
+
+void JIT::emit_op_end(Instruction* currentInstruction)
+{
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_end).call();
+    ASSERT(returnValueRegister != callFrameRegister);
+    emitLoad(currentInstruction[1].u.operand, regT1, regT0);
+    restoreReturnAddressBeforeReturn(Address(callFrameRegister, RegisterFile::ReturnPC * static_cast<int>(sizeof(Register))));
+    ret();
+}
+
+void JIT::emit_op_jmp(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[1].u.operand;
+    addJump(jump(), target + 1);
+}
+
+void JIT::emit_op_loop(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[1].u.operand;
+    emitTimeoutCheck();
+    addJump(jump(), target + 1);
+}
+
+void JIT::emit_op_loop_if_less(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitTimeoutCheck();
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThan, regT0, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+        return;
+    }
+    
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThan, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    addJump(branch32(LessThan, regT0, regT2), target + 3);
+}
+
+void JIT::emitSlow_op_loop_if_less(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_loop_if_less);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+}
+
+void JIT::emit_op_loop_if_lesseq(Instruction* currentInstruction)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitTimeoutCheck();
+
+    if (isOperandConstantImmediateInt(op1)) {
+        emitLoad(op2, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(GreaterThanOrEqual, regT0, Imm32(getConstantOperand(op1).asInt32())), target + 3);
+        return;
+    }
+
+    if (isOperandConstantImmediateInt(op2)) {
+        emitLoad(op1, regT1, regT0);
+        addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+        addJump(branch32(LessThanOrEqual, regT0, Imm32(getConstantOperand(op2).asInt32())), target + 3);
+        return;
+    }
+
+    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag)));
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    addJump(branch32(LessThanOrEqual, regT0, regT2), target + 3);
+}
+
+void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+
+    if (!isOperandConstantImmediateInt(op1) && !isOperandConstantImmediateInt(op2))
+        linkSlowCase(iter); // int32 check
+    linkSlowCase(iter); // int32 check
+
+    JITStubCall stubCall(this, cti_op_loop_if_lesseq);
+    stubCall.addArgument(op1);
+    stubCall.addArgument(op2);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+}
+
+void JIT::emit_op_new_object(Instruction* currentInstruction)
+{
+    JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_instanceof(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned value = currentInstruction[2].u.operand;
+    unsigned baseVal = currentInstruction[3].u.operand;
+    unsigned proto = currentInstruction[4].u.operand;
+
+    // Load the operands (baseVal, proto, and value respectively) into registers.
+    // We use regT0 for baseVal since we will be done with this first, and we can then use it for the result.
+    emitLoadPayload(proto, regT1);
+    emitLoadPayload(baseVal, regT0);
+    emitLoadPayload(value, regT2);
+
+    // Check that baseVal & proto are cells.
+    emitJumpSlowCaseIfNotJSCell(proto);
+    emitJumpSlowCaseIfNotJSCell(baseVal);
+
+    // Check that baseVal is an object, that it 'ImplementsHasInstance' but that it does not 'OverridesHasInstance'.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType))); // FIXME: Maybe remove this test.
+    addSlowCase(branchTest32(Zero, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(ImplementsHasInstance))); // FIXME: TOT checks ImplementsDefaultHasInstance.
+
+    // If value is not an Object, return false.
+    emitLoadTag(value, regT0);
+    Jump valueIsImmediate = branch32(NotEqual, regT0, Imm32(JSValue::CellTag));
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    Jump valueIsNotObject = branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)); // FIXME: Maybe remove this test.
+
+    // Check proto is object.
+    loadPtr(Address(regT1, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
+
+    // Optimistically load the result true, and start looping.
+    // Initially, regT1 still contains proto and regT2 still contains value.
+    // As we loop regT2 will be updated with its prototype, recursively walking the prototype chain.
+    move(Imm32(JSValue::TrueTag), regT0);
+    Label loop(this);
+
+    // Load the prototype of the object in regT2.  If this is equal to regT1 - WIN!
+    // Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), regT2);
+    Jump isInstance = branchPtr(Equal, regT2, regT1);
+    branch32(NotEqual, regT2, Imm32(0), loop);
+
+    // We get here either by dropping out of the loop, or if value was not an Object.  Result is false.
+    valueIsImmediate.link(this);
+    valueIsNotObject.link(this);
+    move(Imm32(JSValue::FalseTag), regT0);
+
+    // isInstance jumps right down to here, to skip setting the result to false (it has already set true).
+    isInstance.link(this);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_instanceof(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned value = currentInstruction[2].u.operand;
+    unsigned baseVal = currentInstruction[3].u.operand;
+    unsigned proto = currentInstruction[4].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, baseVal);
+    linkSlowCaseIfNotJSCell(iter, proto);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_instanceof);
+    stubCall.addArgument(value);
+    stubCall.addArgument(baseVal);
+    stubCall.addArgument(proto);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_new_func(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func);
+    stubCall.addArgument(ImmPtr(m_codeBlock->functionDecl(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_get_global_var(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[2].u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int index = currentInstruction[3].u.operand;
+
+    loadPtr(&globalObject->d()->registers, regT2);
+
+    emitLoad(index, regT1, regT0, regT2);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_global_var), dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_global_var(Instruction* currentInstruction)
+{
+    JSGlobalObject* globalObject = static_cast<JSGlobalObject*>(currentInstruction[1].u.jsCell);
+    ASSERT(globalObject->isGlobalObject());
+    int index = currentInstruction[2].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad(value, regT1, regT0);
+
+    loadPtr(&globalObject->d()->registers, regT2);
+    emitStore(index, regT1, regT0, regT2);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_put_global_var), value, regT1, regT0);
+}
+
+void JIT::emit_op_get_scoped_var(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int index = currentInstruction[2].u.operand;
+    int skip = currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain();
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
+    while (skip--)
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
+
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
+
+    emitLoad(index, regT1, regT0, regT2);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_scoped_var), dst, regT1, regT0);
+}
+
+void JIT::emit_op_put_scoped_var(Instruction* currentInstruction)
+{
+    int index = currentInstruction[1].u.operand;
+    int skip = currentInstruction[2].u.operand + m_codeBlock->needsFullScopeChain();
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad(value, regT1, regT0);
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT2);
+    while (skip--)
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, next)), regT2);
+
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(ScopeChainNode, object)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject, d)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSVariableObject::JSVariableObjectData, registers)), regT2);
+
+    emitStore(index, regT1, regT0, regT2);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_put_scoped_var), value, regT1, regT0);
+}
+
+void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_tear_off_activation);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+}
+
+void JIT::emit_op_tear_off_arguments(Instruction*)
+{
+    JITStubCall(this, cti_op_tear_off_arguments).call();
+}
+
+void JIT::emit_op_new_array(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_array);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_to_primitive(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImm = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    isImm.link(this);
+
+    if (dst != src)
+        emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_to_primitive), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_to_primitive(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_primitive);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_strcat(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_strcat);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_loop_if_true(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitTimeoutCheck();
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    addJump(branch32(NotEqual, regT0, Imm32(0)), target + 2);
+    Jump isNotZero = jump();
+
+    isNotInteger.link(this);
+
+    addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target + 2);
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::FalseTag)));
+
+    isNotZero.link(this);
+}
+
+void JIT::emitSlow_op_loop_if_true(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 2);
+}
+
+void JIT::emit_op_resolve_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_skip);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_global(Instruction* currentInstruction)
+{
+    // FIXME: Optimize to use patching instead of so many memory accesses.
+
+    unsigned dst = currentInstruction[1].u.operand;
+    void* globalObject = currentInstruction[2].u.jsCell;
+    
+    unsigned currentIndex = m_globalResolveInfoIndex++;
+    void* structureAddress = &(m_codeBlock->globalResolveInfo(currentIndex).structure);
+    void* offsetAddr = &(m_codeBlock->globalResolveInfo(currentIndex).offset);
+
+    // Verify structure.
+    move(ImmPtr(globalObject), regT0);
+    loadPtr(structureAddress, regT1);
+    addSlowCase(branchPtr(NotEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure))));
+
+    // Load property.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_externalStorage)), regT2);
+    load32(offsetAddr, regT3);
+    load32(BaseIndex(regT2, regT3, TimesEight), regT0); // payload
+    load32(BaseIndex(regT2, regT3, TimesEight, 4), regT1); // tag
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_resolve_global(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    void* globalObject = currentInstruction[2].u.jsCell;
+    Identifier* ident = &m_codeBlock->identifier(currentInstruction[3].u.operand);
+
+    unsigned currentIndex = m_globalResolveInfoIndex++;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_resolve_global);
+    stubCall.addArgument(ImmPtr(globalObject));
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(Imm32(currentIndex));
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_not(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoadTag(src, regT0);
+
+    xor32(Imm32(JSValue::FalseTag), regT0);
+    addSlowCase(branchTest32(NonZero, regT0, Imm32(~1)));
+    xor32(Imm32(JSValue::TrueTag), regT0);
+
+    emitStoreBool(dst, regT0, (dst == src));
+}
+
+void JIT::emitSlow_op_not(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_not);
+    stubCall.addArgument(src);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_jfalse(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isTrue = branch32(Equal, regT1, Imm32(JSValue::TrueTag));
+    addJump(branch32(Equal, regT1, Imm32(JSValue::FalseTag)), target + 2);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    Jump isTrue2 = branch32(NotEqual, regT0, Imm32(0));
+    addJump(jump(), target + 2);
+
+    if (supportsFloatingPoint()) {
+        isNotInteger.link(this);
+
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+        zeroDouble(fpRegT0);
+        emitLoadDouble(cond, fpRegT1);
+        addJump(branchDouble(DoubleEqual, fpRegT0, fpRegT1), target + 2);
+    } else
+        addSlowCase(isNotInteger);
+
+    isTrue.link(this);
+    isTrue2.link(this);
+}
+
+void JIT::emitSlow_op_jfalse(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), target + 2); // Inverted.
+}
+
+void JIT::emit_op_jtrue(Instruction* currentInstruction)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(cond, regT1, regT0);
+
+    Jump isFalse = branch32(Equal, regT1, Imm32(JSValue::FalseTag));
+    addJump(branch32(Equal, regT1, Imm32(JSValue::TrueTag)), target + 2);
+
+    Jump isNotInteger = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
+    Jump isFalse2 = branch32(Equal, regT0, Imm32(0));
+    addJump(jump(), target + 2);
+
+    if (supportsFloatingPoint()) {
+        isNotInteger.link(this);
+
+        addSlowCase(branch32(Above, regT1, Imm32(JSValue::LowestTag)));
+
+        zeroDouble(fpRegT0);
+        emitLoadDouble(cond, fpRegT1);
+        addJump(branchDouble(DoubleNotEqual, fpRegT0, fpRegT1), target + 2);
+    } else
+        addSlowCase(isNotInteger);
+
+    isFalse.link(this);
+    isFalse2.link(this);
+}
+
+void JIT::emitSlow_op_jtrue(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned cond = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(cond);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 2);
+}
+
+void JIT::emit_op_jeq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+
+    set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    addJump(branchTest32(NonZero, regT1), target + 2);
+
+    wasNotImmediate.link(this);
+}
+
+void JIT::emit_op_jneq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+
+    set32(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set32(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    addJump(branchTest32(Zero, regT1), target + 2);
+
+    wasNotImmediate.link(this);
+}
+
+void JIT::emit_op_jneq_ptr(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    JSCell* ptr = currentInstruction[2].u.jsCell;
+    unsigned target = currentInstruction[3].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    addJump(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)), target + 3);
+    addJump(branchPtr(NotEqual, regT0, ImmPtr(ptr)), target + 3);
+}
+
+void JIT::emit_op_jsr(Instruction* currentInstruction)
+{
+    int retAddrDst = currentInstruction[1].u.operand;
+    int target = currentInstruction[2].u.operand;
+    DataLabelPtr storeLocation = storePtrWithPatch(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * retAddrDst));
+    addJump(jump(), target + 2);
+    m_jsrSites.append(JSRInfo(storeLocation, label()));
+}
+
+void JIT::emit_op_sret(Instruction* currentInstruction)
+{
+    jump(Address(callFrameRegister, sizeof(Register) * currentInstruction[1].u.operand));
+}
+
+void JIT::emit_op_eq(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+    
+    emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, regT3));
+    addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
+    addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
+
+    set8(Equal, regT0, regT2, regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_eq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned op1 = currentInstruction[2].u.operand;
+    unsigned op2 = currentInstruction[3].u.operand;
+    
+    JumpList storeResult;
+    JumpList genericCase;
+    
+    genericCase.append(getSlowCase(iter)); // tags not equal
+
+    linkSlowCase(iter); // tags equal and JSCell
+    genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
+
+    // String case.
+    JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
+    stubCallEqStrings.addArgument(regT0);
+    stubCallEqStrings.addArgument(regT2);
+    stubCallEqStrings.call();
+    storeResult.append(jump());
+
+    // Generic case.
+    genericCase.append(getSlowCase(iter)); // doubles
+    genericCase.link(this);
+    JITStubCall stubCallEq(this, cti_op_eq);
+    stubCallEq.addArgument(op1);
+    stubCallEq.addArgument(op2);
+    stubCallEq.call(regT0);
+
+    storeResult.link(this);
+    or32(Imm32(JSValue::FalseTag), regT0);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emit_op_neq(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+    
+    emitLoad2(src1, regT1, regT0, src2, regT3, regT2);
+    addSlowCase(branch32(NotEqual, regT1, regT3));
+    addSlowCase(branch32(Equal, regT1, Imm32(JSValue::CellTag)));
+    addSlowCase(branch32(Below, regT1, Imm32(JSValue::LowestTag)));
+
+    set8(NotEqual, regT0, regT2, regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emitSlow_op_neq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    
+    JumpList storeResult;
+    JumpList genericCase;
+    
+    genericCase.append(getSlowCase(iter)); // tags not equal
+
+    linkSlowCase(iter); // tags equal and JSCell
+    genericCase.append(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    genericCase.append(branchPtr(NotEqual, Address(regT2), ImmPtr(m_globalData->jsStringVPtr)));
+
+    // String case.
+    JITStubCall stubCallEqStrings(this, cti_op_eq_strings);
+    stubCallEqStrings.addArgument(regT0);
+    stubCallEqStrings.addArgument(regT2);
+    stubCallEqStrings.call(regT0);
+    storeResult.append(jump());
+
+    // Generic case.
+    genericCase.append(getSlowCase(iter)); // doubles
+    genericCase.link(this);
+    JITStubCall stubCallEq(this, cti_op_eq);
+    stubCallEq.addArgument(regT1, regT0);
+    stubCallEq.addArgument(regT3, regT2);
+    stubCallEq.call(regT0);
+
+    storeResult.link(this);
+    xor32(Imm32(0x1), regT0);
+    or32(Imm32(JSValue::FalseTag), regT0);
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    emitLoadTag(src1, regT0);
+    emitLoadTag(src2, regT1);
+
+    // Jump to a slow case if either operand is double, or if both operands are
+    // cells and/or Int32s.
+    move(regT0, regT2);
+    and32(regT1, regT2);
+    addSlowCase(branch32(Below, regT2, Imm32(JSValue::LowestTag)));
+    addSlowCase(branch32(AboveOrEqual, regT2, Imm32(JSValue::CellTag)));
+
+    if (type == OpStrictEq)
+        set8(Equal, regT0, regT1, regT0);
+    else
+        set8(NotEqual, regT0, regT1, regT0);
+
+    or32(Imm32(JSValue::FalseTag), regT0);
+
+    emitStoreBool(dst, regT0);
+}
+
+void JIT::emit_op_stricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpStrictEq);
+}
+
+void JIT::emitSlow_op_stricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_stricteq);
+    stubCall.addArgument(src1);
+    stubCall.addArgument(src2);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_nstricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpNStrictEq);
+}
+
+void JIT::emitSlow_op_nstricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_nstricteq);
+    stubCall.addArgument(src1);
+    stubCall.addArgument(src2);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_eq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
+    setTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    set8(Equal, regT1, Imm32(JSValue::NullTag), regT2);
+    set8(Equal, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    or32(regT2, regT1);
+
+    wasNotImmediate.link(this);
+
+    or32(Imm32(JSValue::FalseTag), regT1);
+
+    emitStoreBool(dst, regT1);
+}
+
+void JIT::emit_op_neq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+    Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
+    setTest8(Zero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT1);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    set8(NotEqual, regT1, Imm32(JSValue::NullTag), regT2);
+    set8(NotEqual, regT1, Imm32(JSValue::UndefinedTag), regT1);
+    and32(regT2, regT1);
+
+    wasNotImmediate.link(this);
+
+    or32(Imm32(JSValue::FalseTag), regT1);
+
+    emitStoreBool(dst, regT1);
+}
+
+void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_with_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call(currentInstruction[2].u.operand);
+}
+
+void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func_exp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->functionExpr(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_new_regexp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_regexp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->regexp(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_throw(Instruction* currentInstruction)
+{
+    unsigned exception = currentInstruction[1].u.operand;
+    JITStubCall stubCall(this, cti_op_throw);
+    stubCall.addArgument(exception);
+    stubCall.call();
+
+#ifndef NDEBUG
+    // cti_op_throw always changes it's return address,
+    // this point in the code should never be reached.
+    breakpoint();
+#endif
+}
+
+void JIT::emit_op_next_pname(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int iter = currentInstruction[2].u.operand;
+    int target = currentInstruction[3].u.operand;
+
+    load32(Address(callFrameRegister, (iter * sizeof(Register))), regT0);
+
+    JITStubCall stubCall(this, cti_op_next_pname);
+    stubCall.addArgument(regT0);
+    stubCall.call();
+
+    Jump endOfIter = branchTestPtr(Zero, regT0);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_next_pname), dst, regT1, regT0);
+    addJump(jump(), target + 3);
+    endOfIter.link(this);
+}
+
+void JIT::emit_op_push_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_scope);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_pop_scope(Instruction*)
+{
+    JITStubCall(this, cti_op_pop_scope).call();
+}
+
+void JIT::emit_op_to_jsnumber(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    emitLoad(src, regT1, regT0);
+
+    Jump isInt32 = branch32(Equal, regT1, Imm32(JSValue::Int32Tag));
+    addSlowCase(branch32(AboveOrEqual, regT1, Imm32(JSValue::EmptyValueTag)));
+    isInt32.link(this);
+
+    if (src != dst)
+        emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_to_jsnumber), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_to_jsnumber(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_jsnumber);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_new_scope);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(currentInstruction[3].u.operand);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_catch(Instruction* currentInstruction)
+{
+    unsigned exception = currentInstruction[1].u.operand;
+
+    // This opcode only executes after a return from cti_op_throw.
+
+    // cti_op_throw may have taken us to a call frame further up the stack; reload
+    // the call frame pointer to adjust.
+    peek(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+
+    // Now store the exception returned by cti_op_throw.
+    emitStore(exception, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_catch), exception, regT1, regT0);
+#ifdef QT_BUILD_SCRIPT_LIB
+    JITStubCall stubCall(this, cti_op_debug_catch);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+#endif
+}
+
+void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_jmp_scopes);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+    addJump(jump(), currentInstruction[2].u.operand + 2);
+}
+
+void JIT::emit_op_switch_imm(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->immediateSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Immediate));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_imm);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_char(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->characterSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Character));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_char);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_string(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    StringJumpTable* jumpTable = &m_codeBlock->stringSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
+
+    JITStubCall stubCall(this, cti_op_switch_string);
+    stubCall.addArgument(scrutinee);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_new_error(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned type = currentInstruction[2].u.operand;
+    unsigned message = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_new_error);
+    stubCall.addArgument(Imm32(type));
+    stubCall.addArgument(m_codeBlock->getConstant(message));
+    stubCall.addArgument(Imm32(m_bytecodeIndex));
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_debug(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_debug);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[4].u.operand));
+    stubCall.call();
+}
+
+
+void JIT::emit_op_enter(Instruction*)
+{
+    // Even though JIT code doesn't use them, we initialize our constant
+    // registers to zap stale pointers, to avoid unnecessarily prolonging
+    // object lifetime and increasing GC pressure.
+    for (int i = 0; i < m_codeBlock->m_numVars; ++i)
+        emitStore(i, jsUndefined());
+}
+
+void JIT::emit_op_enter_with_activation(Instruction* currentInstruction)
+{
+    emit_op_enter(currentInstruction);
+
+    JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_create_arguments(Instruction*)
+{
+    Jump argsCreated = branch32(NotEqual, tagFor(RegisterFile::ArgumentsRegister, callFrameRegister), Imm32(JSValue::EmptyValueTag));
+
+    // If we get here the arguments pointer is a null cell - i.e. arguments need lazy creation.
+    if (m_codeBlock->m_numParameters == 1)
+        JITStubCall(this, cti_op_create_arguments_no_params).call();
+    else
+        JITStubCall(this, cti_op_create_arguments).call();
+
+    argsCreated.link(this);
+}
+    
+void JIT::emit_op_init_arguments(Instruction*)
+{
+    emitStore(RegisterFile::ArgumentsRegister, JSValue(), callFrameRegister);
+}
+
+void JIT::emit_op_convert_this(Instruction* currentInstruction)
+{
+    unsigned thisRegister = currentInstruction[1].u.operand;
+    
+    emitLoad(thisRegister, regT1, regT0);
+
+    addSlowCase(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branchTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
+
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_convert_this), thisRegister, regT1, regT0);
+}
+
+void JIT::emitSlow_op_convert_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned thisRegister = currentInstruction[1].u.operand;
+
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_convert_this);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.call(thisRegister);
+}
+
+void JIT::emit_op_profile_will_call(Instruction* currentInstruction)
+{
+    peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT2));
+
+    JITStubCall stubCall(this, cti_op_profile_will_call);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+    noProfiler.link(this);
+}
+
+void JIT::emit_op_profile_did_call(Instruction* currentInstruction)
+{
+    peek(regT2, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT2));
+
+    JITStubCall stubCall(this, cti_op_profile_did_call);
+    stubCall.addArgument(currentInstruction[1].u.operand);
+    stubCall.call();
+    noProfiler.link(this);
+}
+
+#else // USE(JSVALUE32_64)
+
+#define RECORD_JUMP_TARGET(targetOffset) \
+   do { m_labels[m_bytecodeIndex + (targetOffset)].used(); } while (false)
+
+void JIT::privateCompileCTIMachineTrampolines(RefPtr<ExecutablePool>* executablePool, JSGlobalData* globalData, CodePtr* ctiStringLengthTrampoline, CodePtr* ctiVirtualCallLink, CodePtr* ctiVirtualCall, CodePtr* ctiNativeCallThunk)
+{
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    // (2) The second function provides fast property access for string length
+    Label stringLengthBegin = align();
+
+    // Check eax is a string
+    Jump string_failureCases1 = emitJumpIfNotJSCell(regT0);
+    Jump string_failureCases2 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+
+    // Checks out okay! - get the length from the Ustring.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSString, m_value) + OBJECT_OFFSETOF(UString, m_rep)), regT0);
+    load32(Address(regT0, OBJECT_OFFSETOF(UString::Rep, len)), regT0);
+
+    Jump string_failureCases3 = branch32(Above, regT0, Imm32(JSImmediate::maxImmediateInt));
+
+    // regT0 contains a 64 bit value (is positive, is zero extended) so we don't need sign extend here.
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+    
+    ret();
+#endif
+
+    // (3) Trampolines for the slow cases of op_call / op_call_eval / op_construct.
+    COMPILE_ASSERT(sizeof(CodeType) == 4, CodeTypeEnumMustBe32Bit);
+
+    // VirtualCallLink Trampoline
+    // regT0 holds callee, regT1 holds argCount.  regT2 will hold the FunctionExecutable.
+    Label virtualCallLinkBegin = align();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+
+    Jump isNativeFunc2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+
+    Jump hasCodeBlock2 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction2 = call();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    hasCodeBlock2.link(this);
+
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callArityCheck2 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    arityCheckOkay2.link(this);
+
+    isNativeFunc2.link(this);
+
+    compileOpCallInitializeCallFrame();
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callLazyLinkCall = call();
+    restoreReturnAddressBeforeReturn(regT3);
+    jump(regT0);
+
+    // VirtualCall Trampoline
+    // regT0 holds callee, regT1 holds argCount.  regT2 will hold the FunctionExecutable.
+    Label virtualCallBegin = align();
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+
+    Jump isNativeFunc3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+
+    Jump hasCodeBlock3 = branch32(GreaterThan, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), Imm32(0));
+    preserveReturnAddressAfterCall(regT3);
+    restoreArgumentReference();
+    Call callJSFunction1 = call();
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    hasCodeBlock3.link(this);
+    
+    // Check argCount matches callee arity.
+    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
+    preserveReturnAddressAfterCall(regT3);
+    emitPutJITStubArg(regT3, 1); // return address
+    restoreArgumentReference();
+    Call callArityCheck1 = call();
+    move(regT1, callFrameRegister);
+    emitGetJITStubArg(2, regT1); // argCount
+    restoreReturnAddressBeforeReturn(regT3);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
+    arityCheckOkay3.link(this);
+
+    isNativeFunc3.link(this);
+
+    compileOpCallInitializeCallFrame();
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_jitCode)), regT0);
+    jump(regT0);
+
+    Label nativeCallThunk = align();
+    preserveReturnAddressAfterCall(regT0);
+    emitPutToCallFrameHeader(regT0, RegisterFile::ReturnPC); // Push return address
+
+    // Load caller frame's scope chain into this callframe so that whatever we call can
+    // get to its global data.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT1);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT1);
+    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    
+
+#if PLATFORM(X86_64)
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, X86Registers::ecx);
+
+    // Allocate stack space for our arglist
+    subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+    COMPILE_ASSERT((sizeof(ArgList) & 0xf) == 0, ArgList_should_by_16byte_aligned);
+    
+    // Set up arguments
+    subPtr(Imm32(1), X86Registers::ecx); // Don't include 'this' in argcount
+
+    // Push argcount
+    storePtr(X86Registers::ecx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
+
+    // Calculate the start of the callframe header, and store in edx
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), callFrameRegister, X86Registers::edx);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (ecx)
+    mul32(Imm32(sizeof(Register)), X86Registers::ecx, X86Registers::ecx);
+    subPtr(X86Registers::ecx, X86Registers::edx);
+
+    // push pointer to arguments
+    storePtr(X86Registers::edx, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
+    
+    // ArgList is passed by reference so is stackPointerRegister
+    move(stackPointerRegister, X86Registers::ecx);
+    
+    // edx currently points to the first argument, edx-sizeof(Register) points to 'this'
+    loadPtr(Address(X86Registers::edx, -(int32_t)sizeof(Register)), X86Registers::edx);
+    
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::esi);
+
+    move(callFrameRegister, X86Registers::edi); 
+
+    call(Address(X86Registers::esi, OBJECT_OFFSETOF(JSFunction, m_data)));
+    
+    addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+#elif PLATFORM(X86)
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
+
+    /* We have two structs that we use to describe the stackframe we set up for our
+     * call to native code.  NativeCallFrameStructure describes the how we set up the stack
+     * in advance of the call.  NativeFunctionCalleeSignature describes the callframe
+     * as the native code expects it.  We do this as we are using the fastcall calling
+     * convention which results in the callee popping its arguments off the stack, but
+     * not the rest of the callframe so we need a nice way to ensure we increment the
+     * stack pointer by the right amount after the call.
+     */
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in EDX
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+        JSValue result;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSObject* callee;
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#else
+    struct NativeCallFrameStructure {
+      //  CallFrame* callFrame; // passed in ECX
+      //  JSObject* callee; // passed in EDX
+        JSValue thisValue;
+        ArgList* argPointer;
+        ArgList args;
+    };
+    struct NativeFunctionCalleeSignature {
+        JSValue thisValue;
+        ArgList* argPointer;
+    };
+#endif
+    const int NativeCallFrameSize = (sizeof(NativeCallFrameStructure) + 15) & ~15;
+    // Allocate system stack frame
+    subPtr(Imm32(NativeCallFrameSize), stackPointerRegister);
+
+    // Set up arguments
+    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
+
+    // push argcount
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_argCount)));
+    
+    // Calculate the start of the callframe header, and store in regT1
+    addPtr(Imm32(-RegisterFile::CallFrameHeaderSize * (int)sizeof(Register)), callFrameRegister, regT1);
+    
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT0)
+    mul32(Imm32(sizeof(Register)), regT0, regT0);
+    subPtr(regT0, regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, args) + OBJECT_OFFSETOF(ArgList, m_args)));
+
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, args)), stackPointerRegister, regT0);
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, argPointer)));
+
+    // regT1 currently points to the first argument, regT1 - sizeof(Register) points to 'this'
+    loadPtr(Address(regT1, -(int)sizeof(Register)), regT1);
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, thisValue)));
+
+#if COMPILER(MSVC) || PLATFORM(LINUX)
+    // ArgList is passed by reference so is stackPointerRegister + 4 * sizeof(Register)
+    addPtr(Imm32(OBJECT_OFFSETOF(NativeCallFrameStructure, result)), stackPointerRegister, X86Registers::ecx);
+
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::eax);
+    storePtr(X86Registers::eax, Address(stackPointerRegister, OBJECT_OFFSETOF(NativeCallFrameStructure, callee)));
+
+    // Plant callframe
+    move(callFrameRegister, X86Registers::edx);
+
+    call(Address(X86Registers::eax, OBJECT_OFFSETOF(JSFunction, m_data)));
+
+    // JSValue is a non-POD type
+    loadPtr(Address(X86Registers::eax), X86Registers::eax);
+#else
+    // Plant callee
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, X86Registers::edx);
+
+    // Plant callframe
+    move(callFrameRegister, X86Registers::ecx);
+    call(Address(X86Registers::edx, OBJECT_OFFSETOF(JSFunction, m_data)));
+#endif
+
+    // We've put a few temporaries on the stack in addition to the actual arguments
+    // so pull them off now
+    addPtr(Imm32(NativeCallFrameSize - sizeof(NativeFunctionCalleeSignature)), stackPointerRegister);
+
+#elif PLATFORM(ARM_TRADITIONAL)
+    emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
+
+    // Allocate stack space for our arglist
+    COMPILE_ASSERT((sizeof(ArgList) & 0x7) == 0, ArgList_should_by_8byte_aligned);
+    subPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+
+    // Set up arguments
+    subPtr(Imm32(1), regT0); // Don't include 'this' in argcount
+
+    // Push argcount
+    storePtr(regT0, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_argCount)));
+
+    // Calculate the start of the callframe header, and store in regT1
+    move(callFrameRegister, regT1);
+    sub32(Imm32(RegisterFile::CallFrameHeaderSize * (int32_t)sizeof(Register)), regT1);
+
+    // Calculate start of arguments as callframe header - sizeof(Register) * argcount (regT1)
+    mul32(Imm32(sizeof(Register)), regT0, regT0);
+    subPtr(regT0, regT1);
+
+    // push pointer to arguments
+    storePtr(regT1, Address(stackPointerRegister, OBJECT_OFFSETOF(ArgList, m_args)));
+
+    // Setup arg3: regT1 currently points to the first argument, regT1-sizeof(Register) points to 'this'
+    loadPtr(Address(regT1, -(int32_t)sizeof(Register)), regT2);
+
+    // Setup arg2:
+    emitGetFromCallFrameHeaderPtr(RegisterFile::Callee, regT1);
+
+    // Setup arg1:
+    move(callFrameRegister, regT0);
+
+    // Setup arg4: This is a plain hack
+    move(stackPointerRegister, ARMRegisters::S0);
+
+    move(ctiReturnRegister, ARMRegisters::lr);
+    call(Address(regT1, OBJECT_OFFSETOF(JSFunction, m_data)));
+
+    addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
+
+#elif ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
+#error "JIT_OPTIMIZE_NATIVE_CALL not yet supported on this platform."
+#else
+    breakpoint();
+#endif
+
+    // Check for an exception
+    loadPtr(&(globalData->exception), regT2);
+    Jump exceptionHandler = branchTestPtr(NonZero, regT2);
+
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    
+    // Restore our caller's "r".
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    
+    // Return.
+    restoreReturnAddressBeforeReturn(regT1);
+    ret();
+
+    // Handle an exception
+    exceptionHandler.link(this);
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+    move(ImmPtr(&globalData->exceptionLocation), regT2);
+    storePtr(regT1, regT2);
+    move(ImmPtr(reinterpret_cast<void*>(ctiVMThrowTrampoline)), regT2);
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+    poke(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+    restoreReturnAddressBeforeReturn(regT2);
+    ret();
+    
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    Call string_failureCases1Call = makeTailRecursiveCall(string_failureCases1);
+    Call string_failureCases2Call = makeTailRecursiveCall(string_failureCases2);
+    Call string_failureCases3Call = makeTailRecursiveCall(string_failureCases3);
+#endif
+
+    // All trampolines constructed! copy the code, link up calls, and set the pointers on the Machine object.
+    LinkBuffer patchBuffer(this, m_globalData->executableAllocator.poolForSize(m_assembler.size()));
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    patchBuffer.link(string_failureCases1Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases2Call, FunctionPtr(cti_op_get_by_id_string_fail));
+    patchBuffer.link(string_failureCases3Call, FunctionPtr(cti_op_get_by_id_string_fail));
+#endif
+    patchBuffer.link(callArityCheck1, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction1, FunctionPtr(cti_op_call_JSFunction));
+#if ENABLE(JIT_OPTIMIZE_CALL)
+    patchBuffer.link(callArityCheck2, FunctionPtr(cti_op_call_arityCheck));
+    patchBuffer.link(callJSFunction2, FunctionPtr(cti_op_call_JSFunction));
+    patchBuffer.link(callLazyLinkCall, FunctionPtr(cti_vm_lazyLinkCall));
+#endif
+
+    CodeRef finalCode = patchBuffer.finalizeCode();
+    *executablePool = finalCode.m_executablePool;
+
+    *ctiVirtualCallLink = trampolineAt(finalCode, virtualCallLinkBegin);
+    *ctiVirtualCall = trampolineAt(finalCode, virtualCallBegin);
+    *ctiNativeCallThunk = trampolineAt(finalCode, nativeCallThunk);
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+    *ctiStringLengthTrampoline = trampolineAt(finalCode, stringLengthBegin);
+#else
+    UNUSED_PARAM(ctiStringLengthTrampoline);
+#endif
+}
+
+void JIT::emit_op_mov(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    if (m_codeBlock->isConstantRegisterIndex(src)) {
+        storePtr(ImmPtr(JSValue::encode(getConstantOperand(src))), Address(callFrameRegister, dst * sizeof(Register)));
+        if (dst == m_lastResultBytecodeRegister)
+            killLastResultRegister();
+    } else if ((src == m_lastResultBytecodeRegister) || (dst == m_lastResultBytecodeRegister)) {
+        // If either the src or dst is the cached register go though
+        // get/put registers to make sure we track this correctly.
+        emitGetVirtualRegister(src, regT0);
+        emitPutVirtualRegister(dst);
+    } else {
+        // Perform the copy via regT1; do not disturb any mapping in regT0.
+        loadPtr(Address(callFrameRegister, src * sizeof(Register)), regT1);
+        storePtr(regT1, Address(callFrameRegister, dst * sizeof(Register)));
+    }
+}
+
+void JIT::emit_op_end(Instruction* currentInstruction)
+{
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_end).call();
+    ASSERT(returnValueRegister != callFrameRegister);
+    emitGetVirtualRegister(currentInstruction[1].u.operand, returnValueRegister);
+    restoreReturnAddressBeforeReturn(Address(callFrameRegister, RegisterFile::ReturnPC * static_cast<int>(sizeof(Register))));
+    ret();
+}
+
+void JIT::emit_op_jmp(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[1].u.operand;
+    addJump(jump(), target + 1);
+    RECORD_JUMP_TARGET(target + 1);
+}
+
+void JIT::emit_op_loop(Instruction* currentInstruction)
+{
+    emitTimeoutCheck();
+
+    unsigned target = currentInstruction[1].u.operand;
+    addJump(jump(), target + 1);
+}
+
+void JIT::emit_op_loop_if_less(Instruction* currentInstruction)
+{
+    emitTimeoutCheck();
+
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+    if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t op2imm = getConstantOperandImmediateInt(op2);
+#else
+        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
+#endif
+        addJump(branch32(LessThan, regT0, Imm32(op2imm)), target + 3);
+    } else if (isOperandConstantImmediateInt(op1)) {
+        emitGetVirtualRegister(op2, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t op1imm = getConstantOperandImmediateInt(op1);
+#else
+        int32_t op1imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op1)));
+#endif
+        addJump(branch32(GreaterThan, regT0, Imm32(op1imm)), target + 3);
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+        addJump(branch32(LessThan, regT0, regT1), target + 3);
+    }
+}
+
+void JIT::emit_op_loop_if_lesseq(Instruction* currentInstruction)
+{
+    emitTimeoutCheck();
+
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+    if (isOperandConstantImmediateInt(op2)) {
+        emitGetVirtualRegister(op1, regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+        int32_t op2imm = getConstantOperandImmediateInt(op2);
+#else
+        int32_t op2imm = static_cast<int32_t>(JSImmediate::rawValue(getConstantOperand(op2)));
+#endif
+        addJump(branch32(LessThanOrEqual, regT0, Imm32(op2imm)), target + 3);
+    } else {
+        emitGetVirtualRegisters(op1, regT0, op2, regT1);
+        emitJumpSlowCaseIfNotImmediateInteger(regT0);
+        emitJumpSlowCaseIfNotImmediateInteger(regT1);
+        addJump(branch32(LessThanOrEqual, regT0, regT1), target + 3);
+    }
+}
+
+void JIT::emit_op_new_object(Instruction* currentInstruction)
+{
+    JITStubCall(this, cti_op_new_object).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_instanceof(Instruction* currentInstruction)
+{
+    // Load the operands (baseVal, proto, and value respectively) into registers.
+    // We use regT0 for baseVal since we will be done with this first, and we can then use it for the result.
+    emitGetVirtualRegister(currentInstruction[3].u.operand, regT0);
+    emitGetVirtualRegister(currentInstruction[4].u.operand, regT1);
+    emitGetVirtualRegister(currentInstruction[2].u.operand, regT2);
+
+    // Check that baseVal & proto are cells.
+    emitJumpSlowCaseIfNotJSCell(regT0);
+    emitJumpSlowCaseIfNotJSCell(regT1);
+
+    // Check that baseVal is an object, that it 'ImplementsHasInstance' but that it does not 'OverridesHasInstance'.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
+    addSlowCase(branchTest32(Zero, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(ImplementsDefaultHasInstance)));
+
+    // If value is not an Object, return false.
+    Jump valueIsImmediate = emitJumpIfNotJSCell(regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    Jump valueIsNotObject = branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
+
+    // Check proto is object.
+    loadPtr(Address(regT1, OBJECT_OFFSETOF(JSCell, m_structure)), regT0);
+    addSlowCase(branch32(NotEqual, Address(regT0, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType)));
+
+    // Optimistically load the result true, and start looping.
+    // Initially, regT1 still contains proto and regT2 still contains value.
+    // As we loop regT2 will be updated with its prototype, recursively walking the prototype chain.
+    move(ImmPtr(JSValue::encode(jsBoolean(true))), regT0);
+    Label loop(this);
+
+    // Load the prototype of the object in regT2.  If this is equal to regT1 - WIN!
+    // Otherwise, check if we've hit null - if we have then drop out of the loop, if not go again.
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
+    Jump isInstance = branchPtr(Equal, regT2, regT1);
+    branchPtr(NotEqual, regT2, ImmPtr(JSValue::encode(jsNull())), loop);
+
+    // We get here either by dropping out of the loop, or if value was not an Object.  Result is false.
+    valueIsImmediate.link(this);
+    valueIsNotObject.link(this);
+    move(ImmPtr(JSValue::encode(jsBoolean(false))), regT0);
+
+    // isInstance jumps right down to here, to skip setting the result to false (it has already set true).
+    isInstance.link(this);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_new_func(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func);
+    stubCall.addArgument(ImmPtr(m_codeBlock->functionDecl(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_call(Instruction* currentInstruction)
+{
+    compileOpCall(op_call, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_call_eval(Instruction* currentInstruction)
+{
+    compileOpCall(op_call_eval, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_load_varargs(Instruction* currentInstruction)
+{
+    int argCountDst = currentInstruction[1].u.operand;
+    int argsOffset = currentInstruction[2].u.operand;
+
+    JITStubCall stubCall(this, cti_op_load_varargs);
+    stubCall.addArgument(Imm32(argsOffset));
+    stubCall.call();
+    // Stores a naked int32 in the register file.
+    store32(returnValueRegister, Address(callFrameRegister, argCountDst * sizeof(Register)));
+}
+
+void JIT::emit_op_call_varargs(Instruction* currentInstruction)
+{
+    compileOpCallVarargs(currentInstruction);
+}
+
+void JIT::emit_op_construct(Instruction* currentInstruction)
+{
+    compileOpCall(op_construct, currentInstruction, m_callLinkInfoIndex++);
+}
+
+void JIT::emit_op_get_global_var(Instruction* currentInstruction)
+{
+    JSVariableObject* globalObject = static_cast<JSVariableObject*>(currentInstruction[2].u.jsCell);
+    move(ImmPtr(globalObject), regT0);
+    emitGetVariableObjectRegister(regT0, currentInstruction[3].u.operand, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_put_global_var(Instruction* currentInstruction)
+{
+    emitGetVirtualRegister(currentInstruction[3].u.operand, regT1);
+    JSVariableObject* globalObject = static_cast<JSVariableObject*>(currentInstruction[1].u.jsCell);
+    move(ImmPtr(globalObject), regT0);
+    emitPutVariableObjectRegister(regT1, regT0, currentInstruction[2].u.operand);
+}
+
+void JIT::emit_op_get_scoped_var(Instruction* currentInstruction)
+{
+    int skip = currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain();
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT0);
+    while (skip--)
+        loadPtr(Address(regT0, OBJECT_OFFSETOF(ScopeChainNode, next)), regT0);
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(ScopeChainNode, object)), regT0);
+    emitGetVariableObjectRegister(regT0, currentInstruction[2].u.operand, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_put_scoped_var(Instruction* currentInstruction)
+{
+    int skip = currentInstruction[2].u.operand + m_codeBlock->needsFullScopeChain();
+
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1);
+    emitGetVirtualRegister(currentInstruction[3].u.operand, regT0);
+    while (skip--)
+        loadPtr(Address(regT1, OBJECT_OFFSETOF(ScopeChainNode, next)), regT1);
+
+    loadPtr(Address(regT1, OBJECT_OFFSETOF(ScopeChainNode, object)), regT1);
+    emitPutVariableObjectRegister(regT0, regT1, currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_tear_off_activation(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_tear_off_activation);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.call();
+}
+
+void JIT::emit_op_tear_off_arguments(Instruction*)
+{
+    JITStubCall(this, cti_op_tear_off_arguments).call();
+}
+
+void JIT::emit_op_ret(Instruction* currentInstruction)
+{
+#ifdef QT_BUILD_SCRIPT_LIB
+    JITStubCall stubCall(this, cti_op_debug_return);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+#endif
+    // We could JIT generate the deref, only calling out to C when the refcount hits zero.
+    if (m_codeBlock->needsFullScopeChain())
+        JITStubCall(this, cti_op_ret_scopeChain).call();
+
+    ASSERT(callFrameRegister != regT1);
+    ASSERT(regT1 != returnValueRegister);
+    ASSERT(returnValueRegister != callFrameRegister);
+
+    // Return the result in %eax.
+    emitGetVirtualRegister(currentInstruction[1].u.operand, returnValueRegister);
+
+    // Grab the return address.
+    emitGetFromCallFrameHeaderPtr(RegisterFile::ReturnPC, regT1);
+
+    // Restore our caller's "r".
+    emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, callFrameRegister);
+
+    // Return.
+    restoreReturnAddressBeforeReturn(regT1);
+    ret();
+}
+
+void JIT::emit_op_new_array(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_array);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_construct_verify(Instruction* currentInstruction)
+{
+    emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
+
+    emitJumpSlowCaseIfNotJSCell(regT0);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
+
+}
+
+void JIT::emit_op_to_primitive(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int src = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(src, regT0);
+    
+    Jump isImm = emitJumpIfNotJSCell(regT0);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr)));
+    isImm.link(this);
+
+    if (dst != src)
+        emitPutVirtualRegister(dst);
+
+}
+
+void JIT::emit_op_strcat(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_strcat);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_loop_if_true(Instruction* currentInstruction)
+{
+    emitTimeoutCheck();
+
+    unsigned target = currentInstruction[2].u.operand;
+    emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
+
+    Jump isZero = branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0))));
+    addJump(emitJumpIfImmediateInteger(regT0), target + 2);
+
+    addJump(branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsBoolean(true)))), target + 2);
+    addSlowCase(branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(jsBoolean(false)))));
+
+    isZero.link(this);
+};
+void JIT::emit_op_resolve_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_skip(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_skip);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand + m_codeBlock->needsFullScopeChain()));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_global(Instruction* currentInstruction)
+{
+    // Fast case
+    void* globalObject = currentInstruction[2].u.jsCell;
+    Identifier* ident = &m_codeBlock->identifier(currentInstruction[3].u.operand);
+    
+    unsigned currentIndex = m_globalResolveInfoIndex++;
+    void* structureAddress = &(m_codeBlock->globalResolveInfo(currentIndex).structure);
+    void* offsetAddr = &(m_codeBlock->globalResolveInfo(currentIndex).offset);
+
+    // Check Structure of global object
+    move(ImmPtr(globalObject), regT0);
+    loadPtr(structureAddress, regT1);
+    Jump noMatch = branchPtr(NotEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure))); // Structures don't match
+
+    // Load cached property
+    // Assume that the global object always uses external storage.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSGlobalObject, m_externalStorage)), regT0);
+    load32(offsetAddr, regT1);
+    loadPtr(BaseIndex(regT0, regT1, ScalePtr), regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+    Jump end = jump();
+
+    // Slow case
+    noMatch.link(this);
+    JITStubCall stubCall(this, cti_op_resolve_global);
+    stubCall.addArgument(ImmPtr(globalObject));
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(Imm32(currentIndex));
+    stubCall.call(currentInstruction[1].u.operand);
+    end.link(this);
+}
+
+void JIT::emit_op_not(Instruction* currentInstruction)
+{
+    emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
+    xorPtr(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), regT0);
+    addSlowCase(branchTestPtr(NonZero, regT0, Imm32(static_cast<int32_t>(~JSImmediate::ExtendedPayloadBitBoolValue))));
+    xorPtr(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool | JSImmediate::ExtendedPayloadBitBoolValue)), regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_jfalse(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[2].u.operand;
+    emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
+
+    addJump(branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0)))), target + 2);
+    Jump isNonZero = emitJumpIfImmediateInteger(regT0);
+
+    addJump(branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsBoolean(false)))), target + 2);
+    addSlowCase(branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(jsBoolean(true)))));
+
+    isNonZero.link(this);
+    RECORD_JUMP_TARGET(target + 2);
+};
+void JIT::emit_op_jeq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(src, regT0);
+    Jump isImmediate = emitJumpIfNotJSCell(regT0);
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+    andPtr(Imm32(~JSImmediate::ExtendedTagBitUndefined), regT0);
+    addJump(branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsNull()))), target + 2);            
+
+    wasNotImmediate.link(this);
+    RECORD_JUMP_TARGET(target + 2);
+};
+void JIT::emit_op_jneq_null(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    unsigned target = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(src, regT0);
+    Jump isImmediate = emitJumpIfNotJSCell(regT0);
+
+    // First, handle JSCell cases - check MasqueradesAsUndefined bit on the structure.
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addJump(branchTest32(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined)), target + 2);
+    Jump wasNotImmediate = jump();
+
+    // Now handle the immediate cases - undefined & null
+    isImmediate.link(this);
+    andPtr(Imm32(~JSImmediate::ExtendedTagBitUndefined), regT0);
+    addJump(branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(jsNull()))), target + 2);            
+
+    wasNotImmediate.link(this);
+    RECORD_JUMP_TARGET(target + 2);
+}
+
+void JIT::emit_op_jneq_ptr(Instruction* currentInstruction)
+{
+    unsigned src = currentInstruction[1].u.operand;
+    JSCell* ptr = currentInstruction[2].u.jsCell;
+    unsigned target = currentInstruction[3].u.operand;
+    
+    emitGetVirtualRegister(src, regT0);
+    addJump(branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(JSValue(ptr)))), target + 3);            
+
+    RECORD_JUMP_TARGET(target + 3);
+}
+
+void JIT::emit_op_jsr(Instruction* currentInstruction)
+{
+    int retAddrDst = currentInstruction[1].u.operand;
+    int target = currentInstruction[2].u.operand;
+    DataLabelPtr storeLocation = storePtrWithPatch(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * retAddrDst));
+    addJump(jump(), target + 2);
+    m_jsrSites.append(JSRInfo(storeLocation, label()));
+    killLastResultRegister();
+    RECORD_JUMP_TARGET(target + 2);
+}
+
+void JIT::emit_op_sret(Instruction* currentInstruction)
+{
+    jump(Address(callFrameRegister, sizeof(Register) * currentInstruction[1].u.operand));
+    killLastResultRegister();
+}
+
+void JIT::emit_op_eq(Instruction* currentInstruction)
+{
+    emitGetVirtualRegisters(currentInstruction[2].u.operand, regT0, currentInstruction[3].u.operand, regT1);
+    emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
+    set32(Equal, regT1, regT0, regT0);
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_bitnot(Instruction* currentInstruction)
+{
+    emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
+    emitJumpSlowCaseIfNotImmediateInteger(regT0);
+#if USE(JSVALUE64)
+    not32(regT0);
+    emitFastArithIntToImmNoCheck(regT0, regT0);
+#else
+    xorPtr(Imm32(~JSImmediate::TagTypeNumber), regT0);
+#endif
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_resolve_with_base(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_resolve_with_base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call(currentInstruction[2].u.operand);
+}
+
+void JIT::emit_op_new_func_exp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_func_exp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->functionExpr(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_jtrue(Instruction* currentInstruction)
+{
+    unsigned target = currentInstruction[2].u.operand;
+    emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
+
+    Jump isZero = branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsNumber(m_globalData, 0))));
+    addJump(emitJumpIfImmediateInteger(regT0), target + 2);
+
+    addJump(branchPtr(Equal, regT0, ImmPtr(JSValue::encode(jsBoolean(true)))), target + 2);
+    addSlowCase(branchPtr(NotEqual, regT0, ImmPtr(JSValue::encode(jsBoolean(false)))));
+
+    isZero.link(this);
+    RECORD_JUMP_TARGET(target + 2);
+}
+
+void JIT::emit_op_neq(Instruction* currentInstruction)
+{
+    emitGetVirtualRegisters(currentInstruction[2].u.operand, regT0, currentInstruction[3].u.operand, regT1);
+    emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
+    set32(NotEqual, regT1, regT0, regT0);
+    emitTagAsBoolImmediate(regT0);
+
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+
+}
+
+void JIT::emit_op_bitxor(Instruction* currentInstruction)
+{
+    emitGetVirtualRegisters(currentInstruction[2].u.operand, regT0, currentInstruction[3].u.operand, regT1);
+    emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
+    xorPtr(regT1, regT0);
+    emitFastArithReTagImmediate(regT0, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_new_regexp(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_regexp);
+    stubCall.addArgument(ImmPtr(m_codeBlock->regexp(currentInstruction[2].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_bitor(Instruction* currentInstruction)
+{
+    emitGetVirtualRegisters(currentInstruction[2].u.operand, regT0, currentInstruction[3].u.operand, regT1);
+    emitJumpSlowCaseIfNotImmediateIntegers(regT0, regT1, regT2);
+    orPtr(regT1, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_throw(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_throw);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.call();
+    ASSERT(regT0 == returnValueRegister);
+#ifndef NDEBUG
+    // cti_op_throw always changes it's return address,
+    // this point in the code should never be reached.
+    breakpoint();
+#endif
+}
+
+void JIT::emit_op_next_pname(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_next_pname);
+    stubCall.addArgument(currentInstruction[2].u.operand, regT2);
+    stubCall.call();
+    Jump endOfIter = branchTestPtr(Zero, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+    addJump(jump(), currentInstruction[3].u.operand + 3);
+    endOfIter.link(this);
+}
+
+void JIT::emit_op_push_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_scope);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_pop_scope(Instruction*)
+{
+    JITStubCall(this, cti_op_pop_scope).call();
+}
+
+void JIT::compileOpStrictEq(Instruction* currentInstruction, CompileOpStrictEqType type)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+    unsigned src2 = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(src1, regT0, src2, regT1);
+
+    // Jump to a slow case if either operand is a number, or if both are JSCell*s.
+    move(regT0, regT2);
+    orPtr(regT1, regT2);
+    addSlowCase(emitJumpIfJSCell(regT2));
+    addSlowCase(emitJumpIfImmediateNumber(regT2));
+
+    if (type == OpStrictEq)
+        set32(Equal, regT1, regT0, regT0);
+    else
+        set32(NotEqual, regT1, regT0, regT0);
+    emitTagAsBoolImmediate(regT0);
+
+    emitPutVirtualRegister(dst);
+}
+
+void JIT::emit_op_stricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpStrictEq);
+}
+
+void JIT::emit_op_nstricteq(Instruction* currentInstruction)
+{
+    compileOpStrictEq(currentInstruction, OpNStrictEq);
+}
+
+void JIT::emit_op_to_jsnumber(Instruction* currentInstruction)
+{
+    int srcVReg = currentInstruction[2].u.operand;
+    emitGetVirtualRegister(srcVReg, regT0);
+    
+    Jump wasImmediate = emitJumpIfImmediateInteger(regT0);
+
+    emitJumpSlowCaseIfNotJSCell(regT0, srcVReg);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    addSlowCase(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(NumberType)));
+    
+    wasImmediate.link(this);
+
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_push_new_scope(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_push_new_scope);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(currentInstruction[3].u.operand, regT2);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_catch(Instruction* currentInstruction)
+{
+    killLastResultRegister(); // FIXME: Implicitly treat op_catch as a labeled statement, and remove this line of code.
+    peek(callFrameRegister, OBJECT_OFFSETOF(struct JITStackFrame, callFrame) / sizeof (void*));
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+#ifdef QT_BUILD_SCRIPT_LIB
+    JITStubCall stubCall(this, cti_op_debug_catch);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+#endif
+}
+
+void JIT::emit_op_jmp_scopes(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_jmp_scopes);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.call();
+    addJump(jump(), currentInstruction[2].u.operand + 2);
+    RECORD_JUMP_TARGET(currentInstruction[2].u.operand + 2);
+}
+
+void JIT::emit_op_switch_imm(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->immediateSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Immediate));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_imm);
+    stubCall.addArgument(scrutinee, regT2);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_char(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    SimpleJumpTable* jumpTable = &m_codeBlock->characterSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset, SwitchRecord::Character));
+    jumpTable->ctiOffsets.grow(jumpTable->branchOffsets.size());
+
+    JITStubCall stubCall(this, cti_op_switch_char);
+    stubCall.addArgument(scrutinee, regT2);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_switch_string(Instruction* currentInstruction)
+{
+    unsigned tableIndex = currentInstruction[1].u.operand;
+    unsigned defaultOffset = currentInstruction[2].u.operand;
+    unsigned scrutinee = currentInstruction[3].u.operand;
+
+    // create jump table for switch destinations, track this switch statement.
+    StringJumpTable* jumpTable = &m_codeBlock->stringSwitchJumpTable(tableIndex);
+    m_switches.append(SwitchRecord(jumpTable, m_bytecodeIndex, defaultOffset));
+
+    JITStubCall stubCall(this, cti_op_switch_string);
+    stubCall.addArgument(scrutinee, regT2);
+    stubCall.addArgument(Imm32(tableIndex));
+    stubCall.call();
+    jump(regT0);
+}
+
+void JIT::emit_op_new_error(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_new_error);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(ImmPtr(JSValue::encode(m_codeBlock->getConstant(currentInstruction[3].u.operand))));
+    stubCall.addArgument(Imm32(m_bytecodeIndex));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_debug(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_debug);
+    stubCall.addArgument(Imm32(currentInstruction[1].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[3].u.operand));
+    stubCall.addArgument(Imm32(currentInstruction[4].u.operand));
+    stubCall.call();
+}
+
+void JIT::emit_op_eq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(src1, regT0);
+    Jump isImmediate = emitJumpIfNotJSCell(regT0);
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    setTest32(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT0);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    andPtr(Imm32(~JSImmediate::ExtendedTagBitUndefined), regT0);
+    setPtr(Equal, regT0, Imm32(JSImmediate::FullTagTypeNull), regT0);
+
+    wasNotImmediate.link(this);
+
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(dst);
+
+}
+
+void JIT::emit_op_neq_null(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned src1 = currentInstruction[2].u.operand;
+
+    emitGetVirtualRegister(src1, regT0);
+    Jump isImmediate = emitJumpIfNotJSCell(regT0);
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    setTest32(Zero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(MasqueradesAsUndefined), regT0);
+
+    Jump wasNotImmediate = jump();
+
+    isImmediate.link(this);
+
+    andPtr(Imm32(~JSImmediate::ExtendedTagBitUndefined), regT0);
+    setPtr(NotEqual, regT0, Imm32(JSImmediate::FullTagTypeNull), regT0);
+
+    wasNotImmediate.link(this);
+
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(dst);
+
+}
+
+void JIT::emit_op_enter(Instruction*)
+{
+    // Even though CTI doesn't use them, we initialize our constant
+    // registers to zap stale pointers, to avoid unnecessarily prolonging
+    // object lifetime and increasing GC pressure.
+    size_t count = m_codeBlock->m_numVars;
+    for (size_t j = 0; j < count; ++j)
+        emitInitRegister(j);
+
+}
+
+void JIT::emit_op_enter_with_activation(Instruction* currentInstruction)
+{
+    // Even though CTI doesn't use them, we initialize our constant
+    // registers to zap stale pointers, to avoid unnecessarily prolonging
+    // object lifetime and increasing GC pressure.
+    size_t count = m_codeBlock->m_numVars;
+    for (size_t j = 0; j < count; ++j)
+        emitInitRegister(j);
+
+    JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand);
+}
+
+void JIT::emit_op_create_arguments(Instruction*)
+{
+    Jump argsCreated = branchTestPtr(NonZero, Address(callFrameRegister, sizeof(Register) * RegisterFile::ArgumentsRegister));
+    if (m_codeBlock->m_numParameters == 1)
+        JITStubCall(this, cti_op_create_arguments_no_params).call();
+    else
+        JITStubCall(this, cti_op_create_arguments).call();
+    argsCreated.link(this);
+}
+    
+void JIT::emit_op_init_arguments(Instruction*)
+{
+    storePtr(ImmPtr(0), Address(callFrameRegister, sizeof(Register) * RegisterFile::ArgumentsRegister));
+}
+
+void JIT::emit_op_convert_this(Instruction* currentInstruction)
+{
+    emitGetVirtualRegister(currentInstruction[1].u.operand, regT0);
+
+    emitJumpSlowCaseIfNotJSCell(regT0);
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
+    addSlowCase(branchTest32(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
+
+}
+
+void JIT::emit_op_profile_will_call(Instruction* currentInstruction)
+{
+    peek(regT1, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT1));
+
+    JITStubCall stubCall(this, cti_op_profile_will_call);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT1);
+    stubCall.call();
+    noProfiler.link(this);
+
+}
+
+void JIT::emit_op_profile_did_call(Instruction* currentInstruction)
+{
+    peek(regT1, OBJECT_OFFSETOF(JITStackFrame, enabledProfilerReference) / sizeof (void*));
+    Jump noProfiler = branchTestPtr(Zero, Address(regT1));
+
+    JITStubCall stubCall(this, cti_op_profile_did_call);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT1);
+    stubCall.call();
+    noProfiler.link(this);
+}
+
+
+// Slow cases
+
+void JIT::emitSlow_op_convert_this(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_convert_this);
+    stubCall.addArgument(regT0);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_construct_verify(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    emitGetVirtualRegister(currentInstruction[2].u.operand, regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_to_primitive(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_primitive);
+    stubCall.addArgument(regT0);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base array check
+    linkSlowCase(iter); // vector length check
+    linkSlowCase(iter); // empty value
+
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base, regT2);
+    stubCall.addArgument(property, regT2);
+    stubCall.call(dst);
+}
+
+void JIT::emitSlow_op_loop_if_less(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op1 = currentInstruction[1].u.operand;
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(op2, regT2);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+    } else if (isOperandConstantImmediateInt(op1)) {
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
+        stubCall.addArgument(op1, regT2);
+        stubCall.addArgument(regT0);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+    } else {
+        linkSlowCase(iter);
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_loop_if_less);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+    }
+}
+
+void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned op2 = currentInstruction[2].u.operand;
+    unsigned target = currentInstruction[3].u.operand;
+    if (isOperandConstantImmediateInt(op2)) {
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_loop_if_lesseq);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(currentInstruction[2].u.operand, regT2);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+    } else {
+        linkSlowCase(iter);
+        linkSlowCase(iter);
+        JITStubCall stubCall(this, cti_op_loop_if_lesseq);
+        stubCall.addArgument(regT0);
+        stubCall.addArgument(regT1);
+        stubCall.call();
+        emitJumpSlowToHot(branchTest32(NonZero, regT0), target + 3);
+    }
+}
+
+void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base not array check
+    linkSlowCase(iter); // in vector check
+
+    JITStubCall stubPutByValCall(this, cti_op_put_by_val);
+    stubPutByValCall.addArgument(regT0);
+    stubPutByValCall.addArgument(property, regT2);
+    stubPutByValCall.addArgument(value, regT2);
+    stubPutByValCall.call();
+}
+
+void JIT::emitSlow_op_loop_if_true(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(regT0);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), currentInstruction[2].u.operand + 2);
+}
+
+void JIT::emitSlow_op_not(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    xorPtr(Imm32(static_cast<int32_t>(JSImmediate::FullTagTypeBool)), regT0);
+    JITStubCall stubCall(this, cti_op_not);
+    stubCall.addArgument(regT0);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_jfalse(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(regT0);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(Zero, regT0), currentInstruction[2].u.operand + 2); // inverted!
+}
+
+void JIT::emitSlow_op_bitnot(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_bitnot);
+    stubCall.addArgument(regT0);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_jtrue(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_jtrue);
+    stubCall.addArgument(regT0);
+    stubCall.call();
+    emitJumpSlowToHot(branchTest32(NonZero, regT0), currentInstruction[2].u.operand + 2);
+}
+
+void JIT::emitSlow_op_bitxor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_bitxor);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_bitor(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_bitor);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_eq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_eq);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call();
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_neq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_eq);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call();
+    xor32(Imm32(0x1), regT0);
+    emitTagAsBoolImmediate(regT0);
+    emitPutVirtualRegister(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_stricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_stricteq);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_nstricteq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_nstricteq);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(regT1);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_instanceof(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    linkSlowCase(iter);
+    JITStubCall stubCall(this, cti_op_instanceof);
+    stubCall.addArgument(currentInstruction[2].u.operand, regT2);
+    stubCall.addArgument(currentInstruction[3].u.operand, regT2);
+    stubCall.addArgument(currentInstruction[4].u.operand, regT2);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+void JIT::emitSlow_op_call(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call);
+}
+
+void JIT::emitSlow_op_call_eval(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_call_eval);
+}
+
+void JIT::emitSlow_op_call_varargs(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallVarargsSlowCase(currentInstruction, iter);
+}
+
+void JIT::emitSlow_op_construct(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    compileOpCallSlowCase(currentInstruction, iter, m_callLinkInfoIndex++, op_construct);
+}
+
+void JIT::emitSlow_op_to_jsnumber(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkSlowCaseIfNotJSCell(iter, currentInstruction[2].u.operand);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_to_jsnumber);
+    stubCall.addArgument(regT0);
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITPropertyAccess.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITPropertyAccess.cpp
new file mode 100644
index 000000000..9edfd01f8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -0,0 +1,1765 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JIT.h"
+
+#if ENABLE(JIT)
+
+#include "CodeBlock.h"
+#include "JITInlineMethods.h"
+#include "JITStubCall.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "LinkBuffer.h"
+#include "RepatchBuffer.h"
+#include "ResultType.h"
+#include "SamplingTool.h"
+
+#ifndef NDEBUG
+#include <stdio.h>
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+#if USE(JSVALUE32_64)
+
+void JIT::emit_op_put_by_index(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_index);
+    stubCall.addArgument(base);
+    stubCall.addArgument(Imm32(property));
+    stubCall.addArgument(value);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_getter(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned function = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_getter);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.addArgument(function);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_setter(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned function = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_setter);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.addArgument(function);
+    stubCall.call();
+}
+
+void JIT::emit_op_del_by_id(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_del_by_id);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(property)));
+    stubCall.call(dst);
+}
+
+
+#if !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+#error "JIT_OPTIMIZE_METHOD_CALLS requires JIT_OPTIMIZE_PROPERTY_ACCESS"
+#endif
+
+void JIT::emit_op_get_by_val(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.call(dst);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_put_by_val(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.addArgument(value);
+    stubCall.call();
+}
+
+void JIT::emitSlow_op_put_by_val(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_get_by_id_generic);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.call(dst);
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    m_propertyAccessInstructionIndex++;
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    int base = currentInstruction[1].u.operand;
+    int ident = currentInstruction[2].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    JITStubCall stubCall(this, cti_op_put_by_id_generic);
+    stubCall.addArgument(base);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.addArgument(value);
+    stubCall.call();
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    m_propertyAccessInstructionIndex++;
+    ASSERT_NOT_REACHED();
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+void JIT::emit_op_method_check(Instruction* currentInstruction)
+{
+    // Assert that the following instruction is a get_by_id.
+    ASSERT(m_interpreter->getOpcodeID((currentInstruction + OPCODE_LENGTH(op_method_check))->u.opcode) == op_get_by_id);
+
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+
+    // Do the method check - check the object & its prototype's structure inline (this is the common case).
+    m_methodCallCompilationInfo.append(MethodCallCompilationInfo(m_propertyAccessInstructionIndex));
+    MethodCallCompilationInfo& info = m_methodCallCompilationInfo.last();
+
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+
+    emitLoad(base, regT1, regT0);
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(ImmPtr(0), regT2);
+    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+
+    // This will be relinked to load the function without doing a load.
+    DataLabelPtr putFunction = moveWithPatch(ImmPtr(0), regT0);
+    move(Imm32(JSValue::CellTag), regT1);
+    Jump match = jump();
+
+    ASSERT(differenceBetween(info.structureToCompare, protoObj) == patchOffsetMethodCheckProtoObj);
+    ASSERT(differenceBetween(info.structureToCompare, protoStructureToCompare) == patchOffsetMethodCheckProtoStruct);
+    ASSERT(differenceBetween(info.structureToCompare, putFunction) == patchOffsetMethodCheckPutFunction);
+
+    // Link the failure cases here.
+    structureCheck.link(this);
+    protoStructureCheck.link(this);
+
+    // Do a regular(ish) get_by_id (the slow case will be link to
+    // cti_op_get_by_id_method_check instead of cti_op_get_by_id.
+    compileGetByIdHotPath();
+
+    match.link(this);
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_method_check), dst, regT1, regT0);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+void JIT::emitSlow_op_method_check(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    compileGetByIdSlowCase(dst, base, &(m_codeBlock->identifier(ident)), iter, true);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+#else //!ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+
+#endif
+
+void JIT::emit_op_get_by_val(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+    
+    emitLoad2(base, regT1, regT0, property, regT3, regT2);
+
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT3);
+    addSlowCase(branch32(AboveOrEqual, regT2, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
+
+    load32(BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4), regT1); // tag
+    load32(BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), regT0); // payload
+    addSlowCase(branch32(Equal, regT1, Imm32(JSValue::EmptyValueTag)));
+
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_by_val), dst, regT1, regT0);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base array check
+    linkSlowCase(iter); // vector length check
+    linkSlowCase(iter); // empty value
+
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base);
+    stubCall.addArgument(property);
+    stubCall.call(dst);
+}
+
+void JIT::emit_op_put_by_val(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    emitLoad2(base, regT1, regT0, property, regT3, regT2);
+
+    addSlowCase(branch32(NotEqual, regT3, Imm32(JSValue::Int32Tag)));
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    addSlowCase(branch32(AboveOrEqual, regT2, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT3);
+
+    Jump empty = branch32(Equal, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4), Imm32(JSValue::EmptyValueTag));
+
+    Label storeResult(this);
+    emitLoad(value, regT1, regT0);
+    store32(regT0, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]))); // payload
+    store32(regT1, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(ArrayStorage, m_vector[0]) + 4)); // tag
+    Jump end = jump();
+
+    empty.link(this);
+    add32(Imm32(1), Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
+    branch32(Below, regT2, Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_length))).linkTo(storeResult, this);
+
+    add32(Imm32(1), regT2, regT0);
+    store32(regT0, Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_length)));
+    jump().linkTo(storeResult, this);
+
+    end.link(this);
+}
+
+void JIT::emitSlow_op_put_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    linkSlowCase(iter); // base not array check
+    linkSlowCase(iter); // in vector check
+
+    JITStubCall stubPutByValCall(this, cti_op_put_by_val);
+    stubPutByValCall.addArgument(base);
+    stubPutByValCall.addArgument(property);
+    stubPutByValCall.addArgument(value);
+    stubPutByValCall.call();
+}
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    
+    emitLoad(base, regT1, regT0);
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+    compileGetByIdHotPath();
+    emitStore(dst, regT1, regT0);
+    map(m_bytecodeIndex + OPCODE_LENGTH(op_get_by_id), dst, regT1, regT0);
+}
+
+void JIT::compileGetByIdHotPath()
+{
+    // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be patched.
+    // Additionally, for get_by_id we need patch the offset of the branch to the slow case (we patch this to jump
+    // to array-length / prototype access tranpolines, and finally we also the the property-map access offset as a label
+    // to jump back to if one of these trampolies finds a match.
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+    m_propertyAccessInstructionIndex++;
+
+    DataLabelPtr structureToCompare;
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    addSlowCase(structureCheck);
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetGetByIdStructure);
+    ASSERT(differenceBetween(hotPathBegin, structureCheck) == patchOffsetGetByIdBranchToSlowCase);
+
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT2);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetGetByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthGetByIdExternalLoad);
+
+    DataLabel32 displacementLabel1 = loadPtrWithAddressOffsetPatch(Address(regT2, patchGetByIdDefaultOffset), regT0); // payload
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetGetByIdPropertyMapOffset1);
+    DataLabel32 displacementLabel2 = loadPtrWithAddressOffsetPatch(Address(regT2, patchGetByIdDefaultOffset), regT1); // tag
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel2) == patchOffsetGetByIdPropertyMapOffset2);
+
+    Label putResult(this);
+    ASSERT(differenceBetween(hotPathBegin, putResult) == patchOffsetGetByIdPutResult);
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int dst = currentInstruction[1].u.operand;
+    int base = currentInstruction[2].u.operand;
+    int ident = currentInstruction[3].u.operand;
+
+    compileGetByIdSlowCase(dst, base, &(m_codeBlock->identifier(ident)), iter);
+}
+
+void JIT::compileGetByIdSlowCase(int dst, int base, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck)
+{
+    // As for the hot path of get_by_id, above, we ensure that we can use an architecture specific offset
+    // so that we only need track one pointer into the slow case code - we track a pointer to the location
+    // of the call (which we can use to look up the patch information), but should a array-length or
+    // prototype access trampoline fail we want to bail out back to here.  To do so we can subtract back
+    // the distance from the call to the head of the slow case.
+    linkSlowCaseIfNotJSCell(iter, base);
+    linkSlowCase(iter);
+
+    Label coldPathBegin(this);
+
+    JITStubCall stubCall(this, isMethodCheck ? cti_op_get_by_id_method_check : cti_op_get_by_id);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    Call call = stubCall.call(dst);
+
+    ASSERT(differenceBetween(coldPathBegin, call) == patchOffsetGetByIdSlowCaseCall);
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    // In order to be able to patch both the Structure, and the object offset, we store one pointer,
+    // to just after the arguments have been loaded into registers 'hotPathBegin', and we generate code
+    // such that the Structure & offset are always at the same distance from this.
+
+    int base = currentInstruction[1].u.operand;
+    int value = currentInstruction[3].u.operand;
+
+    emitLoad2(base, regT1, regT0, value, regT3, regT2);
+
+    emitJumpSlowCaseIfNotJSCell(base, regT1);
+
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+    m_propertyAccessInstructionIndex++;
+
+    // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
+    DataLabelPtr structureToCompare;
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetPutByIdStructure);
+
+    // Plant a load from a bogus ofset in the object's property map; we will patch this later, if it is to be used.
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT0);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetPutByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthPutByIdExternalLoad);
+
+    DataLabel32 displacementLabel1 = storePtrWithAddressOffsetPatch(regT2, Address(regT0, patchGetByIdDefaultOffset)); // payload
+    DataLabel32 displacementLabel2 = storePtrWithAddressOffsetPatch(regT3, Address(regT0, patchGetByIdDefaultOffset)); // tag
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel1) == patchOffsetPutByIdPropertyMapOffset1);
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel2) == patchOffsetPutByIdPropertyMapOffset2);
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    int base = currentInstruction[1].u.operand;
+    int ident = currentInstruction[2].u.operand;
+
+    linkSlowCaseIfNotJSCell(iter, base);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_put_by_id);
+    stubCall.addArgument(regT1, regT0);
+    stubCall.addArgument(ImmPtr(&(m_codeBlock->identifier(ident))));
+    stubCall.addArgument(regT3, regT2); 
+    Call call = stubCall.call();
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
+}
+
+// Compile a store into an object's property storage.  May overwrite base.
+void JIT::compilePutDirectOffset(RegisterID base, RegisterID valueTag, RegisterID valuePayload, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset;
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage) /  sizeof(Register);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    emitStore(offset, valueTag, valuePayload, base);
+}
+
+// Compile a load from an object's property storage.  May overwrite base.
+void JIT::compileGetDirectOffset(RegisterID base, RegisterID resultTag, RegisterID resultPayload, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset;
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage) / sizeof(Register);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    emitLoad(offset, resultTag, resultPayload, base);
+}
+
+void JIT::compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID resultTag, RegisterID resultPayload, size_t cachedOffset)
+{
+    if (base->isUsingInlineStorage()) {
+        load32(reinterpret_cast<char*>(&base->m_inlineStorage[cachedOffset]), resultPayload);
+        load32(reinterpret_cast<char*>(&base->m_inlineStorage[cachedOffset]) + 4, resultTag);
+        return;
+    }
+
+    size_t offset = cachedOffset * sizeof(JSValue);
+
+    PropertyStorage* protoPropertyStorage = &base->m_externalStorage;
+    loadPtr(static_cast<void*>(protoPropertyStorage), temp);
+    load32(Address(temp, offset), resultPayload);
+    load32(Address(temp, offset + 4), resultTag);
+}
+
+void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
+{
+    // It is assumed that regT0 contains the basePayload and regT1 contains the baseTag.  The value can be found on the stack.
+
+    JumpList failureCases;
+    failureCases.append(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(oldStructure)));
+
+    // Verify that nothing in the prototype chain has a setter for this property. 
+    for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+        failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(it->get())));
+    }
+
+    // Reallocate property storage if needed.
+    Call callTarget;
+    bool willNeedStorageRealloc = oldStructure->propertyStorageCapacity() != newStructure->propertyStorageCapacity();
+    if (willNeedStorageRealloc) {
+        // This trampoline was called to like a JIT stub; before we can can call again we need to
+        // remove the return address from the stack, to prevent the stack from becoming misaligned.
+        preserveReturnAddressAfterCall(regT3);
+ 
+        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
+        stubCall.skipArgument(); // base
+        stubCall.skipArgument(); // ident
+        stubCall.skipArgument(); // value
+        stubCall.addArgument(Imm32(oldStructure->propertyStorageCapacity()));
+        stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
+        stubCall.call(regT0);
+
+        restoreReturnAddressBeforeReturn(regT3);
+    }
+
+    sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
+    add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
+    storePtr(ImmPtr(newStructure), Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)));
+ 
+    load32(Address(stackPointerRegister, offsetof(struct JITStackFrame, args[2]) + sizeof(void*)), regT3);
+    load32(Address(stackPointerRegister, offsetof(struct JITStackFrame, args[2]) + sizeof(void*) + 4), regT2);
+
+    // Write the value
+    compilePutDirectOffset(regT0, regT2, regT3, newStructure, cachedOffset);
+
+    ret();
+    
+    ASSERT(!failureCases.empty());
+    failureCases.link(this);
+    restoreArgumentReferenceForTrampoline();
+    Call failureCall = tailRecursiveCall();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    patchBuffer.link(failureCall, FunctionPtr(cti_op_put_by_id_fail));
+
+    if (willNeedStorageRealloc) {
+        ASSERT(m_calls.size() == 1);
+        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
+    }
+    
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relinkCallerToTrampoline(returnAddress, entryLabel);
+}
+
+void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_get_by_id_generic.
+    // Should probably go to JITStubs::cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_self_fail));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetGetByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetGetByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset1), offset); // payload
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset2), offset + 4); // tag
+}
+
+void JIT::patchMethodCallProto(CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    ASSERT(!methodCallLinkInfo.cachedStructure);
+    methodCallLinkInfo.cachedStructure = structure;
+    structure->ref();
+
+    Structure* prototypeStructure = proto->structure();
+    ASSERT(!methodCallLinkInfo.cachedPrototypeStructure);
+    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
+    prototypeStructure->ref();
+
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoStruct), prototypeStructure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckPutFunction), callee);
+
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id));
+}
+
+void JIT::patchPutByIdReplace(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetPutByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetPutByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetPutByIdPropertyMapOffset1), offset); // payload
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetPutByIdPropertyMapOffset2), offset + 4); // tag
+}
+
+void JIT::privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress)
+{
+    StructureStubInfo* stubInfo = &m_codeBlock->getStubInfo(returnAddress);
+    
+    // regT0 holds a JSCell*
+
+    // Check for array
+    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr));
+
+    // Checks out okay! - get the length from the storage
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT2);
+
+    Jump failureCases2 = branch32(Above, regT2, Imm32(INT_MAX));
+    move(regT2, regT0);
+    move(Imm32(JSValue::Int32Tag), regT1);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_array_fail));
+}
+
+void JIT::privateCompileGetByIdProto(StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    // Checks out okay! - getDirectOffset
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+
+void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+{
+    // regT0 holds a JSCell*
+    
+    Jump failureCase = checkStructure(regT0, structure);
+    compileGetDirectOffset(regT0, regT1, regT0, structure, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = polymorphicStructures->list[currentIndex - 1].stubRoutine;
+    if (!lastProtoBegin)
+        lastProtoBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+
+    patchBuffer.link(failureCase, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    polymorphicStructures->list[currentIndex].set(entryLabel, structure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+    patchBuffer.link(failureCases1, lastProtoBegin);
+    patchBuffer.link(failureCases2, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    prototypeStructure->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, prototypeStructure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    bucketsOfFail.append(checkStructure(regT0, structure));
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+
+    patchBuffer.link(bucketsOfFail, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    // Track the stub we have created so that it will be deleted later.
+    structure->ref();
+    chain->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, chain);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChain(StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    // regT0 holds a JSCell*
+    
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    bucketsOfFail.append(checkStructure(regT0, structure));
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT2, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    patchBuffer.link(bucketsOfFail, stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall));
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+#else // USE(JSVALUE32_64)
+
+void JIT::emit_op_get_by_val(Instruction* currentInstruction)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(base, regT0, property, regT1);
+    emitJumpSlowCaseIfNotImmediateInteger(regT1);
+#if USE(JSVALUE64)
+    // This is technically incorrect - we're zero-extending an int32.  On the hot path this doesn't matter.
+    // We check the value as if it was a uint32 against the m_vectorLength - which will always fail if
+    // number was signed since m_vectorLength is always less than intmax (since the total allocation
+    // size is always less than 4Gb).  As such zero extending wil have been correct (and extending the value
+    // to 64-bits is necessary since it's used in the address calculation.  We zero extend rather than sign
+    // extending since it makes it easier to re-tag the value in the slow case.
+    zeroExtend32ToPtr(regT1, regT1);
+#else
+    emitFastArithImmToInt(regT1);
+#endif
+    emitJumpSlowCaseIfNotJSCell(regT0, base);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
+
+    loadPtr(BaseIndex(regT2, regT1, ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])), regT0);
+    addSlowCase(branchTestPtr(Zero, regT0));
+
+    emitPutVirtualRegister(dst);
+}
+
+void JIT::emit_op_put_by_val(Instruction* currentInstruction)
+{
+    unsigned base = currentInstruction[1].u.operand;
+    unsigned property = currentInstruction[2].u.operand;
+    unsigned value = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(base, regT0, property, regT1);
+    emitJumpSlowCaseIfNotImmediateInteger(regT1);
+#if USE(JSVALUE64)
+    // See comment in op_get_by_val.
+    zeroExtend32ToPtr(regT1, regT1);
+#else
+    emitFastArithImmToInt(regT1);
+#endif
+    emitJumpSlowCaseIfNotJSCell(regT0, base);
+    addSlowCase(branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr)));
+    addSlowCase(branch32(AboveOrEqual, regT1, Address(regT0, OBJECT_OFFSETOF(JSArray, m_vectorLength))));
+
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+
+    Jump empty = branchTestPtr(Zero, BaseIndex(regT2, regT1, ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])));
+
+    Label storeResult(this);
+    emitGetVirtualRegister(value, regT0);
+    storePtr(regT0, BaseIndex(regT2, regT1, ScalePtr, OBJECT_OFFSETOF(ArrayStorage, m_vector[0])));
+    Jump end = jump();
+    
+    empty.link(this);
+    add32(Imm32(1), Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
+    branch32(Below, regT1, Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length))).linkTo(storeResult, this);
+
+    move(regT1, regT0);
+    add32(Imm32(1), regT0);
+    store32(regT0, Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length)));
+    jump().linkTo(storeResult, this);
+
+    end.link(this);
+}
+
+void JIT::emit_op_put_by_index(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_put_by_index);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.addArgument(Imm32(currentInstruction[2].u.operand));
+    stubCall.addArgument(currentInstruction[3].u.operand, regT2);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_getter(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_put_getter);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(currentInstruction[3].u.operand, regT2);
+    stubCall.call();
+}
+
+void JIT::emit_op_put_setter(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_put_setter);
+    stubCall.addArgument(currentInstruction[1].u.operand, regT2);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[2].u.operand)));
+    stubCall.addArgument(currentInstruction[3].u.operand, regT2);
+    stubCall.call();
+}
+
+void JIT::emit_op_del_by_id(Instruction* currentInstruction)
+{
+    JITStubCall stubCall(this, cti_op_del_by_id);
+    stubCall.addArgument(currentInstruction[2].u.operand, regT2);
+    stubCall.addArgument(ImmPtr(&m_codeBlock->identifier(currentInstruction[3].u.operand)));
+    stubCall.call(currentInstruction[1].u.operand);
+}
+
+
+#if !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+#error "JIT_OPTIMIZE_METHOD_CALLS requires JIT_OPTIMIZE_PROPERTY_ACCESS"
+#endif
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    unsigned resultVReg = currentInstruction[1].u.operand;
+    unsigned baseVReg = currentInstruction[2].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
+
+    emitGetVirtualRegister(baseVReg, regT0);
+    JITStubCall stubCall(this, cti_op_get_by_id_generic);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.call(resultVReg);
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    unsigned baseVReg = currentInstruction[1].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[2].u.operand));
+    unsigned valueVReg = currentInstruction[3].u.operand;
+
+    emitGetVirtualRegisters(baseVReg, regT0, valueVReg, regT1);
+
+    JITStubCall stubCall(this, cti_op_put_by_id_generic);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(regT1);
+    stubCall.call();
+
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    ASSERT_NOT_REACHED();
+}
+
+#else // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+/* ------------------------------ BEGIN: ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#if ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+void JIT::emit_op_method_check(Instruction* currentInstruction)
+{
+    // Assert that the following instruction is a get_by_id.
+    ASSERT(m_interpreter->getOpcodeID((currentInstruction + OPCODE_LENGTH(op_method_check))->u.opcode) == op_get_by_id);
+
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+    unsigned resultVReg = currentInstruction[1].u.operand;
+    unsigned baseVReg = currentInstruction[2].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
+
+    emitGetVirtualRegister(baseVReg, regT0);
+
+    // Do the method check - check the object & its prototype's structure inline (this is the common case).
+    m_methodCallCompilationInfo.append(MethodCallCompilationInfo(m_propertyAccessInstructionIndex));
+    MethodCallCompilationInfo& info = m_methodCallCompilationInfo.last();
+
+    Jump notCell = emitJumpIfNotJSCell(regT0);
+
+    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceMethodCheck);
+
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), info.structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    DataLabelPtr protoStructureToCompare, protoObj = moveWithPatch(ImmPtr(0), regT1);
+    Jump protoStructureCheck = branchPtrWithPatch(NotEqual, Address(regT1, OBJECT_OFFSETOF(JSCell, m_structure)), protoStructureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+
+    // This will be relinked to load the function without doing a load.
+    DataLabelPtr putFunction = moveWithPatch(ImmPtr(0), regT0);
+
+    END_UNINTERRUPTED_SEQUENCE(sequenceMethodCheck);
+
+    Jump match = jump();
+
+    ASSERT(differenceBetween(info.structureToCompare, protoObj) == patchOffsetMethodCheckProtoObj);
+    ASSERT(differenceBetween(info.structureToCompare, protoStructureToCompare) == patchOffsetMethodCheckProtoStruct);
+    ASSERT(differenceBetween(info.structureToCompare, putFunction) == patchOffsetMethodCheckPutFunction);
+
+    // Link the failure cases here.
+    notCell.link(this);
+    structureCheck.link(this);
+    protoStructureCheck.link(this);
+
+    // Do a regular(ish) get_by_id (the slow case will be link to
+    // cti_op_get_by_id_method_check instead of cti_op_get_by_id.
+    compileGetByIdHotPath(resultVReg, baseVReg, ident, m_propertyAccessInstructionIndex++);
+
+    match.link(this);
+    emitPutVirtualRegister(resultVReg);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+void JIT::emitSlow_op_method_check(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    currentInstruction += OPCODE_LENGTH(op_method_check);
+    unsigned resultVReg = currentInstruction[1].u.operand;
+    unsigned baseVReg = currentInstruction[2].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
+
+    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, true);
+
+    // We've already generated the following get_by_id, so make sure it's skipped over.
+    m_bytecodeIndex += OPCODE_LENGTH(op_get_by_id);
+}
+
+#else //!ENABLE(JIT_OPTIMIZE_METHOD_CALLS)
+
+// Treat these as nops - the call will be handed as a regular get_by_id/op_call pair.
+void JIT::emit_op_method_check(Instruction*) {}
+void JIT::emitSlow_op_method_check(Instruction*, Vector<SlowCaseEntry>::iterator&) { ASSERT_NOT_REACHED(); }
+
+#endif
+
+void JIT::emit_op_get_by_id(Instruction* currentInstruction)
+{
+    unsigned resultVReg = currentInstruction[1].u.operand;
+    unsigned baseVReg = currentInstruction[2].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
+
+    emitGetVirtualRegister(baseVReg, regT0);
+    compileGetByIdHotPath(resultVReg, baseVReg, ident, m_propertyAccessInstructionIndex++);
+    emitPutVirtualRegister(resultVReg);
+}
+
+void JIT::compileGetByIdHotPath(int, int baseVReg, Identifier*, unsigned propertyAccessInstructionIndex)
+{
+    // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be patched.
+    // Additionally, for get_by_id we need patch the offset of the branch to the slow case (we patch this to jump
+    // to array-length / prototype access tranpolines, and finally we also the the property-map access offset as a label
+    // to jump back to if one of these trampolies finds a match.
+
+    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
+
+    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceGetByIdHotPath);
+
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+
+    DataLabelPtr structureToCompare;
+    Jump structureCheck = branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure)));
+    addSlowCase(structureCheck);
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetGetByIdStructure);
+    ASSERT(differenceBetween(hotPathBegin, structureCheck) == patchOffsetGetByIdBranchToSlowCase);
+
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT0);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetGetByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthGetByIdExternalLoad);
+
+    DataLabel32 displacementLabel = loadPtrWithAddressOffsetPatch(Address(regT0, patchGetByIdDefaultOffset), regT0);
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel) == patchOffsetGetByIdPropertyMapOffset);
+
+    Label putResult(this);
+
+    END_UNINTERRUPTED_SEQUENCE(sequenceGetByIdHotPath);
+
+    ASSERT(differenceBetween(hotPathBegin, putResult) == patchOffsetGetByIdPutResult);
+}
+
+void JIT::emitSlow_op_get_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned resultVReg = currentInstruction[1].u.operand;
+    unsigned baseVReg = currentInstruction[2].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
+
+    compileGetByIdSlowCase(resultVReg, baseVReg, ident, iter, false);
+}
+
+void JIT::compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck)
+{
+    // As for the hot path of get_by_id, above, we ensure that we can use an architecture specific offset
+    // so that we only need track one pointer into the slow case code - we track a pointer to the location
+    // of the call (which we can use to look up the patch information), but should a array-length or
+    // prototype access trampoline fail we want to bail out back to here.  To do so we can subtract back
+    // the distance from the call to the head of the slow case.
+
+    linkSlowCaseIfNotJSCell(iter, baseVReg);
+    linkSlowCase(iter);
+
+    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceGetByIdSlowCase);
+
+#ifndef NDEBUG
+    Label coldPathBegin(this);
+#endif
+    JITStubCall stubCall(this, isMethodCheck ? cti_op_get_by_id_method_check : cti_op_get_by_id);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    Call call = stubCall.call(resultVReg);
+
+    END_UNINTERRUPTED_SEQUENCE(sequenceGetByIdSlowCase);
+
+    ASSERT(differenceBetween(coldPathBegin, call) == patchOffsetGetByIdSlowCaseCall);
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[m_propertyAccessInstructionIndex].callReturnLocation = call;
+    m_propertyAccessInstructionIndex++;
+}
+
+void JIT::emit_op_put_by_id(Instruction* currentInstruction)
+{
+    unsigned baseVReg = currentInstruction[1].u.operand;
+    unsigned valueVReg = currentInstruction[3].u.operand;
+
+    unsigned propertyAccessInstructionIndex = m_propertyAccessInstructionIndex++;
+
+    // In order to be able to patch both the Structure, and the object offset, we store one pointer,
+    // to just after the arguments have been loaded into registers 'hotPathBegin', and we generate code
+    // such that the Structure & offset are always at the same distance from this.
+
+    emitGetVirtualRegisters(baseVReg, regT0, valueVReg, regT1);
+
+    // Jump to a slow case if either the base object is an immediate, or if the Structure does not match.
+    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
+
+    BEGIN_UNINTERRUPTED_SEQUENCE(sequencePutById);
+
+    Label hotPathBegin(this);
+    m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+
+    // It is important that the following instruction plants a 32bit immediate, in order that it can be patched over.
+    DataLabelPtr structureToCompare;
+    addSlowCase(branchPtrWithPatch(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), structureToCompare, ImmPtr(reinterpret_cast<void*>(patchGetByIdDefaultStructure))));
+    ASSERT(differenceBetween(hotPathBegin, structureToCompare) == patchOffsetPutByIdStructure);
+
+    // Plant a load from a bogus ofset in the object's property map; we will patch this later, if it is to be used.
+    Label externalLoad = loadPtrWithPatchToLEA(Address(regT0, OBJECT_OFFSETOF(JSObject, m_externalStorage)), regT0);
+    Label externalLoadComplete(this);
+    ASSERT(differenceBetween(hotPathBegin, externalLoad) == patchOffsetPutByIdExternalLoad);
+    ASSERT(differenceBetween(externalLoad, externalLoadComplete) == patchLengthPutByIdExternalLoad);
+
+    DataLabel32 displacementLabel = storePtrWithAddressOffsetPatch(regT1, Address(regT0, patchGetByIdDefaultOffset));
+
+    END_UNINTERRUPTED_SEQUENCE(sequencePutById);
+
+    ASSERT(differenceBetween(hotPathBegin, displacementLabel) == patchOffsetPutByIdPropertyMapOffset);
+}
+
+void JIT::emitSlow_op_put_by_id(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned baseVReg = currentInstruction[1].u.operand;
+    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[2].u.operand));
+
+    unsigned propertyAccessInstructionIndex = m_propertyAccessInstructionIndex++;
+
+    linkSlowCaseIfNotJSCell(iter, baseVReg);
+    linkSlowCase(iter);
+
+    JITStubCall stubCall(this, cti_op_put_by_id);
+    stubCall.addArgument(regT0);
+    stubCall.addArgument(ImmPtr(ident));
+    stubCall.addArgument(regT1);
+    Call call = stubCall.call();
+
+    // Track the location of the call; this will be used to recover patch information.
+    m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+}
+
+// Compile a store into an object's property storage.  May overwrite the
+// value in objectReg.
+void JIT::compilePutDirectOffset(RegisterID base, RegisterID value, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset * sizeof(JSValue);
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    storePtr(value, Address(base, offset));
+}
+
+// Compile a load from an object's property storage.  May overwrite base.
+void JIT::compileGetDirectOffset(RegisterID base, RegisterID result, Structure* structure, size_t cachedOffset)
+{
+    int offset = cachedOffset * sizeof(JSValue);
+    if (structure->isUsingInlineStorage())
+        offset += OBJECT_OFFSETOF(JSObject, m_inlineStorage);
+    else
+        loadPtr(Address(base, OBJECT_OFFSETOF(JSObject, m_externalStorage)), base);
+    loadPtr(Address(base, offset), result);
+}
+
+void JIT::compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset)
+{
+    if (base->isUsingInlineStorage())
+        loadPtr(static_cast<void*>(&base->m_inlineStorage[cachedOffset]), result);
+    else {
+        PropertyStorage* protoPropertyStorage = &base->m_externalStorage;
+        loadPtr(static_cast<void*>(protoPropertyStorage), temp);
+        loadPtr(Address(temp, cachedOffset * sizeof(JSValue)), result);
+    } 
+}
+
+void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
+{
+    JumpList failureCases;
+    // Check eax is an object of the right Structure.
+    failureCases.append(emitJumpIfNotJSCell(regT0));
+    failureCases.append(branchPtr(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(oldStructure)));
+    JumpList successCases;
+
+    // ecx = baseObject
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+    // proto(ecx) = baseObject->structure()->prototype()
+    failureCases.append(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
+
+    loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
+    
+    // ecx = baseObject->m_structure
+    for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
+        // null check the prototype
+        successCases.append(branchPtr(Equal, regT2, ImmPtr(JSValue::encode(jsNull()))));
+
+        // Check the structure id
+        failureCases.append(branchPtr(NotEqual, Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(it->get())));
+        
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
+        failureCases.append(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
+        loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
+    }
+
+    successCases.link(this);
+
+    Call callTarget;
+
+    // emit a call only if storage realloc is needed
+    bool willNeedStorageRealloc = oldStructure->propertyStorageCapacity() != newStructure->propertyStorageCapacity();
+    if (willNeedStorageRealloc) {
+        // This trampoline was called to like a JIT stub; before we can can call again we need to
+        // remove the return address from the stack, to prevent the stack from becoming misaligned.
+        preserveReturnAddressAfterCall(regT3);
+ 
+        JITStubCall stubCall(this, cti_op_put_by_id_transition_realloc);
+        stubCall.skipArgument(); // base
+        stubCall.skipArgument(); // ident
+        stubCall.skipArgument(); // value
+        stubCall.addArgument(Imm32(oldStructure->propertyStorageCapacity()));
+        stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
+        stubCall.call(regT0);
+        emitGetJITStubArg(2, regT1);
+
+        restoreReturnAddressBeforeReturn(regT3);
+    }
+
+    // Assumes m_refCount can be decremented easily, refcount decrement is safe as 
+    // codeblock should ensure oldStructure->m_refCount > 0
+    sub32(Imm32(1), AbsoluteAddress(oldStructure->addressOfCount()));
+    add32(Imm32(1), AbsoluteAddress(newStructure->addressOfCount()));
+    storePtr(ImmPtr(newStructure), Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)));
+
+    // write the value
+    compilePutDirectOffset(regT0, regT1, newStructure, cachedOffset);
+
+    ret();
+    
+    ASSERT(!failureCases.empty());
+    failureCases.link(this);
+    restoreArgumentReferenceForTrampoline();
+    Call failureCall = tailRecursiveCall();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    patchBuffer.link(failureCall, FunctionPtr(cti_op_put_by_id_fail));
+
+    if (willNeedStorageRealloc) {
+        ASSERT(m_calls.size() == 1);
+        patchBuffer.link(m_calls[0].from, FunctionPtr(cti_op_put_by_id_transition_realloc));
+    }
+    
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relinkCallerToTrampoline(returnAddress, entryLabel);
+}
+
+void JIT::patchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_get_by_id_generic.
+    // Should probably go to cti_op_get_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_self_fail));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetGetByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetGetByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetGetByIdPropertyMapOffset), offset);
+}
+
+void JIT::patchMethodCallProto(CodeBlock* codeBlock, MethodCallLinkInfo& methodCallLinkInfo, JSFunction* callee, Structure* structure, JSObject* proto, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    ASSERT(!methodCallLinkInfo.cachedStructure);
+    methodCallLinkInfo.cachedStructure = structure;
+    structure->ref();
+
+    Structure* prototypeStructure = proto->structure();
+    ASSERT(!methodCallLinkInfo.cachedPrototypeStructure);
+    methodCallLinkInfo.cachedPrototypeStructure = prototypeStructure;
+    prototypeStructure->ref();
+
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel, structure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoObj), proto);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckProtoStruct), prototypeStructure);
+    repatchBuffer.repatch(methodCallLinkInfo.structureLabel.dataLabelPtrAtOffset(patchOffsetMethodCheckPutFunction), callee);
+
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id));
+}
+
+void JIT::patchPutByIdReplace(CodeBlock* codeBlock, StructureStubInfo* stubInfo, Structure* structure, size_t cachedOffset, ReturnAddressPtr returnAddress)
+{
+    RepatchBuffer repatchBuffer(codeBlock);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    // Should probably go to cti_op_put_by_id_fail, but that doesn't do anything interesting right now.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+
+    int offset = sizeof(JSValue) * cachedOffset;
+
+    // If we're patching to use inline storage, convert the initial load to a lea; this avoids the extra load
+    // and makes the subsequent load's offset automatically correct
+    if (structure->isUsingInlineStorage())
+        repatchBuffer.repatchLoadPtrToLEA(stubInfo->hotPathBegin.instructionAtOffset(patchOffsetPutByIdExternalLoad));
+
+    // Patch the offset into the propoerty map to load from, then patch the Structure to look for.
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabelPtrAtOffset(patchOffsetPutByIdStructure), structure);
+    repatchBuffer.repatch(stubInfo->hotPathBegin.dataLabel32AtOffset(patchOffsetPutByIdPropertyMapOffset), offset);
+}
+
+void JIT::privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress)
+{
+    StructureStubInfo* stubInfo = &m_codeBlock->getStubInfo(returnAddress);
+
+    // Check eax is an array
+    Jump failureCases1 = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsArrayVPtr));
+
+    // Checks out okay! - get the length from the storage
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSArray, m_storage)), regT2);
+    load32(Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_length)), regT2);
+
+    Jump failureCases2 = branch32(Above, regT2, Imm32(JSImmediate::maxImmediateInt));
+
+    emitFastArithIntToImmNoCheck(regT2, regT0);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_array_fail));
+}
+
+void JIT::privateCompileGetByIdProto(StructureStubInfo* stubInfo, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    // Checks out okay! - getDirectOffset
+    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel slowCaseBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+    patchBuffer.link(failureCases1, slowCaseBegin);
+    patchBuffer.link(failureCases2, slowCaseBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+void JIT::privateCompileGetByIdSelfList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* polymorphicStructures, int currentIndex, Structure* structure, size_t cachedOffset)
+{
+    Jump failureCase = checkStructure(regT0, structure);
+    compileGetDirectOffset(regT0, regT0, structure, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = polymorphicStructures->list[currentIndex - 1].stubRoutine;
+    if (!lastProtoBegin)
+        lastProtoBegin = stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall);
+
+    patchBuffer.link(failureCase, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    polymorphicStructures->list[currentIndex].set(entryLabel, structure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdProtoList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, Structure* prototypeStructure, size_t cachedOffset, CallFrame* callFrame)
+{
+    // The prototype object definitely exists (if this stub exists the CodeBlock is referencing a Structure that is
+    // referencing the prototype object - let's speculatively load it's table nice and early!)
+    JSObject* protoObject = asObject(structure->prototypeForLookup(callFrame));
+
+    // Check eax is an object of the right Structure.
+    Jump failureCases1 = checkStructure(regT0, structure);
+
+    // Check the prototype object's Structure had not changed.
+    Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+    move(ImmPtr(prototypeStructure), regT3);
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3);
+#else
+    Jump failureCases2 = branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(prototypeStructure));
+#endif
+
+    // Checks out okay! - getDirectOffset
+    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
+
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+    patchBuffer.link(failureCases1, lastProtoBegin);
+    patchBuffer.link(failureCases2, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    structure->ref();
+    prototypeStructure->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, prototypeStructure);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChainList(StructureStubInfo* stubInfo, PolymorphicAccessStructureList* prototypeStructures, int currentIndex, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, CallFrame* callFrame)
+{
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    Jump baseObjectCheck = checkStructure(regT0, structure);
+    bucketsOfFail.append(baseObjectCheck);
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    CodeLocationLabel lastProtoBegin = prototypeStructures->list[currentIndex - 1].stubRoutine;
+
+    patchBuffer.link(bucketsOfFail, lastProtoBegin);
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+
+    // Track the stub we have created so that it will be deleted later.
+    structure->ref();
+    chain->ref();
+    prototypeStructures->list[currentIndex].set(entryLabel, structure, chain);
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+}
+
+void JIT::privateCompileGetByIdChain(StructureStubInfo* stubInfo, Structure* structure, StructureChain* chain, size_t count, size_t cachedOffset, ReturnAddressPtr returnAddress, CallFrame* callFrame)
+{
+    ASSERT(count);
+    
+    JumpList bucketsOfFail;
+
+    // Check eax is an object of the right Structure.
+    bucketsOfFail.append(checkStructure(regT0, structure));
+
+    Structure* currStructure = structure;
+    RefPtr<Structure>* chainEntries = chain->head();
+    JSObject* protoObject = 0;
+    for (unsigned i = 0; i < count; ++i) {
+        protoObject = asObject(currStructure->prototypeForLookup(callFrame));
+        currStructure = chainEntries[i].get();
+
+        // Check the prototype object's Structure had not changed.
+        Structure** prototypeStructureAddress = &(protoObject->m_structure);
+#if PLATFORM(X86_64)
+        move(ImmPtr(currStructure), regT3);
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), regT3));
+#else
+        bucketsOfFail.append(branchPtr(NotEqual, AbsoluteAddress(prototypeStructureAddress), ImmPtr(currStructure)));
+#endif
+    }
+    ASSERT(protoObject);
+
+    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
+    Jump success = jump();
+
+    LinkBuffer patchBuffer(this, m_codeBlock->executablePool());
+
+    // Use the patch information to link the failure cases back to the original slow case routine.
+    patchBuffer.link(bucketsOfFail, stubInfo->callReturnLocation.labelAtOffset(-patchOffsetGetByIdSlowCaseCall));
+
+    // On success return back to the hot patch code, at a point it will perform the store to dest for us.
+    patchBuffer.link(success, stubInfo->hotPathBegin.labelAtOffset(patchOffsetGetByIdPutResult));
+
+    // Track the stub we have created so that it will be deleted later.
+    CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+    stubInfo->stubRoutine = entryLabel;
+
+    // Finally patch the jump to slow case back in the hot path to jump here instead.
+    CodeLocationJump jumpLocation = stubInfo->hotPathBegin.jumpAtOffset(patchOffsetGetByIdBranchToSlowCase);
+    RepatchBuffer repatchBuffer(m_codeBlock);
+    repatchBuffer.relink(jumpLocation, entryLabel);
+
+    // We don't want to patch more than once - in future go to cti_op_put_by_id_generic.
+    repatchBuffer.relinkCallerToFunction(returnAddress, FunctionPtr(cti_op_get_by_id_proto_list));
+}
+
+/* ------------------------------ END: !ENABLE / ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS) ------------------------------ */
+
+#endif // !ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubCall.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubCall.h
new file mode 100644
index 000000000..cb5354b9b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubCall.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JITStubCall_h
+#define JITStubCall_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(JIT)
+
+namespace JSC {
+
+    class JITStubCall {
+    public:
+        JITStubCall(JIT* jit, JSObject* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Cell)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, JSPropertyNameIterator* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Cell)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, void* (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(VoidPtr)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, int (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Int)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, bool (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Int)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+        JITStubCall(JIT* jit, void (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Void)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+
+#if USE(JSVALUE32_64)
+        JITStubCall(JIT* jit, EncodedJSValue (JIT_STUB *stub)(STUB_ARGS_DECLARATION))
+            : m_jit(jit)
+            , m_stub(reinterpret_cast<void*>(stub))
+            , m_returnType(Value)
+            , m_stackIndex(stackIndexStart)
+        {
+        }
+#endif
+
+        // Arguments are added first to last.
+
+        void skipArgument()
+        {
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(JIT::Imm32 argument)
+        {
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(JIT::ImmPtr argument)
+        {
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(JIT::RegisterID argument)
+        {
+            m_jit->poke(argument, m_stackIndex);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(const JSValue& value)
+        {
+            m_jit->poke(JIT::Imm32(value.payload()), m_stackIndex);
+            m_jit->poke(JIT::Imm32(value.tag()), m_stackIndex + 1);
+            m_stackIndex += stackIndexStep;
+        }
+
+        void addArgument(JIT::RegisterID tag, JIT::RegisterID payload)
+        {
+            m_jit->poke(payload, m_stackIndex);
+            m_jit->poke(tag, m_stackIndex + 1);
+            m_stackIndex += stackIndexStep;
+        }
+
+#if USE(JSVALUE32_64)
+        void addArgument(unsigned srcVirtualRegister)
+        {
+            if (m_jit->m_codeBlock->isConstantRegisterIndex(srcVirtualRegister)) {
+                addArgument(m_jit->getConstantOperand(srcVirtualRegister));
+                return;
+            }
+
+            m_jit->emitLoad(srcVirtualRegister, JIT::regT1, JIT::regT0);
+            addArgument(JIT::regT1, JIT::regT0);
+        }
+
+        void getArgument(size_t argumentNumber, JIT::RegisterID tag, JIT::RegisterID payload)
+        {
+            size_t stackIndex = stackIndexStart + (argumentNumber * stackIndexStep);
+            m_jit->peek(payload, stackIndex);
+            m_jit->peek(tag, stackIndex + 1);
+        }
+#else
+        void addArgument(unsigned src, JIT::RegisterID scratchRegister) // src is a virtual register.
+        {
+            if (m_jit->m_codeBlock->isConstantRegisterIndex(src))
+                addArgument(JIT::ImmPtr(JSValue::encode(m_jit->m_codeBlock->getConstant(src))));
+            else {
+                m_jit->loadPtr(JIT::Address(JIT::callFrameRegister, src * sizeof(Register)), scratchRegister);
+                addArgument(scratchRegister);
+            }
+            m_jit->killLastResultRegister();
+        }
+#endif
+
+        JIT::Call call()
+        {
+#if ENABLE(OPCODE_SAMPLING)
+            if (m_jit->m_bytecodeIndex != (unsigned)-1)
+                m_jit->sampleInstruction(m_jit->m_codeBlock->instructions().begin() + m_jit->m_bytecodeIndex, true);
+#endif
+
+            m_jit->restoreArgumentReference();
+            JIT::Call call = m_jit->call();
+            m_jit->m_calls.append(CallRecord(call, m_jit->m_bytecodeIndex, m_stub));
+
+#if ENABLE(OPCODE_SAMPLING)
+            if (m_jit->m_bytecodeIndex != (unsigned)-1)
+                m_jit->sampleInstruction(m_jit->m_codeBlock->instructions().begin() + m_jit->m_bytecodeIndex, false);
+#endif
+
+#if USE(JSVALUE32_64)
+            m_jit->unmap();
+#else
+            m_jit->killLastResultRegister();
+#endif
+            return call;
+        }
+
+#if USE(JSVALUE32_64)
+        JIT::Call call(unsigned dst) // dst is a virtual register.
+        {
+            ASSERT(m_returnType == Value || m_returnType == Cell);
+            JIT::Call call = this->call();
+            if (m_returnType == Value)
+                m_jit->emitStore(dst, JIT::regT1, JIT::regT0);
+            else
+                m_jit->emitStoreCell(dst, JIT::returnValueRegister);
+            return call;
+        }
+#else
+        JIT::Call call(unsigned dst) // dst is a virtual register.
+        {
+            ASSERT(m_returnType == VoidPtr || m_returnType == Cell);
+            JIT::Call call = this->call();
+            m_jit->emitPutVirtualRegister(dst);
+            return call;
+        }
+#endif
+
+        JIT::Call call(JIT::RegisterID dst) // dst is a machine register.
+        {
+#if USE(JSVALUE32_64)
+            ASSERT(m_returnType == Value || m_returnType == VoidPtr || m_returnType == Int || m_returnType == Cell);
+#else
+            ASSERT(m_returnType == VoidPtr || m_returnType == Int || m_returnType == Cell);
+#endif
+            JIT::Call call = this->call();
+            if (dst != JIT::returnValueRegister)
+                m_jit->move(JIT::returnValueRegister, dst);
+            return call;
+        }
+
+    private:
+        static const size_t stackIndexStep = sizeof(EncodedJSValue) == 2 * sizeof(void*) ? 2 : 1;
+        static const size_t stackIndexStart = 1; // Index 0 is reserved for restoreArgumentReference().
+
+        JIT* m_jit;
+        void* m_stub;
+        enum { Void, VoidPtr, Int, Value, Cell } m_returnType;
+        size_t m_stackIndex;
+    };
+}
+
+#endif // ENABLE(JIT)
+
+#endif // JITStubCall_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp
new file mode 100644
index 000000000..b098728f2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp
@@ -0,0 +1,3097 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JITStubs.h"
+
+#if ENABLE(JIT)
+
+#include "Arguments.h"
+#include "CallFrame.h"
+#include "CodeBlock.h"
+#include "Collector.h"
+#include "Debugger.h"
+#include "ExceptionHelpers.h"
+#include "GlobalEvalFunction.h"
+#include "JIT.h"
+#include "JSActivation.h"
+#include "JSArray.h"
+#include "JSByteArray.h"
+#include "JSFunction.h"
+#include "JSNotAnObject.h"
+#include "JSPropertyNameIterator.h"
+#include "JSStaticScopeObject.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "Operations.h"
+#include "Parser.h"
+#include "Profiler.h"
+#include "RegExpObject.h"
+#include "RegExpPrototype.h"
+#include "Register.h"
+#include "SamplingTool.h"
+#include <stdarg.h>
+#include <stdio.h>
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "bridge/qscriptobject_p.h"
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+#if PLATFORM(DARWIN) || PLATFORM(WIN_OS)
+#define SYMBOL_STRING(name) "_" #name
+#else
+#define SYMBOL_STRING(name) #name
+#endif
+
+#if PLATFORM(IPHONE)
+#define THUMB_FUNC_PARAM(name) SYMBOL_STRING(name)
+#else
+#define THUMB_FUNC_PARAM(name)
+#endif
+
+#if PLATFORM(DARWIN)
+    // Mach-O platform
+#define HIDE_SYMBOL(name) ".private_extern _" #name
+#elif PLATFORM(AIX)
+    // IBM's own file format
+#define HIDE_SYMBOL(name) ".lglobl " #name
+#elif PLATFORM(LINUX) || PLATFORM(FREEBSD) || PLATFORM(OPENBSD) || PLATFORM(SOLARIS) || (PLATFORM(HPUX) && PLATFORM(IA64)) || PLATFORM(SYMBIAN) || PLATFORM(NETBSD)
+    // ELF platform
+#define HIDE_SYMBOL(name) ".hidden " #name
+#else
+#define HIDE_SYMBOL(name)
+#endif
+
+#if USE(JSVALUE32_64)
+
+#if COMPILER(GCC) && PLATFORM(X86)
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 16 == 0x0, JITStackFrame_maintains_16byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x3c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x58, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x50, JITStackFrame_code_offset_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushl %ebp" "\n"
+    "movl %esp, %ebp" "\n"
+    "pushl %esi" "\n"
+    "pushl %edi" "\n"
+    "pushl %ebx" "\n"
+    "subl $0x3c, %esp" "\n"
+    "movl $512, %esi" "\n"
+    "movl 0x58(%esp), %edi" "\n"
+    "call *0x50(%esp)" "\n"
+    "addl $0x3c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+#if !USE(JIT_STUB_ARGUMENT_VA_LIST)
+    "movl %esp, %ecx" "\n"
+#endif
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addl $0x3c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addl $0x3c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+#elif COMPILER(GCC) && PLATFORM(X86_64)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on x86-64."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 32 == 0x0, JITStackFrame_maintains_32byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedRBX) == 0x48, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x90, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x80, JITStackFrame_code_offset_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushq %rbp" "\n"
+    "movq %rsp, %rbp" "\n"
+    "pushq %r12" "\n"
+    "pushq %r13" "\n"
+    "pushq %r14" "\n"
+    "pushq %r15" "\n"
+    "pushq %rbx" "\n"
+    "subq $0x48, %rsp" "\n"
+    "movq $512, %r12" "\n"
+    "movq $0xFFFF000000000000, %r14" "\n"
+    "movq $0xFFFF000000000002, %r15" "\n"
+    "movq 0x90(%rsp), %r13" "\n"
+    "call *0x80(%rsp)" "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "movq %rsp, %rdi" "\n"
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addq $0x48, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+#elif COMPILER(GCC) && PLATFORM(ARM_THUMB2)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on ARMv7."
+#endif
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "sub sp, sp, #0x3c" "\n"
+    "str lr, [sp, #0x20]" "\n"
+    "str r4, [sp, #0x24]" "\n"
+    "str r5, [sp, #0x28]" "\n"
+    "str r6, [sp, #0x2c]" "\n"
+    "str r1, [sp, #0x30]" "\n"
+    "str r2, [sp, #0x34]" "\n"
+    "str r3, [sp, #0x38]" "\n"
+    "cpy r5, r2" "\n"
+    "mov r6, #512" "\n"
+    "blx r0" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "cpy r0, sp" "\n"
+    "bl " SYMBOL_STRING(cti_vm_throw) "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+#elif COMPILER(MSVC)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST configuration not supported on MSVC."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) % 16 == 0x0, JITStackFrame_maintains_16byte_stack_alignment);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x3c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x58, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x50, JITStackFrame_code_offset_matches_ctiTrampoline);
+
+extern "C" {
+
+    __declspec(naked) EncodedJSValue ctiTrampoline(void* code, RegisterFile*, CallFrame*, JSValue* exception, Profiler**, JSGlobalData*)
+    {
+        __asm {
+            push ebp;
+            mov ebp, esp;
+            push esi;
+            push edi;
+            push ebx;
+            sub esp, 0x3c;
+            mov esi, 512;
+            mov ecx, esp;
+            mov edi, [esp + 0x58];
+            call [esp + 0x50];
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+
+    __declspec(naked) void ctiVMThrowTrampoline()
+    {
+        __asm {
+            mov ecx, esp;
+            call cti_vm_throw;
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+
+    __declspec(naked) void ctiOpThrowNotCaught()
+    {
+        __asm {
+            add esp, 0x3c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+}
+
+#endif // COMPILER(GCC) && PLATFORM(X86)
+
+#else // USE(JSVALUE32_64)
+
+#if COMPILER(GCC) && PLATFORM(X86)
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x38, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x30, JITStackFrame_code_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x1c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushl %ebp" "\n"
+    "movl %esp, %ebp" "\n"
+    "pushl %esi" "\n"
+    "pushl %edi" "\n"
+    "pushl %ebx" "\n"
+    "subl $0x1c, %esp" "\n"
+    "movl $512, %esi" "\n"
+    "movl 0x38(%esp), %edi" "\n"
+    "call *0x30(%esp)" "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+#if !USE(JIT_STUB_ARGUMENT_VA_LIST)
+    "movl %esp, %ecx" "\n"
+#endif
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addl $0x1c, %esp" "\n"
+    "popl %ebx" "\n"
+    "popl %edi" "\n"
+    "popl %esi" "\n"
+    "popl %ebp" "\n"
+    "ret" "\n"
+);
+    
+#elif COMPILER(GCC) && PLATFORM(X86_64)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on x86-64."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x58, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x48, JITStackFrame_code_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedRBX) == 0x78, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "pushq %rbp" "\n"
+    "movq %rsp, %rbp" "\n"
+    "pushq %r12" "\n"
+    "pushq %r13" "\n"
+    "pushq %r14" "\n"
+    "pushq %r15" "\n"
+    "pushq %rbx" "\n"
+    // Form the JIT stubs area
+    "pushq %r9" "\n"
+    "pushq %r8" "\n"
+    "pushq %rcx" "\n"
+    "pushq %rdx" "\n"
+    "pushq %rsi" "\n"
+    "pushq %rdi" "\n"
+    "subq $0x48, %rsp" "\n"
+    "movq $512, %r12" "\n"
+    "movq $0xFFFF000000000000, %r14" "\n"
+    "movq $0xFFFF000000000002, %r15" "\n"
+    "movq %rdx, %r13" "\n"
+    "call *%rdi" "\n"
+    "addq $0x78, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "movq %rsp, %rdi" "\n"
+    "call " SYMBOL_STRING(cti_vm_throw) "\n"
+    "addq $0x78, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "addq $0x78, %rsp" "\n"
+    "popq %rbx" "\n"
+    "popq %r15" "\n"
+    "popq %r14" "\n"
+    "popq %r13" "\n"
+    "popq %r12" "\n"
+    "popq %rbp" "\n"
+    "ret" "\n"
+);
+
+#elif COMPILER(GCC) && PLATFORM(ARM_THUMB2)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST not supported on ARMv7."
+#endif
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "sub sp, sp, #0x40" "\n"
+    "str lr, [sp, #0x20]" "\n"
+    "str r4, [sp, #0x24]" "\n"
+    "str r5, [sp, #0x28]" "\n"
+    "str r6, [sp, #0x2c]" "\n"
+    "str r1, [sp, #0x30]" "\n"
+    "str r2, [sp, #0x34]" "\n"
+    "str r3, [sp, #0x38]" "\n"
+    "cpy r5, r2" "\n"
+    "mov r6, #512" "\n"
+    "blx r0" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x40" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "cpy r0, sp" "\n"
+    "bl " SYMBOL_STRING(cti_vm_throw) "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x40" "\n"
+    "bx lr" "\n"
+);
+
+asm volatile (
+".text" "\n"
+".align 2" "\n"
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+".thumb" "\n"
+".thumb_func " THUMB_FUNC_PARAM(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "ldr r6, [sp, #0x2c]" "\n"
+    "ldr r5, [sp, #0x28]" "\n"
+    "ldr r4, [sp, #0x24]" "\n"
+    "ldr lr, [sp, #0x20]" "\n"
+    "add sp, sp, #0x3c" "\n"
+    "bx lr" "\n"
+);
+
+#elif COMPILER(GCC) && PLATFORM(ARM_TRADITIONAL)
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiTrampoline) "\n"
+HIDE_SYMBOL(ctiTrampoline) "\n"
+SYMBOL_STRING(ctiTrampoline) ":" "\n"
+    "stmdb sp!, {r1-r3}" "\n"
+    "stmdb sp!, {r4-r8, lr}" "\n"
+    "mov r6, pc" "\n"
+    "add r6, r6, #40" "\n"
+    "sub sp, sp, #32" "\n"
+    "ldr r4, [sp, #60]" "\n"
+    "mov r5, #512" "\n"
+    // r0 contains the code
+    "add r8, pc, #4" "\n"
+    "str r8, [sp, #-4]!" "\n"
+    "mov pc, r0" "\n"
+    "add sp, sp, #32" "\n"
+    "ldmia sp!, {r4-r8, lr}" "\n"
+    "add sp, sp, #12" "\n"
+    "mov pc, lr" "\n"
+
+    // the return instruction
+    "ldr pc, [sp], #4" "\n"
+);
+
+asm volatile (
+".globl " SYMBOL_STRING(ctiVMThrowTrampoline) "\n"
+HIDE_SYMBOL(ctiVMThrowTrampoline) "\n"
+SYMBOL_STRING(ctiVMThrowTrampoline) ":" "\n"
+    "mov r0, sp" "\n"
+    "mov lr, r6" "\n"
+    "add r8, pc, #4" "\n"
+    "str r8, [sp, #-4]!" "\n"
+    "b " SYMBOL_STRING(cti_vm_throw) "\n"
+
+// Both has the same return sequence
+".globl " SYMBOL_STRING(ctiOpThrowNotCaught) "\n"
+HIDE_SYMBOL(ctiOpThrowNotCaught) "\n"
+SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
+    "add sp, sp, #32" "\n"
+    "ldmia sp!, {r4-r8, lr}" "\n"
+    "add sp, sp, #12" "\n"
+    "mov pc, lr" "\n"
+);
+
+#elif COMPILER(MSVC)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#error "JIT_STUB_ARGUMENT_VA_LIST configuration not supported on MSVC."
+#endif
+
+// These ASSERTs remind you that, if you change the layout of JITStackFrame, you
+// need to change the assembly trampolines below to match.
+COMPILE_ASSERT(offsetof(struct JITStackFrame, callFrame) == 0x38, JITStackFrame_callFrame_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, code) == 0x30, JITStackFrame_code_offset_matches_ctiTrampoline);
+COMPILE_ASSERT(offsetof(struct JITStackFrame, savedEBX) == 0x1c, JITStackFrame_stub_argument_space_matches_ctiTrampoline);
+
+extern "C" {
+
+    __declspec(naked) EncodedJSValue ctiTrampoline(void* code, RegisterFile*, CallFrame*, JSValue* exception, Profiler**, JSGlobalData*)
+    {
+        __asm {
+            push ebp;
+            mov ebp, esp;
+            push esi;
+            push edi;
+            push ebx;
+            sub esp, 0x1c;
+            mov esi, 512;
+            mov ecx, esp;
+            mov edi, [esp + 0x38];
+            call [esp + 0x30];
+            add esp, 0x1c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+
+    __declspec(naked) void ctiVMThrowTrampoline()
+    {
+        __asm {
+            mov ecx, esp;
+            call cti_vm_throw;
+            add esp, 0x1c;
+            pop ebx;
+            pop edi;
+            pop esi;
+            pop ebp;
+            ret;
+        }
+    }
+     
+     __declspec(naked) void ctiOpThrowNotCaught()
+     {
+         __asm {
+             add esp, 0x1c;
+             pop ebx;
+             pop edi;
+             pop esi;
+             pop ebp;
+             ret;
+         }
+     }
+}
+
+#endif // COMPILER(GCC) && PLATFORM(X86)
+
+#endif // USE(JSVALUE32_64)
+
+#if ENABLE(OPCODE_SAMPLING)
+    #define CTI_SAMPLER stackFrame.globalData->interpreter->sampler()
+#else
+    #define CTI_SAMPLER 0
+#endif
+
+JITThunks::JITThunks(JSGlobalData* globalData)
+{
+    JIT::compileCTIMachineTrampolines(globalData, &m_executablePool, &m_ctiStringLengthTrampoline, &m_ctiVirtualCallLink, &m_ctiVirtualCall, &m_ctiNativeCallThunk);
+
+#if PLATFORM(ARM_THUMB2)
+    // Unfortunate the arm compiler does not like the use of offsetof on JITStackFrame (since it contains non POD types),
+    // and the OBJECT_OFFSETOF macro does not appear constantish enough for it to be happy with its use in COMPILE_ASSERT
+    // macros.
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, preservedReturnAddress) == 0x20);
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, preservedR4) == 0x24);
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, preservedR5) == 0x28);
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, preservedR6) == 0x2c);
+
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, registerFile) == 0x30);
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, callFrame) == 0x34);
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, exception) == 0x38);
+    // The fifth argument is the first item already on the stack.
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, enabledProfilerReference) == 0x40);
+
+    ASSERT(OBJECT_OFFSETOF(struct JITStackFrame, thunkReturnAddress) == 0x1C);
+#endif
+}
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+NEVER_INLINE void JITThunks::tryCachePutByID(CallFrame* callFrame, CodeBlock* codeBlock, ReturnAddressPtr returnAddress, JSValue baseValue, const PutPropertySlot& slot, StructureStubInfo* stubInfo)
+{
+    // The interpreter checks for recursion here; I do not believe this can occur in CTI.
+
+    if (!baseValue.isCell())
+        return;
+
+    // Uncacheable: give up.
+    if (!slot.isCacheable()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+        return;
+    }
+    
+    JSCell* baseCell = asCell(baseValue);
+    Structure* structure = baseCell->structure();
+
+    if (structure->isUncacheableDictionary()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+        return;
+    }
+
+    // If baseCell != base, then baseCell must be a proxy for another object.
+    if (baseCell != slot.base()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+        return;
+    }
+
+    // Cache hit: Specialize instruction and ref Structures.
+
+    // Structure transition, cache transition info
+    if (slot.type() == PutPropertySlot::NewProperty) {
+        StructureChain* prototypeChain = structure->prototypeChain(callFrame);
+        if (!prototypeChain->isCacheable() || structure->isDictionary()) {
+            ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_put_by_id_generic));
+            return;
+        }
+        stubInfo->initPutByIdTransition(structure->previousID(), structure, prototypeChain);
+        JIT::compilePutByIdTransition(callFrame->scopeChain()->globalData, codeBlock, stubInfo, structure->previousID(), structure, slot.cachedOffset(), prototypeChain, returnAddress);
+        return;
+    }
+    
+    stubInfo->initPutByIdReplace(structure);
+
+    JIT::patchPutByIdReplace(codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress);
+}
+
+NEVER_INLINE void JITThunks::tryCacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, ReturnAddressPtr returnAddress, JSValue baseValue, const Identifier& propertyName, const PropertySlot& slot, StructureStubInfo* stubInfo)
+{
+    // FIXME: Write a test that proves we need to check for recursion here just
+    // like the interpreter does, then add a check for recursion.
+
+    // FIXME: Cache property access for immediates.
+    if (!baseValue.isCell()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
+        return;
+    }
+    
+    JSGlobalData* globalData = &callFrame->globalData();
+
+    if (isJSArray(globalData, baseValue) && propertyName == callFrame->propertyNames().length) {
+        JIT::compilePatchGetArrayLength(callFrame->scopeChain()->globalData, codeBlock, returnAddress);
+        return;
+    }
+    
+    if (isJSString(globalData, baseValue) && propertyName == callFrame->propertyNames().length) {
+        // The tradeoff of compiling an patched inline string length access routine does not seem
+        // to pay off, so we currently only do this for arrays.
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, globalData->jitStubs.ctiStringLengthTrampoline());
+        return;
+    }
+
+    // Uncacheable: give up.
+    if (!slot.isCacheable()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
+        return;
+    }
+
+    JSCell* baseCell = asCell(baseValue);
+    Structure* structure = baseCell->structure();
+
+    if (structure->isUncacheableDictionary()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
+        return;
+    }
+
+    // Cache hit: Specialize instruction and ref Structures.
+
+    if (slot.slotBase() == baseValue) {
+        // set this up, so derefStructures can do it's job.
+        stubInfo->initGetByIdSelf(structure);
+
+        JIT::patchGetByIdSelf(codeBlock, stubInfo, structure, slot.cachedOffset(), returnAddress);
+        return;
+    }
+
+    if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
+        ASSERT(slot.slotBase().isObject());
+
+        JSObject* slotBaseObject = asObject(slot.slotBase());
+
+        // Since we're accessing a prototype in a loop, it's a good bet that it
+        // should not be treated as a dictionary.
+        if (slotBaseObject->structure()->isDictionary())
+            slotBaseObject->setStructure(Structure::fromDictionaryTransition(slotBaseObject->structure()));
+        
+        stubInfo->initGetByIdProto(structure, slotBaseObject->structure());
+
+        JIT::compileGetByIdProto(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slotBaseObject->structure(), slot.cachedOffset(), returnAddress);
+        return;
+    }
+
+    size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
+    if (!count) {
+        stubInfo->accessType = access_get_by_id_generic;
+        return;
+    }
+
+    StructureChain* prototypeChain = structure->prototypeChain(callFrame);
+    if (!prototypeChain->isCacheable()) {
+        ctiPatchCallByReturnAddress(codeBlock, returnAddress, FunctionPtr(cti_op_get_by_id_generic));
+        return;
+    }
+    stubInfo->initGetByIdChain(structure, prototypeChain);
+    JIT::compileGetByIdChain(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, prototypeChain, count, slot.cachedOffset(), returnAddress);
+}
+
+#endif // ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+#define SETUP_VA_LISTL_ARGS va_list vl_args; va_start(vl_args, args)
+#else
+#define SETUP_VA_LISTL_ARGS
+#endif
+
+#ifndef NDEBUG
+
+extern "C" {
+
+static void jscGeneratedNativeCode() 
+{
+    // When executing a JIT stub function (which might do an allocation), we hack the return address
+    // to pretend to be executing this function, to keep stack logging tools from blowing out
+    // memory.
+}
+
+}
+
+struct StackHack {
+    ALWAYS_INLINE StackHack(JITStackFrame& stackFrame) 
+        : stackFrame(stackFrame)
+        , savedReturnAddress(*stackFrame.returnAddressSlot())
+    {
+        *stackFrame.returnAddressSlot() = ReturnAddressPtr(FunctionPtr(jscGeneratedNativeCode));
+    }
+
+    ALWAYS_INLINE ~StackHack() 
+    { 
+        *stackFrame.returnAddressSlot() = savedReturnAddress;
+    }
+
+    JITStackFrame& stackFrame;
+    ReturnAddressPtr savedReturnAddress;
+};
+
+#define STUB_INIT_STACK_FRAME(stackFrame) SETUP_VA_LISTL_ARGS; JITStackFrame& stackFrame = *reinterpret_cast<JITStackFrame*>(STUB_ARGS); StackHack stackHack(stackFrame)
+#define STUB_SET_RETURN_ADDRESS(returnAddress) stackHack.savedReturnAddress = ReturnAddressPtr(returnAddress)
+#define STUB_RETURN_ADDRESS stackHack.savedReturnAddress
+
+#else
+
+#define STUB_INIT_STACK_FRAME(stackFrame) SETUP_VA_LISTL_ARGS; JITStackFrame& stackFrame = *reinterpret_cast<JITStackFrame*>(STUB_ARGS)
+#define STUB_SET_RETURN_ADDRESS(returnAddress) *stackFrame.returnAddressSlot() = ReturnAddressPtr(returnAddress)
+#define STUB_RETURN_ADDRESS *stackFrame.returnAddressSlot()
+
+#endif
+
+// The reason this is not inlined is to avoid having to do a PIC branch
+// to get the address of the ctiVMThrowTrampoline function. It's also
+// good to keep the code size down by leaving as much of the exception
+// handling code out of line as possible.
+static NEVER_INLINE void returnToThrowTrampoline(JSGlobalData* globalData, ReturnAddressPtr exceptionLocation, ReturnAddressPtr& returnAddressSlot)
+{
+    ASSERT(globalData->exception);
+    globalData->exceptionLocation = exceptionLocation;
+    returnAddressSlot = ReturnAddressPtr(FunctionPtr(ctiVMThrowTrampoline));
+}
+
+static NEVER_INLINE void throwStackOverflowError(CallFrame* callFrame, JSGlobalData* globalData, ReturnAddressPtr exceptionLocation, ReturnAddressPtr& returnAddressSlot)
+{
+    globalData->exception = createStackOverflowError(callFrame);
+    returnToThrowTrampoline(globalData, exceptionLocation, returnAddressSlot);
+}
+
+#define VM_THROW_EXCEPTION() \
+    do { \
+        VM_THROW_EXCEPTION_AT_END(); \
+        return 0; \
+    } while (0)
+#define VM_THROW_EXCEPTION_AT_END() \
+    returnToThrowTrampoline(stackFrame.globalData, STUB_RETURN_ADDRESS, STUB_RETURN_ADDRESS)
+
+#define CHECK_FOR_EXCEPTION() \
+    do { \
+        if (UNLIKELY(stackFrame.globalData->exception)) \
+            VM_THROW_EXCEPTION(); \
+    } while (0)
+#define CHECK_FOR_EXCEPTION_AT_END() \
+    do { \
+        if (UNLIKELY(stackFrame.globalData->exception)) \
+            VM_THROW_EXCEPTION_AT_END(); \
+    } while (0)
+#define CHECK_FOR_EXCEPTION_VOID() \
+    do { \
+        if (UNLIKELY(stackFrame.globalData->exception)) { \
+            VM_THROW_EXCEPTION_AT_END(); \
+            return; \
+        } \
+    } while (0)
+
+#if PLATFORM(ARM_THUMB2)
+
+#define DEFINE_STUB_FUNCTION(rtype, op) \
+    extern "C" { \
+        rtype JITStubThunked_##op(STUB_ARGS_DECLARATION); \
+    }; \
+    asm volatile ( \
+        ".text" "\n" \
+        ".align 2" "\n" \
+        ".globl " SYMBOL_STRING(cti_##op) "\n" \
+        HIDE_SYMBOL(cti_##op) "\n"             \
+        ".thumb" "\n" \
+        ".thumb_func " THUMB_FUNC_PARAM(cti_##op) "\n" \
+        SYMBOL_STRING(cti_##op) ":" "\n" \
+        "str lr, [sp, #0x1c]" "\n" \
+        "bl " SYMBOL_STRING(JITStubThunked_##op) "\n" \
+        "ldr lr, [sp, #0x1c]" "\n" \
+        "bx lr" "\n" \
+        ); \
+    rtype JITStubThunked_##op(STUB_ARGS_DECLARATION) \
+
+#else
+#define DEFINE_STUB_FUNCTION(rtype, op) rtype JIT_STUB cti_##op(STUB_ARGS_DECLARATION)
+#endif
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_convert_this)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v1 = stackFrame.args[0].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSObject* result = v1.toThisObject(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(void, op_end)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ScopeChainNode* scopeChain = stackFrame.callFrame->scopeChain();
+    ASSERT(scopeChain->refCount > 1);
+    scopeChain->deref();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_add)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v1 = stackFrame.args[0].jsValue();
+    JSValue v2 = stackFrame.args[1].jsValue();
+
+    double left;
+    double right = 0.0;
+
+    bool rightIsNumber = v2.getNumber(right);
+    if (rightIsNumber && v1.getNumber(left))
+        return JSValue::encode(jsNumber(stackFrame.globalData, left + right));
+    
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool leftIsString = v1.isString();
+    if (leftIsString && v2.isString()) {
+        RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
+        if (UNLIKELY(!value)) {
+            throwOutOfMemoryError(callFrame);
+            VM_THROW_EXCEPTION();
+        }
+
+        return JSValue::encode(jsString(stackFrame.globalData, value.release()));
+    }
+
+    if (rightIsNumber & leftIsString) {
+        RefPtr<UString::Rep> value = v2.isInt32() ?
+            concatenate(asString(v1)->value().rep(), v2.asInt32()) :
+            concatenate(asString(v1)->value().rep(), right);
+
+        if (UNLIKELY(!value)) {
+            throwOutOfMemoryError(callFrame);
+            VM_THROW_EXCEPTION();
+        }
+        return JSValue::encode(jsString(stackFrame.globalData, value.release()));
+    }
+
+    // All other cases are pretty uncommon
+    JSValue result = jsAddSlowCase(callFrame, v1, v2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_pre_inc)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, v.toNumber(callFrame) + 1);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(int, timeout_check)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    
+    JSGlobalData* globalData = stackFrame.globalData;
+    TimeoutChecker* timeoutChecker = globalData->timeoutChecker;
+
+    if (timeoutChecker->didTimeOut(stackFrame.callFrame)) {
+        globalData->exception = createInterruptedExecutionException(globalData);
+        VM_THROW_EXCEPTION_AT_END();
+    }
+    
+    CHECK_FOR_EXCEPTION_AT_END();
+    return timeoutChecker->ticksUntilNextCheck();
+}
+
+DEFINE_STUB_FUNCTION(void, register_file_check)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    if (LIKELY(stackFrame.registerFile->grow(&stackFrame.callFrame->registers()[stackFrame.callFrame->codeBlock()->m_numCalleeRegisters])))
+        return;
+
+    // Rewind to the previous call frame because op_call already optimistically
+    // moved the call frame forward.
+    CallFrame* oldCallFrame = stackFrame.callFrame->callerFrame();
+    stackFrame.callFrame = oldCallFrame;
+    throwStackOverflowError(oldCallFrame, stackFrame.globalData, ReturnAddressPtr(oldCallFrame->returnPC()), STUB_RETURN_ADDRESS);
+}
+
+DEFINE_STUB_FUNCTION(int, op_loop_if_less)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = jsLess(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(int, op_loop_if_lesseq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = jsLessEq(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_object)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return constructEmptyObject(stackFrame.callFrame);
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_by_id_generic)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    PutPropertySlot slot;
+    stackFrame.args[0].jsValue().put(stackFrame.callFrame, stackFrame.args[1].identifier(), stackFrame.args[2].jsValue(), slot);
+    CHECK_FOR_EXCEPTION_AT_END();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_generic)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(callFrame, ident, slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+#if ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+DEFINE_STUB_FUNCTION(void, op_put_by_id)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    PutPropertySlot slot;
+    stackFrame.args[0].jsValue().put(callFrame, ident, stackFrame.args[2].jsValue(), slot);
+
+    CodeBlock* codeBlock = stackFrame.callFrame->codeBlock();
+    StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
+    if (!stubInfo->seenOnce())
+        stubInfo->setSeen();
+    else
+        JITThunks::tryCachePutByID(callFrame, codeBlock, STUB_RETURN_ADDRESS, stackFrame.args[0].jsValue(), slot, stubInfo);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_by_id_fail)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    PutPropertySlot slot;
+    stackFrame.args[0].jsValue().put(callFrame, ident, stackFrame.args[2].jsValue(), slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_put_by_id_transition_realloc)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    int32_t oldSize = stackFrame.args[3].int32();
+    int32_t newSize = stackFrame.args[4].int32();
+
+    ASSERT(baseValue.isObject());
+    JSObject* base = asObject(baseValue);
+    base->allocatePropertyStorage(oldSize, newSize);
+
+    return base;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_method_check)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(callFrame, ident, slot);
+    CHECK_FOR_EXCEPTION();
+
+    CodeBlock* codeBlock = stackFrame.callFrame->codeBlock();
+    MethodCallLinkInfo& methodCallLinkInfo = codeBlock->getMethodCallLinkInfo(STUB_RETURN_ADDRESS);
+
+    if (!methodCallLinkInfo.seenOnce()) {
+        methodCallLinkInfo.setSeen();
+        return JSValue::encode(result);
+    }
+
+    // If we successfully got something, then the base from which it is being accessed must
+    // be an object.  (Assertion to ensure asObject() call below is safe, which comes after
+    // an isCacheable() chceck.
+    ASSERT(!slot.isCacheable() || slot.slotBase().isObject());
+
+    // Check that:
+    //   * We're dealing with a JSCell,
+    //   * the property is cachable,
+    //   * it's not a dictionary
+    //   * there is a function cached.
+    Structure* structure;
+    JSCell* specific;
+    JSObject* slotBaseObject;
+    if (baseValue.isCell()
+        && slot.isCacheable()
+        && !(structure = asCell(baseValue)->structure())->isUncacheableDictionary()
+        && (slotBaseObject = asObject(slot.slotBase()))->getPropertySpecificValue(callFrame, ident, specific)
+        && specific
+        ) {
+
+        JSFunction* callee = (JSFunction*)specific;
+
+        // Since we're accessing a prototype in a loop, it's a good bet that it
+        // should not be treated as a dictionary.
+        if (slotBaseObject->structure()->isDictionary())
+            slotBaseObject->setStructure(Structure::fromDictionaryTransition(slotBaseObject->structure()));
+
+        // The result fetched should always be the callee!
+        ASSERT(result == JSValue(callee));
+
+        // Check to see if the function is on the object's prototype.  Patch up the code to optimize.
+        if (slot.slotBase() == structure->prototypeForLookup(callFrame)) {
+            JIT::patchMethodCallProto(codeBlock, methodCallLinkInfo, callee, structure, slotBaseObject, STUB_RETURN_ADDRESS);
+            return JSValue::encode(result);
+        }
+
+        // Check to see if the function is on the object itself.
+        // Since we generate the method-check to check both the structure and a prototype-structure (since this
+        // is the common case) we have a problem - we need to patch the prototype structure check to do something
+        // useful.  We could try to nop it out altogether, but that's a little messy, so lets do something simpler
+        // for now.  For now it performs a check on a special object on the global object only used for this
+        // purpose.  The object is in no way exposed, and as such the check will always pass.
+        if (slot.slotBase() == baseValue) {
+            JIT::patchMethodCallProto(codeBlock, methodCallLinkInfo, callee, structure, callFrame->scopeChain()->globalObject()->methodCallDummy(), STUB_RETURN_ADDRESS);
+            return JSValue::encode(result);
+        }
+    }
+
+    // Revert the get_by_id op back to being a regular get_by_id - allow it to cache like normal, if it needs to.
+    ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id));
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(callFrame, ident, slot);
+
+    CodeBlock* codeBlock = stackFrame.callFrame->codeBlock();
+    StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
+    if (!stubInfo->seenOnce())
+        stubInfo->setSeen();
+    else
+        JITThunks::tryCacheGetByID(callFrame, codeBlock, STUB_RETURN_ADDRESS, baseValue, ident, slot, stubInfo);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_self_fail)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    Identifier& ident = stackFrame.args[1].identifier();
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(callFrame, ident, slot);
+
+    CHECK_FOR_EXCEPTION();
+
+    if (baseValue.isCell()
+        && slot.isCacheable()
+        && !asCell(baseValue)->structure()->isUncacheableDictionary()
+        && slot.slotBase() == baseValue) {
+
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
+
+        ASSERT(slot.slotBase().isObject());
+
+        PolymorphicAccessStructureList* polymorphicStructureList;
+        int listIndex = 1;
+
+        if (stubInfo->accessType == access_get_by_id_self) {
+            ASSERT(!stubInfo->stubRoutine);
+            polymorphicStructureList = new PolymorphicAccessStructureList(CodeLocationLabel(), stubInfo->u.getByIdSelf.baseObjectStructure);
+            stubInfo->initGetByIdSelfList(polymorphicStructureList, 2);
+        } else {
+            polymorphicStructureList = stubInfo->u.getByIdSelfList.structureList;
+            listIndex = stubInfo->u.getByIdSelfList.listSize;
+            stubInfo->u.getByIdSelfList.listSize++;
+        }
+
+        JIT::compileGetByIdSelfList(callFrame->scopeChain()->globalData, codeBlock, stubInfo, polymorphicStructureList, listIndex, asCell(baseValue)->structure(), slot.cachedOffset());
+
+        if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+            ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_generic));
+    } else
+        ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_generic));
+    return JSValue::encode(result);
+}
+
+static PolymorphicAccessStructureList* getPolymorphicAccessStructureListSlot(StructureStubInfo* stubInfo, int& listIndex)
+{
+    PolymorphicAccessStructureList* prototypeStructureList = 0;
+    listIndex = 1;
+
+    switch (stubInfo->accessType) {
+    case access_get_by_id_proto:
+        prototypeStructureList = new PolymorphicAccessStructureList(stubInfo->stubRoutine, stubInfo->u.getByIdProto.baseObjectStructure, stubInfo->u.getByIdProto.prototypeStructure);
+        stubInfo->stubRoutine = CodeLocationLabel();
+        stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
+        break;
+    case access_get_by_id_chain:
+        prototypeStructureList = new PolymorphicAccessStructureList(stubInfo->stubRoutine, stubInfo->u.getByIdChain.baseObjectStructure, stubInfo->u.getByIdChain.chain);
+        stubInfo->stubRoutine = CodeLocationLabel();
+        stubInfo->initGetByIdProtoList(prototypeStructureList, 2);
+        break;
+    case access_get_by_id_proto_list:
+        prototypeStructureList = stubInfo->u.getByIdProtoList.structureList;
+        listIndex = stubInfo->u.getByIdProtoList.listSize;
+        stubInfo->u.getByIdProtoList.listSize++;
+        break;
+    default:
+        ASSERT_NOT_REACHED();
+    }
+    
+    ASSERT(listIndex < POLYMORPHIC_LIST_CACHE_SIZE);
+    return prototypeStructureList;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_proto_list)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(callFrame, stackFrame.args[1].identifier(), slot);
+
+    CHECK_FOR_EXCEPTION();
+
+    if (!baseValue.isCell() || !slot.isCacheable() || asCell(baseValue)->structure()->isUncacheableDictionary()) {
+        ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
+        return JSValue::encode(result);
+    }
+
+    Structure* structure = asCell(baseValue)->structure();
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    StructureStubInfo* stubInfo = &codeBlock->getStubInfo(STUB_RETURN_ADDRESS);
+
+    ASSERT(slot.slotBase().isObject());
+    JSObject* slotBaseObject = asObject(slot.slotBase());
+
+    if (slot.slotBase() == baseValue)
+        ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
+    else if (slot.slotBase() == asCell(baseValue)->structure()->prototypeForLookup(callFrame)) {
+        // Since we're accessing a prototype in a loop, it's a good bet that it
+        // should not be treated as a dictionary.
+        if (slotBaseObject->structure()->isDictionary())
+            slotBaseObject->setStructure(Structure::fromDictionaryTransition(slotBaseObject->structure()));
+
+        int listIndex;
+        PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
+
+        JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), slot.cachedOffset());
+
+        if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+            ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+    } else if (size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot)) {
+        StructureChain* protoChain = structure->prototypeChain(callFrame);
+        if (!protoChain->isCacheable()) {
+            ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
+            return JSValue::encode(result);
+        }
+        
+        int listIndex;
+        PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex);
+        JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, protoChain, count, slot.cachedOffset());
+
+        if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+            ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full));
+    } else
+        ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_fail));
+
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_proto_list_full)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(stackFrame.callFrame, stackFrame.args[1].identifier(), slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_proto_fail)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(stackFrame.callFrame, stackFrame.args[1].identifier(), slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_array_fail)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(stackFrame.callFrame, stackFrame.args[1].identifier(), slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_id_string_fail)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(stackFrame.callFrame, stackFrame.args[1].identifier(), slot);
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+#endif // ENABLE(JIT_OPTIMIZE_PROPERTY_ACCESS)
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_instanceof)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue value = stackFrame.args[0].jsValue();
+    JSValue baseVal = stackFrame.args[1].jsValue();
+    JSValue proto = stackFrame.args[2].jsValue();
+
+    // At least one of these checks must have failed to get to the slow case.
+    ASSERT(!value.isCell() || !baseVal.isCell() || !proto.isCell()
+           || !value.isObject() || !baseVal.isObject() || !proto.isObject() 
+           || (asObject(baseVal)->structure()->typeInfo().flags() & (ImplementsHasInstance | OverridesHasInstance)) != ImplementsHasInstance);
+
+
+    // ECMA-262 15.3.5.3:
+    // Throw an exception either if baseVal is not an object, or if it does not implement 'HasInstance' (i.e. is a function).
+    TypeInfo typeInfo(UnspecifiedType, 0);
+    if (!baseVal.isObject() || !(typeInfo = asObject(baseVal)->structure()->typeInfo()).implementsHasInstance()) {
+        CallFrame* callFrame = stackFrame.callFrame;
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+        stackFrame.globalData->exception = createInvalidParamError(callFrame, "instanceof", baseVal, vPCIndex, codeBlock);
+        VM_THROW_EXCEPTION();
+    }
+    ASSERT(typeInfo.type() != UnspecifiedType);
+
+    if (!typeInfo.overridesHasInstance()) {
+        if (!value.isObject())
+            return JSValue::encode(jsBoolean(false));
+
+        if (!proto.isObject()) {
+            throwError(callFrame, TypeError, "instanceof called on an object with an invalid prototype property.");
+            VM_THROW_EXCEPTION();
+        }
+    }
+
+    JSValue result = jsBoolean(asObject(baseVal)->hasInstance(callFrame, value, proto));
+    CHECK_FOR_EXCEPTION_AT_END();
+
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_del_by_id)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    
+    JSObject* baseObj = stackFrame.args[0].jsValue().toObject(callFrame);
+
+    JSValue result = jsBoolean(baseObj->deleteProperty(callFrame, stackFrame.args[1].identifier()));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_mul)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    double left;
+    double right;
+    if (src1.getNumber(left) && src2.getNumber(right))
+        return JSValue::encode(jsNumber(stackFrame.globalData, left * right));
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, src1.toNumber(callFrame) * src2.toNumber(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_func)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return stackFrame.args[0].function()->make(stackFrame.callFrame, stackFrame.callFrame->scopeChain());
+}
+
+DEFINE_STUB_FUNCTION(void*, op_call_JSFunction)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+#ifndef NDEBUG
+    CallData callData;
+    ASSERT(stackFrame.args[0].jsValue().getCallData(callData) == CallTypeJS);
+#endif
+
+    JSFunction* function = asFunction(stackFrame.args[0].jsValue());
+    ASSERT(!function->isHostFunction());
+    FunctionExecutable* executable = function->jsExecutable();
+    ScopeChainNode* callDataScopeChain = function->scope().node();
+    executable->jitCode(stackFrame.callFrame, callDataScopeChain);
+
+    return function;
+}
+
+DEFINE_STUB_FUNCTION(VoidPtrPair, op_call_arityCheck)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSFunction* callee = asFunction(stackFrame.args[0].jsValue());
+    ASSERT(!callee->isHostFunction());
+    CodeBlock* newCodeBlock = &callee->jsExecutable()->generatedBytecode();
+    int argCount = stackFrame.args[2].int32();
+
+    ASSERT(argCount != newCodeBlock->m_numParameters);
+
+    CallFrame* oldCallFrame = callFrame->callerFrame();
+
+    if (argCount > newCodeBlock->m_numParameters) {
+        size_t numParameters = newCodeBlock->m_numParameters;
+        Register* r = callFrame->registers() + numParameters;
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argCount;
+        for (size_t i = 0; i < numParameters; ++i)
+            argv[i + argCount] = argv[i];
+
+        callFrame = CallFrame::create(r);
+        callFrame->setCallerFrame(oldCallFrame);
+    } else {
+        size_t omittedArgCount = newCodeBlock->m_numParameters - argCount;
+        Register* r = callFrame->registers() + omittedArgCount;
+        Register* newEnd = r + newCodeBlock->m_numCalleeRegisters;
+        if (!stackFrame.registerFile->grow(newEnd)) {
+            // Rewind to the previous call frame because op_call already optimistically
+            // moved the call frame forward.
+            stackFrame.callFrame = oldCallFrame;
+            throwStackOverflowError(oldCallFrame, stackFrame.globalData, stackFrame.args[1].returnAddress(), STUB_RETURN_ADDRESS);
+            RETURN_POINTER_PAIR(0, 0);
+        }
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
+        for (size_t i = 0; i < omittedArgCount; ++i)
+            argv[i] = jsUndefined();
+
+        callFrame = CallFrame::create(r);
+        callFrame->setCallerFrame(oldCallFrame);
+    }
+
+    RETURN_POINTER_PAIR(callee, callFrame);
+}
+
+#if ENABLE(JIT_OPTIMIZE_CALL)
+DEFINE_STUB_FUNCTION(void*, vm_lazyLinkCall)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    JSFunction* callee = asFunction(stackFrame.args[0].jsValue());
+    ExecutableBase* executable = callee->executable();
+    JITCode& jitCode = executable->generatedJITCode();
+    
+    CodeBlock* codeBlock = 0;
+    if (!executable->isHostFunction())
+        codeBlock = &static_cast<FunctionExecutable*>(executable)->bytecode(stackFrame.callFrame, callee->scope().node());
+    CallLinkInfo* callLinkInfo = &stackFrame.callFrame->callerFrame()->codeBlock()->getCallLinkInfo(stackFrame.args[1].returnAddress());
+
+    if (!callLinkInfo->seenOnce())
+        callLinkInfo->setSeen();
+    else
+        JIT::linkCall(callee, stackFrame.callFrame->callerFrame()->codeBlock(), codeBlock, jitCode, callLinkInfo, stackFrame.args[2].int32(), stackFrame.globalData);
+
+    return jitCode.addressForCall().executableAddress();
+}
+#endif // !ENABLE(JIT_OPTIMIZE_CALL)
+
+DEFINE_STUB_FUNCTION(JSObject*, op_push_activation)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSActivation* activation = new (stackFrame.globalData) JSActivation(stackFrame.callFrame, static_cast<FunctionExecutable*>(stackFrame.callFrame->codeBlock()->ownerExecutable()));
+    stackFrame.callFrame->setScopeChain(stackFrame.callFrame->scopeChain()->copy()->push(activation));
+    return activation;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_call_NotJSFunction)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue funcVal = stackFrame.args[0].jsValue();
+
+    CallData callData;
+    CallType callType = funcVal.getCallData(callData);
+
+    ASSERT(callType != CallTypeJS);
+
+    if (callType == CallTypeHost) {
+        int registerOffset = stackFrame.args[1].int32();
+        int argCount = stackFrame.args[2].int32();
+        CallFrame* previousCallFrame = stackFrame.callFrame;
+        CallFrame* callFrame = CallFrame::create(previousCallFrame->registers() + registerOffset);
+
+        callFrame->init(0, static_cast<Instruction*>((STUB_RETURN_ADDRESS).value()), previousCallFrame->scopeChain(), previousCallFrame, 0, argCount, 0);
+        stackFrame.callFrame = callFrame;
+
+        Register* argv = stackFrame.callFrame->registers() - RegisterFile::CallFrameHeaderSize - argCount;
+        ArgList argList(argv + 1, argCount - 1);
+
+        JSValue returnValue;
+        {
+            SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
+
+            // FIXME: All host methods should be calling toThisObject, but this is not presently the case.
+            JSValue thisValue = argv[0].jsValue();
+            if (thisValue == jsNull())
+                thisValue = callFrame->globalThisValue();
+
+            returnValue = callData.native.function(callFrame, asObject(funcVal), thisValue, argList);
+        }
+        stackFrame.callFrame = previousCallFrame;
+        CHECK_FOR_EXCEPTION();
+
+        return JSValue::encode(returnValue);
+    }
+
+    ASSERT(callType == CallTypeNone);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createNotAFunctionError(stackFrame.callFrame, funcVal, vPCIndex, codeBlock);
+    VM_THROW_EXCEPTION();
+}
+
+DEFINE_STUB_FUNCTION(void, op_create_arguments)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    Arguments* arguments = new (stackFrame.globalData) Arguments(stackFrame.callFrame);
+    stackFrame.callFrame->setCalleeArguments(arguments);
+    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = JSValue(arguments);
+}
+
+DEFINE_STUB_FUNCTION(void, op_create_arguments_no_params)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    Arguments* arguments = new (stackFrame.globalData) Arguments(stackFrame.callFrame, Arguments::NoParameters);
+    stackFrame.callFrame->setCalleeArguments(arguments);
+    stackFrame.callFrame[RegisterFile::ArgumentsRegister] = JSValue(arguments);
+}
+
+DEFINE_STUB_FUNCTION(void, op_tear_off_activation)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ASSERT(stackFrame.callFrame->codeBlock()->needsFullScopeChain());
+    asActivation(stackFrame.args[0].jsValue())->copyRegisters(stackFrame.callFrame->optionalCalleeArguments());
+}
+
+DEFINE_STUB_FUNCTION(void, op_tear_off_arguments)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ASSERT(stackFrame.callFrame->codeBlock()->usesArguments() && !stackFrame.callFrame->codeBlock()->needsFullScopeChain());
+    if (stackFrame.callFrame->optionalCalleeArguments())
+        stackFrame.callFrame->optionalCalleeArguments()->copyRegisters();
+}
+
+DEFINE_STUB_FUNCTION(void, op_profile_will_call)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ASSERT(*stackFrame.enabledProfilerReference);
+    (*stackFrame.enabledProfilerReference)->willExecute(stackFrame.callFrame, stackFrame.args[0].jsValue());
+}
+
+DEFINE_STUB_FUNCTION(void, op_profile_did_call)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ASSERT(*stackFrame.enabledProfilerReference);
+    (*stackFrame.enabledProfilerReference)->didExecute(stackFrame.callFrame, stackFrame.args[0].jsValue());
+}
+
+DEFINE_STUB_FUNCTION(void, op_ret_scopeChain)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ASSERT(stackFrame.callFrame->codeBlock()->needsFullScopeChain());
+    stackFrame.callFrame->scopeChain()->deref();
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_array)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    ArgList argList(&stackFrame.callFrame->registers()[stackFrame.args[0].int32()], stackFrame.args[1].int32());
+    return constructArray(stackFrame.callFrame, argList);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+    ASSERT(iter != end);
+
+    Identifier& ident = stackFrame.args[0].identifier();
+    do {
+        JSObject* o = *iter;
+        PropertySlot slot(o);
+        if (o->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            CHECK_FOR_EXCEPTION_AT_END();
+            return JSValue::encode(result);
+        }
+    } while (++iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
+    VM_THROW_EXCEPTION();
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_construct_JSConstruct)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSFunction* constructor = asFunction(stackFrame.args[0].jsValue());
+    if (constructor->isHostFunction()) {
+        CallFrame* callFrame = stackFrame.callFrame;
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+        stackFrame.globalData->exception = createNotAConstructorError(callFrame, constructor, vPCIndex, codeBlock);
+        VM_THROW_EXCEPTION();
+    }
+
+#ifndef NDEBUG
+    ConstructData constructData;
+    ASSERT(constructor->getConstructData(constructData) == ConstructTypeJS);
+#endif
+
+    Structure* structure;
+    if (stackFrame.args[3].jsValue().isObject())
+        structure = asObject(stackFrame.args[3].jsValue())->inheritorID();
+    else
+        structure = constructor->scope().node()->globalObject()->emptyObjectStructure();
+#ifdef QT_BUILD_SCRIPT_LIB
+    return new (stackFrame.globalData) QT_PREPEND_NAMESPACE(QScriptObject)(structure);
+#else
+    return new (stackFrame.globalData) JSObject(structure);
+#endif
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_construct_NotJSConstruct)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue constrVal = stackFrame.args[0].jsValue();
+    int argCount = stackFrame.args[2].int32();
+    int thisRegister = stackFrame.args[4].int32();
+
+    ConstructData constructData;
+    ConstructType constructType = constrVal.getConstructData(constructData);
+
+    if (constructType == ConstructTypeHost) {
+        ArgList argList(callFrame->registers() + thisRegister + 1, argCount - 1);
+
+        JSValue returnValue;
+        {
+            SamplingTool::HostCallRecord callRecord(CTI_SAMPLER);
+            returnValue = constructData.native.function(callFrame, asObject(constrVal), argList);
+        }
+        CHECK_FOR_EXCEPTION();
+
+        return JSValue::encode(returnValue);
+    }
+
+    ASSERT(constructType == ConstructTypeNone);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createNotAConstructorError(callFrame, constrVal, vPCIndex, codeBlock);
+    VM_THROW_EXCEPTION();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalData* globalData = stackFrame.globalData;
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSValue subscript = stackFrame.args[1].jsValue();
+
+    JSValue result;
+
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
+        if (isJSArray(globalData, baseValue)) {
+            JSArray* jsArray = asArray(baseValue);
+            if (jsArray->canGetIndex(i))
+                result = jsArray->getIndex(i);
+            else
+                result = jsArray->JSArray::get(callFrame, i);
+        } else if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i)) {
+            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+            ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val_string));
+            result = asString(baseValue)->getIndex(stackFrame.globalData, i);
+        } else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+            ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val_byte_array));
+            return JSValue::encode(asByteArray(baseValue)->getIndex(callFrame, i));
+        } else
+            result = baseValue.get(callFrame, i);
+    } else {
+        Identifier property(callFrame, subscript.toString(callFrame));
+        result = baseValue.get(callFrame, property);
+    }
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+    
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val_string)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalData* globalData = stackFrame.globalData;
+    
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSValue subscript = stackFrame.args[1].jsValue();
+    
+    JSValue result;
+    
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
+        if (isJSString(globalData, baseValue) && asString(baseValue)->canGetIndex(i))
+            result = asString(baseValue)->getIndex(stackFrame.globalData, i);
+        else {
+            result = baseValue.get(callFrame, i);
+            if (!isJSString(globalData, baseValue))
+                ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val));
+        }
+    } else {
+        Identifier property(callFrame, subscript.toString(callFrame));
+        result = baseValue.get(callFrame, property);
+    }
+    
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+    
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_get_by_val_byte_array)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalData* globalData = stackFrame.globalData;
+    
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSValue subscript = stackFrame.args[1].jsValue();
+    
+    JSValue result;
+
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
+        if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+            return JSValue::encode(asByteArray(baseValue)->getIndex(callFrame, i));
+        }
+
+        result = baseValue.get(callFrame, i);
+        if (!isJSByteArray(globalData, baseValue))
+            ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_val));
+    } else {
+        Identifier property(callFrame, subscript.toString(callFrame));
+        result = baseValue.get(callFrame, property);
+    }
+    
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_sub)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    double left;
+    double right;
+    if (src1.getNumber(left) && src2.getNumber(right))
+        return JSValue::encode(jsNumber(stackFrame.globalData, left - right));
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, src1.toNumber(callFrame) - src2.toNumber(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_by_val)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalData* globalData = stackFrame.globalData;
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSValue subscript = stackFrame.args[1].jsValue();
+    JSValue value = stackFrame.args[2].jsValue();
+
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
+        if (isJSArray(globalData, baseValue)) {
+            JSArray* jsArray = asArray(baseValue);
+            if (jsArray->canSetIndex(i))
+                jsArray->setIndex(i, value);
+            else
+                jsArray->JSArray::put(callFrame, i, value);
+        } else if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+            JSByteArray* jsByteArray = asByteArray(baseValue);
+            ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_put_by_val_byte_array));
+            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+            if (value.isInt32()) {
+                jsByteArray->setIndex(i, value.asInt32());
+                return;
+            } else {
+                double dValue = 0;
+                if (value.getNumber(dValue)) {
+                    jsByteArray->setIndex(i, dValue);
+                    return;
+                }
+            }
+
+            baseValue.put(callFrame, i, value);
+        } else
+            baseValue.put(callFrame, i, value);
+    } else {
+        Identifier property(callFrame, subscript.toString(callFrame));
+        if (!stackFrame.globalData->exception) { // Don't put to an object if toString threw an exception.
+            PutPropertySlot slot;
+            baseValue.put(callFrame, property, value, slot);
+        }
+    }
+
+    CHECK_FOR_EXCEPTION_AT_END();
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_by_val_byte_array)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalData* globalData = stackFrame.globalData;
+    
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSValue subscript = stackFrame.args[1].jsValue();
+    JSValue value = stackFrame.args[2].jsValue();
+    
+    if (LIKELY(subscript.isUInt32())) {
+        uint32_t i = subscript.asUInt32();
+        if (isJSByteArray(globalData, baseValue) && asByteArray(baseValue)->canAccessIndex(i)) {
+            JSByteArray* jsByteArray = asByteArray(baseValue);
+            
+            // All fast byte array accesses are safe from exceptions so return immediately to avoid exception checks.
+            if (value.isInt32()) {
+                jsByteArray->setIndex(i, value.asInt32());
+                return;
+            } else {
+                double dValue = 0;                
+                if (value.getNumber(dValue)) {
+                    jsByteArray->setIndex(i, dValue);
+                    return;
+                }
+            }
+        }
+
+        if (!isJSByteArray(globalData, baseValue))
+            ctiPatchCallByReturnAddress(callFrame->codeBlock(), STUB_RETURN_ADDRESS, FunctionPtr(cti_op_put_by_val));
+        baseValue.put(callFrame, i, value);
+    } else {
+        Identifier property(callFrame, subscript.toString(callFrame));
+        if (!stackFrame.globalData->exception) { // Don't put to an object if toString threw an exception.
+            PutPropertySlot slot;
+            baseValue.put(callFrame, property, value, slot);
+        }
+    }
+    
+    CHECK_FOR_EXCEPTION_AT_END();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_lesseq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsBoolean(jsLessEq(callFrame, stackFrame.args[0].jsValue(), stackFrame.args[1].jsValue()));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(int, op_loop_if_true)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = src1.toBoolean(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+    
+DEFINE_STUB_FUNCTION(int, op_load_varargs)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    RegisterFile* registerFile = stackFrame.registerFile;
+    int argsOffset = stackFrame.args[0].int32();
+    JSValue arguments = callFrame->registers()[argsOffset].jsValue();
+    uint32_t argCount = 0;
+    if (!arguments) {
+        int providedParams = callFrame->registers()[RegisterFile::ArgumentCount].i() - 1;
+        argCount = providedParams;
+        int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+        Register* newEnd = callFrame->registers() + sizeDelta;
+        if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+            stackFrame.globalData->exception = createStackOverflowError(callFrame);
+            VM_THROW_EXCEPTION();
+        }
+        int32_t expectedParams = asFunction(callFrame->callee())->jsExecutable()->parameterCount();
+        int32_t inplaceArgs = min(providedParams, expectedParams);
+        
+        Register* inplaceArgsDst = callFrame->registers() + argsOffset;
+
+        Register* inplaceArgsEnd = inplaceArgsDst + inplaceArgs;
+        Register* inplaceArgsEnd2 = inplaceArgsDst + providedParams;
+
+        Register* inplaceArgsSrc = callFrame->registers() - RegisterFile::CallFrameHeaderSize - expectedParams;
+        Register* inplaceArgsSrc2 = inplaceArgsSrc - providedParams - 1 + inplaceArgs;
+ 
+        // First step is to copy the "expected" parameters from their normal location relative to the callframe
+        while (inplaceArgsDst < inplaceArgsEnd)
+            *inplaceArgsDst++ = *inplaceArgsSrc++;
+
+        // Then we copy any additional arguments that may be further up the stack ('-1' to account for 'this')
+        while (inplaceArgsDst < inplaceArgsEnd2)
+            *inplaceArgsDst++ = *inplaceArgsSrc2++;
+
+    } else if (!arguments.isUndefinedOrNull()) {
+        if (!arguments.isObject()) {
+            CodeBlock* codeBlock = callFrame->codeBlock();
+            unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+            stackFrame.globalData->exception = createInvalidParamError(callFrame, "Function.prototype.apply", arguments, vPCIndex, codeBlock);
+            VM_THROW_EXCEPTION();
+        }
+        if (asObject(arguments)->classInfo() == &Arguments::info) {
+            Arguments* argsObject = asArguments(arguments);
+            argCount = argsObject->numProvidedArguments(callFrame);
+            int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+            Register* newEnd = callFrame->registers() + sizeDelta;
+            if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                stackFrame.globalData->exception = createStackOverflowError(callFrame);
+                VM_THROW_EXCEPTION();
+            }
+            argsObject->copyToRegisters(callFrame, callFrame->registers() + argsOffset, argCount);
+        } else if (isJSArray(&callFrame->globalData(), arguments)) {
+            JSArray* array = asArray(arguments);
+            argCount = array->length();
+            int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+            Register* newEnd = callFrame->registers() + sizeDelta;
+            if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                stackFrame.globalData->exception = createStackOverflowError(callFrame);
+                VM_THROW_EXCEPTION();
+            }
+            array->copyToRegisters(callFrame, callFrame->registers() + argsOffset, argCount);
+        } else if (asObject(arguments)->inherits(&JSArray::info)) {
+            JSObject* argObject = asObject(arguments);
+            argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame);
+            int32_t sizeDelta = argsOffset + argCount + RegisterFile::CallFrameHeaderSize;
+            Register* newEnd = callFrame->registers() + sizeDelta;
+            if (!registerFile->grow(newEnd) || ((newEnd - callFrame->registers()) != sizeDelta)) {
+                stackFrame.globalData->exception = createStackOverflowError(callFrame);
+                VM_THROW_EXCEPTION();
+            }
+            Register* argsBuffer = callFrame->registers() + argsOffset;
+            for (unsigned i = 0; i < argCount; ++i) {
+                argsBuffer[i] = asObject(arguments)->get(callFrame, i);
+                CHECK_FOR_EXCEPTION();
+            }
+        } else {
+            CodeBlock* codeBlock = callFrame->codeBlock();
+            unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+            stackFrame.globalData->exception = createInvalidParamError(callFrame, "Function.prototype.apply", arguments, vPCIndex, codeBlock);
+            VM_THROW_EXCEPTION();
+        }
+    }
+
+    return argCount + 1;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_negate)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src = stackFrame.args[0].jsValue();
+
+    double v;
+    if (src.getNumber(v))
+        return JSValue::encode(jsNumber(stackFrame.globalData, -v));
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, -src.toNumber(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_base)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(JSC::resolveBase(stackFrame.callFrame, stackFrame.args[0].identifier(), stackFrame.callFrame->scopeChain()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_skip)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+
+    int skip = stackFrame.args[1].int32();
+
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+    ASSERT(iter != end);
+    while (skip--) {
+        ++iter;
+        ASSERT(iter != end);
+    }
+    Identifier& ident = stackFrame.args[0].identifier();
+    do {
+        JSObject* o = *iter;
+        PropertySlot slot(o);
+        if (o->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            CHECK_FOR_EXCEPTION_AT_END();
+            return JSValue::encode(result);
+        }
+    } while (++iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
+    VM_THROW_EXCEPTION();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_global)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSGlobalObject* globalObject = stackFrame.args[0].globalObject();
+    Identifier& ident = stackFrame.args[1].identifier();
+    unsigned globalResolveInfoIndex = stackFrame.args[2].int32();
+    ASSERT(globalObject->isGlobalObject());
+
+    PropertySlot slot(globalObject);
+    if (globalObject->getPropertySlot(callFrame, ident, slot)) {
+        JSValue result = slot.getValue(callFrame, ident);
+        if (slot.isCacheable() && !globalObject->structure()->isUncacheableDictionary() && slot.slotBase() == globalObject) {
+            GlobalResolveInfo& globalResolveInfo = callFrame->codeBlock()->globalResolveInfo(globalResolveInfoIndex);
+            if (globalResolveInfo.structure)
+                globalResolveInfo.structure->deref();
+            globalObject->structure()->ref();
+            globalResolveInfo.structure = globalObject->structure();
+            globalResolveInfo.offset = slot.cachedOffset();
+            return JSValue::encode(result);
+        }
+
+        CHECK_FOR_EXCEPTION_AT_END();
+        return JSValue::encode(result);
+    }
+
+    unsigned vPCIndex = callFrame->codeBlock()->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, callFrame->codeBlock());
+    VM_THROW_EXCEPTION();
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_div)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    double left;
+    double right;
+    if (src1.getNumber(left) && src2.getNumber(right))
+        return JSValue::encode(jsNumber(stackFrame.globalData, left / right));
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, src1.toNumber(callFrame) / src2.toNumber(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_pre_dec)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, v.toNumber(callFrame) - 1);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(int, op_jless)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = jsLess(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(int, op_jlesseq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = jsLessEq(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_not)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue result = jsBoolean(!src.toBoolean(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(int, op_jtrue)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = src1.toBoolean(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_post_inc)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue number = v.toJSNumber(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+
+    callFrame->registers()[stackFrame.args[1].int32()] = jsNumber(stackFrame.globalData, number.uncheckedGetNumber() + 1);
+    return JSValue::encode(number);
+}
+
+#if USE(JSVALUE32_64)
+
+DEFINE_STUB_FUNCTION(int, op_eq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    start:
+    if (src2.isUndefined()) {
+        return src1.isNull() || 
+               (src1.isCell() && asCell(src1)->structure()->typeInfo().masqueradesAsUndefined()) ||
+               src1.isUndefined();
+    }
+    
+    if (src2.isNull()) {
+        return src1.isUndefined() || 
+               (src1.isCell() && asCell(src1)->structure()->typeInfo().masqueradesAsUndefined()) ||
+               src1.isNull();
+    }
+
+    if (src1.isInt32()) {
+        if (src2.isDouble())
+            return src1.asInt32() == src2.asDouble();
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return src1.asInt32() == d;
+    }
+
+    if (src1.isDouble()) {
+        if (src2.isInt32())
+            return src1.asDouble() == src2.asInt32();
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return src1.asDouble() == d;
+    }
+
+    if (src1.isTrue()) {
+        if (src2.isFalse())
+            return false;
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return d == 1.0;
+    }
+
+    if (src1.isFalse()) {
+        if (src2.isTrue())
+            return false;
+        double d = src2.toNumber(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        return d == 0.0;
+    }
+    
+    if (src1.isUndefined())
+        return src2.isCell() && asCell(src2)->structure()->typeInfo().masqueradesAsUndefined();
+    
+    if (src1.isNull())
+        return src2.isCell() && asCell(src2)->structure()->typeInfo().masqueradesAsUndefined();
+
+    JSCell* cell1 = asCell(src1);
+
+    if (cell1->isString()) {
+        if (src2.isInt32())
+            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asInt32();
+            
+        if (src2.isDouble())
+            return static_cast<JSString*>(cell1)->value().toDouble() == src2.asDouble();
+
+        if (src2.isTrue())
+            return static_cast<JSString*>(cell1)->value().toDouble() == 1.0;
+
+        if (src2.isFalse())
+            return static_cast<JSString*>(cell1)->value().toDouble() == 0.0;
+
+        JSCell* cell2 = asCell(src2);
+        if (cell2->isString())
+            return static_cast<JSString*>(cell1)->value() == static_cast<JSString*>(cell2)->value();
+
+        src2 = asObject(cell2)->toPrimitive(stackFrame.callFrame);
+        CHECK_FOR_EXCEPTION();
+        goto start;
+    }
+
+    if (src2.isObject()) {
+        return asObject(cell1) == asObject(src2)
+#ifdef QT_BUILD_SCRIPT_LIB
+            || asObject(cell1)->compareToObject(stackFrame.callFrame, asObject(src2))
+#endif
+            ;
+    }
+    src1 = asObject(cell1)->toPrimitive(stackFrame.callFrame);
+    CHECK_FOR_EXCEPTION();
+    goto start;
+}
+
+DEFINE_STUB_FUNCTION(int, op_eq_strings)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSString* string1 = stackFrame.args[0].jsString();
+    JSString* string2 = stackFrame.args[1].jsString();
+
+    ASSERT(string1->isString());
+    ASSERT(string2->isString());
+    return string1->value() == string2->value();
+}
+
+#else // USE(JSVALUE32_64)
+
+DEFINE_STUB_FUNCTION(int, op_eq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    bool result = JSValue::equalSlowCaseInline(callFrame, src1, src2);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return result;
+}
+
+#endif // USE(JSVALUE32_64)
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_lshift)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue val = stackFrame.args[0].jsValue();
+    JSValue shift = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, (val.toInt32(callFrame)) << (shift.toUInt32(callFrame) & 0x1f));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_bitand)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    ASSERT(!src1.isInt32() || !src2.isInt32());
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, src1.toInt32(callFrame) & src2.toInt32(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_rshift)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue val = stackFrame.args[0].jsValue();
+    JSValue shift = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, (val.toInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_bitnot)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src = stackFrame.args[0].jsValue();
+
+    ASSERT(!src.isInt32());
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, ~src.toInt32(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_resolve_with_base)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    ScopeChainNode* scopeChain = callFrame->scopeChain();
+
+    ScopeChainIterator iter = scopeChain->begin();
+    ScopeChainIterator end = scopeChain->end();
+
+    // FIXME: add scopeDepthIsZero optimization
+
+    ASSERT(iter != end);
+
+    Identifier& ident = stackFrame.args[0].identifier();
+    JSObject* base;
+    do {
+        base = *iter;
+        PropertySlot slot(base);
+        if (base->getPropertySlot(callFrame, ident, slot)) {
+            JSValue result = slot.getValue(callFrame, ident);
+            CHECK_FOR_EXCEPTION_AT_END();
+
+            callFrame->registers()[stackFrame.args[1].int32()] = JSValue(base);
+            return JSValue::encode(result);
+        }
+        ++iter;
+    } while (iter != end);
+
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+    stackFrame.globalData->exception = createUndefinedVariableError(callFrame, ident, vPCIndex, codeBlock);
+    VM_THROW_EXCEPTION_AT_END();
+    return JSValue::encode(JSValue());
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_func_exp)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    FunctionExecutable* function = stackFrame.args[0].function();
+    JSFunction* func = function->make(callFrame, callFrame->scopeChain());
+
+    /* 
+        The Identifier in a FunctionExpression can be referenced from inside
+        the FunctionExpression's FunctionBody to allow the function to call
+        itself recursively. However, unlike in a FunctionDeclaration, the
+        Identifier in a FunctionExpression cannot be referenced from and
+        does not affect the scope enclosing the FunctionExpression.
+     */
+    if (!function->name().isNull()) {
+        JSStaticScopeObject* functionScopeObject = new (callFrame) JSStaticScopeObject(callFrame, function->name(), func, ReadOnly | DontDelete);
+        func->scope().push(functionScopeObject);
+    }
+
+    return func;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_mod)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue dividendValue = stackFrame.args[0].jsValue();
+    JSValue divisorValue = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    double d = dividendValue.toNumber(callFrame);
+    JSValue result = jsNumber(stackFrame.globalData, fmod(d, divisorValue.toNumber(callFrame)));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_less)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsBoolean(jsLess(callFrame, stackFrame.args[0].jsValue(), stackFrame.args[1].jsValue()));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_post_dec)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v = stackFrame.args[0].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue number = v.toJSNumber(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+
+    callFrame->registers()[stackFrame.args[1].int32()] = jsNumber(stackFrame.globalData, number.uncheckedGetNumber() - 1);
+    return JSValue::encode(number);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_urshift)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue val = stackFrame.args[0].jsValue();
+    JSValue shift = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue result = jsNumber(stackFrame.globalData, (val.toUInt32(callFrame)) >> (shift.toUInt32(callFrame) & 0x1f));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_bitxor)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue result = jsNumber(stackFrame.globalData, src1.toInt32(callFrame) ^ src2.toInt32(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_regexp)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return new (stackFrame.globalData) RegExpObject(stackFrame.callFrame->lexicalGlobalObject()->regExpStructure(), stackFrame.args[0].regExp());
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_bitor)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue result = jsNumber(stackFrame.globalData, src1.toInt32(callFrame) | src2.toInt32(callFrame));
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_call_eval)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    RegisterFile* registerFile = stackFrame.registerFile;
+
+    Interpreter* interpreter = stackFrame.globalData->interpreter;
+    
+    JSValue funcVal = stackFrame.args[0].jsValue();
+    int registerOffset = stackFrame.args[1].int32();
+    int argCount = stackFrame.args[2].int32();
+
+    Register* newCallFrame = callFrame->registers() + registerOffset;
+    Register* argv = newCallFrame - RegisterFile::CallFrameHeaderSize - argCount;
+    JSValue thisValue = argv[0].jsValue();
+    JSGlobalObject* globalObject = callFrame->scopeChain()->globalObject();
+
+    if (thisValue == globalObject && funcVal == globalObject->evalFunction()) {
+        JSValue exceptionValue;
+        JSValue result = interpreter->callEval(callFrame, registerFile, argv, argCount, registerOffset, exceptionValue);
+        if (UNLIKELY(exceptionValue)) {
+            stackFrame.globalData->exception = exceptionValue;
+            VM_THROW_EXCEPTION_AT_END();
+        }
+        return JSValue::encode(result);
+    }
+
+    return JSValue::encode(JSValue());
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_throw)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+
+    JSValue exceptionValue = stackFrame.args[0].jsValue();
+    ASSERT(exceptionValue);
+
+    HandlerInfo* handler = stackFrame.globalData->interpreter->throwException(callFrame, exceptionValue, vPCIndex, true);
+
+    if (!handler) {
+        *stackFrame.exception = exceptionValue;
+        STUB_SET_RETURN_ADDRESS(reinterpret_cast<void*>(ctiOpThrowNotCaught));
+        return JSValue::encode(jsNull());
+    }
+
+    stackFrame.callFrame = callFrame;
+    void* catchRoutine = handler->nativeCode.executableAddress();
+    ASSERT(catchRoutine);
+    STUB_SET_RETURN_ADDRESS(catchRoutine);
+    return JSValue::encode(exceptionValue);
+}
+
+DEFINE_STUB_FUNCTION(JSPropertyNameIterator*, op_get_pnames)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSPropertyNameIterator::create(stackFrame.callFrame, stackFrame.args[0].jsValue());
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_next_pname)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSPropertyNameIterator* it = stackFrame.args[0].propertyNameIterator();
+    JSValue temp = it->next(stackFrame.callFrame);
+    if (!temp)
+        it->invalidate();
+    return JSValue::encode(temp);
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_push_scope)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSObject* o = stackFrame.args[0].jsValue().toObject(stackFrame.callFrame);
+    CHECK_FOR_EXCEPTION();
+    stackFrame.callFrame->setScopeChain(stackFrame.callFrame->scopeChain()->push(o));
+    return o;
+}
+
+DEFINE_STUB_FUNCTION(void, op_pop_scope)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    stackFrame.callFrame->setScopeChain(stackFrame.callFrame->scopeChain()->pop());
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_typeof)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsTypeStringForValue(stackFrame.callFrame, stackFrame.args[0].jsValue()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_undefined)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue v = stackFrame.args[0].jsValue();
+    return JSValue::encode(jsBoolean(v.isCell() ? v.asCell()->structure()->typeInfo().masqueradesAsUndefined() : v.isUndefined()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_boolean)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsBoolean(stackFrame.args[0].jsValue().isBoolean()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_number)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsBoolean(stackFrame.args[0].jsValue().isNumber()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_string)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsBoolean(isJSString(stackFrame.globalData, stackFrame.args[0].jsValue())));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_object)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsBoolean(jsIsObjectType(stackFrame.args[0].jsValue())));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_is_function)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(jsBoolean(jsIsFunctionType(stackFrame.args[0].jsValue())));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_stricteq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    return JSValue::encode(jsBoolean(JSValue::strictEqual(src1, src2)));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_to_primitive)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(stackFrame.args[0].jsValue().toPrimitive(stackFrame.callFrame));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_strcat)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    return JSValue::encode(concatenateStrings(stackFrame.callFrame, &stackFrame.callFrame->registers()[stackFrame.args[0].int32()], stackFrame.args[1].int32()));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_nstricteq)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src1 = stackFrame.args[0].jsValue();
+    JSValue src2 = stackFrame.args[1].jsValue();
+
+    return JSValue::encode(jsBoolean(!JSValue::strictEqual(src1, src2)));
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_to_jsnumber)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue src = stackFrame.args[0].jsValue();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue result = src.toJSNumber(callFrame);
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_in)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    JSValue baseVal = stackFrame.args[1].jsValue();
+
+    if (!baseVal.isObject()) {
+        CallFrame* callFrame = stackFrame.callFrame;
+        CodeBlock* codeBlock = callFrame->codeBlock();
+        unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, STUB_RETURN_ADDRESS);
+        stackFrame.globalData->exception = createInvalidParamError(callFrame, "in", baseVal, vPCIndex, codeBlock);
+        VM_THROW_EXCEPTION();
+    }
+
+    JSValue propName = stackFrame.args[0].jsValue();
+    JSObject* baseObj = asObject(baseVal);
+
+    uint32_t i;
+    if (propName.getUInt32(i))
+        return JSValue::encode(jsBoolean(baseObj->hasProperty(callFrame, i)));
+
+    Identifier property(callFrame, propName.toString(callFrame));
+    CHECK_FOR_EXCEPTION();
+    return JSValue::encode(jsBoolean(baseObj->hasProperty(callFrame, property)));
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_push_new_scope)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSObject* scope = new (stackFrame.globalData) JSStaticScopeObject(stackFrame.callFrame, stackFrame.args[0].identifier(), stackFrame.args[1].jsValue(), DontDelete);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    callFrame->setScopeChain(callFrame->scopeChain()->push(scope));
+    return scope;
+}
+
+DEFINE_STUB_FUNCTION(void, op_jmp_scopes)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    unsigned count = stackFrame.args[0].int32();
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    ScopeChainNode* tmp = callFrame->scopeChain();
+    while (count--)
+        tmp = tmp->pop();
+    callFrame->setScopeChain(tmp);
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_by_index)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    unsigned property = stackFrame.args[1].int32();
+
+    stackFrame.args[0].jsValue().put(callFrame, property, stackFrame.args[2].jsValue());
+}
+
+DEFINE_STUB_FUNCTION(void*, op_switch_imm)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue scrutinee = stackFrame.args[0].jsValue();
+    unsigned tableIndex = stackFrame.args[1].int32();
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+
+    if (scrutinee.isInt32())
+        return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(scrutinee.asInt32()).executableAddress();
+    else {
+        double value;
+        int32_t intValue;
+        if (scrutinee.getNumber(value) && ((intValue = static_cast<int32_t>(value)) == value))
+            return codeBlock->immediateSwitchJumpTable(tableIndex).ctiForValue(intValue).executableAddress();
+        else
+            return codeBlock->immediateSwitchJumpTable(tableIndex).ctiDefault.executableAddress();
+    }
+}
+
+DEFINE_STUB_FUNCTION(void*, op_switch_char)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue scrutinee = stackFrame.args[0].jsValue();
+    unsigned tableIndex = stackFrame.args[1].int32();
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+
+    void* result = codeBlock->characterSwitchJumpTable(tableIndex).ctiDefault.executableAddress();
+
+    if (scrutinee.isString()) {
+        UString::Rep* value = asString(scrutinee)->value().rep();
+        if (value->size() == 1)
+            result = codeBlock->characterSwitchJumpTable(tableIndex).ctiForValue(value->data()[0]).executableAddress();
+    }
+
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(void*, op_switch_string)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    JSValue scrutinee = stackFrame.args[0].jsValue();
+    unsigned tableIndex = stackFrame.args[1].int32();
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+
+    void* result = codeBlock->stringSwitchJumpTable(tableIndex).ctiDefault.executableAddress();
+
+    if (scrutinee.isString()) {
+        UString::Rep* value = asString(scrutinee)->value().rep();
+        result = codeBlock->stringSwitchJumpTable(tableIndex).ctiForValue(value).executableAddress();
+    }
+
+    return result;
+}
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, op_del_by_val)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    JSValue baseValue = stackFrame.args[0].jsValue();
+    JSObject* baseObj = baseValue.toObject(callFrame); // may throw
+
+    JSValue subscript = stackFrame.args[1].jsValue();
+    JSValue result;
+    uint32_t i;
+    if (subscript.getUInt32(i))
+        result = jsBoolean(baseObj->deleteProperty(callFrame, i));
+    else {
+        CHECK_FOR_EXCEPTION();
+        Identifier property(callFrame, subscript.toString(callFrame));
+        CHECK_FOR_EXCEPTION();
+        result = jsBoolean(baseObj->deleteProperty(callFrame, property));
+    }
+
+    CHECK_FOR_EXCEPTION_AT_END();
+    return JSValue::encode(result);
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_getter)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    ASSERT(stackFrame.args[0].jsValue().isObject());
+    JSObject* baseObj = asObject(stackFrame.args[0].jsValue());
+    ASSERT(stackFrame.args[2].jsValue().isObject());
+    baseObj->defineGetter(callFrame, stackFrame.args[1].identifier(), asObject(stackFrame.args[2].jsValue()));
+}
+
+DEFINE_STUB_FUNCTION(void, op_put_setter)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    ASSERT(stackFrame.args[0].jsValue().isObject());
+    JSObject* baseObj = asObject(stackFrame.args[0].jsValue());
+    ASSERT(stackFrame.args[2].jsValue().isObject());
+    baseObj->defineSetter(callFrame, stackFrame.args[1].identifier(), asObject(stackFrame.args[2].jsValue()));
+}
+
+DEFINE_STUB_FUNCTION(JSObject*, op_new_error)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    unsigned type = stackFrame.args[0].int32();
+    JSValue message = stackFrame.args[1].jsValue();
+    unsigned bytecodeOffset = stackFrame.args[2].int32();
+
+    unsigned lineNumber = codeBlock->lineNumberForBytecodeOffset(callFrame, bytecodeOffset);
+    return Error::create(callFrame, static_cast<ErrorType>(type), message.toString(callFrame), lineNumber, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());
+}
+
+DEFINE_STUB_FUNCTION(void, op_debug)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+
+    int debugHookID = stackFrame.args[0].int32();
+    int firstLine = stackFrame.args[1].int32();
+    int lastLine = stackFrame.args[2].int32();
+    int column = stackFrame.args[3].int32();
+
+    stackFrame.globalData->interpreter->debug(callFrame, static_cast<DebugHookID>(debugHookID), firstLine, lastLine, column);
+}
+
+#ifdef QT_BUILD_SCRIPT_LIB
+DEFINE_STUB_FUNCTION(void, op_debug_catch)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    CallFrame* callFrame = stackFrame.callFrame;
+    if (JSC::Debugger* debugger = callFrame->lexicalGlobalObject()->debugger() ) {
+        JSValue exceptionValue = callFrame->r(stackFrame.args[0].int32()).jsValue();
+        DebuggerCallFrame debuggerCallFrame(callFrame, exceptionValue);
+        debugger->exceptionCatch(debuggerCallFrame, callFrame->codeBlock()->source()->asID());
+    }
+}
+
+DEFINE_STUB_FUNCTION(void, op_debug_return)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+    CallFrame* callFrame = stackFrame.callFrame;
+    if (JSC::Debugger* debugger = callFrame->lexicalGlobalObject()->debugger() ) {
+        JSValue returnValue = callFrame->r(stackFrame.args[0].int32()).jsValue();
+        intptr_t sourceID = callFrame->codeBlock()->source()->asID();
+        debugger->functionExit(returnValue, sourceID);
+    }
+}
+
+#endif
+
+DEFINE_STUB_FUNCTION(EncodedJSValue, vm_throw)
+{
+    STUB_INIT_STACK_FRAME(stackFrame);
+
+    CallFrame* callFrame = stackFrame.callFrame;
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    JSGlobalData* globalData = stackFrame.globalData;
+
+    unsigned vPCIndex = codeBlock->getBytecodeIndex(callFrame, globalData->exceptionLocation);
+
+    JSValue exceptionValue = globalData->exception;
+    ASSERT(exceptionValue);
+    globalData->exception = JSValue();
+
+    HandlerInfo* handler = globalData->interpreter->throwException(callFrame, exceptionValue, vPCIndex, false);
+
+    if (!handler) {
+        *stackFrame.exception = exceptionValue;
+        return JSValue::encode(jsNull());
+    }
+
+    stackFrame.callFrame = callFrame;
+    void* catchRoutine = handler->nativeCode.executableAddress();
+    ASSERT(catchRoutine);
+    STUB_SET_RETURN_ADDRESS(catchRoutine);
+    return JSValue::encode(exceptionValue);
+}
+
+} // namespace JSC
+
+ #endif // ENABLE(JIT)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.h b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.h
new file mode 100644
index 000000000..c2b8c0215
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.h
@@ -0,0 +1,378 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JITStubs_h
+#define JITStubs_h
+
+#include <wtf/Platform.h>
+
+#include "MacroAssemblerCodeRef.h"
+#include "Register.h"
+
+#if ENABLE(JIT)
+
+namespace JSC {
+
+    struct StructureStubInfo;
+
+    class CodeBlock;
+    class ExecutablePool;
+    class FunctionExecutable;
+    class Identifier;
+    class JSGlobalData;
+    class JSGlobalData;
+    class JSObject;
+    class JSPropertyNameIterator;
+    class JSValue;
+    class JSValueEncodedAsPointer;
+    class Profiler;
+    class PropertySlot;
+    class PutPropertySlot;
+    class RegisterFile;
+    class JSGlobalObject;
+    class RegExp;
+
+    union JITStubArg {
+        void* asPointer;
+        EncodedJSValue asEncodedJSValue;
+        int32_t asInt32;
+
+        JSValue jsValue() { return JSValue::decode(asEncodedJSValue); }
+        Identifier& identifier() { return *static_cast<Identifier*>(asPointer); }
+        int32_t int32() { return asInt32; }
+        CodeBlock* codeBlock() { return static_cast<CodeBlock*>(asPointer); }
+        FunctionExecutable* function() { return static_cast<FunctionExecutable*>(asPointer); }
+        RegExp* regExp() { return static_cast<RegExp*>(asPointer); }
+        JSPropertyNameIterator* propertyNameIterator() { return static_cast<JSPropertyNameIterator*>(asPointer); }
+        JSGlobalObject* globalObject() { return static_cast<JSGlobalObject*>(asPointer); }
+        JSString* jsString() { return static_cast<JSString*>(asPointer); }
+        ReturnAddressPtr returnAddress() { return ReturnAddressPtr(asPointer); }
+    };
+
+#if PLATFORM(X86_64)
+    struct JITStackFrame {
+        void* reserved; // Unused
+        JITStubArg args[6];
+        void* padding[2]; // Maintain 32-byte stack alignment (possibly overkill).
+
+        void* code;
+        RegisterFile* registerFile;
+        CallFrame* callFrame;
+        JSValue* exception;
+        Profiler** enabledProfilerReference;
+        JSGlobalData* globalData;
+
+        void* savedRBX;
+        void* savedR15;
+        void* savedR14;
+        void* savedR13;
+        void* savedR12;
+        void* savedRBP;
+        void* savedRIP;
+
+        // When JIT code makes a call, it pushes its return address just below the rest of the stack.
+        ReturnAddressPtr* returnAddressSlot() { return reinterpret_cast<ReturnAddressPtr*>(this) - 1; }
+    };
+#elif PLATFORM(X86)
+#if COMPILER(MSVC)
+#pragma pack(push)
+#pragma pack(4)
+#endif // COMPILER(MSVC)
+    struct JITStackFrame {
+        void* reserved; // Unused
+        JITStubArg args[6];
+#if USE(JSVALUE32_64)
+        void* padding[2]; // Maintain 16-byte stack alignment.
+#endif
+
+        void* savedEBX;
+        void* savedEDI;
+        void* savedESI;
+        void* savedEBP;
+        void* savedEIP;
+
+        void* code;
+        RegisterFile* registerFile;
+        CallFrame* callFrame;
+        JSValue* exception;
+        Profiler** enabledProfilerReference;
+        JSGlobalData* globalData;
+        
+        // When JIT code makes a call, it pushes its return address just below the rest of the stack.
+        ReturnAddressPtr* returnAddressSlot() { return reinterpret_cast<ReturnAddressPtr*>(this) - 1; }
+    };
+#if COMPILER(MSVC)
+#pragma pack(pop)
+#endif // COMPILER(MSVC)
+#elif PLATFORM(ARM_THUMB2)
+    struct JITStackFrame {
+        void* reserved; // Unused
+        JITStubArg args[6];
+#if USE(JSVALUE32_64)
+        void* padding[2]; // Maintain 16-byte stack alignment.
+#endif
+
+        ReturnAddressPtr thunkReturnAddress;
+
+        void* preservedReturnAddress;
+        void* preservedR4;
+        void* preservedR5;
+        void* preservedR6;
+
+        // These arguments passed in r1..r3 (r0 contained the entry code pointed, which is not preserved)
+        RegisterFile* registerFile;
+        CallFrame* callFrame;
+        JSValue* exception;
+
+        void* padding2;
+
+        // These arguments passed on the stack.
+        Profiler** enabledProfilerReference;
+        JSGlobalData* globalData;
+        
+        ReturnAddressPtr* returnAddressSlot() { return &thunkReturnAddress; }
+    };
+#elif PLATFORM(ARM_TRADITIONAL)
+    struct JITStackFrame {
+        JITStubArg padding; // Unused
+        JITStubArg args[7];
+
+        void* preservedR4;
+        void* preservedR5;
+        void* preservedR6;
+        void* preservedR7;
+        void* preservedR8;
+        void* preservedLink;
+
+        RegisterFile* registerFile;
+        CallFrame* callFrame;
+        JSValue* exception;
+        Profiler** enabledProfilerReference;
+        JSGlobalData* globalData;
+
+        // When JIT code makes a call, it pushes its return address just below the rest of the stack.
+        ReturnAddressPtr* returnAddressSlot() { return reinterpret_cast<ReturnAddressPtr*>(this) - 1; }
+    };
+#else
+#error "JITStackFrame not defined for this platform."
+#endif
+
+#if USE(JIT_STUB_ARGUMENT_VA_LIST)
+    #define STUB_ARGS_DECLARATION void* args, ...
+    #define STUB_ARGS (reinterpret_cast<void**>(vl_args) - 1)
+
+    #if COMPILER(MSVC)
+    #define JIT_STUB __cdecl
+    #else
+    #define JIT_STUB
+    #endif
+#else
+    #define STUB_ARGS_DECLARATION void** args
+    #define STUB_ARGS (args)
+
+    #if PLATFORM(X86) && COMPILER(MSVC)
+    #define JIT_STUB __fastcall
+    #elif PLATFORM(X86) && COMPILER(GCC)
+    #define JIT_STUB  __attribute__ ((fastcall))
+    #else
+    #define JIT_STUB
+    #endif
+#endif
+
+#if PLATFORM(X86_64)
+    struct VoidPtrPair {
+        void* first;
+        void* second;
+    };
+    #define RETURN_POINTER_PAIR(a,b) VoidPtrPair pair = { a, b }; return pair
+#else
+    // MSVC doesn't support returning a two-value struct in two registers, so
+    // we cast the struct to int64_t instead.
+    typedef uint64_t VoidPtrPair;
+    union VoidPtrPairUnion {
+        struct { void* first; void* second; } s;
+        VoidPtrPair i;
+    };
+    #define RETURN_POINTER_PAIR(a,b) VoidPtrPairUnion pair = {{ a, b }}; return pair.i
+#endif
+
+    extern "C" void ctiVMThrowTrampoline();
+    extern "C" void ctiOpThrowNotCaught();
+    extern "C" EncodedJSValue ctiTrampoline(void* code, RegisterFile*, CallFrame*, JSValue* exception, Profiler**, JSGlobalData*);
+
+    class JITThunks {
+    public:
+        JITThunks(JSGlobalData*);
+
+        static void tryCacheGetByID(CallFrame*, CodeBlock*, ReturnAddressPtr returnAddress, JSValue baseValue, const Identifier& propertyName, const PropertySlot&, StructureStubInfo* stubInfo);
+        static void tryCachePutByID(CallFrame*, CodeBlock*, ReturnAddressPtr returnAddress, JSValue baseValue, const PutPropertySlot&, StructureStubInfo* stubInfo);
+
+        MacroAssemblerCodePtr ctiStringLengthTrampoline() { return m_ctiStringLengthTrampoline; }
+        MacroAssemblerCodePtr ctiVirtualCallLink() { return m_ctiVirtualCallLink; }
+        MacroAssemblerCodePtr ctiVirtualCall() { return m_ctiVirtualCall; }
+        MacroAssemblerCodePtr ctiNativeCallThunk() { return m_ctiNativeCallThunk; }
+
+    private:
+        RefPtr<ExecutablePool> m_executablePool;
+
+        MacroAssemblerCodePtr m_ctiStringLengthTrampoline;
+        MacroAssemblerCodePtr m_ctiVirtualCallLink;
+        MacroAssemblerCodePtr m_ctiVirtualCall;
+        MacroAssemblerCodePtr m_ctiNativeCallThunk;
+    };
+
+#if COMPILER(GCC)
+#pragma GCC visibility push(hidden)
+#endif
+
+extern "C" {
+    EncodedJSValue JIT_STUB cti_op_add(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitand(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitnot(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitor(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_bitxor(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_call_NotJSFunction(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_call_eval(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_construct_NotJSConstruct(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_convert_this(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_del_by_id(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_del_by_val(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_div(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_array_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_generic(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_method_check(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_proto_list_full(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_self_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_id_string_fail(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val_byte_array(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_get_by_val_string(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_in(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_instanceof(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_boolean(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_function(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_number(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_object(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_string(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_is_undefined(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_less(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_lesseq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_lshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_mod(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_mul(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_negate(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_next_pname(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_not(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_nstricteq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_post_dec(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_post_inc(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_pre_dec(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_pre_inc(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_base(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_global(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_skip(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_resolve_with_base(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_rshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_strcat(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_stricteq(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_sub(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_throw(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_to_jsnumber(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_to_primitive(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_typeof(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_op_urshift(STUB_ARGS_DECLARATION);
+    EncodedJSValue JIT_STUB cti_vm_throw(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_construct_JSConstruct(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_array(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_error(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_func(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_func_exp(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_object(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_new_regexp(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_activation(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_new_scope(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_push_scope(STUB_ARGS_DECLARATION);
+    JSObject* JIT_STUB cti_op_put_by_id_transition_realloc(STUB_ARGS_DECLARATION);
+    JSPropertyNameIterator* JIT_STUB cti_op_get_pnames(STUB_ARGS_DECLARATION);
+    VoidPtrPair JIT_STUB cti_op_call_arityCheck(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_eq(STUB_ARGS_DECLARATION);
+#if USE(JSVALUE32_64)
+    int JIT_STUB cti_op_eq_strings(STUB_ARGS_DECLARATION);
+#endif
+    int JIT_STUB cti_op_jless(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_jlesseq(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_jtrue(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_load_varargs(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_less(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_lesseq(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_op_loop_if_true(STUB_ARGS_DECLARATION);
+    int JIT_STUB cti_timeout_check(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_create_arguments(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_create_arguments_no_params(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_debug(STUB_ARGS_DECLARATION);
+#ifdef QT_BUILD_SCRIPT_LIB
+    void JIT_STUB cti_op_debug_catch(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_debug_return(STUB_ARGS_DECLARATION);
+#endif
+    void JIT_STUB cti_op_end(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_jmp_scopes(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_pop_scope(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_profile_did_call(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_profile_will_call(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_id(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_id_fail(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_id_generic(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_index(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_val(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_by_val_byte_array(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_getter(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_put_setter(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_ret_scopeChain(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_tear_off_activation(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_op_tear_off_arguments(STUB_ARGS_DECLARATION);
+    void JIT_STUB cti_register_file_check(STUB_ARGS_DECLARATION);
+    void* JIT_STUB cti_op_call_JSFunction(STUB_ARGS_DECLARATION);
+    void* JIT_STUB cti_op_switch_char(STUB_ARGS_DECLARATION);
+    void* JIT_STUB cti_op_switch_imm(STUB_ARGS_DECLARATION);
+    void* JIT_STUB cti_op_switch_string(STUB_ARGS_DECLARATION);
+    void* JIT_STUB cti_vm_lazyLinkCall(STUB_ARGS_DECLARATION);
+} // extern "C"
+
+#if COMPILER(GCC)
+#pragma GCC visibility pop
+#endif
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif // JITStubs_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jsc.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jsc.cpp
new file mode 100644
index 000000000..ee4e393db
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jsc.cpp
@@ -0,0 +1,561 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2006 Bjoern Graf (bjoern.graf@gmail.com)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+
+#include "BytecodeGenerator.h"
+#include "Completion.h"
+#include "CurrentTime.h"
+#include "InitializeThreading.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "JSLock.h"
+#include "PrototypeFunction.h"
+#include "SamplingTool.h"
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !PLATFORM(WIN_OS)
+#include <unistd.h>
+#endif
+
+#if HAVE(READLINE)
+#include <readline/history.h>
+#include <readline/readline.h>
+#endif
+
+#if HAVE(SYS_TIME_H)
+#include <sys/time.h>
+#endif
+
+#if HAVE(SIGNAL_H)
+#include <signal.h>
+#endif
+
+#if COMPILER(MSVC) && !PLATFORM(WINCE)
+#include <crtdbg.h>
+#include <windows.h>
+#include <mmsystem.h>
+#endif
+
+#if PLATFORM(QT)
+#include <QCoreApplication>
+#include <QDateTime>
+#endif
+
+using namespace JSC;
+using namespace WTF;
+
+static void cleanupGlobalData(JSGlobalData*);
+static bool fillBufferWithContentsOfFile(const UString& fileName, Vector<char>& buffer);
+
+static JSValue JSC_HOST_CALL functionPrint(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionDebug(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionGC(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionVersion(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionRun(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionLoad(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionCheckSyntax(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionReadline(ExecState*, JSObject*, JSValue, const ArgList&);
+static NO_RETURN JSValue JSC_HOST_CALL functionQuit(ExecState*, JSObject*, JSValue, const ArgList&);
+
+#if ENABLE(SAMPLING_FLAGS)
+static JSValue JSC_HOST_CALL functionSetSamplingFlags(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionClearSamplingFlags(ExecState*, JSObject*, JSValue, const ArgList&);
+#endif
+
+struct Script {
+    bool isFile;
+    char *argument;
+    
+    Script(bool isFile, char *argument)
+        : isFile(isFile)
+        , argument(argument)
+    {
+    }
+};
+
+struct Options {
+    Options()
+        : interactive(false)
+        , dump(false)
+    {
+    }
+
+    bool interactive;
+    bool dump;
+    Vector<Script> scripts;
+    Vector<UString> arguments;
+};
+
+static const char interactivePrompt[] = "> ";
+static const UString interpreterName("Interpreter");
+
+class StopWatch {
+public:
+    void start();
+    void stop();
+    long getElapsedMS(); // call stop() first
+
+private:
+    double m_startTime;
+    double m_stopTime;
+};
+
+void StopWatch::start()
+{
+    m_startTime = currentTime();
+}
+
+void StopWatch::stop()
+{
+    m_stopTime = currentTime();
+}
+
+long StopWatch::getElapsedMS()
+{
+    return static_cast<long>((m_stopTime - m_startTime) * 1000);
+}
+
+class GlobalObject : public JSGlobalObject {
+public:
+    GlobalObject(const Vector<UString>& arguments);
+    virtual UString className() const { return "global"; }
+};
+COMPILE_ASSERT(!IsInteger<GlobalObject>::value, WTF_IsInteger_GlobalObject_false);
+ASSERT_CLASS_FITS_IN_CELL(GlobalObject);
+
+GlobalObject::GlobalObject(const Vector<UString>& arguments)
+    : JSGlobalObject()
+{
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "debug"), functionDebug));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "print"), functionPrint));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "quit"), functionQuit));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "gc"), functionGC));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "version"), functionVersion));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "run"), functionRun));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "load"), functionLoad));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "checkSyntax"), functionCheckSyntax));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 0, Identifier(globalExec(), "readline"), functionReadline));
+
+#if ENABLE(SAMPLING_FLAGS)
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "setSamplingFlags"), functionSetSamplingFlags));
+    putDirectFunction(globalExec(), new (globalExec()) NativeFunctionWrapper(globalExec(), prototypeFunctionStructure(), 1, Identifier(globalExec(), "clearSamplingFlags"), functionClearSamplingFlags));
+#endif
+
+    JSObject* array = constructEmptyArray(globalExec());
+    for (size_t i = 0; i < arguments.size(); ++i)
+        array->put(globalExec(), i, jsString(globalExec(), arguments[i]));
+    putDirect(Identifier(globalExec(), "arguments"), array);
+}
+
+JSValue JSC_HOST_CALL functionPrint(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    for (unsigned i = 0; i < args.size(); ++i) {
+        if (i != 0)
+            putchar(' ');
+        
+        printf("%s", args.at(i).toString(exec).UTF8String().c_str());
+    }
+    
+    putchar('\n');
+    fflush(stdout);
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL functionDebug(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    fprintf(stderr, "--> %s\n", args.at(0).toString(exec).UTF8String().c_str());
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL functionGC(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    JSLock lock(SilenceAssertionsOnly);
+    exec->heap()->collect();
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL functionVersion(ExecState*, JSObject*, JSValue, const ArgList&)
+{
+    // We need this function for compatibility with the Mozilla JS tests but for now
+    // we don't actually do any version-specific handling
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL functionRun(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    StopWatch stopWatch;
+    UString fileName = args.at(0).toString(exec);
+    Vector<char> script;
+    if (!fillBufferWithContentsOfFile(fileName, script))
+        return throwError(exec, GeneralError, "Could not open file.");
+
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+
+    stopWatch.start();
+    evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(script.data(), fileName));
+    stopWatch.stop();
+
+    return jsNumber(globalObject->globalExec(), stopWatch.getElapsedMS());
+}
+
+JSValue JSC_HOST_CALL functionLoad(ExecState* exec, JSObject* o, JSValue v, const ArgList& args)
+{
+    UNUSED_PARAM(o);
+    UNUSED_PARAM(v);
+    UString fileName = args.at(0).toString(exec);
+    Vector<char> script;
+    if (!fillBufferWithContentsOfFile(fileName, script))
+        return throwError(exec, GeneralError, "Could not open file.");
+
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    Completion result = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(script.data(), fileName));
+    if (result.complType() == Throw)
+        exec->setException(result.value());
+    return result.value();
+}
+
+JSValue JSC_HOST_CALL functionCheckSyntax(ExecState* exec, JSObject* o, JSValue v, const ArgList& args)
+{
+    UNUSED_PARAM(o);
+    UNUSED_PARAM(v);
+    UString fileName = args.at(0).toString(exec);
+    Vector<char> script;
+    if (!fillBufferWithContentsOfFile(fileName, script))
+        return throwError(exec, GeneralError, "Could not open file.");
+
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    Completion result = checkSyntax(globalObject->globalExec(), makeSource(script.data(), fileName));
+    if (result.complType() == Throw)
+        exec->setException(result.value());
+    return result.value();
+}
+
+#if ENABLE(SAMPLING_FLAGS)
+JSValue JSC_HOST_CALL functionSetSamplingFlags(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    for (unsigned i = 0; i < args.size(); ++i) {
+        unsigned flag = static_cast<unsigned>(args.at(i).toNumber(exec));
+        if ((flag >= 1) && (flag <= 32))
+            SamplingFlags::setFlag(flag);
+    }
+    return jsNull();
+}
+
+JSValue JSC_HOST_CALL functionClearSamplingFlags(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    for (unsigned i = 0; i < args.size(); ++i) {
+        unsigned flag = static_cast<unsigned>(args.at(i).toNumber(exec));
+        if ((flag >= 1) && (flag <= 32))
+            SamplingFlags::clearFlag(flag);
+    }
+    return jsNull();
+}
+#endif
+
+JSValue JSC_HOST_CALL functionReadline(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    Vector<char, 256> line;
+    int c;
+    while ((c = getchar()) != EOF) {
+        // FIXME: Should we also break on \r? 
+        if (c == '\n')
+            break;
+        line.append(c);
+    }
+    line.append('\0');
+    return jsString(exec, line.data());
+}
+
+JSValue JSC_HOST_CALL functionQuit(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    cleanupGlobalData(&exec->globalData());
+    exit(EXIT_SUCCESS);
+}
+
+// Use SEH for Release builds only to get rid of the crash report dialog
+// (luckily the same tests fail in Release and Debug builds so far). Need to
+// be in a separate main function because the jscmain function requires object
+// unwinding.
+
+#if COMPILER(MSVC) && !defined(_DEBUG)
+#define TRY       __try {
+#define EXCEPT(x) } __except (EXCEPTION_EXECUTE_HANDLER) { x; }
+#else
+#define TRY
+#define EXCEPT(x)
+#endif
+
+int jscmain(int argc, char** argv, JSGlobalData*);
+
+int main(int argc, char** argv)
+{
+#if defined(_DEBUG) && PLATFORM(WIN_OS)
+    _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR);
+    _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE);
+    _CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDERR);
+    _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE);
+    _CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDERR);
+    _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE);
+#endif
+
+#if COMPILER(MSVC) && !PLATFORM(WINCE)
+    timeBeginPeriod(1);
+#endif
+
+#if PLATFORM(QT)
+    QCoreApplication app(argc, argv);
+#endif
+
+    // Initialize JSC before getting JSGlobalData.
+    JSC::initializeThreading();
+
+    // We can't use destructors in the following code because it uses Windows
+    // Structured Exception Handling
+    int res = 0;
+    JSGlobalData* globalData = JSGlobalData::create().releaseRef();
+    TRY
+        res = jscmain(argc, argv, globalData);
+    EXCEPT(res = 3)
+
+    cleanupGlobalData(globalData);
+    return res;
+}
+
+static void cleanupGlobalData(JSGlobalData* globalData)
+{
+    JSLock lock(SilenceAssertionsOnly);
+    globalData->heap.destroy();
+    globalData->deref();
+}
+
+static bool runWithScripts(GlobalObject* globalObject, const Vector<Script>& scripts, bool dump)
+{
+    UString script;
+    UString fileName;
+    Vector<char> scriptBuffer;
+
+    if (dump)
+        BytecodeGenerator::setDumpsGeneratedCode(true);
+
+#if ENABLE(OPCODE_SAMPLING)
+    Interpreter* interpreter = globalObject->globalData()->interpreter;
+    interpreter->setSampler(new SamplingTool(interpreter));
+    interpreter->sampler()->setup();
+#endif
+#if ENABLE(SAMPLING_FLAGS)
+    SamplingFlags::start();
+#endif
+
+    bool success = true;
+    for (size_t i = 0; i < scripts.size(); i++) {
+        if (scripts[i].isFile) {
+            fileName = scripts[i].argument;
+            if (!fillBufferWithContentsOfFile(fileName, scriptBuffer))
+                return false; // fail early so we can catch missing files
+            script = scriptBuffer.data();
+        } else {
+            script = scripts[i].argument;
+            fileName = "[Command Line]";
+        }
+
+#if ENABLE(SAMPLING_THREAD)
+        SamplingThread::start();
+#endif
+
+        Completion completion = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(script, fileName));
+        success = success && completion.complType() != Throw;
+        if (dump) {
+            if (completion.complType() == Throw)
+                printf("Exception: %s\n", completion.value().toString(globalObject->globalExec()).ascii());
+            else
+                printf("End: %s\n", completion.value().toString(globalObject->globalExec()).ascii());
+        }
+
+#if ENABLE(SAMPLING_THREAD)
+        SamplingThread::stop();
+#endif
+
+        globalObject->globalExec()->clearException();
+    }
+
+#if ENABLE(SAMPLING_FLAGS)
+    SamplingFlags::stop();
+#endif
+#if ENABLE(OPCODE_SAMPLING)
+    interpreter->sampler()->dump(globalObject->globalExec());
+    delete interpreter->sampler();
+#endif
+#if ENABLE(SAMPLING_COUNTERS)
+    AbstractSamplingCounter::dump();
+#endif
+    return success;
+}
+
+#define RUNNING_FROM_XCODE 0
+
+static void runInteractive(GlobalObject* globalObject)
+{
+    while (true) {
+#if HAVE(READLINE) && !RUNNING_FROM_XCODE
+        char* line = readline(interactivePrompt);
+        if (!line)
+            break;
+        if (line[0])
+            add_history(line);
+        Completion completion = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(line, interpreterName));
+        free(line);
+#else
+        printf("%s", interactivePrompt);
+        Vector<char, 256> line;
+        int c;
+        while ((c = getchar()) != EOF) {
+            // FIXME: Should we also break on \r? 
+            if (c == '\n')
+                break;
+            line.append(c);
+        }
+        if (line.isEmpty())
+            break;
+        line.append('\0');
+        Completion completion = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), makeSource(line.data(), interpreterName));
+#endif
+        if (completion.complType() == Throw)
+            printf("Exception: %s\n", completion.value().toString(globalObject->globalExec()).ascii());
+        else
+            printf("%s\n", completion.value().toString(globalObject->globalExec()).UTF8String().c_str());
+
+        globalObject->globalExec()->clearException();
+    }
+    printf("\n");
+}
+
+static NO_RETURN void printUsageStatement(JSGlobalData* globalData, bool help = false)
+{
+    fprintf(stderr, "Usage: jsc [options] [files] [-- arguments]\n");
+    fprintf(stderr, "  -d         Dumps bytecode (debug builds only)\n");
+    fprintf(stderr, "  -e         Evaluate argument as script code\n");
+    fprintf(stderr, "  -f         Specifies a source file (deprecated)\n");
+    fprintf(stderr, "  -h|--help  Prints this help message\n");
+    fprintf(stderr, "  -i         Enables interactive mode (default if no files are specified)\n");
+#if HAVE(SIGNAL_H)
+    fprintf(stderr, "  -s         Installs signal handlers that exit on a crash (Unix platforms only)\n");
+#endif
+
+    cleanupGlobalData(globalData);
+    exit(help ? EXIT_SUCCESS : EXIT_FAILURE);
+}
+
+static void parseArguments(int argc, char** argv, Options& options, JSGlobalData* globalData)
+{
+    int i = 1;
+    for (; i < argc; ++i) {
+        const char* arg = argv[i];
+        if (strcmp(arg, "-f") == 0) {
+            if (++i == argc)
+                printUsageStatement(globalData);
+            options.scripts.append(Script(true, argv[i]));
+            continue;
+        }
+        if (strcmp(arg, "-e") == 0) {
+            if (++i == argc)
+                printUsageStatement(globalData);
+            options.scripts.append(Script(false, argv[i]));
+            continue;
+        }
+        if (strcmp(arg, "-h") == 0 || strcmp(arg, "--help") == 0) {
+            printUsageStatement(globalData, true);
+        }
+        if (strcmp(arg, "-i") == 0) {
+            options.interactive = true;
+            continue;
+        }
+        if (strcmp(arg, "-d") == 0) {
+            options.dump = true;
+            continue;
+        }
+        if (strcmp(arg, "-s") == 0) {
+#if HAVE(SIGNAL_H)
+            signal(SIGILL, _exit);
+            signal(SIGFPE, _exit);
+            signal(SIGBUS, _exit);
+            signal(SIGSEGV, _exit);
+#endif
+            continue;
+        }
+        if (strcmp(arg, "--") == 0) {
+            ++i;
+            break;
+        }
+        options.scripts.append(Script(true, argv[i]));
+    }
+    
+    if (options.scripts.isEmpty())
+        options.interactive = true;
+    
+    for (; i < argc; ++i)
+        options.arguments.append(argv[i]);
+}
+
+int jscmain(int argc, char** argv, JSGlobalData* globalData)
+{
+    JSLock lock(SilenceAssertionsOnly);
+
+    Options options;
+    parseArguments(argc, argv, options, globalData);
+
+    GlobalObject* globalObject = new (globalData) GlobalObject(options.arguments);
+    bool success = runWithScripts(globalObject, options.scripts, options.dump);
+    if (options.interactive && success)
+        runInteractive(globalObject);
+
+    return success ? 0 : 3;
+}
+
+static bool fillBufferWithContentsOfFile(const UString& fileName, Vector<char>& buffer)
+{
+    FILE* f = fopen(fileName.UTF8String().c_str(), "r");
+    if (!f) {
+        fprintf(stderr, "Could not open file: %s\n", fileName.UTF8String().c_str());
+        return false;
+    }
+
+    size_t buffer_size = 0;
+    size_t buffer_capacity = 1024;
+
+    buffer.resize(buffer_capacity);
+
+    while (!feof(f) && !ferror(f)) {
+        buffer_size += fread(buffer.data() + buffer_size, 1, buffer_capacity - buffer_size, f);
+        if (buffer_size == buffer_capacity) { // guarantees space for trailing '\0'
+            buffer_capacity *= 2;
+            buffer.resize(buffer_capacity);
+        }
+    }
+    fclose(f);
+    buffer[buffer_size] = '\0';
+
+    return true;
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/make-generated-sources.sh b/src/3rdparty/javascriptcore/JavaScriptCore/make-generated-sources.sh
new file mode 100755
index 000000000..943a7ccda
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/make-generated-sources.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+export SRCROOT=$PWD
+export WebCore=$PWD
+export CREATE_HASH_TABLE="$SRCROOT/create_hash_table"
+
+mkdir -p DerivedSources/JavaScriptCore
+cd DerivedSources/JavaScriptCore
+
+make -f ../../DerivedSources.make JavaScriptCore=../.. BUILT_PRODUCTS_DIR=../..
+cd ../..
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdbool.h b/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdbool.h
new file mode 100644
index 000000000..fc8ee28f4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdbool.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2005, 2006 Apple Computer, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef STDBOOL_WIN32_H
+#define STDBOOL_WIN32_H
+
+#if !COMPILER(MSVC)
+#error "This stdbool.h file should only be compiled with MSVC"
+#endif
+
+#ifndef __cplusplus
+
+typedef unsigned char bool;
+
+#define true 1
+#define false 0
+
+#ifndef CASSERT
+#define CASSERT(exp, name) typedef int dummy##name [(exp) ? 1 : -1];
+#endif
+
+CASSERT(sizeof(bool) == 1, bool_is_one_byte)
+CASSERT(true, true_is_true)
+CASSERT(!false, false_is_false)
+
+#endif
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdint.h b/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdint.h
new file mode 100644
index 000000000..1d8787e05
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/os-win32/stdint.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2005, 2006 Apple Computer, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef STDINT_WIN32_H
+#define STDINT_WIN32_H
+
+#include <wtf/Platform.h>
+
+/* This file emulates enough of stdint.h on Windows to make JavaScriptCore and WebCore
+   compile using MSVC which does not ship with the stdint.h header. */
+
+#if !COMPILER(MSVC)
+#error "This stdint.h file should only be compiled with MSVC"
+#endif
+
+#include <limits.h>
+
+typedef unsigned char uint8_t;
+typedef signed char int8_t;
+typedef unsigned short uint16_t;
+typedef short int16_t;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+
+#if !defined(__cplusplus) || defined(__STDC_LIMIT_MACROS)
+#ifndef SIZE_MAX
+#ifdef _WIN64
+#define SIZE_MAX  _UI64_MAX
+#else
+#define SIZE_MAX  _UI32_MAX
+#endif
+#endif
+#endif
+
+#ifndef CASSERT
+#define CASSERT(exp, name) typedef int dummy##name [(exp) ? 1 : -1];
+#endif
+
+CASSERT(sizeof(int8_t) == 1, int8_t_is_one_byte)
+CASSERT(sizeof(uint8_t) == 1, uint8_t_is_one_byte)
+CASSERT(sizeof(int16_t) == 2, int16_t_is_two_bytes)
+CASSERT(sizeof(uint16_t) == 2, uint16_t_is_two_bytes)
+CASSERT(sizeof(int32_t) == 4, int32_t_is_four_bytes)
+CASSERT(sizeof(uint32_t) == 4, uint32_t_is_four_bytes)
+CASSERT(sizeof(int64_t) == 8, int64_t_is_four_bytes)
+CASSERT(sizeof(uint64_t) == 8, uint64_t_is_four_bytes)
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Grammar.y b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Grammar.y
new file mode 100644
index 000000000..fa4ffd0e4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Grammar.y
@@ -0,0 +1,2102 @@
+%pure_parser
+
+%{
+
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+
+#include "JSObject.h"
+#include "JSString.h"
+#include "NodeConstructors.h"
+#include "NodeInfo.h"
+#include <stdlib.h>
+#include <string.h>
+#include <wtf/MathExtras.h>
+
+#define YYMALLOC fastMalloc
+#define YYFREE fastFree
+
+#define YYMAXDEPTH 10000
+#define YYENABLE_NLS 0
+
+// Default values for bison.
+#define YYDEBUG 0 // Set to 1 to debug a parse error.
+#define jscyydebug 0 // Set to 1 to debug a parse error.
+#if !PLATFORM(DARWIN)
+// Avoid triggering warnings in older bison by not setting this on the Darwin platform.
+// FIXME: Is this still needed?
+#define YYERROR_VERBOSE
+#endif
+
+int jscyylex(void* lvalp, void* llocp, void* globalPtr);
+int jscyyerror(const char*);
+
+static inline bool allowAutomaticSemicolon(JSC::Lexer&, int);
+
+#define GLOBAL_DATA static_cast<JSGlobalData*>(globalPtr)
+#define AUTO_SEMICOLON do { if (!allowAutomaticSemicolon(*GLOBAL_DATA->lexer, yychar)) YYABORT; } while (0)
+
+using namespace JSC;
+using namespace std;
+
+static ExpressionNode* makeAssignNode(JSGlobalData*, ExpressionNode* left, Operator, ExpressionNode* right, bool leftHasAssignments, bool rightHasAssignments, int start, int divot, int end);
+static ExpressionNode* makePrefixNode(JSGlobalData*, ExpressionNode*, Operator, int start, int divot, int end);
+static ExpressionNode* makePostfixNode(JSGlobalData*, ExpressionNode*, Operator, int start, int divot, int end);
+static PropertyNode* makeGetterOrSetterPropertyNode(JSGlobalData*, const Identifier& getOrSet, const Identifier& name, ParameterNode*, FunctionBodyNode*, const SourceCode&);
+static ExpressionNodeInfo makeFunctionCallNode(JSGlobalData*, ExpressionNodeInfo function, ArgumentsNodeInfo, int start, int divot, int end);
+static ExpressionNode* makeTypeOfNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* makeDeleteNode(JSGlobalData*, ExpressionNode*, int start, int divot, int end);
+static ExpressionNode* makeNegateNode(JSGlobalData*, ExpressionNode*);
+static NumberNode* makeNumberNode(JSGlobalData*, double);
+static ExpressionNode* makeBitwiseNotNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* makeMultNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeDivNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeAddNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeSubNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeLeftShiftNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static ExpressionNode* makeRightShiftNode(JSGlobalData*, ExpressionNode* left, ExpressionNode* right, bool rightHasAssignments);
+static StatementNode* makeVarStatementNode(JSGlobalData*, ExpressionNode*);
+static ExpressionNode* combineCommaNodes(JSGlobalData*, ExpressionNode* list, ExpressionNode* init);
+
+#if COMPILER(MSVC)
+
+#pragma warning(disable: 4065)
+#pragma warning(disable: 4244)
+#pragma warning(disable: 4702)
+
+#endif
+
+#define YYPARSE_PARAM globalPtr
+#define YYLEX_PARAM globalPtr
+
+template <typename T> inline NodeDeclarationInfo<T> createNodeDeclarationInfo(T node,
+    ParserArenaData<DeclarationStacks::VarStack>* varDecls,
+    ParserArenaData<DeclarationStacks::FunctionStack>* funcDecls,
+    CodeFeatures info, int numConstants) 
+{
+    ASSERT((info & ~AllFeatures) == 0);
+    NodeDeclarationInfo<T> result = { node, varDecls, funcDecls, info, numConstants };
+    return result;
+}
+
+template <typename T> inline NodeInfo<T> createNodeInfo(T node, CodeFeatures info, int numConstants)
+{
+    ASSERT((info & ~AllFeatures) == 0);
+    NodeInfo<T> result = { node, info, numConstants };
+    return result;
+}
+
+template <typename T> inline T mergeDeclarationLists(T decls1, T decls2) 
+{
+    // decls1 or both are null
+    if (!decls1)
+        return decls2;
+    // only decls1 is non-null
+    if (!decls2)
+        return decls1;
+
+    // Both are non-null
+    decls1->data.append(decls2->data);
+    
+    // Manually release as much as possible from the now-defunct declaration lists
+    // to avoid accumulating so many unused heap allocated vectors.
+    decls2->data.clear();
+
+    return decls1;
+}
+
+static inline void appendToVarDeclarationList(JSGlobalData* globalData, ParserArenaData<DeclarationStacks::VarStack>*& varDecls, const Identifier& ident, unsigned attrs)
+{
+    if (!varDecls)
+        varDecls = new (globalData) ParserArenaData<DeclarationStacks::VarStack>;
+
+    varDecls->data.append(make_pair(&ident, attrs));
+}
+
+static inline void appendToVarDeclarationList(JSGlobalData* globalData, ParserArenaData<DeclarationStacks::VarStack>*& varDecls, ConstDeclNode* decl)
+{
+    unsigned attrs = DeclarationStacks::IsConstant;
+    if (decl->hasInitializer())
+        attrs |= DeclarationStacks::HasInitializer;        
+    appendToVarDeclarationList(globalData, varDecls, decl->ident(), attrs);
+}
+
+%}
+
+%union {
+    int                 intValue;
+    double              doubleValue;
+    const Identifier*   ident;
+
+    // expression subtrees
+    ExpressionNodeInfo  expressionNode;
+    FuncDeclNodeInfo    funcDeclNode;
+    PropertyNodeInfo    propertyNode;
+    ArgumentsNodeInfo   argumentsNode;
+    ConstDeclNodeInfo   constDeclNode;
+    CaseBlockNodeInfo   caseBlockNode;
+    CaseClauseNodeInfo  caseClauseNode;
+    FuncExprNodeInfo    funcExprNode;
+
+    // statement nodes
+    StatementNodeInfo   statementNode;
+    FunctionBodyNode*   functionBodyNode;
+    ProgramNode*        programNode;
+
+    SourceElementsInfo  sourceElements;
+    PropertyListInfo    propertyList;
+    ArgumentListInfo    argumentList;
+    VarDeclListInfo     varDeclList;
+    ConstDeclListInfo   constDeclList;
+    ClauseListInfo      clauseList;
+    ElementListInfo     elementList;
+    ParameterListInfo   parameterList;
+
+    Operator            op;
+}
+
+%{
+
+template <typename T> inline void setStatementLocation(StatementNode* statement, const T& start, const T& end)
+{
+    statement->setLoc(start.first_line, end.last_line, start.first_column);
+}
+
+static inline void setExceptionLocation(ThrowableExpressionData* node, unsigned start, unsigned divot, unsigned end)
+{
+    node->setExceptionSourceCode(divot, divot - start, end - divot);
+}
+
+%}
+
+%start Program
+
+/* literals */
+%token NULLTOKEN TRUETOKEN FALSETOKEN
+
+/* keywords */
+%token BREAK CASE DEFAULT FOR NEW VAR CONSTTOKEN CONTINUE
+%token FUNCTION RETURN VOIDTOKEN DELETETOKEN
+%token IF THISTOKEN DO WHILE INTOKEN INSTANCEOF TYPEOF
+%token SWITCH WITH RESERVED
+%token THROW TRY CATCH FINALLY
+%token DEBUGGER
+
+/* give an if without an else higher precedence than an else to resolve the ambiguity */
+%nonassoc IF_WITHOUT_ELSE
+%nonassoc ELSE
+
+/* punctuators */
+%token EQEQ NE                     /* == and != */
+%token STREQ STRNEQ                /* === and !== */
+%token LE GE                       /* < and > */
+%token OR AND                      /* || and && */
+%token PLUSPLUS MINUSMINUS         /* ++ and --  */
+%token LSHIFT                      /* << */
+%token RSHIFT URSHIFT              /* >> and >>> */
+%token PLUSEQUAL MINUSEQUAL        /* += and -= */
+%token MULTEQUAL DIVEQUAL          /* *= and /= */
+%token LSHIFTEQUAL                 /* <<= */
+%token RSHIFTEQUAL URSHIFTEQUAL    /* >>= and >>>= */
+%token ANDEQUAL MODEQUAL           /* &= and %= */
+%token XOREQUAL OREQUAL            /* ^= and |= */
+%token <intValue> OPENBRACE        /* { (with char offset) */
+%token <intValue> CLOSEBRACE       /* } (with char offset) */
+
+/* terminal types */
+%token <doubleValue> NUMBER
+%token <ident> IDENT STRING
+
+/* automatically inserted semicolon */
+%token AUTOPLUSPLUS AUTOMINUSMINUS
+
+/* non-terminal types */
+%type <expressionNode>  Literal ArrayLiteral
+
+%type <expressionNode>  PrimaryExpr PrimaryExprNoBrace
+%type <expressionNode>  MemberExpr MemberExprNoBF /* BF => brace or function */
+%type <expressionNode>  NewExpr NewExprNoBF
+%type <expressionNode>  CallExpr CallExprNoBF
+%type <expressionNode>  LeftHandSideExpr LeftHandSideExprNoBF
+%type <expressionNode>  PostfixExpr PostfixExprNoBF
+%type <expressionNode>  UnaryExpr UnaryExprNoBF UnaryExprCommon
+%type <expressionNode>  MultiplicativeExpr MultiplicativeExprNoBF
+%type <expressionNode>  AdditiveExpr AdditiveExprNoBF
+%type <expressionNode>  ShiftExpr ShiftExprNoBF
+%type <expressionNode>  RelationalExpr RelationalExprNoIn RelationalExprNoBF
+%type <expressionNode>  EqualityExpr EqualityExprNoIn EqualityExprNoBF
+%type <expressionNode>  BitwiseANDExpr BitwiseANDExprNoIn BitwiseANDExprNoBF
+%type <expressionNode>  BitwiseXORExpr BitwiseXORExprNoIn BitwiseXORExprNoBF
+%type <expressionNode>  BitwiseORExpr BitwiseORExprNoIn BitwiseORExprNoBF
+%type <expressionNode>  LogicalANDExpr LogicalANDExprNoIn LogicalANDExprNoBF
+%type <expressionNode>  LogicalORExpr LogicalORExprNoIn LogicalORExprNoBF
+%type <expressionNode>  ConditionalExpr ConditionalExprNoIn ConditionalExprNoBF
+%type <expressionNode>  AssignmentExpr AssignmentExprNoIn AssignmentExprNoBF
+%type <expressionNode>  Expr ExprNoIn ExprNoBF
+
+%type <expressionNode>  ExprOpt ExprNoInOpt
+
+%type <statementNode>   Statement Block
+%type <statementNode>   VariableStatement ConstStatement EmptyStatement ExprStatement
+%type <statementNode>   IfStatement IterationStatement ContinueStatement
+%type <statementNode>   BreakStatement ReturnStatement WithStatement
+%type <statementNode>   SwitchStatement LabelledStatement
+%type <statementNode>   ThrowStatement TryStatement
+%type <statementNode>   DebuggerStatement
+
+%type <expressionNode>  Initializer InitializerNoIn
+%type <statementNode>   FunctionDeclaration
+%type <funcExprNode>    FunctionExpr
+%type <functionBodyNode> FunctionBody
+%type <sourceElements>  SourceElements
+%type <parameterList>   FormalParameterList
+%type <op>              AssignmentOperator
+%type <argumentsNode>   Arguments
+%type <argumentList>    ArgumentList
+%type <varDeclList>     VariableDeclarationList VariableDeclarationListNoIn
+%type <constDeclList>   ConstDeclarationList
+%type <constDeclNode>   ConstDeclaration
+%type <caseBlockNode>   CaseBlock
+%type <caseClauseNode>  CaseClause DefaultClause
+%type <clauseList>      CaseClauses CaseClausesOpt
+%type <intValue>        Elision ElisionOpt
+%type <elementList>     ElementList
+%type <propertyNode>    Property
+%type <propertyList>    PropertyList
+%%
+
+// FIXME: There are currently two versions of the grammar in this file, the normal one, and the NoNodes version used for
+// lazy recompilation of FunctionBodyNodes.  We should move to generating the two versions from a script to avoid bugs.
+// In the mean time, make sure to make any changes to the grammar in both versions.
+
+Literal:
+    NULLTOKEN                           { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NullNode(GLOBAL_DATA), 0, 1); }
+  | TRUETOKEN                           { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BooleanNode(GLOBAL_DATA, true), 0, 1); }
+  | FALSETOKEN                          { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BooleanNode(GLOBAL_DATA, false), 0, 1); }
+  | NUMBER                              { $$ = createNodeInfo<ExpressionNode*>(makeNumberNode(GLOBAL_DATA, $1), 0, 1); }
+  | STRING                              { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StringNode(GLOBAL_DATA, *$1), 0, 1); }
+  | '/' /* regexp */                    {
+                                            Lexer& l = *GLOBAL_DATA->lexer;
+                                            const Identifier* pattern;
+                                            const Identifier* flags;
+                                            if (!l.scanRegExp(pattern, flags))
+                                                YYABORT;
+                                            RegExpNode* node = new (GLOBAL_DATA) RegExpNode(GLOBAL_DATA, *pattern, *flags);
+                                            int size = pattern->size() + 2; // + 2 for the two /'s
+                                            setExceptionLocation(node, @1.first_column, @1.first_column + size, @1.first_column + size);
+                                            $$ = createNodeInfo<ExpressionNode*>(node, 0, 0);
+                                        }
+  | DIVEQUAL /* regexp with /= */       {
+                                            Lexer& l = *GLOBAL_DATA->lexer;
+                                            const Identifier* pattern;
+                                            const Identifier* flags;
+                                            if (!l.scanRegExp(pattern, flags, '='))
+                                                YYABORT;
+                                            RegExpNode* node = new (GLOBAL_DATA) RegExpNode(GLOBAL_DATA, *pattern, *flags);
+                                            int size = pattern->size() + 2; // + 2 for the two /'s
+                                            setExceptionLocation(node, @1.first_column, @1.first_column + size, @1.first_column + size);
+                                            $$ = createNodeInfo<ExpressionNode*>(node, 0, 0);
+                                        }
+;
+
+Property:
+    IDENT ':' AssignmentExpr            { $$ = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, *$1, $3.m_node, PropertyNode::Constant), $3.m_features, $3.m_numConstants); }
+  | STRING ':' AssignmentExpr           { $$ = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, *$1, $3.m_node, PropertyNode::Constant), $3.m_features, $3.m_numConstants); }
+  | NUMBER ':' AssignmentExpr           { $$ = createNodeInfo<PropertyNode*>(new (GLOBAL_DATA) PropertyNode(GLOBAL_DATA, $1, $3.m_node, PropertyNode::Constant), $3.m_features, $3.m_numConstants); }
+  | IDENT IDENT '(' ')' OPENBRACE FunctionBody CLOSEBRACE    { $$ = createNodeInfo<PropertyNode*>(makeGetterOrSetterPropertyNode(GLOBAL_DATA, *$1, *$2, 0, $6, GLOBAL_DATA->lexer->sourceCode($5, $7, @5.first_line)), ClosureFeature, 0); setStatementLocation($6, @5, @7); if (!$$.m_node) YYABORT; }
+  | IDENT IDENT '(' FormalParameterList ')' OPENBRACE FunctionBody CLOSEBRACE
+                                                             {
+                                                                 $$ = createNodeInfo<PropertyNode*>(makeGetterOrSetterPropertyNode(GLOBAL_DATA, *$1, *$2, $4.m_node.head, $7, GLOBAL_DATA->lexer->sourceCode($6, $8, @6.first_line)), $4.m_features | ClosureFeature, 0); 
+                                                                 if ($4.m_features & ArgumentsFeature)
+                                                                     $7->setUsesArguments(); 
+                                                                 setStatementLocation($7, @6, @8); 
+                                                                 if (!$$.m_node) 
+                                                                     YYABORT; 
+                                                             }
+;
+
+PropertyList:
+    Property                            { $$.m_node.head = new (GLOBAL_DATA) PropertyListNode(GLOBAL_DATA, $1.m_node); 
+                                          $$.m_node.tail = $$.m_node.head;
+                                          $$.m_features = $1.m_features;
+                                          $$.m_numConstants = $1.m_numConstants; }
+  | PropertyList ',' Property           { $$.m_node.head = $1.m_node.head;
+                                          $$.m_node.tail = new (GLOBAL_DATA) PropertyListNode(GLOBAL_DATA, $3.m_node, $1.m_node.tail);
+                                          $$.m_features = $1.m_features | $3.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $3.m_numConstants; }
+;
+
+PrimaryExpr:
+    PrimaryExprNoBrace
+  | OPENBRACE CLOSEBRACE                             { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA), 0, 0); }
+  | OPENBRACE PropertyList CLOSEBRACE                { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA, $2.m_node.head), $2.m_features, $2.m_numConstants); }
+  /* allow extra comma, see http://bugs.webkit.org/show_bug.cgi?id=5939 */
+  | OPENBRACE PropertyList ',' CLOSEBRACE            { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ObjectLiteralNode(GLOBAL_DATA, $2.m_node.head), $2.m_features, $2.m_numConstants); }
+;
+
+PrimaryExprNoBrace:
+    THISTOKEN                           { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ThisNode(GLOBAL_DATA), ThisFeature, 0); }
+  | Literal
+  | ArrayLiteral
+  | IDENT                               { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ResolveNode(GLOBAL_DATA, *$1, @1.first_column), (*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0, 0); }
+  | '(' Expr ')'                        { $$ = $2; }
+;
+
+ArrayLiteral:
+    '[' ElisionOpt ']'                  { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, $2), 0, $2 ? 1 : 0); }
+  | '[' ElementList ']'                 { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, $2.m_node.head), $2.m_features, $2.m_numConstants); }
+  | '[' ElementList ',' ElisionOpt ']'  { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ArrayNode(GLOBAL_DATA, $4, $2.m_node.head), $2.m_features, $4 ? $2.m_numConstants + 1 : $2.m_numConstants); }
+;
+
+ElementList:
+    ElisionOpt AssignmentExpr           { $$.m_node.head = new (GLOBAL_DATA) ElementNode(GLOBAL_DATA, $1, $2.m_node);
+                                          $$.m_node.tail = $$.m_node.head;
+                                          $$.m_features = $2.m_features;
+                                          $$.m_numConstants = $2.m_numConstants; }
+  | ElementList ',' ElisionOpt AssignmentExpr
+                                        { $$.m_node.head = $1.m_node.head;
+                                          $$.m_node.tail = new (GLOBAL_DATA) ElementNode(GLOBAL_DATA, $1.m_node.tail, $3, $4.m_node);
+                                          $$.m_features = $1.m_features | $4.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $4.m_numConstants; }
+;
+
+ElisionOpt:
+    /* nothing */                       { $$ = 0; }
+  | Elision
+;
+
+Elision:
+    ','                                 { $$ = 1; }
+  | Elision ','                         { $$ = $1 + 1; }
+;
+
+MemberExpr:
+    PrimaryExpr
+  | FunctionExpr                        { $$ = createNodeInfo<ExpressionNode*>($1.m_node, $1.m_features, $1.m_numConstants); }
+  | MemberExpr '[' Expr ']'             { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @4.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+  | MemberExpr '.' IDENT                { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, $1.m_node, *$3);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features, $1.m_numConstants);
+                                        }
+  | NEW MemberExpr Arguments            { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, $2.m_node, $3.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $2.m_features | $3.m_features, $2.m_numConstants + $3.m_numConstants);
+                                        }
+;
+
+MemberExprNoBF:
+    PrimaryExprNoBrace
+  | MemberExprNoBF '[' Expr ']'         { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @4.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+  | MemberExprNoBF '.' IDENT            { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, $1.m_node, *$3);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features, $1.m_numConstants);
+                                        }
+  | NEW MemberExpr Arguments            { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, $2.m_node, $3.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $2.m_features | $3.m_features, $2.m_numConstants + $3.m_numConstants);
+                                        }
+;
+
+NewExpr:
+    MemberExpr
+  | NEW NewExpr                         { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, $2.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $2.m_features, $2.m_numConstants); 
+                                        }
+;
+
+NewExprNoBF:
+    MemberExprNoBF
+  | NEW NewExpr                         { NewExprNode* node = new (GLOBAL_DATA) NewExprNode(GLOBAL_DATA, $2.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $2.m_features, $2.m_numConstants);
+                                        }
+;
+
+CallExpr:
+    MemberExpr Arguments                { $$ = makeFunctionCallNode(GLOBAL_DATA, $1, $2, @1.first_column, @1.last_column, @2.last_column); }
+  | CallExpr Arguments                  { $$ = makeFunctionCallNode(GLOBAL_DATA, $1, $2, @1.first_column, @1.last_column, @2.last_column); }
+  | CallExpr '[' Expr ']'               { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @4.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+  | CallExpr '.' IDENT                  { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, $1.m_node, *$3);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features, $1.m_numConstants); }
+;
+
+CallExprNoBF:
+    MemberExprNoBF Arguments            { $$ = makeFunctionCallNode(GLOBAL_DATA, $1, $2, @1.first_column, @1.last_column, @2.last_column); }
+  | CallExprNoBF Arguments              { $$ = makeFunctionCallNode(GLOBAL_DATA, $1, $2, @1.first_column, @1.last_column, @2.last_column); }
+  | CallExprNoBF '[' Expr ']'           { BracketAccessorNode* node = new (GLOBAL_DATA) BracketAccessorNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @4.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+  | CallExprNoBF '.' IDENT              { DotAccessorNode* node = new (GLOBAL_DATA) DotAccessorNode(GLOBAL_DATA, $1.m_node, *$3);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @3.last_column);
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features, $1.m_numConstants); 
+                                        }
+;
+
+Arguments:
+    '(' ')'                             { $$ = createNodeInfo<ArgumentsNode*>(new (GLOBAL_DATA) ArgumentsNode(GLOBAL_DATA), 0, 0); }
+  | '(' ArgumentList ')'                { $$ = createNodeInfo<ArgumentsNode*>(new (GLOBAL_DATA) ArgumentsNode(GLOBAL_DATA, $2.m_node.head), $2.m_features, $2.m_numConstants); }
+;
+
+ArgumentList:
+    AssignmentExpr                      { $$.m_node.head = new (GLOBAL_DATA) ArgumentListNode(GLOBAL_DATA, $1.m_node);
+                                          $$.m_node.tail = $$.m_node.head;
+                                          $$.m_features = $1.m_features;
+                                          $$.m_numConstants = $1.m_numConstants; }
+  | ArgumentList ',' AssignmentExpr     { $$.m_node.head = $1.m_node.head;
+                                          $$.m_node.tail = new (GLOBAL_DATA) ArgumentListNode(GLOBAL_DATA, $1.m_node.tail, $3.m_node);
+                                          $$.m_features = $1.m_features | $3.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $3.m_numConstants; }
+;
+
+LeftHandSideExpr:
+    NewExpr
+  | CallExpr
+;
+
+LeftHandSideExprNoBF:
+    NewExprNoBF
+  | CallExprNoBF
+;
+
+PostfixExpr:
+    LeftHandSideExpr
+  | LeftHandSideExpr PLUSPLUS           { $$ = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, $1.m_node, OpPlusPlus, @1.first_column, @1.last_column, @2.last_column), $1.m_features | AssignFeature, $1.m_numConstants); }
+  | LeftHandSideExpr MINUSMINUS         { $$ = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, $1.m_node, OpMinusMinus, @1.first_column, @1.last_column, @2.last_column), $1.m_features | AssignFeature, $1.m_numConstants); }
+;
+
+PostfixExprNoBF:
+    LeftHandSideExprNoBF
+  | LeftHandSideExprNoBF PLUSPLUS       { $$ = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, $1.m_node, OpPlusPlus, @1.first_column, @1.last_column, @2.last_column), $1.m_features | AssignFeature, $1.m_numConstants); }
+  | LeftHandSideExprNoBF MINUSMINUS     { $$ = createNodeInfo<ExpressionNode*>(makePostfixNode(GLOBAL_DATA, $1.m_node, OpMinusMinus, @1.first_column, @1.last_column, @2.last_column), $1.m_features | AssignFeature, $1.m_numConstants); }
+;
+
+UnaryExprCommon:
+    DELETETOKEN UnaryExpr               { $$ = createNodeInfo<ExpressionNode*>(makeDeleteNode(GLOBAL_DATA, $2.m_node, @1.first_column, @2.last_column, @2.last_column), $2.m_features, $2.m_numConstants); }
+  | VOIDTOKEN UnaryExpr                 { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) VoidNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants + 1); }
+  | TYPEOF UnaryExpr                    { $$ = createNodeInfo<ExpressionNode*>(makeTypeOfNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants); }
+  | PLUSPLUS UnaryExpr                  { $$ = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, $2.m_node, OpPlusPlus, @1.first_column, @2.first_column + 1, @2.last_column), $2.m_features | AssignFeature, $2.m_numConstants); }
+  | AUTOPLUSPLUS UnaryExpr              { $$ = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, $2.m_node, OpPlusPlus, @1.first_column, @2.first_column + 1, @2.last_column), $2.m_features | AssignFeature, $2.m_numConstants); }
+  | MINUSMINUS UnaryExpr                { $$ = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, $2.m_node, OpMinusMinus, @1.first_column, @2.first_column + 1, @2.last_column), $2.m_features | AssignFeature, $2.m_numConstants); }
+  | AUTOMINUSMINUS UnaryExpr            { $$ = createNodeInfo<ExpressionNode*>(makePrefixNode(GLOBAL_DATA, $2.m_node, OpMinusMinus, @1.first_column, @2.first_column + 1, @2.last_column), $2.m_features | AssignFeature, $2.m_numConstants); }
+  | '+' UnaryExpr                       { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnaryPlusNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants); }
+  | '-' UnaryExpr                       { $$ = createNodeInfo<ExpressionNode*>(makeNegateNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants); }
+  | '~' UnaryExpr                       { $$ = createNodeInfo<ExpressionNode*>(makeBitwiseNotNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants); }
+  | '!' UnaryExpr                       { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalNotNode(GLOBAL_DATA, $2.m_node), $2.m_features, $2.m_numConstants); }
+
+UnaryExpr:
+    PostfixExpr
+  | UnaryExprCommon
+;
+
+UnaryExprNoBF:
+    PostfixExprNoBF
+  | UnaryExprCommon
+;
+
+MultiplicativeExpr:
+    UnaryExpr
+  | MultiplicativeExpr '*' UnaryExpr    { $$ = createNodeInfo<ExpressionNode*>(makeMultNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | MultiplicativeExpr '/' UnaryExpr    { $$ = createNodeInfo<ExpressionNode*>(makeDivNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | MultiplicativeExpr '%' UnaryExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ModNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+MultiplicativeExprNoBF:
+    UnaryExprNoBF
+  | MultiplicativeExprNoBF '*' UnaryExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeMultNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | MultiplicativeExprNoBF '/' UnaryExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeDivNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | MultiplicativeExprNoBF '%' UnaryExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ModNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+AdditiveExpr:
+    MultiplicativeExpr
+  | AdditiveExpr '+' MultiplicativeExpr { $$ = createNodeInfo<ExpressionNode*>(makeAddNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | AdditiveExpr '-' MultiplicativeExpr { $$ = createNodeInfo<ExpressionNode*>(makeSubNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+AdditiveExprNoBF:
+    MultiplicativeExprNoBF
+  | AdditiveExprNoBF '+' MultiplicativeExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeAddNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | AdditiveExprNoBF '-' MultiplicativeExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeSubNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+ShiftExpr:
+    AdditiveExpr
+  | ShiftExpr LSHIFT AdditiveExpr       { $$ = createNodeInfo<ExpressionNode*>(makeLeftShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | ShiftExpr RSHIFT AdditiveExpr       { $$ = createNodeInfo<ExpressionNode*>(makeRightShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | ShiftExpr URSHIFT AdditiveExpr      { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnsignedRightShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+ShiftExprNoBF:
+    AdditiveExprNoBF
+  | ShiftExprNoBF LSHIFT AdditiveExpr   { $$ = createNodeInfo<ExpressionNode*>(makeLeftShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | ShiftExprNoBF RSHIFT AdditiveExpr   { $$ = createNodeInfo<ExpressionNode*>(makeRightShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | ShiftExprNoBF URSHIFT AdditiveExpr  { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) UnsignedRightShiftNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+RelationalExpr:
+    ShiftExpr
+  | RelationalExpr '<' ShiftExpr        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExpr '>' ShiftExpr        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExpr LE ShiftExpr         { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExpr GE ShiftExpr         { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExpr INSTANCEOF ShiftExpr { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @3.first_column, @3.last_column);  
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExpr INTOKEN ShiftExpr    { InNode* node = new (GLOBAL_DATA) InNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @3.first_column, @3.last_column);  
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+RelationalExprNoIn:
+    ShiftExpr
+  | RelationalExprNoIn '<' ShiftExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoIn '>' ShiftExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoIn LE ShiftExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoIn GE ShiftExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoIn INSTANCEOF ShiftExpr
+                                        { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @3.first_column, @3.last_column);  
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+RelationalExprNoBF:
+    ShiftExprNoBF
+  | RelationalExprNoBF '<' ShiftExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoBF '>' ShiftExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoBF LE ShiftExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LessEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoBF GE ShiftExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) GreaterEqNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoBF INSTANCEOF ShiftExpr
+                                        { InstanceOfNode* node = new (GLOBAL_DATA) InstanceOfNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @3.first_column, @3.last_column);  
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | RelationalExprNoBF INTOKEN ShiftExpr 
+                                        { InNode* node = new (GLOBAL_DATA) InNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @3.first_column, @3.last_column);  
+                                          $$ = createNodeInfo<ExpressionNode*>(node, $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+EqualityExpr:
+    RelationalExpr
+  | EqualityExpr EQEQ RelationalExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExpr NE RelationalExpr      { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExpr STREQ RelationalExpr   { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExpr STRNEQ RelationalExpr  { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+EqualityExprNoIn:
+    RelationalExprNoIn
+  | EqualityExprNoIn EQEQ RelationalExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoIn NE RelationalExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoIn STREQ RelationalExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoIn STRNEQ RelationalExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+EqualityExprNoBF:
+    RelationalExprNoBF
+  | EqualityExprNoBF EQEQ RelationalExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) EqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoBF NE RelationalExpr  { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoBF STREQ RelationalExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) StrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+  | EqualityExprNoBF STRNEQ RelationalExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) NotStrictEqualNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseANDExpr:
+    EqualityExpr
+  | BitwiseANDExpr '&' EqualityExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseANDExprNoIn:
+    EqualityExprNoIn
+  | BitwiseANDExprNoIn '&' EqualityExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseANDExprNoBF:
+    EqualityExprNoBF
+  | BitwiseANDExprNoBF '&' EqualityExpr { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitAndNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseXORExpr:
+    BitwiseANDExpr
+  | BitwiseXORExpr '^' BitwiseANDExpr   { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseXORExprNoIn:
+    BitwiseANDExprNoIn
+  | BitwiseXORExprNoIn '^' BitwiseANDExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseXORExprNoBF:
+    BitwiseANDExprNoBF
+  | BitwiseXORExprNoBF '^' BitwiseANDExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitXOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseORExpr:
+    BitwiseXORExpr
+  | BitwiseORExpr '|' BitwiseXORExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseORExprNoIn:
+    BitwiseXORExprNoIn
+  | BitwiseORExprNoIn '|' BitwiseXORExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+BitwiseORExprNoBF:
+    BitwiseXORExprNoBF
+  | BitwiseORExprNoBF '|' BitwiseXORExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) BitOrNode(GLOBAL_DATA, $1.m_node, $3.m_node, $3.m_features & AssignFeature), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalANDExpr:
+    BitwiseORExpr
+  | LogicalANDExpr AND BitwiseORExpr    { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalAnd), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalANDExprNoIn:
+    BitwiseORExprNoIn
+  | LogicalANDExprNoIn AND BitwiseORExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalAnd), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalANDExprNoBF:
+    BitwiseORExprNoBF
+  | LogicalANDExprNoBF AND BitwiseORExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalAnd), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalORExpr:
+    LogicalANDExpr
+  | LogicalORExpr OR LogicalANDExpr     { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalOr), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalORExprNoIn:
+    LogicalANDExprNoIn
+  | LogicalORExprNoIn OR LogicalANDExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalOr), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+LogicalORExprNoBF:
+    LogicalANDExprNoBF
+  | LogicalORExprNoBF OR LogicalANDExpr { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) LogicalOpNode(GLOBAL_DATA, $1.m_node, $3.m_node, OpLogicalOr), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+ConditionalExpr:
+    LogicalORExpr
+  | LogicalORExpr '?' AssignmentExpr ':' AssignmentExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, $1.m_node, $3.m_node, $5.m_node), $1.m_features | $3.m_features | $5.m_features, $1.m_numConstants + $3.m_numConstants + $5.m_numConstants); }
+;
+
+ConditionalExprNoIn:
+    LogicalORExprNoIn
+  | LogicalORExprNoIn '?' AssignmentExprNoIn ':' AssignmentExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, $1.m_node, $3.m_node, $5.m_node), $1.m_features | $3.m_features | $5.m_features, $1.m_numConstants + $3.m_numConstants + $5.m_numConstants); }
+;
+
+ConditionalExprNoBF:
+    LogicalORExprNoBF
+  | LogicalORExprNoBF '?' AssignmentExpr ':' AssignmentExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(new (GLOBAL_DATA) ConditionalNode(GLOBAL_DATA, $1.m_node, $3.m_node, $5.m_node), $1.m_features | $3.m_features | $5.m_features, $1.m_numConstants + $3.m_numConstants + $5.m_numConstants); }
+;
+
+AssignmentExpr:
+    ConditionalExpr
+  | LeftHandSideExpr AssignmentOperator AssignmentExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, $1.m_node, $2, $3.m_node, $1.m_features & AssignFeature, $3.m_features & AssignFeature, 
+                                                                                                     @1.first_column, @2.first_column + 1, @3.last_column), $1.m_features | $3.m_features | AssignFeature, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+;
+
+AssignmentExprNoIn:
+    ConditionalExprNoIn
+  | LeftHandSideExpr AssignmentOperator AssignmentExprNoIn
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, $1.m_node, $2, $3.m_node, $1.m_features & AssignFeature, $3.m_features & AssignFeature, 
+                                                                                                     @1.first_column, @2.first_column + 1, @3.last_column), $1.m_features | $3.m_features | AssignFeature, $1.m_numConstants + $3.m_numConstants);
+                                        }
+;
+
+AssignmentExprNoBF:
+    ConditionalExprNoBF
+  | LeftHandSideExprNoBF AssignmentOperator AssignmentExpr
+                                        { $$ = createNodeInfo<ExpressionNode*>(makeAssignNode(GLOBAL_DATA, $1.m_node, $2, $3.m_node, $1.m_features & AssignFeature, $3.m_features & AssignFeature,
+                                                                                                     @1.first_column, @2.first_column + 1, @3.last_column), $1.m_features | $3.m_features | AssignFeature, $1.m_numConstants + $3.m_numConstants); 
+                                        }
+;
+
+AssignmentOperator:
+    '='                                 { $$ = OpEqual; }
+  | PLUSEQUAL                           { $$ = OpPlusEq; }
+  | MINUSEQUAL                          { $$ = OpMinusEq; }
+  | MULTEQUAL                           { $$ = OpMultEq; }
+  | DIVEQUAL                            { $$ = OpDivEq; }
+  | LSHIFTEQUAL                         { $$ = OpLShift; }
+  | RSHIFTEQUAL                         { $$ = OpRShift; }
+  | URSHIFTEQUAL                        { $$ = OpURShift; }
+  | ANDEQUAL                            { $$ = OpAndEq; }
+  | XOREQUAL                            { $$ = OpXOrEq; }
+  | OREQUAL                             { $$ = OpOrEq; }
+  | MODEQUAL                            { $$ = OpModEq; }
+;
+
+Expr:
+    AssignmentExpr
+  | Expr ',' AssignmentExpr             { $$ = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, $1.m_node, $3.m_node), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+ExprNoIn:
+    AssignmentExprNoIn
+  | ExprNoIn ',' AssignmentExprNoIn     { $$ = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, $1.m_node, $3.m_node), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+ExprNoBF:
+    AssignmentExprNoBF
+  | ExprNoBF ',' AssignmentExpr         { $$ = createNodeInfo<ExpressionNode*>(combineCommaNodes(GLOBAL_DATA, $1.m_node, $3.m_node), $1.m_features | $3.m_features, $1.m_numConstants + $3.m_numConstants); }
+;
+
+Statement:
+    Block
+  | VariableStatement
+  | ConstStatement
+  | FunctionDeclaration
+  | EmptyStatement
+  | ExprStatement
+  | IfStatement
+  | IterationStatement
+  | ContinueStatement
+  | BreakStatement
+  | ReturnStatement
+  | WithStatement
+  | SwitchStatement
+  | LabelledStatement
+  | ThrowStatement
+  | TryStatement
+  | DebuggerStatement
+;
+
+Block:
+    OPENBRACE CLOSEBRACE                { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BlockNode(GLOBAL_DATA, 0), 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | OPENBRACE SourceElements CLOSEBRACE { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BlockNode(GLOBAL_DATA, $2.m_node), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @3); }
+;
+
+VariableStatement:
+    VAR VariableDeclarationList ';'     { $$ = createNodeDeclarationInfo<StatementNode*>(makeVarStatementNode(GLOBAL_DATA, $2.m_node), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @3); }
+  | VAR VariableDeclarationList error   { $$ = createNodeDeclarationInfo<StatementNode*>(makeVarStatementNode(GLOBAL_DATA, $2.m_node), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2);
+                                          AUTO_SEMICOLON; }
+;
+
+VariableDeclarationList:
+    IDENT                               { $$.m_node = 0;
+                                          $$.m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$1, 0);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = (*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          $$.m_numConstants = 0;
+                                        }
+  | IDENT Initializer                   { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *$1, $2.m_node, $2.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @2.first_column + 1, @2.last_column);
+                                          $$.m_node = node;
+                                          $$.m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$1, DeclarationStacks::HasInitializer);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = ((*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $2.m_features;
+                                          $$.m_numConstants = $2.m_numConstants;
+                                        }
+  | VariableDeclarationList ',' IDENT
+                                        { $$.m_node = $1.m_node;
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$3, 0);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = $1.m_features | ((*$3 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          $$.m_numConstants = $1.m_numConstants;
+                                        }
+  | VariableDeclarationList ',' IDENT Initializer
+                                        { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *$3, $4.m_node, $4.m_features & AssignFeature);
+                                          setExceptionLocation(node, @3.first_column, @4.first_column + 1, @4.last_column);
+                                          $$.m_node = combineCommaNodes(GLOBAL_DATA, $1.m_node, node);
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$3, DeclarationStacks::HasInitializer);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = $1.m_features | ((*$3 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $4.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $4.m_numConstants;
+                                        }
+;
+
+VariableDeclarationListNoIn:
+    IDENT                               { $$.m_node = 0;
+                                          $$.m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$1, 0);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = (*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          $$.m_numConstants = 0;
+                                        }
+  | IDENT InitializerNoIn               { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *$1, $2.m_node, $2.m_features & AssignFeature);
+                                          setExceptionLocation(node, @1.first_column, @2.first_column + 1, @2.last_column);
+                                          $$.m_node = node;
+                                          $$.m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$1, DeclarationStacks::HasInitializer);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = ((*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $2.m_features;
+                                          $$.m_numConstants = $2.m_numConstants;
+                                        }
+  | VariableDeclarationListNoIn ',' IDENT
+                                        { $$.m_node = $1.m_node;
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$3, 0);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = $1.m_features | ((*$3 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          $$.m_numConstants = $1.m_numConstants;
+                                        }
+  | VariableDeclarationListNoIn ',' IDENT InitializerNoIn
+                                        { AssignResolveNode* node = new (GLOBAL_DATA) AssignResolveNode(GLOBAL_DATA, *$3, $4.m_node, $4.m_features & AssignFeature);
+                                          setExceptionLocation(node, @3.first_column, @4.first_column + 1, @4.last_column);
+                                          $$.m_node = combineCommaNodes(GLOBAL_DATA, $1.m_node, node);
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, *$3, DeclarationStacks::HasInitializer);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = $1.m_features | ((*$3 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $4.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $4.m_numConstants;
+                                        }
+;
+
+ConstStatement:
+    CONSTTOKEN ConstDeclarationList ';' { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ConstStatementNode(GLOBAL_DATA, $2.m_node.head), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @3); }
+  | CONSTTOKEN ConstDeclarationList error
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ConstStatementNode(GLOBAL_DATA, $2.m_node.head), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2); AUTO_SEMICOLON; }
+;
+
+ConstDeclarationList:
+    ConstDeclaration                    { $$.m_node.head = $1.m_node;
+                                          $$.m_node.tail = $$.m_node.head;
+                                          $$.m_varDeclarations = new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::VarStack>;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, $1.m_node);
+                                          $$.m_funcDeclarations = 0; 
+                                          $$.m_features = $1.m_features;
+                                          $$.m_numConstants = $1.m_numConstants;
+    }
+  | ConstDeclarationList ',' ConstDeclaration
+                                        { $$.m_node.head = $1.m_node.head;
+                                          $1.m_node.tail->m_next = $3.m_node;
+                                          $$.m_node.tail = $3.m_node;
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          appendToVarDeclarationList(GLOBAL_DATA, $$.m_varDeclarations, $3.m_node);
+                                          $$.m_funcDeclarations = 0;
+                                          $$.m_features = $1.m_features | $3.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $3.m_numConstants; }
+;
+
+ConstDeclaration:
+    IDENT                               { $$ = createNodeInfo<ConstDeclNode*>(new (GLOBAL_DATA) ConstDeclNode(GLOBAL_DATA, *$1, 0), (*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0, 0); }
+  | IDENT Initializer                   { $$ = createNodeInfo<ConstDeclNode*>(new (GLOBAL_DATA) ConstDeclNode(GLOBAL_DATA, *$1, $2.m_node), ((*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $2.m_features, $2.m_numConstants); }
+;
+
+Initializer:
+    '=' AssignmentExpr                  { $$ = $2; }
+;
+
+InitializerNoIn:
+    '=' AssignmentExprNoIn              { $$ = $2; }
+;
+
+EmptyStatement:
+    ';'                                 { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) EmptyStatementNode(GLOBAL_DATA), 0, 0, 0, 0); }
+;
+
+ExprStatement:
+    ExprNoBF ';'                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ExprStatementNode(GLOBAL_DATA, $1.m_node), 0, 0, $1.m_features, $1.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | ExprNoBF error                      { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ExprStatementNode(GLOBAL_DATA, $1.m_node), 0, 0, $1.m_features, $1.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @1); AUTO_SEMICOLON; }
+;
+
+IfStatement:
+    IF '(' Expr ')' Statement %prec IF_WITHOUT_ELSE
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) IfNode(GLOBAL_DATA, $3.m_node, $5.m_node), $5.m_varDeclarations, $5.m_funcDeclarations, $3.m_features | $5.m_features, $3.m_numConstants + $5.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @4); }
+  | IF '(' Expr ')' Statement ELSE Statement
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) IfElseNode(GLOBAL_DATA, $3.m_node, $5.m_node, $7.m_node), 
+                                                                                         mergeDeclarationLists($5.m_varDeclarations, $7.m_varDeclarations),
+                                                                                         mergeDeclarationLists($5.m_funcDeclarations, $7.m_funcDeclarations),
+                                                                                         $3.m_features | $5.m_features | $7.m_features,
+                                                                                         $3.m_numConstants + $5.m_numConstants + $7.m_numConstants); 
+                                          setStatementLocation($$.m_node, @1, @4); }
+;
+
+IterationStatement:
+    DO Statement WHILE '(' Expr ')' ';'    { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DoWhileNode(GLOBAL_DATA, $2.m_node, $5.m_node), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features | $5.m_features, $2.m_numConstants + $5.m_numConstants);
+                                             setStatementLocation($$.m_node, @1, @3); }
+  | DO Statement WHILE '(' Expr ')' error  { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DoWhileNode(GLOBAL_DATA, $2.m_node, $5.m_node), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features | $5.m_features, $2.m_numConstants + $5.m_numConstants);
+                                             setStatementLocation($$.m_node, @1, @3); } // Always performs automatic semicolon insertion.
+  | WHILE '(' Expr ')' Statement        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) WhileNode(GLOBAL_DATA, $3.m_node, $5.m_node), $5.m_varDeclarations, $5.m_funcDeclarations, $3.m_features | $5.m_features, $3.m_numConstants + $5.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @4); }
+  | FOR '(' ExprNoInOpt ';' ExprOpt ';' ExprOpt ')' Statement
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ForNode(GLOBAL_DATA, $3.m_node, $5.m_node, $7.m_node, $9.m_node, false), $9.m_varDeclarations, $9.m_funcDeclarations, 
+                                                                                         $3.m_features | $5.m_features | $7.m_features | $9.m_features,
+                                                                                         $3.m_numConstants + $5.m_numConstants + $7.m_numConstants + $9.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @8); 
+                                        }
+  | FOR '(' VAR VariableDeclarationListNoIn ';' ExprOpt ';' ExprOpt ')' Statement
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) ForNode(GLOBAL_DATA, $4.m_node, $6.m_node, $8.m_node, $10.m_node, true),
+                                                                                         mergeDeclarationLists($4.m_varDeclarations, $10.m_varDeclarations),
+                                                                                         mergeDeclarationLists($4.m_funcDeclarations, $10.m_funcDeclarations),
+                                                                                         $4.m_features | $6.m_features | $8.m_features | $10.m_features,
+                                                                                         $4.m_numConstants + $6.m_numConstants + $8.m_numConstants + $10.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @9); }
+  | FOR '(' LeftHandSideExpr INTOKEN Expr ')' Statement
+                                        {
+                                            ForInNode* node = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, $3.m_node, $5.m_node, $7.m_node);
+                                            setExceptionLocation(node, @3.first_column, @3.last_column, @5.last_column);
+                                            $$ = createNodeDeclarationInfo<StatementNode*>(node, $7.m_varDeclarations, $7.m_funcDeclarations,
+                                                                                           $3.m_features | $5.m_features | $7.m_features,
+                                                                                           $3.m_numConstants + $5.m_numConstants + $7.m_numConstants);
+                                            setStatementLocation($$.m_node, @1, @6);
+                                        }
+  | FOR '(' VAR IDENT INTOKEN Expr ')' Statement
+                                        { ForInNode *forIn = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, *$4, 0, $6.m_node, $8.m_node, @5.first_column, @5.first_column - @4.first_column, @6.last_column - @5.first_column);
+                                          setExceptionLocation(forIn, @4.first_column, @5.first_column + 1, @6.last_column);
+                                          appendToVarDeclarationList(GLOBAL_DATA, $8.m_varDeclarations, *$4, DeclarationStacks::HasInitializer);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(forIn, $8.m_varDeclarations, $8.m_funcDeclarations, ((*$4 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $6.m_features | $8.m_features, $6.m_numConstants + $8.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @7); }
+  | FOR '(' VAR IDENT InitializerNoIn INTOKEN Expr ')' Statement
+                                        { ForInNode *forIn = new (GLOBAL_DATA) ForInNode(GLOBAL_DATA, *$4, $5.m_node, $7.m_node, $9.m_node, @5.first_column, @5.first_column - @4.first_column, @5.last_column - @5.first_column);
+                                          setExceptionLocation(forIn, @4.first_column, @6.first_column + 1, @7.last_column);
+                                          appendToVarDeclarationList(GLOBAL_DATA, $9.m_varDeclarations, *$4, DeclarationStacks::HasInitializer);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(forIn, $9.m_varDeclarations, $9.m_funcDeclarations,
+                                                                                         ((*$4 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $5.m_features | $7.m_features | $9.m_features,
+                                                                                         $5.m_numConstants + $7.m_numConstants + $9.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @8); }
+;
+
+ExprOpt:
+    /* nothing */                       { $$ = createNodeInfo<ExpressionNode*>(0, 0, 0); }
+  | Expr
+;
+
+ExprNoInOpt:
+    /* nothing */                       { $$ = createNodeInfo<ExpressionNode*>(0, 0, 0); }
+  | ExprNoIn
+;
+
+ContinueStatement:
+    CONTINUE ';'                        { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | CONTINUE error                      { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @1); AUTO_SEMICOLON; }
+  | CONTINUE IDENT ';'                  { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA, *$2);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @3); }
+  | CONTINUE IDENT error                { ContinueNode* node = new (GLOBAL_DATA) ContinueNode(GLOBAL_DATA, *$2);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @2); AUTO_SEMICOLON; }
+;
+
+BreakStatement:
+    BREAK ';'                           { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @2); }
+  | BREAK error                         { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA);
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BreakNode(GLOBAL_DATA), 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @1); AUTO_SEMICOLON; }
+  | BREAK IDENT ';'                     { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *$2);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @3); }
+  | BREAK IDENT error                   { BreakNode* node = new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *$2);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) BreakNode(GLOBAL_DATA, *$2), 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @2); AUTO_SEMICOLON; }
+;
+
+ReturnStatement:
+    RETURN ';'                          { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, 0); 
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @2); }
+  | RETURN error                        { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, 0); 
+                                          setExceptionLocation(node, @1.first_column, @1.last_column, @1.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, 0, 0); setStatementLocation($$.m_node, @1, @1); AUTO_SEMICOLON; }
+  | RETURN Expr ';'                     { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, $2.m_node); 
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, $2.m_features, $2.m_numConstants); setStatementLocation($$.m_node, @1, @3); }
+  | RETURN Expr error                   { ReturnNode* node = new (GLOBAL_DATA) ReturnNode(GLOBAL_DATA, $2.m_node); 
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column); 
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, $2.m_features, $2.m_numConstants); setStatementLocation($$.m_node, @1, @2); AUTO_SEMICOLON; }
+;
+
+WithStatement:
+    WITH '(' Expr ')' Statement         { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) WithNode(GLOBAL_DATA, $3.m_node, $5.m_node, @3.last_column, @3.last_column - @3.first_column),
+                                                                                         $5.m_varDeclarations, $5.m_funcDeclarations, $3.m_features | $5.m_features | WithFeature, $3.m_numConstants + $5.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @4); }
+;
+
+SwitchStatement:
+    SWITCH '(' Expr ')' CaseBlock       { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) SwitchNode(GLOBAL_DATA, $3.m_node, $5.m_node), $5.m_varDeclarations, $5.m_funcDeclarations,
+                                                                                         $3.m_features | $5.m_features, $3.m_numConstants + $5.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @4); }
+;
+
+CaseBlock:
+    OPENBRACE CaseClausesOpt CLOSEBRACE              { $$ = createNodeDeclarationInfo<CaseBlockNode*>(new (GLOBAL_DATA) CaseBlockNode(GLOBAL_DATA, $2.m_node.head, 0, 0), $2.m_varDeclarations, $2.m_funcDeclarations, $2.m_features, $2.m_numConstants); }
+  | OPENBRACE CaseClausesOpt DefaultClause CaseClausesOpt CLOSEBRACE
+                                        { $$ = createNodeDeclarationInfo<CaseBlockNode*>(new (GLOBAL_DATA) CaseBlockNode(GLOBAL_DATA, $2.m_node.head, $3.m_node, $4.m_node.head),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists($2.m_varDeclarations, $3.m_varDeclarations), $4.m_varDeclarations),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists($2.m_funcDeclarations, $3.m_funcDeclarations), $4.m_funcDeclarations),
+                                                                                         $2.m_features | $3.m_features | $4.m_features,
+                                                                                         $2.m_numConstants + $3.m_numConstants + $4.m_numConstants); }
+;
+
+CaseClausesOpt:
+  /* nothing */                         { $$.m_node.head = 0; $$.m_node.tail = 0; $$.m_varDeclarations = 0; $$.m_funcDeclarations = 0; $$.m_features = 0; $$.m_numConstants = 0; }
+  | CaseClauses
+;
+
+CaseClauses:
+    CaseClause                          { $$.m_node.head = new (GLOBAL_DATA) ClauseListNode(GLOBAL_DATA, $1.m_node);
+                                          $$.m_node.tail = $$.m_node.head;
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          $$.m_funcDeclarations = $1.m_funcDeclarations; 
+                                          $$.m_features = $1.m_features;
+                                          $$.m_numConstants = $1.m_numConstants; }
+  | CaseClauses CaseClause              { $$.m_node.head = $1.m_node.head;
+                                          $$.m_node.tail = new (GLOBAL_DATA) ClauseListNode(GLOBAL_DATA, $1.m_node.tail, $2.m_node);
+                                          $$.m_varDeclarations = mergeDeclarationLists($1.m_varDeclarations, $2.m_varDeclarations);
+                                          $$.m_funcDeclarations = mergeDeclarationLists($1.m_funcDeclarations, $2.m_funcDeclarations);
+                                          $$.m_features = $1.m_features | $2.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $2.m_numConstants;
+                                        }
+;
+
+CaseClause:
+    CASE Expr ':'                       { $$ = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, $2.m_node), 0, 0, $2.m_features, $2.m_numConstants); }
+  | CASE Expr ':' SourceElements        { $$ = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, $2.m_node, $4.m_node), $4.m_varDeclarations, $4.m_funcDeclarations, $2.m_features | $4.m_features, $2.m_numConstants + $4.m_numConstants); }
+;
+
+DefaultClause:
+    DEFAULT ':'                         { $$ = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, 0), 0, 0, 0, 0); }
+  | DEFAULT ':' SourceElements          { $$ = createNodeDeclarationInfo<CaseClauseNode*>(new (GLOBAL_DATA) CaseClauseNode(GLOBAL_DATA, 0, $3.m_node), $3.m_varDeclarations, $3.m_funcDeclarations, $3.m_features, $3.m_numConstants); }
+;
+
+LabelledStatement:
+    IDENT ':' Statement                 { LabelNode* node = new (GLOBAL_DATA) LabelNode(GLOBAL_DATA, *$1, $3.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, $3.m_varDeclarations, $3.m_funcDeclarations, $3.m_features, $3.m_numConstants); }
+;
+
+ThrowStatement:
+    THROW Expr ';'                      { ThrowNode* node = new (GLOBAL_DATA) ThrowNode(GLOBAL_DATA, $2.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, $2.m_features, $2.m_numConstants); setStatementLocation($$.m_node, @1, @2);
+                                        }
+  | THROW Expr error                    { ThrowNode* node = new (GLOBAL_DATA) ThrowNode(GLOBAL_DATA, $2.m_node);
+                                          setExceptionLocation(node, @1.first_column, @2.last_column, @2.last_column);
+                                          $$ = createNodeDeclarationInfo<StatementNode*>(node, 0, 0, $2.m_features, $2.m_numConstants); setStatementLocation($$.m_node, @1, @2); AUTO_SEMICOLON; 
+                                        }
+;
+
+TryStatement:
+    TRY Block FINALLY Block             { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, $2.m_node, GLOBAL_DATA->propertyNames->nullIdentifier, false, 0, $4.m_node),
+                                                                                         mergeDeclarationLists($2.m_varDeclarations, $4.m_varDeclarations),
+                                                                                         mergeDeclarationLists($2.m_funcDeclarations, $4.m_funcDeclarations),
+                                                                                         $2.m_features | $4.m_features,
+                                                                                         $2.m_numConstants + $4.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | TRY Block CATCH '(' IDENT ')' Block { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, $2.m_node, *$5, ($7.m_features & EvalFeature) != 0, $7.m_node, 0),
+                                                                                         mergeDeclarationLists($2.m_varDeclarations, $7.m_varDeclarations),
+                                                                                         mergeDeclarationLists($2.m_funcDeclarations, $7.m_funcDeclarations),
+                                                                                         $2.m_features | $7.m_features | CatchFeature,
+                                                                                         $2.m_numConstants + $7.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | TRY Block CATCH '(' IDENT ')' Block FINALLY Block
+                                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) TryNode(GLOBAL_DATA, $2.m_node, *$5, ($7.m_features & EvalFeature) != 0, $7.m_node, $9.m_node),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists($2.m_varDeclarations, $7.m_varDeclarations), $9.m_varDeclarations),
+                                                                                         mergeDeclarationLists(mergeDeclarationLists($2.m_funcDeclarations, $7.m_funcDeclarations), $9.m_funcDeclarations),
+                                                                                         $2.m_features | $7.m_features | $9.m_features | CatchFeature,
+                                                                                         $2.m_numConstants + $7.m_numConstants + $9.m_numConstants);
+                                          setStatementLocation($$.m_node, @1, @2); }
+;
+
+DebuggerStatement:
+    DEBUGGER ';'                        { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DebuggerStatementNode(GLOBAL_DATA), 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @2); }
+  | DEBUGGER error                      { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) DebuggerStatementNode(GLOBAL_DATA), 0, 0, 0, 0);
+                                          setStatementLocation($$.m_node, @1, @1); AUTO_SEMICOLON; }
+;
+
+FunctionDeclaration:
+    FUNCTION IDENT '(' ')' OPENBRACE FunctionBody CLOSEBRACE { $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) FuncDeclNode(GLOBAL_DATA, *$2, $6, GLOBAL_DATA->lexer->sourceCode($5, $7, @5.first_line)), 0, new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::FunctionStack>, ((*$2 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | ClosureFeature, 0); setStatementLocation($6, @5, @7); $$.m_funcDeclarations->data.append(static_cast<FuncDeclNode*>($$.m_node)->body()); }
+  | FUNCTION IDENT '(' FormalParameterList ')' OPENBRACE FunctionBody CLOSEBRACE
+      {
+          $$ = createNodeDeclarationInfo<StatementNode*>(new (GLOBAL_DATA) FuncDeclNode(GLOBAL_DATA, *$2, $7, GLOBAL_DATA->lexer->sourceCode($6, $8, @6.first_line), $4.m_node.head), 0, new (GLOBAL_DATA) ParserArenaData<DeclarationStacks::FunctionStack>, ((*$2 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0) | $4.m_features | ClosureFeature, 0);
+          if ($4.m_features & ArgumentsFeature)
+              $7->setUsesArguments();
+          setStatementLocation($7, @6, @8);
+          $$.m_funcDeclarations->data.append(static_cast<FuncDeclNode*>($$.m_node)->body());
+      }
+;
+
+FunctionExpr:
+    FUNCTION '(' ')' OPENBRACE FunctionBody CLOSEBRACE { $$ = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, GLOBAL_DATA->propertyNames->nullIdentifier, $5, GLOBAL_DATA->lexer->sourceCode($4, $6, @4.first_line)), ClosureFeature, 0); setStatementLocation($5, @4, @6); }
+    | FUNCTION '(' FormalParameterList ')' OPENBRACE FunctionBody CLOSEBRACE
+      {
+          $$ = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, GLOBAL_DATA->propertyNames->nullIdentifier, $6, GLOBAL_DATA->lexer->sourceCode($5, $7, @5.first_line), $3.m_node.head), $3.m_features | ClosureFeature, 0);
+          if ($3.m_features & ArgumentsFeature)
+              $6->setUsesArguments();
+          setStatementLocation($6, @5, @7);
+      }
+  | FUNCTION IDENT '(' ')' OPENBRACE FunctionBody CLOSEBRACE { $$ = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, *$2, $6, GLOBAL_DATA->lexer->sourceCode($5, $7, @5.first_line)), ClosureFeature, 0); setStatementLocation($6, @5, @7); }
+  | FUNCTION IDENT '(' FormalParameterList ')' OPENBRACE FunctionBody CLOSEBRACE
+      {
+          $$ = createNodeInfo(new (GLOBAL_DATA) FuncExprNode(GLOBAL_DATA, *$2, $7, GLOBAL_DATA->lexer->sourceCode($6, $8, @6.first_line), $4.m_node.head), $4.m_features | ClosureFeature, 0); 
+          if ($4.m_features & ArgumentsFeature)
+              $7->setUsesArguments();
+          setStatementLocation($7, @6, @8);
+      }
+;
+
+FormalParameterList:
+    IDENT                               { $$.m_node.head = new (GLOBAL_DATA) ParameterNode(GLOBAL_DATA, *$1);
+                                          $$.m_features = (*$1 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0;
+                                          $$.m_node.tail = $$.m_node.head; }
+  | FormalParameterList ',' IDENT       { $$.m_node.head = $1.m_node.head;
+                                          $$.m_features = $1.m_features | ((*$3 == GLOBAL_DATA->propertyNames->arguments) ? ArgumentsFeature : 0);
+                                          $$.m_node.tail = new (GLOBAL_DATA) ParameterNode(GLOBAL_DATA, $1.m_node.tail, *$3);  }
+;
+
+FunctionBody:
+    /* not in spec */                   { $$ = FunctionBodyNode::create(GLOBAL_DATA); }
+  | SourceElements_NoNode               { $$ = FunctionBodyNode::create(GLOBAL_DATA); }
+;
+
+Program:
+    /* not in spec */                   { GLOBAL_DATA->parser->didFinishParsing(new (GLOBAL_DATA) SourceElements(GLOBAL_DATA), 0, 0, NoFeatures, @0.last_line, 0); }
+    | SourceElements                    { GLOBAL_DATA->parser->didFinishParsing($1.m_node, $1.m_varDeclarations, $1.m_funcDeclarations, $1.m_features, 
+                                                                                @1.last_line, $1.m_numConstants); }
+;
+
+SourceElements:
+    Statement                           { $$.m_node = new (GLOBAL_DATA) SourceElements(GLOBAL_DATA);
+                                          $$.m_node->append($1.m_node);
+                                          $$.m_varDeclarations = $1.m_varDeclarations;
+                                          $$.m_funcDeclarations = $1.m_funcDeclarations;
+                                          $$.m_features = $1.m_features;
+                                          $$.m_numConstants = $1.m_numConstants;
+                                        }
+  | SourceElements Statement            { $$.m_node->append($2.m_node);
+                                          $$.m_varDeclarations = mergeDeclarationLists($1.m_varDeclarations, $2.m_varDeclarations);
+                                          $$.m_funcDeclarations = mergeDeclarationLists($1.m_funcDeclarations, $2.m_funcDeclarations);
+                                          $$.m_features = $1.m_features | $2.m_features;
+                                          $$.m_numConstants = $1.m_numConstants + $2.m_numConstants;
+                                        }
+;
+ 
+// Start NoNodes
+
+Literal_NoNode:
+    NULLTOKEN
+  | TRUETOKEN
+  | FALSETOKEN
+  | NUMBER { }
+  | STRING { }
+  | '/' /* regexp */ { if (!GLOBAL_DATA->lexer->skipRegExp()) YYABORT; }
+  | DIVEQUAL /* regexp with /= */ { if (!GLOBAL_DATA->lexer->skipRegExp()) YYABORT; }
+;
+
+Property_NoNode:
+    IDENT ':' AssignmentExpr_NoNode { }
+  | STRING ':' AssignmentExpr_NoNode { }
+  | NUMBER ':' AssignmentExpr_NoNode { }
+  | IDENT IDENT '(' ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE { if (*$1 != "get" && *$1 != "set") YYABORT; }
+  | IDENT IDENT '(' FormalParameterList_NoNode ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE { if (*$1 != "get" && *$1 != "set") YYABORT; }
+;
+
+PropertyList_NoNode:
+    Property_NoNode
+  | PropertyList_NoNode ',' Property_NoNode
+;
+
+PrimaryExpr_NoNode:
+    PrimaryExprNoBrace_NoNode
+  | OPENBRACE CLOSEBRACE { }
+  | OPENBRACE PropertyList_NoNode CLOSEBRACE { }
+  /* allow extra comma, see http://bugs.webkit.org/show_bug.cgi?id=5939 */
+  | OPENBRACE PropertyList_NoNode ',' CLOSEBRACE { }
+;
+
+PrimaryExprNoBrace_NoNode:
+    THISTOKEN
+  | Literal_NoNode
+  | ArrayLiteral_NoNode
+  | IDENT { }
+  | '(' Expr_NoNode ')'
+;
+
+ArrayLiteral_NoNode:
+    '[' ElisionOpt_NoNode ']'
+  | '[' ElementList_NoNode ']'
+  | '[' ElementList_NoNode ',' ElisionOpt_NoNode ']'
+;
+
+ElementList_NoNode:
+    ElisionOpt_NoNode AssignmentExpr_NoNode
+  | ElementList_NoNode ',' ElisionOpt_NoNode AssignmentExpr_NoNode
+;
+
+ElisionOpt_NoNode:
+    /* nothing */
+  | Elision_NoNode
+;
+
+Elision_NoNode:
+    ','
+  | Elision_NoNode ','
+;
+
+MemberExpr_NoNode:
+    PrimaryExpr_NoNode
+  | FunctionExpr_NoNode
+  | MemberExpr_NoNode '[' Expr_NoNode ']'
+  | MemberExpr_NoNode '.' IDENT
+  | NEW MemberExpr_NoNode Arguments_NoNode
+;
+
+MemberExprNoBF_NoNode:
+    PrimaryExprNoBrace_NoNode
+  | MemberExprNoBF_NoNode '[' Expr_NoNode ']'
+  | MemberExprNoBF_NoNode '.' IDENT
+  | NEW MemberExpr_NoNode Arguments_NoNode
+;
+
+NewExpr_NoNode:
+    MemberExpr_NoNode
+  | NEW NewExpr_NoNode
+;
+
+NewExprNoBF_NoNode:
+    MemberExprNoBF_NoNode
+  | NEW NewExpr_NoNode
+;
+
+CallExpr_NoNode:
+    MemberExpr_NoNode Arguments_NoNode
+  | CallExpr_NoNode Arguments_NoNode
+  | CallExpr_NoNode '[' Expr_NoNode ']'
+  | CallExpr_NoNode '.' IDENT
+;
+
+CallExprNoBF_NoNode:
+    MemberExprNoBF_NoNode Arguments_NoNode
+  | CallExprNoBF_NoNode Arguments_NoNode
+  | CallExprNoBF_NoNode '[' Expr_NoNode ']'
+  | CallExprNoBF_NoNode '.' IDENT
+;
+
+Arguments_NoNode:
+    '(' ')'
+  | '(' ArgumentList_NoNode ')'
+;
+
+ArgumentList_NoNode:
+    AssignmentExpr_NoNode
+  | ArgumentList_NoNode ',' AssignmentExpr_NoNode
+;
+
+LeftHandSideExpr_NoNode:
+    NewExpr_NoNode
+  | CallExpr_NoNode
+;
+
+LeftHandSideExprNoBF_NoNode:
+    NewExprNoBF_NoNode
+  | CallExprNoBF_NoNode
+;
+
+PostfixExpr_NoNode:
+    LeftHandSideExpr_NoNode
+  | LeftHandSideExpr_NoNode PLUSPLUS
+  | LeftHandSideExpr_NoNode MINUSMINUS
+;
+
+PostfixExprNoBF_NoNode:
+    LeftHandSideExprNoBF_NoNode
+  | LeftHandSideExprNoBF_NoNode PLUSPLUS
+  | LeftHandSideExprNoBF_NoNode MINUSMINUS
+;
+
+UnaryExprCommon_NoNode:
+    DELETETOKEN UnaryExpr_NoNode
+  | VOIDTOKEN UnaryExpr_NoNode
+  | TYPEOF UnaryExpr_NoNode
+  | PLUSPLUS UnaryExpr_NoNode
+  | AUTOPLUSPLUS UnaryExpr_NoNode
+  | MINUSMINUS UnaryExpr_NoNode
+  | AUTOMINUSMINUS UnaryExpr_NoNode
+  | '+' UnaryExpr_NoNode
+  | '-' UnaryExpr_NoNode
+  | '~' UnaryExpr_NoNode
+  | '!' UnaryExpr_NoNode
+
+UnaryExpr_NoNode:
+    PostfixExpr_NoNode
+  | UnaryExprCommon_NoNode
+;
+
+UnaryExprNoBF_NoNode:
+    PostfixExprNoBF_NoNode
+  | UnaryExprCommon_NoNode
+;
+
+MultiplicativeExpr_NoNode:
+    UnaryExpr_NoNode
+  | MultiplicativeExpr_NoNode '*' UnaryExpr_NoNode
+  | MultiplicativeExpr_NoNode '/' UnaryExpr_NoNode
+  | MultiplicativeExpr_NoNode '%' UnaryExpr_NoNode
+;
+
+MultiplicativeExprNoBF_NoNode:
+    UnaryExprNoBF_NoNode
+  | MultiplicativeExprNoBF_NoNode '*' UnaryExpr_NoNode
+  | MultiplicativeExprNoBF_NoNode '/' UnaryExpr_NoNode
+  | MultiplicativeExprNoBF_NoNode '%' UnaryExpr_NoNode
+;
+
+AdditiveExpr_NoNode:
+    MultiplicativeExpr_NoNode
+  | AdditiveExpr_NoNode '+' MultiplicativeExpr_NoNode
+  | AdditiveExpr_NoNode '-' MultiplicativeExpr_NoNode
+;
+
+AdditiveExprNoBF_NoNode:
+    MultiplicativeExprNoBF_NoNode
+  | AdditiveExprNoBF_NoNode '+' MultiplicativeExpr_NoNode
+  | AdditiveExprNoBF_NoNode '-' MultiplicativeExpr_NoNode
+;
+
+ShiftExpr_NoNode:
+    AdditiveExpr_NoNode
+  | ShiftExpr_NoNode LSHIFT AdditiveExpr_NoNode
+  | ShiftExpr_NoNode RSHIFT AdditiveExpr_NoNode
+  | ShiftExpr_NoNode URSHIFT AdditiveExpr_NoNode
+;
+
+ShiftExprNoBF_NoNode:
+    AdditiveExprNoBF_NoNode
+  | ShiftExprNoBF_NoNode LSHIFT AdditiveExpr_NoNode
+  | ShiftExprNoBF_NoNode RSHIFT AdditiveExpr_NoNode
+  | ShiftExprNoBF_NoNode URSHIFT AdditiveExpr_NoNode
+;
+
+RelationalExpr_NoNode:
+    ShiftExpr_NoNode
+  | RelationalExpr_NoNode '<' ShiftExpr_NoNode
+  | RelationalExpr_NoNode '>' ShiftExpr_NoNode
+  | RelationalExpr_NoNode LE ShiftExpr_NoNode
+  | RelationalExpr_NoNode GE ShiftExpr_NoNode
+  | RelationalExpr_NoNode INSTANCEOF ShiftExpr_NoNode
+  | RelationalExpr_NoNode INTOKEN ShiftExpr_NoNode
+;
+
+RelationalExprNoIn_NoNode:
+    ShiftExpr_NoNode
+  | RelationalExprNoIn_NoNode '<' ShiftExpr_NoNode
+  | RelationalExprNoIn_NoNode '>' ShiftExpr_NoNode
+  | RelationalExprNoIn_NoNode LE ShiftExpr_NoNode
+  | RelationalExprNoIn_NoNode GE ShiftExpr_NoNode
+  | RelationalExprNoIn_NoNode INSTANCEOF ShiftExpr_NoNode
+;
+
+RelationalExprNoBF_NoNode:
+    ShiftExprNoBF_NoNode
+  | RelationalExprNoBF_NoNode '<' ShiftExpr_NoNode
+  | RelationalExprNoBF_NoNode '>' ShiftExpr_NoNode
+  | RelationalExprNoBF_NoNode LE ShiftExpr_NoNode
+  | RelationalExprNoBF_NoNode GE ShiftExpr_NoNode
+  | RelationalExprNoBF_NoNode INSTANCEOF ShiftExpr_NoNode
+  | RelationalExprNoBF_NoNode INTOKEN ShiftExpr_NoNode
+;
+
+EqualityExpr_NoNode:
+    RelationalExpr_NoNode
+  | EqualityExpr_NoNode EQEQ RelationalExpr_NoNode
+  | EqualityExpr_NoNode NE RelationalExpr_NoNode
+  | EqualityExpr_NoNode STREQ RelationalExpr_NoNode
+  | EqualityExpr_NoNode STRNEQ RelationalExpr_NoNode
+;
+
+EqualityExprNoIn_NoNode:
+    RelationalExprNoIn_NoNode
+  | EqualityExprNoIn_NoNode EQEQ RelationalExprNoIn_NoNode
+  | EqualityExprNoIn_NoNode NE RelationalExprNoIn_NoNode
+  | EqualityExprNoIn_NoNode STREQ RelationalExprNoIn_NoNode
+  | EqualityExprNoIn_NoNode STRNEQ RelationalExprNoIn_NoNode
+;
+
+EqualityExprNoBF_NoNode:
+    RelationalExprNoBF_NoNode
+  | EqualityExprNoBF_NoNode EQEQ RelationalExpr_NoNode
+  | EqualityExprNoBF_NoNode NE RelationalExpr_NoNode
+  | EqualityExprNoBF_NoNode STREQ RelationalExpr_NoNode
+  | EqualityExprNoBF_NoNode STRNEQ RelationalExpr_NoNode
+;
+
+BitwiseANDExpr_NoNode:
+    EqualityExpr_NoNode
+  | BitwiseANDExpr_NoNode '&' EqualityExpr_NoNode
+;
+
+BitwiseANDExprNoIn_NoNode:
+    EqualityExprNoIn_NoNode
+  | BitwiseANDExprNoIn_NoNode '&' EqualityExprNoIn_NoNode
+;
+
+BitwiseANDExprNoBF_NoNode:
+    EqualityExprNoBF_NoNode
+  | BitwiseANDExprNoBF_NoNode '&' EqualityExpr_NoNode
+;
+
+BitwiseXORExpr_NoNode:
+    BitwiseANDExpr_NoNode
+  | BitwiseXORExpr_NoNode '^' BitwiseANDExpr_NoNode
+;
+
+BitwiseXORExprNoIn_NoNode:
+    BitwiseANDExprNoIn_NoNode
+  | BitwiseXORExprNoIn_NoNode '^' BitwiseANDExprNoIn_NoNode
+;
+
+BitwiseXORExprNoBF_NoNode:
+    BitwiseANDExprNoBF_NoNode
+  | BitwiseXORExprNoBF_NoNode '^' BitwiseANDExpr_NoNode
+;
+
+BitwiseORExpr_NoNode:
+    BitwiseXORExpr_NoNode
+  | BitwiseORExpr_NoNode '|' BitwiseXORExpr_NoNode
+;
+
+BitwiseORExprNoIn_NoNode:
+    BitwiseXORExprNoIn_NoNode
+  | BitwiseORExprNoIn_NoNode '|' BitwiseXORExprNoIn_NoNode
+;
+
+BitwiseORExprNoBF_NoNode:
+    BitwiseXORExprNoBF_NoNode
+  | BitwiseORExprNoBF_NoNode '|' BitwiseXORExpr_NoNode
+;
+
+LogicalANDExpr_NoNode:
+    BitwiseORExpr_NoNode
+  | LogicalANDExpr_NoNode AND BitwiseORExpr_NoNode
+;
+
+LogicalANDExprNoIn_NoNode:
+    BitwiseORExprNoIn_NoNode
+  | LogicalANDExprNoIn_NoNode AND BitwiseORExprNoIn_NoNode
+;
+
+LogicalANDExprNoBF_NoNode:
+    BitwiseORExprNoBF_NoNode
+  | LogicalANDExprNoBF_NoNode AND BitwiseORExpr_NoNode
+;
+
+LogicalORExpr_NoNode:
+    LogicalANDExpr_NoNode
+  | LogicalORExpr_NoNode OR LogicalANDExpr_NoNode
+;
+
+LogicalORExprNoIn_NoNode:
+    LogicalANDExprNoIn_NoNode
+  | LogicalORExprNoIn_NoNode OR LogicalANDExprNoIn_NoNode
+;
+
+LogicalORExprNoBF_NoNode:
+    LogicalANDExprNoBF_NoNode
+  | LogicalORExprNoBF_NoNode OR LogicalANDExpr_NoNode
+;
+
+ConditionalExpr_NoNode:
+    LogicalORExpr_NoNode
+  | LogicalORExpr_NoNode '?' AssignmentExpr_NoNode ':' AssignmentExpr_NoNode
+;
+
+ConditionalExprNoIn_NoNode:
+    LogicalORExprNoIn_NoNode
+  | LogicalORExprNoIn_NoNode '?' AssignmentExprNoIn_NoNode ':' AssignmentExprNoIn_NoNode
+;
+
+ConditionalExprNoBF_NoNode:
+    LogicalORExprNoBF_NoNode
+  | LogicalORExprNoBF_NoNode '?' AssignmentExpr_NoNode ':' AssignmentExpr_NoNode
+;
+
+AssignmentExpr_NoNode:
+    ConditionalExpr_NoNode
+  | LeftHandSideExpr_NoNode AssignmentOperator_NoNode AssignmentExpr_NoNode
+;
+
+AssignmentExprNoIn_NoNode:
+    ConditionalExprNoIn_NoNode
+  | LeftHandSideExpr_NoNode AssignmentOperator_NoNode AssignmentExprNoIn_NoNode
+;
+
+AssignmentExprNoBF_NoNode:
+    ConditionalExprNoBF_NoNode
+  | LeftHandSideExprNoBF_NoNode AssignmentOperator_NoNode AssignmentExpr_NoNode
+;
+
+AssignmentOperator_NoNode:
+    '='
+  | PLUSEQUAL
+  | MINUSEQUAL
+  | MULTEQUAL
+  | DIVEQUAL
+  | LSHIFTEQUAL
+  | RSHIFTEQUAL
+  | URSHIFTEQUAL
+  | ANDEQUAL
+  | XOREQUAL
+  | OREQUAL
+  | MODEQUAL
+;
+
+Expr_NoNode:
+    AssignmentExpr_NoNode
+  | Expr_NoNode ',' AssignmentExpr_NoNode
+;
+
+ExprNoIn_NoNode:
+    AssignmentExprNoIn_NoNode
+  | ExprNoIn_NoNode ',' AssignmentExprNoIn_NoNode
+;
+
+ExprNoBF_NoNode:
+    AssignmentExprNoBF_NoNode
+  | ExprNoBF_NoNode ',' AssignmentExpr_NoNode
+;
+
+Statement_NoNode:
+    Block_NoNode
+  | VariableStatement_NoNode
+  | ConstStatement_NoNode
+  | FunctionDeclaration_NoNode
+  | EmptyStatement_NoNode
+  | ExprStatement_NoNode
+  | IfStatement_NoNode
+  | IterationStatement_NoNode
+  | ContinueStatement_NoNode
+  | BreakStatement_NoNode
+  | ReturnStatement_NoNode
+  | WithStatement_NoNode
+  | SwitchStatement_NoNode
+  | LabelledStatement_NoNode
+  | ThrowStatement_NoNode
+  | TryStatement_NoNode
+  | DebuggerStatement_NoNode
+;
+
+Block_NoNode:
+    OPENBRACE CLOSEBRACE { }
+  | OPENBRACE SourceElements_NoNode CLOSEBRACE { }
+;
+
+VariableStatement_NoNode:
+    VAR VariableDeclarationList_NoNode ';'
+  | VAR VariableDeclarationList_NoNode error { AUTO_SEMICOLON; }
+;
+
+VariableDeclarationList_NoNode:
+    IDENT { }
+  | IDENT Initializer_NoNode { }
+  | VariableDeclarationList_NoNode ',' IDENT
+  | VariableDeclarationList_NoNode ',' IDENT Initializer_NoNode
+;
+
+VariableDeclarationListNoIn_NoNode:
+    IDENT { }
+  | IDENT InitializerNoIn_NoNode { }
+  | VariableDeclarationListNoIn_NoNode ',' IDENT
+  | VariableDeclarationListNoIn_NoNode ',' IDENT InitializerNoIn_NoNode
+;
+
+ConstStatement_NoNode:
+    CONSTTOKEN ConstDeclarationList_NoNode ';'
+  | CONSTTOKEN ConstDeclarationList_NoNode error { AUTO_SEMICOLON; }
+;
+
+ConstDeclarationList_NoNode:
+    ConstDeclaration_NoNode
+  | ConstDeclarationList_NoNode ',' ConstDeclaration_NoNode
+;
+
+ConstDeclaration_NoNode:
+    IDENT { }
+  | IDENT Initializer_NoNode { }
+;
+
+Initializer_NoNode:
+    '=' AssignmentExpr_NoNode
+;
+
+InitializerNoIn_NoNode:
+    '=' AssignmentExprNoIn_NoNode
+;
+
+EmptyStatement_NoNode:
+    ';'
+;
+
+ExprStatement_NoNode:
+    ExprNoBF_NoNode ';'
+  | ExprNoBF_NoNode error { AUTO_SEMICOLON; }
+;
+
+IfStatement_NoNode:
+    IF '(' Expr_NoNode ')' Statement_NoNode %prec IF_WITHOUT_ELSE
+  | IF '(' Expr_NoNode ')' Statement_NoNode ELSE Statement_NoNode
+;
+
+IterationStatement_NoNode:
+    DO Statement_NoNode WHILE '(' Expr_NoNode ')' ';'
+  | DO Statement_NoNode WHILE '(' Expr_NoNode ')' error // Always performs automatic semicolon insertion
+  | WHILE '(' Expr_NoNode ')' Statement_NoNode
+  | FOR '(' ExprNoInOpt_NoNode ';' ExprOpt_NoNode ';' ExprOpt_NoNode ')' Statement_NoNode
+  | FOR '(' VAR VariableDeclarationListNoIn_NoNode ';' ExprOpt_NoNode ';' ExprOpt_NoNode ')' Statement_NoNode
+  | FOR '(' LeftHandSideExpr_NoNode INTOKEN Expr_NoNode ')' Statement_NoNode
+  | FOR '(' VAR IDENT INTOKEN Expr_NoNode ')' Statement_NoNode
+  | FOR '(' VAR IDENT InitializerNoIn_NoNode INTOKEN Expr_NoNode ')' Statement_NoNode
+;
+
+ExprOpt_NoNode:
+    /* nothing */
+  | Expr_NoNode
+;
+
+ExprNoInOpt_NoNode:
+    /* nothing */
+  | ExprNoIn_NoNode
+;
+
+ContinueStatement_NoNode:
+    CONTINUE ';'
+  | CONTINUE error { AUTO_SEMICOLON; }
+  | CONTINUE IDENT ';'
+  | CONTINUE IDENT error { AUTO_SEMICOLON; }
+;
+
+BreakStatement_NoNode:
+    BREAK ';'
+  | BREAK error { AUTO_SEMICOLON; }
+  | BREAK IDENT ';'
+  | BREAK IDENT error { AUTO_SEMICOLON; }
+;
+
+ReturnStatement_NoNode:
+    RETURN ';'
+  | RETURN error { AUTO_SEMICOLON; }
+  | RETURN Expr_NoNode ';'
+  | RETURN Expr_NoNode error { AUTO_SEMICOLON; }
+;
+
+WithStatement_NoNode:
+    WITH '(' Expr_NoNode ')' Statement_NoNode
+;
+
+SwitchStatement_NoNode:
+    SWITCH '(' Expr_NoNode ')' CaseBlock_NoNode
+;
+
+CaseBlock_NoNode:
+    OPENBRACE CaseClausesOpt_NoNode CLOSEBRACE { }
+  | OPENBRACE CaseClausesOpt_NoNode DefaultClause_NoNode CaseClausesOpt_NoNode CLOSEBRACE { }
+;
+
+CaseClausesOpt_NoNode:
+    /* nothing */
+  | CaseClauses_NoNode
+;
+
+CaseClauses_NoNode:
+    CaseClause_NoNode
+  | CaseClauses_NoNode CaseClause_NoNode
+;
+
+CaseClause_NoNode:
+    CASE Expr_NoNode ':'
+  | CASE Expr_NoNode ':' SourceElements_NoNode
+;
+
+DefaultClause_NoNode:
+    DEFAULT ':'
+  | DEFAULT ':' SourceElements_NoNode
+;
+
+LabelledStatement_NoNode:
+    IDENT ':' Statement_NoNode { }
+;
+
+ThrowStatement_NoNode:
+    THROW Expr_NoNode ';'
+  | THROW Expr_NoNode error { AUTO_SEMICOLON; }
+;
+
+TryStatement_NoNode:
+    TRY Block_NoNode FINALLY Block_NoNode
+  | TRY Block_NoNode CATCH '(' IDENT ')' Block_NoNode
+  | TRY Block_NoNode CATCH '(' IDENT ')' Block_NoNode FINALLY Block_NoNode
+;
+
+DebuggerStatement_NoNode:
+    DEBUGGER ';'
+  | DEBUGGER error { AUTO_SEMICOLON; }
+;
+
+FunctionDeclaration_NoNode:
+    FUNCTION IDENT '(' ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+  | FUNCTION IDENT '(' FormalParameterList_NoNode ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+;
+
+FunctionExpr_NoNode:
+    FUNCTION '(' ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+  | FUNCTION '(' FormalParameterList_NoNode ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+  | FUNCTION IDENT '(' ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+  | FUNCTION IDENT '(' FormalParameterList_NoNode ')' OPENBRACE FunctionBody_NoNode CLOSEBRACE
+;
+
+FormalParameterList_NoNode:
+    IDENT { }
+  | FormalParameterList_NoNode ',' IDENT
+;
+
+FunctionBody_NoNode:
+    /* not in spec */
+  | SourceElements_NoNode
+;
+
+SourceElements_NoNode:
+    Statement_NoNode
+  | SourceElements_NoNode Statement_NoNode
+;
+
+// End NoNodes
+
+%%
+
+#undef GLOBAL_DATA
+
+static ExpressionNode* makeAssignNode(JSGlobalData* globalData, ExpressionNode* loc, Operator op, ExpressionNode* expr, bool locHasAssignments, bool exprHasAssignments, int start, int divot, int end)
+{
+    if (!loc->isLocation())
+        return new (globalData) AssignErrorNode(globalData, loc, op, expr, divot, divot - start, end - divot);
+
+    if (loc->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(loc);
+        if (op == OpEqual) {
+            AssignResolveNode* node = new (globalData) AssignResolveNode(globalData, resolve->identifier(), expr, exprHasAssignments);
+            setExceptionLocation(node, start, divot, end);
+            return node;
+        } else
+            return new (globalData) ReadModifyResolveNode(globalData, resolve->identifier(), op, expr, exprHasAssignments, divot, divot - start, end - divot);
+    }
+    if (loc->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(loc);
+        if (op == OpEqual)
+            return new (globalData) AssignBracketNode(globalData, bracket->base(), bracket->subscript(), expr, locHasAssignments, exprHasAssignments, bracket->divot(), bracket->divot() - start, end - bracket->divot());
+        else {
+            ReadModifyBracketNode* node = new (globalData) ReadModifyBracketNode(globalData, bracket->base(), bracket->subscript(), op, expr, locHasAssignments, exprHasAssignments, divot, divot - start, end - divot);
+            node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+            return node;
+        }
+    }
+    ASSERT(loc->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(loc);
+    if (op == OpEqual)
+        return new (globalData) AssignDotNode(globalData, dot->base(), dot->identifier(), expr, exprHasAssignments, dot->divot(), dot->divot() - start, end - dot->divot());
+
+    ReadModifyDotNode* node = new (globalData) ReadModifyDotNode(globalData, dot->base(), dot->identifier(), op, expr, exprHasAssignments, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return node;
+}
+
+static ExpressionNode* makePrefixNode(JSGlobalData* globalData, ExpressionNode* expr, Operator op, int start, int divot, int end)
+{
+    if (!expr->isLocation())
+        return new (globalData) PrefixErrorNode(globalData, expr, op, divot, divot - start, end - divot);
+    
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) PrefixResolveNode(globalData, resolve->identifier(), op, divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        PrefixBracketNode* node = new (globalData) PrefixBracketNode(globalData, bracket->base(), bracket->subscript(), op, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->startOffset());
+        return node;
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    PrefixDotNode* node = new (globalData) PrefixDotNode(globalData, dot->base(), dot->identifier(), op, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->startOffset());
+    return node;
+}
+
+static ExpressionNode* makePostfixNode(JSGlobalData* globalData, ExpressionNode* expr, Operator op, int start, int divot, int end)
+{ 
+    if (!expr->isLocation())
+        return new (globalData) PostfixErrorNode(globalData, expr, op, divot, divot - start, end - divot);
+    
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) PostfixResolveNode(globalData, resolve->identifier(), op, divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        PostfixBracketNode* node = new (globalData) PostfixBracketNode(globalData, bracket->base(), bracket->subscript(), op, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+        return node;
+        
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    PostfixDotNode* node = new (globalData) PostfixDotNode(globalData, dot->base(), dot->identifier(), op, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return node;
+}
+
+static ExpressionNodeInfo makeFunctionCallNode(JSGlobalData* globalData, ExpressionNodeInfo func, ArgumentsNodeInfo args, int start, int divot, int end)
+{
+    CodeFeatures features = func.m_features | args.m_features;
+    int numConstants = func.m_numConstants + args.m_numConstants;
+    if (!func.m_node->isLocation())
+        return createNodeInfo<ExpressionNode*>(new (globalData) FunctionCallValueNode(globalData, func.m_node, args.m_node, divot, divot - start, end - divot), features, numConstants);
+    if (func.m_node->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(func.m_node);
+        const Identifier& identifier = resolve->identifier();
+        if (identifier == globalData->propertyNames->eval)
+            return createNodeInfo<ExpressionNode*>(new (globalData) EvalFunctionCallNode(globalData, args.m_node, divot, divot - start, end - divot), EvalFeature | features, numConstants);
+        return createNodeInfo<ExpressionNode*>(new (globalData) FunctionCallResolveNode(globalData, identifier, args.m_node, divot, divot - start, end - divot), features, numConstants);
+    }
+    if (func.m_node->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(func.m_node);
+        FunctionCallBracketNode* node = new (globalData) FunctionCallBracketNode(globalData, bracket->base(), bracket->subscript(), args.m_node, divot, divot - start, end - divot);
+        node->setSubexpressionInfo(bracket->divot(), bracket->endOffset());
+        return createNodeInfo<ExpressionNode*>(node, features, numConstants);
+    }
+    ASSERT(func.m_node->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(func.m_node);
+    FunctionCallDotNode* node;
+    if (dot->identifier() == globalData->propertyNames->call)
+        node = new (globalData) CallFunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    else if (dot->identifier() == globalData->propertyNames->apply)
+        node = new (globalData) ApplyFunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    else
+        node = new (globalData) FunctionCallDotNode(globalData, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    node->setSubexpressionInfo(dot->divot(), dot->endOffset());
+    return createNodeInfo<ExpressionNode*>(node, features, numConstants);
+}
+
+static ExpressionNode* makeTypeOfNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) TypeOfResolveNode(globalData, resolve->identifier());
+    }
+    return new (globalData) TypeOfValueNode(globalData, expr);
+}
+
+static ExpressionNode* makeDeleteNode(JSGlobalData* globalData, ExpressionNode* expr, int start, int divot, int end)
+{
+    if (!expr->isLocation())
+        return new (globalData) DeleteValueNode(globalData, expr);
+    if (expr->isResolveNode()) {
+        ResolveNode* resolve = static_cast<ResolveNode*>(expr);
+        return new (globalData) DeleteResolveNode(globalData, resolve->identifier(), divot, divot - start, end - divot);
+    }
+    if (expr->isBracketAccessorNode()) {
+        BracketAccessorNode* bracket = static_cast<BracketAccessorNode*>(expr);
+        return new (globalData) DeleteBracketNode(globalData, bracket->base(), bracket->subscript(), divot, divot - start, end - divot);
+    }
+    ASSERT(expr->isDotAccessorNode());
+    DotAccessorNode* dot = static_cast<DotAccessorNode*>(expr);
+    return new (globalData) DeleteDotNode(globalData, dot->base(), dot->identifier(), divot, divot - start, end - divot);
+}
+
+static PropertyNode* makeGetterOrSetterPropertyNode(JSGlobalData* globalData, const Identifier& getOrSet, const Identifier& name, ParameterNode* params, FunctionBodyNode* body, const SourceCode& source)
+{
+    PropertyNode::Type type;
+    if (getOrSet == "get")
+        type = PropertyNode::Getter;
+    else if (getOrSet == "set")
+        type = PropertyNode::Setter;
+    else
+        return 0;
+    return new (globalData) PropertyNode(globalData, name, new (globalData) FuncExprNode(globalData, globalData->propertyNames->nullIdentifier, body, source, params), type);
+}
+
+static ExpressionNode* makeNegateNode(JSGlobalData* globalData, ExpressionNode* n)
+{
+    if (n->isNumber()) {
+        NumberNode* number = static_cast<NumberNode*>(n);
+
+        if (number->value() > 0.0) {
+            number->setValue(-number->value());
+            return number;
+        }
+    }
+
+    return new (globalData) NegateNode(globalData, n);
+}
+
+static NumberNode* makeNumberNode(JSGlobalData* globalData, double d)
+{
+    return new (globalData) NumberNode(globalData, d);
+}
+
+static ExpressionNode* makeBitwiseNotNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (expr->isNumber())
+        return makeNumberNode(globalData, ~toInt32(static_cast<NumberNode*>(expr)->value()));
+    return new (globalData) BitwiseNotNode(globalData, expr);
+}
+
+static ExpressionNode* makeMultNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() * static_cast<NumberNode*>(expr2)->value());
+
+    if (expr1->isNumber() && static_cast<NumberNode*>(expr1)->value() == 1)
+        return new (globalData) UnaryPlusNode(globalData, expr2);
+
+    if (expr2->isNumber() && static_cast<NumberNode*>(expr2)->value() == 1)
+        return new (globalData) UnaryPlusNode(globalData, expr1);
+
+    return new (globalData) MultNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeDivNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() / static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) DivNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeAddNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() + static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) AddNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeSubNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    expr1 = expr1->stripUnaryPlus();
+    expr2 = expr2->stripUnaryPlus();
+
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, static_cast<NumberNode*>(expr1)->value() - static_cast<NumberNode*>(expr2)->value());
+    return new (globalData) SubNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeLeftShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, toInt32(static_cast<NumberNode*>(expr1)->value()) << (toUInt32(static_cast<NumberNode*>(expr2)->value()) & 0x1f));
+    return new (globalData) LeftShiftNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+static ExpressionNode* makeRightShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+{
+    if (expr1->isNumber() && expr2->isNumber())
+        return makeNumberNode(globalData, toInt32(static_cast<NumberNode*>(expr1)->value()) >> (toUInt32(static_cast<NumberNode*>(expr2)->value()) & 0x1f));
+    return new (globalData) RightShiftNode(globalData, expr1, expr2, rightHasAssignments);
+}
+
+// Called by yyparse on error.
+int yyerror(const char*)
+{
+    return 1;
+}
+
+// May we automatically insert a semicolon?
+static bool allowAutomaticSemicolon(Lexer& lexer, int yychar)
+{
+    return yychar == CLOSEBRACE || yychar == 0 || lexer.prevTerminator();
+}
+
+static ExpressionNode* combineCommaNodes(JSGlobalData* globalData, ExpressionNode* list, ExpressionNode* init)
+{
+    if (!list)
+        return init;
+    if (list->isCommaNode()) {
+        static_cast<CommaNode*>(list)->append(init);
+        return list;
+    }
+    return new (globalData) CommaNode(globalData, list, init);
+}
+
+// We turn variable declarations into either assignments or empty
+// statements (which later get stripped out), because the actual
+// declaration work is hoisted up to the start of the function body
+static StatementNode* makeVarStatementNode(JSGlobalData* globalData, ExpressionNode* expr)
+{
+    if (!expr)
+        return new (globalData) EmptyStatementNode(globalData);
+    return new (globalData) VarStatementNode(globalData, expr);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Keywords.table b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Keywords.table
new file mode 100644
index 000000000..490c1cce0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Keywords.table
@@ -0,0 +1,72 @@
+# main keywords
+@begin mainTable 41
+
+# types
+null		NULLTOKEN
+true		TRUETOKEN
+false		FALSETOKEN
+
+# keywords
+break		BREAK
+case		CASE
+catch		CATCH
+const		CONSTTOKEN
+default		DEFAULT
+finally		FINALLY
+for		FOR
+instanceof	INSTANCEOF
+new		NEW
+var		VAR
+continue	CONTINUE
+function	FUNCTION
+return		RETURN
+void		VOIDTOKEN
+delete		DELETETOKEN
+if		IF
+this		THISTOKEN
+do		DO
+while		WHILE
+else		ELSE
+in		INTOKEN
+switch		SWITCH
+throw		THROW
+try		TRY
+typeof		TYPEOF
+with		WITH
+debugger	DEBUGGER
+
+# reserved for future use
+class           RESERVED
+enum            RESERVED
+export          RESERVED
+extends         RESERVED
+import          RESERVED
+super           RESERVED
+
+# these words are reserved for future use in the ECMA spec, but not in WinIE
+# (see http://bugs.webkit.org/show_bug.cgi?id=6179)
+# abstract      RESERVED
+# boolean       RESERVED
+# byte          RESERVED
+# char          RESERVED
+# double        RESERVED
+# final         RESERVED
+# float         RESERVED
+# goto          RESERVED
+# implements    RESERVED
+# int           RESERVED
+# interface     RESERVED
+# long          RESERVED
+# native        RESERVED
+# package       RESERVED
+# private       RESERVED
+# protected     RESERVED
+# public        RESERVED
+# short         RESERVED
+# static        RESERVED
+# synchronized  RESERVED
+# throws        RESERVED
+# transient     RESERVED
+# volatile      RESERVED
+@end
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.cpp
new file mode 100644
index 000000000..a85ed3d36
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.cpp
@@ -0,0 +1,1055 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All Rights Reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Lexer.h"
+
+#include "JSFunction.h"
+#include "JSGlobalObjectFunctions.h"
+#include "NodeInfo.h"
+#include "Nodes.h"
+#include "dtoa.h"
+#include <ctype.h>
+#include <limits.h>
+#include <string.h>
+#include <wtf/Assertions.h>
+
+using namespace WTF;
+using namespace Unicode;
+
+// We can't specify the namespace in yacc's C output, so do it here instead.
+using namespace JSC;
+
+#ifndef KDE_USE_FINAL
+#include "Grammar.h"
+#endif
+
+#include "Lookup.h"
+#include "Lexer.lut.h"
+
+// A bridge for yacc from the C world to the C++ world.
+int jscyylex(void* lvalp, void* llocp, void* globalData)
+{
+    return static_cast<JSGlobalData*>(globalData)->lexer->lex(lvalp, llocp);
+}
+
+namespace JSC {
+
+static const UChar byteOrderMark = 0xFEFF;
+
+Lexer::Lexer(JSGlobalData* globalData)
+    : m_isReparsing(false)
+    , m_globalData(globalData)
+    , m_keywordTable(JSC::mainTable)
+{
+    m_buffer8.reserveInitialCapacity(initialReadBufferCapacity);
+    m_buffer16.reserveInitialCapacity(initialReadBufferCapacity);
+}
+
+Lexer::~Lexer()
+{
+    m_keywordTable.deleteTable();
+}
+
+inline const UChar* Lexer::currentCharacter() const
+{
+    return m_code - 4;
+}
+
+inline int Lexer::currentOffset() const
+{
+    return currentCharacter() - m_codeStart;
+}
+
+ALWAYS_INLINE void Lexer::shift1()
+{
+    m_current = m_next1;
+    m_next1 = m_next2;
+    m_next2 = m_next3;
+    if (LIKELY(m_code < m_codeEnd))
+        m_next3 = m_code[0];
+    else
+        m_next3 = -1;
+
+    ++m_code;
+}
+
+ALWAYS_INLINE void Lexer::shift2()
+{
+    m_current = m_next2;
+    m_next1 = m_next3;
+    if (LIKELY(m_code + 1 < m_codeEnd)) {
+        m_next2 = m_code[0];
+        m_next3 = m_code[1];
+    } else {
+        m_next2 = m_code < m_codeEnd ? m_code[0] : -1;
+        m_next3 = -1;
+    }
+
+    m_code += 2;
+}
+
+ALWAYS_INLINE void Lexer::shift3()
+{
+    m_current = m_next3;
+    if (LIKELY(m_code + 2 < m_codeEnd)) {
+        m_next1 = m_code[0];
+        m_next2 = m_code[1];
+        m_next3 = m_code[2];
+    } else {
+        m_next1 = m_code < m_codeEnd ? m_code[0] : -1;
+        m_next2 = m_code + 1 < m_codeEnd ? m_code[1] : -1;
+        m_next3 = -1;
+    }
+
+    m_code += 3;
+}
+
+ALWAYS_INLINE void Lexer::shift4()
+{
+    if (LIKELY(m_code + 3 < m_codeEnd)) {
+        m_current = m_code[0];
+        m_next1 = m_code[1];
+        m_next2 = m_code[2];
+        m_next3 = m_code[3];
+    } else {
+        m_current = m_code < m_codeEnd ? m_code[0] : -1;
+        m_next1 = m_code + 1 < m_codeEnd ? m_code[1] : -1;
+        m_next2 = m_code + 2 < m_codeEnd ? m_code[2] : -1;
+        m_next3 = -1;
+    }
+
+    m_code += 4;
+}
+
+void Lexer::setCode(const SourceCode& source, ParserArena& arena)
+{
+    m_arena = &arena.identifierArena();
+
+    m_lineNumber = source.firstLine();
+    m_delimited = false;
+    m_lastToken = -1;
+
+    const UChar* data = source.provider()->data();
+
+    m_source = &source;
+    m_codeStart = data;
+    m_code = data + source.startOffset();
+    m_codeEnd = data + source.endOffset();
+    m_error = false;
+    m_atLineStart = true;
+
+    // ECMA-262 calls for stripping all Cf characters, but we only strip BOM characters.
+    // See <https://bugs.webkit.org/show_bug.cgi?id=4931> for details.
+    if (source.provider()->hasBOMs()) {
+        for (const UChar* p = m_codeStart; p < m_codeEnd; ++p) {
+            if (UNLIKELY(*p == byteOrderMark)) {
+                copyCodeWithoutBOMs();
+                break;
+            }
+        }
+    }
+
+    // Read the first characters into the 4-character buffer.
+    shift4();
+    ASSERT(currentOffset() == source.startOffset());
+}
+
+void Lexer::copyCodeWithoutBOMs()
+{
+    // Note: In this case, the character offset data for debugging will be incorrect.
+    // If it's important to correctly debug code with extraneous BOMs, then the caller
+    // should strip the BOMs when creating the SourceProvider object and do its own
+    // mapping of offsets within the stripped text to original text offset.
+
+    m_codeWithoutBOMs.reserveCapacity(m_codeEnd - m_code);
+    for (const UChar* p = m_code; p < m_codeEnd; ++p) {
+        UChar c = *p;
+        if (c != byteOrderMark)
+            m_codeWithoutBOMs.append(c);
+    }
+    ptrdiff_t startDelta = m_codeStart - m_code;
+    m_code = m_codeWithoutBOMs.data();
+    m_codeStart = m_code + startDelta;
+    m_codeEnd = m_codeWithoutBOMs.data() + m_codeWithoutBOMs.size();
+}
+
+void Lexer::shiftLineTerminator()
+{
+    ASSERT(isLineTerminator(m_current));
+
+    // Allow both CRLF and LFCR.
+    if (m_current + m_next1 == '\n' + '\r')
+        shift2();
+    else
+        shift1();
+
+    ++m_lineNumber;
+}
+
+ALWAYS_INLINE const Identifier* Lexer::makeIdentifier(const UChar* characters, size_t length)
+{
+    return &m_arena->makeIdentifier(m_globalData, characters, length);
+}
+
+inline bool Lexer::lastTokenWasRestrKeyword() const
+{
+    return m_lastToken == CONTINUE || m_lastToken == BREAK || m_lastToken == RETURN || m_lastToken == THROW;
+}
+
+static NEVER_INLINE bool isNonASCIIIdentStart(int c)
+{
+    return category(c) & (Letter_Uppercase | Letter_Lowercase | Letter_Titlecase | Letter_Modifier | Letter_Other);
+}
+
+static inline bool isIdentStart(int c)
+{
+    return isASCII(c) ? isASCIIAlpha(c) || c == '$' || c == '_' : isNonASCIIIdentStart(c);
+}
+
+static NEVER_INLINE bool isNonASCIIIdentPart(int c)
+{
+    return category(c) & (Letter_Uppercase | Letter_Lowercase | Letter_Titlecase | Letter_Modifier | Letter_Other
+        | Mark_NonSpacing | Mark_SpacingCombining | Number_DecimalDigit | Punctuation_Connector);
+}
+
+static inline bool isIdentPart(int c)
+{
+    return isASCII(c) ? isASCIIAlphanumeric(c) || c == '$' || c == '_' : isNonASCIIIdentPart(c);
+}
+
+static inline int singleEscape(int c)
+{
+    switch (c) {
+        case 'b':
+            return 0x08;
+        case 't':
+            return 0x09;
+        case 'n':
+            return 0x0A;
+        case 'v':
+            return 0x0B;
+        case 'f':
+            return 0x0C;
+        case 'r':
+            return 0x0D;
+        default:
+            return c;
+    }
+}
+
+inline void Lexer::record8(int c)
+{
+    ASSERT(c >= 0);
+    ASSERT(c <= 0xFF);
+    m_buffer8.append(static_cast<char>(c));
+}
+
+inline void Lexer::record16(UChar c)
+{
+    m_buffer16.append(c);
+}
+
+inline void Lexer::record16(int c)
+{
+    ASSERT(c >= 0);
+    ASSERT(c <= USHRT_MAX);
+    record16(UChar(static_cast<unsigned short>(c)));
+}
+
+int Lexer::lex(void* p1, void* p2)
+{
+    ASSERT(!m_error);
+    ASSERT(m_buffer8.isEmpty());
+    ASSERT(m_buffer16.isEmpty());
+
+    YYSTYPE* lvalp = static_cast<YYSTYPE*>(p1);
+    YYLTYPE* llocp = static_cast<YYLTYPE*>(p2);
+    int token = 0;
+    m_terminator = false;
+
+start:
+    while (isWhiteSpace(m_current))
+        shift1();
+
+    int startOffset = currentOffset();
+
+    if (m_current == -1) {
+#ifndef QT_BUILD_SCRIPT_LIB /* the parser takes cate about automatic semicolon.
+                              this might add incorrect semicolons */
+        //m_delimited and m_isReparsing are now useless
+        if (!m_terminator && !m_delimited && !m_isReparsing) {
+            // automatic semicolon insertion if program incomplete
+            token = ';';
+            goto doneSemicolon;
+        }
+#endif
+        return 0;
+    }
+
+    m_delimited = false;
+    switch (m_current) {
+        case '>':
+            if (m_next1 == '>' && m_next2 == '>') {
+                if (m_next3 == '=') {
+                    shift4();
+                    token = URSHIFTEQUAL;
+                    break;
+                }
+                shift3();
+                token = URSHIFT;
+                break;
+            }
+            if (m_next1 == '>') {
+                if (m_next2 == '=') {
+                    shift3();
+                    token = RSHIFTEQUAL;
+                    break;
+                }
+                shift2();
+                token = RSHIFT;
+                break;
+            }
+            if (m_next1 == '=') {
+                shift2();
+                token = GE;
+                break;
+            }
+            shift1();
+            token = '>';
+            break;
+        case '=':
+            if (m_next1 == '=') {
+                if (m_next2 == '=') {
+                    shift3();
+                    token = STREQ;
+                    break;
+                }
+                shift2();
+                token = EQEQ;
+                break;
+            }
+            shift1();
+            token = '=';
+            break;
+        case '!':
+            if (m_next1 == '=') {
+                if (m_next2 == '=') {
+                    shift3();
+                    token = STRNEQ;
+                    break;
+                }
+                shift2();
+                token = NE;
+                break;
+            }
+            shift1();
+            token = '!';
+            break;
+        case '<':
+            if (m_next1 == '!' && m_next2 == '-' && m_next3 == '-') {
+                // <!-- marks the beginning of a line comment (for www usage)
+                shift4();
+                goto inSingleLineComment;
+            }
+            if (m_next1 == '<') {
+                if (m_next2 == '=') {
+                    shift3();
+                    token = LSHIFTEQUAL;
+                    break;
+                }
+                shift2();
+                token = LSHIFT;
+                break;
+            }
+            if (m_next1 == '=') {
+                shift2();
+                token = LE;
+                break;
+            }
+            shift1();
+            token = '<';
+            break;
+        case '+':
+            if (m_next1 == '+') {
+                shift2();
+                if (m_terminator) {
+                    token = AUTOPLUSPLUS;
+                    break;
+                }
+                token = PLUSPLUS;
+                break;
+            }
+            if (m_next1 == '=') {
+                shift2();
+                token = PLUSEQUAL;
+                break;
+            }
+            shift1();
+            token = '+';
+            break;
+        case '-':
+            if (m_next1 == '-') {
+                if (m_atLineStart && m_next2 == '>') {
+                    shift3();
+                    goto inSingleLineComment;
+                }
+                shift2();
+                if (m_terminator) {
+                    token = AUTOMINUSMINUS;
+                    break;
+                }
+                token = MINUSMINUS;
+                break;
+            }
+            if (m_next1 == '=') {
+                shift2();
+                token = MINUSEQUAL;
+                break;
+            }
+            shift1();
+            token = '-';
+            break;
+        case '*':
+            if (m_next1 == '=') {
+                shift2();
+                token = MULTEQUAL;
+                break;
+            }
+            shift1();
+            token = '*';
+            break;
+        case '/':
+            if (m_next1 == '/') {
+                shift2();
+                goto inSingleLineComment;
+            }
+            if (m_next1 == '*')
+                goto inMultiLineComment;
+            if (m_next1 == '=') {
+                shift2();
+                token = DIVEQUAL;
+                break;
+            }
+            shift1();
+            token = '/';
+            break;
+        case '&':
+            if (m_next1 == '&') {
+                shift2();
+                token = AND;
+                break;
+            }
+            if (m_next1 == '=') {
+                shift2();
+                token = ANDEQUAL;
+                break;
+            }
+            shift1();
+            token = '&';
+            break;
+        case '^':
+            if (m_next1 == '=') {
+                shift2();
+                token = XOREQUAL;
+                break;
+            }
+            shift1();
+            token = '^';
+            break;
+        case '%':
+            if (m_next1 == '=') {
+                shift2();
+                token = MODEQUAL;
+                break;
+            }
+            shift1();
+            token = '%';
+            break;
+        case '|':
+            if (m_next1 == '=') {
+                shift2();
+                token = OREQUAL;
+                break;
+            }
+            if (m_next1 == '|') {
+                shift2();
+                token = OR;
+                break;
+            }
+            shift1();
+            token = '|';
+            break;
+        case '.':
+            if (isASCIIDigit(m_next1)) {
+                record8('.');
+                shift1();
+                goto inNumberAfterDecimalPoint;
+            }
+            token = '.';
+            shift1();
+            break;
+        case ',':
+        case '~':
+        case '?':
+        case ':':
+        case '(':
+        case ')':
+        case '[':
+        case ']':
+            token = m_current;
+            shift1();
+            break;
+        case ';':
+            shift1();
+            m_delimited = true;
+            token = ';';
+            break;
+        case '{':
+            lvalp->intValue = currentOffset();
+            shift1();
+            token = OPENBRACE;
+            break;
+        case '}':
+            lvalp->intValue = currentOffset();
+            shift1();
+            m_delimited = true;
+            token = CLOSEBRACE;
+            break;
+        case '\\':
+            goto startIdentifierWithBackslash;
+        case '0':
+            goto startNumberWithZeroDigit;
+        case '1':
+        case '2':
+        case '3':
+        case '4':
+        case '5':
+        case '6':
+        case '7':
+        case '8':
+        case '9':
+            goto startNumber;
+        case '"':
+        case '\'':
+            goto startString;
+        default:
+            if (isIdentStart(m_current))
+                goto startIdentifierOrKeyword;
+            if (isLineTerminator(m_current)) {
+                shiftLineTerminator();
+                m_atLineStart = true;
+                m_terminator = true;
+                if (lastTokenWasRestrKeyword()) {
+                    token = ';';
+                    goto doneSemicolon;
+                }
+                goto start;
+            }
+            goto returnError;
+    }
+
+    m_atLineStart = false;
+    goto returnToken;
+
+startString: {
+    int stringQuoteCharacter = m_current;
+    shift1();
+
+    const UChar* stringStart = currentCharacter();
+    while (m_current != stringQuoteCharacter) {
+        // Fast check for characters that require special handling.
+        // Catches -1, \n, \r, \, 0x2028, and 0x2029 as efficiently
+        // as possible, and lets through all common ASCII characters.
+        if (UNLIKELY(m_current == '\\') || UNLIKELY(((static_cast<unsigned>(m_current) - 0xE) & 0x2000))) {
+            m_buffer16.append(stringStart, currentCharacter() - stringStart);
+            goto inString;
+        }
+        shift1();
+    }
+    lvalp->ident = makeIdentifier(stringStart, currentCharacter() - stringStart);
+    shift1();
+    m_atLineStart = false;
+    m_delimited = false;
+    token = STRING;
+    goto returnToken;
+
+inString:
+    while (m_current != stringQuoteCharacter) {
+        if (m_current == '\\')
+            goto inStringEscapeSequence;
+        if (UNLIKELY(isLineTerminator(m_current)))
+            goto returnError;
+        if (UNLIKELY(m_current == -1))
+            goto returnError;
+        record16(m_current);
+        shift1();
+    }
+    goto doneString;
+
+inStringEscapeSequence:
+    shift1();
+    if (m_current == 'x') {
+        shift1();
+        if (isASCIIHexDigit(m_current) && isASCIIHexDigit(m_next1)) {
+            record16(convertHex(m_current, m_next1));
+            shift2();
+            goto inString;
+        }
+        record16('x');
+        if (m_current == stringQuoteCharacter)
+            goto doneString;
+        goto inString;
+    }
+    if (m_current == 'u') {
+        shift1();
+        if (isASCIIHexDigit(m_current) && isASCIIHexDigit(m_next1) && isASCIIHexDigit(m_next2) && isASCIIHexDigit(m_next3)) {
+            record16(convertUnicode(m_current, m_next1, m_next2, m_next3));
+            shift4();
+            goto inString;
+        }
+        if (m_current == stringQuoteCharacter) {
+            record16('u');
+            goto doneString;
+        }
+        goto returnError;
+    }
+    if (isASCIIOctalDigit(m_current)) {
+        if (m_current >= '0' && m_current <= '3' && isASCIIOctalDigit(m_next1) && isASCIIOctalDigit(m_next2)) {
+            record16((m_current - '0') * 64 + (m_next1 - '0') * 8 + m_next2 - '0');
+            shift3();
+            goto inString;
+        }
+        if (isASCIIOctalDigit(m_next1)) {
+            record16((m_current - '0') * 8 + m_next1 - '0');
+            shift2();
+            goto inString;
+        }
+        record16(m_current - '0');
+        shift1();
+        goto inString;
+    }
+    if (isLineTerminator(m_current)) {
+        shiftLineTerminator();
+        goto inString;
+    }
+    record16(singleEscape(m_current));
+    shift1();
+    goto inString;
+}
+
+startIdentifierWithBackslash:
+    shift1();
+    if (UNLIKELY(m_current != 'u'))
+        goto returnError;
+    shift1();
+    if (UNLIKELY(!isASCIIHexDigit(m_current) || !isASCIIHexDigit(m_next1) || !isASCIIHexDigit(m_next2) || !isASCIIHexDigit(m_next3)))
+        goto returnError;
+    token = convertUnicode(m_current, m_next1, m_next2, m_next3);
+    if (UNLIKELY(!isIdentStart(token)))
+        goto returnError;
+    goto inIdentifierAfterCharacterCheck;
+
+startIdentifierOrKeyword: {
+    const UChar* identifierStart = currentCharacter();
+    shift1();
+    while (isIdentPart(m_current))
+        shift1();
+    if (LIKELY(m_current != '\\')) {
+        lvalp->ident = makeIdentifier(identifierStart, currentCharacter() - identifierStart);
+        goto doneIdentifierOrKeyword;
+    }
+    m_buffer16.append(identifierStart, currentCharacter() - identifierStart);
+}
+
+    do {
+        shift1();
+        if (UNLIKELY(m_current != 'u'))
+            goto returnError;
+        shift1();
+        if (UNLIKELY(!isASCIIHexDigit(m_current) || !isASCIIHexDigit(m_next1) || !isASCIIHexDigit(m_next2) || !isASCIIHexDigit(m_next3)))
+            goto returnError;
+        token = convertUnicode(m_current, m_next1, m_next2, m_next3);
+        if (UNLIKELY(!isIdentPart(token)))
+            goto returnError;
+inIdentifierAfterCharacterCheck:
+        record16(token);
+        shift4();
+
+        while (isIdentPart(m_current)) {
+            record16(m_current);
+            shift1();
+        }
+    } while (UNLIKELY(m_current == '\\'));
+    goto doneIdentifier;
+
+inSingleLineComment:
+    while (!isLineTerminator(m_current)) {
+        if (UNLIKELY(m_current == -1))
+            return 0;
+        shift1();
+    }
+    shiftLineTerminator();
+    m_atLineStart = true;
+    m_terminator = true;
+    if (lastTokenWasRestrKeyword())
+        goto doneSemicolon;
+    goto start;
+
+inMultiLineComment:
+    shift2();
+    while (m_current != '*' || m_next1 != '/') {
+        if (isLineTerminator(m_current))
+            shiftLineTerminator();
+        else {
+            shift1();
+            if (UNLIKELY(m_current == -1))
+                goto returnError;
+        }
+    }
+    shift2();
+    m_atLineStart = false;
+    goto start;
+
+startNumberWithZeroDigit:
+    shift1();
+    if ((m_current | 0x20) == 'x' && isASCIIHexDigit(m_next1)) {
+        shift1();
+        goto inHex;
+    }
+    if (m_current == '.') {
+        record8('0');
+        record8('.');
+        shift1();
+        goto inNumberAfterDecimalPoint;
+    }
+    if ((m_current | 0x20) == 'e') {
+        record8('0');
+        record8('e');
+        shift1();
+        goto inExponentIndicator;
+    }
+    if (isASCIIOctalDigit(m_current))
+        goto inOctal;
+    if (isASCIIDigit(m_current))
+        goto startNumber;
+    lvalp->doubleValue = 0;
+    goto doneNumeric;
+
+inNumberAfterDecimalPoint:
+    while (isASCIIDigit(m_current)) {
+        record8(m_current);
+        shift1();
+    }
+    if ((m_current | 0x20) == 'e') {
+        record8('e');
+        shift1();
+        goto inExponentIndicator;
+    }
+    goto doneNumber;
+
+inExponentIndicator:
+    if (m_current == '+' || m_current == '-') {
+        record8(m_current);
+        shift1();
+    }
+    if (!isASCIIDigit(m_current))
+        goto returnError;
+    do {
+        record8(m_current);
+        shift1();
+    } while (isASCIIDigit(m_current));
+    goto doneNumber;
+
+inOctal: {
+    do {
+        record8(m_current);
+        shift1();
+    } while (isASCIIOctalDigit(m_current));
+    if (isASCIIDigit(m_current))
+        goto startNumber;
+
+    double dval = 0;
+
+    const char* end = m_buffer8.end();
+    for (const char* p = m_buffer8.data(); p < end; ++p) {
+        dval *= 8;
+        dval += *p - '0';
+    }
+    if (dval >= mantissaOverflowLowerBound)
+        dval = parseIntOverflow(m_buffer8.data(), end - m_buffer8.data(), 8);
+
+    m_buffer8.resize(0);
+
+    lvalp->doubleValue = dval;
+    goto doneNumeric;
+}
+
+inHex: {
+    do {
+        record8(m_current);
+        shift1();
+    } while (isASCIIHexDigit(m_current));
+
+    double dval = 0;
+
+    const char* end = m_buffer8.end();
+    for (const char* p = m_buffer8.data(); p < end; ++p) {
+        dval *= 16;
+        dval += toASCIIHexValue(*p);
+    }
+    if (dval >= mantissaOverflowLowerBound)
+        dval = parseIntOverflow(m_buffer8.data(), end - m_buffer8.data(), 16);
+
+    m_buffer8.resize(0);
+
+    lvalp->doubleValue = dval;
+    goto doneNumeric;
+}
+
+startNumber:
+    record8(m_current);
+    shift1();
+    while (isASCIIDigit(m_current)) {
+        record8(m_current);
+        shift1();
+    }
+    if (m_current == '.') {
+        record8('.');
+        shift1();
+        goto inNumberAfterDecimalPoint;
+    }
+    if ((m_current | 0x20) == 'e') {
+        record8('e');
+        shift1();
+        goto inExponentIndicator;
+    }
+
+    // Fall through into doneNumber.
+
+doneNumber:
+    // Null-terminate string for strtod.
+    m_buffer8.append('\0');
+    lvalp->doubleValue = WTF::strtod(m_buffer8.data(), 0);
+    m_buffer8.resize(0);
+
+    // Fall through into doneNumeric.
+
+doneNumeric:
+    // No identifiers allowed directly after numeric literal, e.g. "3in" is bad.
+    if (UNLIKELY(isIdentStart(m_current)))
+        goto returnError;
+
+    m_atLineStart = false;
+    m_delimited = false;
+    token = NUMBER;
+    goto returnToken;
+
+doneSemicolon:
+    token = ';';
+    m_delimited = true;
+    goto returnToken;
+
+doneIdentifier:
+    m_atLineStart = false;
+    m_delimited = false;
+    lvalp->ident = makeIdentifier(m_buffer16.data(), m_buffer16.size());
+    m_buffer16.resize(0);
+    token = IDENT;
+    goto returnToken;
+
+doneIdentifierOrKeyword: {
+    m_atLineStart = false;
+    m_delimited = false;
+    m_buffer16.resize(0);
+    const HashEntry* entry = m_keywordTable.entry(m_globalData, *lvalp->ident);
+    token = entry ? entry->lexerValue() : IDENT;
+    goto returnToken;
+}
+
+doneString:
+    // Atomize constant strings in case they're later used in property lookup.
+    shift1();
+    m_atLineStart = false;
+    m_delimited = false;
+    lvalp->ident = makeIdentifier(m_buffer16.data(), m_buffer16.size());
+    m_buffer16.resize(0);
+    token = STRING;
+
+    // Fall through into returnToken.
+
+returnToken: {
+    int lineNumber = m_lineNumber;
+    llocp->first_line = lineNumber;
+    llocp->last_line = lineNumber;
+    llocp->first_column = startOffset;
+    llocp->last_column = currentOffset();
+
+    m_lastToken = token;
+    return token;
+}
+
+returnError:
+    m_error = true;
+    return -1;
+}
+
+bool Lexer::scanRegExp(const Identifier*& pattern, const Identifier*& flags, UChar patternPrefix)
+{
+    ASSERT(m_buffer16.isEmpty());
+
+    bool lastWasEscape = false;
+    bool inBrackets = false;
+
+    if (patternPrefix) {
+        ASSERT(!isLineTerminator(patternPrefix));
+        ASSERT(patternPrefix != '/');
+        ASSERT(patternPrefix != '[');
+        record16(patternPrefix);
+    }
+
+    while (true) {
+        int current = m_current;
+
+        if (isLineTerminator(current) || current == -1) {
+            m_buffer16.resize(0);
+            return false;
+        }
+
+        shift1();
+
+        if (current == '/' && !lastWasEscape && !inBrackets)
+            break;
+
+        record16(current);
+
+        if (lastWasEscape) {
+            lastWasEscape = false;
+            continue;
+        }
+
+        switch (current) {
+        case '[':
+            inBrackets = true;
+            break;
+        case ']':
+            inBrackets = false;
+            break;
+        case '\\':
+            lastWasEscape = true;
+            break;
+        }
+    }
+
+    pattern = makeIdentifier(m_buffer16.data(), m_buffer16.size());
+    m_buffer16.resize(0);
+
+    while (isIdentPart(m_current)) {
+        record16(m_current);
+        shift1();
+    }
+
+    flags = makeIdentifier(m_buffer16.data(), m_buffer16.size());
+    m_buffer16.resize(0);
+
+    return true;
+}
+
+bool Lexer::skipRegExp()
+{
+    bool lastWasEscape = false;
+    bool inBrackets = false;
+
+    while (true) {
+        int current = m_current;
+
+        if (isLineTerminator(current) || current == -1)
+            return false;
+
+        shift1();
+
+        if (current == '/' && !lastWasEscape && !inBrackets)
+            break;
+
+        if (lastWasEscape) {
+            lastWasEscape = false;
+            continue;
+        }
+
+        switch (current) {
+        case '[':
+            inBrackets = true;
+            break;
+        case ']':
+            inBrackets = false;
+            break;
+        case '\\':
+            lastWasEscape = true;
+            break;
+        }
+    }
+
+    while (isIdentPart(m_current))
+        shift1();
+
+    return true;
+}
+
+void Lexer::clear()
+{
+    m_arena = 0;
+    m_codeWithoutBOMs.clear();
+
+    Vector<char> newBuffer8;
+    newBuffer8.reserveInitialCapacity(initialReadBufferCapacity);
+    m_buffer8.swap(newBuffer8);
+
+    Vector<UChar> newBuffer16;
+    newBuffer16.reserveInitialCapacity(initialReadBufferCapacity);
+    m_buffer16.swap(newBuffer16);
+
+    m_isReparsing = false;
+}
+
+SourceCode Lexer::sourceCode(int openBrace, int closeBrace, int firstLine)
+{
+    if (m_codeWithoutBOMs.isEmpty())
+        return SourceCode(m_source->provider(), openBrace, closeBrace + 1, firstLine);
+
+    const UChar* data = m_source->provider()->data();
+
+    ASSERT(openBrace < closeBrace);
+
+    int numBOMsBeforeOpenBrace = 0;
+    int numBOMsBetweenBraces = 0;
+
+    int i;
+    for (i = m_source->startOffset(); i < openBrace; ++i)
+        numBOMsBeforeOpenBrace += data[i] == byteOrderMark;
+    for (; i < closeBrace; ++i)
+        numBOMsBetweenBraces += data[i] == byteOrderMark;
+
+    return SourceCode(m_source->provider(), openBrace + numBOMsBeforeOpenBrace,
+        closeBrace + numBOMsBeforeOpenBrace + numBOMsBetweenBraces + 1, firstLine);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.h
new file mode 100644
index 000000000..174e05a8c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Lexer.h
@@ -0,0 +1,141 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Lexer_h
+#define Lexer_h
+
+#include "Lookup.h"
+#include "ParserArena.h"
+#include "SourceCode.h"
+#include <wtf/ASCIICType.h>
+#include <wtf/SegmentedVector.h>
+#include <wtf/Vector.h>
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC {
+
+    class RegExp;
+
+    class Lexer : public Noncopyable {
+    public:
+        // Character manipulation functions.
+        static bool isWhiteSpace(int character);
+        static bool isLineTerminator(int character);
+        static unsigned char convertHex(int c1, int c2);
+        static UChar convertUnicode(int c1, int c2, int c3, int c4);
+
+        // Functions to set up parsing.
+        void setCode(const SourceCode&, ParserArena&);
+        void setIsReparsing() { m_isReparsing = true; }
+
+        // Functions for the parser itself.
+        int lex(void* lvalp, void* llocp);
+        int lineNumber() const { return m_lineNumber; }
+        bool prevTerminator() const { return m_terminator; }
+        SourceCode sourceCode(int openBrace, int closeBrace, int firstLine);
+        bool scanRegExp(const Identifier*& pattern, const Identifier*& flags, UChar patternPrefix = 0);
+        bool skipRegExp();
+
+        // Functions for use after parsing.
+        bool sawError() const { return m_error; }
+        void clear();
+
+    private:
+        friend class JSGlobalData;
+
+        Lexer(JSGlobalData*);
+        ~Lexer();
+
+        void shift1();
+        void shift2();
+        void shift3();
+        void shift4();
+        void shiftLineTerminator();
+
+        void record8(int);
+        void record16(int);
+        void record16(UChar);
+
+        void copyCodeWithoutBOMs();
+
+        int currentOffset() const;
+        const UChar* currentCharacter() const;
+
+        const Identifier* makeIdentifier(const UChar* characters, size_t length);
+
+        bool lastTokenWasRestrKeyword() const;
+
+        static const size_t initialReadBufferCapacity = 32;
+
+        int m_lineNumber;
+
+        Vector<char> m_buffer8;
+        Vector<UChar> m_buffer16;
+        bool m_terminator;
+        bool m_delimited; // encountered delimiter like "'" and "}" on last run
+        int m_lastToken;
+
+        const SourceCode* m_source;
+        const UChar* m_code;
+        const UChar* m_codeStart;
+        const UChar* m_codeEnd;
+        bool m_isReparsing;
+        bool m_atLineStart;
+        bool m_error;
+
+        // current and following unicode characters (int to allow for -1 for end-of-file marker)
+        int m_current;
+        int m_next1;
+        int m_next2;
+        int m_next3;
+        
+        IdentifierArena* m_arena;
+
+        JSGlobalData* m_globalData;
+
+        const HashTable m_keywordTable;
+
+        Vector<UChar> m_codeWithoutBOMs;
+    };
+
+    inline bool Lexer::isWhiteSpace(int ch)
+    {
+        return isASCII(ch) ? (ch == ' ' || ch == '\t' || ch == 0xB || ch == 0xC) : WTF::Unicode::isSeparatorSpace(ch);
+    }
+
+    inline bool Lexer::isLineTerminator(int ch)
+    {
+        return ch == '\r' || ch == '\n' || (ch & ~1) == 0x2028;
+    }
+
+    inline unsigned char Lexer::convertHex(int c1, int c2)
+    {
+        return (toASCIIHexValue(c1) << 4) | toASCIIHexValue(c2);
+    }
+
+    inline UChar Lexer::convertUnicode(int c1, int c2, int c3, int c4)
+    {
+        return (convertHex(c1, c2) << 8) | convertHex(c3, c4);
+    }
+
+} // namespace JSC
+
+#endif // Lexer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeConstructors.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeConstructors.h
new file mode 100644
index 000000000..5431e1844
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeConstructors.h
@@ -0,0 +1,899 @@
+/*
+ *  Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef NodeConstructors_h
+#define NodeConstructors_h
+
+#include "Nodes.h"
+#include "Lexer.h"
+#include "Parser.h"
+
+namespace JSC {
+
+    inline ParserArenaRefCounted::ParserArenaRefCounted(JSGlobalData* globalData)
+    {
+        globalData->parser->arena().derefWithArena(adoptRef(this));
+    }
+
+    inline Node::Node(JSGlobalData* globalData)
+        : m_line(globalData->lexer->lineNumber())
+    {
+    }
+
+    inline ExpressionNode::ExpressionNode(JSGlobalData* globalData, ResultType resultType)
+        : Node(globalData)
+        , m_resultType(resultType)
+    {
+    }
+
+    inline StatementNode::StatementNode(JSGlobalData* globalData)
+        : Node(globalData)
+        , m_lastLine(-1)
+        , m_column(-1)
+    {
+    }
+
+    inline NullNode::NullNode(JSGlobalData* globalData)
+        : ExpressionNode(globalData, ResultType::nullType())
+    {
+    }
+
+    inline BooleanNode::BooleanNode(JSGlobalData* globalData, bool value)
+        : ExpressionNode(globalData, ResultType::booleanType())
+        , m_value(value)
+    {
+    }
+
+    inline NumberNode::NumberNode(JSGlobalData* globalData, double value)
+        : ExpressionNode(globalData, ResultType::numberType())
+        , m_value(value)
+    {
+    }
+
+    inline StringNode::StringNode(JSGlobalData* globalData, const Identifier& value)
+        : ExpressionNode(globalData, ResultType::stringType())
+        , m_value(value)
+    {
+    }
+
+    inline RegExpNode::RegExpNode(JSGlobalData* globalData, const Identifier& pattern, const Identifier& flags)
+        : ExpressionNode(globalData)
+        , m_pattern(pattern)
+        , m_flags(flags)
+    {
+    }
+
+    inline ThisNode::ThisNode(JSGlobalData* globalData)
+        : ExpressionNode(globalData)
+    {
+    }
+
+    inline ResolveNode::ResolveNode(JSGlobalData* globalData, const Identifier& ident, int startOffset)
+        : ExpressionNode(globalData)
+        , m_ident(ident)
+        , m_startOffset(startOffset)
+    {
+    }
+
+    inline ElementNode::ElementNode(JSGlobalData*, int elision, ExpressionNode* node)
+        : m_next(0)
+        , m_elision(elision)
+        , m_node(node)
+    {
+    }
+
+    inline ElementNode::ElementNode(JSGlobalData*, ElementNode* l, int elision, ExpressionNode* node)
+        : m_next(0)
+        , m_elision(elision)
+        , m_node(node)
+    {
+        l->m_next = this;
+    }
+
+    inline ArrayNode::ArrayNode(JSGlobalData* globalData, int elision)
+        : ExpressionNode(globalData)
+        , m_element(0)
+        , m_elision(elision)
+        , m_optional(true)
+    {
+    }
+
+    inline ArrayNode::ArrayNode(JSGlobalData* globalData, ElementNode* element)
+        : ExpressionNode(globalData)
+        , m_element(element)
+        , m_elision(0)
+        , m_optional(false)
+    {
+    }
+
+    inline ArrayNode::ArrayNode(JSGlobalData* globalData, int elision, ElementNode* element)
+        : ExpressionNode(globalData)
+        , m_element(element)
+        , m_elision(elision)
+        , m_optional(true)
+    {
+    }
+
+    inline PropertyNode::PropertyNode(JSGlobalData*, const Identifier& name, ExpressionNode* assign, Type type)
+        : m_name(name)
+        , m_assign(assign)
+        , m_type(type)
+    {
+    }
+
+    inline PropertyNode::PropertyNode(JSGlobalData* globalData, double name, ExpressionNode* assign, Type type)
+        : m_name(globalData->parser->arena().identifierArena().makeNumericIdentifier(globalData, name))
+        , m_assign(assign)
+        , m_type(type)
+    {
+    }
+
+    inline PropertyListNode::PropertyListNode(JSGlobalData* globalData, PropertyNode* node)
+        : Node(globalData)
+        , m_node(node)
+        , m_next(0)
+    {
+    }
+
+    inline PropertyListNode::PropertyListNode(JSGlobalData* globalData, PropertyNode* node, PropertyListNode* list)
+        : Node(globalData)
+        , m_node(node)
+        , m_next(0)
+    {
+        list->m_next = this;
+    }
+
+    inline ObjectLiteralNode::ObjectLiteralNode(JSGlobalData* globalData)
+        : ExpressionNode(globalData)
+        , m_list(0)
+    {
+    }
+
+    inline ObjectLiteralNode::ObjectLiteralNode(JSGlobalData* globalData, PropertyListNode* list)
+        : ExpressionNode(globalData)
+        , m_list(list)
+    {
+    }
+
+    inline BracketAccessorNode::BracketAccessorNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, bool subscriptHasAssignments)
+        : ExpressionNode(globalData)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_subscriptHasAssignments(subscriptHasAssignments)
+    {
+    }
+
+    inline DotAccessorNode::DotAccessorNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident)
+        : ExpressionNode(globalData)
+        , m_base(base)
+        , m_ident(ident)
+    {
+    }
+
+    inline ArgumentListNode::ArgumentListNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : Node(globalData)
+        , m_next(0)
+        , m_expr(expr)
+    {
+    }
+
+    inline ArgumentListNode::ArgumentListNode(JSGlobalData* globalData, ArgumentListNode* listNode, ExpressionNode* expr)
+        : Node(globalData)
+        , m_next(0)
+        , m_expr(expr)
+    {
+        listNode->m_next = this;
+    }
+
+    inline ArgumentsNode::ArgumentsNode(JSGlobalData*)
+        : m_listNode(0)
+    {
+    }
+
+    inline ArgumentsNode::ArgumentsNode(JSGlobalData*, ArgumentListNode* listNode)
+        : m_listNode(listNode)
+    {
+    }
+
+    inline NewExprNode::NewExprNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : ExpressionNode(globalData)
+        , m_expr(expr)
+        , m_args(0)
+    {
+    }
+
+    inline NewExprNode::NewExprNode(JSGlobalData* globalData, ExpressionNode* expr, ArgumentsNode* args)
+        : ExpressionNode(globalData)
+        , m_expr(expr)
+        , m_args(args)
+    {
+    }
+
+    inline EvalFunctionCallNode::EvalFunctionCallNode(JSGlobalData* globalData, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_args(args)
+    {
+    }
+
+    inline FunctionCallValueNode::FunctionCallValueNode(JSGlobalData* globalData, ExpressionNode* expr, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_expr(expr)
+        , m_args(args)
+    {
+    }
+
+    inline FunctionCallResolveNode::FunctionCallResolveNode(JSGlobalData* globalData, const Identifier& ident, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_ident(ident)
+        , m_args(args)
+    {
+    }
+
+    inline FunctionCallBracketNode::FunctionCallBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_args(args)
+    {
+    }
+
+    inline FunctionCallDotNode::FunctionCallDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+        , m_args(args)
+    {
+    }
+
+    inline CallFunctionCallDotNode::CallFunctionCallDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : FunctionCallDotNode(globalData, base, ident, args, divot, startOffset, endOffset)
+    {
+    }
+
+    inline ApplyFunctionCallDotNode::ApplyFunctionCallDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : FunctionCallDotNode(globalData, base, ident, args, divot, startOffset, endOffset)
+    {
+    }
+
+    inline PrePostResolveNode::PrePostResolveNode(JSGlobalData* globalData, const Identifier& ident, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData, ResultType::numberType()) // could be reusable for pre?
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_ident(ident)
+    {
+    }
+
+    inline PostfixResolveNode::PostfixResolveNode(JSGlobalData* globalData, const Identifier& ident, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : PrePostResolveNode(globalData, ident, divot, startOffset, endOffset)
+        , m_operator(oper)
+    {
+    }
+
+    inline PostfixBracketNode::PostfixBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_operator(oper)
+    {
+    }
+
+    inline PostfixDotNode::PostfixDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+        , m_operator(oper)
+    {
+    }
+
+    inline PostfixErrorNode::PostfixErrorNode(JSGlobalData* globalData, ExpressionNode* expr, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_expr(expr)
+        , m_operator(oper)
+    {
+    }
+
+    inline DeleteResolveNode::DeleteResolveNode(JSGlobalData* globalData, const Identifier& ident, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_ident(ident)
+    {
+    }
+
+    inline DeleteBracketNode::DeleteBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+    {
+    }
+
+    inline DeleteDotNode::DeleteDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+    {
+    }
+
+    inline DeleteValueNode::DeleteValueNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : ExpressionNode(globalData)
+        , m_expr(expr)
+    {
+    }
+
+    inline VoidNode::VoidNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : ExpressionNode(globalData)
+        , m_expr(expr)
+    {
+    }
+
+    inline TypeOfResolveNode::TypeOfResolveNode(JSGlobalData* globalData, const Identifier& ident)
+        : ExpressionNode(globalData, ResultType::stringType())
+        , m_ident(ident)
+    {
+    }
+
+    inline TypeOfValueNode::TypeOfValueNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : ExpressionNode(globalData, ResultType::stringType())
+        , m_expr(expr)
+    {
+    }
+
+    inline PrefixResolveNode::PrefixResolveNode(JSGlobalData* globalData, const Identifier& ident, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : PrePostResolveNode(globalData, ident, divot, startOffset, endOffset)
+        , m_operator(oper)
+    {
+    }
+
+    inline PrefixBracketNode::PrefixBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowablePrefixedSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_operator(oper)
+    {
+    }
+
+    inline PrefixDotNode::PrefixDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowablePrefixedSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+        , m_operator(oper)
+    {
+    }
+
+    inline PrefixErrorNode::PrefixErrorNode(JSGlobalData* globalData, ExpressionNode* expr, Operator oper, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_expr(expr)
+        , m_operator(oper)
+    {
+    }
+
+    inline UnaryOpNode::UnaryOpNode(JSGlobalData* globalData, ResultType type, ExpressionNode* expr, OpcodeID opcodeID)
+        : ExpressionNode(globalData, type)
+        , m_expr(expr)
+        , m_opcodeID(opcodeID)
+    {
+    }
+
+    inline UnaryPlusNode::UnaryPlusNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : UnaryOpNode(globalData, ResultType::numberType(), expr, op_to_jsnumber)
+    {
+    }
+
+    inline NegateNode::NegateNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : UnaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr, op_negate)
+    {
+    }
+
+    inline BitwiseNotNode::BitwiseNotNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : UnaryOpNode(globalData, ResultType::forBitOp(), expr, op_bitnot)
+    {
+    }
+
+    inline LogicalNotNode::LogicalNotNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : UnaryOpNode(globalData, ResultType::booleanType(), expr, op_not)
+    {
+    }
+
+    inline BinaryOpNode::BinaryOpNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : ExpressionNode(globalData)
+        , m_expr1(expr1)
+        , m_expr2(expr2)
+        , m_opcodeID(opcodeID)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline BinaryOpNode::BinaryOpNode(JSGlobalData* globalData, ResultType type, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : ExpressionNode(globalData, type)
+        , m_expr1(expr1)
+        , m_expr2(expr2)
+        , m_opcodeID(opcodeID)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline ReverseBinaryOpNode::ReverseBinaryOpNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : BinaryOpNode(globalData, expr1, expr2, opcodeID, rightHasAssignments)
+    {
+    }
+
+    inline ReverseBinaryOpNode::ReverseBinaryOpNode(JSGlobalData* globalData, ResultType type, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : BinaryOpNode(globalData, type, expr1, expr2, opcodeID, rightHasAssignments)
+    {
+    }
+
+    inline MultNode::MultNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr1, expr2, op_mul, rightHasAssignments)
+    {
+    }
+
+    inline DivNode::DivNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr1, expr2, op_div, rightHasAssignments)
+    {
+    }
+
+
+    inline ModNode::ModNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr1, expr2, op_mod, rightHasAssignments)
+    {
+    }
+
+    inline AddNode::AddNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forAdd(expr1->resultDescriptor(), expr2->resultDescriptor()), expr1, expr2, op_add, rightHasAssignments)
+    {
+    }
+
+    inline SubNode::SubNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr1, expr2, op_sub, rightHasAssignments)
+    {
+    }
+
+    inline LeftShiftNode::LeftShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forBitOp(), expr1, expr2, op_lshift, rightHasAssignments)
+    {
+    }
+
+    inline RightShiftNode::RightShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forBitOp(), expr1, expr2, op_rshift, rightHasAssignments)
+    {
+    }
+
+    inline UnsignedRightShiftNode::UnsignedRightShiftNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::numberTypeCanReuse(), expr1, expr2, op_urshift, rightHasAssignments)
+    {
+    }
+
+    inline LessNode::LessNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_less, rightHasAssignments)
+    {
+    }
+
+    inline GreaterNode::GreaterNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : ReverseBinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_less, rightHasAssignments)
+    {
+    }
+
+    inline LessEqNode::LessEqNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_lesseq, rightHasAssignments)
+    {
+    }
+
+    inline GreaterEqNode::GreaterEqNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : ReverseBinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_lesseq, rightHasAssignments)
+    {
+    }
+
+    inline ThrowableBinaryOpNode::ThrowableBinaryOpNode(JSGlobalData* globalData, ResultType type, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : BinaryOpNode(globalData, type, expr1, expr2, opcodeID, rightHasAssignments)
+    {
+    }
+
+    inline ThrowableBinaryOpNode::ThrowableBinaryOpNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID opcodeID, bool rightHasAssignments)
+        : BinaryOpNode(globalData, expr1, expr2, opcodeID, rightHasAssignments)
+    {
+    }
+
+    inline InstanceOfNode::InstanceOfNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : ThrowableBinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_instanceof, rightHasAssignments)
+    {
+    }
+
+    inline InNode::InNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : ThrowableBinaryOpNode(globalData, expr1, expr2, op_in, rightHasAssignments)
+    {
+    }
+
+    inline EqualNode::EqualNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_eq, rightHasAssignments)
+    {
+    }
+
+    inline NotEqualNode::NotEqualNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_neq, rightHasAssignments)
+    {
+    }
+
+    inline StrictEqualNode::StrictEqualNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_stricteq, rightHasAssignments)
+    {
+    }
+
+    inline NotStrictEqualNode::NotStrictEqualNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::booleanType(), expr1, expr2, op_nstricteq, rightHasAssignments)
+    {
+    }
+
+    inline BitAndNode::BitAndNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forBitOp(), expr1, expr2, op_bitand, rightHasAssignments)
+    {
+    }
+
+    inline BitOrNode::BitOrNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forBitOp(), expr1, expr2, op_bitor, rightHasAssignments)
+    {
+    }
+
+    inline BitXOrNode::BitXOrNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments)
+        : BinaryOpNode(globalData, ResultType::forBitOp(), expr1, expr2, op_bitxor, rightHasAssignments)
+    {
+    }
+
+    inline LogicalOpNode::LogicalOpNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, LogicalOperator oper)
+        : ExpressionNode(globalData, ResultType::booleanType())
+        , m_expr1(expr1)
+        , m_expr2(expr2)
+        , m_operator(oper)
+    {
+    }
+
+    inline ConditionalNode::ConditionalNode(JSGlobalData* globalData, ExpressionNode* logical, ExpressionNode* expr1, ExpressionNode* expr2)
+        : ExpressionNode(globalData)
+        , m_logical(logical)
+        , m_expr1(expr1)
+        , m_expr2(expr2)
+    {
+    }
+
+    inline ReadModifyResolveNode::ReadModifyResolveNode(JSGlobalData* globalData, const Identifier& ident, Operator oper, ExpressionNode*  right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_ident(ident)
+        , m_right(right)
+        , m_operator(oper)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline AssignResolveNode::AssignResolveNode(JSGlobalData* globalData, const Identifier& ident, ExpressionNode* right, bool rightHasAssignments)
+        : ExpressionNode(globalData)
+        , m_ident(ident)
+        , m_right(right)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline ReadModifyBracketNode::ReadModifyBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, Operator oper, ExpressionNode* right, bool subscriptHasAssignments, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_right(right)
+        , m_operator(oper)
+        , m_subscriptHasAssignments(subscriptHasAssignments)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline AssignBracketNode::AssignBracketNode(JSGlobalData* globalData, ExpressionNode* base, ExpressionNode* subscript, ExpressionNode* right, bool subscriptHasAssignments, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_subscript(subscript)
+        , m_right(right)
+        , m_subscriptHasAssignments(subscriptHasAssignments)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline AssignDotNode::AssignDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, ExpressionNode* right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+        , m_right(right)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline ReadModifyDotNode::ReadModifyDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, Operator oper, ExpressionNode* right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableSubExpressionData(divot, startOffset, endOffset)
+        , m_base(base)
+        , m_ident(ident)
+        , m_right(right)
+        , m_operator(oper)
+        , m_rightHasAssignments(rightHasAssignments)
+    {
+    }
+
+    inline AssignErrorNode::AssignErrorNode(JSGlobalData* globalData, ExpressionNode* left, Operator oper, ExpressionNode* right, unsigned divot, unsigned startOffset, unsigned endOffset)
+        : ExpressionNode(globalData)
+        , ThrowableExpressionData(divot, startOffset, endOffset)
+        , m_left(left)
+        , m_operator(oper)
+        , m_right(right)
+    {
+    }
+
+    inline CommaNode::CommaNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2)
+        : ExpressionNode(globalData)
+    {
+        m_expressions.append(expr1);
+        m_expressions.append(expr2);
+    }
+
+    inline ConstStatementNode::ConstStatementNode(JSGlobalData* globalData, ConstDeclNode* next)
+        : StatementNode(globalData)
+        , m_next(next)
+    {
+    }
+
+    inline SourceElements::SourceElements(JSGlobalData*)
+    {
+    }
+
+    inline EmptyStatementNode::EmptyStatementNode(JSGlobalData* globalData)
+        : StatementNode(globalData)
+    {
+    }
+
+    inline DebuggerStatementNode::DebuggerStatementNode(JSGlobalData* globalData)
+        : StatementNode(globalData)
+    {
+    }
+    
+    inline ExprStatementNode::ExprStatementNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : StatementNode(globalData)
+        , m_expr(expr)
+    {
+    }
+
+    inline VarStatementNode::VarStatementNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : StatementNode(globalData)
+        , m_expr(expr)
+    {
+    }
+    
+    inline IfNode::IfNode(JSGlobalData* globalData, ExpressionNode* condition, StatementNode* ifBlock)
+        : StatementNode(globalData)
+        , m_condition(condition)
+        , m_ifBlock(ifBlock)
+    {
+    }
+
+    inline IfElseNode::IfElseNode(JSGlobalData* globalData, ExpressionNode* condition, StatementNode* ifBlock, StatementNode* elseBlock)
+        : IfNode(globalData, condition, ifBlock)
+        , m_elseBlock(elseBlock)
+    {
+    }
+
+    inline DoWhileNode::DoWhileNode(JSGlobalData* globalData, StatementNode* statement, ExpressionNode* expr)
+        : StatementNode(globalData)
+        , m_statement(statement)
+        , m_expr(expr)
+    {
+    }
+
+    inline WhileNode::WhileNode(JSGlobalData* globalData, ExpressionNode* expr, StatementNode* statement)
+        : StatementNode(globalData)
+        , m_expr(expr)
+        , m_statement(statement)
+    {
+    }
+
+    inline ForNode::ForNode(JSGlobalData* globalData, ExpressionNode* expr1, ExpressionNode* expr2, ExpressionNode* expr3, StatementNode* statement, bool expr1WasVarDecl)
+        : StatementNode(globalData)
+        , m_expr1(expr1)
+        , m_expr2(expr2)
+        , m_expr3(expr3)
+        , m_statement(statement)
+        , m_expr1WasVarDecl(expr1 && expr1WasVarDecl)
+    {
+        ASSERT(statement);
+    }
+
+    inline ContinueNode::ContinueNode(JSGlobalData* globalData)
+        : StatementNode(globalData)
+        , m_ident(globalData->propertyNames->nullIdentifier)
+    {
+    }
+
+    inline ContinueNode::ContinueNode(JSGlobalData* globalData, const Identifier& ident)
+        : StatementNode(globalData)
+        , m_ident(ident)
+    {
+    }
+    
+    inline BreakNode::BreakNode(JSGlobalData* globalData)
+        : StatementNode(globalData)
+        , m_ident(globalData->propertyNames->nullIdentifier)
+    {
+    }
+
+    inline BreakNode::BreakNode(JSGlobalData* globalData, const Identifier& ident)
+        : StatementNode(globalData)
+        , m_ident(ident)
+    {
+    }
+    
+    inline ReturnNode::ReturnNode(JSGlobalData* globalData, ExpressionNode* value)
+        : StatementNode(globalData)
+        , m_value(value)
+    {
+    }
+
+    inline WithNode::WithNode(JSGlobalData* globalData, ExpressionNode* expr, StatementNode* statement, uint32_t divot, uint32_t expressionLength)
+        : StatementNode(globalData)
+        , m_expr(expr)
+        , m_statement(statement)
+        , m_divot(divot)
+        , m_expressionLength(expressionLength)
+    {
+    }
+
+    inline LabelNode::LabelNode(JSGlobalData* globalData, const Identifier& name, StatementNode* statement)
+        : StatementNode(globalData)
+        , m_name(name)
+        , m_statement(statement)
+    {
+    }
+
+    inline ThrowNode::ThrowNode(JSGlobalData* globalData, ExpressionNode* expr)
+        : StatementNode(globalData)
+        , m_expr(expr)
+    {
+    }
+
+    inline TryNode::TryNode(JSGlobalData* globalData, StatementNode* tryBlock, const Identifier& exceptionIdent, bool catchHasEval, StatementNode* catchBlock, StatementNode* finallyBlock)
+        : StatementNode(globalData)
+        , m_tryBlock(tryBlock)
+        , m_exceptionIdent(exceptionIdent)
+        , m_catchBlock(catchBlock)
+        , m_finallyBlock(finallyBlock)
+        , m_catchHasEval(catchHasEval)
+    {
+    }
+
+    inline ParameterNode::ParameterNode(JSGlobalData*, const Identifier& ident)
+        : m_ident(ident)
+        , m_next(0)
+    {
+    }
+
+    inline ParameterNode::ParameterNode(JSGlobalData*, ParameterNode* l, const Identifier& ident)
+        : m_ident(ident)
+        , m_next(0)
+    {
+        l->m_next = this;
+    }
+
+    inline FuncExprNode::FuncExprNode(JSGlobalData* globalData, const Identifier& ident, FunctionBodyNode* body, const SourceCode& source, ParameterNode* parameter)
+        : ExpressionNode(globalData)
+        , m_body(body)
+    {
+        m_body->finishParsing(source, parameter, ident);
+    }
+
+    inline FuncDeclNode::FuncDeclNode(JSGlobalData* globalData, const Identifier& ident, FunctionBodyNode* body, const SourceCode& source, ParameterNode* parameter)
+        : StatementNode(globalData)
+        , m_body(body)
+    {
+        m_body->finishParsing(source, parameter, ident);
+    }
+
+    inline CaseClauseNode::CaseClauseNode(JSGlobalData*, ExpressionNode* expr, SourceElements* statements)
+        : m_expr(expr)
+        , m_statements(statements)
+    {
+    }
+
+    inline ClauseListNode::ClauseListNode(JSGlobalData*, CaseClauseNode* clause)
+        : m_clause(clause)
+        , m_next(0)
+    {
+    }
+
+    inline ClauseListNode::ClauseListNode(JSGlobalData*, ClauseListNode* clauseList, CaseClauseNode* clause)
+        : m_clause(clause)
+        , m_next(0)
+    {
+        clauseList->m_next = this;
+    }
+
+    inline CaseBlockNode::CaseBlockNode(JSGlobalData*, ClauseListNode* list1, CaseClauseNode* defaultClause, ClauseListNode* list2)
+        : m_list1(list1)
+        , m_defaultClause(defaultClause)
+        , m_list2(list2)
+    {
+    }
+
+    inline SwitchNode::SwitchNode(JSGlobalData* globalData, ExpressionNode* expr, CaseBlockNode* block)
+        : StatementNode(globalData)
+        , m_expr(expr)
+        , m_block(block)
+    {
+    }
+
+    inline ConstDeclNode::ConstDeclNode(JSGlobalData* globalData, const Identifier& ident, ExpressionNode* init)
+        : ExpressionNode(globalData)
+        , m_ident(ident)
+        , m_next(0)
+        , m_init(init)
+    {
+    }
+
+    inline BlockNode::BlockNode(JSGlobalData* globalData, SourceElements* statements)
+        : StatementNode(globalData)
+        , m_statements(statements)
+    {
+    }
+
+    inline ForInNode::ForInNode(JSGlobalData* globalData, ExpressionNode* l, ExpressionNode* expr, StatementNode* statement)
+        : StatementNode(globalData)
+        , m_ident(globalData->propertyNames->nullIdentifier)
+        , m_init(0)
+        , m_lexpr(l)
+        , m_expr(expr)
+        , m_statement(statement)
+        , m_identIsVarDecl(false)
+    {
+    }
+
+    inline ForInNode::ForInNode(JSGlobalData* globalData, const Identifier& ident, ExpressionNode* in, ExpressionNode* expr, StatementNode* statement, int divot, int startOffset, int endOffset)
+        : StatementNode(globalData)
+        , m_ident(ident)
+        , m_init(0)
+        , m_lexpr(new (globalData) ResolveNode(globalData, ident, divot - startOffset))
+        , m_expr(expr)
+        , m_statement(statement)
+        , m_identIsVarDecl(true)
+    {
+        if (in) {
+            AssignResolveNode* node = new (globalData) AssignResolveNode(globalData, ident, in, true);
+            node->setExceptionSourceCode(divot, divot - startOffset, endOffset - divot);
+            m_init = node;
+        }
+        // for( var foo = bar in baz )
+    }
+
+} // namespace JSC
+
+#endif // NodeConstructors_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeInfo.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeInfo.h
new file mode 100644
index 000000000..7f4deffac
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/NodeInfo.h
@@ -0,0 +1,63 @@
+/*
+ *  Copyright (C) 2007 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NodeInfo_h
+#define NodeInfo_h
+
+#include "Nodes.h"
+#include "Parser.h"
+
+namespace JSC {
+
+    template <typename T> struct NodeInfo {
+        T m_node;
+        CodeFeatures m_features;
+        int m_numConstants;
+    };
+
+    typedef NodeInfo<FuncDeclNode*> FuncDeclNodeInfo;    
+    typedef NodeInfo<FuncExprNode*> FuncExprNodeInfo;
+    typedef NodeInfo<ExpressionNode*> ExpressionNodeInfo;
+    typedef NodeInfo<ArgumentsNode*> ArgumentsNodeInfo;
+    typedef NodeInfo<ConstDeclNode*> ConstDeclNodeInfo;
+    typedef NodeInfo<PropertyNode*> PropertyNodeInfo;
+    typedef NodeInfo<PropertyList> PropertyListInfo;
+    typedef NodeInfo<ElementList> ElementListInfo;
+    typedef NodeInfo<ArgumentList> ArgumentListInfo;
+    
+    template <typename T> struct NodeDeclarationInfo {
+        T m_node;
+        ParserArenaData<DeclarationStacks::VarStack>* m_varDeclarations;
+        ParserArenaData<DeclarationStacks::FunctionStack>* m_funcDeclarations;
+        CodeFeatures m_features;
+        int m_numConstants;
+    };
+    
+    typedef NodeDeclarationInfo<StatementNode*> StatementNodeInfo;
+    typedef NodeDeclarationInfo<CaseBlockNode*> CaseBlockNodeInfo;
+    typedef NodeDeclarationInfo<CaseClauseNode*> CaseClauseNodeInfo;
+    typedef NodeDeclarationInfo<SourceElements*> SourceElementsInfo;
+    typedef NodeDeclarationInfo<ClauseList> ClauseListInfo;
+    typedef NodeDeclarationInfo<ExpressionNode*> VarDeclListInfo;
+    typedef NodeDeclarationInfo<ConstDeclList> ConstDeclListInfo;
+    typedef NodeDeclarationInfo<ParameterList> ParameterListInfo;
+
+} // namespace JSC
+
+#endif // NodeInfo_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.cpp
new file mode 100644
index 000000000..89bbc1195
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.cpp
@@ -0,0 +1,2070 @@
+/*
+*  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+*  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+*  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+*  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+*  Copyright (C) 2007 Maks Orlovich
+*  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+*
+*  This library is free software; you can redistribute it and/or
+*  modify it under the terms of the GNU Library General Public
+*  License as published by the Free Software Foundation; either
+*  version 2 of the License, or (at your option) any later version.
+*
+*  This library is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+*  Library General Public License for more details.
+*
+*  You should have received a copy of the GNU Library General Public License
+*  along with this library; see the file COPYING.LIB.  If not, write to
+*  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+*  Boston, MA 02110-1301, USA.
+*
+*/
+
+#include "config.h"
+#include "Nodes.h"
+#include "NodeConstructors.h"
+
+#include "BytecodeGenerator.h"
+#include "CallFrame.h"
+#include "Debugger.h"
+#include "JIT.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "JSStaticScopeObject.h"
+#include "LabelScope.h"
+#include "Lexer.h"
+#include "Operations.h"
+#include "Parser.h"
+#include "PropertyNameArray.h"
+#include "RegExpObject.h"
+#include "SamplingTool.h"
+#include <wtf/Assertions.h>
+#include <wtf/RefCountedLeakCounter.h>
+#include <wtf/Threading.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+/*
+    Details of the emitBytecode function.
+
+    Return value: The register holding the production's value.
+             dst: An optional parameter specifying the most efficient destination at
+                  which to store the production's value. The callee must honor dst.
+
+    The dst argument provides for a crude form of copy propagation. For example,
+
+        x = 1
+
+    becomes
+    
+        load r[x], 1
+    
+    instead of 
+
+        load r0, 1
+        mov r[x], r0
+    
+    because the assignment node, "x =", passes r[x] as dst to the number node, "1".
+*/
+
+// ------------------------------ ThrowableExpressionData --------------------------------
+
+static void substitute(UString& string, const UString& substring)
+{
+    int position = string.find("%s");
+    ASSERT(position != -1);
+    UString newString = string.substr(0, position);
+    newString.append(substring);
+    newString.append(string.substr(position + 2));
+    string = newString;
+}
+
+RegisterID* ThrowableExpressionData::emitThrowError(BytecodeGenerator& generator, ErrorType type, const char* message)
+{
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    RegisterID* exception = generator.emitNewError(generator.newTemporary(), type, jsString(generator.globalData(), message));
+    generator.emitThrow(exception);
+    return exception;
+}
+
+RegisterID* ThrowableExpressionData::emitThrowError(BytecodeGenerator& generator, ErrorType type, const char* messageTemplate, const UString& label)
+{
+    UString message = messageTemplate;
+    substitute(message, label);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    RegisterID* exception = generator.emitNewError(generator.newTemporary(), type, jsString(generator.globalData(), message));
+    generator.emitThrow(exception);
+    return exception;
+}
+
+inline RegisterID* ThrowableExpressionData::emitThrowError(BytecodeGenerator& generator, ErrorType type, const char* messageTemplate, const Identifier& label)
+{
+    return emitThrowError(generator, type, messageTemplate, label.ustring());
+}
+
+// ------------------------------ StatementNode --------------------------------
+
+void StatementNode::setLoc(int firstLine, int lastLine, int column)
+{
+    m_line = firstLine;
+    m_lastLine = lastLine;
+    m_column = column;
+}
+
+// ------------------------------ SourceElements --------------------------------
+
+void SourceElements::append(StatementNode* statement)
+{
+    if (statement->isEmptyStatement())
+        return;
+    m_statements.append(statement);
+}
+
+inline StatementNode* SourceElements::singleStatement() const
+{
+    size_t size = m_statements.size();
+    return size == 1 ? m_statements[0] : 0;
+}
+
+inline StatementNode* SourceElements::lastStatement() const
+{
+    size_t size = m_statements.size();
+    return size ? m_statements[size - 1] : 0;
+}
+
+// ------------------------------ NullNode -------------------------------------
+
+RegisterID* NullNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitLoad(dst, jsNull());
+}
+
+// ------------------------------ BooleanNode ----------------------------------
+
+RegisterID* BooleanNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitLoad(dst, m_value);
+}
+
+// ------------------------------ NumberNode -----------------------------------
+
+RegisterID* NumberNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitLoad(dst, m_value);
+}
+
+// ------------------------------ StringNode -----------------------------------
+
+RegisterID* StringNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitLoad(dst, m_value);
+}
+
+// ------------------------------ RegExpNode -----------------------------------
+
+RegisterID* RegExpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegExp> regExp = RegExp::create(generator.globalData(), m_pattern.ustring(), m_flags.ustring());
+    if (!regExp->isValid())
+        return emitThrowError(generator, SyntaxError, "Invalid regular expression: %s", regExp->errorMessage());
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitNewRegExp(generator.finalDestination(dst), regExp.get());
+}
+
+// ------------------------------ ThisNode -------------------------------------
+
+RegisterID* ThisNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.moveToDestinationIfNeeded(dst, generator.thisRegister());
+}
+
+// ------------------------------ ResolveNode ----------------------------------
+
+bool ResolveNode::isPure(BytecodeGenerator& generator) const
+{
+    return generator.isLocal(m_ident);
+}
+
+RegisterID* ResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (dst == generator.ignoredResult())
+            return 0;
+        return generator.moveToDestinationIfNeeded(dst, local);
+    }
+    
+    generator.emitExpressionInfo(m_startOffset + m_ident.size(), m_ident.size(), 0);
+    return generator.emitResolve(generator.finalDestination(dst), m_ident);
+}
+
+// ------------------------------ ArrayNode ------------------------------------
+
+RegisterID* ArrayNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    // FIXME: Should we put all of this code into emitNewArray?
+
+    unsigned length = 0;
+    ElementNode* firstPutElement;
+    for (firstPutElement = m_element; firstPutElement; firstPutElement = firstPutElement->next()) {
+        if (firstPutElement->elision())
+            break;
+        ++length;
+    }
+
+    if (!firstPutElement && !m_elision)
+        return generator.emitNewArray(generator.finalDestination(dst), m_element);
+
+    RefPtr<RegisterID> array = generator.emitNewArray(generator.tempDestination(dst), m_element);
+
+    for (ElementNode* n = firstPutElement; n; n = n->next()) {
+        RegisterID* value = generator.emitNode(n->value());
+        length += n->elision();
+        generator.emitPutByIndex(array.get(), length++, value);
+    }
+
+    if (m_elision) {
+        RegisterID* value = generator.emitLoad(0, jsNumber(generator.globalData(), m_elision + length));
+        generator.emitPutById(array.get(), generator.propertyNames().length, value);
+    }
+
+    return generator.moveToDestinationIfNeeded(dst, array.get());
+}
+
+bool ArrayNode::isSimpleArray() const
+{
+    if (m_elision || m_optional)
+        return false;
+    for (ElementNode* ptr = m_element; ptr; ptr = ptr->next()) {
+        if (ptr->elision())
+            return false;
+    }
+    return true;
+}
+
+ArgumentListNode* ArrayNode::toArgumentList(JSGlobalData* globalData) const
+{
+    ASSERT(!m_elision && !m_optional);
+    ElementNode* ptr = m_element;
+    if (!ptr)
+        return 0;
+    ArgumentListNode* head = new (globalData) ArgumentListNode(globalData, ptr->value());
+    ArgumentListNode* tail = head;
+    ptr = ptr->next();
+    for (; ptr; ptr = ptr->next()) {
+        ASSERT(!ptr->elision());
+        tail = new (globalData) ArgumentListNode(globalData, tail, ptr->value());
+    }
+    return head;
+}
+
+// ------------------------------ ObjectLiteralNode ----------------------------
+
+RegisterID* ObjectLiteralNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+     if (!m_list) {
+         if (dst == generator.ignoredResult())
+             return 0;
+         return generator.emitNewObject(generator.finalDestination(dst));
+     }
+     return generator.emitNode(dst, m_list);
+}
+
+// ------------------------------ PropertyListNode -----------------------------
+
+RegisterID* PropertyListNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> newObj = generator.tempDestination(dst);
+    
+    generator.emitNewObject(newObj.get());
+    
+    for (PropertyListNode* p = this; p; p = p->m_next) {
+        RegisterID* value = generator.emitNode(p->m_node->m_assign);
+        
+        switch (p->m_node->m_type) {
+            case PropertyNode::Constant: {
+                generator.emitPutById(newObj.get(), p->m_node->name(), value);
+                break;
+            }
+            case PropertyNode::Getter: {
+                generator.emitPutGetter(newObj.get(), p->m_node->name(), value);
+                break;
+            }
+            case PropertyNode::Setter: {
+                generator.emitPutSetter(newObj.get(), p->m_node->name(), value);
+                break;
+            }
+            default:
+                ASSERT_NOT_REACHED();
+        }
+    }
+    
+    return generator.moveToDestinationIfNeeded(dst, newObj.get());
+}
+
+// ------------------------------ BracketAccessorNode --------------------------------
+
+RegisterID* BracketAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments, m_subscript->isPure(generator));
+    RegisterID* property = generator.emitNode(m_subscript);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitGetByVal(generator.finalDestination(dst), base.get(), property);
+}
+
+// ------------------------------ DotAccessorNode --------------------------------
+
+RegisterID* DotAccessorNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RegisterID* base = generator.emitNode(m_base);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitGetById(generator.finalDestination(dst), base, m_ident);
+}
+
+// ------------------------------ ArgumentListNode -----------------------------
+
+RegisterID* ArgumentListNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    ASSERT(m_expr);
+    return generator.emitNode(dst, m_expr);
+}
+
+// ------------------------------ NewExprNode ----------------------------------
+
+RegisterID* NewExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> func = generator.emitNode(m_expr);
+    return generator.emitConstruct(generator.finalDestination(dst), func.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+// ------------------------------ EvalFunctionCallNode ----------------------------------
+
+RegisterID* EvalFunctionCallNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> func = generator.tempDestination(dst);
+    RefPtr<RegisterID> thisRegister = generator.newTemporary();
+    generator.emitExpressionInfo(divot() - startOffset() + 4, 4, 0);
+    generator.emitResolveWithBase(thisRegister.get(), func.get(), generator.propertyNames().eval);
+    return generator.emitCallEval(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+// ------------------------------ FunctionCallValueNode ----------------------------------
+
+RegisterID* FunctionCallValueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> func = generator.emitNode(m_expr);
+    RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
+    return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+// ------------------------------ FunctionCallResolveNode ----------------------------------
+
+RegisterID* FunctionCallResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RefPtr<RegisterID> local = generator.registerFor(m_ident)) {
+        RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
+        return generator.emitCall(generator.finalDestination(dst, thisRegister.get()), local.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+    }
+
+    int index = 0;
+    size_t depth = 0;
+    JSObject* globalObject = 0;
+    if (generator.findScopedProperty(m_ident, index, depth, false, globalObject) && index != missingSymbolMarker()) {
+        RefPtr<RegisterID> func = generator.emitGetScopedVar(generator.newTemporary(), depth, index, globalObject);
+        RefPtr<RegisterID> thisRegister = generator.emitLoad(generator.newTemporary(), jsNull());
+        return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+    }
+
+    RefPtr<RegisterID> func = generator.newTemporary();
+    RefPtr<RegisterID> thisRegister = generator.newTemporary();
+    int identifierStart = divot() - startOffset();
+    generator.emitExpressionInfo(identifierStart + m_ident.size(), m_ident.size(), 0);
+    generator.emitResolveWithBase(thisRegister.get(), func.get(), m_ident);
+    return generator.emitCall(generator.finalDestination(dst, func.get()), func.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+// ------------------------------ FunctionCallBracketNode ----------------------------------
+
+RegisterID* FunctionCallBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    RegisterID* property = generator.emitNode(m_subscript);
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> function = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property);
+    RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
+    return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+// ------------------------------ FunctionCallDotNode ----------------------------------
+
+RegisterID* FunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> function = generator.tempDestination(dst);
+    RefPtr<RegisterID> thisRegister = generator.newTemporary();
+    generator.emitNode(thisRegister.get(), m_base);
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    generator.emitMethodCheck();
+    generator.emitGetById(function.get(), thisRegister.get(), m_ident);
+    return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+}
+
+RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<Label> realCall = generator.newLabel();
+    RefPtr<Label> end = generator.newLabel();
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
+    RefPtr<RegisterID> finalDestination = generator.finalDestination(dst, function.get());
+    generator.emitJumpIfNotFunctionCall(function.get(), realCall.get());
+    {
+        RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get());
+        RefPtr<RegisterID> thisRegister = generator.newTemporary();
+        ArgumentListNode* oldList = m_args->m_listNode;
+        if (m_args->m_listNode && m_args->m_listNode->m_expr) {
+            generator.emitNode(thisRegister.get(), m_args->m_listNode->m_expr);
+            m_args->m_listNode = m_args->m_listNode->m_next;
+        } else
+            generator.emitLoad(thisRegister.get(), jsNull());
+
+        generator.emitCall(finalDestination.get(), realFunction.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+        generator.emitJump(end.get());
+        m_args->m_listNode = oldList;
+    }
+    generator.emitLabel(realCall.get());
+    {
+        RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
+        generator.emitCall(finalDestination.get(), function.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+    }
+    generator.emitLabel(end.get());
+    return finalDestination.get();
+}
+    
+static bool areTrivialApplyArguments(ArgumentsNode* args)
+{
+    return !args->m_listNode || !args->m_listNode->m_expr || !args->m_listNode->m_next
+        || (!args->m_listNode->m_next->m_next && args->m_listNode->m_next->m_expr->isSimpleArray());
+}
+
+RegisterID* ApplyFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    // A few simple cases can be trivially handled as ordinary function calls.
+    // function.apply(), function.apply(arg) -> identical to function.call
+    // function.apply(thisArg, [arg0, arg1, ...]) -> can be trivially coerced into function.call(thisArg, arg0, arg1, ...) and saves object allocation
+    bool mayBeCall = areTrivialApplyArguments(m_args);
+
+    RefPtr<Label> realCall = generator.newLabel();
+    RefPtr<Label> end = generator.newLabel();
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
+    RefPtr<RegisterID> finalDestination = generator.finalDestination(dst, function.get());
+    generator.emitJumpIfNotFunctionApply(function.get(), realCall.get());
+    {
+        if (mayBeCall) {
+            RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get());
+            RefPtr<RegisterID> thisRegister = generator.newTemporary();
+            ArgumentListNode* oldList = m_args->m_listNode;
+            if (m_args->m_listNode && m_args->m_listNode->m_expr) {
+                generator.emitNode(thisRegister.get(), m_args->m_listNode->m_expr);
+                m_args->m_listNode = m_args->m_listNode->m_next;
+                if (m_args->m_listNode) {
+                    ASSERT(m_args->m_listNode->m_expr->isSimpleArray());
+                    ASSERT(!m_args->m_listNode->m_next);
+                    m_args->m_listNode = static_cast<ArrayNode*>(m_args->m_listNode->m_expr)->toArgumentList(generator.globalData());
+                }
+            } else
+                generator.emitLoad(thisRegister.get(), jsNull());
+            generator.emitCall(finalDestination.get(), realFunction.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+            m_args->m_listNode = oldList;
+        } else {
+            ASSERT(m_args->m_listNode && m_args->m_listNode->m_next);
+            RefPtr<RegisterID> realFunction = generator.emitMove(generator.newTemporary(), base.get());
+            RefPtr<RegisterID> argsCountRegister = generator.newTemporary();
+            RefPtr<RegisterID> thisRegister = generator.newTemporary();
+            RefPtr<RegisterID> argsRegister = generator.newTemporary();
+            generator.emitNode(thisRegister.get(), m_args->m_listNode->m_expr);
+            ArgumentListNode* args = m_args->m_listNode->m_next;
+            bool isArgumentsApply = false;
+            if (args->m_expr->isResolveNode()) {
+                ResolveNode* resolveNode = static_cast<ResolveNode*>(args->m_expr);
+                isArgumentsApply = generator.willResolveToArguments(resolveNode->identifier());
+                if (isArgumentsApply)
+                    generator.emitMove(argsRegister.get(), generator.uncheckedRegisterForArguments());
+            }
+            if (!isArgumentsApply)
+                generator.emitNode(argsRegister.get(), args->m_expr);
+            while ((args = args->m_next))
+                generator.emitNode(args->m_expr);
+
+            generator.emitLoadVarargs(argsCountRegister.get(), argsRegister.get());
+            generator.emitCallVarargs(finalDestination.get(), realFunction.get(), thisRegister.get(), argsCountRegister.get(), divot(), startOffset(), endOffset());
+        }
+        generator.emitJump(end.get());
+    }
+    generator.emitLabel(realCall.get());
+    {
+        RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
+        generator.emitCall(finalDestination.get(), function.get(), thisRegister.get(), m_args, divot(), startOffset(), endOffset());
+    }
+    generator.emitLabel(end.get());
+    return finalDestination.get();
+}
+
+// ------------------------------ PostfixResolveNode ----------------------------------
+
+static RegisterID* emitPreIncOrDec(BytecodeGenerator& generator, RegisterID* srcDst, Operator oper)
+{
+    return (oper == OpPlusPlus) ? generator.emitPreInc(srcDst) : generator.emitPreDec(srcDst);
+}
+
+static RegisterID* emitPostIncOrDec(BytecodeGenerator& generator, RegisterID* dst, RegisterID* srcDst, Operator oper)
+{
+    if (srcDst == dst)
+        return generator.emitToJSNumber(dst, srcDst);
+    return (oper == OpPlusPlus) ? generator.emitPostInc(dst, srcDst) : generator.emitPostDec(dst, srcDst);
+}
+
+RegisterID* PostfixResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (generator.isLocalConstant(m_ident)) {
+            if (dst == generator.ignoredResult())
+                return 0;
+            return generator.emitToJSNumber(generator.finalDestination(dst), local);
+        }
+
+        if (dst == generator.ignoredResult())
+            return emitPreIncOrDec(generator, local, m_operator);
+        return emitPostIncOrDec(generator, generator.finalDestination(dst), local, m_operator);
+    }
+
+    int index = 0;
+    size_t depth = 0;
+    JSObject* globalObject = 0;
+    if (generator.findScopedProperty(m_ident, index, depth, true, globalObject) && index != missingSymbolMarker()) {
+        RefPtr<RegisterID> value = generator.emitGetScopedVar(generator.newTemporary(), depth, index, globalObject);
+        RegisterID* oldValue;
+        if (dst == generator.ignoredResult()) {
+            oldValue = 0;
+            emitPreIncOrDec(generator, value.get(), m_operator);
+        } else {
+            oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator);
+        }
+        generator.emitPutScopedVar(depth, index, value.get(), globalObject);
+        return oldValue;
+    }
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    RefPtr<RegisterID> value = generator.newTemporary();
+    RefPtr<RegisterID> base = generator.emitResolveWithBase(generator.newTemporary(), value.get(), m_ident);
+    RegisterID* oldValue;
+    if (dst == generator.ignoredResult()) {
+        oldValue = 0;
+        emitPreIncOrDec(generator, value.get(), m_operator);
+    } else {
+        oldValue = emitPostIncOrDec(generator, generator.finalDestination(dst), value.get(), m_operator);
+    }
+    generator.emitPutById(base.get(), m_ident, value.get());
+    return oldValue;
+}
+
+// ------------------------------ PostfixBracketNode ----------------------------------
+
+RegisterID* PostfixBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    RefPtr<RegisterID> property = generator.emitNode(m_subscript);
+
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> value = generator.emitGetByVal(generator.newTemporary(), base.get(), property.get());
+    RegisterID* oldValue;
+    if (dst == generator.ignoredResult()) {
+        oldValue = 0;
+        if (m_operator == OpPlusPlus)
+            generator.emitPreInc(value.get());
+        else
+            generator.emitPreDec(value.get());
+    } else {
+        oldValue = (m_operator == OpPlusPlus) ? generator.emitPostInc(generator.finalDestination(dst), value.get()) : generator.emitPostDec(generator.finalDestination(dst), value.get());
+    }
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutByVal(base.get(), property.get(), value.get());
+    return oldValue;
+}
+
+// ------------------------------ PostfixDotNode ----------------------------------
+
+RegisterID* PostfixDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> value = generator.emitGetById(generator.newTemporary(), base.get(), m_ident);
+    RegisterID* oldValue;
+    if (dst == generator.ignoredResult()) {
+        oldValue = 0;
+        if (m_operator == OpPlusPlus)
+            generator.emitPreInc(value.get());
+        else
+            generator.emitPreDec(value.get());
+    } else {
+        oldValue = (m_operator == OpPlusPlus) ? generator.emitPostInc(generator.finalDestination(dst), value.get()) : generator.emitPostDec(generator.finalDestination(dst), value.get());
+    }
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutById(base.get(), m_ident, value.get());
+    return oldValue;
+}
+
+// ------------------------------ PostfixErrorNode -----------------------------------
+
+RegisterID* PostfixErrorNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    return emitThrowError(generator, ReferenceError, m_operator == OpPlusPlus
+        ? "Postfix ++ operator applied to value that is not a reference."
+        : "Postfix -- operator applied to value that is not a reference.");
+}
+
+// ------------------------------ DeleteResolveNode -----------------------------------
+
+RegisterID* DeleteResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (generator.registerFor(m_ident))
+        return generator.emitLoad(generator.finalDestination(dst), false);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    RegisterID* base = generator.emitResolveBase(generator.tempDestination(dst), m_ident);
+    return generator.emitDeleteById(generator.finalDestination(dst, base), base, m_ident);
+}
+
+// ------------------------------ DeleteBracketNode -----------------------------------
+
+RegisterID* DeleteBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> r0 = generator.emitNode(m_base);
+    RegisterID* r1 = generator.emitNode(m_subscript);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitDeleteByVal(generator.finalDestination(dst), r0.get(), r1);
+}
+
+// ------------------------------ DeleteDotNode -----------------------------------
+
+RegisterID* DeleteDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RegisterID* r0 = generator.emitNode(m_base);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitDeleteById(generator.finalDestination(dst), r0, m_ident);
+}
+
+// ------------------------------ DeleteValueNode -----------------------------------
+
+RegisterID* DeleteValueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitNode(generator.ignoredResult(), m_expr);
+
+    // delete on a non-location expression ignores the value and returns true
+    return generator.emitLoad(generator.finalDestination(dst), true);
+}
+
+// ------------------------------ VoidNode -------------------------------------
+
+RegisterID* VoidNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult()) {
+        generator.emitNode(generator.ignoredResult(), m_expr);
+        return 0;
+    }
+    RefPtr<RegisterID> r0 = generator.emitNode(m_expr);
+    return generator.emitLoad(dst, jsUndefined());
+}
+
+// ------------------------------ TypeOfValueNode -----------------------------------
+
+RegisterID* TypeOfResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (dst == generator.ignoredResult())
+            return 0;
+        return generator.emitTypeOf(generator.finalDestination(dst), local);
+    }
+
+    RefPtr<RegisterID> scratch = generator.emitResolveBase(generator.tempDestination(dst), m_ident);
+    generator.emitGetById(scratch.get(), scratch.get(), m_ident);
+    if (dst == generator.ignoredResult())
+        return 0;
+    return generator.emitTypeOf(generator.finalDestination(dst, scratch.get()), scratch.get());
+}
+
+// ------------------------------ TypeOfValueNode -----------------------------------
+
+RegisterID* TypeOfValueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult()) {
+        generator.emitNode(generator.ignoredResult(), m_expr);
+        return 0;
+    }
+    RefPtr<RegisterID> src = generator.emitNode(m_expr);
+    return generator.emitTypeOf(generator.finalDestination(dst), src.get());
+}
+
+// ------------------------------ PrefixResolveNode ----------------------------------
+
+RegisterID* PrefixResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (generator.isLocalConstant(m_ident)) {
+            if (dst == generator.ignoredResult())
+                return 0;
+            RefPtr<RegisterID> r0 = generator.emitLoad(generator.finalDestination(dst), (m_operator == OpPlusPlus) ? 1.0 : -1.0);
+            return generator.emitBinaryOp(op_add, r0.get(), local, r0.get(), OperandTypes());
+        }
+
+        emitPreIncOrDec(generator, local, m_operator);
+        return generator.moveToDestinationIfNeeded(dst, local);
+    }
+
+    int index = 0;
+    size_t depth = 0;
+    JSObject* globalObject = 0;
+    if (generator.findScopedProperty(m_ident, index, depth, false, globalObject) && index != missingSymbolMarker()) {
+        RefPtr<RegisterID> propDst = generator.emitGetScopedVar(generator.tempDestination(dst), depth, index, globalObject);
+        emitPreIncOrDec(generator, propDst.get(), m_operator);
+        generator.emitPutScopedVar(depth, index, propDst.get(), globalObject);
+        return generator.moveToDestinationIfNeeded(dst, propDst.get());
+    }
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    RefPtr<RegisterID> propDst = generator.tempDestination(dst);
+    RefPtr<RegisterID> base = generator.emitResolveWithBase(generator.newTemporary(), propDst.get(), m_ident);
+    emitPreIncOrDec(generator, propDst.get(), m_operator);
+    generator.emitPutById(base.get(), m_ident, propDst.get());
+    return generator.moveToDestinationIfNeeded(dst, propDst.get());
+}
+
+// ------------------------------ PrefixBracketNode ----------------------------------
+
+RegisterID* PrefixBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    RefPtr<RegisterID> property = generator.emitNode(m_subscript);
+    RefPtr<RegisterID> propDst = generator.tempDestination(dst);
+
+    generator.emitExpressionInfo(divot() + m_subexpressionDivotOffset, m_subexpressionStartOffset, endOffset() - m_subexpressionDivotOffset);
+    RegisterID* value = generator.emitGetByVal(propDst.get(), base.get(), property.get());
+    if (m_operator == OpPlusPlus)
+        generator.emitPreInc(value);
+    else
+        generator.emitPreDec(value);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutByVal(base.get(), property.get(), value);
+    return generator.moveToDestinationIfNeeded(dst, propDst.get());
+}
+
+// ------------------------------ PrefixDotNode ----------------------------------
+
+RegisterID* PrefixDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNode(m_base);
+    RefPtr<RegisterID> propDst = generator.tempDestination(dst);
+
+    generator.emitExpressionInfo(divot() + m_subexpressionDivotOffset, m_subexpressionStartOffset, endOffset() - m_subexpressionDivotOffset);
+    RegisterID* value = generator.emitGetById(propDst.get(), base.get(), m_ident);
+    if (m_operator == OpPlusPlus)
+        generator.emitPreInc(value);
+    else
+        generator.emitPreDec(value);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutById(base.get(), m_ident, value);
+    return generator.moveToDestinationIfNeeded(dst, propDst.get());
+}
+
+// ------------------------------ PrefixErrorNode -----------------------------------
+
+RegisterID* PrefixErrorNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    return emitThrowError(generator, ReferenceError, m_operator == OpPlusPlus
+        ? "Prefix ++ operator applied to value that is not a reference."
+        : "Prefix -- operator applied to value that is not a reference.");
+}
+
+// ------------------------------ Unary Operation Nodes -----------------------------------
+
+RegisterID* UnaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RegisterID* src = generator.emitNode(m_expr);
+    return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src);
+}
+
+// ------------------------------ Binary Operation Nodes -----------------------------------
+
+// BinaryOpNode::emitStrcat:
+//
+// This node generates an op_strcat operation.  This opcode can handle concatenation of three or
+// more values, where we can determine a set of separate op_add operations would be operating on
+// string values.
+//
+// This function expects to be operating on a graph of AST nodes looking something like this:
+//
+//     (a)...     (b)
+//          \   /
+//           (+)     (c)
+//              \   /
+//      [d]     ((+))
+//         \    /
+//          [+=]
+//
+// The assignment operation is optional, if it exists the register holding the value on the
+// lefthand side of the assignment should be passing as the optional 'lhs' argument.
+//
+// The method should be called on the node at the root of the tree of regular binary add
+// operations (marked in the diagram with a double set of parentheses).  This node must
+// be performing a string concatenation (determined by statically detecting that at least
+// one child must be a string).  
+//
+// Since the minimum number of values being concatenated together is expected to be 3, if
+// a lhs to a concatenating assignment is not provided then the  root add should have at
+// least one left child that is also an add that can be determined to be operating on strings.
+//
+RegisterID* BinaryOpNode::emitStrcat(BytecodeGenerator& generator, RegisterID* dst, RegisterID* lhs, ReadModifyResolveNode* emitExpressionInfoForMe)
+{
+    ASSERT(isAdd());
+    ASSERT(resultDescriptor().definitelyIsString());
+
+    // Create a list of expressions for all the adds in the tree of nodes we can convert into
+    // a string concatenation.  The rightmost node (c) is added first.  The rightmost node is
+    // added first, and the leftmost child is never added, so the vector produced for the
+    // example above will be [ c, b ].
+    Vector<ExpressionNode*, 16> reverseExpressionList;
+    reverseExpressionList.append(m_expr2);
+
+    // Examine the left child of the add.  So long as this is a string add, add its right-child
+    // to the list, and keep processing along the left fork.
+    ExpressionNode* leftMostAddChild = m_expr1;
+    while (leftMostAddChild->isAdd() && leftMostAddChild->resultDescriptor().definitelyIsString()) {
+        reverseExpressionList.append(static_cast<AddNode*>(leftMostAddChild)->m_expr2);
+        leftMostAddChild = static_cast<AddNode*>(leftMostAddChild)->m_expr1;
+    }
+
+    Vector<RefPtr<RegisterID>, 16> temporaryRegisters;
+
+    // If there is an assignment, allocate a temporary to hold the lhs after conversion.
+    // We could possibly avoid this (the lhs is converted last anyway, we could let the
+    // op_strcat node handle its conversion if required).
+    if (lhs)
+        temporaryRegisters.append(generator.newTemporary());
+
+    // Emit code for the leftmost node ((a) in the example).
+    temporaryRegisters.append(generator.newTemporary());
+    RegisterID* leftMostAddChildTempRegister = temporaryRegisters.last().get();
+    generator.emitNode(leftMostAddChildTempRegister, leftMostAddChild);
+
+    // Note on ordering of conversions:
+    //
+    // We maintain the same ordering of conversions as we would see if the concatenations
+    // was performed as a sequence of adds (otherwise this optimization could change
+    // behaviour should an object have been provided a valueOf or toString method).
+    //
+    // Considering the above example, the sequnce of execution is:
+    //     * evaluate operand (a)
+    //     * evaluate operand (b)
+    //     * convert (a) to primitive   <-  (this would be triggered by the first add)
+    //     * convert (b) to primitive   <-  (ditto)
+    //     * evaluate operand (c)
+    //     * convert (c) to primitive   <-  (this would be triggered by the second add)
+    // And optionally, if there is an assignment:
+    //     * convert (d) to primitive   <-  (this would be triggered by the assigning addition)
+    //
+    // As such we do not plant an op to convert the leftmost child now.  Instead, use
+    // 'leftMostAddChildTempRegister' as a flag to trigger generation of the conversion
+    // once the second node has been generated.  However, if the leftmost child is an
+    // immediate we can trivially determine that no conversion will be required.
+    // If this is the case
+    if (leftMostAddChild->isString())
+        leftMostAddChildTempRegister = 0;
+
+    while (reverseExpressionList.size()) {
+        ExpressionNode* node = reverseExpressionList.last();
+        reverseExpressionList.removeLast();
+
+        // Emit the code for the current node.
+        temporaryRegisters.append(generator.newTemporary());
+        generator.emitNode(temporaryRegisters.last().get(), node);
+
+        // On the first iteration of this loop, when we first reach this point we have just
+        // generated the second node, which means it is time to convert the leftmost operand.
+        if (leftMostAddChildTempRegister) {
+            generator.emitToPrimitive(leftMostAddChildTempRegister, leftMostAddChildTempRegister);
+            leftMostAddChildTempRegister = 0; // Only do this once.
+        }
+        // Plant a conversion for this node, if necessary.
+        if (!node->isString())
+            generator.emitToPrimitive(temporaryRegisters.last().get(), temporaryRegisters.last().get());
+    }
+    ASSERT(temporaryRegisters.size() >= 3);
+
+    // Certain read-modify nodes require expression info to be emitted *after* m_right has been generated.
+    // If this is required the node is passed as 'emitExpressionInfoForMe'; do so now.
+    if (emitExpressionInfoForMe)
+        generator.emitExpressionInfo(emitExpressionInfoForMe->divot(), emitExpressionInfoForMe->startOffset(), emitExpressionInfoForMe->endOffset());
+
+    // If there is an assignment convert the lhs now.  This will also copy lhs to
+    // the temporary register we allocated for it.
+    if (lhs)
+        generator.emitToPrimitive(temporaryRegisters[0].get(), lhs);
+
+    return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size());
+}
+
+RegisterID* BinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    OpcodeID opcodeID = this->opcodeID();
+
+    if (opcodeID == op_add && m_expr1->isAdd() && m_expr1->resultDescriptor().definitelyIsString())
+        return emitStrcat(generator, dst);
+
+    if (opcodeID == op_neq) {
+        if (m_expr1->isNull() || m_expr2->isNull()) {
+            RefPtr<RegisterID> src = generator.tempDestination(dst);
+            generator.emitNode(src.get(), m_expr1->isNull() ? m_expr2 : m_expr1);
+            return generator.emitUnaryOp(op_neq_null, generator.finalDestination(dst, src.get()), src.get());
+        }
+    }
+
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RegisterID* src2 = generator.emitNode(m_expr2);
+    return generator.emitBinaryOp(opcodeID, generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor()));
+}
+
+RegisterID* EqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (m_expr1->isNull() || m_expr2->isNull()) {
+        RefPtr<RegisterID> src = generator.tempDestination(dst);
+        generator.emitNode(src.get(), m_expr1->isNull() ? m_expr2 : m_expr1);
+        return generator.emitUnaryOp(op_eq_null, generator.finalDestination(dst, src.get()), src.get());
+    }
+
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RegisterID* src2 = generator.emitNode(m_expr2);
+    return generator.emitEqualityOp(op_eq, generator.finalDestination(dst, src1.get()), src1.get(), src2);
+}
+
+RegisterID* StrictEqualNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RegisterID* src2 = generator.emitNode(m_expr2);
+    return generator.emitEqualityOp(op_stricteq, generator.finalDestination(dst, src1.get()), src1.get(), src2);
+}
+
+RegisterID* ReverseBinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RegisterID* src2 = generator.emitNode(m_expr2);
+    return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src2, src1.get(), OperandTypes(m_expr2->resultDescriptor(), m_expr1->resultDescriptor()));
+}
+
+RegisterID* ThrowableBinaryOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RegisterID* src2 = generator.emitNode(m_expr2);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitBinaryOp(opcodeID(), generator.finalDestination(dst, src1.get()), src1.get(), src2, OperandTypes(m_expr1->resultDescriptor(), m_expr2->resultDescriptor()));
+}
+
+RegisterID* InstanceOfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> src1 = generator.emitNodeForLeftHandSide(m_expr1, m_rightHasAssignments, m_expr2->isPure(generator));
+    RefPtr<RegisterID> src2 = generator.emitNode(m_expr2);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitGetByIdExceptionInfo(op_instanceof);
+    RegisterID* src2Prototype = generator.emitGetById(generator.newTemporary(), src2.get(), generator.globalData()->propertyNames->prototype);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitInstanceOf(generator.finalDestination(dst, src1.get()), src1.get(), src2.get(), src2Prototype);
+}
+
+// ------------------------------ LogicalOpNode ----------------------------
+
+RegisterID* LogicalOpNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> temp = generator.tempDestination(dst);
+    RefPtr<Label> target = generator.newLabel();
+    
+    generator.emitNode(temp.get(), m_expr1);
+    if (m_operator == OpLogicalAnd)
+        generator.emitJumpIfFalse(temp.get(), target.get());
+    else
+        generator.emitJumpIfTrue(temp.get(), target.get());
+    generator.emitNode(temp.get(), m_expr2);
+    generator.emitLabel(target.get());
+
+    return generator.moveToDestinationIfNeeded(dst, temp.get());
+}
+
+// ------------------------------ ConditionalNode ------------------------------
+
+RegisterID* ConditionalNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> newDst = generator.finalDestination(dst);
+    RefPtr<Label> beforeElse = generator.newLabel();
+    RefPtr<Label> afterElse = generator.newLabel();
+
+    RegisterID* cond = generator.emitNode(m_logical);
+    generator.emitJumpIfFalse(cond, beforeElse.get());
+
+    generator.emitNode(newDst.get(), m_expr1);
+    generator.emitJump(afterElse.get());
+
+    generator.emitLabel(beforeElse.get());
+    generator.emitNode(newDst.get(), m_expr2);
+
+    generator.emitLabel(afterElse.get());
+
+    return newDst.get();
+}
+
+// ------------------------------ ReadModifyResolveNode -----------------------------------
+
+// FIXME: should this be moved to be a method on BytecodeGenerator?
+static ALWAYS_INLINE RegisterID* emitReadModifyAssignment(BytecodeGenerator& generator, RegisterID* dst, RegisterID* src1, ExpressionNode* m_right, Operator oper, OperandTypes types, ReadModifyResolveNode* emitExpressionInfoForMe = 0)
+{
+    OpcodeID opcodeID;
+    switch (oper) {
+        case OpMultEq:
+            opcodeID = op_mul;
+            break;
+        case OpDivEq:
+            opcodeID = op_div;
+            break;
+        case OpPlusEq:
+            if (m_right->isAdd() && m_right->resultDescriptor().definitelyIsString())
+                return static_cast<AddNode*>(m_right)->emitStrcat(generator, dst, src1, emitExpressionInfoForMe);
+            opcodeID = op_add;
+            break;
+        case OpMinusEq:
+            opcodeID = op_sub;
+            break;
+        case OpLShift:
+            opcodeID = op_lshift;
+            break;
+        case OpRShift:
+            opcodeID = op_rshift;
+            break;
+        case OpURShift:
+            opcodeID = op_urshift;
+            break;
+        case OpAndEq:
+            opcodeID = op_bitand;
+            break;
+        case OpXOrEq:
+            opcodeID = op_bitxor;
+            break;
+        case OpOrEq:
+            opcodeID = op_bitor;
+            break;
+        case OpModEq:
+            opcodeID = op_mod;
+            break;
+        default:
+            ASSERT_NOT_REACHED();
+            return dst;
+    }
+
+    RegisterID* src2 = generator.emitNode(m_right);
+
+    // Certain read-modify nodes require expression info to be emitted *after* m_right has been generated.
+    // If this is required the node is passed as 'emitExpressionInfoForMe'; do so now.
+    if (emitExpressionInfoForMe)
+        generator.emitExpressionInfo(emitExpressionInfoForMe->divot(), emitExpressionInfoForMe->startOffset(), emitExpressionInfoForMe->endOffset());
+
+    return generator.emitBinaryOp(opcodeID, dst, src1, src2, types);
+}
+
+RegisterID* ReadModifyResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (generator.isLocalConstant(m_ident)) {
+            return emitReadModifyAssignment(generator, generator.finalDestination(dst), local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+        }
+        
+        if (generator.leftHandSideNeedsCopy(m_rightHasAssignments, m_right->isPure(generator))) {
+            RefPtr<RegisterID> result = generator.newTemporary();
+            generator.emitMove(result.get(), local);
+            emitReadModifyAssignment(generator, result.get(), result.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+            generator.emitMove(local, result.get());
+            return generator.moveToDestinationIfNeeded(dst, result.get());
+        }
+        
+        RegisterID* result = emitReadModifyAssignment(generator, local, local, m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+        return generator.moveToDestinationIfNeeded(dst, result);
+    }
+
+    int index = 0;
+    size_t depth = 0;
+    JSObject* globalObject = 0;
+    if (generator.findScopedProperty(m_ident, index, depth, true, globalObject) && index != missingSymbolMarker()) {
+        RefPtr<RegisterID> src1 = generator.emitGetScopedVar(generator.tempDestination(dst), depth, index, globalObject);
+        RegisterID* result = emitReadModifyAssignment(generator, generator.finalDestination(dst, src1.get()), src1.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+        generator.emitPutScopedVar(depth, index, result, globalObject);
+        return result;
+    }
+
+    RefPtr<RegisterID> src1 = generator.tempDestination(dst);
+    generator.emitExpressionInfo(divot() - startOffset() + m_ident.size(), m_ident.size(), 0);
+    RefPtr<RegisterID> base = generator.emitResolveWithBase(generator.newTemporary(), src1.get(), m_ident);
+    RegisterID* result = emitReadModifyAssignment(generator, generator.finalDestination(dst, src1.get()), src1.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()), this);
+    return generator.emitPutById(base.get(), m_ident, result);
+}
+
+// ------------------------------ AssignResolveNode -----------------------------------
+
+RegisterID* AssignResolveNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (RegisterID* local = generator.registerFor(m_ident)) {
+        if (generator.isLocalConstant(m_ident))
+            return generator.emitNode(dst, m_right);
+        
+        RegisterID* result = generator.emitNode(local, m_right);
+        return generator.moveToDestinationIfNeeded(dst, result);
+    }
+
+    int index = 0;
+    size_t depth = 0;
+    JSObject* globalObject = 0;
+    if (generator.findScopedProperty(m_ident, index, depth, true, globalObject) && index != missingSymbolMarker()) {
+        if (dst == generator.ignoredResult())
+            dst = 0;
+        RegisterID* value = generator.emitNode(dst, m_right);
+        generator.emitPutScopedVar(depth, index, value, globalObject);
+        return value;
+    }
+
+    RefPtr<RegisterID> base = generator.emitResolveBase(generator.newTemporary(), m_ident);
+    if (dst == generator.ignoredResult())
+        dst = 0;
+    RegisterID* value = generator.emitNode(dst, m_right);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitPutById(base.get(), m_ident, value);
+}
+
+// ------------------------------ AssignDotNode -----------------------------------
+
+RegisterID* AssignDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator));
+    RefPtr<RegisterID> value = generator.destinationForAssignResult(dst);
+    RegisterID* result = generator.emitNode(value.get(), m_right);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutById(base.get(), m_ident, result);
+    return generator.moveToDestinationIfNeeded(dst, result);
+}
+
+// ------------------------------ ReadModifyDotNode -----------------------------------
+
+RegisterID* ReadModifyDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator));
+
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> value = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
+    RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    return generator.emitPutById(base.get(), m_ident, updatedValue);
+}
+
+// ------------------------------ AssignErrorNode -----------------------------------
+
+RegisterID* AssignErrorNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    return emitThrowError(generator, ReferenceError, "Left side of assignment is not a reference.");
+}
+
+// ------------------------------ AssignBracketNode -----------------------------------
+
+RegisterID* AssignBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments || m_rightHasAssignments, m_subscript->isPure(generator) && m_right->isPure(generator));
+    RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator));
+    RefPtr<RegisterID> value = generator.destinationForAssignResult(dst);
+    RegisterID* result = generator.emitNode(value.get(), m_right);
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutByVal(base.get(), property.get(), result);
+    return generator.moveToDestinationIfNeeded(dst, result);
+}
+
+// ------------------------------ ReadModifyBracketNode -----------------------------------
+
+RegisterID* ReadModifyBracketNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_subscriptHasAssignments || m_rightHasAssignments, m_subscript->isPure(generator) && m_right->isPure(generator));
+    RefPtr<RegisterID> property = generator.emitNodeForLeftHandSide(m_subscript, m_rightHasAssignments, m_right->isPure(generator));
+
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> value = generator.emitGetByVal(generator.tempDestination(dst), base.get(), property.get());
+    RegisterID* updatedValue = emitReadModifyAssignment(generator, generator.finalDestination(dst, value.get()), value.get(), m_right, m_operator, OperandTypes(ResultType::unknownType(), m_right->resultDescriptor()));
+
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitPutByVal(base.get(), property.get(), updatedValue);
+
+    return updatedValue;
+}
+
+// ------------------------------ CommaNode ------------------------------------
+
+RegisterID* CommaNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    ASSERT(m_expressions.size() > 1);
+    for (size_t i = 0; i < m_expressions.size() - 1; i++)
+        generator.emitNode(generator.ignoredResult(), m_expressions[i]);
+    return generator.emitNode(dst, m_expressions.last());
+}
+
+// ------------------------------ ConstDeclNode ------------------------------------
+
+RegisterID* ConstDeclNode::emitCodeSingle(BytecodeGenerator& generator)
+{
+    if (RegisterID* local = generator.constRegisterFor(m_ident)) {
+        if (!m_init)
+            return local;
+
+        return generator.emitNode(local, m_init);
+    }
+
+    if (generator.codeType() != EvalCode) {
+        if (m_init)
+            return generator.emitNode(m_init);
+        else
+            return generator.emitResolve(generator.newTemporary(), m_ident);
+    }
+    // FIXME: While this code should only be hit in eval code, it will potentially
+    // assign to the wrong base if m_ident exists in an intervening dynamic scope.
+    RefPtr<RegisterID> base = generator.emitResolveBase(generator.newTemporary(), m_ident);
+    RegisterID* value = m_init ? generator.emitNode(m_init) : generator.emitLoad(0, jsUndefined());
+    return generator.emitPutById(base.get(), m_ident, value);
+}
+
+RegisterID* ConstDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    RegisterID* result = 0;
+    for (ConstDeclNode* n = this; n; n = n->m_next)
+        result = n->emitCodeSingle(generator);
+
+    return result;
+}
+
+// ------------------------------ ConstStatementNode -----------------------------
+
+RegisterID* ConstStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    return generator.emitNode(m_next);
+}
+
+// ------------------------------ SourceElements -------------------------------
+
+inline void SourceElements::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    size_t size = m_statements.size();
+    for (size_t i = 0; i < size; ++i)
+        generator.emitNode(dst, m_statements[i]);
+}
+
+// ------------------------------ BlockNode ------------------------------------
+
+inline StatementNode* BlockNode::lastStatement() const
+{
+    return m_statements ? m_statements->lastStatement() : 0;
+}
+
+RegisterID* BlockNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (m_statements)
+        m_statements->emitBytecode(generator, dst);
+    return 0;
+}
+
+// ------------------------------ EmptyStatementNode ---------------------------
+
+RegisterID* EmptyStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    return dst;
+}
+
+// ------------------------------ DebuggerStatementNode ---------------------------
+
+RegisterID* DebuggerStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(DidReachBreakpoint, firstLine(), lastLine(), column());
+    return dst;
+}
+
+// ------------------------------ ExprStatementNode ----------------------------
+
+RegisterID* ExprStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    ASSERT(m_expr);
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column()); 
+    return generator.emitNode(dst, m_expr);
+}
+
+// ------------------------------ VarStatementNode ----------------------------
+
+RegisterID* VarStatementNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    ASSERT(m_expr);
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    return generator.emitNode(m_expr);
+}
+
+// ------------------------------ IfNode ---------------------------------------
+
+RegisterID* IfNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    RefPtr<Label> afterThen = generator.newLabel();
+
+    RegisterID* cond = generator.emitNode(m_condition);
+    generator.emitJumpIfFalse(cond, afterThen.get());
+
+    generator.emitNode(dst, m_ifBlock);
+    generator.emitLabel(afterThen.get());
+
+    // FIXME: This should return the last statement executed so that it can be returned as a Completion.
+    return 0;
+}
+
+// ------------------------------ IfElseNode ---------------------------------------
+
+RegisterID* IfElseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    RefPtr<Label> beforeElse = generator.newLabel();
+    RefPtr<Label> afterElse = generator.newLabel();
+
+    RegisterID* cond = generator.emitNode(m_condition);
+    generator.emitJumpIfFalse(cond, beforeElse.get());
+
+    generator.emitNode(dst, m_ifBlock);
+    generator.emitJump(afterElse.get());
+
+    generator.emitLabel(beforeElse.get());
+
+    generator.emitNode(dst, m_elseBlock);
+
+    generator.emitLabel(afterElse.get());
+
+    // FIXME: This should return the last statement executed so that it can be returned as a Completion.
+    return 0;
+}
+
+// ------------------------------ DoWhileNode ----------------------------------
+
+RegisterID* DoWhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
+
+    RefPtr<Label> topOfLoop = generator.newLabel();
+    generator.emitLabel(topOfLoop.get());
+
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+   
+    RefPtr<RegisterID> result = generator.emitNode(dst, m_statement);
+
+    generator.emitLabel(scope->continueTarget());
+#ifndef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->lineNo(), column());
+#endif
+    RegisterID* cond = generator.emitNode(m_expr);
+    generator.emitJumpIfTrue(cond, topOfLoop.get());
+
+    generator.emitLabel(scope->breakTarget());
+    return result.get();
+}
+
+// ------------------------------ WhileNode ------------------------------------
+
+RegisterID* WhileNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
+#ifdef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->lineNo(), column());
+#endif
+    generator.emitJump(scope->continueTarget());
+
+    RefPtr<Label> topOfLoop = generator.newLabel();
+    generator.emitLabel(topOfLoop.get());
+    
+    generator.emitNode(dst, m_statement);
+
+    generator.emitLabel(scope->continueTarget());
+#ifndef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, m_expr->lineNo(), m_expr->lineNo(), column());
+#endif
+    RegisterID* cond = generator.emitNode(m_expr);
+    generator.emitJumpIfTrue(cond, topOfLoop.get());
+
+    generator.emitLabel(scope->breakTarget());
+    
+    // FIXME: This should return the last statement executed so that it can be returned as a Completion
+    return 0;
+}
+
+// ------------------------------ ForNode --------------------------------------
+
+RegisterID* ForNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
+
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+
+    if (m_expr1)
+        generator.emitNode(generator.ignoredResult(), m_expr1);
+
+    RefPtr<Label> condition = generator.newLabel();
+    generator.emitJump(condition.get());
+
+    RefPtr<Label> topOfLoop = generator.newLabel();
+    generator.emitLabel(topOfLoop.get());
+
+    RefPtr<RegisterID> result = generator.emitNode(dst, m_statement);
+
+    generator.emitLabel(scope->continueTarget());
+#ifndef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+#endif
+    if (m_expr3)
+        generator.emitNode(generator.ignoredResult(), m_expr3);
+
+    generator.emitLabel(condition.get());
+    if (m_expr2) {
+        RegisterID* cond = generator.emitNode(m_expr2);
+        generator.emitJumpIfTrue(cond, topOfLoop.get());
+    } else
+        generator.emitJump(topOfLoop.get());
+
+    generator.emitLabel(scope->breakTarget());
+    return result.get();
+}
+
+// ------------------------------ ForInNode ------------------------------------
+
+RegisterID* ForInNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Loop);
+
+    if (!m_lexpr->isLocation())
+        return emitThrowError(generator, ReferenceError, "Left side of for-in statement is not a reference.");
+
+    RefPtr<Label> continueTarget = generator.newLabel(); 
+
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+
+    if (m_init)
+        generator.emitNode(generator.ignoredResult(), m_init);
+    RegisterID* forInBase = generator.emitNode(m_expr);
+    RefPtr<RegisterID> iter = generator.emitGetPropertyNames(generator.newTemporary(), forInBase);
+    generator.emitJump(scope->continueTarget());
+
+    RefPtr<Label> loopStart = generator.newLabel();
+    generator.emitLabel(loopStart.get());
+
+    RegisterID* propertyName;
+    if (m_lexpr->isResolveNode()) {
+        const Identifier& ident = static_cast<ResolveNode*>(m_lexpr)->identifier();
+        propertyName = generator.registerFor(ident);
+        if (!propertyName) {
+            propertyName = generator.newTemporary();
+            RefPtr<RegisterID> protect = propertyName;
+            RegisterID* base = generator.emitResolveBase(generator.newTemporary(), ident);
+
+            generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+            generator.emitPutById(base, ident, propertyName);
+        }
+    } else if (m_lexpr->isDotAccessorNode()) {
+        DotAccessorNode* assignNode = static_cast<DotAccessorNode*>(m_lexpr);
+        const Identifier& ident = assignNode->identifier();
+        propertyName = generator.newTemporary();
+        RefPtr<RegisterID> protect = propertyName;
+        RegisterID* base = generator.emitNode(assignNode->base());
+
+        generator.emitExpressionInfo(assignNode->divot(), assignNode->startOffset(), assignNode->endOffset());
+        generator.emitPutById(base, ident, propertyName);
+    } else {
+        ASSERT(m_lexpr->isBracketAccessorNode());
+        BracketAccessorNode* assignNode = static_cast<BracketAccessorNode*>(m_lexpr);
+        propertyName = generator.newTemporary();
+        RefPtr<RegisterID> protect = propertyName;
+        RefPtr<RegisterID> base = generator.emitNode(assignNode->base());
+        RegisterID* subscript = generator.emitNode(assignNode->subscript());
+        
+        generator.emitExpressionInfo(assignNode->divot(), assignNode->startOffset(), assignNode->endOffset());
+        generator.emitPutByVal(base.get(), subscript, propertyName);
+    }   
+
+    generator.emitNode(dst, m_statement);
+
+    generator.emitLabel(scope->continueTarget());
+    generator.emitNextPropertyName(propertyName, iter.get(), loopStart.get());
+#ifndef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+#endif
+    generator.emitLabel(scope->breakTarget());
+    return dst;
+}
+
+// ------------------------------ ContinueNode ---------------------------------
+
+// ECMA 12.7
+RegisterID* ContinueNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    LabelScope* scope = generator.continueTarget(m_ident);
+
+    if (!scope)
+        return m_ident.isEmpty()
+            ? emitThrowError(generator, SyntaxError, "Invalid continue statement.")
+            : emitThrowError(generator, SyntaxError, "Undefined label: '%s'.", m_ident);
+
+    generator.emitJumpScopes(scope->continueTarget(), scope->scopeDepth());
+    return dst;
+}
+
+// ------------------------------ BreakNode ------------------------------------
+
+// ECMA 12.8
+RegisterID* BreakNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    LabelScope* scope = generator.breakTarget(m_ident);
+    
+    if (!scope)
+        return m_ident.isEmpty()
+            ? emitThrowError(generator, SyntaxError, "Invalid break statement.")
+            : emitThrowError(generator, SyntaxError, "Undefined label: '%s'.", m_ident);
+
+    generator.emitJumpScopes(scope->breakTarget(), scope->scopeDepth());
+    return dst;
+}
+
+// ------------------------------ ReturnNode -----------------------------------
+
+RegisterID* ReturnNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    if (generator.codeType() != FunctionCode)
+        return emitThrowError(generator, SyntaxError, "Invalid return statement.");
+
+    if (dst == generator.ignoredResult())
+        dst = 0;
+    RegisterID* r0 = m_value ? generator.emitNode(dst, m_value) : generator.emitLoad(dst, jsUndefined());
+    RefPtr<RegisterID> returnRegister;
+    if (generator.scopeDepth()) {
+        RefPtr<Label> l0 = generator.newLabel();
+        if (generator.hasFinaliser() && !r0->isTemporary()) {
+            returnRegister = generator.emitMove(generator.newTemporary(), r0);
+            r0 = returnRegister.get();
+        }
+        generator.emitJumpScopes(l0.get(), 0);
+        generator.emitLabel(l0.get());
+    }
+    generator.emitDebugHook(WillLeaveCallFrame, firstLine(), lastLine(), column());
+    return generator.emitReturn(r0);
+}
+
+// ------------------------------ WithNode -------------------------------------
+
+RegisterID* WithNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    RefPtr<RegisterID> scope = generator.newTemporary();
+    generator.emitNode(scope.get(), m_expr); // scope must be protected until popped
+    generator.emitExpressionInfo(m_divot, m_expressionLength, 0);
+    generator.emitPushScope(scope.get());
+    RegisterID* result = generator.emitNode(dst, m_statement);
+    generator.emitPopScope();
+    return result;
+}
+
+// ------------------------------ CaseClauseNode --------------------------------
+
+inline void CaseClauseNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (m_statements)
+        m_statements->emitBytecode(generator, dst);
+}
+
+// ------------------------------ CaseBlockNode --------------------------------
+
+enum SwitchKind { 
+    SwitchUnset = 0,
+    SwitchNumber = 1, 
+    SwitchString = 2, 
+    SwitchNeither = 3 
+};
+
+static void processClauseList(ClauseListNode* list, Vector<ExpressionNode*, 8>& literalVector, SwitchKind& typeForTable, bool& singleCharacterSwitch, int32_t& min_num, int32_t& max_num)
+{
+    for (; list; list = list->getNext()) {
+        ExpressionNode* clauseExpression = list->getClause()->expr();
+        literalVector.append(clauseExpression);
+        if (clauseExpression->isNumber()) {
+            double value = static_cast<NumberNode*>(clauseExpression)->value();
+            int32_t intVal = static_cast<int32_t>(value);
+            if ((typeForTable & ~SwitchNumber) || (intVal != value)) {
+                typeForTable = SwitchNeither;
+                break;
+            }
+            if (intVal < min_num)
+                min_num = intVal;
+            if (intVal > max_num)
+                max_num = intVal;
+            typeForTable = SwitchNumber;
+            continue;
+        }
+        if (clauseExpression->isString()) {
+            if (typeForTable & ~SwitchString) {
+                typeForTable = SwitchNeither;
+                break;
+            }
+            const UString& value = static_cast<StringNode*>(clauseExpression)->value().ustring();
+            if (singleCharacterSwitch &= value.size() == 1) {
+                int32_t intVal = value.rep()->data()[0];
+                if (intVal < min_num)
+                    min_num = intVal;
+                if (intVal > max_num)
+                    max_num = intVal;
+            }
+            typeForTable = SwitchString;
+            continue;
+        }
+        typeForTable = SwitchNeither;
+        break;        
+    }
+}
+    
+SwitchInfo::SwitchType CaseBlockNode::tryOptimizedSwitch(Vector<ExpressionNode*, 8>& literalVector, int32_t& min_num, int32_t& max_num)
+{
+    SwitchKind typeForTable = SwitchUnset;
+    bool singleCharacterSwitch = true;
+    
+    processClauseList(m_list1, literalVector, typeForTable, singleCharacterSwitch, min_num, max_num);
+    processClauseList(m_list2, literalVector, typeForTable, singleCharacterSwitch, min_num, max_num);
+    
+    if (typeForTable == SwitchUnset || typeForTable == SwitchNeither)
+        return SwitchInfo::SwitchNone;
+    
+    if (typeForTable == SwitchNumber) {
+        int32_t range = max_num - min_num;
+        if (min_num <= max_num && range <= 1000 && (range / literalVector.size()) < 10)
+            return SwitchInfo::SwitchImmediate;
+        return SwitchInfo::SwitchNone;
+    } 
+    
+    ASSERT(typeForTable == SwitchString);
+    
+    if (singleCharacterSwitch) {
+        int32_t range = max_num - min_num;
+        if (min_num <= max_num && range <= 1000 && (range / literalVector.size()) < 10)
+            return SwitchInfo::SwitchCharacter;
+    }
+
+    return SwitchInfo::SwitchString;
+}
+
+RegisterID* CaseBlockNode::emitBytecodeForBlock(BytecodeGenerator& generator, RegisterID* switchExpression, RegisterID* dst)
+{
+    RefPtr<Label> defaultLabel;
+    Vector<RefPtr<Label>, 8> labelVector;
+    Vector<ExpressionNode*, 8> literalVector;
+    int32_t min_num = std::numeric_limits<int32_t>::max();
+    int32_t max_num = std::numeric_limits<int32_t>::min();
+    SwitchInfo::SwitchType switchType = tryOptimizedSwitch(literalVector, min_num, max_num);
+
+    if (switchType != SwitchInfo::SwitchNone) {
+        // Prepare the various labels
+        for (uint32_t i = 0; i < literalVector.size(); i++)
+            labelVector.append(generator.newLabel());
+        defaultLabel = generator.newLabel();
+        generator.beginSwitch(switchExpression, switchType);
+    } else {
+        // Setup jumps
+        for (ClauseListNode* list = m_list1; list; list = list->getNext()) {
+            RefPtr<RegisterID> clauseVal = generator.newTemporary();
+            generator.emitNode(clauseVal.get(), list->getClause()->expr());
+            generator.emitBinaryOp(op_stricteq, clauseVal.get(), clauseVal.get(), switchExpression, OperandTypes());
+            labelVector.append(generator.newLabel());
+            generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
+        }
+        
+        for (ClauseListNode* list = m_list2; list; list = list->getNext()) {
+            RefPtr<RegisterID> clauseVal = generator.newTemporary();
+            generator.emitNode(clauseVal.get(), list->getClause()->expr());
+            generator.emitBinaryOp(op_stricteq, clauseVal.get(), clauseVal.get(), switchExpression, OperandTypes());
+            labelVector.append(generator.newLabel());
+            generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
+        }
+        defaultLabel = generator.newLabel();
+        generator.emitJump(defaultLabel.get());
+    }
+
+    RegisterID* result = 0;
+
+    size_t i = 0;
+    for (ClauseListNode* list = m_list1; list; list = list->getNext()) {
+        generator.emitLabel(labelVector[i++].get());
+        list->getClause()->emitBytecode(generator, dst);
+    }
+
+    if (m_defaultClause) {
+        generator.emitLabel(defaultLabel.get());
+        m_defaultClause->emitBytecode(generator, dst);
+    }
+
+    for (ClauseListNode* list = m_list2; list; list = list->getNext()) {
+        generator.emitLabel(labelVector[i++].get());
+        list->getClause()->emitBytecode(generator, dst);
+    }
+    if (!m_defaultClause)
+        generator.emitLabel(defaultLabel.get());
+
+    ASSERT(i == labelVector.size());
+    if (switchType != SwitchInfo::SwitchNone) {
+        ASSERT(labelVector.size() == literalVector.size());
+        generator.endSwitch(labelVector.size(), labelVector.data(), literalVector.data(), defaultLabel.get(), min_num, max_num);
+    }
+    return result;
+}
+
+// ------------------------------ SwitchNode -----------------------------------
+
+RegisterID* SwitchNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+    
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::Switch);
+
+    RefPtr<RegisterID> r0 = generator.emitNode(m_expr);
+    RegisterID* r1 = m_block->emitBytecodeForBlock(generator, r0.get(), dst);
+
+    generator.emitLabel(scope->breakTarget());
+    return r1;
+}
+
+// ------------------------------ LabelNode ------------------------------------
+
+RegisterID* LabelNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+
+    if (generator.breakTarget(m_name))
+        return emitThrowError(generator, SyntaxError, "Duplicate label: %s.", m_name);
+
+    RefPtr<LabelScope> scope = generator.newLabelScope(LabelScope::NamedLabel, &m_name);
+    RegisterID* r0 = generator.emitNode(dst, m_statement);
+
+    generator.emitLabel(scope->breakTarget());
+    return r0;
+}
+
+// ------------------------------ ThrowNode ------------------------------------
+
+RegisterID* ThrowNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+
+    if (dst == generator.ignoredResult())
+        dst = 0;
+    RefPtr<RegisterID> expr = generator.emitNode(m_expr);
+    generator.emitExpressionInfo(divot(), startOffset(), endOffset());
+    generator.emitThrow(expr.get());
+    return 0;
+}
+
+// ------------------------------ TryNode --------------------------------------
+
+RegisterID* TryNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    // NOTE: The catch and finally blocks must be labeled explicitly, so the
+    // optimizer knows they may be jumped to from anywhere.
+
+#ifndef QT_BUILD_SCRIPT_LIB
+    generator.emitDebugHook(WillExecuteStatement, firstLine(), lastLine(), column());
+#endif
+
+    RefPtr<Label> tryStartLabel = generator.newLabel();
+    RefPtr<Label> finallyStart;
+    RefPtr<RegisterID> finallyReturnAddr;
+    if (m_finallyBlock) {
+        finallyStart = generator.newLabel();
+        finallyReturnAddr = generator.newTemporary();
+        generator.pushFinallyContext(finallyStart.get(), finallyReturnAddr.get());
+    }
+
+    generator.emitLabel(tryStartLabel.get());
+    generator.emitNode(dst, m_tryBlock);
+
+    if (m_catchBlock) {
+        RefPtr<Label> catchEndLabel = generator.newLabel();
+        
+        // Normal path: jump over the catch block.
+        generator.emitJump(catchEndLabel.get());
+
+        // Uncaught exception path: the catch block.
+        RefPtr<Label> here = generator.emitLabel(generator.newLabel().get());
+        RefPtr<RegisterID> exceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), here.get());
+        if (m_catchHasEval) {
+            RefPtr<RegisterID> dynamicScopeObject = generator.emitNewObject(generator.newTemporary());
+            generator.emitPutById(dynamicScopeObject.get(), m_exceptionIdent, exceptionRegister.get());
+            generator.emitMove(exceptionRegister.get(), dynamicScopeObject.get());
+            generator.emitPushScope(exceptionRegister.get());
+        } else
+            generator.emitPushNewScope(exceptionRegister.get(), m_exceptionIdent, exceptionRegister.get());
+        generator.emitNode(dst, m_catchBlock);
+        generator.emitPopScope();
+        generator.emitLabel(catchEndLabel.get());
+    }
+
+    if (m_finallyBlock) {
+        generator.popFinallyContext();
+        // there may be important registers live at the time we jump
+        // to a finally block (such as for a return or throw) so we
+        // ref the highest register ever used as a conservative
+        // approach to not clobbering anything important
+        RefPtr<RegisterID> highestUsedRegister = generator.highestUsedRegister();
+        RefPtr<Label> finallyEndLabel = generator.newLabel();
+
+        // Normal path: invoke the finally block, then jump over it.
+        generator.emitJumpSubroutine(finallyReturnAddr.get(), finallyStart.get());
+        generator.emitJump(finallyEndLabel.get());
+
+        // Uncaught exception path: invoke the finally block, then re-throw the exception.
+        RefPtr<Label> here = generator.emitLabel(generator.newLabel().get());
+        RefPtr<RegisterID> tempExceptionRegister = generator.emitCatch(generator.newTemporary(), tryStartLabel.get(), here.get());
+        generator.emitJumpSubroutine(finallyReturnAddr.get(), finallyStart.get());
+        generator.emitThrow(tempExceptionRegister.get());
+
+        // The finally block.
+        generator.emitLabel(finallyStart.get());
+        generator.emitNode(dst, m_finallyBlock);
+        generator.emitSubroutineReturn(finallyReturnAddr.get());
+
+        generator.emitLabel(finallyEndLabel.get());
+    }
+
+    return dst;
+}
+
+// -----------------------------ScopeNodeData ---------------------------
+
+ScopeNodeData::ScopeNodeData(ParserArena& arena, SourceElements* statements, VarStack* varStack, FunctionStack* funcStack, int numConstants)
+    : m_numConstants(numConstants)
+    , m_statements(statements)
+{
+    m_arena.swap(arena);
+    if (varStack)
+        m_varStack.swap(*varStack);
+    if (funcStack)
+        m_functionStack.swap(*funcStack);
+}
+
+// ------------------------------ ScopeNode -----------------------------
+
+ScopeNode::ScopeNode(JSGlobalData* globalData)
+    : StatementNode(globalData)
+    , ParserArenaRefCounted(globalData)
+    , m_features(NoFeatures)
+{
+}
+
+ScopeNode::ScopeNode(JSGlobalData* globalData, const SourceCode& source, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, CodeFeatures features, int numConstants)
+    : StatementNode(globalData)
+    , ParserArenaRefCounted(globalData)
+    , m_data(new ScopeNodeData(globalData->parser->arena(), children, varStack, funcStack, numConstants))
+    , m_features(features)
+    , m_source(source)
+{
+}
+
+inline void ScopeNode::emitStatementsBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (m_data->m_statements)
+        m_data->m_statements->emitBytecode(generator, dst);
+}
+
+StatementNode* ScopeNode::singleStatement() const
+{
+    return m_data->m_statements ? m_data->m_statements->singleStatement() : 0;
+}
+
+// ------------------------------ ProgramNode -----------------------------
+
+inline ProgramNode::ProgramNode(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& source, CodeFeatures features, int numConstants)
+    : ScopeNode(globalData, source, children, varStack, funcStack, features, numConstants)
+{
+}
+
+PassRefPtr<ProgramNode> ProgramNode::create(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& source, CodeFeatures features, int numConstants)
+{
+    RefPtr<ProgramNode> node = new ProgramNode(globalData, children, varStack, funcStack, source, features, numConstants);
+
+    ASSERT(node->data()->m_arena.last() == node);
+    node->data()->m_arena.removeLast();
+    ASSERT(!node->data()->m_arena.contains(node.get()));
+
+    return node.release();
+}
+
+RegisterID* ProgramNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    generator.emitDebugHook(WillExecuteProgram, firstLine(), lastLine(), column());
+
+    RefPtr<RegisterID> dstRegister = generator.newTemporary();
+    generator.emitLoad(dstRegister.get(), jsUndefined());
+    emitStatementsBytecode(generator, dstRegister.get());
+
+    generator.emitDebugHook(DidExecuteProgram, firstLine(), lastLine(), column());
+    generator.emitEnd(dstRegister.get());
+    return 0;
+}
+
+// ------------------------------ EvalNode -----------------------------
+
+inline EvalNode::EvalNode(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& source, CodeFeatures features, int numConstants)
+    : ScopeNode(globalData, source, children, varStack, funcStack, features, numConstants)
+{
+}
+
+PassRefPtr<EvalNode> EvalNode::create(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& source, CodeFeatures features, int numConstants)
+{
+    RefPtr<EvalNode> node = new EvalNode(globalData, children, varStack, funcStack, source, features, numConstants);
+
+    ASSERT(node->data()->m_arena.last() == node);
+    node->data()->m_arena.removeLast();
+    ASSERT(!node->data()->m_arena.contains(node.get()));
+
+    return node.release();
+}
+
+RegisterID* EvalNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    generator.emitDebugHook(WillExecuteProgram, firstLine(), lastLine(), column());
+
+    RefPtr<RegisterID> dstRegister = generator.newTemporary();
+    generator.emitLoad(dstRegister.get(), jsUndefined());
+    emitStatementsBytecode(generator, dstRegister.get());
+
+    generator.emitDebugHook(DidExecuteProgram, firstLine(), lastLine(), column());
+    generator.emitEnd(dstRegister.get());
+    return 0;
+}
+
+// ------------------------------ FunctionBodyNode -----------------------------
+
+FunctionParameters::FunctionParameters(ParameterNode* firstParameter)
+{
+    for (ParameterNode* parameter = firstParameter; parameter; parameter = parameter->nextParam())
+        append(parameter->ident());
+}
+
+inline FunctionBodyNode::FunctionBodyNode(JSGlobalData* globalData)
+    : ScopeNode(globalData)
+{
+}
+
+inline FunctionBodyNode::FunctionBodyNode(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& sourceCode, CodeFeatures features, int numConstants)
+    : ScopeNode(globalData, sourceCode, children, varStack, funcStack, features, numConstants)
+{
+}
+
+FunctionBodyNode::~FunctionBodyNode()
+{
+}
+
+void FunctionBodyNode::finishParsing(const SourceCode& source, ParameterNode* firstParameter, const Identifier& ident)
+{
+    setSource(source);
+    finishParsing(FunctionParameters::create(firstParameter), ident);
+}
+
+void FunctionBodyNode::finishParsing(PassRefPtr<FunctionParameters> parameters, const Identifier& ident)
+{
+    ASSERT(!source().isNull());
+    m_parameters = parameters;
+    m_ident = ident;
+}
+
+FunctionBodyNode* FunctionBodyNode::create(JSGlobalData* globalData)
+{
+    return new FunctionBodyNode(globalData);
+}
+
+PassRefPtr<FunctionBodyNode> FunctionBodyNode::create(JSGlobalData* globalData, SourceElements* children, VarStack* varStack, FunctionStack* funcStack, const SourceCode& sourceCode, CodeFeatures features, int numConstants)
+{
+    RefPtr<FunctionBodyNode> node = new FunctionBodyNode(globalData, children, varStack, funcStack, sourceCode, features, numConstants);
+
+    ASSERT(node->data()->m_arena.last() == node);
+    node->data()->m_arena.removeLast();
+    ASSERT(!node->data()->m_arena.contains(node.get()));
+
+    return node.release();
+}
+
+RegisterID* FunctionBodyNode::emitBytecode(BytecodeGenerator& generator, RegisterID*)
+{
+    generator.emitDebugHook(DidEnterCallFrame, firstLine(), lastLine(), column());
+    emitStatementsBytecode(generator, generator.ignoredResult());
+    StatementNode* singleStatement = this->singleStatement();
+    if (singleStatement && singleStatement->isBlock()) {
+        StatementNode* lastStatementInBlock = static_cast<BlockNode*>(singleStatement)->lastStatement();
+        if (lastStatementInBlock && lastStatementInBlock->isReturnNode())
+            return 0;
+    }
+
+    RegisterID* r0 = generator.emitLoad(0, jsUndefined());
+    generator.emitDebugHook(WillLeaveCallFrame, firstLine(), lastLine(), column());
+    generator.emitReturn(r0);
+    return 0;
+}
+
+// ------------------------------ FuncDeclNode ---------------------------------
+
+RegisterID* FuncDeclNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    if (dst == generator.ignoredResult())
+        dst = 0;
+    return dst;
+}
+
+// ------------------------------ FuncExprNode ---------------------------------
+
+RegisterID* FuncExprNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    return generator.emitNewFunctionExpression(generator.finalDestination(dst), this);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.h
new file mode 100644
index 000000000..2f8d85011
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Nodes.h
@@ -0,0 +1,1593 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Nodes_h
+#define Nodes_h
+
+#include "Error.h"
+#include "JITCode.h"
+#include "Opcode.h"
+#include "ParserArena.h"
+#include "ResultType.h"
+#include "SourceCode.h"
+#include "SymbolTable.h"
+#include <wtf/MathExtras.h>
+
+namespace JSC {
+
+    class ArgumentListNode;
+    class BytecodeGenerator;
+    class FunctionBodyNode;
+    class PropertyListNode;
+    class ReadModifyResolveNode;
+    class RegisterID;
+    class ScopeChainNode;
+    class ScopeNode;
+
+    typedef unsigned CodeFeatures;
+
+    const CodeFeatures NoFeatures = 0;
+    const CodeFeatures EvalFeature = 1 << 0;
+    const CodeFeatures ClosureFeature = 1 << 1;
+    const CodeFeatures AssignFeature = 1 << 2;
+    const CodeFeatures ArgumentsFeature = 1 << 3;
+    const CodeFeatures WithFeature = 1 << 4;
+    const CodeFeatures CatchFeature = 1 << 5;
+    const CodeFeatures ThisFeature = 1 << 6;
+    const CodeFeatures AllFeatures = EvalFeature | ClosureFeature | AssignFeature | ArgumentsFeature | WithFeature | CatchFeature | ThisFeature;
+
+    enum Operator {
+        OpEqual,
+        OpPlusEq,
+        OpMinusEq,
+        OpMultEq,
+        OpDivEq,
+        OpPlusPlus,
+        OpMinusMinus,
+        OpAndEq,
+        OpXOrEq,
+        OpOrEq,
+        OpModEq,
+        OpLShift,
+        OpRShift,
+        OpURShift
+    };
+    
+    enum LogicalOperator {
+        OpLogicalAnd,
+        OpLogicalOr
+    };
+
+    namespace DeclarationStacks {
+        enum VarAttrs { IsConstant = 1, HasInitializer = 2 };
+        typedef Vector<std::pair<const Identifier*, unsigned> > VarStack;
+        typedef Vector<FunctionBodyNode*> FunctionStack;
+    }
+
+    struct SwitchInfo {
+        enum SwitchType { SwitchNone, SwitchImmediate, SwitchCharacter, SwitchString };
+        uint32_t bytecodeOffset;
+        SwitchType switchType;
+    };
+
+    class ParserArenaFreeable {
+    public:
+        // ParserArenaFreeable objects are are freed when the arena is deleted.
+        // Destructors are not called. Clients must not call delete on such objects.
+        void* operator new(size_t, JSGlobalData*);
+    };
+
+    class ParserArenaDeletable {
+    public:
+        virtual ~ParserArenaDeletable() { }
+
+        // ParserArenaDeletable objects are deleted when the arena is deleted.
+        // Clients must not call delete directly on such objects.
+        void* operator new(size_t, JSGlobalData*);
+    };
+
+    class ParserArenaRefCounted : public RefCounted<ParserArenaRefCounted> {
+    protected:
+        ParserArenaRefCounted(JSGlobalData*);
+
+    public:
+        virtual ~ParserArenaRefCounted()
+        {
+            ASSERT(deletionHasBegun());
+        }
+    };
+
+    class Node : public ParserArenaFreeable {
+    protected:
+        Node(JSGlobalData*);
+
+    public:
+        virtual ~Node() { }
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* destination = 0) = 0;
+
+        int lineNo() const { return m_line; }
+
+    protected:
+        int m_line;
+    };
+
+    class ExpressionNode : public Node {
+    protected:
+        ExpressionNode(JSGlobalData*, ResultType = ResultType::unknownType());
+
+    public:
+        virtual bool isNumber() const { return false; }
+        virtual bool isString() const { return false; }
+        virtual bool isNull() const { return false; }
+        virtual bool isPure(BytecodeGenerator&) const { return false; }        
+        virtual bool isLocation() const { return false; }
+        virtual bool isResolveNode() const { return false; }
+        virtual bool isBracketAccessorNode() const { return false; }
+        virtual bool isDotAccessorNode() const { return false; }
+        virtual bool isFuncExprNode() const { return false; }
+        virtual bool isCommaNode() const { return false; }
+        virtual bool isSimpleArray() const { return false; }
+        virtual bool isAdd() const { return false; }
+
+        virtual ExpressionNode* stripUnaryPlus() { return this; }
+
+        ResultType resultDescriptor() const { return m_resultType; }
+
+    private:
+        ResultType m_resultType;
+    };
+
+    class StatementNode : public Node {
+    protected:
+        StatementNode(JSGlobalData*);
+
+    public:
+        void setLoc(int firstLine, int lastLine, int column);
+        int firstLine() const { return lineNo(); }
+        int lastLine() const { return m_lastLine; }
+        int column() const { return m_column; }
+
+        virtual bool isEmptyStatement() const { return false; }
+        virtual bool isReturnNode() const { return false; }
+        virtual bool isExprStatement() const { return false; }
+
+        virtual bool isBlock() const { return false; }
+
+    private:
+        int m_lastLine;
+        int m_column;
+    };
+
+    class NullNode : public ExpressionNode {
+    public:
+        NullNode(JSGlobalData*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isNull() const { return true; }
+    };
+
+    class BooleanNode : public ExpressionNode {
+    public:
+        BooleanNode(JSGlobalData*, bool value);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isPure(BytecodeGenerator&) const { return true; }
+
+        bool m_value;
+    };
+
+    class NumberNode : public ExpressionNode {
+    public:
+        NumberNode(JSGlobalData*, double value);
+
+        double value() const { return m_value; }
+        void setValue(double value) { m_value = value; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isNumber() const { return true; }
+        virtual bool isPure(BytecodeGenerator&) const { return true; }
+
+        double m_value;
+    };
+
+    class StringNode : public ExpressionNode {
+    public:
+        StringNode(JSGlobalData*, const Identifier&);
+
+        const Identifier& value() { return m_value; }
+
+    private:
+        virtual bool isPure(BytecodeGenerator&) const { return true; }
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+        
+        virtual bool isString() const { return true; }
+
+        const Identifier& m_value;
+    };
+    
+    class ThrowableExpressionData {
+    public:
+        ThrowableExpressionData()
+            : m_divot(static_cast<uint32_t>(-1))
+            , m_startOffset(static_cast<uint16_t>(-1))
+            , m_endOffset(static_cast<uint16_t>(-1))
+        {
+        }
+        
+        ThrowableExpressionData(unsigned divot, unsigned startOffset, unsigned endOffset)
+            : m_divot(divot)
+            , m_startOffset(startOffset)
+            , m_endOffset(endOffset)
+        {
+        }
+        
+        void setExceptionSourceCode(unsigned divot, unsigned startOffset, unsigned endOffset)
+        {
+            m_divot = divot;
+            m_startOffset = startOffset;
+            m_endOffset = endOffset;
+        }
+
+        uint32_t divot() const { return m_divot; }
+        uint16_t startOffset() const { return m_startOffset; }
+        uint16_t endOffset() const { return m_endOffset; }
+
+    protected:
+        RegisterID* emitThrowError(BytecodeGenerator&, ErrorType, const char* message);
+        RegisterID* emitThrowError(BytecodeGenerator&, ErrorType, const char* message, const UString&);
+        RegisterID* emitThrowError(BytecodeGenerator&, ErrorType, const char* message, const Identifier&);
+
+    private:
+        uint32_t m_divot;
+        uint16_t m_startOffset;
+        uint16_t m_endOffset;
+    };
+
+    class ThrowableSubExpressionData : public ThrowableExpressionData {
+    public:
+        ThrowableSubExpressionData()
+            : m_subexpressionDivotOffset(0)
+            , m_subexpressionEndOffset(0)
+        {
+        }
+
+        ThrowableSubExpressionData(unsigned divot, unsigned startOffset, unsigned endOffset)
+            : ThrowableExpressionData(divot, startOffset, endOffset)
+            , m_subexpressionDivotOffset(0)
+            , m_subexpressionEndOffset(0)
+        {
+        }
+
+        void setSubexpressionInfo(uint32_t subexpressionDivot, uint16_t subexpressionOffset)
+        {
+            ASSERT(subexpressionDivot <= divot());
+            if ((divot() - subexpressionDivot) & ~0xFFFF) // Overflow means we can't do this safely, so just point at the primary divot
+                return;
+            m_subexpressionDivotOffset = divot() - subexpressionDivot;
+            m_subexpressionEndOffset = subexpressionOffset;
+        }
+
+    protected:
+        uint16_t m_subexpressionDivotOffset;
+        uint16_t m_subexpressionEndOffset;
+    };
+    
+    class ThrowablePrefixedSubExpressionData : public ThrowableExpressionData {
+    public:
+        ThrowablePrefixedSubExpressionData()
+            : m_subexpressionDivotOffset(0)
+            , m_subexpressionStartOffset(0)
+        {
+        }
+
+        ThrowablePrefixedSubExpressionData(unsigned divot, unsigned startOffset, unsigned endOffset)
+            : ThrowableExpressionData(divot, startOffset, endOffset)
+            , m_subexpressionDivotOffset(0)
+            , m_subexpressionStartOffset(0)
+        {
+        }
+
+        void setSubexpressionInfo(uint32_t subexpressionDivot, uint16_t subexpressionOffset)
+        {
+            ASSERT(subexpressionDivot >= divot());
+            if ((subexpressionDivot - divot()) & ~0xFFFF) // Overflow means we can't do this safely, so just point at the primary divot
+                return;
+            m_subexpressionDivotOffset = subexpressionDivot - divot();
+            m_subexpressionStartOffset = subexpressionOffset;
+        }
+
+    protected:
+        uint16_t m_subexpressionDivotOffset;
+        uint16_t m_subexpressionStartOffset;
+    };
+
+    class RegExpNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        RegExpNode(JSGlobalData*, const Identifier& pattern, const Identifier& flags);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_pattern;
+        const Identifier& m_flags;
+    };
+
+    class ThisNode : public ExpressionNode {
+    public:
+        ThisNode(JSGlobalData*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class ResolveNode : public ExpressionNode {
+    public:
+        ResolveNode(JSGlobalData*, const Identifier&, int startOffset);
+
+        const Identifier& identifier() const { return m_ident; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isPure(BytecodeGenerator&) const ;
+        virtual bool isLocation() const { return true; }
+        virtual bool isResolveNode() const { return true; }
+
+        const Identifier& m_ident;
+        int32_t m_startOffset;
+    };
+
+    class ElementNode : public ParserArenaFreeable {
+    public:
+        ElementNode(JSGlobalData*, int elision, ExpressionNode*);
+        ElementNode(JSGlobalData*, ElementNode*, int elision, ExpressionNode*);
+
+        int elision() const { return m_elision; }
+        ExpressionNode* value() { return m_node; }
+        ElementNode* next() { return m_next; }
+
+    private:
+        ElementNode* m_next;
+        int m_elision;
+        ExpressionNode* m_node;
+    };
+
+    class ArrayNode : public ExpressionNode {
+    public:
+        ArrayNode(JSGlobalData*, int elision);
+        ArrayNode(JSGlobalData*, ElementNode*);
+        ArrayNode(JSGlobalData*, int elision, ElementNode*);
+
+        ArgumentListNode* toArgumentList(JSGlobalData*) const;
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isSimpleArray() const ;
+
+        ElementNode* m_element;
+        int m_elision;
+        bool m_optional;
+    };
+
+    class PropertyNode : public ParserArenaFreeable {
+    public:
+        enum Type { Constant, Getter, Setter };
+
+        PropertyNode(JSGlobalData*, const Identifier& name, ExpressionNode* value, Type);
+        PropertyNode(JSGlobalData*, double name, ExpressionNode* value, Type);
+
+        const Identifier& name() const { return m_name; }
+
+    private:
+        friend class PropertyListNode;
+        const Identifier& m_name;
+        ExpressionNode* m_assign;
+        Type m_type;
+    };
+
+    class PropertyListNode : public Node {
+    public:
+        PropertyListNode(JSGlobalData*, PropertyNode*);
+        PropertyListNode(JSGlobalData*, PropertyNode*, PropertyListNode*);
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+    private:
+        PropertyNode* m_node;
+        PropertyListNode* m_next;
+    };
+
+    class ObjectLiteralNode : public ExpressionNode {
+    public:
+        ObjectLiteralNode(JSGlobalData*);
+        ObjectLiteralNode(JSGlobalData*, PropertyListNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        PropertyListNode* m_list;
+    };
+    
+    class BracketAccessorNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        BracketAccessorNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, bool subscriptHasAssignments);
+
+        ExpressionNode* base() const { return m_base; }
+        ExpressionNode* subscript() const { return m_subscript; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isLocation() const { return true; }
+        virtual bool isBracketAccessorNode() const { return true; }
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        bool m_subscriptHasAssignments;
+    };
+
+    class DotAccessorNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        DotAccessorNode(JSGlobalData*, ExpressionNode* base, const Identifier&);
+
+        ExpressionNode* base() const { return m_base; }
+        const Identifier& identifier() const { return m_ident; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isLocation() const { return true; }
+        virtual bool isDotAccessorNode() const { return true; }
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+    };
+
+    class ArgumentListNode : public Node {
+    public:
+        ArgumentListNode(JSGlobalData*, ExpressionNode*);
+        ArgumentListNode(JSGlobalData*, ArgumentListNode*, ExpressionNode*);
+
+        ArgumentListNode* m_next;
+        ExpressionNode* m_expr;
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class ArgumentsNode : public ParserArenaFreeable {
+    public:
+        ArgumentsNode(JSGlobalData*);
+        ArgumentsNode(JSGlobalData*, ArgumentListNode*);
+
+        ArgumentListNode* m_listNode;
+    };
+
+    class NewExprNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        NewExprNode(JSGlobalData*, ExpressionNode*);
+        NewExprNode(JSGlobalData*, ExpressionNode*, ArgumentsNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        ArgumentsNode* m_args;
+    };
+
+    class EvalFunctionCallNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        EvalFunctionCallNode(JSGlobalData*, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ArgumentsNode* m_args;
+    };
+
+    class FunctionCallValueNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        FunctionCallValueNode(JSGlobalData*, ExpressionNode*, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        ArgumentsNode* m_args;
+    };
+
+    class FunctionCallResolveNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        FunctionCallResolveNode(JSGlobalData*, const Identifier&, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+        ArgumentsNode* m_args;
+        size_t m_index; // Used by LocalVarFunctionCallNode.
+        size_t m_scopeDepth; // Used by ScopedVarFunctionCallNode and NonLocalVarFunctionCallNode
+    };
+    
+    class FunctionCallBracketNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        FunctionCallBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        ArgumentsNode* m_args;
+    };
+
+    class FunctionCallDotNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        FunctionCallDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+    protected:
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+        ArgumentsNode* m_args;
+    };
+
+    class CallFunctionCallDotNode : public FunctionCallDotNode {
+    public:
+        CallFunctionCallDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+    
+    class ApplyFunctionCallDotNode : public FunctionCallDotNode {
+    public:
+        ApplyFunctionCallDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, ArgumentsNode*, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class PrePostResolveNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        PrePostResolveNode(JSGlobalData*, const Identifier&, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    protected:
+        const Identifier& m_ident;
+    };
+
+    class PostfixResolveNode : public PrePostResolveNode {
+    public:
+        PostfixResolveNode(JSGlobalData*, const Identifier&, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        Operator m_operator;
+    };
+
+    class PostfixBracketNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        PostfixBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        Operator m_operator;
+    };
+
+    class PostfixDotNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        PostfixDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+        Operator m_operator;
+    };
+
+    class PostfixErrorNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        PostfixErrorNode(JSGlobalData*, ExpressionNode*, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        Operator m_operator;
+    };
+
+    class DeleteResolveNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        DeleteResolveNode(JSGlobalData*, const Identifier&, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+    };
+
+    class DeleteBracketNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        DeleteBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+    };
+
+    class DeleteDotNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        DeleteDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+    };
+
+    class DeleteValueNode : public ExpressionNode {
+    public:
+        DeleteValueNode(JSGlobalData*, ExpressionNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class VoidNode : public ExpressionNode {
+    public:
+        VoidNode(JSGlobalData*, ExpressionNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class TypeOfResolveNode : public ExpressionNode {
+    public:
+        TypeOfResolveNode(JSGlobalData*, const Identifier&);
+
+        const Identifier& identifier() const { return m_ident; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+    };
+
+    class TypeOfValueNode : public ExpressionNode {
+    public:
+        TypeOfValueNode(JSGlobalData*, ExpressionNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class PrefixResolveNode : public PrePostResolveNode {
+    public:
+        PrefixResolveNode(JSGlobalData*, const Identifier&, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        Operator m_operator;
+    };
+
+    class PrefixBracketNode : public ExpressionNode, public ThrowablePrefixedSubExpressionData {
+    public:
+        PrefixBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        Operator m_operator;
+    };
+
+    class PrefixDotNode : public ExpressionNode, public ThrowablePrefixedSubExpressionData {
+    public:
+        PrefixDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+        Operator m_operator;
+    };
+
+    class PrefixErrorNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        PrefixErrorNode(JSGlobalData*, ExpressionNode*, Operator, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        Operator m_operator;
+    };
+
+    class UnaryOpNode : public ExpressionNode {
+    public:
+        UnaryOpNode(JSGlobalData*, ResultType, ExpressionNode*, OpcodeID);
+
+    protected:
+        ExpressionNode* expr() { return m_expr; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        OpcodeID opcodeID() const { return m_opcodeID; }
+
+        ExpressionNode* m_expr;
+        OpcodeID m_opcodeID;
+    };
+
+    class UnaryPlusNode : public UnaryOpNode {
+    public:
+        UnaryPlusNode(JSGlobalData*, ExpressionNode*);
+
+    private:
+        virtual ExpressionNode* stripUnaryPlus() { return expr(); }
+    };
+
+    class NegateNode : public UnaryOpNode {
+    public:
+        NegateNode(JSGlobalData*, ExpressionNode*);
+    };
+
+    class BitwiseNotNode : public UnaryOpNode {
+    public:
+        BitwiseNotNode(JSGlobalData*, ExpressionNode*);
+    };
+
+    class LogicalNotNode : public UnaryOpNode {
+    public:
+        LogicalNotNode(JSGlobalData*, ExpressionNode*);
+    };
+
+    class BinaryOpNode : public ExpressionNode {
+    public:
+        BinaryOpNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+        BinaryOpNode(JSGlobalData*, ResultType, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+
+        RegisterID* emitStrcat(BytecodeGenerator& generator, RegisterID* destination, RegisterID* lhs = 0, ReadModifyResolveNode* emitExpressionInfoForMe = 0);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+    protected:
+        OpcodeID opcodeID() const { return m_opcodeID; }
+
+    protected:
+        ExpressionNode* m_expr1;
+        ExpressionNode* m_expr2;
+    private:
+        OpcodeID m_opcodeID;
+    protected:
+        bool m_rightHasAssignments;
+    };
+
+    class ReverseBinaryOpNode : public BinaryOpNode {
+    public:
+        ReverseBinaryOpNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+        ReverseBinaryOpNode(JSGlobalData*, ResultType, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class MultNode : public BinaryOpNode {
+    public:
+        MultNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class DivNode : public BinaryOpNode {
+    public:
+        DivNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class ModNode : public BinaryOpNode {
+    public:
+        ModNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class AddNode : public BinaryOpNode {
+    public:
+        AddNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+
+        virtual bool isAdd() const { return true; }
+    };
+
+    class SubNode : public BinaryOpNode {
+    public:
+        SubNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class LeftShiftNode : public BinaryOpNode {
+    public:
+        LeftShiftNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class RightShiftNode : public BinaryOpNode {
+    public:
+        RightShiftNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class UnsignedRightShiftNode : public BinaryOpNode {
+    public:
+        UnsignedRightShiftNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class LessNode : public BinaryOpNode {
+    public:
+        LessNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class GreaterNode : public ReverseBinaryOpNode {
+    public:
+        GreaterNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class LessEqNode : public BinaryOpNode {
+    public:
+        LessEqNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class GreaterEqNode : public ReverseBinaryOpNode {
+    public:
+        GreaterEqNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class ThrowableBinaryOpNode : public BinaryOpNode, public ThrowableExpressionData {
+    public:
+        ThrowableBinaryOpNode(JSGlobalData*, ResultType, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+        ThrowableBinaryOpNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, OpcodeID, bool rightHasAssignments);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+    
+    class InstanceOfNode : public ThrowableBinaryOpNode {
+    public:
+        InstanceOfNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class InNode : public ThrowableBinaryOpNode {
+    public:
+        InNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class EqualNode : public BinaryOpNode {
+    public:
+        EqualNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class NotEqualNode : public BinaryOpNode {
+    public:
+        NotEqualNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class StrictEqualNode : public BinaryOpNode {
+    public:
+        StrictEqualNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class NotStrictEqualNode : public BinaryOpNode {
+    public:
+        NotStrictEqualNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class BitAndNode : public BinaryOpNode {
+    public:
+        BitAndNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class BitOrNode : public BinaryOpNode {
+    public:
+        BitOrNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    class BitXOrNode : public BinaryOpNode {
+    public:
+        BitXOrNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, bool rightHasAssignments);
+    };
+
+    // m_expr1 && m_expr2, m_expr1 || m_expr2
+    class LogicalOpNode : public ExpressionNode {
+    public:
+        LogicalOpNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, LogicalOperator);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr1;
+        ExpressionNode* m_expr2;
+        LogicalOperator m_operator;
+    };
+
+    // The ternary operator, "m_logical ? m_expr1 : m_expr2"
+    class ConditionalNode : public ExpressionNode {
+    public:
+        ConditionalNode(JSGlobalData*, ExpressionNode* logical, ExpressionNode* expr1, ExpressionNode* expr2);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_logical;
+        ExpressionNode* m_expr1;
+        ExpressionNode* m_expr2;
+    };
+
+    class ReadModifyResolveNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        ReadModifyResolveNode(JSGlobalData*, const Identifier&, Operator, ExpressionNode*  right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+        ExpressionNode* m_right;
+        size_t m_index; // Used by ReadModifyLocalVarNode.
+        Operator m_operator;
+        bool m_rightHasAssignments;
+    };
+
+    class AssignResolveNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        AssignResolveNode(JSGlobalData*, const Identifier&, ExpressionNode* right, bool rightHasAssignments);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+        ExpressionNode* m_right;
+        size_t m_index; // Used by ReadModifyLocalVarNode.
+        bool m_rightHasAssignments;
+    };
+
+    class ReadModifyBracketNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        ReadModifyBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, Operator, ExpressionNode* right, bool subscriptHasAssignments, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        ExpressionNode* m_right;
+        Operator m_operator : 30;
+        bool m_subscriptHasAssignments : 1;
+        bool m_rightHasAssignments : 1;
+    };
+
+    class AssignBracketNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        AssignBracketNode(JSGlobalData*, ExpressionNode* base, ExpressionNode* subscript, ExpressionNode* right, bool subscriptHasAssignments, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        ExpressionNode* m_subscript;
+        ExpressionNode* m_right;
+        bool m_subscriptHasAssignments : 1;
+        bool m_rightHasAssignments : 1;
+    };
+
+    class AssignDotNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        AssignDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, ExpressionNode* right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+        ExpressionNode* m_right;
+        bool m_rightHasAssignments;
+    };
+
+    class ReadModifyDotNode : public ExpressionNode, public ThrowableSubExpressionData {
+    public:
+        ReadModifyDotNode(JSGlobalData*, ExpressionNode* base, const Identifier&, Operator, ExpressionNode* right, bool rightHasAssignments, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_base;
+        const Identifier& m_ident;
+        ExpressionNode* m_right;
+        Operator m_operator : 31;
+        bool m_rightHasAssignments : 1;
+    };
+
+    class AssignErrorNode : public ExpressionNode, public ThrowableExpressionData {
+    public:
+        AssignErrorNode(JSGlobalData*, ExpressionNode* left, Operator, ExpressionNode* right, unsigned divot, unsigned startOffset, unsigned endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_left;
+        Operator m_operator;
+        ExpressionNode* m_right;
+    };
+    
+    typedef Vector<ExpressionNode*, 8> ExpressionVector;
+
+    class CommaNode : public ExpressionNode, public ParserArenaDeletable {
+    public:
+        CommaNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2);
+
+        using ParserArenaDeletable::operator new;
+
+        void append(ExpressionNode* expr) { m_expressions.append(expr); }
+
+    private:
+        virtual bool isCommaNode() const { return true; }
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionVector m_expressions;
+    };
+    
+    class ConstDeclNode : public ExpressionNode {
+    public:
+        ConstDeclNode(JSGlobalData*, const Identifier&, ExpressionNode*);
+
+        bool hasInitializer() const { return m_init; }
+        const Identifier& ident() { return m_ident; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+        virtual RegisterID* emitCodeSingle(BytecodeGenerator&);
+
+        const Identifier& m_ident;
+
+    public:
+        ConstDeclNode* m_next;
+
+    private:
+        ExpressionNode* m_init;
+    };
+
+    class ConstStatementNode : public StatementNode {
+    public:
+        ConstStatementNode(JSGlobalData*, ConstDeclNode* next);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ConstDeclNode* m_next;
+    };
+
+    class SourceElements : public ParserArenaDeletable {
+    public:
+        SourceElements(JSGlobalData*);
+
+        void append(StatementNode*);
+
+        StatementNode* singleStatement() const;
+        StatementNode* lastStatement() const;
+
+        void emitBytecode(BytecodeGenerator&, RegisterID* destination);
+
+    private:
+        Vector<StatementNode*> m_statements;
+    };
+
+    class BlockNode : public StatementNode {
+    public:
+        BlockNode(JSGlobalData*, SourceElements* = 0);
+
+        StatementNode* lastStatement() const;
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isBlock() const { return true; }
+
+        SourceElements* m_statements;
+    };
+
+    class EmptyStatementNode : public StatementNode {
+    public:
+        EmptyStatementNode(JSGlobalData*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isEmptyStatement() const { return true; }
+    };
+    
+    class DebuggerStatementNode : public StatementNode {
+    public:
+        DebuggerStatementNode(JSGlobalData*);
+        
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class ExprStatementNode : public StatementNode {
+    public:
+        ExprStatementNode(JSGlobalData*, ExpressionNode*);
+
+        ExpressionNode* expr() const { return m_expr; }
+
+    private:
+        virtual bool isExprStatement() const { return true; }
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class VarStatementNode : public StatementNode {
+    public:
+        VarStatementNode(JSGlobalData*, ExpressionNode*);        
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class IfNode : public StatementNode {
+    public:
+        IfNode(JSGlobalData*, ExpressionNode* condition, StatementNode* ifBlock);
+
+    protected:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_condition;
+        StatementNode* m_ifBlock;
+    };
+
+    class IfElseNode : public IfNode {
+    public:
+        IfElseNode(JSGlobalData*, ExpressionNode* condition, StatementNode* ifBlock, StatementNode* elseBlock);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        StatementNode* m_elseBlock;
+    };
+
+    class DoWhileNode : public StatementNode {
+    public:
+        DoWhileNode(JSGlobalData*, StatementNode* statement, ExpressionNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        StatementNode* m_statement;
+        ExpressionNode* m_expr;
+    };
+
+    class WhileNode : public StatementNode {
+    public:
+        WhileNode(JSGlobalData*, ExpressionNode*, StatementNode* statement);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        StatementNode* m_statement;
+    };
+
+    class ForNode : public StatementNode {
+    public:
+        ForNode(JSGlobalData*, ExpressionNode* expr1, ExpressionNode* expr2, ExpressionNode* expr3, StatementNode* statement, bool expr1WasVarDecl);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr1;
+        ExpressionNode* m_expr2;
+        ExpressionNode* m_expr3;
+        StatementNode* m_statement;
+        bool m_expr1WasVarDecl;
+    };
+
+    class ForInNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        ForInNode(JSGlobalData*, ExpressionNode*, ExpressionNode*, StatementNode*);
+        ForInNode(JSGlobalData*, const Identifier&, ExpressionNode*, ExpressionNode*, StatementNode*, int divot, int startOffset, int endOffset);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+        ExpressionNode* m_init;
+        ExpressionNode* m_lexpr;
+        ExpressionNode* m_expr;
+        StatementNode* m_statement;
+        bool m_identIsVarDecl;
+    };
+
+    class ContinueNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        ContinueNode(JSGlobalData*);
+        ContinueNode(JSGlobalData*, const Identifier&);
+        
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+    };
+
+    class BreakNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        BreakNode(JSGlobalData*);
+        BreakNode(JSGlobalData*, const Identifier&);
+        
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_ident;
+    };
+
+    class ReturnNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        ReturnNode(JSGlobalData*, ExpressionNode* value);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isReturnNode() const { return true; }
+
+        ExpressionNode* m_value;
+    };
+
+    class WithNode : public StatementNode {
+    public:
+        WithNode(JSGlobalData*, ExpressionNode*, StatementNode*, uint32_t divot, uint32_t expressionLength);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        StatementNode* m_statement;
+        uint32_t m_divot;
+        uint32_t m_expressionLength;
+    };
+
+    class LabelNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        LabelNode(JSGlobalData*, const Identifier& name, StatementNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        const Identifier& m_name;
+        StatementNode* m_statement;
+    };
+
+    class ThrowNode : public StatementNode, public ThrowableExpressionData {
+    public:
+        ThrowNode(JSGlobalData*, ExpressionNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+    };
+
+    class TryNode : public StatementNode {
+    public:
+        TryNode(JSGlobalData*, StatementNode* tryBlock, const Identifier& exceptionIdent, bool catchHasEval, StatementNode* catchBlock, StatementNode* finallyBlock);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        StatementNode* m_tryBlock;
+        const Identifier& m_exceptionIdent;
+        StatementNode* m_catchBlock;
+        StatementNode* m_finallyBlock;
+        bool m_catchHasEval;
+    };
+
+    class ParameterNode : public ParserArenaFreeable {
+    public:
+        ParameterNode(JSGlobalData*, const Identifier&);
+        ParameterNode(JSGlobalData*, ParameterNode*, const Identifier&);
+
+        const Identifier& ident() const { return m_ident; }
+        ParameterNode* nextParam() const { return m_next; }
+
+    private:
+        const Identifier& m_ident;
+        ParameterNode* m_next;
+    };
+
+    struct ScopeNodeData : FastAllocBase {
+        typedef DeclarationStacks::VarStack VarStack;
+        typedef DeclarationStacks::FunctionStack FunctionStack;
+
+        ScopeNodeData(ParserArena&, SourceElements*, VarStack*, FunctionStack*, int numConstants);
+
+        ParserArena m_arena;
+        VarStack m_varStack;
+        FunctionStack m_functionStack;
+        int m_numConstants;
+        SourceElements* m_statements;
+    };
+
+    class ScopeNode : public StatementNode, public ParserArenaRefCounted {
+    public:
+        typedef DeclarationStacks::VarStack VarStack;
+        typedef DeclarationStacks::FunctionStack FunctionStack;
+
+        ScopeNode(JSGlobalData*);
+        ScopeNode(JSGlobalData*, const SourceCode&, SourceElements*, VarStack*, FunctionStack*, CodeFeatures, int numConstants);
+
+        using ParserArenaRefCounted::operator new;
+
+        void adoptData(std::auto_ptr<ScopeNodeData> data)
+        {
+            ASSERT(!data->m_arena.contains(this));
+            ASSERT(!m_data);
+            m_data.adopt(data);
+        }
+        ScopeNodeData* data() const { return m_data.get(); }
+        void destroyData() { m_data.clear(); }
+
+        const SourceCode& source() const { return m_source; }
+        const UString& sourceURL() const { return m_source.provider()->url(); }
+        intptr_t sourceID() const { return m_source.provider()->asID(); }
+
+        void setFeatures(CodeFeatures features) { m_features = features; }
+        CodeFeatures features() { return m_features; }
+
+        bool usesEval() const { return m_features & EvalFeature; }
+        bool usesArguments() const { return m_features & ArgumentsFeature; }
+        void setUsesArguments() { m_features |= ArgumentsFeature; }
+        bool usesThis() const { return m_features & ThisFeature; }
+        bool needsActivation() const { return m_features & (EvalFeature | ClosureFeature | WithFeature | CatchFeature); }
+
+        VarStack& varStack() { ASSERT(m_data); return m_data->m_varStack; }
+        FunctionStack& functionStack() { ASSERT(m_data); return m_data->m_functionStack; }
+
+        int neededConstants()
+        {
+            ASSERT(m_data);
+            // We may need 2 more constants than the count given by the parser,
+            // because of the various uses of jsUndefined() and jsNull().
+            return m_data->m_numConstants + 2;
+        }
+
+        StatementNode* singleStatement() const;
+
+        void emitStatementsBytecode(BytecodeGenerator&, RegisterID* destination);
+
+    protected:
+        void setSource(const SourceCode& source) { m_source = source; }
+
+    private:
+        OwnPtr<ScopeNodeData> m_data;
+        CodeFeatures m_features;
+        SourceCode m_source;
+    };
+
+    class ProgramNode : public ScopeNode {
+    public:
+        static PassRefPtr<ProgramNode> create(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        static const bool scopeIsFunction = false;
+
+    private:
+        ProgramNode(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class EvalNode : public ScopeNode {
+    public:
+        static PassRefPtr<EvalNode> create(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        static const bool scopeIsFunction = false;
+
+    private:
+        EvalNode(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+    };
+
+    class FunctionParameters : public Vector<Identifier>, public RefCounted<FunctionParameters> {
+    public:
+        static PassRefPtr<FunctionParameters> create(ParameterNode* firstParameter) { return adoptRef(new FunctionParameters(firstParameter)); }
+
+    private:
+        FunctionParameters(ParameterNode*);
+    };
+
+    class FunctionBodyNode : public ScopeNode {
+    public:
+        static FunctionBodyNode* create(JSGlobalData*);
+        static PassRefPtr<FunctionBodyNode> create(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        virtual ~FunctionBodyNode();
+
+        FunctionParameters* parameters() const { return m_parameters.get(); }
+        size_t parameterCount() const { return m_parameters->size(); }
+
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        void finishParsing(const SourceCode&, ParameterNode*, const Identifier&);
+        void finishParsing(PassRefPtr<FunctionParameters>, const Identifier&);
+        
+        const Identifier& ident() { return m_ident; }
+
+        static const bool scopeIsFunction = true;
+
+    private:
+        FunctionBodyNode(JSGlobalData*);
+        FunctionBodyNode(JSGlobalData*, SourceElements*, VarStack*, FunctionStack*, const SourceCode&, CodeFeatures, int numConstants);
+
+        Identifier m_ident;
+        RefPtr<FunctionParameters> m_parameters;
+    };
+
+    class FuncExprNode : public ExpressionNode {
+    public:
+        FuncExprNode(JSGlobalData*, const Identifier&, FunctionBodyNode* body, const SourceCode& source, ParameterNode* parameter = 0);
+
+        FunctionBodyNode* body() { return m_body; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        virtual bool isFuncExprNode() const { return true; } 
+
+        FunctionBodyNode* m_body;
+    };
+
+    class FuncDeclNode : public StatementNode {
+    public:
+        FuncDeclNode(JSGlobalData*, const Identifier&, FunctionBodyNode*, const SourceCode&, ParameterNode* = 0);
+
+        FunctionBodyNode* body() { return m_body; }
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        FunctionBodyNode* m_body;
+    };
+
+    class CaseClauseNode : public ParserArenaFreeable {
+    public:
+        CaseClauseNode(JSGlobalData*, ExpressionNode*, SourceElements* = 0);
+
+        ExpressionNode* expr() const { return m_expr; }
+
+        void emitBytecode(BytecodeGenerator&, RegisterID* destination);
+
+    private:
+        ExpressionNode* m_expr;
+        SourceElements* m_statements;
+    };
+
+    class ClauseListNode : public ParserArenaFreeable {
+    public:
+        ClauseListNode(JSGlobalData*, CaseClauseNode*);
+        ClauseListNode(JSGlobalData*, ClauseListNode*, CaseClauseNode*);
+
+        CaseClauseNode* getClause() const { return m_clause; }
+        ClauseListNode* getNext() const { return m_next; }
+
+    private:
+        CaseClauseNode* m_clause;
+        ClauseListNode* m_next;
+    };
+
+    class CaseBlockNode : public ParserArenaFreeable {
+    public:
+        CaseBlockNode(JSGlobalData*, ClauseListNode* list1, CaseClauseNode* defaultClause, ClauseListNode* list2);
+
+        RegisterID* emitBytecodeForBlock(BytecodeGenerator&, RegisterID* input, RegisterID* destination);
+
+    private:
+        SwitchInfo::SwitchType tryOptimizedSwitch(Vector<ExpressionNode*, 8>& literalVector, int32_t& min_num, int32_t& max_num);
+        ClauseListNode* m_list1;
+        CaseClauseNode* m_defaultClause;
+        ClauseListNode* m_list2;
+    };
+
+    class SwitchNode : public StatementNode {
+    public:
+        SwitchNode(JSGlobalData*, ExpressionNode*, CaseBlockNode*);
+
+    private:
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0);
+
+        ExpressionNode* m_expr;
+        CaseBlockNode* m_block;
+    };
+
+    struct ElementList {
+        ElementNode* head;
+        ElementNode* tail;
+    };
+
+    struct PropertyList {
+        PropertyListNode* head;
+        PropertyListNode* tail;
+    };
+
+    struct ArgumentList {
+        ArgumentListNode* head;
+        ArgumentListNode* tail;
+    };
+
+    struct ConstDeclList {
+        ConstDeclNode* head;
+        ConstDeclNode* tail;
+    };
+
+    struct ParameterList {
+        ParameterNode* head;
+        ParameterNode* tail;
+    };
+
+    struct ClauseList {
+        ClauseListNode* head;
+        ClauseListNode* tail;
+    };
+
+} // namespace JSC
+
+#endif // Nodes_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.cpp
new file mode 100644
index 000000000..4c046d062
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.cpp
@@ -0,0 +1,81 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Parser.h"
+
+#include "Debugger.h"
+#include "Lexer.h"
+#include <wtf/HashSet.h>
+#include <wtf/Vector.h>
+#include <memory>
+
+using std::auto_ptr;
+
+#ifndef yyparse
+extern int jscyyparse(void*);
+#endif
+
+namespace JSC {
+
+void Parser::parse(JSGlobalData* globalData, int* errLine, UString* errMsg)
+{
+    m_sourceElements = 0;
+
+    int defaultErrLine;
+    UString defaultErrMsg;
+
+    if (!errLine)
+        errLine = &defaultErrLine;
+    if (!errMsg)
+        errMsg = &defaultErrMsg;
+
+    *errLine = -1;
+    *errMsg = 0;
+
+    Lexer& lexer = *globalData->lexer;
+    lexer.setCode(*m_source, m_arena);
+
+    int parseError = jscyyparse(globalData);
+    bool lexError = lexer.sawError();
+    int lineNumber = lexer.lineNumber();
+    lexer.clear();
+
+    if (parseError || lexError) {
+        *errLine = lineNumber;
+        *errMsg = "Parse error";
+        m_sourceElements = 0;
+    }
+}
+
+void Parser::didFinishParsing(SourceElements* sourceElements, ParserArenaData<DeclarationStacks::VarStack>* varStack, 
+                              ParserArenaData<DeclarationStacks::FunctionStack>* funcStack, CodeFeatures features, int lastLine, int numConstants)
+{
+    m_sourceElements = sourceElements;
+    m_varDeclarations = varStack;
+    m_funcDeclarations = funcStack;
+    m_features = features;
+    m_lastLine = lastLine;
+    m_numConstants = numConstants;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.h
new file mode 100644
index 000000000..7f204801a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/Parser.h
@@ -0,0 +1,104 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Parser_h
+#define Parser_h
+
+#include "Debugger.h"
+#include "Executable.h"
+#include "JSGlobalObject.h"
+#include "Lexer.h"
+#include "Nodes.h"
+#include "ParserArena.h"
+#include "SourceProvider.h"
+#include <wtf/Forward.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/OwnPtr.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class FunctionBodyNode;
+    class ProgramNode;
+    class UString;
+
+    template <typename T> struct ParserArenaData : ParserArenaDeletable { T data; };
+
+    class Parser : public Noncopyable {
+    public:
+        template <class ParsedNode>
+        PassRefPtr<ParsedNode> parse(JSGlobalData* globalData, Debugger*, ExecState*, const SourceCode& source, int* errLine = 0, UString* errMsg = 0);
+
+        void didFinishParsing(SourceElements*, ParserArenaData<DeclarationStacks::VarStack>*, 
+                              ParserArenaData<DeclarationStacks::FunctionStack>*, CodeFeatures features, int lastLine, int numConstants);
+
+        ParserArena& arena() { return m_arena; }
+
+    private:
+        void parse(JSGlobalData*, int* errLine, UString* errMsg);
+
+        ParserArena m_arena;
+        const SourceCode* m_source;
+        SourceElements* m_sourceElements;
+        ParserArenaData<DeclarationStacks::VarStack>* m_varDeclarations;
+        ParserArenaData<DeclarationStacks::FunctionStack>* m_funcDeclarations;
+        CodeFeatures m_features;
+        int m_lastLine;
+        int m_numConstants;
+    };
+
+    template <class ParsedNode>
+    PassRefPtr<ParsedNode> Parser::parse(JSGlobalData* globalData, Debugger* debugger, ExecState* debuggerExecState, const SourceCode& source, int* errLine, UString* errMsg)
+    {
+        m_source = &source;
+        if (ParsedNode::scopeIsFunction)
+            globalData->lexer->setIsReparsing();
+        parse(globalData, errLine, errMsg);
+
+        RefPtr<ParsedNode> result;
+        if (m_sourceElements) {
+            result = ParsedNode::create(globalData,
+            m_sourceElements,
+            m_varDeclarations ? &m_varDeclarations->data : 0,
+            m_funcDeclarations ? &m_funcDeclarations->data : 0,
+            source,
+            m_features,
+            m_numConstants);
+            int column = m_source->startOffset(); //is it good way to find column number?
+            result->setLoc(m_source->firstLine(), m_lastLine, column);
+        }
+
+        m_arena.reset();
+
+        m_source = 0;
+        m_sourceElements = 0;
+        m_varDeclarations = 0;
+        m_funcDeclarations = 0;
+
+        if (debugger && !ParsedNode::scopeIsFunction)
+            debugger->sourceParsed(debuggerExecState, source, *errLine, *errMsg);
+        return result.release();
+    }
+
+} // namespace JSC
+
+#endif // Parser_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.cpp
new file mode 100644
index 000000000..6a2af8335
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.cpp
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "Parser.h"
+#include "ParserArena.h"
+
+#include "Nodes.h"
+
+namespace JSC {
+
+ParserArena::ParserArena()
+    : m_freeableMemory(0)
+    , m_freeablePoolEnd(0)
+    , m_identifierArena(new IdentifierArena)
+{
+}
+
+inline void* ParserArena::freeablePool()
+{
+    ASSERT(m_freeablePoolEnd);
+    return m_freeablePoolEnd - freeablePoolSize;
+}
+
+inline void ParserArena::deallocateObjects()
+{
+    if (m_freeablePoolEnd)
+        fastFree(freeablePool());
+
+    size_t size = m_freeablePools.size();
+    for (size_t i = 0; i < size; ++i)
+        fastFree(m_freeablePools[i]);
+
+    size = m_deletableObjects.size();
+    for (size_t i = 0; i < size; ++i) {
+        ParserArenaDeletable* object = m_deletableObjects[i];
+        object->~ParserArenaDeletable();
+        fastFree(object);
+    }
+}
+
+ParserArena::~ParserArena()
+{
+    deallocateObjects();
+}
+
+bool ParserArena::contains(ParserArenaRefCounted* object) const
+{
+    return m_refCountedObjects.find(object) != notFound;
+}
+
+ParserArenaRefCounted* ParserArena::last() const
+{
+    return m_refCountedObjects.last().get();
+}
+
+void ParserArena::removeLast()
+{
+    m_refCountedObjects.removeLast();
+}
+
+void ParserArena::reset()
+{
+    // Since this code path is used only when parsing fails, it's not bothering to reuse
+    // any of the memory the arena allocated. We could improve that later if we want to
+    // efficiently reuse the same arena.
+
+    deallocateObjects();
+
+    m_freeableMemory = 0;
+    m_freeablePoolEnd = 0;
+    m_identifierArena->clear();
+    m_freeablePools.clear();
+    m_deletableObjects.clear();
+    m_refCountedObjects.clear();
+}
+
+void ParserArena::allocateFreeablePool()
+{
+    if (m_freeablePoolEnd)
+        m_freeablePools.append(freeablePool());
+
+    char* pool = static_cast<char*>(fastMalloc(freeablePoolSize));
+    m_freeableMemory = pool;
+    m_freeablePoolEnd = pool + freeablePoolSize;
+    ASSERT(freeablePool() == pool);
+}
+
+bool ParserArena::isEmpty() const
+{
+    return !m_freeablePoolEnd
+        && m_identifierArena->isEmpty()
+        && m_freeablePools.isEmpty()
+        && m_deletableObjects.isEmpty()
+        && m_refCountedObjects.isEmpty();
+}
+
+void ParserArena::derefWithArena(PassRefPtr<ParserArenaRefCounted> object)
+{
+    m_refCountedObjects.append(object);
+}
+
+void* ParserArenaFreeable::operator new(size_t size, JSGlobalData* globalData)
+{
+    return globalData->parser->arena().allocateFreeable(size);
+}
+
+void* ParserArenaDeletable::operator new(size_t size, JSGlobalData* globalData)
+{
+    return globalData->parser->arena().allocateDeletable(size);
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.h
new file mode 100644
index 000000000..2fd4fc141
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ParserArena.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ParserArena_h
+#define ParserArena_h
+
+#include "Identifier.h"
+#include <wtf/SegmentedVector.h>
+
+namespace JSC {
+
+    class ParserArenaDeletable;
+    class ParserArenaRefCounted;
+
+    class IdentifierArena {
+    public:
+        ALWAYS_INLINE const Identifier& makeIdentifier(JSGlobalData*, const UChar* characters, size_t length);
+        const Identifier& makeNumericIdentifier(JSGlobalData*, double number);
+
+        void clear() { m_identifiers.clear(); }
+        bool isEmpty() const { return m_identifiers.isEmpty(); }
+
+    private:
+        typedef SegmentedVector<Identifier, 64> IdentifierVector;
+        IdentifierVector m_identifiers;
+    };
+
+    ALWAYS_INLINE const Identifier& IdentifierArena::makeIdentifier(JSGlobalData* globalData, const UChar* characters, size_t length)
+    {
+        m_identifiers.append(Identifier(globalData, characters, length));
+        return m_identifiers.last();
+    }
+
+    inline const Identifier& IdentifierArena::makeNumericIdentifier(JSGlobalData* globalData, double number)
+    {
+        m_identifiers.append(Identifier(globalData, UString::from(number)));
+        return m_identifiers.last();
+    }
+
+    class ParserArena : Noncopyable {
+    public:
+        ParserArena();
+        ~ParserArena();
+
+        void swap(ParserArena& otherArena)
+        {
+            std::swap(m_freeableMemory, otherArena.m_freeableMemory);
+            std::swap(m_freeablePoolEnd, otherArena.m_freeablePoolEnd);
+            m_identifierArena.swap(otherArena.m_identifierArena);
+            m_freeablePools.swap(otherArena.m_freeablePools);
+            m_deletableObjects.swap(otherArena.m_deletableObjects);
+            m_refCountedObjects.swap(otherArena.m_refCountedObjects);
+        }
+
+        void* allocateFreeable(size_t size)
+        {
+            ASSERT(size);
+            ASSERT(size <= freeablePoolSize);
+            size_t alignedSize = alignSize(size);
+            ASSERT(alignedSize <= freeablePoolSize);
+            if (UNLIKELY(static_cast<size_t>(m_freeablePoolEnd - m_freeableMemory) < alignedSize))
+                allocateFreeablePool();
+            void* block = m_freeableMemory;
+            m_freeableMemory += alignedSize;
+            return block;
+        }
+
+        void* allocateDeletable(size_t size)
+        {
+            ParserArenaDeletable* deletable = static_cast<ParserArenaDeletable*>(fastMalloc(size));
+            m_deletableObjects.append(deletable);
+            return deletable;
+        }
+
+        void derefWithArena(PassRefPtr<ParserArenaRefCounted>);
+        bool contains(ParserArenaRefCounted*) const;
+        ParserArenaRefCounted* last() const;
+        void removeLast();
+
+        bool isEmpty() const;
+        void reset();
+
+        IdentifierArena& identifierArena() { return *m_identifierArena; }
+
+    private:
+        static const size_t freeablePoolSize = 8000;
+
+        static size_t alignSize(size_t size)
+        {
+            return (size + sizeof(WTF::AllocAlignmentInteger) - 1) & ~(sizeof(WTF::AllocAlignmentInteger) - 1);
+        }
+
+        void* freeablePool();
+        void allocateFreeablePool();
+        void deallocateObjects();
+
+        char* m_freeableMemory;
+        char* m_freeablePoolEnd;
+
+        OwnPtr<IdentifierArena> m_identifierArena;
+        Vector<void*> m_freeablePools;
+        Vector<ParserArenaDeletable*> m_deletableObjects;
+        Vector<RefPtr<ParserArenaRefCounted> > m_refCountedObjects;
+    };
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/ResultType.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ResultType.h
new file mode 100644
index 000000000..27b8112a0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/ResultType.h
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef ResultType_h
+#define ResultType_h
+
+namespace JSC {
+
+    struct ResultType {
+        friend struct OperandTypes;
+
+        typedef char Type;
+        static const Type TypeReusable = 1;
+        static const Type TypeInt32    = 2;
+        
+        static const Type TypeMaybeNumber = 0x04;
+        static const Type TypeMaybeString = 0x08;
+        static const Type TypeMaybeNull   = 0x10;
+        static const Type TypeMaybeBool   = 0x20;
+        static const Type TypeMaybeOther  = 0x40;
+
+        static const Type TypeBits = TypeMaybeNumber | TypeMaybeString | TypeMaybeNull | TypeMaybeBool | TypeMaybeOther;
+
+        explicit ResultType(Type type)
+            : m_type(type)
+        {
+        }
+        
+        bool isReusable()
+        {
+            return m_type & TypeReusable;
+        }
+
+        bool isInt32()
+        {
+            return m_type & TypeInt32;
+        }
+
+        bool definitelyIsNumber()
+        {
+            return (m_type & TypeBits) == TypeMaybeNumber;
+        }
+        
+        bool definitelyIsString()
+        {
+            return (m_type & TypeBits) == TypeMaybeString;
+        }
+
+        bool mightBeNumber()
+        {
+            return m_type & TypeMaybeNumber;
+        }
+
+        bool isNotNumber()
+        {
+            return !mightBeNumber();
+        }
+        
+        static ResultType nullType()
+        {
+            return ResultType(TypeMaybeNull);
+        }
+        
+        static ResultType booleanType()
+        {
+            return ResultType(TypeMaybeBool);
+        }
+        
+        static ResultType numberType()
+        {
+            return ResultType(TypeMaybeNumber);
+        }
+        
+        static ResultType numberTypeCanReuse()
+        {
+            return ResultType(TypeReusable | TypeMaybeNumber);
+        }
+        
+        static ResultType numberTypeCanReuseIsInt32()
+        {
+            return ResultType(TypeReusable | TypeInt32 | TypeMaybeNumber);
+        }
+        
+        static ResultType stringOrNumberTypeCanReuse()
+        {
+            return ResultType(TypeReusable | TypeMaybeNumber | TypeMaybeString);
+        }
+        
+        static ResultType stringType()
+        {
+            return ResultType(TypeMaybeString);
+        }
+        
+        static ResultType unknownType()
+        {
+            return ResultType(TypeBits);
+        }
+        
+        static ResultType forAdd(ResultType op1, ResultType op2)
+        {
+            if (op1.definitelyIsNumber() && op2.definitelyIsNumber())
+                return numberTypeCanReuse();
+            if (op1.definitelyIsString() || op2.definitelyIsString())
+                return stringType();
+            return stringOrNumberTypeCanReuse();
+        }
+        
+        static ResultType forBitOp()
+        {
+            return numberTypeCanReuseIsInt32();
+        }
+
+    private:
+        Type m_type;
+    };
+    
+    struct OperandTypes
+    {
+        OperandTypes(ResultType first = ResultType::unknownType(), ResultType second = ResultType::unknownType())
+        {
+            // We have to initialize one of the int to ensure that
+            // the entire struct is initialized.
+            m_u.i = 0;
+            m_u.rds.first = first.m_type;
+            m_u.rds.second = second.m_type;
+        }
+        
+        union {
+            struct {
+                ResultType::Type first;
+                ResultType::Type second;
+            } rds;
+            int i;
+        } m_u;
+
+        ResultType first()
+        {
+            return ResultType(m_u.rds.first);
+        }
+
+        ResultType second()
+        {
+            return ResultType(m_u.rds.second);
+        }
+
+        int toInt()
+        {
+            return m_u.i;
+        }
+        static OperandTypes fromInt(int value)
+        {
+            OperandTypes types;
+            types.m_u.i = value;
+            return types;
+        }
+    };
+
+} // namespace JSC
+
+#endif // ResultType_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceCode.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceCode.h
new file mode 100644
index 000000000..305b80444
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceCode.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SourceCode_h
+#define SourceCode_h
+
+#include "SourceProvider.h"
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class SourceCode {
+    public:
+        SourceCode()
+            : m_startChar(0)
+            , m_endChar(0)
+            , m_firstLine(0)
+        {
+        }
+
+        SourceCode(PassRefPtr<SourceProvider> provider, int firstLine = 1)
+            : m_provider(provider)
+            , m_startChar(0)
+            , m_endChar(m_provider->length())
+#ifdef QT_BUILD_SCRIPT_LIB
+            , m_firstLine(firstLine)
+#else
+            , m_firstLine(std::max(firstLine, 1))
+#endif
+        {
+        }
+
+        SourceCode(PassRefPtr<SourceProvider> provider, int start, int end, int firstLine)
+            : m_provider(provider)
+            , m_startChar(start)
+            , m_endChar(end)
+#ifdef QT_BUILD_SCRIPT_LIB
+            , m_firstLine(firstLine)
+#else
+            , m_firstLine(std::max(firstLine, 1))
+#endif
+        {
+        }
+
+        UString toString() const
+        {
+            if (!m_provider)
+                return UString();
+            return m_provider->getRange(m_startChar, m_endChar);
+        }
+        
+        bool isNull() const { return !m_provider; }
+        SourceProvider* provider() const { return m_provider.get(); }
+        int firstLine() const { return m_firstLine; }
+        int startOffset() const { return m_startChar; }
+        int endOffset() const { return m_endChar; }
+        const UChar* data() const { return m_provider->data() + m_startChar; }
+        int length() const { return m_endChar - m_startChar; }
+
+    private:
+        RefPtr<SourceProvider> m_provider;
+        int m_startChar;
+        int m_endChar;
+        int m_firstLine;
+    };
+
+    inline SourceCode makeSource(const UString& source, const UString& url = UString(), int firstLine = 1)
+    {
+        return SourceCode(UStringSourceProvider::create(source, url), firstLine);
+    }
+
+} // namespace JSC
+
+#endif // SourceCode_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceProvider.h b/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceProvider.h
new file mode 100644
index 000000000..cc605ca5c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/parser/SourceProvider.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SourceProvider_h
+#define SourceProvider_h
+
+#include "UString.h"
+#include <wtf/RefCounted.h>
+
+namespace JSC {
+
+    enum SourceBOMPresence { SourceHasNoBOMs, SourceCouldHaveBOMs };
+
+    class SourceProvider : public RefCounted<SourceProvider> {
+    public:
+        SourceProvider(const UString& url, SourceBOMPresence hasBOMs = SourceCouldHaveBOMs)
+            : m_url(url)
+            , m_hasBOMs(hasBOMs)
+        {
+        }
+        virtual ~SourceProvider() { }
+
+        virtual UString getRange(int start, int end) const = 0;
+        virtual const UChar* data() const = 0;
+        virtual int length() const = 0;
+        
+        const UString& url() { return m_url; }
+        intptr_t asID() { return reinterpret_cast<intptr_t>(this); }
+
+        SourceBOMPresence hasBOMs() const { return m_hasBOMs; }
+
+    private:
+        UString m_url;
+        SourceBOMPresence m_hasBOMs;
+    };
+
+    class UStringSourceProvider : public SourceProvider {
+    public:
+        static PassRefPtr<UStringSourceProvider> create(const UString& source, const UString& url)
+        {
+            return adoptRef(new UStringSourceProvider(source, url));
+        }
+
+        UString getRange(int start, int end) const { return m_source.substr(start, end - start); }
+        const UChar* data() const { return m_source.data(); }
+        int length() const { return m_source.size(); }
+
+#ifdef QT_BUILD_SCRIPT_LIB
+    protected:
+#else
+    private:
+#endif
+        UStringSourceProvider(const UString& source, const UString& url)
+            : SourceProvider(url)
+            , m_source(source)
+        {
+        }
+
+        UString m_source;
+    };
+    
+} // namespace JSC
+
+#endif // SourceProvider_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/AUTHORS b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/AUTHORS
new file mode 100644
index 000000000..dbac2a548
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/AUTHORS
@@ -0,0 +1,12 @@
+Originally written by:  Philip Hazel
+Email local part:       ph10
+Email domain:           cam.ac.uk
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2005 University of Cambridge. All rights reserved.
+
+Adapted for JavaScriptCore and WebKit by Apple Inc.
+
+Copyright (c) 2005, 2006, 2007 Apple Inc. All rights reserved.
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/COPYING b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/COPYING
new file mode 100644
index 000000000..6ffdc2434
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/COPYING
@@ -0,0 +1,35 @@
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed.
+
+Copyright (c) 1997-2005 University of Cambridge. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the name of Apple
+      Inc. nor the names of their contributors may be used to endorse or
+      promote products derived from this software without specific prior
+      written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/dftables b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/dftables
new file mode 100755
index 000000000..1f0ea01df
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/dftables
@@ -0,0 +1,272 @@
+#!/usr/bin/perl -w
+#
+# This is JavaScriptCore's variant of the PCRE library. While this library
+# started out as a copy of PCRE, many of the features of PCRE have been
+# removed. This library now supports only the regular expression features
+# required by the JavaScript language specification, and has only the functions
+# needed by JavaScriptCore and the rest of WebKit.
+# 
+#                  Originally written by Philip Hazel
+#            Copyright (c) 1997-2006 University of Cambridge
+#  Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc.  All rights reserved.
+# 
+# -----------------------------------------------------------------------------
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+#     * Redistributions of source code must retain the above copyright notice,
+#       this list of conditions and the following disclaimer.
+# 
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+# 
+#     * Neither the name of the University of Cambridge nor the names of its
+#       contributors may be used to endorse or promote products derived from
+#       this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+# This is a freestanding support program to generate a file containing
+# character tables. The tables are built according to the default C
+# locale.
+
+use strict;
+
+use File::Basename;
+use File::Spec;
+use File::Temp qw(tempfile);
+use Getopt::Long;
+
+sub readHeaderValues();
+
+my %pcre_internal;
+
+if (scalar(@ARGV) < 1) {
+    print STDERR "Usage: ", basename($0), " [--preprocessor=program] output-file\n";
+    exit 1;
+}
+
+my $outputFile;
+my $preprocessor;
+GetOptions('preprocessor=s' => \$preprocessor);
+if (not $preprocessor) {
+    $preprocessor = "cpp";
+}
+
+$outputFile = $ARGV[0];
+die('Must specify output file.') unless defined($outputFile);
+
+readHeaderValues();
+
+open(OUT, ">", $outputFile) or die "$!";
+binmode(OUT);
+
+printf(OUT
+    "/*************************************************\n" .
+    "*      Perl-Compatible Regular Expressions       *\n" .
+    "*************************************************/\n\n" .
+    "/* This file is automatically written by the dftables auxiliary \n" .
+    "program. If you edit it by hand, you might like to edit the Makefile to \n" .
+    "prevent its ever being regenerated.\n\n");
+printf(OUT
+    "This file contains the default tables for characters with codes less than\n" .
+    "128 (ASCII characters). These tables are used when no external tables are\n" .
+    "passed to PCRE. */\n\n" .
+    "const unsigned char jsc_pcre_default_tables[%d] = {\n\n" .
+    "/* This table is a lower casing table. */\n\n", $pcre_internal{tables_length});
+
+if ($pcre_internal{lcc_offset} != 0) {
+    die "lcc_offset != 0";
+}
+
+printf(OUT "  ");
+for (my $i = 0; $i < 128; $i++) {
+    if (($i & 7) == 0 && $i != 0) {
+        printf(OUT "\n  ");
+    }
+    printf(OUT "0x%02X", ord(lc(chr($i))));
+    if ($i != 127) {
+        printf(OUT ", ");
+    }
+}
+printf(OUT ",\n\n");
+
+printf(OUT "/* This table is a case flipping table. */\n\n");
+
+if ($pcre_internal{fcc_offset} != 128) {
+  die "fcc_offset != 128";
+}
+
+printf(OUT "  ");
+for (my $i = 0; $i < 128; $i++) {
+    if (($i & 7) == 0 && $i != 0) {
+        printf(OUT "\n  ");
+    }
+    my $c = chr($i);
+    printf(OUT "0x%02X", $c =~ /[[:lower:]]/ ? ord(uc($c)) : ord(lc($c)));
+    if ($i != 127) {
+        printf(OUT ", ");
+    }
+}
+printf(OUT ",\n\n");
+
+printf(OUT
+    "/* This table contains bit maps for various character classes.\n" .
+    "Each map is 32 bytes long and the bits run from the least\n" .
+    "significant end of each byte. The classes are: space, digit, word. */\n\n");
+
+if ($pcre_internal{cbits_offset} != $pcre_internal{fcc_offset} + 128) {
+    die "cbits_offset != fcc_offset + 128";
+}
+
+my @cbit_table = (0) x $pcre_internal{cbit_length};
+for (my $i = ord('0'); $i <= ord('9'); $i++) {
+    $cbit_table[$pcre_internal{cbit_digit} + $i / 8] |= 1 << ($i & 7);
+}
+$cbit_table[$pcre_internal{cbit_word} + ord('_') / 8] |= 1 << (ord('_') & 7);
+for (my $i = 0; $i < 128; $i++) {
+    my $c = chr($i);
+    if ($c =~ /[[:alnum:]]/) {
+        $cbit_table[$pcre_internal{cbit_word} + $i / 8] |= 1 << ($i & 7);
+    }
+    if ($c =~ /[[:space:]]/) {
+        $cbit_table[$pcre_internal{cbit_space} + $i / 8] |= 1 << ($i & 7);
+    }
+}
+
+printf(OUT "  ");
+for (my $i = 0; $i < $pcre_internal{cbit_length}; $i++) {
+    if (($i & 7) == 0 && $i != 0) {
+        if (($i & 31) == 0) {
+            printf(OUT "\n");
+        }
+        printf(OUT "\n  ");
+    }
+    printf(OUT "0x%02X", $cbit_table[$i]);
+    if ($i != $pcre_internal{cbit_length} - 1) {
+        printf(OUT ", ");
+    }
+}
+printf(OUT ",\n\n");
+
+printf(OUT
+    "/* This table identifies various classes of character by individual bits:\n" .
+    "  0x%02x   white space character\n" .
+    "  0x%02x   hexadecimal digit\n" .
+    "  0x%02x   alphanumeric or '_'\n*/\n\n",
+    $pcre_internal{ctype_space}, $pcre_internal{ctype_xdigit}, $pcre_internal{ctype_word});
+
+if ($pcre_internal{ctypes_offset} != $pcre_internal{cbits_offset} + $pcre_internal{cbit_length}) {
+    die "ctypes_offset != cbits_offset + cbit_length";
+}
+
+printf(OUT "  ");
+for (my $i = 0; $i < 128; $i++) {
+    my $x = 0;
+    my $c = chr($i);
+    if ($c =~ /[[:space:]]/) {
+        $x += $pcre_internal{ctype_space};
+    }
+    if ($c =~ /[[:xdigit:]]/) {
+        $x += $pcre_internal{ctype_xdigit};
+    }
+    if ($c =~ /[[:alnum:]_]/) {
+        $x += $pcre_internal{ctype_word};
+    }
+    printf(OUT "0x%02X", $x);
+    if ($i != 127) {
+        printf(OUT ", ");
+    } else {
+        printf(OUT "};");
+    }
+    if (($i & 7) == 7) {
+        printf(OUT " /* ");
+        my $d = chr($i - 7);
+        if ($d =~ /[[:print:]]/) {
+            printf(OUT " %c -", $i - 7);
+        } else {
+            printf(OUT "%3d-", $i - 7);
+        }
+        if ($c =~ m/[[:print:]]/) {
+            printf(OUT " %c ", $i);
+        } else {
+            printf(OUT "%3d", $i);
+        }
+        printf(OUT " */\n");
+        if ($i != 127) {
+            printf(OUT "  ");
+        }
+    }
+}
+
+if ($pcre_internal{tables_length} != $pcre_internal{ctypes_offset} + 128) {
+    die "tables_length != ctypes_offset + 128";
+}
+
+printf(OUT "\n\n/* End of chartables.c */\n");
+
+close(OUT);
+
+exit 0;
+
+sub readHeaderValues()
+{
+    my @variables = qw(
+        cbit_digit
+        cbit_length
+        cbit_space
+        cbit_word
+        cbits_offset
+        ctype_space
+        ctype_word
+        ctype_xdigit
+        ctypes_offset
+        fcc_offset
+        lcc_offset
+        tables_length
+    );
+
+    local $/ = undef;
+
+    my $headerPath = File::Spec->catfile(dirname($0), "pcre_internal.h");
+ 
+    my ($fh, $tempFile) = tempfile(
+        basename($0) . "-XXXXXXXX",
+        DIR => File::Spec->tmpdir(),
+        SUFFIX => ".in",
+        UNLINK => 0,
+    );
+
+    print $fh "#define DFTABLES\n\n";
+
+    open(HEADER, "<", $headerPath) or die "$!";
+    print $fh <HEADER>;
+    close(HEADER);
+
+    print $fh "\n\n";
+
+    for my $v (@variables) {
+        print $fh "\$pcre_internal{\"$v\"} = $v;\n";
+    }
+
+    close($fh);
+
+    open(CPP, "$preprocessor \"$tempFile\" |") or die "$!";
+    my $content = <CPP>;
+    close(CPP);
+    
+    eval $content;
+    die "$@" if $@;
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.h b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.h
new file mode 100644
index 000000000..55044fd41
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.h
@@ -0,0 +1,68 @@
+/* This is the public header file for JavaScriptCore's variant of the PCRE
+library. While this library started out as a copy of PCRE, many of the
+features of PCRE have been removed. This library now supports only the
+regular expression features required by the JavaScript language
+specification, and has only the functions needed by JavaScriptCore and the
+rest of WebKit.
+
+           Copyright (c) 1997-2005 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+// FIXME: This file needs to be renamed to JSRegExp.h; it's no longer PCRE.
+
+#ifndef JSRegExp_h
+#define JSRegExp_h
+
+#include <wtf/unicode/Unicode.h>
+
+struct JSRegExp;
+
+enum JSRegExpIgnoreCaseOption { JSRegExpDoNotIgnoreCase, JSRegExpIgnoreCase };
+enum JSRegExpMultilineOption { JSRegExpSingleLine, JSRegExpMultiline };
+
+/* jsRegExpExecute error codes */
+const int JSRegExpErrorNoMatch = -1;
+const int JSRegExpErrorHitLimit = -2;
+const int JSRegExpErrorNoMemory = -3;
+const int JSRegExpErrorInternal = -4;
+
+JSRegExp* jsRegExpCompile(const UChar* pattern, int patternLength,
+    JSRegExpIgnoreCaseOption, JSRegExpMultilineOption,
+    unsigned* numSubpatterns, const char** errorMessage);
+
+int jsRegExpExecute(const JSRegExp*,
+    const UChar* subject, int subjectLength, int startOffset,
+    int* offsetsVector, int offsetsVectorLength);
+
+void jsRegExpFree(JSRegExp*);
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.pri b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.pri
new file mode 100644
index 000000000..c33c67ce9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre.pri
@@ -0,0 +1,35 @@
+# Perl Compatible Regular Expressions - Qt4 build info
+VPATH += $$PWD
+INCLUDEPATH += $$PWD $$OUTPUT_DIR/JavaScriptCore/tmp
+DEPENDPATH += $$PWD
+
+isEmpty(GENERATED_SOURCES_DIR):GENERATED_SOURCES_DIR = tmp
+
+SOURCES += \
+    pcre_compile.cpp \
+    pcre_exec.cpp \
+    pcre_tables.cpp \
+    pcre_ucp_searchfuncs.cpp \
+    pcre_xclass.cpp
+
+!CONFIG(QTDIR_build) {
+    defineTest(addExtraCompiler) {
+        QMAKE_EXTRA_COMPILERS += $$1
+        generated_files.depends += compiler_$${1}_make_all
+        export(QMAKE_EXTRA_COMPILERS)
+        export(generated_files.depends)
+        return(true)
+    }
+}
+
+# GENERATOR: "chartables.c": compile and execute the chartables generator (and add it to sources)
+win32-msvc*|wince*: PREPROCESSOR = "--preprocessor=\"$$QMAKE_CC /E\""
+DFTABLES = $$PWD/dftables
+ctgen.input = DFTABLES
+ctgen.output = $$GENERATED_SOURCES_DIR/chartables.c
+ctgen.commands = perl $$DFTABLES ${QMAKE_FILE_OUT} $$PREPROCESSOR
+ctgen.CONFIG += target_predeps no_link
+ctgen.variable_out = GENERATED_SOURCES
+ctgen.dependency_type = TYPE_C
+ctgen.clean = ${QMAKE_FILE_OUT} ${QMAKE_VAR_GENERATED_SOURCES_DIR}${QMAKE_FILE_BASE}
+addExtraCompiler(ctgen)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_compile.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_compile.cpp
new file mode 100644
index 000000000..2bedca669
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_compile.cpp
@@ -0,0 +1,2706 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+    Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* This module contains the external function jsRegExpExecute(), along with
+supporting internal functions that are not used by other modules. */
+
+#include "config.h"
+
+#include "pcre_internal.h"
+
+#include <string.h>
+#include <wtf/ASCIICType.h>
+#include <wtf/FastMalloc.h>
+
+using namespace WTF;
+
+/* Negative values for the firstchar and reqchar variables */
+
+#define REQ_UNSET (-2)
+#define REQ_NONE  (-1)
+
+/*************************************************
+*      Code parameters and static tables         *
+*************************************************/
+
+/* Maximum number of items on the nested bracket stacks at compile time. This
+applies to the nesting of all kinds of parentheses. It does not limit
+un-nested, non-capturing parentheses. This number can be made bigger if
+necessary - it is used to dimension one int and one unsigned char vector at
+compile time. */
+
+#define BRASTACK_SIZE 200
+
+/* Table for handling escaped characters in the range '0'-'z'. Positive returns
+are simple data values; negative values are for special things like \d and so
+on. Zero means further processing is needed (for things like \x), or the escape
+is invalid. */
+
+static const short escapes[] = {
+     0,      0,      0,      0,      0,      0,      0,      0,   /* 0 - 7 */
+     0,      0,    ':',    ';',    '<',    '=',    '>',    '?',   /* 8 - ? */
+   '@',      0, -ESC_B,      0, -ESC_D,      0,      0,      0,   /* @ - G */
+     0,      0,      0,      0,      0,      0,      0,      0,   /* H - O */
+     0,      0,      0, -ESC_S,      0,      0,      0, -ESC_W,   /* P - W */
+     0,      0,      0,    '[',   '\\',    ']',    '^',    '_',   /* X - _ */
+   '`',      7, -ESC_b,      0, -ESC_d,      0,   '\f',      0,   /* ` - g */
+     0,      0,      0,      0,      0,      0,   '\n',      0,   /* h - o */
+     0,      0,    '\r', -ESC_s,   '\t',      0,  '\v', -ESC_w,   /* p - w */
+     0,      0,      0                                            /* x - z */
+};
+
+/* Error code numbers. They are given names so that they can more easily be
+tracked. */
+
+enum ErrorCode {
+    ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, ERR7, ERR8, ERR9,
+    ERR10, ERR11, ERR12, ERR13, ERR14, ERR15, ERR16, ERR17
+};
+
+/* The texts of compile-time error messages. These are "char *" because they
+are passed to the outside world. */
+
+static const char* errorText(ErrorCode code)
+{
+    static const char errorTexts[] =
+      /* 1 */
+      "\\ at end of pattern\0"
+      "\\c at end of pattern\0"
+      "character value in \\x{...} sequence is too large\0"
+      "numbers out of order in {} quantifier\0"
+      /* 5 */
+      "number too big in {} quantifier\0"
+      "missing terminating ] for character class\0"
+      "internal error: code overflow\0"
+      "range out of order in character class\0"
+      "nothing to repeat\0"
+      /* 10 */
+      "unmatched parentheses\0"
+      "internal error: unexpected repeat\0"
+      "unrecognized character after (?\0"
+      "failed to get memory\0"
+      "missing )\0"
+      /* 15 */
+      "reference to non-existent subpattern\0"
+      "regular expression too large\0"
+      "parentheses nested too deeply"
+    ;
+
+    int i = code;
+    const char* text = errorTexts;
+    while (i > 1)
+        i -= !*text++;
+    return text;
+}
+
+/* Structure for passing "static" information around between the functions
+doing the compiling. */
+
+struct CompileData {
+    CompileData() {
+        topBackref = 0;
+        backrefMap = 0;
+        reqVaryOpt = 0;
+        needOuterBracket = false;
+        numCapturingBrackets = 0;
+    }
+    int topBackref;            /* Maximum back reference */
+    unsigned backrefMap;       /* Bitmap of low back refs */
+    int reqVaryOpt;            /* "After variable item" flag for reqByte */
+    bool needOuterBracket;
+    int numCapturingBrackets;
+};
+
+/* Definitions to allow mutual recursion */
+
+static bool compileBracket(int, int*, unsigned char**, const UChar**, const UChar*, ErrorCode*, int, int*, int*, CompileData&);
+static bool bracketIsAnchored(const unsigned char* code);
+static bool bracketNeedsLineStart(const unsigned char* code, unsigned captureMap, unsigned backrefMap);
+static int bracketFindFirstAssertedCharacter(const unsigned char* code, bool inassert);
+
+/*************************************************
+*            Handle escapes                      *
+*************************************************/
+
+/* This function is called when a \ has been encountered. It either returns a
+positive value for a simple escape such as \n, or a negative value which
+encodes one of the more complicated things such as \d. When UTF-8 is enabled,
+a positive value greater than 255 may be returned. On entry, ptr is pointing at
+the \. On exit, it is on the final character of the escape sequence.
+
+Arguments:
+  ptrPtr         points to the pattern position pointer
+  errorCodePtr   points to the errorcode variable
+  bracount       number of previous extracting brackets
+  options        the options bits
+  isClass        true if inside a character class
+
+Returns:         zero or positive => a data character
+                 negative => a special escape sequence
+                 on error, errorPtr is set
+*/
+
+static int checkEscape(const UChar** ptrPtr, const UChar* patternEnd, ErrorCode* errorCodePtr, int bracount, bool isClass)
+{
+    const UChar* ptr = *ptrPtr + 1;
+
+    /* If backslash is at the end of the pattern, it's an error. */
+    if (ptr == patternEnd) {
+        *errorCodePtr = ERR1;
+        *ptrPtr = ptr;
+        return 0;
+    }
+    
+    int c = *ptr;
+    
+    /* Non-alphamerics are literals. For digits or letters, do an initial lookup in
+     a table. A non-zero result is something that can be returned immediately.
+     Otherwise further processing may be required. */
+    
+    if (c < '0' || c > 'z') { /* Not alphameric */
+    } else if (int escapeValue = escapes[c - '0']) {
+        c = escapeValue;
+        if (isClass) {
+            if (-c == ESC_b)
+                c = '\b'; /* \b is backslash in a class */
+            else if (-c == ESC_B)
+                c = 'B'; /* and \B is a capital B in a class (in browsers event though ECMAScript 15.10.2.19 says it raises an error) */
+        }
+    /* Escapes that need further processing, or are illegal. */
+    
+    } else {
+        switch (c) {
+            case '1':
+            case '2':
+            case '3':
+            case '4':
+            case '5':
+            case '6':
+            case '7':
+            case '8':
+            case '9':
+                /* Escape sequences starting with a non-zero digit are backreferences,
+                 unless there are insufficient brackets, in which case they are octal
+                 escape sequences. Those sequences end on the first non-octal character
+                 or when we overflow 0-255, whichever comes first. */
+                
+                if (!isClass) {
+                    const UChar* oldptr = ptr;
+                    c -= '0';
+                    while ((ptr + 1 < patternEnd) && isASCIIDigit(ptr[1]) && c <= bracount)
+                        c = c * 10 + *(++ptr) - '0';
+                    if (c <= bracount) {
+                        c = -(ESC_REF + c);
+                        break;
+                    }
+                    ptr = oldptr;      /* Put the pointer back and fall through */
+                }
+                
+                /* Handle an octal number following \. If the first digit is 8 or 9,
+                 this is not octal. */
+                
+                if ((c = *ptr) >= '8') {
+                    c = '\\';
+                    ptr -= 1;
+                    break;
+                }
+
+            /* \0 always starts an octal number, but we may drop through to here with a
+             larger first octal digit. */
+
+            case '0': {
+                c -= '0';
+                int i;
+                for (i = 1; i <= 2; ++i) {
+                    if (ptr + i >= patternEnd || ptr[i] < '0' || ptr[i] > '7')
+                        break;
+                    int cc = c * 8 + ptr[i] - '0';
+                    if (cc > 255)
+                        break;
+                    c = cc;
+                }
+                ptr += i - 1;
+                break;
+            }
+
+            case 'x': {
+                c = 0;
+                int i;
+                for (i = 1; i <= 2; ++i) {
+                    if (ptr + i >= patternEnd || !isASCIIHexDigit(ptr[i])) {
+                        c = 'x';
+                        i = 1;
+                        break;
+                    }
+                    int cc = ptr[i];
+                    if (cc >= 'a')
+                        cc -= 32;             /* Convert to upper case */
+                    c = c * 16 + cc - ((cc < 'A') ? '0' : ('A' - 10));
+                }
+                ptr += i - 1;
+                break;
+            }
+
+            case 'u': {
+                c = 0;
+                int i;
+                for (i = 1; i <= 4; ++i) {
+                    if (ptr + i >= patternEnd || !isASCIIHexDigit(ptr[i])) {
+                        c = 'u';
+                        i = 1;
+                        break;
+                    }
+                    int cc = ptr[i];
+                    if (cc >= 'a')
+                        cc -= 32;             /* Convert to upper case */
+                    c = c * 16 + cc - ((cc < 'A') ? '0' : ('A' - 10));
+                }
+                ptr += i - 1;
+                break;
+            }
+
+            case 'c':
+                if (++ptr == patternEnd) {
+                    *errorCodePtr = ERR2;
+                    return 0;
+                }
+                
+                c = *ptr;
+
+                /* To match Firefox, inside a character class, we also accept
+                   numbers and '_' as control characters */
+                if ((!isClass && !isASCIIAlpha(c)) || (!isASCIIAlphanumeric(c) && c != '_')) {
+                    c = '\\';
+                    ptr -= 2;
+                    break;
+                }
+
+                /* A letter is upper-cased; then the 0x40 bit is flipped. This coding
+                 is ASCII-specific, but then the whole concept of \cx is ASCII-specific. */
+                c = toASCIIUpper(c) ^ 0x40;
+                break;
+            }
+    }
+    
+    *ptrPtr = ptr;
+    return c;
+}
+
+/*************************************************
+*            Check for counted repeat            *
+*************************************************/
+
+/* This function is called when a '{' is encountered in a place where it might
+start a quantifier. It looks ahead to see if it really is a quantifier or not.
+It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
+where the ddds are digits.
+
+Arguments:
+  p         pointer to the first char after '{'
+
+Returns:    true or false
+*/
+
+static bool isCountedRepeat(const UChar* p, const UChar* patternEnd)
+{
+    if (p >= patternEnd || !isASCIIDigit(*p))
+        return false;
+    p++;
+    while (p < patternEnd && isASCIIDigit(*p))
+        p++;
+    if (p < patternEnd && *p == '}')
+        return true;
+    
+    if (p >= patternEnd || *p++ != ',')
+        return false;
+    if (p < patternEnd && *p == '}')
+        return true;
+    
+    if (p >= patternEnd || !isASCIIDigit(*p))
+        return false;
+    p++;
+    while (p < patternEnd && isASCIIDigit(*p))
+        p++;
+    
+    return (p < patternEnd && *p == '}');
+}
+
+/*************************************************
+*         Read repeat counts                     *
+*************************************************/
+
+/* Read an item of the form {n,m} and return the values. This is called only
+after isCountedRepeat() has confirmed that a repeat-count quantifier exists,
+so the syntax is guaranteed to be correct, but we need to check the values.
+
+Arguments:
+  p              pointer to first char after '{'
+  minp           pointer to int for min
+  maxp           pointer to int for max
+                 returned as -1 if no max
+  errorCodePtr   points to error code variable
+
+Returns:         pointer to '}' on success;
+                 current ptr on error, with errorCodePtr set non-zero
+*/
+
+static const UChar* readRepeatCounts(const UChar* p, int* minp, int* maxp, ErrorCode* errorCodePtr)
+{
+    int min = 0;
+    int max = -1;
+    
+    /* Read the minimum value and do a paranoid check: a negative value indicates
+     an integer overflow. */
+    
+    while (isASCIIDigit(*p))
+        min = min * 10 + *p++ - '0';
+    if (min < 0 || min > 65535) {
+        *errorCodePtr = ERR5;
+        return p;
+    }
+    
+    /* Read the maximum value if there is one, and again do a paranoid on its size.
+     Also, max must not be less than min. */
+    
+    if (*p == '}')
+        max = min;
+    else {
+        if (*(++p) != '}') {
+            max = 0;
+            while (isASCIIDigit(*p))
+                max = max * 10 + *p++ - '0';
+            if (max < 0 || max > 65535) {
+                *errorCodePtr = ERR5;
+                return p;
+            }
+            if (max < min) {
+                *errorCodePtr = ERR4;
+                return p;
+            }
+        }
+    }
+    
+    /* Fill in the required variables, and pass back the pointer to the terminating
+     '}'. */
+    
+    *minp = min;
+    *maxp = max;
+    return p;
+}
+
+/*************************************************
+*      Find first significant op code            *
+*************************************************/
+
+/* This is called by several functions that scan a compiled expression looking
+for a fixed first character, or an anchoring op code etc. It skips over things
+that do not influence this.
+
+Arguments:
+  code         pointer to the start of the group
+Returns:       pointer to the first significant opcode
+*/
+
+static const unsigned char* firstSignificantOpcode(const unsigned char* code)
+{
+    while (*code == OP_BRANUMBER)
+        code += 3;
+    return code;
+}
+
+static const unsigned char* firstSignificantOpcodeSkippingAssertions(const unsigned char* code)
+{
+    while (true) {
+        switch (*code) {
+            case OP_ASSERT_NOT:
+                advanceToEndOfBracket(code);
+                code += 1 + LINK_SIZE;
+                break;
+            case OP_WORD_BOUNDARY:
+            case OP_NOT_WORD_BOUNDARY:
+                ++code;
+                break;
+            case OP_BRANUMBER:
+                code += 3;
+                break;
+            default:
+                return code;
+        }
+    }
+}
+
+/*************************************************
+*           Get othercase range                  *
+*************************************************/
+
+/* This function is passed the start and end of a class range, in UTF-8 mode
+with UCP support. It searches up the characters, looking for internal ranges of
+characters in the "other" case. Each call returns the next one, updating the
+start address.
+
+Arguments:
+  cptr        points to starting character value; updated
+  d           end value
+  ocptr       where to put start of othercase range
+  odptr       where to put end of othercase range
+
+Yield:        true when range returned; false when no more
+*/
+
+static bool getOthercaseRange(int* cptr, int d, int* ocptr, int* odptr)
+{
+    int c, othercase = 0;
+    
+    for (c = *cptr; c <= d; c++) {
+        if ((othercase = jsc_pcre_ucp_othercase(c)) >= 0)
+            break;
+    }
+    
+    if (c > d)
+        return false;
+    
+    *ocptr = othercase;
+    int next = othercase + 1;
+    
+    for (++c; c <= d; c++) {
+        if (jsc_pcre_ucp_othercase(c) != next)
+            break;
+        next++;
+    }
+    
+    *odptr = next - 1;
+    *cptr = c;
+    
+    return true;
+}
+
+/*************************************************
+ *       Convert character value to UTF-8         *
+ *************************************************/
+
+/* This function takes an integer value in the range 0 - 0x7fffffff
+ and encodes it as a UTF-8 character in 0 to 6 bytes.
+ 
+ Arguments:
+ cvalue     the character value
+ buffer     pointer to buffer for result - at least 6 bytes long
+ 
+ Returns:     number of characters placed in the buffer
+ */
+
+static int encodeUTF8(int cvalue, unsigned char *buffer)
+{
+    int i;
+    for (i = 0; i < jsc_pcre_utf8_table1_size; i++)
+        if (cvalue <= jsc_pcre_utf8_table1[i])
+            break;
+    buffer += i;
+    for (int j = i; j > 0; j--) {
+        *buffer-- = 0x80 | (cvalue & 0x3f);
+        cvalue >>= 6;
+    }
+    *buffer = jsc_pcre_utf8_table2[i] | cvalue;
+    return i + 1;
+}
+
+/*************************************************
+*           Compile one branch                   *
+*************************************************/
+
+/* Scan the pattern, compiling it into the code vector.
+
+Arguments:
+  options        the option bits
+  brackets       points to number of extracting brackets used
+  codePtr        points to the pointer to the current code point
+  ptrPtr         points to the current pattern pointer
+  errorCodePtr   points to error code variable
+  firstbyteptr   set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
+  reqbyteptr     set to the last literal character required, else < 0
+  cd             contains pointers to tables etc.
+
+Returns:         true on success
+                 false, with *errorCodePtr set non-zero on error
+*/
+
+static inline bool safelyCheckNextChar(const UChar* ptr, const UChar* patternEnd, UChar expected)
+{
+    return ((ptr + 1 < patternEnd) && ptr[1] == expected);
+}
+
+static bool
+compileBranch(int options, int* brackets, unsigned char** codePtr,
+               const UChar** ptrPtr, const UChar* patternEnd, ErrorCode* errorCodePtr, int *firstbyteptr,
+               int* reqbyteptr, CompileData& cd)
+{
+    int repeatType, opType;
+    int repeatMin = 0, repeat_max = 0;      /* To please picky compilers */
+    int bravalue = 0;
+    int reqvary, tempreqvary;
+    int c;
+    unsigned char* code = *codePtr;
+    unsigned char* tempcode;
+    bool didGroupSetFirstByte = false;
+    const UChar* ptr = *ptrPtr;
+    const UChar* tempptr;
+    unsigned char* previous = NULL;
+    unsigned char classbits[32];
+    
+    bool class_utf8;
+    unsigned char* class_utf8data;
+    unsigned char utf8_char[6];
+    
+    /* Initialize no first byte, no required byte. REQ_UNSET means "no char
+     matching encountered yet". It gets changed to REQ_NONE if we hit something that
+     matches a non-fixed char first char; reqByte just remains unset if we never
+     find one.
+     
+     When we hit a repeat whose minimum is zero, we may have to adjust these values
+     to take the zero repeat into account. This is implemented by setting them to
+     zeroFirstByte and zeroReqByte when such a repeat is encountered. The individual
+     item types that can be repeated set these backoff variables appropriately. */
+    
+    int firstByte = REQ_UNSET;
+    int reqByte = REQ_UNSET;
+    int zeroReqByte = REQ_UNSET;
+    int zeroFirstByte = REQ_UNSET;
+    
+    /* The variable reqCaseOpt contains either the REQ_IGNORE_CASE value or zero,
+     according to the current setting of the ignores-case flag. REQ_IGNORE_CASE is a bit
+     value > 255. It is added into the firstByte or reqByte variables to record the
+     case status of the value. This is used only for ASCII characters. */
+    
+    int reqCaseOpt = (options & IgnoreCaseOption) ? REQ_IGNORE_CASE : 0;
+    
+    /* Switch on next character until the end of the branch */
+    
+    for (;; ptr++) {
+        bool negateClass;
+        bool shouldFlipNegation; /* If a negative special such as \S is used, we should negate the whole class to properly support Unicode. */
+        int classCharCount;
+        int classLastChar;
+        int skipBytes;
+        int subReqByte;
+        int subFirstByte;
+        int mcLength;
+        unsigned char mcbuffer[8];
+        
+        /* Next byte in the pattern */
+        
+        c = ptr < patternEnd ? *ptr : 0;
+        
+        /* Fill in length of a previous callout, except when the next thing is
+         a quantifier. */
+        
+        bool isQuantifier = c == '*' || c == '+' || c == '?' || (c == '{' && isCountedRepeat(ptr + 1, patternEnd));
+        
+        switch (c) {
+            /* The branch terminates at end of string, |, or ). */
+                
+            case 0:
+                if (ptr < patternEnd)
+                    goto NORMAL_CHAR;
+                // End of string; fall through
+            case '|':
+            case ')':
+                *firstbyteptr = firstByte;
+                *reqbyteptr = reqByte;
+                *codePtr = code;
+                *ptrPtr = ptr;
+                return true;
+                
+            /* Handle single-character metacharacters. In multiline mode, ^ disables
+             the setting of any following char as a first character. */
+
+            case '^':
+                if (options & MatchAcrossMultipleLinesOption) {
+                    if (firstByte == REQ_UNSET)
+                        firstByte = REQ_NONE;
+                    *code++ = OP_BOL;
+                } else
+                    *code++ = OP_CIRC;
+                previous = NULL;
+                break;
+
+            case '$':
+                previous = NULL;
+                if (options & MatchAcrossMultipleLinesOption)
+                  *code++ = OP_EOL;
+                else
+                  *code++ = OP_DOLL;
+                break;
+
+            /* There can never be a first char if '.' is first, whatever happens about
+             repeats. The value of reqByte doesn't change either. */
+
+            case '.':
+                if (firstByte == REQ_UNSET)
+                    firstByte = REQ_NONE;
+                zeroFirstByte = firstByte;
+                zeroReqByte = reqByte;
+                previous = code;
+                *code++ = OP_NOT_NEWLINE;
+                break;
+                
+            /* Character classes. If the included characters are all < 256, we build a
+             32-byte bitmap of the permitted characters, except in the special case
+             where there is only one such character. For negated classes, we build the
+             map as usual, then invert it at the end. However, we use a different opcode
+             so that data characters > 255 can be handled correctly.
+             
+             If the class contains characters outside the 0-255 range, a different
+             opcode is compiled. It may optionally have a bit map for characters < 256,
+             but those above are are explicitly listed afterwards. A flag byte tells
+             whether the bitmap is present, and whether this is a negated class or not.
+             */
+                
+            case '[': {
+                previous = code;
+                shouldFlipNegation = false;
+                
+                /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
+                 they are encountered at the top level, so we'll do that too. */
+                
+                /* If the first character is '^', set the negation flag and skip it. */
+
+                if (ptr + 1 >= patternEnd) {
+                    *errorCodePtr = ERR6;
+                    return false;
+                }
+
+                if (ptr[1] == '^') {
+                    negateClass = true;
+                    ++ptr;
+                } else
+                    negateClass = false;
+                
+                /* Keep a count of chars with values < 256 so that we can optimize the case
+                 of just a single character (as long as it's < 256). For higher valued UTF-8
+                 characters, we don't yet do any optimization. */
+                
+                classCharCount = 0;
+                classLastChar = -1;
+                
+                class_utf8 = false;                       /* No chars >= 256 */
+                class_utf8data = code + LINK_SIZE + 34;   /* For UTF-8 items */
+                
+                /* Initialize the 32-char bit map to all zeros. We have to build the
+                 map in a temporary bit of store, in case the class contains only 1
+                 character (< 256), because in that case the compiled code doesn't use the
+                 bit map. */
+                
+                memset(classbits, 0, 32 * sizeof(unsigned char));
+                
+                /* Process characters until ] is reached. The first pass
+                 through the regex checked the overall syntax, so we don't need to be very
+                 strict here. At the start of the loop, c contains the first byte of the
+                 character. */
+
+                while ((++ptr < patternEnd) && (c = *ptr) != ']') {
+                    /* Backslash may introduce a single character, or it may introduce one
+                     of the specials, which just set a flag. Escaped items are checked for
+                     validity in the pre-compiling pass. The sequence \b is a special case.
+                     Inside a class (and only there) it is treated as backspace. Elsewhere
+                     it marks a word boundary. Other escapes have preset maps ready to
+                     or into the one we are building. We assume they have more than one
+                     character in them, so set classCharCount bigger than one. */
+                    
+                    if (c == '\\') {
+                        c = checkEscape(&ptr, patternEnd, errorCodePtr, cd.numCapturingBrackets, true);
+                        if (c < 0) {
+                            classCharCount += 2;     /* Greater than 1 is what matters */
+                            switch (-c) {
+                                case ESC_d:
+                                    for (c = 0; c < 32; c++)
+                                        classbits[c] |= classBitmapForChar(c + cbit_digit);
+                                    continue;
+                                    
+                                case ESC_D:
+                                    shouldFlipNegation = true;
+                                    for (c = 0; c < 32; c++)
+                                        classbits[c] |= ~classBitmapForChar(c + cbit_digit);
+                                    continue;
+                                    
+                                case ESC_w:
+                                    for (c = 0; c < 32; c++)
+                                        classbits[c] |= classBitmapForChar(c + cbit_word);
+                                    continue;
+                                    
+                                case ESC_W:
+                                    shouldFlipNegation = true;
+                                    for (c = 0; c < 32; c++)
+                                        classbits[c] |= ~classBitmapForChar(c + cbit_word);
+                                    continue;
+                                    
+                                case ESC_s:
+                                    for (c = 0; c < 32; c++)
+                                         classbits[c] |= classBitmapForChar(c + cbit_space);
+                                    continue;
+                                    
+                                case ESC_S:
+                                    shouldFlipNegation = true;
+                                    for (c = 0; c < 32; c++)
+                                         classbits[c] |= ~classBitmapForChar(c + cbit_space);
+                                    continue;
+                                    
+                                    /* Unrecognized escapes are faulted if PCRE is running in its
+                                     strict mode. By default, for compatibility with Perl, they are
+                                     treated as literals. */
+                                    
+                                default:
+                                    c = *ptr;              /* The final character */
+                                    classCharCount -= 2;  /* Undo the default count from above */
+                            }
+                        }
+                        
+                        /* Fall through if we have a single character (c >= 0). This may be
+                         > 256 in UTF-8 mode. */
+                        
+                    }   /* End of backslash handling */
+                    
+                    /* A single character may be followed by '-' to form a range. However,
+                     Perl does not permit ']' to be the end of the range. A '-' character
+                     here is treated as a literal. */
+                    
+                    if ((ptr + 2 < patternEnd) && ptr[1] == '-' && ptr[2] != ']') {
+                        ptr += 2;
+                        
+                        int d = *ptr;
+                        
+                        /* The second part of a range can be a single-character escape, but
+                         not any of the other escapes. Perl 5.6 treats a hyphen as a literal
+                         in such circumstances. */
+                        
+                        if (d == '\\') {
+                            const UChar* oldptr = ptr;
+                            d = checkEscape(&ptr, patternEnd, errorCodePtr, cd.numCapturingBrackets, true);
+                            
+                            /* \X is literal X; any other special means the '-' was literal */
+                            if (d < 0) {
+                                ptr = oldptr - 2;
+                                goto LONE_SINGLE_CHARACTER;  /* A few lines below */
+                            }
+                        }
+                        
+                        /* The check that the two values are in the correct order happens in
+                         the pre-pass. Optimize one-character ranges */
+                        
+                        if (d == c)
+                            goto LONE_SINGLE_CHARACTER;  /* A few lines below */
+                        
+                        /* In UTF-8 mode, if the upper limit is > 255, or > 127 for caseless
+                         matching, we have to use an XCLASS with extra data items. Caseless
+                         matching for characters > 127 is available only if UCP support is
+                         available. */
+                        
+                        if ((d > 255 || ((options & IgnoreCaseOption) && d > 127))) {
+                            class_utf8 = true;
+                            
+                            /* With UCP support, we can find the other case equivalents of
+                             the relevant characters. There may be several ranges. Optimize how
+                             they fit with the basic range. */
+                            
+                            if (options & IgnoreCaseOption) {
+                                int occ, ocd;
+                                int cc = c;
+                                int origd = d;
+                                while (getOthercaseRange(&cc, origd, &occ, &ocd)) {
+                                    if (occ >= c && ocd <= d)
+                                        continue;  /* Skip embedded ranges */
+                                    
+                                    if (occ < c  && ocd >= c - 1)        /* Extend the basic range */
+                                    {                                  /* if there is overlap,   */
+                                        c = occ;                           /* noting that if occ < c */
+                                        continue;                          /* we can't have ocd > d  */
+                                    }                                  /* because a subrange is  */
+                                    if (ocd > d && occ <= d + 1)         /* always shorter than    */
+                                    {                                  /* the basic range.       */
+                                        d = ocd;
+                                        continue;
+                                    }
+                                    
+                                    if (occ == ocd)
+                                        *class_utf8data++ = XCL_SINGLE;
+                                    else {
+                                        *class_utf8data++ = XCL_RANGE;
+                                        class_utf8data += encodeUTF8(occ, class_utf8data);
+                                    }
+                                    class_utf8data += encodeUTF8(ocd, class_utf8data);
+                                }
+                            }
+                            
+                            /* Now record the original range, possibly modified for UCP caseless
+                             overlapping ranges. */
+                            
+                            *class_utf8data++ = XCL_RANGE;
+                            class_utf8data += encodeUTF8(c, class_utf8data);
+                            class_utf8data += encodeUTF8(d, class_utf8data);
+                            
+                            /* With UCP support, we are done. Without UCP support, there is no
+                             caseless matching for UTF-8 characters > 127; we can use the bit map
+                             for the smaller ones. */
+                            
+                            continue;    /* With next character in the class */
+                        }
+                        
+                        /* We use the bit map for all cases when not in UTF-8 mode; else
+                         ranges that lie entirely within 0-127 when there is UCP support; else
+                         for partial ranges without UCP support. */
+                        
+                        for (; c <= d; c++) {
+                            classbits[c/8] |= (1 << (c&7));
+                            if (options & IgnoreCaseOption) {
+                                int uc = flipCase(c);
+                                classbits[uc/8] |= (1 << (uc&7));
+                            }
+                            classCharCount++;                /* in case a one-char range */
+                            classLastChar = c;
+                        }
+                        
+                        continue;   /* Go get the next char in the class */
+                    }
+                    
+                    /* Handle a lone single character - we can get here for a normal
+                     non-escape char, or after \ that introduces a single character or for an
+                     apparent range that isn't. */
+                    
+                LONE_SINGLE_CHARACTER:
+                    
+                    /* Handle a character that cannot go in the bit map */
+                    
+                    if ((c > 255 || ((options & IgnoreCaseOption) && c > 127))) {
+                        class_utf8 = true;
+                        *class_utf8data++ = XCL_SINGLE;
+                        class_utf8data += encodeUTF8(c, class_utf8data);
+                        
+                        if (options & IgnoreCaseOption) {
+                            int othercase;
+                            if ((othercase = jsc_pcre_ucp_othercase(c)) >= 0) {
+                                *class_utf8data++ = XCL_SINGLE;
+                                class_utf8data += encodeUTF8(othercase, class_utf8data);
+                            }
+                        }
+                    } else {
+                        /* Handle a single-byte character */
+                        classbits[c/8] |= (1 << (c&7));
+                        if (options & IgnoreCaseOption) {
+                            c = flipCase(c);
+                            classbits[c/8] |= (1 << (c&7));
+                        }
+                        classCharCount++;
+                        classLastChar = c;
+                    }
+                }
+                
+                /* If classCharCount is 1, we saw precisely one character whose value is
+                 less than 256. In non-UTF-8 mode we can always optimize. In UTF-8 mode, we
+                 can optimize the negative case only if there were no characters >= 128
+                 because OP_NOT and the related opcodes like OP_NOTSTAR operate on
+                 single-bytes only. This is an historical hangover. Maybe one day we can
+                 tidy these opcodes to handle multi-byte characters.
+                 
+                 The optimization throws away the bit map. We turn the item into a
+                 1-character OP_CHAR[NC] if it's positive, or OP_NOT if it's negative. Note
+                 that OP_NOT does not support multibyte characters. In the positive case, it
+                 can cause firstByte to be set. Otherwise, there can be no first char if
+                 this item is first, whatever repeat count may follow. In the case of
+                 reqByte, save the previous value for reinstating. */
+                
+                if (classCharCount == 1 && (!class_utf8 && (!negateClass || classLastChar < 128))) {
+                    zeroReqByte = reqByte;
+                    
+                    /* The OP_NOT opcode works on one-byte characters only. */
+                    
+                    if (negateClass) {
+                        if (firstByte == REQ_UNSET)
+                            firstByte = REQ_NONE;
+                        zeroFirstByte = firstByte;
+                        *code++ = OP_NOT;
+                        *code++ = classLastChar;
+                        break;
+                    }
+                    
+                    /* For a single, positive character, get the value into c, and
+                     then we can handle this with the normal one-character code. */
+                    
+                    c = classLastChar;
+                    goto NORMAL_CHAR;
+                }       /* End of 1-char optimization */
+                
+                /* The general case - not the one-char optimization. If this is the first
+                 thing in the branch, there can be no first char setting, whatever the
+                 repeat count. Any reqByte setting must remain unchanged after any kind of
+                 repeat. */
+                
+                if (firstByte == REQ_UNSET) firstByte = REQ_NONE;
+                zeroFirstByte = firstByte;
+                zeroReqByte = reqByte;
+                
+                /* If there are characters with values > 255, we have to compile an
+                 extended class, with its own opcode. If there are no characters < 256,
+                 we can omit the bitmap. */
+                
+                if (class_utf8 && !shouldFlipNegation) {
+                    *class_utf8data++ = XCL_END;    /* Marks the end of extra data */
+                    *code++ = OP_XCLASS;
+                    code += LINK_SIZE;
+                    *code = negateClass? XCL_NOT : 0;
+                    
+                    /* If the map is required, install it, and move on to the end of
+                     the extra data */
+                    
+                    if (classCharCount > 0) {
+                        *code++ |= XCL_MAP;
+                        memcpy(code, classbits, 32);
+                        code = class_utf8data;
+                    }
+                    
+                    /* If the map is not required, slide down the extra data. */
+                    
+                    else {
+                        int len = class_utf8data - (code + 33);
+                        memmove(code + 1, code + 33, len);
+                        code += len + 1;
+                    }
+                    
+                    /* Now fill in the complete length of the item */
+                    
+                    putLinkValue(previous + 1, code - previous);
+                    break;   /* End of class handling */
+                }
+                
+                /* If there are no characters > 255, negate the 32-byte map if necessary,
+                 and copy it into the code vector. If this is the first thing in the branch,
+                 there can be no first char setting, whatever the repeat count. Any reqByte
+                 setting must remain unchanged after any kind of repeat. */
+                
+                *code++ = (negateClass == shouldFlipNegation) ? OP_CLASS : OP_NCLASS;
+                if (negateClass)
+                    for (c = 0; c < 32; c++)
+                        code[c] = ~classbits[c];
+                else
+                    memcpy(code, classbits, 32);
+                code += 32;
+                break;
+            }
+                
+            /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
+             has been tested above. */
+
+            case '{':
+                if (!isQuantifier)
+                    goto NORMAL_CHAR;
+                ptr = readRepeatCounts(ptr + 1, &repeatMin, &repeat_max, errorCodePtr);
+                if (*errorCodePtr)
+                    goto FAILED;
+                goto REPEAT;
+                
+            case '*':
+                repeatMin = 0;
+                repeat_max = -1;
+                goto REPEAT;
+                
+            case '+':
+                repeatMin = 1;
+                repeat_max = -1;
+                goto REPEAT;
+                
+            case '?':
+                repeatMin = 0;
+                repeat_max = 1;
+                
+            REPEAT:
+                if (!previous) {
+                    *errorCodePtr = ERR9;
+                    goto FAILED;
+                }
+                
+                if (repeatMin == 0) {
+                    firstByte = zeroFirstByte;    /* Adjust for zero repeat */
+                    reqByte = zeroReqByte;        /* Ditto */
+                }
+                
+                /* Remember whether this is a variable length repeat */
+                
+                reqvary = (repeatMin == repeat_max) ? 0 : REQ_VARY;
+                
+                opType = 0;                    /* Default single-char op codes */
+                
+                /* Save start of previous item, in case we have to move it up to make space
+                 for an inserted OP_ONCE for the additional '+' extension. */
+                /* FIXME: Probably don't need this because we don't use OP_ONCE. */
+                
+                tempcode = previous;
+                
+                /* If the next character is '+', we have a possessive quantifier. This
+                 implies greediness, whatever the setting of the PCRE_UNGREEDY option.
+                 If the next character is '?' this is a minimizing repeat, by default,
+                 but if PCRE_UNGREEDY is set, it works the other way round. We change the
+                 repeat type to the non-default. */
+                
+                if (safelyCheckNextChar(ptr, patternEnd, '?')) {
+                    repeatType = 1;
+                    ptr++;
+                } else
+                    repeatType = 0;
+                
+                /* If previous was a character match, abolish the item and generate a
+                 repeat item instead. If a char item has a minumum of more than one, ensure
+                 that it is set in reqByte - it might not be if a sequence such as x{3} is
+                 the first thing in a branch because the x will have gone into firstByte
+                 instead.  */
+                
+                if (*previous == OP_CHAR || *previous == OP_CHAR_IGNORING_CASE) {
+                    /* Deal with UTF-8 characters that take up more than one byte. It's
+                     easier to write this out separately than try to macrify it. Use c to
+                     hold the length of the character in bytes, plus 0x80 to flag that it's a
+                     length rather than a small character. */
+                    
+                    if (code[-1] & 0x80) {
+                        unsigned char *lastchar = code - 1;
+                        while((*lastchar & 0xc0) == 0x80)
+                            lastchar--;
+                        c = code - lastchar;            /* Length of UTF-8 character */
+                        memcpy(utf8_char, lastchar, c); /* Save the char */
+                        c |= 0x80;                      /* Flag c as a length */
+                    }
+                    else {
+                        c = code[-1];
+                        if (repeatMin > 1)
+                            reqByte = c | reqCaseOpt | cd.reqVaryOpt;
+                    }
+                    
+                    goto OUTPUT_SINGLE_REPEAT;   /* Code shared with single character types */
+                }
+                
+                else if (*previous == OP_ASCII_CHAR || *previous == OP_ASCII_LETTER_IGNORING_CASE) {
+                    c = previous[1];
+                    if (repeatMin > 1)
+                        reqByte = c | reqCaseOpt | cd.reqVaryOpt;
+                    goto OUTPUT_SINGLE_REPEAT;
+                }
+                
+                /* If previous was a single negated character ([^a] or similar), we use
+                 one of the special opcodes, replacing it. The code is shared with single-
+                 character repeats by setting opt_type to add a suitable offset into
+                 repeatType. OP_NOT is currently used only for single-byte chars. */
+                
+                else if (*previous == OP_NOT) {
+                    opType = OP_NOTSTAR - OP_STAR;  /* Use "not" opcodes */
+                    c = previous[1];
+                    goto OUTPUT_SINGLE_REPEAT;
+                }
+                
+                /* If previous was a character type match (\d or similar), abolish it and
+                 create a suitable repeat item. The code is shared with single-character
+                 repeats by setting opType to add a suitable offset into repeatType. */
+                
+                else if (*previous <= OP_NOT_NEWLINE) {
+                    opType = OP_TYPESTAR - OP_STAR;  /* Use type opcodes */
+                    c = *previous;
+                    
+                OUTPUT_SINGLE_REPEAT:
+                    int prop_type = -1;
+                    int prop_value = -1;
+                    
+                    unsigned char* oldcode = code;
+                    code = previous;                  /* Usually overwrite previous item */
+                    
+                    /* If the maximum is zero then the minimum must also be zero; Perl allows
+                     this case, so we do too - by simply omitting the item altogether. */
+                    
+                    if (repeat_max == 0)
+                        goto END_REPEAT;
+                    
+                    /* Combine the opType with the repeatType */
+                    
+                    repeatType += opType;
+                    
+                    /* A minimum of zero is handled either as the special case * or ?, or as
+                     an UPTO, with the maximum given. */
+                    
+                    if (repeatMin == 0) {
+                        if (repeat_max == -1)
+                            *code++ = OP_STAR + repeatType;
+                        else if (repeat_max == 1)
+                            *code++ = OP_QUERY + repeatType;
+                        else {
+                            *code++ = OP_UPTO + repeatType;
+                            put2ByteValueAndAdvance(code, repeat_max);
+                        }
+                    }
+                    
+                    /* A repeat minimum of 1 is optimized into some special cases. If the
+                     maximum is unlimited, we use OP_PLUS. Otherwise, the original item it
+                     left in place and, if the maximum is greater than 1, we use OP_UPTO with
+                     one less than the maximum. */
+                    
+                    else if (repeatMin == 1) {
+                        if (repeat_max == -1)
+                            *code++ = OP_PLUS + repeatType;
+                        else {
+                            code = oldcode;                 /* leave previous item in place */
+                            if (repeat_max == 1)
+                                goto END_REPEAT;
+                            *code++ = OP_UPTO + repeatType;
+                            put2ByteValueAndAdvance(code, repeat_max - 1);
+                        }
+                    }
+                    
+                    /* The case {n,n} is just an EXACT, while the general case {n,m} is
+                     handled as an EXACT followed by an UPTO. */
+                    
+                    else {
+                        *code++ = OP_EXACT + opType;  /* NB EXACT doesn't have repeatType */
+                        put2ByteValueAndAdvance(code, repeatMin);
+                        
+                        /* If the maximum is unlimited, insert an OP_STAR. Before doing so,
+                         we have to insert the character for the previous code. For a repeated
+                         Unicode property match, there are two extra bytes that define the
+                         required property. In UTF-8 mode, long characters have their length in
+                         c, with the 0x80 bit as a flag. */
+                        
+                        if (repeat_max < 0) {
+                            if (c >= 128) {
+                                memcpy(code, utf8_char, c & 7);
+                                code += c & 7;
+                            } else {
+                                *code++ = c;
+                                if (prop_type >= 0) {
+                                    *code++ = prop_type;
+                                    *code++ = prop_value;
+                                }
+                            }
+                            *code++ = OP_STAR + repeatType;
+                        }
+                        
+                        /* Else insert an UPTO if the max is greater than the min, again
+                         preceded by the character, for the previously inserted code. */
+                        
+                        else if (repeat_max != repeatMin) {
+                            if (c >= 128) {
+                                memcpy(code, utf8_char, c & 7);
+                                code += c & 7;
+                            } else
+                                *code++ = c;
+                            if (prop_type >= 0) {
+                                *code++ = prop_type;
+                                *code++ = prop_value;
+                            }
+                            repeat_max -= repeatMin;
+                            *code++ = OP_UPTO + repeatType;
+                            put2ByteValueAndAdvance(code, repeat_max);
+                        }
+                    }
+                    
+                    /* The character or character type itself comes last in all cases. */
+                    
+                    if (c >= 128) {
+                        memcpy(code, utf8_char, c & 7);
+                        code += c & 7;
+                    } else
+                        *code++ = c;
+                    
+                    /* For a repeated Unicode property match, there are two extra bytes that
+                     define the required property. */
+                    
+                    if (prop_type >= 0) {
+                        *code++ = prop_type;
+                        *code++ = prop_value;
+                    }
+                }
+                
+                /* If previous was a character class or a back reference, we put the repeat
+                 stuff after it, but just skip the item if the repeat was {0,0}. */
+                
+                else if (*previous == OP_CLASS ||
+                         *previous == OP_NCLASS ||
+                         *previous == OP_XCLASS ||
+                         *previous == OP_REF)
+                {
+                    if (repeat_max == 0) {
+                        code = previous;
+                        goto END_REPEAT;
+                    }
+                    
+                    if (repeatMin == 0 && repeat_max == -1)
+                        *code++ = OP_CRSTAR + repeatType;
+                    else if (repeatMin == 1 && repeat_max == -1)
+                        *code++ = OP_CRPLUS + repeatType;
+                    else if (repeatMin == 0 && repeat_max == 1)
+                        *code++ = OP_CRQUERY + repeatType;
+                    else {
+                        *code++ = OP_CRRANGE + repeatType;
+                        put2ByteValueAndAdvance(code, repeatMin);
+                        if (repeat_max == -1)
+                            repeat_max = 0;  /* 2-byte encoding for max */
+                        put2ByteValueAndAdvance(code, repeat_max);
+                    }
+                }
+                
+                /* If previous was a bracket group, we may have to replicate it in certain
+                 cases. */
+                
+                else if (*previous >= OP_BRA) {
+                    int ketoffset = 0;
+                    int len = code - previous;
+                    unsigned char* bralink = NULL;
+                    
+                    /* If the maximum repeat count is unlimited, find the end of the bracket
+                     by scanning through from the start, and compute the offset back to it
+                     from the current code pointer. There may be an OP_OPT setting following
+                     the final KET, so we can't find the end just by going back from the code
+                     pointer. */
+                    
+                    if (repeat_max == -1) {
+                        const unsigned char* ket = previous;
+                        advanceToEndOfBracket(ket);
+                        ketoffset = code - ket;
+                    }
+                    
+                    /* The case of a zero minimum is special because of the need to stick
+                     OP_BRAZERO in front of it, and because the group appears once in the
+                     data, whereas in other cases it appears the minimum number of times. For
+                     this reason, it is simplest to treat this case separately, as otherwise
+                     the code gets far too messy. There are several special subcases when the
+                     minimum is zero. */
+                    
+                    if (repeatMin == 0) {
+                        /* If the maximum is also zero, we just omit the group from the output
+                         altogether. */
+                        
+                        if (repeat_max == 0) {
+                            code = previous;
+                            goto END_REPEAT;
+                        }
+                        
+                        /* If the maximum is 1 or unlimited, we just have to stick in the
+                         BRAZERO and do no more at this point. However, we do need to adjust
+                         any OP_RECURSE calls inside the group that refer to the group itself or
+                         any internal group, because the offset is from the start of the whole
+                         regex. Temporarily terminate the pattern while doing this. */
+                        
+                        if (repeat_max <= 1) {
+                            *code = OP_END;
+                            memmove(previous+1, previous, len);
+                            code++;
+                            *previous++ = OP_BRAZERO + repeatType;
+                        }
+                        
+                        /* If the maximum is greater than 1 and limited, we have to replicate
+                         in a nested fashion, sticking OP_BRAZERO before each set of brackets.
+                         The first one has to be handled carefully because it's the original
+                         copy, which has to be moved up. The remainder can be handled by code
+                         that is common with the non-zero minimum case below. We have to
+                         adjust the value of repeat_max, since one less copy is required. */
+                        
+                        else {
+                            *code = OP_END;
+                            memmove(previous + 2 + LINK_SIZE, previous, len);
+                            code += 2 + LINK_SIZE;
+                            *previous++ = OP_BRAZERO + repeatType;
+                            *previous++ = OP_BRA;
+                            
+                            /* We chain together the bracket offset fields that have to be
+                             filled in later when the ends of the brackets are reached. */
+                            
+                            int offset = (!bralink) ? 0 : previous - bralink;
+                            bralink = previous;
+                            putLinkValueAllowZeroAndAdvance(previous, offset);
+                        }
+                        
+                        repeat_max--;
+                    }
+                    
+                    /* If the minimum is greater than zero, replicate the group as many
+                     times as necessary, and adjust the maximum to the number of subsequent
+                     copies that we need. If we set a first char from the group, and didn't
+                     set a required char, copy the latter from the former. */
+                    
+                    else {
+                        if (repeatMin > 1) {
+                            if (didGroupSetFirstByte && reqByte < 0)
+                                reqByte = firstByte;
+                            for (int i = 1; i < repeatMin; i++) {
+                                memcpy(code, previous, len);
+                                code += len;
+                            }
+                        }
+                        if (repeat_max > 0)
+                            repeat_max -= repeatMin;
+                    }
+                    
+                    /* This code is common to both the zero and non-zero minimum cases. If
+                     the maximum is limited, it replicates the group in a nested fashion,
+                     remembering the bracket starts on a stack. In the case of a zero minimum,
+                     the first one was set up above. In all cases the repeat_max now specifies
+                     the number of additional copies needed. */
+                    
+                    if (repeat_max >= 0) {
+                        for (int i = repeat_max - 1; i >= 0; i--) {
+                            *code++ = OP_BRAZERO + repeatType;
+                            
+                            /* All but the final copy start a new nesting, maintaining the
+                             chain of brackets outstanding. */
+                            
+                            if (i != 0) {
+                                *code++ = OP_BRA;
+                                int offset = (!bralink) ? 0 : code - bralink;
+                                bralink = code;
+                                putLinkValueAllowZeroAndAdvance(code, offset);
+                            }
+                            
+                            memcpy(code, previous, len);
+                            code += len;
+                        }
+                        
+                        /* Now chain through the pending brackets, and fill in their length
+                         fields (which are holding the chain links pro tem). */
+                        
+                        while (bralink) {
+                            int offset = code - bralink + 1;
+                            unsigned char* bra = code - offset;
+                            int oldlinkoffset = getLinkValueAllowZero(bra + 1);
+                            bralink = (!oldlinkoffset) ? 0 : bralink - oldlinkoffset;
+                            *code++ = OP_KET;
+                            putLinkValueAndAdvance(code, offset);
+                            putLinkValue(bra + 1, offset);
+                        }
+                    }
+                    
+                    /* If the maximum is unlimited, set a repeater in the final copy. We
+                     can't just offset backwards from the current code point, because we
+                     don't know if there's been an options resetting after the ket. The
+                     correct offset was computed above. */
+                    
+                    else
+                        code[-ketoffset] = OP_KETRMAX + repeatType;
+                }
+                
+                // A quantifier after an assertion is mostly meaningless, but it
+                // can nullify the assertion if it has a 0 minimum.
+                else if (*previous == OP_ASSERT || *previous == OP_ASSERT_NOT) {
+                    if (repeatMin == 0) {
+                        code = previous;
+                        goto END_REPEAT;
+                    }
+                }
+                
+                /* Else there's some kind of shambles */
+                
+                else {
+                    *errorCodePtr = ERR11;
+                    goto FAILED;
+                }
+                
+                /* In all case we no longer have a previous item. We also set the
+                 "follows varying string" flag for subsequently encountered reqbytes if
+                 it isn't already set and we have just passed a varying length item. */
+                
+            END_REPEAT:
+                previous = NULL;
+                cd.reqVaryOpt |= reqvary;
+                break;
+                
+            /* Start of nested bracket sub-expression, or comment or lookahead or
+             lookbehind or option setting or condition. First deal with special things
+             that can come after a bracket; all are introduced by ?, and the appearance
+             of any of them means that this is not a referencing group. They were
+             checked for validity in the first pass over the string, so we don't have to
+             check for syntax errors here.  */
+                
+            case '(':
+                skipBytes = 0;
+                
+                if (*(++ptr) == '?') {
+                    switch (*(++ptr)) {
+                        case ':':                 /* Non-extracting bracket */
+                            bravalue = OP_BRA;
+                            ptr++;
+                            break;
+                            
+                        case '=':                 /* Positive lookahead */
+                            bravalue = OP_ASSERT;
+                            ptr++;
+                            break;
+                            
+                        case '!':                 /* Negative lookahead */
+                            bravalue = OP_ASSERT_NOT;
+                            ptr++;
+                            break;
+                            
+                        /* Character after (? not specially recognized */
+                            
+                        default:
+                            *errorCodePtr = ERR12;
+                            goto FAILED;
+                        }
+                }
+                
+                /* Else we have a referencing group; adjust the opcode. If the bracket
+                 number is greater than EXTRACT_BASIC_MAX, we set the opcode one higher, and
+                 arrange for the true number to follow later, in an OP_BRANUMBER item. */
+                
+                else {
+                    if (++(*brackets) > EXTRACT_BASIC_MAX) {
+                        bravalue = OP_BRA + EXTRACT_BASIC_MAX + 1;
+                        code[1 + LINK_SIZE] = OP_BRANUMBER;
+                        put2ByteValue(code + 2 + LINK_SIZE, *brackets);
+                        skipBytes = 3;
+                    }
+                    else
+                        bravalue = OP_BRA + *brackets;
+                }
+                
+                /* Process nested bracketed re. We copy code into a non-variable
+                 in order to be able to pass its address because some compilers
+                 complain otherwise. Pass in a new setting for the ims options
+                 if they have changed. */
+                
+                previous = code;
+                *code = bravalue;
+                tempcode = code;
+                tempreqvary = cd.reqVaryOpt;     /* Save value before bracket */
+                
+                if (!compileBracket(
+                                   options,
+                                   brackets,                     /* Extracting bracket count */
+                                   &tempcode,                    /* Where to put code (updated) */
+                                   &ptr,                         /* Input pointer (updated) */
+                                   patternEnd,
+                                   errorCodePtr,                 /* Where to put an error message */
+                                   skipBytes,                    /* Skip over OP_BRANUMBER */
+                                   &subFirstByte,                /* For possible first char */
+                                   &subReqByte,                  /* For possible last char */
+                                   cd))                          /* Tables block */
+                    goto FAILED;
+                
+                /* At the end of compiling, code is still pointing to the start of the
+                 group, while tempcode has been updated to point past the end of the group
+                 and any option resetting that may follow it. The pattern pointer (ptr)
+                 is on the bracket. */
+                
+                /* Handle updating of the required and first characters. Update for normal
+                 brackets of all kinds, and conditions with two branches (see code above).
+                 If the bracket is followed by a quantifier with zero repeat, we have to
+                 back off. Hence the definition of zeroReqByte and zeroFirstByte outside the
+                 main loop so that they can be accessed for the back off. */
+                
+                zeroReqByte = reqByte;
+                zeroFirstByte = firstByte;
+                didGroupSetFirstByte = false;
+                
+                if (bravalue >= OP_BRA) {
+                    /* If we have not yet set a firstByte in this branch, take it from the
+                     subpattern, remembering that it was set here so that a repeat of more
+                     than one can replicate it as reqByte if necessary. If the subpattern has
+                     no firstByte, set "none" for the whole branch. In both cases, a zero
+                     repeat forces firstByte to "none". */
+                    
+                    if (firstByte == REQ_UNSET) {
+                        if (subFirstByte >= 0) {
+                            firstByte = subFirstByte;
+                            didGroupSetFirstByte = true;
+                        }
+                        else
+                            firstByte = REQ_NONE;
+                        zeroFirstByte = REQ_NONE;
+                    }
+                    
+                    /* If firstByte was previously set, convert the subpattern's firstByte
+                     into reqByte if there wasn't one, using the vary flag that was in
+                     existence beforehand. */
+                    
+                    else if (subFirstByte >= 0 && subReqByte < 0)
+                        subReqByte = subFirstByte | tempreqvary;
+                    
+                    /* If the subpattern set a required byte (or set a first byte that isn't
+                     really the first byte - see above), set it. */
+                    
+                    if (subReqByte >= 0)
+                        reqByte = subReqByte;
+                }
+                
+                /* For a forward assertion, we take the reqByte, if set. This can be
+                 helpful if the pattern that follows the assertion doesn't set a different
+                 char. For example, it's useful for /(?=abcde).+/. We can't set firstByte
+                 for an assertion, however because it leads to incorrect effect for patterns
+                 such as /(?=a)a.+/ when the "real" "a" would then become a reqByte instead
+                 of a firstByte. This is overcome by a scan at the end if there's no
+                 firstByte, looking for an asserted first char. */
+                
+                else if (bravalue == OP_ASSERT && subReqByte >= 0)
+                    reqByte = subReqByte;
+                
+                /* Now update the main code pointer to the end of the group. */
+                
+                code = tempcode;
+                
+                /* Error if hit end of pattern */
+                
+                if (ptr >= patternEnd || *ptr != ')') {
+                    *errorCodePtr = ERR14;
+                    goto FAILED;
+                }
+                break;
+                
+            /* Check \ for being a real metacharacter; if not, fall through and handle
+             it as a data character at the start of a string. Escape items are checked
+             for validity in the pre-compiling pass. */
+                
+            case '\\':
+                tempptr = ptr;
+                c = checkEscape(&ptr, patternEnd, errorCodePtr, cd.numCapturingBrackets, false);
+                
+                /* Handle metacharacters introduced by \. For ones like \d, the ESC_ values
+                 are arranged to be the negation of the corresponding OP_values. For the
+                 back references, the values are ESC_REF plus the reference number. Only
+                 back references and those types that consume a character may be repeated.
+                 We can test for values between ESC_b and ESC_w for the latter; this may
+                 have to change if any new ones are ever created. */
+                
+                if (c < 0) {
+                    /* For metasequences that actually match a character, we disable the
+                     setting of a first character if it hasn't already been set. */
+                    
+                    if (firstByte == REQ_UNSET && -c > ESC_b && -c <= ESC_w)
+                        firstByte = REQ_NONE;
+                    
+                    /* Set values to reset to if this is followed by a zero repeat. */
+                    
+                    zeroFirstByte = firstByte;
+                    zeroReqByte = reqByte;
+                    
+                    /* Back references are handled specially */
+                    
+                    if (-c >= ESC_REF) {
+                        int number = -c - ESC_REF;
+                        previous = code;
+                        *code++ = OP_REF;
+                        put2ByteValueAndAdvance(code, number);
+                    }
+                    
+                    /* For the rest, we can obtain the OP value by negating the escape
+                     value */
+                    
+                    else {
+                        previous = (-c > ESC_b && -c <= ESC_w) ? code : NULL;
+                        *code++ = -c;
+                    }
+                    continue;
+                }
+                
+                /* Fall through. */
+                
+                /* Handle a literal character. It is guaranteed not to be whitespace or #
+                 when the extended flag is set. If we are in UTF-8 mode, it may be a
+                 multi-byte literal character. */
+                
+                default:
+            NORMAL_CHAR:
+                
+                previous = code;
+                
+                if (c < 128) {
+                    mcLength = 1;
+                    mcbuffer[0] = c;
+                    
+                    if ((options & IgnoreCaseOption) && (c | 0x20) >= 'a' && (c | 0x20) <= 'z') {
+                        *code++ = OP_ASCII_LETTER_IGNORING_CASE;
+                        *code++ = c | 0x20;
+                    } else {
+                        *code++ = OP_ASCII_CHAR;
+                        *code++ = c;
+                    }
+                } else {
+                    mcLength = encodeUTF8(c, mcbuffer);
+                    
+                    *code++ = (options & IgnoreCaseOption) ? OP_CHAR_IGNORING_CASE : OP_CHAR;
+                    for (c = 0; c < mcLength; c++)
+                        *code++ = mcbuffer[c];
+                }
+                
+                /* Set the first and required bytes appropriately. If no previous first
+                 byte, set it from this character, but revert to none on a zero repeat.
+                 Otherwise, leave the firstByte value alone, and don't change it on a zero
+                 repeat. */
+                
+                if (firstByte == REQ_UNSET) {
+                    zeroFirstByte = REQ_NONE;
+                    zeroReqByte = reqByte;
+                    
+                    /* If the character is more than one byte long, we can set firstByte
+                     only if it is not to be matched caselessly. */
+                    
+                    if (mcLength == 1 || reqCaseOpt == 0) {
+                        firstByte = mcbuffer[0] | reqCaseOpt;
+                        if (mcLength != 1)
+                            reqByte = code[-1] | cd.reqVaryOpt;
+                    }
+                    else
+                        firstByte = reqByte = REQ_NONE;
+                }
+                
+                /* firstByte was previously set; we can set reqByte only the length is
+                 1 or the matching is caseful. */
+                
+                else {
+                    zeroFirstByte = firstByte;
+                    zeroReqByte = reqByte;
+                    if (mcLength == 1 || reqCaseOpt == 0)
+                        reqByte = code[-1] | reqCaseOpt | cd.reqVaryOpt;
+                }
+                
+                break;            /* End of literal character handling */
+        }
+    }                   /* end of big loop */
+    
+    /* Control never reaches here by falling through, only by a goto for all the
+     error states. Pass back the position in the pattern so that it can be displayed
+     to the user for diagnosing the error. */
+    
+FAILED:
+    *ptrPtr = ptr;
+    return false;
+}
+
+/*************************************************
+*     Compile sequence of alternatives           *
+*************************************************/
+
+/* On entry, ptr is pointing past the bracket character, but on return
+it points to the closing bracket, or vertical bar, or end of string.
+The code variable is pointing at the byte into which the BRA operator has been
+stored. If the ims options are changed at the start (for a (?ims: group) or
+during any branch, we need to insert an OP_OPT item at the start of every
+following branch to ensure they get set correctly at run time, and also pass
+the new options into every subsequent branch compile.
+
+Argument:
+  options        option bits, including any changes for this subpattern
+  brackets       -> int containing the number of extracting brackets used
+  codePtr        -> the address of the current code pointer
+  ptrPtr         -> the address of the current pattern pointer
+  errorCodePtr   -> pointer to error code variable
+  skipBytes      skip this many bytes at start (for OP_BRANUMBER)
+  firstbyteptr   place to put the first required character, or a negative number
+  reqbyteptr     place to put the last required character, or a negative number
+  cd             points to the data block with tables pointers etc.
+
+Returns:      true on success
+*/
+
+static bool
+compileBracket(int options, int* brackets, unsigned char** codePtr,
+    const UChar** ptrPtr, const UChar* patternEnd, ErrorCode* errorCodePtr, int skipBytes,
+    int* firstbyteptr, int* reqbyteptr, CompileData& cd)
+{
+    const UChar* ptr = *ptrPtr;
+    unsigned char* code = *codePtr;
+    unsigned char* lastBranch = code;
+    unsigned char* start_bracket = code;
+    int firstByte = REQ_UNSET;
+    int reqByte = REQ_UNSET;
+    
+    /* Offset is set zero to mark that this bracket is still open */
+    
+    putLinkValueAllowZero(code + 1, 0);
+    code += 1 + LINK_SIZE + skipBytes;
+    
+    /* Loop for each alternative branch */
+    
+    while (true) {
+        /* Now compile the branch */
+        
+        int branchFirstByte;
+        int branchReqByte;
+        if (!compileBranch(options, brackets, &code, &ptr, patternEnd, errorCodePtr,
+                            &branchFirstByte, &branchReqByte, cd)) {
+            *ptrPtr = ptr;
+            return false;
+        }
+        
+        /* If this is the first branch, the firstByte and reqByte values for the
+         branch become the values for the regex. */
+        
+        if (*lastBranch != OP_ALT) {
+            firstByte = branchFirstByte;
+            reqByte = branchReqByte;
+        }
+        
+        /* If this is not the first branch, the first char and reqByte have to
+         match the values from all the previous branches, except that if the previous
+         value for reqByte didn't have REQ_VARY set, it can still match, and we set
+         REQ_VARY for the regex. */
+        
+        else {
+            /* If we previously had a firstByte, but it doesn't match the new branch,
+             we have to abandon the firstByte for the regex, but if there was previously
+             no reqByte, it takes on the value of the old firstByte. */
+            
+            if (firstByte >= 0 && firstByte != branchFirstByte) {
+                if (reqByte < 0)
+                    reqByte = firstByte;
+                firstByte = REQ_NONE;
+            }
+            
+            /* If we (now or from before) have no firstByte, a firstByte from the
+             branch becomes a reqByte if there isn't a branch reqByte. */
+            
+            if (firstByte < 0 && branchFirstByte >= 0 && branchReqByte < 0)
+                branchReqByte = branchFirstByte;
+            
+            /* Now ensure that the reqbytes match */
+            
+            if ((reqByte & ~REQ_VARY) != (branchReqByte & ~REQ_VARY))
+                reqByte = REQ_NONE;
+            else
+                reqByte |= branchReqByte;   /* To "or" REQ_VARY */
+        }
+        
+        /* Reached end of expression, either ')' or end of pattern. Go back through
+         the alternative branches and reverse the chain of offsets, with the field in
+         the BRA item now becoming an offset to the first alternative. If there are
+         no alternatives, it points to the end of the group. The length in the
+         terminating ket is always the length of the whole bracketed item. If any of
+         the ims options were changed inside the group, compile a resetting op-code
+         following, except at the very end of the pattern. Return leaving the pointer
+         at the terminating char. */
+        
+        if (ptr >= patternEnd || *ptr != '|') {
+            int length = code - lastBranch;
+            do {
+                int prevLength = getLinkValueAllowZero(lastBranch + 1);
+                putLinkValue(lastBranch + 1, length);
+                length = prevLength;
+                lastBranch -= length;
+            } while (length > 0);
+            
+            /* Fill in the ket */
+            
+            *code = OP_KET;
+            putLinkValue(code + 1, code - start_bracket);
+            code += 1 + LINK_SIZE;
+            
+            /* Set values to pass back */
+            
+            *codePtr = code;
+            *ptrPtr = ptr;
+            *firstbyteptr = firstByte;
+            *reqbyteptr = reqByte;
+            return true;
+        }
+        
+        /* Another branch follows; insert an "or" node. Its length field points back
+         to the previous branch while the bracket remains open. At the end the chain
+         is reversed. It's done like this so that the start of the bracket has a
+         zero offset until it is closed, making it possible to detect recursion. */
+        
+        *code = OP_ALT;
+        putLinkValue(code + 1, code - lastBranch);
+        lastBranch = code;
+        code += 1 + LINK_SIZE;
+        ptr++;
+    }
+    ASSERT_NOT_REACHED();
+}
+
+/*************************************************
+*          Check for anchored expression         *
+*************************************************/
+
+/* Try to find out if this is an anchored regular expression. Consider each
+alternative branch. If they all start OP_CIRC, or with a bracket
+all of whose alternatives start OP_CIRC (recurse ad lib), then
+it's anchored.
+
+Arguments:
+  code          points to start of expression (the bracket)
+  captureMap    a bitmap of which brackets we are inside while testing; this
+                 handles up to substring 31; all brackets after that share
+                 the zero bit
+  backrefMap    the back reference bitmap
+*/
+
+static bool branchIsAnchored(const unsigned char* code)
+{
+    const unsigned char* scode = firstSignificantOpcode(code);
+    int op = *scode;
+
+    /* Brackets */
+    if (op >= OP_BRA || op == OP_ASSERT)
+        return bracketIsAnchored(scode);
+
+    /* Check for explicit anchoring */    
+    return op == OP_CIRC;
+}
+
+static bool bracketIsAnchored(const unsigned char* code)
+{
+    do {
+        if (!branchIsAnchored(code + 1 + LINK_SIZE))
+            return false;
+        code += getLinkValue(code + 1);
+    } while (*code == OP_ALT);   /* Loop for each alternative */
+    return true;
+}
+
+/*************************************************
+*         Check for starting with ^ or .*        *
+*************************************************/
+
+/* This is called to find out if every branch starts with ^ or .* so that
+"first char" processing can be done to speed things up in multiline
+matching and for non-DOTALL patterns that start with .* (which must start at
+the beginning or after \n)
+
+Except when the .* appears inside capturing parentheses, and there is a
+subsequent back reference to those parentheses. By keeping a bitmap of the
+first 31 back references, we can catch some of the more common cases more
+precisely; all the greater back references share a single bit.
+
+Arguments:
+  code          points to start of expression (the bracket)
+  captureMap    a bitmap of which brackets we are inside while testing; this
+                 handles up to substring 31; all brackets after that share
+                 the zero bit
+  backrefMap    the back reference bitmap
+*/
+
+static bool branchNeedsLineStart(const unsigned char* code, unsigned captureMap, unsigned backrefMap)
+{
+    const unsigned char* scode = firstSignificantOpcode(code);
+    int op = *scode;
+    
+    /* Capturing brackets */
+    if (op > OP_BRA) {
+        int captureNum = op - OP_BRA;
+        if (captureNum > EXTRACT_BASIC_MAX)
+            captureNum = get2ByteValue(scode + 2 + LINK_SIZE);
+        int bracketMask = (captureNum < 32) ? (1 << captureNum) : 1;
+        return bracketNeedsLineStart(scode, captureMap | bracketMask, backrefMap);
+    }
+    
+    /* Other brackets */
+    if (op == OP_BRA || op == OP_ASSERT)
+        return bracketNeedsLineStart(scode, captureMap, backrefMap);
+    
+    /* .* means "start at start or after \n" if it isn't in brackets that
+     may be referenced. */
+    
+    if (op == OP_TYPESTAR || op == OP_TYPEMINSTAR)
+        return scode[1] == OP_NOT_NEWLINE && !(captureMap & backrefMap);
+
+    /* Explicit ^ */
+    return op == OP_CIRC || op == OP_BOL;
+}
+
+static bool bracketNeedsLineStart(const unsigned char* code, unsigned captureMap, unsigned backrefMap)
+{
+    do {
+        if (!branchNeedsLineStart(code + 1 + LINK_SIZE, captureMap, backrefMap))
+            return false;
+        code += getLinkValue(code + 1);
+    } while (*code == OP_ALT);  /* Loop for each alternative */
+    return true;
+}
+
+/*************************************************
+*       Check for asserted fixed first char      *
+*************************************************/
+
+/* During compilation, the "first char" settings from forward assertions are
+discarded, because they can cause conflicts with actual literals that follow.
+However, if we end up without a first char setting for an unanchored pattern,
+it is worth scanning the regex to see if there is an initial asserted first
+char. If all branches start with the same asserted char, or with a bracket all
+of whose alternatives start with the same asserted char (recurse ad lib), then
+we return that char, otherwise -1.
+
+Arguments:
+  code       points to start of expression (the bracket)
+  options    pointer to the options (used to check casing changes)
+  inassert   true if in an assertion
+
+Returns:     -1 or the fixed first char
+*/
+
+static int branchFindFirstAssertedCharacter(const unsigned char* code, bool inassert)
+{
+    const unsigned char* scode = firstSignificantOpcodeSkippingAssertions(code);
+    int op = *scode;
+    
+    if (op >= OP_BRA)
+        op = OP_BRA;
+    
+    switch (op) {
+        default:
+            return -1;
+            
+        case OP_BRA:
+        case OP_ASSERT:
+            return bracketFindFirstAssertedCharacter(scode, op == OP_ASSERT);
+
+        case OP_EXACT:
+            scode += 2;
+            /* Fall through */
+
+        case OP_CHAR:
+        case OP_CHAR_IGNORING_CASE:
+        case OP_ASCII_CHAR:
+        case OP_ASCII_LETTER_IGNORING_CASE:
+        case OP_PLUS:
+        case OP_MINPLUS:
+            if (!inassert)
+                return -1;
+            return scode[1];
+    }
+}
+
+static int bracketFindFirstAssertedCharacter(const unsigned char* code, bool inassert)
+{
+    int c = -1;
+    do {
+        int d = branchFindFirstAssertedCharacter(code + 1 + LINK_SIZE, inassert);
+        if (d < 0)
+            return -1;
+        if (c < 0)
+            c = d;
+        else if (c != d)
+            return -1;
+        code += getLinkValue(code + 1);
+    } while (*code == OP_ALT);
+    return c;
+}
+
+static inline int multiplyWithOverflowCheck(int a, int b)
+{
+    if (!a || !b)
+        return 0;
+    if (a > MAX_PATTERN_SIZE / b)
+        return -1;
+    return a * b;
+}
+
+static int calculateCompiledPatternLength(const UChar* pattern, int patternLength, JSRegExpIgnoreCaseOption ignoreCase,
+    CompileData& cd, ErrorCode& errorcode)
+{
+    /* Make a pass over the pattern to compute the
+     amount of store required to hold the compiled code. This does not have to be
+     perfect as long as errors are overestimates. */
+
+    if (patternLength > MAX_PATTERN_SIZE) {
+        errorcode = ERR16;
+        return -1;
+    }
+
+    int length = 1 + LINK_SIZE;      /* For initial BRA plus length */
+    int branch_extra = 0;
+    int lastitemlength = 0;
+    unsigned brastackptr = 0;
+    int brastack[BRASTACK_SIZE];
+    unsigned char bralenstack[BRASTACK_SIZE];
+    int bracount = 0;
+    
+    const UChar* ptr = (const UChar*)(pattern - 1);
+    const UChar* patternEnd = (const UChar*)(pattern + patternLength);
+    
+    while (++ptr < patternEnd) {
+        int minRepeats = 0, maxRepeats = 0;
+        int c = *ptr;
+
+        switch (c) {
+            /* A backslashed item may be an escaped data character or it may be a
+             character type. */
+
+            case '\\':
+                c = checkEscape(&ptr, patternEnd, &errorcode, cd.numCapturingBrackets, false);
+                if (errorcode != 0)
+                    return -1;
+                
+                lastitemlength = 1;     /* Default length of last item for repeats */
+                
+                if (c >= 0) {            /* Data character */
+                    length += 2;          /* For a one-byte character */
+                    
+                    if (c > 127) {
+                        int i;
+                        for (i = 0; i < jsc_pcre_utf8_table1_size; i++)
+                            if (c <= jsc_pcre_utf8_table1[i]) break;
+                        length += i;
+                        lastitemlength += i;
+                    }
+                    
+                    continue;
+                }
+                
+                /* Other escapes need one byte */
+                
+                length++;
+                
+                /* A back reference needs an additional 2 bytes, plus either one or 5
+                 bytes for a repeat. We also need to keep the value of the highest
+                 back reference. */
+                
+                if (c <= -ESC_REF) {
+                    int refnum = -c - ESC_REF;
+                    cd.backrefMap |= (refnum < 32) ? (1 << refnum) : 1;
+                    if (refnum > cd.topBackref)
+                        cd.topBackref = refnum;
+                    length += 2;   /* For single back reference */
+                    if (safelyCheckNextChar(ptr, patternEnd, '{') && isCountedRepeat(ptr + 2, patternEnd)) {
+                        ptr = readRepeatCounts(ptr + 2, &minRepeats, &maxRepeats, &errorcode);
+                        if (errorcode)
+                            return -1;
+                        if ((minRepeats == 0 && (maxRepeats == 1 || maxRepeats == -1)) ||
+                            (minRepeats == 1 && maxRepeats == -1))
+                            length++;
+                        else
+                            length += 5;
+                        if (safelyCheckNextChar(ptr, patternEnd, '?'))
+                            ptr++;
+                    }
+                }
+                continue;
+                
+            case '^':     /* Single-byte metacharacters */
+            case '.':
+            case '$':
+                length++;
+                lastitemlength = 1;
+                continue;
+                
+            case '*':            /* These repeats won't be after brackets; */
+            case '+':            /* those are handled separately */
+            case '?':
+                length++;
+                goto POSSESSIVE;
+                
+            /* This covers the cases of braced repeats after a single char, metachar,
+             class, or back reference. */
+
+            case '{':
+                if (!isCountedRepeat(ptr + 1, patternEnd))
+                    goto NORMAL_CHAR;
+                ptr = readRepeatCounts(ptr + 1, &minRepeats, &maxRepeats, &errorcode);
+                if (errorcode != 0)
+                    return -1;
+                
+                /* These special cases just insert one extra opcode */
+                
+                if ((minRepeats == 0 && (maxRepeats == 1 || maxRepeats == -1)) ||
+                    (minRepeats == 1 && maxRepeats == -1))
+                    length++;
+                
+                /* These cases might insert additional copies of a preceding character. */
+                
+                else {
+                    if (minRepeats != 1) {
+                        length -= lastitemlength;   /* Uncount the original char or metachar */
+                        if (minRepeats > 0)
+                            length += 3 + lastitemlength;
+                    }
+                    length += lastitemlength + ((maxRepeats > 0) ? 3 : 1);
+                }
+                
+                if (safelyCheckNextChar(ptr, patternEnd, '?'))
+                    ptr++;      /* Needs no extra length */
+
+            POSSESSIVE:                     /* Test for possessive quantifier */
+                if (safelyCheckNextChar(ptr, patternEnd, '+')) {
+                    ptr++;
+                    length += 2 + 2 * LINK_SIZE;   /* Allow for atomic brackets */
+                }
+                continue;
+                
+            /* An alternation contains an offset to the next branch or ket. If any ims
+             options changed in the previous branch(es), and/or if we are in a
+             lookbehind assertion, extra space will be needed at the start of the
+             branch. This is handled by branch_extra. */
+                
+            case '|':
+                if (brastackptr == 0)
+                    cd.needOuterBracket = true;
+                length += 1 + LINK_SIZE + branch_extra;
+                continue;
+                
+            /* A character class uses 33 characters provided that all the character
+             values are less than 256. Otherwise, it uses a bit map for low valued
+             characters, and individual items for others. Don't worry about character
+             types that aren't allowed in classes - they'll get picked up during the
+             compile. A character class that contains only one single-byte character
+             uses 2 or 3 bytes, depending on whether it is negated or not. Notice this
+             where we can. (In UTF-8 mode we can do this only for chars < 128.) */
+                
+            case '[': {
+                int class_optcount;
+                if (*(++ptr) == '^') {
+                    class_optcount = 10;  /* Greater than one */
+                    ptr++;
+                }
+                else
+                    class_optcount = 0;
+                
+                bool class_utf8 = false;
+                
+                for (; ptr < patternEnd && *ptr != ']'; ++ptr) {
+                    /* Check for escapes */
+                    
+                    if (*ptr == '\\') {
+                        c = checkEscape(&ptr, patternEnd, &errorcode, cd.numCapturingBrackets, true);
+                        if (errorcode != 0)
+                            return -1;
+                        
+                        /* Handle escapes that turn into characters */
+                        
+                        if (c >= 0)
+                            goto NON_SPECIAL_CHARACTER;
+                        
+                        /* Escapes that are meta-things. The normal ones just affect the
+                         bit map, but Unicode properties require an XCLASS extended item. */
+                        
+                        else
+                            class_optcount = 10;         /* \d, \s etc; make sure > 1 */
+                    }
+                    
+                    /* Anything else increments the possible optimization count. We have to
+                     detect ranges here so that we can compute the number of extra ranges for
+                     caseless wide characters when UCP support is available. If there are wide
+                     characters, we are going to have to use an XCLASS, even for single
+                     characters. */
+                    
+                    else {
+                        c = *ptr;
+                        
+                        /* Come here from handling \ above when it escapes to a char value */
+                        
+                    NON_SPECIAL_CHARACTER:
+                        class_optcount++;
+                        
+                        int d = -1;
+                        if (safelyCheckNextChar(ptr, patternEnd, '-')) {
+                            const UChar* hyptr = ptr++;
+                            if (safelyCheckNextChar(ptr, patternEnd, '\\')) {
+                                ptr++;
+                                d = checkEscape(&ptr, patternEnd, &errorcode, cd.numCapturingBrackets, true);
+                                if (errorcode != 0)
+                                    return -1;
+                            }
+                            else if ((ptr + 1 < patternEnd) && ptr[1] != ']')
+                                d = *++ptr;
+                            if (d < 0)
+                                ptr = hyptr;      /* go back to hyphen as data */
+                        }
+                        
+                        /* If d >= 0 we have a range. In UTF-8 mode, if the end is > 255, or >
+                         127 for caseless matching, we will need to use an XCLASS. */
+                        
+                        if (d >= 0) {
+                            class_optcount = 10;     /* Ensure > 1 */
+                            if (d < c) {
+                                errorcode = ERR8;
+                                return -1;
+                            }
+                            
+                            if ((d > 255 || (ignoreCase && d > 127))) {
+                                unsigned char buffer[6];
+                                if (!class_utf8)         /* Allow for XCLASS overhead */
+                                {
+                                    class_utf8 = true;
+                                    length += LINK_SIZE + 2;
+                                }
+                                
+                                /* If we have UCP support, find out how many extra ranges are
+                                 needed to map the other case of characters within this range. We
+                                 have to mimic the range optimization here, because extending the
+                                 range upwards might push d over a boundary that makes it use
+                                 another byte in the UTF-8 representation. */
+                                
+                                if (ignoreCase) {
+                                    int occ, ocd;
+                                    int cc = c;
+                                    int origd = d;
+                                    while (getOthercaseRange(&cc, origd, &occ, &ocd)) {
+                                        if (occ >= c && ocd <= d)
+                                            continue;   /* Skip embedded */
+                                        
+                                        if (occ < c  && ocd >= c - 1)  /* Extend the basic range */
+                                        {                            /* if there is overlap,   */
+                                            c = occ;                     /* noting that if occ < c */
+                                            continue;                    /* we can't have ocd > d  */
+                                        }                            /* because a subrange is  */
+                                        if (ocd > d && occ <= d + 1)   /* always shorter than    */
+                                        {                            /* the basic range.       */
+                                            d = ocd;
+                                            continue;
+                                        }
+                                        
+                                        /* An extra item is needed */
+                                        
+                                        length += 1 + encodeUTF8(occ, buffer) +
+                                        ((occ == ocd) ? 0 : encodeUTF8(ocd, buffer));
+                                    }
+                                }
+                                
+                                /* The length of the (possibly extended) range */
+                                
+                                length += 1 + encodeUTF8(c, buffer) + encodeUTF8(d, buffer);
+                            }
+                            
+                        }
+                        
+                        /* We have a single character. There is nothing to be done unless we
+                         are in UTF-8 mode. If the char is > 255, or 127 when caseless, we must
+                         allow for an XCL_SINGLE item, doubled for caselessness if there is UCP
+                         support. */
+                        
+                        else {
+                            if ((c > 255 || (ignoreCase && c > 127))) {
+                                unsigned char buffer[6];
+                                class_optcount = 10;     /* Ensure > 1 */
+                                if (!class_utf8)         /* Allow for XCLASS overhead */
+                                {
+                                    class_utf8 = true;
+                                    length += LINK_SIZE + 2;
+                                }
+                                length += (ignoreCase ? 2 : 1) * (1 + encodeUTF8(c, buffer));
+                            }
+                        }
+                    }
+                }
+                
+                if (ptr >= patternEnd) {   /* Missing terminating ']' */
+                    errorcode = ERR6;
+                    return -1;
+                }
+                
+                /* We can optimize when there was only one optimizable character.
+                 Note that this does not detect the case of a negated single character.
+                 In that case we do an incorrect length computation, but it's not a serious
+                 problem because the computed length is too large rather than too small. */
+
+                if (class_optcount == 1)
+                    goto NORMAL_CHAR;
+
+                /* Here, we handle repeats for the class opcodes. */
+                {
+                    length += 33;
+                    
+                    /* A repeat needs either 1 or 5 bytes. If it is a possessive quantifier,
+                     we also need extra for wrapping the whole thing in a sub-pattern. */
+                    
+                    if (safelyCheckNextChar(ptr, patternEnd, '{') && isCountedRepeat(ptr + 2, patternEnd)) {
+                        ptr = readRepeatCounts(ptr + 2, &minRepeats, &maxRepeats, &errorcode);
+                        if (errorcode != 0)
+                            return -1;
+                        if ((minRepeats == 0 && (maxRepeats == 1 || maxRepeats == -1)) ||
+                            (minRepeats == 1 && maxRepeats == -1))
+                            length++;
+                        else
+                            length += 5;
+                        if (safelyCheckNextChar(ptr, patternEnd, '+')) {
+                            ptr++;
+                            length += 2 + 2 * LINK_SIZE;
+                        } else if (safelyCheckNextChar(ptr, patternEnd, '?'))
+                            ptr++;
+                    }
+                }
+                continue;
+            }
+
+            /* Brackets may be genuine groups or special things */
+                
+            case '(': {
+                int branch_newextra = 0;
+                int bracket_length = 1 + LINK_SIZE;
+                bool capturing = false;
+                
+                /* Handle special forms of bracket, which all start (? */
+                
+                if (safelyCheckNextChar(ptr, patternEnd, '?')) {
+                    switch (c = (ptr + 2 < patternEnd ? ptr[2] : 0)) {
+                        /* Non-referencing groups and lookaheads just move the pointer on, and
+                         then behave like a non-special bracket, except that they don't increment
+                         the count of extracting brackets. Ditto for the "once only" bracket,
+                         which is in Perl from version 5.005. */
+                            
+                        case ':':
+                        case '=':
+                        case '!':
+                            ptr += 2;
+                            break;
+                            
+                        /* Else loop checking valid options until ) is met. Anything else is an
+                         error. If we are without any brackets, i.e. at top level, the settings
+                         act as if specified in the options, so massage the options immediately.
+                         This is for backward compatibility with Perl 5.004. */
+                            
+                        default:
+                            errorcode = ERR12;
+                            return -1;
+                    }
+                } else
+                    capturing = 1;
+                
+                /* Capturing brackets must be counted so we can process escapes in a
+                 Perlish way. If the number exceeds EXTRACT_BASIC_MAX we are going to need
+                 an additional 3 bytes of memory per capturing bracket. */
+                
+                if (capturing) {
+                    bracount++;
+                    if (bracount > EXTRACT_BASIC_MAX)
+                        bracket_length += 3;
+                }
+                
+                /* Save length for computing whole length at end if there's a repeat that
+                 requires duplication of the group. Also save the current value of
+                 branch_extra, and start the new group with the new value. If non-zero, this
+                 will either be 2 for a (?imsx: group, or 3 for a lookbehind assertion. */
+                
+                if (brastackptr >= sizeof(brastack)/sizeof(int)) {
+                    errorcode = ERR17;
+                    return -1;
+                }
+                
+                bralenstack[brastackptr] = branch_extra;
+                branch_extra = branch_newextra;
+                
+                brastack[brastackptr++] = length;
+                length += bracket_length;
+                continue;
+            }
+
+            /* Handle ket. Look for subsequent maxRepeats/minRepeats; for certain sets of values we
+             have to replicate this bracket up to that many times. If brastackptr is
+             0 this is an unmatched bracket which will generate an error, but take care
+             not to try to access brastack[-1] when computing the length and restoring
+             the branch_extra value. */
+
+            case ')': {
+                int duplength;
+                length += 1 + LINK_SIZE;
+                if (brastackptr > 0) {
+                    duplength = length - brastack[--brastackptr];
+                    branch_extra = bralenstack[brastackptr];
+                }
+                else
+                    duplength = 0;
+                
+                /* Leave ptr at the final char; for readRepeatCounts this happens
+                 automatically; for the others we need an increment. */
+                
+                if ((ptr + 1 < patternEnd) && (c = ptr[1]) == '{' && isCountedRepeat(ptr + 2, patternEnd)) {
+                    ptr = readRepeatCounts(ptr + 2, &minRepeats, &maxRepeats, &errorcode);
+                    if (errorcode)
+                        return -1;
+                } else if (c == '*') {
+                    minRepeats = 0;
+                    maxRepeats = -1;
+                    ptr++;
+                } else if (c == '+') {
+                    minRepeats = 1;
+                    maxRepeats = -1;
+                    ptr++;
+                } else if (c == '?') {
+                    minRepeats = 0;
+                    maxRepeats = 1;
+                    ptr++;
+                } else {
+                    minRepeats = 1;
+                    maxRepeats = 1;
+                }
+                
+                /* If the minimum is zero, we have to allow for an OP_BRAZERO before the
+                 group, and if the maximum is greater than zero, we have to replicate
+                 maxval-1 times; each replication acquires an OP_BRAZERO plus a nesting
+                 bracket set. */
+                
+                int repeatsLength;
+                if (minRepeats == 0) {
+                    length++;
+                    if (maxRepeats > 0) {
+                        repeatsLength = multiplyWithOverflowCheck(maxRepeats - 1, duplength + 3 + 2 * LINK_SIZE);
+                        if (repeatsLength < 0) {
+                            errorcode = ERR16;
+                            return -1;
+                        }
+                        length += repeatsLength;
+                        if (length > MAX_PATTERN_SIZE) {
+                            errorcode = ERR16;
+                            return -1;
+                        }
+                    }
+                }
+                
+                /* When the minimum is greater than zero, we have to replicate up to
+                 minval-1 times, with no additions required in the copies. Then, if there
+                 is a limited maximum we have to replicate up to maxval-1 times allowing
+                 for a BRAZERO item before each optional copy and nesting brackets for all
+                 but one of the optional copies. */
+                
+                else {
+                    repeatsLength = multiplyWithOverflowCheck(minRepeats - 1, duplength);
+                    if (repeatsLength < 0) {
+                        errorcode = ERR16;
+                        return -1;
+                    }
+                    length += repeatsLength;
+                    if (maxRepeats > minRepeats) { /* Need this test as maxRepeats=-1 means no limit */
+                        repeatsLength = multiplyWithOverflowCheck(maxRepeats - minRepeats, duplength + 3 + 2 * LINK_SIZE);
+                        if (repeatsLength < 0) {
+                            errorcode = ERR16;
+                            return -1;
+                        }
+                        length += repeatsLength - (2 + 2 * LINK_SIZE);
+                    }
+                    if (length > MAX_PATTERN_SIZE) {
+                        errorcode = ERR16;
+                        return -1;
+                    }
+                }
+                
+                /* Allow space for once brackets for "possessive quantifier" */
+                
+                if (safelyCheckNextChar(ptr, patternEnd, '+')) {
+                    ptr++;
+                    length += 2 + 2 * LINK_SIZE;
+                }
+                continue;
+            }
+
+            /* Non-special character. It won't be space or # in extended mode, so it is
+             always a genuine character. If we are in a \Q...\E sequence, check for the
+             end; if not, we have a literal. */
+                
+            default:
+            NORMAL_CHAR:
+                length += 2;          /* For a one-byte character */
+                lastitemlength = 1;   /* Default length of last item for repeats */
+
+                if (c > 127) {
+                    int i;
+                    for (i = 0; i < jsc_pcre_utf8_table1_size; i++)
+                        if (c <= jsc_pcre_utf8_table1[i])
+                            break;
+                    length += i;
+                    lastitemlength += i;
+                }
+                
+                continue;
+        }
+    }
+    
+    length += 2 + LINK_SIZE;    /* For final KET and END */
+
+    cd.numCapturingBrackets = bracount;
+    return length;
+}
+
+/*************************************************
+*        Compile a Regular Expression            *
+*************************************************/
+
+/* This function takes a string and returns a pointer to a block of store
+holding a compiled version of the expression. The original API for this
+function had no error code return variable; it is retained for backwards
+compatibility. The new function is given a new name.
+
+Arguments:
+  pattern       the regular expression
+  options       various option bits
+  errorCodePtr  pointer to error code variable (pcre_compile2() only)
+                  can be NULL if you don't want a code value
+  errorPtr      pointer to pointer to error text
+  erroroffset   ptr offset in pattern where error was detected
+  tables        pointer to character tables or NULL
+
+Returns:        pointer to compiled data block, or NULL on error,
+                with errorPtr and erroroffset set
+*/
+
+static inline JSRegExp* returnError(ErrorCode errorcode, const char** errorPtr)
+{
+    *errorPtr = errorText(errorcode);
+    return 0;
+}
+
+JSRegExp* jsRegExpCompile(const UChar* pattern, int patternLength,
+                JSRegExpIgnoreCaseOption ignoreCase, JSRegExpMultilineOption multiline,
+                unsigned* numSubpatterns, const char** errorPtr)
+{
+    /* We can't pass back an error message if errorPtr is NULL; I guess the best we
+     can do is just return NULL, but we can set a code value if there is a code pointer. */
+    if (!errorPtr)
+        return 0;
+    *errorPtr = NULL;
+    
+    CompileData cd;
+    
+    ErrorCode errorcode = ERR0;
+    /* Call this once just to count the brackets. */
+    calculateCompiledPatternLength(pattern, patternLength, ignoreCase, cd, errorcode);
+    /* Call it again to compute the length. */
+    int length = calculateCompiledPatternLength(pattern, patternLength, ignoreCase, cd, errorcode);
+    if (errorcode)
+        return returnError(errorcode, errorPtr);
+    
+    if (length > MAX_PATTERN_SIZE)
+        return returnError(ERR16, errorPtr);
+    
+    size_t size = length + sizeof(JSRegExp);
+#if REGEXP_HISTOGRAM
+    size_t stringOffset = (size + sizeof(UChar) - 1) / sizeof(UChar) * sizeof(UChar);
+    size = stringOffset + patternLength * sizeof(UChar);
+#endif
+    JSRegExp* re = reinterpret_cast<JSRegExp*>(new char[size]);
+    
+    if (!re)
+        return returnError(ERR13, errorPtr);
+    
+    re->options = (ignoreCase ? IgnoreCaseOption : 0) | (multiline ? MatchAcrossMultipleLinesOption : 0);
+    
+    /* The starting points of the name/number translation table and of the code are
+     passed around in the compile data block. */
+    
+    const unsigned char* codeStart = (const unsigned char*)(re + 1);
+    
+    /* Set up a starting, non-extracting bracket, then compile the expression. On
+     error, errorcode will be set non-zero, so we don't need to look at the result
+     of the function here. */
+    
+    const UChar* ptr = (const UChar*)pattern;
+    const UChar* patternEnd = pattern + patternLength;
+    unsigned char* code = const_cast<unsigned char*>(codeStart);
+    int firstByte, reqByte;
+    int bracketCount = 0;
+    if (!cd.needOuterBracket)
+        compileBranch(re->options, &bracketCount, &code, &ptr, patternEnd, &errorcode, &firstByte, &reqByte, cd);
+    else {
+        *code = OP_BRA;
+        compileBracket(re->options, &bracketCount, &code, &ptr, patternEnd, &errorcode, 0, &firstByte, &reqByte, cd);
+    }
+    re->topBracket = bracketCount;
+    re->topBackref = cd.topBackref;
+    
+    /* If not reached end of pattern on success, there's an excess bracket. */
+    
+    if (errorcode == 0 && ptr < patternEnd)
+        errorcode = ERR10;
+    
+    /* Fill in the terminating state and check for disastrous overflow, but
+     if debugging, leave the test till after things are printed out. */
+    
+    *code++ = OP_END;
+
+    ASSERT(code - codeStart <= length);
+    if (code - codeStart > length)
+        errorcode = ERR7;
+    
+    /* Give an error if there's back reference to a non-existent capturing
+     subpattern. */
+    
+    if (re->topBackref > re->topBracket)
+        errorcode = ERR15;
+    
+    /* Failed to compile, or error while post-processing */
+    
+    if (errorcode != ERR0) {
+        delete [] reinterpret_cast<char*>(re);
+        return returnError(errorcode, errorPtr);
+    }
+    
+    /* If the anchored option was not passed, set the flag if we can determine that
+     the pattern is anchored by virtue of ^ characters or \A or anything else (such
+     as starting with .* when DOTALL is set).
+     
+     Otherwise, if we know what the first character has to be, save it, because that
+     speeds up unanchored matches no end. If not, see if we can set the
+     UseMultiLineFirstByteOptimizationOption flag. This is helpful for multiline matches when all branches
+     start with ^. and also when all branches start with .* for non-DOTALL matches.
+     */
+    
+    if (cd.needOuterBracket ? bracketIsAnchored(codeStart) : branchIsAnchored(codeStart))
+        re->options |= IsAnchoredOption;
+    else {
+        if (firstByte < 0) {
+            firstByte = (cd.needOuterBracket
+                    ? bracketFindFirstAssertedCharacter(codeStart, false)
+                    : branchFindFirstAssertedCharacter(codeStart, false))
+                | ((re->options & IgnoreCaseOption) ? REQ_IGNORE_CASE : 0);
+        }
+        if (firstByte >= 0) {
+            int ch = firstByte & 255;
+            if (ch < 127) {
+                re->firstByte = ((firstByte & REQ_IGNORE_CASE) && flipCase(ch) == ch) ? ch : firstByte;
+                re->options |= UseFirstByteOptimizationOption;
+            }
+        } else {
+            if (cd.needOuterBracket ? bracketNeedsLineStart(codeStart, 0, cd.backrefMap) : branchNeedsLineStart(codeStart, 0, cd.backrefMap))
+                re->options |= UseMultiLineFirstByteOptimizationOption;
+        }
+    }
+    
+    /* For an anchored pattern, we use the "required byte" only if it follows a
+     variable length item in the regex. Remove the caseless flag for non-caseable
+     bytes. */
+    
+    if (reqByte >= 0 && (!(re->options & IsAnchoredOption) || (reqByte & REQ_VARY))) {
+        int ch = reqByte & 255;
+        if (ch < 127) {
+            re->reqByte = ((reqByte & REQ_IGNORE_CASE) && flipCase(ch) == ch) ? (reqByte & ~REQ_IGNORE_CASE) : reqByte;
+            re->options |= UseRequiredByteOptimizationOption;
+        }
+    }
+    
+#if REGEXP_HISTOGRAM
+    re->stringOffset = stringOffset;
+    re->stringLength = patternLength;
+    memcpy(reinterpret_cast<char*>(re) + stringOffset, pattern, patternLength * 2);
+#endif
+
+    if (numSubpatterns)
+        *numSubpatterns = re->topBracket;
+    return re;
+}
+
+void jsRegExpFree(JSRegExp* re)
+{
+    delete [] reinterpret_cast<char*>(re);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_exec.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_exec.cpp
new file mode 100644
index 000000000..16619d427
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_exec.cpp
@@ -0,0 +1,2177 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+    Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* This module contains jsRegExpExecute(), the externally visible function
+that does pattern matching using an NFA algorithm, following the rules from
+the JavaScript specification. There are also some supporting functions. */
+
+#include "config.h"
+#include "pcre_internal.h"
+
+#include <limits.h>
+#include <wtf/ASCIICType.h>
+#include <wtf/Vector.h>
+
+#if REGEXP_HISTOGRAM
+#include <wtf/DateMath.h>
+#include <runtime/UString.h>
+#endif
+
+using namespace WTF;
+
+#if COMPILER(GCC)
+#define USE_COMPUTED_GOTO_FOR_MATCH_RECURSION
+//#define USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+#endif
+
+/* Avoid warnings on Windows. */
+#undef min
+#undef max
+
+#ifndef USE_COMPUTED_GOTO_FOR_MATCH_RECURSION
+typedef int ReturnLocation;
+#else
+typedef void* ReturnLocation;
+#endif
+
+#if !REGEXP_HISTOGRAM
+
+class HistogramTimeLogger {
+public:
+    HistogramTimeLogger(const JSRegExp*) { }
+};
+
+#else
+
+using namespace JSC;
+
+class Histogram {
+public:
+    ~Histogram();
+    void add(const JSRegExp*, double);
+
+private:
+    typedef HashMap<RefPtr<UString::Rep>, double> Map;
+    Map times;
+};
+
+class HistogramTimeLogger {
+public:
+    HistogramTimeLogger(const JSRegExp*);
+    ~HistogramTimeLogger();
+
+private:
+    const JSRegExp* m_re;
+    double m_startTime;
+};
+
+#endif
+
+/* Structure for building a chain of data for holding the values of
+the subject pointer at the start of each bracket, used to detect when
+an empty string has been matched by a bracket to break infinite loops. */ 
+struct BracketChainNode {
+    BracketChainNode* previousBracket;
+    const UChar* bracketStart;
+};
+
+struct MatchFrame : FastAllocBase {
+    ReturnLocation returnLocation;
+    struct MatchFrame* previousFrame;
+    
+    /* Function arguments that may change */
+    struct {
+        const UChar* subjectPtr;
+        const unsigned char* instructionPtr;
+        int offsetTop;
+        BracketChainNode* bracketChain;
+    } args;
+    
+    
+    /* PCRE uses "fake" recursion built off of gotos, thus
+     stack-based local variables are not safe to use.  Instead we have to
+     store local variables on the current MatchFrame. */
+    struct {
+        const unsigned char* data;
+        const unsigned char* startOfRepeatingBracket;
+        const UChar* subjectPtrAtStartOfInstruction; // Several instrutions stash away a subjectPtr here for later compare
+        const unsigned char* instructionPtrAtStartOfOnce;
+        
+        int repeatOthercase;
+        
+        int ctype;
+        int fc;
+        int fi;
+        int length;
+        int max;
+        int number;
+        int offset;
+        int saveOffset1;
+        int saveOffset2;
+        int saveOffset3;
+        
+        BracketChainNode bracketChainNode;
+    } locals;
+};
+
+/* Structure for passing "static" information around between the functions
+doing traditional NFA matching, so that they are thread-safe. */
+
+struct MatchData {
+  int*   offsetVector;         /* Offset vector */
+  int    offsetEnd;            /* One past the end */
+  int    offsetMax;            /* The maximum usable for return data */
+  bool   offsetOverflow;       /* Set if too many extractions */
+  const UChar*  startSubject;         /* Start of the subject string */
+  const UChar*  endSubject;           /* End of the subject string */
+  const UChar*  endMatchPtr;         /* Subject position at end match */
+  int    endOffsetTop;        /* Highwater mark at end of match */
+  bool   multiline;
+  bool   ignoreCase;
+};
+
+/* The maximum remaining length of subject we are prepared to search for a
+reqByte match. */
+
+#define REQ_BYTE_MAX 1000
+
+/* The below limit restricts the number of "recursive" match calls in order to
+avoid spending exponential time on complex regular expressions. */
+
+static const unsigned matchLimit = 1000000;
+
+#ifdef DEBUG
+/*************************************************
+*        Debugging function to print chars       *
+*************************************************/
+
+/* Print a sequence of chars in printable format, stopping at the end of the
+subject if the requested.
+
+Arguments:
+  p           points to characters
+  length      number to print
+  isSubject  true if printing from within md.startSubject
+  md          pointer to matching data block, if isSubject is true
+*/
+
+static void pchars(const UChar* p, int length, bool isSubject, const MatchData& md)
+{
+    if (isSubject && length > md.endSubject - p)
+        length = md.endSubject - p;
+    while (length-- > 0) {
+        int c;
+        if (isprint(c = *(p++)))
+            printf("%c", c);
+        else if (c < 256)
+            printf("\\x%02x", c);
+        else
+            printf("\\x{%x}", c);
+    }
+}
+#endif
+
+/*************************************************
+*          Match a back-reference                *
+*************************************************/
+
+/* If a back reference hasn't been set, the length that is passed is greater
+than the number of characters left in the string, so the match fails.
+
+Arguments:
+  offset      index into the offset vector
+  subjectPtr        points into the subject
+  length      length to be matched
+  md          points to match data block
+
+Returns:      true if matched
+*/
+
+static bool matchRef(int offset, const UChar* subjectPtr, int length, const MatchData& md)
+{
+    const UChar* p = md.startSubject + md.offsetVector[offset];
+    
+#ifdef DEBUG
+    if (subjectPtr >= md.endSubject)
+        printf("matching subject <null>");
+    else {
+        printf("matching subject ");
+        pchars(subjectPtr, length, true, md);
+    }
+    printf(" against backref ");
+    pchars(p, length, false, md);
+    printf("\n");
+#endif
+    
+    /* Always fail if not enough characters left */
+    
+    if (length > md.endSubject - subjectPtr)
+        return false;
+    
+    /* Separate the caselesss case for speed */
+    
+    if (md.ignoreCase) {
+        while (length-- > 0) {
+            UChar c = *p++;
+            int othercase = jsc_pcre_ucp_othercase(c);
+            UChar d = *subjectPtr++;
+            if (c != d && othercase != d)
+                return false;
+        }
+    }
+    else {
+        while (length-- > 0)
+            if (*p++ != *subjectPtr++)
+                return false;
+    }
+    
+    return true;
+}
+
+#ifndef USE_COMPUTED_GOTO_FOR_MATCH_RECURSION
+
+/* Use numbered labels and switch statement at the bottom of the match function. */
+
+#define RMATCH_WHERE(num) num
+#define RRETURN_LABEL RRETURN_SWITCH
+
+#else
+
+/* Use GCC's computed goto extension. */
+
+/* For one test case this is more than 40% faster than the switch statement.
+We could avoid the use of the num argument entirely by using local labels,
+but using it for the GCC case as well as the non-GCC case allows us to share
+a bit more code and notice if we use conflicting numbers.*/
+
+#define RMATCH_WHERE(num) &&RRETURN_##num
+#define RRETURN_LABEL *stack.currentFrame->returnLocation
+
+#endif
+
+#define RECURSIVE_MATCH_COMMON(num) \
+    goto RECURSE;\
+    RRETURN_##num: \
+    stack.popCurrentFrame();
+
+#define RECURSIVE_MATCH(num, ra, rb) \
+    do { \
+        stack.pushNewFrame((ra), (rb), RMATCH_WHERE(num)); \
+        RECURSIVE_MATCH_COMMON(num) \
+    } while (0)
+
+#define RECURSIVE_MATCH_NEW_GROUP(num, ra, rb) \
+    do { \
+        stack.pushNewFrame((ra), (rb), RMATCH_WHERE(num)); \
+        startNewGroup(stack.currentFrame); \
+        RECURSIVE_MATCH_COMMON(num) \
+    } while (0)
+
+#define RRETURN goto RRETURN_LABEL
+
+#define RRETURN_NO_MATCH do { isMatch = false; RRETURN; } while (0)
+
+/*************************************************
+*         Match from current position            *
+*************************************************/
+
+/* On entry instructionPtr points to the first opcode, and subjectPtr to the first character
+in the subject string, while substringStart holds the value of subjectPtr at the start of the
+last bracketed group - used for breaking infinite loops matching zero-length
+strings. This function is called recursively in many circumstances. Whenever it
+returns a negative (error) response, the outer match() call must also return the
+same response.
+
+Arguments:
+   subjectPtr        pointer in subject
+   instructionPtr       position in code
+   offsetTop  current top pointer
+   md          pointer to "static" info for the match
+
+Returns:       1 if matched          )  these values are >= 0
+               0 if failed to match  )
+               a negative error value if aborted by an error condition
+                 (e.g. stopped by repeated call or recursion limit)
+*/
+
+static const unsigned numFramesOnStack = 16;
+
+struct MatchStack {
+    MatchStack()
+        : framesEnd(frames + numFramesOnStack)
+        , currentFrame(frames)
+        , size(1) // match() creates accesses the first frame w/o calling pushNewFrame
+    {
+        ASSERT((sizeof(frames) / sizeof(frames[0])) == numFramesOnStack);
+    }
+    
+    MatchFrame frames[numFramesOnStack];
+    MatchFrame* framesEnd;
+    MatchFrame* currentFrame;
+    unsigned size;
+    
+    inline bool canUseStackBufferForNextFrame()
+    {
+        return size < numFramesOnStack;
+    }
+    
+    inline MatchFrame* allocateNextFrame()
+    {
+        if (canUseStackBufferForNextFrame())
+            return currentFrame + 1;
+        return new MatchFrame;
+    }
+    
+    inline void pushNewFrame(const unsigned char* instructionPtr, BracketChainNode* bracketChain, ReturnLocation returnLocation)
+    {
+        MatchFrame* newframe = allocateNextFrame();
+        newframe->previousFrame = currentFrame;
+
+        newframe->args.subjectPtr = currentFrame->args.subjectPtr;
+        newframe->args.offsetTop = currentFrame->args.offsetTop;
+        newframe->args.instructionPtr = instructionPtr;
+        newframe->args.bracketChain = bracketChain;
+        newframe->returnLocation = returnLocation;
+        size++;
+
+        currentFrame = newframe;
+    }
+    
+    inline void popCurrentFrame()
+    {
+        MatchFrame* oldFrame = currentFrame;
+        currentFrame = currentFrame->previousFrame;
+        if (size > numFramesOnStack)
+            delete oldFrame;
+        size--;
+    }
+
+    void popAllFrames()
+    {
+        while (size)
+            popCurrentFrame();
+    }
+};
+
+static int matchError(int errorCode, MatchStack& stack)
+{
+    stack.popAllFrames();
+    return errorCode;
+}
+
+/* Get the next UTF-8 character, not advancing the pointer, incrementing length
+ if there are extra bytes. This is called when we know we are in UTF-8 mode. */
+
+static inline void getUTF8CharAndIncrementLength(int& c, const unsigned char* subjectPtr, int& len)
+{
+    c = *subjectPtr;
+    if ((c & 0xc0) == 0xc0) {
+        int gcaa = jsc_pcre_utf8_table4[c & 0x3f];  /* Number of additional bytes */
+        int gcss = 6 * gcaa;
+        c = (c & jsc_pcre_utf8_table3[gcaa]) << gcss;
+        for (int gcii = 1; gcii <= gcaa; gcii++) {
+            gcss -= 6;
+            c |= (subjectPtr[gcii] & 0x3f) << gcss;
+        }
+        len += gcaa;
+    }
+}
+
+static inline void startNewGroup(MatchFrame* currentFrame)
+{
+    /* At the start of a bracketed group, add the current subject pointer to the
+     stack of such pointers, to be re-instated at the end of the group when we hit
+     the closing ket. When match() is called in other circumstances, we don't add to
+     this stack. */
+    
+    currentFrame->locals.bracketChainNode.previousBracket = currentFrame->args.bracketChain;
+    currentFrame->locals.bracketChainNode.bracketStart = currentFrame->args.subjectPtr;
+    currentFrame->args.bracketChain = &currentFrame->locals.bracketChainNode;
+}
+
+// FIXME: "minimize" means "not greedy", we should invert the callers to ask for "greedy" to be less confusing
+static inline void repeatInformationFromInstructionOffset(short instructionOffset, bool& minimize, int& minimumRepeats, int& maximumRepeats)
+{
+    // Instruction offsets are based off of OP_CRSTAR, OP_STAR, OP_TYPESTAR, OP_NOTSTAR
+    static const char minimumRepeatsFromInstructionOffset[] = { 0, 0, 1, 1, 0, 0 };
+    static const int maximumRepeatsFromInstructionOffset[] = { INT_MAX, INT_MAX, INT_MAX, INT_MAX, 1, 1 };
+
+    ASSERT(instructionOffset >= 0);
+    ASSERT(instructionOffset <= (OP_CRMINQUERY - OP_CRSTAR));
+
+    minimize = (instructionOffset & 1); // this assumes ordering: Instruction, MinimizeInstruction, Instruction2, MinimizeInstruction2
+    minimumRepeats = minimumRepeatsFromInstructionOffset[instructionOffset];
+    maximumRepeats = maximumRepeatsFromInstructionOffset[instructionOffset];
+}
+
+static int match(const UChar* subjectPtr, const unsigned char* instructionPtr, int offsetTop, MatchData& md)
+{
+    bool isMatch = false;
+    int min;
+    bool minimize = false; /* Initialization not really needed, but some compilers think so. */
+    unsigned remainingMatchCount = matchLimit;
+    int othercase; /* Declare here to avoid errors during jumps */
+    
+    MatchStack stack;
+
+    /* The opcode jump table. */
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+#define EMIT_JUMP_TABLE_ENTRY(opcode) &&LABEL_OP_##opcode,
+    static void* opcodeJumpTable[256] = { FOR_EACH_OPCODE(EMIT_JUMP_TABLE_ENTRY) };
+#undef EMIT_JUMP_TABLE_ENTRY
+#endif
+    
+    /* One-time setup of the opcode jump table. */
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+    for (int i = 255; !opcodeJumpTable[i]; i--)
+        opcodeJumpTable[i] = &&CAPTURING_BRACKET;
+#endif
+    
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_RECURSION
+    // Shark shows this as a hot line
+    // Using a static const here makes this line disappear, but makes later access hotter (not sure why)
+    stack.currentFrame->returnLocation = &&RETURN;
+#else
+    stack.currentFrame->returnLocation = 0;
+#endif
+    stack.currentFrame->args.subjectPtr = subjectPtr;
+    stack.currentFrame->args.instructionPtr = instructionPtr;
+    stack.currentFrame->args.offsetTop = offsetTop;
+    stack.currentFrame->args.bracketChain = 0;
+    startNewGroup(stack.currentFrame);
+    
+    /* This is where control jumps back to to effect "recursion" */
+    
+RECURSE:
+    if (!--remainingMatchCount)
+        return matchError(JSRegExpErrorHitLimit, stack);
+
+    /* Now start processing the operations. */
+    
+#ifndef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+    while (true)
+#endif
+    {
+        
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+#define BEGIN_OPCODE(opcode) LABEL_OP_##opcode
+#define NEXT_OPCODE goto *opcodeJumpTable[*stack.currentFrame->args.instructionPtr]
+#else
+#define BEGIN_OPCODE(opcode) case OP_##opcode
+#define NEXT_OPCODE continue
+#endif
+        
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+        NEXT_OPCODE;
+#else
+        switch (*stack.currentFrame->args.instructionPtr)
+#endif
+        {
+            /* Non-capturing bracket: optimized */
+                
+            BEGIN_OPCODE(BRA):
+            NON_CAPTURING_BRACKET:
+                DPRINTF(("start bracket 0\n"));
+                do {
+                    RECURSIVE_MATCH_NEW_GROUP(2, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, stack.currentFrame->args.bracketChain);
+                    if (isMatch)
+                        RRETURN;
+                    stack.currentFrame->args.instructionPtr += getLinkValue(stack.currentFrame->args.instructionPtr + 1);
+                } while (*stack.currentFrame->args.instructionPtr == OP_ALT);
+                DPRINTF(("bracket 0 failed\n"));
+                RRETURN;
+                
+            /* Skip over large extraction number data if encountered. */
+                
+            BEGIN_OPCODE(BRANUMBER):
+                stack.currentFrame->args.instructionPtr += 3;
+                NEXT_OPCODE;
+                
+            /* End of the pattern. */
+                
+            BEGIN_OPCODE(END):
+                md.endMatchPtr = stack.currentFrame->args.subjectPtr;          /* Record where we ended */
+                md.endOffsetTop = stack.currentFrame->args.offsetTop;   /* and how many extracts were taken */
+                isMatch = true;
+                RRETURN;
+                
+            /* Assertion brackets. Check the alternative branches in turn - the
+             matching won't pass the KET for an assertion. If any one branch matches,
+             the assertion is true. Lookbehind assertions have an OP_REVERSE item at the
+             start of each branch to move the current point backwards, so the code at
+             this level is identical to the lookahead case. */
+                
+            BEGIN_OPCODE(ASSERT):
+                do {
+                    RECURSIVE_MATCH_NEW_GROUP(6, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, NULL);
+                    if (isMatch)
+                        break;
+                    stack.currentFrame->args.instructionPtr += getLinkValue(stack.currentFrame->args.instructionPtr + 1);
+                } while (*stack.currentFrame->args.instructionPtr == OP_ALT);
+                if (*stack.currentFrame->args.instructionPtr == OP_KET)
+                    RRETURN_NO_MATCH;
+                
+                /* Continue from after the assertion, updating the offsets high water
+                 mark, since extracts may have been taken during the assertion. */
+                
+                advanceToEndOfBracket(stack.currentFrame->args.instructionPtr);
+                stack.currentFrame->args.instructionPtr += 1 + LINK_SIZE;
+                stack.currentFrame->args.offsetTop = md.endOffsetTop;
+                NEXT_OPCODE;
+                
+            /* Negative assertion: all branches must fail to match */
+                
+            BEGIN_OPCODE(ASSERT_NOT):
+                do {
+                    RECURSIVE_MATCH_NEW_GROUP(7, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, NULL);
+                    if (isMatch)
+                        RRETURN_NO_MATCH;
+                    stack.currentFrame->args.instructionPtr += getLinkValue(stack.currentFrame->args.instructionPtr + 1);
+                } while (*stack.currentFrame->args.instructionPtr == OP_ALT);
+                
+                stack.currentFrame->args.instructionPtr += 1 + LINK_SIZE;
+                NEXT_OPCODE;
+                
+            /* An alternation is the end of a branch; scan along to find the end of the
+             bracketed group and go to there. */
+                
+            BEGIN_OPCODE(ALT):
+                advanceToEndOfBracket(stack.currentFrame->args.instructionPtr);
+                NEXT_OPCODE;
+                
+            /* BRAZERO and BRAMINZERO occur just before a bracket group, indicating
+             that it may occur zero times. It may repeat infinitely, or not at all -
+             i.e. it could be ()* or ()? in the pattern. Brackets with fixed upper
+             repeat limits are compiled as a number of copies, with the optional ones
+             preceded by BRAZERO or BRAMINZERO. */
+                
+            BEGIN_OPCODE(BRAZERO): {
+                stack.currentFrame->locals.startOfRepeatingBracket = stack.currentFrame->args.instructionPtr + 1;
+                RECURSIVE_MATCH_NEW_GROUP(14, stack.currentFrame->locals.startOfRepeatingBracket, stack.currentFrame->args.bracketChain);
+                if (isMatch)
+                    RRETURN;
+                advanceToEndOfBracket(stack.currentFrame->locals.startOfRepeatingBracket);
+                stack.currentFrame->args.instructionPtr = stack.currentFrame->locals.startOfRepeatingBracket + 1 + LINK_SIZE;
+                NEXT_OPCODE;
+            }
+                
+            BEGIN_OPCODE(BRAMINZERO): {
+                stack.currentFrame->locals.startOfRepeatingBracket = stack.currentFrame->args.instructionPtr + 1;
+                advanceToEndOfBracket(stack.currentFrame->locals.startOfRepeatingBracket);
+                RECURSIVE_MATCH_NEW_GROUP(15, stack.currentFrame->locals.startOfRepeatingBracket + 1 + LINK_SIZE, stack.currentFrame->args.bracketChain);
+                if (isMatch)
+                    RRETURN;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+            }
+                
+            /* End of a group, repeated or non-repeating. If we are at the end of
+             an assertion "group", stop matching and return 1, but record the
+             current high water mark for use by positive assertions. Do this also
+             for the "once" (not-backup up) groups. */
+                
+            BEGIN_OPCODE(KET):
+            BEGIN_OPCODE(KETRMIN):
+            BEGIN_OPCODE(KETRMAX):
+                stack.currentFrame->locals.instructionPtrAtStartOfOnce = stack.currentFrame->args.instructionPtr - getLinkValue(stack.currentFrame->args.instructionPtr + 1);
+                stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.bracketChain->bracketStart;
+
+                /* Back up the stack of bracket start pointers. */
+
+                stack.currentFrame->args.bracketChain = stack.currentFrame->args.bracketChain->previousBracket;
+
+                if (*stack.currentFrame->locals.instructionPtrAtStartOfOnce == OP_ASSERT || *stack.currentFrame->locals.instructionPtrAtStartOfOnce == OP_ASSERT_NOT) {
+                    md.endOffsetTop = stack.currentFrame->args.offsetTop;
+                    isMatch = true;
+                    RRETURN;
+                }
+                
+                /* In all other cases except a conditional group we have to check the
+                 group number back at the start and if necessary complete handling an
+                 extraction by setting the offsets and bumping the high water mark. */
+                
+                stack.currentFrame->locals.number = *stack.currentFrame->locals.instructionPtrAtStartOfOnce - OP_BRA;
+                
+                /* For extended extraction brackets (large number), we have to fish out
+                 the number from a dummy opcode at the start. */
+                
+                if (stack.currentFrame->locals.number > EXTRACT_BASIC_MAX)
+                    stack.currentFrame->locals.number = get2ByteValue(stack.currentFrame->locals.instructionPtrAtStartOfOnce + 2 + LINK_SIZE);
+                stack.currentFrame->locals.offset = stack.currentFrame->locals.number << 1;
+                
+#ifdef DEBUG
+                printf("end bracket %d", stack.currentFrame->locals.number);
+                printf("\n");
+#endif
+                
+                /* Test for a numbered group. This includes groups called as a result
+                 of recursion. Note that whole-pattern recursion is coded as a recurse
+                 into group 0, so it won't be picked up here. Instead, we catch it when
+                 the OP_END is reached. */
+                
+                if (stack.currentFrame->locals.number > 0) {
+                    if (stack.currentFrame->locals.offset >= md.offsetMax)
+                        md.offsetOverflow = true;
+                    else {
+                        md.offsetVector[stack.currentFrame->locals.offset] =
+                        md.offsetVector[md.offsetEnd - stack.currentFrame->locals.number];
+                        md.offsetVector[stack.currentFrame->locals.offset+1] = stack.currentFrame->args.subjectPtr - md.startSubject;
+                        if (stack.currentFrame->args.offsetTop <= stack.currentFrame->locals.offset)
+                            stack.currentFrame->args.offsetTop = stack.currentFrame->locals.offset + 2;
+                    }
+                }
+                
+                /* For a non-repeating ket, just continue at this level. This also
+                 happens for a repeating ket if no characters were matched in the group.
+                 This is the forcible breaking of infinite loops as implemented in Perl
+                 5.005. If there is an options reset, it will get obeyed in the normal
+                 course of events. */
+                
+                if (*stack.currentFrame->args.instructionPtr == OP_KET || stack.currentFrame->args.subjectPtr == stack.currentFrame->locals.subjectPtrAtStartOfInstruction) {
+                    stack.currentFrame->args.instructionPtr += 1 + LINK_SIZE;
+                    NEXT_OPCODE;
+                }
+                
+                /* The repeating kets try the rest of the pattern or restart from the
+                 preceding bracket, in the appropriate order. */
+                
+                if (*stack.currentFrame->args.instructionPtr == OP_KETRMIN) {
+                    RECURSIVE_MATCH(16, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, stack.currentFrame->args.bracketChain);
+                    if (isMatch)
+                        RRETURN;
+                    RECURSIVE_MATCH_NEW_GROUP(17, stack.currentFrame->locals.instructionPtrAtStartOfOnce, stack.currentFrame->args.bracketChain);
+                    if (isMatch)
+                        RRETURN;
+                } else { /* OP_KETRMAX */
+                    RECURSIVE_MATCH_NEW_GROUP(18, stack.currentFrame->locals.instructionPtrAtStartOfOnce, stack.currentFrame->args.bracketChain);
+                    if (isMatch)
+                        RRETURN;
+                    RECURSIVE_MATCH(19, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, stack.currentFrame->args.bracketChain);
+                    if (isMatch)
+                        RRETURN;
+                }
+                RRETURN;
+                
+            /* Start of subject. */
+
+            BEGIN_OPCODE(CIRC):
+                if (stack.currentFrame->args.subjectPtr != md.startSubject)
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            /* After internal newline if multiline. */
+
+            BEGIN_OPCODE(BOL):
+                if (stack.currentFrame->args.subjectPtr != md.startSubject && !isNewline(stack.currentFrame->args.subjectPtr[-1]))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            /* End of subject. */
+
+            BEGIN_OPCODE(DOLL):
+                if (stack.currentFrame->args.subjectPtr < md.endSubject)
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            /* Before internal newline if multiline. */
+
+            BEGIN_OPCODE(EOL):
+                if (stack.currentFrame->args.subjectPtr < md.endSubject && !isNewline(*stack.currentFrame->args.subjectPtr))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+                
+            /* Word boundary assertions */
+                
+            BEGIN_OPCODE(NOT_WORD_BOUNDARY):
+            BEGIN_OPCODE(WORD_BOUNDARY): {
+                bool currentCharIsWordChar = false;
+                bool previousCharIsWordChar = false;
+                
+                if (stack.currentFrame->args.subjectPtr > md.startSubject)
+                    previousCharIsWordChar = isWordChar(stack.currentFrame->args.subjectPtr[-1]);
+                if (stack.currentFrame->args.subjectPtr < md.endSubject)
+                    currentCharIsWordChar = isWordChar(*stack.currentFrame->args.subjectPtr);
+                
+                /* Now see if the situation is what we want */
+                bool wordBoundaryDesired = (*stack.currentFrame->args.instructionPtr++ == OP_WORD_BOUNDARY);
+                if (wordBoundaryDesired ? currentCharIsWordChar == previousCharIsWordChar : currentCharIsWordChar != previousCharIsWordChar)
+                    RRETURN_NO_MATCH;
+                NEXT_OPCODE;
+            }
+                
+            /* Match a single character type; inline for speed */
+                
+            BEGIN_OPCODE(NOT_NEWLINE):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (isNewline(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            BEGIN_OPCODE(NOT_DIGIT):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (isASCIIDigit(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            BEGIN_OPCODE(DIGIT):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (!isASCIIDigit(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            BEGIN_OPCODE(NOT_WHITESPACE):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (isSpaceChar(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+
+            BEGIN_OPCODE(WHITESPACE):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (!isSpaceChar(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+                
+            BEGIN_OPCODE(NOT_WORDCHAR):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (isWordChar(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+                
+            BEGIN_OPCODE(WORDCHAR):
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (!isWordChar(*stack.currentFrame->args.subjectPtr++))
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr++;
+                NEXT_OPCODE;
+                
+            /* Match a back reference, possibly repeatedly. Look past the end of the
+             item to see if there is repeat information following. The code is similar
+             to that for character classes, but repeated for efficiency. Then obey
+             similar code to character type repeats - written out again for speed.
+             However, if the referenced string is the empty string, always treat
+             it as matched, any number of times (otherwise there could be infinite
+             loops). */
+                
+            BEGIN_OPCODE(REF):
+                stack.currentFrame->locals.offset = get2ByteValue(stack.currentFrame->args.instructionPtr + 1) << 1;               /* Doubled ref number */
+                stack.currentFrame->args.instructionPtr += 3;                                 /* Advance past item */
+                
+                /* If the reference is unset, set the length to be longer than the amount
+                 of subject left; this ensures that every attempt at a match fails. We
+                 can't just fail here, because of the possibility of quantifiers with zero
+                 minima. */
+                
+                if (stack.currentFrame->locals.offset >= stack.currentFrame->args.offsetTop || md.offsetVector[stack.currentFrame->locals.offset] < 0)
+                    stack.currentFrame->locals.length = 0;
+                else
+                    stack.currentFrame->locals.length = md.offsetVector[stack.currentFrame->locals.offset+1] - md.offsetVector[stack.currentFrame->locals.offset];
+                
+                /* Set up for repetition, or handle the non-repeated case */
+                
+                switch (*stack.currentFrame->args.instructionPtr) {
+                    case OP_CRSTAR:
+                    case OP_CRMINSTAR:
+                    case OP_CRPLUS:
+                    case OP_CRMINPLUS:
+                    case OP_CRQUERY:
+                    case OP_CRMINQUERY:
+                        repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_CRSTAR, minimize, min, stack.currentFrame->locals.max);
+                        break;
+                        
+                    case OP_CRRANGE:
+                    case OP_CRMINRANGE:
+                        minimize = (*stack.currentFrame->args.instructionPtr == OP_CRMINRANGE);
+                        min = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                        stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 3);
+                        if (stack.currentFrame->locals.max == 0)
+                            stack.currentFrame->locals.max = INT_MAX;
+                        stack.currentFrame->args.instructionPtr += 5;
+                        break;
+                    
+                    default:               /* No repeat follows */
+                        if (!matchRef(stack.currentFrame->locals.offset, stack.currentFrame->args.subjectPtr, stack.currentFrame->locals.length, md))
+                            RRETURN_NO_MATCH;
+                        stack.currentFrame->args.subjectPtr += stack.currentFrame->locals.length;
+                        NEXT_OPCODE;
+                }
+                
+                /* If the length of the reference is zero, just continue with the
+                 main loop. */
+                
+                if (stack.currentFrame->locals.length == 0)
+                    NEXT_OPCODE;
+                
+                /* First, ensure the minimum number of matches are present. */
+                
+                for (int i = 1; i <= min; i++) {
+                    if (!matchRef(stack.currentFrame->locals.offset, stack.currentFrame->args.subjectPtr, stack.currentFrame->locals.length, md))
+                        RRETURN_NO_MATCH;
+                    stack.currentFrame->args.subjectPtr += stack.currentFrame->locals.length;
+                }
+                
+                /* If min = max, continue at the same level without recursion.
+                 They are not both allowed to be zero. */
+                
+                if (min == stack.currentFrame->locals.max)
+                    NEXT_OPCODE;
+                
+                /* If minimizing, keep trying and advancing the pointer */
+                
+                if (minimize) {
+                    for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                        RECURSIVE_MATCH(20, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || !matchRef(stack.currentFrame->locals.offset, stack.currentFrame->args.subjectPtr, stack.currentFrame->locals.length, md))
+                            RRETURN;
+                        stack.currentFrame->args.subjectPtr += stack.currentFrame->locals.length;
+                    }
+                    /* Control never reaches here */
+                }
+                
+                /* If maximizing, find the longest string and work backwards */
+                
+                else {
+                    stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                    for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                        if (!matchRef(stack.currentFrame->locals.offset, stack.currentFrame->args.subjectPtr, stack.currentFrame->locals.length, md))
+                            break;
+                        stack.currentFrame->args.subjectPtr += stack.currentFrame->locals.length;
+                    }
+                    while (stack.currentFrame->args.subjectPtr >= stack.currentFrame->locals.subjectPtrAtStartOfInstruction) {
+                        RECURSIVE_MATCH(21, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        stack.currentFrame->args.subjectPtr -= stack.currentFrame->locals.length;
+                    }
+                    RRETURN_NO_MATCH;
+                }
+                /* Control never reaches here */
+                
+            /* Match a bit-mapped character class, possibly repeatedly. This op code is
+             used when all the characters in the class have values in the range 0-255,
+             and either the matching is caseful, or the characters are in the range
+             0-127 when UTF-8 processing is enabled. The only difference between
+             OP_CLASS and OP_NCLASS occurs when a data character outside the range is
+             encountered.
+             
+             First, look past the end of the item to see if there is repeat information
+             following. Then obey similar code to character type repeats - written out
+             again for speed. */
+                
+            BEGIN_OPCODE(NCLASS):
+            BEGIN_OPCODE(CLASS):
+                stack.currentFrame->locals.data = stack.currentFrame->args.instructionPtr + 1;                /* Save for matching */
+                stack.currentFrame->args.instructionPtr += 33;                     /* Advance past the item */
+                
+                switch (*stack.currentFrame->args.instructionPtr) {
+                    case OP_CRSTAR:
+                    case OP_CRMINSTAR:
+                    case OP_CRPLUS:
+                    case OP_CRMINPLUS:
+                    case OP_CRQUERY:
+                    case OP_CRMINQUERY:
+                        repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_CRSTAR, minimize, min, stack.currentFrame->locals.max);
+                        break;
+                        
+                    case OP_CRRANGE:
+                    case OP_CRMINRANGE:
+                        minimize = (*stack.currentFrame->args.instructionPtr == OP_CRMINRANGE);
+                        min = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                        stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 3);
+                        if (stack.currentFrame->locals.max == 0)
+                            stack.currentFrame->locals.max = INT_MAX;
+                        stack.currentFrame->args.instructionPtr += 5;
+                        break;
+                        
+                    default:               /* No repeat follows */
+                        min = stack.currentFrame->locals.max = 1;
+                        break;
+                }
+                
+                /* First, ensure the minimum number of matches are present. */
+                
+                for (int i = 1; i <= min; i++) {
+                    if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                        RRETURN_NO_MATCH;
+                    int c = *stack.currentFrame->args.subjectPtr++;
+                    if (c > 255) {
+                        if (stack.currentFrame->locals.data[-1] == OP_CLASS)
+                            RRETURN_NO_MATCH;
+                    } else {
+                        if (!(stack.currentFrame->locals.data[c / 8] & (1 << (c & 7))))
+                            RRETURN_NO_MATCH;
+                    }
+                }
+                
+                /* If max == min we can continue with the main loop without the
+                 need to recurse. */
+                
+                if (min == stack.currentFrame->locals.max)
+                    NEXT_OPCODE;      
+                
+                /* If minimizing, keep testing the rest of the expression and advancing
+                 the pointer while it matches the class. */
+                if (minimize) {
+                    for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                        RECURSIVE_MATCH(22, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject)
+                            RRETURN;
+                        int c = *stack.currentFrame->args.subjectPtr++;
+                        if (c > 255) {
+                            if (stack.currentFrame->locals.data[-1] == OP_CLASS)
+                                RRETURN;
+                        } else {
+                            if ((stack.currentFrame->locals.data[c/8] & (1 << (c&7))) == 0)
+                                RRETURN;
+                        }
+                    }
+                    /* Control never reaches here */
+                }
+                /* If maximizing, find the longest possible run, then work backwards. */
+                else {
+                    stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                    
+                    for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                        if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                            break;
+                        int c = *stack.currentFrame->args.subjectPtr;
+                        if (c > 255) {
+                            if (stack.currentFrame->locals.data[-1] == OP_CLASS)
+                                break;
+                        } else {
+                            if (!(stack.currentFrame->locals.data[c / 8] & (1 << (c & 7))))
+                                break;
+                        }
+                        ++stack.currentFrame->args.subjectPtr;
+                    }
+                    for (;;) {
+                        RECURSIVE_MATCH(24, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->args.subjectPtr-- == stack.currentFrame->locals.subjectPtrAtStartOfInstruction)
+                            break;        /* Stop if tried at original pos */
+                    }
+                    
+                    RRETURN;
+                }
+                /* Control never reaches here */
+                
+            /* Match an extended character class. */
+                
+            BEGIN_OPCODE(XCLASS):
+                stack.currentFrame->locals.data = stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE;                /* Save for matching */
+                stack.currentFrame->args.instructionPtr += getLinkValue(stack.currentFrame->args.instructionPtr + 1);                      /* Advance past the item */
+                
+                switch (*stack.currentFrame->args.instructionPtr) {
+                    case OP_CRSTAR:
+                    case OP_CRMINSTAR:
+                    case OP_CRPLUS:
+                    case OP_CRMINPLUS:
+                    case OP_CRQUERY:
+                    case OP_CRMINQUERY:
+                        repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_CRSTAR, minimize, min, stack.currentFrame->locals.max);
+                        break;
+                        
+                    case OP_CRRANGE:
+                    case OP_CRMINRANGE:
+                        minimize = (*stack.currentFrame->args.instructionPtr == OP_CRMINRANGE);
+                        min = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                        stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 3);
+                        if (stack.currentFrame->locals.max == 0)
+                            stack.currentFrame->locals.max = INT_MAX;
+                        stack.currentFrame->args.instructionPtr += 5;
+                        break;
+                        
+                    default:               /* No repeat follows */
+                        min = stack.currentFrame->locals.max = 1;
+                }
+                
+                /* First, ensure the minimum number of matches are present. */
+                
+                for (int i = 1; i <= min; i++) {
+                    if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                        RRETURN_NO_MATCH;
+                    int c = *stack.currentFrame->args.subjectPtr++;
+                    if (!jsc_pcre_xclass(c, stack.currentFrame->locals.data))
+                        RRETURN_NO_MATCH;
+                }
+                
+                /* If max == min we can continue with the main loop without the
+                 need to recurse. */
+                
+                if (min == stack.currentFrame->locals.max)
+                    NEXT_OPCODE;
+                
+                /* If minimizing, keep testing the rest of the expression and advancing
+                 the pointer while it matches the class. */
+                
+                if (minimize) {
+                    for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                        RECURSIVE_MATCH(26, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject)
+                            RRETURN;
+                        int c = *stack.currentFrame->args.subjectPtr++;
+                        if (!jsc_pcre_xclass(c, stack.currentFrame->locals.data))
+                            RRETURN;
+                    }
+                    /* Control never reaches here */
+                }
+                
+                /* If maximizing, find the longest possible run, then work backwards. */
+                
+                else {
+                    stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                    for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                        if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                            break;
+                        int c = *stack.currentFrame->args.subjectPtr;
+                        if (!jsc_pcre_xclass(c, stack.currentFrame->locals.data))
+                            break;
+                        ++stack.currentFrame->args.subjectPtr;
+                    }
+                    for(;;) {
+                        RECURSIVE_MATCH(27, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->args.subjectPtr-- == stack.currentFrame->locals.subjectPtrAtStartOfInstruction)
+                            break;        /* Stop if tried at original pos */
+                    }
+                    RRETURN;
+                }
+                
+                /* Control never reaches here */
+                
+            /* Match a single character, casefully */
+                
+            BEGIN_OPCODE(CHAR):
+                stack.currentFrame->locals.length = 1;
+                stack.currentFrame->args.instructionPtr++;
+                getUTF8CharAndIncrementLength(stack.currentFrame->locals.fc, stack.currentFrame->args.instructionPtr, stack.currentFrame->locals.length);
+                stack.currentFrame->args.instructionPtr += stack.currentFrame->locals.length;
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                if (stack.currentFrame->locals.fc != *stack.currentFrame->args.subjectPtr++)
+                    RRETURN_NO_MATCH;
+                NEXT_OPCODE;
+                
+            /* Match a single character, caselessly */
+                
+            BEGIN_OPCODE(CHAR_IGNORING_CASE): {
+                stack.currentFrame->locals.length = 1;
+                stack.currentFrame->args.instructionPtr++;
+                getUTF8CharAndIncrementLength(stack.currentFrame->locals.fc, stack.currentFrame->args.instructionPtr, stack.currentFrame->locals.length);
+                stack.currentFrame->args.instructionPtr += stack.currentFrame->locals.length;
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                int dc = *stack.currentFrame->args.subjectPtr++;
+                if (stack.currentFrame->locals.fc != dc && jsc_pcre_ucp_othercase(stack.currentFrame->locals.fc) != dc)
+                    RRETURN_NO_MATCH;
+                NEXT_OPCODE;
+            }
+                
+            /* Match a single ASCII character. */
+                
+            BEGIN_OPCODE(ASCII_CHAR):
+                if (md.endSubject == stack.currentFrame->args.subjectPtr)
+                    RRETURN_NO_MATCH;
+                if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->args.instructionPtr[1])
+                    RRETURN_NO_MATCH;
+                ++stack.currentFrame->args.subjectPtr;
+                stack.currentFrame->args.instructionPtr += 2;
+                NEXT_OPCODE;
+                
+            /* Match one of two cases of an ASCII letter. */
+                
+            BEGIN_OPCODE(ASCII_LETTER_IGNORING_CASE):
+                if (md.endSubject == stack.currentFrame->args.subjectPtr)
+                    RRETURN_NO_MATCH;
+                if ((*stack.currentFrame->args.subjectPtr | 0x20) != stack.currentFrame->args.instructionPtr[1])
+                    RRETURN_NO_MATCH;
+                ++stack.currentFrame->args.subjectPtr;
+                stack.currentFrame->args.instructionPtr += 2;
+                NEXT_OPCODE;
+                
+            /* Match a single character repeatedly; different opcodes share code. */
+                
+            BEGIN_OPCODE(EXACT):
+                min = stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = false;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATCHAR;
+                
+            BEGIN_OPCODE(UPTO):
+            BEGIN_OPCODE(MINUPTO):
+                min = 0;
+                stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = *stack.currentFrame->args.instructionPtr == OP_MINUPTO;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATCHAR;
+                
+            BEGIN_OPCODE(STAR):
+            BEGIN_OPCODE(MINSTAR):
+            BEGIN_OPCODE(PLUS):
+            BEGIN_OPCODE(MINPLUS):
+            BEGIN_OPCODE(QUERY):
+            BEGIN_OPCODE(MINQUERY):
+                repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_STAR, minimize, min, stack.currentFrame->locals.max);
+                
+                /* Common code for all repeated single-character matches. We can give
+                 up quickly if there are fewer than the minimum number of characters left in
+                 the subject. */
+                
+            REPEATCHAR:
+                
+                stack.currentFrame->locals.length = 1;
+                getUTF8CharAndIncrementLength(stack.currentFrame->locals.fc, stack.currentFrame->args.instructionPtr, stack.currentFrame->locals.length);
+                if (min * (stack.currentFrame->locals.fc > 0xFFFF ? 2 : 1) > md.endSubject - stack.currentFrame->args.subjectPtr)
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->args.instructionPtr += stack.currentFrame->locals.length;
+                
+                if (stack.currentFrame->locals.fc <= 0xFFFF) {
+                    othercase = md.ignoreCase ? jsc_pcre_ucp_othercase(stack.currentFrame->locals.fc) : -1;
+                    
+                    for (int i = 1; i <= min; i++) {
+                        if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc && *stack.currentFrame->args.subjectPtr != othercase)
+                            RRETURN_NO_MATCH;
+                        ++stack.currentFrame->args.subjectPtr;
+                    }
+                    
+                    if (min == stack.currentFrame->locals.max)
+                        NEXT_OPCODE;
+                    
+                    if (minimize) {
+                        stack.currentFrame->locals.repeatOthercase = othercase;
+                        for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                            RECURSIVE_MATCH(28, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                RRETURN;
+                            if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc && *stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.repeatOthercase)
+                                RRETURN;
+                            ++stack.currentFrame->args.subjectPtr;
+                        }
+                        /* Control never reaches here */
+                    } else {
+                        stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                        for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                            if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                break;
+                            if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc && *stack.currentFrame->args.subjectPtr != othercase)
+                                break;
+                            ++stack.currentFrame->args.subjectPtr;
+                        }
+                        while (stack.currentFrame->args.subjectPtr >= stack.currentFrame->locals.subjectPtrAtStartOfInstruction) {
+                            RECURSIVE_MATCH(29, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            --stack.currentFrame->args.subjectPtr;
+                        }
+                        RRETURN_NO_MATCH;
+                    }
+                    /* Control never reaches here */
+                } else {
+                    /* No case on surrogate pairs, so no need to bother with "othercase". */
+                    
+                    for (int i = 1; i <= min; i++) {
+                        if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc)
+                            RRETURN_NO_MATCH;
+                        stack.currentFrame->args.subjectPtr += 2;
+                    }
+                    
+                    if (min == stack.currentFrame->locals.max)
+                        NEXT_OPCODE;
+                    
+                    if (minimize) {
+                        for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                            RECURSIVE_MATCH(30, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                RRETURN;
+                            if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc)
+                                RRETURN;
+                            stack.currentFrame->args.subjectPtr += 2;
+                        }
+                        /* Control never reaches here */
+                    } else {
+                        stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                        for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                            if (stack.currentFrame->args.subjectPtr > md.endSubject - 2)
+                                break;
+                            if (*stack.currentFrame->args.subjectPtr != stack.currentFrame->locals.fc)
+                                break;
+                            stack.currentFrame->args.subjectPtr += 2;
+                        }
+                        while (stack.currentFrame->args.subjectPtr >= stack.currentFrame->locals.subjectPtrAtStartOfInstruction) {
+                            RECURSIVE_MATCH(31, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            stack.currentFrame->args.subjectPtr -= 2;
+                        }
+                        RRETURN_NO_MATCH;
+                    }
+                    /* Control never reaches here */
+                }
+                /* Control never reaches here */
+                
+            /* Match a negated single one-byte character. */
+                
+            BEGIN_OPCODE(NOT): {
+                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                    RRETURN_NO_MATCH;
+                int b = stack.currentFrame->args.instructionPtr[1];
+                int c = *stack.currentFrame->args.subjectPtr++;
+                stack.currentFrame->args.instructionPtr += 2;
+                if (md.ignoreCase) {
+                    if (c < 128)
+                        c = toLowerCase(c);
+                    if (toLowerCase(b) == c)
+                        RRETURN_NO_MATCH;
+                } else {
+                    if (b == c)
+                        RRETURN_NO_MATCH;
+                }
+                NEXT_OPCODE;
+            }
+                
+            /* Match a negated single one-byte character repeatedly. This is almost a
+             repeat of the code for a repeated single character, but I haven't found a
+             nice way of commoning these up that doesn't require a test of the
+             positive/negative option for each character match. Maybe that wouldn't add
+             very much to the time taken, but character matching *is* what this is all
+             about... */
+                
+            BEGIN_OPCODE(NOTEXACT):
+                min = stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = false;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATNOTCHAR;
+                
+            BEGIN_OPCODE(NOTUPTO):
+            BEGIN_OPCODE(NOTMINUPTO):
+                min = 0;
+                stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = *stack.currentFrame->args.instructionPtr == OP_NOTMINUPTO;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATNOTCHAR;
+                
+            BEGIN_OPCODE(NOTSTAR):
+            BEGIN_OPCODE(NOTMINSTAR):
+            BEGIN_OPCODE(NOTPLUS):
+            BEGIN_OPCODE(NOTMINPLUS):
+            BEGIN_OPCODE(NOTQUERY):
+            BEGIN_OPCODE(NOTMINQUERY):
+                repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_NOTSTAR, minimize, min, stack.currentFrame->locals.max);
+                
+            /* Common code for all repeated single-byte matches. We can give up quickly
+             if there are fewer than the minimum number of bytes left in the
+             subject. */
+                
+            REPEATNOTCHAR:
+                if (min > md.endSubject - stack.currentFrame->args.subjectPtr)
+                    RRETURN_NO_MATCH;
+                stack.currentFrame->locals.fc = *stack.currentFrame->args.instructionPtr++;
+                
+                /* The code is duplicated for the caseless and caseful cases, for speed,
+                 since matching characters is likely to be quite common. First, ensure the
+                 minimum number of matches are present. If min = max, continue at the same
+                 level without recursing. Otherwise, if minimizing, keep trying the rest of
+                 the expression and advancing one matching character if failing, up to the
+                 maximum. Alternatively, if maximizing, find the maximum number of
+                 characters and work backwards. */
+                
+                DPRINTF(("negative matching %c{%d,%d}\n", stack.currentFrame->locals.fc, min, stack.currentFrame->locals.max));
+                
+                if (md.ignoreCase) {
+                    if (stack.currentFrame->locals.fc < 128)
+                        stack.currentFrame->locals.fc = toLowerCase(stack.currentFrame->locals.fc);
+                    
+                    for (int i = 1; i <= min; i++) {
+                        int d = *stack.currentFrame->args.subjectPtr++;
+                        if (d < 128)
+                            d = toLowerCase(d);
+                        if (stack.currentFrame->locals.fc == d)
+                            RRETURN_NO_MATCH;
+                    }
+                    
+                    if (min == stack.currentFrame->locals.max)
+                        NEXT_OPCODE;      
+                    
+                    if (minimize) {
+                        for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                            RECURSIVE_MATCH(38, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            int d = *stack.currentFrame->args.subjectPtr++;
+                            if (d < 128)
+                                d = toLowerCase(d);
+                            if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject || stack.currentFrame->locals.fc == d)
+                                RRETURN;
+                        }
+                        /* Control never reaches here */
+                    }
+                    
+                    /* Maximize case */
+                    
+                    else {
+                        stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                        
+                        for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                            if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                break;
+                            int d = *stack.currentFrame->args.subjectPtr;
+                            if (d < 128)
+                                d = toLowerCase(d);
+                            if (stack.currentFrame->locals.fc == d)
+                                break;
+                            ++stack.currentFrame->args.subjectPtr;
+                        }
+                        for (;;) {
+                            RECURSIVE_MATCH(40, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            if (stack.currentFrame->args.subjectPtr-- == stack.currentFrame->locals.subjectPtrAtStartOfInstruction)
+                                break;        /* Stop if tried at original pos */
+                        }
+                        
+                        RRETURN;
+                    }
+                    /* Control never reaches here */
+                }
+                
+                /* Caseful comparisons */
+                
+                else {
+                    for (int i = 1; i <= min; i++) {
+                        int d = *stack.currentFrame->args.subjectPtr++;
+                        if (stack.currentFrame->locals.fc == d)
+                            RRETURN_NO_MATCH;
+                    }
+
+                    if (min == stack.currentFrame->locals.max)
+                        NEXT_OPCODE;
+                    
+                    if (minimize) {
+                        for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                            RECURSIVE_MATCH(42, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            int d = *stack.currentFrame->args.subjectPtr++;
+                            if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject || stack.currentFrame->locals.fc == d)
+                                RRETURN;
+                        }
+                        /* Control never reaches here */
+                    }
+                    
+                    /* Maximize case */
+                    
+                    else {
+                        stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;
+                        
+                        for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                            if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                break;
+                            int d = *stack.currentFrame->args.subjectPtr;
+                            if (stack.currentFrame->locals.fc == d)
+                                break;
+                            ++stack.currentFrame->args.subjectPtr;
+                        }
+                        for (;;) {
+                            RECURSIVE_MATCH(44, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                            if (isMatch)
+                                RRETURN;
+                            if (stack.currentFrame->args.subjectPtr-- == stack.currentFrame->locals.subjectPtrAtStartOfInstruction)
+                                break;        /* Stop if tried at original pos */
+                        }
+
+                        RRETURN;
+                    }
+                }
+                /* Control never reaches here */
+                
+            /* Match a single character type repeatedly; several different opcodes
+             share code. This is very similar to the code for single characters, but we
+             repeat it in the interests of efficiency. */
+                
+            BEGIN_OPCODE(TYPEEXACT):
+                min = stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = true;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATTYPE;
+                
+            BEGIN_OPCODE(TYPEUPTO):
+            BEGIN_OPCODE(TYPEMINUPTO):
+                min = 0;
+                stack.currentFrame->locals.max = get2ByteValue(stack.currentFrame->args.instructionPtr + 1);
+                minimize = *stack.currentFrame->args.instructionPtr == OP_TYPEMINUPTO;
+                stack.currentFrame->args.instructionPtr += 3;
+                goto REPEATTYPE;
+                
+            BEGIN_OPCODE(TYPESTAR):
+            BEGIN_OPCODE(TYPEMINSTAR):
+            BEGIN_OPCODE(TYPEPLUS):
+            BEGIN_OPCODE(TYPEMINPLUS):
+            BEGIN_OPCODE(TYPEQUERY):
+            BEGIN_OPCODE(TYPEMINQUERY):
+                repeatInformationFromInstructionOffset(*stack.currentFrame->args.instructionPtr++ - OP_TYPESTAR, minimize, min, stack.currentFrame->locals.max);
+                
+                /* Common code for all repeated single character type matches. Note that
+                 in UTF-8 mode, '.' matches a character of any length, but for the other
+                 character types, the valid characters are all one-byte long. */
+                
+            REPEATTYPE:
+                stack.currentFrame->locals.ctype = *stack.currentFrame->args.instructionPtr++;      /* Code for the character type */
+                
+                /* First, ensure the minimum number of matches are present. Use inline
+                 code for maximizing the speed, and do the type test once at the start
+                 (i.e. keep it out of the loop). Also we can test that there are at least
+                 the minimum number of characters before we start. */
+                
+                if (min > md.endSubject - stack.currentFrame->args.subjectPtr)
+                    RRETURN_NO_MATCH;
+                if (min > 0) {
+                    switch (stack.currentFrame->locals.ctype) {
+                        case OP_NOT_NEWLINE:
+                            for (int i = 1; i <= min; i++) {
+                                if (isNewline(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_NOT_DIGIT:
+                            for (int i = 1; i <= min; i++) {
+                                if (isASCIIDigit(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_DIGIT:
+                            for (int i = 1; i <= min; i++) {
+                                if (!isASCIIDigit(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_NOT_WHITESPACE:
+                            for (int i = 1; i <= min; i++) {
+                                if (isSpaceChar(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_WHITESPACE:
+                            for (int i = 1; i <= min; i++) {
+                                if (!isSpaceChar(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_NOT_WORDCHAR:
+                            for (int i = 1; i <= min; i++) {
+                                if (isWordChar(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_WORDCHAR:
+                            for (int i = 1; i <= min; i++) {
+                                if (!isWordChar(*stack.currentFrame->args.subjectPtr))
+                                    RRETURN_NO_MATCH;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        default:
+                            ASSERT_NOT_REACHED();
+                            return matchError(JSRegExpErrorInternal, stack);
+                    }  /* End switch(stack.currentFrame->locals.ctype) */
+                }
+                
+                /* If min = max, continue at the same level without recursing */
+                
+                if (min == stack.currentFrame->locals.max)
+                    NEXT_OPCODE;    
+                
+                /* If minimizing, we have to test the rest of the pattern before each
+                 subsequent match. */
+                
+                if (minimize) {
+                    for (stack.currentFrame->locals.fi = min;; stack.currentFrame->locals.fi++) {
+                        RECURSIVE_MATCH(48, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->locals.fi >= stack.currentFrame->locals.max || stack.currentFrame->args.subjectPtr >= md.endSubject)
+                            RRETURN;
+                        
+                        int c = *stack.currentFrame->args.subjectPtr++;
+                        switch (stack.currentFrame->locals.ctype) {
+                            case OP_NOT_NEWLINE:
+                                if (isNewline(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_NOT_DIGIT:
+                                if (isASCIIDigit(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_DIGIT:
+                                if (!isASCIIDigit(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_NOT_WHITESPACE:
+                                if (isSpaceChar(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_WHITESPACE:
+                                if (!isSpaceChar(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_NOT_WORDCHAR:
+                                if (isWordChar(c))
+                                    RRETURN;
+                                break;
+                                
+                            case OP_WORDCHAR:
+                                if (!isWordChar(c))
+                                    RRETURN;
+                                break;
+                                
+                            default:
+                                ASSERT_NOT_REACHED();
+                                return matchError(JSRegExpErrorInternal, stack);
+                        }
+                    }
+                    /* Control never reaches here */
+                }
+                
+                /* If maximizing it is worth using inline code for speed, doing the type
+                 test once at the start (i.e. keep it out of the loop). */
+                
+                else {
+                    stack.currentFrame->locals.subjectPtrAtStartOfInstruction = stack.currentFrame->args.subjectPtr;  /* Remember where we started */
+                    
+                    switch (stack.currentFrame->locals.ctype) {
+                        case OP_NOT_NEWLINE:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject || isNewline(*stack.currentFrame->args.subjectPtr))
+                                    break;
+                                stack.currentFrame->args.subjectPtr++;
+                            }
+                            break;
+                            
+                        case OP_NOT_DIGIT:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (isASCIIDigit(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_DIGIT:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (!isASCIIDigit(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_NOT_WHITESPACE:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (isSpaceChar(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_WHITESPACE:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (!isSpaceChar(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_NOT_WORDCHAR:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (isWordChar(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        case OP_WORDCHAR:
+                            for (int i = min; i < stack.currentFrame->locals.max; i++) {
+                                if (stack.currentFrame->args.subjectPtr >= md.endSubject)
+                                    break;
+                                int c = *stack.currentFrame->args.subjectPtr;
+                                if (!isWordChar(c))
+                                    break;
+                                ++stack.currentFrame->args.subjectPtr;
+                            }
+                            break;
+                            
+                        default:
+                            ASSERT_NOT_REACHED();
+                            return matchError(JSRegExpErrorInternal, stack);
+                    }
+                    
+                    /* stack.currentFrame->args.subjectPtr is now past the end of the maximum run */
+                    
+                    for (;;) {
+                        RECURSIVE_MATCH(52, stack.currentFrame->args.instructionPtr, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        if (stack.currentFrame->args.subjectPtr-- == stack.currentFrame->locals.subjectPtrAtStartOfInstruction)
+                            break;        /* Stop if tried at original pos */
+                    }
+                    
+                    /* Get here if we can't make it match with any permitted repetitions */
+                    
+                    RRETURN;
+                }
+                /* Control never reaches here */
+                
+            BEGIN_OPCODE(CRMINPLUS):
+            BEGIN_OPCODE(CRMINQUERY):
+            BEGIN_OPCODE(CRMINRANGE):
+            BEGIN_OPCODE(CRMINSTAR):
+            BEGIN_OPCODE(CRPLUS):
+            BEGIN_OPCODE(CRQUERY):
+            BEGIN_OPCODE(CRRANGE):
+            BEGIN_OPCODE(CRSTAR):
+                ASSERT_NOT_REACHED();
+                return matchError(JSRegExpErrorInternal, stack);
+                
+#ifdef USE_COMPUTED_GOTO_FOR_MATCH_OPCODE_LOOP
+            CAPTURING_BRACKET:
+#else
+            default:
+#endif
+                /* Opening capturing bracket. If there is space in the offset vector, save
+                 the current subject position in the working slot at the top of the vector. We
+                 mustn't change the current values of the data slot, because they may be set
+                 from a previous iteration of this group, and be referred to by a reference
+                 inside the group.
+                 
+                 If the bracket fails to match, we need to restore this value and also the
+                 values of the final offsets, in case they were set by a previous iteration of
+                 the same bracket.
+                 
+                 If there isn't enough space in the offset vector, treat this as if it were a
+                 non-capturing bracket. Don't worry about setting the flag for the error case
+                 here; that is handled in the code for KET. */
+                
+                ASSERT(*stack.currentFrame->args.instructionPtr > OP_BRA);
+                
+                stack.currentFrame->locals.number = *stack.currentFrame->args.instructionPtr - OP_BRA;
+                
+                /* For extended extraction brackets (large number), we have to fish out the
+                 number from a dummy opcode at the start. */
+                
+                if (stack.currentFrame->locals.number > EXTRACT_BASIC_MAX)
+                    stack.currentFrame->locals.number = get2ByteValue(stack.currentFrame->args.instructionPtr + 2 + LINK_SIZE);
+                stack.currentFrame->locals.offset = stack.currentFrame->locals.number << 1;
+                
+#ifdef DEBUG
+                printf("start bracket %d subject=", stack.currentFrame->locals.number);
+                pchars(stack.currentFrame->args.subjectPtr, 16, true, md);
+                printf("\n");
+#endif
+                
+                if (stack.currentFrame->locals.offset < md.offsetMax) {
+                    stack.currentFrame->locals.saveOffset1 = md.offsetVector[stack.currentFrame->locals.offset];
+                    stack.currentFrame->locals.saveOffset2 = md.offsetVector[stack.currentFrame->locals.offset + 1];
+                    stack.currentFrame->locals.saveOffset3 = md.offsetVector[md.offsetEnd - stack.currentFrame->locals.number];
+                    
+                    DPRINTF(("saving %d %d %d\n", stack.currentFrame->locals.saveOffset1, stack.currentFrame->locals.saveOffset2, stack.currentFrame->locals.saveOffset3));
+                    md.offsetVector[md.offsetEnd - stack.currentFrame->locals.number] = stack.currentFrame->args.subjectPtr - md.startSubject;
+                    
+                    do {
+                        RECURSIVE_MATCH_NEW_GROUP(1, stack.currentFrame->args.instructionPtr + 1 + LINK_SIZE, stack.currentFrame->args.bracketChain);
+                        if (isMatch)
+                            RRETURN;
+                        stack.currentFrame->args.instructionPtr += getLinkValue(stack.currentFrame->args.instructionPtr + 1);
+                    } while (*stack.currentFrame->args.instructionPtr == OP_ALT);
+                    
+                    DPRINTF(("bracket %d failed\n", stack.currentFrame->locals.number));
+                    
+                    md.offsetVector[stack.currentFrame->locals.offset] = stack.currentFrame->locals.saveOffset1;
+                    md.offsetVector[stack.currentFrame->locals.offset + 1] = stack.currentFrame->locals.saveOffset2;
+                    md.offsetVector[md.offsetEnd - stack.currentFrame->locals.number] = stack.currentFrame->locals.saveOffset3;
+                    
+                    RRETURN;
+                }
+                
+                /* Insufficient room for saving captured contents */
+                
+                goto NON_CAPTURING_BRACKET;
+        }
+        
+        /* Do not stick any code in here without much thought; it is assumed
+         that "continue" in the code above comes out to here to repeat the main
+         loop. */
+        
+    } /* End of main loop */
+    
+    ASSERT_NOT_REACHED();
+    
+#ifndef USE_COMPUTED_GOTO_FOR_MATCH_RECURSION
+    
+RRETURN_SWITCH:
+    switch (stack.currentFrame->returnLocation) {
+        case 0: goto RETURN;
+        case 1: goto RRETURN_1;
+        case 2: goto RRETURN_2;
+        case 6: goto RRETURN_6;
+        case 7: goto RRETURN_7;
+        case 14: goto RRETURN_14;
+        case 15: goto RRETURN_15;
+        case 16: goto RRETURN_16;
+        case 17: goto RRETURN_17;
+        case 18: goto RRETURN_18;
+        case 19: goto RRETURN_19;
+        case 20: goto RRETURN_20;
+        case 21: goto RRETURN_21;
+        case 22: goto RRETURN_22;
+        case 24: goto RRETURN_24;
+        case 26: goto RRETURN_26;
+        case 27: goto RRETURN_27;
+        case 28: goto RRETURN_28;
+        case 29: goto RRETURN_29;
+        case 30: goto RRETURN_30;
+        case 31: goto RRETURN_31;
+        case 38: goto RRETURN_38;
+        case 40: goto RRETURN_40;
+        case 42: goto RRETURN_42;
+        case 44: goto RRETURN_44;
+        case 48: goto RRETURN_48;
+        case 52: goto RRETURN_52;
+    }
+    
+    ASSERT_NOT_REACHED();
+    return matchError(JSRegExpErrorInternal, stack);
+    
+#endif
+    
+RETURN:
+    return isMatch;
+}
+
+
+/*************************************************
+*         Execute a Regular Expression           *
+*************************************************/
+
+/* This function applies a compiled re to a subject string and picks out
+portions of the string if it matches. Two elements in the vector are set for
+each substring: the offsets to the start and end of the substring.
+
+Arguments:
+  re              points to the compiled expression
+  extra_data      points to extra data or is NULL
+  subject         points to the subject string
+  length          length of subject string (may contain binary zeros)
+  start_offset    where to start in the subject string
+  options         option bits
+  offsets         points to a vector of ints to be filled in with offsets
+  offsetCount     the number of elements in the vector
+
+Returns:          > 0 => success; value is the number of elements filled in
+                  = 0 => success, but offsets is not big enough
+                   -1 => failed to match
+                 < -1 => some kind of unexpected problem
+*/
+
+static void tryFirstByteOptimization(const UChar*& subjectPtr, const UChar* endSubject, int firstByte, bool firstByteIsCaseless, bool useMultiLineFirstCharOptimization, const UChar* originalSubjectStart)
+{
+    // If firstByte is set, try scanning to the first instance of that byte
+    // no need to try and match against any earlier part of the subject string.
+    if (firstByte >= 0) {
+        UChar firstChar = firstByte;
+        if (firstByteIsCaseless)
+            while (subjectPtr < endSubject) {
+                int c = *subjectPtr;
+                if (c > 127)
+                    break;
+                if (toLowerCase(c) == firstChar)
+                    break;
+                subjectPtr++;
+            }
+        else {
+            while (subjectPtr < endSubject && *subjectPtr != firstChar)
+                subjectPtr++;
+        }
+    } else if (useMultiLineFirstCharOptimization) {
+        /* Or to just after \n for a multiline match if possible */
+        // I'm not sure why this != originalSubjectStart check is necessary -- ecs 11/18/07
+        if (subjectPtr > originalSubjectStart) {
+            while (subjectPtr < endSubject && !isNewline(subjectPtr[-1]))
+                subjectPtr++;
+        }
+    }
+}
+
+static bool tryRequiredByteOptimization(const UChar*& subjectPtr, const UChar* endSubject, int reqByte, int reqByte2, bool reqByteIsCaseless, bool hasFirstByte, const UChar*& reqBytePtr)
+{
+    /* If reqByte is set, we know that that character must appear in the subject
+     for the match to succeed. If the first character is set, reqByte must be
+     later in the subject; otherwise the test starts at the match point. This
+     optimization can save a huge amount of backtracking in patterns with nested
+     unlimited repeats that aren't going to match. Writing separate code for
+     cased/caseless versions makes it go faster, as does using an autoincrement
+     and backing off on a match.
+     
+     HOWEVER: when the subject string is very, very long, searching to its end can
+     take a long time, and give bad performance on quite ordinary patterns. This
+     showed up when somebody was matching /^C/ on a 32-megabyte string... so we
+     don't do this when the string is sufficiently long.
+    */
+
+    if (reqByte >= 0 && endSubject - subjectPtr < REQ_BYTE_MAX) {
+        const UChar* p = subjectPtr + (hasFirstByte ? 1 : 0);
+
+        /* We don't need to repeat the search if we haven't yet reached the
+         place we found it at last time. */
+
+        if (p > reqBytePtr) {
+            if (reqByteIsCaseless) {
+                while (p < endSubject) {
+                    int pp = *p++;
+                    if (pp == reqByte || pp == reqByte2) {
+                        p--;
+                        break;
+                    }
+                }
+            } else {
+                while (p < endSubject) {
+                    if (*p++ == reqByte) {
+                        p--;
+                        break;
+                    }
+                }
+            }
+
+            /* If we can't find the required character, break the matching loop */
+
+            if (p >= endSubject)
+                return true;
+
+            /* If we have found the required character, save the point where we
+             found it, so that we don't search again next time round the loop if
+             the start hasn't passed this character yet. */
+
+            reqBytePtr = p;
+        }
+    }
+    return false;
+}
+
+int jsRegExpExecute(const JSRegExp* re,
+                    const UChar* subject, int length, int start_offset, int* offsets,
+                    int offsetCount)
+{
+    ASSERT(re);
+    ASSERT(subject || !length);
+    ASSERT(offsetCount >= 0);
+    ASSERT(offsets || offsetCount == 0);
+
+    HistogramTimeLogger logger(re);
+
+    MatchData matchBlock;
+    matchBlock.startSubject = subject;
+    matchBlock.endSubject = matchBlock.startSubject + length;
+    const UChar* endSubject = matchBlock.endSubject;
+    
+    matchBlock.multiline = (re->options & MatchAcrossMultipleLinesOption);
+    matchBlock.ignoreCase = (re->options & IgnoreCaseOption);
+    
+    /* If the expression has got more back references than the offsets supplied can
+     hold, we get a temporary chunk of working store to use during the matching.
+     Otherwise, we can use the vector supplied, rounding down its size to a multiple
+     of 3. */
+    
+    int ocount = offsetCount - (offsetCount % 3);
+    
+    // FIXME: This is lame that we have to second-guess our caller here.
+    // The API should change to either fail-hard when we don't have enough offset space
+    // or that we shouldn't ask our callers to pre-allocate in the first place.
+    bool usingTemporaryOffsets = false;
+    if (re->topBackref > 0 && re->topBackref >= ocount/3) {
+        ocount = re->topBackref * 3 + 3;
+        matchBlock.offsetVector = new int[ocount];
+        if (!matchBlock.offsetVector)
+            return JSRegExpErrorNoMemory;
+        usingTemporaryOffsets = true;
+    } else
+        matchBlock.offsetVector = offsets;
+    
+    matchBlock.offsetEnd = ocount;
+    matchBlock.offsetMax = (2*ocount)/3;
+    matchBlock.offsetOverflow = false;
+    
+    /* Compute the minimum number of offsets that we need to reset each time. Doing
+     this makes a huge difference to execution time when there aren't many brackets
+     in the pattern. */
+    
+    int resetCount = 2 + re->topBracket * 2;
+    if (resetCount > offsetCount)
+        resetCount = ocount;
+    
+    /* Reset the working variable associated with each extraction. These should
+     never be used unless previously set, but they get saved and restored, and so we
+     initialize them to avoid reading uninitialized locations. */
+    
+    if (matchBlock.offsetVector) {
+        int* iptr = matchBlock.offsetVector + ocount;
+        int* iend = iptr - resetCount/2 + 1;
+        while (--iptr >= iend)
+            *iptr = -1;
+    }
+    
+    /* Set up the first character to match, if available. The firstByte value is
+     never set for an anchored regular expression, but the anchoring may be forced
+     at run time, so we have to test for anchoring. The first char may be unset for
+     an unanchored pattern, of course. If there's no first char and the pattern was
+     studied, there may be a bitmap of possible first characters. */
+    
+    bool firstByteIsCaseless = false;
+    int firstByte = -1;
+    if (re->options & UseFirstByteOptimizationOption) {
+        firstByte = re->firstByte & 255;
+        if ((firstByteIsCaseless = (re->firstByte & REQ_IGNORE_CASE)))
+            firstByte = toLowerCase(firstByte);
+    }
+    
+    /* For anchored or unanchored matches, there may be a "last known required
+     character" set. */
+    
+    bool reqByteIsCaseless = false;
+    int reqByte = -1;
+    int reqByte2 = -1;
+    if (re->options & UseRequiredByteOptimizationOption) {
+        reqByte = re->reqByte & 255; // FIXME: This optimization could be made to work for UTF16 chars as well...
+        reqByteIsCaseless = (re->reqByte & REQ_IGNORE_CASE);
+        reqByte2 = flipCase(reqByte);
+    }
+    
+    /* Loop for handling unanchored repeated matching attempts; for anchored regexs
+     the loop runs just once. */
+    
+    const UChar* startMatch = subject + start_offset;
+    const UChar* reqBytePtr = startMatch - 1;
+    bool useMultiLineFirstCharOptimization = re->options & UseMultiLineFirstByteOptimizationOption;
+    
+    do {
+        /* Reset the maximum number of extractions we might see. */
+        if (matchBlock.offsetVector) {
+            int* iptr = matchBlock.offsetVector;
+            int* iend = iptr + resetCount;
+            while (iptr < iend)
+                *iptr++ = -1;
+        }
+        
+        tryFirstByteOptimization(startMatch, endSubject, firstByte, firstByteIsCaseless, useMultiLineFirstCharOptimization, matchBlock.startSubject + start_offset);
+        if (tryRequiredByteOptimization(startMatch, endSubject, reqByte, reqByte2, reqByteIsCaseless, firstByte >= 0, reqBytePtr))
+            break;
+                
+        /* When a match occurs, substrings will be set for all internal extractions;
+         we just need to set up the whole thing as substring 0 before returning. If
+         there were too many extractions, set the return code to zero. In the case
+         where we had to get some local store to hold offsets for backreferences, copy
+         those back references that we can. In this case there need not be overflow
+         if certain parts of the pattern were not used. */
+        
+        /* The code starts after the JSRegExp block and the capture name table. */
+        const unsigned char* start_code = (const unsigned char*)(re + 1);
+        
+        int returnCode = match(startMatch, start_code, 2, matchBlock);
+        
+        /* When the result is no match, advance the pointer to the next character
+         and continue. */
+        if (returnCode == 0) {
+            startMatch++;
+            continue;
+        }
+
+        if (returnCode != 1) {
+            ASSERT(returnCode == JSRegExpErrorHitLimit || returnCode == JSRegExpErrorNoMemory);
+            DPRINTF((">>>> error: returning %d\n", returnCode));
+            return returnCode;
+        }
+        
+        /* We have a match! Copy the offset information from temporary store if
+         necessary */
+        
+        if (usingTemporaryOffsets) {
+            if (offsetCount >= 4) {
+                memcpy(offsets + 2, matchBlock.offsetVector + 2, (offsetCount - 2) * sizeof(int));
+                DPRINTF(("Copied offsets from temporary memory\n"));
+            }
+            if (matchBlock.endOffsetTop > offsetCount)
+                matchBlock.offsetOverflow = true;
+            
+            DPRINTF(("Freeing temporary memory\n"));
+            delete [] matchBlock.offsetVector;
+        }
+        
+        returnCode = matchBlock.offsetOverflow ? 0 : matchBlock.endOffsetTop / 2;
+        
+        if (offsetCount < 2)
+            returnCode = 0;
+        else {
+            offsets[0] = startMatch - matchBlock.startSubject;
+            offsets[1] = matchBlock.endMatchPtr - matchBlock.startSubject;
+        }
+        
+        DPRINTF((">>>> returning %d\n", returnCode));
+        return returnCode;
+    } while (!(re->options & IsAnchoredOption) && startMatch <= endSubject);
+    
+    if (usingTemporaryOffsets) {
+        DPRINTF(("Freeing temporary memory\n"));
+        delete [] matchBlock.offsetVector;
+    }
+    
+    DPRINTF((">>>> returning PCRE_ERROR_NOMATCH\n"));
+    return JSRegExpErrorNoMatch;
+}
+
+#if REGEXP_HISTOGRAM
+
+class CompareHistogramEntries {
+public:
+    bool operator()(const pair<UString, double>& a, const pair<UString, double>& b)
+    {
+        if (a.second == b.second)
+            return a.first < b.first;
+        return a.second < b.second;
+    }
+};
+
+Histogram::~Histogram()
+{
+    Vector<pair<UString, double> > values;
+    Map::iterator end = times.end();
+    for (Map::iterator it = times.begin(); it != end; ++it)
+        values.append(*it);
+    sort(values.begin(), values.end(), CompareHistogramEntries());
+    size_t size = values.size();
+    printf("Regular Expressions, sorted by time spent evaluating them:\n");
+    for (size_t i = 0; i < size; ++i)
+        printf("    %f - %s\n", values[size - i - 1].second, values[size - i - 1].first.UTF8String().c_str());
+}
+
+void Histogram::add(const JSRegExp* re, double elapsedTime)
+{
+    UString string(reinterpret_cast<const UChar*>(reinterpret_cast<const char*>(re) + re->stringOffset), re->stringLength);
+    if (re->options & IgnoreCaseOption && re->options & MatchAcrossMultipleLinesOption)
+        string += " (multi-line, ignore case)";
+    else {
+        if (re->options & IgnoreCaseOption)
+            string += " (ignore case)";
+        if (re->options & MatchAcrossMultipleLinesOption)
+            string += " (multi-line)";
+    }
+    pair<Map::iterator, bool> result = times.add(string.rep(), elapsedTime);
+    if (!result.second)
+        result.first->second += elapsedTime;
+}
+
+HistogramTimeLogger::HistogramTimeLogger(const JSRegExp* re)
+    : m_re(re)
+    , m_startTime(getCurrentUTCTimeWithMicroseconds())
+{
+}
+
+HistogramTimeLogger::~HistogramTimeLogger()
+{
+    static Histogram histogram;
+    histogram.add(m_re, getCurrentUTCTimeWithMicroseconds() - m_startTime);
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_internal.h b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_internal.h
new file mode 100644
index 000000000..0016bb56d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_internal.h
@@ -0,0 +1,455 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* This header contains definitions that are shared between the different
+modules, but which are not relevant to the exported API. This includes some
+functions whose names all begin with "_pcre_". */
+
+#ifndef PCRE_INTERNAL_H
+#define PCRE_INTERNAL_H
+
+/* Bit definitions for entries in the pcre_ctypes table. */
+
+#define ctype_space   0x01
+#define ctype_xdigit  0x08
+#define ctype_word    0x10   /* alphameric or '_' */
+
+/* Offsets for the bitmap tables in pcre_cbits. Each table contains a set
+of bits for a class map. Some classes are built by combining these tables. */
+
+#define cbit_space     0      /* \s */
+#define cbit_digit    32      /* \d */
+#define cbit_word     64      /* \w */
+#define cbit_length   96      /* Length of the cbits table */
+
+/* Offsets of the various tables from the base tables pointer, and
+total length. */
+
+#define lcc_offset      0
+#define fcc_offset    128
+#define cbits_offset  256
+#define ctypes_offset (cbits_offset + cbit_length)
+#define tables_length (ctypes_offset + 128)
+
+#ifndef DFTABLES
+
+// Change the following to 1 to dump used regular expressions at process exit time.
+#define REGEXP_HISTOGRAM 0
+
+#include "Assertions.h"
+
+#if COMPILER(MSVC)
+#pragma warning(disable: 4232)
+#pragma warning(disable: 4244)
+#endif
+
+#include "pcre.h"
+
+/* The value of LINK_SIZE determines the number of bytes used to store links as
+offsets within the compiled regex. The default is 2, which allows for compiled
+patterns up to 64K long. */
+
+#define LINK_SIZE   3
+
+/* Define DEBUG to get debugging output on stdout. */
+
+#if 0
+#define DEBUG
+#endif
+
+/* Use a macro for debugging printing, 'cause that eliminates the use of #ifdef
+inline, and there are *still* stupid compilers about that don't like indented
+pre-processor statements, or at least there were when I first wrote this. After
+all, it had only been about 10 years then... */
+
+#ifdef DEBUG
+#define DPRINTF(p) printf p
+#else
+#define DPRINTF(p) /*nothing*/
+#endif
+
+/* PCRE keeps offsets in its compiled code as 2-byte quantities (always stored
+in big-endian order) by default. These are used, for example, to link from the
+start of a subpattern to its alternatives and its end. The use of 2 bytes per
+offset limits the size of the compiled regex to around 64K, which is big enough
+for almost everybody. However, I received a request for an even bigger limit.
+For this reason, and also to make the code easier to maintain, the storing and
+loading of offsets from the byte string is now handled by the functions that are
+defined here. */
+
+/* PCRE uses some other 2-byte quantities that do not change when the size of
+offsets changes. There are used for repeat counts and for other things such as
+capturing parenthesis numbers in back references. */
+
+static inline void put2ByteValue(unsigned char* opcodePtr, int value)
+{
+    ASSERT(value >= 0 && value <= 0xFFFF);
+    opcodePtr[0] = value >> 8;
+    opcodePtr[1] = value;
+}
+
+static inline void put3ByteValue(unsigned char* opcodePtr, int value)
+{
+    ASSERT(value >= 0 && value <= 0xFFFFFF);
+    opcodePtr[0] = value >> 16;
+    opcodePtr[1] = value >> 8;
+    opcodePtr[2] = value;
+}
+
+static inline int get2ByteValue(const unsigned char* opcodePtr)
+{
+    return (opcodePtr[0] << 8) | opcodePtr[1];
+}
+
+static inline int get3ByteValue(const unsigned char* opcodePtr)
+{
+    return (opcodePtr[0] << 16) | (opcodePtr[1] << 8) | opcodePtr[2];
+}
+
+static inline void put2ByteValueAndAdvance(unsigned char*& opcodePtr, int value)
+{
+    put2ByteValue(opcodePtr, value);
+    opcodePtr += 2;
+}
+
+static inline void put3ByteValueAndAdvance(unsigned char*& opcodePtr, int value)
+{
+    put3ByteValue(opcodePtr, value);
+    opcodePtr += 3;
+}
+
+static inline void putLinkValueAllowZero(unsigned char* opcodePtr, int value)
+{
+#if LINK_SIZE == 3
+    put3ByteValue(opcodePtr, value);
+#elif LINK_SIZE == 2
+    put2ByteValue(opcodePtr, value);
+#else
+#   error LINK_SIZE not supported.
+#endif
+}
+
+static inline int getLinkValueAllowZero(const unsigned char* opcodePtr)
+{
+#if LINK_SIZE == 3
+    return get3ByteValue(opcodePtr);
+#elif LINK_SIZE == 2
+    return get2ByteValue(opcodePtr);
+#else
+#   error LINK_SIZE not supported.
+#endif
+}
+
+#define MAX_PATTERN_SIZE 1024 * 1024 // Derived by empirical testing of compile time in PCRE and WREC.
+COMPILE_ASSERT(MAX_PATTERN_SIZE < (1 << (8 * LINK_SIZE)), pcre_max_pattern_fits_in_bytecode);
+
+static inline void putLinkValue(unsigned char* opcodePtr, int value)
+{
+    ASSERT(value);
+    putLinkValueAllowZero(opcodePtr, value);
+}
+
+static inline int getLinkValue(const unsigned char* opcodePtr)
+{
+    int value = getLinkValueAllowZero(opcodePtr);
+    ASSERT(value);
+    return value;
+}
+
+static inline void putLinkValueAndAdvance(unsigned char*& opcodePtr, int value)
+{
+    putLinkValue(opcodePtr, value);
+    opcodePtr += LINK_SIZE;
+}
+
+static inline void putLinkValueAllowZeroAndAdvance(unsigned char*& opcodePtr, int value)
+{
+    putLinkValueAllowZero(opcodePtr, value);
+    opcodePtr += LINK_SIZE;
+}
+
+// FIXME: These are really more of a "compiled regexp state" than "regexp options"
+enum RegExpOptions {
+    UseFirstByteOptimizationOption = 0x40000000,  /* firstByte is set */
+    UseRequiredByteOptimizationOption = 0x20000000,  /* reqByte is set */
+    UseMultiLineFirstByteOptimizationOption = 0x10000000,  /* start after \n for multiline */
+    IsAnchoredOption = 0x02000000,  /* can't use partial with this regex */
+    IgnoreCaseOption = 0x00000001,
+    MatchAcrossMultipleLinesOption = 0x00000002
+};
+
+/* Flags added to firstByte or reqByte; a "non-literal" item is either a
+variable-length repeat, or a anything other than literal characters. */
+
+#define REQ_IGNORE_CASE 0x0100    /* indicates should ignore case */
+#define REQ_VARY     0x0200    /* reqByte followed non-literal item */
+
+/* Miscellaneous definitions */
+
+/* Flag bits and data types for the extended class (OP_XCLASS) for classes that
+contain UTF-8 characters with values greater than 255. */
+
+#define XCL_NOT    0x01    /* Flag: this is a negative class */
+#define XCL_MAP    0x02    /* Flag: a 32-byte map is present */
+
+#define XCL_END       0    /* Marks end of individual items */
+#define XCL_SINGLE    1    /* Single item (one multibyte char) follows */
+#define XCL_RANGE     2    /* A range (two multibyte chars) follows */
+
+/* These are escaped items that aren't just an encoding of a particular data
+value such as \n. They must have non-zero values, as check_escape() returns
+their negation. Also, they must appear in the same order as in the opcode
+definitions below, up to ESC_w. The final one must be
+ESC_REF as subsequent values are used for \1, \2, \3, etc. There is are two
+tests in the code for an escape > ESC_b and <= ESC_w to
+detect the types that may be repeated. These are the types that consume
+characters. If any new escapes are put in between that don't consume a
+character, that code will have to change. */
+
+enum { ESC_B = 1, ESC_b, ESC_D, ESC_d, ESC_S, ESC_s, ESC_W, ESC_w, ESC_REF };
+
+/* Opcode table: OP_BRA must be last, as all values >= it are used for brackets
+that extract substrings. Starting from 1 (i.e. after OP_END), the values up to
+OP_EOD must correspond in order to the list of escapes immediately above.
+Note that whenever this list is updated, the two macro definitions that follow
+must also be updated to match. */
+
+#define FOR_EACH_OPCODE(macro) \
+    macro(END) \
+    \
+    macro(NOT_WORD_BOUNDARY) \
+    macro(WORD_BOUNDARY) \
+    macro(NOT_DIGIT) \
+    macro(DIGIT) \
+    macro(NOT_WHITESPACE) \
+    macro(WHITESPACE) \
+    macro(NOT_WORDCHAR) \
+    macro(WORDCHAR) \
+    \
+    macro(NOT_NEWLINE) \
+    \
+    macro(CIRC) \
+    macro(DOLL) \
+    macro(BOL) \
+    macro(EOL) \
+    macro(CHAR) \
+    macro(CHAR_IGNORING_CASE) \
+    macro(ASCII_CHAR) \
+    macro(ASCII_LETTER_IGNORING_CASE) \
+    macro(NOT) \
+    \
+    macro(STAR) \
+    macro(MINSTAR) \
+    macro(PLUS) \
+    macro(MINPLUS) \
+    macro(QUERY) \
+    macro(MINQUERY) \
+    macro(UPTO) \
+    macro(MINUPTO) \
+    macro(EXACT) \
+    \
+    macro(NOTSTAR) \
+    macro(NOTMINSTAR) \
+    macro(NOTPLUS) \
+    macro(NOTMINPLUS) \
+    macro(NOTQUERY) \
+    macro(NOTMINQUERY) \
+    macro(NOTUPTO) \
+    macro(NOTMINUPTO) \
+    macro(NOTEXACT) \
+    \
+    macro(TYPESTAR) \
+    macro(TYPEMINSTAR) \
+    macro(TYPEPLUS) \
+    macro(TYPEMINPLUS) \
+    macro(TYPEQUERY) \
+    macro(TYPEMINQUERY) \
+    macro(TYPEUPTO) \
+    macro(TYPEMINUPTO) \
+    macro(TYPEEXACT) \
+    \
+    macro(CRSTAR) \
+    macro(CRMINSTAR) \
+    macro(CRPLUS) \
+    macro(CRMINPLUS) \
+    macro(CRQUERY) \
+    macro(CRMINQUERY) \
+    macro(CRRANGE) \
+    macro(CRMINRANGE) \
+    \
+    macro(CLASS) \
+    macro(NCLASS) \
+    macro(XCLASS) \
+    \
+    macro(REF) \
+    \
+    macro(ALT) \
+    macro(KET) \
+    macro(KETRMAX) \
+    macro(KETRMIN) \
+    \
+    macro(ASSERT) \
+    macro(ASSERT_NOT) \
+    \
+    macro(BRAZERO) \
+    macro(BRAMINZERO) \
+    macro(BRANUMBER) \
+    macro(BRA)
+
+#define OPCODE_ENUM_VALUE(opcode) OP_##opcode,
+enum { FOR_EACH_OPCODE(OPCODE_ENUM_VALUE) };
+
+/* WARNING WARNING WARNING: There is an implicit assumption in pcre.c and
+study.c that all opcodes are less than 128 in value. This makes handling UTF-8
+character sequences easier. */
+
+/* The highest extraction number before we have to start using additional
+bytes. (Originally PCRE didn't have support for extraction counts higher than
+this number.) The value is limited by the number of opcodes left after OP_BRA,
+i.e. 255 - OP_BRA. We actually set it a bit lower to leave room for additional
+opcodes. */
+
+/* FIXME: Note that OP_BRA + 100 is > 128, so the two comments above
+are in conflict! */
+
+#define EXTRACT_BASIC_MAX  100
+
+/* The code vector runs on as long as necessary after the end. */
+
+struct JSRegExp {
+    unsigned options;
+
+    unsigned short topBracket;
+    unsigned short topBackref;
+    
+    unsigned short firstByte;
+    unsigned short reqByte;
+
+#if REGEXP_HISTOGRAM
+    size_t stringOffset;
+    size_t stringLength;
+#endif
+};
+
+/* Internal shared data tables. These are tables that are used by more than one
+ of the exported public functions. They have to be "external" in the C sense,
+ but are not part of the PCRE public API. The data for these tables is in the
+ pcre_tables.c module. */
+
+#define jsc_pcre_utf8_table1_size 6
+
+extern const int    jsc_pcre_utf8_table1[6];
+extern const int    jsc_pcre_utf8_table2[6];
+extern const int    jsc_pcre_utf8_table3[6];
+extern const unsigned char jsc_pcre_utf8_table4[0x40];
+
+extern const unsigned char jsc_pcre_default_tables[tables_length];
+
+static inline unsigned char toLowerCase(unsigned char c)
+{
+    static const unsigned char* lowerCaseChars = jsc_pcre_default_tables + lcc_offset;
+    return lowerCaseChars[c];
+}
+
+static inline unsigned char flipCase(unsigned char c)
+{
+    static const unsigned char* flippedCaseChars = jsc_pcre_default_tables + fcc_offset;
+    return flippedCaseChars[c];
+}
+
+static inline unsigned char classBitmapForChar(unsigned char c)
+{
+    static const unsigned char* charClassBitmaps = jsc_pcre_default_tables + cbits_offset;
+    return charClassBitmaps[c];
+}
+
+static inline unsigned char charTypeForChar(unsigned char c)
+{
+    const unsigned char* charTypeMap = jsc_pcre_default_tables + ctypes_offset;
+    return charTypeMap[c];
+}
+
+static inline bool isWordChar(UChar c)
+{
+    return c < 128 && (charTypeForChar(c) & ctype_word);
+}
+
+static inline bool isSpaceChar(UChar c)
+{
+    return (c < 128 && (charTypeForChar(c) & ctype_space)) || c == 0x00A0;
+}
+
+static inline bool isNewline(UChar nl)
+{
+    return (nl == 0xA || nl == 0xD || nl == 0x2028 || nl == 0x2029);
+}
+
+static inline bool isBracketStartOpcode(unsigned char opcode)
+{
+    if (opcode >= OP_BRA)
+        return true;
+    switch (opcode) {
+        case OP_ASSERT:
+        case OP_ASSERT_NOT:
+            return true;
+        default:
+            return false;
+    }
+}
+
+static inline void advanceToEndOfBracket(const unsigned char*& opcodePtr)
+{
+    ASSERT(isBracketStartOpcode(*opcodePtr) || *opcodePtr == OP_ALT);
+    do
+        opcodePtr += getLinkValue(opcodePtr + 1);
+    while (*opcodePtr == OP_ALT);
+}
+
+/* Internal shared functions. These are functions that are used in more
+that one of the source files. They have to have external linkage, but
+but are not part of the public API and so not exported from the library. */
+
+extern int jsc_pcre_ucp_othercase(unsigned);
+extern bool jsc_pcre_xclass(int, const unsigned char*);
+
+#endif
+
+#endif
+
+/* End of pcre_internal.h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_tables.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_tables.cpp
new file mode 100644
index 000000000..86968796f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_tables.cpp
@@ -0,0 +1,72 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* This module contains some fixed tables that are used by more than one of the
+PCRE code modules. */
+
+#include "config.h"
+#include "pcre_internal.h"
+
+/*************************************************
+*           Tables for UTF-8 support             *
+*************************************************/
+
+/* These are the breakpoints for different numbers of bytes in a UTF-8
+character. */
+
+const int jsc_pcre_utf8_table1[6] =
+  { 0x7f, 0x7ff, 0xffff, 0x1fffff, 0x3ffffff, 0x7fffffff};
+
+/* These are the indicator bits and the mask for the data bits to set in the
+first byte of a character, indexed by the number of additional bytes. */
+
+const int jsc_pcre_utf8_table2[6] = { 0,    0xc0, 0xe0, 0xf0, 0xf8, 0xfc};
+const int jsc_pcre_utf8_table3[6] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
+
+/* Table of the number of extra characters, indexed by the first character
+masked with 0x3f. The highest number for a valid UTF-8 character is in fact
+0x3d. */
+
+const unsigned char jsc_pcre_utf8_table4[0x40] = {
+  1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+  1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
+  2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
+  3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
+
+#include "chartables.c"
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_ucp_searchfuncs.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_ucp_searchfuncs.cpp
new file mode 100644
index 000000000..5592865f8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_ucp_searchfuncs.cpp
@@ -0,0 +1,99 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+
+/* This module contains code for searching the table of Unicode character
+properties. */
+
+#include "config.h"
+#include "pcre_internal.h"
+
+#include "ucpinternal.h"       /* Internal table details */
+#include "ucptable.cpp"        /* The table itself */
+
+/*************************************************
+*       Search table and return other case       *
+*************************************************/
+
+/* If the given character is a letter, and there is another case for the
+letter, return the other case. Otherwise, return -1.
+
+Arguments:
+  c           the character value
+
+Returns:      the other case or -1 if none
+*/
+
+int jsc_pcre_ucp_othercase(unsigned c)
+{
+    int bot = 0;
+    int top = sizeof(ucp_table) / sizeof(cnode);
+    int mid;
+    
+    /* The table is searched using a binary chop. You might think that using
+     intermediate variables to hold some of the common expressions would speed
+     things up, but tests with gcc 3.4.4 on Linux showed that, on the contrary, it
+     makes things a lot slower. */
+    
+    for (;;) {
+        if (top <= bot)
+            return -1;
+        mid = (bot + top) >> 1;
+        if (c == (ucp_table[mid].f0 & f0_charmask))
+            break;
+        if (c < (ucp_table[mid].f0 & f0_charmask))
+            top = mid;
+        else {
+            if ((ucp_table[mid].f0 & f0_rangeflag) && (c <= (ucp_table[mid].f0 & f0_charmask) + (ucp_table[mid].f1 & f1_rangemask)))
+                break;
+            bot = mid + 1;
+        }
+    }
+    
+    /* Found an entry in the table. Return -1 for a range entry. Otherwise return
+     the other case if there is one, else -1. */
+    
+    if (ucp_table[mid].f0 & f0_rangeflag)
+        return -1;
+    
+    int offset = ucp_table[mid].f1 & f1_casemask;
+    if (offset & f1_caseneg)
+        offset |= f1_caseneg;
+    return !offset ? -1 : c + offset;
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_xclass.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_xclass.cpp
new file mode 100644
index 000000000..a32edd4d5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/pcre_xclass.cpp
@@ -0,0 +1,115 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/* This module contains an internal function that is used to match an extended
+class (one that contains characters whose values are > 255). */
+
+#include "config.h"
+#include "pcre_internal.h"
+
+/*************************************************
+*       Match character against an XCLASS        *
+*************************************************/
+
+/* This function is called to match a character against an extended class that
+might contain values > 255.
+
+Arguments:
+  c           the character
+  data        points to the flag byte of the XCLASS data
+
+Returns:      true if character matches, else false
+*/
+
+/* Get the next UTF-8 character, advancing the pointer. This is called when we
+ know we are in UTF-8 mode. */
+
+static inline void getUTF8CharAndAdvancePointer(int& c, const unsigned char*& subjectPtr)
+{
+    c = *subjectPtr++;
+    if ((c & 0xc0) == 0xc0) {
+        int gcaa = jsc_pcre_utf8_table4[c & 0x3f];  /* Number of additional bytes */
+        int gcss = 6 * gcaa;
+        c = (c & jsc_pcre_utf8_table3[gcaa]) << gcss;
+        while (gcaa-- > 0) {
+            gcss -= 6;
+            c |= (*subjectPtr++ & 0x3f) << gcss;
+        }
+    }
+}
+
+bool jsc_pcre_xclass(int c, const unsigned char* data)
+{
+    bool negated = (*data & XCL_NOT);
+    
+    /* Character values < 256 are matched against a bitmap, if one is present. If
+     not, we still carry on, because there may be ranges that start below 256 in the
+     additional data. */
+    
+    if (c < 256) {
+        if ((*data & XCL_MAP) != 0 && (data[1 + c/8] & (1 << (c&7))) != 0)
+            return !negated;   /* char found */
+    }
+    
+    /* First skip the bit map if present. Then match against the list of Unicode
+     properties or large chars or ranges that end with a large char. We won't ever
+     encounter XCL_PROP or XCL_NOTPROP when UCP support is not compiled. */
+    
+    if ((*data++ & XCL_MAP) != 0)
+        data += 32;
+    
+    int t;
+    while ((t = *data++) != XCL_END) {
+        if (t == XCL_SINGLE) {
+            int x;
+            getUTF8CharAndAdvancePointer(x, data);
+            if (c == x)
+                return !negated;
+        }
+        else if (t == XCL_RANGE) {
+            int x, y;
+            getUTF8CharAndAdvancePointer(x, data);
+            getUTF8CharAndAdvancePointer(y, data);
+            if (c >= x && c <= y)
+                return !negated;
+        }
+    }
+    
+    return negated;   /* char did not match */
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucpinternal.h b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucpinternal.h
new file mode 100644
index 000000000..c8bc4aab6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucpinternal.h
@@ -0,0 +1,126 @@
+/* This is JavaScriptCore's variant of the PCRE library. While this library
+started out as a copy of PCRE, many of the features of PCRE have been
+removed. This library now supports only the regular expression features
+required by the JavaScript language specification, and has only the functions
+needed by JavaScriptCore and the rest of WebKit.
+
+                 Originally written by Philip Hazel
+           Copyright (c) 1997-2006 University of Cambridge
+    Copyright (C) 2002, 2004, 2006, 2007 Apple Inc. All rights reserved.
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the name of the University of Cambridge nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+/*************************************************
+*           Unicode Property Table handler       *
+*************************************************/
+
+/* Internal header file defining the layout of the bits in each pair of 32-bit
+words that form a data item in the table. */
+
+typedef struct cnode {
+  unsigned f0;
+  unsigned f1;
+} cnode;
+
+/* Things for the f0 field */
+
+#define f0_scriptmask   0xff000000  /* Mask for script field */
+#define f0_scriptshift          24  /* Shift for script value */
+#define f0_rangeflag    0x00f00000  /* Flag for a range item */
+#define f0_charmask     0x001fffff  /* Mask for code point value */
+
+/* Things for the f1 field */
+
+#define f1_typemask     0xfc000000  /* Mask for char type field */
+#define f1_typeshift            26  /* Shift for the type field */
+#define f1_rangemask    0x0000ffff  /* Mask for a range offset */
+#define f1_casemask     0x0000ffff  /* Mask for a case offset */
+#define f1_caseneg      0xffff8000  /* Bits for negation */
+
+/* The data consists of a vector of structures of type cnode. The two unsigned
+32-bit integers are used as follows:
+
+(f0) (1) The most significant byte holds the script number. The numbers are
+         defined by the enum in ucp.h.
+
+     (2) The 0x00800000 bit is set if this entry defines a range of characters.
+         It is not set if this entry defines a single character
+
+     (3) The 0x00600000 bits are spare.
+
+     (4) The 0x001fffff bits contain the code point. No Unicode code point will
+         ever be greater than 0x0010ffff, so this should be OK for ever.
+
+(f1) (1) The 0xfc000000 bits contain the character type number. The numbers are
+         defined by an enum in ucp.h.
+
+     (2) The 0x03ff0000 bits are spare.
+
+     (3) The 0x0000ffff bits contain EITHER the unsigned offset to the top of
+         range if this entry defines a range, OR the *signed* offset to the
+         character's "other case" partner if this entry defines a single
+         character. There is no partner if the value is zero.
+
+-------------------------------------------------------------------------------
+| script (8) |.|.|.| codepoint (21) || type (6) |.|.| spare (8) | offset (16) |
+-------------------------------------------------------------------------------
+              | | |                              | |
+              | | |-> spare                      | |-> spare
+              | |                                |
+              | |-> spare                        |-> spare
+              |
+              |-> range flag
+
+The upper/lower casing information is set only for characters that come in
+pairs. The non-one-to-one mappings in the Unicode data are ignored.
+
+When searching the data, proceed as follows:
+
+(1) Set up for a binary chop search.
+
+(2) If the top is not greater than the bottom, the character is not in the
+    table. Its type must therefore be "Cn" ("Undefined").
+
+(3) Find the middle vector element.
+
+(4) Extract the code point and compare. If equal, we are done.
+
+(5) If the test character is smaller, set the top to the current point, and
+    goto (2).
+
+(6) If the current entry defines a range, compute the last character by adding
+    the offset, and see if the test character is within the range. If it is,
+    we are done.
+
+(7) Otherwise, set the bottom to one element past the current point and goto
+    (2).
+*/
+
+/* End of ucpinternal.h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucptable.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucptable.cpp
new file mode 100644
index 000000000..011f7f572
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/pcre/ucptable.cpp
@@ -0,0 +1,2968 @@
+/* This source module is automatically generated from the Unicode
+property table. See ucpinternal.h for a description of the layout. */
+
+static const cnode ucp_table[] = {
+  { 0x09800000, 0x0000001f },
+  { 0x09000020, 0x74000000 },
+  { 0x09800021, 0x54000002 },
+  { 0x09000024, 0x5c000000 },
+  { 0x09800025, 0x54000002 },
+  { 0x09000028, 0x58000000 },
+  { 0x09000029, 0x48000000 },
+  { 0x0900002a, 0x54000000 },
+  { 0x0900002b, 0x64000000 },
+  { 0x0900002c, 0x54000000 },
+  { 0x0900002d, 0x44000000 },
+  { 0x0980002e, 0x54000001 },
+  { 0x09800030, 0x34000009 },
+  { 0x0980003a, 0x54000001 },
+  { 0x0980003c, 0x64000002 },
+  { 0x0980003f, 0x54000001 },
+  { 0x21000041, 0x24000020 },
+  { 0x21000042, 0x24000020 },
+  { 0x21000043, 0x24000020 },
+  { 0x21000044, 0x24000020 },
+  { 0x21000045, 0x24000020 },
+  { 0x21000046, 0x24000020 },
+  { 0x21000047, 0x24000020 },
+  { 0x21000048, 0x24000020 },
+  { 0x21000049, 0x24000020 },
+  { 0x2100004a, 0x24000020 },
+  { 0x2100004b, 0x24000020 },
+  { 0x2100004c, 0x24000020 },
+  { 0x2100004d, 0x24000020 },
+  { 0x2100004e, 0x24000020 },
+  { 0x2100004f, 0x24000020 },
+  { 0x21000050, 0x24000020 },
+  { 0x21000051, 0x24000020 },
+  { 0x21000052, 0x24000020 },
+  { 0x21000053, 0x24000020 },
+  { 0x21000054, 0x24000020 },
+  { 0x21000055, 0x24000020 },
+  { 0x21000056, 0x24000020 },
+  { 0x21000057, 0x24000020 },
+  { 0x21000058, 0x24000020 },
+  { 0x21000059, 0x24000020 },
+  { 0x2100005a, 0x24000020 },
+  { 0x0900005b, 0x58000000 },
+  { 0x0900005c, 0x54000000 },
+  { 0x0900005d, 0x48000000 },
+  { 0x0900005e, 0x60000000 },
+  { 0x0900005f, 0x40000000 },
+  { 0x09000060, 0x60000000 },
+  { 0x21000061, 0x1400ffe0 },
+  { 0x21000062, 0x1400ffe0 },
+  { 0x21000063, 0x1400ffe0 },
+  { 0x21000064, 0x1400ffe0 },
+  { 0x21000065, 0x1400ffe0 },
+  { 0x21000066, 0x1400ffe0 },
+  { 0x21000067, 0x1400ffe0 },
+  { 0x21000068, 0x1400ffe0 },
+  { 0x21000069, 0x1400ffe0 },
+  { 0x2100006a, 0x1400ffe0 },
+  { 0x2100006b, 0x1400ffe0 },
+  { 0x2100006c, 0x1400ffe0 },
+  { 0x2100006d, 0x1400ffe0 },
+  { 0x2100006e, 0x1400ffe0 },
+  { 0x2100006f, 0x1400ffe0 },
+  { 0x21000070, 0x1400ffe0 },
+  { 0x21000071, 0x1400ffe0 },
+  { 0x21000072, 0x1400ffe0 },
+  { 0x21000073, 0x1400ffe0 },
+  { 0x21000074, 0x1400ffe0 },
+  { 0x21000075, 0x1400ffe0 },
+  { 0x21000076, 0x1400ffe0 },
+  { 0x21000077, 0x1400ffe0 },
+  { 0x21000078, 0x1400ffe0 },
+  { 0x21000079, 0x1400ffe0 },
+  { 0x2100007a, 0x1400ffe0 },
+  { 0x0900007b, 0x58000000 },
+  { 0x0900007c, 0x64000000 },
+  { 0x0900007d, 0x48000000 },
+  { 0x0900007e, 0x64000000 },
+  { 0x0980007f, 0x00000020 },
+  { 0x090000a0, 0x74000000 },
+  { 0x090000a1, 0x54000000 },
+  { 0x098000a2, 0x5c000003 },
+  { 0x098000a6, 0x68000001 },
+  { 0x090000a8, 0x60000000 },
+  { 0x090000a9, 0x68000000 },
+  { 0x210000aa, 0x14000000 },
+  { 0x090000ab, 0x50000000 },
+  { 0x090000ac, 0x64000000 },
+  { 0x090000ad, 0x04000000 },
+  { 0x090000ae, 0x68000000 },
+  { 0x090000af, 0x60000000 },
+  { 0x090000b0, 0x68000000 },
+  { 0x090000b1, 0x64000000 },
+  { 0x098000b2, 0x3c000001 },
+  { 0x090000b4, 0x60000000 },
+  { 0x090000b5, 0x140002e7 },
+  { 0x090000b6, 0x68000000 },
+  { 0x090000b7, 0x54000000 },
+  { 0x090000b8, 0x60000000 },
+  { 0x090000b9, 0x3c000000 },
+  { 0x210000ba, 0x14000000 },
+  { 0x090000bb, 0x4c000000 },
+  { 0x098000bc, 0x3c000002 },
+  { 0x090000bf, 0x54000000 },
+  { 0x210000c0, 0x24000020 },
+  { 0x210000c1, 0x24000020 },
+  { 0x210000c2, 0x24000020 },
+  { 0x210000c3, 0x24000020 },
+  { 0x210000c4, 0x24000020 },
+  { 0x210000c5, 0x24000020 },
+  { 0x210000c6, 0x24000020 },
+  { 0x210000c7, 0x24000020 },
+  { 0x210000c8, 0x24000020 },
+  { 0x210000c9, 0x24000020 },
+  { 0x210000ca, 0x24000020 },
+  { 0x210000cb, 0x24000020 },
+  { 0x210000cc, 0x24000020 },
+  { 0x210000cd, 0x24000020 },
+  { 0x210000ce, 0x24000020 },
+  { 0x210000cf, 0x24000020 },
+  { 0x210000d0, 0x24000020 },
+  { 0x210000d1, 0x24000020 },
+  { 0x210000d2, 0x24000020 },
+  { 0x210000d3, 0x24000020 },
+  { 0x210000d4, 0x24000020 },
+  { 0x210000d5, 0x24000020 },
+  { 0x210000d6, 0x24000020 },
+  { 0x090000d7, 0x64000000 },
+  { 0x210000d8, 0x24000020 },
+  { 0x210000d9, 0x24000020 },
+  { 0x210000da, 0x24000020 },
+  { 0x210000db, 0x24000020 },
+  { 0x210000dc, 0x24000020 },
+  { 0x210000dd, 0x24000020 },
+  { 0x210000de, 0x24000020 },
+  { 0x210000df, 0x14000000 },
+  { 0x210000e0, 0x1400ffe0 },
+  { 0x210000e1, 0x1400ffe0 },
+  { 0x210000e2, 0x1400ffe0 },
+  { 0x210000e3, 0x1400ffe0 },
+  { 0x210000e4, 0x1400ffe0 },
+  { 0x210000e5, 0x1400ffe0 },
+  { 0x210000e6, 0x1400ffe0 },
+  { 0x210000e7, 0x1400ffe0 },
+  { 0x210000e8, 0x1400ffe0 },
+  { 0x210000e9, 0x1400ffe0 },
+  { 0x210000ea, 0x1400ffe0 },
+  { 0x210000eb, 0x1400ffe0 },
+  { 0x210000ec, 0x1400ffe0 },
+  { 0x210000ed, 0x1400ffe0 },
+  { 0x210000ee, 0x1400ffe0 },
+  { 0x210000ef, 0x1400ffe0 },
+  { 0x210000f0, 0x1400ffe0 },
+  { 0x210000f1, 0x1400ffe0 },
+  { 0x210000f2, 0x1400ffe0 },
+  { 0x210000f3, 0x1400ffe0 },
+  { 0x210000f4, 0x1400ffe0 },
+  { 0x210000f5, 0x1400ffe0 },
+  { 0x210000f6, 0x1400ffe0 },
+  { 0x090000f7, 0x64000000 },
+  { 0x210000f8, 0x1400ffe0 },
+  { 0x210000f9, 0x1400ffe0 },
+  { 0x210000fa, 0x1400ffe0 },
+  { 0x210000fb, 0x1400ffe0 },
+  { 0x210000fc, 0x1400ffe0 },
+  { 0x210000fd, 0x1400ffe0 },
+  { 0x210000fe, 0x1400ffe0 },
+  { 0x210000ff, 0x14000079 },
+  { 0x21000100, 0x24000001 },
+  { 0x21000101, 0x1400ffff },
+  { 0x21000102, 0x24000001 },
+  { 0x21000103, 0x1400ffff },
+  { 0x21000104, 0x24000001 },
+  { 0x21000105, 0x1400ffff },
+  { 0x21000106, 0x24000001 },
+  { 0x21000107, 0x1400ffff },
+  { 0x21000108, 0x24000001 },
+  { 0x21000109, 0x1400ffff },
+  { 0x2100010a, 0x24000001 },
+  { 0x2100010b, 0x1400ffff },
+  { 0x2100010c, 0x24000001 },
+  { 0x2100010d, 0x1400ffff },
+  { 0x2100010e, 0x24000001 },
+  { 0x2100010f, 0x1400ffff },
+  { 0x21000110, 0x24000001 },
+  { 0x21000111, 0x1400ffff },
+  { 0x21000112, 0x24000001 },
+  { 0x21000113, 0x1400ffff },
+  { 0x21000114, 0x24000001 },
+  { 0x21000115, 0x1400ffff },
+  { 0x21000116, 0x24000001 },
+  { 0x21000117, 0x1400ffff },
+  { 0x21000118, 0x24000001 },
+  { 0x21000119, 0x1400ffff },
+  { 0x2100011a, 0x24000001 },
+  { 0x2100011b, 0x1400ffff },
+  { 0x2100011c, 0x24000001 },
+  { 0x2100011d, 0x1400ffff },
+  { 0x2100011e, 0x24000001 },
+  { 0x2100011f, 0x1400ffff },
+  { 0x21000120, 0x24000001 },
+  { 0x21000121, 0x1400ffff },
+  { 0x21000122, 0x24000001 },
+  { 0x21000123, 0x1400ffff },
+  { 0x21000124, 0x24000001 },
+  { 0x21000125, 0x1400ffff },
+  { 0x21000126, 0x24000001 },
+  { 0x21000127, 0x1400ffff },
+  { 0x21000128, 0x24000001 },
+  { 0x21000129, 0x1400ffff },
+  { 0x2100012a, 0x24000001 },
+  { 0x2100012b, 0x1400ffff },
+  { 0x2100012c, 0x24000001 },
+  { 0x2100012d, 0x1400ffff },
+  { 0x2100012e, 0x24000001 },
+  { 0x2100012f, 0x1400ffff },
+  { 0x21000130, 0x2400ff39 },
+  { 0x21000131, 0x1400ff18 },
+  { 0x21000132, 0x24000001 },
+  { 0x21000133, 0x1400ffff },
+  { 0x21000134, 0x24000001 },
+  { 0x21000135, 0x1400ffff },
+  { 0x21000136, 0x24000001 },
+  { 0x21000137, 0x1400ffff },
+  { 0x21000138, 0x14000000 },
+  { 0x21000139, 0x24000001 },
+  { 0x2100013a, 0x1400ffff },
+  { 0x2100013b, 0x24000001 },
+  { 0x2100013c, 0x1400ffff },
+  { 0x2100013d, 0x24000001 },
+  { 0x2100013e, 0x1400ffff },
+  { 0x2100013f, 0x24000001 },
+  { 0x21000140, 0x1400ffff },
+  { 0x21000141, 0x24000001 },
+  { 0x21000142, 0x1400ffff },
+  { 0x21000143, 0x24000001 },
+  { 0x21000144, 0x1400ffff },
+  { 0x21000145, 0x24000001 },
+  { 0x21000146, 0x1400ffff },
+  { 0x21000147, 0x24000001 },
+  { 0x21000148, 0x1400ffff },
+  { 0x21000149, 0x14000000 },
+  { 0x2100014a, 0x24000001 },
+  { 0x2100014b, 0x1400ffff },
+  { 0x2100014c, 0x24000001 },
+  { 0x2100014d, 0x1400ffff },
+  { 0x2100014e, 0x24000001 },
+  { 0x2100014f, 0x1400ffff },
+  { 0x21000150, 0x24000001 },
+  { 0x21000151, 0x1400ffff },
+  { 0x21000152, 0x24000001 },
+  { 0x21000153, 0x1400ffff },
+  { 0x21000154, 0x24000001 },
+  { 0x21000155, 0x1400ffff },
+  { 0x21000156, 0x24000001 },
+  { 0x21000157, 0x1400ffff },
+  { 0x21000158, 0x24000001 },
+  { 0x21000159, 0x1400ffff },
+  { 0x2100015a, 0x24000001 },
+  { 0x2100015b, 0x1400ffff },
+  { 0x2100015c, 0x24000001 },
+  { 0x2100015d, 0x1400ffff },
+  { 0x2100015e, 0x24000001 },
+  { 0x2100015f, 0x1400ffff },
+  { 0x21000160, 0x24000001 },
+  { 0x21000161, 0x1400ffff },
+  { 0x21000162, 0x24000001 },
+  { 0x21000163, 0x1400ffff },
+  { 0x21000164, 0x24000001 },
+  { 0x21000165, 0x1400ffff },
+  { 0x21000166, 0x24000001 },
+  { 0x21000167, 0x1400ffff },
+  { 0x21000168, 0x24000001 },
+  { 0x21000169, 0x1400ffff },
+  { 0x2100016a, 0x24000001 },
+  { 0x2100016b, 0x1400ffff },
+  { 0x2100016c, 0x24000001 },
+  { 0x2100016d, 0x1400ffff },
+  { 0x2100016e, 0x24000001 },
+  { 0x2100016f, 0x1400ffff },
+  { 0x21000170, 0x24000001 },
+  { 0x21000171, 0x1400ffff },
+  { 0x21000172, 0x24000001 },
+  { 0x21000173, 0x1400ffff },
+  { 0x21000174, 0x24000001 },
+  { 0x21000175, 0x1400ffff },
+  { 0x21000176, 0x24000001 },
+  { 0x21000177, 0x1400ffff },
+  { 0x21000178, 0x2400ff87 },
+  { 0x21000179, 0x24000001 },
+  { 0x2100017a, 0x1400ffff },
+  { 0x2100017b, 0x24000001 },
+  { 0x2100017c, 0x1400ffff },
+  { 0x2100017d, 0x24000001 },
+  { 0x2100017e, 0x1400ffff },
+  { 0x2100017f, 0x1400fed4 },
+  { 0x21000180, 0x14000000 },
+  { 0x21000181, 0x240000d2 },
+  { 0x21000182, 0x24000001 },
+  { 0x21000183, 0x1400ffff },
+  { 0x21000184, 0x24000001 },
+  { 0x21000185, 0x1400ffff },
+  { 0x21000186, 0x240000ce },
+  { 0x21000187, 0x24000001 },
+  { 0x21000188, 0x1400ffff },
+  { 0x21000189, 0x240000cd },
+  { 0x2100018a, 0x240000cd },
+  { 0x2100018b, 0x24000001 },
+  { 0x2100018c, 0x1400ffff },
+  { 0x2100018d, 0x14000000 },
+  { 0x2100018e, 0x2400004f },
+  { 0x2100018f, 0x240000ca },
+  { 0x21000190, 0x240000cb },
+  { 0x21000191, 0x24000001 },
+  { 0x21000192, 0x1400ffff },
+  { 0x21000193, 0x240000cd },
+  { 0x21000194, 0x240000cf },
+  { 0x21000195, 0x14000061 },
+  { 0x21000196, 0x240000d3 },
+  { 0x21000197, 0x240000d1 },
+  { 0x21000198, 0x24000001 },
+  { 0x21000199, 0x1400ffff },
+  { 0x2100019a, 0x140000a3 },
+  { 0x2100019b, 0x14000000 },
+  { 0x2100019c, 0x240000d3 },
+  { 0x2100019d, 0x240000d5 },
+  { 0x2100019e, 0x14000082 },
+  { 0x2100019f, 0x240000d6 },
+  { 0x210001a0, 0x24000001 },
+  { 0x210001a1, 0x1400ffff },
+  { 0x210001a2, 0x24000001 },
+  { 0x210001a3, 0x1400ffff },
+  { 0x210001a4, 0x24000001 },
+  { 0x210001a5, 0x1400ffff },
+  { 0x210001a6, 0x240000da },
+  { 0x210001a7, 0x24000001 },
+  { 0x210001a8, 0x1400ffff },
+  { 0x210001a9, 0x240000da },
+  { 0x218001aa, 0x14000001 },
+  { 0x210001ac, 0x24000001 },
+  { 0x210001ad, 0x1400ffff },
+  { 0x210001ae, 0x240000da },
+  { 0x210001af, 0x24000001 },
+  { 0x210001b0, 0x1400ffff },
+  { 0x210001b1, 0x240000d9 },
+  { 0x210001b2, 0x240000d9 },
+  { 0x210001b3, 0x24000001 },
+  { 0x210001b4, 0x1400ffff },
+  { 0x210001b5, 0x24000001 },
+  { 0x210001b6, 0x1400ffff },
+  { 0x210001b7, 0x240000db },
+  { 0x210001b8, 0x24000001 },
+  { 0x210001b9, 0x1400ffff },
+  { 0x210001ba, 0x14000000 },
+  { 0x210001bb, 0x1c000000 },
+  { 0x210001bc, 0x24000001 },
+  { 0x210001bd, 0x1400ffff },
+  { 0x210001be, 0x14000000 },
+  { 0x210001bf, 0x14000038 },
+  { 0x218001c0, 0x1c000003 },
+  { 0x210001c4, 0x24000002 },
+  { 0x210001c5, 0x2000ffff },
+  { 0x210001c6, 0x1400fffe },
+  { 0x210001c7, 0x24000002 },
+  { 0x210001c8, 0x2000ffff },
+  { 0x210001c9, 0x1400fffe },
+  { 0x210001ca, 0x24000002 },
+  { 0x210001cb, 0x2000ffff },
+  { 0x210001cc, 0x1400fffe },
+  { 0x210001cd, 0x24000001 },
+  { 0x210001ce, 0x1400ffff },
+  { 0x210001cf, 0x24000001 },
+  { 0x210001d0, 0x1400ffff },
+  { 0x210001d1, 0x24000001 },
+  { 0x210001d2, 0x1400ffff },
+  { 0x210001d3, 0x24000001 },
+  { 0x210001d4, 0x1400ffff },
+  { 0x210001d5, 0x24000001 },
+  { 0x210001d6, 0x1400ffff },
+  { 0x210001d7, 0x24000001 },
+  { 0x210001d8, 0x1400ffff },
+  { 0x210001d9, 0x24000001 },
+  { 0x210001da, 0x1400ffff },
+  { 0x210001db, 0x24000001 },
+  { 0x210001dc, 0x1400ffff },
+  { 0x210001dd, 0x1400ffb1 },
+  { 0x210001de, 0x24000001 },
+  { 0x210001df, 0x1400ffff },
+  { 0x210001e0, 0x24000001 },
+  { 0x210001e1, 0x1400ffff },
+  { 0x210001e2, 0x24000001 },
+  { 0x210001e3, 0x1400ffff },
+  { 0x210001e4, 0x24000001 },
+  { 0x210001e5, 0x1400ffff },
+  { 0x210001e6, 0x24000001 },
+  { 0x210001e7, 0x1400ffff },
+  { 0x210001e8, 0x24000001 },
+  { 0x210001e9, 0x1400ffff },
+  { 0x210001ea, 0x24000001 },
+  { 0x210001eb, 0x1400ffff },
+  { 0x210001ec, 0x24000001 },
+  { 0x210001ed, 0x1400ffff },
+  { 0x210001ee, 0x24000001 },
+  { 0x210001ef, 0x1400ffff },
+  { 0x210001f0, 0x14000000 },
+  { 0x210001f1, 0x24000002 },
+  { 0x210001f2, 0x2000ffff },
+  { 0x210001f3, 0x1400fffe },
+  { 0x210001f4, 0x24000001 },
+  { 0x210001f5, 0x1400ffff },
+  { 0x210001f6, 0x2400ff9f },
+  { 0x210001f7, 0x2400ffc8 },
+  { 0x210001f8, 0x24000001 },
+  { 0x210001f9, 0x1400ffff },
+  { 0x210001fa, 0x24000001 },
+  { 0x210001fb, 0x1400ffff },
+  { 0x210001fc, 0x24000001 },
+  { 0x210001fd, 0x1400ffff },
+  { 0x210001fe, 0x24000001 },
+  { 0x210001ff, 0x1400ffff },
+  { 0x21000200, 0x24000001 },
+  { 0x21000201, 0x1400ffff },
+  { 0x21000202, 0x24000001 },
+  { 0x21000203, 0x1400ffff },
+  { 0x21000204, 0x24000001 },
+  { 0x21000205, 0x1400ffff },
+  { 0x21000206, 0x24000001 },
+  { 0x21000207, 0x1400ffff },
+  { 0x21000208, 0x24000001 },
+  { 0x21000209, 0x1400ffff },
+  { 0x2100020a, 0x24000001 },
+  { 0x2100020b, 0x1400ffff },
+  { 0x2100020c, 0x24000001 },
+  { 0x2100020d, 0x1400ffff },
+  { 0x2100020e, 0x24000001 },
+  { 0x2100020f, 0x1400ffff },
+  { 0x21000210, 0x24000001 },
+  { 0x21000211, 0x1400ffff },
+  { 0x21000212, 0x24000001 },
+  { 0x21000213, 0x1400ffff },
+  { 0x21000214, 0x24000001 },
+  { 0x21000215, 0x1400ffff },
+  { 0x21000216, 0x24000001 },
+  { 0x21000217, 0x1400ffff },
+  { 0x21000218, 0x24000001 },
+  { 0x21000219, 0x1400ffff },
+  { 0x2100021a, 0x24000001 },
+  { 0x2100021b, 0x1400ffff },
+  { 0x2100021c, 0x24000001 },
+  { 0x2100021d, 0x1400ffff },
+  { 0x2100021e, 0x24000001 },
+  { 0x2100021f, 0x1400ffff },
+  { 0x21000220, 0x2400ff7e },
+  { 0x21000221, 0x14000000 },
+  { 0x21000222, 0x24000001 },
+  { 0x21000223, 0x1400ffff },
+  { 0x21000224, 0x24000001 },
+  { 0x21000225, 0x1400ffff },
+  { 0x21000226, 0x24000001 },
+  { 0x21000227, 0x1400ffff },
+  { 0x21000228, 0x24000001 },
+  { 0x21000229, 0x1400ffff },
+  { 0x2100022a, 0x24000001 },
+  { 0x2100022b, 0x1400ffff },
+  { 0x2100022c, 0x24000001 },
+  { 0x2100022d, 0x1400ffff },
+  { 0x2100022e, 0x24000001 },
+  { 0x2100022f, 0x1400ffff },
+  { 0x21000230, 0x24000001 },
+  { 0x21000231, 0x1400ffff },
+  { 0x21000232, 0x24000001 },
+  { 0x21000233, 0x1400ffff },
+  { 0x21800234, 0x14000005 },
+  { 0x2100023a, 0x24000000 },
+  { 0x2100023b, 0x24000001 },
+  { 0x2100023c, 0x1400ffff },
+  { 0x2100023d, 0x2400ff5d },
+  { 0x2100023e, 0x24000000 },
+  { 0x2180023f, 0x14000001 },
+  { 0x21000241, 0x24000053 },
+  { 0x21800250, 0x14000002 },
+  { 0x21000253, 0x1400ff2e },
+  { 0x21000254, 0x1400ff32 },
+  { 0x21000255, 0x14000000 },
+  { 0x21000256, 0x1400ff33 },
+  { 0x21000257, 0x1400ff33 },
+  { 0x21000258, 0x14000000 },
+  { 0x21000259, 0x1400ff36 },
+  { 0x2100025a, 0x14000000 },
+  { 0x2100025b, 0x1400ff35 },
+  { 0x2180025c, 0x14000003 },
+  { 0x21000260, 0x1400ff33 },
+  { 0x21800261, 0x14000001 },
+  { 0x21000263, 0x1400ff31 },
+  { 0x21800264, 0x14000003 },
+  { 0x21000268, 0x1400ff2f },
+  { 0x21000269, 0x1400ff2d },
+  { 0x2180026a, 0x14000004 },
+  { 0x2100026f, 0x1400ff2d },
+  { 0x21800270, 0x14000001 },
+  { 0x21000272, 0x1400ff2b },
+  { 0x21800273, 0x14000001 },
+  { 0x21000275, 0x1400ff2a },
+  { 0x21800276, 0x14000009 },
+  { 0x21000280, 0x1400ff26 },
+  { 0x21800281, 0x14000001 },
+  { 0x21000283, 0x1400ff26 },
+  { 0x21800284, 0x14000003 },
+  { 0x21000288, 0x1400ff26 },
+  { 0x21000289, 0x14000000 },
+  { 0x2100028a, 0x1400ff27 },
+  { 0x2100028b, 0x1400ff27 },
+  { 0x2180028c, 0x14000005 },
+  { 0x21000292, 0x1400ff25 },
+  { 0x21000293, 0x14000000 },
+  { 0x21000294, 0x1400ffad },
+  { 0x21800295, 0x1400001a },
+  { 0x218002b0, 0x18000011 },
+  { 0x098002c2, 0x60000003 },
+  { 0x098002c6, 0x1800000b },
+  { 0x098002d2, 0x6000000d },
+  { 0x218002e0, 0x18000004 },
+  { 0x098002e5, 0x60000008 },
+  { 0x090002ee, 0x18000000 },
+  { 0x098002ef, 0x60000010 },
+  { 0x1b800300, 0x30000044 },
+  { 0x1b000345, 0x30000054 },
+  { 0x1b800346, 0x30000029 },
+  { 0x13800374, 0x60000001 },
+  { 0x1300037a, 0x18000000 },
+  { 0x0900037e, 0x54000000 },
+  { 0x13800384, 0x60000001 },
+  { 0x13000386, 0x24000026 },
+  { 0x09000387, 0x54000000 },
+  { 0x13000388, 0x24000025 },
+  { 0x13000389, 0x24000025 },
+  { 0x1300038a, 0x24000025 },
+  { 0x1300038c, 0x24000040 },
+  { 0x1300038e, 0x2400003f },
+  { 0x1300038f, 0x2400003f },
+  { 0x13000390, 0x14000000 },
+  { 0x13000391, 0x24000020 },
+  { 0x13000392, 0x24000020 },
+  { 0x13000393, 0x24000020 },
+  { 0x13000394, 0x24000020 },
+  { 0x13000395, 0x24000020 },
+  { 0x13000396, 0x24000020 },
+  { 0x13000397, 0x24000020 },
+  { 0x13000398, 0x24000020 },
+  { 0x13000399, 0x24000020 },
+  { 0x1300039a, 0x24000020 },
+  { 0x1300039b, 0x24000020 },
+  { 0x1300039c, 0x24000020 },
+  { 0x1300039d, 0x24000020 },
+  { 0x1300039e, 0x24000020 },
+  { 0x1300039f, 0x24000020 },
+  { 0x130003a0, 0x24000020 },
+  { 0x130003a1, 0x24000020 },
+  { 0x130003a3, 0x24000020 },
+  { 0x130003a4, 0x24000020 },
+  { 0x130003a5, 0x24000020 },
+  { 0x130003a6, 0x24000020 },
+  { 0x130003a7, 0x24000020 },
+  { 0x130003a8, 0x24000020 },
+  { 0x130003a9, 0x24000020 },
+  { 0x130003aa, 0x24000020 },
+  { 0x130003ab, 0x24000020 },
+  { 0x130003ac, 0x1400ffda },
+  { 0x130003ad, 0x1400ffdb },
+  { 0x130003ae, 0x1400ffdb },
+  { 0x130003af, 0x1400ffdb },
+  { 0x130003b0, 0x14000000 },
+  { 0x130003b1, 0x1400ffe0 },
+  { 0x130003b2, 0x1400ffe0 },
+  { 0x130003b3, 0x1400ffe0 },
+  { 0x130003b4, 0x1400ffe0 },
+  { 0x130003b5, 0x1400ffe0 },
+  { 0x130003b6, 0x1400ffe0 },
+  { 0x130003b7, 0x1400ffe0 },
+  { 0x130003b8, 0x1400ffe0 },
+  { 0x130003b9, 0x1400ffe0 },
+  { 0x130003ba, 0x1400ffe0 },
+  { 0x130003bb, 0x1400ffe0 },
+  { 0x130003bc, 0x1400ffe0 },
+  { 0x130003bd, 0x1400ffe0 },
+  { 0x130003be, 0x1400ffe0 },
+  { 0x130003bf, 0x1400ffe0 },
+  { 0x130003c0, 0x1400ffe0 },
+  { 0x130003c1, 0x1400ffe0 },
+  { 0x130003c2, 0x1400ffe1 },
+  { 0x130003c3, 0x1400ffe0 },
+  { 0x130003c4, 0x1400ffe0 },
+  { 0x130003c5, 0x1400ffe0 },
+  { 0x130003c6, 0x1400ffe0 },
+  { 0x130003c7, 0x1400ffe0 },
+  { 0x130003c8, 0x1400ffe0 },
+  { 0x130003c9, 0x1400ffe0 },
+  { 0x130003ca, 0x1400ffe0 },
+  { 0x130003cb, 0x1400ffe0 },
+  { 0x130003cc, 0x1400ffc0 },
+  { 0x130003cd, 0x1400ffc1 },
+  { 0x130003ce, 0x1400ffc1 },
+  { 0x130003d0, 0x1400ffc2 },
+  { 0x130003d1, 0x1400ffc7 },
+  { 0x138003d2, 0x24000002 },
+  { 0x130003d5, 0x1400ffd1 },
+  { 0x130003d6, 0x1400ffca },
+  { 0x130003d7, 0x14000000 },
+  { 0x130003d8, 0x24000001 },
+  { 0x130003d9, 0x1400ffff },
+  { 0x130003da, 0x24000001 },
+  { 0x130003db, 0x1400ffff },
+  { 0x130003dc, 0x24000001 },
+  { 0x130003dd, 0x1400ffff },
+  { 0x130003de, 0x24000001 },
+  { 0x130003df, 0x1400ffff },
+  { 0x130003e0, 0x24000001 },
+  { 0x130003e1, 0x1400ffff },
+  { 0x0a0003e2, 0x24000001 },
+  { 0x0a0003e3, 0x1400ffff },
+  { 0x0a0003e4, 0x24000001 },
+  { 0x0a0003e5, 0x1400ffff },
+  { 0x0a0003e6, 0x24000001 },
+  { 0x0a0003e7, 0x1400ffff },
+  { 0x0a0003e8, 0x24000001 },
+  { 0x0a0003e9, 0x1400ffff },
+  { 0x0a0003ea, 0x24000001 },
+  { 0x0a0003eb, 0x1400ffff },
+  { 0x0a0003ec, 0x24000001 },
+  { 0x0a0003ed, 0x1400ffff },
+  { 0x0a0003ee, 0x24000001 },
+  { 0x0a0003ef, 0x1400ffff },
+  { 0x130003f0, 0x1400ffaa },
+  { 0x130003f1, 0x1400ffb0 },
+  { 0x130003f2, 0x14000007 },
+  { 0x130003f3, 0x14000000 },
+  { 0x130003f4, 0x2400ffc4 },
+  { 0x130003f5, 0x1400ffa0 },
+  { 0x130003f6, 0x64000000 },
+  { 0x130003f7, 0x24000001 },
+  { 0x130003f8, 0x1400ffff },
+  { 0x130003f9, 0x2400fff9 },
+  { 0x130003fa, 0x24000001 },
+  { 0x130003fb, 0x1400ffff },
+  { 0x130003fc, 0x14000000 },
+  { 0x138003fd, 0x24000002 },
+  { 0x0c000400, 0x24000050 },
+  { 0x0c000401, 0x24000050 },
+  { 0x0c000402, 0x24000050 },
+  { 0x0c000403, 0x24000050 },
+  { 0x0c000404, 0x24000050 },
+  { 0x0c000405, 0x24000050 },
+  { 0x0c000406, 0x24000050 },
+  { 0x0c000407, 0x24000050 },
+  { 0x0c000408, 0x24000050 },
+  { 0x0c000409, 0x24000050 },
+  { 0x0c00040a, 0x24000050 },
+  { 0x0c00040b, 0x24000050 },
+  { 0x0c00040c, 0x24000050 },
+  { 0x0c00040d, 0x24000050 },
+  { 0x0c00040e, 0x24000050 },
+  { 0x0c00040f, 0x24000050 },
+  { 0x0c000410, 0x24000020 },
+  { 0x0c000411, 0x24000020 },
+  { 0x0c000412, 0x24000020 },
+  { 0x0c000413, 0x24000020 },
+  { 0x0c000414, 0x24000020 },
+  { 0x0c000415, 0x24000020 },
+  { 0x0c000416, 0x24000020 },
+  { 0x0c000417, 0x24000020 },
+  { 0x0c000418, 0x24000020 },
+  { 0x0c000419, 0x24000020 },
+  { 0x0c00041a, 0x24000020 },
+  { 0x0c00041b, 0x24000020 },
+  { 0x0c00041c, 0x24000020 },
+  { 0x0c00041d, 0x24000020 },
+  { 0x0c00041e, 0x24000020 },
+  { 0x0c00041f, 0x24000020 },
+  { 0x0c000420, 0x24000020 },
+  { 0x0c000421, 0x24000020 },
+  { 0x0c000422, 0x24000020 },
+  { 0x0c000423, 0x24000020 },
+  { 0x0c000424, 0x24000020 },
+  { 0x0c000425, 0x24000020 },
+  { 0x0c000426, 0x24000020 },
+  { 0x0c000427, 0x24000020 },
+  { 0x0c000428, 0x24000020 },
+  { 0x0c000429, 0x24000020 },
+  { 0x0c00042a, 0x24000020 },
+  { 0x0c00042b, 0x24000020 },
+  { 0x0c00042c, 0x24000020 },
+  { 0x0c00042d, 0x24000020 },
+  { 0x0c00042e, 0x24000020 },
+  { 0x0c00042f, 0x24000020 },
+  { 0x0c000430, 0x1400ffe0 },
+  { 0x0c000431, 0x1400ffe0 },
+  { 0x0c000432, 0x1400ffe0 },
+  { 0x0c000433, 0x1400ffe0 },
+  { 0x0c000434, 0x1400ffe0 },
+  { 0x0c000435, 0x1400ffe0 },
+  { 0x0c000436, 0x1400ffe0 },
+  { 0x0c000437, 0x1400ffe0 },
+  { 0x0c000438, 0x1400ffe0 },
+  { 0x0c000439, 0x1400ffe0 },
+  { 0x0c00043a, 0x1400ffe0 },
+  { 0x0c00043b, 0x1400ffe0 },
+  { 0x0c00043c, 0x1400ffe0 },
+  { 0x0c00043d, 0x1400ffe0 },
+  { 0x0c00043e, 0x1400ffe0 },
+  { 0x0c00043f, 0x1400ffe0 },
+  { 0x0c000440, 0x1400ffe0 },
+  { 0x0c000441, 0x1400ffe0 },
+  { 0x0c000442, 0x1400ffe0 },
+  { 0x0c000443, 0x1400ffe0 },
+  { 0x0c000444, 0x1400ffe0 },
+  { 0x0c000445, 0x1400ffe0 },
+  { 0x0c000446, 0x1400ffe0 },
+  { 0x0c000447, 0x1400ffe0 },
+  { 0x0c000448, 0x1400ffe0 },
+  { 0x0c000449, 0x1400ffe0 },
+  { 0x0c00044a, 0x1400ffe0 },
+  { 0x0c00044b, 0x1400ffe0 },
+  { 0x0c00044c, 0x1400ffe0 },
+  { 0x0c00044d, 0x1400ffe0 },
+  { 0x0c00044e, 0x1400ffe0 },
+  { 0x0c00044f, 0x1400ffe0 },
+  { 0x0c000450, 0x1400ffb0 },
+  { 0x0c000451, 0x1400ffb0 },
+  { 0x0c000452, 0x1400ffb0 },
+  { 0x0c000453, 0x1400ffb0 },
+  { 0x0c000454, 0x1400ffb0 },
+  { 0x0c000455, 0x1400ffb0 },
+  { 0x0c000456, 0x1400ffb0 },
+  { 0x0c000457, 0x1400ffb0 },
+  { 0x0c000458, 0x1400ffb0 },
+  { 0x0c000459, 0x1400ffb0 },
+  { 0x0c00045a, 0x1400ffb0 },
+  { 0x0c00045b, 0x1400ffb0 },
+  { 0x0c00045c, 0x1400ffb0 },
+  { 0x0c00045d, 0x1400ffb0 },
+  { 0x0c00045e, 0x1400ffb0 },
+  { 0x0c00045f, 0x1400ffb0 },
+  { 0x0c000460, 0x24000001 },
+  { 0x0c000461, 0x1400ffff },
+  { 0x0c000462, 0x24000001 },
+  { 0x0c000463, 0x1400ffff },
+  { 0x0c000464, 0x24000001 },
+  { 0x0c000465, 0x1400ffff },
+  { 0x0c000466, 0x24000001 },
+  { 0x0c000467, 0x1400ffff },
+  { 0x0c000468, 0x24000001 },
+  { 0x0c000469, 0x1400ffff },
+  { 0x0c00046a, 0x24000001 },
+  { 0x0c00046b, 0x1400ffff },
+  { 0x0c00046c, 0x24000001 },
+  { 0x0c00046d, 0x1400ffff },
+  { 0x0c00046e, 0x24000001 },
+  { 0x0c00046f, 0x1400ffff },
+  { 0x0c000470, 0x24000001 },
+  { 0x0c000471, 0x1400ffff },
+  { 0x0c000472, 0x24000001 },
+  { 0x0c000473, 0x1400ffff },
+  { 0x0c000474, 0x24000001 },
+  { 0x0c000475, 0x1400ffff },
+  { 0x0c000476, 0x24000001 },
+  { 0x0c000477, 0x1400ffff },
+  { 0x0c000478, 0x24000001 },
+  { 0x0c000479, 0x1400ffff },
+  { 0x0c00047a, 0x24000001 },
+  { 0x0c00047b, 0x1400ffff },
+  { 0x0c00047c, 0x24000001 },
+  { 0x0c00047d, 0x1400ffff },
+  { 0x0c00047e, 0x24000001 },
+  { 0x0c00047f, 0x1400ffff },
+  { 0x0c000480, 0x24000001 },
+  { 0x0c000481, 0x1400ffff },
+  { 0x0c000482, 0x68000000 },
+  { 0x0c800483, 0x30000003 },
+  { 0x0c800488, 0x2c000001 },
+  { 0x0c00048a, 0x24000001 },
+  { 0x0c00048b, 0x1400ffff },
+  { 0x0c00048c, 0x24000001 },
+  { 0x0c00048d, 0x1400ffff },
+  { 0x0c00048e, 0x24000001 },
+  { 0x0c00048f, 0x1400ffff },
+  { 0x0c000490, 0x24000001 },
+  { 0x0c000491, 0x1400ffff },
+  { 0x0c000492, 0x24000001 },
+  { 0x0c000493, 0x1400ffff },
+  { 0x0c000494, 0x24000001 },
+  { 0x0c000495, 0x1400ffff },
+  { 0x0c000496, 0x24000001 },
+  { 0x0c000497, 0x1400ffff },
+  { 0x0c000498, 0x24000001 },
+  { 0x0c000499, 0x1400ffff },
+  { 0x0c00049a, 0x24000001 },
+  { 0x0c00049b, 0x1400ffff },
+  { 0x0c00049c, 0x24000001 },
+  { 0x0c00049d, 0x1400ffff },
+  { 0x0c00049e, 0x24000001 },
+  { 0x0c00049f, 0x1400ffff },
+  { 0x0c0004a0, 0x24000001 },
+  { 0x0c0004a1, 0x1400ffff },
+  { 0x0c0004a2, 0x24000001 },
+  { 0x0c0004a3, 0x1400ffff },
+  { 0x0c0004a4, 0x24000001 },
+  { 0x0c0004a5, 0x1400ffff },
+  { 0x0c0004a6, 0x24000001 },
+  { 0x0c0004a7, 0x1400ffff },
+  { 0x0c0004a8, 0x24000001 },
+  { 0x0c0004a9, 0x1400ffff },
+  { 0x0c0004aa, 0x24000001 },
+  { 0x0c0004ab, 0x1400ffff },
+  { 0x0c0004ac, 0x24000001 },
+  { 0x0c0004ad, 0x1400ffff },
+  { 0x0c0004ae, 0x24000001 },
+  { 0x0c0004af, 0x1400ffff },
+  { 0x0c0004b0, 0x24000001 },
+  { 0x0c0004b1, 0x1400ffff },
+  { 0x0c0004b2, 0x24000001 },
+  { 0x0c0004b3, 0x1400ffff },
+  { 0x0c0004b4, 0x24000001 },
+  { 0x0c0004b5, 0x1400ffff },
+  { 0x0c0004b6, 0x24000001 },
+  { 0x0c0004b7, 0x1400ffff },
+  { 0x0c0004b8, 0x24000001 },
+  { 0x0c0004b9, 0x1400ffff },
+  { 0x0c0004ba, 0x24000001 },
+  { 0x0c0004bb, 0x1400ffff },
+  { 0x0c0004bc, 0x24000001 },
+  { 0x0c0004bd, 0x1400ffff },
+  { 0x0c0004be, 0x24000001 },
+  { 0x0c0004bf, 0x1400ffff },
+  { 0x0c0004c0, 0x24000000 },
+  { 0x0c0004c1, 0x24000001 },
+  { 0x0c0004c2, 0x1400ffff },
+  { 0x0c0004c3, 0x24000001 },
+  { 0x0c0004c4, 0x1400ffff },
+  { 0x0c0004c5, 0x24000001 },
+  { 0x0c0004c6, 0x1400ffff },
+  { 0x0c0004c7, 0x24000001 },
+  { 0x0c0004c8, 0x1400ffff },
+  { 0x0c0004c9, 0x24000001 },
+  { 0x0c0004ca, 0x1400ffff },
+  { 0x0c0004cb, 0x24000001 },
+  { 0x0c0004cc, 0x1400ffff },
+  { 0x0c0004cd, 0x24000001 },
+  { 0x0c0004ce, 0x1400ffff },
+  { 0x0c0004d0, 0x24000001 },
+  { 0x0c0004d1, 0x1400ffff },
+  { 0x0c0004d2, 0x24000001 },
+  { 0x0c0004d3, 0x1400ffff },
+  { 0x0c0004d4, 0x24000001 },
+  { 0x0c0004d5, 0x1400ffff },
+  { 0x0c0004d6, 0x24000001 },
+  { 0x0c0004d7, 0x1400ffff },
+  { 0x0c0004d8, 0x24000001 },
+  { 0x0c0004d9, 0x1400ffff },
+  { 0x0c0004da, 0x24000001 },
+  { 0x0c0004db, 0x1400ffff },
+  { 0x0c0004dc, 0x24000001 },
+  { 0x0c0004dd, 0x1400ffff },
+  { 0x0c0004de, 0x24000001 },
+  { 0x0c0004df, 0x1400ffff },
+  { 0x0c0004e0, 0x24000001 },
+  { 0x0c0004e1, 0x1400ffff },
+  { 0x0c0004e2, 0x24000001 },
+  { 0x0c0004e3, 0x1400ffff },
+  { 0x0c0004e4, 0x24000001 },
+  { 0x0c0004e5, 0x1400ffff },
+  { 0x0c0004e6, 0x24000001 },
+  { 0x0c0004e7, 0x1400ffff },
+  { 0x0c0004e8, 0x24000001 },
+  { 0x0c0004e9, 0x1400ffff },
+  { 0x0c0004ea, 0x24000001 },
+  { 0x0c0004eb, 0x1400ffff },
+  { 0x0c0004ec, 0x24000001 },
+  { 0x0c0004ed, 0x1400ffff },
+  { 0x0c0004ee, 0x24000001 },
+  { 0x0c0004ef, 0x1400ffff },
+  { 0x0c0004f0, 0x24000001 },
+  { 0x0c0004f1, 0x1400ffff },
+  { 0x0c0004f2, 0x24000001 },
+  { 0x0c0004f3, 0x1400ffff },
+  { 0x0c0004f4, 0x24000001 },
+  { 0x0c0004f5, 0x1400ffff },
+  { 0x0c0004f6, 0x24000001 },
+  { 0x0c0004f7, 0x1400ffff },
+  { 0x0c0004f8, 0x24000001 },
+  { 0x0c0004f9, 0x1400ffff },
+  { 0x0c000500, 0x24000001 },
+  { 0x0c000501, 0x1400ffff },
+  { 0x0c000502, 0x24000001 },
+  { 0x0c000503, 0x1400ffff },
+  { 0x0c000504, 0x24000001 },
+  { 0x0c000505, 0x1400ffff },
+  { 0x0c000506, 0x24000001 },
+  { 0x0c000507, 0x1400ffff },
+  { 0x0c000508, 0x24000001 },
+  { 0x0c000509, 0x1400ffff },
+  { 0x0c00050a, 0x24000001 },
+  { 0x0c00050b, 0x1400ffff },
+  { 0x0c00050c, 0x24000001 },
+  { 0x0c00050d, 0x1400ffff },
+  { 0x0c00050e, 0x24000001 },
+  { 0x0c00050f, 0x1400ffff },
+  { 0x01000531, 0x24000030 },
+  { 0x01000532, 0x24000030 },
+  { 0x01000533, 0x24000030 },
+  { 0x01000534, 0x24000030 },
+  { 0x01000535, 0x24000030 },
+  { 0x01000536, 0x24000030 },
+  { 0x01000537, 0x24000030 },
+  { 0x01000538, 0x24000030 },
+  { 0x01000539, 0x24000030 },
+  { 0x0100053a, 0x24000030 },
+  { 0x0100053b, 0x24000030 },
+  { 0x0100053c, 0x24000030 },
+  { 0x0100053d, 0x24000030 },
+  { 0x0100053e, 0x24000030 },
+  { 0x0100053f, 0x24000030 },
+  { 0x01000540, 0x24000030 },
+  { 0x01000541, 0x24000030 },
+  { 0x01000542, 0x24000030 },
+  { 0x01000543, 0x24000030 },
+  { 0x01000544, 0x24000030 },
+  { 0x01000545, 0x24000030 },
+  { 0x01000546, 0x24000030 },
+  { 0x01000547, 0x24000030 },
+  { 0x01000548, 0x24000030 },
+  { 0x01000549, 0x24000030 },
+  { 0x0100054a, 0x24000030 },
+  { 0x0100054b, 0x24000030 },
+  { 0x0100054c, 0x24000030 },
+  { 0x0100054d, 0x24000030 },
+  { 0x0100054e, 0x24000030 },
+  { 0x0100054f, 0x24000030 },
+  { 0x01000550, 0x24000030 },
+  { 0x01000551, 0x24000030 },
+  { 0x01000552, 0x24000030 },
+  { 0x01000553, 0x24000030 },
+  { 0x01000554, 0x24000030 },
+  { 0x01000555, 0x24000030 },
+  { 0x01000556, 0x24000030 },
+  { 0x01000559, 0x18000000 },
+  { 0x0180055a, 0x54000005 },
+  { 0x01000561, 0x1400ffd0 },
+  { 0x01000562, 0x1400ffd0 },
+  { 0x01000563, 0x1400ffd0 },
+  { 0x01000564, 0x1400ffd0 },
+  { 0x01000565, 0x1400ffd0 },
+  { 0x01000566, 0x1400ffd0 },
+  { 0x01000567, 0x1400ffd0 },
+  { 0x01000568, 0x1400ffd0 },
+  { 0x01000569, 0x1400ffd0 },
+  { 0x0100056a, 0x1400ffd0 },
+  { 0x0100056b, 0x1400ffd0 },
+  { 0x0100056c, 0x1400ffd0 },
+  { 0x0100056d, 0x1400ffd0 },
+  { 0x0100056e, 0x1400ffd0 },
+  { 0x0100056f, 0x1400ffd0 },
+  { 0x01000570, 0x1400ffd0 },
+  { 0x01000571, 0x1400ffd0 },
+  { 0x01000572, 0x1400ffd0 },
+  { 0x01000573, 0x1400ffd0 },
+  { 0x01000574, 0x1400ffd0 },
+  { 0x01000575, 0x1400ffd0 },
+  { 0x01000576, 0x1400ffd0 },
+  { 0x01000577, 0x1400ffd0 },
+  { 0x01000578, 0x1400ffd0 },
+  { 0x01000579, 0x1400ffd0 },
+  { 0x0100057a, 0x1400ffd0 },
+  { 0x0100057b, 0x1400ffd0 },
+  { 0x0100057c, 0x1400ffd0 },
+  { 0x0100057d, 0x1400ffd0 },
+  { 0x0100057e, 0x1400ffd0 },
+  { 0x0100057f, 0x1400ffd0 },
+  { 0x01000580, 0x1400ffd0 },
+  { 0x01000581, 0x1400ffd0 },
+  { 0x01000582, 0x1400ffd0 },
+  { 0x01000583, 0x1400ffd0 },
+  { 0x01000584, 0x1400ffd0 },
+  { 0x01000585, 0x1400ffd0 },
+  { 0x01000586, 0x1400ffd0 },
+  { 0x01000587, 0x14000000 },
+  { 0x09000589, 0x54000000 },
+  { 0x0100058a, 0x44000000 },
+  { 0x19800591, 0x30000028 },
+  { 0x198005bb, 0x30000002 },
+  { 0x190005be, 0x54000000 },
+  { 0x190005bf, 0x30000000 },
+  { 0x190005c0, 0x54000000 },
+  { 0x198005c1, 0x30000001 },
+  { 0x190005c3, 0x54000000 },
+  { 0x198005c4, 0x30000001 },
+  { 0x190005c6, 0x54000000 },
+  { 0x190005c7, 0x30000000 },
+  { 0x198005d0, 0x1c00001a },
+  { 0x198005f0, 0x1c000002 },
+  { 0x198005f3, 0x54000001 },
+  { 0x09800600, 0x04000003 },
+  { 0x0000060b, 0x5c000000 },
+  { 0x0980060c, 0x54000001 },
+  { 0x0080060e, 0x68000001 },
+  { 0x00800610, 0x30000005 },
+  { 0x0900061b, 0x54000000 },
+  { 0x0080061e, 0x54000001 },
+  { 0x00800621, 0x1c000019 },
+  { 0x09000640, 0x18000000 },
+  { 0x00800641, 0x1c000009 },
+  { 0x1b80064b, 0x30000013 },
+  { 0x09800660, 0x34000009 },
+  { 0x0080066a, 0x54000003 },
+  { 0x0080066e, 0x1c000001 },
+  { 0x1b000670, 0x30000000 },
+  { 0x00800671, 0x1c000062 },
+  { 0x000006d4, 0x54000000 },
+  { 0x000006d5, 0x1c000000 },
+  { 0x008006d6, 0x30000006 },
+  { 0x090006dd, 0x04000000 },
+  { 0x000006de, 0x2c000000 },
+  { 0x008006df, 0x30000005 },
+  { 0x008006e5, 0x18000001 },
+  { 0x008006e7, 0x30000001 },
+  { 0x000006e9, 0x68000000 },
+  { 0x008006ea, 0x30000003 },
+  { 0x008006ee, 0x1c000001 },
+  { 0x008006f0, 0x34000009 },
+  { 0x008006fa, 0x1c000002 },
+  { 0x008006fd, 0x68000001 },
+  { 0x000006ff, 0x1c000000 },
+  { 0x31800700, 0x5400000d },
+  { 0x3100070f, 0x04000000 },
+  { 0x31000710, 0x1c000000 },
+  { 0x31000711, 0x30000000 },
+  { 0x31800712, 0x1c00001d },
+  { 0x31800730, 0x3000001a },
+  { 0x3180074d, 0x1c000020 },
+  { 0x37800780, 0x1c000025 },
+  { 0x378007a6, 0x3000000a },
+  { 0x370007b1, 0x1c000000 },
+  { 0x0e800901, 0x30000001 },
+  { 0x0e000903, 0x28000000 },
+  { 0x0e800904, 0x1c000035 },
+  { 0x0e00093c, 0x30000000 },
+  { 0x0e00093d, 0x1c000000 },
+  { 0x0e80093e, 0x28000002 },
+  { 0x0e800941, 0x30000007 },
+  { 0x0e800949, 0x28000003 },
+  { 0x0e00094d, 0x30000000 },
+  { 0x0e000950, 0x1c000000 },
+  { 0x0e800951, 0x30000003 },
+  { 0x0e800958, 0x1c000009 },
+  { 0x0e800962, 0x30000001 },
+  { 0x09800964, 0x54000001 },
+  { 0x0e800966, 0x34000009 },
+  { 0x09000970, 0x54000000 },
+  { 0x0e00097d, 0x1c000000 },
+  { 0x02000981, 0x30000000 },
+  { 0x02800982, 0x28000001 },
+  { 0x02800985, 0x1c000007 },
+  { 0x0280098f, 0x1c000001 },
+  { 0x02800993, 0x1c000015 },
+  { 0x028009aa, 0x1c000006 },
+  { 0x020009b2, 0x1c000000 },
+  { 0x028009b6, 0x1c000003 },
+  { 0x020009bc, 0x30000000 },
+  { 0x020009bd, 0x1c000000 },
+  { 0x028009be, 0x28000002 },
+  { 0x028009c1, 0x30000003 },
+  { 0x028009c7, 0x28000001 },
+  { 0x028009cb, 0x28000001 },
+  { 0x020009cd, 0x30000000 },
+  { 0x020009ce, 0x1c000000 },
+  { 0x020009d7, 0x28000000 },
+  { 0x028009dc, 0x1c000001 },
+  { 0x028009df, 0x1c000002 },
+  { 0x028009e2, 0x30000001 },
+  { 0x028009e6, 0x34000009 },
+  { 0x028009f0, 0x1c000001 },
+  { 0x028009f2, 0x5c000001 },
+  { 0x028009f4, 0x3c000005 },
+  { 0x020009fa, 0x68000000 },
+  { 0x15800a01, 0x30000001 },
+  { 0x15000a03, 0x28000000 },
+  { 0x15800a05, 0x1c000005 },
+  { 0x15800a0f, 0x1c000001 },
+  { 0x15800a13, 0x1c000015 },
+  { 0x15800a2a, 0x1c000006 },
+  { 0x15800a32, 0x1c000001 },
+  { 0x15800a35, 0x1c000001 },
+  { 0x15800a38, 0x1c000001 },
+  { 0x15000a3c, 0x30000000 },
+  { 0x15800a3e, 0x28000002 },
+  { 0x15800a41, 0x30000001 },
+  { 0x15800a47, 0x30000001 },
+  { 0x15800a4b, 0x30000002 },
+  { 0x15800a59, 0x1c000003 },
+  { 0x15000a5e, 0x1c000000 },
+  { 0x15800a66, 0x34000009 },
+  { 0x15800a70, 0x30000001 },
+  { 0x15800a72, 0x1c000002 },
+  { 0x14800a81, 0x30000001 },
+  { 0x14000a83, 0x28000000 },
+  { 0x14800a85, 0x1c000008 },
+  { 0x14800a8f, 0x1c000002 },
+  { 0x14800a93, 0x1c000015 },
+  { 0x14800aaa, 0x1c000006 },
+  { 0x14800ab2, 0x1c000001 },
+  { 0x14800ab5, 0x1c000004 },
+  { 0x14000abc, 0x30000000 },
+  { 0x14000abd, 0x1c000000 },
+  { 0x14800abe, 0x28000002 },
+  { 0x14800ac1, 0x30000004 },
+  { 0x14800ac7, 0x30000001 },
+  { 0x14000ac9, 0x28000000 },
+  { 0x14800acb, 0x28000001 },
+  { 0x14000acd, 0x30000000 },
+  { 0x14000ad0, 0x1c000000 },
+  { 0x14800ae0, 0x1c000001 },
+  { 0x14800ae2, 0x30000001 },
+  { 0x14800ae6, 0x34000009 },
+  { 0x14000af1, 0x5c000000 },
+  { 0x2b000b01, 0x30000000 },
+  { 0x2b800b02, 0x28000001 },
+  { 0x2b800b05, 0x1c000007 },
+  { 0x2b800b0f, 0x1c000001 },
+  { 0x2b800b13, 0x1c000015 },
+  { 0x2b800b2a, 0x1c000006 },
+  { 0x2b800b32, 0x1c000001 },
+  { 0x2b800b35, 0x1c000004 },
+  { 0x2b000b3c, 0x30000000 },
+  { 0x2b000b3d, 0x1c000000 },
+  { 0x2b000b3e, 0x28000000 },
+  { 0x2b000b3f, 0x30000000 },
+  { 0x2b000b40, 0x28000000 },
+  { 0x2b800b41, 0x30000002 },
+  { 0x2b800b47, 0x28000001 },
+  { 0x2b800b4b, 0x28000001 },
+  { 0x2b000b4d, 0x30000000 },
+  { 0x2b000b56, 0x30000000 },
+  { 0x2b000b57, 0x28000000 },
+  { 0x2b800b5c, 0x1c000001 },
+  { 0x2b800b5f, 0x1c000002 },
+  { 0x2b800b66, 0x34000009 },
+  { 0x2b000b70, 0x68000000 },
+  { 0x2b000b71, 0x1c000000 },
+  { 0x35000b82, 0x30000000 },
+  { 0x35000b83, 0x1c000000 },
+  { 0x35800b85, 0x1c000005 },
+  { 0x35800b8e, 0x1c000002 },
+  { 0x35800b92, 0x1c000003 },
+  { 0x35800b99, 0x1c000001 },
+  { 0x35000b9c, 0x1c000000 },
+  { 0x35800b9e, 0x1c000001 },
+  { 0x35800ba3, 0x1c000001 },
+  { 0x35800ba8, 0x1c000002 },
+  { 0x35800bae, 0x1c00000b },
+  { 0x35800bbe, 0x28000001 },
+  { 0x35000bc0, 0x30000000 },
+  { 0x35800bc1, 0x28000001 },
+  { 0x35800bc6, 0x28000002 },
+  { 0x35800bca, 0x28000002 },
+  { 0x35000bcd, 0x30000000 },
+  { 0x35000bd7, 0x28000000 },
+  { 0x35800be6, 0x34000009 },
+  { 0x35800bf0, 0x3c000002 },
+  { 0x35800bf3, 0x68000005 },
+  { 0x35000bf9, 0x5c000000 },
+  { 0x35000bfa, 0x68000000 },
+  { 0x36800c01, 0x28000002 },
+  { 0x36800c05, 0x1c000007 },
+  { 0x36800c0e, 0x1c000002 },
+  { 0x36800c12, 0x1c000016 },
+  { 0x36800c2a, 0x1c000009 },
+  { 0x36800c35, 0x1c000004 },
+  { 0x36800c3e, 0x30000002 },
+  { 0x36800c41, 0x28000003 },
+  { 0x36800c46, 0x30000002 },
+  { 0x36800c4a, 0x30000003 },
+  { 0x36800c55, 0x30000001 },
+  { 0x36800c60, 0x1c000001 },
+  { 0x36800c66, 0x34000009 },
+  { 0x1c800c82, 0x28000001 },
+  { 0x1c800c85, 0x1c000007 },
+  { 0x1c800c8e, 0x1c000002 },
+  { 0x1c800c92, 0x1c000016 },
+  { 0x1c800caa, 0x1c000009 },
+  { 0x1c800cb5, 0x1c000004 },
+  { 0x1c000cbc, 0x30000000 },
+  { 0x1c000cbd, 0x1c000000 },
+  { 0x1c000cbe, 0x28000000 },
+  { 0x1c000cbf, 0x30000000 },
+  { 0x1c800cc0, 0x28000004 },
+  { 0x1c000cc6, 0x30000000 },
+  { 0x1c800cc7, 0x28000001 },
+  { 0x1c800cca, 0x28000001 },
+  { 0x1c800ccc, 0x30000001 },
+  { 0x1c800cd5, 0x28000001 },
+  { 0x1c000cde, 0x1c000000 },
+  { 0x1c800ce0, 0x1c000001 },
+  { 0x1c800ce6, 0x34000009 },
+  { 0x24800d02, 0x28000001 },
+  { 0x24800d05, 0x1c000007 },
+  { 0x24800d0e, 0x1c000002 },
+  { 0x24800d12, 0x1c000016 },
+  { 0x24800d2a, 0x1c00000f },
+  { 0x24800d3e, 0x28000002 },
+  { 0x24800d41, 0x30000002 },
+  { 0x24800d46, 0x28000002 },
+  { 0x24800d4a, 0x28000002 },
+  { 0x24000d4d, 0x30000000 },
+  { 0x24000d57, 0x28000000 },
+  { 0x24800d60, 0x1c000001 },
+  { 0x24800d66, 0x34000009 },
+  { 0x2f800d82, 0x28000001 },
+  { 0x2f800d85, 0x1c000011 },
+  { 0x2f800d9a, 0x1c000017 },
+  { 0x2f800db3, 0x1c000008 },
+  { 0x2f000dbd, 0x1c000000 },
+  { 0x2f800dc0, 0x1c000006 },
+  { 0x2f000dca, 0x30000000 },
+  { 0x2f800dcf, 0x28000002 },
+  { 0x2f800dd2, 0x30000002 },
+  { 0x2f000dd6, 0x30000000 },
+  { 0x2f800dd8, 0x28000007 },
+  { 0x2f800df2, 0x28000001 },
+  { 0x2f000df4, 0x54000000 },
+  { 0x38800e01, 0x1c00002f },
+  { 0x38000e31, 0x30000000 },
+  { 0x38800e32, 0x1c000001 },
+  { 0x38800e34, 0x30000006 },
+  { 0x09000e3f, 0x5c000000 },
+  { 0x38800e40, 0x1c000005 },
+  { 0x38000e46, 0x18000000 },
+  { 0x38800e47, 0x30000007 },
+  { 0x38000e4f, 0x54000000 },
+  { 0x38800e50, 0x34000009 },
+  { 0x38800e5a, 0x54000001 },
+  { 0x20800e81, 0x1c000001 },
+  { 0x20000e84, 0x1c000000 },
+  { 0x20800e87, 0x1c000001 },
+  { 0x20000e8a, 0x1c000000 },
+  { 0x20000e8d, 0x1c000000 },
+  { 0x20800e94, 0x1c000003 },
+  { 0x20800e99, 0x1c000006 },
+  { 0x20800ea1, 0x1c000002 },
+  { 0x20000ea5, 0x1c000000 },
+  { 0x20000ea7, 0x1c000000 },
+  { 0x20800eaa, 0x1c000001 },
+  { 0x20800ead, 0x1c000003 },
+  { 0x20000eb1, 0x30000000 },
+  { 0x20800eb2, 0x1c000001 },
+  { 0x20800eb4, 0x30000005 },
+  { 0x20800ebb, 0x30000001 },
+  { 0x20000ebd, 0x1c000000 },
+  { 0x20800ec0, 0x1c000004 },
+  { 0x20000ec6, 0x18000000 },
+  { 0x20800ec8, 0x30000005 },
+  { 0x20800ed0, 0x34000009 },
+  { 0x20800edc, 0x1c000001 },
+  { 0x39000f00, 0x1c000000 },
+  { 0x39800f01, 0x68000002 },
+  { 0x39800f04, 0x5400000e },
+  { 0x39800f13, 0x68000004 },
+  { 0x39800f18, 0x30000001 },
+  { 0x39800f1a, 0x68000005 },
+  { 0x39800f20, 0x34000009 },
+  { 0x39800f2a, 0x3c000009 },
+  { 0x39000f34, 0x68000000 },
+  { 0x39000f35, 0x30000000 },
+  { 0x39000f36, 0x68000000 },
+  { 0x39000f37, 0x30000000 },
+  { 0x39000f38, 0x68000000 },
+  { 0x39000f39, 0x30000000 },
+  { 0x39000f3a, 0x58000000 },
+  { 0x39000f3b, 0x48000000 },
+  { 0x39000f3c, 0x58000000 },
+  { 0x39000f3d, 0x48000000 },
+  { 0x39800f3e, 0x28000001 },
+  { 0x39800f40, 0x1c000007 },
+  { 0x39800f49, 0x1c000021 },
+  { 0x39800f71, 0x3000000d },
+  { 0x39000f7f, 0x28000000 },
+  { 0x39800f80, 0x30000004 },
+  { 0x39000f85, 0x54000000 },
+  { 0x39800f86, 0x30000001 },
+  { 0x39800f88, 0x1c000003 },
+  { 0x39800f90, 0x30000007 },
+  { 0x39800f99, 0x30000023 },
+  { 0x39800fbe, 0x68000007 },
+  { 0x39000fc6, 0x30000000 },
+  { 0x39800fc7, 0x68000005 },
+  { 0x39000fcf, 0x68000000 },
+  { 0x39800fd0, 0x54000001 },
+  { 0x26801000, 0x1c000021 },
+  { 0x26801023, 0x1c000004 },
+  { 0x26801029, 0x1c000001 },
+  { 0x2600102c, 0x28000000 },
+  { 0x2680102d, 0x30000003 },
+  { 0x26001031, 0x28000000 },
+  { 0x26001032, 0x30000000 },
+  { 0x26801036, 0x30000001 },
+  { 0x26001038, 0x28000000 },
+  { 0x26001039, 0x30000000 },
+  { 0x26801040, 0x34000009 },
+  { 0x2680104a, 0x54000005 },
+  { 0x26801050, 0x1c000005 },
+  { 0x26801056, 0x28000001 },
+  { 0x26801058, 0x30000001 },
+  { 0x100010a0, 0x24001c60 },
+  { 0x100010a1, 0x24001c60 },
+  { 0x100010a2, 0x24001c60 },
+  { 0x100010a3, 0x24001c60 },
+  { 0x100010a4, 0x24001c60 },
+  { 0x100010a5, 0x24001c60 },
+  { 0x100010a6, 0x24001c60 },
+  { 0x100010a7, 0x24001c60 },
+  { 0x100010a8, 0x24001c60 },
+  { 0x100010a9, 0x24001c60 },
+  { 0x100010aa, 0x24001c60 },
+  { 0x100010ab, 0x24001c60 },
+  { 0x100010ac, 0x24001c60 },
+  { 0x100010ad, 0x24001c60 },
+  { 0x100010ae, 0x24001c60 },
+  { 0x100010af, 0x24001c60 },
+  { 0x100010b0, 0x24001c60 },
+  { 0x100010b1, 0x24001c60 },
+  { 0x100010b2, 0x24001c60 },
+  { 0x100010b3, 0x24001c60 },
+  { 0x100010b4, 0x24001c60 },
+  { 0x100010b5, 0x24001c60 },
+  { 0x100010b6, 0x24001c60 },
+  { 0x100010b7, 0x24001c60 },
+  { 0x100010b8, 0x24001c60 },
+  { 0x100010b9, 0x24001c60 },
+  { 0x100010ba, 0x24001c60 },
+  { 0x100010bb, 0x24001c60 },
+  { 0x100010bc, 0x24001c60 },
+  { 0x100010bd, 0x24001c60 },
+  { 0x100010be, 0x24001c60 },
+  { 0x100010bf, 0x24001c60 },
+  { 0x100010c0, 0x24001c60 },
+  { 0x100010c1, 0x24001c60 },
+  { 0x100010c2, 0x24001c60 },
+  { 0x100010c3, 0x24001c60 },
+  { 0x100010c4, 0x24001c60 },
+  { 0x100010c5, 0x24001c60 },
+  { 0x108010d0, 0x1c00002a },
+  { 0x090010fb, 0x54000000 },
+  { 0x100010fc, 0x18000000 },
+  { 0x17801100, 0x1c000059 },
+  { 0x1780115f, 0x1c000043 },
+  { 0x178011a8, 0x1c000051 },
+  { 0x0f801200, 0x1c000048 },
+  { 0x0f80124a, 0x1c000003 },
+  { 0x0f801250, 0x1c000006 },
+  { 0x0f001258, 0x1c000000 },
+  { 0x0f80125a, 0x1c000003 },
+  { 0x0f801260, 0x1c000028 },
+  { 0x0f80128a, 0x1c000003 },
+  { 0x0f801290, 0x1c000020 },
+  { 0x0f8012b2, 0x1c000003 },
+  { 0x0f8012b8, 0x1c000006 },
+  { 0x0f0012c0, 0x1c000000 },
+  { 0x0f8012c2, 0x1c000003 },
+  { 0x0f8012c8, 0x1c00000e },
+  { 0x0f8012d8, 0x1c000038 },
+  { 0x0f801312, 0x1c000003 },
+  { 0x0f801318, 0x1c000042 },
+  { 0x0f00135f, 0x30000000 },
+  { 0x0f001360, 0x68000000 },
+  { 0x0f801361, 0x54000007 },
+  { 0x0f801369, 0x3c000013 },
+  { 0x0f801380, 0x1c00000f },
+  { 0x0f801390, 0x68000009 },
+  { 0x088013a0, 0x1c000054 },
+  { 0x07801401, 0x1c00026b },
+  { 0x0780166d, 0x54000001 },
+  { 0x0780166f, 0x1c000007 },
+  { 0x28001680, 0x74000000 },
+  { 0x28801681, 0x1c000019 },
+  { 0x2800169b, 0x58000000 },
+  { 0x2800169c, 0x48000000 },
+  { 0x2d8016a0, 0x1c00004a },
+  { 0x098016eb, 0x54000002 },
+  { 0x2d8016ee, 0x38000002 },
+  { 0x32801700, 0x1c00000c },
+  { 0x3280170e, 0x1c000003 },
+  { 0x32801712, 0x30000002 },
+  { 0x18801720, 0x1c000011 },
+  { 0x18801732, 0x30000002 },
+  { 0x09801735, 0x54000001 },
+  { 0x06801740, 0x1c000011 },
+  { 0x06801752, 0x30000001 },
+  { 0x33801760, 0x1c00000c },
+  { 0x3380176e, 0x1c000002 },
+  { 0x33801772, 0x30000001 },
+  { 0x1f801780, 0x1c000033 },
+  { 0x1f8017b4, 0x04000001 },
+  { 0x1f0017b6, 0x28000000 },
+  { 0x1f8017b7, 0x30000006 },
+  { 0x1f8017be, 0x28000007 },
+  { 0x1f0017c6, 0x30000000 },
+  { 0x1f8017c7, 0x28000001 },
+  { 0x1f8017c9, 0x3000000a },
+  { 0x1f8017d4, 0x54000002 },
+  { 0x1f0017d7, 0x18000000 },
+  { 0x1f8017d8, 0x54000002 },
+  { 0x1f0017db, 0x5c000000 },
+  { 0x1f0017dc, 0x1c000000 },
+  { 0x1f0017dd, 0x30000000 },
+  { 0x1f8017e0, 0x34000009 },
+  { 0x1f8017f0, 0x3c000009 },
+  { 0x25801800, 0x54000005 },
+  { 0x25001806, 0x44000000 },
+  { 0x25801807, 0x54000003 },
+  { 0x2580180b, 0x30000002 },
+  { 0x2500180e, 0x74000000 },
+  { 0x25801810, 0x34000009 },
+  { 0x25801820, 0x1c000022 },
+  { 0x25001843, 0x18000000 },
+  { 0x25801844, 0x1c000033 },
+  { 0x25801880, 0x1c000028 },
+  { 0x250018a9, 0x30000000 },
+  { 0x22801900, 0x1c00001c },
+  { 0x22801920, 0x30000002 },
+  { 0x22801923, 0x28000003 },
+  { 0x22801927, 0x30000001 },
+  { 0x22801929, 0x28000002 },
+  { 0x22801930, 0x28000001 },
+  { 0x22001932, 0x30000000 },
+  { 0x22801933, 0x28000005 },
+  { 0x22801939, 0x30000002 },
+  { 0x22001940, 0x68000000 },
+  { 0x22801944, 0x54000001 },
+  { 0x22801946, 0x34000009 },
+  { 0x34801950, 0x1c00001d },
+  { 0x34801970, 0x1c000004 },
+  { 0x27801980, 0x1c000029 },
+  { 0x278019b0, 0x28000010 },
+  { 0x278019c1, 0x1c000006 },
+  { 0x278019c8, 0x28000001 },
+  { 0x278019d0, 0x34000009 },
+  { 0x278019de, 0x54000001 },
+  { 0x1f8019e0, 0x6800001f },
+  { 0x05801a00, 0x1c000016 },
+  { 0x05801a17, 0x30000001 },
+  { 0x05801a19, 0x28000002 },
+  { 0x05801a1e, 0x54000001 },
+  { 0x21801d00, 0x1400002b },
+  { 0x21801d2c, 0x18000035 },
+  { 0x21801d62, 0x14000015 },
+  { 0x0c001d78, 0x18000000 },
+  { 0x21801d79, 0x14000021 },
+  { 0x21801d9b, 0x18000024 },
+  { 0x1b801dc0, 0x30000003 },
+  { 0x21001e00, 0x24000001 },
+  { 0x21001e01, 0x1400ffff },
+  { 0x21001e02, 0x24000001 },
+  { 0x21001e03, 0x1400ffff },
+  { 0x21001e04, 0x24000001 },
+  { 0x21001e05, 0x1400ffff },
+  { 0x21001e06, 0x24000001 },
+  { 0x21001e07, 0x1400ffff },
+  { 0x21001e08, 0x24000001 },
+  { 0x21001e09, 0x1400ffff },
+  { 0x21001e0a, 0x24000001 },
+  { 0x21001e0b, 0x1400ffff },
+  { 0x21001e0c, 0x24000001 },
+  { 0x21001e0d, 0x1400ffff },
+  { 0x21001e0e, 0x24000001 },
+  { 0x21001e0f, 0x1400ffff },
+  { 0x21001e10, 0x24000001 },
+  { 0x21001e11, 0x1400ffff },
+  { 0x21001e12, 0x24000001 },
+  { 0x21001e13, 0x1400ffff },
+  { 0x21001e14, 0x24000001 },
+  { 0x21001e15, 0x1400ffff },
+  { 0x21001e16, 0x24000001 },
+  { 0x21001e17, 0x1400ffff },
+  { 0x21001e18, 0x24000001 },
+  { 0x21001e19, 0x1400ffff },
+  { 0x21001e1a, 0x24000001 },
+  { 0x21001e1b, 0x1400ffff },
+  { 0x21001e1c, 0x24000001 },
+  { 0x21001e1d, 0x1400ffff },
+  { 0x21001e1e, 0x24000001 },
+  { 0x21001e1f, 0x1400ffff },
+  { 0x21001e20, 0x24000001 },
+  { 0x21001e21, 0x1400ffff },
+  { 0x21001e22, 0x24000001 },
+  { 0x21001e23, 0x1400ffff },
+  { 0x21001e24, 0x24000001 },
+  { 0x21001e25, 0x1400ffff },
+  { 0x21001e26, 0x24000001 },
+  { 0x21001e27, 0x1400ffff },
+  { 0x21001e28, 0x24000001 },
+  { 0x21001e29, 0x1400ffff },
+  { 0x21001e2a, 0x24000001 },
+  { 0x21001e2b, 0x1400ffff },
+  { 0x21001e2c, 0x24000001 },
+  { 0x21001e2d, 0x1400ffff },
+  { 0x21001e2e, 0x24000001 },
+  { 0x21001e2f, 0x1400ffff },
+  { 0x21001e30, 0x24000001 },
+  { 0x21001e31, 0x1400ffff },
+  { 0x21001e32, 0x24000001 },
+  { 0x21001e33, 0x1400ffff },
+  { 0x21001e34, 0x24000001 },
+  { 0x21001e35, 0x1400ffff },
+  { 0x21001e36, 0x24000001 },
+  { 0x21001e37, 0x1400ffff },
+  { 0x21001e38, 0x24000001 },
+  { 0x21001e39, 0x1400ffff },
+  { 0x21001e3a, 0x24000001 },
+  { 0x21001e3b, 0x1400ffff },
+  { 0x21001e3c, 0x24000001 },
+  { 0x21001e3d, 0x1400ffff },
+  { 0x21001e3e, 0x24000001 },
+  { 0x21001e3f, 0x1400ffff },
+  { 0x21001e40, 0x24000001 },
+  { 0x21001e41, 0x1400ffff },
+  { 0x21001e42, 0x24000001 },
+  { 0x21001e43, 0x1400ffff },
+  { 0x21001e44, 0x24000001 },
+  { 0x21001e45, 0x1400ffff },
+  { 0x21001e46, 0x24000001 },
+  { 0x21001e47, 0x1400ffff },
+  { 0x21001e48, 0x24000001 },
+  { 0x21001e49, 0x1400ffff },
+  { 0x21001e4a, 0x24000001 },
+  { 0x21001e4b, 0x1400ffff },
+  { 0x21001e4c, 0x24000001 },
+  { 0x21001e4d, 0x1400ffff },
+  { 0x21001e4e, 0x24000001 },
+  { 0x21001e4f, 0x1400ffff },
+  { 0x21001e50, 0x24000001 },
+  { 0x21001e51, 0x1400ffff },
+  { 0x21001e52, 0x24000001 },
+  { 0x21001e53, 0x1400ffff },
+  { 0x21001e54, 0x24000001 },
+  { 0x21001e55, 0x1400ffff },
+  { 0x21001e56, 0x24000001 },
+  { 0x21001e57, 0x1400ffff },
+  { 0x21001e58, 0x24000001 },
+  { 0x21001e59, 0x1400ffff },
+  { 0x21001e5a, 0x24000001 },
+  { 0x21001e5b, 0x1400ffff },
+  { 0x21001e5c, 0x24000001 },
+  { 0x21001e5d, 0x1400ffff },
+  { 0x21001e5e, 0x24000001 },
+  { 0x21001e5f, 0x1400ffff },
+  { 0x21001e60, 0x24000001 },
+  { 0x21001e61, 0x1400ffff },
+  { 0x21001e62, 0x24000001 },
+  { 0x21001e63, 0x1400ffff },
+  { 0x21001e64, 0x24000001 },
+  { 0x21001e65, 0x1400ffff },
+  { 0x21001e66, 0x24000001 },
+  { 0x21001e67, 0x1400ffff },
+  { 0x21001e68, 0x24000001 },
+  { 0x21001e69, 0x1400ffff },
+  { 0x21001e6a, 0x24000001 },
+  { 0x21001e6b, 0x1400ffff },
+  { 0x21001e6c, 0x24000001 },
+  { 0x21001e6d, 0x1400ffff },
+  { 0x21001e6e, 0x24000001 },
+  { 0x21001e6f, 0x1400ffff },
+  { 0x21001e70, 0x24000001 },
+  { 0x21001e71, 0x1400ffff },
+  { 0x21001e72, 0x24000001 },
+  { 0x21001e73, 0x1400ffff },
+  { 0x21001e74, 0x24000001 },
+  { 0x21001e75, 0x1400ffff },
+  { 0x21001e76, 0x24000001 },
+  { 0x21001e77, 0x1400ffff },
+  { 0x21001e78, 0x24000001 },
+  { 0x21001e79, 0x1400ffff },
+  { 0x21001e7a, 0x24000001 },
+  { 0x21001e7b, 0x1400ffff },
+  { 0x21001e7c, 0x24000001 },
+  { 0x21001e7d, 0x1400ffff },
+  { 0x21001e7e, 0x24000001 },
+  { 0x21001e7f, 0x1400ffff },
+  { 0x21001e80, 0x24000001 },
+  { 0x21001e81, 0x1400ffff },
+  { 0x21001e82, 0x24000001 },
+  { 0x21001e83, 0x1400ffff },
+  { 0x21001e84, 0x24000001 },
+  { 0x21001e85, 0x1400ffff },
+  { 0x21001e86, 0x24000001 },
+  { 0x21001e87, 0x1400ffff },
+  { 0x21001e88, 0x24000001 },
+  { 0x21001e89, 0x1400ffff },
+  { 0x21001e8a, 0x24000001 },
+  { 0x21001e8b, 0x1400ffff },
+  { 0x21001e8c, 0x24000001 },
+  { 0x21001e8d, 0x1400ffff },
+  { 0x21001e8e, 0x24000001 },
+  { 0x21001e8f, 0x1400ffff },
+  { 0x21001e90, 0x24000001 },
+  { 0x21001e91, 0x1400ffff },
+  { 0x21001e92, 0x24000001 },
+  { 0x21001e93, 0x1400ffff },
+  { 0x21001e94, 0x24000001 },
+  { 0x21001e95, 0x1400ffff },
+  { 0x21801e96, 0x14000004 },
+  { 0x21001e9b, 0x1400ffc5 },
+  { 0x21001ea0, 0x24000001 },
+  { 0x21001ea1, 0x1400ffff },
+  { 0x21001ea2, 0x24000001 },
+  { 0x21001ea3, 0x1400ffff },
+  { 0x21001ea4, 0x24000001 },
+  { 0x21001ea5, 0x1400ffff },
+  { 0x21001ea6, 0x24000001 },
+  { 0x21001ea7, 0x1400ffff },
+  { 0x21001ea8, 0x24000001 },
+  { 0x21001ea9, 0x1400ffff },
+  { 0x21001eaa, 0x24000001 },
+  { 0x21001eab, 0x1400ffff },
+  { 0x21001eac, 0x24000001 },
+  { 0x21001ead, 0x1400ffff },
+  { 0x21001eae, 0x24000001 },
+  { 0x21001eaf, 0x1400ffff },
+  { 0x21001eb0, 0x24000001 },
+  { 0x21001eb1, 0x1400ffff },
+  { 0x21001eb2, 0x24000001 },
+  { 0x21001eb3, 0x1400ffff },
+  { 0x21001eb4, 0x24000001 },
+  { 0x21001eb5, 0x1400ffff },
+  { 0x21001eb6, 0x24000001 },
+  { 0x21001eb7, 0x1400ffff },
+  { 0x21001eb8, 0x24000001 },
+  { 0x21001eb9, 0x1400ffff },
+  { 0x21001eba, 0x24000001 },
+  { 0x21001ebb, 0x1400ffff },
+  { 0x21001ebc, 0x24000001 },
+  { 0x21001ebd, 0x1400ffff },
+  { 0x21001ebe, 0x24000001 },
+  { 0x21001ebf, 0x1400ffff },
+  { 0x21001ec0, 0x24000001 },
+  { 0x21001ec1, 0x1400ffff },
+  { 0x21001ec2, 0x24000001 },
+  { 0x21001ec3, 0x1400ffff },
+  { 0x21001ec4, 0x24000001 },
+  { 0x21001ec5, 0x1400ffff },
+  { 0x21001ec6, 0x24000001 },
+  { 0x21001ec7, 0x1400ffff },
+  { 0x21001ec8, 0x24000001 },
+  { 0x21001ec9, 0x1400ffff },
+  { 0x21001eca, 0x24000001 },
+  { 0x21001ecb, 0x1400ffff },
+  { 0x21001ecc, 0x24000001 },
+  { 0x21001ecd, 0x1400ffff },
+  { 0x21001ece, 0x24000001 },
+  { 0x21001ecf, 0x1400ffff },
+  { 0x21001ed0, 0x24000001 },
+  { 0x21001ed1, 0x1400ffff },
+  { 0x21001ed2, 0x24000001 },
+  { 0x21001ed3, 0x1400ffff },
+  { 0x21001ed4, 0x24000001 },
+  { 0x21001ed5, 0x1400ffff },
+  { 0x21001ed6, 0x24000001 },
+  { 0x21001ed7, 0x1400ffff },
+  { 0x21001ed8, 0x24000001 },
+  { 0x21001ed9, 0x1400ffff },
+  { 0x21001eda, 0x24000001 },
+  { 0x21001edb, 0x1400ffff },
+  { 0x21001edc, 0x24000001 },
+  { 0x21001edd, 0x1400ffff },
+  { 0x21001ede, 0x24000001 },
+  { 0x21001edf, 0x1400ffff },
+  { 0x21001ee0, 0x24000001 },
+  { 0x21001ee1, 0x1400ffff },
+  { 0x21001ee2, 0x24000001 },
+  { 0x21001ee3, 0x1400ffff },
+  { 0x21001ee4, 0x24000001 },
+  { 0x21001ee5, 0x1400ffff },
+  { 0x21001ee6, 0x24000001 },
+  { 0x21001ee7, 0x1400ffff },
+  { 0x21001ee8, 0x24000001 },
+  { 0x21001ee9, 0x1400ffff },
+  { 0x21001eea, 0x24000001 },
+  { 0x21001eeb, 0x1400ffff },
+  { 0x21001eec, 0x24000001 },
+  { 0x21001eed, 0x1400ffff },
+  { 0x21001eee, 0x24000001 },
+  { 0x21001eef, 0x1400ffff },
+  { 0x21001ef0, 0x24000001 },
+  { 0x21001ef1, 0x1400ffff },
+  { 0x21001ef2, 0x24000001 },
+  { 0x21001ef3, 0x1400ffff },
+  { 0x21001ef4, 0x24000001 },
+  { 0x21001ef5, 0x1400ffff },
+  { 0x21001ef6, 0x24000001 },
+  { 0x21001ef7, 0x1400ffff },
+  { 0x21001ef8, 0x24000001 },
+  { 0x21001ef9, 0x1400ffff },
+  { 0x13001f00, 0x14000008 },
+  { 0x13001f01, 0x14000008 },
+  { 0x13001f02, 0x14000008 },
+  { 0x13001f03, 0x14000008 },
+  { 0x13001f04, 0x14000008 },
+  { 0x13001f05, 0x14000008 },
+  { 0x13001f06, 0x14000008 },
+  { 0x13001f07, 0x14000008 },
+  { 0x13001f08, 0x2400fff8 },
+  { 0x13001f09, 0x2400fff8 },
+  { 0x13001f0a, 0x2400fff8 },
+  { 0x13001f0b, 0x2400fff8 },
+  { 0x13001f0c, 0x2400fff8 },
+  { 0x13001f0d, 0x2400fff8 },
+  { 0x13001f0e, 0x2400fff8 },
+  { 0x13001f0f, 0x2400fff8 },
+  { 0x13001f10, 0x14000008 },
+  { 0x13001f11, 0x14000008 },
+  { 0x13001f12, 0x14000008 },
+  { 0x13001f13, 0x14000008 },
+  { 0x13001f14, 0x14000008 },
+  { 0x13001f15, 0x14000008 },
+  { 0x13001f18, 0x2400fff8 },
+  { 0x13001f19, 0x2400fff8 },
+  { 0x13001f1a, 0x2400fff8 },
+  { 0x13001f1b, 0x2400fff8 },
+  { 0x13001f1c, 0x2400fff8 },
+  { 0x13001f1d, 0x2400fff8 },
+  { 0x13001f20, 0x14000008 },
+  { 0x13001f21, 0x14000008 },
+  { 0x13001f22, 0x14000008 },
+  { 0x13001f23, 0x14000008 },
+  { 0x13001f24, 0x14000008 },
+  { 0x13001f25, 0x14000008 },
+  { 0x13001f26, 0x14000008 },
+  { 0x13001f27, 0x14000008 },
+  { 0x13001f28, 0x2400fff8 },
+  { 0x13001f29, 0x2400fff8 },
+  { 0x13001f2a, 0x2400fff8 },
+  { 0x13001f2b, 0x2400fff8 },
+  { 0x13001f2c, 0x2400fff8 },
+  { 0x13001f2d, 0x2400fff8 },
+  { 0x13001f2e, 0x2400fff8 },
+  { 0x13001f2f, 0x2400fff8 },
+  { 0x13001f30, 0x14000008 },
+  { 0x13001f31, 0x14000008 },
+  { 0x13001f32, 0x14000008 },
+  { 0x13001f33, 0x14000008 },
+  { 0x13001f34, 0x14000008 },
+  { 0x13001f35, 0x14000008 },
+  { 0x13001f36, 0x14000008 },
+  { 0x13001f37, 0x14000008 },
+  { 0x13001f38, 0x2400fff8 },
+  { 0x13001f39, 0x2400fff8 },
+  { 0x13001f3a, 0x2400fff8 },
+  { 0x13001f3b, 0x2400fff8 },
+  { 0x13001f3c, 0x2400fff8 },
+  { 0x13001f3d, 0x2400fff8 },
+  { 0x13001f3e, 0x2400fff8 },
+  { 0x13001f3f, 0x2400fff8 },
+  { 0x13001f40, 0x14000008 },
+  { 0x13001f41, 0x14000008 },
+  { 0x13001f42, 0x14000008 },
+  { 0x13001f43, 0x14000008 },
+  { 0x13001f44, 0x14000008 },
+  { 0x13001f45, 0x14000008 },
+  { 0x13001f48, 0x2400fff8 },
+  { 0x13001f49, 0x2400fff8 },
+  { 0x13001f4a, 0x2400fff8 },
+  { 0x13001f4b, 0x2400fff8 },
+  { 0x13001f4c, 0x2400fff8 },
+  { 0x13001f4d, 0x2400fff8 },
+  { 0x13001f50, 0x14000000 },
+  { 0x13001f51, 0x14000008 },
+  { 0x13001f52, 0x14000000 },
+  { 0x13001f53, 0x14000008 },
+  { 0x13001f54, 0x14000000 },
+  { 0x13001f55, 0x14000008 },
+  { 0x13001f56, 0x14000000 },
+  { 0x13001f57, 0x14000008 },
+  { 0x13001f59, 0x2400fff8 },
+  { 0x13001f5b, 0x2400fff8 },
+  { 0x13001f5d, 0x2400fff8 },
+  { 0x13001f5f, 0x2400fff8 },
+  { 0x13001f60, 0x14000008 },
+  { 0x13001f61, 0x14000008 },
+  { 0x13001f62, 0x14000008 },
+  { 0x13001f63, 0x14000008 },
+  { 0x13001f64, 0x14000008 },
+  { 0x13001f65, 0x14000008 },
+  { 0x13001f66, 0x14000008 },
+  { 0x13001f67, 0x14000008 },
+  { 0x13001f68, 0x2400fff8 },
+  { 0x13001f69, 0x2400fff8 },
+  { 0x13001f6a, 0x2400fff8 },
+  { 0x13001f6b, 0x2400fff8 },
+  { 0x13001f6c, 0x2400fff8 },
+  { 0x13001f6d, 0x2400fff8 },
+  { 0x13001f6e, 0x2400fff8 },
+  { 0x13001f6f, 0x2400fff8 },
+  { 0x13001f70, 0x1400004a },
+  { 0x13001f71, 0x1400004a },
+  { 0x13001f72, 0x14000056 },
+  { 0x13001f73, 0x14000056 },
+  { 0x13001f74, 0x14000056 },
+  { 0x13001f75, 0x14000056 },
+  { 0x13001f76, 0x14000064 },
+  { 0x13001f77, 0x14000064 },
+  { 0x13001f78, 0x14000080 },
+  { 0x13001f79, 0x14000080 },
+  { 0x13001f7a, 0x14000070 },
+  { 0x13001f7b, 0x14000070 },
+  { 0x13001f7c, 0x1400007e },
+  { 0x13001f7d, 0x1400007e },
+  { 0x13001f80, 0x14000008 },
+  { 0x13001f81, 0x14000008 },
+  { 0x13001f82, 0x14000008 },
+  { 0x13001f83, 0x14000008 },
+  { 0x13001f84, 0x14000008 },
+  { 0x13001f85, 0x14000008 },
+  { 0x13001f86, 0x14000008 },
+  { 0x13001f87, 0x14000008 },
+  { 0x13001f88, 0x2000fff8 },
+  { 0x13001f89, 0x2000fff8 },
+  { 0x13001f8a, 0x2000fff8 },
+  { 0x13001f8b, 0x2000fff8 },
+  { 0x13001f8c, 0x2000fff8 },
+  { 0x13001f8d, 0x2000fff8 },
+  { 0x13001f8e, 0x2000fff8 },
+  { 0x13001f8f, 0x2000fff8 },
+  { 0x13001f90, 0x14000008 },
+  { 0x13001f91, 0x14000008 },
+  { 0x13001f92, 0x14000008 },
+  { 0x13001f93, 0x14000008 },
+  { 0x13001f94, 0x14000008 },
+  { 0x13001f95, 0x14000008 },
+  { 0x13001f96, 0x14000008 },
+  { 0x13001f97, 0x14000008 },
+  { 0x13001f98, 0x2000fff8 },
+  { 0x13001f99, 0x2000fff8 },
+  { 0x13001f9a, 0x2000fff8 },
+  { 0x13001f9b, 0x2000fff8 },
+  { 0x13001f9c, 0x2000fff8 },
+  { 0x13001f9d, 0x2000fff8 },
+  { 0x13001f9e, 0x2000fff8 },
+  { 0x13001f9f, 0x2000fff8 },
+  { 0x13001fa0, 0x14000008 },
+  { 0x13001fa1, 0x14000008 },
+  { 0x13001fa2, 0x14000008 },
+  { 0x13001fa3, 0x14000008 },
+  { 0x13001fa4, 0x14000008 },
+  { 0x13001fa5, 0x14000008 },
+  { 0x13001fa6, 0x14000008 },
+  { 0x13001fa7, 0x14000008 },
+  { 0x13001fa8, 0x2000fff8 },
+  { 0x13001fa9, 0x2000fff8 },
+  { 0x13001faa, 0x2000fff8 },
+  { 0x13001fab, 0x2000fff8 },
+  { 0x13001fac, 0x2000fff8 },
+  { 0x13001fad, 0x2000fff8 },
+  { 0x13001fae, 0x2000fff8 },
+  { 0x13001faf, 0x2000fff8 },
+  { 0x13001fb0, 0x14000008 },
+  { 0x13001fb1, 0x14000008 },
+  { 0x13001fb2, 0x14000000 },
+  { 0x13001fb3, 0x14000009 },
+  { 0x13001fb4, 0x14000000 },
+  { 0x13801fb6, 0x14000001 },
+  { 0x13001fb8, 0x2400fff8 },
+  { 0x13001fb9, 0x2400fff8 },
+  { 0x13001fba, 0x2400ffb6 },
+  { 0x13001fbb, 0x2400ffb6 },
+  { 0x13001fbc, 0x2000fff7 },
+  { 0x13001fbd, 0x60000000 },
+  { 0x13001fbe, 0x1400e3db },
+  { 0x13801fbf, 0x60000002 },
+  { 0x13001fc2, 0x14000000 },
+  { 0x13001fc3, 0x14000009 },
+  { 0x13001fc4, 0x14000000 },
+  { 0x13801fc6, 0x14000001 },
+  { 0x13001fc8, 0x2400ffaa },
+  { 0x13001fc9, 0x2400ffaa },
+  { 0x13001fca, 0x2400ffaa },
+  { 0x13001fcb, 0x2400ffaa },
+  { 0x13001fcc, 0x2000fff7 },
+  { 0x13801fcd, 0x60000002 },
+  { 0x13001fd0, 0x14000008 },
+  { 0x13001fd1, 0x14000008 },
+  { 0x13801fd2, 0x14000001 },
+  { 0x13801fd6, 0x14000001 },
+  { 0x13001fd8, 0x2400fff8 },
+  { 0x13001fd9, 0x2400fff8 },
+  { 0x13001fda, 0x2400ff9c },
+  { 0x13001fdb, 0x2400ff9c },
+  { 0x13801fdd, 0x60000002 },
+  { 0x13001fe0, 0x14000008 },
+  { 0x13001fe1, 0x14000008 },
+  { 0x13801fe2, 0x14000002 },
+  { 0x13001fe5, 0x14000007 },
+  { 0x13801fe6, 0x14000001 },
+  { 0x13001fe8, 0x2400fff8 },
+  { 0x13001fe9, 0x2400fff8 },
+  { 0x13001fea, 0x2400ff90 },
+  { 0x13001feb, 0x2400ff90 },
+  { 0x13001fec, 0x2400fff9 },
+  { 0x13801fed, 0x60000002 },
+  { 0x13001ff2, 0x14000000 },
+  { 0x13001ff3, 0x14000009 },
+  { 0x13001ff4, 0x14000000 },
+  { 0x13801ff6, 0x14000001 },
+  { 0x13001ff8, 0x2400ff80 },
+  { 0x13001ff9, 0x2400ff80 },
+  { 0x13001ffa, 0x2400ff82 },
+  { 0x13001ffb, 0x2400ff82 },
+  { 0x13001ffc, 0x2000fff7 },
+  { 0x13801ffd, 0x60000001 },
+  { 0x09802000, 0x7400000a },
+  { 0x0980200b, 0x04000004 },
+  { 0x09802010, 0x44000005 },
+  { 0x09802016, 0x54000001 },
+  { 0x09002018, 0x50000000 },
+  { 0x09002019, 0x4c000000 },
+  { 0x0900201a, 0x58000000 },
+  { 0x0980201b, 0x50000001 },
+  { 0x0900201d, 0x4c000000 },
+  { 0x0900201e, 0x58000000 },
+  { 0x0900201f, 0x50000000 },
+  { 0x09802020, 0x54000007 },
+  { 0x09002028, 0x6c000000 },
+  { 0x09002029, 0x70000000 },
+  { 0x0980202a, 0x04000004 },
+  { 0x0900202f, 0x74000000 },
+  { 0x09802030, 0x54000008 },
+  { 0x09002039, 0x50000000 },
+  { 0x0900203a, 0x4c000000 },
+  { 0x0980203b, 0x54000003 },
+  { 0x0980203f, 0x40000001 },
+  { 0x09802041, 0x54000002 },
+  { 0x09002044, 0x64000000 },
+  { 0x09002045, 0x58000000 },
+  { 0x09002046, 0x48000000 },
+  { 0x09802047, 0x5400000a },
+  { 0x09002052, 0x64000000 },
+  { 0x09002053, 0x54000000 },
+  { 0x09002054, 0x40000000 },
+  { 0x09802055, 0x54000009 },
+  { 0x0900205f, 0x74000000 },
+  { 0x09802060, 0x04000003 },
+  { 0x0980206a, 0x04000005 },
+  { 0x09002070, 0x3c000000 },
+  { 0x21002071, 0x14000000 },
+  { 0x09802074, 0x3c000005 },
+  { 0x0980207a, 0x64000002 },
+  { 0x0900207d, 0x58000000 },
+  { 0x0900207e, 0x48000000 },
+  { 0x2100207f, 0x14000000 },
+  { 0x09802080, 0x3c000009 },
+  { 0x0980208a, 0x64000002 },
+  { 0x0900208d, 0x58000000 },
+  { 0x0900208e, 0x48000000 },
+  { 0x21802090, 0x18000004 },
+  { 0x098020a0, 0x5c000015 },
+  { 0x1b8020d0, 0x3000000c },
+  { 0x1b8020dd, 0x2c000003 },
+  { 0x1b0020e1, 0x30000000 },
+  { 0x1b8020e2, 0x2c000002 },
+  { 0x1b8020e5, 0x30000006 },
+  { 0x09802100, 0x68000001 },
+  { 0x09002102, 0x24000000 },
+  { 0x09802103, 0x68000003 },
+  { 0x09002107, 0x24000000 },
+  { 0x09802108, 0x68000001 },
+  { 0x0900210a, 0x14000000 },
+  { 0x0980210b, 0x24000002 },
+  { 0x0980210e, 0x14000001 },
+  { 0x09802110, 0x24000002 },
+  { 0x09002113, 0x14000000 },
+  { 0x09002114, 0x68000000 },
+  { 0x09002115, 0x24000000 },
+  { 0x09802116, 0x68000002 },
+  { 0x09802119, 0x24000004 },
+  { 0x0980211e, 0x68000005 },
+  { 0x09002124, 0x24000000 },
+  { 0x09002125, 0x68000000 },
+  { 0x13002126, 0x2400e2a3 },
+  { 0x09002127, 0x68000000 },
+  { 0x09002128, 0x24000000 },
+  { 0x09002129, 0x68000000 },
+  { 0x2100212a, 0x2400df41 },
+  { 0x2100212b, 0x2400dfba },
+  { 0x0980212c, 0x24000001 },
+  { 0x0900212e, 0x68000000 },
+  { 0x0900212f, 0x14000000 },
+  { 0x09802130, 0x24000001 },
+  { 0x09002132, 0x68000000 },
+  { 0x09002133, 0x24000000 },
+  { 0x09002134, 0x14000000 },
+  { 0x09802135, 0x1c000003 },
+  { 0x09002139, 0x14000000 },
+  { 0x0980213a, 0x68000001 },
+  { 0x0980213c, 0x14000001 },
+  { 0x0980213e, 0x24000001 },
+  { 0x09802140, 0x64000004 },
+  { 0x09002145, 0x24000000 },
+  { 0x09802146, 0x14000003 },
+  { 0x0900214a, 0x68000000 },
+  { 0x0900214b, 0x64000000 },
+  { 0x0900214c, 0x68000000 },
+  { 0x09802153, 0x3c00000c },
+  { 0x09002160, 0x38000010 },
+  { 0x09002161, 0x38000010 },
+  { 0x09002162, 0x38000010 },
+  { 0x09002163, 0x38000010 },
+  { 0x09002164, 0x38000010 },
+  { 0x09002165, 0x38000010 },
+  { 0x09002166, 0x38000010 },
+  { 0x09002167, 0x38000010 },
+  { 0x09002168, 0x38000010 },
+  { 0x09002169, 0x38000010 },
+  { 0x0900216a, 0x38000010 },
+  { 0x0900216b, 0x38000010 },
+  { 0x0900216c, 0x38000010 },
+  { 0x0900216d, 0x38000010 },
+  { 0x0900216e, 0x38000010 },
+  { 0x0900216f, 0x38000010 },
+  { 0x09002170, 0x3800fff0 },
+  { 0x09002171, 0x3800fff0 },
+  { 0x09002172, 0x3800fff0 },
+  { 0x09002173, 0x3800fff0 },
+  { 0x09002174, 0x3800fff0 },
+  { 0x09002175, 0x3800fff0 },
+  { 0x09002176, 0x3800fff0 },
+  { 0x09002177, 0x3800fff0 },
+  { 0x09002178, 0x3800fff0 },
+  { 0x09002179, 0x3800fff0 },
+  { 0x0900217a, 0x3800fff0 },
+  { 0x0900217b, 0x3800fff0 },
+  { 0x0900217c, 0x3800fff0 },
+  { 0x0900217d, 0x3800fff0 },
+  { 0x0900217e, 0x3800fff0 },
+  { 0x0900217f, 0x3800fff0 },
+  { 0x09802180, 0x38000003 },
+  { 0x09802190, 0x64000004 },
+  { 0x09802195, 0x68000004 },
+  { 0x0980219a, 0x64000001 },
+  { 0x0980219c, 0x68000003 },
+  { 0x090021a0, 0x64000000 },
+  { 0x098021a1, 0x68000001 },
+  { 0x090021a3, 0x64000000 },
+  { 0x098021a4, 0x68000001 },
+  { 0x090021a6, 0x64000000 },
+  { 0x098021a7, 0x68000006 },
+  { 0x090021ae, 0x64000000 },
+  { 0x098021af, 0x6800001e },
+  { 0x098021ce, 0x64000001 },
+  { 0x098021d0, 0x68000001 },
+  { 0x090021d2, 0x64000000 },
+  { 0x090021d3, 0x68000000 },
+  { 0x090021d4, 0x64000000 },
+  { 0x098021d5, 0x6800001e },
+  { 0x098021f4, 0x6400010b },
+  { 0x09802300, 0x68000007 },
+  { 0x09802308, 0x64000003 },
+  { 0x0980230c, 0x68000013 },
+  { 0x09802320, 0x64000001 },
+  { 0x09802322, 0x68000006 },
+  { 0x09002329, 0x58000000 },
+  { 0x0900232a, 0x48000000 },
+  { 0x0980232b, 0x68000050 },
+  { 0x0900237c, 0x64000000 },
+  { 0x0980237d, 0x6800001d },
+  { 0x0980239b, 0x64000018 },
+  { 0x090023b4, 0x58000000 },
+  { 0x090023b5, 0x48000000 },
+  { 0x090023b6, 0x54000000 },
+  { 0x098023b7, 0x68000024 },
+  { 0x09802400, 0x68000026 },
+  { 0x09802440, 0x6800000a },
+  { 0x09802460, 0x3c00003b },
+  { 0x0980249c, 0x68000019 },
+  { 0x090024b6, 0x6800001a },
+  { 0x090024b7, 0x6800001a },
+  { 0x090024b8, 0x6800001a },
+  { 0x090024b9, 0x6800001a },
+  { 0x090024ba, 0x6800001a },
+  { 0x090024bb, 0x6800001a },
+  { 0x090024bc, 0x6800001a },
+  { 0x090024bd, 0x6800001a },
+  { 0x090024be, 0x6800001a },
+  { 0x090024bf, 0x6800001a },
+  { 0x090024c0, 0x6800001a },
+  { 0x090024c1, 0x6800001a },
+  { 0x090024c2, 0x6800001a },
+  { 0x090024c3, 0x6800001a },
+  { 0x090024c4, 0x6800001a },
+  { 0x090024c5, 0x6800001a },
+  { 0x090024c6, 0x6800001a },
+  { 0x090024c7, 0x6800001a },
+  { 0x090024c8, 0x6800001a },
+  { 0x090024c9, 0x6800001a },
+  { 0x090024ca, 0x6800001a },
+  { 0x090024cb, 0x6800001a },
+  { 0x090024cc, 0x6800001a },
+  { 0x090024cd, 0x6800001a },
+  { 0x090024ce, 0x6800001a },
+  { 0x090024cf, 0x6800001a },
+  { 0x090024d0, 0x6800ffe6 },
+  { 0x090024d1, 0x6800ffe6 },
+  { 0x090024d2, 0x6800ffe6 },
+  { 0x090024d3, 0x6800ffe6 },
+  { 0x090024d4, 0x6800ffe6 },
+  { 0x090024d5, 0x6800ffe6 },
+  { 0x090024d6, 0x6800ffe6 },
+  { 0x090024d7, 0x6800ffe6 },
+  { 0x090024d8, 0x6800ffe6 },
+  { 0x090024d9, 0x6800ffe6 },
+  { 0x090024da, 0x6800ffe6 },
+  { 0x090024db, 0x6800ffe6 },
+  { 0x090024dc, 0x6800ffe6 },
+  { 0x090024dd, 0x6800ffe6 },
+  { 0x090024de, 0x6800ffe6 },
+  { 0x090024df, 0x6800ffe6 },
+  { 0x090024e0, 0x6800ffe6 },
+  { 0x090024e1, 0x6800ffe6 },
+  { 0x090024e2, 0x6800ffe6 },
+  { 0x090024e3, 0x6800ffe6 },
+  { 0x090024e4, 0x6800ffe6 },
+  { 0x090024e5, 0x6800ffe6 },
+  { 0x090024e6, 0x6800ffe6 },
+  { 0x090024e7, 0x6800ffe6 },
+  { 0x090024e8, 0x6800ffe6 },
+  { 0x090024e9, 0x6800ffe6 },
+  { 0x098024ea, 0x3c000015 },
+  { 0x09802500, 0x680000b6 },
+  { 0x090025b7, 0x64000000 },
+  { 0x098025b8, 0x68000008 },
+  { 0x090025c1, 0x64000000 },
+  { 0x098025c2, 0x68000035 },
+  { 0x098025f8, 0x64000007 },
+  { 0x09802600, 0x6800006e },
+  { 0x0900266f, 0x64000000 },
+  { 0x09802670, 0x6800002c },
+  { 0x098026a0, 0x68000011 },
+  { 0x09802701, 0x68000003 },
+  { 0x09802706, 0x68000003 },
+  { 0x0980270c, 0x6800001b },
+  { 0x09802729, 0x68000022 },
+  { 0x0900274d, 0x68000000 },
+  { 0x0980274f, 0x68000003 },
+  { 0x09002756, 0x68000000 },
+  { 0x09802758, 0x68000006 },
+  { 0x09802761, 0x68000006 },
+  { 0x09002768, 0x58000000 },
+  { 0x09002769, 0x48000000 },
+  { 0x0900276a, 0x58000000 },
+  { 0x0900276b, 0x48000000 },
+  { 0x0900276c, 0x58000000 },
+  { 0x0900276d, 0x48000000 },
+  { 0x0900276e, 0x58000000 },
+  { 0x0900276f, 0x48000000 },
+  { 0x09002770, 0x58000000 },
+  { 0x09002771, 0x48000000 },
+  { 0x09002772, 0x58000000 },
+  { 0x09002773, 0x48000000 },
+  { 0x09002774, 0x58000000 },
+  { 0x09002775, 0x48000000 },
+  { 0x09802776, 0x3c00001d },
+  { 0x09002794, 0x68000000 },
+  { 0x09802798, 0x68000017 },
+  { 0x098027b1, 0x6800000d },
+  { 0x098027c0, 0x64000004 },
+  { 0x090027c5, 0x58000000 },
+  { 0x090027c6, 0x48000000 },
+  { 0x098027d0, 0x64000015 },
+  { 0x090027e6, 0x58000000 },
+  { 0x090027e7, 0x48000000 },
+  { 0x090027e8, 0x58000000 },
+  { 0x090027e9, 0x48000000 },
+  { 0x090027ea, 0x58000000 },
+  { 0x090027eb, 0x48000000 },
+  { 0x098027f0, 0x6400000f },
+  { 0x04802800, 0x680000ff },
+  { 0x09802900, 0x64000082 },
+  { 0x09002983, 0x58000000 },
+  { 0x09002984, 0x48000000 },
+  { 0x09002985, 0x58000000 },
+  { 0x09002986, 0x48000000 },
+  { 0x09002987, 0x58000000 },
+  { 0x09002988, 0x48000000 },
+  { 0x09002989, 0x58000000 },
+  { 0x0900298a, 0x48000000 },
+  { 0x0900298b, 0x58000000 },
+  { 0x0900298c, 0x48000000 },
+  { 0x0900298d, 0x58000000 },
+  { 0x0900298e, 0x48000000 },
+  { 0x0900298f, 0x58000000 },
+  { 0x09002990, 0x48000000 },
+  { 0x09002991, 0x58000000 },
+  { 0x09002992, 0x48000000 },
+  { 0x09002993, 0x58000000 },
+  { 0x09002994, 0x48000000 },
+  { 0x09002995, 0x58000000 },
+  { 0x09002996, 0x48000000 },
+  { 0x09002997, 0x58000000 },
+  { 0x09002998, 0x48000000 },
+  { 0x09802999, 0x6400003e },
+  { 0x090029d8, 0x58000000 },
+  { 0x090029d9, 0x48000000 },
+  { 0x090029da, 0x58000000 },
+  { 0x090029db, 0x48000000 },
+  { 0x098029dc, 0x6400001f },
+  { 0x090029fc, 0x58000000 },
+  { 0x090029fd, 0x48000000 },
+  { 0x098029fe, 0x64000101 },
+  { 0x09802b00, 0x68000013 },
+  { 0x11002c00, 0x24000030 },
+  { 0x11002c01, 0x24000030 },
+  { 0x11002c02, 0x24000030 },
+  { 0x11002c03, 0x24000030 },
+  { 0x11002c04, 0x24000030 },
+  { 0x11002c05, 0x24000030 },
+  { 0x11002c06, 0x24000030 },
+  { 0x11002c07, 0x24000030 },
+  { 0x11002c08, 0x24000030 },
+  { 0x11002c09, 0x24000030 },
+  { 0x11002c0a, 0x24000030 },
+  { 0x11002c0b, 0x24000030 },
+  { 0x11002c0c, 0x24000030 },
+  { 0x11002c0d, 0x24000030 },
+  { 0x11002c0e, 0x24000030 },
+  { 0x11002c0f, 0x24000030 },
+  { 0x11002c10, 0x24000030 },
+  { 0x11002c11, 0x24000030 },
+  { 0x11002c12, 0x24000030 },
+  { 0x11002c13, 0x24000030 },
+  { 0x11002c14, 0x24000030 },
+  { 0x11002c15, 0x24000030 },
+  { 0x11002c16, 0x24000030 },
+  { 0x11002c17, 0x24000030 },
+  { 0x11002c18, 0x24000030 },
+  { 0x11002c19, 0x24000030 },
+  { 0x11002c1a, 0x24000030 },
+  { 0x11002c1b, 0x24000030 },
+  { 0x11002c1c, 0x24000030 },
+  { 0x11002c1d, 0x24000030 },
+  { 0x11002c1e, 0x24000030 },
+  { 0x11002c1f, 0x24000030 },
+  { 0x11002c20, 0x24000030 },
+  { 0x11002c21, 0x24000030 },
+  { 0x11002c22, 0x24000030 },
+  { 0x11002c23, 0x24000030 },
+  { 0x11002c24, 0x24000030 },
+  { 0x11002c25, 0x24000030 },
+  { 0x11002c26, 0x24000030 },
+  { 0x11002c27, 0x24000030 },
+  { 0x11002c28, 0x24000030 },
+  { 0x11002c29, 0x24000030 },
+  { 0x11002c2a, 0x24000030 },
+  { 0x11002c2b, 0x24000030 },
+  { 0x11002c2c, 0x24000030 },
+  { 0x11002c2d, 0x24000030 },
+  { 0x11002c2e, 0x24000030 },
+  { 0x11002c30, 0x1400ffd0 },
+  { 0x11002c31, 0x1400ffd0 },
+  { 0x11002c32, 0x1400ffd0 },
+  { 0x11002c33, 0x1400ffd0 },
+  { 0x11002c34, 0x1400ffd0 },
+  { 0x11002c35, 0x1400ffd0 },
+  { 0x11002c36, 0x1400ffd0 },
+  { 0x11002c37, 0x1400ffd0 },
+  { 0x11002c38, 0x1400ffd0 },
+  { 0x11002c39, 0x1400ffd0 },
+  { 0x11002c3a, 0x1400ffd0 },
+  { 0x11002c3b, 0x1400ffd0 },
+  { 0x11002c3c, 0x1400ffd0 },
+  { 0x11002c3d, 0x1400ffd0 },
+  { 0x11002c3e, 0x1400ffd0 },
+  { 0x11002c3f, 0x1400ffd0 },
+  { 0x11002c40, 0x1400ffd0 },
+  { 0x11002c41, 0x1400ffd0 },
+  { 0x11002c42, 0x1400ffd0 },
+  { 0x11002c43, 0x1400ffd0 },
+  { 0x11002c44, 0x1400ffd0 },
+  { 0x11002c45, 0x1400ffd0 },
+  { 0x11002c46, 0x1400ffd0 },
+  { 0x11002c47, 0x1400ffd0 },
+  { 0x11002c48, 0x1400ffd0 },
+  { 0x11002c49, 0x1400ffd0 },
+  { 0x11002c4a, 0x1400ffd0 },
+  { 0x11002c4b, 0x1400ffd0 },
+  { 0x11002c4c, 0x1400ffd0 },
+  { 0x11002c4d, 0x1400ffd0 },
+  { 0x11002c4e, 0x1400ffd0 },
+  { 0x11002c4f, 0x1400ffd0 },
+  { 0x11002c50, 0x1400ffd0 },
+  { 0x11002c51, 0x1400ffd0 },
+  { 0x11002c52, 0x1400ffd0 },
+  { 0x11002c53, 0x1400ffd0 },
+  { 0x11002c54, 0x1400ffd0 },
+  { 0x11002c55, 0x1400ffd0 },
+  { 0x11002c56, 0x1400ffd0 },
+  { 0x11002c57, 0x1400ffd0 },
+  { 0x11002c58, 0x1400ffd0 },
+  { 0x11002c59, 0x1400ffd0 },
+  { 0x11002c5a, 0x1400ffd0 },
+  { 0x11002c5b, 0x1400ffd0 },
+  { 0x11002c5c, 0x1400ffd0 },
+  { 0x11002c5d, 0x1400ffd0 },
+  { 0x11002c5e, 0x1400ffd0 },
+  { 0x0a002c80, 0x24000001 },
+  { 0x0a002c81, 0x1400ffff },
+  { 0x0a002c82, 0x24000001 },
+  { 0x0a002c83, 0x1400ffff },
+  { 0x0a002c84, 0x24000001 },
+  { 0x0a002c85, 0x1400ffff },
+  { 0x0a002c86, 0x24000001 },
+  { 0x0a002c87, 0x1400ffff },
+  { 0x0a002c88, 0x24000001 },
+  { 0x0a002c89, 0x1400ffff },
+  { 0x0a002c8a, 0x24000001 },
+  { 0x0a002c8b, 0x1400ffff },
+  { 0x0a002c8c, 0x24000001 },
+  { 0x0a002c8d, 0x1400ffff },
+  { 0x0a002c8e, 0x24000001 },
+  { 0x0a002c8f, 0x1400ffff },
+  { 0x0a002c90, 0x24000001 },
+  { 0x0a002c91, 0x1400ffff },
+  { 0x0a002c92, 0x24000001 },
+  { 0x0a002c93, 0x1400ffff },
+  { 0x0a002c94, 0x24000001 },
+  { 0x0a002c95, 0x1400ffff },
+  { 0x0a002c96, 0x24000001 },
+  { 0x0a002c97, 0x1400ffff },
+  { 0x0a002c98, 0x24000001 },
+  { 0x0a002c99, 0x1400ffff },
+  { 0x0a002c9a, 0x24000001 },
+  { 0x0a002c9b, 0x1400ffff },
+  { 0x0a002c9c, 0x24000001 },
+  { 0x0a002c9d, 0x1400ffff },
+  { 0x0a002c9e, 0x24000001 },
+  { 0x0a002c9f, 0x1400ffff },
+  { 0x0a002ca0, 0x24000001 },
+  { 0x0a002ca1, 0x1400ffff },
+  { 0x0a002ca2, 0x24000001 },
+  { 0x0a002ca3, 0x1400ffff },
+  { 0x0a002ca4, 0x24000001 },
+  { 0x0a002ca5, 0x1400ffff },
+  { 0x0a002ca6, 0x24000001 },
+  { 0x0a002ca7, 0x1400ffff },
+  { 0x0a002ca8, 0x24000001 },
+  { 0x0a002ca9, 0x1400ffff },
+  { 0x0a002caa, 0x24000001 },
+  { 0x0a002cab, 0x1400ffff },
+  { 0x0a002cac, 0x24000001 },
+  { 0x0a002cad, 0x1400ffff },
+  { 0x0a002cae, 0x24000001 },
+  { 0x0a002caf, 0x1400ffff },
+  { 0x0a002cb0, 0x24000001 },
+  { 0x0a002cb1, 0x1400ffff },
+  { 0x0a002cb2, 0x24000001 },
+  { 0x0a002cb3, 0x1400ffff },
+  { 0x0a002cb4, 0x24000001 },
+  { 0x0a002cb5, 0x1400ffff },
+  { 0x0a002cb6, 0x24000001 },
+  { 0x0a002cb7, 0x1400ffff },
+  { 0x0a002cb8, 0x24000001 },
+  { 0x0a002cb9, 0x1400ffff },
+  { 0x0a002cba, 0x24000001 },
+  { 0x0a002cbb, 0x1400ffff },
+  { 0x0a002cbc, 0x24000001 },
+  { 0x0a002cbd, 0x1400ffff },
+  { 0x0a002cbe, 0x24000001 },
+  { 0x0a002cbf, 0x1400ffff },
+  { 0x0a002cc0, 0x24000001 },
+  { 0x0a002cc1, 0x1400ffff },
+  { 0x0a002cc2, 0x24000001 },
+  { 0x0a002cc3, 0x1400ffff },
+  { 0x0a002cc4, 0x24000001 },
+  { 0x0a002cc5, 0x1400ffff },
+  { 0x0a002cc6, 0x24000001 },
+  { 0x0a002cc7, 0x1400ffff },
+  { 0x0a002cc8, 0x24000001 },
+  { 0x0a002cc9, 0x1400ffff },
+  { 0x0a002cca, 0x24000001 },
+  { 0x0a002ccb, 0x1400ffff },
+  { 0x0a002ccc, 0x24000001 },
+  { 0x0a002ccd, 0x1400ffff },
+  { 0x0a002cce, 0x24000001 },
+  { 0x0a002ccf, 0x1400ffff },
+  { 0x0a002cd0, 0x24000001 },
+  { 0x0a002cd1, 0x1400ffff },
+  { 0x0a002cd2, 0x24000001 },
+  { 0x0a002cd3, 0x1400ffff },
+  { 0x0a002cd4, 0x24000001 },
+  { 0x0a002cd5, 0x1400ffff },
+  { 0x0a002cd6, 0x24000001 },
+  { 0x0a002cd7, 0x1400ffff },
+  { 0x0a002cd8, 0x24000001 },
+  { 0x0a002cd9, 0x1400ffff },
+  { 0x0a002cda, 0x24000001 },
+  { 0x0a002cdb, 0x1400ffff },
+  { 0x0a002cdc, 0x24000001 },
+  { 0x0a002cdd, 0x1400ffff },
+  { 0x0a002cde, 0x24000001 },
+  { 0x0a002cdf, 0x1400ffff },
+  { 0x0a002ce0, 0x24000001 },
+  { 0x0a002ce1, 0x1400ffff },
+  { 0x0a002ce2, 0x24000001 },
+  { 0x0a002ce3, 0x1400ffff },
+  { 0x0a002ce4, 0x14000000 },
+  { 0x0a802ce5, 0x68000005 },
+  { 0x0a802cf9, 0x54000003 },
+  { 0x0a002cfd, 0x3c000000 },
+  { 0x0a802cfe, 0x54000001 },
+  { 0x10002d00, 0x1400e3a0 },
+  { 0x10002d01, 0x1400e3a0 },
+  { 0x10002d02, 0x1400e3a0 },
+  { 0x10002d03, 0x1400e3a0 },
+  { 0x10002d04, 0x1400e3a0 },
+  { 0x10002d05, 0x1400e3a0 },
+  { 0x10002d06, 0x1400e3a0 },
+  { 0x10002d07, 0x1400e3a0 },
+  { 0x10002d08, 0x1400e3a0 },
+  { 0x10002d09, 0x1400e3a0 },
+  { 0x10002d0a, 0x1400e3a0 },
+  { 0x10002d0b, 0x1400e3a0 },
+  { 0x10002d0c, 0x1400e3a0 },
+  { 0x10002d0d, 0x1400e3a0 },
+  { 0x10002d0e, 0x1400e3a0 },
+  { 0x10002d0f, 0x1400e3a0 },
+  { 0x10002d10, 0x1400e3a0 },
+  { 0x10002d11, 0x1400e3a0 },
+  { 0x10002d12, 0x1400e3a0 },
+  { 0x10002d13, 0x1400e3a0 },
+  { 0x10002d14, 0x1400e3a0 },
+  { 0x10002d15, 0x1400e3a0 },
+  { 0x10002d16, 0x1400e3a0 },
+  { 0x10002d17, 0x1400e3a0 },
+  { 0x10002d18, 0x1400e3a0 },
+  { 0x10002d19, 0x1400e3a0 },
+  { 0x10002d1a, 0x1400e3a0 },
+  { 0x10002d1b, 0x1400e3a0 },
+  { 0x10002d1c, 0x1400e3a0 },
+  { 0x10002d1d, 0x1400e3a0 },
+  { 0x10002d1e, 0x1400e3a0 },
+  { 0x10002d1f, 0x1400e3a0 },
+  { 0x10002d20, 0x1400e3a0 },
+  { 0x10002d21, 0x1400e3a0 },
+  { 0x10002d22, 0x1400e3a0 },
+  { 0x10002d23, 0x1400e3a0 },
+  { 0x10002d24, 0x1400e3a0 },
+  { 0x10002d25, 0x1400e3a0 },
+  { 0x3a802d30, 0x1c000035 },
+  { 0x3a002d6f, 0x18000000 },
+  { 0x0f802d80, 0x1c000016 },
+  { 0x0f802da0, 0x1c000006 },
+  { 0x0f802da8, 0x1c000006 },
+  { 0x0f802db0, 0x1c000006 },
+  { 0x0f802db8, 0x1c000006 },
+  { 0x0f802dc0, 0x1c000006 },
+  { 0x0f802dc8, 0x1c000006 },
+  { 0x0f802dd0, 0x1c000006 },
+  { 0x0f802dd8, 0x1c000006 },
+  { 0x09802e00, 0x54000001 },
+  { 0x09002e02, 0x50000000 },
+  { 0x09002e03, 0x4c000000 },
+  { 0x09002e04, 0x50000000 },
+  { 0x09002e05, 0x4c000000 },
+  { 0x09802e06, 0x54000002 },
+  { 0x09002e09, 0x50000000 },
+  { 0x09002e0a, 0x4c000000 },
+  { 0x09002e0b, 0x54000000 },
+  { 0x09002e0c, 0x50000000 },
+  { 0x09002e0d, 0x4c000000 },
+  { 0x09802e0e, 0x54000008 },
+  { 0x09002e17, 0x44000000 },
+  { 0x09002e1c, 0x50000000 },
+  { 0x09002e1d, 0x4c000000 },
+  { 0x16802e80, 0x68000019 },
+  { 0x16802e9b, 0x68000058 },
+  { 0x16802f00, 0x680000d5 },
+  { 0x09802ff0, 0x6800000b },
+  { 0x09003000, 0x74000000 },
+  { 0x09803001, 0x54000002 },
+  { 0x09003004, 0x68000000 },
+  { 0x16003005, 0x18000000 },
+  { 0x09003006, 0x1c000000 },
+  { 0x16003007, 0x38000000 },
+  { 0x09003008, 0x58000000 },
+  { 0x09003009, 0x48000000 },
+  { 0x0900300a, 0x58000000 },
+  { 0x0900300b, 0x48000000 },
+  { 0x0900300c, 0x58000000 },
+  { 0x0900300d, 0x48000000 },
+  { 0x0900300e, 0x58000000 },
+  { 0x0900300f, 0x48000000 },
+  { 0x09003010, 0x58000000 },
+  { 0x09003011, 0x48000000 },
+  { 0x09803012, 0x68000001 },
+  { 0x09003014, 0x58000000 },
+  { 0x09003015, 0x48000000 },
+  { 0x09003016, 0x58000000 },
+  { 0x09003017, 0x48000000 },
+  { 0x09003018, 0x58000000 },
+  { 0x09003019, 0x48000000 },
+  { 0x0900301a, 0x58000000 },
+  { 0x0900301b, 0x48000000 },
+  { 0x0900301c, 0x44000000 },
+  { 0x0900301d, 0x58000000 },
+  { 0x0980301e, 0x48000001 },
+  { 0x09003020, 0x68000000 },
+  { 0x16803021, 0x38000008 },
+  { 0x1b80302a, 0x30000005 },
+  { 0x09003030, 0x44000000 },
+  { 0x09803031, 0x18000004 },
+  { 0x09803036, 0x68000001 },
+  { 0x16803038, 0x38000002 },
+  { 0x1600303b, 0x18000000 },
+  { 0x0900303c, 0x1c000000 },
+  { 0x0900303d, 0x54000000 },
+  { 0x0980303e, 0x68000001 },
+  { 0x1a803041, 0x1c000055 },
+  { 0x1b803099, 0x30000001 },
+  { 0x0980309b, 0x60000001 },
+  { 0x1a80309d, 0x18000001 },
+  { 0x1a00309f, 0x1c000000 },
+  { 0x090030a0, 0x44000000 },
+  { 0x1d8030a1, 0x1c000059 },
+  { 0x090030fb, 0x54000000 },
+  { 0x098030fc, 0x18000002 },
+  { 0x1d0030ff, 0x1c000000 },
+  { 0x03803105, 0x1c000027 },
+  { 0x17803131, 0x1c00005d },
+  { 0x09803190, 0x68000001 },
+  { 0x09803192, 0x3c000003 },
+  { 0x09803196, 0x68000009 },
+  { 0x038031a0, 0x1c000017 },
+  { 0x098031c0, 0x6800000f },
+  { 0x1d8031f0, 0x1c00000f },
+  { 0x17803200, 0x6800001e },
+  { 0x09803220, 0x3c000009 },
+  { 0x0980322a, 0x68000019 },
+  { 0x09003250, 0x68000000 },
+  { 0x09803251, 0x3c00000e },
+  { 0x17803260, 0x6800001f },
+  { 0x09803280, 0x3c000009 },
+  { 0x0980328a, 0x68000026 },
+  { 0x098032b1, 0x3c00000e },
+  { 0x098032c0, 0x6800003e },
+  { 0x09803300, 0x680000ff },
+  { 0x16803400, 0x1c0019b5 },
+  { 0x09804dc0, 0x6800003f },
+  { 0x16804e00, 0x1c0051bb },
+  { 0x3c80a000, 0x1c000014 },
+  { 0x3c00a015, 0x18000000 },
+  { 0x3c80a016, 0x1c000476 },
+  { 0x3c80a490, 0x68000036 },
+  { 0x0980a700, 0x60000016 },
+  { 0x3080a800, 0x1c000001 },
+  { 0x3000a802, 0x28000000 },
+  { 0x3080a803, 0x1c000002 },
+  { 0x3000a806, 0x30000000 },
+  { 0x3080a807, 0x1c000003 },
+  { 0x3000a80b, 0x30000000 },
+  { 0x3080a80c, 0x1c000016 },
+  { 0x3080a823, 0x28000001 },
+  { 0x3080a825, 0x30000001 },
+  { 0x3000a827, 0x28000000 },
+  { 0x3080a828, 0x68000003 },
+  { 0x1780ac00, 0x1c002ba3 },
+  { 0x0980d800, 0x1000037f },
+  { 0x0980db80, 0x1000007f },
+  { 0x0980dc00, 0x100003ff },
+  { 0x0980e000, 0x0c0018ff },
+  { 0x1680f900, 0x1c00012d },
+  { 0x1680fa30, 0x1c00003a },
+  { 0x1680fa70, 0x1c000069 },
+  { 0x2180fb00, 0x14000006 },
+  { 0x0180fb13, 0x14000004 },
+  { 0x1900fb1d, 0x1c000000 },
+  { 0x1900fb1e, 0x30000000 },
+  { 0x1980fb1f, 0x1c000009 },
+  { 0x1900fb29, 0x64000000 },
+  { 0x1980fb2a, 0x1c00000c },
+  { 0x1980fb38, 0x1c000004 },
+  { 0x1900fb3e, 0x1c000000 },
+  { 0x1980fb40, 0x1c000001 },
+  { 0x1980fb43, 0x1c000001 },
+  { 0x1980fb46, 0x1c00006b },
+  { 0x0080fbd3, 0x1c00016a },
+  { 0x0900fd3e, 0x58000000 },
+  { 0x0900fd3f, 0x48000000 },
+  { 0x0080fd50, 0x1c00003f },
+  { 0x0080fd92, 0x1c000035 },
+  { 0x0080fdf0, 0x1c00000b },
+  { 0x0000fdfc, 0x5c000000 },
+  { 0x0900fdfd, 0x68000000 },
+  { 0x1b80fe00, 0x3000000f },
+  { 0x0980fe10, 0x54000006 },
+  { 0x0900fe17, 0x58000000 },
+  { 0x0900fe18, 0x48000000 },
+  { 0x0900fe19, 0x54000000 },
+  { 0x1b80fe20, 0x30000003 },
+  { 0x0900fe30, 0x54000000 },
+  { 0x0980fe31, 0x44000001 },
+  { 0x0980fe33, 0x40000001 },
+  { 0x0900fe35, 0x58000000 },
+  { 0x0900fe36, 0x48000000 },
+  { 0x0900fe37, 0x58000000 },
+  { 0x0900fe38, 0x48000000 },
+  { 0x0900fe39, 0x58000000 },
+  { 0x0900fe3a, 0x48000000 },
+  { 0x0900fe3b, 0x58000000 },
+  { 0x0900fe3c, 0x48000000 },
+  { 0x0900fe3d, 0x58000000 },
+  { 0x0900fe3e, 0x48000000 },
+  { 0x0900fe3f, 0x58000000 },
+  { 0x0900fe40, 0x48000000 },
+  { 0x0900fe41, 0x58000000 },
+  { 0x0900fe42, 0x48000000 },
+  { 0x0900fe43, 0x58000000 },
+  { 0x0900fe44, 0x48000000 },
+  { 0x0980fe45, 0x54000001 },
+  { 0x0900fe47, 0x58000000 },
+  { 0x0900fe48, 0x48000000 },
+  { 0x0980fe49, 0x54000003 },
+  { 0x0980fe4d, 0x40000002 },
+  { 0x0980fe50, 0x54000002 },
+  { 0x0980fe54, 0x54000003 },
+  { 0x0900fe58, 0x44000000 },
+  { 0x0900fe59, 0x58000000 },
+  { 0x0900fe5a, 0x48000000 },
+  { 0x0900fe5b, 0x58000000 },
+  { 0x0900fe5c, 0x48000000 },
+  { 0x0900fe5d, 0x58000000 },
+  { 0x0900fe5e, 0x48000000 },
+  { 0x0980fe5f, 0x54000002 },
+  { 0x0900fe62, 0x64000000 },
+  { 0x0900fe63, 0x44000000 },
+  { 0x0980fe64, 0x64000002 },
+  { 0x0900fe68, 0x54000000 },
+  { 0x0900fe69, 0x5c000000 },
+  { 0x0980fe6a, 0x54000001 },
+  { 0x0080fe70, 0x1c000004 },
+  { 0x0080fe76, 0x1c000086 },
+  { 0x0900feff, 0x04000000 },
+  { 0x0980ff01, 0x54000002 },
+  { 0x0900ff04, 0x5c000000 },
+  { 0x0980ff05, 0x54000002 },
+  { 0x0900ff08, 0x58000000 },
+  { 0x0900ff09, 0x48000000 },
+  { 0x0900ff0a, 0x54000000 },
+  { 0x0900ff0b, 0x64000000 },
+  { 0x0900ff0c, 0x54000000 },
+  { 0x0900ff0d, 0x44000000 },
+  { 0x0980ff0e, 0x54000001 },
+  { 0x0980ff10, 0x34000009 },
+  { 0x0980ff1a, 0x54000001 },
+  { 0x0980ff1c, 0x64000002 },
+  { 0x0980ff1f, 0x54000001 },
+  { 0x2100ff21, 0x24000020 },
+  { 0x2100ff22, 0x24000020 },
+  { 0x2100ff23, 0x24000020 },
+  { 0x2100ff24, 0x24000020 },
+  { 0x2100ff25, 0x24000020 },
+  { 0x2100ff26, 0x24000020 },
+  { 0x2100ff27, 0x24000020 },
+  { 0x2100ff28, 0x24000020 },
+  { 0x2100ff29, 0x24000020 },
+  { 0x2100ff2a, 0x24000020 },
+  { 0x2100ff2b, 0x24000020 },
+  { 0x2100ff2c, 0x24000020 },
+  { 0x2100ff2d, 0x24000020 },
+  { 0x2100ff2e, 0x24000020 },
+  { 0x2100ff2f, 0x24000020 },
+  { 0x2100ff30, 0x24000020 },
+  { 0x2100ff31, 0x24000020 },
+  { 0x2100ff32, 0x24000020 },
+  { 0x2100ff33, 0x24000020 },
+  { 0x2100ff34, 0x24000020 },
+  { 0x2100ff35, 0x24000020 },
+  { 0x2100ff36, 0x24000020 },
+  { 0x2100ff37, 0x24000020 },
+  { 0x2100ff38, 0x24000020 },
+  { 0x2100ff39, 0x24000020 },
+  { 0x2100ff3a, 0x24000020 },
+  { 0x0900ff3b, 0x58000000 },
+  { 0x0900ff3c, 0x54000000 },
+  { 0x0900ff3d, 0x48000000 },
+  { 0x0900ff3e, 0x60000000 },
+  { 0x0900ff3f, 0x40000000 },
+  { 0x0900ff40, 0x60000000 },
+  { 0x2100ff41, 0x1400ffe0 },
+  { 0x2100ff42, 0x1400ffe0 },
+  { 0x2100ff43, 0x1400ffe0 },
+  { 0x2100ff44, 0x1400ffe0 },
+  { 0x2100ff45, 0x1400ffe0 },
+  { 0x2100ff46, 0x1400ffe0 },
+  { 0x2100ff47, 0x1400ffe0 },
+  { 0x2100ff48, 0x1400ffe0 },
+  { 0x2100ff49, 0x1400ffe0 },
+  { 0x2100ff4a, 0x1400ffe0 },
+  { 0x2100ff4b, 0x1400ffe0 },
+  { 0x2100ff4c, 0x1400ffe0 },
+  { 0x2100ff4d, 0x1400ffe0 },
+  { 0x2100ff4e, 0x1400ffe0 },
+  { 0x2100ff4f, 0x1400ffe0 },
+  { 0x2100ff50, 0x1400ffe0 },
+  { 0x2100ff51, 0x1400ffe0 },
+  { 0x2100ff52, 0x1400ffe0 },
+  { 0x2100ff53, 0x1400ffe0 },
+  { 0x2100ff54, 0x1400ffe0 },
+  { 0x2100ff55, 0x1400ffe0 },
+  { 0x2100ff56, 0x1400ffe0 },
+  { 0x2100ff57, 0x1400ffe0 },
+  { 0x2100ff58, 0x1400ffe0 },
+  { 0x2100ff59, 0x1400ffe0 },
+  { 0x2100ff5a, 0x1400ffe0 },
+  { 0x0900ff5b, 0x58000000 },
+  { 0x0900ff5c, 0x64000000 },
+  { 0x0900ff5d, 0x48000000 },
+  { 0x0900ff5e, 0x64000000 },
+  { 0x0900ff5f, 0x58000000 },
+  { 0x0900ff60, 0x48000000 },
+  { 0x0900ff61, 0x54000000 },
+  { 0x0900ff62, 0x58000000 },
+  { 0x0900ff63, 0x48000000 },
+  { 0x0980ff64, 0x54000001 },
+  { 0x1d80ff66, 0x1c000009 },
+  { 0x0900ff70, 0x18000000 },
+  { 0x1d80ff71, 0x1c00002c },
+  { 0x0980ff9e, 0x18000001 },
+  { 0x1780ffa0, 0x1c00001e },
+  { 0x1780ffc2, 0x1c000005 },
+  { 0x1780ffca, 0x1c000005 },
+  { 0x1780ffd2, 0x1c000005 },
+  { 0x1780ffda, 0x1c000002 },
+  { 0x0980ffe0, 0x5c000001 },
+  { 0x0900ffe2, 0x64000000 },
+  { 0x0900ffe3, 0x60000000 },
+  { 0x0900ffe4, 0x68000000 },
+  { 0x0980ffe5, 0x5c000001 },
+  { 0x0900ffe8, 0x68000000 },
+  { 0x0980ffe9, 0x64000003 },
+  { 0x0980ffed, 0x68000001 },
+  { 0x0980fff9, 0x04000002 },
+  { 0x0980fffc, 0x68000001 },
+  { 0x23810000, 0x1c00000b },
+  { 0x2381000d, 0x1c000019 },
+  { 0x23810028, 0x1c000012 },
+  { 0x2381003c, 0x1c000001 },
+  { 0x2381003f, 0x1c00000e },
+  { 0x23810050, 0x1c00000d },
+  { 0x23810080, 0x1c00007a },
+  { 0x09810100, 0x54000001 },
+  { 0x09010102, 0x68000000 },
+  { 0x09810107, 0x3c00002c },
+  { 0x09810137, 0x68000008 },
+  { 0x13810140, 0x38000034 },
+  { 0x13810175, 0x3c000003 },
+  { 0x13810179, 0x68000010 },
+  { 0x1301018a, 0x3c000000 },
+  { 0x29810300, 0x1c00001e },
+  { 0x29810320, 0x3c000003 },
+  { 0x12810330, 0x1c000019 },
+  { 0x1201034a, 0x38000000 },
+  { 0x3b810380, 0x1c00001d },
+  { 0x3b01039f, 0x54000000 },
+  { 0x2a8103a0, 0x1c000023 },
+  { 0x2a8103c8, 0x1c000007 },
+  { 0x2a0103d0, 0x68000000 },
+  { 0x2a8103d1, 0x38000004 },
+  { 0x0d010400, 0x24000028 },
+  { 0x0d010401, 0x24000028 },
+  { 0x0d010402, 0x24000028 },
+  { 0x0d010403, 0x24000028 },
+  { 0x0d010404, 0x24000028 },
+  { 0x0d010405, 0x24000028 },
+  { 0x0d010406, 0x24000028 },
+  { 0x0d010407, 0x24000028 },
+  { 0x0d010408, 0x24000028 },
+  { 0x0d010409, 0x24000028 },
+  { 0x0d01040a, 0x24000028 },
+  { 0x0d01040b, 0x24000028 },
+  { 0x0d01040c, 0x24000028 },
+  { 0x0d01040d, 0x24000028 },
+  { 0x0d01040e, 0x24000028 },
+  { 0x0d01040f, 0x24000028 },
+  { 0x0d010410, 0x24000028 },
+  { 0x0d010411, 0x24000028 },
+  { 0x0d010412, 0x24000028 },
+  { 0x0d010413, 0x24000028 },
+  { 0x0d010414, 0x24000028 },
+  { 0x0d010415, 0x24000028 },
+  { 0x0d010416, 0x24000028 },
+  { 0x0d010417, 0x24000028 },
+  { 0x0d010418, 0x24000028 },
+  { 0x0d010419, 0x24000028 },
+  { 0x0d01041a, 0x24000028 },
+  { 0x0d01041b, 0x24000028 },
+  { 0x0d01041c, 0x24000028 },
+  { 0x0d01041d, 0x24000028 },
+  { 0x0d01041e, 0x24000028 },
+  { 0x0d01041f, 0x24000028 },
+  { 0x0d010420, 0x24000028 },
+  { 0x0d010421, 0x24000028 },
+  { 0x0d010422, 0x24000028 },
+  { 0x0d010423, 0x24000028 },
+  { 0x0d010424, 0x24000028 },
+  { 0x0d010425, 0x24000028 },
+  { 0x0d010426, 0x24000028 },
+  { 0x0d010427, 0x24000028 },
+  { 0x0d010428, 0x1400ffd8 },
+  { 0x0d010429, 0x1400ffd8 },
+  { 0x0d01042a, 0x1400ffd8 },
+  { 0x0d01042b, 0x1400ffd8 },
+  { 0x0d01042c, 0x1400ffd8 },
+  { 0x0d01042d, 0x1400ffd8 },
+  { 0x0d01042e, 0x1400ffd8 },
+  { 0x0d01042f, 0x1400ffd8 },
+  { 0x0d010430, 0x1400ffd8 },
+  { 0x0d010431, 0x1400ffd8 },
+  { 0x0d010432, 0x1400ffd8 },
+  { 0x0d010433, 0x1400ffd8 },
+  { 0x0d010434, 0x1400ffd8 },
+  { 0x0d010435, 0x1400ffd8 },
+  { 0x0d010436, 0x1400ffd8 },
+  { 0x0d010437, 0x1400ffd8 },
+  { 0x0d010438, 0x1400ffd8 },
+  { 0x0d010439, 0x1400ffd8 },
+  { 0x0d01043a, 0x1400ffd8 },
+  { 0x0d01043b, 0x1400ffd8 },
+  { 0x0d01043c, 0x1400ffd8 },
+  { 0x0d01043d, 0x1400ffd8 },
+  { 0x0d01043e, 0x1400ffd8 },
+  { 0x0d01043f, 0x1400ffd8 },
+  { 0x0d010440, 0x1400ffd8 },
+  { 0x0d010441, 0x1400ffd8 },
+  { 0x0d010442, 0x1400ffd8 },
+  { 0x0d010443, 0x1400ffd8 },
+  { 0x0d010444, 0x1400ffd8 },
+  { 0x0d010445, 0x1400ffd8 },
+  { 0x0d010446, 0x1400ffd8 },
+  { 0x0d010447, 0x1400ffd8 },
+  { 0x0d010448, 0x1400ffd8 },
+  { 0x0d010449, 0x1400ffd8 },
+  { 0x0d01044a, 0x1400ffd8 },
+  { 0x0d01044b, 0x1400ffd8 },
+  { 0x0d01044c, 0x1400ffd8 },
+  { 0x0d01044d, 0x1400ffd8 },
+  { 0x0d01044e, 0x1400ffd8 },
+  { 0x0d01044f, 0x1400ffd8 },
+  { 0x2e810450, 0x1c00004d },
+  { 0x2c8104a0, 0x34000009 },
+  { 0x0b810800, 0x1c000005 },
+  { 0x0b010808, 0x1c000000 },
+  { 0x0b81080a, 0x1c00002b },
+  { 0x0b810837, 0x1c000001 },
+  { 0x0b01083c, 0x1c000000 },
+  { 0x0b01083f, 0x1c000000 },
+  { 0x1e010a00, 0x1c000000 },
+  { 0x1e810a01, 0x30000002 },
+  { 0x1e810a05, 0x30000001 },
+  { 0x1e810a0c, 0x30000003 },
+  { 0x1e810a10, 0x1c000003 },
+  { 0x1e810a15, 0x1c000002 },
+  { 0x1e810a19, 0x1c00001a },
+  { 0x1e810a38, 0x30000002 },
+  { 0x1e010a3f, 0x30000000 },
+  { 0x1e810a40, 0x3c000007 },
+  { 0x1e810a50, 0x54000008 },
+  { 0x0981d000, 0x680000f5 },
+  { 0x0981d100, 0x68000026 },
+  { 0x0981d12a, 0x6800003a },
+  { 0x0981d165, 0x28000001 },
+  { 0x1b81d167, 0x30000002 },
+  { 0x0981d16a, 0x68000002 },
+  { 0x0981d16d, 0x28000005 },
+  { 0x0981d173, 0x04000007 },
+  { 0x1b81d17b, 0x30000007 },
+  { 0x0981d183, 0x68000001 },
+  { 0x1b81d185, 0x30000006 },
+  { 0x0981d18c, 0x6800001d },
+  { 0x1b81d1aa, 0x30000003 },
+  { 0x0981d1ae, 0x6800002f },
+  { 0x1381d200, 0x68000041 },
+  { 0x1381d242, 0x30000002 },
+  { 0x1301d245, 0x68000000 },
+  { 0x0981d300, 0x68000056 },
+  { 0x0981d400, 0x24000019 },
+  { 0x0981d41a, 0x14000019 },
+  { 0x0981d434, 0x24000019 },
+  { 0x0981d44e, 0x14000006 },
+  { 0x0981d456, 0x14000011 },
+  { 0x0981d468, 0x24000019 },
+  { 0x0981d482, 0x14000019 },
+  { 0x0901d49c, 0x24000000 },
+  { 0x0981d49e, 0x24000001 },
+  { 0x0901d4a2, 0x24000000 },
+  { 0x0981d4a5, 0x24000001 },
+  { 0x0981d4a9, 0x24000003 },
+  { 0x0981d4ae, 0x24000007 },
+  { 0x0981d4b6, 0x14000003 },
+  { 0x0901d4bb, 0x14000000 },
+  { 0x0981d4bd, 0x14000006 },
+  { 0x0981d4c5, 0x1400000a },
+  { 0x0981d4d0, 0x24000019 },
+  { 0x0981d4ea, 0x14000019 },
+  { 0x0981d504, 0x24000001 },
+  { 0x0981d507, 0x24000003 },
+  { 0x0981d50d, 0x24000007 },
+  { 0x0981d516, 0x24000006 },
+  { 0x0981d51e, 0x14000019 },
+  { 0x0981d538, 0x24000001 },
+  { 0x0981d53b, 0x24000003 },
+  { 0x0981d540, 0x24000004 },
+  { 0x0901d546, 0x24000000 },
+  { 0x0981d54a, 0x24000006 },
+  { 0x0981d552, 0x14000019 },
+  { 0x0981d56c, 0x24000019 },
+  { 0x0981d586, 0x14000019 },
+  { 0x0981d5a0, 0x24000019 },
+  { 0x0981d5ba, 0x14000019 },
+  { 0x0981d5d4, 0x24000019 },
+  { 0x0981d5ee, 0x14000019 },
+  { 0x0981d608, 0x24000019 },
+  { 0x0981d622, 0x14000019 },
+  { 0x0981d63c, 0x24000019 },
+  { 0x0981d656, 0x14000019 },
+  { 0x0981d670, 0x24000019 },
+  { 0x0981d68a, 0x1400001b },
+  { 0x0981d6a8, 0x24000018 },
+  { 0x0901d6c1, 0x64000000 },
+  { 0x0981d6c2, 0x14000018 },
+  { 0x0901d6db, 0x64000000 },
+  { 0x0981d6dc, 0x14000005 },
+  { 0x0981d6e2, 0x24000018 },
+  { 0x0901d6fb, 0x64000000 },
+  { 0x0981d6fc, 0x14000018 },
+  { 0x0901d715, 0x64000000 },
+  { 0x0981d716, 0x14000005 },
+  { 0x0981d71c, 0x24000018 },
+  { 0x0901d735, 0x64000000 },
+  { 0x0981d736, 0x14000018 },
+  { 0x0901d74f, 0x64000000 },
+  { 0x0981d750, 0x14000005 },
+  { 0x0981d756, 0x24000018 },
+  { 0x0901d76f, 0x64000000 },
+  { 0x0981d770, 0x14000018 },
+  { 0x0901d789, 0x64000000 },
+  { 0x0981d78a, 0x14000005 },
+  { 0x0981d790, 0x24000018 },
+  { 0x0901d7a9, 0x64000000 },
+  { 0x0981d7aa, 0x14000018 },
+  { 0x0901d7c3, 0x64000000 },
+  { 0x0981d7c4, 0x14000005 },
+  { 0x0981d7ce, 0x34000031 },
+  { 0x16820000, 0x1c00a6d6 },
+  { 0x1682f800, 0x1c00021d },
+  { 0x090e0001, 0x04000000 },
+  { 0x098e0020, 0x0400005f },
+  { 0x1b8e0100, 0x300000ef },
+  { 0x098f0000, 0x0c00fffd },
+  { 0x09900000, 0x0c00fffd },
+};
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/CallIdentifier.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/CallIdentifier.h
new file mode 100644
index 000000000..ba48c558a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/CallIdentifier.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#ifndef CallIdentifier_h
+#define CallIdentifier_h
+
+#include <runtime/UString.h>
+#include "FastAllocBase.h"
+
+namespace JSC {
+
+    struct CallIdentifier : public FastAllocBase {
+        UString m_name;
+        UString m_url;
+        unsigned m_lineNumber;
+
+        CallIdentifier()
+            : m_lineNumber(0)
+        {
+        }
+
+        CallIdentifier(const UString& name, const UString& url, int lineNumber)
+            : m_name(name)
+            , m_url(url)
+            , m_lineNumber(lineNumber)
+        {
+        }
+
+        inline bool operator==(const CallIdentifier& ci) const { return ci.m_lineNumber == m_lineNumber && ci.m_name == m_name && ci.m_url == m_url; }
+        inline bool operator!=(const CallIdentifier& ci) const { return !(*this == ci); }
+
+        struct Hash {
+            static unsigned hash(const CallIdentifier& key)
+            {
+                unsigned hashCodes[3] = {
+                    key.m_name.rep()->hash(),
+                    key.m_url.rep()->hash(),
+                    key.m_lineNumber
+                };
+                return UString::Rep::computeHash(reinterpret_cast<char*>(hashCodes), sizeof(hashCodes));
+            }
+
+            static bool equal(const CallIdentifier& a, const CallIdentifier& b) { return a == b; }
+            static const bool safeToCompareToEmptyOrDeleted = true;
+        };
+
+        unsigned hash() const { return Hash::hash(*this); }
+
+#ifndef NDEBUG
+        operator const char*() const { return c_str(); }
+        const char* c_str() const { return m_name.UTF8String().c_str(); }
+#endif
+    };
+
+} // namespace JSC
+
+namespace WTF {
+
+    template<> struct DefaultHash<JSC::CallIdentifier> { typedef JSC::CallIdentifier::Hash Hash; };
+
+    template<> struct HashTraits<JSC::CallIdentifier> : GenericHashTraits<JSC::CallIdentifier> {
+        static void constructDeletedValue(JSC::CallIdentifier& slot)
+        {
+            new (&slot) JSC::CallIdentifier(JSC::UString(), JSC::UString(), std::numeric_limits<unsigned>::max());
+        }
+        static bool isDeletedValue(const JSC::CallIdentifier& value)
+        {
+            return value.m_name.isNull() && value.m_url.isNull() && value.m_lineNumber == std::numeric_limits<unsigned>::max();
+        }
+    };
+
+} // namespace WTF
+
+#endif  // CallIdentifier_h
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.cpp
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.cpp
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.h
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/HeavyProfile.h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.cpp
new file mode 100644
index 000000000..de75e71c6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.cpp
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Profile.h"
+
+#include "ProfileNode.h"
+#include <stdio.h>
+
+namespace JSC {
+
+PassRefPtr<Profile> Profile::create(const UString& title, unsigned uid)
+{
+    return adoptRef(new Profile(title, uid));
+}
+
+Profile::Profile(const UString& title, unsigned uid)
+    : m_title(title)
+    , m_uid(uid)
+{
+    // FIXME: When multi-threading is supported this will be a vector and calls
+    // into the profiler will need to know which thread it is executing on.
+    m_head = ProfileNode::create(CallIdentifier("Thread_1", 0, 0), 0, 0);
+}
+
+Profile::~Profile()
+{
+}
+
+void Profile::forEach(void (ProfileNode::*function)())
+{
+    ProfileNode* currentNode = m_head->firstChild();
+    for (ProfileNode* nextNode = currentNode; nextNode; nextNode = nextNode->firstChild())
+        currentNode = nextNode;
+
+    if (!currentNode)
+        currentNode = m_head.get();
+
+    ProfileNode* endNode = m_head->traverseNextNodePostOrder();
+    while (currentNode && currentNode != endNode) {
+        (currentNode->*function)();
+        currentNode = currentNode->traverseNextNodePostOrder();
+    } 
+}
+
+void Profile::focus(const ProfileNode* profileNode)
+{
+    if (!profileNode || !m_head)
+        return;
+
+    bool processChildren;
+    const CallIdentifier& callIdentifier = profileNode->callIdentifier();
+    for (ProfileNode* currentNode = m_head.get(); currentNode; currentNode = currentNode->traverseNextNodePreOrder(processChildren))
+        processChildren = currentNode->focus(callIdentifier);
+
+    // Set the visible time of all nodes so that the %s display correctly.
+    forEach(&ProfileNode::calculateVisibleTotalTime);
+}
+
+void Profile::exclude(const ProfileNode* profileNode)
+{
+    if (!profileNode || !m_head)
+        return;
+
+    const CallIdentifier& callIdentifier = profileNode->callIdentifier();
+
+    for (ProfileNode* currentNode = m_head.get(); currentNode; currentNode = currentNode->traverseNextNodePreOrder())
+        currentNode->exclude(callIdentifier);
+
+    // Set the visible time of the head so the %s display correctly.
+    m_head->setVisibleTotalTime(m_head->totalTime() - m_head->selfTime());
+    m_head->setVisibleSelfTime(0.0);
+}
+
+void Profile::restoreAll()
+{
+    forEach(&ProfileNode::restore);
+}
+
+#ifndef NDEBUG
+void Profile::debugPrintData() const
+{
+    printf("Call graph:\n");
+    m_head->debugPrintData(0);
+}
+
+typedef pair<UString::Rep*, unsigned> NameCountPair;
+
+static inline bool functionNameCountPairComparator(const NameCountPair& a, const NameCountPair& b)
+{
+    return a.second > b.second;
+}
+
+void Profile::debugPrintDataSampleStyle() const
+{
+    typedef Vector<NameCountPair> NameCountPairVector;
+
+    FunctionCallHashCount countedFunctions;
+    printf("Call graph:\n");
+    m_head->debugPrintDataSampleStyle(0, countedFunctions);
+
+    printf("\nTotal number in stack:\n");
+    NameCountPairVector sortedFunctions(countedFunctions.size());
+    copyToVector(countedFunctions, sortedFunctions);
+
+    std::sort(sortedFunctions.begin(), sortedFunctions.end(), functionNameCountPairComparator);
+    for (NameCountPairVector::iterator it = sortedFunctions.begin(); it != sortedFunctions.end(); ++it)
+        printf("        %-12d%s\n", (*it).second, UString((*it).first).UTF8String().c_str());
+
+    printf("\nSort by top of stack, same collapsed (when >= 5):\n");
+}
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.h
new file mode 100644
index 000000000..6bf29f7a6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profile.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#ifndef Profile_h
+#define Profile_h
+
+#include "ProfileNode.h"
+#include <runtime/UString.h>
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class Profile : public RefCounted<Profile> {
+    public:
+        static PassRefPtr<Profile> create(const UString& title, unsigned uid);
+        virtual ~Profile();
+
+        const UString& title() const { return m_title; }
+        ProfileNode* head() const { return m_head.get(); }
+        void setHead(PassRefPtr<ProfileNode> head) { m_head = head; }
+        double totalTime() const { return m_head->totalTime(); }
+        unsigned int uid() const { return m_uid; }
+
+        void forEach(void (ProfileNode::*)());
+
+        void focus(const ProfileNode*);
+        void exclude(const ProfileNode*);
+        void restoreAll();
+
+#ifndef NDEBUG
+        void debugPrintData() const;
+        void debugPrintDataSampleStyle() const;
+#endif
+
+    protected:
+        Profile(const UString& title, unsigned uid);
+
+    private:
+        void removeProfileStart();
+        void removeProfileEnd();
+ 
+        UString m_title;
+        RefPtr<ProfileNode> m_head;
+        unsigned int m_uid;
+    };
+
+} // namespace JSC
+
+#endif // Profile_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.cpp
new file mode 100644
index 000000000..dc68ecb0a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.cpp
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ProfileGenerator.h"
+
+#include "CallFrame.h"
+#include "CodeBlock.h"
+#include "JSGlobalObject.h"
+#include "JSStringRef.h"
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "Profile.h"
+#include "Profiler.h"
+#include "Tracing.h"
+
+namespace JSC {
+
+static const char* NonJSExecution = "(idle)";
+
+PassRefPtr<ProfileGenerator> ProfileGenerator::create(const UString& title, ExecState* originatingExec, unsigned uid)
+{
+    return adoptRef(new ProfileGenerator(title, originatingExec, uid));
+}
+
+ProfileGenerator::ProfileGenerator(const UString& title, ExecState* originatingExec, unsigned uid)
+    : m_originatingGlobalExec(originatingExec ? originatingExec->lexicalGlobalObject()->globalExec() : 0)
+    , m_profileGroup(originatingExec ? originatingExec->lexicalGlobalObject()->profileGroup() : 0)
+{
+    m_profile = Profile::create(title, uid);
+    m_currentNode = m_head = m_profile->head();
+    if (originatingExec)
+        addParentForConsoleStart(originatingExec);
+}
+
+void ProfileGenerator::addParentForConsoleStart(ExecState* exec)
+{
+    int lineNumber;
+    intptr_t sourceID;
+    UString sourceURL;
+    JSValue function;
+
+    exec->interpreter()->retrieveLastCaller(exec, lineNumber, sourceID, sourceURL, function);
+    m_currentNode = ProfileNode::create(Profiler::createCallIdentifier(&exec->globalData(), function ? function.toThisObject(exec) : 0, sourceURL, lineNumber), m_head.get(), m_head.get());
+    m_head->insertNode(m_currentNode.get());
+}
+
+const UString& ProfileGenerator::title() const
+{
+    return m_profile->title();
+}
+
+void ProfileGenerator::willExecute(const CallIdentifier& callIdentifier)
+{
+    if (JAVASCRIPTCORE_PROFILE_WILL_EXECUTE_ENABLED()) {
+        CString name = callIdentifier.m_name.UTF8String();
+        CString url = callIdentifier.m_url.UTF8String();
+        JAVASCRIPTCORE_PROFILE_WILL_EXECUTE(m_profileGroup, const_cast<char*>(name.c_str()), const_cast<char*>(url.c_str()), callIdentifier.m_lineNumber);
+    }
+
+    if (!m_originatingGlobalExec)
+        return;
+
+    ASSERT_ARG(m_currentNode, m_currentNode);
+    m_currentNode = m_currentNode->willExecute(callIdentifier);
+}
+
+void ProfileGenerator::didExecute(const CallIdentifier& callIdentifier)
+{
+    if (JAVASCRIPTCORE_PROFILE_DID_EXECUTE_ENABLED()) {
+        CString name = callIdentifier.m_name.UTF8String();
+        CString url = callIdentifier.m_url.UTF8String();
+        JAVASCRIPTCORE_PROFILE_DID_EXECUTE(m_profileGroup, const_cast<char*>(name.c_str()), const_cast<char*>(url.c_str()), callIdentifier.m_lineNumber);
+    }
+
+    if (!m_originatingGlobalExec)
+        return;
+
+    ASSERT_ARG(m_currentNode, m_currentNode);
+    if (m_currentNode->callIdentifier() != callIdentifier) {
+        RefPtr<ProfileNode> returningNode = ProfileNode::create(callIdentifier, m_head.get(), m_currentNode.get());
+        returningNode->setStartTime(m_currentNode->startTime());
+        returningNode->didExecute();
+        m_currentNode->insertNode(returningNode.release());
+        return;
+    }
+
+    m_currentNode = m_currentNode->didExecute();
+}
+
+void ProfileGenerator::stopProfiling()
+{
+    m_profile->forEach(&ProfileNode::stopProfiling);
+
+    removeProfileStart();
+    removeProfileEnd();
+
+    ASSERT_ARG(m_currentNode, m_currentNode);
+
+    // Set the current node to the parent, because we are in a call that
+    // will not get didExecute call.
+    m_currentNode = m_currentNode->parent();
+
+   if (double headSelfTime = m_head->selfTime()) {
+        RefPtr<ProfileNode> idleNode = ProfileNode::create(CallIdentifier(NonJSExecution, 0, 0), m_head.get(), m_head.get());
+
+        idleNode->setTotalTime(headSelfTime);
+        idleNode->setSelfTime(headSelfTime);
+        idleNode->setVisible(true);
+
+        m_head->setSelfTime(0.0);
+        m_head->addChild(idleNode.release());
+    }
+}
+
+// The console.ProfileGenerator that started this ProfileGenerator will be the first child.
+void ProfileGenerator::removeProfileStart()
+{
+    ProfileNode* currentNode = 0;
+    for (ProfileNode* next = m_head.get(); next; next = next->firstChild())
+        currentNode = next;
+
+    if (currentNode->callIdentifier().m_name != "profile")
+        return;
+
+    // Attribute the time of the node aobut to be removed to the self time of its parent
+    currentNode->parent()->setSelfTime(currentNode->parent()->selfTime() + currentNode->totalTime());
+    currentNode->parent()->removeChild(currentNode);
+}
+
+// The console.ProfileGeneratorEnd that stopped this ProfileGenerator will be the last child.
+void ProfileGenerator::removeProfileEnd()
+{
+    ProfileNode* currentNode = 0;
+    for (ProfileNode* next = m_head.get(); next; next = next->lastChild())
+        currentNode = next;
+
+    if (currentNode->callIdentifier().m_name != "profileEnd")
+        return;
+
+    // Attribute the time of the node aobut to be removed to the self time of its parent
+    currentNode->parent()->setSelfTime(currentNode->parent()->selfTime() + currentNode->totalTime());
+
+    ASSERT(currentNode->callIdentifier() == (currentNode->parent()->children()[currentNode->parent()->children().size() - 1])->callIdentifier());
+    currentNode->parent()->removeChild(currentNode);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.h
new file mode 100644
index 000000000..82149b33d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileGenerator.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#ifndef ProfileGenerator_h
+#define ProfileGenerator_h
+
+#include "Profile.h"
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class ExecState;
+    class Profile;
+    class ProfileNode;
+    class UString;
+    struct CallIdentifier;    
+
+    class ProfileGenerator : public RefCounted<ProfileGenerator>  {
+    public:
+        static PassRefPtr<ProfileGenerator> create(const UString& title, ExecState* originatingExec, unsigned uid);
+
+        // Members
+        const UString& title() const;
+        PassRefPtr<Profile> profile() const { return m_profile; }
+        ExecState* originatingGlobalExec() const { return m_originatingGlobalExec; }
+        unsigned profileGroup() const { return m_profileGroup; }
+
+        // Collecting
+        void willExecute(const CallIdentifier&);
+        void didExecute(const CallIdentifier&);
+
+        // Stopping Profiling
+        void stopProfiling();
+
+        typedef void (ProfileGenerator::*ProfileFunction)(const CallIdentifier& callIdentifier);
+
+    private:
+        ProfileGenerator(const UString& title, ExecState* originatingExec, unsigned uid);
+        void addParentForConsoleStart(ExecState*);
+
+        void removeProfileStart();
+        void removeProfileEnd();
+
+        RefPtr<Profile> m_profile;
+        ExecState* m_originatingGlobalExec;
+        unsigned m_profileGroup;
+        RefPtr<ProfileNode> m_head;
+        RefPtr<ProfileNode> m_currentNode;
+    };
+
+} // namespace JSC
+
+#endif // ProfileGenerator_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.cpp
new file mode 100644
index 000000000..19050aa0c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.cpp
@@ -0,0 +1,346 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ProfileNode.h"
+
+#include "Profiler.h"
+#include <stdio.h>
+#include <wtf/DateMath.h>
+
+#if PLATFORM(WIN_OS)
+#include <windows.h>
+#endif
+
+namespace JSC {
+
+static double getCount()
+{
+#if PLATFORM(WIN_OS)
+    static LARGE_INTEGER frequency = {0};
+    if (!frequency.QuadPart)
+        QueryPerformanceFrequency(&frequency);
+    LARGE_INTEGER counter;
+    QueryPerformanceCounter(&counter);
+    return static_cast<double>(counter.QuadPart) / frequency.QuadPart;
+#else
+    return WTF::getCurrentUTCTimeWithMicroseconds();
+#endif
+}
+
+ProfileNode::ProfileNode(const CallIdentifier& callIdentifier, ProfileNode* headNode, ProfileNode* parentNode)
+    : m_callIdentifier(callIdentifier)
+    , m_head(headNode)
+    , m_parent(parentNode)
+    , m_nextSibling(0)
+    , m_startTime(0.0)
+    , m_actualTotalTime(0.0)
+    , m_visibleTotalTime(0.0)
+    , m_actualSelfTime(0.0)
+    , m_visibleSelfTime(0.0)
+    , m_numberOfCalls(0)
+    , m_visible(true)
+{
+    startTimer();
+}
+
+ProfileNode::ProfileNode(ProfileNode* headNode, ProfileNode* nodeToCopy)
+    : m_callIdentifier(nodeToCopy->callIdentifier())
+    , m_head(headNode)
+    , m_parent(nodeToCopy->parent())
+    , m_nextSibling(0)
+    , m_startTime(0.0)
+    , m_actualTotalTime(nodeToCopy->actualTotalTime())
+    , m_visibleTotalTime(nodeToCopy->totalTime())
+    , m_actualSelfTime(nodeToCopy->actualSelfTime())
+    , m_visibleSelfTime(nodeToCopy->selfTime())
+    , m_numberOfCalls(nodeToCopy->numberOfCalls())
+    , m_visible(nodeToCopy->visible())
+{
+}
+
+ProfileNode* ProfileNode::willExecute(const CallIdentifier& callIdentifier)
+{
+    for (StackIterator currentChild = m_children.begin(); currentChild != m_children.end(); ++currentChild) {
+        if ((*currentChild)->callIdentifier() == callIdentifier) {
+            (*currentChild)->startTimer();
+            return (*currentChild).get();
+        }
+    }
+
+    RefPtr<ProfileNode> newChild = ProfileNode::create(callIdentifier, m_head ? m_head : this, this); // If this ProfileNode has no head it is the head.
+    if (m_children.size())
+        m_children.last()->setNextSibling(newChild.get());
+    m_children.append(newChild.release());
+    return m_children.last().get();
+}
+
+ProfileNode* ProfileNode::didExecute()
+{
+    endAndRecordCall();
+    return m_parent;
+}
+
+void ProfileNode::addChild(PassRefPtr<ProfileNode> prpChild)
+{
+    RefPtr<ProfileNode> child = prpChild;
+    child->setParent(this);
+    if (m_children.size())
+        m_children.last()->setNextSibling(child.get());
+    m_children.append(child.release());
+}
+
+ProfileNode* ProfileNode::findChild(ProfileNode* node) const
+{
+    if (!node)
+        return 0;
+
+    for (size_t i = 0; i < m_children.size(); ++i) {
+        if (*node == m_children[i].get())
+            return m_children[i].get();
+    }
+
+    return 0;
+}
+
+void ProfileNode::removeChild(ProfileNode* node)
+{
+    if (!node)
+        return;
+
+    for (size_t i = 0; i < m_children.size(); ++i) {
+        if (*node == m_children[i].get()) {
+            m_children.remove(i);
+            break;
+        }
+    }
+    
+    resetChildrensSiblings();
+}
+
+void ProfileNode::insertNode(PassRefPtr<ProfileNode> prpNode)
+{
+    RefPtr<ProfileNode> node = prpNode;
+
+    for (unsigned i = 0; i < m_children.size(); ++i)
+        node->addChild(m_children[i].release());
+
+    m_children.clear();
+    m_children.append(node.release());
+}
+
+void ProfileNode::stopProfiling()
+{
+    if (m_startTime)
+        endAndRecordCall();
+
+    m_visibleTotalTime = m_actualTotalTime;
+
+    ASSERT(m_actualSelfTime == 0.0 && m_startTime == 0.0);
+
+    // Because we iterate in post order all of our children have been stopped before us.
+    for (unsigned i = 0; i < m_children.size(); ++i)
+        m_actualSelfTime += m_children[i]->totalTime();
+
+    ASSERT(m_actualSelfTime <= m_actualTotalTime);
+    m_actualSelfTime = m_actualTotalTime - m_actualSelfTime;
+    m_visibleSelfTime = m_actualSelfTime;
+}
+
+ProfileNode* ProfileNode::traverseNextNodePostOrder() const
+{
+    ProfileNode* next = m_nextSibling;
+    if (!next)
+        return m_parent;
+    while (ProfileNode* firstChild = next->firstChild())
+        next = firstChild;
+    return next;
+}
+
+ProfileNode* ProfileNode::traverseNextNodePreOrder(bool processChildren) const
+{
+    if (processChildren && m_children.size())
+        return m_children[0].get();
+
+    if (m_nextSibling)
+        return m_nextSibling;
+
+    ProfileNode* nextParent = m_parent;
+    if (!nextParent)
+        return 0;
+
+    ProfileNode* next;
+    for (next = m_parent->nextSibling(); !next; next = nextParent->nextSibling()) {
+        nextParent = nextParent->parent();
+        if (!nextParent)
+            return 0;
+    }
+
+    return next;
+}
+
+void ProfileNode::setTreeVisible(ProfileNode* node, bool visible)
+{
+    ProfileNode* nodeParent = node->parent();
+    ProfileNode* nodeSibling = node->nextSibling();
+    node->setParent(0);
+    node->setNextSibling(0);
+
+    for (ProfileNode* currentNode = node; currentNode; currentNode = currentNode->traverseNextNodePreOrder())
+        currentNode->setVisible(visible);
+
+    node->setParent(nodeParent);
+    node->setNextSibling(nodeSibling);
+}
+
+void ProfileNode::calculateVisibleTotalTime()
+{
+    double sumOfVisibleChildrensTime = 0.0;
+
+    for (unsigned i = 0; i < m_children.size(); ++i) {
+        if (m_children[i]->visible())
+            sumOfVisibleChildrensTime += m_children[i]->totalTime();
+    }
+
+    m_visibleTotalTime = m_visibleSelfTime + sumOfVisibleChildrensTime;
+}
+
+bool ProfileNode::focus(const CallIdentifier& callIdentifier)
+{
+    if (!m_visible)
+        return false;
+
+    if (m_callIdentifier != callIdentifier) {
+        m_visible = false;
+        return true;
+    }
+
+    for (ProfileNode* currentParent = m_parent; currentParent; currentParent = currentParent->parent())
+        currentParent->setVisible(true);
+
+    return false;
+}
+
+void ProfileNode::exclude(const CallIdentifier& callIdentifier)
+{
+    if (m_visible && m_callIdentifier == callIdentifier) {
+        setTreeVisible(this, false);
+
+        m_parent->setVisibleSelfTime(m_parent->selfTime() + m_visibleTotalTime);
+    }
+}
+
+void ProfileNode::restore()
+{
+    m_visibleTotalTime = m_actualTotalTime;
+    m_visibleSelfTime = m_actualSelfTime;
+    m_visible = true;
+}
+
+void ProfileNode::endAndRecordCall()
+{
+    m_actualTotalTime += m_startTime ? getCount() - m_startTime : 0.0;
+    m_startTime = 0.0;
+
+    ++m_numberOfCalls;
+}
+
+void ProfileNode::startTimer()
+{
+    if (!m_startTime)
+        m_startTime = getCount();
+}
+
+void ProfileNode::resetChildrensSiblings()
+{
+    unsigned size = m_children.size();
+    for (unsigned i = 0; i < size; ++i)
+        m_children[i]->setNextSibling(i + 1 == size ? 0 : m_children[i + 1].get());
+}
+
+#ifndef NDEBUG
+void ProfileNode::debugPrintData(int indentLevel) const
+{
+    // Print function names
+    for (int i = 0; i < indentLevel; ++i)
+        printf("  ");
+
+    printf("Function Name %s %d SelfTime %.3fms/%.3f%% TotalTime %.3fms/%.3f%% VSelf %.3fms VTotal %.3fms Visible %s Next Sibling %s\n",
+        functionName().UTF8String().c_str(), 
+        m_numberOfCalls, m_actualSelfTime, selfPercent(), m_actualTotalTime, totalPercent(),
+        m_visibleSelfTime, m_visibleTotalTime, 
+        (m_visible ? "True" : "False"),
+        m_nextSibling ? m_nextSibling->functionName().UTF8String().c_str() : "");
+
+    ++indentLevel;
+
+    // Print children's names and information
+    for (StackIterator currentChild = m_children.begin(); currentChild != m_children.end(); ++currentChild)
+        (*currentChild)->debugPrintData(indentLevel);
+}
+
+// print the profiled data in a format that matches the tool sample's output.
+double ProfileNode::debugPrintDataSampleStyle(int indentLevel, FunctionCallHashCount& countedFunctions) const
+{
+    printf("    ");
+
+    // Print function names
+    const char* name = functionName().UTF8String().c_str();
+    double sampleCount = m_actualTotalTime * 1000;
+    if (indentLevel) {
+        for (int i = 0; i < indentLevel; ++i)
+            printf("  ");
+
+         countedFunctions.add(functionName().rep());
+
+        printf("%.0f %s\n", sampleCount ? sampleCount : 1, name);
+    } else
+        printf("%s\n", name);
+
+    ++indentLevel;
+
+    // Print children's names and information
+    double sumOfChildrensCount = 0.0;
+    for (StackIterator currentChild = m_children.begin(); currentChild != m_children.end(); ++currentChild)
+        sumOfChildrensCount += (*currentChild)->debugPrintDataSampleStyle(indentLevel, countedFunctions);
+
+    sumOfChildrensCount *= 1000;    //
+    // Print remainder of samples to match sample's output
+    if (sumOfChildrensCount < sampleCount) {
+        printf("    ");
+        while (indentLevel--)
+            printf("  ");
+
+        printf("%.0f %s\n", sampleCount - sumOfChildrensCount, functionName().UTF8String().c_str());
+    }
+
+    return m_actualTotalTime;
+}
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.h
new file mode 100644
index 000000000..2b5a93602
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfileNode.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ProfileNode_h
+#define ProfileNode_h
+
+#include "CallIdentifier.h"
+#include <wtf/Vector.h>
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class ProfileNode;
+
+    typedef Vector<RefPtr<ProfileNode> >::const_iterator StackIterator;
+    typedef HashCountedSet<UString::Rep*> FunctionCallHashCount;
+
+    class ProfileNode : public RefCounted<ProfileNode> {
+    public:
+        static PassRefPtr<ProfileNode> create(const CallIdentifier& callIdentifier, ProfileNode* headNode, ProfileNode* parentNode)
+        {
+            return adoptRef(new ProfileNode(callIdentifier, headNode, parentNode));
+        }
+        static PassRefPtr<ProfileNode> create(ProfileNode* headNode, ProfileNode* node)
+        {
+            return adoptRef(new ProfileNode(headNode, node));
+        }
+
+        bool operator==(ProfileNode* node) { return m_callIdentifier == node->callIdentifier(); }
+
+        ProfileNode* willExecute(const CallIdentifier&);
+        ProfileNode* didExecute();
+
+        void stopProfiling();
+
+        // CallIdentifier members
+        const CallIdentifier& callIdentifier() const { return m_callIdentifier; }
+        const UString& functionName() const { return m_callIdentifier.m_name; }
+        const UString& url() const { return m_callIdentifier.m_url; }
+        unsigned lineNumber() const { return m_callIdentifier.m_lineNumber; }
+
+        // Relationships
+        ProfileNode* head() const { return m_head; }
+        void setHead(ProfileNode* head) { m_head = head; }
+        ProfileNode* parent() const { return m_parent; }
+        void setParent(ProfileNode* parent) { m_parent = parent; }
+        ProfileNode* nextSibling() const { return m_nextSibling; }
+        void setNextSibling(ProfileNode* nextSibling) { m_nextSibling = nextSibling; }
+
+        // Time members
+        double startTime() const { return m_startTime; }
+        void setStartTime(double startTime) { m_startTime = startTime; }
+        double totalTime() const { return m_visibleTotalTime; }
+        double actualTotalTime() const { return m_actualTotalTime; }
+        void setTotalTime(double time) { m_actualTotalTime = time; m_visibleTotalTime = time; }
+        void setActualTotalTime(double time) { m_actualTotalTime = time; }
+        void setVisibleTotalTime(double time) { m_visibleTotalTime = time; }
+        double selfTime() const { return m_visibleSelfTime; }
+        double actualSelfTime() const { return m_actualSelfTime; }
+        void setSelfTime(double time) {m_actualSelfTime = time; m_visibleSelfTime = time; }
+        void setActualSelfTime(double time) { m_actualSelfTime = time; }
+        void setVisibleSelfTime(double time) { m_visibleSelfTime = time; }
+
+        double totalPercent() const { return (m_visibleTotalTime / (m_head ? m_head->totalTime() : totalTime())) * 100.0; }
+        double selfPercent() const { return (m_visibleSelfTime / (m_head ? m_head->totalTime() : totalTime())) * 100.0; }
+
+        unsigned numberOfCalls() const { return m_numberOfCalls; }
+        void setNumberOfCalls(unsigned number) { m_numberOfCalls = number; }
+
+        // Children members
+        const Vector<RefPtr<ProfileNode> >& children() const { return m_children; }
+        ProfileNode* firstChild() const { return m_children.size() ? m_children.first().get() : 0; }
+        ProfileNode* lastChild() const { return m_children.size() ? m_children.last().get() : 0; }
+        ProfileNode* findChild(ProfileNode*) const;
+        void removeChild(ProfileNode*);
+        void addChild(PassRefPtr<ProfileNode> prpChild);
+        void insertNode(PassRefPtr<ProfileNode> prpNode);
+
+        // Visiblity
+        bool visible() const { return m_visible; }
+        void setVisible(bool visible) { m_visible = visible; }
+
+        static void setTreeVisible(ProfileNode*, bool visible);
+
+        // Sorting
+        ProfileNode* traverseNextNodePostOrder() const;
+        ProfileNode* traverseNextNodePreOrder(bool processChildren = true) const;
+
+        // Views
+        void calculateVisibleTotalTime();
+        bool focus(const CallIdentifier&);
+        void exclude(const CallIdentifier&);
+        void restore();
+
+        void endAndRecordCall();
+
+#ifndef NDEBUG
+        const char* c_str() const { return m_callIdentifier; }
+        void debugPrintData(int indentLevel) const;
+        double debugPrintDataSampleStyle(int indentLevel, FunctionCallHashCount&) const;
+#endif
+
+    private:
+        ProfileNode(const CallIdentifier&, ProfileNode* headNode, ProfileNode* parentNode);
+        ProfileNode(ProfileNode* headNode, ProfileNode* nodeToCopy);
+
+        void startTimer();
+        void resetChildrensSiblings();
+
+        RefPtr<ProfileNode>* childrenBegin() { return m_children.begin(); }
+        RefPtr<ProfileNode>* childrenEnd() { return m_children.end(); }
+
+        // Sorting comparators
+        static inline bool totalTimeDescendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->totalTime() > b->totalTime(); }
+        static inline bool totalTimeAscendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->totalTime() < b->totalTime(); }
+        static inline bool selfTimeDescendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->selfTime() > b->selfTime(); }
+        static inline bool selfTimeAscendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->selfTime() < b->selfTime(); }
+        static inline bool callsDescendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->numberOfCalls() > b->numberOfCalls(); }
+        static inline bool callsAscendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->numberOfCalls() < b->numberOfCalls(); }
+        static inline bool functionNameDescendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->functionName() > b->functionName(); }
+        static inline bool functionNameAscendingComparator(const RefPtr<ProfileNode>& a, const RefPtr<ProfileNode>& b) { return a->functionName() < b->functionName(); }
+
+        CallIdentifier m_callIdentifier;
+        ProfileNode* m_head;
+        ProfileNode* m_parent;
+        ProfileNode* m_nextSibling;
+
+        double m_startTime;
+        double m_actualTotalTime;
+        double m_visibleTotalTime;
+        double m_actualSelfTime;
+        double m_visibleSelfTime;
+        unsigned m_numberOfCalls;
+
+        bool m_visible;
+
+        Vector<RefPtr<ProfileNode> > m_children;
+    };
+
+} // namespace JSC
+
+#endif // ProfileNode_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.cpp
new file mode 100644
index 000000000..6f72e0817
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.cpp
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Profiler.h"
+
+#include "CommonIdentifiers.h"
+#include "CallFrame.h"
+#include "CodeBlock.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "Nodes.h"
+#include "Profile.h"
+#include "ProfileGenerator.h"
+#include "ProfileNode.h"
+#include <stdio.h>
+
+namespace JSC {
+
+static const char* GlobalCodeExecution = "(program)";
+static const char* AnonymousFunction = "(anonymous function)";
+static unsigned ProfilesUID = 0;
+
+static CallIdentifier createCallIdentifierFromFunctionImp(JSGlobalData*, JSFunction*);
+
+Profiler* Profiler::s_sharedProfiler = 0;
+Profiler* Profiler::s_sharedEnabledProfilerReference = 0;
+
+Profiler* Profiler::profiler()
+{
+    if (!s_sharedProfiler)
+        s_sharedProfiler = new Profiler();
+    return s_sharedProfiler;
+}   
+
+void Profiler::startProfiling(ExecState* exec, const UString& title)
+{
+    ASSERT_ARG(title, !title.isNull());
+
+    // Check if we currently have a Profile for this global ExecState and title.
+    // If so return early and don't create a new Profile.
+    ExecState* globalExec = exec ? exec->lexicalGlobalObject()->globalExec() : 0;
+
+    for (size_t i = 0; i < m_currentProfiles.size(); ++i) {
+        ProfileGenerator* profileGenerator = m_currentProfiles[i].get();
+        if (profileGenerator->originatingGlobalExec() == globalExec && profileGenerator->title() == title)
+            return;
+    }
+
+    s_sharedEnabledProfilerReference = this;
+    RefPtr<ProfileGenerator> profileGenerator = ProfileGenerator::create(title, exec, ++ProfilesUID);
+    m_currentProfiles.append(profileGenerator);
+}
+
+PassRefPtr<Profile> Profiler::stopProfiling(ExecState* exec, const UString& title)
+{
+    ExecState* globalExec = exec ? exec->lexicalGlobalObject()->globalExec() : 0;
+    for (ptrdiff_t i = m_currentProfiles.size() - 1; i >= 0; --i) {
+        ProfileGenerator* profileGenerator = m_currentProfiles[i].get();
+        if (profileGenerator->originatingGlobalExec() == globalExec && (title.isNull() || profileGenerator->title() == title)) {
+            profileGenerator->stopProfiling();
+            RefPtr<Profile> returnProfile = profileGenerator->profile();
+
+            m_currentProfiles.remove(i);
+            if (!m_currentProfiles.size())
+                s_sharedEnabledProfilerReference = 0;
+            
+            return returnProfile;
+        }
+    }
+
+    return 0;
+}
+
+static inline void dispatchFunctionToProfiles(const Vector<RefPtr<ProfileGenerator> >& profiles, ProfileGenerator::ProfileFunction function, const CallIdentifier& callIdentifier, unsigned currentProfileTargetGroup)
+{
+    for (size_t i = 0; i < profiles.size(); ++i) {
+        if (profiles[i]->profileGroup() == currentProfileTargetGroup || !profiles[i]->originatingGlobalExec())
+            (profiles[i].get()->*function)(callIdentifier);
+    }
+}
+
+void Profiler::willExecute(ExecState* exec, JSValue function)
+{
+    ASSERT(!m_currentProfiles.isEmpty());
+
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::willExecute, createCallIdentifier(&exec->globalData(), function, "", 0), exec->lexicalGlobalObject()->profileGroup());
+}
+
+void Profiler::willExecute(ExecState* exec, const UString& sourceURL, int startingLineNumber)
+{
+    ASSERT(!m_currentProfiles.isEmpty());
+
+    CallIdentifier callIdentifier = createCallIdentifier(&exec->globalData(), JSValue(), sourceURL, startingLineNumber);
+
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::willExecute, callIdentifier, exec->lexicalGlobalObject()->profileGroup());
+}
+
+void Profiler::didExecute(ExecState* exec, JSValue function)
+{
+    ASSERT(!m_currentProfiles.isEmpty());
+
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(&exec->globalData(), function, "", 0), exec->lexicalGlobalObject()->profileGroup());
+}
+
+void Profiler::didExecute(ExecState* exec, const UString& sourceURL, int startingLineNumber)
+{
+    ASSERT(!m_currentProfiles.isEmpty());
+
+    dispatchFunctionToProfiles(m_currentProfiles, &ProfileGenerator::didExecute, createCallIdentifier(&exec->globalData(), JSValue(), sourceURL, startingLineNumber), exec->lexicalGlobalObject()->profileGroup());
+}
+
+CallIdentifier Profiler::createCallIdentifier(JSGlobalData* globalData, JSValue functionValue, const UString& defaultSourceURL, int defaultLineNumber)
+{
+    if (!functionValue)
+        return CallIdentifier(GlobalCodeExecution, defaultSourceURL, defaultLineNumber);
+    if (!functionValue.isObject())
+        return CallIdentifier("(unknown)", defaultSourceURL, defaultLineNumber);
+    if (asObject(functionValue)->inherits(&JSFunction::info)) {
+        JSFunction* function = asFunction(functionValue);
+        if (!function->executable()->isHostFunction())
+            return createCallIdentifierFromFunctionImp(globalData, function);
+    }
+    if (asObject(functionValue)->inherits(&InternalFunction::info))
+        return CallIdentifier(static_cast<InternalFunction*>(asObject(functionValue))->name(globalData), defaultSourceURL, defaultLineNumber);
+    return CallIdentifier("(" + asObject(functionValue)->className() + " object)", defaultSourceURL, defaultLineNumber);
+}
+
+CallIdentifier createCallIdentifierFromFunctionImp(JSGlobalData* globalData, JSFunction* function)
+{
+    ASSERT(!function->isHostFunction());
+    const UString& name = function->calculatedDisplayName(globalData);
+    return CallIdentifier(name.isEmpty() ? AnonymousFunction : name, function->jsExecutable()->sourceURL(), function->jsExecutable()->lineNo());
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.h
new file mode 100644
index 000000000..21621bfd6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/Profiler.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Profiler_h
+#define Profiler_h
+
+#include "Profile.h"
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefPtr.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    class ExecState;
+    class JSGlobalData;
+    class JSObject;
+    class JSValue;
+    class ProfileGenerator;
+    class UString;
+    struct CallIdentifier;    
+
+    class Profiler : public FastAllocBase {
+    public:
+        static Profiler** enabledProfilerReference()
+        {
+            return &s_sharedEnabledProfilerReference;
+        }
+
+        static Profiler* profiler(); 
+        static CallIdentifier createCallIdentifier(JSGlobalData*, JSValue, const UString& sourceURL, int lineNumber);
+
+        void startProfiling(ExecState*, const UString& title);
+        PassRefPtr<Profile> stopProfiling(ExecState*, const UString& title);
+
+        void willExecute(ExecState*, JSValue function);
+        void willExecute(ExecState*, const UString& sourceURL, int startingLineNumber);
+        void didExecute(ExecState*, JSValue function);
+        void didExecute(ExecState*, const UString& sourceURL, int startingLineNumber);
+
+        const Vector<RefPtr<ProfileGenerator> >& currentProfiles() { return m_currentProfiles; };
+
+    private:
+        Vector<RefPtr<ProfileGenerator> > m_currentProfiles;
+        static Profiler* s_sharedProfiler;
+        static Profiler* s_sharedEnabledProfilerReference;
+    };
+
+} // namespace JSC
+
+#endif // Profiler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.h
new file mode 100644
index 000000000..5b7cc46af
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ProfileServer_h
+#define ProfileServer_h
+
+namespace JSC {
+
+void startProfilerServerIfNeeded();
+
+} // namespace JSC
+
+#endif // ProfileServer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.mm b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.mm
new file mode 100644
index 000000000..a3944de04
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/ProfilerServer.mm
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "ProfilerServer.h"
+
+#import "JSProfilerPrivate.h"
+#import "JSRetainPtr.h"
+#import <Foundation/Foundation.h>
+
+#if PLATFORM(IPHONE_SIMULATOR)
+#import <Foundation/NSDistributedNotificationCenter.h>
+#endif
+
+@interface ProfilerServer : NSObject {
+@private
+    NSString *_serverName;
+    unsigned _listenerCount;
+}
++ (ProfilerServer *)sharedProfileServer;
+- (void)startProfiling;
+- (void)stopProfiling;
+@end
+
+@implementation ProfilerServer
+
++ (ProfilerServer *)sharedProfileServer
+{
+    static ProfilerServer *sharedServer;
+    if (!sharedServer)
+        sharedServer = [[ProfilerServer alloc] init];
+    return sharedServer;
+}
+
+- (id)init
+{
+    if (!(self = [super init]))
+        return nil;
+
+    NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+
+    NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
+    if ([defaults boolForKey:@"EnableJSProfiling"])
+        [self startProfiling];
+
+#if !PLATFORM(IPHONE) || PLATFORM(IPHONE_SIMULATOR)
+    // FIXME: <rdar://problem/6546135>
+    // The catch-all notifications
+    [[NSDistributedNotificationCenter defaultCenter] addObserver:self selector:@selector(startProfiling) name:@"ProfilerServerStartNotification" object:nil];
+    [[NSDistributedNotificationCenter defaultCenter] addObserver:self selector:@selector(stopProfiling) name:@"ProfilerServerStopNotification" object:nil];
+#endif
+
+    // The specific notifications
+    NSProcessInfo *processInfo = [NSProcessInfo processInfo];
+    _serverName = [[NSString alloc] initWithFormat:@"ProfilerServer-%d", [processInfo processIdentifier]];
+
+#if !PLATFORM(IPHONE) || PLATFORM(IPHONE_SIMULATOR)
+    // FIXME: <rdar://problem/6546135>
+    [[NSDistributedNotificationCenter defaultCenter] addObserver:self selector:@selector(startProfiling) name:[_serverName stringByAppendingString:@"-Start"] object:nil];
+    [[NSDistributedNotificationCenter defaultCenter] addObserver:self selector:@selector(stopProfiling) name:[_serverName stringByAppendingString:@"-Stop"] object:nil];
+#endif
+
+    [pool drain];
+
+    return self;
+}
+
+- (void)startProfiling
+{
+    if (++_listenerCount > 1)
+        return;
+    JSRetainPtr<JSStringRef> profileName(Adopt, JSStringCreateWithUTF8CString([_serverName UTF8String]));
+    JSStartProfiling(0, profileName.get());
+}
+
+- (void)stopProfiling
+{
+    if (!_listenerCount || --_listenerCount > 0)
+        return;
+    JSRetainPtr<JSStringRef> profileName(Adopt, JSStringCreateWithUTF8CString([_serverName UTF8String]));
+    JSEndProfiling(0, profileName.get());
+}
+
+@end
+
+namespace JSC {
+
+void startProfilerServerIfNeeded()
+{
+    [ProfilerServer sharedProfileServer];
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.cpp
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.cpp
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.h b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.h
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/profiler/TreeProfile.h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.cpp
new file mode 100644
index 000000000..ab2b5d7da
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.cpp
@@ -0,0 +1,79 @@
+/*
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "ArgList.h"
+
+#include "JSValue.h"
+#include "JSCell.h"
+
+using std::min;
+
+namespace JSC {
+
+void ArgList::getSlice(int startIndex, ArgList& result) const
+{
+    if (startIndex <= 0 || static_cast<unsigned>(startIndex) >= m_argCount) {
+        result = ArgList(m_args, 0);
+        return;
+    }
+    result = ArgList(m_args + startIndex, m_argCount - startIndex);
+}
+
+void MarkedArgumentBuffer::markLists(MarkStack& markStack, ListSet& markSet)
+{
+    ListSet::iterator end = markSet.end();
+    for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
+        MarkedArgumentBuffer* list = *it;
+        markStack.appendValues(reinterpret_cast<JSValue*>(list->m_buffer), list->m_size);
+    }
+}
+
+void MarkedArgumentBuffer::slowAppend(JSValue v)
+{
+    // As long as our size stays within our Vector's inline 
+    // capacity, all our values are allocated on the stack, and 
+    // therefore don't need explicit marking. Once our size exceeds
+    // our Vector's inline capacity, though, our values move to the 
+    // heap, where they do need explicit marking.
+    if (!m_markSet) {
+        // We can only register for explicit marking once we know which heap
+        // is the current one, i.e., when a non-immediate value is appended.
+        if (Heap* heap = Heap::heap(v)) {
+            ListSet& markSet = heap->markListSet();
+            markSet.add(this);
+            m_markSet = &markSet;
+        }
+    }
+
+    if (m_vector.size() < m_vector.capacity()) {
+        m_vector.uncheckedAppend(v);
+        return;
+    }
+
+    // 4x growth would be excessive for a normal vector, but it's OK for Lists 
+    // because they're short-lived.
+    m_vector.reserveCapacity(m_vector.capacity() * 4);
+    
+    m_vector.uncheckedAppend(v);
+    m_buffer = m_vector.data();
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.h
new file mode 100644
index 000000000..32277705a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArgList.h
@@ -0,0 +1,230 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef ArgList_h
+#define ArgList_h
+
+#include "Register.h"
+#include <wtf/HashSet.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    class MarkStack;
+
+    class MarkedArgumentBuffer : public Noncopyable {
+    private:
+        static const unsigned inlineCapacity = 8;
+        typedef Vector<Register, inlineCapacity> VectorType;
+        typedef HashSet<MarkedArgumentBuffer*> ListSet;
+
+    public:
+        typedef VectorType::iterator iterator;
+        typedef VectorType::const_iterator const_iterator;
+
+        // Constructor for a read-write list, to which you may append values.
+        // FIXME: Remove all clients of this API, then remove this API.
+        MarkedArgumentBuffer()
+            : m_isUsingInlineBuffer(true)
+            , m_markSet(0)
+#ifndef NDEBUG
+            , m_isReadOnly(false)
+#endif
+        {
+            m_buffer = m_vector.data();
+            m_size = 0;
+        }
+
+        // Constructor for a read-only list whose data has already been allocated elsewhere.
+        MarkedArgumentBuffer(Register* buffer, size_t size)
+            : m_buffer(buffer)
+            , m_size(size)
+            , m_isUsingInlineBuffer(true)
+            , m_markSet(0)
+#ifndef NDEBUG
+            , m_isReadOnly(true)
+#endif
+        {
+        }
+
+        void initialize(Register* buffer, size_t size)
+        {
+            ASSERT(!m_markSet);
+            ASSERT(isEmpty());
+
+            m_buffer = buffer;
+            m_size = size;
+#ifndef NDEBUG
+            m_isReadOnly = true;
+#endif
+        }
+
+        ~MarkedArgumentBuffer()
+        {
+            if (m_markSet)
+                m_markSet->remove(this);
+        }
+
+        size_t size() const { return m_size; }
+        bool isEmpty() const { return !m_size; }
+
+        JSValue at(size_t i) const
+        {
+            if (i < m_size)
+                return m_buffer[i].jsValue();
+            return jsUndefined();
+        }
+
+        void clear()
+        {
+            m_vector.clear();
+            m_buffer = 0;
+            m_size = 0;
+        }
+
+        void append(JSValue v)
+        {
+            ASSERT(!m_isReadOnly);
+            
+            if (m_isUsingInlineBuffer && m_size < inlineCapacity) {
+                m_vector.uncheckedAppend(v);
+                ++m_size;
+            } else {
+                // Putting this case all in one function measurably improves
+                // the performance of the fast "just append to inline buffer" case.
+                slowAppend(v);
+                ++m_size;
+                m_isUsingInlineBuffer = false;
+            }
+        }
+
+        void removeLast()
+        { 
+            ASSERT(m_size);
+            m_size--;
+            m_vector.removeLast();
+        }
+
+        JSValue last() 
+        {
+            ASSERT(m_size);
+            return m_buffer[m_size - 1].jsValue();
+        }
+        
+        iterator begin() { return m_buffer; }
+        iterator end() { return m_buffer + m_size; }
+
+        const_iterator begin() const { return m_buffer; }
+        const_iterator end() const { return m_buffer + m_size; }
+
+        static void markLists(MarkStack&, ListSet&);
+
+    private:
+        void slowAppend(JSValue);
+        
+        Register* m_buffer;
+        size_t m_size;
+        bool m_isUsingInlineBuffer;
+
+        VectorType m_vector;
+        ListSet* m_markSet;
+#ifndef NDEBUG
+        bool m_isReadOnly;
+#endif
+
+    private:
+        // Prohibits new / delete, which would break GC.
+        friend class JSGlobalData;
+        
+        void* operator new(size_t size)
+        {
+            return fastMalloc(size);
+        }
+        void operator delete(void* p)
+        {
+            fastFree(p);
+        }
+
+        void* operator new[](size_t);
+        void operator delete[](void*);
+
+        void* operator new(size_t, void*);
+        void operator delete(void*, size_t);
+    };
+
+    class ArgList {
+        friend class JIT;
+    public:
+        typedef JSValue* iterator;
+        typedef const JSValue* const_iterator;
+
+        ArgList()
+            : m_args(0)
+            , m_argCount(0)
+        {
+        }
+        
+        ArgList(JSValue* args, unsigned argCount)
+            : m_args(args)
+            , m_argCount(argCount)
+        {
+        }
+        
+        ArgList(Register* args, int argCount)
+            : m_args(reinterpret_cast<JSValue*>(args))
+            , m_argCount(argCount)
+        {
+            ASSERT(argCount >= 0);
+        }
+
+        ArgList(const MarkedArgumentBuffer& args)
+            : m_args(reinterpret_cast<JSValue*>(const_cast<Register*>(args.begin())))
+            , m_argCount(args.size())
+        {
+        }
+
+        JSValue at(size_t idx) const
+        {
+            if (idx < m_argCount)
+                return m_args[idx];
+            return jsUndefined();
+        }
+
+        bool isEmpty() const { return !m_argCount; }
+
+        size_t size() const { return m_argCount; }
+        
+        iterator begin() { return m_args; }
+        iterator end() { return m_args + m_argCount; }
+        
+        const_iterator begin() const { return m_args; }
+        const_iterator end() const { return m_args + m_argCount; }
+
+        void getSlice(int startIndex, ArgList& result) const;
+    private:
+        JSValue* m_args;
+        size_t m_argCount;
+    };
+
+} // namespace JSC
+
+#endif // ArgList_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.cpp
new file mode 100644
index 000000000..d90ea15a3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.cpp
@@ -0,0 +1,301 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Arguments.h"
+
+#include "JSActivation.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+
+using namespace std;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(Arguments);
+
+const ClassInfo Arguments::info = { "Arguments", 0, 0, 0 };
+
+Arguments::~Arguments()
+{
+    if (d->extraArguments != d->extraArgumentsFixedBuffer)
+        delete [] d->extraArguments;
+}
+
+void Arguments::markChildren(MarkStack& markStack)
+{
+    JSObject::markChildren(markStack);
+
+    if (d->registerArray)
+        markStack.appendValues(reinterpret_cast<JSValue*>(d->registerArray.get()), d->numParameters);
+
+    if (d->extraArguments) {
+        unsigned numExtraArguments = d->numArguments - d->numParameters;
+        markStack.appendValues(reinterpret_cast<JSValue*>(d->extraArguments), numExtraArguments);
+    }
+
+    markStack.append(d->callee);
+
+    if (d->activation)
+        markStack.append(d->activation);
+}
+
+void Arguments::copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize)
+{
+    if (UNLIKELY(d->overrodeLength)) {
+        unsigned length = min(get(exec, exec->propertyNames().length).toUInt32(exec), maxSize);
+        for (unsigned i = 0; i < length; i++)
+            buffer[i] = get(exec, i);
+        return;
+    }
+
+    if (LIKELY(!d->deletedArguments)) {
+        unsigned parametersLength = min(min(d->numParameters, d->numArguments), maxSize);
+        unsigned i = 0;
+        for (; i < parametersLength; ++i)
+            buffer[i] = d->registers[d->firstParameterIndex + i].jsValue();
+        for (; i < d->numArguments; ++i)
+            buffer[i] = d->extraArguments[i - d->numParameters].jsValue();
+        return;
+    }
+    
+    unsigned parametersLength = min(min(d->numParameters, d->numArguments), maxSize);
+    unsigned i = 0;
+    for (; i < parametersLength; ++i) {
+        if (!d->deletedArguments[i])
+            buffer[i] = d->registers[d->firstParameterIndex + i].jsValue();
+        else
+            buffer[i] = get(exec, i);
+    }
+    for (; i < d->numArguments; ++i) {
+        if (!d->deletedArguments[i])
+            buffer[i] = d->extraArguments[i - d->numParameters].jsValue();
+        else
+            buffer[i] = get(exec, i);
+    }
+}
+
+void Arguments::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
+{
+    if (UNLIKELY(d->overrodeLength)) {
+        unsigned length = get(exec, exec->propertyNames().length).toUInt32(exec); 
+        for (unsigned i = 0; i < length; i++) 
+            args.append(get(exec, i)); 
+        return;
+    }
+
+    if (LIKELY(!d->deletedArguments)) {
+        if (LIKELY(!d->numParameters)) {
+            args.initialize(d->extraArguments, d->numArguments);
+            return;
+        }
+
+        if (d->numParameters == d->numArguments) {
+            args.initialize(&d->registers[d->firstParameterIndex], d->numArguments);
+            return;
+        }
+
+        unsigned parametersLength = min(d->numParameters, d->numArguments);
+        unsigned i = 0;
+        for (; i < parametersLength; ++i)
+            args.append(d->registers[d->firstParameterIndex + i].jsValue());
+        for (; i < d->numArguments; ++i)
+            args.append(d->extraArguments[i - d->numParameters].jsValue());
+        return;
+    }
+
+    unsigned parametersLength = min(d->numParameters, d->numArguments);
+    unsigned i = 0;
+    for (; i < parametersLength; ++i) {
+        if (!d->deletedArguments[i])
+            args.append(d->registers[d->firstParameterIndex + i].jsValue());
+        else
+            args.append(get(exec, i));
+    }
+    for (; i < d->numArguments; ++i) {
+        if (!d->deletedArguments[i])
+            args.append(d->extraArguments[i - d->numParameters].jsValue());
+        else
+            args.append(get(exec, i));
+    }
+}
+
+bool Arguments::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
+{
+    if (i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
+        if (i < d->numParameters) {
+            slot.setRegisterSlot(&d->registers[d->firstParameterIndex + i]);
+        } else
+            slot.setValue(d->extraArguments[i - d->numParameters].jsValue());
+        return true;
+    }
+
+    return JSObject::getOwnPropertySlot(exec, Identifier(exec, UString::from(i)), slot);
+}
+
+bool Arguments::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
+        if (i < d->numParameters) {
+            slot.setRegisterSlot(&d->registers[d->firstParameterIndex + i]);
+        } else
+            slot.setValue(d->extraArguments[i - d->numParameters].jsValue());
+        return true;
+    }
+
+    if (propertyName == exec->propertyNames().length && LIKELY(!d->overrodeLength)) {
+        slot.setValue(jsNumber(exec, d->numArguments));
+        return true;
+    }
+
+    if (propertyName == exec->propertyNames().callee && LIKELY(!d->overrodeCallee)) {
+        slot.setValue(d->callee);
+        return true;
+    }
+
+    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+bool Arguments::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
+        if (i < d->numParameters) {
+            descriptor.setDescriptor(d->registers[d->firstParameterIndex + i].jsValue(), DontEnum);
+        } else
+            descriptor.setDescriptor(d->extraArguments[i - d->numParameters].jsValue(), DontEnum);
+        return true;
+    }
+    
+    if (propertyName == exec->propertyNames().length && LIKELY(!d->overrodeLength)) {
+        descriptor.setDescriptor(jsNumber(exec, d->numArguments), DontEnum);
+        return true;
+    }
+    
+    if (propertyName == exec->propertyNames().callee && LIKELY(!d->overrodeCallee)) {
+        descriptor.setDescriptor(d->callee, DontEnum);
+        return true;
+    }
+    
+    return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+}
+
+void Arguments::put(ExecState* exec, unsigned i, JSValue value, PutPropertySlot& slot)
+{
+    if (i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
+        if (i < d->numParameters)
+            d->registers[d->firstParameterIndex + i] = JSValue(value);
+        else
+            d->extraArguments[i - d->numParameters] = JSValue(value);
+        return;
+    }
+
+    JSObject::put(exec, Identifier(exec, UString::from(i)), value, slot);
+}
+
+void Arguments::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
+        if (i < d->numParameters)
+            d->registers[d->firstParameterIndex + i] = JSValue(value);
+        else
+            d->extraArguments[i - d->numParameters] = JSValue(value);
+        return;
+    }
+
+    if (propertyName == exec->propertyNames().length && !d->overrodeLength) {
+        d->overrodeLength = true;
+        putDirect(propertyName, value, DontEnum);
+        return;
+    }
+
+    if (propertyName == exec->propertyNames().callee && !d->overrodeCallee) {
+        d->overrodeCallee = true;
+        putDirect(propertyName, value, DontEnum);
+        return;
+    }
+
+    JSObject::put(exec, propertyName, value, slot);
+}
+
+bool Arguments::deleteProperty(ExecState* exec, unsigned i, bool checkDontDelete)
+{
+    if (i < d->numArguments) {
+        if (!d->deletedArguments) {
+            d->deletedArguments.set(new bool[d->numArguments]);
+            memset(d->deletedArguments.get(), 0, sizeof(bool) * d->numArguments);
+        }
+        if (!d->deletedArguments[i]) {
+            d->deletedArguments[i] = true;
+            return true;
+        }
+    }
+
+    return JSObject::deleteProperty(exec, Identifier(exec, UString::from(i)), checkDontDelete);
+}
+
+bool Arguments::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex && i < d->numArguments) {
+        if (!d->deletedArguments) {
+            d->deletedArguments.set(new bool[d->numArguments]);
+            memset(d->deletedArguments.get(), 0, sizeof(bool) * d->numArguments);
+        }
+        if (!d->deletedArguments[i]) {
+            d->deletedArguments[i] = true;
+            return true;
+        }
+    }
+
+    if (propertyName == exec->propertyNames().length && !d->overrodeLength) {
+        d->overrodeLength = true;
+        return true;
+    }
+
+    if (propertyName == exec->propertyNames().callee && !d->overrodeCallee) {
+        d->overrodeCallee = true;
+        return true;
+    }
+
+    return JSObject::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+bool Arguments::getPropertyAttributes(ExecState* exec, const Identifier& propertyName, unsigned& attributes) const
+{
+    if ((propertyName == exec->propertyNames().length)
+        || (propertyName == exec->propertyNames().callee)) {
+        attributes = DontEnum;
+        return true;
+    }
+    return JSObject::getPropertyAttributes(exec, propertyName, attributes);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.h
new file mode 100644
index 000000000..2aa09213b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Arguments.h
@@ -0,0 +1,257 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Arguments_h
+#define Arguments_h
+
+#include "JSActivation.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "Interpreter.h"
+#include "ObjectConstructor.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+    struct ArgumentsData : Noncopyable {
+        JSActivation* activation;
+
+        unsigned numParameters;
+        ptrdiff_t firstParameterIndex;
+        unsigned numArguments;
+
+        Register* registers;
+        OwnArrayPtr<Register> registerArray;
+
+        Register* extraArguments;
+        OwnArrayPtr<bool> deletedArguments;
+        Register extraArgumentsFixedBuffer[4];
+
+        JSObject* callee;
+        bool overrodeLength : 1;
+        bool overrodeCallee : 1;
+    };
+
+
+    class Arguments : public JSObject {
+    public:
+        enum NoParametersType { NoParameters };
+
+        Arguments(CallFrame*);
+        Arguments(CallFrame*, NoParametersType);
+        virtual ~Arguments();
+
+        static const ClassInfo info;
+
+        virtual void markChildren(MarkStack&);
+
+        void fillArgList(ExecState*, MarkedArgumentBuffer&);
+
+        uint32_t numProvidedArguments(ExecState* exec) const 
+        {
+            if (UNLIKELY(d->overrodeLength))
+                return get(exec, exec->propertyNames().length).toUInt32(exec);
+            return d->numArguments; 
+        }
+        
+        void copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize);
+        void copyRegisters();
+        bool isTornOff() const { return d->registerArray; }
+        void setActivation(JSActivation* activation)
+        {
+            d->activation = activation;
+            d->registers = &activation->registerAt(0);
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype) 
+        { 
+            return Structure::create(prototype, TypeInfo(ObjectType)); 
+        }
+
+    private:
+        void getArgumentsData(CallFrame*, JSObject*&, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc);
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual void put(ExecState*, unsigned propertyName, JSValue, PutPropertySlot&);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual bool deleteProperty(ExecState*, unsigned propertyName, bool checkDontDelete = true);
+        virtual bool getPropertyAttributes(ExecState*, const Identifier& propertyName, unsigned& attributes) const;
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        void init(CallFrame*);
+
+        OwnPtr<ArgumentsData> d;
+    };
+
+    Arguments* asArguments(JSValue);
+
+    inline Arguments* asArguments(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&Arguments::info));
+        return static_cast<Arguments*>(asObject(value));
+    }
+
+    ALWAYS_INLINE void Arguments::getArgumentsData(CallFrame* callFrame, JSObject*& callee, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc)
+    {
+        callee = callFrame->callee();
+
+        int numParameters;
+        if (callee->inherits(&JSFunction::info))
+            numParameters = JSC::asFunction(callee)->jsExecutable()->parameterCount();
+        else
+            numParameters = 0;
+
+        argc = callFrame->argumentCount();
+
+        if (argc <= numParameters)
+            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters;
+        else
+            argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numParameters - argc;
+
+        argc -= 1; // - 1 to skip "this"
+        firstParameterIndex = -RegisterFile::CallFrameHeaderSize - numParameters;
+    }
+
+    inline Arguments::Arguments(CallFrame* callFrame)
+        : JSObject(callFrame->lexicalGlobalObject()->argumentsStructure())
+        , d(new ArgumentsData)
+    {
+        JSObject* callee;
+        ptrdiff_t firstParameterIndex;
+        Register* argv;
+        int numArguments;
+        getArgumentsData(callFrame, callee, firstParameterIndex, argv, numArguments);
+
+        if (callee->inherits(&JSFunction::info))
+            d->numParameters = JSC::asFunction(callee)->jsExecutable()->parameterCount();
+        else
+            d->numParameters = 0;
+        d->firstParameterIndex = firstParameterIndex;
+        d->numArguments = numArguments;
+
+        d->activation = 0;
+        d->registers = callFrame->registers();
+
+        Register* extraArguments;
+        if (d->numArguments <= d->numParameters)
+            extraArguments = 0;
+        else {
+            unsigned numExtraArguments = d->numArguments - d->numParameters;
+            if (numExtraArguments > sizeof(d->extraArgumentsFixedBuffer) / sizeof(Register))
+                extraArguments = new Register[numExtraArguments];
+            else
+                extraArguments = d->extraArgumentsFixedBuffer;
+            for (unsigned i = 0; i < numExtraArguments; ++i)
+                extraArguments[i] = argv[d->numParameters + i];
+        }
+
+        d->extraArguments = extraArguments;
+
+        d->callee = callee;
+        d->overrodeLength = false;
+        d->overrodeCallee = false;
+    }
+
+    inline Arguments::Arguments(CallFrame* callFrame, NoParametersType)
+        : JSObject(callFrame->lexicalGlobalObject()->argumentsStructure())
+        , d(new ArgumentsData)
+    {
+        if (callFrame->callee() && callFrame->callee()->inherits(&JSC::JSFunction::info))
+            ASSERT(!asFunction(callFrame->callee())->jsExecutable()->parameterCount());
+
+        unsigned numArguments = callFrame->argumentCount() - 1;
+
+        d->numParameters = 0;
+        d->numArguments = numArguments;
+        d->activation = 0;
+
+        Register* extraArguments;
+        if (numArguments > sizeof(d->extraArgumentsFixedBuffer) / sizeof(Register))
+            extraArguments = new Register[numArguments];
+        else
+            extraArguments = d->extraArgumentsFixedBuffer;
+
+        Register* argv = callFrame->registers() - RegisterFile::CallFrameHeaderSize - numArguments - 1;
+        if (callFrame->callee() && !callFrame->callee()->inherits(&JSC::JSFunction::info))
+            ++argv; // ### off-by-one issue with native functions
+        for (unsigned i = 0; i < numArguments; ++i)
+            extraArguments[i] = argv[i];
+
+        d->extraArguments = extraArguments;
+
+        d->callee = callFrame->callee();
+        d->overrodeLength = false;
+        d->overrodeCallee = false;
+    }
+
+    inline void Arguments::copyRegisters()
+    {
+        ASSERT(!isTornOff());
+
+        if (!d->numParameters)
+            return;
+
+        int registerOffset = d->numParameters + RegisterFile::CallFrameHeaderSize;
+        size_t registerArraySize = d->numParameters;
+
+        Register* registerArray = new Register[registerArraySize];
+        memcpy(registerArray, d->registers - registerOffset, registerArraySize * sizeof(Register));
+        d->registerArray.set(registerArray);
+        d->registers = registerArray + registerOffset;
+    }
+
+    // This JSActivation function is defined here so it can get at Arguments::setRegisters.
+    inline void JSActivation::copyRegisters(Arguments* arguments)
+    {
+        ASSERT(!d()->registerArray);
+
+        size_t numParametersMinusThis = d()->functionExecutable->generatedBytecode().m_numParameters - 1;
+        size_t numVars = d()->functionExecutable->generatedBytecode().m_numVars;
+        size_t numLocals = numVars + numParametersMinusThis;
+
+        if (!numLocals)
+            return;
+
+        int registerOffset = numParametersMinusThis + RegisterFile::CallFrameHeaderSize;
+        size_t registerArraySize = numLocals + RegisterFile::CallFrameHeaderSize;
+
+        Register* registerArray = copyRegisterArray(d()->registers - registerOffset, registerArraySize);
+        setRegisters(registerArray + registerOffset, registerArray);
+        if (arguments && !arguments->isTornOff())
+            static_cast<Arguments*>(arguments)->setActivation(this);
+    }
+
+    ALWAYS_INLINE Arguments* Register::arguments() const
+    {
+        if (jsValue() == JSValue())
+            return 0;
+        return asArguments(jsValue());
+    }
+    
+
+} // namespace JSC
+
+#endif // Arguments_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.cpp
new file mode 100644
index 000000000..c60cb0ed6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.cpp
@@ -0,0 +1,97 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "ArrayConstructor.h"
+
+#include "ArrayPrototype.h"
+#include "Error.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "Lookup.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ArrayConstructor);
+    
+static JSValue JSC_HOST_CALL arrayConstructorIsArray(ExecState*, JSObject*, JSValue, const ArgList&);
+
+ArrayConstructor::ArrayConstructor(ExecState* exec, PassRefPtr<Structure> structure, ArrayPrototype* arrayPrototype, Structure* prototypeFunctionStructure)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, arrayPrototype->classInfo()->className))
+{
+    // ECMA 15.4.3.1 Array.prototype
+    putDirectWithoutTransition(exec->propertyNames().prototype, arrayPrototype, DontEnum | DontDelete | ReadOnly);
+
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontEnum | DontDelete);
+
+    // ES5
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().isArray, arrayConstructorIsArray), DontEnum);
+}
+
+static JSObject* constructArrayWithSizeQuirk(ExecState* exec, const ArgList& args)
+{
+    // a single numeric argument denotes the array size (!)
+    if (args.size() == 1 && args.at(0).isNumber()) {
+        uint32_t n = args.at(0).toUInt32(exec);
+        if (n != args.at(0).toNumber(exec))
+            return throwError(exec, RangeError, "Array size is not a small enough positive integer.");
+        return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), n);
+    }
+
+    // otherwise the array is constructed with the arguments in it
+    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), args);
+}
+
+static JSObject* constructWithArrayConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructArrayWithSizeQuirk(exec, args);
+}
+
+// ECMA 15.4.2
+ConstructType ArrayConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithArrayConstructor;
+    return ConstructTypeHost;
+}
+
+static JSValue JSC_HOST_CALL callArrayConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return constructArrayWithSizeQuirk(exec, args);
+}
+
+// ECMA 15.6.1
+CallType ArrayConstructor::getCallData(CallData& callData)
+{
+    // equivalent to 'new Array(....)'
+    callData.native.function = callArrayConstructor;
+    return CallTypeHost;
+}
+
+JSValue JSC_HOST_CALL arrayConstructorIsArray(ExecState*, JSObject*, JSValue, const ArgList& args)
+{
+    return jsBoolean(args.at(0).inherits(&JSArray::info));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.h
new file mode 100644
index 000000000..2b7951014
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayConstructor.h
@@ -0,0 +1,40 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ArrayConstructor_h
+#define ArrayConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class ArrayPrototype;
+
+    class ArrayConstructor : public InternalFunction {
+    public:
+        ArrayConstructor(ExecState*, PassRefPtr<Structure>, ArrayPrototype*, Structure*);
+
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+} // namespace JSC
+
+#endif // ArrayConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.cpp
new file mode 100644
index 000000000..c453b22ee
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.cpp
@@ -0,0 +1,1075 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "ArrayPrototype.h"
+
+#include "CodeBlock.h"
+#include "CachedCall.h"
+#include "Interpreter.h"
+#include "JIT.h"
+#include "ObjectPrototype.h"
+#include "Lookup.h"
+#include "Operations.h"
+#include <algorithm>
+#include <wtf/Assertions.h>
+#include <wtf/HashSet.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ArrayPrototype);
+
+static JSValue JSC_HOST_CALL arrayProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncPop(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncSort(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(ExecState*, JSObject*, JSValue, const ArgList&);
+
+}
+
+#include "ArrayPrototype.lut.h"
+
+namespace JSC {
+
+static inline bool isNumericCompareFunction(ExecState* exec, CallType callType, const CallData& callData)
+{
+    if (callType != CallTypeJS)
+        return false;
+
+#if ENABLE(JIT)
+    // If the JIT is enabled then we need to preserve the invariant that every
+    // function with a CodeBlock also has JIT code.
+    callData.js.functionExecutable->jitCode(exec, callData.js.scopeChain);
+    CodeBlock& codeBlock = callData.js.functionExecutable->generatedBytecode();
+#else
+    CodeBlock& codeBlock = callData.js.functionExecutable->bytecode(exec, callData.js.scopeChain);
+#endif
+
+    return codeBlock.isNumericCompareFunction();
+}
+
+// ------------------------------ ArrayPrototype ----------------------------
+
+const ClassInfo ArrayPrototype::info = {"Array", &JSArray::info, 0, ExecState::arrayTable};
+
+/* Source for ArrayPrototype.lut.h
+@begin arrayTable 16
+  toString       arrayProtoFuncToString       DontEnum|Function 0
+  toLocaleString arrayProtoFuncToLocaleString DontEnum|Function 0
+  concat         arrayProtoFuncConcat         DontEnum|Function 1
+  join           arrayProtoFuncJoin           DontEnum|Function 1
+  pop            arrayProtoFuncPop            DontEnum|Function 0
+  push           arrayProtoFuncPush           DontEnum|Function 1
+  reverse        arrayProtoFuncReverse        DontEnum|Function 0
+  shift          arrayProtoFuncShift          DontEnum|Function 0
+  slice          arrayProtoFuncSlice          DontEnum|Function 2
+  sort           arrayProtoFuncSort           DontEnum|Function 1
+  splice         arrayProtoFuncSplice         DontEnum|Function 2
+  unshift        arrayProtoFuncUnShift        DontEnum|Function 1
+  every          arrayProtoFuncEvery          DontEnum|Function 1
+  forEach        arrayProtoFuncForEach        DontEnum|Function 1
+  some           arrayProtoFuncSome           DontEnum|Function 1
+  indexOf        arrayProtoFuncIndexOf        DontEnum|Function 1
+  lastIndexOf    arrayProtoFuncLastIndexOf    DontEnum|Function 1
+  filter         arrayProtoFuncFilter         DontEnum|Function 1
+  reduce         arrayProtoFuncReduce         DontEnum|Function 1
+  reduceRight    arrayProtoFuncReduceRight    DontEnum|Function 1
+  map            arrayProtoFuncMap            DontEnum|Function 1
+@end
+*/
+
+// ECMA 15.4.4
+ArrayPrototype::ArrayPrototype(PassRefPtr<Structure> structure)
+    : JSArray(structure)
+{
+}
+
+bool ArrayPrototype::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticFunctionSlot<JSArray>(exec, ExecState::arrayTable(exec), this, propertyName, slot);
+}
+
+bool ArrayPrototype::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticFunctionDescriptor<JSArray>(exec, ExecState::arrayTable(exec), this, propertyName, descriptor);
+}
+
+// ------------------------------ Array Functions ----------------------------
+
+// Helper function
+static JSValue getProperty(ExecState* exec, JSObject* obj, unsigned index)
+{
+    PropertySlot slot(obj);
+    if (!obj->getPropertySlot(exec, index, slot))
+        return JSValue();
+    return slot.getValue(exec, index);
+}
+
+static void putProperty(ExecState* exec, JSObject* obj, const Identifier& propertyName, JSValue value)
+{
+    PutPropertySlot slot;
+    obj->put(exec, propertyName, value, slot);
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    bool isRealArray = isJSArray(&exec->globalData(), thisValue);
+    if (!isRealArray && !thisValue.inherits(&JSArray::info))
+        return throwError(exec, TypeError);
+    JSArray* thisObj = asArray(thisValue);
+    
+    HashSet<JSObject*>& arrayVisitedElements = exec->globalData().arrayVisitedElements;
+    if (arrayVisitedElements.size() >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || arrayVisitedElements.size() >= MaxMainThreadReentryDepth)
+            return throwError(exec, RangeError, "Maximum call stack size exceeded.");
+    }
+
+    bool alreadyVisited = !arrayVisitedElements.add(thisObj).second;
+    if (alreadyVisited)
+        return jsEmptyString(exec); // return an empty string, avoiding infinite recursion.
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned totalSize = length ? length - 1 : 0;
+    Vector<RefPtr<UString::Rep>, 256> strBuffer(length);
+    for (unsigned k = 0; k < length; k++) {
+        JSValue element;
+        if (isRealArray && thisObj->canGetIndex(k))
+            element = thisObj->getIndex(k);
+        else
+            element = thisObj->get(exec, k);
+        
+        if (element.isUndefinedOrNull())
+            continue;
+        
+        UString str = element.toString(exec);
+        strBuffer[k] = str.rep();
+        totalSize += str.size();
+        
+        if (!strBuffer.data()) {
+            JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+            exec->setException(error);
+        }
+        
+        if (exec->hadException())
+            break;
+    }
+    arrayVisitedElements.remove(thisObj);
+    if (!totalSize)
+        return jsEmptyString(exec);
+    Vector<UChar> buffer;
+    buffer.reserveCapacity(totalSize);
+    if (!buffer.data())
+        return throwError(exec, GeneralError, "Out of memory");
+        
+    for (unsigned i = 0; i < length; i++) {
+        if (i)
+            buffer.append(',');
+        if (RefPtr<UString::Rep> rep = strBuffer[i])
+            buffer.append(rep->data(), rep->size());
+    }
+    ASSERT(buffer.size() == totalSize);
+    unsigned finalSize = buffer.size();
+    return jsString(exec, UString(buffer.releaseBuffer(), finalSize, false));
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncToLocaleString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&JSArray::info))
+        return throwError(exec, TypeError);
+    JSObject* thisObj = asArray(thisValue);
+
+    HashSet<JSObject*>& arrayVisitedElements = exec->globalData().arrayVisitedElements;
+    if (arrayVisitedElements.size() >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || arrayVisitedElements.size() >= MaxMainThreadReentryDepth)
+            return throwError(exec, RangeError, "Maximum call stack size exceeded.");
+    }
+
+    bool alreadyVisited = !arrayVisitedElements.add(thisObj).second;
+    if (alreadyVisited)
+        return jsEmptyString(exec); // return an empty string, avoding infinite recursion.
+
+    Vector<UChar, 256> strBuffer;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    for (unsigned k = 0; k < length; k++) {
+        if (k >= 1)
+            strBuffer.append(',');
+        if (!strBuffer.data()) {
+            JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+            exec->setException(error);
+            break;
+        }
+
+        JSValue element = thisObj->get(exec, k);
+        if (element.isUndefinedOrNull())
+            continue;
+
+        JSObject* o = element.toObject(exec);
+        JSValue conversionFunction = o->get(exec, exec->propertyNames().toLocaleString);
+        UString str;
+        CallData callData;
+        CallType callType = conversionFunction.getCallData(callData);
+        if (callType != CallTypeNone)
+            str = call(exec, conversionFunction, callType, callData, element, exec->emptyList()).toString(exec);
+        else
+            str = element.toString(exec);
+        strBuffer.append(str.data(), str.size());
+
+        if (!strBuffer.data()) {
+            JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+            exec->setException(error);
+        }
+
+        if (exec->hadException())
+            break;
+    }
+    arrayVisitedElements.remove(thisObj);
+    return jsString(exec, UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncJoin(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    HashSet<JSObject*>& arrayVisitedElements = exec->globalData().arrayVisitedElements;
+    if (arrayVisitedElements.size() >= MaxSecondaryThreadReentryDepth) {
+        if (!isMainThread() || arrayVisitedElements.size() >= MaxMainThreadReentryDepth)
+            return throwError(exec, RangeError, "Maximum call stack size exceeded.");
+    }
+
+    bool alreadyVisited = !arrayVisitedElements.add(thisObj).second;
+    if (alreadyVisited)
+        return jsEmptyString(exec); // return an empty string, avoding infinite recursion.
+
+    Vector<UChar, 256> strBuffer;
+
+    UChar comma = ',';
+    UString separator = args.at(0).isUndefined() ? UString(&comma, 1) : args.at(0).toString(exec);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    for (unsigned k = 0; k < length; k++) {
+        if (k >= 1)
+            strBuffer.append(separator.data(), separator.size());
+        if (!strBuffer.data()) {
+            JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+            exec->setException(error);
+            break;
+        }
+
+        JSValue element = thisObj->get(exec, k);
+        if (element.isUndefinedOrNull())
+            continue;
+
+        UString str = element.toString(exec);
+        strBuffer.append(str.data(), str.size());
+
+        if (!strBuffer.data()) {
+            JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+            exec->setException(error);
+        }
+
+        if (exec->hadException())
+            break;
+    }
+    arrayVisitedElements.remove(thisObj);
+    return jsString(exec, UString(strBuffer.data(), strBuffer.data() ? strBuffer.size() : 0));
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncConcat(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSArray* arr = constructEmptyArray(exec);
+    int n = 0;
+    JSValue curArg = thisValue.toThisObject(exec);
+    ArgList::const_iterator it = args.begin();
+    ArgList::const_iterator end = args.end();
+    while (1) {
+        if (curArg.inherits(&JSArray::info)) {
+            unsigned length = curArg.get(exec, exec->propertyNames().length).toUInt32(exec);
+            JSObject* curObject = curArg.toObject(exec);
+            for (unsigned k = 0; k < length; ++k) {
+                if (JSValue v = getProperty(exec, curObject, k))
+                    arr->put(exec, n, v);
+                n++;
+            }
+        } else {
+            arr->put(exec, n, curArg);
+            n++;
+        }
+        if (it == end)
+            break;
+        curArg = (*it);
+        ++it;
+    }
+    arr->setLength(n);
+    return arr;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncPop(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (isJSArray(&exec->globalData(), thisValue))
+        return asArray(thisValue)->pop();
+
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    JSValue result;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (length == 0) {
+        putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length));
+        result = jsUndefined();
+    } else {
+        result = thisObj->get(exec, length - 1);
+        thisObj->deleteProperty(exec, length - 1);
+        putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length - 1));
+    }
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncPush(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (isJSArray(&exec->globalData(), thisValue) && args.size() == 1) {
+        JSArray* array = asArray(thisValue);
+        array->push(exec, *args.begin());
+        return jsNumber(exec, array->length());
+    }
+
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    for (unsigned n = 0; n < args.size(); n++)
+        thisObj->put(exec, length + n, args.at(n));
+    length += args.size();
+    putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length));
+    return jsNumber(exec, length);
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncReverse(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned middle = length / 2;
+
+    for (unsigned k = 0; k < middle; k++) {
+        unsigned lk1 = length - k - 1;
+        JSValue obj2 = getProperty(exec, thisObj, lk1);
+        JSValue obj = getProperty(exec, thisObj, k);
+
+        if (obj2)
+            thisObj->put(exec, k, obj2);
+        else
+            thisObj->deleteProperty(exec, k);
+
+        if (obj)
+            thisObj->put(exec, lk1, obj);
+        else
+            thisObj->deleteProperty(exec, lk1);
+    }
+    return thisObj;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncShift(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    JSValue result;
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (length == 0) {
+        putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length));
+        result = jsUndefined();
+    } else {
+        result = thisObj->get(exec, 0);
+        for (unsigned k = 1; k < length; k++) {
+            if (JSValue obj = getProperty(exec, thisObj, k))
+                thisObj->put(exec, k - 1, obj);
+            else
+                thisObj->deleteProperty(exec, k - 1);
+        }
+        thisObj->deleteProperty(exec, length - 1);
+        putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length - 1));
+    }
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncSlice(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    // http://developer.netscape.com/docs/manuals/js/client/jsref/array.htm#1193713 or 15.4.4.10
+
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    // We return a new array
+    JSArray* resObj = constructEmptyArray(exec);
+    JSValue result = resObj;
+    double begin = args.at(0).toInteger(exec);
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (begin >= 0) {
+        if (begin > length)
+            begin = length;
+    } else {
+        begin += length;
+        if (begin < 0)
+            begin = 0;
+    }
+    double end;
+    if (args.at(1).isUndefined())
+        end = length;
+    else {
+        end = args.at(1).toInteger(exec);
+        if (end < 0) {
+            end += length;
+            if (end < 0)
+                end = 0;
+        } else {
+            if (end > length)
+                end = length;
+        }
+    }
+
+    int n = 0;
+    int b = static_cast<int>(begin);
+    int e = static_cast<int>(end);
+    for (int k = b; k < e; k++, n++) {
+        if (JSValue v = getProperty(exec, thisObj, k))
+            resObj->put(exec, n, v);
+    }
+    resObj->setLength(n);
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncSort(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+
+    if (thisObj->classInfo() == &JSArray::info) {
+        if (isNumericCompareFunction(exec, callType, callData))
+            asArray(thisObj)->sortNumeric(exec, function, callType, callData);
+        else if (callType != CallTypeNone)
+            asArray(thisObj)->sort(exec, function, callType, callData);
+        else
+            asArray(thisObj)->sort(exec);
+        return thisObj;
+    }
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+
+    if (!length)
+        return thisObj;
+
+    // "Min" sort. Not the fastest, but definitely less code than heapsort
+    // or quicksort, and much less swapping than bubblesort/insertionsort.
+    for (unsigned i = 0; i < length - 1; ++i) {
+        JSValue iObj = thisObj->get(exec, i);
+        unsigned themin = i;
+        JSValue minObj = iObj;
+        for (unsigned j = i + 1; j < length; ++j) {
+            JSValue jObj = thisObj->get(exec, j);
+            double compareResult;
+            if (jObj.isUndefined())
+                compareResult = 1; // don't check minObj because there's no need to differentiate == (0) from > (1)
+            else if (minObj.isUndefined())
+                compareResult = -1;
+            else if (callType != CallTypeNone) {
+                MarkedArgumentBuffer l;
+                l.append(jObj);
+                l.append(minObj);
+                compareResult = call(exec, function, callType, callData, exec->globalThisValue(), l).toNumber(exec);
+            } else
+                compareResult = (jObj.toString(exec) < minObj.toString(exec)) ? -1 : 1;
+
+            if (compareResult < 0) {
+                themin = j;
+                minObj = jObj;
+            }
+        }
+        // Swap themin and i
+        if (themin > i) {
+            thisObj->put(exec, i, minObj);
+            thisObj->put(exec, themin, iObj);
+        }
+    }
+    return thisObj;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    // 15.4.4.12
+    JSArray* resObj = constructEmptyArray(exec);
+    JSValue result = resObj;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (!args.size())
+        return jsUndefined();
+    int begin = args.at(0).toUInt32(exec);
+    if (begin < 0)
+        begin = std::max<int>(begin + length, 0);
+    else
+        begin = std::min<int>(begin, length);
+
+    unsigned deleteCount;
+    if (args.size() > 1)
+        deleteCount = std::min<int>(std::max<int>(args.at(1).toUInt32(exec), 0), length - begin);
+    else
+        deleteCount = length - begin;
+
+    for (unsigned k = 0; k < deleteCount; k++) {
+        if (JSValue v = getProperty(exec, thisObj, k + begin))
+            resObj->put(exec, k, v);
+    }
+    resObj->setLength(deleteCount);
+
+    unsigned additionalArgs = std::max<int>(args.size() - 2, 0);
+    if (additionalArgs != deleteCount) {
+        if (additionalArgs < deleteCount) {
+            for (unsigned k = begin; k < length - deleteCount; ++k) {
+                if (JSValue v = getProperty(exec, thisObj, k + deleteCount))
+                    thisObj->put(exec, k + additionalArgs, v);
+                else
+                    thisObj->deleteProperty(exec, k + additionalArgs);
+            }
+            for (unsigned k = length; k > length - deleteCount + additionalArgs; --k)
+                thisObj->deleteProperty(exec, k - 1);
+        } else {
+            for (unsigned k = length - deleteCount; (int)k > begin; --k) {
+                if (JSValue obj = getProperty(exec, thisObj, k + deleteCount - 1))
+                    thisObj->put(exec, k + additionalArgs - 1, obj);
+                else
+                    thisObj->deleteProperty(exec, k + additionalArgs - 1);
+            }
+        }
+    }
+    for (unsigned k = 0; k < additionalArgs; ++k)
+        thisObj->put(exec, k + begin, args.at(k + 2));
+
+    putProperty(exec, thisObj, exec->propertyNames().length, jsNumber(exec, length - deleteCount + additionalArgs));
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncUnShift(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    // 15.4.4.13
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned nrArgs = args.size();
+    if (nrArgs) {
+        for (unsigned k = length; k > 0; --k) {
+            if (JSValue v = getProperty(exec, thisObj, k - 1))
+                thisObj->put(exec, k + nrArgs - 1, v);
+            else
+                thisObj->deleteProperty(exec, k + nrArgs - 1);
+        }
+    }
+    for (unsigned k = 0; k < nrArgs; ++k)
+        thisObj->put(exec, k, args.at(k));
+    JSValue result = jsNumber(exec, length + nrArgs);
+    putProperty(exec, thisObj, exec->propertyNames().length, result);
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncFilter(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSObject* applyThis = args.at(1).isUndefinedOrNull() ? exec->globalThisValue() : args.at(1).toObject(exec);
+    JSArray* resultArray = constructEmptyArray(exec);
+
+    unsigned filterIndex = 0;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned k = 0;
+    if (callType == CallTypeJS && isJSArray(&exec->globalData(), thisObj)) {
+        JSFunction* f = asFunction(function);
+        JSArray* array = asArray(thisObj);
+        CachedCall cachedCall(exec, f, 3, exec->exceptionSlot());
+        for (; k < length && !exec->hadException(); ++k) {
+            if (!array->canGetIndex(k))
+                break;
+            JSValue v = array->getIndex(k);
+            cachedCall.setThis(applyThis);
+            cachedCall.setArgument(0, v);
+            cachedCall.setArgument(1, jsNumber(exec, k));
+            cachedCall.setArgument(2, thisObj);
+            
+            JSValue result = cachedCall.call();
+            if (result.toBoolean(exec))
+                resultArray->put(exec, filterIndex++, v);
+        }
+        if (k == length)
+            return resultArray;
+    }
+    for (; k < length && !exec->hadException(); ++k) {
+        PropertySlot slot(thisObj);
+
+        if (!thisObj->getPropertySlot(exec, k, slot))
+            continue;
+
+        JSValue v = slot.getValue(exec, k);
+
+        MarkedArgumentBuffer eachArguments;
+
+        eachArguments.append(v);
+        eachArguments.append(jsNumber(exec, k));
+        eachArguments.append(thisObj);
+
+        JSValue result = call(exec, function, callType, callData, applyThis, eachArguments);
+
+        if (result.toBoolean(exec))
+            resultArray->put(exec, filterIndex++, v);
+    }
+    return resultArray;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncMap(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSObject* applyThis = args.at(1).isUndefinedOrNull() ? exec->globalThisValue() : args.at(1).toObject(exec);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+
+    JSArray* resultArray = constructEmptyArray(exec, length);
+    unsigned k = 0;
+    if (callType == CallTypeJS && isJSArray(&exec->globalData(), thisObj)) {
+        JSFunction* f = asFunction(function);
+        JSArray* array = asArray(thisObj);
+        CachedCall cachedCall(exec, f, 3, exec->exceptionSlot());
+        for (; k < length && !exec->hadException(); ++k) {
+            if (UNLIKELY(!array->canGetIndex(k)))
+                break;
+
+            cachedCall.setThis(applyThis);
+            cachedCall.setArgument(0, array->getIndex(k));
+            cachedCall.setArgument(1, jsNumber(exec, k));
+            cachedCall.setArgument(2, thisObj);
+
+            resultArray->JSArray::put(exec, k, cachedCall.call());
+        }
+    }
+    for (; k < length && !exec->hadException(); ++k) {
+        PropertySlot slot(thisObj);
+        if (!thisObj->getPropertySlot(exec, k, slot))
+            continue;
+
+        JSValue v = slot.getValue(exec, k);
+
+        MarkedArgumentBuffer eachArguments;
+
+        eachArguments.append(v);
+        eachArguments.append(jsNumber(exec, k));
+        eachArguments.append(thisObj);
+
+        JSValue result = call(exec, function, callType, callData, applyThis, eachArguments);
+        resultArray->put(exec, k, result);
+    }
+
+    return resultArray;
+}
+
+// Documentation for these three is available at:
+// http://developer-test.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Objects:Array:every
+// http://developer-test.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Objects:Array:forEach
+// http://developer-test.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Objects:Array:some
+
+JSValue JSC_HOST_CALL arrayProtoFuncEvery(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSObject* applyThis = args.at(1).isUndefinedOrNull() ? exec->globalThisValue() : args.at(1).toObject(exec);
+
+    JSValue result = jsBoolean(true);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned k = 0;
+    if (callType == CallTypeJS && isJSArray(&exec->globalData(), thisObj)) {
+        JSFunction* f = asFunction(function);
+        JSArray* array = asArray(thisObj);
+        CachedCall cachedCall(exec, f, 3, exec->exceptionSlot());
+        for (; k < length && !exec->hadException(); ++k) {
+            if (UNLIKELY(!array->canGetIndex(k)))
+                break;
+            
+            cachedCall.setThis(applyThis);
+            cachedCall.setArgument(0, array->getIndex(k));
+            cachedCall.setArgument(1, jsNumber(exec, k));
+            cachedCall.setArgument(2, thisObj);
+            
+            if (!cachedCall.call().toBoolean(exec))
+                return jsBoolean(false);
+        }
+    }
+    for (; k < length && !exec->hadException(); ++k) {
+        PropertySlot slot(thisObj);
+
+        if (!thisObj->getPropertySlot(exec, k, slot))
+            continue;
+
+        MarkedArgumentBuffer eachArguments;
+
+        eachArguments.append(slot.getValue(exec, k));
+        eachArguments.append(jsNumber(exec, k));
+        eachArguments.append(thisObj);
+
+        bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean(exec);
+
+        if (!predicateResult) {
+            result = jsBoolean(false);
+            break;
+        }
+    }
+
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncForEach(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSObject* applyThis = args.at(1).isUndefinedOrNull() ? exec->globalThisValue() : args.at(1).toObject(exec);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned k = 0;
+    if (callType == CallTypeJS && isJSArray(&exec->globalData(), thisObj)) {
+        JSFunction* f = asFunction(function);
+        JSArray* array = asArray(thisObj);
+        CachedCall cachedCall(exec, f, 3, exec->exceptionSlot());
+        for (; k < length && !exec->hadException(); ++k) {
+            if (UNLIKELY(!array->canGetIndex(k)))
+                break;
+
+            cachedCall.setThis(applyThis);
+            cachedCall.setArgument(0, array->getIndex(k));
+            cachedCall.setArgument(1, jsNumber(exec, k));
+            cachedCall.setArgument(2, thisObj);
+
+            cachedCall.call();
+        }
+    }
+    for (; k < length && !exec->hadException(); ++k) {
+        PropertySlot slot(thisObj);
+        if (!thisObj->getPropertySlot(exec, k, slot))
+            continue;
+
+        MarkedArgumentBuffer eachArguments;
+        eachArguments.append(slot.getValue(exec, k));
+        eachArguments.append(jsNumber(exec, k));
+        eachArguments.append(thisObj);
+
+        call(exec, function, callType, callData, applyThis, eachArguments);
+    }
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncSome(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSObject* applyThis = args.at(1).isUndefinedOrNull() ? exec->globalThisValue() : args.at(1).toObject(exec);
+
+    JSValue result = jsBoolean(false);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    unsigned k = 0;
+    if (callType == CallTypeJS && isJSArray(&exec->globalData(), thisObj)) {
+        JSFunction* f = asFunction(function);
+        JSArray* array = asArray(thisObj);
+        CachedCall cachedCall(exec, f, 3, exec->exceptionSlot());
+        for (; k < length && !exec->hadException(); ++k) {
+            if (UNLIKELY(!array->canGetIndex(k)))
+                break;
+            
+            cachedCall.setThis(applyThis);
+            cachedCall.setArgument(0, array->getIndex(k));
+            cachedCall.setArgument(1, jsNumber(exec, k));
+            cachedCall.setArgument(2, thisObj);
+            
+            if (cachedCall.call().toBoolean(exec))
+                return jsBoolean(true);
+        }
+    }
+    for (; k < length && !exec->hadException(); ++k) {
+        PropertySlot slot(thisObj);
+        if (!thisObj->getPropertySlot(exec, k, slot))
+            continue;
+
+        MarkedArgumentBuffer eachArguments;
+        eachArguments.append(slot.getValue(exec, k));
+        eachArguments.append(jsNumber(exec, k));
+        eachArguments.append(thisObj);
+
+        bool predicateResult = call(exec, function, callType, callData, applyThis, eachArguments).toBoolean(exec);
+
+        if (predicateResult) {
+            result = jsBoolean(true);
+            break;
+        }
+    }
+    return result;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncReduce(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    unsigned i = 0;
+    JSValue rv;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (!length && args.size() == 1)
+        return throwError(exec, TypeError);
+    JSArray* array = 0;
+    if (isJSArray(&exec->globalData(), thisObj))
+        array = asArray(thisObj);
+
+    if (args.size() >= 2)
+        rv = args.at(1);
+    else if (array && array->canGetIndex(0)){
+        rv = array->getIndex(0);
+        i = 1;
+    } else {
+        for (i = 0; i < length; i++) {
+            rv = getProperty(exec, thisObj, i);
+            if (rv)
+                break;
+        }
+        if (!rv)
+            return throwError(exec, TypeError);
+        i++;
+    }
+
+    if (callType == CallTypeJS && array) {
+        CachedCall cachedCall(exec, asFunction(function), 4, exec->exceptionSlot());
+        for (; i < length && !exec->hadException(); ++i) {
+            cachedCall.setThis(jsNull());
+            cachedCall.setArgument(0, rv);
+            JSValue v;
+            if (LIKELY(array->canGetIndex(i)))
+                v = array->getIndex(i);
+            else
+                break; // length has been made unsafe while we enumerate fallback to slow path
+            cachedCall.setArgument(1, v);
+            cachedCall.setArgument(2, jsNumber(exec, i));
+            cachedCall.setArgument(3, array);
+            rv = cachedCall.call();
+        }
+        if (i == length) // only return if we reached the end of the array
+            return rv;
+    }
+
+    for (; i < length && !exec->hadException(); ++i) {
+        JSValue prop = getProperty(exec, thisObj, i);
+        if (!prop)
+            continue;
+        
+        MarkedArgumentBuffer eachArguments;
+        eachArguments.append(rv);
+        eachArguments.append(prop);
+        eachArguments.append(jsNumber(exec, i));
+        eachArguments.append(thisObj);
+        
+        rv = call(exec, function, callType, callData, jsNull(), eachArguments);
+    }
+    return rv;
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncReduceRight(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+    
+    JSValue function = args.at(0);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+    
+    unsigned i = 0;
+    JSValue rv;
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (!length && args.size() == 1)
+        return throwError(exec, TypeError);
+    JSArray* array = 0;
+    if (isJSArray(&exec->globalData(), thisObj))
+        array = asArray(thisObj);
+    
+    if (args.size() >= 2)
+        rv = args.at(1);
+    else if (array && array->canGetIndex(length - 1)){
+        rv = array->getIndex(length - 1);
+        i = 1;
+    } else {
+        for (i = 0; i < length; i++) {
+            rv = getProperty(exec, thisObj, length - i - 1);
+            if (rv)
+                break;
+        }
+        if (!rv)
+            return throwError(exec, TypeError);
+        i++;
+    }
+    
+    if (callType == CallTypeJS && array) {
+        CachedCall cachedCall(exec, asFunction(function), 4, exec->exceptionSlot());
+        for (; i < length && !exec->hadException(); ++i) {
+            unsigned idx = length - i - 1;
+            cachedCall.setThis(jsNull());
+            cachedCall.setArgument(0, rv);
+            if (UNLIKELY(!array->canGetIndex(idx)))
+                break; // length has been made unsafe while we enumerate fallback to slow path
+            cachedCall.setArgument(1, array->getIndex(idx));
+            cachedCall.setArgument(2, jsNumber(exec, idx));
+            cachedCall.setArgument(3, array);
+            rv = cachedCall.call();
+        }
+        if (i == length) // only return if we reached the end of the array
+            return rv;
+    }
+    
+    for (; i < length && !exec->hadException(); ++i) {
+        unsigned idx = length - i - 1;
+        JSValue prop = getProperty(exec, thisObj, idx);
+        if (!prop)
+            continue;
+        
+        MarkedArgumentBuffer eachArguments;
+        eachArguments.append(rv);
+        eachArguments.append(prop);
+        eachArguments.append(jsNumber(exec, idx));
+        eachArguments.append(thisObj);
+        
+        rv = call(exec, function, callType, callData, jsNull(), eachArguments);
+    }
+    return rv;        
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncIndexOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    // JavaScript 1.5 Extension by Mozilla
+    // Documentation: http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Global_Objects:Array:indexOf
+
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    unsigned index = 0;
+    double d = args.at(1).toInteger(exec);
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    if (d < 0)
+        d += length;
+    if (d > 0) {
+        if (d > length)
+            index = length;
+        else
+            index = static_cast<unsigned>(d);
+    }
+
+    JSValue searchElement = args.at(0);
+    for (; index < length; ++index) {
+        JSValue e = getProperty(exec, thisObj, index);
+        if (!e)
+            continue;
+        if (JSValue::strictEqual(searchElement, e))
+            return jsNumber(exec, index);
+    }
+
+    return jsNumber(exec, -1);
+}
+
+JSValue JSC_HOST_CALL arrayProtoFuncLastIndexOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    // JavaScript 1.6 Extension by Mozilla
+    // Documentation: http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Global_Objects:Array:lastIndexOf
+
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    unsigned length = thisObj->get(exec, exec->propertyNames().length).toUInt32(exec);
+    int index = length - 1;
+    double d = args.at(1).toIntegerPreserveNaN(exec);
+
+    if (d < 0) {
+        d += length;
+        if (d < 0)
+            return jsNumber(exec, -1);
+    }
+    if (d < length)
+        index = static_cast<int>(d);
+
+    JSValue searchElement = args.at(0);
+    for (; index >= 0; --index) {
+        JSValue e = getProperty(exec, thisObj, index);
+        if (!e)
+            continue;
+        if (JSValue::strictEqual(searchElement, e))
+            return jsNumber(exec, index);
+    }
+
+    return jsNumber(exec, -1);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.h
new file mode 100644
index 000000000..6f7ed1224
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ArrayPrototype.h
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ArrayPrototype_h
+#define ArrayPrototype_h
+
+#include "JSArray.h"
+#include "Lookup.h"
+
+namespace JSC {
+
+    class ArrayPrototype : public JSArray {
+    public:
+        explicit ArrayPrototype(PassRefPtr<Structure>);
+
+        bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+    };
+
+} // namespace JSC
+
+#endif // ArrayPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BatchedTransitionOptimizer.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
new file mode 100644
index 000000000..929a5e78b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BatchedTransitionOptimizer.h
@@ -0,0 +1,55 @@
+// -*- mode: c++; c-basic-offset: 4 -*-
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef BatchedTransitionOptimizer_h
+#define BatchedTransitionOptimizer_h
+
+#include <wtf/Noncopyable.h>
+#include "JSObject.h"
+
+namespace JSC {
+
+    class BatchedTransitionOptimizer : public Noncopyable {
+    public:
+        BatchedTransitionOptimizer(JSObject* object)
+            : m_object(object)
+        {
+            if (!m_object->structure()->isDictionary())
+                m_object->setStructure(Structure::toCacheableDictionaryTransition(m_object->structure()));
+        }
+
+        ~BatchedTransitionOptimizer()
+        {
+            m_object->setStructure(Structure::fromDictionaryTransition(m_object->structure()));
+        }
+
+    private:
+        JSObject* m_object;
+    };
+
+} // namespace JSC
+
+#endif // BatchedTransitionOptimizer_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.cpp
new file mode 100644
index 000000000..9fcba374c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.cpp
@@ -0,0 +1,78 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "BooleanConstructor.h"
+
+#include "BooleanPrototype.h"
+#include "JSGlobalObject.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(BooleanConstructor);
+
+BooleanConstructor::BooleanConstructor(ExecState* exec, PassRefPtr<Structure> structure, BooleanPrototype* booleanPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, booleanPrototype->classInfo()->className))
+{
+    putDirectWithoutTransition(exec->propertyNames().prototype, booleanPrototype, DontEnum | DontDelete | ReadOnly);
+
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontDelete | DontEnum);
+}
+
+// ECMA 15.6.2
+JSObject* constructBoolean(ExecState* exec, const ArgList& args)
+{
+    BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
+    obj->setInternalValue(jsBoolean(args.at(0).toBoolean(exec)));
+    return obj;
+}
+
+static JSObject* constructWithBooleanConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructBoolean(exec, args);
+}
+
+ConstructType BooleanConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithBooleanConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.6.1
+static JSValue JSC_HOST_CALL callBooleanConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsBoolean(args.at(0).toBoolean(exec));
+}
+
+CallType BooleanConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callBooleanConstructor;
+    return CallTypeHost;
+}
+
+JSObject* constructBooleanFromImmediateBoolean(ExecState* exec, JSValue immediateBooleanValue)
+{
+    BooleanObject* obj = new (exec) BooleanObject(exec->lexicalGlobalObject()->booleanObjectStructure());
+    obj->setInternalValue(immediateBooleanValue);
+    return obj;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.h
new file mode 100644
index 000000000..d9f51ab52
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanConstructor.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef BooleanConstructor_h
+#define BooleanConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class BooleanPrototype;
+
+    class BooleanConstructor : public InternalFunction {
+    public:
+        BooleanConstructor(ExecState*, PassRefPtr<Structure>, BooleanPrototype*);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+    JSObject* constructBooleanFromImmediateBoolean(ExecState*, JSValue);
+    JSObject* constructBoolean(ExecState*, const ArgList&);
+
+} // namespace JSC
+
+#endif // BooleanConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.cpp
new file mode 100644
index 000000000..01f695a8e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.cpp
@@ -0,0 +1,35 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "BooleanObject.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(BooleanObject);
+
+const ClassInfo BooleanObject::info = { "Boolean", 0, 0, 0 };
+
+BooleanObject::BooleanObject(PassRefPtr<Structure> structure)
+    : JSWrapperObject(structure)
+{
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.h
new file mode 100644
index 000000000..5f3e5f070
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanObject.h
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef BooleanObject_h
+#define BooleanObject_h
+
+#include "JSWrapperObject.h"
+
+namespace JSC {
+
+    class BooleanObject : public JSWrapperObject {
+    public:
+        explicit BooleanObject(PassRefPtr<Structure>);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+        
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+    };
+
+    BooleanObject* asBooleanObject(JSValue);
+
+    inline BooleanObject* asBooleanObject(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&BooleanObject::info));
+        return static_cast<BooleanObject*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // BooleanObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.cpp
new file mode 100644
index 000000000..cf4fbd7ab
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.cpp
@@ -0,0 +1,83 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "BooleanPrototype.h"
+
+#include "Error.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(BooleanPrototype);
+
+// Functions
+static JSValue JSC_HOST_CALL booleanProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL booleanProtoFuncValueOf(ExecState*, JSObject*, JSValue, const ArgList&);
+
+// ECMA 15.6.4
+
+BooleanPrototype::BooleanPrototype(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+    : BooleanObject(structure)
+{
+    setInternalValue(jsBoolean(false));
+
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, booleanProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, booleanProtoFuncValueOf), DontEnum);
+}
+
+
+// ------------------------------ Functions --------------------------
+
+// ECMA 15.6.4.2 + 15.6.4.3
+
+JSValue JSC_HOST_CALL booleanProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (thisValue == jsBoolean(false))
+        return jsNontrivialString(exec, "false");
+
+    if (thisValue == jsBoolean(true))
+        return jsNontrivialString(exec, "true");
+
+    if (!thisValue.inherits(&BooleanObject::info))
+        return throwError(exec, TypeError);
+
+    if (asBooleanObject(thisValue)->internalValue() == jsBoolean(false))
+        return jsNontrivialString(exec, "false");
+
+    ASSERT(asBooleanObject(thisValue)->internalValue() == jsBoolean(true));
+    return jsNontrivialString(exec, "true");
+}
+
+JSValue JSC_HOST_CALL booleanProtoFuncValueOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (thisValue.isBoolean())
+        return thisValue;
+
+    if (!thisValue.inherits(&BooleanObject::info))
+        return throwError(exec, TypeError);
+
+    return asBooleanObject(thisValue)->internalValue();
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.h
new file mode 100644
index 000000000..16f80b52e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/BooleanPrototype.h
@@ -0,0 +1,35 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef BooleanPrototype_h
+#define BooleanPrototype_h
+
+#include "BooleanObject.h"
+
+namespace JSC {
+
+    class BooleanPrototype : public BooleanObject {
+    public:
+        BooleanPrototype(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+    };
+
+} // namespace JSC
+
+#endif // BooleanPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp
new file mode 100644
index 000000000..c89ebf8c4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "CallData.h"
+
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "Debugger.h"
+#include "DebuggerCallFrame.h"
+#endif
+
+namespace JSC {
+
+#ifdef QT_BUILD_SCRIPT_LIB
+JSValue JSC::NativeFuncWrapper::operator() (ExecState* exec, JSObject* jsobj, JSValue thisValue, const ArgList& argList) const
+{
+    Debugger* debugger = exec->lexicalGlobalObject()->debugger();
+    if (debugger)
+        debugger->callEvent(DebuggerCallFrame(exec), -1, -1);
+
+    JSValue returnValue = ptr(exec, jsobj, thisValue, argList);
+
+    if (debugger)
+        debugger->functionExit(returnValue, -1);
+
+    return returnValue;
+}
+#endif
+
+
+JSValue call(ExecState* exec, JSValue functionObject, CallType callType, const CallData& callData, JSValue thisValue, const ArgList& args)
+{
+    if (callType == CallTypeHost)
+        return callData.native.function(exec, asObject(functionObject), thisValue, args);
+    ASSERT(callType == CallTypeJS);
+    // FIXME: Can this be done more efficiently using the callData?
+    return asFunction(functionObject)->call(exec, thisValue, args);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.h
new file mode 100644
index 000000000..ef4988baf
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CallData_h
+#define CallData_h
+
+#include "NativeFunctionWrapper.h"
+
+namespace JSC {
+
+    class ArgList;
+    class ExecState;
+    class FunctionExecutable;
+    class JSObject;
+    class JSValue;
+    class ScopeChainNode;
+
+    enum CallType {
+        CallTypeNone,
+        CallTypeHost,
+        CallTypeJS
+    };
+
+    typedef JSValue (JSC_HOST_CALL *NativeFunction)(ExecState*, JSObject*, JSValue thisValue, const ArgList&);
+
+#ifdef QT_BUILD_SCRIPT_LIB
+    class NativeFuncWrapper
+    {
+        NativeFunction ptr;
+    public:
+        inline NativeFuncWrapper& operator=(NativeFunction func)
+        {
+            ptr = func;
+            return *this;
+        }
+        inline operator NativeFunction() const {return ptr;}
+        inline operator bool() const {return ptr;}
+       
+        JSValue operator()(ExecState* exec, JSObject* jsobj, JSValue thisValue, const ArgList& argList) const;
+    };
+#endif
+
+#if defined(QT_BUILD_SCRIPT_LIB) && PLATFORM(SOLARIS)
+    struct
+#else
+    union
+#endif
+    CallData {
+        struct {
+#ifndef QT_BUILD_SCRIPT_LIB
+            NativeFunction function;
+#else
+            NativeFuncWrapper function;
+#endif
+        } native;
+        struct {
+            FunctionExecutable* functionExecutable;
+            ScopeChainNode* scopeChain;
+        } js;
+    };
+
+    JSValue call(ExecState*, JSValue functionObject, CallType, const CallData&, JSValue thisValue, const ArgList&);
+
+} // namespace JSC
+
+#endif // CallData_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ClassInfo.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ClassInfo.h
new file mode 100644
index 000000000..acec4e78d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ClassInfo.h
@@ -0,0 +1,62 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef ClassInfo_h
+#define ClassInfo_h
+
+#include "CallFrame.h"
+
+namespace JSC {
+
+    class HashEntry;
+    struct HashTable;
+
+    struct ClassInfo {
+        /**
+         * A string denoting the class name. Example: "Window".
+         */
+        const char* className;
+
+        /**
+         * Pointer to the class information of the base class.
+         * 0L if there is none.
+         */
+        const ClassInfo* parentClass;
+        /**
+         * Static hash-table of properties.
+         * For classes that can be used from multiple threads, it is accessed via a getter function that would typically return a pointer to thread-specific value.
+         */
+        const HashTable* propHashTable(ExecState* exec) const
+        {
+            if (classPropHashTableGetterFunction)
+                return classPropHashTableGetterFunction(exec);
+            return staticPropHashTable;
+        }
+
+        const HashTable* staticPropHashTable;
+        typedef const HashTable* (*ClassPropHashTableGetterFunction)(ExecState*);
+        const ClassPropHashTableGetterFunction classPropHashTableGetterFunction;
+    };
+
+} // namespace JSC
+
+#endif // ClassInfo_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp
new file mode 100644
index 000000000..1e717cb2d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp
@@ -0,0 +1,1375 @@
+/*
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "Collector.h"
+
+#include "ArgList.h"
+#include "CallFrame.h"
+#include "CodeBlock.h"
+#include "CollectorHeapIterator.h"
+#include "Interpreter.h"
+#include "JSArray.h"
+#include "JSGlobalObject.h"
+#include "JSLock.h"
+#include "JSONObject.h"
+#include "JSString.h"
+#include "JSValue.h"
+#include "MarkStack.h"
+#include "Nodes.h"
+#include "Tracing.h"
+#include <algorithm>
+#include <limits.h>
+#include <setjmp.h>
+#include <stdlib.h>
+#include <wtf/FastMalloc.h>
+#include <wtf/HashCountedSet.h>
+#include <wtf/UnusedParam.h>
+#include <wtf/VMTags.h>
+
+#if PLATFORM(DARWIN)
+
+#include <mach/mach_init.h>
+#include <mach/mach_port.h>
+#include <mach/task.h>
+#include <mach/thread_act.h>
+#include <mach/vm_map.h>
+
+#elif PLATFORM(SYMBIAN)
+#include <e32std.h>
+#include <e32cmn.h>
+#include <unistd.h>
+
+#elif PLATFORM(WIN_OS)
+
+#include <windows.h>
+#include <malloc.h>
+
+#elif PLATFORM(HAIKU)
+
+#include <OS.h>
+
+#elif PLATFORM(UNIX)
+
+#include <stdlib.h>
+#if !PLATFORM(HAIKU)
+#include <sys/mman.h>
+#endif
+#include <unistd.h>
+
+#if PLATFORM(SOLARIS)
+#include <thread.h>
+#else
+#include <pthread.h>
+#endif
+
+#if HAVE(PTHREAD_NP_H)
+#include <pthread_np.h>
+#endif
+
+#if PLATFORM(QNX)
+#include <fcntl.h>
+#include <sys/procfs.h>
+#include <stdio.h>
+#include <errno.h>
+#endif
+
+#endif
+
+#define COLLECT_ON_EVERY_ALLOCATION 0
+
+using std::max;
+
+namespace JSC {
+
+// tunable parameters
+
+const size_t GROWTH_FACTOR = 2;
+const size_t LOW_WATER_FACTOR = 4;
+const size_t ALLOCATIONS_PER_COLLECTION = 4000;
+// This value has to be a macro to be used in max() without introducing
+// a PIC branch in Mach-O binaries, see <rdar://problem/5971391>.
+#define MIN_ARRAY_SIZE (static_cast<size_t>(14))
+
+#if PLATFORM(SYMBIAN)
+const size_t MAX_NUM_BLOCKS = 256; // Max size of collector heap set to 16 MB
+static RHeap* userChunk = 0;
+#endif
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+
+#if PLATFORM(DARWIN)
+typedef mach_port_t PlatformThread;
+#elif PLATFORM(WIN_OS)
+struct PlatformThread {
+    PlatformThread(DWORD _id, HANDLE _handle) : id(_id), handle(_handle) {}
+    DWORD id;
+    HANDLE handle;
+};
+#endif
+
+class Heap::Thread {
+public:
+    Thread(pthread_t pthread, const PlatformThread& platThread, void* base) 
+        : posixThread(pthread)
+        , platformThread(platThread)
+        , stackBase(base)
+    {
+    }
+
+    Thread* next;
+    pthread_t posixThread;
+    PlatformThread platformThread;
+    void* stackBase;
+};
+
+#endif
+
+Heap::Heap(JSGlobalData* globalData)
+    : m_markListSet(0)
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    , m_registeredThreads(0)
+    , m_currentThreadRegistrar(0)
+#endif
+    , m_globalData(globalData)
+{
+    ASSERT(globalData);
+
+#if PLATFORM(SYMBIAN)
+    // Symbian OpenC supports mmap but currently not the MAP_ANON flag.
+    // Using fastMalloc() does not properly align blocks on 64k boundaries
+    // and previous implementation was flawed/incomplete.
+    // UserHeap::ChunkHeap allows allocation of continuous memory and specification
+    // of alignment value for (symbian) cells within that heap.
+    //
+    // Clarification and mapping of terminology:
+    // RHeap (created by UserHeap::ChunkHeap below) is continuos memory chunk,
+    // which can dynamically grow up to 8 MB,
+    // that holds all CollectorBlocks of this session (static).
+    // Each symbian cell within RHeap maps to a 64kb aligned CollectorBlock.
+    // JSCell objects are maintained as usual within CollectorBlocks.
+    if (!userChunk) {
+        userChunk = UserHeap::ChunkHeap(0, 0, MAX_NUM_BLOCKS * BLOCK_SIZE, BLOCK_SIZE, BLOCK_SIZE);
+        if (!userChunk)
+            CRASH();
+    }
+#endif // PLATFORM(SYMBIAN)
+    
+    memset(&primaryHeap, 0, sizeof(CollectorHeap));
+    memset(&numberHeap, 0, sizeof(CollectorHeap));
+}
+
+Heap::~Heap()
+{
+    // The destroy function must already have been called, so assert this.
+    ASSERT(!m_globalData);
+}
+
+void Heap::destroy()
+{
+    JSLock lock(SilenceAssertionsOnly);
+
+    if (!m_globalData)
+        return;
+
+    // The global object is not GC protected at this point, so sweeping may delete it
+    // (and thus the global data) before other objects that may use the global data.
+    RefPtr<JSGlobalData> protect(m_globalData);
+
+    delete m_markListSet;
+    m_markListSet = 0;
+
+    sweep<PrimaryHeap>();
+    // No need to sweep number heap, because the JSNumber destructor doesn't do anything.
+
+    ASSERT(!primaryHeap.numLiveObjects);
+
+    freeBlocks(&primaryHeap);
+    freeBlocks(&numberHeap);
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    if (m_currentThreadRegistrar) {
+        int error = pthread_key_delete(m_currentThreadRegistrar);
+        ASSERT_UNUSED(error, !error);
+    }
+
+    MutexLocker registeredThreadsLock(m_registeredThreadsMutex);
+    for (Heap::Thread* t = m_registeredThreads; t;) {
+        Heap::Thread* next = t->next;
+        delete t;
+        t = next;
+    }
+#endif
+
+    m_globalData = 0;
+}
+
+template <HeapType heapType>
+NEVER_INLINE CollectorBlock* Heap::allocateBlock()
+{
+    // Disable the use of vm_map for the Qt build on Darwin, because when compiled on 10.4
+    // it crashes on 10.5
+#if PLATFORM(DARWIN) && !PLATFORM(QT)
+    vm_address_t address = 0;
+    // FIXME: tag the region as a JavaScriptCore heap when we get a registered VM tag: <rdar://problem/6054788>.
+    vm_map(current_task(), &address, BLOCK_SIZE, BLOCK_OFFSET_MASK, VM_FLAGS_ANYWHERE | VM_TAG_FOR_COLLECTOR_MEMORY, MEMORY_OBJECT_NULL, 0, FALSE, VM_PROT_DEFAULT, VM_PROT_DEFAULT, VM_INHERIT_DEFAULT);
+#elif PLATFORM(SYMBIAN)
+    // Allocate a 64 kb aligned CollectorBlock
+    unsigned char* mask = reinterpret_cast<unsigned char*>(userChunk->Alloc(BLOCK_SIZE));
+    if (!mask)
+        CRASH();
+    uintptr_t address = reinterpret_cast<uintptr_t>(mask);
+
+    memset(reinterpret_cast<void*>(address), 0, BLOCK_SIZE);
+#elif PLATFORM(WINCE)
+    void* address = VirtualAlloc(NULL, BLOCK_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+#elif PLATFORM(WIN_OS)
+#if COMPILER(MINGW)
+    void* address = __mingw_aligned_malloc(BLOCK_SIZE, BLOCK_SIZE);
+#else
+    void* address = _aligned_malloc(BLOCK_SIZE, BLOCK_SIZE);
+#endif
+    memset(address, 0, BLOCK_SIZE);
+#elif HAVE(POSIX_MEMALIGN)
+    void* address;
+    posix_memalign(&address, BLOCK_SIZE, BLOCK_SIZE);
+    memset(address, 0, BLOCK_SIZE);
+#else
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#error Need to initialize pagesize safely.
+#endif
+    static size_t pagesize = getpagesize();
+
+    size_t extra = 0;
+    if (BLOCK_SIZE > pagesize)
+        extra = BLOCK_SIZE - pagesize;
+
+    void* mmapResult = mmap(NULL, BLOCK_SIZE + extra, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+    uintptr_t address = reinterpret_cast<uintptr_t>(mmapResult);
+
+    size_t adjust = 0;
+    if ((address & BLOCK_OFFSET_MASK) != 0)
+        adjust = BLOCK_SIZE - (address & BLOCK_OFFSET_MASK);
+
+    if (adjust > 0)
+        munmap(reinterpret_cast<char*>(address), adjust);
+
+    if (adjust < extra)
+        munmap(reinterpret_cast<char*>(address + adjust + BLOCK_SIZE), extra - adjust);
+
+    address += adjust;
+    memset(reinterpret_cast<void*>(address), 0, BLOCK_SIZE);
+#endif
+
+    CollectorBlock* block = reinterpret_cast<CollectorBlock*>(address);
+    block->freeList = block->cells;
+    block->heap = this;
+    block->type = heapType;
+
+    CollectorHeap& heap = heapType == PrimaryHeap ? primaryHeap : numberHeap;
+    size_t numBlocks = heap.numBlocks;
+    if (heap.usedBlocks == numBlocks) {
+        static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
+        if (numBlocks > maxNumBlocks)
+            CRASH();
+        numBlocks = max(MIN_ARRAY_SIZE, numBlocks * GROWTH_FACTOR);
+        heap.numBlocks = numBlocks;
+        heap.blocks = static_cast<CollectorBlock**>(fastRealloc(heap.blocks, numBlocks * sizeof(CollectorBlock*)));
+    }
+    heap.blocks[heap.usedBlocks++] = block;
+
+    return block;
+}
+
+template <HeapType heapType>
+NEVER_INLINE void Heap::freeBlock(size_t block)
+{
+    CollectorHeap& heap = heapType == PrimaryHeap ? primaryHeap : numberHeap;
+
+    freeBlock(heap.blocks[block]);
+
+    // swap with the last block so we compact as we go
+    heap.blocks[block] = heap.blocks[heap.usedBlocks - 1];
+    heap.usedBlocks--;
+
+    if (heap.numBlocks > MIN_ARRAY_SIZE && heap.usedBlocks < heap.numBlocks / LOW_WATER_FACTOR) {
+        heap.numBlocks = heap.numBlocks / GROWTH_FACTOR; 
+        heap.blocks = static_cast<CollectorBlock**>(fastRealloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock*)));
+    }
+}
+
+NEVER_INLINE void Heap::freeBlock(CollectorBlock* block)
+{
+    // Disable the use of vm_deallocate for the Qt build on Darwin, because when compiled on 10.4
+    // it crashes on 10.5
+#if PLATFORM(DARWIN) && !PLATFORM(QT)
+    vm_deallocate(current_task(), reinterpret_cast<vm_address_t>(block), BLOCK_SIZE);
+#elif PLATFORM(SYMBIAN)
+    userChunk->Free(reinterpret_cast<TAny*>(block));
+#elif PLATFORM(WINCE)
+    VirtualFree(block, 0, MEM_RELEASE);
+#elif PLATFORM(WIN_OS)
+#if COMPILER(MINGW)
+    __mingw_aligned_free(block);
+#else
+    _aligned_free(block);
+#endif
+#elif HAVE(POSIX_MEMALIGN)
+    free(block);
+#else
+    munmap(reinterpret_cast<char*>(block), BLOCK_SIZE);
+#endif
+}
+
+void Heap::freeBlocks(CollectorHeap* heap)
+{
+    for (size_t i = 0; i < heap->usedBlocks; ++i)
+        if (heap->blocks[i])
+            freeBlock(heap->blocks[i]);
+    fastFree(heap->blocks);
+    memset(heap, 0, sizeof(CollectorHeap));
+}
+
+void Heap::recordExtraCost(size_t cost)
+{
+    // Our frequency of garbage collection tries to balance memory use against speed
+    // by collecting based on the number of newly created values. However, for values
+    // that hold on to a great deal of memory that's not in the form of other JS values,
+    // that is not good enough - in some cases a lot of those objects can pile up and
+    // use crazy amounts of memory without a GC happening. So we track these extra
+    // memory costs. Only unusually large objects are noted, and we only keep track
+    // of this extra cost until the next GC. In garbage collected languages, most values
+    // are either very short lived temporaries, or have extremely long lifetimes. So
+    // if a large value survives one garbage collection, there is not much point to
+    // collecting more frequently as long as it stays alive.
+    // NOTE: we target the primaryHeap unconditionally as JSNumber doesn't modify cost 
+
+    primaryHeap.extraCost += cost;
+}
+
+template <HeapType heapType> ALWAYS_INLINE void* Heap::heapAllocate(size_t s)
+{
+    typedef typename HeapConstants<heapType>::Block Block;
+    typedef typename HeapConstants<heapType>::Cell Cell;
+
+    CollectorHeap& heap = heapType == PrimaryHeap ? primaryHeap : numberHeap;
+    ASSERT(JSLock::lockCount() > 0);
+    ASSERT(JSLock::currentThreadIsHoldingLock());
+    ASSERT_UNUSED(s, s <= HeapConstants<heapType>::cellSize);
+
+    ASSERT(heap.operationInProgress == NoOperation);
+    ASSERT(heapType == PrimaryHeap || heap.extraCost == 0);
+    // FIXME: If another global variable access here doesn't hurt performance
+    // too much, we could CRASH() in NDEBUG builds, which could help ensure we
+    // don't spend any time debugging cases where we allocate inside an object's
+    // deallocation code.
+
+#if COLLECT_ON_EVERY_ALLOCATION
+    collect();
+#endif
+
+    size_t numLiveObjects = heap.numLiveObjects;
+    size_t usedBlocks = heap.usedBlocks;
+    size_t i = heap.firstBlockWithPossibleSpace;
+
+    // if we have a huge amount of extra cost, we'll try to collect even if we still have
+    // free cells left.
+    if (heapType == PrimaryHeap && heap.extraCost > ALLOCATIONS_PER_COLLECTION) {
+        size_t numLiveObjectsAtLastCollect = heap.numLiveObjectsAtLastCollect;
+        size_t numNewObjects = numLiveObjects - numLiveObjectsAtLastCollect;
+        const size_t newCost = numNewObjects + heap.extraCost;
+        if (newCost >= ALLOCATIONS_PER_COLLECTION && newCost >= numLiveObjectsAtLastCollect)
+            goto collect;
+    }
+
+    ASSERT(heap.operationInProgress == NoOperation);
+#ifndef NDEBUG
+    // FIXME: Consider doing this in NDEBUG builds too (see comment above).
+    heap.operationInProgress = Allocation;
+#endif
+
+scan:
+    Block* targetBlock;
+    size_t targetBlockUsedCells;
+    if (i != usedBlocks) {
+        targetBlock = reinterpret_cast<Block*>(heap.blocks[i]);
+        targetBlockUsedCells = targetBlock->usedCells;
+        ASSERT(targetBlockUsedCells <= HeapConstants<heapType>::cellsPerBlock);
+        while (targetBlockUsedCells == HeapConstants<heapType>::cellsPerBlock) {
+            if (++i == usedBlocks)
+                goto collect;
+            targetBlock = reinterpret_cast<Block*>(heap.blocks[i]);
+            targetBlockUsedCells = targetBlock->usedCells;
+            ASSERT(targetBlockUsedCells <= HeapConstants<heapType>::cellsPerBlock);
+        }
+        heap.firstBlockWithPossibleSpace = i;
+    } else {
+
+collect:
+        size_t numLiveObjectsAtLastCollect = heap.numLiveObjectsAtLastCollect;
+        size_t numNewObjects = numLiveObjects - numLiveObjectsAtLastCollect;
+        const size_t newCost = numNewObjects + heap.extraCost;
+
+        if (newCost >= ALLOCATIONS_PER_COLLECTION && newCost >= numLiveObjectsAtLastCollect) {
+#ifndef NDEBUG
+            heap.operationInProgress = NoOperation;
+#endif
+            bool foundGarbage = collect();
+            numLiveObjects = heap.numLiveObjects;
+            usedBlocks = heap.usedBlocks;
+            i = heap.firstBlockWithPossibleSpace;
+#ifndef NDEBUG
+            heap.operationInProgress = Allocation;
+#endif
+            if (foundGarbage)
+                goto scan;
+        }
+
+        // didn't find a block, and GC didn't reclaim anything, need to allocate a new block
+        targetBlock = reinterpret_cast<Block*>(allocateBlock<heapType>());
+        heap.firstBlockWithPossibleSpace = heap.usedBlocks - 1;
+        targetBlockUsedCells = 0;
+    }
+
+    // find a free spot in the block and detach it from the free list
+    Cell* newCell = targetBlock->freeList;
+
+    // "next" field is a cell offset -- 0 means next cell, so a zeroed block is already initialized
+    targetBlock->freeList = (newCell + 1) + newCell->u.freeCell.next;
+
+    targetBlock->usedCells = static_cast<uint32_t>(targetBlockUsedCells + 1);
+    heap.numLiveObjects = numLiveObjects + 1;
+
+#ifndef NDEBUG
+    // FIXME: Consider doing this in NDEBUG builds too (see comment above).
+    heap.operationInProgress = NoOperation;
+#endif
+
+    return newCell;
+}
+
+void* Heap::allocate(size_t s)
+{
+    return heapAllocate<PrimaryHeap>(s);
+}
+
+void* Heap::allocateNumber(size_t s)
+{
+    return heapAllocate<NumberHeap>(s);
+}
+
+#if PLATFORM(WINCE)
+void* g_stackBase = 0;
+
+inline bool isPageWritable(void* page)
+{
+    MEMORY_BASIC_INFORMATION memoryInformation;
+    DWORD result = VirtualQuery(page, &memoryInformation, sizeof(memoryInformation));
+
+    // return false on error, including ptr outside memory
+    if (result != sizeof(memoryInformation))
+        return false;
+
+    DWORD protect = memoryInformation.Protect & ~(PAGE_GUARD | PAGE_NOCACHE);
+    return protect == PAGE_READWRITE
+        || protect == PAGE_WRITECOPY
+        || protect == PAGE_EXECUTE_READWRITE
+        || protect == PAGE_EXECUTE_WRITECOPY;
+}
+
+static void* getStackBase(void* previousFrame)
+{
+    // find the address of this stack frame by taking the address of a local variable
+    bool isGrowingDownward;
+    void* thisFrame = (void*)(&isGrowingDownward);
+
+    isGrowingDownward = previousFrame < &thisFrame;
+    static DWORD pageSize = 0;
+    if (!pageSize) {
+        SYSTEM_INFO systemInfo;
+        GetSystemInfo(&systemInfo);
+        pageSize = systemInfo.dwPageSize;
+    }
+
+    // scan all of memory starting from this frame, and return the last writeable page found
+    register char* currentPage = (char*)((DWORD)thisFrame & ~(pageSize - 1));
+    if (isGrowingDownward) {
+        while (currentPage > 0) {
+            // check for underflow
+            if (currentPage >= (char*)pageSize)
+                currentPage -= pageSize;
+            else
+                currentPage = 0;
+            if (!isPageWritable(currentPage))
+                return currentPage + pageSize;
+        }
+        return 0;
+    } else {
+        while (true) {
+            // guaranteed to complete because isPageWritable returns false at end of memory
+            currentPage += pageSize;
+            if (!isPageWritable(currentPage))
+                return currentPage;
+        }
+    }
+}
+#endif
+#if PLATFORM(HPUX)
+struct hpux_get_stack_base_data
+{
+    pthread_t thread;
+    _pthread_stack_info info;
+};
+
+static void *hpux_get_stack_base_internal(void *d)
+{
+    hpux_get_stack_base_data *data = static_cast<hpux_get_stack_base_data *>(d);
+
+    // _pthread_stack_info_np requires the target thread to be suspended
+    // in order to get information about it
+    pthread_suspend(data->thread);
+
+    // _pthread_stack_info_np returns an errno code in case of failure
+    // or zero on success
+    if (_pthread_stack_info_np(data->thread, &data->info)) {
+        // failed
+        return 0;
+    }
+
+    pthread_continue(data->thread);
+    return data;
+}
+
+static void *hpux_get_stack_base()
+{
+    hpux_get_stack_base_data data;
+    data.thread = pthread_self();
+
+    // We cannot get the stack information for the current thread
+    // So we start a new thread to get that information and return it to us
+    pthread_t other;
+    pthread_create(&other, 0, hpux_get_stack_base_internal, &data);
+
+    void *result;
+    pthread_join(other, &result);
+    if (result)
+       return data.info.stk_stack_base;
+    return 0;
+}
+#endif
+
+#if PLATFORM(QNX)
+static inline void *currentThreadStackBaseQNX()
+{
+    static void* stackBase = 0;
+    static size_t stackSize = 0;
+    static pthread_t stackThread;
+    pthread_t thread = pthread_self();
+    if (stackBase == 0 || thread != stackThread) {
+        struct _debug_thread_info threadInfo;
+        memset(&threadInfo, 0, sizeof(threadInfo));
+        threadInfo.tid = pthread_self();
+        int fd = open("/proc/self", O_RDONLY);
+        if (fd == -1) {
+            LOG_ERROR("Unable to open /proc/self (errno: %d)", errno);
+            return 0;
+        }
+        devctl(fd, DCMD_PROC_TIDSTATUS, &threadInfo, sizeof(threadInfo), 0);
+        close(fd);
+        stackBase = reinterpret_cast<void*>(threadInfo.stkbase);
+        stackSize = threadInfo.stksize;
+        ASSERT(stackBase);
+        stackThread = thread;
+    }
+    return static_cast<char*>(stackBase) + stackSize;
+}
+#endif
+
+static inline void* currentThreadStackBase()
+{
+#if PLATFORM(DARWIN)
+    pthread_t thread = pthread_self();
+    return pthread_get_stackaddr_np(thread);
+#elif PLATFORM(WIN_OS) && PLATFORM(X86) && COMPILER(MSVC)
+    // offset 0x18 from the FS segment register gives a pointer to
+    // the thread information block for the current thread
+    NT_TIB* pTib;
+    __asm {
+        MOV EAX, FS:[18h]
+        MOV pTib, EAX
+    }
+    return static_cast<void*>(pTib->StackBase);
+#elif PLATFORM(WIN_OS) && PLATFORM(X86_64) && COMPILER(MSVC)
+    PNT_TIB64 pTib = reinterpret_cast<PNT_TIB64>(NtCurrentTeb());
+    return reinterpret_cast<void*>(pTib->StackBase);
+#elif PLATFORM(WIN_OS) && PLATFORM(X86) && COMPILER(GCC)
+    // offset 0x18 from the FS segment register gives a pointer to
+    // the thread information block for the current thread
+    NT_TIB* pTib;
+    asm ( "movl %%fs:0x18, %0\n"
+          : "=r" (pTib)
+        );
+    return static_cast<void*>(pTib->StackBase);
+#elif PLATFORM(QNX)
+    return currentThreadStackBaseQNX();
+#elif PLATFORM(HPUX)
+    return hpux_get_stack_base();
+#elif PLATFORM(SOLARIS)
+    stack_t s;
+    thr_stksegment(&s);
+    return s.ss_sp;
+#elif PLATFORM(AIX)
+    pthread_t thread = pthread_self();
+    struct __pthrdsinfo threadinfo;
+    char regbuf[256];
+    int regbufsize = sizeof regbuf;
+
+    if (pthread_getthrds_np(&thread, PTHRDSINFO_QUERY_ALL,
+                            &threadinfo, sizeof threadinfo,
+                            &regbuf, &regbufsize) == 0)
+        return threadinfo.__pi_stackaddr;
+
+    return 0;
+#elif PLATFORM(OPENBSD)
+    pthread_t thread = pthread_self();
+    stack_t stack;
+    pthread_stackseg_np(thread, &stack);
+    return stack.ss_sp;
+#elif PLATFORM(SYMBIAN)
+    static void* stackBase = 0;
+    if (stackBase == 0) {
+        TThreadStackInfo info;
+        RThread thread;
+        thread.StackInfo(info);
+        stackBase = (void*)info.iBase;
+    }
+    return (void*)stackBase;
+#elif PLATFORM(HAIKU)
+    thread_info threadInfo;
+    get_thread_info(find_thread(NULL), &threadInfo);
+    return threadInfo.stack_end;
+#elif PLATFORM(UNIX)
+    static void* stackBase = 0;
+    static size_t stackSize = 0;
+    static pthread_t stackThread;
+    pthread_t thread = pthread_self();
+    if (stackBase == 0 || thread != stackThread) {
+        pthread_attr_t sattr;
+        pthread_attr_init(&sattr);
+#if HAVE(PTHREAD_NP_H) || PLATFORM(NETBSD)
+        // e.g. on FreeBSD 5.4, neundorf@kde.org
+        pthread_attr_get_np(thread, &sattr);
+#else
+        // FIXME: this function is non-portable; other POSIX systems may have different np alternatives
+        pthread_getattr_np(thread, &sattr);
+#endif
+        int rc = pthread_attr_getstack(&sattr, &stackBase, &stackSize);
+        (void)rc; // FIXME: Deal with error code somehow? Seems fatal.
+        ASSERT(stackBase);
+        pthread_attr_destroy(&sattr);
+        stackThread = thread;
+    }
+    return static_cast<char*>(stackBase) + stackSize;
+#elif PLATFORM(WINCE)
+    if (g_stackBase)
+        return g_stackBase;
+    else {
+        int dummy;
+        return getStackBase(&dummy);
+    }
+#else
+#error Need a way to get the stack base on this platform
+#endif
+}
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+
+static inline PlatformThread getCurrentPlatformThread()
+{
+#if PLATFORM(DARWIN)
+    return pthread_mach_thread_np(pthread_self());
+#elif PLATFORM(WIN_OS)
+    HANDLE threadHandle = pthread_getw32threadhandle_np(pthread_self());
+    return PlatformThread(GetCurrentThreadId(), threadHandle);
+#endif
+}
+
+void Heap::makeUsableFromMultipleThreads()
+{
+    if (m_currentThreadRegistrar)
+        return;
+
+    int error = pthread_key_create(&m_currentThreadRegistrar, unregisterThread);
+    if (error)
+        CRASH();
+}
+
+void Heap::registerThread()
+{
+    ASSERT(!m_globalData->mainThreadOnly || isMainThread());
+
+    if (!m_currentThreadRegistrar || pthread_getspecific(m_currentThreadRegistrar))
+        return;
+
+    pthread_setspecific(m_currentThreadRegistrar, this);
+    Heap::Thread* thread = new Heap::Thread(pthread_self(), getCurrentPlatformThread(), currentThreadStackBase());
+
+    MutexLocker lock(m_registeredThreadsMutex);
+
+    thread->next = m_registeredThreads;
+    m_registeredThreads = thread;
+}
+
+void Heap::unregisterThread(void* p)
+{
+    if (p)
+        static_cast<Heap*>(p)->unregisterThread();
+}
+
+void Heap::unregisterThread()
+{
+    pthread_t currentPosixThread = pthread_self();
+
+    MutexLocker lock(m_registeredThreadsMutex);
+
+    if (pthread_equal(currentPosixThread, m_registeredThreads->posixThread)) {
+        Thread* t = m_registeredThreads;
+        m_registeredThreads = m_registeredThreads->next;
+        delete t;
+    } else {
+        Heap::Thread* last = m_registeredThreads;
+        Heap::Thread* t;
+        for (t = m_registeredThreads->next; t; t = t->next) {
+            if (pthread_equal(t->posixThread, currentPosixThread)) {
+                last->next = t->next;
+                break;
+            }
+            last = t;
+        }
+        ASSERT(t); // If t is NULL, we never found ourselves in the list.
+        delete t;
+    }
+}
+
+#else // ENABLE(JSC_MULTIPLE_THREADS)
+
+void Heap::registerThread()
+{
+}
+
+#endif
+
+#define IS_POINTER_ALIGNED(p) (((intptr_t)(p) & (sizeof(char*) - 1)) == 0)
+
+// cell size needs to be a power of two for this to be valid
+#define IS_HALF_CELL_ALIGNED(p) (((intptr_t)(p) & (CELL_MASK >> 1)) == 0)
+
+void Heap::markConservatively(MarkStack& markStack, void* start, void* end)
+{
+    if (start > end) {
+        void* tmp = start;
+        start = end;
+        end = tmp;
+    }
+
+    ASSERT((static_cast<char*>(end) - static_cast<char*>(start)) < 0x1000000);
+    ASSERT(IS_POINTER_ALIGNED(start));
+    ASSERT(IS_POINTER_ALIGNED(end));
+
+    char** p = static_cast<char**>(start);
+    char** e = static_cast<char**>(end);
+
+    size_t usedPrimaryBlocks = primaryHeap.usedBlocks;
+    size_t usedNumberBlocks = numberHeap.usedBlocks;
+    CollectorBlock** primaryBlocks = primaryHeap.blocks;
+    CollectorBlock** numberBlocks = numberHeap.blocks;
+
+    const size_t lastCellOffset = sizeof(CollectorCell) * (CELLS_PER_BLOCK - 1);
+
+    while (p != e) {
+        char* x = *p++;
+        if (IS_HALF_CELL_ALIGNED(x) && x) {
+            uintptr_t xAsBits = reinterpret_cast<uintptr_t>(x);
+            xAsBits &= CELL_ALIGN_MASK;
+            uintptr_t offset = xAsBits & BLOCK_OFFSET_MASK;
+            CollectorBlock* blockAddr = reinterpret_cast<CollectorBlock*>(xAsBits - offset);
+            // Mark the the number heap, we can mark these Cells directly to avoid the virtual call cost
+            for (size_t block = 0; block < usedNumberBlocks; block++) {
+                if ((numberBlocks[block] == blockAddr) & (offset <= lastCellOffset)) {
+                    Heap::markCell(reinterpret_cast<JSCell*>(xAsBits));
+                    goto endMarkLoop;
+                }
+            }
+          
+            // Mark the primary heap
+            for (size_t block = 0; block < usedPrimaryBlocks; block++) {
+                if ((primaryBlocks[block] == blockAddr) & (offset <= lastCellOffset)) {
+                    if (reinterpret_cast<CollectorCell*>(xAsBits)->u.freeCell.zeroIfFree) {
+                        markStack.append(reinterpret_cast<JSCell*>(xAsBits));
+                        markStack.drain();
+                    }
+                    break;
+                }
+            }
+        endMarkLoop:
+            ;
+        }
+    }
+}
+
+void NEVER_INLINE Heap::markCurrentThreadConservativelyInternal(MarkStack& markStack)
+{
+    void* dummy;
+    void* stackPointer = &dummy;
+    void* stackBase = currentThreadStackBase();
+    markConservatively(markStack, stackPointer, stackBase);
+}
+
+#if COMPILER(GCC)
+#define REGISTER_BUFFER_ALIGNMENT __attribute__ ((aligned (sizeof(void*))))
+#else
+#define REGISTER_BUFFER_ALIGNMENT
+#endif
+
+void Heap::markCurrentThreadConservatively(MarkStack& markStack)
+{
+    // setjmp forces volatile registers onto the stack
+    jmp_buf registers REGISTER_BUFFER_ALIGNMENT;
+#if COMPILER(MSVC)
+#pragma warning(push)
+#pragma warning(disable: 4611)
+#endif
+    setjmp(registers);
+#if COMPILER(MSVC)
+#pragma warning(pop)
+#endif
+
+    markCurrentThreadConservativelyInternal(markStack);
+}
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+
+static inline void suspendThread(const PlatformThread& platformThread)
+{
+#if PLATFORM(DARWIN)
+    thread_suspend(platformThread);
+#elif PLATFORM(WIN_OS)
+    SuspendThread(platformThread.handle);
+#else
+#error Need a way to suspend threads on this platform
+#endif
+}
+
+static inline void resumeThread(const PlatformThread& platformThread)
+{
+#if PLATFORM(DARWIN)
+    thread_resume(platformThread);
+#elif PLATFORM(WIN_OS)
+    ResumeThread(platformThread.handle);
+#else
+#error Need a way to resume threads on this platform
+#endif
+}
+
+typedef unsigned long usword_t; // word size, assumed to be either 32 or 64 bit
+
+#if PLATFORM(DARWIN)
+
+#if PLATFORM(X86)
+typedef i386_thread_state_t PlatformThreadRegisters;
+#elif PLATFORM(X86_64)
+typedef x86_thread_state64_t PlatformThreadRegisters;
+#elif PLATFORM(PPC)
+typedef ppc_thread_state_t PlatformThreadRegisters;
+#elif PLATFORM(PPC64)
+typedef ppc_thread_state64_t PlatformThreadRegisters;
+#elif PLATFORM(ARM)
+typedef arm_thread_state_t PlatformThreadRegisters;
+#else
+#error Unknown Architecture
+#endif
+
+#elif PLATFORM(WIN_OS)&& PLATFORM(X86)
+typedef CONTEXT PlatformThreadRegisters;
+#else
+#error Need a thread register struct for this platform
+#endif
+
+static size_t getPlatformThreadRegisters(const PlatformThread& platformThread, PlatformThreadRegisters& regs)
+{
+#if PLATFORM(DARWIN)
+
+#if PLATFORM(X86)
+    unsigned user_count = sizeof(regs)/sizeof(int);
+    thread_state_flavor_t flavor = i386_THREAD_STATE;
+#elif PLATFORM(X86_64)
+    unsigned user_count = x86_THREAD_STATE64_COUNT;
+    thread_state_flavor_t flavor = x86_THREAD_STATE64;
+#elif PLATFORM(PPC) 
+    unsigned user_count = PPC_THREAD_STATE_COUNT;
+    thread_state_flavor_t flavor = PPC_THREAD_STATE;
+#elif PLATFORM(PPC64)
+    unsigned user_count = PPC_THREAD_STATE64_COUNT;
+    thread_state_flavor_t flavor = PPC_THREAD_STATE64;
+#elif PLATFORM(ARM)
+    unsigned user_count = ARM_THREAD_STATE_COUNT;
+    thread_state_flavor_t flavor = ARM_THREAD_STATE;
+#else
+#error Unknown Architecture
+#endif
+
+    kern_return_t result = thread_get_state(platformThread, flavor, (thread_state_t)&regs, &user_count);
+    if (result != KERN_SUCCESS) {
+        WTFReportFatalError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, 
+                            "JavaScript garbage collection failed because thread_get_state returned an error (%d). This is probably the result of running inside Rosetta, which is not supported.", result);
+        CRASH();
+    }
+    return user_count * sizeof(usword_t);
+// end PLATFORM(DARWIN)
+
+#elif PLATFORM(WIN_OS) && PLATFORM(X86)
+    regs.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL | CONTEXT_SEGMENTS;
+    GetThreadContext(platformThread.handle, &regs);
+    return sizeof(CONTEXT);
+#else
+#error Need a way to get thread registers on this platform
+#endif
+}
+
+static inline void* otherThreadStackPointer(const PlatformThreadRegisters& regs)
+{
+#if PLATFORM(DARWIN)
+
+#if __DARWIN_UNIX03
+
+#if PLATFORM(X86)
+    return reinterpret_cast<void*>(regs.__esp);
+#elif PLATFORM(X86_64)
+    return reinterpret_cast<void*>(regs.__rsp);
+#elif PLATFORM(PPC) || PLATFORM(PPC64)
+    return reinterpret_cast<void*>(regs.__r1);
+#elif PLATFORM(ARM)
+    return reinterpret_cast<void*>(regs.__sp);
+#else
+#error Unknown Architecture
+#endif
+
+#else // !__DARWIN_UNIX03
+
+#if PLATFORM(X86)
+    return reinterpret_cast<void*>(regs.esp);
+#elif PLATFORM(X86_64)
+    return reinterpret_cast<void*>(regs.rsp);
+#elif (PLATFORM(PPC) || PLATFORM(PPC64))
+    return reinterpret_cast<void*>(regs.r1);
+#else
+#error Unknown Architecture
+#endif
+
+#endif // __DARWIN_UNIX03
+
+// end PLATFORM(DARWIN)
+#elif PLATFORM(X86) && PLATFORM(WIN_OS)
+    return reinterpret_cast<void*>((uintptr_t) regs.Esp);
+#else
+#error Need a way to get the stack pointer for another thread on this platform
+#endif
+}
+
+void Heap::markOtherThreadConservatively(MarkStack& markStack, Thread* thread)
+{
+    suspendThread(thread->platformThread);
+
+    PlatformThreadRegisters regs;
+    size_t regSize = getPlatformThreadRegisters(thread->platformThread, regs);
+
+    // mark the thread's registers
+    markConservatively(markStack, static_cast<void*>(&regs), static_cast<void*>(reinterpret_cast<char*>(&regs) + regSize));
+
+    void* stackPointer = otherThreadStackPointer(regs);
+    markConservatively(markStack, stackPointer, thread->stackBase);
+
+    resumeThread(thread->platformThread);
+}
+
+#endif
+
+void Heap::markStackObjectsConservatively(MarkStack& markStack)
+{
+    markCurrentThreadConservatively(markStack);
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+
+    if (m_currentThreadRegistrar) {
+
+        MutexLocker lock(m_registeredThreadsMutex);
+
+#ifndef NDEBUG
+        // Forbid malloc during the mark phase. Marking a thread suspends it, so 
+        // a malloc inside markChildren() would risk a deadlock with a thread that had been 
+        // suspended while holding the malloc lock.
+        fastMallocForbid();
+#endif
+        // It is safe to access the registeredThreads list, because we earlier asserted that locks are being held,
+        // and since this is a shared heap, they are real locks.
+        for (Thread* thread = m_registeredThreads; thread; thread = thread->next) {
+            if (!pthread_equal(thread->posixThread, pthread_self()))
+                markOtherThreadConservatively(markStack, thread);
+        }
+#ifndef NDEBUG
+        fastMallocAllow();
+#endif
+    }
+#endif
+}
+
+void Heap::setGCProtectNeedsLocking()
+{
+    // Most clients do not need to call this, with the notable exception of WebCore.
+    // Clients that use shared heap have JSLock protection, while others are supposed
+    // to do explicit locking. WebCore violates this contract in Database code,
+    // which calls gcUnprotect from a secondary thread.
+    if (!m_protectedValuesMutex)
+        m_protectedValuesMutex.set(new Mutex);
+}
+
+void Heap::protect(JSValue k)
+{
+    ASSERT(k);
+    ASSERT(JSLock::currentThreadIsHoldingLock() || !m_globalData->isSharedInstance);
+
+    if (!k.isCell())
+        return;
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    m_protectedValues.add(k.asCell());
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+}
+
+void Heap::unprotect(JSValue k)
+{
+    ASSERT(k);
+    ASSERT(JSLock::currentThreadIsHoldingLock() || !m_globalData->isSharedInstance);
+
+    if (!k.isCell())
+        return;
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    m_protectedValues.remove(k.asCell());
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+}
+
+void Heap::markProtectedObjects(MarkStack& markStack)
+{
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    ProtectCountSet::iterator end = m_protectedValues.end();
+    for (ProtectCountSet::iterator it = m_protectedValues.begin(); it != end; ++it) {
+        markStack.append(it->first);
+        markStack.drain();
+    }
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+}
+
+template <HeapType heapType> size_t Heap::sweep()
+{
+    typedef typename HeapConstants<heapType>::Block Block;
+    typedef typename HeapConstants<heapType>::Cell Cell;
+
+    // SWEEP: delete everything with a zero refcount (garbage) and unmark everything else
+    CollectorHeap& heap = heapType == PrimaryHeap ? primaryHeap : numberHeap;
+    
+    size_t emptyBlocks = 0;
+    size_t numLiveObjects = heap.numLiveObjects;
+    
+    for (size_t block = 0; block < heap.usedBlocks; block++) {
+        Block* curBlock = reinterpret_cast<Block*>(heap.blocks[block]);
+        
+        size_t usedCells = curBlock->usedCells;
+        Cell* freeList = curBlock->freeList;
+        
+        if (usedCells == HeapConstants<heapType>::cellsPerBlock) {
+            // special case with a block where all cells are used -- testing indicates this happens often
+            for (size_t i = 0; i < HeapConstants<heapType>::cellsPerBlock; i++) {
+                if (!curBlock->marked.get(i >> HeapConstants<heapType>::bitmapShift)) {
+                    Cell* cell = curBlock->cells + i;
+                    
+                    if (heapType != NumberHeap) {
+                        JSCell* imp = reinterpret_cast<JSCell*>(cell);
+                        // special case for allocated but uninitialized object
+                        // (We don't need this check earlier because nothing prior this point 
+                        // assumes the object has a valid vptr.)
+                        if (cell->u.freeCell.zeroIfFree == 0)
+                            continue;
+                        
+                        imp->~JSCell();
+                    }
+                    
+                    --usedCells;
+                    --numLiveObjects;
+                    
+                    // put cell on the free list
+                    cell->u.freeCell.zeroIfFree = 0;
+                    cell->u.freeCell.next = freeList - (cell + 1);
+                    freeList = cell;
+                }
+            }
+        } else {
+            size_t minimumCellsToProcess = usedCells;
+            for (size_t i = 0; (i < minimumCellsToProcess) & (i < HeapConstants<heapType>::cellsPerBlock); i++) {
+                Cell* cell = curBlock->cells + i;
+                if (cell->u.freeCell.zeroIfFree == 0) {
+                    ++minimumCellsToProcess;
+                } else {
+                    if (!curBlock->marked.get(i >> HeapConstants<heapType>::bitmapShift)) {
+                        if (heapType != NumberHeap) {
+                            JSCell* imp = reinterpret_cast<JSCell*>(cell);
+                            imp->~JSCell();
+                        }
+                        --usedCells;
+                        --numLiveObjects;
+                        
+                        // put cell on the free list
+                        cell->u.freeCell.zeroIfFree = 0;
+                        cell->u.freeCell.next = freeList - (cell + 1); 
+                        freeList = cell;
+                    }
+                }
+            }
+        }
+        
+        curBlock->usedCells = static_cast<uint32_t>(usedCells);
+        curBlock->freeList = freeList;
+        curBlock->marked.clearAll();
+        
+        if (!usedCells)
+            ++emptyBlocks;
+    }
+    
+    if (heap.numLiveObjects != numLiveObjects)
+        heap.firstBlockWithPossibleSpace = 0;
+    
+    heap.numLiveObjects = numLiveObjects;
+    heap.numLiveObjectsAtLastCollect = numLiveObjects;
+    heap.extraCost = 0;
+    
+    if (!emptyBlocks)
+        return numLiveObjects;
+
+    size_t neededCells = 1.25f * (numLiveObjects + max(ALLOCATIONS_PER_COLLECTION, numLiveObjects));
+    size_t neededBlocks = (neededCells + HeapConstants<heapType>::cellsPerBlock - 1) / HeapConstants<heapType>::cellsPerBlock;
+    for (size_t block = 0; block < heap.usedBlocks; block++) {
+        if (heap.usedBlocks <= neededBlocks)
+            break;
+
+        Block* curBlock = reinterpret_cast<Block*>(heap.blocks[block]);
+        if (curBlock->usedCells)
+            continue;
+
+        freeBlock<heapType>(block);
+        block--; // Don't move forward a step in this case
+    }
+
+    return numLiveObjects;
+}
+
+bool Heap::collect()
+{
+#ifndef NDEBUG
+    if (m_globalData->isSharedInstance) {
+        ASSERT(JSLock::lockCount() > 0);
+        ASSERT(JSLock::currentThreadIsHoldingLock());
+    }
+#endif
+
+    ASSERT((primaryHeap.operationInProgress == NoOperation) | (numberHeap.operationInProgress == NoOperation));
+    if ((primaryHeap.operationInProgress != NoOperation) | (numberHeap.operationInProgress != NoOperation))
+        CRASH();
+
+    JAVASCRIPTCORE_GC_BEGIN();
+    primaryHeap.operationInProgress = Collection;
+    numberHeap.operationInProgress = Collection;
+
+    // MARK: first mark all referenced objects recursively starting out from the set of root objects
+    MarkStack& markStack = m_globalData->markStack;
+    markStackObjectsConservatively(markStack);
+    markProtectedObjects(markStack);
+#if QT_BUILD_SCRIPT_LIB
+    if (m_globalData->clientData)
+        m_globalData->clientData->mark(markStack);
+#endif
+    if (m_markListSet && m_markListSet->size())
+        MarkedArgumentBuffer::markLists(markStack, *m_markListSet);
+    if (m_globalData->exception)
+        markStack.append(m_globalData->exception);
+    m_globalData->interpreter->registerFile().markCallFrames(markStack, this);
+    m_globalData->smallStrings.markChildren(markStack);
+    if (m_globalData->functionCodeBlockBeingReparsed)
+        m_globalData->functionCodeBlockBeingReparsed->markAggregate(markStack);
+    if (m_globalData->firstStringifierToMark)
+        JSONObject::markStringifiers(markStack, m_globalData->firstStringifierToMark);
+
+    markStack.drain();
+    markStack.compact();
+    JAVASCRIPTCORE_GC_MARKED();
+
+    size_t originalLiveObjects = primaryHeap.numLiveObjects + numberHeap.numLiveObjects;
+    size_t numLiveObjects = sweep<PrimaryHeap>();
+    numLiveObjects += sweep<NumberHeap>();
+
+    primaryHeap.operationInProgress = NoOperation;
+    numberHeap.operationInProgress = NoOperation;
+    JAVASCRIPTCORE_GC_END(originalLiveObjects, numLiveObjects);
+
+    return numLiveObjects < originalLiveObjects;
+}
+
+size_t Heap::objectCount() 
+{
+    return primaryHeap.numLiveObjects + numberHeap.numLiveObjects - m_globalData->smallStrings.count(); 
+}
+
+template <HeapType heapType> 
+static void addToStatistics(Heap::Statistics& statistics, const CollectorHeap& heap)
+{
+    typedef HeapConstants<heapType> HC;
+    for (size_t i = 0; i < heap.usedBlocks; ++i) {
+        if (heap.blocks[i]) {
+            statistics.size += BLOCK_SIZE;
+            statistics.free += (HC::cellsPerBlock - heap.blocks[i]->usedCells) * HC::cellSize;
+        }
+    }
+}
+
+Heap::Statistics Heap::statistics() const
+{
+    Statistics statistics = { 0, 0 };
+    JSC::addToStatistics<PrimaryHeap>(statistics, primaryHeap);
+    JSC::addToStatistics<NumberHeap>(statistics, numberHeap);
+    return statistics;
+}
+
+size_t Heap::globalObjectCount()
+{
+    size_t count = 0;
+    if (JSGlobalObject* head = m_globalData->head) {
+        JSGlobalObject* o = head;
+        do {
+            ++count;
+            o = o->next();
+        } while (o != head);
+    }
+    return count;
+}
+
+size_t Heap::protectedGlobalObjectCount()
+{
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    size_t count = 0;
+    if (JSGlobalObject* head = m_globalData->head) {
+        JSGlobalObject* o = head;
+        do {
+            if (m_protectedValues.contains(o))
+                ++count;
+            o = o->next();
+        } while (o != head);
+    }
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+
+    return count;
+}
+
+size_t Heap::protectedObjectCount()
+{
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    size_t result = m_protectedValues.size();
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+
+    return result;
+}
+
+static const char* typeName(JSCell* cell)
+{
+    if (cell->isString())
+        return "string";
+#if USE(JSVALUE32)
+    if (cell->isNumber())
+        return "number";
+#endif
+    if (cell->isGetterSetter())
+        return "gettersetter";
+    ASSERT(cell->isObject());
+    const ClassInfo* info = cell->classInfo();
+    return info ? info->className : "Object";
+}
+
+HashCountedSet<const char*>* Heap::protectedObjectTypeCounts()
+{
+    HashCountedSet<const char*>* counts = new HashCountedSet<const char*>;
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->lock();
+
+    ProtectCountSet::iterator end = m_protectedValues.end();
+    for (ProtectCountSet::iterator it = m_protectedValues.begin(); it != end; ++it)
+        counts->add(typeName(it->first));
+
+    if (m_protectedValuesMutex)
+        m_protectedValuesMutex->unlock();
+
+    return counts;
+}
+
+bool Heap::isBusy()
+{
+    return (primaryHeap.operationInProgress != NoOperation) | (numberHeap.operationInProgress != NoOperation);
+}
+
+Heap::iterator Heap::primaryHeapBegin()
+{
+    return iterator(primaryHeap.blocks, primaryHeap.blocks + primaryHeap.usedBlocks);
+}
+
+Heap::iterator Heap::primaryHeapEnd()
+{
+    return iterator(primaryHeap.blocks + primaryHeap.usedBlocks, primaryHeap.blocks + primaryHeap.usedBlocks);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.h
new file mode 100644
index 000000000..0ecff190e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.h
@@ -0,0 +1,303 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef Collector_h
+#define Collector_h
+
+#include <stddef.h>
+#include <string.h>
+#include <wtf/HashCountedSet.h>
+#include <wtf/HashSet.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/OwnPtr.h>
+#include <wtf/Threading.h>
+
+// This is supremely lame that we require pthreads to build on windows.
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#include <pthread.h>
+#endif
+
+#define ASSERT_CLASS_FITS_IN_CELL(class) COMPILE_ASSERT(sizeof(class) <= CELL_SIZE, class_fits_in_cell)
+
+namespace JSC {
+
+    class CollectorBlock;
+    class JSCell;
+    class JSGlobalData;
+    class JSValue;
+    class MarkedArgumentBuffer;
+    class MarkStack;
+
+    enum OperationInProgress { NoOperation, Allocation, Collection };
+    enum HeapType { PrimaryHeap, NumberHeap };
+
+    template <HeapType> class CollectorHeapIterator;
+
+    struct CollectorHeap {
+        CollectorBlock** blocks;
+        size_t numBlocks;
+        size_t usedBlocks;
+        size_t firstBlockWithPossibleSpace;
+
+        size_t numLiveObjects;
+        size_t numLiveObjectsAtLastCollect;
+        size_t extraCost;
+
+        OperationInProgress operationInProgress;
+    };
+
+    class Heap : public Noncopyable {
+    public:
+        class Thread;
+        typedef CollectorHeapIterator<PrimaryHeap> iterator;
+
+        void destroy();
+
+#ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+        // We can inline these functions because everything is compiled as
+        // one file, so the heapAllocate template definitions are available.
+        // However, allocateNumber is used via jsNumberCell outside JavaScriptCore.
+        // Thus allocateNumber needs to provide a non-inline version too.
+        void* inlineAllocateNumber(size_t s) { return heapAllocate<NumberHeap>(s); }
+        void* inlineAllocate(size_t s) { return heapAllocate<PrimaryHeap>(s); }
+#endif
+        void* allocateNumber(size_t);
+        void* allocate(size_t);
+
+        bool collect();
+        bool isBusy(); // true if an allocation or collection is in progress
+
+        static const size_t minExtraCostSize = 256;
+
+        void reportExtraMemoryCost(size_t cost);
+
+        size_t objectCount();
+        struct Statistics {
+            size_t size;
+            size_t free;
+        };
+        Statistics statistics() const;
+
+        void setGCProtectNeedsLocking();
+        void protect(JSValue);
+        void unprotect(JSValue);
+
+        static Heap* heap(JSValue); // 0 for immediate values
+        static Heap* heap(JSCell*);
+
+        size_t globalObjectCount();
+        size_t protectedObjectCount();
+        size_t protectedGlobalObjectCount();
+        HashCountedSet<const char*>* protectedObjectTypeCounts();
+
+        void registerThread(); // Only needs to be called by clients that can use the same heap from multiple threads.
+
+        static bool isCellMarked(const JSCell*);
+        static void markCell(JSCell*);
+
+        void markConservatively(MarkStack&, void* start, void* end);
+
+        HashSet<MarkedArgumentBuffer*>& markListSet() { if (!m_markListSet) m_markListSet = new HashSet<MarkedArgumentBuffer*>; return *m_markListSet; }
+
+        JSGlobalData* globalData() const { return m_globalData; }
+        static bool isNumber(JSCell*);
+        
+        // Iterators for the object heap.
+        iterator primaryHeapBegin();
+        iterator primaryHeapEnd();
+
+    private:
+        template <HeapType heapType> void* heapAllocate(size_t);
+        template <HeapType heapType> size_t sweep();
+        static CollectorBlock* cellBlock(const JSCell*);
+        static size_t cellOffset(const JSCell*);
+
+        friend class JSGlobalData;
+        Heap(JSGlobalData*);
+        ~Heap();
+
+        template <HeapType heapType> NEVER_INLINE CollectorBlock* allocateBlock();
+        template <HeapType heapType> NEVER_INLINE void freeBlock(size_t);
+        NEVER_INLINE void freeBlock(CollectorBlock*);
+        void freeBlocks(CollectorHeap*);
+
+        void recordExtraCost(size_t);
+        void markProtectedObjects(MarkStack&);
+        void markCurrentThreadConservatively(MarkStack&);
+        void markCurrentThreadConservativelyInternal(MarkStack&);
+        void markOtherThreadConservatively(MarkStack&, Thread*);
+        void markStackObjectsConservatively(MarkStack&);
+
+        typedef HashCountedSet<JSCell*> ProtectCountSet;
+
+        CollectorHeap primaryHeap;
+        CollectorHeap numberHeap;
+
+        OwnPtr<Mutex> m_protectedValuesMutex; // Only non-null if the client explicitly requested it via setGCPrtotectNeedsLocking().
+        ProtectCountSet m_protectedValues;
+
+        HashSet<MarkedArgumentBuffer*>* m_markListSet;
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+        void makeUsableFromMultipleThreads();
+
+        static void unregisterThread(void*);
+        void unregisterThread();
+
+        Mutex m_registeredThreadsMutex;
+        Thread* m_registeredThreads;
+        pthread_key_t m_currentThreadRegistrar;
+#endif
+
+        JSGlobalData* m_globalData;
+    };
+
+    // tunable parameters
+    template<size_t bytesPerWord> struct CellSize;
+
+    // cell size needs to be a power of two for certain optimizations in collector.cpp
+#if USE(JSVALUE32)
+    template<> struct CellSize<sizeof(uint32_t)> { static const size_t m_value = 32; };
+#else
+    template<> struct CellSize<sizeof(uint32_t)> { static const size_t m_value = 64; };
+#endif
+    template<> struct CellSize<sizeof(uint64_t)> { static const size_t m_value = 64; };
+
+#if PLATFORM(WINCE) || PLATFORM(SYMBIAN)
+    const size_t BLOCK_SIZE = 64 * 1024; // 64k
+#else
+    const size_t BLOCK_SIZE = 64 * 4096; // 256k
+#endif
+
+    // derived constants
+    const size_t BLOCK_OFFSET_MASK = BLOCK_SIZE - 1;
+    const size_t BLOCK_MASK = ~BLOCK_OFFSET_MASK;
+    const size_t MINIMUM_CELL_SIZE = CellSize<sizeof(void*)>::m_value;
+    const size_t CELL_ARRAY_LENGTH = (MINIMUM_CELL_SIZE / sizeof(double)) + (MINIMUM_CELL_SIZE % sizeof(double) != 0 ? sizeof(double) : 0);
+    const size_t CELL_SIZE = CELL_ARRAY_LENGTH * sizeof(double);
+    const size_t SMALL_CELL_SIZE = CELL_SIZE / 2;
+    const size_t CELL_MASK = CELL_SIZE - 1;
+    const size_t CELL_ALIGN_MASK = ~CELL_MASK;
+    const size_t CELLS_PER_BLOCK = (BLOCK_SIZE * 8 - sizeof(uint32_t) * 8 - sizeof(void *) * 8 - 2 * (7 + 3 * 8)) / (CELL_SIZE * 8 + 2);
+    const size_t SMALL_CELLS_PER_BLOCK = 2 * CELLS_PER_BLOCK;
+    const size_t BITMAP_SIZE = (CELLS_PER_BLOCK + 7) / 8;
+    const size_t BITMAP_WORDS = (BITMAP_SIZE + 3) / sizeof(uint32_t);
+  
+    struct CollectorBitmap {
+        uint32_t bits[BITMAP_WORDS];
+        bool get(size_t n) const { return !!(bits[n >> 5] & (1 << (n & 0x1F))); } 
+        void set(size_t n) { bits[n >> 5] |= (1 << (n & 0x1F)); } 
+        void clear(size_t n) { bits[n >> 5] &= ~(1 << (n & 0x1F)); } 
+        void clearAll() { memset(bits, 0, sizeof(bits)); }
+    };
+  
+    struct CollectorCell {
+        union {
+            double memory[CELL_ARRAY_LENGTH];
+            struct {
+                void* zeroIfFree;
+                ptrdiff_t next;
+            } freeCell;
+        } u;
+    };
+
+    struct SmallCollectorCell {
+        union {
+            double memory[CELL_ARRAY_LENGTH / 2];
+            struct {
+                void* zeroIfFree;
+                ptrdiff_t next;
+            } freeCell;
+        } u;
+    };
+
+    class CollectorBlock {
+    public:
+        CollectorCell cells[CELLS_PER_BLOCK];
+        uint32_t usedCells;
+        CollectorCell* freeList;
+        CollectorBitmap marked;
+        Heap* heap;
+        HeapType type;
+    };
+
+    class SmallCellCollectorBlock {
+    public:
+        SmallCollectorCell cells[SMALL_CELLS_PER_BLOCK];
+        uint32_t usedCells;
+        SmallCollectorCell* freeList;
+        CollectorBitmap marked;
+        Heap* heap;
+        HeapType type;
+    };
+    
+    template <HeapType heapType> struct HeapConstants;
+
+    template <> struct HeapConstants<PrimaryHeap> {
+        static const size_t cellSize = CELL_SIZE;
+        static const size_t cellsPerBlock = CELLS_PER_BLOCK;
+        static const size_t bitmapShift = 0;
+        typedef CollectorCell Cell;
+        typedef CollectorBlock Block;
+    };
+
+    template <> struct HeapConstants<NumberHeap> {
+        static const size_t cellSize = SMALL_CELL_SIZE;
+        static const size_t cellsPerBlock = SMALL_CELLS_PER_BLOCK;
+        static const size_t bitmapShift = 1;
+        typedef SmallCollectorCell Cell;
+        typedef SmallCellCollectorBlock Block;
+    };
+
+    inline CollectorBlock* Heap::cellBlock(const JSCell* cell)
+    {
+        return reinterpret_cast<CollectorBlock*>(reinterpret_cast<uintptr_t>(cell) & BLOCK_MASK);
+    }
+
+    inline bool Heap::isNumber(JSCell* cell)
+    {
+        return Heap::cellBlock(cell)->type == NumberHeap;
+    }
+
+    inline size_t Heap::cellOffset(const JSCell* cell)
+    {
+        return (reinterpret_cast<uintptr_t>(cell) & BLOCK_OFFSET_MASK) / CELL_SIZE;
+    }
+
+    inline bool Heap::isCellMarked(const JSCell* cell)
+    {
+        return cellBlock(cell)->marked.get(cellOffset(cell));
+    }
+
+    inline void Heap::markCell(JSCell* cell)
+    {
+        cellBlock(cell)->marked.set(cellOffset(cell));
+    }
+
+    inline void Heap::reportExtraMemoryCost(size_t cost)
+    {
+        if (cost > minExtraCostSize) 
+            recordExtraCost(cost / (CELL_SIZE * 2)); 
+    }
+
+} // namespace JSC
+
+#endif /* Collector_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CollectorHeapIterator.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CollectorHeapIterator.h
new file mode 100644
index 000000000..e38a8524c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CollectorHeapIterator.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "Collector.h"
+
+#ifndef CollectorHeapIterator_h
+#define CollectorHeapIterator_h
+
+namespace JSC {
+
+    template <HeapType heapType> class CollectorHeapIterator {
+    public:
+        CollectorHeapIterator(CollectorBlock** block, CollectorBlock** endBlock);
+
+        bool operator!=(const CollectorHeapIterator<heapType>& other) { return m_block != other.m_block || m_cell != other.m_cell; }
+        CollectorHeapIterator<heapType>& operator++();
+        JSCell* operator*() const;
+    
+    private:
+        typedef typename HeapConstants<heapType>::Block Block;
+        typedef typename HeapConstants<heapType>::Cell Cell;
+
+        Block** m_block;
+        Block** m_endBlock;
+        Cell* m_cell;
+        Cell* m_endCell;
+    };
+
+    template <HeapType heapType> 
+    CollectorHeapIterator<heapType>::CollectorHeapIterator(CollectorBlock** block, CollectorBlock** endBlock)
+        : m_block(reinterpret_cast<Block**>(block))
+        , m_endBlock(reinterpret_cast<Block**>(endBlock))
+        , m_cell(m_block == m_endBlock ? 0 : (*m_block)->cells)
+        , m_endCell(m_block == m_endBlock ? 0 : (*m_block)->cells + HeapConstants<heapType>::cellsPerBlock)
+    {
+        if (m_cell && m_cell->u.freeCell.zeroIfFree == 0)
+            ++*this;
+    }
+
+    template <HeapType heapType> 
+    CollectorHeapIterator<heapType>& CollectorHeapIterator<heapType>::operator++()
+    {
+        do {
+            for (++m_cell; m_cell != m_endCell; ++m_cell)
+                if (m_cell->u.freeCell.zeroIfFree != 0) {
+                    return *this;
+                }
+
+            if (++m_block != m_endBlock) {
+                m_cell = (*m_block)->cells;
+                m_endCell = (*m_block)->cells + HeapConstants<heapType>::cellsPerBlock;
+            }
+        } while(m_block != m_endBlock);
+
+        m_cell = 0;
+        return *this;
+    }
+
+    template <HeapType heapType> 
+    JSCell* CollectorHeapIterator<heapType>::operator*() const
+    {
+        return reinterpret_cast<JSCell*>(m_cell);
+    }
+
+} // namespace JSC
+
+#endif // CollectorHeapIterator_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.cpp
new file mode 100644
index 000000000..3837817d0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.cpp
@@ -0,0 +1,39 @@
+/*
+ *  Copyright (C) 2003, 2007, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "CommonIdentifiers.h"
+
+namespace JSC {
+
+static const char* const nullCString = 0;
+
+#define INITIALIZE_PROPERTY_NAME(name) , name(globalData, #name)
+
+CommonIdentifiers::CommonIdentifiers(JSGlobalData* globalData)
+    : nullIdentifier(globalData, nullCString)
+    , emptyIdentifier(globalData, "")
+    , underscoreProto(globalData, "__proto__")
+    , thisIdentifier(globalData, "this")
+    JSC_COMMON_IDENTIFIERS_EACH_PROPERTY_NAME(INITIALIZE_PROPERTY_NAME)
+{
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.h
new file mode 100644
index 000000000..abe503844
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/CommonIdentifiers.h
@@ -0,0 +1,104 @@
+/*
+ *  Copyright (C) 2003, 2007, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef CommonIdentifiers_h
+#define CommonIdentifiers_h
+
+#include "Identifier.h"
+#include <wtf/Noncopyable.h>
+
+// MarkedArgumentBuffer of property names, passed to a macro so we can do set them up various
+// ways without repeating the list.
+#define JSC_COMMON_IDENTIFIERS_EACH_PROPERTY_NAME(macro) \
+    macro(__defineGetter__) \
+    macro(__defineSetter__) \
+    macro(__lookupGetter__) \
+    macro(__lookupSetter__) \
+    macro(apply) \
+    macro(arguments) \
+    macro(call) \
+    macro(callee) \
+    macro(caller) \
+    macro(compile) \
+    macro(configurable) \
+    macro(constructor) \
+    macro(create) \
+    macro(defineProperty) \
+    macro(defineProperties) \
+    macro(enumerable) \
+    macro(eval) \
+    macro(exec) \
+    macro(fromCharCode) \
+    macro(global) \
+    macro(get) \
+    macro(getPrototypeOf) \
+    macro(getOwnPropertyDescriptor) \
+    macro(hasOwnProperty) \
+    macro(ignoreCase) \
+    macro(index) \
+    macro(input) \
+    macro(isArray) \
+    macro(isPrototypeOf) \
+    macro(keys) \
+    macro(length) \
+    macro(message) \
+    macro(multiline) \
+    macro(name) \
+    macro(now) \
+    macro(parse) \
+    macro(propertyIsEnumerable) \
+    macro(prototype) \
+    macro(set) \
+    macro(source) \
+    macro(test) \
+    macro(toExponential) \
+    macro(toFixed) \
+    macro(toISOString) \
+    macro(toJSON) \
+    macro(toLocaleString) \
+    macro(toPrecision) \
+    macro(toString) \
+    macro(UTC) \
+    macro(value) \
+    macro(valueOf) \
+    macro(writable) \
+    macro(displayName)
+
+namespace JSC {
+
+    class CommonIdentifiers : public Noncopyable {
+    private:
+        CommonIdentifiers(JSGlobalData*);
+        friend class JSGlobalData;
+
+    public:
+        const Identifier nullIdentifier;
+        const Identifier emptyIdentifier;
+        const Identifier underscoreProto;
+        const Identifier thisIdentifier;
+
+#define JSC_IDENTIFIER_DECLARE_PROPERTY_NAME_GLOBAL(name) const Identifier name;
+        JSC_COMMON_IDENTIFIERS_EACH_PROPERTY_NAME(JSC_IDENTIFIER_DECLARE_PROPERTY_NAME_GLOBAL)
+#undef JSC_IDENTIFIER_DECLARE_PROPERTY_NAME_GLOBAL
+    };
+
+} // namespace JSC
+
+#endif // CommonIdentifiers_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.cpp
new file mode 100644
index 000000000..3ad467d1e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.cpp
@@ -0,0 +1,75 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2007 Apple Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Completion.h"
+
+#include "CallFrame.h"
+#include "JSGlobalObject.h"
+#include "JSLock.h"
+#include "Interpreter.h"
+#include "Parser.h"
+#include "Debugger.h"
+#include <stdio.h>
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "DebuggerCallFrame.h"
+#endif
+
+namespace JSC {
+
+Completion checkSyntax(ExecState* exec, const SourceCode& source)
+{
+    JSLock lock(exec);
+
+    ProgramExecutable program(exec, source);
+    JSObject* error = program.checkSyntax(exec);
+    if (error)
+        return Completion(Throw, error);
+
+    return Completion(Normal);
+}
+
+Completion evaluate(ExecState* exec, ScopeChain& scopeChain, const SourceCode& source, JSValue thisValue)
+{
+    JSLock lock(exec);
+
+    ProgramExecutable program(exec, source);
+    JSObject* error = program.compile(exec, scopeChain.node());
+    if (error)
+        return Completion(Throw, error);
+
+    JSObject* thisObj = (!thisValue || thisValue.isUndefinedOrNull()) ? exec->dynamicGlobalObject() : thisValue.toObject(exec);
+
+    JSValue exception;
+    JSValue result = exec->interpreter()->execute(&program, exec, scopeChain.node(), thisObj, &exception);
+
+    if (exception) {
+        if (exception.isObject() && asObject(exception)->isWatchdogException())
+            return Completion(Interrupted, exception);
+        return Completion(Throw, exception);
+    }
+
+    return Completion(Normal, result);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.h
new file mode 100644
index 000000000..41c9a642f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Completion.h
@@ -0,0 +1,63 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2007 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Completion_h
+#define Completion_h
+
+#include "JSValue.h"
+
+namespace JSC {
+
+    class ExecState;
+    class ScopeChain;
+    class SourceCode;
+
+    enum ComplType { Normal, Break, Continue, ReturnValue, Throw, Interrupted };
+
+    /*
+     * Completion objects are used to convey the return status and value
+     * from functions.
+     */
+    class Completion {
+    public:
+        Completion(ComplType type = Normal, JSValue value = JSValue())
+            : m_type(type)
+            , m_value(value)
+        {
+        }
+
+        ComplType complType() const { return m_type; }
+        JSValue value() const { return m_value; }
+        void setValue(JSValue v) { m_value = v; }
+        bool isValueCompletion() const { return m_value; }
+
+    private:
+        ComplType m_type;
+        JSValue m_value;
+    };
+
+    Completion checkSyntax(ExecState*, const SourceCode&);
+    Completion evaluate(ExecState*, ScopeChain&, const SourceCode&, JSValue thisValue = JSValue());
+
+} // namespace JSC
+
+#endif // Completion_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.cpp
new file mode 100644
index 000000000..3dfc9180d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.cpp
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "ConstructData.h"
+
+#include "JSFunction.h"
+
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "Debugger.h"
+#include "DebuggerCallFrame.h"
+#include "JSGlobalObject.h"
+#endif
+
+namespace JSC {
+
+#ifdef QT_BUILD_SCRIPT_LIB
+JSObject* JSC::NativeConstrWrapper::operator() (ExecState* exec, JSObject* jsobj, const ArgList& argList) const
+{
+    Debugger* debugger = exec->lexicalGlobalObject()->debugger();
+    if (debugger)
+        debugger->callEvent(DebuggerCallFrame(exec), -1, -1);
+
+    JSObject* returnValue = ptr(exec, jsobj, argList);
+
+    if ((debugger) && (callDebuggerFunctionExit))
+        debugger->functionExit(JSValue(returnValue), -1);
+
+    return returnValue;
+}
+#endif
+
+JSObject* construct(ExecState* exec, JSValue callee, ConstructType constructType, const ConstructData& constructData, const ArgList& args)
+{
+    if (constructType == ConstructTypeHost)
+        return constructData.native.function(exec, asObject(callee), args);
+    ASSERT(constructType == ConstructTypeJS);
+    // FIXME: Can this be done more efficiently using the constructData?
+    return asFunction(callee)->construct(exec, args);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.h
new file mode 100644
index 000000000..1dcfb0013
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ConstructData.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ConstructData_h
+#define ConstructData_h
+
+namespace JSC {
+
+    class ArgList;
+    class ExecState;
+    class FunctionExecutable;
+    class JSObject;
+    class JSValue;
+    class ScopeChainNode;
+
+    enum ConstructType {
+        ConstructTypeNone,
+        ConstructTypeHost,
+        ConstructTypeJS
+    };
+
+    typedef JSObject* (*NativeConstructor)(ExecState*, JSObject*, const ArgList&);
+
+#ifdef QT_BUILD_SCRIPT_LIB
+    class NativeConstrWrapper
+    {
+        NativeConstructor ptr;
+        //Hack. If this variable is true and if debugger is attached at the end of
+        //operator() execution functionExit event will be created (in most cases it will be default)
+        //This variable was created because of FunctionWrapper::proxyCall method that change result
+        //on fly. Event shuld be created with original value so the method should call it itself.
+        bool callDebuggerFunctionExit;
+    public:
+        inline NativeConstrWrapper& operator=(NativeConstructor func)
+        {
+            callDebuggerFunctionExit = true;
+            ptr = func;
+            return *this;
+        }
+        inline operator NativeConstructor() const {return ptr;}
+        inline operator bool() const {return ptr;}
+
+        inline void doNotCallDebuggerFunctionExit() {callDebuggerFunctionExit = false;}
+        JSObject* operator()(ExecState*, JSObject*, const ArgList&) const;
+    };
+#endif
+
+#if defined(QT_BUILD_SCRIPT_LIB) && PLATFORM(SOLARIS)
+    struct
+#else
+    union
+#endif
+    ConstructData {
+        struct {
+#ifndef QT_BUILD_SCRIPT_LIB
+            NativeConstructor function;
+#else
+            NativeConstrWrapper function;
+#endif
+        } native;
+        struct {
+            FunctionExecutable* functionExecutable;
+            ScopeChainNode* scopeChain;
+        } js;
+    };
+
+    JSObject* construct(ExecState*, JSValue constructor, ConstructType, const ConstructData&, const ArgList&);
+
+} // namespace JSC
+
+#endif // ConstructData_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.cpp
new file mode 100644
index 000000000..1879c3faa
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.cpp
@@ -0,0 +1,181 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "DateConstructor.h"
+
+#include "DateConversion.h"
+#include "DateInstance.h"
+#include "DatePrototype.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "PrototypeFunction.h"
+#include <math.h>
+#include <time.h>
+#include <wtf/DateMath.h>
+#include <wtf/MathExtras.h>
+
+#if PLATFORM(WINCE) && !PLATFORM(QT)
+extern "C" time_t time(time_t* timer); // Provided by libce.
+#endif
+
+#if HAVE(SYS_TIME_H)
+#include <sys/time.h>
+#endif
+
+#if HAVE(SYS_TIMEB_H)
+#include <sys/timeb.h>
+#endif
+
+using namespace WTF;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(DateConstructor);
+
+static JSValue JSC_HOST_CALL dateParse(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateNow(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateUTC(ExecState*, JSObject*, JSValue, const ArgList&);
+
+DateConstructor::DateConstructor(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, DatePrototype* datePrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, datePrototype->classInfo()->className))
+{
+      putDirectWithoutTransition(exec->propertyNames().prototype, datePrototype, DontEnum|DontDelete|ReadOnly);
+
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().parse, dateParse), DontEnum);
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 7, exec->propertyNames().UTC, dateUTC), DontEnum);
+      putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().now, dateNow), DontEnum);
+
+      putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 7), ReadOnly | DontEnum | DontDelete);
+}
+
+// ECMA 15.9.3
+JSObject* constructDate(ExecState* exec, const ArgList& args)
+{
+    int numArgs = args.size();
+
+    double value;
+
+    if (numArgs == 0) // new Date() ECMA 15.9.3.3
+        value = getCurrentUTCTime();
+    else if (numArgs == 1) {
+        if (args.at(0).inherits(&DateInstance::info))
+            value = asDateInstance(args.at(0))->internalNumber();
+        else {
+            JSValue primitive = args.at(0).toPrimitive(exec);
+            if (primitive.isString())
+                value = parseDate(primitive.getString());
+            else
+                value = primitive.toNumber(exec);
+        }
+    } else {
+        if (isnan(args.at(0).toNumber(exec))
+                || isnan(args.at(1).toNumber(exec))
+                || (numArgs >= 3 && isnan(args.at(2).toNumber(exec)))
+                || (numArgs >= 4 && isnan(args.at(3).toNumber(exec)))
+                || (numArgs >= 5 && isnan(args.at(4).toNumber(exec)))
+                || (numArgs >= 6 && isnan(args.at(5).toNumber(exec)))
+                || (numArgs >= 7 && isnan(args.at(6).toNumber(exec))))
+            value = NaN;
+        else {
+            GregorianDateTime t;
+            int year = args.at(0).toInt32(exec);
+            t.year = (year >= 0 && year <= 99) ? year : year - 1900;
+            t.month = args.at(1).toInt32(exec);
+            t.monthDay = (numArgs >= 3) ? args.at(2).toInt32(exec) : 1;
+            t.hour = args.at(3).toInt32(exec);
+            t.minute = args.at(4).toInt32(exec);
+            t.second = args.at(5).toInt32(exec);
+            t.isDST = -1;
+            double ms = (numArgs >= 7) ? args.at(6).toNumber(exec) : 0;
+            value = gregorianDateTimeToMS(t, ms, false);
+        }
+    }
+
+    DateInstance* result = new (exec) DateInstance(exec->lexicalGlobalObject()->dateStructure());
+    result->setInternalValue(jsNumber(exec, timeClip(value)));
+    return result;
+}
+    
+static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructDate(exec, args);
+}
+
+ConstructType DateConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithDateConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.9.2
+static JSValue JSC_HOST_CALL callDate(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    time_t localTime = time(0);
+    tm localTM;
+    getLocalTime(&localTime, &localTM);
+    GregorianDateTime ts(localTM);
+    return jsNontrivialString(exec, formatDate(ts) + " " + formatTime(ts, false));
+}
+
+CallType DateConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callDate;
+    return CallTypeHost;
+}
+
+static JSValue JSC_HOST_CALL dateParse(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, parseDate(args.at(0).toString(exec)));
+}
+
+static JSValue JSC_HOST_CALL dateNow(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    return jsNumber(exec, getCurrentUTCTime());
+}
+
+static JSValue JSC_HOST_CALL dateUTC(ExecState* exec, JSObject*, JSValue, const ArgList& args) 
+{
+    int n = args.size();
+    if (isnan(args.at(0).toNumber(exec))
+            || isnan(args.at(1).toNumber(exec))
+            || (n >= 3 && isnan(args.at(2).toNumber(exec)))
+            || (n >= 4 && isnan(args.at(3).toNumber(exec)))
+            || (n >= 5 && isnan(args.at(4).toNumber(exec)))
+            || (n >= 6 && isnan(args.at(5).toNumber(exec)))
+            || (n >= 7 && isnan(args.at(6).toNumber(exec))))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    int year = args.at(0).toInt32(exec);
+    t.year = (year >= 0 && year <= 99) ? year : year - 1900;
+    t.month = args.at(1).toInt32(exec);
+    t.monthDay = (n >= 3) ? args.at(2).toInt32(exec) : 1;
+    t.hour = args.at(3).toInt32(exec);
+    t.minute = args.at(4).toInt32(exec);
+    t.second = args.at(5).toInt32(exec);
+    double ms = (n >= 7) ? args.at(6).toNumber(exec) : 0;
+    return jsNumber(exec, gregorianDateTimeToMS(t, ms, true));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.h
new file mode 100644
index 000000000..dcef3cc7f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConstructor.h
@@ -0,0 +1,43 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef DateConstructor_h
+#define DateConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class DatePrototype;
+
+    class DateConstructor : public InternalFunction {
+    public:
+        DateConstructor(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure, DatePrototype*);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+    JSObject* constructDate(ExecState*, const ArgList&);
+
+} // namespace JSC
+
+#endif // DateConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.cpp
new file mode 100644
index 000000000..a72547895
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.cpp
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * Alternatively, the contents of this file may be used under the terms
+ * of either the Mozilla Public License Version 1.1, found at
+ * http://www.mozilla.org/MPL/ (the "MPL") or the GNU General Public
+ * License Version 2.0, found at http://www.fsf.org/copyleft/gpl.html
+ * (the "GPL"), in which case the provisions of the MPL or the GPL are
+ * applicable instead of those above.  If you wish to allow use of your
+ * version of this file only under the terms of one of those two
+ * licenses (the MPL or the GPL) and not to allow others to use your
+ * version of this file under the LGPL, indicate your decision by
+ * deletingthe provisions above and replace them with the notice and
+ * other provisions required by the MPL or the GPL, as the case may be.
+ * If you do not delete the provisions above, a recipient may use your
+ * version of this file under any of the LGPL, the MPL or the GPL.
+ */
+
+#include "config.h"
+#include "DateConversion.h"
+
+#include "UString.h"
+#include <wtf/DateMath.h>
+#include <wtf/StringExtras.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+double parseDate(const UString &date)
+{
+    return parseDateFromNullTerminatedCharacters(date.UTF8String().c_str());
+}
+
+UString formatDate(const GregorianDateTime &t)
+{
+    char buffer[100];
+    snprintf(buffer, sizeof(buffer), "%s %s %02d %04d",
+        weekdayName[(t.weekDay + 6) % 7],
+        monthName[t.month], t.monthDay, t.year + 1900);
+    return buffer;
+}
+
+UString formatDateUTCVariant(const GregorianDateTime &t)
+{
+    char buffer[100];
+    snprintf(buffer, sizeof(buffer), "%s, %02d %s %04d",
+        weekdayName[(t.weekDay + 6) % 7],
+        t.monthDay, monthName[t.month], t.year + 1900);
+    return buffer;
+}
+
+UString formatTime(const GregorianDateTime &t, bool utc)
+{
+    char buffer[100];
+    if (utc) {
+        snprintf(buffer, sizeof(buffer), "%02d:%02d:%02d GMT", t.hour, t.minute, t.second);
+    } else {
+        int offset = abs(gmtoffset(t));
+        char timeZoneName[70];
+        struct tm gtm = t;
+        strftime(timeZoneName, sizeof(timeZoneName), "%Z", &gtm);
+
+        if (timeZoneName[0]) {
+            snprintf(buffer, sizeof(buffer), "%02d:%02d:%02d GMT%c%02d%02d (%s)",
+                t.hour, t.minute, t.second,
+                gmtoffset(t) < 0 ? '-' : '+', offset / (60*60), (offset / 60) % 60, timeZoneName);
+        } else {
+            snprintf(buffer, sizeof(buffer), "%02d:%02d:%02d GMT%c%02d%02d",
+                t.hour, t.minute, t.second,
+                gmtoffset(t) < 0 ? '-' : '+', offset / (60*60), (offset / 60) % 60);
+        }
+    }
+    return UString(buffer);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.h
new file mode 100644
index 000000000..0d128158e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateConversion.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ */
+
+#ifndef DateConversion_h
+#define DateConversion_h
+
+namespace WTF {
+    struct GregorianDateTime;
+}
+
+namespace JSC {
+
+class UString;
+
+double parseDate(const UString&);
+UString formatDate(const WTF::GregorianDateTime&);
+UString formatDateUTCVariant(const WTF::GregorianDateTime&);
+UString formatTime(const WTF::GregorianDateTime&, bool inputIsUTC);
+
+} // namespace JSC
+
+#endif // DateConversion_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.cpp
new file mode 100644
index 000000000..62791aecb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.cpp
@@ -0,0 +1,118 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "DateInstance.h"
+
+#include <math.h>
+#include <wtf/DateMath.h>
+#include <wtf/MathExtras.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+struct DateInstance::Cache {
+    double m_gregorianDateTimeCachedForMS;
+    GregorianDateTime m_cachedGregorianDateTime;
+    double m_gregorianDateTimeUTCCachedForMS;
+    GregorianDateTime m_cachedGregorianDateTimeUTC;
+};
+
+const ClassInfo DateInstance::info = {"Date", 0, 0, 0};
+
+DateInstance::DateInstance(PassRefPtr<Structure> structure)
+    : JSWrapperObject(structure)
+    , m_cache(0)
+{
+}
+
+DateInstance::~DateInstance()
+{
+    delete m_cache;
+}
+
+void DateInstance::msToGregorianDateTime(double milli, bool outputIsUTC, GregorianDateTime& t) const
+{
+    if (!m_cache) {
+        m_cache = new Cache;
+        m_cache->m_gregorianDateTimeCachedForMS = NaN;
+        m_cache->m_gregorianDateTimeUTCCachedForMS = NaN;
+    }
+
+    if (outputIsUTC) {
+        if (m_cache->m_gregorianDateTimeUTCCachedForMS != milli) {
+            WTF::msToGregorianDateTime(milli, true, m_cache->m_cachedGregorianDateTimeUTC);
+            m_cache->m_gregorianDateTimeUTCCachedForMS = milli;
+        }
+        t.copyFrom(m_cache->m_cachedGregorianDateTimeUTC);
+    } else {
+        if (m_cache->m_gregorianDateTimeCachedForMS != milli) {
+            WTF::msToGregorianDateTime(milli, false, m_cache->m_cachedGregorianDateTime);
+            m_cache->m_gregorianDateTimeCachedForMS = milli;
+        }
+        t.copyFrom(m_cache->m_cachedGregorianDateTime);
+    }
+}
+
+bool DateInstance::getTime(GregorianDateTime& t, int& offset) const
+{
+    double milli = internalNumber();
+    if (isnan(milli))
+        return false;
+    
+    msToGregorianDateTime(milli, false, t);
+    offset = gmtoffset(t);
+    return true;
+}
+
+bool DateInstance::getUTCTime(GregorianDateTime& t) const
+{
+    double milli = internalNumber();
+    if (isnan(milli))
+        return false;
+    
+    msToGregorianDateTime(milli, true, t);
+    return true;
+}
+
+bool DateInstance::getTime(double& milli, int& offset) const
+{
+    milli = internalNumber();
+    if (isnan(milli))
+        return false;
+    
+    GregorianDateTime t;
+    msToGregorianDateTime(milli, false, t);
+    offset = gmtoffset(t);
+    return true;
+}
+
+bool DateInstance::getUTCTime(double& milli) const
+{
+    milli = internalNumber();
+    if (isnan(milli))
+        return false;
+    
+    return true;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.h
new file mode 100644
index 000000000..3b73521a7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DateInstance.h
@@ -0,0 +1,67 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef DateInstance_h
+#define DateInstance_h
+
+#include "JSWrapperObject.h"
+
+namespace WTF {
+    struct GregorianDateTime;
+}
+
+namespace JSC {
+
+    class DateInstance : public JSWrapperObject {
+    public:
+        explicit DateInstance(PassRefPtr<Structure>);
+        virtual ~DateInstance();
+
+        double internalNumber() const { return internalValue().uncheckedGetNumber(); }
+
+        bool getTime(WTF::GregorianDateTime&, int& offset) const;
+        bool getUTCTime(WTF::GregorianDateTime&) const;
+        bool getTime(double& milliseconds, int& offset) const;
+        bool getUTCTime(double& milliseconds) const;
+
+        static const ClassInfo info;
+
+        void msToGregorianDateTime(double, bool outputIsUTC, WTF::GregorianDateTime&) const;
+
+    private:
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        using JSWrapperObject::internalValue;
+
+        struct Cache;
+        mutable Cache* m_cache;
+    };
+
+    DateInstance* asDateInstance(JSValue);
+
+    inline DateInstance* asDateInstance(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&DateInstance::info));
+        return static_cast<DateInstance*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // DateInstance_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.cpp
new file mode 100644
index 000000000..c6f7decdc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.cpp
@@ -0,0 +1,1111 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008, 2009 Torch Mobile, Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "DatePrototype.h"
+
+#include "DateConversion.h"
+#include "Error.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "DateInstance.h"
+#include <float.h>
+
+#if !PLATFORM(MAC) && HAVE(LANGINFO_H)
+#include <langinfo.h>
+#endif
+
+#include <limits.h>
+#include <locale.h>
+#include <math.h>
+#include <time.h>
+#include <wtf/Assertions.h>
+#include <wtf/DateMath.h>
+#include <wtf/MathExtras.h>
+#include <wtf/StringExtras.h>
+#include <wtf/UnusedParam.h>
+
+#if HAVE(SYS_PARAM_H)
+#include <sys/param.h>
+#endif
+
+#if HAVE(SYS_TIME_H)
+#include <sys/time.h>
+#endif
+
+#if HAVE(SYS_TIMEB_H)
+#include <sys/timeb.h>
+#endif
+
+#if PLATFORM(MAC)
+#include <CoreFoundation/CoreFoundation.h>
+#endif
+
+#if PLATFORM(WINCE) && !PLATFORM(QT)
+extern "C" size_t strftime(char * const s, const size_t maxsize, const char * const format, const struct tm * const t); //provided by libce
+#endif
+
+using namespace WTF;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(DatePrototype);
+
+static JSValue JSC_HOST_CALL dateProtoFuncGetDate(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetDay(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetFullYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetHours(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetMilliSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetMinutes(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetMonth(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetTime(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetTimezoneOffset(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCDate(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCDay(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCFullYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCHours(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCMilliseconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCMinutes(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCMonth(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetUTCSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncGetYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetDate(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetFullYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetHours(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetMilliSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetMinutes(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetMonth(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetTime(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCDate(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCFullYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCHours(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCMilliseconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCMinutes(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCMonth(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetUTCSeconds(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncSetYear(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToDateString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToGMTString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToLocaleDateString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToLocaleString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToLocaleTimeString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToTimeString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToUTCString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL dateProtoFuncToISOString(ExecState*, JSObject*, JSValue, const ArgList&);
+
+static JSValue JSC_HOST_CALL dateProtoFuncToJSON(ExecState*, JSObject*, JSValue, const ArgList&);
+
+}
+
+#include "DatePrototype.lut.h"
+
+namespace JSC {
+
+enum LocaleDateTimeFormat { LocaleDateAndTime, LocaleDate, LocaleTime };
+ 
+#if PLATFORM(MAC)
+
+// FIXME: Since this is superior to the strftime-based version, why limit this to PLATFORM(MAC)?
+// Instead we should consider using this whenever PLATFORM(CF) is true.
+
+static CFDateFormatterStyle styleFromArgString(const UString& string, CFDateFormatterStyle defaultStyle)
+{
+    if (string == "short")
+        return kCFDateFormatterShortStyle;
+    if (string == "medium")
+        return kCFDateFormatterMediumStyle;
+    if (string == "long")
+        return kCFDateFormatterLongStyle;
+    if (string == "full")
+        return kCFDateFormatterFullStyle;
+    return defaultStyle;
+}
+
+static JSCell* formatLocaleDate(ExecState* exec, DateInstance*, double timeInMilliseconds, LocaleDateTimeFormat format, const ArgList& args)
+{
+    CFDateFormatterStyle dateStyle = (format != LocaleTime ? kCFDateFormatterLongStyle : kCFDateFormatterNoStyle);
+    CFDateFormatterStyle timeStyle = (format != LocaleDate ? kCFDateFormatterLongStyle : kCFDateFormatterNoStyle);
+
+    bool useCustomFormat = false;
+    UString customFormatString;
+
+    UString arg0String = args.at(0).toString(exec);
+    if (arg0String == "custom" && !args.at(1).isUndefined()) {
+        useCustomFormat = true;
+        customFormatString = args.at(1).toString(exec);
+    } else if (format == LocaleDateAndTime && !args.at(1).isUndefined()) {
+        dateStyle = styleFromArgString(arg0String, dateStyle);
+        timeStyle = styleFromArgString(args.at(1).toString(exec), timeStyle);
+    } else if (format != LocaleTime && !args.at(0).isUndefined())
+        dateStyle = styleFromArgString(arg0String, dateStyle);
+    else if (format != LocaleDate && !args.at(0).isUndefined())
+        timeStyle = styleFromArgString(arg0String, timeStyle);
+
+    CFLocaleRef locale = CFLocaleCopyCurrent();
+    CFDateFormatterRef formatter = CFDateFormatterCreate(0, locale, dateStyle, timeStyle);
+    CFRelease(locale);
+
+    if (useCustomFormat) {
+        CFStringRef customFormatCFString = CFStringCreateWithCharacters(0, customFormatString.data(), customFormatString.size());
+        CFDateFormatterSetFormat(formatter, customFormatCFString);
+        CFRelease(customFormatCFString);
+    }
+
+    CFStringRef string = CFDateFormatterCreateStringWithAbsoluteTime(0, formatter, floor(timeInMilliseconds / msPerSecond) - kCFAbsoluteTimeIntervalSince1970);
+
+    CFRelease(formatter);
+
+    // We truncate the string returned from CFDateFormatter if it's absurdly long (> 200 characters).
+    // That's not great error handling, but it just won't happen so it doesn't matter.
+    UChar buffer[200];
+    const size_t bufferLength = sizeof(buffer) / sizeof(buffer[0]);
+    size_t length = CFStringGetLength(string);
+    ASSERT(length <= bufferLength);
+    if (length > bufferLength)
+        length = bufferLength;
+    CFStringGetCharacters(string, CFRangeMake(0, length), buffer);
+
+    CFRelease(string);
+
+    return jsNontrivialString(exec, UString(buffer, length));
+}
+
+#else // !PLATFORM(MAC)
+
+static JSCell* formatLocaleDate(ExecState* exec, const GregorianDateTime& gdt, LocaleDateTimeFormat format)
+{
+#if HAVE(LANGINFO_H)
+    static const nl_item formats[] = { D_T_FMT, D_FMT, T_FMT };
+#elif (PLATFORM(WINCE) && !PLATFORM(QT)) || PLATFORM(SYMBIAN)
+     // strftime() does not support '#' on WinCE or Symbian
+    static const char* const formatStrings[] = { "%c", "%x", "%X" };
+#else
+    static const char* const formatStrings[] = { "%#c", "%#x", "%X" };
+#endif
+ 
+    // Offset year if needed
+    struct tm localTM = gdt;
+    int year = gdt.year + 1900;
+    bool yearNeedsOffset = year < 1900 || year > 2038;
+    if (yearNeedsOffset)
+        localTM.tm_year = equivalentYearForDST(year) - 1900;
+ 
+#if HAVE(LANGINFO_H)
+    // We do not allow strftime to generate dates with 2-digits years,
+    // both to avoid ambiguity, and a crash in strncpy, for years that
+    // need offset.
+    char* formatString = strdup(nl_langinfo(formats[format]));
+    char* yPos = strchr(formatString, 'y');
+    if (yPos)
+        *yPos = 'Y';
+#endif
+
+    // Do the formatting
+    const int bufsize = 128;
+    char timebuffer[bufsize];
+
+#if HAVE(LANGINFO_H)
+    size_t ret = strftime(timebuffer, bufsize, formatString, &localTM);
+    free(formatString);
+#else
+    size_t ret = strftime(timebuffer, bufsize, formatStrings[format], &localTM);
+#endif
+ 
+    if (ret == 0)
+        return jsEmptyString(exec);
+ 
+    // Copy original into the buffer
+    if (yearNeedsOffset && format != LocaleTime) {
+        static const int yearLen = 5;   // FIXME will be a problem in the year 10,000
+        char yearString[yearLen];
+ 
+        snprintf(yearString, yearLen, "%d", localTM.tm_year + 1900);
+        char* yearLocation = strstr(timebuffer, yearString);
+        snprintf(yearString, yearLen, "%d", year);
+ 
+        strncpy(yearLocation, yearString, yearLen - 1);
+    }
+ 
+    return jsNontrivialString(exec, timebuffer);
+}
+
+static JSCell* formatLocaleDate(ExecState* exec, DateInstance* dateObject, double timeInMilliseconds, LocaleDateTimeFormat format, const ArgList&)
+{
+    GregorianDateTime gregorianDateTime;
+    const bool notUTC = false;
+    dateObject->msToGregorianDateTime(timeInMilliseconds, notUTC, gregorianDateTime);
+    return formatLocaleDate(exec, gregorianDateTime, format);
+}
+
+#endif // !PLATFORM(MAC)
+
+// Converts a list of arguments sent to a Date member function into milliseconds, updating
+// ms (representing milliseconds) and t (representing the rest of the date structure) appropriately.
+//
+// Format of member function: f([hour,] [min,] [sec,] [ms])
+static bool fillStructuresUsingTimeArgs(ExecState* exec, const ArgList& args, int maxArgs, double* ms, GregorianDateTime* t)
+{
+    double milliseconds = 0;
+    bool ok = true;
+    int idx = 0;
+    int numArgs = args.size();
+    
+    // JS allows extra trailing arguments -- ignore them
+    if (numArgs > maxArgs)
+        numArgs = maxArgs;
+
+    // hours
+    if (maxArgs >= 4 && idx < numArgs) {
+        t->hour = 0;
+        milliseconds += args.at(idx++).toInt32(exec, ok) * msPerHour;
+    }
+
+    // minutes
+    if (maxArgs >= 3 && idx < numArgs && ok) {
+        t->minute = 0;
+        milliseconds += args.at(idx++).toInt32(exec, ok) * msPerMinute;
+    }
+    
+    // seconds
+    if (maxArgs >= 2 && idx < numArgs && ok) {
+        t->second = 0;
+        milliseconds += args.at(idx++).toInt32(exec, ok) * msPerSecond;
+    }
+    
+    if (!ok)
+        return false;
+        
+    // milliseconds
+    if (idx < numArgs) {
+        double millis = args.at(idx).toNumber(exec);
+        ok = isfinite(millis);
+        milliseconds += millis;
+    } else
+        milliseconds += *ms;
+    
+    *ms = milliseconds;
+    return ok;
+}
+
+// Converts a list of arguments sent to a Date member function into years, months, and milliseconds, updating
+// ms (representing milliseconds) and t (representing the rest of the date structure) appropriately.
+//
+// Format of member function: f([years,] [months,] [days])
+static bool fillStructuresUsingDateArgs(ExecState *exec, const ArgList& args, int maxArgs, double *ms, GregorianDateTime *t)
+{
+    int idx = 0;
+    bool ok = true;
+    int numArgs = args.size();
+  
+    // JS allows extra trailing arguments -- ignore them
+    if (numArgs > maxArgs)
+        numArgs = maxArgs;
+  
+    // years
+    if (maxArgs >= 3 && idx < numArgs)
+        t->year = args.at(idx++).toInt32(exec, ok) - 1900;
+    
+    // months
+    if (maxArgs >= 2 && idx < numArgs && ok)   
+        t->month = args.at(idx++).toInt32(exec, ok);
+    
+    // days
+    if (idx < numArgs && ok) {   
+        t->monthDay = 0;
+        *ms += args.at(idx).toInt32(exec, ok) * msPerDay;
+    }
+    
+    return ok;
+}
+
+const ClassInfo DatePrototype::info = {"Date", &DateInstance::info, 0, ExecState::dateTable};
+
+/* Source for DatePrototype.lut.h
+@begin dateTable
+  toString              dateProtoFuncToString                DontEnum|Function       0
+  toISOString           dateProtoFuncToISOString             DontEnum|Function       0
+  toUTCString           dateProtoFuncToUTCString             DontEnum|Function       0
+  toDateString          dateProtoFuncToDateString            DontEnum|Function       0
+  toTimeString          dateProtoFuncToTimeString            DontEnum|Function       0
+  toLocaleString        dateProtoFuncToLocaleString          DontEnum|Function       0
+  toLocaleDateString    dateProtoFuncToLocaleDateString      DontEnum|Function       0
+  toLocaleTimeString    dateProtoFuncToLocaleTimeString      DontEnum|Function       0
+  valueOf               dateProtoFuncGetTime                 DontEnum|Function       0
+  getTime               dateProtoFuncGetTime                 DontEnum|Function       0
+  getFullYear           dateProtoFuncGetFullYear             DontEnum|Function       0
+  getUTCFullYear        dateProtoFuncGetUTCFullYear          DontEnum|Function       0
+  toGMTString           dateProtoFuncToGMTString             DontEnum|Function       0
+  getMonth              dateProtoFuncGetMonth                DontEnum|Function       0
+  getUTCMonth           dateProtoFuncGetUTCMonth             DontEnum|Function       0
+  getDate               dateProtoFuncGetDate                 DontEnum|Function       0
+  getUTCDate            dateProtoFuncGetUTCDate              DontEnum|Function       0
+  getDay                dateProtoFuncGetDay                  DontEnum|Function       0
+  getUTCDay             dateProtoFuncGetUTCDay               DontEnum|Function       0
+  getHours              dateProtoFuncGetHours                DontEnum|Function       0
+  getUTCHours           dateProtoFuncGetUTCHours             DontEnum|Function       0
+  getMinutes            dateProtoFuncGetMinutes              DontEnum|Function       0
+  getUTCMinutes         dateProtoFuncGetUTCMinutes           DontEnum|Function       0
+  getSeconds            dateProtoFuncGetSeconds              DontEnum|Function       0
+  getUTCSeconds         dateProtoFuncGetUTCSeconds           DontEnum|Function       0
+  getMilliseconds       dateProtoFuncGetMilliSeconds         DontEnum|Function       0
+  getUTCMilliseconds    dateProtoFuncGetUTCMilliseconds      DontEnum|Function       0
+  getTimezoneOffset     dateProtoFuncGetTimezoneOffset       DontEnum|Function       0
+  setTime               dateProtoFuncSetTime                 DontEnum|Function       1
+  setMilliseconds       dateProtoFuncSetMilliSeconds         DontEnum|Function       1
+  setUTCMilliseconds    dateProtoFuncSetUTCMilliseconds      DontEnum|Function       1
+  setSeconds            dateProtoFuncSetSeconds              DontEnum|Function       2
+  setUTCSeconds         dateProtoFuncSetUTCSeconds           DontEnum|Function       2
+  setMinutes            dateProtoFuncSetMinutes              DontEnum|Function       3
+  setUTCMinutes         dateProtoFuncSetUTCMinutes           DontEnum|Function       3
+  setHours              dateProtoFuncSetHours                DontEnum|Function       4
+  setUTCHours           dateProtoFuncSetUTCHours             DontEnum|Function       4
+  setDate               dateProtoFuncSetDate                 DontEnum|Function       1
+  setUTCDate            dateProtoFuncSetUTCDate              DontEnum|Function       1
+  setMonth              dateProtoFuncSetMonth                DontEnum|Function       2
+  setUTCMonth           dateProtoFuncSetUTCMonth             DontEnum|Function       2
+  setFullYear           dateProtoFuncSetFullYear             DontEnum|Function       3
+  setUTCFullYear        dateProtoFuncSetUTCFullYear          DontEnum|Function       3
+  setYear               dateProtoFuncSetYear                 DontEnum|Function       1
+  getYear               dateProtoFuncGetYear                 DontEnum|Function       0
+  toJSON                dateProtoFuncToJSON                  DontEnum|Function       0
+@end
+*/
+
+// ECMA 15.9.4
+
+DatePrototype::DatePrototype(ExecState* exec, PassRefPtr<Structure> structure)
+    : DateInstance(structure)
+{
+    setInternalValue(jsNaN(exec));
+    // The constructor will be added later, after DateConstructor has been built.
+}
+
+bool DatePrototype::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticFunctionSlot<JSObject>(exec, ExecState::dateTable(exec), this, propertyName, slot);
+}
+
+
+bool DatePrototype::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticFunctionDescriptor<JSObject>(exec, ExecState::dateTable(exec), this, propertyName, descriptor);
+}
+
+// Functions
+
+JSValue JSC_HOST_CALL dateProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNontrivialString(exec, formatDate(t) + " " + formatTime(t, utc));
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToUTCString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNontrivialString(exec, formatDateUTCVariant(t) + " " + formatTime(t, utc));
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToISOString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+    
+    const bool utc = true;
+    
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (!isfinite(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+    
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    // Maximum amount of space we need in buffer: 6 (max. digits in year) + 2 * 5 (2 characters each for month, day, hour, minute, second) + 4 (. + 3 digits for milliseconds)
+    // 6 for formatting and one for null termination = 27.  We add one extra character to allow us to force null termination.
+    char buffer[28];
+    snprintf(buffer, sizeof(buffer) - 1, "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", 1900 + t.year, t.month + 1, t.monthDay, t.hour, t.minute, t.second, static_cast<int>(fmod(milli, 1000)));
+    buffer[sizeof(buffer) - 1] = 0;
+    return jsNontrivialString(exec, buffer);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToDateString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNontrivialString(exec, formatDate(t));
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToTimeString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNontrivialString(exec, formatTime(t, utc));
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToLocaleString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    return formatLocaleDate(exec, thisDateObj, milli, LocaleDateAndTime, args);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToLocaleDateString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    return formatLocaleDate(exec, thisDateObj, milli, LocaleDate, args);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToLocaleTimeString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    return formatLocaleDate(exec, thisDateObj, milli, LocaleTime, args);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetTime(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    return jsNumber(exec, milli);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetFullYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, 1900 + t.year);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCFullYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, 1900 + t.year);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToGMTString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNontrivialString(exec, "Invalid Date");
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNontrivialString(exec, formatDateUTCVariant(t) + " " + formatTime(t, utc));
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetMonth(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.month);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCMonth(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.month);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetDate(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.monthDay);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCDate(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.monthDay);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetDay(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.weekDay);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCDay(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.weekDay);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetHours(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.hour);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCHours(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.hour);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetMinutes(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.minute);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCMinutes(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.minute);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.second);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = true;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, t.second);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetMilliSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    double secs = floor(milli / msPerSecond);
+    double ms = milli - secs * msPerSecond;
+    return jsNumber(exec, ms);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetUTCMilliseconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    double secs = floor(milli / msPerSecond);
+    double ms = milli - secs * msPerSecond;
+    return jsNumber(exec, ms);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetTimezoneOffset(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+    return jsNumber(exec, -gmtoffset(t) / minutesPerHour);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetTime(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+
+    double milli = timeClip(args.at(0).toNumber(exec));
+    JSValue result = jsNumber(exec, milli);
+    thisDateObj->setInternalValue(result);
+    return result;
+}
+
+static JSValue setNewValueFromTimeArgs(ExecState* exec, JSValue thisValue, const ArgList& args, int numArgsToUse, bool inputIsUTC)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue);
+    double milli = thisDateObj->internalNumber();
+    
+    if (args.isEmpty() || isnan(milli)) {
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    }
+     
+    double secs = floor(milli / msPerSecond);
+    double ms = milli - secs * msPerSecond;
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, inputIsUTC, t);
+
+    if (!fillStructuresUsingTimeArgs(exec, args, numArgsToUse, &ms, &t)) {
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    } 
+    
+    JSValue result = jsNumber(exec, gregorianDateTimeToMS(t, ms, inputIsUTC));
+    thisDateObj->setInternalValue(result);
+    return result;
+}
+
+static JSValue setNewValueFromDateArgs(ExecState* exec, JSValue thisValue, const ArgList& args, int numArgsToUse, bool inputIsUTC)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    DateInstance* thisDateObj = asDateInstance(thisValue);
+    if (args.isEmpty()) {
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    }      
+    
+    double milli = thisDateObj->internalNumber();
+    double ms = 0;
+
+    GregorianDateTime t;
+    if (numArgsToUse == 3 && isnan(milli))
+        // Based on ECMA 262 15.9.5.40 - .41 (set[UTC]FullYear)
+        // the time must be reset to +0 if it is NaN. 
+        thisDateObj->msToGregorianDateTime(0, true, t);
+    else {
+        double secs = floor(milli / msPerSecond);
+        ms = milli - secs * msPerSecond;
+        thisDateObj->msToGregorianDateTime(milli, inputIsUTC, t);
+    }
+    
+    if (!fillStructuresUsingDateArgs(exec, args, numArgsToUse, &ms, &t)) {
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    } 
+           
+    JSValue result = jsNumber(exec, gregorianDateTimeToMS(t, ms, inputIsUTC));
+    thisDateObj->setInternalValue(result);
+    return result;
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetMilliSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 1, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCMilliseconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 1, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 2, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCSeconds(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 2, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetMinutes(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 3, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCMinutes(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 3, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetHours(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 4, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCHours(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromTimeArgs(exec, thisValue, args, 4, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetDate(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromDateArgs(exec, thisValue, args, 1, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCDate(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromDateArgs(exec, thisValue, args, 1, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetMonth(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromDateArgs(exec, thisValue, args, 2, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCMonth(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromDateArgs(exec, thisValue, args, 2, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetFullYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = false;
+    return setNewValueFromDateArgs(exec, thisValue, args, 3, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetUTCFullYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    const bool inputIsUTC = true;
+    return setNewValueFromDateArgs(exec, thisValue, args, 3, inputIsUTC);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncSetYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue);     
+    if (args.isEmpty()) { 
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    }
+    
+    double milli = thisDateObj->internalNumber();
+    double ms = 0;
+
+    GregorianDateTime t;
+    if (isnan(milli))
+        // Based on ECMA 262 B.2.5 (setYear)
+        // the time must be reset to +0 if it is NaN. 
+        thisDateObj->msToGregorianDateTime(0, true, t);
+    else {   
+        double secs = floor(milli / msPerSecond);
+        ms = milli - secs * msPerSecond;
+        thisDateObj->msToGregorianDateTime(milli, utc, t);
+    }
+    
+    bool ok = true;
+    int32_t year = args.at(0).toInt32(exec, ok);
+    if (!ok) {
+        JSValue result = jsNaN(exec);
+        thisDateObj->setInternalValue(result);
+        return result;
+    }
+            
+    t.year = (year > 99 || year < 0) ? year - 1900 : year;
+    JSValue result = jsNumber(exec, gregorianDateTimeToMS(t, ms, utc));
+    thisDateObj->setInternalValue(result);
+    return result;
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncGetYear(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&DateInstance::info))
+        return throwError(exec, TypeError);
+
+    const bool utc = false;
+
+    DateInstance* thisDateObj = asDateInstance(thisValue); 
+    double milli = thisDateObj->internalNumber();
+    if (isnan(milli))
+        return jsNaN(exec);
+
+    GregorianDateTime t;
+    thisDateObj->msToGregorianDateTime(milli, utc, t);
+
+    // NOTE: IE returns the full year even in getYear.
+    return jsNumber(exec, t.year);
+}
+
+JSValue JSC_HOST_CALL dateProtoFuncToJSON(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSObject* object = thisValue.toThisObject(exec);
+    if (exec->hadException())
+        return jsNull();
+    
+    JSValue toISOValue = object->get(exec, exec->globalData().propertyNames->toISOString);
+    if (exec->hadException())
+        return jsNull();
+
+    CallData callData;
+    CallType callType = toISOValue.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError, "toISOString is not a function");
+
+    JSValue result = call(exec, asObject(toISOValue), callType, callData, object, exec->emptyList());
+    if (exec->hadException())
+        return jsNull();
+    if (result.isObject())
+        return throwError(exec, TypeError, "toISOString did not return a primitive value");
+    return result;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.h
new file mode 100644
index 000000000..12fabdad2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/DatePrototype.h
@@ -0,0 +1,48 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef DatePrototype_h
+#define DatePrototype_h
+
+#include "DateInstance.h"
+
+namespace JSC {
+
+    class ObjectPrototype;
+
+    class DatePrototype : public DateInstance {
+    public:
+        DatePrototype(ExecState*, PassRefPtr<Structure>);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasDefaultGetPropertyNames));
+        }
+    };
+
+} // namespace JSC
+
+#endif // DatePrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.cpp
new file mode 100644
index 000000000..c094b757d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.cpp
@@ -0,0 +1,134 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Eric Seidel (eric@webkit.org)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Error.h"
+
+#include "ConstructData.h"
+#include "ErrorConstructor.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include "JSString.h"
+#include "NativeErrorConstructor.h"
+
+namespace JSC {
+
+const char* expressionBeginOffsetPropertyName = "expressionBeginOffset";
+const char* expressionCaretOffsetPropertyName = "expressionCaretOffset";
+const char* expressionEndOffsetPropertyName = "expressionEndOffset";
+
+JSObject* Error::create(ExecState* exec, ErrorType type, const UString& message, int lineNumber, intptr_t sourceID, const UString& sourceURL)
+{
+    JSObject* constructor;
+    const char* name;
+    switch (type) {
+        case EvalError:
+            constructor = exec->lexicalGlobalObject()->evalErrorConstructor();
+            name = "Evaluation error";
+            break;
+        case RangeError:
+            constructor = exec->lexicalGlobalObject()->rangeErrorConstructor();
+            name = "Range error";
+            break;
+        case ReferenceError:
+            constructor = exec->lexicalGlobalObject()->referenceErrorConstructor();
+            name = "Reference error";
+            break;
+        case SyntaxError:
+            constructor = exec->lexicalGlobalObject()->syntaxErrorConstructor();
+            name = "Syntax error";
+            break;
+        case TypeError:
+            constructor = exec->lexicalGlobalObject()->typeErrorConstructor();
+            name = "Type error";
+            break;
+        case URIError:
+            constructor = exec->lexicalGlobalObject()->URIErrorConstructor();
+            name = "URI error";
+            break;
+        default:
+            constructor = exec->lexicalGlobalObject()->errorConstructor();
+            name = "Error";
+            break;
+    }
+
+    MarkedArgumentBuffer args;
+    if (message.isEmpty())
+        args.append(jsString(exec, name));
+    else
+        args.append(jsString(exec, message));
+    ConstructData constructData;
+    ConstructType constructType = constructor->getConstructData(constructData);
+    JSObject* error = construct(exec, constructor, constructType, constructData, args);
+
+    if (lineNumber != -1)
+        error->putWithAttributes(exec, Identifier(exec, JSC_ERROR_LINENUMBER_PROPERTYNAME), jsNumber(exec, lineNumber), ReadOnly | DontDelete);
+    if (sourceID != -1)
+        error->putWithAttributes(exec, Identifier(exec, "sourceId"), jsNumber(exec, sourceID), ReadOnly | DontDelete);
+    if (!sourceURL.isNull())
+        error->putWithAttributes(exec, Identifier(exec, JSC_ERROR_FILENAME_PROPERTYNAME), jsString(exec, sourceURL), ReadOnly | DontDelete);
+
+    return error;
+}
+
+JSObject* Error::create(ExecState* exec, ErrorType type, const char* message)
+{
+    return create(exec, type, message, -1, -1, NULL);
+}
+
+JSObject* throwError(ExecState* exec, JSObject* error)
+{
+    exec->setException(error);
+    return error;
+}
+
+JSObject* throwError(ExecState* exec, ErrorType type)
+{
+    JSObject* error = Error::create(exec, type, UString(), -1, -1, NULL);
+    exec->setException(error);
+    return error;
+}
+
+JSObject* throwError(ExecState* exec, ErrorType type, const UString& message)
+{
+    JSObject* error = Error::create(exec, type, message, -1, -1, NULL);
+    exec->setException(error);
+    return error;
+}
+
+JSObject* throwError(ExecState* exec, ErrorType type, const char* message)
+{
+    JSObject* error = Error::create(exec, type, message, -1, -1, NULL);
+    exec->setException(error);
+    return error;
+}
+
+JSObject* throwError(ExecState* exec, ErrorType type, const UString& message, int line, intptr_t sourceID, const UString& sourceURL)
+{
+    JSObject* error = Error::create(exec, type, message, line, sourceID, sourceURL);
+    exec->setException(error);
+    return error;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.h
new file mode 100644
index 000000000..d84b81bf4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Error.h
@@ -0,0 +1,74 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Error_h
+#define Error_h
+
+#include <stdint.h>
+
+namespace JSC {
+
+    class ExecState;
+    class JSObject;
+    class UString;
+
+    /**
+     * Types of Native Errors available. For custom errors, GeneralError
+     * should be used.
+     */
+    enum ErrorType {
+        GeneralError   = 0,
+        EvalError      = 1,
+        RangeError     = 2,
+        ReferenceError = 3,
+        SyntaxError    = 4,
+        TypeError      = 5,
+        URIError       = 6
+    };
+    
+    extern const char* expressionBeginOffsetPropertyName;
+    extern const char* expressionCaretOffsetPropertyName;
+    extern const char* expressionEndOffsetPropertyName;
+    
+    class Error {
+    public:
+        static JSObject* create(ExecState*, ErrorType, const UString& message, int lineNumber, intptr_t sourceID, const UString& sourceURL);
+        static JSObject* create(ExecState*, ErrorType, const char* message);
+    };
+
+    JSObject* throwError(ExecState*, ErrorType, const UString& message, int lineNumber, intptr_t sourceID, const UString& sourceURL);
+    JSObject* throwError(ExecState*, ErrorType, const UString& message);
+    JSObject* throwError(ExecState*, ErrorType, const char* message);
+    JSObject* throwError(ExecState*, ErrorType);
+    JSObject* throwError(ExecState*, JSObject*);
+
+#ifdef QT_BUILD_SCRIPT_LIB
+#  define JSC_ERROR_FILENAME_PROPERTYNAME "fileName"
+#  define JSC_ERROR_LINENUMBER_PROPERTYNAME "lineNumber"
+#else
+#  define JSC_ERROR_FILENAME_PROPERTYNAME "sourceURL"
+#  define JSC_ERROR_LINENUMBER_PROPERTYNAME "line"
+#endif
+
+} // namespace JSC
+
+#endif // Error_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.cpp
new file mode 100644
index 000000000..07b7e2338
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.cpp
@@ -0,0 +1,73 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "ErrorConstructor.h"
+
+#include "ErrorPrototype.h"
+#include "JSGlobalObject.h"
+#include "JSString.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ErrorConstructor);
+
+ErrorConstructor::ErrorConstructor(ExecState* exec, PassRefPtr<Structure> structure, ErrorPrototype* errorPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, errorPrototype->classInfo()->className))
+{
+    // ECMA 15.11.3.1 Error.prototype
+    putDirectWithoutTransition(exec->propertyNames().prototype, errorPrototype, DontEnum | DontDelete | ReadOnly);
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), DontDelete | ReadOnly | DontEnum);
+}
+
+// ECMA 15.9.3
+ErrorInstance* constructError(ExecState* exec, const ArgList& args)
+{
+    ErrorInstance* obj = new (exec) ErrorInstance(exec->lexicalGlobalObject()->errorStructure());
+    if (!args.at(0).isUndefined())
+        obj->putDirect(exec->propertyNames().message, jsString(exec, args.at(0).toString(exec)));
+    return obj;
+}
+
+static JSObject* constructWithErrorConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructError(exec, args);
+}
+
+ConstructType ErrorConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithErrorConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.9.2
+static JSValue JSC_HOST_CALL callErrorConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    // "Error()" gives the sames result as "new Error()"
+    return constructError(exec, args);
+}
+
+CallType ErrorConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callErrorConstructor;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.h
new file mode 100644
index 000000000..2dd41244b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorConstructor.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ErrorConstructor_h
+#define ErrorConstructor_h
+
+#include "ErrorInstance.h"
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class ErrorPrototype;
+
+    class ErrorConstructor : public InternalFunction {
+    public:
+        ErrorConstructor(ExecState*, PassRefPtr<Structure>, ErrorPrototype*);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+    ErrorInstance* constructError(ExecState*, const ArgList&);
+
+} // namespace JSC
+
+#endif // ErrorConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.cpp
new file mode 100644
index 000000000..2e2cdce93
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.cpp
@@ -0,0 +1,33 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "ErrorInstance.h"
+
+namespace JSC {
+
+const ClassInfo ErrorInstance::info = { "Error", 0, 0, 0 };
+
+ErrorInstance::ErrorInstance(PassRefPtr<Structure> structure)
+    : JSObject(structure)
+{
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.h
new file mode 100644
index 000000000..6f9d262ea
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorInstance.h
@@ -0,0 +1,38 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ErrorInstance_h
+#define ErrorInstance_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class ErrorInstance : public JSObject {
+    public:
+        explicit ErrorInstance(PassRefPtr<Structure>);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+    };
+
+} // namespace JSC
+
+#endif // ErrorInstance_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.cpp
new file mode 100644
index 000000000..599390ee9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.cpp
@@ -0,0 +1,68 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "ErrorPrototype.h"
+
+#include "JSFunction.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "PrototypeFunction.h"
+#include "UString.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ErrorPrototype);
+
+static JSValue JSC_HOST_CALL errorProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+
+// ECMA 15.9.4
+ErrorPrototype::ErrorPrototype(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+    : ErrorInstance(structure)
+{
+    // The constructor will be added later in ErrorConstructor's constructor
+
+    putDirectWithoutTransition(exec->propertyNames().name, jsNontrivialString(exec, "Error"), DontEnum);
+    putDirectWithoutTransition(exec->propertyNames().message, jsNontrivialString(exec, "Unknown error"), DontEnum);
+
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, errorProtoFuncToString), DontEnum);
+}
+
+JSValue JSC_HOST_CALL errorProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    UString s = "Error";
+
+    JSValue v = thisObj->get(exec, exec->propertyNames().name);
+    if (!v.isUndefined())
+        s = v.toString(exec);
+
+    v = thisObj->get(exec, exec->propertyNames().message);
+    if (!v.isUndefined()) {
+        // Mozilla-compatible format.
+        s += ": ";
+        s += v.toString(exec);
+    }
+
+    return jsNontrivialString(exec, s);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.h
new file mode 100644
index 000000000..53d12d918
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ErrorPrototype.h
@@ -0,0 +1,37 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ErrorPrototype_h
+#define ErrorPrototype_h
+
+#include "ErrorInstance.h"
+
+namespace JSC {
+
+    class ObjectPrototype;
+
+    class ErrorPrototype : public ErrorInstance {
+    public:
+        ErrorPrototype(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+    };
+
+} // namespace JSC
+
+#endif // ErrorPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.cpp
new file mode 100644
index 000000000..cc18b95e9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.cpp
@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ExceptionHelpers.h"
+
+#include "CodeBlock.h"
+#include "CallFrame.h"
+#include "JSGlobalObjectFunctions.h"
+#include "JSObject.h"
+#include "JSNotAnObject.h"
+#include "Interpreter.h"
+#include "Nodes.h"
+
+namespace JSC {
+
+class InterruptedExecutionError : public JSObject {
+public:
+    InterruptedExecutionError(JSGlobalData* globalData)
+        : JSObject(globalData->interruptedExecutionErrorStructure)
+    {
+    }
+
+    virtual bool isWatchdogException() const { return true; }
+
+    virtual UString toString(ExecState*) const { return "JavaScript execution exceeded timeout."; }
+};
+
+JSValue createInterruptedExecutionException(JSGlobalData* globalData)
+{
+    return new (globalData) InterruptedExecutionError(globalData);
+}
+
+static JSValue createError(ExecState* exec, ErrorType e, const char* msg)
+{
+    return Error::create(exec, e, msg, -1, -1, 0);
+}
+
+JSValue createStackOverflowError(ExecState* exec)
+{
+    return createError(exec, RangeError, "Maximum call stack size exceeded.");
+}
+
+JSValue createUndefinedVariableError(ExecState* exec, const Identifier& ident, unsigned bytecodeOffset, CodeBlock* codeBlock)
+{
+    int startOffset = 0;
+    int endOffset = 0;
+    int divotPoint = 0;
+    int line = codeBlock->expressionRangeForBytecodeOffset(exec, bytecodeOffset, divotPoint, startOffset, endOffset);
+    UString message = "Can't find variable: ";
+    message.append(ident.ustring());
+    JSObject* exception = Error::create(exec, ReferenceError, message, line, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());
+    exception->putWithAttributes(exec, Identifier(exec, expressionBeginOffsetPropertyName), jsNumber(exec, divotPoint - startOffset), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionCaretOffsetPropertyName), jsNumber(exec, divotPoint), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionEndOffsetPropertyName), jsNumber(exec, divotPoint + endOffset), ReadOnly | DontDelete);
+    return exception;
+}
+    
+static UString createErrorMessage(ExecState* exec, CodeBlock* codeBlock, int, int expressionStart, int expressionStop, JSValue value, UString error)
+{
+    if (!expressionStop || expressionStart > codeBlock->source()->length()) {
+        UString errorText = value.toString(exec);
+        errorText.append(" is ");
+        errorText.append(error);
+        return errorText;
+    }
+
+    UString errorText = "Result of expression ";
+    
+    if (expressionStart < expressionStop) {
+        errorText.append('\'');
+        errorText.append(codeBlock->source()->getRange(expressionStart, expressionStop));
+        errorText.append("' [");
+        errorText.append(value.toString(exec));
+        errorText.append("] is ");
+    } else {
+        // No range information, so give a few characters of context
+        const UChar* data = codeBlock->source()->data();
+        int dataLength = codeBlock->source()->length();
+        int start = expressionStart;
+        int stop = expressionStart;
+        // Get up to 20 characters of context to the left and right of the divot, clamping to the line.
+        // then strip whitespace.
+        while (start > 0 && (expressionStart - start < 20) && data[start - 1] != '\n')
+            start--;
+        while (start < (expressionStart - 1) && isStrWhiteSpace(data[start]))
+            start++;
+        while (stop < dataLength && (stop - expressionStart < 20) && data[stop] != '\n')
+            stop++;
+        while (stop > expressionStart && isStrWhiteSpace(data[stop]))
+            stop--;
+        errorText.append("near '...");
+        errorText.append(codeBlock->source()->getRange(start, stop));
+        errorText.append("...' [");
+        errorText.append(value.toString(exec));
+        errorText.append("] is ");
+    }
+    errorText.append(error);
+    errorText.append(".");
+    return errorText;
+}
+
+JSObject* createInvalidParamError(ExecState* exec, const char* op, JSValue value, unsigned bytecodeOffset, CodeBlock* codeBlock)
+{
+    UString message = "not a valid argument for '";
+    message.append(op);
+    message.append("'");
+    
+    int startOffset = 0;
+    int endOffset = 0;
+    int divotPoint = 0;
+    int line = codeBlock->expressionRangeForBytecodeOffset(exec, bytecodeOffset, divotPoint, startOffset, endOffset);
+    UString errorMessage = createErrorMessage(exec, codeBlock, line, divotPoint, divotPoint + endOffset, value, message);
+    JSObject* exception = Error::create(exec, TypeError, errorMessage, line, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());
+    exception->putWithAttributes(exec, Identifier(exec, expressionBeginOffsetPropertyName), jsNumber(exec, divotPoint - startOffset), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionCaretOffsetPropertyName), jsNumber(exec, divotPoint), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionEndOffsetPropertyName), jsNumber(exec, divotPoint + endOffset), ReadOnly | DontDelete);
+    return exception;
+}
+
+JSObject* createNotAConstructorError(ExecState* exec, JSValue value, unsigned bytecodeOffset, CodeBlock* codeBlock)
+{
+    int startOffset = 0;
+    int endOffset = 0;
+    int divotPoint = 0;
+    int line = codeBlock->expressionRangeForBytecodeOffset(exec, bytecodeOffset, divotPoint, startOffset, endOffset);
+
+    // We're in a "new" expression, so we need to skip over the "new.." part
+    int startPoint = divotPoint - (startOffset ? startOffset - 4 : 0); // -4 for "new "
+    const UChar* data = codeBlock->source()->data();
+    while (startPoint < divotPoint && isStrWhiteSpace(data[startPoint]))
+        startPoint++;
+    
+    UString errorMessage = createErrorMessage(exec, codeBlock, line, startPoint, divotPoint, value, "not a constructor");
+    JSObject* exception = Error::create(exec, TypeError, errorMessage, line, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());
+    exception->putWithAttributes(exec, Identifier(exec, expressionBeginOffsetPropertyName), jsNumber(exec, divotPoint - startOffset), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionCaretOffsetPropertyName), jsNumber(exec, divotPoint), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionEndOffsetPropertyName), jsNumber(exec, divotPoint + endOffset), ReadOnly | DontDelete);
+    return exception;
+}
+
+JSValue createNotAFunctionError(ExecState* exec, JSValue value, unsigned bytecodeOffset, CodeBlock* codeBlock)
+{
+    int startOffset = 0;
+    int endOffset = 0;
+    int divotPoint = 0;
+    int line = codeBlock->expressionRangeForBytecodeOffset(exec, bytecodeOffset, divotPoint, startOffset, endOffset);
+    UString errorMessage = createErrorMessage(exec, codeBlock, line, divotPoint - startOffset, divotPoint, value, "not a function");
+    JSObject* exception = Error::create(exec, TypeError, errorMessage, line, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());    
+    exception->putWithAttributes(exec, Identifier(exec, expressionBeginOffsetPropertyName), jsNumber(exec, divotPoint - startOffset), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionCaretOffsetPropertyName), jsNumber(exec, divotPoint), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionEndOffsetPropertyName), jsNumber(exec, divotPoint + endOffset), ReadOnly | DontDelete);
+    return exception;
+}
+
+JSNotAnObjectErrorStub* createNotAnObjectErrorStub(ExecState* exec, bool isNull)
+{
+    return new (exec) JSNotAnObjectErrorStub(exec, isNull);
+}
+
+JSObject* createNotAnObjectError(ExecState* exec, JSNotAnObjectErrorStub* error, unsigned bytecodeOffset, CodeBlock* codeBlock)
+{
+    // Both op_construct and op_instanceof require a use of op_get_by_id to get
+    // the prototype property from an object. The exception messages for exceptions
+    // thrown by these instances op_get_by_id need to reflect this.
+    OpcodeID followingOpcodeID;
+    if (codeBlock->getByIdExceptionInfoForBytecodeOffset(exec, bytecodeOffset, followingOpcodeID)) {
+        ASSERT(followingOpcodeID == op_construct || followingOpcodeID == op_instanceof);
+        if (followingOpcodeID == op_construct)
+            return createNotAConstructorError(exec, error->isNull() ? jsNull() : jsUndefined(), bytecodeOffset, codeBlock);
+        return createInvalidParamError(exec, "instanceof", error->isNull() ? jsNull() : jsUndefined(), bytecodeOffset, codeBlock);
+    }
+
+    int startOffset = 0;
+    int endOffset = 0;
+    int divotPoint = 0;
+    int line = codeBlock->expressionRangeForBytecodeOffset(exec, bytecodeOffset, divotPoint, startOffset, endOffset);
+    UString errorMessage = createErrorMessage(exec, codeBlock, line, divotPoint - startOffset, divotPoint, error->isNull() ? jsNull() : jsUndefined(), "not an object");
+    JSObject* exception = Error::create(exec, TypeError, errorMessage, line, codeBlock->ownerExecutable()->sourceID(), codeBlock->ownerExecutable()->sourceURL());
+    exception->putWithAttributes(exec, Identifier(exec, expressionBeginOffsetPropertyName), jsNumber(exec, divotPoint - startOffset), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionCaretOffsetPropertyName), jsNumber(exec, divotPoint), ReadOnly | DontDelete);
+    exception->putWithAttributes(exec, Identifier(exec, expressionEndOffsetPropertyName), jsNumber(exec, divotPoint + endOffset), ReadOnly | DontDelete);
+    return exception;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.h
new file mode 100644
index 000000000..4c5bec107
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ExceptionHelpers.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ExceptionHelpers_h
+#define ExceptionHelpers_h
+
+
+namespace JSC {
+
+    class CodeBlock;
+    class ExecState;
+    class Identifier;
+    class JSGlobalData;
+    class JSNotAnObjectErrorStub;
+    class JSObject;
+    class JSValue;
+    class Node;
+    struct Instruction;
+    
+    JSValue createInterruptedExecutionException(JSGlobalData*);
+    JSValue createStackOverflowError(ExecState*);
+    JSValue createUndefinedVariableError(ExecState*, const Identifier&, unsigned bytecodeOffset, CodeBlock*);
+    JSNotAnObjectErrorStub* createNotAnObjectErrorStub(ExecState*, bool isNull);
+    JSObject* createInvalidParamError(ExecState*, const char* op, JSValue, unsigned bytecodeOffset, CodeBlock*);
+    JSObject* createNotAConstructorError(ExecState*, JSValue, unsigned bytecodeOffset, CodeBlock*);
+    JSValue createNotAFunctionError(ExecState*, JSValue, unsigned bytecodeOffset, CodeBlock*);
+    JSObject* createNotAnObjectError(ExecState*, JSNotAnObjectErrorStub*, unsigned bytecodeOffset, CodeBlock*);
+
+} // namespace JSC
+
+#endif // ExceptionHelpers_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.cpp
new file mode 100644
index 000000000..758674656
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.cpp
@@ -0,0 +1,280 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "Executable.h"
+
+#include "BytecodeGenerator.h"
+#include "CodeBlock.h"
+#include "JIT.h"
+#include "Parser.h"
+#include "Vector.h"
+
+namespace JSC {
+
+#if ENABLE(JIT)
+NativeExecutable::~NativeExecutable()
+{
+}
+#endif
+
+VPtrHackExecutable::~VPtrHackExecutable()
+{
+}
+
+EvalExecutable::~EvalExecutable()
+{
+    delete m_evalCodeBlock;
+}
+
+ProgramExecutable::~ProgramExecutable()
+{
+    delete m_programCodeBlock;
+}
+
+FunctionExecutable::~FunctionExecutable()
+{
+    delete m_codeBlock;
+}
+
+JSObject* EvalExecutable::compile(ExecState* exec, ScopeChainNode* scopeChainNode)
+{
+    int errLine;
+    UString errMsg;
+    RefPtr<EvalNode> evalNode = exec->globalData().parser->parse<EvalNode>(&exec->globalData(), exec->lexicalGlobalObject()->debugger(), exec, m_source, &errLine, &errMsg);
+    if (!evalNode)
+        return Error::create(exec, SyntaxError, errMsg, errLine, m_source.provider()->asID(), m_source.provider()->url());
+    recordParse(evalNode->features(), evalNode->lineNo(), evalNode->lastLine());
+
+    ScopeChain scopeChain(scopeChainNode);
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+
+    ASSERT(!m_evalCodeBlock);
+    m_evalCodeBlock = new EvalCodeBlock(this, globalObject, source().provider(), scopeChain.localDepth());
+    OwnPtr<BytecodeGenerator> generator(new BytecodeGenerator(evalNode.get(), globalObject->debugger(), scopeChain, m_evalCodeBlock->symbolTable(), m_evalCodeBlock));
+    generator->generate();
+    
+    evalNode->destroyData();
+    return 0;
+}
+
+JSObject* ProgramExecutable::checkSyntax(ExecState* exec)
+{
+    int errLine;
+    UString errMsg;
+    RefPtr<ProgramNode> programNode = exec->globalData().parser->parse<ProgramNode>(&exec->globalData(), exec->lexicalGlobalObject()->debugger(), exec, m_source, &errLine, &errMsg);
+    if (!programNode)
+        return Error::create(exec, SyntaxError, errMsg, errLine, m_source.provider()->asID(), m_source.provider()->url());
+    return 0;
+}
+
+JSObject* ProgramExecutable::compile(ExecState* exec, ScopeChainNode* scopeChainNode)
+{
+    int errLine;
+    UString errMsg;
+    RefPtr<ProgramNode> programNode = exec->globalData().parser->parse<ProgramNode>(&exec->globalData(), exec->lexicalGlobalObject()->debugger(), exec, m_source, &errLine, &errMsg);
+    if (!programNode)
+        return Error::create(exec, SyntaxError, errMsg, errLine, m_source.provider()->asID(), m_source.provider()->url());
+    recordParse(programNode->features(), programNode->lineNo(), programNode->lastLine());
+
+    ScopeChain scopeChain(scopeChainNode);
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+    
+    ASSERT(!m_programCodeBlock);
+    m_programCodeBlock = new ProgramCodeBlock(this, GlobalCode, globalObject, source().provider());
+    OwnPtr<BytecodeGenerator> generator(new BytecodeGenerator(programNode.get(), globalObject->debugger(), scopeChain, &globalObject->symbolTable(), m_programCodeBlock));
+    generator->generate();
+
+    programNode->destroyData();
+    return 0;
+}
+
+void FunctionExecutable::compile(ExecState*, ScopeChainNode* scopeChainNode)
+{
+    JSGlobalData* globalData = scopeChainNode->globalData;
+    RefPtr<FunctionBodyNode> body = globalData->parser->parse<FunctionBodyNode>(globalData, 0, 0, m_source);
+    if (m_forceUsesArguments)
+        body->setUsesArguments();
+    body->finishParsing(m_parameters, m_name);
+    recordParse(body->features(), body->lineNo(), body->lastLine());
+
+    ScopeChain scopeChain(scopeChainNode);
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+
+    ASSERT(!m_codeBlock);
+    m_codeBlock = new FunctionCodeBlock(this, FunctionCode, source().provider(), source().startOffset());
+    OwnPtr<BytecodeGenerator> generator(new BytecodeGenerator(body.get(), globalObject->debugger(), scopeChain, m_codeBlock->symbolTable(), m_codeBlock));
+    generator->generate();
+    m_numParameters = m_codeBlock->m_numParameters;
+    ASSERT(m_numParameters);
+    m_numVariables = m_codeBlock->m_numVars;
+
+    body->destroyData();
+}
+
+#if ENABLE(JIT)
+
+void EvalExecutable::generateJITCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+{
+    CodeBlock* codeBlock = &bytecode(exec, scopeChainNode);
+    m_jitCode = JIT::compile(scopeChainNode->globalData, codeBlock);
+
+#if !ENABLE(OPCODE_SAMPLING)
+    if (!BytecodeGenerator::dumpsGeneratedCode())
+        codeBlock->discardBytecode();
+#endif
+}
+
+void ProgramExecutable::generateJITCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+{
+    CodeBlock* codeBlock = &bytecode(exec, scopeChainNode);
+    m_jitCode = JIT::compile(scopeChainNode->globalData, codeBlock);
+
+#if !ENABLE(OPCODE_SAMPLING)
+    if (!BytecodeGenerator::dumpsGeneratedCode())
+        codeBlock->discardBytecode();
+#endif
+}
+
+void FunctionExecutable::generateJITCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+{
+    CodeBlock* codeBlock = &bytecode(exec, scopeChainNode);
+    m_jitCode = JIT::compile(scopeChainNode->globalData, codeBlock);
+
+#if !ENABLE(OPCODE_SAMPLING)
+    if (!BytecodeGenerator::dumpsGeneratedCode())
+        codeBlock->discardBytecode();
+#endif
+}
+
+#endif
+
+void FunctionExecutable::markAggregate(MarkStack& markStack)
+{
+    if (m_codeBlock)
+        m_codeBlock->markAggregate(markStack);
+}
+
+ExceptionInfo* FunctionExecutable::reparseExceptionInfo(JSGlobalData* globalData, ScopeChainNode* scopeChainNode, CodeBlock* codeBlock)
+{
+    RefPtr<FunctionBodyNode> newFunctionBody = globalData->parser->parse<FunctionBodyNode>(globalData, 0, 0, m_source);
+    if (m_forceUsesArguments)
+        newFunctionBody->setUsesArguments();
+    newFunctionBody->finishParsing(m_parameters, m_name);
+
+    ScopeChain scopeChain(scopeChainNode);
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+
+    OwnPtr<CodeBlock> newCodeBlock(new FunctionCodeBlock(this, FunctionCode, source().provider(), source().startOffset()));
+    globalData->functionCodeBlockBeingReparsed = newCodeBlock.get();
+
+    OwnPtr<BytecodeGenerator> generator(new BytecodeGenerator(newFunctionBody.get(), globalObject->debugger(), scopeChain, newCodeBlock->symbolTable(), newCodeBlock.get()));
+    generator->setRegeneratingForExceptionInfo(static_cast<FunctionCodeBlock*>(codeBlock));
+    generator->generate();
+
+    ASSERT(newCodeBlock->instructionCount() == codeBlock->instructionCount());
+
+#if ENABLE(JIT)
+    JITCode newJITCode = JIT::compile(globalData, newCodeBlock.get());
+    ASSERT(newJITCode.size() == generatedJITCode().size());
+#endif
+
+    globalData->functionCodeBlockBeingReparsed = 0;
+
+    return newCodeBlock->extractExceptionInfo();
+}
+
+ExceptionInfo* EvalExecutable::reparseExceptionInfo(JSGlobalData* globalData, ScopeChainNode* scopeChainNode, CodeBlock* codeBlock)
+{
+    RefPtr<EvalNode> newEvalBody = globalData->parser->parse<EvalNode>(globalData, 0, 0, m_source);
+
+    ScopeChain scopeChain(scopeChainNode);
+    JSGlobalObject* globalObject = scopeChain.globalObject();
+
+    OwnPtr<EvalCodeBlock> newCodeBlock(new EvalCodeBlock(this, globalObject, source().provider(), scopeChain.localDepth()));
+
+    OwnPtr<BytecodeGenerator> generator(new BytecodeGenerator(newEvalBody.get(), globalObject->debugger(), scopeChain, newCodeBlock->symbolTable(), newCodeBlock.get()));
+    generator->setRegeneratingForExceptionInfo(static_cast<EvalCodeBlock*>(codeBlock));
+    generator->generate();
+
+    ASSERT(newCodeBlock->instructionCount() == codeBlock->instructionCount());
+
+#if ENABLE(JIT)
+    JITCode newJITCode = JIT::compile(globalData, newCodeBlock.get());
+    ASSERT(newJITCode.size() == generatedJITCode().size());
+#endif
+
+    return newCodeBlock->extractExceptionInfo();
+}
+
+void FunctionExecutable::recompile(ExecState*)
+{
+    delete m_codeBlock;
+    m_codeBlock = 0;
+    m_numParameters = NUM_PARAMETERS_NOT_COMPILED;
+#if ENABLE(JIT)
+    m_jitCode = JITCode();
+#endif
+}
+
+PassRefPtr<FunctionExecutable> FunctionExecutable::fromGlobalCode(const Identifier& functionName, ExecState* exec, Debugger* debugger, const SourceCode& source, int* errLine, UString* errMsg)
+{
+    RefPtr<ProgramNode> program = exec->globalData().parser->parse<ProgramNode>(&exec->globalData(), debugger, exec, source, errLine, errMsg);
+    if (!program)
+        return 0;
+
+    StatementNode* exprStatement = program->singleStatement();
+    ASSERT(exprStatement);
+    ASSERT(exprStatement->isExprStatement());
+    if (!exprStatement || !exprStatement->isExprStatement())
+        return 0;
+
+    ExpressionNode* funcExpr = static_cast<ExprStatementNode*>(exprStatement)->expr();
+    ASSERT(funcExpr);
+    ASSERT(funcExpr->isFuncExprNode());
+    if (!funcExpr || !funcExpr->isFuncExprNode())
+        return 0;
+
+    FunctionBodyNode* body = static_cast<FuncExprNode*>(funcExpr)->body();
+    ASSERT(body);
+    return FunctionExecutable::create(&exec->globalData(), functionName, body->source(), body->usesArguments(), body->parameters(), body->lineNo(), body->lastLine());
+}
+
+UString FunctionExecutable::paramString() const
+{
+    FunctionParameters& parameters = *m_parameters;
+    UString s("");
+    for (size_t pos = 0; pos < parameters.size(); ++pos) {
+        if (!s.isEmpty())
+            s += ", ";
+        s += parameters[pos].ustring();
+    }
+
+    return s;
+}
+
+};
+
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.h
new file mode 100644
index 000000000..76764f9da
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Executable.h
@@ -0,0 +1,353 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef Executable_h
+#define Executable_h
+
+#include "JSFunction.h"
+#include "Interpreter.h"
+#include "Nodes.h"
+#include "SamplingTool.h"
+
+namespace JSC {
+
+    class CodeBlock;
+    class Debugger;
+    class EvalCodeBlock;
+    class ProgramCodeBlock;
+    class ScopeChainNode;
+
+    struct ExceptionInfo;
+
+    class ExecutableBase : public RefCounted<ExecutableBase> {
+        friend class JIT;
+
+    protected:
+        static const int NUM_PARAMETERS_IS_HOST = 0;
+        static const int NUM_PARAMETERS_NOT_COMPILED = -1;
+    
+    public:
+        ExecutableBase(int numParameters)
+            : m_numParameters(numParameters)
+        {
+        }
+
+        virtual ~ExecutableBase() {}
+
+        bool isHostFunction() const { return m_numParameters == NUM_PARAMETERS_IS_HOST; }
+
+    protected:
+        int m_numParameters;
+
+#if ENABLE(JIT)
+    public:
+        JITCode& generatedJITCode()
+        {
+            ASSERT(m_jitCode);
+            return m_jitCode;
+        }
+
+        ExecutablePool* getExecutablePool()
+        {
+            return m_jitCode.getExecutablePool();
+        }
+
+    protected:
+        JITCode m_jitCode;
+#endif
+    };
+
+#if ENABLE(JIT)
+    class NativeExecutable : public ExecutableBase {
+    public:
+        NativeExecutable(ExecState* exec)
+            : ExecutableBase(NUM_PARAMETERS_IS_HOST)
+        {
+            m_jitCode = JITCode(JITCode::HostFunction(exec->globalData().jitStubs.ctiNativeCallThunk()));
+        }
+
+        ~NativeExecutable();
+    };
+#endif
+
+    class VPtrHackExecutable : public ExecutableBase {
+    public:
+        VPtrHackExecutable()
+            : ExecutableBase(NUM_PARAMETERS_IS_HOST)
+        {
+        }
+
+        ~VPtrHackExecutable();
+    };
+
+    class ScriptExecutable : public ExecutableBase {
+    public:
+        ScriptExecutable(JSGlobalData* globalData, const SourceCode& source)
+            : ExecutableBase(NUM_PARAMETERS_NOT_COMPILED)
+            , m_source(source)
+            , m_features(0)
+        {
+#if ENABLE(CODEBLOCK_SAMPLING)
+            if (SamplingTool* sampler = globalData->interpreter->sampler())
+                sampler->notifyOfScope(this);
+#else
+            UNUSED_PARAM(globalData);
+#endif
+        }
+
+        ScriptExecutable(ExecState* exec, const SourceCode& source)
+            : ExecutableBase(NUM_PARAMETERS_NOT_COMPILED)
+            , m_source(source)
+            , m_features(0)
+        {
+#if ENABLE(CODEBLOCK_SAMPLING)
+            if (SamplingTool* sampler = exec->globalData().interpreter->sampler())
+                sampler->notifyOfScope(this);
+#else
+            UNUSED_PARAM(exec);
+#endif
+        }
+
+        const SourceCode& source() { return m_source; }
+        intptr_t sourceID() const { return m_source.provider()->asID(); }
+        const UString& sourceURL() const { return m_source.provider()->url(); }
+        int lineNo() const { return m_firstLine; }
+        int lastLine() const { return m_lastLine; }
+
+        bool usesEval() const { return m_features & EvalFeature; }
+        bool usesArguments() const { return m_features & ArgumentsFeature; }
+        bool needsActivation() const { return m_features & (EvalFeature | ClosureFeature | WithFeature | CatchFeature); }
+
+        virtual ExceptionInfo* reparseExceptionInfo(JSGlobalData*, ScopeChainNode*, CodeBlock*) = 0;
+
+    protected:
+        void recordParse(CodeFeatures features, int firstLine, int lastLine)
+        {
+            m_features = features;
+            m_firstLine = firstLine;
+            m_lastLine = lastLine;
+        }
+
+        SourceCode m_source;
+        CodeFeatures m_features;
+        int m_firstLine;
+        int m_lastLine;
+    };
+
+    class EvalExecutable : public ScriptExecutable {
+    public:
+        EvalExecutable(ExecState* exec, const SourceCode& source)
+            : ScriptExecutable(exec, source)
+            , m_evalCodeBlock(0)
+        {
+        }
+
+        ~EvalExecutable();
+
+        EvalCodeBlock& bytecode(ExecState* exec, ScopeChainNode* scopeChainNode)
+        {
+            if (!m_evalCodeBlock) {
+                JSObject* error = compile(exec, scopeChainNode);
+                ASSERT_UNUSED(!error, error);
+            }
+            return *m_evalCodeBlock;
+        }
+
+        JSObject* compile(ExecState*, ScopeChainNode*);
+
+        ExceptionInfo* reparseExceptionInfo(JSGlobalData*, ScopeChainNode*, CodeBlock*);
+        static PassRefPtr<EvalExecutable> create(ExecState* exec, const SourceCode& source) { return adoptRef(new EvalExecutable(exec, source)); }
+
+    private:
+        EvalCodeBlock* m_evalCodeBlock;
+
+#if ENABLE(JIT)
+    public:
+        JITCode& jitCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+        {
+            if (!m_jitCode)
+                generateJITCode(exec, scopeChainNode);
+            return m_jitCode;
+        }
+
+    private:
+        void generateJITCode(ExecState*, ScopeChainNode*);
+#endif
+    };
+
+    class ProgramExecutable : public ScriptExecutable {
+    public:
+        ProgramExecutable(ExecState* exec, const SourceCode& source)
+            : ScriptExecutable(exec, source)
+            , m_programCodeBlock(0)
+        {
+        }
+        
+        ~ProgramExecutable();
+
+        ProgramCodeBlock& bytecode(ExecState* exec, ScopeChainNode* scopeChainNode)
+        {
+            if (!m_programCodeBlock) {
+                JSObject* error = compile(exec, scopeChainNode);
+                ASSERT_UNUSED(!error, error);
+            }
+            return *m_programCodeBlock;
+        }
+
+        JSObject* checkSyntax(ExecState*);
+        JSObject* compile(ExecState*, ScopeChainNode*);
+
+        // CodeBlocks for program code are transient and therefore do not gain from from throwing out there exception information.
+        ExceptionInfo* reparseExceptionInfo(JSGlobalData*, ScopeChainNode*, CodeBlock*) { ASSERT_NOT_REACHED(); return 0; }
+
+    private:
+        ProgramCodeBlock* m_programCodeBlock;
+
+#if ENABLE(JIT)
+    public:
+        JITCode& jitCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+        {
+            if (!m_jitCode)
+                generateJITCode(exec, scopeChainNode);
+            return m_jitCode;
+        }
+
+    private:
+        void generateJITCode(ExecState*, ScopeChainNode*);
+#endif
+    };
+
+    class FunctionExecutable : public ScriptExecutable {
+        friend class JIT;
+    public:
+        static PassRefPtr<FunctionExecutable> create(ExecState* exec, const Identifier& name, const SourceCode& source, bool forceUsesArguments, FunctionParameters* parameters, int firstLine, int lastLine)
+        {
+            return adoptRef(new FunctionExecutable(exec, name, source, forceUsesArguments, parameters, firstLine, lastLine));
+        }
+
+        static PassRefPtr<FunctionExecutable> create(JSGlobalData* globalData, const Identifier& name, const SourceCode& source, bool forceUsesArguments, FunctionParameters* parameters, int firstLine, int lastLine)
+        {
+            return adoptRef(new FunctionExecutable(globalData, name, source, forceUsesArguments, parameters, firstLine, lastLine));
+        }
+
+        ~FunctionExecutable();
+
+        JSFunction* make(ExecState* exec, ScopeChainNode* scopeChain)
+        {
+            return new (exec) JSFunction(exec, this, scopeChain);
+        }
+
+        CodeBlock& bytecode(ExecState* exec, ScopeChainNode* scopeChainNode) 
+        {
+            ASSERT(scopeChainNode);
+            if (!m_codeBlock)
+                compile(exec, scopeChainNode);
+            return *m_codeBlock;
+        }
+
+        bool isGenerated() const
+        {
+            return m_codeBlock;
+        }
+
+        CodeBlock& generatedBytecode()
+        {
+            ASSERT(m_codeBlock);
+            return *m_codeBlock;
+        }
+
+        const Identifier& name() { return m_name; }
+        size_t parameterCount() const { return m_parameters->size(); }
+        size_t variableCount() const { return m_numVariables; }
+        UString paramString() const;
+        UString parameterName(int i) const { return (*m_parameters)[i].ustring(); }
+
+        void recompile(ExecState*);
+        ExceptionInfo* reparseExceptionInfo(JSGlobalData*, ScopeChainNode*, CodeBlock*);
+        void markAggregate(MarkStack& markStack);
+        static PassRefPtr<FunctionExecutable> fromGlobalCode(const Identifier&, ExecState*, Debugger*, const SourceCode&, int* errLine = 0, UString* errMsg = 0);
+
+    private:
+        FunctionExecutable(JSGlobalData* globalData, const Identifier& name, const SourceCode& source, bool forceUsesArguments, FunctionParameters* parameters, int firstLine, int lastLine)
+            : ScriptExecutable(globalData, source)
+            , m_forceUsesArguments(forceUsesArguments)
+            , m_parameters(parameters)
+            , m_codeBlock(0)
+            , m_name(name)
+            , m_numVariables(0)
+        {
+            m_firstLine = firstLine;
+            m_lastLine = lastLine;
+        }
+
+        FunctionExecutable(ExecState* exec, const Identifier& name, const SourceCode& source, bool forceUsesArguments, FunctionParameters* parameters, int firstLine, int lastLine)
+            : ScriptExecutable(exec, source)
+            , m_forceUsesArguments(forceUsesArguments)
+            , m_parameters(parameters)
+            , m_codeBlock(0)
+            , m_name(name)
+            , m_numVariables(0)
+        {
+            m_firstLine = firstLine;
+            m_lastLine = lastLine;
+        }
+
+        void compile(ExecState*, ScopeChainNode*);
+
+        bool m_forceUsesArguments;
+        RefPtr<FunctionParameters> m_parameters;
+        CodeBlock* m_codeBlock;
+        Identifier m_name;
+        size_t m_numVariables;
+
+#if ENABLE(JIT)
+    public:
+        JITCode& jitCode(ExecState* exec, ScopeChainNode* scopeChainNode)
+        {
+            if (!m_jitCode)
+                generateJITCode(exec, scopeChainNode);
+            return m_jitCode;
+        }
+
+    private:
+        void generateJITCode(ExecState*, ScopeChainNode*);
+#endif
+    };
+
+    inline FunctionExecutable* JSFunction::jsExecutable() const
+    {
+        ASSERT(!isHostFunctionNonInline());
+        return static_cast<FunctionExecutable*>(m_executable.get());
+    }
+
+    inline bool JSFunction::isHostFunction() const
+    {
+        ASSERT(m_executable);
+        return m_executable->isHostFunction();
+    }
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.cpp
new file mode 100644
index 000000000..d5eb20f3e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.cpp
@@ -0,0 +1,105 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "FunctionConstructor.h"
+
+#include "FunctionPrototype.h"
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "JSString.h"
+#include "Parser.h"
+#include "Debugger.h"
+#include "Lexer.h"
+#include "Nodes.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(FunctionConstructor);
+
+FunctionConstructor::FunctionConstructor(ExecState* exec, PassRefPtr<Structure> structure, FunctionPrototype* functionPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, functionPrototype->classInfo()->className))
+{
+    putDirectWithoutTransition(exec->propertyNames().prototype, functionPrototype, DontEnum | DontDelete | ReadOnly);
+
+    // Number of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontDelete | DontEnum);
+}
+
+static JSObject* constructWithFunctionConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructFunction(exec, args);
+}
+
+ConstructType FunctionConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithFunctionConstructor;
+    return ConstructTypeHost;
+}
+
+static JSValue JSC_HOST_CALL callFunctionConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return constructFunction(exec, args);
+}
+
+// ECMA 15.3.1 The Function Constructor Called as a Function
+CallType FunctionConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callFunctionConstructor;
+    return CallTypeHost;
+}
+
+// ECMA 15.3.2 The Function Constructor
+JSObject* constructFunction(ExecState* exec, const ArgList& args, const Identifier& functionName, const UString& sourceURL, int lineNumber)
+{
+    // Functions need to have a space following the opening { due to for web compatibility
+    // see https://bugs.webkit.org/show_bug.cgi?id=24350
+    // We also need \n before the closing } to handle // comments at the end of the last line
+    UString program;
+    if (args.isEmpty())
+        program = "(function() { \n})";
+    else if (args.size() == 1)
+        program = "(function() { " + args.at(0).toString(exec) + "\n})";
+    else {
+        program = "(function(" + args.at(0).toString(exec);
+        for (size_t i = 1; i < args.size() - 1; i++)
+            program += "," + args.at(i).toString(exec);
+        program += ") { " + args.at(args.size() - 1).toString(exec) + "\n})";
+    }
+
+    int errLine;
+    UString errMsg;
+    SourceCode source = makeSource(program, sourceURL, lineNumber);
+    RefPtr<FunctionExecutable> function = FunctionExecutable::fromGlobalCode(functionName, exec, exec->dynamicGlobalObject()->debugger(), source, &errLine, &errMsg);
+    if (!function)
+        return throwError(exec, SyntaxError, errMsg, errLine, source.provider()->asID(), source.provider()->url());
+
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+    ScopeChain scopeChain(globalObject, globalObject->globalData(), exec->globalThisValue());
+    return new (exec) JSFunction(exec, function, scopeChain.node());
+}
+
+// ECMA 15.3.2 The Function Constructor
+JSObject* constructFunction(ExecState* exec, const ArgList& args)
+{
+    return constructFunction(exec, args, Identifier(exec, "anonymous"), UString(), 1);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.h
new file mode 100644
index 000000000..e8486dc22
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionConstructor.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef FunctionConstructor_h
+#define FunctionConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class FunctionPrototype;
+
+    class FunctionConstructor : public InternalFunction {
+    public:
+        FunctionConstructor(ExecState*, PassRefPtr<Structure>, FunctionPrototype*);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+    JSObject* constructFunction(ExecState*, const ArgList&, const Identifier& functionName, const UString& sourceURL, int lineNumber);
+    JSObject* constructFunction(ExecState*, const ArgList&);
+
+} // namespace JSC
+
+#endif // FunctionConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.cpp
new file mode 100644
index 000000000..1df998dd2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.cpp
@@ -0,0 +1,149 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "FunctionPrototype.h"
+
+#include "Arguments.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "Interpreter.h"
+#include "Lexer.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(FunctionPrototype);
+
+static JSValue JSC_HOST_CALL functionProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionProtoFuncApply(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL functionProtoFuncCall(ExecState*, JSObject*, JSValue, const ArgList&);
+
+FunctionPrototype::FunctionPrototype(ExecState* exec, PassRefPtr<Structure> structure)
+    : InternalFunction(&exec->globalData(), structure, exec->propertyNames().nullIdentifier)
+{
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
+}
+
+void FunctionPrototype::addFunctionProperties(ExecState* exec, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction)
+{
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
+    *applyFunction = new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().apply, functionProtoFuncApply);
+    putDirectFunctionWithoutTransition(exec, *applyFunction, DontEnum);
+    *callFunction = new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().call, functionProtoFuncCall);
+    putDirectFunctionWithoutTransition(exec, *callFunction, DontEnum);
+}
+
+static JSValue JSC_HOST_CALL callFunctionPrototype(ExecState*, JSObject*, JSValue, const ArgList&)
+{
+    return jsUndefined();
+}
+
+// ECMA 15.3.4
+CallType FunctionPrototype::getCallData(CallData& callData)
+{
+    callData.native.function = callFunctionPrototype;
+    return CallTypeHost;
+}
+
+// Functions
+
+// Compatibility hack for the Optimost JavaScript library. (See <rdar://problem/6595040>.)
+static inline void insertSemicolonIfNeeded(UString& functionBody)
+{
+    ASSERT(functionBody[0] == '{');
+    ASSERT(functionBody[functionBody.size() - 1] == '}');
+
+    for (size_t i = functionBody.size() - 2; i > 0; --i) {
+        UChar ch = functionBody[i];
+        if (!Lexer::isWhiteSpace(ch) && !Lexer::isLineTerminator(ch)) {
+            if (ch != ';' && ch != '}')
+                functionBody = functionBody.substr(0, i + 1) + ";" + functionBody.substr(i + 1, functionBody.size() - (i + 1));
+            return;
+        }
+    }
+}
+
+JSValue JSC_HOST_CALL functionProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (thisValue.inherits(&JSFunction::info)) {
+        JSFunction* function = asFunction(thisValue);
+        if (!function->isHostFunction()) {
+            FunctionExecutable* executable = function->jsExecutable();
+            UString sourceString = executable->source().toString();
+            insertSemicolonIfNeeded(sourceString);
+            return jsString(exec, "function " + function->name(&exec->globalData()) + "(" + executable->paramString() + ") " + sourceString);
+        }
+    }
+
+    if (thisValue.inherits(&InternalFunction::info)) {
+        InternalFunction* function = asInternalFunction(thisValue);
+        return jsString(exec, "function " + function->name(&exec->globalData()) + "() {\n    [native code]\n}");
+    }
+
+#ifdef QT_BUILD_SCRIPT_LIB  //same error message as in the old engine, and in mozilla
+    return throwError(exec, TypeError, "Function.prototype.toString called on incompatible object");
+#else
+    return throwError(exec, TypeError);
+#endif
+}
+
+JSValue JSC_HOST_CALL functionProtoFuncApply(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    CallData callData;
+    CallType callType = thisValue.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    JSValue array = args.at(1);
+
+    MarkedArgumentBuffer applyArgs;
+    if (!array.isUndefinedOrNull()) {
+        if (!array.isObject())
+            return throwError(exec, TypeError);
+        if (asObject(array)->classInfo() == &Arguments::info)
+            asArguments(array)->fillArgList(exec, applyArgs);
+        else if (isJSArray(&exec->globalData(), array))
+            asArray(array)->fillArgList(exec, applyArgs);
+        else if (asObject(array)->inherits(&JSArray::info)) {
+            unsigned length = asArray(array)->get(exec, exec->propertyNames().length).toUInt32(exec);
+            for (unsigned i = 0; i < length; ++i)
+                applyArgs.append(asArray(array)->get(exec, i));
+        } else
+            return throwError(exec, TypeError);
+    }
+
+    return call(exec, thisValue, callType, callData, args.at(0), applyArgs);
+}
+
+JSValue JSC_HOST_CALL functionProtoFuncCall(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    CallData callData;
+    CallType callType = thisValue.getCallData(callData);
+    if (callType == CallTypeNone)
+        return throwError(exec, TypeError);
+
+    ArgList callArgs;
+    args.getSlice(1, callArgs);
+    return call(exec, thisValue, callType, callData, args.at(0), callArgs);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.h
new file mode 100644
index 000000000..469191e19
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/FunctionPrototype.h
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef FunctionPrototype_h
+#define FunctionPrototype_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class PrototypeFunction;
+
+    class FunctionPrototype : public InternalFunction {
+    public:
+        FunctionPrototype(ExecState*, PassRefPtr<Structure>);
+        void addFunctionProperties(ExecState*, Structure* prototypeFunctionStructure, NativeFunctionWrapper** callFunction, NativeFunctionWrapper** applyFunction);
+
+        static PassRefPtr<Structure> createStructure(JSValue proto)
+        {
+            return Structure::create(proto, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+
+    private:
+        virtual CallType getCallData(CallData&);
+    };
+
+} // namespace JSC
+
+#endif // FunctionPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.cpp
new file mode 100644
index 000000000..7e54053f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.cpp
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2004, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "GetterSetter.h"
+
+#include "JSObject.h"
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+void GetterSetter::markChildren(MarkStack& markStack)
+{
+    JSCell::markChildren(markStack);
+
+    if (m_getter)
+        markStack.append(m_getter);
+    if (m_setter)
+        markStack.append(m_setter);
+}
+
+bool GetterSetter::isGetterSetter() const
+{
+    return true;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.h
new file mode 100644
index 000000000..73dd85473
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GetterSetter.h
@@ -0,0 +1,73 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef GetterSetter_h
+#define GetterSetter_h
+
+#include "JSCell.h"
+
+#include "CallFrame.h"
+
+namespace JSC {
+
+    class JSObject;
+
+    // This is an internal value object which stores getter and setter functions
+    // for a property.
+    class GetterSetter : public JSCell {
+    public:
+        GetterSetter(ExecState* exec)
+            : JSCell(exec->globalData().getterSetterStructure.get())
+            , m_getter(0)
+            , m_setter(0)
+        {
+        }
+
+        virtual void markChildren(MarkStack&);
+
+        JSObject* getter() const { return m_getter; }
+        void setGetter(JSObject* getter) { m_getter = getter; }
+        JSObject* setter() const { return m_setter; }
+        void setSetter(JSObject* setter) { m_setter = setter; }
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(GetterSetterType));
+        }
+    private:
+        virtual bool isGetterSetter() const;
+
+        JSObject* m_getter;
+        JSObject* m_setter;  
+    };
+
+    GetterSetter* asGetterSetter(JSValue);
+
+    inline GetterSetter* asGetterSetter(JSValue value)
+    {
+        ASSERT(asCell(value)->isGetterSetter());
+        return static_cast<GetterSetter*>(asCell(value));
+    }
+
+
+} // namespace JSC
+
+#endif // GetterSetter_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.cpp
new file mode 100644
index 000000000..3074f95e3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.cpp
@@ -0,0 +1,48 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "GlobalEvalFunction.h"
+
+#include "JSGlobalObject.h"
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(GlobalEvalFunction);
+
+GlobalEvalFunction::GlobalEvalFunction(ExecState* exec, PassRefPtr<Structure> structure, int len, const Identifier& name, NativeFunction function, JSGlobalObject* cachedGlobalObject)
+    : PrototypeFunction(exec, structure, len, name, function)
+    , m_cachedGlobalObject(cachedGlobalObject)
+{
+    ASSERT_ARG(cachedGlobalObject, cachedGlobalObject);
+}
+
+void GlobalEvalFunction::markChildren(MarkStack& markStack)
+{
+    PrototypeFunction::markChildren(markStack);
+    markStack.append(m_cachedGlobalObject);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.h
new file mode 100644
index 000000000..c56b0dcc2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/GlobalEvalFunction.h
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef GlobalEvalFunction_h
+#define GlobalEvalFunction_h
+
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+    class JSGlobalObject;
+
+    class GlobalEvalFunction : public PrototypeFunction {
+    public:
+        GlobalEvalFunction(ExecState*, PassRefPtr<Structure>, int len, const Identifier&, NativeFunction, JSGlobalObject* expectedThisObject);
+        JSGlobalObject* cachedGlobalObject() const { return m_cachedGlobalObject; }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype) 
+        { 
+            return Structure::create(prototype, TypeInfo(ObjectType, ImplementsHasInstance | HasStandardGetOwnPropertySlot));
+        }
+
+    private:
+        virtual void markChildren(MarkStack&);
+
+        JSGlobalObject* m_cachedGlobalObject;
+    };
+
+} // namespace JSC
+
+#endif // GlobalEvalFunction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.cpp
new file mode 100644
index 000000000..7db723b82
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.cpp
@@ -0,0 +1,268 @@
+/*
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Identifier.h"
+
+#include "CallFrame.h"
+#include <new> // for placement new
+#include <string.h> // for strlen
+#include <wtf/Assertions.h>
+#include <wtf/FastMalloc.h>
+#include <wtf/HashSet.h>
+
+namespace JSC {
+
+typedef HashMap<const char*, RefPtr<UString::Rep>, PtrHash<const char*> > LiteralIdentifierTable;
+
+class IdentifierTable : public FastAllocBase {
+public:
+    ~IdentifierTable()
+    {
+        HashSet<UString::Rep*>::iterator end = m_table.end();
+        for (HashSet<UString::Rep*>::iterator iter = m_table.begin(); iter != end; ++iter)
+            (*iter)->setIdentifierTable(0);
+    }
+    
+    std::pair<HashSet<UString::Rep*>::iterator, bool> add(UString::Rep* value)
+    {
+        std::pair<HashSet<UString::Rep*>::iterator, bool> result = m_table.add(value);
+        (*result.first)->setIdentifierTable(this);
+        return result;
+    }
+
+    template<typename U, typename V>
+    std::pair<HashSet<UString::Rep*>::iterator, bool> add(U value)
+    {
+        std::pair<HashSet<UString::Rep*>::iterator, bool> result = m_table.add<U, V>(value);
+        (*result.first)->setIdentifierTable(this);
+        return result;
+    }
+
+    void remove(UString::Rep* r) { m_table.remove(r); }
+
+    LiteralIdentifierTable& literalTable() { return m_literalTable; }
+
+private:
+    HashSet<UString::Rep*> m_table;
+    LiteralIdentifierTable m_literalTable;
+};
+
+IdentifierTable* createIdentifierTable()
+{
+    return new IdentifierTable;
+}
+
+void deleteIdentifierTable(IdentifierTable* table)
+{
+    delete table;
+}
+
+bool Identifier::equal(const UString::Rep* r, const char* s)
+{
+    int length = r->len;
+    const UChar* d = r->data();
+    for (int i = 0; i != length; ++i)
+        if (d[i] != (unsigned char)s[i])
+            return false;
+    return s[length] == 0;
+}
+
+bool Identifier::equal(const UString::Rep* r, const UChar* s, int length)
+{
+    if (r->len != length)
+        return false;
+    const UChar* d = r->data();
+    for (int i = 0; i != length; ++i)
+        if (d[i] != s[i])
+            return false;
+    return true;
+}
+
+struct CStringTranslator {
+    static unsigned hash(const char* c)
+    {
+        return UString::Rep::computeHash(c);
+    }
+
+    static bool equal(UString::Rep* r, const char* s)
+    {
+        return Identifier::equal(r, s);
+    }
+
+    static void translate(UString::Rep*& location, const char* c, unsigned hash)
+    {
+        size_t length = strlen(c);
+        UChar* d = static_cast<UChar*>(fastMalloc(sizeof(UChar) * length));
+        for (size_t i = 0; i != length; i++)
+            d[i] = static_cast<unsigned char>(c[i]); // use unsigned char to zero-extend instead of sign-extend
+        
+        UString::Rep* r = UString::Rep::create(d, static_cast<int>(length)).releaseRef();
+        r->_hash = hash;
+
+        location = r;
+    }
+};
+
+PassRefPtr<UString::Rep> Identifier::add(JSGlobalData* globalData, const char* c)
+{
+    if (!c) {
+        UString::Rep::null().hash();
+        return &UString::Rep::null();
+    }
+    if (!c[0]) {
+        UString::Rep::empty().hash();
+        return &UString::Rep::empty();
+    }
+    if (!c[1])
+        return add(globalData, globalData->smallStrings.singleCharacterStringRep(static_cast<unsigned char>(c[0])));
+
+    IdentifierTable& identifierTable = *globalData->identifierTable;
+    LiteralIdentifierTable& literalIdentifierTable = identifierTable.literalTable();
+
+    const LiteralIdentifierTable::iterator& iter = literalIdentifierTable.find(c);
+    if (iter != literalIdentifierTable.end())
+        return iter->second;
+
+    pair<HashSet<UString::Rep*>::iterator, bool> addResult = identifierTable.add<const char*, CStringTranslator>(c);
+
+    // If the string is newly-translated, then we need to adopt it.
+    // The boolean in the pair tells us if that is so.
+    RefPtr<UString::Rep> addedString = addResult.second ? adoptRef(*addResult.first) : *addResult.first;
+
+    literalIdentifierTable.add(c, addedString.get());
+
+    return addedString.release();
+}
+
+PassRefPtr<UString::Rep> Identifier::add(ExecState* exec, const char* c)
+{
+    return add(&exec->globalData(), c);
+}
+
+struct UCharBuffer {
+    const UChar* s;
+    unsigned int length;
+};
+
+struct UCharBufferTranslator {
+    static unsigned hash(const UCharBuffer& buf)
+    {
+        return UString::Rep::computeHash(buf.s, buf.length);
+    }
+
+    static bool equal(UString::Rep* str, const UCharBuffer& buf)
+    {
+        return Identifier::equal(str, buf.s, buf.length);
+    }
+
+    static void translate(UString::Rep*& location, const UCharBuffer& buf, unsigned hash)
+    {
+        UChar* d = static_cast<UChar*>(fastMalloc(sizeof(UChar) * buf.length));
+        for (unsigned i = 0; i != buf.length; i++)
+            d[i] = buf.s[i];
+        
+        UString::Rep* r = UString::Rep::create(d, buf.length).releaseRef();
+        r->_hash = hash;
+        
+        location = r; 
+    }
+};
+
+PassRefPtr<UString::Rep> Identifier::add(JSGlobalData* globalData, const UChar* s, int length)
+{
+    if (length == 1) {
+        UChar c = s[0];
+        if (c <= 0xFF)
+            return add(globalData, globalData->smallStrings.singleCharacterStringRep(c));
+    }
+    if (!length) {
+        UString::Rep::empty().hash();
+        return &UString::Rep::empty();
+    }
+    UCharBuffer buf = {s, length}; 
+    pair<HashSet<UString::Rep*>::iterator, bool> addResult = globalData->identifierTable->add<UCharBuffer, UCharBufferTranslator>(buf);
+
+    // If the string is newly-translated, then we need to adopt it.
+    // The boolean in the pair tells us if that is so.
+    return addResult.second ? adoptRef(*addResult.first) : *addResult.first;
+}
+
+PassRefPtr<UString::Rep> Identifier::add(ExecState* exec, const UChar* s, int length)
+{
+    return add(&exec->globalData(), s, length);
+}
+
+PassRefPtr<UString::Rep> Identifier::addSlowCase(JSGlobalData* globalData, UString::Rep* r)
+{
+    ASSERT(!r->identifierTable());
+    if (r->len == 1) {
+        UChar c = r->data()[0];
+        if (c <= 0xFF)
+            r = globalData->smallStrings.singleCharacterStringRep(c);
+            if (r->identifierTable()) {
+#ifndef NDEBUG
+                checkSameIdentifierTable(globalData, r);
+#endif
+                return r;
+            }
+    }
+    if (!r->len) {
+        UString::Rep::empty().hash();
+        return &UString::Rep::empty();
+    }
+    return *globalData->identifierTable->add(r).first;
+}
+
+PassRefPtr<UString::Rep> Identifier::addSlowCase(ExecState* exec, UString::Rep* r)
+{
+    return addSlowCase(&exec->globalData(), r);
+}
+
+void Identifier::remove(UString::Rep* r)
+{
+    r->identifierTable()->remove(r);
+}
+
+#ifndef NDEBUG
+
+void Identifier::checkSameIdentifierTable(ExecState* exec, UString::Rep* rep)
+{
+    ASSERT(rep->identifierTable() == exec->globalData().identifierTable);
+}
+
+void Identifier::checkSameIdentifierTable(JSGlobalData* globalData, UString::Rep* rep)
+{
+    ASSERT(rep->identifierTable() == globalData->identifierTable);
+}
+
+#else
+
+void Identifier::checkSameIdentifierTable(ExecState*, UString::Rep*)
+{
+}
+
+void Identifier::checkSameIdentifierTable(JSGlobalData*, UString::Rep*)
+{
+}
+
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.h
new file mode 100644
index 000000000..2249179cf
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Identifier.h
@@ -0,0 +1,146 @@
+/*
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Identifier_h
+#define Identifier_h
+
+#include "JSGlobalData.h"
+#include "UString.h"
+
+namespace JSC {
+
+    class ExecState;
+
+    class Identifier {
+        friend class Structure;
+    public:
+        Identifier() { }
+
+        Identifier(ExecState* exec, const char* s) : _ustring(add(exec, s)) { } // Only to be used with string literals.
+        Identifier(ExecState* exec, const UChar* s, int length) : _ustring(add(exec, s, length)) { }
+        Identifier(ExecState* exec, UString::Rep* rep) : _ustring(add(exec, rep)) { } 
+        Identifier(ExecState* exec, const UString& s) : _ustring(add(exec, s.rep())) { }
+
+        Identifier(JSGlobalData* globalData, const char* s) : _ustring(add(globalData, s)) { } // Only to be used with string literals.
+        Identifier(JSGlobalData* globalData, const UChar* s, int length) : _ustring(add(globalData, s, length)) { }
+        Identifier(JSGlobalData* globalData, UString::Rep* rep) : _ustring(add(globalData, rep)) { } 
+        Identifier(JSGlobalData* globalData, const UString& s) : _ustring(add(globalData, s.rep())) { }
+
+        // Special constructor for cases where we overwrite an object in place.
+        Identifier(PlacementNewAdoptType) : _ustring(PlacementNewAdopt) { }
+        
+        const UString& ustring() const { return _ustring; }
+        
+        const UChar* data() const { return _ustring.data(); }
+        int size() const { return _ustring.size(); }
+        
+        const char* ascii() const { return _ustring.ascii(); }
+        
+        static Identifier from(ExecState* exec, unsigned y) { return Identifier(exec, UString::from(y)); }
+        static Identifier from(ExecState* exec, int y) { return Identifier(exec, UString::from(y)); }
+        static Identifier from(ExecState* exec, double y) { return Identifier(exec, UString::from(y)); }
+        
+        bool isNull() const { return _ustring.isNull(); }
+        bool isEmpty() const { return _ustring.isEmpty(); }
+        
+        uint32_t toUInt32(bool* ok) const { return _ustring.toUInt32(ok); }
+        uint32_t toUInt32(bool* ok, bool tolerateEmptyString) const { return _ustring.toUInt32(ok, tolerateEmptyString); };
+        uint32_t toStrictUInt32(bool* ok) const { return _ustring.toStrictUInt32(ok); }
+        unsigned toArrayIndex(bool* ok) const { return _ustring.toArrayIndex(ok); }
+        double toDouble() const { return _ustring.toDouble(); }
+        
+        friend bool operator==(const Identifier&, const Identifier&);
+        friend bool operator!=(const Identifier&, const Identifier&);
+
+        friend bool operator==(const Identifier&, const char*);
+        friend bool operator!=(const Identifier&, const char*);
+    
+        static void remove(UString::Rep*);
+
+        static bool equal(const UString::Rep*, const char*);
+        static bool equal(const UString::Rep*, const UChar*, int length);
+        static bool equal(const UString::Rep* a, const UString::Rep* b) { return JSC::equal(a, b); }
+
+        static PassRefPtr<UString::Rep> add(ExecState*, const char*); // Only to be used with string literals.
+        static PassRefPtr<UString::Rep> add(JSGlobalData*, const char*); // Only to be used with string literals.
+
+    private:
+        UString _ustring;
+        
+        static bool equal(const Identifier& a, const Identifier& b) { return a._ustring.rep() == b._ustring.rep(); }
+        static bool equal(const Identifier& a, const char* b) { return equal(a._ustring.rep(), b); }
+
+        static PassRefPtr<UString::Rep> add(ExecState*, const UChar*, int length);
+        static PassRefPtr<UString::Rep> add(JSGlobalData*, const UChar*, int length);
+
+        static PassRefPtr<UString::Rep> add(ExecState* exec, UString::Rep* r)
+        {
+            if (r->identifierTable()) {
+#ifndef NDEBUG
+                checkSameIdentifierTable(exec, r);
+#endif
+                return r;
+            }
+            return addSlowCase(exec, r);
+        }
+        static PassRefPtr<UString::Rep> add(JSGlobalData* globalData, UString::Rep* r)
+        {
+            if (r->identifierTable()) {
+#ifndef NDEBUG
+                checkSameIdentifierTable(globalData, r);
+#endif
+                return r;
+            }
+            return addSlowCase(globalData, r);
+        }
+
+        static PassRefPtr<UString::Rep> addSlowCase(ExecState*, UString::Rep* r);
+        static PassRefPtr<UString::Rep> addSlowCase(JSGlobalData*, UString::Rep* r);
+
+        static void checkSameIdentifierTable(ExecState*, UString::Rep*);
+        static void checkSameIdentifierTable(JSGlobalData*, UString::Rep*);
+    };
+    
+    inline bool operator==(const Identifier& a, const Identifier& b)
+    {
+        return Identifier::equal(a, b);
+    }
+
+    inline bool operator!=(const Identifier& a, const Identifier& b)
+    {
+        return !Identifier::equal(a, b);
+    }
+
+    inline bool operator==(const Identifier& a, const char* b)
+    {
+        return Identifier::equal(a, b);
+    }
+
+    inline bool operator!=(const Identifier& a, const char* b)
+    {
+        return !Identifier::equal(a, b);
+    }
+
+    IdentifierTable* createIdentifierTable();
+    void deleteIdentifierTable(IdentifierTable*);
+
+} // namespace JSC
+
+#endif // Identifier_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.cpp
new file mode 100644
index 000000000..fea89f875
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.cpp
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "InitializeThreading.h"
+
+#include "Collector.h"
+#include "dtoa.h"
+#include "Identifier.h"
+#include "JSGlobalObject.h"
+#include "UString.h"
+#include <wtf/DateMath.h>
+#include <wtf/Threading.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+#if PLATFORM(DARWIN) && ENABLE(JSC_MULTIPLE_THREADS)
+static pthread_once_t initializeThreadingKeyOnce = PTHREAD_ONCE_INIT;
+#endif
+
+static void initializeThreadingOnce()
+{
+    WTF::initializeThreading();
+    initializeUString();
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    s_dtoaP5Mutex = new Mutex;
+    WTF::initializeDates();
+#endif
+}
+
+void initializeThreading()
+{
+#if PLATFORM(DARWIN) && ENABLE(JSC_MULTIPLE_THREADS)
+    pthread_once(&initializeThreadingKeyOnce, initializeThreadingOnce);
+#else
+    static bool initializedThreading = false;
+    if (!initializedThreading) {
+        initializeThreadingOnce();
+        initializedThreading = true;
+    }
+#endif
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.h
new file mode 100644
index 000000000..1a93ccb9b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InitializeThreading.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#ifndef InitializeThreading_h
+#define InitializeThreading_h
+
+namespace JSC {
+
+    // This function must be called from the main thread. It is safe to call it repeatedly.
+    // Darwin is an exception to this rule: it is OK to call this function from any thread, even reentrantly.
+    void initializeThreading();
+
+}
+
+#endif // InitializeThreading_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.cpp
new file mode 100644
index 000000000..b5c957155
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.cpp
@@ -0,0 +1,71 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2004, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "InternalFunction.h"
+
+#include "FunctionPrototype.h"
+#include "JSString.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(InternalFunction);
+
+const ClassInfo InternalFunction::info = { "Function", 0, 0, 0 };
+
+const ClassInfo* InternalFunction::classInfo() const
+{
+    return &info;
+}
+
+InternalFunction::InternalFunction(JSGlobalData* globalData, PassRefPtr<Structure> structure, const Identifier& name)
+    : JSObject(structure)
+{
+    putDirect(globalData->propertyNames->name, jsString(globalData, name.ustring()), DontDelete | ReadOnly | DontEnum);
+}
+
+const UString& InternalFunction::name(JSGlobalData* globalData)
+{
+    return asString(getDirect(globalData->propertyNames->name))->value();
+}
+
+const UString InternalFunction::displayName(JSGlobalData* globalData)
+{
+    JSValue displayName = getDirect(globalData->propertyNames->displayName);
+    
+    if (displayName && isJSString(globalData, displayName))
+        return asString(displayName)->value();
+    
+    return UString::null();
+}
+
+const UString InternalFunction::calculatedDisplayName(JSGlobalData* globalData)
+{
+    const UString explicitName = displayName(globalData);
+    
+    if (!explicitName.isEmpty())
+        return explicitName;
+    
+    return name(globalData);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.h
new file mode 100644
index 000000000..37077f6e4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/InternalFunction.h
@@ -0,0 +1,66 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef InternalFunction_h
+#define InternalFunction_h
+
+#include "JSObject.h"
+#include "Identifier.h"
+
+namespace JSC {
+
+    class FunctionPrototype;
+
+    class InternalFunction : public JSObject {
+    public:
+        virtual const ClassInfo* classInfo() const; 
+        static JS_EXPORTDATA const ClassInfo info;
+
+        const UString& name(JSGlobalData*);
+        const UString displayName(JSGlobalData*);
+        const UString calculatedDisplayName(JSGlobalData*);
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) 
+        { 
+            return Structure::create(proto, TypeInfo(ObjectType, ImplementsHasInstance | HasStandardGetOwnPropertySlot | HasDefaultMark)); 
+        }
+
+    protected:
+        InternalFunction(PassRefPtr<Structure> structure) : JSObject(structure) { }
+        InternalFunction(JSGlobalData*, PassRefPtr<Structure>, const Identifier&);
+
+    private:
+        virtual CallType getCallData(CallData&) = 0;
+    };
+
+    InternalFunction* asInternalFunction(JSValue);
+
+    inline InternalFunction* asInternalFunction(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&InternalFunction::info));
+        return static_cast<InternalFunction*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // InternalFunction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.cpp
new file mode 100644
index 000000000..e83724a1d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.cpp
@@ -0,0 +1,31 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2004, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSAPIValueWrapper.h"
+
+#include "NumberObject.h"
+#include "UString.h"
+
+namespace JSC {
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.h
new file mode 100644
index 000000000..88a849387
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSAPIValueWrapper.h
@@ -0,0 +1,64 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSAPIValueWrapper_h
+#define JSAPIValueWrapper_h
+
+#include <wtf/Platform.h>
+
+#include "JSCell.h"
+#include "CallFrame.h"
+
+namespace JSC {
+
+    class JSAPIValueWrapper : public JSCell {
+        friend JSValue jsAPIValueWrapper(ExecState*, JSValue);
+    public:
+        JSValue value() const { return m_value; }
+
+        virtual bool isAPIValueWrapper() const { return true; }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(CompoundType));
+        }
+
+        
+    private:
+        JSAPIValueWrapper(ExecState* exec, JSValue value)
+            : JSCell(exec->globalData().apiWrapperStructure.get())
+            , m_value(value)
+        {
+            ASSERT(!value.isCell());
+        }
+
+        JSValue m_value;
+    };
+
+    inline JSValue jsAPIValueWrapper(ExecState* exec, JSValue value)
+    {
+        return new (exec) JSAPIValueWrapper(exec, value);
+    }
+
+} // namespace JSC
+
+#endif // JSAPIValueWrapper_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.cpp
new file mode 100644
index 000000000..d989a8925
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.cpp
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#include "config.h"
+#include "JSActivation.h"
+
+#include "Arguments.h"
+#include "Interpreter.h"
+#include "JSFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSActivation);
+
+const ClassInfo JSActivation::info = { "JSActivation", 0, 0, 0 };
+
+JSActivation::JSActivation(CallFrame* callFrame, PassRefPtr<FunctionExecutable> functionExecutable)
+    : Base(callFrame->globalData().activationStructure, new JSActivationData(functionExecutable, callFrame->registers()))
+{
+}
+
+JSActivation::~JSActivation()
+{
+    delete d();
+}
+
+void JSActivation::markChildren(MarkStack& markStack)
+{
+    Base::markChildren(markStack);
+
+    Register* registerArray = d()->registerArray.get();
+    if (!registerArray)
+        return;
+
+    size_t numParametersMinusThis = d()->functionExecutable->parameterCount();
+
+    size_t count = numParametersMinusThis;
+    markStack.appendValues(registerArray, count);
+
+    size_t numVars = d()->functionExecutable->variableCount();
+
+    // Skip the call frame, which sits between the parameters and vars.
+    markStack.appendValues(registerArray + count + RegisterFile::CallFrameHeaderSize, numVars, MayContainNullValues);
+}
+
+bool JSActivation::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (symbolTableGet(propertyName, slot))
+        return true;
+
+    if (JSValue* location = getDirectLocation(propertyName)) {
+        slot.setValueSlot(location);
+        return true;
+    }
+
+    // Only return the built-in arguments object if it wasn't overridden above.
+    if (propertyName == exec->propertyNames().arguments) {
+        slot.setCustom(this, getArgumentsGetter());
+        return true;
+    }
+
+    // We don't call through to JSObject because there's no way to give an 
+    // activation object getter properties or a prototype.
+    ASSERT(!hasGetterSetterProperties());
+    ASSERT(prototype().isNull());
+    return false;
+}
+
+void JSActivation::put(ExecState*, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (symbolTablePut(propertyName, value))
+        return;
+
+    // We don't call through to JSObject because __proto__ and getter/setter 
+    // properties are non-standard extensions that other implementations do not
+    // expose in the activation object.
+    ASSERT(!hasGetterSetterProperties());
+    putDirect(propertyName, value, 0, true, slot);
+}
+
+// FIXME: Make this function honor ReadOnly (const) and DontEnum
+void JSActivation::putWithAttributes(ExecState* exec, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (symbolTablePutWithAttributes(propertyName, value, attributes))
+        return;
+
+    // We don't call through to JSObject because __proto__ and getter/setter 
+    // properties are non-standard extensions that other implementations do not
+    // expose in the activation object.
+    ASSERT(!hasGetterSetterProperties());
+    PutPropertySlot slot;
+    JSObject::putWithAttributes(exec, propertyName, value, attributes, true, slot);
+}
+
+bool JSActivation::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    if (propertyName == exec->propertyNames().arguments)
+        return false;
+
+    return Base::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+JSObject* JSActivation::toThisObject(ExecState* exec) const
+{
+    return exec->globalThisValue();
+}
+
+bool JSActivation::isDynamicScope() const
+{
+    return d()->functionExecutable->usesEval();
+}
+
+JSValue JSActivation::argumentsGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    JSActivation* activation = asActivation(slot.slotBase());
+
+    if (activation->d()->functionExecutable->usesArguments()) {
+        PropertySlot slot;
+        activation->symbolTableGet(exec->propertyNames().arguments, slot);
+        return slot.getValue(exec, exec->propertyNames().arguments);
+    }
+
+    CallFrame* callFrame = CallFrame::create(activation->d()->registers);
+    Arguments* arguments = callFrame->optionalCalleeArguments();
+    if (!arguments) {
+        arguments = new (callFrame) Arguments(callFrame);
+        arguments->copyRegisters();
+        callFrame->setCalleeArguments(arguments);
+    }
+    ASSERT(arguments->inherits(&Arguments::info));
+
+    return arguments;
+}
+
+// These two functions serve the purpose of isolating the common case from a
+// PIC branch.
+
+PropertySlot::GetValueFunc JSActivation::getArgumentsGetter()
+{
+    return argumentsGetter;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.h
new file mode 100644
index 000000000..90815a1ed
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSActivation.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+#ifndef JSActivation_h
+#define JSActivation_h
+
+#include "CodeBlock.h"
+#include "JSVariableObject.h"
+#include "RegisterFile.h"
+#include "SymbolTable.h"
+#include "Nodes.h"
+
+namespace JSC {
+
+    class Arguments;
+    class Register;
+    
+    class JSActivation : public JSVariableObject {
+        typedef JSVariableObject Base;
+    public:
+        JSActivation(CallFrame*, PassRefPtr<FunctionExecutable>);
+        virtual ~JSActivation();
+
+        virtual void markChildren(MarkStack&);
+
+        virtual bool isDynamicScope() const;
+
+        virtual bool isActivationObject() const { return true; }
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+
+        virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
+
+        virtual void putWithAttributes(ExecState*, const Identifier&, JSValue, unsigned attributes);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+
+        virtual JSObject* toThisObject(ExecState*) const;
+
+        void copyRegisters(Arguments* arguments);
+        
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) { return Structure::create(proto, TypeInfo(ObjectType, NeedsThisConversion)); }
+
+    private:
+        struct JSActivationData : public JSVariableObjectData {
+            JSActivationData(PassRefPtr<FunctionExecutable> _functionExecutable, Register* registers)
+                : JSVariableObjectData(_functionExecutable->generatedBytecode().symbolTable(), registers)
+                , functionExecutable(_functionExecutable)
+            {
+                // We have to manually ref and deref the symbol table as JSVariableObjectData
+                // doesn't know about SharedSymbolTable
+                functionExecutable->generatedBytecode().sharedSymbolTable()->ref();
+            }
+            ~JSActivationData()
+            {
+                static_cast<SharedSymbolTable*>(symbolTable)->deref();
+            }
+
+            RefPtr<FunctionExecutable> functionExecutable;
+        };
+        
+        static JSValue argumentsGetter(ExecState*, const Identifier&, const PropertySlot&);
+        NEVER_INLINE PropertySlot::GetValueFunc getArgumentsGetter();
+
+        JSActivationData* d() const { return static_cast<JSActivationData*>(JSVariableObject::d); }
+    };
+
+    JSActivation* asActivation(JSValue);
+
+    inline JSActivation* asActivation(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&JSActivation::info));
+        return static_cast<JSActivation*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // JSActivation_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.cpp
new file mode 100644
index 000000000..9e0ab59b9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.cpp
@@ -0,0 +1,1076 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "JSArray.h"
+
+#include "ArrayPrototype.h"
+#include "CachedCall.h"
+#include "Error.h"
+#include "Executable.h"
+#include "PropertyNameArray.h"
+#include <wtf/AVLTree.h>
+#include <wtf/Assertions.h>
+#include <wtf/OwnPtr.h>
+#include <Operations.h>
+
+#define CHECK_ARRAY_CONSISTENCY 0
+
+using namespace std;
+using namespace WTF;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSArray);
+
+// Overview of JSArray
+//
+// Properties of JSArray objects may be stored in one of three locations:
+//   * The regular JSObject property map.
+//   * A storage vector.
+//   * A sparse map of array entries.
+//
+// Properties with non-numeric identifiers, with identifiers that are not representable
+// as an unsigned integer, or where the value is greater than  MAX_ARRAY_INDEX
+// (specifically, this is only one property - the value 0xFFFFFFFFU as an unsigned 32-bit
+// integer) are not considered array indices and will be stored in the JSObject property map.
+//
+// All properties with a numeric identifer, representable as an unsigned integer i,
+// where (i <= MAX_ARRAY_INDEX), are an array index and will be stored in either the
+// storage vector or the sparse map.  An array index i will be handled in the following
+// fashion:
+//
+//   * Where (i < MIN_SPARSE_ARRAY_INDEX) the value will be stored in the storage vector.
+//   * Where (MIN_SPARSE_ARRAY_INDEX <= i <= MAX_STORAGE_VECTOR_INDEX) the value will either
+//     be stored in the storage vector or in the sparse array, depending on the density of
+//     data that would be stored in the vector (a vector being used where at least
+//     (1 / minDensityMultiplier) of the entries would be populated).
+//   * Where (MAX_STORAGE_VECTOR_INDEX < i <= MAX_ARRAY_INDEX) the value will always be stored
+//     in the sparse array.
+
+// The definition of MAX_STORAGE_VECTOR_LENGTH is dependant on the definition storageSize
+// function below - the MAX_STORAGE_VECTOR_LENGTH limit is defined such that the storage
+// size calculation cannot overflow.  (sizeof(ArrayStorage) - sizeof(JSValue)) +
+// (vectorLength * sizeof(JSValue)) must be <= 0xFFFFFFFFU (which is maximum value of size_t).
+#define MAX_STORAGE_VECTOR_LENGTH static_cast<unsigned>((0xFFFFFFFFU - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue))
+
+// These values have to be macros to be used in max() and min() without introducing
+// a PIC branch in Mach-O binaries, see <rdar://problem/5971391>.
+#define MIN_SPARSE_ARRAY_INDEX 10000U
+#define MAX_STORAGE_VECTOR_INDEX (MAX_STORAGE_VECTOR_LENGTH - 1)
+// 0xFFFFFFFF is a bit weird -- is not an array index even though it's an integer.
+#define MAX_ARRAY_INDEX 0xFFFFFFFEU
+
+// Our policy for when to use a vector and when to use a sparse map.
+// For all array indices under MIN_SPARSE_ARRAY_INDEX, we always use a vector.
+// When indices greater than MIN_SPARSE_ARRAY_INDEX are involved, we use a vector
+// as long as it is 1/8 full. If more sparse than that, we use a map.
+static const unsigned minDensityMultiplier = 8;
+
+const ClassInfo JSArray::info = {"Array", 0, 0, 0};
+
+static inline size_t storageSize(unsigned vectorLength)
+{
+    ASSERT(vectorLength <= MAX_STORAGE_VECTOR_LENGTH);
+
+    // MAX_STORAGE_VECTOR_LENGTH is defined such that provided (vectorLength <= MAX_STORAGE_VECTOR_LENGTH)
+    // - as asserted above - the following calculation cannot overflow.
+    size_t size = (sizeof(ArrayStorage) - sizeof(JSValue)) + (vectorLength * sizeof(JSValue));
+    // Assertion to detect integer overflow in previous calculation (should not be possible, provided that
+    // MAX_STORAGE_VECTOR_LENGTH is correctly defined).
+    ASSERT(((size - (sizeof(ArrayStorage) - sizeof(JSValue))) / sizeof(JSValue) == vectorLength) && (size >= (sizeof(ArrayStorage) - sizeof(JSValue))));
+
+    return size;
+}
+
+static inline unsigned increasedVectorLength(unsigned newLength)
+{
+    ASSERT(newLength <= MAX_STORAGE_VECTOR_LENGTH);
+
+    // Mathematically equivalent to:
+    //   increasedLength = (newLength * 3 + 1) / 2;
+    // or:
+    //   increasedLength = (unsigned)ceil(newLength * 1.5));
+    // This form is not prone to internal overflow.
+    unsigned increasedLength = newLength + (newLength >> 1) + (newLength & 1);
+    ASSERT(increasedLength >= newLength);
+
+    return min(increasedLength, MAX_STORAGE_VECTOR_LENGTH);
+}
+
+static inline bool isDenseEnoughForVector(unsigned length, unsigned numValues)
+{
+    return length / minDensityMultiplier <= numValues;
+}
+
+#if !CHECK_ARRAY_CONSISTENCY
+
+inline void JSArray::checkConsistency(ConsistencyCheckType)
+{
+}
+
+#endif
+
+JSArray::JSArray(PassRefPtr<Structure> structure)
+    : JSObject(structure)
+{
+    unsigned initialCapacity = 0;
+
+    m_storage = static_cast<ArrayStorage*>(fastZeroedMalloc(storageSize(initialCapacity)));
+    m_vectorLength = initialCapacity;
+
+    checkConsistency();
+}
+
+JSArray::JSArray(PassRefPtr<Structure> structure, unsigned initialLength)
+    : JSObject(structure)
+{
+    unsigned initialCapacity = min(initialLength, MIN_SPARSE_ARRAY_INDEX);
+
+    m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    m_storage->m_length = initialLength;
+    m_vectorLength = initialCapacity;
+    m_storage->m_numValuesInVector = 0;
+    m_storage->m_sparseValueMap = 0;
+    m_storage->lazyCreationData = 0;
+
+    JSValue* vector = m_storage->m_vector;
+    for (size_t i = 0; i < initialCapacity; ++i)
+        vector[i] = JSValue();
+
+    checkConsistency();
+
+    Heap::heap(this)->reportExtraMemoryCost(initialCapacity * sizeof(JSValue));
+}
+
+JSArray::JSArray(PassRefPtr<Structure> structure, const ArgList& list)
+    : JSObject(structure)
+{
+    unsigned initialCapacity = list.size();
+
+    m_storage = static_cast<ArrayStorage*>(fastMalloc(storageSize(initialCapacity)));
+    m_storage->m_length = initialCapacity;
+    m_vectorLength = initialCapacity;
+    m_storage->m_numValuesInVector = initialCapacity;
+    m_storage->m_sparseValueMap = 0;
+
+    size_t i = 0;
+    ArgList::const_iterator end = list.end();
+    for (ArgList::const_iterator it = list.begin(); it != end; ++it, ++i)
+        m_storage->m_vector[i] = *it;
+
+    checkConsistency();
+
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(initialCapacity));
+}
+
+JSArray::~JSArray()
+{
+    checkConsistency(DestructorConsistencyCheck);
+
+    delete m_storage->m_sparseValueMap;
+    fastFree(m_storage);
+}
+
+bool JSArray::getOwnPropertySlot(ExecState* exec, unsigned i, PropertySlot& slot)
+{
+    ArrayStorage* storage = m_storage;
+
+    if (i >= storage->m_length) {
+        if (i > MAX_ARRAY_INDEX)
+            return getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
+        return false;
+    }
+
+    if (i < m_vectorLength) {
+        JSValue& valueSlot = storage->m_vector[i];
+        if (valueSlot) {
+            slot.setValueSlot(&valueSlot);
+            return true;
+        }
+    } else if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+        if (i >= MIN_SPARSE_ARRAY_INDEX) {
+            SparseArrayValueMap::iterator it = map->find(i);
+            if (it != map->end()) {
+                slot.setValueSlot(&it->second);
+                return true;
+            }
+        }
+    }
+
+    return JSObject::getOwnPropertySlot(exec, Identifier::from(exec, i), slot);
+}
+
+bool JSArray::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (propertyName == exec->propertyNames().length) {
+        slot.setValue(jsNumber(exec, length()));
+        return true;
+    }
+
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex)
+        return JSArray::getOwnPropertySlot(exec, i, slot);
+
+    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+bool JSArray::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    if (propertyName == exec->propertyNames().length) {
+        descriptor.setDescriptor(jsNumber(exec, length()), DontDelete | DontEnum);
+        return true;
+    }
+    
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex) {
+        if (i >= m_storage->m_length)
+            return false;
+        if (i < m_vectorLength) {
+            JSValue& value = m_storage->m_vector[i];
+            if (value) {
+                descriptor.setDescriptor(value, 0);
+                return true;
+            }
+        } else if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
+            if (i >= MIN_SPARSE_ARRAY_INDEX) {
+                SparseArrayValueMap::iterator it = map->find(i);
+                if (it != map->end()) {
+                    descriptor.setDescriptor(it->second, 0);
+                    return true;
+                }
+            }
+        }
+    }
+    return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+}
+
+// ECMA 15.4.5.1
+void JSArray::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex) {
+        put(exec, i, value);
+        return;
+    }
+
+    if (propertyName == exec->propertyNames().length) {
+        unsigned newLength = value.toUInt32(exec);
+        if (value.toNumber(exec) != static_cast<double>(newLength)) {
+            throwError(exec, RangeError, "Invalid array length.");
+            return;
+        }
+        setLength(newLength);
+        return;
+    }
+
+    JSObject::put(exec, propertyName, value, slot);
+}
+
+void JSArray::put(ExecState* exec, unsigned i, JSValue value)
+{
+    checkConsistency();
+
+    unsigned length = m_storage->m_length;
+    if (i >= length && i <= MAX_ARRAY_INDEX) {
+        length = i + 1;
+        m_storage->m_length = length;
+    }
+
+    if (i < m_vectorLength) {
+        JSValue& valueSlot = m_storage->m_vector[i];
+        if (valueSlot) {
+            valueSlot = value;
+            checkConsistency();
+            return;
+        }
+        valueSlot = value;
+        ++m_storage->m_numValuesInVector;
+        checkConsistency();
+        return;
+    }
+
+    putSlowCase(exec, i, value);
+}
+
+NEVER_INLINE void JSArray::putSlowCase(ExecState* exec, unsigned i, JSValue value)
+{
+    ArrayStorage* storage = m_storage;
+    SparseArrayValueMap* map = storage->m_sparseValueMap;
+
+    if (i >= MIN_SPARSE_ARRAY_INDEX) {
+        if (i > MAX_ARRAY_INDEX) {
+            PutPropertySlot slot;
+            put(exec, Identifier::from(exec, i), value, slot);
+            return;
+        }
+
+        // We miss some cases where we could compact the storage, such as a large array that is being filled from the end
+        // (which will only be compacted as we reach indices that are less than cutoff) - but this makes the check much faster.
+        if ((i > MAX_STORAGE_VECTOR_INDEX) || !isDenseEnoughForVector(i + 1, storage->m_numValuesInVector + 1)) {
+            if (!map) {
+                map = new SparseArrayValueMap;
+                storage->m_sparseValueMap = map;
+            }
+            map->set(i, value);
+            return;
+        }
+    }
+
+    // We have decided that we'll put the new item into the vector.
+    // Fast case is when there is no sparse map, so we can increase the vector size without moving values from it.
+    if (!map || map->isEmpty()) {
+        if (increaseVectorLength(i + 1)) {
+            storage = m_storage;
+            storage->m_vector[i] = value;
+            ++storage->m_numValuesInVector;
+            checkConsistency();
+        } else
+            throwOutOfMemoryError(exec);
+        return;
+    }
+
+    // Decide how many values it would be best to move from the map.
+    unsigned newNumValuesInVector = storage->m_numValuesInVector + 1;
+    unsigned newVectorLength = increasedVectorLength(i + 1);
+    for (unsigned j = max(m_vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
+        newNumValuesInVector += map->contains(j);
+    if (i >= MIN_SPARSE_ARRAY_INDEX)
+        newNumValuesInVector -= map->contains(i);
+    if (isDenseEnoughForVector(newVectorLength, newNumValuesInVector)) {
+        unsigned proposedNewNumValuesInVector = newNumValuesInVector;
+        // If newVectorLength is already the maximum - MAX_STORAGE_VECTOR_LENGTH - then do not attempt to grow any further.
+        while (newVectorLength < MAX_STORAGE_VECTOR_LENGTH) {
+            unsigned proposedNewVectorLength = increasedVectorLength(newVectorLength + 1);
+            for (unsigned j = max(newVectorLength, MIN_SPARSE_ARRAY_INDEX); j < proposedNewVectorLength; ++j)
+                proposedNewNumValuesInVector += map->contains(j);
+            if (!isDenseEnoughForVector(proposedNewVectorLength, proposedNewNumValuesInVector))
+                break;
+            newVectorLength = proposedNewVectorLength;
+            newNumValuesInVector = proposedNewNumValuesInVector;
+        }
+    }
+
+    if (!tryFastRealloc(storage, storageSize(newVectorLength)).getValue(storage)) {
+        throwOutOfMemoryError(exec);
+        return;
+    }
+
+    unsigned vectorLength = m_vectorLength;
+
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
+
+    if (newNumValuesInVector == storage->m_numValuesInVector + 1) {
+        for (unsigned j = vectorLength; j < newVectorLength; ++j)
+            storage->m_vector[j] = JSValue();
+        if (i > MIN_SPARSE_ARRAY_INDEX)
+            map->remove(i);
+    } else {
+        for (unsigned j = vectorLength; j < max(vectorLength, MIN_SPARSE_ARRAY_INDEX); ++j)
+            storage->m_vector[j] = JSValue();
+        for (unsigned j = max(vectorLength, MIN_SPARSE_ARRAY_INDEX); j < newVectorLength; ++j)
+            storage->m_vector[j] = map->take(j);
+    }
+
+    storage->m_vector[i] = value;
+
+    m_vectorLength = newVectorLength;
+    storage->m_numValuesInVector = newNumValuesInVector;
+
+    m_storage = storage;
+
+    checkConsistency();
+}
+
+bool JSArray::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    bool isArrayIndex;
+    unsigned i = propertyName.toArrayIndex(&isArrayIndex);
+    if (isArrayIndex)
+        return deleteProperty(exec, i, checkDontDelete);
+
+    if (propertyName == exec->propertyNames().length)
+        return false;
+
+    return JSObject::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+bool JSArray::deleteProperty(ExecState* exec, unsigned i, bool checkDontDelete)
+{
+    checkConsistency();
+
+    ArrayStorage* storage = m_storage;
+
+    if (i < m_vectorLength) {
+        JSValue& valueSlot = storage->m_vector[i];
+        if (!valueSlot) {
+            checkConsistency();
+            return false;
+        }
+        valueSlot = JSValue();
+        --storage->m_numValuesInVector;
+        checkConsistency();
+        return true;
+    }
+
+    if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+        if (i >= MIN_SPARSE_ARRAY_INDEX) {
+            SparseArrayValueMap::iterator it = map->find(i);
+            if (it != map->end()) {
+                map->remove(it);
+                checkConsistency();
+                return true;
+            }
+        }
+    }
+
+    checkConsistency();
+
+    if (i > MAX_ARRAY_INDEX)
+        return deleteProperty(exec, Identifier::from(exec, i), checkDontDelete);
+
+    return false;
+}
+
+void JSArray::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    // FIXME: Filling PropertyNameArray with an identifier for every integer
+    // is incredibly inefficient for large arrays. We need a different approach,
+    // which almost certainly means a different structure for PropertyNameArray.
+
+    ArrayStorage* storage = m_storage;
+
+    unsigned usedVectorLength = min(storage->m_length, m_vectorLength);
+    for (unsigned i = 0; i < usedVectorLength; ++i) {
+        if (storage->m_vector[i])
+            propertyNames.add(Identifier::from(exec, i));
+    }
+
+    if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+        SparseArrayValueMap::iterator end = map->end();
+        for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
+            propertyNames.add(Identifier::from(exec, it->first));
+    }
+
+    JSObject::getOwnPropertyNames(exec, propertyNames, includeNonEnumerable);
+}
+
+bool JSArray::increaseVectorLength(unsigned newLength)
+{
+    // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
+    // to the vector. Callers have to account for that, because they can do it more efficiently.
+
+    ArrayStorage* storage = m_storage;
+
+    unsigned vectorLength = m_vectorLength;
+    ASSERT(newLength > vectorLength);
+    ASSERT(newLength <= MAX_STORAGE_VECTOR_INDEX);
+    unsigned newVectorLength = increasedVectorLength(newLength);
+
+    if (!tryFastRealloc(storage, storageSize(newVectorLength)).getValue(storage))
+        return false;
+
+    Heap::heap(this)->reportExtraMemoryCost(storageSize(newVectorLength) - storageSize(vectorLength));
+    m_vectorLength = newVectorLength;
+
+    for (unsigned i = vectorLength; i < newVectorLength; ++i)
+        storage->m_vector[i] = JSValue();
+
+    m_storage = storage;
+    return true;
+}
+
+void JSArray::setLength(unsigned newLength)
+{
+    checkConsistency();
+
+    ArrayStorage* storage = m_storage;
+
+    unsigned length = m_storage->m_length;
+
+    if (newLength < length) {
+        unsigned usedVectorLength = min(length, m_vectorLength);
+        for (unsigned i = newLength; i < usedVectorLength; ++i) {
+            JSValue& valueSlot = storage->m_vector[i];
+            bool hadValue = valueSlot;
+            valueSlot = JSValue();
+            storage->m_numValuesInVector -= hadValue;
+        }
+
+        if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+            SparseArrayValueMap copy = *map;
+            SparseArrayValueMap::iterator end = copy.end();
+            for (SparseArrayValueMap::iterator it = copy.begin(); it != end; ++it) {
+                if (it->first >= newLength)
+                    map->remove(it->first);
+            }
+            if (map->isEmpty()) {
+                delete map;
+                storage->m_sparseValueMap = 0;
+            }
+        }
+    }
+
+    m_storage->m_length = newLength;
+
+    checkConsistency();
+}
+
+JSValue JSArray::pop()
+{
+    checkConsistency();
+
+    unsigned length = m_storage->m_length;
+    if (!length)
+        return jsUndefined();
+
+    --length;
+
+    JSValue result;
+
+    if (length < m_vectorLength) {
+        JSValue& valueSlot = m_storage->m_vector[length];
+        if (valueSlot) {
+            --m_storage->m_numValuesInVector;
+            result = valueSlot;
+            valueSlot = JSValue();
+        } else
+            result = jsUndefined();
+    } else {
+        result = jsUndefined();
+        if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
+            SparseArrayValueMap::iterator it = map->find(length);
+            if (it != map->end()) {
+                result = it->second;
+                map->remove(it);
+                if (map->isEmpty()) {
+                    delete map;
+                    m_storage->m_sparseValueMap = 0;
+                }
+            }
+        }
+    }
+
+    m_storage->m_length = length;
+
+    checkConsistency();
+
+    return result;
+}
+
+void JSArray::push(ExecState* exec, JSValue value)
+{
+    checkConsistency();
+
+    if (m_storage->m_length < m_vectorLength) {
+        m_storage->m_vector[m_storage->m_length] = value;
+        ++m_storage->m_numValuesInVector;
+        ++m_storage->m_length;
+        checkConsistency();
+        return;
+    }
+
+    if (m_storage->m_length < MIN_SPARSE_ARRAY_INDEX) {
+        SparseArrayValueMap* map = m_storage->m_sparseValueMap;
+        if (!map || map->isEmpty()) {
+            if (increaseVectorLength(m_storage->m_length + 1)) {
+                m_storage->m_vector[m_storage->m_length] = value;
+                ++m_storage->m_numValuesInVector;
+                ++m_storage->m_length;
+                checkConsistency();
+                return;
+            }
+            checkConsistency();
+            throwOutOfMemoryError(exec);
+            return;
+        }
+    }
+
+    putSlowCase(exec, m_storage->m_length++, value);
+}
+
+void JSArray::markChildren(MarkStack& markStack)
+{
+    markChildrenDirect(markStack);
+}
+
+static int compareNumbersForQSort(const void* a, const void* b)
+{
+    double da = static_cast<const JSValue*>(a)->uncheckedGetNumber();
+    double db = static_cast<const JSValue*>(b)->uncheckedGetNumber();
+    return (da > db) - (da < db);
+}
+
+typedef std::pair<JSValue, UString> ValueStringPair;
+
+static int compareByStringPairForQSort(const void* a, const void* b)
+{
+    const ValueStringPair* va = static_cast<const ValueStringPair*>(a);
+    const ValueStringPair* vb = static_cast<const ValueStringPair*>(b);
+    return compare(va->second, vb->second);
+}
+
+void JSArray::sortNumeric(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
+{
+    unsigned lengthNotIncludingUndefined = compactForSorting();
+    if (m_storage->m_sparseValueMap) {
+        throwOutOfMemoryError(exec);
+        return;
+    }
+
+    if (!lengthNotIncludingUndefined)
+        return;
+        
+    bool allValuesAreNumbers = true;
+    size_t size = m_storage->m_numValuesInVector;
+    for (size_t i = 0; i < size; ++i) {
+        if (!m_storage->m_vector[i].isNumber()) {
+            allValuesAreNumbers = false;
+            break;
+        }
+    }
+
+    if (!allValuesAreNumbers)
+        return sort(exec, compareFunction, callType, callData);
+
+    // For numeric comparison, which is fast, qsort is faster than mergesort. We
+    // also don't require mergesort's stability, since there's no user visible
+    // side-effect from swapping the order of equal primitive values.
+    qsort(m_storage->m_vector, size, sizeof(JSValue), compareNumbersForQSort);
+
+    checkConsistency(SortConsistencyCheck);
+}
+
+void JSArray::sort(ExecState* exec)
+{
+    unsigned lengthNotIncludingUndefined = compactForSorting();
+    if (m_storage->m_sparseValueMap) {
+        throwOutOfMemoryError(exec);
+        return;
+    }
+
+    if (!lengthNotIncludingUndefined)
+        return;
+
+    // Converting JavaScript values to strings can be expensive, so we do it once up front and sort based on that.
+    // This is a considerable improvement over doing it twice per comparison, though it requires a large temporary
+    // buffer. Besides, this protects us from crashing if some objects have custom toString methods that return
+    // random or otherwise changing results, effectively making compare function inconsistent.
+
+    Vector<ValueStringPair> values(lengthNotIncludingUndefined);
+    if (!values.begin()) {
+        throwOutOfMemoryError(exec);
+        return;
+    }
+
+    for (size_t i = 0; i < lengthNotIncludingUndefined; i++) {
+        JSValue value = m_storage->m_vector[i];
+        ASSERT(!value.isUndefined());
+        values[i].first = value;
+    }
+
+    // FIXME: While calling these toString functions, the array could be mutated.
+    // In that case, objects pointed to by values in this vector might get garbage-collected!
+
+    // FIXME: The following loop continues to call toString on subsequent values even after
+    // a toString call raises an exception.
+
+    for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
+        values[i].second = values[i].first.toString(exec);
+
+    if (exec->hadException())
+        return;
+
+    // FIXME: Since we sort by string value, a fast algorithm might be to use a radix sort. That would be O(N) rather
+    // than O(N log N).
+
+#if HAVE(MERGESORT)
+    mergesort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
+#else
+    // FIXME: The qsort library function is likely to not be a stable sort.
+    // ECMAScript-262 does not specify a stable sort, but in practice, browsers perform a stable sort.
+    qsort(values.begin(), values.size(), sizeof(ValueStringPair), compareByStringPairForQSort);
+#endif
+
+    // FIXME: If the toString function changed the length of the array, this might be
+    // modifying the vector incorrectly.
+
+    for (size_t i = 0; i < lengthNotIncludingUndefined; i++)
+        m_storage->m_vector[i] = values[i].first;
+
+    checkConsistency(SortConsistencyCheck);
+}
+
+struct AVLTreeNodeForArrayCompare {
+    JSValue value;
+
+    // Child pointers.  The high bit of gt is robbed and used as the
+    // balance factor sign.  The high bit of lt is robbed and used as
+    // the magnitude of the balance factor.
+    int32_t gt;
+    int32_t lt;
+};
+
+struct AVLTreeAbstractorForArrayCompare {
+    typedef int32_t handle; // Handle is an index into m_nodes vector.
+    typedef JSValue key;
+    typedef int32_t size;
+
+    Vector<AVLTreeNodeForArrayCompare> m_nodes;
+    ExecState* m_exec;
+    JSValue m_compareFunction;
+    CallType m_compareCallType;
+    const CallData* m_compareCallData;
+    JSValue m_globalThisValue;
+    OwnPtr<CachedCall> m_cachedCall;
+
+    handle get_less(handle h) { return m_nodes[h].lt & 0x7FFFFFFF; }
+    void set_less(handle h, handle lh) { m_nodes[h].lt &= 0x80000000; m_nodes[h].lt |= lh; }
+    handle get_greater(handle h) { return m_nodes[h].gt & 0x7FFFFFFF; }
+    void set_greater(handle h, handle gh) { m_nodes[h].gt &= 0x80000000; m_nodes[h].gt |= gh; }
+
+    int get_balance_factor(handle h)
+    {
+        if (m_nodes[h].gt & 0x80000000)
+            return -1;
+        return static_cast<unsigned>(m_nodes[h].lt) >> 31;
+    }
+
+    void set_balance_factor(handle h, int bf)
+    {
+        if (bf == 0) {
+            m_nodes[h].lt &= 0x7FFFFFFF;
+            m_nodes[h].gt &= 0x7FFFFFFF;
+        } else {
+            m_nodes[h].lt |= 0x80000000;
+            if (bf < 0)
+                m_nodes[h].gt |= 0x80000000;
+            else
+                m_nodes[h].gt &= 0x7FFFFFFF;
+        }
+    }
+
+    int compare_key_key(key va, key vb)
+    {
+        ASSERT(!va.isUndefined());
+        ASSERT(!vb.isUndefined());
+
+        if (m_exec->hadException())
+            return 1;
+
+        double compareResult;
+        if (m_cachedCall) {
+            m_cachedCall->setThis(m_globalThisValue);
+            m_cachedCall->setArgument(0, va);
+            m_cachedCall->setArgument(1, vb);
+            compareResult = m_cachedCall->call().toNumber(m_cachedCall->newCallFrame());
+        } else {
+            MarkedArgumentBuffer arguments;
+            arguments.append(va);
+            arguments.append(vb);
+            compareResult = call(m_exec, m_compareFunction, m_compareCallType, *m_compareCallData, m_globalThisValue, arguments).toNumber(m_exec);
+        }
+        return (compareResult < 0) ? -1 : 1; // Not passing equality through, because we need to store all values, even if equivalent.
+    }
+
+    int compare_key_node(key k, handle h) { return compare_key_key(k, m_nodes[h].value); }
+    int compare_node_node(handle h1, handle h2) { return compare_key_key(m_nodes[h1].value, m_nodes[h2].value); }
+
+    static handle null() { return 0x7FFFFFFF; }
+};
+
+void JSArray::sort(ExecState* exec, JSValue compareFunction, CallType callType, const CallData& callData)
+{
+    checkConsistency();
+
+    // FIXME: This ignores exceptions raised in the compare function or in toNumber.
+
+    // The maximum tree depth is compiled in - but the caller is clearly up to no good
+    // if a larger array is passed.
+    ASSERT(m_storage->m_length <= static_cast<unsigned>(std::numeric_limits<int>::max()));
+    if (m_storage->m_length > static_cast<unsigned>(std::numeric_limits<int>::max()))
+        return;
+
+    if (!m_storage->m_length)
+        return;
+
+    unsigned usedVectorLength = min(m_storage->m_length, m_vectorLength);
+
+    AVLTree<AVLTreeAbstractorForArrayCompare, 44> tree; // Depth 44 is enough for 2^31 items
+    tree.abstractor().m_exec = exec;
+    tree.abstractor().m_compareFunction = compareFunction;
+    tree.abstractor().m_compareCallType = callType;
+    tree.abstractor().m_compareCallData = &callData;
+    tree.abstractor().m_globalThisValue = exec->globalThisValue();
+    tree.abstractor().m_nodes.resize(usedVectorLength + (m_storage->m_sparseValueMap ? m_storage->m_sparseValueMap->size() : 0));
+
+    if (callType == CallTypeJS)
+        tree.abstractor().m_cachedCall.set(new CachedCall(exec, asFunction(compareFunction), 2, exec->exceptionSlot()));
+
+    if (!tree.abstractor().m_nodes.begin()) {
+        throwOutOfMemoryError(exec);
+        return;
+    }
+
+    // FIXME: If the compare function modifies the array, the vector, map, etc. could be modified
+    // right out from under us while we're building the tree here.
+
+    unsigned numDefined = 0;
+    unsigned numUndefined = 0;
+
+    // Iterate over the array, ignoring missing values, counting undefined ones, and inserting all other ones into the tree.
+    for (; numDefined < usedVectorLength; ++numDefined) {
+        JSValue v = m_storage->m_vector[numDefined];
+        if (!v || v.isUndefined())
+            break;
+        tree.abstractor().m_nodes[numDefined].value = v;
+        tree.insert(numDefined);
+    }
+    for (unsigned i = numDefined; i < usedVectorLength; ++i) {
+        JSValue v = m_storage->m_vector[i];
+        if (v) {
+            if (v.isUndefined())
+                ++numUndefined;
+            else {
+                tree.abstractor().m_nodes[numDefined].value = v;
+                tree.insert(numDefined);
+                ++numDefined;
+            }
+        }
+    }
+
+    unsigned newUsedVectorLength = numDefined + numUndefined;
+
+    if (SparseArrayValueMap* map = m_storage->m_sparseValueMap) {
+        newUsedVectorLength += map->size();
+        if (newUsedVectorLength > m_vectorLength) {
+            // Check that it is possible to allocate an array large enough to hold all the entries.
+            if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength)) {
+                throwOutOfMemoryError(exec);
+                return;
+            }
+        }
+
+        SparseArrayValueMap::iterator end = map->end();
+        for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it) {
+            tree.abstractor().m_nodes[numDefined].value = it->second;
+            tree.insert(numDefined);
+            ++numDefined;
+        }
+
+        delete map;
+        m_storage->m_sparseValueMap = 0;
+    }
+
+    ASSERT(tree.abstractor().m_nodes.size() >= numDefined);
+
+    // FIXME: If the compare function changed the length of the array, the following might be
+    // modifying the vector incorrectly.
+
+    // Copy the values back into m_storage.
+    AVLTree<AVLTreeAbstractorForArrayCompare, 44>::Iterator iter;
+    iter.start_iter_least(tree);
+    for (unsigned i = 0; i < numDefined; ++i) {
+        m_storage->m_vector[i] = tree.abstractor().m_nodes[*iter].value;
+        ++iter;
+    }
+
+    // Put undefined values back in.
+    for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
+        m_storage->m_vector[i] = jsUndefined();
+
+    // Ensure that unused values in the vector are zeroed out.
+    for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
+        m_storage->m_vector[i] = JSValue();
+
+    m_storage->m_numValuesInVector = newUsedVectorLength;
+
+    checkConsistency(SortConsistencyCheck);
+}
+
+void JSArray::fillArgList(ExecState* exec, MarkedArgumentBuffer& args)
+{
+    JSValue* vector = m_storage->m_vector;
+    unsigned vectorEnd = min(m_storage->m_length, m_vectorLength);
+    unsigned i = 0;
+    for (; i < vectorEnd; ++i) {
+        JSValue& v = vector[i];
+        if (!v)
+            break;
+        args.append(v);
+    }
+
+    for (; i < m_storage->m_length; ++i)
+        args.append(get(exec, i));
+}
+
+void JSArray::copyToRegisters(ExecState* exec, Register* buffer, uint32_t maxSize)
+{
+    ASSERT(m_storage->m_length == maxSize);
+    UNUSED_PARAM(maxSize);
+    JSValue* vector = m_storage->m_vector;
+    unsigned vectorEnd = min(m_storage->m_length, m_vectorLength);
+    unsigned i = 0;
+    for (; i < vectorEnd; ++i) {
+        JSValue& v = vector[i];
+        if (!v)
+            break;
+        buffer[i] = v;
+    }
+
+    for (; i < m_storage->m_length; ++i)
+        buffer[i] = get(exec, i);
+}
+
+unsigned JSArray::compactForSorting()
+{
+    checkConsistency();
+
+    ArrayStorage* storage = m_storage;
+
+    unsigned usedVectorLength = min(m_storage->m_length, m_vectorLength);
+
+    unsigned numDefined = 0;
+    unsigned numUndefined = 0;
+
+    for (; numDefined < usedVectorLength; ++numDefined) {
+        JSValue v = storage->m_vector[numDefined];
+        if (!v || v.isUndefined())
+            break;
+    }
+    for (unsigned i = numDefined; i < usedVectorLength; ++i) {
+        JSValue v = storage->m_vector[i];
+        if (v) {
+            if (v.isUndefined())
+                ++numUndefined;
+            else
+                storage->m_vector[numDefined++] = v;
+        }
+    }
+
+    unsigned newUsedVectorLength = numDefined + numUndefined;
+
+    if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+        newUsedVectorLength += map->size();
+        if (newUsedVectorLength > m_vectorLength) {
+            // Check that it is possible to allocate an array large enough to hold all the entries - if not,
+            // exception is thrown by caller.
+            if ((newUsedVectorLength > MAX_STORAGE_VECTOR_LENGTH) || !increaseVectorLength(newUsedVectorLength))
+                return 0;
+            storage = m_storage;
+        }
+
+        SparseArrayValueMap::iterator end = map->end();
+        for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
+            storage->m_vector[numDefined++] = it->second;
+
+        delete map;
+        storage->m_sparseValueMap = 0;
+    }
+
+    for (unsigned i = numDefined; i < newUsedVectorLength; ++i)
+        storage->m_vector[i] = jsUndefined();
+    for (unsigned i = newUsedVectorLength; i < usedVectorLength; ++i)
+        storage->m_vector[i] = JSValue();
+
+    storage->m_numValuesInVector = newUsedVectorLength;
+
+    checkConsistency(SortConsistencyCheck);
+
+    return numDefined;
+}
+
+void* JSArray::lazyCreationData()
+{
+    return m_storage->lazyCreationData;
+}
+
+void JSArray::setLazyCreationData(void* d)
+{
+    m_storage->lazyCreationData = d;
+}
+
+#if CHECK_ARRAY_CONSISTENCY
+
+void JSArray::checkConsistency(ConsistencyCheckType type)
+{
+    ASSERT(m_storage);
+    if (type == SortConsistencyCheck)
+        ASSERT(!m_storage->m_sparseValueMap);
+
+    unsigned numValuesInVector = 0;
+    for (unsigned i = 0; i < m_vectorLength; ++i) {
+        if (JSValue value = m_storage->m_vector[i]) {
+            ASSERT(i < m_storage->m_length);
+            if (type != DestructorConsistencyCheck)
+                value->type(); // Likely to crash if the object was deallocated.
+            ++numValuesInVector;
+        } else {
+            if (type == SortConsistencyCheck)
+                ASSERT(i >= m_storage->m_numValuesInVector);
+        }
+    }
+    ASSERT(numValuesInVector == m_storage->m_numValuesInVector);
+    ASSERT(numValuesInVector <= m_storage->m_length);
+
+    if (m_storage->m_sparseValueMap) {
+        SparseArrayValueMap::iterator end = m_storage->m_sparseValueMap->end();
+        for (SparseArrayValueMap::iterator it = m_storage->m_sparseValueMap->begin(); it != end; ++it) {
+            unsigned index = it->first;
+            ASSERT(index < m_storage->m_length);
+            ASSERT(index >= m_vectorLength);
+            ASSERT(index <= MAX_ARRAY_INDEX);
+            ASSERT(it->second);
+            if (type != DestructorConsistencyCheck)
+                it->second->type(); // Likely to crash if the object was deallocated.
+        }
+    }
+}
+
+#endif
+
+JSArray* constructEmptyArray(ExecState* exec)
+{
+    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure());
+}
+
+JSArray* constructEmptyArray(ExecState* exec, unsigned initialLength)
+{
+    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), initialLength);
+}
+
+JSArray* constructArray(ExecState* exec, JSValue singleItemValue)
+{
+    MarkedArgumentBuffer values;
+    values.append(singleItemValue);
+    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), values);
+}
+
+JSArray* constructArray(ExecState* exec, const ArgList& values)
+{
+    return new (exec) JSArray(exec->lexicalGlobalObject()->arrayStructure(), values);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.h
new file mode 100644
index 000000000..2613991d0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSArray.h
@@ -0,0 +1,229 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef JSArray_h
+#define JSArray_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    typedef HashMap<unsigned, JSValue> SparseArrayValueMap;
+
+    struct ArrayStorage {
+        unsigned m_length;
+        unsigned m_numValuesInVector;
+        SparseArrayValueMap* m_sparseValueMap;
+        void* lazyCreationData; // A JSArray subclass can use this to fill the vector lazily.
+        JSValue m_vector[1];
+    };
+
+    class JSArray : public JSObject {
+        friend class JIT;
+        friend class Walker;
+
+    public:
+        explicit JSArray(PassRefPtr<Structure>);
+        JSArray(PassRefPtr<Structure>, unsigned initialLength);
+        JSArray(PassRefPtr<Structure>, const ArgList& initialValues);
+        virtual ~JSArray();
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void put(ExecState*, unsigned propertyName, JSValue); // FIXME: Make protected and add setItem.
+
+        static JS_EXPORTDATA const ClassInfo info;
+
+        unsigned length() const { return m_storage->m_length; }
+        void setLength(unsigned); // OK to use on new arrays, but not if it might be a RegExpMatchArray.
+
+        void sort(ExecState*);
+        void sort(ExecState*, JSValue compareFunction, CallType, const CallData&);
+        void sortNumeric(ExecState*, JSValue compareFunction, CallType, const CallData&);
+
+        void push(ExecState*, JSValue);
+        JSValue pop();
+
+        bool canGetIndex(unsigned i) { return i < m_vectorLength && m_storage->m_vector[i]; }
+        JSValue getIndex(unsigned i)
+        {
+            ASSERT(canGetIndex(i));
+            return m_storage->m_vector[i];
+        }
+
+        bool canSetIndex(unsigned i) { return i < m_vectorLength; }
+        void setIndex(unsigned i, JSValue v)
+        {
+            ASSERT(canSetIndex(i));
+            JSValue& x = m_storage->m_vector[i];
+            if (!x) {
+                ++m_storage->m_numValuesInVector;
+                if (i >= m_storage->m_length)
+                    m_storage->m_length = i + 1;
+            }
+            x = v;
+        }
+
+        void fillArgList(ExecState*, MarkedArgumentBuffer&);
+        void copyToRegisters(ExecState*, Register*, uint32_t);
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType));
+        }
+        
+        inline void markChildrenDirect(MarkStack& markStack);
+
+    protected:
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual bool deleteProperty(ExecState*, unsigned propertyName, bool checkDontDelete = true);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+        virtual void markChildren(MarkStack&);
+
+        void* lazyCreationData();
+        void setLazyCreationData(void*);
+
+    private:
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        bool getOwnPropertySlotSlowCase(ExecState*, unsigned propertyName, PropertySlot&);
+        void putSlowCase(ExecState*, unsigned propertyName, JSValue);
+
+        bool increaseVectorLength(unsigned newLength);
+        
+        unsigned compactForSorting();
+
+        enum ConsistencyCheckType { NormalConsistencyCheck, DestructorConsistencyCheck, SortConsistencyCheck };
+        void checkConsistency(ConsistencyCheckType = NormalConsistencyCheck);
+
+        unsigned m_vectorLength;
+        ArrayStorage* m_storage;
+    };
+
+    JSArray* asArray(JSValue);
+
+    JSArray* constructEmptyArray(ExecState*);
+    JSArray* constructEmptyArray(ExecState*, unsigned initialLength);
+    JSArray* constructArray(ExecState*, JSValue singleItemValue);
+    JSArray* constructArray(ExecState*, const ArgList& values);
+
+    inline JSArray* asArray(JSCell* cell)
+    {
+        ASSERT(cell->inherits(&JSArray::info));
+        return static_cast<JSArray*>(cell);
+    }
+
+    inline JSArray* asArray(JSValue value)
+    {
+        return asArray(value.asCell());
+    }
+
+    inline bool isJSArray(JSGlobalData* globalData, JSValue v)
+    {
+        return v.isCell() && v.asCell()->vptr() == globalData->jsArrayVPtr;
+    }
+    inline bool isJSArray(JSGlobalData* globalData, JSCell* cell) { return cell->vptr() == globalData->jsArrayVPtr; }
+
+    inline void JSArray::markChildrenDirect(MarkStack& markStack)
+    {
+        JSObject::markChildrenDirect(markStack);
+        
+        ArrayStorage* storage = m_storage;
+
+        unsigned usedVectorLength = std::min(storage->m_length, m_vectorLength);
+        markStack.appendValues(storage->m_vector, usedVectorLength, MayContainNullValues);
+
+        if (SparseArrayValueMap* map = storage->m_sparseValueMap) {
+            SparseArrayValueMap::iterator end = map->end();
+            for (SparseArrayValueMap::iterator it = map->begin(); it != end; ++it)
+                markStack.append(it->second);
+        }
+    }
+
+    inline void MarkStack::markChildren(JSCell* cell)
+    {
+        ASSERT(Heap::isCellMarked(cell));
+        if (cell->structure()->typeInfo().hasDefaultMark()) {
+#ifdef NDEBUG
+            asObject(cell)->markChildrenDirect(*this);
+#else
+            ASSERT(!m_isCheckingForDefaultMarkViolation);
+            m_isCheckingForDefaultMarkViolation = true;
+            cell->markChildren(*this);
+            ASSERT(m_isCheckingForDefaultMarkViolation);
+            m_isCheckingForDefaultMarkViolation = false;
+#endif
+            return;
+        }
+        if (cell->vptr() == m_jsArrayVPtr) {
+            asArray(cell)->markChildrenDirect(*this);
+            return;
+        }
+        cell->markChildren(*this);
+    }
+
+    inline void MarkStack::drain()
+    {
+        while (!m_markSets.isEmpty() || !m_values.isEmpty()) {
+            while (!m_markSets.isEmpty() && m_values.size() < 50) {
+                ASSERT(!m_markSets.isEmpty());
+                MarkSet& current = m_markSets.last();
+                ASSERT(current.m_values);
+                JSValue* end = current.m_end;
+                ASSERT(current.m_values);
+                ASSERT(current.m_values != end);
+            findNextUnmarkedNullValue:
+                ASSERT(current.m_values != end);
+                JSValue value = *current.m_values;
+                current.m_values++;
+
+                JSCell* cell;
+                if (!value || !value.isCell() || Heap::isCellMarked(cell = value.asCell())) {
+                    if (current.m_values == end) {
+                        m_markSets.removeLast();
+                        continue;
+                    }
+                    goto findNextUnmarkedNullValue;
+                }
+
+                Heap::markCell(cell);
+                if (cell->structure()->typeInfo().type() < CompoundType) {
+                    if (current.m_values == end) {
+                        m_markSets.removeLast();
+                        continue;
+                    }
+                    goto findNextUnmarkedNullValue;
+                }
+
+                if (current.m_values == end)
+                    m_markSets.removeLast();
+
+                markChildren(cell);
+            }
+            while (!m_values.isEmpty())
+                markChildren(m_values.removeLast());
+        }
+    }
+    
+} // namespace JSC
+
+#endif // JSArray_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.cpp
new file mode 100644
index 000000000..0907099d1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.cpp
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSByteArray.h"
+
+#include "JSGlobalObject.h"
+#include "PropertyNameArray.h"
+
+using namespace WTF;
+
+namespace JSC {
+
+const ClassInfo JSByteArray::s_defaultInfo = { "ByteArray", 0, 0, 0 };
+
+JSByteArray::JSByteArray(ExecState* exec, PassRefPtr<Structure> structure, ByteArray* storage, const JSC::ClassInfo* classInfo)
+    : JSObject(structure)
+    , m_storage(storage)
+    , m_classInfo(classInfo)
+{
+    putDirect(exec->globalData().propertyNames->length, jsNumber(exec, m_storage->length()), ReadOnly | DontDelete);
+}
+    
+PassRefPtr<Structure> JSByteArray::createStructure(JSValue prototype)
+{
+    PassRefPtr<Structure> result = Structure::create(prototype, TypeInfo(ObjectType, HasDefaultMark));
+    return result;
+}
+
+bool JSByteArray::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    bool ok;
+    unsigned index = propertyName.toUInt32(&ok, false);
+    if (ok && canAccessIndex(index)) {
+        slot.setValue(getIndex(exec, index));
+        return true;
+    }
+    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+bool JSByteArray::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    bool ok;
+    unsigned index = propertyName.toUInt32(&ok, false);
+    if (ok && canAccessIndex(index)) {
+        descriptor.setDescriptor(getIndex(exec, index), DontDelete);
+        return true;
+    }
+    return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+}
+
+bool JSByteArray::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    if (canAccessIndex(propertyName)) {
+        slot.setValue(getIndex(exec, propertyName));
+        return true;
+    }
+    return JSObject::getOwnPropertySlot(exec, Identifier::from(exec, propertyName), slot);
+}
+
+void JSByteArray::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    bool ok;
+    unsigned index = propertyName.toUInt32(&ok, false);
+    if (ok) {
+        setIndex(exec, index, value);
+        return;
+    }
+    JSObject::put(exec, propertyName, value, slot);
+}
+
+void JSByteArray::put(ExecState* exec, unsigned propertyName, JSValue value)
+{
+    setIndex(exec, propertyName, value);
+}
+
+void JSByteArray::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    unsigned length = m_storage->length();
+    for (unsigned i = 0; i < length; ++i)
+        propertyNames.add(Identifier::from(exec, i));
+    JSObject::getOwnPropertyNames(exec, propertyNames, includeNonEnumerable);
+}
+
+}
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.h
new file mode 100644
index 000000000..5ea050522
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSByteArray.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSByteArray_h
+#define JSByteArray_h
+
+#include "JSObject.h"
+
+#include <wtf/ByteArray.h>
+
+namespace JSC {
+
+    class JSByteArray : public JSObject {
+        friend struct VPtrSet;
+    public:
+        bool canAccessIndex(unsigned i) { return i < m_storage->length(); }
+        JSValue getIndex(ExecState* exec, unsigned i)
+        {
+            ASSERT(canAccessIndex(i));
+            return jsNumber(exec, m_storage->data()[i]);
+        }
+
+        void setIndex(unsigned i, int value)
+        {
+            ASSERT(canAccessIndex(i));
+            if (value & ~0xFF) {
+                if (value < 0)
+                    value = 0;
+                else
+                    value = 255;
+            }
+            m_storage->data()[i] = static_cast<unsigned char>(value);
+        }
+        
+        void setIndex(unsigned i, double value)
+        {
+            ASSERT(canAccessIndex(i));
+            if (!(value > 0)) // Clamp NaN to 0
+                value = 0;
+            else if (value > 255)
+                value = 255;
+            m_storage->data()[i] = static_cast<unsigned char>(value + 0.5);
+        }
+        
+        void setIndex(ExecState* exec, unsigned i, JSValue value)
+        {
+            double byteValue = value.toNumber(exec);
+            if (exec->hadException())
+                return;
+            if (canAccessIndex(i))
+                setIndex(i, byteValue);
+        }
+
+        JSByteArray(ExecState* exec, PassRefPtr<Structure>, WTF::ByteArray* storage, const JSC::ClassInfo* = &s_defaultInfo);
+        static PassRefPtr<Structure> createStructure(JSValue prototype);
+        
+        virtual bool getOwnPropertySlot(JSC::ExecState*, const JSC::Identifier& propertyName, JSC::PropertySlot&);
+        virtual bool getOwnPropertySlot(JSC::ExecState*, unsigned propertyName, JSC::PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void put(JSC::ExecState*, const JSC::Identifier& propertyName, JSC::JSValue, JSC::PutPropertySlot&);
+        virtual void put(JSC::ExecState*, unsigned propertyName, JSC::JSValue);
+
+        virtual void getOwnPropertyNames(JSC::ExecState*, JSC::PropertyNameArray&, bool includeNonEnumerable = false);
+
+        virtual const ClassInfo* classInfo() const { return m_classInfo; }
+        static const ClassInfo s_defaultInfo;
+        
+        size_t length() const { return m_storage->length(); }
+
+        WTF::ByteArray* storage() const { return m_storage.get(); }
+
+    private:
+        enum VPtrStealingHackType { VPtrStealingHack };
+        JSByteArray(VPtrStealingHackType) 
+            : JSObject(createStructure(jsNull()))
+            , m_classInfo(0)
+        {
+        }
+
+        RefPtr<WTF::ByteArray> m_storage;
+        const ClassInfo* m_classInfo;
+    };
+    
+    JSByteArray* asByteArray(JSValue value);
+    inline JSByteArray* asByteArray(JSValue value)
+    {
+        return static_cast<JSByteArray*>(asCell(value));
+    }
+
+    inline bool isJSByteArray(JSGlobalData* globalData, JSValue v) { return v.isCell() && v.asCell()->vptr() == globalData->jsByteArrayVPtr; }
+
+} // namespace JSC
+
+#endif // JSByteArray_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.cpp
new file mode 100644
index 000000000..1cfe72d50
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.cpp
@@ -0,0 +1,236 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSCell.h"
+
+#include "JSFunction.h"
+#include "JSString.h"
+#include "JSObject.h"
+#include <wtf/MathExtras.h>
+
+namespace JSC {
+
+#if defined NAN && defined INFINITY
+
+extern const double NaN = NAN;
+extern const double Inf = INFINITY;
+
+#else // !(defined NAN && defined INFINITY)
+
+// The trick is to define the NaN and Inf globals with a different type than the declaration.
+// This trick works because the mangled name of the globals does not include the type, although
+// I'm not sure that's guaranteed. There could be alignment issues with this, since arrays of
+// characters don't necessarily need the same alignment doubles do, but for now it seems to work.
+// It would be good to figure out a 100% clean way that still avoids code that runs at init time.
+
+// Note, we have to use union to ensure alignment. Otherwise, NaN_Bytes can start anywhere,
+// while NaN_double has to be 4-byte aligned for 32-bits.
+// With -fstrict-aliasing enabled, unions are the only safe way to do type masquerading.
+
+static const union {
+    struct {
+        unsigned char NaN_Bytes[8];
+        unsigned char Inf_Bytes[8];
+    } bytes;
+    
+    struct {
+        double NaN_Double;
+        double Inf_Double;
+    } doubles;
+    
+} NaNInf = { {
+#if PLATFORM(BIG_ENDIAN)
+    { 0x7f, 0xf8, 0, 0, 0, 0, 0, 0 },
+    { 0x7f, 0xf0, 0, 0, 0, 0, 0, 0 }
+#elif PLATFORM(MIDDLE_ENDIAN)
+    { 0, 0, 0xf8, 0x7f, 0, 0, 0, 0 },
+    { 0, 0, 0xf0, 0x7f, 0, 0, 0, 0 }
+#else
+    { 0, 0, 0, 0, 0, 0, 0xf8, 0x7f },
+    { 0, 0, 0, 0, 0, 0, 0xf0, 0x7f }
+#endif
+} } ;
+
+extern const double NaN = NaNInf.doubles.NaN_Double;
+extern const double Inf = NaNInf.doubles.Inf_Double;
+ 
+#endif // !(defined NAN && defined INFINITY)
+
+void* JSCell::operator new(size_t size, ExecState* exec)
+{
+#ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+    return exec->heap()->inlineAllocate(size);
+#else
+    return exec->heap()->allocate(size);
+#endif
+}
+
+bool JSCell::getUInt32(uint32_t&) const
+{
+    return false;
+}
+
+bool JSCell::getString(UString&stringValue) const
+{
+    if (!isString())
+        return false;
+    stringValue = static_cast<const JSString*>(this)->value();
+    return true;
+}
+
+UString JSCell::getString() const
+{
+    return isString() ? static_cast<const JSString*>(this)->value() : UString();
+}
+
+JSObject* JSCell::getObject()
+{
+    return isObject() ? asObject(this) : 0;
+}
+
+const JSObject* JSCell::getObject() const
+{
+    return isObject() ? static_cast<const JSObject*>(this) : 0;
+}
+
+CallType JSCell::getCallData(CallData&)
+{
+    return CallTypeNone;
+}
+
+ConstructType JSCell::getConstructData(ConstructData&)
+{
+    return ConstructTypeNone;
+}
+
+bool JSCell::getOwnPropertySlot(ExecState* exec, const Identifier& identifier, PropertySlot& slot)
+{
+    // This is not a general purpose implementation of getOwnPropertySlot.
+    // It should only be called by JSValue::get.
+    // It calls getPropertySlot, not getOwnPropertySlot.
+    JSObject* object = toObject(exec);
+    slot.setBase(object);
+    if (!object->getPropertySlot(exec, identifier, slot))
+        slot.setUndefined();
+    return true;
+}
+
+bool JSCell::getOwnPropertySlot(ExecState* exec, unsigned identifier, PropertySlot& slot)
+{
+    // This is not a general purpose implementation of getOwnPropertySlot.
+    // It should only be called by JSValue::get.
+    // It calls getPropertySlot, not getOwnPropertySlot.
+    JSObject* object = toObject(exec);
+    slot.setBase(object);
+    if (!object->getPropertySlot(exec, identifier, slot))
+        slot.setUndefined();
+    return true;
+}
+
+void JSCell::put(ExecState* exec, const Identifier& identifier, JSValue value, PutPropertySlot& slot)
+{
+    toObject(exec)->put(exec, identifier, value, slot);
+}
+
+void JSCell::put(ExecState* exec, unsigned identifier, JSValue value)
+{
+    toObject(exec)->put(exec, identifier, value);
+}
+
+bool JSCell::deleteProperty(ExecState* exec, const Identifier& identifier, bool checkDontDelete)
+{
+    return toObject(exec)->deleteProperty(exec, identifier, checkDontDelete);
+}
+
+bool JSCell::deleteProperty(ExecState* exec, unsigned identifier, bool checkDontDelete)
+{
+    return toObject(exec)->deleteProperty(exec, identifier, checkDontDelete);
+}
+
+JSObject* JSCell::toThisObject(ExecState* exec) const
+{
+    return toObject(exec);
+}
+
+UString JSCell::toThisString(ExecState* exec) const
+{
+    return toThisObject(exec)->toString(exec);
+}
+
+JSString* JSCell::toThisJSString(ExecState* exec)
+{
+    return jsString(exec, toThisString(exec));
+}
+
+const ClassInfo* JSCell::classInfo() const
+{
+    return 0;
+}
+
+JSValue JSCell::getJSNumber()
+{
+    return JSValue();
+}
+
+bool JSCell::isGetterSetter() const
+{
+    return false;
+}
+
+JSValue JSCell::toPrimitive(ExecState*, PreferredPrimitiveType) const
+{
+    ASSERT_NOT_REACHED();
+    return JSValue();
+}
+
+bool JSCell::getPrimitiveNumber(ExecState*, double&, JSValue&)
+{
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+bool JSCell::toBoolean(ExecState*) const
+{
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+double JSCell::toNumber(ExecState*) const
+{
+    ASSERT_NOT_REACHED();
+    return 0;
+}
+
+UString JSCell::toString(ExecState*) const
+{
+    ASSERT_NOT_REACHED();
+    return UString();
+}
+
+JSObject* JSCell::toObject(ExecState*) const
+{
+    ASSERT_NOT_REACHED();
+    return 0;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h
new file mode 100644
index 000000000..d015b9c51
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h
@@ -0,0 +1,364 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSCell_h
+#define JSCell_h
+
+#include "Collector.h"
+#include "JSImmediate.h"
+#include "JSValue.h"
+#include "MarkStack.h"
+#include "Structure.h"
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+
+    class JSCell : public NoncopyableCustomAllocated {
+        friend class GetterSetter;
+        friend class Heap;
+        friend class JIT;
+        friend class JSNumberCell;
+        friend class JSObject;
+        friend class JSPropertyNameIterator;
+        friend class JSString;
+        friend class JSValue;
+        friend class JSAPIValueWrapper;
+        friend struct VPtrSet;
+
+    private:
+        explicit JSCell(Structure*);
+        JSCell(); // Only used for initializing Collector blocks.
+        virtual ~JSCell();
+
+    public:
+        // Querying the type.
+#if USE(JSVALUE32)
+        bool isNumber() const;
+#endif
+        bool isString() const;
+        bool isObject() const;
+        virtual bool isGetterSetter() const;
+        bool inherits(const ClassInfo*) const;
+        virtual bool isAPIValueWrapper() const { return false; }
+
+        Structure* structure() const;
+
+        // Extracting the value.
+        bool getString(UString&) const;
+        UString getString() const; // null string if not a string
+        JSObject* getObject(); // NULL if not an object
+        const JSObject* getObject() const; // NULL if not an object
+        
+        virtual CallType getCallData(CallData&);
+        virtual ConstructType getConstructData(ConstructData&);
+
+        // Extracting integer values.
+        // FIXME: remove these methods, can check isNumberCell in JSValue && then call asNumberCell::*.
+        virtual bool getUInt32(uint32_t&) const;
+
+        // Basic conversions.
+        virtual JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
+        virtual bool getPrimitiveNumber(ExecState*, double& number, JSValue&);
+        virtual bool toBoolean(ExecState*) const;
+        virtual double toNumber(ExecState*) const;
+        virtual UString toString(ExecState*) const;
+        virtual JSObject* toObject(ExecState*) const;
+
+        // Garbage collection.
+        void* operator new(size_t, ExecState*);
+        void* operator new(size_t, JSGlobalData*);
+        void* operator new(size_t, void* placementNewDestination) { return placementNewDestination; }
+
+        virtual void markChildren(MarkStack&);
+
+        // Object operations, with the toObject operation included.
+        virtual const ClassInfo* classInfo() const;
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual void put(ExecState*, unsigned propertyName, JSValue);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual bool deleteProperty(ExecState*, unsigned propertyName, bool checkDontDelete = true);
+
+        virtual JSObject* toThisObject(ExecState*) const;
+        virtual UString toThisString(ExecState*) const;
+        virtual JSString* toThisJSString(ExecState*);
+        virtual JSValue getJSNumber();
+        void* vptr() { return *reinterpret_cast<void**>(this); }
+
+    private:
+        // Base implementation; for non-object classes implements getPropertySlot.
+        bool fastGetOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        
+        Structure* m_structure;
+    };
+
+    // FIXME: We should deprecate this and just use JSValue::asCell() instead.
+    JSCell* asCell(JSValue);
+
+    inline JSCell* asCell(JSValue value)
+    {
+        return value.asCell();
+    }
+
+    inline JSCell::JSCell(Structure* structure)
+        : m_structure(structure)
+    {
+    }
+
+    // Only used for initializing Collector blocks.
+    inline JSCell::JSCell()
+    {
+    }
+
+    inline JSCell::~JSCell()
+    {
+    }
+
+#if USE(JSVALUE32)
+    inline bool JSCell::isNumber() const
+    {
+        return Heap::isNumber(const_cast<JSCell*>(this));
+    }
+#endif
+
+    inline bool JSCell::isObject() const
+    {
+        return m_structure->typeInfo().type() == ObjectType;
+    }
+
+    inline bool JSCell::isString() const
+    {
+        return m_structure->typeInfo().type() == StringType;
+    }
+
+    inline Structure* JSCell::structure() const
+    {
+        return m_structure;
+    }
+
+    inline void JSCell::markChildren(MarkStack&)
+    {
+    }
+
+    inline void* JSCell::operator new(size_t size, JSGlobalData* globalData)
+    {
+#ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+        return globalData->heap.inlineAllocate(size);
+#else
+        return globalData->heap.allocate(size);
+#endif
+    }
+
+    // --- JSValue inlines ----------------------------
+
+    inline bool JSValue::isString() const
+    {
+        return isCell() && asCell()->isString();
+    }
+
+    inline bool JSValue::isGetterSetter() const
+    {
+        return isCell() && asCell()->isGetterSetter();
+    }
+
+    inline bool JSValue::isObject() const
+    {
+        return isCell() && asCell()->isObject();
+    }
+
+    inline bool JSValue::getString(UString& s) const
+    {
+        return isCell() && asCell()->getString(s);
+    }
+
+    inline UString JSValue::getString() const
+    {
+        return isCell() ? asCell()->getString() : UString();
+    }
+
+    inline JSObject* JSValue::getObject() const
+    {
+        return isCell() ? asCell()->getObject() : 0;
+    }
+
+    inline CallType JSValue::getCallData(CallData& callData)
+    {
+        return isCell() ? asCell()->getCallData(callData) : CallTypeNone;
+    }
+
+    inline ConstructType JSValue::getConstructData(ConstructData& constructData)
+    {
+        return isCell() ? asCell()->getConstructData(constructData) : ConstructTypeNone;
+    }
+
+    ALWAYS_INLINE bool JSValue::getUInt32(uint32_t& v) const
+    {
+        if (isInt32()) {
+            int32_t i = asInt32();
+            v = static_cast<uint32_t>(i);
+            return i >= 0;
+        }
+        if (isDouble()) {
+            double d = asDouble();
+            v = static_cast<uint32_t>(d);
+            return v == d;
+        }
+        return false;
+    }
+
+#if !USE(JSVALUE32_64)
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return m_ptr;
+    }
+#endif // !USE(JSVALUE32_64)
+
+    inline JSValue JSValue::toPrimitive(ExecState* exec, PreferredPrimitiveType preferredType) const
+    {
+        return isCell() ? asCell()->toPrimitive(exec, preferredType) : asValue();
+    }
+
+    inline bool JSValue::getPrimitiveNumber(ExecState* exec, double& number, JSValue& value)
+    {
+        if (isInt32()) {
+            number = asInt32();
+            value = *this;
+            return true;
+        }
+        if (isDouble()) {
+            number = asDouble();
+            value = *this;
+            return true;
+        }
+        if (isCell())
+            return asCell()->getPrimitiveNumber(exec, number, value);
+        if (isTrue()) {
+            number = 1.0;
+            value = *this;
+            return true;
+        }
+        if (isFalse() || isNull()) {
+            number = 0.0;
+            value = *this;
+            return true;
+        }
+        ASSERT(isUndefined());
+        number = nonInlineNaN();
+        value = *this;
+        return true;
+    }
+
+    inline bool JSValue::toBoolean(ExecState* exec) const
+    {
+        if (isInt32())
+            return asInt32() != 0;
+        if (isDouble())
+            return asDouble() > 0.0 || asDouble() < 0.0; // false for NaN
+        if (isCell())
+            return asCell()->toBoolean(exec);
+        return isTrue(); // false, null, and undefined all convert to false.
+    }
+
+    ALWAYS_INLINE double JSValue::toNumber(ExecState* exec) const
+    {
+        if (isInt32())
+            return asInt32();
+        if (isDouble())
+            return asDouble();
+        if (isCell())
+            return asCell()->toNumber(exec);
+        if (isTrue())
+            return 1.0;
+        return isUndefined() ? nonInlineNaN() : 0; // null and false both convert to 0.
+    }
+
+    inline bool JSValue::needsThisConversion() const
+    {
+        if (UNLIKELY(!isCell()))
+            return true;
+        return asCell()->structure()->typeInfo().needsThisConversion();
+    }
+
+    inline UString JSValue::toThisString(ExecState* exec) const
+    {
+        return isCell() ? asCell()->toThisString(exec) : toString(exec);
+    }
+
+    inline JSValue JSValue::getJSNumber()
+    {
+        if (isInt32() || isDouble())
+            return *this;
+        if (isCell())
+            return asCell()->getJSNumber();
+        return JSValue();
+    }
+
+    inline JSObject* JSValue::toObject(ExecState* exec) const
+    {
+        return isCell() ? asCell()->toObject(exec) : toObjectSlowCase(exec);
+    }
+
+    inline JSObject* JSValue::toThisObject(ExecState* exec) const
+    {
+        return isCell() ? asCell()->toThisObject(exec) : toThisObjectSlowCase(exec);
+    }
+
+    ALWAYS_INLINE void MarkStack::append(JSCell* cell)
+    {
+        ASSERT(!m_isCheckingForDefaultMarkViolation);
+        ASSERT(cell);
+        if (Heap::isCellMarked(cell))
+            return;
+        Heap::markCell(cell);
+        if (cell->structure()->typeInfo().type() >= CompoundType)
+            m_values.append(cell);
+    }
+
+    ALWAYS_INLINE void MarkStack::append(JSValue value)
+    {
+        ASSERT(value);
+        if (value.isCell())
+            append(value.asCell());
+    }
+
+    inline void Structure::markAggregate(MarkStack& markStack)
+    {
+        markStack.append(m_prototype);
+    }
+
+    inline Heap* Heap::heap(JSValue v)
+    {
+        if (!v.isCell())
+            return 0;
+        return heap(v.asCell());
+    }
+
+    inline Heap* Heap::heap(JSCell* c)
+    {
+        return cellBlock(c)->heap;
+    }
+
+} // namespace JSC
+
+#endif // JSCell_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp
new file mode 100644
index 000000000..bf4e34db6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp
@@ -0,0 +1,256 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSFunction.h"
+
+#include "CodeBlock.h"
+#include "CommonIdentifiers.h"
+#include "CallFrame.h"
+#include "FunctionPrototype.h"
+#include "JSGlobalObject.h"
+#include "Interpreter.h"
+#include "ObjectPrototype.h"
+#include "Parser.h"
+#include "PropertyNameArray.h"
+#include "ScopeChainMark.h"
+
+using namespace WTF;
+using namespace Unicode;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSFunction);
+
+const ClassInfo JSFunction::info = { "Function", &InternalFunction::info, 0, 0 };
+
+bool JSFunction::isHostFunctionNonInline() const
+{
+    return isHostFunction();
+}
+
+JSFunction::JSFunction(PassRefPtr<Structure> structure)
+    : Base(structure)
+    , m_executable(adoptRef(new VPtrHackExecutable()))
+{
+}
+
+JSFunction::JSFunction(ExecState* exec, PassRefPtr<Structure> structure, int length, const Identifier& name, NativeFunction func)
+    : Base(&exec->globalData(), structure, name)
+#if ENABLE(JIT)
+    , m_executable(adoptRef(new NativeExecutable(exec)))
+#endif
+{
+#if ENABLE(JIT)
+    setNativeFunction(func);
+    putDirect(exec->propertyNames().length, jsNumber(exec, length), DontDelete | ReadOnly | DontEnum);
+#else
+    UNUSED_PARAM(length);
+    UNUSED_PARAM(func);
+    ASSERT_NOT_REACHED();
+#endif
+}
+
+JSFunction::JSFunction(ExecState* exec, PassRefPtr<FunctionExecutable> executable, ScopeChainNode* scopeChainNode)
+    : Base(&exec->globalData(), exec->lexicalGlobalObject()->functionStructure(), executable->name())
+    , m_executable(executable)
+{
+    setScopeChain(scopeChainNode);
+}
+
+JSFunction::~JSFunction()
+{
+    // JIT code for other functions may have had calls linked directly to the code for this function; these links
+    // are based on a check for the this pointer value for this JSFunction - which will no longer be valid once
+    // this memory is freed and may be reused (potentially for another, different JSFunction).
+    if (!isHostFunction()) {
+#if ENABLE(JIT_OPTIMIZE_CALL)
+        ASSERT(m_executable);
+        if (jsExecutable()->isGenerated())
+            jsExecutable()->generatedBytecode().unlinkCallers();
+#endif
+        scopeChain().~ScopeChain(); // FIXME: Don't we need to do this in the interpreter too?
+    }
+}
+
+void JSFunction::markChildren(MarkStack& markStack)
+{
+    Base::markChildren(markStack);
+    if (!isHostFunction()) {
+        jsExecutable()->markAggregate(markStack);
+        scopeChain().markAggregate(markStack);
+    }
+}
+
+CallType JSFunction::getCallData(CallData& callData)
+{
+    if (isHostFunction()) {
+        callData.native.function = nativeFunction();
+        return CallTypeHost;
+    }
+    callData.js.functionExecutable = jsExecutable();
+    callData.js.scopeChain = scopeChain().node();
+    return CallTypeJS;
+}
+
+JSValue JSFunction::call(ExecState* exec, JSValue thisValue, const ArgList& args)
+{
+    ASSERT(!isHostFunction());
+    return exec->interpreter()->execute(jsExecutable(), exec, this, thisValue.toThisObject(exec), args, scopeChain().node(), exec->exceptionSlot());
+}
+
+JSValue JSFunction::argumentsGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    JSFunction* thisObj = asFunction(slot.slotBase());
+    ASSERT(!thisObj->isHostFunction());
+    return exec->interpreter()->retrieveArguments(exec, thisObj);
+}
+
+JSValue JSFunction::callerGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    JSFunction* thisObj = asFunction(slot.slotBase());
+    ASSERT(!thisObj->isHostFunction());
+    return exec->interpreter()->retrieveCaller(exec, thisObj);
+}
+
+JSValue JSFunction::lengthGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    JSFunction* thisObj = asFunction(slot.slotBase());
+    ASSERT(!thisObj->isHostFunction());
+    return jsNumber(exec, thisObj->jsExecutable()->parameterCount());
+}
+
+bool JSFunction::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (isHostFunction())
+        return Base::getOwnPropertySlot(exec, propertyName, slot);
+
+    if (propertyName == exec->propertyNames().prototype) {
+        JSValue* location = getDirectLocation(propertyName);
+
+        if (!location) {
+            JSObject* prototype = new (exec) JSObject(scopeChain().globalObject()->emptyObjectStructure());
+            prototype->putDirect(exec->propertyNames().constructor, this, DontEnum);
+            putDirect(exec->propertyNames().prototype, prototype, DontDelete);
+            location = getDirectLocation(propertyName);
+        }
+
+        slot.setValueSlot(this, location, offsetForLocation(location));
+    }
+
+    if (propertyName == exec->propertyNames().arguments) {
+        slot.setCustom(this, argumentsGetter);
+        return true;
+    }
+
+    if (propertyName == exec->propertyNames().length) {
+        slot.setCustom(this, lengthGetter);
+        return true;
+    }
+
+    if (propertyName == exec->propertyNames().caller) {
+        slot.setCustom(this, callerGetter);
+        return true;
+    }
+
+    return Base::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+    bool JSFunction::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+    {
+        if (isHostFunction())
+            return Base::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+        
+        if (propertyName == exec->propertyNames().prototype) {
+            PropertySlot slot;
+            getOwnPropertySlot(exec, propertyName, slot);
+            return Base::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+        }
+        
+        if (propertyName == exec->propertyNames().arguments) {
+            descriptor.setDescriptor(exec->interpreter()->retrieveArguments(exec, this), ReadOnly | DontEnum | DontDelete);
+            return true;
+        }
+        
+        if (propertyName == exec->propertyNames().length) {
+            descriptor.setDescriptor(jsNumber(exec, jsExecutable()->parameterCount()), ReadOnly | DontEnum | DontDelete);
+            return true;
+        }
+        
+        if (propertyName == exec->propertyNames().caller) {
+            descriptor.setDescriptor(exec->interpreter()->retrieveCaller(exec, this), ReadOnly | DontEnum | DontDelete);
+            return true;
+        }
+        
+        return Base::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+    }
+    
+void JSFunction::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    if (isHostFunction()) {
+        Base::put(exec, propertyName, value, slot);
+        return;
+    }
+    if (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().length)
+        return;
+    Base::put(exec, propertyName, value, slot);
+}
+
+bool JSFunction::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    if (isHostFunction())
+        return Base::deleteProperty(exec, propertyName, checkDontDelete);
+    if (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().length)
+        return false;
+    return Base::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+// ECMA 13.2.2 [[Construct]]
+ConstructType JSFunction::getConstructData(ConstructData& constructData)
+{
+    if (isHostFunction())
+        return ConstructTypeNone;
+    constructData.js.functionExecutable = jsExecutable();
+    constructData.js.scopeChain = scopeChain().node();
+    return ConstructTypeJS;
+}
+
+JSObject* JSFunction::construct(ExecState* exec, const ArgList& args)
+{
+    ASSERT(!isHostFunction());
+    Structure* structure;
+    JSValue prototype = get(exec, exec->propertyNames().prototype);
+    if (prototype.isObject())
+        structure = asObject(prototype)->inheritorID();
+    else
+        structure = exec->lexicalGlobalObject()->emptyObjectStructure();
+    JSObject* thisObj = new (exec) JSObject(structure);
+
+    JSValue result = exec->interpreter()->execute(jsExecutable(), exec, this, thisObj, args, scopeChain().node(), exec->exceptionSlot());
+    if (exec->hadException() || !result.isObject())
+        return thisObj;
+    return asObject(result);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.h
new file mode 100644
index 000000000..416a58a37
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.h
@@ -0,0 +1,131 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSFunction_h
+#define JSFunction_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class ExecutableBase;
+    class FunctionExecutable;
+    class FunctionPrototype;
+    class JSActivation;
+    class JSGlobalObject;
+
+    class JSFunction : public InternalFunction {
+        friend class JIT;
+        friend struct VPtrSet;
+
+        typedef InternalFunction Base;
+
+    public:
+        JSFunction(ExecState*, PassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
+        JSFunction(ExecState*, PassRefPtr<FunctionExecutable>, ScopeChainNode*);
+        virtual ~JSFunction();
+
+        JSObject* construct(ExecState*, const ArgList&);
+        JSValue call(ExecState*, JSValue thisValue, const ArgList&);
+
+        void setScope(const ScopeChain& scopeChain) { setScopeChain(scopeChain); }
+        ScopeChain& scope() { return scopeChain(); }
+
+        ExecutableBase* executable() const { return m_executable.get(); }
+
+        // To call either of these methods include Executable.h
+        inline bool isHostFunction() const;
+        FunctionExecutable* jsExecutable() const;
+
+        static JS_EXPORTDATA const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype) 
+        { 
+            return Structure::create(prototype, TypeInfo(ObjectType, ImplementsHasInstance)); 
+        }
+
+        NativeFunction nativeFunction()
+        {
+            return *reinterpret_cast<NativeFunction*>(m_data);
+        }
+
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+
+    private:
+        JSFunction(PassRefPtr<Structure>);
+
+        bool isHostFunctionNonInline() const;
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+
+        virtual void markChildren(MarkStack&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        static JSValue argumentsGetter(ExecState*, const Identifier&, const PropertySlot&);
+        static JSValue callerGetter(ExecState*, const Identifier&, const PropertySlot&);
+        static JSValue lengthGetter(ExecState*, const Identifier&, const PropertySlot&);
+
+        RefPtr<ExecutableBase> m_executable;
+        ScopeChain& scopeChain()
+        {
+            ASSERT(!isHostFunctionNonInline());
+            return *reinterpret_cast<ScopeChain*>(m_data);
+        }
+        void clearScopeChain()
+        {
+            ASSERT(!isHostFunctionNonInline());
+            new (m_data) ScopeChain(NoScopeChain());
+        }
+        void setScopeChain(ScopeChainNode* sc)
+        {
+            ASSERT(!isHostFunctionNonInline());
+            new (m_data) ScopeChain(sc);
+        }
+        void setScopeChain(const ScopeChain& sc)
+        {
+            ASSERT(!isHostFunctionNonInline());
+            *reinterpret_cast<ScopeChain*>(m_data) = sc;
+        }
+        void setNativeFunction(NativeFunction func)
+        {
+            *reinterpret_cast<NativeFunction*>(m_data) = func;
+        }
+        unsigned char m_data[sizeof(void*)];
+    };
+
+    JSFunction* asFunction(JSValue);
+
+    inline JSFunction* asFunction(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&JSFunction::info));
+        return static_cast<JSFunction*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // JSFunction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp
new file mode 100644
index 000000000..4496d6c5a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp
@@ -0,0 +1,256 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSGlobalData.h"
+
+#include "ArgList.h"
+#include "Collector.h"
+#include "CommonIdentifiers.h"
+#include "FunctionConstructor.h"
+#include "GetterSetter.h"
+#include "Interpreter.h"
+#include "JSActivation.h"
+#include "JSAPIValueWrapper.h"
+#include "JSArray.h"
+#include "JSByteArray.h"
+#include "JSClassRef.h"
+#include "JSFunction.h"
+#include "JSLock.h"
+#include "JSNotAnObject.h"
+#include "JSPropertyNameIterator.h"
+#include "JSStaticScopeObject.h"
+#include "Parser.h"
+#include "Lexer.h"
+#include "Lookup.h"
+#include "Nodes.h"
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#include <wtf/Threading.h>
+#endif
+
+#if PLATFORM(MAC)
+#include "ProfilerServer.h"
+#endif
+
+using namespace WTF;
+
+namespace JSC {
+
+extern JSC_CONST_HASHTABLE HashTable arrayTable;
+extern JSC_CONST_HASHTABLE HashTable jsonTable;
+extern JSC_CONST_HASHTABLE HashTable dateTable;
+extern JSC_CONST_HASHTABLE HashTable mathTable;
+extern JSC_CONST_HASHTABLE HashTable numberTable;
+extern JSC_CONST_HASHTABLE HashTable regExpTable;
+extern JSC_CONST_HASHTABLE HashTable regExpConstructorTable;
+extern JSC_CONST_HASHTABLE HashTable stringTable;
+
+struct VPtrSet {
+    VPtrSet();
+
+    void* jsArrayVPtr;
+    void* jsByteArrayVPtr;
+    void* jsStringVPtr;
+    void* jsFunctionVPtr;
+};
+
+VPtrSet::VPtrSet()
+{
+    // Bizarrely, calling fastMalloc here is faster than allocating space on the stack.
+    void* storage = fastMalloc(sizeof(CollectorBlock));
+
+    JSCell* jsArray = new (storage) JSArray(JSArray::createStructure(jsNull()));
+    jsArrayVPtr = jsArray->vptr();
+    jsArray->~JSCell();
+
+    JSCell* jsByteArray = new (storage) JSByteArray(JSByteArray::VPtrStealingHack);
+    jsByteArrayVPtr = jsByteArray->vptr();
+    jsByteArray->~JSCell();
+
+    JSCell* jsString = new (storage) JSString(JSString::VPtrStealingHack);
+    jsStringVPtr = jsString->vptr();
+    jsString->~JSCell();
+
+    JSCell* jsFunction = new (storage) JSFunction(JSFunction::createStructure(jsNull()));
+    jsFunctionVPtr = jsFunction->vptr();
+    jsFunction->~JSCell();
+
+    fastFree(storage);
+}
+
+JSGlobalData::JSGlobalData(bool isShared, const VPtrSet& vptrSet)
+    : isSharedInstance(isShared)
+    , clientData(0)
+    , arrayTable(fastNew<HashTable>(JSC::arrayTable))
+    , dateTable(fastNew<HashTable>(JSC::dateTable))
+    , jsonTable(fastNew<HashTable>(JSC::jsonTable))
+    , mathTable(fastNew<HashTable>(JSC::mathTable))
+    , numberTable(fastNew<HashTable>(JSC::numberTable))
+    , regExpTable(fastNew<HashTable>(JSC::regExpTable))
+    , regExpConstructorTable(fastNew<HashTable>(JSC::regExpConstructorTable))
+    , stringTable(fastNew<HashTable>(JSC::stringTable))
+    , activationStructure(JSActivation::createStructure(jsNull()))
+    , interruptedExecutionErrorStructure(JSObject::createStructure(jsNull()))
+    , staticScopeStructure(JSStaticScopeObject::createStructure(jsNull()))
+    , stringStructure(JSString::createStructure(jsNull()))
+    , notAnObjectErrorStubStructure(JSNotAnObjectErrorStub::createStructure(jsNull()))
+    , notAnObjectStructure(JSNotAnObject::createStructure(jsNull()))
+    , propertyNameIteratorStructure(JSPropertyNameIterator::createStructure(jsNull()))
+    , getterSetterStructure(GetterSetter::createStructure(jsNull()))
+    , apiWrapperStructure(JSAPIValueWrapper::createStructure(jsNull()))
+#if USE(JSVALUE32)
+    , numberStructure(JSNumberCell::createStructure(jsNull()))
+#endif
+    , jsArrayVPtr(vptrSet.jsArrayVPtr)
+    , jsByteArrayVPtr(vptrSet.jsByteArrayVPtr)
+    , jsStringVPtr(vptrSet.jsStringVPtr)
+    , jsFunctionVPtr(vptrSet.jsFunctionVPtr)
+    , identifierTable(createIdentifierTable())
+    , propertyNames(new CommonIdentifiers(this))
+    , emptyList(new MarkedArgumentBuffer)
+    , lexer(new Lexer(this))
+    , parser(new Parser)
+    , interpreter(new Interpreter)
+#if ENABLE(JIT)
+    , jitStubs(this)
+#endif
+    , timeoutChecker(new TimeoutChecker)
+    , heap(this)
+    , initializingLazyNumericCompareFunction(false)
+    , head(0)
+    , dynamicGlobalObject(0)
+    , functionCodeBlockBeingReparsed(0)
+    , firstStringifierToMark(0)
+    , markStack(vptrSet.jsArrayVPtr)
+#ifndef NDEBUG
+    , mainThreadOnly(false)
+#endif
+{
+#if PLATFORM(MAC)
+    startProfilerServerIfNeeded();
+#endif
+}
+
+JSGlobalData::~JSGlobalData()
+{
+    // By the time this is destroyed, heap.destroy() must already have been called.
+
+    delete interpreter;
+#ifndef NDEBUG
+    // Zeroing out to make the behavior more predictable when someone attempts to use a deleted instance.
+    interpreter = 0;
+#endif
+
+    arrayTable->deleteTable();
+    dateTable->deleteTable();
+    jsonTable->deleteTable();
+    mathTable->deleteTable();
+    numberTable->deleteTable();
+    regExpTable->deleteTable();
+    regExpConstructorTable->deleteTable();
+    stringTable->deleteTable();
+
+    fastDelete(const_cast<HashTable*>(arrayTable));
+    fastDelete(const_cast<HashTable*>(dateTable));
+    fastDelete(const_cast<HashTable*>(jsonTable));
+    fastDelete(const_cast<HashTable*>(mathTable));
+    fastDelete(const_cast<HashTable*>(numberTable));
+    fastDelete(const_cast<HashTable*>(regExpTable));
+    fastDelete(const_cast<HashTable*>(regExpConstructorTable));
+    fastDelete(const_cast<HashTable*>(stringTable));
+
+    delete parser;
+    delete lexer;
+    delete timeoutChecker;
+
+    deleteAllValues(opaqueJSClassData);
+
+    delete emptyList;
+
+    delete propertyNames;
+    deleteIdentifierTable(identifierTable);
+
+    delete clientData;
+}
+
+PassRefPtr<JSGlobalData> JSGlobalData::create(bool isShared)
+{
+    return adoptRef(new JSGlobalData(isShared, VPtrSet()));
+}
+
+PassRefPtr<JSGlobalData> JSGlobalData::createLeaked()
+{
+    Structure::startIgnoringLeaks();
+    RefPtr<JSGlobalData> data = create();
+    Structure::stopIgnoringLeaks();
+    return data.release();
+}
+
+bool JSGlobalData::sharedInstanceExists()
+{
+    return sharedInstanceInternal();
+}
+
+JSGlobalData& JSGlobalData::sharedInstance()
+{
+    JSGlobalData*& instance = sharedInstanceInternal();
+    if (!instance) {
+        instance = create(true).releaseRef();
+#if ENABLE(JSC_MULTIPLE_THREADS)
+        instance->makeUsableFromMultipleThreads();
+#endif
+    }
+    return *instance;
+}
+
+JSGlobalData*& JSGlobalData::sharedInstanceInternal()
+{
+    ASSERT(JSLock::currentThreadIsHoldingLock());
+    static JSGlobalData* sharedInstance;
+    return sharedInstance;
+}
+
+// FIXME: We can also detect forms like v1 < v2 ? -1 : 0, reverse comparison, etc.
+const Vector<Instruction>& JSGlobalData::numericCompareFunction(ExecState* exec)
+{
+    if (!lazyNumericCompareFunction.size() && !initializingLazyNumericCompareFunction) {
+        initializingLazyNumericCompareFunction = true;
+        RefPtr<FunctionExecutable> function = FunctionExecutable::fromGlobalCode(Identifier(exec, "numericCompare"), exec, 0, makeSource(UString("(function (v1, v2) { return v1 - v2; })")), 0, 0);
+        lazyNumericCompareFunction = function->bytecode(exec, exec->scopeChain()).instructions();
+        initializingLazyNumericCompareFunction = false;
+    }
+
+    return lazyNumericCompareFunction;
+}
+
+JSGlobalData::ClientData::~ClientData()
+{
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h
new file mode 100644
index 000000000..c9887e874
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSGlobalData_h
+#define JSGlobalData_h
+
+#include "Collector.h"
+#include "ExecutableAllocator.h"
+#include "JITStubs.h"
+#include "JSValue.h"
+#include "MarkStack.h"
+#include "NumericStrings.h"
+#include "SmallStrings.h"
+#include "TimeoutChecker.h"
+#include <wtf/Forward.h>
+#include <wtf/HashMap.h>
+#include <wtf/RefCounted.h>
+
+struct OpaqueJSClass;
+struct OpaqueJSClassContextData;
+
+namespace JSC {
+
+    class CodeBlock;
+    class CommonIdentifiers;
+    class IdentifierTable;
+    class Interpreter;
+    class JSGlobalObject;
+    class JSObject;
+    class Lexer;
+    class Parser;
+    class Stringifier;
+    class Structure;
+    class UString;
+
+    struct HashTable;
+    struct Instruction;    
+    struct VPtrSet;
+
+    class JSGlobalData : public RefCounted<JSGlobalData> {
+    public:
+        struct ClientData {
+            virtual ~ClientData() = 0;
+#ifdef QT_BUILD_SCRIPT_LIB
+            virtual void mark(MarkStack&) {}
+#endif
+        };
+
+        static bool sharedInstanceExists();
+        static JSGlobalData& sharedInstance();
+
+        static PassRefPtr<JSGlobalData> create(bool isShared = false);
+        static PassRefPtr<JSGlobalData> createLeaked();
+        ~JSGlobalData();
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+        // Will start tracking threads that use the heap, which is resource-heavy.
+        void makeUsableFromMultipleThreads() { heap.makeUsableFromMultipleThreads(); }
+#endif
+
+        bool isSharedInstance;
+        ClientData* clientData;
+
+        const HashTable* arrayTable;
+        const HashTable* dateTable;
+        const HashTable* jsonTable;
+        const HashTable* mathTable;
+        const HashTable* numberTable;
+        const HashTable* regExpTable;
+        const HashTable* regExpConstructorTable;
+        const HashTable* stringTable;
+        
+        RefPtr<Structure> activationStructure;
+        RefPtr<Structure> interruptedExecutionErrorStructure;
+        RefPtr<Structure> staticScopeStructure;
+        RefPtr<Structure> stringStructure;
+        RefPtr<Structure> notAnObjectErrorStubStructure;
+        RefPtr<Structure> notAnObjectStructure;
+        RefPtr<Structure> propertyNameIteratorStructure;
+        RefPtr<Structure> getterSetterStructure;
+        RefPtr<Structure> apiWrapperStructure;
+
+#if USE(JSVALUE32)
+        RefPtr<Structure> numberStructure;
+#endif
+
+        void* jsArrayVPtr;
+        void* jsByteArrayVPtr;
+        void* jsStringVPtr;
+        void* jsFunctionVPtr;
+
+        IdentifierTable* identifierTable;
+        CommonIdentifiers* propertyNames;
+        const MarkedArgumentBuffer* emptyList; // Lists are supposed to be allocated on the stack to have their elements properly marked, which is not the case here - but this list has nothing to mark.
+        SmallStrings smallStrings;
+        NumericStrings numericStrings;
+
+#if ENABLE(ASSEMBLER)
+        ExecutableAllocator executableAllocator;
+#endif
+
+        Lexer* lexer;
+        Parser* parser;
+        Interpreter* interpreter;
+#if ENABLE(JIT)
+        JITThunks jitStubs;
+#endif
+        TimeoutChecker* timeoutChecker;
+        Heap heap;
+
+        JSValue exception;
+#if ENABLE(JIT)
+        ReturnAddressPtr exceptionLocation;
+#endif
+
+        const Vector<Instruction>& numericCompareFunction(ExecState*);
+        Vector<Instruction> lazyNumericCompareFunction;
+        bool initializingLazyNumericCompareFunction;
+
+        HashMap<OpaqueJSClass*, OpaqueJSClassContextData*> opaqueJSClassData;
+
+        JSGlobalObject* head;
+        JSGlobalObject* dynamicGlobalObject;
+
+        HashSet<JSObject*> arrayVisitedElements;
+
+        CodeBlock* functionCodeBlockBeingReparsed;
+        Stringifier* firstStringifierToMark;
+
+        MarkStack markStack;
+
+#ifndef NDEBUG
+        bool mainThreadOnly;
+#endif
+
+    private:
+        JSGlobalData(bool isShared, const VPtrSet&);
+        static JSGlobalData*& sharedInstanceInternal();
+        void createNativeThunk();
+    };
+
+} // namespace JSC
+
+#endif // JSGlobalData_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.cpp
new file mode 100644
index 000000000..60eb1b4d3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.cpp
@@ -0,0 +1,460 @@
+/*
+ * Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSGlobalObject.h"
+
+#include "JSCallbackConstructor.h"
+#include "JSCallbackFunction.h"
+#include "JSCallbackObject.h"
+
+#include "Arguments.h"
+#include "ArrayConstructor.h"
+#include "ArrayPrototype.h"
+#include "BooleanConstructor.h"
+#include "BooleanPrototype.h"
+#include "CodeBlock.h"
+#include "DateConstructor.h"
+#include "DatePrototype.h"
+#include "ErrorConstructor.h"
+#include "ErrorPrototype.h"
+#include "FunctionConstructor.h"
+#include "FunctionPrototype.h"
+#include "GlobalEvalFunction.h"
+#include "JSFunction.h"
+#include "JSGlobalObjectFunctions.h"
+#include "JSLock.h"
+#include "JSONObject.h"
+#include "Interpreter.h"
+#include "MathObject.h"
+#include "NativeErrorConstructor.h"
+#include "NativeErrorPrototype.h"
+#include "NumberConstructor.h"
+#include "NumberPrototype.h"
+#include "ObjectConstructor.h"
+#include "ObjectPrototype.h"
+#include "Profiler.h"
+#include "PrototypeFunction.h"
+#include "RegExpConstructor.h"
+#include "RegExpMatchesArray.h"
+#include "RegExpObject.h"
+#include "RegExpPrototype.h"
+#include "ScopeChainMark.h"
+#include "StringConstructor.h"
+#include "StringPrototype.h"
+#include "Debugger.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSGlobalObject);
+
+// Default number of ticks before a timeout check should be done.
+static const int initialTickCountThreshold = 255;
+
+// Preferred number of milliseconds between each timeout check
+static const int preferredScriptCheckTimeInterval = 1000;
+
+static inline void markIfNeeded(MarkStack& markStack, JSValue v)
+{
+    if (v)
+        markStack.append(v);
+}
+
+static inline void markIfNeeded(MarkStack& markStack, const RefPtr<Structure>& s)
+{
+    if (s)
+        s->markAggregate(markStack);
+}
+
+JSGlobalObject::~JSGlobalObject()
+{
+    ASSERT(JSLock::currentThreadIsHoldingLock());
+
+    if (d()->debugger)
+        d()->debugger->detach(this);
+
+    Profiler** profiler = Profiler::enabledProfilerReference();
+    if (UNLIKELY(*profiler != 0)) {
+        (*profiler)->stopProfiling(globalExec(), UString());
+    }
+
+    d()->next->d()->prev = d()->prev;
+    d()->prev->d()->next = d()->next;
+    JSGlobalObject*& headObject = head();
+    if (headObject == this)
+        headObject = d()->next;
+    if (headObject == this)
+        headObject = 0;
+
+    HashSet<GlobalCodeBlock*>::const_iterator end = codeBlocks().end();
+    for (HashSet<GlobalCodeBlock*>::const_iterator it = codeBlocks().begin(); it != end; ++it)
+        (*it)->clearGlobalObject();
+        
+    RegisterFile& registerFile = globalData()->interpreter->registerFile();
+    if (registerFile.globalObject() == this) {
+        registerFile.setGlobalObject(0);
+        registerFile.setNumGlobals(0);
+    }
+    delete d();
+}
+
+void JSGlobalObject::init(JSObject* thisValue)
+{
+    ASSERT(JSLock::currentThreadIsHoldingLock());
+
+    d()->globalData = Heap::heap(this)->globalData();
+    d()->globalScopeChain = ScopeChain(this, d()->globalData.get(), thisValue);
+
+    JSGlobalObject::globalExec()->init(0, 0, d()->globalScopeChain.node(), CallFrame::noCaller(), 0, 0, 0);
+
+    if (JSGlobalObject*& headObject = head()) {
+        d()->prev = headObject;
+        d()->next = headObject->d()->next;
+        headObject->d()->next->d()->prev = this;
+        headObject->d()->next = this;
+    } else
+        headObject = d()->next = d()->prev = this;
+
+    d()->recursion = 0;
+    d()->debugger = 0;
+
+    d()->profileGroup = 0;
+
+    reset(prototype());
+}
+
+void JSGlobalObject::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (symbolTablePut(propertyName, value))
+        return;
+    JSVariableObject::put(exec, propertyName, value, slot);
+}
+
+void JSGlobalObject::putWithAttributes(ExecState* exec, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (symbolTablePutWithAttributes(propertyName, value, attributes))
+        return;
+
+    JSValue valueBefore = getDirect(propertyName);
+    PutPropertySlot slot;
+    JSVariableObject::put(exec, propertyName, value, slot);
+    if (!valueBefore) {
+        JSValue valueAfter = getDirect(propertyName);
+        if (valueAfter)
+            JSObject::putWithAttributes(exec, propertyName, valueAfter, attributes);
+    }
+}
+
+void JSGlobalObject::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunc, unsigned attributes)
+{
+    PropertySlot slot;
+    if (!symbolTableGet(propertyName, slot))
+        JSVariableObject::defineGetter(exec, propertyName, getterFunc, attributes);
+}
+
+void JSGlobalObject::defineSetter(ExecState* exec, const Identifier& propertyName, JSObject* setterFunc, unsigned attributes)
+{
+    PropertySlot slot;
+    if (!symbolTableGet(propertyName, slot))
+        JSVariableObject::defineSetter(exec, propertyName, setterFunc, attributes);
+}
+
+static inline JSObject* lastInPrototypeChain(JSObject* object)
+{
+    JSObject* o = object;
+    while (o->prototype().isObject())
+        o = asObject(o->prototype());
+    return o;
+}
+
+void JSGlobalObject::reset(JSValue prototype)
+{
+    ExecState* exec = JSGlobalObject::globalExec();
+
+    // Prototypes
+
+    d()->functionPrototype = new (exec) FunctionPrototype(exec, FunctionPrototype::createStructure(jsNull())); // The real prototype will be set once ObjectPrototype is created.
+    d()->prototypeFunctionStructure = PrototypeFunction::createStructure(d()->functionPrototype);
+    NativeFunctionWrapper* callFunction = 0;
+    NativeFunctionWrapper* applyFunction = 0;
+    d()->functionPrototype->addFunctionProperties(exec, d()->prototypeFunctionStructure.get(), &callFunction, &applyFunction);
+    d()->callFunction = callFunction;
+    d()->applyFunction = applyFunction;
+    d()->objectPrototype = new (exec) ObjectPrototype(exec, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get());
+    d()->functionPrototype->structure()->setPrototypeWithoutTransition(d()->objectPrototype);
+
+    d()->emptyObjectStructure = d()->objectPrototype->inheritorID();
+
+    d()->functionStructure = JSFunction::createStructure(d()->functionPrototype);
+    d()->callbackFunctionStructure = JSCallbackFunction::createStructure(d()->functionPrototype);
+    d()->argumentsStructure = Arguments::createStructure(d()->objectPrototype);
+    d()->callbackConstructorStructure = JSCallbackConstructor::createStructure(d()->objectPrototype);
+    d()->callbackObjectStructure = JSCallbackObject<JSObject>::createStructure(d()->objectPrototype);
+
+    d()->arrayPrototype = new (exec) ArrayPrototype(ArrayPrototype::createStructure(d()->objectPrototype));
+    d()->arrayStructure = JSArray::createStructure(d()->arrayPrototype);
+    d()->regExpMatchesArrayStructure = RegExpMatchesArray::createStructure(d()->arrayPrototype);
+
+    d()->stringPrototype = new (exec) StringPrototype(exec, StringPrototype::createStructure(d()->objectPrototype));
+    d()->stringObjectStructure = StringObject::createStructure(d()->stringPrototype);
+
+    d()->booleanPrototype = new (exec) BooleanPrototype(exec, BooleanPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->booleanObjectStructure = BooleanObject::createStructure(d()->booleanPrototype);
+
+    d()->numberPrototype = new (exec) NumberPrototype(exec, NumberPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->numberObjectStructure = NumberObject::createStructure(d()->numberPrototype);
+
+    d()->datePrototype = new (exec) DatePrototype(exec, DatePrototype::createStructure(d()->objectPrototype));
+    d()->dateStructure = DateInstance::createStructure(d()->datePrototype);
+
+    d()->regExpPrototype = new (exec) RegExpPrototype(exec, RegExpPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->regExpStructure = RegExpObject::createStructure(d()->regExpPrototype);
+
+    d()->methodCallDummy = constructEmptyObject(exec);
+
+    ErrorPrototype* errorPrototype = new (exec) ErrorPrototype(exec, ErrorPrototype::createStructure(d()->objectPrototype), d()->prototypeFunctionStructure.get());
+    d()->errorStructure = ErrorInstance::createStructure(errorPrototype);
+
+    RefPtr<Structure> nativeErrorPrototypeStructure = NativeErrorPrototype::createStructure(errorPrototype);
+
+    NativeErrorPrototype* evalErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "EvalError", "EvalError");
+    NativeErrorPrototype* rangeErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "RangeError", "RangeError");
+    NativeErrorPrototype* referenceErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "ReferenceError", "ReferenceError");
+    NativeErrorPrototype* syntaxErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "SyntaxError", "SyntaxError");
+    NativeErrorPrototype* typeErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "TypeError", "TypeError");
+    NativeErrorPrototype* URIErrorPrototype = new (exec) NativeErrorPrototype(exec, nativeErrorPrototypeStructure, "URIError", "URIError");
+
+    // Constructors
+
+    JSCell* objectConstructor = new (exec) ObjectConstructor(exec, ObjectConstructor::createStructure(d()->functionPrototype), d()->objectPrototype, d()->prototypeFunctionStructure.get());
+    JSCell* functionConstructor = new (exec) FunctionConstructor(exec, FunctionConstructor::createStructure(d()->functionPrototype), d()->functionPrototype);
+    JSCell* arrayConstructor = new (exec) ArrayConstructor(exec, ArrayConstructor::createStructure(d()->functionPrototype), d()->arrayPrototype, d()->prototypeFunctionStructure.get());
+    JSCell* stringConstructor = new (exec) StringConstructor(exec, StringConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->stringPrototype);
+    JSCell* booleanConstructor = new (exec) BooleanConstructor(exec, BooleanConstructor::createStructure(d()->functionPrototype), d()->booleanPrototype);
+    JSCell* numberConstructor = new (exec) NumberConstructor(exec, NumberConstructor::createStructure(d()->functionPrototype), d()->numberPrototype);
+    JSCell* dateConstructor = new (exec) DateConstructor(exec, DateConstructor::createStructure(d()->functionPrototype), d()->prototypeFunctionStructure.get(), d()->datePrototype);
+
+    d()->regExpConstructor = new (exec) RegExpConstructor(exec, RegExpConstructor::createStructure(d()->functionPrototype), d()->regExpPrototype);
+
+    d()->errorConstructor = new (exec) ErrorConstructor(exec, ErrorConstructor::createStructure(d()->functionPrototype), errorPrototype);
+
+    RefPtr<Structure> nativeErrorStructure = NativeErrorConstructor::createStructure(d()->functionPrototype);
+
+    d()->evalErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, evalErrorPrototype);
+    d()->rangeErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, rangeErrorPrototype);
+    d()->referenceErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, referenceErrorPrototype);
+    d()->syntaxErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, syntaxErrorPrototype);
+    d()->typeErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, typeErrorPrototype);
+    d()->URIErrorConstructor = new (exec) NativeErrorConstructor(exec, nativeErrorStructure, URIErrorPrototype);
+
+    d()->objectPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, objectConstructor, DontEnum);
+    d()->functionPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, functionConstructor, DontEnum);
+    d()->arrayPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, arrayConstructor, DontEnum);
+    d()->booleanPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, booleanConstructor, DontEnum);
+    d()->stringPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, stringConstructor, DontEnum);
+    d()->numberPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, numberConstructor, DontEnum);
+    d()->datePrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, dateConstructor, DontEnum);
+    d()->regExpPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, d()->regExpConstructor, DontEnum);
+    errorPrototype->putDirectFunctionWithoutTransition(exec->propertyNames().constructor, d()->errorConstructor, DontEnum);
+
+    evalErrorPrototype->putDirect(exec->propertyNames().constructor, d()->evalErrorConstructor, DontEnum);
+    rangeErrorPrototype->putDirect(exec->propertyNames().constructor, d()->rangeErrorConstructor, DontEnum);
+    referenceErrorPrototype->putDirect(exec->propertyNames().constructor, d()->referenceErrorConstructor, DontEnum);
+    syntaxErrorPrototype->putDirect(exec->propertyNames().constructor, d()->syntaxErrorConstructor, DontEnum);
+    typeErrorPrototype->putDirect(exec->propertyNames().constructor, d()->typeErrorConstructor, DontEnum);
+    URIErrorPrototype->putDirect(exec->propertyNames().constructor, d()->URIErrorConstructor, DontEnum);
+
+    // Set global constructors
+
+    // FIXME: These properties could be handled by a static hash table.
+
+    putDirectFunctionWithoutTransition(Identifier(exec, "Object"), objectConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Function"), functionConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Array"), arrayConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Boolean"), booleanConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "String"), stringConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Number"), numberConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Date"), dateConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "RegExp"), d()->regExpConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "Error"), d()->errorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "EvalError"), d()->evalErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "RangeError"), d()->rangeErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "ReferenceError"), d()->referenceErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "SyntaxError"), d()->syntaxErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "TypeError"), d()->typeErrorConstructor, DontEnum);
+    putDirectFunctionWithoutTransition(Identifier(exec, "URIError"), d()->URIErrorConstructor, DontEnum);
+
+    // Set global values.
+    GlobalPropertyInfo staticGlobals[] = {
+        GlobalPropertyInfo(Identifier(exec, "Math"), new (exec) MathObject(exec, MathObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "NaN"), jsNaN(exec), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "Infinity"), jsNumber(exec, Inf), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "undefined"), jsUndefined(), DontEnum | DontDelete),
+        GlobalPropertyInfo(Identifier(exec, "JSON"), new (exec) JSONObject(JSONObject::createStructure(d()->objectPrototype)), DontEnum | DontDelete)
+    };
+
+    addStaticGlobals(staticGlobals, sizeof(staticGlobals) / sizeof(GlobalPropertyInfo));
+
+    // Set global functions.
+
+    d()->evalFunction = new (exec) GlobalEvalFunction(exec, GlobalEvalFunction::createStructure(d()->functionPrototype), 1, exec->propertyNames().eval, globalFuncEval, this);
+    putDirectFunctionWithoutTransition(exec, d()->evalFunction, DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 2, Identifier(exec, "parseInt"), globalFuncParseInt), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "parseFloat"), globalFuncParseFloat), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isNaN"), globalFuncIsNaN), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "isFinite"), globalFuncIsFinite), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "escape"), globalFuncEscape), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "unescape"), globalFuncUnescape), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURI"), globalFuncDecodeURI), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "decodeURIComponent"), globalFuncDecodeURIComponent), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURI"), globalFuncEncodeURI), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "encodeURIComponent"), globalFuncEncodeURIComponent), DontEnum);
+#ifndef NDEBUG
+#ifndef QT_BUILD_SCRIPT_LIB
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, d()->prototypeFunctionStructure.get(), 1, Identifier(exec, "jscprint"), globalFuncJSCPrint), DontEnum);
+#endif
+#endif
+
+    resetPrototype(prototype);
+}
+
+// Set prototype, and also insert the object prototype at the end of the chain.
+void JSGlobalObject::resetPrototype(JSValue prototype)
+{
+    setPrototype(prototype);
+
+    JSObject* oldLastInPrototypeChain = lastInPrototypeChain(this);
+    JSObject* objectPrototype = d()->objectPrototype;
+    if (oldLastInPrototypeChain != objectPrototype)
+        oldLastInPrototypeChain->setPrototype(objectPrototype);
+}
+
+void JSGlobalObject::markChildren(MarkStack& markStack)
+{
+    JSVariableObject::markChildren(markStack);
+    
+    HashSet<GlobalCodeBlock*>::const_iterator end = codeBlocks().end();
+    for (HashSet<GlobalCodeBlock*>::const_iterator it = codeBlocks().begin(); it != end; ++it)
+        (*it)->markAggregate(markStack);
+
+    RegisterFile& registerFile = globalData()->interpreter->registerFile();
+    if (registerFile.globalObject() == this)
+        registerFile.markGlobals(markStack, &globalData()->heap);
+
+    markIfNeeded(markStack, d()->regExpConstructor);
+    markIfNeeded(markStack, d()->errorConstructor);
+    markIfNeeded(markStack, d()->evalErrorConstructor);
+    markIfNeeded(markStack, d()->rangeErrorConstructor);
+    markIfNeeded(markStack, d()->referenceErrorConstructor);
+    markIfNeeded(markStack, d()->syntaxErrorConstructor);
+    markIfNeeded(markStack, d()->typeErrorConstructor);
+    markIfNeeded(markStack, d()->URIErrorConstructor);
+
+    markIfNeeded(markStack, d()->evalFunction);
+    markIfNeeded(markStack, d()->callFunction);
+    markIfNeeded(markStack, d()->applyFunction);
+
+    markIfNeeded(markStack, d()->objectPrototype);
+    markIfNeeded(markStack, d()->functionPrototype);
+    markIfNeeded(markStack, d()->arrayPrototype);
+    markIfNeeded(markStack, d()->booleanPrototype);
+    markIfNeeded(markStack, d()->stringPrototype);
+    markIfNeeded(markStack, d()->numberPrototype);
+    markIfNeeded(markStack, d()->datePrototype);
+    markIfNeeded(markStack, d()->regExpPrototype);
+
+    markIfNeeded(markStack, d()->methodCallDummy);
+
+    markIfNeeded(markStack, d()->errorStructure);
+
+    // No need to mark the other structures, because their prototypes are all
+    // guaranteed to be referenced elsewhere.
+
+    Register* registerArray = d()->registerArray.get();
+    if (!registerArray)
+        return;
+
+    size_t size = d()->registerArraySize;
+    markStack.appendValues(reinterpret_cast<JSValue*>(registerArray), size);
+}
+
+ExecState* JSGlobalObject::globalExec()
+{
+    return CallFrame::create(d()->globalCallFrame + RegisterFile::CallFrameHeaderSize);
+}
+
+bool JSGlobalObject::isDynamicScope() const
+{
+    return true;
+}
+
+void JSGlobalObject::copyGlobalsFrom(RegisterFile& registerFile)
+{
+    ASSERT(!d()->registerArray);
+    ASSERT(!d()->registerArraySize);
+
+    int numGlobals = registerFile.numGlobals();
+    if (!numGlobals) {
+        d()->registers = 0;
+        return;
+    }
+    
+    Register* registerArray = copyRegisterArray(registerFile.lastGlobal(), numGlobals);
+    setRegisters(registerArray + numGlobals, registerArray, numGlobals);
+}
+
+void JSGlobalObject::copyGlobalsTo(RegisterFile& registerFile)
+{
+    JSGlobalObject* lastGlobalObject = registerFile.globalObject();
+    if (lastGlobalObject && lastGlobalObject != this)
+        lastGlobalObject->copyGlobalsFrom(registerFile);
+
+    registerFile.setGlobalObject(this);
+    registerFile.setNumGlobals(symbolTable().size());
+
+    if (d()->registerArray) {
+        memcpy(registerFile.start() - d()->registerArraySize, d()->registerArray.get(), d()->registerArraySize * sizeof(Register));
+        setRegisters(registerFile.start(), 0, 0);
+    }
+}
+
+void* JSGlobalObject::operator new(size_t size, JSGlobalData* globalData)
+{
+#ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+    return globalData->heap.inlineAllocate(size);
+#else
+    return globalData->heap.allocate(size);
+#endif
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h
new file mode 100644
index 000000000..7459c2e12
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObject.h
@@ -0,0 +1,433 @@
+/*
+ *  Copyright (C) 2007 Eric Seidel <eric@webkit.org>
+ *  Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSGlobalObject_h
+#define JSGlobalObject_h
+
+#include "JSGlobalData.h"
+#include "JSVariableObject.h"
+#include "NativeFunctionWrapper.h"
+#include "NumberPrototype.h"
+#include "StringPrototype.h"
+#include "StructureChain.h"
+#include <wtf/HashSet.h>
+#include <wtf/OwnPtr.h>
+
+namespace JSC {
+
+    class ArrayPrototype;
+    class BooleanPrototype;
+    class DatePrototype;
+    class Debugger;
+    class ErrorConstructor;
+    class FunctionPrototype;
+    class GlobalCodeBlock;
+    class GlobalEvalFunction;
+    class NativeErrorConstructor;
+    class ProgramCodeBlock;
+    class PrototypeFunction;
+    class RegExpConstructor;
+    class RegExpPrototype;
+    class RegisterFile;
+
+    struct ActivationStackNode;
+    struct HashTable;
+
+    typedef Vector<ExecState*, 16> ExecStateStack;
+
+    class JSGlobalObject : public JSVariableObject {
+    protected:
+        using JSVariableObject::JSVariableObjectData;
+
+        struct JSGlobalObjectData : public JSVariableObjectData {
+            JSGlobalObjectData()
+                : JSVariableObjectData(&symbolTable, 0)
+                , registerArraySize(0)
+                , globalScopeChain(NoScopeChain())
+                , regExpConstructor(0)
+                , errorConstructor(0)
+                , evalErrorConstructor(0)
+                , rangeErrorConstructor(0)
+                , referenceErrorConstructor(0)
+                , syntaxErrorConstructor(0)
+                , typeErrorConstructor(0)
+                , URIErrorConstructor(0)
+                , evalFunction(0)
+                , callFunction(0)
+                , applyFunction(0)
+                , objectPrototype(0)
+                , functionPrototype(0)
+                , arrayPrototype(0)
+                , booleanPrototype(0)
+                , stringPrototype(0)
+                , numberPrototype(0)
+                , datePrototype(0)
+                , regExpPrototype(0)
+                , methodCallDummy(0)
+            {
+            }
+            
+            virtual ~JSGlobalObjectData()
+            {
+            }
+
+            size_t registerArraySize;
+
+            JSGlobalObject* next;
+            JSGlobalObject* prev;
+
+            Debugger* debugger;
+            
+            ScopeChain globalScopeChain;
+            Register globalCallFrame[RegisterFile::CallFrameHeaderSize];
+
+            int recursion;
+
+            RegExpConstructor* regExpConstructor;
+            ErrorConstructor* errorConstructor;
+            NativeErrorConstructor* evalErrorConstructor;
+            NativeErrorConstructor* rangeErrorConstructor;
+            NativeErrorConstructor* referenceErrorConstructor;
+            NativeErrorConstructor* syntaxErrorConstructor;
+            NativeErrorConstructor* typeErrorConstructor;
+            NativeErrorConstructor* URIErrorConstructor;
+
+            GlobalEvalFunction* evalFunction;
+            NativeFunctionWrapper* callFunction;
+            NativeFunctionWrapper* applyFunction;
+
+            ObjectPrototype* objectPrototype;
+            FunctionPrototype* functionPrototype;
+            ArrayPrototype* arrayPrototype;
+            BooleanPrototype* booleanPrototype;
+            StringPrototype* stringPrototype;
+            NumberPrototype* numberPrototype;
+            DatePrototype* datePrototype;
+            RegExpPrototype* regExpPrototype;
+
+            JSObject* methodCallDummy;
+
+            RefPtr<Structure> argumentsStructure;
+            RefPtr<Structure> arrayStructure;
+            RefPtr<Structure> booleanObjectStructure;
+            RefPtr<Structure> callbackConstructorStructure;
+            RefPtr<Structure> callbackFunctionStructure;
+            RefPtr<Structure> callbackObjectStructure;
+            RefPtr<Structure> dateStructure;
+            RefPtr<Structure> emptyObjectStructure;
+            RefPtr<Structure> errorStructure;
+            RefPtr<Structure> functionStructure;
+            RefPtr<Structure> numberObjectStructure;
+            RefPtr<Structure> prototypeFunctionStructure;
+            RefPtr<Structure> regExpMatchesArrayStructure;
+            RefPtr<Structure> regExpStructure;
+            RefPtr<Structure> stringObjectStructure;
+
+            SymbolTable symbolTable;
+            unsigned profileGroup;
+
+            RefPtr<JSGlobalData> globalData;
+
+            HashSet<GlobalCodeBlock*> codeBlocks;
+        };
+
+    public:
+        void* operator new(size_t, JSGlobalData*);
+
+        explicit JSGlobalObject()
+            : JSVariableObject(JSGlobalObject::createStructure(jsNull()), new JSGlobalObjectData)
+        {
+            init(this);
+        }
+
+    protected:
+        JSGlobalObject(PassRefPtr<Structure> structure, JSGlobalObjectData* data, JSObject* thisValue)
+            : JSVariableObject(structure, data)
+        {
+            init(thisValue);
+        }
+
+    public:
+        virtual ~JSGlobalObject();
+
+        virtual void markChildren(MarkStack&);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual bool hasOwnPropertyForWrite(ExecState*, const Identifier&);
+        virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
+        virtual void putWithAttributes(ExecState*, const Identifier& propertyName, JSValue value, unsigned attributes);
+
+        virtual void defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunc, unsigned attributes);
+        virtual void defineSetter(ExecState*, const Identifier& propertyName, JSObject* setterFunc, unsigned attributes);
+
+        // Linked list of all global objects that use the same JSGlobalData.
+        JSGlobalObject*& head() { return d()->globalData->head; }
+        JSGlobalObject* next() { return d()->next; }
+
+        // The following accessors return pristine values, even if a script 
+        // replaces the global object's associated property.
+
+        RegExpConstructor* regExpConstructor() const { return d()->regExpConstructor; }
+
+        ErrorConstructor* errorConstructor() const { return d()->errorConstructor; }
+        NativeErrorConstructor* evalErrorConstructor() const { return d()->evalErrorConstructor; }
+        NativeErrorConstructor* rangeErrorConstructor() const { return d()->rangeErrorConstructor; }
+        NativeErrorConstructor* referenceErrorConstructor() const { return d()->referenceErrorConstructor; }
+        NativeErrorConstructor* syntaxErrorConstructor() const { return d()->syntaxErrorConstructor; }
+        NativeErrorConstructor* typeErrorConstructor() const { return d()->typeErrorConstructor; }
+        NativeErrorConstructor* URIErrorConstructor() const { return d()->URIErrorConstructor; }
+
+        GlobalEvalFunction* evalFunction() const { return d()->evalFunction; }
+
+        ObjectPrototype* objectPrototype() const { return d()->objectPrototype; }
+        FunctionPrototype* functionPrototype() const { return d()->functionPrototype; }
+        ArrayPrototype* arrayPrototype() const { return d()->arrayPrototype; }
+        BooleanPrototype* booleanPrototype() const { return d()->booleanPrototype; }
+        StringPrototype* stringPrototype() const { return d()->stringPrototype; }
+        NumberPrototype* numberPrototype() const { return d()->numberPrototype; }
+        DatePrototype* datePrototype() const { return d()->datePrototype; }
+        RegExpPrototype* regExpPrototype() const { return d()->regExpPrototype; }
+
+        JSObject* methodCallDummy() const { return d()->methodCallDummy; }
+
+        Structure* argumentsStructure() const { return d()->argumentsStructure.get(); }
+        Structure* arrayStructure() const { return d()->arrayStructure.get(); }
+        Structure* booleanObjectStructure() const { return d()->booleanObjectStructure.get(); }
+        Structure* callbackConstructorStructure() const { return d()->callbackConstructorStructure.get(); }
+        Structure* callbackFunctionStructure() const { return d()->callbackFunctionStructure.get(); }
+        Structure* callbackObjectStructure() const { return d()->callbackObjectStructure.get(); }
+        Structure* dateStructure() const { return d()->dateStructure.get(); }
+        Structure* emptyObjectStructure() const { return d()->emptyObjectStructure.get(); }
+        Structure* errorStructure() const { return d()->errorStructure.get(); }
+        Structure* functionStructure() const { return d()->functionStructure.get(); }
+        Structure* numberObjectStructure() const { return d()->numberObjectStructure.get(); }
+        Structure* prototypeFunctionStructure() const { return d()->prototypeFunctionStructure.get(); }
+        Structure* regExpMatchesArrayStructure() const { return d()->regExpMatchesArrayStructure.get(); }
+        Structure* regExpStructure() const { return d()->regExpStructure.get(); }
+        Structure* stringObjectStructure() const { return d()->stringObjectStructure.get(); }
+
+        void setProfileGroup(unsigned value) { d()->profileGroup = value; }
+        unsigned profileGroup() const { return d()->profileGroup; }
+
+        Debugger* debugger() const { return d()->debugger; }
+        void setDebugger(Debugger* debugger)
+        {
+            d()->debugger = debugger;
+        }
+        
+        virtual bool supportsProfiling() const { return false; }
+        
+        int recursion() { return d()->recursion; }
+        void incRecursion() { ++d()->recursion; }
+        void decRecursion() { --d()->recursion; }
+        
+        ScopeChain& globalScopeChain() { return d()->globalScopeChain; }
+
+        virtual bool isGlobalObject() const { return true; }
+
+        virtual ExecState* globalExec();
+
+        virtual bool shouldInterruptScript() const { return true; }
+
+        virtual bool allowsAccessFrom(const JSGlobalObject*) const { return true; }
+
+        virtual bool isDynamicScope() const;
+
+        HashSet<GlobalCodeBlock*>& codeBlocks() { return d()->codeBlocks; }
+
+        void copyGlobalsFrom(RegisterFile&);
+        void copyGlobalsTo(RegisterFile&);
+        
+        void resetPrototype(JSValue prototype);
+
+        JSGlobalData* globalData() { return d()->globalData.get(); }
+        JSGlobalObjectData* d() const { return static_cast<JSGlobalObjectData*>(JSVariableObject::d); }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType));
+        }
+
+    protected:
+        struct GlobalPropertyInfo {
+            GlobalPropertyInfo(const Identifier& i, JSValue v, unsigned a)
+                : identifier(i)
+                , value(v)
+                , attributes(a)
+            {
+            }
+
+            const Identifier identifier;
+            JSValue value;
+            unsigned attributes;
+        };
+        void addStaticGlobals(GlobalPropertyInfo*, int count);
+
+    private:
+        // FIXME: Fold reset into init.
+        void init(JSObject* thisValue);
+        void reset(JSValue prototype);
+
+        void setRegisters(Register* registers, Register* registerArray, size_t count);
+
+        void* operator new(size_t); // can only be allocated with JSGlobalData
+    };
+
+    JSGlobalObject* asGlobalObject(JSValue);
+
+    inline JSGlobalObject* asGlobalObject(JSValue value)
+    {
+        ASSERT(asObject(value)->isGlobalObject());
+        return static_cast<JSGlobalObject*>(asObject(value));
+    }
+
+    inline void JSGlobalObject::setRegisters(Register* registers, Register* registerArray, size_t count)
+    {
+        JSVariableObject::setRegisters(registers, registerArray);
+        d()->registerArraySize = count;
+    }
+
+    inline void JSGlobalObject::addStaticGlobals(GlobalPropertyInfo* globals, int count)
+    {
+        size_t oldSize = d()->registerArraySize;
+        size_t newSize = oldSize + count;
+        Register* registerArray = new Register[newSize];
+        if (d()->registerArray)
+            memcpy(registerArray + count, d()->registerArray.get(), oldSize * sizeof(Register));
+        setRegisters(registerArray + newSize, registerArray, newSize);
+
+        for (int i = 0, index = -static_cast<int>(oldSize) - 1; i < count; ++i, --index) {
+            GlobalPropertyInfo& global = globals[i];
+            ASSERT(global.attributes & DontDelete);
+            SymbolTableEntry newEntry(index, global.attributes);
+            symbolTable().add(global.identifier.ustring().rep(), newEntry);
+            registerAt(index) = global.value;
+        }
+    }
+
+    inline bool JSGlobalObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+    {
+        if (JSVariableObject::getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+        return symbolTableGet(propertyName, slot);
+    }
+
+    inline bool JSGlobalObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+    {
+        if (symbolTableGet(propertyName, descriptor))
+            return true;
+        return JSVariableObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+    }
+
+    inline bool JSGlobalObject::hasOwnPropertyForWrite(ExecState* exec, const Identifier& propertyName)
+    {
+        PropertySlot slot;
+        if (JSVariableObject::getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+        bool slotIsWriteable;
+        return symbolTableGet(propertyName, slot, slotIsWriteable);
+    }
+
+    inline JSGlobalObject* ScopeChainNode::globalObject() const
+    {
+        const ScopeChainNode* n = this;
+        while (n->next)
+            n = n->next;
+        return asGlobalObject(n->object);
+    }
+
+    inline JSValue Structure::prototypeForLookup(ExecState* exec) const
+    {
+        if (typeInfo().type() == ObjectType)
+            return m_prototype;
+
+#if USE(JSVALUE32)
+        if (typeInfo().type() == StringType)
+            return exec->lexicalGlobalObject()->stringPrototype();
+
+        ASSERT(typeInfo().type() == NumberType);
+        return exec->lexicalGlobalObject()->numberPrototype();
+#else
+        ASSERT(typeInfo().type() == StringType);
+        return exec->lexicalGlobalObject()->stringPrototype();
+#endif
+    }
+
+    inline StructureChain* Structure::prototypeChain(ExecState* exec) const
+    {
+        // We cache our prototype chain so our clients can share it.
+        if (!isValid(exec, m_cachedPrototypeChain.get())) {
+            JSValue prototype = prototypeForLookup(exec);
+            m_cachedPrototypeChain = StructureChain::create(prototype.isNull() ? 0 : asObject(prototype)->structure());
+        }
+        return m_cachedPrototypeChain.get();
+    }
+
+    inline bool Structure::isValid(ExecState* exec, StructureChain* cachedPrototypeChain) const
+    {
+        if (!cachedPrototypeChain)
+            return false;
+
+        JSValue prototype = prototypeForLookup(exec);
+        RefPtr<Structure>* cachedStructure = cachedPrototypeChain->head();
+        while(*cachedStructure && !prototype.isNull()) {
+            if (asObject(prototype)->structure() != *cachedStructure)
+                return false;
+            ++cachedStructure;
+            prototype = asObject(prototype)->prototype();
+        }
+        return prototype.isNull() && !*cachedStructure;
+    }
+
+    inline JSGlobalObject* ExecState::dynamicGlobalObject()
+    {
+        if (this == lexicalGlobalObject()->globalExec())
+            return lexicalGlobalObject();
+
+        // For any ExecState that's not a globalExec, the 
+        // dynamic global object must be set since code is running
+        ASSERT(globalData().dynamicGlobalObject);
+        return globalData().dynamicGlobalObject;
+    }
+
+    class DynamicGlobalObjectScope : public Noncopyable {
+    public:
+        DynamicGlobalObjectScope(CallFrame* callFrame, JSGlobalObject* dynamicGlobalObject) 
+            : m_dynamicGlobalObjectSlot(callFrame->globalData().dynamicGlobalObject)
+            , m_savedDynamicGlobalObject(m_dynamicGlobalObjectSlot)
+        {
+            m_dynamicGlobalObjectSlot = dynamicGlobalObject;
+        }
+
+        ~DynamicGlobalObjectScope()
+        {
+            m_dynamicGlobalObjectSlot = m_savedDynamicGlobalObject;
+        }
+
+    private:
+        JSGlobalObject*& m_dynamicGlobalObjectSlot;
+        JSGlobalObject* m_savedDynamicGlobalObject;
+    };
+
+} // namespace JSC
+
+#endif // JSGlobalObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
new file mode 100644
index 000000000..5ded3708a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
@@ -0,0 +1,439 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSGlobalObjectFunctions.h"
+
+#include "CallFrame.h"
+#include "GlobalEvalFunction.h"
+#include "JSGlobalObject.h"
+#include "LiteralParser.h"
+#include "JSString.h"
+#include "Interpreter.h"
+#include "Parser.h"
+#include "dtoa.h"
+#include "Lexer.h"
+#include "Nodes.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <wtf/ASCIICType.h>
+#include <wtf/Assertions.h>
+#include <wtf/MathExtras.h>
+#include <wtf/unicode/UTF8.h>
+
+using namespace WTF;
+using namespace Unicode;
+
+namespace JSC {
+
+static JSValue encode(ExecState* exec, const ArgList& args, const char* doNotEscape)
+{
+    UString str = args.at(0).toString(exec);
+    CString cstr = str.UTF8String(true);
+    if (!cstr.c_str())
+        return throwError(exec, URIError, "String contained an illegal UTF-16 sequence.");
+
+    UString result = "";
+    const char* p = cstr.c_str();
+    for (size_t k = 0; k < cstr.size(); k++, p++) {
+        char c = *p;
+        if (c && strchr(doNotEscape, c))
+            result.append(c);
+        else {
+            char tmp[4];
+            sprintf(tmp, "%%%02X", static_cast<unsigned char>(c));
+            result += tmp;
+        }
+    }
+    return jsString(exec, result);
+}
+
+static JSValue decode(ExecState* exec, const ArgList& args, const char* doNotUnescape, bool strict)
+{
+    UString result = "";
+    UString str = args.at(0).toString(exec);
+    int k = 0;
+    int len = str.size();
+    const UChar* d = str.data();
+    UChar u = 0;
+    while (k < len) {
+        const UChar* p = d + k;
+        UChar c = *p;
+        if (c == '%') {
+            int charLen = 0;
+            if (k <= len - 3 && isASCIIHexDigit(p[1]) && isASCIIHexDigit(p[2])) {
+                const char b0 = Lexer::convertHex(p[1], p[2]);
+                const int sequenceLen = UTF8SequenceLength(b0);
+                if (sequenceLen != 0 && k <= len - sequenceLen * 3) {
+                    charLen = sequenceLen * 3;
+                    char sequence[5];
+                    sequence[0] = b0;
+                    for (int i = 1; i < sequenceLen; ++i) {
+                        const UChar* q = p + i * 3;
+                        if (q[0] == '%' && isASCIIHexDigit(q[1]) && isASCIIHexDigit(q[2]))
+                            sequence[i] = Lexer::convertHex(q[1], q[2]);
+                        else {
+                            charLen = 0;
+                            break;
+                        }
+                    }
+                    if (charLen != 0) {
+                        sequence[sequenceLen] = 0;
+                        const int character = decodeUTF8Sequence(sequence);
+                        if (character < 0 || character >= 0x110000)
+                            charLen = 0;
+                        else if (character >= 0x10000) {
+                            // Convert to surrogate pair.
+                            result.append(static_cast<UChar>(0xD800 | ((character - 0x10000) >> 10)));
+                            u = static_cast<UChar>(0xDC00 | ((character - 0x10000) & 0x3FF));
+                        } else
+                            u = static_cast<UChar>(character);
+                    }
+                }
+            }
+            if (charLen == 0) {
+                if (strict)
+                    return throwError(exec, URIError);
+                // The only case where we don't use "strict" mode is the "unescape" function.
+                // For that, it's good to support the wonky "%u" syntax for compatibility with WinIE.
+                if (k <= len - 6 && p[1] == 'u'
+                        && isASCIIHexDigit(p[2]) && isASCIIHexDigit(p[3])
+                        && isASCIIHexDigit(p[4]) && isASCIIHexDigit(p[5])) {
+                    charLen = 6;
+                    u = Lexer::convertUnicode(p[2], p[3], p[4], p[5]);
+                }
+            }
+            if (charLen && (u == 0 || u >= 128 || !strchr(doNotUnescape, u))) {
+                c = u;
+                k += charLen - 1;
+            }
+        }
+        k++;
+        result.append(c);
+    }
+    return jsString(exec, result);
+}
+
+bool isStrWhiteSpace(UChar c)
+{
+    switch (c) {
+        case 0x0009:
+        case 0x000A:
+        case 0x000B:
+        case 0x000C:
+        case 0x000D:
+        case 0x0020:
+        case 0x00A0:
+        case 0x2028:
+        case 0x2029:
+            return true;
+        default:
+            return c > 0xff && isSeparatorSpace(c);
+    }
+}
+
+static int parseDigit(unsigned short c, int radix)
+{
+    int digit = -1;
+
+    if (c >= '0' && c <= '9')
+        digit = c - '0';
+    else if (c >= 'A' && c <= 'Z')
+        digit = c - 'A' + 10;
+    else if (c >= 'a' && c <= 'z')
+        digit = c - 'a' + 10;
+
+    if (digit >= radix)
+        return -1;
+    return digit;
+}
+
+double parseIntOverflow(const char* s, int length, int radix)
+{
+    double number = 0.0;
+    double radixMultiplier = 1.0;
+
+    for (const char* p = s + length - 1; p >= s; p--) {
+        if (radixMultiplier == Inf) {
+            if (*p != '0') {
+                number = Inf;
+                break;
+            }
+        } else {
+            int digit = parseDigit(*p, radix);
+            number += digit * radixMultiplier;
+        }
+
+        radixMultiplier *= radix;
+    }
+
+    return number;
+}
+
+static double parseInt(const UString& s, int radix)
+{
+    int length = s.size();
+    const UChar* data = s.data();
+    int p = 0;
+
+    while (p < length && isStrWhiteSpace(data[p]))
+        ++p;
+
+    double sign = 1;
+    if (p < length) {
+        if (data[p] == '+')
+            ++p;
+        else if (data[p] == '-') {
+            sign = -1;
+            ++p;
+        }
+    }
+
+    if ((radix == 0 || radix == 16) && length - p >= 2 && data[p] == '0' && (data[p + 1] == 'x' || data[p + 1] == 'X')) {
+        radix = 16;
+        p += 2;
+    } else if (radix == 0) {
+        if (p < length && data[p] == '0')
+            radix = 8;
+        else
+            radix = 10;
+    }
+
+    if (radix < 2 || radix > 36)
+        return NaN;
+
+    int firstDigitPosition = p;
+    bool sawDigit = false;
+    double number = 0;
+    while (p < length) {
+        int digit = parseDigit(data[p], radix);
+        if (digit == -1)
+            break;
+        sawDigit = true;
+        number *= radix;
+        number += digit;
+        ++p;
+    }
+
+    if (number >= mantissaOverflowLowerBound) {
+        if (radix == 10)
+            number = WTF::strtod(s.substr(firstDigitPosition, p - firstDigitPosition).ascii(), 0);
+        else if (radix == 2 || radix == 4 || radix == 8 || radix == 16 || radix == 32)
+            number = parseIntOverflow(s.substr(firstDigitPosition, p - firstDigitPosition).ascii(), p - firstDigitPosition, radix);
+    }
+
+    if (!sawDigit)
+        return NaN;
+
+    return sign * number;
+}
+
+static double parseFloat(const UString& s)
+{
+    // Check for 0x prefix here, because toDouble allows it, but we must treat it as 0.
+    // Need to skip any whitespace and then one + or - sign.
+    int length = s.size();
+    const UChar* data = s.data();
+    int p = 0;
+    while (p < length && isStrWhiteSpace(data[p]))
+        ++p;
+
+    if (p < length && (data[p] == '+' || data[p] == '-'))
+        ++p;
+
+    if (length - p >= 2 && data[p] == '0' && (data[p + 1] == 'x' || data[p + 1] == 'X'))
+        return 0;
+
+    return s.toDouble(true /*tolerant*/, false /* NaN for empty string */);
+}
+
+JSValue JSC_HOST_CALL globalFuncEval(ExecState* exec, JSObject* function, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObject = thisValue.toThisObject(exec);
+    JSObject* unwrappedObject = thisObject->unwrappedObject();
+    if (!unwrappedObject->isGlobalObject() || static_cast<JSGlobalObject*>(unwrappedObject)->evalFunction() != function)
+        return throwError(exec, EvalError, "The \"this\" value passed to eval must be the global object from which eval originated");
+
+    JSValue x = args.at(0);
+    if (!x.isString())
+        return x;
+
+    UString s = x.toString(exec);
+
+    LiteralParser preparser(exec, s, LiteralParser::NonStrictJSON);
+    if (JSValue parsedObject = preparser.tryLiteralParse())
+        return parsedObject;
+
+    EvalExecutable eval(exec, makeSource(s));
+    JSObject* error = eval.compile(exec, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain().node());
+    if (error)
+        return throwError(exec, error);
+
+    return exec->interpreter()->execute(&eval, exec, thisObject, static_cast<JSGlobalObject*>(unwrappedObject)->globalScopeChain().node(), exec->exceptionSlot());
+}
+
+JSValue JSC_HOST_CALL globalFuncParseInt(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    JSValue value = args.at(0);
+    int32_t radix = args.at(1).toInt32(exec);
+
+    if (radix != 0 && radix != 10)
+        return jsNumber(exec, parseInt(value.toString(exec), radix));
+
+    if (value.isInt32())
+        return value;
+
+    if (value.isDouble()) {
+        double d = value.asDouble();
+        if (isfinite(d))
+            return jsNumber(exec, (d > 0) ? floor(d) : ceil(d));
+        if (isnan(d) || isinf(d))
+            return jsNaN(exec);
+        return jsNumber(exec, 0);
+    }
+
+    return jsNumber(exec, parseInt(value.toString(exec), radix));
+}
+
+JSValue JSC_HOST_CALL globalFuncParseFloat(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, parseFloat(args.at(0).toString(exec)));
+}
+
+JSValue JSC_HOST_CALL globalFuncIsNaN(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsBoolean(isnan(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL globalFuncIsFinite(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    double n = args.at(0).toNumber(exec);
+    return jsBoolean(!isnan(n) && !isinf(n));
+}
+
+JSValue JSC_HOST_CALL globalFuncDecodeURI(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    static const char do_not_unescape_when_decoding_URI[] =
+        "#$&+,/:;=?@";
+
+    return decode(exec, args, do_not_unescape_when_decoding_URI, true);
+}
+
+JSValue JSC_HOST_CALL globalFuncDecodeURIComponent(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return decode(exec, args, "", true);
+}
+
+JSValue JSC_HOST_CALL globalFuncEncodeURI(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    static const char do_not_escape_when_encoding_URI[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        "abcdefghijklmnopqrstuvwxyz"
+        "0123456789"
+        "!#$&'()*+,-./:;=?@_~";
+
+    return encode(exec, args, do_not_escape_when_encoding_URI);
+}
+
+JSValue JSC_HOST_CALL globalFuncEncodeURIComponent(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    static const char do_not_escape_when_encoding_URI_component[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        "abcdefghijklmnopqrstuvwxyz"
+        "0123456789"
+        "!'()*-._~";
+
+    return encode(exec, args, do_not_escape_when_encoding_URI_component);
+}
+
+JSValue JSC_HOST_CALL globalFuncEscape(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    static const char do_not_escape[] =
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+        "abcdefghijklmnopqrstuvwxyz"
+        "0123456789"
+        "*+-./@_";
+
+    UString result = "";
+    UString s;
+    UString str = args.at(0).toString(exec);
+    const UChar* c = str.data();
+    for (int k = 0; k < str.size(); k++, c++) {
+        int u = c[0];
+        if (u > 255) {
+            char tmp[7];
+            sprintf(tmp, "%%u%04X", u);
+            s = UString(tmp);
+        } else if (u != 0 && strchr(do_not_escape, static_cast<char>(u)))
+            s = UString(c, 1);
+        else {
+            char tmp[4];
+            sprintf(tmp, "%%%02X", u);
+            s = UString(tmp);
+        }
+        result += s;
+    }
+
+    return jsString(exec, result);
+}
+
+JSValue JSC_HOST_CALL globalFuncUnescape(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    UString result = "";
+    UString str = args.at(0).toString(exec);
+    int k = 0;
+    int len = str.size();
+    while (k < len) {
+        const UChar* c = str.data() + k;
+        UChar u;
+        if (c[0] == '%' && k <= len - 6 && c[1] == 'u') {
+            if (isASCIIHexDigit(c[2]) && isASCIIHexDigit(c[3]) && isASCIIHexDigit(c[4]) && isASCIIHexDigit(c[5])) {
+                u = Lexer::convertUnicode(c[2], c[3], c[4], c[5]);
+                c = &u;
+                k += 5;
+            }
+        } else if (c[0] == '%' && k <= len - 3 && isASCIIHexDigit(c[1]) && isASCIIHexDigit(c[2])) {
+            u = UChar(Lexer::convertHex(c[1], c[2]));
+            c = &u;
+            k += 2;
+        }
+        k++;
+        result.append(*c);
+    }
+
+    return jsString(exec, result);
+}
+
+#ifndef NDEBUG
+JSValue JSC_HOST_CALL globalFuncJSCPrint(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    CStringBuffer string;
+    args.at(0).toString(exec).getCString(string);
+    puts(string.data());
+    return jsUndefined();
+}
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.h
new file mode 100644
index 000000000..b1046f2dd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalObjectFunctions.h
@@ -0,0 +1,60 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSGlobalObjectFunctions_h
+#define JSGlobalObjectFunctions_h
+
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC {
+
+    class ArgList;
+    class ExecState;
+    class JSObject;
+    class JSValue;
+
+    // FIXME: These functions should really be in JSGlobalObject.cpp, but putting them there
+    // is a 0.5% reduction.
+
+    JSValue JSC_HOST_CALL globalFuncEval(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncParseInt(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncParseFloat(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncIsNaN(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncIsFinite(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncDecodeURI(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncDecodeURIComponent(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncEncodeURI(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncEncodeURIComponent(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncEscape(ExecState*, JSObject*, JSValue, const ArgList&);
+    JSValue JSC_HOST_CALL globalFuncUnescape(ExecState*, JSObject*, JSValue, const ArgList&);
+#ifndef NDEBUG
+    JSValue JSC_HOST_CALL globalFuncJSCPrint(ExecState*, JSObject*, JSValue, const ArgList&);
+#endif
+
+    static const double mantissaOverflowLowerBound = 9007199254740992.0;
+    double parseIntOverflow(const char*, int length, int radix);
+    bool isStrWhiteSpace(UChar);
+
+} // namespace JSC
+
+#endif // JSGlobalObjectFunctions_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.cpp
new file mode 100644
index 000000000..846238d93
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.cpp
@@ -0,0 +1,26 @@
+/*
+ *  Copyright (C) 2003-2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSImmediate.h"
+
+namespace JSC {
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.h
new file mode 100644
index 000000000..053b4c087
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSImmediate.h
@@ -0,0 +1,727 @@
+/*
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSImmediate_h
+#define JSImmediate_h
+
+#include <wtf/Platform.h>
+
+#if !USE(JSVALUE32_64)
+
+#include <wtf/Assertions.h>
+#include <wtf/AlwaysInline.h>
+#include <wtf/MathExtras.h>
+#include <wtf/StdLibExtras.h>
+#include "JSValue.h"
+#include <limits>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+namespace JSC {
+
+    class ExecState;
+    class JSCell;
+    class JSFastMath;
+    class JSGlobalData;
+    class JSObject;
+    class UString;
+
+#if USE(JSVALUE64)
+    inline intptr_t reinterpretDoubleToIntptr(double value)
+    {
+        return WTF::bitwise_cast<intptr_t>(value);
+    }
+
+    inline double reinterpretIntptrToDouble(intptr_t value)
+    {
+        return WTF::bitwise_cast<double>(value);
+    }
+#endif
+
+    /*
+     * A JSValue* is either a pointer to a cell (a heap-allocated object) or an immediate (a type-tagged 
+     * value masquerading as a pointer). The low two bits in a JSValue* are available for type tagging
+     * because allocator alignment guarantees they will be 00 in cell pointers.
+     *
+     * For example, on a 32 bit system:
+     *
+     * JSCell*:             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                     00
+     *                      [ high 30 bits: pointer address ]  [ low 2 bits -- always 0 ]
+     * JSImmediate:         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                     TT
+     *                      [ high 30 bits: 'payload' ]             [ low 2 bits -- tag ]
+     *
+     * Where the bottom two bits are non-zero they either indicate that the immediate is a 31 bit signed
+     * integer, or they mark the value as being an immediate of a type other than integer, with a secondary
+     * tag used to indicate the exact type.
+     *
+     * Where the lowest bit is set (TT is equal to 01 or 11) the high 31 bits form a 31 bit signed int value.
+     * Where TT is equal to 10 this indicates this is a type of immediate other than an integer, and the next
+     * two bits will form an extended tag.
+     *
+     * 31 bit signed int:   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                     X1
+     *                      [ high 30 bits of the value ]      [ high bit part of value ]
+     * Other:               YYYYYYYYYYYYYYYYYYYYYYYYYYYY      ZZ               10
+     *                      [ extended 'payload' ]  [  extended tag  ]  [  tag 'other'  ]
+     *
+     * Where the first bit of the extended tag is set this flags the value as being a boolean, and the following
+     * bit would flag the value as undefined.  If neither bits are set, the value is null.
+     *
+     * Other:               YYYYYYYYYYYYYYYYYYYYYYYYYYYY      UB               10
+     *                      [ extended 'payload' ]  [ undefined | bool ]  [ tag 'other' ]
+     *
+     * For boolean value the lowest bit in the payload holds the value of the bool, all remaining bits are zero.
+     * For undefined or null immediates the payload is zero.
+     *
+     * Boolean:             000000000000000000000000000V      01               10
+     *                      [ boolean value ]              [ bool ]       [ tag 'other' ]
+     * Undefined:           0000000000000000000000000000      10               10
+     *                      [ zero ]                    [ undefined ]     [ tag 'other' ]
+     * Null:                0000000000000000000000000000      00               10
+     *                      [ zero ]                       [ zero ]       [ tag 'other' ]
+     */
+
+    /*
+     * On 64-bit platforms, we support an alternative encoding form for immediates, if
+     * USE(JSVALUE64) is defined.  When this format is used, double precision
+     * floating point values may also be encoded as JSImmediates.
+     *
+     * The encoding makes use of unused NaN space in the IEEE754 representation.  Any value
+     * with the top 13 bits set represents a QNaN (with the sign bit set).  QNaN values
+     * can encode a 51-bit payload.  Hardware produced and C-library payloads typically
+     * have a payload of zero.  We assume that non-zero payloads are available to encode
+     * pointer and integer values.  Since any 64-bit bit pattern where the top 15 bits are
+     * all set represents a NaN with a non-zero payload, we can use this space in the NaN
+     * ranges to encode other values (however there are also other ranges of NaN space that
+     * could have been selected).  This range of NaN space is represented by 64-bit numbers
+     * begining with the 16-bit hex patterns 0xFFFE and 0xFFFF - we rely on the fact that no
+     * valid double-precision numbers will begin fall in these ranges.
+     *
+     * The scheme we have implemented encodes double precision values by adding 2^48 to the
+     * 64-bit integer representation of the number.  After this manipulation, no encoded
+     * double-precision value will begin with the pattern 0x0000 or 0xFFFF.
+     *
+     * The top 16-bits denote the type of the encoded JSImmediate:
+     *
+     * Pointer: 0000:PPPP:PPPP:PPPP
+     *          0001:****:****:****
+     * Double:{         ...
+     *          FFFE:****:****:****
+     * Integer: FFFF:0000:IIII:IIII
+     *
+     * 32-bit signed integers are marked with the 16-bit tag 0xFFFF.  The tag 0x0000
+     * denotes a pointer, or another form of tagged immediate.  Boolean, null and undefined
+     * values are encoded in the same manner as the default format.
+     */
+
+    class JSImmediate {
+#ifdef QT_BUILD_SCRIPT_LIB
+    public: // QtScript needs isImmediate() and from() functions
+#else
+    private:
+#endif
+        friend class JIT;
+        friend class JSValue;
+        friend class JSFastMath;
+        friend JSValue jsNumber(ExecState* exec, double d);
+        friend JSValue jsNumber(ExecState*, char i);
+        friend JSValue jsNumber(ExecState*, unsigned char i);
+        friend JSValue jsNumber(ExecState*, short i);
+        friend JSValue jsNumber(ExecState*, unsigned short i);
+        friend JSValue jsNumber(ExecState* exec, int i);
+        friend JSValue jsNumber(ExecState* exec, unsigned i);
+        friend JSValue jsNumber(ExecState* exec, long i);
+        friend JSValue jsNumber(ExecState* exec, unsigned long i);
+        friend JSValue jsNumber(ExecState* exec, long long i);
+        friend JSValue jsNumber(ExecState* exec, unsigned long long i);
+        friend JSValue jsNumber(JSGlobalData* globalData, double d);
+        friend JSValue jsNumber(JSGlobalData* globalData, short i);
+        friend JSValue jsNumber(JSGlobalData* globalData, unsigned short i);
+        friend JSValue jsNumber(JSGlobalData* globalData, int i);
+        friend JSValue jsNumber(JSGlobalData* globalData, unsigned i);
+        friend JSValue jsNumber(JSGlobalData* globalData, long i);
+        friend JSValue jsNumber(JSGlobalData* globalData, unsigned long i);
+        friend JSValue jsNumber(JSGlobalData* globalData, long long i);
+        friend JSValue jsNumber(JSGlobalData* globalData, unsigned long long i);
+
+#if USE(JSVALUE64)
+        // If all bits in the mask are set, this indicates an integer number,
+        // if any but not all are set this value is a double precision number.
+        static const intptr_t TagTypeNumber = 0xffff000000000000ll;
+        // This value is 2^48, used to encode doubles such that the encoded value will begin
+        // with a 16-bit pattern within the range 0x0001..0xFFFE.
+        static const intptr_t DoubleEncodeOffset = 0x1000000000000ll;
+#else
+        static const intptr_t TagTypeNumber = 0x1; // bottom bit set indicates integer, this dominates the following bit
+#endif
+        static const intptr_t TagBitTypeOther   = 0x2; // second bit set indicates immediate other than an integer
+        static const intptr_t TagMask           = TagTypeNumber | TagBitTypeOther;
+
+        static const intptr_t ExtendedTagMask         = 0xC; // extended tag holds a further two bits
+        static const intptr_t ExtendedTagBitBool      = 0x4;
+        static const intptr_t ExtendedTagBitUndefined = 0x8;
+
+        static const intptr_t FullTagTypeMask      = TagMask | ExtendedTagMask;
+        static const intptr_t FullTagTypeBool      = TagBitTypeOther | ExtendedTagBitBool;
+        static const intptr_t FullTagTypeUndefined = TagBitTypeOther | ExtendedTagBitUndefined;
+        static const intptr_t FullTagTypeNull      = TagBitTypeOther;
+
+#if USE(JSVALUE64)
+        static const int32_t IntegerPayloadShift  = 0;
+#else
+        static const int32_t IntegerPayloadShift  = 1;
+#endif
+        static const int32_t ExtendedPayloadShift = 4;
+
+        static const intptr_t ExtendedPayloadBitBoolValue = 1 << ExtendedPayloadShift;
+
+        static const int32_t signBit = 0x80000000;
+ 
+        static ALWAYS_INLINE bool isImmediate(JSValue v)
+        {
+            return rawValue(v) & TagMask;
+        }
+        
+        static ALWAYS_INLINE bool isNumber(JSValue v)
+        {
+            return rawValue(v) & TagTypeNumber;
+        }
+
+        static ALWAYS_INLINE bool isIntegerNumber(JSValue v)
+        {
+#if USE(JSVALUE64)
+            return (rawValue(v) & TagTypeNumber) == TagTypeNumber;
+#else
+            return isNumber(v);
+#endif
+        }
+
+#if USE(JSVALUE64)
+        static ALWAYS_INLINE bool isDouble(JSValue v)
+        {
+            return isNumber(v) && !isIntegerNumber(v);
+        }
+#endif
+
+        static ALWAYS_INLINE bool isPositiveIntegerNumber(JSValue v)
+        {
+            // A single mask to check for the sign bit and the number tag all at once.
+            return (rawValue(v) & (signBit | TagTypeNumber)) == TagTypeNumber;
+        }
+        
+        static ALWAYS_INLINE bool isBoolean(JSValue v)
+        {
+            return (rawValue(v) & FullTagTypeMask) == FullTagTypeBool;
+        }
+        
+        static ALWAYS_INLINE bool isUndefinedOrNull(JSValue v)
+        {
+            // Undefined and null share the same value, bar the 'undefined' bit in the extended tag.
+            return (rawValue(v) & ~ExtendedTagBitUndefined) == FullTagTypeNull;
+        }
+
+        static JSValue from(char);
+        static JSValue from(signed char);
+        static JSValue from(unsigned char);
+        static JSValue from(short);
+        static JSValue from(unsigned short);
+        static JSValue from(int);
+        static JSValue from(unsigned);
+        static JSValue from(long);
+        static JSValue from(unsigned long);
+        static JSValue from(long long);
+        static JSValue from(unsigned long long);
+        static JSValue from(double);
+
+        static ALWAYS_INLINE bool isEitherImmediate(JSValue v1, JSValue v2)
+        {
+            return (rawValue(v1) | rawValue(v2)) & TagMask;
+        }
+
+        static ALWAYS_INLINE bool areBothImmediate(JSValue v1, JSValue v2)
+        {
+            return isImmediate(v1) & isImmediate(v2);
+        }
+
+        static ALWAYS_INLINE bool areBothImmediateIntegerNumbers(JSValue v1, JSValue v2)
+        {
+#if USE(JSVALUE64)
+            return (rawValue(v1) & rawValue(v2) & TagTypeNumber) == TagTypeNumber;
+#else
+            return rawValue(v1) & rawValue(v2) & TagTypeNumber;
+#endif
+        }
+
+        static double toDouble(JSValue);
+        static bool toBoolean(JSValue);
+
+        static bool getUInt32(JSValue, uint32_t&);
+        static bool getTruncatedInt32(JSValue, int32_t&);
+        static bool getTruncatedUInt32(JSValue, uint32_t&);
+
+        static int32_t getTruncatedInt32(JSValue);
+        static uint32_t getTruncatedUInt32(JSValue);
+
+        static JSValue trueImmediate();
+        static JSValue falseImmediate();
+        static JSValue undefinedImmediate();
+        static JSValue nullImmediate();
+        static JSValue zeroImmediate();
+        static JSValue oneImmediate();
+
+    private:
+#if USE(JSVALUE64)
+        static const int minImmediateInt = ((-INT_MAX) - 1);
+        static const int maxImmediateInt = INT_MAX;
+#else
+        static const int minImmediateInt = ((-INT_MAX) - 1) >> IntegerPayloadShift;
+        static const int maxImmediateInt = INT_MAX >> IntegerPayloadShift;
+#endif
+        static const unsigned maxImmediateUInt = maxImmediateInt;
+
+        static ALWAYS_INLINE JSValue makeValue(intptr_t integer)
+        {
+            return JSValue::makeImmediate(integer);
+        }
+
+        // With USE(JSVALUE64) we want the argument to be zero extended, so the
+        // integer doesn't interfere with the tag bits in the upper word.  In the default encoding,
+        // if intptr_t id larger then int32_t we sign extend the value through the upper word.
+#if USE(JSVALUE64)
+        static ALWAYS_INLINE JSValue makeInt(uint32_t value)
+#else
+        static ALWAYS_INLINE JSValue makeInt(int32_t value)
+#endif
+        {
+            return makeValue((static_cast<intptr_t>(value) << IntegerPayloadShift) | TagTypeNumber);
+        }
+        
+#if USE(JSVALUE64)
+        static ALWAYS_INLINE JSValue makeDouble(double value)
+        {
+            return makeValue(reinterpretDoubleToIntptr(value) + DoubleEncodeOffset);
+        }
+#endif
+        
+        static ALWAYS_INLINE JSValue makeBool(bool b)
+        {
+            return makeValue((static_cast<intptr_t>(b) << ExtendedPayloadShift) | FullTagTypeBool);
+        }
+        
+        static ALWAYS_INLINE JSValue makeUndefined()
+        {
+            return makeValue(FullTagTypeUndefined);
+        }
+        
+        static ALWAYS_INLINE JSValue makeNull()
+        {
+            return makeValue(FullTagTypeNull);
+        }
+
+        template<typename T>
+        static JSValue fromNumberOutsideIntegerRange(T);
+
+#if USE(JSVALUE64)
+        static ALWAYS_INLINE double doubleValue(JSValue v)
+        {
+            return reinterpretIntptrToDouble(rawValue(v) - DoubleEncodeOffset);
+        }
+#endif
+
+        static ALWAYS_INLINE int32_t intValue(JSValue v)
+        {
+            return static_cast<int32_t>(rawValue(v) >> IntegerPayloadShift);
+        }
+        
+        static ALWAYS_INLINE uint32_t uintValue(JSValue v)
+        {
+            return static_cast<uint32_t>(rawValue(v) >> IntegerPayloadShift);
+        }
+        
+        static ALWAYS_INLINE bool boolValue(JSValue v)
+        {
+            return rawValue(v) & ExtendedPayloadBitBoolValue;
+        }
+        
+        static ALWAYS_INLINE intptr_t rawValue(JSValue v)
+        {
+            return v.immediateValue();
+        }
+    };
+
+    ALWAYS_INLINE JSValue JSImmediate::trueImmediate() { return makeBool(true); }
+    ALWAYS_INLINE JSValue JSImmediate::falseImmediate() { return makeBool(false); }
+    ALWAYS_INLINE JSValue JSImmediate::undefinedImmediate() { return makeUndefined(); }
+    ALWAYS_INLINE JSValue JSImmediate::nullImmediate() { return makeNull(); }
+    ALWAYS_INLINE JSValue JSImmediate::zeroImmediate() { return makeInt(0); }
+    ALWAYS_INLINE JSValue JSImmediate::oneImmediate() { return makeInt(1); }
+
+#if USE(JSVALUE64)
+    inline bool doubleToBoolean(double value)
+    {
+        return value < 0.0 || value > 0.0;
+    }
+
+    ALWAYS_INLINE bool JSImmediate::toBoolean(JSValue v)
+    {
+        ASSERT(isImmediate(v));
+        return isNumber(v) ? isIntegerNumber(v) ? v != zeroImmediate()
+            : doubleToBoolean(doubleValue(v)) : v == trueImmediate();
+    }
+#else
+    ALWAYS_INLINE bool JSImmediate::toBoolean(JSValue v)
+    {
+        ASSERT(isImmediate(v));
+        return isIntegerNumber(v) ? v != zeroImmediate() : v == trueImmediate();
+    }
+#endif
+
+    ALWAYS_INLINE uint32_t JSImmediate::getTruncatedUInt32(JSValue v)
+    {
+        // FIXME: should probably be asserting isPositiveIntegerNumber here.
+        ASSERT(isIntegerNumber(v));
+        return intValue(v);
+    }
+
+#if USE(JSVALUE64)
+    template<typename T>
+    inline JSValue JSImmediate::fromNumberOutsideIntegerRange(T value)
+    {
+        return makeDouble(static_cast<double>(value));
+    }
+#else
+    template<typename T>
+    inline JSValue JSImmediate::fromNumberOutsideIntegerRange(T)
+    {
+        return JSValue();
+    }
+#endif
+
+    ALWAYS_INLINE JSValue JSImmediate::from(char i)
+    {
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(signed char i)
+    {
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(unsigned char i)
+    {
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(short i)
+    {
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(unsigned short i)
+    {
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(int i)
+    {
+#if !USE(JSVALUE64)
+        if ((i < minImmediateInt) | (i > maxImmediateInt))
+            return fromNumberOutsideIntegerRange(i);
+#endif
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(unsigned i)
+    {
+        if (i > maxImmediateUInt)
+            return fromNumberOutsideIntegerRange(i);
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(long i)
+    {
+        if ((i < minImmediateInt) | (i > maxImmediateInt))
+            return fromNumberOutsideIntegerRange(i);
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(unsigned long i)
+    {
+        if (i > maxImmediateUInt)
+            return fromNumberOutsideIntegerRange(i);
+        return makeInt(i);
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(long long i)
+    {
+        if ((i < minImmediateInt) | (i > maxImmediateInt))
+            return JSValue();
+        return makeInt(static_cast<intptr_t>(i));
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(unsigned long long i)
+    {
+        if (i > maxImmediateUInt)
+            return fromNumberOutsideIntegerRange(i);
+        return makeInt(static_cast<intptr_t>(i));
+    }
+
+    ALWAYS_INLINE JSValue JSImmediate::from(double d)
+    {
+        const int intVal = static_cast<int>(d);
+
+        // Check for data loss from conversion to int.
+        if (intVal != d || (!intVal && signbit(d)))
+            return fromNumberOutsideIntegerRange(d);
+
+        return from(intVal);
+    }
+
+    ALWAYS_INLINE int32_t JSImmediate::getTruncatedInt32(JSValue v)
+    {
+        ASSERT(isIntegerNumber(v));
+        return intValue(v);
+    }
+
+    ALWAYS_INLINE double JSImmediate::toDouble(JSValue v)
+    {
+        ASSERT(isImmediate(v));
+
+        if (isIntegerNumber(v))
+            return intValue(v);
+
+#if USE(JSVALUE64)
+        if (isNumber(v)) {
+            ASSERT(isDouble(v));
+            return doubleValue(v);
+        }
+#else
+        ASSERT(!isNumber(v));
+#endif
+
+        if (rawValue(v) == FullTagTypeUndefined)
+            return nonInlineNaN();
+
+        ASSERT(JSImmediate::isBoolean(v) || (v == JSImmediate::nullImmediate()));
+        return rawValue(v) >> ExtendedPayloadShift;
+    }
+
+    ALWAYS_INLINE bool JSImmediate::getUInt32(JSValue v, uint32_t& i)
+    {
+        i = uintValue(v);
+        return isPositiveIntegerNumber(v);
+    }
+
+    ALWAYS_INLINE bool JSImmediate::getTruncatedInt32(JSValue v, int32_t& i)
+    {
+        i = intValue(v);
+        return isIntegerNumber(v);
+    }
+
+    ALWAYS_INLINE bool JSImmediate::getTruncatedUInt32(JSValue v, uint32_t& i)
+    {
+        return getUInt32(v, i);
+    }
+
+    inline JSValue::JSValue(JSNullTag)
+    {
+        *this = JSImmediate::nullImmediate();
+    }
+    
+    inline JSValue::JSValue(JSUndefinedTag)
+    {
+        *this = JSImmediate::undefinedImmediate();
+    }
+
+    inline JSValue::JSValue(JSTrueTag)
+    {
+        *this = JSImmediate::trueImmediate();
+    }
+
+    inline JSValue::JSValue(JSFalseTag)
+    {
+        *this = JSImmediate::falseImmediate();
+    }
+
+    inline bool JSValue::isUndefinedOrNull() const
+    {
+        return JSImmediate::isUndefinedOrNull(asValue());
+    }
+
+    inline bool JSValue::isBoolean() const
+    {
+        return JSImmediate::isBoolean(asValue());
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return asValue() == JSImmediate::trueImmediate();
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return asValue() == JSImmediate::falseImmediate();
+    }
+
+    inline bool JSValue::getBoolean(bool& v) const
+    {
+        if (JSImmediate::isBoolean(asValue())) {
+            v = JSImmediate::toBoolean(asValue());
+            return true;
+        }
+        
+        return false;
+    }
+
+    inline bool JSValue::getBoolean() const
+    {
+        return asValue() == jsBoolean(true);
+    }
+
+    inline bool JSValue::isCell() const
+    {
+        return !JSImmediate::isImmediate(asValue());
+    }
+
+    inline bool JSValue::isInt32() const
+    {
+        return JSImmediate::isIntegerNumber(asValue());
+    }
+
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
+        return JSImmediate::getTruncatedInt32(asValue());
+    }
+
+    inline bool JSValue::isUInt32() const
+    {
+        return JSImmediate::isPositiveIntegerNumber(asValue());
+    }
+
+    inline uint32_t JSValue::asUInt32() const
+    {
+        ASSERT(isUInt32());
+        return JSImmediate::getTruncatedUInt32(asValue());
+    }
+
+    class JSFastMath {
+    public:
+        static ALWAYS_INLINE bool canDoFastBitwiseOperations(JSValue v1, JSValue v2)
+        {
+            return JSImmediate::areBothImmediateIntegerNumbers(v1, v2);
+        }
+
+        static ALWAYS_INLINE JSValue equal(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastBitwiseOperations(v1, v2));
+            return jsBoolean(v1 == v2);
+        }
+
+        static ALWAYS_INLINE JSValue notEqual(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastBitwiseOperations(v1, v2));
+            return jsBoolean(v1 != v2);
+        }
+
+        static ALWAYS_INLINE JSValue andImmediateNumbers(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastBitwiseOperations(v1, v2));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v1) & JSImmediate::rawValue(v2));
+        }
+
+        static ALWAYS_INLINE JSValue xorImmediateNumbers(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastBitwiseOperations(v1, v2));
+            return JSImmediate::makeValue((JSImmediate::rawValue(v1) ^ JSImmediate::rawValue(v2)) | JSImmediate::TagTypeNumber);
+        }
+
+        static ALWAYS_INLINE JSValue orImmediateNumbers(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastBitwiseOperations(v1, v2));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v1) | JSImmediate::rawValue(v2));
+        }
+
+        static ALWAYS_INLINE bool canDoFastRshift(JSValue v1, JSValue v2)
+        {
+            return JSImmediate::areBothImmediateIntegerNumbers(v1, v2);
+        }
+
+        static ALWAYS_INLINE bool canDoFastUrshift(JSValue v1, JSValue v2)
+        {
+            return JSImmediate::areBothImmediateIntegerNumbers(v1, v2) && !(JSImmediate::rawValue(v1) & JSImmediate::signBit);
+        }
+
+        static ALWAYS_INLINE JSValue rightShiftImmediateNumbers(JSValue val, JSValue shift)
+        {
+            ASSERT(canDoFastRshift(val, shift) || canDoFastUrshift(val, shift));
+#if USE(JSVALUE64)
+            return JSImmediate::makeValue(static_cast<intptr_t>(static_cast<uint32_t>(static_cast<int32_t>(JSImmediate::rawValue(val)) >> ((JSImmediate::rawValue(shift) >> JSImmediate::IntegerPayloadShift) & 0x1f))) | JSImmediate::TagTypeNumber);
+#else
+            return JSImmediate::makeValue((JSImmediate::rawValue(val) >> ((JSImmediate::rawValue(shift) >> JSImmediate::IntegerPayloadShift) & 0x1f)) | JSImmediate::TagTypeNumber);
+#endif
+        }
+
+        static ALWAYS_INLINE bool canDoFastAdditiveOperations(JSValue v)
+        {
+            // Number is non-negative and an operation involving two of these can't overflow.
+            // Checking for allowed negative numbers takes more time than it's worth on SunSpider.
+            return (JSImmediate::rawValue(v) & (JSImmediate::TagTypeNumber + (JSImmediate::signBit | (JSImmediate::signBit >> 1)))) == JSImmediate::TagTypeNumber;
+        }
+
+        static ALWAYS_INLINE bool canDoFastAdditiveOperations(JSValue v1, JSValue v2)
+        {
+            // Number is non-negative and an operation involving two of these can't overflow.
+            // Checking for allowed negative numbers takes more time than it's worth on SunSpider.
+            return canDoFastAdditiveOperations(v1) && canDoFastAdditiveOperations(v2);
+        }
+
+        static ALWAYS_INLINE JSValue addImmediateNumbers(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastAdditiveOperations(v1, v2));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v1) + JSImmediate::rawValue(v2) - JSImmediate::TagTypeNumber);
+        }
+
+        static ALWAYS_INLINE JSValue subImmediateNumbers(JSValue v1, JSValue v2)
+        {
+            ASSERT(canDoFastAdditiveOperations(v1, v2));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v1) - JSImmediate::rawValue(v2) + JSImmediate::TagTypeNumber);
+        }
+
+        static ALWAYS_INLINE JSValue incImmediateNumber(JSValue v)
+        {
+            ASSERT(canDoFastAdditiveOperations(v));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v) + (1 << JSImmediate::IntegerPayloadShift));
+        }
+
+        static ALWAYS_INLINE JSValue decImmediateNumber(JSValue v)
+        {
+            ASSERT(canDoFastAdditiveOperations(v));
+            return JSImmediate::makeValue(JSImmediate::rawValue(v) - (1 << JSImmediate::IntegerPayloadShift));
+        }
+    };
+
+} // namespace JSC
+
+#endif // !USE(JSVALUE32_64)
+
+#endif // JSImmediate_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.cpp
new file mode 100644
index 000000000..8f056c817
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.cpp
@@ -0,0 +1,254 @@
+/*
+ * Copyright (C) 2005, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the NU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA 
+ *
+ */
+
+#include "config.h"
+#include "JSLock.h"
+
+#include "Collector.h"
+#include "CallFrame.h"
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#include <pthread.h>
+#endif
+
+namespace JSC {
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+
+// Acquire this mutex before accessing lock-related data.
+static pthread_mutex_t JSMutex = PTHREAD_MUTEX_INITIALIZER;
+
+// Thread-specific key that tells whether a thread holds the JSMutex, and how many times it was taken recursively.
+pthread_key_t JSLockCount;
+
+static void createJSLockCount()
+{
+    pthread_key_create(&JSLockCount, 0);
+}
+
+pthread_once_t createJSLockCountOnce = PTHREAD_ONCE_INIT;
+
+// Lock nesting count.
+intptr_t JSLock::lockCount()
+{
+    pthread_once(&createJSLockCountOnce, createJSLockCount);
+
+    return reinterpret_cast<intptr_t>(pthread_getspecific(JSLockCount));
+}
+
+static void setLockCount(intptr_t count)
+{
+    ASSERT(count >= 0);
+    pthread_setspecific(JSLockCount, reinterpret_cast<void*>(count));
+}
+
+JSLock::JSLock(ExecState* exec)
+    : m_lockBehavior(exec->globalData().isSharedInstance ? LockForReal : SilenceAssertionsOnly)
+{
+    lock(m_lockBehavior);
+}
+
+void JSLock::lock(JSLockBehavior lockBehavior)
+{
+#ifdef NDEBUG
+    // Locking "not for real" is a debug-only feature.
+    if (lockBehavior == SilenceAssertionsOnly)
+        return;
+#endif
+
+    pthread_once(&createJSLockCountOnce, createJSLockCount);
+
+    intptr_t currentLockCount = lockCount();
+    if (!currentLockCount && lockBehavior == LockForReal) {
+        int result;
+        result = pthread_mutex_lock(&JSMutex);
+        ASSERT(!result);
+    }
+    setLockCount(currentLockCount + 1);
+}
+
+void JSLock::unlock(JSLockBehavior lockBehavior)
+{
+    ASSERT(lockCount());
+
+#ifdef NDEBUG
+    // Locking "not for real" is a debug-only feature.
+    if (lockBehavior == SilenceAssertionsOnly)
+        return;
+#endif
+
+    intptr_t newLockCount = lockCount() - 1;
+    setLockCount(newLockCount);
+    if (!newLockCount && lockBehavior == LockForReal) {
+        int result;
+        result = pthread_mutex_unlock(&JSMutex);
+        ASSERT(!result);
+    }
+}
+
+void JSLock::lock(ExecState* exec)
+{
+    lock(exec->globalData().isSharedInstance ? LockForReal : SilenceAssertionsOnly);
+}
+
+void JSLock::unlock(ExecState* exec)
+{
+    unlock(exec->globalData().isSharedInstance ? LockForReal : SilenceAssertionsOnly);
+}
+
+bool JSLock::currentThreadIsHoldingLock()
+{
+    pthread_once(&createJSLockCountOnce, createJSLockCount);
+    return !!pthread_getspecific(JSLockCount);
+}
+
+// This is fairly nasty.  We allow multiple threads to run on the same
+// context, and we do not require any locking semantics in doing so -
+// clients of the API may simply use the context from multiple threads
+// concurently, and assume this will work.  In order to make this work,
+// We lock the context when a thread enters, and unlock it when it leaves.
+// However we do not only unlock when the thread returns from its
+// entry point (evaluate script or call function), we also unlock the
+// context if the thread leaves JSC by making a call out to an external
+// function through a callback.
+//
+// All threads using the context share the same JS stack (the RegisterFile).
+// Whenever a thread calls into JSC it starts using the RegisterFile from the
+// previous 'high water mark' - the maximum point the stack has ever grown to
+// (returned by RegisterFile::end()).  So if a first thread calls out to a
+// callback, and a second thread enters JSC, then also exits by calling out
+// to a callback, we can be left with stackframes from both threads in the
+// RegisterFile.  As such, a problem may occur should the first thread's
+// callback complete first, and attempt to return to JSC.  Were we to allow
+// this to happen, and were its stack to grow further, then it may potentially
+// write over the second thread's call frames.
+//
+// In avoid JS stack corruption we enforce a policy of only ever allowing two
+// threads to use a JS context concurrently, and only allowing the second of
+// these threads to execute until it has completed and fully returned from its
+// outermost call into JSC.  We enforce this policy using 'lockDropDepth'.  The
+// first time a thread exits it will call DropAllLocks - which will do as expected
+// and drop locks allowing another thread to enter.  Should another thread, or the
+// same thread again, enter JSC (through evaluate script or call function), and exit
+// again through a callback, then the locks will not be dropped when DropAllLocks
+// is called (since lockDropDepth is non-zero).  Since this thread is still holding
+// the locks, only it will re able to re-enter JSC (either be returning from the
+// callback, or by re-entering through another call to evaulate script or call
+// function).
+//
+// This policy is slightly more restricive than it needs to be for correctness -
+// we could validly allow futher entries into JSC from other threads, we only
+// need ensure that callbacks return in the reverse chronological order of the
+// order in which they were made - though implementing the less restrictive policy
+// would likely increase complexity and overhead.
+//
+static unsigned lockDropDepth = 0;
+
+JSLock::DropAllLocks::DropAllLocks(ExecState* exec)
+    : m_lockBehavior(exec->globalData().isSharedInstance ? LockForReal : SilenceAssertionsOnly)
+{
+    pthread_once(&createJSLockCountOnce, createJSLockCount);
+
+    if (lockDropDepth++) {
+        m_lockCount = 0;
+        return;
+    }
+
+    m_lockCount = JSLock::lockCount();
+    for (intptr_t i = 0; i < m_lockCount; i++)
+        JSLock::unlock(m_lockBehavior);
+}
+
+JSLock::DropAllLocks::DropAllLocks(JSLockBehavior JSLockBehavior)
+    : m_lockBehavior(JSLockBehavior)
+{
+    pthread_once(&createJSLockCountOnce, createJSLockCount);
+
+    if (lockDropDepth++) {
+        m_lockCount = 0;
+        return;
+    }
+
+    // It is necessary to drop even "unreal" locks, because having a non-zero lock count
+    // will prevent a real lock from being taken.
+
+    m_lockCount = JSLock::lockCount();
+    for (intptr_t i = 0; i < m_lockCount; i++)
+        JSLock::unlock(m_lockBehavior);
+}
+
+JSLock::DropAllLocks::~DropAllLocks()
+{
+    for (intptr_t i = 0; i < m_lockCount; i++)
+        JSLock::lock(m_lockBehavior);
+
+    --lockDropDepth;
+}
+
+#else
+
+JSLock::JSLock(ExecState*)
+    : m_lockBehavior(SilenceAssertionsOnly)
+{
+}
+
+// If threading support is off, set the lock count to a constant value of 1 so ssertions
+// that the lock is held don't fail
+intptr_t JSLock::lockCount()
+{
+    return 1;
+}
+
+bool JSLock::currentThreadIsHoldingLock()
+{
+    return true;
+}
+
+void JSLock::lock(JSLockBehavior)
+{
+}
+
+void JSLock::unlock(JSLockBehavior)
+{
+}
+
+void JSLock::lock(ExecState*)
+{
+}
+
+void JSLock::unlock(ExecState*)
+{
+}
+
+JSLock::DropAllLocks::DropAllLocks(ExecState*)
+{
+}
+
+JSLock::DropAllLocks::DropAllLocks(JSLockBehavior)
+{
+}
+
+JSLock::DropAllLocks::~DropAllLocks()
+{
+}
+
+#endif // USE(MULTIPLE_THREADS)
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.h
new file mode 100644
index 000000000..8b015c4c8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSLock.h
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2005, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSLock_h
+#define JSLock_h
+
+#include <wtf/Assertions.h>
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+
+    // To make it safe to use JavaScript on multiple threads, it is
+    // important to lock before doing anything that allocates a
+    // JavaScript data structure or that interacts with shared state
+    // such as the protect count hash table. The simplest way to lock
+    // is to create a local JSLock object in the scope where the lock 
+    // must be held. The lock is recursive so nesting is ok. The JSLock 
+    // object also acts as a convenience short-hand for running important
+    // initialization routines.
+
+    // To avoid deadlock, sometimes it is necessary to temporarily
+    // release the lock. Since it is recursive you actually have to
+    // release all locks held by your thread. This is safe to do if
+    // you are executing code that doesn't require the lock, and you
+    // reacquire the right number of locks at the end. You can do this
+    // by constructing a locally scoped JSLock::DropAllLocks object. The 
+    // DropAllLocks object takes care to release the JSLock only if your
+    // thread acquired it to begin with.
+
+    // For contexts other than the single shared one, implicit locking is not done,
+    // but we still need to perform all the counting in order to keep debug
+    // assertions working, so that clients that use the shared context don't break.
+
+    class ExecState;
+
+    enum JSLockBehavior { SilenceAssertionsOnly, LockForReal };
+
+    class JSLock : public Noncopyable {
+    public:
+        JSLock(ExecState*);
+
+        JSLock(JSLockBehavior lockBehavior)
+            : m_lockBehavior(lockBehavior)
+        {
+#ifdef NDEBUG
+            // Locking "not for real" is a debug-only feature.
+            if (lockBehavior == SilenceAssertionsOnly)
+                return;
+#endif
+            lock(lockBehavior);
+        }
+
+        ~JSLock()
+        { 
+#ifdef NDEBUG
+            // Locking "not for real" is a debug-only feature.
+            if (m_lockBehavior == SilenceAssertionsOnly)
+                return;
+#endif
+            unlock(m_lockBehavior); 
+        }
+        
+        static void lock(JSLockBehavior);
+        static void unlock(JSLockBehavior);
+        static void lock(ExecState*);
+        static void unlock(ExecState*);
+
+        static intptr_t lockCount();
+        static bool currentThreadIsHoldingLock();
+
+        JSLockBehavior m_lockBehavior;
+
+        class DropAllLocks : public Noncopyable {
+        public:
+            DropAllLocks(ExecState* exec);
+            DropAllLocks(JSLockBehavior);
+            ~DropAllLocks();
+            
+        private:
+            intptr_t m_lockCount;
+            JSLockBehavior m_lockBehavior;
+        };
+    };
+
+} // namespace
+
+#endif // JSLock_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.cpp
new file mode 100644
index 000000000..321762af5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.cpp
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#include "config.h"
+#include "JSNotAnObject.h"
+
+#include <wtf/UnusedParam.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSNotAnObject);
+
+// JSValue methods
+JSValue JSNotAnObject::toPrimitive(ExecState* exec, PreferredPrimitiveType) const
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return m_exception;
+}
+
+bool JSNotAnObject::getPrimitiveNumber(ExecState* exec, double&, JSValue&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+bool JSNotAnObject::toBoolean(ExecState* exec) const
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+double JSNotAnObject::toNumber(ExecState* exec) const
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return NaN;
+}
+
+UString JSNotAnObject::toString(ExecState* exec) const
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return "";
+}
+
+JSObject* JSNotAnObject::toObject(ExecState* exec) const
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return m_exception;
+}
+
+// Marking
+void JSNotAnObject::markChildren(MarkStack& markStack)
+{
+    JSObject::markChildren(markStack);
+    markStack.append(m_exception);
+}
+
+// JSObject methods
+bool JSNotAnObject::getOwnPropertySlot(ExecState* exec, const Identifier&, PropertySlot&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+bool JSNotAnObject::getOwnPropertySlot(ExecState* exec, unsigned, PropertySlot&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+bool JSNotAnObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier&, PropertyDescriptor&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+void JSNotAnObject::put(ExecState* exec, const Identifier& , JSValue, PutPropertySlot&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+}
+
+void JSNotAnObject::put(ExecState* exec, unsigned, JSValue)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+}
+
+bool JSNotAnObject::deleteProperty(ExecState* exec, const Identifier&)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+bool JSNotAnObject::deleteProperty(ExecState* exec, unsigned)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+    return false;
+}
+
+void JSNotAnObject::getOwnPropertyNames(ExecState* exec, PropertyNameArray&, bool)
+{
+    ASSERT_UNUSED(exec, exec->hadException() && exec->exception() == m_exception);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.h
new file mode 100644
index 000000000..57347af81
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNotAnObject.h
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSNotAnObject_h
+#define JSNotAnObject_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class JSNotAnObjectErrorStub : public JSObject {
+    public:
+        JSNotAnObjectErrorStub(ExecState* exec, bool isNull)
+            : JSObject(exec->globalData().notAnObjectErrorStubStructure)
+            , m_isNull(isNull)
+        {
+        }
+
+        bool isNull() const { return m_isNull; }
+
+    private:
+        virtual bool isNotAnObjectErrorStub() const { return true; }
+
+        bool m_isNull;
+    };
+    
+    // This unholy class is used to allow us to avoid multiple exception checks
+    // in certain SquirrelFish bytecodes -- effectively it just silently consumes
+    // any operations performed on the result of a failed toObject call.
+    class JSNotAnObject : public JSObject {
+    public:
+        JSNotAnObject(ExecState* exec, JSNotAnObjectErrorStub* exception)
+            : JSObject(exec->globalData().notAnObjectStructure)
+            , m_exception(exception)
+        {
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType));
+        }
+
+     private:
+        // JSValue methods
+        virtual JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
+        virtual bool getPrimitiveNumber(ExecState*, double& number, JSValue&);
+        virtual bool toBoolean(ExecState*) const;
+        virtual double toNumber(ExecState*) const;
+        virtual UString toString(ExecState*) const;
+        virtual JSObject* toObject(ExecState*) const;
+
+        // Marking
+        virtual void markChildren(MarkStack&);
+
+        // JSObject methods
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual void put(ExecState*, unsigned propertyName, JSValue);
+
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName);
+        virtual bool deleteProperty(ExecState*, unsigned propertyName);
+
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+
+        JSNotAnObjectErrorStub* m_exception;
+    };
+
+} // namespace JSC
+
+#endif // JSNotAnObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.cpp
new file mode 100644
index 000000000..f1009b9c0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.cpp
@@ -0,0 +1,113 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2004, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSNumberCell.h"
+
+#if USE(JSVALUE32)
+
+#include "NumberObject.h"
+#include "UString.h"
+
+namespace JSC {
+
+JSValue JSNumberCell::toPrimitive(ExecState*, PreferredPrimitiveType) const
+{
+    return const_cast<JSNumberCell*>(this);
+}
+
+bool JSNumberCell::getPrimitiveNumber(ExecState*, double& number, JSValue& value)
+{
+    number = m_value;
+    value = this;
+    return true;
+}
+
+bool JSNumberCell::toBoolean(ExecState*) const
+{
+    return m_value < 0.0 || m_value > 0.0; // false for NaN
+}
+
+double JSNumberCell::toNumber(ExecState*) const
+{
+  return m_value;
+}
+
+UString JSNumberCell::toString(ExecState*) const
+{
+    return UString::from(m_value);
+}
+
+UString JSNumberCell::toThisString(ExecState*) const
+{
+    return UString::from(m_value);
+}
+
+JSObject* JSNumberCell::toObject(ExecState* exec) const
+{
+    return constructNumber(exec, const_cast<JSNumberCell*>(this));
+}
+
+JSObject* JSNumberCell::toThisObject(ExecState* exec) const
+{
+    return constructNumber(exec, const_cast<JSNumberCell*>(this));
+}
+
+bool JSNumberCell::getUInt32(uint32_t& uint32) const
+{
+    uint32 = static_cast<uint32_t>(m_value);
+    return uint32 == m_value;
+}
+
+JSValue JSNumberCell::getJSNumber()
+{
+    return this;
+}
+
+JSValue jsNumberCell(ExecState* exec, double d)
+{
+    return new (exec) JSNumberCell(exec, d);
+}
+
+JSValue jsNumberCell(JSGlobalData* globalData, double d)
+{
+    return new (globalData) JSNumberCell(globalData, d);
+}
+
+} // namespace JSC
+
+#else // USE(JSVALUE32)
+
+// Keep our exported symbols lists happy.
+namespace JSC {
+
+JSValue jsNumberCell(ExecState*, double);
+
+JSValue jsNumberCell(ExecState*, double)
+{
+    ASSERT_NOT_REACHED();
+    return JSValue();
+}
+
+} // namespace JSC
+
+#endif // USE(JSVALUE32)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.h
new file mode 100644
index 000000000..6a4808163
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSNumberCell.h
@@ -0,0 +1,357 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSNumberCell_h
+#define JSNumberCell_h
+
+#include "CallFrame.h"
+#include "JSCell.h"
+#include "JSImmediate.h"
+#include "Collector.h"
+#include "UString.h"
+#include <stddef.h> // for size_t
+
+namespace JSC {
+
+    extern const double NaN;
+    extern const double Inf;
+
+#if USE(JSVALUE32)
+    JSValue jsNumberCell(ExecState*, double);
+
+    class Identifier;
+    class JSCell;
+    class JSObject;
+    class JSString;
+    class PropertySlot;
+
+    struct ClassInfo;
+    struct Instruction;
+
+    class JSNumberCell : public JSCell {
+        friend class JIT;
+        friend JSValue jsNumberCell(JSGlobalData*, double);
+        friend JSValue jsNumberCell(ExecState*, double);
+
+    public:
+        double value() const { return m_value; }
+
+        virtual JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
+        virtual bool getPrimitiveNumber(ExecState*, double& number, JSValue& value);
+        virtual bool toBoolean(ExecState*) const;
+        virtual double toNumber(ExecState*) const;
+        virtual UString toString(ExecState*) const;
+        virtual JSObject* toObject(ExecState*) const;
+
+        virtual UString toThisString(ExecState*) const;
+        virtual JSObject* toThisObject(ExecState*) const;
+        virtual JSValue getJSNumber();
+
+        void* operator new(size_t size, ExecState* exec)
+        {
+    #ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+            return exec->heap()->inlineAllocateNumber(size);
+    #else
+            return exec->heap()->allocateNumber(size);
+    #endif
+        }
+
+        void* operator new(size_t size, JSGlobalData* globalData)
+        {
+    #ifdef JAVASCRIPTCORE_BUILDING_ALL_IN_ONE_FILE
+            return globalData->heap.inlineAllocateNumber(size);
+    #else
+            return globalData->heap.allocateNumber(size);
+    #endif
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) { return Structure::create(proto, TypeInfo(NumberType, NeedsThisConversion | HasDefaultMark)); }
+
+    private:
+        JSNumberCell(JSGlobalData* globalData, double value)
+            : JSCell(globalData->numberStructure.get())
+            , m_value(value)
+        {
+        }
+
+        JSNumberCell(ExecState* exec, double value)
+            : JSCell(exec->globalData().numberStructure.get())
+            , m_value(value)
+        {
+        }
+
+        virtual bool getUInt32(uint32_t&) const;
+
+        double m_value;
+    };
+
+    JSValue jsNumberCell(JSGlobalData*, double);
+
+    inline bool isNumberCell(JSValue v)
+    {
+        return v.isCell() && v.asCell()->isNumber();
+    }
+
+    inline JSNumberCell* asNumberCell(JSValue v)
+    {
+        ASSERT(isNumberCell(v));
+        return static_cast<JSNumberCell*>(v.asCell());
+    }
+
+    inline JSValue::JSValue(ExecState* exec, double d)
+    {
+        JSValue v = JSImmediate::from(d);
+        *this = v ? v : jsNumberCell(exec, d);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, int i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, i);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, i);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, i);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, i);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, static_cast<double>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(exec, static_cast<double>(i));
+    }
+
+    inline JSValue::JSValue(JSGlobalData* globalData, double d)
+    {
+        JSValue v = JSImmediate::from(d);
+        *this = v ? v : jsNumberCell(globalData, d);
+    }
+
+    inline JSValue::JSValue(JSGlobalData* globalData, int i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(globalData, i);
+    }
+
+    inline JSValue::JSValue(JSGlobalData* globalData, unsigned i)
+    {
+        JSValue v = JSImmediate::from(i);
+        *this = v ? v : jsNumberCell(globalData, i);
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return isNumberCell(asValue());
+    }
+
+    inline double JSValue::asDouble() const
+    {
+        return asNumberCell(asValue())->value();
+    }
+
+    inline bool JSValue::isNumber() const
+    {
+        return JSImmediate::isNumber(asValue()) || isDouble();
+    }
+
+    inline double JSValue::uncheckedGetNumber() const
+    {
+        ASSERT(isNumber());
+        return JSImmediate::isImmediate(asValue()) ? JSImmediate::toDouble(asValue()) : asDouble();
+    }
+
+#endif // USE(JSVALUE32)
+
+#if USE(JSVALUE64)
+    inline JSValue::JSValue(ExecState*, double d)
+    {
+        JSValue v = JSImmediate::from(d);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, int i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, unsigned i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, unsigned long i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, long long i)
+    {
+        JSValue v = JSImmediate::from(static_cast<double>(i));
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(ExecState*, unsigned long long i)
+    {
+        JSValue v = JSImmediate::from(static_cast<double>(i));
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(JSGlobalData*, double d)
+    {
+        JSValue v = JSImmediate::from(d);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(JSGlobalData*, int i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline JSValue::JSValue(JSGlobalData*, unsigned i)
+    {
+        JSValue v = JSImmediate::from(i);
+        ASSERT(v);
+        *this = v;
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return JSImmediate::isDouble(asValue());
+    }
+
+    inline double JSValue::asDouble() const
+    {
+        return JSImmediate::doubleValue(asValue());
+    }
+
+    inline bool JSValue::isNumber() const
+    {
+        return JSImmediate::isNumber(asValue());
+    }
+
+    inline double JSValue::uncheckedGetNumber() const
+    {
+        ASSERT(isNumber());
+        return JSImmediate::toDouble(asValue());
+    }
+
+#endif // USE(JSVALUE64)
+
+#if USE(JSVALUE32) || USE(JSVALUE64)
+
+    inline JSValue::JSValue(ExecState*, char i)
+    {
+        ASSERT(JSImmediate::from(i));
+        *this = JSImmediate::from(i);
+    }
+
+    inline JSValue::JSValue(ExecState*, unsigned char i)
+    {
+        ASSERT(JSImmediate::from(i));
+        *this = JSImmediate::from(i);
+    }
+
+    inline JSValue::JSValue(ExecState*, short i)
+    {
+        ASSERT(JSImmediate::from(i));
+        *this = JSImmediate::from(i);
+    }
+
+    inline JSValue::JSValue(ExecState*, unsigned short i)
+    {
+        ASSERT(JSImmediate::from(i));
+        *this = JSImmediate::from(i);
+    }
+
+    inline JSValue jsNaN(ExecState* exec)
+    {
+        return jsNumber(exec, NaN);
+    }
+
+    inline JSValue jsNaN(JSGlobalData* globalData)
+    {
+        return jsNumber(globalData, NaN);
+    }
+
+    // --- JSValue inlines ----------------------------
+
+    ALWAYS_INLINE JSValue JSValue::toJSNumber(ExecState* exec) const
+    {
+        return isNumber() ? asValue() : jsNumber(exec, this->toNumber(exec));
+    }
+
+    inline bool JSValue::getNumber(double &result) const
+    {
+        if (isInt32())
+            result = asInt32();
+        else if (LIKELY(isDouble()))
+            result = asDouble();
+        else {
+            ASSERT(!isNumber());
+            return false;
+        }
+        return true;
+    }
+
+#endif // USE(JSVALUE32) || USE(JSVALUE64)
+
+} // namespace JSC
+
+#endif // JSNumberCell_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.cpp
new file mode 100644
index 000000000..377c9d12d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.cpp
@@ -0,0 +1,875 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "JSONObject.h"
+
+#include "BooleanObject.h"
+#include "Error.h"
+#include "ExceptionHelpers.h"
+#include "JSArray.h"
+#include "LiteralParser.h"
+#include "PropertyNameArray.h"
+#include <wtf/MathExtras.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSONObject);
+
+static JSValue JSC_HOST_CALL JSONProtoFuncParse(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL JSONProtoFuncStringify(ExecState*, JSObject*, JSValue, const ArgList&);
+
+}
+
+#include "JSONObject.lut.h"
+
+namespace JSC {
+
+// PropertyNameForFunctionCall objects must be on the stack, since the JSValue that they create is not marked.
+class PropertyNameForFunctionCall {
+public:
+    PropertyNameForFunctionCall(const Identifier&);
+    PropertyNameForFunctionCall(unsigned);
+
+    JSValue value(ExecState*) const;
+
+private:
+    const Identifier* m_identifier;
+    unsigned m_number;
+    mutable JSValue m_value;
+};
+
+class Stringifier : public Noncopyable {
+public:
+    Stringifier(ExecState*, JSValue replacer, JSValue space);
+    ~Stringifier();
+    JSValue stringify(JSValue);
+
+    void markAggregate(MarkStack&);
+
+private:
+    typedef UString StringBuilder;
+
+    class Holder {
+    public:
+        Holder(JSObject*);
+
+        JSObject* object() const { return m_object; }
+
+        bool appendNextProperty(Stringifier&, StringBuilder&);
+
+    private:
+        JSObject* const m_object;
+        const bool m_isArray;
+        bool m_isJSArray;
+        unsigned m_index;
+        unsigned m_size;
+        RefPtr<PropertyNameArrayData> m_propertyNames;
+    };
+
+    friend class Holder;
+
+    static void appendQuotedString(StringBuilder&, const UString&);
+
+    JSValue toJSON(JSValue, const PropertyNameForFunctionCall&);
+
+    enum StringifyResult { StringifyFailed, StringifySucceeded, StringifyFailedDueToUndefinedValue };
+    StringifyResult appendStringifiedValue(StringBuilder&, JSValue, JSObject* holder, const PropertyNameForFunctionCall&);
+
+    bool willIndent() const;
+    void indent();
+    void unindent();
+    void startNewLine(StringBuilder&) const;
+
+    Stringifier* const m_nextStringifierToMark;
+    ExecState* const m_exec;
+    const JSValue m_replacer;
+    bool m_usingArrayReplacer;
+    PropertyNameArray m_arrayReplacerPropertyNames;
+    CallType m_replacerCallType;
+    CallData m_replacerCallData;
+    const UString m_gap;
+
+    HashSet<JSObject*> m_holderCycleDetector;
+    Vector<Holder, 16> m_holderStack;
+    UString m_repeatedGap;
+    UString m_indent;
+};
+
+// ------------------------------ helper functions --------------------------------
+
+static inline JSValue unwrapBoxedPrimitive(ExecState* exec, JSValue value)
+{
+    if (!value.isObject())
+        return value;
+    JSObject* object = asObject(value);
+    if (object->inherits(&NumberObject::info))
+        return jsNumber(exec, object->toNumber(exec));
+    if (object->inherits(&StringObject::info))
+        return jsString(exec, object->toString(exec));
+    if (object->inherits(&BooleanObject::info))
+        return object->toPrimitive(exec);
+    return value;
+}
+
+static inline UString gap(ExecState* exec, JSValue space)
+{
+    const int maxGapLength = 10;
+    space = unwrapBoxedPrimitive(exec, space);
+
+    // If the space value is a number, create a gap string with that number of spaces.
+    double spaceCount;
+    if (space.getNumber(spaceCount)) {
+        int count;
+        if (spaceCount > maxGapLength)
+            count = maxGapLength;
+        else if (!(spaceCount > 0))
+            count = 0;
+        else
+            count = static_cast<int>(spaceCount);
+        UChar spaces[maxGapLength];
+        for (int i = 0; i < count; ++i)
+            spaces[i] = ' ';
+        return UString(spaces, count);
+    }
+
+    // If the space value is a string, use it as the gap string, otherwise use no gap string.
+    UString spaces = space.getString();
+    if (spaces.size() > maxGapLength) {
+        spaces = spaces.substr(0, maxGapLength);
+    }
+    return spaces;
+}
+
+// ------------------------------ PropertyNameForFunctionCall --------------------------------
+
+inline PropertyNameForFunctionCall::PropertyNameForFunctionCall(const Identifier& identifier)
+    : m_identifier(&identifier)
+{
+}
+
+inline PropertyNameForFunctionCall::PropertyNameForFunctionCall(unsigned number)
+    : m_identifier(0)
+    , m_number(number)
+{
+}
+
+JSValue PropertyNameForFunctionCall::value(ExecState* exec) const
+{
+    if (!m_value) {
+        if (m_identifier)
+            m_value = jsString(exec, m_identifier->ustring());
+        else
+            m_value = jsNumber(exec, m_number);
+    }
+    return m_value;
+}
+
+// ------------------------------ Stringifier --------------------------------
+
+Stringifier::Stringifier(ExecState* exec, JSValue replacer, JSValue space)
+    : m_nextStringifierToMark(exec->globalData().firstStringifierToMark)
+    , m_exec(exec)
+    , m_replacer(replacer)
+    , m_usingArrayReplacer(false)
+    , m_arrayReplacerPropertyNames(exec)
+    , m_replacerCallType(CallTypeNone)
+    , m_gap(gap(exec, space))
+{
+    exec->globalData().firstStringifierToMark = this;
+
+    if (!m_replacer.isObject())
+        return;
+
+    if (asObject(m_replacer)->inherits(&JSArray::info)) {
+        m_usingArrayReplacer = true;
+        JSObject* array = asObject(m_replacer);
+        unsigned length = array->get(exec, exec->globalData().propertyNames->length).toUInt32(exec);
+        for (unsigned i = 0; i < length; ++i) {
+            JSValue name = array->get(exec, i);
+            if (exec->hadException())
+                break;
+
+            UString propertyName;
+            if (name.getString(propertyName)) {
+                m_arrayReplacerPropertyNames.add(Identifier(exec, propertyName));
+                continue;
+            }
+
+            double value = 0;
+            if (name.getNumber(value)) {
+                m_arrayReplacerPropertyNames.add(Identifier::from(exec, value));
+                continue;
+            }
+
+            if (name.isObject()) {
+                if (!asObject(name)->inherits(&NumberObject::info) && !asObject(name)->inherits(&StringObject::info))
+                    continue;
+                propertyName = name.toString(exec);
+                if (exec->hadException())
+                    break;
+                m_arrayReplacerPropertyNames.add(Identifier(exec, propertyName));
+            }
+        }
+        return;
+    }
+
+    m_replacerCallType = asObject(m_replacer)->getCallData(m_replacerCallData);
+}
+
+Stringifier::~Stringifier()
+{
+    ASSERT(m_exec->globalData().firstStringifierToMark == this);
+    m_exec->globalData().firstStringifierToMark = m_nextStringifierToMark;
+}
+
+void Stringifier::markAggregate(MarkStack& markStack)
+{
+    for (Stringifier* stringifier = this; stringifier; stringifier = stringifier->m_nextStringifierToMark) {
+        size_t size = m_holderStack.size();
+        for (size_t i = 0; i < size; ++i)
+            markStack.append(m_holderStack[i].object());
+    }
+}
+
+JSValue Stringifier::stringify(JSValue value)
+{
+    JSObject* object = constructEmptyObject(m_exec);
+    if (m_exec->hadException())
+        return jsNull();
+
+    PropertyNameForFunctionCall emptyPropertyName(m_exec->globalData().propertyNames->emptyIdentifier);
+    object->putDirect(m_exec->globalData().propertyNames->emptyIdentifier, value);
+
+    StringBuilder result;
+    if (appendStringifiedValue(result, value, object, emptyPropertyName) != StringifySucceeded)
+        return jsUndefined();
+    if (m_exec->hadException())
+        return jsNull();
+
+    return jsString(m_exec, result);
+}
+
+void Stringifier::appendQuotedString(StringBuilder& builder, const UString& value)
+{
+    int length = value.size();
+
+    // String length plus 2 for quote marks plus 8 so we can accomodate a few escaped characters.
+    builder.reserveCapacity(builder.size() + length + 2 + 8);
+
+    builder.append('"');
+
+    const UChar* data = value.data();
+    for (int i = 0; i < length; ++i) {
+        int start = i;
+        while (i < length && (data[i] > 0x1F && data[i] != '"' && data[i] != '\\'))
+            ++i;
+        builder.append(data + start, i - start);
+        if (i >= length)
+            break;
+        switch (data[i]) {
+            case '\t':
+                builder.append('\\');
+                builder.append('t');
+                break;
+            case '\r':
+                builder.append('\\');
+                builder.append('r');
+                break;
+            case '\n':
+                builder.append('\\');
+                builder.append('n');
+                break;
+            case '\f':
+                builder.append('\\');
+                builder.append('f');
+                break;
+            case '\b':
+                builder.append('\\');
+                builder.append('b');
+                break;
+            case '"':
+                builder.append('\\');
+                builder.append('"');
+                break;
+            case '\\':
+                builder.append('\\');
+                builder.append('\\');
+                break;
+            default:
+                static const char hexDigits[] = "0123456789abcdef";
+                UChar ch = data[i];
+                UChar hex[] = { '\\', 'u', hexDigits[(ch >> 12) & 0xF], hexDigits[(ch >> 8) & 0xF], hexDigits[(ch >> 4) & 0xF], hexDigits[ch & 0xF] };
+                builder.append(hex, sizeof(hex) / sizeof(UChar));
+                break;
+        }
+    }
+
+    builder.append('"');
+}
+
+inline JSValue Stringifier::toJSON(JSValue value, const PropertyNameForFunctionCall& propertyName)
+{
+    ASSERT(!m_exec->hadException());
+    if (!value.isObject() || !asObject(value)->hasProperty(m_exec, m_exec->globalData().propertyNames->toJSON))
+        return value;
+
+    JSValue toJSONFunction = asObject(value)->get(m_exec, m_exec->globalData().propertyNames->toJSON);
+    if (m_exec->hadException())
+        return jsNull();
+
+    if (!toJSONFunction.isObject())
+        return value;
+
+    JSObject* object = asObject(toJSONFunction);
+    CallData callData;
+    CallType callType = object->getCallData(callData);
+    if (callType == CallTypeNone)
+        return value;
+
+    JSValue list[] = { propertyName.value(m_exec) };
+    ArgList args(list, sizeof(list) / sizeof(JSValue));
+    return call(m_exec, object, callType, callData, value, args);
+}
+
+Stringifier::StringifyResult Stringifier::appendStringifiedValue(StringBuilder& builder, JSValue value, JSObject* holder, const PropertyNameForFunctionCall& propertyName)
+{
+    // Call the toJSON function.
+    value = toJSON(value, propertyName);
+    if (m_exec->hadException())
+        return StringifyFailed;
+
+    // Call the replacer function.
+    if (m_replacerCallType != CallTypeNone) {
+        JSValue list[] = { propertyName.value(m_exec), value };
+        ArgList args(list, sizeof(list) / sizeof(JSValue));
+        value = call(m_exec, m_replacer, m_replacerCallType, m_replacerCallData, holder, args);
+        if (m_exec->hadException())
+            return StringifyFailed;
+    }
+
+    if (value.isUndefined() && !holder->inherits(&JSArray::info))
+        return StringifyFailedDueToUndefinedValue;
+
+    if (value.isNull()) {
+        builder.append("null");
+        return StringifySucceeded;
+    }
+
+    value = unwrapBoxedPrimitive(m_exec, value);
+
+    if (m_exec->hadException())
+        return StringifyFailed;
+
+    if (value.isBoolean()) {
+        builder.append(value.getBoolean() ? "true" : "false");
+        return StringifySucceeded;
+    }
+
+    UString stringValue;
+    if (value.getString(stringValue)) {
+        appendQuotedString(builder, stringValue);
+        return StringifySucceeded;
+    }
+
+    double numericValue;
+    if (value.getNumber(numericValue)) {
+        if (!isfinite(numericValue))
+            builder.append("null");
+        else
+            builder.append(UString::from(numericValue));
+        return StringifySucceeded;
+    }
+
+    if (!value.isObject())
+        return StringifyFailed;
+
+    JSObject* object = asObject(value);
+
+    CallData callData;
+    if (object->getCallData(callData) != CallTypeNone) {
+        if (holder->inherits(&JSArray::info)) {
+            builder.append("null");
+            return StringifySucceeded;
+        }
+        return StringifyFailedDueToUndefinedValue;
+    }
+
+    // Handle cycle detection, and put the holder on the stack.
+    if (!m_holderCycleDetector.add(object).second) {
+        throwError(m_exec, TypeError, "JSON.stringify cannot serialize cyclic structures.");
+        return StringifyFailed;
+    }
+    bool holderStackWasEmpty = m_holderStack.isEmpty();
+    m_holderStack.append(object);
+    if (!holderStackWasEmpty)
+        return StringifySucceeded;
+
+    // If this is the outermost call, then loop to handle everything on the holder stack.
+    //TimeoutChecker localTimeoutChecker(*m_exec->globalData().timeoutChecker);
+    TimeoutChecker localTimeoutChecker;
+    localTimeoutChecker.copyTimeoutValues(m_exec->globalData().timeoutChecker);
+    localTimeoutChecker.reset();
+    unsigned tickCount = localTimeoutChecker.ticksUntilNextCheck();
+    do {
+        while (m_holderStack.last().appendNextProperty(*this, builder)) {
+            if (m_exec->hadException())
+                return StringifyFailed;
+            if (!--tickCount) {
+                if (localTimeoutChecker.didTimeOut(m_exec)) {
+                    m_exec->setException(createInterruptedExecutionException(&m_exec->globalData()));
+                    return StringifyFailed;
+                }
+                tickCount = localTimeoutChecker.ticksUntilNextCheck();
+            }
+        }
+        m_holderCycleDetector.remove(m_holderStack.last().object());
+        m_holderStack.removeLast();
+    } while (!m_holderStack.isEmpty());
+    return StringifySucceeded;
+}
+
+inline bool Stringifier::willIndent() const
+{
+    return !m_gap.isEmpty();
+}
+
+inline void Stringifier::indent()
+{
+    // Use a single shared string, m_repeatedGap, so we don't keep allocating new ones as we indent and unindent.
+    int newSize = m_indent.size() + m_gap.size();
+    if (newSize > m_repeatedGap.size())
+        m_repeatedGap.append(m_gap);
+    ASSERT(newSize <= m_repeatedGap.size());
+    m_indent = m_repeatedGap.substr(0, newSize);
+}
+
+inline void Stringifier::unindent()
+{
+    ASSERT(m_indent.size() >= m_gap.size());
+    m_indent = m_repeatedGap.substr(0, m_indent.size() - m_gap.size());
+}
+
+inline void Stringifier::startNewLine(StringBuilder& builder) const
+{
+    if (m_gap.isEmpty())
+        return;
+    builder.append('\n');
+    builder.append(m_indent);
+}
+
+inline Stringifier::Holder::Holder(JSObject* object)
+    : m_object(object)
+    , m_isArray(object->inherits(&JSArray::info))
+    , m_index(0)
+{
+}
+
+bool Stringifier::Holder::appendNextProperty(Stringifier& stringifier, StringBuilder& builder)
+{
+    ASSERT(m_index <= m_size);
+
+    ExecState* exec = stringifier.m_exec;
+
+    // First time through, initialize.
+    if (!m_index) {
+        if (m_isArray) {
+            m_isJSArray = isJSArray(&exec->globalData(), m_object);
+            m_size = m_object->get(exec, exec->globalData().propertyNames->length).toUInt32(exec);
+            builder.append('[');
+        } else {
+            if (stringifier.m_usingArrayReplacer)
+                m_propertyNames = stringifier.m_arrayReplacerPropertyNames.data();
+            else {
+                PropertyNameArray objectPropertyNames(exec);
+                m_object->getPropertyNames(exec, objectPropertyNames);
+                m_propertyNames = objectPropertyNames.releaseData();
+            }
+            m_size = m_propertyNames->propertyNameVector().size();
+            builder.append('{');
+        }
+        stringifier.indent();
+    }
+
+    // Last time through, finish up and return false.
+    if (m_index == m_size) {
+        stringifier.unindent();
+        if (m_size && builder[builder.size() - 1] != '{')
+            stringifier.startNewLine(builder);
+        builder.append(m_isArray ? ']' : '}');
+        return false;
+    }
+
+    // Handle a single element of the array or object.
+    unsigned index = m_index++;
+    unsigned rollBackPoint = 0;
+    StringifyResult stringifyResult;
+    if (m_isArray) {
+        // Get the value.
+        JSValue value;
+        if (m_isJSArray && asArray(m_object)->canGetIndex(index))
+            value = asArray(m_object)->getIndex(index);
+        else {
+            PropertySlot slot(m_object);
+            if (!m_object->getOwnPropertySlot(exec, index, slot))
+                slot.setUndefined();
+            if (exec->hadException())
+                return false;
+            value = slot.getValue(exec, index);
+        }
+
+        // Append the separator string.
+        if (index)
+            builder.append(',');
+        stringifier.startNewLine(builder);
+
+        // Append the stringified value.
+        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object, index);
+    } else {
+        // Get the value.
+        PropertySlot slot(m_object);
+        Identifier& propertyName = m_propertyNames->propertyNameVector()[index];
+        if (!m_object->getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+        JSValue value = slot.getValue(exec, propertyName);
+        if (exec->hadException())
+            return false;
+
+        rollBackPoint = builder.size();
+
+        // Append the separator string.
+        if (builder[rollBackPoint - 1] != '{')
+            builder.append(',');
+        stringifier.startNewLine(builder);
+
+        // Append the property name.
+        appendQuotedString(builder, propertyName.ustring());
+        builder.append(':');
+        if (stringifier.willIndent())
+            builder.append(' ');
+
+        // Append the stringified value.
+        stringifyResult = stringifier.appendStringifiedValue(builder, value, m_object, propertyName);
+    }
+
+    // From this point on, no access to the this pointer or to any members, because the
+    // Holder object may have moved if the call to stringify pushed a new Holder onto
+    // m_holderStack.
+
+    switch (stringifyResult) {
+        case StringifyFailed:
+            builder.append("null");
+            break;
+        case StringifySucceeded:
+            break;
+        case StringifyFailedDueToUndefinedValue:
+            // This only occurs when get an undefined value for an object property.
+            // In this case we don't want the separator and property name that we
+            // already appended, so roll back.
+            builder = builder.substr(0, rollBackPoint);
+            break;
+    }
+
+    return true;
+}
+
+// ------------------------------ JSONObject --------------------------------
+
+const ClassInfo JSONObject::info = { "JSON", 0, 0, ExecState::jsonTable };
+
+/* Source for JSONObject.lut.h
+@begin jsonTable
+  parse         JSONProtoFuncParse             DontEnum|Function 1
+  stringify     JSONProtoFuncStringify         DontEnum|Function 1
+@end
+*/
+
+// ECMA 15.8
+
+bool JSONObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticFunctionSlot<JSObject>(exec, ExecState::jsonTable(exec), this, propertyName, slot);
+}
+
+bool JSONObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticFunctionDescriptor<JSObject>(exec, ExecState::jsonTable(exec), this, propertyName, descriptor);
+}
+
+void JSONObject::markStringifiers(MarkStack& markStack, Stringifier* stringifier)
+{
+    stringifier->markAggregate(markStack);
+}
+
+class Walker {
+public:
+    Walker(ExecState* exec, JSObject* function, CallType callType, CallData callData)
+        : m_exec(exec)
+        , m_function(function)
+        , m_callType(callType)
+        , m_callData(callData)
+    {
+    }
+    JSValue walk(JSValue unfiltered);
+private:
+    JSValue callReviver(JSObject* thisObj, JSValue property, JSValue unfiltered)
+    {
+        JSValue args[] = { property, unfiltered };
+        ArgList argList(args, 2);
+        return call(m_exec, m_function, m_callType, m_callData, thisObj, argList);
+    }
+
+    friend class Holder;
+
+    ExecState* m_exec;
+    JSObject* m_function;
+    CallType m_callType;
+    CallData m_callData;
+};
+
+// We clamp recursion well beyond anything reasonable, but we also have a timeout check
+// to guard against "infinite" execution by inserting arbitrarily large objects.
+static const unsigned maximumFilterRecursion = 40000;
+enum WalkerState { StateUnknown, ArrayStartState, ArrayStartVisitMember, ArrayEndVisitMember, 
+                                 ObjectStartState, ObjectStartVisitMember, ObjectEndVisitMember };
+NEVER_INLINE JSValue Walker::walk(JSValue unfiltered)
+{
+    Vector<PropertyNameArray, 16> propertyStack;
+    Vector<uint32_t, 16> indexStack;
+    Vector<JSObject*, 16> objectStack;
+    Vector<JSArray*, 16> arrayStack;
+    
+    Vector<WalkerState, 16> stateStack;
+    WalkerState state = StateUnknown;
+    JSValue inValue = unfiltered;
+    JSValue outValue = jsNull();
+    
+    TimeoutChecker localTimeoutChecker;
+    localTimeoutChecker.copyTimeoutValues(m_exec->globalData().timeoutChecker);
+    localTimeoutChecker.reset();
+    unsigned tickCount = localTimeoutChecker.ticksUntilNextCheck();
+    while (1) {
+        switch (state) {
+            arrayStartState:
+            case ArrayStartState: {
+                ASSERT(inValue.isObject());
+                ASSERT(isJSArray(&m_exec->globalData(), asObject(inValue)) || asObject(inValue)->inherits(&JSArray::info));
+                if (objectStack.size() + arrayStack.size() > maximumFilterRecursion) {
+                    m_exec->setException(createStackOverflowError(m_exec));
+                    return jsUndefined();
+                }
+
+                JSArray* array = asArray(inValue);
+                arrayStack.append(array);
+                indexStack.append(0);
+                // fallthrough
+            }
+            arrayStartVisitMember:
+            case ArrayStartVisitMember: {
+                if (!--tickCount) {
+                    if (localTimeoutChecker.didTimeOut(m_exec)) {
+                        m_exec->setException(createInterruptedExecutionException(&m_exec->globalData()));
+                        return jsUndefined();
+                    }
+                    tickCount = localTimeoutChecker.ticksUntilNextCheck();
+                }
+
+                JSArray* array = arrayStack.last();
+                uint32_t index = indexStack.last();
+                if (index == array->length()) {
+                    outValue = array;
+                    arrayStack.removeLast();
+                    indexStack.removeLast();
+                    break;
+                }
+                if (isJSArray(&m_exec->globalData(), array) && array->canGetIndex(index))
+                    inValue = array->getIndex(index);
+                else {
+                    PropertySlot slot;
+                    if (array->getOwnPropertySlot(m_exec, index, slot))
+                        inValue = slot.getValue(m_exec, index);
+                    else
+                        inValue = jsUndefined();
+                }
+                    
+                if (inValue.isObject()) {
+                    stateStack.append(ArrayEndVisitMember);
+                    goto stateUnknown;
+                } else
+                    outValue = inValue;
+                // fallthrough
+            }
+            case ArrayEndVisitMember: {
+                JSArray* array = arrayStack.last();
+                JSValue filteredValue = callReviver(array, jsString(m_exec, UString::from(indexStack.last())), outValue);
+                if (filteredValue.isUndefined())
+                    array->deleteProperty(m_exec, indexStack.last());
+                else {
+                    if (isJSArray(&m_exec->globalData(), array) && array->canSetIndex(indexStack.last()))
+                        array->setIndex(indexStack.last(), filteredValue);
+                    else
+                        array->put(m_exec, indexStack.last(), filteredValue);
+                }
+                if (m_exec->hadException())
+                    return jsNull();
+                indexStack.last()++;
+                goto arrayStartVisitMember;
+            }
+            objectStartState:
+            case ObjectStartState: {
+                ASSERT(inValue.isObject());
+                ASSERT(!isJSArray(&m_exec->globalData(), asObject(inValue)) && !asObject(inValue)->inherits(&JSArray::info));
+                if (objectStack.size() + arrayStack.size() > maximumFilterRecursion) {
+                    m_exec->setException(createStackOverflowError(m_exec));
+                    return jsUndefined();
+                }
+
+                JSObject* object = asObject(inValue);
+                objectStack.append(object);
+                indexStack.append(0);
+                propertyStack.append(PropertyNameArray(m_exec));
+                object->getPropertyNames(m_exec, propertyStack.last());
+                // fallthrough
+            }
+            objectStartVisitMember:
+            case ObjectStartVisitMember: {
+                if (!--tickCount) {
+                    if (localTimeoutChecker.didTimeOut(m_exec)) {
+                        m_exec->setException(createInterruptedExecutionException(&m_exec->globalData()));
+                        return jsUndefined();
+                    }
+                    tickCount = localTimeoutChecker.ticksUntilNextCheck();
+                }
+
+                JSObject* object = objectStack.last();
+                uint32_t index = indexStack.last();
+                PropertyNameArray& properties = propertyStack.last();
+                if (index == properties.size()) {
+                    outValue = object;
+                    objectStack.removeLast();
+                    indexStack.removeLast();
+                    propertyStack.removeLast();
+                    break;
+                }
+                PropertySlot slot;
+                if (object->getOwnPropertySlot(m_exec, properties[index], slot))
+                    inValue = slot.getValue(m_exec, properties[index]);
+                else
+                    inValue = jsUndefined();
+
+                // The holder may be modified by the reviver function so any lookup may throw
+                if (m_exec->hadException())
+                    return jsNull();
+
+                if (inValue.isObject()) {
+                    stateStack.append(ObjectEndVisitMember);
+                    goto stateUnknown;
+                } else
+                    outValue = inValue;
+                // fallthrough
+            }
+            case ObjectEndVisitMember: {
+                JSObject* object = objectStack.last();
+                Identifier prop = propertyStack.last()[indexStack.last()];
+                PutPropertySlot slot;
+                JSValue filteredValue = callReviver(object, jsString(m_exec, prop.ustring()), outValue);
+                if (filteredValue.isUndefined())
+                    object->deleteProperty(m_exec, prop);
+                else
+                    object->put(m_exec, prop, filteredValue, slot);
+                if (m_exec->hadException())
+                    return jsNull();
+                indexStack.last()++;
+                goto objectStartVisitMember;
+            }
+            stateUnknown:
+            case StateUnknown:
+                if (!inValue.isObject()) {
+                    outValue = inValue;
+                    break;
+                }
+                JSObject* object = asObject(inValue);
+                if (isJSArray(&m_exec->globalData(), object) || object->inherits(&JSArray::info))
+                    goto arrayStartState;
+                goto objectStartState;
+        }
+        if (stateStack.isEmpty())
+            break;
+
+        state = stateStack.last();
+        stateStack.removeLast();
+
+        if (!--tickCount) {
+            if (localTimeoutChecker.didTimeOut(m_exec)) {
+                m_exec->setException(createInterruptedExecutionException(&m_exec->globalData()));
+                return jsUndefined();
+            }
+            tickCount = localTimeoutChecker.ticksUntilNextCheck();
+        }
+    }
+    JSObject* finalHolder = constructEmptyObject(m_exec);
+    PutPropertySlot slot;
+    finalHolder->put(m_exec, m_exec->globalData().propertyNames->emptyIdentifier, outValue, slot);
+    return callReviver(finalHolder, jsEmptyString(m_exec), outValue);
+}
+
+// ECMA-262 v5 15.12.2
+JSValue JSC_HOST_CALL JSONProtoFuncParse(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (args.isEmpty())
+        return throwError(exec, GeneralError, "JSON.parse requires at least one parameter");
+    JSValue value = args.at(0);
+    UString source = value.toString(exec);
+    if (exec->hadException())
+        return jsNull();
+    
+    LiteralParser jsonParser(exec, source, LiteralParser::StrictJSON);
+    JSValue unfiltered = jsonParser.tryLiteralParse();
+    if (!unfiltered)
+        return throwError(exec, SyntaxError, "Unable to parse JSON string");
+    
+    if (args.size() < 2)
+        return unfiltered;
+    
+    JSValue function = args.at(1);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return unfiltered;
+    return Walker(exec, asObject(function), callType, callData).walk(unfiltered);
+}
+
+// ECMA-262 v5 15.12.3
+JSValue JSC_HOST_CALL JSONProtoFuncStringify(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (args.isEmpty())
+        return throwError(exec, GeneralError, "No input to stringify");
+    JSValue value = args.at(0);
+    JSValue replacer = args.at(1);
+    JSValue space = args.at(2);
+    return Stringifier(exec, replacer, space).stringify(value);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.h
new file mode 100644
index 000000000..0705a690f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSONObject.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSONObject_h
+#define JSONObject_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class Stringifier;
+
+    class JSONObject : public JSObject {
+    public:
+        JSONObject(PassRefPtr<Structure> structure)
+            : JSObject(structure)
+        {
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+
+        static void markStringifiers(MarkStack&, Stringifier*);
+
+    private:
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+    };
+
+} // namespace JSC
+
+#endif // JSONObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp
new file mode 100644
index 000000000..d7f5344a8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.cpp
@@ -0,0 +1,676 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Eric Seidel (eric@webkit.org)
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSObject.h"
+
+#include "DatePrototype.h"
+#include "ErrorConstructor.h"
+#include "GetterSetter.h"
+#include "JSGlobalObject.h"
+#include "NativeErrorConstructor.h"
+#include "ObjectPrototype.h"
+#include "PropertyDescriptor.h"
+#include "PropertyNameArray.h"
+#include "Lookup.h"
+#include "Nodes.h"
+#include "Operations.h"
+#include <math.h>
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSObject);
+
+void JSObject::markChildren(MarkStack& markStack)
+{
+#ifndef NDEBUG
+    bool wasCheckingForDefaultMarkViolation = markStack.m_isCheckingForDefaultMarkViolation;
+    markStack.m_isCheckingForDefaultMarkViolation = false;
+#endif
+
+    markChildrenDirect(markStack);
+
+#ifndef NDEBUG
+    markStack.m_isCheckingForDefaultMarkViolation = wasCheckingForDefaultMarkViolation;
+#endif
+}
+
+UString JSObject::className() const
+{
+    const ClassInfo* info = classInfo();
+    if (info)
+        return info->className;
+    return "Object";
+}
+
+bool JSObject::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    return getOwnPropertySlot(exec, Identifier::from(exec, propertyName), slot);
+}
+
+static void throwSetterError(ExecState* exec)
+{
+    throwError(exec, TypeError, "setting a property that has only a getter");
+}
+
+// ECMA 8.6.2.2
+void JSObject::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    ASSERT(value);
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (propertyName == exec->propertyNames().underscoreProto) {
+        // Setting __proto__ to a non-object, non-null value is silently ignored to match Mozilla.
+        if (!value.isObject() && !value.isNull())
+            return;
+
+        JSValue nextPrototypeValue = value;
+        while (nextPrototypeValue && nextPrototypeValue.isObject()) {
+            JSObject* nextPrototype = asObject(nextPrototypeValue)->unwrappedObject();
+            if (nextPrototype == this) {
+                throwError(exec, GeneralError, "cyclic __proto__ value");
+                return;
+            }
+            nextPrototypeValue = nextPrototype->prototype();
+        }
+
+        setPrototype(value);
+        return;
+    }
+
+    // Check if there are any setters or getters in the prototype chain
+    JSValue prototype;
+    for (JSObject* obj = this; !obj->structure()->hasGetterSetterProperties(); obj = asObject(prototype)) {
+        prototype = obj->prototype();
+        if (prototype.isNull()) {
+            putDirectInternal(exec->globalData(), propertyName, value, 0, true, slot);
+            return;
+        }
+    }
+    
+    unsigned attributes;
+    JSCell* specificValue;
+    if ((m_structure->get(propertyName, attributes, specificValue) != WTF::notFound) && attributes & ReadOnly)
+        return;
+
+    for (JSObject* obj = this; ; obj = asObject(prototype)) {
+        if (JSValue gs = obj->getDirect(propertyName)) {
+            if (gs.isGetterSetter()) {
+                JSObject* setterFunc = asGetterSetter(gs)->setter();        
+                if (!setterFunc) {
+                    throwSetterError(exec);
+                    return;
+                }
+                
+                CallData callData;
+                CallType callType = setterFunc->getCallData(callData);
+                MarkedArgumentBuffer args;
+                args.append(value);
+                call(exec, setterFunc, callType, callData, this, args);
+                return;
+            }
+
+            // If there's an existing property on the object or one of its 
+            // prototypes it should be replaced, so break here.
+            break;
+        }
+
+        prototype = obj->prototype();
+        if (prototype.isNull())
+            break;
+    }
+
+    putDirectInternal(exec->globalData(), propertyName, value, 0, true, slot);
+    return;
+}
+
+void JSObject::put(ExecState* exec, unsigned propertyName, JSValue value)
+{
+    PutPropertySlot slot;
+    put(exec, Identifier::from(exec, propertyName), value, slot);
+}
+
+void JSObject::putWithAttributes(ExecState* exec, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    putDirectInternal(exec->globalData(), propertyName, value, attributes, checkReadOnly, slot);
+}
+
+void JSObject::putWithAttributes(ExecState* exec, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    putDirectInternal(exec->globalData(), propertyName, value, attributes);
+}
+
+void JSObject::putWithAttributes(ExecState* exec, unsigned propertyName, JSValue value, unsigned attributes)
+{
+    putWithAttributes(exec, Identifier::from(exec, propertyName), value, attributes);
+}
+
+bool JSObject::hasProperty(ExecState* exec, const Identifier& propertyName) const
+{
+    PropertySlot slot;
+    return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
+}
+
+bool JSObject::hasProperty(ExecState* exec, unsigned propertyName) const
+{
+    PropertySlot slot;
+    return const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot);
+}
+
+// ECMA 8.6.2.5
+bool JSObject::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    unsigned attributes;
+    JSCell* specificValue;
+    if (m_structure->get(propertyName, attributes, specificValue) != WTF::notFound) {
+        if ((attributes & DontDelete) && checkDontDelete)
+            return false;
+        removeDirect(propertyName);
+        return true;
+    }
+
+    // Look in the static hashtable of properties
+    const HashEntry* entry = findPropertyHashEntry(exec, propertyName);
+    if (entry && (entry->attributes() & DontDelete) && checkDontDelete)
+        return false; // this builtin property can't be deleted
+
+    // FIXME: Should the code here actually do some deletion?
+    return true;
+}
+
+bool JSObject::hasOwnProperty(ExecState* exec, const Identifier& propertyName) const
+{
+    PropertySlot slot;
+    return const_cast<JSObject*>(this)->getOwnPropertySlot(exec, propertyName, slot);
+}
+
+bool JSObject::deleteProperty(ExecState* exec, unsigned propertyName, bool checkDontDelete)
+{
+    return deleteProperty(exec, Identifier::from(exec, propertyName), checkDontDelete);
+}
+
+static ALWAYS_INLINE JSValue callDefaultValueFunction(ExecState* exec, const JSObject* object, const Identifier& propertyName)
+{
+    JSValue function = object->get(exec, propertyName);
+    CallData callData;
+    CallType callType = function.getCallData(callData);
+    if (callType == CallTypeNone)
+        return exec->exception();
+
+    // Prevent "toString" and "valueOf" from observing execution if an exception
+    // is pending.
+    if (exec->hadException())
+        return exec->exception();
+
+    JSValue result = call(exec, function, callType, callData, const_cast<JSObject*>(object), exec->emptyList());
+    ASSERT(!result.isGetterSetter());
+    if (exec->hadException())
+        return exec->exception();
+    if (result.isObject())
+        return JSValue();
+    return result;
+}
+
+bool JSObject::getPrimitiveNumber(ExecState* exec, double& number, JSValue& result)
+{
+    result = defaultValue(exec, PreferNumber);
+    number = result.toNumber(exec);
+    return !result.isString();
+}
+
+// ECMA 8.6.2.6
+JSValue JSObject::defaultValue(ExecState* exec, PreferredPrimitiveType hint) const
+{
+    // Must call toString first for Date objects.
+    if ((hint == PreferString) || (hint != PreferNumber && prototype() == exec->lexicalGlobalObject()->datePrototype())) {
+        JSValue value = callDefaultValueFunction(exec, this, exec->propertyNames().toString);
+        if (value)
+            return value;
+        value = callDefaultValueFunction(exec, this, exec->propertyNames().valueOf);
+        if (value)
+            return value;
+    } else {
+        JSValue value = callDefaultValueFunction(exec, this, exec->propertyNames().valueOf);
+        if (value)
+            return value;
+        value = callDefaultValueFunction(exec, this, exec->propertyNames().toString);
+        if (value)
+            return value;
+    }
+
+    ASSERT(!exec->hadException());
+
+    return throwError(exec, TypeError, "No default value");
+}
+
+const HashEntry* JSObject::findPropertyHashEntry(ExecState* exec, const Identifier& propertyName) const
+{
+    for (const ClassInfo* info = classInfo(); info; info = info->parentClass) {
+        if (const HashTable* propHashTable = info->propHashTable(exec)) {
+            if (const HashEntry* entry = propHashTable->entry(exec, propertyName))
+                return entry;
+        }
+    }
+    return 0;
+}
+
+void JSObject::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes)
+{
+    JSValue object = getDirect(propertyName);
+    if (object && object.isGetterSetter()) {
+        ASSERT(m_structure->hasGetterSetterProperties());
+        asGetterSetter(object)->setGetter(getterFunction);
+        return;
+    }
+
+    PutPropertySlot slot;
+    GetterSetter* getterSetter = new (exec) GetterSetter(exec);
+    putDirectInternal(exec->globalData(), propertyName, getterSetter, attributes | Getter, true, slot);
+
+    // putDirect will change our Structure if we add a new property. For
+    // getters and setters, though, we also need to change our Structure
+    // if we override an existing non-getter or non-setter.
+    if (slot.type() != PutPropertySlot::NewProperty) {
+        if (!m_structure->isDictionary()) {
+            RefPtr<Structure> structure = Structure::getterSetterTransition(m_structure);
+            setStructure(structure.release());
+        }
+    }
+
+    m_structure->setHasGetterSetterProperties(true);
+    getterSetter->setGetter(getterFunction);
+}
+
+void JSObject::defineSetter(ExecState* exec, const Identifier& propertyName, JSObject* setterFunction, unsigned attributes)
+{
+    JSValue object = getDirect(propertyName);
+    if (object && object.isGetterSetter()) {
+        ASSERT(m_structure->hasGetterSetterProperties());
+        asGetterSetter(object)->setSetter(setterFunction);
+        return;
+    }
+
+    PutPropertySlot slot;
+    GetterSetter* getterSetter = new (exec) GetterSetter(exec);
+    putDirectInternal(exec->globalData(), propertyName, getterSetter, attributes | Setter, true, slot);
+
+    // putDirect will change our Structure if we add a new property. For
+    // getters and setters, though, we also need to change our Structure
+    // if we override an existing non-getter or non-setter.
+    if (slot.type() != PutPropertySlot::NewProperty) {
+        if (!m_structure->isDictionary()) {
+            RefPtr<Structure> structure = Structure::getterSetterTransition(m_structure);
+            setStructure(structure.release());
+        }
+    }
+
+    m_structure->setHasGetterSetterProperties(true);
+    getterSetter->setSetter(setterFunction);
+}
+
+JSValue JSObject::lookupGetter(ExecState*, const Identifier& propertyName)
+{
+    JSObject* object = this;
+    while (true) {
+        if (JSValue value = object->getDirect(propertyName)) {
+            if (!value.isGetterSetter())
+                return jsUndefined();
+            JSObject* functionObject = asGetterSetter(value)->getter();
+            if (!functionObject)
+                return jsUndefined();
+            return functionObject;
+        }
+
+        if (!object->prototype() || !object->prototype().isObject())
+            return jsUndefined();
+        object = asObject(object->prototype());
+    }
+}
+
+JSValue JSObject::lookupSetter(ExecState*, const Identifier& propertyName)
+{
+    JSObject* object = this;
+    while (true) {
+        if (JSValue value = object->getDirect(propertyName)) {
+            if (!value.isGetterSetter())
+                return jsUndefined();
+            JSObject* functionObject = asGetterSetter(value)->setter();
+            if (!functionObject)
+                return jsUndefined();
+            return functionObject;
+        }
+
+        if (!object->prototype() || !object->prototype().isObject())
+            return jsUndefined();
+        object = asObject(object->prototype());
+    }
+}
+
+bool JSObject::hasInstance(ExecState* exec, JSValue value, JSValue proto)
+{
+    if (!value.isObject())
+        return false;
+
+    if (!proto.isObject()) {
+        throwError(exec, TypeError, "instanceof called on an object with an invalid prototype property.");
+        return false;
+    }
+
+    JSObject* object = asObject(value);
+    while ((object = object->prototype().getObject())) {
+        if (proto == object)
+            return true;
+    }
+    return false;
+}
+
+bool JSObject::propertyIsEnumerable(ExecState* exec, const Identifier& propertyName) const
+{
+    unsigned attributes;
+    if (!getPropertyAttributes(exec, propertyName, attributes))
+        return false;
+    return !(attributes & DontEnum);
+}
+
+bool JSObject::getPropertyAttributes(ExecState* exec, const Identifier& propertyName, unsigned& attributes) const
+{
+    JSCell* specificValue;
+    if (m_structure->get(propertyName, attributes, specificValue) != WTF::notFound)
+        return true;
+    
+    // Look in the static hashtable of properties
+    const HashEntry* entry = findPropertyHashEntry(exec, propertyName);
+    if (entry) {
+        attributes = entry->attributes();
+        return true;
+    }
+    
+    return false;
+}
+
+bool JSObject::getPropertySpecificValue(ExecState*, const Identifier& propertyName, JSCell*& specificValue) const
+{
+    unsigned attributes;
+    if (m_structure->get(propertyName, attributes, specificValue) != WTF::notFound)
+        return true;
+
+    // This could be a function within the static table? - should probably
+    // also look in the hash?  This currently should not be a problem, since
+    // we've currently always call 'get' first, which should have populated
+    // the normal storage.
+    return false;
+}
+
+void JSObject::getPropertyNames(ExecState* exec, PropertyNameArray& propertyNames)
+{
+    m_structure->getEnumerablePropertyNames(exec, propertyNames, this);
+}
+
+void JSObject::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    m_structure->getOwnPropertyNames(exec, propertyNames, this, includeNonEnumerable);
+}
+
+bool JSObject::toBoolean(ExecState*) const
+{
+    return true;
+}
+
+double JSObject::toNumber(ExecState* exec) const
+{
+    JSValue primitive = toPrimitive(exec, PreferNumber);
+    if (exec->hadException()) // should be picked up soon in Nodes.cpp
+        return 0.0;
+    return primitive.toNumber(exec);
+}
+
+UString JSObject::toString(ExecState* exec) const
+{
+    JSValue primitive = toPrimitive(exec, PreferString);
+    if (exec->hadException())
+        return "";
+    return primitive.toString(exec);
+}
+
+JSObject* JSObject::toObject(ExecState*) const
+{
+    return const_cast<JSObject*>(this);
+}
+
+JSObject* JSObject::toThisObject(ExecState*) const
+{
+    return const_cast<JSObject*>(this);
+}
+
+JSObject* JSObject::unwrappedObject()
+{
+    return this;
+}
+
+void JSObject::removeDirect(const Identifier& propertyName)
+{
+    size_t offset;
+    if (m_structure->isUncacheableDictionary()) {
+        offset = m_structure->removePropertyWithoutTransition(propertyName);
+        if (offset != WTF::notFound)
+            putDirectOffset(offset, jsUndefined());
+        return;
+    }
+
+    RefPtr<Structure> structure = Structure::removePropertyTransition(m_structure, propertyName, offset);
+    setStructure(structure.release());
+    if (offset != WTF::notFound)
+        putDirectOffset(offset, jsUndefined());
+}
+
+void JSObject::putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr)
+{
+    putDirectFunction(Identifier(exec, function->name(&exec->globalData())), function, attr);
+}
+
+void JSObject::putDirectFunctionWithoutTransition(ExecState* exec, InternalFunction* function, unsigned attr)
+{
+    putDirectFunctionWithoutTransition(Identifier(exec, function->name(&exec->globalData())), function, attr);
+}
+
+NEVER_INLINE void JSObject::fillGetterPropertySlot(PropertySlot& slot, JSValue* location)
+{
+    if (JSObject* getterFunction = asGetterSetter(*location)->getter())
+        slot.setGetterSlot(getterFunction);
+    else
+        slot.setUndefined();
+}
+
+Structure* JSObject::createInheritorID()
+{
+#ifdef QT_BUILD_SCRIPT_LIB
+    // ### QtScript needs the hasOwnProperty() calls etc. for QScriptObject
+    m_inheritorID = Structure::create(this, TypeInfo(ObjectType, ImplementsHasInstance));
+#else
+    m_inheritorID = JSObject::createStructure(this);
+#endif
+    return m_inheritorID.get();
+}
+
+void JSObject::allocatePropertyStorage(size_t oldSize, size_t newSize)
+{
+    allocatePropertyStorageInline(oldSize, newSize);
+}
+
+JSObject* constructEmptyObject(ExecState* exec)
+{
+    return new (exec) JSObject(exec->lexicalGlobalObject()->emptyObjectStructure());
+}
+
+bool JSObject::getOwnPropertyDescriptor(ExecState*, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    unsigned attributes = 0;
+    JSCell* cell = 0;
+    size_t offset = m_structure->get(propertyName, attributes, cell);
+    if (offset == WTF::notFound)
+        return false;
+    descriptor.setDescriptor(getDirectOffset(offset), attributes);
+    return true;
+}
+
+bool JSObject::getPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    JSObject* object = this;
+    while (true) {
+        if (object->getOwnPropertyDescriptor(exec, propertyName, descriptor))
+            return true;
+        JSValue prototype = object->prototype();
+        if (!prototype.isObject())
+            return false;
+        object = asObject(prototype);
+    }
+}
+
+static bool putDescriptor(ExecState* exec, JSObject* target, const Identifier& propertyName, PropertyDescriptor& descriptor, unsigned attributes, JSValue oldValue)
+{
+    if (descriptor.isGenericDescriptor() || descriptor.isDataDescriptor()) {
+        target->putWithAttributes(exec, propertyName, descriptor.value() ? descriptor.value() : oldValue, attributes & ~(Getter | Setter));
+        return true;
+    }
+    attributes &= ~ReadOnly;
+    if (descriptor.getter() && descriptor.getter().isObject())
+        target->defineGetter(exec, propertyName, asObject(descriptor.getter()), attributes);
+    if (exec->hadException())
+        return false;
+    if (descriptor.setter() && descriptor.setter().isObject())
+        target->defineSetter(exec, propertyName, asObject(descriptor.setter()), attributes);
+    return !exec->hadException();
+}
+
+bool JSObject::defineOwnProperty(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor, bool throwException)
+{
+    // If we have a new property we can just put it on normally
+    PropertyDescriptor current;
+    if (!getOwnPropertyDescriptor(exec, propertyName, current))
+        return putDescriptor(exec, this, propertyName, descriptor, descriptor.attributes(), jsUndefined());
+
+    if (descriptor.isEmpty())
+        return true;
+
+    if (current.equalTo(descriptor))
+        return true;
+
+    // Filter out invalid changes
+    if (!current.configurable()) {
+        if (descriptor.configurable()) {
+            if (throwException)
+                throwError(exec, TypeError, "Attempting to configurable attribute of unconfigurable property.");
+            return false;
+        }
+        if (descriptor.enumerablePresent() && descriptor.enumerable() != current.enumerable()) {
+            if (throwException)
+                throwError(exec, TypeError, "Attempting to change enumerable attribute of unconfigurable property.");
+            return false;
+        }
+    }
+
+    // A generic descriptor is simply changing the attributes of an existing property
+    if (descriptor.isGenericDescriptor()) {
+        if (!current.attributesEqual(descriptor)) {
+            deleteProperty(exec, propertyName);
+            putDescriptor(exec, this, propertyName, descriptor, current.attributesWithOverride(descriptor), current.value());
+        }
+        return true;
+    }
+
+    // Changing between a normal property or an accessor property
+    if (descriptor.isDataDescriptor() != current.isDataDescriptor()) {
+        if (!current.configurable()) {
+            if (throwException)
+                throwError(exec, TypeError, "Attempting to change access mechanism for an unconfigurable property.");
+            return false;
+        }
+        deleteProperty(exec, propertyName);
+        return putDescriptor(exec, this, propertyName, descriptor, current.attributesWithOverride(descriptor), current.value() ? current.value() : jsUndefined());
+    }
+
+    // Changing the value and attributes of an existing property
+    if (descriptor.isDataDescriptor()) {
+        if (!current.configurable()) {
+            if (!current.writable() && descriptor.writable()) {
+                if (throwException)
+                    throwError(exec, TypeError, "Attempting to change writable attribute of unconfigurable property.");
+                return false;
+            }
+            if (!current.writable()) {
+                if (descriptor.value() || !JSValue::strictEqual(current.value(), descriptor.value())) {
+                    if (throwException)
+                        throwError(exec, TypeError, "Attempting to change value of a readonly property.");
+                    return false;
+                }
+            }
+        } else if (current.attributesEqual(descriptor)) {
+            if (!descriptor.value())
+                return true;
+            PutPropertySlot slot;
+            put(exec, propertyName, descriptor.value(), slot);
+            if (exec->hadException())
+                return false;
+            return true;
+        }
+        deleteProperty(exec, propertyName);
+        return putDescriptor(exec, this, propertyName, descriptor, current.attributesWithOverride(descriptor), current.value());
+    }
+
+    // Changing the accessor functions of an existing accessor property
+    ASSERT(descriptor.isAccessorDescriptor());
+    if (!current.configurable()) {
+        if (descriptor.setterPresent() && !(current.setter() && JSValue::strictEqual(current.setter(), descriptor.setter()))) {
+            if (throwException)
+                throwError(exec, TypeError, "Attempting to change the setter of an unconfigurable property.");
+            return false;
+        }
+        if (descriptor.getterPresent() && !(current.getter() && JSValue::strictEqual(current.getter(), descriptor.getter()))) {
+            if (throwException)
+                throwError(exec, TypeError, "Attempting to change the getter of an unconfigurable property.");
+            return false;
+        }
+    }
+    JSValue accessor = getDirect(propertyName);
+    if (!accessor)
+        return false;
+    GetterSetter* getterSetter = asGetterSetter(accessor);
+    if (current.attributesEqual(descriptor)) {
+        if (descriptor.setter())
+            getterSetter->setSetter(asObject(descriptor.setter()));
+        if (descriptor.getter())
+            getterSetter->setGetter(asObject(descriptor.getter()));
+        return true;
+    }
+    deleteProperty(exec, propertyName);
+    unsigned attrs = current.attributesWithOverride(descriptor);
+    if (descriptor.setter())
+        attrs |= Setter;
+    if (descriptor.getter())
+        attrs |= Getter;
+    putDirect(propertyName, getterSetter, attrs);
+    return true;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h
new file mode 100644
index 000000000..9eb4e3e10
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h
@@ -0,0 +1,701 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSObject_h
+#define JSObject_h
+
+#include "ArgList.h"
+#include "ClassInfo.h"
+#include "CommonIdentifiers.h"
+#include "CallFrame.h"
+#include "JSCell.h"
+#include "JSNumberCell.h"
+#include "MarkStack.h"
+#include "PropertySlot.h"
+#include "PutPropertySlot.h"
+#include "ScopeChain.h"
+#include "Structure.h"
+#include "JSGlobalData.h"
+#include <wtf/StdLibExtras.h>
+
+namespace JSC {
+
+    inline JSCell* getJSFunction(JSGlobalData& globalData, JSValue value)
+    {
+        if (value.isCell() && (value.asCell()->vptr() == globalData.jsFunctionVPtr))
+            return value.asCell();
+        return 0;
+    }
+    
+    class HashEntry;
+    class InternalFunction;
+    class PropertyDescriptor;
+    class PropertyNameArray;
+    class Structure;
+    struct HashTable;
+
+    // ECMA 262-3 8.6.1
+    // Property attributes
+    enum Attribute {
+        None         = 0,
+        ReadOnly     = 1 << 1,  // property can be only read, not written
+        DontEnum     = 1 << 2,  // property doesn't appear in (for .. in ..)
+        DontDelete   = 1 << 3,  // property can't be deleted
+        Function     = 1 << 4,  // property is a function - only used by static hashtables
+        Getter       = 1 << 5,  // property is a getter
+        Setter       = 1 << 6   // property is a setter
+    };
+
+    typedef EncodedJSValue* PropertyStorage;
+    typedef const EncodedJSValue* ConstPropertyStorage;
+
+    class JSObject : public JSCell {
+        friend class BatchedTransitionOptimizer;
+        friend class JIT;
+        friend class JSCell;
+
+    public:
+        explicit JSObject(PassRefPtr<Structure>);
+
+        virtual void markChildren(MarkStack&);
+        ALWAYS_INLINE void markChildrenDirect(MarkStack& markStack);
+
+        // The inline virtual destructor cannot be the first virtual function declared
+        // in the class as it results in the vtable being generated as a weak symbol
+        virtual ~JSObject();
+
+        JSValue prototype() const;
+        void setPrototype(JSValue prototype);
+        
+        void setStructure(PassRefPtr<Structure>);
+        Structure* inheritorID();
+
+        virtual UString className() const;
+
+        JSValue get(ExecState*, const Identifier& propertyName) const;
+        JSValue get(ExecState*, unsigned propertyName) const;
+
+        bool getPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        bool getPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        bool getPropertyDescriptor(ExecState*, const Identifier& propertyName, PropertyDescriptor&);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue value, PutPropertySlot&);
+        virtual void put(ExecState*, unsigned propertyName, JSValue value);
+
+        virtual void putWithAttributes(ExecState*, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot);
+        virtual void putWithAttributes(ExecState*, const Identifier& propertyName, JSValue value, unsigned attributes);
+        virtual void putWithAttributes(ExecState*, unsigned propertyName, JSValue value, unsigned attributes);
+
+        bool propertyIsEnumerable(ExecState*, const Identifier& propertyName) const;
+
+        bool hasProperty(ExecState*, const Identifier& propertyName) const;
+        bool hasProperty(ExecState*, unsigned propertyName) const;
+        bool hasOwnProperty(ExecState*, const Identifier& propertyName) const;
+
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual bool deleteProperty(ExecState*, unsigned propertyName, bool checkDontDelete = true);
+
+        virtual JSValue defaultValue(ExecState*, PreferredPrimitiveType) const;
+
+        virtual bool hasInstance(ExecState*, JSValue, JSValue prototypeProperty);
+
+        virtual void getPropertyNames(ExecState*, PropertyNameArray&);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+
+        virtual JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
+        virtual bool getPrimitiveNumber(ExecState*, double& number, JSValue& value);
+        virtual bool toBoolean(ExecState*) const;
+        virtual double toNumber(ExecState*) const;
+        virtual UString toString(ExecState*) const;
+        virtual JSObject* toObject(ExecState*) const;
+
+        virtual JSObject* toThisObject(ExecState*) const;
+        virtual JSObject* unwrappedObject();
+
+        virtual bool getPropertyAttributes(ExecState*, const Identifier& propertyName, unsigned& attributes) const;
+        bool getPropertySpecificValue(ExecState* exec, const Identifier& propertyName, JSCell*& specificFunction) const;
+
+        // This get function only looks at the property map.
+        JSValue getDirect(const Identifier& propertyName) const
+        {
+            size_t offset = m_structure->get(propertyName);
+            return offset != WTF::notFound ? getDirectOffset(offset) : JSValue();
+        }
+
+        JSValue* getDirectLocation(const Identifier& propertyName)
+        {
+            size_t offset = m_structure->get(propertyName);
+            return offset != WTF::notFound ? locationForOffset(offset) : 0;
+        }
+
+        JSValue* getDirectLocation(const Identifier& propertyName, unsigned& attributes)
+        {
+            JSCell* specificFunction;
+            size_t offset = m_structure->get(propertyName, attributes, specificFunction);
+            return offset != WTF::notFound ? locationForOffset(offset) : 0;
+        }
+
+        size_t offsetForLocation(JSValue* location) const
+        {
+            return location - reinterpret_cast<const JSValue*>(propertyStorage());
+        }
+
+        void transitionTo(Structure*);
+
+        void removeDirect(const Identifier& propertyName);
+        bool hasCustomProperties() { return !m_structure->isEmpty(); }
+        bool hasGetterSetterProperties() { return m_structure->hasGetterSetterProperties(); }
+
+        void putDirect(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        void putDirect(const Identifier& propertyName, JSValue value, unsigned attr = 0);
+
+        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
+        void putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        void putDirectFunction(ExecState* exec, InternalFunction* function, unsigned attr = 0);
+
+        void putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attr = 0);
+        void putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attr = 0);
+        void putDirectFunctionWithoutTransition(ExecState* exec, InternalFunction* function, unsigned attr = 0);
+
+        // Fast access to known property offsets.
+        JSValue getDirectOffset(size_t offset) const { return JSValue::decode(propertyStorage()[offset]); }
+        void putDirectOffset(size_t offset, JSValue value) { propertyStorage()[offset] = JSValue::encode(value); }
+
+        void fillGetterPropertySlot(PropertySlot&, JSValue* location);
+
+        virtual void defineGetter(ExecState*, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes = 0);
+        virtual void defineSetter(ExecState*, const Identifier& propertyName, JSObject* setterFunction, unsigned attributes = 0);
+        virtual JSValue lookupGetter(ExecState*, const Identifier& propertyName);
+        virtual JSValue lookupSetter(ExecState*, const Identifier& propertyName);
+        virtual bool defineOwnProperty(ExecState*, const Identifier& propertyName, PropertyDescriptor&, bool shouldThrow);
+
+        virtual bool isGlobalObject() const { return false; }
+        virtual bool isVariableObject() const { return false; }
+        virtual bool isActivationObject() const { return false; }
+        virtual bool isWatchdogException() const { return false; }
+        virtual bool isNotAnObjectErrorStub() const { return false; }
+
+#ifdef QT_BUILD_SCRIPT_LIB
+        virtual bool compareToObject(ExecState*, JSObject *other) { return other == this; }
+#endif
+
+        void allocatePropertyStorage(size_t oldSize, size_t newSize);
+        void allocatePropertyStorageInline(size_t oldSize, size_t newSize);
+        bool isUsingInlineStorage() const { return m_structure->isUsingInlineStorage(); }
+
+        static const size_t inlineStorageCapacity = sizeof(EncodedJSValue) == 2 * sizeof(void*) ? 4 : 3;
+        static const size_t nonInlineBaseStorageCapacity = 16;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+
+    protected:
+        void addAnonymousSlots(unsigned count);
+        void putAnonymousValue(unsigned index, JSValue value)
+        {
+            *locationForOffset(index) = value;
+        }
+        JSValue getAnonymousValue(unsigned index)
+        {
+            return *locationForOffset(index);
+        }
+
+    private:
+        // Nobody should ever ask any of these questions on something already known to be a JSObject.
+        using JSCell::isAPIValueWrapper;
+        using JSCell::isGetterSetter;
+        using JSCell::toObject;
+        void getObject();
+        void getString();
+        void isObject();
+        void isString();
+#if USE(JSVALUE32)
+        void isNumber();
+#endif
+
+        ConstPropertyStorage propertyStorage() const { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
+        PropertyStorage propertyStorage() { return (isUsingInlineStorage() ? m_inlineStorage : m_externalStorage); }
+
+        const JSValue* locationForOffset(size_t offset) const
+        {
+            return reinterpret_cast<const JSValue*>(&propertyStorage()[offset]);
+        }
+
+        JSValue* locationForOffset(size_t offset)
+        {
+            return reinterpret_cast<JSValue*>(&propertyStorage()[offset]);
+        }
+
+        void putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot, JSCell*);
+        void putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr, bool checkReadOnly, PutPropertySlot& slot);
+        void putDirectInternal(JSGlobalData&, const Identifier& propertyName, JSValue value, unsigned attr = 0);
+
+        bool inlineGetOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+
+        const HashEntry* findPropertyHashEntry(ExecState*, const Identifier& propertyName) const;
+        Structure* createInheritorID();
+
+        union {
+            PropertyStorage m_externalStorage;
+            EncodedJSValue m_inlineStorage[inlineStorageCapacity];
+        };
+
+        RefPtr<Structure> m_inheritorID;
+    };
+    
+JSObject* constructEmptyObject(ExecState*);
+
+inline JSObject* asObject(JSCell* cell)
+{
+    ASSERT(cell->isObject());
+    return static_cast<JSObject*>(cell);
+}
+
+inline JSObject* asObject(JSValue value)
+{
+    return asObject(value.asCell());
+}
+
+inline JSObject::JSObject(PassRefPtr<Structure> structure)
+    : JSCell(structure.releaseRef()) // ~JSObject balances this ref()
+{
+    ASSERT(m_structure);
+    ASSERT(m_structure->propertyStorageCapacity() == inlineStorageCapacity);
+    ASSERT(m_structure->isEmpty());
+    ASSERT(prototype().isNull() || Heap::heap(this) == Heap::heap(prototype()));
+#if USE(JSVALUE64) || USE(JSVALUE32_64)
+    ASSERT(OBJECT_OFFSETOF(JSObject, m_inlineStorage) % sizeof(double) == 0);
+#endif
+}
+
+inline JSObject::~JSObject()
+{
+    ASSERT(m_structure);
+    if (!isUsingInlineStorage())
+        delete [] m_externalStorage;
+    m_structure->deref();
+}
+
+inline JSValue JSObject::prototype() const
+{
+    return m_structure->storedPrototype();
+}
+
+inline void JSObject::setPrototype(JSValue prototype)
+{
+    ASSERT(prototype);
+    RefPtr<Structure> newStructure = Structure::changePrototypeTransition(m_structure, prototype);
+    setStructure(newStructure.release());
+}
+
+inline void JSObject::setStructure(PassRefPtr<Structure> structure)
+{
+    m_structure->deref();
+    m_structure = structure.releaseRef(); // ~JSObject balances this ref()
+}
+
+inline Structure* JSObject::inheritorID()
+{
+    if (m_inheritorID)
+        return m_inheritorID.get();
+    return createInheritorID();
+}
+
+inline bool Structure::isUsingInlineStorage() const
+{
+    return (propertyStorageCapacity() == JSObject::inlineStorageCapacity);
+}
+
+inline bool JSCell::inherits(const ClassInfo* info) const
+{
+    for (const ClassInfo* ci = classInfo(); ci; ci = ci->parentClass) {
+        if (ci == info)
+            return true;
+    }
+    return false;
+}
+
+// this method is here to be after the inline declaration of JSCell::inherits
+inline bool JSValue::inherits(const ClassInfo* classInfo) const
+{
+    return isCell() && asCell()->inherits(classInfo);
+}
+
+ALWAYS_INLINE bool JSObject::inlineGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (JSValue* location = getDirectLocation(propertyName)) {
+        if (m_structure->hasGetterSetterProperties() && location[0].isGetterSetter())
+            fillGetterPropertySlot(slot, location);
+        else
+            slot.setValueSlot(this, location, offsetForLocation(location));
+        return true;
+    }
+
+    // non-standard Netscape extension
+    if (propertyName == exec->propertyNames().underscoreProto) {
+        slot.setValue(prototype());
+        return true;
+    }
+
+    return false;
+}
+
+// It may seem crazy to inline a function this large, especially a virtual function,
+// but it makes a big difference to property lookup that derived classes can inline their
+// base class call to this.
+ALWAYS_INLINE bool JSObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return inlineGetOwnPropertySlot(exec, propertyName, slot);
+}
+
+ALWAYS_INLINE bool JSCell::fastGetOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (structure()->typeInfo().hasStandardGetOwnPropertySlot())
+        return asObject(this)->inlineGetOwnPropertySlot(exec, propertyName, slot);
+    return getOwnPropertySlot(exec, propertyName, slot);
+}
+
+// It may seem crazy to inline a function this large but it makes a big difference
+// since this is function very hot in variable lookup
+inline bool JSObject::getPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    JSObject* object = this;
+    while (true) {
+        if (object->fastGetOwnPropertySlot(exec, propertyName, slot))
+            return true;
+        JSValue prototype = object->prototype();
+        if (!prototype.isObject())
+            return false;
+        object = asObject(prototype);
+    }
+}
+
+inline bool JSObject::getPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    JSObject* object = this;
+    while (true) {
+        if (object->getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+        JSValue prototype = object->prototype();
+        if (!prototype.isObject())
+            return false;
+        object = asObject(prototype);
+    }
+}
+
+inline JSValue JSObject::get(ExecState* exec, const Identifier& propertyName) const
+{
+    PropertySlot slot(this);
+    if (const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot))
+        return slot.getValue(exec, propertyName);
+    
+    return jsUndefined();
+}
+
+inline JSValue JSObject::get(ExecState* exec, unsigned propertyName) const
+{
+    PropertySlot slot(this);
+    if (const_cast<JSObject*>(this)->getPropertySlot(exec, propertyName, slot))
+        return slot.getValue(exec, propertyName);
+
+    return jsUndefined();
+}
+
+inline void JSObject::putDirectInternal(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot, JSCell* specificFunction)
+{
+    ASSERT(value);
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    if (m_structure->isDictionary()) {
+        unsigned currentAttributes;
+        JSCell* currentSpecificFunction;
+        size_t offset = m_structure->get(propertyName, currentAttributes, currentSpecificFunction);
+        if (offset != WTF::notFound) {
+            if (currentSpecificFunction && (specificFunction != currentSpecificFunction))
+                m_structure->despecifyDictionaryFunction(propertyName);
+            if (checkReadOnly && currentAttributes & ReadOnly)
+                return;
+            putDirectOffset(offset, value);
+            if (!specificFunction && !currentSpecificFunction)
+                slot.setExistingProperty(this, offset);
+            return;
+        }
+
+        size_t currentCapacity = m_structure->propertyStorageCapacity();
+        offset = m_structure->addPropertyWithoutTransition(propertyName, attributes, specificFunction);
+        if (currentCapacity != m_structure->propertyStorageCapacity())
+            allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
+
+        ASSERT(offset < m_structure->propertyStorageCapacity());
+        putDirectOffset(offset, value);
+        // See comment on setNewProperty call below.
+        if (!specificFunction)
+            slot.setNewProperty(this, offset);
+        return;
+    }
+
+    size_t offset;
+    size_t currentCapacity = m_structure->propertyStorageCapacity();
+    if (RefPtr<Structure> structure = Structure::addPropertyTransitionToExistingStructure(m_structure, propertyName, attributes, specificFunction, offset)) {    
+        if (currentCapacity != structure->propertyStorageCapacity())
+            allocatePropertyStorage(currentCapacity, structure->propertyStorageCapacity());
+
+        ASSERT(offset < structure->propertyStorageCapacity());
+        setStructure(structure.release());
+        putDirectOffset(offset, value);
+        // See comment on setNewProperty call below.
+        if (!specificFunction)
+            slot.setNewProperty(this, offset);
+        return;
+    }
+
+    unsigned currentAttributes;
+    JSCell* currentSpecificFunction;
+    offset = m_structure->get(propertyName, currentAttributes, currentSpecificFunction);
+    if (offset != WTF::notFound) {
+        if (checkReadOnly && currentAttributes & ReadOnly)
+            return;
+
+        if (currentSpecificFunction && (specificFunction != currentSpecificFunction)) {
+            setStructure(Structure::despecifyFunctionTransition(m_structure, propertyName));
+            putDirectOffset(offset, value);
+            // Function transitions are not currently cachable, so leave the slot in an uncachable state.
+            return;
+        }
+        putDirectOffset(offset, value);
+        slot.setExistingProperty(this, offset);
+        return;
+    }
+
+    // If we have a specific function, we may have got to this point if there is
+    // already a transition with the correct property name and attributes, but
+    // specialized to a different function.  In this case we just want to give up
+    // and despecialize the transition.
+    // In this case we clear the value of specificFunction which will result
+    // in us adding a non-specific transition, and any subsequent lookup in
+    // Structure::addPropertyTransitionToExistingStructure will just use that.
+    if (specificFunction && m_structure->hasTransition(propertyName, attributes))
+        specificFunction = 0;
+
+    RefPtr<Structure> structure = Structure::addPropertyTransition(m_structure, propertyName, attributes, specificFunction, offset);
+
+    if (currentCapacity != structure->propertyStorageCapacity())
+        allocatePropertyStorage(currentCapacity, structure->propertyStorageCapacity());
+
+    ASSERT(offset < structure->propertyStorageCapacity());
+    setStructure(structure.release());
+    putDirectOffset(offset, value);
+    // Function transitions are not currently cachable, so leave the slot in an uncachable state.
+    if (!specificFunction)
+        slot.setNewProperty(this, offset);
+}
+
+inline void JSObject::putDirectInternal(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    ASSERT(value);
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, getJSFunction(globalData, value));
+}
+
+inline void JSObject::putDirectInternal(JSGlobalData& globalData, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    PutPropertySlot slot;
+    putDirectInternal(propertyName, value, attributes, false, slot, getJSFunction(globalData, value));
+}
+
+inline void JSObject::addAnonymousSlots(unsigned count)
+{
+    size_t currentCapacity = m_structure->propertyStorageCapacity();
+    RefPtr<Structure> structure = Structure::addAnonymousSlotsTransition(m_structure, count);
+
+    if (currentCapacity != structure->propertyStorageCapacity())
+        allocatePropertyStorage(currentCapacity, structure->propertyStorageCapacity());
+
+    setStructure(structure.release());
+}
+
+inline void JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    ASSERT(value);
+    ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+    putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, 0);
+}
+
+inline void JSObject::putDirect(const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    PutPropertySlot slot;
+    putDirectInternal(propertyName, value, attributes, false, slot, 0);
+}
+
+inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attributes, bool checkReadOnly, PutPropertySlot& slot)
+{
+    putDirectInternal(propertyName, value, attributes, checkReadOnly, slot, value);
+}
+
+inline void JSObject::putDirectFunction(const Identifier& propertyName, JSCell* value, unsigned attr)
+{
+    PutPropertySlot slot;
+    putDirectInternal(propertyName, value, attr, false, slot, value);
+}
+
+inline void JSObject::putDirectWithoutTransition(const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    size_t currentCapacity = m_structure->propertyStorageCapacity();
+    size_t offset = m_structure->addPropertyWithoutTransition(propertyName, attributes, 0);
+    if (currentCapacity != m_structure->propertyStorageCapacity())
+        allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
+    putDirectOffset(offset, value);
+}
+
+inline void JSObject::putDirectFunctionWithoutTransition(const Identifier& propertyName, JSCell* value, unsigned attributes)
+{
+    size_t currentCapacity = m_structure->propertyStorageCapacity();
+    size_t offset = m_structure->addPropertyWithoutTransition(propertyName, attributes, value);
+    if (currentCapacity != m_structure->propertyStorageCapacity())
+        allocatePropertyStorage(currentCapacity, m_structure->propertyStorageCapacity());
+    putDirectOffset(offset, value);
+}
+
+inline void JSObject::transitionTo(Structure* newStructure)
+{
+    if (m_structure->propertyStorageCapacity() != newStructure->propertyStorageCapacity())
+        allocatePropertyStorage(m_structure->propertyStorageCapacity(), newStructure->propertyStorageCapacity());
+    setStructure(newStructure);
+}
+
+inline JSValue JSObject::toPrimitive(ExecState* exec, PreferredPrimitiveType preferredType) const
+{
+    return defaultValue(exec, preferredType);
+}
+
+inline JSValue JSValue::get(ExecState* exec, const Identifier& propertyName) const
+{
+    PropertySlot slot(asValue());
+    return get(exec, propertyName, slot);
+}
+
+inline JSValue JSValue::get(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) const
+{
+    if (UNLIKELY(!isCell())) {
+        JSObject* prototype = synthesizePrototype(exec);
+        if (propertyName == exec->propertyNames().underscoreProto)
+            return prototype;
+        if (!prototype->getPropertySlot(exec, propertyName, slot))
+            return jsUndefined();
+        return slot.getValue(exec, propertyName);
+    }
+    JSCell* cell = asCell();
+    while (true) {
+        if (cell->fastGetOwnPropertySlot(exec, propertyName, slot))
+            return slot.getValue(exec, propertyName);
+        JSValue prototype = asObject(cell)->prototype();
+        if (!prototype.isObject())
+            return jsUndefined();
+        cell = asObject(prototype);
+    }
+}
+
+inline JSValue JSValue::get(ExecState* exec, unsigned propertyName) const
+{
+    PropertySlot slot(asValue());
+    return get(exec, propertyName, slot);
+}
+
+inline JSValue JSValue::get(ExecState* exec, unsigned propertyName, PropertySlot& slot) const
+{
+    if (UNLIKELY(!isCell())) {
+        JSObject* prototype = synthesizePrototype(exec);
+        if (!prototype->getPropertySlot(exec, propertyName, slot))
+            return jsUndefined();
+        return slot.getValue(exec, propertyName);
+    }
+    JSCell* cell = const_cast<JSCell*>(asCell());
+    while (true) {
+        if (cell->getOwnPropertySlot(exec, propertyName, slot))
+            return slot.getValue(exec, propertyName);
+        JSValue prototype = asObject(cell)->prototype();
+        if (!prototype.isObject())
+            return jsUndefined();
+        cell = prototype.asCell();
+    }
+}
+
+inline void JSValue::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    if (UNLIKELY(!isCell())) {
+        synthesizeObject(exec)->put(exec, propertyName, value, slot);
+        return;
+    }
+    asCell()->put(exec, propertyName, value, slot);
+}
+
+inline void JSValue::put(ExecState* exec, unsigned propertyName, JSValue value)
+{
+    if (UNLIKELY(!isCell())) {
+        synthesizeObject(exec)->put(exec, propertyName, value);
+        return;
+    }
+    asCell()->put(exec, propertyName, value);
+}
+
+ALWAYS_INLINE void JSObject::allocatePropertyStorageInline(size_t oldSize, size_t newSize)
+{
+    ASSERT(newSize > oldSize);
+
+    // It's important that this function not rely on m_structure, since
+    // we might be in the middle of a transition.
+    bool wasInline = (oldSize == JSObject::inlineStorageCapacity);
+
+    PropertyStorage oldPropertyStorage = (wasInline ? m_inlineStorage : m_externalStorage);
+    PropertyStorage newPropertyStorage = new EncodedJSValue[newSize];
+
+    for (unsigned i = 0; i < oldSize; ++i)
+       newPropertyStorage[i] = oldPropertyStorage[i];
+
+    if (!wasInline)
+        delete [] oldPropertyStorage;
+
+    m_externalStorage = newPropertyStorage;
+}
+
+ALWAYS_INLINE void JSObject::markChildrenDirect(MarkStack& markStack)
+{
+    JSCell::markChildren(markStack);
+
+    m_structure->markAggregate(markStack);
+    
+    PropertyStorage storage = propertyStorage();
+    size_t storageSize = m_structure->propertyStorageSize();
+    markStack.appendValues(reinterpret_cast<JSValue*>(storage), storageSize);
+}
+
+} // namespace JSC
+
+#endif // JSObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.cpp
new file mode 100644
index 000000000..e08a3d9e8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSPropertyNameIterator.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSPropertyNameIterator);
+
+JSPropertyNameIterator::~JSPropertyNameIterator()
+{
+}
+
+void JSPropertyNameIterator::markChildren(MarkStack& markStack)
+{
+    JSCell::markChildren(markStack);
+    if (m_object)
+        markStack.append(m_object);
+}
+
+void JSPropertyNameIterator::invalidate()
+{
+    ASSERT(m_position == m_end);
+    m_object = 0;
+    m_data.clear();
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.h
new file mode 100644
index 000000000..d2849a891
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSPropertyNameIterator.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSPropertyNameIterator_h
+#define JSPropertyNameIterator_h
+
+#include "JSObject.h"
+#include "JSString.h"
+#include "PropertyNameArray.h"
+
+namespace JSC {
+
+    class Identifier;
+    class JSObject;
+
+    class JSPropertyNameIterator : public JSCell {
+    public:
+        static JSPropertyNameIterator* create(ExecState*, JSValue);
+
+        virtual ~JSPropertyNameIterator();
+
+        virtual void markChildren(MarkStack&);
+
+        JSValue next(ExecState*);
+        void invalidate();
+        
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(CompoundType));
+        }
+    private:
+        JSPropertyNameIterator(ExecState*);
+        JSPropertyNameIterator(ExecState*, JSObject*, PassRefPtr<PropertyNameArrayData> propertyNameArrayData);
+
+        JSObject* m_object;
+        RefPtr<PropertyNameArrayData> m_data;
+        PropertyNameArrayData::const_iterator m_position;
+        PropertyNameArrayData::const_iterator m_end;
+    };
+
+inline JSPropertyNameIterator::JSPropertyNameIterator(ExecState* exec)
+    : JSCell(exec->globalData().propertyNameIteratorStructure.get())
+    , m_object(0)
+    , m_position(0)
+    , m_end(0)
+{
+}
+
+inline JSPropertyNameIterator::JSPropertyNameIterator(ExecState* exec, JSObject* object, PassRefPtr<PropertyNameArrayData> propertyNameArrayData)
+    : JSCell(exec->globalData().propertyNameIteratorStructure.get())
+    , m_object(object)
+    , m_data(propertyNameArrayData)
+    , m_position(m_data->begin())
+    , m_end(m_data->end())
+{
+}
+
+inline JSPropertyNameIterator* JSPropertyNameIterator::create(ExecState* exec, JSValue v)
+{
+    if (v.isUndefinedOrNull())
+        return new (exec) JSPropertyNameIterator(exec);
+
+    JSObject* o = v.toObject(exec);
+    PropertyNameArray propertyNames(exec);
+    o->getPropertyNames(exec, propertyNames);
+    return new (exec) JSPropertyNameIterator(exec, o, propertyNames.releaseData());
+}
+
+inline JSValue JSPropertyNameIterator::next(ExecState* exec)
+{
+    if (m_position == m_end)
+        return JSValue();
+
+    if (m_data->cachedStructure() == m_object->structure() && m_data->cachedPrototypeChain() == m_object->structure()->prototypeChain(exec))
+        return jsOwnedString(exec, (*m_position++).ustring());
+
+    do {
+        if (m_object->hasProperty(exec, *m_position))
+            return jsOwnedString(exec, (*m_position++).ustring());
+        m_position++;
+    } while (m_position != m_end);
+
+    return JSValue();
+}
+
+} // namespace JSC
+
+#endif // JSPropertyNameIterator_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.cpp
new file mode 100644
index 000000000..a877ec648
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.cpp
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "JSStaticScopeObject.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSStaticScopeObject);
+
+void JSStaticScopeObject::markChildren(MarkStack& markStack)
+{
+    JSVariableObject::markChildren(markStack);
+    markStack.append(d()->registerStore.jsValue());
+}
+
+JSObject* JSStaticScopeObject::toThisObject(ExecState* exec) const
+{
+    return exec->globalThisValue();
+}
+
+void JSStaticScopeObject::put(ExecState*, const Identifier& propertyName, JSValue value, PutPropertySlot&)
+{
+    if (symbolTablePut(propertyName, value))
+        return;
+    
+    ASSERT_NOT_REACHED();
+}
+
+void JSStaticScopeObject::putWithAttributes(ExecState*, const Identifier& propertyName, JSValue value, unsigned attributes)
+{
+    if (symbolTablePutWithAttributes(propertyName, value, attributes))
+        return;
+    
+    ASSERT_NOT_REACHED();
+}
+
+bool JSStaticScopeObject::isDynamicScope() const
+{
+    return false;
+}
+
+JSStaticScopeObject::~JSStaticScopeObject()
+{
+    ASSERT(d());
+    delete d();
+}
+
+inline bool JSStaticScopeObject::getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot& slot)
+{
+    return symbolTableGet(propertyName, slot);
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.h
new file mode 100644
index 000000000..5eb0e4b23
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSStaticScopeObject.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSStaticScopeObject_h
+#define JSStaticScopeObject_h
+
+#include "JSVariableObject.h"
+
+namespace JSC{
+    
+    class JSStaticScopeObject : public JSVariableObject {
+    protected:
+        using JSVariableObject::JSVariableObjectData;
+        struct JSStaticScopeObjectData : public JSVariableObjectData {
+            JSStaticScopeObjectData()
+                : JSVariableObjectData(&symbolTable, &registerStore + 1)
+            {
+            }
+            SymbolTable symbolTable;
+            Register registerStore;
+        };
+        
+    public:
+        JSStaticScopeObject(ExecState* exec, const Identifier& ident, JSValue value, unsigned attributes)
+            : JSVariableObject(exec->globalData().staticScopeStructure, new JSStaticScopeObjectData())
+        {
+            d()->registerStore = value;
+            symbolTable().add(ident.ustring().rep(), SymbolTableEntry(-1, attributes));
+        }
+        virtual ~JSStaticScopeObject();
+        virtual void markChildren(MarkStack&);
+        bool isDynamicScope() const;
+        virtual JSObject* toThisObject(ExecState*) const;
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
+        void putWithAttributes(ExecState*, const Identifier&, JSValue, unsigned attributes);
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) { return Structure::create(proto, TypeInfo(ObjectType, NeedsThisConversion)); }
+
+    private:
+        JSStaticScopeObjectData* d() { return static_cast<JSStaticScopeObjectData*>(JSVariableObject::d); }
+    };
+
+}
+
+#endif // JSStaticScopeObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.cpp
new file mode 100644
index 000000000..a30f7297a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.cpp
@@ -0,0 +1,198 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2004, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSString.h"
+
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include "StringObject.h"
+#include "StringPrototype.h"
+
+namespace JSC {
+
+JSValue JSString::toPrimitive(ExecState*, PreferredPrimitiveType) const
+{
+    return const_cast<JSString*>(this);
+}
+
+bool JSString::getPrimitiveNumber(ExecState*, double& number, JSValue& value)
+{
+    value = this;
+    number = m_value.toDouble();
+    return false;
+}
+
+bool JSString::toBoolean(ExecState*) const
+{
+    return !m_value.isEmpty();
+}
+
+double JSString::toNumber(ExecState*) const
+{
+    return m_value.toDouble();
+}
+
+UString JSString::toString(ExecState*) const
+{
+    return m_value;
+}
+
+UString JSString::toThisString(ExecState*) const
+{
+    return m_value;
+}
+
+JSString* JSString::toThisJSString(ExecState*)
+{
+    return this;
+}
+
+inline StringObject* StringObject::create(ExecState* exec, JSString* string)
+{
+    return new (exec) StringObject(exec->lexicalGlobalObject()->stringObjectStructure(), string);
+}
+
+JSObject* JSString::toObject(ExecState* exec) const
+{
+    return StringObject::create(exec, const_cast<JSString*>(this));
+}
+
+JSObject* JSString::toThisObject(ExecState* exec) const
+{
+    return StringObject::create(exec, const_cast<JSString*>(this));
+}
+
+bool JSString::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    // The semantics here are really getPropertySlot, not getOwnPropertySlot.
+    // This function should only be called by JSValue::get.
+    if (getStringPropertySlot(exec, propertyName, slot))
+        return true;
+    if (propertyName == exec->propertyNames().underscoreProto) {
+        slot.setValue(exec->lexicalGlobalObject()->stringPrototype());
+        return true;
+    }
+    slot.setBase(this);
+    JSObject* object;
+    for (JSValue prototype = exec->lexicalGlobalObject()->stringPrototype(); !prototype.isNull(); prototype = object->prototype()) {
+        object = asObject(prototype);
+        if (object->getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+    }
+    slot.setUndefined();
+    return true;
+}
+
+bool JSString::getStringPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    if (propertyName == exec->propertyNames().length) {
+        descriptor.setDescriptor(jsNumber(exec, m_value.size()), DontEnum | DontDelete | ReadOnly);
+        return true;
+    }
+    
+    bool isStrictUInt32;
+    unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+    if (isStrictUInt32 && i < static_cast<unsigned>(m_value.size())) {
+        descriptor.setDescriptor(jsSingleCharacterSubstring(exec, m_value, i), DontDelete | ReadOnly);
+        return true;
+    }
+    
+    return false;
+}
+
+bool JSString::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    if (getStringPropertyDescriptor(exec, propertyName, descriptor))
+        return true;
+    if (propertyName != exec->propertyNames().underscoreProto)
+        return false;
+    descriptor.setDescriptor(exec->lexicalGlobalObject()->stringPrototype(), DontEnum);
+    return true;
+}
+
+bool JSString::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    // The semantics here are really getPropertySlot, not getOwnPropertySlot.
+    // This function should only be called by JSValue::get.
+    if (getStringPropertySlot(exec, propertyName, slot))
+        return true;
+    return JSString::getOwnPropertySlot(exec, Identifier::from(exec, propertyName), slot);
+}
+
+bool JSString::getStringPropertyAttributes(ExecState* exec, const Identifier& propertyName, unsigned& attributes) const
+{
+    if (propertyName == exec->propertyNames().length) {
+        attributes = DontEnum | DontDelete | ReadOnly;
+        return true;
+    }
+    bool isStrictUInt32;
+    unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+    if (isStrictUInt32 && i < static_cast<unsigned>(m_value.size())) {
+        attributes = DontDelete | ReadOnly;
+        return true;
+    }
+    return false;
+}
+
+JSString* jsString(JSGlobalData* globalData, const UString& s)
+{
+    int size = s.size();
+    if (!size)
+        return globalData->smallStrings.emptyString(globalData);
+    if (size == 1) {
+        UChar c = s.data()[0];
+        if (c <= 0xFF)
+            return globalData->smallStrings.singleCharacterString(globalData, c);
+    }
+    return new (globalData) JSString(globalData, s);
+}
+    
+JSString* jsSubstring(JSGlobalData* globalData, const UString& s, unsigned offset, unsigned length)
+{
+    ASSERT(offset <= static_cast<unsigned>(s.size()));
+    ASSERT(length <= static_cast<unsigned>(s.size()));
+    ASSERT(offset + length <= static_cast<unsigned>(s.size()));
+    if (!length)
+        return globalData->smallStrings.emptyString(globalData);
+    if (length == 1) {
+        UChar c = s.data()[offset];
+        if (c <= 0xFF)
+            return globalData->smallStrings.singleCharacterString(globalData, c);
+    }
+    return new (globalData) JSString(globalData, UString::Rep::create(s.rep(), offset, length));
+}
+
+JSString* jsOwnedString(JSGlobalData* globalData, const UString& s)
+{
+    int size = s.size();
+    if (!size)
+        return globalData->smallStrings.emptyString(globalData);
+    if (size == 1) {
+        UChar c = s.data()[0];
+        if (c <= 0xFF)
+            return globalData->smallStrings.singleCharacterString(globalData, c);
+    }
+    return new (globalData) JSString(globalData, s, JSString::HasOtherOwner);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.h
new file mode 100644
index 000000000..eeada2ea4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSString.h
@@ -0,0 +1,241 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSString_h
+#define JSString_h
+
+#include "CallFrame.h"
+#include "CommonIdentifiers.h"
+#include "Identifier.h"
+#include "JSNumberCell.h"
+#include "PropertyDescriptor.h"
+#include "PropertySlot.h"
+
+namespace JSC {
+
+    class JSString;
+
+    JSString* jsEmptyString(JSGlobalData*);
+    JSString* jsEmptyString(ExecState*);
+    JSString* jsString(JSGlobalData*, const UString&); // returns empty string if passed null string
+    JSString* jsString(ExecState*, const UString&); // returns empty string if passed null string
+
+    JSString* jsSingleCharacterString(JSGlobalData*, UChar);
+    JSString* jsSingleCharacterString(ExecState*, UChar);
+    JSString* jsSingleCharacterSubstring(JSGlobalData*, const UString&, unsigned offset);
+    JSString* jsSingleCharacterSubstring(ExecState*, const UString&, unsigned offset);
+    JSString* jsSubstring(JSGlobalData*, const UString&, unsigned offset, unsigned length);
+    JSString* jsSubstring(ExecState*, const UString&, unsigned offset, unsigned length);
+
+    // Non-trivial strings are two or more characters long.
+    // These functions are faster than just calling jsString.
+    JSString* jsNontrivialString(JSGlobalData*, const UString&);
+    JSString* jsNontrivialString(ExecState*, const UString&);
+    JSString* jsNontrivialString(JSGlobalData*, const char*);
+    JSString* jsNontrivialString(ExecState*, const char*);
+
+    // Should be used for strings that are owned by an object that will
+    // likely outlive the JSValue this makes, such as the parse tree or a
+    // DOM object that contains a UString
+    JSString* jsOwnedString(JSGlobalData*, const UString&); 
+    JSString* jsOwnedString(ExecState*, const UString&); 
+
+    class JSString : public JSCell {
+        friend class JIT;
+        friend struct VPtrSet;
+
+    public:
+        JSString(JSGlobalData* globalData, const UString& value)
+            : JSCell(globalData->stringStructure.get())
+            , m_value(value)
+        {
+            Heap::heap(this)->reportExtraMemoryCost(value.cost());
+        }
+
+        enum HasOtherOwnerType { HasOtherOwner };
+        JSString(JSGlobalData* globalData, const UString& value, HasOtherOwnerType)
+            : JSCell(globalData->stringStructure.get())
+            , m_value(value)
+        {
+        }
+        JSString(JSGlobalData* globalData, PassRefPtr<UString::Rep> value, HasOtherOwnerType)
+            : JSCell(globalData->stringStructure.get())
+            , m_value(value)
+        {
+        }
+        
+        const UString& value() const { return m_value; }
+
+        bool getStringPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        bool getStringPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        bool getStringPropertyDescriptor(ExecState*, const Identifier& propertyName, PropertyDescriptor&);
+
+        bool getStringPropertyAttributes(ExecState*, const Identifier& propertyName, unsigned&) const;
+
+        bool canGetIndex(unsigned i) { return i < static_cast<unsigned>(m_value.size()); }
+        JSString* getIndex(JSGlobalData*, unsigned);
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) { return Structure::create(proto, TypeInfo(StringType, NeedsThisConversion | HasDefaultMark)); }
+
+    private:
+        enum VPtrStealingHackType { VPtrStealingHack };
+        JSString(VPtrStealingHackType) 
+            : JSCell(0)
+        {
+        }
+
+        virtual JSValue toPrimitive(ExecState*, PreferredPrimitiveType) const;
+        virtual bool getPrimitiveNumber(ExecState*, double& number, JSValue& value);
+        virtual bool toBoolean(ExecState*) const;
+        virtual double toNumber(ExecState*) const;
+        virtual JSObject* toObject(ExecState*) const;
+        virtual UString toString(ExecState*) const;
+
+        virtual JSObject* toThisObject(ExecState*) const;
+        virtual UString toThisString(ExecState*) const;
+        virtual JSString* toThisJSString(ExecState*);
+
+        // Actually getPropertySlot, not getOwnPropertySlot (see JSCell).
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        UString m_value;
+    };
+
+    JSString* asString(JSValue);
+
+    inline JSString* asString(JSValue value)
+    {
+        ASSERT(asCell(value)->isString());
+        return static_cast<JSString*>(asCell(value));
+    }
+
+    inline JSString* jsEmptyString(JSGlobalData* globalData)
+    {
+        return globalData->smallStrings.emptyString(globalData);
+    }
+
+    inline JSString* jsSingleCharacterString(JSGlobalData* globalData, UChar c)
+    {
+        if (c <= 0xFF)
+            return globalData->smallStrings.singleCharacterString(globalData, c);
+        return new (globalData) JSString(globalData, UString(&c, 1));
+    }
+
+    inline JSString* jsSingleCharacterSubstring(JSGlobalData* globalData, const UString& s, unsigned offset)
+    {
+        ASSERT(offset < static_cast<unsigned>(s.size()));
+        UChar c = s.data()[offset];
+        if (c <= 0xFF)
+            return globalData->smallStrings.singleCharacterString(globalData, c);
+        return new (globalData) JSString(globalData, UString::Rep::create(s.rep(), offset, 1));
+    }
+
+    inline JSString* jsNontrivialString(JSGlobalData* globalData, const char* s)
+    {
+        ASSERT(s);
+        ASSERT(s[0]);
+        ASSERT(s[1]);
+        return new (globalData) JSString(globalData, s);
+    }
+
+    inline JSString* jsNontrivialString(JSGlobalData* globalData, const UString& s)
+    {
+        ASSERT(s.size() > 1);
+        return new (globalData) JSString(globalData, s);
+    }
+
+    inline JSString* JSString::getIndex(JSGlobalData* globalData, unsigned i)
+    {
+        ASSERT(canGetIndex(i));
+        return jsSingleCharacterSubstring(globalData, m_value, i);
+    }
+
+    inline JSString* jsEmptyString(ExecState* exec) { return jsEmptyString(&exec->globalData()); }
+    inline JSString* jsString(ExecState* exec, const UString& s) { return jsString(&exec->globalData(), s); }
+    inline JSString* jsSingleCharacterString(ExecState* exec, UChar c) { return jsSingleCharacterString(&exec->globalData(), c); }
+    inline JSString* jsSingleCharacterSubstring(ExecState* exec, const UString& s, unsigned offset) { return jsSingleCharacterSubstring(&exec->globalData(), s, offset); }
+    inline JSString* jsSubstring(ExecState* exec, const UString& s, unsigned offset, unsigned length) { return jsSubstring(&exec->globalData(), s, offset, length); }
+    inline JSString* jsNontrivialString(ExecState* exec, const UString& s) { return jsNontrivialString(&exec->globalData(), s); }
+    inline JSString* jsNontrivialString(ExecState* exec, const char* s) { return jsNontrivialString(&exec->globalData(), s); }
+    inline JSString* jsOwnedString(ExecState* exec, const UString& s) { return jsOwnedString(&exec->globalData(), s); } 
+
+    ALWAYS_INLINE bool JSString::getStringPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+    {
+        if (propertyName == exec->propertyNames().length) {
+            slot.setValue(jsNumber(exec, m_value.size()));
+            return true;
+        }
+
+        bool isStrictUInt32;
+        unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+        if (isStrictUInt32 && i < static_cast<unsigned>(m_value.size())) {
+            slot.setValue(jsSingleCharacterSubstring(exec, m_value, i));
+            return true;
+        }
+
+        return false;
+    }
+        
+    ALWAYS_INLINE bool JSString::getStringPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+    {
+        if (propertyName < static_cast<unsigned>(m_value.size())) {
+            slot.setValue(jsSingleCharacterSubstring(exec, m_value, propertyName));
+            return true;
+        }
+
+        return false;
+    }
+
+    inline bool isJSString(JSGlobalData* globalData, JSValue v) { return v.isCell() && v.asCell()->vptr() == globalData->jsStringVPtr; }
+
+    // --- JSValue inlines ----------------------------
+
+    inline JSString* JSValue::toThisJSString(ExecState* exec)
+    {
+        return isCell() ? asCell()->toThisJSString(exec) : jsString(exec, toString(exec));
+    }
+
+    inline UString JSValue::toString(ExecState* exec) const
+    {
+        if (isString())
+            return static_cast<JSString*>(asCell())->value();
+        if (isInt32())
+            return exec->globalData().numericStrings.add(asInt32());
+        if (isDouble())
+            return exec->globalData().numericStrings.add(asDouble());
+        if (isTrue())
+            return "true";
+        if (isFalse())
+            return "false";
+        if (isNull())
+            return "null";
+        if (isUndefined())
+            return "undefined";
+        ASSERT(isCell());
+        return asCell()->toString(exec);
+    }
+
+} // namespace JSC
+
+#endif // JSString_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSType.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSType.h
new file mode 100644
index 000000000..882b2188e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSType.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSType_h
+#define JSType_h
+
+namespace JSC {
+
+    /**
+     * Primitive types
+     */
+    enum JSType {
+        UnspecifiedType   = 0,
+        UndefinedType     = 1,
+        BooleanType       = 2,
+        NumberType        = 3,
+        NullType          = 4,
+        StringType        = 5,
+        // The CompoundType value must come before any JSType that may have children
+        CompoundType      = 6,
+        ObjectType        = 7,
+        GetterSetterType  = 8
+    };
+
+} // namespace JSC
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSTypeInfo.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSTypeInfo.h
new file mode 100644
index 000000000..279510bff
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSTypeInfo.h
@@ -0,0 +1,78 @@
+// -*- mode: c++; c-basic-offset: 4 -*-
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef JSTypeInfo_h
+#define JSTypeInfo_h
+
+// This file would be called TypeInfo.h, but that conflicts with <typeinfo.h>
+// in the STL on systems without case-sensitive file systems. 
+
+#include "JSType.h"
+
+namespace JSC {
+
+    // WebCore uses MasqueradesAsUndefined to make document.all and style.filter undetectable.
+    static const unsigned MasqueradesAsUndefined = 1;
+    static const unsigned ImplementsHasInstance = 1 << 1;
+    static const unsigned OverridesHasInstance = 1 << 2;
+    static const unsigned ImplementsDefaultHasInstance = 1 << 3;
+    static const unsigned NeedsThisConversion = 1 << 4;
+    static const unsigned HasStandardGetOwnPropertySlot = 1 << 5;
+    static const unsigned HasDefaultMark = 1 << 6;
+    static const unsigned HasDefaultGetPropertyNames = 1 << 7;
+
+    class TypeInfo {
+        friend class JIT;
+    public:
+        TypeInfo(JSType type, unsigned flags = 0)
+            : m_type(type)
+        {
+            // ImplementsDefaultHasInstance means (ImplementsHasInstance & !OverridesHasInstance)
+            if ((flags & (ImplementsHasInstance | OverridesHasInstance)) == ImplementsHasInstance)
+                m_flags = flags | ImplementsDefaultHasInstance;
+            else
+                m_flags = flags;
+        }
+
+        JSType type() const { return m_type; }
+
+        bool masqueradesAsUndefined() const { return m_flags & MasqueradesAsUndefined; }
+        bool implementsHasInstance() const { return m_flags & ImplementsHasInstance; }
+        bool overridesHasInstance() const { return m_flags & OverridesHasInstance; }
+        bool needsThisConversion() const { return m_flags & NeedsThisConversion; }
+        bool hasStandardGetOwnPropertySlot() const { return m_flags & HasStandardGetOwnPropertySlot; }
+        bool hasDefaultMark() const { return m_flags & HasDefaultMark; }
+        bool hasDefaultGetPropertyNames() const { return m_flags & HasDefaultGetPropertyNames; }
+        unsigned flags() const { return m_flags; }
+
+    private:
+        JSType m_type;
+        unsigned m_flags;
+    };
+
+}
+
+#endif // JSTypeInfo_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.cpp
new file mode 100644
index 000000000..699c1cd7c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.cpp
@@ -0,0 +1,180 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSValue.h"
+
+#include "BooleanConstructor.h"
+#include "BooleanPrototype.h"
+#include "ExceptionHelpers.h"
+#include "JSGlobalObject.h"
+#include "JSFunction.h"
+#include "JSNotAnObject.h"
+#include "NumberObject.h"
+#include <wtf/MathExtras.h>
+#include <wtf/StringExtras.h>
+
+namespace JSC {
+
+static const double D32 = 4294967296.0;
+
+// ECMA 9.4
+double JSValue::toInteger(ExecState* exec) const
+{
+    if (isInt32())
+        return asInt32();
+    double d = toNumber(exec);
+    return isnan(d) ? 0.0 : trunc(d);
+}
+
+double JSValue::toIntegerPreserveNaN(ExecState* exec) const
+{
+    if (isInt32())
+        return asInt32();
+    return trunc(toNumber(exec));
+}
+
+JSObject* JSValue::toObjectSlowCase(ExecState* exec) const
+{
+    ASSERT(!isCell());
+
+    if (isInt32() || isDouble())
+        return constructNumber(exec, asValue());
+    if (isTrue() || isFalse())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    ASSERT(isUndefinedOrNull());
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+JSObject* JSValue::toThisObjectSlowCase(ExecState* exec) const
+{
+    ASSERT(!isCell());
+
+    if (isInt32() || isDouble())
+        return constructNumber(exec, asValue());
+    if (isTrue() || isFalse())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    ASSERT(isUndefinedOrNull());
+    return exec->globalThisValue();
+}
+
+JSObject* JSValue::synthesizeObject(ExecState* exec) const
+{
+    ASSERT(!isCell());
+    if (isNumber())
+        return constructNumber(exec, asValue());
+    if (isBoolean())
+        return constructBooleanFromImmediateBoolean(exec, asValue());
+    
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+JSObject* JSValue::synthesizePrototype(ExecState* exec) const
+{
+    ASSERT(!isCell());
+    if (isNumber())
+        return exec->lexicalGlobalObject()->numberPrototype();
+    if (isBoolean())
+        return exec->lexicalGlobalObject()->booleanPrototype();
+
+    JSNotAnObjectErrorStub* exception = createNotAnObjectErrorStub(exec, isNull());
+    exec->setException(exception);
+    return new (exec) JSNotAnObject(exec, exception);
+}
+
+#ifndef NDEBUG
+char* JSValue::description()
+{
+    static const size_t size = 32;
+    static char description[size];
+
+    if (!*this)
+        snprintf(description, size, "<JSValue()>");
+    else if (isInt32())
+        snprintf(description, size, "Int32: %d", asInt32());
+    else if (isDouble())
+        snprintf(description, size, "Double: %lf", asDouble());
+    else if (isCell())
+        snprintf(description, size, "Cell: %p", asCell());
+    else if (isTrue())
+        snprintf(description, size, "True");
+    else if (isFalse())
+        snprintf(description, size, "False");
+    else if (isNull())
+        snprintf(description, size, "Null");
+    else {
+        ASSERT(isUndefined());
+        snprintf(description, size, "Undefined");
+    }
+
+    return description;
+}
+#endif
+
+int32_t toInt32SlowCase(double d, bool& ok)
+{
+    ok = true;
+
+    if (d >= -D32 / 2 && d < D32 / 2)
+        return static_cast<int32_t>(d);
+
+    if (isnan(d) || isinf(d)) {
+        ok = false;
+        return 0;
+    }
+
+    double d32 = fmod(trunc(d), D32);
+    if (d32 >= D32 / 2)
+        d32 -= D32;
+    else if (d32 < -D32 / 2)
+        d32 += D32;
+    return static_cast<int32_t>(d32);
+}
+
+uint32_t toUInt32SlowCase(double d, bool& ok)
+{
+    ok = true;
+
+    if (d >= 0.0 && d < D32)
+        return static_cast<uint32_t>(d);
+
+    if (isnan(d) || isinf(d)) {
+        ok = false;
+        return 0;
+    }
+
+    double d32 = fmod(trunc(d), D32);
+    if (d32 < 0)
+        d32 += D32;
+    return static_cast<uint32_t>(d32);
+}
+
+NEVER_INLINE double nonInlineNaN()
+{
+    return std::numeric_limits<double>::quiet_NaN();
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.h
new file mode 100644
index 000000000..3c511d86a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSValue.h
@@ -0,0 +1,811 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSValue_h
+#define JSValue_h
+
+#include "CallData.h"
+#include "ConstructData.h"
+#include <math.h>
+#include <stddef.h> // for size_t
+#include <stdint.h>
+#include <wtf/AlwaysInline.h>
+#include <wtf/Assertions.h>
+#include <wtf/HashTraits.h>
+#include <wtf/MathExtras.h>
+
+namespace JSC {
+
+    class Identifier;
+    class JSCell;
+    class JSGlobalData;
+    class JSImmediate;
+    class JSObject;
+    class JSString;
+    class PropertySlot;
+    class PutPropertySlot;
+    class UString;
+
+    struct ClassInfo;
+    struct Instruction;
+
+    enum PreferredPrimitiveType { NoPreference, PreferNumber, PreferString };
+
+#if USE(JSVALUE32_64)
+    typedef int64_t EncodedJSValue;
+#else
+    typedef void* EncodedJSValue;
+#endif
+
+    double nonInlineNaN();
+    int32_t toInt32SlowCase(double, bool& ok);
+    uint32_t toUInt32SlowCase(double, bool& ok);
+
+    class JSValue {
+        friend class JSImmediate;
+        friend struct EncodedJSValueHashTraits;
+        friend class JIT;
+        friend class JITStubs;
+        friend class JITStubCall;
+
+    public:
+        static EncodedJSValue encode(JSValue value);
+        static JSValue decode(EncodedJSValue ptr);
+#if !USE(JSVALUE32_64)
+    private:
+        static JSValue makeImmediate(intptr_t value);
+        intptr_t immediateValue();
+    public:
+#endif
+        enum JSNullTag { JSNull };
+        enum JSUndefinedTag { JSUndefined };
+        enum JSTrueTag { JSTrue };
+        enum JSFalseTag { JSFalse };
+
+        JSValue();
+        JSValue(JSNullTag);
+        JSValue(JSUndefinedTag);
+        JSValue(JSTrueTag);
+        JSValue(JSFalseTag);
+        JSValue(JSCell* ptr);
+        JSValue(const JSCell* ptr);
+
+        // Numbers
+        JSValue(ExecState*, double);
+        JSValue(ExecState*, char);
+        JSValue(ExecState*, unsigned char);
+        JSValue(ExecState*, short);
+        JSValue(ExecState*, unsigned short);
+        JSValue(ExecState*, int);
+        JSValue(ExecState*, unsigned);
+        JSValue(ExecState*, long);
+        JSValue(ExecState*, unsigned long);
+        JSValue(ExecState*, long long);
+        JSValue(ExecState*, unsigned long long);
+        JSValue(JSGlobalData*, double);
+        JSValue(JSGlobalData*, int);
+        JSValue(JSGlobalData*, unsigned);
+
+        operator bool() const;
+        bool operator==(const JSValue& other) const;
+        bool operator!=(const JSValue& other) const;
+
+        bool isInt32() const;
+        bool isUInt32() const;
+        bool isDouble() const;
+        bool isTrue() const;
+        bool isFalse() const;
+
+        int32_t asInt32() const;
+        uint32_t asUInt32() const;
+        double asDouble() const;
+
+        // Querying the type.
+        bool isUndefined() const;
+        bool isNull() const;
+        bool isUndefinedOrNull() const;
+        bool isBoolean() const;
+        bool isNumber() const;
+        bool isString() const;
+        bool isGetterSetter() const;
+        bool isObject() const;
+        bool inherits(const ClassInfo*) const;
+        
+        // Extracting the value.
+        bool getBoolean(bool&) const;
+        bool getBoolean() const; // false if not a boolean
+        bool getNumber(double&) const;
+        double uncheckedGetNumber() const;
+        bool getString(UString&) const;
+        UString getString() const; // null string if not a string
+        JSObject* getObject() const; // 0 if not an object
+
+        CallType getCallData(CallData&);
+        ConstructType getConstructData(ConstructData&);
+
+        // Extracting integer values.
+        bool getUInt32(uint32_t&) const;
+        
+        // Basic conversions.
+        JSValue toPrimitive(ExecState*, PreferredPrimitiveType = NoPreference) const;
+        bool getPrimitiveNumber(ExecState*, double& number, JSValue&);
+
+        bool toBoolean(ExecState*) const;
+
+        // toNumber conversion is expected to be side effect free if an exception has
+        // been set in the ExecState already.
+        double toNumber(ExecState*) const;
+        JSValue toJSNumber(ExecState*) const; // Fast path for when you expect that the value is an immediate number.
+        UString toString(ExecState*) const;
+        JSObject* toObject(ExecState*) const;
+
+        // Integer conversions.
+        double toInteger(ExecState*) const;
+        double toIntegerPreserveNaN(ExecState*) const;
+        int32_t toInt32(ExecState*) const;
+        int32_t toInt32(ExecState*, bool& ok) const;
+        uint32_t toUInt32(ExecState*) const;
+        uint32_t toUInt32(ExecState*, bool& ok) const;
+
+        // Floating point conversions (this is a convenience method for webcore;
+        // signle precision float is not a representation used in JS or JSC).
+        float toFloat(ExecState* exec) const { return static_cast<float>(toNumber(exec)); }
+
+        // Object operations, with the toObject operation included.
+        JSValue get(ExecState*, const Identifier& propertyName) const;
+        JSValue get(ExecState*, const Identifier& propertyName, PropertySlot&) const;
+        JSValue get(ExecState*, unsigned propertyName) const;
+        JSValue get(ExecState*, unsigned propertyName, PropertySlot&) const;
+        void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        void put(ExecState*, unsigned propertyName, JSValue);
+
+        bool needsThisConversion() const;
+        JSObject* toThisObject(ExecState*) const;
+        UString toThisString(ExecState*) const;
+        JSString* toThisJSString(ExecState*);
+
+        static bool equal(ExecState* exec, JSValue v1, JSValue v2);
+        static bool equalSlowCase(ExecState* exec, JSValue v1, JSValue v2);
+        static bool equalSlowCaseInline(ExecState* exec, JSValue v1, JSValue v2);
+        static bool strictEqual(JSValue v1, JSValue v2);
+        static bool strictEqualSlowCase(JSValue v1, JSValue v2);
+        static bool strictEqualSlowCaseInline(JSValue v1, JSValue v2);
+
+        JSValue getJSNumber(); // JSValue() if this is not a JSNumber or number object
+
+        bool isCell() const;
+        JSCell* asCell() const;
+
+#ifndef NDEBUG
+        char* description();
+#endif
+
+    private:
+        enum HashTableDeletedValueTag { HashTableDeletedValue };
+        JSValue(HashTableDeletedValueTag);
+
+        inline const JSValue asValue() const { return *this; }
+        JSObject* toObjectSlowCase(ExecState*) const;
+        JSObject* toThisObjectSlowCase(ExecState*) const;
+
+        enum { Int32Tag =        0xffffffff };
+        enum { CellTag =         0xfffffffe };
+        enum { TrueTag =         0xfffffffd };
+        enum { FalseTag =        0xfffffffc };
+        enum { NullTag =         0xfffffffb };
+        enum { UndefinedTag =    0xfffffffa };
+        enum { EmptyValueTag =   0xfffffff9 };
+        enum { DeletedValueTag = 0xfffffff8 };
+
+        enum { LowestTag =  DeletedValueTag };
+
+        uint32_t tag() const;
+        int32_t payload() const;
+
+        JSObject* synthesizePrototype(ExecState*) const;
+        JSObject* synthesizeObject(ExecState*) const;
+
+#if USE(JSVALUE32_64)
+        union {
+            EncodedJSValue asEncodedJSValue;
+            double asDouble;
+#if PLATFORM(BIG_ENDIAN)
+            struct {
+                int32_t tag;
+                int32_t payload;
+            } asBits;
+#else
+            struct {
+                int32_t payload;
+                int32_t tag;
+            } asBits;
+#endif
+        } u;
+#else // USE(JSVALUE32_64)
+        JSCell* m_ptr;
+#endif // USE(JSVALUE32_64)
+    };
+
+#if USE(JSVALUE32_64)
+    typedef IntHash<EncodedJSValue> EncodedJSValueHash;
+
+    struct EncodedJSValueHashTraits : HashTraits<EncodedJSValue> {
+        static const bool emptyValueIsZero = false;
+        static EncodedJSValue emptyValue() { return JSValue::encode(JSValue()); }
+        static void constructDeletedValue(EncodedJSValue& slot) { slot = JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+        static bool isDeletedValue(EncodedJSValue value) { return value == JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+    };
+#else
+    typedef PtrHash<EncodedJSValue> EncodedJSValueHash;
+
+    struct EncodedJSValueHashTraits : HashTraits<EncodedJSValue> {
+        static void constructDeletedValue(EncodedJSValue& slot) { slot = JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+        static bool isDeletedValue(EncodedJSValue value) { return value == JSValue::encode(JSValue(JSValue::HashTableDeletedValue)); }
+    };
+#endif
+
+    // Stand-alone helper functions.
+    inline JSValue jsNull()
+    {
+        return JSValue(JSValue::JSNull);
+    }
+
+    inline JSValue jsUndefined()
+    {
+        return JSValue(JSValue::JSUndefined);
+    }
+
+    inline JSValue jsBoolean(bool b)
+    {
+        return b ? JSValue(JSValue::JSTrue) : JSValue(JSValue::JSFalse);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, double d)
+    {
+        return JSValue(exec, d);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, char i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, unsigned char i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, short i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, unsigned short i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, int i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, unsigned i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, long i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, unsigned long i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, long long i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(ExecState* exec, unsigned long long i)
+    {
+        return JSValue(exec, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, double d)
+    {
+        return JSValue(globalData, d);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, int i)
+    {
+        return JSValue(globalData, i);
+    }
+
+    ALWAYS_INLINE JSValue jsNumber(JSGlobalData* globalData, unsigned i)
+    {
+        return JSValue(globalData, i);
+    }
+
+    inline bool operator==(const JSValue a, const JSCell* b) { return a == JSValue(b); }
+    inline bool operator==(const JSCell* a, const JSValue b) { return JSValue(a) == b; }
+
+    inline bool operator!=(const JSValue a, const JSCell* b) { return a != JSValue(b); }
+    inline bool operator!=(const JSCell* a, const JSValue b) { return JSValue(a) != b; }
+
+    inline int32_t toInt32(double val)
+    {
+        if (!(val >= -2147483648.0 && val < 2147483648.0)) {
+            bool ignored;
+            return toInt32SlowCase(val, ignored);
+        }
+        return static_cast<int32_t>(val);
+    }
+
+    inline uint32_t toUInt32(double val)
+    {
+        if (!(val >= 0.0 && val < 4294967296.0)) {
+            bool ignored;
+            return toUInt32SlowCase(val, ignored);
+        }
+        return static_cast<uint32_t>(val);
+    }
+
+    ALWAYS_INLINE int32_t JSValue::toInt32(ExecState* exec) const
+    {
+        if (isInt32())
+            return asInt32();
+        bool ignored;
+        return toInt32SlowCase(toNumber(exec), ignored);
+    }
+
+    inline uint32_t JSValue::toUInt32(ExecState* exec) const
+    {
+        if (isUInt32())
+            return asInt32();
+        bool ignored;
+        return toUInt32SlowCase(toNumber(exec), ignored);
+    }
+
+    inline int32_t JSValue::toInt32(ExecState* exec, bool& ok) const
+    {
+        if (isInt32()) {
+            ok = true;
+            return asInt32();
+        }
+        return toInt32SlowCase(toNumber(exec), ok);
+    }
+
+    inline uint32_t JSValue::toUInt32(ExecState* exec, bool& ok) const
+    {
+        if (isUInt32()) {
+            ok = true;
+            return asInt32();
+        }
+        return toUInt32SlowCase(toNumber(exec), ok);
+    }
+
+#if USE(JSVALUE32_64)
+    inline JSValue jsNaN(ExecState* exec)
+    {
+        return JSValue(exec, nonInlineNaN());
+    }
+
+    // JSValue member functions.
+    inline EncodedJSValue JSValue::encode(JSValue value)
+    {
+        return value.u.asEncodedJSValue;
+    }
+
+    inline JSValue JSValue::decode(EncodedJSValue encodedJSValue)
+    {
+        JSValue v;
+        v.u.asEncodedJSValue = encodedJSValue;
+        return v;
+    }
+
+    inline JSValue::JSValue()
+    {
+        u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSNullTag)
+    {
+        u.asBits.tag = NullTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSUndefinedTag)
+    {
+        u.asBits.tag = UndefinedTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSTrueTag)
+    {
+        u.asBits.tag = TrueTag;
+        u.asBits.payload = 0;
+    }
+    
+    inline JSValue::JSValue(JSFalseTag)
+    {
+        u.asBits.tag = FalseTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(HashTableDeletedValueTag)
+    {
+        u.asBits.tag = DeletedValueTag;
+        u.asBits.payload = 0;
+    }
+
+    inline JSValue::JSValue(JSCell* ptr)
+    {
+        if (ptr)
+            u.asBits.tag = CellTag;
+        else
+            u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(ptr);
+    }
+
+    inline JSValue::JSValue(const JSCell* ptr)
+    {
+        if (ptr)
+            u.asBits.tag = CellTag;
+        else
+            u.asBits.tag = EmptyValueTag;
+        u.asBits.payload = reinterpret_cast<int32_t>(const_cast<JSCell*>(ptr));
+    }
+
+    inline JSValue::operator bool() const
+    {
+        ASSERT(tag() != DeletedValueTag);
+        return tag() != EmptyValueTag;
+    }
+
+    inline bool JSValue::operator==(const JSValue& other) const
+    {
+        return u.asEncodedJSValue == other.u.asEncodedJSValue;
+    }
+
+    inline bool JSValue::operator!=(const JSValue& other) const
+    {
+        return u.asEncodedJSValue != other.u.asEncodedJSValue;
+    }
+
+    inline bool JSValue::isUndefined() const
+    {
+        return tag() == UndefinedTag;
+    }
+
+    inline bool JSValue::isNull() const
+    {
+        return tag() == NullTag;
+    }
+
+    inline bool JSValue::isUndefinedOrNull() const
+    {
+        return isUndefined() || isNull();
+    }
+
+    inline bool JSValue::isCell() const
+    {
+        return tag() == CellTag;
+    }
+
+    inline bool JSValue::isInt32() const
+    {
+        return tag() == Int32Tag;
+    }
+
+    inline bool JSValue::isUInt32() const
+    {
+        return tag() == Int32Tag && asInt32() > -1;
+    }
+
+    inline bool JSValue::isDouble() const
+    {
+        return tag() < LowestTag;
+    }
+
+    inline bool JSValue::isTrue() const
+    {
+        return tag() == TrueTag;
+    }
+
+    inline bool JSValue::isFalse() const
+    {
+        return tag() == FalseTag;
+    }
+
+    inline uint32_t JSValue::tag() const
+    {
+        return u.asBits.tag;
+    }
+    
+    inline int32_t JSValue::payload() const
+    {
+        return u.asBits.payload;
+    }
+    
+    inline int32_t JSValue::asInt32() const
+    {
+        ASSERT(isInt32());
+        return u.asBits.payload;
+    }
+    
+    inline uint32_t JSValue::asUInt32() const
+    {
+        ASSERT(isUInt32());
+        return u.asBits.payload;
+    }
+    
+    inline double JSValue::asDouble() const
+    {
+        ASSERT(isDouble());
+        return u.asDouble;
+    }
+    
+    ALWAYS_INLINE JSCell* JSValue::asCell() const
+    {
+        ASSERT(isCell());
+        return reinterpret_cast<JSCell*>(u.asBits.payload);
+    }
+
+    inline JSValue::JSValue(ExecState* exec, double d)
+    {
+        const int32_t asInt32 = static_cast<int32_t>(d);
+        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
+            u.asDouble = d;
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(d));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, char i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned char i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, short i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned short i)
+    {
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState*, int i)
+    {
+        u.asBits.tag = Int32Tag;
+        u.asBits.payload = i;
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned i)
+    {
+        if (static_cast<int32_t>(i) < 0) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, long long i)
+    {
+        if (static_cast<int32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<int32_t>(i));
+    }
+
+    inline JSValue::JSValue(ExecState* exec, unsigned long long i)
+    {
+        if (static_cast<uint32_t>(i) != i) {
+            *this = JSValue(exec, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(exec, static_cast<uint32_t>(i));
+    }
+
+    inline JSValue::JSValue(JSGlobalData* globalData, double d)
+    {
+        const int32_t asInt32 = static_cast<int32_t>(d);
+        if (asInt32 != d || (!asInt32 && signbit(d))) { // true for -0.0
+            u.asDouble = d;
+            return;
+        }
+        *this = JSValue(globalData, static_cast<int32_t>(d));
+    }
+    
+    inline JSValue::JSValue(JSGlobalData*, int i)
+    {
+        u.asBits.tag = Int32Tag;
+        u.asBits.payload = i;
+    }
+    
+    inline JSValue::JSValue(JSGlobalData* globalData, unsigned i)
+    {
+        if (static_cast<int32_t>(i) < 0) {
+            *this = JSValue(globalData, static_cast<double>(i));
+            return;
+        }
+        *this = JSValue(globalData, static_cast<int32_t>(i));
+    }
+
+    inline bool JSValue::isNumber() const
+    {
+        return isInt32() || isDouble();
+    }
+
+    inline bool JSValue::isBoolean() const
+    {
+        return isTrue() || isFalse();
+    }
+
+    inline bool JSValue::getBoolean(bool& v) const
+    {
+        if (isTrue()) {
+            v = true;
+            return true;
+        }
+        if (isFalse()) {
+            v = false;
+            return true;
+        }
+        
+        return false;
+    }
+
+    inline bool JSValue::getBoolean() const
+    {
+        ASSERT(isBoolean());
+        return tag() == TrueTag;
+    }
+
+    inline double JSValue::uncheckedGetNumber() const
+    {
+        ASSERT(isNumber());
+        return isInt32() ? asInt32() : asDouble();
+    }
+
+    ALWAYS_INLINE JSValue JSValue::toJSNumber(ExecState* exec) const
+    {
+        return isNumber() ? asValue() : jsNumber(exec, this->toNumber(exec));
+    }
+
+    inline bool JSValue::getNumber(double& result) const
+    {
+        if (isInt32()) {
+            result = asInt32();
+            return true;
+        }
+        if (isDouble()) {
+            result = asDouble();
+            return true;
+        }
+        return false;
+    }
+
+#else // USE(JSVALUE32_64)
+
+    // JSValue member functions.
+    inline EncodedJSValue JSValue::encode(JSValue value)
+    {
+        return reinterpret_cast<EncodedJSValue>(value.m_ptr);
+    }
+
+    inline JSValue JSValue::decode(EncodedJSValue ptr)
+    {
+        return JSValue(reinterpret_cast<JSCell*>(ptr));
+    }
+
+    inline JSValue JSValue::makeImmediate(intptr_t value)
+    {
+        return JSValue(reinterpret_cast<JSCell*>(value));
+    }
+
+    inline intptr_t JSValue::immediateValue()
+    {
+        return reinterpret_cast<intptr_t>(m_ptr);
+    }
+    
+    // 0x0 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x0, which is in the (invalid) zero page.
+    inline JSValue::JSValue()
+        : m_ptr(0)
+    {
+    }
+
+    // 0x4 can never occur naturally because it has a tag of 00, indicating a pointer value, but a payload of 0x4, which is in the (invalid) zero page.
+    inline JSValue::JSValue(HashTableDeletedValueTag)
+        : m_ptr(reinterpret_cast<JSCell*>(0x4))
+    {
+    }
+
+    inline JSValue::JSValue(JSCell* ptr)
+        : m_ptr(ptr)
+    {
+    }
+
+    inline JSValue::JSValue(const JSCell* ptr)
+        : m_ptr(const_cast<JSCell*>(ptr))
+    {
+    }
+
+    inline JSValue::operator bool() const
+    {
+        return m_ptr;
+    }
+
+    inline bool JSValue::operator==(const JSValue& other) const
+    {
+        return m_ptr == other.m_ptr;
+    }
+
+    inline bool JSValue::operator!=(const JSValue& other) const
+    {
+        return m_ptr != other.m_ptr;
+    }
+
+    inline bool JSValue::isUndefined() const
+    {
+        return asValue() == jsUndefined();
+    }
+
+    inline bool JSValue::isNull() const
+    {
+        return asValue() == jsNull();
+    }
+#endif // USE(JSVALUE32_64)
+
+} // namespace JSC
+
+#endif // JSValue_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.cpp
new file mode 100644
index 000000000..ac193ca66
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.cpp
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSVariableObject.h"
+
+#include "PropertyNameArray.h"
+#include "PropertyDescriptor.h"
+
+namespace JSC {
+
+bool JSVariableObject::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    if (symbolTable().contains(propertyName.ustring().rep()))
+        return false;
+
+    return JSObject::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+void JSVariableObject::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    SymbolTable::const_iterator end = symbolTable().end();
+    for (SymbolTable::const_iterator it = symbolTable().begin(); it != end; ++it) {
+        if (!(it->second.getAttributes() & DontEnum) || includeNonEnumerable)
+            propertyNames.add(Identifier(exec, it->first.get()));
+    }
+    
+    JSObject::getOwnPropertyNames(exec, propertyNames, includeNonEnumerable);
+}
+
+bool JSVariableObject::getPropertyAttributes(ExecState* exec, const Identifier& propertyName, unsigned& attributes) const
+{
+    SymbolTableEntry entry = symbolTable().get(propertyName.ustring().rep());
+    if (!entry.isNull()) {
+        attributes = entry.getAttributes() | DontDelete;
+        return true;
+    }
+    return JSObject::getPropertyAttributes(exec, propertyName, attributes);
+}
+
+bool JSVariableObject::isVariableObject() const
+{
+    return true;
+}
+
+bool JSVariableObject::symbolTableGet(const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    SymbolTableEntry entry = symbolTable().inlineGet(propertyName.ustring().rep());
+    if (!entry.isNull()) {
+        descriptor.setDescriptor(registerAt(entry.getIndex()).jsValue(), entry.getAttributes() | DontDelete);
+        return true;
+    }
+    return false;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.h
new file mode 100644
index 000000000..fe92729d7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSVariableObject.h
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSVariableObject_h
+#define JSVariableObject_h
+
+#include "JSObject.h"
+#include "Register.h"
+#include "SymbolTable.h"
+#include "UnusedParam.h"
+#include <wtf/OwnArrayPtr.h>
+#include <wtf/UnusedParam.h>
+
+namespace JSC {
+
+    class Register;
+
+    class JSVariableObject : public JSObject {
+        friend class JIT;
+
+    public:
+        SymbolTable& symbolTable() const { return *d->symbolTable; }
+
+        virtual void putWithAttributes(ExecState*, const Identifier&, JSValue, unsigned attributes) = 0;
+
+        virtual bool deleteProperty(ExecState*, const Identifier&, bool checkDontDelete = true);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+        
+        virtual bool isVariableObject() const;
+        virtual bool isDynamicScope() const = 0;
+
+        virtual bool getPropertyAttributes(ExecState*, const Identifier& propertyName, unsigned& attributes) const;
+
+        Register& registerAt(int index) const { return d->registers[index]; }
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark));
+        }
+        
+    protected:
+        // Subclasses of JSVariableObject can subclass this struct to add data
+        // without increasing their own size (since there's a hard limit on the
+        // size of a JSCell).
+        struct JSVariableObjectData {
+            JSVariableObjectData(SymbolTable* symbolTable, Register* registers)
+                : symbolTable(symbolTable)
+                , registers(registers)
+            {
+                ASSERT(symbolTable);
+            }
+
+            SymbolTable* symbolTable; // Maps name -> offset from "r" in register file.
+            Register* registers; // "r" in the register file.
+            OwnArrayPtr<Register> registerArray; // Independent copy of registers, used when a variable object copies its registers out of the register file.
+
+        private:
+            JSVariableObjectData(const JSVariableObjectData&);
+            JSVariableObjectData& operator=(const JSVariableObjectData&);
+        };
+
+        JSVariableObject(PassRefPtr<Structure> structure, JSVariableObjectData* data)
+            : JSObject(structure)
+            , d(data) // Subclass owns this pointer.
+        {
+        }
+
+        Register* copyRegisterArray(Register* src, size_t count);
+        void setRegisters(Register* r, Register* registerArray);
+
+        bool symbolTableGet(const Identifier&, PropertySlot&);
+        bool symbolTableGet(const Identifier&, PropertyDescriptor&);
+        bool symbolTableGet(const Identifier&, PropertySlot&, bool& slotIsWriteable);
+        bool symbolTablePut(const Identifier&, JSValue);
+        bool symbolTablePutWithAttributes(const Identifier&, JSValue, unsigned attributes);
+
+        JSVariableObjectData* d;
+    };
+
+    inline bool JSVariableObject::symbolTableGet(const Identifier& propertyName, PropertySlot& slot)
+    {
+        SymbolTableEntry entry = symbolTable().inlineGet(propertyName.ustring().rep());
+        if (!entry.isNull()) {
+            slot.setRegisterSlot(&registerAt(entry.getIndex()));
+            return true;
+        }
+        return false;
+    }
+
+    inline bool JSVariableObject::symbolTableGet(const Identifier& propertyName, PropertySlot& slot, bool& slotIsWriteable)
+    {
+        SymbolTableEntry entry = symbolTable().inlineGet(propertyName.ustring().rep());
+        if (!entry.isNull()) {
+            slot.setRegisterSlot(&registerAt(entry.getIndex()));
+            slotIsWriteable = !entry.isReadOnly();
+            return true;
+        }
+        return false;
+    }
+
+    inline bool JSVariableObject::symbolTablePut(const Identifier& propertyName, JSValue value)
+    {
+        ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+        SymbolTableEntry entry = symbolTable().inlineGet(propertyName.ustring().rep());
+        if (entry.isNull())
+            return false;
+        if (entry.isReadOnly())
+            return true;
+        registerAt(entry.getIndex()) = value;
+        return true;
+    }
+
+    inline bool JSVariableObject::symbolTablePutWithAttributes(const Identifier& propertyName, JSValue value, unsigned attributes)
+    {
+        ASSERT(!Heap::heap(value) || Heap::heap(value) == Heap::heap(this));
+
+        SymbolTable::iterator iter = symbolTable().find(propertyName.ustring().rep());
+        if (iter == symbolTable().end())
+            return false;
+        SymbolTableEntry& entry = iter->second;
+        ASSERT(!entry.isNull());
+        entry.setAttributes(attributes);
+        registerAt(entry.getIndex()) = value;
+        return true;
+    }
+
+    inline Register* JSVariableObject::copyRegisterArray(Register* src, size_t count)
+    {
+        Register* registerArray = new Register[count];
+        memcpy(registerArray, src, count * sizeof(Register));
+
+        return registerArray;
+    }
+
+    inline void JSVariableObject::setRegisters(Register* registers, Register* registerArray)
+    {
+        ASSERT(registerArray != d->registerArray.get());
+        d->registerArray.set(registerArray);
+        d->registers = registers;
+    }
+
+} // namespace JSC
+
+#endif // JSVariableObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.cpp
new file mode 100644
index 000000000..2c39f5c23
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.cpp
@@ -0,0 +1,36 @@
+/*
+ *  Copyright (C) 2006 Maks Orlovich
+ *  Copyright (C) 2006, 2009 Apple, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "JSWrapperObject.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(JSWrapperObject);
+
+void JSWrapperObject::markChildren(MarkStack& markStack) 
+{
+    JSObject::markChildren(markStack);
+    if (m_internalValue)
+        markStack.append(m_internalValue);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.h
new file mode 100644
index 000000000..b56a58dc5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSWrapperObject.h
@@ -0,0 +1,67 @@
+/*
+ *  Copyright (C) 2006 Maks Orlovich
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef JSWrapperObject_h
+#define JSWrapperObject_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    // This class is used as a base for classes such as String,
+    // Number, Boolean and Date which are wrappers for primitive types.
+    class JSWrapperObject : public JSObject {
+    protected:
+        explicit JSWrapperObject(PassRefPtr<Structure>);
+
+    public:
+        JSValue internalValue() const { return m_internalValue; }
+        void setInternalValue(JSValue);
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype) 
+        { 
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultGetPropertyNames | HasDefaultMark));
+        }
+
+    private:
+        virtual void markChildren(MarkStack&);
+        
+        JSValue m_internalValue;
+    };
+
+    inline JSWrapperObject::JSWrapperObject(PassRefPtr<Structure> structure)
+        : JSObject(structure)
+    {
+        addAnonymousSlots(1);
+        putAnonymousValue(0, jsNull());
+    }
+
+    inline void JSWrapperObject::setInternalValue(JSValue value)
+    {
+        ASSERT(value);
+        ASSERT(!value.isObject());
+        m_internalValue = value;
+        putAnonymousValue(0, value);
+    }
+
+} // namespace JSC
+
+#endif // JSWrapperObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.cpp
new file mode 100644
index 000000000..d242282f3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.cpp
@@ -0,0 +1,453 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "LiteralParser.h"
+
+#include "JSArray.h"
+#include "JSString.h"
+#include "Lexer.h"
+#include <wtf/ASCIICType.h>
+#include <wtf/dtoa.h>
+
+namespace JSC {
+
+LiteralParser::TokenType LiteralParser::Lexer::lex(LiteralParserToken& token)
+{
+    while (m_ptr < m_end && isASCIISpace(*m_ptr))
+        ++m_ptr;
+
+    ASSERT(m_ptr <= m_end);
+    if (m_ptr >= m_end) {
+        token.type = TokEnd;
+        token.start = token.end = m_ptr;
+        return TokEnd;
+    }
+    token.type = TokError;
+    token.start = m_ptr;
+    switch (*m_ptr) {
+        case '[':
+            token.type = TokLBracket;
+            token.end = ++m_ptr;
+            return TokLBracket;
+        case ']':
+            token.type = TokRBracket;
+            token.end = ++m_ptr;
+            return TokRBracket;
+        case '(':
+            token.type = TokLParen;
+            token.end = ++m_ptr;
+            return TokLBracket;
+        case ')':
+            token.type = TokRParen;
+            token.end = ++m_ptr;
+            return TokRBracket;
+        case '{':
+            token.type = TokLBrace;
+            token.end = ++m_ptr;
+            return TokLBrace;
+        case '}':
+            token.type = TokRBrace;
+            token.end = ++m_ptr;
+            return TokRBrace;
+        case ',':
+            token.type = TokComma;
+            token.end = ++m_ptr;
+            return TokComma;
+        case ':':
+            token.type = TokColon;
+            token.end = ++m_ptr;
+            return TokColon;
+        case '"':
+            if (m_mode == StrictJSON)
+                return lexString<StrictJSON>(token);
+            return lexString<NonStrictJSON>(token);
+        case 't':
+            if (m_end - m_ptr >= 4 && m_ptr[1] == 'r' && m_ptr[2] == 'u' && m_ptr[3] == 'e') {
+                m_ptr += 4;
+                token.type = TokTrue;
+                token.end = m_ptr;
+                return TokTrue;
+            }
+            break;
+        case 'f':
+            if (m_end - m_ptr >= 5 && m_ptr[1] == 'a' && m_ptr[2] == 'l' && m_ptr[3] == 's' && m_ptr[4] == 'e') {
+                m_ptr += 5;
+                token.type = TokFalse;
+                token.end = m_ptr;
+                return TokFalse;
+            }
+            break;
+        case 'n':
+            if (m_end - m_ptr >= 4 && m_ptr[1] == 'u' && m_ptr[2] == 'l' && m_ptr[3] == 'l') {
+                m_ptr += 4;
+                token.type = TokNull;
+                token.end = m_ptr;
+                return TokNull;
+            }
+            break;    
+        case '-':
+        case '0':
+        case '1':
+        case '2':
+        case '3':
+        case '4':
+        case '5':
+        case '6':
+        case '7':
+        case '8':
+        case '9':
+            return lexNumber(token);
+    }
+    return TokError;
+}
+
+template <LiteralParser::ParserMode mode> static inline bool isSafeStringCharacter(UChar c)
+{
+    return (c >= ' ' && (mode == LiteralParser::StrictJSON || c <= 0xff) && c != '\\' && c != '"') || c == '\t';
+}
+
+// "inline" is required here to help WINSCW compiler resolve specialized argument in templated functions.
+template <LiteralParser::ParserMode mode> inline LiteralParser::TokenType LiteralParser::Lexer::lexString(LiteralParserToken& token)
+{
+    ++m_ptr;
+    const UChar* runStart;
+    token.stringToken = UString();
+    do {
+        runStart = m_ptr;
+        while (m_ptr < m_end && isSafeStringCharacter<mode>(*m_ptr))
+            ++m_ptr;
+        if (runStart < m_ptr)
+            token.stringToken.append(runStart, m_ptr - runStart);
+        if ((mode == StrictJSON) && m_ptr < m_end && *m_ptr == '\\') {
+            ++m_ptr;
+            if (m_ptr >= m_end)
+                return TokError;
+            switch (*m_ptr) {
+                case '"':
+                    token.stringToken.append('"');
+                    m_ptr++;
+                    break;
+                case '\\':
+                    token.stringToken.append('\\');
+                    m_ptr++;
+                    break;
+                case '/':
+                    token.stringToken.append('/');
+                    m_ptr++;
+                    break;
+                case 'b':
+                    token.stringToken.append('\b');
+                    m_ptr++;
+                    break;
+                case 'f':
+                    token.stringToken.append('\f');
+                    m_ptr++;
+                    break;
+                case 'n':
+                    token.stringToken.append('\n');
+                    m_ptr++;
+                    break;
+                case 'r':
+                    token.stringToken.append('\r');
+                    m_ptr++;
+                    break;
+                case 't':
+                    token.stringToken.append('\t');
+                    m_ptr++;
+                    break;
+
+                case 'u':
+                    if ((m_end - m_ptr) < 5) // uNNNN == 5 characters
+                        return TokError;
+                    for (int i = 1; i < 5; i++) {
+                        if (!isASCIIHexDigit(m_ptr[i]))
+                            return TokError;
+                    }
+                    token.stringToken.append(JSC::Lexer::convertUnicode(m_ptr[1], m_ptr[2], m_ptr[3], m_ptr[4]));
+                    m_ptr += 5;
+                    break;
+
+                default:
+                    return TokError;
+            }
+        }
+    } while ((mode == StrictJSON) && m_ptr != runStart && (m_ptr < m_end) && *m_ptr != '"');
+
+    if (m_ptr >= m_end || *m_ptr != '"')
+        return TokError;
+
+    token.type = TokString;
+    token.end = ++m_ptr;
+    return TokString;
+}
+
+LiteralParser::TokenType LiteralParser::Lexer::lexNumber(LiteralParserToken& token)
+{
+    // ES5 and json.org define numbers as
+    // number
+    //     int
+    //     int frac? exp?
+    //
+    // int
+    //     -? 0
+    //     -? digit1-9 digits?
+    //
+    // digits
+    //     digit digits?
+    //
+    // -?(0 | [1-9][0-9]*) ('.' [0-9]+)? ([eE][+-]? [0-9]+)?
+
+    if (m_ptr < m_end && *m_ptr == '-') // -?
+        ++m_ptr;
+    
+    // (0 | [1-9][0-9]*)
+    if (m_ptr < m_end && *m_ptr == '0') // 0
+        ++m_ptr;
+    else if (m_ptr < m_end && *m_ptr >= '1' && *m_ptr <= '9') { // [1-9]
+        ++m_ptr;
+        // [0-9]*
+        while (m_ptr < m_end && isASCIIDigit(*m_ptr))
+            ++m_ptr;
+    } else
+        return TokError;
+
+    // ('.' [0-9]+)?
+    if (m_ptr < m_end && *m_ptr == '.') {
+        ++m_ptr;
+        // [0-9]+
+        if (m_ptr >= m_end || !isASCIIDigit(*m_ptr))
+            return TokError;
+
+        ++m_ptr;
+        while (m_ptr < m_end && isASCIIDigit(*m_ptr))
+            ++m_ptr;
+    }
+
+    //  ([eE][+-]? [0-9]+)?
+    if (m_ptr < m_end && (*m_ptr == 'e' || *m_ptr == 'E')) { // [eE]
+        ++m_ptr;
+
+        // [-+]?
+        if (m_ptr < m_end && (*m_ptr == '-' || *m_ptr == '+'))
+            ++m_ptr;
+
+        // [0-9]+
+        if (m_ptr >= m_end || !isASCIIDigit(*m_ptr))
+            return TokError;
+        
+        ++m_ptr;
+        while (m_ptr < m_end && isASCIIDigit(*m_ptr))
+            ++m_ptr;
+    }
+    
+    token.type = TokNumber;
+    token.end = m_ptr;
+    Vector<char, 64> buffer(token.end - token.start + 1);
+    int i;
+    for (i = 0; i < token.end - token.start; i++) {
+        ASSERT(static_cast<char>(token.start[i]) == token.start[i]);
+        buffer[i] = static_cast<char>(token.start[i]);
+    }
+    buffer[i] = 0;
+    char* end;
+    token.numberToken = WTF::strtod(buffer.data(), &end);
+    ASSERT(buffer.data() + (token.end - token.start) == end);
+    return TokNumber;
+}
+
+JSValue LiteralParser::parse(ParserState initialState)
+{
+    ParserState state = initialState;
+    MarkedArgumentBuffer objectStack;
+    JSValue lastValue;
+    Vector<ParserState, 16> stateStack;
+    Vector<Identifier, 16> identifierStack;
+    while (1) {
+        switch(state) {
+            startParseArray:
+            case StartParseArray: {
+                JSArray* array = constructEmptyArray(m_exec);
+                objectStack.append(array);
+                // fallthrough
+            }
+            doParseArrayStartExpression:
+            case DoParseArrayStartExpression: {
+                TokenType lastToken = m_lexer.currentToken().type;
+                if (m_lexer.next() == TokRBracket) {
+                    if (lastToken == TokComma)
+                        return JSValue();
+                    m_lexer.next();
+                    lastValue = objectStack.last();
+                    objectStack.removeLast();
+                    break;
+                }
+
+                stateStack.append(DoParseArrayEndExpression);
+                goto startParseExpression;
+            }
+            case DoParseArrayEndExpression: {
+                 asArray(objectStack.last())->push(m_exec, lastValue);
+                
+                if (m_lexer.currentToken().type == TokComma)
+                    goto doParseArrayStartExpression;
+
+                if (m_lexer.currentToken().type != TokRBracket)
+                    return JSValue();
+                
+                m_lexer.next();
+                lastValue = objectStack.last();
+                objectStack.removeLast();
+                break;
+            }
+            startParseObject:
+            case StartParseObject: {
+                JSObject* object = constructEmptyObject(m_exec);
+                objectStack.append(object);
+
+                TokenType type = m_lexer.next();
+                if (type == TokString) {
+                    Lexer::LiteralParserToken identifierToken = m_lexer.currentToken();
+
+                    // Check for colon
+                    if (m_lexer.next() != TokColon)
+                        return JSValue();
+                    
+                    m_lexer.next();
+                    identifierStack.append(Identifier(m_exec, identifierToken.stringToken));
+                    stateStack.append(DoParseObjectEndExpression);
+                    goto startParseExpression;
+                } else if (type != TokRBrace) 
+                    return JSValue();
+                m_lexer.next();
+                lastValue = objectStack.last();
+                objectStack.removeLast();
+                break;
+            }
+            doParseObjectStartExpression:
+            case DoParseObjectStartExpression: {
+                TokenType type = m_lexer.next();
+                if (type != TokString)
+                    return JSValue();
+                Lexer::LiteralParserToken identifierToken = m_lexer.currentToken();
+
+                // Check for colon
+                if (m_lexer.next() != TokColon)
+                    return JSValue();
+
+                m_lexer.next();
+                identifierStack.append(Identifier(m_exec, identifierToken.stringToken));
+                stateStack.append(DoParseObjectEndExpression);
+                goto startParseExpression;
+            }
+            case DoParseObjectEndExpression:
+            {
+                asObject(objectStack.last())->putDirect(identifierStack.last(), lastValue);
+                identifierStack.removeLast();
+                if (m_lexer.currentToken().type == TokComma)
+                    goto doParseObjectStartExpression;
+                if (m_lexer.currentToken().type != TokRBrace)
+                    return JSValue();
+                m_lexer.next();
+                lastValue = objectStack.last();
+                objectStack.removeLast();
+                break;
+            }
+            startParseExpression:
+            case StartParseExpression: {
+                switch (m_lexer.currentToken().type) {
+                    case TokLBracket:
+                        goto startParseArray;
+                    case TokLBrace:
+                        goto startParseObject;
+                    case TokString: {
+                        Lexer::LiteralParserToken stringToken = m_lexer.currentToken();
+                        m_lexer.next();
+                        lastValue = jsString(m_exec, stringToken.stringToken);
+                        break;
+                    }
+                    case TokNumber: {
+                        Lexer::LiteralParserToken numberToken = m_lexer.currentToken();
+                        m_lexer.next();
+                        lastValue = jsNumber(m_exec, numberToken.numberToken);
+                        break;
+                    }
+                    case TokNull:
+                        m_lexer.next();
+                        lastValue = jsNull();
+                        break;
+
+                    case TokTrue:
+                        m_lexer.next();
+                        lastValue = jsBoolean(true);
+                        break;
+
+                    case TokFalse:
+                        m_lexer.next();
+                        lastValue = jsBoolean(false);
+                        break;
+
+                    default:
+                        // Error
+                        return JSValue();
+                }
+                break;
+            }
+            case StartParseStatement: {
+                switch (m_lexer.currentToken().type) {
+                    case TokLBracket:
+                    case TokNumber:
+                    case TokString:
+                        goto startParseExpression;
+
+                    case TokLParen: {
+                        m_lexer.next();
+                        stateStack.append(StartParseStatementEndStatement);
+                        goto startParseExpression;
+                    }
+                    default:
+                        return JSValue();
+                }
+            }
+            case StartParseStatementEndStatement: {
+                ASSERT(stateStack.isEmpty());
+                if (m_lexer.currentToken().type != TokRParen)
+                    return JSValue();
+                if (m_lexer.next() == TokEnd)
+                    return lastValue;
+                return JSValue();
+            }
+            default:
+                ASSERT_NOT_REACHED();
+        }
+        if (stateStack.isEmpty())
+            return lastValue;
+        state = stateStack.last();
+        stateStack.removeLast();
+        continue;
+    }
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.h
new file mode 100644
index 000000000..0f8072bd5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/LiteralParser.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef LiteralParser_h
+#define LiteralParser_h
+
+#include "JSGlobalObjectFunctions.h"
+#include "JSValue.h"
+#include "UString.h"
+
+namespace JSC {
+
+    class LiteralParser {
+    public:
+        typedef enum { StrictJSON, NonStrictJSON } ParserMode;
+        LiteralParser(ExecState* exec, const UString& s, ParserMode mode)
+            : m_exec(exec)
+            , m_lexer(s, mode)
+            , m_mode(mode)
+        {
+        }
+        
+        JSValue tryLiteralParse()
+        {
+            m_lexer.next();
+            JSValue result = parse(m_mode == StrictJSON ? StartParseExpression : StartParseStatement);
+            if (m_lexer.currentToken().type != TokEnd)
+                return JSValue();
+            return result;
+        }
+    private:
+        enum ParserState { StartParseObject, StartParseArray, StartParseExpression, 
+                           StartParseStatement, StartParseStatementEndStatement, 
+                           DoParseObjectStartExpression, DoParseObjectEndExpression,
+                           DoParseArrayStartExpression, DoParseArrayEndExpression };
+        enum TokenType { TokLBracket, TokRBracket, TokLBrace, TokRBrace, 
+                         TokString, TokIdentifier, TokNumber, TokColon, 
+                         TokLParen, TokRParen, TokComma, TokTrue, TokFalse,
+                         TokNull, TokEnd, TokError };
+
+        class Lexer {
+        public:
+            struct LiteralParserToken {
+                TokenType type;
+                const UChar* start;
+                const UChar* end;
+                UString stringToken;
+                double numberToken;
+            };
+            Lexer(const UString& s, ParserMode mode)
+                : m_string(s)
+                , m_mode(mode)
+                , m_ptr(s.data())
+                , m_end(s.data() + s.size())
+            {
+            }
+            
+            TokenType next()
+            {
+                return lex(m_currentToken);
+            }
+            
+            const LiteralParserToken& currentToken()
+            {
+                return m_currentToken;
+            }
+            
+        private:
+            TokenType lex(LiteralParserToken&);
+            template <ParserMode mode> TokenType lexString(LiteralParserToken&);
+            TokenType lexNumber(LiteralParserToken&);
+            LiteralParserToken m_currentToken;
+            UString m_string;
+            ParserMode m_mode;
+            const UChar* m_ptr;
+            const UChar* m_end;
+        };
+        
+        class StackGuard;
+        JSValue parse(ParserState);
+
+        ExecState* m_exec;
+        LiteralParser::Lexer m_lexer;
+        ParserMode m_mode;
+    };
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.cpp
new file mode 100644
index 000000000..8359ff7f6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.cpp
@@ -0,0 +1,82 @@
+/*
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "Lookup.h"
+
+#include "JSFunction.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+void HashTable::createTable(JSGlobalData* globalData) const
+{
+    ASSERT(!table);
+    int linkIndex = compactHashSizeMask + 1;
+    HashEntry* entries = new HashEntry[compactSize];
+    for (int i = 0; i < compactSize; ++i)
+        entries[i].setKey(0);
+    for (int i = 0; values[i].key; ++i) {
+        UString::Rep* identifier = Identifier::add(globalData, values[i].key).releaseRef();
+        int hashIndex = identifier->computedHash() & compactHashSizeMask;
+        HashEntry* entry = &entries[hashIndex];
+
+        if (entry->key()) {
+            while (entry->next()) {
+                entry = entry->next();
+            }
+            ASSERT(linkIndex < compactSize);
+            entry->setNext(&entries[linkIndex++]);
+            entry = entry->next();
+        }
+
+        entry->initialize(identifier, values[i].attributes, values[i].value1, values[i].value2);
+    }
+    table = entries;
+}
+
+void HashTable::deleteTable() const
+{
+    if (table) {
+        int max = compactSize;
+        for (int i = 0; i != max; ++i) {
+            if (UString::Rep* key = table[i].key())
+                key->deref();
+        }
+        delete [] table;
+        table = 0;
+    }
+}
+
+void setUpStaticFunctionSlot(ExecState* exec, const HashEntry* entry, JSObject* thisObj, const Identifier& propertyName, PropertySlot& slot)
+{
+    ASSERT(entry->attributes() & Function);
+    JSValue* location = thisObj->getDirectLocation(propertyName);
+
+    if (!location) {
+        InternalFunction* function = new (exec) NativeFunctionWrapper(exec, exec->lexicalGlobalObject()->prototypeFunctionStructure(), entry->functionLength(), propertyName, entry->function());
+
+        thisObj->putDirectFunction(propertyName, function, entry->attributes());
+        location = thisObj->getDirectLocation(propertyName);
+    }
+
+    slot.setValueSlot(thisObj, location, thisObj->offsetForLocation(location));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.h
new file mode 100644
index 000000000..4d706894a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Lookup.h
@@ -0,0 +1,323 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef Lookup_h
+#define Lookup_h
+
+#include "CallFrame.h"
+#include "Identifier.h"
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include "PropertySlot.h"
+#include <stdio.h>
+#include <wtf/Assertions.h>
+
+// Bug #26843: Work around Metrowerks compiler bug
+#if COMPILER(WINSCW)
+#define JSC_CONST_HASHTABLE
+#else
+#define JSC_CONST_HASHTABLE const
+#endif
+
+namespace JSC {
+
+    // Hash table generated by the create_hash_table script.
+    struct HashTableValue {
+        const char* key; // property name
+        unsigned char attributes; // JSObject attributes
+        intptr_t value1;
+        intptr_t value2;
+    };
+
+    // FIXME: There is no reason this get function can't be simpler.
+    // ie. typedef JSValue (*GetFunction)(ExecState*, JSObject* baseObject)
+    typedef PropertySlot::GetValueFunc GetFunction;
+    typedef void (*PutFunction)(ExecState*, JSObject* baseObject, JSValue value);
+
+    class HashEntry : public FastAllocBase {
+    public:
+        void initialize(UString::Rep* key, unsigned char attributes, intptr_t v1, intptr_t v2)
+        {
+            m_key = key;
+            m_attributes = attributes;
+            m_u.store.value1 = v1;
+            m_u.store.value2 = v2;
+            m_next = 0;
+        }
+
+        void setKey(UString::Rep* key) { m_key = key; }
+        UString::Rep* key() const { return m_key; }
+
+        unsigned char attributes() const { return m_attributes; }
+
+        NativeFunction function() const { ASSERT(m_attributes & Function); return m_u.function.functionValue; }
+        unsigned char functionLength() const { ASSERT(m_attributes & Function); return static_cast<unsigned char>(m_u.function.length); }
+
+        GetFunction propertyGetter() const { ASSERT(!(m_attributes & Function)); return m_u.property.get; }
+        PutFunction propertyPutter() const { ASSERT(!(m_attributes & Function)); return m_u.property.put; }
+
+        intptr_t lexerValue() const { ASSERT(!m_attributes); return m_u.lexer.value; }
+
+        void setNext(HashEntry *next) { m_next = next; }
+        HashEntry* next() const { return m_next; }
+
+    private:
+        UString::Rep* m_key;
+        unsigned char m_attributes; // JSObject attributes
+
+        union {
+            struct {
+                intptr_t value1;
+                intptr_t value2;
+            } store;
+            struct {
+                NativeFunction functionValue;
+                intptr_t length; // number of arguments for function
+            } function;
+            struct {
+                GetFunction get;
+                PutFunction put;
+            } property;
+            struct {
+                intptr_t value;
+                intptr_t unused;
+            } lexer;
+        } m_u;
+
+        HashEntry* m_next;
+    };
+
+    struct HashTable {
+
+        int compactSize;
+        int compactHashSizeMask;
+
+        const HashTableValue* values; // Fixed values generated by script.
+        mutable const HashEntry* table; // Table allocated at runtime.
+
+        ALWAYS_INLINE void initializeIfNeeded(JSGlobalData* globalData) const
+        {
+            if (!table)
+                createTable(globalData);
+        }
+
+        ALWAYS_INLINE void initializeIfNeeded(ExecState* exec) const
+        {
+            if (!table)
+                createTable(&exec->globalData());
+        }
+
+        void deleteTable() const;
+
+        // Find an entry in the table, and return the entry.
+        ALWAYS_INLINE const HashEntry* entry(JSGlobalData* globalData, const Identifier& identifier) const
+        {
+            initializeIfNeeded(globalData);
+            return entry(identifier);
+        }
+
+        ALWAYS_INLINE const HashEntry* entry(ExecState* exec, const Identifier& identifier) const
+        {
+            initializeIfNeeded(exec);
+            return entry(identifier);
+        }
+
+    private:
+        ALWAYS_INLINE const HashEntry* entry(const Identifier& identifier) const
+        {
+            ASSERT(table);
+
+            const HashEntry* entry = &table[identifier.ustring().rep()->computedHash() & compactHashSizeMask];
+
+            if (!entry->key())
+                return 0;
+
+            do {
+                if (entry->key() == identifier.ustring().rep())
+                    return entry;
+                entry = entry->next();
+            } while (entry);
+
+            return 0;
+        }
+
+        // Convert the hash table keys to identifiers.
+        void createTable(JSGlobalData*) const;
+    };
+
+    void setUpStaticFunctionSlot(ExecState*, const HashEntry*, JSObject* thisObject, const Identifier& propertyName, PropertySlot&);
+
+    /**
+     * This method does it all (looking in the hashtable, checking for function
+     * overrides, creating the function or retrieving from cache, calling
+     * getValueProperty in case of a non-function property, forwarding to parent if
+     * unknown property).
+     */
+    template <class ThisImp, class ParentImp>
+    inline bool getStaticPropertySlot(ExecState* exec, const HashTable* table, ThisImp* thisObj, const Identifier& propertyName, PropertySlot& slot)
+    {
+        const HashEntry* entry = table->entry(exec, propertyName);
+
+        if (!entry) // not found, forward to parent
+            return thisObj->ParentImp::getOwnPropertySlot(exec, propertyName, slot);
+
+        if (entry->attributes() & Function)
+            setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
+        else
+            slot.setCustom(thisObj, entry->propertyGetter());
+
+        return true;
+    }
+
+    template <class ThisImp, class ParentImp>
+    inline bool getStaticPropertyDescriptor(ExecState* exec, const HashTable* table, ThisImp* thisObj, const Identifier& propertyName, PropertyDescriptor& descriptor)
+    {
+        const HashEntry* entry = table->entry(exec, propertyName);
+        
+        if (!entry) // not found, forward to parent
+            return thisObj->ParentImp::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+ 
+        PropertySlot slot;
+        if (entry->attributes() & Function)
+            setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
+        else
+            slot.setCustom(thisObj, entry->propertyGetter());
+
+        descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
+        return true;
+    }
+
+    /**
+     * Simplified version of getStaticPropertySlot in case there are only functions.
+     * Using this instead of getStaticPropertySlot allows 'this' to avoid implementing
+     * a dummy getValueProperty.
+     */
+    template <class ParentImp>
+    inline bool getStaticFunctionSlot(ExecState* exec, const HashTable* table, JSObject* thisObj, const Identifier& propertyName, PropertySlot& slot)
+    {
+        if (static_cast<ParentImp*>(thisObj)->ParentImp::getOwnPropertySlot(exec, propertyName, slot))
+            return true;
+
+        const HashEntry* entry = table->entry(exec, propertyName);
+        if (!entry)
+            return false;
+
+        setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
+        return true;
+    }
+    
+    /**
+     * Simplified version of getStaticPropertyDescriptor in case there are only functions.
+     * Using this instead of getStaticPropertyDescriptor allows 'this' to avoid implementing
+     * a dummy getValueProperty.
+     */
+    template <class ParentImp>
+    inline bool getStaticFunctionDescriptor(ExecState* exec, const HashTable* table, JSObject* thisObj, const Identifier& propertyName, PropertyDescriptor& descriptor)
+    {
+        if (static_cast<ParentImp*>(thisObj)->ParentImp::getOwnPropertyDescriptor(exec, propertyName, descriptor))
+            return true;
+        
+        const HashEntry* entry = table->entry(exec, propertyName);
+        if (!entry)
+            return false;
+        
+        PropertySlot slot;
+        setUpStaticFunctionSlot(exec, entry, thisObj, propertyName, slot);
+        descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
+        return true;
+    }
+
+    /**
+     * Simplified version of getStaticPropertySlot in case there are no functions, only "values".
+     * Using this instead of getStaticPropertySlot removes the need for a FuncImp class.
+     */
+    template <class ThisImp, class ParentImp>
+    inline bool getStaticValueSlot(ExecState* exec, const HashTable* table, ThisImp* thisObj, const Identifier& propertyName, PropertySlot& slot)
+    {
+        const HashEntry* entry = table->entry(exec, propertyName);
+
+        if (!entry) // not found, forward to parent
+            return thisObj->ParentImp::getOwnPropertySlot(exec, propertyName, slot);
+
+        ASSERT(!(entry->attributes() & Function));
+
+        slot.setCustom(thisObj, entry->propertyGetter());
+        return true;
+    }
+
+    /**
+     * Simplified version of getStaticPropertyDescriptor in case there are no functions, only "values".
+     * Using this instead of getStaticPropertyDescriptor removes the need for a FuncImp class.
+     */
+    template <class ThisImp, class ParentImp>
+    inline bool getStaticValueDescriptor(ExecState* exec, const HashTable* table, ThisImp* thisObj, const Identifier& propertyName, PropertyDescriptor& descriptor)
+    {
+        const HashEntry* entry = table->entry(exec, propertyName);
+        
+        if (!entry) // not found, forward to parent
+            return thisObj->ParentImp::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+        
+        ASSERT(!(entry->attributes() & Function));
+        PropertySlot slot;
+        slot.setCustom(thisObj, entry->propertyGetter());
+        descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes());
+        return true;
+    }
+
+    /**
+     * This one is for "put".
+     * It looks up a hash entry for the property to be set.  If an entry
+     * is found it sets the value and returns true, else it returns false.
+     */
+    template <class ThisImp>
+    inline bool lookupPut(ExecState* exec, const Identifier& propertyName, JSValue value, const HashTable* table, ThisImp* thisObj)
+    {
+        const HashEntry* entry = table->entry(exec, propertyName);
+
+        if (!entry)
+            return false;
+
+        if (entry->attributes() & Function) { // function: put as override property
+            if (LIKELY(value.isCell()))
+                thisObj->putDirectFunction(propertyName, value.asCell());
+            else
+                thisObj->putDirect(propertyName, value);
+        } else if (!(entry->attributes() & ReadOnly))
+            entry->propertyPutter()(exec, thisObj, value);
+
+        return true;
+    }
+
+    /**
+     * This one is for "put".
+     * It calls lookupPut<ThisImp>() to set the value.  If that call
+     * returns false (meaning no entry in the hash table was found),
+     * then it calls put() on the ParentImp class.
+     */
+    template <class ThisImp, class ParentImp>
+    inline void lookupPut(ExecState* exec, const Identifier& propertyName, JSValue value, const HashTable* table, ThisImp* thisObj, PutPropertySlot& slot)
+    {
+        if (!lookupPut<ThisImp>(exec, propertyName, value, table, thisObj))
+            thisObj->ParentImp::put(exec, propertyName, value, slot); // not found: forward to parent
+    }
+
+} // namespace JSC
+
+#endif // Lookup_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.cpp
new file mode 100644
index 000000000..a350c3582
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.cpp
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "MarkStack.h"
+
+namespace JSC {
+
+size_t MarkStack::s_pageSize = 0;
+
+void MarkStack::compact()
+{
+    ASSERT(s_pageSize);
+    m_values.shrinkAllocation(s_pageSize);
+    m_markSets.shrinkAllocation(s_pageSize);
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.h
new file mode 100644
index 000000000..5bc85fa67
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStack.h
@@ -0,0 +1,187 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef MarkStack_h
+#define MarkStack_h
+
+#include "JSValue.h"
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+
+    class JSGlobalData;
+    class Register;
+    
+    enum MarkSetProperties { MayContainNullValues, NoNullValues };
+    
+    class MarkStack : Noncopyable {
+    public:
+        MarkStack(void* jsArrayVPtr)
+            : m_jsArrayVPtr(jsArrayVPtr)
+#ifndef NDEBUG
+            , m_isCheckingForDefaultMarkViolation(false)
+#endif
+        {
+        }
+
+        ALWAYS_INLINE void append(JSValue);
+        ALWAYS_INLINE void append(JSCell*);
+        
+        ALWAYS_INLINE void appendValues(Register* values, size_t count, MarkSetProperties properties = NoNullValues)
+        {
+            appendValues(reinterpret_cast<JSValue*>(values), count, properties);
+        }
+
+        ALWAYS_INLINE void appendValues(JSValue* values, size_t count, MarkSetProperties properties = NoNullValues)
+        {
+            if (count)
+                m_markSets.append(MarkSet(values, values + count, properties));
+        }
+
+        inline void drain();
+        void compact();
+
+        ~MarkStack()
+        {
+            ASSERT(m_markSets.isEmpty());
+            ASSERT(m_values.isEmpty());
+        }
+
+    private:
+        void markChildren(JSCell*);
+
+        struct MarkSet {
+            MarkSet(JSValue* values, JSValue* end, MarkSetProperties properties)
+                : m_values(values)
+                , m_end(end)
+                , m_properties(properties)
+            {
+                ASSERT(values);
+            }
+            JSValue* m_values;
+            JSValue* m_end;
+            MarkSetProperties m_properties;
+        };
+
+        static void* allocateStack(size_t size);
+        static void releaseStack(void* addr, size_t size);
+
+        static void initializePagesize();
+        static size_t pageSize()
+        {
+            if (!s_pageSize)
+                initializePagesize();
+            return s_pageSize;
+        }
+
+        template <typename T> struct MarkStackArray {
+            MarkStackArray()
+                : m_top(0)
+                , m_allocated(MarkStack::pageSize())
+                , m_capacity(m_allocated / sizeof(T))
+            {
+                m_data = reinterpret_cast<T*>(allocateStack(m_allocated));
+            }
+
+            ~MarkStackArray()
+            {
+                releaseStack(m_data, m_allocated);
+            }
+
+            void expand()
+            {
+                size_t oldAllocation = m_allocated;
+                m_allocated *= 2;
+                m_capacity = m_allocated / sizeof(T);
+                void* newData = allocateStack(m_allocated);
+                memcpy(newData, m_data, oldAllocation);
+                releaseStack(m_data, oldAllocation);
+                m_data = reinterpret_cast<T*>(newData);
+            }
+
+            inline void append(const T& v)
+            {
+                if (m_top == m_capacity)
+                    expand();
+                m_data[m_top++] = v;
+            }
+
+            inline T removeLast()
+            {
+                ASSERT(m_top);
+                return m_data[--m_top];
+            }
+            
+            inline T& last()
+            {
+                ASSERT(m_top);
+                return m_data[m_top - 1];
+            }
+
+            inline bool isEmpty()
+            {
+                return m_top == 0;
+            }
+
+            inline size_t size() { return m_top; }
+
+            inline void shrinkAllocation(size_t size)
+            {
+                ASSERT(size <= m_allocated);
+                ASSERT(0 == (size % MarkStack::pageSize()));
+                if (size == m_allocated)
+                    return;
+#if PLATFORM(WIN)
+                // We cannot release a part of a region with VirtualFree.  To get around this,
+                // we'll release the entire region and reallocate the size that we want.
+                releaseStack(m_data, m_allocated);
+                m_data = reinterpret_cast<T*>(allocateStack(size));
+#else
+                releaseStack(reinterpret_cast<char*>(m_data) + size, m_allocated - size);
+#endif
+                m_allocated = size;
+                m_capacity = m_allocated / sizeof(T);
+            }
+
+        private:
+            size_t m_top;
+            size_t m_allocated;
+            size_t m_capacity;
+            T* m_data;
+        };
+
+        void* m_jsArrayVPtr;
+        MarkStackArray<MarkSet> m_markSets;
+        MarkStackArray<JSCell*> m_values;
+        static size_t s_pageSize;
+
+#ifndef NDEBUG
+    public:
+        bool m_isCheckingForDefaultMarkViolation;
+#endif
+    };
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackPosix.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackPosix.cpp
new file mode 100644
index 000000000..aec968ef8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackPosix.cpp
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+
+#include "MarkStack.h"
+
+#include <unistd.h>
+#if defined (__SYMBIAN32__)
+#include "wtf/FastMalloc.h"
+#include <e32base.h>
+#include <e32std.h>
+#include <e32hal.h>
+#include <hal.h>
+#else
+#include <sys/mman.h>
+#endif
+
+namespace JSC {
+
+void MarkStack::initializePagesize()
+{
+#if defined (__SYMBIAN32__)
+    TInt page_size;
+    UserHal::PageSizeInBytes(page_size);
+    MarkStack::s_pageSize = page_size;
+#else
+    MarkStack::s_pageSize = getpagesize();
+#endif
+}
+
+void* MarkStack::allocateStack(size_t size)
+{
+#if defined (__SYMBIAN32__)
+    return fastMalloc(size);
+#else
+    return mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+#endif
+}
+void MarkStack::releaseStack(void* addr, size_t size)
+{
+#if defined (__SYMBIAN32__)
+    fastFree(addr);
+#else
+    munmap(reinterpret_cast<char*>(addr), size);
+#endif
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackWin.cpp
new file mode 100644
index 000000000..1fdd06a65
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MarkStackWin.cpp
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+
+#include "MarkStack.h"
+
+#include "windows.h"
+
+namespace JSC {
+
+void MarkStack::initializePagesize()
+{
+    SYSTEM_INFO system_info;
+    GetSystemInfo(&system_info);
+    MarkStack::s_pageSize = system_info.dwPageSize;
+}
+
+void* MarkStack::allocateStack(size_t size)
+{
+    return VirtualAlloc(0, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+}
+void MarkStack::releaseStack(void* addr, size_t)
+{
+    // According to http://msdn.microsoft.com/en-us/library/aa366892(VS.85).aspx,
+    // dwSize must be 0 if dwFreeType is MEM_RELEASE.
+    VirtualFree(addr, 0, MEM_RELEASE);
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp
new file mode 100644
index 000000000..36771ab08
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.cpp
@@ -0,0 +1,240 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "MathObject.h"
+
+#include "ObjectPrototype.h"
+#include "Operations.h"
+#include <time.h>
+#include <wtf/Assertions.h>
+#include <wtf/MathExtras.h>
+#include <wtf/RandomNumber.h>
+#include <wtf/RandomNumberSeed.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(MathObject);
+
+static JSValue JSC_HOST_CALL mathProtoFuncAbs(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncACos(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncASin(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncATan(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncATan2(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncCeil(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncCos(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncExp(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncFloor(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncLog(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncMax(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncMin(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncPow(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncRandom(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncRound(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncSin(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncSqrt(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL mathProtoFuncTan(ExecState*, JSObject*, JSValue, const ArgList&);
+
+}
+
+#include "MathObject.lut.h"
+
+namespace JSC {
+
+// ------------------------------ MathObject --------------------------------
+
+const ClassInfo MathObject::info = { "Math", 0, 0, ExecState::mathTable };
+
+/* Source for MathObject.lut.h
+@begin mathTable
+  abs           mathProtoFuncAbs               DontEnum|Function 1
+  acos          mathProtoFuncACos              DontEnum|Function 1
+  asin          mathProtoFuncASin              DontEnum|Function 1
+  atan          mathProtoFuncATan              DontEnum|Function 1
+  atan2         mathProtoFuncATan2             DontEnum|Function 2
+  ceil          mathProtoFuncCeil              DontEnum|Function 1
+  cos           mathProtoFuncCos               DontEnum|Function 1
+  exp           mathProtoFuncExp               DontEnum|Function 1
+  floor         mathProtoFuncFloor             DontEnum|Function 1
+  log           mathProtoFuncLog               DontEnum|Function 1
+  max           mathProtoFuncMax               DontEnum|Function 2
+  min           mathProtoFuncMin               DontEnum|Function 2
+  pow           mathProtoFuncPow               DontEnum|Function 2
+  random        mathProtoFuncRandom            DontEnum|Function 0 
+  round         mathProtoFuncRound             DontEnum|Function 1
+  sin           mathProtoFuncSin               DontEnum|Function 1
+  sqrt          mathProtoFuncSqrt              DontEnum|Function 1
+  tan           mathProtoFuncTan               DontEnum|Function 1
+@end
+*/
+
+MathObject::MathObject(ExecState* exec, PassRefPtr<Structure> structure)
+    : JSObject(structure)
+{
+    putDirectWithoutTransition(Identifier(exec, "E"), jsNumber(exec, exp(1.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "LN2"), jsNumber(exec, log(2.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "LN10"), jsNumber(exec, log(10.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "LOG2E"), jsNumber(exec, 1.0 / log(2.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "LOG10E"), jsNumber(exec, 1.0 / log(10.0)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "PI"), jsNumber(exec, piDouble), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "SQRT1_2"), jsNumber(exec, sqrt(0.5)), DontDelete | DontEnum | ReadOnly);
+    putDirectWithoutTransition(Identifier(exec, "SQRT2"), jsNumber(exec, sqrt(2.0)), DontDelete | DontEnum | ReadOnly);
+    WTF::initializeWeakRandomNumberGenerator();
+}
+
+// ECMA 15.8
+
+bool MathObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot &slot)
+{
+    return getStaticFunctionSlot<JSObject>(exec, ExecState::mathTable(exec), this, propertyName, slot);
+}
+
+bool MathObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticFunctionDescriptor<JSObject>(exec, ExecState::mathTable(exec), this, propertyName, descriptor);
+}
+
+// ------------------------------ Functions --------------------------------
+
+JSValue JSC_HOST_CALL mathProtoFuncAbs(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, fabs(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncACos(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, acos(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncASin(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, asin(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncATan(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, atan(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncATan2(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, atan2(args.at(0).toNumber(exec), args.at(1).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncCeil(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, ceil(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncCos(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, cos(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncExp(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, exp(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncFloor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, floor(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncLog(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, log(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncMax(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    unsigned argsCount = args.size();
+    double result = -Inf;
+    for (unsigned k = 0; k < argsCount; ++k) {
+        double val = args.at(k).toNumber(exec);
+        if (isnan(val)) {
+            result = NaN;
+            break;
+        }
+        if (val > result || (val == 0 && result == 0 && !signbit(val)))
+            result = val;
+    }
+    return jsNumber(exec, result);
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncMin(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    unsigned argsCount = args.size();
+    double result = +Inf;
+    for (unsigned k = 0; k < argsCount; ++k) {
+        double val = args.at(k).toNumber(exec);
+        if (isnan(val)) {
+            result = NaN;
+            break;
+        }
+        if (val < result || (val == 0 && result == 0 && signbit(val)))
+            result = val;
+    }
+    return jsNumber(exec, result);
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncPow(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    // ECMA 15.8.2.1.13
+
+    double arg = args.at(0).toNumber(exec);
+    double arg2 = args.at(1).toNumber(exec);
+
+    if (isnan(arg2))
+        return jsNaN(exec);
+    if (isinf(arg2) && fabs(arg) == 1)
+        return jsNaN(exec);
+    return jsNumber(exec, pow(arg, arg2));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncRandom(ExecState* exec, JSObject*, JSValue, const ArgList&)
+{
+    return jsNumber(exec, WTF::weakRandomNumber());
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncRound(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    double arg = args.at(0).toNumber(exec);
+    if (signbit(arg) && arg >= -0.5)
+         return jsNumber(exec, -0.0);
+    return jsNumber(exec, floor(arg + 0.5));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncSin(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, sin(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncSqrt(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, sqrt(args.at(0).toNumber(exec)));
+}
+
+JSValue JSC_HOST_CALL mathProtoFuncTan(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, tan(args.at(0).toNumber(exec)));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.h
new file mode 100644
index 000000000..a2e065f20
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/MathObject.h
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef MathObject_h
+#define MathObject_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class MathObject : public JSObject {
+    public:
+        MathObject(ExecState*, PassRefPtr<Structure>);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+    };
+
+} // namespace JSC
+
+#endif // MathObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.cpp
new file mode 100644
index 000000000..0205fc55d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.cpp
@@ -0,0 +1,73 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "NativeErrorConstructor.h"
+
+#include "ErrorInstance.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "NativeErrorPrototype.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NativeErrorConstructor);
+
+const ClassInfo NativeErrorConstructor::info = { "Function", &InternalFunction::info, 0, 0 };
+
+NativeErrorConstructor::NativeErrorConstructor(ExecState* exec, PassRefPtr<Structure> structure, NativeErrorPrototype* nativeErrorPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, nativeErrorPrototype->getDirect(exec->propertyNames().name).getString()))
+    , m_errorStructure(ErrorInstance::createStructure(nativeErrorPrototype))
+{
+    putDirect(exec->propertyNames().length, jsNumber(exec, 1), DontDelete | ReadOnly | DontEnum); // ECMA 15.11.7.5
+    putDirect(exec->propertyNames().prototype, nativeErrorPrototype, DontDelete | ReadOnly | DontEnum);
+}
+
+ErrorInstance* NativeErrorConstructor::construct(ExecState* exec, const ArgList& args)
+{
+    ErrorInstance* object = new (exec) ErrorInstance(m_errorStructure);
+    if (!args.at(0).isUndefined())
+        object->putDirect(exec->propertyNames().message, jsString(exec, args.at(0).toString(exec)));
+    return object;
+}
+
+static JSObject* constructWithNativeErrorConstructor(ExecState* exec, JSObject* constructor, const ArgList& args)
+{
+    return static_cast<NativeErrorConstructor*>(constructor)->construct(exec, args);
+}
+
+ConstructType NativeErrorConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithNativeErrorConstructor;
+    return ConstructTypeHost;
+}
+    
+static JSValue JSC_HOST_CALL callNativeErrorConstructor(ExecState* exec, JSObject* constructor, JSValue, const ArgList& args)
+{
+    return static_cast<NativeErrorConstructor*>(constructor)->construct(exec, args);
+}
+
+CallType NativeErrorConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callNativeErrorConstructor;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.h
new file mode 100644
index 000000000..118d1f43d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorConstructor.h
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NativeErrorConstructor_h
+#define NativeErrorConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class ErrorInstance;
+    class FunctionPrototype;
+    class NativeErrorPrototype;
+
+    class NativeErrorConstructor : public InternalFunction {
+    public:
+        NativeErrorConstructor(ExecState*, PassRefPtr<Structure>, NativeErrorPrototype*);
+
+        static const ClassInfo info;
+
+        ErrorInstance* construct(ExecState*, const ArgList&);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        RefPtr<Structure> m_errorStructure;
+    };
+
+} // namespace JSC
+
+#endif // NativeErrorConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.cpp
new file mode 100644
index 000000000..650a0fdde
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.cpp
@@ -0,0 +1,43 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "NativeErrorPrototype.h"
+
+#include "ErrorPrototype.h"
+#include "JSString.h"
+#include "UString.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NativeErrorPrototype);
+
+NativeErrorPrototype::NativeErrorPrototype(ExecState* exec, PassRefPtr<Structure> structure, const UString& name, const UString& message)
+#ifdef QT_BUILD_SCRIPT_LIB
+    : ErrorInstance(structure)
+#else
+    : JSObject(structure)
+#endif
+{
+    putDirect(exec->propertyNames().name, jsString(exec, name), 0);
+    putDirect(exec->propertyNames().message, jsString(exec, message), 0);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.h
new file mode 100644
index 000000000..48a9d7e01
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeErrorPrototype.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NativeErrorPrototype_h
+#define NativeErrorPrototype_h
+
+#include "JSObject.h"
+#ifdef QT_BUILD_SCRIPT_LIB
+#include "ErrorInstance.h"
+#endif
+
+namespace JSC {
+
+    class NativeErrorPrototype :
+#ifdef QT_BUILD_SCRIPT_LIB    //According to ECMAScript Specification 15.11.7, errors must have the "Error" class
+        public ErrorInstance
+#else
+        public JSObject
+#endif
+    {
+    public:
+        NativeErrorPrototype(ExecState*, PassRefPtr<Structure>, const UString& name, const UString& message);
+    };
+
+} // namespace JSC
+
+#endif // NativeErrorPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeFunctionWrapper.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeFunctionWrapper.h
new file mode 100644
index 000000000..d4eeb3bd0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NativeFunctionWrapper.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef NativeFunctionWrapper_h
+#define NativeFunctionWrapper_h
+
+namespace JSC {
+#if ENABLE(JIT) && ENABLE(JIT_OPTIMIZE_NATIVE_CALL)
+    class JSFunction;
+    typedef JSFunction NativeFunctionWrapper;
+#else
+    class PrototypeFunction;
+    typedef PrototypeFunction NativeFunctionWrapper;
+#endif
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.cpp
new file mode 100644
index 000000000..a95106dc2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.cpp
@@ -0,0 +1,128 @@
+/*
+ *  Copyright (C) 1999-2000,2003 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "NumberConstructor.h"
+
+#include "NumberObject.h"
+#include "NumberPrototype.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NumberConstructor);
+
+static JSValue numberConstructorNaNValue(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue numberConstructorNegInfinity(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue numberConstructorPosInfinity(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue numberConstructorMaxValue(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue numberConstructorMinValue(ExecState*, const Identifier&, const PropertySlot&);
+
+} // namespace JSC
+
+#include "NumberConstructor.lut.h"
+
+namespace JSC {
+
+const ClassInfo NumberConstructor::info = { "Function", &InternalFunction::info, 0, ExecState::numberTable };
+
+/* Source for NumberConstructor.lut.h
+@begin numberTable
+   NaN                   numberConstructorNaNValue       DontEnum|DontDelete|ReadOnly
+   NEGATIVE_INFINITY     numberConstructorNegInfinity    DontEnum|DontDelete|ReadOnly
+   POSITIVE_INFINITY     numberConstructorPosInfinity    DontEnum|DontDelete|ReadOnly
+   MAX_VALUE             numberConstructorMaxValue       DontEnum|DontDelete|ReadOnly
+   MIN_VALUE             numberConstructorMinValue       DontEnum|DontDelete|ReadOnly
+@end
+*/
+
+NumberConstructor::NumberConstructor(ExecState* exec, PassRefPtr<Structure> structure, NumberPrototype* numberPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, numberPrototype->info.className))
+{
+    // Number.Prototype
+    putDirectWithoutTransition(exec->propertyNames().prototype, numberPrototype, DontEnum | DontDelete | ReadOnly);
+
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontEnum | DontDelete);
+}
+
+bool NumberConstructor::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticValueSlot<NumberConstructor, InternalFunction>(exec, ExecState::numberTable(exec), this, propertyName, slot);
+}
+
+bool NumberConstructor::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticValueDescriptor<NumberConstructor, InternalFunction>(exec, ExecState::numberTable(exec), this, propertyName, descriptor);
+}
+
+static JSValue numberConstructorNaNValue(ExecState* exec, const Identifier&, const PropertySlot&)
+{
+    return jsNaN(exec);
+}
+
+static JSValue numberConstructorNegInfinity(ExecState* exec, const Identifier&, const PropertySlot&)
+{
+    return jsNumber(exec, -Inf);
+}
+
+static JSValue numberConstructorPosInfinity(ExecState* exec, const Identifier&, const PropertySlot&)
+{
+    return jsNumber(exec, Inf);
+}
+
+static JSValue numberConstructorMaxValue(ExecState* exec, const Identifier&, const PropertySlot&)
+{
+    return jsNumber(exec, 1.7976931348623157E+308);
+}
+
+static JSValue numberConstructorMinValue(ExecState* exec, const Identifier&, const PropertySlot&)
+{
+    return jsNumber(exec, 5E-324);
+}
+
+// ECMA 15.7.1
+static JSObject* constructWithNumberConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
+    double n = args.isEmpty() ? 0 : args.at(0).toNumber(exec);
+    object->setInternalValue(jsNumber(exec, n));
+    return object;
+}
+
+ConstructType NumberConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithNumberConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.7.2
+static JSValue JSC_HOST_CALL callNumberConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return jsNumber(exec, args.isEmpty() ? 0 : args.at(0).toNumber(exec));
+}
+
+CallType NumberConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callNumberConstructor;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.h
new file mode 100644
index 000000000..710ac8657
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberConstructor.h
@@ -0,0 +1,56 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NumberConstructor_h
+#define NumberConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class NumberPrototype;
+
+    class NumberConstructor : public InternalFunction {
+    public:
+        NumberConstructor(ExecState*, PassRefPtr<Structure>, NumberPrototype*);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        JSValue getValueProperty(ExecState*, int token) const;
+
+        static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) 
+        { 
+            return Structure::create(proto, TypeInfo(ObjectType, ImplementsHasInstance | HasDefaultMark | HasDefaultGetPropertyNames)); 
+        }
+
+        enum { NaNValue, NegInfinity, PosInfinity, MaxValue, MinValue };
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+    };
+
+} // namespace JSC
+
+#endif // NumberConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.cpp
new file mode 100644
index 000000000..0e8df1730
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.cpp
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 1999-2000,2003 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "NumberObject.h"
+
+#include "JSGlobalObject.h"
+#include "NumberPrototype.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NumberObject);
+
+const ClassInfo NumberObject::info = { "Number", 0, 0, 0 };
+
+NumberObject::NumberObject(PassRefPtr<Structure> structure)
+    : JSWrapperObject(structure)
+{
+}
+
+JSValue NumberObject::getJSNumber()
+{
+    return internalValue();
+}
+
+NumberObject* constructNumber(ExecState* exec, JSValue number)
+{
+    NumberObject* object = new (exec) NumberObject(exec->lexicalGlobalObject()->numberObjectStructure());
+    object->setInternalValue(number);
+    return object;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.h
new file mode 100644
index 000000000..f502bee31
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberObject.h
@@ -0,0 +1,54 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NumberObject_h
+#define NumberObject_h
+
+#include "JSWrapperObject.h"
+
+namespace JSC {
+
+    class NumberObject : public JSWrapperObject {
+    public:
+        explicit NumberObject(PassRefPtr<Structure>);
+
+        static const ClassInfo info;
+#if USE(JSVALUE32)
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultGetPropertyNames));
+        }
+#else
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasStandardGetOwnPropertySlot | HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+#endif
+    private:
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        virtual JSValue getJSNumber();
+    };
+
+    NumberObject* constructNumber(ExecState*, JSValue);
+
+} // namespace JSC
+
+#endif // NumberObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.cpp
new file mode 100644
index 000000000..947324c6a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.cpp
@@ -0,0 +1,445 @@
+/*
+ *  Copyright (C) 1999-2000,2003 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ *
+ */
+
+#include "config.h"
+#include "NumberPrototype.h"
+
+#include "Error.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "PrototypeFunction.h"
+#include "dtoa.h"
+#include "Operations.h"
+#include <wtf/Assertions.h>
+#include <wtf/MathExtras.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(NumberPrototype);
+
+static JSValue JSC_HOST_CALL numberProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL numberProtoFuncToLocaleString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL numberProtoFuncValueOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL numberProtoFuncToFixed(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL numberProtoFuncToExponential(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL numberProtoFuncToPrecision(ExecState*, JSObject*, JSValue, const ArgList&);
+
+// ECMA 15.7.4
+
+NumberPrototype::NumberPrototype(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+    : NumberObject(structure)
+{
+    setInternalValue(jsNumber(exec, 0));
+
+    // The constructor will be added later, after NumberConstructor has been constructed
+
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toString, numberProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, numberProtoFuncToLocaleString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, numberProtoFuncValueOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toFixed, numberProtoFuncToFixed), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toExponential, numberProtoFuncToExponential), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().toPrecision, numberProtoFuncToPrecision), DontEnum);
+}
+
+// ------------------------------ Functions ---------------------------
+
+// ECMA 15.7.4.2 - 15.7.4.7
+
+static UString integerPartNoExp(double d)
+{
+    int decimalPoint;
+    int sign;
+    char result[80];
+    WTF::dtoa(result, d, 0, &decimalPoint, &sign, NULL);
+    bool resultIsInfOrNan = (decimalPoint == 9999);
+    size_t length = strlen(result);
+
+    UString str = sign ? "-" : "";
+    if (resultIsInfOrNan)
+        str += result;
+    else if (decimalPoint <= 0)
+        str += "0";
+    else {
+        Vector<char, 1024> buf(decimalPoint + 1);
+
+        if (static_cast<int>(length) <= decimalPoint) {
+            ASSERT(decimalPoint < 1024);
+            memcpy(buf.data(), result, length);
+            memset(buf.data() + length, '0', decimalPoint - length);
+        } else
+            strncpy(buf.data(), result, decimalPoint);
+        buf[decimalPoint] = '\0';
+
+        str.append(buf.data());
+    }
+
+    return str;
+}
+
+static UString charSequence(char c, int count)
+{
+    Vector<char, 2048> buf(count + 1, c);
+    buf[count] = '\0';
+
+    return UString(buf.data());
+}
+
+static double intPow10(int e)
+{
+    // This function uses the "exponentiation by squaring" algorithm and
+    // long double to quickly and precisely calculate integer powers of 10.0.
+
+    // This is a handy workaround for <rdar://problem/4494756>
+
+    if (e == 0)
+        return 1.0;
+
+    bool negative = e < 0;
+    unsigned exp = negative ? -e : e;
+
+    long double result = 10.0;
+    bool foundOne = false;
+    for (int bit = 31; bit >= 0; bit--) {
+        if (!foundOne) {
+            if ((exp >> bit) & 1)
+                foundOne = true;
+        } else {
+            result = result * result;
+            if ((exp >> bit) & 1)
+                result = result * 10.0;
+        }
+    }
+
+    if (negative)
+        return static_cast<double>(1.0 / result);
+    return static_cast<double>(result);
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    double radixAsDouble = args.at(0).toInteger(exec); // nan -> 0
+    if (radixAsDouble == 10 || args.at(0).isUndefined())
+        return jsString(exec, v.toString(exec));
+
+    if (radixAsDouble < 2 || radixAsDouble > 36)
+        return throwError(exec, RangeError, "toString() radix argument must be between 2 and 36");
+
+    int radix = static_cast<int>(radixAsDouble);
+    const char digits[] = "0123456789abcdefghijklmnopqrstuvwxyz";
+    // INT_MAX results in 1024 characters left of the dot with radix 2
+    // give the same space on the right side. safety checks are in place
+    // unless someone finds a precise rule.
+    char s[2048 + 3];
+    const char* lastCharInString = s + sizeof(s) - 1;
+    double x = v.uncheckedGetNumber();
+    if (isnan(x) || isinf(x))
+        return jsString(exec, UString::from(x));
+
+    bool isNegative = x < 0.0;
+    if (isNegative)
+        x = -x;
+
+    double integerPart = floor(x);
+    char* decimalPoint = s + sizeof(s) / 2;
+
+    // convert integer portion
+    char* p = decimalPoint;
+    double d = integerPart;
+    do {
+        int remainderDigit = static_cast<int>(fmod(d, radix));
+        *--p = digits[remainderDigit];
+        d /= radix;
+    } while ((d <= -1.0 || d >= 1.0) && s < p);
+
+    if (isNegative)
+        *--p = '-';
+    char* startOfResultString = p;
+    ASSERT(s <= startOfResultString);
+
+    d = x - integerPart;
+    p = decimalPoint;
+    const double epsilon = 0.001; // TODO: guessed. base on radix ?
+    bool hasFractionalPart = (d < -epsilon || d > epsilon);
+    if (hasFractionalPart) {
+        *p++ = '.';
+        do {
+            d *= radix;
+            const int digit = static_cast<int>(d);
+            *p++ = digits[digit];
+            d -= digit;
+        } while ((d < -epsilon || d > epsilon) && p < lastCharInString);
+    }
+    *p = '\0';
+    ASSERT(p < s + sizeof(s));
+
+    return jsString(exec, startOfResultString);
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncToLocaleString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    // FIXME: Not implemented yet.
+
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    return jsString(exec, v.toString(exec));
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncValueOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    return v;
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncToFixed(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    JSValue fractionDigits = args.at(0);
+    double df = fractionDigits.toInteger(exec);
+    if (!(df >= 0 && df <= 20))
+        return throwError(exec, RangeError, "toFixed() digits argument must be between 0 and 20");
+    int f = static_cast<int>(df);
+
+    double x = v.uncheckedGetNumber();
+    if (isnan(x))
+        return jsNontrivialString(exec, "NaN");
+
+    UString s;
+    if (x < 0) {
+        s.append('-');
+        x = -x;
+    } else if (x == -0.0)
+        x = 0;
+
+    if (x >= pow(10.0, 21.0))
+        return jsString(exec, s + UString::from(x));
+
+    const double tenToTheF = pow(10.0, f);
+    double n = floor(x * tenToTheF);
+    if (fabs(n / tenToTheF - x) >= fabs((n + 1) / tenToTheF - x))
+        n++;
+
+    UString m = integerPartNoExp(n);
+
+    int k = m.size();
+    if (k <= f) {
+        UString z;
+        for (int i = 0; i < f + 1 - k; i++)
+            z.append('0');
+        m = z + m;
+        k = f + 1;
+        ASSERT(k == m.size());
+    }
+    int kMinusf = k - f;
+    if (kMinusf < m.size())
+        return jsString(exec, s + m.substr(0, kMinusf) + "." + m.substr(kMinusf));
+    return jsString(exec, s + m.substr(0, kMinusf));
+}
+
+static void fractionalPartToString(char* buf, int& i, const char* result, int resultLength, int fractionalDigits)
+{
+    if (fractionalDigits <= 0)
+        return;
+
+    int fDigitsInResult = static_cast<int>(resultLength) - 1;
+    buf[i++] = '.';
+    if (fDigitsInResult > 0) {
+        if (fractionalDigits < fDigitsInResult) {
+            strncpy(buf + i, result + 1, fractionalDigits);
+            i += fractionalDigits;
+        } else {
+            ASSERT(i + resultLength - 1 < 80);
+            memcpy(buf + i, result + 1, resultLength - 1);
+            i += static_cast<int>(resultLength) - 1;
+        }
+    }
+
+    for (int j = 0; j < fractionalDigits - fDigitsInResult; j++)
+        buf[i++] = '0';
+}
+
+static void exponentialPartToString(char* buf, int& i, int decimalPoint)
+{
+    buf[i++] = 'e';
+    // decimalPoint can't be more than 3 digits decimal given the
+    // nature of float representation
+    int exponential = decimalPoint - 1;
+    buf[i++] = (exponential >= 0) ? '+' : '-';
+    if (exponential < 0)
+        exponential *= -1;
+    if (exponential >= 100)
+        buf[i++] = static_cast<char>('0' + exponential / 100);
+    if (exponential >= 10)
+        buf[i++] = static_cast<char>('0' + (exponential % 100) / 10);
+    buf[i++] = static_cast<char>('0' + exponential % 10);
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncToExponential(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    double x = v.uncheckedGetNumber();
+
+    if (isnan(x) || isinf(x))
+        return jsString(exec, UString::from(x));
+
+    JSValue fractionalDigitsValue = args.at(0);
+    double df = fractionalDigitsValue.toInteger(exec);
+    if (!(df >= 0 && df <= 20))
+        return throwError(exec, RangeError, "toExponential() argument must between 0 and 20");
+    int fractionalDigits = static_cast<int>(df);
+    bool includeAllDigits = fractionalDigitsValue.isUndefined();
+
+    int decimalAdjust = 0;
+    if (x && !includeAllDigits) {
+        double logx = floor(log10(fabs(x)));
+        x /= pow(10.0, logx);
+        const double tenToTheF = pow(10.0, fractionalDigits);
+        double fx = floor(x * tenToTheF) / tenToTheF;
+        double cx = ceil(x * tenToTheF) / tenToTheF;
+
+        if (fabs(fx - x) < fabs(cx - x))
+            x = fx;
+        else
+            x = cx;
+
+        decimalAdjust = static_cast<int>(logx);
+    }
+
+    if (isnan(x))
+        return jsNontrivialString(exec, "NaN");
+
+    if (x == -0.0) // (-0.0).toExponential() should print as 0 instead of -0
+        x = 0;
+
+    int decimalPoint;
+    int sign;
+    char result[80];
+    WTF::dtoa(result, x, 0, &decimalPoint, &sign, NULL);
+    size_t resultLength = strlen(result);
+    decimalPoint += decimalAdjust;
+
+    int i = 0;
+    char buf[80]; // digit + '.' + fractionDigits (max 20) + 'e' + sign + exponent (max?)
+    if (sign)
+        buf[i++] = '-';
+
+    // ? 9999 is the magical "result is Inf or NaN" value.  what's 999??
+    if (decimalPoint == 999) {
+        ASSERT(i + resultLength < 80);
+        memcpy(buf + i, result, resultLength);
+        buf[i + resultLength] = '\0';
+    } else {
+        buf[i++] = result[0];
+
+        if (includeAllDigits)
+            fractionalDigits = static_cast<int>(resultLength) - 1;
+
+        fractionalPartToString(buf, i, result, resultLength, fractionalDigits);
+        exponentialPartToString(buf, i, decimalPoint);
+        buf[i++] = '\0';
+    }
+    ASSERT(i <= 80);
+
+    return jsString(exec, buf);
+}
+
+JSValue JSC_HOST_CALL numberProtoFuncToPrecision(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSValue v = thisValue.getJSNumber();
+    if (!v)
+        return throwError(exec, TypeError);
+
+    double doublePrecision = args.at(0).toIntegerPreserveNaN(exec);
+    double x = v.uncheckedGetNumber();
+    if (args.at(0).isUndefined() || isnan(x) || isinf(x))
+        return jsString(exec, v.toString(exec));
+
+    UString s;
+    if (x < 0) {
+        s = "-";
+        x = -x;
+    }
+
+    if (!(doublePrecision >= 1 && doublePrecision <= 21)) // true for NaN
+        return throwError(exec, RangeError, "toPrecision() argument must be between 1 and 21");
+    int precision = static_cast<int>(doublePrecision);
+
+    int e = 0;
+    UString m;
+    if (x) {
+        e = static_cast<int>(log10(x));
+        double tens = intPow10(e - precision + 1);
+        double n = floor(x / tens);
+        if (n < intPow10(precision - 1)) {
+            e = e - 1;
+            tens = intPow10(e - precision + 1);
+            n = floor(x / tens);
+        }
+
+        if (fabs((n + 1.0) * tens - x) <= fabs(n * tens - x))
+            ++n;
+        // maintain n < 10^(precision)
+        if (n >= intPow10(precision)) {
+            n /= 10.0;
+            e += 1;
+        }
+        ASSERT(intPow10(precision - 1) <= n);
+        ASSERT(n < intPow10(precision));
+
+        m = integerPartNoExp(n);
+        if (e < -6 || e >= precision) {
+            if (m.size() > 1)
+                m = m.substr(0, 1) + "." + m.substr(1);
+            if (e >= 0)
+                return jsNontrivialString(exec, s + m + "e+" + UString::from(e));
+            return jsNontrivialString(exec, s + m + "e-" + UString::from(-e));
+        }
+    } else {
+        m = charSequence('0', precision);
+        e = 0;
+    }
+
+    if (e == precision - 1)
+        return jsString(exec, s + m);
+    if (e >= 0) {
+        if (e + 1 < m.size())
+            return jsString(exec, s + m.substr(0, e + 1) + "." + m.substr(e + 1));
+        return jsString(exec, s + m);
+    }
+    return jsNontrivialString(exec, s + "0." + charSequence('0', -(e + 1)) + m);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.h
new file mode 100644
index 000000000..0a3a5442c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumberPrototype.h
@@ -0,0 +1,35 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef NumberPrototype_h
+#define NumberPrototype_h
+
+#include "NumberObject.h"
+
+namespace JSC {
+
+    class NumberPrototype : public NumberObject {
+    public:
+        NumberPrototype(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+    };
+
+} // namespace JSC
+
+#endif // NumberPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumericStrings.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumericStrings.h
new file mode 100644
index 000000000..c0696a479
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/NumericStrings.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NumericStrings_h
+#define NumericStrings_h
+
+#include "UString.h"
+#include <wtf/HashFunctions.h>
+
+namespace JSC {
+
+    class NumericStrings {
+    public:
+        UString add(double d)
+        {
+            CacheEntry<double>& entry = lookup(d);
+            if (d == entry.key && !entry.value.isNull())
+                return entry.value;
+            entry.key = d;
+            entry.value = UString::from(d);
+            return entry.value;
+        }
+
+        UString add(int i)
+        {
+            CacheEntry<int>& entry = lookup(i);
+            if (i == entry.key && !entry.value.isNull())
+                return entry.value;
+            entry.key = i;
+            entry.value = UString::from(i);
+            return entry.value;
+        }
+
+    private:
+        static const size_t cacheSize = 64;
+
+        template<typename T>
+        struct CacheEntry {
+            T key;
+            UString value;
+        };
+
+        CacheEntry<double>& lookup(double d) { return doubleCache[WTF::FloatHash<double>::hash(d) & (cacheSize - 1)]; }
+        CacheEntry<int>& lookup(int i) { return intCache[WTF::IntHash<int>::hash(i) & (cacheSize - 1)]; }
+
+        CacheEntry<double> doubleCache[cacheSize];
+        CacheEntry<int> intCache[cacheSize];
+    };
+
+} // namespace JSC
+
+#endif // NumericStrings_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.cpp
new file mode 100644
index 000000000..2992f1ba7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.cpp
@@ -0,0 +1,300 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "ObjectConstructor.h"
+
+#include "Error.h"
+#include "JSFunction.h"
+#include "JSArray.h"
+#include "JSGlobalObject.h"
+#include "ObjectPrototype.h"
+#include "PropertyDescriptor.h"
+#include "PropertyNameArray.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ObjectConstructor);
+
+static JSValue JSC_HOST_CALL objectConstructorGetPrototypeOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectConstructorGetOwnPropertyDescriptor(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectConstructorKeys(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectConstructorDefineProperty(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectConstructorDefineProperties(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectConstructorCreate(ExecState*, JSObject*, JSValue, const ArgList&);
+
+ObjectConstructor::ObjectConstructor(ExecState* exec, PassRefPtr<Structure> structure, ObjectPrototype* objectPrototype, Structure* prototypeFunctionStructure)
+: InternalFunction(&exec->globalData(), structure, Identifier(exec, "Object"))
+{
+    // ECMA 15.2.3.1
+    putDirectWithoutTransition(exec->propertyNames().prototype, objectPrototype, DontEnum | DontDelete | ReadOnly);
+    
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontEnum | DontDelete);
+    
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().getPrototypeOf, objectConstructorGetPrototypeOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().getOwnPropertyDescriptor, objectConstructorGetOwnPropertyDescriptor), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().keys, objectConstructorKeys), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 3, exec->propertyNames().defineProperty, objectConstructorDefineProperty), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().defineProperties, objectConstructorDefineProperties), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().create, objectConstructorCreate), DontEnum);
+}
+
+// ECMA 15.2.2
+static ALWAYS_INLINE JSObject* constructObject(ExecState* exec, const ArgList& args)
+{
+    JSValue arg = args.at(0);
+    if (arg.isUndefinedOrNull())
+        return new (exec) JSObject(exec->lexicalGlobalObject()->emptyObjectStructure());
+    return arg.toObject(exec);
+}
+
+static JSObject* constructWithObjectConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructObject(exec, args);
+}
+
+ConstructType ObjectConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithObjectConstructor;
+    return ConstructTypeHost;
+}
+
+static JSValue JSC_HOST_CALL callObjectConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return constructObject(exec, args);
+}
+
+CallType ObjectConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callObjectConstructor;
+    return CallTypeHost;
+}
+
+JSValue JSC_HOST_CALL objectConstructorGetPrototypeOf(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject())
+        return throwError(exec, TypeError, "Requested prototype of a value that is not an object.");
+    return asObject(args.at(0))->prototype();
+}
+
+JSValue JSC_HOST_CALL objectConstructorGetOwnPropertyDescriptor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject())
+        return throwError(exec, TypeError, "Requested property descriptor of a value that is not an object.");
+    UString propertyName = args.at(1).toString(exec);
+    if (exec->hadException())
+        return jsNull();
+    JSObject* object = asObject(args.at(0));
+    PropertyDescriptor descriptor;
+    if (!object->getOwnPropertyDescriptor(exec, Identifier(exec, propertyName), descriptor))
+        return jsUndefined();
+    if (exec->hadException())
+        return jsUndefined();
+
+    JSObject* description = constructEmptyObject(exec);
+    if (!descriptor.isAccessorDescriptor()) {
+        description->putDirect(exec->propertyNames().value, descriptor.value() ? descriptor.value() : jsUndefined(), 0);
+        description->putDirect(exec->propertyNames().writable, jsBoolean(descriptor.writable()), 0);
+    } else {
+        description->putDirect(exec->propertyNames().get, descriptor.getter() ? descriptor.getter() : jsUndefined(), 0);
+        description->putDirect(exec->propertyNames().set, descriptor.setter() ? descriptor.setter() : jsUndefined(), 0);
+    }
+    
+    description->putDirect(exec->propertyNames().enumerable, jsBoolean(descriptor.enumerable()), 0);
+    description->putDirect(exec->propertyNames().configurable, jsBoolean(descriptor.configurable()), 0);
+
+    return description;
+}
+
+JSValue JSC_HOST_CALL objectConstructorKeys(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject())
+        return throwError(exec, TypeError, "Requested keys of a value that is not an object.");
+    PropertyNameArray properties(exec);
+    asObject(args.at(0))->getOwnPropertyNames(exec, properties);
+    JSArray* keys = constructEmptyArray(exec);
+    size_t numProperties = properties.size();
+    for (size_t i = 0; i < numProperties; i++)
+        keys->push(exec, jsOwnedString(exec, properties[i].ustring()));
+    return keys;
+}
+
+// ES5 8.10.5 ToPropertyDescriptor
+static bool toPropertyDescriptor(ExecState* exec, JSValue in, PropertyDescriptor& desc)
+{
+    if (!in.isObject()) {
+        throwError(exec, TypeError, "Property description must be an object.");
+        return false;
+    }
+    JSObject* description = asObject(in);
+
+    PropertySlot enumerableSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().enumerable, enumerableSlot)) {
+        desc.setEnumerable(enumerableSlot.getValue(exec, exec->propertyNames().enumerable).toBoolean(exec));
+        if (exec->hadException())
+            return false;
+    }
+
+    PropertySlot configurableSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().configurable, configurableSlot)) {
+        desc.setConfigurable(configurableSlot.getValue(exec, exec->propertyNames().configurable).toBoolean(exec));
+        if (exec->hadException())
+            return false;
+    }
+
+    JSValue value;
+    PropertySlot valueSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().value, valueSlot)) {
+        desc.setValue(valueSlot.getValue(exec, exec->propertyNames().value));
+        if (exec->hadException())
+            return false;
+    }
+
+    PropertySlot writableSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().writable, writableSlot)) {
+        desc.setWritable(writableSlot.getValue(exec, exec->propertyNames().writable).toBoolean(exec));
+        if (exec->hadException())
+            return false;
+    }
+
+    PropertySlot getSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().get, getSlot)) {
+        JSValue get = getSlot.getValue(exec, exec->propertyNames().get);
+        if (exec->hadException())
+            return false;
+        if (!get.isUndefined()) {
+            CallData callData;
+            if (get.getCallData(callData) == CallTypeNone) {
+                throwError(exec, TypeError, "Getter must be a function.");
+                return false;
+            }
+        } else
+            get = JSValue();
+        desc.setGetter(get);
+    }
+
+    PropertySlot setSlot;
+    if (description->getPropertySlot(exec, exec->propertyNames().set, setSlot)) {
+        JSValue set = setSlot.getValue(exec, exec->propertyNames().set);
+        if (exec->hadException())
+            return false;
+        if (!set.isUndefined()) {
+            CallData callData;
+            if (set.getCallData(callData) == CallTypeNone) {
+                throwError(exec, TypeError, "Setter must be a function.");
+                return false;
+            }
+        } else
+            set = JSValue();
+
+        desc.setSetter(set);
+    }
+
+    if (!desc.isAccessorDescriptor())
+        return true;
+
+    if (desc.value()) {
+        throwError(exec, TypeError, "Invalid property.  'value' present on property with getter or setter.");
+        return false;
+    }
+
+    if (desc.writablePresent()) {
+        throwError(exec, TypeError, "Invalid property.  'writable' present on property with getter or setter.");
+        return false;
+    }
+    return true;
+}
+
+JSValue JSC_HOST_CALL objectConstructorDefineProperty(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject())
+        return throwError(exec, TypeError, "Properties can only be defined on Objects.");
+    JSObject* O = asObject(args.at(0));
+    UString propertyName = args.at(1).toString(exec);
+    if (exec->hadException())
+        return jsNull();
+    PropertyDescriptor descriptor;
+    if (!toPropertyDescriptor(exec, args.at(2), descriptor))
+        return jsNull();
+    ASSERT((descriptor.attributes() & (Getter | Setter)) || (!descriptor.isAccessorDescriptor()));
+    ASSERT(!exec->hadException());
+    O->defineOwnProperty(exec, Identifier(exec, propertyName), descriptor, true);
+    return O;
+}
+
+static JSValue defineProperties(ExecState* exec, JSObject* object, JSObject* properties)
+{
+    PropertyNameArray propertyNames(exec);
+    asObject(properties)->getOwnPropertyNames(exec, propertyNames);
+    size_t numProperties = propertyNames.size();
+    Vector<PropertyDescriptor> descriptors;
+    MarkedArgumentBuffer markBuffer;
+    for (size_t i = 0; i < numProperties; i++) {
+        PropertySlot slot;
+        JSValue prop = properties->get(exec, propertyNames[i]);
+        if (exec->hadException())
+            return jsNull();
+        PropertyDescriptor descriptor;
+        if (!toPropertyDescriptor(exec, prop, descriptor))
+            return jsNull();
+        descriptors.append(descriptor);
+        // Ensure we mark all the values that we're accumulating
+        if (descriptor.isDataDescriptor() && descriptor.value())
+            markBuffer.append(descriptor.value());
+        if (descriptor.isAccessorDescriptor()) {
+            if (descriptor.getter())
+                markBuffer.append(descriptor.getter());
+            if (descriptor.setter())
+                markBuffer.append(descriptor.setter());
+        }
+    }
+    for (size_t i = 0; i < numProperties; i++) {
+        object->defineOwnProperty(exec, propertyNames[i], descriptors[i], true);
+        if (exec->hadException())
+            return jsNull();
+    }
+    return object;
+}
+
+JSValue JSC_HOST_CALL objectConstructorDefineProperties(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject())
+        return throwError(exec, TypeError, "Properties can only be defined on Objects.");
+    if (!args.at(1).isObject())
+        return throwError(exec, TypeError, "Property descriptor list must be an Object.");
+    return defineProperties(exec, asObject(args.at(0)), asObject(args.at(1)));
+}
+
+JSValue JSC_HOST_CALL objectConstructorCreate(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (!args.at(0).isObject() && !args.at(0).isNull())
+        return throwError(exec, TypeError, "Object prototype may only be an Object or null.");
+    JSObject* newObject = constructEmptyObject(exec);
+    newObject->setPrototype(args.at(0));
+    if (args.at(1).isUndefined())
+        return newObject;
+    if (!args.at(1).isObject())
+        return throwError(exec, TypeError, "Property descriptor list must be an Object.");
+    return defineProperties(exec, newObject, asObject(args.at(1)));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.h
new file mode 100644
index 000000000..9373781d6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectConstructor.h
@@ -0,0 +1,41 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ObjectConstructor_h
+#define ObjectConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class ObjectPrototype;
+
+    class ObjectConstructor : public InternalFunction {
+    public:
+        ObjectConstructor(ExecState*, PassRefPtr<Structure>, ObjectPrototype*, Structure* prototypeFunctionStructure);
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+} // namespace JSC
+
+#endif // ObjectConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.cpp
new file mode 100644
index 000000000..fccc44a59
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.cpp
@@ -0,0 +1,154 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "ObjectPrototype.h"
+
+#include "Error.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "PrototypeFunction.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(ObjectPrototype);
+
+static JSValue JSC_HOST_CALL objectProtoFuncValueOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncHasOwnProperty(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncIsPrototypeOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncDefineGetter(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncDefineSetter(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncLookupGetter(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncLookupSetter(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncPropertyIsEnumerable(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL objectProtoFuncToLocaleString(ExecState*, JSObject*, JSValue, const ArgList&);
+
+ObjectPrototype::ObjectPrototype(ExecState* exec, PassRefPtr<Structure> stucture, Structure* prototypeFunctionStructure)
+    : JSObject(stucture)
+    , m_hasNoPropertiesWithUInt32Names(true)
+{
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, objectProtoFuncToString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toLocaleString, objectProtoFuncToLocaleString), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().valueOf, objectProtoFuncValueOf), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().hasOwnProperty, objectProtoFuncHasOwnProperty), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().propertyIsEnumerable, objectProtoFuncPropertyIsEnumerable), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().isPrototypeOf, objectProtoFuncIsPrototypeOf), DontEnum);
+
+    // Mozilla extensions
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().__defineGetter__, objectProtoFuncDefineGetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 2, exec->propertyNames().__defineSetter__, objectProtoFuncDefineSetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().__lookupGetter__, objectProtoFuncLookupGetter), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().__lookupSetter__, objectProtoFuncLookupSetter), DontEnum);
+}
+
+void ObjectPrototype::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    JSObject::put(exec, propertyName, value, slot);
+
+    if (m_hasNoPropertiesWithUInt32Names) {
+        bool isUInt32;
+        propertyName.toStrictUInt32(&isUInt32);
+        m_hasNoPropertiesWithUInt32Names = !isUInt32;
+    }
+}
+
+bool ObjectPrototype::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    if (m_hasNoPropertiesWithUInt32Names)
+        return false;
+    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
+}
+
+// ------------------------------ Functions --------------------------------
+
+// ECMA 15.2.4.2, 15.2.4.4, 15.2.4.5, 15.2.4.7
+
+JSValue JSC_HOST_CALL objectProtoFuncValueOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    return thisValue.toThisObject(exec);
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncHasOwnProperty(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    return jsBoolean(thisValue.toThisObject(exec)->hasOwnProperty(exec, Identifier(exec, args.at(0).toString(exec))));
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncIsPrototypeOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSObject* thisObj = thisValue.toThisObject(exec);
+
+    if (!args.at(0).isObject())
+        return jsBoolean(false);
+
+    JSValue v = asObject(args.at(0))->prototype();
+
+    while (true) {
+        if (!v.isObject())
+            return jsBoolean(false);
+        if (v == thisObj)
+            return jsBoolean(true);
+        v = asObject(v)->prototype();
+    }
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncDefineGetter(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    CallData callData;
+    if (args.at(1).getCallData(callData) == CallTypeNone)
+        return throwError(exec, SyntaxError, "invalid getter usage");
+    thisValue.toThisObject(exec)->defineGetter(exec, Identifier(exec, args.at(0).toString(exec)), asObject(args.at(1)));
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncDefineSetter(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    CallData callData;
+    if (args.at(1).getCallData(callData) == CallTypeNone)
+        return throwError(exec, SyntaxError, "invalid setter usage");
+    thisValue.toThisObject(exec)->defineSetter(exec, Identifier(exec, args.at(0).toString(exec)), asObject(args.at(1)));
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncLookupGetter(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    return thisValue.toThisObject(exec)->lookupGetter(exec, Identifier(exec, args.at(0).toString(exec)));
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncLookupSetter(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    return thisValue.toThisObject(exec)->lookupSetter(exec, Identifier(exec, args.at(0).toString(exec)));
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncPropertyIsEnumerable(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    return jsBoolean(thisValue.toThisObject(exec)->propertyIsEnumerable(exec, Identifier(exec, args.at(0).toString(exec))));
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncToLocaleString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    return thisValue.toThisJSString(exec);
+}
+
+JSValue JSC_HOST_CALL objectProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    return jsNontrivialString(exec, "[object " + thisValue.toThisObject(exec)->className() + "]");
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.h
new file mode 100644
index 000000000..6dd3c28e5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ObjectPrototype.h
@@ -0,0 +1,43 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef ObjectPrototype_h
+#define ObjectPrototype_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class ObjectPrototype : public JSObject {
+    public:
+        ObjectPrototype(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+
+    private:
+        virtual void put(ExecState*, const Identifier&, JSValue, PutPropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+
+        bool m_hasNoPropertiesWithUInt32Names;
+    };
+
+    JSValue JSC_HOST_CALL objectProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+
+} // namespace JSC
+
+#endif // ObjectPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.cpp
new file mode 100644
index 000000000..093bbecf3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.cpp
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "Operations.h"
+
+#include "Error.h"
+#include "JSObject.h"
+#include "JSString.h"
+#include <math.h>
+#include <stdio.h>
+#include <wtf/MathExtras.h>
+
+#if HAVE(FLOAT_H)
+#include <float.h>
+#endif
+
+namespace JSC {
+
+bool JSValue::equalSlowCase(ExecState* exec, JSValue v1, JSValue v2)
+{
+    return equalSlowCaseInline(exec, v1, v2);
+}
+
+bool JSValue::strictEqualSlowCase(JSValue v1, JSValue v2)
+{
+    return strictEqualSlowCaseInline(v1, v2);
+}
+
+NEVER_INLINE JSValue throwOutOfMemoryError(ExecState* exec)
+{
+    JSObject* error = Error::create(exec, GeneralError, "Out of memory");
+    exec->setException(error);
+    return error;
+}
+
+NEVER_INLINE JSValue jsAddSlowCase(CallFrame* callFrame, JSValue v1, JSValue v2)
+{
+    // exception for the Date exception in defaultValue()
+    JSValue p1 = v1.toPrimitive(callFrame);
+    JSValue p2 = v2.toPrimitive(callFrame);
+
+    if (p1.isString() || p2.isString()) {
+        RefPtr<UString::Rep> value = concatenate(p1.toString(callFrame).rep(), p2.toString(callFrame).rep());
+        if (!value)
+            return throwOutOfMemoryError(callFrame);
+        return jsString(callFrame, value.release());
+    }
+
+    return jsNumber(callFrame, p1.toNumber(callFrame) + p2.toNumber(callFrame));
+}
+
+JSValue jsTypeStringForValue(CallFrame* callFrame, JSValue v)
+{
+    if (v.isUndefined())
+        return jsNontrivialString(callFrame, "undefined");
+    if (v.isBoolean())
+        return jsNontrivialString(callFrame, "boolean");
+    if (v.isNumber())
+        return jsNontrivialString(callFrame, "number");
+    if (v.isString())
+        return jsNontrivialString(callFrame, "string");
+    if (v.isObject()) {
+        // Return "undefined" for objects that should be treated
+        // as null when doing comparisons.
+        if (asObject(v)->structure()->typeInfo().masqueradesAsUndefined())
+            return jsNontrivialString(callFrame, "undefined");
+        CallData callData;
+        if (asObject(v)->getCallData(callData) != CallTypeNone)
+            return jsNontrivialString(callFrame, "function");
+    }
+    return jsNontrivialString(callFrame, "object");
+}
+
+bool jsIsObjectType(JSValue v)
+{
+    if (!v.isCell())
+        return v.isNull();
+
+    JSType type = asCell(v)->structure()->typeInfo().type();
+    if (type == NumberType || type == StringType)
+        return false;
+    if (type == ObjectType) {
+        if (asObject(v)->structure()->typeInfo().masqueradesAsUndefined())
+            return false;
+        CallData callData;
+        if (asObject(v)->getCallData(callData) != CallTypeNone)
+            return false;
+    }
+    return true;
+}
+
+bool jsIsFunctionType(JSValue v)
+{
+    if (v.isObject()) {
+        CallData callData;
+        if (asObject(v)->getCallData(callData) != CallTypeNone)
+            return true;
+    }
+    return false;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.h
new file mode 100644
index 000000000..21120f510
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Operations.h
@@ -0,0 +1,330 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2002, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef Operations_h
+#define Operations_h
+
+#include "Interpreter.h"
+#include "JSImmediate.h"
+#include "JSNumberCell.h"
+#include "JSString.h"
+
+namespace JSC {
+
+    NEVER_INLINE JSValue throwOutOfMemoryError(ExecState*);
+    NEVER_INLINE JSValue jsAddSlowCase(CallFrame*, JSValue, JSValue);
+    JSValue jsTypeStringForValue(CallFrame*, JSValue);
+    bool jsIsObjectType(JSValue);
+    bool jsIsFunctionType(JSValue);
+
+    // ECMA 11.9.3
+    inline bool JSValue::equal(ExecState* exec, JSValue v1, JSValue v2)
+    {
+        if (v1.isInt32() && v2.isInt32())
+            return v1 == v2;
+
+        return equalSlowCase(exec, v1, v2);
+    }
+
+    ALWAYS_INLINE bool JSValue::equalSlowCaseInline(ExecState* exec, JSValue v1, JSValue v2)
+    {
+        do {
+            if (v1.isNumber() && v2.isNumber())
+                return v1.uncheckedGetNumber() == v2.uncheckedGetNumber();
+
+            bool s1 = v1.isString();
+            bool s2 = v2.isString();
+            if (s1 && s2)
+                return asString(v1)->value() == asString(v2)->value();
+
+            if (v1.isUndefinedOrNull()) {
+                if (v2.isUndefinedOrNull())
+                    return true;
+                if (!v2.isCell())
+                    return false;
+                return v2.asCell()->structure()->typeInfo().masqueradesAsUndefined();
+            }
+
+            if (v2.isUndefinedOrNull()) {
+                if (!v1.isCell())
+                    return false;
+                return v1.asCell()->structure()->typeInfo().masqueradesAsUndefined();
+            }
+
+            if (v1.isObject()) {
+                if (v2.isObject()) {
+                    return v1 == v2
+#ifdef QT_BUILD_SCRIPT_LIB
+                        || asObject(v1)->compareToObject(exec, asObject(v2))
+#endif
+                        ;
+                }
+                JSValue p1 = v1.toPrimitive(exec);
+                if (exec->hadException())
+                    return false;
+                v1 = p1;
+                if (v1.isInt32() && v2.isInt32())
+                    return v1 == v2;
+                continue;
+            }
+
+            if (v2.isObject()) {
+                JSValue p2 = v2.toPrimitive(exec);
+                if (exec->hadException())
+                    return false;
+                v2 = p2;
+                if (v1.isInt32() && v2.isInt32())
+                    return v1 == v2;
+                continue;
+            }
+
+            if (s1 || s2) {
+                double d1 = v1.toNumber(exec);
+                double d2 = v2.toNumber(exec);
+                return d1 == d2;
+            }
+
+            if (v1.isBoolean()) {
+                if (v2.isNumber())
+                    return static_cast<double>(v1.getBoolean()) == v2.uncheckedGetNumber();
+            } else if (v2.isBoolean()) {
+                if (v1.isNumber())
+                    return v1.uncheckedGetNumber() == static_cast<double>(v2.getBoolean());
+            }
+
+            return v1 == v2;
+        } while (true);
+    }
+
+    // ECMA 11.9.3
+    ALWAYS_INLINE bool JSValue::strictEqualSlowCaseInline(JSValue v1, JSValue v2)
+    {
+        ASSERT(v1.isCell() && v2.isCell());
+
+        if (v1.asCell()->isString() && v2.asCell()->isString())
+            return asString(v1)->value() == asString(v2)->value();
+
+        return v1 == v2;
+    }
+
+    inline bool JSValue::strictEqual(JSValue v1, JSValue v2)
+    {
+        if (v1.isInt32() && v2.isInt32())
+            return v1 == v2;
+
+        if (v1.isNumber() && v2.isNumber())
+            return v1.uncheckedGetNumber() == v2.uncheckedGetNumber();
+
+        if (!v1.isCell() || !v2.isCell())
+            return v1 == v2;
+
+        return strictEqualSlowCaseInline(v1, v2);
+    }
+
+    inline bool jsLess(CallFrame* callFrame, JSValue v1, JSValue v2)
+    {
+        if (v1.isInt32() && v2.isInt32())
+            return v1.asInt32() < v2.asInt32();
+
+        double n1;
+        double n2;
+        if (v1.getNumber(n1) && v2.getNumber(n2))
+            return n1 < n2;
+
+        JSGlobalData* globalData = &callFrame->globalData();
+        if (isJSString(globalData, v1) && isJSString(globalData, v2))
+            return asString(v1)->value() < asString(v2)->value();
+
+        JSValue p1;
+        JSValue p2;
+        bool wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+        bool wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
+
+        if (wasNotString1 | wasNotString2)
+            return n1 < n2;
+
+        return asString(p1)->value() < asString(p2)->value();
+    }
+
+    inline bool jsLessEq(CallFrame* callFrame, JSValue v1, JSValue v2)
+    {
+        if (v1.isInt32() && v2.isInt32())
+            return v1.asInt32() <= v2.asInt32();
+
+        double n1;
+        double n2;
+        if (v1.getNumber(n1) && v2.getNumber(n2))
+            return n1 <= n2;
+
+        JSGlobalData* globalData = &callFrame->globalData();
+        if (isJSString(globalData, v1) && isJSString(globalData, v2))
+            return !(asString(v2)->value() < asString(v1)->value());
+
+        JSValue p1;
+        JSValue p2;
+        bool wasNotString1 = v1.getPrimitiveNumber(callFrame, n1, p1);
+        bool wasNotString2 = v2.getPrimitiveNumber(callFrame, n2, p2);
+
+        if (wasNotString1 | wasNotString2)
+            return n1 <= n2;
+
+        return !(asString(p2)->value() < asString(p1)->value());
+    }
+
+    // Fast-path choices here are based on frequency data from SunSpider:
+    //    <times> Add case: <t1> <t2>
+    //    ---------------------------
+    //    5626160 Add case: 3 3 (of these, 3637690 are for immediate values)
+    //    247412  Add case: 5 5
+    //    20900   Add case: 5 6
+    //    13962   Add case: 5 3
+    //    4000    Add case: 3 5
+
+    ALWAYS_INLINE JSValue jsAdd(CallFrame* callFrame, JSValue v1, JSValue v2)
+    {
+        double left;
+        double right = 0.0;
+
+        bool rightIsNumber = v2.getNumber(right);
+        if (rightIsNumber && v1.getNumber(left))
+            return jsNumber(callFrame, left + right);
+        
+        bool leftIsString = v1.isString();
+        if (leftIsString && v2.isString()) {
+            RefPtr<UString::Rep> value = concatenate(asString(v1)->value().rep(), asString(v2)->value().rep());
+            if (!value)
+                return throwOutOfMemoryError(callFrame);
+            return jsString(callFrame, value.release());
+        }
+
+        if (rightIsNumber & leftIsString) {
+            RefPtr<UString::Rep> value = v2.isInt32() ?
+                concatenate(asString(v1)->value().rep(), v2.asInt32()) :
+                concatenate(asString(v1)->value().rep(), right);
+
+            if (!value)
+                return throwOutOfMemoryError(callFrame);
+            return jsString(callFrame, value.release());
+        }
+
+        // All other cases are pretty uncommon
+        return jsAddSlowCase(callFrame, v1, v2);
+    }
+
+    inline size_t countPrototypeChainEntriesAndCheckForProxies(CallFrame* callFrame, JSValue baseValue, const PropertySlot& slot)
+    {
+        JSCell* cell = asCell(baseValue);
+        size_t count = 0;
+
+        while (slot.slotBase() != cell) {
+            JSValue v = cell->structure()->prototypeForLookup(callFrame);
+
+            // If we didn't find slotBase in baseValue's prototype chain, then baseValue
+            // must be a proxy for another object.
+
+            if (v.isNull())
+                return 0;
+
+            cell = asCell(v);
+
+            // Since we're accessing a prototype in a loop, it's a good bet that it
+            // should not be treated as a dictionary.
+            if (cell->structure()->isDictionary())
+                asObject(cell)->setStructure(Structure::fromDictionaryTransition(cell->structure()));
+
+            ++count;
+        }
+        
+        ASSERT(count);
+        return count;
+    }
+
+    ALWAYS_INLINE JSValue resolveBase(CallFrame* callFrame, Identifier& property, ScopeChainNode* scopeChain)
+    {
+        ScopeChainIterator iter = scopeChain->begin();
+        ScopeChainIterator next = iter;
+        ++next;
+        ScopeChainIterator end = scopeChain->end();
+        ASSERT(iter != end);
+
+        PropertySlot slot;
+        JSObject* base;
+        while (true) {
+            base = *iter;
+            if (next == end || base->getPropertySlot(callFrame, property, slot))
+                return base;
+
+            iter = next;
+            ++next;
+        }
+
+        ASSERT_NOT_REACHED();
+        return JSValue();
+    }
+
+    ALWAYS_INLINE JSValue concatenateStrings(CallFrame* callFrame, Register* strings, unsigned count)
+    {
+        ASSERT(count >= 3);
+
+        // Estimate the amount of space required to hold the entire string.  If all
+        // arguments are strings, we can easily calculate the exact amount of space
+        // required.  For any other arguments, for now let's assume they may require
+        // 11 UChars of storage.  This is enouch to hold any int, and likely is also
+        // reasonable for the other immediates.  We may want to come back and tune
+        // this value at some point.
+        unsigned bufferSize = 0;
+        for (unsigned i = 0; i < count; ++i) {
+            JSValue v = strings[i].jsValue();
+            if (LIKELY(v.isString()))
+                bufferSize += asString(v)->value().size();
+            else
+                bufferSize += 11;
+        }
+
+        // Allocate an output string to store the result.
+        // If the first argument is a String, and if it has the capacity (or can grow
+        // its capacity) to hold the entire result then use this as a base to concatenate
+        // onto.  Otherwise, allocate a new empty output buffer.
+        JSValue firstValue = strings[0].jsValue();
+        RefPtr<UString::Rep> resultRep;
+        if (firstValue.isString() && (resultRep = asString(firstValue)->value().rep())->reserveCapacity(bufferSize)) {
+            // We're going to concatenate onto the first string - remove it from the list of items to be appended.
+            ++strings;
+            --count;
+        } else
+            resultRep = UString::Rep::createEmptyBuffer(bufferSize);
+        UString result(resultRep);
+
+        // Loop over the operands, writing them into the output buffer.
+        for (unsigned i = 0; i < count; ++i) {
+            JSValue v = strings[i].jsValue();
+            if (LIKELY(v.isString()))
+                result.append(asString(v)->value());
+            else
+                result.append(v.toString(callFrame));
+        }
+
+        return jsString(callFrame, result);
+    }
+
+} // namespace JSC
+
+#endif // Operations_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.cpp
new file mode 100644
index 000000000..4db814f62
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.cpp
@@ -0,0 +1,195 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+
+#include "config.h"
+
+#include "PropertyDescriptor.h"
+
+#include "GetterSetter.h"
+#include "JSObject.h"
+#include "Operations.h"
+
+namespace JSC {
+unsigned PropertyDescriptor::defaultAttributes = (DontDelete << 1) - 1;
+
+bool PropertyDescriptor::writable() const
+{
+    ASSERT(!isAccessorDescriptor());
+    return !(m_attributes & ReadOnly);
+}
+
+bool PropertyDescriptor::enumerable() const
+{
+    return !(m_attributes & DontEnum);
+}
+
+bool PropertyDescriptor::configurable() const
+{
+    return !(m_attributes & DontDelete);
+}
+
+bool PropertyDescriptor::isDataDescriptor() const
+{
+    return m_value || (m_seenAttributes & WritablePresent);
+}
+
+bool PropertyDescriptor::isGenericDescriptor() const
+{
+    return !isAccessorDescriptor() && !isDataDescriptor();
+}
+
+bool PropertyDescriptor::isAccessorDescriptor() const
+{
+    return m_getter || m_setter;
+}
+
+void PropertyDescriptor::setUndefined()
+{
+    m_value = jsUndefined();
+    m_attributes = ReadOnly | DontDelete | DontEnum;
+}
+
+JSValue PropertyDescriptor::getter() const
+{
+    ASSERT(isAccessorDescriptor());
+    return m_getter;
+}
+
+JSValue PropertyDescriptor::setter() const
+{
+    ASSERT(isAccessorDescriptor());
+    return m_setter;
+}
+
+void PropertyDescriptor::setDescriptor(JSValue value, unsigned attributes)
+{
+    ASSERT(value);
+    m_attributes = attributes;
+    if (attributes & (Getter | Setter)) {
+        GetterSetter* accessor = asGetterSetter(value);
+        m_getter = accessor->getter();
+        m_setter = accessor->setter();
+        ASSERT(m_getter || m_setter);
+        m_seenAttributes = EnumerablePresent | ConfigurablePresent;
+        m_attributes &= ~ReadOnly;
+    } else {
+        m_value = value;
+        m_seenAttributes = EnumerablePresent | ConfigurablePresent | WritablePresent;
+    }
+}
+
+void PropertyDescriptor::setAccessorDescriptor(JSValue getter, JSValue setter, unsigned attributes)
+{
+    ASSERT(attributes & (Getter | Setter));
+    ASSERT(getter || setter);
+    m_attributes = attributes;
+    m_getter = getter;
+    m_setter = setter;
+    m_attributes &= ~ReadOnly;
+    m_seenAttributes = EnumerablePresent | ConfigurablePresent;
+}
+
+void PropertyDescriptor::setWritable(bool writable)
+{
+    if (writable)
+        m_attributes &= ~ReadOnly;
+    else
+        m_attributes |= ReadOnly;
+    m_seenAttributes |= WritablePresent;
+}
+
+void PropertyDescriptor::setEnumerable(bool enumerable)
+{
+    if (enumerable)
+        m_attributes &= ~DontEnum;
+    else
+        m_attributes |= DontEnum;
+    m_seenAttributes |= EnumerablePresent;
+}
+
+void PropertyDescriptor::setConfigurable(bool configurable)
+{
+    if (configurable)
+        m_attributes &= ~DontDelete;
+    else
+        m_attributes |= DontDelete;
+    m_seenAttributes |= ConfigurablePresent;
+}
+
+void PropertyDescriptor::setSetter(JSValue setter)
+{
+    m_setter = setter;
+    m_attributes |= Setter;
+    m_attributes &= ~ReadOnly;
+}
+
+void PropertyDescriptor::setGetter(JSValue getter)
+{
+    m_getter = getter;
+    m_attributes |= Getter;
+    m_attributes &= ~ReadOnly;
+}
+
+bool PropertyDescriptor::equalTo(const PropertyDescriptor& other) const
+{
+    if (!other.m_value == m_value ||
+        !other.m_getter == m_getter ||
+        !other.m_setter == m_setter)
+        return false;
+    return (!m_value || JSValue::strictEqual(other.m_value, m_value)) && 
+           (!m_getter || JSValue::strictEqual(other.m_getter, m_getter)) && 
+           (!m_setter || JSValue::strictEqual(other.m_setter, m_setter)) &&
+           attributesEqual(other);
+}
+
+bool PropertyDescriptor::attributesEqual(const PropertyDescriptor& other) const
+{
+    unsigned mismatch = other.m_attributes ^ m_attributes;
+    unsigned sharedSeen = other.m_seenAttributes & m_seenAttributes;
+    if (sharedSeen & WritablePresent && mismatch & ReadOnly)
+        return false;
+    if (sharedSeen & ConfigurablePresent && mismatch & DontDelete)
+        return false;
+    if (sharedSeen & EnumerablePresent && mismatch & DontEnum)
+        return false;
+    return true;
+}
+
+unsigned PropertyDescriptor::attributesWithOverride(const PropertyDescriptor& other) const
+{
+    unsigned mismatch = other.m_attributes ^ m_attributes;
+    unsigned sharedSeen = other.m_seenAttributes & m_seenAttributes;
+    unsigned newAttributes = m_attributes & defaultAttributes;
+    if (sharedSeen & WritablePresent && mismatch & ReadOnly)
+        newAttributes ^= ReadOnly;
+    if (sharedSeen & ConfigurablePresent && mismatch & DontDelete)
+        newAttributes ^= DontDelete;
+    if (sharedSeen & EnumerablePresent && mismatch & DontEnum)
+        newAttributes ^= DontEnum;
+    return newAttributes;
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.h
new file mode 100644
index 000000000..40bec86b0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyDescriptor.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef PropertyDescriptor_h
+#define PropertyDescriptor_h
+
+#include "JSValue.h"
+
+namespace JSC {
+    class PropertyDescriptor {
+    public:
+        PropertyDescriptor()
+            : m_attributes(defaultAttributes)
+            , m_seenAttributes(0)
+        {
+        }
+        bool writable() const;
+        bool enumerable() const;
+        bool configurable() const;
+        bool isDataDescriptor() const;
+        bool isGenericDescriptor() const;
+        bool isAccessorDescriptor() const;
+        unsigned attributes() const { return m_attributes; }
+        JSValue value() const { return m_value; }
+        JSValue getter() const;
+        JSValue setter() const;
+        void setUndefined();
+        void setDescriptor(JSValue value, unsigned attributes);
+        void setAccessorDescriptor(JSValue getter, JSValue setter, unsigned attributes);
+        void setWritable(bool);
+        void setEnumerable(bool);
+        void setConfigurable(bool);
+        void setValue(JSValue value) { m_value = value; }
+        void setSetter(JSValue);
+        void setGetter(JSValue);
+        bool isEmpty() const { return !(m_value || m_getter || m_setter || m_seenAttributes); }
+        bool writablePresent() const { return m_seenAttributes & WritablePresent; }
+        bool enumerablePresent() const { return m_seenAttributes & EnumerablePresent; }
+        bool configurablePresent() const { return m_seenAttributes & ConfigurablePresent; }
+        bool setterPresent() const { return m_setter; }
+        bool getterPresent() const { return m_getter; }
+        bool equalTo(const PropertyDescriptor& other) const;
+        bool attributesEqual(const PropertyDescriptor& other) const;
+        unsigned attributesWithOverride(const PropertyDescriptor& other) const;
+    private:
+        static unsigned defaultAttributes;
+        bool operator==(const PropertyDescriptor&){ return false; }
+        enum { WritablePresent = 1, EnumerablePresent = 2, ConfigurablePresent = 4};
+        // May be a getter/setter
+        JSValue m_value;
+        JSValue m_getter;
+        JSValue m_setter;
+        unsigned m_attributes;
+        unsigned m_seenAttributes;
+    };
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyMapHashTable.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyMapHashTable.h
new file mode 100644
index 000000000..5b63f79ec
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyMapHashTable.h
@@ -0,0 +1,91 @@
+/*
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef PropertyMapHashTable_h
+#define PropertyMapHashTable_h
+
+#include "UString.h"
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    struct PropertyMapEntry {
+        UString::Rep* key;
+        unsigned offset;
+        unsigned attributes;
+        JSCell* specificValue;
+        unsigned index;
+
+        PropertyMapEntry(UString::Rep* key, unsigned attributes, JSCell* specificValue)
+            : key(key)
+            , offset(0)
+            , attributes(attributes)
+            , specificValue(specificValue)
+            , index(0)
+        {
+        }
+
+        PropertyMapEntry(UString::Rep* key, unsigned offset, unsigned attributes, JSCell* specificValue, unsigned index)
+            : key(key)
+            , offset(offset)
+            , attributes(attributes)
+            , specificValue(specificValue)
+            , index(index)
+        {
+        }
+    };
+
+    // lastIndexUsed is an ever-increasing index used to identify the order items
+    // were inserted into the property map. It's required that getEnumerablePropertyNames
+    // return the properties in the order they were added for compatibility with other
+    // browsers' JavaScript implementations.
+    struct PropertyMapHashTable {
+        unsigned sizeMask;
+        unsigned size;
+        unsigned keyCount;
+        unsigned deletedSentinelCount;
+        unsigned anonymousSlotCount;
+        unsigned lastIndexUsed;
+        Vector<unsigned>* deletedOffsets;
+        unsigned entryIndices[1];
+
+        PropertyMapEntry* entries()
+        {
+            // The entries vector comes after the indices vector.
+            // The 0th item in the entries vector is not really used; it has to
+            // have a 0 in its key to allow the hash table lookup to handle deleted
+            // sentinels without any special-case code, but the other fields are unused.
+            return reinterpret_cast<PropertyMapEntry*>(&entryIndices[size]);
+        }
+
+        static size_t allocationSize(unsigned size)
+        {
+            // We never let a hash table get more than half full,
+            // So the number of indices we need is the size of the hash table.
+            // But the number of entries is half that (plus one for the deleted sentinel).
+            return sizeof(PropertyMapHashTable)
+                + (size - 1) * sizeof(unsigned)
+                + (1 + size / 2) * sizeof(PropertyMapEntry);
+        }
+    };
+
+} // namespace JSC
+
+#endif // PropertyMapHashTable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.cpp
new file mode 100644
index 000000000..0878e73f8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.cpp
@@ -0,0 +1,50 @@
+/*
+ *  Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "PropertyNameArray.h"
+
+namespace JSC {
+
+static const size_t setThreshold = 20;
+
+void PropertyNameArray::add(UString::Rep* identifier)
+{
+    ASSERT(identifier == &UString::Rep::null() || identifier == &UString::Rep::empty() || identifier->identifierTable());
+
+    size_t size = m_data->propertyNameVector().size();
+    if (size < setThreshold) {
+        for (size_t i = 0; i < size; ++i) {
+            if (identifier == m_data->propertyNameVector()[i].ustring().rep())
+                return;
+        }
+    } else {
+        if (m_set.isEmpty()) {
+            for (size_t i = 0; i < size; ++i)
+                m_set.add(m_data->propertyNameVector()[i].ustring().rep());
+        }
+        if (!m_set.add(identifier).second)
+            return;
+    }
+
+    m_data->propertyNameVector().append(Identifier(m_globalData, identifier));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.h
new file mode 100644
index 000000000..67ee9c89c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertyNameArray.h
@@ -0,0 +1,113 @@
+/*
+ *  Copyright (C) 2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef PropertyNameArray_h
+#define PropertyNameArray_h
+
+#include "CallFrame.h"
+#include "Identifier.h"
+#include "Structure.h"
+#include "StructureChain.h"
+#include <wtf/HashSet.h>
+#include <wtf/Vector.h>
+
+namespace JSC {
+
+    class PropertyNameArrayData : public RefCounted<PropertyNameArrayData> {
+    public:
+        typedef Vector<Identifier, 20> PropertyNameVector;
+        typedef PropertyNameVector::const_iterator const_iterator;
+
+        static PassRefPtr<PropertyNameArrayData> create() { return adoptRef(new PropertyNameArrayData); }
+
+        const_iterator begin() const { return m_propertyNameVector.begin(); }
+        const_iterator end() const { return m_propertyNameVector.end(); }
+
+        PropertyNameVector& propertyNameVector() { return m_propertyNameVector; }
+
+        void setCachedStructure(Structure* structure) { m_cachedStructure = structure; }
+        Structure* cachedStructure() const { return m_cachedStructure; }
+
+        void setCachedPrototypeChain(PassRefPtr<StructureChain> cachedPrototypeChain) { m_cachedPrototypeChain = cachedPrototypeChain; }
+        StructureChain* cachedPrototypeChain() { return m_cachedPrototypeChain.get(); }
+
+    private:
+        PropertyNameArrayData()
+            : m_cachedStructure(0)
+        {
+        }
+
+        PropertyNameVector m_propertyNameVector;
+        Structure* m_cachedStructure;
+        RefPtr<StructureChain> m_cachedPrototypeChain;
+    };
+
+    class PropertyNameArray {
+    public:
+        typedef PropertyNameArrayData::const_iterator const_iterator;
+
+        PropertyNameArray(JSGlobalData* globalData)
+            : m_data(PropertyNameArrayData::create())
+            , m_globalData(globalData)
+            , m_shouldCache(true)
+        {
+        }
+
+        PropertyNameArray(ExecState* exec)
+            : m_data(PropertyNameArrayData::create())
+            , m_globalData(&exec->globalData())
+            , m_shouldCache(true)
+        {
+        }
+
+        JSGlobalData* globalData() { return m_globalData; }
+
+        void add(const Identifier& identifier) { add(identifier.ustring().rep()); }
+        void add(UString::Rep*);
+        void addKnownUnique(UString::Rep* identifier) { m_data->propertyNameVector().append(Identifier(m_globalData, identifier)); }
+
+        size_t size() const { return m_data->propertyNameVector().size(); }
+
+        Identifier& operator[](unsigned i) { return m_data->propertyNameVector()[i]; }
+        const Identifier& operator[](unsigned i) const { return m_data->propertyNameVector()[i]; }
+
+        const_iterator begin() const { return m_data->begin(); }
+        const_iterator end() const { return m_data->end(); }
+
+        void setData(PassRefPtr<PropertyNameArrayData> data) { m_data = data; }
+        PropertyNameArrayData* data() { return m_data.get(); }
+
+        PassRefPtr<PropertyNameArrayData> releaseData() { return m_data.release(); }
+
+        void setShouldCache(bool shouldCache) { m_shouldCache = shouldCache; }
+        bool shouldCache() const { return m_shouldCache; }
+
+    private:
+        typedef HashSet<UString::Rep*, PtrHash<UString::Rep*> > IdentifierSet;
+
+        RefPtr<PropertyNameArrayData> m_data;
+        IdentifierSet m_set;
+        JSGlobalData* m_globalData;
+        bool m_shouldCache;
+    };
+
+} // namespace JSC
+
+#endif // PropertyNameArray_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.cpp
new file mode 100644
index 000000000..a0a2f48f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.cpp
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 2005, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "PropertySlot.h"
+
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+
+namespace JSC {
+
+JSValue PropertySlot::functionGetter(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    // Prevent getter functions from observing execution if an exception is pending.
+    if (exec->hadException())
+        return exec->exception();
+
+    CallData callData;
+    CallType callType = slot.m_data.getterFunc->getCallData(callData);
+    if (callType == CallTypeHost)
+        return callData.native.function(exec, slot.m_data.getterFunc, slot.slotBase(), exec->emptyList());
+    ASSERT(callType == CallTypeJS);
+    // FIXME: Can this be done more efficiently using the callData?
+    return asFunction(slot.m_data.getterFunc)->call(exec, slot.slotBase(), exec->emptyList());
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.h
new file mode 100644
index 000000000..15d90342a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PropertySlot.h
@@ -0,0 +1,210 @@
+/*
+ *  Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef PropertySlot_h
+#define PropertySlot_h
+
+#include "Identifier.h"
+#include "JSValue.h"
+#include "Register.h"
+#include <wtf/Assertions.h>
+#include <wtf/NotFound.h>
+
+namespace JSC {
+
+    class ExecState;
+    class JSObject;
+
+#define JSC_VALUE_SLOT_MARKER 0
+#define JSC_REGISTER_SLOT_MARKER reinterpret_cast<GetValueFunc>(1)
+
+    class PropertySlot {
+    public:
+        PropertySlot()
+        {
+            clearBase();
+            clearOffset();
+            clearValue();
+        }
+
+        explicit PropertySlot(const JSValue base)
+            : m_slotBase(base)
+        {
+            clearOffset();
+            clearValue();
+        }
+
+        typedef JSValue (*GetValueFunc)(ExecState*, const Identifier&, const PropertySlot&);
+
+        JSValue getValue(ExecState* exec, const Identifier& propertyName) const
+        {
+            if (m_getValue == JSC_VALUE_SLOT_MARKER)
+                return *m_data.valueSlot;
+            if (m_getValue == JSC_REGISTER_SLOT_MARKER)
+                return (*m_data.registerSlot).jsValue();
+            return m_getValue(exec, propertyName, *this);
+        }
+
+        JSValue getValue(ExecState* exec, unsigned propertyName) const
+        {
+            if (m_getValue == JSC_VALUE_SLOT_MARKER)
+                return *m_data.valueSlot;
+            if (m_getValue == JSC_REGISTER_SLOT_MARKER)
+                return (*m_data.registerSlot).jsValue();
+            return m_getValue(exec, Identifier::from(exec, propertyName), *this);
+        }
+
+        bool isCacheable() const { return m_offset != WTF::notFound; }
+        size_t cachedOffset() const
+        {
+            ASSERT(isCacheable());
+            return m_offset;
+        }
+
+        void setValueSlot(JSValue* valueSlot) 
+        {
+            ASSERT(valueSlot);
+            clearBase();
+            clearOffset();
+            m_getValue = JSC_VALUE_SLOT_MARKER;
+            m_data.valueSlot = valueSlot;
+        }
+        
+        void setValueSlot(JSValue slotBase, JSValue* valueSlot)
+        {
+            ASSERT(valueSlot);
+            m_getValue = JSC_VALUE_SLOT_MARKER;
+            m_slotBase = slotBase;
+            m_data.valueSlot = valueSlot;
+        }
+        
+        void setValueSlot(JSValue slotBase, JSValue* valueSlot, size_t offset)
+        {
+            ASSERT(valueSlot);
+            m_getValue = JSC_VALUE_SLOT_MARKER;
+            m_slotBase = slotBase;
+            m_data.valueSlot = valueSlot;
+            m_offset = offset;
+        }
+        
+        void setValue(JSValue value)
+        {
+            ASSERT(value);
+            clearBase();
+            clearOffset();
+            m_getValue = JSC_VALUE_SLOT_MARKER;
+            m_value = value;
+            m_data.valueSlot = &m_value;
+        }
+
+        void setRegisterSlot(Register* registerSlot)
+        {
+            ASSERT(registerSlot);
+            clearBase();
+            clearOffset();
+            m_getValue = JSC_REGISTER_SLOT_MARKER;
+            m_data.registerSlot = registerSlot;
+        }
+
+        void setCustom(JSValue slotBase, GetValueFunc getValue)
+        {
+            ASSERT(slotBase);
+            ASSERT(getValue);
+            m_getValue = getValue;
+            m_slotBase = slotBase;
+        }
+
+        void setCustomIndex(JSValue slotBase, unsigned index, GetValueFunc getValue)
+        {
+            ASSERT(slotBase);
+            ASSERT(getValue);
+            m_getValue = getValue;
+            m_slotBase = slotBase;
+            m_data.index = index;
+        }
+        
+        void setGetterSlot(JSObject* getterFunc)
+        {
+            ASSERT(getterFunc);
+            m_getValue = functionGetter;
+            m_data.getterFunc = getterFunc;
+        }
+        
+        void setUndefined()
+        {
+            setValue(jsUndefined());
+        }
+
+        JSValue slotBase() const
+        {
+            return m_slotBase;
+        }
+
+        void setBase(JSValue base)
+        {
+            ASSERT(m_slotBase);
+            ASSERT(base);
+            m_slotBase = base;
+        }
+
+        void clearBase()
+        {
+#ifndef NDEBUG
+            m_slotBase = JSValue();
+#endif
+        }
+
+        void clearValue()
+        {
+#ifndef NDEBUG
+            m_value = JSValue();
+#endif
+        }
+
+        void clearOffset()
+        {
+            // Clear offset even in release builds, in case this PropertySlot has been used before.
+            // (For other data members, we don't need to clear anything because reuse would meaningfully overwrite them.)
+            m_offset = WTF::notFound;
+        }
+
+        unsigned index() const { return m_data.index; }
+
+    private:
+        static JSValue functionGetter(ExecState*, const Identifier&, const PropertySlot&);
+
+        GetValueFunc m_getValue;
+        
+        JSValue m_slotBase;
+        union {
+            JSObject* getterFunc;
+            JSValue* valueSlot;
+            Register* registerSlot;
+            unsigned index;
+        } m_data;
+
+        JSValue m_value;
+
+        size_t m_offset;
+    };
+
+} // namespace JSC
+
+#endif // PropertySlot_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Protect.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Protect.h
new file mode 100644
index 000000000..6e7984cee
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Protect.h
@@ -0,0 +1,215 @@
+/*
+ *  Copyright (C) 2004, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+
+#ifndef Protect_h
+#define Protect_h
+
+#include "JSCell.h"
+#include "Collector.h"
+
+namespace JSC {
+
+    inline void gcProtect(JSCell* val) 
+    {
+        Heap::heap(val)->protect(val);
+    }
+
+    inline void gcUnprotect(JSCell* val)
+    {
+        Heap::heap(val)->unprotect(val);
+    }
+
+    inline void gcProtectNullTolerant(JSCell* val) 
+    {
+        if (val) 
+            gcProtect(val);
+    }
+
+    inline void gcUnprotectNullTolerant(JSCell* val) 
+    {
+        if (val) 
+            gcUnprotect(val);
+    }
+    
+    inline void gcProtect(JSValue value)
+    {
+        if (value && value.isCell())
+            gcProtect(asCell(value));
+    }
+
+    inline void gcUnprotect(JSValue value)
+    {
+        if (value && value.isCell())
+            gcUnprotect(asCell(value));
+    }
+
+    // FIXME: Share more code with RefPtr template? The only differences are the ref/deref operation
+    // and the implicit conversion to raw pointer
+    template <class T> class ProtectedPtr {
+    public:
+        ProtectedPtr() : m_ptr(0) {}
+        ProtectedPtr(T* ptr);
+        ProtectedPtr(const ProtectedPtr&);
+        ~ProtectedPtr();
+
+        template <class U> ProtectedPtr(const ProtectedPtr<U>&);
+        
+        T* get() const { return m_ptr; }
+        operator T*() const { return m_ptr; }
+        operator JSValue() const { return JSValue(m_ptr); }
+        T* operator->() const { return m_ptr; }
+        
+        operator bool() const { return m_ptr; }
+        bool operator!() const { return !m_ptr; }
+
+        ProtectedPtr& operator=(const ProtectedPtr&);
+        ProtectedPtr& operator=(T*);
+        
+    private:
+        T* m_ptr;
+    };
+
+    class ProtectedJSValue {
+    public:
+        ProtectedJSValue() {}
+        ProtectedJSValue(JSValue value);
+        ProtectedJSValue(const ProtectedJSValue&);
+        ~ProtectedJSValue();
+
+        template <class U> ProtectedJSValue(const ProtectedPtr<U>&);
+        
+        JSValue get() const { return m_value; }
+        operator JSValue() const { return m_value; }
+        //JSValue operator->() const { return m_value; }
+        
+        operator bool() const { return m_value; }
+        bool operator!() const { return !m_value; }
+
+        ProtectedJSValue& operator=(const ProtectedJSValue&);
+        ProtectedJSValue& operator=(JSValue);
+        
+    private:
+        JSValue m_value;
+    };
+
+    template <class T> inline ProtectedPtr<T>::ProtectedPtr(T* ptr)
+        : m_ptr(ptr)
+    {
+        gcProtectNullTolerant(m_ptr);
+    }
+
+    template <class T> inline ProtectedPtr<T>::ProtectedPtr(const ProtectedPtr& o)
+        : m_ptr(o.get())
+    {
+        gcProtectNullTolerant(m_ptr);
+    }
+
+    template <class T> inline ProtectedPtr<T>::~ProtectedPtr()
+    {
+        gcUnprotectNullTolerant(m_ptr);
+    }
+
+    template <class T> template <class U> inline ProtectedPtr<T>::ProtectedPtr(const ProtectedPtr<U>& o)
+        : m_ptr(o.get())
+    {
+        gcProtectNullTolerant(m_ptr);
+    }
+
+    template <class T> inline ProtectedPtr<T>& ProtectedPtr<T>::operator=(const ProtectedPtr<T>& o) 
+    {
+        T* optr = o.m_ptr;
+        gcProtectNullTolerant(optr);
+        gcUnprotectNullTolerant(m_ptr);
+        m_ptr = optr;
+        return *this;
+    }
+
+    template <class T> inline ProtectedPtr<T>& ProtectedPtr<T>::operator=(T* optr)
+    {
+        gcProtectNullTolerant(optr);
+        gcUnprotectNullTolerant(m_ptr);
+        m_ptr = optr;
+        return *this;
+    }
+
+    inline ProtectedJSValue::ProtectedJSValue(JSValue value)
+        : m_value(value)
+    {
+        gcProtect(m_value);
+    }
+
+    inline ProtectedJSValue::ProtectedJSValue(const ProtectedJSValue& o)
+        : m_value(o.get())
+    {
+        gcProtect(m_value);
+    }
+
+    inline ProtectedJSValue::~ProtectedJSValue()
+    {
+        gcUnprotect(m_value);
+    }
+
+    template <class U> ProtectedJSValue::ProtectedJSValue(const ProtectedPtr<U>& o)
+        : m_value(o.get())
+    {
+        gcProtect(m_value);
+    }
+
+    inline ProtectedJSValue& ProtectedJSValue::operator=(const ProtectedJSValue& o) 
+    {
+        JSValue ovalue = o.m_value;
+        gcProtect(ovalue);
+        gcUnprotect(m_value);
+        m_value = ovalue;
+        return *this;
+    }
+
+    inline ProtectedJSValue& ProtectedJSValue::operator=(JSValue ovalue)
+    {
+        gcProtect(ovalue);
+        gcUnprotect(m_value);
+        m_value = ovalue;
+        return *this;
+    }
+
+    template <class T> inline bool operator==(const ProtectedPtr<T>& a, const ProtectedPtr<T>& b) { return a.get() == b.get(); }
+    template <class T> inline bool operator==(const ProtectedPtr<T>& a, const T* b) { return a.get() == b; }
+    template <class T> inline bool operator==(const T* a, const ProtectedPtr<T>& b) { return a == b.get(); }
+
+    template <class T> inline bool operator!=(const ProtectedPtr<T>& a, const ProtectedPtr<T>& b) { return a.get() != b.get(); }
+    template <class T> inline bool operator!=(const ProtectedPtr<T>& a, const T* b) { return a.get() != b; }
+    template <class T> inline bool operator!=(const T* a, const ProtectedPtr<T>& b) { return a != b.get(); }
+
+    inline bool operator==(const ProtectedJSValue& a, const ProtectedJSValue& b) { return a.get() == b.get(); }
+    inline bool operator==(const ProtectedJSValue& a, const JSValue b) { return a.get() == b; }
+    template <class T> inline bool operator==(const ProtectedJSValue& a, const ProtectedPtr<T>& b) { return a.get() == JSValue(b.get()); }
+    inline bool operator==(const JSValue a, const ProtectedJSValue& b) { return a == b.get(); }
+    template <class T> inline bool operator==(const ProtectedPtr<T>& a, const ProtectedJSValue& b) { return JSValue(a.get()) == b.get(); }
+
+    inline bool operator!=(const ProtectedJSValue& a, const ProtectedJSValue& b) { return a.get() != b.get(); }
+    inline bool operator!=(const ProtectedJSValue& a, const JSValue b) { return a.get() != b; }
+    template <class T> inline bool operator!=(const ProtectedJSValue& a, const ProtectedPtr<T>& b) { return a.get() != JSValue(b.get()); }
+    inline bool operator!=(const JSValue a, const ProtectedJSValue& b) { return a != b.get(); }
+    template <class T> inline bool operator!=(const ProtectedPtr<T>& a, const ProtectedJSValue& b) { return JSValue(a.get()) != b.get(); }
+ 
+} // namespace JSC
+
+#endif // Protect_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.cpp
new file mode 100644
index 000000000..8e3d10783
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.cpp
@@ -0,0 +1,57 @@
+/*
+ *  Copyright (C) 1999-2002 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "PrototypeFunction.h"
+
+#include "JSGlobalObject.h"
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(PrototypeFunction);
+
+PrototypeFunction::PrototypeFunction(ExecState* exec, int length, const Identifier& name, NativeFunction function)
+    : InternalFunction(&exec->globalData(), exec->lexicalGlobalObject()->prototypeFunctionStructure(), name)
+    , m_function(function)
+{
+    ASSERT_ARG(function, function);
+    putDirect(exec->propertyNames().length, jsNumber(exec, length), DontDelete | ReadOnly | DontEnum);
+}
+
+PrototypeFunction::PrototypeFunction(ExecState* exec, PassRefPtr<Structure> prototypeFunctionStructure, int length, const Identifier& name, NativeFunction function)
+    : InternalFunction(&exec->globalData(), prototypeFunctionStructure, name)
+    , m_function(function)
+{
+    ASSERT_ARG(function, function);
+    putDirect(exec->propertyNames().length, jsNumber(exec, length), DontDelete | ReadOnly | DontEnum);
+}
+    
+CallType PrototypeFunction::getCallData(CallData& callData)
+{
+    callData.native.function = m_function;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.h
new file mode 100644
index 000000000..99ab32798
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PrototypeFunction.h
@@ -0,0 +1,45 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2007 Maks Orlovich
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef PrototypeFunction_h
+#define PrototypeFunction_h
+
+#include "InternalFunction.h"
+#include "CallData.h"
+
+namespace JSC {
+
+    class PrototypeFunction : public InternalFunction {
+    public:
+        PrototypeFunction(ExecState*, int length, const Identifier&, NativeFunction);
+        PrototypeFunction(ExecState*, PassRefPtr<Structure>, int length, const Identifier&, NativeFunction);
+
+    private:
+        virtual CallType getCallData(CallData&);
+
+        const NativeFunction m_function;
+    };
+
+} // namespace JSC
+
+#endif // PrototypeFunction_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PutPropertySlot.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PutPropertySlot.h
new file mode 100644
index 000000000..eb8ea8a99
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/PutPropertySlot.h
@@ -0,0 +1,77 @@
+// -*- mode: c++; c-basic-offset: 4 -*-
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef PutPropertySlot_h
+#define PutPropertySlot_h
+
+#include <wtf/Assertions.h>
+
+namespace JSC {
+    
+    class JSObject;
+    class JSFunction;
+    
+    class PutPropertySlot {
+    public:
+        enum Type { Uncachable, ExistingProperty, NewProperty };
+
+        PutPropertySlot()
+            : m_type(Uncachable)
+            , m_base(0)
+        {
+        }
+
+        void setExistingProperty(JSObject* base, size_t offset)
+        {
+            m_type = ExistingProperty;
+            m_base = base;
+            m_offset = offset;
+        }
+
+        void setNewProperty(JSObject* base, size_t offset)
+        {
+            m_type = NewProperty;
+            m_base = base;
+            m_offset = offset;
+        }
+
+        Type type() const { return m_type; }
+        JSObject* base() const { return m_base; }
+
+        bool isCacheable() const { return m_type != Uncachable; }
+        size_t cachedOffset() const {
+            ASSERT(isCacheable());
+            return m_offset;
+        }
+    private:
+        Type m_type;
+        JSObject* m_base;
+        size_t m_offset;
+    };
+
+} // namespace JSC
+
+#endif // PutPropertySlot_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.cpp
new file mode 100644
index 000000000..b366b58e0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.cpp
@@ -0,0 +1,283 @@
+/*
+ *  Copyright (C) 1999-2001, 2004 Harri Porten (porten@kde.org)
+ *  Copyright (c) 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "RegExp.h"
+#include "Lexer.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <wtf/Assertions.h>
+#include <wtf/OwnArrayPtr.h>
+
+
+#if ENABLE(YARR)
+
+#include "yarr/RegexCompiler.h"
+#if ENABLE(YARR_JIT)
+#include "yarr/RegexJIT.h"
+#else
+#include "yarr/RegexInterpreter.h"
+#endif
+
+#else
+
+#if ENABLE(WREC)
+#include "JIT.h"
+#include "WRECGenerator.h"
+#endif
+#include <pcre/pcre.h>
+
+#endif
+
+namespace JSC {
+
+#if ENABLE(WREC)
+using namespace WREC;
+#endif
+
+inline RegExp::RegExp(JSGlobalData* globalData, const UString& pattern)
+    : m_pattern(pattern)
+    , m_flagBits(0)
+    , m_constructionError(0)
+    , m_numSubpatterns(0)
+{
+    compile(globalData);
+}
+
+inline RegExp::RegExp(JSGlobalData* globalData, const UString& pattern, const UString& flags)
+    : m_pattern(pattern)
+    , m_flags(flags)
+    , m_flagBits(0)
+    , m_constructionError(0)
+    , m_numSubpatterns(0)
+{
+    // NOTE: The global flag is handled on a case-by-case basis by functions like
+    // String::match and RegExpObject::match.
+#ifndef QT_BUILD_SCRIPT_LIB
+    if (flags.find('g') != -1)
+        m_flagBits |= Global;
+    if (flags.find('i') != -1)
+        m_flagBits |= IgnoreCase;
+    if (flags.find('m') != -1)
+        m_flagBits |= Multiline;
+#else //Invalid flags should throw a SyntaxError (ECMA Script 15.10.4.1)
+    static const char flagError[] = "invalid regular expression flag";
+    for (int i = 0; i < flags.size(); i++) {
+        switch (flags.data()[i]) {
+        case 'g':
+            m_flagBits |= Global;
+            break;
+        case 'i':
+            m_flagBits |= IgnoreCase;
+            break;
+        case 'm':
+            m_flagBits |= Multiline;
+            break;
+        default:
+            m_constructionError = flagError;
+#if !ENABLE(YARR)
+            m_regExp = 0;
+#endif
+            return;
+        }
+    }
+#endif
+
+    compile(globalData);
+}
+
+#if !ENABLE(YARR)
+RegExp::~RegExp()
+{
+    jsRegExpFree(m_regExp);
+}
+#endif
+
+PassRefPtr<RegExp> RegExp::create(JSGlobalData* globalData, const UString& pattern)
+{
+    return adoptRef(new RegExp(globalData, pattern));
+}
+
+PassRefPtr<RegExp> RegExp::create(JSGlobalData* globalData, const UString& pattern, const UString& flags)
+{
+    return adoptRef(new RegExp(globalData, pattern, flags));
+}
+
+#if ENABLE(YARR)
+
+void RegExp::compile(JSGlobalData* globalData)
+{
+#if ENABLE(YARR_JIT)
+    Yarr::jitCompileRegex(globalData, m_regExpJITCode, m_pattern, m_numSubpatterns, m_constructionError, ignoreCase(), multiline());
+#else
+    UNUSED_PARAM(globalData);
+    m_regExpBytecode.set(Yarr::byteCompileRegex(m_pattern, m_numSubpatterns, m_constructionError, ignoreCase(), multiline()));
+#endif
+}
+
+int RegExp::match(const UString& s, int startOffset, Vector<int, 32>* ovector)
+{
+    if (startOffset < 0)
+        startOffset = 0;
+    if (ovector)
+        ovector->clear();
+
+    if (startOffset > s.size() || s.isNull())
+        return -1;
+
+#if ENABLE(YARR_JIT)
+    if (!!m_regExpJITCode) {
+#else
+    if (m_regExpBytecode) {
+#endif
+        int offsetVectorSize = (m_numSubpatterns + 1) * 3; // FIXME: should be 2 - but adding temporary fallback to pcre.
+        int* offsetVector;
+        Vector<int, 32> nonReturnedOvector;
+        if (ovector) {
+            ovector->resize(offsetVectorSize);
+            offsetVector = ovector->data();
+        } else {
+            nonReturnedOvector.resize(offsetVectorSize);
+            offsetVector = nonReturnedOvector.data();
+        }
+
+        ASSERT(offsetVector);
+        for (int j = 0; j < offsetVectorSize; ++j)
+            offsetVector[j] = -1;
+
+
+#if ENABLE(YARR_JIT)
+        int result = Yarr::executeRegex(m_regExpJITCode, s.data(), startOffset, s.size(), offsetVector, offsetVectorSize);
+#else
+        int result = Yarr::interpretRegex(m_regExpBytecode.get(), s.data(), startOffset, s.size(), offsetVector);
+#endif
+
+        if (result < 0) {
+#ifndef NDEBUG
+            // TODO: define up a symbol, rather than magic -1
+            if (result != -1)
+                fprintf(stderr, "jsRegExpExecute failed with result %d\n", result);
+#endif
+            if (ovector)
+                ovector->clear();
+        }
+        return result;
+    }
+
+    return -1;
+}
+
+#else
+
+void RegExp::compile(JSGlobalData* globalData)
+{
+    m_regExp = 0;
+#if ENABLE(WREC)
+    m_wrecFunction = Generator::compileRegExp(globalData, m_pattern, &m_numSubpatterns, &m_constructionError, m_executablePool, ignoreCase(), multiline());
+    if (m_wrecFunction || m_constructionError)
+        return;
+    // Fall through to non-WREC case.
+#else
+    UNUSED_PARAM(globalData);
+#endif
+
+    JSRegExpIgnoreCaseOption ignoreCaseOption = ignoreCase() ? JSRegExpIgnoreCase : JSRegExpDoNotIgnoreCase;
+    JSRegExpMultilineOption multilineOption = multiline() ? JSRegExpMultiline : JSRegExpSingleLine;
+    m_regExp = jsRegExpCompile(reinterpret_cast<const UChar*>(m_pattern.data()), m_pattern.size(), ignoreCaseOption, multilineOption, &m_numSubpatterns, &m_constructionError);
+}
+
+int RegExp::match(const UString& s, int startOffset, Vector<int, 32>* ovector)
+{
+    if (startOffset < 0)
+        startOffset = 0;
+    if (ovector)
+        ovector->clear();
+
+    if (startOffset > s.size() || s.isNull())
+        return -1;
+
+#if ENABLE(WREC)
+    if (m_wrecFunction) {
+        int offsetVectorSize = (m_numSubpatterns + 1) * 2;
+        int* offsetVector;
+        Vector<int, 32> nonReturnedOvector;
+        if (ovector) {
+            ovector->resize(offsetVectorSize);
+            offsetVector = ovector->data();
+        } else {
+            nonReturnedOvector.resize(offsetVectorSize);
+            offsetVector = nonReturnedOvector.data();
+        }
+        ASSERT(offsetVector);
+        for (int j = 0; j < offsetVectorSize; ++j)
+            offsetVector[j] = -1;
+
+        int result = m_wrecFunction(s.data(), startOffset, s.size(), offsetVector);
+
+        if (result < 0) {
+#ifndef NDEBUG
+            // TODO: define up a symbol, rather than magic -1
+            if (result != -1)
+                fprintf(stderr, "jsRegExpExecute failed with result %d\n", result);
+#endif
+            if (ovector)
+                ovector->clear();
+        }
+        return result;
+    } else
+#endif
+    if (m_regExp) {
+        // Set up the offset vector for the result.
+        // First 2/3 used for result, the last third used by PCRE.
+        int* offsetVector;
+        int offsetVectorSize;
+        int fixedSizeOffsetVector[3];
+        if (!ovector) {
+            offsetVectorSize = 3;
+            offsetVector = fixedSizeOffsetVector;
+        } else {
+            offsetVectorSize = (m_numSubpatterns + 1) * 3;
+            ovector->resize(offsetVectorSize);
+            offsetVector = ovector->data();
+        }
+
+        int numMatches = jsRegExpExecute(m_regExp, reinterpret_cast<const UChar*>(s.data()), s.size(), startOffset, offsetVector, offsetVectorSize);
+    
+        if (numMatches < 0) {
+#ifndef NDEBUG
+            if (numMatches != JSRegExpErrorNoMatch)
+                fprintf(stderr, "jsRegExpExecute failed with result %d\n", numMatches);
+#endif
+            if (ovector)
+                ovector->clear();
+            return -1;
+        }
+
+        return offsetVector[0];
+    }
+
+    return -1;
+}
+
+#endif
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.h
new file mode 100644
index 000000000..24d4199f4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExp.h
@@ -0,0 +1,89 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef RegExp_h
+#define RegExp_h
+
+#include "UString.h"
+#include "WREC.h"
+#include "ExecutableAllocator.h"
+#include <wtf/Forward.h>
+#include <wtf/RefCounted.h>
+#include "yarr/RegexJIT.h"
+#include "yarr/RegexInterpreter.h"
+
+struct JSRegExp;
+
+namespace JSC {
+
+    class JSGlobalData;
+
+    class RegExp : public RefCounted<RegExp> {
+    public:
+        static PassRefPtr<RegExp> create(JSGlobalData* globalData, const UString& pattern);
+        static PassRefPtr<RegExp> create(JSGlobalData* globalData, const UString& pattern, const UString& flags);
+#if !ENABLE(YARR)
+        ~RegExp();
+#endif
+
+        bool global() const { return m_flagBits & Global; }
+        bool ignoreCase() const { return m_flagBits & IgnoreCase; }
+        bool multiline() const { return m_flagBits & Multiline; }
+
+        const UString& pattern() const { return m_pattern; }
+        const UString& flags() const { return m_flags; }
+
+        bool isValid() const { return !m_constructionError; }
+        const char* errorMessage() const { return m_constructionError; }
+
+        int match(const UString&, int startOffset, Vector<int, 32>* ovector = 0);
+        unsigned numSubpatterns() const { return m_numSubpatterns; }
+
+    private:
+        RegExp(JSGlobalData* globalData, const UString& pattern);
+        RegExp(JSGlobalData* globalData, const UString& pattern, const UString& flags);
+
+        void compile(JSGlobalData*);
+
+        enum FlagBits { Global = 1, IgnoreCase = 2, Multiline = 4 };
+
+        UString m_pattern; // FIXME: Just decompile m_regExp instead of storing this.
+        UString m_flags; // FIXME: Just decompile m_regExp instead of storing this.
+        int m_flagBits;
+        const char* m_constructionError;
+        unsigned m_numSubpatterns;
+
+#if ENABLE(YARR_JIT)
+        Yarr::RegexCodeBlock m_regExpJITCode;
+#elif ENABLE(YARR)
+        OwnPtr<Yarr::BytecodePattern> m_regExpBytecode;
+#else
+#if ENABLE(WREC)
+        WREC::CompiledRegExp m_wrecFunction;
+        RefPtr<ExecutablePool> m_executablePool;
+#endif
+        JSRegExp* m_regExp;
+#endif
+    };
+
+} // namespace JSC
+
+#endif // RegExp_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.cpp
new file mode 100644
index 000000000..1c9517541
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.cpp
@@ -0,0 +1,398 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *  Copyright (C) 2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "RegExpConstructor.h"
+
+#include "ArrayPrototype.h"
+#include "Error.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "JSString.h"
+#include "ObjectPrototype.h"
+#include "RegExpMatchesArray.h"
+#include "RegExpObject.h"
+#include "RegExpPrototype.h"
+#include "RegExp.h"
+
+namespace JSC {
+
+static JSValue regExpConstructorInput(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorMultiline(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorLastMatch(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorLastParen(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorLeftContext(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorRightContext(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar1(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar2(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar3(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar4(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar5(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar6(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar7(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar8(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpConstructorDollar9(ExecState*, const Identifier&, const PropertySlot&);
+
+static void setRegExpConstructorInput(ExecState*, JSObject*, JSValue);
+static void setRegExpConstructorMultiline(ExecState*, JSObject*, JSValue);
+
+} // namespace JSC
+
+#include "RegExpConstructor.lut.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(RegExpConstructor);
+
+const ClassInfo RegExpConstructor::info = { "Function", &InternalFunction::info, 0, ExecState::regExpConstructorTable };
+
+/* Source for RegExpConstructor.lut.h
+@begin regExpConstructorTable
+    input           regExpConstructorInput          None
+    $_              regExpConstructorInput          DontEnum
+    multiline       regExpConstructorMultiline      None
+    $*              regExpConstructorMultiline      DontEnum
+    lastMatch       regExpConstructorLastMatch      DontDelete|ReadOnly
+    $&              regExpConstructorLastMatch      DontDelete|ReadOnly|DontEnum
+    lastParen       regExpConstructorLastParen      DontDelete|ReadOnly
+    $+              regExpConstructorLastParen      DontDelete|ReadOnly|DontEnum
+    leftContext     regExpConstructorLeftContext    DontDelete|ReadOnly
+    $`              regExpConstructorLeftContext    DontDelete|ReadOnly|DontEnum
+    rightContext    regExpConstructorRightContext   DontDelete|ReadOnly
+    $'              regExpConstructorRightContext   DontDelete|ReadOnly|DontEnum
+    $1              regExpConstructorDollar1        DontDelete|ReadOnly
+    $2              regExpConstructorDollar2        DontDelete|ReadOnly
+    $3              regExpConstructorDollar3        DontDelete|ReadOnly
+    $4              regExpConstructorDollar4        DontDelete|ReadOnly
+    $5              regExpConstructorDollar5        DontDelete|ReadOnly
+    $6              regExpConstructorDollar6        DontDelete|ReadOnly
+    $7              regExpConstructorDollar7        DontDelete|ReadOnly
+    $8              regExpConstructorDollar8        DontDelete|ReadOnly
+    $9              regExpConstructorDollar9        DontDelete|ReadOnly
+@end
+*/
+
+struct RegExpConstructorPrivate : FastAllocBase {
+    // Global search cache / settings
+    RegExpConstructorPrivate()
+        : lastNumSubPatterns(0)
+        , multiline(false)
+        , lastOvectorIndex(0)
+    {
+    }
+
+    const Vector<int, 32>& lastOvector() const { return ovector[lastOvectorIndex]; }
+    Vector<int, 32>& lastOvector() { return ovector[lastOvectorIndex]; }
+    Vector<int, 32>& tempOvector() { return ovector[lastOvectorIndex ? 0 : 1]; }
+    void changeLastOvector() { lastOvectorIndex = lastOvectorIndex ? 0 : 1; }
+
+    UString input;
+    UString lastInput;
+    Vector<int, 32> ovector[2];
+    unsigned lastNumSubPatterns : 30;
+    bool multiline : 1;
+    unsigned lastOvectorIndex : 1;
+};
+
+RegExpConstructor::RegExpConstructor(ExecState* exec, PassRefPtr<Structure> structure, RegExpPrototype* regExpPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, "RegExp"))
+    , d(new RegExpConstructorPrivate)
+{
+    // ECMA 15.10.5.1 RegExp.prototype
+    putDirectWithoutTransition(exec->propertyNames().prototype, regExpPrototype, DontEnum | DontDelete | ReadOnly);
+
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 2), ReadOnly | DontDelete | DontEnum);
+}
+
+/* 
+  To facilitate result caching, exec(), test(), match(), search(), and replace() dipatch regular
+  expression matching through the performMatch function. We use cached results to calculate, 
+  e.g., RegExp.lastMatch and RegExp.leftParen.
+*/
+void RegExpConstructor::performMatch(RegExp* r, const UString& s, int startOffset, int& position, int& length, int** ovector)
+{
+    position = r->match(s, startOffset, &d->tempOvector());
+
+    if (ovector)
+        *ovector = d->tempOvector().data();
+
+    if (position != -1) {
+        ASSERT(!d->tempOvector().isEmpty());
+
+        length = d->tempOvector()[1] - d->tempOvector()[0];
+
+        d->input = s;
+        d->lastInput = s;
+        d->changeLastOvector();
+        d->lastNumSubPatterns = r->numSubpatterns();
+    }
+}
+
+RegExpMatchesArray::RegExpMatchesArray(ExecState* exec, RegExpConstructorPrivate* data)
+    : JSArray(exec->lexicalGlobalObject()->regExpMatchesArrayStructure(), data->lastNumSubPatterns + 1)
+{
+    RegExpConstructorPrivate* d = new RegExpConstructorPrivate;
+    d->input = data->lastInput;
+    d->lastInput = data->lastInput;
+    d->lastNumSubPatterns = data->lastNumSubPatterns;
+    unsigned offsetVectorSize = (data->lastNumSubPatterns + 1) * 2; // only copying the result part of the vector
+    d->lastOvector().resize(offsetVectorSize);
+    memcpy(d->lastOvector().data(), data->lastOvector().data(), offsetVectorSize * sizeof(int));
+    // d->multiline is not needed, and remains uninitialized
+
+    setLazyCreationData(d);
+}
+
+RegExpMatchesArray::~RegExpMatchesArray()
+{
+    delete static_cast<RegExpConstructorPrivate*>(lazyCreationData());
+}
+
+void RegExpMatchesArray::fillArrayInstance(ExecState* exec)
+{
+    RegExpConstructorPrivate* d = static_cast<RegExpConstructorPrivate*>(lazyCreationData());
+    ASSERT(d);
+
+    unsigned lastNumSubpatterns = d->lastNumSubPatterns;
+
+    for (unsigned i = 0; i <= lastNumSubpatterns; ++i) {
+        int start = d->lastOvector()[2 * i];
+        if (start >= 0)
+            JSArray::put(exec, i, jsSubstring(exec, d->lastInput, start, d->lastOvector()[2 * i + 1] - start));
+    }
+
+    PutPropertySlot slot;
+    JSArray::put(exec, exec->propertyNames().index, jsNumber(exec, d->lastOvector()[0]), slot);
+    JSArray::put(exec, exec->propertyNames().input, jsString(exec, d->input), slot);
+
+    delete d;
+    setLazyCreationData(0);
+}
+
+JSObject* RegExpConstructor::arrayOfMatches(ExecState* exec) const
+{
+    return new (exec) RegExpMatchesArray(exec, d.get());
+}
+
+JSValue RegExpConstructor::getBackref(ExecState* exec, unsigned i) const
+{
+    if (!d->lastOvector().isEmpty() && i <= d->lastNumSubPatterns) {
+        int start = d->lastOvector()[2 * i];
+        if (start >= 0)
+            return jsSubstring(exec, d->lastInput, start, d->lastOvector()[2 * i + 1] - start);
+    }
+    return jsEmptyString(exec);
+}
+
+JSValue RegExpConstructor::getLastParen(ExecState* exec) const
+{
+    unsigned i = d->lastNumSubPatterns;
+    if (i > 0) {
+        ASSERT(!d->lastOvector().isEmpty());
+        int start = d->lastOvector()[2 * i];
+        if (start >= 0)
+            return jsSubstring(exec, d->lastInput, start, d->lastOvector()[2 * i + 1] - start);
+    }
+    return jsEmptyString(exec);
+}
+
+JSValue RegExpConstructor::getLeftContext(ExecState* exec) const
+{
+    if (!d->lastOvector().isEmpty())
+        return jsSubstring(exec, d->lastInput, 0, d->lastOvector()[0]);
+    return jsEmptyString(exec);
+}
+
+JSValue RegExpConstructor::getRightContext(ExecState* exec) const
+{
+    if (!d->lastOvector().isEmpty())
+        return jsSubstring(exec, d->lastInput, d->lastOvector()[1], d->lastInput.size() - d->lastOvector()[1]);
+    return jsEmptyString(exec);
+}
+    
+bool RegExpConstructor::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticValueSlot<RegExpConstructor, InternalFunction>(exec, ExecState::regExpConstructorTable(exec), this, propertyName, slot);
+}
+
+bool RegExpConstructor::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticValueDescriptor<RegExpConstructor, InternalFunction>(exec, ExecState::regExpConstructorTable(exec), this, propertyName, descriptor);
+}
+
+JSValue regExpConstructorDollar1(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 1);
+}
+
+JSValue regExpConstructorDollar2(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 2);
+}
+
+JSValue regExpConstructorDollar3(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 3);
+}
+
+JSValue regExpConstructorDollar4(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 4);
+}
+
+JSValue regExpConstructorDollar5(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 5);
+}
+
+JSValue regExpConstructorDollar6(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 6);
+}
+
+JSValue regExpConstructorDollar7(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 7);
+}
+
+JSValue regExpConstructorDollar8(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 8);
+}
+
+JSValue regExpConstructorDollar9(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 9);
+}
+
+JSValue regExpConstructorInput(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return jsString(exec, asRegExpConstructor(slot.slotBase())->input());
+}
+
+JSValue regExpConstructorMultiline(ExecState*, const Identifier&, const PropertySlot& slot)
+{
+    return jsBoolean(asRegExpConstructor(slot.slotBase())->multiline());
+}
+
+JSValue regExpConstructorLastMatch(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getBackref(exec, 0);
+}
+
+JSValue regExpConstructorLastParen(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getLastParen(exec);
+}
+
+JSValue regExpConstructorLeftContext(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getLeftContext(exec);
+}
+
+JSValue regExpConstructorRightContext(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return asRegExpConstructor(slot.slotBase())->getRightContext(exec);
+}
+
+void RegExpConstructor::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    lookupPut<RegExpConstructor, InternalFunction>(exec, propertyName, value, ExecState::regExpConstructorTable(exec), this, slot);
+}
+
+void setRegExpConstructorInput(ExecState* exec, JSObject* baseObject, JSValue value)
+{
+    asRegExpConstructor(baseObject)->setInput(value.toString(exec));
+}
+
+void setRegExpConstructorMultiline(ExecState* exec, JSObject* baseObject, JSValue value)
+{
+    asRegExpConstructor(baseObject)->setMultiline(value.toBoolean(exec));
+}
+  
+// ECMA 15.10.4
+JSObject* constructRegExp(ExecState* exec, const ArgList& args)
+{
+    JSValue arg0 = args.at(0);
+    JSValue arg1 = args.at(1);
+
+    if (arg0.inherits(&RegExpObject::info)) {
+        if (!arg1.isUndefined())
+            return throwError(exec, TypeError, "Cannot supply flags when constructing one RegExp from another.");
+        return asObject(arg0);
+    }
+
+    UString pattern = arg0.isUndefined() ? UString("") : arg0.toString(exec);
+    UString flags = arg1.isUndefined() ? UString("") : arg1.toString(exec);
+
+    RefPtr<RegExp> regExp = RegExp::create(&exec->globalData(), pattern, flags);
+    if (!regExp->isValid())
+        return throwError(exec, SyntaxError, UString("Invalid regular expression: ").append(regExp->errorMessage()));
+    return new (exec) RegExpObject(exec->lexicalGlobalObject()->regExpStructure(), regExp.release());
+}
+
+static JSObject* constructWithRegExpConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    return constructRegExp(exec, args);
+}
+
+ConstructType RegExpConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithRegExpConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.10.3
+static JSValue JSC_HOST_CALL callRegExpConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    return constructRegExp(exec, args);
+}
+
+CallType RegExpConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callRegExpConstructor;
+    return CallTypeHost;
+}
+
+void RegExpConstructor::setInput(const UString& input)
+{
+    d->input = input;
+}
+
+const UString& RegExpConstructor::input() const
+{
+    // Can detect a distinct initial state that is invisible to JavaScript, by checking for null
+    // state (since jsString turns null strings to empty strings).
+    return d->input;
+}
+
+void RegExpConstructor::setMultiline(bool multiline)
+{
+    d->multiline = multiline;
+}
+
+bool RegExpConstructor::multiline() const
+{
+    return d->multiline;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.h
new file mode 100644
index 000000000..4b06b51e6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpConstructor.h
@@ -0,0 +1,83 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef RegExpConstructor_h
+#define RegExpConstructor_h
+
+#include "InternalFunction.h"
+#include <wtf/OwnPtr.h>
+
+namespace JSC {
+
+    class RegExp;
+    class RegExpPrototype;
+    struct RegExpConstructorPrivate;
+
+    class RegExpConstructor : public InternalFunction {
+    public:
+        RegExpConstructor(ExecState*, PassRefPtr<Structure>, RegExpPrototype*);
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, ImplementsHasInstance | HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        static const ClassInfo info;
+
+        void performMatch(RegExp*, const UString&, int startOffset, int& position, int& length, int** ovector = 0);
+        JSObject* arrayOfMatches(ExecState*) const;
+
+        void setInput(const UString&);
+        const UString& input() const;
+
+        void setMultiline(bool);
+        bool multiline() const;
+
+        JSValue getBackref(ExecState*, unsigned) const;
+        JSValue getLastParen(ExecState*) const;
+        JSValue getLeftContext(ExecState*) const;
+        JSValue getRightContext(ExecState*) const;
+
+    private:
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+
+        OwnPtr<RegExpConstructorPrivate> d;
+    };
+
+    RegExpConstructor* asRegExpConstructor(JSValue);
+
+    JSObject* constructRegExp(ExecState*, const ArgList&);
+
+    inline RegExpConstructor* asRegExpConstructor(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&RegExpConstructor::info));
+        return static_cast<RegExpConstructor*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // RegExpConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpMatchesArray.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpMatchesArray.h
new file mode 100644
index 000000000..c1a5a252c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpMatchesArray.h
@@ -0,0 +1,94 @@
+/*
+ *  Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef RegExpMatchesArray_h
+#define RegExpMatchesArray_h
+
+#include "JSArray.h"
+
+namespace JSC {
+
+    class RegExpMatchesArray : public JSArray {
+    public:
+        RegExpMatchesArray(ExecState*, RegExpConstructorPrivate*);
+        virtual ~RegExpMatchesArray();
+
+    private:
+        virtual bool getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            return JSArray::getOwnPropertySlot(exec, propertyName, slot);
+        }
+
+        virtual bool getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            return JSArray::getOwnPropertySlot(exec, propertyName, slot);
+        }
+
+        virtual bool getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            return JSArray::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+        }
+
+        virtual void put(ExecState* exec, const Identifier& propertyName, JSValue v, PutPropertySlot& slot)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            JSArray::put(exec, propertyName, v, slot);
+        }
+
+        virtual void put(ExecState* exec, unsigned propertyName, JSValue v)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            JSArray::put(exec, propertyName, v);
+        }
+
+        virtual bool deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete = true)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            return JSArray::deleteProperty(exec, propertyName, checkDontDelete);
+        }
+
+        virtual bool deleteProperty(ExecState* exec, unsigned propertyName, bool checkDontDelete = true)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            return JSArray::deleteProperty(exec, propertyName, checkDontDelete);
+        }
+
+        virtual void getOwnPropertyNames(ExecState* exec, PropertyNameArray& arr, bool includeNonEnumerable = false)
+        {
+            if (lazyCreationData())
+                fillArrayInstance(exec);
+            JSArray::getOwnPropertyNames(exec, arr, includeNonEnumerable);
+        }
+
+        void fillArrayInstance(ExecState*);
+};
+
+}
+
+#endif // RegExpMatchesArray_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.cpp
new file mode 100644
index 000000000..9d9dd7d33
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.cpp
@@ -0,0 +1,173 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "RegExpObject.h"
+
+#include "Error.h"
+#include "JSArray.h"
+#include "JSGlobalObject.h"
+#include "JSString.h"
+#include "RegExpConstructor.h"
+#include "RegExpPrototype.h"
+
+namespace JSC {
+
+static JSValue regExpObjectGlobal(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpObjectIgnoreCase(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpObjectMultiline(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpObjectSource(ExecState*, const Identifier&, const PropertySlot&);
+static JSValue regExpObjectLastIndex(ExecState*, const Identifier&, const PropertySlot&);
+static void setRegExpObjectLastIndex(ExecState*, JSObject*, JSValue);
+
+} // namespace JSC
+
+#include "RegExpObject.lut.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(RegExpObject);
+
+const ClassInfo RegExpObject::info = { "RegExp", 0, 0, ExecState::regExpTable };
+
+/* Source for RegExpObject.lut.h
+@begin regExpTable
+    global        regExpObjectGlobal       DontDelete|ReadOnly|DontEnum
+    ignoreCase    regExpObjectIgnoreCase   DontDelete|ReadOnly|DontEnum
+    multiline     regExpObjectMultiline    DontDelete|ReadOnly|DontEnum
+    source        regExpObjectSource       DontDelete|ReadOnly|DontEnum
+    lastIndex     regExpObjectLastIndex    DontDelete|DontEnum
+@end
+*/
+
+RegExpObject::RegExpObject(PassRefPtr<Structure> structure, PassRefPtr<RegExp> regExp)
+    : JSObject(structure)
+    , d(new RegExpObjectData(regExp, 0))
+{
+}
+
+RegExpObject::~RegExpObject()
+{
+}
+
+bool RegExpObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    return getStaticValueSlot<RegExpObject, JSObject>(exec, ExecState::regExpTable(exec), this, propertyName, slot);
+}
+
+bool RegExpObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticValueDescriptor<RegExpObject, JSObject>(exec, ExecState::regExpTable(exec), this, propertyName, descriptor);
+}
+
+JSValue regExpObjectGlobal(ExecState*, const Identifier&, const PropertySlot& slot)
+{
+    return jsBoolean(asRegExpObject(slot.slotBase())->regExp()->global());
+}
+
+JSValue regExpObjectIgnoreCase(ExecState*, const Identifier&, const PropertySlot& slot)
+{
+    return jsBoolean(asRegExpObject(slot.slotBase())->regExp()->ignoreCase());
+}
+ 
+JSValue regExpObjectMultiline(ExecState*, const Identifier&, const PropertySlot& slot)
+{            
+    return jsBoolean(asRegExpObject(slot.slotBase())->regExp()->multiline());
+}
+
+JSValue regExpObjectSource(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return jsString(exec, asRegExpObject(slot.slotBase())->regExp()->pattern());
+}
+
+JSValue regExpObjectLastIndex(ExecState* exec, const Identifier&, const PropertySlot& slot)
+{
+    return jsNumber(exec, asRegExpObject(slot.slotBase())->lastIndex());
+}
+
+void RegExpObject::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    lookupPut<RegExpObject, JSObject>(exec, propertyName, value, ExecState::regExpTable(exec), this, slot);
+}
+
+void setRegExpObjectLastIndex(ExecState* exec, JSObject* baseObject, JSValue value)
+{
+    asRegExpObject(baseObject)->setLastIndex(value.toInteger(exec));
+}
+
+JSValue RegExpObject::test(ExecState* exec, const ArgList& args)
+{
+    return jsBoolean(match(exec, args));
+}
+
+JSValue RegExpObject::exec(ExecState* exec, const ArgList& args)
+{
+    if (match(exec, args))
+        return exec->lexicalGlobalObject()->regExpConstructor()->arrayOfMatches(exec);
+    return jsNull();
+}
+
+static JSValue JSC_HOST_CALL callRegExpObject(ExecState* exec, JSObject* function, JSValue, const ArgList& args)
+{
+    return asRegExpObject(function)->exec(exec, args);
+}
+
+CallType RegExpObject::getCallData(CallData& callData)
+{
+    callData.native.function = callRegExpObject;
+    return CallTypeHost;
+}
+
+// Shared implementation used by test and exec.
+bool RegExpObject::match(ExecState* exec, const ArgList& args)
+{
+    RegExpConstructor* regExpConstructor = exec->lexicalGlobalObject()->regExpConstructor();
+
+    UString input = args.isEmpty() ? regExpConstructor->input() : args.at(0).toString(exec);
+    if (input.isNull()) {
+        throwError(exec, GeneralError, "No input to " + toString(exec) + ".");
+        return false;
+    }
+
+    if (!regExp()->global()) {
+        int position;
+        int length;
+        regExpConstructor->performMatch(d->regExp.get(), input, 0, position, length);
+        return position >= 0;
+    }
+
+    if (d->lastIndex < 0 || d->lastIndex > input.size()) {
+        d->lastIndex = 0;
+        return false;
+    }
+
+    int position;
+    int length;
+    regExpConstructor->performMatch(d->regExp.get(), input, static_cast<int>(d->lastIndex), position, length);
+    if (position < 0) {
+        d->lastIndex = 0;
+        return false;
+    }
+
+    d->lastIndex = position + length;
+    return true;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.h
new file mode 100644
index 000000000..67113b647
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpObject.h
@@ -0,0 +1,84 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef RegExpObject_h
+#define RegExpObject_h
+
+#include "JSObject.h"
+#include "RegExp.h"
+
+namespace JSC {
+
+    class RegExpObject : public JSObject {
+    public:
+        RegExpObject(PassRefPtr<Structure>, PassRefPtr<RegExp>);
+        virtual ~RegExpObject();
+
+        void setRegExp(PassRefPtr<RegExp> r) { d->regExp = r; }
+        RegExp* regExp() const { return d->regExp.get(); }
+
+        void setLastIndex(double lastIndex) { d->lastIndex = lastIndex; }
+        double lastIndex() const { return d->lastIndex; }
+
+        JSValue test(ExecState*, const ArgList&);
+        JSValue exec(ExecState*, const ArgList&);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+        virtual void put(ExecState*, const Identifier& propertyName, JSValue, PutPropertySlot&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType, HasDefaultMark | HasDefaultGetPropertyNames));
+        }
+
+    private:
+        bool match(ExecState*, const ArgList&);
+
+        virtual CallType getCallData(CallData&);
+
+        struct RegExpObjectData : FastAllocBase {
+            RegExpObjectData(PassRefPtr<RegExp> regExp, double lastIndex)
+                : regExp(regExp)
+                , lastIndex(lastIndex)
+            {
+            }
+
+            RefPtr<RegExp> regExp;
+            double lastIndex;
+        };
+
+        OwnPtr<RegExpObjectData> d;
+    };
+
+    RegExpObject* asRegExpObject(JSValue);
+
+    inline RegExpObject* asRegExpObject(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&RegExpObject::info));
+        return static_cast<RegExpObject*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // RegExpObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.cpp
new file mode 100644
index 000000000..471417166
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.cpp
@@ -0,0 +1,124 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "RegExpPrototype.h"
+
+#include "ArrayPrototype.h"
+#include "Error.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "JSObject.h"
+#include "JSString.h"
+#include "JSValue.h"
+#include "ObjectPrototype.h"
+#include "PrototypeFunction.h"
+#include "RegExpObject.h"
+#include "RegExp.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(RegExpPrototype);
+
+static JSValue JSC_HOST_CALL regExpProtoFuncTest(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL regExpProtoFuncExec(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL regExpProtoFuncCompile(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL regExpProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+
+// ECMA 15.10.5
+
+const ClassInfo RegExpPrototype::info = { "RegExpPrototype", 0, 0, 0 };
+
+RegExpPrototype::RegExpPrototype(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure)
+    : JSObject(structure)
+{
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().compile, regExpProtoFuncCompile), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().exec, regExpProtoFuncExec), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().test, regExpProtoFuncTest), DontEnum);
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, regExpProtoFuncToString), DontEnum);
+}
+
+// ------------------------------ Functions ---------------------------
+    
+JSValue JSC_HOST_CALL regExpProtoFuncTest(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&RegExpObject::info))
+        return throwError(exec, TypeError);
+    return asRegExpObject(thisValue)->test(exec, args);
+}
+
+JSValue JSC_HOST_CALL regExpProtoFuncExec(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&RegExpObject::info))
+        return throwError(exec, TypeError);
+    return asRegExpObject(thisValue)->exec(exec, args);
+}
+
+JSValue JSC_HOST_CALL regExpProtoFuncCompile(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (!thisValue.inherits(&RegExpObject::info))
+        return throwError(exec, TypeError);
+
+    RefPtr<RegExp> regExp;
+    JSValue arg0 = args.at(0);
+    JSValue arg1 = args.at(1);
+    
+    if (arg0.inherits(&RegExpObject::info)) {
+        if (!arg1.isUndefined())
+            return throwError(exec, TypeError, "Cannot supply flags when constructing one RegExp from another.");
+        regExp = asRegExpObject(arg0)->regExp();
+    } else {
+        UString pattern = args.isEmpty() ? UString("") : arg0.toString(exec);
+        UString flags = arg1.isUndefined() ? UString("") : arg1.toString(exec);
+        regExp = RegExp::create(&exec->globalData(), pattern, flags);
+    }
+
+    if (!regExp->isValid())
+        return throwError(exec, SyntaxError, UString("Invalid regular expression: ").append(regExp->errorMessage()));
+
+    asRegExpObject(thisValue)->setRegExp(regExp.release());
+    asRegExpObject(thisValue)->setLastIndex(0);
+    return jsUndefined();
+}
+
+JSValue JSC_HOST_CALL regExpProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    if (!thisValue.inherits(&RegExpObject::info)) {
+        if (thisValue.inherits(&RegExpPrototype::info))
+            return jsNontrivialString(exec, "//");
+        return throwError(exec, TypeError);
+    }
+
+    UString result = "/" + asRegExpObject(thisValue)->get(exec, exec->propertyNames().source).toString(exec);
+#ifdef QT_BUILD_SCRIPT_LIB
+    if (result.size() == 1)
+        result.append("(?:)");
+#endif
+    result.append('/');
+    if (asRegExpObject(thisValue)->get(exec, exec->propertyNames().global).toBoolean(exec))
+        result.append('g');
+    if (asRegExpObject(thisValue)->get(exec, exec->propertyNames().ignoreCase).toBoolean(exec))
+        result.append('i');
+    if (asRegExpObject(thisValue)->get(exec, exec->propertyNames().multiline).toBoolean(exec))
+        result.append('m');
+    return jsNontrivialString(exec, result);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.h
new file mode 100644
index 000000000..f5db720b4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/RegExpPrototype.h
@@ -0,0 +1,38 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2003, 2007, 2008 Apple Inc. All Rights Reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef RegExpPrototype_h
+#define RegExpPrototype_h
+
+#include "JSObject.h"
+
+namespace JSC {
+
+    class RegExpPrototype : public JSObject {
+    public:
+        RegExpPrototype(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+    };
+
+} // namespace JSC
+
+#endif // RegExpPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.cpp
new file mode 100644
index 000000000..960c52595
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.cpp
@@ -0,0 +1,68 @@
+/*
+ *  Copyright (C) 2003, 2006, 2008 Apple Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "ScopeChain.h"
+
+#include "JSActivation.h"
+#include "JSGlobalObject.h"
+#include "JSObject.h"
+#include "PropertyNameArray.h"
+#include <stdio.h>
+
+namespace JSC {
+
+#ifndef NDEBUG
+
+void ScopeChainNode::print() const
+{
+    ScopeChainIterator scopeEnd = end();
+    for (ScopeChainIterator scopeIter = begin(); scopeIter != scopeEnd; ++scopeIter) {
+        JSObject* o = *scopeIter;
+        PropertyNameArray propertyNames(globalObject()->globalExec());
+        o->getPropertyNames(globalObject()->globalExec(), propertyNames);
+        PropertyNameArray::const_iterator propEnd = propertyNames.end();
+
+        fprintf(stderr, "----- [scope %p] -----\n", o);
+        for (PropertyNameArray::const_iterator propIter = propertyNames.begin(); propIter != propEnd; propIter++) {
+            Identifier name = *propIter;
+            fprintf(stderr, "%s, ", name.ascii());
+        }
+        fprintf(stderr, "\n");
+    }
+}
+
+#endif
+
+int ScopeChain::localDepth() const
+{
+    int scopeDepth = 0;
+    ScopeChainIterator iter = this->begin();
+    ScopeChainIterator end = this->end();
+    while (!(*iter)->inherits(&JSActivation::info)) {
+        ++iter;
+        if (iter == end)
+            break;
+        ++scopeDepth;
+    }
+    return scopeDepth;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.h
new file mode 100644
index 000000000..c5e16c99e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChain.h
@@ -0,0 +1,241 @@
+/*
+ *  Copyright (C) 2003, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef ScopeChain_h
+#define ScopeChain_h
+
+#include "FastAllocBase.h"
+
+namespace JSC {
+
+    class JSGlobalData;
+    class JSGlobalObject;
+    class JSObject;
+    class MarkStack;
+    class ScopeChainIterator;
+    
+    class ScopeChainNode : public FastAllocBase {
+    public:
+        ScopeChainNode(ScopeChainNode* next, JSObject* object, JSGlobalData* globalData, JSObject* globalThis)
+            : next(next)
+            , object(object)
+            , globalData(globalData)
+            , globalThis(globalThis)
+            , refCount(1)
+        {
+            ASSERT(globalData);
+        }
+#ifndef NDEBUG
+        // Due to the number of subtle and timing dependent bugs that have occurred due
+        // to deleted but still "valid" ScopeChainNodes we now deliberately clobber the
+        // contents in debug builds.
+        ~ScopeChainNode()
+        {
+            next = 0;
+            object = 0;
+            globalData = 0;
+            globalThis = 0;
+        }
+#endif
+
+        ScopeChainNode* next;
+        JSObject* object;
+        JSGlobalData* globalData;
+        JSObject* globalThis;
+        int refCount;
+
+        void deref() { ASSERT(refCount); if (--refCount == 0) { release();} }
+        void ref() { ASSERT(refCount); ++refCount; }
+        void release();
+
+        // Before calling "push" on a bare ScopeChainNode, a client should
+        // logically "copy" the node. Later, the client can "deref" the head
+        // of its chain of ScopeChainNodes to reclaim all the nodes it added
+        // after the logical copy, leaving nodes added before the logical copy
+        // (nodes shared with other clients) untouched.
+        ScopeChainNode* copy()
+        {
+            ref();
+            return this;
+        }
+
+        ScopeChainNode* push(JSObject*);
+        ScopeChainNode* pop();
+
+        ScopeChainIterator begin() const;
+        ScopeChainIterator end() const;
+
+        JSGlobalObject* globalObject() const; // defined in JSGlobalObject.h
+        JSObject* globalThisObject() const { return globalThis; }
+
+#ifndef NDEBUG        
+        void print() const;
+#endif
+    };
+
+    inline ScopeChainNode* ScopeChainNode::push(JSObject* o)
+    {
+        ASSERT(o);
+        return new ScopeChainNode(this, o, globalData, globalThis);
+    }
+
+    inline ScopeChainNode* ScopeChainNode::pop()
+    {
+        ASSERT(next);
+        ScopeChainNode* result = next;
+
+        if (--refCount != 0)
+            ++result->refCount;
+        else
+            delete this;
+
+        return result;
+    }
+
+    inline void ScopeChainNode::release()
+    {
+        // This function is only called by deref(),
+        // Deref ensures these conditions are true.
+        ASSERT(refCount == 0);
+        ScopeChainNode* n = this;
+        do {
+            ScopeChainNode* next = n->next;
+            delete n;
+            n = next;
+        } while (n && --n->refCount == 0);
+    }
+
+    class ScopeChainIterator {
+    public:
+        ScopeChainIterator(const ScopeChainNode* node)
+            : m_node(node)
+        {
+        }
+
+        JSObject* const & operator*() const { return m_node->object; }
+        JSObject* const * operator->() const { return &(operator*()); }
+    
+        ScopeChainIterator& operator++() { m_node = m_node->next; return *this; }
+
+        // postfix ++ intentionally omitted
+
+        bool operator==(const ScopeChainIterator& other) const { return m_node == other.m_node; }
+        bool operator!=(const ScopeChainIterator& other) const { return m_node != other.m_node; }
+
+    private:
+        const ScopeChainNode* m_node;
+    };
+
+    inline ScopeChainIterator ScopeChainNode::begin() const
+    {
+        return ScopeChainIterator(this); 
+    }
+
+    inline ScopeChainIterator ScopeChainNode::end() const
+    { 
+        return ScopeChainIterator(0); 
+    }
+
+    class NoScopeChain {};
+
+    class ScopeChain {
+        friend class JIT;
+    public:
+        ScopeChain(NoScopeChain)
+            : m_node(0)
+        {
+        }
+
+        ScopeChain(JSObject* o, JSGlobalData* globalData, JSObject* globalThis)
+            : m_node(new ScopeChainNode(0, o, globalData, globalThis))
+        {
+        }
+
+        ScopeChain(const ScopeChain& c)
+            : m_node(c.m_node->copy())
+        {
+        }
+
+        ScopeChain& operator=(const ScopeChain& c);
+
+        explicit ScopeChain(ScopeChainNode* node)
+            : m_node(node->copy())
+        {
+        }
+
+        ~ScopeChain()
+        {
+            if (m_node)
+                m_node->deref();
+#ifndef NDEBUG
+            m_node = 0;
+#endif
+        }
+
+        void swap(ScopeChain&);
+
+        ScopeChainNode* node() const { return m_node; }
+
+        JSObject* top() const { return m_node->object; }
+
+        ScopeChainIterator begin() const { return m_node->begin(); }
+        ScopeChainIterator end() const { return m_node->end(); }
+
+        void push(JSObject* o) { m_node = m_node->push(o); }
+
+        void pop() { m_node = m_node->pop(); }
+        void clear() { m_node->deref(); m_node = 0; }
+        
+        JSGlobalObject* globalObject() const { return m_node->globalObject(); }
+
+        void markAggregate(MarkStack&) const;
+
+        // Caution: this should only be used if the codeblock this is being used
+        // with needs a full scope chain, otherwise this returns the depth of
+        // the preceeding call frame
+        //
+        // Returns the depth of the current call frame's scope chain
+        int localDepth() const;
+
+#ifndef NDEBUG        
+        void print() const { m_node->print(); }
+#endif
+
+    private:
+        ScopeChainNode* m_node;
+    };
+
+    inline void ScopeChain::swap(ScopeChain& o)
+    {
+        ScopeChainNode* tmp = m_node;
+        m_node = o.m_node;
+        o.m_node = tmp;
+    }
+
+    inline ScopeChain& ScopeChain::operator=(const ScopeChain& c)
+    {
+        ScopeChain tmp(c);
+        swap(tmp);
+        return *this;
+    }
+
+} // namespace JSC
+
+#endif // ScopeChain_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChainMark.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChainMark.h
new file mode 100644
index 000000000..984d10136
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/ScopeChainMark.h
@@ -0,0 +1,36 @@
+/*
+ *  Copyright (C) 2003, 2006, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef ScopeChainMark_h
+#define ScopeChainMark_h
+
+#include "ScopeChain.h"
+
+namespace JSC {
+
+    inline void ScopeChain::markAggregate(MarkStack& markStack) const
+    {
+        for (ScopeChainNode* n = m_node; n; n = n->next)
+            markStack.append(n->object);
+    }
+
+} // namespace JSC
+
+#endif // ScopeChainMark_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.cpp
new file mode 100644
index 000000000..04701cbde
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.cpp
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SmallStrings.h"
+
+#include "JSGlobalObject.h"
+#include "JSString.h"
+
+#include <wtf/Noncopyable.h>
+
+namespace JSC {
+static const unsigned numCharactersToStore = 0x100;
+
+class SmallStringsStorage : public Noncopyable {
+public:
+    SmallStringsStorage();
+
+    UString::Rep* rep(unsigned char character) { return &m_reps[character]; }
+
+private:
+    UChar m_characters[numCharactersToStore];
+    UString::BaseString m_base;
+    UString::Rep m_reps[numCharactersToStore];
+};
+
+SmallStringsStorage::SmallStringsStorage()
+    : m_base(m_characters, numCharactersToStore)
+{
+    m_base.rc = numCharactersToStore + 1;
+    // make sure UString doesn't try to reuse the buffer by pretending we have one more character in it
+    m_base.usedCapacity = numCharactersToStore + 1;
+    m_base.capacity = numCharactersToStore + 1;
+    m_base.checkConsistency();
+
+    for (unsigned i = 0; i < numCharactersToStore; ++i)
+        m_characters[i] = i;
+
+    memset(&m_reps, 0, sizeof(m_reps));
+    for (unsigned i = 0; i < numCharactersToStore; ++i) {
+        m_reps[i].offset = i;
+        m_reps[i].len = 1;
+        m_reps[i].rc = 1;
+        m_reps[i].setBaseString(&m_base);
+        m_reps[i].checkConsistency();
+    }
+}
+
+SmallStrings::SmallStrings()
+    : m_emptyString(0)
+    , m_storage(0)
+{
+    COMPILE_ASSERT(numCharactersToStore == sizeof(m_singleCharacterStrings) / sizeof(m_singleCharacterStrings[0]), IsNumCharactersConstInSyncWithClassUsage);
+
+    for (unsigned i = 0; i < numCharactersToStore; ++i)
+        m_singleCharacterStrings[i] = 0;
+}
+
+SmallStrings::~SmallStrings()
+{
+}
+
+void SmallStrings::markChildren(MarkStack& markStack)
+{
+    if (m_emptyString)
+        markStack.append(m_emptyString);
+    for (unsigned i = 0; i < numCharactersToStore; ++i) {
+        if (m_singleCharacterStrings[i])
+            markStack.append(m_singleCharacterStrings[i]);
+    }
+}
+
+unsigned SmallStrings::count() const
+{
+    unsigned count = 0;
+    if (m_emptyString)
+        ++count;
+    for (unsigned i = 0; i < numCharactersToStore; ++i) {
+        if (m_singleCharacterStrings[i])
+            ++count;
+    }
+    return count;
+}
+
+void SmallStrings::createEmptyString(JSGlobalData* globalData)
+{
+    ASSERT(!m_emptyString);
+    m_emptyString = new (globalData) JSString(globalData, "", JSString::HasOtherOwner);
+}
+
+void SmallStrings::createSingleCharacterString(JSGlobalData* globalData, unsigned char character)
+{
+    if (!m_storage)
+        m_storage.set(new SmallStringsStorage);
+    ASSERT(!m_singleCharacterStrings[character]);
+    m_singleCharacterStrings[character] = new (globalData) JSString(globalData, m_storage->rep(character), JSString::HasOtherOwner);
+}
+
+UString::Rep* SmallStrings::singleCharacterStringRep(unsigned char character)
+{
+    if (!m_storage)
+        m_storage.set(new SmallStringsStorage);
+    return m_storage->rep(character);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.h
new file mode 100644
index 000000000..efecbb075
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SmallStrings.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SmallStrings_h
+#define SmallStrings_h
+
+#include "UString.h"
+#include <wtf/OwnPtr.h>
+
+namespace JSC {
+
+    class JSGlobalData;
+    class JSString;
+    class MarkStack;
+    class SmallStringsStorage;
+
+    class SmallStrings : public Noncopyable {
+    public:
+        SmallStrings();
+        ~SmallStrings();
+
+        JSString* emptyString(JSGlobalData* globalData)
+        {
+            if (!m_emptyString)
+                createEmptyString(globalData);
+            return m_emptyString;
+        }
+        JSString* singleCharacterString(JSGlobalData* globalData, unsigned char character)
+        {
+            if (!m_singleCharacterStrings[character])
+                createSingleCharacterString(globalData, character);
+            return m_singleCharacterStrings[character];
+        }
+
+        UString::Rep* singleCharacterStringRep(unsigned char character);
+
+        void markChildren(MarkStack&);
+
+        unsigned count() const;
+
+    private:
+        void createEmptyString(JSGlobalData*);
+        void createSingleCharacterString(JSGlobalData*, unsigned char);
+
+        JSString* m_emptyString;
+        JSString* m_singleCharacterStrings[0x100];
+        OwnPtr<SmallStringsStorage> m_storage;
+    };
+
+} // namespace JSC
+
+#endif // SmallStrings_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.cpp
new file mode 100644
index 000000000..638044587
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.cpp
@@ -0,0 +1,91 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "StringConstructor.h"
+
+#include "JSFunction.h"
+#include "JSGlobalObject.h"
+#include "PrototypeFunction.h"
+#include "StringPrototype.h"
+
+namespace JSC {
+
+static NEVER_INLINE JSValue stringFromCharCodeSlowCase(ExecState* exec, const ArgList& args)
+{
+    UChar* buf = static_cast<UChar*>(fastMalloc(args.size() * sizeof(UChar)));
+    UChar* p = buf;
+    ArgList::const_iterator end = args.end();
+    for (ArgList::const_iterator it = args.begin(); it != end; ++it)
+        *p++ = static_cast<UChar>((*it).toUInt32(exec));
+    return jsString(exec, UString(buf, p - buf, false));
+}
+
+static JSValue JSC_HOST_CALL stringFromCharCode(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (LIKELY(args.size() == 1))
+        return jsSingleCharacterString(exec, args.at(0).toUInt32(exec));
+    return stringFromCharCodeSlowCase(exec, args);
+}
+
+ASSERT_CLASS_FITS_IN_CELL(StringConstructor);
+
+StringConstructor::StringConstructor(ExecState* exec, PassRefPtr<Structure> structure, Structure* prototypeFunctionStructure, StringPrototype* stringPrototype)
+    : InternalFunction(&exec->globalData(), structure, Identifier(exec, stringPrototype->classInfo()->className))
+{
+    // ECMA 15.5.3.1 String.prototype
+    putDirectWithoutTransition(exec->propertyNames().prototype, stringPrototype, ReadOnly | DontEnum | DontDelete);
+
+    // ECMA 15.5.3.2 fromCharCode()
+    putDirectFunctionWithoutTransition(exec, new (exec) NativeFunctionWrapper(exec, prototypeFunctionStructure, 1, exec->propertyNames().fromCharCode, stringFromCharCode), DontEnum);
+
+    // no. of arguments for constructor
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 1), ReadOnly | DontEnum | DontDelete);
+}
+
+// ECMA 15.5.2
+static JSObject* constructWithStringConstructor(ExecState* exec, JSObject*, const ArgList& args)
+{
+    if (args.isEmpty())
+        return new (exec) StringObject(exec, exec->lexicalGlobalObject()->stringObjectStructure());
+    return new (exec) StringObject(exec, exec->lexicalGlobalObject()->stringObjectStructure(), args.at(0).toString(exec));
+}
+
+ConstructType StringConstructor::getConstructData(ConstructData& constructData)
+{
+    constructData.native.function = constructWithStringConstructor;
+    return ConstructTypeHost;
+}
+
+// ECMA 15.5.1
+static JSValue JSC_HOST_CALL callStringConstructor(ExecState* exec, JSObject*, JSValue, const ArgList& args)
+{
+    if (args.isEmpty())
+        return jsEmptyString(exec);
+    return jsString(exec, args.at(0).toString(exec));
+}
+
+CallType StringConstructor::getCallData(CallData& callData)
+{
+    callData.native.function = callStringConstructor;
+    return CallTypeHost;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.h
new file mode 100644
index 000000000..7d52c69e1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringConstructor.h
@@ -0,0 +1,40 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef StringConstructor_h
+#define StringConstructor_h
+
+#include "InternalFunction.h"
+
+namespace JSC {
+
+    class StringPrototype;
+
+    class StringConstructor : public InternalFunction {
+    public:
+        StringConstructor(ExecState*, PassRefPtr<Structure>, Structure* prototypeFunctionStructure, StringPrototype*);
+
+        virtual ConstructType getConstructData(ConstructData&);
+        virtual CallType getCallData(CallData&);
+    };
+
+} // namespace JSC
+
+#endif // StringConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.cpp
new file mode 100644
index 000000000..dd1ac5db0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.cpp
@@ -0,0 +1,97 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "StringObject.h"
+
+#include "PropertyNameArray.h"
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(StringObject);
+
+const ClassInfo StringObject::info = { "String", 0, 0, 0 };
+
+StringObject::StringObject(ExecState* exec, PassRefPtr<Structure> structure)
+    : JSWrapperObject(structure)
+{
+    setInternalValue(jsEmptyString(exec));
+}
+
+StringObject::StringObject(PassRefPtr<Structure> structure, JSString* string)
+    : JSWrapperObject(structure)
+{
+    setInternalValue(string);
+}
+
+StringObject::StringObject(ExecState* exec, PassRefPtr<Structure> structure, const UString& string)
+    : JSWrapperObject(structure)
+{
+    setInternalValue(jsString(exec, string));
+}
+
+bool StringObject::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
+{
+    if (internalValue()->getStringPropertySlot(exec, propertyName, slot))
+        return true;
+    return JSObject::getOwnPropertySlot(exec, propertyName, slot);
+}
+    
+bool StringObject::getOwnPropertySlot(ExecState* exec, unsigned propertyName, PropertySlot& slot)
+{
+    if (internalValue()->getStringPropertySlot(exec, propertyName, slot))
+        return true;    
+    return JSObject::getOwnPropertySlot(exec, Identifier::from(exec, propertyName), slot);
+}
+
+bool StringObject::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    if (internalValue()->getStringPropertyDescriptor(exec, propertyName, descriptor))
+        return true;    
+    return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor);
+}
+
+void StringObject::put(ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot)
+{
+    if (propertyName == exec->propertyNames().length)
+        return;
+    JSObject::put(exec, propertyName, value, slot);
+}
+
+bool StringObject::deleteProperty(ExecState* exec, const Identifier& propertyName, bool checkDontDelete)
+{
+    if (propertyName == exec->propertyNames().length)
+        return false;
+    bool isStrictUInt32;
+    unsigned i = propertyName.toStrictUInt32(&isStrictUInt32);
+    if (isStrictUInt32 && internalValue()->canGetIndex(i))
+        return false;
+    return JSObject::deleteProperty(exec, propertyName, checkDontDelete);
+}
+
+void StringObject::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    int size = internalValue()->value().size();
+    for (int i = 0; i < size; ++i)
+        propertyNames.add(Identifier(exec, UString::from(i)));
+    return JSObject::getOwnPropertyNames(exec, propertyNames);
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.h
new file mode 100644
index 000000000..2f5927a61
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObject.h
@@ -0,0 +1,68 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef StringObject_h
+#define StringObject_h
+
+#include "JSWrapperObject.h"
+#include "JSString.h"
+
+namespace JSC {
+
+    class StringObject : public JSWrapperObject {
+    public:
+        StringObject(ExecState*, PassRefPtr<Structure>);
+        StringObject(ExecState*, PassRefPtr<Structure>, const UString&);
+
+        static StringObject* create(ExecState*, JSString*);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertySlot(ExecState*, unsigned propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual void put(ExecState* exec, const Identifier& propertyName, JSValue, PutPropertySlot&);
+        virtual bool deleteProperty(ExecState*, const Identifier& propertyName, bool checkDontDelete = true);
+        virtual void getOwnPropertyNames(ExecState*, PropertyNameArray&, bool includeNonEnumerable = false);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const JS_EXPORTDATA ClassInfo info;
+
+        JSString* internalValue() const { return asString(JSWrapperObject::internalValue());}
+
+        static PassRefPtr<Structure> createStructure(JSValue prototype)
+        {
+            return Structure::create(prototype, TypeInfo(ObjectType));
+        }
+
+    protected:
+        StringObject(PassRefPtr<Structure>, JSString*);
+  };
+
+    StringObject* asStringObject(JSValue);
+
+    inline StringObject* asStringObject(JSValue value)
+    {
+        ASSERT(asObject(value)->inherits(&StringObject::info));
+        return static_cast<StringObject*>(asObject(value));
+    }
+
+} // namespace JSC
+
+#endif // StringObject_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h
new file mode 100644
index 000000000..1d2e03ffa
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringObjectThatMasqueradesAsUndefined.h
@@ -0,0 +1,55 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef StringObjectThatMasqueradesAsUndefined_h
+#define StringObjectThatMasqueradesAsUndefined_h
+
+#include "JSGlobalObject.h"
+#include "StringObject.h"
+#include "UString.h"
+
+namespace JSC {
+
+    // WebCore uses this to make style.filter undetectable
+    class StringObjectThatMasqueradesAsUndefined : public StringObject {
+    public:
+        static StringObjectThatMasqueradesAsUndefined* create(ExecState* exec, const UString& string)
+        {
+            return new (exec) StringObjectThatMasqueradesAsUndefined(exec,
+                createStructure(exec->lexicalGlobalObject()->stringPrototype()), string);
+        }
+
+    private:
+        StringObjectThatMasqueradesAsUndefined(ExecState* exec, PassRefPtr<Structure> structure, const UString& string)
+            : StringObject(exec, structure, string)
+        {
+        }
+
+        static PassRefPtr<Structure> createStructure(JSValue proto) 
+        { 
+            return Structure::create(proto, TypeInfo(ObjectType, MasqueradesAsUndefined | HasDefaultMark)); 
+        }
+
+        virtual bool toBoolean(ExecState*) const { return false; }
+    };
+ 
+} // namespace JSC
+
+#endif // StringObjectThatMasqueradesAsUndefined_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.cpp
new file mode 100644
index 000000000..c9a32b697
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.cpp
@@ -0,0 +1,902 @@
+/*
+ *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#include "config.h"
+#include "StringPrototype.h"
+
+#include "CachedCall.h"
+#include "Error.h"
+#include "Executable.h"
+#include "JSArray.h"
+#include "JSFunction.h"
+#include "ObjectPrototype.h"
+#include "PropertyNameArray.h"
+#include "RegExpConstructor.h"
+#include "RegExpObject.h"
+#include <wtf/ASCIICType.h>
+#include <wtf/MathExtras.h>
+#include <wtf/unicode/Collator.h>
+
+using namespace WTF;
+
+namespace JSC {
+
+ASSERT_CLASS_FITS_IN_CELL(StringPrototype);
+
+static JSValue JSC_HOST_CALL stringProtoFuncToString(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncCharAt(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncCharCodeAt(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncConcat(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncIndexOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncLastIndexOf(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncMatch(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncReplace(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSearch(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSlice(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSplit(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSubstr(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSubstring(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncToLowerCase(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncToUpperCase(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncLocaleCompare(ExecState*, JSObject*, JSValue, const ArgList&);
+
+static JSValue JSC_HOST_CALL stringProtoFuncBig(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSmall(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncBlink(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncBold(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncFixed(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncItalics(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncStrike(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSub(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncSup(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncFontcolor(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncFontsize(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncAnchor(ExecState*, JSObject*, JSValue, const ArgList&);
+static JSValue JSC_HOST_CALL stringProtoFuncLink(ExecState*, JSObject*, JSValue, const ArgList&);
+
+}
+
+#include "StringPrototype.lut.h"
+
+namespace JSC {
+
+const ClassInfo StringPrototype::info = { "String", &StringObject::info, 0, ExecState::stringTable };
+
+/* Source for StringPrototype.lut.h
+@begin stringTable 26
+    toString              stringProtoFuncToString          DontEnum|Function       0
+    valueOf               stringProtoFuncToString          DontEnum|Function       0
+    charAt                stringProtoFuncCharAt            DontEnum|Function       1
+    charCodeAt            stringProtoFuncCharCodeAt        DontEnum|Function       1
+    concat                stringProtoFuncConcat            DontEnum|Function       1
+    indexOf               stringProtoFuncIndexOf           DontEnum|Function       1
+    lastIndexOf           stringProtoFuncLastIndexOf       DontEnum|Function       1
+    match                 stringProtoFuncMatch             DontEnum|Function       1
+    replace               stringProtoFuncReplace           DontEnum|Function       2
+    search                stringProtoFuncSearch            DontEnum|Function       1
+    slice                 stringProtoFuncSlice             DontEnum|Function       2
+    split                 stringProtoFuncSplit             DontEnum|Function       2
+    substr                stringProtoFuncSubstr            DontEnum|Function       2
+    substring             stringProtoFuncSubstring         DontEnum|Function       2
+    toLowerCase           stringProtoFuncToLowerCase       DontEnum|Function       0
+    toUpperCase           stringProtoFuncToUpperCase       DontEnum|Function       0
+    localeCompare         stringProtoFuncLocaleCompare     DontEnum|Function       1
+
+    # toLocaleLowerCase and toLocaleUpperCase are currently identical to toLowerCase and toUpperCase
+    toLocaleLowerCase     stringProtoFuncToLowerCase       DontEnum|Function       0
+    toLocaleUpperCase     stringProtoFuncToUpperCase       DontEnum|Function       0
+
+    big                   stringProtoFuncBig               DontEnum|Function       0
+    small                 stringProtoFuncSmall             DontEnum|Function       0
+    blink                 stringProtoFuncBlink             DontEnum|Function       0
+    bold                  stringProtoFuncBold              DontEnum|Function       0
+    fixed                 stringProtoFuncFixed             DontEnum|Function       0
+    italics               stringProtoFuncItalics           DontEnum|Function       0
+    strike                stringProtoFuncStrike            DontEnum|Function       0
+    sub                   stringProtoFuncSub               DontEnum|Function       0
+    sup                   stringProtoFuncSup               DontEnum|Function       0
+    fontcolor             stringProtoFuncFontcolor         DontEnum|Function       1
+    fontsize              stringProtoFuncFontsize          DontEnum|Function       1
+    anchor                stringProtoFuncAnchor            DontEnum|Function       1
+    link                  stringProtoFuncLink              DontEnum|Function       1
+@end
+*/
+
+// ECMA 15.5.4
+StringPrototype::StringPrototype(ExecState* exec, PassRefPtr<Structure> structure)
+    : StringObject(exec, structure)
+{
+    // The constructor will be added later, after StringConstructor has been built
+    putDirectWithoutTransition(exec->propertyNames().length, jsNumber(exec, 0), DontDelete | ReadOnly | DontEnum);
+}
+
+bool StringPrototype::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot &slot)
+{
+    return getStaticFunctionSlot<StringObject>(exec, ExecState::stringTable(exec), this, propertyName, slot);
+}
+
+bool StringPrototype::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor)
+{
+    return getStaticFunctionDescriptor<StringObject>(exec, ExecState::stringTable(exec), this, propertyName, descriptor);
+}
+
+// ------------------------------ Functions --------------------------
+
+static inline UString substituteBackreferences(const UString& replacement, const UString& source, const int* ovector, RegExp* reg)
+{
+    UString substitutedReplacement;
+    int offset = 0;
+    int i = -1;
+    while ((i = replacement.find('$', i + 1)) != -1) {
+        if (i + 1 == replacement.size())
+            break;
+
+        UChar ref = replacement[i + 1];
+        if (ref == '$') {
+            // "$$" -> "$"
+            ++i;
+            substitutedReplacement.append(replacement.data() + offset, i - offset);
+            offset = i + 1;
+            continue;
+        }
+
+        int backrefStart;
+        int backrefLength;
+        int advance = 0;
+        if (ref == '&') {
+            backrefStart = ovector[0];
+            backrefLength = ovector[1] - backrefStart;
+        } else if (ref == '`') {
+            backrefStart = 0;
+            backrefLength = ovector[0];
+        } else if (ref == '\'') {
+            backrefStart = ovector[1];
+            backrefLength = source.size() - backrefStart;
+        } else if (reg && ref >= '0' && ref <= '9') {
+            // 1- and 2-digit back references are allowed
+            unsigned backrefIndex = ref - '0';
+            if (backrefIndex > reg->numSubpatterns())
+                continue;
+            if (replacement.size() > i + 2) {
+                ref = replacement[i + 2];
+                if (ref >= '0' && ref <= '9') {
+                    backrefIndex = 10 * backrefIndex + ref - '0';
+                    if (backrefIndex > reg->numSubpatterns())
+                        backrefIndex = backrefIndex / 10;   // Fall back to the 1-digit reference
+                    else
+                        advance = 1;
+                }
+            }
+            if (!backrefIndex)
+                continue;
+            backrefStart = ovector[2 * backrefIndex];
+            backrefLength = ovector[2 * backrefIndex + 1] - backrefStart;
+        } else
+            continue;
+
+        if (i - offset)
+            substitutedReplacement.append(replacement.data() + offset, i - offset);
+        i += 1 + advance;
+        offset = i + 1;
+        substitutedReplacement.append(source.data() + backrefStart, backrefLength);
+    }
+
+    if (!offset)
+        return replacement;
+
+    if (replacement.size() - offset)
+        substitutedReplacement.append(replacement.data() + offset, replacement.size() - offset);
+
+    return substitutedReplacement;
+}
+
+static inline int localeCompare(const UString& a, const UString& b)
+{
+    return Collator::userDefault()->collate(reinterpret_cast<const ::UChar*>(a.data()), a.size(), reinterpret_cast<const ::UChar*>(b.data()), b.size());
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncReplace(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    JSString* sourceVal = thisValue.toThisJSString(exec);
+    const UString& source = sourceVal->value();
+
+    JSValue pattern = args.at(0);
+
+    JSValue replacement = args.at(1);
+    UString replacementString;
+    CallData callData;
+    CallType callType = replacement.getCallData(callData);
+    if (callType == CallTypeNone)
+        replacementString = replacement.toString(exec);
+
+    if (pattern.inherits(&RegExpObject::info)) {
+        RegExp* reg = asRegExpObject(pattern)->regExp();
+        bool global = reg->global();
+
+        RegExpConstructor* regExpConstructor = exec->lexicalGlobalObject()->regExpConstructor();
+
+        int lastIndex = 0;
+        int startPosition = 0;
+
+        Vector<UString::Range, 16> sourceRanges;
+        Vector<UString, 16> replacements;
+
+        // This is either a loop (if global is set) or a one-way (if not).
+        if (global && callType == CallTypeJS) {
+            // reg->numSubpatterns() + 1 for pattern args, + 2 for match start and sourceValue
+            int argCount = reg->numSubpatterns() + 1 + 2;
+            JSFunction* func = asFunction(replacement);
+            CachedCall cachedCall(exec, func, argCount, exec->exceptionSlot());
+            if (exec->hadException())
+                return jsNull();
+            while (true) {
+                int matchIndex;
+                int matchLen;
+                int* ovector;
+                regExpConstructor->performMatch(reg, source, startPosition, matchIndex, matchLen, &ovector);
+                if (matchIndex < 0)
+                    break;
+                
+                sourceRanges.append(UString::Range(lastIndex, matchIndex - lastIndex));
+
+                int completeMatchStart = ovector[0];
+                unsigned i = 0;
+                for (; i < reg->numSubpatterns() + 1; ++i) {
+                    int matchStart = ovector[i * 2];
+                    int matchLen = ovector[i * 2 + 1] - matchStart;
+
+                    if (matchStart < 0)
+                        cachedCall.setArgument(i, jsUndefined());
+                    else
+                        cachedCall.setArgument(i, jsSubstring(exec, source, matchStart, matchLen));
+                }
+
+                cachedCall.setArgument(i++, jsNumber(exec, completeMatchStart));
+                cachedCall.setArgument(i++, sourceVal);
+                
+                cachedCall.setThis(exec->globalThisValue());
+                replacements.append(cachedCall.call().toString(cachedCall.newCallFrame()));
+                if (exec->hadException())
+                    break;
+
+                lastIndex = matchIndex + matchLen;
+                startPosition = lastIndex;
+
+                // special case of empty match
+                if (matchLen == 0) {
+                    startPosition++;
+                    if (startPosition > source.size())
+                        break;
+                }
+            }            
+        } else {
+            do {
+                int matchIndex;
+                int matchLen;
+                int* ovector;
+                regExpConstructor->performMatch(reg, source, startPosition, matchIndex, matchLen, &ovector);
+                if (matchIndex < 0)
+                    break;
+
+                sourceRanges.append(UString::Range(lastIndex, matchIndex - lastIndex));
+
+                if (callType != CallTypeNone) {
+                    int completeMatchStart = ovector[0];
+                    MarkedArgumentBuffer args;
+
+                    for (unsigned i = 0; i < reg->numSubpatterns() + 1; ++i) {
+                        int matchStart = ovector[i * 2];
+                        int matchLen = ovector[i * 2 + 1] - matchStart;
+
+                        if (matchStart < 0)
+                            args.append(jsUndefined());
+                        else
+                            args.append(jsSubstring(exec, source, matchStart, matchLen));
+                    }
+
+                    args.append(jsNumber(exec, completeMatchStart));
+                    args.append(sourceVal);
+
+                    replacements.append(call(exec, replacement, callType, callData, exec->globalThisValue(), args).toString(exec));
+                    if (exec->hadException())
+                        break;
+                } else
+                    replacements.append(substituteBackreferences(replacementString, source, ovector, reg));
+
+                lastIndex = matchIndex + matchLen;
+                startPosition = lastIndex;
+
+                // special case of empty match
+                if (matchLen == 0) {
+                    startPosition++;
+                    if (startPosition > source.size())
+                        break;
+                }
+            } while (global);
+        }
+
+        if (!lastIndex && replacements.isEmpty())
+            return sourceVal;
+
+        if (lastIndex < source.size())
+            sourceRanges.append(UString::Range(lastIndex, source.size() - lastIndex));
+
+        return jsString(exec, source.spliceSubstringsWithSeparators(sourceRanges.data(), sourceRanges.size(),
+            replacements.data(), replacements.size()));
+    }
+
+    // Not a regular expression, so treat the pattern as a string.
+
+    UString patternString = pattern.toString(exec);
+    int matchPos = source.find(patternString);
+
+    if (matchPos == -1)
+        return sourceVal;
+
+    int matchLen = patternString.size();
+    if (callType != CallTypeNone) {
+        MarkedArgumentBuffer args;
+        args.append(jsSubstring(exec, source, matchPos, matchLen));
+        args.append(jsNumber(exec, matchPos));
+        args.append(sourceVal);
+
+        replacementString = call(exec, replacement, callType, callData, exec->globalThisValue(), args).toString(exec);
+    }
+
+    int ovector[2] = { matchPos, matchPos + matchLen };
+    return jsString(exec, source.replaceRange(matchPos, matchLen, substituteBackreferences(replacementString, source, ovector, 0)));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncToString(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    // Also used for valueOf.
+
+    if (thisValue.isString())
+        return thisValue;
+
+    if (thisValue.inherits(&StringObject::info))
+        return asStringObject(thisValue)->internalValue();
+
+    return throwError(exec, TypeError);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncCharAt(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    unsigned len = s.size();
+    JSValue a0 = args.at(0);
+    if (a0.isUInt32()) {
+        uint32_t i = a0.asUInt32();
+        if (i < len)
+            return jsSingleCharacterSubstring(exec, s, i);
+        return jsEmptyString(exec);
+    }
+    double dpos = a0.toInteger(exec);
+    if (dpos >= 0 && dpos < len)
+        return jsSingleCharacterSubstring(exec, s, static_cast<unsigned>(dpos));
+    return jsEmptyString(exec);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncCharCodeAt(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    unsigned len = s.size();
+    JSValue a0 = args.at(0);
+    if (a0.isUInt32()) {
+        uint32_t i = a0.asUInt32();
+        if (i < len)
+            return jsNumber(exec, s.data()[i]);
+        return jsNaN(exec);
+    }
+    double dpos = a0.toInteger(exec);
+    if (dpos >= 0 && dpos < len)
+        return jsNumber(exec, s[static_cast<int>(dpos)]);
+    return jsNaN(exec);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncConcat(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+
+    ArgList::const_iterator end = args.end();
+    for (ArgList::const_iterator it = args.begin(); it != end; ++it)
+        s += (*it).toString(exec);
+    return jsString(exec, s);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncIndexOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    int len = s.size();
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+    UString u2 = a0.toString(exec);
+    int pos;
+    if (a1.isUndefined())
+        pos = 0;
+    else if (a1.isUInt32())
+        pos = min<uint32_t>(a1.asUInt32(), len);
+    else {
+        double dpos = a1.toInteger(exec);
+        if (dpos < 0)
+            dpos = 0;
+        else if (dpos > len)
+            dpos = len;
+        pos = static_cast<int>(dpos);
+    }
+
+    return jsNumber(exec, s.find(u2, pos));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncLastIndexOf(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    int len = s.size();
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+
+    UString u2 = a0.toString(exec);
+    double dpos = a1.toIntegerPreserveNaN(exec);
+    if (dpos < 0)
+        dpos = 0;
+    else if (!(dpos <= len)) // true for NaN
+        dpos = len;
+    return jsNumber(exec, s.rfind(u2, static_cast<int>(dpos)));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncMatch(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+
+    JSValue a0 = args.at(0);
+
+    UString u = s;
+    RefPtr<RegExp> reg;
+    RegExpObject* imp = 0;
+    if (a0.inherits(&RegExpObject::info))
+        reg = asRegExpObject(a0)->regExp();
+    else {
+        /*
+         *  ECMA 15.5.4.12 String.prototype.search (regexp)
+         *  If regexp is not an object whose [[Class]] property is "RegExp", it is
+         *  replaced with the result of the expression new RegExp(regexp).
+         */
+        reg = RegExp::create(&exec->globalData(), a0.toString(exec));
+    }
+    RegExpConstructor* regExpConstructor = exec->lexicalGlobalObject()->regExpConstructor();
+    int pos;
+    int matchLength;
+    regExpConstructor->performMatch(reg.get(), u, 0, pos, matchLength);
+    if (!(reg->global())) {
+        // case without 'g' flag is handled like RegExp.prototype.exec
+        if (pos < 0)
+            return jsNull();
+        return regExpConstructor->arrayOfMatches(exec);
+    }
+
+    // return array of matches
+    MarkedArgumentBuffer list;
+    int lastIndex = 0;
+    while (pos >= 0) {
+        list.append(jsSubstring(exec, u, pos, matchLength));
+        lastIndex = pos;
+        pos += matchLength == 0 ? 1 : matchLength;
+        regExpConstructor->performMatch(reg.get(), u, pos, pos, matchLength);
+    }
+    if (imp)
+        imp->setLastIndex(lastIndex);
+    if (list.isEmpty()) {
+        // if there are no matches at all, it's important to return
+        // Null instead of an empty array, because this matches
+        // other browsers and because Null is a false value.
+        return jsNull();
+    }
+
+    return constructArray(exec, list);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSearch(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+
+    JSValue a0 = args.at(0);
+
+    UString u = s;
+    RefPtr<RegExp> reg;
+    if (a0.inherits(&RegExpObject::info))
+        reg = asRegExpObject(a0)->regExp();
+    else { 
+        /*
+         *  ECMA 15.5.4.12 String.prototype.search (regexp)
+         *  If regexp is not an object whose [[Class]] property is "RegExp", it is
+         *  replaced with the result of the expression new RegExp(regexp).
+         */
+        reg = RegExp::create(&exec->globalData(), a0.toString(exec));
+    }
+    RegExpConstructor* regExpConstructor = exec->lexicalGlobalObject()->regExpConstructor();
+    int pos;
+    int matchLength;
+    regExpConstructor->performMatch(reg.get(), u, 0, pos, matchLength);
+    return jsNumber(exec, pos);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSlice(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    int len = s.size();
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+
+    // The arg processing is very much like ArrayProtoFunc::Slice
+    double start = a0.toInteger(exec);
+    double end = a1.isUndefined() ? len : a1.toInteger(exec);
+    double from = start < 0 ? len + start : start;
+    double to = end < 0 ? len + end : end;
+    if (to > from && to > 0 && from < len) {
+        if (from < 0)
+            from = 0;
+        if (to > len)
+            to = len;
+        return jsSubstring(exec, s, static_cast<unsigned>(from), static_cast<unsigned>(to) - static_cast<unsigned>(from));
+    }
+
+    return jsEmptyString(exec);
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSplit(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+
+    JSArray* result = constructEmptyArray(exec);
+    unsigned i = 0;
+    int p0 = 0;
+    unsigned limit = a1.isUndefined() ? 0xFFFFFFFFU : a1.toUInt32(exec);
+    if (a0.inherits(&RegExpObject::info)) {
+        RegExp* reg = asRegExpObject(a0)->regExp();
+        if (s.isEmpty() && reg->match(s, 0) >= 0) {
+            // empty string matched by regexp -> empty array
+            return result;
+        }
+        int pos = 0;
+        while (i != limit && pos < s.size()) {
+            Vector<int, 32> ovector;
+            int mpos = reg->match(s, pos, &ovector);
+            if (mpos < 0)
+                break;
+            int mlen = ovector[1] - ovector[0];
+            pos = mpos + (mlen == 0 ? 1 : mlen);
+            if (mpos != p0 || mlen) {
+                result->put(exec, i++, jsSubstring(exec, s, p0, mpos - p0));
+                p0 = mpos + mlen;
+            }
+            for (unsigned si = 1; si <= reg->numSubpatterns(); ++si) {
+                int spos = ovector[si * 2];
+                if (spos < 0)
+                    result->put(exec, i++, jsUndefined());
+                else
+                    result->put(exec, i++, jsSubstring(exec, s, spos, ovector[si * 2 + 1] - spos));
+            }
+        }
+    } else {
+        UString u2 = a0.toString(exec);
+        if (u2.isEmpty()) {
+            if (s.isEmpty()) {
+                // empty separator matches empty string -> empty array
+                return result;
+            }
+            while (i != limit && p0 < s.size() - 1)
+                result->put(exec, i++, jsSingleCharacterSubstring(exec, s, p0++));
+        } else {
+            int pos;
+            while (i != limit && (pos = s.find(u2, p0)) >= 0) {
+                result->put(exec, i++, jsSubstring(exec, s, p0, pos - p0));
+                p0 = pos + u2.size();
+            }
+        }
+    }
+
+    // add remaining string
+    if (i != limit)
+        result->put(exec, i++, jsSubstring(exec, s, p0, s.size() - p0));
+
+    return result;
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSubstr(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    int len = s.size();
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+
+    double start = a0.toInteger(exec);
+    double length = a1.isUndefined() ? len : a1.toInteger(exec);
+    if (start >= len || length <= 0)
+        return jsEmptyString(exec);
+    if (start < 0) {
+        start += len;
+        if (start < 0)
+            start = 0;
+    }
+    if (start + length > len)
+        length = len - start;
+    return jsSubstring(exec, s, static_cast<unsigned>(start), static_cast<unsigned>(length));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSubstring(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    int len = s.size();
+
+    JSValue a0 = args.at(0);
+    JSValue a1 = args.at(1);
+
+    double start = a0.toNumber(exec);
+    double end = a1.toNumber(exec);
+    if (isnan(start))
+        start = 0;
+    if (isnan(end))
+        end = 0;
+    if (start < 0)
+        start = 0;
+    if (end < 0)
+        end = 0;
+    if (start > len)
+        start = len;
+    if (end > len)
+        end = len;
+    if (a1.isUndefined())
+        end = len;
+    if (start > end) {
+        double temp = end;
+        end = start;
+        start = temp;
+    }
+    return jsSubstring(exec, s, static_cast<unsigned>(start), static_cast<unsigned>(end) - static_cast<unsigned>(start));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncToLowerCase(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSString* sVal = thisValue.toThisJSString(exec);
+    const UString& s = sVal->value();
+
+    int sSize = s.size();
+    if (!sSize)
+        return sVal;
+
+    const UChar* sData = s.data();
+    Vector<UChar> buffer(sSize);
+
+    UChar ored = 0;
+    for (int i = 0; i < sSize; i++) {
+        UChar c = sData[i];
+        ored |= c;
+        buffer[i] = toASCIILower(c);
+    }
+    if (!(ored & ~0x7f))
+        return jsString(exec, UString(buffer.releaseBuffer(), sSize, false));
+
+    bool error;
+    int length = Unicode::toLower(buffer.data(), sSize, sData, sSize, &error);
+    if (error) {
+        buffer.resize(length);
+        length = Unicode::toLower(buffer.data(), length, sData, sSize, &error);
+        if (error)
+            return sVal;
+    }
+    if (length == sSize && memcmp(buffer.data(), sData, length * sizeof(UChar)) == 0)
+        return sVal;
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncToUpperCase(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    JSString* sVal = thisValue.toThisJSString(exec);
+    const UString& s = sVal->value();
+
+    int sSize = s.size();
+    if (!sSize)
+        return sVal;
+
+    const UChar* sData = s.data();
+    Vector<UChar> buffer(sSize);
+
+    UChar ored = 0;
+    for (int i = 0; i < sSize; i++) {
+        UChar c = sData[i];
+        ored |= c;
+        buffer[i] = toASCIIUpper(c);
+    }
+    if (!(ored & ~0x7f))
+        return jsString(exec, UString(buffer.releaseBuffer(), sSize, false));
+
+    bool error;
+    int length = Unicode::toUpper(buffer.data(), sSize, sData, sSize, &error);
+    if (error) {
+        buffer.resize(length);
+        length = Unicode::toUpper(buffer.data(), length, sData, sSize, &error);
+        if (error)
+            return sVal;
+    }
+    if (length == sSize && memcmp(buffer.data(), sData, length * sizeof(UChar)) == 0)
+        return sVal;
+    return jsString(exec, UString(buffer.releaseBuffer(), length, false));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncLocaleCompare(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    if (args.size() < 1)
+      return jsNumber(exec, 0);
+
+    UString s = thisValue.toThisString(exec);
+    JSValue a0 = args.at(0);
+    return jsNumber(exec, localeCompare(s, a0.toString(exec)));
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncBig(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<big>" + s + "</big>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSmall(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<small>" + s + "</small>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncBlink(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<blink>" + s + "</blink>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncBold(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<b>" + s + "</b>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncFixed(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsString(exec, "<tt>" + s + "</tt>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncItalics(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<i>" + s + "</i>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncStrike(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<strike>" + s + "</strike>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSub(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<sub>" + s + "</sub>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncSup(ExecState* exec, JSObject*, JSValue thisValue, const ArgList&)
+{
+    UString s = thisValue.toThisString(exec);
+    return jsNontrivialString(exec, "<sup>" + s + "</sup>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncFontcolor(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    JSValue a0 = args.at(0);
+    return jsNontrivialString(exec, "<font color=\"" + a0.toString(exec) + "\">" + s + "</font>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncFontsize(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    JSValue a0 = args.at(0);
+
+    uint32_t smallInteger;
+    if (a0.getUInt32(smallInteger) && smallInteger <= 9) {
+        unsigned stringSize = s.size();
+        unsigned bufferSize = 22 + stringSize;
+        UChar* buffer;
+        if (!tryFastMalloc(bufferSize * sizeof(UChar)).getValue(buffer))
+            return jsUndefined();
+        buffer[0] = '<';
+        buffer[1] = 'f';
+        buffer[2] = 'o';
+        buffer[3] = 'n';
+        buffer[4] = 't';
+        buffer[5] = ' ';
+        buffer[6] = 's';
+        buffer[7] = 'i';
+        buffer[8] = 'z';
+        buffer[9] = 'e';
+        buffer[10] = '=';
+        buffer[11] = '"';
+        buffer[12] = '0' + smallInteger;
+        buffer[13] = '"';
+        buffer[14] = '>';
+        memcpy(&buffer[15], s.data(), stringSize * sizeof(UChar));
+        buffer[15 + stringSize] = '<';
+        buffer[16 + stringSize] = '/';
+        buffer[17 + stringSize] = 'f';
+        buffer[18 + stringSize] = 'o';
+        buffer[19 + stringSize] = 'n';
+        buffer[20 + stringSize] = 't';
+        buffer[21 + stringSize] = '>';
+        return jsNontrivialString(exec, UString(buffer, bufferSize, false));
+    }
+
+    return jsNontrivialString(exec, "<font size=\"" + a0.toString(exec) + "\">" + s + "</font>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncAnchor(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    JSValue a0 = args.at(0);
+    return jsNontrivialString(exec, "<a name=\"" + a0.toString(exec) + "\">" + s + "</a>");
+}
+
+JSValue JSC_HOST_CALL stringProtoFuncLink(ExecState* exec, JSObject*, JSValue thisValue, const ArgList& args)
+{
+    UString s = thisValue.toThisString(exec);
+    JSValue a0 = args.at(0);
+    UString linkText = a0.toString(exec);
+
+    unsigned linkTextSize = linkText.size();
+    unsigned stringSize = s.size();
+    unsigned bufferSize = 15 + linkTextSize + stringSize;
+    UChar* buffer;
+    if (!tryFastMalloc(bufferSize * sizeof(UChar)).getValue(buffer))
+        return jsUndefined();
+    buffer[0] = '<';
+    buffer[1] = 'a';
+    buffer[2] = ' ';
+    buffer[3] = 'h';
+    buffer[4] = 'r';
+    buffer[5] = 'e';
+    buffer[6] = 'f';
+    buffer[7] = '=';
+    buffer[8] = '"';
+    memcpy(&buffer[9], linkText.data(), linkTextSize * sizeof(UChar));
+    buffer[9 + linkTextSize] = '"';
+    buffer[10 + linkTextSize] = '>';
+    memcpy(&buffer[11 + linkTextSize], s.data(), stringSize * sizeof(UChar));
+    buffer[11 + linkTextSize + stringSize] = '<';
+    buffer[12 + linkTextSize + stringSize] = '/';
+    buffer[13 + linkTextSize + stringSize] = 'a';
+    buffer[14 + linkTextSize + stringSize] = '>';
+    return jsNontrivialString(exec, UString(buffer, bufferSize, false));
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.h
new file mode 100644
index 000000000..580e13d24
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StringPrototype.h
@@ -0,0 +1,43 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#ifndef StringPrototype_h
+#define StringPrototype_h
+
+#include "StringObject.h"
+
+namespace JSC {
+
+    class ObjectPrototype;
+
+    class StringPrototype : public StringObject {
+    public:
+        StringPrototype(ExecState*, PassRefPtr<Structure>);
+
+        virtual bool getOwnPropertySlot(ExecState*, const Identifier& propertyName, PropertySlot&);
+        virtual bool getOwnPropertyDescriptor(ExecState*, const Identifier&, PropertyDescriptor&);
+
+        virtual const ClassInfo* classInfo() const { return &info; }
+        static const ClassInfo info;
+    };
+
+} // namespace JSC
+
+#endif // StringPrototype_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.cpp
new file mode 100644
index 000000000..be817c398
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.cpp
@@ -0,0 +1,1200 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "Structure.h"
+
+#include "Identifier.h"
+#include "JSObject.h"
+#include "PropertyNameArray.h"
+#include "StructureChain.h"
+#include "Lookup.h"
+#include <wtf/RefCountedLeakCounter.h>
+#include <wtf/RefPtr.h>
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#include <wtf/Threading.h>
+#endif
+
+#define DUMP_STRUCTURE_ID_STATISTICS 0
+
+#ifndef NDEBUG
+#define DO_PROPERTYMAP_CONSTENCY_CHECK 0
+#else
+#define DO_PROPERTYMAP_CONSTENCY_CHECK 0
+#endif
+
+using namespace WTF;
+
+namespace JSC {
+
+// Choose a number for the following so that most property maps are smaller,
+// but it's not going to blow out the stack to allocate this number of pointers.
+static const int smallMapThreshold = 1024;
+
+// The point at which the function call overhead of the qsort implementation
+// becomes small compared to the inefficiency of insertion sort.
+static const unsigned tinyMapThreshold = 20;
+
+static const unsigned newTableSize = 16;
+
+#ifndef NDEBUG
+static WTF::RefCountedLeakCounter structureCounter("Structure");
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+static Mutex& ignoreSetMutex = *(new Mutex);
+#endif
+
+static bool shouldIgnoreLeaks;
+static HashSet<Structure*>& ignoreSet = *(new HashSet<Structure*>);
+#endif
+
+#if DUMP_STRUCTURE_ID_STATISTICS
+static HashSet<Structure*>& liveStructureSet = *(new HashSet<Structure*>);
+#endif
+
+void Structure::dumpStatistics()
+{
+#if DUMP_STRUCTURE_ID_STATISTICS
+    unsigned numberLeaf = 0;
+    unsigned numberUsingSingleSlot = 0;
+    unsigned numberSingletons = 0;
+    unsigned numberWithPropertyMaps = 0;
+    unsigned totalPropertyMapsSize = 0;
+
+    HashSet<Structure*>::const_iterator end = liveStructureSet.end();
+    for (HashSet<Structure*>::const_iterator it = liveStructureSet.begin(); it != end; ++it) {
+        Structure* structure = *it;
+        if (structure->m_usingSingleTransitionSlot) {
+            if (!structure->m_transitions.singleTransition)
+                ++numberLeaf;
+            else
+                ++numberUsingSingleSlot;
+
+           if (!structure->m_previous && !structure->m_transitions.singleTransition)
+                ++numberSingletons;
+        }
+
+        if (structure->m_propertyTable) {
+            ++numberWithPropertyMaps;
+            totalPropertyMapsSize += PropertyMapHashTable::allocationSize(structure->m_propertyTable->size);
+            if (structure->m_propertyTable->deletedOffsets)
+                totalPropertyMapsSize += (structure->m_propertyTable->deletedOffsets->capacity() * sizeof(unsigned)); 
+        }
+    }
+
+    printf("Number of live Structures: %d\n", liveStructureSet.size());
+    printf("Number of Structures using the single item optimization for transition map: %d\n", numberUsingSingleSlot);
+    printf("Number of Structures that are leaf nodes: %d\n", numberLeaf);
+    printf("Number of Structures that singletons: %d\n", numberSingletons);
+    printf("Number of Structures with PropertyMaps: %d\n", numberWithPropertyMaps);
+
+    printf("Size of a single Structures: %d\n", static_cast<unsigned>(sizeof(Structure)));
+    printf("Size of sum of all property maps: %d\n", totalPropertyMapsSize);
+    printf("Size of average of all property maps: %f\n", static_cast<double>(totalPropertyMapsSize) / static_cast<double>(liveStructureSet.size()));
+#else
+    printf("Dumping Structure statistics is not enabled.\n");
+#endif
+}
+
+Structure::Structure(JSValue prototype, const TypeInfo& typeInfo)
+    : m_typeInfo(typeInfo)
+    , m_prototype(prototype)
+    , m_specificValueInPrevious(0)
+    , m_propertyTable(0)
+    , m_propertyStorageCapacity(JSObject::inlineStorageCapacity)
+    , m_offset(noOffset)
+    , m_dictionaryKind(NoneDictionaryKind)
+    , m_isPinnedPropertyTable(false)
+    , m_hasGetterSetterProperties(false)
+    , m_attributesInPrevious(0)
+{
+    ASSERT(m_prototype);
+    ASSERT(m_prototype.isObject() || m_prototype.isNull());
+
+#ifndef NDEBUG
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    MutexLocker protect(ignoreSetMutex);
+#endif
+    if (shouldIgnoreLeaks)
+        ignoreSet.add(this);
+    else
+        structureCounter.increment();
+#endif
+
+#if DUMP_STRUCTURE_ID_STATISTICS
+    liveStructureSet.add(this);
+#endif
+}
+
+Structure::~Structure()
+{
+    if (m_previous) {
+        if (m_nameInPrevious)
+            m_previous->table.remove(make_pair(RefPtr<UString::Rep>(m_nameInPrevious.get()), m_attributesInPrevious), m_specificValueInPrevious);
+        else
+            m_previous->table.removeAnonymousSlotTransition(m_anonymousSlotsInPrevious);
+
+    }
+
+    if (m_cachedPropertyNameArrayData)
+        m_cachedPropertyNameArrayData->setCachedStructure(0);
+
+    if (m_propertyTable) {
+        unsigned entryCount = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount;
+        for (unsigned i = 1; i <= entryCount; i++) {
+            if (UString::Rep* key = m_propertyTable->entries()[i].key)
+                key->deref();
+        }
+
+        delete m_propertyTable->deletedOffsets;
+        fastFree(m_propertyTable);
+    }
+
+#ifndef NDEBUG
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    MutexLocker protect(ignoreSetMutex);
+#endif
+    HashSet<Structure*>::iterator it = ignoreSet.find(this);
+    if (it != ignoreSet.end())
+        ignoreSet.remove(it);
+    else
+        structureCounter.decrement();
+#endif
+
+#if DUMP_STRUCTURE_ID_STATISTICS
+    liveStructureSet.remove(this);
+#endif
+}
+
+void Structure::startIgnoringLeaks()
+{
+#ifndef NDEBUG
+    shouldIgnoreLeaks = true;
+#endif
+}
+
+void Structure::stopIgnoringLeaks()
+{
+#ifndef NDEBUG
+    shouldIgnoreLeaks = false;
+#endif
+}
+
+static bool isPowerOf2(unsigned v)
+{
+    // Taken from http://www.cs.utk.edu/~vose/c-stuff/bithacks.html
+    
+    return !(v & (v - 1)) && v;
+}
+
+static unsigned nextPowerOf2(unsigned v)
+{
+    // Taken from http://www.cs.utk.edu/~vose/c-stuff/bithacks.html
+    // Devised by Sean Anderson, Sepember 14, 2001
+
+    v--;
+    v |= v >> 1;
+    v |= v >> 2;
+    v |= v >> 4;
+    v |= v >> 8;
+    v |= v >> 16;
+    v++;
+
+    return v;
+}
+
+static unsigned sizeForKeyCount(size_t keyCount)
+{
+    if (keyCount == notFound)
+        return newTableSize;
+
+    if (keyCount < 8)
+        return newTableSize;
+
+    if (isPowerOf2(keyCount))
+        return keyCount * 4;
+
+    return nextPowerOf2(keyCount) * 2;
+}
+
+void Structure::materializePropertyMap()
+{
+    ASSERT(!m_propertyTable);
+
+    Vector<Structure*, 8> structures;
+    structures.append(this);
+
+    Structure* structure = this;
+
+    // Search for the last Structure with a property table. 
+    while ((structure = structure->previousID())) {
+        if (structure->m_isPinnedPropertyTable) {
+            ASSERT(structure->m_propertyTable);
+            ASSERT(!structure->m_previous);
+
+            m_propertyTable = structure->copyPropertyTable();
+            break;
+        }
+
+        structures.append(structure);
+    }
+
+    if (!m_propertyTable)
+        createPropertyMapHashTable(sizeForKeyCount(m_offset + 1));
+    else {
+        if (sizeForKeyCount(m_offset + 1) > m_propertyTable->size)
+            rehashPropertyMapHashTable(sizeForKeyCount(m_offset + 1)); // This could be made more efficient by combining with the copy above. 
+    }
+
+    for (ptrdiff_t i = structures.size() - 2; i >= 0; --i) {
+        structure = structures[i];
+        if (!structure->m_nameInPrevious) {
+            m_propertyTable->anonymousSlotCount += structure->m_anonymousSlotsInPrevious;
+            continue;
+        }
+        structure->m_nameInPrevious->ref();
+        PropertyMapEntry entry(structure->m_nameInPrevious.get(), structure->m_offset, structure->m_attributesInPrevious, structure->m_specificValueInPrevious, ++m_propertyTable->lastIndexUsed);
+        insertIntoPropertyMapHashTable(entry);
+    }
+}
+
+void Structure::getOwnPropertyNames(ExecState* exec, PropertyNameArray& propertyNames, JSObject* baseObject, bool includeNonEnumerable)
+{
+    getNamesFromPropertyTable(propertyNames, includeNonEnumerable);
+    getNamesFromClassInfoTable(exec, baseObject->classInfo(), propertyNames, includeNonEnumerable);
+}
+
+void Structure::getEnumerablePropertyNames(ExecState* exec, PropertyNameArray& propertyNames, JSObject* baseObject)
+{
+    bool shouldCache = propertyNames.shouldCache() && !(propertyNames.size() || isDictionary());
+
+    if (shouldCache && m_cachedPropertyNameArrayData) {
+        if (m_cachedPropertyNameArrayData->cachedPrototypeChain() == prototypeChain(exec)) {
+            propertyNames.setData(m_cachedPropertyNameArrayData);
+            return;
+        }
+        clearEnumerationCache();
+    }
+
+    baseObject->getOwnPropertyNames(exec, propertyNames);
+
+    if (m_prototype.isObject()) {
+        propertyNames.setShouldCache(false); // No need for our prototypes to waste memory on caching, since they're not being enumerated directly.
+        JSObject* prototype = asObject(m_prototype);
+        while(1) {
+            if (!prototype->structure()->typeInfo().hasDefaultGetPropertyNames()) {
+                prototype->getPropertyNames(exec, propertyNames);
+                break;
+            }
+            prototype->getOwnPropertyNames(exec, propertyNames);
+            JSValue nextProto = prototype->prototype();
+            if (!nextProto.isObject())
+                break;
+            prototype = asObject(nextProto);
+        }
+    }
+
+    if (shouldCache) {
+        StructureChain* protoChain = prototypeChain(exec);
+        m_cachedPropertyNameArrayData = propertyNames.data();
+        if (!protoChain->isCacheable())
+            return;
+        m_cachedPropertyNameArrayData->setCachedPrototypeChain(protoChain);
+        m_cachedPropertyNameArrayData->setCachedStructure(this);
+    }
+}
+
+void Structure::clearEnumerationCache()
+{
+    if (m_cachedPropertyNameArrayData)
+        m_cachedPropertyNameArrayData->setCachedStructure(0);
+    m_cachedPropertyNameArrayData.clear();
+}
+
+void Structure::growPropertyStorageCapacity()
+{
+    if (m_propertyStorageCapacity == JSObject::inlineStorageCapacity)
+        m_propertyStorageCapacity = JSObject::nonInlineBaseStorageCapacity;
+    else
+        m_propertyStorageCapacity *= 2;
+}
+
+void Structure::despecifyDictionaryFunction(const Identifier& propertyName)
+{
+    const UString::Rep* rep = propertyName._ustring.rep();
+
+    materializePropertyMapIfNecessary();
+
+    ASSERT(isDictionary());
+    ASSERT(m_propertyTable);
+
+    unsigned i = rep->computedHash();
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+#endif
+
+    unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+    ASSERT(entryIndex != emptyEntryIndex);
+
+    if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+        m_propertyTable->entries()[entryIndex - 1].specificValue = 0;
+        return;
+    }
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numCollisions;
+#endif
+
+    unsigned k = 1 | doubleHash(rep->computedHash());
+
+    while (1) {
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+
+        entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        ASSERT(entryIndex != emptyEntryIndex);
+
+        if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+            m_propertyTable->entries()[entryIndex - 1].specificValue = 0;
+            return;
+        }
+    }
+}
+
+PassRefPtr<Structure> Structure::addPropertyTransitionToExistingStructure(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset)
+{
+    ASSERT(!structure->isDictionary());
+    ASSERT(structure->typeInfo().type() == ObjectType);
+
+    if (Structure* existingTransition = structure->table.get(make_pair(RefPtr<UString::Rep>(propertyName.ustring().rep()), attributes), specificValue)) {
+        ASSERT(existingTransition->m_offset != noOffset);
+        offset = existingTransition->m_offset;
+        return existingTransition;
+    }
+
+    return 0;
+}
+
+PassRefPtr<Structure> Structure::addPropertyTransition(Structure* structure, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset)
+{
+    ASSERT(!structure->isDictionary());
+    ASSERT(structure->typeInfo().type() == ObjectType);
+    ASSERT(!Structure::addPropertyTransitionToExistingStructure(structure, propertyName, attributes, specificValue, offset));
+
+    if (structure->transitionCount() > s_maxTransitionLength) {
+        RefPtr<Structure> transition = toCacheableDictionaryTransition(structure);
+        ASSERT(structure != transition);
+        offset = transition->put(propertyName, attributes, specificValue);
+        if (transition->propertyStorageSize() > transition->propertyStorageCapacity())
+            transition->growPropertyStorageCapacity();
+        return transition.release();
+    }
+
+    RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo());
+
+    transition->m_cachedPrototypeChain = structure->m_cachedPrototypeChain;
+    transition->m_previous = structure;
+    transition->m_nameInPrevious = propertyName.ustring().rep();
+    transition->m_attributesInPrevious = attributes;
+    transition->m_specificValueInPrevious = specificValue;
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
+
+    if (structure->m_propertyTable) {
+        if (structure->m_isPinnedPropertyTable)
+            transition->m_propertyTable = structure->copyPropertyTable();
+        else {
+            transition->m_propertyTable = structure->m_propertyTable;
+            structure->m_propertyTable = 0;
+        }
+    } else {
+        if (structure->m_previous)
+            transition->materializePropertyMap();
+        else
+            transition->createPropertyMapHashTable();
+    }
+
+    offset = transition->put(propertyName, attributes, specificValue);
+    if (transition->propertyStorageSize() > transition->propertyStorageCapacity())
+        transition->growPropertyStorageCapacity();
+
+    transition->m_offset = offset;
+
+    structure->table.add(make_pair(RefPtr<UString::Rep>(propertyName.ustring().rep()), attributes), transition.get(), specificValue);
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::removePropertyTransition(Structure* structure, const Identifier& propertyName, size_t& offset)
+{
+    ASSERT(!structure->isUncacheableDictionary());
+
+    RefPtr<Structure> transition = toUncacheableDictionaryTransition(structure);
+
+    offset = transition->remove(propertyName);
+
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::changePrototypeTransition(Structure* structure, JSValue prototype)
+{
+    RefPtr<Structure> transition = create(prototype, structure->typeInfo());
+
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
+
+    // Don't set m_offset, as one can not transition to this.
+
+    structure->materializePropertyMapIfNecessary();
+    transition->m_propertyTable = structure->copyPropertyTable();
+    transition->m_isPinnedPropertyTable = true;
+
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::despecifyFunctionTransition(Structure* structure, const Identifier& replaceFunction)
+{
+    RefPtr<Structure> transition = create(structure->storedPrototype(), structure->typeInfo());
+
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
+
+    // Don't set m_offset, as one can not transition to this.
+
+    structure->materializePropertyMapIfNecessary();
+    transition->m_propertyTable = structure->copyPropertyTable();
+    transition->m_isPinnedPropertyTable = true;
+
+    bool removed = transition->despecifyFunction(replaceFunction);
+    ASSERT_UNUSED(removed, removed);
+
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::addAnonymousSlotsTransition(Structure* structure, unsigned count)
+{
+    if (Structure* transition = structure->table.getAnonymousSlotTransition(count)) {
+        ASSERT(transition->storedPrototype() == structure->storedPrototype());
+        return transition;
+    }
+    ASSERT(count);
+    ASSERT(count < ((1<<6) - 2));
+    RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo());
+    
+    transition->m_cachedPrototypeChain = structure->m_cachedPrototypeChain;
+    transition->m_previous = structure;
+    transition->m_nameInPrevious = 0;
+    transition->m_attributesInPrevious = 0;
+    transition->m_anonymousSlotsInPrevious = count;
+    transition->m_specificValueInPrevious = 0;
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
+
+    if (structure->m_propertyTable) {
+        if (structure->m_isPinnedPropertyTable)
+            transition->m_propertyTable = structure->copyPropertyTable();
+        else {
+            transition->m_propertyTable = structure->m_propertyTable;
+            structure->m_propertyTable = 0;
+        }
+    } else {
+        if (structure->m_previous)
+            transition->materializePropertyMap();
+        else
+            transition->createPropertyMapHashTable();
+    }
+
+    transition->addAnonymousSlots(count);
+    if (transition->propertyStorageSize() > transition->propertyStorageCapacity())
+        transition->growPropertyStorageCapacity();
+
+    structure->table.addAnonymousSlotTransition(count, transition.get());
+    return transition.release();    
+}
+
+PassRefPtr<Structure> Structure::getterSetterTransition(Structure* structure)
+{
+    RefPtr<Structure> transition = create(structure->storedPrototype(), structure->typeInfo());
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = transition->m_hasGetterSetterProperties;
+
+    // Don't set m_offset, as one can not transition to this.
+
+    structure->materializePropertyMapIfNecessary();
+    transition->m_propertyTable = structure->copyPropertyTable();
+    transition->m_isPinnedPropertyTable = true;
+
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::toDictionaryTransition(Structure* structure, DictionaryKind kind)
+{
+    ASSERT(!structure->isUncacheableDictionary());
+    
+    RefPtr<Structure> transition = create(structure->m_prototype, structure->typeInfo());
+    transition->m_dictionaryKind = kind;
+    transition->m_propertyStorageCapacity = structure->m_propertyStorageCapacity;
+    transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties;
+    
+    structure->materializePropertyMapIfNecessary();
+    transition->m_propertyTable = structure->copyPropertyTable();
+    transition->m_isPinnedPropertyTable = true;
+    
+    return transition.release();
+}
+
+PassRefPtr<Structure> Structure::toCacheableDictionaryTransition(Structure* structure)
+{
+    return toDictionaryTransition(structure, CachedDictionaryKind);
+}
+
+PassRefPtr<Structure> Structure::toUncacheableDictionaryTransition(Structure* structure)
+{
+    return toDictionaryTransition(structure, UncachedDictionaryKind);
+}
+
+PassRefPtr<Structure> Structure::fromDictionaryTransition(Structure* structure)
+{
+    ASSERT(structure->isDictionary());
+
+    // Since dictionary Structures are not shared, and no opcodes specialize
+    // for them, we don't need to allocate a new Structure when transitioning
+    // to non-dictionary status.
+
+    // FIMXE: We can make this more efficient by canonicalizing the Structure (draining the
+    // deleted offsets vector) before transitioning from dictionary. 
+    if (!structure->m_propertyTable || !structure->m_propertyTable->deletedOffsets || structure->m_propertyTable->deletedOffsets->isEmpty())
+        structure->m_dictionaryKind = NoneDictionaryKind;
+
+    return structure;
+}
+
+size_t Structure::addPropertyWithoutTransition(const Identifier& propertyName, unsigned attributes, JSCell* specificValue)
+{
+    materializePropertyMapIfNecessary();
+
+    m_isPinnedPropertyTable = true;
+    size_t offset = put(propertyName, attributes, specificValue);
+    if (propertyStorageSize() > propertyStorageCapacity())
+        growPropertyStorageCapacity();
+    clearEnumerationCache();
+    return offset;
+}
+
+size_t Structure::removePropertyWithoutTransition(const Identifier& propertyName)
+{
+    ASSERT(isUncacheableDictionary());
+
+    materializePropertyMapIfNecessary();
+
+    m_isPinnedPropertyTable = true;
+    size_t offset = remove(propertyName);
+    clearEnumerationCache();
+    return offset;
+}
+
+#if DUMP_PROPERTYMAP_STATS
+
+static int numProbes;
+static int numCollisions;
+static int numRehashes;
+static int numRemoves;
+
+struct PropertyMapStatisticsExitLogger {
+    ~PropertyMapStatisticsExitLogger();
+};
+
+static PropertyMapStatisticsExitLogger logger;
+
+PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger()
+{
+    printf("\nJSC::PropertyMap statistics\n\n");
+    printf("%d probes\n", numProbes);
+    printf("%d collisions (%.1f%%)\n", numCollisions, 100.0 * numCollisions / numProbes);
+    printf("%d rehashes\n", numRehashes);
+    printf("%d removes\n", numRemoves);
+}
+
+#endif
+
+static const unsigned deletedSentinelIndex = 1;
+
+#if !DO_PROPERTYMAP_CONSTENCY_CHECK
+
+inline void Structure::checkConsistency()
+{
+}
+
+#endif
+
+PropertyMapHashTable* Structure::copyPropertyTable()
+{
+    if (!m_propertyTable)
+        return 0;
+
+    size_t tableSize = PropertyMapHashTable::allocationSize(m_propertyTable->size);
+    PropertyMapHashTable* newTable = static_cast<PropertyMapHashTable*>(fastMalloc(tableSize));
+    memcpy(newTable, m_propertyTable, tableSize);
+
+    unsigned entryCount = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount;
+    for (unsigned i = 1; i <= entryCount; ++i) {
+        if (UString::Rep* key = newTable->entries()[i].key)
+            key->ref();
+    }
+
+    // Copy the deletedOffsets vector.
+    if (m_propertyTable->deletedOffsets)
+        newTable->deletedOffsets = new Vector<unsigned>(*m_propertyTable->deletedOffsets);
+
+    newTable->anonymousSlotCount = m_propertyTable->anonymousSlotCount;
+    return newTable;
+}
+
+size_t Structure::get(const UString::Rep* rep, unsigned& attributes, JSCell*& specificValue)
+{
+    materializePropertyMapIfNecessary();
+    if (!m_propertyTable)
+        return notFound;
+
+    unsigned i = rep->computedHash();
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+#endif
+
+    unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+    if (entryIndex == emptyEntryIndex)
+        return notFound;
+
+    if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+        attributes = m_propertyTable->entries()[entryIndex - 1].attributes;
+        specificValue = m_propertyTable->entries()[entryIndex - 1].specificValue;
+        return m_propertyTable->entries()[entryIndex - 1].offset;
+    }
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numCollisions;
+#endif
+
+    unsigned k = 1 | doubleHash(rep->computedHash());
+
+    while (1) {
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+
+        entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            return notFound;
+
+        if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+            attributes = m_propertyTable->entries()[entryIndex - 1].attributes;
+            specificValue = m_propertyTable->entries()[entryIndex - 1].specificValue;
+            return m_propertyTable->entries()[entryIndex - 1].offset;
+        }
+    }
+}
+
+bool Structure::despecifyFunction(const Identifier& propertyName)
+{
+    ASSERT(!propertyName.isNull());
+
+    materializePropertyMapIfNecessary();
+    if (!m_propertyTable)
+        return false;
+
+    UString::Rep* rep = propertyName._ustring.rep();
+
+    unsigned i = rep->computedHash();
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+#endif
+
+    unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+    if (entryIndex == emptyEntryIndex)
+        return false;
+
+    if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+        ASSERT(m_propertyTable->entries()[entryIndex - 1].specificValue);
+        m_propertyTable->entries()[entryIndex - 1].specificValue = 0;
+        return true;
+    }
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numCollisions;
+#endif
+
+    unsigned k = 1 | doubleHash(rep->computedHash());
+
+    while (1) {
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+
+        entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            return false;
+
+        if (rep == m_propertyTable->entries()[entryIndex - 1].key) {
+            ASSERT(m_propertyTable->entries()[entryIndex - 1].specificValue);
+            m_propertyTable->entries()[entryIndex - 1].specificValue = 0;
+            return true;
+        }
+    }
+}
+
+size_t Structure::put(const Identifier& propertyName, unsigned attributes, JSCell* specificValue)
+{
+    ASSERT(!propertyName.isNull());
+    ASSERT(get(propertyName) == notFound);
+
+    checkConsistency();
+
+    UString::Rep* rep = propertyName._ustring.rep();
+
+    if (!m_propertyTable)
+        createPropertyMapHashTable();
+
+    // FIXME: Consider a fast case for tables with no deleted sentinels.
+
+    unsigned i = rep->computedHash();
+    unsigned k = 0;
+    bool foundDeletedElement = false;
+    unsigned deletedElementIndex = 0; // initialize to make the compiler happy
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+#endif
+
+    while (1) {
+        unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            break;
+
+        if (entryIndex == deletedSentinelIndex) {
+            // If we find a deleted-element sentinel, remember it for use later.
+            if (!foundDeletedElement) {
+                foundDeletedElement = true;
+                deletedElementIndex = i;
+            }
+        }
+
+        if (k == 0) {
+            k = 1 | doubleHash(rep->computedHash());
+#if DUMP_PROPERTYMAP_STATS
+            ++numCollisions;
+#endif
+        }
+
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+    }
+
+    // Figure out which entry to use.
+    unsigned entryIndex = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount + 2;
+    if (foundDeletedElement) {
+        i = deletedElementIndex;
+        --m_propertyTable->deletedSentinelCount;
+
+        // Since we're not making the table bigger, we can't use the entry one past
+        // the end that we were planning on using, so search backwards for the empty
+        // slot that we can use. We know it will be there because we did at least one
+        // deletion in the past that left an entry empty.
+        while (m_propertyTable->entries()[--entryIndex - 1].key) { }
+    }
+
+    // Create a new hash table entry.
+    m_propertyTable->entryIndices[i & m_propertyTable->sizeMask] = entryIndex;
+
+    // Create a new hash table entry.
+    rep->ref();
+    m_propertyTable->entries()[entryIndex - 1].key = rep;
+    m_propertyTable->entries()[entryIndex - 1].attributes = attributes;
+    m_propertyTable->entries()[entryIndex - 1].specificValue = specificValue;
+    m_propertyTable->entries()[entryIndex - 1].index = ++m_propertyTable->lastIndexUsed;
+
+    unsigned newOffset;
+    if (m_propertyTable->deletedOffsets && !m_propertyTable->deletedOffsets->isEmpty()) {
+        newOffset = m_propertyTable->deletedOffsets->last();
+        m_propertyTable->deletedOffsets->removeLast();
+    } else
+        newOffset = m_propertyTable->keyCount + m_propertyTable->anonymousSlotCount;
+    m_propertyTable->entries()[entryIndex - 1].offset = newOffset;
+
+    ++m_propertyTable->keyCount;
+
+    if ((m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount) * 2 >= m_propertyTable->size)
+        expandPropertyMapHashTable();
+
+    checkConsistency();
+    return newOffset;
+}
+
+void Structure::addAnonymousSlots(unsigned count)
+{
+    m_propertyTable->anonymousSlotCount += count;
+}
+
+bool Structure::hasTransition(UString::Rep* rep, unsigned attributes)
+{
+    return table.hasTransition(make_pair(RefPtr<UString::Rep>(rep), attributes));
+}
+
+size_t Structure::remove(const Identifier& propertyName)
+{
+    ASSERT(!propertyName.isNull());
+
+    checkConsistency();
+
+    UString::Rep* rep = propertyName._ustring.rep();
+
+    if (!m_propertyTable)
+        return notFound;
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+    ++numRemoves;
+#endif
+
+    // Find the thing to remove.
+    unsigned i = rep->computedHash();
+    unsigned k = 0;
+    unsigned entryIndex;
+    UString::Rep* key = 0;
+    while (1) {
+        entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            return notFound;
+
+        key = m_propertyTable->entries()[entryIndex - 1].key;
+        if (rep == key)
+            break;
+
+        if (k == 0) {
+            k = 1 | doubleHash(rep->computedHash());
+#if DUMP_PROPERTYMAP_STATS
+            ++numCollisions;
+#endif
+        }
+
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+    }
+
+    // Replace this one element with the deleted sentinel. Also clear out
+    // the entry so we can iterate all the entries as needed.
+    m_propertyTable->entryIndices[i & m_propertyTable->sizeMask] = deletedSentinelIndex;
+
+    size_t offset = m_propertyTable->entries()[entryIndex - 1].offset;
+
+    key->deref();
+    m_propertyTable->entries()[entryIndex - 1].key = 0;
+    m_propertyTable->entries()[entryIndex - 1].attributes = 0;
+    m_propertyTable->entries()[entryIndex - 1].specificValue = 0;
+    m_propertyTable->entries()[entryIndex - 1].offset = 0;
+
+    if (!m_propertyTable->deletedOffsets)
+        m_propertyTable->deletedOffsets = new Vector<unsigned>;
+    m_propertyTable->deletedOffsets->append(offset);
+
+    ASSERT(m_propertyTable->keyCount >= 1);
+    --m_propertyTable->keyCount;
+    ++m_propertyTable->deletedSentinelCount;
+
+    if (m_propertyTable->deletedSentinelCount * 4 >= m_propertyTable->size)
+        rehashPropertyMapHashTable();
+
+    checkConsistency();
+    return offset;
+}
+
+void Structure::insertIntoPropertyMapHashTable(const PropertyMapEntry& entry)
+{
+    ASSERT(m_propertyTable);
+
+    unsigned i = entry.key->computedHash();
+    unsigned k = 0;
+
+#if DUMP_PROPERTYMAP_STATS
+    ++numProbes;
+#endif
+
+    while (1) {
+        unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            break;
+
+        if (k == 0) {
+            k = 1 | doubleHash(entry.key->computedHash());
+#if DUMP_PROPERTYMAP_STATS
+            ++numCollisions;
+#endif
+        }
+
+        i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numRehashes;
+#endif
+    }
+
+    unsigned entryIndex = m_propertyTable->keyCount + 2;
+    m_propertyTable->entryIndices[i & m_propertyTable->sizeMask] = entryIndex;
+    m_propertyTable->entries()[entryIndex - 1] = entry;
+
+    ++m_propertyTable->keyCount;
+}
+
+void Structure::createPropertyMapHashTable()
+{
+    ASSERT(sizeForKeyCount(7) == newTableSize);
+    createPropertyMapHashTable(newTableSize);
+}
+
+void Structure::createPropertyMapHashTable(unsigned newTableSize)
+{
+    ASSERT(!m_propertyTable);
+    ASSERT(isPowerOf2(newTableSize));
+
+    checkConsistency();
+
+    m_propertyTable = static_cast<PropertyMapHashTable*>(fastZeroedMalloc(PropertyMapHashTable::allocationSize(newTableSize)));
+    m_propertyTable->size = newTableSize;
+    m_propertyTable->sizeMask = newTableSize - 1;
+
+    checkConsistency();
+}
+
+void Structure::expandPropertyMapHashTable()
+{
+    ASSERT(m_propertyTable);
+    rehashPropertyMapHashTable(m_propertyTable->size * 2);
+}
+
+void Structure::rehashPropertyMapHashTable()
+{
+    ASSERT(m_propertyTable);
+    ASSERT(m_propertyTable->size);
+    rehashPropertyMapHashTable(m_propertyTable->size);
+}
+
+void Structure::rehashPropertyMapHashTable(unsigned newTableSize)
+{
+    ASSERT(m_propertyTable);
+    ASSERT(isPowerOf2(newTableSize));
+
+    checkConsistency();
+
+    PropertyMapHashTable* oldTable = m_propertyTable;
+
+    m_propertyTable = static_cast<PropertyMapHashTable*>(fastZeroedMalloc(PropertyMapHashTable::allocationSize(newTableSize)));
+    m_propertyTable->size = newTableSize;
+    m_propertyTable->sizeMask = newTableSize - 1;
+    m_propertyTable->anonymousSlotCount = oldTable->anonymousSlotCount;
+
+    unsigned lastIndexUsed = 0;
+    unsigned entryCount = oldTable->keyCount + oldTable->deletedSentinelCount;
+    for (unsigned i = 1; i <= entryCount; ++i) {
+        if (oldTable->entries()[i].key) {
+            lastIndexUsed = max(oldTable->entries()[i].index, lastIndexUsed);
+            insertIntoPropertyMapHashTable(oldTable->entries()[i]);
+        }
+    }
+    m_propertyTable->lastIndexUsed = lastIndexUsed;
+    m_propertyTable->deletedOffsets = oldTable->deletedOffsets;
+
+    fastFree(oldTable);
+
+    checkConsistency();
+}
+
+static int comparePropertyMapEntryIndices(const void* a, const void* b)
+{
+    unsigned ia = static_cast<PropertyMapEntry* const*>(a)[0]->index;
+    unsigned ib = static_cast<PropertyMapEntry* const*>(b)[0]->index;
+    if (ia < ib)
+        return -1;
+    if (ia > ib)
+        return +1;
+    return 0;
+}
+
+void Structure::getNamesFromPropertyTable(PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    materializePropertyMapIfNecessary();
+    if (!m_propertyTable)
+        return;
+
+    if (m_propertyTable->keyCount < tinyMapThreshold) {
+        PropertyMapEntry* a[tinyMapThreshold];
+        int i = 0;
+        unsigned entryCount = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount;
+        for (unsigned k = 1; k <= entryCount; k++) {
+            if (m_propertyTable->entries()[k].key && (!(m_propertyTable->entries()[k].attributes & DontEnum) || includeNonEnumerable)) {
+                PropertyMapEntry* value = &m_propertyTable->entries()[k];
+                int j;
+                for (j = i - 1; j >= 0 && a[j]->index > value->index; --j)
+                    a[j + 1] = a[j];
+                a[j + 1] = value;
+                ++i;
+            }
+        }
+        if (!propertyNames.size()) {
+            for (int k = 0; k < i; ++k)
+                propertyNames.addKnownUnique(a[k]->key);
+        } else {
+            for (int k = 0; k < i; ++k)
+                propertyNames.add(a[k]->key);
+        }
+
+        return;
+    }
+
+    // Allocate a buffer to use to sort the keys.
+    Vector<PropertyMapEntry*, smallMapThreshold> sortedEnumerables(m_propertyTable->keyCount);
+
+    // Get pointers to the enumerable entries in the buffer.
+    PropertyMapEntry** p = sortedEnumerables.data();
+    unsigned entryCount = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount;
+    for (unsigned i = 1; i <= entryCount; i++) {
+        if (m_propertyTable->entries()[i].key && (!(m_propertyTable->entries()[i].attributes & DontEnum) || includeNonEnumerable))
+            *p++ = &m_propertyTable->entries()[i];
+    }
+
+    size_t enumerableCount = p - sortedEnumerables.data();
+    // Sort the entries by index.
+    qsort(sortedEnumerables.data(), enumerableCount, sizeof(PropertyMapEntry*), comparePropertyMapEntryIndices);
+    sortedEnumerables.resize(enumerableCount);
+
+    // Put the keys of the sorted entries into the list.
+    if (!propertyNames.size()) {
+        for (size_t i = 0; i < sortedEnumerables.size(); ++i)
+            propertyNames.addKnownUnique(sortedEnumerables[i]->key);
+    } else {
+        for (size_t i = 0; i < sortedEnumerables.size(); ++i)
+            propertyNames.add(sortedEnumerables[i]->key);
+    }
+}
+
+void Structure::getNamesFromClassInfoTable(ExecState* exec, const ClassInfo* classInfo, PropertyNameArray& propertyNames, bool includeNonEnumerable)
+{
+    // Add properties from the static hashtables of properties
+    for (; classInfo; classInfo = classInfo->parentClass) {
+        const HashTable* table = classInfo->propHashTable(exec);
+        if (!table)
+            continue;
+        table->initializeIfNeeded(exec);
+        ASSERT(table->table);
+
+        int hashSizeMask = table->compactSize - 1;
+        const HashEntry* entry = table->table;
+        for (int i = 0; i <= hashSizeMask; ++i, ++entry) {
+            if (entry->key() && (!(entry->attributes() & DontEnum) || includeNonEnumerable))
+                propertyNames.add(entry->key());
+        }
+    }
+}
+
+#if DO_PROPERTYMAP_CONSTENCY_CHECK
+
+void Structure::checkConsistency()
+{
+    if (!m_propertyTable)
+        return;
+
+    ASSERT(m_propertyTable->size >= newTableSize);
+    ASSERT(m_propertyTable->sizeMask);
+    ASSERT(m_propertyTable->size == m_propertyTable->sizeMask + 1);
+    ASSERT(!(m_propertyTable->size & m_propertyTable->sizeMask));
+
+    ASSERT(m_propertyTable->keyCount <= m_propertyTable->size / 2);
+    ASSERT(m_propertyTable->deletedSentinelCount <= m_propertyTable->size / 4);
+
+    ASSERT(m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount <= m_propertyTable->size / 2);
+
+    unsigned indexCount = 0;
+    unsigned deletedIndexCount = 0;
+    for (unsigned a = 0; a != m_propertyTable->size; ++a) {
+        unsigned entryIndex = m_propertyTable->entryIndices[a];
+        if (entryIndex == emptyEntryIndex)
+            continue;
+        if (entryIndex == deletedSentinelIndex) {
+            ++deletedIndexCount;
+            continue;
+        }
+        ASSERT(entryIndex > deletedSentinelIndex);
+        ASSERT(entryIndex - 1 <= m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount);
+        ++indexCount;
+
+        for (unsigned b = a + 1; b != m_propertyTable->size; ++b)
+            ASSERT(m_propertyTable->entryIndices[b] != entryIndex);
+    }
+    ASSERT(indexCount == m_propertyTable->keyCount);
+    ASSERT(deletedIndexCount == m_propertyTable->deletedSentinelCount);
+
+    ASSERT(m_propertyTable->entries()[0].key == 0);
+
+    unsigned nonEmptyEntryCount = 0;
+    for (unsigned c = 1; c <= m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount; ++c) {
+        UString::Rep* rep = m_propertyTable->entries()[c].key;
+        if (!rep)
+            continue;
+        ++nonEmptyEntryCount;
+        unsigned i = rep->computedHash();
+        unsigned k = 0;
+        unsigned entryIndex;
+        while (1) {
+            entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+            ASSERT(entryIndex != emptyEntryIndex);
+            if (rep == m_propertyTable->entries()[entryIndex - 1].key)
+                break;
+            if (k == 0)
+                k = 1 | doubleHash(rep->computedHash());
+            i += k;
+        }
+        ASSERT(entryIndex == c + 1);
+    }
+
+    ASSERT(nonEmptyEntryCount == m_propertyTable->keyCount);
+}
+
+#endif // DO_PROPERTYMAP_CONSTENCY_CHECK
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.h
new file mode 100644
index 000000000..d012ba9dd
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Structure.h
@@ -0,0 +1,311 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef Structure_h
+#define Structure_h
+
+#include "Identifier.h"
+#include "JSType.h"
+#include "JSValue.h"
+#include "PropertyMapHashTable.h"
+#include "StructureTransitionTable.h"
+#include "JSTypeInfo.h"
+#include "UString.h"
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+
+#ifndef NDEBUG
+#define DUMP_PROPERTYMAP_STATS 0
+#else
+#define DUMP_PROPERTYMAP_STATS 0
+#endif
+
+namespace JSC {
+
+    class MarkStack;
+    class PropertyNameArray;
+    class PropertyNameArrayData;
+    class StructureChain;
+
+    class Structure : public RefCounted<Structure> {
+    public:
+        friend class JIT;
+        friend class StructureTransitionTable;
+        static PassRefPtr<Structure> create(JSValue prototype, const TypeInfo& typeInfo)
+        {
+            return adoptRef(new Structure(prototype, typeInfo));
+        }
+
+        static void startIgnoringLeaks();
+        static void stopIgnoringLeaks();
+
+        static void dumpStatistics();
+
+        static PassRefPtr<Structure> addPropertyTransition(Structure*, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset);
+        static PassRefPtr<Structure> addPropertyTransitionToExistingStructure(Structure*, const Identifier& propertyName, unsigned attributes, JSCell* specificValue, size_t& offset);
+        static PassRefPtr<Structure> removePropertyTransition(Structure*, const Identifier& propertyName, size_t& offset);
+        static PassRefPtr<Structure> changePrototypeTransition(Structure*, JSValue prototype);
+        static PassRefPtr<Structure> despecifyFunctionTransition(Structure*, const Identifier&);
+        static PassRefPtr<Structure> addAnonymousSlotsTransition(Structure*, unsigned count);
+        static PassRefPtr<Structure> getterSetterTransition(Structure*);
+        static PassRefPtr<Structure> toCacheableDictionaryTransition(Structure*);
+        static PassRefPtr<Structure> toUncacheableDictionaryTransition(Structure*);
+        static PassRefPtr<Structure> fromDictionaryTransition(Structure*);
+
+        ~Structure();
+
+        void markAggregate(MarkStack&);
+
+        // These should be used with caution.  
+        size_t addPropertyWithoutTransition(const Identifier& propertyName, unsigned attributes, JSCell* specificValue);
+        size_t removePropertyWithoutTransition(const Identifier& propertyName);
+        void setPrototypeWithoutTransition(JSValue prototype) { m_prototype = prototype; }
+        
+        bool isDictionary() const { return m_dictionaryKind != NoneDictionaryKind; }
+        bool isUncacheableDictionary() const { return m_dictionaryKind == UncachedDictionaryKind; }
+
+        const TypeInfo& typeInfo() const { return m_typeInfo; }
+
+        JSValue storedPrototype() const { return m_prototype; }
+        JSValue prototypeForLookup(ExecState*) const;
+        StructureChain* prototypeChain(ExecState*) const;
+
+        Structure* previousID() const { return m_previous.get(); }
+
+        void growPropertyStorageCapacity();
+        size_t propertyStorageCapacity() const { return m_propertyStorageCapacity; }
+        size_t propertyStorageSize() const { return m_propertyTable ? m_propertyTable->keyCount + m_propertyTable->anonymousSlotCount + (m_propertyTable->deletedOffsets ? m_propertyTable->deletedOffsets->size() : 0) : m_offset + 1; }
+        bool isUsingInlineStorage() const;
+
+        size_t get(const Identifier& propertyName);
+        size_t get(const UString::Rep* rep, unsigned& attributes, JSCell*& specificValue);
+        size_t get(const Identifier& propertyName, unsigned& attributes, JSCell*& specificValue)
+        {
+            ASSERT(!propertyName.isNull());
+            return get(propertyName.ustring().rep(), attributes, specificValue);
+        }
+        bool transitionedFor(const JSCell* specificValue)
+        {
+            return m_specificValueInPrevious == specificValue;
+        }
+        bool hasTransition(UString::Rep*, unsigned attributes);
+        bool hasTransition(const Identifier& propertyName, unsigned attributes)
+        {
+            return hasTransition(propertyName._ustring.rep(), attributes);
+        }
+
+        void getEnumerablePropertyNames(ExecState*, PropertyNameArray&, JSObject*);
+        void getOwnPropertyNames(ExecState*, PropertyNameArray&, JSObject*, bool includeNonEnumerable = false);
+
+        bool hasGetterSetterProperties() const { return m_hasGetterSetterProperties; }
+        void setHasGetterSetterProperties(bool hasGetterSetterProperties) { m_hasGetterSetterProperties = hasGetterSetterProperties; }
+
+        bool isEmpty() const { return m_propertyTable ? !m_propertyTable->keyCount : m_offset == noOffset; }
+
+        JSCell* specificValue() { return m_specificValueInPrevious; }
+        void despecifyDictionaryFunction(const Identifier& propertyName);
+
+    private:
+        Structure(JSValue prototype, const TypeInfo&);
+        
+        typedef enum { 
+            NoneDictionaryKind = 0,
+            CachedDictionaryKind = 1,
+            UncachedDictionaryKind = 2
+        } DictionaryKind;
+        static PassRefPtr<Structure> toDictionaryTransition(Structure*, DictionaryKind);
+
+        size_t put(const Identifier& propertyName, unsigned attributes, JSCell* specificValue);
+        size_t remove(const Identifier& propertyName);
+        void addAnonymousSlots(unsigned slotCount);
+        void getNamesFromPropertyTable(PropertyNameArray&, bool includeNonEnumerable = false);
+        void getNamesFromClassInfoTable(ExecState*, const ClassInfo*, PropertyNameArray&, bool includeNonEnumerable = false);
+
+        void expandPropertyMapHashTable();
+        void rehashPropertyMapHashTable();
+        void rehashPropertyMapHashTable(unsigned newTableSize);
+        void createPropertyMapHashTable();
+        void createPropertyMapHashTable(unsigned newTableSize);
+        void insertIntoPropertyMapHashTable(const PropertyMapEntry&);
+        void checkConsistency();
+
+        bool despecifyFunction(const Identifier&);
+
+        PropertyMapHashTable* copyPropertyTable();
+        void materializePropertyMap();
+        void materializePropertyMapIfNecessary()
+        {
+            if (m_propertyTable || !m_previous)             
+                return;
+            materializePropertyMap();
+        }
+
+        void clearEnumerationCache();
+
+        signed char transitionCount() const
+        {
+            // Since the number of transitions is always the same as m_offset, we keep the size of Structure down by not storing both.
+            return m_offset == noOffset ? 0 : m_offset + 1;
+        }
+        
+        bool isValid(ExecState*, StructureChain* cachedPrototypeChain) const;
+
+        static const unsigned emptyEntryIndex = 0;
+    
+        static const signed char s_maxTransitionLength = 64;
+
+        static const signed char noOffset = -1;
+
+        TypeInfo m_typeInfo;
+
+        JSValue m_prototype;
+        mutable RefPtr<StructureChain> m_cachedPrototypeChain;
+
+        RefPtr<Structure> m_previous;
+        RefPtr<UString::Rep> m_nameInPrevious;
+        JSCell* m_specificValueInPrevious;
+
+        StructureTransitionTable table;
+
+        RefPtr<PropertyNameArrayData> m_cachedPropertyNameArrayData;
+
+        PropertyMapHashTable* m_propertyTable;
+
+        size_t m_propertyStorageCapacity;
+        signed char m_offset;
+
+        unsigned m_dictionaryKind : 2;
+        bool m_isPinnedPropertyTable : 1;
+        bool m_hasGetterSetterProperties : 1;
+#if COMPILER(WINSCW)
+        // Workaround for Symbian WINSCW compiler that cannot resolve unsigned type of the declared 
+        // bitfield, when used as argument in make_pair() function calls in structure.ccp.
+        // This bitfield optimization is insignificant for the Symbian emulator target.
+        unsigned m_attributesInPrevious;
+#else
+        unsigned m_attributesInPrevious : 7;
+#endif
+        unsigned m_anonymousSlotsInPrevious : 6;
+    };
+
+    inline size_t Structure::get(const Identifier& propertyName)
+    {
+        ASSERT(!propertyName.isNull());
+
+        materializePropertyMapIfNecessary();
+        if (!m_propertyTable)
+            return WTF::notFound;
+
+        UString::Rep* rep = propertyName._ustring.rep();
+
+        unsigned i = rep->computedHash();
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numProbes;
+#endif
+
+        unsigned entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+        if (entryIndex == emptyEntryIndex)
+            return WTF::notFound;
+
+        if (rep == m_propertyTable->entries()[entryIndex - 1].key)
+            return m_propertyTable->entries()[entryIndex - 1].offset;
+
+#if DUMP_PROPERTYMAP_STATS
+        ++numCollisions;
+#endif
+
+        unsigned k = 1 | WTF::doubleHash(rep->computedHash());
+
+        while (1) {
+            i += k;
+
+#if DUMP_PROPERTYMAP_STATS
+            ++numRehashes;
+#endif
+
+            entryIndex = m_propertyTable->entryIndices[i & m_propertyTable->sizeMask];
+            if (entryIndex == emptyEntryIndex)
+                return WTF::notFound;
+
+            if (rep == m_propertyTable->entries()[entryIndex - 1].key)
+                return m_propertyTable->entries()[entryIndex - 1].offset;
+        }
+    }
+    
+    bool StructureTransitionTable::contains(const StructureTransitionTableHash::Key& key, JSCell* specificValue)
+    {
+        if (usingSingleTransitionSlot()) {
+            Structure* existingTransition = singleTransition();
+            return existingTransition && existingTransition->m_nameInPrevious.get() == key.first
+                   && existingTransition->m_attributesInPrevious == key.second
+                   && (existingTransition->m_specificValueInPrevious == specificValue || existingTransition->m_specificValueInPrevious == 0);
+        }
+        TransitionTable::iterator find = table()->find(key);
+        if (find == table()->end())
+            return false;
+
+        return find->second.first || find->second.second->transitionedFor(specificValue);
+    }
+
+    Structure* StructureTransitionTable::get(const StructureTransitionTableHash::Key& key, JSCell* specificValue) const
+    {
+        if (usingSingleTransitionSlot()) {
+            Structure* existingTransition = singleTransition();
+            if (existingTransition && existingTransition->m_nameInPrevious.get() == key.first
+                && existingTransition->m_attributesInPrevious == key.second
+                && (existingTransition->m_specificValueInPrevious == specificValue || existingTransition->m_specificValueInPrevious == 0))
+                return existingTransition;
+            return 0;
+        }
+
+        Transition transition = table()->get(key);
+        if (transition.second && transition.second->transitionedFor(specificValue))
+            return transition.second;
+        return transition.first;
+    }
+
+    bool StructureTransitionTable::hasTransition(const StructureTransitionTableHash::Key& key) const
+    {
+        if (usingSingleTransitionSlot()) {
+            Structure* transition = singleTransition();
+            return transition && transition->m_nameInPrevious == key.first
+            && transition->m_attributesInPrevious == key.second;
+        }
+        return table()->contains(key);
+    }
+    
+    void StructureTransitionTable::reifySingleTransition()
+    {
+        ASSERT(usingSingleTransitionSlot());
+        Structure* existingTransition = singleTransition();
+        TransitionTable* transitionTable = new TransitionTable;
+        setTransitionTable(transitionTable);
+        if (existingTransition)
+            add(make_pair(RefPtr<UString::Rep>(existingTransition->m_nameInPrevious.get()), existingTransition->m_attributesInPrevious), existingTransition, existingTransition->m_specificValueInPrevious);
+    }
+} // namespace JSC
+
+#endif // Structure_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.cpp
new file mode 100644
index 000000000..2c38b67ad
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.cpp
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "StructureChain.h"
+#include "Structure.h"
+
+#include "JSObject.h"
+#include "Structure.h"
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+StructureChain::StructureChain(Structure* head)
+{
+    size_t size = 0;
+    for (Structure* current = head; current; current = current->storedPrototype().isNull() ? 0 : asObject(current->storedPrototype())->structure())
+        ++size;
+    
+    m_vector.set(new RefPtr<Structure>[size + 1]);
+
+    size_t i = 0;
+    for (Structure* current = head; current; current = current->storedPrototype().isNull() ? 0 : asObject(current->storedPrototype())->structure())
+        m_vector[i++] = current;
+    m_vector[i] = 0;
+}
+
+PassRefPtr<StructureChain> StructureChain::create(Structure* head)
+{
+    return adoptRef(new StructureChain(head));
+}
+
+bool StructureChain::isCacheable() const
+{
+    uint32_t i = 0;
+    
+    while (m_vector[i]) {
+        // Both classes of dictionary structure may change arbitrarily so we can't cache them
+        if (m_vector[i]->isDictionary())
+            return false;
+        if (!m_vector[i++]->typeInfo().hasDefaultGetPropertyNames())
+            return false;
+    }
+    return true;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.h
new file mode 100644
index 000000000..5990e17d4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureChain.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef StructureChain_h
+#define StructureChain_h
+
+#include <wtf/OwnArrayPtr.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class Structure;
+
+    class StructureChain : public RefCounted<StructureChain> {
+    public:
+        static PassRefPtr<StructureChain> create(Structure* head);
+        RefPtr<Structure>* head() { return m_vector.get(); }
+        bool isCacheable() const;
+
+    private:
+        StructureChain(Structure* head);
+
+        OwnArrayPtr<RefPtr<Structure> > m_vector;
+    };
+
+} // namespace JSC
+
+#endif // StructureChain_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureTransitionTable.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureTransitionTable.h
new file mode 100644
index 000000000..0fa7b73c5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/StructureTransitionTable.h
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef StructureTransitionTable_h
+#define StructureTransitionTable_h
+
+#include "UString.h"
+#include <wtf/HashFunctions.h>
+#include <wtf/HashMap.h>
+#include <wtf/HashTraits.h>
+#include <wtf/PtrAndFlags.h>
+#include <wtf/OwnPtr.h>
+#include <wtf/RefPtr.h>
+
+namespace JSC {
+
+    class Structure;
+
+    struct StructureTransitionTableHash {
+        typedef std::pair<RefPtr<UString::Rep>, unsigned> Key;
+        static unsigned hash(const Key& p)
+        {
+            return p.first->computedHash();
+        }
+
+        static bool equal(const Key& a, const Key& b)
+        {
+            return a == b;
+        }
+
+        static const bool safeToCompareToEmptyOrDeleted = true;
+    };
+
+    struct StructureTransitionTableHashTraits {
+        typedef WTF::HashTraits<RefPtr<UString::Rep> > FirstTraits;
+        typedef WTF::GenericHashTraits<unsigned> SecondTraits;
+        typedef std::pair<FirstTraits::TraitType, SecondTraits::TraitType > TraitType;
+
+        static const bool emptyValueIsZero = FirstTraits::emptyValueIsZero && SecondTraits::emptyValueIsZero;
+        static TraitType emptyValue() { return std::make_pair(FirstTraits::emptyValue(), SecondTraits::emptyValue()); }
+
+        static const bool needsDestruction = FirstTraits::needsDestruction || SecondTraits::needsDestruction;
+
+        static void constructDeletedValue(TraitType& slot) { FirstTraits::constructDeletedValue(slot.first); }
+        static bool isDeletedValue(const TraitType& value) { return FirstTraits::isDeletedValue(value.first); }
+    };
+
+    class StructureTransitionTable {
+        typedef std::pair<Structure*, Structure*> Transition;
+        struct TransitionTable : public HashMap<StructureTransitionTableHash::Key, Transition, StructureTransitionTableHash, StructureTransitionTableHashTraits> {
+            typedef HashMap<unsigned, Structure*> AnonymousSlotMap;
+
+            void addSlotTransition(unsigned count, Structure* structure)
+            {
+                ASSERT(!getSlotTransition(count));
+                if (!m_anonymousSlotTable)
+                    m_anonymousSlotTable.set(new AnonymousSlotMap);
+                m_anonymousSlotTable->add(count, structure);
+            }
+
+            void removeSlotTransition(unsigned count)
+            {
+                ASSERT(getSlotTransition(count));
+                m_anonymousSlotTable->remove(count);
+            }
+
+            Structure* getSlotTransition(unsigned count)
+            {
+                if (!m_anonymousSlotTable)
+                    return 0;
+
+                AnonymousSlotMap::iterator find = m_anonymousSlotTable->find(count);
+                if (find == m_anonymousSlotTable->end())
+                    return 0;
+                return find->second;
+            }
+        private:
+            OwnPtr<AnonymousSlotMap> m_anonymousSlotTable;
+        };
+    public:
+        StructureTransitionTable() {
+            m_transitions.m_singleTransition.set(0);
+            m_transitions.m_singleTransition.setFlag(usingSingleSlot);
+        }
+
+        ~StructureTransitionTable() {
+            if (!usingSingleTransitionSlot())
+                delete table();
+        }
+
+        // The contains and get methods accept imprecise matches, so if an unspecialised transition exists
+        // for the given key they will consider that transition to be a match.  If a specialised transition
+        // exists and it matches the provided specificValue, get will return the specific transition.
+        inline bool contains(const StructureTransitionTableHash::Key&, JSCell* specificValue);
+        inline Structure* get(const StructureTransitionTableHash::Key&, JSCell* specificValue) const;
+        inline bool hasTransition(const StructureTransitionTableHash::Key& key) const;
+        void remove(const StructureTransitionTableHash::Key& key, JSCell* specificValue)
+        {
+            if (usingSingleTransitionSlot()) {
+                ASSERT(contains(key, specificValue));
+                setSingleTransition(0);
+                return;
+            }
+            TransitionTable::iterator find = table()->find(key);
+            if (!specificValue)
+                find->second.first = 0;
+            else
+                find->second.second = 0;
+            if (!find->second.first && !find->second.second)
+                table()->remove(find);
+        }
+        void add(const StructureTransitionTableHash::Key& key, Structure* structure, JSCell* specificValue)
+        {
+            if (usingSingleTransitionSlot()) {
+                if (!singleTransition()) {
+                    setSingleTransition(structure);
+                    return;
+                }
+                reifySingleTransition();
+            }
+            if (!specificValue) {
+                TransitionTable::iterator find = table()->find(key);
+                if (find == table()->end())
+                    table()->add(key, Transition(structure, 0));
+                else
+                    find->second.first = structure;
+            } else {
+                // If we're adding a transition to a specific value, then there cannot be
+                // an existing transition
+                ASSERT(!table()->contains(key));
+                table()->add(key, Transition(0, structure));
+            }
+        }
+
+        Structure* getAnonymousSlotTransition(unsigned count)
+        {
+            if (usingSingleTransitionSlot())
+                return 0;
+            return table()->getSlotTransition(count);
+        }
+
+        void addAnonymousSlotTransition(unsigned count, Structure* structure)
+        {
+            if (usingSingleTransitionSlot())
+                reifySingleTransition();
+            ASSERT(!table()->getSlotTransition(count));
+            table()->addSlotTransition(count, structure);
+        }
+        
+        void removeAnonymousSlotTransition(unsigned count)
+        {
+            ASSERT(!usingSingleTransitionSlot());
+            table()->removeSlotTransition(count);
+        }
+    private:
+        TransitionTable* table() const { ASSERT(!usingSingleTransitionSlot()); return m_transitions.m_table; }
+        Structure* singleTransition() const {
+            ASSERT(usingSingleTransitionSlot());
+            return m_transitions.m_singleTransition.get();
+        }
+        bool usingSingleTransitionSlot() const { return m_transitions.m_singleTransition.isFlagSet(usingSingleSlot); }
+        void setSingleTransition(Structure* structure)
+        { 
+            ASSERT(usingSingleTransitionSlot());
+            m_transitions.m_singleTransition.set(structure);
+        }
+
+        void setTransitionTable(TransitionTable* table)
+        {
+            ASSERT(usingSingleTransitionSlot());
+#ifndef NDEBUG
+            setSingleTransition(0);
+#endif
+            m_transitions.m_table = table;
+            // This implicitly clears the flag that indicates we're using a single transition
+            ASSERT(!usingSingleTransitionSlot());
+        }
+        inline void reifySingleTransition();
+
+        enum UsingSingleSlot {
+            usingSingleSlot
+        };
+        // Last bit indicates whether we are using the single transition optimisation
+        union {
+            TransitionTable* m_table;
+            PtrAndFlagsBase<Structure, UsingSingleSlot> m_singleTransition;
+        } m_transitions;
+    };
+
+} // namespace JSC
+
+#endif // StructureTransitionTable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SymbolTable.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SymbolTable.h
new file mode 100644
index 000000000..f5e266960
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/SymbolTable.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SymbolTable_h
+#define SymbolTable_h
+
+#include "JSObject.h"
+#include "UString.h"
+#include <wtf/AlwaysInline.h>
+
+namespace JSC {
+
+    static ALWAYS_INLINE int missingSymbolMarker() { return std::numeric_limits<int>::max(); }
+
+    // The bit twiddling in this class assumes that every register index is a
+    // reasonably small positive or negative number, and therefore has its high
+    // four bits all set or all unset.
+
+    struct SymbolTableEntry {
+        SymbolTableEntry()
+            : m_bits(0)
+        {
+        }
+
+        SymbolTableEntry(int index)
+        {
+            ASSERT(isValidIndex(index));
+            pack(index, false, false);
+        }
+
+        SymbolTableEntry(int index, unsigned attributes)
+        {
+            ASSERT(isValidIndex(index));
+            pack(index, attributes & ReadOnly, attributes & DontEnum);
+        }
+        
+        bool isNull() const
+        {
+            return !m_bits;
+        }
+
+        int getIndex() const
+        {
+            return m_bits >> FlagBits;
+        }
+
+        unsigned getAttributes() const
+        {
+            unsigned attributes = 0;
+            if (m_bits & ReadOnlyFlag)
+                attributes |= ReadOnly;
+            if (m_bits & DontEnumFlag)
+                attributes |= DontEnum;
+            return attributes;
+        }
+
+        void setAttributes(unsigned attributes)
+        {
+            pack(getIndex(), attributes & ReadOnly, attributes & DontEnum);
+        }
+
+        bool isReadOnly() const
+        {
+            return m_bits & ReadOnlyFlag;
+        }
+
+    private:
+        static const unsigned ReadOnlyFlag = 0x1;
+        static const unsigned DontEnumFlag = 0x2;
+        static const unsigned NotNullFlag = 0x4;
+        static const unsigned FlagBits = 3;
+
+        void pack(int index, bool readOnly, bool dontEnum)
+        {
+            m_bits = (index << FlagBits) | NotNullFlag;
+            if (readOnly)
+                m_bits |= ReadOnlyFlag;
+            if (dontEnum)
+                m_bits |= DontEnumFlag;
+        }
+        
+        bool isValidIndex(int index)
+        {
+            return ((index << FlagBits) >> FlagBits) == index;
+        }
+
+        int m_bits;
+    };
+
+    struct SymbolTableIndexHashTraits {
+        typedef SymbolTableEntry TraitType;
+        static SymbolTableEntry emptyValue() { return SymbolTableEntry(); }
+        static const bool emptyValueIsZero = true;
+        static const bool needsDestruction = false;
+    };
+
+    typedef HashMap<RefPtr<UString::Rep>, SymbolTableEntry, IdentifierRepHash, HashTraits<RefPtr<UString::Rep> >, SymbolTableIndexHashTraits> SymbolTable;
+
+    class SharedSymbolTable : public SymbolTable, public RefCounted<SharedSymbolTable>
+    {
+    };
+    
+} // namespace JSC
+
+#endif // SymbolTable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.cpp
new file mode 100644
index 000000000..0a8bbd331
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.cpp
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "TimeoutChecker.h"
+
+#include "CallFrame.h"
+#include "JSGlobalObject.h"
+
+#if PLATFORM(DARWIN)
+#include <mach/mach.h>
+#elif PLATFORM(WIN_OS)
+#include <windows.h>
+#else
+#include "CurrentTime.h"
+#endif
+
+using namespace std;
+
+namespace JSC {
+
+// Number of ticks before the first timeout check is done.
+static const int ticksUntilFirstCheck = 1024;
+
+// Default number of milliseconds between each timeout check.
+static const int defaultIntervalBetweenChecks = 1000;
+
+// Returns the time the current thread has spent executing, in milliseconds.
+static inline unsigned getCPUTime()
+{
+#if PLATFORM(DARWIN)
+    mach_msg_type_number_t infoCount = THREAD_BASIC_INFO_COUNT;
+    thread_basic_info_data_t info;
+
+    // Get thread information
+    mach_port_t threadPort = mach_thread_self();
+    thread_info(threadPort, THREAD_BASIC_INFO, reinterpret_cast<thread_info_t>(&info), &infoCount);
+    mach_port_deallocate(mach_task_self(), threadPort);
+    
+    unsigned time = info.user_time.seconds * 1000 + info.user_time.microseconds / 1000;
+    time += info.system_time.seconds * 1000 + info.system_time.microseconds / 1000;
+    
+    return time;
+#elif PLATFORM(WIN_OS)
+    union {
+        FILETIME fileTime;
+        unsigned long long fileTimeAsLong;
+    } userTime, kernelTime;
+    
+    // GetThreadTimes won't accept NULL arguments so we pass these even though
+    // they're not used.
+    FILETIME creationTime, exitTime;
+    
+    GetThreadTimes(GetCurrentThread(), &creationTime, &exitTime, &kernelTime.fileTime, &userTime.fileTime);
+    
+    return userTime.fileTimeAsLong / 10000 + kernelTime.fileTimeAsLong / 10000;
+#else
+    // FIXME: We should return the time the current thread has spent executing.
+    return currentTime() * 1000;
+#endif
+}
+
+TimeoutChecker::TimeoutChecker()
+    : m_timeoutInterval(0)
+    , m_startCount(0)
+    , m_intervalBetweenChecks(defaultIntervalBetweenChecks)
+{
+    reset();
+}
+
+TimeoutChecker::~TimeoutChecker()
+{
+}
+
+void TimeoutChecker::reset()
+{
+    m_ticksUntilNextCheck = ticksUntilFirstCheck;
+    m_timeAtLastCheck = 0;
+    m_timeExecuting = 0;
+}
+
+void TimeoutChecker::copyTimeoutValues(TimeoutChecker* other)
+{
+    m_timeoutInterval = other->m_timeoutInterval;
+    m_startCount = other->m_startCount;
+    m_intervalBetweenChecks = other->m_intervalBetweenChecks;
+}
+
+bool TimeoutChecker::didTimeOut(ExecState* exec)
+{
+    unsigned currentTime = getCPUTime();
+    
+    if (!m_timeAtLastCheck) {
+        // Suspicious amount of looping in a script -- start timing it
+        m_timeAtLastCheck = currentTime;
+        return false;
+    }
+    
+    unsigned timeDiff = currentTime - m_timeAtLastCheck;
+    
+    if (timeDiff == 0)
+        timeDiff = 1;
+    
+    m_timeExecuting += timeDiff;
+    m_timeAtLastCheck = currentTime;
+    
+    // Adjust the tick threshold so we get the next checkTimeout call in the
+    // interval specified in intervalBetweenChecks.
+    m_ticksUntilNextCheck = static_cast<unsigned>((static_cast<float>(m_intervalBetweenChecks) / timeDiff) * m_ticksUntilNextCheck);
+    // If the new threshold is 0 reset it to the default threshold. This can happen if the timeDiff is higher than the
+    // preferred script check time interval.
+    if (m_ticksUntilNextCheck == 0)
+        m_ticksUntilNextCheck = ticksUntilFirstCheck;
+    
+    if (m_timeoutInterval && m_timeExecuting > m_timeoutInterval) {
+        if (exec->dynamicGlobalObject()->shouldInterruptScript())
+            return true;
+        
+        reset();
+    }
+    
+    return false;
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.h
new file mode 100644
index 000000000..f9c86ee81
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/TimeoutChecker.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TimeoutChecker_h
+#define TimeoutChecker_h
+
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+    class ExecState;
+
+    class TimeoutChecker {
+    public:
+        TimeoutChecker();
+        virtual ~TimeoutChecker();
+
+        void setTimeoutInterval(unsigned timeoutInterval) { m_timeoutInterval = timeoutInterval; }
+        void setCheckInterval(unsigned checkInterval) { if (checkInterval) m_intervalBetweenChecks = checkInterval; }
+        
+        unsigned ticksUntilNextCheck() { return m_ticksUntilNextCheck; }
+        
+        void start()
+        {
+            if (!m_startCount)
+                reset();
+            ++m_startCount;
+        }
+
+        void stop()
+        {
+            ASSERT(m_startCount);
+            --m_startCount;
+        }
+
+        void reset();
+        void copyTimeoutValues(TimeoutChecker* other);
+
+        virtual bool didTimeOut(ExecState*);
+
+    private:
+        unsigned m_timeoutInterval;
+        unsigned m_timeAtLastCheck;
+        unsigned m_timeExecuting;
+        unsigned m_startCount;
+        unsigned m_ticksUntilNextCheck;
+        unsigned m_intervalBetweenChecks;
+    };
+
+} // namespace JSC
+
+#endif // TimeoutChecker_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Tracing.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Tracing.h
new file mode 100644
index 000000000..e544f6692
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Tracing.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef Tracing_h
+#define Tracing_h
+
+#if HAVE(DTRACE)
+#include "TracingDtrace.h"
+#else
+
+#define JAVASCRIPTCORE_GC_BEGIN()
+#define JAVASCRIPTCORE_GC_BEGIN_ENABLED() 0
+
+#define JAVASCRIPTCORE_GC_END(arg0, arg1)
+#define JAVASCRIPTCORE_GC_END_ENABLED() 0
+
+#define JAVASCRIPTCORE_GC_MARKED()
+#define JAVASCRIPTCORE_GC_MARKED_ENABLED() 0
+
+#define JAVASCRIPTCORE_PROFILE_WILL_EXECUTE(arg0, arg1, arg2, arg3)
+#define JAVASCRIPTCORE_PROFILE_WILL_EXECUTE_ENABLED() 0
+
+#define JAVASCRIPTCORE_PROFILE_DID_EXECUTE(arg0, arg1, arg2, arg3)
+#define JAVASCRIPTCORE_PROFILE_DID_EXECUTE_ENABLED() 0
+
+#endif
+
+#endif // Tracing_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.cpp
new file mode 100644
index 000000000..e66ca93b8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.cpp
@@ -0,0 +1,1772 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca)
+ *  Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "UString.h"
+
+#include "JSGlobalObjectFunctions.h"
+#include "Collector.h"
+#include "dtoa.h"
+#include "Identifier.h"
+#include "Operations.h"
+#include <ctype.h>
+#include <float.h>
+#include <limits.h>
+#include <limits>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <wtf/ASCIICType.h>
+#include <wtf/Assertions.h>
+#include <wtf/MathExtras.h>
+#include <wtf/StringExtras.h>
+#include <wtf/Vector.h>
+#include <wtf/unicode/UTF8.h>
+#include <wtf/StringExtras.h>
+
+#if HAVE(STRING_H)
+#include <string.h>
+#endif
+#if HAVE(STRINGS_H)
+#include <strings.h>
+#endif
+
+using namespace WTF;
+using namespace WTF::Unicode;
+using namespace std;
+
+// This can be tuned differently per platform by putting platform #ifs right here.
+// If you don't define this macro at all, then copyChars will just call directly
+// to memcpy.
+#define USTRING_COPY_CHARS_INLINE_CUTOFF 20
+
+namespace JSC {
+ 
+extern const double NaN;
+extern const double Inf;
+
+// This number must be at least 2 to avoid sharing empty, null as well as 1 character strings from SmallStrings.
+static const int minLengthToShare = 10;
+
+static inline size_t overflowIndicator() { return std::numeric_limits<size_t>::max(); }
+static inline size_t maxUChars() { return std::numeric_limits<size_t>::max() / sizeof(UChar); }
+
+static inline PossiblyNull<UChar*> allocChars(size_t length)
+{
+    ASSERT(length);
+    if (length > maxUChars())
+        return 0;
+    return tryFastMalloc(sizeof(UChar) * length);
+}
+
+static inline PossiblyNull<UChar*> reallocChars(UChar* buffer, size_t length)
+{
+    ASSERT(length);
+    if (length > maxUChars())
+        return 0;
+    return tryFastRealloc(buffer, sizeof(UChar) * length);
+}
+
+static inline void copyChars(UChar* destination, const UChar* source, unsigned numCharacters)
+{
+#ifdef USTRING_COPY_CHARS_INLINE_CUTOFF
+    if (numCharacters <= USTRING_COPY_CHARS_INLINE_CUTOFF) {
+        for (unsigned i = 0; i < numCharacters; ++i)
+            destination[i] = source[i];
+        return;
+    }
+#endif
+    memcpy(destination, source, numCharacters * sizeof(UChar));
+}
+
+COMPILE_ASSERT(sizeof(UChar) == 2, uchar_is_2_bytes);
+
+CString::CString(const char* c)
+    : m_length(strlen(c))
+    , m_data(new char[m_length + 1])
+{
+    memcpy(m_data, c, m_length + 1);
+}
+
+CString::CString(const char* c, size_t length)
+    : m_length(length)
+    , m_data(new char[length + 1])
+{
+    memcpy(m_data, c, m_length);
+    m_data[m_length] = 0;
+}
+
+CString::CString(const CString& b)
+{
+    m_length = b.m_length;
+    if (b.m_data) {
+        m_data = new char[m_length + 1];
+        memcpy(m_data, b.m_data, m_length + 1);
+    } else
+        m_data = 0;
+}
+
+CString::~CString()
+{
+    delete [] m_data;
+}
+
+CString CString::adopt(char* c, size_t length)
+{
+    CString s;
+    s.m_data = c;
+    s.m_length = length;
+    return s;
+}
+
+CString& CString::append(const CString& t)
+{
+    char* n;
+    n = new char[m_length + t.m_length + 1];
+    if (m_length)
+        memcpy(n, m_data, m_length);
+    if (t.m_length)
+        memcpy(n + m_length, t.m_data, t.m_length);
+    m_length += t.m_length;
+    n[m_length] = 0;
+
+    delete [] m_data;
+    m_data = n;
+
+    return *this;
+}
+
+CString& CString::operator=(const char* c)
+{
+    if (m_data)
+        delete [] m_data;
+    m_length = strlen(c);
+    m_data = new char[m_length + 1];
+    memcpy(m_data, c, m_length + 1);
+
+    return *this;
+}
+
+CString& CString::operator=(const CString& str)
+{
+    if (this == &str)
+        return *this;
+
+    if (m_data)
+        delete [] m_data;
+    m_length = str.m_length;
+    if (str.m_data) {
+        m_data = new char[m_length + 1];
+        memcpy(m_data, str.m_data, m_length + 1);
+    } else
+        m_data = 0;
+
+    return *this;
+}
+
+bool operator==(const CString& c1, const CString& c2)
+{
+    size_t len = c1.size();
+    return len == c2.size() && (len == 0 || memcmp(c1.c_str(), c2.c_str(), len) == 0);
+}
+
+// These static strings are immutable, except for rc, whose initial value is chosen to 
+// reduce the possibility of it becoming zero due to ref/deref not being thread-safe.
+static UChar sharedEmptyChar;
+UString::BaseString* UString::Rep::nullBaseString;
+UString::BaseString* UString::Rep::emptyBaseString;
+UString* UString::nullUString;
+
+static void initializeStaticBaseString(UString::BaseString& base)
+{
+    base.rc = INT_MAX / 2;
+    base.m_identifierTableAndFlags.setFlag(UString::Rep::StaticFlag);
+    base.checkConsistency();
+}
+
+void initializeUString()
+{
+    UString::Rep::nullBaseString = new UString::BaseString(0, 0);
+    initializeStaticBaseString(*UString::Rep::nullBaseString);
+
+    UString::Rep::emptyBaseString = new UString::BaseString(&sharedEmptyChar, 0);
+    initializeStaticBaseString(*UString::Rep::emptyBaseString);
+
+    UString::nullUString = new UString;
+}
+
+static char* statBuffer = 0; // Only used for debugging via UString::ascii().
+
+PassRefPtr<UString::Rep> UString::Rep::createCopying(const UChar* d, int l)
+{
+    UChar* copyD = static_cast<UChar*>(fastMalloc(l * sizeof(UChar)));
+    copyChars(copyD, d, l);
+    return create(copyD, l);
+}
+
+PassRefPtr<UString::Rep> UString::Rep::createFromUTF8(const char* string)
+{
+    if (!string)
+        return &UString::Rep::null();
+
+    size_t length = strlen(string);
+    Vector<UChar, 1024> buffer(length);
+    UChar* p = buffer.data();
+    if (conversionOK != convertUTF8ToUTF16(&string, string + length, &p, p + length))
+        return &UString::Rep::null();
+
+    return UString::Rep::createCopying(buffer.data(), p - buffer.data());
+}
+
+PassRefPtr<UString::Rep> UString::Rep::create(UChar* string, int length, PassRefPtr<UString::SharedUChar> sharedBuffer)
+{
+    PassRefPtr<UString::Rep> rep = create(string, length);
+    rep->baseString()->setSharedBuffer(sharedBuffer);
+    rep->checkConsistency();
+    return rep;
+}
+
+UString::SharedUChar* UString::Rep::sharedBuffer()
+{
+    UString::BaseString* base = baseString();
+    if (len < minLengthToShare)
+        return 0;
+
+    return base->sharedBuffer();
+}
+
+void UString::Rep::destroy()
+{
+    checkConsistency();
+
+    // Static null and empty strings can never be destroyed, but we cannot rely on 
+    // reference counting, because ref/deref are not thread-safe.
+    if (!isStatic()) {
+        if (identifierTable())
+            Identifier::remove(this);
+
+        UString::BaseString* base = baseString();
+        if (base == this) {
+            if (m_sharedBuffer)
+                m_sharedBuffer->deref();
+            else
+                fastFree(base->buf);
+        } else
+            base->deref();
+
+        delete this;
+    }
+}
+
+// Golden ratio - arbitrary start value to avoid mapping all 0's to all 0's
+// or anything like that.
+const unsigned PHI = 0x9e3779b9U;
+
+// Paul Hsieh's SuperFastHash
+// http://www.azillionmonkeys.com/qed/hash.html
+unsigned UString::Rep::computeHash(const UChar* s, int len)
+{
+    unsigned l = len;
+    uint32_t hash = PHI;
+    uint32_t tmp;
+
+    int rem = l & 1;
+    l >>= 1;
+
+    // Main loop
+    for (; l > 0; l--) {
+        hash += s[0];
+        tmp = (s[1] << 11) ^ hash;
+        hash = (hash << 16) ^ tmp;
+        s += 2;
+        hash += hash >> 11;
+    }
+
+    // Handle end case
+    if (rem) {
+        hash += s[0];
+        hash ^= hash << 11;
+        hash += hash >> 17;
+    }
+
+    // Force "avalanching" of final 127 bits
+    hash ^= hash << 3;
+    hash += hash >> 5;
+    hash ^= hash << 2;
+    hash += hash >> 15;
+    hash ^= hash << 10;
+
+    // this avoids ever returning a hash code of 0, since that is used to
+    // signal "hash not computed yet", using a value that is likely to be
+    // effectively the same as 0 when the low bits are masked
+    if (hash == 0)
+        hash = 0x80000000;
+
+    return hash;
+}
+
+// Paul Hsieh's SuperFastHash
+// http://www.azillionmonkeys.com/qed/hash.html
+unsigned UString::Rep::computeHash(const char* s, int l)
+{
+    // This hash is designed to work on 16-bit chunks at a time. But since the normal case
+    // (above) is to hash UTF-16 characters, we just treat the 8-bit chars as if they
+    // were 16-bit chunks, which should give matching results
+
+    uint32_t hash = PHI;
+    uint32_t tmp;
+
+    size_t rem = l & 1;
+    l >>= 1;
+
+    // Main loop
+    for (; l > 0; l--) {
+        hash += static_cast<unsigned char>(s[0]);
+        tmp = (static_cast<unsigned char>(s[1]) << 11) ^ hash;
+        hash = (hash << 16) ^ tmp;
+        s += 2;
+        hash += hash >> 11;
+    }
+
+    // Handle end case
+    if (rem) {
+        hash += static_cast<unsigned char>(s[0]);
+        hash ^= hash << 11;
+        hash += hash >> 17;
+    }
+
+    // Force "avalanching" of final 127 bits
+    hash ^= hash << 3;
+    hash += hash >> 5;
+    hash ^= hash << 2;
+    hash += hash >> 15;
+    hash ^= hash << 10;
+
+    // this avoids ever returning a hash code of 0, since that is used to
+    // signal "hash not computed yet", using a value that is likely to be
+    // effectively the same as 0 when the low bits are masked
+    if (hash == 0)
+        hash = 0x80000000;
+
+    return hash;
+}
+
+#ifndef NDEBUG
+void UString::Rep::checkConsistency() const
+{
+    const UString::BaseString* base = baseString();
+
+    // There is no recursion for base strings.
+    ASSERT(base == base->baseString());
+
+    if (isStatic()) {
+        // There are only two static strings: null and empty.
+        ASSERT(!len);
+
+        // Static strings cannot get in identifier tables, because they are globally shared.
+        ASSERT(!identifierTable());
+    }
+
+    // The string fits in buffer.
+    ASSERT(base->usedPreCapacity <= base->preCapacity);
+    ASSERT(base->usedCapacity <= base->capacity);
+    ASSERT(-offset <= base->usedPreCapacity);
+    ASSERT(offset + len <= base->usedCapacity);
+}
+#endif
+
+UString::SharedUChar* UString::BaseString::sharedBuffer()
+{
+    if (!m_sharedBuffer)
+        setSharedBuffer(SharedUChar::create(new OwnFastMallocPtr<UChar>(buf)));
+    return m_sharedBuffer;
+}
+
+void UString::BaseString::setSharedBuffer(PassRefPtr<UString::SharedUChar> sharedBuffer)
+{
+    // The manual steps below are because m_sharedBuffer can't be a RefPtr. m_sharedBuffer
+    // is in a union with another variable to avoid making BaseString any larger.
+    if (m_sharedBuffer)
+        m_sharedBuffer->deref();
+    m_sharedBuffer = sharedBuffer.releaseRef();
+}
+
+bool UString::BaseString::slowIsBufferReadOnly()
+{
+    // The buffer may not be modified as soon as the underlying data has been shared with another class.
+    if (m_sharedBuffer->isShared())
+        return true;
+
+    // At this point, we know it that the underlying buffer isn't shared outside of this base class,
+    // so get rid of m_sharedBuffer.
+    OwnPtr<OwnFastMallocPtr<UChar> > mallocPtr(m_sharedBuffer->release());
+    UChar* unsharedBuf = const_cast<UChar*>(mallocPtr->release());
+    setSharedBuffer(0);
+    preCapacity += (buf - unsharedBuf);
+    buf = unsharedBuf;
+    return false;
+}
+
+// Put these early so they can be inlined.
+static inline size_t expandedSize(size_t capacitySize, size_t precapacitySize)
+{
+    // Combine capacitySize & precapacitySize to produce a single size to allocate,
+    // check that doing so does not result in overflow.
+    size_t size = capacitySize + precapacitySize;
+    if (size < capacitySize)
+        return overflowIndicator();
+
+    // Small Strings (up to 4 pages):
+    // Expand the allocation size to 112.5% of the amount requested.  This is largely sicking
+    // to our previous policy, however 112.5% is cheaper to calculate.
+    if (size < 0x4000) {
+        size_t expandedSize = ((size + (size >> 3)) | 15) + 1;
+        // Given the limited range within which we calculate the expansion in this
+        // fashion the above calculation should never overflow.
+        ASSERT(expandedSize >= size);
+        ASSERT(expandedSize < maxUChars());
+        return expandedSize;
+    }
+
+    // Medium Strings (up to 128 pages):
+    // For pages covering multiple pages over-allocation is less of a concern - any unused
+    // space will not be paged in if it is not used, so this is purely a VM overhead.  For
+    // these strings allocate 2x the requested size.
+    if (size < 0x80000) {
+        size_t expandedSize = ((size + size) | 0xfff) + 1;
+        // Given the limited range within which we calculate the expansion in this
+        // fashion the above calculation should never overflow.
+        ASSERT(expandedSize >= size);
+        ASSERT(expandedSize < maxUChars());
+        return expandedSize;
+    }
+
+    // Large Strings (to infinity and beyond!):
+    // Revert to our 112.5% policy - probably best to limit the amount of unused VM we allow
+    // any individual string be responsible for.
+    size_t expandedSize = ((size + (size >> 3)) | 0xfff) + 1;
+
+    // Check for overflow - any result that is at least as large as requested (but
+    // still below the limit) is okay.
+    if ((expandedSize >= size) && (expandedSize < maxUChars()))
+        return expandedSize;
+    return overflowIndicator();
+}
+
+static inline bool expandCapacity(UString::Rep* rep, int requiredLength)
+{
+    rep->checkConsistency();
+    ASSERT(!rep->baseString()->isBufferReadOnly());
+
+    UString::BaseString* base = rep->baseString();
+
+    if (requiredLength > base->capacity) {
+        size_t newCapacity = expandedSize(requiredLength, base->preCapacity);
+        UChar* oldBuf = base->buf;
+        if (!reallocChars(base->buf, newCapacity).getValue(base->buf)) {
+            base->buf = oldBuf;
+            return false;
+        }
+        base->capacity = newCapacity - base->preCapacity;
+    }
+    if (requiredLength > base->usedCapacity)
+        base->usedCapacity = requiredLength;
+
+    rep->checkConsistency();
+    return true;
+}
+
+bool UString::Rep::reserveCapacity(int capacity)
+{
+    // If this is an empty string there is no point 'growing' it - just allocate a new one.
+    // If the BaseString is shared with another string that is using more capacity than this
+    // string is, then growing the buffer won't help.
+    // If the BaseString's buffer is readonly, then it isn't allowed to grow.
+    UString::BaseString* base = baseString();
+    if (!base->buf || !base->capacity || (offset + len) != base->usedCapacity || base->isBufferReadOnly())
+        return false;
+    
+    // If there is already sufficient capacity, no need to grow!
+    if (capacity <= base->capacity)
+        return true;
+
+    checkConsistency();
+
+    size_t newCapacity = expandedSize(capacity, base->preCapacity);
+    UChar* oldBuf = base->buf;
+    if (!reallocChars(base->buf, newCapacity).getValue(base->buf)) {
+        base->buf = oldBuf;
+        return false;
+    }
+    base->capacity = newCapacity - base->preCapacity;
+
+    checkConsistency();
+    return true;
+}
+
+void UString::expandCapacity(int requiredLength)
+{
+    if (!JSC::expandCapacity(m_rep.get(), requiredLength))
+        makeNull();
+}
+
+void UString::expandPreCapacity(int requiredPreCap)
+{
+    m_rep->checkConsistency();
+    ASSERT(!m_rep->baseString()->isBufferReadOnly());
+
+    BaseString* base = m_rep->baseString();
+
+    if (requiredPreCap > base->preCapacity) {
+        size_t newCapacity = expandedSize(requiredPreCap, base->capacity);
+        int delta = newCapacity - base->capacity - base->preCapacity;
+
+        UChar* newBuf;
+        if (!allocChars(newCapacity).getValue(newBuf)) {
+            makeNull();
+            return;
+        }
+        copyChars(newBuf + delta, base->buf, base->capacity + base->preCapacity);
+        fastFree(base->buf);
+        base->buf = newBuf;
+
+        base->preCapacity = newCapacity - base->capacity;
+    }
+    if (requiredPreCap > base->usedPreCapacity)
+        base->usedPreCapacity = requiredPreCap;
+
+    m_rep->checkConsistency();
+}
+
+static PassRefPtr<UString::Rep> createRep(const char* c)
+{
+    if (!c)
+        return &UString::Rep::null();
+
+    if (!c[0])
+        return &UString::Rep::empty();
+
+    size_t length = strlen(c);
+    UChar* d;
+    if (!allocChars(length).getValue(d))
+        return &UString::Rep::null();
+    else {
+        for (size_t i = 0; i < length; i++)
+            d[i] = static_cast<unsigned char>(c[i]); // use unsigned char to zero-extend instead of sign-extend
+        return UString::Rep::create(d, static_cast<int>(length));
+    }
+
+}
+
+UString::UString(const char* c)
+    : m_rep(createRep(c))
+{
+}
+
+UString::UString(const UChar* c, int length)
+{
+    if (length == 0) 
+        m_rep = &Rep::empty();
+    else
+        m_rep = Rep::createCopying(c, length);
+}
+
+UString::UString(UChar* c, int length, bool copy)
+{
+    if (length == 0)
+        m_rep = &Rep::empty();
+    else if (copy)
+        m_rep = Rep::createCopying(c, length);
+    else
+        m_rep = Rep::create(c, length);
+}
+
+UString::UString(const Vector<UChar>& buffer)
+{
+    if (!buffer.size())
+        m_rep = &Rep::empty();
+    else
+        m_rep = Rep::createCopying(buffer.data(), buffer.size());
+}
+
+static ALWAYS_INLINE int newCapacityWithOverflowCheck(const int currentCapacity, const int extendLength, const bool plusOne = false)
+{
+    ASSERT_WITH_MESSAGE(extendLength >= 0, "extendedLength = %d", extendLength);
+
+    const int plusLength = plusOne ? 1 : 0;
+    if (currentCapacity > std::numeric_limits<int>::max() - extendLength - plusLength)
+        CRASH();
+
+    return currentCapacity + extendLength + plusLength;
+}
+
+static ALWAYS_INLINE PassRefPtr<UString::Rep> concatenate(PassRefPtr<UString::Rep> r, const UChar* tData, int tSize)
+{
+    RefPtr<UString::Rep> rep = r;
+
+    rep->checkConsistency();
+
+    int thisSize = rep->size();
+    int thisOffset = rep->offset;
+    int length = thisSize + tSize;
+    UString::BaseString* base = rep->baseString();
+
+    // possible cases:
+    if (tSize == 0) {
+        // t is empty
+    } else if (thisSize == 0) {
+        // this is empty
+        rep = UString::Rep::createCopying(tData, tSize);
+    } else if (rep == base && !base->isShared()) {
+        // this is direct and has refcount of 1 (so we can just alter it directly)
+        if (!expandCapacity(rep.get(), newCapacityWithOverflowCheck(thisOffset, length)))
+            rep = &UString::Rep::null();
+        if (rep->data()) {
+            copyChars(rep->data() + thisSize, tData, tSize);
+            rep->len = length;
+            rep->_hash = 0;
+        }
+    } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize && !base->isBufferReadOnly()) {
+        // this reaches the end of the buffer - extend it if it's long enough to append to
+        if (!expandCapacity(rep.get(), newCapacityWithOverflowCheck(thisOffset, length)))
+            rep = &UString::Rep::null();
+        if (rep->data()) {
+            copyChars(rep->data() + thisSize, tData, tSize);
+            rep = UString::Rep::create(rep, 0, length);
+        }
+    } else {
+        // This is shared in some way that prevents us from modifying base, so we must make a whole new string.
+        size_t newCapacity = expandedSize(length, 0);
+        UChar* d;
+        if (!allocChars(newCapacity).getValue(d))
+            rep = &UString::Rep::null();
+        else {
+            copyChars(d, rep->data(), thisSize);
+            copyChars(d + thisSize, tData, tSize);
+            rep = UString::Rep::create(d, length);
+            rep->baseString()->capacity = newCapacity;
+        }
+    }
+
+    rep->checkConsistency();
+
+    return rep.release();
+}
+
+static ALWAYS_INLINE PassRefPtr<UString::Rep> concatenate(PassRefPtr<UString::Rep> r, const char* t)
+{
+    RefPtr<UString::Rep> rep = r;
+
+    rep->checkConsistency();
+
+    int thisSize = rep->size();
+    int thisOffset = rep->offset;
+    int tSize = static_cast<int>(strlen(t));
+    int length = thisSize + tSize;
+    UString::BaseString* base = rep->baseString();
+
+    // possible cases:
+    if (thisSize == 0) {
+        // this is empty
+        rep = createRep(t);
+    } else if (tSize == 0) {
+        // t is empty, we'll just return *this below.
+    } else if (rep == base && !base->isShared()) {
+        // this is direct and has refcount of 1 (so we can just alter it directly)
+        expandCapacity(rep.get(), newCapacityWithOverflowCheck(thisOffset, length));
+        UChar* d = rep->data();
+        if (d) {
+            for (int i = 0; i < tSize; ++i)
+                d[thisSize + i] = static_cast<unsigned char>(t[i]); // use unsigned char to zero-extend instead of sign-extend
+            rep->len = length;
+            rep->_hash = 0;
+        }
+    } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize && !base->isBufferReadOnly()) {
+        // this string reaches the end of the buffer - extend it
+        expandCapacity(rep.get(), newCapacityWithOverflowCheck(thisOffset, length));
+        UChar* d = rep->data();
+        if (d) {
+            for (int i = 0; i < tSize; ++i)
+                d[thisSize + i] = static_cast<unsigned char>(t[i]); // use unsigned char to zero-extend instead of sign-extend
+            rep = UString::Rep::create(rep, 0, length);
+        }
+    } else {
+        // This is shared in some way that prevents us from modifying base, so we must make a whole new string.
+        size_t newCapacity = expandedSize(length, 0);
+        UChar* d;
+        if (!allocChars(newCapacity).getValue(d))
+            rep = &UString::Rep::null();
+        else {
+            copyChars(d, rep->data(), thisSize);
+            for (int i = 0; i < tSize; ++i)
+                d[thisSize + i] = static_cast<unsigned char>(t[i]); // use unsigned char to zero-extend instead of sign-extend
+            rep = UString::Rep::create(d, length);
+            rep->baseString()->capacity = newCapacity;
+        }
+    }
+
+    rep->checkConsistency();
+
+    return rep.release();
+}
+
+PassRefPtr<UString::Rep> concatenate(UString::Rep* a, UString::Rep* b)
+{
+    a->checkConsistency();
+    b->checkConsistency();
+
+    int aSize = a->size();
+    int bSize = b->size();
+    int aOffset = a->offset;
+
+    // possible cases:
+
+    UString::BaseString* aBase = a->baseString();
+    if (bSize == 1 && aOffset + aSize == aBase->usedCapacity && aOffset + aSize < aBase->capacity && !aBase->isBufferReadOnly()) {
+        // b is a single character (common fast case)
+        ++aBase->usedCapacity;
+        a->data()[aSize] = b->data()[0];
+        return UString::Rep::create(a, 0, aSize + 1);
+    }
+
+    // a is empty
+    if (aSize == 0)
+        return b;
+    // b is empty
+    if (bSize == 0)
+        return a;
+
+    int bOffset = b->offset;
+    int length = aSize + bSize;
+
+    UString::BaseString* bBase = b->baseString();
+    if (aOffset + aSize == aBase->usedCapacity && aSize >= minShareSize && 4 * aSize >= bSize
+        && (-bOffset != bBase->usedPreCapacity || aSize >= bSize) && !aBase->isBufferReadOnly()) {
+        // - a reaches the end of its buffer so it qualifies for shared append
+        // - also, it's at least a quarter the length of b - appending to a much shorter
+        //   string does more harm than good
+        // - however, if b qualifies for prepend and is longer than a, we'd rather prepend
+        
+        UString x(a);
+        x.expandCapacity(newCapacityWithOverflowCheck(aOffset, length));
+        if (!a->data() || !x.data())
+            return 0;
+        copyChars(a->data() + aSize, b->data(), bSize);
+        PassRefPtr<UString::Rep> result = UString::Rep::create(a, 0, length);
+
+        a->checkConsistency();
+        b->checkConsistency();
+        result->checkConsistency();
+
+        return result;
+    }
+
+    if (-bOffset == bBase->usedPreCapacity && bSize >= minShareSize && 4 * bSize >= aSize && !bBase->isBufferReadOnly()) {
+        // - b reaches the beginning of its buffer so it qualifies for shared prepend
+        // - also, it's at least a quarter the length of a - prepending to a much shorter
+        //   string does more harm than good
+        UString y(b);
+        y.expandPreCapacity(-bOffset + aSize);
+        if (!b->data() || !y.data())
+            return 0;
+        copyChars(b->data() - aSize, a->data(), aSize);
+        PassRefPtr<UString::Rep> result = UString::Rep::create(b, -aSize, length);
+
+        a->checkConsistency();
+        b->checkConsistency();
+        result->checkConsistency();
+
+        return result;
+    }
+
+    // a does not qualify for append, and b does not qualify for prepend, gotta make a whole new string
+    size_t newCapacity = expandedSize(length, 0);
+    UChar* d;
+    if (!allocChars(newCapacity).getValue(d))
+        return 0;
+    copyChars(d, a->data(), aSize);
+    copyChars(d + aSize, b->data(), bSize);
+    PassRefPtr<UString::Rep> result = UString::Rep::create(d, length);
+    result->baseString()->capacity = newCapacity;
+
+    a->checkConsistency();
+    b->checkConsistency();
+    result->checkConsistency();
+
+    return result;
+}
+
+PassRefPtr<UString::Rep> concatenate(UString::Rep* rep, int i)
+{
+    UChar buf[1 + sizeof(i) * 3];
+    UChar* end = buf + sizeof(buf) / sizeof(UChar);
+    UChar* p = end;
+  
+    if (i == 0)
+        *--p = '0';
+    else if (i == INT_MIN) {
+        char minBuf[1 + sizeof(i) * 3];
+        sprintf(minBuf, "%d", INT_MIN);
+        return concatenate(rep, minBuf);
+    } else {
+        bool negative = false;
+        if (i < 0) {
+            negative = true;
+            i = -i;
+        }
+        while (i) {
+            *--p = static_cast<unsigned short>((i % 10) + '0');
+            i /= 10;
+        }
+        if (negative)
+            *--p = '-';
+    }
+
+    return concatenate(rep, p, static_cast<int>(end - p));
+
+}
+
+PassRefPtr<UString::Rep> concatenate(UString::Rep* rep, double d)
+{
+    // avoid ever printing -NaN, in JS conceptually there is only one NaN value
+    if (isnan(d))
+        return concatenate(rep, "NaN");
+
+    if (d == 0.0) // stringify -0 as 0
+        d = 0.0;
+
+    char buf[80];
+    int decimalPoint;
+    int sign;
+
+    char result[80];
+    WTF::dtoa(result, d, 0, &decimalPoint, &sign, NULL);
+    int length = static_cast<int>(strlen(result));
+  
+    int i = 0;
+    if (sign)
+        buf[i++] = '-';
+  
+    if (decimalPoint <= 0 && decimalPoint > -6) {
+        buf[i++] = '0';
+        buf[i++] = '.';
+        for (int j = decimalPoint; j < 0; j++)
+            buf[i++] = '0';
+        strcpy(buf + i, result);
+    } else if (decimalPoint <= 21 && decimalPoint > 0) {
+        if (length <= decimalPoint) {
+            strcpy(buf + i, result);
+            i += length;
+            for (int j = 0; j < decimalPoint - length; j++)
+                buf[i++] = '0';
+            buf[i] = '\0';
+        } else {
+            strncpy(buf + i, result, decimalPoint);
+            i += decimalPoint;
+            buf[i++] = '.';
+            strcpy(buf + i, result + decimalPoint);
+        }
+    } else if (result[0] < '0' || result[0] > '9')
+        strcpy(buf + i, result);
+    else {
+        buf[i++] = result[0];
+        if (length > 1) {
+            buf[i++] = '.';
+            strcpy(buf + i, result + 1);
+            i += length - 1;
+        }
+        
+        buf[i++] = 'e';
+        buf[i++] = (decimalPoint >= 0) ? '+' : '-';
+        // decimalPoint can't be more than 3 digits decimal given the
+        // nature of float representation
+        int exponential = decimalPoint - 1;
+        if (exponential < 0)
+            exponential = -exponential;
+        if (exponential >= 100)
+            buf[i++] = static_cast<char>('0' + exponential / 100);
+        if (exponential >= 10)
+            buf[i++] = static_cast<char>('0' + (exponential % 100) / 10);
+        buf[i++] = static_cast<char>('0' + exponential % 10);
+        buf[i++] = '\0';
+    }
+    
+    return concatenate(rep, buf);
+}
+
+UString UString::from(int i)
+{
+    UChar buf[1 + sizeof(i) * 3];
+    UChar* end = buf + sizeof(buf) / sizeof(UChar);
+    UChar* p = end;
+  
+    if (i == 0)
+        *--p = '0';
+    else if (i == INT_MIN) {
+        char minBuf[1 + sizeof(i) * 3];
+        sprintf(minBuf, "%d", INT_MIN);
+        return UString(minBuf);
+    } else {
+        bool negative = false;
+        if (i < 0) {
+            negative = true;
+            i = -i;
+        }
+        while (i) {
+            *--p = static_cast<unsigned short>((i % 10) + '0');
+            i /= 10;
+        }
+        if (negative)
+            *--p = '-';
+    }
+
+    return UString(p, static_cast<int>(end - p));
+}
+
+UString UString::from(long long i)
+{
+    UChar buf[1 + sizeof(i) * 3];
+    UChar* end = buf + sizeof(buf) / sizeof(UChar);
+    UChar* p = end;
+
+    if (i == 0)
+        *--p = '0';
+    else if (i == std::numeric_limits<long long>::min()) {
+        char minBuf[1 + sizeof(i) * 3];
+#if PLATFORM(WIN_OS)
+        snprintf(minBuf, sizeof(minBuf) - 1, "%I64d", std::numeric_limits<long long>::min());
+#else
+        snprintf(minBuf, sizeof(minBuf) - 1, "%lld", std::numeric_limits<long long>::min());
+#endif
+        return UString(minBuf);
+    } else {
+        bool negative = false;
+        if (i < 0) {
+            negative = true;
+            i = -i;
+        }
+        while (i) {
+            *--p = static_cast<unsigned short>((i % 10) + '0');
+            i /= 10;
+        }
+        if (negative)
+            *--p = '-';
+    }
+
+    return UString(p, static_cast<int>(end - p));
+}
+
+UString UString::from(unsigned int u)
+{
+    UChar buf[sizeof(u) * 3];
+    UChar* end = buf + sizeof(buf) / sizeof(UChar);
+    UChar* p = end;
+    
+    if (u == 0)
+        *--p = '0';
+    else {
+        while (u) {
+            *--p = static_cast<unsigned short>((u % 10) + '0');
+            u /= 10;
+        }
+    }
+    
+    return UString(p, static_cast<int>(end - p));
+}
+
+UString UString::from(long l)
+{
+    UChar buf[1 + sizeof(l) * 3];
+    UChar* end = buf + sizeof(buf) / sizeof(UChar);
+    UChar* p = end;
+
+    if (l == 0)
+        *--p = '0';
+    else if (l == LONG_MIN) {
+        char minBuf[1 + sizeof(l) * 3];
+        sprintf(minBuf, "%ld", LONG_MIN);
+        return UString(minBuf);
+    } else {
+        bool negative = false;
+        if (l < 0) {
+            negative = true;
+            l = -l;
+        }
+        while (l) {
+            *--p = static_cast<unsigned short>((l % 10) + '0');
+            l /= 10;
+        }
+        if (negative)
+            *--p = '-';
+    }
+
+    return UString(p, static_cast<int>(end - p));
+}
+
+UString UString::from(double d)
+{
+    // avoid ever printing -NaN, in JS conceptually there is only one NaN value
+    if (isnan(d))
+        return "NaN";
+    if (!d)
+        return "0"; // -0 -> "0"
+
+    char buf[80];
+    int decimalPoint;
+    int sign;
+    
+    char result[80];
+    WTF::dtoa(result, d, 0, &decimalPoint, &sign, NULL);
+    int length = static_cast<int>(strlen(result));
+  
+    int i = 0;
+    if (sign)
+        buf[i++] = '-';
+  
+    if (decimalPoint <= 0 && decimalPoint > -6) {
+        buf[i++] = '0';
+        buf[i++] = '.';
+        for (int j = decimalPoint; j < 0; j++)
+            buf[i++] = '0';
+        strcpy(buf + i, result);
+    } else if (decimalPoint <= 21 && decimalPoint > 0) {
+        if (length <= decimalPoint) {
+            strcpy(buf + i, result);
+            i += length;
+            for (int j = 0; j < decimalPoint - length; j++)
+                buf[i++] = '0';
+            buf[i] = '\0';
+        } else {
+            strncpy(buf + i, result, decimalPoint);
+            i += decimalPoint;
+            buf[i++] = '.';
+            strcpy(buf + i, result + decimalPoint);
+        }
+    } else if (result[0] < '0' || result[0] > '9')
+        strcpy(buf + i, result);
+    else {
+        buf[i++] = result[0];
+        if (length > 1) {
+            buf[i++] = '.';
+            strcpy(buf + i, result + 1);
+            i += length - 1;
+        }
+        
+        buf[i++] = 'e';
+        buf[i++] = (decimalPoint >= 0) ? '+' : '-';
+        // decimalPoint can't be more than 3 digits decimal given the
+        // nature of float representation
+        int exponential = decimalPoint - 1;
+        if (exponential < 0)
+            exponential = -exponential;
+        if (exponential >= 100)
+            buf[i++] = static_cast<char>('0' + exponential / 100);
+        if (exponential >= 10)
+            buf[i++] = static_cast<char>('0' + (exponential % 100) / 10);
+        buf[i++] = static_cast<char>('0' + exponential % 10);
+        buf[i++] = '\0';
+    }
+    
+    return UString(buf);
+}
+
+UString UString::spliceSubstringsWithSeparators(const Range* substringRanges, int rangeCount, const UString* separators, int separatorCount) const
+{
+    m_rep->checkConsistency();
+
+    if (rangeCount == 1 && separatorCount == 0) {
+        int thisSize = size();
+        int position = substringRanges[0].position;
+        int length = substringRanges[0].length;
+        if (position <= 0 && length >= thisSize)
+            return *this;
+        return UString::Rep::create(m_rep, max(0, position), min(thisSize, length));
+    }
+
+    int totalLength = 0;
+    for (int i = 0; i < rangeCount; i++)
+        totalLength += substringRanges[i].length;
+    for (int i = 0; i < separatorCount; i++)
+        totalLength += separators[i].size();
+
+    if (totalLength == 0)
+        return "";
+
+    UChar* buffer;
+    if (!allocChars(totalLength).getValue(buffer))
+        return null();
+
+    int maxCount = max(rangeCount, separatorCount);
+    int bufferPos = 0;
+    for (int i = 0; i < maxCount; i++) {
+        if (i < rangeCount) {
+            copyChars(buffer + bufferPos, data() + substringRanges[i].position, substringRanges[i].length);
+            bufferPos += substringRanges[i].length;
+        }
+        if (i < separatorCount) {
+            copyChars(buffer + bufferPos, separators[i].data(), separators[i].size());
+            bufferPos += separators[i].size();
+        }
+    }
+
+    return UString::Rep::create(buffer, totalLength);
+}
+
+UString UString::replaceRange(int rangeStart, int rangeLength, const UString& replacement) const
+{
+    m_rep->checkConsistency();
+
+    int replacementLength = replacement.size();
+    int totalLength = size() - rangeLength + replacementLength;
+    if (totalLength == 0)
+        return "";
+
+    UChar* buffer;
+    if (!allocChars(totalLength).getValue(buffer))
+        return null();
+
+    copyChars(buffer, data(), rangeStart);
+    copyChars(buffer + rangeStart, replacement.data(), replacementLength);
+    int rangeEnd = rangeStart + rangeLength;
+    copyChars(buffer + rangeStart + replacementLength, data() + rangeEnd, size() - rangeEnd);
+
+    return UString::Rep::create(buffer, totalLength);
+}
+
+
+UString& UString::append(const UString &t)
+{
+    m_rep->checkConsistency();
+    t.rep()->checkConsistency();
+
+    int thisSize = size();
+    int thisOffset = m_rep->offset;
+    int tSize = t.size();
+    int length = thisSize + tSize;
+    BaseString* base = m_rep->baseString();
+
+    // possible cases:
+    if (thisSize == 0) {
+        // this is empty
+        *this = t;
+    } else if (tSize == 0) {
+        // t is empty
+    } else if (m_rep == base && !base->isShared()) {
+        // this is direct and has refcount of 1 (so we can just alter it directly)
+        expandCapacity(newCapacityWithOverflowCheck(thisOffset, length));
+        if (data()) {
+            copyChars(m_rep->data() + thisSize, t.data(), tSize);
+            m_rep->len = length;
+            m_rep->_hash = 0;
+        }
+    } else if (thisOffset + thisSize == base->usedCapacity && thisSize >= minShareSize && !base->isBufferReadOnly()) {
+        // this reaches the end of the buffer - extend it if it's long enough to append to
+        expandCapacity(newCapacityWithOverflowCheck(thisOffset, length));
+        if (data()) {
+            copyChars(m_rep->data() + thisSize, t.data(), tSize);
+            m_rep = Rep::create(m_rep, 0, length);
+        }
+    } else {
+        // This is shared in some way that prevents us from modifying base, so we must make a whole new string.
+        size_t newCapacity = expandedSize(length, 0);
+        UChar* d;
+        if (!allocChars(newCapacity).getValue(d))
+            makeNull();
+        else {
+            copyChars(d, data(), thisSize);
+            copyChars(d + thisSize, t.data(), tSize);
+            m_rep = Rep::create(d, length);
+            m_rep->baseString()->capacity = newCapacity;
+        }
+    }
+
+    m_rep->checkConsistency();
+    t.rep()->checkConsistency();
+
+    return *this;
+}
+
+UString& UString::append(const UChar* tData, int tSize)
+{
+    m_rep = concatenate(m_rep.release(), tData, tSize);
+    return *this;
+}
+
+UString& UString::append(const char* t)
+{
+    m_rep = concatenate(m_rep.release(), t);
+    return *this;
+}
+
+UString& UString::append(UChar c)
+{
+    m_rep->checkConsistency();
+
+    int thisOffset = m_rep->offset;
+    int length = size();
+    BaseString* base = m_rep->baseString();
+
+    // possible cases:
+    if (length == 0) {
+        // this is empty - must make a new m_rep because we don't want to pollute the shared empty one 
+        size_t newCapacity = expandedSize(1, 0);
+        UChar* d;
+        if (!allocChars(newCapacity).getValue(d))
+            makeNull();
+        else {
+            d[0] = c;
+            m_rep = Rep::create(d, 1);
+            m_rep->baseString()->capacity = newCapacity;
+        }
+    } else if (m_rep == base && !base->isShared()) {
+        // this is direct and has refcount of 1 (so we can just alter it directly)
+        expandCapacity(newCapacityWithOverflowCheck(thisOffset, length, true));
+        UChar* d = m_rep->data();
+        if (d) {
+            d[length] = c;
+            m_rep->len = length + 1;
+            m_rep->_hash = 0;
+        }
+    } else if (thisOffset + length == base->usedCapacity && length >= minShareSize && !base->isBufferReadOnly()) {
+        // this reaches the end of the string - extend it and share
+        expandCapacity(newCapacityWithOverflowCheck(thisOffset, length, true));
+        UChar* d = m_rep->data();
+        if (d) {
+            d[length] = c;
+            m_rep = Rep::create(m_rep, 0, length + 1);
+        }
+    } else {
+        // This is shared in some way that prevents us from modifying base, so we must make a whole new string.
+        size_t newCapacity = expandedSize(length + 1, 0);
+        UChar* d;
+        if (!allocChars(newCapacity).getValue(d))
+            makeNull();
+        else {
+            copyChars(d, data(), length);
+            d[length] = c;
+            m_rep = Rep::create(d, length + 1);
+            m_rep->baseString()->capacity = newCapacity;
+        }
+    }
+
+    m_rep->checkConsistency();
+
+    return *this;
+}
+
+bool UString::getCString(CStringBuffer& buffer) const
+{
+    int length = size();
+    int neededSize = length + 1;
+    buffer.resize(neededSize);
+    char* buf = buffer.data();
+
+    UChar ored = 0;
+    const UChar* p = data();
+    char* q = buf;
+    const UChar* limit = p + length;
+    while (p != limit) {
+        UChar c = p[0];
+        ored |= c;
+        *q = static_cast<char>(c);
+        ++p;
+        ++q;
+    }
+    *q = '\0';
+
+    return !(ored & 0xFF00);
+}
+
+char* UString::ascii() const
+{
+    int length = size();
+    int neededSize = length + 1;
+    delete[] statBuffer;
+    statBuffer = new char[neededSize];
+
+    const UChar* p = data();
+    char* q = statBuffer;
+    const UChar* limit = p + length;
+    while (p != limit) {
+        *q = static_cast<char>(p[0]);
+        ++p;
+        ++q;
+    }
+    *q = '\0';
+
+    return statBuffer;
+}
+
+UString& UString::operator=(const char* c)
+{
+    if (!c) {
+        m_rep = &Rep::null();
+        return *this;
+    }
+
+    if (!c[0]) {
+        m_rep = &Rep::empty();
+        return *this;
+    }
+
+    int l = static_cast<int>(strlen(c));
+    UChar* d;
+    BaseString* base = m_rep->baseString();
+    if (!base->isShared() && l <= base->capacity && m_rep == base && m_rep->offset == 0 && base->preCapacity == 0) {
+        d = base->buf;
+        m_rep->_hash = 0;
+        m_rep->len = l;
+    } else {
+        if (!allocChars(l).getValue(d)) {
+            makeNull();
+            return *this;
+        }
+        m_rep = Rep::create(d, l);
+    }
+    for (int i = 0; i < l; i++)
+        d[i] = static_cast<unsigned char>(c[i]); // use unsigned char to zero-extend instead of sign-extend
+
+    return *this;
+}
+
+bool UString::is8Bit() const
+{
+    const UChar* u = data();
+    const UChar* limit = u + size();
+    while (u < limit) {
+        if (u[0] > 0xFF)
+            return false;
+        ++u;
+    }
+
+    return true;
+}
+
+UChar UString::operator[](int pos) const
+{
+    if (pos >= size())
+        return '\0';
+    return data()[pos];
+}
+
+double UString::toDouble(bool tolerateTrailingJunk, bool tolerateEmptyString) const
+{
+    if (size() == 1) {
+        UChar c = data()[0];
+        if (isASCIIDigit(c))
+            return c - '0';
+        if (isASCIISpace(c) && tolerateEmptyString)
+            return 0;
+        return NaN;
+    }
+
+    // FIXME: If tolerateTrailingJunk is true, then we want to tolerate non-8-bit junk
+    // after the number, so this is too strict a check.
+    CStringBuffer s;
+    if (!getCString(s))
+        return NaN;
+    const char* c = s.data();
+
+    // skip leading white space
+    while (isASCIISpace(*c))
+        c++;
+
+    // empty string ?
+    if (*c == '\0')
+        return tolerateEmptyString ? 0.0 : NaN;
+
+    double d;
+
+    // hex number ?
+    if (*c == '0' && (*(c + 1) == 'x' || *(c + 1) == 'X')) {
+        const char* firstDigitPosition = c + 2;
+        c++;
+        d = 0.0;
+        while (*(++c)) {
+            if (*c >= '0' && *c <= '9')
+                d = d * 16.0 + *c - '0';
+            else if ((*c >= 'A' && *c <= 'F') || (*c >= 'a' && *c <= 'f'))
+                d = d * 16.0 + (*c & 0xdf) - 'A' + 10.0;
+            else
+                break;
+        }
+
+        if (d >= mantissaOverflowLowerBound)
+            d = parseIntOverflow(firstDigitPosition, c - firstDigitPosition, 16);
+    } else {
+        // regular number ?
+        char* end;
+        d = WTF::strtod(c, &end);
+        if ((d != 0.0 || end != c) && d != Inf && d != -Inf) {
+            c = end;
+        } else {
+            double sign = 1.0;
+
+            if (*c == '+')
+                c++;
+            else if (*c == '-') {
+                sign = -1.0;
+                c++;
+            }
+
+            // We used strtod() to do the conversion. However, strtod() handles
+            // infinite values slightly differently than JavaScript in that it
+            // converts the string "inf" with any capitalization to infinity,
+            // whereas the ECMA spec requires that it be converted to NaN.
+
+            if (c[0] == 'I' && c[1] == 'n' && c[2] == 'f' && c[3] == 'i' && c[4] == 'n' && c[5] == 'i' && c[6] == 't' && c[7] == 'y') {
+                d = sign * Inf;
+                c += 8;
+            } else if ((d == Inf || d == -Inf) && *c != 'I' && *c != 'i')
+                c = end;
+            else
+                return NaN;
+        }
+    }
+
+    // allow trailing white space
+    while (isASCIISpace(*c))
+        c++;
+    // don't allow anything after - unless tolerant=true
+    if (!tolerateTrailingJunk && *c != '\0')
+        d = NaN;
+
+    return d;
+}
+
+double UString::toDouble(bool tolerateTrailingJunk) const
+{
+    return toDouble(tolerateTrailingJunk, true);
+}
+
+double UString::toDouble() const
+{
+    return toDouble(false, true);
+}
+
+uint32_t UString::toUInt32(bool* ok) const
+{
+    double d = toDouble();
+    bool b = true;
+
+    if (d != static_cast<uint32_t>(d)) {
+        b = false;
+        d = 0;
+    }
+
+    if (ok)
+        *ok = b;
+
+    return static_cast<uint32_t>(d);
+}
+
+uint32_t UString::toUInt32(bool* ok, bool tolerateEmptyString) const
+{
+    double d = toDouble(false, tolerateEmptyString);
+    bool b = true;
+
+    if (d != static_cast<uint32_t>(d)) {
+        b = false;
+        d = 0;
+    }
+
+    if (ok)
+        *ok = b;
+
+    return static_cast<uint32_t>(d);
+}
+
+uint32_t UString::toStrictUInt32(bool* ok) const
+{
+    if (ok)
+        *ok = false;
+
+    // Empty string is not OK.
+    int len = m_rep->len;
+    if (len == 0)
+        return 0;
+    const UChar* p = m_rep->data();
+    unsigned short c = p[0];
+
+    // If the first digit is 0, only 0 itself is OK.
+    if (c == '0') {
+        if (len == 1 && ok)
+            *ok = true;
+        return 0;
+    }
+
+    // Convert to UInt32, checking for overflow.
+    uint32_t i = 0;
+    while (1) {
+        // Process character, turning it into a digit.
+        if (c < '0' || c > '9')
+            return 0;
+        const unsigned d = c - '0';
+
+        // Multiply by 10, checking for overflow out of 32 bits.
+        if (i > 0xFFFFFFFFU / 10)
+            return 0;
+        i *= 10;
+
+        // Add in the digit, checking for overflow out of 32 bits.
+        const unsigned max = 0xFFFFFFFFU - d;
+        if (i > max)
+            return 0;
+        i += d;
+
+        // Handle end of string.
+        if (--len == 0) {
+            if (ok)
+                *ok = true;
+            return i;
+        }
+
+        // Get next character.
+        c = *(++p);
+    }
+}
+
+int UString::find(const UString& f, int pos) const
+{
+    int fsz = f.size();
+
+    if (pos < 0)
+        pos = 0;
+
+    if (fsz == 1) {
+        UChar ch = f[0];
+        const UChar* end = data() + size();
+        for (const UChar* c = data() + pos; c < end; c++) {
+            if (*c == ch)
+                return static_cast<int>(c - data());
+        }
+        return -1;
+    }
+
+    int sz = size();
+    if (sz < fsz)
+        return -1;
+    if (fsz == 0)
+        return pos;
+    const UChar* end = data() + sz - fsz;
+    int fsizeminusone = (fsz - 1) * sizeof(UChar);
+    const UChar* fdata = f.data();
+    unsigned short fchar = fdata[0];
+    ++fdata;
+    for (const UChar* c = data() + pos; c <= end; c++) {
+        if (c[0] == fchar && !memcmp(c + 1, fdata, fsizeminusone))
+            return static_cast<int>(c - data());
+    }
+
+    return -1;
+}
+
+int UString::find(UChar ch, int pos) const
+{
+    if (pos < 0)
+        pos = 0;
+    const UChar* end = data() + size();
+    for (const UChar* c = data() + pos; c < end; c++) {
+        if (*c == ch)
+            return static_cast<int>(c - data());
+    }
+    
+    return -1;
+}
+
+int UString::rfind(const UString& f, int pos) const
+{
+    int sz = size();
+    int fsz = f.size();
+    if (sz < fsz)
+        return -1;
+    if (pos < 0)
+        pos = 0;
+    if (pos > sz - fsz)
+        pos = sz - fsz;
+    if (fsz == 0)
+        return pos;
+    int fsizeminusone = (fsz - 1) * sizeof(UChar);
+    const UChar* fdata = f.data();
+    for (const UChar* c = data() + pos; c >= data(); c--) {
+        if (*c == *fdata && !memcmp(c + 1, fdata + 1, fsizeminusone))
+            return static_cast<int>(c - data());
+    }
+
+    return -1;
+}
+
+int UString::rfind(UChar ch, int pos) const
+{
+    if (isEmpty())
+        return -1;
+    if (pos + 1 >= size())
+        pos = size() - 1;
+    for (const UChar* c = data() + pos; c >= data(); c--) {
+        if (*c == ch)
+            return static_cast<int>(c - data());
+    }
+
+    return -1;
+}
+
+UString UString::substr(int pos, int len) const
+{
+    int s = size();
+
+    if (pos < 0)
+        pos = 0;
+    else if (pos >= s)
+        pos = s;
+    if (len < 0)
+        len = s;
+    if (pos + len >= s)
+        len = s - pos;
+
+    if (pos == 0 && len == s)
+        return *this;
+
+    return UString(Rep::create(m_rep, pos, len));
+}
+
+bool operator==(const UString& s1, const char *s2)
+{
+    if (s2 == 0)
+        return s1.isEmpty();
+
+    const UChar* u = s1.data();
+    const UChar* uend = u + s1.size();
+    while (u != uend && *s2) {
+        if (u[0] != (unsigned char)*s2)
+            return false;
+        s2++;
+        u++;
+    }
+
+    return u == uend && *s2 == 0;
+}
+
+bool operator<(const UString& s1, const UString& s2)
+{
+    const int l1 = s1.size();
+    const int l2 = s2.size();
+    const int lmin = l1 < l2 ? l1 : l2;
+    const UChar* c1 = s1.data();
+    const UChar* c2 = s2.data();
+    int l = 0;
+    while (l < lmin && *c1 == *c2) {
+        c1++;
+        c2++;
+        l++;
+    }
+    if (l < lmin)
+        return (c1[0] < c2[0]);
+
+    return (l1 < l2);
+}
+
+bool operator>(const UString& s1, const UString& s2)
+{
+    const int l1 = s1.size();
+    const int l2 = s2.size();
+    const int lmin = l1 < l2 ? l1 : l2;
+    const UChar* c1 = s1.data();
+    const UChar* c2 = s2.data();
+    int l = 0;
+    while (l < lmin && *c1 == *c2) {
+        c1++;
+        c2++;
+        l++;
+    }
+    if (l < lmin)
+        return (c1[0] > c2[0]);
+
+    return (l1 > l2);
+}
+
+int compare(const UString& s1, const UString& s2)
+{
+    const int l1 = s1.size();
+    const int l2 = s2.size();
+    const int lmin = l1 < l2 ? l1 : l2;
+    const UChar* c1 = s1.data();
+    const UChar* c2 = s2.data();
+    int l = 0;
+    while (l < lmin && *c1 == *c2) {
+        c1++;
+        c2++;
+        l++;
+    }
+
+    if (l < lmin)
+        return (c1[0] > c2[0]) ? 1 : -1;
+
+    if (l1 == l2)
+        return 0;
+
+    return (l1 > l2) ? 1 : -1;
+}
+
+bool equal(const UString::Rep* r, const UString::Rep* b)
+{
+    int length = r->len;
+    if (length != b->len)
+        return false;
+    const UChar* d = r->data();
+    const UChar* s = b->data();
+    for (int i = 0; i != length; ++i) {
+        if (d[i] != s[i])
+            return false;
+    }
+    return true;
+}
+
+CString UString::UTF8String(bool strict) const
+{
+    // Allocate a buffer big enough to hold all the characters.
+    const int length = size();
+    Vector<char, 1024> buffer(length * 3);
+
+    // Convert to runs of 8-bit characters.
+    char* p = buffer.data();
+    const UChar* d = reinterpret_cast<const UChar*>(&data()[0]);
+    ConversionResult result = convertUTF16ToUTF8(&d, d + length, &p, p + buffer.size(), strict);
+    if (result != conversionOK)
+        return CString();
+
+    return CString(buffer.data(), p - buffer.data());
+}
+
+// For use in error handling code paths -- having this not be inlined helps avoid PIC branches to fetch the global on Mac OS X.
+NEVER_INLINE void UString::makeNull()
+{
+    m_rep = &Rep::null();
+}
+
+// For use in error handling code paths -- having this not be inlined helps avoid PIC branches to fetch the global on Mac OS X.
+NEVER_INLINE UString::Rep* UString::nullRep()
+{
+    return &Rep::null();
+}
+
+} // namespace JSC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.h b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.h
new file mode 100644
index 000000000..58c3615f1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/runtime/UString.h
@@ -0,0 +1,601 @@
+/*
+ *  Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ *  Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef UString_h
+#define UString_h
+
+#include "Collector.h"
+#include <stdint.h>
+#include <string.h>
+#include <wtf/Assertions.h>
+#include <wtf/CrossThreadRefCounted.h>
+#include <wtf/OwnFastMallocPtr.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/PtrAndFlags.h>
+#include <wtf/RefPtr.h>
+#include <wtf/Vector.h>
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC {
+
+    using WTF::PlacementNewAdoptType;
+    using WTF::PlacementNewAdopt;
+
+    class IdentifierTable;
+  
+    class CString {
+    public:
+        CString()
+            : m_length(0)
+            , m_data(0)
+        {
+        }
+
+        CString(const char*);
+        CString(const char*, size_t);
+        CString(const CString&);
+
+        ~CString();
+
+        static CString adopt(char*, size_t); // buffer should be allocated with new[].
+
+        CString& append(const CString&);
+        CString& operator=(const char* c);
+        CString& operator=(const CString&);
+        CString& operator+=(const CString& c) { return append(c); }
+
+        size_t size() const { return m_length; }
+        const char* c_str() const { return m_data; }
+
+    private:
+        size_t m_length;
+        char* m_data;
+    };
+
+    typedef Vector<char, 32> CStringBuffer;
+
+    class UString {
+        friend class JIT;
+
+    public:
+
+        typedef CrossThreadRefCounted<OwnFastMallocPtr<UChar> > SharedUChar;
+        struct BaseString;
+        struct Rep : Noncopyable {
+            friend class JIT;
+
+            static PassRefPtr<Rep> create(UChar* buffer, int length)
+            {
+                return adoptRef(new BaseString(buffer, length));
+            }
+
+            static PassRefPtr<Rep> createEmptyBuffer(size_t size)
+            {
+                // Guard against integer overflow
+                if (size < (std::numeric_limits<size_t>::max() / sizeof(UChar))) {
+                    void* buf = 0;
+                    if (tryFastMalloc(size * sizeof(UChar)).getValue(buf))
+                        return adoptRef(new BaseString(static_cast<UChar*>(buf), 0, size));
+                }
+                return adoptRef(new BaseString(0, 0, 0));
+            }
+
+            static PassRefPtr<Rep> createCopying(const UChar*, int);
+            static PassRefPtr<Rep> create(PassRefPtr<Rep> base, int offset, int length);
+
+            // Constructs a string from a UTF-8 string, using strict conversion (see comments in UTF8.h).
+            // Returns UString::Rep::null for null input or conversion failure.
+            static PassRefPtr<Rep> createFromUTF8(const char*);
+
+            // Uses SharedUChar to have joint ownership over the UChar*.
+            static PassRefPtr<Rep> create(UChar*, int, PassRefPtr<SharedUChar>);
+
+            SharedUChar* sharedBuffer();
+            void destroy();
+
+            bool baseIsSelf() const { return m_identifierTableAndFlags.isFlagSet(BaseStringFlag); }
+            UChar* data() const;
+            int size() const { return len; }
+
+            unsigned hash() const { if (_hash == 0) _hash = computeHash(data(), len); return _hash; }
+            unsigned computedHash() const { ASSERT(_hash); return _hash; } // fast path for Identifiers
+
+            static unsigned computeHash(const UChar*, int length);
+            static unsigned computeHash(const char*, int length);
+            static unsigned computeHash(const char* s) { return computeHash(s, strlen(s)); }
+
+            IdentifierTable* identifierTable() const { return m_identifierTableAndFlags.get(); }
+            void setIdentifierTable(IdentifierTable* table) { ASSERT(!isStatic()); m_identifierTableAndFlags.set(table); }
+
+            bool isStatic() const { return m_identifierTableAndFlags.isFlagSet(StaticFlag); }
+            void setStatic(bool);
+            void setBaseString(PassRefPtr<BaseString>);
+            BaseString* baseString();
+            const BaseString* baseString() const;
+
+            Rep* ref() { ++rc; return this; }
+            ALWAYS_INLINE void deref() { if (--rc == 0) destroy(); }
+
+            void checkConsistency() const;
+            enum UStringFlags {
+                StaticFlag,
+                BaseStringFlag
+            };
+
+            // unshared data
+            int offset;
+            int len;
+            int rc; // For null and empty static strings, this field does not reflect a correct count, because ref/deref are not thread-safe. A special case in destroy() guarantees that these do not get deleted.
+            mutable unsigned _hash;
+            PtrAndFlags<IdentifierTable, UStringFlags> m_identifierTableAndFlags;
+
+            static BaseString& null() { return *nullBaseString; }
+            static BaseString& empty() { return *emptyBaseString; }
+
+            bool reserveCapacity(int capacity);
+
+        protected:
+            // Constructor for use by BaseString subclass; they use the union with m_baseString for another purpose.
+            Rep(int length)
+                : offset(0)
+                , len(length)
+                , rc(1)
+                , _hash(0)
+                , m_baseString(0)
+            {
+            }
+
+            Rep(PassRefPtr<BaseString> base, int offsetInBase, int length)
+                : offset(offsetInBase)
+                , len(length)
+                , rc(1)
+                , _hash(0)
+                , m_baseString(base.releaseRef())
+            {
+                checkConsistency();
+            }
+
+            union {
+                // If !baseIsSelf()
+                BaseString* m_baseString;
+                // If baseIsSelf()
+                SharedUChar* m_sharedBuffer;
+            };
+
+        private:
+            // For SmallStringStorage which allocates an array and does initialization manually.
+            Rep() { }
+
+            friend class SmallStringsStorage;
+            friend void initializeUString();
+            JS_EXPORTDATA static BaseString* nullBaseString;
+            JS_EXPORTDATA static BaseString* emptyBaseString;
+        };
+
+
+        struct BaseString : public Rep {
+            bool isShared() { return rc != 1 || isBufferReadOnly(); }
+            void setSharedBuffer(PassRefPtr<SharedUChar>);
+
+            bool isBufferReadOnly()
+            {
+                if (!m_sharedBuffer)
+                    return false;
+                return slowIsBufferReadOnly();
+            }
+
+            // potentially shared data.
+            UChar* buf;
+            int preCapacity;
+            int usedPreCapacity;
+            int capacity;
+            int usedCapacity;
+
+            size_t reportedCost;
+
+        private:
+            BaseString(UChar* buffer, int length, int additionalCapacity = 0)
+                : Rep(length)
+                , buf(buffer)
+                , preCapacity(0)
+                , usedPreCapacity(0)
+                , capacity(length + additionalCapacity)
+                , usedCapacity(length)
+                , reportedCost(0)
+            {
+                m_identifierTableAndFlags.setFlag(BaseStringFlag);
+                checkConsistency();
+            }
+
+            SharedUChar* sharedBuffer();
+            bool slowIsBufferReadOnly();
+
+            friend struct Rep;
+            friend class SmallStringsStorage;
+            friend void initializeUString();
+        };
+
+    public:
+        UString();
+        UString(const char*);
+        UString(const UChar*, int length);
+        UString(UChar*, int length, bool copy);
+
+        UString(const UString& s)
+            : m_rep(s.m_rep)
+        {
+        }
+
+        UString(const Vector<UChar>& buffer);
+
+        ~UString()
+        {
+        }
+
+        // Special constructor for cases where we overwrite an object in place.
+        UString(PlacementNewAdoptType)
+            : m_rep(PlacementNewAdopt)
+        {
+        }
+
+        static UString from(int);
+        static UString from(long long);
+        static UString from(unsigned int);
+        static UString from(long);
+        static UString from(double);
+
+        struct Range {
+        public:
+            Range(int pos, int len)
+                : position(pos)
+                , length(len)
+            {
+            }
+
+            Range()
+            {
+            }
+
+            int position;
+            int length;
+        };
+
+        UString spliceSubstringsWithSeparators(const Range* substringRanges, int rangeCount, const UString* separators, int separatorCount) const;
+
+        UString replaceRange(int rangeStart, int RangeEnd, const UString& replacement) const;
+
+        UString& append(const UString&);
+        UString& append(const char*);
+        UString& append(UChar);
+        UString& append(char c) { return append(static_cast<UChar>(static_cast<unsigned char>(c))); }
+        UString& append(const UChar*, int size);
+
+        bool getCString(CStringBuffer&) const;
+
+        // NOTE: This method should only be used for *debugging* purposes as it
+        // is neither Unicode safe nor free from side effects nor thread-safe.
+        char* ascii() const;
+
+        /**
+         * Convert the string to UTF-8, assuming it is UTF-16 encoded.
+         * In non-strict mode, this function is tolerant of badly formed UTF-16, it
+         * can create UTF-8 strings that are invalid because they have characters in
+         * the range U+D800-U+DDFF, U+FFFE, or U+FFFF, but the UTF-8 string is
+         * guaranteed to be otherwise valid.
+         * In strict mode, error is returned as null CString.
+         */
+        CString UTF8String(bool strict = false) const;
+
+        UString& operator=(const char*c);
+
+        UString& operator+=(const UString& s) { return append(s); }
+        UString& operator+=(const char* s) { return append(s); }
+
+        const UChar* data() const { return m_rep->data(); }
+
+        bool isNull() const { return (m_rep == &Rep::null()); }
+        bool isEmpty() const { return (!m_rep->len); }
+
+        bool is8Bit() const;
+
+        int size() const { return m_rep->size(); }
+
+        UChar operator[](int pos) const;
+
+        double toDouble(bool tolerateTrailingJunk, bool tolerateEmptyString) const;
+        double toDouble(bool tolerateTrailingJunk) const;
+        double toDouble() const;
+
+        uint32_t toUInt32(bool* ok = 0) const;
+        uint32_t toUInt32(bool* ok, bool tolerateEmptyString) const;
+        uint32_t toStrictUInt32(bool* ok = 0) const;
+
+        unsigned toArrayIndex(bool* ok = 0) const;
+
+        int find(const UString& f, int pos = 0) const;
+        int find(UChar, int pos = 0) const;
+        int rfind(const UString& f, int pos) const;
+        int rfind(UChar, int pos) const;
+
+        UString substr(int pos = 0, int len = -1) const;
+
+        static const UString& null() { return *nullUString; }
+
+        Rep* rep() const { return m_rep.get(); }
+        static Rep* nullRep();
+
+        UString(PassRefPtr<Rep> r)
+            : m_rep(r)
+        {
+            ASSERT(m_rep);
+        }
+
+        size_t cost() const;
+
+        // Attempt to grow this string such that it can grow to a total length of 'capacity'
+        // without reallocation.  This may fail a number of reasons - if the BasicString is
+        // shared and another string is using part of the capacity beyond our end point, if
+        // the realloc fails, or if this string is empty and has no storage.
+        //
+        // This method returns a boolean indicating success.
+        bool reserveCapacity(int capacity)
+        {
+            return m_rep->reserveCapacity(capacity);
+        }
+
+#if PLATFORM(QT)
+        operator QT_PREPEND_NAMESPACE(QString)() const
+        {
+            QT_USE_NAMESPACE;
+            return QString(reinterpret_cast<const QChar*>(this->data()), this->size());
+        }
+
+        UString(const QT_PREPEND_NAMESPACE(QString)& str)
+        {
+            *this = JSC::UString(reinterpret_cast<const UChar*>(str.constData()), str.length());
+        }
+#endif
+
+
+    private:
+        void expandCapacity(int requiredLength);
+        void expandPreCapacity(int requiredPreCap);
+        void makeNull();
+
+        RefPtr<Rep> m_rep;
+        static UString* nullUString;
+
+        friend void initializeUString();
+        friend bool operator==(const UString&, const UString&);
+        friend PassRefPtr<Rep> concatenate(Rep*, Rep*); // returns 0 if out of memory
+    };
+    PassRefPtr<UString::Rep> concatenate(UString::Rep*, UString::Rep*);
+    PassRefPtr<UString::Rep> concatenate(UString::Rep*, int);
+    PassRefPtr<UString::Rep> concatenate(UString::Rep*, double);
+
+    inline bool operator==(const UString& s1, const UString& s2)
+    {
+        int size = s1.size();
+        switch (size) {
+        case 0:
+            return !s2.size();
+        case 1:
+            return s2.size() == 1 && s1.data()[0] == s2.data()[0];
+        case 2: {
+            if (s2.size() != 2)
+                return false;
+            const UChar* d1 = s1.data();
+            const UChar* d2 = s2.data();
+            return (d1[0] == d2[0]) & (d1[1] == d2[1]);
+        }
+        default:
+            return s2.size() == size && memcmp(s1.data(), s2.data(), size * sizeof(UChar)) == 0;
+        }
+    }
+
+
+    inline bool operator!=(const UString& s1, const UString& s2)
+    {
+        return !JSC::operator==(s1, s2);
+    }
+
+    bool operator<(const UString& s1, const UString& s2);
+    bool operator>(const UString& s1, const UString& s2);
+
+    bool operator==(const UString& s1, const char* s2);
+
+    inline bool operator!=(const UString& s1, const char* s2)
+    {
+        return !JSC::operator==(s1, s2);
+    }
+
+    inline bool operator==(const char *s1, const UString& s2)
+    {
+        return operator==(s2, s1);
+    }
+
+    inline bool operator!=(const char *s1, const UString& s2)
+    {
+        return !JSC::operator==(s1, s2);
+    }
+
+    bool operator==(const CString&, const CString&);
+
+    inline UString operator+(const UString& s1, const UString& s2)
+    {
+        RefPtr<UString::Rep> result = concatenate(s1.rep(), s2.rep());
+        return UString(result ? result.release() : UString::nullRep());
+    }
+
+    int compare(const UString&, const UString&);
+
+    bool equal(const UString::Rep*, const UString::Rep*);
+
+    inline PassRefPtr<UString::Rep> UString::Rep::create(PassRefPtr<UString::Rep> rep, int offset, int length)
+    {
+        ASSERT(rep);
+        rep->checkConsistency();
+
+        int repOffset = rep->offset;
+
+        PassRefPtr<BaseString> base = rep->baseString();
+
+        ASSERT(-(offset + repOffset) <= base->usedPreCapacity);
+        ASSERT(offset + repOffset + length <= base->usedCapacity);
+
+        // Steal the single reference this Rep was created with.
+        return adoptRef(new Rep(base, repOffset + offset, length));
+    }
+
+    inline UChar* UString::Rep::data() const
+    {
+        const BaseString* base = baseString();
+        return base->buf + base->preCapacity + offset;
+    }
+
+    inline void UString::Rep::setStatic(bool v)
+    {
+        ASSERT(!identifierTable());
+        if (v)
+            m_identifierTableAndFlags.setFlag(StaticFlag);
+        else
+            m_identifierTableAndFlags.clearFlag(StaticFlag);
+    }
+
+    inline void UString::Rep::setBaseString(PassRefPtr<BaseString> base)
+    {
+        ASSERT(base != this);
+        ASSERT(!baseIsSelf());
+        m_baseString = base.releaseRef();
+    }
+
+    inline UString::BaseString* UString::Rep::baseString()
+    {
+        return !baseIsSelf() ? m_baseString : reinterpret_cast<BaseString*>(this) ;
+    }
+
+    inline const UString::BaseString* UString::Rep::baseString() const
+    {
+        return const_cast<Rep*>(this)->baseString();
+    }
+
+#ifdef NDEBUG
+    inline void UString::Rep::checkConsistency() const
+    {
+    }
+#endif
+
+    inline UString::UString()
+        : m_rep(&Rep::null())
+    {
+    }
+
+    // Rule from ECMA 15.2 about what an array index is.
+    // Must exactly match string form of an unsigned integer, and be less than 2^32 - 1.
+    inline unsigned UString::toArrayIndex(bool* ok) const
+    {
+        unsigned i = toStrictUInt32(ok);
+        if (ok && i >= 0xFFFFFFFFU)
+            *ok = false;
+        return i;
+    }
+
+    // We'd rather not do shared substring append for small strings, since
+    // this runs too much risk of a tiny initial string holding down a
+    // huge buffer.
+    // FIXME: this should be size_t but that would cause warnings until we
+    // fix UString sizes to be size_t instead of int
+    static const int minShareSize = Heap::minExtraCostSize / sizeof(UChar);
+
+    inline size_t UString::cost() const
+    {
+        BaseString* base = m_rep->baseString();
+        size_t capacity = (base->capacity + base->preCapacity) * sizeof(UChar);
+        size_t reportedCost = base->reportedCost;
+        ASSERT(capacity >= reportedCost);
+
+        size_t capacityDelta = capacity - reportedCost;
+
+        if (capacityDelta < static_cast<size_t>(minShareSize))
+            return 0;
+
+        base->reportedCost = capacity;
+
+        return capacityDelta;
+    }
+
+#if PLATFORM(QT)
+
+        inline UString operator+(const char* s1, const UString& s2)
+        {
+            return operator+(UString(s1), s2);
+        }
+
+        inline UString operator+(const UString& s1, const char* s2)
+        {
+            return operator+(s1, UString(s2));
+        }
+
+#endif
+
+    struct IdentifierRepHash : PtrHash<RefPtr<JSC::UString::Rep> > {
+        static unsigned hash(const RefPtr<JSC::UString::Rep>& key) { return key->computedHash(); }
+        static unsigned hash(JSC::UString::Rep* key) { return key->computedHash(); }
+    };
+
+    void initializeUString();
+} // namespace JSC
+
+namespace WTF {
+
+    template<typename T> struct DefaultHash;
+    template<typename T> struct StrHash;
+
+    template<> struct StrHash<JSC::UString::Rep*> {
+        static unsigned hash(const JSC::UString::Rep* key) { return key->hash(); }
+        static bool equal(const JSC::UString::Rep* a, const JSC::UString::Rep* b) { return JSC::equal(a, b); }
+        static const bool safeToCompareToEmptyOrDeleted = false;
+    };
+
+    template<> struct StrHash<RefPtr<JSC::UString::Rep> > : public StrHash<JSC::UString::Rep*> {
+        using StrHash<JSC::UString::Rep*>::hash;
+        static unsigned hash(const RefPtr<JSC::UString::Rep>& key) { return key->hash(); }
+        using StrHash<JSC::UString::Rep*>::equal;
+        static bool equal(const RefPtr<JSC::UString::Rep>& a, const RefPtr<JSC::UString::Rep>& b) { return JSC::equal(a.get(), b.get()); }
+        static bool equal(const JSC::UString::Rep* a, const RefPtr<JSC::UString::Rep>& b) { return JSC::equal(a, b.get()); }
+        static bool equal(const RefPtr<JSC::UString::Rep>& a, const JSC::UString::Rep* b) { return JSC::equal(a.get(), b); }
+
+        static const bool safeToCompareToEmptyOrDeleted = false;
+    };
+
+    template<> struct DefaultHash<JSC::UString::Rep*> {
+        typedef StrHash<JSC::UString::Rep*> Hash;
+    };
+
+    template<> struct DefaultHash<RefPtr<JSC::UString::Rep> > {
+        typedef StrHash<RefPtr<JSC::UString::Rep> > Hash;
+
+    };
+
+} // namespace WTF
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.cpp
new file mode 100644
index 000000000..e3f12f222
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.cpp
@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "CharacterClass.h"
+
+#if ENABLE(WREC)
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+const CharacterClass& CharacterClass::newline() {
+    static const UChar asciiNewlines[2] = { '\n', '\r' };
+    static const UChar unicodeNewlines[2] = { 0x2028, 0x2029 };
+    static const CharacterClass charClass = {
+        asciiNewlines, 2,
+        0, 0,
+        unicodeNewlines, 2,
+        0, 0,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::digits() {
+    static const CharacterRange asciiDigitsRange[1] = { { '0', '9' } };
+    static const CharacterClass charClass = {
+        0, 0,
+        asciiDigitsRange, 1,
+        0, 0,
+        0, 0,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::spaces() {
+    static const UChar asciiSpaces[1] = { ' ' };
+    static const CharacterRange asciiSpacesRange[1] = { { '\t', '\r' } };
+    static const UChar unicodeSpaces[8] = { 0x00a0, 0x1680, 0x180e, 0x2028, 0x2029, 0x202f, 0x205f, 0x3000 };
+    static const CharacterRange unicodeSpacesRange[1] = { { 0x2000, 0x200a } };
+    static const CharacterClass charClass = {
+        asciiSpaces, 1,
+        asciiSpacesRange, 1,
+        unicodeSpaces, 8,
+        unicodeSpacesRange, 1,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::wordchar() {
+    static const UChar asciiWordchar[1] = { '_' };
+    static const CharacterRange asciiWordcharRange[3] = { { '0', '9' }, { 'A', 'Z' }, { 'a', 'z' } };
+    static const CharacterClass charClass = {
+        asciiWordchar, 1,
+        asciiWordcharRange, 3,
+        0, 0,
+        0, 0,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::nondigits() {
+    static const CharacterRange asciiNondigitsRange[2] = { { 0, '0' - 1 }, { '9' + 1, 0x7f } };
+    static const CharacterRange unicodeNondigitsRange[1] = { { 0x0080, 0xffff } };
+    static const CharacterClass charClass = {
+        0, 0,
+        asciiNondigitsRange, 2,
+        0, 0,
+        unicodeNondigitsRange, 1,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::nonspaces() {
+    static const CharacterRange asciiNonspacesRange[3] = { { 0, '\t' - 1 }, { '\r' + 1, ' ' - 1 }, { ' ' + 1, 0x7f } }; 
+    static const CharacterRange unicodeNonspacesRange[9] = {
+        { 0x0080, 0x009f },
+        { 0x00a1, 0x167f },
+        { 0x1681, 0x180d },
+        { 0x180f, 0x1fff },
+        { 0x200b, 0x2027 },
+        { 0x202a, 0x202e },
+        { 0x2030, 0x205e },
+        { 0x2060, 0x2fff },
+        { 0x3001, 0xffff }
+    }; 
+    static const CharacterClass charClass = {
+        0, 0,
+        asciiNonspacesRange, 3,
+        0, 0,
+        unicodeNonspacesRange, 9,
+    };
+    
+    return charClass;
+}
+
+const CharacterClass& CharacterClass::nonwordchar() {
+    static const UChar asciiNonwordchar[1] = { '`' };
+    static const CharacterRange asciiNonwordcharRange[4] = { { 0, '0' - 1 }, { '9' + 1, 'A' - 1 }, { 'Z' + 1, '_' - 1 }, { 'z' + 1, 0x7f } };
+    static const CharacterRange unicodeNonwordcharRange[1] = { { 0x0080, 0xffff } };
+    static const CharacterClass charClass = {
+        asciiNonwordchar, 1,
+        asciiNonwordcharRange, 4,
+        0, 0,
+        unicodeNonwordcharRange, 1,
+    };
+    
+    return charClass;
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.h
new file mode 100644
index 000000000..8a9d2fc19
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClass.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CharacterClass_h
+#define CharacterClass_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC { namespace WREC {
+
+    struct CharacterRange {
+        UChar begin;
+        UChar end;
+    };
+
+    struct CharacterClass {
+        static const CharacterClass& newline();
+        static const CharacterClass& digits();
+        static const CharacterClass& spaces();
+        static const CharacterClass& wordchar();
+        static const CharacterClass& nondigits();
+        static const CharacterClass& nonspaces();
+        static const CharacterClass& nonwordchar();
+
+        const UChar* matches;
+        unsigned numMatches;
+
+        const CharacterRange* ranges;
+        unsigned numRanges;
+
+        const UChar* matchesUnicode;
+        unsigned numMatchesUnicode;
+
+        const CharacterRange* rangesUnicode;
+        unsigned numRangesUnicode;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // CharacterClass_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.cpp
new file mode 100644
index 000000000..06f42628d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.cpp
@@ -0,0 +1,257 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "CharacterClassConstructor.h"
+
+#if ENABLE(WREC)
+
+#include "pcre_internal.h"
+#include <wtf/ASCIICType.h>
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+void CharacterClassConstructor::addSorted(Vector<UChar>& matches, UChar ch)
+{
+    unsigned pos = 0;
+    unsigned range = matches.size();
+
+    // binary chop, find position to insert char.
+    while (range) {
+        unsigned index = range >> 1;
+
+        int val = matches[pos+index] - ch;
+        if (!val)
+            return;
+        else if (val > 0)
+            range = index;
+        else {
+            pos += (index+1);
+            range -= (index+1);
+        }
+    }
+    
+    if (pos == matches.size())
+        matches.append(ch);
+    else
+        matches.insert(pos, ch);
+}
+
+void CharacterClassConstructor::addSortedRange(Vector<CharacterRange>& ranges, UChar lo, UChar hi)
+{
+    unsigned end = ranges.size();
+    
+    // Simple linear scan - I doubt there are that many ranges anyway...
+    // feel free to fix this with something faster (eg binary chop).
+    for (unsigned i = 0; i < end; ++i) {
+        // does the new range fall before the current position in the array
+        if (hi < ranges[i].begin) {
+            // optional optimization: concatenate appending ranges? - may not be worthwhile.
+            if (hi == (ranges[i].begin - 1)) {
+                ranges[i].begin = lo;
+                return;
+            }
+            CharacterRange r = {lo, hi};
+            ranges.insert(i, r);
+            return;
+        }
+        // Okay, since we didn't hit the last case, the end of the new range is definitely at or after the begining
+        // If the new range start at or before the end of the last range, then the overlap (if it starts one after the
+        // end of the last range they concatenate, which is just as good.
+        if (lo <= (ranges[i].end + 1)) {
+            // found an intersect! we'll replace this entry in the array.
+            ranges[i].begin = std::min(ranges[i].begin, lo);
+            ranges[i].end = std::max(ranges[i].end, hi);
+
+            // now check if the new range can subsume any subsequent ranges.
+            unsigned next = i+1;
+            // each iteration of the loop we will either remove something from the list, or break the loop.
+            while (next < ranges.size()) {
+                if (ranges[next].begin <= (ranges[i].end + 1)) {
+                    // the next entry now overlaps / concatenates this one.
+                    ranges[i].end = std::max(ranges[i].end, ranges[next].end);
+                    ranges.remove(next);
+                } else
+                    break;
+            }
+            
+            return;
+        }
+    }
+
+    // CharacterRange comes after all existing ranges.
+    CharacterRange r = {lo, hi};
+    ranges.append(r);
+}
+
+void CharacterClassConstructor::put(UChar ch)
+{
+    // Parsing a regular expression like [a-z], we start in an initial empty state:
+    //     ((m_charBuffer == -1) && !m_isPendingDash)
+    // When buffer the 'a' sice it may be (and is in this case) part of a range:
+    //     ((m_charBuffer != -1) && !m_isPendingDash)
+    // Having parsed the hyphen we then record that the dash is also pending:
+    //     ((m_charBuffer != -1) && m_isPendingDash)
+    // The next change will always take us back to the initial state - either because
+    // a complete range has been parsed (such as [a-z]), or because a flush is forced,
+    // due to an early end in the regexp ([a-]), or a character class escape being added
+    // ([a-\s]).  The fourth permutation of m_charBuffer and m_isPendingDash is not permitted.
+    ASSERT(!((m_charBuffer == -1) && m_isPendingDash));
+
+    if (m_charBuffer != -1) {
+        if (m_isPendingDash) {
+            // EXAMPLE: parsing [-a-c], the 'c' reaches this case - we have buffered a previous character and seen a hyphen, so this is a range.
+            UChar lo = m_charBuffer;
+            UChar hi = ch;
+            // Reset back to the inital state.
+            m_charBuffer = -1;
+            m_isPendingDash = false;
+            
+            // This is an error, detected lazily.  Do not proceed.
+            if (lo > hi) {
+                m_isUpsideDown = true;
+                return;
+            }
+            
+            if (lo <= 0x7f) {
+                char asciiLo = lo;
+                char asciiHi = std::min(hi, (UChar)0x7f);
+                addSortedRange(m_ranges, lo, asciiHi);
+                
+                if (m_isCaseInsensitive) {
+                    if ((asciiLo <= 'Z') && (asciiHi >= 'A'))
+                        addSortedRange(m_ranges, std::max(asciiLo, 'A')+('a'-'A'), std::min(asciiHi, 'Z')+('a'-'A'));
+                    if ((asciiLo <= 'z') && (asciiHi >= 'a'))
+                        addSortedRange(m_ranges, std::max(asciiLo, 'a')+('A'-'a'), std::min(asciiHi, 'z')+('A'-'a'));
+                }
+            }
+            if (hi >= 0x80) {
+                UChar unicodeCurr = std::max(lo, (UChar)0x80);
+                addSortedRange(m_rangesUnicode, unicodeCurr, hi);
+                
+                if (m_isCaseInsensitive) {
+                    // we're going to scan along, updating the start of the range
+                    while (unicodeCurr <= hi) {
+                        // Spin forwards over any characters that don't have two cases.
+                        for (; jsc_pcre_ucp_othercase(unicodeCurr) == -1; ++unicodeCurr) {
+                            // if this was the last character in the range, we're done.
+                            if (unicodeCurr == hi)
+                                return;
+                        }
+                        // if we fall through to here, unicodeCurr <= hi & has another case. Get the other case.
+                        UChar rangeStart = unicodeCurr;
+                        UChar otherCurr = jsc_pcre_ucp_othercase(unicodeCurr);
+                        
+                        // If unicodeCurr is not yet hi, check the next char in the range.  If it also has another case,
+                        // and if it's other case value is one greater then the othercase value for the current last
+                        // character included in the range, we can include next into the range.
+                        while ((unicodeCurr < hi) && (jsc_pcre_ucp_othercase(unicodeCurr + 1) == (otherCurr + 1))) {
+                            // increment unicodeCurr; it points to the end of the range.
+                            // increment otherCurr, due to the check above other for next must be 1 greater than the currrent other value.
+                            ++unicodeCurr;
+                            ++otherCurr;
+                        }
+                        
+                        // otherChar is the last in the range of other case chars, calculate offset to get back to the start.
+                        addSortedRange(m_rangesUnicode, otherCurr-(unicodeCurr-rangeStart), otherCurr);
+                        
+                        // unicodeCurr has been added, move on to the next char.
+                        ++unicodeCurr;
+                    }
+                }
+            }
+        } else if (ch == '-')
+            // EXAMPLE: parsing [-a-c], the second '-' reaches this case - the hyphen is treated as potentially indicating a range.
+            m_isPendingDash = true;
+        else {
+            // EXAMPLE: Parsing [-a-c], the 'a' reaches this case - we repace the previously buffered char with the 'a'.
+            flush();
+            m_charBuffer = ch;
+        }
+    } else
+        // EXAMPLE: Parsing [-a-c], the first hyphen reaches this case - there is no buffered character
+        // (the hyphen not treated as a special character in this case, same handling for any char).
+        m_charBuffer = ch;
+}
+
+// When a character is added to the set we do not immediately add it to the arrays, in case it is actually defining a range.
+// When we have determined the character is not used in specifing a range it is added, in a sorted fashion, to the appropriate
+// array (either ascii or unicode).
+// If the pattern is case insensitive we add entries for both cases.
+void CharacterClassConstructor::flush()
+{
+    if (m_charBuffer != -1) {
+        if (m_charBuffer <= 0x7f) {
+            if (m_isCaseInsensitive && isASCIILower(m_charBuffer))
+                addSorted(m_matches, toASCIIUpper(m_charBuffer));
+            addSorted(m_matches, m_charBuffer);
+            if (m_isCaseInsensitive && isASCIIUpper(m_charBuffer))
+                addSorted(m_matches, toASCIILower(m_charBuffer));
+        } else {
+            addSorted(m_matchesUnicode, m_charBuffer);
+            if (m_isCaseInsensitive) {
+                int other = jsc_pcre_ucp_othercase(m_charBuffer);
+                if (other != -1)
+                    addSorted(m_matchesUnicode, other);
+            }
+        }
+        m_charBuffer = -1;
+    }
+    
+    if (m_isPendingDash) {
+        addSorted(m_matches, '-');
+        m_isPendingDash = false;
+    }
+}
+
+void CharacterClassConstructor::append(const CharacterClass& other)
+{
+    // [x-\s] will add, 'x', '-', and all unicode spaces to new class (same as [x\s-]).
+    // Need to check the spec, really, but think this matches PCRE behaviour.
+    flush();
+    
+    if (other.numMatches) {
+        for (size_t i = 0; i < other.numMatches; ++i)
+            addSorted(m_matches, other.matches[i]);
+    }
+    if (other.numRanges) {
+        for (size_t i = 0; i < other.numRanges; ++i)
+            addSortedRange(m_ranges, other.ranges[i].begin, other.ranges[i].end);
+    }
+    if (other.numMatchesUnicode) {
+        for (size_t i = 0; i < other.numMatchesUnicode; ++i)
+            addSorted(m_matchesUnicode, other.matchesUnicode[i]);
+    }
+    if (other.numRangesUnicode) {
+        for (size_t i = 0; i < other.numRangesUnicode; ++i)
+            addSortedRange(m_rangesUnicode, other.rangesUnicode[i].begin, other.rangesUnicode[i].end);
+    }
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.h
new file mode 100644
index 000000000..581733dd6
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/CharacterClassConstructor.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef CharacterClassConstructor_h
+#define CharacterClassConstructor_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include "CharacterClass.h"
+#include <wtf/AlwaysInline.h>
+#include <wtf/Vector.h>
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC { namespace WREC {
+
+    class CharacterClassConstructor {
+    public:
+        CharacterClassConstructor(bool isCaseInsensitive)
+            : m_charBuffer(-1)
+            , m_isPendingDash(false)
+            , m_isCaseInsensitive(isCaseInsensitive)
+            , m_isUpsideDown(false)
+        {
+        }
+
+        void flush();
+        
+        // We need to flush prior to an escaped hyphen to prevent it as being treated as indicating
+        // a range, e.g. [a\-c] we flush prior to adding the hyphen so that this is not treated as
+        // [a-c].  However, we do not want to flush if we have already seen a non escaped hyphen -
+        // e.g. [+-\-] should be treated the same as [+--], producing a range that will also match
+        // a comma.
+        void flushBeforeEscapedHyphen()
+        {
+            if (!m_isPendingDash)
+                flush();
+        }
+        
+        void put(UChar ch);
+        void append(const CharacterClass& other);
+
+        bool isUpsideDown() { return m_isUpsideDown; }
+
+        ALWAYS_INLINE CharacterClass charClass()
+        {
+            CharacterClass newCharClass = {
+                m_matches.begin(), m_matches.size(),
+                m_ranges.begin(), m_ranges.size(),
+                m_matchesUnicode.begin(), m_matchesUnicode.size(),
+                m_rangesUnicode.begin(), m_rangesUnicode.size(),
+            };
+
+            return newCharClass;
+        }
+
+    private:
+        void addSorted(Vector<UChar>& matches, UChar ch);
+        void addSortedRange(Vector<CharacterRange>& ranges, UChar lo, UChar hi);
+
+        int m_charBuffer;
+        bool m_isPendingDash;
+        bool m_isCaseInsensitive;
+        bool m_isUpsideDown;
+
+        Vector<UChar> m_matches;
+        Vector<CharacterRange> m_ranges;
+        Vector<UChar> m_matchesUnicode;
+        Vector<CharacterRange> m_rangesUnicode;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // CharacterClassConstructor_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Escapes.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Escapes.h
new file mode 100644
index 000000000..16c1d6fb4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Escapes.h
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef Escapes_h
+#define Escapes_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include <wtf/Assertions.h>
+
+namespace JSC { namespace WREC {
+
+    class CharacterClass;
+
+    class Escape {
+    public:
+        enum Type {
+            PatternCharacter,
+            CharacterClass,
+            Backreference,
+            WordBoundaryAssertion,
+            Error,
+        };
+        
+        Escape(Type type)
+            : m_type(type)
+        {
+        }
+
+        Type type() const { return m_type; }
+
+    private:
+        Type m_type;
+        
+    protected:
+        // Used by subclasses to store data.
+        union {
+            int i;
+            const WREC::CharacterClass* c;
+        } m_u;
+        bool m_invert;
+    };
+
+    class PatternCharacterEscape : public Escape {
+    public:
+        static const PatternCharacterEscape& cast(const Escape& escape)
+        {
+            ASSERT(escape.type() == PatternCharacter);
+            return static_cast<const PatternCharacterEscape&>(escape);
+        }
+        
+        PatternCharacterEscape(int character)
+            : Escape(PatternCharacter)
+        {
+            m_u.i = character;
+        }
+        
+        operator Escape() const { return *this; }
+        
+        int character() const { return m_u.i; }
+    };
+
+    class CharacterClassEscape : public Escape {
+    public:
+        static const CharacterClassEscape& cast(const Escape& escape)
+        {
+            ASSERT(escape.type() == CharacterClass);
+            return static_cast<const CharacterClassEscape&>(escape);
+        }
+        
+        CharacterClassEscape(const WREC::CharacterClass& characterClass, bool invert)
+            : Escape(CharacterClass)
+        {
+            m_u.c = &characterClass;
+            m_invert = invert;
+        }
+        
+        operator Escape() { return *this; }
+        
+        const WREC::CharacterClass& characterClass() const { return *m_u.c; }
+        bool invert() const { return m_invert; }
+    };
+
+    class BackreferenceEscape : public Escape {
+    public:
+        static const BackreferenceEscape& cast(const Escape& escape)
+        {
+            ASSERT(escape.type() == Backreference);
+            return static_cast<const BackreferenceEscape&>(escape);
+        }
+        
+        BackreferenceEscape(int subpatternId)
+            : Escape(Backreference)
+        {
+            m_u.i = subpatternId;
+        }
+        
+        operator Escape() const { return *this; }
+        
+        int subpatternId() const { return m_u.i; }
+    };
+
+    class WordBoundaryAssertionEscape : public Escape {
+    public:
+        static const WordBoundaryAssertionEscape& cast(const Escape& escape)
+        {
+            ASSERT(escape.type() == WordBoundaryAssertion);
+            return static_cast<const WordBoundaryAssertionEscape&>(escape);
+        }
+        
+        WordBoundaryAssertionEscape(bool invert)
+            : Escape(WordBoundaryAssertion)
+        {
+            m_invert = invert;
+        }
+        
+        operator Escape() const { return *this; }
+        
+        bool invert() const { return m_invert; }
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // Escapes_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Quantifier.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Quantifier.h
new file mode 100644
index 000000000..3da74cda1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/Quantifier.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef Quantifier_h
+#define Quantifier_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include <wtf/Assertions.h>
+#include <limits.h>
+
+namespace JSC { namespace WREC {
+
+    struct Quantifier {
+        enum Type {
+            None,
+            Greedy,
+            NonGreedy,
+            Error,
+        };
+
+        Quantifier(Type type = None, unsigned min = 0, unsigned max = Infinity)
+            : type(type)
+            , min(min)
+            , max(max)
+        {
+            ASSERT(min <= max);
+        }
+
+        Type type;
+
+        unsigned min;
+        unsigned max;
+
+        static const unsigned Infinity = UINT_MAX;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // Quantifier_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.cpp
new file mode 100644
index 000000000..145a1cee8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.cpp
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "WREC.h"
+
+#if ENABLE(WREC)
+
+#include "CharacterClassConstructor.h"
+#include "Interpreter.h"
+#include "JSGlobalObject.h"
+#include "RegisterFile.h"
+#include "WRECFunctors.h"
+#include "WRECParser.h"
+#include "pcre_internal.h"
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+CompiledRegExp Generator::compileRegExp(JSGlobalData* globalData, const UString& pattern, unsigned* numSubpatterns_ptr, const char** error_ptr, RefPtr<ExecutablePool>& pool, bool ignoreCase, bool multiline)
+{
+    if (pattern.size() > MAX_PATTERN_SIZE) {
+        *error_ptr = "regular expression too large";
+        return 0;
+    }
+
+    Parser parser(pattern, ignoreCase, multiline);
+    Generator& generator = parser.generator();
+    MacroAssembler::JumpList failures;
+    MacroAssembler::Jump endOfInput;
+
+    generator.generateEnter();
+    generator.generateSaveIndex();
+
+    Label beginPattern(&generator);
+    parser.parsePattern(failures);
+    generator.generateReturnSuccess();
+
+    failures.link(&generator);
+    generator.generateIncrementIndex(&endOfInput);
+    parser.parsePattern(failures);
+    generator.generateReturnSuccess();
+
+    failures.link(&generator);
+    generator.generateIncrementIndex();
+    generator.generateJumpIfNotEndOfInput(beginPattern);
+    
+    endOfInput.link(&generator);
+    generator.generateReturnFailure();
+
+    if (parser.error()) {
+        *error_ptr = parser.syntaxError(); // NULL in the case of patterns that WREC doesn't support yet.
+        return 0;
+    }
+
+    *numSubpatterns_ptr = parser.numSubpatterns();
+    pool = globalData->executableAllocator.poolForSize(generator.size());
+    return reinterpret_cast<CompiledRegExp>(generator.copyCode(pool.get()));
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.h
new file mode 100644
index 000000000..483dce002
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WREC.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WREC_h
+#define WREC_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include <wtf/unicode/Unicode.h>
+
+#if COMPILER(GCC) && PLATFORM(X86)
+#define WREC_CALL __attribute__ ((regparm (3)))
+#else
+#define WREC_CALL
+#endif
+
+namespace JSC {
+    class Interpreter;
+    class UString;
+}
+
+namespace JSC { namespace WREC {
+
+    typedef int (*CompiledRegExp)(const UChar* input, unsigned start, unsigned length, int* output) WREC_CALL;
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // WREC_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.cpp
new file mode 100644
index 000000000..5f1674efc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.cpp
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "WRECFunctors.h"
+
+#if ENABLE(WREC)
+
+#include "WRECGenerator.h"
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+void GeneratePatternCharacterFunctor::generateAtom(Generator* generator, Generator::JumpList& failures)
+{
+    generator->generatePatternCharacter(failures, m_ch);
+}
+
+void GeneratePatternCharacterFunctor::backtrack(Generator* generator)
+{
+    generator->generateBacktrack1();
+}
+
+void GenerateCharacterClassFunctor::generateAtom(Generator* generator, Generator::JumpList& failures)
+{
+    generator->generateCharacterClass(failures, *m_charClass, m_invert);
+}
+
+void GenerateCharacterClassFunctor::backtrack(Generator* generator)
+{
+    generator->generateBacktrack1();
+}
+
+void GenerateBackreferenceFunctor::generateAtom(Generator* generator, Generator::JumpList& failures)
+{
+    generator->generateBackreference(failures, m_subpatternId);
+}
+
+void GenerateBackreferenceFunctor::backtrack(Generator* generator)
+{
+    generator->generateBacktrackBackreference(m_subpatternId);
+}
+
+void GenerateParenthesesNonGreedyFunctor::generateAtom(Generator* generator, Generator::JumpList& failures)
+{
+    generator->generateParenthesesNonGreedy(failures, m_start, m_success, m_fail);
+}
+
+void GenerateParenthesesNonGreedyFunctor::backtrack(Generator*)
+{
+    // FIXME: do something about this.
+    CRASH();
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.h
new file mode 100644
index 000000000..610ce559e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECFunctors.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include "WRECGenerator.h"
+#include <wtf/unicode/Unicode.h>
+
+namespace JSC { namespace WREC {
+
+    struct CharacterClass;
+
+    class GenerateAtomFunctor {
+    public:
+        virtual ~GenerateAtomFunctor() {}
+
+        virtual void generateAtom(Generator*, Generator::JumpList&) = 0;
+        virtual void backtrack(Generator*) = 0;
+    };
+
+    class GeneratePatternCharacterFunctor : public GenerateAtomFunctor {
+    public:
+        GeneratePatternCharacterFunctor(const UChar ch)
+            : m_ch(ch)
+        {
+        }
+
+        virtual void generateAtom(Generator*, Generator::JumpList&);
+        virtual void backtrack(Generator*);
+
+    private:
+        const UChar m_ch;
+    };
+
+    class GenerateCharacterClassFunctor : public GenerateAtomFunctor {
+    public:
+        GenerateCharacterClassFunctor(const CharacterClass* charClass, bool invert)
+            : m_charClass(charClass)
+            , m_invert(invert)
+        {
+        }
+
+        virtual void generateAtom(Generator*, Generator::JumpList&);
+        virtual void backtrack(Generator*);
+
+    private:
+        const CharacterClass* m_charClass;
+        bool m_invert;
+    };
+
+    class GenerateBackreferenceFunctor : public GenerateAtomFunctor {
+    public:
+        GenerateBackreferenceFunctor(unsigned subpatternId)
+            : m_subpatternId(subpatternId)
+        {
+        }
+
+        virtual void generateAtom(Generator*, Generator::JumpList&);
+        virtual void backtrack(Generator*);
+
+    private:
+        unsigned m_subpatternId;
+    };
+
+    class GenerateParenthesesNonGreedyFunctor : public GenerateAtomFunctor {
+    public:
+        GenerateParenthesesNonGreedyFunctor(Generator::Label start, Generator::Jump success, Generator::Jump fail)
+            : m_start(start)
+            , m_success(success)
+            , m_fail(fail)
+        {
+        }
+
+        virtual void generateAtom(Generator*, Generator::JumpList&);
+        virtual void backtrack(Generator*);
+
+    private:
+        Generator::Label m_start;
+        Generator::Jump m_success;
+        Generator::Jump m_fail;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.cpp
new file mode 100644
index 000000000..e62add37d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.cpp
@@ -0,0 +1,653 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "WREC.h"
+
+#if ENABLE(WREC)
+
+#include "CharacterClassConstructor.h"
+#include "Interpreter.h"
+#include "WRECFunctors.h"
+#include "WRECParser.h"
+#include "pcre_internal.h"
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+void Generator::generateEnter()
+{
+#if PLATFORM(X86)
+    // On x86 edi & esi are callee preserved registers.
+    push(X86Registers::edi);
+    push(X86Registers::esi);
+    
+#if COMPILER(MSVC)
+    // Move the arguments into registers.
+    peek(input, 3);
+    peek(index, 4);
+    peek(length, 5);
+    peek(output, 6);
+#else
+    // On gcc the function is regparm(3), so the input, index, and length registers
+    // (eax, edx, and ecx respectively) already contain the appropriate values.
+    // Just load the fourth argument (output) into edi
+    peek(output, 3);
+#endif
+#endif
+}
+
+void Generator::generateReturnSuccess()
+{
+    ASSERT(returnRegister != index);
+    ASSERT(returnRegister != output);
+
+    // Set return value.
+    pop(returnRegister); // match begin
+    store32(returnRegister, output);
+    store32(index, Address(output, 4)); // match end
+    
+    // Restore callee save registers.
+#if PLATFORM(X86)
+    pop(X86Registers::esi);
+    pop(X86Registers::edi);
+#endif
+    ret();
+}
+
+void Generator::generateSaveIndex()
+{
+    push(index);
+}
+
+void Generator::generateIncrementIndex(Jump* failure)
+{
+    peek(index);
+    if (failure)
+        *failure = branch32(Equal, length, index);
+    add32(Imm32(1), index);
+    poke(index);
+}
+
+void Generator::generateLoadCharacter(JumpList& failures)
+{
+    failures.append(branch32(Equal, length, index));
+    load16(BaseIndex(input, index, TimesTwo), character);
+}
+
+// For the sake of end-of-line assertions, we treat one-past-the-end as if it
+// were part of the input string.
+void Generator::generateJumpIfNotEndOfInput(Label target)
+{
+    branch32(LessThanOrEqual, index, length, target);
+}
+
+void Generator::generateReturnFailure()
+{
+    pop();
+    move(Imm32(-1), returnRegister);
+
+#if PLATFORM(X86)
+    pop(X86Registers::esi);
+    pop(X86Registers::edi);
+#endif
+    ret();
+}
+
+void Generator::generateBacktrack1()
+{
+    sub32(Imm32(1), index);
+}
+
+void Generator::generateBacktrackBackreference(unsigned subpatternId)
+{
+    sub32(Address(output, (2 * subpatternId + 1) * sizeof(int)), index);
+    add32(Address(output, (2 * subpatternId) * sizeof(int)), index);
+}
+
+void Generator::generateBackreferenceQuantifier(JumpList& failures, Quantifier::Type quantifierType, unsigned subpatternId, unsigned min, unsigned max)
+{
+    GenerateBackreferenceFunctor functor(subpatternId);
+
+    load32(Address(output, (2 * subpatternId) * sizeof(int)), character);
+    Jump skipIfEmpty = branch32(Equal, Address(output, ((2 * subpatternId) + 1) * sizeof(int)), character);
+
+    ASSERT(quantifierType == Quantifier::Greedy || quantifierType == Quantifier::NonGreedy);
+    if (quantifierType == Quantifier::Greedy)
+        generateGreedyQuantifier(failures, functor, min, max);
+    else
+        generateNonGreedyQuantifier(failures, functor, min, max);
+
+    skipIfEmpty.link(this);
+}
+
+void Generator::generateNonGreedyQuantifier(JumpList& failures, GenerateAtomFunctor& functor, unsigned min, unsigned max)
+{
+    JumpList atomFailedList;
+    JumpList alternativeFailedList;
+
+    // (0) Setup: Save, then init repeatCount.
+    push(repeatCount);
+    move(Imm32(0), repeatCount);
+    Jump start = jump();
+
+    // (4) Quantifier failed: No more atom reading possible.
+    Label quantifierFailed(this);
+    pop(repeatCount);
+    failures.append(jump()); 
+
+    // (3) Alternative failed: If we can, read another atom, then fall through to (2) to try again.
+    Label alternativeFailed(this);
+    pop(index);
+    if (max != Quantifier::Infinity)
+        branch32(Equal, repeatCount, Imm32(max), quantifierFailed);
+
+    // (1) Read an atom.
+    if (min)
+        start.link(this);
+    Label readAtom(this);
+    functor.generateAtom(this, atomFailedList);
+    atomFailedList.linkTo(quantifierFailed, this);
+    add32(Imm32(1), repeatCount);
+    
+    // (2) Keep reading if we're under the minimum.
+    if (min > 1)
+        branch32(LessThan, repeatCount, Imm32(min), readAtom);
+
+    // (3) Test the rest of the alternative.
+    if (!min)
+        start.link(this);
+    push(index);
+    m_parser.parseAlternative(alternativeFailedList);
+    alternativeFailedList.linkTo(alternativeFailed, this);
+
+    pop();
+    pop(repeatCount);
+}
+
+void Generator::generateGreedyQuantifier(JumpList& failures, GenerateAtomFunctor& functor, unsigned min, unsigned max)
+{
+    if (!max)
+        return;
+
+    JumpList doneReadingAtomsList;
+    JumpList alternativeFailedList;
+
+    // (0) Setup: Save, then init repeatCount.
+    push(repeatCount);
+    move(Imm32(0), repeatCount);
+
+    // (1) Greedily read as many copies of the atom as possible, then jump to (2).
+    Label readAtom(this);
+    functor.generateAtom(this, doneReadingAtomsList);
+    add32(Imm32(1), repeatCount);
+    if (max == Quantifier::Infinity)
+        jump(readAtom);
+    else if (max == 1)
+        doneReadingAtomsList.append(jump());
+    else {
+        branch32(NotEqual, repeatCount, Imm32(max), readAtom);
+        doneReadingAtomsList.append(jump());
+    }
+
+    // (5) Quantifier failed: No more backtracking possible.
+    Label quantifierFailed(this);
+    pop(repeatCount);
+    failures.append(jump()); 
+
+    // (4) Alternative failed: Backtrack, then fall through to (2) to try again.
+    Label alternativeFailed(this);
+    pop(index);
+    functor.backtrack(this);
+    sub32(Imm32(1), repeatCount);
+
+    // (2) Verify that we have enough atoms.
+    doneReadingAtomsList.link(this);
+    branch32(LessThan, repeatCount, Imm32(min), quantifierFailed);
+
+    // (3) Test the rest of the alternative.
+    push(index);
+    m_parser.parseAlternative(alternativeFailedList);
+    alternativeFailedList.linkTo(alternativeFailed, this);
+
+    pop();
+    pop(repeatCount);
+}
+
+void Generator::generatePatternCharacterSequence(JumpList& failures, int* sequence, size_t count)
+{
+    for (size_t i = 0; i < count;) {
+        if (i < count - 1) {
+            if (generatePatternCharacterPair(failures, sequence[i], sequence[i + 1])) {
+                i += 2;
+                continue;
+            }
+        }
+
+        generatePatternCharacter(failures, sequence[i]);
+        ++i;
+    }
+}
+
+bool Generator::generatePatternCharacterPair(JumpList& failures, int ch1, int ch2)
+{
+    if (m_parser.ignoreCase()) {
+        // Non-trivial case folding requires more than one test, so we can't
+        // test as a pair with an adjacent character.
+        if (!isASCII(ch1) && Unicode::toLower(ch1) != Unicode::toUpper(ch1))
+            return false;
+        if (!isASCII(ch2) && Unicode::toLower(ch2) != Unicode::toUpper(ch2))
+            return false;
+    }
+
+    // Optimistically consume 2 characters.
+    add32(Imm32(2), index);
+    failures.append(branch32(GreaterThan, index, length));
+
+    // Load the characters we just consumed, offset -2 characters from index.
+    load32(BaseIndex(input, index, TimesTwo, -2 * 2), character);
+
+    if (m_parser.ignoreCase()) {
+        // Convert ASCII alphabet characters to upper case before testing for
+        // equality. (ASCII non-alphabet characters don't require upper-casing
+        // because they have no uppercase equivalents. Unicode characters don't
+        // require upper-casing because we only handle Unicode characters whose
+        // upper and lower cases are equal.)
+        int ch1Mask = 0;
+        if (isASCIIAlpha(ch1)) {
+            ch1 |= 32;
+            ch1Mask = 32;
+        }
+
+        int ch2Mask = 0;
+        if (isASCIIAlpha(ch2)) {
+            ch2 |= 32;
+            ch2Mask = 32;
+        }
+
+        int mask = ch1Mask | (ch2Mask << 16);
+        if (mask)
+            or32(Imm32(mask), character);
+    }
+    int pair = ch1 | (ch2 << 16);
+
+    failures.append(branch32(NotEqual, character, Imm32(pair)));
+    return true;
+}
+
+void Generator::generatePatternCharacter(JumpList& failures, int ch)
+{
+    generateLoadCharacter(failures);
+
+    // used for unicode case insensitive
+    bool hasUpper = false;
+    Jump isUpper;
+    
+    // if case insensitive match
+    if (m_parser.ignoreCase()) {
+        UChar lower, upper;
+        
+        // check for ascii case sensitive characters
+        if (isASCIIAlpha(ch)) {
+            or32(Imm32(32), character);
+            ch |= 32;
+        } else if (!isASCII(ch) && ((lower = Unicode::toLower(ch)) != (upper = Unicode::toUpper(ch)))) {
+            // handle unicode case sentitive characters - branch to success on upper
+            isUpper = branch32(Equal, character, Imm32(upper));
+            hasUpper = true;
+            ch = lower;
+        }
+    }
+    
+    // checks for ch, or lower case version of ch, if insensitive
+    failures.append(branch32(NotEqual, character, Imm32((unsigned short)ch)));
+
+    if (m_parser.ignoreCase() && hasUpper) {
+        // for unicode case insensitive matches, branch here if upper matches.
+        isUpper.link(this);
+    }
+    
+    // on success consume the char
+    add32(Imm32(1), index);
+}
+
+void Generator::generateCharacterClassInvertedRange(JumpList& failures, JumpList& matchDest, const CharacterRange* ranges, unsigned count, unsigned* matchIndex, const UChar* matches, unsigned matchCount)
+{
+    do {
+        // pick which range we're going to generate
+        int which = count >> 1;
+        char lo = ranges[which].begin;
+        char hi = ranges[which].end;
+        
+        // check if there are any ranges or matches below lo.  If not, just jl to failure -
+        // if there is anything else to check, check that first, if it falls through jmp to failure.
+        if ((*matchIndex < matchCount) && (matches[*matchIndex] < lo)) {
+            Jump loOrAbove = branch32(GreaterThanOrEqual, character, Imm32((unsigned short)lo));
+            
+            // generate code for all ranges before this one
+            if (which)
+                generateCharacterClassInvertedRange(failures, matchDest, ranges, which, matchIndex, matches, matchCount);
+            
+            while ((*matchIndex < matchCount) && (matches[*matchIndex] < lo)) {
+                matchDest.append(branch32(Equal, character, Imm32((unsigned short)matches[*matchIndex])));
+                ++*matchIndex;
+            }
+            failures.append(jump());
+
+            loOrAbove.link(this);
+        } else if (which) {
+            Jump loOrAbove = branch32(GreaterThanOrEqual, character, Imm32((unsigned short)lo));
+
+            generateCharacterClassInvertedRange(failures, matchDest, ranges, which, matchIndex, matches, matchCount);
+            failures.append(jump());
+
+            loOrAbove.link(this);
+        } else
+            failures.append(branch32(LessThan, character, Imm32((unsigned short)lo)));
+
+        while ((*matchIndex < matchCount) && (matches[*matchIndex] <= hi))
+            ++*matchIndex;
+
+        matchDest.append(branch32(LessThanOrEqual, character, Imm32((unsigned short)hi)));
+        // fall through to here, the value is above hi.
+
+        // shuffle along & loop around if there are any more matches to handle.
+        unsigned next = which + 1;
+        ranges += next;
+        count -= next;
+    } while (count);
+}
+
+void Generator::generateCharacterClassInverted(JumpList& matchDest, const CharacterClass& charClass)
+{
+    Jump unicodeFail;
+    if (charClass.numMatchesUnicode || charClass.numRangesUnicode) {
+        Jump isAscii = branch32(LessThanOrEqual, character, Imm32(0x7f));
+    
+        if (charClass.numMatchesUnicode) {
+            for (unsigned i = 0; i < charClass.numMatchesUnicode; ++i) {
+                UChar ch = charClass.matchesUnicode[i];
+                matchDest.append(branch32(Equal, character, Imm32(ch)));
+            }
+        }
+        
+        if (charClass.numRangesUnicode) {
+            for (unsigned i = 0; i < charClass.numRangesUnicode; ++i) {
+                UChar lo = charClass.rangesUnicode[i].begin;
+                UChar hi = charClass.rangesUnicode[i].end;
+                
+                Jump below = branch32(LessThan, character, Imm32(lo));
+                matchDest.append(branch32(LessThanOrEqual, character, Imm32(hi)));
+                below.link(this);
+            }
+        }
+
+        unicodeFail = jump();
+        isAscii.link(this);
+    }
+
+    if (charClass.numRanges) {
+        unsigned matchIndex = 0;
+        JumpList failures; 
+        generateCharacterClassInvertedRange(failures, matchDest, charClass.ranges, charClass.numRanges, &matchIndex, charClass.matches, charClass.numMatches);
+        while (matchIndex < charClass.numMatches)
+            matchDest.append(branch32(Equal, character, Imm32((unsigned short)charClass.matches[matchIndex++])));
+
+        failures.link(this);
+    } else if (charClass.numMatches) {
+        // optimization: gather 'a','A' etc back together, can mask & test once.
+        Vector<char> matchesAZaz;
+
+        for (unsigned i = 0; i < charClass.numMatches; ++i) {
+            char ch = charClass.matches[i];
+            if (m_parser.ignoreCase()) {
+                if (isASCIILower(ch)) {
+                    matchesAZaz.append(ch);
+                    continue;
+                }
+                if (isASCIIUpper(ch))
+                    continue;
+            }
+            matchDest.append(branch32(Equal, character, Imm32((unsigned short)ch)));
+        }
+
+        if (unsigned countAZaz = matchesAZaz.size()) {
+            or32(Imm32(32), character);
+            for (unsigned i = 0; i < countAZaz; ++i)
+                matchDest.append(branch32(Equal, character, Imm32(matchesAZaz[i])));
+        }
+    }
+
+    if (charClass.numMatchesUnicode || charClass.numRangesUnicode)
+        unicodeFail.link(this);
+}
+
+void Generator::generateCharacterClass(JumpList& failures, const CharacterClass& charClass, bool invert)
+{
+    generateLoadCharacter(failures);
+
+    if (invert)
+        generateCharacterClassInverted(failures, charClass);
+    else {
+        JumpList successes;
+        generateCharacterClassInverted(successes, charClass);
+        failures.append(jump());
+        successes.link(this);
+    }
+    
+    add32(Imm32(1), index);
+}
+
+void Generator::generateParenthesesAssertion(JumpList& failures)
+{
+    JumpList disjunctionFailed;
+
+    push(index);
+    m_parser.parseDisjunction(disjunctionFailed);
+    Jump success = jump();
+
+    disjunctionFailed.link(this);
+    pop(index);
+    failures.append(jump());
+
+    success.link(this);
+    pop(index);
+}
+
+void Generator::generateParenthesesInvertedAssertion(JumpList& failures)
+{
+    JumpList disjunctionFailed;
+
+    push(index);
+    m_parser.parseDisjunction(disjunctionFailed);
+
+    // If the disjunction succeeded, the inverted assertion failed.
+    pop(index);
+    failures.append(jump());
+
+    // If the disjunction failed, the inverted assertion succeeded.
+    disjunctionFailed.link(this);
+    pop(index);
+}
+
+void Generator::generateParenthesesNonGreedy(JumpList& failures, Label start, Jump success, Jump fail)
+{
+    jump(start);
+    success.link(this);
+    failures.append(fail);
+}
+
+Generator::Jump Generator::generateParenthesesResetTrampoline(JumpList& newFailures, unsigned subpatternIdBefore, unsigned subpatternIdAfter)
+{
+    Jump skip = jump();
+    newFailures.link(this);
+    for (unsigned i = subpatternIdBefore + 1; i <= subpatternIdAfter; ++i) {
+        store32(Imm32(-1), Address(output, (2 * i) * sizeof(int)));
+        store32(Imm32(-1), Address(output, (2 * i + 1) * sizeof(int)));
+    }
+    
+    Jump newFailJump = jump();
+    skip.link(this);
+    
+    return newFailJump;
+}
+
+void Generator::generateAssertionBOL(JumpList& failures)
+{
+    if (m_parser.multiline()) {
+        JumpList previousIsNewline;
+
+        // begin of input == success
+        previousIsNewline.append(branch32(Equal, index, Imm32(0)));
+
+        // now check prev char against newline characters.
+        load16(BaseIndex(input, index, TimesTwo, -2), character);
+        generateCharacterClassInverted(previousIsNewline, CharacterClass::newline());
+
+        failures.append(jump());
+
+        previousIsNewline.link(this);
+    } else
+        failures.append(branch32(NotEqual, index, Imm32(0)));
+}
+
+void Generator::generateAssertionEOL(JumpList& failures)
+{
+    if (m_parser.multiline()) {
+        JumpList nextIsNewline;
+
+        generateLoadCharacter(nextIsNewline); // end of input == success
+        generateCharacterClassInverted(nextIsNewline, CharacterClass::newline());
+        failures.append(jump());
+        nextIsNewline.link(this);
+    } else {
+        failures.append(branch32(NotEqual, length, index));
+    }
+}
+
+void Generator::generateAssertionWordBoundary(JumpList& failures, bool invert)
+{
+    JumpList wordBoundary;
+    JumpList notWordBoundary;
+
+    // (1) Check if the previous value was a word char
+
+    // (1.1) check for begin of input
+    Jump atBegin = branch32(Equal, index, Imm32(0));
+    // (1.2) load the last char, and chck if is word character
+    load16(BaseIndex(input, index, TimesTwo, -2), character);
+    JumpList previousIsWord;
+    generateCharacterClassInverted(previousIsWord, CharacterClass::wordchar());
+    // (1.3) if we get here, previous is not a word char
+    atBegin.link(this);
+
+    // (2) Handle situation where previous was NOT a \w
+
+    generateLoadCharacter(notWordBoundary);
+    generateCharacterClassInverted(wordBoundary, CharacterClass::wordchar());
+    // (2.1) If we get here, neither chars are word chars
+    notWordBoundary.append(jump());
+
+    // (3) Handle situation where previous was a \w
+
+    // (3.0) link success in first match to here
+    previousIsWord.link(this);
+    generateLoadCharacter(wordBoundary);
+    generateCharacterClassInverted(notWordBoundary, CharacterClass::wordchar());
+    // (3.1) If we get here, this is an end of a word, within the input.
+    
+    // (4) Link everything up
+    
+    if (invert) {
+        // handle the fall through case
+        wordBoundary.append(jump());
+    
+        // looking for non word boundaries, so link boundary fails to here.
+        notWordBoundary.link(this);
+
+        failures.append(wordBoundary);
+    } else {
+        // looking for word boundaries, so link successes here.
+        wordBoundary.link(this);
+        
+        failures.append(notWordBoundary);
+    }
+}
+
+void Generator::generateBackreference(JumpList& failures, unsigned subpatternId)
+{
+    push(index);
+    push(repeatCount);
+
+    // get the start pos of the backref into repeatCount (multipurpose!)
+    load32(Address(output, (2 * subpatternId) * sizeof(int)), repeatCount);
+
+    Jump skipIncrement = jump();
+    Label topOfLoop(this);
+
+    add32(Imm32(1), index);
+    add32(Imm32(1), repeatCount);
+    skipIncrement.link(this);
+
+    // check if we're at the end of backref (if we are, success!)
+    Jump endOfBackRef = branch32(Equal, Address(output, ((2 * subpatternId) + 1) * sizeof(int)), repeatCount);
+
+    load16(BaseIndex(input, repeatCount, MacroAssembler::TimesTwo), character);
+
+    // check if we've run out of input (this would be a can o'fail)
+    Jump endOfInput = branch32(Equal, length, index);
+
+    branch16(Equal, BaseIndex(input, index, TimesTwo), character, topOfLoop);
+
+    endOfInput.link(this);
+
+    // Failure
+    pop(repeatCount);
+    pop(index);
+    failures.append(jump());
+
+    // Success
+    endOfBackRef.link(this);
+    pop(repeatCount);
+    pop();
+}
+
+void Generator::terminateAlternative(JumpList& successes, JumpList& failures)
+{
+    successes.append(jump());
+    
+    failures.link(this);
+    peek(index);
+}
+
+void Generator::terminateDisjunction(JumpList& successes)
+{
+    successes.link(this);
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.h
new file mode 100644
index 000000000..294c3d05f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECGenerator.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WRECGenerator_h
+#define WRECGenerator_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include "Quantifier.h"
+#include "MacroAssembler.h"
+#include <wtf/ASCIICType.h>
+#include <wtf/unicode/Unicode.h>
+#include "WREC.h"
+
+namespace JSC { 
+
+    class JSGlobalData;
+
+    namespace WREC {
+
+    class CharacterRange;
+    class GenerateAtomFunctor;
+    class Parser;
+    struct CharacterClass;
+
+    class Generator : private MacroAssembler {
+    public:
+        using MacroAssembler::Jump;
+        using MacroAssembler::JumpList;
+        using MacroAssembler::Label;
+
+        enum ParenthesesType { Capturing, NonCapturing, Assertion, InvertedAssertion, Error };
+
+        static CompiledRegExp compileRegExp(JSGlobalData*, const UString& pattern, unsigned* numSubpatterns_ptr, const char** error_ptr, RefPtr<ExecutablePool>& pool, bool ignoreCase = false, bool multiline = false);
+    
+        Generator(Parser& parser)
+            : m_parser(parser)
+        {
+        }
+
+#if PLATFORM(X86)
+        static const RegisterID input = X86Registers::eax;
+        static const RegisterID index = X86Registers::edx;
+        static const RegisterID length = X86Registers::ecx;
+        static const RegisterID output = X86Registers::edi;
+
+        static const RegisterID character = X86Registers::esi;
+        static const RegisterID repeatCount = X86Registers::ebx; // How many times the current atom repeats in the current match.
+
+        static const RegisterID returnRegister = X86Registers::eax;
+#endif
+#if PLATFORM(X86_64)
+        static const RegisterID input = X86Registers::edi;
+        static const RegisterID index = X86Registers::esi;
+        static const RegisterID length = X86Registers::edx;
+        static const RegisterID output = X86Registers::ecx;
+
+        static const RegisterID character = X86Registers::eax;
+        static const RegisterID repeatCount = X86Registers::ebx; // How many times the current atom repeats in the current match.
+
+        static const RegisterID returnRegister = X86Registers::eax;
+#endif
+
+        void generateEnter();
+        void generateSaveIndex();
+        void generateIncrementIndex(Jump* failure = 0);
+        void generateLoadCharacter(JumpList& failures);
+        void generateJumpIfNotEndOfInput(Label);
+        void generateReturnSuccess();
+        void generateReturnFailure();
+
+        void generateGreedyQuantifier(JumpList& failures, GenerateAtomFunctor& functor, unsigned min, unsigned max);
+        void generateNonGreedyQuantifier(JumpList& failures, GenerateAtomFunctor& functor, unsigned min, unsigned max);
+        void generateBacktrack1();
+        void generateBacktrackBackreference(unsigned subpatternId);
+        void generateCharacterClass(JumpList& failures, const CharacterClass& charClass, bool invert);
+        void generateCharacterClassInverted(JumpList& failures, const CharacterClass& charClass);
+        void generateCharacterClassInvertedRange(JumpList& failures, JumpList& matchDest, const CharacterRange* ranges, unsigned count, unsigned* matchIndex, const UChar* matches, unsigned matchCount);
+        void generatePatternCharacter(JumpList& failures, int ch);
+        void generatePatternCharacterSequence(JumpList& failures, int* sequence, size_t count);
+        void generateAssertionWordBoundary(JumpList& failures, bool invert);
+        void generateAssertionBOL(JumpList& failures);
+        void generateAssertionEOL(JumpList& failures);
+        void generateBackreference(JumpList& failures, unsigned subpatternID);
+        void generateBackreferenceQuantifier(JumpList& failures, Quantifier::Type quantifierType, unsigned subpatternId, unsigned min, unsigned max);
+        void generateParenthesesAssertion(JumpList& failures);
+        void generateParenthesesInvertedAssertion(JumpList& failures);
+        Jump generateParenthesesResetTrampoline(JumpList& newFailures, unsigned subpatternIdBefore, unsigned subpatternIdAfter);
+        void generateParenthesesNonGreedy(JumpList& failures, Label start, Jump success, Jump fail);
+
+        void terminateAlternative(JumpList& successes, JumpList& failures);
+        void terminateDisjunction(JumpList& successes);
+
+    private:
+        bool generatePatternCharacterPair(JumpList& failures, int ch1, int ch2);
+
+        Parser& m_parser;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // WRECGenerator_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.cpp
new file mode 100644
index 000000000..1709bf929
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.cpp
@@ -0,0 +1,643 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "WRECParser.h"
+
+#if ENABLE(WREC)
+
+#include "CharacterClassConstructor.h"
+#include "WRECFunctors.h"
+
+using namespace WTF;
+
+namespace JSC { namespace WREC {
+
+// These error messages match the error messages used by PCRE.
+const char* Parser::QuantifierOutOfOrder = "numbers out of order in {} quantifier";
+const char* Parser::QuantifierWithoutAtom = "nothing to repeat";
+const char* Parser::ParenthesesUnmatched = "unmatched parentheses";
+const char* Parser::ParenthesesTypeInvalid = "unrecognized character after (?";
+const char* Parser::ParenthesesNotSupported = ""; // Not a user-visible syntax error -- just signals a syntax that WREC doesn't support yet.
+const char* Parser::CharacterClassUnmatched = "missing terminating ] for character class";
+const char* Parser::CharacterClassOutOfOrder = "range out of order in character class";
+const char* Parser::EscapeUnterminated = "\\ at end of pattern";
+
+class PatternCharacterSequence {
+typedef Generator::JumpList JumpList;
+
+public:
+    PatternCharacterSequence(Generator& generator, JumpList& failures)
+        : m_generator(generator)
+        , m_failures(failures)
+    {
+    }
+    
+    size_t size() { return m_sequence.size(); }
+    
+    void append(int ch)
+    {
+        m_sequence.append(ch);
+    }
+    
+    void flush()
+    {
+        if (!m_sequence.size())
+            return;
+
+        m_generator.generatePatternCharacterSequence(m_failures, m_sequence.begin(), m_sequence.size());
+        m_sequence.clear();
+    }
+
+    void flush(const Quantifier& quantifier)
+    {
+        if (!m_sequence.size())
+            return;
+
+        m_generator.generatePatternCharacterSequence(m_failures, m_sequence.begin(), m_sequence.size() - 1);
+
+        switch (quantifier.type) {
+        case Quantifier::None:
+        case Quantifier::Error:
+            ASSERT_NOT_REACHED();
+            break;
+
+        case Quantifier::Greedy: {
+            GeneratePatternCharacterFunctor functor(m_sequence.last());
+            m_generator.generateGreedyQuantifier(m_failures, functor, quantifier.min, quantifier.max);
+            break;
+        }
+        
+        case Quantifier::NonGreedy: {
+            GeneratePatternCharacterFunctor functor(m_sequence.last());
+            m_generator.generateNonGreedyQuantifier(m_failures, functor, quantifier.min, quantifier.max);
+            break;
+        }
+        }
+        
+        m_sequence.clear();
+    }
+
+private:
+    Generator& m_generator;
+    JumpList& m_failures;
+    Vector<int, 8> m_sequence;
+};
+
+ALWAYS_INLINE Quantifier Parser::consumeGreedyQuantifier()
+{
+    switch (peek()) {
+        case '?':
+            consume();
+            return Quantifier(Quantifier::Greedy, 0, 1);
+
+        case '*':
+            consume();
+            return Quantifier(Quantifier::Greedy, 0);
+
+        case '+':
+            consume();
+            return Quantifier(Quantifier::Greedy, 1);
+
+        case '{': {
+            SavedState state(*this);
+            consume();
+
+            // Accept: {n}, {n,}, {n,m}.
+            // Reject: {n,m} where n > m.
+            // Ignore: Anything else, such as {n, m}.
+
+            if (!peekIsDigit()) {
+                state.restore();
+                return Quantifier();
+            }
+
+            unsigned min = consumeNumber();
+            unsigned max = min;
+
+            if (peek() == ',') {
+                consume();
+                max = peekIsDigit() ? consumeNumber() : Quantifier::Infinity;
+            }
+
+            if (peek() != '}') {
+                state.restore();
+                return Quantifier();
+            }
+            consume();
+ 
+            if (min > max) {
+                setError(QuantifierOutOfOrder);
+                return Quantifier(Quantifier::Error);
+            }
+
+            return Quantifier(Quantifier::Greedy, min, max);
+         }
+
+         default:
+            return Quantifier(); // No quantifier.
+    }
+}
+
+Quantifier Parser::consumeQuantifier()
+{
+    Quantifier q = consumeGreedyQuantifier();
+    
+    if ((q.type == Quantifier::Greedy) && (peek() == '?')) {
+        consume();
+        q.type = Quantifier::NonGreedy;
+    }
+    
+    return q;
+}
+
+bool Parser::parseCharacterClassQuantifier(JumpList& failures, const CharacterClass& charClass, bool invert)
+{
+    Quantifier q = consumeQuantifier();
+
+    switch (q.type) {
+    case Quantifier::None: {
+        m_generator.generateCharacterClass(failures, charClass, invert);
+        break;
+    }
+
+    case Quantifier::Greedy: {
+        GenerateCharacterClassFunctor functor(&charClass, invert);
+        m_generator.generateGreedyQuantifier(failures, functor, q.min, q.max);
+        break;
+    }
+
+    case Quantifier::NonGreedy: {
+        GenerateCharacterClassFunctor functor(&charClass, invert);
+        m_generator.generateNonGreedyQuantifier(failures, functor, q.min, q.max);
+        break;
+    }
+
+    case Quantifier::Error:
+        return false;
+    }
+    
+    return true;
+}
+
+bool Parser::parseBackreferenceQuantifier(JumpList& failures, unsigned subpatternId)
+{
+    Quantifier q = consumeQuantifier();
+
+    switch (q.type) {
+    case Quantifier::None: {
+        m_generator.generateBackreference(failures, subpatternId);
+        break;
+    }
+
+    case Quantifier::Greedy:
+    case Quantifier::NonGreedy:
+        m_generator.generateBackreferenceQuantifier(failures, q.type, subpatternId, q.min, q.max);
+        return true;
+
+    case Quantifier::Error:
+        return false;
+    }
+    
+    return true;
+}
+
+bool Parser::parseParentheses(JumpList& failures)
+{
+    ParenthesesType type = consumeParenthesesType();
+
+    // FIXME: WREC originally failed to backtrack correctly in cases such as
+    // "c".match(/(.*)c/). Now, most parentheses handling is disabled. For
+    // unsupported parentheses, we fall back on PCRE.
+
+    switch (type) {
+        case Generator::Assertion: {
+            m_generator.generateParenthesesAssertion(failures);
+
+            if (consume() != ')') {
+                setError(ParenthesesUnmatched);
+                return false;
+            }
+
+            Quantifier quantifier = consumeQuantifier();
+            if (quantifier.type != Quantifier::None && quantifier.min == 0) {
+                setError(ParenthesesNotSupported);
+                return false;
+            }
+
+            return true;
+        }
+        case Generator::InvertedAssertion: {
+            m_generator.generateParenthesesInvertedAssertion(failures);
+
+            if (consume() != ')') {
+                setError(ParenthesesUnmatched);
+                return false;
+            }
+
+            Quantifier quantifier = consumeQuantifier();
+            if (quantifier.type != Quantifier::None && quantifier.min == 0) {
+                setError(ParenthesesNotSupported);
+                return false;
+            }
+
+            return true;
+        }
+        default:
+            setError(ParenthesesNotSupported);
+            return false;
+    }
+}
+
+bool Parser::parseCharacterClass(JumpList& failures)
+{
+    bool invert = false;
+    if (peek() == '^') {
+        consume();
+        invert = true;
+    }
+
+    CharacterClassConstructor constructor(m_ignoreCase);
+
+    int ch;
+    while ((ch = peek()) != ']') {
+        switch (ch) {
+        case EndOfPattern:
+            setError(CharacterClassUnmatched);
+            return false;
+
+        case '\\': {
+            consume();
+            Escape escape = consumeEscape(true);
+
+            switch (escape.type()) {
+                case Escape::PatternCharacter: {
+                    int character = PatternCharacterEscape::cast(escape).character();
+                    if (character == '-')
+                        constructor.flushBeforeEscapedHyphen();
+                    constructor.put(character);
+                    break;
+                }
+                case Escape::CharacterClass: {
+                    const CharacterClassEscape& characterClassEscape = CharacterClassEscape::cast(escape);
+                    ASSERT(!characterClassEscape.invert());
+                    constructor.append(characterClassEscape.characterClass());
+                    break;
+                }
+                case Escape::Error:
+                    return false;
+                case Escape::Backreference:
+                case Escape::WordBoundaryAssertion: {
+                    ASSERT_NOT_REACHED();
+                    break;
+                }
+            }
+            break;
+        }
+
+        default:
+            consume();
+            constructor.put(ch);
+        }
+    }
+    consume();
+
+    // lazily catch reversed ranges ([z-a])in character classes
+    if (constructor.isUpsideDown()) {
+        setError(CharacterClassOutOfOrder);
+        return false;
+    }
+
+    constructor.flush();
+    CharacterClass charClass = constructor.charClass();
+    return parseCharacterClassQuantifier(failures, charClass, invert);
+}
+
+bool Parser::parseNonCharacterEscape(JumpList& failures, const Escape& escape)
+{
+    switch (escape.type()) {
+        case Escape::PatternCharacter:
+            ASSERT_NOT_REACHED();
+            return false;
+
+        case Escape::CharacterClass:
+            return parseCharacterClassQuantifier(failures, CharacterClassEscape::cast(escape).characterClass(), CharacterClassEscape::cast(escape).invert());
+
+        case Escape::Backreference:
+            return parseBackreferenceQuantifier(failures, BackreferenceEscape::cast(escape).subpatternId());
+
+        case Escape::WordBoundaryAssertion:
+            m_generator.generateAssertionWordBoundary(failures, WordBoundaryAssertionEscape::cast(escape).invert());
+            return true;
+
+        case Escape::Error:
+            return false;
+    }
+
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+Escape Parser::consumeEscape(bool inCharacterClass)
+{
+    switch (peek()) {
+    case EndOfPattern:
+        setError(EscapeUnterminated);
+        return Escape(Escape::Error);
+
+    // Assertions
+    case 'b':
+        consume();
+        if (inCharacterClass)
+            return PatternCharacterEscape('\b');
+        return WordBoundaryAssertionEscape(false); // do not invert
+    case 'B':
+        consume();
+        if (inCharacterClass)
+            return PatternCharacterEscape('B');
+        return WordBoundaryAssertionEscape(true); // invert
+
+    // CharacterClassEscape
+    case 'd':
+        consume();
+        return CharacterClassEscape(CharacterClass::digits(), false);
+    case 's':
+        consume();
+        return CharacterClassEscape(CharacterClass::spaces(), false);
+    case 'w':
+        consume();
+        return CharacterClassEscape(CharacterClass::wordchar(), false);
+    case 'D':
+        consume();
+        return inCharacterClass
+            ? CharacterClassEscape(CharacterClass::nondigits(), false)
+            : CharacterClassEscape(CharacterClass::digits(), true);
+    case 'S':
+        consume();
+        return inCharacterClass
+            ? CharacterClassEscape(CharacterClass::nonspaces(), false)
+            : CharacterClassEscape(CharacterClass::spaces(), true);
+    case 'W':
+        consume();
+        return inCharacterClass
+            ? CharacterClassEscape(CharacterClass::nonwordchar(), false)
+            : CharacterClassEscape(CharacterClass::wordchar(), true);
+
+    // DecimalEscape
+    case '1':
+    case '2':
+    case '3':
+    case '4':
+    case '5':
+    case '6':
+    case '7':
+    case '8':
+    case '9': {
+        if (peekDigit() > m_numSubpatterns || inCharacterClass) {
+            // To match Firefox, we parse an invalid backreference in the range [1-7]
+            // as an octal escape.
+            return peekDigit() > 7 ? PatternCharacterEscape('\\') : PatternCharacterEscape(consumeOctal());
+        }
+
+        int value = 0;
+        do {
+            unsigned newValue = value * 10 + peekDigit();
+            if (newValue > m_numSubpatterns)
+                break;
+            value = newValue;
+            consume();
+        } while (peekIsDigit());
+
+        return BackreferenceEscape(value);
+    }
+
+    // Octal escape
+    case '0':
+        consume();
+        return PatternCharacterEscape(consumeOctal());
+
+    // ControlEscape
+    case 'f':
+        consume();
+        return PatternCharacterEscape('\f');
+    case 'n':
+        consume();
+        return PatternCharacterEscape('\n');
+    case 'r':
+        consume();
+        return PatternCharacterEscape('\r');
+    case 't':
+        consume();
+        return PatternCharacterEscape('\t');
+    case 'v':
+        consume();
+        return PatternCharacterEscape('\v');
+
+    // ControlLetter
+    case 'c': {
+        SavedState state(*this);
+        consume();
+        
+        int control = consume();
+        // To match Firefox, inside a character class, we also accept numbers
+        // and '_' as control characters.
+        if ((!inCharacterClass && !isASCIIAlpha(control)) || (!isASCIIAlphanumeric(control) && control != '_')) {
+            state.restore();
+            return PatternCharacterEscape('\\');
+        }
+        return PatternCharacterEscape(control & 31);
+    }
+
+    // HexEscape
+    case 'x': {
+        consume();
+
+        SavedState state(*this);
+        int x = consumeHex(2);
+        if (x == -1) {
+            state.restore();
+            return PatternCharacterEscape('x');
+        }
+        return PatternCharacterEscape(x);
+    }
+
+    // UnicodeEscape
+    case 'u': {
+        consume();
+
+        SavedState state(*this);
+        int x = consumeHex(4);
+        if (x == -1) {
+            state.restore();
+            return PatternCharacterEscape('u');
+        }
+        return PatternCharacterEscape(x);
+    }
+
+    // IdentityEscape
+    default:
+        return PatternCharacterEscape(consume());
+    }
+}
+
+void Parser::parseAlternative(JumpList& failures)
+{
+    PatternCharacterSequence sequence(m_generator, failures);
+
+    while (1) {
+        switch (peek()) {
+        case EndOfPattern:
+        case '|':
+        case ')':
+            sequence.flush();
+            return;
+
+        case '*':
+        case '+':
+        case '?':
+        case '{': {
+            Quantifier q = consumeQuantifier();
+
+            if (q.type == Quantifier::None) {
+                sequence.append(consume());
+                continue;
+            }
+
+            if (q.type == Quantifier::Error)
+                return;
+
+            if (!sequence.size()) {
+                setError(QuantifierWithoutAtom);
+                return;
+            }
+
+            sequence.flush(q);
+            continue;
+        }
+
+        case '^':
+            consume();
+
+            sequence.flush();
+            m_generator.generateAssertionBOL(failures);
+            continue;
+
+        case '$':
+            consume();
+
+            sequence.flush();
+            m_generator.generateAssertionEOL(failures);
+            continue;
+
+        case '.':
+            consume();
+
+            sequence.flush();
+            if (!parseCharacterClassQuantifier(failures, CharacterClass::newline(), true))
+                return;
+            continue;
+
+        case '[':
+            consume();
+
+            sequence.flush();
+            if (!parseCharacterClass(failures))
+                return;
+            continue;
+
+        case '(':
+            consume();
+
+            sequence.flush();
+            if (!parseParentheses(failures))
+                return;
+            continue;
+
+        case '\\': {
+            consume();
+
+            Escape escape = consumeEscape(false);
+            if (escape.type() == Escape::PatternCharacter) {
+                sequence.append(PatternCharacterEscape::cast(escape).character());
+                continue;
+            }
+
+            sequence.flush();
+            if (!parseNonCharacterEscape(failures, escape))
+                return;
+            continue;
+        }
+
+        default:
+            sequence.append(consume());
+            continue;
+        }
+    }
+}
+
+/*
+  TOS holds index.
+*/
+void Parser::parseDisjunction(JumpList& failures)
+{
+    parseAlternative(failures);
+    if (peek() != '|')
+        return;
+
+    JumpList successes;
+    do {
+        consume();
+        m_generator.terminateAlternative(successes, failures);
+        parseAlternative(failures);
+    } while (peek() == '|');
+
+    m_generator.terminateDisjunction(successes);
+}
+
+Generator::ParenthesesType Parser::consumeParenthesesType()
+{
+    if (peek() != '?')
+        return Generator::Capturing;
+    consume();
+
+    switch (consume()) {
+    case ':':
+        return Generator::NonCapturing;
+    
+    case '=':
+        return Generator::Assertion;
+
+    case '!':
+        return Generator::InvertedAssertion;
+
+    default:
+        setError(ParenthesesTypeInvalid);
+        return Generator::Error;
+    }
+}
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.h b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.h
new file mode 100644
index 000000000..a3e151b7e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wrec/WRECParser.h
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef Parser_h
+#define Parser_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(WREC)
+
+#include "Escapes.h"
+#include "Quantifier.h"
+#include "UString.h"
+#include "WRECGenerator.h"
+#include <wtf/ASCIICType.h>
+
+namespace JSC { namespace WREC {
+
+    struct CharacterClass;
+
+    class Parser {
+    typedef Generator::JumpList JumpList;
+    typedef Generator::ParenthesesType ParenthesesType;
+
+    friend class SavedState;
+
+    public:
+        Parser(const UString& pattern, bool ignoreCase, bool multiline)
+            : m_generator(*this)
+            , m_data(pattern.data())
+            , m_size(pattern.size())
+            , m_ignoreCase(ignoreCase)
+            , m_multiline(multiline)
+        {
+            reset();
+        }
+        
+        Generator& generator() { return m_generator; }
+
+        bool ignoreCase() const { return m_ignoreCase; }
+        bool multiline() const { return m_multiline; }
+
+        void recordSubpattern() { ++m_numSubpatterns; }
+        unsigned numSubpatterns() const { return m_numSubpatterns; }
+        
+        const char* error() const { return m_error; }
+        const char* syntaxError() const { return m_error == ParenthesesNotSupported ? 0 : m_error; }
+        
+        void parsePattern(JumpList& failures)
+        {
+            reset();
+
+            parseDisjunction(failures);
+
+            if (peek() != EndOfPattern)
+                setError(ParenthesesUnmatched); // Parsing the pattern should fully consume it.
+        }
+
+        void parseDisjunction(JumpList& failures);
+        void parseAlternative(JumpList& failures);
+        bool parseTerm(JumpList& failures);
+        bool parseNonCharacterEscape(JumpList& failures, const Escape&);
+        bool parseParentheses(JumpList& failures);
+        bool parseCharacterClass(JumpList& failures);
+        bool parseCharacterClassQuantifier(JumpList& failures, const CharacterClass& charClass, bool invert);
+        bool parseBackreferenceQuantifier(JumpList& failures, unsigned subpatternId);
+
+    private:
+        class SavedState {
+        public:
+            SavedState(Parser& parser)
+                : m_parser(parser)
+                , m_index(parser.m_index)
+            {
+            }
+            
+            void restore()
+            {
+                m_parser.m_index = m_index;
+            }
+
+        private:
+            Parser& m_parser;
+            unsigned m_index;
+        };
+
+        void reset()
+        {
+            m_index = 0;
+            m_numSubpatterns = 0;
+            m_error = 0;
+        }
+
+        void setError(const char* error)
+        {
+            if (m_error)
+                return;
+            m_error = error;
+        }
+
+        int peek()
+        {
+            if (m_index >= m_size)
+                return EndOfPattern;
+            return m_data[m_index];
+        }
+
+        int consume()
+        {
+            if (m_index >= m_size)
+                return EndOfPattern;
+            return m_data[m_index++];
+        }
+
+        bool peekIsDigit()
+        {
+            return WTF::isASCIIDigit(peek());
+        }
+
+        unsigned peekDigit()
+        {
+            ASSERT(peekIsDigit());
+            return peek() - '0';
+        }
+
+        unsigned consumeDigit()
+        {
+            ASSERT(peekIsDigit());
+            return consume() - '0';
+        }
+
+        unsigned consumeNumber()
+        {
+            int n = consumeDigit();
+            while (peekIsDigit()) {
+                n *= 10;
+                n += consumeDigit();
+            }
+            return n;
+        }
+
+        int consumeHex(int count)
+        {
+            int n = 0;
+            while (count--) {
+                if (!WTF::isASCIIHexDigit(peek()))
+                    return -1;
+                n = (n << 4) | WTF::toASCIIHexValue(consume());
+            }
+            return n;
+        }
+
+        unsigned consumeOctal()
+        {
+            unsigned n = 0;
+            while (n < 32 && WTF::isASCIIOctalDigit(peek()))
+                n = n * 8 + consumeDigit();
+            return n;
+        }
+        
+        ALWAYS_INLINE Quantifier consumeGreedyQuantifier();
+        Quantifier consumeQuantifier();
+        Escape consumeEscape(bool inCharacterClass);
+        ParenthesesType consumeParenthesesType();
+
+        static const int EndOfPattern = -1;
+
+        // Error messages.
+        static const char* QuantifierOutOfOrder;
+        static const char* QuantifierWithoutAtom;
+        static const char* ParenthesesUnmatched;
+        static const char* ParenthesesTypeInvalid;
+        static const char* ParenthesesNotSupported;
+        static const char* CharacterClassUnmatched;
+        static const char* CharacterClassOutOfOrder;
+        static const char* EscapeUnterminated;
+
+        Generator m_generator;
+        const UChar* m_data;
+        unsigned m_size;
+        unsigned m_index;
+        bool m_ignoreCase;
+        bool m_multiline;
+        unsigned m_numSubpatterns;
+        const char* m_error;
+    };
+
+} } // namespace JSC::WREC
+
+#endif // ENABLE(WREC)
+
+#endif // Parser_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wscript b/src/3rdparty/javascriptcore/JavaScriptCore/wscript
new file mode 100644
index 000000000..9dd37c960
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wscript
@@ -0,0 +1,103 @@
+#! /usr/bin/env python
+
+# Copyright (C) 2009 Kevin Ollivier  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+#
+# JavaScriptCore build script for the waf build system
+
+import commands
+
+from settings import *
+
+jscore_excludes = ['jsc.cpp', 'ucptable.cpp', 'GOwnPtr.cpp']
+jscore_excludes.extend(get_excludes(jscore_dir, ['*CF.cpp']))
+
+sources = []
+
+jscore_excludes.extend(get_excludes(jscore_dir, ['*Win.cpp', '*None.cpp']))
+
+if building_on_win32:
+    jscore_excludes += ['ExecutableAllocatorPosix.cpp', 'MarkStackPosix.cpp']
+    sources += ['jit/ExecutableAllocatorWin.cpp', 'runtime/MarkStackWin.cpp']
+else:
+    jscore_excludes.append('JSStringRefBSTR.cpp')
+
+def generate_jscore_derived_sources():
+    # build the derived sources
+    js_dir = jscore_dir
+    if building_on_win32:
+        js_dir = get_output('cygpath --unix "%s"' % js_dir)
+    derived_sources_dir = os.path.join(jscore_dir, 'DerivedSources')
+    if not os.path.exists(derived_sources_dir):
+        os.mkdir(derived_sources_dir)
+
+    olddir = os.getcwd()
+    os.chdir(derived_sources_dir)
+
+    command = 'make -f %s/DerivedSources.make JavaScriptCore=%s BUILT_PRODUCTS_DIR=%s all FEATURE_DEFINES="%s"' % (js_dir, js_dir, js_dir, ' '.join(feature_defines))
+    os.system(command)
+    os.chdir(olddir)
+
+def set_options(opt):
+    common_set_options(opt)
+
+def configure(conf):
+    common_configure(conf)
+    generate_jscore_derived_sources()
+    
+def build(bld):
+    import Options
+
+    full_dirs = get_dirs_for_features(jscore_dir, features=[build_port], dirs=jscore_dirs)
+
+    includes = common_includes + full_dirs
+
+    # 1. A simple program
+    jscore = bld.new_task_gen(
+        features = 'cxx cstaticlib',
+        includes = '. .. assembler wrec DerivedSources ForwardingHeaders ' + ' '.join(includes),
+        source = sources,
+        target = 'jscore',
+        uselib = 'WX ICU ' + get_config(),
+        uselib_local = '',
+        install_path = output_dir)
+
+    jscore.find_sources_in_dirs(full_dirs, excludes = jscore_excludes)  
+        
+    obj = bld.new_task_gen(
+        features = 'cxx cprogram',
+        includes = '. .. assembler wrec DerivedSources ForwardingHeaders ' + ' '.join(includes),
+        source = 'jsc.cpp',
+        target = 'jsc',
+        uselib = 'WX ICU ' + get_config(),
+        uselib_local = 'jscore',
+        install_path = output_dir,
+        )
+        
+    # we'll get an error if exceptions are on because of an unwind error when using __try
+    if building_on_win32:
+        flags = obj.env.CXXFLAGS
+        flags.remove('/EHsc')
+        obj.env.CXXFLAGS = flags
+
+    bld.install_files(os.path.join(output_dir, 'JavaScriptCore'), 'API/*.h')
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ASCIICType.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ASCIICType.h
new file mode 100644
index 000000000..0c3c29fb3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ASCIICType.h
@@ -0,0 +1,166 @@
+/*
+ * Copyright (C) 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_ASCIICType_h
+#define WTF_ASCIICType_h
+
+#include <wtf/Assertions.h>
+#include <wtf/Platform.h>
+
+// The behavior of many of the functions in the <ctype.h> header is dependent
+// on the current locale. But in the WebKit project, all uses of those functions
+// are in code processing something that's not locale-specific. These equivalents
+// for some of the <ctype.h> functions are named more explicitly, not dependent
+// on the C library locale, and we should also optimize them as needed.
+
+// All functions return false or leave the character unchanged if passed a character
+// that is outside the range 0-7F. So they can be used on Unicode strings or
+// characters if the intent is to do processing only if the character is ASCII.
+
+namespace WTF {
+
+    inline bool isASCII(char c) { return !(c & ~0x7F); }
+    inline bool isASCII(unsigned short c) { return !(c & ~0x7F); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCII(wchar_t c) { return !(c & ~0x7F); }
+#endif
+    inline bool isASCII(int c) { return !(c & ~0x7F); }
+
+    inline bool isASCIIAlpha(char c) { return (c | 0x20) >= 'a' && (c | 0x20) <= 'z'; }
+    inline bool isASCIIAlpha(unsigned short c) { return (c | 0x20) >= 'a' && (c | 0x20) <= 'z'; }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIAlpha(wchar_t c) { return (c | 0x20) >= 'a' && (c | 0x20) <= 'z'; }
+#endif
+    inline bool isASCIIAlpha(int c) { return (c | 0x20) >= 'a' && (c | 0x20) <= 'z'; }
+
+    inline bool isASCIIAlphanumeric(char c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'z'); }
+    inline bool isASCIIAlphanumeric(unsigned short c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'z'); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIAlphanumeric(wchar_t c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'z'); }
+#endif
+    inline bool isASCIIAlphanumeric(int c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'z'); }
+
+    inline bool isASCIIDigit(char c) { return (c >= '0') & (c <= '9'); }
+    inline bool isASCIIDigit(unsigned short c) { return (c >= '0') & (c <= '9'); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIDigit(wchar_t c) { return (c >= '0') & (c <= '9'); }
+#endif
+    inline bool isASCIIDigit(int c) { return (c >= '0') & (c <= '9'); }
+
+    inline bool isASCIIHexDigit(char c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'f'); }
+    inline bool isASCIIHexDigit(unsigned short c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'f'); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIHexDigit(wchar_t c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'f'); }
+#endif
+    inline bool isASCIIHexDigit(int c) { return (c >= '0' && c <= '9') || ((c | 0x20) >= 'a' && (c | 0x20) <= 'f'); }
+
+    inline bool isASCIIOctalDigit(char c) { return (c >= '0') & (c <= '7'); }
+    inline bool isASCIIOctalDigit(unsigned short c) { return (c >= '0') & (c <= '7'); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIOctalDigit(wchar_t c) { return (c >= '0') & (c <= '7'); }
+#endif
+    inline bool isASCIIOctalDigit(int c) { return (c >= '0') & (c <= '7'); }
+
+    inline bool isASCIILower(char c) { return c >= 'a' && c <= 'z'; }
+    inline bool isASCIILower(unsigned short c) { return c >= 'a' && c <= 'z'; }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIILower(wchar_t c) { return c >= 'a' && c <= 'z'; }
+#endif
+    inline bool isASCIILower(int c) { return c >= 'a' && c <= 'z'; }
+
+    inline bool isASCIIUpper(char c) { return c >= 'A' && c <= 'Z'; }
+    inline bool isASCIIUpper(unsigned short c) { return c >= 'A' && c <= 'Z'; }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIUpper(wchar_t c) { return c >= 'A' && c <= 'Z'; }
+#endif
+    inline bool isASCIIUpper(int c) { return c >= 'A' && c <= 'Z'; }
+
+    /*
+        Statistics from a run of Apple's page load test for callers of isASCIISpace:
+
+            character          count
+            ---------          -----
+            non-spaces         689383
+        20  space              294720
+        0A  \n                 89059
+        09  \t                 28320
+        0D  \r                 0
+        0C  \f                 0
+        0B  \v                 0
+    */
+    inline bool isASCIISpace(char c) { return c <= ' ' && (c == ' ' || (c <= 0xD && c >= 0x9)); }
+    inline bool isASCIISpace(unsigned short c) { return c <= ' ' && (c == ' ' || (c <= 0xD && c >= 0x9)); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIISpace(wchar_t c) { return c <= ' ' && (c == ' ' || (c <= 0xD && c >= 0x9)); }
+#endif
+    inline bool isASCIISpace(int c) { return c <= ' ' && (c == ' ' || (c <= 0xD && c >= 0x9)); }
+
+    inline char toASCIILower(char c) { return c | ((c >= 'A' && c <= 'Z') << 5); }
+    inline unsigned short toASCIILower(unsigned short c) { return c | ((c >= 'A' && c <= 'Z') << 5); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline wchar_t toASCIILower(wchar_t c) { return c | ((c >= 'A' && c <= 'Z') << 5); }
+#endif
+    inline int toASCIILower(int c) { return c | ((c >= 'A' && c <= 'Z') << 5); }
+
+    inline char toASCIIUpper(char c) { return static_cast<char>(c & ~((c >= 'a' && c <= 'z') << 5)); }
+    inline unsigned short toASCIIUpper(unsigned short c) { return static_cast<unsigned short>(c & ~((c >= 'a' && c <= 'z') << 5)); }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline wchar_t toASCIIUpper(wchar_t c) { return static_cast<wchar_t>(c & ~((c >= 'a' && c <= 'z') << 5)); }
+#endif
+    inline int toASCIIUpper(int c) { return static_cast<int>(c & ~((c >= 'a' && c <= 'z') << 5)); }
+
+    inline int toASCIIHexValue(char c) { ASSERT(isASCIIHexDigit(c)); return c < 'A' ? c - '0' : (c - 'A' + 10) & 0xF; }
+    inline int toASCIIHexValue(unsigned short c) { ASSERT(isASCIIHexDigit(c)); return c < 'A' ? c - '0' : (c - 'A' + 10) & 0xF; }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline int toASCIIHexValue(wchar_t c) { ASSERT(isASCIIHexDigit(c)); return c < 'A' ? c - '0' : (c - 'A' + 10) & 0xF; }
+#endif
+    inline int toASCIIHexValue(int c) { ASSERT(isASCIIHexDigit(c)); return c < 'A' ? c - '0' : (c - 'A' + 10) & 0xF; }
+
+    inline bool isASCIIPrintable(char c) { return c >= ' ' && c <= '~'; }
+    inline bool isASCIIPrintable(unsigned short c) { return c >= ' ' && c <= '~'; }
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    inline bool isASCIIPrintable(wchar_t c) { return c >= ' ' && c <= '~'; }
+#endif
+    inline bool isASCIIPrintable(int c) { return c >= ' ' && c <= '~'; }
+}
+
+using WTF::isASCII;
+using WTF::isASCIIAlpha;
+using WTF::isASCIIAlphanumeric;
+using WTF::isASCIIDigit;
+using WTF::isASCIIHexDigit;
+using WTF::isASCIILower;
+using WTF::isASCIIOctalDigit;
+using WTF::isASCIIPrintable;
+using WTF::isASCIISpace;
+using WTF::isASCIIUpper;
+using WTF::toASCIIHexValue;
+using WTF::toASCIILower;
+using WTF::toASCIIUpper;
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AVLTree.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AVLTree.h
new file mode 100644
index 000000000..d7470e7f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AVLTree.h
@@ -0,0 +1,959 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Based on Abstract AVL Tree Template v1.5 by Walt Karas
+ * <http://geocities.com/wkaras/gen_cpp/avl_tree.html>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef AVL_TREE_H_
+#define AVL_TREE_H_
+
+#include "Assertions.h"
+
+namespace WTF {
+
+// Here is the reference class for BSet.
+//
+// class BSet
+//   {
+//   public:
+//
+//     class ANY_bitref
+//       {
+//       public:
+//         operator bool ();
+//         void operator = (bool b);
+//       };
+//
+//     // Does not have to initialize bits.
+//     BSet();
+//
+//     // Must return a valid value for index when 0 <= index < maxDepth
+//     ANY_bitref operator [] (unsigned index);
+//
+//     // Set all bits to 1.
+//     void set();
+//
+//     // Set all bits to 0.
+//     void reset();
+//   };
+
+template<unsigned maxDepth>
+class AVLTreeDefaultBSet {
+public:
+    bool& operator[](unsigned i) { ASSERT(i < maxDepth); return m_data[i]; }
+    void set() { for (unsigned i = 0; i < maxDepth; ++i) m_data[i] = true; }
+    void reset() { for (unsigned i = 0; i < maxDepth; ++i) m_data[i] = false; }
+
+private:
+    bool m_data[maxDepth];
+};
+
+// How to determine maxDepth:
+// d  Minimum number of nodes
+// 2  2
+// 3  4
+// 4  7
+// 5  12
+// 6  20
+// 7  33
+// 8  54
+// 9  88
+// 10 143
+// 11 232
+// 12 376
+// 13 609
+// 14 986
+// 15 1,596
+// 16 2,583
+// 17 4,180
+// 18 6,764
+// 19 10,945
+// 20 17,710
+// 21 28,656
+// 22 46,367
+// 23 75,024
+// 24 121,392
+// 25 196,417
+// 26 317,810
+// 27 514,228
+// 28 832,039
+// 29 1,346,268
+// 30 2,178,308
+// 31 3,524,577
+// 32 5,702,886
+// 33 9,227,464
+// 34 14,930,351
+// 35 24,157,816
+// 36 39,088,168
+// 37 63,245,985
+// 38 102,334,154
+// 39 165,580,140
+// 40 267,914,295
+// 41 433,494,436
+// 42 701,408,732
+// 43 1,134,903,169
+// 44 1,836,311,902
+// 45 2,971,215,072
+//
+// E.g., if, in a particular instantiation, the maximum number of nodes in a tree instance is 1,000,000, the maximum depth should be 28.
+// You pick 28 because MN(28) is 832,039, which is less than or equal to 1,000,000, and MN(29) is 1,346,268, which is strictly greater than 1,000,000.
+
+template <class Abstractor, unsigned maxDepth = 32, class BSet = AVLTreeDefaultBSet<maxDepth> >
+class AVLTree {
+public:
+
+    typedef typename Abstractor::key key;
+    typedef typename Abstractor::handle handle;
+    typedef typename Abstractor::size size;
+
+    enum SearchType {
+        EQUAL = 1,
+        LESS = 2,
+        GREATER = 4,
+        LESS_EQUAL = EQUAL | LESS,
+        GREATER_EQUAL = EQUAL | GREATER
+    };
+
+
+    Abstractor& abstractor() { return abs; }
+
+    inline handle insert(handle h);
+
+    inline handle search(key k, SearchType st = EQUAL);
+    inline handle search_least();
+    inline handle search_greatest();
+
+    inline handle remove(key k);
+
+    inline handle subst(handle new_node);
+
+    void purge() { abs.root = null(); }
+
+    bool is_empty() { return abs.root == null(); }
+
+    AVLTree() { abs.root = null(); }
+
+    class Iterator {
+    public:
+
+        // Initialize depth to invalid value, to indicate iterator is
+        // invalid.   (Depth is zero-base.)
+        Iterator() { depth = ~0U; }
+
+        void start_iter(AVLTree &tree, key k, SearchType st = EQUAL)
+        {
+            // Mask of high bit in an int.
+            const int MASK_HIGH_BIT = (int) ~ ((~ (unsigned) 0) >> 1);
+
+            // Save the tree that we're going to iterate through in a
+            // member variable.
+            tree_ = &tree;
+
+            int cmp, target_cmp;
+            handle h = tree_->abs.root;
+            unsigned d = 0;
+
+            depth = ~0U;
+
+            if (h == null())
+              // Tree is empty.
+              return;
+
+            if (st & LESS)
+              // Key can be greater than key of starting node.
+              target_cmp = 1;
+            else if (st & GREATER)
+              // Key can be less than key of starting node.
+              target_cmp = -1;
+            else
+              // Key must be same as key of starting node.
+              target_cmp = 0;
+
+            for (;;) {
+                cmp = cmp_k_n(k, h);
+                if (cmp == 0) {
+                    if (st & EQUAL) {
+                        // Equal node was sought and found as starting node.
+                        depth = d;
+                        break;
+                    }
+                    cmp = -target_cmp;
+                } else if (target_cmp != 0) {
+                    if (!((cmp ^ target_cmp) & MASK_HIGH_BIT)) {
+                        // cmp and target_cmp are both negative or both positive.
+                        depth = d;
+                    }
+                }
+                h = cmp < 0 ? get_lt(h) : get_gt(h);
+                if (h == null())
+                    break;
+                branch[d] = cmp > 0;
+                path_h[d++] = h;
+            }
+        }
+
+        void start_iter_least(AVLTree &tree)
+        {
+            tree_ = &tree;
+
+            handle h = tree_->abs.root;
+
+            depth = ~0U;
+
+            branch.reset();
+
+            while (h != null()) {
+                if (depth != ~0U)
+                    path_h[depth] = h;
+                depth++;
+                h = get_lt(h);
+            }
+        }
+
+        void start_iter_greatest(AVLTree &tree)
+        {
+            tree_ = &tree;
+
+            handle h = tree_->abs.root;
+
+            depth = ~0U;
+
+            branch.set();
+
+            while (h != null()) {
+                if (depth != ~0U)
+                    path_h[depth] = h;
+                depth++;
+                h = get_gt(h);
+            }
+        }
+
+        handle operator*()
+        {
+            if (depth == ~0U)
+                return null();
+
+            return depth == 0 ? tree_->abs.root : path_h[depth - 1];
+        }
+
+        void operator++()
+        {
+            if (depth != ~0U) {
+                handle h = get_gt(**this);
+                if (h == null()) {
+                    do {
+                        if (depth == 0) {
+                            depth = ~0U;
+                            break;
+                        }
+                        depth--;
+                    } while (branch[depth]);
+                } else {
+                    branch[depth] = true;
+                    path_h[depth++] = h;
+                    for (;;) {
+                        h = get_lt(h);
+                        if (h == null())
+                            break;
+                        branch[depth] = false;
+                        path_h[depth++] = h;
+                    }
+                }
+            }
+        }
+
+        void operator--()
+        {
+            if (depth != ~0U) {
+                handle h = get_lt(**this);
+                if (h == null())
+                    do {
+                        if (depth == 0) {
+                            depth = ~0U;
+                            break;
+                        }
+                        depth--;
+                    } while (!branch[depth]);
+                else {
+                    branch[depth] = false;
+                    path_h[depth++] = h;
+                    for (;;) {
+                        h = get_gt(h);
+                        if (h == null())
+                            break;
+                        branch[depth] = true;
+                        path_h[depth++] = h;
+                    }
+                }
+            }
+        }
+
+        void operator++(int) { ++(*this); }
+        void operator--(int) { --(*this); }
+
+    protected:
+
+        // Tree being iterated over.
+        AVLTree *tree_;
+
+        // Records a path into the tree.  If branch[n] is true, indicates
+        // take greater branch from the nth node in the path, otherwise
+        // take the less branch.  branch[0] gives branch from root, and
+        // so on.
+        BSet branch;
+
+        // Zero-based depth of path into tree.
+        unsigned depth;
+
+        // Handles of nodes in path from root to current node (returned by *).
+        handle path_h[maxDepth - 1];
+
+        int cmp_k_n(key k, handle h) { return tree_->abs.compare_key_node(k, h); }
+        int cmp_n_n(handle h1, handle h2) { return tree_->abs.compare_node_node(h1, h2); }
+        handle get_lt(handle h) { return tree_->abs.get_less(h); }
+        handle get_gt(handle h) { return tree_->abs.get_greater(h); }
+        handle null() { return tree_->abs.null(); }
+    };
+
+    template<typename fwd_iter>
+    bool build(fwd_iter p, size num_nodes)
+    {
+        if (num_nodes == 0) {
+            abs.root = null();
+            return true;
+        }
+
+        // Gives path to subtree being built.  If branch[N] is false, branch
+        // less from the node at depth N, if true branch greater.
+        BSet branch;
+
+        // If rem[N] is true, then for the current subtree at depth N, it's
+        // greater subtree has one more node than it's less subtree.
+        BSet rem;
+
+            // Depth of root node of current subtree.
+        unsigned depth = 0;
+
+            // Number of nodes in current subtree.
+        size num_sub = num_nodes;
+
+        // The algorithm relies on a stack of nodes whose less subtree has
+        // been built, but whose right subtree has not yet been built.  The
+        // stack is implemented as linked list.  The nodes are linked
+        // together by having the "greater" handle of a node set to the
+        // next node in the list.  "less_parent" is the handle of the first
+        // node in the list.
+        handle less_parent = null();
+
+        // h is root of current subtree, child is one of its children.
+        handle h, child;
+
+        for (;;) {
+            while (num_sub > 2) {
+                // Subtract one for root of subtree.
+                num_sub--;
+                rem[depth] = !!(num_sub & 1);
+                branch[depth++] = false;
+                num_sub >>= 1;
+            }
+
+            if (num_sub == 2) {
+                // Build a subtree with two nodes, slanting to greater.
+                // I arbitrarily chose to always have the extra node in the
+                // greater subtree when there is an odd number of nodes to
+                // split between the two subtrees.
+
+                h = *p;
+                p++;
+                child = *p;
+                p++;
+                set_lt(child, null());
+                set_gt(child, null());
+                set_bf(child, 0);
+                set_gt(h, child);
+                set_lt(h, null());
+                set_bf(h, 1);
+            } else { // num_sub == 1
+                // Build a subtree with one node.
+
+                h = *p;
+                p++;
+                set_lt(h, null());
+                set_gt(h, null());
+                set_bf(h, 0);
+            }
+
+            while (depth) {
+                depth--;
+                if (!branch[depth])
+                    // We've completed a less subtree.
+                    break;
+
+                // We've completed a greater subtree, so attach it to
+                // its parent (that is less than it).  We pop the parent
+                // off the stack of less parents.
+                child = h;
+                h = less_parent;
+                less_parent = get_gt(h);
+                set_gt(h, child);
+                // num_sub = 2 * (num_sub - rem[depth]) + rem[depth] + 1
+                num_sub <<= 1;
+                num_sub += 1 - rem[depth];
+                if (num_sub & (num_sub - 1))
+                    // num_sub is not a power of 2
+                    set_bf(h, 0);
+                else
+                    // num_sub is a power of 2
+                    set_bf(h, 1);
+            }
+
+            if (num_sub == num_nodes)
+                // We've completed the full tree.
+                break;
+
+            // The subtree we've completed is the less subtree of the
+            // next node in the sequence.
+
+            child = h;
+            h = *p;
+            p++;
+            set_lt(h, child);
+
+            // Put h into stack of less parents.
+            set_gt(h, less_parent);
+            less_parent = h;
+
+            // Proceed to creating greater than subtree of h.
+            branch[depth] = true;
+            num_sub += rem[depth++];
+
+        } // end for (;;)
+
+        abs.root = h;
+
+        return true;
+    }
+
+protected:
+
+    friend class Iterator;
+
+    // Create a class whose sole purpose is to take advantage of
+    // the "empty member" optimization.
+    struct abs_plus_root : public Abstractor {
+        // The handle of the root element in the AVL tree.
+        handle root;
+    };
+
+    abs_plus_root abs;
+
+
+    handle get_lt(handle h) { return abs.get_less(h); }
+    void set_lt(handle h, handle lh) { abs.set_less(h, lh); }
+
+    handle get_gt(handle h) { return abs.get_greater(h); }
+    void set_gt(handle h, handle gh) { abs.set_greater(h, gh); }
+
+    int get_bf(handle h) { return abs.get_balance_factor(h); }
+    void set_bf(handle h, int bf) { abs.set_balance_factor(h, bf); }
+
+    int cmp_k_n(key k, handle h) { return abs.compare_key_node(k, h); }
+    int cmp_n_n(handle h1, handle h2) { return abs.compare_node_node(h1, h2); }
+
+    handle null() { return abs.null(); }
+
+private:
+
+    // Balances subtree, returns handle of root node of subtree
+    // after balancing.
+    handle balance(handle bal_h)
+    {
+        handle deep_h;
+
+        // Either the "greater than" or the "less than" subtree of
+        // this node has to be 2 levels deeper (or else it wouldn't
+        // need balancing).
+
+        if (get_bf(bal_h) > 0) {
+            // "Greater than" subtree is deeper.
+
+            deep_h = get_gt(bal_h);
+
+            if (get_bf(deep_h) < 0) {
+                handle old_h = bal_h;
+                bal_h = get_lt(deep_h);
+
+                set_gt(old_h, get_lt(bal_h));
+                set_lt(deep_h, get_gt(bal_h));
+                set_lt(bal_h, old_h);
+                set_gt(bal_h, deep_h);
+
+                int bf = get_bf(bal_h);
+                if (bf != 0) {
+                    if (bf > 0) {
+                        set_bf(old_h, -1);
+                        set_bf(deep_h, 0);
+                    } else {
+                        set_bf(deep_h, 1);
+                        set_bf(old_h, 0);
+                    }
+                    set_bf(bal_h, 0);
+                } else {
+                    set_bf(old_h, 0);
+                    set_bf(deep_h, 0);
+                }
+            } else {
+                set_gt(bal_h, get_lt(deep_h));
+                set_lt(deep_h, bal_h);
+                if (get_bf(deep_h) == 0) {
+                    set_bf(deep_h, -1);
+                    set_bf(bal_h, 1);
+                } else {
+                    set_bf(deep_h, 0);
+                    set_bf(bal_h, 0);
+                }
+                bal_h = deep_h;
+            }
+        } else {
+            // "Less than" subtree is deeper.
+
+            deep_h = get_lt(bal_h);
+
+            if (get_bf(deep_h) > 0) {
+                handle old_h = bal_h;
+                bal_h = get_gt(deep_h);
+                set_lt(old_h, get_gt(bal_h));
+                set_gt(deep_h, get_lt(bal_h));
+                set_gt(bal_h, old_h);
+                set_lt(bal_h, deep_h);
+
+                int bf = get_bf(bal_h);
+                if (bf != 0) {
+                    if (bf < 0) {
+                        set_bf(old_h, 1);
+                        set_bf(deep_h, 0);
+                    } else {
+                        set_bf(deep_h, -1);
+                        set_bf(old_h, 0);
+                    }
+                    set_bf(bal_h, 0);
+                } else {
+                    set_bf(old_h, 0);
+                    set_bf(deep_h, 0);
+                }
+            } else {
+                set_lt(bal_h, get_gt(deep_h));
+                set_gt(deep_h, bal_h);
+                if (get_bf(deep_h) == 0) {
+                    set_bf(deep_h, 1);
+                    set_bf(bal_h, -1);
+                } else {
+                    set_bf(deep_h, 0);
+                    set_bf(bal_h, 0);
+                }
+                bal_h = deep_h;
+            }
+        }
+
+        return bal_h;
+    }
+
+};
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::insert(handle h)
+{
+    set_lt(h, null());
+    set_gt(h, null());
+    set_bf(h, 0);
+
+    if (abs.root == null())
+        abs.root = h;
+    else {
+        // Last unbalanced node encountered in search for insertion point.
+        handle unbal = null();
+        // Parent of last unbalanced node.
+        handle parent_unbal = null();
+        // Balance factor of last unbalanced node.
+        int unbal_bf;
+
+        // Zero-based depth in tree.
+        unsigned depth = 0, unbal_depth = 0;
+
+        // Records a path into the tree.  If branch[n] is true, indicates
+        // take greater branch from the nth node in the path, otherwise
+        // take the less branch.  branch[0] gives branch from root, and
+        // so on.
+        BSet branch;
+
+        handle hh = abs.root;
+        handle parent = null();
+        int cmp;
+
+        do {
+            if (get_bf(hh) != 0) {
+                unbal = hh;
+                parent_unbal = parent;
+                unbal_depth = depth;
+            }
+            cmp = cmp_n_n(h, hh);
+            if (cmp == 0)
+                // Duplicate key.
+                return hh;
+            parent = hh;
+            hh = cmp < 0 ? get_lt(hh) : get_gt(hh);
+            branch[depth++] = cmp > 0;
+        } while (hh != null());
+
+        //  Add node to insert as leaf of tree.
+        if (cmp < 0)
+            set_lt(parent, h);
+        else
+            set_gt(parent, h);
+
+        depth = unbal_depth;
+
+        if (unbal == null())
+            hh = abs.root;
+        else {
+            cmp = branch[depth++] ? 1 : -1;
+            unbal_bf = get_bf(unbal);
+            if (cmp < 0)
+                unbal_bf--;
+            else  // cmp > 0
+                unbal_bf++;
+            hh = cmp < 0 ? get_lt(unbal) : get_gt(unbal);
+            if ((unbal_bf != -2) && (unbal_bf != 2)) {
+                // No rebalancing of tree is necessary.
+                set_bf(unbal, unbal_bf);
+                unbal = null();
+            }
+        }
+
+        if (hh != null())
+            while (h != hh) {
+                cmp = branch[depth++] ? 1 : -1;
+                if (cmp < 0) {
+                    set_bf(hh, -1);
+                    hh = get_lt(hh);
+                } else { // cmp > 0
+                    set_bf(hh, 1);
+                    hh = get_gt(hh);
+                }
+            }
+
+        if (unbal != null()) {
+            unbal = balance(unbal);
+            if (parent_unbal == null())
+                abs.root = unbal;
+            else {
+                depth = unbal_depth - 1;
+                cmp = branch[depth] ? 1 : -1;
+                if (cmp < 0)
+                    set_lt(parent_unbal, unbal);
+                else  // cmp > 0
+                    set_gt(parent_unbal, unbal);
+            }
+        }
+    }
+
+    return h;
+}
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::search(key k, typename AVLTree<Abstractor, maxDepth, BSet>::SearchType st)
+{
+    const int MASK_HIGH_BIT = (int) ~ ((~ (unsigned) 0) >> 1);
+
+    int cmp, target_cmp;
+    handle match_h = null();
+    handle h = abs.root;
+
+    if (st & LESS)
+        target_cmp = 1;
+    else if (st & GREATER)
+        target_cmp = -1;
+    else
+        target_cmp = 0;
+
+    while (h != null()) {
+        cmp = cmp_k_n(k, h);
+        if (cmp == 0) {
+            if (st & EQUAL) {
+                match_h = h;
+                break;
+            }
+            cmp = -target_cmp;
+        } else if (target_cmp != 0)
+            if (!((cmp ^ target_cmp) & MASK_HIGH_BIT))
+                // cmp and target_cmp are both positive or both negative.
+                match_h = h;
+        h = cmp < 0 ? get_lt(h) : get_gt(h);
+    }
+
+    return match_h;
+}
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::search_least()
+{
+    handle h = abs.root, parent = null();
+
+    while (h != null()) {
+        parent = h;
+        h = get_lt(h);
+    }
+
+    return parent;
+}
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::search_greatest()
+{
+    handle h = abs.root, parent = null();
+
+    while (h != null()) {
+        parent = h;
+        h = get_gt(h);
+    }
+
+    return parent;
+}
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::remove(key k)
+{
+    // Zero-based depth in tree.
+    unsigned depth = 0, rm_depth;
+
+    // Records a path into the tree.  If branch[n] is true, indicates
+    // take greater branch from the nth node in the path, otherwise
+    // take the less branch.  branch[0] gives branch from root, and
+    // so on.
+    BSet branch;
+
+    handle h = abs.root;
+    handle parent = null(), child;
+    int cmp, cmp_shortened_sub_with_path = 0;
+
+    for (;;) {
+        if (h == null())
+            // No node in tree with given key.
+            return null();
+        cmp = cmp_k_n(k, h);
+        if (cmp == 0)
+            // Found node to remove.
+            break;
+        parent = h;
+        h = cmp < 0 ? get_lt(h) : get_gt(h);
+        branch[depth++] = cmp > 0;
+        cmp_shortened_sub_with_path = cmp;
+    }
+    handle rm = h;
+    handle parent_rm = parent;
+    rm_depth = depth;
+
+    // If the node to remove is not a leaf node, we need to get a
+    // leaf node, or a node with a single leaf as its child, to put
+    // in the place of the node to remove.  We will get the greatest
+    // node in the less subtree (of the node to remove), or the least
+    // node in the greater subtree.  We take the leaf node from the
+    // deeper subtree, if there is one.
+
+    if (get_bf(h) < 0) {
+        child = get_lt(h);
+        branch[depth] = false;
+        cmp = -1;
+    } else {
+        child = get_gt(h);
+        branch[depth] = true;
+        cmp = 1;
+    }
+    depth++;
+
+    if (child != null()) {
+        cmp = -cmp;
+        do {
+            parent = h;
+            h = child;
+            if (cmp < 0) {
+                child = get_lt(h);
+                branch[depth] = false;
+            } else {
+                child = get_gt(h);
+                branch[depth] = true;
+            }
+            depth++;
+        } while (child != null());
+
+        if (parent == rm)
+            // Only went through do loop once.  Deleted node will be replaced
+            // in the tree structure by one of its immediate children.
+            cmp_shortened_sub_with_path = -cmp;
+        else
+            cmp_shortened_sub_with_path = cmp;
+
+        // Get the handle of the opposite child, which may not be null.
+        child = cmp > 0 ? get_lt(h) : get_gt(h);
+    }
+
+    if (parent == null())
+        // There were only 1 or 2 nodes in this tree.
+        abs.root = child;
+    else if (cmp_shortened_sub_with_path < 0)
+        set_lt(parent, child);
+    else
+        set_gt(parent, child);
+
+    // "path" is the parent of the subtree being eliminated or reduced
+    // from a depth of 2 to 1.  If "path" is the node to be removed, we
+    // set path to the node we're about to poke into the position of the
+    // node to be removed.
+    handle path = parent == rm ? h : parent;
+
+    if (h != rm) {
+        // Poke in the replacement for the node to be removed.
+        set_lt(h, get_lt(rm));
+        set_gt(h, get_gt(rm));
+        set_bf(h, get_bf(rm));
+        if (parent_rm == null())
+            abs.root = h;
+        else {
+            depth = rm_depth - 1;
+            if (branch[depth])
+                set_gt(parent_rm, h);
+            else
+                set_lt(parent_rm, h);
+        }
+    }
+
+    if (path != null()) {
+        // Create a temporary linked list from the parent of the path node
+        // to the root node.
+        h = abs.root;
+        parent = null();
+        depth = 0;
+        while (h != path) {
+            if (branch[depth++]) {
+                child = get_gt(h);
+                set_gt(h, parent);
+            } else {
+                child = get_lt(h);
+                set_lt(h, parent);
+            }
+            parent = h;
+            h = child;
+        }
+
+        // Climb from the path node to the root node using the linked
+        // list, restoring the tree structure and rebalancing as necessary.
+        bool reduced_depth = true;
+        int bf;
+        cmp = cmp_shortened_sub_with_path;
+        for (;;) {
+            if (reduced_depth) {
+                bf = get_bf(h);
+                if (cmp < 0)
+                    bf++;
+                else  // cmp > 0
+                    bf--;
+                if ((bf == -2) || (bf == 2)) {
+                    h = balance(h);
+                    bf = get_bf(h);
+                } else
+                    set_bf(h, bf);
+                reduced_depth = (bf == 0);
+            }
+            if (parent == null())
+                break;
+            child = h;
+            h = parent;
+            cmp = branch[--depth] ? 1 : -1;
+            if (cmp < 0)    {
+                parent = get_lt(h);
+                set_lt(h, child);
+            } else {
+                parent = get_gt(h);
+                set_gt(h, child);
+            }
+        }
+        abs.root = h;
+    }
+
+    return rm;
+}
+
+template <class Abstractor, unsigned maxDepth, class BSet>
+inline typename AVLTree<Abstractor, maxDepth, BSet>::handle
+AVLTree<Abstractor, maxDepth, BSet>::subst(handle new_node)
+{
+    handle h = abs.root;
+    handle parent = null();
+    int cmp, last_cmp;
+
+    /* Search for node already in tree with same key. */
+    for (;;) {
+        if (h == null())
+            /* No node in tree with same key as new node. */
+            return null();
+        cmp = cmp_n_n(new_node, h);
+        if (cmp == 0)
+            /* Found the node to substitute new one for. */
+            break;
+        last_cmp = cmp;
+        parent = h;
+        h = cmp < 0 ? get_lt(h) : get_gt(h);
+    }
+
+    /* Copy tree housekeeping fields from node in tree to new node. */
+    set_lt(new_node, get_lt(h));
+    set_gt(new_node, get_gt(h));
+    set_bf(new_node, get_bf(h));
+
+    if (parent == null())
+        /* New node is also new root. */
+        abs.root = new_node;
+    else {
+        /* Make parent point to new node. */
+        if (last_cmp < 0)
+            set_lt(parent, new_node);
+        else
+            set_gt(parent, new_node);
+    }
+
+    return h;
+}
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AlwaysInline.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AlwaysInline.h
new file mode 100644
index 000000000..64fdd9957
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/AlwaysInline.h
@@ -0,0 +1,63 @@
+/*
+ *  Copyright (C) 2005, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "Platform.h"
+
+#ifndef ALWAYS_INLINE
+#if COMPILER(GCC) && defined(NDEBUG) && !COMPILER(MINGW)
+#define ALWAYS_INLINE inline __attribute__((__always_inline__))
+#elif COMPILER(MSVC) && defined(NDEBUG)
+#define ALWAYS_INLINE __forceinline
+#else
+#define ALWAYS_INLINE inline
+#endif
+#endif
+
+#ifndef NEVER_INLINE
+#if COMPILER(GCC)
+#define NEVER_INLINE __attribute__((__noinline__))
+#else
+#define NEVER_INLINE
+#endif
+#endif
+
+#ifndef UNLIKELY
+#if COMPILER(GCC)
+#define UNLIKELY(x) __builtin_expect((x), 0)
+#else
+#define UNLIKELY(x) (x)
+#endif
+#endif
+
+#ifndef LIKELY
+#if COMPILER(GCC)
+#define LIKELY(x) __builtin_expect((x), 1)
+#else
+#define LIKELY(x) (x)
+#endif
+#endif
+
+#ifndef NO_RETURN
+#if COMPILER(GCC)
+#define NO_RETURN __attribute((__noreturn__))
+#else
+#define NO_RETURN
+#endif
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.cpp
new file mode 100644
index 000000000..5af1377f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.cpp
@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2003, 2006, 2007 Apple Inc.  All rights reserved.
+ * Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Assertions.h"
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+
+#if PLATFORM(MAC)
+#include <CoreFoundation/CFString.h>
+#endif
+
+#if COMPILER(MSVC) && !PLATFORM(WINCE)
+#ifndef WINVER
+#define WINVER 0x0500
+#endif
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0500
+#endif
+#include <windows.h>
+#include <crtdbg.h>
+#endif
+
+#if PLATFORM(WINCE)
+#include <winbase.h>
+#endif
+
+extern "C" {
+
+WTF_ATTRIBUTE_PRINTF(1, 0)
+static void vprintf_stderr_common(const char* format, va_list args)
+{
+#if PLATFORM(MAC)
+    if (strstr(format, "%@")) {
+        CFStringRef cfFormat = CFStringCreateWithCString(NULL, format, kCFStringEncodingUTF8);
+        CFStringRef str = CFStringCreateWithFormatAndArguments(NULL, NULL, cfFormat, args);
+
+        int length = CFStringGetMaximumSizeForEncoding(CFStringGetLength(str), kCFStringEncodingUTF8);
+        char* buffer = (char*)malloc(length + 1);
+
+        CFStringGetCString(str, buffer, length, kCFStringEncodingUTF8);
+
+        fputs(buffer, stderr);
+
+        free(buffer);
+        CFRelease(str);
+        CFRelease(cfFormat);
+    } else
+#elif COMPILER(MSVC) && !defined(WINCEBASIC)
+# if !defined(_WIN32_WCE) || (_WIN32_WCE >= 0x600)
+    if (IsDebuggerPresent())
+# endif
+    {
+        size_t size = 1024;
+
+        do {
+            char* buffer = (char*)malloc(size);
+
+            if (buffer == NULL)
+                break;
+
+            if (_vsnprintf(buffer, size, format, args) != -1) {
+#if PLATFORM(WINCE)
+                // WinCE only supports wide chars
+                wchar_t* wideBuffer = (wchar_t*)malloc(size * sizeof(wchar_t));
+                if (wideBuffer == NULL)
+                    break;
+                for (unsigned int i = 0; i < size; ++i) {
+                    if (!(wideBuffer[i] = buffer[i]))
+                        break;
+                }
+                OutputDebugStringW(wideBuffer);
+                free(wideBuffer);
+#else
+                OutputDebugStringA(buffer);
+#endif
+                free(buffer);
+                break;
+            }
+
+            free(buffer);
+            size *= 2;
+        } while (size > 1024);
+    }
+#endif
+#if PLATFORM(SYMBIAN)
+    vfprintf(stdout, format, args);
+#else
+    vfprintf(stderr, format, args);
+#endif
+}
+
+WTF_ATTRIBUTE_PRINTF(1, 2)
+static void printf_stderr_common(const char* format, ...)
+{
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+}
+
+static void printCallSite(const char* file, int line, const char* function)
+{
+#if PLATFORM(WIN) && !PLATFORM(WINCE) && defined _DEBUG
+    _CrtDbgReport(_CRT_WARN, file, line, NULL, "%s\n", function);
+#else
+    printf_stderr_common("(%s:%d %s)\n", file, line, function);
+#endif
+}
+
+void WTFReportAssertionFailure(const char* file, int line, const char* function, const char* assertion)
+{
+    if (assertion)
+        printf_stderr_common("ASSERTION FAILED: %s\n", assertion);
+    else
+        printf_stderr_common("SHOULD NEVER BE REACHED\n");
+    printCallSite(file, line, function);
+}
+
+void WTFReportAssertionFailureWithMessage(const char* file, int line, const char* function, const char* assertion, const char* format, ...)
+{
+    printf_stderr_common("ASSERTION FAILED: ");
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+    printf_stderr_common("\n%s\n", assertion);
+    printCallSite(file, line, function);
+}
+
+void WTFReportArgumentAssertionFailure(const char* file, int line, const char* function, const char* argName, const char* assertion)
+{
+    printf_stderr_common("ARGUMENT BAD: %s, %s\n", argName, assertion);
+    printCallSite(file, line, function);
+}
+
+void WTFReportFatalError(const char* file, int line, const char* function, const char* format, ...)
+{
+    printf_stderr_common("FATAL ERROR: ");
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+    printf_stderr_common("\n");
+    printCallSite(file, line, function);
+}
+
+void WTFReportError(const char* file, int line, const char* function, const char* format, ...)
+{
+    printf_stderr_common("ERROR: ");
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+    printf_stderr_common("\n");
+    printCallSite(file, line, function);
+}
+
+void WTFLog(WTFLogChannel* channel, const char* format, ...)
+{
+    if (channel->state != WTFLogChannelOn)
+        return;
+
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+    if (format[strlen(format) - 1] != '\n')
+        printf_stderr_common("\n");
+}
+
+void WTFLogVerbose(const char* file, int line, const char* function, WTFLogChannel* channel, const char* format, ...)
+{
+    if (channel->state != WTFLogChannelOn)
+        return;
+
+    va_list args;
+    va_start(args, format);
+    vprintf_stderr_common(format, args);
+    va_end(args);
+    if (format[strlen(format) - 1] != '\n')
+        printf_stderr_common("\n");
+    printCallSite(file, line, function);
+}
+
+} // extern "C"
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.h
new file mode 100644
index 000000000..f529a62ea
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Assertions.h
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2003, 2006, 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_Assertions_h
+#define WTF_Assertions_h
+
+/*
+   no namespaces because this file has to be includable from C and Objective-C
+
+   Note, this file uses many GCC extensions, but it should be compatible with
+   C, Objective C, C++, and Objective C++.
+
+   For non-debug builds, everything is disabled by default.
+   Defining any of the symbols explicitly prevents this from having any effect.
+   
+   MSVC7 note: variadic macro support was added in MSVC8, so for now we disable
+   those macros in MSVC7. For more info, see the MSDN document on variadic 
+   macros here:
+   
+   http://msdn2.microsoft.com/en-us/library/ms177415(VS.80).aspx
+*/
+
+#include "Platform.h"
+
+#if COMPILER(MSVC)
+#include <stddef.h>
+#else
+#include <inttypes.h>
+#endif
+
+#if PLATFORM(SYMBIAN)
+#include <e32def.h>
+#include <e32debug.h>
+#endif
+
+#ifdef NDEBUG
+#define ASSERTIONS_DISABLED_DEFAULT 1
+#else
+#define ASSERTIONS_DISABLED_DEFAULT 0
+#endif
+
+#ifndef ASSERT_DISABLED
+#define ASSERT_DISABLED ASSERTIONS_DISABLED_DEFAULT
+#endif
+
+#ifndef ASSERT_ARG_DISABLED
+#define ASSERT_ARG_DISABLED ASSERTIONS_DISABLED_DEFAULT
+#endif
+
+#ifndef FATAL_DISABLED
+#define FATAL_DISABLED ASSERTIONS_DISABLED_DEFAULT
+#endif
+
+#ifndef ERROR_DISABLED
+#define ERROR_DISABLED ASSERTIONS_DISABLED_DEFAULT
+#endif
+
+#ifndef LOG_DISABLED
+#define LOG_DISABLED ASSERTIONS_DISABLED_DEFAULT
+#endif
+
+#if COMPILER(GCC)
+#define WTF_PRETTY_FUNCTION __PRETTY_FUNCTION__
+#else
+#define WTF_PRETTY_FUNCTION __FUNCTION__
+#endif
+
+/* WTF logging functions can process %@ in the format string to log a NSObject* but the printf format attribute
+   emits a warning when %@ is used in the format string.  Until <rdar://problem/5195437> is resolved we can't include
+   the attribute when being used from Objective-C code in case it decides to use %@. */
+#if COMPILER(GCC) && !defined(__OBJC__)
+#define WTF_ATTRIBUTE_PRINTF(formatStringArgument, extraArguments) __attribute__((__format__(printf, formatStringArgument, extraArguments)))
+#else
+#define WTF_ATTRIBUTE_PRINTF(formatStringArgument, extraArguments) 
+#endif
+
+/* These helper functions are always declared, but not necessarily always defined if the corresponding function is disabled. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum { WTFLogChannelOff, WTFLogChannelOn } WTFLogChannelState;
+
+typedef struct {
+    unsigned mask;
+    const char *defaultName;
+    WTFLogChannelState state;
+} WTFLogChannel;
+
+void WTFReportAssertionFailure(const char* file, int line, const char* function, const char* assertion);
+void WTFReportAssertionFailureWithMessage(const char* file, int line, const char* function, const char* assertion, const char* format, ...) WTF_ATTRIBUTE_PRINTF(5, 6);
+void WTFReportArgumentAssertionFailure(const char* file, int line, const char* function, const char* argName, const char* assertion);
+void WTFReportFatalError(const char* file, int line, const char* function, const char* format, ...) WTF_ATTRIBUTE_PRINTF(4, 5);
+void WTFReportError(const char* file, int line, const char* function, const char* format, ...) WTF_ATTRIBUTE_PRINTF(4, 5);
+void WTFLog(WTFLogChannel* channel, const char* format, ...) WTF_ATTRIBUTE_PRINTF(2, 3);
+void WTFLogVerbose(const char* file, int line, const char* function, WTFLogChannel* channel, const char* format, ...) WTF_ATTRIBUTE_PRINTF(5, 6);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* CRASH -- gets us into the debugger or the crash reporter -- signals are ignored by the crash reporter so we must do better */
+
+#ifndef CRASH
+#if PLATFORM(SYMBIAN)
+#define CRASH() do { \
+    __DEBUGGER(); \
+    User::Panic(_L("Webkit CRASH"),0); \
+    } while(false)
+#else
+#define CRASH() do { \
+    *(int *)(uintptr_t)0xbbadbeef = 0; \
+    ((void(*)())0)(); /* More reliable, but doesn't say BBADBEEF */ \
+} while(false)
+#endif
+#endif
+
+/* ASSERT, ASSERT_WITH_MESSAGE, ASSERT_NOT_REACHED */
+
+#if PLATFORM(WINCE) && !PLATFORM(TORCHMOBILE)
+/* FIXME: We include this here only to avoid a conflict with the ASSERT macro. */
+#include <windows.h>
+#undef min
+#undef max
+#undef ERROR
+#endif
+
+#if PLATFORM(WIN_OS) || PLATFORM(SYMBIAN)
+/* FIXME: Change to use something other than ASSERT to avoid this conflict with the underlying platform */
+#undef ASSERT
+#endif
+
+#if ASSERT_DISABLED
+
+#define ASSERT(assertion) ((void)0)
+#if COMPILER(MSVC7)
+#define ASSERT_WITH_MESSAGE(assertion) ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define ASSERT_WITH_MESSAGE(assertion...) ((void)0)
+#else
+#define ASSERT_WITH_MESSAGE(assertion, ...) ((void)0)
+#endif /* COMPILER(MSVC7) */
+#define ASSERT_NOT_REACHED() ((void)0)
+#define ASSERT_UNUSED(variable, assertion) ((void)variable)
+
+#else
+
+#define ASSERT(assertion) do \
+    if (!(assertion)) { \
+        WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #assertion); \
+        CRASH(); \
+    } \
+while (0)
+#if COMPILER(MSVC7)
+#define ASSERT_WITH_MESSAGE(assertion) ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define ASSERT_WITH_MESSAGE(assertion...) ((void)0)
+#else
+#define ASSERT_WITH_MESSAGE(assertion, ...) do \
+    if (!(assertion)) { \
+        WTFReportAssertionFailureWithMessage(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #assertion, __VA_ARGS__); \
+        CRASH(); \
+    } \
+while (0)
+#endif /* COMPILER(MSVC7) */
+#define ASSERT_NOT_REACHED() do { \
+    WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, 0); \
+    CRASH(); \
+} while (0)
+
+#define ASSERT_UNUSED(variable, assertion) ASSERT(assertion)
+
+#endif
+
+/* ASSERT_ARG */
+
+#if ASSERT_ARG_DISABLED
+
+#define ASSERT_ARG(argName, assertion) ((void)0)
+
+#else
+
+#define ASSERT_ARG(argName, assertion) do \
+    if (!(assertion)) { \
+        WTFReportArgumentAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #argName, #assertion); \
+        CRASH(); \
+    } \
+while (0)
+
+#endif
+
+/* COMPILE_ASSERT */
+#ifndef COMPILE_ASSERT
+#define COMPILE_ASSERT(exp, name) typedef int dummy##name [(exp) ? 1 : -1]
+#endif
+
+/* FATAL */
+
+#if FATAL_DISABLED && !COMPILER(MSVC7) && !PLATFORM(SYMBIAN)
+#define FATAL(...) ((void)0)
+#elif COMPILER(MSVC7)
+#define FATAL() ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define FATAL(args...) ((void)0)
+#else
+#define FATAL(...) do { \
+    WTFReportFatalError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, __VA_ARGS__); \
+    CRASH(); \
+} while (0)
+#endif
+
+/* LOG_ERROR */
+
+#if ERROR_DISABLED && !COMPILER(MSVC7) && !PLATFORM(SYMBIAN)
+#define LOG_ERROR(...) ((void)0)
+#elif COMPILER(MSVC7)
+#define LOG_ERROR() ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define LOG_ERROR(args...) ((void)0)
+#else
+#define LOG_ERROR(...) WTFReportError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, __VA_ARGS__)
+#endif
+
+/* LOG */
+
+#if LOG_DISABLED && !COMPILER(MSVC7) && !PLATFORM(SYMBIAN)
+#define LOG(channel, ...) ((void)0)
+#elif COMPILER(MSVC7)
+#define LOG() ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define LOG(channel, args...) ((void)0)
+#else
+#define LOG(channel, ...) WTFLog(&JOIN_LOG_CHANNEL_WITH_PREFIX(LOG_CHANNEL_PREFIX, channel), __VA_ARGS__)
+#define JOIN_LOG_CHANNEL_WITH_PREFIX(prefix, channel) JOIN_LOG_CHANNEL_WITH_PREFIX_LEVEL_2(prefix, channel)
+#define JOIN_LOG_CHANNEL_WITH_PREFIX_LEVEL_2(prefix, channel) prefix ## channel
+#endif
+
+/* LOG_VERBOSE */
+
+#if LOG_DISABLED && !COMPILER(MSVC7) && !PLATFORM(SYMBIAN)
+#define LOG_VERBOSE(channel, ...) ((void)0)
+#elif COMPILER(MSVC7)
+#define LOG_VERBOSE(channel) ((void)0)
+#elif PLATFORM(SYMBIAN)
+#define LOG_VERBOSE(channel, args...) ((void)0)
+#else
+#define LOG_VERBOSE(channel, ...) WTFLogVerbose(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, &JOIN_LOG_CHANNEL_WITH_PREFIX(LOG_CHANNEL_PREFIX, channel), __VA_ARGS__)
+#endif
+
+#endif /* WTF_Assertions_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.cpp
new file mode 100644
index 000000000..526f14782
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ByteArray.h"
+
+namespace WTF {
+
+PassRefPtr<ByteArray> ByteArray::create(size_t size)
+{
+    unsigned char* buffer = new unsigned char[size + sizeof(ByteArray) - sizeof(size_t)];
+    ASSERT((reinterpret_cast<size_t>(buffer) & 3) == 0);
+    return adoptRef(new (buffer) ByteArray(size));
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.h
new file mode 100644
index 000000000..f5f5ded8f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ByteArray.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ByteArray_h
+#define ByteArray_h
+
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+
+namespace WTF {
+    class ByteArray : public RefCountedBase {
+    public:
+        unsigned length() const { return m_size; }
+
+        void set(unsigned index, double value)
+        {
+            if (index >= m_size)
+                return;
+            if (!(value > 0)) // Clamp NaN to 0
+                value = 0;
+            else if (value > 255)
+                value = 255;
+            m_data[index] = static_cast<unsigned char>(value + 0.5);
+        }
+
+        void set(unsigned index, unsigned char value)
+        {
+            if (index >= m_size)
+                return;
+            m_data[index] = value;
+        }
+
+        bool get(unsigned index, unsigned char& result) const
+        {
+            if (index >= m_size)
+                return false;
+            result = m_data[index];
+            return true;
+        }
+
+        unsigned char get(unsigned index) const
+        {
+            ASSERT(index < m_size);
+            return m_data[index];
+        }
+
+        unsigned char* data() { return m_data; }
+
+        void deref()
+        {
+            if (derefBase()) {
+                // We allocated with new unsigned char[] in create(),
+                // and then used placement new to construct the object.
+                this->~ByteArray();
+                delete[] reinterpret_cast<unsigned char*>(this);
+            }
+        }
+
+        static PassRefPtr<ByteArray> create(size_t size);
+
+    private:
+        ByteArray(size_t size)
+            : m_size(size)
+        {
+        }
+        size_t m_size;
+        unsigned char m_data[sizeof(size_t)];
+    };
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CONTRIBUTORS.pthreads-win32 b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CONTRIBUTORS.pthreads-win32
new file mode 100644
index 000000000..7de0f2606
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CONTRIBUTORS.pthreads-win32
@@ -0,0 +1,137 @@
+This is a copy of CONTRIBUTORS file for the Pthreads-win32 library, downloaded
+from http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/pthreads/CONTRIBUTORS?rev=1.32&cvsroot=pthreads-win32
+
+Included here to compliment the Pthreads-win32 license header in wtf/ThreadingWin.cpp file.
+WebKit is using derived sources of ThreadCondition code from Pthreads-win32.
+
+-------------------------------------------------------------------------------
+
+Contributors (in approximate order of appearance)
+
+[See also the ChangeLog file where individuals are
+attributed in log entries. Likewise in the FAQ file.]
+
+Ben Elliston		bje at cygnus dot com
+					Initiated the project;
+					setup the project infrastructure (CVS, web page, etc.);
+					early prototype routines.
+Ross Johnson		rpj at callisto dot canberra dot edu dot au
+					early prototype routines;
+					ongoing project coordination/maintenance;
+					implementation of spin locks and barriers;
+					various enhancements;
+					bug fixes;
+					documentation;
+					testsuite.
+Robert Colquhoun	rjc at trump dot net dot au
+					Early bug fixes.
+John E. Bossom		John dot Bossom at cognos dot com
+					Contributed substantial original working implementation;
+					bug fixes;
+					ongoing guidance and standards interpretation.
+Anders Norlander	anorland at hem2 dot passagen dot se
+					Early enhancements and runtime checking for supported
+					Win32 routines.
+Tor Lillqvist		tml at iki dot fi
+					General enhancements;
+					early bug fixes to condition variables.
+Scott Lightner		scott at curriculum dot com
+					Bug fix.
+Kevin Ruland		Kevin dot Ruland at anheuser-busch dot com
+					Various bug fixes.
+Mike Russo		miker at eai dot com
+					Bug fix.
+Mark E. Armstrong	avail at pacbell dot net
+					Bug fixes.
+Lorin Hochstein 	lmh at xiphos dot ca
+					general bug fixes; bug fixes to condition variables.
+Peter Slacik		Peter dot Slacik at tatramed dot sk
+					Bug fixes.
+Mumit Khan		khan at xraylith dot wisc dot edu
+					Fixes to work with Mingw32.
+Milan Gardian		mg at tatramed dot sk
+					Bug fixes and reports/analyses of obscure problems.
+Aurelio Medina		aureliom at crt dot com
+					First implementation of read-write locks.
+Graham Dumpleton	Graham dot Dumpleton at ra dot pad dot otc dot telstra dot com dot au
+					Bug fix in condition variables.
+Tristan Savatier	tristan at mpegtv dot com
+					WinCE port.
+Erik Hensema		erik at hensema dot xs4all dot nl
+					Bug fixes.
+Rich Peters		rpeters at micro-magic dot com
+Todd Owen		towen at lucidcalm dot dropbear dot id dot au
+					Bug fixes to dll loading.
+Jason Nye		jnye at nbnet dot nb dot ca
+					Implementation of async cancelation.
+Fred Forester		fforest at eticomm dot net
+Kevin D. Clark		kclark at cabletron dot com
+David Baggett		dmb at itasoftware dot com
+					Bug fixes.
+Paul Redondo		paul at matchvision dot com
+Scott McCaskill 	scott at 3dfx dot com
+					Bug fixes.
+Jef Gearhart		jgearhart at tpssys dot com
+					Bug fix.
+Arthur Kantor		akantor at bexusa dot com
+					Mutex enhancements.
+Steven Reddie		smr at essemer dot com dot au
+					Bug fix.
+Alexander Terekhov	TEREKHOV at de dot ibm dot com
+					Re-implemented and improved read-write locks;
+					(with Louis Thomas) re-implemented and improved
+					condition variables;
+					enhancements to semaphores;
+					enhancements to mutexes;
+					new mutex implementation in 'futex' style;
+					suggested a robust implementation of pthread_once
+					similar to that implemented by V.Kliathcko;
+					system clock change handling re CV timeouts;
+					bug fixes.
+Thomas Pfaff		tpfaff at gmx dot net
+					Changes to make C version usable with C++ applications;
+					re-implemented mutex routines to avoid Win32 mutexes
+					and TryEnterCriticalSection;
+					procedure to fix Mingw32 thread-safety issues.
+Franco Bez		franco dot bez at gmx dot de
+					procedure to fix Mingw32 thread-safety issues.
+Louis Thomas		lthomas at arbitrade dot com
+					(with Alexander Terekhov) re-implemented and improved
+					condition variables.
+David Korn		dgk at research dot att dot com
+					Ported to UWIN.
+Phil Frisbie, Jr.	phil at hawksoft dot com
+					Bug fix.
+Ralf Brese		Ralf dot Brese at pdb4 dot siemens dot de
+					Bug fix.
+prionx at juno dot com 	prionx at juno dot com
+					Bug fixes.
+Max Woodbury		mtew at cds dot duke dot edu
+					POSIX versioning conditionals;
+					reduced namespace pollution;
+					idea to separate routines to reduce statically
+					linked image sizes.
+Rob Fanner		rfanner at stonethree dot com
+					Bug fix.
+Michael Johnson 	michaelj at maine dot rr dot com
+					Bug fix.
+Nicolas Barry		boozai at yahoo dot com
+					Bug fixes.
+Piet van Bruggen	pietvb at newbridges dot nl
+					Bug fix.
+Makoto Kato		raven at oldskool dot jp
+					AMD64 port.
+Panagiotis E. Hadjidoukas	peh at hpclab dot ceid dot upatras dot gr
+					Contributed the QueueUserAPCEx package which
+					makes preemptive async cancelation possible.
+Will Bryant		will dot bryant at ecosm dot com
+					Borland compiler patch and makefile.
+Anuj Goyal		anuj dot goyal at gmail dot com
+					Port to Digital Mars compiler.
+Gottlob Frege		gottlobfrege at  gmail dot com
+					re-implemented pthread_once (version 2)
+					(pthread_once cancellation added by rpj).
+Vladimir Kliatchko	vladimir at kliatchko dot com
+					reimplemented pthread_once with the same form
+					as described by A.Terekhov (later version 2);
+					implementation of MCS (Mellor-Crummey/Scott) locks.
\ No newline at end of file
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CrossThreadRefCounted.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CrossThreadRefCounted.h
new file mode 100644
index 000000000..6a0521121
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CrossThreadRefCounted.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CrossThreadRefCounted_h
+#define CrossThreadRefCounted_h
+
+#include <wtf/Noncopyable.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+#include <wtf/Threading.h>
+
+namespace WTF {
+
+    // Used to allowing sharing data across classes and threads (like ThreadedSafeShared).
+    //
+    // Why not just use ThreadSafeShared?
+    // ThreadSafeShared can have a significant perf impact when used in low level classes
+    // (like UString) that get ref/deref'ed a lot. This class has the benefit of doing fast ref
+    // counts like RefPtr whenever possible, but it has the downside that you need to copy it
+    // to use it on another thread.
+    //
+    // Is this class threadsafe?
+    // While each instance of the class is not threadsafe, the copied instance is threadsafe
+    // with respect to the original and any other copies.  The underlying m_data is jointly
+    // owned by the original instance and all copies.
+    template<class T>
+    class CrossThreadRefCounted : public Noncopyable {
+    public:
+        static PassRefPtr<CrossThreadRefCounted<T> > create(T* data)
+        {
+            return adoptRef(new CrossThreadRefCounted<T>(data, 0));
+        }
+
+        // Used to make an instance that can be used on another thread.
+        PassRefPtr<CrossThreadRefCounted<T> > crossThreadCopy();
+
+        void ref();
+        void deref();
+        T* release();
+
+        bool isShared() const
+        {
+            return !m_refCounter.hasOneRef() || (m_threadSafeRefCounter && !m_threadSafeRefCounter->hasOneRef());
+        }
+
+#ifndef NDEBUG
+        bool mayBePassedToAnotherThread() const { ASSERT(!m_threadId); return m_refCounter.hasOneRef(); }
+#endif
+
+    private:
+        CrossThreadRefCounted(T* data, ThreadSafeSharedBase* threadedCounter)
+            : m_threadSafeRefCounter(threadedCounter)
+            , m_data(data)
+#ifndef NDEBUG
+            , m_threadId(0)
+#endif
+        {
+        }
+
+        ~CrossThreadRefCounted()
+        {
+            if (!m_threadSafeRefCounter)
+                delete m_data;
+        }
+
+        void threadSafeDeref();
+
+        RefCountedBase m_refCounter;
+        ThreadSafeSharedBase* m_threadSafeRefCounter;
+        T* m_data;
+#ifndef NDEBUG
+        ThreadIdentifier m_threadId;
+#endif
+    };
+
+    template<class T>
+    void CrossThreadRefCounted<T>::ref()
+    {
+        ASSERT(!m_threadId || m_threadId == currentThread());
+        m_refCounter.ref();
+#ifndef NDEBUG
+        // Store the threadId as soon as the ref count gets to 2.
+        // The class gets created with a ref count of 1 and then passed
+        // to another thread where to ref count get increased.  This
+        // is a heuristic but it seems to always work and has helped
+        // find some bugs.
+        if (!m_threadId && m_refCounter.refCount() == 2)
+            m_threadId = currentThread();
+#endif
+    }
+
+    template<class T>
+    void CrossThreadRefCounted<T>::deref()
+    {
+        ASSERT(!m_threadId || m_threadId == currentThread());
+        if (m_refCounter.derefBase()) {
+            threadSafeDeref();
+            delete this;
+        } else {
+#ifndef NDEBUG
+            // Clear the threadId when the ref goes to 1 because it
+            // is safe to be passed to another thread at this point.
+            if (m_threadId && m_refCounter.refCount() == 1)
+                m_threadId = 0;
+#endif
+        }
+    }
+
+    template<class T>
+    T* CrossThreadRefCounted<T>::release()
+    {
+        ASSERT(!isShared());
+
+        T* data = m_data;
+        m_data = 0;
+        return data;
+    }
+
+    template<class T>
+    PassRefPtr<CrossThreadRefCounted<T> > CrossThreadRefCounted<T>::crossThreadCopy()
+    {
+        if (m_threadSafeRefCounter)
+            m_threadSafeRefCounter->ref();
+        else
+            m_threadSafeRefCounter = new ThreadSafeSharedBase(2);
+        return adoptRef(new CrossThreadRefCounted<T>(m_data, m_threadSafeRefCounter));
+    }
+
+
+    template<class T>
+    void CrossThreadRefCounted<T>::threadSafeDeref()
+    {
+        if (m_threadSafeRefCounter && m_threadSafeRefCounter->derefBase()) {
+            delete m_threadSafeRefCounter;
+            m_threadSafeRefCounter = 0;
+        }
+    }
+} // namespace WTF
+
+using WTF::CrossThreadRefCounted;
+
+#endif // CrossThreadRefCounted_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.cpp
new file mode 100644
index 000000000..a3d52906e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.cpp
@@ -0,0 +1,289 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ * Copyright (C) 2008 Google Inc. All rights reserved.
+ * Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CurrentTime.h"
+
+#if PLATFORM(WIN_OS)
+
+// Windows is first since we want to use hires timers, despite PLATFORM(CF)
+// being defined.
+// If defined, WIN32_LEAN_AND_MEAN disables timeBeginPeriod/timeEndPeriod.
+#undef WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <math.h>
+#include <stdint.h>
+#include <time.h>
+
+#if USE(QUERY_PERFORMANCE_COUNTER)
+#if PLATFORM(WINCE)
+extern "C" time_t mktime(struct tm *t);
+#else
+#include <sys/timeb.h>
+#include <sys/types.h>
+#endif
+#endif
+
+#elif PLATFORM(CF)
+#include <CoreFoundation/CFDate.h>
+#elif PLATFORM(GTK)
+#include <glib.h>
+#elif PLATFORM(WX)
+#include <wx/datetime.h>
+#else // Posix systems relying on the gettimeofday()
+#include <sys/time.h>
+#endif
+
+namespace WTF {
+
+const double msPerSecond = 1000.0;
+
+#if PLATFORM(WIN_OS)
+
+#if USE(QUERY_PERFORMANCE_COUNTER)
+
+static LARGE_INTEGER qpcFrequency;
+static bool syncedTime;
+
+static double highResUpTime()
+{
+    // We use QPC, but only after sanity checking its result, due to bugs:
+    // http://support.microsoft.com/kb/274323
+    // http://support.microsoft.com/kb/895980
+    // http://msdn.microsoft.com/en-us/library/ms644904.aspx ("...you can get different results on different processors due to bugs in the basic input/output system (BIOS) or the hardware abstraction layer (HAL)."
+
+    static LARGE_INTEGER qpcLast;
+    static DWORD tickCountLast;
+    static bool inited;
+
+    LARGE_INTEGER qpc;
+    QueryPerformanceCounter(&qpc);
+    DWORD tickCount = GetTickCount();
+
+    if (inited) {
+        __int64 qpcElapsed = ((qpc.QuadPart - qpcLast.QuadPart) * 1000) / qpcFrequency.QuadPart;
+        __int64 tickCountElapsed;
+        if (tickCount >= tickCountLast)
+            tickCountElapsed = (tickCount - tickCountLast);
+        else {
+#if COMPILER(MINGW)
+            __int64 tickCountLarge = tickCount + 0x100000000ULL;
+#else
+            __int64 tickCountLarge = tickCount + 0x100000000I64;
+#endif
+            tickCountElapsed = tickCountLarge - tickCountLast;
+        }
+
+        // force a re-sync if QueryPerformanceCounter differs from GetTickCount by more than 500ms.
+        // (500ms value is from http://support.microsoft.com/kb/274323)
+        __int64 diff = tickCountElapsed - qpcElapsed;
+        if (diff > 500 || diff < -500)
+            syncedTime = false;
+    } else
+        inited = true;
+
+    qpcLast = qpc;
+    tickCountLast = tickCount;
+
+    return (1000.0 * qpc.QuadPart) / static_cast<double>(qpcFrequency.QuadPart);
+}
+
+static double lowResUTCTime()
+{
+#if PLATFORM(WINCE)
+    SYSTEMTIME systemTime;
+    GetSystemTime(&systemTime);
+    struct tm tmtime;
+    tmtime.tm_year = systemTime.wYear - 1900;
+    tmtime.tm_mon = systemTime.wMonth - 1;
+    tmtime.tm_mday = systemTime.wDay;
+    tmtime.tm_wday = systemTime.wDayOfWeek;
+    tmtime.tm_hour = systemTime.wHour;
+    tmtime.tm_min = systemTime.wMinute;
+    tmtime.tm_sec = systemTime.wSecond;
+    time_t timet = mktime(&tmtime);
+    return timet * msPerSecond + systemTime.wMilliseconds;
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    return timebuffer.time * msPerSecond + timebuffer.millitm;
+#endif
+}
+
+static bool qpcAvailable()
+{
+    static bool available;
+    static bool checked;
+
+    if (checked)
+        return available;
+
+    available = QueryPerformanceFrequency(&qpcFrequency);
+    checked = true;
+    return available;
+}
+
+double currentTime()
+{
+    // Use a combination of ftime and QueryPerformanceCounter.
+    // ftime returns the information we want, but doesn't have sufficient resolution.
+    // QueryPerformanceCounter has high resolution, but is only usable to measure time intervals.
+    // To combine them, we call ftime and QueryPerformanceCounter initially. Later calls will use QueryPerformanceCounter
+    // by itself, adding the delta to the saved ftime.  We periodically re-sync to correct for drift.
+    static bool started;
+    static double syncLowResUTCTime;
+    static double syncHighResUpTime;
+    static double lastUTCTime;
+
+    double lowResTime = lowResUTCTime();
+
+    if (!qpcAvailable())
+        return lowResTime / 1000.0;
+
+    double highResTime = highResUpTime();
+
+    if (!syncedTime) {
+        timeBeginPeriod(1); // increase time resolution around low-res time getter
+        syncLowResUTCTime = lowResTime = lowResUTCTime();
+        timeEndPeriod(1); // restore time resolution
+        syncHighResUpTime = highResTime;
+        syncedTime = true;
+    }
+
+    double highResElapsed = highResTime - syncHighResUpTime;
+    double utc = syncLowResUTCTime + highResElapsed;
+
+    // force a clock re-sync if we've drifted
+    double lowResElapsed = lowResTime - syncLowResUTCTime;
+    const double maximumAllowedDriftMsec = 15.625 * 2.0; // 2x the typical low-res accuracy
+    if (fabs(highResElapsed - lowResElapsed) > maximumAllowedDriftMsec)
+        syncedTime = false;
+
+    // make sure time doesn't run backwards (only correct if difference is < 2 seconds, since DST or clock changes could occur)
+    const double backwardTimeLimit = 2000.0;
+    if (utc < lastUTCTime && (lastUTCTime - utc) < backwardTimeLimit)
+        return lastUTCTime / 1000.0;
+    lastUTCTime = utc;
+    return utc / 1000.0;
+}
+
+#else
+
+static double currentSystemTime()
+{
+    FILETIME ft;
+    GetCurrentFT(&ft);
+
+    // As per Windows documentation for FILETIME, copy the resulting FILETIME structure to a
+    // ULARGE_INTEGER structure using memcpy (using memcpy instead of direct assignment can
+    // prevent alignment faults on 64-bit Windows).
+
+    ULARGE_INTEGER t;
+    memcpy(&t, &ft, sizeof(t));
+
+    // Windows file times are in 100s of nanoseconds.
+    // To convert to seconds, we have to divide by 10,000,000, which is more quickly
+    // done by multiplying by 0.0000001.
+
+    // Between January 1, 1601 and January 1, 1970, there were 369 complete years,
+    // of which 89 were leap years (1700, 1800, and 1900 were not leap years).
+    // That is a total of 134774 days, which is 11644473600 seconds.
+
+    return t.QuadPart * 0.0000001 - 11644473600.0;
+}
+
+double currentTime()
+{
+    static bool init = false;
+    static double lastTime;
+    static DWORD lastTickCount;
+    if (!init) {
+        lastTime = currentSystemTime();
+        lastTickCount = GetTickCount();
+        init = true;
+        return lastTime;
+    }
+
+    DWORD tickCountNow = GetTickCount();
+    DWORD elapsed = tickCountNow - lastTickCount;
+    double timeNow = lastTime + (double)elapsed / 1000.;
+    if (elapsed >= 0x7FFFFFFF) {
+        lastTime = timeNow;
+        lastTickCount = tickCountNow;
+    }
+    return timeNow;
+}
+
+#endif // USE(QUERY_PERFORMANCE_COUNTER)
+
+#elif PLATFORM(CF)
+
+double currentTime()
+{
+    return CFAbsoluteTimeGetCurrent() + kCFAbsoluteTimeIntervalSince1970;
+}
+
+#elif PLATFORM(GTK)
+
+// Note: GTK on Windows will pick up the PLATFORM(WIN) implementation above which provides
+// better accuracy compared with Windows implementation of g_get_current_time:
+// (http://www.google.com/codesearch/p?hl=en#HHnNRjks1t0/glib-2.5.2/glib/gmain.c&q=g_get_current_time).
+// Non-Windows GTK builds could use gettimeofday() directly but for the sake of consistency lets use GTK function.
+double currentTime()
+{
+    GTimeVal now;
+    g_get_current_time(&now);
+    return static_cast<double>(now.tv_sec) + static_cast<double>(now.tv_usec / 1000000.0);
+}
+
+#elif PLATFORM(WX)
+
+double currentTime()
+{
+    wxDateTime now = wxDateTime::UNow();
+    return (double)now.GetTicks() + (double)(now.GetMillisecond() / 1000.0);
+}
+
+#else // Other Posix systems rely on the gettimeofday().
+
+double currentTime()
+{
+    struct timeval now;
+    struct timezone zone;
+
+    gettimeofday(&now, &zone);
+    return static_cast<double>(now.tv_sec) + (double)(now.tv_usec / 1000000.0);
+}
+
+#endif
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.h
new file mode 100644
index 000000000..31f1ec875
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/CurrentTime.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2006 Apple Computer, Inc.  All rights reserved.
+ * Copyright (C) 2008 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CurrentTime_h
+#define CurrentTime_h
+
+namespace WTF {
+
+    // Returns the current system (UTC) time in seconds, starting January 1, 1970.
+    // Precision varies depending on a platform but usually is as good or better 
+    // than a millisecond.
+    double currentTime();
+
+} // namespace WTF
+
+using WTF::currentTime;
+
+#endif // CurrentTime_h
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.cpp
new file mode 100644
index 000000000..038649494
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.cpp
@@ -0,0 +1,922 @@
+/*
+ * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * Alternatively, the contents of this file may be used under the terms
+ * of either the Mozilla Public License Version 1.1, found at
+ * http://www.mozilla.org/MPL/ (the "MPL") or the GNU General Public
+ * License Version 2.0, found at http://www.fsf.org/copyleft/gpl.html
+ * (the "GPL"), in which case the provisions of the MPL or the GPL are
+ * applicable instead of those above.  If you wish to allow use of your
+ * version of this file only under the terms of one of those two
+ * licenses (the MPL or the GPL) and not to allow others to use your
+ * version of this file under the LGPL, indicate your decision by
+ * deletingthe provisions above and replace them with the notice and
+ * other provisions required by the MPL or the GPL, as the case may be.
+ * If you do not delete the provisions above, a recipient may use your
+ * version of this file under any of the LGPL, the MPL or the GPL.
+ */
+
+#include "config.h"
+#include "DateMath.h"
+
+#include "Assertions.h"
+#include "ASCIICType.h"
+#include "CurrentTime.h"
+#include "MathExtras.h"
+#include "StringExtras.h"
+
+#include <algorithm>
+#include <limits.h>
+#include <limits>
+#include <stdint.h>
+#include <time.h>
+
+
+#if HAVE(ERRNO_H)
+#include <errno.h>
+#endif
+
+#if PLATFORM(DARWIN)
+#include <notify.h>
+#endif
+
+#if PLATFORM(WINCE)
+extern "C" size_t strftime(char * const s, const size_t maxsize, const char * const format, const struct tm * const t);
+extern "C" struct tm * localtime(const time_t *timer);
+#endif
+
+#if HAVE(SYS_TIME_H)
+#include <sys/time.h>
+#endif
+
+#if HAVE(SYS_TIMEB_H)
+#include <sys/timeb.h>
+#endif
+
+#define NaN std::numeric_limits<double>::quiet_NaN()
+
+namespace WTF {
+
+/* Constants */
+
+static const double minutesPerDay = 24.0 * 60.0;
+static const double secondsPerDay = 24.0 * 60.0 * 60.0;
+static const double secondsPerYear = 24.0 * 60.0 * 60.0 * 365.0;
+
+static const double usecPerSec = 1000000.0;
+
+static const double maxUnixTime = 2145859200.0; // 12/31/2037
+
+// Day of year for the first day of each month, where index 0 is January, and day 0 is January 1.
+// First for non-leap years, then for leap years.
+static const int firstDayOfMonth[2][12] = {
+    {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334},
+    {0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335}
+};
+
+static inline bool isLeapYear(int year)
+{
+    if (year % 4 != 0)
+        return false;
+    if (year % 400 == 0)
+        return true;
+    if (year % 100 == 0)
+        return false;
+    return true;
+}
+
+static inline int daysInYear(int year)
+{
+    return 365 + isLeapYear(year);
+}
+
+static inline double daysFrom1970ToYear(int year)
+{
+    // The Gregorian Calendar rules for leap years:
+    // Every fourth year is a leap year.  2004, 2008, and 2012 are leap years.
+    // However, every hundredth year is not a leap year.  1900 and 2100 are not leap years.
+    // Every four hundred years, there's a leap year after all.  2000 and 2400 are leap years.
+
+    static const int leapDaysBefore1971By4Rule = 1970 / 4;
+    static const int excludedLeapDaysBefore1971By100Rule = 1970 / 100;
+    static const int leapDaysBefore1971By400Rule = 1970 / 400;
+
+    const double yearMinusOne = year - 1;
+    const double yearsToAddBy4Rule = floor(yearMinusOne / 4.0) - leapDaysBefore1971By4Rule;
+    const double yearsToExcludeBy100Rule = floor(yearMinusOne / 100.0) - excludedLeapDaysBefore1971By100Rule;
+    const double yearsToAddBy400Rule = floor(yearMinusOne / 400.0) - leapDaysBefore1971By400Rule;
+
+    return 365.0 * (year - 1970) + yearsToAddBy4Rule - yearsToExcludeBy100Rule + yearsToAddBy400Rule;
+}
+
+static inline double msToDays(double ms)
+{
+    return floor(ms / msPerDay);
+}
+
+static inline int msToYear(double ms)
+{
+    int approxYear = static_cast<int>(floor(ms / (msPerDay * 365.2425)) + 1970);
+    double msFromApproxYearTo1970 = msPerDay * daysFrom1970ToYear(approxYear);
+    if (msFromApproxYearTo1970 > ms)
+        return approxYear - 1;
+    if (msFromApproxYearTo1970 + msPerDay * daysInYear(approxYear) <= ms)
+        return approxYear + 1;
+    return approxYear;
+}
+
+static inline int dayInYear(double ms, int year)
+{
+    return static_cast<int>(msToDays(ms) - daysFrom1970ToYear(year));
+}
+
+static inline double msToMilliseconds(double ms)
+{
+    double result = fmod(ms, msPerDay);
+    if (result < 0)
+        result += msPerDay;
+    return result;
+}
+
+// 0: Sunday, 1: Monday, etc.
+static inline int msToWeekDay(double ms)
+{
+    int wd = (static_cast<int>(msToDays(ms)) + 4) % 7;
+    if (wd < 0)
+        wd += 7;
+    return wd;
+}
+
+static inline int msToSeconds(double ms)
+{
+    double result = fmod(floor(ms / msPerSecond), secondsPerMinute);
+    if (result < 0)
+        result += secondsPerMinute;
+    return static_cast<int>(result);
+}
+
+static inline int msToMinutes(double ms)
+{
+    double result = fmod(floor(ms / msPerMinute), minutesPerHour);
+    if (result < 0)
+        result += minutesPerHour;
+    return static_cast<int>(result);
+}
+
+static inline int msToHours(double ms)
+{
+    double result = fmod(floor(ms/msPerHour), hoursPerDay);
+    if (result < 0)
+        result += hoursPerDay;
+    return static_cast<int>(result);
+}
+
+static inline int monthFromDayInYear(int dayInYear, bool leapYear)
+{
+    const int d = dayInYear;
+    int step;
+
+    if (d < (step = 31))
+        return 0;
+    step += (leapYear ? 29 : 28);
+    if (d < step)
+        return 1;
+    if (d < (step += 31))
+        return 2;
+    if (d < (step += 30))
+        return 3;
+    if (d < (step += 31))
+        return 4;
+    if (d < (step += 30))
+        return 5;
+    if (d < (step += 31))
+        return 6;
+    if (d < (step += 31))
+        return 7;
+    if (d < (step += 30))
+        return 8;
+    if (d < (step += 31))
+        return 9;
+    if (d < (step += 30))
+        return 10;
+    return 11;
+}
+
+static inline bool checkMonth(int dayInYear, int& startDayOfThisMonth, int& startDayOfNextMonth, int daysInThisMonth)
+{
+    startDayOfThisMonth = startDayOfNextMonth;
+    startDayOfNextMonth += daysInThisMonth;
+    return (dayInYear <= startDayOfNextMonth);
+}
+
+static inline int dayInMonthFromDayInYear(int dayInYear, bool leapYear)
+{
+    const int d = dayInYear;
+    int step;
+    int next = 30;
+
+    if (d <= next)
+        return d + 1;
+    const int daysInFeb = (leapYear ? 29 : 28);
+    if (checkMonth(d, step, next, daysInFeb))
+        return d - step;
+    if (checkMonth(d, step, next, 31))
+        return d - step;
+    if (checkMonth(d, step, next, 30))
+        return d - step;
+    if (checkMonth(d, step, next, 31))
+        return d - step;
+    if (checkMonth(d, step, next, 30))
+        return d - step;
+    if (checkMonth(d, step, next, 31))
+        return d - step;
+    if (checkMonth(d, step, next, 31))
+        return d - step;
+    if (checkMonth(d, step, next, 30))
+        return d - step;
+    if (checkMonth(d, step, next, 31))
+        return d - step;
+    if (checkMonth(d, step, next, 30))
+        return d - step;
+    step = next;
+    return d - step;
+}
+
+static inline int monthToDayInYear(int month, bool isLeapYear)
+{
+    return firstDayOfMonth[isLeapYear][month];
+}
+
+static inline double timeToMS(double hour, double min, double sec, double ms)
+{
+    return (((hour * minutesPerHour + min) * secondsPerMinute + sec) * msPerSecond + ms);
+}
+
+static int dateToDayInYear(int year, int month, int day)
+{
+    year += month / 12;
+
+    month %= 12;
+    if (month < 0) {
+        month += 12;
+        --year;
+    }
+
+    int yearday = static_cast<int>(floor(daysFrom1970ToYear(year)));
+    int monthday = monthToDayInYear(month, isLeapYear(year));
+
+    return yearday + monthday + day - 1;
+}
+
+double getCurrentUTCTime()
+{
+    return floor(getCurrentUTCTimeWithMicroseconds());
+}
+
+// Returns current time in milliseconds since 1 Jan 1970.
+double getCurrentUTCTimeWithMicroseconds()
+{
+    return currentTime() * 1000.0; 
+}
+
+void getLocalTime(const time_t* localTime, struct tm* localTM)
+{
+#if COMPILER(MSVC7) || COMPILER(MINGW) || PLATFORM(WINCE)
+    *localTM = *localtime(localTime);
+#elif COMPILER(MSVC)
+    localtime_s(localTM, localTime);
+#else
+    localtime_r(localTime, localTM);
+#endif
+}
+
+// There is a hard limit at 2038 that we currently do not have a workaround
+// for (rdar://problem/5052975).
+static inline int maximumYearForDST()
+{
+    return 2037;
+}
+
+static inline int minimumYearForDST()
+{
+    // Because of the 2038 issue (see maximumYearForDST) if the current year is
+    // greater than the max year minus 27 (2010), we want to use the max year
+    // minus 27 instead, to ensure there is a range of 28 years that all years
+    // can map to.
+    return std::min(msToYear(getCurrentUTCTime()), maximumYearForDST() - 27) ;
+}
+
+/*
+ * Find an equivalent year for the one given, where equivalence is deterined by
+ * the two years having the same leapness and the first day of the year, falling
+ * on the same day of the week.
+ *
+ * This function returns a year between this current year and 2037, however this
+ * function will potentially return incorrect results if the current year is after
+ * 2010, (rdar://problem/5052975), if the year passed in is before 1900 or after
+ * 2100, (rdar://problem/5055038).
+ */
+int equivalentYearForDST(int year)
+{
+    // It is ok if the cached year is not the current year as long as the rules
+    // for DST did not change between the two years; if they did the app would need
+    // to be restarted.
+    static int minYear = minimumYearForDST();
+    int maxYear = maximumYearForDST();
+
+    int difference;
+    if (year > maxYear)
+        difference = minYear - year;
+    else if (year < minYear)
+        difference = maxYear - year;
+    else
+        return year;
+
+    int quotient = difference / 28;
+    int product = (quotient) * 28;
+
+    year += product;
+    ASSERT((year >= minYear && year <= maxYear) || (product - year == static_cast<int>(NaN)));
+    return year;
+}
+
+static int32_t calculateUTCOffset()
+{
+    time_t localTime = time(0);
+    tm localt;
+    getLocalTime(&localTime, &localt);
+
+    // Get the difference between this time zone and UTC on the 1st of January of this year.
+    localt.tm_sec = 0;
+    localt.tm_min = 0;
+    localt.tm_hour = 0;
+    localt.tm_mday = 1;
+    localt.tm_mon = 0;
+    // Not setting localt.tm_year!
+    localt.tm_wday = 0;
+    localt.tm_yday = 0;
+    localt.tm_isdst = 0;
+#if HAVE(TM_GMTOFF)
+    localt.tm_gmtoff = 0;
+#endif
+#if HAVE(TM_ZONE)
+    localt.tm_zone = 0;
+#endif
+    
+#if HAVE(TIMEGM)
+    time_t utcOffset = timegm(&localt) - mktime(&localt);
+#else
+    // Using a canned date of 01/01/2009 on platforms with weaker date-handling foo.
+    localt.tm_year = 109;
+    time_t utcOffset = 1230768000 - mktime(&localt);
+#endif
+
+    return static_cast<int32_t>(utcOffset * 1000);
+}
+
+#if PLATFORM(DARWIN)
+static int32_t s_cachedUTCOffset; // In milliseconds. An assumption here is that access to an int32_t variable is atomic on platforms that take this code path.
+static bool s_haveCachedUTCOffset;
+static int s_notificationToken;
+#endif
+
+/*
+ * Get the difference in milliseconds between this time zone and UTC (GMT)
+ * NOT including DST.
+ */
+double getUTCOffset()
+{
+#if PLATFORM(DARWIN)
+    if (s_haveCachedUTCOffset) {
+        int notified;
+        uint32_t status = notify_check(s_notificationToken, &notified);
+        if (status == NOTIFY_STATUS_OK && !notified)
+            return s_cachedUTCOffset;
+    }
+#endif
+
+    int32_t utcOffset = calculateUTCOffset();
+
+#if PLATFORM(DARWIN)
+    // Theoretically, it is possible that several threads will be executing this code at once, in which case we will have a race condition,
+    // and a newer value may be overwritten. In practice, time zones don't change that often.
+    s_cachedUTCOffset = utcOffset;
+#endif
+
+    return utcOffset;
+}
+
+/*
+ * Get the DST offset for the time passed in.  Takes
+ * seconds (not milliseconds) and cannot handle dates before 1970
+ * on some OS'
+ */
+static double getDSTOffsetSimple(double localTimeSeconds, double utcOffset)
+{
+    if (localTimeSeconds > maxUnixTime)
+        localTimeSeconds = maxUnixTime;
+    else if (localTimeSeconds < 0) // Go ahead a day to make localtime work (does not work with 0)
+        localTimeSeconds += secondsPerDay;
+
+    //input is UTC so we have to shift back to local time to determine DST thus the + getUTCOffset()
+    double offsetTime = (localTimeSeconds * msPerSecond) + utcOffset;
+
+    // Offset from UTC but doesn't include DST obviously
+    int offsetHour =  msToHours(offsetTime);
+    int offsetMinute =  msToMinutes(offsetTime);
+
+    // FIXME: time_t has a potential problem in 2038
+    time_t localTime = static_cast<time_t>(localTimeSeconds);
+
+    tm localTM;
+    getLocalTime(&localTime, &localTM);
+
+    double diff = ((localTM.tm_hour - offsetHour) * secondsPerHour) + ((localTM.tm_min - offsetMinute) * 60);
+
+    if (diff < 0)
+        diff += secondsPerDay;
+
+    return (diff * msPerSecond);
+}
+
+// Get the DST offset, given a time in UTC
+static double getDSTOffset(double ms, double utcOffset)
+{
+    // On Mac OS X, the call to localtime (see getDSTOffsetSimple) will return historically accurate
+    // DST information (e.g. New Zealand did not have DST from 1946 to 1974) however the JavaScript
+    // standard explicitly dictates that historical information should not be considered when
+    // determining DST. For this reason we shift away from years that localtime can handle but would
+    // return historically accurate information.
+    int year = msToYear(ms);
+    int equivalentYear = equivalentYearForDST(year);
+    if (year != equivalentYear) {
+        bool leapYear = isLeapYear(year);
+        int dayInYearLocal = dayInYear(ms, year);
+        int dayInMonth = dayInMonthFromDayInYear(dayInYearLocal, leapYear);
+        int month = monthFromDayInYear(dayInYearLocal, leapYear);
+        int day = dateToDayInYear(equivalentYear, month, dayInMonth);
+        ms = (day * msPerDay) + msToMilliseconds(ms);
+    }
+
+    return getDSTOffsetSimple(ms / msPerSecond, utcOffset);
+}
+
+double gregorianDateTimeToMS(const GregorianDateTime& t, double milliSeconds, bool inputIsUTC)
+{
+    int day = dateToDayInYear(t.year + 1900, t.month, t.monthDay);
+    double ms = timeToMS(t.hour, t.minute, t.second, milliSeconds);
+    double result = (day * msPerDay) + ms;
+
+    if (!inputIsUTC) { // convert to UTC
+        double utcOffset = getUTCOffset();
+        result -= utcOffset;
+        result -= getDSTOffset(result, utcOffset);
+    }
+
+    return result;
+}
+
+void msToGregorianDateTime(double ms, bool outputIsUTC, GregorianDateTime& tm)
+{
+    // input is UTC
+    double dstOff = 0.0;
+    const double utcOff = getUTCOffset();
+
+    if (!outputIsUTC) {  // convert to local time
+        dstOff = getDSTOffset(ms, utcOff);
+        ms += dstOff + utcOff;
+    }
+
+    const int year = msToYear(ms);
+    tm.second   =  msToSeconds(ms);
+    tm.minute   =  msToMinutes(ms);
+    tm.hour     =  msToHours(ms);
+    tm.weekDay  =  msToWeekDay(ms);
+    tm.yearDay  =  dayInYear(ms, year);
+    tm.monthDay =  dayInMonthFromDayInYear(tm.yearDay, isLeapYear(year));
+    tm.month    =  monthFromDayInYear(tm.yearDay, isLeapYear(year));
+    tm.year     =  year - 1900;
+    tm.isDST    =  dstOff != 0.0;
+
+    tm.utcOffset = outputIsUTC ? 0 : static_cast<long>((dstOff + utcOff) / msPerSecond);
+    tm.timeZone = NULL;
+}
+
+void initializeDates()
+{
+#ifndef NDEBUG
+    static bool alreadyInitialized;
+    ASSERT(!alreadyInitialized++);
+#endif
+
+    equivalentYearForDST(2000); // Need to call once to initialize a static used in this function.
+#if PLATFORM(DARWIN)
+    // Register for a notification whenever the time zone changes.
+    uint32_t status = notify_register_check("com.apple.system.timezone", &s_notificationToken);
+    if (status == NOTIFY_STATUS_OK) {
+        s_cachedUTCOffset = calculateUTCOffset();
+        s_haveCachedUTCOffset = true;
+    }
+#endif
+}
+
+static inline double ymdhmsToSeconds(long year, int mon, int day, int hour, int minute, int second)
+{
+    double days = (day - 32075)
+        + floor(1461 * (year + 4800.0 + (mon - 14) / 12) / 4)
+        + 367 * (mon - 2 - (mon - 14) / 12 * 12) / 12
+        - floor(3 * ((year + 4900.0 + (mon - 14) / 12) / 100) / 4)
+        - 2440588;
+    return ((days * hoursPerDay + hour) * minutesPerHour + minute) * secondsPerMinute + second;
+}
+
+// We follow the recommendation of RFC 2822 to consider all
+// obsolete time zones not listed here equivalent to "-0000".
+static const struct KnownZone {
+#if !PLATFORM(WIN_OS)
+    const
+#endif
+        char tzName[4];
+    int tzOffset;
+} known_zones[] = {
+    { "UT", 0 },
+    { "GMT", 0 },
+    { "EST", -300 },
+    { "EDT", -240 },
+    { "CST", -360 },
+    { "CDT", -300 },
+    { "MST", -420 },
+    { "MDT", -360 },
+    { "PST", -480 },
+    { "PDT", -420 }
+};
+
+inline static void skipSpacesAndComments(const char*& s)
+{
+    int nesting = 0;
+    char ch;
+    while ((ch = *s)) {
+        if (!isASCIISpace(ch)) {
+            if (ch == '(')
+                nesting++;
+            else if (ch == ')' && nesting > 0)
+                nesting--;
+            else if (nesting == 0)
+                break;
+        }
+        s++;
+    }
+}
+
+// returns 0-11 (Jan-Dec); -1 on failure
+static int findMonth(const char* monthStr)
+{
+    ASSERT(monthStr);
+    char needle[4];
+    for (int i = 0; i < 3; ++i) {
+        if (!*monthStr)
+            return -1;
+        needle[i] = static_cast<char>(toASCIILower(*monthStr++));
+    }
+    needle[3] = '\0';
+    const char *haystack = "janfebmaraprmayjunjulaugsepoctnovdec";
+    const char *str = strstr(haystack, needle);
+    if (str) {
+        int position = static_cast<int>(str - haystack);
+        if (position % 3 == 0)
+            return position / 3;
+    }
+    return -1;
+}
+
+static bool parseLong(const char* string, char** stopPosition, int base, long* result)
+{
+    *result = strtol(string, stopPosition, base);
+    // Avoid the use of errno as it is not available on Windows CE
+    if (string == *stopPosition || *result == LONG_MIN || *result == LONG_MAX)
+        return false;
+    return true;
+}
+
+double parseDateFromNullTerminatedCharacters(const char* dateString)
+{
+    // This parses a date in the form:
+    //     Tuesday, 09-Nov-99 23:12:40 GMT
+    // or
+    //     Sat, 01-Jan-2000 08:00:00 GMT
+    // or
+    //     Sat, 01 Jan 2000 08:00:00 GMT
+    // or
+    //     01 Jan 99 22:00 +0100    (exceptions in rfc822/rfc2822)
+    // ### non RFC formats, added for Javascript:
+    //     [Wednesday] January 09 1999 23:12:40 GMT
+    //     [Wednesday] January 09 23:12:40 GMT 1999
+    //
+    // We ignore the weekday.
+     
+    // Skip leading space
+    skipSpacesAndComments(dateString);
+
+    long month = -1;
+    const char *wordStart = dateString;
+    // Check contents of first words if not number
+    while (*dateString && !isASCIIDigit(*dateString)) {
+        if (isASCIISpace(*dateString) || *dateString == '(') {
+            if (dateString - wordStart >= 3)
+                month = findMonth(wordStart);
+            skipSpacesAndComments(dateString);
+            wordStart = dateString;
+        } else
+           dateString++;
+    }
+
+    // Missing delimiter between month and day (like "January29")?
+    if (month == -1 && wordStart != dateString)
+        month = findMonth(wordStart);
+
+    skipSpacesAndComments(dateString);
+
+    if (!*dateString)
+        return NaN;
+
+    // ' 09-Nov-99 23:12:40 GMT'
+    char* newPosStr;
+    long day;
+    if (!parseLong(dateString, &newPosStr, 10, &day))
+        return NaN;
+    dateString = newPosStr;
+
+    if (!*dateString)
+        return NaN;
+
+    if (day < 0)
+        return NaN;
+
+    long year = 0;
+    if (day > 31) {
+        // ### where is the boundary and what happens below?
+        if (*dateString != '/')
+            return NaN;
+        // looks like a YYYY/MM/DD date
+        if (!*++dateString)
+            return NaN;
+        year = day;
+        if (!parseLong(dateString, &newPosStr, 10, &month))
+            return NaN;
+        month -= 1;
+        dateString = newPosStr;
+        if (*dateString++ != '/' || !*dateString)
+            return NaN;
+        if (!parseLong(dateString, &newPosStr, 10, &day))
+            return NaN;
+        dateString = newPosStr;
+    } else if (*dateString == '/' && month == -1) {
+        dateString++;
+        // This looks like a MM/DD/YYYY date, not an RFC date.
+        month = day - 1; // 0-based
+        if (!parseLong(dateString, &newPosStr, 10, &day))
+            return NaN;
+        if (day < 1 || day > 31)
+            return NaN;
+        dateString = newPosStr;
+        if (*dateString == '/')
+            dateString++;
+        if (!*dateString)
+            return NaN;
+     } else {
+        if (*dateString == '-')
+            dateString++;
+
+        skipSpacesAndComments(dateString);
+
+        if (*dateString == ',')
+            dateString++;
+
+        if (month == -1) { // not found yet
+            month = findMonth(dateString);
+            if (month == -1)
+                return NaN;
+
+            while (*dateString && *dateString != '-' && *dateString != ',' && !isASCIISpace(*dateString))
+                dateString++;
+
+            if (!*dateString)
+                return NaN;
+
+            // '-99 23:12:40 GMT'
+            if (*dateString != '-' && *dateString != '/' && *dateString != ',' && !isASCIISpace(*dateString))
+                return NaN;
+            dateString++;
+        }
+    }
+
+    if (month < 0 || month > 11)
+        return NaN;
+
+    // '99 23:12:40 GMT'
+    if (year <= 0 && *dateString) {
+        if (!parseLong(dateString, &newPosStr, 10, &year))
+            return NaN;
+    }
+
+    // Don't fail if the time is missing.
+    long hour = 0;
+    long minute = 0;
+    long second = 0;
+    if (!*newPosStr)
+        dateString = newPosStr;
+    else {
+        // ' 23:12:40 GMT'
+        if (!(isASCIISpace(*newPosStr) || *newPosStr == ',')) {
+            if (*newPosStr != ':')
+                return NaN;
+            // There was no year; the number was the hour.
+            year = -1;
+        } else {
+            // in the normal case (we parsed the year), advance to the next number
+            dateString = ++newPosStr;
+            skipSpacesAndComments(dateString);
+        }
+
+        parseLong(dateString, &newPosStr, 10, &hour);
+        // Do not check for errno here since we want to continue
+        // even if errno was set becasue we are still looking
+        // for the timezone!
+
+        // Read a number? If not, this might be a timezone name.
+        if (newPosStr != dateString) {
+            dateString = newPosStr;
+
+            if (hour < 0 || hour > 23)
+                return NaN;
+
+            if (!*dateString)
+                return NaN;
+
+            // ':12:40 GMT'
+            if (*dateString++ != ':')
+                return NaN;
+
+            if (!parseLong(dateString, &newPosStr, 10, &minute))
+                return NaN;
+            dateString = newPosStr;
+
+            if (minute < 0 || minute > 59)
+                return NaN;
+
+            // ':40 GMT'
+            if (*dateString && *dateString != ':' && !isASCIISpace(*dateString))
+                return NaN;
+
+            // seconds are optional in rfc822 + rfc2822
+            if (*dateString ==':') {
+                dateString++;
+
+                if (!parseLong(dateString, &newPosStr, 10, &second))
+                    return NaN;
+                dateString = newPosStr;
+
+                if (second < 0 || second > 59)
+                    return NaN;
+            }
+
+            skipSpacesAndComments(dateString);
+
+            if (strncasecmp(dateString, "AM", 2) == 0) {
+                if (hour > 12)
+                    return NaN;
+                if (hour == 12)
+                    hour = 0;
+                dateString += 2;
+                skipSpacesAndComments(dateString);
+            } else if (strncasecmp(dateString, "PM", 2) == 0) {
+                if (hour > 12)
+                    return NaN;
+                if (hour != 12)
+                    hour += 12;
+                dateString += 2;
+                skipSpacesAndComments(dateString);
+            }
+        }
+    }
+
+    bool haveTZ = false;
+    int offset = 0;
+
+    // Don't fail if the time zone is missing. 
+    // Some websites omit the time zone (4275206).
+    if (*dateString) {
+        if (strncasecmp(dateString, "GMT", 3) == 0 || strncasecmp(dateString, "UTC", 3) == 0) {
+            dateString += 3;
+            haveTZ = true;
+        }
+
+        if (*dateString == '+' || *dateString == '-') {
+            long o;
+            if (!parseLong(dateString, &newPosStr, 10, &o))
+                return NaN;
+            dateString = newPosStr;
+
+            if (o < -9959 || o > 9959)
+                return NaN;
+
+            int sgn = (o < 0) ? -1 : 1;
+            o = labs(o);
+            if (*dateString != ':') {
+                offset = ((o / 100) * 60 + (o % 100)) * sgn;
+            } else { // GMT+05:00
+                long o2;
+                if (!parseLong(dateString, &newPosStr, 10, &o2))
+                    return NaN;
+                dateString = newPosStr;
+                offset = (o * 60 + o2) * sgn;
+            }
+            haveTZ = true;
+        } else {
+            for (int i = 0; i < int(sizeof(known_zones) / sizeof(KnownZone)); i++) {
+                if (0 == strncasecmp(dateString, known_zones[i].tzName, strlen(known_zones[i].tzName))) {
+                    offset = known_zones[i].tzOffset;
+                    dateString += strlen(known_zones[i].tzName);
+                    haveTZ = true;
+                    break;
+                }
+            }
+        }
+    }
+
+    skipSpacesAndComments(dateString);
+
+    if (*dateString && year == -1) {
+        if (!parseLong(dateString, &newPosStr, 10, &year))
+            return NaN;
+        dateString = newPosStr;
+    }
+
+    skipSpacesAndComments(dateString);
+
+    // Trailing garbage
+    if (*dateString)
+        return NaN;
+
+    // Y2K: Handle 2 digit years.
+    if (year >= 0 && year < 100) {
+        if (year < 50)
+            year += 2000;
+        else
+            year += 1900;
+    }
+
+    // fall back to local timezone
+    if (!haveTZ) {
+        GregorianDateTime t;
+        t.monthDay = day;
+        t.month = month;
+        t.year = year - 1900;
+        t.isDST = -1;
+        t.second = second;
+        t.minute = minute;
+        t.hour = hour;
+
+        // Use our gregorianDateTimeToMS() rather than mktime() as the latter can't handle the full year range.
+        return gregorianDateTimeToMS(t, 0, false);
+    }
+
+    return (ymdhmsToSeconds(year, month + 1, day, hour, minute, second) - (offset * 60.0)) * msPerSecond;
+}
+
+double timeClip(double t)
+{
+    if (!isfinite(t))
+        return NaN;
+    if (fabs(t) > 8.64E15)
+        return NaN;
+    return trunc(t);
+}
+
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.h
new file mode 100644
index 000000000..6110f766a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DateMath.h
@@ -0,0 +1,192 @@
+/*
+ * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
+ * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla Communicator client code, released
+ * March 31, 1998.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either of the GNU General Public License Version 2 or later (the "GPL"),
+ * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ */
+
+#ifndef DateMath_h
+#define DateMath_h
+
+#include <time.h>
+#include <string.h>
+#include <wtf/Noncopyable.h>
+
+namespace WTF {
+
+struct GregorianDateTime;
+
+void initializeDates();
+void msToGregorianDateTime(double, bool outputIsUTC, GregorianDateTime&);
+double gregorianDateTimeToMS(const GregorianDateTime&, double, bool inputIsUTC);
+double getUTCOffset();
+int equivalentYearForDST(int year);
+double getCurrentUTCTime();
+double getCurrentUTCTimeWithMicroseconds();
+void getLocalTime(const time_t*, tm*);
+
+// Not really math related, but this is currently the only shared place to put these.  
+double parseDateFromNullTerminatedCharacters(const char*);
+double timeClip(double);
+
+const char * const weekdayName[7] = { "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" };
+const char * const monthName[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+
+const double hoursPerDay = 24.0;
+const double minutesPerHour = 60.0;
+const double secondsPerHour = 60.0 * 60.0;
+const double secondsPerMinute = 60.0;
+const double msPerSecond = 1000.0;
+const double msPerMinute = 60.0 * 1000.0;
+const double msPerHour = 60.0 * 60.0 * 1000.0;
+const double msPerDay = 24.0 * 60.0 * 60.0 * 1000.0;
+
+// Intentionally overridding the default tm of the system
+// Tee members of tm differ on various operating systems.
+struct GregorianDateTime : Noncopyable {
+    GregorianDateTime()
+        : second(0)
+        , minute(0)
+        , hour(0)
+        , weekDay(0)
+        , monthDay(0)
+        , yearDay(0)
+        , month(0)
+        , year(0)
+        , isDST(0)
+        , utcOffset(0)
+        , timeZone(0)
+    {
+    }
+
+    ~GregorianDateTime()
+    {
+        delete [] timeZone;
+    }
+
+    GregorianDateTime(const tm& inTm)
+        : second(inTm.tm_sec)
+        , minute(inTm.tm_min)
+        , hour(inTm.tm_hour)
+        , weekDay(inTm.tm_wday)
+        , monthDay(inTm.tm_mday)
+        , yearDay(inTm.tm_yday)
+        , month(inTm.tm_mon)
+        , year(inTm.tm_year)
+        , isDST(inTm.tm_isdst)
+    {
+#if HAVE(TM_GMTOFF)
+        utcOffset = static_cast<int>(inTm.tm_gmtoff);
+#else
+        utcOffset = static_cast<int>(getUTCOffset() / msPerSecond + (isDST ? secondsPerHour : 0));
+#endif
+
+#if HAVE(TM_ZONE)
+        int inZoneSize = strlen(inTm.tm_zone) + 1;
+        timeZone = new char[inZoneSize];
+        strncpy(timeZone, inTm.tm_zone, inZoneSize);
+#else
+        timeZone = 0;
+#endif
+    }
+
+    operator tm() const
+    {
+        tm ret;
+        memset(&ret, 0, sizeof(ret));
+
+        ret.tm_sec   =  second;
+        ret.tm_min   =  minute;
+        ret.tm_hour  =  hour;
+        ret.tm_wday  =  weekDay;
+        ret.tm_mday  =  monthDay;
+        ret.tm_yday  =  yearDay;
+        ret.tm_mon   =  month;
+        ret.tm_year  =  year;
+        ret.tm_isdst =  isDST;
+
+#if HAVE(TM_GMTOFF)
+        ret.tm_gmtoff = static_cast<long>(utcOffset);
+#endif
+#if HAVE(TM_ZONE)
+        ret.tm_zone = timeZone;
+#endif
+
+        return ret;
+    }
+
+    void copyFrom(const GregorianDateTime& rhs)
+    {
+        second = rhs.second;
+        minute = rhs.minute;
+        hour = rhs.hour;
+        weekDay = rhs.weekDay;
+        monthDay = rhs.monthDay;
+        yearDay = rhs.yearDay;
+        month = rhs.month;
+        year = rhs.year;
+        isDST = rhs.isDST;
+        utcOffset = rhs.utcOffset;
+        if (rhs.timeZone) {
+            int inZoneSize = strlen(rhs.timeZone) + 1;
+            timeZone = new char[inZoneSize];
+            strncpy(timeZone, rhs.timeZone, inZoneSize);
+        } else
+            timeZone = 0;
+    }
+
+    int second;
+    int minute;
+    int hour;
+    int weekDay;
+    int monthDay;
+    int yearDay;
+    int month;
+    int year;
+    int isDST;
+    int utcOffset;
+    char* timeZone;
+};
+
+static inline int gmtoffset(const GregorianDateTime& t)
+{
+    return t.utcOffset;
+}
+
+} // namespace WTF
+
+#endif // DateMath_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Deque.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Deque.h
new file mode 100644
index 000000000..3c3d378fc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Deque.h
@@ -0,0 +1,669 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_Deque_h
+#define WTF_Deque_h
+
+// FIXME: Could move what Vector and Deque share into a separate file.
+// Deque doesn't actually use Vector.
+
+#include "Vector.h"
+
+namespace WTF {
+
+    template<typename T> class DequeIteratorBase;
+    template<typename T> class DequeIterator;
+    template<typename T> class DequeConstIterator;
+    template<typename T> class DequeReverseIterator;
+    template<typename T> class DequeConstReverseIterator;
+
+    template<typename T>
+    class Deque : public FastAllocBase {
+    public:
+        typedef DequeIterator<T> iterator;
+        typedef DequeConstIterator<T> const_iterator;
+        typedef DequeReverseIterator<T> reverse_iterator;
+        typedef DequeConstReverseIterator<T> const_reverse_iterator;
+
+        Deque();
+        Deque(const Deque<T>&);
+        Deque& operator=(const Deque<T>&);
+        ~Deque();
+
+        void swap(Deque<T>&);
+
+        size_t size() const { return m_start <= m_end ? m_end - m_start : m_end + m_buffer.capacity() - m_start; }
+        bool isEmpty() const { return m_start == m_end; }
+
+        iterator begin() { return iterator(this, m_start); }
+        iterator end() { return iterator(this, m_end); }
+        const_iterator begin() const { return const_iterator(this, m_start); }
+        const_iterator end() const { return const_iterator(this, m_end); }
+        reverse_iterator rbegin() { return reverse_iterator(this, m_end); }
+        reverse_iterator rend() { return reverse_iterator(this, m_start); }
+        const_reverse_iterator rbegin() const { return const_reverse_iterator(this, m_end); }
+        const_reverse_iterator rend() const { return const_reverse_iterator(this, m_start); }
+
+        T& first() { ASSERT(m_start != m_end); return m_buffer.buffer()[m_start]; }
+        const T& first() const { ASSERT(m_start != m_end); return m_buffer.buffer()[m_start]; }
+
+        template<typename U> void append(const U&);
+        template<typename U> void prepend(const U&);
+        void removeFirst();
+        void remove(iterator&);
+        void remove(const_iterator&);
+
+        void clear();
+
+        template<typename Predicate>
+        iterator findIf(Predicate&);
+
+    private:
+        friend class DequeIteratorBase<T>;
+
+        typedef VectorBuffer<T, 0> Buffer;
+        typedef VectorTypeOperations<T> TypeOperations;
+        typedef DequeIteratorBase<T> IteratorBase;
+
+        void remove(size_t position);
+        void invalidateIterators();
+        void destroyAll();
+        void checkValidity() const;
+        void checkIndexValidity(size_t) const;
+        void expandCapacityIfNeeded();
+        void expandCapacity();
+
+        size_t m_start;
+        size_t m_end;
+        Buffer m_buffer;
+#ifndef NDEBUG
+        mutable IteratorBase* m_iterators;
+#endif
+    };
+
+    template<typename T>
+    class DequeIteratorBase {
+    private:
+        typedef DequeIteratorBase<T> Base;
+
+    protected:
+        DequeIteratorBase();
+        DequeIteratorBase(const Deque<T>*, size_t);
+        DequeIteratorBase(const Base&);
+        Base& operator=(const Base&);
+        ~DequeIteratorBase();
+
+        void assign(const Base& other) { *this = other; }
+
+        void increment();
+        void decrement();
+
+        T* before() const;
+        T* after() const;
+
+        bool isEqual(const Base&) const;
+
+    private:
+        void addToIteratorsList();
+        void removeFromIteratorsList();
+        void checkValidity() const;
+        void checkValidity(const Base&) const;
+
+        Deque<T>* m_deque;
+        size_t m_index;
+
+        friend class Deque<T>;
+
+#ifndef NDEBUG
+        mutable DequeIteratorBase* m_next;
+        mutable DequeIteratorBase* m_previous;
+#endif
+    };
+
+    template<typename T>
+    class DequeIterator : public DequeIteratorBase<T> {
+    private:
+        typedef DequeIteratorBase<T> Base;
+        typedef DequeIterator<T> Iterator;
+
+    public:
+        DequeIterator(Deque<T>* deque, size_t index) : Base(deque, index) { }
+
+        DequeIterator(const Iterator& other) : Base(other) { }
+        DequeIterator& operator=(const Iterator& other) { Base::assign(other); return *this; }
+
+        T& operator*() const { return *Base::after(); }
+        T* operator->() const { return Base::after(); }
+
+        bool operator==(const Iterator& other) const { return Base::isEqual(other); }
+        bool operator!=(const Iterator& other) const { return !Base::isEqual(other); }
+
+        Iterator& operator++() { Base::increment(); return *this; }
+        // postfix ++ intentionally omitted
+        Iterator& operator--() { Base::decrement(); return *this; }
+        // postfix -- intentionally omitted
+    };
+
+    template<typename T>
+    class DequeConstIterator : public DequeIteratorBase<T> {
+    private:
+        typedef DequeIteratorBase<T> Base;
+        typedef DequeConstIterator<T> Iterator;
+        typedef DequeIterator<T> NonConstIterator;
+
+    public:
+        DequeConstIterator(const Deque<T>* deque, size_t index) : Base(deque, index) { }
+
+        DequeConstIterator(const Iterator& other) : Base(other) { }
+        DequeConstIterator(const NonConstIterator& other) : Base(other) { }
+        DequeConstIterator& operator=(const Iterator& other) { Base::assign(other); return *this; }
+        DequeConstIterator& operator=(const NonConstIterator& other) { Base::assign(other); return *this; }
+
+        const T& operator*() const { return *Base::after(); }
+        const T* operator->() const { return Base::after(); }
+
+        bool operator==(const Iterator& other) const { return Base::isEqual(other); }
+        bool operator!=(const Iterator& other) const { return !Base::isEqual(other); }
+
+        Iterator& operator++() { Base::increment(); return *this; }
+        // postfix ++ intentionally omitted
+        Iterator& operator--() { Base::decrement(); return *this; }
+        // postfix -- intentionally omitted
+    };
+
+    template<typename T>
+    class DequeReverseIterator : public DequeIteratorBase<T> {
+    private:
+        typedef DequeIteratorBase<T> Base;
+        typedef DequeReverseIterator<T> Iterator;
+
+    public:
+        DequeReverseIterator(const Deque<T>* deque, size_t index) : Base(deque, index) { }
+
+        DequeReverseIterator(const Iterator& other) : Base(other) { }
+        DequeReverseIterator& operator=(const Iterator& other) { Base::assign(other); return *this; }
+
+        T& operator*() const { return *Base::before(); }
+        T* operator->() const { return Base::before(); }
+
+        bool operator==(const Iterator& other) const { return Base::isEqual(other); }
+        bool operator!=(const Iterator& other) const { return !Base::isEqual(other); }
+
+        Iterator& operator++() { Base::decrement(); return *this; }
+        // postfix ++ intentionally omitted
+        Iterator& operator--() { Base::increment(); return *this; }
+        // postfix -- intentionally omitted
+    };
+
+    template<typename T>
+    class DequeConstReverseIterator : public DequeIteratorBase<T> {
+    private:
+        typedef DequeIteratorBase<T> Base;
+        typedef DequeConstReverseIterator<T> Iterator;
+        typedef DequeReverseIterator<T> NonConstIterator;
+
+    public:
+        DequeConstReverseIterator(const Deque<T>* deque, size_t index) : Base(deque, index) { }
+
+        DequeConstReverseIterator(const Iterator& other) : Base(other) { }
+        DequeConstReverseIterator(const NonConstIterator& other) : Base(other) { }
+        DequeConstReverseIterator& operator=(const Iterator& other) { Base::assign(other); return *this; }
+        DequeConstReverseIterator& operator=(const NonConstIterator& other) { Base::assign(other); return *this; }
+
+        const T& operator*() const { return *Base::before(); }
+        const T* operator->() const { return Base::before(); }
+
+        bool operator==(const Iterator& other) const { return Base::isEqual(other); }
+        bool operator!=(const Iterator& other) const { return !Base::isEqual(other); }
+
+        Iterator& operator++() { Base::decrement(); return *this; }
+        // postfix ++ intentionally omitted
+        Iterator& operator--() { Base::increment(); return *this; }
+        // postfix -- intentionally omitted
+    };
+
+#ifdef NDEBUG
+    template<typename T> inline void Deque<T>::checkValidity() const { }
+    template<typename T> inline void Deque<T>::checkIndexValidity(size_t) const { }
+    template<typename T> inline void Deque<T>::invalidateIterators() { }
+#else
+    template<typename T>
+    void Deque<T>::checkValidity() const
+    {
+        if (!m_buffer.capacity()) {
+            ASSERT(!m_start);
+            ASSERT(!m_end);
+        } else {
+            ASSERT(m_start < m_buffer.capacity());
+            ASSERT(m_end < m_buffer.capacity());
+        }
+    }
+
+    template<typename T>
+    void Deque<T>::checkIndexValidity(size_t index) const
+    {
+        ASSERT(index <= m_buffer.capacity());
+        if (m_start <= m_end) {
+            ASSERT(index >= m_start);
+            ASSERT(index <= m_end);
+        } else {
+            ASSERT(index >= m_start || index <= m_end);
+        }
+    }
+
+    template<typename T>
+    void Deque<T>::invalidateIterators()
+    {
+        IteratorBase* next;
+        for (IteratorBase* p = m_iterators; p; p = next) {
+            next = p->m_next;
+            p->m_deque = 0;
+            p->m_next = 0;
+            p->m_previous = 0;
+        }
+        m_iterators = 0;
+    }
+#endif
+
+    template<typename T>
+    inline Deque<T>::Deque()
+        : m_start(0)
+        , m_end(0)
+#ifndef NDEBUG
+        , m_iterators(0)
+#endif
+    {
+        checkValidity();
+    }
+
+    template<typename T>
+    inline Deque<T>::Deque(const Deque<T>& other)
+        : m_start(other.m_start)
+        , m_end(other.m_end)
+        , m_buffer(other.m_buffer.capacity())
+#ifndef NDEBUG
+        , m_iterators(0)
+#endif
+    {
+        const T* otherBuffer = other.m_buffer.buffer();
+        if (m_start <= m_end)
+            TypeOperations::uninitializedCopy(otherBuffer + m_start, otherBuffer + m_end, m_buffer.buffer() + m_start);
+        else {
+            TypeOperations::uninitializedCopy(otherBuffer, otherBuffer + m_end, m_buffer.buffer());
+            TypeOperations::uninitializedCopy(otherBuffer + m_start, otherBuffer + m_buffer.capacity(), m_buffer.buffer() + m_start);
+        }
+    }
+
+    template<typename T>
+    void deleteAllValues(const Deque<T>& collection)
+    {
+        typedef typename Deque<T>::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete *it;
+    }
+
+    template<typename T>
+    inline Deque<T>& Deque<T>::operator=(const Deque<T>& other)
+    {
+        Deque<T> copy(other);
+        swap(copy);
+        return *this;
+    }
+
+    template<typename T>
+    inline void Deque<T>::destroyAll()
+    {
+        if (m_start <= m_end)
+            TypeOperations::destruct(m_buffer.buffer() + m_start, m_buffer.buffer() + m_end);
+        else {
+            TypeOperations::destruct(m_buffer.buffer(), m_buffer.buffer() + m_end);
+            TypeOperations::destruct(m_buffer.buffer() + m_start, m_buffer.buffer() + m_buffer.capacity());
+        }
+    }
+
+    template<typename T>
+    inline Deque<T>::~Deque()
+    {
+        checkValidity();
+        invalidateIterators();
+        destroyAll();
+    }
+
+    template<typename T>
+    inline void Deque<T>::swap(Deque<T>& other)
+    {
+        checkValidity();
+        other.checkValidity();
+        invalidateIterators();
+        std::swap(m_start, other.m_start);
+        std::swap(m_end, other.m_end);
+        m_buffer.swap(other.m_buffer);
+        checkValidity();
+        other.checkValidity();
+    }
+
+    template<typename T>
+    inline void Deque<T>::clear()
+    {
+        checkValidity();
+        invalidateIterators();
+        destroyAll();
+        m_start = 0;
+        m_end = 0;
+        checkValidity();
+    }
+
+    template<typename T>
+    template<typename Predicate>
+    inline DequeIterator<T> Deque<T>::findIf(Predicate& predicate)
+    {
+        iterator end_iterator = end();
+        for (iterator it = begin(); it != end_iterator; ++it) {
+            if (predicate(*it))
+                return it;
+        }
+        return end_iterator;
+    }
+
+    template<typename T>
+    inline void Deque<T>::expandCapacityIfNeeded()
+    {
+        if (m_start) {
+            if (m_end + 1 != m_start)
+                return;
+        } else if (m_end) {
+            if (m_end != m_buffer.capacity() - 1)
+                return;
+        } else if (m_buffer.capacity())
+            return;
+
+        expandCapacity();
+    }
+
+    template<typename T>
+    void Deque<T>::expandCapacity()
+    {
+        checkValidity();
+        size_t oldCapacity = m_buffer.capacity();
+        size_t newCapacity = max(static_cast<size_t>(16), oldCapacity + oldCapacity / 4 + 1);
+        T* oldBuffer = m_buffer.buffer();
+        m_buffer.allocateBuffer(newCapacity);
+        if (m_start <= m_end)
+            TypeOperations::move(oldBuffer + m_start, oldBuffer + m_end, m_buffer.buffer() + m_start);
+        else {
+            TypeOperations::move(oldBuffer, oldBuffer + m_end, m_buffer.buffer());
+            size_t newStart = newCapacity - (oldCapacity - m_start);
+            TypeOperations::move(oldBuffer + m_start, oldBuffer + oldCapacity, m_buffer.buffer() + newStart);
+            m_start = newStart;
+        }
+        m_buffer.deallocateBuffer(oldBuffer);
+        checkValidity();
+    }
+
+    template<typename T> template<typename U>
+    inline void Deque<T>::append(const U& value)
+    {
+        checkValidity();
+        expandCapacityIfNeeded();
+        new (&m_buffer.buffer()[m_end]) T(value);
+        if (m_end == m_buffer.capacity() - 1)
+            m_end = 0;
+        else
+            ++m_end;
+        checkValidity();
+    }
+
+    template<typename T> template<typename U>
+    inline void Deque<T>::prepend(const U& value)
+    {
+        checkValidity();
+        expandCapacityIfNeeded();
+        if (!m_start)
+            m_start = m_buffer.capacity() - 1;
+        else
+            --m_start;
+        new (&m_buffer.buffer()[m_start]) T(value);
+        checkValidity();
+    }
+
+    template<typename T>
+    inline void Deque<T>::removeFirst()
+    {
+        checkValidity();
+        invalidateIterators();
+        ASSERT(!isEmpty());
+        TypeOperations::destruct(&m_buffer.buffer()[m_start], &m_buffer.buffer()[m_start + 1]);
+        if (m_start == m_buffer.capacity() - 1)
+            m_start = 0;
+        else
+            ++m_start;
+        checkValidity();
+    }
+
+    template<typename T>
+    inline void Deque<T>::remove(iterator& it)
+    {
+        it.checkValidity();
+        remove(it.m_index);
+    }
+
+    template<typename T>
+    inline void Deque<T>::remove(const_iterator& it)
+    {
+        it.checkValidity();
+        remove(it.m_index);
+    }
+
+    template<typename T>
+    inline void Deque<T>::remove(size_t position)
+    {
+        if (position == m_end)
+            return;
+
+        checkValidity();
+        invalidateIterators();
+
+        T* buffer = m_buffer.buffer();
+        TypeOperations::destruct(&buffer[position], &buffer[position + 1]);
+
+        // Find which segment of the circular buffer contained the remove element, and only move elements in that part.
+        if (position >= m_start) {
+            TypeOperations::moveOverlapping(buffer + m_start, buffer + position, buffer + m_start + 1);
+            m_start = (m_start + 1) % m_buffer.capacity();
+        } else {
+            TypeOperations::moveOverlapping(buffer + position + 1, buffer + m_end, buffer + position);
+            m_end = (m_end - 1 + m_buffer.capacity()) % m_buffer.capacity();
+        }
+        checkValidity();
+    }
+
+#ifdef NDEBUG
+    template<typename T> inline void DequeIteratorBase<T>::checkValidity() const { }
+    template<typename T> inline void DequeIteratorBase<T>::checkValidity(const DequeIteratorBase<T>&) const { }
+    template<typename T> inline void DequeIteratorBase<T>::addToIteratorsList() { }
+    template<typename T> inline void DequeIteratorBase<T>::removeFromIteratorsList() { }
+#else
+    template<typename T>
+    void DequeIteratorBase<T>::checkValidity() const
+    {
+        ASSERT(m_deque);
+        m_deque->checkIndexValidity(m_index);
+    }
+
+    template<typename T>
+    void DequeIteratorBase<T>::checkValidity(const Base& other) const
+    {
+        checkValidity();
+        other.checkValidity();
+        ASSERT(m_deque == other.m_deque);
+    }
+
+    template<typename T>
+    void DequeIteratorBase<T>::addToIteratorsList()
+    {
+        if (!m_deque)
+            m_next = 0;
+        else {
+            m_next = m_deque->m_iterators;
+            m_deque->m_iterators = this;
+            if (m_next)
+                m_next->m_previous = this;
+        }
+        m_previous = 0;
+    }
+
+    template<typename T>
+    void DequeIteratorBase<T>::removeFromIteratorsList()
+    {
+        if (!m_deque) {
+            ASSERT(!m_next);
+            ASSERT(!m_previous);
+        } else {
+            if (m_next) {
+                ASSERT(m_next->m_previous == this);
+                m_next->m_previous = m_previous;
+            }
+            if (m_previous) {
+                ASSERT(m_deque->m_iterators != this);
+                ASSERT(m_previous->m_next == this);
+                m_previous->m_next = m_next;
+            } else {
+                ASSERT(m_deque->m_iterators == this);
+                m_deque->m_iterators = m_next;
+            }
+        }
+        m_next = 0;
+        m_previous = 0;
+    }
+#endif
+
+    template<typename T>
+    inline DequeIteratorBase<T>::DequeIteratorBase()
+        : m_deque(0)
+    {
+    }
+
+    template<typename T>
+    inline DequeIteratorBase<T>::DequeIteratorBase(const Deque<T>* deque, size_t index)
+        : m_deque(const_cast<Deque<T>*>(deque))
+        , m_index(index)
+    {
+        addToIteratorsList();
+        checkValidity();
+    }
+
+    template<typename T>
+    inline DequeIteratorBase<T>::DequeIteratorBase(const Base& other)
+        : m_deque(other.m_deque)
+        , m_index(other.m_index)
+    {
+        addToIteratorsList();
+        checkValidity();
+    }
+
+    template<typename T>
+    inline DequeIteratorBase<T>& DequeIteratorBase<T>::operator=(const Base& other)
+    {
+        checkValidity();
+        other.checkValidity();
+        removeFromIteratorsList();
+
+        m_deque = other.m_deque;
+        m_index = other.m_index;
+        addToIteratorsList();
+        checkValidity();
+        return *this;
+    }
+
+    template<typename T>
+    inline DequeIteratorBase<T>::~DequeIteratorBase()
+    {
+#ifndef NDEBUG
+        removeFromIteratorsList();
+        m_deque = 0;
+#endif
+    }
+
+    template<typename T>
+    inline bool DequeIteratorBase<T>::isEqual(const Base& other) const
+    {
+        checkValidity(other);
+        return m_index == other.m_index;
+    }
+
+    template<typename T>
+    inline void DequeIteratorBase<T>::increment()
+    {
+        checkValidity();
+        ASSERT(m_index != m_deque->m_end);
+        ASSERT(m_deque->m_buffer.capacity());
+        if (m_index == m_deque->m_buffer.capacity() - 1)
+            m_index = 0;
+        else
+            ++m_index;
+        checkValidity();
+    }
+
+    template<typename T>
+    inline void DequeIteratorBase<T>::decrement()
+    {
+        checkValidity();
+        ASSERT(m_index != m_deque->m_start);
+        ASSERT(m_deque->m_buffer.capacity());
+        if (!m_index)
+            m_index = m_deque->m_buffer.capacity() - 1;
+        else
+            --m_index;
+        checkValidity();
+    }
+
+    template<typename T>
+    inline T* DequeIteratorBase<T>::after() const
+    {
+        checkValidity();
+        ASSERT(m_index != m_deque->m_end);
+        return &m_deque->m_buffer.buffer()[m_index];
+    }
+
+    template<typename T>
+    inline T* DequeIteratorBase<T>::before() const
+    {
+        checkValidity();
+        ASSERT(m_index != m_deque->m_start);
+        if (!m_index)
+            return &m_deque->m_buffer.buffer()[m_deque->m_buffer.capacity() - 1];
+        return &m_deque->m_buffer.buffer()[m_index - 1];
+    }
+
+} // namespace WTF
+
+using WTF::Deque;
+
+#endif // WTF_Deque_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DisallowCType.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DisallowCType.h
new file mode 100644
index 000000000..436f7f214
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/DisallowCType.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_DisallowCType_h
+#define WTF_DisallowCType_h
+
+// The behavior of many of the functions in the <ctype.h> header is dependent
+// on the current locale. But almost all uses of these functions are for
+// locale-independent, ASCII-specific purposes. In WebKit code we use our own
+// ASCII-specific functions instead. This header makes sure we get a compile-time
+// error if we use one of the <ctype.h> functions by accident.
+
+#include <ctype.h>
+
+#undef isalnum
+#undef isalpha
+#undef isascii
+#undef isblank
+#undef iscntrl
+#undef isdigit
+#undef isgraph
+#undef islower
+#undef isprint
+#undef ispunct
+#undef isspace
+#undef isupper
+#undef isxdigit
+#undef toascii
+#undef tolower
+#undef toupper
+
+#define isalnum isalnum_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isalpha isalpha_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isascii isascii_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isblank isblank_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define iscntrl iscntrl_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isdigit isdigit_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isgraph isgraph_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define islower islower_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isprint isprint_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define ispunct ispunct_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isspace isspace_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isupper isupper_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define isxdigit isxdigit_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define toascii toascii_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define tolower tolower_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+#define toupper toupper_WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastAllocBase.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastAllocBase.h
new file mode 100644
index 000000000..81b1de070
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastAllocBase.h
@@ -0,0 +1,413 @@
+/*
+ * Copyright (C) 2008, 2009 Paul Pedriana <ppedriana@ea.com>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef FastAllocBase_h
+#define FastAllocBase_h
+
+// Provides customizable overrides of fastMalloc/fastFree and operator new/delete
+//
+// Provided functionality:
+//    namespace WTF {
+//        class FastAllocBase;
+//
+//        T*    fastNew<T>();
+//        T*    fastNew<T>(arg);
+//        T*    fastNew<T>(arg, arg);
+//        T*    fastNewArray<T>(count);
+//        void  fastDelete(T* p);
+//        void  fastDeleteArray(T* p);
+//        void  fastNonNullDelete(T* p);
+//        void  fastNonNullDeleteArray(T* p);
+//    }
+//
+// FastDelete assumes that the underlying
+//
+// Example usage:
+//    class Widget : public FastAllocBase { ... };
+//
+//    char* charPtr = fastNew<char>();
+//    fastDelete(charPtr);
+//
+//    char* charArrayPtr = fastNewArray<char>(37);
+//    fastDeleteArray(charArrayPtr);
+//
+//    void** voidPtrPtr = fastNew<void*>();
+//    fastDelete(voidPtrPtr);
+//
+//    void** voidPtrArrayPtr = fastNewArray<void*>(37);
+//    fastDeleteArray(voidPtrArrayPtr);
+//
+//    POD* podPtr = fastNew<POD>();
+//    fastDelete(podPtr);
+//
+//    POD* podArrayPtr = fastNewArray<POD>(37);
+//    fastDeleteArray(podArrayPtr);
+//
+//    Object* objectPtr = fastNew<Object>();
+//    fastDelete(objectPtr);
+//
+//    Object* objectArrayPtr = fastNewArray<Object>(37);
+//    fastDeleteArray(objectArrayPtr);
+//
+
+#include <new>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "Assertions.h"
+#include "FastMalloc.h"
+#include "TypeTraits.h"
+
+namespace WTF {
+
+    class FastAllocBase {
+    public:
+        // Placement operator new.
+        void* operator new(size_t, void* p) { return p; }
+        void* operator new[](size_t, void* p) { return p; }
+
+        void* operator new(size_t size)
+        {
+            void* p = fastMalloc(size);
+            fastMallocMatchValidateMalloc(p, Internal::AllocTypeClassNew);
+            return p;
+        }
+
+        void operator delete(void* p)
+        {
+            fastMallocMatchValidateFree(p, Internal::AllocTypeClassNew);
+            fastFree(p);
+        }
+
+        void* operator new[](size_t size)
+        {
+            void* p = fastMalloc(size);
+            fastMallocMatchValidateMalloc(p, Internal::AllocTypeClassNewArray);
+            return p;
+        }
+
+        void operator delete[](void* p)
+        {
+            fastMallocMatchValidateFree(p, Internal::AllocTypeClassNewArray);
+            fastFree(p);
+        }
+    };
+
+    // fastNew / fastDelete
+
+    template <typename T>
+    inline T* fastNew()
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T;
+    }
+
+    template <typename T, typename Arg1>
+    inline T* fastNew(Arg1 arg1)
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T(arg1);
+    }
+
+    template <typename T, typename Arg1, typename Arg2>
+    inline T* fastNew(Arg1 arg1, Arg2 arg2)
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T(arg1, arg2);
+    }
+
+    template <typename T, typename Arg1, typename Arg2, typename Arg3>
+    inline T* fastNew(Arg1 arg1, Arg2 arg2, Arg3 arg3)
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T(arg1, arg2, arg3);
+    }
+
+    template <typename T, typename Arg1, typename Arg2, typename Arg3, typename Arg4>
+    inline T* fastNew(Arg1 arg1, Arg2 arg2, Arg3 arg3, Arg4 arg4)
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T(arg1, arg2, arg3, arg4);
+    }
+
+    template <typename T, typename Arg1, typename Arg2, typename Arg3, typename Arg4, typename Arg5>
+    inline T* fastNew(Arg1 arg1, Arg2 arg2, Arg3 arg3, Arg4 arg4, Arg5 arg5)
+    {
+        void* p = fastMalloc(sizeof(T));
+
+        if (!p)
+            return 0;
+
+        fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNew);
+        return ::new(p) T(arg1, arg2, arg3, arg4, arg5);
+    }
+
+    namespace Internal {
+
+        // We define a union of pointer to an integer and pointer to T.
+        // When non-POD arrays are allocated we add a few leading bytes to tell what
+        // the size of the array is. We return to the user the pointer to T.
+        // The way to think of it is as if we allocate a struct like so:
+        //    struct Array {
+        //        AllocAlignmentInteger m_size;
+        //        T m_T[array count];
+        //    };
+
+        template <typename T>
+        union ArraySize {
+            AllocAlignmentInteger* size;
+            T* t;
+        };
+
+        // This is a support template for fastNewArray.
+        // This handles the case wherein T has a trivial ctor and a trivial dtor.
+        template <typename T, bool trivialCtor, bool trivialDtor>
+        struct NewArrayImpl {
+            static T* fastNewArray(size_t count)
+            {
+                T* p = static_cast<T*>(fastMalloc(sizeof(T) * count));
+                fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNewArray);
+                return p;
+            }
+        };
+
+        // This is a support template for fastNewArray.
+        // This handles the case wherein T has a non-trivial ctor and a trivial dtor.
+        template <typename T>
+        struct NewArrayImpl<T, false, true> {
+            static T* fastNewArray(size_t count)
+            {
+                T* p = static_cast<T*>(fastMalloc(sizeof(T) * count));
+
+                if (!p)
+                    return 0;
+
+                fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNewArray);
+
+                for (T* pObject = p, *pObjectEnd = pObject + count; pObject != pObjectEnd; ++pObject)
+                    ::new(pObject) T;
+
+                return p;
+            }
+        };
+
+        // This is a support template for fastNewArray.
+        // This handles the case wherein T has a trivial ctor and a non-trivial dtor.
+        template <typename T>
+        struct NewArrayImpl<T, true, false> {
+            static T* fastNewArray(size_t count)
+            {
+                void* p = fastMalloc(sizeof(AllocAlignmentInteger) + (sizeof(T) * count));
+                ArraySize<T> a = { static_cast<AllocAlignmentInteger*>(p) };
+
+                if (!p)
+                    return 0;
+
+                fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNewArray);
+                *a.size++ = count;
+                // No need to construct the objects in this case.
+
+                return a.t;
+            }
+        };
+
+        // This is a support template for fastNewArray.
+        // This handles the case wherein T has a non-trivial ctor and a non-trivial dtor.
+        template <typename T>
+        struct NewArrayImpl<T, false, false> {
+            static T* fastNewArray(size_t count)
+            {
+                void* p = fastMalloc(sizeof(AllocAlignmentInteger) + (sizeof(T) * count));
+                ArraySize<T> a = { static_cast<AllocAlignmentInteger*>(p) };
+
+                if (!p)
+                    return 0;
+
+                fastMallocMatchValidateMalloc(p, Internal::AllocTypeFastNewArray);
+                *a.size++ = count;
+
+                for (T* pT = a.t, *pTEnd = pT + count; pT != pTEnd; ++pT)
+                    ::new(pT) T;
+
+                return a.t;
+            }
+        };
+    } // namespace Internal
+
+    template <typename T>
+    inline T* fastNewArray(size_t count)
+    {
+        return Internal::NewArrayImpl<T, WTF::HasTrivialConstructor<T>::value, WTF::HasTrivialDestructor<T>::value>::fastNewArray(count);
+    }
+
+    template <typename T>
+    inline void fastDelete(T* p)
+    {
+        if (!p)
+            return;
+
+        fastMallocMatchValidateFree(p, Internal::AllocTypeFastNew);
+        p->~T();
+        fastFree(p);
+    }
+
+    template <typename T>
+    inline void fastDeleteSkippingDestructor(T* p)
+    {
+        if (!p)
+            return;
+
+        fastMallocMatchValidateFree(p, Internal::AllocTypeFastNew);
+        fastFree(p);
+    }
+
+    namespace Internal {
+        // This is a support template for fastDeleteArray.
+        // This handles the case wherein T has a trivial dtor.
+        template <typename T, bool trivialDtor>
+        struct DeleteArrayImpl {
+            static void fastDeleteArray(void* p)
+            {
+                // No need to destruct the objects in this case.
+                // We expect that fastFree checks for null.
+                fastMallocMatchValidateFree(p, Internal::AllocTypeFastNewArray);
+                fastFree(p);
+            }
+        };
+
+        // This is a support template for fastDeleteArray.
+        // This handles the case wherein T has a non-trivial dtor.
+        template <typename T>
+        struct DeleteArrayImpl<T, false> {
+            static void fastDeleteArray(T* p)
+            {
+                if (!p)
+                    return;
+
+                ArraySize<T> a;
+                a.t = p;
+                a.size--; // Decrement size pointer
+
+                T* pEnd = p + *a.size;
+                while (pEnd-- != p)
+                    pEnd->~T();
+
+                fastMallocMatchValidateFree(a.size, Internal::AllocTypeFastNewArray);
+                fastFree(a.size);
+            }
+        };
+
+    } // namespace Internal
+
+    template <typename T>
+    void fastDeleteArray(T* p)
+    {
+        Internal::DeleteArrayImpl<T, WTF::HasTrivialDestructor<T>::value>::fastDeleteArray(p);
+    }
+
+
+    template <typename T>
+    inline void fastNonNullDelete(T* p)
+    {
+        fastMallocMatchValidateFree(p, Internal::AllocTypeFastNew);
+        p->~T();
+        fastFree(p);
+    }
+
+    namespace Internal {
+        // This is a support template for fastDeleteArray.
+        // This handles the case wherein T has a trivial dtor.
+        template <typename T, bool trivialDtor>
+        struct NonNullDeleteArrayImpl {
+            static void fastNonNullDeleteArray(void* p)
+            {
+                fastMallocMatchValidateFree(p, Internal::AllocTypeFastNewArray);
+                // No need to destruct the objects in this case.
+                fastFree(p);
+            }
+        };
+
+        // This is a support template for fastDeleteArray.
+        // This handles the case wherein T has a non-trivial dtor.
+        template <typename T>
+        struct NonNullDeleteArrayImpl<T, false> {
+            static void fastNonNullDeleteArray(T* p)
+            {
+                ArraySize<T> a;
+                a.t = p;
+                a.size--;
+
+                T* pEnd = p + *a.size;
+                while (pEnd-- != p)
+                    pEnd->~T();
+
+                fastMallocMatchValidateFree(a.size, Internal::AllocTypeFastNewArray);
+                fastFree(a.size);
+            }
+        };
+
+    } // namespace Internal
+
+    template <typename T>
+    void fastNonNullDeleteArray(T* p)
+    {
+        Internal::NonNullDeleteArrayImpl<T, WTF::HasTrivialDestructor<T>::value>::fastNonNullDeleteArray(p);
+    }
+
+
+} // namespace WTF
+
+using WTF::FastAllocBase;
+using WTF::fastDeleteSkippingDestructor;
+
+#endif // FastAllocBase_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp
new file mode 100644
index 000000000..f3ded7ef5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp
@@ -0,0 +1,4379 @@
+// Copyright (c) 2005, 2007, Google Inc.
+// All rights reserved.
+// Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Sanjay Ghemawat <opensource@google.com>
+//
+// A malloc that uses a per-thread cache to satisfy small malloc requests.
+// (The time for malloc/free of a small object drops from 300 ns to 50 ns.)
+//
+// See doc/tcmalloc.html for a high-level
+// description of how this malloc works.
+//
+// SYNCHRONIZATION
+//  1. The thread-specific lists are accessed without acquiring any locks.
+//     This is safe because each such list is only accessed by one thread.
+//  2. We have a lock per central free-list, and hold it while manipulating
+//     the central free list for a particular size.
+//  3. The central page allocator is protected by "pageheap_lock".
+//  4. The pagemap (which maps from page-number to descriptor),
+//     can be read without holding any locks, and written while holding
+//     the "pageheap_lock".
+//  5. To improve performance, a subset of the information one can get
+//     from the pagemap is cached in a data structure, pagemap_cache_,
+//     that atomically reads and writes its entries.  This cache can be
+//     read and written without locking.
+//
+//     This multi-threaded access to the pagemap is safe for fairly
+//     subtle reasons.  We basically assume that when an object X is
+//     allocated by thread A and deallocated by thread B, there must
+//     have been appropriate synchronization in the handoff of object
+//     X from thread A to thread B.  The same logic applies to pagemap_cache_.
+//
+// THE PAGEID-TO-SIZECLASS CACHE
+// Hot PageID-to-sizeclass mappings are held by pagemap_cache_.  If this cache
+// returns 0 for a particular PageID then that means "no information," not that
+// the sizeclass is 0.  The cache may have stale information for pages that do
+// not hold the beginning of any free()'able object.  Staleness is eliminated
+// in Populate() for pages with sizeclass > 0 objects, and in do_malloc() and
+// do_memalign() for all other relevant pages.
+//
+// TODO: Bias reclamation to larger addresses
+// TODO: implement mallinfo/mallopt
+// TODO: Better testing
+//
+// 9/28/2003 (new page-level allocator replaces ptmalloc2):
+// * malloc/free of small objects goes from ~300 ns to ~50 ns.
+// * allocation of a reasonably complicated struct
+//   goes from about 1100 ns to about 300 ns.
+
+#include "config.h"
+#include "FastMalloc.h"
+
+#include "Assertions.h"
+#include <limits>
+#if ENABLE(JSC_MULTIPLE_THREADS)
+#include <pthread.h>
+#endif
+
+#ifndef NO_TCMALLOC_SAMPLES
+#ifdef WTF_CHANGES
+#define NO_TCMALLOC_SAMPLES
+#endif
+#endif
+
+#if !(defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC) && defined(NDEBUG)
+#define FORCE_SYSTEM_MALLOC 0
+#else
+#define FORCE_SYSTEM_MALLOC 1
+#endif
+
+// Use a background thread to periodically scavenge memory to release back to the system
+// https://bugs.webkit.org/show_bug.cgi?id=27900: don't turn this on for Tiger until we have figured out why it caused a crash.
+#if defined(BUILDING_ON_TIGER)
+#define USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY 0
+#else
+#define USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY 1
+#endif
+
+#if defined(__HP_aCC)
+// HP'a aCC compiler has broken for scoping
+# define for if(0){}else for
+#endif
+
+#ifndef NDEBUG
+namespace WTF {
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+static pthread_key_t isForbiddenKey;
+static pthread_once_t isForbiddenKeyOnce = PTHREAD_ONCE_INIT;
+static void initializeIsForbiddenKey()
+{
+  pthread_key_create(&isForbiddenKey, 0);
+}
+
+static bool isForbidden()
+{
+    pthread_once(&isForbiddenKeyOnce, initializeIsForbiddenKey);
+    return !!pthread_getspecific(isForbiddenKey);
+}
+
+void fastMallocForbid()
+{
+    pthread_once(&isForbiddenKeyOnce, initializeIsForbiddenKey);
+    pthread_setspecific(isForbiddenKey, &isForbiddenKey);
+}
+
+void fastMallocAllow()
+{
+    pthread_once(&isForbiddenKeyOnce, initializeIsForbiddenKey);
+    pthread_setspecific(isForbiddenKey, 0);
+}
+
+#else
+
+static bool staticIsForbidden;
+static bool isForbidden()
+{
+    return staticIsForbidden;
+}
+
+void fastMallocForbid()
+{
+    staticIsForbidden = true;
+}
+
+void fastMallocAllow()
+{
+    staticIsForbidden = false;
+}
+#endif // ENABLE(JSC_MULTIPLE_THREADS)
+
+} // namespace WTF
+#endif // NDEBUG
+
+#include <string.h>
+
+namespace WTF {
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+
+namespace Internal {
+
+void fastMallocMatchFailed(void*)
+{
+    CRASH();
+}
+
+} // namespace Internal
+
+#endif
+
+void* fastZeroedMalloc(size_t n) 
+{
+    void* result = fastMalloc(n);
+    memset(result, 0, n);
+    return result;
+}
+    
+TryMallocReturnValue tryFastZeroedMalloc(size_t n) 
+{
+    void* result;
+    if (!tryFastMalloc(n).getValue(result))
+        return 0;
+    memset(result, 0, n);
+    return result;
+}
+
+} // namespace WTF
+
+#if FORCE_SYSTEM_MALLOC
+
+#include <stdlib.h>
+#if !PLATFORM(WIN_OS)
+    #include <pthread.h>
+#else
+    #include "windows.h"
+#endif
+
+namespace WTF {
+
+TryMallocReturnValue tryFastMalloc(size_t n) 
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= n)  // If overflow would occur...
+        return 0;
+
+    void* result = malloc(n + sizeof(AllocAlignmentInteger));
+    if (!result)
+        return 0;
+
+    *static_cast<AllocAlignmentInteger*>(result) = Internal::AllocTypeMalloc;
+    result = static_cast<AllocAlignmentInteger*>(result) + 1;
+
+    return result;
+#else
+    return malloc(n);
+#endif
+}
+
+void* fastMalloc(size_t n) 
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    TryMallocReturnValue returnValue = tryFastMalloc(n);
+    void* result;
+    returnValue.getValue(result);
+#else
+    void* result = malloc(n);
+#endif
+
+    if (!result)
+        CRASH();
+    return result;
+}
+
+TryMallocReturnValue tryFastCalloc(size_t n_elements, size_t element_size)
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    size_t totalBytes = n_elements * element_size;
+    if (n_elements > 1 && element_size && (totalBytes / element_size) != n_elements || (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= totalBytes))
+        return 0;
+
+    totalBytes += sizeof(AllocAlignmentInteger);
+    void* result = malloc(totalBytes);
+    if (!result)
+        return 0;
+
+    memset(result, 0, totalBytes);
+    *static_cast<AllocAlignmentInteger*>(result) = Internal::AllocTypeMalloc;
+    result = static_cast<AllocAlignmentInteger*>(result) + 1;
+    return result;
+#else
+    return calloc(n_elements, element_size);
+#endif
+}
+
+void* fastCalloc(size_t n_elements, size_t element_size)
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    TryMallocReturnValue returnValue = tryFastCalloc(n_elements, element_size);
+    void* result;
+    returnValue.getValue(result);
+#else
+    void* result = calloc(n_elements, element_size);
+#endif
+
+    if (!result)
+        CRASH();
+    return result;
+}
+
+void fastFree(void* p)
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (!p)
+        return;
+
+    AllocAlignmentInteger* header = Internal::fastMallocMatchValidationValue(p);
+    if (*header != Internal::AllocTypeMalloc)
+        Internal::fastMallocMatchFailed(p);
+    free(header);
+#else
+    free(p);
+#endif
+}
+
+TryMallocReturnValue tryFastRealloc(void* p, size_t n)
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (p) {
+        if (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= n)  // If overflow would occur...
+            return 0;
+        AllocAlignmentInteger* header = Internal::fastMallocMatchValidationValue(p);
+        if (*header != Internal::AllocTypeMalloc)
+            Internal::fastMallocMatchFailed(p);
+        void* result = realloc(header, n + sizeof(AllocAlignmentInteger));
+        if (!result)
+            return 0;
+
+        // This should not be needed because the value is already there:
+        // *static_cast<AllocAlignmentInteger*>(result) = Internal::AllocTypeMalloc;
+        result = static_cast<AllocAlignmentInteger*>(result) + 1;
+        return result;
+    } else {
+        return fastMalloc(n);
+    }
+#else
+    return realloc(p, n);
+#endif
+}
+
+void* fastRealloc(void* p, size_t n)
+{
+    ASSERT(!isForbidden());
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    TryMallocReturnValue returnValue = tryFastRealloc(p, n);
+    void* result;
+    returnValue.getValue(result);
+#else
+    void* result = realloc(p, n);
+#endif
+
+    if (!result)
+        CRASH();
+    return result;
+}
+
+void releaseFastMallocFreeMemory() { }
+    
+FastMallocStatistics fastMallocStatistics()
+{
+    FastMallocStatistics statistics = { 0, 0, 0, 0 };
+    return statistics;
+}
+
+} // namespace WTF
+
+#if PLATFORM(DARWIN)
+// This symbol is present in the JavaScriptCore exports file even when FastMalloc is disabled.
+// It will never be used in this case, so it's type and value are less interesting than its presence.
+extern "C" const int jscore_fastmalloc_introspection = 0;
+#endif
+
+#else // FORCE_SYSTEM_MALLOC
+
+#if HAVE(STDINT_H)
+#include <stdint.h>
+#elif HAVE(INTTYPES_H)
+#include <inttypes.h>
+#else
+#include <sys/types.h>
+#endif
+
+#include "AlwaysInline.h"
+#include "Assertions.h"
+#include "TCPackedCache.h"
+#include "TCPageMap.h"
+#include "TCSpinLock.h"
+#include "TCSystemAlloc.h"
+#include <algorithm>
+#include <errno.h>
+#include <limits>
+#include <new>
+#include <pthread.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#if PLATFORM(UNIX)
+#include <unistd.h>
+#endif
+#if COMPILER(MSVC)
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#endif
+
+#if WTF_CHANGES
+
+#if PLATFORM(DARWIN)
+#include "MallocZoneSupport.h"
+#include <wtf/HashSet.h>
+#include <wtf/Vector.h>
+#endif
+
+#ifndef PRIuS
+#define PRIuS "zu"
+#endif
+
+// Calling pthread_getspecific through a global function pointer is faster than a normal
+// call to the function on Mac OS X, and it's used in performance-critical code. So we
+// use a function pointer. But that's not necessarily faster on other platforms, and we had
+// problems with this technique on Windows, so we'll do this only on Mac OS X.
+#if PLATFORM(DARWIN)
+static void* (*pthread_getspecific_function_pointer)(pthread_key_t) = pthread_getspecific;
+#define pthread_getspecific(key) pthread_getspecific_function_pointer(key)
+#endif
+
+#define DEFINE_VARIABLE(type, name, value, meaning) \
+  namespace FLAG__namespace_do_not_use_directly_use_DECLARE_##type##_instead {  \
+  type FLAGS_##name(value);                                \
+  char FLAGS_no##name;                                                        \
+  }                                                                           \
+  using FLAG__namespace_do_not_use_directly_use_DECLARE_##type##_instead::FLAGS_##name
+  
+#define DEFINE_int64(name, value, meaning) \
+  DEFINE_VARIABLE(int64_t, name, value, meaning)
+  
+#define DEFINE_double(name, value, meaning) \
+  DEFINE_VARIABLE(double, name, value, meaning)
+
+namespace WTF {
+
+#define malloc fastMalloc
+#define calloc fastCalloc
+#define free fastFree
+#define realloc fastRealloc
+
+#define MESSAGE LOG_ERROR
+#define CHECK_CONDITION ASSERT
+
+#if PLATFORM(DARWIN)
+class Span;
+class TCMalloc_Central_FreeListPadded;
+class TCMalloc_PageHeap;
+class TCMalloc_ThreadCache;
+template <typename T> class PageHeapAllocator;
+
+class FastMallocZone {
+public:
+    static void init();
+
+    static kern_return_t enumerate(task_t, void*, unsigned typeMmask, vm_address_t zoneAddress, memory_reader_t, vm_range_recorder_t);
+    static size_t goodSize(malloc_zone_t*, size_t size) { return size; }
+    static boolean_t check(malloc_zone_t*) { return true; }
+    static void  print(malloc_zone_t*, boolean_t) { }
+    static void log(malloc_zone_t*, void*) { }
+    static void forceLock(malloc_zone_t*) { }
+    static void forceUnlock(malloc_zone_t*) { }
+    static void statistics(malloc_zone_t*, malloc_statistics_t* stats) { memset(stats, 0, sizeof(malloc_statistics_t)); }
+
+private:
+    FastMallocZone(TCMalloc_PageHeap*, TCMalloc_ThreadCache**, TCMalloc_Central_FreeListPadded*, PageHeapAllocator<Span>*, PageHeapAllocator<TCMalloc_ThreadCache>*);
+    static size_t size(malloc_zone_t*, const void*);
+    static void* zoneMalloc(malloc_zone_t*, size_t);
+    static void* zoneCalloc(malloc_zone_t*, size_t numItems, size_t size);
+    static void zoneFree(malloc_zone_t*, void*);
+    static void* zoneRealloc(malloc_zone_t*, void*, size_t);
+    static void* zoneValloc(malloc_zone_t*, size_t) { LOG_ERROR("valloc is not supported"); return 0; }
+    static void zoneDestroy(malloc_zone_t*) { }
+
+    malloc_zone_t m_zone;
+    TCMalloc_PageHeap* m_pageHeap;
+    TCMalloc_ThreadCache** m_threadHeaps;
+    TCMalloc_Central_FreeListPadded* m_centralCaches;
+    PageHeapAllocator<Span>* m_spanAllocator;
+    PageHeapAllocator<TCMalloc_ThreadCache>* m_pageHeapAllocator;
+};
+
+#endif
+
+#endif
+
+#ifndef WTF_CHANGES
+// This #ifdef should almost never be set.  Set NO_TCMALLOC_SAMPLES if
+// you're porting to a system where you really can't get a stacktrace.
+#ifdef NO_TCMALLOC_SAMPLES
+// We use #define so code compiles even if you #include stacktrace.h somehow.
+# define GetStackTrace(stack, depth, skip)  (0)
+#else
+# include <google/stacktrace.h>
+#endif
+#endif
+
+// Even if we have support for thread-local storage in the compiler
+// and linker, the OS may not support it.  We need to check that at
+// runtime.  Right now, we have to keep a manual set of "bad" OSes.
+#if defined(HAVE_TLS)
+  static bool kernel_supports_tls = false;      // be conservative
+  static inline bool KernelSupportsTLS() {
+    return kernel_supports_tls;
+  }
+# if !HAVE_DECL_UNAME   // if too old for uname, probably too old for TLS
+    static void CheckIfKernelSupportsTLS() {
+      kernel_supports_tls = false;
+    }
+# else
+#   include <sys/utsname.h>    // DECL_UNAME checked for <sys/utsname.h> too
+    static void CheckIfKernelSupportsTLS() {
+      struct utsname buf;
+      if (uname(&buf) != 0) {   // should be impossible
+        MESSAGE("uname failed assuming no TLS support (errno=%d)\n", errno);
+        kernel_supports_tls = false;
+      } else if (strcasecmp(buf.sysname, "linux") == 0) {
+        // The linux case: the first kernel to support TLS was 2.6.0
+        if (buf.release[0] < '2' && buf.release[1] == '.')    // 0.x or 1.x
+          kernel_supports_tls = false;
+        else if (buf.release[0] == '2' && buf.release[1] == '.' &&
+                 buf.release[2] >= '0' && buf.release[2] < '6' &&
+                 buf.release[3] == '.')                       // 2.0 - 2.5
+          kernel_supports_tls = false;
+        else
+          kernel_supports_tls = true;
+      } else {        // some other kernel, we'll be optimisitic
+        kernel_supports_tls = true;
+      }
+      // TODO(csilvers): VLOG(1) the tls status once we support RAW_VLOG
+    }
+#  endif  // HAVE_DECL_UNAME
+#endif    // HAVE_TLS
+
+// __THROW is defined in glibc systems.  It means, counter-intuitively,
+// "This function will never throw an exception."  It's an optional
+// optimization tool, but we may need to use it to match glibc prototypes.
+#ifndef __THROW    // I guess we're not on a glibc system
+# define __THROW   // __THROW is just an optimization, so ok to make it ""
+#endif
+
+//-------------------------------------------------------------------
+// Configuration
+//-------------------------------------------------------------------
+
+// Not all possible combinations of the following parameters make
+// sense.  In particular, if kMaxSize increases, you may have to
+// increase kNumClasses as well.
+static const size_t kPageShift  = 12;
+static const size_t kPageSize   = 1 << kPageShift;
+static const size_t kMaxSize    = 8u * kPageSize;
+static const size_t kAlignShift = 3;
+static const size_t kAlignment  = 1 << kAlignShift;
+static const size_t kNumClasses = 68;
+
+// Allocates a big block of memory for the pagemap once we reach more than
+// 128MB
+static const size_t kPageMapBigAllocationThreshold = 128 << 20;
+
+// Minimum number of pages to fetch from system at a time.  Must be
+// significantly bigger than kPageSize to amortize system-call
+// overhead, and also to reduce external fragementation.  Also, we
+// should keep this value big because various incarnations of Linux
+// have small limits on the number of mmap() regions per
+// address-space.
+static const size_t kMinSystemAlloc = 1 << (20 - kPageShift);
+
+// Number of objects to move between a per-thread list and a central
+// list in one shot.  We want this to be not too small so we can
+// amortize the lock overhead for accessing the central list.  Making
+// it too big may temporarily cause unnecessary memory wastage in the
+// per-thread free list until the scavenger cleans up the list.
+static int num_objects_to_move[kNumClasses];
+
+// Maximum length we allow a per-thread free-list to have before we
+// move objects from it into the corresponding central free-list.  We
+// want this big to avoid locking the central free-list too often.  It
+// should not hurt to make this list somewhat big because the
+// scavenging code will shrink it down when its contents are not in use.
+static const int kMaxFreeListLength = 256;
+
+// Lower and upper bounds on the per-thread cache sizes
+static const size_t kMinThreadCacheSize = kMaxSize * 2;
+static const size_t kMaxThreadCacheSize = 2 << 20;
+
+// Default bound on the total amount of thread caches
+static const size_t kDefaultOverallThreadCacheSize = 16 << 20;
+
+// For all span-lengths < kMaxPages we keep an exact-size list.
+// REQUIRED: kMaxPages >= kMinSystemAlloc;
+static const size_t kMaxPages = kMinSystemAlloc;
+
+/* The smallest prime > 2^n */
+static int primes_list[] = {
+    // Small values might cause high rates of sampling
+    // and hence commented out.
+    // 2, 5, 11, 17, 37, 67, 131, 257,
+    // 521, 1031, 2053, 4099, 8209, 16411,
+    32771, 65537, 131101, 262147, 524309, 1048583,
+    2097169, 4194319, 8388617, 16777259, 33554467 };
+
+// Twice the approximate gap between sampling actions.
+// I.e., we take one sample approximately once every
+//      tcmalloc_sample_parameter/2
+// bytes of allocation, i.e., ~ once every 128KB.
+// Must be a prime number.
+#ifdef NO_TCMALLOC_SAMPLES
+DEFINE_int64(tcmalloc_sample_parameter, 0,
+             "Unused: code is compiled with NO_TCMALLOC_SAMPLES");
+static size_t sample_period = 0;
+#else
+DEFINE_int64(tcmalloc_sample_parameter, 262147,
+         "Twice the approximate gap between sampling actions."
+         " Must be a prime number. Otherwise will be rounded up to a "
+         " larger prime number");
+static size_t sample_period = 262147;
+#endif
+
+// Protects sample_period above
+static SpinLock sample_period_lock = SPINLOCK_INITIALIZER;
+
+// Parameters for controlling how fast memory is returned to the OS.
+
+DEFINE_double(tcmalloc_release_rate, 1,
+              "Rate at which we release unused memory to the system.  "
+              "Zero means we never release memory back to the system.  "
+              "Increase this flag to return memory faster; decrease it "
+              "to return memory slower.  Reasonable rates are in the "
+              "range [0,10]");
+
+//-------------------------------------------------------------------
+// Mapping from size to size_class and vice versa
+//-------------------------------------------------------------------
+
+// Sizes <= 1024 have an alignment >= 8.  So for such sizes we have an
+// array indexed by ceil(size/8).  Sizes > 1024 have an alignment >= 128.
+// So for these larger sizes we have an array indexed by ceil(size/128).
+//
+// We flatten both logical arrays into one physical array and use
+// arithmetic to compute an appropriate index.  The constants used by
+// ClassIndex() were selected to make the flattening work.
+//
+// Examples:
+//   Size       Expression                      Index
+//   -------------------------------------------------------
+//   0          (0 + 7) / 8                     0
+//   1          (1 + 7) / 8                     1
+//   ...
+//   1024       (1024 + 7) / 8                  128
+//   1025       (1025 + 127 + (120<<7)) / 128   129
+//   ...
+//   32768      (32768 + 127 + (120<<7)) / 128  376
+static const size_t kMaxSmallSize = 1024;
+static const int shift_amount[2] = { 3, 7 };  // For divides by 8 or 128
+static const int add_amount[2] = { 7, 127 + (120 << 7) };
+static unsigned char class_array[377];
+
+// Compute index of the class_array[] entry for a given size
+static inline int ClassIndex(size_t s) {
+  const int i = (s > kMaxSmallSize);
+  return static_cast<int>((s + add_amount[i]) >> shift_amount[i]);
+}
+
+// Mapping from size class to max size storable in that class
+static size_t class_to_size[kNumClasses];
+
+// Mapping from size class to number of pages to allocate at a time
+static size_t class_to_pages[kNumClasses];
+
+// TransferCache is used to cache transfers of num_objects_to_move[size_class]
+// back and forth between thread caches and the central cache for a given size
+// class.
+struct TCEntry {
+  void *head;  // Head of chain of objects.
+  void *tail;  // Tail of chain of objects.
+};
+// A central cache freelist can have anywhere from 0 to kNumTransferEntries
+// slots to put link list chains into.  To keep memory usage bounded the total
+// number of TCEntries across size classes is fixed.  Currently each size
+// class is initially given one TCEntry which also means that the maximum any
+// one class can have is kNumClasses.
+static const int kNumTransferEntries = kNumClasses;
+
+// Note: the following only works for "n"s that fit in 32-bits, but
+// that is fine since we only use it for small sizes.
+static inline int LgFloor(size_t n) {
+  int log = 0;
+  for (int i = 4; i >= 0; --i) {
+    int shift = (1 << i);
+    size_t x = n >> shift;
+    if (x != 0) {
+      n = x;
+      log += shift;
+    }
+  }
+  ASSERT(n == 1);
+  return log;
+}
+
+// Some very basic linked list functions for dealing with using void * as
+// storage.
+
+static inline void *SLL_Next(void *t) {
+  return *(reinterpret_cast<void**>(t));
+}
+
+static inline void SLL_SetNext(void *t, void *n) {
+  *(reinterpret_cast<void**>(t)) = n;
+}
+
+static inline void SLL_Push(void **list, void *element) {
+  SLL_SetNext(element, *list);
+  *list = element;
+}
+
+static inline void *SLL_Pop(void **list) {
+  void *result = *list;
+  *list = SLL_Next(*list);
+  return result;
+}
+
+
+// Remove N elements from a linked list to which head points.  head will be
+// modified to point to the new head.  start and end will point to the first
+// and last nodes of the range.  Note that end will point to NULL after this
+// function is called.
+static inline void SLL_PopRange(void **head, int N, void **start, void **end) {
+  if (N == 0) {
+    *start = NULL;
+    *end = NULL;
+    return;
+  }
+
+  void *tmp = *head;
+  for (int i = 1; i < N; ++i) {
+    tmp = SLL_Next(tmp);
+  }
+
+  *start = *head;
+  *end = tmp;
+  *head = SLL_Next(tmp);
+  // Unlink range from list.
+  SLL_SetNext(tmp, NULL);
+}
+
+static inline void SLL_PushRange(void **head, void *start, void *end) {
+  if (!start) return;
+  SLL_SetNext(end, *head);
+  *head = start;
+}
+
+static inline size_t SLL_Size(void *head) {
+  int count = 0;
+  while (head) {
+    count++;
+    head = SLL_Next(head);
+  }
+  return count;
+}
+
+// Setup helper functions.
+
+static ALWAYS_INLINE size_t SizeClass(size_t size) {
+  return class_array[ClassIndex(size)];
+}
+
+// Get the byte-size for a specified class
+static ALWAYS_INLINE size_t ByteSizeForClass(size_t cl) {
+  return class_to_size[cl];
+}
+static int NumMoveSize(size_t size) {
+  if (size == 0) return 0;
+  // Use approx 64k transfers between thread and central caches.
+  int num = static_cast<int>(64.0 * 1024.0 / size);
+  if (num < 2) num = 2;
+  // Clamp well below kMaxFreeListLength to avoid ping pong between central
+  // and thread caches.
+  if (num > static_cast<int>(0.8 * kMaxFreeListLength))
+    num = static_cast<int>(0.8 * kMaxFreeListLength);
+
+  // Also, avoid bringing in too many objects into small object free
+  // lists.  There are lots of such lists, and if we allow each one to
+  // fetch too many at a time, we end up having to scavenge too often
+  // (especially when there are lots of threads and each thread gets a
+  // small allowance for its thread cache).
+  //
+  // TODO: Make thread cache free list sizes dynamic so that we do not
+  // have to equally divide a fixed resource amongst lots of threads.
+  if (num > 32) num = 32;
+
+  return num;
+}
+
+// Initialize the mapping arrays
+static void InitSizeClasses() {
+  // Do some sanity checking on add_amount[]/shift_amount[]/class_array[]
+  if (ClassIndex(0) < 0) {
+    MESSAGE("Invalid class index %d for size 0\n", ClassIndex(0));
+    CRASH();
+  }
+  if (static_cast<size_t>(ClassIndex(kMaxSize)) >= sizeof(class_array)) {
+    MESSAGE("Invalid class index %d for kMaxSize\n", ClassIndex(kMaxSize));
+    CRASH();
+  }
+
+  // Compute the size classes we want to use
+  size_t sc = 1;   // Next size class to assign
+  unsigned char alignshift = kAlignShift;
+  int last_lg = -1;
+  for (size_t size = kAlignment; size <= kMaxSize; size += (1 << alignshift)) {
+    int lg = LgFloor(size);
+    if (lg > last_lg) {
+      // Increase alignment every so often.
+      //
+      // Since we double the alignment every time size doubles and
+      // size >= 128, this means that space wasted due to alignment is
+      // at most 16/128 i.e., 12.5%.  Plus we cap the alignment at 256
+      // bytes, so the space wasted as a percentage starts falling for
+      // sizes > 2K.
+      if ((lg >= 7) && (alignshift < 8)) {
+        alignshift++;
+      }
+      last_lg = lg;
+    }
+
+    // Allocate enough pages so leftover is less than 1/8 of total.
+    // This bounds wasted space to at most 12.5%.
+    size_t psize = kPageSize;
+    while ((psize % size) > (psize >> 3)) {
+      psize += kPageSize;
+    }
+    const size_t my_pages = psize >> kPageShift;
+
+    if (sc > 1 && my_pages == class_to_pages[sc-1]) {
+      // See if we can merge this into the previous class without
+      // increasing the fragmentation of the previous class.
+      const size_t my_objects = (my_pages << kPageShift) / size;
+      const size_t prev_objects = (class_to_pages[sc-1] << kPageShift)
+                                  / class_to_size[sc-1];
+      if (my_objects == prev_objects) {
+        // Adjust last class to include this size
+        class_to_size[sc-1] = size;
+        continue;
+      }
+    }
+
+    // Add new class
+    class_to_pages[sc] = my_pages;
+    class_to_size[sc] = size;
+    sc++;
+  }
+  if (sc != kNumClasses) {
+    MESSAGE("wrong number of size classes: found %" PRIuS " instead of %d\n",
+            sc, int(kNumClasses));
+    CRASH();
+  }
+
+  // Initialize the mapping arrays
+  int next_size = 0;
+  for (unsigned char c = 1; c < kNumClasses; c++) {
+    const size_t max_size_in_class = class_to_size[c];
+    for (size_t s = next_size; s <= max_size_in_class; s += kAlignment) {
+      class_array[ClassIndex(s)] = c;
+    }
+    next_size = static_cast<int>(max_size_in_class + kAlignment);
+  }
+
+  // Double-check sizes just to be safe
+  for (size_t size = 0; size <= kMaxSize; size++) {
+    const size_t sc = SizeClass(size);
+    if (sc == 0) {
+      MESSAGE("Bad size class %" PRIuS " for %" PRIuS "\n", sc, size);
+      CRASH();
+    }
+    if (sc > 1 && size <= class_to_size[sc-1]) {
+      MESSAGE("Allocating unnecessarily large class %" PRIuS " for %" PRIuS
+              "\n", sc, size);
+      CRASH();
+    }
+    if (sc >= kNumClasses) {
+      MESSAGE("Bad size class %" PRIuS " for %" PRIuS "\n", sc, size);
+      CRASH();
+    }
+    const size_t s = class_to_size[sc];
+    if (size > s) {
+     MESSAGE("Bad size %" PRIuS " for %" PRIuS " (sc = %" PRIuS ")\n", s, size, sc);
+      CRASH();
+    }
+    if (s == 0) {
+      MESSAGE("Bad size %" PRIuS " for %" PRIuS " (sc = %" PRIuS ")\n", s, size, sc);
+      CRASH();
+    }
+  }
+
+  // Initialize the num_objects_to_move array.
+  for (size_t cl = 1; cl  < kNumClasses; ++cl) {
+    num_objects_to_move[cl] = NumMoveSize(ByteSizeForClass(cl));
+  }
+
+#ifndef WTF_CHANGES
+  if (false) {
+    // Dump class sizes and maximum external wastage per size class
+    for (size_t cl = 1; cl  < kNumClasses; ++cl) {
+      const int alloc_size = class_to_pages[cl] << kPageShift;
+      const int alloc_objs = alloc_size / class_to_size[cl];
+      const int min_used = (class_to_size[cl-1] + 1) * alloc_objs;
+      const int max_waste = alloc_size - min_used;
+      MESSAGE("SC %3d [ %8d .. %8d ] from %8d ; %2.0f%% maxwaste\n",
+              int(cl),
+              int(class_to_size[cl-1] + 1),
+              int(class_to_size[cl]),
+              int(class_to_pages[cl] << kPageShift),
+              max_waste * 100.0 / alloc_size
+              );
+    }
+  }
+#endif
+}
+
+// -------------------------------------------------------------------------
+// Simple allocator for objects of a specified type.  External locking
+// is required before accessing one of these objects.
+// -------------------------------------------------------------------------
+
+// Metadata allocator -- keeps stats about how many bytes allocated
+static uint64_t metadata_system_bytes = 0;
+static void* MetaDataAlloc(size_t bytes) {
+  void* result = TCMalloc_SystemAlloc(bytes, 0);
+  if (result != NULL) {
+    metadata_system_bytes += bytes;
+  }
+  return result;
+}
+
+template <class T>
+class PageHeapAllocator {
+ private:
+  // How much to allocate from system at a time
+  static const size_t kAllocIncrement = 32 << 10;
+
+  // Aligned size of T
+  static const size_t kAlignedSize
+  = (((sizeof(T) + kAlignment - 1) / kAlignment) * kAlignment);
+
+  // Free area from which to carve new objects
+  char* free_area_;
+  size_t free_avail_;
+
+  // Linked list of all regions allocated by this allocator
+  void* allocated_regions_;
+
+  // Free list of already carved objects
+  void* free_list_;
+
+  // Number of allocated but unfreed objects
+  int inuse_;
+
+ public:
+  void Init() {
+    ASSERT(kAlignedSize <= kAllocIncrement);
+    inuse_ = 0;
+    allocated_regions_ = 0;
+    free_area_ = NULL;
+    free_avail_ = 0;
+    free_list_ = NULL;
+  }
+
+  T* New() {
+    // Consult free list
+    void* result;
+    if (free_list_ != NULL) {
+      result = free_list_;
+      free_list_ = *(reinterpret_cast<void**>(result));
+    } else {
+      if (free_avail_ < kAlignedSize) {
+        // Need more room
+        char* new_allocation = reinterpret_cast<char*>(MetaDataAlloc(kAllocIncrement));
+        if (!new_allocation)
+          CRASH();
+
+        *(void**)new_allocation = allocated_regions_;
+        allocated_regions_ = new_allocation;
+        free_area_ = new_allocation + kAlignedSize;
+        free_avail_ = kAllocIncrement - kAlignedSize;
+      }
+      result = free_area_;
+      free_area_ += kAlignedSize;
+      free_avail_ -= kAlignedSize;
+    }
+    inuse_++;
+    return reinterpret_cast<T*>(result);
+  }
+
+  void Delete(T* p) {
+    *(reinterpret_cast<void**>(p)) = free_list_;
+    free_list_ = p;
+    inuse_--;
+  }
+
+  int inuse() const { return inuse_; }
+
+#if defined(WTF_CHANGES) && PLATFORM(DARWIN)
+  template <class Recorder>
+  void recordAdministrativeRegions(Recorder& recorder, const RemoteMemoryReader& reader)
+  {
+      vm_address_t adminAllocation = reinterpret_cast<vm_address_t>(allocated_regions_);
+      while (adminAllocation) {
+          recorder.recordRegion(adminAllocation, kAllocIncrement);
+          adminAllocation = *reader(reinterpret_cast<vm_address_t*>(adminAllocation));
+      }
+  }
+#endif
+};
+
+// -------------------------------------------------------------------------
+// Span - a contiguous run of pages
+// -------------------------------------------------------------------------
+
+// Type that can hold a page number
+typedef uintptr_t PageID;
+
+// Type that can hold the length of a run of pages
+typedef uintptr_t Length;
+
+static const Length kMaxValidPages = (~static_cast<Length>(0)) >> kPageShift;
+
+// Convert byte size into pages.  This won't overflow, but may return
+// an unreasonably large value if bytes is huge enough.
+static inline Length pages(size_t bytes) {
+  return (bytes >> kPageShift) +
+      ((bytes & (kPageSize - 1)) > 0 ? 1 : 0);
+}
+
+// Convert a user size into the number of bytes that will actually be
+// allocated
+static size_t AllocationSize(size_t bytes) {
+  if (bytes > kMaxSize) {
+    // Large object: we allocate an integral number of pages
+    ASSERT(bytes <= (kMaxValidPages << kPageShift));
+    return pages(bytes) << kPageShift;
+  } else {
+    // Small object: find the size class to which it belongs
+    return ByteSizeForClass(SizeClass(bytes));
+  }
+}
+
+// Information kept for a span (a contiguous run of pages).
+struct Span {
+  PageID        start;          // Starting page number
+  Length        length;         // Number of pages in span
+  Span*         next;           // Used when in link list
+  Span*         prev;           // Used when in link list
+  void*         objects;        // Linked list of free objects
+  unsigned int  free : 1;       // Is the span free
+#ifndef NO_TCMALLOC_SAMPLES
+  unsigned int  sample : 1;     // Sampled object?
+#endif
+  unsigned int  sizeclass : 8;  // Size-class for small objects (or 0)
+  unsigned int  refcount : 11;  // Number of non-free objects
+  bool decommitted : 1;
+
+#undef SPAN_HISTORY
+#ifdef SPAN_HISTORY
+  // For debugging, we can keep a log events per span
+  int nexthistory;
+  char history[64];
+  int value[64];
+#endif
+};
+
+#define ASSERT_SPAN_COMMITTED(span) ASSERT(!span->decommitted)
+
+#ifdef SPAN_HISTORY
+void Event(Span* span, char op, int v = 0) {
+  span->history[span->nexthistory] = op;
+  span->value[span->nexthistory] = v;
+  span->nexthistory++;
+  if (span->nexthistory == sizeof(span->history)) span->nexthistory = 0;
+}
+#else
+#define Event(s,o,v) ((void) 0)
+#endif
+
+// Allocator/deallocator for spans
+static PageHeapAllocator<Span> span_allocator;
+static Span* NewSpan(PageID p, Length len) {
+  Span* result = span_allocator.New();
+  memset(result, 0, sizeof(*result));
+  result->start = p;
+  result->length = len;
+#ifdef SPAN_HISTORY
+  result->nexthistory = 0;
+#endif
+  return result;
+}
+
+static inline void DeleteSpan(Span* span) {
+#ifndef NDEBUG
+  // In debug mode, trash the contents of deleted Spans
+  memset(span, 0x3f, sizeof(*span));
+#endif
+  span_allocator.Delete(span);
+}
+
+// -------------------------------------------------------------------------
+// Doubly linked list of spans.
+// -------------------------------------------------------------------------
+
+static inline void DLL_Init(Span* list) {
+  list->next = list;
+  list->prev = list;
+}
+
+static inline void DLL_Remove(Span* span) {
+  span->prev->next = span->next;
+  span->next->prev = span->prev;
+  span->prev = NULL;
+  span->next = NULL;
+}
+
+static ALWAYS_INLINE bool DLL_IsEmpty(const Span* list) {
+  return list->next == list;
+}
+
+static int DLL_Length(const Span* list) {
+  int result = 0;
+  for (Span* s = list->next; s != list; s = s->next) {
+    result++;
+  }
+  return result;
+}
+
+#if 0 /* Not needed at the moment -- causes compiler warnings if not used */
+static void DLL_Print(const char* label, const Span* list) {
+  MESSAGE("%-10s %p:", label, list);
+  for (const Span* s = list->next; s != list; s = s->next) {
+    MESSAGE(" <%p,%u,%u>", s, s->start, s->length);
+  }
+  MESSAGE("\n");
+}
+#endif
+
+static inline void DLL_Prepend(Span* list, Span* span) {
+  ASSERT(span->next == NULL);
+  ASSERT(span->prev == NULL);
+  span->next = list->next;
+  span->prev = list;
+  list->next->prev = span;
+  list->next = span;
+}
+
+// -------------------------------------------------------------------------
+// Stack traces kept for sampled allocations
+//   The following state is protected by pageheap_lock_.
+// -------------------------------------------------------------------------
+
+// size/depth are made the same size as a pointer so that some generic
+// code below can conveniently cast them back and forth to void*.
+static const int kMaxStackDepth = 31;
+struct StackTrace {
+  uintptr_t size;          // Size of object
+  uintptr_t depth;         // Number of PC values stored in array below
+  void*     stack[kMaxStackDepth];
+};
+static PageHeapAllocator<StackTrace> stacktrace_allocator;
+static Span sampled_objects;
+
+// -------------------------------------------------------------------------
+// Map from page-id to per-page data
+// -------------------------------------------------------------------------
+
+// We use PageMap2<> for 32-bit and PageMap3<> for 64-bit machines.
+// We also use a simple one-level cache for hot PageID-to-sizeclass mappings,
+// because sometimes the sizeclass is all the information we need.
+
+// Selector class -- general selector uses 3-level map
+template <int BITS> class MapSelector {
+ public:
+  typedef TCMalloc_PageMap3<BITS-kPageShift> Type;
+  typedef PackedCache<BITS, uint64_t> CacheType;
+};
+
+#if defined(WTF_CHANGES)
+#if PLATFORM(X86_64)
+// On all known X86-64 platforms, the upper 16 bits are always unused and therefore 
+// can be excluded from the PageMap key.
+// See http://en.wikipedia.org/wiki/X86-64#Virtual_address_space_details
+
+static const size_t kBitsUnusedOn64Bit = 16;
+#else
+static const size_t kBitsUnusedOn64Bit = 0;
+#endif
+
+// A three-level map for 64-bit machines
+template <> class MapSelector<64> {
+ public:
+  typedef TCMalloc_PageMap3<64 - kPageShift - kBitsUnusedOn64Bit> Type;
+  typedef PackedCache<64, uint64_t> CacheType;
+};
+#endif
+
+// A two-level map for 32-bit machines
+template <> class MapSelector<32> {
+ public:
+  typedef TCMalloc_PageMap2<32 - kPageShift> Type;
+  typedef PackedCache<32 - kPageShift, uint16_t> CacheType;
+};
+
+// -------------------------------------------------------------------------
+// Page-level allocator
+//  * Eager coalescing
+//
+// Heap for page-level allocation.  We allow allocating and freeing a
+// contiguous runs of pages (called a "span").
+// -------------------------------------------------------------------------
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+// The central page heap collects spans of memory that have been deleted but are still committed until they are released
+// back to the system.  We use a background thread to periodically scan the list of free spans and release some back to the
+// system.  Every 5 seconds, the background thread wakes up and does the following:
+// - Check if we needed to commit memory in the last 5 seconds.  If so, skip this scavenge because it's a sign that we are short
+// of free committed pages and so we should not release them back to the system yet.
+// - Otherwise, go through the list of free spans (from largest to smallest) and release up to a fraction of the free committed pages
+// back to the system.
+// - If the number of free committed pages reaches kMinimumFreeCommittedPageCount, we can stop the scavenging and block the
+// scavenging thread until the number of free committed pages goes above kMinimumFreeCommittedPageCount.
+
+// Background thread wakes up every 5 seconds to scavenge as long as there is memory available to return to the system.
+static const int kScavengeTimerDelayInSeconds = 5;
+
+// Number of free committed pages that we want to keep around.
+static const size_t kMinimumFreeCommittedPageCount = 512;
+
+// During a scavenge, we'll release up to a fraction of the free committed pages.
+#if PLATFORM(WIN)
+// We are slightly less aggressive in releasing memory on Windows due to performance reasons.
+static const int kMaxScavengeAmountFactor = 3;
+#else
+static const int kMaxScavengeAmountFactor = 2;
+#endif
+#endif
+
+class TCMalloc_PageHeap {
+ public:
+  void init();
+
+  // Allocate a run of "n" pages.  Returns zero if out of memory.
+  Span* New(Length n);
+
+  // Delete the span "[p, p+n-1]".
+  // REQUIRES: span was returned by earlier call to New() and
+  //           has not yet been deleted.
+  void Delete(Span* span);
+
+  // Mark an allocated span as being used for small objects of the
+  // specified size-class.
+  // REQUIRES: span was returned by an earlier call to New()
+  //           and has not yet been deleted.
+  void RegisterSizeClass(Span* span, size_t sc);
+
+  // Split an allocated span into two spans: one of length "n" pages
+  // followed by another span of length "span->length - n" pages.
+  // Modifies "*span" to point to the first span of length "n" pages.
+  // Returns a pointer to the second span.
+  //
+  // REQUIRES: "0 < n < span->length"
+  // REQUIRES: !span->free
+  // REQUIRES: span->sizeclass == 0
+  Span* Split(Span* span, Length n);
+
+  // Return the descriptor for the specified page.
+  inline Span* GetDescriptor(PageID p) const {
+    return reinterpret_cast<Span*>(pagemap_.get(p));
+  }
+
+#ifdef WTF_CHANGES
+  inline Span* GetDescriptorEnsureSafe(PageID p)
+  {
+      pagemap_.Ensure(p, 1);
+      return GetDescriptor(p);
+  }
+    
+  size_t ReturnedBytes() const;
+#endif
+
+  // Dump state to stderr
+#ifndef WTF_CHANGES
+  void Dump(TCMalloc_Printer* out);
+#endif
+
+  // Return number of bytes allocated from system
+  inline uint64_t SystemBytes() const { return system_bytes_; }
+
+  // Return number of free bytes in heap
+  uint64_t FreeBytes() const {
+    return (static_cast<uint64_t>(free_pages_) << kPageShift);
+  }
+
+  bool Check();
+  bool CheckList(Span* list, Length min_pages, Length max_pages);
+
+  // Release all pages on the free list for reuse by the OS:
+  void ReleaseFreePages();
+
+  // Return 0 if we have no information, or else the correct sizeclass for p.
+  // Reads and writes to pagemap_cache_ do not require locking.
+  // The entries are 64 bits on 64-bit hardware and 16 bits on
+  // 32-bit hardware, and we don't mind raciness as long as each read of
+  // an entry yields a valid entry, not a partially updated entry.
+  size_t GetSizeClassIfCached(PageID p) const {
+    return pagemap_cache_.GetOrDefault(p, 0);
+  }
+  void CacheSizeClass(PageID p, size_t cl) const { pagemap_cache_.Put(p, cl); }
+
+ private:
+  // Pick the appropriate map and cache types based on pointer size
+  typedef MapSelector<8*sizeof(uintptr_t)>::Type PageMap;
+  typedef MapSelector<8*sizeof(uintptr_t)>::CacheType PageMapCache;
+  PageMap pagemap_;
+  mutable PageMapCache pagemap_cache_;
+
+  // We segregate spans of a given size into two circular linked
+  // lists: one for normal spans, and one for spans whose memory
+  // has been returned to the system.
+  struct SpanList {
+    Span        normal;
+    Span        returned;
+  };
+
+  // List of free spans of length >= kMaxPages
+  SpanList large_;
+
+  // Array mapping from span length to a doubly linked list of free spans
+  SpanList free_[kMaxPages];
+
+  // Number of pages kept in free lists
+  uintptr_t free_pages_;
+
+  // Bytes allocated from system
+  uint64_t system_bytes_;
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  // Number of pages kept in free lists that are still committed.
+  Length free_committed_pages_;
+
+  // Number of pages that we committed in the last scavenge wait interval.
+  Length pages_committed_since_last_scavenge_;
+#endif
+
+  bool GrowHeap(Length n);
+
+  // REQUIRES   span->length >= n
+  // Remove span from its free list, and move any leftover part of
+  // span into appropriate free lists.  Also update "span" to have
+  // length exactly "n" and mark it as non-free so it can be returned
+  // to the client.
+  //
+  // "released" is true iff "span" was found on a "returned" list.
+  void Carve(Span* span, Length n, bool released);
+
+  void RecordSpan(Span* span) {
+    pagemap_.set(span->start, span);
+    if (span->length > 1) {
+      pagemap_.set(span->start + span->length - 1, span);
+    }
+  }
+  
+    // Allocate a large span of length == n.  If successful, returns a
+  // span of exactly the specified length.  Else, returns NULL.
+  Span* AllocLarge(Length n);
+
+#if !USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  // Incrementally release some memory to the system.
+  // IncrementalScavenge(n) is called whenever n pages are freed.
+  void IncrementalScavenge(Length n);
+#endif
+
+  // Number of pages to deallocate before doing more scavenging
+  int64_t scavenge_counter_;
+
+  // Index of last free list we scavenged
+  size_t scavenge_index_;
+  
+#if defined(WTF_CHANGES) && PLATFORM(DARWIN)
+  friend class FastMallocZone;
+#endif
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  static NO_RETURN void* runScavengerThread(void*);
+
+  NO_RETURN void scavengerThread();
+
+  void scavenge();
+
+  inline bool shouldContinueScavenging() const;
+
+  pthread_mutex_t m_scavengeMutex;
+
+  pthread_cond_t m_scavengeCondition;
+
+  // Keeps track of whether the background thread is actively scavenging memory every kScavengeTimerDelayInSeconds, or
+  // it's blocked waiting for more pages to be deleted.
+  bool m_scavengeThreadActive;
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+};
+
+void TCMalloc_PageHeap::init()
+{
+  pagemap_.init(MetaDataAlloc);
+  pagemap_cache_ = PageMapCache(0);
+  free_pages_ = 0;
+  system_bytes_ = 0;
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  free_committed_pages_ = 0;
+  pages_committed_since_last_scavenge_ = 0;
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+
+  scavenge_counter_ = 0;
+  // Start scavenging at kMaxPages list
+  scavenge_index_ = kMaxPages-1;
+  COMPILE_ASSERT(kNumClasses <= (1 << PageMapCache::kValuebits), valuebits);
+  DLL_Init(&large_.normal);
+  DLL_Init(&large_.returned);
+  for (size_t i = 0; i < kMaxPages; i++) {
+    DLL_Init(&free_[i].normal);
+    DLL_Init(&free_[i].returned);
+  }
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  pthread_mutex_init(&m_scavengeMutex, 0);
+  pthread_cond_init(&m_scavengeCondition, 0);
+  m_scavengeThreadActive = true;
+  pthread_t thread;
+  pthread_create(&thread, 0, runScavengerThread, this);
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+}
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+void* TCMalloc_PageHeap::runScavengerThread(void* context)
+{
+  static_cast<TCMalloc_PageHeap*>(context)->scavengerThread();
+#if COMPILER(MSVC) || PLATFORM(SOLARIS)
+  // Without this, Visual Studio will complain that this method does not return a value.
+  return 0;
+#endif
+}
+
+void TCMalloc_PageHeap::scavenge() 
+{
+    // If we have to commit memory in the last 5 seconds, it means we don't have enough free committed pages
+    // for the amount of allocations that we do.  So hold off on releasing memory back to the system.
+    if (pages_committed_since_last_scavenge_ > 0) {
+        pages_committed_since_last_scavenge_ = 0;
+        return;
+    }
+    Length pagesDecommitted = 0;
+    for (int i = kMaxPages; i >= 0; i--) {
+        SpanList* slist = (static_cast<size_t>(i) == kMaxPages) ? &large_ : &free_[i];
+        if (!DLL_IsEmpty(&slist->normal)) {
+            // Release the last span on the normal portion of this list
+            Span* s = slist->normal.prev; 
+            // Only decommit up to a fraction of the free committed pages if pages_allocated_since_last_scavenge_ > 0.
+            if ((pagesDecommitted + s->length) * kMaxScavengeAmountFactor > free_committed_pages_)
+                continue;
+            DLL_Remove(s);
+            TCMalloc_SystemRelease(reinterpret_cast<void*>(s->start << kPageShift),
+                                   static_cast<size_t>(s->length << kPageShift));
+            if (!s->decommitted) {
+                pagesDecommitted += s->length;
+                s->decommitted = true;
+            }
+            DLL_Prepend(&slist->returned, s);
+            // We can stop scavenging if the number of free committed pages left is less than or equal to the minimum number we want to keep around.
+            if (free_committed_pages_ <= kMinimumFreeCommittedPageCount + pagesDecommitted)
+                break;
+        }
+    }
+    pages_committed_since_last_scavenge_ = 0;
+    ASSERT(free_committed_pages_ >= pagesDecommitted);
+    free_committed_pages_ -= pagesDecommitted;
+}
+
+inline bool TCMalloc_PageHeap::shouldContinueScavenging() const 
+{
+    return free_committed_pages_ > kMinimumFreeCommittedPageCount; 
+}
+
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+
+inline Span* TCMalloc_PageHeap::New(Length n) {
+  ASSERT(Check());
+  ASSERT(n > 0);
+
+  // Find first size >= n that has a non-empty list
+  for (Length s = n; s < kMaxPages; s++) {
+    Span* ll = NULL;
+    bool released = false;
+    if (!DLL_IsEmpty(&free_[s].normal)) {
+      // Found normal span
+      ll = &free_[s].normal;
+    } else if (!DLL_IsEmpty(&free_[s].returned)) {
+      // Found returned span; reallocate it
+      ll = &free_[s].returned;
+      released = true;
+    } else {
+      // Keep looking in larger classes
+      continue;
+    }
+
+    Span* result = ll->next;
+    Carve(result, n, released);
+    if (result->decommitted) {
+        TCMalloc_SystemCommit(reinterpret_cast<void*>(result->start << kPageShift), static_cast<size_t>(n << kPageShift));
+        result->decommitted = false;
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+        pages_committed_since_last_scavenge_ += n;
+#endif
+    }
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    else {
+        // The newly allocated memory is from a span that's in the normal span list (already committed).  Update the
+        // free committed pages count.
+        ASSERT(free_committed_pages_ >= n);
+        free_committed_pages_ -= n;
+    }
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    ASSERT(Check());
+    free_pages_ -= n;
+    return result;
+  }
+
+  Span* result = AllocLarge(n);
+  if (result != NULL) {
+      ASSERT_SPAN_COMMITTED(result);
+      return result;
+  }
+
+  // Grow the heap and try again
+  if (!GrowHeap(n)) {
+    ASSERT(Check());
+    return NULL;
+  }
+
+  return AllocLarge(n);
+}
+
+Span* TCMalloc_PageHeap::AllocLarge(Length n) {
+  // find the best span (closest to n in size).
+  // The following loops implements address-ordered best-fit.
+  bool from_released = false;
+  Span *best = NULL;
+
+  // Search through normal list
+  for (Span* span = large_.normal.next;
+       span != &large_.normal;
+       span = span->next) {
+    if (span->length >= n) {
+      if ((best == NULL)
+          || (span->length < best->length)
+          || ((span->length == best->length) && (span->start < best->start))) {
+        best = span;
+        from_released = false;
+      }
+    }
+  }
+
+  // Search through released list in case it has a better fit
+  for (Span* span = large_.returned.next;
+       span != &large_.returned;
+       span = span->next) {
+    if (span->length >= n) {
+      if ((best == NULL)
+          || (span->length < best->length)
+          || ((span->length == best->length) && (span->start < best->start))) {
+        best = span;
+        from_released = true;
+      }
+    }
+  }
+
+  if (best != NULL) {
+    Carve(best, n, from_released);
+    if (best->decommitted) {
+        TCMalloc_SystemCommit(reinterpret_cast<void*>(best->start << kPageShift), static_cast<size_t>(n << kPageShift));
+        best->decommitted = false;
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+        pages_committed_since_last_scavenge_ += n;
+#endif
+    }
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    else {
+        // The newly allocated memory is from a span that's in the normal span list (already committed).  Update the
+        // free committed pages count.
+        ASSERT(free_committed_pages_ >= n);
+        free_committed_pages_ -= n;
+    }
+#endif  // USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    ASSERT(Check());
+    free_pages_ -= n;
+    return best;
+  }
+  return NULL;
+}
+
+Span* TCMalloc_PageHeap::Split(Span* span, Length n) {
+  ASSERT(0 < n);
+  ASSERT(n < span->length);
+  ASSERT(!span->free);
+  ASSERT(span->sizeclass == 0);
+  Event(span, 'T', n);
+
+  const Length extra = span->length - n;
+  Span* leftover = NewSpan(span->start + n, extra);
+  Event(leftover, 'U', extra);
+  RecordSpan(leftover);
+  pagemap_.set(span->start + n - 1, span); // Update map from pageid to span
+  span->length = n;
+
+  return leftover;
+}
+
+static ALWAYS_INLINE void propagateDecommittedState(Span* destination, Span* source)
+{
+    destination->decommitted = source->decommitted;
+}
+
+inline void TCMalloc_PageHeap::Carve(Span* span, Length n, bool released) {
+  ASSERT(n > 0);
+  DLL_Remove(span);
+  span->free = 0;
+  Event(span, 'A', n);
+
+  const int extra = static_cast<int>(span->length - n);
+  ASSERT(extra >= 0);
+  if (extra > 0) {
+    Span* leftover = NewSpan(span->start + n, extra);
+    leftover->free = 1;
+    propagateDecommittedState(leftover, span);
+    Event(leftover, 'S', extra);
+    RecordSpan(leftover);
+
+    // Place leftover span on appropriate free list
+    SpanList* listpair = (static_cast<size_t>(extra) < kMaxPages) ? &free_[extra] : &large_;
+    Span* dst = released ? &listpair->returned : &listpair->normal;
+    DLL_Prepend(dst, leftover);
+
+    span->length = n;
+    pagemap_.set(span->start + n - 1, span);
+  }
+}
+
+static ALWAYS_INLINE void mergeDecommittedStates(Span* destination, Span* other)
+{
+    if (destination->decommitted && !other->decommitted) {
+        TCMalloc_SystemRelease(reinterpret_cast<void*>(other->start << kPageShift),
+                               static_cast<size_t>(other->length << kPageShift));
+    } else if (other->decommitted && !destination->decommitted) {
+        TCMalloc_SystemRelease(reinterpret_cast<void*>(destination->start << kPageShift),
+                               static_cast<size_t>(destination->length << kPageShift));
+        destination->decommitted = true;
+    }
+}
+
+inline void TCMalloc_PageHeap::Delete(Span* span) {
+  ASSERT(Check());
+  ASSERT(!span->free);
+  ASSERT(span->length > 0);
+  ASSERT(GetDescriptor(span->start) == span);
+  ASSERT(GetDescriptor(span->start + span->length - 1) == span);
+  span->sizeclass = 0;
+#ifndef NO_TCMALLOC_SAMPLES
+  span->sample = 0;
+#endif
+
+  // Coalesce -- we guarantee that "p" != 0, so no bounds checking
+  // necessary.  We do not bother resetting the stale pagemap
+  // entries for the pieces we are merging together because we only
+  // care about the pagemap entries for the boundaries.
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  // Track the total size of the neighboring free spans that are committed.
+  Length neighboringCommittedSpansLength = 0;
+#endif
+  const PageID p = span->start;
+  const Length n = span->length;
+  Span* prev = GetDescriptor(p-1);
+  if (prev != NULL && prev->free) {
+    // Merge preceding span into this span
+    ASSERT(prev->start + prev->length == p);
+    const Length len = prev->length;
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    if (!prev->decommitted)
+        neighboringCommittedSpansLength += len;
+#endif
+    mergeDecommittedStates(span, prev);
+    DLL_Remove(prev);
+    DeleteSpan(prev);
+    span->start -= len;
+    span->length += len;
+    pagemap_.set(span->start, span);
+    Event(span, 'L', len);
+  }
+  Span* next = GetDescriptor(p+n);
+  if (next != NULL && next->free) {
+    // Merge next span into this span
+    ASSERT(next->start == p+n);
+    const Length len = next->length;
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+    if (!next->decommitted)
+        neighboringCommittedSpansLength += len;
+#endif
+    mergeDecommittedStates(span, next);
+    DLL_Remove(next);
+    DeleteSpan(next);
+    span->length += len;
+    pagemap_.set(span->start + span->length - 1, span);
+    Event(span, 'R', len);
+  }
+
+  Event(span, 'D', span->length);
+  span->free = 1;
+  if (span->decommitted) {
+    if (span->length < kMaxPages)
+      DLL_Prepend(&free_[span->length].returned, span);
+    else
+      DLL_Prepend(&large_.returned, span);
+  } else {
+    if (span->length < kMaxPages)
+      DLL_Prepend(&free_[span->length].normal, span);
+    else
+      DLL_Prepend(&large_.normal, span);
+  }
+  free_pages_ += n;
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  if (span->decommitted) {
+      // If the merged span is decommitted, that means we decommitted any neighboring spans that were
+      // committed.  Update the free committed pages count.
+      free_committed_pages_ -= neighboringCommittedSpansLength;
+  } else {
+      // If the merged span remains committed, add the deleted span's size to the free committed pages count.
+      free_committed_pages_ += n;
+  }
+
+  // Make sure the scavenge thread becomes active if we have enough freed pages to release some back to the system.
+  if (!m_scavengeThreadActive && shouldContinueScavenging())
+      pthread_cond_signal(&m_scavengeCondition);
+#else
+  IncrementalScavenge(n);
+#endif
+
+  ASSERT(Check());
+}
+
+#if !USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+void TCMalloc_PageHeap::IncrementalScavenge(Length n) {
+  // Fast path; not yet time to release memory
+  scavenge_counter_ -= n;
+  if (scavenge_counter_ >= 0) return;  // Not yet time to scavenge
+
+  // If there is nothing to release, wait for so many pages before
+  // scavenging again.  With 4K pages, this comes to 16MB of memory.
+  static const size_t kDefaultReleaseDelay = 1 << 8;
+
+  // Find index of free list to scavenge
+  size_t index = scavenge_index_ + 1;
+  for (size_t i = 0; i < kMaxPages+1; i++) {
+    if (index > kMaxPages) index = 0;
+    SpanList* slist = (index == kMaxPages) ? &large_ : &free_[index];
+    if (!DLL_IsEmpty(&slist->normal)) {
+      // Release the last span on the normal portion of this list
+      Span* s = slist->normal.prev;
+      DLL_Remove(s);
+      TCMalloc_SystemRelease(reinterpret_cast<void*>(s->start << kPageShift),
+                             static_cast<size_t>(s->length << kPageShift));
+      s->decommitted = true;
+      DLL_Prepend(&slist->returned, s);
+
+      scavenge_counter_ = std::max<size_t>(64UL, std::min<size_t>(kDefaultReleaseDelay, kDefaultReleaseDelay - (free_pages_ / kDefaultReleaseDelay)));
+
+      if (index == kMaxPages && !DLL_IsEmpty(&slist->normal))
+        scavenge_index_ = index - 1;
+      else
+        scavenge_index_ = index;
+      return;
+    }
+    index++;
+  }
+
+  // Nothing to scavenge, delay for a while
+  scavenge_counter_ = kDefaultReleaseDelay;
+}
+#endif
+
+void TCMalloc_PageHeap::RegisterSizeClass(Span* span, size_t sc) {
+  // Associate span object with all interior pages as well
+  ASSERT(!span->free);
+  ASSERT(GetDescriptor(span->start) == span);
+  ASSERT(GetDescriptor(span->start+span->length-1) == span);
+  Event(span, 'C', sc);
+  span->sizeclass = static_cast<unsigned int>(sc);
+  for (Length i = 1; i < span->length-1; i++) {
+    pagemap_.set(span->start+i, span);
+  }
+}
+    
+#ifdef WTF_CHANGES
+size_t TCMalloc_PageHeap::ReturnedBytes() const {
+    size_t result = 0;
+    for (unsigned s = 0; s < kMaxPages; s++) {
+        const int r_length = DLL_Length(&free_[s].returned);
+        unsigned r_pages = s * r_length;
+        result += r_pages << kPageShift;
+    }
+    
+    for (Span* s = large_.returned.next; s != &large_.returned; s = s->next)
+        result += s->length << kPageShift;
+    return result;
+}
+#endif
+
+#ifndef WTF_CHANGES
+static double PagesToMB(uint64_t pages) {
+  return (pages << kPageShift) / 1048576.0;
+}
+
+void TCMalloc_PageHeap::Dump(TCMalloc_Printer* out) {
+  int nonempty_sizes = 0;
+  for (int s = 0; s < kMaxPages; s++) {
+    if (!DLL_IsEmpty(&free_[s].normal) || !DLL_IsEmpty(&free_[s].returned)) {
+      nonempty_sizes++;
+    }
+  }
+  out->printf("------------------------------------------------\n");
+  out->printf("PageHeap: %d sizes; %6.1f MB free\n",
+              nonempty_sizes, PagesToMB(free_pages_));
+  out->printf("------------------------------------------------\n");
+  uint64_t total_normal = 0;
+  uint64_t total_returned = 0;
+  for (int s = 0; s < kMaxPages; s++) {
+    const int n_length = DLL_Length(&free_[s].normal);
+    const int r_length = DLL_Length(&free_[s].returned);
+    if (n_length + r_length > 0) {
+      uint64_t n_pages = s * n_length;
+      uint64_t r_pages = s * r_length;
+      total_normal += n_pages;
+      total_returned += r_pages;
+      out->printf("%6u pages * %6u spans ~ %6.1f MB; %6.1f MB cum"
+                  "; unmapped: %6.1f MB; %6.1f MB cum\n",
+                  s,
+                  (n_length + r_length),
+                  PagesToMB(n_pages + r_pages),
+                  PagesToMB(total_normal + total_returned),
+                  PagesToMB(r_pages),
+                  PagesToMB(total_returned));
+    }
+  }
+
+  uint64_t n_pages = 0;
+  uint64_t r_pages = 0;
+  int n_spans = 0;
+  int r_spans = 0;
+  out->printf("Normal large spans:\n");
+  for (Span* s = large_.normal.next; s != &large_.normal; s = s->next) {
+    out->printf("   [ %6" PRIuS " pages ] %6.1f MB\n",
+                s->length, PagesToMB(s->length));
+    n_pages += s->length;
+    n_spans++;
+  }
+  out->printf("Unmapped large spans:\n");
+  for (Span* s = large_.returned.next; s != &large_.returned; s = s->next) {
+    out->printf("   [ %6" PRIuS " pages ] %6.1f MB\n",
+                s->length, PagesToMB(s->length));
+    r_pages += s->length;
+    r_spans++;
+  }
+  total_normal += n_pages;
+  total_returned += r_pages;
+  out->printf(">255   large * %6u spans ~ %6.1f MB; %6.1f MB cum"
+              "; unmapped: %6.1f MB; %6.1f MB cum\n",
+              (n_spans + r_spans),
+              PagesToMB(n_pages + r_pages),
+              PagesToMB(total_normal + total_returned),
+              PagesToMB(r_pages),
+              PagesToMB(total_returned));
+}
+#endif
+
+bool TCMalloc_PageHeap::GrowHeap(Length n) {
+  ASSERT(kMaxPages >= kMinSystemAlloc);
+  if (n > kMaxValidPages) return false;
+  Length ask = (n>kMinSystemAlloc) ? n : static_cast<Length>(kMinSystemAlloc);
+  size_t actual_size;
+  void* ptr = TCMalloc_SystemAlloc(ask << kPageShift, &actual_size, kPageSize);
+  if (ptr == NULL) {
+    if (n < ask) {
+      // Try growing just "n" pages
+      ask = n;
+      ptr = TCMalloc_SystemAlloc(ask << kPageShift, &actual_size, kPageSize);
+    }
+    if (ptr == NULL) return false;
+  }
+  ask = actual_size >> kPageShift;
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+  pages_committed_since_last_scavenge_ += ask;
+#endif
+
+  uint64_t old_system_bytes = system_bytes_;
+  system_bytes_ += (ask << kPageShift);
+  const PageID p = reinterpret_cast<uintptr_t>(ptr) >> kPageShift;
+  ASSERT(p > 0);
+
+  // If we have already a lot of pages allocated, just pre allocate a bunch of
+  // memory for the page map. This prevents fragmentation by pagemap metadata
+  // when a program keeps allocating and freeing large blocks.
+
+  if (old_system_bytes < kPageMapBigAllocationThreshold
+      && system_bytes_ >= kPageMapBigAllocationThreshold) {
+    pagemap_.PreallocateMoreMemory();
+  }
+
+  // Make sure pagemap_ has entries for all of the new pages.
+  // Plus ensure one before and one after so coalescing code
+  // does not need bounds-checking.
+  if (pagemap_.Ensure(p-1, ask+2)) {
+    // Pretend the new area is allocated and then Delete() it to
+    // cause any necessary coalescing to occur.
+    //
+    // We do not adjust free_pages_ here since Delete() will do it for us.
+    Span* span = NewSpan(p, ask);
+    RecordSpan(span);
+    Delete(span);
+    ASSERT(Check());
+    return true;
+  } else {
+    // We could not allocate memory within "pagemap_"
+    // TODO: Once we can return memory to the system, return the new span
+    return false;
+  }
+}
+
+bool TCMalloc_PageHeap::Check() {
+  ASSERT(free_[0].normal.next == &free_[0].normal);
+  ASSERT(free_[0].returned.next == &free_[0].returned);
+  CheckList(&large_.normal, kMaxPages, 1000000000);
+  CheckList(&large_.returned, kMaxPages, 1000000000);
+  for (Length s = 1; s < kMaxPages; s++) {
+    CheckList(&free_[s].normal, s, s);
+    CheckList(&free_[s].returned, s, s);
+  }
+  return true;
+}
+
+#if ASSERT_DISABLED
+bool TCMalloc_PageHeap::CheckList(Span*, Length, Length) {
+  return true;
+}
+#else
+bool TCMalloc_PageHeap::CheckList(Span* list, Length min_pages, Length max_pages) {
+  for (Span* s = list->next; s != list; s = s->next) {
+    CHECK_CONDITION(s->free);
+    CHECK_CONDITION(s->length >= min_pages);
+    CHECK_CONDITION(s->length <= max_pages);
+    CHECK_CONDITION(GetDescriptor(s->start) == s);
+    CHECK_CONDITION(GetDescriptor(s->start+s->length-1) == s);
+  }
+  return true;
+}
+#endif
+
+static void ReleaseFreeList(Span* list, Span* returned) {
+  // Walk backwards through list so that when we push these
+  // spans on the "returned" list, we preserve the order.
+  while (!DLL_IsEmpty(list)) {
+    Span* s = list->prev;
+    DLL_Remove(s);
+    DLL_Prepend(returned, s);
+    TCMalloc_SystemRelease(reinterpret_cast<void*>(s->start << kPageShift),
+                           static_cast<size_t>(s->length << kPageShift));
+  }
+}
+
+void TCMalloc_PageHeap::ReleaseFreePages() {
+  for (Length s = 0; s < kMaxPages; s++) {
+    ReleaseFreeList(&free_[s].normal, &free_[s].returned);
+  }
+  ReleaseFreeList(&large_.normal, &large_.returned);
+  ASSERT(Check());
+}
+
+//-------------------------------------------------------------------
+// Free list
+//-------------------------------------------------------------------
+
+class TCMalloc_ThreadCache_FreeList {
+ private:
+  void*    list_;       // Linked list of nodes
+  uint16_t length_;     // Current length
+  uint16_t lowater_;    // Low water mark for list length
+
+ public:
+  void Init() {
+    list_ = NULL;
+    length_ = 0;
+    lowater_ = 0;
+  }
+
+  // Return current length of list
+  int length() const {
+    return length_;
+  }
+
+  // Is list empty?
+  bool empty() const {
+    return list_ == NULL;
+  }
+
+  // Low-water mark management
+  int lowwatermark() const { return lowater_; }
+  void clear_lowwatermark() { lowater_ = length_; }
+
+  ALWAYS_INLINE void Push(void* ptr) {
+    SLL_Push(&list_, ptr);
+    length_++;
+  }
+
+  void PushRange(int N, void *start, void *end) {
+    SLL_PushRange(&list_, start, end);
+    length_ = length_ + static_cast<uint16_t>(N);
+  }
+
+  void PopRange(int N, void **start, void **end) {
+    SLL_PopRange(&list_, N, start, end);
+    ASSERT(length_ >= N);
+    length_ = length_ - static_cast<uint16_t>(N);
+    if (length_ < lowater_) lowater_ = length_;
+  }
+
+  ALWAYS_INLINE void* Pop() {
+    ASSERT(list_ != NULL);
+    length_--;
+    if (length_ < lowater_) lowater_ = length_;
+    return SLL_Pop(&list_);
+  }
+
+#ifdef WTF_CHANGES
+  template <class Finder, class Reader>
+  void enumerateFreeObjects(Finder& finder, const Reader& reader)
+  {
+      for (void* nextObject = list_; nextObject; nextObject = *reader(reinterpret_cast<void**>(nextObject)))
+          finder.visit(nextObject);
+  }
+#endif
+};
+
+//-------------------------------------------------------------------
+// Data kept per thread
+//-------------------------------------------------------------------
+
+class TCMalloc_ThreadCache {
+ private:
+  typedef TCMalloc_ThreadCache_FreeList FreeList;
+#if COMPILER(MSVC)
+  typedef DWORD ThreadIdentifier;
+#else
+  typedef pthread_t ThreadIdentifier;
+#endif
+
+  size_t        size_;                  // Combined size of data
+  ThreadIdentifier tid_;                // Which thread owns it
+  bool          in_setspecific_;           // Called pthread_setspecific?
+  FreeList      list_[kNumClasses];     // Array indexed by size-class
+
+  // We sample allocations, biased by the size of the allocation
+  uint32_t      rnd_;                   // Cheap random number generator
+  size_t        bytes_until_sample_;    // Bytes until we sample next
+
+  // Allocate a new heap. REQUIRES: pageheap_lock is held.
+  static inline TCMalloc_ThreadCache* NewHeap(ThreadIdentifier tid);
+
+  // Use only as pthread thread-specific destructor function.
+  static void DestroyThreadCache(void* ptr);
+ public:
+  // All ThreadCache objects are kept in a linked list (for stats collection)
+  TCMalloc_ThreadCache* next_;
+  TCMalloc_ThreadCache* prev_;
+
+  void Init(ThreadIdentifier tid);
+  void Cleanup();
+
+  // Accessors (mostly just for printing stats)
+  int freelist_length(size_t cl) const { return list_[cl].length(); }
+
+  // Total byte size in cache
+  size_t Size() const { return size_; }
+
+  void* Allocate(size_t size);
+  void Deallocate(void* ptr, size_t size_class);
+
+  void FetchFromCentralCache(size_t cl, size_t allocationSize);
+  void ReleaseToCentralCache(size_t cl, int N);
+  void Scavenge();
+  void Print() const;
+
+  // Record allocation of "k" bytes.  Return true iff allocation
+  // should be sampled
+  bool SampleAllocation(size_t k);
+
+  // Pick next sampling point
+  void PickNextSample(size_t k);
+
+  static void                  InitModule();
+  static void                  InitTSD();
+  static TCMalloc_ThreadCache* GetThreadHeap();
+  static TCMalloc_ThreadCache* GetCache();
+  static TCMalloc_ThreadCache* GetCacheIfPresent();
+  static TCMalloc_ThreadCache* CreateCacheIfNecessary();
+  static void                  DeleteCache(TCMalloc_ThreadCache* heap);
+  static void                  BecomeIdle();
+  static void                  RecomputeThreadCacheSize();
+
+#ifdef WTF_CHANGES
+  template <class Finder, class Reader>
+  void enumerateFreeObjects(Finder& finder, const Reader& reader)
+  {
+      for (unsigned sizeClass = 0; sizeClass < kNumClasses; sizeClass++)
+          list_[sizeClass].enumerateFreeObjects(finder, reader);
+  }
+#endif
+};
+
+//-------------------------------------------------------------------
+// Data kept per size-class in central cache
+//-------------------------------------------------------------------
+
+class TCMalloc_Central_FreeList {
+ public:
+  void Init(size_t cl);
+
+  // These methods all do internal locking.
+
+  // Insert the specified range into the central freelist.  N is the number of
+  // elements in the range.
+  void InsertRange(void *start, void *end, int N);
+
+  // Returns the actual number of fetched elements into N.
+  void RemoveRange(void **start, void **end, int *N);
+
+  // Returns the number of free objects in cache.
+  size_t length() {
+    SpinLockHolder h(&lock_);
+    return counter_;
+  }
+
+  // Returns the number of free objects in the transfer cache.
+  int tc_length() {
+    SpinLockHolder h(&lock_);
+    return used_slots_ * num_objects_to_move[size_class_];
+  }
+
+#ifdef WTF_CHANGES
+  template <class Finder, class Reader>
+  void enumerateFreeObjects(Finder& finder, const Reader& reader, TCMalloc_Central_FreeList* remoteCentralFreeList)
+  {
+    for (Span* span = &empty_; span && span != &empty_; span = (span->next ? reader(span->next) : 0))
+      ASSERT(!span->objects);
+
+    ASSERT(!nonempty_.objects);
+    static const ptrdiff_t nonemptyOffset = reinterpret_cast<const char*>(&nonempty_) - reinterpret_cast<const char*>(this);
+
+    Span* remoteNonempty = reinterpret_cast<Span*>(reinterpret_cast<char*>(remoteCentralFreeList) + nonemptyOffset);
+    Span* remoteSpan = nonempty_.next;
+
+    for (Span* span = reader(remoteSpan); span && remoteSpan != remoteNonempty; remoteSpan = span->next, span = (span->next ? reader(span->next) : 0)) {
+      for (void* nextObject = span->objects; nextObject; nextObject = *reader(reinterpret_cast<void**>(nextObject)))
+        finder.visit(nextObject);
+    }
+  }
+#endif
+
+ private:
+  // REQUIRES: lock_ is held
+  // Remove object from cache and return.
+  // Return NULL if no free entries in cache.
+  void* FetchFromSpans();
+
+  // REQUIRES: lock_ is held
+  // Remove object from cache and return.  Fetches
+  // from pageheap if cache is empty.  Only returns
+  // NULL on allocation failure.
+  void* FetchFromSpansSafe();
+
+  // REQUIRES: lock_ is held
+  // Release a linked list of objects to spans.
+  // May temporarily release lock_.
+  void ReleaseListToSpans(void *start);
+
+  // REQUIRES: lock_ is held
+  // Release an object to spans.
+  // May temporarily release lock_.
+  void ReleaseToSpans(void* object);
+
+  // REQUIRES: lock_ is held
+  // Populate cache by fetching from the page heap.
+  // May temporarily release lock_.
+  void Populate();
+
+  // REQUIRES: lock is held.
+  // Tries to make room for a TCEntry.  If the cache is full it will try to
+  // expand it at the cost of some other cache size.  Return false if there is
+  // no space.
+  bool MakeCacheSpace();
+
+  // REQUIRES: lock_ for locked_size_class is held.
+  // Picks a "random" size class to steal TCEntry slot from.  In reality it
+  // just iterates over the sizeclasses but does so without taking a lock.
+  // Returns true on success.
+  // May temporarily lock a "random" size class.
+  static bool EvictRandomSizeClass(size_t locked_size_class, bool force);
+
+  // REQUIRES: lock_ is *not* held.
+  // Tries to shrink the Cache.  If force is true it will relase objects to
+  // spans if it allows it to shrink the cache.  Return false if it failed to
+  // shrink the cache.  Decrements cache_size_ on succeess.
+  // May temporarily take lock_.  If it takes lock_, the locked_size_class
+  // lock is released to the thread from holding two size class locks
+  // concurrently which could lead to a deadlock.
+  bool ShrinkCache(int locked_size_class, bool force);
+
+  // This lock protects all the data members.  cached_entries and cache_size_
+  // may be looked at without holding the lock.
+  SpinLock lock_;
+
+  // We keep linked lists of empty and non-empty spans.
+  size_t   size_class_;     // My size class
+  Span     empty_;          // Dummy header for list of empty spans
+  Span     nonempty_;       // Dummy header for list of non-empty spans
+  size_t   counter_;        // Number of free objects in cache entry
+
+  // Here we reserve space for TCEntry cache slots.  Since one size class can
+  // end up getting all the TCEntries quota in the system we just preallocate
+  // sufficient number of entries here.
+  TCEntry tc_slots_[kNumTransferEntries];
+
+  // Number of currently used cached entries in tc_slots_.  This variable is
+  // updated under a lock but can be read without one.
+  int32_t used_slots_;
+  // The current number of slots for this size class.  This is an
+  // adaptive value that is increased if there is lots of traffic
+  // on a given size class.
+  int32_t cache_size_;
+};
+
+// Pad each CentralCache object to multiple of 64 bytes
+class TCMalloc_Central_FreeListPadded : public TCMalloc_Central_FreeList {
+ private:
+  char pad_[(64 - (sizeof(TCMalloc_Central_FreeList) % 64)) % 64];
+};
+
+//-------------------------------------------------------------------
+// Global variables
+//-------------------------------------------------------------------
+
+// Central cache -- a collection of free-lists, one per size-class.
+// We have a separate lock per free-list to reduce contention.
+static TCMalloc_Central_FreeListPadded central_cache[kNumClasses];
+
+// Page-level allocator
+static SpinLock pageheap_lock = SPINLOCK_INITIALIZER;
+static void* pageheap_memory[(sizeof(TCMalloc_PageHeap) + sizeof(void*) - 1) / sizeof(void*)];
+static bool phinited = false;
+
+// Avoid extra level of indirection by making "pageheap" be just an alias
+// of pageheap_memory.
+typedef union {
+    void* m_memory;
+    TCMalloc_PageHeap* m_pageHeap;
+} PageHeapUnion;
+
+static inline TCMalloc_PageHeap* getPageHeap()
+{
+    PageHeapUnion u = { &pageheap_memory[0] };
+    return u.m_pageHeap;
+}
+
+#define pageheap getPageHeap()
+
+#if USE_BACKGROUND_THREAD_TO_SCAVENGE_MEMORY
+#if PLATFORM(WIN_OS)
+static void sleep(unsigned seconds)
+{
+    ::Sleep(seconds * 1000);
+}
+#endif
+
+void TCMalloc_PageHeap::scavengerThread()
+{
+#if HAVE(PTHREAD_SETNAME_NP)
+  pthread_setname_np("JavaScriptCore: FastMalloc scavenger");
+#endif
+
+  while (1) {
+      if (!shouldContinueScavenging()) {
+          pthread_mutex_lock(&m_scavengeMutex);
+          m_scavengeThreadActive = false;
+          // Block until there are enough freed pages to release back to the system.
+          pthread_cond_wait(&m_scavengeCondition, &m_scavengeMutex);
+          m_scavengeThreadActive = true;
+          pthread_mutex_unlock(&m_scavengeMutex);
+      }
+      sleep(kScavengeTimerDelayInSeconds);
+      {
+          SpinLockHolder h(&pageheap_lock);
+          pageheap->scavenge();
+      }
+  }
+}
+#endif
+
+// If TLS is available, we also store a copy
+// of the per-thread object in a __thread variable
+// since __thread variables are faster to read
+// than pthread_getspecific().  We still need
+// pthread_setspecific() because __thread
+// variables provide no way to run cleanup
+// code when a thread is destroyed.
+#ifdef HAVE_TLS
+static __thread TCMalloc_ThreadCache *threadlocal_heap;
+#endif
+// Thread-specific key.  Initialization here is somewhat tricky
+// because some Linux startup code invokes malloc() before it
+// is in a good enough state to handle pthread_keycreate().
+// Therefore, we use TSD keys only after tsd_inited is set to true.
+// Until then, we use a slow path to get the heap object.
+static bool tsd_inited = false;
+static pthread_key_t heap_key;
+#if COMPILER(MSVC)
+DWORD tlsIndex = TLS_OUT_OF_INDEXES;
+#endif
+
+static ALWAYS_INLINE void setThreadHeap(TCMalloc_ThreadCache* heap)
+{
+    // still do pthread_setspecific when using MSVC fast TLS to
+    // benefit from the delete callback.
+    pthread_setspecific(heap_key, heap);
+#if COMPILER(MSVC)
+    TlsSetValue(tlsIndex, heap);
+#endif
+}
+
+// Allocator for thread heaps
+static PageHeapAllocator<TCMalloc_ThreadCache> threadheap_allocator;
+
+// Linked list of heap objects.  Protected by pageheap_lock.
+static TCMalloc_ThreadCache* thread_heaps = NULL;
+static int thread_heap_count = 0;
+
+// Overall thread cache size.  Protected by pageheap_lock.
+static size_t overall_thread_cache_size = kDefaultOverallThreadCacheSize;
+
+// Global per-thread cache size.  Writes are protected by
+// pageheap_lock.  Reads are done without any locking, which should be
+// fine as long as size_t can be written atomically and we don't place
+// invariants between this variable and other pieces of state.
+static volatile size_t per_thread_cache_size = kMaxThreadCacheSize;
+
+//-------------------------------------------------------------------
+// Central cache implementation
+//-------------------------------------------------------------------
+
+void TCMalloc_Central_FreeList::Init(size_t cl) {
+  lock_.Init();
+  size_class_ = cl;
+  DLL_Init(&empty_);
+  DLL_Init(&nonempty_);
+  counter_ = 0;
+
+  cache_size_ = 1;
+  used_slots_ = 0;
+  ASSERT(cache_size_ <= kNumTransferEntries);
+}
+
+void TCMalloc_Central_FreeList::ReleaseListToSpans(void* start) {
+  while (start) {
+    void *next = SLL_Next(start);
+    ReleaseToSpans(start);
+    start = next;
+  }
+}
+
+ALWAYS_INLINE void TCMalloc_Central_FreeList::ReleaseToSpans(void* object) {
+  const PageID p = reinterpret_cast<uintptr_t>(object) >> kPageShift;
+  Span* span = pageheap->GetDescriptor(p);
+  ASSERT(span != NULL);
+  ASSERT(span->refcount > 0);
+
+  // If span is empty, move it to non-empty list
+  if (span->objects == NULL) {
+    DLL_Remove(span);
+    DLL_Prepend(&nonempty_, span);
+    Event(span, 'N', 0);
+  }
+
+  // The following check is expensive, so it is disabled by default
+  if (false) {
+    // Check that object does not occur in list
+    unsigned got = 0;
+    for (void* p = span->objects; p != NULL; p = *((void**) p)) {
+      ASSERT(p != object);
+      got++;
+    }
+    ASSERT(got + span->refcount ==
+           (span->length<<kPageShift)/ByteSizeForClass(span->sizeclass));
+  }
+
+  counter_++;
+  span->refcount--;
+  if (span->refcount == 0) {
+    Event(span, '#', 0);
+    counter_ -= (span->length<<kPageShift) / ByteSizeForClass(span->sizeclass);
+    DLL_Remove(span);
+
+    // Release central list lock while operating on pageheap
+    lock_.Unlock();
+    {
+      SpinLockHolder h(&pageheap_lock);
+      pageheap->Delete(span);
+    }
+    lock_.Lock();
+  } else {
+    *(reinterpret_cast<void**>(object)) = span->objects;
+    span->objects = object;
+  }
+}
+
+ALWAYS_INLINE bool TCMalloc_Central_FreeList::EvictRandomSizeClass(
+    size_t locked_size_class, bool force) {
+  static int race_counter = 0;
+  int t = race_counter++;  // Updated without a lock, but who cares.
+  if (t >= static_cast<int>(kNumClasses)) {
+    while (t >= static_cast<int>(kNumClasses)) {
+      t -= kNumClasses;
+    }
+    race_counter = t;
+  }
+  ASSERT(t >= 0);
+  ASSERT(t < static_cast<int>(kNumClasses));
+  if (t == static_cast<int>(locked_size_class)) return false;
+  return central_cache[t].ShrinkCache(static_cast<int>(locked_size_class), force);
+}
+
+bool TCMalloc_Central_FreeList::MakeCacheSpace() {
+  // Is there room in the cache?
+  if (used_slots_ < cache_size_) return true;
+  // Check if we can expand this cache?
+  if (cache_size_ == kNumTransferEntries) return false;
+  // Ok, we'll try to grab an entry from some other size class.
+  if (EvictRandomSizeClass(size_class_, false) ||
+      EvictRandomSizeClass(size_class_, true)) {
+    // Succeeded in evicting, we're going to make our cache larger.
+    cache_size_++;
+    return true;
+  }
+  return false;
+}
+
+
+namespace {
+class LockInverter {
+ private:
+  SpinLock *held_, *temp_;
+ public:
+  inline explicit LockInverter(SpinLock* held, SpinLock *temp)
+    : held_(held), temp_(temp) { held_->Unlock(); temp_->Lock(); }
+  inline ~LockInverter() { temp_->Unlock(); held_->Lock();  }
+};
+}
+
+bool TCMalloc_Central_FreeList::ShrinkCache(int locked_size_class, bool force) {
+  // Start with a quick check without taking a lock.
+  if (cache_size_ == 0) return false;
+  // We don't evict from a full cache unless we are 'forcing'.
+  if (force == false && used_slots_ == cache_size_) return false;
+
+  // Grab lock, but first release the other lock held by this thread.  We use
+  // the lock inverter to ensure that we never hold two size class locks
+  // concurrently.  That can create a deadlock because there is no well
+  // defined nesting order.
+  LockInverter li(&central_cache[locked_size_class].lock_, &lock_);
+  ASSERT(used_slots_ <= cache_size_);
+  ASSERT(0 <= cache_size_);
+  if (cache_size_ == 0) return false;
+  if (used_slots_ == cache_size_) {
+    if (force == false) return false;
+    // ReleaseListToSpans releases the lock, so we have to make all the
+    // updates to the central list before calling it.
+    cache_size_--;
+    used_slots_--;
+    ReleaseListToSpans(tc_slots_[used_slots_].head);
+    return true;
+  }
+  cache_size_--;
+  return true;
+}
+
+void TCMalloc_Central_FreeList::InsertRange(void *start, void *end, int N) {
+  SpinLockHolder h(&lock_);
+  if (N == num_objects_to_move[size_class_] &&
+    MakeCacheSpace()) {
+    int slot = used_slots_++;
+    ASSERT(slot >=0);
+    ASSERT(slot < kNumTransferEntries);
+    TCEntry *entry = &tc_slots_[slot];
+    entry->head = start;
+    entry->tail = end;
+    return;
+  }
+  ReleaseListToSpans(start);
+}
+
+void TCMalloc_Central_FreeList::RemoveRange(void **start, void **end, int *N) {
+  int num = *N;
+  ASSERT(num > 0);
+
+  SpinLockHolder h(&lock_);
+  if (num == num_objects_to_move[size_class_] && used_slots_ > 0) {
+    int slot = --used_slots_;
+    ASSERT(slot >= 0);
+    TCEntry *entry = &tc_slots_[slot];
+    *start = entry->head;
+    *end = entry->tail;
+    return;
+  }
+
+  // TODO: Prefetch multiple TCEntries?
+  void *tail = FetchFromSpansSafe();
+  if (!tail) {
+    // We are completely out of memory.
+    *start = *end = NULL;
+    *N = 0;
+    return;
+  }
+
+  SLL_SetNext(tail, NULL);
+  void *head = tail;
+  int count = 1;
+  while (count < num) {
+    void *t = FetchFromSpans();
+    if (!t) break;
+    SLL_Push(&head, t);
+    count++;
+  }
+  *start = head;
+  *end = tail;
+  *N = count;
+}
+
+
+void* TCMalloc_Central_FreeList::FetchFromSpansSafe() {
+  void *t = FetchFromSpans();
+  if (!t) {
+    Populate();
+    t = FetchFromSpans();
+  }
+  return t;
+}
+
+void* TCMalloc_Central_FreeList::FetchFromSpans() {
+  if (DLL_IsEmpty(&nonempty_)) return NULL;
+  Span* span = nonempty_.next;
+
+  ASSERT(span->objects != NULL);
+  ASSERT_SPAN_COMMITTED(span);
+  span->refcount++;
+  void* result = span->objects;
+  span->objects = *(reinterpret_cast<void**>(result));
+  if (span->objects == NULL) {
+    // Move to empty list
+    DLL_Remove(span);
+    DLL_Prepend(&empty_, span);
+    Event(span, 'E', 0);
+  }
+  counter_--;
+  return result;
+}
+
+// Fetch memory from the system and add to the central cache freelist.
+ALWAYS_INLINE void TCMalloc_Central_FreeList::Populate() {
+  // Release central list lock while operating on pageheap
+  lock_.Unlock();
+  const size_t npages = class_to_pages[size_class_];
+
+  Span* span;
+  {
+    SpinLockHolder h(&pageheap_lock);
+    span = pageheap->New(npages);
+    if (span) pageheap->RegisterSizeClass(span, size_class_);
+  }
+  if (span == NULL) {
+    MESSAGE("allocation failed: %d\n", errno);
+    lock_.Lock();
+    return;
+  }
+  ASSERT_SPAN_COMMITTED(span);
+  ASSERT(span->length == npages);
+  // Cache sizeclass info eagerly.  Locking is not necessary.
+  // (Instead of being eager, we could just replace any stale info
+  // about this span, but that seems to be no better in practice.)
+  for (size_t i = 0; i < npages; i++) {
+    pageheap->CacheSizeClass(span->start + i, size_class_);
+  }
+
+  // Split the block into pieces and add to the free-list
+  // TODO: coloring of objects to avoid cache conflicts?
+  void** tail = &span->objects;
+  char* ptr = reinterpret_cast<char*>(span->start << kPageShift);
+  char* limit = ptr + (npages << kPageShift);
+  const size_t size = ByteSizeForClass(size_class_);
+  int num = 0;
+  char* nptr;
+  while ((nptr = ptr + size) <= limit) {
+    *tail = ptr;
+    tail = reinterpret_cast<void**>(ptr);
+    ptr = nptr;
+    num++;
+  }
+  ASSERT(ptr <= limit);
+  *tail = NULL;
+  span->refcount = 0; // No sub-object in use yet
+
+  // Add span to list of non-empty spans
+  lock_.Lock();
+  DLL_Prepend(&nonempty_, span);
+  counter_ += num;
+}
+
+//-------------------------------------------------------------------
+// TCMalloc_ThreadCache implementation
+//-------------------------------------------------------------------
+
+inline bool TCMalloc_ThreadCache::SampleAllocation(size_t k) {
+  if (bytes_until_sample_ < k) {
+    PickNextSample(k);
+    return true;
+  } else {
+    bytes_until_sample_ -= k;
+    return false;
+  }
+}
+
+void TCMalloc_ThreadCache::Init(ThreadIdentifier tid) {
+  size_ = 0;
+  next_ = NULL;
+  prev_ = NULL;
+  tid_  = tid;
+  in_setspecific_ = false;
+  for (size_t cl = 0; cl < kNumClasses; ++cl) {
+    list_[cl].Init();
+  }
+
+  // Initialize RNG -- run it for a bit to get to good values
+  bytes_until_sample_ = 0;
+  rnd_ = static_cast<uint32_t>(reinterpret_cast<uintptr_t>(this));
+  for (int i = 0; i < 100; i++) {
+    PickNextSample(static_cast<size_t>(FLAGS_tcmalloc_sample_parameter * 2));
+  }
+}
+
+void TCMalloc_ThreadCache::Cleanup() {
+  // Put unused memory back into central cache
+  for (size_t cl = 0; cl < kNumClasses; ++cl) {
+    if (list_[cl].length() > 0) {
+      ReleaseToCentralCache(cl, list_[cl].length());
+    }
+  }
+}
+
+ALWAYS_INLINE void* TCMalloc_ThreadCache::Allocate(size_t size) {
+  ASSERT(size <= kMaxSize);
+  const size_t cl = SizeClass(size);
+  FreeList* list = &list_[cl];
+  size_t allocationSize = ByteSizeForClass(cl);
+  if (list->empty()) {
+    FetchFromCentralCache(cl, allocationSize);
+    if (list->empty()) return NULL;
+  }
+  size_ -= allocationSize;
+  return list->Pop();
+}
+
+inline void TCMalloc_ThreadCache::Deallocate(void* ptr, size_t cl) {
+  size_ += ByteSizeForClass(cl);
+  FreeList* list = &list_[cl];
+  list->Push(ptr);
+  // If enough data is free, put back into central cache
+  if (list->length() > kMaxFreeListLength) {
+    ReleaseToCentralCache(cl, num_objects_to_move[cl]);
+  }
+  if (size_ >= per_thread_cache_size) Scavenge();
+}
+
+// Remove some objects of class "cl" from central cache and add to thread heap
+ALWAYS_INLINE void TCMalloc_ThreadCache::FetchFromCentralCache(size_t cl, size_t allocationSize) {
+  int fetch_count = num_objects_to_move[cl];
+  void *start, *end;
+  central_cache[cl].RemoveRange(&start, &end, &fetch_count);
+  list_[cl].PushRange(fetch_count, start, end);
+  size_ += allocationSize * fetch_count;
+}
+
+// Remove some objects of class "cl" from thread heap and add to central cache
+inline void TCMalloc_ThreadCache::ReleaseToCentralCache(size_t cl, int N) {
+  ASSERT(N > 0);
+  FreeList* src = &list_[cl];
+  if (N > src->length()) N = src->length();
+  size_ -= N*ByteSizeForClass(cl);
+
+  // We return prepackaged chains of the correct size to the central cache.
+  // TODO: Use the same format internally in the thread caches?
+  int batch_size = num_objects_to_move[cl];
+  while (N > batch_size) {
+    void *tail, *head;
+    src->PopRange(batch_size, &head, &tail);
+    central_cache[cl].InsertRange(head, tail, batch_size);
+    N -= batch_size;
+  }
+  void *tail, *head;
+  src->PopRange(N, &head, &tail);
+  central_cache[cl].InsertRange(head, tail, N);
+}
+
+// Release idle memory to the central cache
+inline void TCMalloc_ThreadCache::Scavenge() {
+  // If the low-water mark for the free list is L, it means we would
+  // not have had to allocate anything from the central cache even if
+  // we had reduced the free list size by L.  We aim to get closer to
+  // that situation by dropping L/2 nodes from the free list.  This
+  // may not release much memory, but if so we will call scavenge again
+  // pretty soon and the low-water marks will be high on that call.
+  //int64 start = CycleClock::Now();
+
+  for (size_t cl = 0; cl < kNumClasses; cl++) {
+    FreeList* list = &list_[cl];
+    const int lowmark = list->lowwatermark();
+    if (lowmark > 0) {
+      const int drop = (lowmark > 1) ? lowmark/2 : 1;
+      ReleaseToCentralCache(cl, drop);
+    }
+    list->clear_lowwatermark();
+  }
+
+  //int64 finish = CycleClock::Now();
+  //CycleTimer ct;
+  //MESSAGE("GC: %.0f ns\n", ct.CyclesToUsec(finish-start)*1000.0);
+}
+
+void TCMalloc_ThreadCache::PickNextSample(size_t k) {
+  // Make next "random" number
+  // x^32+x^22+x^2+x^1+1 is a primitive polynomial for random numbers
+  static const uint32_t kPoly = (1 << 22) | (1 << 2) | (1 << 1) | (1 << 0);
+  uint32_t r = rnd_;
+  rnd_ = (r << 1) ^ ((static_cast<int32_t>(r) >> 31) & kPoly);
+
+  // Next point is "rnd_ % (sample_period)".  I.e., average
+  // increment is "sample_period/2".
+  const int flag_value = static_cast<int>(FLAGS_tcmalloc_sample_parameter);
+  static int last_flag_value = -1;
+
+  if (flag_value != last_flag_value) {
+    SpinLockHolder h(&sample_period_lock);
+    int i;
+    for (i = 0; i < (static_cast<int>(sizeof(primes_list)/sizeof(primes_list[0])) - 1); i++) {
+      if (primes_list[i] >= flag_value) {
+        break;
+      }
+    }
+    sample_period = primes_list[i];
+    last_flag_value = flag_value;
+  }
+
+  bytes_until_sample_ += rnd_ % sample_period;
+
+  if (k > (static_cast<size_t>(-1) >> 2)) {
+    // If the user has asked for a huge allocation then it is possible
+    // for the code below to loop infinitely.  Just return (note that
+    // this throws off the sampling accuracy somewhat, but a user who
+    // is allocating more than 1G of memory at a time can live with a
+    // minor inaccuracy in profiling of small allocations, and also
+    // would rather not wait for the loop below to terminate).
+    return;
+  }
+
+  while (bytes_until_sample_ < k) {
+    // Increase bytes_until_sample_ by enough average sampling periods
+    // (sample_period >> 1) to allow us to sample past the current
+    // allocation.
+    bytes_until_sample_ += (sample_period >> 1);
+  }
+
+  bytes_until_sample_ -= k;
+}
+
+void TCMalloc_ThreadCache::InitModule() {
+  // There is a slight potential race here because of double-checked
+  // locking idiom.  However, as long as the program does a small
+  // allocation before switching to multi-threaded mode, we will be
+  // fine.  We increase the chances of doing such a small allocation
+  // by doing one in the constructor of the module_enter_exit_hook
+  // object declared below.
+  SpinLockHolder h(&pageheap_lock);
+  if (!phinited) {
+#ifdef WTF_CHANGES
+    InitTSD();
+#endif
+    InitSizeClasses();
+    threadheap_allocator.Init();
+    span_allocator.Init();
+    span_allocator.New(); // Reduce cache conflicts
+    span_allocator.New(); // Reduce cache conflicts
+    stacktrace_allocator.Init();
+    DLL_Init(&sampled_objects);
+    for (size_t i = 0; i < kNumClasses; ++i) {
+      central_cache[i].Init(i);
+    }
+    pageheap->init();
+    phinited = 1;
+#if defined(WTF_CHANGES) && PLATFORM(DARWIN)
+    FastMallocZone::init();
+#endif
+  }
+}
+
+inline TCMalloc_ThreadCache* TCMalloc_ThreadCache::NewHeap(ThreadIdentifier tid) {
+  // Create the heap and add it to the linked list
+  TCMalloc_ThreadCache *heap = threadheap_allocator.New();
+  heap->Init(tid);
+  heap->next_ = thread_heaps;
+  heap->prev_ = NULL;
+  if (thread_heaps != NULL) thread_heaps->prev_ = heap;
+  thread_heaps = heap;
+  thread_heap_count++;
+  RecomputeThreadCacheSize();
+  return heap;
+}
+
+inline TCMalloc_ThreadCache* TCMalloc_ThreadCache::GetThreadHeap() {
+#ifdef HAVE_TLS
+    // __thread is faster, but only when the kernel supports it
+  if (KernelSupportsTLS())
+    return threadlocal_heap;
+#elif COMPILER(MSVC)
+    return static_cast<TCMalloc_ThreadCache*>(TlsGetValue(tlsIndex));
+#else
+    return static_cast<TCMalloc_ThreadCache*>(pthread_getspecific(heap_key));
+#endif
+}
+
+inline TCMalloc_ThreadCache* TCMalloc_ThreadCache::GetCache() {
+  TCMalloc_ThreadCache* ptr = NULL;
+  if (!tsd_inited) {
+    InitModule();
+  } else {
+    ptr = GetThreadHeap();
+  }
+  if (ptr == NULL) ptr = CreateCacheIfNecessary();
+  return ptr;
+}
+
+// In deletion paths, we do not try to create a thread-cache.  This is
+// because we may be in the thread destruction code and may have
+// already cleaned up the cache for this thread.
+inline TCMalloc_ThreadCache* TCMalloc_ThreadCache::GetCacheIfPresent() {
+  if (!tsd_inited) return NULL;
+  void* const p = GetThreadHeap();
+  return reinterpret_cast<TCMalloc_ThreadCache*>(p);
+}
+
+void TCMalloc_ThreadCache::InitTSD() {
+  ASSERT(!tsd_inited);
+  pthread_key_create(&heap_key, DestroyThreadCache);
+#if COMPILER(MSVC)
+  tlsIndex = TlsAlloc();
+#endif
+  tsd_inited = true;
+    
+#if !COMPILER(MSVC)
+  // We may have used a fake pthread_t for the main thread.  Fix it.
+  pthread_t zero;
+  memset(&zero, 0, sizeof(zero));
+#endif
+#ifndef WTF_CHANGES
+  SpinLockHolder h(&pageheap_lock);
+#else
+  ASSERT(pageheap_lock.IsHeld());
+#endif
+  for (TCMalloc_ThreadCache* h = thread_heaps; h != NULL; h = h->next_) {
+#if COMPILER(MSVC)
+    if (h->tid_ == 0) {
+      h->tid_ = GetCurrentThreadId();
+    }
+#else
+    if (pthread_equal(h->tid_, zero)) {
+      h->tid_ = pthread_self();
+    }
+#endif
+  }
+}
+
+TCMalloc_ThreadCache* TCMalloc_ThreadCache::CreateCacheIfNecessary() {
+  // Initialize per-thread data if necessary
+  TCMalloc_ThreadCache* heap = NULL;
+  {
+    SpinLockHolder lockholder(&pageheap_lock);
+
+#if COMPILER(MSVC)
+    DWORD me;
+    if (!tsd_inited) {
+      me = 0;
+    } else {
+      me = GetCurrentThreadId();
+    }
+#else
+    // Early on in glibc's life, we cannot even call pthread_self()
+    pthread_t me;
+    if (!tsd_inited) {
+      memset(&me, 0, sizeof(me));
+    } else {
+      me = pthread_self();
+    }
+#endif
+
+    // This may be a recursive malloc call from pthread_setspecific()
+    // In that case, the heap for this thread has already been created
+    // and added to the linked list.  So we search for that first.
+    for (TCMalloc_ThreadCache* h = thread_heaps; h != NULL; h = h->next_) {
+#if COMPILER(MSVC)
+      if (h->tid_ == me) {
+#else
+      if (pthread_equal(h->tid_, me)) {
+#endif
+        heap = h;
+        break;
+      }
+    }
+
+    if (heap == NULL) heap = NewHeap(me);
+  }
+
+  // We call pthread_setspecific() outside the lock because it may
+  // call malloc() recursively.  The recursive call will never get
+  // here again because it will find the already allocated heap in the
+  // linked list of heaps.
+  if (!heap->in_setspecific_ && tsd_inited) {
+    heap->in_setspecific_ = true;
+    setThreadHeap(heap);
+  }
+  return heap;
+}
+
+void TCMalloc_ThreadCache::BecomeIdle() {
+  if (!tsd_inited) return;              // No caches yet
+  TCMalloc_ThreadCache* heap = GetThreadHeap();
+  if (heap == NULL) return;             // No thread cache to remove
+  if (heap->in_setspecific_) return;    // Do not disturb the active caller
+
+  heap->in_setspecific_ = true;
+  pthread_setspecific(heap_key, NULL);
+#ifdef HAVE_TLS
+  // Also update the copy in __thread
+  threadlocal_heap = NULL;
+#endif
+  heap->in_setspecific_ = false;
+  if (GetThreadHeap() == heap) {
+    // Somehow heap got reinstated by a recursive call to malloc
+    // from pthread_setspecific.  We give up in this case.
+    return;
+  }
+
+  // We can now get rid of the heap
+  DeleteCache(heap);
+}
+
+void TCMalloc_ThreadCache::DestroyThreadCache(void* ptr) {
+  // Note that "ptr" cannot be NULL since pthread promises not
+  // to invoke the destructor on NULL values, but for safety,
+  // we check anyway.
+  if (ptr == NULL) return;
+#ifdef HAVE_TLS
+  // Prevent fast path of GetThreadHeap() from returning heap.
+  threadlocal_heap = NULL;
+#endif
+  DeleteCache(reinterpret_cast<TCMalloc_ThreadCache*>(ptr));
+}
+
+void TCMalloc_ThreadCache::DeleteCache(TCMalloc_ThreadCache* heap) {
+  // Remove all memory from heap
+  heap->Cleanup();
+
+  // Remove from linked list
+  SpinLockHolder h(&pageheap_lock);
+  if (heap->next_ != NULL) heap->next_->prev_ = heap->prev_;
+  if (heap->prev_ != NULL) heap->prev_->next_ = heap->next_;
+  if (thread_heaps == heap) thread_heaps = heap->next_;
+  thread_heap_count--;
+  RecomputeThreadCacheSize();
+
+  threadheap_allocator.Delete(heap);
+}
+
+void TCMalloc_ThreadCache::RecomputeThreadCacheSize() {
+  // Divide available space across threads
+  int n = thread_heap_count > 0 ? thread_heap_count : 1;
+  size_t space = overall_thread_cache_size / n;
+
+  // Limit to allowed range
+  if (space < kMinThreadCacheSize) space = kMinThreadCacheSize;
+  if (space > kMaxThreadCacheSize) space = kMaxThreadCacheSize;
+
+  per_thread_cache_size = space;
+}
+
+void TCMalloc_ThreadCache::Print() const {
+  for (size_t cl = 0; cl < kNumClasses; ++cl) {
+    MESSAGE("      %5" PRIuS " : %4d len; %4d lo\n",
+            ByteSizeForClass(cl),
+            list_[cl].length(),
+            list_[cl].lowwatermark());
+  }
+}
+
+// Extract interesting stats
+struct TCMallocStats {
+  uint64_t system_bytes;        // Bytes alloced from system
+  uint64_t thread_bytes;        // Bytes in thread caches
+  uint64_t central_bytes;       // Bytes in central cache
+  uint64_t transfer_bytes;      // Bytes in central transfer cache
+  uint64_t pageheap_bytes;      // Bytes in page heap
+  uint64_t metadata_bytes;      // Bytes alloced for metadata
+};
+
+#ifndef WTF_CHANGES
+// Get stats into "r".  Also get per-size-class counts if class_count != NULL
+static void ExtractStats(TCMallocStats* r, uint64_t* class_count) {
+  r->central_bytes = 0;
+  r->transfer_bytes = 0;
+  for (int cl = 0; cl < kNumClasses; ++cl) {
+    const int length = central_cache[cl].length();
+    const int tc_length = central_cache[cl].tc_length();
+    r->central_bytes += static_cast<uint64_t>(ByteSizeForClass(cl)) * length;
+    r->transfer_bytes +=
+      static_cast<uint64_t>(ByteSizeForClass(cl)) * tc_length;
+    if (class_count) class_count[cl] = length + tc_length;
+  }
+
+  // Add stats from per-thread heaps
+  r->thread_bytes = 0;
+  { // scope
+    SpinLockHolder h(&pageheap_lock);
+    for (TCMalloc_ThreadCache* h = thread_heaps; h != NULL; h = h->next_) {
+      r->thread_bytes += h->Size();
+      if (class_count) {
+        for (size_t cl = 0; cl < kNumClasses; ++cl) {
+          class_count[cl] += h->freelist_length(cl);
+        }
+      }
+    }
+  }
+
+  { //scope
+    SpinLockHolder h(&pageheap_lock);
+    r->system_bytes = pageheap->SystemBytes();
+    r->metadata_bytes = metadata_system_bytes;
+    r->pageheap_bytes = pageheap->FreeBytes();
+  }
+}
+#endif
+
+#ifndef WTF_CHANGES
+// WRITE stats to "out"
+static void DumpStats(TCMalloc_Printer* out, int level) {
+  TCMallocStats stats;
+  uint64_t class_count[kNumClasses];
+  ExtractStats(&stats, (level >= 2 ? class_count : NULL));
+
+  if (level >= 2) {
+    out->printf("------------------------------------------------\n");
+    uint64_t cumulative = 0;
+    for (int cl = 0; cl < kNumClasses; ++cl) {
+      if (class_count[cl] > 0) {
+        uint64_t class_bytes = class_count[cl] * ByteSizeForClass(cl);
+        cumulative += class_bytes;
+        out->printf("class %3d [ %8" PRIuS " bytes ] : "
+                "%8" PRIu64 " objs; %5.1f MB; %5.1f cum MB\n",
+                cl, ByteSizeForClass(cl),
+                class_count[cl],
+                class_bytes / 1048576.0,
+                cumulative / 1048576.0);
+      }
+    }
+
+    SpinLockHolder h(&pageheap_lock);
+    pageheap->Dump(out);
+  }
+
+  const uint64_t bytes_in_use = stats.system_bytes
+                                - stats.pageheap_bytes
+                                - stats.central_bytes
+                                - stats.transfer_bytes
+                                - stats.thread_bytes;
+
+  out->printf("------------------------------------------------\n"
+              "MALLOC: %12" PRIu64 " Heap size\n"
+              "MALLOC: %12" PRIu64 " Bytes in use by application\n"
+              "MALLOC: %12" PRIu64 " Bytes free in page heap\n"
+              "MALLOC: %12" PRIu64 " Bytes free in central cache\n"
+              "MALLOC: %12" PRIu64 " Bytes free in transfer cache\n"
+              "MALLOC: %12" PRIu64 " Bytes free in thread caches\n"
+              "MALLOC: %12" PRIu64 " Spans in use\n"
+              "MALLOC: %12" PRIu64 " Thread heaps in use\n"
+              "MALLOC: %12" PRIu64 " Metadata allocated\n"
+              "------------------------------------------------\n",
+              stats.system_bytes,
+              bytes_in_use,
+              stats.pageheap_bytes,
+              stats.central_bytes,
+              stats.transfer_bytes,
+              stats.thread_bytes,
+              uint64_t(span_allocator.inuse()),
+              uint64_t(threadheap_allocator.inuse()),
+              stats.metadata_bytes);
+}
+
+static void PrintStats(int level) {
+  const int kBufferSize = 16 << 10;
+  char* buffer = new char[kBufferSize];
+  TCMalloc_Printer printer(buffer, kBufferSize);
+  DumpStats(&printer, level);
+  write(STDERR_FILENO, buffer, strlen(buffer));
+  delete[] buffer;
+}
+
+static void** DumpStackTraces() {
+  // Count how much space we need
+  int needed_slots = 0;
+  {
+    SpinLockHolder h(&pageheap_lock);
+    for (Span* s = sampled_objects.next; s != &sampled_objects; s = s->next) {
+      StackTrace* stack = reinterpret_cast<StackTrace*>(s->objects);
+      needed_slots += 3 + stack->depth;
+    }
+    needed_slots += 100;            // Slop in case sample grows
+    needed_slots += needed_slots/8; // An extra 12.5% slop
+  }
+
+  void** result = new void*[needed_slots];
+  if (result == NULL) {
+    MESSAGE("tcmalloc: could not allocate %d slots for stack traces\n",
+            needed_slots);
+    return NULL;
+  }
+
+  SpinLockHolder h(&pageheap_lock);
+  int used_slots = 0;
+  for (Span* s = sampled_objects.next; s != &sampled_objects; s = s->next) {
+    ASSERT(used_slots < needed_slots);  // Need to leave room for terminator
+    StackTrace* stack = reinterpret_cast<StackTrace*>(s->objects);
+    if (used_slots + 3 + stack->depth >= needed_slots) {
+      // No more room
+      break;
+    }
+
+    result[used_slots+0] = reinterpret_cast<void*>(static_cast<uintptr_t>(1));
+    result[used_slots+1] = reinterpret_cast<void*>(stack->size);
+    result[used_slots+2] = reinterpret_cast<void*>(stack->depth);
+    for (int d = 0; d < stack->depth; d++) {
+      result[used_slots+3+d] = stack->stack[d];
+    }
+    used_slots += 3 + stack->depth;
+  }
+  result[used_slots] = reinterpret_cast<void*>(static_cast<uintptr_t>(0));
+  return result;
+}
+#endif
+
+#ifndef WTF_CHANGES
+
+// TCMalloc's support for extra malloc interfaces
+class TCMallocImplementation : public MallocExtension {
+ public:
+  virtual void GetStats(char* buffer, int buffer_length) {
+    ASSERT(buffer_length > 0);
+    TCMalloc_Printer printer(buffer, buffer_length);
+
+    // Print level one stats unless lots of space is available
+    if (buffer_length < 10000) {
+      DumpStats(&printer, 1);
+    } else {
+      DumpStats(&printer, 2);
+    }
+  }
+
+  virtual void** ReadStackTraces() {
+    return DumpStackTraces();
+  }
+
+  virtual bool GetNumericProperty(const char* name, size_t* value) {
+    ASSERT(name != NULL);
+
+    if (strcmp(name, "generic.current_allocated_bytes") == 0) {
+      TCMallocStats stats;
+      ExtractStats(&stats, NULL);
+      *value = stats.system_bytes
+               - stats.thread_bytes
+               - stats.central_bytes
+               - stats.pageheap_bytes;
+      return true;
+    }
+
+    if (strcmp(name, "generic.heap_size") == 0) {
+      TCMallocStats stats;
+      ExtractStats(&stats, NULL);
+      *value = stats.system_bytes;
+      return true;
+    }
+
+    if (strcmp(name, "tcmalloc.slack_bytes") == 0) {
+      // We assume that bytes in the page heap are not fragmented too
+      // badly, and are therefore available for allocation.
+      SpinLockHolder l(&pageheap_lock);
+      *value = pageheap->FreeBytes();
+      return true;
+    }
+
+    if (strcmp(name, "tcmalloc.max_total_thread_cache_bytes") == 0) {
+      SpinLockHolder l(&pageheap_lock);
+      *value = overall_thread_cache_size;
+      return true;
+    }
+
+    if (strcmp(name, "tcmalloc.current_total_thread_cache_bytes") == 0) {
+      TCMallocStats stats;
+      ExtractStats(&stats, NULL);
+      *value = stats.thread_bytes;
+      return true;
+    }
+
+    return false;
+  }
+
+  virtual bool SetNumericProperty(const char* name, size_t value) {
+    ASSERT(name != NULL);
+
+    if (strcmp(name, "tcmalloc.max_total_thread_cache_bytes") == 0) {
+      // Clip the value to a reasonable range
+      if (value < kMinThreadCacheSize) value = kMinThreadCacheSize;
+      if (value > (1<<30)) value = (1<<30);     // Limit to 1GB
+
+      SpinLockHolder l(&pageheap_lock);
+      overall_thread_cache_size = static_cast<size_t>(value);
+      TCMalloc_ThreadCache::RecomputeThreadCacheSize();
+      return true;
+    }
+
+    return false;
+  }
+
+  virtual void MarkThreadIdle() {
+    TCMalloc_ThreadCache::BecomeIdle();
+  }
+
+  virtual void ReleaseFreeMemory() {
+    SpinLockHolder h(&pageheap_lock);
+    pageheap->ReleaseFreePages();
+  }
+};
+#endif
+
+// The constructor allocates an object to ensure that initialization
+// runs before main(), and therefore we do not have a chance to become
+// multi-threaded before initialization.  We also create the TSD key
+// here.  Presumably by the time this constructor runs, glibc is in
+// good enough shape to handle pthread_key_create().
+//
+// The constructor also takes the opportunity to tell STL to use
+// tcmalloc.  We want to do this early, before construct time, so
+// all user STL allocations go through tcmalloc (which works really
+// well for STL).
+//
+// The destructor prints stats when the program exits.
+class TCMallocGuard {
+ public:
+
+  TCMallocGuard() {
+#ifdef HAVE_TLS    // this is true if the cc/ld/libc combo support TLS
+    // Check whether the kernel also supports TLS (needs to happen at runtime)
+    CheckIfKernelSupportsTLS();
+#endif
+#ifndef WTF_CHANGES
+#ifdef WIN32                    // patch the windows VirtualAlloc, etc.
+    PatchWindowsFunctions();    // defined in windows/patch_functions.cc
+#endif
+#endif
+    free(malloc(1));
+    TCMalloc_ThreadCache::InitTSD();
+    free(malloc(1));
+#ifndef WTF_CHANGES
+    MallocExtension::Register(new TCMallocImplementation);
+#endif
+  }
+
+#ifndef WTF_CHANGES
+  ~TCMallocGuard() {
+    const char* env = getenv("MALLOCSTATS");
+    if (env != NULL) {
+      int level = atoi(env);
+      if (level < 1) level = 1;
+      PrintStats(level);
+    }
+#ifdef WIN32
+    UnpatchWindowsFunctions();
+#endif
+  }
+#endif
+};
+
+#ifndef WTF_CHANGES
+static TCMallocGuard module_enter_exit_hook;
+#endif
+
+
+//-------------------------------------------------------------------
+// Helpers for the exported routines below
+//-------------------------------------------------------------------
+
+#ifndef WTF_CHANGES
+
+static Span* DoSampledAllocation(size_t size) {
+
+  // Grab the stack trace outside the heap lock
+  StackTrace tmp;
+  tmp.depth = GetStackTrace(tmp.stack, kMaxStackDepth, 1);
+  tmp.size = size;
+
+  SpinLockHolder h(&pageheap_lock);
+  // Allocate span
+  Span *span = pageheap->New(pages(size == 0 ? 1 : size));
+  if (span == NULL) {
+    return NULL;
+  }
+
+  // Allocate stack trace
+  StackTrace *stack = stacktrace_allocator.New();
+  if (stack == NULL) {
+    // Sampling failed because of lack of memory
+    return span;
+  }
+
+  *stack = tmp;
+  span->sample = 1;
+  span->objects = stack;
+  DLL_Prepend(&sampled_objects, span);
+
+  return span;
+}
+#endif
+
+static inline bool CheckCachedSizeClass(void *ptr) {
+  PageID p = reinterpret_cast<uintptr_t>(ptr) >> kPageShift;
+  size_t cached_value = pageheap->GetSizeClassIfCached(p);
+  return cached_value == 0 ||
+      cached_value == pageheap->GetDescriptor(p)->sizeclass;
+}
+
+static inline void* CheckedMallocResult(void *result)
+{
+  ASSERT(result == 0 || CheckCachedSizeClass(result));
+  return result;
+}
+
+static inline void* SpanToMallocResult(Span *span) {
+  ASSERT_SPAN_COMMITTED(span);
+  pageheap->CacheSizeClass(span->start, 0);
+  return
+      CheckedMallocResult(reinterpret_cast<void*>(span->start << kPageShift));
+}
+
+#ifdef WTF_CHANGES
+template <bool crashOnFailure>
+#endif
+static ALWAYS_INLINE void* do_malloc(size_t size) {
+  void* ret = NULL;
+
+#ifdef WTF_CHANGES
+    ASSERT(!isForbidden());
+#endif
+
+  // The following call forces module initialization
+  TCMalloc_ThreadCache* heap = TCMalloc_ThreadCache::GetCache();
+#ifndef WTF_CHANGES
+  if ((FLAGS_tcmalloc_sample_parameter > 0) && heap->SampleAllocation(size)) {
+    Span* span = DoSampledAllocation(size);
+    if (span != NULL) {
+      ret = SpanToMallocResult(span);
+    }
+  } else
+#endif
+  if (size > kMaxSize) {
+    // Use page-level allocator
+    SpinLockHolder h(&pageheap_lock);
+    Span* span = pageheap->New(pages(size));
+    if (span != NULL) {
+      ret = SpanToMallocResult(span);
+    }
+  } else {
+    // The common case, and also the simplest.  This just pops the
+    // size-appropriate freelist, afer replenishing it if it's empty.
+    ret = CheckedMallocResult(heap->Allocate(size));
+  }
+  if (!ret) {
+#ifdef WTF_CHANGES
+    if (crashOnFailure) // This branch should be optimized out by the compiler.
+        CRASH();
+#else
+    errno = ENOMEM;
+#endif
+  }
+  return ret;
+}
+
+static ALWAYS_INLINE void do_free(void* ptr) {
+  if (ptr == NULL) return;
+  ASSERT(pageheap != NULL);  // Should not call free() before malloc()
+  const PageID p = reinterpret_cast<uintptr_t>(ptr) >> kPageShift;
+  Span* span = NULL;
+  size_t cl = pageheap->GetSizeClassIfCached(p);
+
+  if (cl == 0) {
+    span = pageheap->GetDescriptor(p);
+    cl = span->sizeclass;
+    pageheap->CacheSizeClass(p, cl);
+  }
+  if (cl != 0) {
+#ifndef NO_TCMALLOC_SAMPLES
+    ASSERT(!pageheap->GetDescriptor(p)->sample);
+#endif
+    TCMalloc_ThreadCache* heap = TCMalloc_ThreadCache::GetCacheIfPresent();
+    if (heap != NULL) {
+      heap->Deallocate(ptr, cl);
+    } else {
+      // Delete directly into central cache
+      SLL_SetNext(ptr, NULL);
+      central_cache[cl].InsertRange(ptr, ptr, 1);
+    }
+  } else {
+    SpinLockHolder h(&pageheap_lock);
+    ASSERT(reinterpret_cast<uintptr_t>(ptr) % kPageSize == 0);
+    ASSERT(span != NULL && span->start == p);
+#ifndef NO_TCMALLOC_SAMPLES
+    if (span->sample) {
+      DLL_Remove(span);
+      stacktrace_allocator.Delete(reinterpret_cast<StackTrace*>(span->objects));
+      span->objects = NULL;
+    }
+#endif
+    pageheap->Delete(span);
+  }
+}
+
+#ifndef WTF_CHANGES
+// For use by exported routines below that want specific alignments
+//
+// Note: this code can be slow, and can significantly fragment memory.
+// The expectation is that memalign/posix_memalign/valloc/pvalloc will
+// not be invoked very often.  This requirement simplifies our
+// implementation and allows us to tune for expected allocation
+// patterns.
+static void* do_memalign(size_t align, size_t size) {
+  ASSERT((align & (align - 1)) == 0);
+  ASSERT(align > 0);
+  if (pageheap == NULL) TCMalloc_ThreadCache::InitModule();
+
+  // Allocate at least one byte to avoid boundary conditions below
+  if (size == 0) size = 1;
+
+  if (size <= kMaxSize && align < kPageSize) {
+    // Search through acceptable size classes looking for one with
+    // enough alignment.  This depends on the fact that
+    // InitSizeClasses() currently produces several size classes that
+    // are aligned at powers of two.  We will waste time and space if
+    // we miss in the size class array, but that is deemed acceptable
+    // since memalign() should be used rarely.
+    size_t cl = SizeClass(size);
+    while (cl < kNumClasses && ((class_to_size[cl] & (align - 1)) != 0)) {
+      cl++;
+    }
+    if (cl < kNumClasses) {
+      TCMalloc_ThreadCache* heap = TCMalloc_ThreadCache::GetCache();
+      return CheckedMallocResult(heap->Allocate(class_to_size[cl]));
+    }
+  }
+
+  // We will allocate directly from the page heap
+  SpinLockHolder h(&pageheap_lock);
+
+  if (align <= kPageSize) {
+    // Any page-level allocation will be fine
+    // TODO: We could put the rest of this page in the appropriate
+    // TODO: cache but it does not seem worth it.
+    Span* span = pageheap->New(pages(size));
+    return span == NULL ? NULL : SpanToMallocResult(span);
+  }
+
+  // Allocate extra pages and carve off an aligned portion
+  const Length alloc = pages(size + align);
+  Span* span = pageheap->New(alloc);
+  if (span == NULL) return NULL;
+
+  // Skip starting portion so that we end up aligned
+  Length skip = 0;
+  while ((((span->start+skip) << kPageShift) & (align - 1)) != 0) {
+    skip++;
+  }
+  ASSERT(skip < alloc);
+  if (skip > 0) {
+    Span* rest = pageheap->Split(span, skip);
+    pageheap->Delete(span);
+    span = rest;
+  }
+
+  // Skip trailing portion that we do not need to return
+  const Length needed = pages(size);
+  ASSERT(span->length >= needed);
+  if (span->length > needed) {
+    Span* trailer = pageheap->Split(span, needed);
+    pageheap->Delete(trailer);
+  }
+  return SpanToMallocResult(span);
+}
+#endif
+
+// Helpers for use by exported routines below:
+
+#ifndef WTF_CHANGES
+static inline void do_malloc_stats() {
+  PrintStats(1);
+}
+#endif
+
+static inline int do_mallopt(int, int) {
+  return 1;     // Indicates error
+}
+
+#ifdef HAVE_STRUCT_MALLINFO  // mallinfo isn't defined on freebsd, for instance
+static inline struct mallinfo do_mallinfo() {
+  TCMallocStats stats;
+  ExtractStats(&stats, NULL);
+
+  // Just some of the fields are filled in.
+  struct mallinfo info;
+  memset(&info, 0, sizeof(info));
+
+  // Unfortunately, the struct contains "int" field, so some of the
+  // size values will be truncated.
+  info.arena     = static_cast<int>(stats.system_bytes);
+  info.fsmblks   = static_cast<int>(stats.thread_bytes
+                                    + stats.central_bytes
+                                    + stats.transfer_bytes);
+  info.fordblks  = static_cast<int>(stats.pageheap_bytes);
+  info.uordblks  = static_cast<int>(stats.system_bytes
+                                    - stats.thread_bytes
+                                    - stats.central_bytes
+                                    - stats.transfer_bytes
+                                    - stats.pageheap_bytes);
+
+  return info;
+}
+#endif
+
+//-------------------------------------------------------------------
+// Exported routines
+//-------------------------------------------------------------------
+
+// CAVEAT: The code structure below ensures that MallocHook methods are always
+//         called from the stack frame of the invoked allocation function.
+//         heap-checker.cc depends on this to start a stack trace from
+//         the call to the (de)allocation function.
+
+#ifndef WTF_CHANGES
+extern "C" 
+#else
+#define do_malloc do_malloc<crashOnFailure>
+
+template <bool crashOnFailure>
+void* malloc(size_t);
+
+void* fastMalloc(size_t size)
+{
+    return malloc<true>(size);
+}
+
+TryMallocReturnValue tryFastMalloc(size_t size)
+{
+    return malloc<false>(size);
+}
+
+template <bool crashOnFailure>
+ALWAYS_INLINE
+#endif
+void* malloc(size_t size) {
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= size)  // If overflow would occur...
+        return 0;
+    size += sizeof(AllocAlignmentInteger);
+    void* result = do_malloc(size);
+    if (!result)
+        return 0;
+
+    *static_cast<AllocAlignmentInteger*>(result) = Internal::AllocTypeMalloc;
+    result = static_cast<AllocAlignmentInteger*>(result) + 1;
+#else
+    void* result = do_malloc(size);
+#endif
+
+#ifndef WTF_CHANGES
+  MallocHook::InvokeNewHook(result, size);
+#endif
+  return result;
+}
+
+#ifndef WTF_CHANGES
+extern "C" 
+#endif
+void free(void* ptr) {
+#ifndef WTF_CHANGES
+  MallocHook::InvokeDeleteHook(ptr);
+#endif
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (!ptr)
+        return;
+
+    AllocAlignmentInteger* header = Internal::fastMallocMatchValidationValue(ptr);
+    if (*header != Internal::AllocTypeMalloc)
+        Internal::fastMallocMatchFailed(ptr);
+    do_free(header);
+#else
+    do_free(ptr);
+#endif
+}
+
+#ifndef WTF_CHANGES
+extern "C" 
+#else
+template <bool crashOnFailure>
+void* calloc(size_t, size_t);
+
+void* fastCalloc(size_t n, size_t elem_size)
+{
+    return calloc<true>(n, elem_size);
+}
+
+TryMallocReturnValue tryFastCalloc(size_t n, size_t elem_size)
+{
+    return calloc<false>(n, elem_size);
+}
+
+template <bool crashOnFailure>
+ALWAYS_INLINE
+#endif
+void* calloc(size_t n, size_t elem_size) {
+  size_t totalBytes = n * elem_size;
+    
+  // Protect against overflow
+  if (n > 1 && elem_size && (totalBytes / elem_size) != n)
+    return 0;
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= totalBytes)  // If overflow would occur...
+        return 0;
+
+    totalBytes += sizeof(AllocAlignmentInteger);
+    void* result = do_malloc(totalBytes);
+    if (!result)
+        return 0;
+
+    memset(result, 0, totalBytes);
+    *static_cast<AllocAlignmentInteger*>(result) = Internal::AllocTypeMalloc;
+    result = static_cast<AllocAlignmentInteger*>(result) + 1;
+#else
+    void* result = do_malloc(totalBytes);
+    if (result != NULL) {
+        memset(result, 0, totalBytes);
+    }
+#endif
+
+#ifndef WTF_CHANGES
+  MallocHook::InvokeNewHook(result, totalBytes);
+#endif
+  return result;
+}
+
+// Since cfree isn't used anywhere, we don't compile it in.
+#ifndef WTF_CHANGES
+#ifndef WTF_CHANGES
+extern "C" 
+#endif
+void cfree(void* ptr) {
+#ifndef WTF_CHANGES
+    MallocHook::InvokeDeleteHook(ptr);
+#endif
+  do_free(ptr);
+}
+#endif
+
+#ifndef WTF_CHANGES
+extern "C" 
+#else
+template <bool crashOnFailure>
+void* realloc(void*, size_t);
+
+void* fastRealloc(void* old_ptr, size_t new_size)
+{
+    return realloc<true>(old_ptr, new_size);
+}
+
+TryMallocReturnValue tryFastRealloc(void* old_ptr, size_t new_size)
+{
+    return realloc<false>(old_ptr, new_size);
+}
+
+template <bool crashOnFailure>
+ALWAYS_INLINE
+#endif
+void* realloc(void* old_ptr, size_t new_size) {
+  if (old_ptr == NULL) {
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    void* result = malloc(new_size);
+#else
+    void* result = do_malloc(new_size);
+#ifndef WTF_CHANGES
+    MallocHook::InvokeNewHook(result, new_size);
+#endif
+#endif
+    return result;
+  }
+  if (new_size == 0) {
+#ifndef WTF_CHANGES
+    MallocHook::InvokeDeleteHook(old_ptr);
+#endif
+    free(old_ptr);
+    return NULL;
+  }
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    if (std::numeric_limits<size_t>::max() - sizeof(AllocAlignmentInteger) <= new_size)  // If overflow would occur...
+        return 0;
+    new_size += sizeof(AllocAlignmentInteger);
+    AllocAlignmentInteger* header = Internal::fastMallocMatchValidationValue(old_ptr);
+    if (*header != Internal::AllocTypeMalloc)
+        Internal::fastMallocMatchFailed(old_ptr);
+    old_ptr = header;
+#endif
+
+  // Get the size of the old entry
+  const PageID p = reinterpret_cast<uintptr_t>(old_ptr) >> kPageShift;
+  size_t cl = pageheap->GetSizeClassIfCached(p);
+  Span *span = NULL;
+  size_t old_size;
+  if (cl == 0) {
+    span = pageheap->GetDescriptor(p);
+    cl = span->sizeclass;
+    pageheap->CacheSizeClass(p, cl);
+  }
+  if (cl != 0) {
+    old_size = ByteSizeForClass(cl);
+  } else {
+    ASSERT(span != NULL);
+    old_size = span->length << kPageShift;
+  }
+
+  // Reallocate if the new size is larger than the old size,
+  // or if the new size is significantly smaller than the old size.
+  if ((new_size > old_size) || (AllocationSize(new_size) < old_size)) {
+    // Need to reallocate
+    void* new_ptr = do_malloc(new_size);
+    if (new_ptr == NULL) {
+      return NULL;
+    }
+#ifndef WTF_CHANGES
+    MallocHook::InvokeNewHook(new_ptr, new_size);
+#endif
+    memcpy(new_ptr, old_ptr, ((old_size < new_size) ? old_size : new_size));
+#ifndef WTF_CHANGES
+    MallocHook::InvokeDeleteHook(old_ptr);
+#endif
+    // We could use a variant of do_free() that leverages the fact
+    // that we already know the sizeclass of old_ptr.  The benefit
+    // would be small, so don't bother.
+    do_free(old_ptr);
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    new_ptr = static_cast<AllocAlignmentInteger*>(new_ptr) + 1;
+#endif
+    return new_ptr;
+  } else {
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+    old_ptr = pByte + sizeof(AllocAlignmentInteger);  // Set old_ptr back to the user pointer.
+#endif
+    return old_ptr;
+  }
+}
+
+#ifdef WTF_CHANGES
+#undef do_malloc
+#else
+
+static SpinLock set_new_handler_lock = SPINLOCK_INITIALIZER;
+
+static inline void* cpp_alloc(size_t size, bool nothrow) {
+  for (;;) {
+    void* p = do_malloc(size);
+#ifdef PREANSINEW
+    return p;
+#else
+    if (p == NULL) {  // allocation failed
+      // Get the current new handler.  NB: this function is not
+      // thread-safe.  We make a feeble stab at making it so here, but
+      // this lock only protects against tcmalloc interfering with
+      // itself, not with other libraries calling set_new_handler.
+      std::new_handler nh;
+      {
+        SpinLockHolder h(&set_new_handler_lock);
+        nh = std::set_new_handler(0);
+        (void) std::set_new_handler(nh);
+      }
+      // If no new_handler is established, the allocation failed.
+      if (!nh) {
+        if (nothrow) return 0;
+        throw std::bad_alloc();
+      }
+      // Otherwise, try the new_handler.  If it returns, retry the
+      // allocation.  If it throws std::bad_alloc, fail the allocation.
+      // if it throws something else, don't interfere.
+      try {
+        (*nh)();
+      } catch (const std::bad_alloc&) {
+        if (!nothrow) throw;
+        return p;
+      }
+    } else {  // allocation success
+      return p;
+    }
+#endif
+  }
+}
+
+void* operator new(size_t size) {
+  void* p = cpp_alloc(size, false);
+  // We keep this next instruction out of cpp_alloc for a reason: when
+  // it's in, and new just calls cpp_alloc, the optimizer may fold the
+  // new call into cpp_alloc, which messes up our whole section-based
+  // stacktracing (see ATTRIBUTE_SECTION, above).  This ensures cpp_alloc
+  // isn't the last thing this fn calls, and prevents the folding.
+  MallocHook::InvokeNewHook(p, size);
+  return p;
+}
+
+void* operator new(size_t size, const std::nothrow_t&) __THROW {
+  void* p = cpp_alloc(size, true);
+  MallocHook::InvokeNewHook(p, size);
+  return p;
+}
+
+void operator delete(void* p) __THROW {
+  MallocHook::InvokeDeleteHook(p);
+  do_free(p);
+}
+
+void operator delete(void* p, const std::nothrow_t&) __THROW {
+  MallocHook::InvokeDeleteHook(p);
+  do_free(p);
+}
+
+void* operator new[](size_t size) {
+  void* p = cpp_alloc(size, false);
+  // We keep this next instruction out of cpp_alloc for a reason: when
+  // it's in, and new just calls cpp_alloc, the optimizer may fold the
+  // new call into cpp_alloc, which messes up our whole section-based
+  // stacktracing (see ATTRIBUTE_SECTION, above).  This ensures cpp_alloc
+  // isn't the last thing this fn calls, and prevents the folding.
+  MallocHook::InvokeNewHook(p, size);
+  return p;
+}
+
+void* operator new[](size_t size, const std::nothrow_t&) __THROW {
+  void* p = cpp_alloc(size, true);
+  MallocHook::InvokeNewHook(p, size);
+  return p;
+}
+
+void operator delete[](void* p) __THROW {
+  MallocHook::InvokeDeleteHook(p);
+  do_free(p);
+}
+
+void operator delete[](void* p, const std::nothrow_t&) __THROW {
+  MallocHook::InvokeDeleteHook(p);
+  do_free(p);
+}
+
+extern "C" void* memalign(size_t align, size_t size) __THROW {
+  void* result = do_memalign(align, size);
+  MallocHook::InvokeNewHook(result, size);
+  return result;
+}
+
+extern "C" int posix_memalign(void** result_ptr, size_t align, size_t size)
+    __THROW {
+  if (((align % sizeof(void*)) != 0) ||
+      ((align & (align - 1)) != 0) ||
+      (align == 0)) {
+    return EINVAL;
+  }
+
+  void* result = do_memalign(align, size);
+  MallocHook::InvokeNewHook(result, size);
+  if (result == NULL) {
+    return ENOMEM;
+  } else {
+    *result_ptr = result;
+    return 0;
+  }
+}
+
+static size_t pagesize = 0;
+
+extern "C" void* valloc(size_t size) __THROW {
+  // Allocate page-aligned object of length >= size bytes
+  if (pagesize == 0) pagesize = getpagesize();
+  void* result = do_memalign(pagesize, size);
+  MallocHook::InvokeNewHook(result, size);
+  return result;
+}
+
+extern "C" void* pvalloc(size_t size) __THROW {
+  // Round up size to a multiple of pagesize
+  if (pagesize == 0) pagesize = getpagesize();
+  size = (size + pagesize - 1) & ~(pagesize - 1);
+  void* result = do_memalign(pagesize, size);
+  MallocHook::InvokeNewHook(result, size);
+  return result;
+}
+
+extern "C" void malloc_stats(void) {
+  do_malloc_stats();
+}
+
+extern "C" int mallopt(int cmd, int value) {
+  return do_mallopt(cmd, value);
+}
+
+#ifdef HAVE_STRUCT_MALLINFO
+extern "C" struct mallinfo mallinfo(void) {
+  return do_mallinfo();
+}
+#endif
+
+//-------------------------------------------------------------------
+// Some library routines on RedHat 9 allocate memory using malloc()
+// and free it using __libc_free() (or vice-versa).  Since we provide
+// our own implementations of malloc/free, we need to make sure that
+// the __libc_XXX variants (defined as part of glibc) also point to
+// the same implementations.
+//-------------------------------------------------------------------
+
+#if defined(__GLIBC__)
+extern "C" {
+#if COMPILER(GCC) && !defined(__MACH__) && defined(HAVE___ATTRIBUTE__)
+  // Potentially faster variants that use the gcc alias extension.
+  // Mach-O (Darwin) does not support weak aliases, hence the __MACH__ check.
+# define ALIAS(x) __attribute__ ((weak, alias (x)))
+  void* __libc_malloc(size_t size)              ALIAS("malloc");
+  void  __libc_free(void* ptr)                  ALIAS("free");
+  void* __libc_realloc(void* ptr, size_t size)  ALIAS("realloc");
+  void* __libc_calloc(size_t n, size_t size)    ALIAS("calloc");
+  void  __libc_cfree(void* ptr)                 ALIAS("cfree");
+  void* __libc_memalign(size_t align, size_t s) ALIAS("memalign");
+  void* __libc_valloc(size_t size)              ALIAS("valloc");
+  void* __libc_pvalloc(size_t size)             ALIAS("pvalloc");
+  int __posix_memalign(void** r, size_t a, size_t s) ALIAS("posix_memalign");
+# undef ALIAS
+# else   /* not __GNUC__ */
+  // Portable wrappers
+  void* __libc_malloc(size_t size)              { return malloc(size);       }
+  void  __libc_free(void* ptr)                  { free(ptr);                 }
+  void* __libc_realloc(void* ptr, size_t size)  { return realloc(ptr, size); }
+  void* __libc_calloc(size_t n, size_t size)    { return calloc(n, size);    }
+  void  __libc_cfree(void* ptr)                 { cfree(ptr);                }
+  void* __libc_memalign(size_t align, size_t s) { return memalign(align, s); }
+  void* __libc_valloc(size_t size)              { return valloc(size);       }
+  void* __libc_pvalloc(size_t size)             { return pvalloc(size);      }
+  int __posix_memalign(void** r, size_t a, size_t s) {
+    return posix_memalign(r, a, s);
+  }
+# endif  /* __GNUC__ */
+}
+#endif   /* __GLIBC__ */
+
+// Override __libc_memalign in libc on linux boxes specially.
+// They have a bug in libc that causes them to (very rarely) allocate
+// with __libc_memalign() yet deallocate with free() and the
+// definitions above don't catch it.
+// This function is an exception to the rule of calling MallocHook method
+// from the stack frame of the allocation function;
+// heap-checker handles this special case explicitly.
+static void *MemalignOverride(size_t align, size_t size, const void *caller)
+    __THROW {
+  void* result = do_memalign(align, size);
+  MallocHook::InvokeNewHook(result, size);
+  return result;
+}
+void *(*__memalign_hook)(size_t, size_t, const void *) = MemalignOverride;
+
+#endif
+
+#if defined(WTF_CHANGES) && PLATFORM(DARWIN)
+
+class FreeObjectFinder {
+    const RemoteMemoryReader& m_reader;
+    HashSet<void*> m_freeObjects;
+
+public:
+    FreeObjectFinder(const RemoteMemoryReader& reader) : m_reader(reader) { }
+
+    void visit(void* ptr) { m_freeObjects.add(ptr); }
+    bool isFreeObject(void* ptr) const { return m_freeObjects.contains(ptr); }
+    bool isFreeObject(vm_address_t ptr) const { return isFreeObject(reinterpret_cast<void*>(ptr)); }
+    size_t freeObjectCount() const { return m_freeObjects.size(); }
+
+    void findFreeObjects(TCMalloc_ThreadCache* threadCache)
+    {
+        for (; threadCache; threadCache = (threadCache->next_ ? m_reader(threadCache->next_) : 0))
+            threadCache->enumerateFreeObjects(*this, m_reader);
+    }
+
+    void findFreeObjects(TCMalloc_Central_FreeListPadded* centralFreeList, size_t numSizes, TCMalloc_Central_FreeListPadded* remoteCentralFreeList)
+    {
+        for (unsigned i = 0; i < numSizes; i++)
+            centralFreeList[i].enumerateFreeObjects(*this, m_reader, remoteCentralFreeList + i);
+    }
+};
+
+class PageMapFreeObjectFinder {
+    const RemoteMemoryReader& m_reader;
+    FreeObjectFinder& m_freeObjectFinder;
+
+public:
+    PageMapFreeObjectFinder(const RemoteMemoryReader& reader, FreeObjectFinder& freeObjectFinder)
+        : m_reader(reader)
+        , m_freeObjectFinder(freeObjectFinder)
+    { }
+
+    int visit(void* ptr) const
+    {
+        if (!ptr)
+            return 1;
+
+        Span* span = m_reader(reinterpret_cast<Span*>(ptr));
+        if (span->free) {
+            void* ptr = reinterpret_cast<void*>(span->start << kPageShift);
+            m_freeObjectFinder.visit(ptr);
+        } else if (span->sizeclass) {
+            // Walk the free list of the small-object span, keeping track of each object seen
+            for (void* nextObject = span->objects; nextObject; nextObject = *m_reader(reinterpret_cast<void**>(nextObject)))
+                m_freeObjectFinder.visit(nextObject);
+        }
+        return span->length;
+    }
+};
+
+class PageMapMemoryUsageRecorder {
+    task_t m_task;
+    void* m_context;
+    unsigned m_typeMask;
+    vm_range_recorder_t* m_recorder;
+    const RemoteMemoryReader& m_reader;
+    const FreeObjectFinder& m_freeObjectFinder;
+
+    HashSet<void*> m_seenPointers;
+    Vector<Span*> m_coalescedSpans;
+
+public:
+    PageMapMemoryUsageRecorder(task_t task, void* context, unsigned typeMask, vm_range_recorder_t* recorder, const RemoteMemoryReader& reader, const FreeObjectFinder& freeObjectFinder)
+        : m_task(task)
+        , m_context(context)
+        , m_typeMask(typeMask)
+        , m_recorder(recorder)
+        , m_reader(reader)
+        , m_freeObjectFinder(freeObjectFinder)
+    { }
+
+    ~PageMapMemoryUsageRecorder()
+    {
+        ASSERT(!m_coalescedSpans.size());
+    }
+
+    void recordPendingRegions()
+    {
+        Span* lastSpan = m_coalescedSpans[m_coalescedSpans.size() - 1];
+        vm_range_t ptrRange = { m_coalescedSpans[0]->start << kPageShift, 0 };
+        ptrRange.size = (lastSpan->start << kPageShift) - ptrRange.address + (lastSpan->length * kPageSize);
+
+        // Mark the memory region the spans represent as a candidate for containing pointers
+        if (m_typeMask & MALLOC_PTR_REGION_RANGE_TYPE)
+            (*m_recorder)(m_task, m_context, MALLOC_PTR_REGION_RANGE_TYPE, &ptrRange, 1);
+
+        if (!(m_typeMask & MALLOC_PTR_IN_USE_RANGE_TYPE)) {
+            m_coalescedSpans.clear();
+            return;
+        }
+
+        Vector<vm_range_t, 1024> allocatedPointers;
+        for (size_t i = 0; i < m_coalescedSpans.size(); ++i) {
+            Span *theSpan = m_coalescedSpans[i];
+            if (theSpan->free)
+                continue;
+
+            vm_address_t spanStartAddress = theSpan->start << kPageShift;
+            vm_size_t spanSizeInBytes = theSpan->length * kPageSize;
+
+            if (!theSpan->sizeclass) {
+                // If it's an allocated large object span, mark it as in use
+                if (!m_freeObjectFinder.isFreeObject(spanStartAddress))
+                    allocatedPointers.append((vm_range_t){spanStartAddress, spanSizeInBytes});
+            } else {
+                const size_t objectSize = ByteSizeForClass(theSpan->sizeclass);
+
+                // Mark each allocated small object within the span as in use
+                const vm_address_t endOfSpan = spanStartAddress + spanSizeInBytes;
+                for (vm_address_t object = spanStartAddress; object + objectSize <= endOfSpan; object += objectSize) {
+                    if (!m_freeObjectFinder.isFreeObject(object))
+                        allocatedPointers.append((vm_range_t){object, objectSize});
+                }
+            }
+        }
+
+        (*m_recorder)(m_task, m_context, MALLOC_PTR_IN_USE_RANGE_TYPE, allocatedPointers.data(), allocatedPointers.size());
+
+        m_coalescedSpans.clear();
+    }
+
+    int visit(void* ptr)
+    {
+        if (!ptr)
+            return 1;
+
+        Span* span = m_reader(reinterpret_cast<Span*>(ptr));
+        if (!span->start)
+            return 1;
+
+        if (m_seenPointers.contains(ptr))
+            return span->length;
+        m_seenPointers.add(ptr);
+
+        if (!m_coalescedSpans.size()) {
+            m_coalescedSpans.append(span);
+            return span->length;
+        }
+
+        Span* previousSpan = m_coalescedSpans[m_coalescedSpans.size() - 1];
+        vm_address_t previousSpanStartAddress = previousSpan->start << kPageShift;
+        vm_size_t previousSpanSizeInBytes = previousSpan->length * kPageSize;
+
+        // If the new span is adjacent to the previous span, do nothing for now.
+        vm_address_t spanStartAddress = span->start << kPageShift;
+        if (spanStartAddress == previousSpanStartAddress + previousSpanSizeInBytes) {
+            m_coalescedSpans.append(span);
+            return span->length;
+        }
+
+        // New span is not adjacent to previous span, so record the spans coalesced so far.
+        recordPendingRegions();
+        m_coalescedSpans.append(span);
+
+        return span->length;
+    }
+};
+
+class AdminRegionRecorder {
+    task_t m_task;
+    void* m_context;
+    unsigned m_typeMask;
+    vm_range_recorder_t* m_recorder;
+    const RemoteMemoryReader& m_reader;
+
+    Vector<vm_range_t, 1024> m_pendingRegions;
+
+public:
+    AdminRegionRecorder(task_t task, void* context, unsigned typeMask, vm_range_recorder_t* recorder, const RemoteMemoryReader& reader)
+        : m_task(task)
+        , m_context(context)
+        , m_typeMask(typeMask)
+        , m_recorder(recorder)
+        , m_reader(reader)
+    { }
+
+    void recordRegion(vm_address_t ptr, size_t size)
+    {
+        if (m_typeMask & MALLOC_ADMIN_REGION_RANGE_TYPE)
+            m_pendingRegions.append((vm_range_t){ ptr, size });
+    }
+
+    void visit(void *ptr, size_t size)
+    {
+        recordRegion(reinterpret_cast<vm_address_t>(ptr), size);
+    }
+
+    void recordPendingRegions()
+    {
+        if (m_pendingRegions.size()) {
+            (*m_recorder)(m_task, m_context, MALLOC_ADMIN_REGION_RANGE_TYPE, m_pendingRegions.data(), m_pendingRegions.size());
+            m_pendingRegions.clear();
+        }
+    }
+
+    ~AdminRegionRecorder()
+    {
+        ASSERT(!m_pendingRegions.size());
+    }
+};
+
+kern_return_t FastMallocZone::enumerate(task_t task, void* context, unsigned typeMask, vm_address_t zoneAddress, memory_reader_t reader, vm_range_recorder_t recorder)
+{
+    RemoteMemoryReader memoryReader(task, reader);
+
+    InitSizeClasses();
+
+    FastMallocZone* mzone = memoryReader(reinterpret_cast<FastMallocZone*>(zoneAddress));
+    TCMalloc_PageHeap* pageHeap = memoryReader(mzone->m_pageHeap);
+    TCMalloc_ThreadCache** threadHeapsPointer = memoryReader(mzone->m_threadHeaps);
+    TCMalloc_ThreadCache* threadHeaps = memoryReader(*threadHeapsPointer);
+
+    TCMalloc_Central_FreeListPadded* centralCaches = memoryReader(mzone->m_centralCaches, sizeof(TCMalloc_Central_FreeListPadded) * kNumClasses);
+
+    FreeObjectFinder finder(memoryReader);
+    finder.findFreeObjects(threadHeaps);
+    finder.findFreeObjects(centralCaches, kNumClasses, mzone->m_centralCaches);
+
+    TCMalloc_PageHeap::PageMap* pageMap = &pageHeap->pagemap_;
+    PageMapFreeObjectFinder pageMapFinder(memoryReader, finder);
+    pageMap->visitValues(pageMapFinder, memoryReader);
+
+    PageMapMemoryUsageRecorder usageRecorder(task, context, typeMask, recorder, memoryReader, finder);
+    pageMap->visitValues(usageRecorder, memoryReader);
+    usageRecorder.recordPendingRegions();
+
+    AdminRegionRecorder adminRegionRecorder(task, context, typeMask, recorder, memoryReader);
+    pageMap->visitAllocations(adminRegionRecorder, memoryReader);
+
+    PageHeapAllocator<Span>* spanAllocator = memoryReader(mzone->m_spanAllocator);
+    PageHeapAllocator<TCMalloc_ThreadCache>* pageHeapAllocator = memoryReader(mzone->m_pageHeapAllocator);
+
+    spanAllocator->recordAdministrativeRegions(adminRegionRecorder, memoryReader);
+    pageHeapAllocator->recordAdministrativeRegions(adminRegionRecorder, memoryReader);
+
+    adminRegionRecorder.recordPendingRegions();
+
+    return 0;
+}
+
+size_t FastMallocZone::size(malloc_zone_t*, const void*)
+{
+    return 0;
+}
+
+void* FastMallocZone::zoneMalloc(malloc_zone_t*, size_t)
+{
+    return 0;
+}
+
+void* FastMallocZone::zoneCalloc(malloc_zone_t*, size_t, size_t)
+{
+    return 0;
+}
+
+void FastMallocZone::zoneFree(malloc_zone_t*, void* ptr)
+{
+    // Due to <rdar://problem/5671357> zoneFree may be called by the system free even if the pointer
+    // is not in this zone.  When this happens, the pointer being freed was not allocated by any
+    // zone so we need to print a useful error for the application developer.
+    malloc_printf("*** error for object %p: pointer being freed was not allocated\n", ptr);
+}
+
+void* FastMallocZone::zoneRealloc(malloc_zone_t*, void*, size_t)
+{
+    return 0;
+}
+
+
+#undef malloc
+#undef free
+#undef realloc
+#undef calloc
+
+extern "C" {
+malloc_introspection_t jscore_fastmalloc_introspection = { &FastMallocZone::enumerate, &FastMallocZone::goodSize, &FastMallocZone::check, &FastMallocZone::print,
+    &FastMallocZone::log, &FastMallocZone::forceLock, &FastMallocZone::forceUnlock, &FastMallocZone::statistics
+
+#if !defined(BUILDING_ON_TIGER) && !defined(BUILDING_ON_LEOPARD) && !PLATFORM(IPHONE)
+    , 0 // zone_locked will not be called on the zone unless it advertises itself as version five or higher.
+#endif
+
+    };
+}
+
+FastMallocZone::FastMallocZone(TCMalloc_PageHeap* pageHeap, TCMalloc_ThreadCache** threadHeaps, TCMalloc_Central_FreeListPadded* centralCaches, PageHeapAllocator<Span>* spanAllocator, PageHeapAllocator<TCMalloc_ThreadCache>* pageHeapAllocator)
+    : m_pageHeap(pageHeap)
+    , m_threadHeaps(threadHeaps)
+    , m_centralCaches(centralCaches)
+    , m_spanAllocator(spanAllocator)
+    , m_pageHeapAllocator(pageHeapAllocator)
+{
+    memset(&m_zone, 0, sizeof(m_zone));
+    m_zone.version = 4;
+    m_zone.zone_name = "JavaScriptCore FastMalloc";
+    m_zone.size = &FastMallocZone::size;
+    m_zone.malloc = &FastMallocZone::zoneMalloc;
+    m_zone.calloc = &FastMallocZone::zoneCalloc;
+    m_zone.realloc = &FastMallocZone::zoneRealloc;
+    m_zone.free = &FastMallocZone::zoneFree;
+    m_zone.valloc = &FastMallocZone::zoneValloc;
+    m_zone.destroy = &FastMallocZone::zoneDestroy;
+    m_zone.introspect = &jscore_fastmalloc_introspection;
+    malloc_zone_register(&m_zone);
+}
+
+
+void FastMallocZone::init()
+{
+    static FastMallocZone zone(pageheap, &thread_heaps, static_cast<TCMalloc_Central_FreeListPadded*>(central_cache), &span_allocator, &threadheap_allocator);
+}
+
+#endif
+
+#if WTF_CHANGES
+void releaseFastMallocFreeMemory()
+{
+    // Flush free pages in the current thread cache back to the page heap.
+    // Low watermark mechanism in Scavenge() prevents full return on the first pass.
+    // The second pass flushes everything.
+    if (TCMalloc_ThreadCache* threadCache = TCMalloc_ThreadCache::GetCacheIfPresent()) {
+        threadCache->Scavenge();
+        threadCache->Scavenge();
+    }
+
+    SpinLockHolder h(&pageheap_lock);
+    pageheap->ReleaseFreePages();
+}
+    
+FastMallocStatistics fastMallocStatistics()
+{
+    FastMallocStatistics statistics;
+    {
+        SpinLockHolder lockHolder(&pageheap_lock);
+        statistics.heapSize = static_cast<size_t>(pageheap->SystemBytes());
+        statistics.freeSizeInHeap = static_cast<size_t>(pageheap->FreeBytes());
+        statistics.returnedSize = pageheap->ReturnedBytes();
+        statistics.freeSizeInCaches = 0;
+        for (TCMalloc_ThreadCache* threadCache = thread_heaps; threadCache ; threadCache = threadCache->next_)
+            statistics.freeSizeInCaches += threadCache->Size();
+    }
+    for (unsigned cl = 0; cl < kNumClasses; ++cl) {
+        const int length = central_cache[cl].length();
+        const int tc_length = central_cache[cl].tc_length();
+        statistics.freeSizeInCaches += ByteSizeForClass(cl) * (length + tc_length);
+    }
+    return statistics;
+}
+
+} // namespace WTF
+#endif
+
+#endif // FORCE_SYSTEM_MALLOC
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.h
new file mode 100644
index 000000000..ca0961c96
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.h
@@ -0,0 +1,232 @@
+/*
+ *  Copyright (C) 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_FastMalloc_h
+#define WTF_FastMalloc_h
+
+#include "Platform.h"
+#include "PossiblyNull.h"
+#include <stdlib.h>
+#include <new>
+
+namespace WTF {
+
+    // These functions call CRASH() if an allocation fails.
+    void* fastMalloc(size_t);
+    void* fastZeroedMalloc(size_t);
+    void* fastCalloc(size_t numElements, size_t elementSize);
+    void* fastRealloc(void*, size_t);
+
+    struct TryMallocReturnValue {
+        TryMallocReturnValue(void* data)
+            : m_data(data)
+        {
+        }
+        TryMallocReturnValue(const TryMallocReturnValue& source)
+            : m_data(source.m_data)
+        {
+            source.m_data = 0;
+        }
+        ~TryMallocReturnValue() { ASSERT(!m_data); }
+        template <typename T> bool getValue(T& data) WARN_UNUSED_RETURN;
+        template <typename T> operator PossiblyNull<T>()
+        { 
+            T value; 
+            getValue(value); 
+            return PossiblyNull<T>(value);
+        } 
+    private:
+        mutable void* m_data;
+    };
+    
+    template <typename T> bool TryMallocReturnValue::getValue(T& data)
+    {
+        union u { void* data; T target; } res;
+        res.data = m_data;
+        data = res.target;
+        bool returnValue = !!m_data;
+        m_data = 0;
+        return returnValue;
+    }
+
+    TryMallocReturnValue tryFastMalloc(size_t n);
+    TryMallocReturnValue tryFastZeroedMalloc(size_t n);
+    TryMallocReturnValue tryFastCalloc(size_t n_elements, size_t element_size);
+    TryMallocReturnValue tryFastRealloc(void* p, size_t n);
+
+    void fastFree(void*);
+
+#ifndef NDEBUG    
+    void fastMallocForbid();
+    void fastMallocAllow();
+#endif
+
+    void releaseFastMallocFreeMemory();
+    
+    struct FastMallocStatistics {
+        size_t heapSize;
+        size_t freeSizeInHeap;
+        size_t freeSizeInCaches;
+        size_t returnedSize;
+    };
+    FastMallocStatistics fastMallocStatistics();
+
+    // This defines a type which holds an unsigned integer and is the same
+    // size as the minimally aligned memory allocation.
+    typedef unsigned long long AllocAlignmentInteger;
+
+    namespace Internal {
+        enum AllocType {                    // Start with an unusual number instead of zero, because zero is common.
+            AllocTypeMalloc = 0x375d6750,   // Encompasses fastMalloc, fastZeroedMalloc, fastCalloc, fastRealloc.
+            AllocTypeClassNew,              // Encompasses class operator new from FastAllocBase.
+            AllocTypeClassNewArray,         // Encompasses class operator new[] from FastAllocBase.
+            AllocTypeFastNew,               // Encompasses fastNew.
+            AllocTypeFastNewArray,          // Encompasses fastNewArray.
+            AllocTypeNew,                   // Encompasses global operator new.
+            AllocTypeNewArray               // Encompasses global operator new[].
+        };
+    }
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+
+    // Malloc validation is a scheme whereby a tag is attached to an
+    // allocation which identifies how it was originally allocated.
+    // This allows us to verify that the freeing operation matches the
+    // allocation operation. If memory is allocated with operator new[]
+    // but freed with free or delete, this system would detect that.
+    // In the implementation here, the tag is an integer prepended to
+    // the allocation memory which is assigned one of the AllocType
+    // enumeration values. An alternative implementation of this
+    // scheme could store the tag somewhere else or ignore it.
+    // Users of FastMalloc don't need to know or care how this tagging
+    // is implemented.
+
+    namespace Internal {
+
+        // Return the AllocType tag associated with the allocated block p.
+        inline AllocType fastMallocMatchValidationType(const void* p)
+        {
+            const AllocAlignmentInteger* type = static_cast<const AllocAlignmentInteger*>(p) - 1;
+            return static_cast<AllocType>(*type);
+        }
+
+        // Return the address of the AllocType tag associated with the allocated block p.
+        inline AllocAlignmentInteger* fastMallocMatchValidationValue(void* p)
+        {
+            return reinterpret_cast<AllocAlignmentInteger*>(static_cast<char*>(p) - sizeof(AllocAlignmentInteger));
+        }
+
+        // Set the AllocType tag to be associaged with the allocated block p.
+        inline void setFastMallocMatchValidationType(void* p, AllocType allocType)
+        {
+            AllocAlignmentInteger* type = static_cast<AllocAlignmentInteger*>(p) - 1;
+            *type = static_cast<AllocAlignmentInteger>(allocType);
+        }
+
+        // Handle a detected alloc/free mismatch. By default this calls CRASH().
+        void fastMallocMatchFailed(void* p);
+
+    } // namespace Internal
+
+    // This is a higher level function which is used by FastMalloc-using code.
+    inline void fastMallocMatchValidateMalloc(void* p, Internal::AllocType allocType)
+    {
+        if (!p)
+            return;
+
+        Internal::setFastMallocMatchValidationType(p, allocType);
+    }
+
+    // This is a higher level function which is used by FastMalloc-using code.
+    inline void fastMallocMatchValidateFree(void* p, Internal::AllocType allocType)
+    {
+        if (!p)
+            return;
+
+        if (Internal::fastMallocMatchValidationType(p) != allocType)
+            Internal::fastMallocMatchFailed(p);
+        Internal::setFastMallocMatchValidationType(p, Internal::AllocTypeMalloc);  // Set it to this so that fastFree thinks it's OK.
+    }
+
+#else
+
+    inline void fastMallocMatchValidateMalloc(void*, Internal::AllocType)
+    {
+    }
+
+    inline void fastMallocMatchValidateFree(void*, Internal::AllocType)
+    {
+    }
+
+#endif
+
+} // namespace WTF
+
+using WTF::fastMalloc;
+using WTF::fastZeroedMalloc;
+using WTF::fastCalloc;
+using WTF::fastRealloc;
+using WTF::tryFastMalloc;
+using WTF::tryFastZeroedMalloc;
+using WTF::tryFastCalloc;
+using WTF::tryFastRealloc;
+using WTF::fastFree;
+
+#ifndef NDEBUG    
+using WTF::fastMallocForbid;
+using WTF::fastMallocAllow;
+#endif
+
+#if COMPILER(GCC) && PLATFORM(DARWIN)
+#define WTF_PRIVATE_INLINE __private_extern__ inline __attribute__((always_inline))
+#elif COMPILER(GCC)
+#define WTF_PRIVATE_INLINE inline __attribute__((always_inline))
+#elif COMPILER(MSVC)
+#define WTF_PRIVATE_INLINE __forceinline
+#else
+#define WTF_PRIVATE_INLINE inline
+#endif
+
+#if !defined(_CRTDBG_MAP_ALLOC) && !(defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC)
+
+// The nothrow functions here are actually not all that helpful, because fastMalloc will
+// call CRASH() rather than returning 0, and returning 0 is what nothrow is all about.
+// But since WebKit code never uses exceptions or nothrow at all, this is probably OK.
+// Long term we will adopt FastAllocBase.h everywhere, and and replace this with
+// debug-only code to make sure we don't use the system malloc via the default operator
+// new by accident.
+
+// We musn't customize the global operator new and delete for the Qt port.
+#if !PLATFORM(QT)
+
+WTF_PRIVATE_INLINE void* operator new(size_t size) { return fastMalloc(size); }
+WTF_PRIVATE_INLINE void* operator new(size_t size, const std::nothrow_t&) throw() { return fastMalloc(size); }
+WTF_PRIVATE_INLINE void operator delete(void* p) { fastFree(p); }
+WTF_PRIVATE_INLINE void operator delete(void* p, const std::nothrow_t&) throw() { fastFree(p); }
+WTF_PRIVATE_INLINE void* operator new[](size_t size) { return fastMalloc(size); }
+WTF_PRIVATE_INLINE void* operator new[](size_t size, const std::nothrow_t&) throw() { return fastMalloc(size); }
+WTF_PRIVATE_INLINE void operator delete[](void* p) { fastFree(p); }
+WTF_PRIVATE_INLINE void operator delete[](void* p, const std::nothrow_t&) throw() { fastFree(p); }
+
+#endif
+
+#endif
+
+#endif /* WTF_FastMalloc_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Forward.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Forward.h
new file mode 100644
index 000000000..448de7d5a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Forward.h
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (C) 2006, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_Forward_h
+#define WTF_Forward_h
+
+#include <stddef.h>
+
+namespace WTF {
+    template<typename T> class ListRefPtr;
+    template<typename T> class OwnArrayPtr;
+    template<typename T> class OwnPtr;
+    template<typename T> class PassOwnPtr;
+    template<typename T> class PassRefPtr;
+    template<typename T> class RefPtr;
+    template<typename T, size_t inlineCapacity> class Vector;
+}
+
+using WTF::ListRefPtr;
+using WTF::OwnArrayPtr;
+using WTF::OwnPtr;
+using WTF::PassOwnPtr;
+using WTF::PassRefPtr;
+using WTF::RefPtr;
+using WTF::Vector;
+
+#endif // WTF_Forward_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.cpp
new file mode 100644
index 000000000..432885f1c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.cpp
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2008 Collabora Ltd.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#include "config.h"
+#include "GOwnPtr.h"
+
+namespace WTF {
+
+template <> void freeOwnedGPtr<GError>(GError* ptr)
+{
+    if (ptr)
+        g_error_free(ptr);
+}
+
+template <> void freeOwnedGPtr<GList>(GList* ptr)
+{
+    g_list_free(ptr);
+}
+
+template <> void freeOwnedGPtr<GCond>(GCond* ptr)
+{
+    if (ptr)
+        g_cond_free(ptr);
+}
+
+template <> void freeOwnedGPtr<GMutex>(GMutex* ptr)
+{
+    if (ptr)
+        g_mutex_free(ptr);
+}
+
+template <> void freeOwnedGPtr<GPatternSpec>(GPatternSpec* ptr)
+{
+    if (ptr)
+        g_pattern_spec_free(ptr);
+}
+
+template <> void freeOwnedGPtr<GDir>(GDir* ptr)
+{
+    if (ptr)
+        g_dir_close(ptr);
+}
+
+template <> void freeOwnedGPtr<GHashTable>(GHashTable* ptr)
+{
+    if (ptr)
+        g_hash_table_unref(ptr);
+}
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.h
new file mode 100644
index 000000000..499334852
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GOwnPtr.h
@@ -0,0 +1,98 @@
+/*
+ *  Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008 Collabora Ltd.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef GOwnPtr_h
+#define GOwnPtr_h
+
+#include <algorithm>
+#include <glib.h>
+#include <wtf/Assertions.h>
+#include <wtf/Noncopyable.h>
+
+namespace WTF {
+    template <typename T> inline void freeOwnedGPtr(T* ptr) { g_free(reinterpret_cast<void*>(ptr)); }
+    template<> void freeOwnedGPtr<GError>(GError*);
+    template<> void freeOwnedGPtr<GList>(GList*);
+    template<> void freeOwnedGPtr<GCond>(GCond*);
+    template<> void freeOwnedGPtr<GMutex>(GMutex*);
+    template<> void freeOwnedGPtr<GPatternSpec>(GPatternSpec*);
+    template<> void freeOwnedGPtr<GDir>(GDir*);
+    template<> void freeOwnedGPtr<GHashTable>(GHashTable*);
+
+    template <typename T> class GOwnPtr : public Noncopyable {
+    public:
+        explicit GOwnPtr(T* ptr = 0) : m_ptr(ptr) { }
+        ~GOwnPtr() { freeOwnedGPtr(m_ptr); }
+
+        T* get() const { return m_ptr; }
+        T* release() { T* ptr = m_ptr; m_ptr = 0; return ptr; }
+        T*& outPtr() { ASSERT(!m_ptr); return m_ptr; }
+
+        void set(T* ptr) { ASSERT(!ptr || m_ptr != ptr); freeOwnedGPtr(m_ptr); m_ptr = ptr; }
+        void clear() { freeOwnedGPtr(m_ptr); m_ptr = 0; }
+
+        T& operator*() const { ASSERT(m_ptr); return *m_ptr; }
+        T* operator->() const { ASSERT(m_ptr); return m_ptr; }
+
+        bool operator!() const { return !m_ptr; }
+
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+        typedef T* GOwnPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &GOwnPtr::m_ptr : 0; }
+
+        void swap(GOwnPtr& o) { std::swap(m_ptr, o.m_ptr); }
+
+    private:
+        T* m_ptr;
+    };
+    
+    template <typename T> inline void swap(GOwnPtr<T>& a, GOwnPtr<T>& b) { a.swap(b); }
+
+    template <typename T, typename U> inline bool operator==(const GOwnPtr<T>& a, U* b)
+    { 
+        return a.get() == b; 
+    }
+    
+    template <typename T, typename U> inline bool operator==(T* a, const GOwnPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const GOwnPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+
+    template <typename T, typename U> inline bool operator!=(T* a, const GOwnPtr<U>& b)
+    { 
+        return a != b.get(); 
+    }
+    
+    template <typename T> inline typename GOwnPtr<T>::PtrType getPtr(const GOwnPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::GOwnPtr;
+
+#endif // GOwnPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GetPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GetPtr.h
new file mode 100644
index 000000000..25a0e6d9b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/GetPtr.h
@@ -0,0 +1,33 @@
+/*
+ *  Copyright (C) 2006 Apple Computer, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_GetPtr_h
+#define WTF_GetPtr_h
+
+namespace WTF {
+
+    template <typename T> inline T* getPtr(T* p)
+    {
+        return p;
+    }
+
+} // namespace WTF
+
+#endif // WTF_GetPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashCountedSet.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashCountedSet.h
new file mode 100644
index 000000000..5fb6da8ea
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashCountedSet.h
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2005, 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashCountedSet_h
+#define WTF_HashCountedSet_h
+
+#include "Assertions.h"
+#include "FastAllocBase.h"
+#include "HashMap.h"
+#include "Vector.h"
+
+namespace WTF {
+
+    template<typename Value, typename HashFunctions = typename DefaultHash<Value>::Hash,
+        typename Traits = HashTraits<Value> > class HashCountedSet : public FastAllocBase {
+    private:
+        typedef HashMap<Value, unsigned, HashFunctions, Traits> ImplType;
+    public:
+        typedef Value ValueType;
+        typedef typename ImplType::iterator iterator;
+        typedef typename ImplType::const_iterator const_iterator;
+        
+        HashCountedSet() {}
+        
+        int size() const;
+        int capacity() const;
+        bool isEmpty() const;
+        
+        // iterators iterate over pairs of values and counts
+        iterator begin();
+        iterator end();
+        const_iterator begin() const;
+        const_iterator end() const;
+        
+        iterator find(const ValueType&);
+        const_iterator find(const ValueType&) const;
+        bool contains(const ValueType&) const;
+        unsigned count(const ValueType&) const;
+
+        // increases the count if an equal value is already present
+        // the return value is a pair of an interator to the new value's location, 
+        // and a bool that is true if an new entry was added
+        std::pair<iterator, bool> add(const ValueType&);
+        
+        // reduces the count of the value, and removes it if count
+        // goes down to zero
+        void remove(const ValueType&);
+        void remove(iterator);
+ 
+        // removes the value, regardless of its count
+        void clear(iterator);
+        void clear(const ValueType&);
+
+        // clears the whole set
+        void clear();
+
+    private:
+        ImplType m_impl;
+    };
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline int HashCountedSet<Value, HashFunctions, Traits>::size() const
+    {
+        return m_impl.size(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline int HashCountedSet<Value, HashFunctions, Traits>::capacity() const
+    {
+        return m_impl.capacity(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline bool HashCountedSet<Value, HashFunctions, Traits>::isEmpty() const
+    {
+        return size() == 0; 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::iterator HashCountedSet<Value, HashFunctions, Traits>::begin()
+    {
+        return m_impl.begin(); 
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::iterator HashCountedSet<Value, HashFunctions, Traits>::end()
+    {
+        return m_impl.end(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::const_iterator HashCountedSet<Value, HashFunctions, Traits>::begin() const
+    {
+        return m_impl.begin(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::const_iterator HashCountedSet<Value, HashFunctions, Traits>::end() const
+    {
+        return m_impl.end(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::iterator HashCountedSet<Value, HashFunctions, Traits>::find(const ValueType& value)
+    {
+        return m_impl.find(value); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline typename HashCountedSet<Value, HashFunctions, Traits>::const_iterator HashCountedSet<Value, HashFunctions, Traits>::find(const ValueType& value) const
+    {
+        return m_impl.find(value); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline bool HashCountedSet<Value, HashFunctions, Traits>::contains(const ValueType& value) const
+    {
+        return m_impl.contains(value); 
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline unsigned HashCountedSet<Value, HashFunctions, Traits>::count(const ValueType& value) const
+    {
+        return m_impl.get(value);
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline std::pair<typename HashCountedSet<Value, HashFunctions, Traits>::iterator, bool> HashCountedSet<Value, HashFunctions, Traits>::add(const ValueType &value)
+    {
+        pair<iterator, bool> result = m_impl.add(value, 0); 
+        ++result.first->second;
+        return result;
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void HashCountedSet<Value, HashFunctions, Traits>::remove(const ValueType& value)
+    {
+        remove(find(value));
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void HashCountedSet<Value, HashFunctions, Traits>::remove(iterator it)
+    {
+        if (it == end())
+            return;
+
+        unsigned oldVal = it->second;
+        ASSERT(oldVal != 0);
+        unsigned newVal = oldVal - 1;
+        if (newVal == 0)
+            m_impl.remove(it);
+        else
+            it->second = newVal;
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void HashCountedSet<Value, HashFunctions, Traits>::clear(const ValueType& value)
+    {
+        clear(find(value));
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void HashCountedSet<Value, HashFunctions, Traits>::clear(iterator it)
+    {
+        if (it == end())
+            return;
+
+        m_impl.remove(it);
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void HashCountedSet<Value, HashFunctions, Traits>::clear()
+    {
+        m_impl.clear(); 
+    }
+    
+    template<typename Value, typename HashFunctions, typename Traits, typename VectorType>
+    inline void copyToVector(const HashCountedSet<Value, HashFunctions, Traits>& collection, VectorType& vector)
+    {
+        typedef typename HashCountedSet<Value, HashFunctions, Traits>::const_iterator iterator;
+        
+        vector.resize(collection.size());
+        
+        iterator it = collection.begin();
+        iterator end = collection.end();
+        for (unsigned i = 0; it != end; ++it, ++i)
+            vector[i] = *it;
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    inline void copyToVector(const HashCountedSet<Value, HashFunctions, Traits>& collection, Vector<Value>& vector)
+    {
+        typedef typename HashCountedSet<Value, HashFunctions, Traits>::const_iterator iterator;
+        
+        vector.resize(collection.size());
+        
+        iterator it = collection.begin();
+        iterator end = collection.end();
+        for (unsigned i = 0; it != end; ++it, ++i)
+            vector[i] = (*it).first;
+    }
+
+
+} // namespace khtml
+
+using WTF::HashCountedSet;
+
+#endif /* WTF_HashCountedSet_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashFunctions.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashFunctions.h
new file mode 100644
index 000000000..13afb723d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashFunctions.h
@@ -0,0 +1,186 @@
+/*
+ * Copyright (C) 2005, 2006, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashFunctions_h
+#define WTF_HashFunctions_h
+
+#include "RefPtr.h"
+#include <stdint.h>
+
+namespace WTF {
+
+    template<size_t size> struct IntTypes;
+    template<> struct IntTypes<1> { typedef int8_t SignedType; typedef uint8_t UnsignedType; };
+    template<> struct IntTypes<2> { typedef int16_t SignedType; typedef uint16_t UnsignedType; };
+    template<> struct IntTypes<4> { typedef int32_t SignedType; typedef uint32_t UnsignedType; };
+    template<> struct IntTypes<8> { typedef int64_t SignedType; typedef uint64_t UnsignedType; };
+
+    // integer hash function
+
+    // Thomas Wang's 32 Bit Mix Function: http://www.cris.com/~Ttwang/tech/inthash.htm
+    inline unsigned intHash(uint8_t key8)
+    {
+        unsigned key = key8;
+        key += ~(key << 15);
+        key ^= (key >> 10);
+        key += (key << 3);
+        key ^= (key >> 6);
+        key += ~(key << 11);
+        key ^= (key >> 16);
+        return key;
+    }
+
+    // Thomas Wang's 32 Bit Mix Function: http://www.cris.com/~Ttwang/tech/inthash.htm
+    inline unsigned intHash(uint16_t key16)
+    {
+        unsigned key = key16;
+        key += ~(key << 15);
+        key ^= (key >> 10);
+        key += (key << 3);
+        key ^= (key >> 6);
+        key += ~(key << 11);
+        key ^= (key >> 16);
+        return key;
+    }
+
+    // Thomas Wang's 32 Bit Mix Function: http://www.cris.com/~Ttwang/tech/inthash.htm
+    inline unsigned intHash(uint32_t key) 
+    {
+        key += ~(key << 15);
+        key ^= (key >> 10);
+        key += (key << 3);
+        key ^= (key >> 6);
+        key += ~(key << 11);
+        key ^= (key >> 16);
+        return key;
+    }
+    
+    // Thomas Wang's 64 bit Mix Function: http://www.cris.com/~Ttwang/tech/inthash.htm
+    inline unsigned intHash(uint64_t key)
+    {
+        key += ~(key << 32);
+        key ^= (key >> 22);
+        key += ~(key << 13);
+        key ^= (key >> 8);
+        key += (key << 3);
+        key ^= (key >> 15);
+        key += ~(key << 27);
+        key ^= (key >> 31);
+        return static_cast<unsigned>(key);
+    }
+
+    template<typename T> struct IntHash {
+        static unsigned hash(T key) { return intHash(static_cast<typename IntTypes<sizeof(T)>::UnsignedType>(key)); }
+        static bool equal(T a, T b) { return a == b; }
+        static const bool safeToCompareToEmptyOrDeleted = true;
+    };
+
+    template<typename T> struct FloatHash {
+        static unsigned hash(T key)
+        {
+            union {
+                T key;
+                typename IntTypes<sizeof(T)>::UnsignedType bits;
+            } u;
+            u.key = key;
+            return intHash(u.bits);
+        }
+        static bool equal(T a, T b) { return a == b; }
+        static const bool safeToCompareToEmptyOrDeleted = true;
+    };
+
+    // pointer identity hash function
+
+    template<typename T> struct PtrHash {
+        static unsigned hash(T key)
+        {
+#if COMPILER(MSVC)
+#pragma warning(push)
+#pragma warning(disable: 4244) // work around what seems to be a bug in MSVC's conversion warnings
+#endif
+            return IntHash<uintptr_t>::hash(reinterpret_cast<uintptr_t>(key));
+#if COMPILER(MSVC)
+#pragma warning(pop)
+#endif
+        }
+        static bool equal(T a, T b) { return a == b; }
+        static const bool safeToCompareToEmptyOrDeleted = true;
+    };
+    template<typename P> struct PtrHash<RefPtr<P> > : PtrHash<P*> {
+        using PtrHash<P*>::hash;
+        static unsigned hash(const RefPtr<P>& key) { return hash(key.get()); }
+        using PtrHash<P*>::equal;
+        static bool equal(const RefPtr<P>& a, const RefPtr<P>& b) { return a == b; }
+        static bool equal(P* a, const RefPtr<P>& b) { return a == b; }
+        static bool equal(const RefPtr<P>& a, P* b) { return a == b; }
+    };
+
+    // default hash function for each type
+
+    template<typename T> struct DefaultHash;
+
+    template<typename T, typename U> struct PairHash {
+        static unsigned hash(const std::pair<T, U>& p)
+        {
+            return intHash((static_cast<uint64_t>(DefaultHash<T>::Hash::hash(p.first)) << 32 | DefaultHash<U>::Hash::hash(p.second)));
+        }
+        static bool equal(const std::pair<T, U>& a, const std::pair<T, U>& b)
+        {
+            return DefaultHash<T>::Hash::equal(a.first, b.first) && DefaultHash<U>::Hash::equal(a.second, b.second);
+        }
+        static const bool safeToCompareToEmptyOrDeleted = DefaultHash<T>::Hash::safeToCompareToEmptyOrDeleted 
+                                                            && DefaultHash<U>::Hash::safeToCompareToEmptyOrDeleted;
+    };
+
+    // make IntHash the default hash function for many integer types
+
+    template<> struct DefaultHash<short> { typedef IntHash<unsigned> Hash; };
+    template<> struct DefaultHash<unsigned short> { typedef IntHash<unsigned> Hash; };
+    template<> struct DefaultHash<int> { typedef IntHash<unsigned> Hash; };
+    template<> struct DefaultHash<unsigned> { typedef IntHash<unsigned> Hash; };
+    template<> struct DefaultHash<long> { typedef IntHash<unsigned long> Hash; };
+    template<> struct DefaultHash<unsigned long> { typedef IntHash<unsigned long> Hash; };
+    template<> struct DefaultHash<long long> { typedef IntHash<unsigned long long> Hash; };
+    template<> struct DefaultHash<unsigned long long> { typedef IntHash<unsigned long long> Hash; };
+
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    template<> struct DefaultHash<wchar_t> { typedef IntHash<wchar_t> Hash; };
+#endif
+
+    template<> struct DefaultHash<float> { typedef FloatHash<float> Hash; };
+    template<> struct DefaultHash<double> { typedef FloatHash<double> Hash; };
+
+    // make PtrHash the default hash function for pointer types that don't specialize
+
+    template<typename P> struct DefaultHash<P*> { typedef PtrHash<P*> Hash; };
+    template<typename P> struct DefaultHash<RefPtr<P> > { typedef PtrHash<RefPtr<P> > Hash; };
+
+    template<typename T, typename U> struct DefaultHash<std::pair<T, U> > { typedef PairHash<T, U> Hash; };
+    
+    // Golden ratio - arbitrary start value to avoid mapping all 0's to all 0's
+    static const unsigned stringHashingStartValue = 0x9e3779b9U;
+
+} // namespace WTF
+
+using WTF::DefaultHash;
+using WTF::IntHash;
+using WTF::PtrHash;
+
+#endif // WTF_HashFunctions_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashIterators.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashIterators.h
new file mode 100644
index 000000000..682c83b4d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashIterators.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_HashIterators_h
+#define WTF_HashIterators_h
+
+namespace WTF {
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableConstKeysIterator;
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableConstValuesIterator;
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableKeysIterator;
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableValuesIterator;
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableConstIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > {
+    private:
+        typedef std::pair<KeyType, MappedType> ValueType;
+    public:
+        typedef HashTableConstKeysIterator<HashTableType, KeyType, MappedType> Keys;
+        typedef HashTableConstValuesIterator<HashTableType, KeyType, MappedType> Values;
+
+        HashTableConstIteratorAdapter(const typename HashTableType::const_iterator& impl) : m_impl(impl) {}
+
+        const ValueType* get() const { return (const ValueType*)m_impl.get(); }
+        const ValueType& operator*() const { return *get(); }
+        const ValueType* operator->() const { return get(); }
+
+        HashTableConstIteratorAdapter& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        Keys keys() { return Keys(*this); }
+        Values values() { return Values(*this); }
+
+        typename HashTableType::const_iterator m_impl;
+    };
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > {
+    private:
+        typedef std::pair<KeyType, MappedType> ValueType;
+    public:
+        typedef HashTableKeysIterator<HashTableType, KeyType, MappedType> Keys;
+        typedef HashTableValuesIterator<HashTableType, KeyType, MappedType> Values;
+
+        HashTableIteratorAdapter(const typename HashTableType::iterator& impl) : m_impl(impl) {}
+
+        ValueType* get() const { return (ValueType*)m_impl.get(); }
+        ValueType& operator*() const { return *get(); }
+        ValueType* operator->() const { return get(); }
+
+        HashTableIteratorAdapter& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        operator HashTableConstIteratorAdapter<HashTableType, ValueType>() {
+            typename HashTableType::const_iterator i = m_impl;
+            return i;
+        }
+
+        Keys keys() { return Keys(*this); }
+        Values values() { return Values(*this); }
+
+        typename HashTableType::iterator m_impl;
+    };
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableConstKeysIterator {
+    private:
+        typedef HashTableConstIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > ConstIterator;
+
+    public:
+        HashTableConstKeysIterator(const ConstIterator& impl) : m_impl(impl) {}
+        
+        const KeyType* get() const { return &(m_impl.get()->first); }
+        const KeyType& operator*() const { return *get(); }
+        const KeyType* operator->() const { return get(); }
+
+        HashTableConstKeysIterator& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        ConstIterator m_impl;
+    };
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableConstValuesIterator {
+    private:
+        typedef HashTableConstIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > ConstIterator;
+
+    public:
+        HashTableConstValuesIterator(const ConstIterator& impl) : m_impl(impl) {}
+        
+        const MappedType* get() const { return &(m_impl.get()->second); }
+        const MappedType& operator*() const { return *get(); }
+        const MappedType* operator->() const { return get(); }
+
+        HashTableConstValuesIterator& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        ConstIterator m_impl;
+    };
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableKeysIterator {
+    private:
+        typedef HashTableIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > Iterator;
+        typedef HashTableConstIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > ConstIterator;
+
+    public:
+        HashTableKeysIterator(const Iterator& impl) : m_impl(impl) {}
+        
+        KeyType* get() const { return &(m_impl.get()->first); }
+        KeyType& operator*() const { return *get(); }
+        KeyType* operator->() const { return get(); }
+
+        HashTableKeysIterator& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        operator HashTableConstKeysIterator<HashTableType, KeyType, MappedType>() {
+            ConstIterator i = m_impl;
+            return i;
+        }
+
+        Iterator m_impl;
+    };
+
+    template<typename HashTableType, typename KeyType, typename MappedType> struct HashTableValuesIterator {
+    private:
+        typedef HashTableIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > Iterator;
+        typedef HashTableConstIteratorAdapter<HashTableType, std::pair<KeyType, MappedType> > ConstIterator;
+
+    public:
+        HashTableValuesIterator(const Iterator& impl) : m_impl(impl) {}
+        
+        MappedType* get() const { return &(m_impl.get()->second); }
+        MappedType& operator*() const { return *get(); }
+        MappedType* operator->() const { return get(); }
+
+        HashTableValuesIterator& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        operator HashTableConstValuesIterator<HashTableType, KeyType, MappedType>() {
+            ConstIterator i = m_impl;
+            return i;
+        }
+
+        Iterator m_impl;
+    };
+
+    template<typename T, typename U, typename V>
+        inline bool operator==(const HashTableConstKeysIterator<T, U, V>& a, const HashTableConstKeysIterator<T, U, V>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator!=(const HashTableConstKeysIterator<T, U, V>& a, const HashTableConstKeysIterator<T, U, V>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator==(const HashTableConstValuesIterator<T, U, V>& a, const HashTableConstValuesIterator<T, U, V>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator!=(const HashTableConstValuesIterator<T, U, V>& a, const HashTableConstValuesIterator<T, U, V>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator==(const HashTableKeysIterator<T, U, V>& a, const HashTableKeysIterator<T, U, V>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator!=(const HashTableKeysIterator<T, U, V>& a, const HashTableKeysIterator<T, U, V>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator==(const HashTableValuesIterator<T, U, V>& a, const HashTableValuesIterator<T, U, V>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U, typename V>
+        inline bool operator!=(const HashTableValuesIterator<T, U, V>& a, const HashTableValuesIterator<T, U, V>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+
+} // namespace WTF
+
+#endif // WTF_HashIterators_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashMap.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashMap.h
new file mode 100644
index 000000000..8ff917006
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashMap.h
@@ -0,0 +1,337 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashMap_h
+#define WTF_HashMap_h
+
+#include "HashTable.h"
+
+namespace WTF {
+
+    template<typename PairType> struct PairFirstExtractor;
+
+    template<typename KeyArg, typename MappedArg, typename HashArg = typename DefaultHash<KeyArg>::Hash,
+        typename KeyTraitsArg = HashTraits<KeyArg>, typename MappedTraitsArg = HashTraits<MappedArg> >
+    class HashMap : public FastAllocBase {
+    private:
+        typedef KeyTraitsArg KeyTraits;
+        typedef MappedTraitsArg MappedTraits;
+        typedef PairHashTraits<KeyTraits, MappedTraits> ValueTraits;
+
+    public:
+        typedef typename KeyTraits::TraitType KeyType;
+        typedef typename MappedTraits::TraitType MappedType;
+        typedef typename ValueTraits::TraitType ValueType;
+
+    private:
+        typedef HashArg HashFunctions;
+
+        typedef HashTable<KeyType, ValueType, PairFirstExtractor<ValueType>,
+            HashFunctions, ValueTraits, KeyTraits> HashTableType;
+
+    public:
+        typedef HashTableIteratorAdapter<HashTableType, ValueType> iterator;
+        typedef HashTableConstIteratorAdapter<HashTableType, ValueType> const_iterator;
+
+        void swap(HashMap&);
+
+        int size() const;
+        int capacity() const;
+        bool isEmpty() const;
+
+        // iterators iterate over pairs of keys and values
+        iterator begin();
+        iterator end();
+        const_iterator begin() const;
+        const_iterator end() const;
+
+        iterator find(const KeyType&);
+        const_iterator find(const KeyType&) const;
+        bool contains(const KeyType&) const;
+        MappedType get(const KeyType&) const;
+
+        // replaces value but not key if key is already present
+        // return value is a pair of the iterator to the key location, 
+        // and a boolean that's true if a new value was actually added
+        pair<iterator, bool> set(const KeyType&, const MappedType&); 
+
+        // does nothing if key is already present
+        // return value is a pair of the iterator to the key location, 
+        // and a boolean that's true if a new value was actually added
+        pair<iterator, bool> add(const KeyType&, const MappedType&); 
+
+        void remove(const KeyType&);
+        void remove(iterator);
+        void clear();
+
+        MappedType take(const KeyType&); // efficient combination of get with remove
+
+    private:
+        pair<iterator, bool> inlineAdd(const KeyType&, const MappedType&);
+
+        HashTableType m_impl;
+    };
+
+    template<typename PairType> struct PairFirstExtractor {
+        static const typename PairType::first_type& extract(const PairType& p) { return p.first; }
+    };
+
+    template<typename ValueType, typename ValueTraits, typename HashFunctions>
+    struct HashMapTranslator {
+        typedef typename ValueType::first_type KeyType;
+        typedef typename ValueType::second_type MappedType;
+
+        static unsigned hash(const KeyType& key) { return HashFunctions::hash(key); }
+        static bool equal(const KeyType& a, const KeyType& b) { return HashFunctions::equal(a, b); }
+        static void translate(ValueType& location, const KeyType& key, const MappedType& mapped)
+        {
+            location.first = key;
+            location.second = mapped;
+        }
+    };
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void HashMap<T, U, V, W, X>::swap(HashMap& other)
+    {
+        m_impl.swap(other.m_impl); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline int HashMap<T, U, V, W, X>::size() const
+    {
+        return m_impl.size(); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline int HashMap<T, U, V, W, X>::capacity() const
+    { 
+        return m_impl.capacity(); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool HashMap<T, U, V, W, X>::isEmpty() const
+    {
+        return m_impl.isEmpty();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::iterator HashMap<T, U, V, W, X>::begin()
+    {
+        return m_impl.begin();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::iterator HashMap<T, U, V, W, X>::end()
+    {
+        return m_impl.end();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::const_iterator HashMap<T, U, V, W, X>::begin() const
+    {
+        return m_impl.begin();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::const_iterator HashMap<T, U, V, W, X>::end() const
+    {
+        return m_impl.end();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::iterator HashMap<T, U, V, W, X>::find(const KeyType& key)
+    {
+        return m_impl.find(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename HashMap<T, U, V, W, X>::const_iterator HashMap<T, U, V, W, X>::find(const KeyType& key) const
+    {
+        return m_impl.find(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool HashMap<T, U, V, W, X>::contains(const KeyType& key) const
+    {
+        return m_impl.contains(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline pair<typename HashMap<T, U, V, W, X>::iterator, bool>
+    HashMap<T, U, V, W, X>::inlineAdd(const KeyType& key, const MappedType& mapped) 
+    {
+        typedef HashMapTranslator<ValueType, ValueTraits, HashFunctions> TranslatorType;
+        pair<typename HashTableType::iterator, bool> p = m_impl.template add<KeyType, MappedType, TranslatorType>(key, mapped);
+	typename HashMap<T, U, V, W, X>::iterator temp = p.first;
+        return make_pair<typename HashMap<T, U, V, W, X>::iterator, bool>(temp, p.second);
+//      return m_impl.template add<KeyType, MappedType, TranslatorType>(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename HashMap<T, U, V, W, X>::iterator, bool>
+    HashMap<T, U, V, W, X>::set(const KeyType& key, const MappedType& mapped) 
+    {
+        pair<iterator, bool> result = inlineAdd(key, mapped);
+        if (!result.second) {
+            // add call above didn't change anything, so set the mapped value
+            result.first->second = mapped;
+        }
+        return result;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename HashMap<T, U, V, W, X>::iterator, bool>
+    HashMap<T, U, V, W, X>::add(const KeyType& key, const MappedType& mapped)
+    {
+        return inlineAdd(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename HashMap<T, U, V, W, MappedTraits>::MappedType
+    HashMap<T, U, V, W, MappedTraits>::get(const KeyType& key) const
+    {
+        ValueType* entry = const_cast<HashTableType&>(m_impl).lookup(key);
+        if (!entry)
+            return MappedTraits::emptyValue();
+        return entry->second;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void HashMap<T, U, V, W, X>::remove(iterator it)
+    {
+        if (it.m_impl == m_impl.end())
+            return;
+        m_impl.checkTableConsistency();
+        m_impl.removeWithoutEntryConsistencyCheck(it.m_impl);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void HashMap<T, U, V, W, X>::remove(const KeyType& key)
+    {
+        remove(find(key));
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void HashMap<T, U, V, W, X>::clear()
+    {
+        m_impl.clear();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename HashMap<T, U, V, W, MappedTraits>::MappedType
+    HashMap<T, U, V, W, MappedTraits>::take(const KeyType& key)
+    {
+        // This can probably be made more efficient to avoid ref/deref churn.
+        iterator it = find(key);
+        if (it == end())
+            return MappedTraits::emptyValue();
+        typename HashMap<T, U, V, W, MappedTraits>::MappedType result = it->second;
+        remove(it);
+        return result;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    bool operator==(const HashMap<T, U, V, W, X>& a, const HashMap<T, U, V, W, X>& b)
+    {
+        if (a.size() != b.size())
+            return false;
+
+        typedef typename HashMap<T, U, V, W, X>::const_iterator const_iterator;
+
+        const_iterator end = a.end();
+        const_iterator notFound = b.end();
+        for (const_iterator it = a.begin(); it != end; ++it) {
+            const_iterator bPos = b.find(it->first);
+            if (bPos == notFound || it->second != bPos->second)
+                return false;
+        }
+
+        return true;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool operator!=(const HashMap<T, U, V, W, X>& a, const HashMap<T, U, V, W, X>& b)
+    {
+        return !(a == b);
+    }
+
+    template<typename MappedType, typename HashTableType>
+    void deleteAllPairSeconds(HashTableType& collection)
+    {
+        typedef typename HashTableType::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete it->second;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void deleteAllValues(const HashMap<T, U, V, W, X>& collection)
+    {
+        deleteAllPairSeconds<typename HashMap<T, U, V, W, X>::MappedType>(collection);
+    }
+
+    template<typename KeyType, typename HashTableType>
+    void deleteAllPairFirsts(HashTableType& collection)
+    {
+        typedef typename HashTableType::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete it->first;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void deleteAllKeys(const HashMap<T, U, V, W, X>& collection)
+    {
+        deleteAllPairFirsts<typename HashMap<T, U, V, W, X>::KeyType>(collection);
+    }
+    
+    template<typename T, typename U, typename V, typename W, typename X, typename Y>
+    inline void copyKeysToVector(const HashMap<T, U, V, W, X>& collection, Y& vector)
+    {
+        typedef typename HashMap<T, U, V, W, X>::const_iterator::Keys iterator;
+        
+        vector.resize(collection.size());
+        
+        iterator it = collection.begin().keys();
+        iterator end = collection.end().keys();
+        for (unsigned i = 0; it != end; ++it, ++i)
+            vector[i] = *it;
+    }  
+
+    template<typename T, typename U, typename V, typename W, typename X, typename Y>
+    inline void copyValuesToVector(const HashMap<T, U, V, W, X>& collection, Y& vector)
+    {
+        typedef typename HashMap<T, U, V, W, X>::const_iterator::Values iterator;
+        
+        vector.resize(collection.size());
+        
+        iterator it = collection.begin().values();
+        iterator end = collection.end().values();
+        for (unsigned i = 0; it != end; ++it, ++i)
+            vector[i] = *it;
+    }   
+
+} // namespace WTF
+
+using WTF::HashMap;
+
+#include "RefPtrHashMap.h"
+
+#endif /* WTF_HashMap_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashSet.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashSet.h
new file mode 100644
index 000000000..3906a36b2
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashSet.h
@@ -0,0 +1,296 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashSet_h
+#define WTF_HashSet_h
+
+#include "FastAllocBase.h"
+#include "HashTable.h"
+
+namespace WTF {
+
+    template<typename Value, typename HashFunctions, typename Traits> class HashSet;
+    template<typename Value, typename HashFunctions, typename Traits>
+    void deleteAllValues(const HashSet<Value, HashFunctions, Traits>&);
+    template<typename Value, typename HashFunctions, typename Traits>
+    void fastDeleteAllValues(const HashSet<Value, HashFunctions, Traits>&);
+
+    template<typename T> struct IdentityExtractor;
+
+    template<typename ValueArg, typename HashArg = typename DefaultHash<ValueArg>::Hash,
+        typename TraitsArg = HashTraits<ValueArg> > class HashSet : public FastAllocBase {
+    private:
+        typedef HashArg HashFunctions;
+        typedef TraitsArg ValueTraits;
+
+    public:
+        typedef typename ValueTraits::TraitType ValueType;
+
+    private:
+        typedef HashTable<ValueType, ValueType, IdentityExtractor<ValueType>,
+            HashFunctions, ValueTraits, ValueTraits> HashTableType;
+
+    public:
+        typedef HashTableIteratorAdapter<HashTableType, ValueType> iterator;
+        typedef HashTableConstIteratorAdapter<HashTableType, ValueType> const_iterator;
+
+        void swap(HashSet&);
+
+        int size() const;
+        int capacity() const;
+        bool isEmpty() const;
+
+        iterator begin();
+        iterator end();
+        const_iterator begin() const;
+        const_iterator end() const;
+
+        iterator find(const ValueType&);
+        const_iterator find(const ValueType&) const;
+        bool contains(const ValueType&) const;
+
+        // An alternate version of find() that finds the object by hashing and comparing
+        // with some other type, to avoid the cost of type conversion. HashTranslator
+        // must have the following function members:
+        //   static unsigned hash(const T&);
+        //   static bool equal(const ValueType&, const T&);
+        template<typename T, typename HashTranslator> iterator find(const T&);
+        template<typename T, typename HashTranslator> const_iterator find(const T&) const;
+        template<typename T, typename HashTranslator> bool contains(const T&) const;
+
+        // The return value is a pair of an interator to the new value's location, 
+        // and a bool that is true if an new entry was added.
+        pair<iterator, bool> add(const ValueType&);
+
+        // An alternate version of add() that finds the object by hashing and comparing
+        // with some other type, to avoid the cost of type conversion if the object is already
+        // in the table. HashTranslator must have the following methods:
+        //   static unsigned hash(const T&);
+        //   static bool equal(const ValueType&, const T&);
+        //   static translate(ValueType&, const T&, unsigned hashCode);
+        template<typename T, typename HashTranslator> pair<iterator, bool> add(const T&);
+
+        void remove(const ValueType&);
+        void remove(iterator);
+        void clear();
+
+    private:
+        friend void deleteAllValues<>(const HashSet&);
+        friend void fastDeleteAllValues<>(const HashSet&);
+
+        HashTableType m_impl;
+    };
+
+    template<typename T> struct IdentityExtractor {
+        static const T& extract(const T& t) { return t; }
+    };
+
+    template<typename ValueType, typename ValueTraits, typename T, typename Translator>
+    struct HashSetTranslatorAdapter {
+        static unsigned hash(const T& key) { return Translator::hash(key); }
+        static bool equal(const ValueType& a, const T& b) { return Translator::equal(a, b); }
+        static void translate(ValueType& location, const T& key, const T&, unsigned hashCode)
+        {
+            Translator::translate(location, key, hashCode);
+        }
+    };
+
+    template<typename T, typename U, typename V>
+    inline void HashSet<T, U, V>::swap(HashSet& other)
+    {
+        m_impl.swap(other.m_impl); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline int HashSet<T, U, V>::size() const
+    {
+        return m_impl.size(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline int HashSet<T, U, V>::capacity() const
+    {
+        return m_impl.capacity(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline bool HashSet<T, U, V>::isEmpty() const
+    {
+        return m_impl.isEmpty(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::iterator HashSet<T, U, V>::begin()
+    {
+        return m_impl.begin(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::iterator HashSet<T, U, V>::end()
+    {
+        return m_impl.end(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::const_iterator HashSet<T, U, V>::begin() const
+    {
+        return m_impl.begin(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::const_iterator HashSet<T, U, V>::end() const
+    {
+        return m_impl.end(); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::iterator HashSet<T, U, V>::find(const ValueType& value)
+    {
+        return m_impl.find(value); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline typename HashSet<T, U, V>::const_iterator HashSet<T, U, V>::find(const ValueType& value) const
+    {
+        return m_impl.find(value); 
+    }
+
+    template<typename T, typename U, typename V>
+    inline bool HashSet<T, U, V>::contains(const ValueType& value) const
+    {
+        return m_impl.contains(value); 
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    template<typename T, typename HashTranslator>
+    typename HashSet<Value, HashFunctions, Traits>::iterator
+    inline HashSet<Value, HashFunctions, Traits>::find(const T& value)
+    {
+        typedef HashSetTranslatorAdapter<ValueType, ValueTraits, T, HashTranslator> Adapter;
+        return m_impl.template find<T, Adapter>(value);
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    template<typename T, typename HashTranslator>
+    typename HashSet<Value, HashFunctions, Traits>::const_iterator
+    inline HashSet<Value, HashFunctions, Traits>::find(const T& value) const
+    {
+        typedef HashSetTranslatorAdapter<ValueType, ValueTraits, T, HashTranslator> Adapter;
+        return m_impl.template find<T, Adapter>(value);
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    template<typename T, typename HashTranslator>
+    inline bool HashSet<Value, HashFunctions, Traits>::contains(const T& value) const
+    {
+        typedef HashSetTranslatorAdapter<ValueType, ValueTraits, T, HashTranslator> Adapter;
+        return m_impl.template contains<T, Adapter>(value);
+    }
+
+    template<typename T, typename U, typename V>
+    pair<typename HashSet<T, U, V>::iterator, bool> HashSet<T, U, V>::add(const ValueType& value)
+    {
+        pair<typename HashTable<T, T, IdentityExtractor<T>, U, V, V>::iterator, bool> p = m_impl.add(value);
+        typename HashSet<T, U, V>::iterator temp = p.first;
+        pair<typename HashSet<T, U, V>::iterator, bool> p2 = make_pair<typename HashSet<T, U, V>::iterator, bool>(temp, p.second);
+ //       p2.first = p.first;
+ //       p2.second = p.second;
+        return p2;
+    }
+
+    template<typename Value, typename HashFunctions, typename Traits>
+    template<typename T, typename HashTranslator>
+    pair<typename HashSet<Value, HashFunctions, Traits>::iterator, bool>
+    HashSet<Value, HashFunctions, Traits>::add(const T& value)
+    {
+        typedef HashSetTranslatorAdapter<ValueType, ValueTraits, T, HashTranslator> Adapter;
+        pair<typename HashTableType::iterator, bool> p = m_impl.template addPassingHashCode<T, T, Adapter>(value, value);
+	return make_pair<iterator, bool>(p.first, p.second);
+    }
+
+    template<typename T, typename U, typename V>
+    inline void HashSet<T, U, V>::remove(iterator it)
+    {
+        if (it.m_impl == m_impl.end())
+            return;
+        m_impl.checkTableConsistency();
+        m_impl.removeWithoutEntryConsistencyCheck(it.m_impl);
+    }
+
+    template<typename T, typename U, typename V>
+    inline void HashSet<T, U, V>::remove(const ValueType& value)
+    {
+        remove(find(value));
+    }
+
+    template<typename T, typename U, typename V>
+    inline void HashSet<T, U, V>::clear()
+    {
+        m_impl.clear(); 
+    }
+
+    template<typename ValueType, typename HashTableType>
+    void deleteAllValues(HashTableType& collection)
+    {
+        typedef typename HashTableType::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete *it;
+    }
+
+    template<typename T, typename U, typename V>
+    inline void deleteAllValues(const HashSet<T, U, V>& collection)
+    {
+        deleteAllValues<typename HashSet<T, U, V>::ValueType>(collection.m_impl);
+    }
+
+    template<typename ValueType, typename HashTableType>
+    void fastDeleteAllValues(HashTableType& collection)
+    {
+        typedef typename HashTableType::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            fastDelete(*it);
+    }
+
+    template<typename T, typename U, typename V>
+    inline void fastDeleteAllValues(const HashSet<T, U, V>& collection)
+    {
+        fastDeleteAllValues<typename HashSet<T, U, V>::ValueType>(collection.m_impl);
+    }
+    
+    template<typename T, typename U, typename V, typename W>
+    inline void copyToVector(const HashSet<T, U, V>& collection, W& vector)
+    {
+        typedef typename HashSet<T, U, V>::const_iterator iterator;
+        
+        vector.resize(collection.size());
+        
+        iterator it = collection.begin();
+        iterator end = collection.end();
+        for (unsigned i = 0; it != end; ++it, ++i)
+            vector[i] = *it;
+    }  
+
+} // namespace WTF
+
+using WTF::HashSet;
+
+#endif /* WTF_HashSet_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.cpp
new file mode 100644
index 000000000..71d3f86ce
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.cpp
@@ -0,0 +1,69 @@
+/*
+    Copyright (C) 2005 Apple Inc. All rights reserved.
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Library General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Library General Public License for more details.
+
+    You should have received a copy of the GNU Library General Public License
+    along with this library; see the file COPYING.LIB.  If not, write to
+    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+    Boston, MA 02110-1301, USA.
+*/
+
+#include "config.h"
+#include "HashTable.h"
+
+namespace WTF {
+
+#if DUMP_HASHTABLE_STATS
+
+int HashTableStats::numAccesses;
+int HashTableStats::numCollisions;
+int HashTableStats::collisionGraph[4096];
+int HashTableStats::maxCollisions;
+int HashTableStats::numRehashes;
+int HashTableStats::numRemoves;
+int HashTableStats::numReinserts;
+
+static HashTableStats logger;
+
+static Mutex& hashTableStatsMutex()
+{
+    AtomicallyInitializedStatic(Mutex&, mutex = *new Mutex);
+    return mutex;
+}
+
+HashTableStats::~HashTableStats()
+{
+    // Don't lock hashTableStatsMutex here because it can cause deadlocks at shutdown 
+    // if any thread was killed while holding the mutex.
+    printf("\nWTF::HashTable statistics\n\n");
+    printf("%d accesses\n", numAccesses);
+    printf("%d total collisions, average %.2f probes per access\n", numCollisions, 1.0 * (numAccesses + numCollisions) / numAccesses);
+    printf("longest collision chain: %d\n", maxCollisions);
+    for (int i = 1; i <= maxCollisions; i++) {
+        printf("  %d lookups with exactly %d collisions (%.2f%% , %.2f%% with this many or more)\n", collisionGraph[i], i, 100.0 * (collisionGraph[i] - collisionGraph[i+1]) / numAccesses, 100.0 * collisionGraph[i] / numAccesses);
+    }
+    printf("%d rehashes\n", numRehashes);
+    printf("%d reinserts\n", numReinserts);
+}
+
+void HashTableStats::recordCollisionAtCount(int count)
+{
+    MutexLocker lock(hashTableStatsMutex());
+    if (count > maxCollisions)
+        maxCollisions = count;
+    numCollisions++;
+    collisionGraph[count]++;
+}
+
+#endif
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.h
new file mode 100644
index 000000000..3b283f822
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTable.h
@@ -0,0 +1,1158 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008 David Levin <levin@chromium.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashTable_h
+#define WTF_HashTable_h
+
+#include "FastMalloc.h"
+#include "HashTraits.h"
+#include <wtf/Assertions.h>
+#include <wtf/Threading.h>
+
+namespace WTF {
+
+#define DUMP_HASHTABLE_STATS 0
+#define CHECK_HASHTABLE_CONSISTENCY 0
+
+#ifdef NDEBUG
+#define CHECK_HASHTABLE_ITERATORS 0
+#define CHECK_HASHTABLE_USE_AFTER_DESTRUCTION 0
+#else
+#define CHECK_HASHTABLE_ITERATORS 1
+#define CHECK_HASHTABLE_USE_AFTER_DESTRUCTION 1
+#endif
+
+#if DUMP_HASHTABLE_STATS
+
+    struct HashTableStats {
+        ~HashTableStats();
+        // All of the variables are accessed in ~HashTableStats when the static struct is destroyed.
+
+        // The following variables are all atomically incremented when modified.
+        static int numAccesses;
+        static int numRehashes;
+        static int numRemoves;
+        static int numReinserts;
+
+        // The following variables are only modified in the recordCollisionAtCount method within a mutex.
+        static int maxCollisions;
+        static int numCollisions;
+        static int collisionGraph[4096];
+
+        static void recordCollisionAtCount(int count);
+    };
+
+#endif
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTable;
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTableIterator;
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTableConstIterator;
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void addIterator(const HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*,
+        HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*);
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void removeIterator(HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*);
+
+#if !CHECK_HASHTABLE_ITERATORS
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void addIterator(const HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*,
+        HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*) { }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void removeIterator(HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>*) { }
+
+#endif
+
+    typedef enum { HashItemKnownGood } HashItemKnownGoodTag;
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTableConstIterator {
+    private:
+        typedef HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> HashTableType;
+        typedef HashTableIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> iterator;
+        typedef HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> const_iterator;
+        typedef Value ValueType;
+        typedef const ValueType& ReferenceType;
+        typedef const ValueType* PointerType;
+
+        friend class HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>;
+        friend class HashTableIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>;
+
+        void skipEmptyBuckets()
+        {
+            while (m_position != m_endPosition && HashTableType::isEmptyOrDeletedBucket(*m_position))
+                ++m_position;
+        }
+
+        HashTableConstIterator(const HashTableType* table, PointerType position, PointerType endPosition)
+            : m_position(position), m_endPosition(endPosition)
+        {
+            addIterator(table, this);
+            skipEmptyBuckets();
+        }
+
+        HashTableConstIterator(const HashTableType* table, PointerType position, PointerType endPosition, HashItemKnownGoodTag)
+            : m_position(position), m_endPosition(endPosition)
+        {
+            addIterator(table, this);
+        }
+
+    public:
+        HashTableConstIterator()
+        {
+            addIterator(0, this);
+        }
+
+        // default copy, assignment and destructor are OK if CHECK_HASHTABLE_ITERATORS is 0
+
+#if CHECK_HASHTABLE_ITERATORS
+        ~HashTableConstIterator()
+        {
+            removeIterator(this);
+        }
+
+        HashTableConstIterator(const const_iterator& other)
+            : m_position(other.m_position), m_endPosition(other.m_endPosition)
+        {
+            addIterator(other.m_table, this);
+        }
+
+        const_iterator& operator=(const const_iterator& other)
+        {
+            m_position = other.m_position;
+            m_endPosition = other.m_endPosition;
+
+            removeIterator(this);
+            addIterator(other.m_table, this);
+
+            return *this;
+        }
+#endif
+
+        PointerType get() const
+        {
+            checkValidity();
+            return m_position;
+        }
+        ReferenceType operator*() const { return *get(); }
+        PointerType operator->() const { return get(); }
+
+        const_iterator& operator++()
+        {
+            checkValidity();
+            ASSERT(m_position != m_endPosition);
+            ++m_position;
+            skipEmptyBuckets();
+            return *this;
+        }
+
+        // postfix ++ intentionally omitted
+
+        // Comparison.
+        bool operator==(const const_iterator& other) const
+        {
+            checkValidity(other);
+            return m_position == other.m_position;
+        }
+        bool operator!=(const const_iterator& other) const
+        {
+            checkValidity(other);
+            return m_position != other.m_position;
+        }
+
+    private:
+        void checkValidity() const
+        {
+#if CHECK_HASHTABLE_ITERATORS
+            ASSERT(m_table);
+#endif
+        }
+
+
+#if CHECK_HASHTABLE_ITERATORS
+        void checkValidity(const const_iterator& other) const
+        {
+            ASSERT(m_table);
+            ASSERT(other.m_table);
+            ASSERT(m_table == other.m_table);
+        }
+#else
+        void checkValidity(const const_iterator&) const { }
+#endif
+
+        PointerType m_position;
+        PointerType m_endPosition;
+
+#if CHECK_HASHTABLE_ITERATORS
+    public:
+        // Any modifications of the m_next or m_previous of an iterator that is in a linked list of a HashTable::m_iterator,
+        // should be guarded with m_table->m_mutex.
+        mutable const HashTableType* m_table;
+        mutable const_iterator* m_next;
+        mutable const_iterator* m_previous;
+#endif
+    };
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTableIterator {
+    private:
+        typedef HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> HashTableType;
+        typedef HashTableIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> iterator;
+        typedef HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> const_iterator;
+        typedef Value ValueType;
+        typedef ValueType& ReferenceType;
+        typedef ValueType* PointerType;
+
+        friend class HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>;
+
+        HashTableIterator(HashTableType* table, PointerType pos, PointerType end) : m_iterator(table, pos, end) { }
+        HashTableIterator(HashTableType* table, PointerType pos, PointerType end, HashItemKnownGoodTag tag) : m_iterator(table, pos, end, tag) { }
+
+    public:
+        HashTableIterator() { }
+
+        // default copy, assignment and destructor are OK
+
+        PointerType get() const { return const_cast<PointerType>(m_iterator.get()); }
+        ReferenceType operator*() const { return *get(); }
+        PointerType operator->() const { return get(); }
+
+        iterator& operator++() { ++m_iterator; return *this; }
+
+        // postfix ++ intentionally omitted
+
+        // Comparison.
+        bool operator==(const iterator& other) const { return m_iterator == other.m_iterator; }
+        bool operator!=(const iterator& other) const { return m_iterator != other.m_iterator; }
+
+        operator const_iterator() const { return m_iterator; }
+
+    private:
+        const_iterator m_iterator;
+    };
+
+    using std::swap;
+
+#if !COMPILER(MSVC)
+    // Visual C++ has a swap for pairs defined.
+
+    // swap pairs by component, in case of pair members that specialize swap
+    template<typename T, typename U> inline void swap(pair<T, U>& a, pair<T, U>& b)
+    {
+        swap(a.first, b.first);
+        swap(a.second, b.second);
+    }
+#endif
+
+    template<typename T, bool useSwap> struct Mover;
+    template<typename T> struct Mover<T, true> { static void move(T& from, T& to) { swap(from, to); } };
+    template<typename T> struct Mover<T, false> { static void move(T& from, T& to) { to = from; } };
+
+    template<typename Key, typename Value, typename HashFunctions> class IdentityHashTranslator {
+    public:
+        static unsigned hash(const Key& key) { return HashFunctions::hash(key); }
+        static bool equal(const Key& a, const Key& b) { return HashFunctions::equal(a, b); }
+        static void translate(Value& location, const Key&, const Value& value) { location = value; }
+    };
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    class HashTable {
+    public:
+        typedef HashTableIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> iterator;
+        typedef HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> const_iterator;
+        typedef Traits ValueTraits;
+        typedef Key KeyType;
+        typedef Value ValueType;
+        typedef IdentityHashTranslator<Key, Value, HashFunctions> IdentityTranslatorType;
+
+        HashTable();
+        ~HashTable() 
+        {
+            invalidateIterators(); 
+            deallocateTable(m_table, m_tableSize); 
+#if CHECK_HASHTABLE_USE_AFTER_DESTRUCTION
+            m_table = (ValueType*)(uintptr_t)0xbbadbeef;
+#endif
+        }
+
+        HashTable(const HashTable&);
+        void swap(HashTable&);
+        HashTable& operator=(const HashTable&);
+
+        iterator begin() { return makeIterator(m_table); }
+        iterator end() { return makeKnownGoodIterator(m_table + m_tableSize); }
+        const_iterator begin() const { return makeConstIterator(m_table); }
+        const_iterator end() const { return makeKnownGoodConstIterator(m_table + m_tableSize); }
+
+        int size() const { return m_keyCount; }
+        int capacity() const { return m_tableSize; }
+        bool isEmpty() const { return !m_keyCount; }
+
+        pair<iterator, bool> add(const ValueType& value) { return add<KeyType, ValueType, IdentityTranslatorType>(Extractor::extract(value), value); }
+
+        // A special version of add() that finds the object by hashing and comparing
+        // with some other type, to avoid the cost of type conversion if the object is already
+        // in the table.
+        template<typename T, typename Extra, typename HashTranslator> pair<iterator, bool> add(const T& key, const Extra&);
+        template<typename T, typename Extra, typename HashTranslator> pair<iterator, bool> addPassingHashCode(const T& key, const Extra&);
+
+        iterator find(const KeyType& key) { return find<KeyType, IdentityTranslatorType>(key); }
+        const_iterator find(const KeyType& key) const { return find<KeyType, IdentityTranslatorType>(key); }
+        bool contains(const KeyType& key) const { return contains<KeyType, IdentityTranslatorType>(key); }
+
+        template <typename T, typename HashTranslator> iterator find(const T&);
+        template <typename T, typename HashTranslator> const_iterator find(const T&) const;
+        template <typename T, typename HashTranslator> bool contains(const T&) const;
+
+        void remove(const KeyType&);
+        void remove(iterator);
+        void removeWithoutEntryConsistencyCheck(iterator);
+        void clear();
+
+        static bool isEmptyBucket(const ValueType& value) { return Extractor::extract(value) == KeyTraits::emptyValue(); }
+        static bool isDeletedBucket(const ValueType& value) { return KeyTraits::isDeletedValue(Extractor::extract(value)); }
+        static bool isEmptyOrDeletedBucket(const ValueType& value) { return isEmptyBucket(value) || isDeletedBucket(value); }
+
+        ValueType* lookup(const Key& key) { return lookup<Key, IdentityTranslatorType>(key); }
+        template<typename T, typename HashTranslator> ValueType* lookup(const T&);
+
+#if CHECK_HASHTABLE_CONSISTENCY
+        void checkTableConsistency() const;
+#else
+        static void checkTableConsistency() { }
+#endif
+
+    private:
+        static ValueType* allocateTable(int size);
+        static void deallocateTable(ValueType* table, int size);
+
+        typedef pair<ValueType*, bool> LookupType;
+        typedef pair<LookupType, unsigned> FullLookupType;
+
+        LookupType lookupForWriting(const Key& key) { return lookupForWriting<Key, IdentityTranslatorType>(key); };
+        template<typename T, typename HashTranslator> FullLookupType fullLookupForWriting(const T&);
+        template<typename T, typename HashTranslator> LookupType lookupForWriting(const T&);
+
+        template<typename T, typename HashTranslator> void checkKey(const T&);
+
+        void removeAndInvalidateWithoutEntryConsistencyCheck(ValueType*);
+        void removeAndInvalidate(ValueType*);
+        void remove(ValueType*);
+
+        bool shouldExpand() const { return (m_keyCount + m_deletedCount) * m_maxLoad >= m_tableSize; }
+        bool mustRehashInPlace() const { return m_keyCount * m_minLoad < m_tableSize * 2; }
+        bool shouldShrink() const { return m_keyCount * m_minLoad < m_tableSize && m_tableSize > m_minTableSize; }
+        void expand();
+        void shrink() { rehash(m_tableSize / 2); }
+
+        void rehash(int newTableSize);
+        void reinsert(ValueType&);
+
+        static void initializeBucket(ValueType& bucket) { new (&bucket) ValueType(Traits::emptyValue()); }
+        static void deleteBucket(ValueType& bucket) { bucket.~ValueType(); Traits::constructDeletedValue(bucket); }
+
+        FullLookupType makeLookupResult(ValueType* position, bool found, unsigned hash)
+            { return FullLookupType(LookupType(position, found), hash); }
+
+        iterator makeIterator(ValueType* pos) { return iterator(this, pos, m_table + m_tableSize); }
+        const_iterator makeConstIterator(ValueType* pos) const { return const_iterator(this, pos, m_table + m_tableSize); }
+        iterator makeKnownGoodIterator(ValueType* pos) { return iterator(this, pos, m_table + m_tableSize, HashItemKnownGood); }
+        const_iterator makeKnownGoodConstIterator(ValueType* pos) const { return const_iterator(this, pos, m_table + m_tableSize, HashItemKnownGood); }
+
+#if CHECK_HASHTABLE_CONSISTENCY
+        void checkTableConsistencyExceptSize() const;
+#else
+        static void checkTableConsistencyExceptSize() { }
+#endif
+
+#if CHECK_HASHTABLE_ITERATORS
+        void invalidateIterators();
+#else
+        static void invalidateIterators() { }
+#endif
+
+        static const int m_minTableSize = 64;
+        static const int m_maxLoad = 2;
+        static const int m_minLoad = 6;
+
+        ValueType* m_table;
+        int m_tableSize;
+        int m_tableSizeMask;
+        int m_keyCount;
+        int m_deletedCount;
+
+#if CHECK_HASHTABLE_ITERATORS
+    public:
+        // All access to m_iterators should be guarded with m_mutex.
+        mutable const_iterator* m_iterators;
+        mutable Mutex m_mutex;
+#endif
+    };
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::HashTable()
+        : m_table(0)
+        , m_tableSize(0)
+        , m_tableSizeMask(0)
+        , m_keyCount(0)
+        , m_deletedCount(0)
+#if CHECK_HASHTABLE_ITERATORS
+        , m_iterators(0)
+#endif
+    {
+    }
+
+    static inline unsigned doubleHash(unsigned key)
+    {
+        key = ~key + (key >> 23);
+        key ^= (key << 12);
+        key ^= (key >> 7);
+        key ^= (key << 2);
+        key ^= (key >> 20);
+        return key;
+    }
+
+#if ASSERT_DISABLED
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename HashTranslator>
+    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkKey(const T&)
+    {
+    }
+
+#else
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename HashTranslator>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkKey(const T& key)
+    {
+        if (!HashFunctions::safeToCompareToEmptyOrDeleted)
+            return;
+        ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
+        ValueType deletedValue = Traits::emptyValue();
+        deletedValue.~ValueType();
+        Traits::constructDeletedValue(deletedValue);
+        ASSERT(!HashTranslator::equal(Extractor::extract(deletedValue), key));
+        new (&deletedValue) ValueType(Traits::emptyValue());
+    }
+
+#endif
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename HashTranslator>
+    inline Value* HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::lookup(const T& key)
+    {
+        checkKey<T, HashTranslator>(key);
+
+        int k = 0;
+        int sizeMask = m_tableSizeMask;
+        ValueType* table = m_table;
+        unsigned h = HashTranslator::hash(key);
+        int i = h & sizeMask;
+
+        if (!table)
+            return 0;
+
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numAccesses);
+        int probeCount = 0;
+#endif
+
+        while (1) {
+            ValueType* entry = table + i;
+                
+            // we count on the compiler to optimize out this branch
+            if (HashFunctions::safeToCompareToEmptyOrDeleted) {
+                if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return entry;
+                
+                if (isEmptyBucket(*entry))
+                    return 0;
+            } else {
+                if (isEmptyBucket(*entry))
+                    return 0;
+                
+                if (!isDeletedBucket(*entry) && HashTranslator::equal(Extractor::extract(*entry), key))
+                    return entry;
+            }
+#if DUMP_HASHTABLE_STATS
+            ++probeCount;
+            HashTableStats::recordCollisionAtCount(probeCount);
+#endif
+            if (k == 0)
+                k = 1 | doubleHash(h);
+            i = (i + k) & sizeMask;
+        }
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename HashTranslator>
+    inline typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::LookupType HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::lookupForWriting(const T& key)
+    {
+        ASSERT(m_table);
+        checkKey<T, HashTranslator>(key);
+
+        int k = 0;
+        ValueType* table = m_table;
+        int sizeMask = m_tableSizeMask;
+        unsigned h = HashTranslator::hash(key);
+        int i = h & sizeMask;
+
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numAccesses);
+        int probeCount = 0;
+#endif
+
+        ValueType* deletedEntry = 0;
+
+        while (1) {
+            ValueType* entry = table + i;
+            
+            // we count on the compiler to optimize out this branch
+            if (HashFunctions::safeToCompareToEmptyOrDeleted) {
+                if (isEmptyBucket(*entry))
+                    return LookupType(deletedEntry ? deletedEntry : entry, false);
+                
+                if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return LookupType(entry, true);
+                
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+            } else {
+                if (isEmptyBucket(*entry))
+                    return LookupType(deletedEntry ? deletedEntry : entry, false);
+            
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+                else if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return LookupType(entry, true);
+            }
+#if DUMP_HASHTABLE_STATS
+            ++probeCount;
+            HashTableStats::recordCollisionAtCount(probeCount);
+#endif
+            if (k == 0)
+                k = 1 | doubleHash(h);
+            i = (i + k) & sizeMask;
+        }
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename HashTranslator>
+    inline typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::FullLookupType HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::fullLookupForWriting(const T& key)
+    {
+        ASSERT(m_table);
+        checkKey<T, HashTranslator>(key);
+
+        int k = 0;
+        ValueType* table = m_table;
+        int sizeMask = m_tableSizeMask;
+        unsigned h = HashTranslator::hash(key);
+        int i = h & sizeMask;
+
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numAccesses);
+        int probeCount = 0;
+#endif
+
+        ValueType* deletedEntry = 0;
+
+        while (1) {
+            ValueType* entry = table + i;
+            
+            // we count on the compiler to optimize out this branch
+            if (HashFunctions::safeToCompareToEmptyOrDeleted) {
+                if (isEmptyBucket(*entry))
+                    return makeLookupResult(deletedEntry ? deletedEntry : entry, false, h);
+                
+                if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return makeLookupResult(entry, true, h);
+                
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+            } else {
+                if (isEmptyBucket(*entry))
+                    return makeLookupResult(deletedEntry ? deletedEntry : entry, false, h);
+            
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+                else if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return makeLookupResult(entry, true, h);
+            }
+#if DUMP_HASHTABLE_STATS
+            ++probeCount;
+            HashTableStats::recordCollisionAtCount(probeCount);
+#endif
+            if (k == 0)
+                k = 1 | doubleHash(h);
+            i = (i + k) & sizeMask;
+        }
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename Extra, typename HashTranslator>
+    inline pair<typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::iterator, bool> HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::add(const T& key, const Extra& extra)
+    {
+        checkKey<T, HashTranslator>(key);
+
+        invalidateIterators();
+
+        if (!m_table)
+            expand();
+
+        checkTableConsistency();
+
+        ASSERT(m_table);
+
+        int k = 0;
+        ValueType* table = m_table;
+        int sizeMask = m_tableSizeMask;
+        unsigned h = HashTranslator::hash(key);
+        int i = h & sizeMask;
+
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numAccesses);
+        int probeCount = 0;
+#endif
+
+        ValueType* deletedEntry = 0;
+        ValueType* entry;
+        while (1) {
+            entry = table + i;
+            
+            // we count on the compiler to optimize out this branch
+            if (HashFunctions::safeToCompareToEmptyOrDeleted) {
+                if (isEmptyBucket(*entry))
+                    break;
+                
+                if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return std::make_pair(makeKnownGoodIterator(entry), false);
+                
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+            } else {
+                if (isEmptyBucket(*entry))
+                    break;
+            
+                if (isDeletedBucket(*entry))
+                    deletedEntry = entry;
+                else if (HashTranslator::equal(Extractor::extract(*entry), key))
+                    return std::make_pair(makeKnownGoodIterator(entry), false);
+            }
+#if DUMP_HASHTABLE_STATS
+            ++probeCount;
+            HashTableStats::recordCollisionAtCount(probeCount);
+#endif
+            if (k == 0)
+                k = 1 | doubleHash(h);
+            i = (i + k) & sizeMask;
+        }
+
+        if (deletedEntry) {
+            initializeBucket(*deletedEntry);
+            entry = deletedEntry;
+            --m_deletedCount; 
+        }
+
+        HashTranslator::translate(*entry, key, extra);
+
+        ++m_keyCount;
+        
+        if (shouldExpand()) {
+            // FIXME: This makes an extra copy on expand. Probably not that bad since
+            // expand is rare, but would be better to have a version of expand that can
+            // follow a pivot entry and return the new position.
+            KeyType enteredKey = Extractor::extract(*entry);
+            expand();
+            pair<iterator, bool> p = std::make_pair(find(enteredKey), true);
+            ASSERT(p.first != end());
+            return p;
+        }
+        
+        checkTableConsistency();
+        
+        return std::make_pair(makeKnownGoodIterator(entry), true);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template<typename T, typename Extra, typename HashTranslator>
+    inline pair<typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::iterator, bool> HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::addPassingHashCode(const T& key, const Extra& extra)
+    {
+        checkKey<T, HashTranslator>(key);
+
+        invalidateIterators();
+
+        if (!m_table)
+            expand();
+
+        checkTableConsistency();
+
+        FullLookupType lookupResult = fullLookupForWriting<T, HashTranslator>(key);
+
+        ValueType* entry = lookupResult.first.first;
+        bool found = lookupResult.first.second;
+        unsigned h = lookupResult.second;
+        
+        if (found)
+            return std::make_pair(makeKnownGoodIterator(entry), false);
+        
+        if (isDeletedBucket(*entry)) {
+            initializeBucket(*entry);
+            --m_deletedCount;
+        }
+        
+        HashTranslator::translate(*entry, key, extra, h);
+        ++m_keyCount;
+        if (shouldExpand()) {
+            // FIXME: This makes an extra copy on expand. Probably not that bad since
+            // expand is rare, but would be better to have a version of expand that can
+            // follow a pivot entry and return the new position.
+            KeyType enteredKey = Extractor::extract(*entry);
+            expand();
+            pair<iterator, bool> p = std::make_pair(find(enteredKey), true);
+            ASSERT(p.first != end());
+            return p;
+        }
+
+        checkTableConsistency();
+
+        return std::make_pair(makeKnownGoodIterator(entry), true);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::reinsert(ValueType& entry)
+    {
+        ASSERT(m_table);
+        ASSERT(!lookupForWriting(Extractor::extract(entry)).second);
+        ASSERT(!isDeletedBucket(*(lookupForWriting(Extractor::extract(entry)).first)));
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numReinserts);
+#endif
+
+        Mover<ValueType, Traits::needsDestruction>::move(entry, *lookupForWriting(Extractor::extract(entry)).first);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template <typename T, typename HashTranslator> 
+    typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::iterator HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::find(const T& key)
+    {
+        if (!m_table)
+            return end();
+
+        ValueType* entry = lookup<T, HashTranslator>(key);
+        if (!entry)
+            return end();
+
+        return makeKnownGoodIterator(entry);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template <typename T, typename HashTranslator> 
+    typename HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::const_iterator HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::find(const T& key) const
+    {
+        if (!m_table)
+            return end();
+
+        ValueType* entry = const_cast<HashTable*>(this)->lookup<T, HashTranslator>(key);
+        if (!entry)
+            return end();
+
+        return makeKnownGoodConstIterator(entry);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    template <typename T, typename HashTranslator> 
+    bool HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::contains(const T& key) const
+    {
+        if (!m_table)
+            return false;
+
+        return const_cast<HashTable*>(this)->lookup<T, HashTranslator>(key);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::removeAndInvalidateWithoutEntryConsistencyCheck(ValueType* pos)
+    {
+        invalidateIterators();
+        remove(pos);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::removeAndInvalidate(ValueType* pos)
+    {
+        invalidateIterators();
+        checkTableConsistency();
+        remove(pos);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::remove(ValueType* pos)
+    {
+#if DUMP_HASHTABLE_STATS
+        atomicIncrement(&HashTableStats::numRemoves);
+#endif
+
+        deleteBucket(*pos);
+        ++m_deletedCount;
+        --m_keyCount;
+
+        if (shouldShrink())
+            shrink();
+
+        checkTableConsistency();
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::remove(iterator it)
+    {
+        if (it == end())
+            return;
+
+        removeAndInvalidate(const_cast<ValueType*>(it.m_iterator.m_position));
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::removeWithoutEntryConsistencyCheck(iterator it)
+    {
+        if (it == end())
+            return;
+
+        removeAndInvalidateWithoutEntryConsistencyCheck(const_cast<ValueType*>(it.m_iterator.m_position));
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::remove(const KeyType& key)
+    {
+        remove(find(key));
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    Value* HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::allocateTable(int size)
+    {
+        // would use a template member function with explicit specializations here, but
+        // gcc doesn't appear to support that
+        if (Traits::emptyValueIsZero)
+            return static_cast<ValueType*>(fastZeroedMalloc(size * sizeof(ValueType)));
+        ValueType* result = static_cast<ValueType*>(fastMalloc(size * sizeof(ValueType)));
+        for (int i = 0; i < size; i++)
+            initializeBucket(result[i]);
+        return result;
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::deallocateTable(ValueType* table, int size)
+    {
+        if (Traits::needsDestruction) {
+            for (int i = 0; i < size; ++i) {
+                if (!isDeletedBucket(table[i]))
+                    table[i].~ValueType();
+            }
+        }
+        fastFree(table);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::expand()
+    {
+        int newSize;
+        if (m_tableSize == 0)
+            newSize = m_minTableSize;
+        else if (mustRehashInPlace())
+            newSize = m_tableSize;
+        else
+            newSize = m_tableSize * 2;
+
+        rehash(newSize);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::rehash(int newTableSize)
+    {
+        checkTableConsistencyExceptSize();
+
+        int oldTableSize = m_tableSize;
+        ValueType* oldTable = m_table;
+
+#if DUMP_HASHTABLE_STATS
+        if (oldTableSize != 0)
+            atomicIncrement(&HashTableStats::numRehashes);
+#endif
+
+        m_tableSize = newTableSize;
+        m_tableSizeMask = newTableSize - 1;
+        m_table = allocateTable(newTableSize);
+
+        for (int i = 0; i != oldTableSize; ++i)
+            if (!isEmptyOrDeletedBucket(oldTable[i]))
+                reinsert(oldTable[i]);
+
+        m_deletedCount = 0;
+
+        deallocateTable(oldTable, oldTableSize);
+
+        checkTableConsistency();
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::clear()
+    {
+        invalidateIterators();
+        deallocateTable(m_table, m_tableSize);
+        m_table = 0;
+        m_tableSize = 0;
+        m_tableSizeMask = 0;
+        m_keyCount = 0;
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::HashTable(const HashTable& other)
+        : m_table(0)
+        , m_tableSize(0)
+        , m_tableSizeMask(0)
+        , m_keyCount(0)
+        , m_deletedCount(0)
+#if CHECK_HASHTABLE_ITERATORS
+        , m_iterators(0)
+#endif
+    {
+        // Copy the hash table the dumb way, by adding each element to the new table.
+        // It might be more efficient to copy the table slots, but it's not clear that efficiency is needed.
+        const_iterator end = other.end();
+        for (const_iterator it = other.begin(); it != end; ++it)
+            add(*it);
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::swap(HashTable& other)
+    {
+        invalidateIterators();
+        other.invalidateIterators();
+
+        ValueType* tmp_table = m_table;
+        m_table = other.m_table;
+        other.m_table = tmp_table;
+
+        int tmp_tableSize = m_tableSize;
+        m_tableSize = other.m_tableSize;
+        other.m_tableSize = tmp_tableSize;
+
+        int tmp_tableSizeMask = m_tableSizeMask;
+        m_tableSizeMask = other.m_tableSizeMask;
+        other.m_tableSizeMask = tmp_tableSizeMask;
+
+        int tmp_keyCount = m_keyCount;
+        m_keyCount = other.m_keyCount;
+        other.m_keyCount = tmp_keyCount;
+
+        int tmp_deletedCount = m_deletedCount;
+        m_deletedCount = other.m_deletedCount;
+        other.m_deletedCount = tmp_deletedCount;
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>& HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::operator=(const HashTable& other)
+    {
+        HashTable tmp(other);
+        swap(tmp);
+        return *this;
+    }
+
+#if CHECK_HASHTABLE_CONSISTENCY
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkTableConsistency() const
+    {
+        checkTableConsistencyExceptSize();
+        ASSERT(!shouldExpand());
+        ASSERT(!shouldShrink());
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkTableConsistencyExceptSize() const
+    {
+        if (!m_table)
+            return;
+
+        int count = 0;
+        int deletedCount = 0;
+        for (int j = 0; j < m_tableSize; ++j) {
+            ValueType* entry = m_table + j;
+            if (isEmptyBucket(*entry))
+                continue;
+
+            if (isDeletedBucket(*entry)) {
+                ++deletedCount;
+                continue;
+            }
+
+            const_iterator it = find(Extractor::extract(*entry));
+            ASSERT(entry == it.m_position);
+            ++count;
+        }
+
+        ASSERT(count == m_keyCount);
+        ASSERT(deletedCount == m_deletedCount);
+        ASSERT(m_tableSize >= m_minTableSize);
+        ASSERT(m_tableSizeMask);
+        ASSERT(m_tableSize == m_tableSizeMask + 1);
+    }
+
+#endif // CHECK_HASHTABLE_CONSISTENCY
+
+#if CHECK_HASHTABLE_ITERATORS
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::invalidateIterators()
+    {
+        MutexLocker lock(m_mutex);
+        const_iterator* next;
+        for (const_iterator* p = m_iterators; p; p = next) {
+            next = p->m_next;
+            p->m_table = 0;
+            p->m_next = 0;
+            p->m_previous = 0;
+        }
+        m_iterators = 0;
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void addIterator(const HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>* table,
+        HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>* it)
+    {
+        it->m_table = table;
+        it->m_previous = 0;
+
+        // Insert iterator at head of doubly-linked list of iterators.
+        if (!table) {
+            it->m_next = 0;
+        } else {
+            MutexLocker lock(table->m_mutex);
+            ASSERT(table->m_iterators != it);
+            it->m_next = table->m_iterators;
+            table->m_iterators = it;
+            if (it->m_next) {
+                ASSERT(!it->m_next->m_previous);
+                it->m_next->m_previous = it;
+            }
+        }
+    }
+
+    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
+    void removeIterator(HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>* it)
+    {
+        typedef HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> HashTableType;
+        typedef HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits> const_iterator;
+
+        // Delete iterator from doubly-linked list of iterators.
+        if (!it->m_table) {
+            ASSERT(!it->m_next);
+            ASSERT(!it->m_previous);
+        } else {
+            MutexLocker lock(it->m_table->m_mutex);
+            if (it->m_next) {
+                ASSERT(it->m_next->m_previous == it);
+                it->m_next->m_previous = it->m_previous;
+            }
+            if (it->m_previous) {
+                ASSERT(it->m_table->m_iterators != it);
+                ASSERT(it->m_previous->m_next == it);
+                it->m_previous->m_next = it->m_next;
+            } else {
+                ASSERT(it->m_table->m_iterators == it);
+                it->m_table->m_iterators = it->m_next;
+            }
+        }
+
+        it->m_table = 0;
+        it->m_next = 0;
+        it->m_previous = 0;
+    }
+
+#endif // CHECK_HASHTABLE_ITERATORS
+
+    // iterator adapters
+
+    template<typename HashTableType, typename ValueType> struct HashTableConstIteratorAdapter {
+        HashTableConstIteratorAdapter(const typename HashTableType::const_iterator& impl) : m_impl(impl) {}
+
+        const ValueType* get() const { return (const ValueType*)m_impl.get(); }
+        const ValueType& operator*() const { return *get(); }
+        const ValueType* operator->() const { return get(); }
+
+        HashTableConstIteratorAdapter& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        typename HashTableType::const_iterator m_impl;
+    };
+
+    template<typename HashTableType, typename ValueType> struct HashTableIteratorAdapter {
+        HashTableIteratorAdapter(const typename HashTableType::iterator& impl) : m_impl(impl) {}
+
+        ValueType* get() const { return (ValueType*)m_impl.get(); }
+        ValueType& operator*() const { return *get(); }
+        ValueType* operator->() const { return get(); }
+
+        HashTableIteratorAdapter& operator++() { ++m_impl; return *this; }
+        // postfix ++ intentionally omitted
+
+        operator HashTableConstIteratorAdapter<HashTableType, ValueType>() {
+            typename HashTableType::const_iterator i = m_impl;
+            return i;
+        }
+
+        typename HashTableType::iterator m_impl;
+    };
+
+    template<typename T, typename U>
+    inline bool operator==(const HashTableConstIteratorAdapter<T, U>& a, const HashTableConstIteratorAdapter<T, U>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U>
+    inline bool operator!=(const HashTableConstIteratorAdapter<T, U>& a, const HashTableConstIteratorAdapter<T, U>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+    template<typename T, typename U>
+    inline bool operator==(const HashTableIteratorAdapter<T, U>& a, const HashTableIteratorAdapter<T, U>& b)
+    {
+        return a.m_impl == b.m_impl;
+    }
+
+    template<typename T, typename U>
+    inline bool operator!=(const HashTableIteratorAdapter<T, U>& a, const HashTableIteratorAdapter<T, U>& b)
+    {
+        return a.m_impl != b.m_impl;
+    }
+
+} // namespace WTF
+
+#include "HashIterators.h"
+
+#endif // WTF_HashTable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTraits.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTraits.h
new file mode 100644
index 000000000..c8d40f7d5
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/HashTraits.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_HashTraits_h
+#define WTF_HashTraits_h
+
+#include "HashFunctions.h"
+#include "TypeTraits.h"
+#include <utility>
+#include <limits>
+
+namespace WTF {
+
+    using std::pair;
+    using std::make_pair;
+
+    template<typename T> struct HashTraits;
+
+    template<bool isInteger, typename T> struct GenericHashTraitsBase;
+
+    template<typename T> struct GenericHashTraitsBase<false, T> {
+        static const bool emptyValueIsZero = false;
+        static const bool needsDestruction = true;
+    };
+
+    // Default integer traits disallow both 0 and -1 as keys (max value instead of -1 for unsigned).
+    template<typename T> struct GenericHashTraitsBase<true, T> {
+        static const bool emptyValueIsZero = true;
+        static const bool needsDestruction = false;
+        static void constructDeletedValue(T& slot) { slot = static_cast<T>(-1); }
+        static bool isDeletedValue(T value) { return value == static_cast<T>(-1); }
+    };
+
+    template<typename T> struct GenericHashTraits : GenericHashTraitsBase<IsInteger<T>::value, T> {
+        typedef T TraitType;
+        static T emptyValue() { return T(); }
+    };
+
+    template<typename T> struct HashTraits : GenericHashTraits<T> { };
+
+    template<typename T> struct FloatHashTraits : GenericHashTraits<T> {
+        static const bool needsDestruction = false;
+        static T emptyValue() { return std::numeric_limits<T>::infinity(); }
+        static void constructDeletedValue(T& slot) { slot = -std::numeric_limits<T>::infinity(); }
+        static bool isDeletedValue(T value) { return value == -std::numeric_limits<T>::infinity(); }
+    };
+
+    template<> struct HashTraits<float> : FloatHashTraits<float> { };
+    template<> struct HashTraits<double> : FloatHashTraits<double> { };
+
+    // Default unsigned traits disallow both 0 and max as keys -- use these traits to allow zero and disallow max - 1.
+    template<typename T> struct UnsignedWithZeroKeyHashTraits : GenericHashTraits<T> {
+        static const bool emptyValueIsZero = false;
+        static const bool needsDestruction = false;
+        static T emptyValue() { return std::numeric_limits<T>::max(); }
+        static void constructDeletedValue(T& slot) { slot = std::numeric_limits<T>::max() - 1; }
+        static bool isDeletedValue(T value) { return value == std::numeric_limits<T>::max() - 1; }
+    };
+
+    template<typename P> struct HashTraits<P*> : GenericHashTraits<P*> {
+        static const bool emptyValueIsZero = true;
+        static const bool needsDestruction = false;
+        static void constructDeletedValue(P*& slot) { slot = reinterpret_cast<P*>(-1); }
+        static bool isDeletedValue(P* value) { return value == reinterpret_cast<P*>(-1); }
+    };
+
+    template<typename P> struct HashTraits<RefPtr<P> > : GenericHashTraits<RefPtr<P> > {
+        static const bool emptyValueIsZero = true;
+        static void constructDeletedValue(RefPtr<P>& slot) { new (&slot) RefPtr<P>(HashTableDeletedValue); }
+        static bool isDeletedValue(const RefPtr<P>& value) { return value.isHashTableDeletedValue(); }
+    };
+
+    // special traits for pairs, helpful for their use in HashMap implementation
+
+    template<typename FirstTraitsArg, typename SecondTraitsArg>
+    struct PairHashTraits : GenericHashTraits<pair<typename FirstTraitsArg::TraitType, typename SecondTraitsArg::TraitType> > {
+        typedef FirstTraitsArg FirstTraits;
+        typedef SecondTraitsArg SecondTraits;
+        typedef pair<typename FirstTraits::TraitType, typename SecondTraits::TraitType> TraitType;
+
+        static const bool emptyValueIsZero = FirstTraits::emptyValueIsZero && SecondTraits::emptyValueIsZero;
+        static TraitType emptyValue() { return make_pair(FirstTraits::emptyValue(), SecondTraits::emptyValue()); }
+
+        static const bool needsDestruction = FirstTraits::needsDestruction || SecondTraits::needsDestruction;
+
+        static void constructDeletedValue(TraitType& slot) { FirstTraits::constructDeletedValue(slot.first); }
+        static bool isDeletedValue(const TraitType& value) { return FirstTraits::isDeletedValue(value.first); }
+    };
+
+    template<typename First, typename Second>
+    struct HashTraits<pair<First, Second> > : public PairHashTraits<HashTraits<First>, HashTraits<Second> > { };
+
+} // namespace WTF
+
+using WTF::HashTraits;
+using WTF::PairHashTraits;
+
+#endif // WTF_HashTraits_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListHashSet.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListHashSet.h
new file mode 100644
index 000000000..38cc99850
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListHashSet.h
@@ -0,0 +1,616 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_ListHashSet_h
+#define WTF_ListHashSet_h
+
+#include "Assertions.h"
+#include "HashSet.h"
+#include "OwnPtr.h"
+
+namespace WTF {
+
+    // ListHashSet: Just like HashSet, this class provides a Set
+    // interface - a collection of unique objects with O(1) insertion,
+    // removal and test for containership. However, it also has an
+    // order - iterating it will always give back values in the order
+    // in which they are added.
+
+    // In theory it would be possible to add prepend, insertAfter
+    // and an append that moves the element to the end even if already present,
+    // but unclear yet if these are needed.
+
+    template<typename Value, typename HashFunctions> class ListHashSet;
+
+    template<typename T> struct IdentityExtractor;
+
+    template<typename Value, typename HashFunctions>
+    void deleteAllValues(const ListHashSet<Value, HashFunctions>&);
+
+    template<typename ValueArg, typename HashArg> class ListHashSetIterator;
+    template<typename ValueArg, typename HashArg> class ListHashSetConstIterator;
+
+    template<typename ValueArg> struct ListHashSetNode;
+    template<typename ValueArg> struct ListHashSetNodeAllocator;
+    template<typename ValueArg, typename HashArg> struct ListHashSetNodeHashFunctions;
+
+    template<typename ValueArg, typename HashArg = typename DefaultHash<ValueArg>::Hash> class ListHashSet {
+    private:
+        typedef ListHashSetNode<ValueArg> Node;
+        typedef ListHashSetNodeAllocator<ValueArg> NodeAllocator;
+
+        typedef HashTraits<Node*> NodeTraits;
+        typedef ListHashSetNodeHashFunctions<ValueArg, HashArg> NodeHash;
+
+        typedef HashTable<Node*, Node*, IdentityExtractor<Node*>, NodeHash, NodeTraits, NodeTraits> ImplType;
+        typedef HashTableIterator<Node*, Node*, IdentityExtractor<Node*>, NodeHash, NodeTraits, NodeTraits> ImplTypeIterator;
+        typedef HashTableConstIterator<Node*, Node*, IdentityExtractor<Node*>, NodeHash, NodeTraits, NodeTraits> ImplTypeConstIterator;
+
+        typedef HashArg HashFunctions;
+
+    public:
+        typedef ValueArg ValueType;
+        typedef ListHashSetIterator<ValueType, HashArg> iterator;
+        typedef ListHashSetConstIterator<ValueType, HashArg> const_iterator;
+
+        friend class ListHashSetConstIterator<ValueType, HashArg>;
+
+        ListHashSet();
+        ListHashSet(const ListHashSet&);
+        ListHashSet& operator=(const ListHashSet&);
+        ~ListHashSet();
+
+        void swap(ListHashSet&);
+
+        int size() const;
+        int capacity() const;
+        bool isEmpty() const;
+
+        iterator begin();
+        iterator end();
+        const_iterator begin() const;
+        const_iterator end() const;
+
+        iterator find(const ValueType&);
+        const_iterator find(const ValueType&) const;
+        bool contains(const ValueType&) const;
+
+        // the return value is a pair of an iterator to the new value's location, 
+        // and a bool that is true if an new entry was added
+        pair<iterator, bool> add(const ValueType&);
+
+        pair<iterator, bool> insertBefore(const ValueType& beforeValue, const ValueType& newValue);
+        pair<iterator, bool> insertBefore(iterator it, const ValueType&);
+
+        void remove(const ValueType&);
+        void remove(iterator);
+        void clear();
+
+    private:
+        void unlinkAndDelete(Node*);
+        void appendNode(Node*);
+        void insertNodeBefore(Node* beforeNode, Node* newNode);
+        void deleteAllNodes();
+        iterator makeIterator(Node*);
+        const_iterator makeConstIterator(Node*) const;
+
+        friend void deleteAllValues<>(const ListHashSet&);
+
+        ImplType m_impl;
+        Node* m_head;
+        Node* m_tail;
+        OwnPtr<NodeAllocator> m_allocator;
+    };
+
+    template<typename ValueArg> struct ListHashSetNodeAllocator {
+        typedef ListHashSetNode<ValueArg> Node;
+        typedef ListHashSetNodeAllocator<ValueArg> NodeAllocator;
+
+        ListHashSetNodeAllocator() 
+            : m_freeList(pool())
+            , m_isDoneWithInitialFreeList(false)
+        { 
+            memset(m_pool.pool, 0, sizeof(m_pool.pool));
+        }
+
+        Node* allocate()
+        { 
+            Node* result = m_freeList;
+
+            if (!result)
+                return static_cast<Node*>(fastMalloc(sizeof(Node)));
+
+            ASSERT(!result->m_isAllocated);
+
+            Node* next = result->m_next;
+            ASSERT(!next || !next->m_isAllocated);
+            if (!next && !m_isDoneWithInitialFreeList) {
+                next = result + 1;
+                if (next == pastPool()) {
+                    m_isDoneWithInitialFreeList = true;
+                    next = 0;
+                } else {
+                    ASSERT(inPool(next));
+                    ASSERT(!next->m_isAllocated);
+                }
+            }
+            m_freeList = next;
+
+            return result;
+        }
+
+        void deallocate(Node* node) 
+        {
+            if (inPool(node)) {
+#ifndef NDEBUG
+                node->m_isAllocated = false;
+#endif
+                node->m_next = m_freeList;
+                m_freeList = node;
+                return;
+            }
+
+            fastFree(node);
+        }
+
+    private:
+        Node* pool() { return reinterpret_cast<Node*>(m_pool.pool); }
+        Node* pastPool() { return pool() + m_poolSize; }
+
+        bool inPool(Node* node)
+        {
+            return node >= pool() && node < pastPool();
+        }
+
+        Node* m_freeList;
+        bool m_isDoneWithInitialFreeList;
+        static const size_t m_poolSize = 256;
+        union {
+            char pool[sizeof(Node) * m_poolSize];
+            double forAlignment;
+        } m_pool;
+    };
+
+    template<typename ValueArg> struct ListHashSetNode {
+        typedef ListHashSetNodeAllocator<ValueArg> NodeAllocator;
+
+        ListHashSetNode(ValueArg value)
+            : m_value(value)
+            , m_prev(0)
+            , m_next(0)
+#ifndef NDEBUG
+            , m_isAllocated(true)
+#endif
+        {
+        }
+
+        void* operator new(size_t, NodeAllocator* allocator)
+        {
+            return allocator->allocate();
+        }
+        void destroy(NodeAllocator* allocator)
+        {
+            this->~ListHashSetNode();
+            allocator->deallocate(this);
+        }
+
+        ValueArg m_value;
+        ListHashSetNode* m_prev;
+        ListHashSetNode* m_next;
+
+#ifndef NDEBUG
+        bool m_isAllocated;
+#endif
+    };
+
+    template<typename ValueArg, typename HashArg> struct ListHashSetNodeHashFunctions {
+        typedef ListHashSetNode<ValueArg> Node;
+        
+        static unsigned hash(Node* const& key) { return HashArg::hash(key->m_value); }
+        static bool equal(Node* const& a, Node* const& b) { return HashArg::equal(a->m_value, b->m_value); }
+        static const bool safeToCompareToEmptyOrDeleted = false;
+    };
+
+    template<typename ValueArg, typename HashArg> class ListHashSetIterator {
+    private:
+        typedef ListHashSet<ValueArg, HashArg> ListHashSetType;
+        typedef ListHashSetIterator<ValueArg, HashArg> iterator;
+        typedef ListHashSetConstIterator<ValueArg, HashArg> const_iterator;
+        typedef ListHashSetNode<ValueArg> Node;
+        typedef ValueArg ValueType;
+        typedef ValueType& ReferenceType;
+        typedef ValueType* PointerType;
+
+        friend class ListHashSet<ValueArg, HashArg>;
+
+        ListHashSetIterator(const ListHashSetType* set, Node* position) : m_iterator(set, position) { }
+
+    public:
+        ListHashSetIterator() { }
+
+        // default copy, assignment and destructor are OK
+
+        PointerType get() const { return const_cast<PointerType>(m_iterator.get()); }
+        ReferenceType operator*() const { return *get(); }
+        PointerType operator->() const { return get(); }
+
+        iterator& operator++() { ++m_iterator; return *this; }
+
+        // postfix ++ intentionally omitted
+
+        iterator& operator--() { --m_iterator; return *this; }
+
+        // postfix -- intentionally omitted
+
+        // Comparison.
+        bool operator==(const iterator& other) const { return m_iterator == other.m_iterator; }
+        bool operator!=(const iterator& other) const { return m_iterator != other.m_iterator; }
+
+        operator const_iterator() const { return m_iterator; }
+
+    private:
+        Node* node() { return m_iterator.node(); }
+
+        const_iterator m_iterator;
+    };
+
+    template<typename ValueArg, typename HashArg> class ListHashSetConstIterator {
+    private:
+        typedef ListHashSet<ValueArg, HashArg> ListHashSetType;
+        typedef ListHashSetIterator<ValueArg, HashArg> iterator;
+        typedef ListHashSetConstIterator<ValueArg, HashArg> const_iterator;
+        typedef ListHashSetNode<ValueArg> Node;
+        typedef ValueArg ValueType;
+        typedef const ValueType& ReferenceType;
+        typedef const ValueType* PointerType;
+
+        friend class ListHashSet<ValueArg, HashArg>;
+        friend class ListHashSetIterator<ValueArg, HashArg>;
+
+        ListHashSetConstIterator(const ListHashSetType* set, Node* position)
+            : m_set(set)
+            , m_position(position)
+        {
+        }
+
+    public:
+        ListHashSetConstIterator()
+        {
+        }
+
+        PointerType get() const
+        {
+            return &m_position->m_value;
+        }
+        ReferenceType operator*() const { return *get(); }
+        PointerType operator->() const { return get(); }
+
+        const_iterator& operator++()
+        {
+            ASSERT(m_position != 0);
+            m_position = m_position->m_next;
+            return *this;
+        }
+
+        // postfix ++ intentionally omitted
+
+        const_iterator& operator--()
+        {
+            ASSERT(m_position != m_set->m_head);
+            if (!m_position)
+                m_position = m_set->m_tail;
+            else
+                m_position = m_position->m_prev;
+            return *this;
+        }
+
+        // postfix -- intentionally omitted
+
+        // Comparison.
+        bool operator==(const const_iterator& other) const
+        {
+            return m_position == other.m_position;
+        }
+        bool operator!=(const const_iterator& other) const
+        {
+            return m_position != other.m_position;
+        }
+
+    private:
+        Node* node() { return m_position; }
+
+        const ListHashSetType* m_set;
+        Node* m_position;
+    };
+
+
+    template<typename ValueType, typename HashFunctions>
+    struct ListHashSetTranslator {
+    private:
+        typedef ListHashSetNode<ValueType> Node;
+        typedef ListHashSetNodeAllocator<ValueType> NodeAllocator;
+    public:
+        static unsigned hash(const ValueType& key) { return HashFunctions::hash(key); }
+        static bool equal(Node* const& a, const ValueType& b) { return HashFunctions::equal(a->m_value, b); }
+        static void translate(Node*& location, const ValueType& key, NodeAllocator* allocator)
+        {
+            location = new (allocator) Node(key);
+        }
+    };
+
+    template<typename T, typename U>
+    inline ListHashSet<T, U>::ListHashSet()
+        : m_head(0)
+        , m_tail(0)
+        , m_allocator(new NodeAllocator)
+    {
+    }
+
+    template<typename T, typename U>
+    inline ListHashSet<T, U>::ListHashSet(const ListHashSet& other)
+        : m_head(0)
+        , m_tail(0)
+        , m_allocator(new NodeAllocator)
+    {
+        const_iterator end = other.end();
+        for (const_iterator it = other.begin(); it != end; ++it)
+            add(*it);
+    }
+
+    template<typename T, typename U>
+    inline ListHashSet<T, U>& ListHashSet<T, U>::operator=(const ListHashSet& other)
+    {
+        ListHashSet tmp(other);
+        swap(tmp);
+        return *this;
+    }
+
+    template<typename T, typename U>
+    inline void ListHashSet<T, U>::swap(ListHashSet& other)
+    {
+        m_impl.swap(other.m_impl);
+        std::swap(m_head, other.m_head);
+        std::swap(m_tail, other.m_tail);
+        m_allocator.swap(other.m_allocator);
+    }
+
+    template<typename T, typename U>
+    inline ListHashSet<T, U>::~ListHashSet()
+    {
+        deleteAllNodes();
+    }
+
+    template<typename T, typename U>
+    inline int ListHashSet<T, U>::size() const
+    {
+        return m_impl.size(); 
+    }
+
+    template<typename T, typename U>
+    inline int ListHashSet<T, U>::capacity() const
+    {
+        return m_impl.capacity(); 
+    }
+
+    template<typename T, typename U>
+    inline bool ListHashSet<T, U>::isEmpty() const
+    {
+        return m_impl.isEmpty(); 
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::iterator ListHashSet<T, U>::begin()
+    {
+        return makeIterator(m_head); 
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::iterator ListHashSet<T, U>::end()
+    {
+        return makeIterator(0);
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::const_iterator ListHashSet<T, U>::begin() const
+    {
+        return makeConstIterator(m_head); 
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::const_iterator ListHashSet<T, U>::end() const
+    {
+        return makeConstIterator(0); 
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::iterator ListHashSet<T, U>::find(const ValueType& value)
+    {
+        typedef ListHashSetTranslator<ValueType, HashFunctions> Translator;
+        ImplTypeIterator it = m_impl.template find<ValueType, Translator>(value);
+        if (it == m_impl.end())
+            return end();
+        return makeIterator(*it); 
+    }
+
+    template<typename T, typename U>
+    inline typename ListHashSet<T, U>::const_iterator ListHashSet<T, U>::find(const ValueType& value) const
+    {
+        typedef ListHashSetTranslator<ValueType, HashFunctions> Translator;
+        ImplTypeConstIterator it = m_impl.template find<ValueType, Translator>(value);
+        if (it == m_impl.end())
+            return end();
+        return makeConstIterator(*it);
+    }
+
+    template<typename T, typename U>
+    inline bool ListHashSet<T, U>::contains(const ValueType& value) const
+    {
+        typedef ListHashSetTranslator<ValueType, HashFunctions> Translator;
+        return m_impl.template contains<ValueType, Translator>(value);
+    }
+
+    template<typename T, typename U>
+    pair<typename ListHashSet<T, U>::iterator, bool> ListHashSet<T, U>::add(const ValueType &value)
+    {
+        typedef ListHashSetTranslator<ValueType, HashFunctions> Translator;
+        pair<typename ImplType::iterator, bool> result = m_impl.template add<ValueType, NodeAllocator*, Translator>(value, m_allocator.get());
+        if (result.second)
+            appendNode(*result.first);
+        return std::make_pair(makeIterator(*result.first), result.second);
+    }
+
+    template<typename T, typename U>
+    pair<typename ListHashSet<T, U>::iterator, bool> ListHashSet<T, U>::insertBefore(iterator it, const ValueType& newValue)
+    {
+        typedef ListHashSetTranslator<ValueType, HashFunctions> Translator;
+        pair<typename ImplType::iterator, bool> result = m_impl.template add<ValueType, NodeAllocator*, Translator>(newValue, m_allocator.get());
+        if (result.second)
+            insertNodeBefore(it.node(), *result.first);
+        return std::make_pair(makeIterator(*result.first), result.second);
+
+    }
+
+    template<typename T, typename U>
+    pair<typename ListHashSet<T, U>::iterator, bool> ListHashSet<T, U>::insertBefore(const ValueType& beforeValue, const ValueType& newValue)
+    {
+        return insertBefore(find(beforeValue), newValue); 
+    }
+
+    template<typename T, typename U>
+    inline void ListHashSet<T, U>::remove(iterator it)
+    {
+        if (it == end())
+            return;
+        m_impl.remove(it.node());
+        unlinkAndDelete(it.node());
+    }
+
+    template<typename T, typename U>
+    inline void ListHashSet<T, U>::remove(const ValueType& value)
+    {
+        remove(find(value));
+    }
+
+    template<typename T, typename U>
+    inline void ListHashSet<T, U>::clear()
+    {
+        deleteAllNodes();
+        m_impl.clear(); 
+        m_head = 0;
+        m_tail = 0;
+    }
+
+    template<typename T, typename U>
+    void ListHashSet<T, U>::unlinkAndDelete(Node* node)
+    {
+        if (!node->m_prev) {
+            ASSERT(node == m_head);
+            m_head = node->m_next;
+        } else {
+            ASSERT(node != m_head);
+            node->m_prev->m_next = node->m_next;
+        }
+
+        if (!node->m_next) {
+            ASSERT(node == m_tail);
+            m_tail = node->m_prev;
+        } else {
+            ASSERT(node != m_tail);
+            node->m_next->m_prev = node->m_prev;
+        }
+
+        node->destroy(m_allocator.get());
+    }
+
+    template<typename T, typename U>
+    void ListHashSet<T, U>::appendNode(Node* node)
+    {
+        node->m_prev = m_tail;
+        node->m_next = 0;
+
+        if (m_tail) {
+            ASSERT(m_head);
+            m_tail->m_next = node;
+        } else {
+            ASSERT(!m_head);
+            m_head = node;
+        }
+
+        m_tail = node;
+    }
+
+    template<typename T, typename U>
+    void ListHashSet<T, U>::insertNodeBefore(Node* beforeNode, Node* newNode)
+    {
+        if (!beforeNode)
+            return appendNode(newNode);
+        
+        newNode->m_next = beforeNode;
+        newNode->m_prev = beforeNode->m_prev;
+        if (beforeNode->m_prev)
+            beforeNode->m_prev->m_next = newNode;
+        beforeNode->m_prev = newNode;
+
+        if (!newNode->m_prev)
+            m_head = newNode;
+    }
+
+    template<typename T, typename U>
+    void ListHashSet<T, U>::deleteAllNodes()
+    {
+        if (!m_head)
+            return;
+
+        for (Node* node = m_head, *next = m_head->m_next; node; node = next, next = node ? node->m_next : 0)
+            node->destroy(m_allocator.get());
+    }
+
+    template<typename T, typename U>
+    inline ListHashSetIterator<T, U> ListHashSet<T, U>::makeIterator(Node* position) 
+    {
+        return ListHashSetIterator<T, U>(this, position); 
+    }
+
+    template<typename T, typename U>
+    inline ListHashSetConstIterator<T, U> ListHashSet<T, U>::makeConstIterator(Node* position) const
+    { 
+        return ListHashSetConstIterator<T, U>(this, position); 
+    }
+
+    template<bool, typename ValueType, typename HashTableType>
+    void deleteAllValues(HashTableType& collection)
+    {
+        typedef typename HashTableType::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete (*it)->m_value;
+    }
+
+    template<typename T, typename U>
+    inline void deleteAllValues(const ListHashSet<T, U>& collection)
+    {
+        deleteAllValues<true, typename ListHashSet<T, U>::ValueType>(collection.m_impl);
+    }
+
+} // namespace WTF
+
+using WTF::ListHashSet;
+
+#endif /* WTF_ListHashSet_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListRefPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListRefPtr.h
new file mode 100644
index 000000000..d863226b0
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ListRefPtr.h
@@ -0,0 +1,67 @@
+/*
+ *  Copyright (C) 2005, 2006, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_ListRefPtr_h
+#define WTF_ListRefPtr_h
+
+#include <wtf/RefPtr.h>
+
+namespace WTF {
+
+    // Specialized version of RefPtr desgined for use in singly-linked lists. 
+    // Derefs the list iteratively to avoid recursive derefing that can overflow the stack.
+    template <typename T> class ListRefPtr : public RefPtr<T> {
+    public:
+        ListRefPtr() : RefPtr<T>() {}
+        ListRefPtr(T* ptr) : RefPtr<T>(ptr) {}
+        ListRefPtr(const RefPtr<T>& o) : RefPtr<T>(o) {}
+        // see comment in PassRefPtr.h for why this takes const reference
+        template <typename U> ListRefPtr(const PassRefPtr<U>& o) : RefPtr<T>(o) {}
+        
+        ~ListRefPtr();
+        
+        ListRefPtr& operator=(T* optr) { RefPtr<T>::operator=(optr); return *this; }
+        ListRefPtr& operator=(const RefPtr<T>& o) { RefPtr<T>::operator=(o); return *this; }
+        ListRefPtr& operator=(const PassRefPtr<T>& o) { RefPtr<T>::operator=(o); return *this; }
+        template <typename U> ListRefPtr& operator=(const RefPtr<U>& o) { RefPtr<T>::operator=(o); return *this; }
+        template <typename U> ListRefPtr& operator=(const PassRefPtr<U>& o) { RefPtr<T>::operator=(o); return *this; }
+    };
+
+    template <typename T> 
+#if !COMPILER(WINSCW)
+    inline
+#endif
+    ListRefPtr<T>::~ListRefPtr()
+    {
+        RefPtr<T> reaper = this->release();
+        while (reaper && reaper->hasOneRef())
+            reaper = reaper->releaseNext(); // implicitly protects reaper->next, then derefs reaper
+    }
+
+    template <typename T> inline T* getPtr(const ListRefPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::ListRefPtr;
+
+#endif // WTF_ListRefPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Locker.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Locker.h
new file mode 100644
index 000000000..41813d3f9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Locker.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef Locker_h
+#define Locker_h
+
+#include <wtf/Noncopyable.h>
+
+namespace WTF {
+
+template <typename T> class Locker : public Noncopyable {
+public:
+    Locker(T& lockable) : m_lockable(lockable) { m_lockable.lock(); }
+    ~Locker() { m_lockable.unlock(); }
+private:
+    T& m_lockable;
+};
+
+}
+
+using WTF::Locker;
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.cpp
new file mode 100644
index 000000000..e999094df
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "MainThread.h"
+
+#include "StdLibExtras.h"
+#include "CurrentTime.h"
+#include "Deque.h"
+#include "Threading.h"
+
+namespace WTF {
+
+struct FunctionWithContext {
+    MainThreadFunction* function;
+    void* context;
+
+    FunctionWithContext(MainThreadFunction* function = 0, void* context = 0)
+        : function(function)
+        , context(context)
+    { 
+    }
+};
+
+typedef Deque<FunctionWithContext> FunctionQueue;
+
+static bool callbacksPaused; // This global variable is only accessed from main thread.
+
+Mutex& mainThreadFunctionQueueMutex()
+{
+    DEFINE_STATIC_LOCAL(Mutex, staticMutex, ());
+    return staticMutex;
+}
+
+static FunctionQueue& functionQueue()
+{
+    DEFINE_STATIC_LOCAL(FunctionQueue, staticFunctionQueue, ());
+    return staticFunctionQueue;
+}
+
+void initializeMainThread()
+{
+    mainThreadFunctionQueueMutex();
+    initializeMainThreadPlatform();
+}
+
+// 0.1 sec delays in UI is approximate threshold when they become noticeable. Have a limit that's half of that.
+static const double maxRunLoopSuspensionTime = 0.05;
+
+void dispatchFunctionsFromMainThread()
+{
+    ASSERT(isMainThread());
+
+    if (callbacksPaused)
+        return;
+
+    double startTime = currentTime();
+
+    FunctionWithContext invocation;
+    while (true) {
+        {
+            MutexLocker locker(mainThreadFunctionQueueMutex());
+            if (!functionQueue().size())
+                break;
+            invocation = functionQueue().first();
+            functionQueue().removeFirst();
+        }
+
+        invocation.function(invocation.context);
+
+        // If we are running accumulated functions for too long so UI may become unresponsive, we need to
+        // yield so the user input can be processed. Otherwise user may not be able to even close the window.
+        // This code has effect only in case the scheduleDispatchFunctionsOnMainThread() is implemented in a way that
+        // allows input events to be processed before we are back here.
+        if (currentTime() - startTime > maxRunLoopSuspensionTime) {
+            scheduleDispatchFunctionsOnMainThread();
+            break;
+        }
+    }
+}
+
+void callOnMainThread(MainThreadFunction* function, void* context)
+{
+    ASSERT(function);
+    bool needToSchedule = false;
+    {
+        MutexLocker locker(mainThreadFunctionQueueMutex());
+        needToSchedule = functionQueue().size() == 0;
+        functionQueue().append(FunctionWithContext(function, context));
+    }
+    if (needToSchedule)
+        scheduleDispatchFunctionsOnMainThread();
+}
+
+void setMainThreadCallbacksPaused(bool paused)
+{
+    ASSERT(isMainThread());
+
+    if (callbacksPaused == paused)
+        return;
+
+    callbacksPaused = paused;
+
+    if (!callbacksPaused)
+        scheduleDispatchFunctionsOnMainThread();
+}
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.h
new file mode 100644
index 000000000..b8305b5d8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MainThread.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MainThread_h
+#define MainThread_h
+
+namespace WTF {
+
+class Mutex;
+
+extern "C" {
+    typedef void MainThreadFunction(void*);
+}
+
+void callOnMainThread(MainThreadFunction*, void* context);
+
+void setMainThreadCallbacksPaused(bool paused);
+
+// Must be called from the main thread (Darwin is an exception to this rule).
+void initializeMainThread();
+
+// These functions are internal to the callOnMainThread implementation.
+void initializeMainThreadPlatform();
+void scheduleDispatchFunctionsOnMainThread();
+Mutex& mainThreadFunctionQueueMutex();
+void dispatchFunctionsFromMainThread();
+
+} // namespace WTF
+
+using WTF::callOnMainThread;
+using WTF::setMainThreadCallbacksPaused;
+
+#endif // MainThread_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MallocZoneSupport.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MallocZoneSupport.h
new file mode 100644
index 000000000..62df14550
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MallocZoneSupport.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MallocZoneSupport_h
+#define MallocZoneSupport_h
+
+#include <malloc/malloc.h>
+
+namespace WTF {
+
+class RemoteMemoryReader {
+    task_t m_task;
+    memory_reader_t* m_reader;
+
+public:
+    RemoteMemoryReader(task_t task, memory_reader_t* reader)
+        : m_task(task)
+        , m_reader(reader)
+    { }
+
+    void* operator()(vm_address_t address, size_t size) const
+    {
+        void* output;
+        kern_return_t err = (*m_reader)(m_task, address, size, static_cast<void**>(&output));
+        ASSERT(!err);
+        if (err)
+            output = 0;
+        return output;
+    }
+
+    template <typename T>
+    T* operator()(T* address, size_t size=sizeof(T)) const
+    {
+        return static_cast<T*>((*this)(reinterpret_cast<vm_address_t>(address), size));
+    }
+};
+
+} // namespace WTF
+
+#endif // MallocZoneSupport_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MathExtras.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MathExtras.h
new file mode 100644
index 000000000..324300d3a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MathExtras.h
@@ -0,0 +1,178 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_MathExtras_h
+#define WTF_MathExtras_h
+
+#include <math.h>
+#include <stdlib.h>
+
+#if PLATFORM(SOLARIS)
+#include <ieeefp.h>
+#endif
+
+#if PLATFORM(OPENBSD)
+#include <sys/types.h>
+#include <machine/ieee.h>
+#endif
+
+#if COMPILER(MSVC)
+#if PLATFORM(WINCE)
+#include <stdlib.h>
+#endif
+#include <limits>
+
+#if HAVE(FLOAT_H)
+#include <float.h>
+#endif
+
+#endif
+
+#ifndef M_PI
+const double piDouble = 3.14159265358979323846;
+const float piFloat = 3.14159265358979323846f;
+#else
+const double piDouble = M_PI;
+const float piFloat = static_cast<float>(M_PI);
+#endif
+
+#ifndef M_PI_4
+const double piOverFourDouble = 0.785398163397448309616;
+const float piOverFourFloat = 0.785398163397448309616f;
+#else
+const double piOverFourDouble = M_PI_4;
+const float piOverFourFloat = static_cast<float>(M_PI_4);
+#endif
+
+#if PLATFORM(DARWIN)
+
+// Work around a bug in the Mac OS X libc where ceil(-0.1) return +0.
+inline double wtf_ceil(double x) { return copysign(ceil(x), x); }
+
+#define ceil(x) wtf_ceil(x)
+
+#endif
+
+#if PLATFORM(SOLARIS)
+
+#ifndef isfinite
+inline bool isfinite(double x) { return finite(x) && !isnand(x); }
+#endif
+#ifndef isinf
+inline bool isinf(double x) { return !finite(x) && !isnand(x); }
+#endif
+#ifndef signbit
+inline bool signbit(double x) { return x < 0.0; } // FIXME: Wrong for negative 0.
+#endif
+
+#endif
+
+#if PLATFORM(OPENBSD)
+
+#ifndef isfinite
+inline bool isfinite(double x) { return finite(x); }
+#endif
+#ifndef signbit
+inline bool signbit(double x) { struct ieee_double *p = (struct ieee_double *)&x; return p->dbl_sign; }
+#endif
+
+#endif
+
+#if COMPILER(MSVC) || COMPILER(RVCT)
+
+inline long lround(double num) { return static_cast<long>(num > 0 ? num + 0.5 : ceil(num - 0.5)); }
+inline long lroundf(float num) { return static_cast<long>(num > 0 ? num + 0.5f : ceilf(num - 0.5f)); }
+inline double round(double num) { return num > 0 ? floor(num + 0.5) : ceil(num - 0.5); }
+inline float roundf(float num) { return num > 0 ? floorf(num + 0.5f) : ceilf(num - 0.5f); }
+inline double trunc(double num) { return num > 0 ? floor(num) : ceil(num); }
+
+#endif
+
+#if COMPILER(MSVC)
+
+inline bool isinf(double num) { return !_finite(num) && !_isnan(num); }
+inline bool isnan(double num) { return !!_isnan(num); }
+inline bool signbit(double num) { return _copysign(1.0, num) < 0; }
+
+inline double nextafter(double x, double y) { return _nextafter(x, y); }
+inline float nextafterf(float x, float y) { return x > y ? x - FLT_EPSILON : x + FLT_EPSILON; }
+
+inline double copysign(double x, double y) { return _copysign(x, y); }
+inline int isfinite(double x) { return _finite(x); }
+
+// Work around a bug in Win, where atan2(+-infinity, +-infinity) yields NaN instead of specific values.
+inline double wtf_atan2(double x, double y)
+{
+    double posInf = std::numeric_limits<double>::infinity();
+    double negInf = -std::numeric_limits<double>::infinity();
+    double nan = std::numeric_limits<double>::quiet_NaN();
+
+    double result = nan;
+
+    if (x == posInf && y == posInf)
+        result = piOverFourDouble;
+    else if (x == posInf && y == negInf)
+        result = 3 * piOverFourDouble;
+    else if (x == negInf && y == posInf)
+        result = -piOverFourDouble;
+    else if (x == negInf && y == negInf)
+        result = -3 * piOverFourDouble;
+    else
+        result = ::atan2(x, y);
+
+    return result;
+}
+
+// Work around a bug in the Microsoft CRT, where fmod(x, +-infinity) yields NaN instead of x.
+inline double wtf_fmod(double x, double y) { return (!isinf(x) && isinf(y)) ? x : fmod(x, y); }
+
+// Work around a bug in the Microsoft CRT, where pow(NaN, 0) yields NaN instead of 1.
+inline double wtf_pow(double x, double y) { return y == 0 ? 1 : pow(x, y); }
+
+#define atan2(x, y) wtf_atan2(x, y)
+#define fmod(x, y) wtf_fmod(x, y)
+#define pow(x, y) wtf_pow(x, y)
+
+#endif // COMPILER(MSVC)
+
+inline double deg2rad(double d)  { return d * piDouble / 180.0; }
+inline double rad2deg(double r)  { return r * 180.0 / piDouble; }
+inline double deg2grad(double d) { return d * 400.0 / 360.0; }
+inline double grad2deg(double g) { return g * 360.0 / 400.0; }
+inline double turn2deg(double t) { return t * 360.0; }
+inline double deg2turn(double d) { return d / 360.0; }
+inline double rad2grad(double r) { return r * 200.0 / piDouble; }
+inline double grad2rad(double g) { return g * piDouble / 200.0; }
+
+inline float deg2rad(float d)  { return d * piFloat / 180.0f; }
+inline float rad2deg(float r)  { return r * 180.0f / piFloat; }
+inline float deg2grad(float d) { return d * 400.0f / 360.0f; }
+inline float grad2deg(float g) { return g * 360.0f / 400.0f; }
+inline float turn2deg(float t) { return t * 360.0f; }
+inline float deg2turn(float d) { return d / 360.0f; }
+inline float rad2grad(float r) { return r * 200.0f / piFloat; }
+inline float grad2rad(float g) { return g * piFloat / 200.0f; }
+
+#endif // #ifndef WTF_MathExtras_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MessageQueue.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MessageQueue.h
new file mode 100644
index 000000000..070b76c4f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/MessageQueue.h
@@ -0,0 +1,183 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MessageQueue_h
+#define MessageQueue_h
+
+#include <limits>
+#include <wtf/Assertions.h>
+#include <wtf/Deque.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/Threading.h>
+
+namespace WTF {
+
+    enum MessageQueueWaitResult {
+        MessageQueueTerminated,       // Queue was destroyed while waiting for message.
+        MessageQueueTimeout,          // Timeout was specified and it expired.
+        MessageQueueMessageReceived   // A message was successfully received and returned.
+    };
+
+    template<typename DataType>
+    class MessageQueue : public Noncopyable {
+    public:
+        MessageQueue() : m_killed(false) { }
+        
+        void append(const DataType&);
+        bool appendAndCheckEmpty(const DataType&);
+        void prepend(const DataType&);
+        bool waitForMessage(DataType&);
+        template<typename Predicate>
+        MessageQueueWaitResult waitForMessageFilteredWithTimeout(DataType&, Predicate&, double absoluteTime);
+        void kill();
+
+        bool tryGetMessage(DataType&);
+        bool killed() const;
+
+        // The result of isEmpty() is only valid if no other thread is manipulating the queue at the same time.
+        bool isEmpty();
+
+        static double infiniteTime() { return std::numeric_limits<double>::max(); }
+
+    private:
+        static bool alwaysTruePredicate(DataType&) { return true; }
+
+        mutable Mutex m_mutex;
+        ThreadCondition m_condition;
+        Deque<DataType> m_queue;
+        bool m_killed;
+    };
+
+    template<typename DataType>
+    inline void MessageQueue<DataType>::append(const DataType& message)
+    {
+        MutexLocker lock(m_mutex);
+        m_queue.append(message);
+        m_condition.signal();
+    }
+
+    // Returns true if the queue was empty before the item was added.
+    template<typename DataType>
+    inline bool MessageQueue<DataType>::appendAndCheckEmpty(const DataType& message)
+    {
+        MutexLocker lock(m_mutex);
+        bool wasEmpty = m_queue.isEmpty();
+        m_queue.append(message);
+        m_condition.signal();
+        return wasEmpty;
+    }
+
+    template<typename DataType>
+    inline void MessageQueue<DataType>::prepend(const DataType& message)
+    {
+        MutexLocker lock(m_mutex);
+        m_queue.prepend(message);
+        m_condition.signal();
+    }
+
+    template<typename DataType>
+    inline bool MessageQueue<DataType>::waitForMessage(DataType& result)
+    {
+        MessageQueueWaitResult exitReason = waitForMessageFilteredWithTimeout(result, MessageQueue<DataType>::alwaysTruePredicate, infiniteTime());
+        ASSERT(exitReason == MessageQueueTerminated || exitReason == MessageQueueMessageReceived);
+        return exitReason == MessageQueueMessageReceived;
+    }
+
+    template<typename DataType>
+    template<typename Predicate>
+    inline MessageQueueWaitResult MessageQueue<DataType>::waitForMessageFilteredWithTimeout(DataType& result, Predicate& predicate, double absoluteTime)
+    {
+        MutexLocker lock(m_mutex);
+        bool timedOut = false;
+
+        DequeConstIterator<DataType> found = m_queue.end();
+        while (!m_killed && !timedOut && (found = m_queue.findIf(predicate)) == m_queue.end())
+            timedOut = !m_condition.timedWait(m_mutex, absoluteTime);
+
+        ASSERT(!timedOut || absoluteTime != infiniteTime());
+
+        if (m_killed)
+            return MessageQueueTerminated;
+
+        if (timedOut)
+            return MessageQueueTimeout;
+
+        ASSERT(found != m_queue.end());
+        result = *found;
+        m_queue.remove(found);
+        return MessageQueueMessageReceived;
+    }
+
+    template<typename DataType>
+    inline bool MessageQueue<DataType>::tryGetMessage(DataType& result)
+    {
+        MutexLocker lock(m_mutex);
+        if (m_killed)
+            return false;
+        if (m_queue.isEmpty())
+            return false;
+
+        result = m_queue.first();
+        m_queue.removeFirst();
+        return true;
+    }
+
+    template<typename DataType>
+    inline bool MessageQueue<DataType>::isEmpty()
+    {
+        MutexLocker lock(m_mutex);
+        if (m_killed)
+            return true;
+        return m_queue.isEmpty();
+    }
+
+    template<typename DataType>
+    inline void MessageQueue<DataType>::kill()
+    {
+        MutexLocker lock(m_mutex);
+        m_killed = true;
+        m_condition.broadcast();
+    }
+
+    template<typename DataType>
+    inline bool MessageQueue<DataType>::killed() const
+    {
+        MutexLocker lock(m_mutex);
+        return m_killed;
+    }
+} // namespace WTF
+
+using WTF::MessageQueue;
+// MessageQueueWaitResult enum and all its values.
+using WTF::MessageQueueWaitResult;
+using WTF::MessageQueueTerminated;
+using WTF::MessageQueueTimeout;
+using WTF::MessageQueueMessageReceived;
+
+#endif // MessageQueue_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Noncopyable.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Noncopyable.h
new file mode 100644
index 000000000..60a46e266
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Noncopyable.h
@@ -0,0 +1,52 @@
+/*
+ *  Copyright (C) 2006 Apple Computer, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_Noncopyable_h
+#define WTF_Noncopyable_h
+
+// We don't want argument-dependent lookup to pull in everything from the WTF
+// namespace when you use Noncopyable, so put it in its own namespace.
+
+#include "FastAllocBase.h"
+
+namespace WTFNoncopyable {
+
+    class Noncopyable : public FastAllocBase {
+        Noncopyable(const Noncopyable&);
+        Noncopyable& operator=(const Noncopyable&);
+    protected:
+        Noncopyable() { }
+        ~Noncopyable() { }
+    };
+
+    class NoncopyableCustomAllocated {
+        NoncopyableCustomAllocated(const NoncopyableCustomAllocated&);
+        NoncopyableCustomAllocated& operator=(const NoncopyableCustomAllocated&);
+    protected:
+        NoncopyableCustomAllocated() { }
+        ~NoncopyableCustomAllocated() { }
+    };
+
+} // namespace WTFNoncopyable
+
+using WTFNoncopyable::Noncopyable;
+using WTFNoncopyable::NoncopyableCustomAllocated;
+
+#endif // WTF_Noncopyable_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/NotFound.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/NotFound.h
new file mode 100644
index 000000000..4263bceca
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/NotFound.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NotFound_h
+#define NotFound_h
+
+namespace WTF {
+
+    const size_t notFound = static_cast<size_t>(-1);
+
+} // namespace WTF
+
+using WTF::notFound;
+
+#endif // NotFound_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnArrayPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnArrayPtr.h
new file mode 100644
index 000000000..61375c769
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnArrayPtr.h
@@ -0,0 +1,75 @@
+/*
+ *  Copyright (C) 2006 Apple Computer, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_OwnArrayPtr_h
+#define WTF_OwnArrayPtr_h
+
+#include <algorithm>
+#include <wtf/Assertions.h>
+#include <wtf/Noncopyable.h>
+
+namespace WTF {
+
+    template <typename T> class OwnArrayPtr : public Noncopyable {
+    public:
+        explicit OwnArrayPtr(T* ptr = 0) : m_ptr(ptr) { }
+        ~OwnArrayPtr() { safeDelete(); }
+
+        T* get() const { return m_ptr; }
+        T* release() { T* ptr = m_ptr; m_ptr = 0; return ptr; }
+
+        void set(T* ptr) { ASSERT(m_ptr != ptr); safeDelete(); m_ptr = ptr; }
+        void clear() { safeDelete(); m_ptr = 0; }
+
+        T& operator*() const { ASSERT(m_ptr); return *m_ptr; }
+        T* operator->() const { ASSERT(m_ptr); return m_ptr; }
+
+        T& operator[](std::ptrdiff_t i) const { ASSERT(m_ptr); ASSERT(i >= 0); return m_ptr[i]; }
+
+        bool operator!() const { return !m_ptr; }
+
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+#if COMPILER(WINSCW)
+        operator bool() const { return m_ptr; }
+#else
+        typedef T* OwnArrayPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &OwnArrayPtr::m_ptr : 0; }
+#endif
+
+        void swap(OwnArrayPtr& o) { std::swap(m_ptr, o.m_ptr); }
+
+    private:
+        void safeDelete() { typedef char known[sizeof(T) ? 1 : -1]; if (sizeof(known)) delete [] m_ptr; }
+
+        T* m_ptr;
+    };
+    
+    template <typename T> inline void swap(OwnArrayPtr<T>& a, OwnArrayPtr<T>& b) { a.swap(b); }
+
+    template <typename T> inline T* getPtr(const OwnArrayPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::OwnArrayPtr;
+
+#endif // WTF_OwnArrayPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnFastMallocPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnFastMallocPtr.h
new file mode 100644
index 000000000..c88235a8a
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnFastMallocPtr.h
@@ -0,0 +1,52 @@
+/*
+ *  Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ *  Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef OwnFastMallocPtr_h
+#define OwnFastMallocPtr_h
+
+#include "FastMalloc.h"
+#include "Noncopyable.h"
+
+namespace WTF {
+
+    template<class T> class OwnFastMallocPtr : public Noncopyable {
+    public:
+        explicit OwnFastMallocPtr(T* ptr) : m_ptr(ptr)
+        {
+        }
+
+        ~OwnFastMallocPtr()
+        {
+            fastFree(m_ptr);
+        }
+
+        T* get() const { return m_ptr; }
+        T* release() { T* ptr = m_ptr; m_ptr = 0; return ptr; }
+
+    private:
+        T* m_ptr;
+    };
+
+} // namespace WTF
+
+using WTF::OwnFastMallocPtr;
+
+#endif // OwnFastMallocPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtr.h
new file mode 100644
index 000000000..b7e62b1ea
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtr.h
@@ -0,0 +1,142 @@
+/*
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_OwnPtr_h
+#define WTF_OwnPtr_h
+
+#include "Assertions.h"
+#include "Noncopyable.h"
+#include "OwnPtrCommon.h"
+#include "TypeTraits.h"
+#include <algorithm>
+#include <memory>
+
+namespace WTF {
+
+    // Unlike most of our smart pointers, OwnPtr can take either the pointer type or the pointed-to type.
+
+    template <typename T> class PassOwnPtr;
+
+    template <typename T> class OwnPtr : public Noncopyable {
+    public:
+        typedef typename RemovePointer<T>::Type ValueType;
+        typedef ValueType* PtrType;
+
+        explicit OwnPtr(PtrType ptr = 0) : m_ptr(ptr) { }
+        OwnPtr(std::auto_ptr<ValueType> autoPtr) : m_ptr(autoPtr.release()) { }
+        // See comment in PassOwnPtr.h for why this takes a const reference.
+        template <typename U> OwnPtr(const PassOwnPtr<U>& o);
+
+        // This copy constructor is used implicitly by gcc when it generates
+        // transients for assigning a PassOwnPtr<T> object to a stack-allocated
+        // OwnPtr<T> object.  It should never be called explicitly and gcc
+        // should optimize away the constructor when generating code.
+        OwnPtr(const OwnPtr<ValueType>& o);
+
+        ~OwnPtr() { deleteOwnedPtr(m_ptr); }
+
+        PtrType get() const { return m_ptr; }
+        PtrType release() { PtrType ptr = m_ptr; m_ptr = 0; return ptr; }
+
+        // FIXME: This should be renamed to adopt. 
+        void set(PtrType ptr) { ASSERT(!ptr || m_ptr != ptr); deleteOwnedPtr(m_ptr); m_ptr = ptr; }
+
+        void adopt(std::auto_ptr<ValueType> autoPtr) { ASSERT(!autoPtr.get() || m_ptr != autoPtr.get()); deleteOwnedPtr(m_ptr); m_ptr = autoPtr.release(); }
+
+        void clear() { deleteOwnedPtr(m_ptr); m_ptr = 0; }
+
+        ValueType& operator*() const { ASSERT(m_ptr); return *m_ptr; }
+        PtrType operator->() const { ASSERT(m_ptr); return m_ptr; }
+
+        bool operator!() const { return !m_ptr; }
+
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+        typedef PtrType OwnPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &OwnPtr::m_ptr : 0; }
+
+        OwnPtr& operator=(const PassOwnPtr<T>&);
+        template <typename U> OwnPtr& operator=(const PassOwnPtr<U>&);
+
+        void swap(OwnPtr& o) { std::swap(m_ptr, o.m_ptr); }
+
+    private:
+        PtrType m_ptr;
+    };
+
+    template <typename T> template <typename U> inline OwnPtr<T>::OwnPtr(const PassOwnPtr<U>& o)
+        : m_ptr(o.release())
+    {
+    }
+
+    template <typename T> inline OwnPtr<T>& OwnPtr<T>::operator=(const PassOwnPtr<T>& o)
+    {
+        T* ptr = m_ptr;
+        m_ptr = o.release();
+        ASSERT(!ptr || m_ptr != ptr);
+        if (ptr)
+            deleteOwnedPtr(ptr);
+        return *this;
+    }
+
+    template <typename T> template <typename U> inline OwnPtr<T>& OwnPtr<T>::operator=(const PassOwnPtr<U>& o)
+    {
+        T* ptr = m_ptr;
+        m_ptr = o.release();
+        ASSERT(!ptr || m_ptr != ptr);
+        if (ptr)
+            deleteOwnedPtr(ptr);
+        return *this;
+    }
+
+    template <typename T> inline void swap(OwnPtr<T>& a, OwnPtr<T>& b)
+    {
+        a.swap(b);
+    }
+
+    template <typename T, typename U> inline bool operator==(const OwnPtr<T>& a, U* b)
+    {
+        return a.get() == b; 
+    }
+
+    template <typename T, typename U> inline bool operator==(T* a, const OwnPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const OwnPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+
+    template <typename T, typename U> inline bool operator!=(T* a, const OwnPtr<U>& b)
+    {
+        return a != b.get(); 
+    }
+
+    template <typename T> inline typename OwnPtr<T>::PtrType getPtr(const OwnPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::OwnPtr;
+
+#endif // WTF_OwnPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrCommon.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrCommon.h
new file mode 100644
index 000000000..6d91a54b9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrCommon.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Torch Mobile, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_OwnPtrCommon_h
+#define WTF_OwnPtrCommon_h
+
+#if PLATFORM(WIN)
+typedef struct HBITMAP__* HBITMAP;
+typedef struct HBRUSH__* HBRUSH;
+typedef struct HDC__* HDC;
+typedef struct HFONT__* HFONT;
+typedef struct HPALETTE__* HPALETTE;
+typedef struct HPEN__* HPEN;
+typedef struct HRGN__* HRGN;
+#endif
+
+namespace WTF {
+
+    template <typename T> inline void deleteOwnedPtr(T* ptr)
+    {
+        typedef char known[sizeof(T) ? 1 : -1];
+        if (sizeof(known))
+            delete ptr;
+    }
+
+#if PLATFORM(WIN)
+    void deleteOwnedPtr(HBITMAP);
+    void deleteOwnedPtr(HBRUSH);
+    void deleteOwnedPtr(HDC);
+    void deleteOwnedPtr(HFONT);
+    void deleteOwnedPtr(HPALETTE);
+    void deleteOwnedPtr(HPEN);
+    void deleteOwnedPtr(HRGN);
+#endif
+
+} // namespace WTF
+
+#endif // WTF_OwnPtrCommon_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrWin.cpp
new file mode 100644
index 000000000..67a32ff77
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/OwnPtrWin.cpp
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2009 Torch Mobile, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "OwnPtr.h"
+
+#include <windows.h>
+
+namespace WTF {
+
+void deleteOwnedPtr(HBITMAP ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+void deleteOwnedPtr(HBRUSH ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+void deleteOwnedPtr(HDC ptr)
+{
+    if (ptr)
+        DeleteDC(ptr);
+}
+
+void deleteOwnedPtr(HFONT ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+void deleteOwnedPtr(HPALETTE ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+void deleteOwnedPtr(HPEN ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+void deleteOwnedPtr(HRGN ptr)
+{
+    if (ptr)
+        DeleteObject(ptr);
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassOwnPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassOwnPtr.h
new file mode 100644
index 000000000..ae7045786
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassOwnPtr.h
@@ -0,0 +1,177 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_PassOwnPtr_h
+#define WTF_PassOwnPtr_h
+
+#include "Assertions.h"
+#include "OwnPtrCommon.h"
+#include "TypeTraits.h"
+
+namespace WTF {
+
+    // Unlike most of our smart pointers, PassOwnPtr can take either the pointer type or the pointed-to type.
+
+    template <typename T> class OwnPtr;
+
+    template <typename T> class PassOwnPtr {
+    public:
+        typedef typename RemovePointer<T>::Type ValueType;
+        typedef ValueType* PtrType;
+
+        PassOwnPtr(PtrType ptr = 0) : m_ptr(ptr) { }
+        // It somewhat breaks the type system to allow transfer of ownership out of
+        // a const PassOwnPtr. However, it makes it much easier to work with PassOwnPtr
+        // temporaries, and we don't really have a need to use real const PassOwnPtrs 
+        // anyway.
+        PassOwnPtr(const PassOwnPtr& o) : m_ptr(o.release()) { }
+        template <typename U> PassOwnPtr(const PassOwnPtr<U>& o) : m_ptr(o.release()) { }
+
+        ~PassOwnPtr() { deleteOwnedPtr(m_ptr); }
+
+        PtrType get() const { return m_ptr; }
+
+        void clear() { m_ptr = 0; }
+        PtrType release() const { PtrType ptr = m_ptr; m_ptr = 0; return ptr; }
+
+        ValueType& operator*() const { ASSERT(m_ptr); return *m_ptr; }
+        PtrType operator->() const { ASSERT(m_ptr); return m_ptr; }
+
+        bool operator!() const { return !m_ptr; }
+
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+        typedef PtrType PassOwnPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &PassOwnPtr::m_ptr : 0; }
+
+        PassOwnPtr& operator=(T*);
+        PassOwnPtr& operator=(const PassOwnPtr<T>&);
+        template <typename U> PassOwnPtr& operator=(const PassOwnPtr<U>&);
+
+    private:
+        mutable PtrType m_ptr;
+    };
+
+    template <typename T> inline PassOwnPtr<T>& PassOwnPtr<T>::operator=(T* optr)
+    {
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        ASSERT(!ptr || m_ptr != ptr);
+        if (ptr)
+            deleteOwnedPtr(ptr);
+        return *this;
+    }
+
+    template <typename T> inline PassOwnPtr<T>& PassOwnPtr<T>::operator=(const PassOwnPtr<T>& optr)
+    {
+        T* ptr = m_ptr;
+        m_ptr = optr.release();
+        ASSERT(!ptr || m_ptr != ptr);
+        if (ptr)
+            deleteOwnedPtr(ptr);
+        return *this;
+    }
+
+    template <typename T> template <typename U> inline PassOwnPtr<T>& PassOwnPtr<T>::operator=(const PassOwnPtr<U>& optr)
+    {
+        T* ptr = m_ptr;
+        m_ptr = optr.release();
+        ASSERT(!ptr || m_ptr != ptr);
+        if (ptr)
+            deleteOwnedPtr(ptr);
+        return *this;
+    }
+
+    template <typename T, typename U> inline bool operator==(const PassOwnPtr<T>& a, const PassOwnPtr<U>& b) 
+    {
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const PassOwnPtr<T>& a, const OwnPtr<U>& b) 
+    {
+        return a.get() == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator==(const OwnPtr<T>& a, const PassOwnPtr<U>& b) 
+    {
+        return a.get() == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator==(const PassOwnPtr<T>& a, U* b) 
+    {
+        return a.get() == b; 
+    }
+    
+    template <typename T, typename U> inline bool operator==(T* a, const PassOwnPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const PassOwnPtr<T>& a, const PassOwnPtr<U>& b) 
+    {
+        return a.get() != b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const PassOwnPtr<T>& a, const OwnPtr<U>& b) 
+    {
+        return a.get() != b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const OwnPtr<T>& a, const PassOwnPtr<U>& b) 
+    {
+        return a.get() != b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const PassOwnPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(T* a, const PassOwnPtr<U>& b) 
+    {
+        return a != b.get(); 
+    }
+
+    template <typename T, typename U> inline PassOwnPtr<T> static_pointer_cast(const PassOwnPtr<U>& p) 
+    {
+        return PassOwnPtr<T>(static_cast<T*>(p.release())); 
+    }
+
+    template <typename T, typename U> inline PassOwnPtr<T> const_pointer_cast(const PassOwnPtr<U>& p) 
+    {
+        return PassOwnPtr<T>(const_cast<T*>(p.release())); 
+    }
+
+    template <typename T> inline T* getPtr(const PassOwnPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::PassOwnPtr;
+using WTF::const_pointer_cast;
+using WTF::static_pointer_cast;
+
+#endif // WTF_PassOwnPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassRefPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassRefPtr.h
new file mode 100644
index 000000000..ae398d379
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PassRefPtr.h
@@ -0,0 +1,210 @@
+/*
+ *  Copyright (C) 2005, 2006, 2007 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_PassRefPtr_h
+#define WTF_PassRefPtr_h
+
+#include "AlwaysInline.h"
+
+namespace WTF {
+
+    template<typename T> class RefPtr;
+    template<typename T> class PassRefPtr;
+    template <typename T> PassRefPtr<T> adoptRef(T*);
+    
+    // Remove inline for winscw compiler to prevent the compiler agressively resolving 
+    // T::deref(), which will fail compiling when PassRefPtr<T> is used as class member 
+    // or function arguments before T is defined.
+    template<typename T> 
+#if !COMPILER(WINSCW)
+    inline 
+#endif
+    void derefIfNotNull(T* ptr)
+    {
+        if (UNLIKELY(ptr != 0))
+            ptr->deref();
+    }
+
+    template<typename T>
+#if !COMPILER(WINSCW)
+    inline
+#endif
+    void refIfNotNull(T* ptr)
+    {
+        if (UNLIKELY(ptr != 0))
+            ptr->ref();
+    }
+
+    template<typename T> class PassRefPtr {
+    public:
+        PassRefPtr() : m_ptr(0) {}
+        PassRefPtr(T* ptr) : m_ptr(ptr) { refIfNotNull(ptr); }
+        // It somewhat breaks the type system to allow transfer of ownership out of
+        // a const PassRefPtr. However, it makes it much easier to work with PassRefPtr
+        // temporaries, and we don't really have a need to use real const PassRefPtrs 
+        // anyway.
+        PassRefPtr(const PassRefPtr& o) : m_ptr(o.releaseRef()) {}
+        template <typename U> PassRefPtr(const PassRefPtr<U>& o) : m_ptr(o.releaseRef()) { }
+
+        ALWAYS_INLINE ~PassRefPtr() { derefIfNotNull(m_ptr); }
+
+        template <class U> 
+        PassRefPtr(const RefPtr<U>& o) : m_ptr(o.get()) { T* ptr = m_ptr; refIfNotNull(ptr); }
+        
+        T* get() const { return m_ptr; }
+
+        void clear() { T* ptr = m_ptr; derefIfNotNull(ptr); m_ptr = 0; }
+        T* releaseRef() const { T* tmp = m_ptr; m_ptr = 0; return tmp; }
+
+        T& operator*() const { return *m_ptr; }
+        T* operator->() const { return m_ptr; }
+        
+        bool operator!() const { return !m_ptr; }
+
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+        // Parenthesis is needed for winscw compiler to resolve class qualifier in this case.
+        typedef T* (PassRefPtr::*UnspecifiedBoolType);
+        operator UnspecifiedBoolType() const { return m_ptr ? &PassRefPtr::m_ptr : 0; }
+
+        PassRefPtr& operator=(T*);
+        PassRefPtr& operator=(const PassRefPtr&);
+        template <typename U> PassRefPtr& operator=(const PassRefPtr<U>&);
+        template <typename U> PassRefPtr& operator=(const RefPtr<U>&);
+
+        friend PassRefPtr adoptRef<T>(T*);
+    private:
+        // adopting constructor
+        PassRefPtr(T* ptr, bool) : m_ptr(ptr) {}
+        mutable T* m_ptr;
+    };
+    
+    template <typename T> template <typename U> inline PassRefPtr<T>& PassRefPtr<T>::operator=(const RefPtr<U>& o) 
+    {
+        T* optr = o.get();
+        refIfNotNull(optr);
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        derefIfNotNull(ptr);
+        return *this;
+    }
+    
+    template <typename T> inline PassRefPtr<T>& PassRefPtr<T>::operator=(T* optr)
+    {
+        refIfNotNull(optr);
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        derefIfNotNull(ptr);
+        return *this;
+    }
+
+    template <typename T> inline PassRefPtr<T>& PassRefPtr<T>::operator=(const PassRefPtr<T>& ref)
+    {
+        T* ptr = m_ptr;
+        m_ptr = ref.releaseRef();
+        derefIfNotNull(ptr);
+        return *this;
+    }
+    
+    template <typename T> template <typename U> inline PassRefPtr<T>& PassRefPtr<T>::operator=(const PassRefPtr<U>& ref)
+    {
+        T* ptr = m_ptr;
+        m_ptr = ref.releaseRef();
+        derefIfNotNull(ptr);
+        return *this;
+    }
+    
+    template <typename T, typename U> inline bool operator==(const PassRefPtr<T>& a, const PassRefPtr<U>& b) 
+    { 
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const PassRefPtr<T>& a, const RefPtr<U>& b) 
+    { 
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const PassRefPtr<U>& b) 
+    { 
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const PassRefPtr<T>& a, U* b) 
+    { 
+        return a.get() == b; 
+    }
+    
+    template <typename T, typename U> inline bool operator==(T* a, const PassRefPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const PassRefPtr<T>& a, const PassRefPtr<U>& b) 
+    { 
+        return a.get() != b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const PassRefPtr<T>& a, const RefPtr<U>& b) 
+    { 
+        return a.get() != b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const PassRefPtr<U>& b) 
+    { 
+        return a.get() != b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const PassRefPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+
+    template <typename T, typename U> inline bool operator!=(T* a, const PassRefPtr<U>& b) 
+    { 
+        return a != b.get(); 
+    }
+    
+    template <typename T> inline PassRefPtr<T> adoptRef(T* p)
+    {
+        return PassRefPtr<T>(p, true);
+    }
+
+    template <typename T, typename U> inline PassRefPtr<T> static_pointer_cast(const PassRefPtr<U>& p) 
+    { 
+        return adoptRef(static_cast<T*>(p.releaseRef())); 
+    }
+
+    template <typename T, typename U> inline PassRefPtr<T> const_pointer_cast(const PassRefPtr<U>& p) 
+    { 
+        return adoptRef(const_cast<T*>(p.releaseRef())); 
+    }
+
+    template <typename T> inline T* getPtr(const PassRefPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::PassRefPtr;
+using WTF::adoptRef;
+using WTF::static_pointer_cast;
+using WTF::const_pointer_cast;
+
+#endif // WTF_PassRefPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
new file mode 100644
index 000000000..be74e2a5f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
@@ -0,0 +1,889 @@
+/*
+ * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc.  All rights reserved.
+ * Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_Platform_h
+#define WTF_Platform_h
+
+/* PLATFORM handles OS, operating environment, graphics API, and CPU */
+#define PLATFORM(WTF_FEATURE) (defined WTF_PLATFORM_##WTF_FEATURE  && WTF_PLATFORM_##WTF_FEATURE)
+#define COMPILER(WTF_FEATURE) (defined WTF_COMPILER_##WTF_FEATURE  && WTF_COMPILER_##WTF_FEATURE)
+#define HAVE(WTF_FEATURE) (defined HAVE_##WTF_FEATURE  && HAVE_##WTF_FEATURE)
+#define USE(WTF_FEATURE) (defined WTF_USE_##WTF_FEATURE  && WTF_USE_##WTF_FEATURE)
+#define ENABLE(WTF_FEATURE) (defined ENABLE_##WTF_FEATURE  && ENABLE_##WTF_FEATURE)
+
+/* Operating systems - low-level dependencies */
+
+/* PLATFORM(DARWIN) */
+/* Operating system level dependencies for Mac OS X / Darwin that should */
+/* be used regardless of operating environment */
+#ifdef __APPLE__
+#define WTF_PLATFORM_DARWIN 1
+#include <AvailabilityMacros.h>
+#if !defined(MAC_OS_X_VERSION_10_5) || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_5
+#define BUILDING_ON_TIGER 1
+#elif !defined(MAC_OS_X_VERSION_10_6) || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6
+#define BUILDING_ON_LEOPARD 1
+#endif
+#include <TargetConditionals.h>
+#endif
+
+/* PLATFORM(WIN_OS) */
+/* Operating system level dependencies for Windows that should be used */
+/* regardless of operating environment */
+#if defined(WIN32) || defined(_WIN32)
+#define WTF_PLATFORM_WIN_OS 1
+#endif
+
+/* PLATFORM(WINCE) */
+/* Operating system level dependencies for Windows CE that should be used */
+/* regardless of operating environment */
+/* Note that for this platform PLATFORM(WIN_OS) is also defined. */
+#if defined(_WIN32_WCE)
+#define WTF_PLATFORM_WINCE 1
+#endif
+
+/* PLATFORM(LINUX) */
+/* Operating system level dependencies for Linux-like systems that */
+/* should be used regardless of operating environment */
+#ifdef __linux__
+#define WTF_PLATFORM_LINUX 1
+#endif
+
+/* PLATFORM(FREEBSD) */
+/* Operating system level dependencies for FreeBSD-like systems that */
+/* should be used regardless of operating environment */
+#ifdef __FreeBSD__
+#define WTF_PLATFORM_FREEBSD 1
+#endif
+
+/* PLATFORM(OPENBSD) */
+/* Operating system level dependencies for OpenBSD systems that */
+/* should be used regardless of operating environment */
+#ifdef __OpenBSD__
+#define WTF_PLATFORM_OPENBSD 1
+#endif
+
+/* PLATFORM(SOLARIS) */
+/* Operating system level dependencies for Solaris that should be used */
+/* regardless of operating environment */
+#if defined(sun) || defined(__sun)
+#define WTF_PLATFORM_SOLARIS 1
+#endif
+
+/* PLATFORM(AIX) */
+/* Operating system level dependencies for AIX that should be used */
+/* regardless of operating environment */
+#if defined(_AIX)
+#define WTF_PLATFORM_AIX 1
+/* 64-bit mode on AIX */
+#ifdef __64BIT__
+#define WTF_PLATFORM_AIX64 1
+#endif
+#endif
+
+/* PLATFORM(HPUX) */
+/* Operating system level dependencies for HP-UX that should be used */
+/* regardless of operating environment */
+#if defined(hpux) || defined(__hpux)
+#define WTF_PLATFORM_HPUX 1
+#ifndef MAP_ANON
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+#endif
+
+#if defined (__SYMBIAN32__)
+/* we are cross-compiling, it is not really windows */
+#undef WTF_PLATFORM_WIN_OS
+#undef WTF_PLATFORM_WIN
+#define WTF_PLATFORM_SYMBIAN 1
+#endif
+
+
+/* PLATFORM(NETBSD) */
+/* Operating system level dependencies for NetBSD that should be used */
+/* regardless of operating environment */
+#if defined(__NetBSD__)
+#define WTF_PLATFORM_NETBSD 1
+#endif
+
+/* PLATFORM(QNX) */
+/* Operating system level dependencies for QNX that should be used */
+/* regardless of operating environment */
+#if defined(__QNXNTO__)
+#define WTF_PLATFORM_QNX 1
+#endif
+
+/* PLATFORM(UNIX) */
+/* Operating system level dependencies for Unix-like systems that */
+/* should be used regardless of operating environment */
+#if   PLATFORM(DARWIN)     \
+   || PLATFORM(FREEBSD)    \
+   || PLATFORM(SYMBIAN)    \
+   || PLATFORM(NETBSD)     \
+   || PLATFORM(SOLARIS)    \
+   || PLATFORM(HPUX)       \
+   || defined(unix)        \
+   || defined(__unix)      \
+   || defined(__unix__)    \
+   || PLATFORM(AIX)        \
+   || defined(__HAIKU__)   \
+   || defined(__QNXNTO__)
+#define WTF_PLATFORM_UNIX 1
+#endif
+
+/* Operating environments */
+
+/* PLATFORM(CHROMIUM) */
+/* PLATFORM(QT) */
+/* PLATFORM(GTK) */
+/* PLATFORM(MAC) */
+/* PLATFORM(WIN) */
+#if defined(BUILDING_CHROMIUM__)
+#define WTF_PLATFORM_CHROMIUM 1
+#elif defined(BUILDING_QT__)
+#define WTF_PLATFORM_QT 1
+
+/* PLATFORM(KDE) */
+#if defined(BUILDING_KDE__)
+#define WTF_PLATFORM_KDE 1
+#endif
+
+#elif defined(BUILDING_WX__)
+#define WTF_PLATFORM_WX 1
+#elif defined(BUILDING_GTK__)
+#define WTF_PLATFORM_GTK 1
+#elif defined(BUILDING_HAIKU__)
+#define WTF_PLATFORM_HAIKU 1
+#elif PLATFORM(DARWIN)
+#define WTF_PLATFORM_MAC 1
+#elif PLATFORM(WIN_OS)
+#define WTF_PLATFORM_WIN 1
+#endif
+
+/* PLATFORM(IPHONE) */
+#if (defined(TARGET_OS_EMBEDDED) && TARGET_OS_EMBEDDED) || (defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE)
+#define WTF_PLATFORM_IPHONE 1
+#endif
+
+/* PLATFORM(IPHONE_SIMULATOR) */
+#if defined(TARGET_IPHONE_SIMULATOR) && TARGET_IPHONE_SIMULATOR
+#define WTF_PLATFORM_IPHONE 1
+#define WTF_PLATFORM_IPHONE_SIMULATOR 1
+#else
+#define WTF_PLATFORM_IPHONE_SIMULATOR 0
+#endif
+
+#if !defined(WTF_PLATFORM_IPHONE)
+#define WTF_PLATFORM_IPHONE 0
+#endif
+
+/* Graphics engines */
+
+/* PLATFORM(CG) and PLATFORM(CI) */
+#if PLATFORM(MAC) || PLATFORM(IPHONE)
+#define WTF_PLATFORM_CG 1
+#endif
+#if PLATFORM(MAC) && !PLATFORM(IPHONE)
+#define WTF_PLATFORM_CI 1
+#endif
+
+/* PLATFORM(SKIA) for Win/Linux, CG/CI for Mac */
+#if PLATFORM(CHROMIUM)
+#if PLATFORM(DARWIN)
+#define WTF_PLATFORM_CG 1
+#define WTF_PLATFORM_CI 1
+#define WTF_USE_ATSUI 1
+#else
+#define WTF_PLATFORM_SKIA 1
+#endif
+#endif
+
+/* Makes PLATFORM(WIN) default to PLATFORM(CAIRO) */
+/* FIXME: This should be changed from a blacklist to a whitelist */
+#if !PLATFORM(MAC) && !PLATFORM(QT) && !PLATFORM(WX) && !PLATFORM(CHROMIUM) && !PLATFORM(WINCE) && !PLATFORM(HAIKU)
+#define WTF_PLATFORM_CAIRO 1
+#endif
+
+/* CPU */
+
+/* PLATFORM(PPC) */
+#if   defined(__ppc__)     \
+   || defined(__PPC__)     \
+   || defined(__powerpc__) \
+   || defined(__powerpc)   \
+   || defined(__POWERPC__) \
+   || defined(_M_PPC)      \
+   || defined(__PPC)
+#define WTF_PLATFORM_PPC 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+/* PLATFORM(PPC64) */
+#if   defined(__ppc64__) \
+   || defined(__PPC64__)
+#define WTF_PLATFORM_PPC64 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+/* PLATFORM(ARM) */
+#define PLATFORM_ARM_ARCH(N) (PLATFORM(ARM) && ARM_ARCH_VERSION >= N)
+
+#if   defined(arm) \
+   || defined(__arm__) \
+   || defined(__MARM__)
+#define WTF_PLATFORM_ARM 1
+#if defined(__ARMEB__)
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#elif !defined(__ARM_EABI__) && !defined(__EABI__) && !defined(__VFP_FP__)
+#define WTF_PLATFORM_MIDDLE_ENDIAN 1
+#endif
+#define ARM_ARCH_VERSION 3
+#if defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) || defined(ARMV4I) \
+    || defined(_ARMV4I_) || defined(armv4i)
+#undef ARM_ARCH_VERSION
+#define ARM_ARCH_VERSION 4
+#endif
+#if defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) \
+        || defined(__ARM_ARCH_5E__) || defined(__ARM_ARCH_5TE__) \
+        || defined(__ARM_ARCH_5TEJ__) || defined(__MARM_ARMV5__)
+#undef ARM_ARCH_VERSION
+#define ARM_ARCH_VERSION 5
+#endif
+#if defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) \
+     || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) \
+     || defined(__ARM_ARCH_6ZK__) || defined(__ARMV6__)
+#undef ARM_ARCH_VERSION
+#define ARM_ARCH_VERSION 6
+#endif
+#if defined(__ARM_ARCH_7A__) || defined(__ARMV7__)
+#undef ARM_ARCH_VERSION
+#define ARM_ARCH_VERSION 7
+#endif
+/* On ARMv5 and below the natural alignment is required. */
+#if !defined(ARM_REQUIRE_NATURAL_ALIGNMENT) && ARM_ARCH_VERSION <= 5
+#define ARM_REQUIRE_NATURAL_ALIGNMENT 1
+#endif
+/* Defines two pseudo-platforms for ARM and Thumb-2 instruction set. */
+#if !defined(WTF_PLATFORM_ARM_TRADITIONAL) && !defined(WTF_PLATFORM_ARM_THUMB2)
+#  if defined(thumb2) || defined(__thumb2__)
+#    define WTF_PLATFORM_ARM_TRADITIONAL 0
+#    define WTF_PLATFORM_ARM_THUMB2 1
+#  elif PLATFORM_ARM_ARCH(4) || PLATFORM_ARM_ARCH(5)
+#    define WTF_PLATFORM_ARM_TRADITIONAL 1
+#    define WTF_PLATFORM_ARM_THUMB2 0
+#  else
+#    error "Not supported ARM architecture"
+#  endif
+#elif PLATFORM(ARM_TRADITIONAL) && PLATFORM(ARM_THUMB2) /* Sanity Check */
+#  error "Cannot use both of WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2 platforms"
+#endif // !defined(ARM_TRADITIONAL) && !defined(ARM_THUMB2)
+#endif /* ARM */
+
+/* PLATFORM(X86) */
+#if   defined(__i386__) \
+   || defined(i386)     \
+   || defined(_M_IX86)  \
+   || defined(_X86_)    \
+   || defined(__THW_INTEL)
+#define WTF_PLATFORM_X86 1
+#endif
+
+/* PLATFORM(X86_64) */
+#if   defined(__x86_64__) \
+   || defined(_M_X64)
+#define WTF_PLATFORM_X86_64 1
+#endif
+
+/* PLATFORM(SH4) */
+#if defined(__SH4__)
+#define WTF_PLATFORM_SH4 1
+#endif
+
+/* PLATFORM(SPARC64) */
+#if defined(__sparc__) && defined(__arch64__) || defined (__sparcv9)
+#define WTF_PLATFORM_SPARC64 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+/* PLATFORM(SPARC32) */
+#if defined(__sparc) && !defined(__arch64__) || defined(__sparcv8)
+#define WTF_PLATFORM_SPARC32 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+#if PLATFORM(SPARC32) || PLATFORM(SPARC64)
+#define WTF_PLATFORM_SPARC
+#endif
+
+/* PLATFORM(HPPA) */
+/* a.k.a. PA-RISC */
+#if defined(__hppa) || defined(__hppa__)
+#define WTF_PLATFORM_HPPA 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+/* PLATFORM(IA64) */
+/* a.k.a. Itanium Processor Family, IPF */
+#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#define WTF_PLATFORM_IA64 1
+
+/* 32-bit mode on Itanium */
+#if !defined(__LP64__)
+#define WTF_PLATFORM_IA64_32 1
+#endif
+
+/* Itanium can be both big- and little-endian
+   we need to determine at compile time which one it is.
+    - HP's aCC compiler only compiles big-endian (so HP-UXi is always big-endian)
+    - GCC defines __BIG_ENDIAN__ for us (default on HP-UX)
+    - Linux is usually little-endian
+    - I've never seen AIX or Windows on IA-64, but they should be little-endian too
+*/
+#if defined(__BIG_ENDIAN__) || defined(__HP_aCC)
+# define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+#endif
+
+/* PLATFORM(WINCE) && PLATFORM(QT)
+   We can not determine the endianess at compile time. For
+   Qt for Windows CE the endianess is specified in the
+   device specific makespec
+*/
+#if PLATFORM(WINCE) && PLATFORM(QT)
+#   include <QtGlobal>
+#   undef WTF_PLATFORM_BIG_ENDIAN
+#   undef WTF_PLATFORM_MIDDLE_ENDIAN
+#   if Q_BYTE_ORDER == Q_BIG_EDIAN
+#       define WTF_PLATFORM_BIG_ENDIAN 1
+#   endif
+#endif
+
+#if PLATFORM(WINCE) && PLATFORM(QT)
+#   include <ce_time.h>
+#endif
+
+/* Compiler */
+
+/* COMPILER(MSVC) */
+#if defined(_MSC_VER)
+#define WTF_COMPILER_MSVC 1
+#if _MSC_VER < 1400
+#define WTF_COMPILER_MSVC7 1
+#endif
+#endif
+
+/* COMPILER(RVCT) */
+#if defined(__CC_ARM) || defined(__ARMCC__)
+#define WTF_COMPILER_RVCT 1
+#endif
+
+/* COMPILER(GCC) */
+/* --gnu option of the RVCT compiler also defines __GNUC__ */
+#if defined(__GNUC__) && !COMPILER(RVCT)
+#define WTF_COMPILER_GCC 1
+#define GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+
+/* COMPILER(MINGW) */
+#if defined(MINGW) || defined(__MINGW32__)
+#define WTF_COMPILER_MINGW 1
+#endif
+
+/* COMPILER(BORLAND) */
+/* not really fully supported - is this relevant any more? */
+#if defined(__BORLANDC__)
+#define WTF_COMPILER_BORLAND 1
+#endif
+
+/* COMPILER(CYGWIN) */
+/* not really fully supported - is this relevant any more? */
+#if defined(__CYGWIN__)
+#define WTF_COMPILER_CYGWIN 1
+#endif
+
+/* COMPILER(WINSCW) */
+#if defined(__WINSCW__)
+#define WTF_COMPILER_WINSCW 1
+#endif
+
+/* COMPILER(SUNCC) */
+/* This is the Sun CC compiler, also known as Sun Studio or Sun Pro */
+#if defined(__SUNPRO_CC) || defined(__SUNPRO_C)
+#define WTF_COMPILER_SUNCC 1
+#endif
+
+/* COMPILER(XLC) */
+/* IBM Visual Age C/C++ compiler, a.k.a. xlC */
+#if defined(__xlC__)
+#define WTF_COMPILER_XLC 1
+#endif
+
+/* COMPILER(ACC) */
+/* HP's aC++/ANSI C compiler, a.k.a. aCC */
+#if defined(__HP_aCC)
+#define WTF_COMPILER_ACC
+#endif
+
+#if (PLATFORM(IPHONE) || PLATFORM(MAC) || PLATFORM(WIN)) && !defined(ENABLE_JSC_MULTIPLE_THREADS)
+#define ENABLE_JSC_MULTIPLE_THREADS 1
+#endif
+
+/* On Windows, use QueryPerformanceCounter by default */
+#if PLATFORM(WIN_OS)
+#define WTF_USE_QUERY_PERFORMANCE_COUNTER  1
+#endif
+
+#if PLATFORM(WINCE) && !PLATFORM(QT)
+#undef ENABLE_JSC_MULTIPLE_THREADS
+#define ENABLE_JSC_MULTIPLE_THREADS        0
+#define USE_SYSTEM_MALLOC                  0
+#define ENABLE_ICONDATABASE                0
+#define ENABLE_JAVASCRIPT_DEBUGGER         0
+#define ENABLE_FTPDIR                      0
+#define ENABLE_PAN_SCROLLING               0
+#define ENABLE_WML                         1
+#define HAVE_ACCESSIBILITY                 0
+
+#define NOMINMAX       // Windows min and max conflict with standard macros
+#define NOSHLWAPI      // shlwapi.h not available on WinCe
+
+// MSDN documentation says these functions are provided with uspce.lib.  But we cannot find this file.
+#define __usp10__      // disable "usp10.h"
+
+#define _INC_ASSERT    // disable "assert.h"
+#define assert(x)
+
+// _countof is only included in CE6; for CE5 we need to define it ourself
+#ifndef _countof
+#define _countof(x) (sizeof(x) / sizeof((x)[0]))
+#endif
+
+#endif  /* PLATFORM(WINCE) && !PLATFORM(QT) */
+
+/* for Unicode, KDE uses Qt */
+#if PLATFORM(KDE) || PLATFORM(QT)
+#define WTF_USE_QT4_UNICODE 1
+#elif PLATFORM(WINCE)
+#define WTF_USE_WINCE_UNICODE 1
+#elif PLATFORM(GTK)
+/* The GTK+ Unicode backend is configurable */
+#else
+#define WTF_USE_ICU_UNICODE 1
+#endif
+
+#if PLATFORM(MAC) && !PLATFORM(IPHONE)
+#define WTF_PLATFORM_CF 1
+#define WTF_USE_PTHREADS 1
+#if !defined(ENABLE_MAC_JAVA_BRIDGE)
+#define ENABLE_MAC_JAVA_BRIDGE 1
+#endif
+#if !defined(ENABLE_DASHBOARD_SUPPORT)
+#define ENABLE_DASHBOARD_SUPPORT 1
+#endif
+#define HAVE_READLINE 1
+#define HAVE_RUNLOOP_TIMER 1
+#endif
+
+#if PLATFORM(CHROMIUM) && PLATFORM(DARWIN)
+#define WTF_PLATFORM_CF 1
+#define WTF_USE_PTHREADS 1
+#endif
+
+#if PLATFORM(IPHONE)
+#define WTF_PLATFORM_CF 1
+#define WTF_USE_PTHREADS 1
+#define ENABLE_CONTEXT_MENUS 0
+#define ENABLE_DRAG_SUPPORT 0
+#define ENABLE_FTPDIR 1
+#define ENABLE_INSPECTOR 0
+#define ENABLE_MAC_JAVA_BRIDGE 0
+#define ENABLE_ICONDATABASE 0
+#define ENABLE_GEOLOCATION 1
+#define ENABLE_NETSCAPE_PLUGIN_API 0
+#define HAVE_READLINE 1
+#define ENABLE_REPAINT_THROTTLING 1
+#endif
+
+#if PLATFORM(WIN)
+#define WTF_USE_WININET 1
+#endif
+
+#if PLATFORM(WX)
+#define ENABLE_ASSEMBLER 1
+#endif
+
+#if PLATFORM(GTK)
+#if HAVE(PTHREAD_H)
+#define WTF_USE_PTHREADS 1
+#endif
+#endif
+
+#if PLATFORM(HAIKU)
+#define HAVE_POSIX_MEMALIGN 1
+#define WTF_USE_CURL 1
+#define WTF_USE_PTHREADS 1
+#define USE_SYSTEM_MALLOC 1
+#define ENABLE_NETSCAPE_PLUGIN_API 0
+#endif
+
+#if !defined(HAVE_ACCESSIBILITY)
+#if PLATFORM(IPHONE) || PLATFORM(MAC) || PLATFORM(WIN) || PLATFORM(GTK) || PLATFORM(CHROMIUM)
+#define HAVE_ACCESSIBILITY 1
+#endif
+#endif /* !defined(HAVE_ACCESSIBILITY) */
+
+#if PLATFORM(UNIX) && !PLATFORM(SYMBIAN)
+#define HAVE_SIGNAL_H 1
+#endif
+
+#if !PLATFORM(WIN_OS) && !PLATFORM(SOLARIS) && !PLATFORM(QNX) \
+    && !PLATFORM(SYMBIAN) && !PLATFORM(HAIKU) && !COMPILER(RVCT) && !PLATFORM(AIX) \
+    && !PLATFORM(HPUX)
+#define HAVE_TM_GMTOFF 1
+#define HAVE_TM_ZONE 1
+#define HAVE_TIMEGM 1
+#endif     
+
+#if PLATFORM(DARWIN)
+
+#define HAVE_ERRNO_H 1
+#define HAVE_LANGINFO_H 1
+#define HAVE_MMAP 1
+#define HAVE_MERGESORT 1
+#define HAVE_SBRK 1
+#define HAVE_STRINGS_H 1
+#define HAVE_SYS_PARAM_H 1
+#define HAVE_SYS_TIME_H 1
+#define HAVE_SYS_TIMEB_H 1
+
+#if !defined(BUILDING_ON_TIGER) && !defined(BUILDING_ON_LEOPARD) && !PLATFORM(IPHONE) && !PLATFORM(QT)
+#define HAVE_MADV_FREE_REUSE 1
+#define HAVE_MADV_FREE 1
+#define HAVE_PTHREAD_SETNAME_NP 1
+#endif
+
+#if PLATFORM(IPHONE)
+#define HAVE_MADV_FREE 1
+#endif
+
+#elif PLATFORM(WIN_OS)
+
+#define HAVE_FLOAT_H 1
+#if PLATFORM(WINCE)
+#define HAVE_ERRNO_H 0
+#else
+#define HAVE_SYS_TIMEB_H 1
+#endif
+#define HAVE_VIRTUALALLOC 1
+
+#elif PLATFORM(SYMBIAN)
+
+#define HAVE_ERRNO_H 1
+#define HAVE_MMAP 0
+#define HAVE_SBRK 1
+
+#define HAVE_SYS_TIME_H 1
+#define HAVE_STRINGS_H 1
+
+#if !COMPILER(RVCT)
+#define HAVE_SYS_PARAM_H 1
+#endif
+
+#elif PLATFORM(QNX)
+
+#define HAVE_ERRNO_H 1
+#define HAVE_MMAP 1
+#define HAVE_SBRK 1
+#define HAVE_STRINGS_H 1
+#define HAVE_SYS_PARAM_H 1
+#define HAVE_SYS_TIME_H 1
+
+#else
+
+/* FIXME: is this actually used or do other platforms generate their own config.h? */
+
+#define HAVE_ERRNO_H 1
+/* As long as Haiku doesn't have a complete support of locale this will be disabled. */
+#if !PLATFORM(HAIKU)
+#define HAVE_LANGINFO_H 1
+#endif
+#define HAVE_MMAP 1
+#define HAVE_SBRK 1
+#define HAVE_STRINGS_H 1
+#define HAVE_SYS_PARAM_H 1
+#define HAVE_SYS_TIME_H 1
+
+#endif
+
+/* ENABLE macro defaults */
+
+/* fastMalloc match validation allows for runtime verification that
+   new is matched by delete, fastMalloc is matched by fastFree, etc. */
+#if !defined(ENABLE_FAST_MALLOC_MATCH_VALIDATION)
+#define ENABLE_FAST_MALLOC_MATCH_VALIDATION 0
+#endif
+
+#if !defined(ENABLE_ICONDATABASE)
+#define ENABLE_ICONDATABASE 1
+#endif
+
+#if !defined(ENABLE_DATABASE)
+#define ENABLE_DATABASE 1
+#endif
+
+#if !defined(ENABLE_JAVASCRIPT_DEBUGGER)
+#define ENABLE_JAVASCRIPT_DEBUGGER 1
+#endif
+
+#if !defined(ENABLE_FTPDIR)
+#define ENABLE_FTPDIR 1
+#endif
+
+#if !defined(ENABLE_CONTEXT_MENUS)
+#define ENABLE_CONTEXT_MENUS 1
+#endif
+
+#if !defined(ENABLE_DRAG_SUPPORT)
+#define ENABLE_DRAG_SUPPORT 1
+#endif
+
+#if !defined(ENABLE_DASHBOARD_SUPPORT)
+#define ENABLE_DASHBOARD_SUPPORT 0
+#endif
+
+#if !defined(ENABLE_INSPECTOR)
+#define ENABLE_INSPECTOR 1
+#endif
+
+#if !defined(ENABLE_MAC_JAVA_BRIDGE)
+#define ENABLE_MAC_JAVA_BRIDGE 0
+#endif
+
+#if !defined(ENABLE_NETSCAPE_PLUGIN_API)
+#define ENABLE_NETSCAPE_PLUGIN_API 1
+#endif
+
+#if !defined(ENABLE_OPCODE_STATS)
+#define ENABLE_OPCODE_STATS 0
+#endif
+
+#define ENABLE_SAMPLING_COUNTERS 0
+#define ENABLE_SAMPLING_FLAGS 0
+#define ENABLE_OPCODE_SAMPLING 0
+#define ENABLE_CODEBLOCK_SAMPLING 0
+#if ENABLE(CODEBLOCK_SAMPLING) && !ENABLE(OPCODE_SAMPLING)
+#error "CODEBLOCK_SAMPLING requires OPCODE_SAMPLING"
+#endif
+#if ENABLE(OPCODE_SAMPLING) || ENABLE(SAMPLING_FLAGS)
+#define ENABLE_SAMPLING_THREAD 1
+#endif
+
+#if !defined(ENABLE_GEOLOCATION)
+#define ENABLE_GEOLOCATION 0
+#endif
+
+#if !defined(ENABLE_NOTIFICATIONS)
+#define ENABLE_NOTIFICATIONS 0
+#endif
+
+#if !defined(ENABLE_TEXT_CARET)
+#define ENABLE_TEXT_CARET 1
+#endif
+
+#if !defined(ENABLE_ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL)
+#define ENABLE_ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL 0
+#endif
+
+#if !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64)
+#if PLATFORM(X86_64) && (PLATFORM(DARWIN) || PLATFORM(LINUX) || PLATFORM(SOLARIS) || PLATFORM(HPUX))
+#define WTF_USE_JSVALUE64 1
+#elif (PLATFORM(IA64) && !PLATFORM(IA64_32)) || PLATFORM(SPARC64)
+#define WTF_USE_JSVALUE64 1
+#elif PLATFORM(AIX64)
+#define WTF_USE_JSVALUE64 1
+#elif PLATFORM(ARM) || PLATFORM(PPC64)
+#define WTF_USE_JSVALUE32 1
+#elif PLATFORM(WIN_OS) && COMPILER(MINGW)
+/* Using JSVALUE32_64 causes padding/alignement issues for JITStubArg
+on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */
+#define WTF_USE_JSVALUE32 1
+#else
+#define WTF_USE_JSVALUE32_64 1
+#endif
+#endif /* !defined(WTF_USE_JSVALUE64) && !defined(WTF_USE_JSVALUE32) && !defined(WTF_USE_JSVALUE32_64) */
+
+#if !defined(ENABLE_REPAINT_THROTTLING)
+#define ENABLE_REPAINT_THROTTLING 0
+#endif
+
+#if !defined(ENABLE_JIT)
+
+/* The JIT is tested & working on x86_64 Mac */
+#if PLATFORM(X86_64) && PLATFORM(MAC)
+    #define ENABLE_JIT 1
+/* The JIT is tested & working on x86 Mac */
+#elif PLATFORM(X86) && PLATFORM(MAC)
+    #define ENABLE_JIT 1
+    #define WTF_USE_JIT_STUB_ARGUMENT_VA_LIST 1
+#elif PLATFORM(ARM_THUMB2) && PLATFORM(IPHONE)
+    /* Under development, temporarily disabled until 16Mb link range limit in assembler is fixed. */
+    #define ENABLE_JIT 0
+    #define ENABLE_JIT_OPTIMIZE_NATIVE_CALL 0
+/* The JIT is tested & working on x86 Windows */
+#elif PLATFORM(X86) && PLATFORM(WIN)
+    #define ENABLE_JIT 1
+#endif
+
+#if PLATFORM(QT)
+#if PLATFORM(X86) && PLATFORM(WIN_OS) && COMPILER(MINGW) && GCC_VERSION >= 40100
+    #define ENABLE_JIT 1
+    #define WTF_USE_JIT_STUB_ARGUMENT_VA_LIST 1
+#elif PLATFORM(X86) && PLATFORM(WIN_OS) && COMPILER(MSVC)
+    #define ENABLE_JIT 1
+    #define WTF_USE_JIT_STUB_ARGUMENT_REGISTER 1
+#elif PLATFORM(X86) && PLATFORM(LINUX) && GCC_VERSION >= 40100
+    #define ENABLE_JIT 1
+    #define WTF_USE_JIT_STUB_ARGUMENT_VA_LIST 1
+#elif PLATFORM(ARM_TRADITIONAL) && PLATFORM(LINUX)
+    #define ENABLE_JIT 1
+    #if PLATFORM(ARM_THUMB2)
+        #define ENABLE_JIT_OPTIMIZE_NATIVE_CALL 0
+    #endif
+#endif
+#endif /* PLATFORM(QT) */
+
+#endif /* !defined(ENABLE_JIT) */
+
+#if ENABLE(JIT)
+#ifndef ENABLE_JIT_OPTIMIZE_CALL
+#define ENABLE_JIT_OPTIMIZE_CALL 1
+#endif
+#ifndef ENABLE_JIT_OPTIMIZE_NATIVE_CALL
+#define ENABLE_JIT_OPTIMIZE_NATIVE_CALL 1
+#endif
+#ifndef ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
+#define ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS 1
+#endif
+#ifndef ENABLE_JIT_OPTIMIZE_METHOD_CALLS
+#define ENABLE_JIT_OPTIMIZE_METHOD_CALLS 1
+#endif
+#endif
+
+#if PLATFORM(X86) && COMPILER(MSVC)
+#define JSC_HOST_CALL __fastcall
+#elif PLATFORM(X86) && COMPILER(GCC)
+#define JSC_HOST_CALL __attribute__ ((fastcall))
+#else
+#define JSC_HOST_CALL
+#endif
+
+#if COMPILER(GCC) && !ENABLE(JIT)
+#define HAVE_COMPUTED_GOTO 1
+#endif
+
+#if ENABLE(JIT) && defined(COVERAGE)
+    #define WTF_USE_INTERPRETER 0
+#else
+    #define WTF_USE_INTERPRETER 1
+#endif
+
+/* Yet Another Regex Runtime. */
+#if !defined(ENABLE_YARR_JIT)
+
+/* YARR supports x86 & x86-64, and has been tested on Mac and Windows. */
+#if (PLATFORM(X86) && PLATFORM(MAC)) \
+ || (PLATFORM(X86_64) && PLATFORM(MAC)) \
+ /* Under development, temporarily disabled until 16Mb link range limit in assembler is fixed. */ \
+ || (PLATFORM(ARM_THUMB2) && PLATFORM(IPHONE) && 0) \
+ || (PLATFORM(X86) && PLATFORM(WIN))
+#define ENABLE_YARR 1
+#define ENABLE_YARR_JIT 1
+#endif
+
+#if PLATFORM(QT)
+#if (PLATFORM(X86) && PLATFORM(WIN_OS) && COMPILER(MINGW) && GCC_VERSION >= 40100) \
+ || (PLATFORM(X86) && PLATFORM(WIN_OS) && COMPILER(MSVC)) \
+ || (PLATFORM(X86) && PLATFORM(LINUX) && GCC_VERSION >= 40100) \
+ || (PLATFORM(ARM_TRADITIONAL) && PLATFORM(LINUX))
+#define ENABLE_YARR 1
+#define ENABLE_YARR_JIT 1
+#endif
+#endif
+
+#endif /* !defined(ENABLE_YARR_JIT) */
+
+/* Sanity Check */
+#if ENABLE(YARR_JIT) && !ENABLE(YARR)
+#error "YARR_JIT requires YARR"
+#endif
+
+#if ENABLE(JIT) || ENABLE(YARR_JIT)
+#define ENABLE_ASSEMBLER 1
+#endif
+/* Setting this flag prevents the assembler from using RWX memory; this may improve
+   security but currectly comes at a significant performance cost. */
+#if PLATFORM(IPHONE)
+#define ENABLE_ASSEMBLER_WX_EXCLUSIVE 1
+#else
+#define ENABLE_ASSEMBLER_WX_EXCLUSIVE 0
+#endif
+
+#if !defined(ENABLE_PAN_SCROLLING) && PLATFORM(WIN_OS)
+#define ENABLE_PAN_SCROLLING 1
+#endif
+
+/* Use the QtXmlStreamReader implementation for XMLTokenizer */
+#if PLATFORM(QT)
+#if !ENABLE(XSLT)
+#define WTF_USE_QXMLSTREAM 1
+#endif
+#endif
+
+#if !PLATFORM(QT)
+#define WTF_USE_FONT_FAST_PATH 1
+#endif
+
+/* Accelerated compositing */
+#if PLATFORM(MAC)
+#if !defined(BUILDING_ON_TIGER)
+#define WTF_USE_ACCELERATED_COMPOSITING 1
+#endif
+#endif
+
+#if PLATFORM(IPHONE)
+#define WTF_USE_ACCELERATED_COMPOSITING 1
+#endif
+
+#if COMPILER(GCC)
+#define WARN_UNUSED_RETURN __attribute__ ((warn_unused_result))
+#else
+#define WARN_UNUSED_RETURN
+#endif
+
+/* Set up a define for a common error that is intended to cause a build error -- thus the space after Error. */
+#define WTF_PLATFORM_CFNETWORK Error USE_macro_should_be_used_with_CFNETWORK
+
+#endif /* WTF_Platform_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PossiblyNull.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PossiblyNull.h
new file mode 100644
index 000000000..79c4d8200
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PossiblyNull.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PossiblyNull_h
+#define PossiblyNull_h
+
+#include "Assertions.h"
+
+namespace WTF {
+
+template <typename T> struct PossiblyNull {
+    PossiblyNull(T data)
+        : m_data(data)
+    {
+    }
+    PossiblyNull(const PossiblyNull<T>& source)
+        : m_data(source.m_data)
+    {
+        source.m_data = 0;
+    }
+    ~PossiblyNull() { ASSERT(!m_data); }
+    bool getValue(T& out) WARN_UNUSED_RETURN;
+private:
+    mutable T m_data;
+};
+
+template <typename T> bool PossiblyNull<T>::getValue(T& out)
+{
+    out = m_data;
+    bool result = !!m_data;
+    m_data = 0;
+    return result;
+}
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PtrAndFlags.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PtrAndFlags.h
new file mode 100644
index 000000000..5d0bd2aec
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/PtrAndFlags.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PtrAndFlags_h
+#define PtrAndFlags_h
+
+#include <wtf/Assertions.h>
+
+namespace WTF {
+    template<class T, typename FlagEnum> class PtrAndFlagsBase {
+    public:
+        bool isFlagSet(FlagEnum flagNumber) const { ASSERT(flagNumber < 2); return m_ptrAndFlags & (1 << flagNumber); }
+        void setFlag(FlagEnum flagNumber) { ASSERT(flagNumber < 2); m_ptrAndFlags |= (1 << flagNumber);}
+        void clearFlag(FlagEnum flagNumber) { ASSERT(flagNumber < 2); m_ptrAndFlags &= ~(1 << flagNumber);}
+        T* get() const { return reinterpret_cast<T*>(m_ptrAndFlags & ~3); }
+        void set(T* ptr)
+        {
+            ASSERT(!(reinterpret_cast<intptr_t>(ptr) & 3));
+            m_ptrAndFlags = reinterpret_cast<intptr_t>(ptr) | (m_ptrAndFlags & 3);
+#ifndef NDEBUG
+            m_leaksPtr = ptr;
+#endif
+        }
+
+        bool operator!() const { return !get(); }
+        T* operator->() const { return reinterpret_cast<T*>(m_ptrAndFlags & ~3); }
+
+    protected:
+        intptr_t m_ptrAndFlags;
+#ifndef NDEBUG
+        void* m_leaksPtr; // Only used to allow tools like leaks on OSX to detect that the memory is referenced.
+#endif
+    };
+
+    template<class T, typename FlagEnum> class PtrAndFlags : public PtrAndFlagsBase<T, FlagEnum> {
+    public:
+        PtrAndFlags()
+        {
+            PtrAndFlagsBase<T, FlagEnum>::m_ptrAndFlags = 0;
+        }
+        PtrAndFlags(T* ptr)
+        {
+            PtrAndFlagsBase<T, FlagEnum>::m_ptrAndFlags = 0;
+            set(ptr);
+        }
+    };
+} // namespace WTF
+
+using WTF::PtrAndFlagsBase;
+using WTF::PtrAndFlags;
+
+#endif // PtrAndFlags_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.cpp
new file mode 100644
index 000000000..52fb13084
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.cpp
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *           (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "RandomNumber.h"
+
+#include "RandomNumberSeed.h"
+
+#include <limits>
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#if PLATFORM(WINCE)
+extern "C" {
+#include "wince/mt19937ar.c"
+}
+#endif
+
+namespace WTF {
+
+double weakRandomNumber()
+{
+#if COMPILER(MSVC) && defined(_CRT_RAND_S)
+    // rand_s is incredibly slow on windows so we fall back on rand for Math.random
+    return (rand() + (rand() / (RAND_MAX + 1.0))) / (RAND_MAX + 1.0);
+#else
+    return randomNumber();
+#endif
+}
+
+double randomNumber()
+{
+#if !ENABLE(JSC_MULTIPLE_THREADS)
+    static bool s_initialized = false;
+    if (!s_initialized) {
+        initializeRandomNumberGenerator();
+        s_initialized = true;
+    }
+#endif
+    
+#if COMPILER(MSVC) && defined(_CRT_RAND_S)
+    uint32_t bits;
+    rand_s(&bits);
+    return static_cast<double>(bits) / (static_cast<double>(std::numeric_limits<uint32_t>::max()) + 1.0);
+#elif PLATFORM(DARWIN)
+    uint32_t bits = arc4random();
+    return static_cast<double>(bits) / (static_cast<double>(std::numeric_limits<uint32_t>::max()) + 1.0);
+#elif PLATFORM(UNIX)
+    uint32_t part1 = random() & (RAND_MAX - 1);
+    uint32_t part2 = random() & (RAND_MAX - 1);
+    // random only provides 31 bits
+    uint64_t fullRandom = part1;
+    fullRandom <<= 31;
+    fullRandom |= part2;
+
+    // Mask off the low 53bits
+    fullRandom &= (1LL << 53) - 1;
+    return static_cast<double>(fullRandom)/static_cast<double>(1LL << 53);
+#elif PLATFORM(WINCE)
+    return genrand_res53();
+#elif PLATFORM(WIN_OS)
+    uint32_t part1 = rand() & (RAND_MAX - 1);
+    uint32_t part2 = rand() & (RAND_MAX - 1);
+    uint32_t part3 = rand() & (RAND_MAX - 1);
+    uint32_t part4 = rand() & (RAND_MAX - 1);
+    // rand only provides 15 bits on Win32
+    uint64_t fullRandom = part1;
+    fullRandom <<= 15;
+    fullRandom |= part2;
+    fullRandom <<= 15;
+    fullRandom |= part3;
+    fullRandom <<= 15;
+    fullRandom |= part4;
+
+    // Mask off the low 53bits
+    fullRandom &= (1LL << 53) - 1;
+    return static_cast<double>(fullRandom)/static_cast<double>(1LL << 53);
+#else
+    uint32_t part1 = rand() & (RAND_MAX - 1);
+    uint32_t part2 = rand() & (RAND_MAX - 1);
+    // rand only provides 31 bits, and the low order bits of that aren't very random
+    // so we take the high 26 bits of part 1, and the high 27 bits of part2.
+    part1 >>= 5; // drop the low 5 bits
+    part2 >>= 4; // drop the low 4 bits
+    uint64_t fullRandom = part1;
+    fullRandom <<= 27;
+    fullRandom |= part2;
+
+    // Mask off the low 53bits
+    fullRandom &= (1LL << 53) - 1;
+    return static_cast<double>(fullRandom)/static_cast<double>(1LL << 53);
+#endif
+}
+
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h
new file mode 100644
index 000000000..fe1687c6b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumber.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2008 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_RandomNumber_h
+#define WTF_RandomNumber_h
+
+namespace WTF {
+
+    // Returns a pseudo-random number in the range [0, 1), attempts to be
+    // cryptographically secure if possible on the target platform
+    double randomNumber();
+
+    // Returns a pseudo-random number in the range [0, 1), attempts to
+    // produce a reasonable "random" number fast.
+    // We only need this because rand_s is so slow on windows.
+    double weakRandomNumber();
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumberSeed.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumberSeed.h
new file mode 100644
index 000000000..a66433e61
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RandomNumberSeed.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2008 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_RandomNumberSeed_h
+#define WTF_RandomNumberSeed_h
+
+#include <stdlib.h>
+#include <time.h>
+
+#if HAVE(SYS_TIME_H)
+#include <sys/time.h>
+#endif
+
+#if PLATFORM(UNIX)
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+#if PLATFORM(WINCE)
+extern "C" {
+void init_by_array(unsigned long init_key[],int key_length);
+}
+#endif
+
+// Internal JavaScriptCore usage only
+namespace WTF {
+
+inline void initializeRandomNumberGenerator()
+{
+#if PLATFORM(DARWIN)
+    // On Darwin we use arc4random which initialises itself.
+#elif PLATFORM(WINCE)
+    // initialize rand()
+    srand(static_cast<unsigned>(time(0)));
+
+    // use rand() to initialize the real RNG
+    unsigned long initializationBuffer[4];
+    initializationBuffer[0] = (rand() << 16) | rand();
+    initializationBuffer[1] = (rand() << 16) | rand();
+    initializationBuffer[2] = (rand() << 16) | rand();
+    initializationBuffer[3] = (rand() << 16) | rand();
+    init_by_array(initializationBuffer, 4);
+#elif COMPILER(MSVC) && defined(_CRT_RAND_S)
+    // On Windows we use rand_s which initialises itself
+#elif PLATFORM(UNIX)
+    // srandomdev is not guaranteed to exist on linux so we use this poor seed, this should be improved
+    timeval time;
+    gettimeofday(&time, 0);
+    srandom(static_cast<unsigned>(time.tv_usec * getpid()));
+#else
+    srand(static_cast<unsigned>(time(0)));
+#endif
+}
+
+inline void initializeWeakRandomNumberGenerator()
+{
+#if COMPILER(MSVC) && defined(_CRT_RAND_S)
+    // We need to initialise windows rand() explicitly for Math.random
+    unsigned seed = 0;
+    rand_s(&seed);
+    srand(seed);
+#endif
+}
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCounted.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCounted.h
new file mode 100644
index 000000000..761a8566f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCounted.h
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef RefCounted_h
+#define RefCounted_h
+
+#include <wtf/Assertions.h>
+#include <wtf/Noncopyable.h>
+
+namespace WTF {
+
+// This base class holds the non-template methods and attributes.
+// The RefCounted class inherits from it reducing the template bloat
+// generated by the compiler (technique called template hoisting).
+class RefCountedBase {
+public:
+    void ref()
+    {
+        ASSERT(!m_deletionHasBegun);
+        ++m_refCount;
+    }
+
+    bool hasOneRef() const
+    {
+        ASSERT(!m_deletionHasBegun);
+        return m_refCount == 1;
+    }
+
+    int refCount() const
+    {
+        return m_refCount;
+    }
+
+protected:
+    RefCountedBase()
+        : m_refCount(1)
+#ifndef NDEBUG
+        , m_deletionHasBegun(false)
+#endif
+    {
+    }
+
+    ~RefCountedBase()
+    {
+    }
+
+    // Returns whether the pointer should be freed or not.
+    bool derefBase()
+    {
+        ASSERT(!m_deletionHasBegun);
+        ASSERT(m_refCount > 0);
+        if (m_refCount == 1) {
+#ifndef NDEBUG
+            m_deletionHasBegun = true;
+#endif
+            return true;
+        }
+
+        --m_refCount;
+        return false;
+    }
+
+    // Helper for generating JIT code. Please do not use for non-JIT purposes.
+    int* addressOfCount()
+    {
+        return &m_refCount;
+    }
+
+#ifndef NDEBUG
+    bool deletionHasBegun() const
+    {
+        return m_deletionHasBegun;
+    }
+#endif
+
+private:
+    template<class T>
+    friend class CrossThreadRefCounted;
+
+    int m_refCount;
+#ifndef NDEBUG
+    bool m_deletionHasBegun;
+#endif
+};
+
+
+template<class T> class RefCounted : public RefCountedBase, public Noncopyable {
+public:
+    void deref()
+    {
+        if (derefBase())
+            delete static_cast<T*>(this);
+    }
+
+protected:
+    ~RefCounted()
+    {
+    }
+};
+
+template<class T> class RefCountedCustomAllocated : public RefCountedBase, public NoncopyableCustomAllocated {
+public:
+    void deref()
+    {
+        if (derefBase())
+            delete static_cast<T*>(this);
+    }
+
+protected:
+    ~RefCountedCustomAllocated()
+    {
+    }
+};
+
+} // namespace WTF
+
+using WTF::RefCounted;
+using WTF::RefCountedCustomAllocated;
+
+#endif // RefCounted_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.cpp
new file mode 100644
index 000000000..80922d336
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.cpp
@@ -0,0 +1,100 @@
+/*
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "RefCountedLeakCounter.h"
+
+#include <wtf/HashCountedSet.h>
+
+namespace WTF {
+
+#ifdef NDEBUG
+
+void RefCountedLeakCounter::suppressMessages(const char*) { }
+void RefCountedLeakCounter::cancelMessageSuppression(const char*) { }
+
+RefCountedLeakCounter::RefCountedLeakCounter(const char*) { }
+RefCountedLeakCounter::~RefCountedLeakCounter() { }
+
+void RefCountedLeakCounter::increment() { }
+void RefCountedLeakCounter::decrement() { }
+
+#else
+
+#define LOG_CHANNEL_PREFIX Log
+static WTFLogChannel LogRefCountedLeaks = { 0x00000000, "", WTFLogChannelOn };
+
+typedef HashCountedSet<const char*, PtrHash<const char*> > ReasonSet;
+static ReasonSet* leakMessageSuppressionReasons;
+
+void RefCountedLeakCounter::suppressMessages(const char* reason)
+{
+    if (!leakMessageSuppressionReasons)
+        leakMessageSuppressionReasons = new ReasonSet;
+    leakMessageSuppressionReasons->add(reason);
+}
+
+void RefCountedLeakCounter::cancelMessageSuppression(const char* reason)
+{
+    ASSERT(leakMessageSuppressionReasons);
+    ASSERT(leakMessageSuppressionReasons->contains(reason));
+    leakMessageSuppressionReasons->remove(reason);
+}
+
+RefCountedLeakCounter::RefCountedLeakCounter(const char* description)
+    : m_description(description)
+{
+}    
+
+RefCountedLeakCounter::~RefCountedLeakCounter()
+{
+    static bool loggedSuppressionReason;
+    if (m_count) {
+        if (!leakMessageSuppressionReasons || leakMessageSuppressionReasons->isEmpty())
+            LOG(RefCountedLeaks, "LEAK: %u %s", m_count, m_description);
+        else if (!loggedSuppressionReason) {
+            // This logs only one reason. Later we could change it so we log all the reasons.
+            LOG(RefCountedLeaks, "No leak checking done: %s", leakMessageSuppressionReasons->begin()->first);
+            loggedSuppressionReason = true;
+        }
+    }
+}
+
+void RefCountedLeakCounter::increment()
+{
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    atomicIncrement(&m_count);
+#else
+    ++m_count;
+#endif
+}
+
+void RefCountedLeakCounter::decrement()
+{
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    atomicDecrement(&m_count);
+#else
+    --m_count;
+#endif
+}
+
+#endif
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.h
new file mode 100644
index 000000000..57cc2834f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefCountedLeakCounter.h
@@ -0,0 +1,48 @@
+/*
+ *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+ 
+#ifndef RefCountedLeakCounter_h
+#define RefCountedLeakCounter_h
+ 
+#include "Assertions.h"
+#include "Threading.h"
+
+namespace WTF {
+    
+    struct RefCountedLeakCounter {
+        static void suppressMessages(const char*);
+        static void cancelMessageSuppression(const char*);
+        
+        explicit RefCountedLeakCounter(const char* description);
+        ~RefCountedLeakCounter();
+
+        void increment();
+        void decrement();
+
+#ifndef NDEBUG
+    private:
+        volatile int m_count;
+        const char* m_description;
+#endif
+    };
+
+}  // namespace WTF
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtr.h
new file mode 100644
index 000000000..1a0b1feba
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtr.h
@@ -0,0 +1,198 @@
+/*
+ *  Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_RefPtr_h
+#define WTF_RefPtr_h
+
+#include <algorithm>
+#include "AlwaysInline.h"
+#include "FastAllocBase.h"
+
+namespace WTF {
+
+    enum PlacementNewAdoptType { PlacementNewAdopt };
+
+    template <typename T> class PassRefPtr;
+
+    enum HashTableDeletedValueType { HashTableDeletedValue };
+
+    template <typename T> class RefPtr : public FastAllocBase {
+    public:
+        RefPtr() : m_ptr(0) { }
+        RefPtr(T* ptr) : m_ptr(ptr) { refIfNotNull(ptr); }
+        RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { T* ptr = m_ptr; refIfNotNull(ptr); }
+        // see comment in PassRefPtr.h for why this takes const reference
+        template <typename U> RefPtr(const PassRefPtr<U>&);
+
+        // Special constructor for cases where we overwrite an object in place.
+        RefPtr(PlacementNewAdoptType) { }
+
+        // Hash table deleted values, which are only constructed and never copied or destroyed.
+        RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
+        bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
+
+        ~RefPtr() { T* ptr = m_ptr; derefIfNotNull(ptr); }
+        
+        template <typename U> RefPtr(const RefPtr<U>& o) : m_ptr(static_cast<T*>(o.get())) { if (T* ptr = static_cast<T*>(m_ptr)) ptr->ref(); }
+        
+        T* get() const { return m_ptr; }
+        
+        void clear() { T* ptr = m_ptr; derefIfNotNull(ptr); m_ptr = 0; }
+        PassRefPtr<T> release() { PassRefPtr<T> tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; }
+
+        T& operator*() const { return *m_ptr; }
+        ALWAYS_INLINE T* operator->() const { return m_ptr; }
+        
+        bool operator!() const { return !m_ptr; }
+    
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+#if COMPILER(WINSCW)
+        operator bool() const { return m_ptr; }
+#else
+        typedef T* RefPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; }
+#endif
+        
+        RefPtr& operator=(const RefPtr&);
+        RefPtr& operator=(T*);
+        RefPtr& operator=(const PassRefPtr<T>&);
+        template <typename U> RefPtr& operator=(const RefPtr<U>&);
+        template <typename U> RefPtr& operator=(const PassRefPtr<U>&);
+
+        void swap(RefPtr&);
+
+    private:
+        static T* hashTableDeletedValue() { return reinterpret_cast<T*>(-1); }
+
+        T* m_ptr;
+    };
+    
+    template <typename T> template <typename U> inline RefPtr<T>::RefPtr(const PassRefPtr<U>& o)
+        : m_ptr(o.releaseRef())
+    {
+    }
+
+    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<T>& o)
+    {
+        T* optr = o.get();
+        refIfNotNull(optr);
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        derefIfNotNull(ptr);
+        return *this;
+    }
+    
+    template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<U>& o)
+    {
+        T* optr = o.get();
+        refIfNotNull(optr);
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        derefIfNotNull(ptr);
+        return *this;
+    }
+    
+    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(T* optr)
+    {
+        refIfNotNull(optr);
+        T* ptr = m_ptr;
+        m_ptr = optr;
+        derefIfNotNull(ptr);
+        return *this;
+    }
+
+    template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<T>& o)
+    {
+        T* ptr = m_ptr;
+        m_ptr = o.releaseRef();
+        derefIfNotNull(ptr);
+        return *this;
+    }
+
+    template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<U>& o)
+    {
+        T* ptr = m_ptr;
+        m_ptr = o.releaseRef();
+        derefIfNotNull(ptr);
+        return *this;
+    }
+
+    template <class T> inline void RefPtr<T>::swap(RefPtr<T>& o)
+    {
+        std::swap(m_ptr, o.m_ptr);
+    }
+
+    template <class T> inline void swap(RefPtr<T>& a, RefPtr<T>& b)
+    {
+        a.swap(b);
+    }
+
+    template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const RefPtr<U>& b)
+    { 
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, U* b)
+    { 
+        return a.get() == b; 
+    }
+    
+    template <typename T, typename U> inline bool operator==(T* a, const RefPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const RefPtr<U>& b)
+    { 
+        return a.get() != b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+
+    template <typename T, typename U> inline bool operator!=(T* a, const RefPtr<U>& b)
+    { 
+        return a != b.get(); 
+    }
+    
+    template <typename T, typename U> inline RefPtr<T> static_pointer_cast(const RefPtr<U>& p)
+    { 
+        return RefPtr<T>(static_cast<T*>(p.get())); 
+    }
+
+    template <typename T, typename U> inline RefPtr<T> const_pointer_cast(const RefPtr<U>& p)
+    { 
+        return RefPtr<T>(const_cast<T*>(p.get())); 
+    }
+
+    template <typename T> inline T* getPtr(const RefPtr<T>& p)
+    {
+        return p.get();
+    }
+
+} // namespace WTF
+
+using WTF::RefPtr;
+using WTF::static_pointer_cast;
+using WTF::const_pointer_cast;
+
+#endif // WTF_RefPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtrHashMap.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtrHashMap.h
new file mode 100644
index 000000000..14684e8b4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RefPtrHashMap.h
@@ -0,0 +1,350 @@
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+namespace WTF {
+
+    // This specialization is a direct copy of HashMap, with overloaded functions
+    // to allow for lookup by pointer instead of RefPtr, avoiding ref-count churn.
+    
+    // FIXME: Find a better way that doesn't require an entire copy of the HashMap template.
+    
+    template<typename RawKeyType, typename ValueType, typename ValueTraits, typename HashFunctions>
+    struct RefPtrHashMapRawKeyTranslator {
+        typedef typename ValueType::first_type KeyType;
+        typedef typename ValueType::second_type MappedType;
+        typedef typename ValueTraits::FirstTraits KeyTraits;
+        typedef typename ValueTraits::SecondTraits MappedTraits;
+
+        static unsigned hash(RawKeyType key) { return HashFunctions::hash(key); }
+        static bool equal(const KeyType& a, RawKeyType b) { return HashFunctions::equal(a, b); }
+        static void translate(ValueType& location, RawKeyType key, const MappedType& mapped)
+        {
+            location.first = key;
+            location.second = mapped;
+        }
+    };
+
+    template<typename T, typename MappedArg, typename HashArg, typename KeyTraitsArg, typename MappedTraitsArg>
+    class RefPtrHashMap : public FastAllocBase {
+    private:
+        typedef KeyTraitsArg KeyTraits;
+        typedef MappedTraitsArg MappedTraits;
+        typedef PairHashTraits<KeyTraits, MappedTraits> ValueTraits;
+
+    public:
+        typedef typename KeyTraits::TraitType KeyType;
+        typedef T* RawKeyType;
+        typedef typename MappedTraits::TraitType MappedType;
+        typedef typename ValueTraits::TraitType ValueType;
+
+    private:
+        typedef HashArg HashFunctions;
+
+        typedef HashTable<KeyType, ValueType, PairFirstExtractor<ValueType>,
+            HashFunctions, ValueTraits, KeyTraits> HashTableType;
+
+        typedef RefPtrHashMapRawKeyTranslator<RawKeyType, ValueType, ValueTraits, HashFunctions>
+            RawKeyTranslator;
+
+    public:
+        typedef HashTableIteratorAdapter<HashTableType, ValueType> iterator;
+        typedef HashTableConstIteratorAdapter<HashTableType, ValueType> const_iterator;
+
+        void swap(RefPtrHashMap&);
+
+        int size() const;
+        int capacity() const;
+        bool isEmpty() const;
+
+        // iterators iterate over pairs of keys and values
+        iterator begin();
+        iterator end();
+        const_iterator begin() const;
+        const_iterator end() const;
+
+        iterator find(const KeyType&);
+        iterator find(RawKeyType);
+        const_iterator find(const KeyType&) const;
+        const_iterator find(RawKeyType) const;
+        bool contains(const KeyType&) const;
+        bool contains(RawKeyType) const;
+        MappedType get(const KeyType&) const;
+        MappedType get(RawKeyType) const;
+        MappedType inlineGet(RawKeyType) const;
+
+        // replaces value but not key if key is already present
+        // return value is a pair of the iterator to the key location, 
+        // and a boolean that's true if a new value was actually added
+        pair<iterator, bool> set(const KeyType&, const MappedType&); 
+        pair<iterator, bool> set(RawKeyType, const MappedType&); 
+
+        // does nothing if key is already present
+        // return value is a pair of the iterator to the key location, 
+        // and a boolean that's true if a new value was actually added
+        pair<iterator, bool> add(const KeyType&, const MappedType&); 
+        pair<iterator, bool> add(RawKeyType, const MappedType&); 
+
+        void remove(const KeyType&);
+        void remove(RawKeyType);
+        void remove(iterator);
+        void clear();
+
+        MappedType take(const KeyType&); // efficient combination of get with remove
+        MappedType take(RawKeyType); // efficient combination of get with remove
+
+    private:
+        pair<iterator, bool> inlineAdd(const KeyType&, const MappedType&);
+        pair<iterator, bool> inlineAdd(RawKeyType, const MappedType&);
+
+        HashTableType m_impl;
+    };
+    template<typename T, typename MappedArg, typename HashArg, typename KeyTraitsArg, typename MappedTraitsArg>
+    class HashMap<RefPtr<T>, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg> :
+        public RefPtrHashMap<T, MappedArg, HashArg, KeyTraitsArg, MappedTraitsArg>
+    {
+    };
+    
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void RefPtrHashMap<T, U, V, W, X>::swap(RefPtrHashMap& other)
+    {
+        m_impl.swap(other.m_impl); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline int RefPtrHashMap<T, U, V, W, X>::size() const
+    {
+        return m_impl.size(); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline int RefPtrHashMap<T, U, V, W, X>::capacity() const
+    { 
+        return m_impl.capacity(); 
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool RefPtrHashMap<T, U, V, W, X>::isEmpty() const
+    {
+        return m_impl.isEmpty();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::iterator RefPtrHashMap<T, U, V, W, X>::begin()
+    {
+        return m_impl.begin();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::iterator RefPtrHashMap<T, U, V, W, X>::end()
+    {
+        return m_impl.end();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::const_iterator RefPtrHashMap<T, U, V, W, X>::begin() const
+    {
+        return m_impl.begin();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::const_iterator RefPtrHashMap<T, U, V, W, X>::end() const
+    {
+        return m_impl.end();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::iterator RefPtrHashMap<T, U, V, W, X>::find(const KeyType& key)
+    {
+        return m_impl.find(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::iterator RefPtrHashMap<T, U, V, W, X>::find(RawKeyType key)
+    {
+        return m_impl.template find<RawKeyType, RawKeyTranslator>(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::const_iterator RefPtrHashMap<T, U, V, W, X>::find(const KeyType& key) const
+    {
+        return m_impl.find(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline typename RefPtrHashMap<T, U, V, W, X>::const_iterator RefPtrHashMap<T, U, V, W, X>::find(RawKeyType key) const
+    {
+        return m_impl.template find<RawKeyType, RawKeyTranslator>(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool RefPtrHashMap<T, U, V, W, X>::contains(const KeyType& key) const
+    {
+        return m_impl.contains(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline bool RefPtrHashMap<T, U, V, W, X>::contains(RawKeyType key) const
+    {
+        return m_impl.template contains<RawKeyType, RawKeyTranslator>(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::inlineAdd(const KeyType& key, const MappedType& mapped) 
+    {
+        typedef HashMapTranslator<ValueType, ValueTraits, HashFunctions> TranslatorType;
+        pair<typename HashTableType::iterator, bool> p = m_impl.template add<KeyType, MappedType, TranslatorType>(key, mapped);
+//        typename RefPtrHashMap<T, U, V, W, X>::iterator temp = p.first;
+        return make_pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>(
+            typename RefPtrHashMap<T, U, V, W, X>::iterator(p.first), p.second);
+
+//        return m_impl.template add<KeyType, MappedType, TranslatorType>(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::inlineAdd(RawKeyType key, const MappedType& mapped) 
+    {
+        pair<typename HashTableType::iterator, bool> p = m_impl.template add<RawKeyType, MappedType, RawKeyTranslator>(key, mapped);
+        return make_pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>(
+            typename RefPtrHashMap<T, U, V, W, X>::iterator(p.first), p.second);
+
+ //       return m_impl.template add<RawKeyType, MappedType, RawKeyTranslator>(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::set(const KeyType& key, const MappedType& mapped) 
+    {
+        pair<iterator, bool> result = inlineAdd(key, mapped);
+        if (!result.second) {
+            // add call above didn't change anything, so set the mapped value
+            result.first->second = mapped;
+        }
+        return result;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::set(RawKeyType key, const MappedType& mapped) 
+    {
+        pair<iterator, bool> result = inlineAdd(key, mapped);
+        if (!result.second) {
+            // add call above didn't change anything, so set the mapped value
+            result.first->second = mapped;
+        }
+        return result;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::add(const KeyType& key, const MappedType& mapped)
+    {
+        return inlineAdd(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    pair<typename RefPtrHashMap<T, U, V, W, X>::iterator, bool>
+    RefPtrHashMap<T, U, V, W, X>::add(RawKeyType key, const MappedType& mapped)
+    {
+        return inlineAdd(key, mapped);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType
+    RefPtrHashMap<T, U, V, W, MappedTraits>::get(const KeyType& key) const
+    {
+        ValueType* entry = const_cast<HashTableType&>(m_impl).lookup(key);
+        if (!entry)
+            return MappedTraits::emptyValue();
+        return entry->second;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType
+    inline RefPtrHashMap<T, U, V, W, MappedTraits>::inlineGet(RawKeyType key) const
+    {
+        ValueType* entry = const_cast<HashTableType&>(m_impl).template lookup<RawKeyType, RawKeyTranslator>(key);
+        if (!entry)
+            return MappedTraits::emptyValue();
+        return entry->second;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType
+    RefPtrHashMap<T, U, V, W, MappedTraits>::get(RawKeyType key) const
+    {
+        return inlineGet(key);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void RefPtrHashMap<T, U, V, W, X>::remove(iterator it)
+    {
+        if (it.m_impl == m_impl.end())
+            return;
+        m_impl.checkTableConsistency();
+        m_impl.removeWithoutEntryConsistencyCheck(it.m_impl);
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void RefPtrHashMap<T, U, V, W, X>::remove(const KeyType& key)
+    {
+        remove(find(key));
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void RefPtrHashMap<T, U, V, W, X>::remove(RawKeyType key)
+    {
+        remove(find(key));
+    }
+
+    template<typename T, typename U, typename V, typename W, typename X>
+    inline void RefPtrHashMap<T, U, V, W, X>::clear()
+    {
+        m_impl.clear();
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType
+    RefPtrHashMap<T, U, V, W, MappedTraits>::take(const KeyType& key)
+    {
+        // This can probably be made more efficient to avoid ref/deref churn.
+        iterator it = find(key);
+        if (it == end())
+            return MappedTraits::emptyValue();
+        typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType result = it->second;
+        remove(it);
+        return result;
+    }
+
+    template<typename T, typename U, typename V, typename W, typename MappedTraits>
+    typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType
+    RefPtrHashMap<T, U, V, W, MappedTraits>::take(RawKeyType key)
+    {
+        // This can probably be made more efficient to avoid ref/deref churn.
+        iterator it = find(key);
+        if (it == end())
+            return MappedTraits::emptyValue();
+        typename RefPtrHashMap<T, U, V, W, MappedTraits>::MappedType result = it->second;
+        remove(it);
+        return result;
+    }
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RetainPtr.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RetainPtr.h
new file mode 100644
index 000000000..77f25e05f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/RetainPtr.h
@@ -0,0 +1,203 @@
+/*
+ *  Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef RetainPtr_h
+#define RetainPtr_h
+
+#include "TypeTraits.h"
+#include <algorithm>
+#include <CoreFoundation/CoreFoundation.h>
+
+#ifdef __OBJC__
+#import <Foundation/Foundation.h>
+#endif
+
+namespace WTF {
+
+    // Unlike most most of our smart pointers, RetainPtr can take either the pointer type or the pointed-to type,
+    // so both RetainPtr<NSDictionary> and RetainPtr<CFDictionaryRef> will work.
+
+    enum AdoptCFTag { AdoptCF };
+    enum AdoptNSTag { AdoptNS };
+    
+#ifdef __OBJC__
+    inline void adoptNSReference(id ptr)
+    {
+        if (ptr) {
+            CFRetain(ptr);
+            [ptr release];
+        }
+    }
+#endif
+
+    template <typename T> class RetainPtr {
+    public:
+        typedef typename RemovePointer<T>::Type ValueType;
+        typedef ValueType* PtrType;
+
+        RetainPtr() : m_ptr(0) {}
+        RetainPtr(PtrType ptr) : m_ptr(ptr) { if (ptr) CFRetain(ptr); }
+
+        RetainPtr(AdoptCFTag, PtrType ptr) : m_ptr(ptr) { }
+        RetainPtr(AdoptNSTag, PtrType ptr) : m_ptr(ptr) { adoptNSReference(ptr); }
+        
+        RetainPtr(const RetainPtr& o) : m_ptr(o.m_ptr) { if (PtrType ptr = m_ptr) CFRetain(ptr); }
+
+        ~RetainPtr() { if (PtrType ptr = m_ptr) CFRelease(ptr); }
+        
+        template <typename U> RetainPtr(const RetainPtr<U>& o) : m_ptr(o.get()) { if (PtrType ptr = m_ptr) CFRetain(ptr); }
+        
+        PtrType get() const { return m_ptr; }
+        
+        PtrType releaseRef() { PtrType tmp = m_ptr; m_ptr = 0; return tmp; }
+        
+        PtrType operator->() const { return m_ptr; }
+        
+        bool operator!() const { return !m_ptr; }
+    
+        // This conversion operator allows implicit conversion to bool but not to other integer types.
+        typedef PtrType RetainPtr::*UnspecifiedBoolType;
+        operator UnspecifiedBoolType() const { return m_ptr ? &RetainPtr::m_ptr : 0; }
+        
+        RetainPtr& operator=(const RetainPtr&);
+        template <typename U> RetainPtr& operator=(const RetainPtr<U>&);
+        RetainPtr& operator=(PtrType);
+        template <typename U> RetainPtr& operator=(U*);
+
+        void adoptCF(PtrType);
+        void adoptNS(PtrType);
+        
+        void swap(RetainPtr&);
+
+    private:
+        PtrType m_ptr;
+    };
+    
+    template <typename T> inline RetainPtr<T>& RetainPtr<T>::operator=(const RetainPtr<T>& o)
+    {
+        PtrType optr = o.get();
+        if (optr)
+            CFRetain(optr);
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+        return *this;
+    }
+    
+    template <typename T> template <typename U> inline RetainPtr<T>& RetainPtr<T>::operator=(const RetainPtr<U>& o)
+    {
+        PtrType optr = o.get();
+        if (optr)
+            CFRetain(optr);
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+        return *this;
+    }
+    
+    template <typename T> inline RetainPtr<T>& RetainPtr<T>::operator=(PtrType optr)
+    {
+        if (optr)
+            CFRetain(optr);
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+        return *this;
+    }
+
+    template <typename T> inline void RetainPtr<T>::adoptCF(PtrType optr)
+    {
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+    }
+
+    template <typename T> inline void RetainPtr<T>::adoptNS(PtrType optr)
+    {
+        adoptNSReference(optr);
+        
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+    }
+    
+    template <typename T> template <typename U> inline RetainPtr<T>& RetainPtr<T>::operator=(U* optr)
+    {
+        if (optr)
+            CFRetain(optr);
+        PtrType ptr = m_ptr;
+        m_ptr = optr;
+        if (ptr)
+            CFRelease(ptr);
+        return *this;
+    }
+
+    template <class T> inline void RetainPtr<T>::swap(RetainPtr<T>& o)
+    {
+        std::swap(m_ptr, o.m_ptr);
+    }
+
+    template <class T> inline void swap(RetainPtr<T>& a, RetainPtr<T>& b)
+    {
+        a.swap(b);
+    }
+
+    template <typename T, typename U> inline bool operator==(const RetainPtr<T>& a, const RetainPtr<U>& b)
+    { 
+        return a.get() == b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator==(const RetainPtr<T>& a, U* b)
+    { 
+        return a.get() == b; 
+    }
+    
+    template <typename T, typename U> inline bool operator==(T* a, const RetainPtr<U>& b) 
+    {
+        return a == b.get(); 
+    }
+    
+    template <typename T, typename U> inline bool operator!=(const RetainPtr<T>& a, const RetainPtr<U>& b)
+    { 
+        return a.get() != b.get(); 
+    }
+
+    template <typename T, typename U> inline bool operator!=(const RetainPtr<T>& a, U* b)
+    {
+        return a.get() != b; 
+    }
+
+    template <typename T, typename U> inline bool operator!=(T* a, const RetainPtr<U>& b)
+    { 
+        return a != b.get(); 
+    }
+
+} // namespace WTF
+
+using WTF::AdoptCF;
+using WTF::AdoptNS;
+using WTF::RetainPtr;
+
+#endif // WTF_RetainPtr_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/SegmentedVector.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/SegmentedVector.h
new file mode 100644
index 000000000..b1cbc4dcf
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/SegmentedVector.h
@@ -0,0 +1,255 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SegmentedVector_h
+#define SegmentedVector_h
+
+#include <wtf/Vector.h>
+
+namespace WTF {
+
+    // An iterator for SegmentedVector. It supports only the pre ++ operator
+    template <typename T, size_t SegmentSize> class SegmentedVector;
+    template <typename T, size_t SegmentSize> class SegmentedVectorIterator {
+    private:
+        friend class SegmentedVector<T, SegmentSize>;
+    public:
+        typedef SegmentedVectorIterator<T, SegmentSize> Iterator;
+
+        ~SegmentedVectorIterator() { }
+
+        T& operator*() const { return m_vector.m_segments.at(m_segment)->at(m_index); }
+        T* operator->() const { return &m_vector.m_segments.at(m_segment)->at(m_index); }
+
+        // Only prefix ++ operator supported
+        Iterator& operator++()
+        {
+            ASSERT(m_index != SegmentSize);
+            ++m_index;
+            if (m_index >= m_vector.m_segments.at(m_segment)->size())  {
+                if (m_segment + 1 < m_vector.m_segments.size()) {
+                    ASSERT(m_vector.m_segments.at(m_segment)->size() > 0);
+                    ++m_segment;
+                    m_index = 0;
+                } else {
+                    // Points to the "end" symbol
+                    m_segment = 0;
+                    m_index = SegmentSize;
+                }
+            }
+            return *this;
+        }
+
+        bool operator==(const Iterator& other) const
+        {
+            return (m_index == other.m_index && m_segment = other.m_segment && &m_vector == &other.m_vector);
+        }
+
+        bool operator!=(const Iterator& other) const
+        {
+            return (m_index != other.m_index || m_segment != other.m_segment || &m_vector != &other.m_vector);
+        }
+
+        SegmentedVectorIterator& operator=(const SegmentedVectorIterator<T, SegmentSize>& other)
+        {
+            m_vector = other.m_vector;
+            m_segment = other.m_segment;
+            m_index = other.m_index;
+            return *this;
+        }
+
+    private:
+        SegmentedVectorIterator(SegmentedVector<T, SegmentSize>& vector, size_t segment, size_t index)
+            : m_vector(vector)
+            , m_segment(segment)
+            , m_index(index)
+        {
+        }
+
+        SegmentedVector<T, SegmentSize>& m_vector;
+        size_t m_segment;
+        size_t m_index;
+    };
+
+    // SegmentedVector is just like Vector, but it doesn't move the values
+    // stored in its buffer when it grows. Therefore, it is safe to keep
+    // pointers into a SegmentedVector.
+    template <typename T, size_t SegmentSize> class SegmentedVector {
+        friend class SegmentedVectorIterator<T, SegmentSize>;
+    public:
+        typedef SegmentedVectorIterator<T, SegmentSize> Iterator;
+
+        SegmentedVector()
+            : m_size(0)
+        {
+            m_segments.append(&m_inlineSegment);
+        }
+
+        ~SegmentedVector()
+        {
+            deleteAllSegments();
+        }
+
+        size_t size() const { return m_size; }
+        bool isEmpty() const { return !size(); }
+
+        T& at(size_t index)
+        {
+            if (index < SegmentSize)
+                return m_inlineSegment[index];
+            return segmentFor(index)->at(subscriptFor(index));
+        }
+
+        T& operator[](size_t index)
+        {
+            return at(index);
+        }
+
+        T& last()
+        {
+            return at(size() - 1);
+        }
+
+        template <typename U> void append(const U& value)
+        {
+            ++m_size;
+
+            if (m_size <= SegmentSize) {
+                m_inlineSegment.uncheckedAppend(value);
+                return;
+            }
+
+            if (!segmentExistsFor(m_size - 1))
+                m_segments.append(new Segment);
+            segmentFor(m_size - 1)->uncheckedAppend(value);
+        }
+
+        T& alloc()
+        {
+            append<T>(T());
+            return last();
+        }
+
+        void removeLast()
+        {
+            if (m_size <= SegmentSize)
+                m_inlineSegment.removeLast();
+            else
+                segmentFor(m_size - 1)->removeLast();
+            --m_size;
+        }
+
+        void grow(size_t size)
+        {
+            ASSERT(size > m_size);
+            ensureSegmentsFor(size);
+            m_size = size;
+        }
+
+        void clear()
+        {
+            deleteAllSegments();
+            m_segments.resize(1);
+            m_inlineSegment.clear();
+            m_size = 0;
+        }
+
+        Iterator begin()
+        {
+            return Iterator(*this, 0, m_size ? 0 : SegmentSize);
+        }
+
+        Iterator end()
+        {
+            return Iterator(*this, 0, SegmentSize);
+        }
+
+    private:
+        typedef Vector<T, SegmentSize> Segment;
+
+        void deleteAllSegments()
+        {
+            // Skip the first segment, because it's our inline segment, which was
+            // not created by new.
+            for (size_t i = 1; i < m_segments.size(); i++)
+                delete m_segments[i];
+        }
+
+        bool segmentExistsFor(size_t index)
+        {
+            return index / SegmentSize < m_segments.size();
+        }
+
+        Segment* segmentFor(size_t index)
+        {
+            return m_segments[index / SegmentSize];
+        }
+
+        size_t subscriptFor(size_t index)
+        {
+            return index % SegmentSize;
+        }
+
+        void ensureSegmentsFor(size_t size)
+        {
+            size_t segmentCount = m_size / SegmentSize;
+            if (m_size % SegmentSize)
+                ++segmentCount;
+            segmentCount = std::max<size_t>(segmentCount, 1); // We always have at least our inline segment.
+
+            size_t neededSegmentCount = size / SegmentSize;
+            if (size % SegmentSize)
+                ++neededSegmentCount;
+
+            // Fill up to N - 1 segments.
+            size_t end = neededSegmentCount - 1;
+            for (size_t i = segmentCount - 1; i < end; ++i)
+                ensureSegment(i, SegmentSize);
+
+            // Grow segment N to accomodate the remainder.
+            ensureSegment(end, subscriptFor(size - 1) + 1);
+        }
+
+        void ensureSegment(size_t segmentIndex, size_t size)
+        {
+            ASSERT(segmentIndex <= m_segments.size());
+            if (segmentIndex == m_segments.size())
+                m_segments.append(new Segment);
+            m_segments[segmentIndex]->grow(size);
+        }
+
+        size_t m_size;
+        Segment m_inlineSegment;
+        Vector<Segment*, 32> m_segments;
+    };
+
+} // namespace WTF
+
+using WTF::SegmentedVector;
+
+#endif // SegmentedVector_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StdLibExtras.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StdLibExtras.h
new file mode 100644
index 000000000..d21d1ffcc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StdLibExtras.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_StdLibExtras_h
+#define WTF_StdLibExtras_h
+
+#include <wtf/Platform.h>
+#include <wtf/Assertions.h>
+
+// Use these to declare and define a static local variable (static T;) so that
+//  it is leaked so that its destructors are not called at exit. Using this
+//  macro also allows workarounds a compiler bug present in Apple's version of GCC 4.0.1.
+#if COMPILER(GCC) && defined(__APPLE_CC__) && __GNUC__ == 4 && __GNUC_MINOR__ == 0 && __GNUC_PATCHLEVEL__ == 1
+#define DEFINE_STATIC_LOCAL(type, name, arguments) \
+    static type* name##Ptr = new type arguments; \
+    type& name = *name##Ptr
+#else
+#define DEFINE_STATIC_LOCAL(type, name, arguments) \
+    static type& name = *new type arguments
+#endif
+
+// OBJECT_OFFSETOF: Like the C++ offsetof macro, but you can use it with classes.
+// The magic number 0x4000 is insignificant. We use it to avoid using NULL, since
+// NULL can cause compiler problems, especially in cases of multiple inheritance.
+#define OBJECT_OFFSETOF(class, field) (reinterpret_cast<ptrdiff_t>(&(reinterpret_cast<class*>(0x4000)->field)) - 0x4000)
+
+namespace WTF {
+
+    /*
+     * C++'s idea of a reinterpret_cast lacks sufficient cojones.
+     */
+    template<typename TO, typename FROM>
+    TO bitwise_cast(FROM from)
+    {
+        COMPILE_ASSERT(sizeof(TO) == sizeof(FROM), WTF_bitwise_cast_sizeof_casted_types_is_equal);
+        union {
+            FROM from;
+            TO to;
+        } u;
+        u.from = from;
+        return u.to;
+    }
+
+} // namespace WTF
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StringExtras.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StringExtras.h
new file mode 100644
index 000000000..559e3f2ff
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/StringExtras.h
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2006 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_StringExtras_h
+#define WTF_StringExtras_h
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#if HAVE(STRINGS_H) 
+#include <strings.h> 
+#endif 
+
+#if COMPILER(MSVC)
+
+inline int snprintf(char* buffer, size_t count, const char* format, ...) 
+{
+    int result;
+    va_list args;
+    va_start(args, format);
+    result = _vsnprintf(buffer, count, format, args);
+    va_end(args);
+    return result;
+}
+
+#if COMPILER(MSVC7) || PLATFORM(WINCE)
+
+inline int vsnprintf(char* buffer, size_t count, const char* format, va_list args)
+{
+    return _vsnprintf(buffer, count, format, args);
+}
+
+#endif
+
+#if PLATFORM(WINCE)
+
+inline int strnicmp(const char* string1, const char* string2, size_t count)
+{
+    return _strnicmp(string1, string2, count);
+}
+
+inline int stricmp(const char* string1, const char* string2)
+{
+    return _stricmp(string1, string2);
+}
+
+inline char* strdup(const char* strSource)
+{
+    return _strdup(strSource);
+}
+
+#endif
+
+inline int strncasecmp(const char* s1, const char* s2, size_t len)
+{
+    return strnicmp(s1, s2, len);
+}
+
+inline int strcasecmp(const char* s1, const char* s2)
+{
+    return stricmp(s1, s2);
+}
+
+#endif
+
+#if PLATFORM(WIN_OS) || PLATFORM(LINUX)
+
+inline char* strnstr(const char* buffer, const char* target, size_t bufferLength)
+{
+    size_t targetLength = strlen(target);
+    if (targetLength == 0)
+        return const_cast<char*>(buffer);
+    for (const char* start = buffer; *start && start + targetLength <= buffer + bufferLength; start++) {
+        if (*start == *target && strncmp(start + 1, target + 1, targetLength - 1) == 0)
+            return const_cast<char*>(start);
+    }
+    return 0;
+}
+
+#endif
+
+#endif // WTF_StringExtras_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPackedCache.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPackedCache.h
new file mode 100644
index 000000000..0464f8fdc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPackedCache.h
@@ -0,0 +1,234 @@
+// Copyright (c) 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Geoff Pike
+//
+// This file provides a minimal cache that can hold a <key, value> pair
+// with little if any wasted space.  The types of the key and value
+// must be unsigned integral types or at least have unsigned semantics
+// for >>, casting, and similar operations.
+//
+// Synchronization is not provided.  However, the cache is implemented
+// as an array of cache entries whose type is chosen at compile time.
+// If a[i] is atomic on your hardware for the chosen array type then
+// raciness will not necessarily lead to bugginess.  The cache entries
+// must be large enough to hold a partial key and a value packed
+// together.  The partial keys are bit strings of length
+// kKeybits - kHashbits, and the values are bit strings of length kValuebits.
+//
+// In an effort to use minimal space, every cache entry represents
+// some <key, value> pair; the class provides no way to mark a cache
+// entry as empty or uninitialized.  In practice, you may want to have
+// reserved keys or values to get around this limitation.  For example, in
+// tcmalloc's PageID-to-sizeclass cache, a value of 0 is used as
+// "unknown sizeclass."
+//
+// Usage Considerations
+// --------------------
+//
+// kHashbits controls the size of the cache.  The best value for
+// kHashbits will of course depend on the application.  Perhaps try
+// tuning the value of kHashbits by measuring different values on your
+// favorite benchmark.  Also remember not to be a pig; other
+// programs that need resources may suffer if you are.
+//
+// The main uses for this class will be when performance is
+// critical and there's a convenient type to hold the cache's
+// entries.  As described above, the number of bits required
+// for a cache entry is (kKeybits - kHashbits) + kValuebits.  Suppose
+// kKeybits + kValuebits is 43.  Then it probably makes sense to
+// chose kHashbits >= 11 so that cache entries fit in a uint32.
+//
+// On the other hand, suppose kKeybits = kValuebits = 64.  Then
+// using this class may be less worthwhile.  You'll probably
+// be using 128 bits for each entry anyway, so maybe just pick
+// a hash function, H, and use an array indexed by H(key):
+//    void Put(K key, V value) { a_[H(key)] = pair<K, V>(key, value); }
+//    V GetOrDefault(K key, V default) { const pair<K, V> &p = a_[H(key)]; ... }
+//    etc.
+//
+// Further Details
+// ---------------
+//
+// For caches used only by one thread, the following is true:
+// 1. For a cache c,
+//      (c.Put(key, value), c.GetOrDefault(key, 0)) == value
+//    and
+//      (c.Put(key, value), <...>, c.GetOrDefault(key, 0)) == value
+//    if the elided code contains no c.Put calls.
+//
+// 2. Has(key) will return false if no <key, value> pair with that key
+//    has ever been Put.  However, a newly initialized cache will have
+//    some <key, value> pairs already present.  When you create a new
+//    cache, you must specify an "initial value."  The initialization
+//    procedure is equivalent to Clear(initial_value), which is
+//    equivalent to Put(k, initial_value) for all keys k from 0 to
+//    2^kHashbits - 1.
+//
+// 3. If key and key' differ then the only way Put(key, value) may
+//    cause Has(key') to change is that Has(key') may change from true to
+//    false. Furthermore, a Put() call that doesn't change Has(key')
+//    doesn't change GetOrDefault(key', ...) either.
+//
+// Implementation details:
+//
+// This is a direct-mapped cache with 2^kHashbits entries;
+// the hash function simply takes the low bits of the key.
+// So, we don't have to store the low bits of the key in the entries.
+// Instead, an entry is the high bits of a key and a value, packed
+// together.  E.g., a 20 bit key and a 7 bit value only require
+// a uint16 for each entry if kHashbits >= 11.
+//
+// Alternatives to this scheme will be added as needed.
+
+#ifndef TCMALLOC_PACKED_CACHE_INL_H__
+#define TCMALLOC_PACKED_CACHE_INL_H__
+
+#ifndef WTF_CHANGES
+#include "base/basictypes.h"  // for COMPILE_ASSERT
+#include "base/logging.h"     // for DCHECK
+#endif
+
+#ifndef DCHECK_EQ
+#define DCHECK_EQ(val1, val2) ASSERT((val1) == (val2))
+#endif
+
+// A safe way of doing "(1 << n) - 1" -- without worrying about overflow
+// Note this will all be resolved to a constant expression at compile-time
+#define N_ONES_(IntType, N)                                     \
+  ( (N) == 0 ? 0 : ((static_cast<IntType>(1) << ((N)-1))-1 +    \
+                    (static_cast<IntType>(1) << ((N)-1))) )
+
+// The types K and V provide upper bounds on the number of valid keys
+// and values, but we explicitly require the keys to be less than
+// 2^kKeybits and the values to be less than 2^kValuebits.  The size of
+// the table is controlled by kHashbits, and the type of each entry in
+// the cache is T.  See also the big comment at the top of the file.
+template <int kKeybits, typename T>
+class PackedCache {
+ public:
+  typedef uintptr_t K;
+  typedef size_t V;
+  static const size_t kHashbits = 12;
+  static const size_t kValuebits = 8;
+
+  explicit PackedCache(V initial_value) {
+    COMPILE_ASSERT(kKeybits <= sizeof(K) * 8, key_size);
+    COMPILE_ASSERT(kValuebits <= sizeof(V) * 8, value_size);
+    COMPILE_ASSERT(kHashbits <= kKeybits, hash_function);
+    COMPILE_ASSERT(kKeybits - kHashbits + kValuebits <= kTbits,
+                   entry_size_must_be_big_enough);
+    Clear(initial_value);
+  }
+
+  void Put(K key, V value) {
+    DCHECK_EQ(key, key & kKeyMask);
+    DCHECK_EQ(value, value & kValueMask);
+    array_[Hash(key)] = static_cast<T>(KeyToUpper(key) | value);
+  }
+
+  bool Has(K key) const {
+    DCHECK_EQ(key, key & kKeyMask);
+    return KeyMatch(array_[Hash(key)], key);
+  }
+
+  V GetOrDefault(K key, V default_value) const {
+    // As with other code in this class, we touch array_ as few times
+    // as we can.  Assuming entries are read atomically (e.g., their
+    // type is uintptr_t on most hardware) then certain races are
+    // harmless.
+    DCHECK_EQ(key, key & kKeyMask);
+    T entry = array_[Hash(key)];
+    return KeyMatch(entry, key) ? EntryToValue(entry) : default_value;
+  }
+
+  void Clear(V value) {
+    DCHECK_EQ(value, value & kValueMask);
+    for (int i = 0; i < 1 << kHashbits; i++) {
+      array_[i] = static_cast<T>(value);
+    }
+  }
+
+ private:
+  // We are going to pack a value and the upper part of a key into
+  // an entry of type T.  The UPPER type is for the upper part of a key,
+  // after the key has been masked and shifted for inclusion in an entry.
+  typedef T UPPER;
+
+  static V EntryToValue(T t) { return t & kValueMask; }
+
+  static UPPER EntryToUpper(T t) { return t & kUpperMask; }
+
+  // If v is a V and u is an UPPER then you can create an entry by
+  // doing u | v.  kHashbits determines where in a K to find the upper
+  // part of the key, and kValuebits determines where in the entry to put
+  // it.
+  static UPPER KeyToUpper(K k) {
+    const int shift = kHashbits - kValuebits;
+    // Assume kHashbits >= kValuebits. It would be easy to lift this assumption.
+    return static_cast<T>(k >> shift) & kUpperMask;
+  }
+
+  // This is roughly the inverse of KeyToUpper().  Some of the key has been
+  // thrown away, since KeyToUpper() masks off the low bits of the key.
+  static K UpperToPartialKey(UPPER u) {
+    DCHECK_EQ(u, u & kUpperMask);
+    const int shift = kHashbits - kValuebits;
+    // Assume kHashbits >= kValuebits. It would be easy to lift this assumption.
+    return static_cast<K>(u) << shift;
+  }
+
+  static size_t Hash(K key) {
+    return static_cast<size_t>(key) & N_ONES_(size_t, kHashbits);
+  }
+
+  // Does the entry's partial key match the relevant part of the given key?
+  static bool KeyMatch(T entry, K key) {
+    return ((KeyToUpper(key) ^ entry) & kUpperMask) == 0;
+  }
+
+  static const size_t kTbits = 8 * sizeof(T);
+  static const int kUpperbits = kKeybits - kHashbits;
+
+  // For masking a K.
+  static const K kKeyMask = N_ONES_(K, kKeybits);
+
+  // For masking a T.
+  static const T kUpperMask = N_ONES_(T, kUpperbits) << kValuebits;
+
+  // For masking a V or a T.
+  static const V kValueMask = N_ONES_(V, kValuebits);
+
+  T array_[1 << kHashbits];
+};
+
+#undef N_ONES_
+
+#endif  // TCMALLOC_PACKED_CACHE_INL_H__
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPageMap.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPageMap.h
new file mode 100644
index 000000000..3f56c24bb
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCPageMap.h
@@ -0,0 +1,316 @@
+// Copyright (c) 2005, Google Inc.
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Sanjay Ghemawat <opensource@google.com>
+//
+// A data structure used by the caching malloc.  It maps from page# to
+// a pointer that contains info about that page.  We use two
+// representations: one for 32-bit addresses, and another for 64 bit
+// addresses.  Both representations provide the same interface.  The
+// first representation is implemented as a flat array, the seconds as
+// a three-level radix tree that strips away approximately 1/3rd of
+// the bits every time.
+//
+// The BITS parameter should be the number of bits required to hold
+// a page number.  E.g., with 32 bit pointers and 4K pages (i.e.,
+// page offset fits in lower 12 bits), BITS == 20.
+
+#ifndef TCMALLOC_PAGEMAP_H__
+#define TCMALLOC_PAGEMAP_H__
+
+#if HAVE(STDINT_H)
+#include <stdint.h>
+#elif HAVE(INTTYPES_H)
+#include <inttypes.h>
+#else
+#include <sys/types.h>
+#endif
+
+#include <string.h>
+#include "Assertions.h"
+
+// Single-level array
+template <int BITS>
+class TCMalloc_PageMap1 {
+ private:
+  void** array_;
+
+ public:
+  typedef uintptr_t Number;
+
+  void init(void* (*allocator)(size_t)) {
+    array_ = reinterpret_cast<void**>((*allocator)(sizeof(void*) << BITS));
+    memset(array_, 0, sizeof(void*) << BITS);
+  }
+
+  // Ensure that the map contains initialized entries "x .. x+n-1".
+  // Returns true if successful, false if we could not allocate memory.
+  bool Ensure(Number x, size_t n) {
+    // Nothing to do since flat array was allocate at start
+    return true;
+  }
+
+  void PreallocateMoreMemory() {}
+
+  // REQUIRES "k" is in range "[0,2^BITS-1]".
+  // REQUIRES "k" has been ensured before.
+  //
+  // Return the current value for KEY.  Returns "Value()" if not
+  // yet set.
+  void* get(Number k) const {
+    return array_[k];
+  }
+
+  // REQUIRES "k" is in range "[0,2^BITS-1]".
+  // REQUIRES "k" has been ensured before.
+  //
+  // Sets the value for KEY.
+  void set(Number k, void* v) {
+    array_[k] = v;
+  }
+};
+
+// Two-level radix tree
+template <int BITS>
+class TCMalloc_PageMap2 {
+ private:
+  // Put 32 entries in the root and (2^BITS)/32 entries in each leaf.
+  static const int ROOT_BITS = 5;
+  static const int ROOT_LENGTH = 1 << ROOT_BITS;
+
+  static const int LEAF_BITS = BITS - ROOT_BITS;
+  static const int LEAF_LENGTH = 1 << LEAF_BITS;
+
+  // Leaf node
+  struct Leaf {
+    void* values[LEAF_LENGTH];
+  };
+
+  Leaf* root_[ROOT_LENGTH];             // Pointers to 32 child nodes
+  void* (*allocator_)(size_t);          // Memory allocator
+
+ public:
+  typedef uintptr_t Number;
+
+  void init(void* (*allocator)(size_t)) {
+    allocator_ = allocator;
+    memset(root_, 0, sizeof(root_));
+  }
+
+  void* get(Number k) const {
+    ASSERT(k >> BITS == 0);
+    const Number i1 = k >> LEAF_BITS;
+    const Number i2 = k & (LEAF_LENGTH-1);
+    return root_[i1]->values[i2];
+  }
+
+  void set(Number k, void* v) {
+    ASSERT(k >> BITS == 0);
+    const Number i1 = k >> LEAF_BITS;
+    const Number i2 = k & (LEAF_LENGTH-1);
+    root_[i1]->values[i2] = v;
+  }
+
+  bool Ensure(Number start, size_t n) {
+    for (Number key = start; key <= start + n - 1; ) {
+      const Number i1 = key >> LEAF_BITS;
+
+      // Make 2nd level node if necessary
+      if (root_[i1] == NULL) {
+        Leaf* leaf = reinterpret_cast<Leaf*>((*allocator_)(sizeof(Leaf)));
+        if (leaf == NULL) return false;
+        memset(leaf, 0, sizeof(*leaf));
+        root_[i1] = leaf;
+      }
+
+      // Advance key past whatever is covered by this leaf node
+      key = ((key >> LEAF_BITS) + 1) << LEAF_BITS;
+    }
+    return true;
+  }
+
+  void PreallocateMoreMemory() {
+    // Allocate enough to keep track of all possible pages
+    Ensure(0, 1 << BITS);
+  }
+
+#ifdef WTF_CHANGES
+  template<class Visitor, class MemoryReader>
+  void visitValues(Visitor& visitor, const MemoryReader& reader)
+  {
+    for (int i = 0; i < ROOT_LENGTH; i++) {
+      if (!root_[i])
+        continue;
+
+      Leaf* l = reader(reinterpret_cast<Leaf*>(root_[i]));
+      for (int j = 0; j < LEAF_LENGTH; j += visitor.visit(l->values[j]))
+        ;
+    }
+  }
+
+  template<class Visitor, class MemoryReader>
+  void visitAllocations(Visitor& visitor, const MemoryReader&) {
+    for (int i = 0; i < ROOT_LENGTH; i++) {
+      if (root_[i])
+        visitor.visit(root_[i], sizeof(Leaf));
+    }
+  }
+#endif
+};
+
+// Three-level radix tree
+template <int BITS>
+class TCMalloc_PageMap3 {
+ private:
+  // How many bits should we consume at each interior level
+  static const int INTERIOR_BITS = (BITS + 2) / 3; // Round-up
+  static const int INTERIOR_LENGTH = 1 << INTERIOR_BITS;
+
+  // How many bits should we consume at leaf level
+  static const int LEAF_BITS = BITS - 2*INTERIOR_BITS;
+  static const int LEAF_LENGTH = 1 << LEAF_BITS;
+
+  // Interior node
+  struct Node {
+    Node* ptrs[INTERIOR_LENGTH];
+  };
+
+  // Leaf node
+  struct Leaf {
+    void* values[LEAF_LENGTH];
+  };
+
+  Node* root_;                          // Root of radix tree
+  void* (*allocator_)(size_t);          // Memory allocator
+
+  Node* NewNode() {
+    Node* result = reinterpret_cast<Node*>((*allocator_)(sizeof(Node)));
+    if (result != NULL) {
+      memset(result, 0, sizeof(*result));
+    }
+    return result;
+  }
+
+ public:
+  typedef uintptr_t Number;
+
+  void init(void* (*allocator)(size_t)) {
+    allocator_ = allocator;
+    root_ = NewNode();
+  }
+
+  void* get(Number k) const {
+    ASSERT(k >> BITS == 0);
+    const Number i1 = k >> (LEAF_BITS + INTERIOR_BITS);
+    const Number i2 = (k >> LEAF_BITS) & (INTERIOR_LENGTH-1);
+    const Number i3 = k & (LEAF_LENGTH-1);
+    return reinterpret_cast<Leaf*>(root_->ptrs[i1]->ptrs[i2])->values[i3];
+  }
+
+  void set(Number k, void* v) {
+    ASSERT(k >> BITS == 0);
+    const Number i1 = k >> (LEAF_BITS + INTERIOR_BITS);
+    const Number i2 = (k >> LEAF_BITS) & (INTERIOR_LENGTH-1);
+    const Number i3 = k & (LEAF_LENGTH-1);
+    reinterpret_cast<Leaf*>(root_->ptrs[i1]->ptrs[i2])->values[i3] = v;
+  }
+
+  bool Ensure(Number start, size_t n) {
+    for (Number key = start; key <= start + n - 1; ) {
+      const Number i1 = key >> (LEAF_BITS + INTERIOR_BITS);
+      const Number i2 = (key >> LEAF_BITS) & (INTERIOR_LENGTH-1);
+
+      // Make 2nd level node if necessary
+      if (root_->ptrs[i1] == NULL) {
+        Node* n = NewNode();
+        if (n == NULL) return false;
+        root_->ptrs[i1] = n;
+      }
+
+      // Make leaf node if necessary
+      if (root_->ptrs[i1]->ptrs[i2] == NULL) {
+        Leaf* leaf = reinterpret_cast<Leaf*>((*allocator_)(sizeof(Leaf)));
+        if (leaf == NULL) return false;
+        memset(leaf, 0, sizeof(*leaf));
+        root_->ptrs[i1]->ptrs[i2] = reinterpret_cast<Node*>(leaf);
+      }
+
+      // Advance key past whatever is covered by this leaf node
+      key = ((key >> LEAF_BITS) + 1) << LEAF_BITS;
+    }
+    return true;
+  }
+
+  void PreallocateMoreMemory() {
+  }
+
+#ifdef WTF_CHANGES
+  template<class Visitor, class MemoryReader>
+  void visitValues(Visitor& visitor, const MemoryReader& reader) {
+    Node* root = reader(root_);
+    for (int i = 0; i < INTERIOR_LENGTH; i++) {
+      if (!root->ptrs[i])
+        continue;
+
+      Node* n = reader(root->ptrs[i]);
+      for (int j = 0; j < INTERIOR_LENGTH; j++) {
+        if (!n->ptrs[j])
+          continue;
+
+        Leaf* l = reader(reinterpret_cast<Leaf*>(n->ptrs[j]));
+        for (int k = 0; k < LEAF_LENGTH; k += visitor.visit(l->values[k]))
+          ;
+      }
+    }
+  }
+
+  template<class Visitor, class MemoryReader>
+  void visitAllocations(Visitor& visitor, const MemoryReader& reader) {
+    visitor.visit(root_, sizeof(Node));
+
+    Node* root = reader(root_);
+    for (int i = 0; i < INTERIOR_LENGTH; i++) {
+      if (!root->ptrs[i])
+        continue;
+
+      visitor.visit(root->ptrs[i], sizeof(Node));
+      Node* n = reader(root->ptrs[i]);
+      for (int j = 0; j < INTERIOR_LENGTH; j++) {
+        if (!n->ptrs[j])
+          continue;
+
+        visitor.visit(n->ptrs[j], sizeof(Leaf));
+      }
+    }
+  }
+#endif
+};
+
+#endif  // TCMALLOC_PAGEMAP_H__
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSpinLock.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSpinLock.h
new file mode 100644
index 000000000..4cf30c2ba
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSpinLock.h
@@ -0,0 +1,240 @@
+// Copyright (c) 2005, 2006, Google Inc.
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Sanjay Ghemawat <opensource@google.com>
+
+#ifndef TCMALLOC_INTERNAL_SPINLOCK_H__
+#define TCMALLOC_INTERNAL_SPINLOCK_H__
+
+#if (PLATFORM(X86) || PLATFORM(PPC)) && (COMPILER(GCC) || COMPILER(MSVC))
+
+#include <time.h>       /* For nanosleep() */
+
+#include <sched.h>      /* For sched_yield() */
+
+#if HAVE(STDINT_H)
+#include <stdint.h>
+#elif HAVE(INTTYPES_H)
+#include <inttypes.h>
+#else
+#include <sys/types.h>
+#endif
+
+#if PLATFORM(WIN_OS)
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#endif
+
+static void TCMalloc_SlowLock(volatile unsigned int* lockword);
+
+// The following is a struct so that it can be initialized at compile time
+struct TCMalloc_SpinLock {
+
+  inline void Lock() {
+    int r;
+#if COMPILER(GCC)
+#if PLATFORM(X86)
+    __asm__ __volatile__
+      ("xchgl %0, %1"
+       : "=r"(r), "=m"(lockword_)
+       : "0"(1), "m"(lockword_)
+       : "memory");
+#else
+    volatile unsigned int *lockword_ptr = &lockword_;
+    __asm__ __volatile__
+        ("1: lwarx %0, 0, %1\n\t"
+         "stwcx. %2, 0, %1\n\t"
+         "bne- 1b\n\t"
+         "isync"
+         : "=&r" (r), "=r" (lockword_ptr)
+         : "r" (1), "1" (lockword_ptr)
+         : "memory");
+#endif
+#elif COMPILER(MSVC)
+    __asm {
+        mov eax, this    ; store &lockword_ (which is this+0) in eax
+        mov ebx, 1       ; store 1 in ebx
+        xchg [eax], ebx  ; exchange lockword_ and 1
+        mov r, ebx       ; store old value of lockword_ in r
+    }
+#endif
+    if (r) TCMalloc_SlowLock(&lockword_);
+  }
+
+  inline void Unlock() {
+#if COMPILER(GCC)
+#if PLATFORM(X86)
+    __asm__ __volatile__
+      ("movl $0, %0"
+       : "=m"(lockword_)
+       : "m" (lockword_)
+       : "memory");
+#else
+    __asm__ __volatile__
+      ("isync\n\t"
+       "eieio\n\t"
+       "stw %1, %0"
+#if PLATFORM(DARWIN) || PLATFORM(PPC)
+       : "=o" (lockword_)
+#else
+       : "=m" (lockword_) 
+#endif
+       : "r" (0)
+       : "memory");
+#endif
+#elif COMPILER(MSVC)
+      __asm {
+          mov eax, this  ; store &lockword_ (which is this+0) in eax
+          mov [eax], 0   ; set lockword_ to 0
+      }
+#endif
+  }
+    // Report if we think the lock can be held by this thread.
+    // When the lock is truly held by the invoking thread
+    // we will always return true.
+    // Indended to be used as CHECK(lock.IsHeld());
+    inline bool IsHeld() const {
+        return lockword_ != 0;
+    }
+
+    inline void Init() { lockword_ = 0; }
+
+    volatile unsigned int lockword_;
+};
+
+#define SPINLOCK_INITIALIZER { 0 }
+
+static void TCMalloc_SlowLock(volatile unsigned int* lockword) {
+  sched_yield();        // Yield immediately since fast path failed
+  while (true) {
+    int r;
+#if COMPILER(GCC)
+#if PLATFORM(X86)
+    __asm__ __volatile__
+      ("xchgl %0, %1"
+       : "=r"(r), "=m"(*lockword)
+       : "0"(1), "m"(*lockword)
+       : "memory");
+
+#else
+    int tmp = 1;
+    __asm__ __volatile__
+        ("1: lwarx %0, 0, %1\n\t"
+         "stwcx. %2, 0, %1\n\t"
+         "bne- 1b\n\t"
+         "isync"
+         : "=&r" (r), "=r" (lockword)
+         : "r" (tmp), "1" (lockword)
+         : "memory");
+#endif
+#elif COMPILER(MSVC)
+    __asm {
+        mov eax, lockword     ; assign lockword into eax
+        mov ebx, 1            ; assign 1 into ebx
+        xchg [eax], ebx       ; exchange *lockword and 1
+        mov r, ebx            ; store old value of *lockword in r
+    }
+#endif
+    if (!r) {
+      return;
+    }
+
+    // This code was adapted from the ptmalloc2 implementation of
+    // spinlocks which would sched_yield() upto 50 times before
+    // sleeping once for a few milliseconds.  Mike Burrows suggested
+    // just doing one sched_yield() outside the loop and always
+    // sleeping after that.  This change helped a great deal on the
+    // performance of spinlocks under high contention.  A test program
+    // with 10 threads on a dual Xeon (four virtual processors) went
+    // from taking 30 seconds to 16 seconds.
+
+    // Sleep for a few milliseconds
+#if PLATFORM(WIN_OS)
+    Sleep(2);
+#else
+    struct timespec tm;
+    tm.tv_sec = 0;
+    tm.tv_nsec = 2000001;
+    nanosleep(&tm, NULL);
+#endif
+  }
+}
+
+#else
+
+#include <pthread.h>
+
+// Portable version
+struct TCMalloc_SpinLock {
+  pthread_mutex_t private_lock_;
+
+  inline void Init() {
+    if (pthread_mutex_init(&private_lock_, NULL) != 0) CRASH();
+  }
+  inline void Finalize() {
+    if (pthread_mutex_destroy(&private_lock_) != 0) CRASH();
+  }
+  inline void Lock() {
+    if (pthread_mutex_lock(&private_lock_) != 0) CRASH();
+  }
+  inline void Unlock() {
+    if (pthread_mutex_unlock(&private_lock_) != 0) CRASH();
+  }
+  bool IsHeld() {
+    if (pthread_mutex_trylock(&private_lock_))
+      return true;
+
+    Unlock();
+    return false;
+  }
+};
+
+#define SPINLOCK_INITIALIZER { PTHREAD_MUTEX_INITIALIZER }
+
+#endif
+
+// Corresponding locker object that arranges to acquire a spinlock for
+// the duration of a C++ scope.
+class TCMalloc_SpinLockHolder {
+ private:
+  TCMalloc_SpinLock* lock_;
+ public:
+  inline explicit TCMalloc_SpinLockHolder(TCMalloc_SpinLock* l)
+    : lock_(l) { l->Lock(); }
+  inline ~TCMalloc_SpinLockHolder() { lock_->Unlock(); }
+};
+
+// Short-hands for convenient use by tcmalloc.cc
+typedef TCMalloc_SpinLock SpinLock;
+typedef TCMalloc_SpinLockHolder SpinLockHolder;
+
+#endif  // TCMALLOC_INTERNAL_SPINLOCK_H__
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.cpp
new file mode 100644
index 000000000..a43baa870
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.cpp
@@ -0,0 +1,521 @@
+// Copyright (c) 2005, 2007, Google Inc.
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Sanjay Ghemawat
+
+#include "config.h"
+#include "TCSystemAlloc.h"
+
+#include <algorithm>
+#include <fcntl.h>
+#include "Assertions.h"
+#include "TCSpinLock.h"
+#include "UnusedParam.h"
+
+#if HAVE(STDINT_H)
+#include <stdint.h>
+#elif HAVE(INTTYPES_H)
+#include <inttypes.h>
+#else
+#include <sys/types.h>
+#endif
+
+#if PLATFORM(WIN_OS)
+#include "windows.h"
+#else
+#include <errno.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#endif
+
+#ifndef MAP_ANONYMOUS
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+
+using namespace std;
+
+// Structure for discovering alignment
+union MemoryAligner {
+  void*  p;
+  double d;
+  size_t s;
+};
+
+static SpinLock spinlock = SPINLOCK_INITIALIZER;
+
+// Page size is initialized on demand
+static size_t pagesize = 0;
+
+// Configuration parameters.
+//
+// if use_devmem is true, either use_sbrk or use_mmap must also be true.
+// For 2.2 kernels, it looks like the sbrk address space (500MBish) and
+// the mmap address space (1300MBish) are disjoint, so we need both allocators
+// to get as much virtual memory as possible.
+#ifndef WTF_CHANGES
+static bool use_devmem = false;
+#endif
+
+#if HAVE(SBRK)
+static bool use_sbrk = false;
+#endif
+
+#if HAVE(MMAP)
+static bool use_mmap = true;
+#endif 
+
+#if HAVE(VIRTUALALLOC)
+static bool use_VirtualAlloc = true;
+#endif
+
+// Flags to keep us from retrying allocators that failed.
+static bool devmem_failure = false;
+static bool sbrk_failure = false;
+static bool mmap_failure = false;
+static bool VirtualAlloc_failure = false;
+
+#ifndef WTF_CHANGES
+DEFINE_int32(malloc_devmem_start, 0,
+             "Physical memory starting location in MB for /dev/mem allocation."
+             "  Setting this to 0 disables /dev/mem allocation");
+DEFINE_int32(malloc_devmem_limit, 0,
+             "Physical memory limit location in MB for /dev/mem allocation."
+             "  Setting this to 0 means no limit.");
+#else
+static const int32_t FLAGS_malloc_devmem_start = 0;
+static const int32_t FLAGS_malloc_devmem_limit = 0;
+#endif
+
+#if HAVE(SBRK)
+
+static void* TrySbrk(size_t size, size_t *actual_size, size_t alignment) {
+  size = ((size + alignment - 1) / alignment) * alignment;
+  
+  // could theoretically return the "extra" bytes here, but this
+  // is simple and correct.
+  if (actual_size) 
+    *actual_size = size;
+    
+  void* result = sbrk(size);
+  if (result == reinterpret_cast<void*>(-1)) {
+    sbrk_failure = true;
+    return NULL;
+  }
+
+  // Is it aligned?
+  uintptr_t ptr = reinterpret_cast<uintptr_t>(result);
+  if ((ptr & (alignment-1)) == 0)  return result;
+
+  // Try to get more memory for alignment
+  size_t extra = alignment - (ptr & (alignment-1));
+  void* r2 = sbrk(extra);
+  if (reinterpret_cast<uintptr_t>(r2) == (ptr + size)) {
+    // Contiguous with previous result
+    return reinterpret_cast<void*>(ptr + extra);
+  }
+
+  // Give up and ask for "size + alignment - 1" bytes so
+  // that we can find an aligned region within it.
+  result = sbrk(size + alignment - 1);
+  if (result == reinterpret_cast<void*>(-1)) {
+    sbrk_failure = true;
+    return NULL;
+  }
+  ptr = reinterpret_cast<uintptr_t>(result);
+  if ((ptr & (alignment-1)) != 0) {
+    ptr += alignment - (ptr & (alignment-1));
+  }
+  return reinterpret_cast<void*>(ptr);
+}
+
+#endif /* HAVE(SBRK) */
+
+#if HAVE(MMAP)
+
+static void* TryMmap(size_t size, size_t *actual_size, size_t alignment) {
+  // Enforce page alignment
+  if (pagesize == 0) pagesize = getpagesize();
+  if (alignment < pagesize) alignment = pagesize;
+  size = ((size + alignment - 1) / alignment) * alignment;
+  
+  // could theoretically return the "extra" bytes here, but this
+  // is simple and correct.
+  if (actual_size) 
+    *actual_size = size;
+    
+  // Ask for extra memory if alignment > pagesize
+  size_t extra = 0;
+  if (alignment > pagesize) {
+    extra = alignment - pagesize;
+  }
+  void* result = mmap(NULL, size + extra,
+                      PROT_READ | PROT_WRITE,
+                      MAP_PRIVATE|MAP_ANONYMOUS,
+                      -1, 0);
+  if (result == reinterpret_cast<void*>(MAP_FAILED)) {
+    mmap_failure = true;
+    return NULL;
+  }
+
+  // Adjust the return memory so it is aligned
+  uintptr_t ptr = reinterpret_cast<uintptr_t>(result);
+  size_t adjust = 0;
+  if ((ptr & (alignment - 1)) != 0) {
+    adjust = alignment - (ptr & (alignment - 1));
+  }
+
+  // Return the unused memory to the system
+  if (adjust > 0) {
+    munmap(reinterpret_cast<char*>(ptr), adjust);
+  }
+  if (adjust < extra) {
+    munmap(reinterpret_cast<char*>(ptr + adjust + size), extra - adjust);
+  }
+
+  ptr += adjust;
+  return reinterpret_cast<void*>(ptr);
+}
+
+#endif /* HAVE(MMAP) */
+
+#if HAVE(VIRTUALALLOC)
+
+static void* TryVirtualAlloc(size_t size, size_t *actual_size, size_t alignment) {
+  // Enforce page alignment
+  if (pagesize == 0) {
+    SYSTEM_INFO system_info;
+    GetSystemInfo(&system_info);
+    pagesize = system_info.dwPageSize;
+  }
+
+  if (alignment < pagesize) alignment = pagesize;
+  size = ((size + alignment - 1) / alignment) * alignment;
+
+  // could theoretically return the "extra" bytes here, but this
+  // is simple and correct.
+  if (actual_size) 
+    *actual_size = size;
+    
+  // Ask for extra memory if alignment > pagesize
+  size_t extra = 0;
+  if (alignment > pagesize) {
+    extra = alignment - pagesize;
+  }
+  void* result = VirtualAlloc(NULL, size + extra,
+                              MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN, 
+                              PAGE_READWRITE);
+
+  if (result == NULL) {
+    VirtualAlloc_failure = true;
+    return NULL;
+  }
+
+  // Adjust the return memory so it is aligned
+  uintptr_t ptr = reinterpret_cast<uintptr_t>(result);
+  size_t adjust = 0;
+  if ((ptr & (alignment - 1)) != 0) {
+    adjust = alignment - (ptr & (alignment - 1));
+  }
+
+  // Return the unused memory to the system - we'd like to release but the best we can do
+  // is decommit, since Windows only lets you free the whole allocation.
+  if (adjust > 0) {
+    VirtualFree(reinterpret_cast<void*>(ptr), adjust, MEM_DECOMMIT);
+  }
+  if (adjust < extra) {
+    VirtualFree(reinterpret_cast<void*>(ptr + adjust + size), extra-adjust, MEM_DECOMMIT);
+  }
+
+  ptr += adjust;
+  return reinterpret_cast<void*>(ptr);
+}
+
+#endif /* HAVE(MMAP) */
+
+#ifndef WTF_CHANGES
+static void* TryDevMem(size_t size, size_t *actual_size, size_t alignment) {
+  static bool initialized = false;
+  static off_t physmem_base;  // next physical memory address to allocate
+  static off_t physmem_limit; // maximum physical address allowed
+  static int physmem_fd;      // file descriptor for /dev/mem
+  
+  // Check if we should use /dev/mem allocation.  Note that it may take
+  // a while to get this flag initialized, so meanwhile we fall back to
+  // the next allocator.  (It looks like 7MB gets allocated before
+  // this flag gets initialized -khr.)
+  if (FLAGS_malloc_devmem_start == 0) {
+    // NOTE: not a devmem_failure - we'd like TCMalloc_SystemAlloc to
+    // try us again next time.
+    return NULL;
+  }
+  
+  if (!initialized) {
+    physmem_fd = open("/dev/mem", O_RDWR);
+    if (physmem_fd < 0) {
+      devmem_failure = true;
+      return NULL;
+    }
+    physmem_base = FLAGS_malloc_devmem_start*1024LL*1024LL;
+    physmem_limit = FLAGS_malloc_devmem_limit*1024LL*1024LL;
+    initialized = true;
+  }
+  
+  // Enforce page alignment
+  if (pagesize == 0) pagesize = getpagesize();
+  if (alignment < pagesize) alignment = pagesize;
+  size = ((size + alignment - 1) / alignment) * alignment;
+    
+  // could theoretically return the "extra" bytes here, but this
+  // is simple and correct.
+  if (actual_size)
+    *actual_size = size;
+    
+  // Ask for extra memory if alignment > pagesize
+  size_t extra = 0;
+  if (alignment > pagesize) {
+    extra = alignment - pagesize;
+  }
+  
+  // check to see if we have any memory left
+  if (physmem_limit != 0 && physmem_base + size + extra > physmem_limit) {
+    devmem_failure = true;
+    return NULL;
+  }
+  void *result = mmap(0, size + extra, PROT_READ | PROT_WRITE,
+                      MAP_SHARED, physmem_fd, physmem_base);
+  if (result == reinterpret_cast<void*>(MAP_FAILED)) {
+    devmem_failure = true;
+    return NULL;
+  }
+  uintptr_t ptr = reinterpret_cast<uintptr_t>(result);
+  
+  // Adjust the return memory so it is aligned
+  size_t adjust = 0;
+  if ((ptr & (alignment - 1)) != 0) {
+    adjust = alignment - (ptr & (alignment - 1));
+  }
+  
+  // Return the unused virtual memory to the system
+  if (adjust > 0) {
+    munmap(reinterpret_cast<char*>(ptr), adjust);
+  }
+  if (adjust < extra) {
+    munmap(reinterpret_cast<char*>(ptr + adjust + size), extra - adjust);
+  }
+  
+  ptr += adjust;
+  physmem_base += adjust + size;
+  
+  return reinterpret_cast<void*>(ptr);
+}
+#endif
+
+void* TCMalloc_SystemAlloc(size_t size, size_t *actual_size, size_t alignment) {
+  // Discard requests that overflow
+  if (size + alignment < size) return NULL;
+    
+  SpinLockHolder lock_holder(&spinlock);
+
+  // Enforce minimum alignment
+  if (alignment < sizeof(MemoryAligner)) alignment = sizeof(MemoryAligner);
+
+  // Try twice, once avoiding allocators that failed before, and once
+  // more trying all allocators even if they failed before.
+  for (int i = 0; i < 2; i++) {
+
+#ifndef WTF_CHANGES
+    if (use_devmem && !devmem_failure) {
+      void* result = TryDevMem(size, actual_size, alignment);
+      if (result != NULL) return result;
+    }
+#endif
+    
+#if HAVE(SBRK)
+    if (use_sbrk && !sbrk_failure) {
+      void* result = TrySbrk(size, actual_size, alignment);
+      if (result != NULL) return result;
+    }
+#endif
+
+#if HAVE(MMAP)    
+    if (use_mmap && !mmap_failure) {
+      void* result = TryMmap(size, actual_size, alignment);
+      if (result != NULL) return result;
+    }
+#endif
+
+#if HAVE(VIRTUALALLOC)
+    if (use_VirtualAlloc && !VirtualAlloc_failure) {
+      void* result = TryVirtualAlloc(size, actual_size, alignment);
+      if (result != NULL) return result;
+    }
+#endif
+
+    // nothing worked - reset failure flags and try again
+    devmem_failure = false;
+    sbrk_failure = false;
+    mmap_failure = false;
+    VirtualAlloc_failure = false;
+  }
+  return NULL;
+}
+
+#if HAVE(MADV_FREE_REUSE)
+
+void TCMalloc_SystemRelease(void* start, size_t length)
+{
+    while (madvise(start, length, MADV_FREE_REUSABLE) == -1 && errno == EAGAIN) { }
+}
+
+#elif HAVE(MADV_FREE) || HAVE(MADV_DONTNEED)
+
+void TCMalloc_SystemRelease(void* start, size_t length)
+{
+    // MADV_FREE clears the modified bit on pages, which allows
+    // them to be discarded immediately.
+#if HAVE(MADV_FREE)
+    const int advice = MADV_FREE;
+#else
+    const int advice = MADV_DONTNEED;
+#endif
+  if (FLAGS_malloc_devmem_start) {
+    // It's not safe to use MADV_DONTNEED if we've been mapping
+    // /dev/mem for heap memory
+    return;
+  }
+  if (pagesize == 0) pagesize = getpagesize();
+  const size_t pagemask = pagesize - 1;
+
+  size_t new_start = reinterpret_cast<size_t>(start);
+  size_t end = new_start + length;
+  size_t new_end = end;
+
+  // Round up the starting address and round down the ending address
+  // to be page aligned:
+  new_start = (new_start + pagesize - 1) & ~pagemask;
+  new_end = new_end & ~pagemask;
+
+  ASSERT((new_start & pagemask) == 0);
+  ASSERT((new_end & pagemask) == 0);
+  ASSERT(new_start >= reinterpret_cast<size_t>(start));
+  ASSERT(new_end <= end);
+
+  if (new_end > new_start) {
+    // Note -- ignoring most return codes, because if this fails it
+    // doesn't matter...
+    while (madvise(reinterpret_cast<char*>(new_start), new_end - new_start,
+                   advice) == -1 &&
+           errno == EAGAIN) {
+      // NOP
+    }
+  }
+}
+
+#elif HAVE(MMAP)
+
+void TCMalloc_SystemRelease(void* start, size_t length)
+{
+  void* newAddress = mmap(reinterpret_cast<char*>(start), length, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+  // If the mmap failed then that's ok, we just won't return the memory to the system.
+  ASSERT_UNUSED(newAddress, newAddress == start || newAddress == reinterpret_cast<void*>(MAP_FAILED));
+}
+
+#elif HAVE(VIRTUALALLOC)
+
+void TCMalloc_SystemRelease(void* start, size_t length)
+{
+    if (VirtualFree(start, length, MEM_DECOMMIT))
+        return;
+
+    // The decommit may fail if the memory region consists of allocations
+    // from more than one call to VirtualAlloc.  In this case, fall back to
+    // using VirtualQuery to retrieve the allocation boundaries and decommit
+    // them each individually.
+
+    char* ptr = static_cast<char*>(start);
+    char* end = ptr + length;
+    MEMORY_BASIC_INFORMATION info;
+    while (ptr < end) {
+        size_t resultSize = VirtualQuery(ptr, &info, sizeof(info));
+        ASSERT_UNUSED(resultSize, resultSize == sizeof(info));
+
+        size_t decommitSize = min<size_t>(info.RegionSize, end - ptr);
+        BOOL success = VirtualFree(ptr, decommitSize, MEM_DECOMMIT);
+        ASSERT_UNUSED(success, success);
+        ptr += decommitSize;
+    }
+}
+
+#else
+
+// Platforms that don't support returning memory use an empty inline version of TCMalloc_SystemRelease
+// declared in TCSystemAlloc.h
+
+#endif
+
+#if HAVE(MADV_FREE_REUSE)
+
+void TCMalloc_SystemCommit(void* start, size_t length)
+{
+    while (madvise(start, length, MADV_FREE_REUSE) == -1 && errno == EAGAIN) { }
+}
+
+#elif HAVE(VIRTUALALLOC)
+
+void TCMalloc_SystemCommit(void* start, size_t length)
+{
+    if (VirtualAlloc(start, length, MEM_COMMIT, PAGE_READWRITE) == start)
+        return;
+
+    // The commit may fail if the memory region consists of allocations
+    // from more than one call to VirtualAlloc.  In this case, fall back to
+    // using VirtualQuery to retrieve the allocation boundaries and commit them
+    // each individually.
+
+    char* ptr = static_cast<char*>(start);
+    char* end = ptr + length;
+    MEMORY_BASIC_INFORMATION info;
+    while (ptr < end) {
+        size_t resultSize = VirtualQuery(ptr, &info, sizeof(info));
+        ASSERT_UNUSED(resultSize, resultSize == sizeof(info));
+
+        size_t commitSize = min<size_t>(info.RegionSize, end - ptr);
+        void* newAddress = VirtualAlloc(ptr, commitSize, MEM_COMMIT, PAGE_READWRITE);
+        ASSERT_UNUSED(newAddress, newAddress == ptr);
+        ptr += commitSize;
+    }
+}
+
+#else
+
+// Platforms that don't need to explicitly commit memory use an empty inline version of TCMalloc_SystemCommit
+// declared in TCSystemAlloc.h
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.h
new file mode 100644
index 000000000..1c677889c
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TCSystemAlloc.h
@@ -0,0 +1,75 @@
+// Copyright (c) 2005, 2007, Google Inc.
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+// 
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// ---
+// Author: Sanjay Ghemawat
+//
+// Routine that uses sbrk/mmap to allocate memory from the system.
+// Useful for implementing malloc.
+
+#ifndef TCMALLOC_SYSTEM_ALLOC_H__
+#define TCMALLOC_SYSTEM_ALLOC_H__
+
+// REQUIRES: "alignment" is a power of two or "0" to indicate default alignment
+//
+// Allocate and return "N" bytes of zeroed memory.
+//
+// If actual_bytes is NULL then the returned memory is exactly the
+// requested size.  If actual bytes is non-NULL then the allocator
+// may optionally return more bytes than asked for (i.e. return an
+// entire "huge" page if a huge page allocator is in use).
+//
+// The returned pointer is a multiple of "alignment" if non-zero.
+//
+// Returns NULL when out of memory.
+extern void* TCMalloc_SystemAlloc(size_t bytes, size_t *actual_bytes,
+                                  size_t alignment = 0);
+
+// This call is a hint to the operating system that the pages
+// contained in the specified range of memory will not be used for a
+// while, and can be released for use by other processes or the OS.
+// Pages which are released in this way may be destroyed (zeroed) by
+// the OS.  The benefit of this function is that it frees memory for
+// use by the system, the cost is that the pages are faulted back into
+// the address space next time they are touched, which can impact
+// performance.  (Only pages fully covered by the memory region will
+// be released, partial pages will not.)
+extern void TCMalloc_SystemRelease(void* start, size_t length);
+
+extern void TCMalloc_SystemCommit(void* start, size_t length);
+
+#if !HAVE(MADV_FREE_REUSE) && !HAVE(MADV_DONTNEED) && !HAVE(MMAP) && !HAVE(VIRTUALALLOC)
+inline void TCMalloc_SystemRelease(void*, size_t) { }
+#endif
+
+#if !HAVE(VIRTUALALLOC) && !HAVE(MADV_FREE_REUSE)
+inline void TCMalloc_SystemCommit(void*, size_t) { }
+#endif
+
+#endif /* TCMALLOC_SYSTEM_ALLOC_H__ */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecific.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecific.h
new file mode 100644
index 000000000..b6f5fd3c8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecific.h
@@ -0,0 +1,272 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Jian Li <jianli@chromium.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Thread local storage is implemented by using either pthread API or Windows
+ * native API. There is subtle semantic discrepancy for the cleanup function
+ * implementation as noted below:
+ *   @ In pthread implementation, the destructor function will be called
+ *     repeatedly if there is still non-NULL value associated with the function.
+ *   @ In Windows native implementation, the destructor function will be called
+ *     only once.
+ * This semantic discrepancy does not impose any problem because nowhere in
+ * WebKit the repeated call bahavior is utilized.
+ */
+
+#ifndef WTF_ThreadSpecific_h
+#define WTF_ThreadSpecific_h
+
+#include <wtf/Noncopyable.h>
+
+#if USE(PTHREADS)
+#include <pthread.h>
+#elif PLATFORM(QT)
+#include <QThreadStorage>
+#elif PLATFORM(WIN_OS)
+#include <windows.h>
+#endif
+
+namespace WTF {
+
+#if !USE(PTHREADS) && !PLATFORM(QT) && PLATFORM(WIN_OS)
+// ThreadSpecificThreadExit should be called each time when a thread is detached.
+// This is done automatically for threads created with WTF::createThread.
+void ThreadSpecificThreadExit();
+#endif
+
+template<typename T> class ThreadSpecific : public Noncopyable {
+public:
+    ThreadSpecific();
+    T* operator->();
+    operator T*();
+    T& operator*();
+    ~ThreadSpecific();
+
+private:
+#if !USE(PTHREADS) && !PLATFORM(QT) && PLATFORM(WIN_OS)
+    friend void ThreadSpecificThreadExit();
+#endif
+    
+    T* get();
+    void set(T*);
+    void static destroy(void* ptr);
+
+#if USE(PTHREADS) || PLATFORM(QT) || PLATFORM(WIN_OS)
+    struct Data : Noncopyable {
+        Data(T* value, ThreadSpecific<T>* owner) : value(value), owner(owner) {}
+#if PLATFORM(QT)
+        ~Data() { owner->destroy(this); }
+#endif
+
+        T* value;
+        ThreadSpecific<T>* owner;
+#if !USE(PTHREADS) && !PLATFORM(QT)
+        void (*destructor)(void*);
+#endif
+    };
+#endif
+
+#if USE(PTHREADS)
+    pthread_key_t m_key;
+#elif PLATFORM(QT)
+    QThreadStorage<Data*> m_key;
+#elif PLATFORM(WIN_OS)
+    int m_index;
+#endif
+};
+
+#if USE(PTHREADS)
+template<typename T>
+inline ThreadSpecific<T>::ThreadSpecific()
+{
+    int error = pthread_key_create(&m_key, destroy);
+    if (error)
+        CRASH();
+}
+
+template<typename T>
+inline ThreadSpecific<T>::~ThreadSpecific()
+{
+    pthread_key_delete(m_key); // Does not invoke destructor functions.
+}
+
+template<typename T>
+inline T* ThreadSpecific<T>::get()
+{
+    Data* data = static_cast<Data*>(pthread_getspecific(m_key));
+    return data ? data->value : 0;
+}
+
+template<typename T>
+inline void ThreadSpecific<T>::set(T* ptr)
+{
+    ASSERT(!get());
+    pthread_setspecific(m_key, new Data(ptr, this));
+}
+
+#elif PLATFORM(QT)
+
+template<typename T>
+inline ThreadSpecific<T>::ThreadSpecific()
+{
+}
+
+template<typename T>
+inline ThreadSpecific<T>::~ThreadSpecific()
+{
+    // Does not invoke destructor functions. QThreadStorage will do it
+}
+
+template<typename T>
+inline T* ThreadSpecific<T>::get()
+{
+    Data* data = static_cast<Data*>(m_key.localData());
+    return data ? data->value : 0;
+}
+
+template<typename T>
+inline void ThreadSpecific<T>::set(T* ptr)
+{
+    ASSERT(!get());
+    Data* data = new Data(ptr, this);
+    m_key.setLocalData(data);
+}
+
+#elif PLATFORM(WIN_OS)
+
+// The maximum number of TLS keys that can be created. For simplification, we assume that:
+// 1) Once the instance of ThreadSpecific<> is created, it will not be destructed until the program dies.
+// 2) We do not need to hold many instances of ThreadSpecific<> data. This fixed number should be far enough.
+const int kMaxTlsKeySize = 256;
+
+long& tlsKeyCount();
+DWORD* tlsKeys();
+
+template<typename T>
+inline ThreadSpecific<T>::ThreadSpecific()
+    : m_index(-1)
+{
+    DWORD tls_key = TlsAlloc();
+    if (tls_key == TLS_OUT_OF_INDEXES)
+        CRASH();
+
+    m_index = InterlockedIncrement(&tlsKeyCount()) - 1;
+    if (m_index >= kMaxTlsKeySize)
+        CRASH();
+    tlsKeys()[m_index] = tls_key;
+}
+
+template<typename T>
+inline ThreadSpecific<T>::~ThreadSpecific()
+{
+    // Does not invoke destructor functions. They will be called from ThreadSpecificThreadExit when the thread is detached.
+    TlsFree(tlsKeys()[m_index]);
+}
+
+template<typename T>
+inline T* ThreadSpecific<T>::get()
+{
+    Data* data = static_cast<Data*>(TlsGetValue(tlsKeys()[m_index]));
+    return data ? data->value : 0;
+}
+
+template<typename T>
+inline void ThreadSpecific<T>::set(T* ptr)
+{
+    ASSERT(!get());
+    Data* data = new Data(ptr, this);
+    data->destructor = &ThreadSpecific<T>::destroy;
+    TlsSetValue(tlsKeys()[m_index], data);
+}
+
+#else
+#error ThreadSpecific is not implemented for this platform.
+#endif
+
+template<typename T>
+inline void ThreadSpecific<T>::destroy(void* ptr)
+{
+    Data* data = static_cast<Data*>(ptr);
+
+#if USE(PTHREADS)
+    // We want get() to keep working while data destructor works, because it can be called indirectly by the destructor.
+    // Some pthreads implementations zero out the pointer before calling destroy(), so we temporarily reset it.
+    pthread_setspecific(data->owner->m_key, ptr);
+#endif
+#if PLATFORM(QT)
+    // See comment as above
+    data->owner->m_key.setLocalData(data);
+#endif
+
+    data->value->~T();
+    fastFree(data->value);
+
+#if USE(PTHREADS)
+    pthread_setspecific(data->owner->m_key, 0);
+#elif PLATFORM(QT)
+    // Do nothing here
+#elif PLATFORM(WIN_OS)
+    TlsSetValue(tlsKeys()[data->owner->m_index], 0);
+#else
+#error ThreadSpecific is not implemented for this platform.
+#endif
+
+#if !PLATFORM(QT)
+    delete data;
+#endif
+}
+
+template<typename T>
+inline ThreadSpecific<T>::operator T*()
+{
+    T* ptr = static_cast<T*>(get());
+    if (!ptr) {
+        // Set up thread-specific value's memory pointer before invoking constructor, in case any function it calls
+        // needs to access the value, to avoid recursion.
+        ptr = static_cast<T*>(fastMalloc(sizeof(T)));
+        set(ptr);
+        new (ptr) T;
+    }
+    return ptr;
+}
+
+template<typename T>
+inline T* ThreadSpecific<T>::operator->()
+{
+    return operator T*();
+}
+
+template<typename T>
+inline T& ThreadSpecific<T>::operator*()
+{
+    return *operator T*();
+}
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecificWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecificWin.cpp
new file mode 100644
index 000000000..f2c0cad95
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadSpecificWin.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2009 Jian Li <jianli@chromium.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+
+#include "ThreadSpecific.h"
+#include <wtf/Noncopyable.h>
+
+#if USE(PTHREADS)
+#error This file should not be compiled by ports that do not use Windows native ThreadSpecific implementation.
+#endif
+
+namespace WTF {
+
+long& tlsKeyCount()
+{
+    static long count;
+    return count;
+}
+
+DWORD* tlsKeys()
+{
+    static DWORD keys[kMaxTlsKeySize];
+    return keys;
+}
+
+void ThreadSpecificThreadExit()
+{
+    for (long i = 0; i < tlsKeyCount(); i++) {
+        // The layout of ThreadSpecific<T>::Data does not depend on T. So we are safe to do the static cast to ThreadSpecific<int> in order to access its data member.
+        ThreadSpecific<int>::Data* data = static_cast<ThreadSpecific<int>::Data*>(TlsGetValue(tlsKeys()[i]));
+        if (data)
+            data->destructor(data);
+    }
+}
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.cpp
new file mode 100644
index 000000000..56bf43814
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.cpp
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Threading.h"
+
+#include <string.h>
+
+namespace WTF {
+
+struct NewThreadContext : FastAllocBase {
+    NewThreadContext(ThreadFunction entryPoint, void* data, const char* name)
+        : entryPoint(entryPoint)
+        , data(data)
+        , name(name)
+    {
+    }
+
+    ThreadFunction entryPoint;
+    void* data;
+    const char* name;
+
+    Mutex creationMutex;
+};
+
+static void* threadEntryPoint(void* contextData)
+{
+    NewThreadContext* context = reinterpret_cast<NewThreadContext*>(contextData);
+
+    setThreadNameInternal(context->name);
+
+    // Block until our creating thread has completed any extra setup work
+    {
+        MutexLocker locker(context->creationMutex);
+    }
+
+    // Grab the info that we need out of the context, then deallocate it.
+    ThreadFunction entryPoint = context->entryPoint;
+    void* data = context->data;
+    delete context;
+
+    return entryPoint(data);
+}
+
+ThreadIdentifier createThread(ThreadFunction entryPoint, void* data, const char* name)
+{
+    // Visual Studio has a 31-character limit on thread names. Longer names will
+    // be truncated silently, but we'd like callers to know about the limit.
+#if !LOG_DISABLED
+    if (strlen(name) > 31)
+        LOG_ERROR("Thread name \"%s\" is longer than 31 characters and will be truncated by Visual Studio", name);
+#endif
+
+    NewThreadContext* context = new NewThreadContext(entryPoint, data, name);
+
+    // Prevent the thread body from executing until we've established the thread identifier
+    MutexLocker locker(context->creationMutex);
+
+    return createThreadInternal(threadEntryPoint, context, name);
+}
+
+#if PLATFORM(MAC) || PLATFORM(WIN)
+
+// This function is deprecated but needs to be kept around for backward
+// compatibility. Use the 3-argument version of createThread above.
+
+ThreadIdentifier createThread(ThreadFunction entryPoint, void* data);
+
+ThreadIdentifier createThread(ThreadFunction entryPoint, void* data)
+{
+    return createThread(entryPoint, data, 0);
+}
+#endif
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h
new file mode 100644
index 000000000..515454517
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *
+ * Note: The implementations of InterlockedIncrement and InterlockedDecrement are based
+ * on atomic_increment and atomic_exchange_and_add from the Boost C++ Library. The license
+ * is virtually identical to the Apple license above but is included here for completeness.
+ *
+ * Boost Software License - Version 1.0 - August 17th, 2003
+ * 
+ * Permission is hereby granted, free of charge, to any person or organization
+ * obtaining a copy of the software and accompanying documentation covered by
+ * this license (the "Software") to use, reproduce, display, distribute,
+ * execute, and transmit the Software, and to prepare derivative works of the
+ * Software, and to permit third-parties to whom the Software is furnished to
+ * do so, all subject to the following:
+ * 
+ * The copyright notices in the Software and this entire statement, including
+ * the above license grant, this restriction and the following disclaimer,
+ * must be included in all copies of the Software, in whole or in part, and
+ * all derivative works of the Software, unless such copies or derivative
+ * works are solely in the form of machine-executable object code generated by
+ * a source language processor.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+ * SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+ * FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef Threading_h
+#define Threading_h
+
+#include "Platform.h"
+
+#if PLATFORM(WINCE)
+#include <windows.h>
+#endif
+
+#include <wtf/Assertions.h>
+#include <wtf/Locker.h>
+#include <wtf/Noncopyable.h>
+
+#if PLATFORM(WIN_OS) && !PLATFORM(WINCE)
+#include <windows.h>
+#elif PLATFORM(DARWIN)
+#include <libkern/OSAtomic.h>
+#elif COMPILER(GCC)
+#if (__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 2))
+#include <ext/atomicity.h>
+#else
+#include <bits/atomicity.h>
+#endif
+#endif
+
+#if USE(PTHREADS)
+#include <pthread.h>
+#elif PLATFORM(GTK)
+#include <wtf/GOwnPtr.h>
+typedef struct _GMutex GMutex;
+typedef struct _GCond GCond;
+#endif
+
+#if PLATFORM(QT)
+#include <qglobal.h>
+QT_BEGIN_NAMESPACE
+class QMutex;
+class QWaitCondition;
+QT_END_NAMESPACE
+#endif
+
+#include <stdint.h>
+
+// For portability, we do not use thread-safe statics natively supported by some compilers (e.g. gcc).
+#define AtomicallyInitializedStatic(T, name) \
+    WTF::lockAtomicallyInitializedStaticMutex(); \
+    static T name; \
+    WTF::unlockAtomicallyInitializedStaticMutex();
+
+namespace WTF {
+
+typedef uint32_t ThreadIdentifier;
+typedef void* (*ThreadFunction)(void* argument);
+
+// Returns 0 if thread creation failed.
+// The thread name must be a literal since on some platforms it's passed in to the thread.
+ThreadIdentifier createThread(ThreadFunction, void*, const char* threadName);
+
+// Internal platform-specific createThread implementation.
+ThreadIdentifier createThreadInternal(ThreadFunction, void*, const char* threadName);
+
+// Called in the thread during initialization.
+// Helpful for platforms where the thread name must be set from within the thread.
+void setThreadNameInternal(const char* threadName);
+
+ThreadIdentifier currentThread();
+bool isMainThread();
+int waitForThreadCompletion(ThreadIdentifier, void**);
+void detachThread(ThreadIdentifier);
+
+#if USE(PTHREADS)
+typedef pthread_mutex_t PlatformMutex;
+typedef pthread_rwlock_t PlatformReadWriteLock;
+typedef pthread_cond_t PlatformCondition;
+#elif PLATFORM(GTK)
+typedef GOwnPtr<GMutex> PlatformMutex;
+typedef void* PlatformReadWriteLock; // FIXME: Implement.
+typedef GOwnPtr<GCond> PlatformCondition;
+#elif PLATFORM(QT)
+typedef QT_PREPEND_NAMESPACE(QMutex)* PlatformMutex;
+typedef void* PlatformReadWriteLock; // FIXME: Implement.
+typedef QT_PREPEND_NAMESPACE(QWaitCondition)* PlatformCondition;
+#elif PLATFORM(WIN_OS)
+struct PlatformMutex {
+    CRITICAL_SECTION m_internalMutex;
+    size_t m_recursionCount;
+};
+typedef void* PlatformReadWriteLock; // FIXME: Implement.
+struct PlatformCondition {
+    size_t m_waitersGone;
+    size_t m_waitersBlocked;
+    size_t m_waitersToUnblock; 
+    HANDLE m_blockLock;
+    HANDLE m_blockQueue;
+    HANDLE m_unblockLock;
+
+    bool timedWait(PlatformMutex&, DWORD durationMilliseconds);
+    void signal(bool unblockAll);
+};
+#else
+typedef void* PlatformMutex;
+typedef void* PlatformReadWriteLock;
+typedef void* PlatformCondition;
+#endif
+    
+class Mutex : public Noncopyable {
+public:
+    Mutex();
+    ~Mutex();
+
+    void lock();
+    bool tryLock();
+    void unlock();
+
+public:
+    PlatformMutex& impl() { return m_mutex; }
+private:
+    PlatformMutex m_mutex;
+};
+
+typedef Locker<Mutex> MutexLocker;
+
+class ReadWriteLock : public Noncopyable {
+public:
+    ReadWriteLock();
+    ~ReadWriteLock();
+
+    void readLock();
+    bool tryReadLock();
+
+    void writeLock();
+    bool tryWriteLock();
+    
+    void unlock();
+
+private:
+    PlatformReadWriteLock m_readWriteLock;
+};
+
+class ThreadCondition : public Noncopyable {
+public:
+    ThreadCondition();
+    ~ThreadCondition();
+    
+    void wait(Mutex& mutex);
+    // Returns true if the condition was signaled before absoluteTime, false if the absoluteTime was reached or is in the past.
+    // The absoluteTime is in seconds, starting on January 1, 1970. The time is assumed to use the same time zone as WTF::currentTime().
+    bool timedWait(Mutex&, double absoluteTime);
+    void signal();
+    void broadcast();
+    
+private:
+    PlatformCondition m_condition;
+};
+
+#if PLATFORM(WIN_OS)
+#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
+
+#if COMPILER(MINGW) || COMPILER(MSVC7) || PLATFORM(WINCE)
+inline int atomicIncrement(int* addend) { return InterlockedIncrement(reinterpret_cast<long*>(addend)); }
+inline int atomicDecrement(int* addend) { return InterlockedDecrement(reinterpret_cast<long*>(addend)); }
+#else
+inline int atomicIncrement(int volatile* addend) { return InterlockedIncrement(reinterpret_cast<long volatile*>(addend)); }
+inline int atomicDecrement(int volatile* addend) { return InterlockedDecrement(reinterpret_cast<long volatile*>(addend)); }
+#endif
+
+#elif PLATFORM(DARWIN)
+#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
+
+inline int atomicIncrement(int volatile* addend) { return OSAtomicIncrement32Barrier(const_cast<int*>(addend)); }
+inline int atomicDecrement(int volatile* addend) { return OSAtomicDecrement32Barrier(const_cast<int*>(addend)); }
+
+#elif COMPILER(GCC) && !PLATFORM(SPARC64) // sizeof(_Atomic_word) != sizeof(int) on sparc64 gcc
+#define WTF_USE_LOCKFREE_THREADSAFESHARED 1
+
+inline int atomicIncrement(int volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, 1) + 1; }
+inline int atomicDecrement(int volatile* addend) { return __gnu_cxx::__exchange_and_add(addend, -1) - 1; }
+
+#endif
+
+class ThreadSafeSharedBase : public Noncopyable {
+public:
+    ThreadSafeSharedBase(int initialRefCount = 1)
+        : m_refCount(initialRefCount)
+    {
+    }
+
+    void ref()
+    {
+#if USE(LOCKFREE_THREADSAFESHARED)
+        atomicIncrement(&m_refCount);
+#else
+        MutexLocker locker(m_mutex);
+        ++m_refCount;
+#endif
+    }
+
+    bool hasOneRef()
+    {
+        return refCount() == 1;
+    }
+
+    int refCount() const
+    {
+#if !USE(LOCKFREE_THREADSAFESHARED)
+        MutexLocker locker(m_mutex);
+#endif
+        return static_cast<int const volatile &>(m_refCount);
+    }
+
+protected:
+    // Returns whether the pointer should be freed or not.
+    bool derefBase()
+    {
+#if USE(LOCKFREE_THREADSAFESHARED)
+        if (atomicDecrement(&m_refCount) <= 0)
+            return true;
+#else
+        int refCount;
+        {
+            MutexLocker locker(m_mutex);
+            --m_refCount;
+            refCount = m_refCount;
+        }
+        if (refCount <= 0)
+            return true;
+#endif
+        return false;
+    }
+
+private:
+    template<class T>
+    friend class CrossThreadRefCounted;
+
+    int m_refCount;
+#if !USE(LOCKFREE_THREADSAFESHARED)
+    mutable Mutex m_mutex;
+#endif
+};
+
+template<class T> class ThreadSafeShared : public ThreadSafeSharedBase {
+public:
+    ThreadSafeShared(int initialRefCount = 1)
+        : ThreadSafeSharedBase(initialRefCount)
+    {
+    }
+
+    void deref()
+    {
+        if (derefBase())
+            delete static_cast<T*>(this);
+    }
+};
+
+// This function must be called from the main thread. It is safe to call it repeatedly.
+// Darwin is an exception to this rule: it is OK to call it from any thread, the only requirement is that the calls are not reentrant.
+void initializeThreading();
+
+void lockAtomicallyInitializedStaticMutex();
+void unlockAtomicallyInitializedStaticMutex();
+
+} // namespace WTF
+
+using WTF::Mutex;
+using WTF::MutexLocker;
+using WTF::ThreadCondition;
+using WTF::ThreadIdentifier;
+using WTF::ThreadSafeShared;
+
+#if USE(LOCKFREE_THREADSAFESHARED)
+using WTF::atomicDecrement;
+using WTF::atomicIncrement;
+#endif
+
+using WTF::createThread;
+using WTF::currentThread;
+using WTF::isMainThread;
+using WTF::detachThread;
+using WTF::waitForThreadCompletion;
+
+#endif // Threading_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingNone.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingNone.cpp
new file mode 100644
index 000000000..46f23d211
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingNone.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Threading.h"
+
+namespace WTF {
+
+void initializeThreading() { }
+ThreadIdentifier createThreadInternal(ThreadFunction, void*, const char*) { return ThreadIdentifier(); }
+void setThreadNameInternal(const char*) { }
+int waitForThreadCompletion(ThreadIdentifier, void**) { return 0; }
+void detachThread(ThreadIdentifier) { }
+ThreadIdentifier currentThread() { return ThreadIdentifier(); }
+bool isMainThread() { return true; }
+
+Mutex::Mutex() { }
+Mutex::~Mutex() { }
+void Mutex::lock() { }
+bool Mutex::tryLock() { return false; }
+void Mutex::unlock() { }
+
+ThreadCondition::ThreadCondition() { }
+ThreadCondition::~ThreadCondition() { }
+void ThreadCondition::wait(Mutex&) { }
+bool ThreadCondition::timedWait(Mutex&, double) { return false; }
+void ThreadCondition::signal() { }
+void ThreadCondition::broadcast() { }
+
+void lockAtomicallyInitializedStaticMutex() { }
+void unlockAtomicallyInitializedStaticMutex() { }
+
+} // namespace WebCore
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingPthreads.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingPthreads.cpp
new file mode 100644
index 000000000..e4fb4198d
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingPthreads.cpp
@@ -0,0 +1,378 @@
+/*
+ * Copyright (C) 2007, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Threading.h"
+
+#if USE(PTHREADS)
+
+#include "CurrentTime.h"
+#include "HashMap.h"
+#include "MainThread.h"
+#include "RandomNumberSeed.h"
+#include "StdLibExtras.h"
+#include "UnusedParam.h"
+#include <errno.h>
+
+#if !COMPILER(MSVC)
+#include <limits.h>
+#include <sys/time.h>
+#endif
+
+#if PLATFORM(ANDROID)
+#include "jni_utility.h"
+#endif
+
+namespace WTF {
+
+typedef HashMap<ThreadIdentifier, pthread_t> ThreadMap;
+
+static Mutex* atomicallyInitializedStaticMutex;
+
+#if !PLATFORM(DARWIN) || PLATFORM(CHROMIUM)
+static ThreadIdentifier mainThreadIdentifier; // The thread that was the first to call initializeThreading(), which must be the main thread.
+#endif
+
+static Mutex& threadMapMutex()
+{
+    DEFINE_STATIC_LOCAL(Mutex, mutex, ());
+    return mutex;
+}
+
+void initializeThreading()
+{
+    if (!atomicallyInitializedStaticMutex) {
+        atomicallyInitializedStaticMutex = new Mutex;
+        threadMapMutex();
+        initializeRandomNumberGenerator();
+#if !PLATFORM(DARWIN) || PLATFORM(CHROMIUM)
+        mainThreadIdentifier = currentThread();
+#endif
+        initializeMainThread();
+    }
+}
+
+void lockAtomicallyInitializedStaticMutex()
+{
+    ASSERT(atomicallyInitializedStaticMutex);
+    atomicallyInitializedStaticMutex->lock();
+}
+
+void unlockAtomicallyInitializedStaticMutex()
+{
+    atomicallyInitializedStaticMutex->unlock();
+}
+
+static ThreadMap& threadMap()
+{
+    DEFINE_STATIC_LOCAL(ThreadMap, map, ());
+    return map;
+}
+
+static ThreadIdentifier identifierByPthreadHandle(const pthread_t& pthreadHandle)
+{
+    MutexLocker locker(threadMapMutex());
+
+    ThreadMap::iterator i = threadMap().begin();
+    for (; i != threadMap().end(); ++i) {
+        if (pthread_equal(i->second, pthreadHandle))
+            return i->first;
+    }
+
+    return 0;
+}
+
+static ThreadIdentifier establishIdentifierForPthreadHandle(pthread_t& pthreadHandle)
+{
+    ASSERT(!identifierByPthreadHandle(pthreadHandle));
+
+    MutexLocker locker(threadMapMutex());
+
+    static ThreadIdentifier identifierCount = 1;
+
+    threadMap().add(identifierCount, pthreadHandle);
+
+    return identifierCount++;
+}
+
+static pthread_t pthreadHandleForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+
+    return threadMap().get(id);
+}
+
+static void clearPthreadHandleForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+
+    ASSERT(threadMap().contains(id));
+
+    threadMap().remove(id);
+}
+
+#if PLATFORM(ANDROID)
+// On the Android platform, threads must be registered with the VM before they run.
+struct ThreadData {
+    ThreadFunction entryPoint;
+    void* arg;
+};
+
+static void* runThreadWithRegistration(void* arg)
+{
+    ThreadData* data = static_cast<ThreadData*>(arg);
+    JavaVM* vm = JSC::Bindings::getJavaVM();
+    JNIEnv* env;
+    void* ret = 0;
+    if (vm->AttachCurrentThread(&env, 0) == JNI_OK) {
+        ret = data->entryPoint(data->arg);
+        vm->DetachCurrentThread();
+    }
+    delete data;
+    return ret;
+}
+
+ThreadIdentifier createThreadInternal(ThreadFunction entryPoint, void* data, const char*)
+{
+    pthread_t threadHandle;
+    ThreadData* threadData = new ThreadData();
+    threadData->entryPoint = entryPoint;
+    threadData->arg = data;
+
+    if (pthread_create(&threadHandle, 0, runThreadWithRegistration, static_cast<void*>(threadData))) {
+        LOG_ERROR("Failed to create pthread at entry point %p with data %p", entryPoint, data);
+        return 0;
+    }
+    return establishIdentifierForPthreadHandle(threadHandle);
+}
+#else
+ThreadIdentifier createThreadInternal(ThreadFunction entryPoint, void* data, const char*)
+{
+    pthread_t threadHandle;
+    if (pthread_create(&threadHandle, 0, entryPoint, data)) {
+        LOG_ERROR("Failed to create pthread at entry point %p with data %p", entryPoint, data);
+        return 0;
+    }
+
+    return establishIdentifierForPthreadHandle(threadHandle);
+}
+#endif
+
+void setThreadNameInternal(const char* threadName)
+{
+#if HAVE(PTHREAD_SETNAME_NP)
+    pthread_setname_np(threadName);
+#else
+    UNUSED_PARAM(threadName);
+#endif
+}
+
+int waitForThreadCompletion(ThreadIdentifier threadID, void** result)
+{
+    ASSERT(threadID);
+
+    pthread_t pthreadHandle = pthreadHandleForIdentifier(threadID);
+
+    int joinResult = pthread_join(pthreadHandle, result);
+    if (joinResult == EDEADLK)
+        LOG_ERROR("ThreadIdentifier %u was found to be deadlocked trying to quit", threadID);
+
+    clearPthreadHandleForIdentifier(threadID);
+    return joinResult;
+}
+
+void detachThread(ThreadIdentifier threadID)
+{
+    ASSERT(threadID);
+
+    pthread_t pthreadHandle = pthreadHandleForIdentifier(threadID);
+
+    pthread_detach(pthreadHandle);
+
+    clearPthreadHandleForIdentifier(threadID);
+}
+
+ThreadIdentifier currentThread()
+{
+    pthread_t currentThread = pthread_self();
+    if (ThreadIdentifier id = identifierByPthreadHandle(currentThread))
+        return id;
+    return establishIdentifierForPthreadHandle(currentThread);
+}
+
+bool isMainThread()
+{
+#if PLATFORM(DARWIN) && !PLATFORM(CHROMIUM)
+    return pthread_main_np();
+#else
+    return currentThread() == mainThreadIdentifier;
+#endif
+}
+
+Mutex::Mutex()
+{
+    pthread_mutex_init(&m_mutex, NULL);
+}
+
+Mutex::~Mutex()
+{
+    pthread_mutex_destroy(&m_mutex);
+}
+
+void Mutex::lock()
+{
+    int result = pthread_mutex_lock(&m_mutex);
+    ASSERT_UNUSED(result, !result);
+}
+
+bool Mutex::tryLock()
+{
+    int result = pthread_mutex_trylock(&m_mutex);
+
+    if (result == 0)
+        return true;
+    if (result == EBUSY)
+        return false;
+
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+void Mutex::unlock()
+{
+    int result = pthread_mutex_unlock(&m_mutex);
+    ASSERT_UNUSED(result, !result);
+}
+
+
+ReadWriteLock::ReadWriteLock()
+{
+    pthread_rwlock_init(&m_readWriteLock, NULL);
+}
+
+ReadWriteLock::~ReadWriteLock()
+{
+    pthread_rwlock_destroy(&m_readWriteLock);
+}
+
+void ReadWriteLock::readLock()
+{
+    int result = pthread_rwlock_rdlock(&m_readWriteLock);
+    ASSERT_UNUSED(result, !result);
+}
+
+bool ReadWriteLock::tryReadLock()
+{
+    int result = pthread_rwlock_tryrdlock(&m_readWriteLock);
+
+    if (result == 0)
+        return true;
+    if (result == EBUSY || result == EAGAIN)
+        return false;
+
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+void ReadWriteLock::writeLock()
+{
+    int result = pthread_rwlock_wrlock(&m_readWriteLock);
+    ASSERT_UNUSED(result, !result);
+}
+
+bool ReadWriteLock::tryWriteLock()
+{
+    int result = pthread_rwlock_trywrlock(&m_readWriteLock);
+
+    if (result == 0)
+        return true;
+    if (result == EBUSY || result == EAGAIN)
+        return false;
+
+    ASSERT_NOT_REACHED();
+    return false;
+}
+
+void ReadWriteLock::unlock()
+{
+    int result = pthread_rwlock_unlock(&m_readWriteLock);
+    ASSERT_UNUSED(result, !result);
+}
+
+ThreadCondition::ThreadCondition()
+{ 
+    pthread_cond_init(&m_condition, NULL);
+}
+
+ThreadCondition::~ThreadCondition()
+{
+    pthread_cond_destroy(&m_condition);
+}
+    
+void ThreadCondition::wait(Mutex& mutex)
+{
+    int result = pthread_cond_wait(&m_condition, &mutex.impl());
+    ASSERT_UNUSED(result, !result);
+}
+
+bool ThreadCondition::timedWait(Mutex& mutex, double absoluteTime)
+{
+    if (absoluteTime < currentTime())
+        return false;
+
+    if (absoluteTime > INT_MAX) {
+        wait(mutex);
+        return true;
+    }
+
+    int timeSeconds = static_cast<int>(absoluteTime);
+    int timeNanoseconds = static_cast<int>((absoluteTime - timeSeconds) * 1E9);
+
+    timespec targetTime;
+    targetTime.tv_sec = timeSeconds;
+    targetTime.tv_nsec = timeNanoseconds;
+
+    return pthread_cond_timedwait(&m_condition, &mutex.impl(), &targetTime) == 0;
+}
+
+void ThreadCondition::signal()
+{
+    int result = pthread_cond_signal(&m_condition);
+    ASSERT_UNUSED(result, !result);
+}
+
+void ThreadCondition::broadcast()
+{
+    int result = pthread_cond_broadcast(&m_condition);
+    ASSERT_UNUSED(result, !result);
+}
+
+} // namespace WTF
+
+#endif // USE(PTHREADS)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingWin.cpp
new file mode 100644
index 000000000..cccbda14e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/ThreadingWin.cpp
@@ -0,0 +1,493 @@
+/*
+ * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ * Copyright (C) 2009 Torch Mobile, Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * There are numerous academic and practical works on how to implement pthread_cond_wait/pthread_cond_signal/pthread_cond_broadcast
+ * functions on Win32. Here is one example: http://www.cs.wustl.edu/~schmidt/win32-cv-1.html which is widely credited as a 'starting point'
+ * of modern attempts. There are several more or less proven implementations, one in Boost C++ library (http://www.boost.org) and another
+ * in pthreads-win32 (http://sourceware.org/pthreads-win32/).
+ *
+ * The number of articles and discussions is the evidence of significant difficulties in implementing these primitives correctly.
+ * The brief search of revisions, ChangeLog entries, discussions in comp.programming.threads and other places clearly documents
+ * numerous pitfalls and performance problems the authors had to overcome to arrive to the suitable implementations.
+ * Optimally, WebKit would use one of those supported/tested libraries directly. To roll out our own implementation is impractical,
+ * if even for the lack of sufficient testing. However, a faithful reproduction of the code from one of the popular supported
+ * libraries seems to be a good compromise.
+ *
+ * The early Boost implementation (http://www.boxbackup.org/trac/browser/box/nick/win/lib/win32/boost_1_32_0/libs/thread/src/condition.cpp?rev=30)
+ * is identical to pthreads-win32 (http://sourceware.org/cgi-bin/cvsweb.cgi/pthreads/pthread_cond_wait.c?rev=1.10&content-type=text/x-cvsweb-markup&cvsroot=pthreads-win32).
+ * Current Boost uses yet another (although seemingly equivalent) algorithm which came from their 'thread rewrite' effort.
+ *
+ * This file includes timedWait/signal/broadcast implementations translated to WebKit coding style from the latest algorithm by
+ * Alexander Terekhov and Louis Thomas, as captured here: http://sourceware.org/cgi-bin/cvsweb.cgi/pthreads/pthread_cond_wait.c?rev=1.10&content-type=text/x-cvsweb-markup&cvsroot=pthreads-win32
+ * It replaces the implementation of their previous algorithm, also documented in the same source above.
+ * The naming and comments are left very close to original to enable easy cross-check.
+ *
+ * The corresponding Pthreads-win32 License is included below, and CONTRIBUTORS file which it refers to is added to
+ * source directory (as CONTRIBUTORS.pthreads-win32).
+ */
+
+/*
+ *      Pthreads-win32 - POSIX Threads Library for Win32
+ *      Copyright(C) 1998 John E. Bossom
+ *      Copyright(C) 1999,2005 Pthreads-win32 contributors
+ *
+ *      Contact Email: rpj@callisto.canberra.edu.au
+ *
+ *      The current list of contributors is contained
+ *      in the file CONTRIBUTORS included with the source
+ *      code distribution. The list can also be seen at the
+ *      following World Wide Web location:
+ *      http://sources.redhat.com/pthreads-win32/contributors.html
+ *
+ *      This library is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU Lesser General Public
+ *      License as published by the Free Software Foundation; either
+ *      version 2 of the License, or (at your option) any later version.
+ *
+ *      This library is distributed in the hope that it will be useful,
+ *      but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *      Lesser General Public License for more details.
+ *
+ *      You should have received a copy of the GNU Lesser General Public
+ *      License along with this library in the file COPYING.LIB;
+ *      if not, write to the Free Software Foundation, Inc.,
+ *      59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include "config.h"
+#include "Threading.h"
+
+#include "MainThread.h"
+#if !USE(PTHREADS) && PLATFORM(WIN_OS)
+#include "ThreadSpecific.h"
+#endif
+#if !PLATFORM(WINCE)
+#include <process.h>
+#endif
+#if HAVE(ERRNO_H)
+#include <errno.h>
+#else
+#define NO_ERRNO
+#endif
+#include <windows.h>
+#include <wtf/CurrentTime.h>
+#include <wtf/HashMap.h>
+#include <wtf/MathExtras.h>
+#include <wtf/RandomNumberSeed.h>
+
+namespace WTF {
+
+// MS_VC_EXCEPTION, THREADNAME_INFO, and setThreadNameInternal all come from <http://msdn.microsoft.com/en-us/library/xcb2z8hs.aspx>.
+static const DWORD MS_VC_EXCEPTION = 0x406D1388;
+
+#pragma pack(push, 8)
+typedef struct tagTHREADNAME_INFO {
+    DWORD dwType; // must be 0x1000
+    LPCSTR szName; // pointer to name (in user addr space)
+    DWORD dwThreadID; // thread ID (-1=caller thread)
+    DWORD dwFlags; // reserved for future use, must be zero
+} THREADNAME_INFO;
+#pragma pack(pop)
+
+void setThreadNameInternal(const char* szThreadName)
+{
+    THREADNAME_INFO info;
+    info.dwType = 0x1000;
+    info.szName = szThreadName;
+    info.dwThreadID = GetCurrentThreadId();
+    info.dwFlags = 0;
+
+    __try {
+        RaiseException(MS_VC_EXCEPTION, 0, sizeof(info)/sizeof(ULONG_PTR), reinterpret_cast<ULONG_PTR*>(&info));
+    } __except (EXCEPTION_CONTINUE_EXECUTION) {
+    }
+}
+
+static Mutex* atomicallyInitializedStaticMutex;
+
+void lockAtomicallyInitializedStaticMutex()
+{
+    ASSERT(atomicallyInitializedStaticMutex);
+    atomicallyInitializedStaticMutex->lock();
+}
+
+void unlockAtomicallyInitializedStaticMutex()
+{
+    atomicallyInitializedStaticMutex->unlock();
+}
+
+static ThreadIdentifier mainThreadIdentifier;
+
+static Mutex& threadMapMutex()
+{
+    static Mutex mutex;
+    return mutex;
+}
+
+void initializeThreading()
+{
+    if (!atomicallyInitializedStaticMutex) {
+        atomicallyInitializedStaticMutex = new Mutex;
+        threadMapMutex();
+        initializeRandomNumberGenerator();
+        initializeMainThread();
+        mainThreadIdentifier = currentThread();
+        setThreadNameInternal("Main Thread");
+    }
+}
+
+static HashMap<DWORD, HANDLE>& threadMap()
+{
+    static HashMap<DWORD, HANDLE> map;
+    return map;
+}
+
+static void storeThreadHandleByIdentifier(DWORD threadID, HANDLE threadHandle)
+{
+    MutexLocker locker(threadMapMutex());
+    ASSERT(!threadMap().contains(threadID));
+    threadMap().add(threadID, threadHandle);
+}
+
+static HANDLE threadHandleForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+    return threadMap().get(id);
+}
+
+static void clearThreadHandleForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+    ASSERT(threadMap().contains(id));
+    threadMap().remove(id);
+}
+
+struct ThreadFunctionInvocation {
+    ThreadFunctionInvocation(ThreadFunction function, void* data) : function(function), data(data) {}
+
+    ThreadFunction function;
+    void* data;
+};
+
+static unsigned __stdcall wtfThreadEntryPoint(void* param)
+{
+    ThreadFunctionInvocation invocation = *static_cast<ThreadFunctionInvocation*>(param);
+    delete static_cast<ThreadFunctionInvocation*>(param);
+
+    void* result = invocation.function(invocation.data);
+
+#if !USE(PTHREADS) && PLATFORM(WIN_OS)
+    // Do the TLS cleanup.
+    ThreadSpecificThreadExit();
+#endif
+
+    return reinterpret_cast<unsigned>(result);
+}
+
+ThreadIdentifier createThreadInternal(ThreadFunction entryPoint, void* data, const char* threadName)
+{
+    unsigned threadIdentifier = 0;
+    ThreadIdentifier threadID = 0;
+    ThreadFunctionInvocation* invocation = new ThreadFunctionInvocation(entryPoint, data);
+#if PLATFORM(WINCE)
+    // This is safe on WINCE, since CRT is in the core and innately multithreaded.
+    // On desktop Windows, need to use _beginthreadex (not available on WinCE) if using any CRT functions
+    HANDLE threadHandle = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)wtfThreadEntryPoint, invocation, 0, (LPDWORD)&threadIdentifier);
+#else
+    HANDLE threadHandle = reinterpret_cast<HANDLE>(_beginthreadex(0, 0, wtfThreadEntryPoint, invocation, 0, &threadIdentifier));
+#endif
+    if (!threadHandle) {
+#if PLATFORM(WINCE)
+        LOG_ERROR("Failed to create thread at entry point %p with data %p: %ld", entryPoint, data, ::GetLastError());
+#elif defined(NO_ERRNO)
+        LOG_ERROR("Failed to create thread at entry point %p with data %p.", entryPoint, data);
+#else
+        LOG_ERROR("Failed to create thread at entry point %p with data %p: %ld", entryPoint, data, errno);
+#endif
+        return 0;
+    }
+
+    threadID = static_cast<ThreadIdentifier>(threadIdentifier);
+    storeThreadHandleByIdentifier(threadIdentifier, threadHandle);
+
+    return threadID;
+}
+
+int waitForThreadCompletion(ThreadIdentifier threadID, void** result)
+{
+    ASSERT(threadID);
+    
+    HANDLE threadHandle = threadHandleForIdentifier(threadID);
+    if (!threadHandle)
+        LOG_ERROR("ThreadIdentifier %u did not correspond to an active thread when trying to quit", threadID);
+ 
+    DWORD joinResult = WaitForSingleObject(threadHandle, INFINITE);
+    if (joinResult == WAIT_FAILED)
+        LOG_ERROR("ThreadIdentifier %u was found to be deadlocked trying to quit", threadID);
+
+    CloseHandle(threadHandle);
+    clearThreadHandleForIdentifier(threadID);
+
+    return joinResult;
+}
+
+void detachThread(ThreadIdentifier threadID)
+{
+    ASSERT(threadID);
+
+    HANDLE threadHandle = threadHandleForIdentifier(threadID);
+    if (threadHandle)
+        CloseHandle(threadHandle);
+    clearThreadHandleForIdentifier(threadID);
+}
+
+ThreadIdentifier currentThread()
+{
+    return static_cast<ThreadIdentifier>(GetCurrentThreadId());
+}
+
+bool isMainThread()
+{
+    return currentThread() == mainThreadIdentifier;
+}
+
+Mutex::Mutex()
+{
+    m_mutex.m_recursionCount = 0;
+    InitializeCriticalSection(&m_mutex.m_internalMutex);
+}
+
+Mutex::~Mutex()
+{
+    DeleteCriticalSection(&m_mutex.m_internalMutex);
+}
+
+void Mutex::lock()
+{
+    EnterCriticalSection(&m_mutex.m_internalMutex);
+    ++m_mutex.m_recursionCount;
+}
+    
+bool Mutex::tryLock()
+{
+    // This method is modeled after the behavior of pthread_mutex_trylock,
+    // which will return an error if the lock is already owned by the
+    // current thread.  Since the primitive Win32 'TryEnterCriticalSection'
+    // treats this as a successful case, it changes the behavior of several
+    // tests in WebKit that check to see if the current thread already
+    // owned this mutex (see e.g., IconDatabase::getOrCreateIconRecord)
+    DWORD result = TryEnterCriticalSection(&m_mutex.m_internalMutex);
+    
+    if (result != 0) {       // We got the lock
+        // If this thread already had the lock, we must unlock and
+        // return false so that we mimic the behavior of POSIX's
+        // pthread_mutex_trylock:
+        if (m_mutex.m_recursionCount > 0) {
+            LeaveCriticalSection(&m_mutex.m_internalMutex);
+            return false;
+        }
+
+        ++m_mutex.m_recursionCount;
+        return true;
+    }
+
+    return false;
+}
+
+void Mutex::unlock()
+{
+    --m_mutex.m_recursionCount;
+    LeaveCriticalSection(&m_mutex.m_internalMutex);
+}
+
+bool PlatformCondition::timedWait(PlatformMutex& mutex, DWORD durationMilliseconds)
+{
+    // Enter the wait state.
+    DWORD res = WaitForSingleObject(m_blockLock, INFINITE);
+    ASSERT(res == WAIT_OBJECT_0);
+    ++m_waitersBlocked;
+    res = ReleaseSemaphore(m_blockLock, 1, 0);
+    ASSERT(res);
+
+    LeaveCriticalSection(&mutex.m_internalMutex);
+
+    // Main wait - use timeout.
+    bool timedOut = (WaitForSingleObject(m_blockQueue, durationMilliseconds) == WAIT_TIMEOUT);
+
+    res = WaitForSingleObject(m_unblockLock, INFINITE);
+    ASSERT(res == WAIT_OBJECT_0);
+
+    int signalsLeft = m_waitersToUnblock;
+
+    if (m_waitersToUnblock)
+        --m_waitersToUnblock;
+    else if (++m_waitersGone == (INT_MAX / 2)) { // timeout/canceled or spurious semaphore
+        // timeout or spurious wakeup occured, normalize the m_waitersGone count
+        // this may occur if many calls to wait with a timeout are made and
+        // no call to notify_* is made
+        res = WaitForSingleObject(m_blockLock, INFINITE);
+        ASSERT(res == WAIT_OBJECT_0);
+        m_waitersBlocked -= m_waitersGone;
+        res = ReleaseSemaphore(m_blockLock, 1, 0);
+        ASSERT(res);
+        m_waitersGone = 0;
+    }
+
+    res = ReleaseMutex(m_unblockLock);
+    ASSERT(res);
+
+    if (signalsLeft == 1) {
+        res = ReleaseSemaphore(m_blockLock, 1, 0); // Open the gate.
+        ASSERT(res);
+    }
+
+    EnterCriticalSection (&mutex.m_internalMutex);
+
+    return !timedOut;
+}
+
+void PlatformCondition::signal(bool unblockAll)
+{
+    unsigned signalsToIssue = 0;
+
+    DWORD res = WaitForSingleObject(m_unblockLock, INFINITE);
+    ASSERT(res == WAIT_OBJECT_0);
+
+    if (m_waitersToUnblock) { // the gate is already closed
+        if (!m_waitersBlocked) { // no-op
+            res = ReleaseMutex(m_unblockLock);
+            ASSERT(res);
+            return;
+        }
+
+        if (unblockAll) {
+            signalsToIssue = m_waitersBlocked;
+            m_waitersToUnblock += m_waitersBlocked;
+            m_waitersBlocked = 0;
+        } else {
+            signalsToIssue = 1;
+            ++m_waitersToUnblock;
+            --m_waitersBlocked;
+        }
+    } else if (m_waitersBlocked > m_waitersGone) {
+        res = WaitForSingleObject(m_blockLock, INFINITE); // Close the gate.
+        ASSERT(res == WAIT_OBJECT_0);
+        if (m_waitersGone != 0) {
+            m_waitersBlocked -= m_waitersGone;
+            m_waitersGone = 0;
+        }
+        if (unblockAll) {
+            signalsToIssue = m_waitersBlocked;
+            m_waitersToUnblock = m_waitersBlocked;
+            m_waitersBlocked = 0;
+        } else {
+            signalsToIssue = 1;
+            m_waitersToUnblock = 1;
+            --m_waitersBlocked;
+        }
+    } else { // No-op.
+        res = ReleaseMutex(m_unblockLock);
+        ASSERT(res);
+        return;
+    }
+
+    res = ReleaseMutex(m_unblockLock);
+    ASSERT(res);
+
+    if (signalsToIssue) {
+        res = ReleaseSemaphore(m_blockQueue, signalsToIssue, 0);
+        ASSERT(res);
+    }
+}
+
+static const long MaxSemaphoreCount = static_cast<long>(~0UL >> 1);
+
+ThreadCondition::ThreadCondition()
+{
+    m_condition.m_waitersGone = 0;
+    m_condition.m_waitersBlocked = 0;
+    m_condition.m_waitersToUnblock = 0;
+    m_condition.m_blockLock = CreateSemaphore(0, 1, 1, 0);
+    m_condition.m_blockQueue = CreateSemaphore(0, 0, MaxSemaphoreCount, 0);
+    m_condition.m_unblockLock = CreateMutex(0, 0, 0);
+
+    if (!m_condition.m_blockLock || !m_condition.m_blockQueue || !m_condition.m_unblockLock) {
+        if (m_condition.m_blockLock)
+            CloseHandle(m_condition.m_blockLock);
+        if (m_condition.m_blockQueue)
+            CloseHandle(m_condition.m_blockQueue);
+        if (m_condition.m_unblockLock)
+            CloseHandle(m_condition.m_unblockLock);
+    }
+}
+
+ThreadCondition::~ThreadCondition()
+{
+    CloseHandle(m_condition.m_blockLock);
+    CloseHandle(m_condition.m_blockQueue);
+    CloseHandle(m_condition.m_unblockLock);
+}
+
+void ThreadCondition::wait(Mutex& mutex)
+{
+    m_condition.timedWait(mutex.impl(), INFINITE);
+}
+
+bool ThreadCondition::timedWait(Mutex& mutex, double absoluteTime)
+{
+    double currentTime = WTF::currentTime();
+
+    // Time is in the past - return immediately.
+    if (absoluteTime < currentTime)
+        return false;
+
+    // Time is too far in the future (and would overflow unsigned long) - wait forever.
+    if (absoluteTime - currentTime > static_cast<double>(INT_MAX) / 1000.0) {
+        wait(mutex);
+        return true;
+    }
+
+    double intervalMilliseconds = (absoluteTime - currentTime) * 1000.0;
+    return m_condition.timedWait(mutex.impl(), static_cast<unsigned long>(intervalMilliseconds));
+}
+
+void ThreadCondition::signal()
+{
+    m_condition.signal(false); // Unblock only 1 thread.
+}
+
+void ThreadCondition::broadcast()
+{
+    m_condition.signal(true); // Unblock all threads.
+}
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.cpp
new file mode 100644
index 000000000..36fc6c68f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.cpp
@@ -0,0 +1,120 @@
+ /*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "config.h"
+#include "TypeTraits.h"
+
+#include "Assertions.h"
+
+namespace WTF {
+
+COMPILE_ASSERT(IsInteger<bool>::value, WTF_IsInteger_bool_true);
+COMPILE_ASSERT(IsInteger<char>::value, WTF_IsInteger_char_true);
+COMPILE_ASSERT(IsInteger<signed char>::value, WTF_IsInteger_signed_char_true);
+COMPILE_ASSERT(IsInteger<unsigned char>::value, WTF_IsInteger_unsigned_char_true);
+COMPILE_ASSERT(IsInteger<short>::value, WTF_IsInteger_short_true);
+COMPILE_ASSERT(IsInteger<unsigned short>::value, WTF_IsInteger_unsigned_short_true);
+COMPILE_ASSERT(IsInteger<int>::value, WTF_IsInteger_int_true);
+COMPILE_ASSERT(IsInteger<unsigned int>::value, WTF_IsInteger_unsigned_int_true);
+COMPILE_ASSERT(IsInteger<long>::value, WTF_IsInteger_long_true);
+COMPILE_ASSERT(IsInteger<unsigned long>::value, WTF_IsInteger_unsigned_long_true);
+COMPILE_ASSERT(IsInteger<long long>::value, WTF_IsInteger_long_long_true);
+COMPILE_ASSERT(IsInteger<unsigned long long>::value, WTF_IsInteger_unsigned_long_long_true);
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+COMPILE_ASSERT(IsInteger<wchar_t>::value, WTF_IsInteger_wchar_t_true);
+#endif
+COMPILE_ASSERT(!IsInteger<char*>::value, WTF_IsInteger_char_pointer_false);
+COMPILE_ASSERT(!IsInteger<const char*>::value, WTF_IsInteger_const_char_pointer_false);
+COMPILE_ASSERT(!IsInteger<volatile char*>::value, WTF_IsInteger_volatile_char_pointer_false);
+COMPILE_ASSERT(!IsInteger<double>::value, WTF_IsInteger_double_false);
+COMPILE_ASSERT(!IsInteger<float>::value, WTF_IsInteger_float_false);
+
+COMPILE_ASSERT(IsPod<bool>::value, WTF_IsPod_bool_true);
+COMPILE_ASSERT(IsPod<char>::value, WTF_IsPod_char_true);
+COMPILE_ASSERT(IsPod<signed char>::value, WTF_IsPod_signed_char_true);
+COMPILE_ASSERT(IsPod<unsigned char>::value, WTF_IsPod_unsigned_char_true);
+COMPILE_ASSERT(IsPod<short>::value, WTF_IsPod_short_true);
+COMPILE_ASSERT(IsPod<unsigned short>::value, WTF_IsPod_unsigned_short_true);
+COMPILE_ASSERT(IsPod<int>::value, WTF_IsPod_int_true);
+COMPILE_ASSERT(IsPod<unsigned int>::value, WTF_IsPod_unsigned_int_true);
+COMPILE_ASSERT(IsPod<long>::value, WTF_IsPod_long_true);
+COMPILE_ASSERT(IsPod<unsigned long>::value, WTF_IsPod_unsigned_long_true);
+COMPILE_ASSERT(IsPod<long long>::value, WTF_IsPod_long_long_true);
+COMPILE_ASSERT(IsPod<unsigned long long>::value, WTF_IsPod_unsigned_long_long_true);
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+COMPILE_ASSERT(IsPod<wchar_t>::value, WTF_IsPod_wchar_t_true);
+#endif
+COMPILE_ASSERT(IsPod<char*>::value, WTF_IsPod_char_pointer_true);
+COMPILE_ASSERT(IsPod<const char*>::value, WTF_IsPod_const_char_pointer_true);
+COMPILE_ASSERT(IsPod<volatile char*>::value, WTF_IsPod_volatile_char_pointer_true);
+COMPILE_ASSERT(IsPod<double>::value, WTF_IsPod_double_true);
+COMPILE_ASSERT(IsPod<long double>::value, WTF_IsPod_long_double_true);
+COMPILE_ASSERT(IsPod<float>::value, WTF_IsPod_float_true);
+COMPILE_ASSERT(!IsPod<IsPod<bool> >::value, WTF_IsPod_struct_false);
+
+enum IsConvertibleToIntegerCheck { };
+COMPILE_ASSERT(IsConvertibleToInteger<IsConvertibleToIntegerCheck>::value, WTF_IsConvertibleToInteger_enum_true);
+COMPILE_ASSERT(IsConvertibleToInteger<bool>::value, WTF_IsConvertibleToInteger_bool_true);
+COMPILE_ASSERT(IsConvertibleToInteger<char>::value, WTF_IsConvertibleToInteger_char_true);
+COMPILE_ASSERT(IsConvertibleToInteger<signed char>::value, WTF_IsConvertibleToInteger_signed_char_true);
+COMPILE_ASSERT(IsConvertibleToInteger<unsigned char>::value, WTF_IsConvertibleToInteger_unsigned_char_true);
+COMPILE_ASSERT(IsConvertibleToInteger<short>::value, WTF_IsConvertibleToInteger_short_true);
+COMPILE_ASSERT(IsConvertibleToInteger<unsigned short>::value, WTF_IsConvertibleToInteger_unsigned_short_true);
+COMPILE_ASSERT(IsConvertibleToInteger<int>::value, WTF_IsConvertibleToInteger_int_true);
+COMPILE_ASSERT(IsConvertibleToInteger<unsigned int>::value, WTF_IsConvertibleToInteger_unsigned_int_true);
+COMPILE_ASSERT(IsConvertibleToInteger<long>::value, WTF_IsConvertibleToInteger_long_true);
+COMPILE_ASSERT(IsConvertibleToInteger<unsigned long>::value, WTF_IsConvertibleToInteger_unsigned_long_true);
+COMPILE_ASSERT(IsConvertibleToInteger<long long>::value, WTF_IsConvertibleToInteger_long_long_true);
+COMPILE_ASSERT(IsConvertibleToInteger<unsigned long long>::value, WTF_IsConvertibleToInteger_unsigned_long_long_true);
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+COMPILE_ASSERT(IsConvertibleToInteger<wchar_t>::value, WTF_IsConvertibleToInteger_wchar_t_true);
+#endif
+COMPILE_ASSERT(IsConvertibleToInteger<double>::value, WTF_IsConvertibleToInteger_double_true);
+COMPILE_ASSERT(IsConvertibleToInteger<long double>::value, WTF_IsConvertibleToInteger_long_double_true);
+COMPILE_ASSERT(IsConvertibleToInteger<float>::value, WTF_IsConvertibleToInteger_float_true);
+COMPILE_ASSERT(!IsConvertibleToInteger<char*>::value, WTF_IsConvertibleToInteger_char_pointer_false);
+COMPILE_ASSERT(!IsConvertibleToInteger<const char*>::value, WTF_IsConvertibleToInteger_const_char_pointer_false);
+COMPILE_ASSERT(!IsConvertibleToInteger<volatile char*>::value, WTF_IsConvertibleToInteger_volatile_char_pointer_false);
+COMPILE_ASSERT(!IsConvertibleToInteger<IsConvertibleToInteger<bool> >::value, WTF_IsConvertibleToInteger_struct_false);
+
+COMPILE_ASSERT((IsSameType<bool, bool>::value), WTF_IsSameType_bool_true);
+COMPILE_ASSERT((IsSameType<int*, int*>::value), WTF_IsSameType_int_pointer_true);
+COMPILE_ASSERT((!IsSameType<int, int*>::value), WTF_IsSameType_int_int_pointer_false);
+COMPILE_ASSERT((!IsSameType<bool, const bool>::value), WTF_IsSameType_const_change_false);
+COMPILE_ASSERT((!IsSameType<bool, volatile bool>::value), WTF_IsSameType_volatile_change_false);
+
+COMPILE_ASSERT((IsSameType<bool, RemoveConst<const bool>::Type>::value), WTF_test_RemoveConst_const_bool);
+COMPILE_ASSERT((!IsSameType<bool, RemoveConst<volatile bool>::Type>::value), WTF_test_RemoveConst_volatile_bool);
+
+COMPILE_ASSERT((IsSameType<bool, RemoveVolatile<bool>::Type>::value), WTF_test_RemoveVolatile_bool);
+COMPILE_ASSERT((!IsSameType<bool, RemoveVolatile<const bool>::Type>::value), WTF_test_RemoveVolatile_const_bool);
+COMPILE_ASSERT((IsSameType<bool, RemoveVolatile<volatile bool>::Type>::value), WTF_test_RemoveVolatile_volatile_bool);
+
+COMPILE_ASSERT((IsSameType<bool, RemoveConstVolatile<bool>::Type>::value), WTF_test_RemoveConstVolatile_bool);
+COMPILE_ASSERT((IsSameType<bool, RemoveConstVolatile<const bool>::Type>::value), WTF_test_RemoveConstVolatile_const_bool);
+COMPILE_ASSERT((IsSameType<bool, RemoveConstVolatile<volatile bool>::Type>::value), WTF_test_RemoveConstVolatile_volatile_bool);
+COMPILE_ASSERT((IsSameType<bool, RemoveConstVolatile<const volatile bool>::Type>::value), WTF_test_RemoveConstVolatile_const_volatile_bool);
+
+COMPILE_ASSERT((IsSameType<int, RemovePointer<int>::Type>::value), WTF_Test_RemovePointer_int);
+COMPILE_ASSERT((IsSameType<int, RemovePointer<int*>::Type>::value), WTF_Test_RemovePointer_int_pointer);
+COMPILE_ASSERT((!IsSameType<int, RemovePointer<int**>::Type>::value), WTF_Test_RemovePointer_int_pointer_pointer);
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.h
new file mode 100644
index 000000000..c03e8a7d7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/TypeTraits.h
@@ -0,0 +1,339 @@
+ /*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2009 Google Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef TypeTraits_h
+#define TypeTraits_h
+
+#include "Platform.h"
+
+#if (defined(__GLIBCXX__) && (__GLIBCXX__ >= 20070724) && defined(__GXX_EXPERIMENTAL_CXX0X__)) || (defined(_MSC_VER) && (_MSC_VER >= 1600))
+#include <type_traits>
+#endif
+
+namespace WTF {
+
+    // The following are provided in this file:
+    //
+    //   IsInteger<T>::value
+    //   IsPod<T>::value, see the definition for a note about its limitations
+    //   IsConvertibleToInteger<T>::value
+    //
+    //   IsSameType<T, U>::value
+    //
+    //   RemovePointer<T>::Type
+    //   RemoveConst<T>::Type
+    //   RemoveVolatile<T>::Type
+    //   RemoveConstVolatile<T>::Type
+    //
+    //   COMPILE_ASSERT's in TypeTraits.cpp illustrate their usage and what they do.
+
+    template<typename T> struct IsInteger           { static const bool value = false; };
+    template<> struct IsInteger<bool>               { static const bool value = true; };
+    template<> struct IsInteger<char>               { static const bool value = true; };
+    template<> struct IsInteger<signed char>        { static const bool value = true; };
+    template<> struct IsInteger<unsigned char>      { static const bool value = true; };
+    template<> struct IsInteger<short>              { static const bool value = true; };
+    template<> struct IsInteger<unsigned short>     { static const bool value = true; };
+    template<> struct IsInteger<int>                { static const bool value = true; };
+    template<> struct IsInteger<unsigned int>       { static const bool value = true; };
+    template<> struct IsInteger<long>               { static const bool value = true; };
+    template<> struct IsInteger<unsigned long>      { static const bool value = true; };
+    template<> struct IsInteger<long long>          { static const bool value = true; };
+    template<> struct IsInteger<unsigned long long> { static const bool value = true; };
+#if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED)
+    template<> struct IsInteger<wchar_t>            { static const bool value = true; };
+#endif
+
+    // IsPod is misnamed as it doesn't cover all plain old data (pod) types.
+    // Specifically, it doesn't allow for enums or for structs.
+    template <typename T> struct IsPod           { static const bool value = IsInteger<T>::value; };
+    template <> struct IsPod<float>              { static const bool value = true; };
+    template <> struct IsPod<double>             { static const bool value = true; };
+    template <> struct IsPod<long double>        { static const bool value = true; };
+    template <typename P> struct IsPod<P*>       { static const bool value = true; };
+
+    // Avoid "possible loss of data" warning when using Microsoft's C++ compiler
+    // by not converting int's to doubles.
+    template<bool performCheck, typename U> class CheckedIsConvertibleToDouble;
+    template<typename U> class CheckedIsConvertibleToDouble<false, U> {
+    public:
+        static const bool value = false;
+    };
+
+    template<typename U> class CheckedIsConvertibleToDouble<true, U> {
+        typedef char YesType;
+        struct NoType {
+            char padding[8];
+        };
+
+        static YesType floatCheck(long double);
+        static NoType floatCheck(...);
+        static U& t;
+    public:
+        static const bool value = sizeof(floatCheck(t)) == sizeof(YesType);
+    };
+
+    template<typename T> class IsConvertibleToInteger {
+    public:
+        static const bool value = IsInteger<T>::value || CheckedIsConvertibleToDouble<!IsInteger<T>::value, T>::value;
+    };
+
+    template <typename T, typename U> struct IsSameType {
+        static const bool value = false;
+    };
+
+    template <typename T> struct IsSameType<T, T> {
+        static const bool value = true;
+    };
+
+    template <typename T> struct RemoveConst {
+        typedef T Type;
+    };
+
+    template <typename T> struct RemoveConst<const T> {
+        typedef T Type;
+    };
+
+    template <typename T> struct RemoveVolatile {
+        typedef T Type;
+    };
+
+    template <typename T> struct RemoveVolatile<volatile T> {
+        typedef T Type;
+    };
+
+    template <typename T> struct RemoveConstVolatile {
+        typedef typename RemoveVolatile<typename RemoveConst<T>::Type>::Type Type;
+    };
+
+    template <typename T> struct RemovePointer {
+        typedef T Type;
+    };
+
+    template <typename T> struct RemovePointer<T*> {
+        typedef T Type;
+    };
+
+#if (defined(__GLIBCXX__) && (__GLIBCXX__ >= 20070724) && defined(__GXX_EXPERIMENTAL_CXX0X__)) || (defined(_MSC_VER) && (_MSC_VER >= 1600))
+
+    // GCC's libstdc++ 20070724 and later supports C++ TR1 type_traits in the std namespace.
+    // VC10 (VS2010) and later support C++ TR1 type_traits in the std::tr1 namespace.
+    template<typename T> struct HasTrivialConstructor : public std::tr1::has_trivial_constructor<T> { };
+    template<typename T> struct HasTrivialDestructor : public std::tr1::has_trivial_destructor<T> { };
+
+#else
+
+    // This compiler doesn't provide type traits, so we provide basic HasTrivialConstructor
+    // and HasTrivialDestructor definitions. The definitions here include most built-in
+    // scalar types but do not include POD structs and classes. For the intended purposes of
+    // type_traits this results correct but potentially less efficient code.
+    template <typename T, T v>
+    struct IntegralConstant {
+        static const T value = v;
+        typedef T value_type;
+        typedef IntegralConstant<T, v> type;
+    };
+
+    typedef IntegralConstant<bool, true>  true_type;
+    typedef IntegralConstant<bool, false> false_type;
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1400) && !defined(__INTEL_COMPILER)
+    // VC8 (VS2005) and later have built-in compiler support for HasTrivialConstructor / HasTrivialDestructor,
+    // but for some unexplained reason it doesn't work on built-in types.
+    template <typename T> struct HasTrivialConstructor : public IntegralConstant<bool, __has_trivial_constructor(T)>{ };
+    template <typename T> struct HasTrivialDestructor : public IntegralConstant<bool, __has_trivial_destructor(T)>{ };
+#else
+    template <typename T> struct HasTrivialConstructor : public false_type{ };
+    template <typename T> struct HasTrivialDestructor : public false_type{ };
+#endif
+
+    template <typename T> struct HasTrivialConstructor<T*> : public true_type{ };
+    template <typename T> struct HasTrivialDestructor<T*> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<float> : public true_type{ };
+    template <> struct HasTrivialConstructor<const float> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile float> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile float> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<double> : public true_type{ };
+    template <> struct HasTrivialConstructor<const double> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile double> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile double> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<long double> : public true_type{ };
+    template <> struct HasTrivialConstructor<const long double> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile long double> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile long double> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<unsigned char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const unsigned char> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile unsigned char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile unsigned char> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<unsigned short> : public true_type{ };
+    template <> struct HasTrivialConstructor<const unsigned short> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile unsigned short> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile unsigned short> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<unsigned int> : public true_type{ };
+    template <> struct HasTrivialConstructor<const unsigned int> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile unsigned int> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile unsigned int> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<unsigned long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const unsigned long> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile unsigned long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile unsigned long> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<unsigned long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const unsigned long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile unsigned long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile unsigned long long> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<signed char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const signed char> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile signed char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile signed char> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<signed short> : public true_type{ };
+    template <> struct HasTrivialConstructor<const signed short> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile signed short> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile signed short> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<signed int> : public true_type{ };
+    template <> struct HasTrivialConstructor<const signed int> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile signed int> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile signed int> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<signed long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const signed long> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile signed long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile signed long> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<signed long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const signed long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile signed long long> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile signed long long> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<bool> : public true_type{ };
+    template <> struct HasTrivialConstructor<const bool> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile bool> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile bool> : public true_type{ };
+
+    template <> struct HasTrivialConstructor<char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const char> : public true_type{ };
+    template <> struct HasTrivialConstructor<volatile char> : public true_type{ };
+    template <> struct HasTrivialConstructor<const volatile char> : public true_type{ };
+
+    #if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+        template <> struct HasTrivialConstructor<wchar_t> : public true_type{ };
+        template <> struct HasTrivialConstructor<const wchar_t> : public true_type{ };
+        template <> struct HasTrivialConstructor<volatile wchar_t> : public true_type{ };
+        template <> struct HasTrivialConstructor<const volatile wchar_t> : public true_type{ };
+    #endif
+
+    template <> struct HasTrivialDestructor<float> : public true_type{ };
+    template <> struct HasTrivialDestructor<const float> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile float> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile float> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<double> : public true_type{ };
+    template <> struct HasTrivialDestructor<const double> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile double> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile double> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<long double> : public true_type{ };
+    template <> struct HasTrivialDestructor<const long double> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile long double> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile long double> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<unsigned char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const unsigned char> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile unsigned char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile unsigned char> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<unsigned short> : public true_type{ };
+    template <> struct HasTrivialDestructor<const unsigned short> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile unsigned short> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile unsigned short> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<unsigned int> : public true_type{ };
+    template <> struct HasTrivialDestructor<const unsigned int> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile unsigned int> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile unsigned int> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<unsigned long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const unsigned long> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile unsigned long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile unsigned long> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<unsigned long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const unsigned long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile unsigned long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile unsigned long long> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<signed char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const signed char> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile signed char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile signed char> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<signed short> : public true_type{ };
+    template <> struct HasTrivialDestructor<const signed short> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile signed short> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile signed short> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<signed int> : public true_type{ };
+    template <> struct HasTrivialDestructor<const signed int> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile signed int> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile signed int> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<signed long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const signed long> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile signed long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile signed long> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<signed long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const signed long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile signed long long> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile signed long long> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<bool> : public true_type{ };
+    template <> struct HasTrivialDestructor<const bool> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile bool> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile bool> : public true_type{ };
+
+    template <> struct HasTrivialDestructor<char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const char> : public true_type{ };
+    template <> struct HasTrivialDestructor<volatile char> : public true_type{ };
+    template <> struct HasTrivialDestructor<const volatile char> : public true_type{ };
+
+    #if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+        template <> struct HasTrivialDestructor<wchar_t> : public true_type{ };
+        template <> struct HasTrivialDestructor<const wchar_t> : public true_type{ };
+        template <> struct HasTrivialDestructor<volatile wchar_t> : public true_type{ };
+        template <> struct HasTrivialDestructor<const volatile wchar_t> : public true_type{ };
+    #endif
+
+#endif  // __GLIBCXX__, etc.
+
+} // namespace WTF
+
+#endif // TypeTraits_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/UnusedParam.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/UnusedParam.h
new file mode 100644
index 000000000..996f5c856
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/UnusedParam.h
@@ -0,0 +1,29 @@
+/*
+ *  Copyright (C) 2006 Apple Computer, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_UnusedParam_h
+#define WTF_UnusedParam_h
+
+/* don't use this for C++, it should only be used in plain C files or
+   ObjC methods, where leaving off the parameter name is not allowed. */
+
+#define UNUSED_PARAM(x) (void)x
+
+#endif /* WTF_UnusedParam_h */
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h
new file mode 100644
index 000000000..519f51894
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef VMTags_h
+#define VMTags_h
+
+#include <wtf/Platform.h>
+
+// On Mac OS X, the VM subsystem allows tagging memory requested from mmap and vm_map
+// in order to aid tools that inspect system memory use. 
+#if PLATFORM(DARWIN) && !defined(BUILDING_ON_TIGER)
+
+#include <mach/vm_statistics.h>
+
+#if defined(VM_MEMORY_JAVASCRIPT_CORE) && defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_CORE)
+#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE)
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+#else
+#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(63)
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(64)
+#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(65)
+#endif // defined(VM_MEMORY_JAVASCRIPT_CORE) && defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR)
+
+#else // PLATFORM(DARWIN) && !defined(BUILDING_ON_TIGER)
+
+#define VM_TAG_FOR_COLLECTOR_MEMORY -1
+#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY -1
+#define VM_TAG_FOR_REGISTERFILE_MEMORY -1
+
+#endif // PLATFORM(DARWIN) && !defined(BUILDING_ON_TIGER)
+
+#endif // VMTags_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Vector.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Vector.h
new file mode 100644
index 000000000..7decc4a59
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Vector.h
@@ -0,0 +1,1014 @@
+/*
+ *  Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_Vector_h
+#define WTF_Vector_h
+
+#include "FastAllocBase.h"
+#include "Noncopyable.h"
+#include "NotFound.h"
+#include "VectorTraits.h"
+#include <limits>
+#include <utility>
+
+#if PLATFORM(QT)
+#include <QDataStream>
+#endif
+
+namespace WTF {
+
+    using std::min;
+    using std::max;
+
+    // WTF_ALIGN_OF / WTF_ALIGNED
+    #if COMPILER(GCC) || COMPILER(MINGW) || COMPILER(RVCT) || COMPILER(WINSCW)
+        #define WTF_ALIGN_OF(type) __alignof__(type)
+        #define WTF_ALIGNED(variable_type, variable, n) variable_type variable __attribute__((__aligned__(n)))
+    #elif COMPILER(MSVC)
+        #define WTF_ALIGN_OF(type) __alignof(type)
+        #define WTF_ALIGNED(variable_type, variable, n) __declspec(align(n)) variable_type variable
+    #else
+        #define WTF_ALIGN_OF(type)   0
+    #endif
+
+    #if COMPILER(GCC) && (((__GNUC__ * 100) + __GNUC_MINOR__) >= 303)
+        typedef char __attribute__((__may_alias__)) AlignedBufferChar; 
+    #else
+        typedef char AlignedBufferChar; 
+    #endif
+
+    #ifdef WTF_ALIGNED
+    template <size_t size, size_t alignment> struct AlignedBuffer;
+    template <size_t size> struct AlignedBuffer<size, 1> { AlignedBufferChar buffer[size]; };
+    template <size_t size> struct AlignedBuffer<size, 2> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 2);  };
+    template <size_t size> struct AlignedBuffer<size, 4> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 4);  };
+    template <size_t size> struct AlignedBuffer<size, 8> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 8);  };
+    template <size_t size> struct AlignedBuffer<size, 16> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 16); };
+    template <size_t size> struct AlignedBuffer<size, 32> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 32); };
+    template <size_t size> struct AlignedBuffer<size, 64> { WTF_ALIGNED(AlignedBufferChar, buffer[size], 64); };
+    #else
+    template <size_t size, size_t> struct AlignedBuffer
+    {
+        AlignedBufferChar oversizebuffer[size + 64];
+        AlignedBufferChar *buffer()
+        {
+            AlignedBufferChar *ptr = oversizebuffer;
+            ptr += 64 - (reinterpret_cast<size_t>(ptr) & 0x3f);
+            return ptr;
+        }
+    };
+    #endif
+
+    template <bool needsDestruction, typename T>
+    class VectorDestructor;
+
+    template<typename T>
+    struct VectorDestructor<false, T>
+    {
+        static void destruct(T*, T*) {}
+    };
+
+    template<typename T>
+    struct VectorDestructor<true, T>
+    {
+        static void destruct(T* begin, T* end) 
+        {
+            for (T* cur = begin; cur != end; ++cur)
+                cur->~T();
+        }
+    };
+
+    template <bool needsInitialization, bool canInitializeWithMemset, typename T>
+    class VectorInitializer;
+
+    template<bool ignore, typename T>
+    struct VectorInitializer<false, ignore, T>
+    {
+        static void initialize(T*, T*) {}
+    };
+
+    template<typename T>
+    struct VectorInitializer<true, false, T>
+    {
+        static void initialize(T* begin, T* end) 
+        {
+            for (T* cur = begin; cur != end; ++cur)
+                new (cur) T;
+        }
+    };
+
+    template<typename T>
+    struct VectorInitializer<true, true, T>
+    {
+        static void initialize(T* begin, T* end) 
+        {
+            memset(begin, 0, reinterpret_cast<char*>(end) - reinterpret_cast<char*>(begin));
+        }
+    };
+
+    template <bool canMoveWithMemcpy, typename T>
+    class VectorMover;
+
+    template<typename T>
+    struct VectorMover<false, T>
+    {
+        static void move(T* src, const T* srcEnd, T* dst)
+        {
+            while (src != srcEnd) {
+                new (dst) T(*src);
+                src->~T();
+                ++dst;
+                ++src;
+            }
+        }
+        static void moveOverlapping(T* src, const T* srcEnd, T* dst)
+        {
+            if (src > dst)
+                move(src, srcEnd, dst);
+            else {
+                T* dstEnd = dst + (srcEnd - src);
+                while (src != srcEnd) {
+                    --srcEnd;
+                    --dstEnd;
+                    new (dstEnd) T(*srcEnd);
+                    srcEnd->~T();
+                }
+            }
+        }
+    };
+
+    template<typename T>
+    struct VectorMover<true, T>
+    {
+        static void move(T* src, const T* srcEnd, T* dst) 
+        {
+            memcpy(dst, src, reinterpret_cast<const char*>(srcEnd) - reinterpret_cast<const char*>(src));
+        }
+        static void moveOverlapping(T* src, const T* srcEnd, T* dst) 
+        {
+            memmove(dst, src, reinterpret_cast<const char*>(srcEnd) - reinterpret_cast<const char*>(src));
+        }
+    };
+
+    template <bool canCopyWithMemcpy, typename T>
+    class VectorCopier;
+
+    template<typename T>
+    struct VectorCopier<false, T>
+    {
+        static void uninitializedCopy(const T* src, const T* srcEnd, T* dst) 
+        {
+            while (src != srcEnd) {
+                new (dst) T(*src);
+                ++dst;
+                ++src;
+            }
+        }
+    };
+
+    template<typename T>
+    struct VectorCopier<true, T>
+    {
+        static void uninitializedCopy(const T* src, const T* srcEnd, T* dst) 
+        {
+            memcpy(dst, src, reinterpret_cast<const char*>(srcEnd) - reinterpret_cast<const char*>(src));
+        }
+    };
+
+    template <bool canFillWithMemset, typename T>
+    class VectorFiller;
+
+    template<typename T>
+    struct VectorFiller<false, T>
+    {
+        static void uninitializedFill(T* dst, T* dstEnd, const T& val) 
+        {
+            while (dst != dstEnd) {
+                new (dst) T(val);
+                ++dst;
+            }
+        }
+    };
+
+    template<typename T>
+    struct VectorFiller<true, T>
+    {
+        static void uninitializedFill(T* dst, T* dstEnd, const T& val) 
+        {
+            ASSERT(sizeof(T) == sizeof(char));
+            memset(dst, val, dstEnd - dst);
+        }
+    };
+    
+    template<bool canCompareWithMemcmp, typename T>
+    class VectorComparer;
+    
+    template<typename T>
+    struct VectorComparer<false, T>
+    {
+        static bool compare(const T* a, const T* b, size_t size)
+        {
+            for (size_t i = 0; i < size; ++i)
+                if (a[i] != b[i])
+                    return false;
+            return true;
+        }
+    };
+
+    template<typename T>
+    struct VectorComparer<true, T>
+    {
+        static bool compare(const T* a, const T* b, size_t size)
+        {
+            return memcmp(a, b, sizeof(T) * size) == 0;
+        }
+    };
+    
+    template<typename T>
+    struct VectorTypeOperations
+    {
+        static void destruct(T* begin, T* end)
+        {
+            VectorDestructor<VectorTraits<T>::needsDestruction, T>::destruct(begin, end);
+        }
+
+        static void initialize(T* begin, T* end)
+        {
+            VectorInitializer<VectorTraits<T>::needsInitialization, VectorTraits<T>::canInitializeWithMemset, T>::initialize(begin, end);
+        }
+
+        static void move(T* src, const T* srcEnd, T* dst)
+        {
+            VectorMover<VectorTraits<T>::canMoveWithMemcpy, T>::move(src, srcEnd, dst);
+        }
+
+        static void moveOverlapping(T* src, const T* srcEnd, T* dst)
+        {
+            VectorMover<VectorTraits<T>::canMoveWithMemcpy, T>::moveOverlapping(src, srcEnd, dst);
+        }
+
+        static void uninitializedCopy(const T* src, const T* srcEnd, T* dst)
+        {
+            VectorCopier<VectorTraits<T>::canCopyWithMemcpy, T>::uninitializedCopy(src, srcEnd, dst);
+        }
+
+        static void uninitializedFill(T* dst, T* dstEnd, const T& val)
+        {
+            VectorFiller<VectorTraits<T>::canFillWithMemset, T>::uninitializedFill(dst, dstEnd, val);
+        }
+        
+        static bool compare(const T* a, const T* b, size_t size)
+        {
+            return VectorComparer<VectorTraits<T>::canCompareWithMemcmp, T>::compare(a, b, size);
+        }
+    };
+
+    template<typename T>
+    class VectorBufferBase : public Noncopyable {
+    public:
+        void allocateBuffer(size_t newCapacity)
+        {
+            m_capacity = newCapacity;
+            if (newCapacity > std::numeric_limits<size_t>::max() / sizeof(T))
+                CRASH();
+            m_buffer = static_cast<T*>(fastMalloc(newCapacity * sizeof(T)));
+        }
+
+        void deallocateBuffer(T* bufferToDeallocate)
+        {
+            if (m_buffer == bufferToDeallocate) {
+                m_buffer = 0;
+                m_capacity = 0;
+            }
+            fastFree(bufferToDeallocate);
+        }
+
+        T* buffer() { return m_buffer; }
+        const T* buffer() const { return m_buffer; }
+        T** bufferSlot() { return &m_buffer; }
+        size_t capacity() const { return m_capacity; }
+
+        T* releaseBuffer()
+        {
+            T* buffer = m_buffer;
+            m_buffer = 0;
+            m_capacity = 0;
+            return buffer;
+        }
+
+    protected:
+        VectorBufferBase()
+            : m_buffer(0)
+            , m_capacity(0)
+        {
+        }
+
+        VectorBufferBase(T* buffer, size_t capacity)
+            : m_buffer(buffer)
+            , m_capacity(capacity)
+        {
+        }
+
+        ~VectorBufferBase()
+        {
+            // FIXME: It would be nice to find a way to ASSERT that m_buffer hasn't leaked here.
+        }
+
+        T* m_buffer;
+        size_t m_capacity;
+    };
+
+    template<typename T, size_t inlineCapacity>
+    class VectorBuffer;
+
+    template<typename T>
+    class VectorBuffer<T, 0> : private VectorBufferBase<T> {
+    private:
+        typedef VectorBufferBase<T> Base;
+    public:
+        VectorBuffer()
+        {
+        }
+
+        VectorBuffer(size_t capacity)
+        {
+            allocateBuffer(capacity);
+        }
+
+        ~VectorBuffer()
+        {
+            deallocateBuffer(buffer());
+        }
+        
+        void swap(VectorBuffer<T, 0>& other)
+        {
+            std::swap(m_buffer, other.m_buffer);
+            std::swap(m_capacity, other.m_capacity);
+        }
+        
+        void restoreInlineBufferIfNeeded() { }
+
+        using Base::allocateBuffer;
+        using Base::deallocateBuffer;
+
+        using Base::buffer;
+        using Base::bufferSlot;
+        using Base::capacity;
+
+        using Base::releaseBuffer;
+    private:
+        using Base::m_buffer;
+        using Base::m_capacity;
+    };
+
+    template<typename T, size_t inlineCapacity>
+    class VectorBuffer : private VectorBufferBase<T> {
+    private:
+        typedef VectorBufferBase<T> Base;
+    public:
+        VectorBuffer()
+            : Base(inlineBuffer(), inlineCapacity)
+        {
+        }
+
+        VectorBuffer(size_t capacity)
+            : Base(inlineBuffer(), inlineCapacity)
+        {
+            if (capacity > inlineCapacity)
+                Base::allocateBuffer(capacity);
+        }
+
+        ~VectorBuffer()
+        {
+            deallocateBuffer(buffer());
+        }
+
+        void allocateBuffer(size_t newCapacity)
+        {
+            if (newCapacity > inlineCapacity)
+                Base::allocateBuffer(newCapacity);
+            else {
+                m_buffer = inlineBuffer();
+                m_capacity = inlineCapacity;
+            }
+        }
+
+        void deallocateBuffer(T* bufferToDeallocate)
+        {
+            if (bufferToDeallocate == inlineBuffer())
+                return;
+            Base::deallocateBuffer(bufferToDeallocate);
+        }
+        
+        void restoreInlineBufferIfNeeded()
+        {
+            if (m_buffer)
+                return;
+            m_buffer = inlineBuffer();
+            m_capacity = inlineCapacity;
+        }
+
+        using Base::buffer;
+        using Base::bufferSlot;
+        using Base::capacity;
+
+        T* releaseBuffer()
+        {
+            if (buffer() == inlineBuffer())
+                return 0;
+            return Base::releaseBuffer();
+        }
+
+    private:
+        using Base::m_buffer;
+        using Base::m_capacity;
+
+        static const size_t m_inlineBufferSize = inlineCapacity * sizeof(T);
+        #ifdef WTF_ALIGNED
+        T* inlineBuffer() { return reinterpret_cast<T*>(m_inlineBuffer.buffer); }
+        #else
+        T* inlineBuffer() { return reinterpret_cast<T*>(m_inlineBuffer.buffer()); }
+        #endif
+
+        AlignedBuffer<m_inlineBufferSize, WTF_ALIGN_OF(T)> m_inlineBuffer;
+    };
+
+    template<typename T, size_t inlineCapacity = 0>
+    class Vector : public FastAllocBase {
+    private:
+        typedef VectorBuffer<T, inlineCapacity> Buffer;
+        typedef VectorTypeOperations<T> TypeOperations;
+
+    public:
+        typedef T ValueType;
+
+        typedef T* iterator;
+        typedef const T* const_iterator;
+
+        Vector() 
+            : m_size(0)
+        {
+        }
+        
+        explicit Vector(size_t size) 
+            : m_size(size)
+            , m_buffer(size)
+        {
+            if (begin())
+                TypeOperations::initialize(begin(), end());
+        }
+
+        ~Vector()
+        {
+            if (m_size) shrink(0);
+        }
+
+        Vector(const Vector&);
+        template<size_t otherCapacity> 
+        Vector(const Vector<T, otherCapacity>&);
+
+        Vector& operator=(const Vector&);
+        template<size_t otherCapacity> 
+        Vector& operator=(const Vector<T, otherCapacity>&);
+
+        size_t size() const { return m_size; }
+        size_t capacity() const { return m_buffer.capacity(); }
+        bool isEmpty() const { return !size(); }
+
+        T& at(size_t i) 
+        { 
+            ASSERT(i < size());
+            return m_buffer.buffer()[i]; 
+        }
+        const T& at(size_t i) const 
+        {
+            ASSERT(i < size());
+            return m_buffer.buffer()[i]; 
+        }
+
+        T& operator[](size_t i) { return at(i); }
+        const T& operator[](size_t i) const { return at(i); }
+
+        T* data() { return m_buffer.buffer(); }
+        const T* data() const { return m_buffer.buffer(); }
+        T** dataSlot() { return m_buffer.bufferSlot(); }
+
+        iterator begin() { return data(); }
+        iterator end() { return begin() + m_size; }
+        const_iterator begin() const { return data(); }
+        const_iterator end() const { return begin() + m_size; }
+        
+        T& first() { return at(0); }
+        const T& first() const { return at(0); }
+        T& last() { return at(size() - 1); }
+        const T& last() const { return at(size() - 1); }
+
+        template<typename U> size_t find(const U&) const;
+
+        void shrink(size_t size);
+        void grow(size_t size);
+        void resize(size_t size);
+        void reserveCapacity(size_t newCapacity);
+        void reserveInitialCapacity(size_t initialCapacity);
+        void shrinkCapacity(size_t newCapacity);
+        void shrinkToFit() { shrinkCapacity(size()); }
+
+        void clear() { shrinkCapacity(0); }
+
+        template<typename U> void append(const U*, size_t);
+        template<typename U> void append(const U&);
+        template<typename U> void uncheckedAppend(const U& val);
+        template<size_t otherCapacity> void append(const Vector<T, otherCapacity>&);
+
+        template<typename U> void insert(size_t position, const U*, size_t);
+        template<typename U> void insert(size_t position, const U&);
+        template<typename U, size_t c> void insert(size_t position, const Vector<U, c>&);
+
+        template<typename U> void prepend(const U*, size_t);
+        template<typename U> void prepend(const U&);
+        template<typename U, size_t c> void prepend(const Vector<U, c>&);
+
+        void remove(size_t position);
+        void remove(size_t position, size_t length);
+
+        void removeLast() 
+        {
+            ASSERT(!isEmpty());
+            shrink(size() - 1); 
+        }
+
+        Vector(size_t size, const T& val)
+            : m_size(size)
+            , m_buffer(size)
+        {
+            if (begin())
+                TypeOperations::uninitializedFill(begin(), end(), val);
+        }
+
+        void fill(const T&, size_t);
+        void fill(const T& val) { fill(val, size()); }
+
+        template<typename Iterator> void appendRange(Iterator start, Iterator end);
+
+        T* releaseBuffer();
+
+        void swap(Vector<T, inlineCapacity>& other)
+        {
+            std::swap(m_size, other.m_size);
+            m_buffer.swap(other.m_buffer);
+        }
+
+    private:
+        void expandCapacity(size_t newMinCapacity);
+        const T* expandCapacity(size_t newMinCapacity, const T*);
+        template<typename U> U* expandCapacity(size_t newMinCapacity, U*); 
+
+        size_t m_size;
+        Buffer m_buffer;
+    };
+
+#if PLATFORM(QT)
+    QT_USE_NAMESPACE
+    template<typename T>
+    QDataStream& operator<<(QDataStream& stream, const Vector<T>& data)
+    {
+        stream << qint64(data.size());
+        foreach (const T& i, data)
+            stream << i;
+        return stream;
+    }
+
+    template<typename T>
+    QDataStream& operator>>(QDataStream& stream, Vector<T>& data)
+    {
+        data.clear();
+        qint64 count;
+        T item;
+        stream >> count;
+        data.reserveCapacity(count);
+        for (qint64 i = 0; i < count; ++i) {
+            stream >> item;
+            data.append(item);
+        }
+        return stream;
+    }
+#endif
+
+    template<typename T, size_t inlineCapacity>
+    Vector<T, inlineCapacity>::Vector(const Vector& other)
+        : m_size(other.size())
+        , m_buffer(other.capacity())
+    {
+        if (begin())
+            TypeOperations::uninitializedCopy(other.begin(), other.end(), begin());
+    }
+
+    template<typename T, size_t inlineCapacity>
+    template<size_t otherCapacity> 
+    Vector<T, inlineCapacity>::Vector(const Vector<T, otherCapacity>& other)
+        : m_size(other.size())
+        , m_buffer(other.capacity())
+    {
+        if (begin())
+            TypeOperations::uninitializedCopy(other.begin(), other.end(), begin());
+    }
+
+    template<typename T, size_t inlineCapacity>
+    Vector<T, inlineCapacity>& Vector<T, inlineCapacity>::operator=(const Vector<T, inlineCapacity>& other)
+    {
+        if (&other == this)
+            return *this;
+        
+        if (size() > other.size())
+            shrink(other.size());
+        else if (other.size() > capacity()) {
+            clear();
+            reserveCapacity(other.size());
+            if (!begin())
+                return *this;
+        }
+        
+        std::copy(other.begin(), other.begin() + size(), begin());
+        TypeOperations::uninitializedCopy(other.begin() + size(), other.end(), end());
+        m_size = other.size();
+
+        return *this;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    template<size_t otherCapacity> 
+    Vector<T, inlineCapacity>& Vector<T, inlineCapacity>::operator=(const Vector<T, otherCapacity>& other)
+    {
+        if (&other == this)
+            return *this;
+        
+        if (size() > other.size())
+            shrink(other.size());
+        else if (other.size() > capacity()) {
+            clear();
+            reserveCapacity(other.size());
+            if (!begin())
+                return *this;
+        }
+        
+        std::copy(other.begin(), other.begin() + size(), begin());
+        TypeOperations::uninitializedCopy(other.begin() + size(), other.end(), end());
+        m_size = other.size();
+
+        return *this;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    template<typename U>
+    size_t Vector<T, inlineCapacity>::find(const U& value) const
+    {
+        for (size_t i = 0; i < size(); ++i) {
+            if (at(i) == value)
+                return i;
+        }
+        return notFound;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::fill(const T& val, size_t newSize)
+    {
+        if (size() > newSize)
+            shrink(newSize);
+        else if (newSize > capacity()) {
+            clear();
+            reserveCapacity(newSize);
+            if (!begin())
+                return;
+        }
+        
+        std::fill(begin(), end(), val);
+        TypeOperations::uninitializedFill(end(), begin() + newSize, val);
+        m_size = newSize;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    template<typename Iterator>
+    void Vector<T, inlineCapacity>::appendRange(Iterator start, Iterator end)
+    {
+        for (Iterator it = start; it != end; ++it)
+            append(*it);
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::expandCapacity(size_t newMinCapacity)
+    {
+        reserveCapacity(max(newMinCapacity, max(static_cast<size_t>(16), capacity() + capacity() / 4 + 1)));
+    }
+    
+    template<typename T, size_t inlineCapacity>
+    const T* Vector<T, inlineCapacity>::expandCapacity(size_t newMinCapacity, const T* ptr)
+    {
+        if (ptr < begin() || ptr >= end()) {
+            expandCapacity(newMinCapacity);
+            return ptr;
+        }
+        size_t index = ptr - begin();
+        expandCapacity(newMinCapacity);
+        return begin() + index;
+    }
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    inline U* Vector<T, inlineCapacity>::expandCapacity(size_t newMinCapacity, U* ptr)
+    {
+        expandCapacity(newMinCapacity);
+        return ptr;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    inline void Vector<T, inlineCapacity>::resize(size_t size)
+    {
+        if (size <= m_size)
+            TypeOperations::destruct(begin() + size, end());
+        else {
+            if (size > capacity())
+                expandCapacity(size);
+            if (begin())
+                TypeOperations::initialize(end(), begin() + size);
+        }
+        
+        m_size = size;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::shrink(size_t size)
+    {
+        ASSERT(size <= m_size);
+        TypeOperations::destruct(begin() + size, end());
+        m_size = size;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::grow(size_t size)
+    {
+        ASSERT(size >= m_size);
+        if (size > capacity())
+            expandCapacity(size);
+        if (begin())
+            TypeOperations::initialize(end(), begin() + size);
+        m_size = size;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::reserveCapacity(size_t newCapacity)
+    {
+        if (newCapacity <= capacity())
+            return;
+        T* oldBuffer = begin();
+        T* oldEnd = end();
+        m_buffer.allocateBuffer(newCapacity);
+        if (begin())
+            TypeOperations::move(oldBuffer, oldEnd, begin());
+        m_buffer.deallocateBuffer(oldBuffer);
+    }
+    
+    template<typename T, size_t inlineCapacity>
+    inline void Vector<T, inlineCapacity>::reserveInitialCapacity(size_t initialCapacity)
+    {
+        ASSERT(!m_size);
+        ASSERT(capacity() == inlineCapacity);
+        if (initialCapacity > inlineCapacity)
+            m_buffer.allocateBuffer(initialCapacity);
+    }
+    
+    template<typename T, size_t inlineCapacity>
+    void Vector<T, inlineCapacity>::shrinkCapacity(size_t newCapacity)
+    {
+        if (newCapacity >= capacity())
+            return;
+
+        if (newCapacity < size()) 
+            shrink(newCapacity);
+
+        T* oldBuffer = begin();
+        if (newCapacity > 0) {
+            T* oldEnd = end();
+            m_buffer.allocateBuffer(newCapacity);
+            if (begin() != oldBuffer)
+                TypeOperations::move(oldBuffer, oldEnd, begin());
+        }
+
+        m_buffer.deallocateBuffer(oldBuffer);
+        m_buffer.restoreInlineBufferIfNeeded();
+    }
+
+    // Templatizing these is better than just letting the conversion happen implicitly,
+    // because for instance it allows a PassRefPtr to be appended to a RefPtr vector
+    // without refcount thrash.
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    void Vector<T, inlineCapacity>::append(const U* data, size_t dataSize)
+    {
+        size_t newSize = m_size + dataSize;
+        if (newSize > capacity()) {
+            data = expandCapacity(newSize, data);
+            if (!begin())
+                return;
+        }
+        if (newSize < m_size)
+            CRASH();
+        T* dest = end();
+        for (size_t i = 0; i < dataSize; ++i)
+            new (&dest[i]) T(data[i]);
+        m_size = newSize;
+    }
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    ALWAYS_INLINE void Vector<T, inlineCapacity>::append(const U& val)
+    {
+        const U* ptr = &val;
+        if (size() == capacity()) {
+            ptr = expandCapacity(size() + 1, ptr);
+            if (!begin())
+                return;
+        }
+            
+#if COMPILER(MSVC7)
+        // FIXME: MSVC7 generates compilation errors when trying to assign
+        // a pointer to a Vector of its base class (i.e. can't downcast). So far
+        // I've been unable to determine any logical reason for this, so I can
+        // only assume it is a bug with the compiler. Casting is a bad solution,
+        // however, because it subverts implicit conversions, so a better 
+        // one is needed. 
+        new (end()) T(static_cast<T>(*ptr));
+#else
+        new (end()) T(*ptr);
+#endif
+        ++m_size;
+    }
+
+    // This version of append saves a branch in the case where you know that the
+    // vector's capacity is large enough for the append to succeed.
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    inline void Vector<T, inlineCapacity>::uncheckedAppend(const U& val)
+    {
+        ASSERT(size() < capacity());
+        const U* ptr = &val;
+        new (end()) T(*ptr);
+        ++m_size;
+    }
+
+    // This method should not be called append, a better name would be appendElements.
+    // It could also be eliminated entirely, and call sites could just use
+    // appendRange(val.begin(), val.end()).
+    template<typename T, size_t inlineCapacity> template<size_t otherCapacity>
+    inline void Vector<T, inlineCapacity>::append(const Vector<T, otherCapacity>& val)
+    {
+        append(val.begin(), val.size());
+    }
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    void Vector<T, inlineCapacity>::insert(size_t position, const U* data, size_t dataSize)
+    {
+        ASSERT(position <= size());
+        size_t newSize = m_size + dataSize;
+        if (newSize > capacity()) {
+            data = expandCapacity(newSize, data);
+            if (!begin())
+                return;
+        }
+        if (newSize < m_size)
+            CRASH();
+        T* spot = begin() + position;
+        TypeOperations::moveOverlapping(spot, end(), spot + dataSize);
+        for (size_t i = 0; i < dataSize; ++i)
+            new (&spot[i]) T(data[i]);
+        m_size = newSize;
+    }
+     
+    template<typename T, size_t inlineCapacity> template<typename U>
+    inline void Vector<T, inlineCapacity>::insert(size_t position, const U& val)
+    {
+        ASSERT(position <= size());
+        const U* data = &val;
+        if (size() == capacity()) {
+            data = expandCapacity(size() + 1, data);
+            if (!begin())
+                return;
+        }
+        T* spot = begin() + position;
+        TypeOperations::moveOverlapping(spot, end(), spot + 1);
+        new (spot) T(*data);
+        ++m_size;
+    }
+   
+    template<typename T, size_t inlineCapacity> template<typename U, size_t c>
+    inline void Vector<T, inlineCapacity>::insert(size_t position, const Vector<U, c>& val)
+    {
+        insert(position, val.begin(), val.size());
+    }
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    void Vector<T, inlineCapacity>::prepend(const U* data, size_t dataSize)
+    {
+        insert(0, data, dataSize);
+    }
+
+    template<typename T, size_t inlineCapacity> template<typename U>
+    inline void Vector<T, inlineCapacity>::prepend(const U& val)
+    {
+        insert(0, val);
+    }
+   
+    template<typename T, size_t inlineCapacity> template<typename U, size_t c>
+    inline void Vector<T, inlineCapacity>::prepend(const Vector<U, c>& val)
+    {
+        insert(0, val.begin(), val.size());
+    }
+    
+    template<typename T, size_t inlineCapacity>
+    inline void Vector<T, inlineCapacity>::remove(size_t position)
+    {
+        ASSERT(position < size());
+        T* spot = begin() + position;
+        spot->~T();
+        TypeOperations::moveOverlapping(spot + 1, end(), spot);
+        --m_size;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    inline void Vector<T, inlineCapacity>::remove(size_t position, size_t length)
+    {
+        ASSERT(position < size());
+        ASSERT(position + length <= size());
+        T* beginSpot = begin() + position;
+        T* endSpot = beginSpot + length;
+        TypeOperations::destruct(beginSpot, endSpot); 
+        TypeOperations::moveOverlapping(endSpot, end(), beginSpot);
+        m_size -= length;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    inline T* Vector<T, inlineCapacity>::releaseBuffer()
+    {
+        T* buffer = m_buffer.releaseBuffer();
+        if (inlineCapacity && !buffer && m_size) {
+            // If the vector had some data, but no buffer to release,
+            // that means it was using the inline buffer. In that case,
+            // we create a brand new buffer so the caller always gets one.
+            size_t bytes = m_size * sizeof(T);
+            buffer = static_cast<T*>(fastMalloc(bytes));
+            memcpy(buffer, data(), bytes);
+        }
+        m_size = 0;
+        return buffer;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    void deleteAllValues(const Vector<T, inlineCapacity>& collection)
+    {
+        typedef typename Vector<T, inlineCapacity>::const_iterator iterator;
+        iterator end = collection.end();
+        for (iterator it = collection.begin(); it != end; ++it)
+            delete *it;
+    }
+
+    template<typename T, size_t inlineCapacity>
+    inline void swap(Vector<T, inlineCapacity>& a, Vector<T, inlineCapacity>& b)
+    {
+        a.swap(b);
+    }
+
+    template<typename T, size_t inlineCapacity>
+    bool operator==(const Vector<T, inlineCapacity>& a, const Vector<T, inlineCapacity>& b)
+    {
+        if (a.size() != b.size())
+            return false;
+
+        return VectorTypeOperations<T>::compare(a.data(), b.data(), a.size());
+    }
+
+    template<typename T, size_t inlineCapacity>
+    inline bool operator!=(const Vector<T, inlineCapacity>& a, const Vector<T, inlineCapacity>& b)
+    {
+        return !(a == b);
+    }
+
+
+} // namespace WTF
+
+using WTF::Vector;
+
+#endif // WTF_Vector_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VectorTraits.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VectorTraits.h
new file mode 100644
index 000000000..eb4c279cc
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VectorTraits.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_VectorTraits_h
+#define WTF_VectorTraits_h
+
+#include "OwnPtr.h"
+#include "RefPtr.h"
+#include "TypeTraits.h"
+#include <utility>
+#include <memory>
+
+using std::pair;
+
+namespace WTF {
+
+    template<bool isPod, typename T>
+    class VectorTraitsBase;
+
+    template<typename T>
+    struct VectorTraitsBase<false, T>
+    {
+        static const bool needsDestruction = true;
+        static const bool needsInitialization = true;
+        static const bool canInitializeWithMemset = false;
+        static const bool canMoveWithMemcpy = false;
+        static const bool canCopyWithMemcpy = false;
+        static const bool canFillWithMemset = false;
+        static const bool canCompareWithMemcmp = false;
+    };
+
+    template<typename T>
+    struct VectorTraitsBase<true, T>
+    {
+        static const bool needsDestruction = false;
+        static const bool needsInitialization = false;
+        static const bool canInitializeWithMemset = false;
+        static const bool canMoveWithMemcpy = true;
+        static const bool canCopyWithMemcpy = true;
+        static const bool canFillWithMemset = sizeof(T) == sizeof(char);
+        static const bool canCompareWithMemcmp = true;
+    };
+
+    template<typename T>
+    struct VectorTraits : VectorTraitsBase<IsPod<T>::value, T> { };
+
+    struct SimpleClassVectorTraits
+    {
+        static const bool needsDestruction = true;
+        static const bool needsInitialization = true;
+        static const bool canInitializeWithMemset = true;
+        static const bool canMoveWithMemcpy = true;
+        static const bool canCopyWithMemcpy = false;
+        static const bool canFillWithMemset = false;
+        static const bool canCompareWithMemcmp = true;
+    };
+
+    // we know OwnPtr and RefPtr are simple enough that initializing to 0 and moving with memcpy
+    // (and then not destructing the original) will totally work
+    template<typename P>
+    struct VectorTraits<RefPtr<P> > : SimpleClassVectorTraits { };
+
+    template<typename P>
+    struct VectorTraits<OwnPtr<P> > : SimpleClassVectorTraits { };
+
+    template<typename P>
+    struct VectorTraits<std::auto_ptr<P> > : SimpleClassVectorTraits { };
+
+    template<typename First, typename Second>
+    struct VectorTraits<pair<First, Second> >
+    {
+        typedef VectorTraits<First> FirstTraits;
+        typedef VectorTraits<Second> SecondTraits;
+
+        static const bool needsDestruction = FirstTraits::needsDestruction || SecondTraits::needsDestruction;
+        static const bool needsInitialization = FirstTraits::needsInitialization || SecondTraits::needsInitialization;
+        static const bool canInitializeWithMemset = FirstTraits::canInitializeWithMemset && SecondTraits::canInitializeWithMemset;
+        static const bool canMoveWithMemcpy = FirstTraits::canMoveWithMemcpy && SecondTraits::canMoveWithMemcpy;
+        static const bool canCopyWithMemcpy = FirstTraits::canCopyWithMemcpy && SecondTraits::canCopyWithMemcpy;
+        static const bool canFillWithMemset = false;
+        static const bool canCompareWithMemcmp = FirstTraits::canCompareWithMemcmp && SecondTraits::canCompareWithMemcmp;
+    };
+
+} // namespace WTF
+
+using WTF::VectorTraits;
+using WTF::SimpleClassVectorTraits;
+
+#endif // WTF_VectorTraits_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.cpp
new file mode 100644
index 000000000..d75c17a93
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.cpp
@@ -0,0 +1,2379 @@
+/****************************************************************
+ *
+ * The author of this software is David M. Gay.
+ *
+ * Copyright (c) 1991, 2000, 2001 by Lucent Technologies.
+ * Copyright (C) 2002, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose without fee is hereby granted, provided that this entire notice
+ * is included in all copies of any software which is or includes a copy
+ * or modification of this software and in all copies of the supporting
+ * documentation for such software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHOR NOR LUCENT MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
+ * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
+ *
+ ***************************************************************/
+
+/* Please send bug reports to
+    David M. Gay
+    Bell Laboratories, Room 2C-463
+    600 Mountain Avenue
+    Murray Hill, NJ 07974-0636
+    U.S.A.
+    dmg@bell-labs.com
+ */
+
+/* On a machine with IEEE extended-precision registers, it is
+ * necessary to specify double-precision (53-bit) rounding precision
+ * before invoking strtod or dtoa.  If the machine uses (the equivalent
+ * of) Intel 80x87 arithmetic, the call
+ *    _control87(PC_53, MCW_PC);
+ * does this with many compilers.  Whether this or another call is
+ * appropriate depends on the compiler; for this to work, it may be
+ * necessary to #include "float.h" or another system-dependent header
+ * file.
+ */
+
+/* strtod for IEEE-arithmetic machines.
+ *
+ * This strtod returns a nearest machine number to the input decimal
+ * string (or sets errno to ERANGE).  With IEEE arithmetic, ties are
+ * broken by the IEEE round-even rule.  Otherwise ties are broken by
+ * biased rounding (add half and chop).
+ *
+ * Inspired loosely by William D. Clinger's paper "How to Read Floating
+ * Point Numbers Accurately" [Proc. ACM SIGPLAN '90, pp. 92-101].
+ *
+ * Modifications:
+ *
+ *    1. We only require IEEE.
+ *    2. We get by with floating-point arithmetic in a case that
+ *        Clinger missed -- when we're computing d * 10^n
+ *        for a small integer d and the integer n is not too
+ *        much larger than 22 (the maximum integer k for which
+ *        we can represent 10^k exactly), we may be able to
+ *        compute (d*10^k) * 10^(e-k) with just one roundoff.
+ *    3. Rather than a bit-at-a-time adjustment of the binary
+ *        result in the hard case, we use floating-point
+ *        arithmetic to determine the adjustment to within
+ *        one bit; only in really hard cases do we need to
+ *        compute a second residual.
+ *    4. Because of 3., we don't need a large table of powers of 10
+ *        for ten-to-e (just some small tables, e.g. of 10^k
+ *        for 0 <= k <= 22).
+ */
+
+/*
+ * #define IEEE_8087 for IEEE-arithmetic machines where the least
+ *    significant byte has the lowest address.
+ * #define IEEE_MC68k for IEEE-arithmetic machines where the most
+ *    significant byte has the lowest address.
+ * #define No_leftright to omit left-right logic in fast floating-point
+ *    computation of dtoa.
+ * #define Check_FLT_ROUNDS if FLT_ROUNDS can assume the values 2 or 3
+ *    and Honor_FLT_ROUNDS is not #defined.
+ * #define Inaccurate_Divide for IEEE-format with correctly rounded
+ *    products but inaccurate quotients, e.g., for Intel i860.
+ * #define USE_LONG_LONG on machines that have a "long long"
+ *    integer type (of >= 64 bits), and performance testing shows that
+ *    it is faster than 32-bit fallback (which is often not the case
+ *    on 32-bit machines). On such machines, you can #define Just_16
+ *    to store 16 bits per 32-bit int32_t when doing high-precision integer
+ *    arithmetic.  Whether this speeds things up or slows things down
+ *    depends on the machine and the number being converted.
+ * #define Bad_float_h if your system lacks a float.h or if it does not
+ *    define some or all of DBL_DIG, DBL_MAX_10_EXP, DBL_MAX_EXP,
+ *    FLT_RADIX, FLT_ROUNDS, and DBL_MAX.
+ * #define INFNAN_CHECK on IEEE systems to cause strtod to check for
+ *    Infinity and NaN (case insensitively).  On some systems (e.g.,
+ *    some HP systems), it may be necessary to #define NAN_WORD0
+ *    appropriately -- to the most significant word of a quiet NaN.
+ *    (On HP Series 700/800 machines, -DNAN_WORD0=0x7ff40000 works.)
+ *    When INFNAN_CHECK is #defined and No_Hex_NaN is not #defined,
+ *    strtod also accepts (case insensitively) strings of the form
+ *    NaN(x), where x is a string of hexadecimal digits and spaces;
+ *    if there is only one string of hexadecimal digits, it is taken
+ *    for the 52 fraction bits of the resulting NaN; if there are two
+ *    or more strings of hex digits, the first is for the high 20 bits,
+ *    the second and subsequent for the low 32 bits, with intervening
+ *    white space ignored; but if this results in none of the 52
+ *    fraction bits being on (an IEEE Infinity symbol), then NAN_WORD0
+ *    and NAN_WORD1 are used instead.
+ * #define NO_IEEE_Scale to disable new (Feb. 1997) logic in strtod that
+ *    avoids underflows on inputs whose result does not underflow.
+ *    If you #define NO_IEEE_Scale on a machine that uses IEEE-format
+ *    floating-point numbers and flushes underflows to zero rather
+ *    than implementing gradual underflow, then you must also #define
+ *    Sudden_Underflow.
+ * #define YES_ALIAS to permit aliasing certain double values with
+ *    arrays of ULongs.  This leads to slightly better code with
+ *    some compilers and was always used prior to 19990916, but it
+ *    is not strictly legal and can cause trouble with aggressively
+ *    optimizing compilers (e.g., gcc 2.95.1 under -O2).
+ * #define SET_INEXACT if IEEE arithmetic is being used and extra
+ *    computation should be done to set the inexact flag when the
+ *    result is inexact and avoid setting inexact when the result
+ *    is exact.  In this case, dtoa.c must be compiled in
+ *    an environment, perhaps provided by #include "dtoa.c" in a
+ *    suitable wrapper, that defines two functions,
+ *        int get_inexact(void);
+ *        void clear_inexact(void);
+ *    such that get_inexact() returns a nonzero value if the
+ *    inexact bit is already set, and clear_inexact() sets the
+ *    inexact bit to 0.  When SET_INEXACT is #defined, strtod
+ *    also does extra computations to set the underflow and overflow
+ *    flags when appropriate (i.e., when the result is tiny and
+ *    inexact or when it is a numeric value rounded to +-infinity).
+ * #define NO_ERRNO if strtod should not assign errno = ERANGE when
+ *    the result overflows to +-Infinity or underflows to 0.
+ */
+
+#include "config.h"
+#include "dtoa.h"
+
+#if HAVE(ERRNO_H)
+#include <errno.h>
+#else
+#define NO_ERRNO
+#endif
+#include <float.h>
+#include <math.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <wtf/AlwaysInline.h>
+#include <wtf/Assertions.h>
+#include <wtf/FastMalloc.h>
+#include <wtf/Vector.h>
+#include <wtf/Threading.h>
+
+#include <stdio.h>
+
+#if COMPILER(MSVC)
+#pragma warning(disable: 4244)
+#pragma warning(disable: 4245)
+#pragma warning(disable: 4554)
+#endif
+
+#if PLATFORM(BIG_ENDIAN)
+#define IEEE_MC68k
+#elif PLATFORM(MIDDLE_ENDIAN)
+#define IEEE_ARM
+#else
+#define IEEE_8087
+#endif
+
+#define INFNAN_CHECK
+
+#if defined(IEEE_8087) + defined(IEEE_MC68k) + defined(IEEE_ARM) != 1
+Exactly one of IEEE_8087, IEEE_ARM or IEEE_MC68k should be defined.
+#endif
+
+namespace WTF {
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+Mutex* s_dtoaP5Mutex;
+#endif
+
+typedef union { double d; uint32_t L[2]; } U;
+
+#ifdef YES_ALIAS
+#define dval(x) x
+#ifdef IEEE_8087
+#define word0(x) ((uint32_t*)&x)[1]
+#define word1(x) ((uint32_t*)&x)[0]
+#else
+#define word0(x) ((uint32_t*)&x)[0]
+#define word1(x) ((uint32_t*)&x)[1]
+#endif
+#else
+#ifdef IEEE_8087
+#define word0(x) (x)->L[1]
+#define word1(x) (x)->L[0]
+#else
+#define word0(x) (x)->L[0]
+#define word1(x) (x)->L[1]
+#endif
+#define dval(x) (x)->d
+#endif
+
+/* The following definition of Storeinc is appropriate for MIPS processors.
+ * An alternative that might be better on some machines is
+ * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff)
+ */
+#if defined(IEEE_8087) || defined(IEEE_ARM)
+#define Storeinc(a,b,c) (((unsigned short*)a)[1] = (unsigned short)b, ((unsigned short*)a)[0] = (unsigned short)c, a++)
+#else
+#define Storeinc(a,b,c) (((unsigned short*)a)[0] = (unsigned short)b, ((unsigned short*)a)[1] = (unsigned short)c, a++)
+#endif
+
+#define Exp_shift  20
+#define Exp_shift1 20
+#define Exp_msk1    0x100000
+#define Exp_msk11   0x100000
+#define Exp_mask  0x7ff00000
+#define P 53
+#define Bias 1023
+#define Emin (-1022)
+#define Exp_1  0x3ff00000
+#define Exp_11 0x3ff00000
+#define Ebits 11
+#define Frac_mask  0xfffff
+#define Frac_mask1 0xfffff
+#define Ten_pmax 22
+#define Bletch 0x10
+#define Bndry_mask  0xfffff
+#define Bndry_mask1 0xfffff
+#define LSB 1
+#define Sign_bit 0x80000000
+#define Log2P 1
+#define Tiny0 0
+#define Tiny1 1
+#define Quick_max 14
+#define Int_max 14
+
+#if !defined(NO_IEEE_Scale)
+#undef Avoid_Underflow
+#define Avoid_Underflow
+#endif
+
+#if !defined(Flt_Rounds)
+#if defined(FLT_ROUNDS)
+#define Flt_Rounds FLT_ROUNDS
+#else
+#define Flt_Rounds 1
+#endif
+#endif /*Flt_Rounds*/
+
+
+#define rounded_product(a,b) a *= b
+#define rounded_quotient(a,b) a /= b
+
+#define Big0 (Frac_mask1 | Exp_msk1 * (DBL_MAX_EXP + Bias - 1))
+#define Big1 0xffffffff
+
+
+// FIXME: we should remove non-Pack_32 mode since it is unused and unmaintained
+#ifndef Pack_32
+#define Pack_32
+#endif
+
+#if PLATFORM(PPC64) || PLATFORM(X86_64)
+// 64-bit emulation provided by the compiler is likely to be slower than dtoa own code on 32-bit hardware.
+#define USE_LONG_LONG
+#endif
+
+#ifndef USE_LONG_LONG
+#ifdef Just_16
+#undef Pack_32
+/* When Pack_32 is not defined, we store 16 bits per 32-bit int32_t.
+ * This makes some inner loops simpler and sometimes saves work
+ * during multiplications, but it often seems to make things slightly
+ * slower.  Hence the default is now to store 32 bits per int32_t.
+ */
+#endif
+#endif
+
+#define Kmax 15
+
+struct BigInt {
+    BigInt() : sign(0) { }
+    int sign;
+
+    void clear()
+    {
+        sign = 0;
+        m_words.clear();
+    }
+    
+    size_t size() const
+    {
+        return m_words.size();
+    }
+
+    void resize(size_t s)
+    {
+        m_words.resize(s);
+    }
+            
+    uint32_t* words()
+    {
+        return m_words.data();
+    }
+
+    const uint32_t* words() const
+    {
+        return m_words.data();
+    }
+    
+    void append(uint32_t w)
+    {
+        m_words.append(w);
+    }
+    
+    Vector<uint32_t, 16> m_words;
+};
+
+static void multadd(BigInt& b, int m, int a)    /* multiply by m and add a */
+{
+#ifdef USE_LONG_LONG
+    unsigned long long carry;
+#else
+    uint32_t carry;
+#endif
+
+    int wds = b.size();
+    uint32_t* x = b.words();
+    int i = 0;
+    carry = a;
+    do {
+#ifdef USE_LONG_LONG
+        unsigned long long y = *x * (unsigned long long)m + carry;
+        carry = y >> 32;
+        *x++ = (uint32_t)y & 0xffffffffUL;
+#else
+#ifdef Pack_32
+        uint32_t xi = *x;
+        uint32_t y = (xi & 0xffff) * m + carry;
+        uint32_t z = (xi >> 16) * m + (y >> 16);
+        carry = z >> 16;
+        *x++ = (z << 16) + (y & 0xffff);
+#else
+        uint32_t y = *x * m + carry;
+        carry = y >> 16;
+        *x++ = y & 0xffff;
+#endif
+#endif
+    } while (++i < wds);
+
+    if (carry)
+        b.append((uint32_t)carry);
+}
+
+static void s2b(BigInt& b, const char* s, int nd0, int nd, uint32_t y9)
+{
+    int k;
+    int32_t y;
+    int32_t x = (nd + 8) / 9;
+
+    for (k = 0, y = 1; x > y; y <<= 1, k++) { }
+#ifdef Pack_32
+    b.sign = 0;
+    b.resize(1);
+    b.words()[0] = y9;
+#else
+    b.sign = 0;
+    b.resize((b->x[1] = y9 >> 16) ? 2 : 1);
+    b.words()[0] = y9 & 0xffff;
+#endif
+
+    int i = 9;
+    if (9 < nd0) {
+        s += 9;
+        do {
+            multadd(b, 10, *s++ - '0');
+        } while (++i < nd0);
+        s++;
+    } else
+        s += 10;
+    for (; i < nd; i++)
+        multadd(b, 10, *s++ - '0');
+}
+
+static int hi0bits(uint32_t x)
+{
+    int k = 0;
+
+    if (!(x & 0xffff0000)) {
+        k = 16;
+        x <<= 16;
+    }
+    if (!(x & 0xff000000)) {
+        k += 8;
+        x <<= 8;
+    }
+    if (!(x & 0xf0000000)) {
+        k += 4;
+        x <<= 4;
+    }
+    if (!(x & 0xc0000000)) {
+        k += 2;
+        x <<= 2;
+    }
+    if (!(x & 0x80000000)) {
+        k++;
+        if (!(x & 0x40000000))
+            return 32;
+    }
+    return k;
+}
+
+static int lo0bits (uint32_t* y)
+{
+    int k;
+    uint32_t x = *y;
+
+    if (x & 7) {
+        if (x & 1)
+            return 0;
+        if (x & 2) {
+            *y = x >> 1;
+            return 1;
+        }
+        *y = x >> 2;
+        return 2;
+    }
+    k = 0;
+    if (!(x & 0xffff)) {
+        k = 16;
+        x >>= 16;
+    }
+    if (!(x & 0xff)) {
+        k += 8;
+        x >>= 8;
+    }
+    if (!(x & 0xf)) {
+        k += 4;
+        x >>= 4;
+    }
+    if (!(x & 0x3)) {
+        k += 2;
+        x >>= 2;
+    }
+    if (!(x & 1)) {
+        k++;
+        x >>= 1;
+        if (!x & 1)
+            return 32;
+    }
+    *y = x;
+    return k;
+}
+
+static void i2b(BigInt& b, int i)
+{
+    b.sign = 0;
+    b.resize(1);
+    b.words()[0] = i;
+}
+
+static void mult(BigInt& aRef, const BigInt& bRef)
+{
+    const BigInt* a = &aRef;
+    const BigInt* b = &bRef;
+    BigInt c;
+    int wa, wb, wc;
+    const uint32_t *x = 0, *xa, *xb, *xae, *xbe;
+    uint32_t *xc, *xc0;
+    uint32_t y;
+#ifdef USE_LONG_LONG
+    unsigned long long carry, z;
+#else
+    uint32_t carry, z;
+#endif
+
+    if (a->size() < b->size()) {
+        const BigInt* tmp = a;
+        a = b;
+        b = tmp;
+    }
+    
+    wa = a->size();
+    wb = b->size();
+    wc = wa + wb;
+    c.resize(wc);
+
+    for (xc = c.words(), xa = xc + wc; xc < xa; xc++)
+        *xc = 0;
+    xa = a->words();
+    xae = xa + wa;
+    xb = b->words();
+    xbe = xb + wb;
+    xc0 = c.words();
+#ifdef USE_LONG_LONG
+    for (; xb < xbe; xc0++) {
+        if ((y = *xb++)) {
+            x = xa;
+            xc = xc0;
+            carry = 0;
+            do {
+                z = *x++ * (unsigned long long)y + *xc + carry;
+                carry = z >> 32;
+                *xc++ = (uint32_t)z & 0xffffffffUL;
+            } while (x < xae);
+            *xc = (uint32_t)carry;
+        }
+    }
+#else
+#ifdef Pack_32
+    for (; xb < xbe; xb++, xc0++) {
+        if ((y = *xb & 0xffff)) {
+            x = xa;
+            xc = xc0;
+            carry = 0;
+            do {
+                z = (*x & 0xffff) * y + (*xc & 0xffff) + carry;
+                carry = z >> 16;
+                uint32_t z2 = (*x++ >> 16) * y + (*xc >> 16) + carry;
+                carry = z2 >> 16;
+                Storeinc(xc, z2, z);
+            } while (x < xae);
+            *xc = carry;
+        }
+        if ((y = *xb >> 16)) {
+            x = xa;
+            xc = xc0;
+            carry = 0;
+            uint32_t z2 = *xc;
+            do {
+                z = (*x & 0xffff) * y + (*xc >> 16) + carry;
+                carry = z >> 16;
+                Storeinc(xc, z, z2);
+                z2 = (*x++ >> 16) * y + (*xc & 0xffff) + carry;
+                carry = z2 >> 16;
+            } while (x < xae);
+            *xc = z2;
+        }
+    }
+#else
+    for(; xb < xbe; xc0++) {
+        if ((y = *xb++)) {
+            x = xa;
+            xc = xc0;
+            carry = 0;
+            do {
+                z = *x++ * y + *xc + carry;
+                carry = z >> 16;
+                *xc++ = z & 0xffff;
+            } while (x < xae);
+            *xc = carry;
+        }
+    }
+#endif
+#endif
+    for (xc0 = c.words(), xc = xc0 + wc; wc > 0 && !*--xc; --wc) { }
+    c.resize(wc);
+    aRef = c;
+}
+
+struct P5Node {
+    BigInt val;
+    P5Node* next;
+};
+    
+static P5Node* p5s;
+static int p5s_count;
+
+static ALWAYS_INLINE void pow5mult(BigInt& b, int k)
+{
+    static int p05[3] = { 5, 25, 125 };
+
+    if (int i = k & 3)
+        multadd(b, p05[i - 1], 0);
+
+    if (!(k >>= 2))
+        return;
+
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    s_dtoaP5Mutex->lock();
+#endif
+    P5Node* p5 = p5s;
+
+    if (!p5) {
+        /* first time */
+        p5 = new P5Node;
+        i2b(p5->val, 625);
+        p5->next = 0;
+        p5s = p5;
+        p5s_count = 1;
+    }
+
+    int p5s_count_local = p5s_count;
+#if ENABLE(JSC_MULTIPLE_THREADS)
+    s_dtoaP5Mutex->unlock();
+#endif
+    int p5s_used = 0;
+
+    for (;;) {
+        if (k & 1)
+            mult(b, p5->val);
+
+        if (!(k >>= 1))
+            break;
+
+        if (++p5s_used == p5s_count_local) {
+#if ENABLE(JSC_MULTIPLE_THREADS)
+            s_dtoaP5Mutex->lock();
+#endif
+            if (p5s_used == p5s_count) {
+                ASSERT(!p5->next);
+                p5->next = new P5Node;
+                p5->next->next = 0;
+                p5->next->val = p5->val;
+                mult(p5->next->val, p5->next->val);
+                ++p5s_count;
+            }
+            
+            p5s_count_local = p5s_count;
+#if ENABLE(JSC_MULTIPLE_THREADS)
+            s_dtoaP5Mutex->unlock();
+#endif
+        }
+        p5 = p5->next;
+    }
+}
+
+static ALWAYS_INLINE void lshift(BigInt& b, int k)
+{
+#ifdef Pack_32
+    int n = k >> 5;
+#else
+    int n = k >> 4;
+#endif
+
+    int origSize = b.size();
+    int n1 = n + origSize + 1;
+
+    if (k &= 0x1f)
+        b.resize(b.size() + n + 1);
+    else
+        b.resize(b.size() + n);
+
+    const uint32_t* srcStart = b.words();
+    uint32_t* dstStart = b.words();
+    const uint32_t* src = srcStart + origSize - 1;
+    uint32_t* dst = dstStart + n1 - 1;
+#ifdef Pack_32
+    if (k) {
+        uint32_t hiSubword = 0;
+        int s = 32 - k;
+        for (; src >= srcStart; --src) {
+            *dst-- = hiSubword | *src >> s;
+            hiSubword = *src << k;
+        }
+        *dst = hiSubword;
+        ASSERT(dst == dstStart + n);
+
+        b.resize(origSize + n + (b.words()[n1 - 1] != 0));
+    }
+#else
+    if (k &= 0xf) {
+        uint32_t hiSubword = 0;
+        int s = 16 - k;
+        for (; src >= srcStart; --src) {
+            *dst-- = hiSubword | *src >> s;
+            hiSubword = (*src << k) & 0xffff;
+        }
+        *dst = hiSubword;
+        ASSERT(dst == dstStart + n);
+        result->wds = b->wds + n + (result->x[n1 - 1] != 0);
+     }
+ #endif
+    else {
+        do {
+            *--dst = *src--;
+        } while (src >= srcStart);
+    }
+    for (dst = dstStart + n; dst != dstStart; )
+        *--dst = 0;
+
+    ASSERT(b.size() <= 1 || b.words()[b.size() - 1]);
+}
+
+static int cmp(const BigInt& a, const BigInt& b)
+{
+    const uint32_t *xa, *xa0, *xb, *xb0;
+    int i, j;
+
+    i = a.size();
+    j = b.size();
+    ASSERT(i <= 1 || a.words()[i - 1]);
+    ASSERT(j <= 1 || b.words()[j - 1]);
+    if (i -= j)
+        return i;
+    xa0 = a.words();
+    xa = xa0 + j;
+    xb0 = b.words();
+    xb = xb0 + j;
+    for (;;) {
+        if (*--xa != *--xb)
+            return *xa < *xb ? -1 : 1;
+        if (xa <= xa0)
+            break;
+    }
+    return 0;
+}
+
+static ALWAYS_INLINE void diff(BigInt& c, const BigInt& aRef, const BigInt& bRef)
+{
+    const BigInt* a = &aRef;
+    const BigInt* b = &bRef;
+    int i, wa, wb;
+    uint32_t *xc;
+
+    i = cmp(*a, *b);
+    if (!i) {
+        c.sign = 0;
+        c.resize(1);
+        c.words()[0] = 0;
+        return;
+    }
+    if (i < 0) {
+        const BigInt* tmp = a;
+        a = b;
+        b = tmp;
+        i = 1;
+    } else
+        i = 0;
+
+    wa = a->size();
+    const uint32_t* xa = a->words();
+    const uint32_t* xae = xa + wa;
+    wb = b->size();
+    const uint32_t* xb = b->words();
+    const uint32_t* xbe = xb + wb;
+
+    c.resize(wa);
+    c.sign = i;
+    xc = c.words();
+#ifdef USE_LONG_LONG
+    unsigned long long borrow = 0;
+    do {
+        unsigned long long y = (unsigned long long)*xa++ - *xb++ - borrow;
+        borrow = y >> 32 & (uint32_t)1;
+        *xc++ = (uint32_t)y & 0xffffffffUL;
+    } while (xb < xbe);
+    while (xa < xae) {
+        unsigned long long y = *xa++ - borrow;
+        borrow = y >> 32 & (uint32_t)1;
+        *xc++ = (uint32_t)y & 0xffffffffUL;
+    }
+#else
+    uint32_t borrow = 0;
+#ifdef Pack_32
+    do {
+        uint32_t y = (*xa & 0xffff) - (*xb & 0xffff) - borrow;
+        borrow = (y & 0x10000) >> 16;
+        uint32_t z = (*xa++ >> 16) - (*xb++ >> 16) - borrow;
+        borrow = (z & 0x10000) >> 16;
+        Storeinc(xc, z, y);
+    } while (xb < xbe);
+    while (xa < xae) {
+        uint32_t y = (*xa & 0xffff) - borrow;
+        borrow = (y & 0x10000) >> 16;
+        uint32_t z = (*xa++ >> 16) - borrow;
+        borrow = (z & 0x10000) >> 16;
+        Storeinc(xc, z, y);
+    }
+#else
+    do {
+        uint32_t y = *xa++ - *xb++ - borrow;
+        borrow = (y & 0x10000) >> 16;
+        *xc++ = y & 0xffff;
+    } while (xb < xbe);
+    while (xa < xae) {
+        uint32_t y = *xa++ - borrow;
+        borrow = (y & 0x10000) >> 16;
+        *xc++ = y & 0xffff;
+    }
+#endif
+#endif
+    while (!*--xc)
+        wa--;
+    c.resize(wa);
+}
+
+static double ulp(U *x)
+{
+    register int32_t L;
+    U u;
+
+    L = (word0(x) & Exp_mask) - (P - 1) * Exp_msk1;
+#ifndef Avoid_Underflow
+#ifndef Sudden_Underflow
+    if (L > 0) {
+#endif
+#endif
+        word0(&u) = L;
+        word1(&u) = 0;
+#ifndef Avoid_Underflow
+#ifndef Sudden_Underflow
+    } else {
+        L = -L >> Exp_shift;
+        if (L < Exp_shift) {
+            word0(&u) = 0x80000 >> L;
+            word1(&u) = 0;
+        } else {
+            word0(&u) = 0;
+            L -= Exp_shift;
+            word1(&u) = L >= 31 ? 1 : 1 << 31 - L;
+        }
+    }
+#endif
+#endif
+    return dval(&u);
+}
+
+static double b2d(const BigInt& a, int* e)
+{
+    const uint32_t* xa;
+    const uint32_t* xa0;
+    uint32_t w;
+    uint32_t y;
+    uint32_t z;
+    int k;
+    U d;
+
+#define d0 word0(&d)
+#define d1 word1(&d)
+
+    xa0 = a.words();
+    xa = xa0 + a.size();
+    y = *--xa;
+    ASSERT(y);
+    k = hi0bits(y);
+    *e = 32 - k;
+#ifdef Pack_32
+    if (k < Ebits) {
+        d0 = Exp_1 | (y >> (Ebits - k));
+        w = xa > xa0 ? *--xa : 0;
+        d1 = (y << (32 - Ebits + k)) | (w >> (Ebits - k));
+        goto ret_d;
+    }
+    z = xa > xa0 ? *--xa : 0;
+    if (k -= Ebits) {
+        d0 = Exp_1 | (y << k) | (z >> (32 - k));
+        y = xa > xa0 ? *--xa : 0;
+        d1 = (z << k) | (y >> (32 - k));
+    } else {
+        d0 = Exp_1 | y;
+        d1 = z;
+    }
+#else
+    if (k < Ebits + 16) {
+        z = xa > xa0 ? *--xa : 0;
+        d0 = Exp_1 | y << k - Ebits | z >> Ebits + 16 - k;
+        w = xa > xa0 ? *--xa : 0;
+        y = xa > xa0 ? *--xa : 0;
+        d1 = z << k + 16 - Ebits | w << k - Ebits | y >> 16 + Ebits - k;
+        goto ret_d;
+    }
+    z = xa > xa0 ? *--xa : 0;
+    w = xa > xa0 ? *--xa : 0;
+    k -= Ebits + 16;
+    d0 = Exp_1 | y << k + 16 | z << k | w >> 16 - k;
+    y = xa > xa0 ? *--xa : 0;
+    d1 = w << k + 16 | y << k;
+#endif
+ret_d:
+#undef d0
+#undef d1
+    return dval(&d);
+}
+
+static ALWAYS_INLINE void d2b(BigInt& b, U* d, int* e, int* bits)
+{
+    int de, k;
+    uint32_t *x, y, z;
+#ifndef Sudden_Underflow
+    int i;
+#endif
+#define d0 word0(d)
+#define d1 word1(d)
+
+    b.sign = 0;
+#ifdef Pack_32
+    b.resize(1);
+#else
+    b.resize(2);
+#endif
+    x = b.words();
+
+    z = d0 & Frac_mask;
+    d0 &= 0x7fffffff;    /* clear sign bit, which we ignore */
+#ifdef Sudden_Underflow
+    de = (int)(d0 >> Exp_shift);
+#else
+    if ((de = (int)(d0 >> Exp_shift)))
+        z |= Exp_msk1;
+#endif
+#ifdef Pack_32
+    if ((y = d1)) {
+        if ((k = lo0bits(&y))) {
+            x[0] = y | (z << (32 - k));
+            z >>= k;
+        } else
+            x[0] = y;
+            if (z) {
+                b.resize(2);
+                x[1] = z;
+            }
+
+#ifndef Sudden_Underflow
+        i = b.size();
+#endif
+    } else {
+        k = lo0bits(&z);
+        x[0] = z;
+#ifndef Sudden_Underflow
+        i = 1;
+#endif
+        b.resize(1);
+        k += 32;
+    }
+#else
+    if ((y = d1)) {
+        if ((k = lo0bits(&y))) {
+            if (k >= 16) {
+                x[0] = y | z << 32 - k & 0xffff;
+                x[1] = z >> k - 16 & 0xffff;
+                x[2] = z >> k;
+                i = 2;
+            } else {
+                x[0] = y & 0xffff;
+                x[1] = y >> 16 | z << 16 - k & 0xffff;
+                x[2] = z >> k & 0xffff;
+                x[3] = z >> k + 16;
+                i = 3;
+            }
+        } else {
+            x[0] = y & 0xffff;
+            x[1] = y >> 16;
+            x[2] = z & 0xffff;
+            x[3] = z >> 16;
+            i = 3;
+        }
+    } else {
+        k = lo0bits(&z);
+        if (k >= 16) {
+            x[0] = z;
+            i = 0;
+        } else {
+            x[0] = z & 0xffff;
+            x[1] = z >> 16;
+            i = 1;
+        }
+        k += 32;
+    } while (!x[i])
+        --i;
+    b->resize(i + 1);
+#endif
+#ifndef Sudden_Underflow
+    if (de) {
+#endif
+        *e = de - Bias - (P - 1) + k;
+        *bits = P - k;
+#ifndef Sudden_Underflow
+    } else {
+        *e = de - Bias - (P - 1) + 1 + k;
+#ifdef Pack_32
+        *bits = (32 * i) - hi0bits(x[i - 1]);
+#else
+        *bits = (i + 2) * 16 - hi0bits(x[i]);
+#endif
+    }
+#endif
+}
+#undef d0
+#undef d1
+
+static double ratio(const BigInt& a, const BigInt& b)
+{
+    U da, db;
+    int k, ka, kb;
+
+    dval(&da) = b2d(a, &ka);
+    dval(&db) = b2d(b, &kb);
+#ifdef Pack_32
+    k = ka - kb + 32 * (a.size() - b.size());
+#else
+    k = ka - kb + 16 * (a.size() - b.size());
+#endif
+    if (k > 0)
+        word0(&da) += k * Exp_msk1;
+    else {
+        k = -k;
+        word0(&db) += k * Exp_msk1;
+    }
+    return dval(&da) / dval(&db);
+}
+
+static const double tens[] = {
+        1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, 1e8, 1e9,
+        1e10, 1e11, 1e12, 1e13, 1e14, 1e15, 1e16, 1e17, 1e18, 1e19,
+        1e20, 1e21, 1e22
+};
+
+static const double bigtens[] = { 1e16, 1e32, 1e64, 1e128, 1e256 };
+static const double tinytens[] = { 1e-16, 1e-32, 1e-64, 1e-128,
+#ifdef Avoid_Underflow
+        9007199254740992. * 9007199254740992.e-256
+        /* = 2^106 * 1e-53 */
+#else
+        1e-256
+#endif
+};
+
+/* The factor of 2^53 in tinytens[4] helps us avoid setting the underflow */
+/* flag unnecessarily.  It leads to a song and dance at the end of strtod. */
+#define Scale_Bit 0x10
+#define n_bigtens 5
+
+#if defined(INFNAN_CHECK)
+
+#ifndef NAN_WORD0
+#define NAN_WORD0 0x7ff80000
+#endif
+
+#ifndef NAN_WORD1
+#define NAN_WORD1 0
+#endif
+
+static int match(const char** sp, const char* t)
+{
+    int c, d;
+    const char* s = *sp;
+
+    while ((d = *t++)) {
+        if ((c = *++s) >= 'A' && c <= 'Z')
+            c += 'a' - 'A';
+        if (c != d)
+            return 0;
+    }
+    *sp = s + 1;
+    return 1;
+}
+
+#ifndef No_Hex_NaN
+static void hexnan(U* rvp, const char** sp)
+{
+    uint32_t c, x[2];
+    const char* s;
+    int havedig, udx0, xshift;
+
+    x[0] = x[1] = 0;
+    havedig = xshift = 0;
+    udx0 = 1;
+    s = *sp;
+    while ((c = *(const unsigned char*)++s)) {
+        if (c >= '0' && c <= '9')
+            c -= '0';
+        else if (c >= 'a' && c <= 'f')
+            c += 10 - 'a';
+        else if (c >= 'A' && c <= 'F')
+            c += 10 - 'A';
+        else if (c <= ' ') {
+            if (udx0 && havedig) {
+                udx0 = 0;
+                xshift = 1;
+            }
+            continue;
+        } else if (/*(*/ c == ')' && havedig) {
+            *sp = s + 1;
+            break;
+        } else
+            return;    /* invalid form: don't change *sp */
+        havedig = 1;
+        if (xshift) {
+            xshift = 0;
+            x[0] = x[1];
+            x[1] = 0;
+        }
+        if (udx0)
+            x[0] = (x[0] << 4) | (x[1] >> 28);
+        x[1] = (x[1] << 4) | c;
+    }
+    if ((x[0] &= 0xfffff) || x[1]) {
+        word0(rvp) = Exp_mask | x[0];
+        word1(rvp) = x[1];
+    }
+}
+#endif /*No_Hex_NaN*/
+#endif /* INFNAN_CHECK */
+
+double strtod(const char* s00, char** se)
+{
+#ifdef Avoid_Underflow
+    int scale;
+#endif
+    int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign,
+         e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign;
+    const char *s, *s0, *s1;
+    double aadj, aadj1;
+    U aadj2, adj, rv, rv0;
+    int32_t L;
+    uint32_t y, z;
+    BigInt bb, bb1, bd, bd0, bs, delta;
+#ifdef SET_INEXACT
+    int inexact, oldinexact;
+#endif
+
+    sign = nz0 = nz = 0;
+    dval(&rv) = 0;
+    for (s = s00; ; s++)
+        switch (*s) {
+            case '-':
+                sign = 1;
+                /* no break */
+            case '+':
+                if (*++s)
+                    goto break2;
+                /* no break */
+            case 0:
+                goto ret0;
+            case '\t':
+            case '\n':
+            case '\v':
+            case '\f':
+            case '\r':
+            case ' ':
+                continue;
+            default:
+                goto break2;
+        }
+break2:
+    if (*s == '0') {
+        nz0 = 1;
+        while (*++s == '0') { }
+        if (!*s)
+            goto ret;
+    }
+    s0 = s;
+    y = z = 0;
+    for (nd = nf = 0; (c = *s) >= '0' && c <= '9'; nd++, s++)
+        if (nd < 9)
+            y = (10 * y) + c - '0';
+        else if (nd < 16)
+            z = (10 * z) + c - '0';
+    nd0 = nd;
+    if (c == '.') {
+        c = *++s;
+        if (!nd) {
+            for (; c == '0'; c = *++s)
+                nz++;
+            if (c > '0' && c <= '9') {
+                s0 = s;
+                nf += nz;
+                nz = 0;
+                goto have_dig;
+            }
+            goto dig_done;
+        }
+        for (; c >= '0' && c <= '9'; c = *++s) {
+have_dig:
+            nz++;
+            if (c -= '0') {
+                nf += nz;
+                for (i = 1; i < nz; i++)
+                    if (nd++ < 9)
+                        y *= 10;
+                    else if (nd <= DBL_DIG + 1)
+                        z *= 10;
+                if (nd++ < 9)
+                    y = (10 * y) + c;
+                else if (nd <= DBL_DIG + 1)
+                    z = (10 * z) + c;
+                nz = 0;
+            }
+        }
+    }
+dig_done:
+    e = 0;
+    if (c == 'e' || c == 'E') {
+        if (!nd && !nz && !nz0) {
+            goto ret0;
+        }
+        s00 = s;
+        esign = 0;
+        switch (c = *++s) {
+            case '-':
+                esign = 1;
+            case '+':
+                c = *++s;
+        }
+        if (c >= '0' && c <= '9') {
+            while (c == '0')
+                c = *++s;
+            if (c > '0' && c <= '9') {
+                L = c - '0';
+                s1 = s;
+                while ((c = *++s) >= '0' && c <= '9')
+                    L = (10 * L) + c - '0';
+                if (s - s1 > 8 || L > 19999)
+                    /* Avoid confusion from exponents
+                     * so large that e might overflow.
+                     */
+                    e = 19999; /* safe for 16 bit ints */
+                else
+                    e = (int)L;
+                if (esign)
+                    e = -e;
+            } else
+                e = 0;
+        } else
+            s = s00;
+    }
+    if (!nd) {
+        if (!nz && !nz0) {
+#ifdef INFNAN_CHECK
+            /* Check for Nan and Infinity */
+            switch(c) {
+                case 'i':
+                case 'I':
+                    if (match(&s,"nf")) {
+                        --s;
+                        if (!match(&s,"inity"))
+                            ++s;
+                        word0(&rv) = 0x7ff00000;
+                        word1(&rv) = 0;
+                        goto ret;
+                    }
+                    break;
+                case 'n':
+                case 'N':
+                    if (match(&s, "an")) {
+                        word0(&rv) = NAN_WORD0;
+                        word1(&rv) = NAN_WORD1;
+#ifndef No_Hex_NaN
+                        if (*s == '(') /*)*/
+                            hexnan(&rv, &s);
+#endif
+                        goto ret;
+                    }
+            }
+#endif /* INFNAN_CHECK */
+ret0:
+            s = s00;
+            sign = 0;
+        }
+        goto ret;
+    }
+    e1 = e -= nf;
+
+    /* Now we have nd0 digits, starting at s0, followed by a
+     * decimal point, followed by nd-nd0 digits.  The number we're
+     * after is the integer represented by those digits times
+     * 10**e */
+
+    if (!nd0)
+        nd0 = nd;
+    k = nd < DBL_DIG + 1 ? nd : DBL_DIG + 1;
+    dval(&rv) = y;
+    if (k > 9) {
+#ifdef SET_INEXACT
+        if (k > DBL_DIG)
+            oldinexact = get_inexact();
+#endif
+        dval(&rv) = tens[k - 9] * dval(&rv) + z;
+    }
+    if (nd <= DBL_DIG && Flt_Rounds == 1) {
+        if (!e)
+            goto ret;
+        if (e > 0) {
+            if (e <= Ten_pmax) {
+                /* rv = */ rounded_product(dval(&rv), tens[e]);
+                goto ret;
+            }
+            i = DBL_DIG - nd;
+            if (e <= Ten_pmax + i) {
+                /* A fancier test would sometimes let us do
+                 * this for larger i values.
+                 */
+                e -= i;
+                dval(&rv) *= tens[i];
+                /* rv = */ rounded_product(dval(&rv), tens[e]);
+                goto ret;
+            }
+        }
+#ifndef Inaccurate_Divide
+        else if (e >= -Ten_pmax) {
+            /* rv = */ rounded_quotient(dval(&rv), tens[-e]);
+            goto ret;
+        }
+#endif
+    }
+    e1 += nd - k;
+
+#ifdef SET_INEXACT
+    inexact = 1;
+    if (k <= DBL_DIG)
+        oldinexact = get_inexact();
+#endif
+#ifdef Avoid_Underflow
+    scale = 0;
+#endif
+
+    /* Get starting approximation = rv * 10**e1 */
+
+    if (e1 > 0) {
+        if ((i = e1 & 15))
+            dval(&rv) *= tens[i];
+        if (e1 &= ~15) {
+            if (e1 > DBL_MAX_10_EXP) {
+ovfl:
+#ifndef NO_ERRNO
+                errno = ERANGE;
+#endif
+                /* Can't trust HUGE_VAL */
+                word0(&rv) = Exp_mask;
+                word1(&rv) = 0;
+#ifdef SET_INEXACT
+                /* set overflow bit */
+                dval(&rv0) = 1e300;
+                dval(&rv0) *= dval(&rv0);
+#endif
+                goto ret;
+            }
+            e1 >>= 4;
+            for (j = 0; e1 > 1; j++, e1 >>= 1)
+                if (e1 & 1)
+                    dval(&rv) *= bigtens[j];
+        /* The last multiplication could overflow. */
+            word0(&rv) -= P * Exp_msk1;
+            dval(&rv) *= bigtens[j];
+            if ((z = word0(&rv) & Exp_mask) > Exp_msk1 * (DBL_MAX_EXP + Bias - P))
+                goto ovfl;
+            if (z > Exp_msk1 * (DBL_MAX_EXP + Bias - 1 - P)) {
+                /* set to largest number */
+                /* (Can't trust DBL_MAX) */
+                word0(&rv) = Big0;
+                word1(&rv) = Big1;
+            } else
+                word0(&rv) += P * Exp_msk1;
+        }
+    } else if (e1 < 0) {
+        e1 = -e1;
+        if ((i = e1 & 15))
+            dval(&rv) /= tens[i];
+        if (e1 >>= 4) {
+            if (e1 >= 1 << n_bigtens)
+                goto undfl;
+#ifdef Avoid_Underflow
+            if (e1 & Scale_Bit)
+                scale = 2 * P;
+            for (j = 0; e1 > 0; j++, e1 >>= 1)
+                if (e1 & 1)
+                    dval(&rv) *= tinytens[j];
+            if (scale && (j = (2 * P) + 1 - ((word0(&rv) & Exp_mask) >> Exp_shift)) > 0) {
+                /* scaled rv is denormal; zap j low bits */
+                if (j >= 32) {
+                    word1(&rv) = 0;
+                    if (j >= 53)
+                       word0(&rv) = (P + 2) * Exp_msk1;
+                    else
+                       word0(&rv) &= 0xffffffff << (j - 32);
+                } else
+                    word1(&rv) &= 0xffffffff << j;
+            }
+#else
+            for (j = 0; e1 > 1; j++, e1 >>= 1)
+                if (e1 & 1)
+                    dval(&rv) *= tinytens[j];
+            /* The last multiplication could underflow. */
+            dval(&rv0) = dval(&rv);
+            dval(&rv) *= tinytens[j];
+            if (!dval(&rv)) {
+                dval(&rv) = 2. * dval(&rv0);
+                dval(&rv) *= tinytens[j];
+#endif
+                if (!dval(&rv)) {
+undfl:
+                    dval(&rv) = 0.;
+#ifndef NO_ERRNO
+                    errno = ERANGE;
+#endif
+                    goto ret;
+                }
+#ifndef Avoid_Underflow
+                word0(&rv) = Tiny0;
+                word1(&rv) = Tiny1;
+                /* The refinement below will clean
+                 * this approximation up.
+                 */
+            }
+#endif
+        }
+    }
+
+    /* Now the hard part -- adjusting rv to the correct value.*/
+
+    /* Put digits into bd: true value = bd * 10^e */
+
+    s2b(bd0, s0, nd0, nd, y);
+
+    for (;;) {
+        bd = bd0;
+        d2b(bb, &rv, &bbe, &bbbits);    /* rv = bb * 2^bbe */
+        i2b(bs, 1);
+
+        if (e >= 0) {
+            bb2 = bb5 = 0;
+            bd2 = bd5 = e;
+        } else {
+            bb2 = bb5 = -e;
+            bd2 = bd5 = 0;
+        }
+        if (bbe >= 0)
+            bb2 += bbe;
+        else
+            bd2 -= bbe;
+        bs2 = bb2;
+#ifdef Avoid_Underflow
+        j = bbe - scale;
+        i = j + bbbits - 1;    /* logb(rv) */
+        if (i < Emin)    /* denormal */
+            j += P - Emin;
+        else
+            j = P + 1 - bbbits;
+#else /*Avoid_Underflow*/
+#ifdef Sudden_Underflow
+        j = P + 1 - bbbits;
+#else /*Sudden_Underflow*/
+        j = bbe;
+        i = j + bbbits - 1;    /* logb(rv) */
+        if (i < Emin)    /* denormal */
+            j += P - Emin;
+        else
+            j = P + 1 - bbbits;
+#endif /*Sudden_Underflow*/
+#endif /*Avoid_Underflow*/
+        bb2 += j;
+        bd2 += j;
+#ifdef Avoid_Underflow
+        bd2 += scale;
+#endif
+        i = bb2 < bd2 ? bb2 : bd2;
+        if (i > bs2)
+            i = bs2;
+        if (i > 0) {
+            bb2 -= i;
+            bd2 -= i;
+            bs2 -= i;
+        }
+        if (bb5 > 0) {
+            pow5mult(bs, bb5);
+            mult(bb, bs);
+        }
+        if (bb2 > 0)
+            lshift(bb, bb2);
+        if (bd5 > 0)
+            pow5mult(bd, bd5);
+        if (bd2 > 0)
+            lshift(bd, bd2);
+        if (bs2 > 0)
+            lshift(bs, bs2);
+        diff(delta, bb, bd);
+        dsign = delta.sign;
+        delta.sign = 0;
+        i = cmp(delta, bs);
+
+        if (i < 0) {
+            /* Error is less than half an ulp -- check for
+             * special case of mantissa a power of two.
+             */
+            if (dsign || word1(&rv) || word0(&rv) & Bndry_mask
+#ifdef Avoid_Underflow
+             || (word0(&rv) & Exp_mask) <= (2 * P + 1) * Exp_msk1
+#else
+             || (word0(&rv) & Exp_mask) <= Exp_msk1
+#endif
+                ) {
+#ifdef SET_INEXACT
+                if (!delta->words()[0] && delta->size() <= 1)
+                    inexact = 0;
+#endif
+                break;
+            }
+            if (!delta.words()[0] && delta.size() <= 1) {
+                /* exact result */
+#ifdef SET_INEXACT
+                inexact = 0;
+#endif
+                break;
+            }
+            lshift(delta, Log2P);
+            if (cmp(delta, bs) > 0)
+                goto drop_down;
+            break;
+        }
+        if (i == 0) {
+            /* exactly half-way between */
+            if (dsign) {
+                if ((word0(&rv) & Bndry_mask1) == Bndry_mask1
+                 &&  word1(&rv) == (
+#ifdef Avoid_Underflow
+            (scale && (y = word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1)
+        ? (0xffffffff & (0xffffffff << (2 * P + 1 - (y >> Exp_shift)))) :
+#endif
+                           0xffffffff)) {
+                    /*boundary case -- increment exponent*/
+                    word0(&rv) = (word0(&rv) & Exp_mask) + Exp_msk1;
+                    word1(&rv) = 0;
+#ifdef Avoid_Underflow
+                    dsign = 0;
+#endif
+                    break;
+                }
+            } else if (!(word0(&rv) & Bndry_mask) && !word1(&rv)) {
+drop_down:
+                /* boundary case -- decrement exponent */
+#ifdef Sudden_Underflow /*{{*/
+                L = word0(&rv) & Exp_mask;
+#ifdef Avoid_Underflow
+                if (L <= (scale ? (2 * P + 1) * Exp_msk1 : Exp_msk1))
+#else
+                if (L <= Exp_msk1)
+#endif /*Avoid_Underflow*/
+                    goto undfl;
+                L -= Exp_msk1;
+#else /*Sudden_Underflow}{*/
+#ifdef Avoid_Underflow
+                if (scale) {
+                    L = word0(&rv) & Exp_mask;
+                    if (L <= (2 * P + 1) * Exp_msk1) {
+                        if (L > (P + 2) * Exp_msk1)
+                            /* round even ==> */
+                            /* accept rv */
+                            break;
+                        /* rv = smallest denormal */
+                        goto undfl;
+                    }
+                }
+#endif /*Avoid_Underflow*/
+                L = (word0(&rv) & Exp_mask) - Exp_msk1;
+#endif /*Sudden_Underflow}}*/
+                word0(&rv) = L | Bndry_mask1;
+                word1(&rv) = 0xffffffff;
+                break;
+            }
+            if (!(word1(&rv) & LSB))
+                break;
+            if (dsign)
+                dval(&rv) += ulp(&rv);
+            else {
+                dval(&rv) -= ulp(&rv);
+#ifndef Sudden_Underflow
+                if (!dval(&rv))
+                    goto undfl;
+#endif
+            }
+#ifdef Avoid_Underflow
+            dsign = 1 - dsign;
+#endif
+            break;
+        }
+        if ((aadj = ratio(delta, bs)) <= 2.) {
+            if (dsign)
+                aadj = aadj1 = 1.;
+            else if (word1(&rv) || word0(&rv) & Bndry_mask) {
+#ifndef Sudden_Underflow
+                if (word1(&rv) == Tiny1 && !word0(&rv))
+                    goto undfl;
+#endif
+                aadj = 1.;
+                aadj1 = -1.;
+            } else {
+                /* special case -- power of FLT_RADIX to be */
+                /* rounded down... */
+
+                if (aadj < 2. / FLT_RADIX)
+                    aadj = 1. / FLT_RADIX;
+                else
+                    aadj *= 0.5;
+                aadj1 = -aadj;
+            }
+        } else {
+            aadj *= 0.5;
+            aadj1 = dsign ? aadj : -aadj;
+#ifdef Check_FLT_ROUNDS
+            switch (Rounding) {
+                case 2: /* towards +infinity */
+                    aadj1 -= 0.5;
+                    break;
+                case 0: /* towards 0 */
+                case 3: /* towards -infinity */
+                    aadj1 += 0.5;
+            }
+#else
+            if (Flt_Rounds == 0)
+                aadj1 += 0.5;
+#endif /*Check_FLT_ROUNDS*/
+        }
+        y = word0(&rv) & Exp_mask;
+
+        /* Check for overflow */
+
+        if (y == Exp_msk1 * (DBL_MAX_EXP + Bias - 1)) {
+            dval(&rv0) = dval(&rv);
+            word0(&rv) -= P * Exp_msk1;
+            adj.d = aadj1 * ulp(&rv);
+            dval(&rv) += adj.d;
+            if ((word0(&rv) & Exp_mask) >= Exp_msk1 * (DBL_MAX_EXP + Bias - P)) {
+                if (word0(&rv0) == Big0 && word1(&rv0) == Big1)
+                    goto ovfl;
+                word0(&rv) = Big0;
+                word1(&rv) = Big1;
+                goto cont;
+            } else
+                word0(&rv) += P * Exp_msk1;
+        } else {
+#ifdef Avoid_Underflow
+            if (scale && y <= 2 * P * Exp_msk1) {
+                if (aadj <= 0x7fffffff) {
+                    if ((z = (uint32_t)aadj) <= 0)
+                        z = 1;
+                    aadj = z;
+                    aadj1 = dsign ? aadj : -aadj;
+                }
+                dval(&aadj2) = aadj1;
+                word0(&aadj2) += (2 * P + 1) * Exp_msk1 - y;
+                aadj1 = dval(&aadj2);
+            }
+            adj.d = aadj1 * ulp(&rv);
+            dval(&rv) += adj.d;
+#else
+#ifdef Sudden_Underflow
+            if ((word0(&rv) & Exp_mask) <= P * Exp_msk1) {
+                dval(&rv0) = dval(&rv);
+                word0(&rv) += P * Exp_msk1;
+                adj.d = aadj1 * ulp(&rv);
+                dval(&rv) += adj.d;
+                if ((word0(&rv) & Exp_mask) <= P * Exp_msk1)
+                {
+                    if (word0(&rv0) == Tiny0 && word1(&rv0) == Tiny1)
+                        goto undfl;
+                    word0(&rv) = Tiny0;
+                    word1(&rv) = Tiny1;
+                    goto cont;
+                }
+                else
+                    word0(&rv) -= P * Exp_msk1;
+            } else {
+                adj.d = aadj1 * ulp(&rv);
+                dval(&rv) += adj.d;
+            }
+#else /*Sudden_Underflow*/
+            /* Compute adj so that the IEEE rounding rules will
+             * correctly round rv + adj in some half-way cases.
+             * If rv * ulp(rv) is denormalized (i.e.,
+             * y <= (P - 1) * Exp_msk1), we must adjust aadj to avoid
+             * trouble from bits lost to denormalization;
+             * example: 1.2e-307 .
+             */
+            if (y <= (P - 1) * Exp_msk1 && aadj > 1.) {
+                aadj1 = (double)(int)(aadj + 0.5);
+                if (!dsign)
+                    aadj1 = -aadj1;
+            }
+            adj.d = aadj1 * ulp(&rv);
+            dval(&rv) += adj.d;
+#endif /*Sudden_Underflow*/
+#endif /*Avoid_Underflow*/
+        }
+        z = word0(&rv) & Exp_mask;
+#ifndef SET_INEXACT
+#ifdef Avoid_Underflow
+        if (!scale)
+#endif
+        if (y == z) {
+            /* Can we stop now? */
+            L = (int32_t)aadj;
+            aadj -= L;
+            /* The tolerances below are conservative. */
+            if (dsign || word1(&rv) || word0(&rv) & Bndry_mask) {
+                if (aadj < .4999999 || aadj > .5000001)
+                    break;
+            } else if (aadj < .4999999 / FLT_RADIX)
+                break;
+        }
+#endif
+cont:
+        ;
+    }
+#ifdef SET_INEXACT
+    if (inexact) {
+        if (!oldinexact) {
+            word0(&rv0) = Exp_1 + (70 << Exp_shift);
+            word1(&rv0) = 0;
+            dval(&rv0) += 1.;
+        }
+    } else if (!oldinexact)
+        clear_inexact();
+#endif
+#ifdef Avoid_Underflow
+    if (scale) {
+        word0(&rv0) = Exp_1 - 2 * P * Exp_msk1;
+        word1(&rv0) = 0;
+        dval(&rv) *= dval(&rv0);
+#ifndef NO_ERRNO
+        /* try to avoid the bug of testing an 8087 register value */
+        if (word0(&rv) == 0 && word1(&rv) == 0)
+            errno = ERANGE;
+#endif
+    }
+#endif /* Avoid_Underflow */
+#ifdef SET_INEXACT
+    if (inexact && !(word0(&rv) & Exp_mask)) {
+        /* set underflow bit */
+        dval(&rv0) = 1e-300;
+        dval(&rv0) *= dval(&rv0);
+    }
+#endif
+ret:
+    if (se)
+        *se = const_cast<char*>(s);
+    return sign ? -dval(&rv) : dval(&rv);
+}
+
+static ALWAYS_INLINE int quorem(BigInt& b, BigInt& S)
+{
+    size_t n;
+    uint32_t *bx, *bxe, q, *sx, *sxe;
+#ifdef USE_LONG_LONG
+    unsigned long long borrow, carry, y, ys;
+#else
+    uint32_t borrow, carry, y, ys;
+#ifdef Pack_32
+    uint32_t si, z, zs;
+#endif
+#endif
+    ASSERT(b.size() <= 1 || b.words()[b.size() - 1]);
+    ASSERT(S.size() <= 1 || S.words()[S.size() - 1]);
+
+    n = S.size();
+    ASSERT_WITH_MESSAGE(b.size() <= n, "oversize b in quorem");
+    if (b.size() < n)
+        return 0;
+    sx = S.words();
+    sxe = sx + --n;
+    bx = b.words();
+    bxe = bx + n;
+    q = *bxe / (*sxe + 1);    /* ensure q <= true quotient */
+    ASSERT_WITH_MESSAGE(q <= 9, "oversized quotient in quorem");
+    if (q) {
+        borrow = 0;
+        carry = 0;
+        do {
+#ifdef USE_LONG_LONG
+            ys = *sx++ * (unsigned long long)q + carry;
+            carry = ys >> 32;
+            y = *bx - (ys & 0xffffffffUL) - borrow;
+            borrow = y >> 32 & (uint32_t)1;
+            *bx++ = (uint32_t)y & 0xffffffffUL;
+#else
+#ifdef Pack_32
+            si = *sx++;
+            ys = (si & 0xffff) * q + carry;
+            zs = (si >> 16) * q + (ys >> 16);
+            carry = zs >> 16;
+            y = (*bx & 0xffff) - (ys & 0xffff) - borrow;
+            borrow = (y & 0x10000) >> 16;
+            z = (*bx >> 16) - (zs & 0xffff) - borrow;
+            borrow = (z & 0x10000) >> 16;
+            Storeinc(bx, z, y);
+#else
+            ys = *sx++ * q + carry;
+            carry = ys >> 16;
+            y = *bx - (ys & 0xffff) - borrow;
+            borrow = (y & 0x10000) >> 16;
+            *bx++ = y & 0xffff;
+#endif
+#endif
+        } while (sx <= sxe);
+        if (!*bxe) {
+            bx = b.words();
+            while (--bxe > bx && !*bxe)
+                --n;
+            b.resize(n);
+        }
+    }
+    if (cmp(b, S) >= 0) {
+        q++;
+        borrow = 0;
+        carry = 0;
+        bx = b.words();
+        sx = S.words();
+        do {
+#ifdef USE_LONG_LONG
+            ys = *sx++ + carry;
+            carry = ys >> 32;
+            y = *bx - (ys & 0xffffffffUL) - borrow;
+            borrow = y >> 32 & (uint32_t)1;
+            *bx++ = (uint32_t)y & 0xffffffffUL;
+#else
+#ifdef Pack_32
+            si = *sx++;
+            ys = (si & 0xffff) + carry;
+            zs = (si >> 16) + (ys >> 16);
+            carry = zs >> 16;
+            y = (*bx & 0xffff) - (ys & 0xffff) - borrow;
+            borrow = (y & 0x10000) >> 16;
+            z = (*bx >> 16) - (zs & 0xffff) - borrow;
+            borrow = (z & 0x10000) >> 16;
+            Storeinc(bx, z, y);
+#else
+            ys = *sx++ + carry;
+            carry = ys >> 16;
+            y = *bx - (ys & 0xffff) - borrow;
+            borrow = (y & 0x10000) >> 16;
+            *bx++ = y & 0xffff;
+#endif
+#endif
+        } while (sx <= sxe);
+        bx = b.words();
+        bxe = bx + n;
+        if (!*bxe) {
+            while (--bxe > bx && !*bxe)
+                --n;
+            b.resize(n);
+        }
+    }
+    return q;
+}
+
+/* dtoa for IEEE arithmetic (dmg): convert double to ASCII string.
+ *
+ * Inspired by "How to Print Floating-Point Numbers Accurately" by
+ * Guy L. Steele, Jr. and Jon L. White [Proc. ACM SIGPLAN '90, pp. 92-101].
+ *
+ * Modifications:
+ *    1. Rather than iterating, we use a simple numeric overestimate
+ *       to determine k = floor(log10(d)).  We scale relevant
+ *       quantities using O(log2(k)) rather than O(k) multiplications.
+ *    2. For some modes > 2 (corresponding to ecvt and fcvt), we don't
+ *       try to generate digits strictly left to right.  Instead, we
+ *       compute with fewer bits and propagate the carry if necessary
+ *       when rounding the final digit up.  This is often faster.
+ *    3. Under the assumption that input will be rounded nearest,
+ *       mode 0 renders 1e23 as 1e23 rather than 9.999999999999999e22.
+ *       That is, we allow equality in stopping tests when the
+ *       round-nearest rule will give the same floating-point value
+ *       as would satisfaction of the stopping test with strict
+ *       inequality.
+ *    4. We remove common factors of powers of 2 from relevant
+ *       quantities.
+ *    5. When converting floating-point integers less than 1e16,
+ *       we use floating-point arithmetic rather than resorting
+ *       to multiple-precision integers.
+ *    6. When asked to produce fewer than 15 digits, we first try
+ *       to get by with floating-point arithmetic; we resort to
+ *       multiple-precision integer arithmetic only if we cannot
+ *       guarantee that the floating-point calculation has given
+ *       the correctly rounded result.  For k requested digits and
+ *       "uniformly" distributed input, the probability is
+ *       something like 10^(k-15) that we must resort to the int32_t
+ *       calculation.
+ */
+
+void dtoa(char* result, double dd, int ndigits, int* decpt, int* sign, char** rve)
+{
+    /*
+        Arguments ndigits, decpt, sign are similar to those
+    of ecvt and fcvt; trailing zeros are suppressed from
+    the returned string.  If not null, *rve is set to point
+    to the end of the return value.  If d is +-Infinity or NaN,
+    then *decpt is set to 9999.
+
+    */
+
+    int bbits, b2, b5, be, dig, i, ieps, ilim = 0, ilim0, ilim1 = 0,
+        j, j1, k, k0, k_check, leftright, m2, m5, s2, s5,
+        spec_case, try_quick;
+    int32_t L;
+#ifndef Sudden_Underflow
+    int denorm;
+    uint32_t x;
+#endif
+    BigInt b, b1, delta, mlo, mhi, S;
+    U d2, eps, u;
+    double ds;
+    char *s, *s0;
+#ifdef SET_INEXACT
+    int inexact, oldinexact;
+#endif
+
+    u.d = dd;
+    if (word0(&u) & Sign_bit) {
+        /* set sign for everything, including 0's and NaNs */
+        *sign = 1;
+        word0(&u) &= ~Sign_bit;    /* clear sign bit */
+    } else
+        *sign = 0;
+
+    if ((word0(&u) & Exp_mask) == Exp_mask)
+    {
+        /* Infinity or NaN */
+        *decpt = 9999;
+        if (!word1(&u) && !(word0(&u) & 0xfffff))
+            strcpy(result, "Infinity");
+        else 
+            strcpy(result, "NaN");
+        return;
+    }
+    if (!dval(&u)) {
+        *decpt = 1;
+        result[0] = '0';
+        result[1] = '\0';
+        return;
+    }
+
+#ifdef SET_INEXACT
+    try_quick = oldinexact = get_inexact();
+    inexact = 1;
+#endif
+
+    d2b(b, &u, &be, &bbits);
+#ifdef Sudden_Underflow
+    i = (int)(word0(&u) >> Exp_shift1 & (Exp_mask >> Exp_shift1));
+#else
+    if ((i = (int)(word0(&u) >> Exp_shift1 & (Exp_mask >> Exp_shift1)))) {
+#endif
+        dval(&d2) = dval(&u);
+        word0(&d2) &= Frac_mask1;
+        word0(&d2) |= Exp_11;
+
+        /* log(x)    ~=~ log(1.5) + (x-1.5)/1.5
+         * log10(x)     =  log(x) / log(10)
+         *        ~=~ log(1.5)/log(10) + (x-1.5)/(1.5*log(10))
+         * log10(d) = (i-Bias)*log(2)/log(10) + log10(d2)
+         *
+         * This suggests computing an approximation k to log10(d) by
+         *
+         * k = (i - Bias)*0.301029995663981
+         *    + ( (d2-1.5)*0.289529654602168 + 0.176091259055681 );
+         *
+         * We want k to be too large rather than too small.
+         * The error in the first-order Taylor series approximation
+         * is in our favor, so we just round up the constant enough
+         * to compensate for any error in the multiplication of
+         * (i - Bias) by 0.301029995663981; since |i - Bias| <= 1077,
+         * and 1077 * 0.30103 * 2^-52 ~=~ 7.2e-14,
+         * adding 1e-13 to the constant term more than suffices.
+         * Hence we adjust the constant term to 0.1760912590558.
+         * (We could get a more accurate k by invoking log10,
+         *  but this is probably not worthwhile.)
+         */
+
+        i -= Bias;
+#ifndef Sudden_Underflow
+        denorm = 0;
+    } else {
+        /* d is denormalized */
+
+        i = bbits + be + (Bias + (P - 1) - 1);
+        x = (i > 32) ? (word0(&u) << (64 - i)) | (word1(&u) >> (i - 32))
+                : word1(&u) << (32 - i);
+        dval(&d2) = x;
+        word0(&d2) -= 31 * Exp_msk1; /* adjust exponent */
+        i -= (Bias + (P - 1) - 1) + 1;
+        denorm = 1;
+    }
+#endif
+    ds = (dval(&d2) - 1.5) * 0.289529654602168 + 0.1760912590558 + (i * 0.301029995663981);
+    k = (int)ds;
+    if (ds < 0. && ds != k)
+        k--;    /* want k = floor(ds) */
+    k_check = 1;
+    if (k >= 0 && k <= Ten_pmax) {
+        if (dval(&u) < tens[k])
+            k--;
+        k_check = 0;
+    }
+    j = bbits - i - 1;
+    if (j >= 0) {
+        b2 = 0;
+        s2 = j;
+    } else {
+        b2 = -j;
+        s2 = 0;
+    }
+    if (k >= 0) {
+        b5 = 0;
+        s5 = k;
+        s2 += k;
+    } else {
+        b2 -= k;
+        b5 = -k;
+        s5 = 0;
+    }
+
+#ifndef SET_INEXACT
+#ifdef Check_FLT_ROUNDS
+    try_quick = Rounding == 1;
+#else
+    try_quick = 1;
+#endif
+#endif /*SET_INEXACT*/
+
+    leftright = 1;
+    ilim = ilim1 = -1;
+    i = 18;
+    ndigits = 0;
+    s = s0 = result;
+
+    if (ilim >= 0 && ilim <= Quick_max && try_quick) {
+
+        /* Try to get by with floating-point arithmetic. */
+
+        i = 0;
+        dval(&d2) = dval(&u);
+        k0 = k;
+        ilim0 = ilim;
+        ieps = 2; /* conservative */
+        if (k > 0) {
+            ds = tens[k & 0xf];
+            j = k >> 4;
+            if (j & Bletch) {
+                /* prevent overflows */
+                j &= Bletch - 1;
+                dval(&u) /= bigtens[n_bigtens - 1];
+                ieps++;
+            }
+            for (; j; j >>= 1, i++) {
+                if (j & 1) {
+                    ieps++;
+                    ds *= bigtens[i];
+                }
+            }
+            dval(&u) /= ds;
+        } else if ((j1 = -k)) {
+            dval(&u) *= tens[j1 & 0xf];
+            for (j = j1 >> 4; j; j >>= 1, i++) {
+                if (j & 1) {
+                    ieps++;
+                    dval(&u) *= bigtens[i];
+                }
+            }
+        }
+        if (k_check && dval(&u) < 1. && ilim > 0) {
+            if (ilim1 <= 0)
+                goto fast_failed;
+            ilim = ilim1;
+            k--;
+            dval(&u) *= 10.;
+            ieps++;
+        }
+        dval(&eps) = (ieps * dval(&u)) + 7.;
+        word0(&eps) -= (P - 1) * Exp_msk1;
+        if (ilim == 0) {
+            S.clear();
+            mhi.clear();
+            dval(&u) -= 5.;
+            if (dval(&u) > dval(&eps))
+                goto one_digit;
+            if (dval(&u) < -dval(&eps))
+                goto no_digits;
+            goto fast_failed;
+        }
+#ifndef No_leftright
+        if (leftright) {
+            /* Use Steele & White method of only
+             * generating digits needed.
+             */
+            dval(&eps) = (0.5 / tens[ilim - 1]) - dval(&eps);
+            for (i = 0;;) {
+                L = (long int)dval(&u);
+                dval(&u) -= L;
+                *s++ = '0' + (int)L;
+                if (dval(&u) < dval(&eps))
+                    goto ret;
+                if (1. - dval(&u) < dval(&eps))
+                    goto bump_up;
+                if (++i >= ilim)
+                    break;
+                dval(&eps) *= 10.;
+                dval(&u) *= 10.;
+            }
+        } else {
+#endif
+            /* Generate ilim digits, then fix them up. */
+            dval(&eps) *= tens[ilim - 1];
+            for (i = 1;; i++, dval(&u) *= 10.) {
+                L = (int32_t)(dval(&u));
+                if (!(dval(&u) -= L))
+                    ilim = i;
+                *s++ = '0' + (int)L;
+                if (i == ilim) {
+                    if (dval(&u) > 0.5 + dval(&eps))
+                        goto bump_up;
+                    else if (dval(&u) < 0.5 - dval(&eps)) {
+                        while (*--s == '0') { }
+                        s++;
+                        goto ret;
+                    }
+                    break;
+                }
+            }
+#ifndef No_leftright
+        }
+#endif
+fast_failed:
+        s = s0;
+        dval(&u) = dval(&d2);
+        k = k0;
+        ilim = ilim0;
+    }
+
+    /* Do we have a "small" integer? */
+
+    if (be >= 0 && k <= Int_max) {
+        /* Yes. */
+        ds = tens[k];
+        if (ndigits < 0 && ilim <= 0) {
+            S.clear();
+            mhi.clear();
+            if (ilim < 0 || dval(&u) <= 5 * ds)
+                goto no_digits;
+            goto one_digit;
+        }
+        for (i = 1;; i++, dval(&u) *= 10.) {
+            L = (int32_t)(dval(&u) / ds);
+            dval(&u) -= L * ds;
+#ifdef Check_FLT_ROUNDS
+            /* If FLT_ROUNDS == 2, L will usually be high by 1 */
+            if (dval(&u) < 0) {
+                L--;
+                dval(&u) += ds;
+            }
+#endif
+            *s++ = '0' + (int)L;
+            if (!dval(&u)) {
+#ifdef SET_INEXACT
+                inexact = 0;
+#endif
+                break;
+            }
+            if (i == ilim) {
+                dval(&u) += dval(&u);
+                if (dval(&u) > ds || (dval(&u) == ds && (L & 1))) {
+bump_up:
+                    while (*--s == '9')
+                        if (s == s0) {
+                            k++;
+                            *s = '0';
+                            break;
+                        }
+                    ++*s++;
+                }
+                break;
+            }
+        }
+        goto ret;
+    }
+
+    m2 = b2;
+    m5 = b5;
+    mhi.clear();
+    mlo.clear();
+    if (leftright) {
+        i =
+#ifndef Sudden_Underflow
+            denorm ? be + (Bias + (P - 1) - 1 + 1) :
+#endif
+            1 + P - bbits;
+        b2 += i;
+        s2 += i;
+        i2b(mhi, 1);
+    }
+    if (m2 > 0 && s2 > 0) {
+        i = m2 < s2 ? m2 : s2;
+        b2 -= i;
+        m2 -= i;
+        s2 -= i;
+    }
+    if (b5 > 0) {
+        if (leftright) {
+            if (m5 > 0) {
+                pow5mult(mhi, m5);
+                mult(b, mhi);
+            }
+            if ((j = b5 - m5))
+                pow5mult(b, j);
+        } else
+            pow5mult(b, b5);
+        }
+    i2b(S, 1);
+    if (s5 > 0)
+        pow5mult(S, s5);
+
+    /* Check for special case that d is a normalized power of 2. */
+
+    spec_case = 0;
+    if (!word1(&u) && !(word0(&u) & Bndry_mask)
+#ifndef Sudden_Underflow
+     && word0(&u) & (Exp_mask & ~Exp_msk1)
+#endif
+            ) {
+        /* The special case */
+        b2 += Log2P;
+        s2 += Log2P;
+        spec_case = 1;
+    }
+
+    /* Arrange for convenient computation of quotients:
+     * shift left if necessary so divisor has 4 leading 0 bits.
+     *
+     * Perhaps we should just compute leading 28 bits of S once
+     * and for all and pass them and a shift to quorem, so it
+     * can do shifts and ors to compute the numerator for q.
+     */
+#ifdef Pack_32
+    if ((i = ((s5 ? 32 - hi0bits(S.words()[S.size() - 1]) : 1) + s2) & 0x1f))
+        i = 32 - i;
+#else
+    if ((i = ((s5 ? 32 - hi0bits(S.words()[S.size() - 1]) : 1) + s2) & 0xf))
+        i = 16 - i;
+#endif
+    if (i > 4) {
+        i -= 4;
+        b2 += i;
+        m2 += i;
+        s2 += i;
+    } else if (i < 4) {
+        i += 28;
+        b2 += i;
+        m2 += i;
+        s2 += i;
+    }
+    if (b2 > 0)
+        lshift(b, b2);
+    if (s2 > 0)
+        lshift(S, s2);
+    if (k_check) {
+        if (cmp(b,S) < 0) {
+            k--;
+            multadd(b, 10, 0);    /* we botched the k estimate */
+            if (leftright)
+                multadd(mhi, 10, 0);
+            ilim = ilim1;
+        }
+    }
+
+    if (leftright) {
+        if (m2 > 0)
+            lshift(mhi, m2);
+
+        /* Compute mlo -- check for special case
+         * that d is a normalized power of 2.
+         */
+
+        mlo = mhi;
+        if (spec_case) {
+            mhi = mlo;
+            lshift(mhi, Log2P);
+        }
+
+        for (i = 1;;i++) {
+            dig = quorem(b,S) + '0';
+            /* Do we yet have the shortest decimal string
+             * that will round to d?
+             */
+            j = cmp(b, mlo);
+            diff(delta, S, mhi);
+            j1 = delta.sign ? 1 : cmp(b, delta);
+            if (j1 == 0 && !(word1(&u) & 1)) {
+                if (dig == '9')
+                    goto round_9_up;
+                if (j > 0)
+                    dig++;
+#ifdef SET_INEXACT
+                else if (!b->x[0] && b->wds <= 1)
+                    inexact = 0;
+#endif
+                *s++ = dig;
+                goto ret;
+            }
+            if (j < 0 || (j == 0 && !(word1(&u) & 1))) {
+                if (!b.words()[0] && b.size() <= 1) {
+#ifdef SET_INEXACT
+                    inexact = 0;
+#endif
+                    goto accept_dig;
+                }
+                if (j1 > 0) {
+                    lshift(b, 1);
+                    j1 = cmp(b, S);
+                    if ((j1 > 0 || (j1 == 0 && (dig & 1))) && dig++ == '9')
+                        goto round_9_up;
+                }
+accept_dig:
+                *s++ = dig;
+                goto ret;
+            }
+            if (j1 > 0) {
+                if (dig == '9') { /* possible if i == 1 */
+round_9_up:
+                    *s++ = '9';
+                    goto roundoff;
+                }
+                *s++ = dig + 1;
+                goto ret;
+            }
+            *s++ = dig;
+            if (i == ilim)
+                break;
+            multadd(b, 10, 0);
+            multadd(mlo, 10, 0);
+            multadd(mhi, 10, 0);
+        }
+    } else
+        for (i = 1;; i++) {
+            *s++ = dig = quorem(b,S) + '0';
+            if (!b.words()[0] && b.size() <= 1) {
+#ifdef SET_INEXACT
+                inexact = 0;
+#endif
+                goto ret;
+            }
+            if (i >= ilim)
+                break;
+            multadd(b, 10, 0);
+        }
+
+    /* Round off last digit */
+
+    lshift(b, 1);
+    j = cmp(b, S);
+    if (j > 0 || (j == 0 && (dig & 1))) {
+roundoff:
+        while (*--s == '9')
+            if (s == s0) {
+                k++;
+                *s++ = '1';
+                goto ret;
+            }
+        ++*s++;
+    } else {
+        while (*--s == '0') { }
+        s++;
+    }
+    goto ret;
+no_digits:
+    k = -1 - ndigits;
+    goto ret;
+one_digit:
+    *s++ = '1';
+    k++;
+    goto ret;
+ret:
+#ifdef SET_INEXACT
+    if (inexact) {
+        if (!oldinexact) {
+            word0(&u) = Exp_1 + (70 << Exp_shift);
+            word1(&u) = 0;
+            dval(&u) += 1.;
+        }
+    } else if (!oldinexact)
+        clear_inexact();
+#endif
+    *s = 0;
+    *decpt = k + 1;
+    if (rve)
+        *rve = s;
+}
+
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.h
new file mode 100644
index 000000000..cbec7c718
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/dtoa.h
@@ -0,0 +1,37 @@
+/*
+ *  Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_dtoa_h
+#define WTF_dtoa_h
+
+namespace WTF {
+    class Mutex;
+}
+
+namespace WTF {
+
+    extern WTF::Mutex* s_dtoaP5Mutex;
+
+    double strtod(const char* s00, char** se);
+    void dtoa(char* result, double d, int ndigits, int* decpt, int* sign, char** rve);
+
+} // namespace WTF
+
+#endif // WTF_dtoa_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/MainThreadQt.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/MainThreadQt.cpp
new file mode 100644
index 000000000..0ac27176e
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/MainThreadQt.cpp
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2007 Staikos Computing Services Inc.
+ * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "MainThread.h"
+
+#include <QtCore/QObject>
+#include <QtCore/QCoreApplication>
+
+
+namespace WTF {
+
+QT_USE_NAMESPACE
+
+class MainThreadInvoker : public QObject {
+    Q_OBJECT
+public:
+    MainThreadInvoker();
+
+private Q_SLOTS:
+    void dispatch();
+};
+
+MainThreadInvoker::MainThreadInvoker()
+{
+    moveToThread(QCoreApplication::instance()->thread());
+}
+
+void MainThreadInvoker::dispatch()
+{
+    dispatchFunctionsFromMainThread();
+}
+
+Q_GLOBAL_STATIC(MainThreadInvoker, webkit_main_thread_invoker)
+
+void initializeMainThreadPlatform()
+{
+}
+
+void scheduleDispatchFunctionsOnMainThread()
+{
+    QMetaObject::invokeMethod(webkit_main_thread_invoker(), "dispatch", Qt::QueuedConnection);
+}
+
+} // namespace WTF
+
+#include "MainThreadQt.moc"
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/ThreadingQt.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/ThreadingQt.cpp
new file mode 100644
index 000000000..5a8476403
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/qt/ThreadingQt.cpp
@@ -0,0 +1,271 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer. 
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution. 
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "config.h"
+#include "Threading.h"
+
+#include "CurrentTime.h"
+#include "HashMap.h"
+#include "MainThread.h"
+#include "RandomNumberSeed.h"
+
+#include <QCoreApplication>
+#include <QMutex>
+#include <QThread>
+#include <QWaitCondition>
+
+namespace WTF {
+
+QT_USE_NAMESPACE
+
+class ThreadPrivate : public QThread {
+public:
+    ThreadPrivate(ThreadFunction entryPoint, void* data);
+    void run();
+    void* getReturnValue() { return m_returnValue; }
+private:
+    void* m_data;
+    ThreadFunction m_entryPoint;
+    void* m_returnValue;
+};
+
+ThreadPrivate::ThreadPrivate(ThreadFunction entryPoint, void* data) 
+    : m_data(data)
+    , m_entryPoint(entryPoint)
+    , m_returnValue(0)
+{
+}
+
+void ThreadPrivate::run()
+{
+    m_returnValue = m_entryPoint(m_data);
+}
+
+
+static Mutex* atomicallyInitializedStaticMutex;
+
+static ThreadIdentifier mainThreadIdentifier;
+
+static Mutex& threadMapMutex()
+{
+    static Mutex mutex;
+    return mutex;
+}
+
+static HashMap<ThreadIdentifier, QThread*>& threadMap()
+{
+    static HashMap<ThreadIdentifier, QThread*> map;
+    return map;
+}
+
+static ThreadIdentifier identifierByQthreadHandle(QThread*& thread)
+{
+    MutexLocker locker(threadMapMutex());
+
+    HashMap<ThreadIdentifier, QThread*>::iterator i = threadMap().begin();
+    for (; i != threadMap().end(); ++i) {
+        if (i->second == thread)
+            return i->first;
+    }
+
+    return 0;
+}
+
+static ThreadIdentifier establishIdentifierForThread(QThread*& thread)
+{
+    ASSERT(!identifierByQthreadHandle(thread));
+
+    MutexLocker locker(threadMapMutex());
+
+    static ThreadIdentifier identifierCount = 1;
+
+    threadMap().add(identifierCount, thread);
+
+    return identifierCount++;
+}
+
+static void clearThreadForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+
+    ASSERT(threadMap().contains(id));
+
+    threadMap().remove(id);
+}
+
+static QThread* threadForIdentifier(ThreadIdentifier id)
+{
+    MutexLocker locker(threadMapMutex());
+
+    return threadMap().get(id);
+}
+
+void initializeThreading()
+{
+    if (!atomicallyInitializedStaticMutex) {
+        atomicallyInitializedStaticMutex = new Mutex;
+        threadMapMutex();
+        initializeRandomNumberGenerator();
+        QThread* mainThread = QCoreApplication::instance()->thread();
+        mainThreadIdentifier = identifierByQthreadHandle(mainThread);
+        if (!mainThreadIdentifier)
+            mainThreadIdentifier = establishIdentifierForThread(mainThread);
+        initializeMainThread();
+    }
+}
+
+void lockAtomicallyInitializedStaticMutex()
+{
+    ASSERT(atomicallyInitializedStaticMutex);
+    atomicallyInitializedStaticMutex->lock();
+}
+
+void unlockAtomicallyInitializedStaticMutex()
+{
+    atomicallyInitializedStaticMutex->unlock();
+}
+
+ThreadIdentifier createThreadInternal(ThreadFunction entryPoint, void* data, const char*)
+{
+    ThreadPrivate* thread = new ThreadPrivate(entryPoint, data);
+    if (!thread) {
+        LOG_ERROR("Failed to create thread at entry point %p with data %p", entryPoint, data);
+        return 0;
+    }
+    thread->start();
+
+    QThread* threadRef = static_cast<QThread*>(thread);
+
+    return establishIdentifierForThread(threadRef);
+}
+
+void setThreadNameInternal(const char*)
+{
+}
+
+int waitForThreadCompletion(ThreadIdentifier threadID, void** result)
+{
+    ASSERT(threadID);
+
+    QThread* thread = threadForIdentifier(threadID);
+
+    bool res = thread->wait();
+
+    clearThreadForIdentifier(threadID);
+    if (result)
+        *result = static_cast<ThreadPrivate*>(thread)->getReturnValue();
+
+    return !res;
+}
+
+void detachThread(ThreadIdentifier)
+{
+}
+
+ThreadIdentifier currentThread()
+{
+    QThread* currentThread = QThread::currentThread();
+    if (ThreadIdentifier id = identifierByQthreadHandle(currentThread))
+        return id;
+    return establishIdentifierForThread(currentThread);
+}
+
+bool isMainThread()
+{
+    return QThread::currentThread() == QCoreApplication::instance()->thread();
+}
+
+Mutex::Mutex()
+    : m_mutex(new QMutex())
+{
+}
+
+Mutex::~Mutex()
+{
+    delete m_mutex;
+}
+
+void Mutex::lock()
+{
+    m_mutex->lock();
+}
+
+bool Mutex::tryLock()
+{
+    return m_mutex->tryLock();
+}
+
+void Mutex::unlock()
+{
+    m_mutex->unlock();
+}
+
+ThreadCondition::ThreadCondition()
+    : m_condition(new QWaitCondition())
+{
+}
+
+ThreadCondition::~ThreadCondition()
+{
+    delete m_condition;
+}
+
+void ThreadCondition::wait(Mutex& mutex)
+{
+    m_condition->wait(mutex.impl());
+}
+
+bool ThreadCondition::timedWait(Mutex& mutex, double absoluteTime)
+{
+    double currentTime = WTF::currentTime();
+
+    // Time is in the past - return immediately.
+    if (absoluteTime < currentTime)
+        return false;
+
+    // Time is too far in the future (and would overflow unsigned long) - wait forever.
+    if (absoluteTime - currentTime > static_cast<double>(INT_MAX) / 1000.0) {
+        wait(mutex);
+        return true;
+    }
+
+    double intervalMilliseconds = (absoluteTime - currentTime) * 1000.0;
+    return m_condition->wait(mutex.impl(), static_cast<unsigned long>(intervalMilliseconds));
+}
+
+void ThreadCondition::signal()
+{
+    m_condition->wakeOne();
+}
+
+void ThreadCondition::broadcast()
+{
+    m_condition->wakeAll();
+}
+
+} // namespace WebCore
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Collator.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Collator.h
new file mode 100644
index 000000000..51e8a063f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Collator.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_Collator_h
+#define WTF_Collator_h
+
+#include <memory>
+#include <wtf/Noncopyable.h>
+#include <wtf/unicode/Unicode.h>
+
+#if USE(ICU_UNICODE) && !UCONFIG_NO_COLLATION
+struct UCollator;
+#endif
+
+namespace WTF {
+
+    class Collator : public Noncopyable {
+    public:
+        enum Result { Equal = 0, Greater = 1, Less = -1 };
+
+        Collator(const char* locale); // Parsing is lenient; e.g. language identifiers (such as "en-US") are accepted, too.
+        ~Collator();
+        void setOrderLowerFirst(bool);
+
+        static std::auto_ptr<Collator> userDefault();
+
+        Result collate(const ::UChar*, size_t, const ::UChar*, size_t) const;
+
+    private:
+#if USE(ICU_UNICODE) && !UCONFIG_NO_COLLATION
+        void createCollator() const;
+        void releaseCollator();
+        mutable UCollator* m_collator;
+#endif
+        char* m_locale;
+        bool m_lowerFirst;
+    };
+}
+
+using WTF::Collator;
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/CollatorDefault.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/CollatorDefault.cpp
new file mode 100644
index 000000000..eddbe534f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/CollatorDefault.cpp
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Collator.h"
+
+#if !USE(ICU_UNICODE) || UCONFIG_NO_COLLATION
+
+namespace WTF {
+
+Collator::Collator(const char*)
+{
+}
+
+Collator::~Collator()
+{
+}
+
+void Collator::setOrderLowerFirst(bool)
+{
+}
+
+std::auto_ptr<Collator> Collator::userDefault()
+{
+    return std::auto_ptr<Collator>(new Collator(0));
+}
+
+// A default implementation for platforms that lack Unicode-aware collation.
+Collator::Result Collator::collate(const UChar* lhs, size_t lhsLength, const UChar* rhs, size_t rhsLength) const
+{
+    int lmin = lhsLength < rhsLength ? lhsLength : rhsLength;
+    int l = 0;
+    while (l < lmin && *lhs == *rhs) {
+        lhs++;
+        rhs++;
+        l++;
+    }
+
+    if (l < lmin)
+        return (*lhs > *rhs) ? Greater : Less;
+
+    if (lhsLength == rhsLength)
+        return Equal;
+
+    return (lhsLength > rhsLength) ? Greater : Less;
+}
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.cpp
new file mode 100644
index 000000000..9e713fe36
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.cpp
@@ -0,0 +1,303 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "UTF8.h"
+
+namespace WTF {
+namespace Unicode {
+
+inline int inlineUTF8SequenceLengthNonASCII(char b0)
+{
+    if ((b0 & 0xC0) != 0xC0)
+        return 0;
+    if ((b0 & 0xE0) == 0xC0)
+        return 2;
+    if ((b0 & 0xF0) == 0xE0)
+        return 3;
+    if ((b0 & 0xF8) == 0xF0)
+        return 4;
+    return 0;
+}
+
+inline int inlineUTF8SequenceLength(char b0)
+{
+    return (b0 & 0x80) == 0 ? 1 : inlineUTF8SequenceLengthNonASCII(b0);
+}
+
+int UTF8SequenceLength(char b0)
+{
+    return (b0 & 0x80) == 0 ? 1 : inlineUTF8SequenceLengthNonASCII(b0);
+}
+
+int decodeUTF8Sequence(const char* sequence)
+{
+    // Handle 0-byte sequences (never valid).
+    const unsigned char b0 = sequence[0];
+    const int length = inlineUTF8SequenceLength(b0);
+    if (length == 0)
+        return -1;
+
+    // Handle 1-byte sequences (plain ASCII).
+    const unsigned char b1 = sequence[1];
+    if (length == 1) {
+        if (b1)
+            return -1;
+        return b0;
+    }
+
+    // Handle 2-byte sequences.
+    if ((b1 & 0xC0) != 0x80)
+        return -1;
+    const unsigned char b2 = sequence[2];
+    if (length == 2) {
+        if (b2)
+            return -1;
+        const int c = ((b0 & 0x1F) << 6) | (b1 & 0x3F);
+        if (c < 0x80)
+            return -1;
+        return c;
+    }
+
+    // Handle 3-byte sequences.
+    if ((b2 & 0xC0) != 0x80)
+        return -1;
+    const unsigned char b3 = sequence[3];
+    if (length == 3) {
+        if (b3)
+            return -1;
+        const int c = ((b0 & 0xF) << 12) | ((b1 & 0x3F) << 6) | (b2 & 0x3F);
+        if (c < 0x800)
+            return -1;
+        // UTF-16 surrogates should never appear in UTF-8 data.
+        if (c >= 0xD800 && c <= 0xDFFF)
+            return -1;
+        return c;
+    }
+
+    // Handle 4-byte sequences.
+    if ((b3 & 0xC0) != 0x80)
+        return -1;
+    const unsigned char b4 = sequence[4];
+    if (length == 4) {
+        if (b4)
+            return -1;
+        const int c = ((b0 & 0x7) << 18) | ((b1 & 0x3F) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F);
+        if (c < 0x10000 || c > 0x10FFFF)
+            return -1;
+        return c;
+    }
+
+    return -1;
+}
+
+// Once the bits are split out into bytes of UTF-8, this is a mask OR-ed
+// into the first byte, depending on how many bytes follow.  There are
+// as many entries in this table as there are UTF-8 sequence types.
+// (I.e., one byte sequence, two byte... etc.). Remember that sequencs
+// for *legal* UTF-8 will be 4 or fewer bytes total.
+static const unsigned char firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC };
+
+ConversionResult convertUTF16ToUTF8(
+    const UChar** sourceStart, const UChar* sourceEnd, 
+    char** targetStart, char* targetEnd, bool strict)
+{
+    ConversionResult result = conversionOK;
+    const UChar* source = *sourceStart;
+    char* target = *targetStart;
+    while (source < sourceEnd) {
+        UChar32 ch;
+        unsigned short bytesToWrite = 0;
+        const UChar32 byteMask = 0xBF;
+        const UChar32 byteMark = 0x80; 
+        const UChar* oldSource = source; // In case we have to back up because of target overflow.
+        ch = static_cast<unsigned short>(*source++);
+        // If we have a surrogate pair, convert to UChar32 first.
+        if (ch >= 0xD800 && ch <= 0xDBFF) {
+            // If the 16 bits following the high surrogate are in the source buffer...
+            if (source < sourceEnd) {
+                UChar32 ch2 = static_cast<unsigned short>(*source);
+                // If it's a low surrogate, convert to UChar32.
+                if (ch2 >= 0xDC00 && ch2 <= 0xDFFF) {
+                    ch = ((ch - 0xD800) << 10) + (ch2 - 0xDC00) + 0x0010000;
+                    ++source;
+                } else if (strict) { // it's an unpaired high surrogate
+                    --source; // return to the illegal value itself
+                    result = sourceIllegal;
+                    break;
+                }
+            } else { // We don't have the 16 bits following the high surrogate.
+                --source; // return to the high surrogate
+                result = sourceExhausted;
+                break;
+            }
+        } else if (strict) {
+            // UTF-16 surrogate values are illegal in UTF-32
+            if (ch >= 0xDC00 && ch <= 0xDFFF) {
+                --source; // return to the illegal value itself
+                result = sourceIllegal;
+                break;
+            }
+        }
+        // Figure out how many bytes the result will require
+        if (ch < (UChar32)0x80) {
+            bytesToWrite = 1;
+        } else if (ch < (UChar32)0x800) {
+            bytesToWrite = 2;
+        } else if (ch < (UChar32)0x10000) {
+            bytesToWrite = 3;
+        } else if (ch < (UChar32)0x110000) {
+            bytesToWrite = 4;
+        } else {
+            bytesToWrite = 3;
+            ch = 0xFFFD;
+        }
+
+        target += bytesToWrite;
+        if (target > targetEnd) {
+            source = oldSource; // Back up source pointer!
+            target -= bytesToWrite;
+            result = targetExhausted;
+            break;
+        }
+        switch (bytesToWrite) { // note: everything falls through.
+            case 4: *--target = (char)((ch | byteMark) & byteMask); ch >>= 6;
+            case 3: *--target = (char)((ch | byteMark) & byteMask); ch >>= 6;
+            case 2: *--target = (char)((ch | byteMark) & byteMask); ch >>= 6;
+            case 1: *--target =  (char)(ch | firstByteMark[bytesToWrite]);
+        }
+        target += bytesToWrite;
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+// This must be called with the length pre-determined by the first byte.
+// If presented with a length > 4, this returns false.  The Unicode
+// definition of UTF-8 goes up to 4-byte sequences.
+static bool isLegalUTF8(const unsigned char* source, int length)
+{
+    unsigned char a;
+    const unsigned char* srcptr = source + length;
+    switch (length) {
+        default: return false;
+        // Everything else falls through when "true"...
+        case 4: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false;
+        case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false;
+        case 2: if ((a = (*--srcptr)) > 0xBF) return false;
+
+        switch (*source) {
+            // no fall-through in this inner switch
+            case 0xE0: if (a < 0xA0) return false; break;
+            case 0xED: if (a > 0x9F) return false; break;
+            case 0xF0: if (a < 0x90) return false; break;
+            case 0xF4: if (a > 0x8F) return false; break;
+            default:   if (a < 0x80) return false;
+        }
+
+        case 1: if (*source >= 0x80 && *source < 0xC2) return false;
+    }
+    if (*source > 0xF4)
+        return false;
+    return true;
+}
+
+// Magic values subtracted from a buffer value during UTF8 conversion.
+// This table contains as many values as there might be trailing bytes
+// in a UTF-8 sequence.
+static const UChar32 offsetsFromUTF8[6] = { 0x00000000UL, 0x00003080UL, 0x000E2080UL, 
+            0x03C82080UL, 0xFA082080UL, 0x82082080UL };
+
+ConversionResult convertUTF8ToUTF16(
+    const char** sourceStart, const char* sourceEnd, 
+    UChar** targetStart, UChar* targetEnd, bool strict)
+{
+    ConversionResult result = conversionOK;
+    const char* source = *sourceStart;
+    UChar* target = *targetStart;
+    while (source < sourceEnd) {
+        UChar32 ch = 0;
+        int extraBytesToRead = UTF8SequenceLength(*source) - 1;
+        if (source + extraBytesToRead >= sourceEnd) {
+            result = sourceExhausted;
+            break;
+        }
+        // Do this check whether lenient or strict
+        if (!isLegalUTF8(reinterpret_cast<const unsigned char*>(source), extraBytesToRead + 1)) {
+            result = sourceIllegal;
+            break;
+        }
+        // The cases all fall through.
+        switch (extraBytesToRead) {
+            case 5: ch += static_cast<unsigned char>(*source++); ch <<= 6; // remember, illegal UTF-8
+            case 4: ch += static_cast<unsigned char>(*source++); ch <<= 6; // remember, illegal UTF-8
+            case 3: ch += static_cast<unsigned char>(*source++); ch <<= 6;
+            case 2: ch += static_cast<unsigned char>(*source++); ch <<= 6;
+            case 1: ch += static_cast<unsigned char>(*source++); ch <<= 6;
+            case 0: ch += static_cast<unsigned char>(*source++);
+        }
+        ch -= offsetsFromUTF8[extraBytesToRead];
+
+        if (target >= targetEnd) {
+            source -= (extraBytesToRead + 1); // Back up source pointer!
+            result = targetExhausted; break;
+        }
+        if (ch <= 0xFFFF) {
+            // UTF-16 surrogate values are illegal in UTF-32
+            if (ch >= 0xD800 && ch <= 0xDFFF) {
+                if (strict) {
+                    source -= (extraBytesToRead + 1); // return to the illegal value itself
+                    result = sourceIllegal;
+                    break;
+                } else
+                    *target++ = 0xFFFD;
+            } else
+                *target++ = (UChar)ch; // normal case
+        } else if (ch > 0x10FFFF) {
+            if (strict) {
+                result = sourceIllegal;
+                source -= (extraBytesToRead + 1); // return to the start
+                break; // Bail out; shouldn't continue
+            } else
+                *target++ = 0xFFFD;
+        } else {
+            // target is a character in range 0xFFFF - 0x10FFFF
+            if (target + 1 >= targetEnd) {
+                source -= (extraBytesToRead + 1); // Back up source pointer!
+                result = targetExhausted;
+                break;
+            }
+            ch -= 0x0010000UL;
+            *target++ = (UChar)((ch >> 10) + 0xD800);
+            *target++ = (UChar)((ch & 0x03FF) + 0xDC00);
+        }
+    }
+    *sourceStart = source;
+    *targetStart = target;
+    return result;
+}
+
+}
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.h
new file mode 100644
index 000000000..a5ed93e94
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/UTF8.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef WTF_UTF8_h
+#define WTF_UTF8_h
+
+#include "Unicode.h"
+
+namespace WTF {
+  namespace Unicode {
+
+    // Given a first byte, gives the length of the UTF-8 sequence it begins.
+    // Returns 0 for bytes that are not legal starts of UTF-8 sequences.
+    // Only allows sequences of up to 4 bytes, since that works for all Unicode characters (U-00000000 to U-0010FFFF).
+    int UTF8SequenceLength(char);
+
+    // Takes a null-terminated C-style string with a UTF-8 sequence in it and converts it to a character.
+    // Only allows Unicode characters (U-00000000 to U-0010FFFF).
+    // Returns -1 if the sequence is not valid (including presence of extra bytes).
+    int decodeUTF8Sequence(const char*);
+
+    typedef enum {
+            conversionOK,       // conversion successful
+            sourceExhausted,    // partial character in source, but hit end
+            targetExhausted,    // insuff. room in target for conversion
+            sourceIllegal       // source sequence is illegal/malformed
+    } ConversionResult;
+
+    // These conversion functions take a "strict" argument. When this
+    // flag is set to strict, both irregular sequences and isolated surrogates
+    // will cause an error.  When the flag is set to lenient, both irregular
+    // sequences and isolated surrogates are converted.
+    // 
+    // Whether the flag is strict or lenient, all illegal sequences will cause
+    // an error return. This includes sequences such as: <F4 90 80 80>, <C0 80>,
+    // or <A0> in UTF-8, and values above 0x10FFFF in UTF-32. Conformant code
+    // must check for illegal sequences.
+    // 
+    // When the flag is set to lenient, characters over 0x10FFFF are converted
+    // to the replacement character; otherwise (when the flag is set to strict)
+    // they constitute an error.
+
+    ConversionResult convertUTF8ToUTF16(
+                    const char** sourceStart, const char* sourceEnd, 
+                    UChar** targetStart, UChar* targetEnd, bool strict = true);
+
+    ConversionResult convertUTF16ToUTF8(
+                    const UChar** sourceStart, const UChar* sourceEnd, 
+                    char** targetStart, char* targetEnd, bool strict = true);
+  }
+}
+
+#endif // WTF_UTF8_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Unicode.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Unicode.h
new file mode 100644
index 000000000..7016a039f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/Unicode.h
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006, 2008, 2009 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_UNICODE_H
+#define WTF_UNICODE_H
+
+#include <wtf/Assertions.h>
+
+#if USE(QT4_UNICODE)
+#if COMPILER(WINSCW) || COMPILER(RVCT)
+#include "wtf/unicode/qt4/UnicodeQt4.h"
+#else
+#include "qt4/UnicodeQt4.h"
+#endif
+#elif USE(ICU_UNICODE)
+#include <wtf/unicode/icu/UnicodeIcu.h>
+#elif USE(GLIB_UNICODE)
+#include <wtf/unicode/glib/UnicodeGLib.h>
+#elif USE(WINCE_UNICODE)
+#include <wtf/unicode/wince/UnicodeWince.h>
+#else
+#error "Unknown Unicode implementation"
+#endif
+
+COMPILE_ASSERT(sizeof(UChar) == 2, UCharIsTwoBytes);
+
+#endif // WTF_UNICODE_H
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.cpp
new file mode 100644
index 000000000..a779b3680
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.cpp
@@ -0,0 +1,214 @@
+/*
+ *  Copyright (C) 2008 Jürg Billeter <j@bitron.ch>
+ *  Copyright (C) 2008 Dominik Röttsches <dominik.roettsches@access-company.com>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "UnicodeGLib.h"
+
+namespace WTF {
+namespace Unicode {
+
+UChar32 foldCase(UChar32 ch)
+{
+    GOwnPtr<GError> gerror;
+
+    GOwnPtr<char> utf8char;
+    utf8char.set(g_ucs4_to_utf8(reinterpret_cast<gunichar*>(&ch), 1, 0, 0, &gerror.outPtr()));
+    if (gerror)
+        return ch;
+
+    GOwnPtr<char> utf8caseFolded;
+    utf8caseFolded.set(g_utf8_casefold(utf8char.get(), -1));
+
+    GOwnPtr<gunichar> ucs4Result;
+    ucs4Result.set(g_utf8_to_ucs4_fast(utf8caseFolded.get(), -1, 0));
+
+    return *ucs4Result;
+}
+
+int foldCase(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    *error = false;
+    GOwnPtr<GError> gerror;
+
+    GOwnPtr<char> utf8src;
+    utf8src.set(g_utf16_to_utf8(src, srcLength, 0, 0, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    GOwnPtr<char> utf8result;
+    utf8result.set(g_utf8_casefold(utf8src.get(), -1));
+
+    long utf16resultLength = -1;
+    GOwnPtr<UChar> utf16result;
+    utf16result.set(g_utf8_to_utf16(utf8result.get(), -1, 0, &utf16resultLength, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    if (utf16resultLength > resultLength) {
+        *error = true;
+        return utf16resultLength;
+    }
+    memcpy(result, utf16result.get(), utf16resultLength * sizeof(UChar));
+
+    return utf16resultLength;
+}
+
+int toLower(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    *error = false;
+    GOwnPtr<GError> gerror;
+
+    GOwnPtr<char> utf8src;
+    utf8src.set(g_utf16_to_utf8(src, srcLength, 0, 0, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    GOwnPtr<char> utf8result;
+    utf8result.set(g_utf8_strdown(utf8src.get(), -1));
+
+    long utf16resultLength = -1;
+    GOwnPtr<UChar> utf16result;
+    utf16result.set(g_utf8_to_utf16(utf8result.get(), -1, 0, &utf16resultLength, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    if (utf16resultLength > resultLength) {
+        *error = true;
+        return utf16resultLength;
+    }
+    memcpy(result, utf16result.get(), utf16resultLength * sizeof(UChar));
+
+    return utf16resultLength;
+}
+
+int toUpper(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    *error = false;
+    GOwnPtr<GError> gerror;
+
+    GOwnPtr<char> utf8src;
+    utf8src.set(g_utf16_to_utf8(src, srcLength, 0, 0, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    GOwnPtr<char> utf8result;
+    utf8result.set(g_utf8_strup(utf8src.get(), -1));
+
+    long utf16resultLength = -1;
+    GOwnPtr<UChar> utf16result;
+    utf16result.set(g_utf8_to_utf16(utf8result.get(), -1, 0, &utf16resultLength, &gerror.outPtr()));
+    if (gerror) {
+        *error = true;
+        return -1;
+    }
+
+    if (utf16resultLength > resultLength) {
+        *error = true;
+        return utf16resultLength;
+    }
+    memcpy(result, utf16result.get(), utf16resultLength * sizeof(UChar));
+
+    return utf16resultLength;
+}
+
+Direction direction(UChar32 c)
+{
+    PangoBidiType type = pango_bidi_type_for_unichar(c);
+    switch (type) {
+    case PANGO_BIDI_TYPE_L:
+        return LeftToRight;
+    case PANGO_BIDI_TYPE_R:
+        return RightToLeft;
+    case PANGO_BIDI_TYPE_AL:
+        return RightToLeftArabic;
+    case PANGO_BIDI_TYPE_LRE:
+        return LeftToRightEmbedding;
+    case PANGO_BIDI_TYPE_RLE:
+        return RightToLeftEmbedding;
+    case PANGO_BIDI_TYPE_LRO:
+        return LeftToRightOverride;
+    case PANGO_BIDI_TYPE_RLO:
+        return RightToLeftOverride;
+    case PANGO_BIDI_TYPE_PDF:
+        return PopDirectionalFormat;
+    case PANGO_BIDI_TYPE_EN:
+        return EuropeanNumber;
+    case PANGO_BIDI_TYPE_AN:
+        return ArabicNumber;
+    case PANGO_BIDI_TYPE_ES:
+        return EuropeanNumberSeparator;
+    case PANGO_BIDI_TYPE_ET:
+        return EuropeanNumberTerminator;
+    case PANGO_BIDI_TYPE_CS:
+        return CommonNumberSeparator;
+    case PANGO_BIDI_TYPE_NSM:
+        return NonSpacingMark;
+    case PANGO_BIDI_TYPE_BN:
+        return BoundaryNeutral;
+    case PANGO_BIDI_TYPE_B:
+        return BlockSeparator;
+    case PANGO_BIDI_TYPE_S:
+        return SegmentSeparator;
+    case PANGO_BIDI_TYPE_WS:
+        return WhiteSpaceNeutral;
+    default:
+        return OtherNeutral;
+    }
+}
+
+int umemcasecmp(const UChar* a, const UChar* b, int len)
+{
+    GOwnPtr<char> utf8a;
+    GOwnPtr<char> utf8b;
+
+    utf8a.set(g_utf16_to_utf8(a, len, 0, 0, 0));
+    utf8b.set(g_utf16_to_utf8(b, len, 0, 0, 0));
+
+    GOwnPtr<char> foldedA;
+    GOwnPtr<char> foldedB;
+
+    foldedA.set(g_utf8_casefold(utf8a.get(), -1));
+    foldedB.set(g_utf8_casefold(utf8b.get(), -1));
+
+    // FIXME: umemcasecmp needs to mimic u_memcasecmp of icu
+    // from the ICU docs:
+    // "Compare two strings case-insensitively using full case folding.
+    // his is equivalent to u_strcmp(u_strFoldCase(s1, n, options), u_strFoldCase(s2, n, options))."
+    //
+    // So it looks like we don't need the full g_utf8_collate here,
+    // but really a bitwise comparison of casefolded unicode chars (not utf-8 bytes).
+    // As there is no direct equivalent to this icu function in GLib, for now
+    // we'll use g_utf8_collate():
+
+    return g_utf8_collate(foldedA.get(), foldedB.get());
+}
+
+}
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.h
new file mode 100644
index 000000000..c03d3ec3b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeGLib.h
@@ -0,0 +1,238 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2007 Apple Computer, Inc. All rights reserved.
+ *  Copyright (C) 2008 Jürg Billeter <j@bitron.ch>
+ *  Copyright (C) 2008 Dominik Röttsches <dominik.roettsches@access-company.com>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef UnicodeGLib_h
+#define UnicodeGLib_h
+
+#include "UnicodeMacrosFromICU.h"
+#include <wtf/GOwnPtr.h>
+
+#include <glib.h>
+#include <pango/pango.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef uint16_t UChar;
+typedef int32_t UChar32;
+
+namespace WTF {
+namespace Unicode {
+
+enum Direction {
+    LeftToRight,
+    RightToLeft,
+    EuropeanNumber,
+    EuropeanNumberSeparator,
+    EuropeanNumberTerminator,
+    ArabicNumber,
+    CommonNumberSeparator,
+    BlockSeparator,
+    SegmentSeparator,
+    WhiteSpaceNeutral,
+    OtherNeutral,
+    LeftToRightEmbedding,
+    LeftToRightOverride,
+    RightToLeftArabic,
+    RightToLeftEmbedding,
+    RightToLeftOverride,
+    PopDirectionalFormat,
+    NonSpacingMark,
+    BoundaryNeutral
+};
+
+enum DecompositionType {
+    DecompositionNone,
+    DecompositionCanonical,
+    DecompositionCompat,
+    DecompositionCircle,
+    DecompositionFinal,
+    DecompositionFont,
+    DecompositionFraction,
+    DecompositionInitial,
+    DecompositionIsolated,
+    DecompositionMedial,
+    DecompositionNarrow,
+    DecompositionNoBreak,
+    DecompositionSmall,
+    DecompositionSquare,
+    DecompositionSub,
+    DecompositionSuper,
+    DecompositionVertical,
+    DecompositionWide,
+};
+
+enum CharCategory {
+    NoCategory =  0,
+    Other_NotAssigned = U_MASK(G_UNICODE_UNASSIGNED),
+    Letter_Uppercase = U_MASK(G_UNICODE_UPPERCASE_LETTER),
+    Letter_Lowercase = U_MASK(G_UNICODE_LOWERCASE_LETTER),
+    Letter_Titlecase = U_MASK(G_UNICODE_TITLECASE_LETTER),
+    Letter_Modifier = U_MASK(G_UNICODE_MODIFIER_LETTER),
+    Letter_Other = U_MASK(G_UNICODE_OTHER_LETTER),
+
+    Mark_NonSpacing = U_MASK(G_UNICODE_NON_SPACING_MARK),
+    Mark_Enclosing = U_MASK(G_UNICODE_ENCLOSING_MARK),
+    Mark_SpacingCombining = U_MASK(G_UNICODE_COMBINING_MARK),
+
+    Number_DecimalDigit = U_MASK(G_UNICODE_DECIMAL_NUMBER),
+    Number_Letter = U_MASK(G_UNICODE_LETTER_NUMBER),
+    Number_Other = U_MASK(G_UNICODE_OTHER_NUMBER),
+
+    Separator_Space = U_MASK(G_UNICODE_SPACE_SEPARATOR),
+    Separator_Line = U_MASK(G_UNICODE_LINE_SEPARATOR),
+    Separator_Paragraph = U_MASK(G_UNICODE_PARAGRAPH_SEPARATOR),
+
+    Other_Control = U_MASK(G_UNICODE_CONTROL),
+    Other_Format = U_MASK(G_UNICODE_FORMAT),
+    Other_PrivateUse = U_MASK(G_UNICODE_PRIVATE_USE),
+    Other_Surrogate = U_MASK(G_UNICODE_SURROGATE),
+
+    Punctuation_Dash = U_MASK(G_UNICODE_DASH_PUNCTUATION),
+    Punctuation_Open = U_MASK(G_UNICODE_OPEN_PUNCTUATION),
+    Punctuation_Close = U_MASK(G_UNICODE_CLOSE_PUNCTUATION),
+    Punctuation_Connector = U_MASK(G_UNICODE_CONNECT_PUNCTUATION),
+    Punctuation_Other = U_MASK(G_UNICODE_OTHER_PUNCTUATION),
+
+    Symbol_Math = U_MASK(G_UNICODE_MATH_SYMBOL),
+    Symbol_Currency = U_MASK(G_UNICODE_CURRENCY_SYMBOL),
+    Symbol_Modifier = U_MASK(G_UNICODE_MODIFIER_SYMBOL),
+    Symbol_Other = U_MASK(G_UNICODE_OTHER_SYMBOL),
+
+    Punctuation_InitialQuote = U_MASK(G_UNICODE_INITIAL_PUNCTUATION),
+    Punctuation_FinalQuote = U_MASK(G_UNICODE_FINAL_PUNCTUATION)
+};
+
+UChar32 foldCase(UChar32);
+
+int foldCase(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error);
+
+int toLower(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error);
+
+inline UChar32 toLower(UChar32 c)
+{
+    return g_unichar_tolower(c);
+}
+
+inline UChar32 toUpper(UChar32 c)
+{
+    return g_unichar_toupper(c);
+}
+
+int toUpper(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error);
+
+inline UChar32 toTitleCase(UChar32 c)
+{
+    return g_unichar_totitle(c);
+}
+
+inline bool isArabicChar(UChar32 c)
+{
+    return c >= 0x0600 && c <= 0x06FF;
+}
+
+inline bool isFormatChar(UChar32 c)
+{
+    return g_unichar_type(c) == G_UNICODE_FORMAT;
+}
+
+inline bool isSeparatorSpace(UChar32 c)
+{
+    return g_unichar_type(c) == G_UNICODE_SPACE_SEPARATOR;
+}
+
+inline bool isPrintableChar(UChar32 c)
+{
+    return g_unichar_isprint(c);
+}
+
+inline bool isDigit(UChar32 c)
+{
+    return g_unichar_isdigit(c);
+}
+
+inline bool isPunct(UChar32 c)
+{
+    return g_unichar_ispunct(c);
+}
+
+inline bool hasLineBreakingPropertyComplexContext(UChar32 c)
+{
+    // FIXME
+    return false;
+}
+
+inline bool hasLineBreakingPropertyComplexContextOrIdeographic(UChar32 c)
+{
+    // FIXME
+    return false;
+}
+
+inline UChar32 mirroredChar(UChar32 c)
+{
+    gunichar mirror = 0;
+    g_unichar_get_mirror_char(c, &mirror);
+    return mirror;
+}
+
+inline CharCategory category(UChar32 c)
+{
+    if (c > 0xffff)
+        return NoCategory;
+
+    return (CharCategory) U_MASK(g_unichar_type(c));
+}
+
+Direction direction(UChar32);
+
+inline bool isLower(UChar32 c)
+{
+    return g_unichar_islower(c);
+}
+
+inline int digitValue(UChar32 c)
+{
+    return g_unichar_digit_value(c);
+}
+
+inline uint8_t combiningClass(UChar32 c)
+{
+    // FIXME
+    // return g_unichar_combining_class(c);
+    return 0;
+}
+
+inline DecompositionType decompositionType(UChar32 c)
+{
+    // FIXME
+    return DecompositionNone;
+}
+
+int umemcasecmp(const UChar*, const UChar*, int len);
+
+}
+}
+
+#endif
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeMacrosFromICU.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeMacrosFromICU.h
new file mode 100644
index 000000000..5d3eca687
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/glib/UnicodeMacrosFromICU.h
@@ -0,0 +1,69 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2007 Apple Computer, Inc. All rights reserved.
+ *  Copyright (C) 2008 Jürg Billeter <j@bitron.ch>
+ *  Copyright (C) 2008 Dominik Röttsches <dominik.roettsches@access-company.com>
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef UnicodeMacrosFromICU_h
+#define UnicodeMacrosFromICU_h
+
+// some defines from ICU
+
+#define U16_IS_LEAD(c) (((c)&0xfffffc00)==0xd800)
+#define U16_IS_TRAIL(c) (((c)&0xfffffc00)==0xdc00)
+#define U16_SURROGATE_OFFSET ((0xd800<<10UL)+0xdc00-0x10000)
+#define U16_GET_SUPPLEMENTARY(lead, trail) \
+    (((UChar32)(lead)<<10UL)+(UChar32)(trail)-U16_SURROGATE_OFFSET)
+
+#define U16_LEAD(supplementary) (UChar)(((supplementary)>>10)+0xd7c0)
+#define U16_TRAIL(supplementary) (UChar)(((supplementary)&0x3ff)|0xdc00)
+
+#define U_IS_SURROGATE(c) (((c)&0xfffff800)==0xd800)
+#define U16_IS_SINGLE(c) !U_IS_SURROGATE(c)
+#define U16_IS_SURROGATE(c) U_IS_SURROGATE(c)
+#define U16_IS_SURROGATE_LEAD(c) (((c)&0x400)==0)
+
+#define U16_PREV(s, start, i, c) { \
+    (c)=(s)[--(i)]; \
+    if(U16_IS_TRAIL(c)) { \
+        uint16_t __c2; \
+        if((i)>(start) && U16_IS_LEAD(__c2=(s)[(i)-1])) { \
+            --(i); \
+            (c)=U16_GET_SUPPLEMENTARY(__c2, (c)); \
+        } \
+    } \
+}
+
+#define U16_NEXT(s, i, length, c) { \
+    (c)=(s)[(i)++]; \
+    if(U16_IS_LEAD(c)) { \
+        uint16_t __c2; \
+        if((i)<(length) && U16_IS_TRAIL(__c2=(s)[(i)])) { \
+            ++(i); \
+            (c)=U16_GET_SUPPLEMENTARY((c), __c2); \
+        } \
+    } \
+}
+
+#define U_MASK(x) ((uint32_t)1<<(x))
+
+#endif
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/CollatorICU.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/CollatorICU.cpp
new file mode 100644
index 000000000..6376bb31f
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/CollatorICU.cpp
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "Collator.h"
+
+#if USE(ICU_UNICODE) && !UCONFIG_NO_COLLATION
+
+#include "Assertions.h"
+#include "Threading.h"
+#include <unicode/ucol.h>
+#include <string.h>
+
+#if PLATFORM(DARWIN)
+#include "RetainPtr.h"
+#include <CoreFoundation/CoreFoundation.h>
+#endif
+
+namespace WTF {
+
+static UCollator* cachedCollator;
+static Mutex& cachedCollatorMutex()
+{
+    AtomicallyInitializedStatic(Mutex&, mutex = *new Mutex);
+    return mutex;
+}
+
+Collator::Collator(const char* locale)
+    : m_collator(0)
+    , m_locale(locale ? strdup(locale) : 0)
+    , m_lowerFirst(false)
+{
+}
+
+std::auto_ptr<Collator> Collator::userDefault()
+{
+#if PLATFORM(DARWIN) && PLATFORM(CF)
+    // Mac OS X doesn't set UNIX locale to match user-selected one, so ICU default doesn't work.
+#if !defined(BUILDING_ON_TIGER) && !defined(BUILDING_ON_LEOPARD) && !PLATFORM(IPHONE)
+    RetainPtr<CFLocaleRef> currentLocale(AdoptCF, CFLocaleCopyCurrent());
+    CFStringRef collationOrder = (CFStringRef)CFLocaleGetValue(currentLocale.get(), kCFLocaleCollatorIdentifier);
+#else
+    RetainPtr<CFStringRef> collationOrderRetainer(AdoptCF, (CFStringRef)CFPreferencesCopyValue(CFSTR("AppleCollationOrder"), kCFPreferencesAnyApplication, kCFPreferencesCurrentUser, kCFPreferencesAnyHost));
+    CFStringRef collationOrder = collationOrderRetainer.get();
+#endif
+    char buf[256];
+    if (collationOrder) {
+        CFStringGetCString(collationOrder, buf, sizeof(buf), kCFStringEncodingASCII);
+        return std::auto_ptr<Collator>(new Collator(buf));
+    } else
+        return std::auto_ptr<Collator>(new Collator(""));
+#else
+    return std::auto_ptr<Collator>(new Collator(0));
+#endif
+}
+
+Collator::~Collator()
+{
+    releaseCollator();
+    free(m_locale);
+}
+
+void Collator::setOrderLowerFirst(bool lowerFirst)
+{
+    m_lowerFirst = lowerFirst;
+}
+
+Collator::Result Collator::collate(const UChar* lhs, size_t lhsLength, const UChar* rhs, size_t rhsLength) const
+{
+    if (!m_collator)
+        createCollator();
+
+    return static_cast<Result>(ucol_strcoll(m_collator, lhs, lhsLength, rhs, rhsLength));
+}
+
+void Collator::createCollator() const
+{
+    ASSERT(!m_collator);
+    UErrorCode status = U_ZERO_ERROR;
+
+    {
+        Locker<Mutex> lock(cachedCollatorMutex());
+        if (cachedCollator) {
+            const char* cachedCollatorLocale = ucol_getLocaleByType(cachedCollator, ULOC_REQUESTED_LOCALE, &status);
+            ASSERT(U_SUCCESS(status));
+            ASSERT(cachedCollatorLocale);
+
+            UColAttributeValue cachedCollatorLowerFirst = ucol_getAttribute(cachedCollator, UCOL_CASE_FIRST, &status);
+            ASSERT(U_SUCCESS(status));
+
+            // FIXME: default locale is never matched, because ucol_getLocaleByType returns the actual one used, not 0.
+            if (m_locale && 0 == strcmp(cachedCollatorLocale, m_locale)
+                && ((UCOL_LOWER_FIRST == cachedCollatorLowerFirst && m_lowerFirst) || (UCOL_UPPER_FIRST == cachedCollatorLowerFirst && !m_lowerFirst))) {
+                m_collator = cachedCollator;
+                cachedCollator = 0;
+                return;
+            }
+        }
+    }
+
+    m_collator = ucol_open(m_locale, &status);
+    if (U_FAILURE(status)) {
+        status = U_ZERO_ERROR;
+        m_collator = ucol_open("", &status); // Fallback to Unicode Collation Algorithm.
+    }
+    ASSERT(U_SUCCESS(status));
+
+    ucol_setAttribute(m_collator, UCOL_CASE_FIRST, m_lowerFirst ? UCOL_LOWER_FIRST : UCOL_UPPER_FIRST, &status);
+    ASSERT(U_SUCCESS(status));
+}
+
+void Collator::releaseCollator()
+{
+    {
+        Locker<Mutex> lock(cachedCollatorMutex());
+        if (cachedCollator)
+            ucol_close(cachedCollator);
+        cachedCollator = m_collator;
+        m_collator  = 0;
+    }
+}
+
+}
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/UnicodeIcu.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/UnicodeIcu.h
new file mode 100644
index 000000000..35c6fbfd7
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/icu/UnicodeIcu.h
@@ -0,0 +1,230 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_UNICODE_ICU_H
+#define WTF_UNICODE_ICU_H
+
+#include <stdlib.h>
+#include <unicode/uchar.h>
+#include <unicode/ustring.h>
+#include <unicode/utf16.h>
+
+namespace WTF {
+namespace Unicode {
+
+enum Direction {
+    LeftToRight = U_LEFT_TO_RIGHT,
+    RightToLeft = U_RIGHT_TO_LEFT,
+    EuropeanNumber = U_EUROPEAN_NUMBER,
+    EuropeanNumberSeparator = U_EUROPEAN_NUMBER_SEPARATOR,
+    EuropeanNumberTerminator = U_EUROPEAN_NUMBER_TERMINATOR,
+    ArabicNumber = U_ARABIC_NUMBER,
+    CommonNumberSeparator = U_COMMON_NUMBER_SEPARATOR,
+    BlockSeparator = U_BLOCK_SEPARATOR,
+    SegmentSeparator = U_SEGMENT_SEPARATOR,
+    WhiteSpaceNeutral = U_WHITE_SPACE_NEUTRAL,
+    OtherNeutral = U_OTHER_NEUTRAL,
+    LeftToRightEmbedding = U_LEFT_TO_RIGHT_EMBEDDING,
+    LeftToRightOverride = U_LEFT_TO_RIGHT_OVERRIDE,
+    RightToLeftArabic = U_RIGHT_TO_LEFT_ARABIC,
+    RightToLeftEmbedding = U_RIGHT_TO_LEFT_EMBEDDING,
+    RightToLeftOverride = U_RIGHT_TO_LEFT_OVERRIDE,
+    PopDirectionalFormat = U_POP_DIRECTIONAL_FORMAT,
+    NonSpacingMark = U_DIR_NON_SPACING_MARK,
+    BoundaryNeutral = U_BOUNDARY_NEUTRAL
+};
+
+enum DecompositionType {
+    DecompositionNone = U_DT_NONE,
+    DecompositionCanonical = U_DT_CANONICAL,
+    DecompositionCompat = U_DT_COMPAT,
+    DecompositionCircle = U_DT_CIRCLE,
+    DecompositionFinal = U_DT_FINAL,
+    DecompositionFont = U_DT_FONT,
+    DecompositionFraction = U_DT_FRACTION,
+    DecompositionInitial = U_DT_INITIAL,
+    DecompositionIsolated = U_DT_ISOLATED,
+    DecompositionMedial = U_DT_MEDIAL,
+    DecompositionNarrow = U_DT_NARROW,
+    DecompositionNoBreak = U_DT_NOBREAK,
+    DecompositionSmall = U_DT_SMALL,
+    DecompositionSquare = U_DT_SQUARE,
+    DecompositionSub = U_DT_SUB,
+    DecompositionSuper = U_DT_SUPER,
+    DecompositionVertical = U_DT_VERTICAL,
+    DecompositionWide = U_DT_WIDE,
+};
+
+enum CharCategory {
+    NoCategory =  0,
+    Other_NotAssigned = U_MASK(U_GENERAL_OTHER_TYPES),
+    Letter_Uppercase = U_MASK(U_UPPERCASE_LETTER),
+    Letter_Lowercase = U_MASK(U_LOWERCASE_LETTER),
+    Letter_Titlecase = U_MASK(U_TITLECASE_LETTER),
+    Letter_Modifier = U_MASK(U_MODIFIER_LETTER),
+    Letter_Other = U_MASK(U_OTHER_LETTER),
+
+    Mark_NonSpacing = U_MASK(U_NON_SPACING_MARK),
+    Mark_Enclosing = U_MASK(U_ENCLOSING_MARK),
+    Mark_SpacingCombining = U_MASK(U_COMBINING_SPACING_MARK),
+
+    Number_DecimalDigit = U_MASK(U_DECIMAL_DIGIT_NUMBER),
+    Number_Letter = U_MASK(U_LETTER_NUMBER),
+    Number_Other = U_MASK(U_OTHER_NUMBER),
+
+    Separator_Space = U_MASK(U_SPACE_SEPARATOR),
+    Separator_Line = U_MASK(U_LINE_SEPARATOR),
+    Separator_Paragraph = U_MASK(U_PARAGRAPH_SEPARATOR),
+
+    Other_Control = U_MASK(U_CONTROL_CHAR),
+    Other_Format = U_MASK(U_FORMAT_CHAR),
+    Other_PrivateUse = U_MASK(U_PRIVATE_USE_CHAR),
+    Other_Surrogate = U_MASK(U_SURROGATE),
+
+    Punctuation_Dash = U_MASK(U_DASH_PUNCTUATION),
+    Punctuation_Open = U_MASK(U_START_PUNCTUATION),
+    Punctuation_Close = U_MASK(U_END_PUNCTUATION),
+    Punctuation_Connector = U_MASK(U_CONNECTOR_PUNCTUATION),
+    Punctuation_Other = U_MASK(U_OTHER_PUNCTUATION),
+
+    Symbol_Math = U_MASK(U_MATH_SYMBOL),
+    Symbol_Currency = U_MASK(U_CURRENCY_SYMBOL),
+    Symbol_Modifier = U_MASK(U_MODIFIER_SYMBOL),
+    Symbol_Other = U_MASK(U_OTHER_SYMBOL),
+
+    Punctuation_InitialQuote = U_MASK(U_INITIAL_PUNCTUATION),
+    Punctuation_FinalQuote = U_MASK(U_FINAL_PUNCTUATION)
+};
+
+inline UChar32 foldCase(UChar32 c)
+{
+    return u_foldCase(c, U_FOLD_CASE_DEFAULT);
+}
+
+inline int foldCase(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    UErrorCode status = U_ZERO_ERROR;
+    int realLength = u_strFoldCase(result, resultLength, src, srcLength, U_FOLD_CASE_DEFAULT, &status);
+    *error = !U_SUCCESS(status);
+    return realLength;
+}
+
+inline int toLower(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    UErrorCode status = U_ZERO_ERROR;
+    int realLength = u_strToLower(result, resultLength, src, srcLength, "", &status);
+    *error = !!U_FAILURE(status);
+    return realLength;
+}
+
+inline UChar32 toLower(UChar32 c)
+{
+    return u_tolower(c);
+}
+
+inline UChar32 toUpper(UChar32 c)
+{
+    return u_toupper(c);
+}
+
+inline int toUpper(UChar* result, int resultLength, const UChar* src, int srcLength, bool* error)
+{
+    UErrorCode status = U_ZERO_ERROR;
+    int realLength = u_strToUpper(result, resultLength, src, srcLength, "", &status);
+    *error = !!U_FAILURE(status);
+    return realLength;
+}
+
+inline UChar32 toTitleCase(UChar32 c)
+{
+    return u_totitle(c);
+}
+
+inline bool isArabicChar(UChar32 c)
+{
+      return ublock_getCode(c) == UBLOCK_ARABIC;
+}
+
+inline bool isSeparatorSpace(UChar32 c)
+{
+    return u_charType(c) == U_SPACE_SEPARATOR;
+}
+
+inline bool isPrintableChar(UChar32 c)
+{
+    return !!u_isprint(c);
+}
+
+inline bool isPunct(UChar32 c)
+{
+    return !!u_ispunct(c);
+}
+
+inline bool hasLineBreakingPropertyComplexContext(UChar32 c)
+{
+    return u_getIntPropertyValue(c, UCHAR_LINE_BREAK) == U_LB_COMPLEX_CONTEXT;
+}
+
+inline bool hasLineBreakingPropertyComplexContextOrIdeographic(UChar32 c)
+{
+    int32_t prop = u_getIntPropertyValue(c, UCHAR_LINE_BREAK);
+    return prop == U_LB_COMPLEX_CONTEXT || prop == U_LB_IDEOGRAPHIC;
+}
+
+inline UChar32 mirroredChar(UChar32 c)
+{
+    return u_charMirror(c);
+}
+
+inline CharCategory category(UChar32 c)
+{
+    return static_cast<CharCategory>(U_GET_GC_MASK(c));
+}
+
+inline Direction direction(UChar32 c)
+{
+    return static_cast<Direction>(u_charDirection(c));
+}
+
+inline bool isLower(UChar32 c)
+{
+    return !!u_islower(c);
+}
+
+inline uint8_t combiningClass(UChar32 c)
+{
+    return u_getCombiningClass(c);
+}
+
+inline DecompositionType decompositionType(UChar32 c)
+{
+    return static_cast<DecompositionType>(u_getIntPropertyValue(c, UCHAR_DECOMPOSITION_TYPE));
+}
+
+inline int umemcasecmp(const UChar* a, const UChar* b, int len)
+{
+    return u_memcasecmp(a, b, len, U_FOLD_CASE_DEFAULT);
+}
+
+} }
+
+#endif // WTF_UNICODE_ICU_H
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/qt4/UnicodeQt4.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/qt4/UnicodeQt4.h
new file mode 100644
index 000000000..e01f825fe
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/qt4/UnicodeQt4.h
@@ -0,0 +1,545 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_UNICODE_QT4_H
+#define WTF_UNICODE_QT4_H
+
+#include <QChar>
+#include <QString>
+
+#include <config.h>
+
+#include <stdint.h>
+
+#if QT_VERSION >= 0x040300
+QT_BEGIN_NAMESPACE
+namespace QUnicodeTables {
+    struct Properties {
+        ushort category : 8;
+        ushort line_break_class : 8;
+        ushort direction : 8;
+        ushort combiningClass :8;
+        ushort joining : 2;
+        signed short digitValue : 6; /* 5 needed */
+        ushort unicodeVersion : 4;
+        ushort lowerCaseSpecial : 1;
+        ushort upperCaseSpecial : 1;
+        ushort titleCaseSpecial : 1;
+        ushort caseFoldSpecial : 1; /* currently unused */
+        signed short mirrorDiff : 16;
+        signed short lowerCaseDiff : 16;
+        signed short upperCaseDiff : 16;
+        signed short titleCaseDiff : 16;
+        signed short caseFoldDiff : 16;
+    };
+    Q_CORE_EXPORT const Properties * QT_FASTCALL properties(uint ucs4);
+    Q_CORE_EXPORT const Properties * QT_FASTCALL properties(ushort ucs2);
+}
+QT_END_NAMESPACE
+#endif
+
+// ugly hack to make UChar compatible with JSChar in API/JSStringRef.h
+#if defined(Q_OS_WIN) || COMPILER(WINSCW)
+typedef wchar_t UChar;
+#else
+typedef uint16_t UChar;
+#endif
+typedef uint32_t UChar32;
+
+// some defines from ICU
+
+#define U16_IS_LEAD(c) (((c)&0xfffffc00)==0xd800)
+#define U16_IS_TRAIL(c) (((c)&0xfffffc00)==0xdc00)
+#define U16_SURROGATE_OFFSET ((0xd800<<10UL)+0xdc00-0x10000)
+#define U16_GET_SUPPLEMENTARY(lead, trail) \
+    (((UChar32)(lead)<<10UL)+(UChar32)(trail)-U16_SURROGATE_OFFSET)
+
+#define U16_LEAD(supplementary) (UChar)(((supplementary)>>10)+0xd7c0)
+#define U16_TRAIL(supplementary) (UChar)(((supplementary)&0x3ff)|0xdc00)
+
+#define U_IS_SURROGATE(c) (((c)&0xfffff800)==0xd800)
+#define U16_IS_SINGLE(c) !U_IS_SURROGATE(c)
+#define U16_IS_SURROGATE(c) U_IS_SURROGATE(c)
+#define U16_IS_SURROGATE_LEAD(c) (((c)&0x400)==0)
+
+#define U16_NEXT(s, i, length, c) { \
+    (c)=(s)[(i)++]; \
+    if(U16_IS_LEAD(c)) { \
+        uint16_t __c2; \
+        if((i)<(length) && U16_IS_TRAIL(__c2=(s)[(i)])) { \
+            ++(i); \
+            (c)=U16_GET_SUPPLEMENTARY((c), __c2); \
+        } \
+    } \
+}
+
+#define U16_PREV(s, start, i, c) { \
+    (c)=(s)[--(i)]; \
+    if(U16_IS_TRAIL(c)) { \
+        uint16_t __c2; \
+        if((i)>(start) && U16_IS_LEAD(__c2=(s)[(i)-1])) { \
+            --(i); \
+            (c)=U16_GET_SUPPLEMENTARY(__c2, (c)); \
+        } \
+    } \
+}
+
+#define U_MASK(x) ((uint32_t)1<<(x))
+
+namespace WTF {
+namespace Unicode {
+
+QT_USE_NAMESPACE
+
+enum Direction {
+    LeftToRight = QChar::DirL,
+    RightToLeft = QChar::DirR,
+    EuropeanNumber = QChar::DirEN,
+    EuropeanNumberSeparator = QChar::DirES,
+    EuropeanNumberTerminator = QChar::DirET,
+    ArabicNumber = QChar::DirAN,
+    CommonNumberSeparator = QChar::DirCS,
+    BlockSeparator = QChar::DirB,
+    SegmentSeparator = QChar::DirS,
+    WhiteSpaceNeutral = QChar::DirWS,
+    OtherNeutral = QChar::DirON,
+    LeftToRightEmbedding = QChar::DirLRE,
+    LeftToRightOverride = QChar::DirLRO,
+    RightToLeftArabic = QChar::DirAL,
+    RightToLeftEmbedding = QChar::DirRLE,
+    RightToLeftOverride = QChar::DirRLO,
+    PopDirectionalFormat = QChar::DirPDF,
+    NonSpacingMark = QChar::DirNSM,
+    BoundaryNeutral = QChar::DirBN
+};
+
+enum DecompositionType {
+    DecompositionNone = QChar::NoDecomposition,
+    DecompositionCanonical = QChar::Canonical,
+    DecompositionCompat = QChar::Compat,
+    DecompositionCircle = QChar::Circle,
+    DecompositionFinal = QChar::Final,
+    DecompositionFont = QChar::Font,
+    DecompositionFraction = QChar::Fraction,
+    DecompositionInitial = QChar::Initial,
+    DecompositionIsolated = QChar::Isolated,
+    DecompositionMedial = QChar::Medial,
+    DecompositionNarrow = QChar::Narrow,
+    DecompositionNoBreak = QChar::NoBreak,
+    DecompositionSmall = QChar::Small,
+    DecompositionSquare = QChar::Square,
+    DecompositionSub = QChar::Sub,
+    DecompositionSuper = QChar::Super,
+    DecompositionVertical = QChar::Vertical,
+    DecompositionWide = QChar::Wide
+};
+
+enum CharCategory {
+    NoCategory = 0,
+    Mark_NonSpacing = U_MASK(QChar::Mark_NonSpacing),
+    Mark_SpacingCombining = U_MASK(QChar::Mark_SpacingCombining),
+    Mark_Enclosing = U_MASK(QChar::Mark_Enclosing),
+    Number_DecimalDigit = U_MASK(QChar::Number_DecimalDigit),
+    Number_Letter = U_MASK(QChar::Number_Letter),
+    Number_Other = U_MASK(QChar::Number_Other),
+    Separator_Space = U_MASK(QChar::Separator_Space),
+    Separator_Line = U_MASK(QChar::Separator_Line),
+    Separator_Paragraph = U_MASK(QChar::Separator_Paragraph),
+    Other_Control = U_MASK(QChar::Other_Control),
+    Other_Format = U_MASK(QChar::Other_Format),
+    Other_Surrogate = U_MASK(QChar::Other_Surrogate),
+    Other_PrivateUse = U_MASK(QChar::Other_PrivateUse),
+    Other_NotAssigned = U_MASK(QChar::Other_NotAssigned),
+    Letter_Uppercase = U_MASK(QChar::Letter_Uppercase),
+    Letter_Lowercase = U_MASK(QChar::Letter_Lowercase),
+    Letter_Titlecase = U_MASK(QChar::Letter_Titlecase),
+    Letter_Modifier = U_MASK(QChar::Letter_Modifier),
+    Letter_Other = U_MASK(QChar::Letter_Other),
+    Punctuation_Connector = U_MASK(QChar::Punctuation_Connector),
+    Punctuation_Dash = U_MASK(QChar::Punctuation_Dash),
+    Punctuation_Open = U_MASK(QChar::Punctuation_Open),
+    Punctuation_Close = U_MASK(QChar::Punctuation_Close),
+    Punctuation_InitialQuote = U_MASK(QChar::Punctuation_InitialQuote),
+    Punctuation_FinalQuote = U_MASK(QChar::Punctuation_FinalQuote),
+    Punctuation_Other = U_MASK(QChar::Punctuation_Other),
+    Symbol_Math = U_MASK(QChar::Symbol_Math),
+    Symbol_Currency = U_MASK(QChar::Symbol_Currency),
+    Symbol_Modifier = U_MASK(QChar::Symbol_Modifier),
+    Symbol_Other = U_MASK(QChar::Symbol_Other)
+};
+
+
+#if QT_VERSION >= 0x040300
+
+// FIXME: handle surrogates correctly in all methods
+
+inline UChar32 toLower(UChar32 ch)
+{
+    return QChar::toLower(ch);
+}
+
+inline int toLower(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+    const UChar *e = src + srcLength;
+    const UChar *s = src;
+    UChar *r = result;
+    uint rindex = 0;
+
+    // this avoids one out of bounds check in the loop
+    if (s < e && QChar(*s).isLowSurrogate()) {
+        if (r)
+            r[rindex] = *s++;
+        ++rindex;
+    }
+
+    int needed = 0;
+    while (s < e && (rindex < uint(resultLength) || !r)) {
+        uint c = *s;
+        if (QChar(c).isLowSurrogate() && QChar(*(s - 1)).isHighSurrogate())
+            c = QChar::surrogateToUcs4(*(s - 1), c);
+        const QUnicodeTables::Properties *prop = QUnicodeTables::properties(c);
+        if (prop->lowerCaseSpecial) {
+            QString qstring;
+            if (c < 0x10000) {
+                qstring += QChar(c);
+            } else {
+                qstring += QChar(*(s-1));
+                qstring += QChar(*s);
+            }
+            qstring = qstring.toLower();
+            for (int i = 0; i < qstring.length(); ++i) {
+                if (rindex >= uint(resultLength)) {
+                    needed += qstring.length() - i;
+                    break;
+                }
+                if (r)
+                    r[rindex] = qstring.at(i).unicode();
+                ++rindex;
+            }
+        } else {
+            if (r)
+                r[rindex] = *s + prop->lowerCaseDiff;
+            ++rindex;
+        }
+        ++s;
+    }
+    if (s < e)
+        needed += e - s;
+    *error = (needed != 0);
+    if (rindex < uint(resultLength))
+        r[rindex] = 0;
+    return rindex + needed;
+}
+
+inline UChar32 toUpper(UChar32 ch)
+{
+    return QChar::toUpper(ch);
+}
+
+inline int toUpper(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+    const UChar *e = src + srcLength;
+    const UChar *s = src;
+    UChar *r = result;
+    int rindex = 0;
+
+    // this avoids one out of bounds check in the loop
+    if (s < e && QChar(*s).isLowSurrogate()) {
+        if (r)
+            r[rindex] = *s++;
+        ++rindex;
+    }
+
+    int needed = 0;
+    while (s < e && (rindex < resultLength || !r)) {
+        uint c = *s;
+        if (QChar(c).isLowSurrogate() && QChar(*(s - 1)).isHighSurrogate())
+            c = QChar::surrogateToUcs4(*(s - 1), c);
+        const QUnicodeTables::Properties *prop = QUnicodeTables::properties(c);
+        if (prop->upperCaseSpecial) {
+            QString qstring;
+            if (c < 0x10000) {
+                qstring += QChar(c);
+            } else {
+                qstring += QChar(*(s-1));
+                qstring += QChar(*s);
+            }
+            qstring = qstring.toUpper();
+            for (int i = 0; i < qstring.length(); ++i) {
+                if (rindex >= resultLength) {
+                    needed += qstring.length() - i;
+                    break;
+                }
+                if (r)
+                    r[rindex] = qstring.at(i).unicode();
+                ++rindex;
+            }
+        } else {
+            if (r)
+                r[rindex] = *s + prop->upperCaseDiff;
+            ++rindex;
+        }
+        ++s;
+    }
+    if (s < e)
+        needed += e - s;
+    *error = (needed != 0);
+    if (rindex < resultLength)
+        r[rindex] = 0;
+    return rindex + needed;
+}
+
+inline int toTitleCase(UChar32 c)
+{
+    return QChar::toTitleCase(c);
+}
+
+inline UChar32 foldCase(UChar32 c)
+{
+    return QChar::toCaseFolded(c);
+}
+
+inline int foldCase(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+    // FIXME: handle special casing. Easiest with some low level API in Qt
+    *error = false;
+    if (resultLength < srcLength) {
+        *error = true;
+        return srcLength;
+    }
+    for (int i = 0; i < srcLength; ++i)
+        result[i] = QChar::toCaseFolded(ushort(src[i]));
+    return srcLength;
+}
+
+inline bool isArabicChar(UChar32 c)
+{
+    return c >= 0x0600 && c <= 0x06FF;
+}
+
+inline bool isPrintableChar(UChar32 c)
+{
+    const uint test = U_MASK(QChar::Other_Control) |
+                      U_MASK(QChar::Other_NotAssigned);
+    return !(U_MASK(QChar::category(c)) & test);
+}
+
+inline bool isSeparatorSpace(UChar32 c)
+{
+    return QChar::category(c) == QChar::Separator_Space;
+}
+
+inline bool isPunct(UChar32 c)
+{
+    const uint test = U_MASK(QChar::Punctuation_Connector) |
+                      U_MASK(QChar::Punctuation_Dash) |
+                      U_MASK(QChar::Punctuation_Open) |
+                      U_MASK(QChar::Punctuation_Close) |
+                      U_MASK(QChar::Punctuation_InitialQuote) |
+                      U_MASK(QChar::Punctuation_FinalQuote) |
+                      U_MASK(QChar::Punctuation_Other);
+    return U_MASK(QChar::category(c)) & test;
+}
+
+inline bool isLower(UChar32 c)
+{
+    return QChar::category(c) == QChar::Letter_Lowercase;
+}
+
+inline bool hasLineBreakingPropertyComplexContext(UChar32)
+{
+    // FIXME: Implement this to return whether the character has line breaking property SA (Complex Context).
+    return false;
+}
+
+inline UChar32 mirroredChar(UChar32 c)
+{
+    return QChar::mirroredChar(c);
+}
+
+inline uint8_t combiningClass(UChar32 c)
+{
+    return QChar::combiningClass(c);
+}
+
+inline DecompositionType decompositionType(UChar32 c)
+{
+    return (DecompositionType)QChar::decompositionTag(c);
+}
+
+inline int umemcasecmp(const UChar* a, const UChar* b, int len)
+{
+    // handle surrogates correctly
+    for (int i = 0; i < len; ++i) {
+        uint c1 = QChar::toCaseFolded(ushort(a[i]));
+        uint c2 = QChar::toCaseFolded(ushort(b[i]));
+        if (c1 != c2)
+            return c1 - c2;
+    }
+    return 0;
+}
+
+inline Direction direction(UChar32 c)
+{
+    return (Direction)QChar::direction(c);
+}
+
+inline CharCategory category(UChar32 c)
+{
+    return (CharCategory) U_MASK(QChar::category(c));
+}
+
+#else
+
+inline UChar32 toLower(UChar32 ch)
+{
+    if (ch > 0xffff)
+        return ch;
+    return QChar((unsigned short)ch).toLower().unicode();
+}
+
+inline int toLower(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+  *error = false;
+  if (resultLength < srcLength) {
+    *error = true;
+    return srcLength;
+  }
+  for (int i = 0; i < srcLength; ++i)
+    result[i] = QChar(src[i]).toLower().unicode();
+  return srcLength;
+}
+
+inline UChar32 toUpper(UChar32 ch)
+{
+    if (ch > 0xffff)
+        return ch;
+    return QChar((unsigned short)ch).toUpper().unicode();
+}
+
+inline int toUpper(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+    *error = false;
+    if (resultLength < srcLength) {
+        *error = true;
+        return srcLength;
+    }
+    for (int i = 0; i < srcLength; ++i)
+        result[i] = QChar(src[i]).toUpper().unicode();
+    return srcLength;
+}
+
+inline int toTitleCase(UChar32 c)
+{
+    if (c > 0xffff)
+        return c;
+    return QChar((unsigned short)c).toUpper().unicode();
+}
+
+inline UChar32 foldCase(UChar32 c)
+{
+    if (c > 0xffff)
+        return c;
+    return QChar((unsigned short)c).toLower().unicode();
+}
+
+inline int foldCase(UChar* result, int resultLength, const UChar* src, int srcLength,  bool* error)
+{
+    return toLower(result, resultLength, src, srcLength, error);
+}
+
+inline bool isPrintableChar(UChar32 c)
+{
+    return (c & 0xffff0000) == 0 && QChar((unsigned short)c).isPrint();
+}
+
+inline bool isArabicChar(UChar32 c)
+{
+    return c >= 0x0600 && c <= 0x06FF;
+}
+
+inline bool isSeparatorSpace(UChar32 c)
+{
+    return (c & 0xffff0000) == 0 && QChar((unsigned short)c).category() == QChar::Separator_Space;
+}
+
+inline bool isPunct(UChar32 c)
+{
+    return (c & 0xffff0000) == 0 && QChar((unsigned short)c).isPunct();
+}
+
+inline bool isLower(UChar32 c)
+{
+    return (c & 0xffff0000) == 0 && QChar((unsigned short)c).category() == QChar::Letter_Lowercase;
+}
+
+inline UChar32 mirroredChar(UChar32 c)
+{
+    if (c > 0xffff)
+        return c;
+    return QChar(c).mirroredChar().unicode();
+}
+
+inline uint8_t combiningClass(UChar32 c)
+{
+    if (c > 0xffff)
+        return 0;
+    return QChar((unsigned short)c).combiningClass();
+}
+
+inline DecompositionType decompositionType(UChar32 c)
+{
+    if (c > 0xffff)
+        return DecompositionNone;
+    return (DecompositionType)QChar(c).decompositionTag();
+}
+
+inline int umemcasecmp(const UChar* a, const UChar* b, int len)
+{
+    for (int i = 0; i < len; ++i) {
+        QChar c1 = QChar(a[i]).toLower();
+        QChar c2 = QChar(b[i]).toLower();
+        if (c1 != c2)
+        return c1.unicode() - c2.unicode();
+    }
+    return 0;
+}
+
+inline Direction direction(UChar32 c)
+{
+    if (c > 0xffff)
+        return LeftToRight;
+    return (Direction)QChar(c).direction();
+}
+
+inline CharCategory category(UChar32 c)
+{
+    if (c > 0xffff)
+        return NoCategory;
+    return (CharCategory) U_MASK(QChar(c).category());
+}
+
+#endif
+
+} }
+
+#endif // WTF_UNICODE_QT4_H
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.cpp
new file mode 100644
index 000000000..966f2a176
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.cpp
@@ -0,0 +1,175 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ */
+
+#include "UnicodeWince.h"
+
+#include <wchar.h>
+
+namespace WTF {
+namespace Unicode {
+
+wchar_t toLower(wchar_t c)
+{
+    return towlower(c);
+}
+
+wchar_t toUpper(wchar_t c)
+{
+    return towupper(c);
+}
+
+wchar_t foldCase(wchar_t c)
+{
+    return towlower(c);
+}
+
+bool isPrintableChar(wchar_t c)
+{
+    return !!iswprint(c);
+}
+
+bool isSpace(wchar_t c)
+{
+    return !!iswspace(c);
+}
+
+bool isLetter(wchar_t c)
+{
+    return !!iswalpha(c);
+}
+
+bool isUpper(wchar_t c)
+{
+    return !!iswupper(c);
+}
+
+bool isLower(wchar_t c)
+{
+    return !!iswlower(c);
+}
+
+bool isDigit(wchar_t c)
+{
+    return !!iswdigit(c);
+}
+
+bool isPunct(wchar_t c)
+{
+    return !!iswpunct(c);
+}
+
+int toLower(wchar_t* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError)
+{
+    const UChar* sourceIterator = source;
+    const UChar* sourceEnd = source + sourceLength;
+    UChar* resultIterator = result;
+    UChar* resultEnd = result + resultLength;
+
+    int remainingCharacters = 0;
+    if (sourceLength <= resultLength)
+        while (sourceIterator < sourceEnd)
+            *resultIterator++ = towlower(*sourceIterator++);
+    else
+        while (resultIterator < resultEnd)
+            *resultIterator++ = towlower(*sourceIterator++);
+
+    if (sourceIterator < sourceEnd)
+        remainingCharacters += sourceEnd - sourceIterator;
+    *isError = (remainingCharacters != 0);
+    if (resultIterator < resultEnd)
+        *resultIterator = 0;
+
+    return (resultIterator - result) + remainingCharacters;
+}
+
+int toUpper(wchar_t* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError)
+{
+    const UChar* sourceIterator = source;
+    const UChar* sourceEnd = source + sourceLength;
+    UChar* resultIterator = result;
+    UChar* resultEnd = result + resultLength;
+
+    int remainingCharacters = 0;
+    if (sourceLength <= resultLength)
+        while (sourceIterator < sourceEnd)
+            *resultIterator++ = towupper(*sourceIterator++);
+    else
+        while (resultIterator < resultEnd)
+            *resultIterator++ = towupper(*sourceIterator++);
+
+    if (sourceIterator < sourceEnd)
+        remainingCharacters += sourceEnd - sourceIterator;
+    *isError = (remainingCharacters != 0);
+    if (resultIterator < resultEnd)
+        *resultIterator = 0;
+
+    return (resultIterator - result) + remainingCharacters;
+}
+
+int foldCase(wchar_t* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError)
+{
+    *isError = false;
+    if (resultLength < sourceLength) {
+        *isError = true;
+        return sourceLength;
+    }
+    for (int i = 0; i < sourceLength; ++i)
+        result[i] = foldCase(source[i]);
+    return sourceLength;
+}
+
+wchar_t toTitleCase(wchar_t c)
+{
+    return towupper(c);
+}
+
+Direction direction(UChar32 c)
+{
+    return static_cast<Direction>(UnicodeCE::direction(c));
+}
+
+CharCategory category(unsigned int c)
+{
+    return static_cast<CharCategory>(TO_MASK((__int8) UnicodeCE::category(c)));
+}
+
+DecompositionType decompositionType(UChar32 c)
+{
+    return static_cast<DecompositionType>(UnicodeCE::decompositionType(c));
+}
+
+unsigned char combiningClass(UChar32 c)
+{
+    return UnicodeCE::combiningClass(c);
+}
+
+wchar_t mirroredChar(UChar32 c)
+{
+    return UnicodeCE::mirroredChar(c);
+}
+
+int digitValue(wchar_t c)
+{
+    return UnicodeCE::digitValue(c);
+}
+
+} // namespace Unicode
+} // namespace WTF
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.h
new file mode 100644
index 000000000..db656eca3
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/unicode/wince/UnicodeWince.h
@@ -0,0 +1,216 @@
+/*
+ *  Copyright (C) 2006 George Staikos <staikos@kde.org>
+ *  Copyright (C) 2006 Alexey Proskuryakov <ap@nypop.com>
+ *  Copyright (C) 2007 Apple Computer, Inc. All rights reserved.
+ *  Copyright (C) 2007-2009 Torch Mobile, Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef UNICODE_WINCE_H
+#define UNICODE_WINCE_H
+
+#include "ce_unicode.h"
+
+#define TO_MASK(x) (1 << (x))
+
+// some defines from ICU needed one or two places
+
+#define U16_IS_LEAD(c) (((c) & 0xfffffc00) == 0xd800)
+#define U16_IS_TRAIL(c) (((c) & 0xfffffc00) == 0xdc00)
+#define U16_SURROGATE_OFFSET ((0xd800 << 10UL) + 0xdc00 - 0x10000)
+#define U16_GET_SUPPLEMENTARY(lead, trail) \
+    (((UChar32)(lead) << 10UL) + (UChar32)(trail) - U16_SURROGATE_OFFSET)
+
+#define U16_LEAD(supplementary) (UChar)(((supplementary) >> 10) + 0xd7c0)
+#define U16_TRAIL(supplementary) (UChar)(((supplementary) & 0x3ff) | 0xdc00)
+
+#define U_IS_SURROGATE(c) (((c) & 0xfffff800) == 0xd800)
+#define U16_IS_SURROGATE(c) U_IS_SURROGATE(c)
+#define U16_IS_SURROGATE_LEAD(c) (((c) & 0x400) == 0)
+
+#define U16_NEXT(s, i, length, c) { \
+    (c)=(s)[(i)++]; \
+    if (U16_IS_LEAD(c)) { \
+        uint16_t __c2; \
+        if ((i) < (length) && U16_IS_TRAIL(__c2 = (s)[(i)])) { \
+            ++(i); \
+            (c) = U16_GET_SUPPLEMENTARY((c), __c2); \
+        } \
+    } \
+}
+
+#define U16_PREV(s, start, i, c) { \
+    (c)=(s)[--(i)]; \
+    if (U16_IS_TRAIL(c)) { \
+        uint16_t __c2; \
+        if ((i) > (start) && U16_IS_LEAD(__c2 = (s)[(i) - 1])) { \
+            --(i); \
+            (c) = U16_GET_SUPPLEMENTARY(__c2, (c)); \
+        } \
+    } \
+}
+
+#define U16_IS_SINGLE(c) !U_IS_SURROGATE(c)
+
+namespace WTF {
+
+    namespace Unicode {
+
+        enum Direction {
+            LeftToRight = UnicodeCE::U_LEFT_TO_RIGHT,
+            RightToLeft = UnicodeCE::U_RIGHT_TO_LEFT,
+            EuropeanNumber = UnicodeCE::U_EUROPEAN_NUMBER,
+            EuropeanNumberSeparator = UnicodeCE::U_EUROPEAN_NUMBER_SEPARATOR,
+            EuropeanNumberTerminator = UnicodeCE::U_EUROPEAN_NUMBER_TERMINATOR,
+            ArabicNumber = UnicodeCE::U_ARABIC_NUMBER,
+            CommonNumberSeparator = UnicodeCE::U_COMMON_NUMBER_SEPARATOR,
+            BlockSeparator = UnicodeCE::U_BLOCK_SEPARATOR,
+            SegmentSeparator = UnicodeCE::U_SEGMENT_SEPARATOR,
+            WhiteSpaceNeutral = UnicodeCE::U_WHITE_SPACE_NEUTRAL,
+            OtherNeutral = UnicodeCE::U_OTHER_NEUTRAL,
+            LeftToRightEmbedding = UnicodeCE::U_LEFT_TO_RIGHT_EMBEDDING,
+            LeftToRightOverride = UnicodeCE::U_LEFT_TO_RIGHT_OVERRIDE,
+            RightToLeftArabic = UnicodeCE::U_RIGHT_TO_LEFT_ARABIC,
+            RightToLeftEmbedding = UnicodeCE::U_RIGHT_TO_LEFT_EMBEDDING,
+            RightToLeftOverride = UnicodeCE::U_RIGHT_TO_LEFT_OVERRIDE,
+            PopDirectionalFormat = UnicodeCE::U_POP_DIRECTIONAL_FORMAT,
+            NonSpacingMark = UnicodeCE::U_DIR_NON_SPACING_MARK,
+            BoundaryNeutral = UnicodeCE::U_BOUNDARY_NEUTRAL
+        };
+
+        enum DecompositionType {
+          DecompositionNone = UnicodeCE::U_DT_NONE,
+          DecompositionCanonical = UnicodeCE::U_DT_CANONICAL,
+          DecompositionCompat = UnicodeCE::U_DT_COMPAT,
+          DecompositionCircle = UnicodeCE::U_DT_CIRCLE,
+          DecompositionFinal = UnicodeCE::U_DT_FINAL,
+          DecompositionFont = UnicodeCE::U_DT_FONT,
+          DecompositionFraction = UnicodeCE::U_DT_FRACTION,
+          DecompositionInitial = UnicodeCE::U_DT_INITIAL,
+          DecompositionIsolated = UnicodeCE::U_DT_ISOLATED,
+          DecompositionMedial = UnicodeCE::U_DT_MEDIAL,
+          DecompositionNarrow = UnicodeCE::U_DT_NARROW,
+          DecompositionNoBreak = UnicodeCE::U_DT_NOBREAK,
+          DecompositionSmall = UnicodeCE::U_DT_SMALL,
+          DecompositionSquare = UnicodeCE::U_DT_SQUARE,
+          DecompositionSub = UnicodeCE::U_DT_SUB,
+          DecompositionSuper = UnicodeCE::U_DT_SUPER,
+          DecompositionVertical = UnicodeCE::U_DT_VERTICAL,
+          DecompositionWide = UnicodeCE::U_DT_WIDE,
+        };
+
+        enum CharCategory {
+          NoCategory =  0,
+          Other_NotAssigned = TO_MASK(UnicodeCE::U_GENERAL_OTHER_TYPES),
+          Letter_Uppercase = TO_MASK(UnicodeCE::U_UPPERCASE_LETTER),
+          Letter_Lowercase = TO_MASK(UnicodeCE::U_LOWERCASE_LETTER),
+          Letter_Titlecase = TO_MASK(UnicodeCE::U_TITLECASE_LETTER),
+          Letter_Modifier = TO_MASK(UnicodeCE::U_MODIFIER_LETTER),
+          Letter_Other = TO_MASK(UnicodeCE::U_OTHER_LETTER),
+
+          Mark_NonSpacing = TO_MASK(UnicodeCE::U_NON_SPACING_MARK),
+          Mark_Enclosing = TO_MASK(UnicodeCE::U_ENCLOSING_MARK),
+          Mark_SpacingCombining = TO_MASK(UnicodeCE::U_COMBINING_SPACING_MARK),
+
+          Number_DecimalDigit = TO_MASK(UnicodeCE::U_DECIMAL_DIGIT_NUMBER),
+          Number_Letter = TO_MASK(UnicodeCE::U_LETTER_NUMBER),
+          Number_Other = TO_MASK(UnicodeCE::U_OTHER_NUMBER),
+
+          Separator_Space = TO_MASK(UnicodeCE::U_SPACE_SEPARATOR),
+          Separator_Line = TO_MASK(UnicodeCE::U_LINE_SEPARATOR),
+          Separator_Paragraph = TO_MASK(UnicodeCE::U_PARAGRAPH_SEPARATOR),
+
+          Other_Control = TO_MASK(UnicodeCE::U_CONTROL_CHAR),
+          Other_Format = TO_MASK(UnicodeCE::U_FORMAT_CHAR),
+          Other_PrivateUse = TO_MASK(UnicodeCE::U_PRIVATE_USE_CHAR),
+          Other_Surrogate = TO_MASK(UnicodeCE::U_SURROGATE),
+
+          Punctuation_Dash = TO_MASK(UnicodeCE::U_DASH_PUNCTUATION),
+          Punctuation_Open = TO_MASK(UnicodeCE::U_START_PUNCTUATION),
+          Punctuation_Close = TO_MASK(UnicodeCE::U_END_PUNCTUATION),
+          Punctuation_Connector = TO_MASK(UnicodeCE::U_CONNECTOR_PUNCTUATION),
+          Punctuation_Other = TO_MASK(UnicodeCE::U_OTHER_PUNCTUATION),
+
+          Symbol_Math = TO_MASK(UnicodeCE::U_MATH_SYMBOL),
+          Symbol_Currency = TO_MASK(UnicodeCE::U_CURRENCY_SYMBOL),
+          Symbol_Modifier = TO_MASK(UnicodeCE::U_MODIFIER_SYMBOL),
+          Symbol_Other = TO_MASK(UnicodeCE::U_OTHER_SYMBOL),
+
+          Punctuation_InitialQuote = TO_MASK(UnicodeCE::U_INITIAL_PUNCTUATION),
+          Punctuation_FinalQuote = TO_MASK(UnicodeCE::U_FINAL_PUNCTUATION)
+        };
+
+        CharCategory category(unsigned int);
+
+        bool isSpace(wchar_t);
+        bool isLetter(wchar_t);
+        bool isPrintableChar(wchar_t);
+        bool isUpper(wchar_t);
+        bool isLower(wchar_t);
+        bool isPunct(wchar_t);
+        bool isDigit(wchar_t);
+        inline bool isSeparatorSpace(wchar_t c) { return category(c) == Separator_Space; }
+        inline bool isHighSurrogate(wchar_t c) { return (c & 0xfc00) == 0xd800; }
+        inline bool isLowSurrogate(wchar_t c) { return (c & 0xfc00) == 0xdc00; }
+
+        wchar_t toLower(wchar_t);
+        wchar_t toUpper(wchar_t);
+        wchar_t foldCase(wchar_t);
+        wchar_t toTitleCase(wchar_t);
+        int toLower(wchar_t* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError);
+        int toUpper(wchar_t* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError);
+        int foldCase(UChar* result, int resultLength, const wchar_t* source, int sourceLength, bool* isError);
+
+        int digitValue(wchar_t);
+
+        wchar_t mirroredChar(UChar32);
+        unsigned char combiningClass(UChar32);
+        DecompositionType decompositionType(UChar32);
+        Direction direction(UChar32);
+        inline bool isArabicChar(UChar32)
+        {
+            return false; // FIXME: implement!
+        }
+
+        inline bool hasLineBreakingPropertyComplexContext(UChar32)
+        {
+            return false; // FIXME: implement!
+        }
+
+        inline int umemcasecmp(const wchar_t* a, const wchar_t* b, int len)
+        {
+            for (int i = 0; i < len; ++i) {
+                wchar_t c1 = foldCase(a[i]);
+                wchar_t c2 = foldCase(b[i]);
+                if (c1 != c2)
+                    return c1 - c2;
+            }
+            return 0;
+        }
+
+        inline UChar32 surrogateToUcs4(wchar_t high, wchar_t low)
+        {
+            return (UChar32(high) << 10) + low - 0x35fdc00;
+        }
+
+    }   // namespace Unicode
+
+}   // namespace WTF
+
+#endif
+// vim: ts=2 sw=2 et
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/FastMallocWince.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/FastMallocWince.h
new file mode 100644
index 000000000..93d9f7595
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/FastMallocWince.h
@@ -0,0 +1,177 @@
+/*
+ *  This file is part of the KDE libraries
+ *  Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2007-2009 Torch Mobile, Inc. All rights reserved
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Library General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Library General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Library General Public License
+ *  along with this library; see the file COPYING.LIB.  If not, write to
+ *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ *  Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef FastMallocWince_h
+#define FastMallocWince_h
+
+#include <new.h>
+
+#ifdef __cplusplus
+#include <new>
+#include "MemoryManager.h"
+extern "C" {
+#endif
+
+void* fastMalloc(size_t n);
+void* fastCalloc(size_t n_elements, size_t element_size);
+void fastFree(void* p);
+void* fastRealloc(void* p, size_t n);
+void* fastZeroedMalloc(size_t n);
+// These functions return 0 if an allocation fails.
+void* tryFastMalloc(size_t n);
+void* tryFastZeroedMalloc(size_t n);
+void* tryFastCalloc(size_t n_elements, size_t element_size);
+void* tryFastRealloc(void* p, size_t n);
+char* fastStrDup(const char*);
+
+#ifndef NDEBUG
+void fastMallocForbid();
+void fastMallocAllow();
+#endif
+
+#if !defined(USE_SYSTEM_MALLOC) || !USE_SYSTEM_MALLOC
+
+#define malloc(n)                           fastMalloc(n)
+#define calloc(n_elements, element_size)    fastCalloc(n_elements, element_size)
+#define realloc(p, n)                       fastRealloc(p, n)
+#define free(p)                             fastFree(p)
+#define strdup(p)                           fastStrDup(p)
+
+#else
+
+#define strdup(p)                           _strdup(p)
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+#if !defined(USE_SYSTEM_MALLOC) || !USE_SYSTEM_MALLOC
+static inline void* __cdecl operator new(size_t s) { return fastMalloc(s); }
+static inline void __cdecl operator delete(void* p) { fastFree(p); }
+static inline void* __cdecl operator new[](size_t s) { return fastMalloc(s); }
+static inline void __cdecl operator delete[](void* p) { fastFree(p); }
+static inline void* operator new(size_t s, const std::nothrow_t&) throw() { return fastMalloc(s); }
+static inline void operator delete(void* p, const std::nothrow_t&) throw() { fastFree(p); }
+static inline void* operator new[](size_t s, const std::nothrow_t&) throw() { return fastMalloc(s); }
+static inline void operator delete[](void* p, const std::nothrow_t&) throw() { fastFree(p); }
+#endif
+
+namespace WTF {
+    // This defines a type which holds an unsigned integer and is the same
+    // size as the minimally aligned memory allocation.
+    typedef unsigned long long AllocAlignmentInteger;
+
+    namespace Internal {
+        enum AllocType {                    // Start with an unusual number instead of zero, because zero is common.
+            AllocTypeMalloc = 0x375d6750,   // Encompasses fastMalloc, fastZeroedMalloc, fastCalloc, fastRealloc.
+            AllocTypeClassNew,              // Encompasses class operator new from FastAllocBase.
+            AllocTypeClassNewArray,         // Encompasses class operator new[] from FastAllocBase.
+            AllocTypeFastNew,               // Encompasses fastNew.
+            AllocTypeFastNewArray,          // Encompasses fastNewArray.
+            AllocTypeNew,                   // Encompasses global operator new.
+            AllocTypeNewArray               // Encompasses global operator new[].
+        };
+    }
+
+
+#if ENABLE(FAST_MALLOC_MATCH_VALIDATION)
+
+    // Malloc validation is a scheme whereby a tag is attached to an
+    // allocation which identifies how it was originally allocated.
+    // This allows us to verify that the freeing operation matches the
+    // allocation operation. If memory is allocated with operator new[]
+    // but freed with free or delete, this system would detect that.
+    // In the implementation here, the tag is an integer prepended to
+    // the allocation memory which is assigned one of the AllocType
+    // enumeration values. An alternative implementation of this
+    // scheme could store the tag somewhere else or ignore it.
+    // Users of FastMalloc don't need to know or care how this tagging
+    // is implemented.
+
+    namespace Internal {
+
+        // Return the AllocType tag associated with the allocated block p.
+        inline AllocType fastMallocMatchValidationType(const void* p)
+        {
+            const AllocAlignmentInteger* type = static_cast<const AllocAlignmentInteger*>(p) - 1;
+            return static_cast<AllocType>(*type);
+        }
+
+        // Return the address of the AllocType tag associated with the allocated block p.
+        inline AllocAlignmentInteger* fastMallocMatchValidationValue(void* p)
+        {
+            return reinterpret_cast<AllocAlignmentInteger*>(static_cast<char*>(p) - sizeof(AllocAlignmentInteger));
+        }
+
+        // Set the AllocType tag to be associaged with the allocated block p.
+        inline void setFastMallocMatchValidationType(void* p, AllocType allocType)
+        {
+            AllocAlignmentInteger* type = static_cast<AllocAlignmentInteger*>(p) - 1;
+            *type = static_cast<AllocAlignmentInteger>(allocType);
+        }
+
+        // Handle a detected alloc/free mismatch. By default this calls CRASH().
+        void fastMallocMatchFailed(void* p);
+
+    } // namespace Internal
+
+    // This is a higher level function which is used by FastMalloc-using code.
+    inline void fastMallocMatchValidateMalloc(void* p, Internal::AllocType allocType)
+    {
+        if (!p)
+            return;
+
+        Internal::setFastMallocMatchValidationType(p, allocType);
+    }
+
+    // This is a higher level function which is used by FastMalloc-using code.
+    inline void fastMallocMatchValidateFree(void* p, Internal::AllocType allocType)
+    {
+        if (!p)
+            return;
+
+        if (Internal::fastMallocMatchValidationType(p) != allocType)
+            Internal::fastMallocMatchFailed(p);
+        Internal::setFastMallocMatchValidationType(p, Internal::AllocTypeMalloc);  // Set it to this so that fastFree thinks it's OK.
+    }
+
+#else
+
+    inline void fastMallocMatchValidateMalloc(void*, Internal::AllocType)
+    {
+    }
+
+    inline void fastMallocMatchValidateFree(void*, Internal::AllocType)
+    {
+    }
+
+#endif
+
+} // namespace WTF
+
+#endif
+
+#endif // FastMallocWince_h
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.cpp
new file mode 100644
index 000000000..b65b36823
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.cpp
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2008-2009 Torch Mobile Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include "config.h"
+#include "MemoryManager.h"
+
+#undef malloc
+#undef calloc
+#undef realloc
+#undef free
+#undef strdup
+#undef _strdup
+#undef VirtualAlloc
+#undef VirtualFree
+
+#include <malloc.h>
+#include <windows.h>
+
+namespace WTF {
+
+MemoryManager* memoryManager()
+{
+    static MemoryManager mm;
+    return &mm;
+}
+
+MemoryManager::MemoryManager()
+: m_allocationCanFail(false)
+{
+}
+
+MemoryManager::~MemoryManager()
+{
+}
+
+HBITMAP MemoryManager::createCompatibleBitmap(HDC hdc, int width, int height)
+{
+    return ::CreateCompatibleBitmap(hdc, width, height);
+}
+
+HBITMAP MemoryManager::createDIBSection(const BITMAPINFO* pbmi, void** ppvBits)
+{
+    return ::CreateDIBSection(0, pbmi, DIB_RGB_COLORS, ppvBits, 0, 0);
+}
+
+void* MemoryManager::m_malloc(size_t size)
+{
+    return malloc(size);
+}
+
+void* MemoryManager::m_calloc(size_t num, size_t size)
+{
+    return calloc(num, size);
+}
+
+void* MemoryManager::m_realloc(void* p, size_t size)
+{
+    return realloc(p, size);
+}
+
+void MemoryManager::m_free(void* p)
+{
+    return free(p);
+}
+
+bool MemoryManager::resizeMemory(void*, size_t)
+{
+    return false;
+}
+
+void* MemoryManager::allocate64kBlock()
+{
+    return VirtualAlloc(0, 65536, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+}
+
+void MemoryManager::free64kBlock(void* p)
+{
+    VirtualFree(p, 65536, MEM_RELEASE);
+}
+
+bool MemoryManager::onIdle(DWORD& timeLimitMs)
+{
+    return false;
+}
+
+LPVOID MemoryManager::virtualAlloc(LPVOID lpAddress, DWORD dwSize, DWORD flAllocationType, DWORD flProtect)
+{
+    return ::VirtualAlloc(lpAddress, dwSize, flAllocationType, flProtect);
+}
+
+BOOL MemoryManager::virtualFree(LPVOID lpAddress, DWORD dwSize, DWORD dwFreeType)
+{
+    return ::VirtualFree(lpAddress, dwSize, dwFreeType);
+}
+
+
+#if defined(USE_SYSTEM_MALLOC) && USE_SYSTEM_MALLOC
+
+void *fastMalloc(size_t n) { return malloc(n); }
+void *fastCalloc(size_t n_elements, size_t element_size) { return calloc(n_elements, element_size); }
+void fastFree(void* p) { return free(p); }
+void *fastRealloc(void* p, size_t n) { return realloc(p, n); }
+
+#else
+
+void *fastMalloc(size_t n) { return MemoryManager::m_malloc(n); }
+void *fastCalloc(size_t n_elements, size_t element_size) { return MemoryManager::m_calloc(n_elements, element_size); }
+void fastFree(void* p) { return MemoryManager::m_free(p); }
+void *fastRealloc(void* p, size_t n) { return MemoryManager::m_realloc(p, n); }
+
+#endif
+
+#ifndef NDEBUG
+void fastMallocForbid() {}
+void fastMallocAllow() {}
+#endif
+
+void* fastZeroedMalloc(size_t n)
+{
+    void* p = fastMalloc(n);
+    if (p)
+        memset(p, 0, n);
+    return p;
+}
+
+void* tryFastMalloc(size_t n)
+{
+    MemoryAllocationCanFail canFail;
+    return fastMalloc(n);
+}
+
+void* tryFastZeroedMalloc(size_t n)
+{
+    MemoryAllocationCanFail canFail;
+    return fastZeroedMalloc(n);
+}
+
+void* tryFastCalloc(size_t n_elements, size_t element_size)
+{
+    MemoryAllocationCanFail canFail;
+    return fastCalloc(n_elements, element_size);
+}
+
+void* tryFastRealloc(void* p, size_t n)
+{
+    MemoryAllocationCanFail canFail;
+    return fastRealloc(p, n);
+}
+
+char* fastStrDup(const char* str)
+{
+    return _strdup(str);
+}
+
+}
\ No newline at end of file
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.h
new file mode 100644
index 000000000..f405612df
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/MemoryManager.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2008-2009 Torch Mobile Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#pragma once
+
+#include <winbase.h>
+
+typedef struct HBITMAP__* HBITMAP;
+typedef struct HDC__* HDC;
+typedef void *HANDLE;
+typedef struct tagBITMAPINFO BITMAPINFO;
+
+namespace WTF {
+
+    class MemoryManager {
+    public:
+        MemoryManager();
+        ~MemoryManager();
+
+        bool allocationCanFail() const { return m_allocationCanFail; }
+        void setAllocationCanFail(bool c) { m_allocationCanFail = c; }
+
+        static HBITMAP createCompatibleBitmap(HDC hdc, int width, int height);
+        static HBITMAP createDIBSection(const BITMAPINFO* pbmi, void** ppvBits);
+        static void* m_malloc(size_t size);
+        static void* m_calloc(size_t num, size_t size);
+        static void* m_realloc(void* p, size_t size);
+        static void m_free(void*);
+        static bool resizeMemory(void* p, size_t newSize);
+        static void* allocate64kBlock();
+        static void free64kBlock(void*);
+        static bool onIdle(DWORD& timeLimitMs);
+        static LPVOID virtualAlloc(LPVOID lpAddress, DWORD dwSize, DWORD flAllocationType, DWORD flProtect);
+        static BOOL virtualFree(LPVOID lpAddress, DWORD dwSize, DWORD dwFreeType);
+
+    private:
+        friend MemoryManager* memoryManager();
+
+        bool m_allocationCanFail;
+    };
+
+    MemoryManager* memoryManager();
+
+    class MemoryAllocationCanFail {
+    public:
+        MemoryAllocationCanFail() : m_old(memoryManager()->allocationCanFail()) { memoryManager()->setAllocationCanFail(true); }
+        ~MemoryAllocationCanFail() { memoryManager()->setAllocationCanFail(m_old); }
+    private:
+        bool m_old;
+    };
+
+    class MemoryAllocationCannotFail {
+    public:
+        MemoryAllocationCannotFail() : m_old(memoryManager()->allocationCanFail()) { memoryManager()->setAllocationCanFail(false); }
+        ~MemoryAllocationCannotFail() { memoryManager()->setAllocationCanFail(m_old); }
+    private:
+        bool m_old;
+    };
+}
+
+using WTF::MemoryManager;
+using WTF::memoryManager;
+using WTF::MemoryAllocationCanFail;
+using WTF::MemoryAllocationCannotFail;
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/mt19937ar.c b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/mt19937ar.c
new file mode 100644
index 000000000..4715958d1
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/wince/mt19937ar.c
@@ -0,0 +1,170 @@
+/*
+   A C-program for MT19937, with initialization improved 2002/1/26.
+   Coded by Takuji Nishimura and Makoto Matsumoto.
+
+   Before using, initialize the state by using init_genrand(seed)
+   or init_by_array(init_key, key_length).
+
+   Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+     1. Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+     3. The names of its contributors may not be used to endorse or promote
+        products derived from this software without specific prior written
+        permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+   A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+   Any feedback is very welcome.
+   http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
+   email: m-mat @ math.sci.hiroshima-u.ac.jp (remove space)
+*/
+
+#include <stdio.h>
+
+/* Period parameters */
+#define N 624
+#define M 397
+#define MATRIX_A 0x9908b0dfUL   /* constant vector a */
+#define UPPER_MASK 0x80000000UL /* most significant w-r bits */
+#define LOWER_MASK 0x7fffffffUL /* least significant r bits */
+
+static unsigned long mt[N]; /* the array for the state vector  */
+static int mti=N+1; /* mti==N+1 means mt[N] is not initialized */
+
+/* initializes mt[N] with a seed */
+void init_genrand(unsigned long s)
+{
+    mt[0]= s & 0xffffffffUL;
+    for (mti=1; mti<N; mti++) {
+        mt[mti] = (1812433253UL * (mt[mti-1] ^ (mt[mti-1] >> 30)) + mti);
+        /* See Knuth TAOCP Vol2. 3rd Ed. P.106 for multiplier. */
+        /* In the previous versions, MSBs of the seed affect   */
+        /* only MSBs of the array mt[].                        */
+        /* 2002/01/09 modified by Makoto Matsumoto             */
+        mt[mti] &= 0xffffffffUL;
+        /* for >32 bit machines */
+    }
+}
+
+/* initialize by an array with array-length */
+/* init_key is the array for initializing keys */
+/* key_length is its length */
+/* slight change for C++, 2004/2/26 */
+void init_by_array(unsigned long init_key[],int key_length)
+{
+    int i, j, k;
+    init_genrand(19650218UL);
+    i=1; j=0;
+    k = (N>key_length ? N : key_length);
+    for (; k; k--) {
+        mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1664525UL))
+          + init_key[j] + j; /* non linear */
+        mt[i] &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
+        i++; j++;
+        if (i>=N) { mt[0] = mt[N-1]; i=1; }
+        if (j>=key_length) j=0;
+    }
+    for (k=N-1; k; k--) {
+        mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1566083941UL))
+          - i; /* non linear */
+        mt[i] &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
+        i++;
+        if (i>=N) { mt[0] = mt[N-1]; i=1; }
+    }
+
+    mt[0] = 0x80000000UL; /* MSB is 1; assuring non-zero initial array */
+}
+
+/* generates a random number on [0,0xffffffff]-interval */
+unsigned long genrand_int32(void)
+{
+    unsigned long y;
+    static unsigned long mag01[2]={0x0UL, MATRIX_A};
+    /* mag01[x] = x * MATRIX_A  for x=0,1 */
+
+    if (mti >= N) { /* generate N words at one time */
+        int kk;
+
+        if (mti == N+1)   /* if init_genrand() has not been called, */
+            init_genrand(5489UL); /* a default initial seed is used */
+
+        for (kk=0;kk<N-M;kk++) {
+            y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
+            mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1UL];
+        }
+        for (;kk<N-1;kk++) {
+            y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
+            mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1UL];
+        }
+        y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK);
+        mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1UL];
+
+        mti = 0;
+    }
+
+    y = mt[mti++];
+
+    /* Tempering */
+    y ^= (y >> 11);
+    y ^= (y << 7) & 0x9d2c5680UL;
+    y ^= (y << 15) & 0xefc60000UL;
+    y ^= (y >> 18);
+
+    return y;
+}
+
+/* generates a random number on [0,0x7fffffff]-interval */
+long genrand_int31(void)
+{
+    return (long)(genrand_int32()>>1);
+}
+
+/* generates a random number on [0,1]-real-interval */
+double genrand_real1(void)
+{
+    return genrand_int32()*(1.0/4294967295.0);
+    /* divided by 2^32-1 */
+}
+
+/* generates a random number on [0,1)-real-interval */
+double genrand_real2(void)
+{
+    return genrand_int32()*(1.0/4294967296.0);
+    /* divided by 2^32 */
+}
+
+/* generates a random number on (0,1)-real-interval */
+double genrand_real3(void)
+{
+    return (((double)genrand_int32()) + 0.5)*(1.0/4294967296.0);
+    /* divided by 2^32 */
+}
+
+/* generates a random number on [0,1) with 53-bit resolution*/
+double genrand_res53(void)
+{
+    unsigned long a=genrand_int32()>>5, b=genrand_int32()>>6;
+    return(a*67108864.0+b)*(1.0/9007199254740992.0);
+}
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.cpp
new file mode 100644
index 000000000..c7b3c8119
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.cpp
@@ -0,0 +1,728 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "RegexCompiler.h"
+
+#include "RegexInterpreter.h"
+#include "RegexPattern.h"
+#include <wtf/Vector.h>
+
+#if ENABLE(YARR)
+
+using namespace WTF;
+
+namespace JSC { namespace Yarr {
+
+class CharacterClassConstructor {
+public:
+    CharacterClassConstructor(bool isCaseInsensitive = false)
+        : m_isCaseInsensitive(isCaseInsensitive)
+    {
+    }
+    
+    void reset()
+    {
+        m_matches.clear();
+        m_ranges.clear();
+        m_matchesUnicode.clear();
+        m_rangesUnicode.clear();
+    }
+
+    void append(const CharacterClass* other)
+    {
+        for (size_t i = 0; i < other->m_matches.size(); ++i)
+            addSorted(m_matches, other->m_matches[i]);
+        for (size_t i = 0; i < other->m_ranges.size(); ++i)
+            addSortedRange(m_ranges, other->m_ranges[i].begin, other->m_ranges[i].end);
+        for (size_t i = 0; i < other->m_matchesUnicode.size(); ++i)
+            addSorted(m_matchesUnicode, other->m_matchesUnicode[i]);
+        for (size_t i = 0; i < other->m_rangesUnicode.size(); ++i)
+            addSortedRange(m_rangesUnicode, other->m_rangesUnicode[i].begin, other->m_rangesUnicode[i].end);
+    }
+
+    void putChar(UChar ch)
+    {
+        if (ch <= 0x7f) {
+            if (m_isCaseInsensitive && isASCIIAlpha(ch)) {
+                addSorted(m_matches, toASCIIUpper(ch));
+                addSorted(m_matches, toASCIILower(ch));
+            } else
+                addSorted(m_matches, ch);
+        } else {
+            UChar upper, lower;
+            if (m_isCaseInsensitive && ((upper = Unicode::toUpper(ch)) != (lower = Unicode::toLower(ch)))) {
+                addSorted(m_matchesUnicode, upper);
+                addSorted(m_matchesUnicode, lower);
+            } else
+                addSorted(m_matchesUnicode, ch);
+        }
+    }
+
+    // returns true if this character has another case, and 'ch' is the upper case form.
+    static inline bool isUnicodeUpper(UChar ch)
+    {
+        return ch != Unicode::toLower(ch);
+    }
+
+    // returns true if this character has another case, and 'ch' is the lower case form.
+    static inline bool isUnicodeLower(UChar ch)
+    {
+        return ch != Unicode::toUpper(ch);
+    }
+
+    void putRange(UChar lo, UChar hi)
+    {
+        if (lo <= 0x7f) {
+            char asciiLo = lo;
+            char asciiHi = std::min(hi, (UChar)0x7f);
+            addSortedRange(m_ranges, lo, asciiHi);
+            
+            if (m_isCaseInsensitive) {
+                if ((asciiLo <= 'Z') && (asciiHi >= 'A'))
+                    addSortedRange(m_ranges, std::max(asciiLo, 'A')+('a'-'A'), std::min(asciiHi, 'Z')+('a'-'A'));
+                if ((asciiLo <= 'z') && (asciiHi >= 'a'))
+                    addSortedRange(m_ranges, std::max(asciiLo, 'a')+('A'-'a'), std::min(asciiHi, 'z')+('A'-'a'));
+            }
+        }
+        if (hi >= 0x80) {
+            uint32_t unicodeCurr = std::max(lo, (UChar)0x80);
+            addSortedRange(m_rangesUnicode, unicodeCurr, hi);
+            
+            if (m_isCaseInsensitive) {
+                while (unicodeCurr <= hi) {
+                    // If the upper bound of the range (hi) is 0xffff, the increments to
+                    // unicodeCurr in this loop may take it to 0x10000.  This is fine
+                    // (if so we won't re-enter the loop, since the loop condition above
+                    // will definitely fail) - but this does mean we cannot use a UChar
+                    // to represent unicodeCurr, we must use a 32-bit value instead.
+                    ASSERT(unicodeCurr <= 0xffff);
+
+                    if (isUnicodeUpper(unicodeCurr)) {
+                        UChar lowerCaseRangeBegin = Unicode::toLower(unicodeCurr);
+                        UChar lowerCaseRangeEnd = lowerCaseRangeBegin;
+                        while ((++unicodeCurr <= hi) && isUnicodeUpper(unicodeCurr) && (Unicode::toLower(unicodeCurr) == (lowerCaseRangeEnd + 1)))
+                            lowerCaseRangeEnd++;
+                        addSortedRange(m_rangesUnicode, lowerCaseRangeBegin, lowerCaseRangeEnd);
+                    } else if (isUnicodeLower(unicodeCurr)) {
+                        UChar upperCaseRangeBegin = Unicode::toUpper(unicodeCurr);
+                        UChar upperCaseRangeEnd = upperCaseRangeBegin;
+                        while ((++unicodeCurr <= hi) && isUnicodeLower(unicodeCurr) && (Unicode::toUpper(unicodeCurr) == (upperCaseRangeEnd + 1)))
+                            upperCaseRangeEnd++;
+                        addSortedRange(m_rangesUnicode, upperCaseRangeBegin, upperCaseRangeEnd);
+                    } else
+                        ++unicodeCurr;
+                }
+            }
+        }
+    }
+
+    CharacterClass* charClass()
+    {
+        CharacterClass* characterClass = new CharacterClass();
+
+        characterClass->m_matches.append(m_matches);
+        characterClass->m_ranges.append(m_ranges);
+        characterClass->m_matchesUnicode.append(m_matchesUnicode);
+        characterClass->m_rangesUnicode.append(m_rangesUnicode);
+
+        reset();
+
+        return characterClass;
+    }
+
+private:
+    void addSorted(Vector<UChar>& matches, UChar ch)
+    {
+        unsigned pos = 0;
+        unsigned range = matches.size();
+
+        // binary chop, find position to insert char.
+        while (range) {
+            unsigned index = range >> 1;
+
+            int val = matches[pos+index] - ch;
+            if (!val)
+                return;
+            else if (val > 0)
+                range = index;
+            else {
+                pos += (index+1);
+                range -= (index+1);
+            }
+        }
+        
+        if (pos == matches.size())
+            matches.append(ch);
+        else
+            matches.insert(pos, ch);
+    }
+
+    void addSortedRange(Vector<CharacterRange>& ranges, UChar lo, UChar hi)
+    {
+        unsigned end = ranges.size();
+        
+        // Simple linear scan - I doubt there are that many ranges anyway...
+        // feel free to fix this with something faster (eg binary chop).
+        for (unsigned i = 0; i < end; ++i) {
+            // does the new range fall before the current position in the array
+            if (hi < ranges[i].begin) {
+                // optional optimization: concatenate appending ranges? - may not be worthwhile.
+                if (hi == (ranges[i].begin - 1)) {
+                    ranges[i].begin = lo;
+                    return;
+                }
+                ranges.insert(i, CharacterRange(lo, hi));
+                return;
+            }
+            // Okay, since we didn't hit the last case, the end of the new range is definitely at or after the begining
+            // If the new range start at or before the end of the last range, then the overlap (if it starts one after the
+            // end of the last range they concatenate, which is just as good.
+            if (lo <= (ranges[i].end + 1)) {
+                // found an intersect! we'll replace this entry in the array.
+                ranges[i].begin = std::min(ranges[i].begin, lo);
+                ranges[i].end = std::max(ranges[i].end, hi);
+
+                // now check if the new range can subsume any subsequent ranges.
+                unsigned next = i+1;
+                // each iteration of the loop we will either remove something from the list, or break the loop.
+                while (next < ranges.size()) {
+                    if (ranges[next].begin <= (ranges[i].end + 1)) {
+                        // the next entry now overlaps / concatenates this one.
+                        ranges[i].end = std::max(ranges[i].end, ranges[next].end);
+                        ranges.remove(next);
+                    } else
+                        break;
+                }
+                
+                return;
+            }
+        }
+
+        // CharacterRange comes after all existing ranges.
+        ranges.append(CharacterRange(lo, hi));
+    }
+
+    bool m_isCaseInsensitive;
+
+    Vector<UChar> m_matches;
+    Vector<CharacterRange> m_ranges;
+    Vector<UChar> m_matchesUnicode;
+    Vector<CharacterRange> m_rangesUnicode;
+};
+
+
+CharacterClass* newlineCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_matches.append('\n');
+    characterClass->m_matches.append('\r');
+    characterClass->m_matchesUnicode.append(0x2028);
+    characterClass->m_matchesUnicode.append(0x2029);
+    
+    return characterClass;
+}
+
+CharacterClass* digitsCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_ranges.append(CharacterRange('0', '9'));
+    
+    return characterClass;
+}
+
+CharacterClass* spacesCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_matches.append(' ');
+    characterClass->m_ranges.append(CharacterRange('\t', '\r'));
+    characterClass->m_matchesUnicode.append(0x00a0);
+    characterClass->m_matchesUnicode.append(0x1680);
+    characterClass->m_matchesUnicode.append(0x180e);
+    characterClass->m_matchesUnicode.append(0x2028);
+    characterClass->m_matchesUnicode.append(0x2029);
+    characterClass->m_matchesUnicode.append(0x202f);
+    characterClass->m_matchesUnicode.append(0x205f);
+    characterClass->m_matchesUnicode.append(0x3000);
+    characterClass->m_rangesUnicode.append(CharacterRange(0x2000, 0x200a));
+    
+    return characterClass;
+}
+
+CharacterClass* wordcharCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_matches.append('_');
+    characterClass->m_ranges.append(CharacterRange('0', '9'));
+    characterClass->m_ranges.append(CharacterRange('A', 'Z'));
+    characterClass->m_ranges.append(CharacterRange('a', 'z'));
+    
+    return characterClass;
+}
+
+CharacterClass* nondigitsCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_ranges.append(CharacterRange(0, '0' - 1));
+    characterClass->m_ranges.append(CharacterRange('9' + 1, 0x7f));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x80, 0xffff));
+    
+    return characterClass;
+}
+
+CharacterClass* nonspacesCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_ranges.append(CharacterRange(0, '\t' - 1));
+    characterClass->m_ranges.append(CharacterRange('\r' + 1, ' ' - 1));
+    characterClass->m_ranges.append(CharacterRange(' ' + 1, 0x7f));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x0080, 0x009f));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x00a1, 0x167f));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x1681, 0x180d));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x180f, 0x1fff));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x200b, 0x2027));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x202a, 0x202e));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x2030, 0x205e));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x2060, 0x2fff));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x3001, 0xffff));
+    
+    return characterClass;
+}
+
+CharacterClass* nonwordcharCreate()
+{
+    CharacterClass* characterClass = new CharacterClass();
+
+    characterClass->m_matches.append('`');
+    characterClass->m_ranges.append(CharacterRange(0, '0' - 1));
+    characterClass->m_ranges.append(CharacterRange('9' + 1, 'A' - 1));
+    characterClass->m_ranges.append(CharacterRange('Z' + 1, '_' - 1));
+    characterClass->m_ranges.append(CharacterRange('z' + 1, 0x7f));
+    characterClass->m_rangesUnicode.append(CharacterRange(0x80, 0xffff));
+
+    return characterClass;
+}
+
+
+class RegexPatternConstructor {
+public:
+    RegexPatternConstructor(RegexPattern& pattern)
+        : m_pattern(pattern)
+        , m_characterClassConstructor(pattern.m_ignoreCase)
+    {
+    }
+
+    ~RegexPatternConstructor()
+    {
+    }
+
+    void reset()
+    {
+        m_pattern.reset();
+        m_characterClassConstructor.reset();
+    }
+    
+    void assertionBOL()
+    {
+        m_alternative->m_terms.append(PatternTerm::BOL());
+    }
+    void assertionEOL()
+    {
+        m_alternative->m_terms.append(PatternTerm::EOL());
+    }
+    void assertionWordBoundary(bool invert)
+    {
+        m_alternative->m_terms.append(PatternTerm::WordBoundary(invert));
+    }
+
+    void atomPatternCharacter(UChar ch)
+    {
+        // We handle case-insensitive checking of unicode characters which do have both
+        // cases by handling them as if they were defined using a CharacterClass.
+        if (m_pattern.m_ignoreCase && !isASCII(ch) && (Unicode::toUpper(ch) != Unicode::toLower(ch))) {
+            atomCharacterClassBegin();
+            atomCharacterClassAtom(ch);
+            atomCharacterClassEnd();
+        } else
+            m_alternative->m_terms.append(PatternTerm(ch));
+    }
+
+    void atomBuiltInCharacterClass(BuiltInCharacterClassID classID, bool invert)
+    {
+        switch (classID) {
+        case DigitClassID:
+            m_alternative->m_terms.append(PatternTerm(m_pattern.digitsCharacterClass(), invert));
+            break;
+        case SpaceClassID:
+            m_alternative->m_terms.append(PatternTerm(m_pattern.spacesCharacterClass(), invert));
+            break;
+        case WordClassID:
+            m_alternative->m_terms.append(PatternTerm(m_pattern.wordcharCharacterClass(), invert));
+            break;
+        case NewlineClassID:
+            m_alternative->m_terms.append(PatternTerm(m_pattern.newlineCharacterClass(), invert));
+            break;
+        }
+    }
+
+    void atomCharacterClassBegin(bool invert = false)
+    {
+        m_invertCharacterClass = invert;
+    }
+
+    void atomCharacterClassAtom(UChar ch)
+    {
+        m_characterClassConstructor.putChar(ch);
+    }
+
+    void atomCharacterClassRange(UChar begin, UChar end)
+    {
+        m_characterClassConstructor.putRange(begin, end);
+    }
+
+    void atomCharacterClassBuiltIn(BuiltInCharacterClassID classID, bool invert)
+    {
+        ASSERT(classID != NewlineClassID);
+
+        switch (classID) {
+        case DigitClassID:
+            m_characterClassConstructor.append(invert ? m_pattern.nondigitsCharacterClass() : m_pattern.digitsCharacterClass());
+            break;
+        
+        case SpaceClassID:
+            m_characterClassConstructor.append(invert ? m_pattern.nonspacesCharacterClass() : m_pattern.spacesCharacterClass());
+            break;
+        
+        case WordClassID:
+            m_characterClassConstructor.append(invert ? m_pattern.nonwordcharCharacterClass() : m_pattern.wordcharCharacterClass());
+            break;
+        
+        default:
+            ASSERT_NOT_REACHED();
+        }
+    }
+
+    void atomCharacterClassEnd()
+    {
+        CharacterClass* newCharacterClass = m_characterClassConstructor.charClass();
+        m_pattern.m_userCharacterClasses.append(newCharacterClass);
+        m_alternative->m_terms.append(PatternTerm(newCharacterClass, m_invertCharacterClass));
+    }
+
+    void atomParenthesesSubpatternBegin(bool capture = true)
+    {
+        unsigned subpatternId = m_pattern.m_numSubpatterns + 1;
+        if (capture)
+            m_pattern.m_numSubpatterns++;
+
+        PatternDisjunction* parenthesesDisjunction = new PatternDisjunction(m_alternative);
+        m_pattern.m_disjunctions.append(parenthesesDisjunction);
+        m_alternative->m_terms.append(PatternTerm(PatternTerm::TypeParenthesesSubpattern, subpatternId, parenthesesDisjunction, capture));
+        m_alternative = parenthesesDisjunction->addNewAlternative();
+    }
+
+    void atomParentheticalAssertionBegin(bool invert = false)
+    {
+        PatternDisjunction* parenthesesDisjunction = new PatternDisjunction(m_alternative);
+        m_pattern.m_disjunctions.append(parenthesesDisjunction);
+        m_alternative->m_terms.append(PatternTerm(PatternTerm::TypeParentheticalAssertion, m_pattern.m_numSubpatterns + 1, parenthesesDisjunction, invert));
+        m_alternative = parenthesesDisjunction->addNewAlternative();
+    }
+
+    void atomParenthesesEnd()
+    {
+        ASSERT(m_alternative->m_parent);
+        ASSERT(m_alternative->m_parent->m_parent);
+        m_alternative = m_alternative->m_parent->m_parent;
+        
+        m_alternative->lastTerm().parentheses.lastSubpatternId = m_pattern.m_numSubpatterns;
+    }
+
+    void atomBackReference(unsigned subpatternId)
+    {
+        ASSERT(subpatternId);
+        m_pattern.m_maxBackReference = std::max(m_pattern.m_maxBackReference, subpatternId);
+
+        if (subpatternId > m_pattern.m_numSubpatterns) {
+            m_alternative->m_terms.append(PatternTerm::ForwardReference());
+            return;
+        }
+
+        PatternAlternative* currentAlternative = m_alternative;
+        ASSERT(currentAlternative);
+
+        // Note to self: if we waited until the AST was baked, we could also remove forwards refs 
+        while ((currentAlternative = currentAlternative->m_parent->m_parent)) {
+            PatternTerm& term = currentAlternative->lastTerm();
+            ASSERT((term.type == PatternTerm::TypeParenthesesSubpattern) || (term.type == PatternTerm::TypeParentheticalAssertion));
+
+            if ((term.type == PatternTerm::TypeParenthesesSubpattern) && term.invertOrCapture && (subpatternId == term.subpatternId)) {
+                m_alternative->m_terms.append(PatternTerm::ForwardReference());
+                return;
+            }
+        }
+
+        m_alternative->m_terms.append(PatternTerm(subpatternId));
+    }
+
+    PatternDisjunction* copyDisjunction(PatternDisjunction* disjunction)
+    {
+        PatternDisjunction* newDisjunction = new PatternDisjunction();
+
+        newDisjunction->m_parent = disjunction->m_parent;
+        for (unsigned alt = 0; alt < disjunction->m_alternatives.size(); ++alt) {
+            PatternAlternative* alternative = disjunction->m_alternatives[alt];
+            PatternAlternative* newAlternative = newDisjunction->addNewAlternative();
+            for (unsigned i = 0; i < alternative->m_terms.size(); ++i)
+                newAlternative->m_terms.append(copyTerm(alternative->m_terms[i]));
+        }
+
+        m_pattern.m_disjunctions.append(newDisjunction);
+        return newDisjunction;
+    }
+
+    PatternTerm copyTerm(PatternTerm& term)
+    {
+        if ((term.type != PatternTerm::TypeParenthesesSubpattern) && (term.type != PatternTerm::TypeParentheticalAssertion))
+            return PatternTerm(term);
+
+        PatternTerm termCopy = term;
+        termCopy.parentheses.disjunction = copyDisjunction(termCopy.parentheses.disjunction);
+        return termCopy;
+    }
+
+    void quantifyAtom(unsigned min, unsigned max, bool greedy)
+    {
+        ASSERT(min <= max);
+        ASSERT(m_alternative->m_terms.size());
+
+        if (!max) {
+            m_alternative->removeLastTerm();
+            return;
+        }
+
+        PatternTerm& term = m_alternative->lastTerm();
+        ASSERT(term.type > PatternTerm::TypeAssertionWordBoundary);
+        ASSERT((term.quantityCount == 1) && (term.quantityType == QuantifierFixedCount));
+
+        // For any assertion with a zero minimum, not matching is valid and has no effect,
+        // remove it.  Otherwise, we need to match as least once, but there is no point
+        // matching more than once, so remove the quantifier.  It is not entirely clear
+        // from the spec whether or not this behavior is correct, but I believe this
+        // matches Firefox. :-/
+        if (term.type == PatternTerm::TypeParentheticalAssertion) {
+            if (!min)
+                m_alternative->removeLastTerm();
+            return;
+        }
+
+        if (min == 0)
+            term.quantify(max, greedy   ? QuantifierGreedy : QuantifierNonGreedy);
+        else if (min == max)
+            term.quantify(min, QuantifierFixedCount);
+        else {
+            term.quantify(min, QuantifierFixedCount);
+            m_alternative->m_terms.append(copyTerm(term));
+            // NOTE: this term is interesting from an analysis perspective, in that it can be ignored.....
+            m_alternative->lastTerm().quantify((max == UINT_MAX) ? max : max - min, greedy ? QuantifierGreedy : QuantifierNonGreedy);
+            if (m_alternative->lastTerm().type == PatternTerm::TypeParenthesesSubpattern)
+                m_alternative->lastTerm().parentheses.isCopy = true;
+        }
+    }
+
+    void disjunction()
+    {
+        m_alternative = m_alternative->m_parent->addNewAlternative();
+    }
+
+    void regexBegin()
+    {
+        m_pattern.m_body = new PatternDisjunction();
+        m_alternative = m_pattern.m_body->addNewAlternative();
+        m_pattern.m_disjunctions.append(m_pattern.m_body);
+    }
+    void regexEnd()
+    {
+    }
+    void regexError()
+    {
+    }
+
+    unsigned setupAlternativeOffsets(PatternAlternative* alternative, unsigned currentCallFrameSize, unsigned initialInputPosition)
+    {
+        alternative->m_hasFixedSize = true;
+        unsigned currentInputPosition = initialInputPosition;
+
+        for (unsigned i = 0; i < alternative->m_terms.size(); ++i) {
+            PatternTerm& term = alternative->m_terms[i];
+
+            switch (term.type) {
+            case PatternTerm::TypeAssertionBOL:
+            case PatternTerm::TypeAssertionEOL:
+            case PatternTerm::TypeAssertionWordBoundary:
+                term.inputPosition = currentInputPosition;
+                break;
+
+            case PatternTerm::TypeBackReference:
+                term.inputPosition = currentInputPosition;
+                term.frameLocation = currentCallFrameSize;
+                currentCallFrameSize += RegexStackSpaceForBackTrackInfoBackReference;
+                alternative->m_hasFixedSize = false;
+                break;
+
+            case PatternTerm::TypeForwardReference:
+                break;
+
+            case PatternTerm::TypePatternCharacter:
+                term.inputPosition = currentInputPosition;
+                if (term.quantityType != QuantifierFixedCount) {
+                    term.frameLocation = currentCallFrameSize;
+                    currentCallFrameSize += RegexStackSpaceForBackTrackInfoPatternCharacter;
+                    alternative->m_hasFixedSize = false;
+                } else
+                    currentInputPosition += term.quantityCount;
+                break;
+
+            case PatternTerm::TypeCharacterClass:
+                term.inputPosition = currentInputPosition;
+                if (term.quantityType != QuantifierFixedCount) {
+                    term.frameLocation = currentCallFrameSize;
+                    currentCallFrameSize += RegexStackSpaceForBackTrackInfoCharacterClass;
+                    alternative->m_hasFixedSize = false;
+                } else
+                    currentInputPosition += term.quantityCount;
+                break;
+
+            case PatternTerm::TypeParenthesesSubpattern:
+                // Note: for fixed once parentheses we will ensure at least the minimum is available; others are on their own.
+                term.frameLocation = currentCallFrameSize;
+                if ((term.quantityCount == 1) && !term.parentheses.isCopy) {
+                    if (term.quantityType == QuantifierFixedCount) {
+                        currentCallFrameSize = setupDisjunctionOffsets(term.parentheses.disjunction, currentCallFrameSize, currentInputPosition);
+                        currentInputPosition += term.parentheses.disjunction->m_minimumSize;
+                    } else {
+                        currentCallFrameSize += RegexStackSpaceForBackTrackInfoParenthesesOnce;
+                        currentCallFrameSize = setupDisjunctionOffsets(term.parentheses.disjunction, currentCallFrameSize, currentInputPosition);
+                    }
+                    term.inputPosition = currentInputPosition;
+                } else {
+                    term.inputPosition = currentInputPosition;
+                    setupDisjunctionOffsets(term.parentheses.disjunction, 0, currentInputPosition);
+                    currentCallFrameSize += RegexStackSpaceForBackTrackInfoParentheses;
+                }
+                // Fixed count of 1 could be accepted, if they have a fixed size *AND* if all alternatives are of the same length.
+                alternative->m_hasFixedSize = false;
+                break;
+
+            case PatternTerm::TypeParentheticalAssertion:
+                term.inputPosition = currentInputPosition;
+                term.frameLocation = currentCallFrameSize;
+                currentCallFrameSize = setupDisjunctionOffsets(term.parentheses.disjunction, currentCallFrameSize + RegexStackSpaceForBackTrackInfoParentheticalAssertion, currentInputPosition);
+                break;
+            }
+        }
+
+        alternative->m_minimumSize = currentInputPosition - initialInputPosition;
+        return currentCallFrameSize;
+    }
+
+    unsigned setupDisjunctionOffsets(PatternDisjunction* disjunction, unsigned initialCallFrameSize, unsigned initialInputPosition)
+    {
+        if ((disjunction != m_pattern.m_body) && (disjunction->m_alternatives.size() > 1))
+            initialCallFrameSize += RegexStackSpaceForBackTrackInfoAlternative;
+
+        unsigned minimumInputSize = UINT_MAX;
+        unsigned maximumCallFrameSize = 0;
+        bool hasFixedSize = true;
+
+        for (unsigned alt = 0; alt < disjunction->m_alternatives.size(); ++alt) {
+            PatternAlternative* alternative = disjunction->m_alternatives[alt];
+            unsigned currentAlternativeCallFrameSize = setupAlternativeOffsets(alternative, initialCallFrameSize, initialInputPosition);
+            minimumInputSize = min(minimumInputSize, alternative->m_minimumSize);
+            maximumCallFrameSize = max(maximumCallFrameSize, currentAlternativeCallFrameSize);
+            hasFixedSize &= alternative->m_hasFixedSize;
+        }
+        
+        ASSERT(minimumInputSize != UINT_MAX);
+        ASSERT(maximumCallFrameSize >= initialCallFrameSize);
+
+        disjunction->m_hasFixedSize = hasFixedSize;
+        disjunction->m_minimumSize = minimumInputSize;
+        disjunction->m_callFrameSize = maximumCallFrameSize;
+        return maximumCallFrameSize;
+    }
+
+    void setupOffsets()
+    {
+        setupDisjunctionOffsets(m_pattern.m_body, 0, 0);
+    }
+
+private:
+    RegexPattern& m_pattern;
+    PatternAlternative* m_alternative;
+    CharacterClassConstructor m_characterClassConstructor;
+    bool m_invertCharacterClass;
+};
+
+
+const char* compileRegex(const UString& patternString, RegexPattern& pattern)
+{
+    RegexPatternConstructor constructor(pattern);
+
+    if (const char* error = parse(constructor, patternString))
+        return error;
+    
+    // If the pattern contains illegal backreferences reset & reparse.
+    // Quoting Netscape's "What's new in JavaScript 1.2",
+    //      "Note: if the number of left parentheses is less than the number specified
+    //       in \#, the \# is taken as an octal escape as described in the next row."
+    if (pattern.containsIllegalBackReference()) {
+        unsigned numSubpatterns = pattern.m_numSubpatterns;
+
+        constructor.reset();
+#ifndef NDEBUG
+        const char* error =
+#endif
+            parse(constructor, patternString, numSubpatterns);
+
+        ASSERT(!error);
+        ASSERT(numSubpatterns == pattern.m_numSubpatterns);
+    }
+
+    constructor.setupOffsets();
+
+    return false;
+};
+
+
+} }
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.h b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.h
new file mode 100644
index 000000000..3ed2be9e4
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexCompiler.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RegexCompiler_h
+#define RegexCompiler_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(YARR)
+
+#include <wtf/unicode/Unicode.h>
+#include "RegexParser.h"
+#include "RegexPattern.h"
+
+namespace JSC { namespace Yarr {
+
+const char* compileRegex(const UString& patternString, RegexPattern& pattern);
+
+} } // namespace JSC::Yarr
+
+#endif
+
+#endif // RegexCompiler_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.cpp
new file mode 100644
index 000000000..aafea3cf9
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.cpp
@@ -0,0 +1,1638 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "RegexInterpreter.h"
+
+#include "RegexCompiler.h"
+#include "RegexPattern.h"
+
+#ifndef NDEBUG
+#include <stdio.h>
+#endif
+
+#if ENABLE(YARR)
+
+using namespace WTF;
+
+namespace JSC { namespace Yarr {
+
+class Interpreter {
+public:
+    struct ParenthesesDisjunctionContext;
+
+    struct BackTrackInfoPatternCharacter {
+        uintptr_t matchAmount;
+    };
+    struct BackTrackInfoCharacterClass {
+        uintptr_t matchAmount;
+    };
+    struct BackTrackInfoBackReference {
+        uintptr_t begin; // Not really needed for greedy quantifiers.
+        uintptr_t matchAmount; // Not really needed for fixed quantifiers.
+    };
+    struct BackTrackInfoAlternative {
+        uintptr_t offset;
+    };
+    struct BackTrackInfoParentheticalAssertion {
+        uintptr_t begin;
+    };
+    struct BackTrackInfoParenthesesOnce {
+        uintptr_t inParentheses;
+    };
+    struct BackTrackInfoParentheses {
+        uintptr_t matchAmount;
+        ParenthesesDisjunctionContext* lastContext;
+        uintptr_t prevBegin;
+        uintptr_t prevEnd;
+    };
+
+    static inline void appendParenthesesDisjunctionContext(BackTrackInfoParentheses* backTrack, ParenthesesDisjunctionContext* context)
+    {
+        context->next = backTrack->lastContext;
+        backTrack->lastContext = context;
+        ++backTrack->matchAmount;
+    }
+
+    static inline void popParenthesesDisjunctionContext(BackTrackInfoParentheses* backTrack)
+    {
+        ASSERT(backTrack->matchAmount);
+        ASSERT(backTrack->lastContext);
+        backTrack->lastContext = backTrack->lastContext->next;
+        --backTrack->matchAmount;
+    }
+
+    struct DisjunctionContext
+    {
+        DisjunctionContext()
+            : term(0)
+        {
+        }
+
+        void* operator new(size_t, void* where)
+        {
+            return where;
+        }
+
+        int term;
+        unsigned matchBegin;
+        unsigned matchEnd;
+        uintptr_t frame[1];
+    };
+
+    DisjunctionContext* allocDisjunctionContext(ByteDisjunction* disjunction)
+    {
+        return new(malloc(sizeof(DisjunctionContext) + (disjunction->m_frameSize - 1) * sizeof(uintptr_t))) DisjunctionContext();
+    }
+
+    void freeDisjunctionContext(DisjunctionContext* context)
+    {
+        free(context);
+    }
+
+    struct ParenthesesDisjunctionContext
+    {
+        ParenthesesDisjunctionContext(int* output, ByteTerm& term)
+            : next(0)
+        {
+            unsigned firstSubpatternId = term.atom.subpatternId;
+            unsigned numNestedSubpatterns = term.atom.parenthesesDisjunction->m_numSubpatterns;
+
+            for (unsigned i = 0; i < (numNestedSubpatterns << 1); ++i) {
+                subpatternBackup[i] = output[(firstSubpatternId << 1) + i];
+                output[(firstSubpatternId << 1) + i] = -1;
+            }
+
+            new(getDisjunctionContext(term)) DisjunctionContext();
+        }
+
+        void* operator new(size_t, void* where)
+        {
+            return where;
+        }
+
+        void restoreOutput(int* output, unsigned firstSubpatternId, unsigned numNestedSubpatterns)
+        {
+            for (unsigned i = 0; i < (numNestedSubpatterns << 1); ++i)
+                output[(firstSubpatternId << 1) + i] = subpatternBackup[i];
+        }
+
+        DisjunctionContext* getDisjunctionContext(ByteTerm& term)
+        {
+            return reinterpret_cast<DisjunctionContext*>(&(subpatternBackup[term.atom.parenthesesDisjunction->m_numSubpatterns << 1]));
+        }
+
+        ParenthesesDisjunctionContext* next;
+        int subpatternBackup[1];
+    };
+
+    ParenthesesDisjunctionContext* allocParenthesesDisjunctionContext(ByteDisjunction* disjunction, int* output, ByteTerm& term)
+    {
+        return new(malloc(sizeof(ParenthesesDisjunctionContext) + (((term.atom.parenthesesDisjunction->m_numSubpatterns << 1) - 1) * sizeof(int)) + sizeof(DisjunctionContext) + (disjunction->m_frameSize - 1) * sizeof(uintptr_t))) ParenthesesDisjunctionContext(output, term);
+    }
+
+    void freeParenthesesDisjunctionContext(ParenthesesDisjunctionContext* context)
+    {
+        free(context);
+    }
+
+    class InputStream {
+    public:
+        InputStream(const UChar* input, unsigned start, unsigned length)
+            : input(input)
+            , pos(start)
+            , length(length)
+        {
+        }
+
+        void next()
+        {
+            ++pos;
+        }
+
+        void rewind(unsigned amount)
+        {
+            ASSERT(pos >= amount);
+            pos -= amount;
+        }
+
+        int read()
+        {
+            ASSERT(pos < length);
+            if (pos < length)
+                return input[pos];
+            return -1;
+        }
+
+        int readChecked(int position)
+        {
+            ASSERT(position < 0);
+            ASSERT((unsigned)-position <= pos);
+            unsigned p = pos + position;
+            ASSERT(p < length);
+            return input[p];
+        }
+
+        int reread(unsigned from)
+        {
+            ASSERT(from < length);
+            return input[from];
+        }
+
+        int prev()
+        {
+            ASSERT(!(pos > length));
+            if (pos && length)
+                return input[pos - 1];
+            return -1;
+        }
+
+        unsigned getPos()
+        {
+            return pos;
+        }
+
+        void setPos(unsigned p)
+        {
+            pos = p;
+        }
+
+        bool atStart()
+        {
+            return pos == 0;
+        }
+
+        bool atEnd()
+        {
+            return pos == length;
+        }
+
+        bool checkInput(int count)
+        {
+            if ((pos + count) <= length) {
+                pos += count;
+                return true;
+            } else
+                return false;
+        }
+
+        void uncheckInput(int count)
+        {
+            pos -= count;
+        }
+
+        bool atStart(int position)
+        {
+            return (pos + position) == 0;
+        }
+
+        bool atEnd(int position)
+        {
+            return (pos + position) == length;
+        }
+
+    private:
+        const UChar* input;
+        unsigned pos;
+        unsigned length;
+    };
+
+    bool testCharacterClass(CharacterClass* characterClass, int ch)
+    {
+        if (ch & 0xFF80) {
+            for (unsigned i = 0; i < characterClass->m_matchesUnicode.size(); ++i)
+                if (ch == characterClass->m_matchesUnicode[i])
+                    return true;
+            for (unsigned i = 0; i < characterClass->m_rangesUnicode.size(); ++i)
+                if ((ch >= characterClass->m_rangesUnicode[i].begin) && (ch <= characterClass->m_rangesUnicode[i].end))
+                    return true;
+        } else {
+            for (unsigned i = 0; i < characterClass->m_matches.size(); ++i)
+                if (ch == characterClass->m_matches[i])
+                    return true;
+            for (unsigned i = 0; i < characterClass->m_ranges.size(); ++i)
+                if ((ch >= characterClass->m_ranges[i].begin) && (ch <= characterClass->m_ranges[i].end))
+                    return true;
+        }
+
+        return false;
+    }
+
+    bool tryConsumeCharacter(int testChar)
+    {
+        if (input.atEnd())
+            return false;
+
+        int ch = input.read();
+
+        if (pattern->m_ignoreCase ? ((Unicode::toLower(testChar) == ch) || (Unicode::toUpper(testChar) == ch)) : (testChar == ch)) {
+            input.next();
+            return true;
+        }
+        return false;
+    }
+
+    bool checkCharacter(int testChar, int inputPosition)
+    {
+        return testChar == input.readChecked(inputPosition);
+    }
+
+    bool checkCasedCharacter(int loChar, int hiChar, int inputPosition)
+    {
+        int ch = input.readChecked(inputPosition);
+        return (loChar == ch) || (hiChar == ch);
+    }
+
+    bool tryConsumeCharacterClass(CharacterClass* characterClass, bool invert)
+    {
+        if (input.atEnd())
+            return false;
+
+        bool match = testCharacterClass(characterClass, input.read());
+
+        if (invert)
+            match = !match;
+
+        if (match) {
+            input.next();
+            return true;
+        }
+        return false;
+    }
+
+    bool checkCharacterClass(CharacterClass* characterClass, bool invert, int inputPosition)
+    {
+        bool match = testCharacterClass(characterClass, input.readChecked(inputPosition));
+        return invert ? !match : match;
+    }
+
+    bool tryConsumeBackReference(int matchBegin, int matchEnd, int inputOffset)
+    {
+        int matchSize = matchEnd - matchBegin;
+
+        if (!input.checkInput(matchSize))
+            return false;
+
+        for (int i = 0; i < matchSize; ++i) {
+            if (!checkCharacter(input.reread(matchBegin + i), inputOffset - matchSize + i)) {
+                input.uncheckInput(matchSize);
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    bool matchAssertionBOL(ByteTerm& term)
+    {
+        return (input.atStart(term.inputPosition)) || (pattern->m_multiline && testCharacterClass(pattern->newlineCharacterClass, input.readChecked(term.inputPosition - 1)));
+    }
+
+    bool matchAssertionEOL(ByteTerm& term)
+    {
+        if (term.inputPosition)
+            return (input.atEnd(term.inputPosition)) || (pattern->m_multiline && testCharacterClass(pattern->newlineCharacterClass, input.readChecked(term.inputPosition)));
+        else
+            return (input.atEnd()) || (pattern->m_multiline && testCharacterClass(pattern->newlineCharacterClass, input.read()));
+    }
+
+    bool matchAssertionWordBoundary(ByteTerm& term)
+    {
+        bool prevIsWordchar = !input.atStart(term.inputPosition) && testCharacterClass(pattern->wordcharCharacterClass, input.readChecked(term.inputPosition - 1));
+        bool readIsWordchar;
+        if (term.inputPosition)
+            readIsWordchar = !input.atEnd(term.inputPosition) && testCharacterClass(pattern->wordcharCharacterClass, input.readChecked(term.inputPosition));
+        else
+            readIsWordchar = !input.atEnd() && testCharacterClass(pattern->wordcharCharacterClass, input.read());
+
+        bool wordBoundary = prevIsWordchar != readIsWordchar;
+        return term.invert() ? !wordBoundary : wordBoundary;
+    }
+
+    bool backtrackPatternCharacter(ByteTerm& term, DisjunctionContext* context)
+    {
+        BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount:
+            break;
+
+        case QuantifierGreedy:
+            if (backTrack->matchAmount) {
+                --backTrack->matchAmount;
+                input.uncheckInput(1);
+                return true;
+            }
+            break;
+
+        case QuantifierNonGreedy:
+            if ((backTrack->matchAmount < term.atom.quantityCount) && input.checkInput(1)) {
+                ++backTrack->matchAmount;
+                if (checkCharacter(term.atom.patternCharacter, term.inputPosition - 1))
+                    return true;
+            }
+            input.uncheckInput(backTrack->matchAmount);
+            break;
+        }
+
+        return false;
+    }
+
+    bool backtrackPatternCasedCharacter(ByteTerm& term, DisjunctionContext* context)
+    {
+        BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount:
+            break;
+
+        case QuantifierGreedy:
+            if (backTrack->matchAmount) {
+                --backTrack->matchAmount;
+                input.uncheckInput(1);
+                return true;
+            }
+            break;
+
+        case QuantifierNonGreedy:
+            if ((backTrack->matchAmount < term.atom.quantityCount) && input.checkInput(1)) {
+                ++backTrack->matchAmount;
+                if (checkCasedCharacter(term.atom.casedCharacter.lo, term.atom.casedCharacter.hi, term.inputPosition - 1))
+                    return true;
+            }
+            input.uncheckInput(backTrack->matchAmount);
+            break;
+        }
+
+        return false;
+    }
+
+    bool matchCharacterClass(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeCharacterClass);
+        BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount: {
+            for (unsigned matchAmount = 0; matchAmount < term.atom.quantityCount; ++matchAmount) {
+                if (!checkCharacterClass(term.atom.characterClass, term.invert(), term.inputPosition + matchAmount))
+                    return false;
+            }
+            return true;
+        }
+
+        case QuantifierGreedy: {
+            unsigned matchAmount = 0;
+            while ((matchAmount < term.atom.quantityCount) && input.checkInput(1)) {
+                if (!checkCharacterClass(term.atom.characterClass, term.invert(), term.inputPosition - 1)) {
+                    input.uncheckInput(1);
+                    break;
+                }
+                ++matchAmount;
+            }
+            backTrack->matchAmount = matchAmount;
+
+            return true;
+        }
+
+        case QuantifierNonGreedy:
+            backTrack->matchAmount = 0;
+            return true;
+        }
+
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+    bool backtrackCharacterClass(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeCharacterClass);
+        BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount:
+            break;
+
+        case QuantifierGreedy:
+            if (backTrack->matchAmount) {
+                --backTrack->matchAmount;
+                input.uncheckInput(1);
+                return true;
+            }
+            break;
+
+        case QuantifierNonGreedy:
+            if ((backTrack->matchAmount < term.atom.quantityCount) && input.checkInput(1)) {
+                ++backTrack->matchAmount;
+                if (checkCharacterClass(term.atom.characterClass, term.invert(), term.inputPosition - 1))
+                    return true;
+            }
+            input.uncheckInput(backTrack->matchAmount);
+            break;
+        }
+
+        return false;
+    }
+
+    bool matchBackReference(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeBackReference);
+        BackTrackInfoBackReference* backTrack = reinterpret_cast<BackTrackInfoBackReference*>(context->frame + term.frameLocation);
+
+        int matchBegin = output[(term.atom.subpatternId << 1)];
+        int matchEnd = output[(term.atom.subpatternId << 1) + 1];
+        ASSERT((matchBegin == -1) == (matchEnd == -1));
+        ASSERT(matchBegin <= matchEnd);
+
+        if (matchBegin == matchEnd)
+            return true;
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount: {
+            backTrack->begin = input.getPos();
+            for (unsigned matchAmount = 0; matchAmount < term.atom.quantityCount; ++matchAmount) {
+                if (!tryConsumeBackReference(matchBegin, matchEnd, term.inputPosition)) {
+                    input.setPos(backTrack->begin);
+                    return false;
+                }
+            }
+            return true;
+        }
+
+        case QuantifierGreedy: {
+            unsigned matchAmount = 0;
+            while ((matchAmount < term.atom.quantityCount) && tryConsumeBackReference(matchBegin, matchEnd, term.inputPosition))
+                ++matchAmount;
+            backTrack->matchAmount = matchAmount;
+            return true;
+        }
+
+        case QuantifierNonGreedy:
+            backTrack->begin = input.getPos();
+            backTrack->matchAmount = 0;
+            return true;
+        }
+
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+    bool backtrackBackReference(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeBackReference);
+        BackTrackInfoBackReference* backTrack = reinterpret_cast<BackTrackInfoBackReference*>(context->frame + term.frameLocation);
+
+        int matchBegin = output[(term.atom.subpatternId << 1)];
+        int matchEnd = output[(term.atom.subpatternId << 1) + 1];
+        ASSERT((matchBegin == -1) == (matchEnd == -1));
+        ASSERT(matchBegin <= matchEnd);
+
+        if (matchBegin == matchEnd)
+            return false;
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount:
+            // for quantityCount == 1, could rewind.
+            input.setPos(backTrack->begin);
+            break;
+
+        case QuantifierGreedy:
+            if (backTrack->matchAmount) {
+                --backTrack->matchAmount;
+                input.rewind(matchEnd - matchBegin);
+                return true;
+            }
+            break;
+
+        case QuantifierNonGreedy:
+            if ((backTrack->matchAmount < term.atom.quantityCount) && tryConsumeBackReference(matchBegin, matchEnd, term.inputPosition)) {
+                ++backTrack->matchAmount;
+                return true;
+            } else
+                input.setPos(backTrack->begin);
+            break;
+        }
+
+        return false;
+    }
+
+    void recordParenthesesMatch(ByteTerm& term, ParenthesesDisjunctionContext* context)
+    {
+        if (term.capture()) {
+            unsigned subpatternId = term.atom.subpatternId;
+            output[(subpatternId << 1)] = context->getDisjunctionContext(term)->matchBegin + term.inputPosition;
+            output[(subpatternId << 1) + 1] = context->getDisjunctionContext(term)->matchEnd + term.inputPosition;
+        }
+    }
+    void resetMatches(ByteTerm& term, ParenthesesDisjunctionContext* context)
+    {
+        unsigned firstSubpatternId = term.atom.subpatternId;
+        unsigned count = term.atom.parenthesesDisjunction->m_numSubpatterns;
+        context->restoreOutput(output, firstSubpatternId, count);
+    }
+    void resetAssertionMatches(ByteTerm& term)
+    {
+        unsigned firstSubpatternId = term.atom.subpatternId;
+        unsigned count = term.atom.parenthesesDisjunction->m_numSubpatterns;
+        for (unsigned i = 0; i < (count << 1); ++i)
+            output[(firstSubpatternId << 1) + i] = -1;
+    }
+    bool parenthesesDoBacktrack(ByteTerm& term, BackTrackInfoParentheses* backTrack)
+    {
+        while (backTrack->matchAmount) {
+            ParenthesesDisjunctionContext* context = backTrack->lastContext;
+
+            if (matchDisjunction(term.atom.parenthesesDisjunction, context->getDisjunctionContext(term), true))
+                return true;
+
+            resetMatches(term, context);
+            popParenthesesDisjunctionContext(backTrack);
+            freeParenthesesDisjunctionContext(context);
+        }
+
+        return false;
+    }
+
+    bool matchParenthesesOnceBegin(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpatternOnceBegin);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParenthesesOnce* backTrack = reinterpret_cast<BackTrackInfoParenthesesOnce*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierGreedy: {
+            // set this speculatively; if we get to the parens end this will be true.
+            backTrack->inParentheses = 1;
+            break;
+        }
+        case QuantifierNonGreedy: {
+            backTrack->inParentheses = 0;
+            context->term += term.atom.parenthesesWidth;
+            return true;
+        }
+        case QuantifierFixedCount:
+            break;
+        }
+
+        if (term.capture()) {
+            unsigned subpatternId = term.atom.subpatternId;
+            output[(subpatternId << 1)] = input.getPos() + term.inputPosition;
+        }
+
+        return true;
+    }
+
+    bool matchParenthesesOnceEnd(ByteTerm& term, DisjunctionContext*)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpatternOnceEnd);
+        ASSERT(term.atom.quantityCount == 1);
+
+        if (term.capture()) {
+            unsigned subpatternId = term.atom.subpatternId;
+            output[(subpatternId << 1) + 1] = input.getPos() + term.inputPosition;
+        }
+        return true;
+    }
+
+    bool backtrackParenthesesOnceBegin(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpatternOnceBegin);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParenthesesOnce* backTrack = reinterpret_cast<BackTrackInfoParenthesesOnce*>(context->frame + term.frameLocation);
+
+        if (term.capture()) {
+            unsigned subpatternId = term.atom.subpatternId;
+            output[(subpatternId << 1)] = -1;
+            output[(subpatternId << 1) + 1] = -1;
+        }
+
+        switch (term.atom.quantityType) {
+        case QuantifierGreedy:
+            // if we backtrack to this point, there is another chance - try matching nothing.
+            ASSERT(backTrack->inParentheses);
+            backTrack->inParentheses = 0;
+            context->term += term.atom.parenthesesWidth;
+            return true;
+        case QuantifierNonGreedy:
+            ASSERT(backTrack->inParentheses);
+        case QuantifierFixedCount:
+            break;
+        }
+
+        return false;
+    }
+
+    bool backtrackParenthesesOnceEnd(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpatternOnceEnd);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParenthesesOnce* backTrack = reinterpret_cast<BackTrackInfoParenthesesOnce*>(context->frame + term.frameLocation);
+
+        switch (term.atom.quantityType) {
+        case QuantifierGreedy:
+            if (!backTrack->inParentheses) {
+                context->term -= term.atom.parenthesesWidth;
+                return false;
+            }
+        case QuantifierNonGreedy:
+            if (!backTrack->inParentheses) {
+                // now try to match the parens; set this speculatively.
+                backTrack->inParentheses = 1;
+                if (term.capture()) {
+                    unsigned subpatternId = term.atom.subpatternId;
+                    output[(subpatternId << 1) + 1] = input.getPos() + term.inputPosition;
+                }
+                context->term -= term.atom.parenthesesWidth;
+                return true;
+            }
+        case QuantifierFixedCount:
+            break;
+        }
+
+        return false;
+    }
+
+    bool matchParentheticalAssertionBegin(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParentheticalAssertionBegin);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParentheticalAssertion* backTrack = reinterpret_cast<BackTrackInfoParentheticalAssertion*>(context->frame + term.frameLocation);
+
+        backTrack->begin = input.getPos();
+        return true;
+    }
+
+    bool matchParentheticalAssertionEnd(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParentheticalAssertionEnd);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParentheticalAssertion* backTrack = reinterpret_cast<BackTrackInfoParentheticalAssertion*>(context->frame + term.frameLocation);
+
+        input.setPos(backTrack->begin);
+
+        // We've reached the end of the parens; if they are inverted, this is failure.
+        if (term.invert()) {
+            context->term -= term.atom.parenthesesWidth;
+            return false;
+        }
+
+        return true;
+    }
+
+    bool backtrackParentheticalAssertionBegin(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParentheticalAssertionBegin);
+        ASSERT(term.atom.quantityCount == 1);
+
+        // We've failed to match parens; if they are inverted, this is win!
+        if (term.invert()) {
+            context->term += term.atom.parenthesesWidth;
+            return true;
+        }
+
+        return false;
+    }
+
+    bool backtrackParentheticalAssertionEnd(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParentheticalAssertionEnd);
+        ASSERT(term.atom.quantityCount == 1);
+
+        BackTrackInfoParentheticalAssertion* backTrack = reinterpret_cast<BackTrackInfoParentheticalAssertion*>(context->frame + term.frameLocation);
+
+        input.setPos(backTrack->begin);
+
+        context->term -= term.atom.parenthesesWidth;
+        return false;
+    }
+
+    bool matchParentheses(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpattern);
+
+        BackTrackInfoParentheses* backTrack = reinterpret_cast<BackTrackInfoParentheses*>(context->frame + term.frameLocation);
+
+        unsigned subpatternId = term.atom.subpatternId;
+        ByteDisjunction* disjunctionBody = term.atom.parenthesesDisjunction;
+
+        backTrack->prevBegin = output[(subpatternId << 1)];
+        backTrack->prevEnd = output[(subpatternId << 1) + 1];
+
+        backTrack->matchAmount = 0;
+        backTrack->lastContext = 0;
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount: {
+            // While we haven't yet reached our fixed limit,
+            while (backTrack->matchAmount < term.atom.quantityCount) {
+                // Try to do a match, and it it succeeds, add it to the list.
+                ParenthesesDisjunctionContext* context = allocParenthesesDisjunctionContext(disjunctionBody, output, term);
+                if (matchDisjunction(disjunctionBody, context->getDisjunctionContext(term)))
+                    appendParenthesesDisjunctionContext(backTrack, context);
+                else {
+                    // The match failed; try to find an alternate point to carry on from.
+                    resetMatches(term, context);
+                    freeParenthesesDisjunctionContext(context);
+                    if (!parenthesesDoBacktrack(term, backTrack))
+                        return false;
+                }
+            }
+
+            ASSERT(backTrack->matchAmount == term.atom.quantityCount);
+            ParenthesesDisjunctionContext* context = backTrack->lastContext;
+            recordParenthesesMatch(term, context);
+            return true;
+        }
+
+        case QuantifierGreedy: {
+            while (backTrack->matchAmount < term.atom.quantityCount) {
+                ParenthesesDisjunctionContext* context = allocParenthesesDisjunctionContext(disjunctionBody, output, term);
+                if (matchNonZeroDisjunction(disjunctionBody, context->getDisjunctionContext(term)))
+                    appendParenthesesDisjunctionContext(backTrack, context);
+                else {
+                    resetMatches(term, context);
+                    freeParenthesesDisjunctionContext(context);
+                    break;
+                }
+            }
+
+            if (backTrack->matchAmount) {
+                ParenthesesDisjunctionContext* context = backTrack->lastContext;
+                recordParenthesesMatch(term, context);
+            }
+            return true;
+        }
+
+        case QuantifierNonGreedy:
+            return true;
+        }
+
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+    // Rules for backtracking differ depending on whether this is greedy or non-greedy.
+    //
+    // Greedy matches never should try just adding more - you should already have done
+    // the 'more' cases.  Always backtrack, at least a leetle bit.  However cases where
+    // you backtrack an item off the list needs checking, since we'll never have matched
+    // the one less case.  Tracking forwards, still add as much as possible.
+    //
+    // Non-greedy, we've already done the one less case, so don't match on popping.
+    // We haven't done the one more case, so always try to add that.
+    //
+    bool backtrackParentheses(ByteTerm& term, DisjunctionContext* context)
+    {
+        ASSERT(term.type == ByteTerm::TypeParenthesesSubpattern);
+
+        BackTrackInfoParentheses* backTrack = reinterpret_cast<BackTrackInfoParentheses*>(context->frame + term.frameLocation);
+
+        if (term.capture()) {
+            unsigned subpatternId = term.atom.subpatternId;
+            output[(subpatternId << 1)] = backTrack->prevBegin;
+            output[(subpatternId << 1) + 1] = backTrack->prevEnd;
+        }
+
+        ByteDisjunction* disjunctionBody = term.atom.parenthesesDisjunction;
+
+        switch (term.atom.quantityType) {
+        case QuantifierFixedCount: {
+            ASSERT(backTrack->matchAmount == term.atom.quantityCount);
+
+            ParenthesesDisjunctionContext* context = 0;
+
+            if (!parenthesesDoBacktrack(term, backTrack))
+                return false;
+
+            // While we haven't yet reached our fixed limit,
+            while (backTrack->matchAmount < term.atom.quantityCount) {
+                // Try to do a match, and it it succeeds, add it to the list.
+                context = allocParenthesesDisjunctionContext(disjunctionBody, output, term);
+                if (matchDisjunction(disjunctionBody, context->getDisjunctionContext(term)))
+                    appendParenthesesDisjunctionContext(backTrack, context);
+                else {
+                    // The match failed; try to find an alternate point to carry on from.
+                    resetMatches(term, context);
+                    freeParenthesesDisjunctionContext(context);
+                    if (!parenthesesDoBacktrack(term, backTrack))
+                        return false;
+                }
+            }
+
+            ASSERT(backTrack->matchAmount == term.atom.quantityCount);
+            context = backTrack->lastContext;
+            recordParenthesesMatch(term, context);
+            return true;
+        }
+
+        case QuantifierGreedy: {
+            if (!backTrack->matchAmount)
+                return false;
+
+            ParenthesesDisjunctionContext* context = backTrack->lastContext;
+            if (matchNonZeroDisjunction(disjunctionBody, context->getDisjunctionContext(term), true)) {
+                while (backTrack->matchAmount < term.atom.quantityCount) {
+                    ParenthesesDisjunctionContext* context = allocParenthesesDisjunctionContext(disjunctionBody, output, term);
+                    if (matchNonZeroDisjunction(disjunctionBody, context->getDisjunctionContext(term)))
+                        appendParenthesesDisjunctionContext(backTrack, context);
+                    else {
+                        resetMatches(term, context);
+                        freeParenthesesDisjunctionContext(context);
+                        break;
+                    }
+                }
+            } else {
+                resetMatches(term, context);
+                popParenthesesDisjunctionContext(backTrack);
+                freeParenthesesDisjunctionContext(context);
+            }
+
+            if (backTrack->matchAmount) {
+                ParenthesesDisjunctionContext* context = backTrack->lastContext;
+                recordParenthesesMatch(term, context);
+            }
+            return true;
+        }
+
+        case QuantifierNonGreedy: {
+            // If we've not reached the limit, try to add one more match.
+            if (backTrack->matchAmount < term.atom.quantityCount) {
+                ParenthesesDisjunctionContext* context = allocParenthesesDisjunctionContext(disjunctionBody, output, term);
+                if (matchNonZeroDisjunction(disjunctionBody, context->getDisjunctionContext(term))) {
+                    appendParenthesesDisjunctionContext(backTrack, context);
+                    recordParenthesesMatch(term, context);
+                    return true;
+                } else {
+                    resetMatches(term, context);
+                    freeParenthesesDisjunctionContext(context);
+                }
+            }
+
+            // Nope - okay backtrack looking for an alternative.
+            while (backTrack->matchAmount) {
+                ParenthesesDisjunctionContext* context = backTrack->lastContext;
+                if (matchNonZeroDisjunction(disjunctionBody, context->getDisjunctionContext(term), true)) {
+                    // successful backtrack! we're back in the game!
+                    if (backTrack->matchAmount) {
+                        context = backTrack->lastContext;
+                        recordParenthesesMatch(term, context);
+                    }
+                    return true;
+                }
+
+                // pop a match off the stack
+                resetMatches(term, context);
+                popParenthesesDisjunctionContext(backTrack);
+                freeParenthesesDisjunctionContext(context);
+            }
+
+            return false;
+        }
+        }
+
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+#define MATCH_NEXT() { ++context->term; goto matchAgain; }
+#define BACKTRACK() { --context->term; goto backtrack; }
+#define currentTerm() (disjunction->terms[context->term])
+    bool matchDisjunction(ByteDisjunction* disjunction, DisjunctionContext* context, bool btrack = false)
+    {
+        if (btrack)
+            BACKTRACK();
+
+        context->matchBegin = input.getPos();
+        context->term = 0;
+
+    matchAgain:
+        ASSERT(context->term < static_cast<int>(disjunction->terms.size()));
+
+        switch (currentTerm().type) {
+        case ByteTerm::TypeSubpatternBegin:
+            MATCH_NEXT();
+        case ByteTerm::TypeSubpatternEnd:
+            context->matchEnd = input.getPos();
+            return true;
+
+        case ByteTerm::TypeBodyAlternativeBegin:
+            MATCH_NEXT();
+        case ByteTerm::TypeBodyAlternativeDisjunction:
+        case ByteTerm::TypeBodyAlternativeEnd:
+            context->matchEnd = input.getPos();
+            return true;
+
+        case ByteTerm::TypeAlternativeBegin:
+            MATCH_NEXT();
+        case ByteTerm::TypeAlternativeDisjunction:
+        case ByteTerm::TypeAlternativeEnd: {
+            int offset = currentTerm().alternative.end;
+            BackTrackInfoAlternative* backTrack = reinterpret_cast<BackTrackInfoAlternative*>(context->frame + currentTerm().frameLocation);
+            backTrack->offset = offset;
+            context->term += offset;
+            MATCH_NEXT();
+        }
+
+        case ByteTerm::TypeAssertionBOL:
+            if (matchAssertionBOL(currentTerm()))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeAssertionEOL:
+            if (matchAssertionEOL(currentTerm()))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeAssertionWordBoundary:
+            if (matchAssertionWordBoundary(currentTerm()))
+                MATCH_NEXT();
+            BACKTRACK();
+
+        case ByteTerm::TypePatternCharacterOnce:
+        case ByteTerm::TypePatternCharacterFixed: {
+            for (unsigned matchAmount = 0; matchAmount < currentTerm().atom.quantityCount; ++matchAmount) {
+                if (!checkCharacter(currentTerm().atom.patternCharacter, currentTerm().inputPosition + matchAmount))
+                    BACKTRACK();
+            }
+            MATCH_NEXT();
+        }
+        case ByteTerm::TypePatternCharacterGreedy: {
+            BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + currentTerm().frameLocation);
+            unsigned matchAmount = 0;
+            while ((matchAmount < currentTerm().atom.quantityCount) && input.checkInput(1)) {
+                if (!checkCharacter(currentTerm().atom.patternCharacter, currentTerm().inputPosition - 1)) {
+                    input.uncheckInput(1);
+                    break;
+                }
+                ++matchAmount;
+            }
+            backTrack->matchAmount = matchAmount;
+
+            MATCH_NEXT();
+        }
+        case ByteTerm::TypePatternCharacterNonGreedy: {
+            BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + currentTerm().frameLocation);
+            backTrack->matchAmount = 0;
+            MATCH_NEXT();
+        }
+
+        case ByteTerm::TypePatternCasedCharacterOnce:
+        case ByteTerm::TypePatternCasedCharacterFixed: {
+            for (unsigned matchAmount = 0; matchAmount < currentTerm().atom.quantityCount; ++matchAmount) {
+                if (!checkCasedCharacter(currentTerm().atom.casedCharacter.lo, currentTerm().atom.casedCharacter.hi, currentTerm().inputPosition + matchAmount))
+                    BACKTRACK();
+            }
+            MATCH_NEXT();
+        }
+        case ByteTerm::TypePatternCasedCharacterGreedy: {
+            BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + currentTerm().frameLocation);
+            unsigned matchAmount = 0;
+            while ((matchAmount < currentTerm().atom.quantityCount) && input.checkInput(1)) {
+                if (!checkCasedCharacter(currentTerm().atom.casedCharacter.lo, currentTerm().atom.casedCharacter.hi, currentTerm().inputPosition - 1)) {
+                    input.uncheckInput(1);
+                    break;
+                }
+                ++matchAmount;
+            }
+            backTrack->matchAmount = matchAmount;
+
+            MATCH_NEXT();
+        }
+        case ByteTerm::TypePatternCasedCharacterNonGreedy: {
+            BackTrackInfoPatternCharacter* backTrack = reinterpret_cast<BackTrackInfoPatternCharacter*>(context->frame + currentTerm().frameLocation);
+            backTrack->matchAmount = 0;
+            MATCH_NEXT();
+        }
+
+        case ByteTerm::TypeCharacterClass:
+            if (matchCharacterClass(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeBackReference:
+            if (matchBackReference(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeParenthesesSubpattern:
+            if (matchParentheses(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeParenthesesSubpatternOnceBegin:
+            if (matchParenthesesOnceBegin(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeParenthesesSubpatternOnceEnd:
+            if (matchParenthesesOnceEnd(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeParentheticalAssertionBegin:
+            if (matchParentheticalAssertionBegin(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+        case ByteTerm::TypeParentheticalAssertionEnd:
+            if (matchParentheticalAssertionEnd(currentTerm(), context))
+                MATCH_NEXT();
+            BACKTRACK();
+
+        case ByteTerm::TypeCheckInput:
+            if (input.checkInput(currentTerm().checkInputCount))
+                MATCH_NEXT();
+            BACKTRACK();
+        }
+
+        // We should never fall-through to here.
+        ASSERT_NOT_REACHED();
+
+    backtrack:
+        ASSERT(context->term < static_cast<int>(disjunction->terms.size()));
+
+        switch (currentTerm().type) {
+        case ByteTerm::TypeSubpatternBegin:
+            return false;
+        case ByteTerm::TypeSubpatternEnd:
+            ASSERT_NOT_REACHED();
+
+        case ByteTerm::TypeBodyAlternativeBegin:
+        case ByteTerm::TypeBodyAlternativeDisjunction: {
+            int offset = currentTerm().alternative.next;
+            context->term += offset;
+            if (offset > 0)
+                MATCH_NEXT();
+
+            if (input.atEnd())
+                return false;
+
+            input.next();
+            context->matchBegin = input.getPos();
+            MATCH_NEXT();
+        }
+        case ByteTerm::TypeBodyAlternativeEnd:
+            ASSERT_NOT_REACHED();
+
+            case ByteTerm::TypeAlternativeBegin:
+            case ByteTerm::TypeAlternativeDisjunction: {
+                int offset = currentTerm().alternative.next;
+                context->term += offset;
+                if (offset > 0)
+                    MATCH_NEXT();
+                BACKTRACK();
+            }
+            case ByteTerm::TypeAlternativeEnd: {
+                // We should never backtrack back into an alternative of the main body of the regex.
+                BackTrackInfoAlternative* backTrack = reinterpret_cast<BackTrackInfoAlternative*>(context->frame + currentTerm().frameLocation);
+                unsigned offset = backTrack->offset;
+                context->term -= offset;
+                BACKTRACK();
+            }
+
+            case ByteTerm::TypeAssertionBOL:
+            case ByteTerm::TypeAssertionEOL:
+            case ByteTerm::TypeAssertionWordBoundary:
+                BACKTRACK();
+
+            case ByteTerm::TypePatternCharacterOnce:
+            case ByteTerm::TypePatternCharacterFixed:
+            case ByteTerm::TypePatternCharacterGreedy:
+            case ByteTerm::TypePatternCharacterNonGreedy:
+                if (backtrackPatternCharacter(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypePatternCasedCharacterOnce:
+            case ByteTerm::TypePatternCasedCharacterFixed:
+            case ByteTerm::TypePatternCasedCharacterGreedy:
+            case ByteTerm::TypePatternCasedCharacterNonGreedy:
+                if (backtrackPatternCasedCharacter(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeCharacterClass:
+                if (backtrackCharacterClass(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeBackReference:
+                if (backtrackBackReference(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeParenthesesSubpattern:
+                if (backtrackParentheses(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeParenthesesSubpatternOnceBegin:
+                if (backtrackParenthesesOnceBegin(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeParenthesesSubpatternOnceEnd:
+                if (backtrackParenthesesOnceEnd(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeParentheticalAssertionBegin:
+                if (backtrackParentheticalAssertionBegin(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+            case ByteTerm::TypeParentheticalAssertionEnd:
+                if (backtrackParentheticalAssertionEnd(currentTerm(), context))
+                    MATCH_NEXT();
+                BACKTRACK();
+
+            case ByteTerm::TypeCheckInput:
+                input.uncheckInput(currentTerm().checkInputCount);
+                BACKTRACK();
+        }
+
+        ASSERT_NOT_REACHED();
+        return false;
+    }
+
+    bool matchNonZeroDisjunction(ByteDisjunction* disjunction, DisjunctionContext* context, bool btrack = false)
+    {
+        if (matchDisjunction(disjunction, context, btrack)) {
+            while (context->matchBegin == context->matchEnd) {
+                if (!matchDisjunction(disjunction, context, true))
+                    return false;
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    int interpret()
+    {
+        for (unsigned i = 0; i < ((pattern->m_body->m_numSubpatterns + 1) << 1); ++i)
+            output[i] = -1;
+
+        DisjunctionContext* context = allocDisjunctionContext(pattern->m_body.get());
+
+        if (matchDisjunction(pattern->m_body.get(), context)) {
+            output[0] = context->matchBegin;
+            output[1] = context->matchEnd;
+        }
+
+        freeDisjunctionContext(context);
+
+        return output[0];
+    }
+
+    Interpreter(BytecodePattern* pattern, int* output, const UChar* inputChar, unsigned start, unsigned length)
+        : pattern(pattern)
+        , output(output)
+        , input(inputChar, start, length)
+    {
+    }
+
+private:
+    BytecodePattern *pattern;
+    int* output;
+    InputStream input;
+};
+
+
+
+class ByteCompiler {
+    struct ParenthesesStackEntry {
+        unsigned beginTerm;
+        unsigned savedAlternativeIndex;
+        ParenthesesStackEntry(unsigned beginTerm, unsigned savedAlternativeIndex/*, unsigned subpatternId, bool capture = false*/)
+            : beginTerm(beginTerm)
+            , savedAlternativeIndex(savedAlternativeIndex)
+        {
+        }
+    };
+
+public:
+    ByteCompiler(RegexPattern& pattern)
+        : m_pattern(pattern)
+    {
+        m_bodyDisjunction = 0;
+        m_currentAlternativeIndex = 0;
+    }
+
+    BytecodePattern* compile()
+    {
+        regexBegin(m_pattern.m_numSubpatterns, m_pattern.m_body->m_callFrameSize);
+        emitDisjunction(m_pattern.m_body);
+        regexEnd();
+
+        return new BytecodePattern(m_bodyDisjunction, m_allParenthesesInfo, m_pattern);
+    }
+
+    void checkInput(unsigned count)
+    {
+        m_bodyDisjunction->terms.append(ByteTerm::CheckInput(count));
+    }
+
+    void assertionBOL(int inputPosition)
+    {
+        m_bodyDisjunction->terms.append(ByteTerm::BOL(inputPosition));
+    }
+
+    void assertionEOL(int inputPosition)
+    {
+        m_bodyDisjunction->terms.append(ByteTerm::EOL(inputPosition));
+    }
+
+    void assertionWordBoundary(bool invert, int inputPosition)
+    {
+        m_bodyDisjunction->terms.append(ByteTerm::WordBoundary(invert, inputPosition));
+    }
+
+    void atomPatternCharacter(UChar ch, int inputPosition, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType)
+    {
+        if (m_pattern.m_ignoreCase) {
+            UChar lo = Unicode::toLower(ch);
+            UChar hi = Unicode::toUpper(ch);
+
+            if (lo != hi) {
+                m_bodyDisjunction->terms.append(ByteTerm(lo, hi, inputPosition, frameLocation, quantityCount, quantityType));
+                return;
+            }
+        }
+
+        m_bodyDisjunction->terms.append(ByteTerm(ch, inputPosition, frameLocation, quantityCount, quantityType));
+    }
+
+    void atomCharacterClass(CharacterClass* characterClass, bool invert, int inputPosition, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType)
+    {
+        m_bodyDisjunction->terms.append(ByteTerm(characterClass, invert, inputPosition));
+
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].atom.quantityCount = quantityCount;
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].atom.quantityType = quantityType;
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = frameLocation;
+    }
+
+    void atomBackReference(unsigned subpatternId, int inputPosition, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType)
+    {
+        ASSERT(subpatternId);
+
+        m_bodyDisjunction->terms.append(ByteTerm::BackReference(subpatternId, inputPosition));
+
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].atom.quantityCount = quantityCount;
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].atom.quantityType = quantityType;
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = frameLocation;
+    }
+
+    void atomParenthesesSubpatternBegin(unsigned subpatternId, bool capture, int inputPosition, unsigned frameLocation, unsigned alternativeFrameLocation)
+    {
+        int beginTerm = m_bodyDisjunction->terms.size();
+
+        m_bodyDisjunction->terms.append(ByteTerm(ByteTerm::TypeParenthesesSubpatternOnceBegin, subpatternId, capture, inputPosition));
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = frameLocation;
+        m_bodyDisjunction->terms.append(ByteTerm::AlternativeBegin());
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = alternativeFrameLocation;
+
+        m_parenthesesStack.append(ParenthesesStackEntry(beginTerm, m_currentAlternativeIndex));
+        m_currentAlternativeIndex = beginTerm + 1;
+    }
+
+    void atomParentheticalAssertionBegin(unsigned subpatternId, bool invert, unsigned frameLocation, unsigned alternativeFrameLocation)
+    {
+        int beginTerm = m_bodyDisjunction->terms.size();
+
+        m_bodyDisjunction->terms.append(ByteTerm(ByteTerm::TypeParentheticalAssertionBegin, subpatternId, invert, 0));
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = frameLocation;
+        m_bodyDisjunction->terms.append(ByteTerm::AlternativeBegin());
+        m_bodyDisjunction->terms[m_bodyDisjunction->terms.size() - 1].frameLocation = alternativeFrameLocation;
+
+        m_parenthesesStack.append(ParenthesesStackEntry(beginTerm, m_currentAlternativeIndex));
+        m_currentAlternativeIndex = beginTerm + 1;
+    }
+
+    unsigned popParenthesesStack()
+    {
+        ASSERT(m_parenthesesStack.size());
+        int stackEnd = m_parenthesesStack.size() - 1;
+        unsigned beginTerm = m_parenthesesStack[stackEnd].beginTerm;
+        m_currentAlternativeIndex = m_parenthesesStack[stackEnd].savedAlternativeIndex;
+        m_parenthesesStack.shrink(stackEnd);
+
+        ASSERT(beginTerm < m_bodyDisjunction->terms.size());
+        ASSERT(m_currentAlternativeIndex < m_bodyDisjunction->terms.size());
+
+        return beginTerm;
+    }
+
+#ifndef NDEBUG
+    void dumpDisjunction(ByteDisjunction* disjunction)
+    {
+        printf("ByteDisjunction(%p):\n\t", disjunction);
+        for (unsigned i = 0; i < disjunction->terms.size(); ++i)
+            printf("{ %d } ", disjunction->terms[i].type);
+        printf("\n");
+    }
+#endif
+
+    void closeAlternative(int beginTerm)
+    {
+        int origBeginTerm = beginTerm;
+        ASSERT(m_bodyDisjunction->terms[beginTerm].type == ByteTerm::TypeAlternativeBegin);
+        int endIndex = m_bodyDisjunction->terms.size();
+
+        unsigned frameLocation = m_bodyDisjunction->terms[beginTerm].frameLocation;
+
+        if (!m_bodyDisjunction->terms[beginTerm].alternative.next)
+            m_bodyDisjunction->terms.remove(beginTerm);
+        else {
+            while (m_bodyDisjunction->terms[beginTerm].alternative.next) {
+                beginTerm += m_bodyDisjunction->terms[beginTerm].alternative.next;
+                ASSERT(m_bodyDisjunction->terms[beginTerm].type == ByteTerm::TypeAlternativeDisjunction);
+                m_bodyDisjunction->terms[beginTerm].alternative.end = endIndex - beginTerm;
+                m_bodyDisjunction->terms[beginTerm].frameLocation = frameLocation;
+            }
+
+            m_bodyDisjunction->terms[beginTerm].alternative.next = origBeginTerm - beginTerm;
+
+            m_bodyDisjunction->terms.append(ByteTerm::AlternativeEnd());
+            m_bodyDisjunction->terms[endIndex].frameLocation = frameLocation;
+        }
+    }
+
+    void closeBodyAlternative()
+    {
+        int beginTerm = 0;
+        int origBeginTerm = 0;
+        ASSERT(m_bodyDisjunction->terms[beginTerm].type == ByteTerm::TypeBodyAlternativeBegin);
+        int endIndex = m_bodyDisjunction->terms.size();
+
+        unsigned frameLocation = m_bodyDisjunction->terms[beginTerm].frameLocation;
+
+        while (m_bodyDisjunction->terms[beginTerm].alternative.next) {
+            beginTerm += m_bodyDisjunction->terms[beginTerm].alternative.next;
+            ASSERT(m_bodyDisjunction->terms[beginTerm].type == ByteTerm::TypeBodyAlternativeDisjunction);
+            m_bodyDisjunction->terms[beginTerm].alternative.end = endIndex - beginTerm;
+            m_bodyDisjunction->terms[beginTerm].frameLocation = frameLocation;
+        }
+
+        m_bodyDisjunction->terms[beginTerm].alternative.next = origBeginTerm - beginTerm;
+
+        m_bodyDisjunction->terms.append(ByteTerm::BodyAlternativeEnd());
+        m_bodyDisjunction->terms[endIndex].frameLocation = frameLocation;
+    }
+
+    void atomParenthesesEnd(bool doInline, unsigned lastSubpatternId, int inputPosition, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType, unsigned callFrameSize = 0)
+    {
+        unsigned beginTerm = popParenthesesStack();
+        closeAlternative(beginTerm + 1);
+        unsigned endTerm = m_bodyDisjunction->terms.size();
+
+        bool isAssertion = m_bodyDisjunction->terms[beginTerm].type == ByteTerm::TypeParentheticalAssertionBegin;
+        bool invertOrCapture = m_bodyDisjunction->terms[beginTerm].invertOrCapture;
+        unsigned subpatternId = m_bodyDisjunction->terms[beginTerm].atom.subpatternId;
+
+        m_bodyDisjunction->terms.append(ByteTerm(isAssertion ? ByteTerm::TypeParentheticalAssertionEnd : ByteTerm::TypeParenthesesSubpatternOnceEnd, subpatternId, invertOrCapture, inputPosition));
+        m_bodyDisjunction->terms[beginTerm].atom.parenthesesWidth = endTerm - beginTerm;
+        m_bodyDisjunction->terms[endTerm].atom.parenthesesWidth = endTerm - beginTerm;
+        m_bodyDisjunction->terms[endTerm].frameLocation = frameLocation;
+
+        if (doInline) {
+            m_bodyDisjunction->terms[beginTerm].atom.quantityCount = quantityCount;
+            m_bodyDisjunction->terms[beginTerm].atom.quantityType = quantityType;
+            m_bodyDisjunction->terms[endTerm].atom.quantityCount = quantityCount;
+            m_bodyDisjunction->terms[endTerm].atom.quantityType = quantityType;
+        } else {
+            ByteTerm& parenthesesBegin = m_bodyDisjunction->terms[beginTerm];
+            ASSERT(parenthesesBegin.type == ByteTerm::TypeParenthesesSubpatternOnceBegin);
+
+            bool invertOrCapture = parenthesesBegin.invertOrCapture;
+            unsigned subpatternId = parenthesesBegin.atom.subpatternId;
+
+            unsigned numSubpatterns = lastSubpatternId - subpatternId + 1;
+            ByteDisjunction* parenthesesDisjunction = new ByteDisjunction(numSubpatterns, callFrameSize);
+
+            parenthesesDisjunction->terms.append(ByteTerm::SubpatternBegin());
+            for (unsigned termInParentheses = beginTerm + 1; termInParentheses < endTerm; ++termInParentheses)
+                parenthesesDisjunction->terms.append(m_bodyDisjunction->terms[termInParentheses]);
+            parenthesesDisjunction->terms.append(ByteTerm::SubpatternEnd());
+
+            m_bodyDisjunction->terms.shrink(beginTerm);
+
+            m_allParenthesesInfo.append(parenthesesDisjunction);
+            m_bodyDisjunction->terms.append(ByteTerm(ByteTerm::TypeParenthesesSubpattern, subpatternId, parenthesesDisjunction, invertOrCapture, inputPosition));
+
+            m_bodyDisjunction->terms[beginTerm].atom.quantityCount = quantityCount;
+            m_bodyDisjunction->terms[beginTerm].atom.quantityType = quantityType;
+            m_bodyDisjunction->terms[beginTerm].frameLocation = frameLocation;
+        }
+    }
+
+    void regexBegin(unsigned numSubpatterns, unsigned callFrameSize)
+    {
+        m_bodyDisjunction = new ByteDisjunction(numSubpatterns, callFrameSize);
+        m_bodyDisjunction->terms.append(ByteTerm::BodyAlternativeBegin());
+        m_bodyDisjunction->terms[0].frameLocation = 0;
+        m_currentAlternativeIndex = 0;
+    }
+
+    void regexEnd()
+    {
+        closeBodyAlternative();
+    }
+
+    void alterantiveBodyDisjunction()
+    {
+        int newAlternativeIndex = m_bodyDisjunction->terms.size();
+        m_bodyDisjunction->terms[m_currentAlternativeIndex].alternative.next = newAlternativeIndex - m_currentAlternativeIndex;
+        m_bodyDisjunction->terms.append(ByteTerm::BodyAlternativeDisjunction());
+
+        m_currentAlternativeIndex = newAlternativeIndex;
+    }
+
+    void alterantiveDisjunction()
+    {
+        int newAlternativeIndex = m_bodyDisjunction->terms.size();
+        m_bodyDisjunction->terms[m_currentAlternativeIndex].alternative.next = newAlternativeIndex - m_currentAlternativeIndex;
+        m_bodyDisjunction->terms.append(ByteTerm::AlternativeDisjunction());
+
+        m_currentAlternativeIndex = newAlternativeIndex;
+    }
+
+    void emitDisjunction(PatternDisjunction* disjunction, unsigned inputCountAlreadyChecked = 0, unsigned parenthesesInputCountAlreadyChecked = 0)
+    {
+        for (unsigned alt = 0; alt < disjunction->m_alternatives.size(); ++alt) {
+            unsigned currentCountAlreadyChecked = inputCountAlreadyChecked;
+
+            if (alt) {
+                if (disjunction == m_pattern.m_body)
+                    alterantiveBodyDisjunction();
+                else
+                    alterantiveDisjunction();
+            }
+
+            PatternAlternative* alternative = disjunction->m_alternatives[alt];
+            unsigned minimumSize = alternative->m_minimumSize;
+
+            ASSERT(minimumSize >= parenthesesInputCountAlreadyChecked);
+            unsigned countToCheck = minimumSize - parenthesesInputCountAlreadyChecked;
+            if (countToCheck)
+                checkInput(countToCheck);
+            currentCountAlreadyChecked += countToCheck;
+
+            for (unsigned i = 0; i < alternative->m_terms.size(); ++i) {
+                PatternTerm& term = alternative->m_terms[i];
+
+                switch (term.type) {
+                case PatternTerm::TypeAssertionBOL:
+                    assertionBOL(term.inputPosition - currentCountAlreadyChecked);
+                    break;
+
+                case PatternTerm::TypeAssertionEOL:
+                    assertionEOL(term.inputPosition - currentCountAlreadyChecked);
+                    break;
+
+                case PatternTerm::TypeAssertionWordBoundary:
+                    assertionWordBoundary(term.invertOrCapture, term.inputPosition - currentCountAlreadyChecked);
+                    break;
+
+                case PatternTerm::TypePatternCharacter:
+                    atomPatternCharacter(term.patternCharacter, term.inputPosition - currentCountAlreadyChecked, term.frameLocation, term.quantityCount, term.quantityType);
+                    break;
+
+                case PatternTerm::TypeCharacterClass:
+                    atomCharacterClass(term.characterClass, term.invertOrCapture, term.inputPosition - currentCountAlreadyChecked, term.frameLocation, term.quantityCount, term.quantityType);
+                    break;
+
+                case PatternTerm::TypeBackReference:
+                    atomBackReference(term.subpatternId, term.inputPosition - currentCountAlreadyChecked, term.frameLocation, term.quantityCount, term.quantityType);
+                        break;
+
+                case PatternTerm::TypeForwardReference:
+                    break;
+
+                case PatternTerm::TypeParenthesesSubpattern: {
+                    unsigned disjunctionAlreadyCheckedCount = 0;
+                    if ((term.quantityCount == 1) && !term.parentheses.isCopy) {
+                        if (term.quantityType == QuantifierFixedCount) {
+                            disjunctionAlreadyCheckedCount = term.parentheses.disjunction->m_minimumSize;
+                            unsigned delegateEndInputOffset = term.inputPosition - currentCountAlreadyChecked;
+                            atomParenthesesSubpatternBegin(term.parentheses.subpatternId, term.invertOrCapture, delegateEndInputOffset - disjunctionAlreadyCheckedCount, term.frameLocation, term.frameLocation);
+                            emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, term.parentheses.disjunction->m_minimumSize);
+                            atomParenthesesEnd(true, term.parentheses.lastSubpatternId, delegateEndInputOffset, term.frameLocation, term.quantityCount, term.quantityType, term.parentheses.disjunction->m_callFrameSize);
+                        } else {
+                            unsigned delegateEndInputOffset = term.inputPosition - currentCountAlreadyChecked;
+                            atomParenthesesSubpatternBegin(term.parentheses.subpatternId, term.invertOrCapture, delegateEndInputOffset - disjunctionAlreadyCheckedCount, term.frameLocation, term.frameLocation + RegexStackSpaceForBackTrackInfoParenthesesOnce);
+                            emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, 0);
+                            atomParenthesesEnd(true, term.parentheses.lastSubpatternId, delegateEndInputOffset, term.frameLocation, term.quantityCount, term.quantityType, term.parentheses.disjunction->m_callFrameSize);
+                        }
+                    } else {
+                        unsigned delegateEndInputOffset = term.inputPosition - currentCountAlreadyChecked;
+                        atomParenthesesSubpatternBegin(term.parentheses.subpatternId, term.invertOrCapture, delegateEndInputOffset - disjunctionAlreadyCheckedCount, term.frameLocation, 0);
+                        emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, 0);
+                        atomParenthesesEnd(false, term.parentheses.lastSubpatternId, delegateEndInputOffset, term.frameLocation, term.quantityCount, term.quantityType, term.parentheses.disjunction->m_callFrameSize);
+                    }
+                    break;
+                }
+
+                case PatternTerm::TypeParentheticalAssertion: {
+                    unsigned alternativeFrameLocation = term.inputPosition + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
+
+                    atomParentheticalAssertionBegin(term.parentheses.subpatternId, term.invertOrCapture, term.frameLocation, alternativeFrameLocation);
+                    emitDisjunction(term.parentheses.disjunction, currentCountAlreadyChecked, 0);
+                    atomParenthesesEnd(true, term.parentheses.lastSubpatternId, 0, term.frameLocation, term.quantityCount, term.quantityType);
+                    break;
+                }
+                }
+            }
+        }
+    }
+
+private:
+    RegexPattern& m_pattern;
+    ByteDisjunction* m_bodyDisjunction;
+    unsigned m_currentAlternativeIndex;
+    Vector<ParenthesesStackEntry> m_parenthesesStack;
+    Vector<ByteDisjunction*> m_allParenthesesInfo;
+};
+
+
+BytecodePattern* byteCompileRegex(const UString& patternString, unsigned& numSubpatterns, const char*& error, bool ignoreCase, bool multiline)
+{
+    RegexPattern pattern(ignoreCase, multiline);
+
+    if ((error = compileRegex(patternString, pattern)))
+        return 0;
+
+    numSubpatterns = pattern.m_numSubpatterns;
+
+    return ByteCompiler(pattern).compile();
+}
+
+int interpretRegex(BytecodePattern* regex, const UChar* input, unsigned start, unsigned length, int* output)
+{
+    return Interpreter(regex, output, input, start, length).interpret();
+}
+
+
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoPatternCharacter) == (RegexStackSpaceForBackTrackInfoPatternCharacter * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoPatternCharacter);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoCharacterClass) == (RegexStackSpaceForBackTrackInfoCharacterClass * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoCharacterClass);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoBackReference) == (RegexStackSpaceForBackTrackInfoBackReference * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoBackReference);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoAlternative) == (RegexStackSpaceForBackTrackInfoAlternative * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoAlternative);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoParentheticalAssertion) == (RegexStackSpaceForBackTrackInfoParentheticalAssertion * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoParentheticalAssertion);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoParenthesesOnce) == (RegexStackSpaceForBackTrackInfoParenthesesOnce * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoParenthesesOnce);
+COMPILE_ASSERT(sizeof(Interpreter::BackTrackInfoParentheses) == (RegexStackSpaceForBackTrackInfoParentheses * sizeof(uintptr_t)), CheckRegexStackSpaceForBackTrackInfoParentheses);
+
+
+} }
+
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.h b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.h
new file mode 100644
index 000000000..48c9a5ef8
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexInterpreter.h
@@ -0,0 +1,337 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RegexInterpreter_h
+#define RegexInterpreter_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(YARR)
+
+#include <wtf/unicode/Unicode.h>
+#include "RegexParser.h"
+#include "RegexPattern.h"
+
+namespace JSC { namespace Yarr {
+
+class ByteDisjunction;
+
+struct ByteTerm {
+    enum Type {
+        TypeBodyAlternativeBegin,
+        TypeBodyAlternativeDisjunction,
+        TypeBodyAlternativeEnd,
+        TypeAlternativeBegin,
+        TypeAlternativeDisjunction,
+        TypeAlternativeEnd,
+        TypeSubpatternBegin,
+        TypeSubpatternEnd,
+        TypeAssertionBOL,
+        TypeAssertionEOL,
+        TypeAssertionWordBoundary,
+        TypePatternCharacterOnce,
+        TypePatternCharacterFixed,
+        TypePatternCharacterGreedy,
+        TypePatternCharacterNonGreedy,
+        TypePatternCasedCharacterOnce,
+        TypePatternCasedCharacterFixed,
+        TypePatternCasedCharacterGreedy,
+        TypePatternCasedCharacterNonGreedy,
+        TypeCharacterClass,
+        TypeBackReference,
+        TypeParenthesesSubpattern,
+        TypeParenthesesSubpatternOnceBegin,
+        TypeParenthesesSubpatternOnceEnd,
+        TypeParentheticalAssertionBegin,
+        TypeParentheticalAssertionEnd,
+        TypeCheckInput,
+    } type;
+    bool invertOrCapture;
+    union {
+        struct {
+            union {
+                UChar patternCharacter;
+                struct {
+                    UChar lo;
+                    UChar hi;
+                } casedCharacter;
+                CharacterClass* characterClass;
+                unsigned subpatternId;
+            };
+            union {
+                ByteDisjunction* parenthesesDisjunction;
+                unsigned parenthesesWidth;
+            };
+            QuantifierType quantityType;
+            unsigned quantityCount;
+        } atom;
+        struct {
+            int next;
+            int end;
+        } alternative;
+        unsigned checkInputCount;
+    };
+    unsigned frameLocation;
+    int inputPosition;
+
+    ByteTerm(UChar ch, int inputPos, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType)
+        : frameLocation(frameLocation)
+    {
+        switch (quantityType) {
+        case QuantifierFixedCount:
+            type = (quantityCount == 1) ? ByteTerm::TypePatternCharacterOnce : ByteTerm::TypePatternCharacterFixed;
+            break;
+        case QuantifierGreedy:
+            type = ByteTerm::TypePatternCharacterGreedy;
+            break;
+        case QuantifierNonGreedy:
+            type = ByteTerm::TypePatternCharacterNonGreedy;
+            break;
+        }
+
+        atom.patternCharacter = ch;
+        atom.quantityType = quantityType;
+        atom.quantityCount = quantityCount;
+        inputPosition = inputPos;
+    }
+
+    ByteTerm(UChar lo, UChar hi, int inputPos, unsigned frameLocation, unsigned quantityCount, QuantifierType quantityType)
+        : frameLocation(frameLocation)
+    {
+        switch (quantityType) {
+        case QuantifierFixedCount:
+            type = (quantityCount == 1) ? ByteTerm::TypePatternCasedCharacterOnce : ByteTerm::TypePatternCasedCharacterFixed;
+            break;
+        case QuantifierGreedy:
+            type = ByteTerm::TypePatternCasedCharacterGreedy;
+            break;
+        case QuantifierNonGreedy:
+            type = ByteTerm::TypePatternCasedCharacterNonGreedy;
+            break;
+        }
+
+        atom.casedCharacter.lo = lo;
+        atom.casedCharacter.hi = hi;
+        atom.quantityType = quantityType;
+        atom.quantityCount = quantityCount;
+        inputPosition = inputPos;
+    }
+
+    ByteTerm(CharacterClass* characterClass, bool invert, int inputPos)
+        : type(ByteTerm::TypeCharacterClass)
+        , invertOrCapture(invert)
+    {
+        atom.characterClass = characterClass;
+        atom.quantityType = QuantifierFixedCount;
+        atom.quantityCount = 1;
+        inputPosition = inputPos;
+    }
+
+    ByteTerm(Type type, unsigned subpatternId, ByteDisjunction* parenthesesInfo, bool invertOrCapture, int inputPos)
+        : type(type)
+        , invertOrCapture(invertOrCapture)
+    {
+        atom.subpatternId = subpatternId;
+        atom.parenthesesDisjunction = parenthesesInfo;
+        atom.quantityType = QuantifierFixedCount;
+        atom.quantityCount = 1;
+        inputPosition = inputPos;
+    }
+    
+    ByteTerm(Type type, bool invert = false)
+        : type(type)
+        , invertOrCapture(invert)
+    {
+        atom.quantityType = QuantifierFixedCount;
+        atom.quantityCount = 1;
+    }
+
+    ByteTerm(Type type, unsigned subpatternId, bool invertOrCapture, int inputPos)
+        : type(type)
+        , invertOrCapture(invertOrCapture)
+    {
+        atom.subpatternId = subpatternId;
+        atom.quantityType = QuantifierFixedCount;
+        atom.quantityCount = 1;
+        inputPosition = inputPos;
+    }
+
+    static ByteTerm BOL(int inputPos)
+    {
+        ByteTerm term(TypeAssertionBOL);
+        term.inputPosition = inputPos;
+        return term;
+    }
+
+    static ByteTerm CheckInput(unsigned count)
+    {
+        ByteTerm term(TypeCheckInput);
+        term.checkInputCount = count;
+        return term;
+    }
+
+    static ByteTerm EOL(int inputPos)
+    {
+        ByteTerm term(TypeAssertionEOL);
+        term.inputPosition = inputPos;
+        return term;
+    }
+
+    static ByteTerm WordBoundary(bool invert, int inputPos)
+    {
+        ByteTerm term(TypeAssertionWordBoundary, invert);
+        term.inputPosition = inputPos;
+        return term;
+    }
+    
+    static ByteTerm BackReference(unsigned subpatternId, int inputPos)
+    {
+        return ByteTerm(TypeBackReference, subpatternId, false, inputPos);
+    }
+
+    static ByteTerm BodyAlternativeBegin()
+    {
+        ByteTerm term(TypeBodyAlternativeBegin);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm BodyAlternativeDisjunction()
+    {
+        ByteTerm term(TypeBodyAlternativeDisjunction);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm BodyAlternativeEnd()
+    {
+        ByteTerm term(TypeBodyAlternativeEnd);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm AlternativeBegin()
+    {
+        ByteTerm term(TypeAlternativeBegin);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm AlternativeDisjunction()
+    {
+        ByteTerm term(TypeAlternativeDisjunction);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm AlternativeEnd()
+    {
+        ByteTerm term(TypeAlternativeEnd);
+        term.alternative.next = 0;
+        term.alternative.end = 0;
+        return term;
+    }
+
+    static ByteTerm SubpatternBegin()
+    {
+        return ByteTerm(TypeSubpatternBegin);
+    }
+
+    static ByteTerm SubpatternEnd()
+    {
+        return ByteTerm(TypeSubpatternEnd);
+    }
+
+    bool invert()
+    {
+        return invertOrCapture;
+    }
+
+    bool capture()
+    {
+        return invertOrCapture;
+    }
+};
+
+class ByteDisjunction : public FastAllocBase {
+public:
+    ByteDisjunction(unsigned numSubpatterns, unsigned frameSize)
+        : m_numSubpatterns(numSubpatterns)
+        , m_frameSize(frameSize)
+    {
+    }
+
+    Vector<ByteTerm> terms;
+    unsigned m_numSubpatterns;
+    unsigned m_frameSize;
+};
+
+struct BytecodePattern : FastAllocBase {
+    BytecodePattern(ByteDisjunction* body, Vector<ByteDisjunction*> allParenthesesInfo, RegexPattern& pattern)
+        : m_body(body)
+        , m_ignoreCase(pattern.m_ignoreCase)
+        , m_multiline(pattern.m_multiline)
+    {
+        newlineCharacterClass = pattern.newlineCharacterClass();
+        wordcharCharacterClass = pattern.wordcharCharacterClass();
+
+        m_allParenthesesInfo.append(allParenthesesInfo);
+        m_userCharacterClasses.append(pattern.m_userCharacterClasses);
+        // 'Steal' the RegexPattern's CharacterClasses!  We clear its
+        // array, so that it won't delete them on destruction.  We'll
+        // take responsibility for that.
+        pattern.m_userCharacterClasses.clear();
+    }
+
+    ~BytecodePattern()
+    {
+        deleteAllValues(m_allParenthesesInfo);
+        deleteAllValues(m_userCharacterClasses);
+    }
+
+    OwnPtr<ByteDisjunction> m_body;
+    bool m_ignoreCase;
+    bool m_multiline;
+    
+    CharacterClass* newlineCharacterClass;
+    CharacterClass* wordcharCharacterClass;
+private:
+    Vector<ByteDisjunction*> m_allParenthesesInfo;
+    Vector<CharacterClass*> m_userCharacterClasses;
+};
+
+BytecodePattern* byteCompileRegex(const UString& pattern, unsigned& numSubpatterns, const char*& error, bool ignoreCase = false, bool multiline = false);
+int interpretRegex(BytecodePattern* v_regex, const UChar* input, unsigned start, unsigned length, int* output);
+
+} } // namespace JSC::Yarr
+
+#endif
+
+#endif // RegexInterpreter_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.cpp
new file mode 100644
index 000000000..d77742454
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.cpp
@@ -0,0 +1,1418 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "RegexJIT.h"
+
+#include "ASCIICType.h"
+#include "JSGlobalData.h"
+#include "LinkBuffer.h"
+#include "MacroAssembler.h"
+#include "RegexCompiler.h"
+
+#include "pcre.h" // temporary, remove when fallback is removed.
+
+#if ENABLE(YARR_JIT)
+
+using namespace WTF;
+
+namespace JSC { namespace Yarr {
+
+
+class RegexGenerator : private MacroAssembler {
+    friend void jitCompileRegex(JSGlobalData* globalData, RegexCodeBlock& jitObject, const UString& pattern, unsigned& numSubpatterns, const char*& error, bool ignoreCase, bool multiline);
+
+#if PLATFORM(ARM)
+    static const RegisterID input = ARMRegisters::r0;
+    static const RegisterID index = ARMRegisters::r1;
+    static const RegisterID length = ARMRegisters::r2;
+    static const RegisterID output = ARMRegisters::r4;
+
+    static const RegisterID regT0 = ARMRegisters::r5;
+    static const RegisterID regT1 = ARMRegisters::r6;
+
+    static const RegisterID returnRegister = ARMRegisters::r0;
+#elif PLATFORM(X86)
+    static const RegisterID input = X86Registers::eax;
+    static const RegisterID index = X86Registers::edx;
+    static const RegisterID length = X86Registers::ecx;
+    static const RegisterID output = X86Registers::edi;
+
+    static const RegisterID regT0 = X86Registers::ebx;
+    static const RegisterID regT1 = X86Registers::esi;
+
+    static const RegisterID returnRegister = X86Registers::eax;
+#elif PLATFORM(X86_64)
+    static const RegisterID input = X86Registers::edi;
+    static const RegisterID index = X86Registers::esi;
+    static const RegisterID length = X86Registers::edx;
+    static const RegisterID output = X86Registers::ecx;
+
+    static const RegisterID regT0 = X86Registers::eax;
+    static const RegisterID regT1 = X86Registers::ebx;
+
+    static const RegisterID returnRegister = X86Registers::eax;
+#endif
+
+    void optimizeAlternative(PatternAlternative* alternative)
+    {
+        if (!alternative->m_terms.size())
+            return;
+
+        for (unsigned i = 0; i < alternative->m_terms.size() - 1; ++i) {
+            PatternTerm& term = alternative->m_terms[i];
+            PatternTerm& nextTerm = alternative->m_terms[i + 1];
+
+            if ((term.type == PatternTerm::TypeCharacterClass)
+                && (term.quantityType == QuantifierFixedCount)
+                && (nextTerm.type == PatternTerm::TypePatternCharacter)
+                && (nextTerm.quantityType == QuantifierFixedCount)) {
+                PatternTerm termCopy = term;
+                alternative->m_terms[i] = nextTerm;
+                alternative->m_terms[i + 1] = termCopy;
+            }
+        }
+    }
+
+    void matchCharacterClassRange(RegisterID character, JumpList& failures, JumpList& matchDest, const CharacterRange* ranges, unsigned count, unsigned* matchIndex, const UChar* matches, unsigned matchCount)
+    {
+        do {
+            // pick which range we're going to generate
+            int which = count >> 1;
+            char lo = ranges[which].begin;
+            char hi = ranges[which].end;
+            
+            // check if there are any ranges or matches below lo.  If not, just jl to failure -
+            // if there is anything else to check, check that first, if it falls through jmp to failure.
+            if ((*matchIndex < matchCount) && (matches[*matchIndex] < lo)) {
+                Jump loOrAbove = branch32(GreaterThanOrEqual, character, Imm32((unsigned short)lo));
+                
+                // generate code for all ranges before this one
+                if (which)
+                    matchCharacterClassRange(character, failures, matchDest, ranges, which, matchIndex, matches, matchCount);
+                
+                while ((*matchIndex < matchCount) && (matches[*matchIndex] < lo)) {
+                    matchDest.append(branch32(Equal, character, Imm32((unsigned short)matches[*matchIndex])));
+                    ++*matchIndex;
+                }
+                failures.append(jump());
+
+                loOrAbove.link(this);
+            } else if (which) {
+                Jump loOrAbove = branch32(GreaterThanOrEqual, character, Imm32((unsigned short)lo));
+
+                matchCharacterClassRange(character, failures, matchDest, ranges, which, matchIndex, matches, matchCount);
+                failures.append(jump());
+
+                loOrAbove.link(this);
+            } else
+                failures.append(branch32(LessThan, character, Imm32((unsigned short)lo)));
+
+            while ((*matchIndex < matchCount) && (matches[*matchIndex] <= hi))
+                ++*matchIndex;
+
+            matchDest.append(branch32(LessThanOrEqual, character, Imm32((unsigned short)hi)));
+            // fall through to here, the value is above hi.
+
+            // shuffle along & loop around if there are any more matches to handle.
+            unsigned next = which + 1;
+            ranges += next;
+            count -= next;
+        } while (count);
+    }
+
+    void matchCharacterClass(RegisterID character, JumpList& matchDest, const CharacterClass* charClass)
+    {
+        Jump unicodeFail;
+        if (charClass->m_matchesUnicode.size() || charClass->m_rangesUnicode.size()) {
+            Jump isAscii = branch32(LessThanOrEqual, character, Imm32(0x7f));
+        
+            if (charClass->m_matchesUnicode.size()) {
+                for (unsigned i = 0; i < charClass->m_matchesUnicode.size(); ++i) {
+                    UChar ch = charClass->m_matchesUnicode[i];
+                    matchDest.append(branch32(Equal, character, Imm32(ch)));
+                }
+            }
+            
+            if (charClass->m_rangesUnicode.size()) {
+                for (unsigned i = 0; i < charClass->m_rangesUnicode.size(); ++i) {
+                    UChar lo = charClass->m_rangesUnicode[i].begin;
+                    UChar hi = charClass->m_rangesUnicode[i].end;
+                    
+                    Jump below = branch32(LessThan, character, Imm32(lo));
+                    matchDest.append(branch32(LessThanOrEqual, character, Imm32(hi)));
+                    below.link(this);
+                }
+            }
+
+            unicodeFail = jump();
+            isAscii.link(this);
+        }
+
+        if (charClass->m_ranges.size()) {
+            unsigned matchIndex = 0;
+            JumpList failures; 
+            matchCharacterClassRange(character, failures, matchDest, charClass->m_ranges.begin(), charClass->m_ranges.size(), &matchIndex, charClass->m_matches.begin(), charClass->m_matches.size());
+            while (matchIndex < charClass->m_matches.size())
+                matchDest.append(branch32(Equal, character, Imm32((unsigned short)charClass->m_matches[matchIndex++])));
+
+            failures.link(this);
+        } else if (charClass->m_matches.size()) {
+            // optimization: gather 'a','A' etc back together, can mask & test once.
+            Vector<char> matchesAZaz;
+
+            for (unsigned i = 0; i < charClass->m_matches.size(); ++i) {
+                char ch = charClass->m_matches[i];
+                if (m_pattern.m_ignoreCase) {
+                    if (isASCIILower(ch)) {
+                        matchesAZaz.append(ch);
+                        continue;
+                    }
+                    if (isASCIIUpper(ch))
+                        continue;
+                }
+                matchDest.append(branch32(Equal, character, Imm32((unsigned short)ch)));
+            }
+
+            if (unsigned countAZaz = matchesAZaz.size()) {
+                or32(Imm32(32), character);
+                for (unsigned i = 0; i < countAZaz; ++i)
+                    matchDest.append(branch32(Equal, character, Imm32(matchesAZaz[i])));
+            }
+        }
+
+        if (charClass->m_matchesUnicode.size() || charClass->m_rangesUnicode.size())
+            unicodeFail.link(this);
+    }
+
+    // Jumps if input not available; will have (incorrectly) incremented already!
+    Jump jumpIfNoAvailableInput(unsigned countToCheck)
+    {
+        add32(Imm32(countToCheck), index);
+        return branch32(Above, index, length);
+    }
+
+    Jump jumpIfAvailableInput(unsigned countToCheck)
+    {
+        add32(Imm32(countToCheck), index);
+        return branch32(BelowOrEqual, index, length);
+    }
+
+    Jump checkInput()
+    {
+        return branch32(BelowOrEqual, index, length);
+    }
+
+    Jump atEndOfInput()
+    {
+        return branch32(Equal, index, length);
+    }
+
+    Jump notAtEndOfInput()
+    {
+        return branch32(NotEqual, index, length);
+    }
+
+    Jump jumpIfCharEquals(UChar ch, int inputPosition)
+    {
+        return branch16(Equal, BaseIndex(input, index, TimesTwo, inputPosition * sizeof(UChar)), Imm32(ch));
+    }
+
+    Jump jumpIfCharNotEquals(UChar ch, int inputPosition)
+    {
+        return branch16(NotEqual, BaseIndex(input, index, TimesTwo, inputPosition * sizeof(UChar)), Imm32(ch));
+    }
+
+    void readCharacter(int inputPosition, RegisterID reg)
+    {
+        load16(BaseIndex(input, index, TimesTwo, inputPosition * sizeof(UChar)), reg);
+    }
+
+    void storeToFrame(RegisterID reg, unsigned frameLocation)
+    {
+        poke(reg, frameLocation);
+    }
+
+    void storeToFrame(Imm32 imm, unsigned frameLocation)
+    {
+        poke(imm, frameLocation);
+    }
+
+    DataLabelPtr storeToFrameWithPatch(unsigned frameLocation)
+    {
+        return storePtrWithPatch(ImmPtr(0), Address(stackPointerRegister, frameLocation * sizeof(void*)));
+    }
+
+    void loadFromFrame(unsigned frameLocation, RegisterID reg)
+    {
+        peek(reg, frameLocation);
+    }
+
+    void loadFromFrameAndJump(unsigned frameLocation)
+    {
+        jump(Address(stackPointerRegister, frameLocation * sizeof(void*)));
+    }
+
+    struct AlternativeBacktrackRecord {
+        DataLabelPtr dataLabel;
+        Label backtrackLocation;
+
+        AlternativeBacktrackRecord(DataLabelPtr dataLabel, Label backtrackLocation)
+            : dataLabel(dataLabel)
+            , backtrackLocation(backtrackLocation)
+        {
+        }
+    };
+
+    struct TermGenerationState {
+        TermGenerationState(PatternDisjunction* disjunction, unsigned checkedTotal)
+            : disjunction(disjunction)
+            , checkedTotal(checkedTotal)
+        {
+        }
+
+        void resetAlternative()
+        {
+            isBackTrackGenerated = false;
+            alt = 0;
+        }
+        bool alternativeValid()
+        {
+            return alt < disjunction->m_alternatives.size();
+        }
+        void nextAlternative()
+        {
+            ++alt;
+        }
+        PatternAlternative* alternative()
+        {
+            return disjunction->m_alternatives[alt];
+        }
+
+        void resetTerm()
+        {
+            ASSERT(alternativeValid());
+            t = 0;
+        }
+        bool termValid()
+        {
+            ASSERT(alternativeValid());
+            return t < alternative()->m_terms.size();
+        }
+        void nextTerm()
+        {
+            ASSERT(alternativeValid());
+            ++t;
+        }
+        PatternTerm& term()
+        {
+            ASSERT(alternativeValid());
+            return alternative()->m_terms[t];
+        }
+
+        PatternTerm& lookaheadTerm()
+        {
+            ASSERT(alternativeValid());
+            ASSERT((t + 1) < alternative()->m_terms.size());
+            return alternative()->m_terms[t + 1];
+        }
+        bool isSinglePatternCharacterLookaheadTerm()
+        {
+            ASSERT(alternativeValid());
+            return ((t + 1) < alternative()->m_terms.size())
+                && (lookaheadTerm().type == PatternTerm::TypePatternCharacter)
+                && (lookaheadTerm().quantityType == QuantifierFixedCount)
+                && (lookaheadTerm().quantityCount == 1);
+        }
+
+        int inputOffset()
+        {
+            return term().inputPosition - checkedTotal;
+        }
+
+        void jumpToBacktrack(Jump jump, MacroAssembler* masm)
+        {
+            if (isBackTrackGenerated)
+                jump.linkTo(backtrackLabel, masm);
+            else
+                backTrackJumps.append(jump);
+        }
+        void jumpToBacktrack(JumpList& jumps, MacroAssembler* masm)
+        {
+            if (isBackTrackGenerated)
+                jumps.linkTo(backtrackLabel, masm);
+            else
+                backTrackJumps.append(jumps);
+        }
+        bool plantJumpToBacktrackIfExists(MacroAssembler* masm)
+        {
+            if (isBackTrackGenerated) {
+                masm->jump(backtrackLabel);
+                return true;
+            }
+            return false;
+        }
+        void addBacktrackJump(Jump jump)
+        {
+            backTrackJumps.append(jump);
+        }
+        void setBacktrackGenerated(Label label)
+        {
+            isBackTrackGenerated = true;
+            backtrackLabel = label;
+        }
+        void linkAlternativeBacktracks(MacroAssembler* masm)
+        {
+            isBackTrackGenerated = false;
+            backTrackJumps.link(masm);
+        }
+        void linkAlternativeBacktracksTo(Label label, MacroAssembler* masm)
+        {
+            isBackTrackGenerated = false;
+            backTrackJumps.linkTo(label, masm);
+        }
+        void propagateBacktrackingFrom(TermGenerationState& nestedParenthesesState, MacroAssembler* masm)
+        {
+            jumpToBacktrack(nestedParenthesesState.backTrackJumps, masm);
+            if (nestedParenthesesState.isBackTrackGenerated)
+                setBacktrackGenerated(nestedParenthesesState.backtrackLabel);
+        }
+
+        PatternDisjunction* disjunction;
+        int checkedTotal;
+    private:
+        unsigned alt;
+        unsigned t;
+        JumpList backTrackJumps;
+        Label backtrackLabel;
+        bool isBackTrackGenerated;
+    };
+
+    void generateAssertionBOL(TermGenerationState& state)
+    {
+        PatternTerm& term = state.term();
+
+        if (m_pattern.m_multiline) {
+            const RegisterID character = regT0;
+
+            JumpList matchDest;
+            if (!term.inputPosition)
+                matchDest.append(branch32(Equal, index, Imm32(state.checkedTotal)));
+
+            readCharacter(state.inputOffset() - 1, character);
+            matchCharacterClass(character, matchDest, m_pattern.newlineCharacterClass());
+            state.jumpToBacktrack(jump(), this);
+
+            matchDest.link(this);
+        } else {
+            // Erk, really should poison out these alternatives early. :-/
+            if (term.inputPosition)
+                state.jumpToBacktrack(jump(), this);
+            else
+                state.jumpToBacktrack(branch32(NotEqual, index, Imm32(state.checkedTotal)), this);
+        }
+    }
+
+    void generateAssertionEOL(TermGenerationState& state)
+    {
+        PatternTerm& term = state.term();
+
+        if (m_pattern.m_multiline) {
+            const RegisterID character = regT0;
+
+            JumpList matchDest;
+            if (term.inputPosition == state.checkedTotal)
+                matchDest.append(atEndOfInput());
+
+            readCharacter(state.inputOffset(), character);
+            matchCharacterClass(character, matchDest, m_pattern.newlineCharacterClass());
+            state.jumpToBacktrack(jump(), this);
+
+            matchDest.link(this);
+        } else {
+            if (term.inputPosition == state.checkedTotal)
+                state.jumpToBacktrack(notAtEndOfInput(), this);
+            // Erk, really should poison out these alternatives early. :-/
+            else
+                state.jumpToBacktrack(jump(), this);
+        }
+    }
+
+    // Also falls though on nextIsNotWordChar.
+    void matchAssertionWordchar(TermGenerationState& state, JumpList& nextIsWordChar, JumpList& nextIsNotWordChar)
+    {
+        const RegisterID character = regT0;
+        PatternTerm& term = state.term();
+
+        if (term.inputPosition == state.checkedTotal)
+            nextIsNotWordChar.append(atEndOfInput());
+
+        readCharacter(state.inputOffset(), character);
+        matchCharacterClass(character, nextIsWordChar, m_pattern.wordcharCharacterClass());
+    }
+
+    void generateAssertionWordBoundary(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        PatternTerm& term = state.term();
+
+        Jump atBegin;
+        JumpList matchDest;
+        if (!term.inputPosition)
+            atBegin = branch32(Equal, index, Imm32(state.checkedTotal));
+        readCharacter(state.inputOffset() - 1, character);
+        matchCharacterClass(character, matchDest, m_pattern.wordcharCharacterClass());
+        if (!term.inputPosition)
+            atBegin.link(this);
+
+        // We fall through to here if the last character was not a wordchar.
+        JumpList nonWordCharThenWordChar;
+        JumpList nonWordCharThenNonWordChar;
+        if (term.invertOrCapture) {
+            matchAssertionWordchar(state, nonWordCharThenNonWordChar, nonWordCharThenWordChar);
+            nonWordCharThenWordChar.append(jump());
+        } else {
+            matchAssertionWordchar(state, nonWordCharThenWordChar, nonWordCharThenNonWordChar);
+            nonWordCharThenNonWordChar.append(jump());
+        }
+        state.jumpToBacktrack(nonWordCharThenNonWordChar, this);
+
+        // We jump here if the last character was a wordchar.
+        matchDest.link(this);
+        JumpList wordCharThenWordChar;
+        JumpList wordCharThenNonWordChar;
+        if (term.invertOrCapture) {
+            matchAssertionWordchar(state, wordCharThenNonWordChar, wordCharThenWordChar);
+            wordCharThenWordChar.append(jump());
+        } else {
+            matchAssertionWordchar(state, wordCharThenWordChar, wordCharThenNonWordChar);
+            // This can fall-though!
+        }
+
+        state.jumpToBacktrack(wordCharThenWordChar, this);
+        
+        nonWordCharThenWordChar.link(this);
+        wordCharThenNonWordChar.link(this);
+    }
+
+    void generatePatternCharacterSingle(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        UChar ch = state.term().patternCharacter;
+
+        if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
+            readCharacter(state.inputOffset(), character);
+            or32(Imm32(32), character);
+            state.jumpToBacktrack(branch32(NotEqual, character, Imm32(Unicode::toLower(ch))), this);
+        } else {
+            ASSERT(!m_pattern.m_ignoreCase || (Unicode::toLower(ch) == Unicode::toUpper(ch)));
+            state.jumpToBacktrack(jumpIfCharNotEquals(ch, state.inputOffset()), this);
+        }
+    }
+
+    void generatePatternCharacterPair(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        UChar ch1 = state.term().patternCharacter;
+        UChar ch2 = state.lookaheadTerm().patternCharacter;
+
+        int mask = 0;
+        int chPair = ch1 | (ch2 << 16);
+        
+        if (m_pattern.m_ignoreCase) {
+            if (isASCIIAlpha(ch1))
+                mask |= 32;
+            if (isASCIIAlpha(ch2))
+                mask |= 32 << 16;
+        }
+
+        if (mask) {
+            load32WithUnalignedHalfWords(BaseIndex(input, index, TimesTwo, state.inputOffset() * sizeof(UChar)), character);
+            or32(Imm32(mask), character);
+            state.jumpToBacktrack(branch32(NotEqual, character, Imm32(chPair | mask)), this);
+        } else
+            state.jumpToBacktrack(branch32WithUnalignedHalfWords(NotEqual, BaseIndex(input, index, TimesTwo, state.inputOffset() * sizeof(UChar)), Imm32(chPair)), this);
+    }
+
+    void generatePatternCharacterFixed(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+        UChar ch = term.patternCharacter;
+
+        move(index, countRegister);
+        sub32(Imm32(term.quantityCount), countRegister);
+
+        Label loop(this);
+        if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
+            load16(BaseIndex(input, countRegister, TimesTwo, (state.inputOffset() + term.quantityCount) * sizeof(UChar)), character);
+            or32(Imm32(32), character);
+            state.jumpToBacktrack(branch32(NotEqual, character, Imm32(Unicode::toLower(ch))), this);
+        } else {
+            ASSERT(!m_pattern.m_ignoreCase || (Unicode::toLower(ch) == Unicode::toUpper(ch)));
+            state.jumpToBacktrack(branch16(NotEqual, BaseIndex(input, countRegister, TimesTwo, (state.inputOffset() + term.quantityCount) * sizeof(UChar)), Imm32(ch)), this);
+        }
+        add32(Imm32(1), countRegister);
+        branch32(NotEqual, countRegister, index).linkTo(loop, this);
+    }
+
+    void generatePatternCharacterGreedy(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+        UChar ch = term.patternCharacter;
+    
+        move(Imm32(0), countRegister);
+
+        JumpList failures;
+        Label loop(this);
+        failures.append(atEndOfInput());
+        if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
+            readCharacter(state.inputOffset(), character);
+            or32(Imm32(32), character);
+            failures.append(branch32(NotEqual, character, Imm32(Unicode::toLower(ch))));
+        } else {
+            ASSERT(!m_pattern.m_ignoreCase || (Unicode::toLower(ch) == Unicode::toUpper(ch)));
+            failures.append(jumpIfCharNotEquals(ch, state.inputOffset()));
+        }
+        add32(Imm32(1), countRegister);
+        add32(Imm32(1), index);
+        branch32(NotEqual, countRegister, Imm32(term.quantityCount)).linkTo(loop, this);
+        failures.append(jump());
+
+        Label backtrackBegin(this);
+        loadFromFrame(term.frameLocation, countRegister);
+        state.jumpToBacktrack(branchTest32(Zero, countRegister), this);
+        sub32(Imm32(1), countRegister);
+        sub32(Imm32(1), index);
+
+        failures.link(this);
+
+        storeToFrame(countRegister, term.frameLocation);
+
+        state.setBacktrackGenerated(backtrackBegin);
+    }
+
+    void generatePatternCharacterNonGreedy(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+        UChar ch = term.patternCharacter;
+    
+        move(Imm32(0), countRegister);
+
+        Jump firstTimeDoNothing = jump();
+
+        Label hardFail(this);
+        sub32(countRegister, index);
+        state.jumpToBacktrack(jump(), this);
+
+        Label backtrackBegin(this);
+        loadFromFrame(term.frameLocation, countRegister);
+
+        atEndOfInput().linkTo(hardFail, this);
+        branch32(Equal, countRegister, Imm32(term.quantityCount), hardFail);
+        if (m_pattern.m_ignoreCase && isASCIIAlpha(ch)) {
+            readCharacter(state.inputOffset(), character);
+            or32(Imm32(32), character);
+            branch32(NotEqual, character, Imm32(Unicode::toLower(ch))).linkTo(hardFail, this);
+        } else {
+            ASSERT(!m_pattern.m_ignoreCase || (Unicode::toLower(ch) == Unicode::toUpper(ch)));
+            jumpIfCharNotEquals(ch, state.inputOffset()).linkTo(hardFail, this);
+        }
+
+        add32(Imm32(1), countRegister);
+        add32(Imm32(1), index);
+
+        firstTimeDoNothing.link(this);
+        storeToFrame(countRegister, term.frameLocation);
+
+        state.setBacktrackGenerated(backtrackBegin);
+    }
+
+    void generateCharacterClassSingle(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        PatternTerm& term = state.term();
+
+        JumpList matchDest;
+        readCharacter(state.inputOffset(), character);
+        matchCharacterClass(character, matchDest, term.characterClass);
+
+        if (term.invertOrCapture)
+            state.jumpToBacktrack(matchDest, this);
+        else {
+            state.jumpToBacktrack(jump(), this);
+            matchDest.link(this);
+        }
+    }
+
+    void generateCharacterClassFixed(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+
+        move(index, countRegister);
+        sub32(Imm32(term.quantityCount), countRegister);
+
+        Label loop(this);
+        JumpList matchDest;
+        load16(BaseIndex(input, countRegister, TimesTwo, (state.inputOffset() + term.quantityCount) * sizeof(UChar)), character);
+        matchCharacterClass(character, matchDest, term.characterClass);
+
+        if (term.invertOrCapture)
+            state.jumpToBacktrack(matchDest, this);
+        else {
+            state.jumpToBacktrack(jump(), this);
+            matchDest.link(this);
+        }
+
+        add32(Imm32(1), countRegister);
+        branch32(NotEqual, countRegister, index).linkTo(loop, this);
+    }
+
+    void generateCharacterClassGreedy(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+    
+        move(Imm32(0), countRegister);
+
+        JumpList failures;
+        Label loop(this);
+        failures.append(atEndOfInput());
+
+        if (term.invertOrCapture) {
+            readCharacter(state.inputOffset(), character);
+            matchCharacterClass(character, failures, term.characterClass);
+        } else {
+            JumpList matchDest;
+            readCharacter(state.inputOffset(), character);
+            matchCharacterClass(character, matchDest, term.characterClass);
+            failures.append(jump());
+            matchDest.link(this);
+        }
+
+        add32(Imm32(1), countRegister);
+        add32(Imm32(1), index);
+        branch32(NotEqual, countRegister, Imm32(term.quantityCount)).linkTo(loop, this);
+        failures.append(jump());
+
+        Label backtrackBegin(this);
+        loadFromFrame(term.frameLocation, countRegister);
+        state.jumpToBacktrack(branchTest32(Zero, countRegister), this);
+        sub32(Imm32(1), countRegister);
+        sub32(Imm32(1), index);
+
+        failures.link(this);
+
+        storeToFrame(countRegister, term.frameLocation);
+
+        state.setBacktrackGenerated(backtrackBegin);
+    }
+
+    void generateCharacterClassNonGreedy(TermGenerationState& state)
+    {
+        const RegisterID character = regT0;
+        const RegisterID countRegister = regT1;
+        PatternTerm& term = state.term();
+    
+        move(Imm32(0), countRegister);
+
+        Jump firstTimeDoNothing = jump();
+
+        Label hardFail(this);
+        sub32(countRegister, index);
+        state.jumpToBacktrack(jump(), this);
+
+        Label backtrackBegin(this);
+        loadFromFrame(term.frameLocation, countRegister);
+
+        atEndOfInput().linkTo(hardFail, this);
+        branch32(Equal, countRegister, Imm32(term.quantityCount), hardFail);
+
+        JumpList matchDest;
+        readCharacter(state.inputOffset(), character);
+        matchCharacterClass(character, matchDest, term.characterClass);
+
+        if (term.invertOrCapture)
+            matchDest.linkTo(hardFail, this);
+        else {
+            jump(hardFail);
+            matchDest.link(this);
+        }
+
+        add32(Imm32(1), countRegister);
+        add32(Imm32(1), index);
+
+        firstTimeDoNothing.link(this);
+        storeToFrame(countRegister, term.frameLocation);
+
+        state.setBacktrackGenerated(backtrackBegin);
+    }
+
+    void generateParenthesesDisjunction(PatternTerm& parenthesesTerm, TermGenerationState& state, unsigned alternativeFrameLocation)
+    {
+        ASSERT((parenthesesTerm.type == PatternTerm::TypeParenthesesSubpattern) || (parenthesesTerm.type == PatternTerm::TypeParentheticalAssertion));
+        ASSERT(parenthesesTerm.quantityCount == 1);
+    
+        PatternDisjunction* disjunction = parenthesesTerm.parentheses.disjunction;
+        unsigned preCheckedCount = ((parenthesesTerm.quantityType == QuantifierFixedCount) && (parenthesesTerm.type != PatternTerm::TypeParentheticalAssertion)) ? disjunction->m_minimumSize : 0;
+
+        if (disjunction->m_alternatives.size() == 1) {
+            state.resetAlternative();
+            ASSERT(state.alternativeValid());
+            PatternAlternative* alternative = state.alternative();
+            optimizeAlternative(alternative);
+
+            int countToCheck = alternative->m_minimumSize - preCheckedCount;
+            if (countToCheck) {
+                ASSERT((parenthesesTerm.type == PatternTerm::TypeParentheticalAssertion) || (parenthesesTerm.quantityType != QuantifierFixedCount));
+
+                // FIXME: This is quite horrible.  The call to 'plantJumpToBacktrackIfExists'
+                // will be forced to always trampoline into here, just to decrement the index.
+                // Ick. 
+                Jump skip = jump();
+
+                Label backtrackBegin(this);
+                sub32(Imm32(countToCheck), index);
+                state.addBacktrackJump(jump());
+                
+                skip.link(this);
+
+                state.setBacktrackGenerated(backtrackBegin);
+
+                state.jumpToBacktrack(jumpIfNoAvailableInput(countToCheck), this);
+                state.checkedTotal += countToCheck;
+            }
+
+            for (state.resetTerm(); state.termValid(); state.nextTerm())
+                generateTerm(state);
+
+            state.checkedTotal -= countToCheck;
+        } else {
+            JumpList successes;
+
+            for (state.resetAlternative(); state.alternativeValid(); state.nextAlternative()) {
+
+                PatternAlternative* alternative = state.alternative();
+                optimizeAlternative(alternative);
+
+                ASSERT(alternative->m_minimumSize >= preCheckedCount);
+                int countToCheck = alternative->m_minimumSize - preCheckedCount;
+                if (countToCheck) {
+                    state.addBacktrackJump(jumpIfNoAvailableInput(countToCheck));
+                    state.checkedTotal += countToCheck;
+                }
+
+                for (state.resetTerm(); state.termValid(); state.nextTerm())
+                    generateTerm(state);
+
+                // Matched an alternative.
+                DataLabelPtr dataLabel = storeToFrameWithPatch(alternativeFrameLocation);
+                successes.append(jump());
+
+                // Alternative did not match.
+                Label backtrackLocation(this);
+                
+                // Can we backtrack the alternative? - if so, do so.  If not, just fall through to the next one.
+                state.plantJumpToBacktrackIfExists(this);
+                
+                state.linkAlternativeBacktracks(this);
+
+                if (countToCheck) {
+                    sub32(Imm32(countToCheck), index);
+                    state.checkedTotal -= countToCheck;
+                }
+
+                m_backtrackRecords.append(AlternativeBacktrackRecord(dataLabel, backtrackLocation));
+            }
+            // We fall through to here when the last alternative fails.
+            // Add a backtrack out of here for the parenthese handling code to link up.
+            state.addBacktrackJump(jump());
+
+            // Generate a trampoline for the parens code to backtrack to, to retry the
+            // next alternative.
+            state.setBacktrackGenerated(label());
+            loadFromFrameAndJump(alternativeFrameLocation);
+
+            // FIXME: both of the above hooks are a little inefficient, in that you
+            // may end up trampolining here, just to trampoline back out to the
+            // parentheses code, or vice versa.  We can probably eliminate a jump
+            // by restructuring, but coding this way for now for simplicity during
+            // development.
+
+            successes.link(this);
+        }
+    }
+
+    void generateParenthesesSingle(TermGenerationState& state)
+    {
+        const RegisterID indexTemporary = regT0;
+        PatternTerm& term = state.term();
+        PatternDisjunction* disjunction = term.parentheses.disjunction;
+        ASSERT(term.quantityCount == 1);
+
+        unsigned preCheckedCount = ((term.quantityCount == 1) && (term.quantityType == QuantifierFixedCount)) ? disjunction->m_minimumSize : 0;
+
+        unsigned parenthesesFrameLocation = term.frameLocation;
+        unsigned alternativeFrameLocation = parenthesesFrameLocation;
+        if (term.quantityType != QuantifierFixedCount)
+            alternativeFrameLocation += RegexStackSpaceForBackTrackInfoParenthesesOnce;
+
+        // optimized case - no capture & no quantifier can be handled in a light-weight manner.
+        if (!term.invertOrCapture && (term.quantityType == QuantifierFixedCount)) {
+            TermGenerationState parenthesesState(disjunction, state.checkedTotal);
+            generateParenthesesDisjunction(state.term(), parenthesesState, alternativeFrameLocation);
+            // this expects that any backtracks back out of the parentheses will be in the
+            // parenthesesState's backTrackJumps vector, and that if they need backtracking
+            // they will have set an entry point on the parenthesesState's backtrackLabel.
+            state.propagateBacktrackingFrom(parenthesesState, this);
+        } else {
+            Jump nonGreedySkipParentheses;
+            Label nonGreedyTryParentheses;
+            if (term.quantityType == QuantifierGreedy)
+                storeToFrame(Imm32(1), parenthesesFrameLocation);
+            else if (term.quantityType == QuantifierNonGreedy) {
+                storeToFrame(Imm32(0), parenthesesFrameLocation);
+                nonGreedySkipParentheses = jump();
+                nonGreedyTryParentheses = label();
+                storeToFrame(Imm32(1), parenthesesFrameLocation);
+            }
+
+            // store the match start index
+            if (term.invertOrCapture) {
+                int inputOffset = state.inputOffset() - preCheckedCount;
+                if (inputOffset) {
+                    move(index, indexTemporary);
+                    add32(Imm32(inputOffset), indexTemporary);
+                    store32(indexTemporary, Address(output, (term.parentheses.subpatternId << 1) * sizeof(int)));
+                } else
+                    store32(index, Address(output, (term.parentheses.subpatternId << 1) * sizeof(int)));
+            }
+
+            // generate the body of the parentheses
+            TermGenerationState parenthesesState(disjunction, state.checkedTotal);
+            generateParenthesesDisjunction(state.term(), parenthesesState, alternativeFrameLocation);
+
+            // store the match end index
+            if (term.invertOrCapture) {
+                int inputOffset = state.inputOffset();
+                if (inputOffset) {
+                    move(index, indexTemporary);
+                    add32(Imm32(state.inputOffset()), indexTemporary);
+                    store32(indexTemporary, Address(output, ((term.parentheses.subpatternId << 1) + 1) * sizeof(int)));
+                } else
+                    store32(index, Address(output, ((term.parentheses.subpatternId << 1) + 1) * sizeof(int)));
+            }
+            Jump success = jump();
+
+            // A failure AFTER the parens jumps here
+            Label backtrackFromAfterParens(this);
+
+            if (term.quantityType == QuantifierGreedy) {
+                // If this is zero we have now tested with both with and without the parens.
+                loadFromFrame(parenthesesFrameLocation, indexTemporary);
+                state.jumpToBacktrack(branchTest32(Zero, indexTemporary), this);
+            } else if (term.quantityType == QuantifierNonGreedy) {
+                // If this is zero we have now tested with both with and without the parens.
+                loadFromFrame(parenthesesFrameLocation, indexTemporary);
+                branchTest32(Zero, indexTemporary).linkTo(nonGreedyTryParentheses, this);
+            }
+
+            parenthesesState.plantJumpToBacktrackIfExists(this);
+            // A failure WITHIN the parens jumps here
+            parenthesesState.linkAlternativeBacktracks(this);
+            if (term.invertOrCapture) {
+                store32(Imm32(-1), Address(output, (term.parentheses.subpatternId << 1) * sizeof(int)));
+                store32(Imm32(-1), Address(output, ((term.parentheses.subpatternId << 1) + 1) * sizeof(int)));
+            }
+
+            if (term.quantityType == QuantifierGreedy)
+                storeToFrame(Imm32(0), parenthesesFrameLocation);
+            else
+                state.jumpToBacktrack(jump(), this);
+
+            state.setBacktrackGenerated(backtrackFromAfterParens);
+            if (term.quantityType == QuantifierNonGreedy)
+                nonGreedySkipParentheses.link(this);
+            success.link(this);
+        }
+    }
+
+    void generateParentheticalAssertion(TermGenerationState& state)
+    {
+        PatternTerm& term = state.term();
+        PatternDisjunction* disjunction = term.parentheses.disjunction;
+        ASSERT(term.quantityCount == 1);
+        ASSERT(term.quantityType == QuantifierFixedCount);
+
+        unsigned parenthesesFrameLocation = term.frameLocation;
+        unsigned alternativeFrameLocation = parenthesesFrameLocation + RegexStackSpaceForBackTrackInfoParentheticalAssertion;
+
+        int countCheckedAfterAssertion = state.checkedTotal - term.inputPosition;
+
+        if (term.invertOrCapture) {
+            // Inverted case
+            storeToFrame(index, parenthesesFrameLocation);
+
+            state.checkedTotal -= countCheckedAfterAssertion;
+            if (countCheckedAfterAssertion)
+                sub32(Imm32(countCheckedAfterAssertion), index);
+
+            TermGenerationState parenthesesState(disjunction, state.checkedTotal);
+            generateParenthesesDisjunction(state.term(), parenthesesState, alternativeFrameLocation);
+            // Success! - which means - Fail!
+            loadFromFrame(parenthesesFrameLocation, index);
+            state.jumpToBacktrack(jump(), this);
+
+            // And fail means success.
+            parenthesesState.linkAlternativeBacktracks(this);
+            loadFromFrame(parenthesesFrameLocation, index);
+
+            state.checkedTotal += countCheckedAfterAssertion;
+        } else {
+            // Normal case
+            storeToFrame(index, parenthesesFrameLocation);
+
+            state.checkedTotal -= countCheckedAfterAssertion;
+            if (countCheckedAfterAssertion)
+                sub32(Imm32(countCheckedAfterAssertion), index);
+
+            TermGenerationState parenthesesState(disjunction, state.checkedTotal);
+            generateParenthesesDisjunction(state.term(), parenthesesState, alternativeFrameLocation);
+            // Success! - which means - Success!
+            loadFromFrame(parenthesesFrameLocation, index);
+            Jump success = jump();
+
+            parenthesesState.linkAlternativeBacktracks(this);
+            loadFromFrame(parenthesesFrameLocation, index);
+            state.jumpToBacktrack(jump(), this);
+
+            success.link(this);
+
+            state.checkedTotal += countCheckedAfterAssertion;
+        }
+    }
+
+    void generateTerm(TermGenerationState& state)
+    {
+        PatternTerm& term = state.term();
+
+        switch (term.type) {
+        case PatternTerm::TypeAssertionBOL:
+            generateAssertionBOL(state);
+            break;
+        
+        case PatternTerm::TypeAssertionEOL:
+            generateAssertionEOL(state);
+            break;
+        
+        case PatternTerm::TypeAssertionWordBoundary:
+            generateAssertionWordBoundary(state);
+            break;
+        
+        case PatternTerm::TypePatternCharacter:
+            switch (term.quantityType) {
+            case QuantifierFixedCount:
+                if (term.quantityCount == 1) {
+                    if (state.isSinglePatternCharacterLookaheadTerm() && (state.lookaheadTerm().inputPosition == (term.inputPosition + 1))) {
+                        generatePatternCharacterPair(state);
+                        state.nextTerm();
+                    } else
+                        generatePatternCharacterSingle(state);
+                } else
+                    generatePatternCharacterFixed(state);
+                break;
+            case QuantifierGreedy:
+                generatePatternCharacterGreedy(state);
+                break;
+            case QuantifierNonGreedy:
+                generatePatternCharacterNonGreedy(state);
+                break;
+            }
+            break;
+
+        case PatternTerm::TypeCharacterClass:
+            switch (term.quantityType) {
+            case QuantifierFixedCount:
+                if (term.quantityCount == 1)
+                    generateCharacterClassSingle(state);
+                else
+                    generateCharacterClassFixed(state);
+                break;
+            case QuantifierGreedy:
+                generateCharacterClassGreedy(state);
+                break;
+            case QuantifierNonGreedy:
+                generateCharacterClassNonGreedy(state);
+                break;
+            }
+            break;
+
+        case PatternTerm::TypeBackReference:
+            m_generationFailed = true;
+            break;
+
+        case PatternTerm::TypeForwardReference:
+            break;
+
+        case PatternTerm::TypeParenthesesSubpattern:
+            if ((term.quantityCount == 1) && !term.parentheses.isCopy)
+                generateParenthesesSingle(state);
+            else
+                m_generationFailed = true;
+            break;
+
+        case PatternTerm::TypeParentheticalAssertion:
+            generateParentheticalAssertion(state);
+            break;
+        }
+    }
+
+    void generateDisjunction(PatternDisjunction* disjunction)
+    {
+        TermGenerationState state(disjunction, 0);
+        state.resetAlternative();
+
+        // Plant a check to see if there is sufficient input available to run the first alternative.
+        // Jumping back to the label 'firstAlternative' will get to this check, jumping to
+        // 'firstAlternativeInputChecked' will jump directly to matching the alternative having
+        // skipped this check.
+
+        Label firstAlternative(this);
+
+        // check availability for the next alternative
+        int countCheckedForCurrentAlternative = 0;
+        int countToCheckForFirstAlternative = 0;
+        bool hasShorterAlternatives = false;
+        JumpList notEnoughInputForPreviousAlternative;
+
+        if (state.alternativeValid()) {
+            PatternAlternative* alternative = state.alternative();
+            countToCheckForFirstAlternative = alternative->m_minimumSize;
+            state.checkedTotal += countToCheckForFirstAlternative;
+            if (countToCheckForFirstAlternative)
+                notEnoughInputForPreviousAlternative.append(jumpIfNoAvailableInput(countToCheckForFirstAlternative));
+            countCheckedForCurrentAlternative = countToCheckForFirstAlternative;
+        }
+
+        Label firstAlternativeInputChecked(this);
+
+        while (state.alternativeValid()) {
+            // Track whether any alternatives are shorter than the first one.
+            hasShorterAlternatives = hasShorterAlternatives || (countCheckedForCurrentAlternative < countToCheckForFirstAlternative);
+
+            PatternAlternative* alternative = state.alternative();
+            optimizeAlternative(alternative);
+
+            for (state.resetTerm(); state.termValid(); state.nextTerm())
+                generateTerm(state);
+
+            // If we get here, the alternative matched.
+            if (m_pattern.m_body->m_callFrameSize)
+                addPtr(Imm32(m_pattern.m_body->m_callFrameSize * sizeof(void*)), stackPointerRegister);
+            
+            ASSERT(index != returnRegister);
+            if (m_pattern.m_body->m_hasFixedSize) {
+                move(index, returnRegister);
+                if (alternative->m_minimumSize)
+                    sub32(Imm32(alternative->m_minimumSize), returnRegister);
+            } else
+                pop(returnRegister);
+            store32(index, Address(output, 4));
+            store32(returnRegister, output);
+
+            generateReturn();
+
+            state.nextAlternative();
+
+            // if there are any more alternatives, plant the check for input before looping.
+            if (state.alternativeValid()) {
+                PatternAlternative* nextAlternative = state.alternative();
+                int countToCheckForNextAlternative = nextAlternative->m_minimumSize;
+
+                if (countCheckedForCurrentAlternative > countToCheckForNextAlternative) { // CASE 1: current alternative was longer than the next one.
+                    // If we get here, there the last input checked failed.
+                    notEnoughInputForPreviousAlternative.link(this);
+
+                    // Check if sufficent input available to run the next alternative 
+                    notEnoughInputForPreviousAlternative.append(jumpIfNoAvailableInput(countToCheckForNextAlternative - countCheckedForCurrentAlternative));
+                    // We are now in the correct state to enter the next alternative; this add is only required
+                    // to mirror and revert operation of the sub32, just below.
+                    add32(Imm32(countCheckedForCurrentAlternative - countToCheckForNextAlternative), index);
+
+                    // If we get here, there the last input checked passed.
+                    state.linkAlternativeBacktracks(this);
+                    // No need to check if we can run the next alternative, since it is shorter -
+                    // just update index.
+                    sub32(Imm32(countCheckedForCurrentAlternative - countToCheckForNextAlternative), index);
+                } else if (countCheckedForCurrentAlternative < countToCheckForNextAlternative) { // CASE 2: next alternative is longer than the current one.
+                    // If we get here, there the last input checked failed.
+                    // If there is insufficient input to run the current alternative, and the next alternative is longer,
+                    // then there is definitely not enough input to run it - don't even check. Just adjust index, as if
+                    // we had checked.
+                    notEnoughInputForPreviousAlternative.link(this);
+                    add32(Imm32(countToCheckForNextAlternative - countCheckedForCurrentAlternative), index);
+                    notEnoughInputForPreviousAlternative.append(jump());
+
+                    // The next alternative is longer than the current one; check the difference.
+                    state.linkAlternativeBacktracks(this);
+                    notEnoughInputForPreviousAlternative.append(jumpIfNoAvailableInput(countToCheckForNextAlternative - countCheckedForCurrentAlternative));
+                } else { // CASE 3: Both alternatives are the same length.
+                    ASSERT(countCheckedForCurrentAlternative == countToCheckForNextAlternative);
+
+                    // If the next alterative is the same length as this one, then no need to check the input -
+                    // if there was sufficent input to run the current alternative then there is sufficient
+                    // input to run the next one; if not, there isn't.
+                    state.linkAlternativeBacktracks(this);
+                }
+
+                state.checkedTotal -= countCheckedForCurrentAlternative;
+                countCheckedForCurrentAlternative = countToCheckForNextAlternative;
+                state.checkedTotal += countCheckedForCurrentAlternative;
+            }
+        }
+        
+        // If we get here, all Alternatives failed...
+
+        state.checkedTotal -= countCheckedForCurrentAlternative;
+
+        // How much more input need there be to be able to retry from the first alternative?
+        // examples:
+        //   /yarr_jit/ or /wrec|pcre/
+        //     In these examples we need check for one more input before looping.
+        //   /yarr_jit|pcre/
+        //     In this case we need check for 5 more input to loop (+4 to allow for the first alterative
+        //     being four longer than the last alternative checked, and another +1 to effectively move
+        //     the start position along by one).
+        //   /yarr|rules/ or /wrec|notsomuch/
+        //     In these examples, provided that there was sufficient input to have just been matching for
+        //     the second alternative we can loop without checking for available input (since the second
+        //     alternative is longer than the first).  In the latter example we need to decrement index
+        //     (by 4) so the start position is only progressed by 1 from the last iteration.
+        int incrementForNextIter = (countToCheckForFirstAlternative - countCheckedForCurrentAlternative) + 1;
+
+        // First, deal with the cases where there was sufficient input to try the last alternative.
+        if (incrementForNextIter > 0) // We need to check for more input anyway, fall through to the checking below.
+            state.linkAlternativeBacktracks(this);
+        else if (m_pattern.m_body->m_hasFixedSize && !incrementForNextIter) // No need to update anything, link these backtracks straight to the to pof the loop!
+            state.linkAlternativeBacktracksTo(firstAlternativeInputChecked, this);
+        else { // no need to check the input, but we do have some bookkeeping to do first.
+            state.linkAlternativeBacktracks(this);
+
+            // Where necessary update our preserved start position.
+            if (!m_pattern.m_body->m_hasFixedSize) {
+                move(index, regT0);
+                sub32(Imm32(countCheckedForCurrentAlternative - 1), regT0);
+                poke(regT0, m_pattern.m_body->m_callFrameSize);
+            }
+
+            // Update index if necessary, and loop (without checking).
+            if (incrementForNextIter)
+                add32(Imm32(incrementForNextIter), index);
+            jump().linkTo(firstAlternativeInputChecked, this);
+        }
+
+        notEnoughInputForPreviousAlternative.link(this);
+        // Update our idea of the start position, if we're tracking this.
+        if (!m_pattern.m_body->m_hasFixedSize) {
+            if (countCheckedForCurrentAlternative - 1) {
+                move(index, regT0);
+                sub32(Imm32(countCheckedForCurrentAlternative - 1), regT0);
+                poke(regT0, m_pattern.m_body->m_callFrameSize);
+            } else
+                poke(index, m_pattern.m_body->m_callFrameSize);
+        }
+        // Check if there is sufficent input to run the first alternative again.
+        jumpIfAvailableInput(incrementForNextIter).linkTo(firstAlternativeInputChecked, this);
+        // No - insufficent input to run the first alteranative, are there any other alternatives we
+        // might need to check?  If so, the last check will have left the index incremented by
+        // (countToCheckForFirstAlternative + 1), so we need test whether countToCheckForFirstAlternative
+        // LESS input is available, to have the effect of just progressing the start position by 1
+        // from the last iteration.  If this check passes we can just jump up to the check associated
+        // with the first alternative in the loop.  This is a bit sad, since we'll end up trying the
+        // first alternative again, and this check will fail (otherwise the check planted just above
+        // here would have passed).  This is a bit sad, however it saves trying to do something more
+        // complex here in compilation, and in the common case we should end up coallescing the checks.
+        //
+        // FIXME: a nice improvement here may be to stop trying to match sooner, based on the least
+        // of the minimum-alterantive-lengths.  E.g. if I have two alternatives of length 200 and 150,
+        // and a string of length 100, we'll end up looping index from 0 to 100, checking whether there
+        // is sufficient input to run either alternative (constantly failing).  If there had been only
+        // one alternative, or if the shorter alternative had come first, we would have terminated
+        // immediately. :-/
+        if (hasShorterAlternatives)
+            jumpIfAvailableInput(-countToCheckForFirstAlternative).linkTo(firstAlternative, this);
+        // index will now be a bit garbled (depending on whether 'hasShorterAlternatives' is true,
+        // it has either been incremented by 1 or by (countToCheckForFirstAlternative + 1) ... 
+        // but since we're about to return a failure this doesn't really matter!)
+
+        unsigned frameSize = m_pattern.m_body->m_callFrameSize;
+        if (!m_pattern.m_body->m_hasFixedSize)
+            ++frameSize;
+        if (frameSize)
+            addPtr(Imm32(frameSize * sizeof(void*)), stackPointerRegister);
+
+        move(Imm32(-1), returnRegister);
+
+        generateReturn();
+    }
+
+    void generateEnter()
+    {
+#if PLATFORM(X86_64)
+        push(X86Registers::ebp);
+        move(stackPointerRegister, X86Registers::ebp);
+        push(X86Registers::ebx);
+#elif PLATFORM(X86)
+        push(X86Registers::ebp);
+        move(stackPointerRegister, X86Registers::ebp);
+        // TODO: do we need spill registers to fill the output pointer if there are no sub captures?
+        push(X86Registers::ebx);
+        push(X86Registers::edi);
+        push(X86Registers::esi);
+        // load output into edi (2 = saved ebp + return address).
+    #if COMPILER(MSVC)
+        loadPtr(Address(X86Registers::ebp, 2 * sizeof(void*)), input);
+        loadPtr(Address(X86Registers::ebp, 3 * sizeof(void*)), index);
+        loadPtr(Address(X86Registers::ebp, 4 * sizeof(void*)), length);
+        loadPtr(Address(X86Registers::ebp, 5 * sizeof(void*)), output);
+    #else
+        loadPtr(Address(X86Registers::ebp, 2 * sizeof(void*)), output);
+    #endif
+#elif PLATFORM(ARM)
+#if PLATFORM(ARM_TRADITIONAL)
+        push(ARMRegisters::lr);
+#endif
+        push(ARMRegisters::r4);
+        push(ARMRegisters::r5);
+        push(ARMRegisters::r6);
+        move(ARMRegisters::r3, output);
+#endif
+    }
+
+    void generateReturn()
+    {
+#if PLATFORM(X86_64)
+        pop(X86Registers::ebx);
+        pop(X86Registers::ebp);
+#elif PLATFORM(X86)
+        pop(X86Registers::esi);
+        pop(X86Registers::edi);
+        pop(X86Registers::ebx);
+        pop(X86Registers::ebp);
+#elif PLATFORM(ARM)
+        pop(ARMRegisters::r6);
+        pop(ARMRegisters::r5);
+        pop(ARMRegisters::r4);
+#endif
+        ret();
+    }
+
+public:
+    RegexGenerator(RegexPattern& pattern)
+        : m_pattern(pattern)
+        , m_generationFailed(false)
+    {
+    }
+
+    void generate()
+    {
+        generateEnter();
+
+        // TODO: do I really want this on the stack?
+        if (!m_pattern.m_body->m_hasFixedSize)
+            push(index);
+
+        if (m_pattern.m_body->m_callFrameSize)
+            subPtr(Imm32(m_pattern.m_body->m_callFrameSize * sizeof(void*)), stackPointerRegister);
+
+        generateDisjunction(m_pattern.m_body);
+    }
+
+    void compile(JSGlobalData* globalData, RegexCodeBlock& jitObject)
+    {
+        generate();
+
+        LinkBuffer patchBuffer(this, globalData->executableAllocator.poolForSize(size()));
+
+        for (unsigned i = 0; i < m_backtrackRecords.size(); ++i)
+            patchBuffer.patch(m_backtrackRecords[i].dataLabel, patchBuffer.locationOf(m_backtrackRecords[i].backtrackLocation));
+
+        jitObject.set(patchBuffer.finalizeCode());
+    }
+
+    bool generationFailed()
+    {
+        return m_generationFailed;
+    }
+
+private:
+    RegexPattern& m_pattern;
+    Vector<AlternativeBacktrackRecord> m_backtrackRecords;
+    bool m_generationFailed;
+};
+
+void jitCompileRegex(JSGlobalData* globalData, RegexCodeBlock& jitObject, const UString& patternString, unsigned& numSubpatterns, const char*& error, bool ignoreCase, bool multiline)
+{
+    RegexPattern pattern(ignoreCase, multiline);
+
+    if ((error = compileRegex(patternString, pattern)))
+        return;
+
+    numSubpatterns = pattern.m_numSubpatterns;
+
+    RegexGenerator generator(pattern);
+    generator.compile(globalData, jitObject);
+
+    if (generator.generationFailed()) {
+        JSRegExpIgnoreCaseOption ignoreCaseOption = ignoreCase ? JSRegExpIgnoreCase : JSRegExpDoNotIgnoreCase;
+        JSRegExpMultilineOption multilineOption = multiline ? JSRegExpMultiline : JSRegExpSingleLine;
+        jitObject.setFallback(jsRegExpCompile(reinterpret_cast<const UChar*>(patternString.data()), patternString.size(), ignoreCaseOption, multilineOption, &numSubpatterns, &error));
+    }
+}
+
+int executeRegex(RegexCodeBlock& jitObject, const UChar* input, unsigned start, unsigned length, int* output, int outputArraySize)
+{
+    if (JSRegExp* fallback = jitObject.getFallback())
+        return (jsRegExpExecute(fallback, input, length, start, output, outputArraySize) < 0) ? -1 : output[0];
+
+    return jitObject.execute(input, start, length, output);
+}
+
+}}
+
+#endif
+
+
+
+
+
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.h b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.h
new file mode 100644
index 000000000..5b0df9dde
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexJIT.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RegexJIT_h
+#define RegexJIT_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(YARR_JIT)
+
+#include "MacroAssembler.h"
+#include "RegexPattern.h"
+#include <UString.h>
+
+#include <pcre.h>
+struct JSRegExp; // temporary, remove when fallback is removed.
+
+#if PLATFORM(X86) && !COMPILER(MSVC)
+#define YARR_CALL __attribute__ ((regparm (3)))
+#else
+#define YARR_CALL
+#endif
+
+namespace JSC {
+
+class JSGlobalData;
+class ExecutablePool;
+
+namespace Yarr {
+
+class RegexCodeBlock {
+    typedef int (*RegexJITCode)(const UChar* input, unsigned start, unsigned length, int* output) YARR_CALL;
+
+public:
+    RegexCodeBlock()
+        : m_fallback(0)
+    {
+    }
+
+    ~RegexCodeBlock()
+    {
+        if (m_fallback)
+            jsRegExpFree(m_fallback);
+    }
+
+    JSRegExp* getFallback() { return m_fallback; }
+    void setFallback(JSRegExp* fallback) { m_fallback = fallback; }
+
+    bool operator!() { return !m_ref.m_code.executableAddress(); }
+    void set(MacroAssembler::CodeRef ref) { m_ref = ref; }
+
+    int execute(const UChar* input, unsigned start, unsigned length, int* output)
+    {
+        return reinterpret_cast<RegexJITCode>(m_ref.m_code.executableAddress())(input, start, length, output);
+    }
+
+private:
+    MacroAssembler::CodeRef m_ref;
+    JSRegExp* m_fallback;
+};
+
+void jitCompileRegex(JSGlobalData* globalData, RegexCodeBlock& jitObject, const UString& pattern, unsigned& numSubpatterns, const char*& error, bool ignoreCase = false, bool multiline = false);
+int executeRegex(RegexCodeBlock& jitObject, const UChar* input, unsigned start, unsigned length, int* output, int outputArraySize);
+
+} } // namespace JSC::Yarr
+
+#endif
+
+#endif // RegexJIT_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexParser.h b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexParser.h
new file mode 100644
index 000000000..64e846305
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexParser.h
@@ -0,0 +1,854 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RegexParser_h
+#define RegexParser_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(YARR)
+
+#include <UString.h>
+#include <wtf/ASCIICType.h>
+#include <wtf/unicode/Unicode.h>
+#include <limits.h>
+
+namespace JSC { namespace Yarr {
+
+enum BuiltInCharacterClassID {
+    DigitClassID,
+    SpaceClassID,
+    WordClassID,
+    NewlineClassID,
+};
+
+// The Parser class should not be used directly - only via the Yarr::parse() method.
+template<class Delegate>
+class Parser {
+private:
+    template<class FriendDelegate>
+    friend const char* parse(FriendDelegate& delegate, const UString& pattern, unsigned backReferenceLimit);
+
+    enum ErrorCode {
+        NoError,
+        PatternTooLarge,
+        QuantifierOutOfOrder,
+        QuantifierWithoutAtom,
+        MissingParentheses,
+        ParenthesesUnmatched,
+        ParenthesesTypeInvalid,
+        CharacterClassUnmatched,
+        CharacterClassOutOfOrder,
+        EscapeUnterminated,
+        NumberOfErrorCodes
+    };
+
+    /*
+     * CharacterClassParserDelegate:
+     *
+     * The class CharacterClassParserDelegate is used in the parsing of character
+     * classes.  This class handles detection of character ranges.  This class
+     * implements enough of the delegate interface such that it can be passed to
+     * parseEscape() as an EscapeDelegate.  This allows parseEscape() to be reused
+     * to perform the parsing of escape characters in character sets.
+     */
+    class CharacterClassParserDelegate {
+    public:
+        CharacterClassParserDelegate(Delegate& delegate, ErrorCode& err)
+            : m_delegate(delegate)
+            , m_err(err)
+            , m_state(empty)
+        {
+        }
+
+        /*
+         * begin():
+         *
+         * Called at beginning of construction.
+         */
+        void begin(bool invert)
+        {
+            m_delegate.atomCharacterClassBegin(invert);
+        }
+
+        /*
+         * atomPatternCharacterUnescaped():
+         *
+         * This method is called directly from parseCharacterClass(), to report a new
+         * pattern character token.  This method differs from atomPatternCharacter(),
+         * which will be called from parseEscape(), since a hypen provided via this
+         * method may be indicating a character range, but a hyphen parsed by
+         * parseEscape() cannot be interpreted as doing so.
+         */
+        void atomPatternCharacterUnescaped(UChar ch)
+        {
+            switch (m_state) {
+            case empty:
+                m_character = ch;
+                m_state = cachedCharacter;
+                break;
+
+            case cachedCharacter:
+                if (ch == '-')
+                    m_state = cachedCharacterHyphen;
+                else {
+                    m_delegate.atomCharacterClassAtom(m_character);
+                    m_character = ch;
+                }
+                break;
+
+            case cachedCharacterHyphen:
+                if (ch >= m_character)
+                    m_delegate.atomCharacterClassRange(m_character, ch);
+                else
+                    m_err = CharacterClassOutOfOrder;
+                m_state = empty;
+            }
+        }
+
+        /*
+         * atomPatternCharacter():
+         *
+         * Adds a pattern character, called by parseEscape(), as such will not
+         * interpret a hyphen as indicating a character range.
+         */
+        void atomPatternCharacter(UChar ch)
+        {
+            // Flush if a character is already pending to prevent the
+            // hyphen from begin interpreted as indicating a range.
+            if((ch == '-') && (m_state == cachedCharacter))
+                flush();
+
+            atomPatternCharacterUnescaped(ch);
+        }
+
+        /*
+         * atomBuiltInCharacterClass():
+         *
+         * Adds a built-in character class, called by parseEscape().
+         */
+        void atomBuiltInCharacterClass(BuiltInCharacterClassID classID, bool invert)
+        {
+            flush();
+            m_delegate.atomCharacterClassBuiltIn(classID, invert);
+        }
+
+        /*
+         * end():
+         *
+         * Called at end of construction.
+         */
+        void end()
+        {
+            flush();
+            m_delegate.atomCharacterClassEnd();
+        }
+
+        // parseEscape() should never call these delegate methods when
+        // invoked with inCharacterClass set.
+        void assertionWordBoundary(bool) { ASSERT_NOT_REACHED(); }
+        void atomBackReference(unsigned) { ASSERT_NOT_REACHED(); }
+
+    private:
+        void flush()
+        {
+            if (m_state != empty) // either cachedCharacter or cachedCharacterHyphen
+                m_delegate.atomCharacterClassAtom(m_character);
+            if (m_state == cachedCharacterHyphen)
+                m_delegate.atomCharacterClassAtom('-');
+            m_state = empty;
+        }
+    
+        Delegate& m_delegate;
+        ErrorCode& m_err;
+        enum CharacterClassConstructionState {
+            empty,
+            cachedCharacter,
+            cachedCharacterHyphen,
+        } m_state;
+        UChar m_character;
+    };
+
+    Parser(Delegate& delegate, const UString& pattern, unsigned backReferenceLimit)
+        : m_delegate(delegate)
+        , m_backReferenceLimit(backReferenceLimit)
+        , m_err(NoError)
+        , m_data(pattern.data())
+        , m_size(pattern.size())
+        , m_index(0)
+        , m_parenthesesNestingDepth(0)
+    {
+    }
+    
+    /*
+     * parseEscape():
+     *
+     * Helper for parseTokens() AND parseCharacterClass().
+     * Unlike the other parser methods, this function does not report tokens
+     * directly to the member delegate (m_delegate), instead tokens are
+     * emitted to the delegate provided as an argument.  In the case of atom
+     * escapes, parseTokens() will call parseEscape() passing m_delegate as
+     * an argument, and as such the escape will be reported to the delegate.
+     *
+     * However this method may also be used by parseCharacterClass(), in which
+     * case a CharacterClassParserDelegate will be passed as the delegate that
+     * tokens should be added to.  A boolean flag is also provided to indicate
+     * whether that an escape in a CharacterClass is being parsed (some parsing
+     * rules change in this context).
+     *
+     * The boolean value returned by this method indicates whether the token
+     * parsed was an atom (outside of a characted class \b and \B will be
+     * interpreted as assertions).
+     */
+    template<bool inCharacterClass, class EscapeDelegate>
+    bool parseEscape(EscapeDelegate& delegate)
+    {
+        ASSERT(!m_err);
+        ASSERT(peek() == '\\');
+        consume();
+
+        if (atEndOfPattern()) {
+            m_err = EscapeUnterminated;
+            return false;
+        }
+
+        switch (peek()) {
+        // Assertions
+        case 'b':
+            consume();
+            if (inCharacterClass)
+                delegate.atomPatternCharacter('\b');
+            else {
+                delegate.assertionWordBoundary(false);
+                return false;
+            }
+            break;
+        case 'B':
+            consume();
+            if (inCharacterClass)
+                delegate.atomPatternCharacter('B');
+            else {
+                delegate.assertionWordBoundary(true);
+                return false;
+            }
+            break;
+
+        // CharacterClassEscape
+        case 'd':
+            consume();
+            delegate.atomBuiltInCharacterClass(DigitClassID, false);
+            break;
+        case 's':
+            consume();
+            delegate.atomBuiltInCharacterClass(SpaceClassID, false);
+            break;
+        case 'w':
+            consume();
+            delegate.atomBuiltInCharacterClass(WordClassID, false);
+            break;
+        case 'D':
+            consume();
+            delegate.atomBuiltInCharacterClass(DigitClassID, true);
+            break;
+        case 'S':
+            consume();
+            delegate.atomBuiltInCharacterClass(SpaceClassID, true);
+            break;
+        case 'W':
+            consume();
+            delegate.atomBuiltInCharacterClass(WordClassID, true);
+            break;
+
+        // DecimalEscape
+        case '1':
+        case '2':
+        case '3':
+        case '4':
+        case '5':
+        case '6':
+        case '7':
+        case '8':
+        case '9': {
+            // To match Firefox, we parse an invalid backreference in the range [1-7] as an octal escape.
+            // First, try to parse this as backreference.
+            if (!inCharacterClass) {
+                ParseState state = saveState();
+
+                unsigned backReference = consumeNumber();
+                if (backReference <= m_backReferenceLimit) {
+                    delegate.atomBackReference(backReference);
+                    break;
+                }
+
+                restoreState(state);
+            }
+            
+            // Not a backreference, and not octal.
+            if (peek() >= '8') {
+                delegate.atomPatternCharacter('\\');
+                break;
+            }
+
+            // Fall-through to handle this as an octal escape.
+        }
+
+        // Octal escape
+        case '0':
+            delegate.atomPatternCharacter(consumeOctal());
+            break;
+
+        // ControlEscape
+        case 'f':
+            consume();
+            delegate.atomPatternCharacter('\f');
+            break;
+        case 'n':
+            consume();
+            delegate.atomPatternCharacter('\n');
+            break;
+        case 'r':
+            consume();
+            delegate.atomPatternCharacter('\r');
+            break;
+        case 't':
+            consume();
+            delegate.atomPatternCharacter('\t');
+            break;
+        case 'v':
+            consume();
+            delegate.atomPatternCharacter('\v');
+            break;
+
+        // ControlLetter
+        case 'c': {
+            ParseState state = saveState();
+            consume();
+            if (!atEndOfPattern()) {
+                int control = consume();
+
+                // To match Firefox, inside a character class, we also accept numbers and '_' as control characters.
+                if (inCharacterClass ? WTF::isASCIIAlphanumeric(control) || (control == '_') : WTF::isASCIIAlpha(control)) {
+                    delegate.atomPatternCharacter(control & 0x1f);
+                    break;
+                }
+            }
+            restoreState(state);
+            delegate.atomPatternCharacter('\\');
+            break;
+        }
+
+        // HexEscape
+        case 'x': {
+            consume();
+            int x = tryConsumeHex(2);
+            if (x == -1)
+                delegate.atomPatternCharacter('x');
+            else
+                delegate.atomPatternCharacter(x);
+            break;
+        }
+
+        // UnicodeEscape
+        case 'u': {
+            consume();
+            int u = tryConsumeHex(4);
+            if (u == -1)
+                delegate.atomPatternCharacter('u');
+            else
+                delegate.atomPatternCharacter(u);
+            break;
+        }
+
+        // IdentityEscape
+        default:
+            delegate.atomPatternCharacter(consume());
+        }
+        
+        return true;
+    }
+
+    /*
+     * parseAtomEscape(), parseCharacterClassEscape():
+     *
+     * These methods alias to parseEscape().
+     */
+    bool parseAtomEscape()
+    {
+        return parseEscape<false>(m_delegate);
+    }
+    void parseCharacterClassEscape(CharacterClassParserDelegate& delegate)
+    {
+        parseEscape<true>(delegate);
+    }
+
+    /*
+     * parseCharacterClass():
+     *
+     * Helper for parseTokens(); calls dirctly and indirectly (via parseCharacterClassEscape)
+     * to an instance of CharacterClassParserDelegate, to describe the character class to the
+     * delegate.
+     */
+    void parseCharacterClass()
+    {
+        ASSERT(!m_err);
+        ASSERT(peek() == '[');
+        consume();
+
+        CharacterClassParserDelegate characterClassConstructor(m_delegate, m_err);
+
+        characterClassConstructor.begin(tryConsume('^'));
+
+        while (!atEndOfPattern()) {
+            switch (peek()) {
+            case ']':
+                consume();
+                characterClassConstructor.end();
+                return;
+
+            case '\\':
+                parseCharacterClassEscape(characterClassConstructor);
+                break;
+
+            default:
+                characterClassConstructor.atomPatternCharacterUnescaped(consume());
+            }
+
+            if (m_err)
+                return;
+        }
+
+        m_err = CharacterClassUnmatched;
+    }
+
+    /*
+     * parseParenthesesBegin():
+     *
+     * Helper for parseTokens(); checks for parentheses types other than regular capturing subpatterns.
+     */
+    void parseParenthesesBegin()
+    {
+        ASSERT(!m_err);
+        ASSERT(peek() == '(');
+        consume();
+
+        if (tryConsume('?')) {
+            if (atEndOfPattern()) {
+                m_err = ParenthesesTypeInvalid;
+                return;
+            }
+
+            switch (consume()) {
+            case ':':
+                m_delegate.atomParenthesesSubpatternBegin(false);
+                break;
+            
+            case '=':
+                m_delegate.atomParentheticalAssertionBegin();
+                break;
+
+            case '!':
+                m_delegate.atomParentheticalAssertionBegin(true);
+                break;
+            
+            default:
+                m_err = ParenthesesTypeInvalid;
+            }
+        } else
+            m_delegate.atomParenthesesSubpatternBegin();
+
+        ++m_parenthesesNestingDepth;
+    }
+
+    /*
+     * parseParenthesesEnd():
+     *
+     * Helper for parseTokens(); checks for parse errors (due to unmatched parentheses).
+     */
+    void parseParenthesesEnd()
+    {
+        ASSERT(!m_err);
+        ASSERT(peek() == ')');
+        consume();
+
+        if (m_parenthesesNestingDepth > 0)
+            m_delegate.atomParenthesesEnd();
+        else
+            m_err = ParenthesesUnmatched;
+
+        --m_parenthesesNestingDepth;
+    }
+
+    /*
+     * parseQuantifier():
+     *
+     * Helper for parseTokens(); checks for parse errors and non-greedy quantifiers.
+     */
+    void parseQuantifier(bool lastTokenWasAnAtom, unsigned min, unsigned max)
+    {
+        ASSERT(!m_err);
+        ASSERT(min <= max);
+
+        if (lastTokenWasAnAtom)
+            m_delegate.quantifyAtom(min, max, !tryConsume('?'));
+        else
+            m_err = QuantifierWithoutAtom;
+    }
+
+    /*
+     * parseTokens():
+     *
+     * This method loops over the input pattern reporting tokens to the delegate.
+     * The method returns when a parse error is detected, or the end of the pattern
+     * is reached.  One piece of state is tracked around the loop, which is whether
+     * the last token passed to the delegate was an atom (this is necessary to detect
+     * a parse error when a quantifier provided without an atom to quantify).
+     */
+    void parseTokens()
+    {
+        bool lastTokenWasAnAtom = false;
+
+        while (!atEndOfPattern()) {
+            switch (peek()) {
+            case '|':
+                consume();
+                m_delegate.disjunction();
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '(':
+                parseParenthesesBegin();
+                lastTokenWasAnAtom = false;
+                break;
+
+            case ')':
+                parseParenthesesEnd();
+                lastTokenWasAnAtom = true;
+                break;
+
+            case '^':
+                consume();
+                m_delegate.assertionBOL();
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '$':
+                consume();
+                m_delegate.assertionEOL();
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '.':
+                consume();
+                m_delegate.atomBuiltInCharacterClass(NewlineClassID, true);
+                lastTokenWasAnAtom = true;
+                break;
+
+            case '[':
+                parseCharacterClass();
+                lastTokenWasAnAtom = true;
+                break;
+
+            case '\\':
+                lastTokenWasAnAtom = parseAtomEscape();
+                break;
+
+            case '*':
+                consume();
+                parseQuantifier(lastTokenWasAnAtom, 0, UINT_MAX);
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '+':
+                consume();
+                parseQuantifier(lastTokenWasAnAtom, 1, UINT_MAX);
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '?':
+                consume();
+                parseQuantifier(lastTokenWasAnAtom, 0, 1);
+                lastTokenWasAnAtom = false;
+                break;
+
+            case '{': {
+                ParseState state = saveState();
+
+                consume();
+                if (peekIsDigit()) {
+                    unsigned min = consumeNumber();
+                    unsigned max = min;
+                    
+                    if (tryConsume(','))
+                        max = peekIsDigit() ? consumeNumber() : UINT_MAX;
+
+                    if (tryConsume('}')) {
+                        if (min <= max)
+                            parseQuantifier(lastTokenWasAnAtom, min, max);
+                        else
+                            m_err = QuantifierOutOfOrder;
+                        lastTokenWasAnAtom = false;
+                        break;
+                    }
+                }
+
+                restoreState(state);
+            } // if we did not find a complete quantifer, fall through to the default case.
+
+            default:
+                m_delegate.atomPatternCharacter(consume());
+                lastTokenWasAnAtom = true;
+            }
+
+            if (m_err)
+                return;
+        }
+
+        if (m_parenthesesNestingDepth > 0)
+            m_err = MissingParentheses;
+    }
+
+    /*
+     * parse():
+     *
+     * This method calls regexBegin(), calls parseTokens() to parse over the input
+     * patterns, calls regexEnd() or regexError() as appropriate, and converts any
+     * error code to a const char* for a result.
+     */
+    const char* parse()
+    {
+        m_delegate.regexBegin();
+
+        if (m_size > MAX_PATTERN_SIZE)
+            m_err = PatternTooLarge;
+        else
+            parseTokens();
+        ASSERT(atEndOfPattern() || m_err);
+
+        if (m_err)
+            m_delegate.regexError();
+        else
+            m_delegate.regexEnd();
+
+        // The order of this array must match the ErrorCode enum.
+        static const char* errorMessages[NumberOfErrorCodes] = {
+            0, // NoError
+            "regular expression too large",
+            "numbers out of order in {} quantifier",
+            "nothing to repeat",
+            "missing )",
+            "unmatched parentheses",
+            "unrecognized character after (?",
+            "missing terminating ] for character class",
+            "range out of order in character class",
+            "\\ at end of pattern"
+        };
+
+        return errorMessages[m_err];
+    }
+
+
+    // Misc helper functions:
+
+    typedef unsigned ParseState;
+    
+    ParseState saveState()
+    {
+        return m_index;
+    }
+
+    void restoreState(ParseState state)
+    {
+        m_index = state;
+    }
+
+    bool atEndOfPattern()
+    {
+        ASSERT(m_index <= m_size);
+        return m_index == m_size;
+    }
+
+    int peek()
+    {
+        ASSERT(m_index < m_size);
+        return m_data[m_index];
+    }
+
+    bool peekIsDigit()
+    {
+        return !atEndOfPattern() && WTF::isASCIIDigit(peek());
+    }
+
+    unsigned peekDigit()
+    {
+        ASSERT(peekIsDigit());
+        return peek() - '0';
+    }
+
+    int consume()
+    {
+        ASSERT(m_index < m_size);
+        return m_data[m_index++];
+    }
+
+    unsigned consumeDigit()
+    {
+        ASSERT(peekIsDigit());
+        return consume() - '0';
+    }
+
+    unsigned consumeNumber()
+    {
+        unsigned n = consumeDigit();
+        // check for overflow.
+        for (unsigned newValue; peekIsDigit() && ((newValue = n * 10 + peekDigit()) >= n); ) {
+            n = newValue;
+            consume();
+        }
+        return n;
+    }
+
+    unsigned consumeOctal()
+    {
+        ASSERT(WTF::isASCIIOctalDigit(peek()));
+
+        unsigned n = consumeDigit();
+        while (n < 32 && !atEndOfPattern() && WTF::isASCIIOctalDigit(peek()))
+            n = n * 8 + consumeDigit();
+        return n;
+    }
+
+    bool tryConsume(UChar ch)
+    {
+        if (atEndOfPattern() || (m_data[m_index] != ch))
+            return false;
+        ++m_index;
+        return true;
+    }
+
+    int tryConsumeHex(int count)
+    {
+        ParseState state = saveState();
+
+        int n = 0;
+        while (count--) {
+            if (atEndOfPattern() || !WTF::isASCIIHexDigit(peek())) {
+                restoreState(state);
+                return -1;
+            }
+            n = (n << 4) | WTF::toASCIIHexValue(consume());
+        }
+        return n;
+    }
+
+    Delegate& m_delegate;
+    unsigned m_backReferenceLimit;
+    ErrorCode m_err;
+    const UChar* m_data;
+    unsigned m_size;
+    unsigned m_index;
+    unsigned m_parenthesesNestingDepth;
+
+    // Derived by empirical testing of compile time in PCRE and WREC.
+    static const unsigned MAX_PATTERN_SIZE = 1024 * 1024;
+};
+
+/*
+ * Yarr::parse():
+ *
+ * The parse method is passed a pattern to be parsed and a delegate upon which
+ * callbacks will be made to record the parsed tokens forming the regex.
+ * Yarr::parse() returns null on success, or a const C string providing an error
+ * message where a parse error occurs.
+ *
+ * The Delegate must implement the following interface:
+ *
+ *    void assertionBOL();
+ *    void assertionEOL();
+ *    void assertionWordBoundary(bool invert);
+ *
+ *    void atomPatternCharacter(UChar ch);
+ *    void atomBuiltInCharacterClass(BuiltInCharacterClassID classID, bool invert);
+ *    void atomCharacterClassBegin(bool invert)
+ *    void atomCharacterClassAtom(UChar ch)
+ *    void atomCharacterClassRange(UChar begin, UChar end)
+ *    void atomCharacterClassBuiltIn(BuiltInCharacterClassID classID, bool invert)
+ *    void atomCharacterClassEnd()
+ *    void atomParenthesesSubpatternBegin(bool capture = true);
+ *    void atomParentheticalAssertionBegin(bool invert = false);
+ *    void atomParenthesesEnd();
+ *    void atomBackReference(unsigned subpatternId);
+ *
+ *    void quantifyAtom(unsigned min, unsigned max, bool greedy);
+ *
+ *    void disjunction();
+ *
+ *    void regexBegin();
+ *    void regexEnd();
+ *    void regexError();
+ *
+ * Before any call recording tokens are made, regexBegin() will be called on the
+ * delegate once.  Once parsing is complete either regexEnd() or regexError() will
+ * be called, as appropriate.
+ *
+ * The regular expression is described by a sequence of assertion*() and atom*()
+ * callbacks to the delegate, describing the terms in the regular expression.
+ * Following an atom a quantifyAtom() call may occur to indicate that the previous
+ * atom should be quantified.  In the case of atoms described across multiple
+ * calls (parentheses and character classes) the call to quantifyAtom() will come
+ * after the call to the atom*End() method, never after atom*Begin().
+ *
+ * Character classes may either be described by a single call to
+ * atomBuiltInCharacterClass(), or by a sequence of atomCharacterClass*() calls.
+ * In the latter case, ...Begin() will be called, followed by a sequence of
+ * calls to ...Atom(), ...Range(), and ...BuiltIn(), followed by a call to ...End().
+ *
+ * Sequences of atoms and assertions are broken into alternatives via calls to
+ * disjunction().  Assertions, atoms, and disjunctions emitted between calls to
+ * atomParenthesesBegin() and atomParenthesesEnd() form the body of a subpattern.
+ * atomParenthesesBegin() is passed a subpatternId.  In the case of a regular
+ * capturing subpattern, this will be the subpatternId associated with these
+ * parentheses, and will also by definition be the lowest subpatternId of these
+ * parentheses and of any nested paretheses.  The atomParenthesesEnd() method
+ * is passed the subpatternId of the last capturing subexpression nested within
+ * these paretheses.  In the case of a capturing subpattern with no nested
+ * capturing subpatterns, the same subpatternId will be passed to the begin and
+ * end functions.  In the case of non-capturing subpatterns the subpatternId
+ * passed to the begin method is also the first possible subpatternId that might
+ * be nested within these paretheses.  If a set of non-capturing parentheses does
+ * not contain any capturing subpatterns, then the subpatternId passed to begin
+ * will be greater than the subpatternId passed to end.
+ */
+
+template<class Delegate>
+const char* parse(Delegate& delegate, const UString& pattern, unsigned backReferenceLimit = UINT_MAX)
+{
+    return Parser<Delegate>(delegate, pattern, backReferenceLimit).parse();
+}
+
+} } // namespace JSC::Yarr
+
+#endif
+
+#endif // RegexParser_h
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexPattern.h b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexPattern.h
new file mode 100644
index 000000000..a4511318b
--- /dev/null
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/yarr/RegexPattern.h
@@ -0,0 +1,356 @@
+/*
+ * Copyright (C) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef RegexPattern_h
+#define RegexPattern_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(YARR)
+
+#include <wtf/Vector.h>
+#include <wtf/unicode/Unicode.h>
+
+
+namespace JSC { namespace Yarr {
+
+#define RegexStackSpaceForBackTrackInfoPatternCharacter 1 // Only for !fixed quantifiers.
+#define RegexStackSpaceForBackTrackInfoCharacterClass 1 // Only for !fixed quantifiers.
+#define RegexStackSpaceForBackTrackInfoBackReference 2
+#define RegexStackSpaceForBackTrackInfoAlternative 1 // One per alternative.
+#define RegexStackSpaceForBackTrackInfoParentheticalAssertion 1
+#define RegexStackSpaceForBackTrackInfoParenthesesOnce 1 // Only for !fixed quantifiers.
+#define RegexStackSpaceForBackTrackInfoParentheses 4
+
+struct PatternDisjunction;
+
+struct CharacterRange {
+    UChar begin;
+    UChar end;
+
+    CharacterRange(UChar begin, UChar end)
+        : begin(begin)
+        , end(end)
+    {
+    }
+};
+
+struct CharacterClass : FastAllocBase {
+    Vector<UChar> m_matches;
+    Vector<CharacterRange> m_ranges;
+    Vector<UChar> m_matchesUnicode;
+    Vector<CharacterRange> m_rangesUnicode;
+};
+
+enum QuantifierType {
+    QuantifierFixedCount,
+    QuantifierGreedy,
+    QuantifierNonGreedy,
+};
+
+struct PatternTerm {
+    enum Type {
+        TypeAssertionBOL,
+        TypeAssertionEOL,
+        TypeAssertionWordBoundary,
+        TypePatternCharacter,
+        TypeCharacterClass,
+        TypeBackReference,
+        TypeForwardReference,
+        TypeParenthesesSubpattern,
+        TypeParentheticalAssertion,
+    } type;
+    bool invertOrCapture;
+    union {
+        UChar patternCharacter;
+        CharacterClass* characterClass;
+        unsigned subpatternId;
+        struct {
+            PatternDisjunction* disjunction;
+            unsigned subpatternId;
+            unsigned lastSubpatternId;
+            bool isCopy;
+        } parentheses;
+    };
+    QuantifierType quantityType;
+    unsigned quantityCount;
+    int inputPosition;
+    unsigned frameLocation;
+
+    PatternTerm(UChar ch)
+        : type(PatternTerm::TypePatternCharacter)
+    {
+        patternCharacter = ch;
+        quantityType = QuantifierFixedCount;
+        quantityCount = 1;
+    }
+
+    PatternTerm(CharacterClass* charClass, bool invert)
+        : type(PatternTerm::TypeCharacterClass)
+        , invertOrCapture(invert)
+    {
+        characterClass = charClass;
+        quantityType = QuantifierFixedCount;
+        quantityCount = 1;
+    }
+
+    PatternTerm(Type type, unsigned subpatternId, PatternDisjunction* disjunction, bool invertOrCapture)
+        : type(type)
+        , invertOrCapture(invertOrCapture)
+    {
+        parentheses.disjunction = disjunction;
+        parentheses.subpatternId = subpatternId;
+        parentheses.isCopy = false;
+        quantityType = QuantifierFixedCount;
+        quantityCount = 1;
+    }
+    
+    PatternTerm(Type type, bool invert = false)
+        : type(type)
+        , invertOrCapture(invert)
+    {
+        quantityType = QuantifierFixedCount;
+        quantityCount = 1;
+    }
+
+    PatternTerm(unsigned spatternId)
+        : type(TypeBackReference)
+        , invertOrCapture(invertOrCapture)
+    {
+        subpatternId = spatternId;
+        quantityType = QuantifierFixedCount;
+        quantityCount = 1;
+    }
+
+    static PatternTerm ForwardReference()
+    {
+        return PatternTerm(TypeForwardReference);
+    }
+
+    static PatternTerm BOL()
+    {
+        return PatternTerm(TypeAssertionBOL);
+    }
+
+    static PatternTerm EOL()
+    {
+        return PatternTerm(TypeAssertionEOL);
+    }
+
+    static PatternTerm WordBoundary(bool invert)
+    {
+        return PatternTerm(TypeAssertionWordBoundary, invert);
+    }
+    
+    bool invert()
+    {
+        return invertOrCapture;
+    }
+
+    bool capture()
+    {
+        return invertOrCapture;
+    }
+    
+    void quantify(unsigned count, QuantifierType type)
+    {
+        quantityCount = count;
+        quantityType = type;
+    }
+};
+
+struct PatternAlternative : FastAllocBase {
+    PatternAlternative(PatternDisjunction* disjunction)
+        : m_parent(disjunction)
+    {
+    }
+
+    PatternTerm& lastTerm()
+    {
+        ASSERT(m_terms.size());
+        return m_terms[m_terms.size() - 1];
+    }
+    
+    void removeLastTerm()
+    {
+        ASSERT(m_terms.size());
+        m_terms.shrink(m_terms.size() - 1);
+    }
+
+    Vector<PatternTerm> m_terms;
+    PatternDisjunction* m_parent;
+    unsigned m_minimumSize;
+    bool m_hasFixedSize;
+};
+
+struct PatternDisjunction : FastAllocBase {
+    PatternDisjunction(PatternAlternative* parent = 0)
+        : m_parent(parent)
+    {
+    }
+    
+    ~PatternDisjunction()
+    {
+        deleteAllValues(m_alternatives);
+    }
+
+    PatternAlternative* addNewAlternative()
+    {
+        PatternAlternative* alternative = new PatternAlternative(this);
+        m_alternatives.append(alternative);
+        return alternative;
+    }
+
+    Vector<PatternAlternative*> m_alternatives;
+    PatternAlternative* m_parent;
+    unsigned m_minimumSize;
+    unsigned m_callFrameSize;
+    bool m_hasFixedSize;
+};
+
+// You probably don't want to be calling these functions directly
+// (please to be calling newlineCharacterClass() et al on your
+// friendly neighborhood RegexPattern instance to get nicely
+// cached copies).
+CharacterClass* newlineCreate();
+CharacterClass* digitsCreate();
+CharacterClass* spacesCreate();
+CharacterClass* wordcharCreate();
+CharacterClass* nondigitsCreate();
+CharacterClass* nonspacesCreate();
+CharacterClass* nonwordcharCreate();
+
+struct RegexPattern {
+    RegexPattern(bool ignoreCase, bool multiline)
+        : m_ignoreCase(ignoreCase)
+        , m_multiline(multiline)
+        , m_numSubpatterns(0)
+        , m_maxBackReference(0)
+        , newlineCached(0)
+        , digitsCached(0)
+        , spacesCached(0)
+        , wordcharCached(0)
+        , nondigitsCached(0)
+        , nonspacesCached(0)
+        , nonwordcharCached(0)
+    {
+    }
+
+    ~RegexPattern()
+    {
+        deleteAllValues(m_disjunctions);
+        deleteAllValues(m_userCharacterClasses);
+    }
+
+    void reset()
+    {
+        m_numSubpatterns = 0;
+        m_maxBackReference = 0;
+
+        newlineCached = 0;
+        digitsCached = 0;
+        spacesCached = 0;
+        wordcharCached = 0;
+        nondigitsCached = 0;
+        nonspacesCached = 0;
+        nonwordcharCached = 0;
+
+        deleteAllValues(m_disjunctions);
+        m_disjunctions.clear();
+        deleteAllValues(m_userCharacterClasses);
+        m_userCharacterClasses.clear();
+    }
+
+    bool containsIllegalBackReference()
+    {
+        return m_maxBackReference > m_numSubpatterns;
+    }
+
+    CharacterClass* newlineCharacterClass()
+    {
+        if (!newlineCached)
+            m_userCharacterClasses.append(newlineCached = newlineCreate());
+        return newlineCached;
+    }
+    CharacterClass* digitsCharacterClass()
+    {
+        if (!digitsCached)
+            m_userCharacterClasses.append(digitsCached = digitsCreate());
+        return digitsCached;
+    }
+    CharacterClass* spacesCharacterClass()
+    {
+        if (!spacesCached)
+            m_userCharacterClasses.append(spacesCached = spacesCreate());
+        return spacesCached;
+    }
+    CharacterClass* wordcharCharacterClass()
+    {
+        if (!wordcharCached)
+            m_userCharacterClasses.append(wordcharCached = wordcharCreate());
+        return wordcharCached;
+    }
+    CharacterClass* nondigitsCharacterClass()
+    {
+        if (!nondigitsCached)
+            m_userCharacterClasses.append(nondigitsCached = nondigitsCreate());
+        return nondigitsCached;
+    }
+    CharacterClass* nonspacesCharacterClass()
+    {
+        if (!nonspacesCached)
+            m_userCharacterClasses.append(nonspacesCached = nonspacesCreate());
+        return nonspacesCached;
+    }
+    CharacterClass* nonwordcharCharacterClass()
+    {
+        if (!nonwordcharCached)
+            m_userCharacterClasses.append(nonwordcharCached = nonwordcharCreate());
+        return nonwordcharCached;
+    }
+
+    bool m_ignoreCase;
+    bool m_multiline;
+    unsigned m_numSubpatterns;
+    unsigned m_maxBackReference;
+    PatternDisjunction* m_body;
+    Vector<PatternDisjunction*, 4> m_disjunctions;
+    Vector<CharacterClass*> m_userCharacterClasses;
+
+private:
+    CharacterClass* newlineCached;
+    CharacterClass* digitsCached;
+    CharacterClass* spacesCached;
+    CharacterClass* wordcharCached;
+    CharacterClass* nondigitsCached;
+    CharacterClass* nonspacesCached;
+    CharacterClass* nonwordcharCached;
+};
+
+} } // namespace JSC::Yarr
+
+#endif
+
+#endif // RegexPattern_h